Laurent Destailleur %!s(int64=2) %!d(string=hai) anos
pai
achega
da2641bcb2

+ 1 - 1
htdocs/holiday/card.php

@@ -1174,7 +1174,7 @@ if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add') {
 						$errors[] = $langs->transnoentitiesnoconv('NoMotifRefuseCP');
 						break;
 					case 'mail':
-						$errors[] = $langs->transnoentitiesnoconv('ErrorMailNotSend')."\n".$_GET['error_content'];
+						$errors[] = $langs->transnoentitiesnoconv('ErrorMailNotSend');
 						break;
 				}
 

+ 4 - 4
htdocs/install/step2.php

@@ -147,10 +147,10 @@ if ($action == "set") {
 
 	// To disable some code, so you can call step2 with url like
 	// http://localhost/dolibarrnew/install/step2.php?action=set&token='.newToken().'&createtables=0&createkeys=0&createfunctions=0&createdata=llx_20_c_departements
-	$createtables = isset($_GET['createtables']) ?GETPOST('createtables') : 1;
-	$createkeys = isset($_GET['createkeys']) ?GETPOST('createkeys') : 1;
-	$createfunctions = isset($_GET['createfunctions']) ?GETPOST('createfunction') : 1;
-	$createdata = isset($_GET['createdata']) ?GETPOST('createdata') : 1;
+	$createtables = GETPOSTISSET('createtables') ? GETPOST('createtables') : 1;
+	$createkeys = GETPOSTISSET('createkeys') ? GETPOST('createkeys') : 1;
+	$createfunctions = GETPOSTISSET('createfunctions') ? GETPOST('createfunction') : 1;
+	$createdata = GETPOSTISSET('createdata') ? GETPOST('createdata') : 1;
 
 
 	// To say sql requests are escaped for mysql so we need to unescape them

+ 1 - 1
htdocs/projet/ajax/projects.php

@@ -41,7 +41,7 @@ if (!defined('NOREQUIRESOC')) {
 if (!defined('NOCSRFCHECK')) {
 	define('NOCSRFCHECK', '1');
 }
-if (empty($_GET['keysearch']) && !defined('NOREQUIREHTML')) {
+if (!defined('NOREQUIREHTML')) {
 	define('NOREQUIREHTML', '1');
 }
 

+ 17 - 17
htdocs/projet/tasks/time.php

@@ -1693,7 +1693,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
 			// Date
 			if (!empty($arrayfields['t.task_date']['checked'])) {
 				print '<td class="nowrap">';
-				if ($action == 'editline' && $_GET['lineid'] == $task_time->rowid) {
+				if ($action == 'editline' && GETPOST('lineid', 'int') == $task_time->rowid) {
 					if (empty($task_time->task_date_withhour)) {
 						print $form->selectDate(($date2 ? $date2 : $date1), 'timeline', 3, 3, 2, "timespent_date", 1, 0);
 					} else {
@@ -1729,7 +1729,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
 			if (!empty($arrayfields['t.task_ref']['checked'])) {
 				if ((empty($id) && empty($ref)) || !empty($projectidforalltimes)) {   // Not a dedicated task
 					print '<td class="nowrap">';
-					if ($action == 'editline' && $_GET['lineid'] == $task_time->rowid) {
+					if ($action == 'editline' && GETPOST('lineid', 'int') == $task_time->rowid) {
 						$formproject->selectTasks(-1, GETPOST('taskid', 'int') ? GETPOST('taskid', 'int') : $task_time->fk_task, 'taskid', 0, 0, 1, 1, 0, 0, 'maxwidth300', $projectstatic->id, '');
 					} else {
 						$tasktmp->id = $task_time->fk_task;
@@ -1761,7 +1761,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
 			// By User
 			if (!empty($arrayfields['author']['checked'])) {
 				print '<td class="tdoverflowmax100">';
-				if ($action == 'editline' && $_GET['lineid'] == $task_time->rowid) {
+				if ($action == 'editline' && GETPOST('lineid', 'int') == $task_time->rowid) {
 					if (empty($object->id)) {
 						$object->fetch($id);
 					}
@@ -1792,7 +1792,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
 			// Note
 			if (!empty($arrayfields['t.note']['checked'])) {
 				print '<td class="small">';
-				if ($action == 'editline' && $_GET['lineid'] == $task_time->rowid) {
+				if ($action == 'editline' && GETPOST('lineid', 'int') == $task_time->rowid) {
 					print '<textarea name="timespent_note_line" width="95%" rows="'.ROWS_1.'">'.dol_escape_htmltag($task_time->note).'</textarea>';
 				} else {
 					print dol_nl2br($task_time->note);
@@ -1801,14 +1801,14 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
 				if (!$i) {
 					$totalarray['nbfield']++;
 				}
-			} elseif ($action == 'editline' && $_GET['lineid'] == $task_time->rowid) {
+			} elseif ($action == 'editline' && GETPOST('lineid', 'int') == $task_time->rowid) {
 				print '<input type="hidden" name="timespent_note_line" value="'.dol_escape_htmltag($task_time->note).'">';
 			}
 
 			// Time spent
 			if (!empty($arrayfields['t.task_duration']['checked'])) {
 				print '<td class="right nowraponall">';
-				if ($action == 'editline' && $_GET['lineid'] == $task_time->rowid) {
+				if ($action == 'editline' && GETPOST('lineid', 'int') == $task_time->rowid) {
 					print '<input type="hidden" name="old_duration" value="'.$task_time->task_duration.'">';
 					print $form->select_duration('new_duration', $task_time->task_duration, 0, 'text');
 				} else {
@@ -1928,13 +1928,13 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
 
 			// Add line to split
 
-			if ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+			if ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
 				print '<tr class="oddeven">';
 
 				// Date
 				if (!empty($arrayfields['t.task_date']['checked'])) {
 					print '<td class="nowrap">';
-					if ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+					if ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
 						if (empty($task_time->task_date_withhour)) {
 							print $form->selectDate(($date2 ? $date2 : $date1), 'timeline', 3, 3, 2, "timespent_date", 1, 0);
 						} else {
@@ -1978,7 +1978,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
 				// User
 				if (!empty($arrayfields['author']['checked'])) {
 					print '<td>';
-					if ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+					if ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
 						if (empty($object->id)) {
 							$object->fetch($id);
 						}
@@ -2006,20 +2006,20 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
 				// Note
 				if (!empty($arrayfields['t.note']['checked'])) {
 					print '<td class="tdoverflowmax300">';
-					if ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+					if ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
 						print '<textarea name="timespent_note_line" width="95%" rows="'.ROWS_1.'">'.dol_escape_htmltag($task_time->note).'</textarea>';
 					} else {
 						print dol_nl2br($task_time->note);
 					}
 					print '</td>';
-				} elseif ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+				} elseif ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
 					print '<input type="hidden" name="timespent_note_line" rows="'.ROWS_1.'" value="'.dol_escape_htmltag($task_time->note).'">';
 				}
 
 				// Time spent
 				if (!empty($arrayfields['t.task_duration']['checked'])) {
 					print '<td class="right">';
-					if ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+					if ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
 						print '<input type="hidden" name="old_duration" value="'.$task_time->task_duration.'">';
 						print $form->select_duration('new_duration', $task_time->task_duration, 0, 'text');
 					} else {
@@ -2072,7 +2072,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
 				// Date
 				if (!empty($arrayfields['t.task_date']['checked'])) {
 					print '<td class="nowrap">';
-					if ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+					if ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
 						if (empty($task_time->task_date_withhour)) {
 							print $form->selectDate(($date2 ? $date2 : $date1), 'timeline_2', 3, 3, 2, "timespent_date", 1, 0);
 						} else {
@@ -2116,7 +2116,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
 				// User
 				if (!empty($arrayfields['author']['checked'])) {
 					print '<td>';
-					if ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+					if ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
 						if (empty($object->id)) {
 							$object->fetch($id);
 						}
@@ -2144,20 +2144,20 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
 				// Note
 				if (!empty($arrayfields['t.note']['checked'])) {
 					print '<td class="small tdoverflowmax300"">';
-					if ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+					if ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
 						print '<textarea name="timespent_note_line_2" width="95%" rows="'.ROWS_1.'">'.dol_escape_htmltag($task_time->note).'</textarea>';
 					} else {
 						print dol_nl2br($task_time->note);
 					}
 					print '</td>';
-				} elseif ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+				} elseif ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
 					print '<input type="hidden" name="timespent_note_line_2" value="'.dol_escape_htmltag($task_time->note).'">';
 				}
 
 				// Time spent
 				if (!empty($arrayfields['t.task_duration']['checked'])) {
 					print '<td class="right">';
-					if ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+					if ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
 						print '<input type="hidden" name="old_duration_2" value="0">';
 						print $form->select_duration('new_duration_2', 0, 0, 'text');
 					} else {

+ 1 - 1
htdocs/salaries/payment_salary/card.php

@@ -111,7 +111,7 @@ if ($action == 'delete') {
 /*
 if ($action == 'valide')
 {
-	$facid = $_GET['facid'];
+	$facid = GETPOST('facid', 'int');
 	print $form->formconfirm('card.php?id='.$object->id.'&amp;facid='.$facid, $langs->trans("ValidatePayment"), $langs->trans("ConfirmValidatePayment"), 'confirm_valide','',0,2);
 
 }

+ 11 - 11
htdocs/societe/list.php

@@ -50,17 +50,11 @@ $show_files = GETPOST('show_files', 'int');
 $confirm = GETPOST('confirm', 'alpha');
 $toselect = GETPOST('toselect', 'array');
 $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'thirdpartylist';
-
+$optioncss = GETPOST('optioncss', 'alpha');
 if ($contextpage == 'poslist') {
-	$_GET['optioncss'] = 'print';
-}
-
-// Security check
-$socid = GETPOST('socid', 'int');
-if ($user->socid) {
-	$socid = $user->socid;
+	$optioncss = 'print';
 }
-$result = restrictedArea($user, 'societe', $socid, '');
+$mode = GETPOST("mode", 'alpha');
 
 $search_all = trim(GETPOST('search_all', 'alphanohtml') ?GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml'));
 $search_cti = preg_replace('/^0+/', '', preg_replace('/[^0-9]/', '', GETPOST('search_cti', 'alphanohtml'))); // Phone number without any special chars
@@ -105,8 +99,6 @@ $search_import_key  = trim(GETPOST("search_import_key", "alpha"));
 $search_parent_name = trim(GETPOST('search_parent_name', 'alpha'));
 
 $type = GETPOST('type', 'alpha');
-$optioncss = GETPOST('optioncss', 'alpha');
-$mode = GETPOST("mode", 'alpha');
 $place = GETPOST('place', 'aZ09') ? GETPOST('place', 'aZ09') : '0'; // $place is string id of table for Bar or Restaurant
 
 $diroutputmassaction = $conf->societe->dir_output.'/temp/massgeneration/'.$user->id;
@@ -268,6 +260,14 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php';
 $object->fields = dol_sort_array($object->fields, 'position');
 $arrayfields = dol_sort_array($arrayfields, 'position');
 
+// Security check
+$socid = GETPOST('socid', 'int');
+if ($user->socid) {
+	$socid = $user->socid;
+}
+$result = restrictedArea($user, 'societe', $socid, '');
+
+
 
 /*
  * Actions