Try to fix GETPOSTINT regressions

htdocs/accountancy/admin/accountmodel.php

@@ -75,7 +75,7 @@ $offset = $listlimit * $page;
 $pageprev = $page - 1;
 $pagenext = $page + 1;
 
-$search_country_id = GETPOSTINT('search_country_id');
+$search_country_id = GETPOST('search_country_id', 'int');
 
 
 // Security check

htdocs/accountancy/admin/categories_list.php

@@ -70,7 +70,7 @@ $offset = $listlimit * $page;
 $pageprev = $page - 1;
 $pagenext = $page + 1;
 
-$search_country_id = GETPOSTINT('search_country_id');
+$search_country_id = GETPOST('search_country_id', 'int');
 
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('admin'));

htdocs/accountancy/admin/journals_list.php

@@ -80,7 +80,7 @@ if (empty($sortorder)) {
 
 $error = 0;
 
-$search_country_id = GETPOSTINT('search_country_id');
+$search_country_id = GETPOST('search_country_id', 'int');
 
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('admin'));

htdocs/adherents/subscription/list.php

@@ -50,7 +50,7 @@ $search_lastname = GETPOST('search_lastname', 'alpha');
 $search_firstname = GETPOST('search_firstname', 'alpha');
 $search_login = GETPOST('search_login', 'alpha');
 $search_note = GETPOST('search_note', 'alpha');
-$search_account = GETPOSTINT('search_account');
+$search_account = GETPOST('search_account', 'alpha');
 $search_amount = GETPOST('search_amount', 'alpha');
 $search_all = '';
 
@@ -322,7 +322,7 @@ if ($search_login) {
 	$param .= "&search_login=".urlencode($search_login);
 }
 if ($search_account) {
-	$param .= "&search_account=".urlencode((string) ($search_account));
+	$param .= "&search_account=".urlencode($search_account));
 }
 if ($search_amount) {
 	$param .= "&search_amount=".urlencode($search_amount);

htdocs/adherents/type.php

@@ -81,7 +81,7 @@ if (!$sortfield) {
 
 $label = GETPOST("label", "alpha");
 $morphy = GETPOST("morphy", "alpha");
-$status = GETPOSTINT("status");
+$status = GETPOST("status", "intcomma");
 $subscription = GETPOSTINT("subscription");
 $amount = GETPOST('amount', 'alpha');
 $duration_value = GETPOSTINT('duration_value');

htdocs/admin/dict.php

@@ -76,7 +76,7 @@ $offset = $listlimit * $page;
 $pageprev = $page - 1;
 $pagenext = $page + 1;
 
-$search_country_id = GETPOSTINT('search_country_id');
+$search_country_id = GETPOST('search_country_id', 'int');
 $search_code = GETPOST('search_code', 'alpha');
 $search_active = GETPOST('search_active', 'alpha');
 

htdocs/admin/tools/listevents.php

@@ -65,7 +65,7 @@ if (!$sortorder) {
 	$sortorder = "DESC";
 }
 
-$search_rowid = GETPOSTINT("search_rowid");
+$search_rowid = GETPOST("search_rowid", "intcomma");
 $search_code = GETPOST("search_code", "alpha");
 $search_ip   = GETPOST("search_ip", "alpha");
 $search_user = GETPOST("search_user", "alpha");

htdocs/comm/action/index.php

@@ -109,7 +109,7 @@ $mode = GETPOST('mode', 'aZ09');
 if (empty($mode) && preg_match('/show_/', $action)) {
 	$mode = $action;	// For backward compatibility
 }
-$resourceid = GETPOSTINT("search_resourceid");
+$resourceid = GETPOST("search_resourceid", 'int');
 $year = GETPOSTINT("year") ? GETPOSTINT("year") : date("Y");
 $month = GETPOSTINT("month") ? GETPOSTINT("month") : date("m");
 $week = GETPOSTINT("week") ? GETPOSTINT("week") : date("W");

htdocs/comm/mailing/cibles.php

@@ -63,7 +63,7 @@ $search_lastname = GETPOST("search_lastname", 'alphanohtml');
 $search_firstname = GETPOST("search_firstname", 'alphanohtml');
 $search_email = GETPOST("search_email", 'alphanohtml');
 $search_other = GETPOST("search_other", 'alphanohtml');
-$search_dest_status = GETPOST('search_dest_status');	// Must be '' if not set, so do not use GETPOSTINT here.
+$search_dest_status = GETPOST('search_dest_status', 'int');
 
 // Search modules dirs
 $modulesdir = dolGetModulesDirs('/mailings');

htdocs/compta/bank/bankentries_list.php

@@ -75,9 +75,9 @@ $dateop = dol_mktime(12, 0, 0, GETPOSTINT("opmonth"), GETPOSTINT("opday"), GETPO
 $search_debit = GETPOST("search_debit", 'alpha');
 $search_credit = GETPOST("search_credit", 'alpha');
 $search_type = GETPOST("search_type", 'alpha');
-$search_account = GETPOSTINT("search_account") ? GETPOSTINT("search_account") : GETPOSTINT("account");
+$search_account = GETPOST("search_account", 'int') ? GETPOSTINT("search_account", 'int') : GETPOST("account", 'int');
 $search_accountancy_code = GETPOST('search_accountancy_code', 'alpha') ? GETPOST('search_accountancy_code', 'alpha') : GETPOST('accountancy_code', 'alpha');
-$search_bid = GETPOSTINT("search_bid") ? GETPOSTINT("search_bid") : GETPOSTINT("bid");
+$search_bid = GETPOST("search_bid", 'int') ? GETPOST("search_bid", 'int') : GETPOST("bid", 'int');
 $search_ref = GETPOST('search_ref', 'alpha');
 $search_description = GETPOST("search_description", 'alpha');
 $search_dt_start = dol_mktime(0, 0, 0, GETPOSTINT('search_start_dtmonth'), GETPOSTINT('search_start_dtday'), GETPOSTINT('search_start_dtyear'));

htdocs/compta/bank/various_payment/list.php

@@ -54,7 +54,7 @@ $search_datev_start = dol_mktime(0, 0, 0, GETPOSTINT('search_date_value_startmon
 $search_datev_end = dol_mktime(23, 59, 59, GETPOSTINT('search_date_value_endmonth'), GETPOSTINT('search_date_value_endday'), GETPOSTINT('search_date_value_endyear'));
 $search_amount_deb = GETPOST('search_amount_deb', 'alpha');
 $search_amount_cred = GETPOST('search_amount_cred', 'alpha');
-$search_bank_account = GETPOSTINT('search_account');
+$search_bank_account = GETPOST('search_account', "intcomma");
 $search_bank_entry = GETPOST('search_bank_entry', 'alpha');
 $search_accountancy_account = GETPOST("search_accountancy_account");
 if ($search_accountancy_account == - 1) {

htdocs/compta/charges/index.php

@@ -61,8 +61,6 @@ if (!$year) {
 }
 $optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print')
 
-$search_account = GETPOSTINT('search_account');
-
 $limit = GETPOSTINT('limit') ? GETPOSTINT('limit') : $conf->liste_limit;
 $sortfield = GETPOST('sortfield', 'aZ09comma');
 $sortorder = GETPOST('sortorder', 'aZ09comma');

htdocs/compta/paiement/cheque/list.php

@@ -51,7 +51,7 @@ $search_date_endmonth = GETPOSTINT('search_date_endmonth');
 $search_date_endyear = GETPOSTINT('search_date_endyear');
 $search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear);	// Use tzserver
 $search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear);
-$search_account = GETPOSTINT('search_account');
+$search_account = GETPOST('search_account', 'alpha');
 $search_amount = GETPOST('search_amount', 'alpha');
 $mode = GETPOST('mode', 'alpha');
 

htdocs/compta/paiement/list.php

@@ -63,7 +63,7 @@ $search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_s
 $search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear);
 $search_company = GETPOST("search_company", 'alpha');
 $search_paymenttype = GETPOST("search_paymenttype");
-$search_account = GETPOSTINT("search_account");
+$search_account = GETPOST("search_account", 'alpha');
 $search_payment_num = GETPOST('search_payment_num', 'alpha');
 $search_amount = GETPOST("search_amount", 'alpha'); // alpha because we must be able to search on "< x"
 $search_status = GETPOST('search_status', 'intcomma');
@@ -265,7 +265,7 @@ if (GETPOST("orphelins", "alpha")) {
 		$sql .= natural_search('s.nom', $search_company);
 	}
 	// Search on sale representative
-	if ($search_sale && $search_sale != '-1') {
+	if ($search_sale && $search_sale != -1) {
 		if ($search_sale == -2) {
 			$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = f.fk_soc)";
 		} elseif ($search_sale > 0) {

htdocs/compta/sociales/list.php

@@ -52,7 +52,7 @@ $mode = GETPOST('mode', 'alpha');
 
 $search_ref = GETPOST('search_ref', 'alpha');
 $search_label = GETPOST('search_label', 'alpha');
-$search_typeid = GETPOSTINT('search_typeid');
+$search_typeid = GETPOST('search_typeid', 'int');
 $search_amount = GETPOST('search_amount', 'alpha');
 $search_status = GETPOST('search_status', 'intcomma');
 $search_date_startday = GETPOSTINT('search_date_startday');
@@ -72,9 +72,9 @@ $search_date_limit_endyear = GETPOSTINT('search_date_limit_endyear');
 $search_date_limit_start = dol_mktime(0, 0, 0, $search_date_limit_startmonth, $search_date_limit_startday, $search_date_limit_startyear);
 $search_date_limit_end = dol_mktime(23, 59, 59, $search_date_limit_endmonth, $search_date_limit_endday, $search_date_limit_endyear);
 $search_project_ref = GETPOST('search_project_ref', 'alpha');
-$search_users = GETPOST('search_users');
-$search_type = GETPOSTINT('search_type');
-$search_account = GETPOSTINT('search_account');
+$search_users = GETPOST('search_users', 'intcomma');
+$search_type = GETPOST('search_type', 'alpha');
+$search_account = GETPOST('search_account', 'alpha');
 
 $limit = GETPOSTINT('limit') ? GETPOSTINT('limit') : $conf->liste_limit;
 $sortfield = GETPOST('sortfield', 'aZ09comma');

htdocs/compta/sociales/payments.php

@@ -52,7 +52,7 @@ $hookmanager->initHooks(array('specialexpensesindex'));
 $langs->loadLangs(array('compta', 'bills', 'hrm'));
 
 $year = GETPOSTINT("year");
-$search_sc_type = GETPOSTINT('search_sc_type');
+$search_sc_type = GETPOST('search_sc_type', 'intcomma');
 $optioncss = GETPOST('optioncss', 'alpha');
 
 $limit = GETPOSTINT('limit') ? GETPOSTINT('limit') : $conf->liste_limit;

htdocs/compta/stats/casoc.php

@@ -60,7 +60,7 @@ $socid = GETPOSTINT('socid');
 // Category
 $selected_cat = GETPOSTINT('search_categ');
 if ($selected_cat == -1) {
-	$selected_cat = '';
+	$selected_cat = 0;
 }
 $subcat = false;
 if (GETPOST('subcat', 'alpha') === 'yes') {

htdocs/compta/stats/supplier_turnover_by_prodserv.php

@@ -54,7 +54,7 @@ if (GETPOST('subcat', 'alpha') === 'yes') {
 	$subcat = true;
 }
 // product/service
-$selected_type = GETPOSTINT('search_type');
+$selected_type = GETPOST('search_type', "intcomma");
 if ($selected_type == '') {
 	$selected_type = -1;
 }

htdocs/compta/tva/list.php

@@ -58,9 +58,9 @@ $search_dateend_start = dol_mktime(0, 0, 0, GETPOSTINT('search_dateend_startmont
 $search_dateend_end = dol_mktime(23, 59, 59, GETPOSTINT('search_dateend_endmonth'), GETPOSTINT('search_dateend_endday'), GETPOSTINT('search_dateend_endyear'));
 $search_datepayment_start = dol_mktime(0, 0, 0, GETPOSTINT('search_datepayment_startmonth'), GETPOSTINT('search_datepayment_startday'), GETPOSTINT('search_datepayment_startyear'));
 $search_datepayment_end = dol_mktime(23, 59, 59, GETPOSTINT('search_datepayment_endmonth'), GETPOSTINT('search_datepayment_endday'), GETPOSTINT('search_datepayment_endyear'));
-$search_type = GETPOSTINT('search_type');
-$search_account				= GETPOSTINT('search_account');
-$search_amount 				= GETPOST('search_amount', 'alpha');
+$search_type = GETPOST('search_type', 'intcomma');
+$search_account	= GETPOST('search_account', 'alpha');
+$search_amount = GETPOST('search_amount', 'alpha');
 $search_status = GETPOST('search_status', 'intcomma');
 
 $limit = GETPOSTINT('limit') ? GETPOSTINT('limit') : $conf->liste_limit;

htdocs/contact/list.php

@@ -74,7 +74,7 @@ $search_all = trim((GETPOST('search_all', 'alphanohtml') != '') ? GETPOST('searc
 $search_cti = preg_replace('/^0+/', '', preg_replace('/[^0-9]/', '', GETPOST('search_cti', 'alphanohtml'))); // Phone number without any special chars
 $search_phone = GETPOST("search_phone", 'alpha');
 
-$search_id = GETPOSTINT("search_id");
+$search_id = GETPOST("search_id", "intcomma");
 $search_firstlast_only = GETPOST("search_firstlast_only", 'alpha');
 $search_lastname = GETPOST("search_lastname", 'alpha');
 $search_firstname = GETPOST("search_firstname", 'alpha');

htdocs/core/class/html.form.class.php

@@ -4916,16 +4916,16 @@ class Form
 	/**
 	 *  Return a HTML select list of bank accounts
 	 *
-	 * @param string 	$selected 		Id account preselected
-	 * @param string 	$htmlname 		Name of select zone
-	 * @param int 		$status 		Status of searched accounts (0=open, 1=closed, 2=both)
-	 * @param string 	$filtre 		To filter the list. This parameter must not come from input of users
-	 * @param int 		$useempty 		1=Add an empty value in list, 2=Add an empty value in list only if there is more than 2 entries.
-	 * @param string 	$moreattrib 	To add more attribute on select
-	 * @param int 		$showcurrency 	Show currency in label
-	 * @param string 	$morecss 		More CSS
-	 * @param int 		$nooutput 		1=Return string, do not send to output
-	 * @return int|string              	If noouput=0: Return integer <0 if error, Num of bank account found if OK (0, 1, 2, ...), If nooutput=1: Return a HTML select string.
+	 * @param int|string 	$selected 		Id account preselected
+	 * @param string 		$htmlname 		Name of select zone
+	 * @param int 			$status 		Status of searched accounts (0=open, 1=closed, 2=both)
+	 * @param string 		$filtre 		To filter the list. This parameter must not come from input of users
+	 * @param int 			$useempty 		1=Add an empty value in list, 2=Add an empty value in list only if there is more than 2 entries.
+	 * @param string 		$moreattrib 	To add more attribute on select
+	 * @param int 			$showcurrency 	Show currency in label
+	 * @param string 		$morecss 		More CSS
+	 * @param int 			$nooutput 		1=Return string, do not send to output
+	 * @return int|string   	           	If noouput=0: Return integer <0 if error, Num of bank account found if OK (0, 1, 2, ...), If nooutput=1: Return a HTML select string.
 	 */
 	public function select_comptes($selected = '', $htmlname = 'accountid', $status = 0, $filtre = '', $useempty = 0, $moreattrib = '', $showcurrency = 0, $morecss = '', $nooutput = 0)
 	{

htdocs/core/class/html.formother.class.php

@@ -469,7 +469,7 @@ class FormOther
 	/**
 	 *  Return select list for categories (to use in form search selectors)
 	 *
-	 *  @param	string		$selected     		Preselected value
+	 *  @param	int|string	$selected     		Preselected value
 	 *  @param  string		$htmlname      		Name of combo list (example: 'search_sale')
 	 *  @param  User		$user           	Object user
 	 *  @param	int			$showstatus			0=show user status only if status is disabled, 1=always show user status into label, -1=never show user status

htdocs/core/lib/company.lib.php

@@ -1108,7 +1108,7 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '', $showuserl
 		$search_status = 1; // always display active customer first
 	}
 
-	$search_rowid   = GETPOSTINT("search_rowid");
+	$search_rowid   = GETPOST("search_rowid", "intcomma");
 	$search_name    = GETPOST("search_name", 'alpha');
 	$search_address = GETPOST("search_address", 'alpha');
 	$search_poste   = GETPOST("search_poste", 'alpha');

htdocs/core/modules/movement/doc/pdf_standard.modules.php

@@ -176,7 +176,7 @@ class pdf_standard extends ModelePDFMovement
 		$search_user = trim(GETPOST("search_user"));
 		$search_batch = trim(GETPOST("search_batch"));
 		$search_qty = trim(GETPOST("search_qty"));
-		$search_type_mouvement = GETPOSTINT('search_type_mouvement');
+		$search_type_mouvement = GETPOST('search_type_mouvement', "intcomma");
 
 		$limit = GETPOSTINT('limit') ? GETPOSTINT('limit') : $conf->liste_limit;
 		$page = GETPOSTISSET('pageplusone') ? (GETPOSTINT('pageplusone') - 1) : GETPOSTINT("page");

htdocs/cron/list.php

@@ -66,7 +66,7 @@ $search_status = GETPOST('search_status', 'intcomma');
 $search_label = GETPOST("search_label", 'alpha');
 $search_module_name = GETPOST("search_module_name", 'alpha');
 $search_lastresult = GETPOST("search_lastresult", "alphawithlgt");
-$search_processing = GETPOSTINT("search_processing");
+$search_processing = GETPOST("search_processing", 'int');
 $securitykey = GETPOST('securitykey', 'alpha');
 
 $outputdir = $conf->cron->dir_output;
@@ -299,7 +299,7 @@ if ($search_lastresult != '') {
 if (GETPOSTISSET('search_processing')) {
 	$sql .= " AND t.processing = ".((int) $search_processing);
 }
-//Manage filter
+// Manage filter
 if (is_array($filter) && count($filter) > 0) {
 	foreach ($filter as $key => $value) {
 		$sql .= " AND ".$key." LIKE '%".$db->escape($value)."%'";

htdocs/don/paiement/list.php

@@ -39,6 +39,7 @@ $langs->loadLangs(array('companies', 'donations'));
 $action     = GETPOST('action', 'aZ09') ? GETPOST('action', 'aZ09') : 'view'; // The action 'create'/'add', 'edit'/'update', 'view', ...
 $massaction = GETPOST('massaction', 'alpha'); // The bulk action (combo box choice into lists)
 $contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'sclist';
+$mode = GETPOST('mode', 'alpha');
 
 $paiementid				= GETPOSTINT('paiementid');
 
@@ -52,19 +53,16 @@ $search_date_endyear = GETPOSTINT('search_date_endyear');
 $search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear);
 $search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear);
 $search_company = GETPOST("search_company", 'alpha');
-$search_paymenttype = GETPOST("search_paymenttype");
-$search_account = GETPOSTINT("search_account");
+$search_paymenttype = GETPOST("search_paymenttype", "intcomma");
+$search_account = GETPOST("search_account", 'alpha');
 $search_payment_num = GETPOST('search_payment_num', 'alpha');
 $search_amount = GETPOST("search_amount", 'alpha');
 $search_status = GETPOST('search_status', 'intcomma');
-$search_sale = GETPOSTINT('search_sale');
 
 $limit = GETPOSTINT('limit') ? GETPOSTINT('limit') : $conf->liste_limit;
 $sortfield = GETPOST('sortfield', 'aZ09comma');
 $sortorder = GETPOST('sortorder', 'aZ09comma');
 $page = GETPOSTISSET('pageplusone') ? (GETPOSTINT('pageplusone') - 1) : GETPOSTINT("page");
-$type = GETPOST('type', 'aZ');
-$mode = GETPOST('mode', 'alpha');
 if (empty($page) || $page == -1) {
 	$page = 0;
 }     // If $page is not defined, or '' or -1

htdocs/expensereport/payment/list.php

@@ -70,7 +70,7 @@ $search_date_end		= dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_e
 $search_user			= GETPOST('search_user', 'alpha');
 $search_payment_type	= GETPOST('search_payment_type');
 $search_cheque_num		= GETPOST('search_cheque_num', 'alpha');
-$search_bank_account	= GETPOSTINT('search_bank_account');
+$search_bank_account	= GETPOST('search_bank_account', 'int');
 $search_amount			= GETPOST('search_amount', 'alpha'); // alpha because we must be able to search on '< x'
 
 $limit = GETPOSTINT('limit') ? GETPOSTINT('limit') : $conf->liste_limit;

htdocs/fourn/facture/paiement.php

@@ -62,7 +62,7 @@ $month = GETPOSTINT('month');
 $year = GETPOSTINT('year');
 
 $search_ref = GETPOST('search_ref', 'alpha');
-$search_account = GETPOSTINT('search_account');
+$search_account = GETPOST('search_account', 'alpha');
 $search_paymenttype = GETPOST('search_paymenttype');
 $search_amount = GETPOST('search_amount', 'alpha'); // alpha because we must be able to search on "< x"
 $search_company = GETPOST('search_company', 'alpha');

htdocs/fourn/paiement/list.php

@@ -63,9 +63,9 @@ $search_date_endyear	= GETPOSTINT('search_date_endyear');
 $search_date_start		= dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear);	// Use tzserver
 $search_date_end		= dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear);
 $search_company			= GETPOST('search_company', 'alpha');
-$search_payment_type	= GETPOST('search_payment_type');
+$search_payment_type	= GETPOST('search_payment_type', 'alpha');
 $search_cheque_num		= GETPOST('search_cheque_num', 'alpha');
-$search_bank_account	= GETPOSTINT('search_bank_account');
+$search_bank_account	= GETPOST('search_bank_account', 'int');
 $search_amount			= GETPOST('search_amount', 'alpha'); // alpha because we must be able to search on '< x'
 $search_sale            = GETPOSTINT('search_sale');
 

htdocs/holiday/define_holiday.php

@@ -42,7 +42,7 @@ $optioncss = GETPOST('optioncss', 'alpha');
 $mode = GETPOST('optioncss', 'aZ');
 
 $search_name = GETPOST('search_name', 'alpha');
-$search_supervisor = GETPOSTINT('search_supervisor');
+$search_supervisor = GETPOST('search_supervisor', "intcomma");
 
 // Load variable for pagination
 $limit = GETPOSTINT('limit') ? GETPOSTINT('limit') : $conf->liste_limit;

htdocs/holiday/month_report.php

@@ -43,8 +43,8 @@ $socid = 0;
 $id = GETPOSTINT('id');
 
 $search_ref         = GETPOST('search_ref', 'alphanohtml');
-$search_employee    = GETPOSTINT('search_employee');
-$search_type        = GETPOSTINT('search_type');
+$search_employee    = GETPOST('search_employee', "intcomma");
+$search_type        = GETPOST('search_type', "intcomma");
 $search_description = GETPOST('search_description', 'alphanohtml');
 
 $limit       = GETPOSTINT('limit') ? GETPOSTINT('limit') : $conf->liste_limit;
@@ -194,7 +194,7 @@ if (!empty($search_ref)) {
 	$param .= '&search_ref='.urlencode($search_ref);
 }
 if (!empty($search_employee)) {
-	$param .= '&search_employee='.urlencode((string) ($search_employee));
+	$param .= '&search_employee='.urlencode($search_employee);
 }
 if (!empty($search_type)) {
 	$param .= '&search_type='.urlencode($search_type);

htdocs/holiday/view_log.php

@@ -52,10 +52,10 @@ $optioncss          = GETPOST('optioncss', 'aZ'); // Option for the css output (
 $search_id          = GETPOST('search_id', 'alphanohtml');
 $search_month       = GETPOSTINT('search_month');
 $search_year        = GETPOSTINT('search_year');
-$search_employee    = GETPOSTINT('search_employee');
-$search_validator   = GETPOSTINT('search_validator');
+$search_employee    = GETPOST('search_employee', "intcomma");
+$search_validator   = GETPOST('search_validator', "intcomma");
 $search_description = GETPOST('search_description', 'alphanohtml');
-$search_type        = GETPOSTINT('search_type');
+$search_type        = GETPOST('search_type', "intcomma");
 $search_prev_solde  = GETPOST('search_prev_solde', 'alphanohtml');
 $search_new_solde   = GETPOST('search_new_solde', 'alphanohtml');
 

htdocs/intracommreport/list.php

@@ -41,9 +41,11 @@ $toselect = GETPOST('toselect', 'array');
 
 $search_all = trim((GETPOST('search_all', 'alphanohtml') != '') ? GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml'));
 $search_ref = GETPOST("search_ref", 'alpha');
-$search_type = GETPOSTINT("search_type");
+$search_type = GETPOST("search_type", 'int');
 $optioncss = GETPOST('optioncss', 'alpha');
-$type = GETPOSTINT("type");
+$mode = GETPOST('mode', 'aZ');
+
+$type = GETPOST("type", 'int');
 
 $diroutputmassaction = $conf->product->dir_output.'/temp/massgeneration/'.$user->id;
 
@@ -105,13 +107,6 @@ if (!empty($canvas)) {
 	$objcanvas->getCanvas('product', 'list', $canvas);
 }
 
-// Security check
-/*
-if ($search_type=='0') $result=restrictedArea($user, 'produit', '', '', '', '', '', $objcanvas);
-elseif ($search_type=='1') $result=restrictedArea($user, 'service', '', '', '', '', '', $objcanvas);
-else $result=restrictedArea($user, 'produit|service', '', '', '', '', '', $objcanvas);
-*/
-
 // List of fields to search into when doing a "search in all"
 $fieldstosearchall = array(
 	'i.ref' => "Ref",

htdocs/mrp/mo_movements.php

@@ -65,7 +65,7 @@ $search_inventorycode = trim(GETPOST("search_inventorycode", 'alpha'));
 $search_user = trim(GETPOST("search_user", 'alpha'));
 $search_batch = trim(GETPOST("search_batch", 'alpha'));
 $search_qty = trim(GETPOST("search_qty", 'alpha'));
-$search_type_mouvement = GETPOSTINT('search_type_mouvement');
+$search_type_mouvement = GETPOST('search_type_mouvement', "intcomma");
 
 $limit = GETPOSTINT('limit') ? GETPOSTINT('limit') : $conf->liste_limit;
 $page  = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOSTINT("page");

htdocs/product/stock/movement_card.php

@@ -73,7 +73,7 @@ $search_inventorycode = trim(GETPOST("search_inventorycode", 'alpha'));
 $search_user = trim(GETPOST("search_user", 'alpha'));
 $search_batch = trim(GETPOST("search_batch", 'alpha'));
 $search_qty = trim(GETPOST("search_qty", 'alpha'));
-$search_type_mouvement = GETPOSTINT('search_type_mouvement');
+$search_type_mouvement = GETPOST('search_type_mouvement', "intcomma");
 
 $limit = GETPOSTINT('limit') ? GETPOSTINT('limit') : $conf->liste_limit;
 $page = GETPOSTISSET('pageplusone') ? (GETPOSTINT('pageplusone') - 1) : GETPOSTINT("page");

htdocs/projet/list.php

@@ -505,6 +505,7 @@ $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'user AS u ON p.fk_user_creat = u.rowid';
 // We'll need this table joined to the select in order to filter by sale
 // No check is done on company permission because readability is managed by public status of project and assignment.
 //if ($search_sale > 0 || (! $user->rights->societe->client->voir && ! $socid)) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
+// FIXME Move the left join into the where exists
 if ($search_sale > 0) {
 	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
 }

htdocs/projet/tasks/time.php

@@ -77,8 +77,7 @@ $search_date_endyear = GETPOSTINT('search_date_endyear');
 $search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear); // Use tzserver
 $search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear);
 $search_note = GETPOST('search_note', 'alpha');
-$search_duration = GETPOSTINT('search_duration');
-$search_value = GETPOSTINT('search_value');
+$search_duration = GETPOST('search_duration', 'alpha');
 $search_task_ref = GETPOST('search_task_ref', 'alpha');
 $search_task_label = GETPOST('search_task_label', 'alpha');
 $search_user = GETPOST('search_user', 'intcomma');

htdocs/public/agenda/agendaexport.php

@@ -137,8 +137,8 @@ if (GETPOSTINT("notolderthan")) {
 if (GETPOST("module", 'alpha')) {
 	$filters['module'] = GETPOST("module", 'alpha');
 }
-if (GETPOSTINT("status")) {
-	$filters['status'] = GETPOSTINT("status");
+if (GETPOST("status", "intcomma")) {
+	$filters['status'] = GETPOST("status", "intcomma");
 }
 
 // Security check

htdocs/public/ticket/list.php

@@ -205,8 +205,8 @@ if ($action == "view_ticketlist") {
 		$search_type = GETPOST("search_type", 'alpha');
 		$search_category = GETPOST("search_category", 'alpha');
 		$search_severity = GETPOST("search_severity", 'alpha');
-		$search_fk_user_create = GETPOSTINT("search_fk_user_create");
-		$search_fk_user_assign = GETPOSTINT("search_fk_user_assign");
+		$search_fk_user_create = GETPOST("search_fk_user_create", "intcomma");
+		$search_fk_user_assign = GETPOST("search_fk_user_assign", "intcomma");
 
 		// Store current page url
 		$url_page_current = dol_buildpath('/public/ticket/list.php', 1);

htdocs/salaries/list.php

@@ -92,12 +92,10 @@ $search_date_start_to = dol_mktime(23, 59, 59, GETPOSTINT('search_date_start_tom
 $search_date_end_from = dol_mktime(0, 0, 0, GETPOSTINT('search_date_end_frommonth'), GETPOSTINT('search_date_end_fromday'), GETPOSTINT('search_date_end_fromyear'));
 $search_date_end_to = dol_mktime(23, 59, 59, GETPOSTINT('search_date_end_tomonth'), GETPOSTINT('search_date_end_today'), GETPOSTINT('search_date_end_toyear'));
 $search_amount = GETPOST('search_amount', 'alpha');
-$search_account = GETPOSTINT('search_account');
+$search_account = GETPOST('search_account', 'alpha');
 $search_status = GETPOST('search_status', 'intcomma');
 $search_type_id = GETPOST('search_type_id', 'intcomma');
 
-$filtre = GETPOST("filtre", 'restricthtml');
-
 $childids = $user->getAllChildIds(1);
 
 // Initialize array of search criteria

htdocs/salaries/payments.php

@@ -94,9 +94,9 @@ $search_date_end = dol_mktime(23, 59, 59, GETPOSTINT('search_date_endmonth'), GE
 $search_dateep_start = dol_mktime(0, 0, 0, GETPOSTINT('search_dateep_startmonth'), GETPOSTINT('search_dateep_startday'), GETPOSTINT('search_dateep_startyear'));
 $search_dateep_end = dol_mktime(23, 59, 59, GETPOSTINT('search_dateep_endmonth'), GETPOSTINT('search_dateep_endday'), GETPOSTINT('search_dateep_endyear'));
 $search_amount = GETPOST('search_amount', 'alpha');
-$search_account = GETPOSTINT('search_account');
-$search_fk_bank = GETPOSTINT('search_fk_bank');
-$search_chq_number = GETPOSTINT('search_chq_number');
+$search_account = GETPOST('search_account', 'alpha');
+$search_fk_bank = GETPOST('search_fk_bank', 'alpha');
+$search_chq_number = GETPOST('search_chq_number', 'alpha');
 
 $filtre = GETPOST("filtre", 'restricthtml');
 
@@ -371,13 +371,13 @@ if ($search_account) {
 	$param .= '&search_account='.urlencode((string) ($search_account));
 }
 if ($search_date_start) {
-	$param .= '&search_date_startday='.urlencode((string) (GETPOSTINT('search_date_startday'))).'&search_date_startmonth='.urlencode((string) (GETPOSTINT('search_date_startmonth'))).'&search_date_startyear='.urlencode((string) (GETPOSTINT('search_date_startyear')));
+	$param .= '&search_date_startday='.GETPOSTINT('search_date_startday').'&search_date_startmonth='.GETPOSTINT('search_date_startmonth').'&search_date_startyear='.GETPOSTINT('search_date_startyear');
 }
 if ($search_dateep_start) {
-	$param .= '&search_dateep_startday='.urlencode((string) (GETPOSTINT('search_dateep_startday'))).'&search_dateep_startmonth='.urlencode((string) (GETPOSTINT('search_dateep_startmonth'))).'&search_dateep_startyear='.urlencode((string) (GETPOSTINT('search_dateep_startyear')));
+	$param .= '&search_dateep_startday='.GETPOSTINT('search_dateep_startday').'&search_dateep_startmonth='.GETPOSTINT('search_dateep_startmonth').'&search_dateep_startyear='.GETPOSTINT('search_dateep_startyear');
 }
 if ($search_date_end) {
-	$param .= '&search_date_endday='.urlencode((string) (GETPOSTINT('search_date_endday'))).'&search_date_endmonth='.urlencode((string) (GETPOSTINT('search_date_endmonth'))).'&search_date_endyear='.urlencode((string) (GETPOSTINT('search_date_endyear')));
+	$param .= '&search_date_endday='.GETPOSTINT('search_date_endday').'&search_date_endmonth='.GETPOSTINT('search_date_endmonth').'&search_date_endyear='.GETPOSTINT('search_date_endyear');
 }
 if ($search_dateep_end) {
 	$param .= '&search_dateep_endday='.urlencode((string) (GETPOSTINT('search_dateep_endday'))).'&search_dateep_endmonth='.urlencode((string) (GETPOSTINT('search_dateep_endmonth'))).'&search_dateep_endyear='.urlencode((string) (GETPOSTINT('search_dateep_endyear')));