From ac1fdb4a596431cdc16754387e1576be5b88c0a0 Mon Sep 17 00:00:00 2001 From: "Sekan, Tobias" Date: Wed, 16 Sep 2020 10:51:19 +0200 Subject: [PATCH 01/75] Use new table function for comm/propal + cleanup --- htdocs/comm/index.php | 209 +++++------ htdocs/comm/propal/index.php | 488 +++++++++++++------------ htdocs/core/lib/functions.lib.php | 6 + htdocs/societe/class/societe.class.php | 29 ++ 4 files changed, 366 insertions(+), 366 deletions(-) diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php index 555b5895fac..2cc1ba250d5 100644 --- a/htdocs/comm/index.php +++ b/htdocs/comm/index.php @@ -1,11 +1,11 @@ - * Copyright (C) 2004-2015 Laurent Destailleur - * Copyright (C) 2005-2012 Regis Houssin - * Copyright (C) 2015 Jean-François Ferry - * Copyright (C) 2019 Nicolas ZABOURI - * Copyright (C) 2020 Pierre Ardoin - * Copyright (C) 2020 Tobias Sekan +/* Copyright (C) 2001-2005 Rodolphe Quiedeville + * Copyright (C) 2004-2015 Laurent Destailleur + * Copyright (C) 2005-2012 Regis Houssin + * Copyright (C) 2015 Jean-François Ferry + * Copyright (C) 2019 Nicolas ZABOURI + * Copyright (C) 2020 Pierre Ardoin + * Copyright (C) 2020 Tobias Sekan * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -22,31 +22,31 @@ */ /** - * \file htdocs/comm/index.php - * \ingroup commercial - * \brief Home page of commercial area + * \file htdocs/comm/index.php + * \ingroup commercial + * \brief Home page of commercial area */ require '../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; -require_once DOL_DOCUMENT_ROOT.'/societe/class/client.class.php'; -require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/agenda.lib.php'; -if (!empty($conf->contrat->enabled)) require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php'; -if (!empty($conf->propal->enabled)) require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php'; -if (!empty($conf->supplier_proposal->enabled)) require_once DOL_DOCUMENT_ROOT.'/supplier_proposal/class/supplier_proposal.class.php'; -if (!empty($conf->commande->enabled)) require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php'; -if (!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD) || ! empty($conf->supplier_order->enabled)) require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php'; if (!$user->rights->societe->lire) accessforbidden(); -$hookmanager = new HookManager($db); +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/agenda.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; +require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php'; +require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php'; +require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php'; +require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php'; +require_once DOL_DOCUMENT_ROOT.'/societe/class/client.class.php'; +require_once DOL_DOCUMENT_ROOT.'/supplier_proposal/class/supplier_proposal.class.php'; // Initialize technical object to manage hooks. Note that conf->hooks_modules contains array +$hookmanager = new HookManager($db); $hookmanager->initHooks(array('commercialindex')); // Load translation files required by the page -$langs->loadLangs(array("commercial", "propal")); +$langs->loadLangs(array("boxes", "commercial", "contracts", "orders", "propal", "supplier_proposal")); $action = GETPOST('action', 'alpha'); $bid = GETPOST('bid', 'int'); @@ -136,19 +136,14 @@ if (!empty($conf->global->MAIN_SEARCH_FORM_ON_HOME_AREAS)) { // This is useless * Draft customer proposals */ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { - $langs->load("propal"); - - $sql = "SELECT p.rowid, p.ref, p.ref_client, p.total_ht, p.tva as total_tva, p.total as total_ttc, s.rowid as socid, s.nom as name, s.client, s.canvas"; - $sql .= ", s.code_client"; - $sql .= ", s.email"; - $sql .= ", s.entity"; - $sql .= ", s.code_compta"; + $sql = "SELECT p.rowid, p.ref, p.ref_client, p.total_ht, p.tva as total_tva, p.total as total_ttc"; + $sql .= ", s.rowid as socid, s.nom as name, s.client, s.canvas, s.code_client, s.email, s.entity, s.code_compta"; $sql .= " FROM ".MAIN_DB_PREFIX."propal as p"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql .= " WHERE p.fk_statut = 0"; + $sql .= " WHERE p.entity IN (".getEntity($propalstatic->element).")"; $sql .= " AND p.fk_soc = s.rowid"; - $sql .= " AND p.entity IN (".getEntity('propal').")"; + $sql .= " AND p.fk_statut = ".Propal::STATUS_DRAFT; if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; if ($socid) $sql .= " AND s.rowid = ".$socid; @@ -158,7 +153,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { $num = $db->num_rows($resql); $nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD)); startSimpleTable("ProposalsDraft", "comm/propal/list.php", "search_status=0", 2, $num); - + if ($num > 0) { $i = 0; @@ -171,7 +166,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { $propalstatic->total_ht = $obj->total_ht; $propalstatic->total_tva = $obj->total_tva; $propalstatic->total_ttc = $obj->total_ttc; - + $companystatic->id = $obj->socid; $companystatic->name = $obj->name; $companystatic->client = $obj->client; @@ -206,19 +201,14 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { * Draft supplier proposals */ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposal->lire) { - $langs->load("supplier_proposal"); - - $sql = "SELECT p.rowid, p.ref, p.total_ht, p.tva as total_tva, p.total as total_ttc, s.rowid as socid, s.nom as name, s.client, s.canvas"; - $sql .= ", s.code_client"; - $sql .= ", s.code_fournisseur"; - $sql .= ", s.entity"; - $sql .= ", s.email"; + $sql = "SELECT p.rowid, p.ref, p.total_ht, p.tva as total_tva, p.total as total_ttc"; + $sql .= ", s.rowid as socid, s.nom as name, s.client, s.canvas, s.code_client, s.code_fournisseur, s.entity, s.email"; $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposal as p"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql .= " WHERE p.fk_statut = 0"; + $sql .= " WHERE p.entity IN (".getEntity($supplierproposalstatic->element).")"; + $sql .= " AND p.fk_statut = ".SupplierProposal::STATUS_DRAFT; $sql .= " AND p.fk_soc = s.rowid"; - $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; if ($socid) $sql .= " AND s.rowid = ".$socid; @@ -274,19 +264,14 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa * Draft customer orders */ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { - $langs->load("orders"); - - $sql = "SELECT c.rowid, c.ref, c.ref_client, c.total_ht, c.tva as total_tva, c.total_ttc, s.rowid as socid, s.nom as name, s.client, s.canvas"; - $sql .= ", s.code_client"; - $sql .= ", s.email"; - $sql .= ", s.entity"; - $sql .= ", s.code_compta"; + $sql = "SELECT c.rowid, c.ref, c.ref_client, c.total_ht, c.tva as total_tva, c.total_ttc"; + $sql .= ", s.rowid as socid, s.nom as name, s.client, s.canvas, s.code_client, s.email, s.entity, s.code_compta"; $sql .= " FROM ".MAIN_DB_PREFIX."commande as c"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql .= " WHERE c.fk_soc = s.rowid"; - $sql .= " AND c.fk_statut = 0"; - $sql .= " AND c.entity IN (".getEntity('commande').")"; + $sql .= " WHERE c.entity IN (".getEntity($orderstatic->element).")"; + $sql .= " AND c.fk_statut = ".Commande::STATUS_DRAFT; + $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; if ($socid) $sql .= " AND c.fk_soc = ".$socid; @@ -309,7 +294,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { $orderstatic->total_ht = $obj->total_ht; $orderstatic->total_tva = $obj->total_tva; $orderstatic->total_ttc = $obj->total_ttc; - + $companystatic->id = $obj->socid; $companystatic->name = $obj->name; $companystatic->client = $obj->client; @@ -343,22 +328,17 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { * Draft suppliers orders */ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD) || !empty($conf->supplier_order->enabled)) && $user->rights->fournisseur->commande->lire) { - $langs->load("orders"); - - $sql = "SELECT cf.rowid, cf.ref, cf.ref_supplier, cf.total_ttc, s.rowid as socid, s.nom as name, s.client, s.canvas"; - $sql .= ", s.code_client"; - $sql .= ", s.code_fournisseur"; - $sql .= ", s.entity"; - $sql .= ", s.email"; + $sql = "SELECT cf.rowid, cf.ref, cf.ref_supplier, cf.total_ttc"; + $sql .= ", s.rowid as socid, s.nom as name, s.client, s.canvas, s.code_client, s.code_fournisseur, s.entity, s.email"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as cf"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql .= " WHERE cf.fk_soc = s.rowid"; - $sql .= " AND cf.fk_statut = 0"; - $sql .= " AND cf.entity IN (".getEntity('supplier_order').")"; + $sql .= " WHERE cf.entity IN (".getEntity($supplierorderstatic->element).")"; + $sql .= " AND cf.fk_statut = ".CommandeFournisseur::STATUS_DRAFT; + $sql .= " AND cf.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; if ($socid) $sql .= " AND cf.fk_soc = ".$socid; - + $resql = $db->query($sql); if ($resql) { $total = 0; @@ -409,28 +389,20 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU print '
'; -$max = 3; - /* * Last modified customers or prospects */ if (!empty($conf->societe->enabled) && $user->rights->societe->lire) { - $langs->load("boxes"); - - $sql = "SELECT s.rowid, s.nom as name, s.client, s.datec, s.tms, s.canvas"; - $sql .= ", s.code_client"; - $sql .= ", s.code_compta"; - $sql .= ", s.entity"; - $sql .= ", s.email"; + $sql = "SELECT s.rowid, s.nom as name, s.client, s.datec, s.tms, s.canvas, s.code_client, s.code_compta, s.entity, s.email"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql .= " WHERE s.client IN (1, 2, 3)"; - $sql .= " AND s.entity IN (".getEntity($companystatic->element).")"; + $sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")"; + $sql .= " AND s.client IN (".Societe::CUSTOMER.", ".Societe::PROSPECT.", ".Societe::CUSTOMER_AND_PROSPECT.")"; if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; if ($socid) $sql .= " AND s.rowid = $socid"; $sql .= " ORDER BY s.tms DESC"; $sql .= $db->plimit($max, 0); - + $resql = $db->query($sql); if ($resql) { if (empty($conf->global->SOCIETE_DISABLE_PROSPECTS) && empty($conf->global->SOCIETE_DISABLE_CUSTOMERS)) { @@ -485,21 +457,16 @@ if (!empty($conf->societe->enabled) && $user->rights->societe->lire) { * Last suppliers */ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD) || !empty($conf->supplier_order->enabled) || !empty($conf->supplier_invoice->enabled)) && $user->rights->societe->lire) { - $langs->load("boxes"); - - $sql = "SELECT s.nom as name, s.rowid, s.datec as dc, s.canvas, s.tms as dm"; - $sql .= ", s.code_fournisseur"; - $sql .= ", s.entity"; - $sql .= ", s.email"; + $sql = "SELECT s.nom as name, s.rowid, s.datec as dc, s.canvas, s.tms as dm, s.code_fournisseur, s.entity, s.email"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; if (!$user->rights->societe->client->voir && !$user->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql .= " WHERE s.fournisseur = 1"; - $sql .= " AND s.entity IN (".getEntity($companystatic->element).")"; + $sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")"; + $sql .= " AND s.fournisseur = ".Societe::SUPPLIER; if (!$user->rights->societe->client->voir && !$user->socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; if ($socid) $sql .= " AND s.rowid = ".$socid; $sql .= " ORDER BY s.datec DESC"; $sql .= $db->plimit($max, 0); - + $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); @@ -556,21 +523,18 @@ if ($user->rights->agenda->myactions->read) { * Latest contracts */ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) { // TODO A REFAIRE DEPUIS NOUVEAU CONTRAT - $langs->load("contracts"); - - $sql = "SELECT s.nom as name, s.rowid, s.canvas, "; - $sql .= ", s.code_client"; - $sql .= ", s.entity"; - $sql .= ", s.email"; + $staticcontrat = new Contrat($db); + + $sql = "SELECT s.nom as name, s.rowid, s.canvas, s.code_client, s.entity, s.email"; $sql .= ", c.statut, c.rowid as contratid, p.ref, c.fin_validite as datefin, c.date_cloture as dateclo"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."contrat as c"; $sql .= ", ".MAIN_DB_PREFIX."product as p"; if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql .= " WHERE c.fk_soc = s.rowid"; - $sql .= " AND c.entity IN (".getEntity('contract').")"; + $sql .= " WHERE c.entity IN (".getEntity($staticcontrat->element).")"; + $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.fk_product = p.rowid"; - if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; if ($socid) $sql .= " AND s.rowid = ".$socid; $sql .= " ORDER BY c.tms DESC"; $sql .= $db->plimit(5, 0); @@ -582,7 +546,6 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) { // T if ($num > 0) { $i = 0; - $staticcontrat = new Contrat($db); while ($i < $num) { $obj = $db->fetch_object($resql); @@ -615,25 +578,21 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) { // T /* - * Opened proposals + * Opened (validated) proposals */ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { - $langs->load("propal"); - - $sql = "SELECT s.nom as name, s.rowid, s.code_client"; - $sql .= ", s.entity"; - $sql .= ", s.email"; - $sql .= ", p.rowid as propalid, p.entity, p.total as total_ttc, p.total_ht, p.tva as total_tva, p.ref, p.ref_client, p.fk_statut, p.datep as dp, p.fin_validite as dfv"; - $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; - $sql .= ", ".MAIN_DB_PREFIX."propal as p"; + $sql = "SELECT p.rowid as propalid, p.entity, p.total as total_ttc, p.total_ht, p.tva as total_tva, p.ref, p.ref_client, p.fk_statut, p.datep as dp, p.fin_validite as dfv"; + $sql .= ", s.nom as name, s.rowid, s.code_client, s.entity, s.email"; + $sql .= " FROM ".MAIN_DB_PREFIX."propal as p"; + $sql .= ", ".MAIN_DB_PREFIX."societe as s"; if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql .= " WHERE p.fk_soc = s.rowid"; - $sql .= " AND p.entity IN (".getEntity('propal').")"; - $sql .= " AND p.fk_statut = 1"; + $sql .= " WHERE p.entity IN (".getEntity($propalstatic->element).")"; + $sql .= " AND p.fk_soc = s.rowid"; + $sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED; if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; if ($socid) $sql .= " AND s.rowid = ".$socid; $sql .= " ORDER BY p.rowid DESC"; - + $resql = $db->query($sql); if ($resql) { $total = 0; @@ -653,7 +612,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { $propalstatic->total_ht = $obj->total_ht; $propalstatic->total_tva = $obj->total_tva; $propalstatic->total_ttc = $obj->total_ttc; - + $companystatic->id = $obj->rowid; $companystatic->name = $obj->name; $companystatic->client = $obj->client; @@ -704,32 +663,28 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { /* - * Opened Order + * Opened (validated) order */ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { - $langs->load("orders"); - - $sql = "SELECT s.nom as name, s.rowid, c.rowid as commandeid, c.total_ttc, c.total_ht, c.tva as total_tva, c.ref, c.ref_client, c.fk_statut, c.date_valid as dv, c.facture as billed"; - $sql .= ", s.code_client"; - $sql .= ", s.entity"; - $sql .= ", s.email"; - $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; - $sql .= ", ".MAIN_DB_PREFIX."commande as c"; + $sql = "SELECT c.rowid as commandeid, c.total_ttc, c.total_ht, c.tva as total_tva, c.ref, c.ref_client, c.fk_statut, c.date_valid as dv, c.facture as billed"; + $sql .= ", s.nom as name, s.rowid, s.code_client, s.entity, s.email"; + $sql .= " FROM ".MAIN_DB_PREFIX."commande as c"; + $sql .= ", ".MAIN_DB_PREFIX."societe as s"; if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql .= " WHERE c.fk_soc = s.rowid"; - $sql .= " AND c.entity IN (".getEntity('commande').")"; - $sql .= " AND (c.fk_statut = ".Commande::STATUS_VALIDATED." or c.fk_statut = ".Commande::STATUS_SHIPMENTONPROCESS.")"; + $sql .= " WHERE c.entity IN (".getEntity($orderstatic->element).")"; + $sql .= " AND c.fk_soc = s.rowid"; + $sql .= " AND c.fk_statut IN (".Commande::STATUS_VALIDATED.", ".Commande::STATUS_SHIPMENTONPROCESS.")"; if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; if ($socid) $sql .= " AND s.rowid = ".$socid; $sql .= " ORDER BY c.rowid DESC"; - + $resql = $db->query($sql); if ($resql) { $total = 0; $num = $db->num_rows($resql); $nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD)); startSimpleTable("OrdersOpened", "commande/list.php", "search_status=1", 4, $num); - + if ($num > 0) { $i = 0; @@ -752,6 +707,10 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { $companystatic->entity = $obj->entity; $companystatic->email = $obj->email; + $filename = dol_sanitizeFileName($obj->ref); + $filedir = $conf->commande->dir_output.'/'.dol_sanitizeFileName($obj->ref); + $urlsource = $_SERVER['PHP_SELF'].'?id='.$obj->propalid; + print ''; // Ref @@ -764,9 +723,6 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { //if ($db->jdate($obj->dfv) < ($now - $conf->propal->cloture->warning_delay)) print img_warning($langs->trans("Late")); print ''; print ''; - $filename = dol_sanitizeFileName($obj->ref); - $filedir = $conf->commande->dir_output.'/'.dol_sanitizeFileName($obj->ref); - $urlsource = $_SERVER['PHP_SELF'].'?id='.$obj->propalid; print $formfile->getDocumentsLink($orderstatic->element, $filename, $filedir); print ''; print ""; @@ -775,7 +731,8 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { print ''.dol_print_date($db->jdate($obj->dp), 'day').''; print ''.price(!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc).''; print ''.$orderstatic->LibStatut($obj->fk_statut, $obj->billed, 3).''; - print ''."\n"; + + print ''; $i++; $total += $obj->total_ttc; diff --git a/htdocs/comm/propal/index.php b/htdocs/comm/propal/index.php index 9e138c52cbe..92f16e1ae1c 100644 --- a/htdocs/comm/propal/index.php +++ b/htdocs/comm/propal/index.php @@ -1,8 +1,9 @@ - * Copyright (C) 2004-2017 Laurent Destailleur - * Copyright (C) 2005-2012 Regis Houssin - * Copyright (C) 2019 Nicolas ZABOURI +/* Copyright (C) 2003-2004 Rodolphe Quiedeville + * Copyright (C) 2004-2017 Laurent Destailleur + * Copyright (C) 2005-2012 Regis Houssin + * Copyright (C) 2019 Nicolas ZABOURI + * Copyright (C) 2020 Tobias Sekan * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,22 +20,12 @@ */ /** - * \file htdocs/comm/propal/index.php - * \ingroup propal - * \brief Home page of proposal area + * \file htdocs/comm/propal/index.php + * \ingroup propal + * \brief Home page of proposal area */ require '../../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; -require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php'; - -$hookmanager = new HookManager($db); - -// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array -$hookmanager->initHooks(array('proposalindex')); - -// Load translation files required by the page -$langs->loadLangs(array('propal', 'companies')); // Security check $socid = GETPOST('socid', 'int'); @@ -43,13 +34,24 @@ if (isset($user->socid) && $user->socid > 0) $action = ''; $socid = $user->socid; } -$result = restrictedArea($user, 'propal'); +restrictedArea($user, 'propal'); +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; +require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php'; + +// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array +$hookmanager = new HookManager($db); +$hookmanager->initHooks(array('proposalindex')); + +// Load translation files required by the page +$langs->loadLangs(array('propal', 'companies')); + +$now = dol_now(); +$max = 5; /* * View */ -$now = dol_now(); $propalstatic = new Propal($db); $companystatic = new Societe($db); $form = new Form($db); @@ -60,192 +62,218 @@ llxHeader("", $langs->trans("ProspectionArea"), $help_url); print load_fiche_titre($langs->trans("ProspectionArea"), '', 'propal'); -//print ''; -//print ''; + print ''; + print ''; + } + + //if ($totalinprocess != $total) + //{ + // print ''; + // print ''; + // print ''; + // print ''; + //} + + print ''; + print ''; + print ''; + print ''; + + print '
'; -print '
'; +print '
'; +print '
'; - -if (!empty($conf->global->MAIN_SEARCH_FORM_ON_HOME_AREAS)) // This is useless due to the global search combo +// This is useless due to the global search combo +if (!empty($conf->global->MAIN_SEARCH_FORM_ON_HOME_AREAS)) { - print '
'; - print '
'; - print ''; - print ''; - print ''; - print ''; - print "
'.$langs->trans("Search").'
'; - print $langs->trans("Proposal").':

\n"; -} + print '
'; + print '
'; + print ''; + print ''; + print ''; + print ''; + print ''; + + print ''; + print ''; + print ''; + print ''; + print ''; + + print '
'.$langs->trans("Search").'
'.$langs->trans("Proposal").':
'; + print '
'; + print '
'; + print '
'; +} /* * Statistics */ +$listofstatus = array(Propal::STATUS_DRAFT, Propal::STATUS_VALIDATED, Propal::STATUS_SIGNED, Propal::STATUS_NOTSIGNED, Propal::STATUS_BILLED); $sql = "SELECT count(p.rowid) as nb, p.fk_statut as status"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."propal as p"; if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; -$sql .= " WHERE p.fk_soc = s.rowid"; -$sql .= " AND p.entity IN (".getEntity('propal').")"; +$sql .= " WHERE p.entity IN (".getEntity($propalstatic->element).")"; +$sql .= " AND p.fk_soc = s.rowid"; if ($user->socid) $sql .= ' AND p.fk_soc = '.$user->socid; if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; -$sql .= " AND p.fk_statut IN (0,1,2,3,4)"; +$sql .= " AND p.fk_statut IN (".implode(" ,", $listofstatus).")"; $sql .= " GROUP BY p.fk_statut"; $resql = $db->query($sql); if ($resql) { - $num = $db->num_rows($resql); - $i = 0; + $num = $db->num_rows($resql); + $i = 0; + $total = 0; + $totalinprocess = 0; + $dataseries = array(); + $colorseries = array(); + $vals = array(); - $total = 0; - $totalinprocess = 0; - $dataseries = array(); - $colorseries = array(); - $vals = array(); + while ($i < $num) + { + $obj = $db->fetch_object($resql); + if ($obj) + { + $vals[$obj->status] = $obj->nb; + $totalinprocess += $obj->nb; - // -1=Canceled, 0=Draft, 1=Validated, (2=Accepted/On process not managed for customer orders), 3=Closed (Sent/Received, billed or not) - while ($i < $num) - { - $obj = $db->fetch_object($resql); - if ($obj) - { - $vals[$obj->status] = $obj->nb; - $totalinprocess += $obj->nb; + $total += $obj->nb; + } + $i++; + } + $db->free($resql); - $total += $obj->nb; - } - $i++; - } - $db->free($resql); + include_once DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/theme_vars.inc.php'; - include_once DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/theme_vars.inc.php'; + print '
'; + print ''; - print '
'; - print '
'; - print ''."\n"; - $listofstatus = array(0, 1, 2, 3, 4); - foreach ($listofstatus as $status) - { - $dataseries[] = array($propalstatic->LibStatut($status, 1), (isset($vals[$status]) ? (int) $vals[$status] : 0)); - if ($status == Propal::STATUS_DRAFT) $colorseries[$status] = '-'.$badgeStatus0; - if ($status == Propal::STATUS_VALIDATED) $colorseries[$status] = $badgeStatus1; - if ($status == Propal::STATUS_SIGNED) $colorseries[$status] = $badgeStatus4; - if ($status == Propal::STATUS_NOTSIGNED) $colorseries[$status] = $badgeStatus9; - if ($status == Propal::STATUS_BILLED) $colorseries[$status] = $badgeStatus6; + print ''; + print ''; + print ''; - if (empty($conf->use_javascript_ajax)) - { - print ''; - print ''; - print ''; - print "\n"; - } - } - if ($conf->use_javascript_ajax) - { - print ''; + print ''; + print ''; + print "\n"; + } + } - print ''; - } - //if ($totalinprocess != $total) - //print ''; - print ''; - print "
'.$langs->trans("Statistics").' - '.$langs->trans("Proposals").'
'.$langs->trans("Statistics").' - '.$langs->trans("Proposals").'
'.$propalstatic->LibStatut($status, 0).''.(isset($vals[$status]) ? $vals[$status] : 0).'
'; + foreach ($listofstatus as $status) { + $dataseries[] = array($propalstatic->LibStatut($status, 1), (isset($vals[$status]) ? (int) $vals[$status] : 0)); + if ($status == Propal::STATUS_DRAFT) $colorseries[$status] = '-'.$badgeStatus0; + if ($status == Propal::STATUS_VALIDATED) $colorseries[$status] = $badgeStatus1; + if ($status == Propal::STATUS_SIGNED) $colorseries[$status] = $badgeStatus4; + if ($status == Propal::STATUS_NOTSIGNED) $colorseries[$status] = $badgeStatus9; + if ($status == Propal::STATUS_BILLED) $colorseries[$status] = $badgeStatus6; - include_once DOL_DOCUMENT_ROOT.'/core/class/dolgraph.class.php'; - $dolgraph = new DolGraph(); - $dolgraph->SetData($dataseries); - $dolgraph->SetDataColor(array_values($colorseries)); - $dolgraph->setShowLegend(2); - $dolgraph->setShowPercent(1); - $dolgraph->SetType(array('pie')); - $dolgraph->setHeight('200'); - $dolgraph->draw('idgraphthirdparties'); - print $dolgraph->show($total ? 0 : 1); + if (empty($conf->use_javascript_ajax)) { + print '
'.$propalstatic->LibStatut($status, 0).''.(isset($vals[$status]) ? $vals[$status] : 0).'
'.$langs->trans("Total").' ('.$langs->trans("CustomersOrdersRunning").')'.$totalinprocess.'
'.$langs->trans("Total").''.$total.'

"; + if ($conf->use_javascript_ajax) { + print '
'; + + include_once DOL_DOCUMENT_ROOT.'/core/class/dolgraph.class.php'; + $dolgraph = new DolGraph(); + $dolgraph->SetData($dataseries); + $dolgraph->SetDataColor(array_values($colorseries)); + $dolgraph->setShowLegend(2); + $dolgraph->setShowPercent(1); + $dolgraph->SetType(array('pie')); + $dolgraph->setHeight('200'); + $dolgraph->draw('idgraphthirdparties'); + print $dolgraph->show($total ? 0 : 1); + + print '
'.$langs->trans("Total").' ('.$langs->trans("CustomersOrdersRunning").')'.$totalinprocess.'
'.$langs->trans("Total").''.$total.'
'; + print '
'; + print '
'; } else { - dol_print_error($db); + dol_print_error($db); } /* * Draft proposals */ -if (!empty($conf->propal->enabled)) -{ - $sql = "SELECT c.rowid, c.ref, s.nom as socname, s.rowid as socid, s.canvas, s.client"; - $sql .= " FROM ".MAIN_DB_PREFIX."propal as c"; +if (!empty($conf->propal->enabled)) { + $sql = "SELECT p.rowid, p.ref, p.ref_client, p.total_ht, p.tva as total_tva, p.total as total_ttc"; + $sql .= ", s.rowid as socid, s.nom as name, s.client, s.canvas, s.code_client, s.email, s.entity, s.code_compta"; + $sql .= " FROM ".MAIN_DB_PREFIX."propal as p"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql .= " WHERE c.fk_soc = s.rowid"; - $sql .= " AND c.entity IN (".getEntity('propal').")"; - $sql .= " AND c.fk_statut = 0"; - if ($socid) $sql .= " AND c.fk_soc = ".$socid; + $sql .= " WHERE p.entity IN (".getEntity($propalstatic->element).")"; + $sql .= " AND p.fk_soc = s.rowid"; + $sql .= " AND p.fk_statut =".Propal::STATUS_DRAFT; if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + if ($socid) $sql .= " AND p.fk_soc = ".$socid; $resql = $db->query($sql); - if ($resql) - { + if ($resql) { $num = $db->num_rows($resql); - if ($num) - { - print '
'; - print ''; - print ''; - $langs->load("propal"); - print ''; + $nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD)); + startSimpleTable("DraftPropals", "comm/propal/list.php", "search_status=0", 2, $num); + if ($num) { + $total = 0; $i = 0; - $nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD)); - while ($i < $nbofloop) - { + + while ($i < $nbofloop) { $obj = $db->fetch_object($resql); - print ''; $propalstatic->id = $obj->rowid; $propalstatic->ref = $obj->ref; - print ''; + $propalstatic->ref_client = $obj->ref_client; + $propalstatic->total_ht = $obj->total_ht; + $propalstatic->total_tva = $obj->total_tva; + $propalstatic->total_ttc = $obj->total_ttc; $companystatic->id = $obj->socid; - $companystatic->name = $obj->socname; + $companystatic->name = $obj->name; $companystatic->client = $obj->client; + $companystatic->code_client = $obj->code_client; + $companystatic->code_fournisseur = $obj->code_fournisseur; $companystatic->canvas = $obj->canvas; - print ''; + $companystatic->entity = $obj->entity; + $companystatic->email = $obj->email; + $companystatic->code_compta = $obj->code_compta; + print ''; + print ''; + print ''; + print ''; print ''; + $i++; + $total += $obj->total_ht; } - if ($num > $nbofloop) - { - print '"; - } elseif ($total > 0) - { - print '"; - } - print "
'.$langs->trans("DraftPropals").' '.$num.'
'.$propalstatic->getNomUrl(1).''.$companystatic->getNomUrl(1, 'customer', 24).'
'.$propalstatic->getNomUrl(1).''.$companystatic->getNomUrl(1, 'customer', 16).''.price($obj->total_ht).'
'.$langs->trans("XMoreLines", ($num - $nbofloop))."
'.$langs->trans("Total").''.price($total)."
"; - print "

"; } + + addSummaryTableLine(3, $num, $nbofloop, $total, "NoProposal"); + finishSimpleTable(true); + $db->free($resql); + } else { + dol_print_error($db); } } +print '
'; -//print ''; -print '
'; - - -$max = 5; +print '
'; +print '
'; /* * Last modified proposals */ -$sql = "SELECT c.rowid, c.entity, c.ref, c.fk_statut, s.nom as socname, s.rowid as socid, s.canvas, s.client,"; -$sql .= " date_cloture as datec"; +$sql = "SELECT c.rowid, c.entity, c.ref, c.fk_statut, date_cloture as datec"; +$sql .= ", s.nom as socname, s.rowid as socid, s.canvas, s.client"; $sql .= " FROM ".MAIN_DB_PREFIX."propal as c"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; -$sql .= " WHERE c.fk_soc = s.rowid"; -$sql .= " AND c.entity IN (".getEntity('propal').")"; +$sql .= " WHERE c.entity IN (".getEntity($propalstatic->element).")"; +$sql .= " AND c.fk_soc = s.rowid"; //$sql.= " AND c.fk_statut > 2"; if ($socid) $sql .= " AND c.fk_soc = ".$socid; if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; @@ -253,150 +281,126 @@ $sql .= " ORDER BY c.tms DESC"; $sql .= $db->plimit($max, 0); $resql = $db->query($sql); -if ($resql) -{ - print '
'; - print ''; - print ''; - print ''; - +if ($resql) { $num = $db->num_rows($resql); - if ($num) - { - $i = 0; - while ($i < $num) - { - $obj = $db->fetch_object($resql); + startSimpleTable($langs->trans("LastModifiedProposals", $max), "", "", 3); - print ''; - print ''; - + $companystatic->id = $obj->socid; $companystatic->name = $obj->socname; $companystatic->client = $obj->client; $companystatic->canvas = $obj->canvas; - print ''; - print ''; + $filename = dol_sanitizeFileName($obj->ref); + $filedir = $conf->propal->multidir_output[$obj->entity].'/'.dol_sanitizeFileName($obj->ref); + $urlsource = $_SERVER['PHP_SELF'].'?id='.$obj->rowid; - print ''; + print ''; + + print ''; + + print ''; + print ''; + print ''; + + print ''; + $i++; } } - print "
'.$langs->trans("LastModifiedProposals", $max).'
'; + if ($num) { + $i = 0; + while ($i < $num) { + $obj = $db->fetch_object($resql); $propalstatic->id = $obj->rowid; $propalstatic->ref = $obj->ref; - - print ''; - print ''; - - print ''; - - print '
'; - print $propalstatic->getNomUrl(1); - print ''; - print ' '; - print ''; - $filename = dol_sanitizeFileName($obj->ref); - $filedir = $conf->propal->multidir_output[$obj->entity].'/'.dol_sanitizeFileName($obj->ref); - $urlsource = $_SERVER['PHP_SELF'].'?id='.$obj->rowid; - print $formfile->getDocumentsLink($propalstatic->element, $filename, $filedir); - print '
'; - - print '		'.$companystatic->getNomUrl(1, 'customer').''.dol_print_date($db->jdate($obj->datec), 'day').''.$propalstatic->LibStatut($obj->fk_statut, 3).'
'; + print ''; + print ''; + print ''; + print ''; + print ''; print ''; + print '
'.$propalstatic->getNomUrl(1).''.$formfile->getDocumentsLink($propalstatic->element, $filename, $filedir).'
'; + print '		'.$companystatic->getNomUrl(1, 'customer').''.dol_print_date($db->jdate($obj->datec), 'day').''.$propalstatic->LibStatut($obj->fk_statut, 3).'
"; - print "

"; -} else dol_print_error($db); + + finishSimpleTable(true); + $db->free($resql); +} else { + dol_print_error($db); +} /* - * Open proposals + * Open (validated) proposals */ -if (!empty($conf->propal->enabled) && $user->rights->propale->lire) -{ - $langs->load("propal"); - - $now = dol_now(); - +if (!empty($conf->propal->enabled) && $user->rights->propale->lire) { $sql = "SELECT s.nom as socname, s.rowid as socid, s.canvas, s.client"; $sql .= ", p.rowid as propalid, p.entity, p.total as total_ttc, p.total_ht, p.ref, p.fk_statut, p.datep as dp, p.fin_validite as dfv"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."propal as p"; if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE p.fk_soc = s.rowid"; - $sql .= " AND p.entity IN (".getEntity('propal').")"; - $sql .= " AND p.fk_statut = 1"; + $sql .= " AND p.entity IN (".getEntity($propalstatic->element).")"; + $sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED; if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; if ($socid) $sql .= " AND s.rowid = ".$socid; $sql .= " ORDER BY p.rowid DESC"; - $result = $db->query($sql); - if ($result) - { + $resql = $db->query($sql); + if ($resql) { $total = 0; - $num = $db->num_rows($result); - $i = 0; - if ($num > 0) - { - print '
'; - print ''; - print ''; - - $nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD)); - while ($i < $nbofloop) - { - $obj = $db->fetch_object($result); - - print ''; - - // Ref - print '"; - $companystatic->id = $obj->socid; $companystatic->name = $obj->socname; $companystatic->client = $obj->client; $companystatic->canvas = $obj->canvas; - print ''."\n"; - print ''."\n"; + $filename = dol_sanitizeFileName($obj->ref); + $filedir = $conf->propal->multidir_output[$obj->entity].'/'.dol_sanitizeFileName($obj->ref); + $urlsource = $_SERVER['PHP_SELF'].'?id='.$obj->propalid; + $warning = ($db->jdate($obj->dfv) < ($now - $conf->propal->cloture->warning_delay)) ? img_warning($langs->trans("Late")) : ''; + + print ''; + + // Ref + print ''; + + print ''; + print ''; print ''; + print ''; + + print ''; - print ''."\n"; - print ''."\n"; $i++; $total += $obj->total_ttc; } - if ($num > $nbofloop) - { - print '"; - } elseif ($total > 0) - { - print '"; - } - print "
'.$langs->trans("ProposalsOpened").' '.$num.'
'; + $num = $db->num_rows($resql); + $nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD)); + startSimpleTable("ProposalsOpened", "comm/propal/list.php", "search_status=1", 4, $num); + + if ($num > 0) { + $i = 0; + while ($i < $nbofloop) { + $obj = $db->fetch_object($resql); $propalstatic->id = $obj->propalid; $propalstatic->ref = $obj->ref; - print ''; - print ''; - print ''; - print '
'; - print $propalstatic->getNomUrl(1); - print ''; - if ($db->jdate($obj->dfv) < ($now - $conf->propal->cloture->warning_delay)) print img_warning($langs->trans("Late")); - print ''; - $filename = dol_sanitizeFileName($obj->ref); - $filedir = $conf->propal->multidir_output[$obj->entity].'/'.dol_sanitizeFileName($obj->ref); - $urlsource = $_SERVER['PHP_SELF'].'?id='.$obj->propalid; - print $formfile->getDocumentsLink($propalstatic->element, $filename, $filedir); - print '
'; - - print "		'.$companystatic->getNomUrl(1, 'customer', 44).''.dol_print_date($db->jdate($obj->dp), 'day').'
'; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print '
'.$propalstatic->getNomUrl(1).''.$warning.''.$formfile->getDocumentsLink($propalstatic->element, $filename, $filedir).'
'; + print '		'.$companystatic->getNomUrl(1, 'customer', 44).''.dol_print_date($db->jdate($obj->dp), 'day').''.price($obj->total_ttc).''.$propalstatic->LibStatut($obj->fk_statut, 3).'
'.$propalstatic->LibStatut($obj->fk_statut, 3).'
'.$langs->trans("XMoreLines", ($num - $nbofloop))."
'.$langs->trans("Total")."".price($total)." 
"; - print "

"; } + + addSummaryTableLine(5, $num, $nbofloop, $total, "None", true); + finishSimpleTable(true); + $db->free($resql); } else { dol_print_error($db); } @@ -405,6 +409,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) /* * Proposals to process */ + /* if (! empty($conf->propal->enabled)) { @@ -479,7 +484,9 @@ if (! empty($conf->propal->enabled)) /* * Proposal that are in a shipping process */ -/*if (! empty($conf->propal->enabled)) + +/* +if (! empty($conf->propal->enabled)) { $sql = "SELECT c.rowid, c.ref, c.fk_statut, c.facture, s.nom as name, s.rowid as socid"; $sql.= " FROM ".MAIN_DB_PREFIX."commande as c"; @@ -548,8 +555,9 @@ if (! empty($conf->propal->enabled)) } */ -//print ''; -print '
'; +print '
'; +print ''; +print ''; $parameters = array('user' => $user); $reshook = $hookmanager->executeHooks('dashboardPropals', $parameters, $object); // Note that $action and $object may have been modified by hook diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 7abe2e50236..17f80e45225 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -82,6 +82,12 @@ function getEntity($element, $shared = 1, $currentobject = null) { global $conf, $mc; + // fix different element names (France to English) + switch($element) { + case 'contrat': $element = 'contract'; break; // "/contrat/class/contrat.class.php" + case 'order_supplier': $element = 'supplier_order'; break; // "/fourn/class/fournisseur.commande.class.php" + } + if (is_object($mc)) { return $mc->getEntity($element, $shared, $currentobject); diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 61c958ed89b..4f41326b175 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -713,6 +713,35 @@ class Societe extends CommonObject */ public $bank_account; + /** + * Third party is no customer + */ + const NO_CUSTOMER = 0; + + /** + * Third party is a customer + */ + const CUSTOMER = 1; + + /** + * Third party is a prospect + */ + const PROSPECT = 2; + + /** + * Third party is a customer and a prospect + */ + const CUSTOMER_AND_PROSPECT = 3; + + /** + * Third party is no supplier + */ + const NO_SUPPLIER = 0; + + /** + * Third party is a supplier + */ + const SUPPLIER = 1; /** * Constructor From be27617e6894b75fd896cb914a48d6ba5ba39d96 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Wed, 16 Sep 2020 09:11:01 +0000 Subject: [PATCH 02/75] Fixing style errors. --- htdocs/comm/index.php | 22 +++++++++++----------- htdocs/comm/propal/index.php | 4 ++-- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php index 2cc1ba250d5..30dd85d8df3 100644 --- a/htdocs/comm/index.php +++ b/htdocs/comm/index.php @@ -153,7 +153,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { $num = $db->num_rows($resql); $nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD)); startSimpleTable("ProposalsDraft", "comm/propal/list.php", "search_status=0", 2, $num); - + if ($num > 0) { $i = 0; @@ -166,7 +166,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { $propalstatic->total_ht = $obj->total_ht; $propalstatic->total_tva = $obj->total_tva; $propalstatic->total_ttc = $obj->total_ttc; - + $companystatic->id = $obj->socid; $companystatic->name = $obj->name; $companystatic->client = $obj->client; @@ -294,7 +294,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { $orderstatic->total_ht = $obj->total_ht; $orderstatic->total_tva = $obj->total_tva; $orderstatic->total_ttc = $obj->total_ttc; - + $companystatic->id = $obj->socid; $companystatic->name = $obj->name; $companystatic->client = $obj->client; @@ -338,7 +338,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $sql .= " AND cf.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; if ($socid) $sql .= " AND cf.fk_soc = ".$socid; - + $resql = $db->query($sql); if ($resql) { $total = 0; @@ -402,7 +402,7 @@ if (!empty($conf->societe->enabled) && $user->rights->societe->lire) { if ($socid) $sql .= " AND s.rowid = $socid"; $sql .= " ORDER BY s.tms DESC"; $sql .= $db->plimit($max, 0); - + $resql = $db->query($sql); if ($resql) { if (empty($conf->global->SOCIETE_DISABLE_PROSPECTS) && empty($conf->global->SOCIETE_DISABLE_CUSTOMERS)) { @@ -466,7 +466,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU if ($socid) $sql .= " AND s.rowid = ".$socid; $sql .= " ORDER BY s.datec DESC"; $sql .= $db->plimit($max, 0); - + $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); @@ -524,7 +524,7 @@ if ($user->rights->agenda->myactions->read) { */ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) { // TODO A REFAIRE DEPUIS NOUVEAU CONTRAT $staticcontrat = new Contrat($db); - + $sql = "SELECT s.nom as name, s.rowid, s.canvas, s.code_client, s.entity, s.email"; $sql .= ", c.statut, c.rowid as contratid, p.ref, c.fin_validite as datefin, c.date_cloture as dateclo"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; @@ -592,7 +592,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; if ($socid) $sql .= " AND s.rowid = ".$socid; $sql .= " ORDER BY p.rowid DESC"; - + $resql = $db->query($sql); if ($resql) { $total = 0; @@ -612,7 +612,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { $propalstatic->total_ht = $obj->total_ht; $propalstatic->total_tva = $obj->total_tva; $propalstatic->total_ttc = $obj->total_ttc; - + $companystatic->id = $obj->rowid; $companystatic->name = $obj->name; $companystatic->client = $obj->client; @@ -677,14 +677,14 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; if ($socid) $sql .= " AND s.rowid = ".$socid; $sql .= " ORDER BY c.rowid DESC"; - + $resql = $db->query($sql); if ($resql) { $total = 0; $num = $db->num_rows($resql); $nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD)); startSimpleTable("OrdersOpened", "commande/list.php", "search_status=1", 4, $num); - + if ($num > 0) { $i = 0; diff --git a/htdocs/comm/propal/index.php b/htdocs/comm/propal/index.php index 92f16e1ae1c..7eb9e94e927 100644 --- a/htdocs/comm/propal/index.php +++ b/htdocs/comm/propal/index.php @@ -292,7 +292,7 @@ if ($resql) { $propalstatic->id = $obj->rowid; $propalstatic->ref = $obj->ref; - + $companystatic->id = $obj->socid; $companystatic->name = $obj->socname; $companystatic->client = $obj->client; @@ -353,7 +353,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) { $num = $db->num_rows($resql); $nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD)); startSimpleTable("ProposalsOpened", "comm/propal/list.php", "search_status=1", 4, $num); - + if ($num > 0) { $i = 0; while ($i < $nbofloop) { From 40acd8a386851dd6535cadeb166827c37e9c171b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 16 Sep 2020 12:17:33 +0200 Subject: [PATCH 03/75] Fix missing field canvas --- htdocs/core/modules/modSociete.class.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/core/modules/modSociete.class.php b/htdocs/core/modules/modSociete.class.php index a9be157d126..a88ddc355a4 100644 --- a/htdocs/core/modules/modSociete.class.php +++ b/htdocs/core/modules/modSociete.class.php @@ -264,7 +264,7 @@ class modSociete extends DolibarrModules 's.rowid'=>"Id", 's.nom'=>"Name", 's.name_alias'=>"AliasNameShort", 's.status'=>"Status", 's.client'=>"Customer", 's.fournisseur'=>"Supplier", 's.datec'=>"DateCreation", 's.tms'=>"DateLastModification", 's.code_client'=>"CustomerCode", 's.code_fournisseur'=>"SupplierCode", 's.code_compta'=>"AccountancyCode", 's.code_compta_fournisseur'=>"SupplierAccountancyCode", 's.address'=>"Address", 's.zip'=>"Zip", 's.town'=>"Town", 'd.nom'=>'State', 'c.label'=>"Country", 'c.code'=>"CountryCode", 's.phone'=>"Phone", 's.fax'=>"Fax", - 's.url'=>"Url", 's.email'=>"Email", 's.default_lang'=>"DefaultLang", 's.siren'=>"ProfId1", 's.siret'=>"ProfId2", 's.ape'=>"ProfId3", 's.idprof4'=>"ProfId4", + 's.url'=>"Url", 's.email'=>"Email", 's.default_lang'=>"DefaultLang", 's.canvas' => "Canvas", 's.siren'=>"ProfId1", 's.siret'=>"ProfId2", 's.ape'=>"ProfId3", 's.idprof4'=>"ProfId4", 's.idprof5'=>"ProfId5", 's.idprof6'=>"ProfId6", 's.tva_intra'=>"VATIntraShort", 's.capital'=>"Capital", 's.note_private'=>"NotePrivate", 's.note_public'=>"NotePublic", 't.libelle'=>"ThirdPartyType", 'ce.code'=>"Staff", "cfj.libelle"=>"JuridicalStatus", 's.fk_prospectlevel'=>'ProspectLevel', 'st.code'=>'ProspectStatus', 'payterm.libelle'=>'PaymentConditions', 'paymode.libelle'=>'PaymentMode' @@ -283,7 +283,7 @@ class modSociete extends DolibarrModules //$this->export_TypeFields_array[$r]=array( // 's.rowid'=>"List:societe:nom",'s.nom'=>"Text",'s.status'=>"Text",'s.client'=>"Boolean",'s.fournisseur'=>"Boolean",'s.datec'=>"Date",'s.tms'=>"Date", // 's.code_client'=>"Text",'s.code_fournisseur'=>"Text",'s.address'=>"Text",'s.zip'=>"Text",'s.town'=>"Text",'c.label'=>"List:c_country:label:label", - // 'c.code'=>"Text",'s.phone'=>"Text",'s.fax'=>"Text",'s.url'=>"Text",'s.email'=>"Text",'s.default_lang'=>"Text",'s.siret'=>"Text",'s.siren'=>"Text", + // 'c.code'=>"Text",'s.phone'=>"Text",'s.fax'=>"Text",'s.url'=>"Text",'s.email'=>"Text",'s.default_lang'=>"Text",'s.canvas' => "Canvas",'s.siret'=>"Text",'s.siren'=>"Text", // 's.ape'=>"Text",'s.idprof4'=>"Text",'s.idprof5'=>"Text",'s.idprof6'=>"Text",'s.tva_intra'=>"Text",'s.capital'=>"Numeric",'s.note'=>"Text", // 't.libelle'=>"Text",'ce.code'=>"List:c_effectif:libelle:code","cfj.libelle"=>"Text",'s.fk_prospectlevel'=>'List:c_prospectlevel:label:code', // 's.fk_stcomm'=>'List:c_stcomm:libelle:code','d.nom'=>'List:c_departements:nom:rowid' @@ -292,7 +292,7 @@ class modSociete extends DolibarrModules 's.rowid'=>"Numeric", 's.nom'=>"Text", 's.name_alias'=>"Text", 's.status'=>"Numeric", 's.client'=>"Numeric", 's.fournisseur'=>"Boolean", 's.datec'=>"Date", 's.tms'=>"Date", 's.code_client'=>"Text", 's.code_fournisseur'=>"Text", 's.code_compta'=>"Text", 's.code_compta_fournisseur'=>"Text", 's.address'=>"Text", 's.zip'=>"Text", 's.town'=>"Text", 'c.label'=>"List:c_country:label:label", 'c.code'=>"Text", 's.phone'=>"Text", 's.fax'=>"Text", 's.url'=>"Text", 's.email'=>"Text", - 's.default_lang'=>"Text", 's.siret'=>"Text", 's.siren'=>"Text", 's.ape'=>"Text", 's.idprof4'=>"Text", 's.idprof5'=>"Text", 's.idprof6'=>"Text", + 's.default_lang'=>"Text", 's.canvas' => "Canvas", 's.siret'=>"Text", 's.siren'=>"Text", 's.ape'=>"Text", 's.idprof4'=>"Text", 's.idprof5'=>"Text", 's.idprof6'=>"Text", 's.tva_intra'=>"Text", 's.capital'=>"Numeric", 's.note_private'=>"Text", 's.note_public'=>"Text", 't.libelle'=>"Text", 'ce.code'=>"List:c_effectif:libelle:code", "cfj.libelle"=>"Text", 's.fk_prospectlevel'=>'List:c_prospectlevel:label:code', 'st.code'=>'List:c_stcomm:libelle:code', 'd.nom'=>'Text', 'u.login'=>'Text', 'u.firstname'=>'Text', 'u.lastname'=>'Text', 'payterm.libelle'=>'Text', From 6f564c19370b349495ecd6727a06e3e2f62d28fd Mon Sep 17 00:00:00 2001 From: ptibogxiv Date: Wed, 16 Sep 2020 12:34:07 +0200 Subject: [PATCH 04/75] NEW filter product list by country and/or state/province --- htdocs/product/list.php | 40 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 37 insertions(+), 3 deletions(-) diff --git a/htdocs/product/list.php b/htdocs/product/list.php index ca789bc3ffe..11beb97c6dc 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -38,6 +38,7 @@ require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.product.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/product.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; if (!empty($conf->categorie->enabled)) require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; @@ -63,6 +64,8 @@ $searchCategoryProductOperator = (GETPOST('search_category_product_operator', 'i $searchCategoryProductList = GETPOST('search_category_product_list', 'array'); $search_tosell = GETPOST("search_tosell", 'int'); $search_tobuy = GETPOST("search_tobuy", 'int'); +$search_country = GETPOST("search_country", 'int'); +$search_state = GETPOST("state_id", 'int'); $fourn_id = GETPOST("fourn_id", 'int'); $catid = GETPOST('catid', 'int'); $search_tobatch = GETPOST("search_tobatch", 'int'); @@ -105,6 +108,7 @@ $object = new Product($db); $hookmanager->initHooks(array('productservicelist')); $extrafields = new ExtraFields($db); $form = new Form($db); +$formcompany = new FormCompany($db); // fetch optionals attributes and labels $extrafields->fetch_name_optionals_label($object->table_element); @@ -206,7 +210,9 @@ $arrayfields = array( 'p.stock'=>array('label'=>$langs->trans("PhysicalStock"), 'checked'=>1, 'enabled'=>(!empty($conf->stock->enabled) && $user->rights->stock->lire && $contextpage != 'service'), 'position'=>52), 'stock_virtual'=>array('label'=>$langs->trans("VirtualStock"), 'checked'=>1, 'enabled'=>(!empty($conf->stock->enabled) && $user->rights->stock->lire && $contextpage != 'service' && $virtualdiffersfromphysical), 'position'=>53), 'p.tobatch'=>array('label'=>$langs->trans("ManageLotSerial"), 'checked'=>0, 'enabled'=>(!empty($conf->productbatch->enabled)), 'position'=>60), - 'p.accountancy_code_sell'=>array('label'=>$langs->trans("ProductAccountancySellCode"), 'checked'=>0, 'position'=>400), + 'p.fk_country'=>array('label'=>$langs->trans("Country").' ('.$langs->trans("Country").')', 'checked'=>0, 'position'=>100), + 'p.fk_state'=>array('label'=>$langs->trans("State").' ('.$langs->trans("State").')', 'checked'=>0, 'position'=>101), + 'p.accountancy_code_sell'=>array('label'=>$langs->trans("ProductAccountancySellCode"), 'checked'=>0, 'position'=>400), 'p.accountancy_code_sell_intra'=>array('label'=>$langs->trans("ProductAccountancySellIntraCode"), 'checked'=>0, 'enabled'=>$isInEEC, 'position'=>401), 'p.accountancy_code_sell_export'=>array('label'=>$langs->trans("ProductAccountancySellExportCode"), 'checked'=>0, 'position'=>402), 'p.accountancy_code_buy'=>array('label'=>$langs->trans("ProductAccountancyBuyCode"), 'checked'=>0, 'position'=>403), @@ -275,6 +281,8 @@ if (empty($reshook)) $searchCategoryProductList = array(); $search_tosell = ""; $search_tobuy = ""; + $search_country = ""; + $search_state = ""; $search_vatrate = ""; $search_tobatch = ''; //$search_type=''; // There is 2 types of list: a list of product and a list of services. No list with both. So when we clear search criteria, we must keep the filter on type. @@ -326,7 +334,7 @@ $sql .= ' p.fk_product_type, p.duration, p.finished, p.tosell, p.tobuy, p.seuil_ $sql .= ' p.tobatch, p.accountancy_code_sell, p.accountancy_code_sell_intra, p.accountancy_code_sell_export,'; $sql .= ' p.accountancy_code_buy, p.accountancy_code_buy_intra, p.accountancy_code_buy_export,'; $sql .= ' p.datec as date_creation, p.tms as date_update, p.pmp, p.stock, p.cost_price,'; -$sql .= ' p.weight, p.weight_units, p.length, p.length_units, p.width, p.width_units, p.height, p.height_units, p.surface, p.surface_units, p.volume, p.volume_units,'; +$sql .= ' p.weight, p.weight_units, p.length, p.length_units, p.width, p.width_units, p.height, p.height_units, p.surface, p.surface_units, p.volume, p.volume_units, fk_country, fk_state,'; if (!empty($conf->global->PRODUCT_USE_UNITS)) $sql .= ' p.fk_unit, cu.label as cu_label,'; $sql .= ' MIN(pfp.unitprice) as minsellprice'; if (!empty($conf->variants->enabled) && (!empty($conf->global->PRODUIT_ATTRIBUTES_HIDECHILD) && !$show_childproducts)) { @@ -401,6 +409,8 @@ if ($searchCategoryProductOperator == 1) { } if ($fourn_id > 0) $sql .= " AND pfp.fk_soc = ".$fourn_id; if ($search_tobatch != '' && $search_tobatch >= 0) $sql .= " AND p.tobatch = ".$db->escape($search_tobatch); +if ($search_country) $sql .= " AND p.fk_country = ".$search_country; +if ($search_state) $sql .= " AND p.fk_state = ".$search_state; if ($search_accountancy_code_sell) $sql .= natural_search('p.accountancy_code_sell', $search_accountancy_code_sell); if ($search_accountancy_code_sell_intra) $sql .= natural_search('p.accountancy_code_sell_intra', $search_accountancy_code_sell_intra); if ($search_accountancy_code_sell_export) $sql .= natural_search('p.accountancy_code_sell_export', $search_accountancy_code_sell_export); @@ -418,7 +428,7 @@ $sql .= " GROUP BY p.rowid, p.ref, p.label, p.barcode, p.price, p.tva_tx, p.pric $sql .= " p.fk_product_type, p.duration, p.finished, p.tosell, p.tobuy, p.seuil_stock_alerte, p.desiredstock,"; $sql .= ' p.datec, p.tms, p.entity, p.tobatch, p.accountancy_code_sell, p.accountancy_code_sell_intra, p.accountancy_code_sell_export,'; $sql .= ' p.accountancy_code_buy, p.accountancy_code_buy_intra, p.accountancy_code_buy_export, p.pmp, p.cost_price, p.stock,'; -$sql .= ' p.weight, p.weight_units, p.length, p.length_units, p.width, p.width_units, p.height, p.height_units, p.surface, p.surface_units, p.volume, p.volume_units'; +$sql .= ' p.weight, p.weight_units, p.length, p.length_units, p.width, p.width_units, p.height, p.height_units, p.surface, p.surface_units, p.volume, p.volume_units, p.fk_country, p.fk_state'; if (!empty($conf->global->PRODUCT_USE_UNITS)) $sql .= ', p.fk_unit, cu.label'; if (!empty($conf->variants->enabled) && (!empty($conf->global->PRODUIT_ATTRIBUTES_HIDECHILD) && !$show_childproducts)) { @@ -498,6 +508,8 @@ if ($resql) if ($search_label) $param .= "&search_label=".urlencode($search_label); if ($search_tosell != '') $param .= "&search_tosell=".urlencode($search_tosell); if ($search_tobuy != '') $param .= "&search_tobuy=".urlencode($search_tobuy); + if ($search_country != '') $param .= "&search_country=".urlencode($search_country); + if ($search_state != '') $param .= "&search_state=".urlencode($search_state); if ($search_vatrate) $sql .= natural_search('p.tva_tx', $search_vatrate); if ($fourn_id > 0) $param .= ($fourn_id ? "&fourn_id=".$fourn_id : ""); //if ($seach_categ) $param.=($search_categ?"&search_categ=".urlencode($search_categ):""); @@ -819,6 +831,10 @@ if ($resql) if (!empty($arrayfields['stock_virtual']['checked'])) print ' '; // To batch if (!empty($arrayfields['p.tobatch']['checked'])) print ''.$form->selectyesno($search_tobatch, '', '', '', 1).''; + // Country + if (!empty($arrayfields['p.fk_country']['checked'])) print ''.$form->select_country($search_country, 'search_country', '', 0).''; + // State + if (!empty($arrayfields['p.fk_state']['checked'])) print ''.$formcompany->select_state($search_state, $search_country).''; // Accountancy code sell if (!empty($arrayfields['p.accountancy_code_sell']['checked'])) print ''; if (!empty($arrayfields['p.accountancy_code_sell_intra']['checked'])) print ''; @@ -945,6 +961,12 @@ if ($resql) if (!empty($arrayfields['p.tobatch']['checked'])) { print_liste_field_titre($arrayfields['p.tobatch']['label'], $_SERVER["PHP_SELF"], "p.tobatch", "", $param, '', $sortfield, $sortorder, 'center '); } + if (!empty($arrayfields['p.fk_country']['checked'])) { + print_liste_field_titre($arrayfields['p.fk_country']['label'], $_SERVER["PHP_SELF"], "p.fk_country", "", $param, '', $sortfield, $sortorder); + } + if (!empty($arrayfields['p.fk_state']['checked'])) { + print_liste_field_titre($arrayfields['p.fk_state']['label'], $_SERVER["PHP_SELF"], "p.fk_state", "", $param, '', $sortfield, $sortorder); + } if (!empty($arrayfields['p.accountancy_code_sell']['checked'])) { print_liste_field_titre($arrayfields['p.accountancy_code_sell']['label'], $_SERVER["PHP_SELF"], "p.accountancy_code_sell", "", $param, '', $sortfield, $sortorder); } @@ -1414,6 +1436,18 @@ if ($resql) print ''; if (!$i) $totalarray['nbfield']++; } + // Country + if (!empty($arrayfields['p.fk_country']['checked'])) + { + print ''.getCountry($obj->fk_country, 0, $db).''; + if (!$i) $totalarray['nbfield']++; + } + // State + if (!empty($arrayfields['p.fk_state']['checked'])) + { + print ''.getState($obj->fk_state, 0, $db).''; + if (!$i) $totalarray['nbfield']++; + } // Accountancy code sell if (!empty($arrayfields['p.accountancy_code_sell']['checked'])) { From 09558d0ce96da3f77df21f0750930587477acbca Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 16 Sep 2020 13:15:57 +0200 Subject: [PATCH 05/75] Fix MAIN_OPTIMIZEFORTEXTBROWSER --- htdocs/core/lib/functions.lib.php | 4 ++-- htdocs/core/lib/usergroups.lib.php | 2 +- htdocs/main.inc.php | 7 ++++--- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index e84bb14b4a2..1062930917c 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -1212,11 +1212,11 @@ function dol_get_fiche_head($links = array(), $active = '', $title = '', $notab if ($morehtmlright) $out .= '
'.$morehtmlright.'
'; // Output right area first so when space is missing, text is in front of tabs and not under. // Show title - if (!empty($title) && $showtitle) + if (!empty($title) && $showtitle && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) { $limittitle = 30; $out .= ''; - if ($picto && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) $out .= img_picto($title, ($pictoisfullpath ? '' : 'object_').$picto, '', $pictoisfullpath, 0, 0, '', 'imgTabTitle').' '; + if ($picto) $out .= img_picto($title, ($pictoisfullpath ? '' : 'object_').$picto, '', $pictoisfullpath, 0, 0, '', 'imgTabTitle').' '; $out .= ''.dol_trunc($title, $limittitle).''; $out .= ''; } diff --git a/htdocs/core/lib/usergroups.lib.php b/htdocs/core/lib/usergroups.lib.php index 96a868c4599..acf847d6480 100644 --- a/htdocs/core/lib/usergroups.lib.php +++ b/htdocs/core/lib/usergroups.lib.php @@ -47,7 +47,7 @@ function user_prepare_head($object) $head = array(); $head[$h][0] = DOL_URL_ROOT.'/user/card.php?id='.$object->id; - $head[$h][1] = $langs->trans("UserCard"); + $head[$h][1] = $langs->trans("User"); $head[$h][2] = 'user'; $h++; diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 2887b4b1f77..cbdb2459e52 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -1698,9 +1698,10 @@ function top_menu($head, $title = '', $target = '', $disablejs = 0, $disablehead } } - $text = ''.DOL_VERSION.''; - $toprightmenu .= @Form::textwithtooltip('', $appli, 2, 1, $text, 'login_block_elem', 2); - + if (empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) { + $text = ''.DOL_VERSION.''; + $toprightmenu .= @Form::textwithtooltip('', $appli, 2, 1, $text, 'login_block_elem', 2); + } // Logout link $toprightmenu .= @Form::textwithtooltip('', $logouthtmltext, 2, 1, $logouttext, 'login_block_elem logout-btn', 2); From 91641e593fc64f5189f14f441995ee3995ba9b99 Mon Sep 17 00:00:00 2001 From: "Sekan, Tobias" Date: Wed, 16 Sep 2020 14:03:41 +0200 Subject: [PATCH 06/75] MAIN_DASHBOARD_USE_TOTAL_HT + more clean --- htdocs/comm/index.php | 93 +++++++++++++++---------------- htdocs/comm/propal/index.php | 12 ++-- htdocs/core/lib/functions.lib.php | 2 +- 3 files changed, 52 insertions(+), 55 deletions(-) diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php index 30dd85d8df3..58e64b1e803 100644 --- a/htdocs/comm/index.php +++ b/htdocs/comm/index.php @@ -84,7 +84,8 @@ print load_fiche_titre($langs->trans("CommercialArea"), '', 'commercial'); print '
'; -if (!empty($conf->global->MAIN_SEARCH_FORM_ON_HOME_AREAS)) { // This is useless due to the global search combo +// This is useless due to the global search combo +if (!empty($conf->global->MAIN_SEARCH_FORM_ON_HOME_AREAS)) { // Search proposal if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { $listofsearchfields['search_proposal'] = array('text'=>'Proposal'); @@ -152,7 +153,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { $total = 0; $num = $db->num_rows($resql); $nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD)); - startSimpleTable("ProposalsDraft", "comm/propal/list.php", "search_status=0", 2, $num); + startSimpleTable("ProposalsDraft", "comm/propal/list.php", "search_status=".Propal::STATUS_DRAFT, 2, $num); if ($num > 0) { $i = 0; @@ -180,11 +181,11 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { print ''; print ''.$propalstatic->getNomUrl(1).''; print ''.$companystatic->getNomUrl(1, 'customer', 16).''; - print ''.price($obj->total_ht).''; + print ''.price((!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc)).''; print ''; $i++; - $total += $obj->total_ht; + $total += (!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc); } } @@ -210,14 +211,14 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa $sql .= " AND p.fk_statut = ".SupplierProposal::STATUS_DRAFT; $sql .= " AND p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; - if ($socid) $sql .= " AND s.rowid = ".$socid; + if ($socid) $sql .= " AND s.rowid = ".$socid; $resql = $db->query($sql); if ($resql) { $total = 0; $num = $db->num_rows($resql); $nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD)); - startSimpleTable("SupplierProposalsDraft", "supplier_proposal/list.php", "search_status=0", 2, $num); + startSimpleTable("SupplierProposalsDraft", "supplier_proposal/list.php", "search_status=".SupplierProposal::STATUS_DRAFT, 2, $num); if ($num > 0) { $i = 0; @@ -241,13 +242,13 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa $companystatic->email = $obj->email; print ''; - print ''.$supplierproposalstatic->getNomUrl(1).''; + print ''.$supplierproposalstatic->getNomUrl(1).''; print ''.$companystatic->getNomUrl(1, 'supplier', 16).''; - print ''.price($obj->total_ht).''; + print ''.price(!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc).''; print ''; $i++; - $total += $obj->total_ht; + $total += (!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc); } } @@ -273,14 +274,14 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { $sql .= " AND c.fk_statut = ".Commande::STATUS_DRAFT; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; - if ($socid) $sql .= " AND c.fk_soc = ".$socid; + if ($socid) $sql .= " AND c.fk_soc = ".$socid; $resql = $db->query($sql); if ($resql) { $total = 0; $num = $db->num_rows($resql); $nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD)); - startSimpleTable("DraftOrders", "commande/list.php", "search_status=0", 2, $num); + startSimpleTable("DraftOrders", "commande/list.php", "search_status=".Commande::STATUS_DRAFT, 2, $num); if ($num > 0) { $i = 0; @@ -311,7 +312,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { print ''; $i++; - $total += $obj->total_ttc; + $total += (!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc); } } @@ -337,14 +338,14 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $sql .= " AND cf.fk_statut = ".CommandeFournisseur::STATUS_DRAFT; $sql .= " AND cf.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; - if ($socid) $sql .= " AND cf.fk_soc = ".$socid; + if ($socid) $sql .= " AND cf.fk_soc = ".$socid; $resql = $db->query($sql); if ($resql) { $total = 0; $num = $db->num_rows($resql); $nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD)); - startSimpleTable("DraftSuppliersOrders", "fourn/commande/list.php", "search_status=0", 2, $num); + startSimpleTable("DraftSuppliersOrders", "fourn/commande/list.php", "search_status=".CommandeFournisseur::STATUS_DRAFT, 2, $num); if ($num > 0) { $i = 0; @@ -375,7 +376,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU print ''; $i++; - $total += $obj->total_ttc; + $total += (!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc); } } @@ -387,7 +388,8 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU } } -print '
'; +print '
'; +print '
'; /* * Last modified customers or prospects @@ -399,7 +401,7 @@ if (!empty($conf->societe->enabled) && $user->rights->societe->lire) { $sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")"; $sql .= " AND s.client IN (".Societe::CUSTOMER.", ".Societe::PROSPECT.", ".Societe::CUSTOMER_AND_PROSPECT.")"; if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; - if ($socid) $sql .= " AND s.rowid = $socid"; + if ($socid) $sql .= " AND s.rowid = $socid"; $sql .= " ORDER BY s.tms DESC"; $sql .= $db->plimit($max, 0); @@ -463,7 +465,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")"; $sql .= " AND s.fournisseur = ".Societe::SUPPLIER; if (!$user->rights->societe->client->voir && !$user->socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; - if ($socid) $sql .= " AND s.rowid = ".$socid; + if ($socid) $sql .= " AND s.rowid = ".$socid; $sql .= " ORDER BY s.datec DESC"; $sql .= $db->plimit($max, 0); @@ -581,7 +583,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) { // T * Opened (validated) proposals */ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { - $sql = "SELECT p.rowid as propalid, p.entity, p.total as total_ttc, p.total_ht, p.tva as total_tva, p.ref, p.ref_client, p.fk_statut, p.datep as dp, p.fin_validite as dfv"; + $sql = "SELECT p.rowid as propalid, p.entity, p.total as total_ttc, p.total_ht, p.tva as total_tva, p.ref, p.ref_client, p.fk_statut, p.datep as dp, p.fin_validite as dfv"; $sql .= ", s.nom as name, s.rowid, s.code_client, s.entity, s.email"; $sql .= " FROM ".MAIN_DB_PREFIX."propal as p"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; @@ -622,24 +624,21 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { $companystatic->entity = $obj->entity; $companystatic->email = $obj->email; - print ''; - - // Ref - print ''; - print ''; - print ''; - print ''; - print '
'; - print $propalstatic->getNomUrl(1); - print ''; - if ($db->jdate($obj->dfv) < ($now - $conf->propal->cloture->warning_delay)) print img_warning($langs->trans("Late")); - print ''; $filename = dol_sanitizeFileName($obj->ref); $filedir = $conf->propal->multidir_output[$obj->entity].'/'.dol_sanitizeFileName($obj->ref); $urlsource = $_SERVER['PHP_SELF'].'?id='.$obj->propalid; - print $formfile->getDocumentsLink($propalstatic->element, $filename, $filedir); - print '
'; - print ""; + $warning = ($db->jdate($obj->dfv) < ($now - $conf->propal->cloture->warning_delay)) ? img_warning($langs->trans("Late")) : ''; + + print ''; + + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print '
'.$propalstatic->getNomUrl(1).''.$warning.''.$formfile->getDocumentsLink($propalstatic->element, $filename, $filedir).'
'; + print ''; print ''.$companystatic->getNomUrl(1, 'customer', 44).''; print ''.dol_print_date($db->jdate($obj->dp), 'day').''; @@ -649,7 +648,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { print ''; $i++; - $total += $obj->total_ttc; + $total += (!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc); } } @@ -683,7 +682,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { $total = 0; $num = $db->num_rows($resql); $nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD)); - startSimpleTable("OrdersOpened", "commande/list.php", "search_status=1", 4, $num); + startSimpleTable("OrdersOpened", "commande/list.php", "search_status=".Commande::STATUS_VALIDATED, 4, $num); if ($num > 0) { $i = 0; @@ -710,22 +709,18 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { $filename = dol_sanitizeFileName($obj->ref); $filedir = $conf->commande->dir_output.'/'.dol_sanitizeFileName($obj->ref); $urlsource = $_SERVER['PHP_SELF'].'?id='.$obj->propalid; + //$warning = ($db->jdate($obj->dfv) < ($now - $conf->propal->cloture->warning_delay)) ? img_warning($langs->trans("Late")) : ''; print ''; - // Ref print ''; print ''; - print ''; + print ''; + print ''; + print ''; + print '
'; - print $orderstatic->getNomUrl(1); + print ''.$orderstatic->getNomUrl(1).''.$formfile->getDocumentsLink($orderstatic->element, $filename, $filedir).'
'; print ''; - print ''; - //if ($db->jdate($obj->dfv) < ($now - $conf->propal->cloture->warning_delay)) print img_warning($langs->trans("Late")); - print ''; - print ''; - print $formfile->getDocumentsLink($orderstatic->element, $filename, $filedir); - print ''; - print ""; print ''.$companystatic->getNomUrl(1, 'customer', 44).''; print ''.dol_print_date($db->jdate($obj->dp), 'day').''; @@ -735,7 +730,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { print ''; $i++; - $total += $obj->total_ttc; + $total +=(!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc); } } @@ -747,7 +742,9 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { } } -print '
'; +print '
'; +print ''; +print ''; $parameters = array('user' => $user); $reshook = $hookmanager->executeHooks('dashboardCommercials', $parameters, $object); // Note that $action and $object may have been modified by hook diff --git a/htdocs/comm/propal/index.php b/htdocs/comm/propal/index.php index 7eb9e94e927..692f561867a 100644 --- a/htdocs/comm/propal/index.php +++ b/htdocs/comm/propal/index.php @@ -213,7 +213,7 @@ if (!empty($conf->propal->enabled)) { if ($resql) { $num = $db->num_rows($resql); $nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD)); - startSimpleTable("DraftPropals", "comm/propal/list.php", "search_status=0", 2, $num); + startSimpleTable("DraftPropals", "comm/propal/list.php", "search_status=".Propal::STATUS_DRAFT, 2, $num); if ($num) { $total = 0; @@ -242,11 +242,11 @@ if (!empty($conf->propal->enabled)) { print ''; print ''.$propalstatic->getNomUrl(1).''; print ''.$companystatic->getNomUrl(1, 'customer', 16).''; - print ''.price($obj->total_ht).''; + print ''.price(!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc).''; print ''; $i++; - $total += $obj->total_ht; + $total += (!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc); } } @@ -352,7 +352,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) { $total = 0; $num = $db->num_rows($resql); $nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD)); - startSimpleTable("ProposalsOpened", "comm/propal/list.php", "search_status=1", 4, $num); + startSimpleTable("ProposalsOpened", "comm/propal/list.php", "search_status=".Propal::STATUS_VALIDATED, 4, $num); if ($num > 0) { $i = 0; @@ -388,13 +388,13 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) { print ''.$companystatic->getNomUrl(1, 'customer', 44).''; print ''.dol_print_date($db->jdate($obj->dp), 'day').''; - print ''.price($obj->total_ttc).''; + print ''.price(!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc).''; print ''.$propalstatic->LibStatut($obj->fk_statut, 3).''; print ''; $i++; - $total += $obj->total_ttc; + $total += (!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc); } } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 17f80e45225..2b51bfcf269 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -83,7 +83,7 @@ function getEntity($element, $shared = 1, $currentobject = null) global $conf, $mc; // fix different element names (France to English) - switch($element) { + switch ($element) { case 'contrat': $element = 'contract'; break; // "/contrat/class/contrat.class.php" case 'order_supplier': $element = 'supplier_order'; break; // "/fourn/class/fournisseur.commande.class.php" } From d7aa376c3cdbb9d52c71b0a55e02b8c1bd9bea30 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 16 Sep 2020 14:37:05 +0200 Subject: [PATCH 07/75] FIX Yogosha report 4425 --- htdocs/core/lib/functions.lib.php | 39 ++++++++++++++++++++++++------ htdocs/document.php | 9 ++++--- htdocs/theme/eldy/info-box.inc.php | 2 +- 3 files changed, 38 insertions(+), 12 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 7abe2e50236..eabb5b28d46 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -7880,19 +7880,16 @@ function getAdvancedPreviewUrl($modulepart, $relativepath, $alldata = 0, $param if (empty($conf->use_javascript_ajax)) return ''; - $mime_preview = array('bmp', 'jpeg', 'png', 'gif', 'tiff', 'pdf', 'plain', 'css', 'svg+xml', 'webp'); - //$mime_preview[]='vnd.oasis.opendocument.presentation'; - //$mime_preview[]='archive'; - $num_mime = array_search(dol_mimetype($relativepath, '', 1), $mime_preview); + $isAllowedForPreview = dolIsAllowedForPreview($relativepath); if ($alldata == 1) { - if ($num_mime !== false) return array('target'=>'_blank', 'css'=>'documentpreview', 'url'=>DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param ? '&'.$param : ''), 'mime'=>dol_mimetype($relativepath),); + if ($isAllowedForPreview) return array('target'=>'_blank', 'css'=>'documentpreview', 'url'=>DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param ? '&'.$param : ''), 'mime'=>dol_mimetype($relativepath),); else return array(); } - // old behavior - if ($num_mime !== false) return 'javascript:document_preview(\''.dol_escape_js(DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param ? '&'.$param : '')).'\', \''.dol_mimetype($relativepath).'\', \''.dol_escape_js($langs->trans('Preview')).'\')'; + // old behavior, return a string + if ($isAllowedForPreview) return 'javascript:document_preview(\''.dol_escape_js(DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param ? '&'.$param : '')).'\', \''.dol_mimetype($relativepath).'\', \''.dol_escape_js($langs->trans('Preview')).'\')'; else return ''; } @@ -7917,6 +7914,32 @@ function ajax_autoselect($htmlname, $addlink = '') } +/** + * Return if a file is qualified for preview + * + * @param string $file Filename we looking for information + * @return int 1 If allowed, 0 otherwise + * @see dol_mimetype(), image_format_supported() from images.lib.php + */ +function dolIsAllowedForPreview($file) { + global $conf; + + // Check .noexe extension in filename + if (preg_match('/\.noexe$/i', $file)) return 0; + + // Check mime types + $mime_preview = array('bmp', 'jpeg', 'png', 'gif', 'tiff', 'pdf', 'plain', 'css', 'webp'); + if (!empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES)) $mime_preview[] = 'svg+xml'; + //$mime_preview[]='vnd.oasis.opendocument.presentation'; + //$mime_preview[]='archive'; + $num_mime = array_search(dol_mimetype($file, '', 1), $mime_preview); + if ($num_mime !== false) return 1; + + // By default, not allowed for preview + return 0; +} + + /** * Return mime type of a file * @@ -7924,7 +7947,7 @@ function ajax_autoselect($htmlname, $addlink = '') * @param string $default Default mime type if extension not found in known list * @param int $mode 0=Return full mime, 1=otherwise short mime string, 2=image for mime type, 3=source language, 4=css of font fa * @return string Return a mime type family (text/xxx, application/xxx, image/xxx, audio, video, archive) - * @see image_format_supported() from images.lib.php + * @see dolIsAllowedForPreview(), image_format_supported() from images.lib.php */ function dol_mimetype($file, $default = 'application/octet-stream', $mode = 0) { diff --git a/htdocs/document.php b/htdocs/document.php index 99d9e1a29e2..4a323bd89b3 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -153,11 +153,13 @@ if (isset($_GET["attachment"])) $attachment = GETPOST("attachment", 'alpha') ?tr if (!empty($conf->global->MAIN_DISABLE_FORCE_SAVEAS)) $attachment = false; // Define mime type -$type = 'application/octet-stream'; +$type = 'application/octet-stream'; // By default if (GETPOST('type', 'alpha')) $type = GETPOST('type', 'alpha'); else $type = dol_mimetype($original_file); -// Security: Force to octet-stream if file is a dangerous file -if (preg_match('/\.noexe$/i', $original_file)) $type = 'application/octet-stream'; +// Security: Force to octet-stream if file is a dangerous file. For example when it is a .noexe file +if (!dolIsAllowedForPreview($original_file)) { + $type = 'application/octet-stream'; +} // Security: Delete string ../ into $original_file $original_file = str_replace("../", "/", $original_file); @@ -259,6 +261,7 @@ if (!$attachment && !empty($conf->global->MAIN_USE_EXIF_ROTATION) && image_forma if ($readfile) { header('Content-Length: '.dol_filesize($fullpath_original_file)); + readfile($fullpath_original_file_osencoded); } diff --git a/htdocs/theme/eldy/info-box.inc.php b/htdocs/theme/eldy/info-box.inc.php index 7617d0037d3..4ce9de9b1ec 100644 --- a/htdocs/theme/eldy/info-box.inc.php +++ b/htdocs/theme/eldy/info-box.inc.php @@ -255,7 +255,7 @@ if (GETPOSTISSET('THEME_SATURATE_RATIO')) $conf->global->THEME_SATURATE_RATIO = } .customer-back { - background-color: #95a55d !important; + background-color: #55955d !important; color: #FFF !important; padding: 2px; margin: 2px; From d0c02f3714665f28f18d1ed1dc9ef7f44772eb07 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 16 Sep 2020 14:51:46 +0200 Subject: [PATCH 08/75] FIX #yogosha4426 --- htdocs/core/class/html.formfile.class.php | 2 +- htdocs/ecm/file_card.php | 4 ++-- htdocs/ecm/index.php | 1 - 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index 70f68a31894..360248a741e 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -1207,7 +1207,7 @@ class FormFile $editline = 1; } else { $filenametoshow = preg_replace('/\.noexe$/', '', $file['name']); - print dol_trunc($filenametoshow, 200); + print dol_escape_htmltag(dol_trunc($filenametoshow, 200)); print ''; } // Preview link diff --git a/htdocs/ecm/file_card.php b/htdocs/ecm/file_card.php index 7839198d913..48c15f92aa2 100644 --- a/htdocs/ecm/file_card.php +++ b/htdocs/ecm/file_card.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2008-2020 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -126,7 +126,7 @@ if ($action == 'update') $error = 0; $oldlabel = GETPOST('urlfile', 'alpha'); - $newlabel = GETPOST('label', 'alpha'); + $newlabel = dol_sanitizeFileName(GETPOST('label', 'alpha')); $shareenabled = GETPOST('shareenabled', 'alpha'); //$db->begin(); diff --git a/htdocs/ecm/index.php b/htdocs/ecm/index.php index 4db7b897b6a..e009dfc6891 100644 --- a/htdocs/ecm/index.php +++ b/htdocs/ecm/index.php @@ -127,7 +127,6 @@ if ($action == 'confirm_deletefile') $upload_dir = $conf->ecm->dir_output.($relativepath ? '/'.$relativepath : ''); $file = $upload_dir."/".GETPOST('urlfile', 'alpha'); - $ret = dol_delete_file($file); // This include also the delete from file index in database. if ($ret) { From dec73da206d01f5717b3b32c6e938bd6a4131c64 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 16 Sep 2020 16:17:02 +0200 Subject: [PATCH 09/75] FIX #yogosha4430 --- htdocs/fourn/facture/rapport.php | 6 +++--- htdocs/reception/stats/month.php | 6 ++++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/htdocs/fourn/facture/rapport.php b/htdocs/fourn/facture/rapport.php index 7873dd81b2d..1c068e19b7d 100644 --- a/htdocs/fourn/facture/rapport.php +++ b/htdocs/fourn/facture/rapport.php @@ -47,7 +47,7 @@ if ($user->socid > 0) $dir = $conf->fournisseur->facture->dir_output.'/payments'; if (!$user->rights->societe->client->voir || $socid) $dir .= '/private/'.$user->id; // If user has no permission to see all, output dir is specific to user -$year = $_GET["year"]; +$year = GETPOST("year", 'int'); if (!$year) { $year = date("Y"); } @@ -69,7 +69,7 @@ if ($action == 'builddoc') // We save charset_output to restore it because write_file can change it if needed for // output format that does not support UTF8. $sav_charset_output = $outputlangs->charset_output; - if ($rap->write_file($dir, $_POST["remonth"], $_POST["reyear"], $outputlangs) > 0) + if ($rap->write_file($dir, GETPOST("remonth", 'int'), GETPOST("reyear", 'int'), $outputlangs) > 0) { $outputlangs->charset_output = $sav_charset_output; } else { @@ -77,7 +77,7 @@ if ($action == 'builddoc') dol_print_error($db, $obj->error); } - $year = $_POST["reyear"]; + $year = GETPOST("reyear", 'int'); } diff --git a/htdocs/reception/stats/month.php b/htdocs/reception/stats/month.php index d2cf628e605..dab1a806406 100644 --- a/htdocs/reception/stats/month.php +++ b/htdocs/reception/stats/month.php @@ -27,6 +27,8 @@ require_once DOL_DOCUMENT_ROOT.'/reception/class/reception.class.php'; require_once DOL_DOCUMENT_ROOT.'/reception/class/receptionstats.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/dolgraph.class.php'; +$year = GETPOST("year", 'int'); + /* * View @@ -39,10 +41,10 @@ $HEIGHT = DolGraph::getDefaultGraphSizeForStats('height'); $mesg = ''; -print load_fiche_titre($langs->trans("StatisticsOfReceptions").' '.$_GET["year"], $mesg); +print load_fiche_titre($langs->trans("StatisticsOfReceptions").' '.GETPOST("year", 'int'), $mesg); $stats = new ReceptionStats($db); -$data = $stats->getNbReceptionByMonth($_GET["year"]); +$data = $stats->getNbReceptionByMonth(GETPOST("year", 'int')); dol_mkdir($conf->reception->dir_temp); From 1fd633ed21234016f5e9f515cfbc27d003924f97 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 16 Sep 2020 16:34:19 +0200 Subject: [PATCH 10/75] FIX #yogosha4433 --- htdocs/document.php | 2 +- htdocs/viewimage.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/document.php b/htdocs/document.php index 4a323bd89b3..3808dd755fd 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -219,7 +219,7 @@ if (!$accessallowed) if (preg_match('/\.\./', $fullpath_original_file) || preg_match('/[<>|]/', $fullpath_original_file)) { dol_syslog("Refused to deliver file ".$fullpath_original_file); - print "ErrorFileNameInvalid: ".$original_file; + print "ErrorFileNameInvalid: ".dol_escape_htmltag($original_file); exit; } diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index c2856848dc5..0ddccc537d1 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -236,7 +236,7 @@ if (!$accessallowed) if (preg_match('/\.\./', $fullpath_original_file) || preg_match('/[<>|]/', $fullpath_original_file)) { dol_syslog("Refused to deliver file ".$fullpath_original_file); - print "ErrorFileNameInvalid: ".$original_file; + print "ErrorFileNameInvalid: ".dol_escape_htmltag($original_file); exit; } From 7b8a206730214fa40c2d52dac1807095a0dc3b35 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 16 Sep 2020 17:48:59 +0200 Subject: [PATCH 11/75] FIX #yogosha --- htdocs/adherents/card.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index cf1614bbb6e..92b75ce2831 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -254,7 +254,7 @@ if (empty($reshook)) { $object->firstname = trim(GETPOST("firstname", 'alphanohtml')); $object->lastname = trim(GETPOST("lastname", 'alphanohtml')); $object->gender = trim(GETPOST("gender", 'alphanohtml')); - $object->login = trim(GETPOST("login", 'alpha')); + $object->login = trim(GETPOST("login", 'alphanohtml')); $object->pass = trim(GETPOST("pass", 'alpha')); $object->societe = trim(GETPOST("societe", 'alphanohtml')); // deprecated @@ -404,7 +404,7 @@ if (empty($reshook)) { // $facebook=GETPOST("member_facebook", 'alpha'); // $linkedin=GETPOST("member_linkedin", 'alpha'); $email = preg_replace('/\s+/', '', GETPOST("member_email", 'alpha')); - $login = GETPOST("member_login", 'alpha'); + $login = GETPOST("member_login", 'alphanohtml'); $pass = GETPOST("password", 'alpha'); $photo = GETPOST("photo", 'alpha'); //$comment=GETPOST("comment",'none'); @@ -836,7 +836,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Login if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED)) { - print ''.$langs->trans("Login").' / '.$langs->trans("Id").'login).'" autofocus="autofocus">'; + print ''.$langs->trans("Login").' / '.$langs->trans("Id").'login).'" autofocus="autofocus">'; } // Password @@ -1063,7 +1063,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Login if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED)) { - print ''.$langs->trans("Login").' / '.$langs->trans("Id").'login).'">'; + print ''.$langs->trans("Login").' / '.$langs->trans("Id").'login).'">'; } // Password From 295c2b1d17ec68cdf2e02b22e0476354e164b7cd Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 16 Sep 2020 17:56:26 +0200 Subject: [PATCH 12/75] FIX #yogosha4435 --- htdocs/takepos/invoice.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php index 2f45d24c401..1dfdce43af4 100644 --- a/htdocs/takepos/invoice.php +++ b/htdocs/takepos/invoice.php @@ -94,8 +94,8 @@ function fail($message) $number = GETPOST('number', 'alpha'); $idline = GETPOST('idline', 'int'); $selectedline = GETPOST('selectedline', 'int'); -$desc = GETPOST('desc', 'alpha'); -$pay = GETPOST('pay', 'alpha'); +$desc = GETPOST('desc', 'alphanohtml'); +$pay = GETPOST('pay', 'aZ09'); $amountofpayment = price2num(GETPOST('amount', 'alpha')); $invoiceid = GETPOST('invoiceid', 'int'); From 47031cb656e5c7b0206927658716254da581126b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 16 Sep 2020 18:51:19 +0200 Subject: [PATCH 13/75] Fix phpcs --- htdocs/core/lib/functions.lib.php | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index eabb5b28d46..7b7972c4fe2 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -7921,7 +7921,8 @@ function ajax_autoselect($htmlname, $addlink = '') * @return int 1 If allowed, 0 otherwise * @see dol_mimetype(), image_format_supported() from images.lib.php */ -function dolIsAllowedForPreview($file) { +function dolIsAllowedForPreview($file) +{ global $conf; // Check .noexe extension in filename @@ -8698,10 +8699,7 @@ function currentToken() } /** - * Start a table with headers and a optinal clickable number - * (don't forget to use "finishSimpleTable()" after the last table row) - * - * @see finishSimpleTable + * Start a table with headers and a optinal clickable number (don't forget to use "finishSimpleTable()" after the last table row) * * @param string $header The first left header of the table (automatic translated) * @param string $link (optional) The link to a internal dolibarr page, when click on the number (without the first "/") @@ -8709,6 +8707,8 @@ function currentToken() * @param integer $emptyRows (optional) The count of empty rows after the first header * @param integer $number (optional) The number that is shown right after the first header, when not set the link is shown on the right side of the header as "FullList" * @return void + * + * @see finishSimpleTable() */ function startSimpleTable($header, $link = "", $arguments = "", $emptyRows = 0, $number = -1) { @@ -8763,14 +8763,12 @@ function startSimpleTable($header, $link = "", $arguments = "", $emptyRows = 0, } /** - * Add the correct HTML close tags for "startSimpleTable(...)" - * (use after the last table line) + * Add the correct HTML close tags for "startSimpleTable(...)" (use after the last table line) * - * @see startSimpleTable + * @param bool $addLineBreak (optional) Add a extra line break after the complete table (\) + * @return void * - * @param bool $addLineBreak (optional) Add a extra line break after the complete table (\) - * - * @return void + * @see startSimpleTable() */ function finishSimpleTable($addLineBreak = false) { From bfbb21760773a0dde46b8446f212654d8c460d16 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 16 Sep 2020 19:39:50 +0200 Subject: [PATCH 14/75] Fix GETPOST on 'action' --- htdocs/accountancy/bookkeeping/listbyaccount.php | 2 +- htdocs/accountancy/customer/card.php | 2 +- htdocs/accountancy/customer/list.php | 2 +- htdocs/accountancy/expensereport/card.php | 2 +- htdocs/accountancy/expensereport/list.php | 2 +- htdocs/accountancy/supplier/card.php | 2 +- htdocs/accountancy/supplier/list.php | 2 +- htdocs/adherents/admin/adherent.php | 2 +- htdocs/adherents/admin/adherent_emails.php | 2 +- htdocs/adherents/admin/adherent_extrafields.php | 2 +- htdocs/adherents/admin/adherent_type_extrafields.php | 2 +- htdocs/adherents/admin/website.php | 2 +- htdocs/adherents/card.php | 2 +- htdocs/adherents/document.php | 2 +- htdocs/adherents/note.php | 2 +- htdocs/adherents/subscription.php | 2 +- htdocs/adherents/type.php | 2 +- htdocs/adherents/type_ldap.php | 2 +- htdocs/adherents/type_translation.php | 2 +- htdocs/admin/agenda.php | 2 +- htdocs/admin/agenda_extrafields.php | 2 +- htdocs/admin/agenda_other.php | 2 +- htdocs/admin/agenda_reminder.php | 2 +- htdocs/admin/bank.php | 2 +- htdocs/admin/bank_extrafields.php | 2 +- htdocs/admin/barcode.php | 2 +- htdocs/admin/bom.php | 2 +- htdocs/admin/bom_extrafields.php | 2 +- htdocs/admin/boxes.php | 2 +- htdocs/admin/chequereceipts.php | 2 +- htdocs/admin/commande.php | 2 +- htdocs/admin/commande_fournisseur_dispatch_extrafields.php | 2 +- htdocs/admin/compta.php | 2 +- htdocs/admin/confexped.php | 2 +- htdocs/admin/const.php | 2 +- htdocs/admin/contract.php | 2 +- htdocs/admin/dav.php | 2 +- htdocs/admin/defaultvalues.php | 2 +- htdocs/admin/delais.php | 2 +- htdocs/admin/expedition.php | 2 +- htdocs/admin/expedition_extrafields.php | 2 +- htdocs/admin/expeditiondet_extrafields.php | 2 +- htdocs/admin/expensereport.php | 2 +- htdocs/admin/expensereport_extrafields.php | 2 +- htdocs/admin/expensereport_ik.php | 2 +- htdocs/admin/expensereport_rules.php | 2 +- htdocs/admin/export.php | 2 +- htdocs/admin/facture.php | 2 +- htdocs/admin/facture_situation.php | 2 +- htdocs/admin/fckeditor.php | 2 +- htdocs/admin/fichinter.php | 2 +- htdocs/admin/holiday.php | 2 +- htdocs/admin/holiday_extrafields.php | 2 +- htdocs/admin/import.php | 2 +- htdocs/admin/limits.php | 2 +- htdocs/admin/livraison_extrafields.php | 2 +- htdocs/admin/livraisondet_extrafields.php | 2 +- htdocs/admin/loan.php | 2 +- htdocs/admin/mailing.php | 2 +- htdocs/admin/mails.php | 2 +- htdocs/admin/mails_emailing.php | 2 +- htdocs/admin/mails_ticket.php | 2 +- htdocs/admin/menus/index.php | 2 +- htdocs/admin/menus/other.php | 2 +- htdocs/admin/modulehelp.php | 2 +- htdocs/admin/modules.php | 2 +- htdocs/admin/mrp.php | 2 +- htdocs/admin/mrp_extrafields.php | 2 +- htdocs/admin/multicurrency.php | 2 +- htdocs/admin/oauth.php | 2 +- htdocs/admin/oauthlogintokens.php | 2 +- htdocs/admin/order_extrafields.php | 2 +- htdocs/admin/orderdet_extrafields.php | 2 +- htdocs/admin/payment.php | 2 +- htdocs/admin/paymentbybanktransfer.php | 2 +- htdocs/admin/pdf.php | 2 +- htdocs/admin/prelevement.php | 2 +- htdocs/admin/propal.php | 2 +- htdocs/admin/receiptprinter.php | 2 +- htdocs/admin/reception_extrafields.php | 2 +- htdocs/admin/reception_setup.php | 2 +- htdocs/admin/resource.php | 2 +- htdocs/admin/resource_extrafields.php | 2 +- htdocs/admin/security_file.php | 2 +- htdocs/admin/security_other.php | 2 +- htdocs/admin/stock.php | 2 +- htdocs/admin/supplier_invoice.php | 2 +- htdocs/admin/supplier_order.php | 2 +- htdocs/admin/supplier_payment.php | 2 +- htdocs/admin/supplier_proposal.php | 2 +- htdocs/admin/supplierinvoice_extrafields.php | 2 +- htdocs/admin/supplierinvoicedet_extrafields.php | 2 +- htdocs/admin/supplierorder_extrafields.php | 2 +- htdocs/admin/supplierorderdet_extrafields.php | 2 +- htdocs/admin/system/about.php | 2 +- htdocs/admin/system/database-tables.php | 2 +- htdocs/admin/system/dolibarr.php | 2 +- htdocs/admin/taxes.php | 2 +- htdocs/admin/ticket.php | 2 +- htdocs/admin/ticket_extrafields.php | 2 +- htdocs/admin/ticket_public.php | 2 +- htdocs/admin/tools/dolibarr_export.php | 2 +- htdocs/admin/tools/export.php | 2 +- htdocs/admin/tools/export_files.php | 2 +- htdocs/admin/tools/listevents.php | 2 +- htdocs/admin/tools/listsessions.php | 2 +- htdocs/admin/tools/purge.php | 2 +- htdocs/admin/tools/update.php | 2 +- htdocs/admin/translation.php | 2 +- htdocs/admin/user.php | 2 +- htdocs/admin/usergroup.php | 2 +- htdocs/admin/workflow.php | 2 +- htdocs/asset/admin/assets_extrafields.php | 2 +- htdocs/asset/admin/assets_type_extrafields.php | 2 +- htdocs/asset/admin/setup.php | 2 +- htdocs/asset/info.php | 2 +- htdocs/asset/note.php | 2 +- htdocs/asset/type.php | 2 +- htdocs/blockedlog/admin/blockedlog.php | 2 +- htdocs/blockedlog/admin/blockedlog_list.php | 2 +- htdocs/blockedlog/ajax/block-add.php | 2 +- htdocs/bom/bom_agenda.php | 2 +- htdocs/bom/bom_note.php | 2 +- htdocs/bookmarks/admin/bookmark.php | 2 +- htdocs/bookmarks/list.php | 2 +- htdocs/cashdesk/facturation_verif.php | 2 +- htdocs/categories/admin/categorie_extrafields.php | 2 +- htdocs/categories/traduction.php | 2 +- htdocs/collab/index.php | 2 +- htdocs/comm/action/card.php | 2 +- htdocs/comm/action/document.php | 2 +- htdocs/comm/action/index.php | 2 +- htdocs/comm/action/list.php | 2 +- htdocs/comm/action/rapport/index.php | 2 +- htdocs/comm/admin/propal_extrafields.php | 2 +- htdocs/comm/admin/propaldet_extrafields.php | 2 +- htdocs/comm/index.php | 2 +- htdocs/comm/mailing/card.php | 2 +- htdocs/comm/propal/card.php | 2 +- htdocs/comm/propal/contact.php | 2 +- htdocs/comm/propal/list.php | 2 +- htdocs/comm/propal/note.php | 2 +- htdocs/comm/remx.php | 2 +- htdocs/commande/card.php | 2 +- htdocs/commande/contact.php | 2 +- htdocs/commande/note.php | 2 +- htdocs/compta/accounting-files.php | 2 +- htdocs/compta/bank/account_statement_document.php | 2 +- htdocs/compta/bank/bankentries_list.php | 2 +- htdocs/compta/bank/document.php | 2 +- htdocs/compta/bank/line.php | 2 +- htdocs/compta/bank/list.php | 2 +- htdocs/compta/bank/releve.php | 2 +- htdocs/compta/bank/transfer.php | 2 +- htdocs/compta/bank/various_payment/document.php | 2 +- htdocs/compta/deplacement/card.php | 2 +- htdocs/compta/deplacement/document.php | 2 +- htdocs/compta/facture/admin/facture_cust_extrafields.php | 2 +- htdocs/compta/facture/admin/facture_rec_cust_extrafields.php | 2 +- htdocs/compta/facture/admin/facturedet_cust_extrafields.php | 2 +- .../compta/facture/admin/facturedet_rec_cust_extrafields.php | 2 +- htdocs/compta/facture/card.php | 2 +- htdocs/compta/facture/contact.php | 2 +- htdocs/compta/facture/document.php | 2 +- htdocs/compta/facture/list.php | 2 +- htdocs/compta/facture/note.php | 2 +- htdocs/compta/facture/prelevement.php | 2 +- htdocs/compta/index.php | 2 +- htdocs/compta/paiement/card.php | 2 +- htdocs/compta/paiement/cheque/card.php | 2 +- htdocs/compta/paiement/info.php | 2 +- htdocs/compta/paiement_charge.php | 2 +- htdocs/compta/prelevement/card.php | 2 +- htdocs/compta/prelevement/create.php | 2 +- htdocs/compta/prelevement/line.php | 2 +- htdocs/compta/sociales/list.php | 2 +- htdocs/contact/list.php | 2 +- htdocs/contact/perso.php | 2 +- htdocs/contrat/admin/contract_extrafields.php | 2 +- htdocs/contrat/admin/contractdet_extrafields.php | 2 +- htdocs/contrat/card.php | 2 +- htdocs/contrat/contact.php | 2 +- htdocs/contrat/list.php | 2 +- htdocs/contrat/note.php | 2 +- htdocs/core/ajax/constantonoff.php | 2 +- htdocs/core/ajax/contacts.php | 2 +- htdocs/core/ajax/objectonoff.php | 2 +- htdocs/core/ajax/pingresult.php | 2 +- htdocs/core/ajax/selectobject.php | 2 +- htdocs/core/ajax/vatrates.php | 2 +- htdocs/core/modules/oauth/github_oauthcallback.php | 2 +- htdocs/core/modules/oauth/google_oauthcallback.php | 2 +- htdocs/core/modules/oauth/stripelive_oauthcallback.php | 2 +- htdocs/core/modules/oauth/stripetest_oauthcallback.php | 2 +- htdocs/core/photos_resize.php | 2 +- htdocs/cron/card.php | 2 +- htdocs/cron/list.php | 2 +- htdocs/datapolicy/admin/setup.php | 2 +- htdocs/datapolicy/admin/setupmail.php | 2 +- htdocs/datapolicy/public/index.php | 2 +- htdocs/document.php | 2 +- htdocs/don/admin/donation.php | 2 +- htdocs/don/admin/donation_extrafields.php | 2 +- htdocs/don/card.php | 2 +- htdocs/don/document.php | 2 +- htdocs/don/info.php | 2 +- htdocs/don/note.php | 2 +- htdocs/ecm/ajax/ecmdatabase.php | 2 +- htdocs/ecm/search.php | 2 +- htdocs/expedition/contact.php | 2 +- htdocs/expedition/note.php | 2 +- htdocs/expedition/shipment.php | 2 +- htdocs/expensereport/document.php | 2 +- htdocs/expensereport/note.php | 2 +- htdocs/expensereport/payment/info.php | 2 +- htdocs/exports/export.php | 2 +- htdocs/externalsite/admin/externalsite.php | 2 +- htdocs/fichinter/admin/fichinter_extrafields.php | 2 +- htdocs/fichinter/admin/fichinterdet_extrafields.php | 2 +- htdocs/fichinter/card-rec.php | 2 +- htdocs/fichinter/contact.php | 2 +- htdocs/fichinter/document.php | 2 +- htdocs/fichinter/list.php | 2 +- htdocs/fichinter/note.php | 2 +- htdocs/fourn/commande/contact.php | 2 +- htdocs/fourn/commande/document.php | 2 +- htdocs/fourn/commande/info.php | 2 +- htdocs/fourn/commande/orderstoinvoice.php | 2 +- htdocs/fourn/facture/contact.php | 2 +- htdocs/fourn/facture/document.php | 2 +- htdocs/fourn/facture/list.php | 2 +- htdocs/fourn/facture/note.php | 2 +- htdocs/ftp/admin/ftpclient.php | 2 +- htdocs/holiday/document.php | 2 +- htdocs/hrm/admin/admin_hrm.php | 2 +- htdocs/hrm/establishment/card.php | 2 +- htdocs/hrm/establishment/info.php | 2 +- htdocs/livraison/card.php | 2 +- htdocs/margin/admin/margin.php | 2 +- htdocs/margin/productMargins.php | 2 +- htdocs/margin/tabs/productMargins.php | 2 +- htdocs/modulebuilder/admin/setup.php | 2 +- htdocs/modulebuilder/template/admin/about.php | 2 +- htdocs/modulebuilder/template/admin/myobject_extrafields.php | 2 +- htdocs/modulebuilder/template/admin/setup.php | 2 +- htdocs/modulebuilder/template/mymoduleindex.php | 2 +- htdocs/modulebuilder/template/myobject_agenda.php | 2 +- htdocs/modulebuilder/template/myobject_note.php | 2 +- htdocs/mrp/ajax/ajax_bom.php | 2 +- htdocs/mrp/mo_agenda.php | 2 +- htdocs/mrp/mo_note.php | 2 +- htdocs/paybox/admin/paybox.php | 2 +- htdocs/paypal/admin/paypal.php | 2 +- htdocs/printing/admin/printing.php | 2 +- htdocs/product/admin/dynamic_prices.php | 2 +- htdocs/product/admin/product.php | 2 +- htdocs/product/admin/product_extrafields.php | 2 +- htdocs/product/admin/product_lot_extrafields.php | 2 +- htdocs/product/admin/product_supplier_extrafields.php | 2 +- htdocs/product/admin/product_tools.php | 2 +- htdocs/product/admin/stock_extrafields.php | 2 +- htdocs/product/ajax/products.php | 2 +- htdocs/product/composition/card.php | 2 +- htdocs/product/document.php | 2 +- htdocs/product/dynamic_price/editor.php | 2 +- htdocs/product/fournisseurs.php | 2 +- htdocs/product/list.php | 2 +- htdocs/product/price.php | 2 +- htdocs/product/reassort.php | 2 +- htdocs/product/reassortlot.php | 2 +- htdocs/product/stock/massstockmove.php | 2 +- htdocs/product/stock/productlot_document.php | 2 +- htdocs/product/stock/productlot_list.php | 2 +- htdocs/product/stock/replenish.php | 2 +- htdocs/product/stock/stockatdate.php | 2 +- htdocs/product/traduction.php | 2 +- htdocs/projet/admin/project.php | 2 +- htdocs/projet/admin/project_extrafields.php | 2 +- htdocs/projet/admin/project_task_extrafields.php | 2 +- htdocs/projet/ajax/projects.php | 2 +- htdocs/projet/card.php | 2 +- htdocs/projet/comment.php | 2 +- htdocs/projet/contact.php | 2 +- htdocs/projet/element.php | 2 +- htdocs/projet/index.php | 2 +- htdocs/projet/list.php | 2 +- htdocs/projet/tasks.php | 2 +- htdocs/projet/tasks/comment.php | 2 +- htdocs/projet/tasks/contact.php | 2 +- htdocs/projet/tasks/document.php | 2 +- htdocs/projet/tasks/list.php | 2 +- htdocs/projet/tasks/note.php | 2 +- htdocs/projet/tasks/task.php | 2 +- htdocs/public/members/new.php | 2 +- htdocs/public/ticket/create_ticket.php | 2 +- htdocs/public/ticket/index.php | 2 +- htdocs/reception/contact.php | 2 +- htdocs/reception/note.php | 2 +- htdocs/recruitment/admin/candidature_extrafields.php | 2 +- htdocs/recruitment/admin/jobposition_extrafields.php | 2 +- htdocs/recruitment/admin/public_interface.php | 2 +- htdocs/recruitment/admin/setup.php | 2 +- htdocs/recruitment/admin/setup_candidatures.php | 2 +- htdocs/recruitment/recruitmentcandidature_agenda.php | 2 +- htdocs/recruitment/recruitmentcandidature_note.php | 2 +- htdocs/recruitment/recruitmentindex.php | 2 +- htdocs/recruitment/recruitmentjobposition_agenda.php | 2 +- htdocs/recruitment/recruitmentjobposition_note.php | 2 +- htdocs/resource/agenda.php | 2 +- htdocs/resource/contact.php | 2 +- htdocs/resource/document.php | 2 +- htdocs/resource/note.php | 2 +- htdocs/salaries/admin/salaries.php | 2 +- htdocs/salaries/admin/salaries_extrafields.php | 2 +- htdocs/salaries/document.php | 2 +- htdocs/societe/admin/contact_extrafields.php | 2 +- htdocs/societe/admin/societe.php | 2 +- htdocs/societe/admin/societe_extrafields.php | 2 +- htdocs/societe/ajax/company.php | 2 +- htdocs/societe/list.php | 2 +- htdocs/societe/price.php | 2 +- htdocs/societe/societecontact.php | 2 +- htdocs/stripe/admin/stripe.php | 2 +- .../supplier_proposal/admin/supplier_proposal_extrafields.php | 2 +- .../admin/supplier_proposaldet_extrafields.php | 2 +- htdocs/supplier_proposal/card.php | 2 +- htdocs/supplier_proposal/contact.php | 2 +- htdocs/supplier_proposal/list.php | 2 +- htdocs/supplier_proposal/note.php | 2 +- htdocs/takepos/admin/orderprinters.php | 2 +- htdocs/takepos/admin/setup.php | 2 +- htdocs/takepos/ajax/ajax.php | 2 +- htdocs/takepos/floors.php | 2 +- htdocs/takepos/freezone.php | 2 +- htdocs/takepos/index.php | 2 +- htdocs/takepos/invoice.php | 2 +- htdocs/takepos/phone.php | 2 +- htdocs/takepos/send.php | 2 +- htdocs/ticket/class/actions_ticket.class.php | 2 +- htdocs/user/admin/group_extrafields.php | 2 +- htdocs/user/admin/user_extrafields.php | 2 +- htdocs/user/clicktodial.php | 2 +- htdocs/user/group/card.php | 2 +- htdocs/user/group/ldap.php | 2 +- htdocs/user/group/perms.php | 2 +- htdocs/user/param_ihm.php | 2 +- htdocs/user/passwordforgotten.php | 4 ++-- htdocs/user/perms.php | 2 +- htdocs/variants/card.php | 2 +- htdocs/variants/combinations.php | 2 +- htdocs/variants/create_val.php | 2 +- htdocs/viewimage.php | 2 +- htdocs/website/websiteaccount_card.php | 2 +- htdocs/zapier/admin/about.php | 2 +- htdocs/zapier/admin/setup.php | 2 +- htdocs/zapier/hook_agenda.php | 2 +- htdocs/zapier/hook_note.php | 2 +- htdocs/zapier/zapierindex.php | 2 +- 358 files changed, 359 insertions(+), 359 deletions(-) diff --git a/htdocs/accountancy/bookkeeping/listbyaccount.php b/htdocs/accountancy/bookkeeping/listbyaccount.php index e5a18626b42..f23a1988a45 100644 --- a/htdocs/accountancy/bookkeeping/listbyaccount.php +++ b/htdocs/accountancy/bookkeeping/listbyaccount.php @@ -39,7 +39,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; // Load translation files required by the page $langs->loadLangs(array("accountancy")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $search_date_start = dol_mktime(0, 0, 0, GETPOST('search_date_startmonth', 'int'), GETPOST('search_date_startday', 'int'), GETPOST('search_date_startyear', 'int')); $search_date_end = dol_mktime(0, 0, 0, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int')); $search_doc_date = dol_mktime(0, 0, 0, GETPOST('doc_datemonth', 'int'), GETPOST('doc_dateday', 'int'), GETPOST('doc_dateyear', 'int')); diff --git a/htdocs/accountancy/customer/card.php b/htdocs/accountancy/customer/card.php index 34a23b377b9..ed8f347a177 100644 --- a/htdocs/accountancy/customer/card.php +++ b/htdocs/accountancy/customer/card.php @@ -30,7 +30,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php'; // Load translation files required by the page $langs->loadLangs(array("bills", "accountancy")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/accountancy/customer/list.php b/htdocs/accountancy/customer/list.php index 96750389cc0..4e8e5f2ab00 100644 --- a/htdocs/accountancy/customer/list.php +++ b/htdocs/accountancy/customer/list.php @@ -40,7 +40,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; // Load translation files required by the page $langs->loadLangs(array("bills", "companies", "compta", "accountancy", "other", "productbatch")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/accountancy/expensereport/card.php b/htdocs/accountancy/expensereport/card.php index b21882b9461..ab02592f6b8 100644 --- a/htdocs/accountancy/expensereport/card.php +++ b/htdocs/accountancy/expensereport/card.php @@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php'; // Load translation files required by the page $langs->loadLangs(array("bills", "accountancy", "trips")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php index 76d13b99805..1a79f5579da 100644 --- a/htdocs/accountancy/expensereport/list.php +++ b/htdocs/accountancy/expensereport/list.php @@ -38,7 +38,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; // Load translation files required by the page $langs->loadLangs(array("bills", "companies", "compta", "accountancy", "other", "trips", "productbatch", "hrm")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/accountancy/supplier/card.php b/htdocs/accountancy/supplier/card.php index 07f3117c266..4a4747cfaf4 100644 --- a/htdocs/accountancy/supplier/card.php +++ b/htdocs/accountancy/supplier/card.php @@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php'; // Load translation files required by the page $langs->loadLangs(array("bills", "accountancy")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/accountancy/supplier/list.php b/htdocs/accountancy/supplier/list.php index 9e0b64160e1..0580aeb63f4 100644 --- a/htdocs/accountancy/supplier/list.php +++ b/htdocs/accountancy/supplier/list.php @@ -40,7 +40,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; // Load translation files required by the page $langs->loadLangs(array("bills", "companies", "compta", "accountancy", "other", "productbatch")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/adherents/admin/adherent.php b/htdocs/adherents/admin/adherent.php index ca1d1cc2a33..f2c52daa4b0 100644 --- a/htdocs/adherents/admin/adherent.php +++ b/htdocs/adherents/admin/adherent.php @@ -41,7 +41,7 @@ if (!$user->admin) accessforbidden(); $type = array('yesno', 'texte', 'chaine'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/adherents/admin/adherent_emails.php b/htdocs/adherents/admin/adherent_emails.php index 1b26a029a01..4c4e86cbcff 100644 --- a/htdocs/adherents/admin/adherent_emails.php +++ b/htdocs/adherents/admin/adherent_emails.php @@ -41,7 +41,7 @@ if (!$user->admin) accessforbidden(); $oldtypetonewone = array('texte'=>'text', 'chaine'=>'string'); // old type to new ones -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $error = 0; diff --git a/htdocs/adherents/admin/adherent_extrafields.php b/htdocs/adherents/admin/adherent_extrafields.php index d3d91ecba09..8ca29286cab 100644 --- a/htdocs/adherents/admin/adherent_extrafields.php +++ b/htdocs/adherents/admin/adherent_extrafields.php @@ -39,7 +39,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'adherent'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/adherents/admin/adherent_type_extrafields.php b/htdocs/adherents/admin/adherent_type_extrafields.php index fe7989a70b9..5546a99a334 100644 --- a/htdocs/adherents/admin/adherent_type_extrafields.php +++ b/htdocs/adherents/admin/adherent_type_extrafields.php @@ -42,7 +42,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'adherent_type'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/adherents/admin/website.php b/htdocs/adherents/admin/website.php index 0dbb998f764..64f16f8ef57 100644 --- a/htdocs/adherents/admin/website.php +++ b/htdocs/adherents/admin/website.php @@ -33,7 +33,7 @@ require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php'; // Load translation files required by the page $langs->loadLangs(array("admin", "members")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if (!$user->admin) accessforbidden(); diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 92b75ce2831..3ca274741d9 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -45,7 +45,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; // Load translation files required by the page $langs->loadLangs(array("companies", "bills", "members", "users", "other", "paypal")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/adherents/document.php b/htdocs/adherents/document.php index 141e19d0c96..32630b9e478 100644 --- a/htdocs/adherents/document.php +++ b/htdocs/adherents/document.php @@ -38,7 +38,7 @@ $langs->loadLangs(array("companies", "members", "other")); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/adherents/note.php b/htdocs/adherents/note.php index 819c3499627..85becb0aa3d 100644 --- a/htdocs/adherents/note.php +++ b/htdocs/adherents/note.php @@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php'; // Load translation files required by the page $langs->loadLangs(array("companies", "members", "bills")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); // Security check diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index c4a28c63d86..f7192dfc5ae 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -40,7 +40,7 @@ require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingjournal.class.php'; $langs->loadLangs(array("companies", "bills", "members", "users", "mails", 'other')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $rowid = GETPOST('rowid', 'int') ?GETPOST('rowid', 'int') : GETPOST('id', 'int'); $typeid = GETPOST('typeid', 'int'); diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index 39ee57a6744..10d7b52bf5d 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -38,7 +38,7 @@ require_once DOL_DOCUMENT_ROOT.'/product/class/html.formproduct.class.php'; $langs->load("members"); $rowid = GETPOST('rowid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/adherents/type_ldap.php b/htdocs/adherents/type_ldap.php index 433c83d72be..5e745293050 100644 --- a/htdocs/adherents/type_ldap.php +++ b/htdocs/adherents/type_ldap.php @@ -33,7 +33,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/ldap.lib.php'; $langs->loadLangs(array("admin", "members", "ldap")); $id = GETPOST('rowid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check $result = restrictedArea($user, 'adherent', $id, 'adherent_type'); diff --git a/htdocs/adherents/type_translation.php b/htdocs/adherents/type_translation.php index b45c7cf76f5..dcd4a7aa981 100644 --- a/htdocs/adherents/type_translation.php +++ b/htdocs/adherents/type_translation.php @@ -35,7 +35,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formadmin.class.php'; $langs->loadLangs(array('members', 'languages')); $id = GETPOST('rowid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); // Security check diff --git a/htdocs/admin/agenda.php b/htdocs/admin/agenda.php index 1a29595a9ab..2cc79be297d 100644 --- a/htdocs/admin/agenda.php +++ b/htdocs/admin/agenda.php @@ -34,7 +34,7 @@ if (!$user->admin) // Load translation files required by the page $langs->loadLangs(array('admin', 'other', 'agenda')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $search_event = GETPOST('search_event', 'alpha'); diff --git a/htdocs/admin/agenda_extrafields.php b/htdocs/admin/agenda_extrafields.php index a0197f70274..605f3c76519 100644 --- a/htdocs/admin/agenda_extrafields.php +++ b/htdocs/admin/agenda_extrafields.php @@ -45,7 +45,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'actioncomm'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/agenda_other.php b/htdocs/admin/agenda_other.php index 560226438c3..cd7e1752274 100644 --- a/htdocs/admin/agenda_other.php +++ b/htdocs/admin/agenda_other.php @@ -37,7 +37,7 @@ if (!$user->admin) // Load translation files required by the page $langs->loadLangs(array('admin', 'other', 'agenda', 'users')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $param = GETPOST('param', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); diff --git a/htdocs/admin/agenda_reminder.php b/htdocs/admin/agenda_reminder.php index 5d23bbb08a1..982387b2ed6 100644 --- a/htdocs/admin/agenda_reminder.php +++ b/htdocs/admin/agenda_reminder.php @@ -32,7 +32,7 @@ if (!$user->admin) // Load translation files required by the page $langs->loadLangs(array("admin", "other", "agenda")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $param = GETPOST('param', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); diff --git a/htdocs/admin/bank.php b/htdocs/admin/bank.php index b43daca20d9..76df9b412ec 100644 --- a/htdocs/admin/bank.php +++ b/htdocs/admin/bank.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("admin", "companies", "bills", "other", "banks")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $actionsave = GETPOST('save', 'alpha'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); diff --git a/htdocs/admin/bank_extrafields.php b/htdocs/admin/bank_extrafields.php index 940e0a7313e..312da228f50 100644 --- a/htdocs/admin/bank_extrafields.php +++ b/htdocs/admin/bank_extrafields.php @@ -41,7 +41,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'bank_account'; //Must be the $element of the class that manage extrafield diff --git a/htdocs/admin/barcode.php b/htdocs/admin/barcode.php index 250e2cf6162..975869c1ff0 100644 --- a/htdocs/admin/barcode.php +++ b/htdocs/admin/barcode.php @@ -33,7 +33,7 @@ $langs->load("admin"); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/admin/bom.php b/htdocs/admin/bom.php index 621a994cabe..5c19bd516ea 100644 --- a/htdocs/admin/bom.php +++ b/htdocs/admin/bom.php @@ -32,7 +32,7 @@ $langs->loadLangs(array('admin', 'errors', 'mrp', 'other')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/bom_extrafields.php b/htdocs/admin/bom_extrafields.php index 70303f1dcda..7ec50d9d7db 100644 --- a/htdocs/admin/bom_extrafields.php +++ b/htdocs/admin/bom_extrafields.php @@ -41,7 +41,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'bom_bom'; diff --git a/htdocs/admin/boxes.php b/htdocs/admin/boxes.php index 8f28addc994..412427494e3 100644 --- a/htdocs/admin/boxes.php +++ b/htdocs/admin/boxes.php @@ -34,7 +34,7 @@ $langs->loadLangs(array('admin', 'boxes', 'accountancy')); if (!$user->admin) accessforbidden(); $rowid = GETPOST('rowid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Define possible position of boxes diff --git a/htdocs/admin/chequereceipts.php b/htdocs/admin/chequereceipts.php index b619f584736..ab506a08fde 100644 --- a/htdocs/admin/chequereceipts.php +++ b/htdocs/admin/chequereceipts.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("admin", "companies", "bills", "other", "banks")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); diff --git a/htdocs/admin/commande.php b/htdocs/admin/commande.php index febddf901c5..74dbfcf75c7 100644 --- a/htdocs/admin/commande.php +++ b/htdocs/admin/commande.php @@ -41,7 +41,7 @@ $langs->loadLangs(array('admin', 'errors', 'orders', 'other')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/commande_fournisseur_dispatch_extrafields.php b/htdocs/admin/commande_fournisseur_dispatch_extrafields.php index 8d5925e363d..e1ec33c02d4 100644 --- a/htdocs/admin/commande_fournisseur_dispatch_extrafields.php +++ b/htdocs/admin/commande_fournisseur_dispatch_extrafields.php @@ -50,7 +50,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->trans($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'commande_fournisseur_dispatch'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/compta.php b/htdocs/admin/compta.php index 4b98d8975eb..faf38f44b16 100644 --- a/htdocs/admin/compta.php +++ b/htdocs/admin/compta.php @@ -36,7 +36,7 @@ $langs->loadLangs(array('admin', 'compta', 'accountancy')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Other parameters ACCOUNTING_* $list = array( diff --git a/htdocs/admin/confexped.php b/htdocs/admin/confexped.php index d2ea8da6d3f..3f1eb8d9651 100644 --- a/htdocs/admin/confexped.php +++ b/htdocs/admin/confexped.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('admin', 'sendings', 'deliveries')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/admin/const.php b/htdocs/admin/const.php index 6d4b6cd3ee8..3317e0aaf97 100644 --- a/htdocs/admin/const.php +++ b/htdocs/admin/const.php @@ -35,7 +35,7 @@ if (!$user->admin) $rowid = GETPOST('rowid', 'int'); $entity = GETPOST('entity', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $update = GETPOST('update', 'alpha'); $delete = GETPOST('delete', 'none'); // Do not use alpha here $debug = GETPOST('debug', 'int'); diff --git a/htdocs/admin/contract.php b/htdocs/admin/contract.php index 4aeabd4439d..7390ceaa75f 100644 --- a/htdocs/admin/contract.php +++ b/htdocs/admin/contract.php @@ -33,7 +33,7 @@ $langs->loadLangs(array("admin", "errors", "contracts")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/dav.php b/htdocs/admin/dav.php index 2937de3ed51..0438d5759ad 100644 --- a/htdocs/admin/dav.php +++ b/htdocs/admin/dav.php @@ -32,7 +32,7 @@ if (!$user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/admin/defaultvalues.php b/htdocs/admin/defaultvalues.php index cada1cbc8a6..05af7b4c3ee 100644 --- a/htdocs/admin/defaultvalues.php +++ b/htdocs/admin/defaultvalues.php @@ -37,7 +37,7 @@ $langs->loadLangs(array('companies', 'products', 'admin', 'sms', 'other', 'error if (!$user->admin) accessforbidden(); $id = GETPOST('rowid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $optioncss = GETPOST('optionscss', 'alphanohtml'); $mode = GETPOST('mode', 'aZ09') ?GETPOST('mode', 'aZ09') : 'createform'; // 'createform', 'filters', 'sortorder', 'focus' diff --git a/htdocs/admin/delais.php b/htdocs/admin/delais.php index 414d75076ce..d6c708c124e 100644 --- a/htdocs/admin/delais.php +++ b/htdocs/admin/delais.php @@ -32,7 +32,7 @@ $langs->load("admin"); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $modules = array( 'agenda' => array( diff --git a/htdocs/admin/expedition.php b/htdocs/admin/expedition.php index 1a0be0cb65f..13a6314c25a 100644 --- a/htdocs/admin/expedition.php +++ b/htdocs/admin/expedition.php @@ -40,7 +40,7 @@ $langs->loadLangs(array("admin", "sendings", "deliveries", "other")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/expedition_extrafields.php b/htdocs/admin/expedition_extrafields.php index e40519f9104..d9bf58027f8 100644 --- a/htdocs/admin/expedition_extrafields.php +++ b/htdocs/admin/expedition_extrafields.php @@ -47,7 +47,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'expedition'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/expeditiondet_extrafields.php b/htdocs/admin/expeditiondet_extrafields.php index 03cd140d0ee..a00816d9d75 100644 --- a/htdocs/admin/expeditiondet_extrafields.php +++ b/htdocs/admin/expeditiondet_extrafields.php @@ -48,7 +48,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'expeditiondet'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/expensereport.php b/htdocs/admin/expensereport.php index 596428d4c7f..b237ca4aaab 100644 --- a/htdocs/admin/expensereport.php +++ b/htdocs/admin/expensereport.php @@ -39,7 +39,7 @@ $langs->loadLangs(array('admin', 'errors', 'trips', 'other')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/expensereport_extrafields.php b/htdocs/admin/expensereport_extrafields.php index bc0f52120fb..ba29df4b766 100644 --- a/htdocs/admin/expensereport_extrafields.php +++ b/htdocs/admin/expensereport_extrafields.php @@ -44,7 +44,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'expensereport'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/expensereport_ik.php b/htdocs/admin/expensereport_ik.php index 840cf4d2681..3ff8ad0c4ce 100644 --- a/htdocs/admin/expensereport_ik.php +++ b/htdocs/admin/expensereport_ik.php @@ -37,7 +37,7 @@ if (!$user->admin) accessforbidden(); $error = 0; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); $ikoffset = GETPOST('ikoffset', 'int'); $coef = GETPOST('coef', 'int'); diff --git a/htdocs/admin/expensereport_rules.php b/htdocs/admin/expensereport_rules.php index 28d5b3341b1..6d08355b815 100644 --- a/htdocs/admin/expensereport_rules.php +++ b/htdocs/admin/expensereport_rules.php @@ -40,7 +40,7 @@ if (!$user->admin) accessforbidden(); $error = false; $message = false; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); $apply_to = GETPOST('apply_to'); diff --git a/htdocs/admin/export.php b/htdocs/admin/export.php index ef6a7c3108f..d9c2c508464 100644 --- a/htdocs/admin/export.php +++ b/htdocs/admin/export.php @@ -37,7 +37,7 @@ $langs->loadLangs(array('admin', 'exports', 'other')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/admin/facture.php b/htdocs/admin/facture.php index 221244bfb9d..9ddac6e984a 100644 --- a/htdocs/admin/facture.php +++ b/htdocs/admin/facture.php @@ -38,7 +38,7 @@ $langs->loadLangs(array('admin', 'errors', 'other', 'bills')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/facture_situation.php b/htdocs/admin/facture_situation.php index 68f8e15e81c..61969651634 100644 --- a/htdocs/admin/facture_situation.php +++ b/htdocs/admin/facture_situation.php @@ -38,7 +38,7 @@ $langs->loadLangs(array('admin', 'errors', 'other', 'bills')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/fckeditor.php b/htdocs/admin/fckeditor.php index e98d02d9f9c..4c1e495939a 100644 --- a/htdocs/admin/fckeditor.php +++ b/htdocs/admin/fckeditor.php @@ -32,7 +32,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; // Load translation files required by the page $langs->loadLangs(array('admin', 'fckeditor')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Possible modes are: // dolibarr_details // dolibarr_notes diff --git a/htdocs/admin/fichinter.php b/htdocs/admin/fichinter.php index c28ebcab4b2..7e5a2464707 100644 --- a/htdocs/admin/fichinter.php +++ b/htdocs/admin/fichinter.php @@ -39,7 +39,7 @@ $langs->loadLangs(array('admin', 'errors', 'interventions', 'other')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/holiday.php b/htdocs/admin/holiday.php index 3886f85d330..47df1efbe19 100644 --- a/htdocs/admin/holiday.php +++ b/htdocs/admin/holiday.php @@ -35,7 +35,7 @@ $langs->loadLangs(array("admin", "errors", "holiday")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/holiday_extrafields.php b/htdocs/admin/holiday_extrafields.php index fc0bac8a019..30eb707782b 100644 --- a/htdocs/admin/holiday_extrafields.php +++ b/htdocs/admin/holiday_extrafields.php @@ -44,7 +44,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'holiday'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/import.php b/htdocs/admin/import.php index 37c9b205424..d36ffd5265f 100644 --- a/htdocs/admin/import.php +++ b/htdocs/admin/import.php @@ -38,7 +38,7 @@ $langs->loadLangs(array('admin', 'exports', 'other')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); /* diff --git a/htdocs/admin/limits.php b/htdocs/admin/limits.php index caf2192a9a3..95a8d52bc57 100644 --- a/htdocs/admin/limits.php +++ b/htdocs/admin/limits.php @@ -31,7 +31,7 @@ $langs->loadLangs(array('companies', 'products', 'admin')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $currencycode = GETPOST('currencycode', 'alpha'); if (!empty($conf->multicurrency->enabled) && !empty($conf->global->MULTICURRENCY_USE_LIMIT_BY_CURRENCY)) { diff --git a/htdocs/admin/livraison_extrafields.php b/htdocs/admin/livraison_extrafields.php index 3b6d03ac98e..d30635333be 100644 --- a/htdocs/admin/livraison_extrafields.php +++ b/htdocs/admin/livraison_extrafields.php @@ -47,7 +47,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'livraison'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/livraisondet_extrafields.php b/htdocs/admin/livraisondet_extrafields.php index ebed8de9608..cc9dfa1c49f 100644 --- a/htdocs/admin/livraisondet_extrafields.php +++ b/htdocs/admin/livraisondet_extrafields.php @@ -48,7 +48,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'livraisondet'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/loan.php b/htdocs/admin/loan.php index 651782bb23b..a138d9d0bf2 100644 --- a/htdocs/admin/loan.php +++ b/htdocs/admin/loan.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('admin', 'loan')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Other parameters LOAN_* $list = array( diff --git a/htdocs/admin/mailing.php b/htdocs/admin/mailing.php index 7690ca02afa..30b92412719 100644 --- a/htdocs/admin/mailing.php +++ b/htdocs/admin/mailing.php @@ -32,7 +32,7 @@ $langs->loadLangs(array("admin", "mails")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); diff --git a/htdocs/admin/mails.php b/htdocs/admin/mails.php index 1c3d397bc83..27e64973ddf 100644 --- a/htdocs/admin/mails.php +++ b/htdocs/admin/mails.php @@ -30,7 +30,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; // Load translation files required by the page $langs->loadLangs(array("companies", "products", "admin", "mails", "other", "errors")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if (!$user->admin) accessforbidden(); diff --git a/htdocs/admin/mails_emailing.php b/htdocs/admin/mails_emailing.php index d841dcf0827..7b8265f93f9 100644 --- a/htdocs/admin/mails_emailing.php +++ b/htdocs/admin/mails_emailing.php @@ -30,7 +30,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; // Load translation files required by the page $langs->loadLangs(array('companies', 'products', 'admin', 'mails', 'other', 'errors')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if (!$user->admin) accessforbidden(); diff --git a/htdocs/admin/mails_ticket.php b/htdocs/admin/mails_ticket.php index a11859efc89..39e159535ba 100644 --- a/htdocs/admin/mails_ticket.php +++ b/htdocs/admin/mails_ticket.php @@ -30,7 +30,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; // Load translation files required by the page $langs->loadLangs(array('companies', 'products', 'admin', 'mails', 'other', 'errors')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if (!$user->admin) accessforbidden(); diff --git a/htdocs/admin/menus/index.php b/htdocs/admin/menus/index.php index 095905afe8b..101e57970c0 100644 --- a/htdocs/admin/menus/index.php +++ b/htdocs/admin/menus/index.php @@ -42,7 +42,7 @@ foreach ($dirmenus as $dirmenu) $dirsmartphone[] = $dirmenu.'smartphone'; } -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $menu_handler_top = $conf->global->MAIN_MENU_STANDARD; diff --git a/htdocs/admin/menus/other.php b/htdocs/admin/menus/other.php index 2fad8491e7a..cd8c7cccfa6 100644 --- a/htdocs/admin/menus/other.php +++ b/htdocs/admin/menus/other.php @@ -29,7 +29,7 @@ $langs->loadLangs(array("user", "other", "admin")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/admin/modulehelp.php b/htdocs/admin/modulehelp.php index 2e256f3c5ad..c788eca01d3 100644 --- a/htdocs/admin/modulehelp.php +++ b/htdocs/admin/modulehelp.php @@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; $langs->loadLangs(array('errors', 'admin', 'modulebuilder')); $mode = GETPOST('mode', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); if (empty($mode)) $mode = 'desc'; diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index 3c525200442..38cfe37265b 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -40,7 +40,7 @@ $langs->loadLangs(array("errors", "admin", "modulebuilder")); $mode = GETPOSTISSET('mode') ? GETPOST('mode', 'alpha') : (empty($conf->global->MAIN_MODULE_SETUP_ON_LIST_BY_DEFAULT) ? 'commonkanban' : 'common'); if (empty($mode)) $mode = 'common'; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); //var_dump($_POST);exit; $value = GETPOST('value', 'alpha'); $page_y = GETPOST('page_y', 'int'); diff --git a/htdocs/admin/mrp.php b/htdocs/admin/mrp.php index 2ea4853e3ca..c1e0d2e848e 100644 --- a/htdocs/admin/mrp.php +++ b/htdocs/admin/mrp.php @@ -33,7 +33,7 @@ $langs->loadLangs(array('admin', 'errors', 'mrp', 'other')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/mrp_extrafields.php b/htdocs/admin/mrp_extrafields.php index cab7232f569..b0bd0e522ab 100644 --- a/htdocs/admin/mrp_extrafields.php +++ b/htdocs/admin/mrp_extrafields.php @@ -41,7 +41,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'mrp_mo'; diff --git a/htdocs/admin/multicurrency.php b/htdocs/admin/multicurrency.php index a7e073f08d2..a447551b04e 100644 --- a/htdocs/admin/multicurrency.php +++ b/htdocs/admin/multicurrency.php @@ -38,7 +38,7 @@ if (!$user->admin) { } // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/admin/oauth.php b/htdocs/admin/oauth.php index 85cd9284535..8b0e9516abd 100644 --- a/htdocs/admin/oauth.php +++ b/htdocs/admin/oauth.php @@ -40,7 +40,7 @@ $langs->loadLangs(array('admin', 'oauth')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/admin/oauthlogintokens.php b/htdocs/admin/oauthlogintokens.php index a2b35c9eceb..0f12da3a02a 100644 --- a/htdocs/admin/oauthlogintokens.php +++ b/htdocs/admin/oauthlogintokens.php @@ -34,7 +34,7 @@ $langs->loadLangs(array('admin', 'printing', 'oauth')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $mode = GETPOST('mode', 'alpha'); $value = GETPOST('value', 'alpha'); $varname = GETPOST('varname', 'alpha'); diff --git a/htdocs/admin/order_extrafields.php b/htdocs/admin/order_extrafields.php index 2c72c55697f..1b2bb0c0cd0 100644 --- a/htdocs/admin/order_extrafields.php +++ b/htdocs/admin/order_extrafields.php @@ -45,7 +45,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'commande'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/orderdet_extrafields.php b/htdocs/admin/orderdet_extrafields.php index 55732a40a51..1f645241646 100644 --- a/htdocs/admin/orderdet_extrafields.php +++ b/htdocs/admin/orderdet_extrafields.php @@ -46,7 +46,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'commandedet'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/payment.php b/htdocs/admin/payment.php index 85d7e140a6d..db83d3bc71c 100644 --- a/htdocs/admin/payment.php +++ b/htdocs/admin/payment.php @@ -32,7 +32,7 @@ $langs->loadLangs(array("admin", "other", "errors", "bills")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/paymentbybanktransfer.php b/htdocs/admin/paymentbybanktransfer.php index a19a69c75a5..c549e29443e 100644 --- a/htdocs/admin/paymentbybanktransfer.php +++ b/htdocs/admin/paymentbybanktransfer.php @@ -36,7 +36,7 @@ $langs->loadLangs(array("admin", "withdrawals")); // Security check if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $type = 'paymentorder'; diff --git a/htdocs/admin/pdf.php b/htdocs/admin/pdf.php index 6fb1cb297dd..95487fc0bc3 100644 --- a/htdocs/admin/pdf.php +++ b/htdocs/admin/pdf.php @@ -37,7 +37,7 @@ $langs->loadLangs(array('admin', 'languages', 'other', 'companies', 'products', if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); diff --git a/htdocs/admin/prelevement.php b/htdocs/admin/prelevement.php index 3419551f627..0429fde6287 100644 --- a/htdocs/admin/prelevement.php +++ b/htdocs/admin/prelevement.php @@ -36,7 +36,7 @@ $langs->loadLangs(array("admin", "withdrawals")); // Security check if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $type = 'paymentorder'; diff --git a/htdocs/admin/propal.php b/htdocs/admin/propal.php index 4855a164412..3eb7223df4e 100644 --- a/htdocs/admin/propal.php +++ b/htdocs/admin/propal.php @@ -39,7 +39,7 @@ $langs->loadLangs(array("admin", "other", "errors", "propal")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/receiptprinter.php b/htdocs/admin/receiptprinter.php index 4332c4feab0..9b3563edd63 100644 --- a/htdocs/admin/receiptprinter.php +++ b/htdocs/admin/receiptprinter.php @@ -36,7 +36,7 @@ $langs->loadLangs(array("admin", "receiptprinter")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $mode = GETPOST('mode', 'alpha'); $printername = GETPOST('printername', 'alpha'); diff --git a/htdocs/admin/reception_extrafields.php b/htdocs/admin/reception_extrafields.php index ce5cbcd7179..d9babd5d95b 100644 --- a/htdocs/admin/reception_extrafields.php +++ b/htdocs/admin/reception_extrafields.php @@ -50,7 +50,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->trans($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'reception'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/reception_setup.php b/htdocs/admin/reception_setup.php index 3d0b591af10..dc51a7580c0 100644 --- a/htdocs/admin/reception_setup.php +++ b/htdocs/admin/reception_setup.php @@ -32,7 +32,7 @@ $langs->loadLangs(array("admin", "receptions", 'other')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/resource.php b/htdocs/admin/resource.php index 288f338941c..b57e41ddfd4 100644 --- a/htdocs/admin/resource.php +++ b/htdocs/admin/resource.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("admin", "resource")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/admin/resource_extrafields.php b/htdocs/admin/resource_extrafields.php index 57eaa0d245c..61b0bf900df 100644 --- a/htdocs/admin/resource_extrafields.php +++ b/htdocs/admin/resource_extrafields.php @@ -44,7 +44,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'resource'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/security_file.php b/htdocs/admin/security_file.php index d4d8b0718ae..64a4e9ae235 100644 --- a/htdocs/admin/security_file.php +++ b/htdocs/admin/security_file.php @@ -34,7 +34,7 @@ $langs->loadLangs(array('users', 'admin', 'other')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $upload_dir = $conf->admin->dir_temp; diff --git a/htdocs/admin/security_other.php b/htdocs/admin/security_other.php index 2bc477f6e39..686c0ddc21c 100644 --- a/htdocs/admin/security_other.php +++ b/htdocs/admin/security_other.php @@ -34,7 +34,7 @@ $langs->loadLangs(array("users", "admin", "other")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); diff --git a/htdocs/admin/stock.php b/htdocs/admin/stock.php index 4edff5e93b3..44ae6a82945 100644 --- a/htdocs/admin/stock.php +++ b/htdocs/admin/stock.php @@ -36,7 +36,7 @@ $langs->loadLangs(array("admin", "stocks")); // Securit check if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/supplier_invoice.php b/htdocs/admin/supplier_invoice.php index 59613f6af5b..0092347af37 100644 --- a/htdocs/admin/supplier_invoice.php +++ b/htdocs/admin/supplier_invoice.php @@ -42,7 +42,7 @@ accessforbidden(); $type = GETPOST('type', 'alpha'); $value = GETPOST('value', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/supplier_order.php b/htdocs/admin/supplier_order.php index a390e4a4522..162cbdddbc9 100644 --- a/htdocs/admin/supplier_order.php +++ b/htdocs/admin/supplier_order.php @@ -43,7 +43,7 @@ accessforbidden(); $type = GETPOST('type', 'alpha'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $scandir = GETPOST('scan_dir', 'alpha'); $specimenthirdparty = new Societe($db); diff --git a/htdocs/admin/supplier_payment.php b/htdocs/admin/supplier_payment.php index 2eea751f8ac..27b3c023fcb 100644 --- a/htdocs/admin/supplier_payment.php +++ b/htdocs/admin/supplier_payment.php @@ -33,7 +33,7 @@ $langs->loadLangs(array("admin", "errors", "other", "bills", "orders")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scandir', 'alpha'); diff --git a/htdocs/admin/supplier_proposal.php b/htdocs/admin/supplier_proposal.php index 5f35f3af310..afcefef7920 100644 --- a/htdocs/admin/supplier_proposal.php +++ b/htdocs/admin/supplier_proposal.php @@ -34,7 +34,7 @@ $langs->loadLangs(array("admin", "errors", "other", "supplier_proposal")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/supplierinvoice_extrafields.php b/htdocs/admin/supplierinvoice_extrafields.php index 172f243a22c..50e2fbbbb91 100644 --- a/htdocs/admin/supplierinvoice_extrafields.php +++ b/htdocs/admin/supplierinvoice_extrafields.php @@ -45,7 +45,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'facture_fourn'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/supplierinvoicedet_extrafields.php b/htdocs/admin/supplierinvoicedet_extrafields.php index a9fa9c1b09d..15a96009392 100644 --- a/htdocs/admin/supplierinvoicedet_extrafields.php +++ b/htdocs/admin/supplierinvoicedet_extrafields.php @@ -47,7 +47,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'facture_fourn_det'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/supplierorder_extrafields.php b/htdocs/admin/supplierorder_extrafields.php index c280e56ac86..17d866d8f94 100644 --- a/htdocs/admin/supplierorder_extrafields.php +++ b/htdocs/admin/supplierorder_extrafields.php @@ -45,7 +45,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'commande_fournisseur'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/supplierorderdet_extrafields.php b/htdocs/admin/supplierorderdet_extrafields.php index 59cc6783db8..1bcfcec05c4 100644 --- a/htdocs/admin/supplierorderdet_extrafields.php +++ b/htdocs/admin/supplierorderdet_extrafields.php @@ -46,7 +46,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'commande_fournisseurdet'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/system/about.php b/htdocs/admin/system/about.php index 615d353bbf1..bbac6bdfe0c 100644 --- a/htdocs/admin/system/about.php +++ b/htdocs/admin/system/about.php @@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; // Load translation files required by the page $langs->loadLangs(array("help", "members", "other", "admin")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if (!$user->admin) accessforbidden(); diff --git a/htdocs/admin/system/database-tables.php b/htdocs/admin/system/database-tables.php index c0a52337a25..683fc3c4f3a 100644 --- a/htdocs/admin/system/database-tables.php +++ b/htdocs/admin/system/database-tables.php @@ -32,7 +32,7 @@ if (!$user->admin) { accessforbidden(); } -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if ($action == 'convert') diff --git a/htdocs/admin/system/dolibarr.php b/htdocs/admin/system/dolibarr.php index 9288c2e2f1b..55a46e9f347 100644 --- a/htdocs/admin/system/dolibarr.php +++ b/htdocs/admin/system/dolibarr.php @@ -32,7 +32,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; // Load translation files required by the page $langs->loadLangs(array("install", "other", "admin")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if (!$user->admin) accessforbidden(); diff --git a/htdocs/admin/taxes.php b/htdocs/admin/taxes.php index 687b43a6918..51a089336c6 100644 --- a/htdocs/admin/taxes.php +++ b/htdocs/admin/taxes.php @@ -34,7 +34,7 @@ $langs->loadLangs(array('admin', 'objects', 'companies', 'products')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); diff --git a/htdocs/admin/ticket.php b/htdocs/admin/ticket.php index 974f8874096..4dd8a6fa5c1 100644 --- a/htdocs/admin/ticket.php +++ b/htdocs/admin/ticket.php @@ -37,7 +37,7 @@ if (!$user->admin) { // Parameters $value = GETPOST('value', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scandir', 'alpha'); $type = 'ticket'; diff --git a/htdocs/admin/ticket_extrafields.php b/htdocs/admin/ticket_extrafields.php index a01996b31ac..91e5df44180 100644 --- a/htdocs/admin/ticket_extrafields.php +++ b/htdocs/admin/ticket_extrafields.php @@ -39,7 +39,7 @@ foreach ($tmptype2label as $key => $val) { $type2label[$key] = $langs->trans($val); } -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'ticket'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/ticket_public.php b/htdocs/admin/ticket_public.php index 72427de3ab0..02e6e6916ee 100644 --- a/htdocs/admin/ticket_public.php +++ b/htdocs/admin/ticket_public.php @@ -37,7 +37,7 @@ if (!$user->admin) { // Parameters $value = GETPOST('value', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scandir', 'alpha'); $type = 'ticket'; diff --git a/htdocs/admin/tools/dolibarr_export.php b/htdocs/admin/tools/dolibarr_export.php index b7d69247763..be9a478e730 100644 --- a/htdocs/admin/tools/dolibarr_export.php +++ b/htdocs/admin/tools/dolibarr_export.php @@ -29,7 +29,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; $langs->load("admin"); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $sortfield = GETPOST('sortfield', 'alpha'); $sortorder = GETPOST('sortorder', 'alpha'); diff --git a/htdocs/admin/tools/export.php b/htdocs/admin/tools/export.php index 408d82404dc..ed2d718463c 100644 --- a/htdocs/admin/tools/export.php +++ b/htdocs/admin/tools/export.php @@ -30,7 +30,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; $langs->load("admin"); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $what = GETPOST('what', 'alpha'); $export_type = GETPOST('export_type', 'alpha'); $file = GETPOST('filename_template', 'alpha'); diff --git a/htdocs/admin/tools/export_files.php b/htdocs/admin/tools/export_files.php index e8b60eba5fb..0a3ee9fd3f9 100644 --- a/htdocs/admin/tools/export_files.php +++ b/htdocs/admin/tools/export_files.php @@ -30,7 +30,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; $langs->load("admin"); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $what = GETPOST('what', 'alpha'); $export_type = GETPOST('export_type', 'alpha'); $file = GETPOST('zipfilename_template', 'alpha'); diff --git a/htdocs/admin/tools/listevents.php b/htdocs/admin/tools/listevents.php index e9d06885dfd..634f2068641 100644 --- a/htdocs/admin/tools/listevents.php +++ b/htdocs/admin/tools/listevents.php @@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/admin/tools/listsessions.php b/htdocs/admin/tools/listsessions.php index 07f9f1ef47c..aedc41e0b23 100644 --- a/htdocs/admin/tools/listsessions.php +++ b/htdocs/admin/tools/listsessions.php @@ -31,7 +31,7 @@ $langs->loadLangs(array("companies", "install", "users", "other")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/admin/tools/purge.php b/htdocs/admin/tools/purge.php index 9898e290ddc..c41b43b3b48 100644 --- a/htdocs/admin/tools/purge.php +++ b/htdocs/admin/tools/purge.php @@ -29,7 +29,7 @@ $langs->load("admin"); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $choice = GETPOST('choice', 'aZ09'); diff --git a/htdocs/admin/tools/update.php b/htdocs/admin/tools/update.php index 67f07a4eb24..27b53e8266e 100644 --- a/htdocs/admin/tools/update.php +++ b/htdocs/admin/tools/update.php @@ -30,7 +30,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php'; // Load translation files required by the page $langs->loadLangs(array("admin", "other")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if (!$user->admin) accessforbidden(); diff --git a/htdocs/admin/translation.php b/htdocs/admin/translation.php index 309d15485eb..d6b7a613a56 100644 --- a/htdocs/admin/translation.php +++ b/htdocs/admin/translation.php @@ -33,7 +33,7 @@ $langs->loadLangs(array("companies", "products", "admin", "sms", "other", "error if (!$user->admin) accessforbidden(); $id = GETPOST('rowid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $langcode = GETPOST('langcode', 'alphanohtml'); $transkey = GETPOST('transkey', 'alphanohtml'); diff --git a/htdocs/admin/user.php b/htdocs/admin/user.php index f866b418131..25822cd380b 100644 --- a/htdocs/admin/user.php +++ b/htdocs/admin/user.php @@ -38,7 +38,7 @@ if (!$user->admin) accessforbidden(); $extrafields = new ExtraFields($db); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $value = GETPOST('value', 'alpha'); diff --git a/htdocs/admin/usergroup.php b/htdocs/admin/usergroup.php index 490c79a3363..d6b66b6fd22 100644 --- a/htdocs/admin/usergroup.php +++ b/htdocs/admin/usergroup.php @@ -38,7 +38,7 @@ if (!$user->admin) accessforbidden(); $extrafields = new ExtraFields($db); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $type = 'group'; diff --git a/htdocs/admin/workflow.php b/htdocs/admin/workflow.php index 671bacee080..dddcaf91c81 100644 --- a/htdocs/admin/workflow.php +++ b/htdocs/admin/workflow.php @@ -33,7 +33,7 @@ if (!$user->admin) accessforbidden(); // Load translation files required by the page $langs->loadLangs(array("admin", "workflow", "propal", "workflow", "orders", "supplier_proposal", "receptions", "errors")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/asset/admin/assets_extrafields.php b/htdocs/asset/admin/assets_extrafields.php index be36482c295..0bdbff93569 100644 --- a/htdocs/asset/admin/assets_extrafields.php +++ b/htdocs/asset/admin/assets_extrafields.php @@ -37,7 +37,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'don'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/asset/admin/assets_type_extrafields.php b/htdocs/asset/admin/assets_type_extrafields.php index 2f10938d356..ba42a3374dc 100644 --- a/htdocs/asset/admin/assets_type_extrafields.php +++ b/htdocs/asset/admin/assets_type_extrafields.php @@ -36,7 +36,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'adherent_type'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/asset/admin/setup.php b/htdocs/asset/admin/setup.php index c1afe7ba472..64e2bc2b5ad 100644 --- a/htdocs/asset/admin/setup.php +++ b/htdocs/asset/admin/setup.php @@ -35,7 +35,7 @@ $langs->loadLangs(array("admin", "assets")); if (!$user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $arrayofparameters = array('FIXEDASSETS_MYPARAM1'=>array('css'=>'minwidth200'), 'FIXEDASSETS_MYPARAM2'=>array('css'=>'minwidth500')); diff --git a/htdocs/asset/info.php b/htdocs/asset/info.php index 900bbc61bf2..2654ebc2d81 100644 --- a/htdocs/asset/info.php +++ b/htdocs/asset/info.php @@ -31,7 +31,7 @@ $langs->loadLangs(array("asset")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->socid) $socid = $user->socid; diff --git a/htdocs/asset/note.php b/htdocs/asset/note.php index 7b92e1dab92..8df2a7a5452 100644 --- a/htdocs/asset/note.php +++ b/htdocs/asset/note.php @@ -32,7 +32,7 @@ $langs->loadLangs(array("asset", "companies")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/asset/type.php b/htdocs/asset/type.php index eebc85fc099..01418fde201 100644 --- a/htdocs/asset/type.php +++ b/htdocs/asset/type.php @@ -34,7 +34,7 @@ if (!empty($conf->accounting->enabled)) require_once DOL_DOCUMENT_ROOT.'/account $langs->load("assets"); $rowid = GETPOST('rowid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/blockedlog/admin/blockedlog.php b/htdocs/blockedlog/admin/blockedlog.php index 1b6ff1fa021..051f8bb049a 100644 --- a/htdocs/blockedlog/admin/blockedlog.php +++ b/htdocs/blockedlog/admin/blockedlog.php @@ -32,7 +32,7 @@ $langs->loadLangs(array("admin", "other", "blockedlog")); if (!$user->admin || empty($conf->blockedlog->enabled)) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/blockedlog/admin/blockedlog_list.php b/htdocs/blockedlog/admin/blockedlog_list.php index ab36caedba4..41bb81c72da 100644 --- a/htdocs/blockedlog/admin/blockedlog_list.php +++ b/htdocs/blockedlog/admin/blockedlog_list.php @@ -35,7 +35,7 @@ $langs->loadLangs(array("admin", "other", "blockedlog", "bills")); if ((!$user->admin && !$user->rights->blockedlog->read) || empty($conf->blockedlog->enabled)) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'blockedloglist'; // To manage different context of search $backtopage = GETPOST('backtopage', 'alpha'); // Go back to a dedicated page $optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print') diff --git a/htdocs/blockedlog/ajax/block-add.php b/htdocs/blockedlog/ajax/block-add.php index 5aa344c0237..1102438f5b5 100644 --- a/htdocs/blockedlog/ajax/block-add.php +++ b/htdocs/blockedlog/ajax/block-add.php @@ -34,7 +34,7 @@ $res = require '../../main.inc.php'; $id = GETPOST('id', 'int'); $element = GETPOST('element', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if ($element === 'facture') { require_once DOL_DOCUMENT_ROOT.'/blockedlog/class/blockedlog.class.php'; diff --git a/htdocs/bom/bom_agenda.php b/htdocs/bom/bom_agenda.php index 43f1604e08c..d8361d30258 100644 --- a/htdocs/bom/bom_agenda.php +++ b/htdocs/bom/bom_agenda.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("mrp", "other")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/bom/bom_note.php b/htdocs/bom/bom_note.php index dce9bc82b06..df1693e84b0 100644 --- a/htdocs/bom/bom_note.php +++ b/htdocs/bom/bom_note.php @@ -33,7 +33,7 @@ $langs->loadLangs(array("mrp", "companies")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/bookmarks/admin/bookmark.php b/htdocs/bookmarks/admin/bookmark.php index 2d8501130dc..9aa1989fa2e 100644 --- a/htdocs/bookmarks/admin/bookmark.php +++ b/htdocs/bookmarks/admin/bookmark.php @@ -31,7 +31,7 @@ $langs->load("admin"); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if ($action == 'setvalue') { diff --git a/htdocs/bookmarks/list.php b/htdocs/bookmarks/list.php index a4f0939c054..2a477c6ce74 100644 --- a/htdocs/bookmarks/list.php +++ b/htdocs/bookmarks/list.php @@ -27,7 +27,7 @@ require_once DOL_DOCUMENT_ROOT.'/bookmarks/class/bookmark.class.php'; // Load translation files required by the page $langs->loadLangs(array('bookmarks', 'admin')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/cashdesk/facturation_verif.php b/htdocs/cashdesk/facturation_verif.php index c62e31b1e3f..16b4bfec017 100644 --- a/htdocs/cashdesk/facturation_verif.php +++ b/htdocs/cashdesk/facturation_verif.php @@ -29,7 +29,7 @@ require_once DOL_DOCUMENT_ROOT.'/cashdesk/class/Facturation.class.php'; require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $obj_facturation = unserialize($_SESSION['serObjFacturation']); unset($_SESSION['serObjFacturation']); diff --git a/htdocs/categories/admin/categorie_extrafields.php b/htdocs/categories/admin/categorie_extrafields.php index bd285e5efaf..72151abdcdb 100644 --- a/htdocs/categories/admin/categorie_extrafields.php +++ b/htdocs/categories/admin/categorie_extrafields.php @@ -39,7 +39,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'categorie'; //Must be the $element of the class that manage extrafield diff --git a/htdocs/categories/traduction.php b/htdocs/categories/traduction.php index a8f3510c31b..cf688df70c3 100644 --- a/htdocs/categories/traduction.php +++ b/htdocs/categories/traduction.php @@ -37,7 +37,7 @@ $langs->loadLangs(array('categories', 'languages')); $id = GETPOST('id', 'int'); $label = GETPOST('label', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $type = GETPOST('type', 'aZ09'); diff --git a/htdocs/collab/index.php b/htdocs/collab/index.php index 0c457fb6f47..7353ea881ee 100644 --- a/htdocs/collab/index.php +++ b/htdocs/collab/index.php @@ -39,7 +39,7 @@ $error = 0; $website = GETPOST('website', 'alpha'); $page = GETPOST('page', 'alpha'); $pageid = GETPOST('pageid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if (GETPOST('delete')) { $action = 'delete'; } if (GETPOST('preview')) $action = 'preview'; diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index 8c14a524681..bd7377b3465 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -50,7 +50,7 @@ require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; // Load translation files required by the page $langs->loadLangs(array("companies", "other", "commercial", "bills", "orders", "agenda")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); $socpeopleassigned = GETPOST('socpeopleassigned', 'array'); diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php index 028de1e6fb7..bed4054e018 100644 --- a/htdocs/comm/action/document.php +++ b/htdocs/comm/action/document.php @@ -40,7 +40,7 @@ if (!empty($conf->projet->enabled)) require_once DOL_DOCUMENT_ROOT.'/projet/clas $langs->loadLangs(array('companies', 'commercial', 'other', 'bills')); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index 135f91c56f4..6895f713742 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -79,7 +79,7 @@ if (!$user->rights->agenda->allactions->read || $filter == 'mine') // If no per $filtert = $user->id; } -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $resourceid = GETPOST("search_resourceid", "int"); $year = GETPOST("year", "int") ?GETPOST("year", "int") : date("Y"); $month = GETPOST("month", "int") ?GETPOST("month", "int") : date("m"); diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php index ee47dbc3387..a8ce07a2867 100644 --- a/htdocs/comm/action/list.php +++ b/htdocs/comm/action/list.php @@ -40,7 +40,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; // Load translation files required by the page $langs->loadLangs(array("users", "companies", "agenda", "commercial", "other")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'actioncommlist'; // To manage different context of search $resourceid = GETPOST("search_resourceid", "int") ?GETPOST("search_resourceid", "int") : GETPOST("resourceid", "int"); diff --git a/htdocs/comm/action/rapport/index.php b/htdocs/comm/action/rapport/index.php index 6852ec2476b..fbb49772d3e 100644 --- a/htdocs/comm/action/rapport/index.php +++ b/htdocs/comm/action/rapport/index.php @@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/modules/action/rapport.pdf.php'; // Load translation files required by the page $langs->loadLangs(array("agenda", "commercial")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $month = GETPOST('month', 'int'); $year = GETPOST('year', 'int'); diff --git a/htdocs/comm/admin/propal_extrafields.php b/htdocs/comm/admin/propal_extrafields.php index 699f290ed79..d154dc7aafb 100644 --- a/htdocs/comm/admin/propal_extrafields.php +++ b/htdocs/comm/admin/propal_extrafields.php @@ -39,7 +39,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'propal'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/comm/admin/propaldet_extrafields.php b/htdocs/comm/admin/propaldet_extrafields.php index 635ffaf8b37..1acdbfa5ca1 100644 --- a/htdocs/comm/admin/propaldet_extrafields.php +++ b/htdocs/comm/admin/propaldet_extrafields.php @@ -46,7 +46,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'propaldet'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php index 555b5895fac..32732931e73 100644 --- a/htdocs/comm/index.php +++ b/htdocs/comm/index.php @@ -48,7 +48,7 @@ $hookmanager->initHooks(array('commercialindex')); // Load translation files required by the page $langs->loadLangs(array("commercial", "propal")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $bid = GETPOST('bid', 'int'); // Securite acces client diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php index ccccc93da4f..c054489b0e9 100644 --- a/htdocs/comm/mailing/card.php +++ b/htdocs/comm/mailing/card.php @@ -41,7 +41,7 @@ $langs->load("mails"); if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) accessforbidden(); $id = (GETPOST('mailid', 'int') ? GETPOST('mailid', 'int') : GETPOST('id', 'int')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $urlfrom = GETPOST('urlfrom'); diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index 15785060809..9931477ab60 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -68,7 +68,7 @@ $error = 0; $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $origin = GETPOST('origin', 'alpha'); $originid = GETPOST('originid', 'int'); diff --git a/htdocs/comm/propal/contact.php b/htdocs/comm/propal/contact.php index c2f60516f1c..16be5930e89 100644 --- a/htdocs/comm/propal/contact.php +++ b/htdocs/comm/propal/contact.php @@ -38,7 +38,7 @@ $langs->loadLangs(array('facture', 'orders', 'sendings', 'companies')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $lineid = GETPOST('lineid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->socid) $socid = $user->socid; diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index 7bce96633fc..47fe4a1b41c 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -50,7 +50,7 @@ $langs->loadLangs(array('companies', 'propal', 'compta', 'bills', 'orders', 'pro $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/comm/propal/note.php b/htdocs/comm/propal/note.php index 06385bd40e9..ef35903fcd0 100644 --- a/htdocs/comm/propal/note.php +++ b/htdocs/comm/propal/note.php @@ -38,7 +38,7 @@ $langs->loadLangs(array('propal', 'compta', 'bills', 'companies')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->socid) $socid = $user->socid; diff --git a/htdocs/comm/remx.php b/htdocs/comm/remx.php index ffd4c1738c0..16a7d362ba6 100644 --- a/htdocs/comm/remx.php +++ b/htdocs/comm/remx.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('orders', 'bills', 'companies')); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); // Security check diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index c2536ee59d6..85896b40629 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -67,7 +67,7 @@ if (!empty($conf->productbatch->enabled)) $langs->load("productbatch"); $id = (GETPOST('id', 'int') ? GETPOST('id', 'int') : GETPOST('orderid', 'int')); $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $confirm = GETPOST('confirm', 'alpha'); $lineid = GETPOST('lineid', 'int'); diff --git a/htdocs/commande/contact.php b/htdocs/commande/contact.php index 2d11feeeee2..f44813a4994 100644 --- a/htdocs/commande/contact.php +++ b/htdocs/commande/contact.php @@ -37,7 +37,7 @@ $langs->loadLangs(array('orders', 'sendings', 'companies')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->socid) $socid = $user->socid; diff --git a/htdocs/commande/note.php b/htdocs/commande/note.php index 9054252e6d9..9922d3b0e3e 100644 --- a/htdocs/commande/note.php +++ b/htdocs/commande/note.php @@ -38,7 +38,7 @@ $langs->loadLangs(array('companies', 'bills', 'orders')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check $socid = 0; diff --git a/htdocs/compta/accounting-files.php b/htdocs/compta/accounting-files.php index 0c20e46e316..9b79660c14f 100644 --- a/htdocs/compta/accounting-files.php +++ b/htdocs/compta/accounting-files.php @@ -60,7 +60,7 @@ $date_stopMonth = GETPOST('date_stopmonth', 'int'); $date_stopYear = GETPOST('date_stopyear', 'int'); //FIXME doldate $date_stop = ($date_stopDay) ?dol_mktime(23, 59, 59, $date_stopMonth, $date_stopDay, $date_stopYear) : strtotime($date_stop); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('comptafileslist', 'globallist')); diff --git a/htdocs/compta/bank/account_statement_document.php b/htdocs/compta/bank/account_statement_document.php index 1e9c6e3b358..3b8423b68dc 100644 --- a/htdocs/compta/bank/account_statement_document.php +++ b/htdocs/compta/bank/account_statement_document.php @@ -38,7 +38,7 @@ $langs->loadLangs(array('banks', 'companies', 'other')); $id = (GETPOST('id', 'int') ? GETPOST('id', 'int') : GETPOST('account', 'int')); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $numref = (GETPOST('num', 'alpha') ? GETPOST('num', 'alpha') : GETPOST('sectionid', 'alpha')); diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index 9e1d1dedfc7..1573a226521 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -56,7 +56,7 @@ $langs->loadLangs(array("banks", "bills", "categories", "companies", "margins", $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $confirm = GETPOST('confirm', 'alpha'); $contextpage = 'banktransactionlist'.(empty($object->ref) ? '' : '-'.$object->id); diff --git a/htdocs/compta/bank/document.php b/htdocs/compta/bank/document.php index e3863cd2922..2bd95409827 100644 --- a/htdocs/compta/bank/document.php +++ b/htdocs/compta/bank/document.php @@ -36,7 +36,7 @@ $langs->loadLangs(array('banks', 'companies', 'other')); $id = (GETPOST('id', 'int') ? GETPOST('id', 'int') : GETPOST('account', 'int')); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/compta/bank/line.php b/htdocs/compta/bank/line.php index 976c6997bdd..0da5a557647 100644 --- a/htdocs/compta/bank/line.php +++ b/htdocs/compta/bank/line.php @@ -43,7 +43,7 @@ if (!empty($conf->salaries->enabled)) $langs->load("salaries"); $id = (GETPOST('id', 'int') ? GETPOST('id', 'int') : GETPOST('account', 'int')); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $rowid = GETPOST("rowid", 'int'); $orig_account = GETPOST("orig_account"); diff --git a/htdocs/compta/bank/list.php b/htdocs/compta/bank/list.php index 882244518f7..ace8a327768 100644 --- a/htdocs/compta/bank/list.php +++ b/htdocs/compta/bank/list.php @@ -39,7 +39,7 @@ if (!empty($conf->categorie->enabled)) require_once DOL_DOCUMENT_ROOT.'/categori // Load translation files required by the page $langs->loadLangs(array('banks', 'categories', 'accountancy', 'compta')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php index aee53fe3f23..ba5e20c11c1 100644 --- a/htdocs/compta/bank/releve.php +++ b/htdocs/compta/bank/releve.php @@ -48,7 +48,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php'; // Load translation files required by the page $langs->loadLangs(array("banks", "categories", "companies", "bills", "trips", "donations", "loan")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('account', 'int') ? GETPOST('account', 'int') : GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $dvid = GETPOST('dvid', 'alpha'); diff --git a/htdocs/compta/bank/transfer.php b/htdocs/compta/bank/transfer.php index 7228c38fe50..70903f9120f 100644 --- a/htdocs/compta/bank/transfer.php +++ b/htdocs/compta/bank/transfer.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("banks", "categories", "multicurrency")); if (!$user->rights->banque->transfer) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $error = 0; diff --git a/htdocs/compta/bank/various_payment/document.php b/htdocs/compta/bank/various_payment/document.php index 7a89fd77986..68928daef1f 100644 --- a/htdocs/compta/bank/various_payment/document.php +++ b/htdocs/compta/bank/various_payment/document.php @@ -34,7 +34,7 @@ $langs->loadLangs(array("compta", "banks", "bills", "users", "accountancy")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/compta/deplacement/card.php b/htdocs/compta/deplacement/card.php index 4d3ec6b1ee6..682981852d8 100644 --- a/htdocs/compta/deplacement/card.php +++ b/htdocs/compta/deplacement/card.php @@ -43,7 +43,7 @@ $id = GETPOST('id', 'int'); if ($user->socid) $socid = $user->socid; $result = restrictedArea($user, 'deplacement', $id, ''); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $object = new Deplacement($db); diff --git a/htdocs/compta/deplacement/document.php b/htdocs/compta/deplacement/document.php index 889eb390ca2..75db16c8348 100644 --- a/htdocs/compta/deplacement/document.php +++ b/htdocs/compta/deplacement/document.php @@ -39,7 +39,7 @@ $langs->loadLangs(array('other', 'trips', 'companies', 'interventions')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/compta/facture/admin/facture_cust_extrafields.php b/htdocs/compta/facture/admin/facture_cust_extrafields.php index 55d4141fc07..df5cb39f9e4 100644 --- a/htdocs/compta/facture/admin/facture_cust_extrafields.php +++ b/htdocs/compta/facture/admin/facture_cust_extrafields.php @@ -40,7 +40,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'facture'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/compta/facture/admin/facture_rec_cust_extrafields.php b/htdocs/compta/facture/admin/facture_rec_cust_extrafields.php index feeca2046d6..a8d073958ad 100644 --- a/htdocs/compta/facture/admin/facture_rec_cust_extrafields.php +++ b/htdocs/compta/facture/admin/facture_rec_cust_extrafields.php @@ -41,7 +41,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'facture_rec'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/compta/facture/admin/facturedet_cust_extrafields.php b/htdocs/compta/facture/admin/facturedet_cust_extrafields.php index 87467f0dba6..ebe2a437a92 100644 --- a/htdocs/compta/facture/admin/facturedet_cust_extrafields.php +++ b/htdocs/compta/facture/admin/facturedet_cust_extrafields.php @@ -41,7 +41,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'facturedet'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/compta/facture/admin/facturedet_rec_cust_extrafields.php b/htdocs/compta/facture/admin/facturedet_rec_cust_extrafields.php index 32a7a8cb75a..a09b0380f59 100644 --- a/htdocs/compta/facture/admin/facturedet_rec_cust_extrafields.php +++ b/htdocs/compta/facture/admin/facturedet_rec_cust_extrafields.php @@ -41,7 +41,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'facturedet_rec'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 3600e9a8322..b1acad4b1aa 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -75,7 +75,7 @@ $projectid = (GETPOST('projectid', 'int') ? GETPOST('projectid', 'int') : 0); $id = (GETPOST('id', 'int') ? GETPOST('id', 'int') : GETPOST('facid', 'int')); // For backward compatibility $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); $lineid = GETPOST('lineid', 'int'); diff --git a/htdocs/compta/facture/contact.php b/htdocs/compta/facture/contact.php index c88fef5015c..459543dfc74 100644 --- a/htdocs/compta/facture/contact.php +++ b/htdocs/compta/facture/contact.php @@ -42,7 +42,7 @@ $id = (GETPOST('id') ?GETPOST('id', 'int') : GETPOST('facid', 'int')); // Fo $ref = GETPOST('ref', 'alpha'); $lineid = GETPOST('lineid', 'int'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->socid) $socid = $user->socid; diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php index ed9b032ae90..722286044cc 100644 --- a/htdocs/compta/facture/document.php +++ b/htdocs/compta/facture/document.php @@ -45,7 +45,7 @@ $langs->loadLangs(array('propal', 'compta', 'other', 'bills', 'companies')); $id = (GETPOST('id', 'int') ?GETPOST('id', 'int') : GETPOST('facid', 'int')); // For backward compatibility $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 41e0817310e..3aed9acafe9 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -61,7 +61,7 @@ $id = (GETPOST('id', 'int') ?GETPOST('id', 'int') : GETPOST('facid', 'int')); // $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/compta/facture/note.php b/htdocs/compta/facture/note.php index 954c48ec0c9..249d2dd9b8c 100644 --- a/htdocs/compta/facture/note.php +++ b/htdocs/compta/facture/note.php @@ -39,7 +39,7 @@ $langs->loadLangs(array('companies', 'bills')); $id = (GETPOST('id', 'int') ?GETPOST('id', 'int') : GETPOST('facid', 'int')); // For backward compatibility $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check $socid = 0; diff --git a/htdocs/compta/facture/prelevement.php b/htdocs/compta/facture/prelevement.php index 88a0b922e55..721c0b857ab 100644 --- a/htdocs/compta/facture/prelevement.php +++ b/htdocs/compta/facture/prelevement.php @@ -44,7 +44,7 @@ $langs->loadLangs(array('bills', 'banks', 'withdrawals', 'companies')); $id = (GETPOST('id', 'int') ?GETPOST('id', 'int') : GETPOST('facid', 'int')); // For backward compatibility $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $type = GETPOST('type', 'aZ09'); $fieldid = (!empty($ref) ? 'ref' : 'rowid'); diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php index eb11950304f..6adff20725c 100644 --- a/htdocs/compta/index.php +++ b/htdocs/compta/index.php @@ -49,7 +49,7 @@ $langs->loadLangs(array('compta', 'bills')); if (!empty($conf->commande->enabled)) $langs->load("orders"); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $bid = GETPOST('bid', 'int'); // Security check diff --git a/htdocs/compta/paiement/card.php b/htdocs/compta/paiement/card.php index 4acfd34a53a..4ba533075b1 100644 --- a/htdocs/compta/paiement/card.php +++ b/htdocs/compta/paiement/card.php @@ -39,7 +39,7 @@ $langs->loadLangs(array('bills', 'banks', 'companies')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/compta/paiement/cheque/card.php b/htdocs/compta/paiement/cheque/card.php index aaf216a7558..f3eab05912b 100644 --- a/htdocs/compta/paiement/cheque/card.php +++ b/htdocs/compta/paiement/cheque/card.php @@ -38,7 +38,7 @@ $langs->loadLangs(array('banks', 'categories', 'bills', 'companies', 'compta')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/compta/paiement/info.php b/htdocs/compta/paiement/info.php index 00c3440b868..68d987b06ff 100644 --- a/htdocs/compta/paiement/info.php +++ b/htdocs/compta/paiement/info.php @@ -33,7 +33,7 @@ $langs->loadLangs(array('bills', 'companies')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); /* diff --git a/htdocs/compta/paiement_charge.php b/htdocs/compta/paiement_charge.php index 298866a2020..c7c6bf72492 100644 --- a/htdocs/compta/paiement_charge.php +++ b/htdocs/compta/paiement_charge.php @@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; $langs->load("bills"); $chid = GETPOST("id", 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $amounts = array(); // Security check diff --git a/htdocs/compta/prelevement/card.php b/htdocs/compta/prelevement/card.php index 6349660c59c..0b9abd21e37 100644 --- a/htdocs/compta/prelevement/card.php +++ b/htdocs/compta/prelevement/card.php @@ -37,7 +37,7 @@ $langs->loadLangs(array('banks', 'categories', 'bills', 'companies', 'withdrawal if ($user->socid > 0) accessforbidden(); // Get supervariables -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); diff --git a/htdocs/compta/prelevement/create.php b/htdocs/compta/prelevement/create.php index 8642e9ad7ab..8c8dc01a22c 100644 --- a/htdocs/compta/prelevement/create.php +++ b/htdocs/compta/prelevement/create.php @@ -46,7 +46,7 @@ $result = restrictedArea($user, 'prelevement', '', '', 'bons'); $type = GETPOST('type', 'aZ09'); // Get supervariables -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $mode = GETPOST('mode', 'alpha') ?GETPOST('mode', 'alpha') : 'real'; $format = GETPOST('format', 'aZ09'); $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; diff --git a/htdocs/compta/prelevement/line.php b/htdocs/compta/prelevement/line.php index ae146522f39..5949c155799 100644 --- a/htdocs/compta/prelevement/line.php +++ b/htdocs/compta/prelevement/line.php @@ -39,7 +39,7 @@ $langs->loadlangs(array('banks', 'categories', 'bills', 'withdrawals')); if ($user->socid > 0) accessforbidden(); // Get supervariables -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); $socid = GETPOST('socid', 'int'); diff --git a/htdocs/compta/sociales/list.php b/htdocs/compta/sociales/list.php index 40ebcd1cb7c..341799a686a 100644 --- a/htdocs/compta/sociales/list.php +++ b/htdocs/compta/sociales/list.php @@ -35,7 +35,7 @@ if (!empty($conf->projet->enabled)) require_once DOL_DOCUMENT_ROOT.'/projet/clas // Load translation files required by the page $langs->loadLangs(array('compta', 'banks', 'bills')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index 1772f94abfb..253be5ddaea 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -44,7 +44,7 @@ $langs->loadLangs(array("companies", "suppliers", "categories")); $socialnetworks = getArrayOfSocialNetworks(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/contact/perso.php b/htdocs/contact/perso.php index 724d9077ff1..1710b4dda6a 100644 --- a/htdocs/contact/perso.php +++ b/htdocs/contact/perso.php @@ -32,7 +32,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/contact.lib.php'; $langs->loadLangs(array('companies', 'other')); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->socid) $socid = $user->socid; diff --git a/htdocs/contrat/admin/contract_extrafields.php b/htdocs/contrat/admin/contract_extrafields.php index 031a1b7498d..5343ab8f349 100644 --- a/htdocs/contrat/admin/contract_extrafields.php +++ b/htdocs/contrat/admin/contract_extrafields.php @@ -42,7 +42,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'contrat'; //Must be the $element of the class that manage extrafield diff --git a/htdocs/contrat/admin/contractdet_extrafields.php b/htdocs/contrat/admin/contractdet_extrafields.php index 3e068f5650b..bd0c7b132d0 100644 --- a/htdocs/contrat/admin/contractdet_extrafields.php +++ b/htdocs/contrat/admin/contractdet_extrafields.php @@ -42,7 +42,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'contratdet'; //Must be the $element of the class that manage extrafield diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index cd622b38c28..0d1ce07a449 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -50,7 +50,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; // Load translation files required by the page $langs->loadLangs(array("contracts", "orders", "companies", "bills", "products", 'compta')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $socid = GETPOST('socid', 'int'); $id = GETPOST('id', 'int'); diff --git a/htdocs/contrat/contact.php b/htdocs/contrat/contact.php index 02d9c71776d..38a97d0aaa8 100644 --- a/htdocs/contrat/contact.php +++ b/htdocs/contrat/contact.php @@ -36,7 +36,7 @@ if (!empty($conf->projet->enabled)) { // Load translation files required by the page $langs->loadLangs(array('contracts', 'companies')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $socid = GETPOST('socid', 'int'); $id = GETPOST('id', 'int'); diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php index e15d6467755..531642f81f7 100644 --- a/htdocs/contrat/list.php +++ b/htdocs/contrat/list.php @@ -39,7 +39,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; // Load translation files required by the page $langs->loadLangs(array('contracts', 'products', 'companies', 'compta')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/contrat/note.php b/htdocs/contrat/note.php index d782ad5b3f5..d9eb8e3ccdc 100644 --- a/htdocs/contrat/note.php +++ b/htdocs/contrat/note.php @@ -34,7 +34,7 @@ if (!empty($conf->projet->enabled)) { // Load translation files required by the page $langs->loadLangs(array('companies', 'contracts')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $socid = GETPOST('socid', 'int'); $id = GETPOST('id', 'int'); diff --git a/htdocs/core/ajax/constantonoff.php b/htdocs/core/ajax/constantonoff.php index 1ed8ca34076..456542e331e 100644 --- a/htdocs/core/ajax/constantonoff.php +++ b/htdocs/core/ajax/constantonoff.php @@ -30,7 +30,7 @@ if (!defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $name = GETPOST('name', 'alpha'); /* diff --git a/htdocs/core/ajax/contacts.php b/htdocs/core/ajax/contacts.php index 67e769ab17f..104e57df592 100644 --- a/htdocs/core/ajax/contacts.php +++ b/htdocs/core/ajax/contacts.php @@ -28,7 +28,7 @@ if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); require '../../main.inc.php'; $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $htmlname = GETPOST('htmlname', 'alpha'); $showempty = GETPOST('showempty', 'int'); diff --git a/htdocs/core/ajax/objectonoff.php b/htdocs/core/ajax/objectonoff.php index 6c9f97bfbb0..ceb221b4870 100644 --- a/htdocs/core/ajax/objectonoff.php +++ b/htdocs/core/ajax/objectonoff.php @@ -30,7 +30,7 @@ if (!defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/genericobject.class.php'; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); $value = GETPOST('value', 'int'); $field = GETPOST('field', 'alpha'); diff --git a/htdocs/core/ajax/pingresult.php b/htdocs/core/ajax/pingresult.php index e08b2c5efcf..e58895a967f 100644 --- a/htdocs/core/ajax/pingresult.php +++ b/htdocs/core/ajax/pingresult.php @@ -30,7 +30,7 @@ if (!defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $hash_unique_id = GETPOST('hash_unique_id', 'alpha'); $hash_algo = GETPOST('hash_algo', 'alpha'); diff --git a/htdocs/core/ajax/selectobject.php b/htdocs/core/ajax/selectobject.php index eed6c21c126..a672510555b 100644 --- a/htdocs/core/ajax/selectobject.php +++ b/htdocs/core/ajax/selectobject.php @@ -33,7 +33,7 @@ $objectdesc = GETPOST('objectdesc', 'alpha'); $htmlname = GETPOST('htmlname', 'aZ09'); $sqlfilter = GETPOST('sqlfilter', 'alpha'); $outjson = (GETPOST('outjson', 'int') ? GETPOST('outjson', 'int') : 0); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); diff --git a/htdocs/core/ajax/vatrates.php b/htdocs/core/ajax/vatrates.php index b0ab6ed2a7e..0bd16eb6449 100644 --- a/htdocs/core/ajax/vatrates.php +++ b/htdocs/core/ajax/vatrates.php @@ -27,7 +27,7 @@ if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); require '../../main.inc.php'; $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $htmlname = GETPOST('htmlname', 'alpha'); $selected = (GETPOST('selected') ?GETPOST('selected') : '-1'); $productid = (GETPOST('productid', 'int') ?GETPOST('productid', 'int') : 0); diff --git a/htdocs/core/modules/oauth/github_oauthcallback.php b/htdocs/core/modules/oauth/github_oauthcallback.php index 7df6b007f26..778baad8cc8 100644 --- a/htdocs/core/modules/oauth/github_oauthcallback.php +++ b/htdocs/core/modules/oauth/github_oauthcallback.php @@ -35,7 +35,7 @@ $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domai -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtourl = GETPOST('backtourl', 'alpha'); diff --git a/htdocs/core/modules/oauth/google_oauthcallback.php b/htdocs/core/modules/oauth/google_oauthcallback.php index c15d1da5751..7c00fdac323 100644 --- a/htdocs/core/modules/oauth/google_oauthcallback.php +++ b/htdocs/core/modules/oauth/google_oauthcallback.php @@ -35,7 +35,7 @@ $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domai -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtourl = GETPOST('backtourl', 'alpha'); diff --git a/htdocs/core/modules/oauth/stripelive_oauthcallback.php b/htdocs/core/modules/oauth/stripelive_oauthcallback.php index c1d38080657..f5b52459b30 100644 --- a/htdocs/core/modules/oauth/stripelive_oauthcallback.php +++ b/htdocs/core/modules/oauth/stripelive_oauthcallback.php @@ -35,7 +35,7 @@ $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domai -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtourl = GETPOST('backtourl', 'alpha'); diff --git a/htdocs/core/modules/oauth/stripetest_oauthcallback.php b/htdocs/core/modules/oauth/stripetest_oauthcallback.php index df468492921..efe522d9049 100644 --- a/htdocs/core/modules/oauth/stripetest_oauthcallback.php +++ b/htdocs/core/modules/oauth/stripetest_oauthcallback.php @@ -35,7 +35,7 @@ $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domai -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtourl = GETPOST('backtourl', 'alpha'); diff --git a/htdocs/core/photos_resize.php b/htdocs/core/photos_resize.php index 37aa758db37..c7a52865dc7 100644 --- a/htdocs/core/photos_resize.php +++ b/htdocs/core/photos_resize.php @@ -32,7 +32,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php'; $langs->loadLangs(array("products", "other")); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $modulepart = GETPOST('modulepart', 'alpha') ?GETPOST('modulepart', 'alpha') : 'produit|service'; $original_file = GETPOST("file"); $backtourl = GETPOST('backtourl'); diff --git a/htdocs/cron/card.php b/htdocs/cron/card.php index 461c78efbdb..a39d4ba48b5 100644 --- a/htdocs/cron/card.php +++ b/htdocs/cron/card.php @@ -39,7 +39,7 @@ $langs->loadLangs(array('admin', 'cron', 'members')); if (!$user->rights->cron->create) accessforbidden(); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); $backtourl = GETPOST('backtourl', 'alpha'); diff --git a/htdocs/cron/list.php b/htdocs/cron/list.php index 7f048ac17f1..a41608e7e25 100644 --- a/htdocs/cron/list.php +++ b/htdocs/cron/list.php @@ -36,7 +36,7 @@ $langs->loadLangs(array("admin", "cron", "bills", "members")); if (!$user->rights->cron->read) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); // The bulk action (combo box choice into lists) $confirm = GETPOST('confirm', 'alpha'); $toselect = GETPOST('toselect', 'array'); // Array of ids of elements selected into a list diff --git a/htdocs/datapolicy/admin/setup.php b/htdocs/datapolicy/admin/setup.php index fe9e5bbc5c3..8cbec549941 100644 --- a/htdocs/datapolicy/admin/setup.php +++ b/htdocs/datapolicy/admin/setup.php @@ -36,7 +36,7 @@ $langs->load('datapolicy@datapolicy'); if (!$user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $arrayofparameters = array(); diff --git a/htdocs/datapolicy/admin/setupmail.php b/htdocs/datapolicy/admin/setupmail.php index 03674f7eed7..b2b739a8f12 100644 --- a/htdocs/datapolicy/admin/setupmail.php +++ b/htdocs/datapolicy/admin/setupmail.php @@ -29,7 +29,7 @@ $langs->loadLangs(array('admin', 'companies', 'members', 'datapolicy')); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $formadmin = new FormAdmin($db); diff --git a/htdocs/datapolicy/public/index.php b/htdocs/datapolicy/public/index.php index c6e23db9083..079bcd340da 100644 --- a/htdocs/datapolicy/public/index.php +++ b/htdocs/datapolicy/public/index.php @@ -39,7 +39,7 @@ require_once DOL_DOCUMENT_ROOT.'/datapolicy/class/datapolicy.class.php'; $idc = GETPOST('c', 'int'); $ids = GETPOST('s', 'int'); $ida = GETPOST('a', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $lang = GETPOST('l', 'alpha'); $code = GETPOST('key', 'alpha'); diff --git a/htdocs/document.php b/htdocs/document.php index 3808dd755fd..1bb4ce285e8 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -76,7 +76,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php'; $encoding = ''; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $original_file = GETPOST('file', 'alphanohtml'); // Do not use urldecode here ($_GET are already decoded by PHP). $hashp = GETPOST('hashp', 'aZ09'); $modulepart = GETPOST('modulepart', 'alpha'); diff --git a/htdocs/don/admin/donation.php b/htdocs/don/admin/donation.php index 5c0d8fc8576..800d391dfbd 100644 --- a/htdocs/don/admin/donation.php +++ b/htdocs/don/admin/donation.php @@ -37,7 +37,7 @@ $langs->loadLangs(array('admin', 'donations', 'accountancy', 'other')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/don/admin/donation_extrafields.php b/htdocs/don/admin/donation_extrafields.php index ba1a0443b47..ddf0e56933c 100644 --- a/htdocs/don/admin/donation_extrafields.php +++ b/htdocs/don/admin/donation_extrafields.php @@ -37,7 +37,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'don'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/don/card.php b/htdocs/don/card.php index 9f3f5c56daf..95502885929 100644 --- a/htdocs/don/card.php +++ b/htdocs/don/card.php @@ -47,7 +47,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; $langs->loadLangs(array("bills", "companies", "donations")); $id = GETPOST('rowid') ?GETPOST('rowid', 'int') : GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $amount = GETPOST('amount'); $donation_date = dol_mktime(12, 0, 0, GETPOST('remonth'), GETPOST('reday'), GETPOST('reyear')); diff --git a/htdocs/don/document.php b/htdocs/don/document.php index 0d56ff5bd63..de43e6d3682 100644 --- a/htdocs/don/document.php +++ b/htdocs/don/document.php @@ -45,7 +45,7 @@ $langs->loadLangs(array("companies", "other", "donations")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $projectid = (GETPOST('projectid') ? GETPOST('projectid', 'int') : 0); diff --git a/htdocs/don/info.php b/htdocs/don/info.php index 170c577dc00..8a12e319ef8 100644 --- a/htdocs/don/info.php +++ b/htdocs/don/info.php @@ -35,7 +35,7 @@ $langs->load("donations"); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $projectid = (GETPOST('projectid') ? GETPOST('projectid', 'int') : 0); // Security check diff --git a/htdocs/don/note.php b/htdocs/don/note.php index 111ea2399a3..6df77ad2bc1 100644 --- a/htdocs/don/note.php +++ b/htdocs/don/note.php @@ -40,7 +40,7 @@ $langs->loadLangs(array("companies", "bills", "donations")); $id = (GETPOST('id', 'int') ?GETPOST('id', 'int') : GETPOST('facid', 'int')); // For backward compatibility $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $projectid = (GETPOST('projectid') ? GETPOST('projectid', 'int') : 0); // Security check diff --git a/htdocs/ecm/ajax/ecmdatabase.php b/htdocs/ecm/ajax/ecmdatabase.php index 5ba61c53a8d..e817f6af4a4 100644 --- a/htdocs/ecm/ajax/ecmdatabase.php +++ b/htdocs/ecm/ajax/ecmdatabase.php @@ -28,7 +28,7 @@ if (!defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $element = GETPOST('element', 'alpha'); /* diff --git a/htdocs/ecm/search.php b/htdocs/ecm/search.php index d996f2400ee..8100ff46ba3 100644 --- a/htdocs/ecm/search.php +++ b/htdocs/ecm/search.php @@ -41,7 +41,7 @@ $user->getrights('ecm'); // Get parameters $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $section = GETPOST('section'); if (!$section) $section = 0; diff --git a/htdocs/expedition/contact.php b/htdocs/expedition/contact.php index c20e2bb4088..69c5080ea83 100644 --- a/htdocs/expedition/contact.php +++ b/htdocs/expedition/contact.php @@ -39,7 +39,7 @@ $langs->loadLangs(array('orders', 'sendings', 'companies')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->socid) $socid = $user->socid; diff --git a/htdocs/expedition/note.php b/htdocs/expedition/note.php index f7cedc65ad7..199782398a6 100644 --- a/htdocs/expedition/note.php +++ b/htdocs/expedition/note.php @@ -37,7 +37,7 @@ $langs->loadLangs(array('sendings', 'companies', 'bills', 'deliveries', 'orders' $id = (GETPOST('id', 'int') ?GETPOST('id', 'int') : GETPOST('facid', 'int')); // For backward compatibility $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check $socid = ''; diff --git a/htdocs/expedition/shipment.php b/htdocs/expedition/shipment.php index f494ef563fb..742de498aee 100644 --- a/htdocs/expedition/shipment.php +++ b/htdocs/expedition/shipment.php @@ -46,7 +46,7 @@ $langs->loadLangs(array('orders', "companies", "bills", 'propal', 'deliveries', $id = GETPOST('id', 'int'); // id of order $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $hookmanager->initHooks(array('ordershipmentcard')); diff --git a/htdocs/expensereport/document.php b/htdocs/expensereport/document.php index 82ac70b7ccb..4c4d68e7589 100644 --- a/htdocs/expensereport/document.php +++ b/htdocs/expensereport/document.php @@ -39,7 +39,7 @@ $langs->loadLangs(array("other", "trips", "companies", "interventions")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/expensereport/note.php b/htdocs/expensereport/note.php index 8447fd4fcbc..b95288d908e 100644 --- a/htdocs/expensereport/note.php +++ b/htdocs/expensereport/note.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('trips', 'companies', 'bills', 'orders')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check $socid = 0; diff --git a/htdocs/expensereport/payment/info.php b/htdocs/expensereport/payment/info.php index 4a5cd165fc5..b548eb54be2 100644 --- a/htdocs/expensereport/payment/info.php +++ b/htdocs/expensereport/payment/info.php @@ -34,7 +34,7 @@ $langs->loadLangs(array('bills', 'trips')); $id = GETPOST('id'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); /* diff --git a/htdocs/exports/export.php b/htdocs/exports/export.php index 98353d42bf1..51e4b1cbb4c 100644 --- a/htdocs/exports/export.php +++ b/htdocs/exports/export.php @@ -130,7 +130,7 @@ $entitytolang = array( $array_selected = isset($_SESSION["export_selected_fields"]) ? $_SESSION["export_selected_fields"] : array(); $array_filtervalue = isset($_SESSION["export_filtered_fields"]) ? $_SESSION["export_filtered_fields"] : array(); $datatoexport = GETPOST("datatoexport", "aZ09"); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $step = GETPOST("step", "int") ?GETPOST("step", "int") : 1; $export_name = GETPOST("export_name", "alphanohtml"); diff --git a/htdocs/externalsite/admin/externalsite.php b/htdocs/externalsite/admin/externalsite.php index e2af9e5267d..2c882b0b329 100644 --- a/htdocs/externalsite/admin/externalsite.php +++ b/htdocs/externalsite/admin/externalsite.php @@ -40,7 +40,7 @@ $langs->loadLangs(array('admin', 'other', 'externalsite')); $def = array(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Sauvegardes parametres if ($action == 'update') diff --git a/htdocs/fichinter/admin/fichinter_extrafields.php b/htdocs/fichinter/admin/fichinter_extrafields.php index 5199e9de0db..c19bce3c9d1 100644 --- a/htdocs/fichinter/admin/fichinter_extrafields.php +++ b/htdocs/fichinter/admin/fichinter_extrafields.php @@ -41,7 +41,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'fichinter'; //Must be the $element of the class that manage extrafield diff --git a/htdocs/fichinter/admin/fichinterdet_extrafields.php b/htdocs/fichinter/admin/fichinterdet_extrafields.php index 62dc9025209..768de47cfd0 100644 --- a/htdocs/fichinter/admin/fichinterdet_extrafields.php +++ b/htdocs/fichinter/admin/fichinterdet_extrafields.php @@ -41,7 +41,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'fichinterdet'; //Must be the $element of the class that manage extrafield diff --git a/htdocs/fichinter/card-rec.php b/htdocs/fichinter/card-rec.php index 55ad529df3b..ca8cc20807e 100644 --- a/htdocs/fichinter/card-rec.php +++ b/htdocs/fichinter/card-rec.php @@ -51,7 +51,7 @@ $langs->loadLangs(array("interventions", "admin", "compta", "bills")); // Security check $id = (GETPOST('fichinterid', 'int') ?GETPOST('fichinterid', 'int') : GETPOST('id', 'int')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if ($user->socid) $socid = $user->socid; $objecttype = 'fichinter_rec'; if ($action == "create" || $action == "add") $objecttype = ''; diff --git a/htdocs/fichinter/contact.php b/htdocs/fichinter/contact.php index e991efb2009..1eb0df5147a 100644 --- a/htdocs/fichinter/contact.php +++ b/htdocs/fichinter/contact.php @@ -36,7 +36,7 @@ $langs->loadLangs(array('interventions', 'sendings', 'companies')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->socid) $socid = $user->socid; diff --git a/htdocs/fichinter/document.php b/htdocs/fichinter/document.php index 9825c0a58d1..46ccb34de96 100644 --- a/htdocs/fichinter/document.php +++ b/htdocs/fichinter/document.php @@ -43,7 +43,7 @@ $langs->loadLangs(array('other', 'fichinter', 'companies', 'interventions')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php index 0204689b9b0..62280d5829c 100644 --- a/htdocs/fichinter/list.php +++ b/htdocs/fichinter/list.php @@ -40,7 +40,7 @@ $langs->loadLangs(array('companies', 'bills', 'interventions')); if (!empty($conf->projet->enabled)) $langs->load("projects"); if (!empty($conf->contrat->enabled)) $langs->load("contracts"); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/fichinter/note.php b/htdocs/fichinter/note.php index b5ef5f91241..42003b8a27a 100644 --- a/htdocs/fichinter/note.php +++ b/htdocs/fichinter/note.php @@ -36,7 +36,7 @@ $langs->loadLangs(array('companies', 'interventions')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->socid) $socid = $user->socid; diff --git a/htdocs/fourn/commande/contact.php b/htdocs/fourn/commande/contact.php index b3d2e3aa664..683658c791e 100644 --- a/htdocs/fourn/commande/contact.php +++ b/htdocs/fourn/commande/contact.php @@ -38,7 +38,7 @@ $langs->loadLangs(array("facture", "orders", "sendings", "companies")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->socid) $socid = $user->socid; diff --git a/htdocs/fourn/commande/document.php b/htdocs/fourn/commande/document.php index 56516b440f7..e266a466e87 100644 --- a/htdocs/fourn/commande/document.php +++ b/htdocs/fourn/commande/document.php @@ -43,7 +43,7 @@ $langs->loadLangs(array("bills", "orders", "sendings", "companies", "deliveries" $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/fourn/commande/info.php b/htdocs/fourn/commande/info.php index 195e87e5b5d..07c84a8fa12 100644 --- a/htdocs/fourn/commande/info.php +++ b/htdocs/fourn/commande/info.php @@ -38,7 +38,7 @@ $langs->loadLangs(array("suppliers", "orders", "companies", "stocks")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); diff --git a/htdocs/fourn/commande/orderstoinvoice.php b/htdocs/fourn/commande/orderstoinvoice.php index d7f8ef489ab..4b498d468d9 100644 --- a/htdocs/fourn/commande/orderstoinvoice.php +++ b/htdocs/fourn/commande/orderstoinvoice.php @@ -49,7 +49,7 @@ if (!$user->rights->fournisseur->facture->creer) $id = (GETPOST('id') ? GETPOST('id', 'int') : GETPOST("facid")); // For backward compatibility $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $sref = GETPOST('sref'); $sref_client = GETPOST('sref_client'); diff --git a/htdocs/fourn/facture/contact.php b/htdocs/fourn/facture/contact.php index 477086b3ca3..9be956b32ae 100644 --- a/htdocs/fourn/facture/contact.php +++ b/htdocs/fourn/facture/contact.php @@ -38,7 +38,7 @@ $langs->loadLangs(array("bills", "other", "companies")); $id = (GETPOST('id', 'int') ? GETPOST('id', 'int') : GETPOST('facid', 'int')); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->socid) $socid = $user->socid; diff --git a/htdocs/fourn/facture/document.php b/htdocs/fourn/facture/document.php index 3b06f1276d6..dfbff2e1dda 100644 --- a/htdocs/fourn/facture/document.php +++ b/htdocs/fourn/facture/document.php @@ -41,7 +41,7 @@ if (!empty($conf->projet->enabled)) { $langs->loadLangs(array('bills', 'other', 'companies')); $id = GETPOST('facid', 'int') ?GETPOST('facid', 'int') : GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $ref = GETPOST('ref', 'alpha'); diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index 655798deac7..bbc4f45e4b2 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -49,7 +49,7 @@ if (!$user->rights->fournisseur->facture->lire) accessforbidden(); // Load translation files required by the page $langs->loadLangs(array('products', 'bills', 'companies', 'projects')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/fourn/facture/note.php b/htdocs/fourn/facture/note.php index 48d84a3161b..57a0cd103ab 100644 --- a/htdocs/fourn/facture/note.php +++ b/htdocs/fourn/facture/note.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("bills", "companies")); $id = (GETPOST('id', 'int') ? GETPOST('id', 'int') : GETPOST('facid', 'int')); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->socid) $socid = $user->socid; diff --git a/htdocs/ftp/admin/ftpclient.php b/htdocs/ftp/admin/ftpclient.php index 49af7141d84..70a96546fc2 100644 --- a/htdocs/ftp/admin/ftpclient.php +++ b/htdocs/ftp/admin/ftpclient.php @@ -33,7 +33,7 @@ if (!$user->admin) accessforbidden(); $def = array(); $lastftpentry = 0; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $entry = GETPOST('numero_entry', 'alpha'); diff --git a/htdocs/holiday/document.php b/htdocs/holiday/document.php index 256e69028f2..47a2d5dc86b 100644 --- a/htdocs/holiday/document.php +++ b/htdocs/holiday/document.php @@ -41,7 +41,7 @@ $langs->loadLangs(array('other', 'holiday', 'companies')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/hrm/admin/admin_hrm.php b/htdocs/hrm/admin/admin_hrm.php index dcf4fe8bbec..c00d266d2fc 100644 --- a/htdocs/hrm/admin/admin_hrm.php +++ b/htdocs/hrm/admin/admin_hrm.php @@ -30,7 +30,7 @@ $langs->loadLangs(array('admin', 'hrm')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Other parameters HRM_* $list = array( diff --git a/htdocs/hrm/establishment/card.php b/htdocs/hrm/establishment/card.php index 69f9079a45b..0b000f879c2 100644 --- a/htdocs/hrm/establishment/card.php +++ b/htdocs/hrm/establishment/card.php @@ -33,7 +33,7 @@ if (!$user->admin) accessforbidden(); $error = 0; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $confirm = GETPOST('confirm', 'alpha'); $id = GETPOST('id', 'int'); diff --git a/htdocs/hrm/establishment/info.php b/htdocs/hrm/establishment/info.php index c26f7db4fc1..7bd6c5727b7 100644 --- a/htdocs/hrm/establishment/info.php +++ b/htdocs/hrm/establishment/info.php @@ -31,7 +31,7 @@ $langs->loadLangs(array('admin', 'hrm')); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/livraison/card.php b/htdocs/livraison/card.php index 51351605494..7addb72e328 100644 --- a/htdocs/livraison/card.php +++ b/htdocs/livraison/card.php @@ -50,7 +50,7 @@ $langs->loadLangs(array("sendings", "bills", 'deliveries', 'orders')); if (!empty($conf->incoterm->enabled)) $langs->load('incoterm'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/margin/admin/margin.php b/htdocs/margin/admin/margin.php index 9efea04e415..cea00dfdff6 100644 --- a/htdocs/margin/admin/margin.php +++ b/htdocs/margin/admin/margin.php @@ -33,7 +33,7 @@ $langs->loadLangs(array("admin", "bills", "margins", "stocks")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/margin/productMargins.php b/htdocs/margin/productMargins.php index 71b8b41ef8d..7039beddd30 100644 --- a/htdocs/margin/productMargins.php +++ b/htdocs/margin/productMargins.php @@ -34,7 +34,7 @@ $langs->loadLangs(array('companies', 'bills', 'products', 'margins')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $TSelectedCats = GETPOST('categories', 'array'); diff --git a/htdocs/margin/tabs/productMargins.php b/htdocs/margin/tabs/productMargins.php index 70cbf6a9e42..d5069249cbe 100644 --- a/htdocs/margin/tabs/productMargins.php +++ b/htdocs/margin/tabs/productMargins.php @@ -30,7 +30,7 @@ $langs->loadLangs(array("companies", "bills", "products", "margins")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/modulebuilder/admin/setup.php b/htdocs/modulebuilder/admin/setup.php index c1d58ab3ff2..9f0f8ae46ad 100644 --- a/htdocs/modulebuilder/admin/setup.php +++ b/htdocs/modulebuilder/admin/setup.php @@ -29,7 +29,7 @@ $langs->loadLangs(array("admin", "other", "modulebuilder")); if (!$user->admin || empty($conf->modulebuilder->enabled)) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); /* diff --git a/htdocs/modulebuilder/template/admin/about.php b/htdocs/modulebuilder/template/admin/about.php index 2140d679695..ebb392810d1 100644 --- a/htdocs/modulebuilder/template/admin/about.php +++ b/htdocs/modulebuilder/template/admin/about.php @@ -48,7 +48,7 @@ $langs->loadLangs(array("errors", "admin", "mymodule@mymodule")); if (!$user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/modulebuilder/template/admin/myobject_extrafields.php b/htdocs/modulebuilder/template/admin/myobject_extrafields.php index 065feb6cebe..31bd430d6a3 100644 --- a/htdocs/modulebuilder/template/admin/myobject_extrafields.php +++ b/htdocs/modulebuilder/template/admin/myobject_extrafields.php @@ -41,7 +41,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'mymodule_myobject'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/modulebuilder/template/admin/setup.php b/htdocs/modulebuilder/template/admin/setup.php index 4cafe1b9824..9653f05d4b3 100644 --- a/htdocs/modulebuilder/template/admin/setup.php +++ b/htdocs/modulebuilder/template/admin/setup.php @@ -50,7 +50,7 @@ $langs->loadLangs(array("admin", "mymodule@mymodule")); if (!$user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $value = GETPOST('value', 'alpha'); diff --git a/htdocs/modulebuilder/template/mymoduleindex.php b/htdocs/modulebuilder/template/mymoduleindex.php index 91eb5eca8da..2b6bd518570 100644 --- a/htdocs/modulebuilder/template/mymoduleindex.php +++ b/htdocs/modulebuilder/template/mymoduleindex.php @@ -44,7 +44,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; // Load translation files required by the page $langs->loadLangs(array("mymodule@mymodule")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check diff --git a/htdocs/modulebuilder/template/myobject_agenda.php b/htdocs/modulebuilder/template/myobject_agenda.php index 244a7e01a9c..96396437314 100644 --- a/htdocs/modulebuilder/template/myobject_agenda.php +++ b/htdocs/modulebuilder/template/myobject_agenda.php @@ -50,7 +50,7 @@ $langs->loadLangs(array("mymodule@mymodule", "other")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/modulebuilder/template/myobject_note.php b/htdocs/modulebuilder/template/myobject_note.php index aece1f98f29..99b706d4a76 100644 --- a/htdocs/modulebuilder/template/myobject_note.php +++ b/htdocs/modulebuilder/template/myobject_note.php @@ -46,7 +46,7 @@ $langs->loadLangs(array("mymodule@mymodule", "companies")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/mrp/ajax/ajax_bom.php b/htdocs/mrp/ajax/ajax_bom.php index 57f1089c2e2..adf4a8f4ee7 100644 --- a/htdocs/mrp/ajax/ajax_bom.php +++ b/htdocs/mrp/ajax/ajax_bom.php @@ -34,7 +34,7 @@ require '../../main.inc.php'; // Load $user and permissions require_once DOL_DOCUMENT_ROOT.'/bom/class/bom.class.php'; $idbom = GETPOST('idbom', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/mrp/mo_agenda.php b/htdocs/mrp/mo_agenda.php index 755b2232df3..c2107296b2b 100644 --- a/htdocs/mrp/mo_agenda.php +++ b/htdocs/mrp/mo_agenda.php @@ -40,7 +40,7 @@ $langs->loadLangs(array("mrp", "other")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/mrp/mo_note.php b/htdocs/mrp/mo_note.php index 7d0fe785c58..f25ebc35d0d 100644 --- a/htdocs/mrp/mo_note.php +++ b/htdocs/mrp/mo_note.php @@ -35,7 +35,7 @@ $langs->loadLangs(array("mrp", "companies")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/paybox/admin/paybox.php b/htdocs/paybox/admin/paybox.php index 5323fd8d7df..68d55558c9f 100644 --- a/htdocs/paybox/admin/paybox.php +++ b/htdocs/paybox/admin/paybox.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('admin', 'other', 'paybox', 'paypal')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if ($action == 'setvalue' && $user->admin) diff --git a/htdocs/paypal/admin/paypal.php b/htdocs/paypal/admin/paypal.php index e8ba5b87ec6..8ac4cacb231 100644 --- a/htdocs/paypal/admin/paypal.php +++ b/htdocs/paypal/admin/paypal.php @@ -37,7 +37,7 @@ $langs->loadLangs(array('admin', 'other', 'paypal', 'paybox')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if ($action == 'setvalue' && $user->admin) { diff --git a/htdocs/printing/admin/printing.php b/htdocs/printing/admin/printing.php index 02fd4545c84..f76b7d66fbe 100644 --- a/htdocs/printing/admin/printing.php +++ b/htdocs/printing/admin/printing.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('admin', 'printing', 'oauth')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $mode = GETPOST('mode', 'alpha'); $value = GETPOST('value', 'alpha', 0, null, null, 1); // The value may be __google__docs so we force disable of replace $varname = GETPOST('varname', 'alpha'); diff --git a/htdocs/product/admin/dynamic_prices.php b/htdocs/product/admin/dynamic_prices.php index 752ddecbea8..ea8e595f9c1 100644 --- a/htdocs/product/admin/dynamic_prices.php +++ b/htdocs/product/admin/dynamic_prices.php @@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/product/dynamic_price/class/price_global_variab $langs->load("products"); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $save = GETPOST('save', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); $selection = GETPOST('selection', 'int'); diff --git a/htdocs/product/admin/product.php b/htdocs/product/admin/product.php index ef11037a656..905821535c1 100644 --- a/htdocs/product/admin/product.php +++ b/htdocs/product/admin/product.php @@ -43,7 +43,7 @@ $langs->loadLangs(array("admin", "products")); if (!$user->admin || (empty($conf->product->enabled) && empty($conf->service->enabled))) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/product/admin/product_extrafields.php b/htdocs/product/admin/product_extrafields.php index 1e67a1d469a..59d6437578c 100644 --- a/htdocs/product/admin/product_extrafields.php +++ b/htdocs/product/admin/product_extrafields.php @@ -40,7 +40,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'product'; //Must be the $element of the class that manage extrafield diff --git a/htdocs/product/admin/product_lot_extrafields.php b/htdocs/product/admin/product_lot_extrafields.php index 625ca8bf1b3..e5e058927a1 100644 --- a/htdocs/product/admin/product_lot_extrafields.php +++ b/htdocs/product/admin/product_lot_extrafields.php @@ -40,7 +40,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'product_lot'; //Must be the $element of the class that manage extrafield diff --git a/htdocs/product/admin/product_supplier_extrafields.php b/htdocs/product/admin/product_supplier_extrafields.php index b400843ab5c..daaf3a9edfd 100644 --- a/htdocs/product/admin/product_supplier_extrafields.php +++ b/htdocs/product/admin/product_supplier_extrafields.php @@ -41,7 +41,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'product_fournisseur_price'; //Must be the $element of the class that manage extrafield diff --git a/htdocs/product/admin/product_tools.php b/htdocs/product/admin/product_tools.php index ce7bcf733a5..e01111712ad 100644 --- a/htdocs/product/admin/product_tools.php +++ b/htdocs/product/admin/product_tools.php @@ -37,7 +37,7 @@ $langs->loadLangs(array('admin', 'products')); // Security check if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $oldvatrate = GETPOST('oldvatrate', 'alpha'); $newvatrate = GETPOST('newvatrate', 'alpha'); //$price_base_type=GETPOST('price_base_type'); diff --git a/htdocs/product/admin/stock_extrafields.php b/htdocs/product/admin/stock_extrafields.php index 22ad53cd0e8..4c9e1435c15 100644 --- a/htdocs/product/admin/stock_extrafields.php +++ b/htdocs/product/admin/stock_extrafields.php @@ -39,7 +39,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'entrepot'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/product/ajax/products.php b/htdocs/product/ajax/products.php index f206d868347..7441d88abc0 100644 --- a/htdocs/product/ajax/products.php +++ b/htdocs/product/ajax/products.php @@ -39,7 +39,7 @@ $mode = GETPOST('mode', 'int'); $status = ((GETPOST('status', 'int') >= 0) ? GETPOST('status', 'int') : - 1); $outjson = (GETPOST('outjson', 'int') ? GETPOST('outjson', 'int') : 0); $price_level = GETPOST('price_level', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); $price_by_qty_rowid = GETPOST('pbq', 'int'); $finished = GETPOST('finished', 'int'); diff --git a/htdocs/product/composition/card.php b/htdocs/product/composition/card.php index 1c1dfa0913e..843e1e6cb59 100644 --- a/htdocs/product/composition/card.php +++ b/htdocs/product/composition/card.php @@ -38,7 +38,7 @@ $langs->loadLangs(array('bills', 'products', 'stocks')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); $key = GETPOST('key'); diff --git a/htdocs/product/document.php b/htdocs/product/document.php index 4f505bff187..8d06e211bab 100644 --- a/htdocs/product/document.php +++ b/htdocs/product/document.php @@ -42,7 +42,7 @@ $langs->loadLangs(array('other', 'products')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/product/dynamic_price/editor.php b/htdocs/product/dynamic_price/editor.php index c8855b0665e..c0bbf8388a2 100644 --- a/htdocs/product/dynamic_price/editor.php +++ b/htdocs/product/dynamic_price/editor.php @@ -33,7 +33,7 @@ $langs->loadLangs(array('products', 'accountancy')); //"Back" translation is on $id = GETPOST('id', 'int'); $eid = GETPOST('eid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $title = GETPOST('expression_title', 'alpha'); $expression = GETPOST('expression'); $tab = GETPOST('tab', 'alpha'); diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 56f91bfa2ee..1f347353b81 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -47,7 +47,7 @@ $langs->loadLangs(array('products', 'suppliers', 'bills', 'margins', 'stocks')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $rowid = GETPOST('rowid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'pricesuppliercard'; diff --git a/htdocs/product/list.php b/htdocs/product/list.php index ca789bc3ffe..cddae83986d 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -46,7 +46,7 @@ if (!empty($conf->categorie->enabled)) $langs->loadLangs(array('products', 'stocks', 'suppliers', 'companies', 'margins')); if (!empty($conf->productbatch->enabled)) $langs->load("productbatch"); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/product/price.php b/htdocs/product/price.php index 8f25eab11b1..668777cb6c3 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -53,7 +53,7 @@ $mesg = ''; $error = 0; $errors = array(); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $eid = GETPOST('eid', 'int'); diff --git a/htdocs/product/reassort.php b/htdocs/product/reassort.php index 5e92649ccdc..f881a429d1a 100644 --- a/htdocs/product/reassort.php +++ b/htdocs/product/reassort.php @@ -40,7 +40,7 @@ if ($user->socid) $socid = $user->socid; $result = restrictedArea($user, 'produit|service'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $sref = GETPOST("sref", 'alpha'); $snom = GETPOST("snom", 'alpha'); $sall = trim((GETPOST('search_all', 'alphanohtml') != '') ?GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml')); diff --git a/htdocs/product/reassortlot.php b/htdocs/product/reassortlot.php index 050d0d12f4b..2dfb423c5f8 100644 --- a/htdocs/product/reassortlot.php +++ b/htdocs/product/reassortlot.php @@ -42,7 +42,7 @@ if ($user->socid) $socid = $user->socid; $result = restrictedArea($user, 'produit|service'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $sref = GETPOST("sref", 'alpha'); $snom = GETPOST("snom", 'alpha'); $sall = trim((GETPOST('search_all', 'alphanohtml') != '') ?GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml')); diff --git a/htdocs/product/stock/massstockmove.php b/htdocs/product/stock/massstockmove.php index bc7949f5a1b..b281a41815d 100644 --- a/htdocs/product/stock/massstockmove.php +++ b/htdocs/product/stock/massstockmove.php @@ -45,7 +45,7 @@ $result = restrictedArea($user, 'produit|service'); //checks if a product has been ordered -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id_product = GETPOST('productid', 'int'); $id_sw = GETPOST('id_sw', 'int'); $id_tw = GETPOST('id_tw', 'int'); diff --git a/htdocs/product/stock/productlot_document.php b/htdocs/product/stock/productlot_document.php index 6a28f595f86..59ab61fb86a 100644 --- a/htdocs/product/stock/productlot_document.php +++ b/htdocs/product/stock/productlot_document.php @@ -42,7 +42,7 @@ $langs->loadLangs(array('other', 'products')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/product/stock/productlot_list.php b/htdocs/product/stock/productlot_list.php index c7d9facf74d..2acfc513197 100644 --- a/htdocs/product/stock/productlot_list.php +++ b/htdocs/product/stock/productlot_list.php @@ -36,7 +36,7 @@ $langs->loadLangs(array('stocks', 'productbatch', 'other', 'users')); // Get parameters $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $toselect = GETPOST('toselect', 'array'); // Array of ids of elements selected into a list $contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'myobjectlist'; // To manage different context of search diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php index ff71f5f605c..b7e7c808bdc 100644 --- a/htdocs/product/stock/replenish.php +++ b/htdocs/product/stock/replenish.php @@ -48,7 +48,7 @@ $hookmanager->initHooks(array('stockreplenishlist')); //checks if a product has been ordered -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $search_ref = GETPOST('search_ref', 'alpha'); $search_label = GETPOST('search_label', 'alpha'); $sall = trim((GETPOST('search_all', 'alphanohtml') != '') ?GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml')); diff --git a/htdocs/product/stock/stockatdate.php b/htdocs/product/stock/stockatdate.php index 9b03d5ecfc4..f8046ba6448 100644 --- a/htdocs/product/stock/stockatdate.php +++ b/htdocs/product/stock/stockatdate.php @@ -49,7 +49,7 @@ $hookmanager->initHooks(array('stockreplenishlist')); //checks if a product has been ordered -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $type = GETPOST('type', 'int'); $mode = GETPOST('mode', 'alpha'); $date = ''; diff --git a/htdocs/product/traduction.php b/htdocs/product/traduction.php index 055e3cbefc7..502a15cd04e 100644 --- a/htdocs/product/traduction.php +++ b/htdocs/product/traduction.php @@ -36,7 +36,7 @@ $langs->loadLangs(array('products', 'languages')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); // Security check diff --git a/htdocs/projet/admin/project.php b/htdocs/projet/admin/project.php index bbc7441f8c8..5156794dea2 100644 --- a/htdocs/projet/admin/project.php +++ b/htdocs/projet/admin/project.php @@ -39,7 +39,7 @@ $langs->loadLangs(array('admin', 'errors', 'other', 'projects')); if (!$user->admin) accessforbidden(); $value = GETPOST('value', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); $type = 'project'; diff --git a/htdocs/projet/admin/project_extrafields.php b/htdocs/projet/admin/project_extrafields.php index e9d9e7e6a3f..da54d0bd5e6 100644 --- a/htdocs/projet/admin/project_extrafields.php +++ b/htdocs/projet/admin/project_extrafields.php @@ -40,7 +40,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'projet'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/projet/admin/project_task_extrafields.php b/htdocs/projet/admin/project_task_extrafields.php index ee64d0721e2..b8d1281986b 100644 --- a/htdocs/projet/admin/project_task_extrafields.php +++ b/htdocs/projet/admin/project_task_extrafields.php @@ -41,7 +41,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'projet_task'; diff --git a/htdocs/projet/ajax/projects.php b/htdocs/projet/ajax/projects.php index f26ecf8da9b..cbc223f8525 100644 --- a/htdocs/projet/ajax/projects.php +++ b/htdocs/projet/ajax/projects.php @@ -35,7 +35,7 @@ require '../../main.inc.php'; $htmlname = GETPOST('htmlname', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); $discard_closed = GETPOST('discardclosed', 'int'); diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index e7054f21a3c..ff7eaf6c146 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -39,7 +39,7 @@ $langs->loadLangs(array('projects', 'companies')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); $confirm = GETPOST('confirm', 'aZ09'); diff --git a/htdocs/projet/comment.php b/htdocs/projet/comment.php index 04e306f9dfb..905b57e875f 100644 --- a/htdocs/projet/comment.php +++ b/htdocs/projet/comment.php @@ -41,7 +41,7 @@ $id = GETPOST('id', 'int'); $idcomment = GETPOST('idcomment', 'int'); $ref = GETPOST("ref", 'alpha', 1); // task ref $objectref = GETPOST("taskref", 'alpha'); // task ref -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $withproject = GETPOST('withproject', 'int'); $project_ref = GETPOST('project_ref', 'alpha'); diff --git a/htdocs/projet/contact.php b/htdocs/projet/contact.php index b8f1a24013d..8bbdbed9e6a 100644 --- a/htdocs/projet/contact.php +++ b/htdocs/projet/contact.php @@ -36,7 +36,7 @@ $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $lineid = GETPOST('lineid', 'int'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $mine = GETPOST('mode') == 'mine' ? 1 : 0; //if (! $user->rights->projet->all->lire) $mine=1; // Special for projects diff --git a/htdocs/projet/element.php b/htdocs/projet/element.php index acfa8297df6..026aeae32d9 100644 --- a/htdocs/projet/element.php +++ b/htdocs/projet/element.php @@ -72,7 +72,7 @@ if (!empty($conf->mrp->enabled)) $langs->load("mrp"); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $datesrfc = GETPOST('datesrfc'); $dateerfc = GETPOST('dateerfc'); $dates = dol_mktime(0, 0, 0, GETPOST('datesmonth'), GETPOST('datesday'), GETPOST('datesyear')); diff --git a/htdocs/projet/index.php b/htdocs/projet/index.php index 3d485793fb6..7fbe8fd17d5 100644 --- a/htdocs/projet/index.php +++ b/htdocs/projet/index.php @@ -39,7 +39,7 @@ $hookmanager->initHooks(array('projectsindex')); // Load translation files required by the page $langs->loadLangs(array('projects', 'companies')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $search_project_user = GETPOST('search_project_user', 'int'); $mine = GETPOST('mode', 'aZ09') == 'mine' ? 1 : 0; if ($mine == 0 && $search_project_user === '') $search_project_user = $user->conf->MAIN_SEARCH_PROJECT_USER_PROJECTSINDEX; diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index a682d7ef383..7a2e0968425 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -44,7 +44,7 @@ if (!empty($conf->categorie->enabled)) // Load translation files required by the page $langs->loadLangs(array('projects', 'companies', 'commercial')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php index c11ffcd8d6f..48ea2a15efe 100644 --- a/htdocs/projet/tasks.php +++ b/htdocs/projet/tasks.php @@ -36,7 +36,7 @@ if ($conf->categorie->enabled) { require_once DOL_DOCUMENT_ROOT.'/categories/cla // Load translation files required by the page $langs->loadLangs(array('projects', 'users', 'companies')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/projet/tasks/comment.php b/htdocs/projet/tasks/comment.php index e8a4ae93168..0549710ff25 100644 --- a/htdocs/projet/tasks/comment.php +++ b/htdocs/projet/tasks/comment.php @@ -41,7 +41,7 @@ $id = GETPOST('id', 'int'); $idcomment = GETPOST('idcomment', 'int'); $ref = GETPOST("ref", 'alpha', 1); // task ref $objectref = GETPOST("taskref", 'alpha'); // task ref -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $withproject = GETPOST('withproject', 'int'); $project_ref = GETPOST('project_ref', 'alpha'); diff --git a/htdocs/projet/tasks/contact.php b/htdocs/projet/tasks/contact.php index 2c3737c6788..72e3a1bae32 100644 --- a/htdocs/projet/tasks/contact.php +++ b/htdocs/projet/tasks/contact.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('projects', 'companies')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $withproject = GETPOST('withproject', 'int'); $project_ref = GETPOST('project_ref', 'alpha'); diff --git a/htdocs/projet/tasks/document.php b/htdocs/projet/tasks/document.php index 1493542c5ed..2a8e3cdd944 100644 --- a/htdocs/projet/tasks/document.php +++ b/htdocs/projet/tasks/document.php @@ -35,7 +35,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; // Load translation files required by the page $langs->loadLangs(array('projects', 'other')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $mine = $_REQUEST['mode'] == 'mine' ? 1 : 0; //if (! $user->rights->projet->all->lire) $mine=1; // Special for projects diff --git a/htdocs/projet/tasks/list.php b/htdocs/projet/tasks/list.php index 1ffd3541344..1caa0479673 100644 --- a/htdocs/projet/tasks/list.php +++ b/htdocs/projet/tasks/list.php @@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; // Load translation files required by the page $langs->loadLangs(array('projects', 'users', 'companies')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/projet/tasks/note.php b/htdocs/projet/tasks/note.php index 7af9bbbacef..c281da3b877 100644 --- a/htdocs/projet/tasks/note.php +++ b/htdocs/projet/tasks/note.php @@ -29,7 +29,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/project.lib.php'; // Load translation files required by the page $langs->load('projects'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $mine = $_REQUEST['mode'] == 'mine' ? 1 : 0; //if (! $user->rights->projet->all->lire) $mine=1; // Special for projects diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php index 0a432351f60..49e1a3e6866 100644 --- a/htdocs/projet/tasks/task.php +++ b/htdocs/projet/tasks/task.php @@ -40,7 +40,7 @@ $langs->loadlangs(array('projects', 'companies')); $id = GETPOST('id', 'int'); $ref = GETPOST("ref", 'alpha', 1); // task ref $taskref = GETPOST("taskref", 'alpha'); // task ref -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $withproject = GETPOST('withproject', 'int'); $project_ref = GETPOST('project_ref', 'alpha'); diff --git a/htdocs/public/members/new.php b/htdocs/public/members/new.php index 501fccc6ed3..313b2202a34 100644 --- a/htdocs/public/members/new.php +++ b/htdocs/public/members/new.php @@ -59,7 +59,7 @@ $errmsg = ''; $num = 0; $error = 0; $backtopage = GETPOST('backtopage', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Load translation files $langs->loadLangs(array("main", "members", "companies", "install", "other")); diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index bc91273816b..eac026230d9 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -47,7 +47,7 @@ $langs->loadLangs(array('companies', 'other', 'mails', 'ticket')); $id = GETPOST('id', 'int'); $msg_id = GETPOST('msg_id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $object = new Ticket($db); $extrafields = new ExtraFields($db); diff --git a/htdocs/public/ticket/index.php b/htdocs/public/ticket/index.php index d150d4c2f41..be7c44580cd 100644 --- a/htdocs/public/ticket/index.php +++ b/htdocs/public/ticket/index.php @@ -46,7 +46,7 @@ $langs->loadLangs(array('companies', 'other', 'ticket', 'errors')); // Get parameters $track_id = GETPOST('track_id', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/reception/contact.php b/htdocs/reception/contact.php index 4e8605ac74a..0492c0db1b8 100644 --- a/htdocs/reception/contact.php +++ b/htdocs/reception/contact.php @@ -41,7 +41,7 @@ $langs->load("companies"); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->socid) $socid = $user->socid; diff --git a/htdocs/reception/note.php b/htdocs/reception/note.php index 9e9b6c20f92..ade403ab39b 100644 --- a/htdocs/reception/note.php +++ b/htdocs/reception/note.php @@ -44,7 +44,7 @@ $langs->load('propal'); $id = (GETPOST('id', 'int') ?GETPOST('id', 'int') : GETPOST('facid', 'int')); // For backward compatibility $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check $socid = ''; diff --git a/htdocs/recruitment/admin/candidature_extrafields.php b/htdocs/recruitment/admin/candidature_extrafields.php index 953f2186e1c..b81668d6337 100644 --- a/htdocs/recruitment/admin/candidature_extrafields.php +++ b/htdocs/recruitment/admin/candidature_extrafields.php @@ -36,7 +36,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'recruitment_recruitmentcandidature'; diff --git a/htdocs/recruitment/admin/jobposition_extrafields.php b/htdocs/recruitment/admin/jobposition_extrafields.php index 0dcf840cd00..62d6b8418c2 100644 --- a/htdocs/recruitment/admin/jobposition_extrafields.php +++ b/htdocs/recruitment/admin/jobposition_extrafields.php @@ -36,7 +36,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'recruitment_recruitmentjobposition'; diff --git a/htdocs/recruitment/admin/public_interface.php b/htdocs/recruitment/admin/public_interface.php index f8985507081..8f80a7ef48d 100644 --- a/htdocs/recruitment/admin/public_interface.php +++ b/htdocs/recruitment/admin/public_interface.php @@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/recruitment/lib/recruitment.lib.php'; // Load translation files required by the page $langs->loadLangs(array("admin", "recruitment")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if (!$user->admin) accessforbidden(); diff --git a/htdocs/recruitment/admin/setup.php b/htdocs/recruitment/admin/setup.php index 562531262f9..aa65393c7a8 100644 --- a/htdocs/recruitment/admin/setup.php +++ b/htdocs/recruitment/admin/setup.php @@ -50,7 +50,7 @@ $langs->loadLangs(array("admin", "recruitment")); if (!$user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $value = GETPOST('value', 'alpha'); diff --git a/htdocs/recruitment/admin/setup_candidatures.php b/htdocs/recruitment/admin/setup_candidatures.php index c49ee158db3..22bdd03cfd2 100644 --- a/htdocs/recruitment/admin/setup_candidatures.php +++ b/htdocs/recruitment/admin/setup_candidatures.php @@ -50,7 +50,7 @@ $langs->loadLangs(array("admin", "recruitment")); if (!$user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $value = GETPOST('value', 'alpha'); diff --git a/htdocs/recruitment/recruitmentcandidature_agenda.php b/htdocs/recruitment/recruitmentcandidature_agenda.php index 876a1220735..f8aff07c352 100644 --- a/htdocs/recruitment/recruitmentcandidature_agenda.php +++ b/htdocs/recruitment/recruitmentcandidature_agenda.php @@ -50,7 +50,7 @@ $langs->loadLangs(array("recruitment", "other")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/recruitment/recruitmentcandidature_note.php b/htdocs/recruitment/recruitmentcandidature_note.php index f6b710821ce..81d227c5da6 100644 --- a/htdocs/recruitment/recruitmentcandidature_note.php +++ b/htdocs/recruitment/recruitmentcandidature_note.php @@ -46,7 +46,7 @@ $langs->loadLangs(array("recruitment", "companies")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/recruitment/recruitmentindex.php b/htdocs/recruitment/recruitmentindex.php index 4087ae25bd7..6e710163396 100644 --- a/htdocs/recruitment/recruitmentindex.php +++ b/htdocs/recruitment/recruitmentindex.php @@ -32,7 +32,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; // Load translation files required by the page $langs->loadLangs(array("recruitment", "boxes")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check diff --git a/htdocs/recruitment/recruitmentjobposition_agenda.php b/htdocs/recruitment/recruitmentjobposition_agenda.php index a96455a33ff..2984deb0443 100644 --- a/htdocs/recruitment/recruitmentjobposition_agenda.php +++ b/htdocs/recruitment/recruitmentjobposition_agenda.php @@ -50,7 +50,7 @@ $langs->loadLangs(array("recruitment", "other")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/recruitment/recruitmentjobposition_note.php b/htdocs/recruitment/recruitmentjobposition_note.php index b8f873309d7..12de0611cdf 100644 --- a/htdocs/recruitment/recruitmentjobposition_note.php +++ b/htdocs/recruitment/recruitmentjobposition_note.php @@ -46,7 +46,7 @@ $langs->loadLangs(array("recruitment", "companies")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/resource/agenda.php b/htdocs/resource/agenda.php index 72d055da41d..aaf9b451414 100644 --- a/htdocs/resource/agenda.php +++ b/htdocs/resource/agenda.php @@ -40,7 +40,7 @@ $langs->load("companies"); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/resource/contact.php b/htdocs/resource/contact.php index ee20d918648..de4d0ad3e3f 100644 --- a/htdocs/resource/contact.php +++ b/htdocs/resource/contact.php @@ -36,7 +36,7 @@ $langs->loadLangs(array('resource', 'sendings', 'companies')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->socid) $socid = $user->socid; diff --git a/htdocs/resource/document.php b/htdocs/resource/document.php index 077430cf4bb..13447b03dde 100644 --- a/htdocs/resource/document.php +++ b/htdocs/resource/document.php @@ -40,7 +40,7 @@ $langs->loadLangs(array('other', 'resource', 'companies')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/resource/note.php b/htdocs/resource/note.php index 1162909114e..26038c74d96 100644 --- a/htdocs/resource/note.php +++ b/htdocs/resource/note.php @@ -34,7 +34,7 @@ $langs->loadLangs(array('companies', 'interventions')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->socid) $socid = $user->socid; diff --git a/htdocs/salaries/admin/salaries.php b/htdocs/salaries/admin/salaries.php index a824a7d8eee..01c2b5c8be6 100644 --- a/htdocs/salaries/admin/salaries.php +++ b/htdocs/salaries/admin/salaries.php @@ -36,7 +36,7 @@ $langs->loadLangs(array('admin', 'salaries')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Other parameters SALARIES_* $list = array( diff --git a/htdocs/salaries/admin/salaries_extrafields.php b/htdocs/salaries/admin/salaries_extrafields.php index 48f574557ec..bac3824db53 100644 --- a/htdocs/salaries/admin/salaries_extrafields.php +++ b/htdocs/salaries/admin/salaries_extrafields.php @@ -38,7 +38,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'payment_salary'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/salaries/document.php b/htdocs/salaries/document.php index 69680df6a2a..be8ff801bca 100644 --- a/htdocs/salaries/document.php +++ b/htdocs/salaries/document.php @@ -40,7 +40,7 @@ $langs->loadLangs(array("compta", "bills", "users", "salaries", "hrm")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/societe/admin/contact_extrafields.php b/htdocs/societe/admin/contact_extrafields.php index 2e657805b96..d8a2ec15c52 100644 --- a/htdocs/societe/admin/contact_extrafields.php +++ b/htdocs/societe/admin/contact_extrafields.php @@ -38,7 +38,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'socpeople'; //Must be the $element of the class that manage extrafield diff --git a/htdocs/societe/admin/societe.php b/htdocs/societe/admin/societe.php index 21ee679292a..69f5e373725 100644 --- a/htdocs/societe/admin/societe.php +++ b/htdocs/societe/admin/societe.php @@ -32,7 +32,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; $langs->loadLangs(array("admin", "companies", "other")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); if (!$user->admin) accessforbidden(); diff --git a/htdocs/societe/admin/societe_extrafields.php b/htdocs/societe/admin/societe_extrafields.php index f0812485211..02c7dc51231 100644 --- a/htdocs/societe/admin/societe_extrafields.php +++ b/htdocs/societe/admin/societe_extrafields.php @@ -38,7 +38,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'societe'; //Must be the $element of the class that manage extrafield diff --git a/htdocs/societe/ajax/company.php b/htdocs/societe/ajax/company.php index dc2d60df5e6..a56fa0d9f81 100644 --- a/htdocs/societe/ajax/company.php +++ b/htdocs/societe/ajax/company.php @@ -34,7 +34,7 @@ require '../../main.inc.php'; $htmlname = GETPOST('htmlname', 'alpha'); $filter = GETPOST('filter', 'alpha'); $outjson = (GETPOST('outjson', 'int') ? GETPOST('outjson', 'int') : 0); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); $showtype = GETPOST('showtype', 'int'); diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index 96b50a34bf8..6bf8513ecf8 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -43,7 +43,7 @@ require_once DOL_DOCUMENT_ROOT.'/societe/class/client.class.php'; $langs->loadLangs(array("companies", "commercial", "customers", "suppliers", "bills", "compta", "categories", "cashdesk")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/societe/price.php b/htdocs/societe/price.php index 118d85e0fbb..48cc398bf87 100644 --- a/htdocs/societe/price.php +++ b/htdocs/societe/price.php @@ -40,7 +40,7 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { $langs->loadLangs(array("products", "companies", "bills")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $search_prod = GETPOST('search_prod', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); diff --git a/htdocs/societe/societecontact.php b/htdocs/societe/societecontact.php index 1369f29a185..20ddbfa4cf7 100644 --- a/htdocs/societe/societecontact.php +++ b/htdocs/societe/societecontact.php @@ -36,7 +36,7 @@ $langs->loadLangs(array("orders", "companies")); $id = GETPOST('id', 'int') ?GETPOST('id', 'int') : GETPOST('socid', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; diff --git a/htdocs/stripe/admin/stripe.php b/htdocs/stripe/admin/stripe.php index bcb9527e089..b467a5068ed 100644 --- a/htdocs/stripe/admin/stripe.php +++ b/htdocs/stripe/admin/stripe.php @@ -39,7 +39,7 @@ $langs->loadLangs(array('admin', 'other', 'paypal', 'paybox', 'stripe')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/supplier_proposal/admin/supplier_proposal_extrafields.php b/htdocs/supplier_proposal/admin/supplier_proposal_extrafields.php index 132820e8e09..61077e2c5bd 100644 --- a/htdocs/supplier_proposal/admin/supplier_proposal_extrafields.php +++ b/htdocs/supplier_proposal/admin/supplier_proposal_extrafields.php @@ -33,7 +33,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'supplier_proposal'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/supplier_proposal/admin/supplier_proposaldet_extrafields.php b/htdocs/supplier_proposal/admin/supplier_proposaldet_extrafields.php index 73ba689f47a..08f17504de9 100644 --- a/htdocs/supplier_proposal/admin/supplier_proposaldet_extrafields.php +++ b/htdocs/supplier_proposal/admin/supplier_proposaldet_extrafields.php @@ -40,7 +40,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'supplier_proposaldet'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index 0c4e53da2b9..5081e6224c4 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -58,7 +58,7 @@ $error = 0; $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $origin = GETPOST('origin', 'alpha'); $originid = GETPOST('originid', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/supplier_proposal/contact.php b/htdocs/supplier_proposal/contact.php index 4bd027299fa..f0d6a62d9c9 100644 --- a/htdocs/supplier_proposal/contact.php +++ b/htdocs/supplier_proposal/contact.php @@ -36,7 +36,7 @@ $langs->loadLangs(array("propal", "facture", "orders", "sendings", "companies")) $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->socid) $socid = $user->socid; diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php index 008a81542ec..0b05d3afabd 100644 --- a/htdocs/supplier_proposal/list.php +++ b/htdocs/supplier_proposal/list.php @@ -48,7 +48,7 @@ $langs->loadLangs(array('companies', 'propal', 'supplier_proposal', 'compta', 'b $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/supplier_proposal/note.php b/htdocs/supplier_proposal/note.php index aaf40288e15..16e3d192547 100644 --- a/htdocs/supplier_proposal/note.php +++ b/htdocs/supplier_proposal/note.php @@ -37,7 +37,7 @@ $langs->loadLangs(array('supplier_proposal', 'compta', 'bills')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->socid) $socid = $user->socid; diff --git a/htdocs/takepos/admin/orderprinters.php b/htdocs/takepos/admin/orderprinters.php index 79a16d77861..b396655dea4 100644 --- a/htdocs/takepos/admin/orderprinters.php +++ b/htdocs/takepos/admin/orderprinters.php @@ -39,7 +39,7 @@ if (!$user->rights->categorie->lire) accessforbidden(); $id = GETPOST('id', 'int'); $type = (GETPOST('type', 'aZ09') ? GETPOST('type', 'aZ09') : Categorie::TYPE_PRODUCT); $catname = GETPOST('catname', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $printer1 = GETPOST('printer1', 'alpha'); $printer2 = GETPOST('printer2', 'alpha'); diff --git a/htdocs/takepos/admin/setup.php b/htdocs/takepos/admin/setup.php index 148976cc778..48c713f4b66 100644 --- a/htdocs/takepos/admin/setup.php +++ b/htdocs/takepos/admin/setup.php @@ -57,7 +57,7 @@ if ($resql) { } } -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/takepos/ajax/ajax.php b/htdocs/takepos/ajax/ajax.php index 7f9555c3226..531598668a7 100644 --- a/htdocs/takepos/ajax/ajax.php +++ b/htdocs/takepos/ajax/ajax.php @@ -35,7 +35,7 @@ require '../../main.inc.php'; // Load $user and permissions require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; $category = GETPOST('category', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $term = GETPOST('term', 'alpha'); $id = GETPOST('id', 'int'); diff --git a/htdocs/takepos/floors.php b/htdocs/takepos/floors.php index 5af2eb1d238..257c8db7fa0 100644 --- a/htdocs/takepos/floors.php +++ b/htdocs/takepos/floors.php @@ -38,7 +38,7 @@ $langs->loadLangs(array("bills", "orders", "commercial", "cashdesk")); $floor = GETPOST('floor', 'int'); if ($floor == "") $floor = 1; $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $left = GETPOST('left', 'alpha'); $top = GETPOST('top', 'alpha'); diff --git a/htdocs/takepos/freezone.php b/htdocs/takepos/freezone.php index c6dc094ca28..79a638456f2 100644 --- a/htdocs/takepos/freezone.php +++ b/htdocs/takepos/freezone.php @@ -44,7 +44,7 @@ $langs->loadLangs(array("bills", "cashdesk")); $place = (GETPOST('place', 'aZ09') ? GETPOST('place', 'aZ09') : '0'); // $place is id of table for Bar or Restaurant $idline = GETPOST('idline', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if (empty($user->rights->takepos->run)) { accessforbidden(); diff --git a/htdocs/takepos/index.php b/htdocs/takepos/index.php index 390f71491ba..29b11dbb8ad 100644 --- a/htdocs/takepos/index.php +++ b/htdocs/takepos/index.php @@ -42,7 +42,7 @@ require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php'; $place = (GETPOST('place', 'aZ09') ? GETPOST('place', 'aZ09') : 0); // $place is id of table for Bar or Restaurant or multiple sales -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $setterminal = GETPOST('setterminal', 'int'); if ($_SESSION["takeposterminal"] == "") diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php index 1dfdce43af4..6c45f6121f9 100644 --- a/htdocs/takepos/invoice.php +++ b/htdocs/takepos/invoice.php @@ -42,7 +42,7 @@ global $mysoc; $langs->loadLangs(array("companies", "commercial", "bills", "cashdesk", "stocks", "banks")); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $idproduct = GETPOST('idproduct', 'int'); $place = (GETPOST('place', 'aZ09') ? GETPOST('place', 'aZ09') : 0); // $place is id of table for Bar or Restaurant $placeid = 0; // $placeid is ID of invoice diff --git a/htdocs/takepos/phone.php b/htdocs/takepos/phone.php index 2fd2beec15d..119752014a1 100644 --- a/htdocs/takepos/phone.php +++ b/htdocs/takepos/phone.php @@ -43,7 +43,7 @@ if (defined('INCLUDE_PHONEPAGE_FROM_PUBLIC_PAGE')) { } else { $place = (GETPOST('place', 'aZ09') ? GETPOST('place', 'aZ09') : 0); // $place is id of table for Ba or Restaurant } -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $setterminal = GETPOST('setterminal', 'int'); $idproduct = GETPOST('idproduct', 'int'); diff --git a/htdocs/takepos/send.php b/htdocs/takepos/send.php index 3f59d4069b5..ba1e3f5e5ad 100644 --- a/htdocs/takepos/send.php +++ b/htdocs/takepos/send.php @@ -37,7 +37,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; $facid = GETPOST('facid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $email = GETPOST('email', 'alpha'); if (empty($user->rights->takepos->run)) { diff --git a/htdocs/ticket/class/actions_ticket.class.php b/htdocs/ticket/class/actions_ticket.class.php index d6873ba2415..641b56b1716 100644 --- a/htdocs/ticket/class/actions_ticket.class.php +++ b/htdocs/ticket/class/actions_ticket.class.php @@ -263,7 +263,7 @@ class ActionsTicket $ret = $this->dao->loadCacheMsgsTicket(); if ($ret < 0) dol_print_error($this->dao->db); - $action = GETPOST('action', 'alpha'); + $action = GETPOST('action', 'aZ09'); $this->viewTicketOriginalMessage($user, $action, $object); diff --git a/htdocs/user/admin/group_extrafields.php b/htdocs/user/admin/group_extrafields.php index 94e2beb985e..6690f6e933e 100644 --- a/htdocs/user/admin/group_extrafields.php +++ b/htdocs/user/admin/group_extrafields.php @@ -40,7 +40,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'usergroup'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/user/admin/user_extrafields.php b/htdocs/user/admin/user_extrafields.php index cd9ecf78390..52e97a48c0a 100644 --- a/htdocs/user/admin/user_extrafields.php +++ b/htdocs/user/admin/user_extrafields.php @@ -39,7 +39,7 @@ $tmptype2label = ExtraFields::$type2label; $type2label = array(''); foreach ($tmptype2label as $key => $val) $type2label[$key] = $langs->transnoentitiesnoconv($val); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'user'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/user/clicktodial.php b/htdocs/user/clicktodial.php index b3dc8a0bfa9..cebb7824303 100644 --- a/htdocs/user/clicktodial.php +++ b/htdocs/user/clicktodial.php @@ -28,7 +28,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php'; // Load translation files required by page $langs->loadLangs(array('users', 'admin')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); // Security check diff --git a/htdocs/user/group/card.php b/htdocs/user/group/card.php index 462ba32e7ba..de604f127bb 100644 --- a/htdocs/user/group/card.php +++ b/htdocs/user/group/card.php @@ -50,7 +50,7 @@ if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $langs->loadLangs(array('users', 'other')); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'groupcard'; // To manage different context of search diff --git a/htdocs/user/group/ldap.php b/htdocs/user/group/ldap.php index 8e69101b44d..d280fe37701 100644 --- a/htdocs/user/group/ldap.php +++ b/htdocs/user/group/ldap.php @@ -46,7 +46,7 @@ if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) } $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $socid = 0; if ($user->socid > 0) $socid = $user->socid; diff --git a/htdocs/user/group/perms.php b/htdocs/user/group/perms.php index b22dafce758..af81542d99a 100644 --- a/htdocs/user/group/perms.php +++ b/htdocs/user/group/perms.php @@ -35,7 +35,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; $langs->loadLangs(array('users', 'admin')); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $module = GETPOST('module', 'alpha'); $rights = GETPOST('rights', 'int'); diff --git a/htdocs/user/param_ihm.php b/htdocs/user/param_ihm.php index 7a27bb9b466..b331e6c1cc2 100644 --- a/htdocs/user/param_ihm.php +++ b/htdocs/user/param_ihm.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('companies', 'products', 'admin', 'users', 'languages', $canreaduser = ($user->admin || $user->rights->user->user->lire); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'userihm'; // To manage different context of search if ($id) diff --git a/htdocs/user/passwordforgotten.php b/htdocs/user/passwordforgotten.php index 74512718cb3..03225e85866 100644 --- a/htdocs/user/passwordforgotten.php +++ b/htdocs/user/passwordforgotten.php @@ -41,11 +41,11 @@ if (!empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)) exit; } -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $mode = $dolibarr_main_authentication; if (!$mode) $mode = 'http'; -$username = GETPOST('username', 'alpha'); +$username = GETPOST('username', 'alphanohtml'); $passwordhash = GETPOST('passwordhash', 'alpha'); $conf->entity = (GETPOST('entity', 'int') ? GETPOST('entity', 'int') : 1); diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index f87785da31f..a6f5fbe1c7f 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -35,7 +35,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; $langs->loadLangs(array('users', 'admin')); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $module = GETPOST('module', 'alpha'); $rights = GETPOST('rights', 'int'); diff --git a/htdocs/variants/card.php b/htdocs/variants/card.php index 6d077e85ad1..13b7408fc93 100644 --- a/htdocs/variants/card.php +++ b/htdocs/variants/card.php @@ -22,7 +22,7 @@ require 'class/ProductAttributeValue.class.php'; $id = GETPOST('id', 'int'); $valueid = GETPOST('valueid', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $label = GETPOST('label', 'alpha'); $ref = GETPOST('ref', 'alpha'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/variants/combinations.php b/htdocs/variants/combinations.php index d218b762fef..31dc07b6bad 100644 --- a/htdocs/variants/combinations.php +++ b/htdocs/variants/combinations.php @@ -40,7 +40,7 @@ $level_price_impact_percent = GETPOST('level_price_impact_percent', 'array'); $reference = GETPOST('reference', 'alpha'); $form = new Form($db); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/variants/create_val.php b/htdocs/variants/create_val.php index e724b5693c4..b5a57d514ae 100644 --- a/htdocs/variants/create_val.php +++ b/htdocs/variants/create_val.php @@ -24,7 +24,7 @@ $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $value = GETPOST('value', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index 0ddccc537d1..f13b786082a 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -93,7 +93,7 @@ function llxFooter() require 'main.inc.php'; // Load $user and permissions require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $original_file = GETPOST('file', 'alphanohtml'); // Do not use urldecode here ($_GET are already decoded by PHP). $hashp = GETPOST('hashp', 'aZ09'); $modulepart = GETPOST('modulepart', 'alpha'); diff --git a/htdocs/website/websiteaccount_card.php b/htdocs/website/websiteaccount_card.php index d2b592477fd..c1057935e31 100644 --- a/htdocs/website/websiteaccount_card.php +++ b/htdocs/website/websiteaccount_card.php @@ -34,7 +34,7 @@ $langs->loadLangs(array("website", "other")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/zapier/admin/about.php b/htdocs/zapier/admin/about.php index 43eded7ab7c..31d54c35893 100644 --- a/htdocs/zapier/admin/about.php +++ b/htdocs/zapier/admin/about.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("errors", "admin", "zapier@zapier")); if (!$user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/zapier/admin/setup.php b/htdocs/zapier/admin/setup.php index 8a74b525c2b..7077551749e 100644 --- a/htdocs/zapier/admin/setup.php +++ b/htdocs/zapier/admin/setup.php @@ -36,7 +36,7 @@ $langs->loadLangs(array("admin", "zapier@zapier")); if (!$user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $arrayofparameters = array( diff --git a/htdocs/zapier/hook_agenda.php b/htdocs/zapier/hook_agenda.php index a9b44fbd089..89f2415ad05 100644 --- a/htdocs/zapier/hook_agenda.php +++ b/htdocs/zapier/hook_agenda.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("mymodule@mymodule", "other")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/zapier/hook_note.php b/htdocs/zapier/hook_note.php index 151c762be56..d8a5404fd3c 100644 --- a/htdocs/zapier/hook_note.php +++ b/htdocs/zapier/hook_note.php @@ -33,7 +33,7 @@ $langs->loadLangs(array("mymodule@mymodule", "companies")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/zapier/zapierindex.php b/htdocs/zapier/zapierindex.php index 760bd85322a..2ac566dc058 100644 --- a/htdocs/zapier/zapierindex.php +++ b/htdocs/zapier/zapierindex.php @@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; // Load translation files required by the page $langs->loadLangs(array("zapier@zapier")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Securite acces client From 463088759117aec69a47db63fe5b89833cf6c82e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 16 Sep 2020 20:09:40 +0200 Subject: [PATCH 15/75] Fix css --- htdocs/core/class/html.form.class.php | 2 +- htdocs/core/lib/functions.lib.php | 3 ++- htdocs/theme/eldy/global.inc.php | 2 ++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 2c2e4041923..7c5d350d21e 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -7157,7 +7157,7 @@ class Form } //if ($conf->browser->layout == 'phone') $ret.='
'; - $ret .= '
'; + $ret .= '
'; // For thirdparty, contact, user, member, the ref is the id, so we show something else if ($object->element == 'societe') diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 7b7972c4fe2..bdff8ce4063 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -1626,7 +1626,8 @@ function dol_banner_tab($object, $paramid, $morehtml = '', $shownav = 1, $fieldi } if (!empty($conf->global->MAIN_SHOW_TECHNICAL_ID) && ($conf->global->MAIN_SHOW_TECHNICAL_ID == '1' || preg_match('/'.preg_quote($object->element, '/').'/i', $conf->global->MAIN_SHOW_TECHNICAL_ID)) && !empty($object->id)) { - $morehtmlref .= '
'; + $morehtmlref .= '
'; + $morehtmlref .= '
'; $morehtmlref .= $langs->trans("TechnicalID").': '.$object->id; $morehtmlref .= '
'; } diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index 821e2cd059c..f46818353bf 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -1208,6 +1208,8 @@ table[summary="list_of_modules"] .fa-cog { .maxwidth300 { max-width: 300px; } .maxwidth400 { max-width: 400px; } .maxwidth500 { max-width: 500px; } +.maxwidth750 { max-width: 750px; } +.maxwidth1000 { max-width: 1000px; } .maxwidth50imp { max-width: 50px !important; } .maxwidth75imp { max-width: 75px !important; } .minheight20 { min-height: 20px; } From b02725832ba707dad453eb2f15b9f03756e72da0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 16 Sep 2020 20:20:56 +0200 Subject: [PATCH 16/75] Fix typo --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 59311cf71ba..9144a824897 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -65,7 +65,7 @@ No vulnerability disclosure, including partial is allowed for the moment. ONLY vulnerabilities discovered, when the following setup on tested platform is used, are accepted: * $dolibarr_main_prod must be set to 1 into conf.php -* $dolibarr_nocsrfcheck must be kept to the value 1 into conf.php (this is the default value) +* $dolibarr_nocsrfcheck must be kept to the value 0 into conf.php (this is the default value) * The module DebugBar must NOT be enabled (by default, this module is not enabled) * The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this protection should be enabled soon by default) * ONLY security reports on "stable" modules are allowed (troubles into "experimental" and "developement" modules are not accepted). From a074c4cb62f3d9e3ea9a10f52528c00dd6dda607 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 09:20:49 +0200 Subject: [PATCH 17/75] Update security --- SECURITY.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 9144a824897..3a022aa0167 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -66,7 +66,8 @@ ONLY vulnerabilities discovered, when the following setup on tested platform is * $dolibarr_main_prod must be set to 1 into conf.php * $dolibarr_nocsrfcheck must be kept to the value 0 into conf.php (this is the default value) -* The module DebugBar must NOT be enabled (by default, this module is not enabled) +* The module DebugBar must NOT be enabled (by default, this module is not enabled. This is a developer tool) +* The module ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool) * The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this protection should be enabled soon by default) * ONLY security reports on "stable" modules are allowed (troubles into "experimental" and "developement" modules are not accepted). From 241ce8c3b7ea6884906d502a079a663c66d8a76e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 09:24:11 +0200 Subject: [PATCH 18/75] More complete security --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 3a022aa0167..2fb045209b4 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -69,7 +69,7 @@ ONLY vulnerabilities discovered, when the following setup on tested platform is * The module DebugBar must NOT be enabled (by default, this module is not enabled. This is a developer tool) * The module ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool) * The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this protection should be enabled soon by default) -* ONLY security reports on "stable" modules are allowed (troubles into "experimental" and "developement" modules are not accepted). +* ONLY security reports on modules provided by default and with the "stable" status are allowed (troubles into "experimental", "developement" or external modules are not accepted). Scope is the web application (back office) and the APIs. From a2591bafa0eb8836f43fd7769ca7f0607c44eedb Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 09:51:28 +0200 Subject: [PATCH 19/75] Enhance scope --- SECURITY.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index 2fb045209b4..0bc7c59ac48 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -69,7 +69,10 @@ ONLY vulnerabilities discovered, when the following setup on tested platform is * The module DebugBar must NOT be enabled (by default, this module is not enabled. This is a developer tool) * The module ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool) * The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this protection should be enabled soon by default) +* The module ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool) * ONLY security reports on modules provided by default and with the "stable" status are allowed (troubles into "experimental", "developement" or external modules are not accepted). +* The root of web server must link to htdocs and the documents directory must be outside of the web server root (this is the default when using the default installer but may differs with external installer). +* The web server setup must be done so only the documents directory is in write mode. The root directory with htdocs must be readonly. Scope is the web application (back office) and the APIs. From 004ba3369581d7cf1fb5381c88f4cd6b7764c9c0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 10:11:06 +0200 Subject: [PATCH 20/75] Fix cach call of useNPR() --- htdocs/core/modules/modProduct.class.php | 18 ++++++++++-------- htdocs/core/modules/modService.class.php | 18 ++++++++++-------- 2 files changed, 20 insertions(+), 16 deletions(-) diff --git a/htdocs/core/modules/modProduct.class.php b/htdocs/core/modules/modProduct.class.php index 015f4050983..c8217ee3c43 100644 --- a/htdocs/core/modules/modProduct.class.php +++ b/htdocs/core/modules/modProduct.class.php @@ -167,6 +167,8 @@ class modProduct extends DolibarrModules $r++; */ + $usenpr = $mysoc->useNPR(); + // Exports //-------- $r = 0; @@ -192,7 +194,7 @@ class modProduct extends DolibarrModules 'p.tva_tx'=>'VATRate', 'p.datec'=>'DateCreation', 'p.tms'=>'DateModification' ); - if (is_object($mysoc) && $mysoc->useNPR()) $this->export_fields_array[$r]['p.recuperableonly'] = 'NPR'; + if (is_object($mysoc) && $usenpr) $this->export_fields_array[$r]['p.recuperableonly'] = 'NPR'; if (!empty($conf->fournisseur->enabled) || !empty($conf->margin->enabled)) $this->export_fields_array[$r] = array_merge($this->export_fields_array[$r], array('p.cost_price'=>'CostPrice')); if (!empty($conf->stock->enabled)) $this->export_fields_array[$r] = array_merge($this->export_fields_array[$r], array('e.ref'=>'DefaultWarehouse', 'p.tobatch'=>'ManageLotSerial', 'p.stock'=>'Stock', 'p.seuil_stock_alerte'=>'StockLimit', 'p.desiredstock'=>'DesiredStock', 'p.pmp'=>'PMPValue')); if (!empty($conf->barcode->enabled)) $this->export_fields_array[$r] = array_merge($this->export_fields_array[$r], array('p.barcode'=>'BarCode')); @@ -256,7 +258,7 @@ class modProduct extends DolibarrModules 'pr.price_min'=>"MinPriceLevelUnitPriceHT", 'pr.price_min_ttc'=>"MinPriceLevelUnitPriceTTC", 'pr.tva_tx'=>'PriceLevelVATRate', 'pr.date_price'=>'DateCreation'); - if (is_object($mysoc) && $mysoc->useNPR()) $this->export_fields_array[$r]['pr.recuperableonly'] = 'NPR'; + if (is_object($mysoc) && $usenpr) $this->export_fields_array[$r]['pr.recuperableonly'] = 'NPR'; //$this->export_TypeFields_array[$r]=array( // 'p.ref'=>"Text",'p.label'=>"Text",'p.description'=>"Text",'p.url'=>"Text",'p.accountancy_code_sell'=>"Text",'p.accountancy_code_buy'=>"Text", // 'p.note'=>"Text",'p.length'=>"Numeric",'p.surface'=>"Numeric",'p.volume'=>"Numeric",'p.weight'=>"Numeric",'p.customcode'=>'Text', @@ -291,7 +293,7 @@ class modProduct extends DolibarrModules 'pr.tva_tx'=>'PriceVATRate', 'pr.default_vat_code'=>'PriceVATCode', 'pr.datec'=>'DateCreation'); - if (is_object($mysoc) && $mysoc->useNPR()) $this->export_fields_array[$r]['pr.recuperableonly'] = 'NPR'; + if (is_object($mysoc) && $usenpr) $this->export_fields_array[$r]['pr.recuperableonly'] = 'NPR'; $this->export_entities_array[$r] = array('p.rowid'=>"product", 'p.ref'=>"product", 's.nom'=>'company', 'pr.price_base_type'=>"product", 'pr.price'=>"product", @@ -513,7 +515,7 @@ class modProduct extends DolibarrModules } if (!empty($conf->fournisseur->enabled) || !empty($conf->margin->enabled)) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('p.cost_price'=>'CostPrice')); - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('p.recuperableonly'=>'NPR')); + if (is_object($mysoc) && $usenpr) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('p.recuperableonly'=>'NPR')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('p.localtax1_tx'=>'LT1', 'p.localtax1_type'=>'LT1Type')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('p.localtax2_tx'=>'LT2', 'p.localtax2_type'=>'LT2Type')); if (!empty($conf->barcode->enabled)) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('p.barcode'=>'BarCode')); @@ -585,7 +587,7 @@ class modProduct extends DolibarrModules 'p.desiredstock' => '' )); if (!empty($conf->fournisseur->enabled) || !empty($conf->margin->enabled)) $import_sample = array_merge($import_sample, array('p.cost_price'=>'90')); - if (is_object($mysoc) && $mysoc->useNPR()) $import_sample = array_merge($import_sample, array('p.recuperableonly'=>'0')); + if (is_object($mysoc) && $usenpr) $import_sample = array_merge($import_sample, array('p.recuperableonly'=>'0')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $import_sample = array_merge($import_sample, array('p.localtax1_tx'=>'', 'p.localtax1_type'=>'')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $import_sample = array_merge($import_sample, array('p.localtax2_tx'=>'', 'p.localtax2_type'=>'')); if (!empty($conf->barcode->enabled)) $import_sample = array_merge($import_sample, array('p.barcode'=>'')); @@ -631,7 +633,7 @@ class modProduct extends DolibarrModules 'sp.delivery_time_days' => 'DeliveryDelay', 'sp.supplier_reputation' => 'SupplierReputation' ); - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('sp.recuperableonly'=>'VATNPR')); + if (is_object($mysoc) && $usenpr) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('sp.recuperableonly'=>'VATNPR')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('sp.localtax1_tx'=>'LT1', 'sp.localtax1_type'=>'LT1Type')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('sp.localtax2_tx'=>'LT2', 'sp.localtax2_type'=>'LT2Type')); $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array( @@ -669,7 +671,7 @@ class modProduct extends DolibarrModules 'sp.delivery_time_days' => '5', 'sp.supplier_reputation' => 'FAVORITE / NOTTHGOOD / DONOTORDER' ); - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_examplevalues_array[$r] = array_merge($this->import_examplevalues_array[$r], array('sp.recuperableonly'=>'')); + if (is_object($mysoc) && $usenpr) $this->import_examplevalues_array[$r] = array_merge($this->import_examplevalues_array[$r], array('sp.recuperableonly'=>'')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $this->import_examplevalues_array[$r] = array_merge($this->import_examplevalues_array[$r], array('sp.localtax1_tx'=>'LT1', 'sp.localtax1_type'=>'LT1Type')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $this->import_examplevalues_array[$r] = array_merge($this->import_examplevalues_array[$r], array('sp.localtax2_tx'=>'LT2', 'sp.localtax2_type'=>'LT2Type')); $this->import_examplevalues_array[$r] = array_merge($this->import_examplevalues_array[$r], array( @@ -709,7 +711,7 @@ class modProduct extends DolibarrModules 'pr.price_min'=>"MinPriceLevelUnitPriceHT", 'pr.price_min_ttc'=>"MinPriceLevelUnitPriceTTC", 'pr.date_price'=>'DateCreation*'); if (!empty($conf->global->PRODUIT_MULTIPRICES_USE_VAT_PER_LEVEL)) $this->import_fields_array[$r]['pr.tva_tx'] = 'VATRate'; - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('pr.recuperableonly'=>'NPR')); + if (is_object($mysoc) && $usenpr) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('pr.recuperableonly'=>'NPR')); $this->import_regex_array[$r] = array('pr.datec'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$', 'pr.recuperableonly'=>'^[0|1]$'); $this->import_convertvalue_array[$r] = array( 'pr.fk_product'=>array('rule'=>'fetchidfromref', 'classfile'=>'/product/class/product.class.php', 'class'=>'Product', 'method'=>'fetch', 'element'=>'Product') diff --git a/htdocs/core/modules/modService.class.php b/htdocs/core/modules/modService.class.php index b7933bcf3f4..8173db53a9a 100644 --- a/htdocs/core/modules/modService.class.php +++ b/htdocs/core/modules/modService.class.php @@ -134,6 +134,8 @@ class modService extends DolibarrModules $r++; */ + $usenpr = $mysoc->useNPR(); + // Exports //-------- $r = 0; @@ -158,7 +160,7 @@ class modService extends DolibarrModules 'p.tva_tx'=>'VATRate', 'p.datec'=>'DateCreation', 'p.tms'=>'DateModification' ); - if (is_object($mysoc) && $mysoc->useNPR()) $this->export_fields_array[$r]['p.recuperableonly'] = 'NPR'; + if (is_object($mysoc) && $usenpr) $this->export_fields_array[$r]['p.recuperableonly'] = 'NPR'; if (!empty($conf->fournisseur->enabled) || !empty($conf->margin->enabled)) $this->export_fields_array[$r] = array_merge($this->export_fields_array[$r], array('p.cost_price'=>'CostPrice')); if (!empty($conf->stock->enabled)) $this->export_fields_array[$r] = array_merge($this->export_fields_array[$r], array('p.stock'=>'Stock', 'p.seuil_stock_alerte'=>'StockLimit', 'p.desiredstock'=>'DesiredStock', 'p.pmp'=>'PMPValue')); if (!empty($conf->barcode->enabled)) $this->export_fields_array[$r] = array_merge($this->export_fields_array[$r], array('p.barcode'=>'BarCode')); @@ -223,7 +225,7 @@ class modService extends DolibarrModules 'pr.price_min'=>"MinPriceLevelUnitPriceHT", 'pr.price_min_ttc'=>"MinPriceLevelUnitPriceTTC", 'pr.tva_tx'=>'PriceLevelVATRate', 'pr.date_price'=>'DateCreation'); - if (is_object($mysoc) && $mysoc->useNPR()) $this->export_fields_array[$r]['pr.recuperableonly'] = 'NPR'; + if (is_object($mysoc) && $usenpr) $this->export_fields_array[$r]['pr.recuperableonly'] = 'NPR'; //$this->export_TypeFields_array[$r]=array( // 'p.ref'=>"Text",'p.label'=>"Text",'p.description'=>"Text",'p.url'=>"Text",'p.accountancy_code_sell'=>"Text",'p.accountancy_code_buy'=>"Text", // 'p.note'=>"Text",'p.length'=>"Numeric",'p.surface'=>"Numeric",'p.volume'=>"Numeric",'p.weight'=>"Numeric",'p.customcode'=>'Text', @@ -258,7 +260,7 @@ class modService extends DolibarrModules 'pr.tva_tx'=>'PriceVATRate', 'pr.default_vat_code'=>'PriceVATCode', 'pr.datec'=>'DateCreation'); - if (is_object($mysoc) && $mysoc->useNPR()) $this->export_fields_array[$r]['pr.recuperableonly'] = 'NPR'; + if (is_object($mysoc) && $usenpr) $this->export_fields_array[$r]['pr.recuperableonly'] = 'NPR'; $this->export_entities_array[$r] = array('p.rowid'=>"product", 'p.ref'=>"product", 's.nom'=>'company', 'pr.price_base_type'=>"product", 'pr.price'=>"product", @@ -452,7 +454,7 @@ class modService extends DolibarrModules ) ); if (!empty($conf->fournisseur->enabled) || !empty($conf->margin->enabled)) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('p.cost_price'=>'CostPrice')); - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('p.recuperableonly'=>'NPR')); + if (is_object($mysoc) && $usenpr) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('p.recuperableonly'=>'NPR')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('p.localtax1_tx'=>'LT1', 'p.localtax1_type'=>'LT1Type')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('p.localtax2_tx'=>'LT2', 'p.localtax2_type'=>'LT2Type')); if (!empty($conf->barcode->enabled)) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('p.barcode'=>'BarCode')); @@ -531,7 +533,7 @@ class modService extends DolibarrModules 'p.desiredstock' => '' )); if (!empty($conf->fournisseur->enabled) || !empty($conf->margin->enabled)) $import_sample = array_merge($import_sample, array('p.cost_price'=>'90')); - if (is_object($mysoc) && $mysoc->useNPR()) $import_sample = array_merge($import_sample, array('p.recuperableonly'=>'0')); + if (is_object($mysoc) && $usenpr) $import_sample = array_merge($import_sample, array('p.recuperableonly'=>'0')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $import_sample = array_merge($import_sample, array('p.localtax1_tx'=>'', 'p.localtax1_type'=>'')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $import_sample = array_merge($import_sample, array('p.localtax2_tx'=>'', 'p.localtax2_type'=>'')); if (!empty($conf->barcode->enabled)) $import_sample = array_merge($import_sample, array('p.barcode'=>'')); @@ -580,7 +582,7 @@ class modService extends DolibarrModules 'sp.delivery_time_days' => 'DeliveryDelay', 'sp.supplier_reputation' => 'SupplierReputation' ); - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('sp.recuperableonly'=>'VATNPR')); + if (is_object($mysoc) && $usenpr) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('sp.recuperableonly'=>'VATNPR')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('sp.localtax1_tx'=>'LT1', 'sp.localtax1_type'=>'LT1Type')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('sp.localtax2_tx'=>'LT2', 'sp.localtax2_type'=>'LT2Type')); $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array( @@ -617,7 +619,7 @@ class modService extends DolibarrModules 'sp.delivery_time_days' => '5', 'sp.supplier_reputation' => 'FAVORITE / NOTTHGOOD / DONOTORDER' ); - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_examplevalues_array[$r] = array_merge($this->import_examplevalues_array[$r], array('sp.recuperableonly'=>'')); + if (is_object($mysoc) && $usenpr) $this->import_examplevalues_array[$r] = array_merge($this->import_examplevalues_array[$r], array('sp.recuperableonly'=>'')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $this->import_examplevalues_array[$r] = array_merge($this->import_examplevalues_array[$r], array('sp.localtax1_tx'=>'LT1', 'sp.localtax1_type'=>'LT1Type')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $this->import_examplevalues_array[$r] = array_merge($this->import_examplevalues_array[$r], array('sp.localtax2_tx'=>'LT2', 'sp.localtax2_type'=>'LT2Type')); $this->import_examplevalues_array[$r] = array_merge($this->import_examplevalues_array[$r], array( @@ -657,7 +659,7 @@ class modService extends DolibarrModules 'pr.price_min'=>"MinPriceLevelUnitPriceHT", 'pr.price_min_ttc'=>"MinPriceLevelUnitPriceTTC", 'pr.date_price'=>'DateCreation*'); if (!empty($conf->global->PRODUIT_MULTIPRICES_USE_VAT_PER_LEVEL)) $this->import_fields_array[$r]['pr.tva_tx'] = 'VATRate'; - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('pr.recuperableonly'=>'NPR')); + if (is_object($mysoc) && $usenpr) $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('pr.recuperableonly'=>'NPR')); $this->import_regex_array[$r] = array('pr.datec'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$', 'pr.recuperableonly'=>'^[0|1]$'); $this->import_convertvalue_array[$r] = array( 'pr.fk_product'=>array('rule'=>'fetchidfromref', 'classfile'=>'/product/class/product.class.php', 'class'=>'Product', 'method'=>'fetch', 'element'=>'Product') From d92e482841255c6f86fae9ae86ae2c8f2f62df8e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 11:09:43 +0200 Subject: [PATCH 21/75] FIX #yogosha transversal path when unzipping file --- htdocs/core/lib/files.lib.php | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index ba96efbfd62..d8bf9ca5a1e 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2013,8 +2013,10 @@ function dol_uncompress($inputfile, $outputdir) dol_syslog("Constant ODTPHP_PATHTOPCLZIP for pclzip library is set to ".ODTPHP_PATHTOPCLZIP.", so we use Pclzip to unzip into ".$outputdir); include_once ODTPHP_PATHTOPCLZIP.'/pclzip.lib.php'; $archive = new PclZip($inputfile); - $result = $archive->extract(PCLZIP_OPT_PATH, $outputdir); - //var_dump($result); + + // Extract into outputdir, but only files that match the regex '/^((?!\.\.).)*$/' that means "does not include .." + $result = $archive->extract(PCLZIP_OPT_PATH, $outputdir, PCLZIP_OPT_BY_PREG, '/^((?!\.\.).)*$/'); + if (!is_array($result) && $result <= 0) return array('error'=>$archive->errorInfo(true)); else { $ok = 1; $errmsg = ''; @@ -2035,14 +2037,26 @@ function dol_uncompress($inputfile, $outputdir) } } - if (class_exists('ZipArchive')) + if (class_exists('ZipArchive')) // Must install php-zip to have it { dol_syslog("Class ZipArchive is set so we unzip using ZipArchive to unzip into ".$outputdir); $zip = new ZipArchive; $res = $zip->open($inputfile); if ($res === true) { - $zip->extractTo($outputdir.'/'); + //$zip->extractTo($outputdir.'/'); + // We must extract one file at time so we can check that file name does not contains '..' to avoid transversal path of zip built for example using + // python3 path_traversal_archiver.py test.zip -l 10 -p tmp/ + // with -l is the range of dot to go back in path. + // and path_traversal_archiver.py found at https://github.com/Alamot/code-snippets/blob/master/path_traversal/path_traversal_archiver.py + for ($i = 0; $i < $zip->numFiles; $i++) { + if (preg_match('/\.\./', $zip->getNameIndex($i))) { + dol_syslog("Warning: Try to unzip a file with a transversal path ".$zip->getNameIndex($i), LOG_WARNING); + continue; // Discard the file + } + $zip->extractTo($outputdir.'/', array($zip->getNameIndex($i))); + } + $zip->close(); return array(); } else { From 939433706b679bd64aaf8ef401857c6f740c5831 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 11:37:41 +0200 Subject: [PATCH 22/75] FIX #yogosha4465 --- htdocs/core/lib/security2.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php index ba9a477ebd7..2e178fbc250 100644 --- a/htdocs/core/lib/security2.lib.php +++ b/htdocs/core/lib/security2.lib.php @@ -184,7 +184,7 @@ if (!function_exists('dol_loginfunction')) // Set cookie for timeout management $prefix = dol_getprefix(''); $sessiontimeout = 'DOLSESSTIMEOUT_'.$prefix; - if (!empty($conf->global->MAIN_SESSION_TIMEOUT)) setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", null, false, true); + if (!empty($conf->global->MAIN_SESSION_TIMEOUT)) setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", null, (empty($dolibarr_main_force_https) ? false : true), true); if (GETPOST('urlfrom', 'alpha')) $_SESSION["urlfrom"] = GETPOST('urlfrom', 'alpha'); else unset($_SESSION["urlfrom"]); From ab5ac6a629a1fd39d622c73ea2356e95859c5310 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 11:39:41 +0200 Subject: [PATCH 23/75] Update security scope --- SECURITY.md | 1 + 1 file changed, 1 insertion(+) diff --git a/SECURITY.md b/SECURITY.md index 0bc7c59ac48..e18c662955e 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -66,6 +66,7 @@ ONLY vulnerabilities discovered, when the following setup on tested platform is * $dolibarr_main_prod must be set to 1 into conf.php * $dolibarr_nocsrfcheck must be kept to the value 0 into conf.php (this is the default value) +* $dolibarr_main_force_https must be set to something else than 0. * The module DebugBar must NOT be enabled (by default, this module is not enabled. This is a developer tool) * The module ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool) * The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this protection should be enabled soon by default) From d41a813e0e03ff29ee85b08f8aed7e17b9652609 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 12:05:52 +0200 Subject: [PATCH 24/75] Add script to reinit pass of the demo --- dev/initdemo/initdemo.sh | 5 + dev/initdemo/initdemopassword.sh | 204 +++++++++++++++++++++++++++++++ 2 files changed, 209 insertions(+) create mode 100755 dev/initdemo/initdemopassword.sh diff --git a/dev/initdemo/initdemo.sh b/dev/initdemo/initdemo.sh index 7fd9eb551d4..1b32161b44b 100755 --- a/dev/initdemo/initdemo.sh +++ b/dev/initdemo/initdemo.sh @@ -69,6 +69,7 @@ then 255) exit;; esac + rm $fichtemp # ----------------------------- database name DIALOG=${DIALOG=dialog} @@ -86,6 +87,7 @@ then 255) exit;; esac + rm $fichtemp # ---------------------------- database port DIALOG=${DIALOG=dialog} @@ -104,6 +106,7 @@ then 255) exit;; esac + rm $fichtemp # ---------------------------- compte admin mysql DIALOG=${DIALOG=dialog} @@ -122,6 +125,7 @@ then 255) exit;; esac + rm $fichtemp # ---------------------------- mot de passe admin mysql DIALOG=${DIALOG=dialog} @@ -140,6 +144,7 @@ then 255) exit;; esac + rm $fichtemp export documentdir=`cat $mydir/../../htdocs/conf/conf.php | grep '^\$dolibarr_main_data_root' | sed -e 's/$dolibarr_main_data_root=//' | sed -e 's/;//' | sed -e "s/'//g" | sed -e 's/"//g' ` diff --git a/dev/initdemo/initdemopassword.sh b/dev/initdemo/initdemopassword.sh new file mode 100755 index 00000000000..38a04030ef3 --- /dev/null +++ b/dev/initdemo/initdemopassword.sh @@ -0,0 +1,204 @@ +#!/bin/sh +#------------------------------------------------------ +# Script to reinit admin password. +# Note: "dialog" tool need to be available if no parameter provided. +# +# Laurent Destailleur - eldy@users.sourceforge.net +#------------------------------------------------------ +# Usage: initdemopassword.sh confirm +# usage: initdemopassword.sh confirm login pass +#------------------------------------------------------ + + +export mydir=`echo "$0" | sed -e 's/initdemopassword.sh//'`; +if [ "x$mydir" = 'x' -o "x$mydir" = 'x./' ] +then + export mydir="." +fi +export id=`id -u`; + + +# ----------------------------- check if root +if [ "x$id" != "x0" -a "x$id" != "x1001" ] +then + echo "Script must be ran as root" + exit +fi + + +# ----------------------------- command line params +confirm=$1; +dumpfile=$2; +base=$3; +port=$4; +admin=$5; +passwd=$6; + +# ----------------------------- check params +if [ "x$confirm" != "xconfirm" ] +then + echo "----- $0 -----" + echo "Usage: initdemopassword.sh confirm [login pass]" + exit +fi + + +# ----------------------------- if no params on command line +if [ "x$passwd" = "x" ] +then + export dumpfile=`ls -v $mydir/mysqldump_dolibarr_*.sql | tail -n 1` + export dumpfile=`basename $dumpfile` + + # ----------------------------- database name + DIALOG=${DIALOG=dialog} + DIALOG="$DIALOG --ascii-lines" + fichtemp=`tempfile 2>/dev/null` || fichtemp=/tmp/test$$ + trap "rm -f $fichtemp" 0 1 2 5 15 + $DIALOG --title "Init Dolibarr with demo values" --clear \ + --inputbox "Mysql database name :" 16 55 dolibarrdemo 2> $fichtemp + valret=$? + case $valret in + 0) + base=`cat $fichtemp`;; + 1) + exit;; + 255) + exit;; + esac + rm $fichtemp + + # ---------------------------- database port + DIALOG=${DIALOG=dialog} + fichtemp=`tempfile 2>/dev/null` || fichtemp=/tmp/test$$ + trap "rm -f $fichtemp" 0 1 2 5 15 + $DIALOG --title "Init Dolibarr with demo values" --clear \ + --inputbox "Mysql port (ex: 3306):" 16 55 3306 2> $fichtemp + + valret=$? + + case $valret in + 0) + port=`cat $fichtemp`;; + 1) + exit;; + 255) + exit;; + esac + rm $fichtemp + + # ---------------------------- compte admin mysql + DIALOG=${DIALOG=dialog} + fichtemp=`tempfile 2>/dev/null` || fichtemp=/tmp/test$$ + trap "rm -f $fichtemp" 0 1 2 5 15 + $DIALOG --title "Init Dolibarr with demo values" --clear \ + --inputbox "Mysql user login (ex: root):" 16 55 root 2> $fichtemp + + valret=$? + + case $valret in + 0) + admin=`cat $fichtemp`;; + 1) + exit;; + 255) + exit;; + esac + rm $fichtemp + + # ---------------------------- mot de passe admin mysql + DIALOG=${DIALOG=dialog} + fichtemp=`tempfile 2>/dev/null` || fichtemp=/tmp/test$$ + trap "rm -f $fichtemp" 0 1 2 5 15 + $DIALOG --title "Init Dolibarr with demo values" --clear \ + --inputbox "Password for Mysql user login :" 16 55 2> $fichtemp + + valret=$? + + case $valret in + 0) + passwd=`cat $fichtemp`;; + 1) + exit;; + 255) + exit;; + esac + rm $fichtemp + + # ----------------------------- demo login + DIALOG=${DIALOG=dialog} + DIALOG="$DIALOG --ascii-lines" + fichtemp=`tempfile 2>/dev/null` || fichtemp=/tmp/test$$ + trap "rm -f $fichtemp" 0 1 2 5 15 + $DIALOG --title "Reset login password" --clear \ + --inputbox "Login to reset :" 16 55 dolibarrdemologin 2> $fichtemp + valret=$? + case $valret in + 0) + demologin=`cat $fichtemp`;; + 1) + exit;; + 255) + exit;; + esac + rm fichtemp + + # ----------------------------- demo pass + DIALOG=${DIALOG=dialog} + DIALOG="$DIALOG --ascii-lines" + fichtemp=`tempfile 2>/dev/null` || fichtemp=/tmp/test$$ + trap "rm -f $fichtemp" 0 1 2 5 15 + $DIALOG --title "Reset login password" --clear \ + --inputbox "Pass to set :" 16 55 dolibarrdemopass 2> $fichtemp + valret=$? + case $valret in + 0) + demopass=`cat $fichtemp`;; + 1) + exit;; + 255) + exit;; + esac + rm fichtemp + + + export documentdir=`cat $mydir/../../htdocs/conf/conf.php | grep '^\$dolibarr_main_data_root' | sed -e 's/$dolibarr_main_data_root=//' | sed -e 's/;//' | sed -e "s/'//g" | sed -e 's/"//g' ` + + + # ---------------------------- confirmation + DIALOG=${DIALOG=dialog} + $DIALOG --title "Init demo login with demo values" --clear \ + --yesno "Do you confirm ? \n Mysql database : '$base' \n Mysql port : '$port' \n Mysql login: '$admin' \n Mysql password : '$passwd' \n Demo login: '$demologin' \n Demo password : '$demopass'" 15 55 + + case $? in + 0) echo "Ok, start process...";; + 1) exit;; + 255) exit;; + esac + +fi + + +# ---------------------------- run sql file +if [ "x$passwd" != "x" ] +then + export passwd="-p$passwd" +fi +#echo "mysql -P$port -u$admin $passwd $base < $mydir/$dumpfile" +#mysql -P$port -u$admin $passwd $base < $mydir/$dumpfile +echo "echo \"UPDATE llx_user SET pass_crypted = MD5('$demopass') WHERE login = '$demologin';\" | mysql -P$port -u$admin $passwd $base" +echo "UPDATE llx_user SET pass_crypted = MD5('$demopass') WHERE login = '$demologin';" | mysql -P$port -u$admin $passwd $base +export res=$? + +if [ $res -ne 0 ]; then + echo "Error to execute sql with mysql -P$port -u$admin -p***** $base" + exit +fi + + +if [ "x$res" = "x0" ] +then + echo "Success, file successfully loaded." +else + echo "Error, load failed." +fi +echo From bdc30cc50b1464659bb78fa51702cc6ad8970664 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 12:10:54 +0200 Subject: [PATCH 25/75] Update script --- dev/initdemo/initdemopassword.sh | 43 +++----------------------------- 1 file changed, 3 insertions(+), 40 deletions(-) diff --git a/dev/initdemo/initdemopassword.sh b/dev/initdemo/initdemopassword.sh index 38a04030ef3..d8b8e9a4ba3 100755 --- a/dev/initdemo/initdemopassword.sh +++ b/dev/initdemo/initdemopassword.sh @@ -86,43 +86,6 @@ then esac rm $fichtemp - # ---------------------------- compte admin mysql - DIALOG=${DIALOG=dialog} - fichtemp=`tempfile 2>/dev/null` || fichtemp=/tmp/test$$ - trap "rm -f $fichtemp" 0 1 2 5 15 - $DIALOG --title "Init Dolibarr with demo values" --clear \ - --inputbox "Mysql user login (ex: root):" 16 55 root 2> $fichtemp - - valret=$? - - case $valret in - 0) - admin=`cat $fichtemp`;; - 1) - exit;; - 255) - exit;; - esac - rm $fichtemp - - # ---------------------------- mot de passe admin mysql - DIALOG=${DIALOG=dialog} - fichtemp=`tempfile 2>/dev/null` || fichtemp=/tmp/test$$ - trap "rm -f $fichtemp" 0 1 2 5 15 - $DIALOG --title "Init Dolibarr with demo values" --clear \ - --inputbox "Password for Mysql user login :" 16 55 2> $fichtemp - - valret=$? - - case $valret in - 0) - passwd=`cat $fichtemp`;; - 1) - exit;; - 255) - exit;; - esac - rm $fichtemp # ----------------------------- demo login DIALOG=${DIALOG=dialog} @@ -167,7 +130,7 @@ then # ---------------------------- confirmation DIALOG=${DIALOG=dialog} $DIALOG --title "Init demo login with demo values" --clear \ - --yesno "Do you confirm ? \n Mysql database : '$base' \n Mysql port : '$port' \n Mysql login: '$admin' \n Mysql password : '$passwd' \n Demo login: '$demologin' \n Demo password : '$demopass'" 15 55 + --yesno "Do you confirm ? \n Mysql database : '$base' \n Mysql port : '$port' \n Demo login: '$demologin' \n Demo password : '$demopass'" 15 55 case $? in 0) echo "Ok, start process...";; @@ -185,8 +148,8 @@ then fi #echo "mysql -P$port -u$admin $passwd $base < $mydir/$dumpfile" #mysql -P$port -u$admin $passwd $base < $mydir/$dumpfile -echo "echo \"UPDATE llx_user SET pass_crypted = MD5('$demopass') WHERE login = '$demologin';\" | mysql -P$port -u$admin $passwd $base" -echo "UPDATE llx_user SET pass_crypted = MD5('$demopass') WHERE login = '$demologin';" | mysql -P$port -u$admin $passwd $base +echo "echo \"UPDATE llx_user SET pass_crypted = MD5('$demopass') WHERE login = '$demologin';\" | mysql -P$port $base" +echo "UPDATE llx_user SET pass_crypted = MD5('$demopass') WHERE login = '$demologin';" | mysql -P$port $base export res=$? if [ $res -ne 0 ]; then From 8a10617c0cfd766cbffc4739d8aec6c8517ffbbe Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 12:12:49 +0200 Subject: [PATCH 26/75] Update script --- dev/initdemo/initdemopassword.sh | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/dev/initdemo/initdemopassword.sh b/dev/initdemo/initdemopassword.sh index d8b8e9a4ba3..0887d6f205b 100755 --- a/dev/initdemo/initdemopassword.sh +++ b/dev/initdemo/initdemopassword.sh @@ -28,11 +28,10 @@ fi # ----------------------------- command line params confirm=$1; -dumpfile=$2; -base=$3; -port=$4; -admin=$5; -passwd=$6; +base=$2; +port=$3; +demologin=$4; +demopass=$5; # ----------------------------- check params if [ "x$confirm" != "xconfirm" ] From 380fe1acb7a43fbbdbfcef2e84ccf5c67dfa1bf2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 12:13:32 +0200 Subject: [PATCH 27/75] Fix doc --- dev/initdemo/initdemopassword.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dev/initdemo/initdemopassword.sh b/dev/initdemo/initdemopassword.sh index 0887d6f205b..d5aa9c1ef0e 100755 --- a/dev/initdemo/initdemopassword.sh +++ b/dev/initdemo/initdemopassword.sh @@ -6,7 +6,7 @@ # Laurent Destailleur - eldy@users.sourceforge.net #------------------------------------------------------ # Usage: initdemopassword.sh confirm -# usage: initdemopassword.sh confirm login pass +# usage: initdemopassword.sh confirm base port login pass #------------------------------------------------------ @@ -37,13 +37,13 @@ demopass=$5; if [ "x$confirm" != "xconfirm" ] then echo "----- $0 -----" - echo "Usage: initdemopassword.sh confirm [login pass]" + echo "Usage: initdemopassword.sh confirm [base port login pass]" exit fi # ----------------------------- if no params on command line -if [ "x$passwd" = "x" ] +if [ "x$demopass" = "x" ] then export dumpfile=`ls -v $mydir/mysqldump_dolibarr_*.sql | tail -n 1` export dumpfile=`basename $dumpfile` From 33cefacf911bda42c44435484755505e3fa774ff Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 12:17:14 +0200 Subject: [PATCH 28/75] Fix missing global --- htdocs/core/lib/security2.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php index 2e178fbc250..4e7234d5c73 100644 --- a/htdocs/core/lib/security2.lib.php +++ b/htdocs/core/lib/security2.lib.php @@ -130,8 +130,8 @@ if (!function_exists('dol_loginfunction')) */ function dol_loginfunction($langs, $conf, $mysoc) { - global $dolibarr_main_demo, $db; - global $hookmanager; + global $dolibarr_main_demo, $dolibarr_main_force_https; + global $db, $hookmanager; $langs->loadLangs(array("main", "other", "help", "admin")); From 0bf0312d50f327b5755b9ec456954e017a1cf626 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 12:30:14 +0200 Subject: [PATCH 29/75] FIX #yogosha4448 --- htdocs/fichinter/card-rec.php | 2 +- htdocs/fichinter/card.php | 4 ++-- htdocs/holiday/card.php | 6 +++--- htdocs/product/admin/dynamic_prices.php | 12 ++++++------ htdocs/projet/card.php | 4 ++-- htdocs/projet/tasks.php | 2 +- htdocs/resource/card.php | 8 ++++---- 7 files changed, 19 insertions(+), 19 deletions(-) diff --git a/htdocs/fichinter/card-rec.php b/htdocs/fichinter/card-rec.php index ca8cc20807e..d297313675e 100644 --- a/htdocs/fichinter/card-rec.php +++ b/htdocs/fichinter/card-rec.php @@ -131,7 +131,7 @@ if ($action == 'add') { if (!$error) { $object->id_origin = $id; $object->title = GETPOST('titre', 'alpha'); - $object->description = GETPOST('description', 'alpha'); + $object->description = GETPOST('description', 'restricthtml'); $object->socid = GETPOST('socid', 'alpha'); $object->fk_project = GETPOST('projectid', 'int'); $object->fk_contract = GETPOST('contractid', 'int'); diff --git a/htdocs/fichinter/card.php b/htdocs/fichinter/card.php index 612529b6cc1..0bd23036351 100644 --- a/htdocs/fichinter/card.php +++ b/htdocs/fichinter/card.php @@ -207,7 +207,7 @@ if (empty($reshook)) $object->fk_project = GETPOST('projectid', 'int'); $object->fk_contrat = GETPOST('contratid', 'int'); $object->author = $user->id; - $object->description = GETPOST('description', 'none'); + $object->description = GETPOST('description', 'restricthtml'); $object->ref = $ref; $object->model_pdf = GETPOST('model', 'alpha'); $object->note_private = GETPOST('note_private', 'none'); @@ -415,7 +415,7 @@ if (empty($reshook)) $object->fk_project = GETPOST('projectid', 'int'); $object->fk_contrat = GETPOST('contratid', 'int'); $object->author = $user->id; - $object->description = GETPOST('description', 'alpha'); + $object->description = GETPOST('description', 'restricthtml'); $object->ref = $ref; $result = $object->update($user); diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php index 617de720ae5..a705af0ea1a 100644 --- a/htdocs/holiday/card.php +++ b/htdocs/holiday/card.php @@ -144,7 +144,7 @@ if (empty($reshook)) elseif ($endhalfday == 'morning') $halfday = 1; $valideur = GETPOST('valideur', 'int'); - $description = trim(GETPOST('description', 'none')); + $description = trim(GETPOST('description', 'restricthtml')); // If no type if ($type <= 0) @@ -288,7 +288,7 @@ if (empty($reshook)) if ($cancreate) { $valideur = GETPOST('valideur', 'int'); - $description = trim(GETPOST('description', 'none')); + $description = trim(GETPOST('description', 'restricthtml')); // If no start date if (empty($_POST['date_debut_'])) { @@ -1067,7 +1067,7 @@ if ((empty($id) && empty($ref)) || $action == 'add' || $action == 'request' || $ print ''; print ''.$langs->trans("DescCP").''; print ''; - $doleditor = new DolEditor('description', GETPOST('description', 'none'), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%'); + $doleditor = new DolEditor('description', GETPOST('description', 'restricthtml'), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%'); print $doleditor->Create(1); print ''; diff --git a/htdocs/product/admin/dynamic_prices.php b/htdocs/product/admin/dynamic_prices.php index ea8e595f9c1..bc9f1048b4b 100644 --- a/htdocs/product/admin/dynamic_prices.php +++ b/htdocs/product/admin/dynamic_prices.php @@ -64,7 +64,7 @@ if (!empty($action) && empty($cancel)) { //Global variable actions if ($action == 'create_variable' || $action == 'edit_variable') { $price_globals->code = GETPOSTISSET('code') ?GETPOST('code', 'alpha') : $price_globals->code; - $price_globals->description = GETPOSTISSET('description') ?GETPOST('description', 'alpha') : $price_globals->description; + $price_globals->description = GETPOSTISSET('description') ?GETPOST('description', 'restricthtml') : $price_globals->description; $price_globals->value = GETPOSTISSET('value') ?GETPOST('value', 'int') : $price_globals->value; //Check if record already exists only when saving if (!empty($save)) { @@ -101,11 +101,11 @@ if (!empty($action) && empty($cancel)) { //Updaters actions if ($action == 'create_updater' || $action == 'edit_updater') { - $price_updaters->type = GETPOSTISSET('type') ?GETPOST('type', 'int') : $price_updaters->type; - $price_updaters->description = GETPOSTISSET('description') ?GETPOST('description', 'alpha') : $price_updaters->description; - $price_updaters->parameters = GETPOSTISSET('parameters') ?GETPOST('parameters') : $price_updaters->parameters; - $price_updaters->fk_variable = GETPOSTISSET('fk_variable') ?GETPOST('fk_variable', 'int') : $price_updaters->fk_variable; - $price_updaters->update_interval = GETPOSTISSET('update_interval') ?GETPOST('update_interval', 'int') : $price_updaters->update_interval; + $price_updaters->type = GETPOSTISSET('type') ? GETPOST('type', 'int') : $price_updaters->type; + $price_updaters->description = GETPOSTISSET('description') ? GETPOST('description', 'restricthtml') : $price_updaters->description; + $price_updaters->parameters = GETPOSTISSET('parameters') ? GETPOST('parameters', 'alphanohtml') : $price_updaters->parameters; + $price_updaters->fk_variable = GETPOSTISSET('fk_variable') ? GETPOST('fk_variable', 'int') : $price_updaters->fk_variable; + $price_updaters->update_interval = GETPOSTISSET('update_interval') ? GETPOST('update_interval', 'int') : $price_updaters->update_interval; } if ($action == 'create_updater' && !empty($save)) { //Verify if process() works diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index ff7eaf6c146..b0b830fb666 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -151,7 +151,7 @@ if (empty($reshook)) $object->ref = GETPOST('ref', 'alpha'); $object->title = GETPOST('title', 'none'); // Do not use 'alpha' here, we want field as it is $object->socid = GETPOST('socid', 'int'); - $object->description = GETPOST('description', 'none'); // Do not use 'alpha' here, we want field as it is + $object->description = GETPOST('description', 'restricthtml'); // Do not use 'alpha' here, we want field as it is $object->public = GETPOST('public', 'alpha'); $object->opp_amount = price2num(GETPOST('opp_amount', 'alpha')); $object->budget_amount = price2num(GETPOST('budget_amount', 'alpha')); @@ -251,7 +251,7 @@ if (empty($reshook)) $object->title = GETPOST('title', 'none'); // Do not use 'alpha' here, we want field as it is $object->statut = GETPOST('status', 'int'); $object->socid = GETPOST('socid', 'int'); - $object->description = GETPOST('description', 'none'); // Do not use 'alpha' here, we want field as it is + $object->description = GETPOST('description', 'restricthtml'); // Do not use 'alpha' here, we want field as it is $object->public = GETPOST('public', 'alpha'); $object->date_start = (!GETPOST('projectstart')) ? '' : $date_start; $object->date_end = (!GETPOST('projectend')) ? '' : $date_end; diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php index 48ea2a15efe..522468257e0 100644 --- a/htdocs/projet/tasks.php +++ b/htdocs/projet/tasks.php @@ -95,7 +95,7 @@ $hookmanager->initHooks(array('projecttaskscard', 'globalcard')); $progress = GETPOST('progress', 'int'); $label = GETPOST('label', 'alpha'); -$description = GETPOST('description', 'none'); +$description = GETPOST('description', 'restricthtml'); $planned_workloadhour = (GETPOST('planned_workloadhour', 'int') ?GETPOST('planned_workloadhour', 'int') : 0); $planned_workloadmin = (GETPOST('planned_workloadmin', 'int') ?GETPOST('planned_workloadmin', 'int') : 0); $planned_workload = $planned_workloadhour * 3600 + $planned_workloadmin * 60; diff --git a/htdocs/resource/card.php b/htdocs/resource/card.php index 8d965c69c2c..b1fec3058c0 100644 --- a/htdocs/resource/card.php +++ b/htdocs/resource/card.php @@ -35,12 +35,12 @@ $langs->loadLangs(array('resource', 'companies', 'other', 'main')); // Get parameters $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $ref = GETPOST('ref', 'alpha'); -$description = GETPOST('description'); -$confirm = GETPOST('confirm'); -$fk_code_type_resource = GETPOST('fk_code_type_resource', 'alpha'); +$description = GETPOST('description', 'restricthtml'); +$confirm = GETPOST('confirm', 'aZ09'); +$fk_code_type_resource = GETPOST('fk_code_type_resource', 'alpha'); $country_id = GETPOST('country_id', 'int'); // Protection if external user From 2f100fdf79fadbc6804e11201b65e70bf6d44299 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 12:53:58 +0200 Subject: [PATCH 30/75] Fix alpha into alphanohtml --- htdocs/admin/menus/edit.php | 72 +++++++++++++++---------------- htdocs/core/lib/functions.lib.php | 13 ++---- 2 files changed, 40 insertions(+), 45 deletions(-) diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php index 04c1b79a5bc..fbed05a1dbe 100644 --- a/htdocs/admin/menus/edit.php +++ b/htdocs/admin/menus/edit.php @@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/menubase.class.php'; // Load translation files required by the page $langs->loadLangs(array("other", "admin")); -$cancel = GETPOST('cancel', 'alpha'); // We click on a Cancel button +$cancel = GETPOST('cancel', 'alphanohtml'); // We click on a Cancel button if (!$user->admin) accessforbidden(); @@ -69,9 +69,9 @@ if ($action == 'update') if (!$cancel) { $leftmenu = ''; $mainmenu = ''; - if (GETPOST('menuIdParent', 'alpha') && !is_numeric(GETPOST('menuIdParent', 'alpha'))) + if (GETPOST('menuIdParent', 'alphanohtml') && !is_numeric(GETPOST('menuIdParent', 'alphanohtml'))) { - $tmp = explode('&', GETPOST('menuIdParent', 'alpha')); + $tmp = explode('&', GETPOST('menuIdParent', 'alphanohtml')); foreach ($tmp as $s) { if (preg_match('/fk_mainmenu=/', $s)) @@ -89,21 +89,21 @@ if ($action == 'update') $result = $menu->fetch(GETPOST('menuId', 'int')); if ($result > 0) { - $menu->title = GETPOST('titre', 'alpha'); + $menu->title = GETPOST('titre', 'alphanohtml'); $menu->leftmenu = GETPOST('leftmenu', 'aZ09'); - $menu->url = GETPOST('url', 'alpha'); - $menu->langs = GETPOST('langs', 'alpha'); + $menu->url = GETPOST('url', 'alphanohtml'); + $menu->langs = GETPOST('langs', 'alphanohtml'); $menu->position = GETPOST('position', 'int'); - $menu->enabled = GETPOST('enabled', 'alpha'); - $menu->perms = GETPOST('perms', 'alpha'); - $menu->target = GETPOST('target', 'alpha'); - $menu->user = GETPOST('user', 'alpha'); - $menu->mainmenu = GETPOST('propertymainmenu', 'alpha'); - if (is_numeric(GETPOST('menuIdParent', 'alpha'))) + $menu->enabled = GETPOST('enabled', 'alphanohtml'); + $menu->perms = GETPOST('perms', 'alphanohtml'); + $menu->target = GETPOST('target', 'alphanohtml'); + $menu->user = GETPOST('user', 'alphanohtml'); + $menu->mainmenu = GETPOST('propertymainmenu', 'alphanohtml'); + if (is_numeric(GETPOST('menuIdParent', 'alphanohtml'))) { - $menu->fk_menu = GETPOST('menuIdParent', 'alpha'); + $menu->fk_menu = GETPOST('menuIdParent', 'alphanohtml'); } else { - if (GETPOST('type', 'alpha') == 'top') $menu->fk_menu = 0; + if (GETPOST('type', 'alphanohtml') == 'top') $menu->fk_menu = 0; else $menu->fk_menu = -1; $menu->fk_mainmenu = $mainmenu; $menu->fk_leftmenu = $leftmenu; @@ -138,9 +138,9 @@ if ($action == 'add') } $leftmenu = ''; $mainmenu = ''; - if (GETPOST('menuId', 'alpha', 3) && !is_numeric(GETPOST('menuId', 'alpha', 3))) + if (GETPOST('menuId', 'alphanohtml', 3) && !is_numeric(GETPOST('menuId', 'alphanohtml', 3))) { - $tmp = explode('&', GETPOST('menuId', 'alpha', 3)); + $tmp = explode('&', GETPOST('menuId', 'alphanohtml', 3)); foreach ($tmp as $s) { if (preg_match('/fk_mainmenu=/', $s)) @@ -198,21 +198,21 @@ if ($action == 'add') { $menu = new Menubase($db); $menu->menu_handler = preg_replace('/_menu$/', '', GETPOST('menu_handler', 'aZ09')); - $menu->type = GETPOST('type', 'alpha'); - $menu->title = GETPOST('titre', 'alpha'); - $menu->url = GETPOST('url', 'alpha'); - $menu->langs = GETPOST('langs', 'alpha'); + $menu->type = GETPOST('type', 'alphanohtml'); + $menu->title = GETPOST('titre', 'alphanohtml'); + $menu->url = GETPOST('url', 'alphanohtml'); + $menu->langs = GETPOST('langs', 'alphanohtml'); $menu->position = GETPOST('position', 'int'); - $menu->enabled = GETPOST('enabled', 'alpha'); - $menu->perms = GETPOST('perms', 'alpha'); - $menu->target = GETPOST('target', 'alpha'); - $menu->user = GETPOST('user', 'alpha'); - $menu->mainmenu = GETPOST('propertymainmenu', 'alpha'); - if (is_numeric(GETPOST('menuId', 'alpha', 3))) + $menu->enabled = GETPOST('enabled', 'alphanohtml'); + $menu->perms = GETPOST('perms', 'alphanohtml'); + $menu->target = GETPOST('target', 'alphanohtml'); + $menu->user = GETPOST('user', 'alphanohtml'); + $menu->mainmenu = GETPOST('propertymainmenu', 'alphanohtml'); + if (is_numeric(GETPOST('menuId', 'alphanohtml', 3))) { - $menu->fk_menu = GETPOST('menuId', 'alpha', 3); + $menu->fk_menu = GETPOST('menuId', 'alphanohtml', 3); } else { - if (GETPOST('type', 'alpha') == 'top') $menu->fk_menu = 0; + if (GETPOST('type', 'alphanohtml') == 'top') $menu->fk_menu = 0; else $menu->fk_menu = -1; $menu->fk_mainmenu = $mainmenu; $menu->fk_leftmenu = $leftmenu; @@ -353,7 +353,7 @@ if ($action == 'create') // Mainmenu code print ''.$langs->trans('MainMenuCode').''; - print ''; + print ''; print ''; print $langs->trans("Example").': mytopmenukey'; print ''; @@ -364,23 +364,23 @@ if ($action == 'create') { print ''.$parent_rowid.''; } else { - print ''; + print ''; } print ''.$langs->trans('DetailMenuIdParent'); print ', '.$langs->trans("Example").': fk_mainmenu=abc&fk_leftmenu=def'; print ''; // Title - print ''.$langs->trans('Title').''.$langs->trans('DetailTitre').''; + print ''.$langs->trans('Title').''.$langs->trans('DetailTitre').''; // URL - print ''.$langs->trans('URL').''.$langs->trans('DetailUrl').''; + print ''.$langs->trans('URL').''.$langs->trans('DetailUrl').''; // Langs print ''.$langs->trans('LangFile').''.$langs->trans('DetailLangs').''; // Position - print ''.$langs->trans('Position').''.$langs->trans('DetailPosition').''; + print ''.$langs->trans('Position').''.$langs->trans('DetailPosition').''; // Target print ''.$langs->trans('Target').''.$langs->trans('DetailTarget').''; // Enabled - print ''.$langs->trans('Enabled').''.$langs->trans('DetailEnabled').''; + print ''.$langs->trans('Enabled').''.$langs->trans('DetailEnabled').''; // Perms - print ''.$langs->trans('Rights').''.$langs->trans('DetailRight').''; + print ''.$langs->trans('Rights').''.$langs->trans('DetailRight').''; print ''; @@ -454,7 +454,7 @@ if ($action == 'create') } else {*/ - print 'mainmenu).'">'; + print 'mainmenu).'">'; //} print ''; print $langs->trans("Example").': mytopmenukey'; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index afec889163f..eba9db46df6 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -277,12 +277,13 @@ function GETPOSTISSET($paramname) * 'none'=no check (only for param that should have very rich content) * 'int'=check it's numeric (integer or float) * 'intcomma'=check it's integer+comma ('1,2,3,4...') - * 'alpha'=check it's text and sign + * 'alpha'=Same than alphanohtml since v13 + * 'alphanohtml'=check there is no html content and no " and no ../ * 'aZ'=check it's a-z only * 'aZ09'=check it's simple alpha string (recommended for keys) * 'array'=check it's array * 'san_alpha'=Use filter_var with FILTER_SANITIZE_STRING (do not use this for free text string) - * 'nohtml', 'alphanohtml'=check there is no html content + * 'nohtml'=check there is no html content and no " and no ../ * 'restricthtml'=check html content is restricted to some tags only * 'custom'= custom filter specify $filter and $options) * @param int $method Type of method (0 = get then post, 1 = only get, 2 = only post, 3 = post then get) @@ -555,13 +556,6 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null case 'intcomma': if (preg_match('/[^0-9,-]+/i', $out)) $out = ''; break; - case 'alpha': - if (!is_array($out)) { - // '"' is dangerous because param in url can close the href= or src= and add javascript functions. - // '../' is dangerous because it allows dir transversals - $out = str_replace(array('"', '../'), '', trim($out)); - } - break; case 'san_alpha': $out = filter_var($out, FILTER_SANITIZE_STRING); break; @@ -592,6 +586,7 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null case 'nohtml': $out = dol_string_nohtmltag($out, 0); break; + case 'alpha': // No html and no " and no ../ case 'alphanohtml': // Recommended for most scalar parameters and search parameters if (!is_array($out)) { From 4b0dbbc5fb0f88b038a551f68ad5fe249582bb1a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 12:55:03 +0200 Subject: [PATCH 31/75] GETPOST(..., 'alpha') has now the same behaviour than GETPOST(..., 'alpahnohtml'); --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 7bfd43947b6..1f4afc83e82 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,7 @@ Following changes may create regressions for some external modules, but were nec * Property num_paiement has been renamed num_payment everywhere for better code consistency. * If you build a class that implement CommonObject to use the incoterm properties or method (->fk_incoterm, ->label_incoterm, ->location_incoterm), you must now also include declaration of the Trait CommonIncoterm in your class. All incoterm functions were moved into this Trait. +* The GETPOST(..., 'alpha') has now the same behaviour than GETPOST(..., 'alpahnohtml'); ***** ChangeLog for 12.0.2 compared to 12.0.1 ***** FIX: computation of the bottom margin of returns NaN because body is not loaded yet From 8029b80f08d00f593325359d274201a67d565c9e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 13:03:34 +0200 Subject: [PATCH 32/75] Fix install hangs --- htdocs/core/modules/modProduct.class.php | 3 ++- htdocs/core/modules/modService.class.php | 3 ++- htdocs/install/upgrade2.php | 2 -- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/core/modules/modProduct.class.php b/htdocs/core/modules/modProduct.class.php index c8217ee3c43..5237f5f9b4b 100644 --- a/htdocs/core/modules/modProduct.class.php +++ b/htdocs/core/modules/modProduct.class.php @@ -167,7 +167,8 @@ class modProduct extends DolibarrModules $r++; */ - $usenpr = $mysoc->useNPR(); + $usenpr = 0; + if (is_object($mysoc)) $usenpr = $mysoc->useNPR(); // Exports //-------- diff --git a/htdocs/core/modules/modService.class.php b/htdocs/core/modules/modService.class.php index 8173db53a9a..258af06389a 100644 --- a/htdocs/core/modules/modService.class.php +++ b/htdocs/core/modules/modService.class.php @@ -134,7 +134,8 @@ class modService extends DolibarrModules $r++; */ - $usenpr = $mysoc->useNPR(); + $usenpr = 0; + if (is_object($mysoc)) $usenpr = $mysoc->useNPR(); // Exports //-------- diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index 13e50732566..90ac30058e0 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -1,6 +1,4 @@ * Copyright (C) 2005-2018 Laurent Destailleur * Copyright (C) 2005-2011 Regis Houssin From f5c0cd25e26826b1863ee3483ec2eb0630534da4 Mon Sep 17 00:00:00 2001 From: Tim Otte Date: Thu, 17 Sep 2020 13:19:31 +0200 Subject: [PATCH 33/75] Fixed html to odt converter --- htdocs/includes/odtphp/odf.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/includes/odtphp/odf.php b/htdocs/includes/odtphp/odf.php index 45e442462b4..3d510fdbaf1 100644 --- a/htdocs/includes/odtphp/odf.php +++ b/htdocs/includes/odtphp/odf.php @@ -320,7 +320,7 @@ class Odf $tempHtml = substr($tempHtml, $tagOffset); } // Extract the attribute data from the html tag - preg_match_all('/([0-9A-Za-z]+(?:="[0-9A-Za-z\:\-\s\,\;]*")?)+/', $matches[2][0], $explodedAttributes); + preg_match_all('/([0-9A-Za-z]+(?:="[0-9A-Za-z\:\-\s\,\;\#]*")?)+/', $matches[2][0], $explodedAttributes); $explodedAttributes = array_filter($explodedAttributes[0]); $attributes = array(); // Store each attribute with its name in the $attributes array From 16b9e628661dca5af434a31b8e69dcc6c48aad91 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 14:20:37 +0200 Subject: [PATCH 34/75] FIX #yogosha4456 --- htdocs/conf/conf.php.example | 24 ++++++++++++------- htdocs/cron/class/cronjob.class.php | 37 ++++++++++++++++++----------- htdocs/langs/en_US/errors.lang | 3 ++- 3 files changed, 40 insertions(+), 24 deletions(-) diff --git a/htdocs/conf/conf.php.example b/htdocs/conf/conf.php.example index 32c37301a0e..6b1b5e0ea0a 100644 --- a/htdocs/conf/conf.php.example +++ b/htdocs/conf/conf.php.example @@ -219,10 +219,10 @@ $dolibarr_main_authentication='dolibarr'; // 1 = Force redirect to https, until SCRIPT_URI start with https into response // 2 = Force redirect to https, until SERVER["HTTPS"] is 'on' into response // 'https://my.domain.com' = Force redirect to https using this domain name. -// Warning: If you enable this parameter, your web server must be configured to -// respond URL with https protocol. -// According to your web server setup, some values may works and other not. Try -// different values (1,2 or 'https://my.domain.com') if you experience problems. +// Warning: If you enable this parameter, your web server must be configured to respond URL with https protocol. +// According to your web server setup, some values may works and other not. Try different values (1,2 or 'https://my.domain.com') if you experience problems. +// Even if a redirect to HTTPS is forced by the webserver, it is recommanded to set this value to another value than 0, so your session cookies will be +// flagged as secured. // Default value: 0 // Possible values: 0, 1, 2 or 'https://my.domain.com' // Examples: @@ -233,12 +233,12 @@ $dolibarr_main_force_https='0'; // dolibarr_main_prod // When this parameter is defined, all errors messages are not reported. // This feature exists for production usage to avoid to give any information to hackers. -// Default value: 0 +// Default value: 1 // Possible values: 0 or 1 // Examples: -// $dolibarr_main_prod='0'; +// $dolibarr_main_prod='1'; // -$dolibarr_main_prod='0'; +$dolibarr_main_prod='1'; // $dolibarr_main_restrict_os_commands // To restrict commands you can execute by the backup feature, enter allowed command here. @@ -260,8 +260,8 @@ $dolibarr_main_restrict_ip=''; // dolibarr_nocsrfcheck // This parameter can be used to disable CSRF protection. -// This might be required if you access Dolibarr behind a proxy that make -// URL rewriting, to avoid false alarms. +// This might be required if you access Dolibarr behind a proxy that make bad URL rewriting, to avoid false alarms. +// In most cases, you should always keep this to 0. // Default value: 0 // Possible values: 0 or 1 // Examples: @@ -269,6 +269,12 @@ $dolibarr_main_restrict_ip=''; // $dolibarr_nocsrfcheck='0'; +// dolibarr_cron_allow_cli +// If set to 1, you will be able to define some command line in the internale Job scheduler module. +// Default value: '0' +// Examples: '1' +$dolibarr_cron_allow_cli='0'; + // dolibarr_mailing_limit_sendbyweb // Can set a limit for mailing send by web. This overwrite database value. Can be used to restrict on OS level. // Default value: '25' diff --git a/htdocs/cron/class/cronjob.class.php b/htdocs/cron/class/cronjob.class.php index d66c441c79c..fc038bb78bf 100644 --- a/htdocs/cron/class/cronjob.class.php +++ b/htdocs/cron/class/cronjob.class.php @@ -1119,23 +1119,32 @@ class Cronjob extends CommonObject // Run a command line if ($this->jobtype == 'command') { - $outputdir = $conf->cron->dir_temp; - if (empty($outputdir)) $outputdir = $conf->cronjob->dir_temp; + global $dolibarr_cron_allow_cli; - if (!empty($outputdir)) - { - dol_mkdir($outputdir); - $outputfile = $outputdir.'/cronjob.'.$userlogin.'.out'; // File used with popen method + if (empty($dolibarr_cron_allow_cli)) { + $langs->load("errors"); + $this->error = $langs->trans("FailedToExecutCommandJob"); + $this->lastoutput = ''; + $this->lastresult = $langs->trans("ErrorParameterMustBeEnabledToAllwoThisFeature", 'dolibarr_cron_allow_cli'); + } else { + $outputdir = $conf->cron->dir_temp; + if (empty($outputdir)) $outputdir = $conf->cronjob->dir_temp; - // Execute a CLI - include_once DOL_DOCUMENT_ROOT.'/core/class/utils.class.php'; - $utils = new Utils($this->db); - $arrayresult = $utils->executeCLI($this->command, $outputfile); + if (!empty($outputdir)) + { + dol_mkdir($outputdir); + $outputfile = $outputdir.'/cronjob.'.$userlogin.'.out'; // File used with popen method - $retval = $arrayresult['result']; - $this->error = $arrayresult['error']; - $this->lastoutput = $arrayresult['output']; - $this->lastresult = $arrayresult['result']; + // Execute a CLI + include_once DOL_DOCUMENT_ROOT.'/core/class/utils.class.php'; + $utils = new Utils($this->db); + $arrayresult = $utils->executeCLI($this->command, $outputfile); + + $retval = $arrayresult['result']; + $this->error = $arrayresult['error']; + $this->lastoutput = $arrayresult['output']; + $this->lastresult = $arrayresult['result']; + } } } diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index dfb6a9b83ca..773e073955e 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -243,6 +243,7 @@ ErrorReplaceStringEmpty=Error, the string to replace into is empty ErrorProductNeedBatchNumber=Error, product '%s' need a lot/serial number ErrorProductDoesNotNeedBatchNumber=Error, product '%s' does not accept a lot/serial number ErrorFailedToReadObject=Error, failed to read object of type %s +ErrorParameterMustBeEnabledToAllwoThisFeature=Error, parameter %s must be enabled into conf/conf.php to allow use of Command Line Interface by the internal job scheduler # Warnings WarningParamUploadMaxFileSizeHigherThanPostMaxSize=Your PHP parameter upload_max_filesize (%s) is higher than PHP parameter post_max_size (%s). This is not a consistent setup. WarningPasswordSetWithNoAccount=A password was set for this member. However, no user account was created. So this password is stored but can't be used to login to Dolibarr. It may be used by an external module/interface but if you don't need to define any login nor password for a member, you can disable option "Manage a login for each member" from Member module setup. If you need to manage a login but don't need any password, you can keep this field empty to avoid this warning. Note: Email can also be used as a login if the member is linked to a user. @@ -270,4 +271,4 @@ WarningDateOfLineMustBeInExpenseReportRange=Warning, the date of line is not in WarningProjectClosed=Project is closed. You must re-open it first. WarningSomeBankTransactionByChequeWereRemovedAfter=Some bank transaction were removed after that the receipt including them were generated. So nb of cheques and total of receipt may differ from number and total in list. WarningFailedToAddFileIntoDatabaseIndex=Warning, failed to add file entry into ECM database index table -WarningTheHiddenOptionIsOn=Warning, the hidden option %s is on. \ No newline at end of file +WarningTheHiddenOptionIsOn=Warning, the hidden option %s is on. From 31a68cfc189d03c3a24662a70a473e599fcb9e3b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 14:30:10 +0200 Subject: [PATCH 35/75] FIX #yogosha4483 --- htdocs/accountancy/admin/account.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/accountancy/admin/account.php b/htdocs/accountancy/admin/account.php index e6264648159..93241901524 100644 --- a/htdocs/accountancy/admin/account.php +++ b/htdocs/accountancy/admin/account.php @@ -55,7 +55,7 @@ if (!$user->rights->accounting->chartofaccount) accessforbidden(); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; From 9a758b7eddb551ea5c4eeb16e1834759e2dc4dd1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 14:31:25 +0200 Subject: [PATCH 36/75] FIX #yogosha4483 --- htdocs/accountancy/admin/fiscalyear.php | 2 +- htdocs/accountancy/bookkeeping/balance.php | 2 +- htdocs/accountancy/bookkeeping/list.php | 2 +- htdocs/accountancy/bookkeeping/listbyaccount.php | 2 +- htdocs/accountancy/customer/lines.php | 2 +- htdocs/accountancy/customer/list.php | 2 +- htdocs/accountancy/expensereport/lines.php | 2 +- htdocs/accountancy/expensereport/list.php | 2 +- htdocs/accountancy/supplier/lines.php | 2 +- htdocs/accountancy/supplier/list.php | 2 +- htdocs/adherents/subscription.php | 2 +- htdocs/admin/const.php | 2 +- htdocs/admin/emailcollector_list.php | 2 +- htdocs/admin/events.php | 2 +- htdocs/admin/mails_senderprofile_list.php | 2 +- htdocs/admin/tools/dolibarr_export.php | 2 +- htdocs/admin/tools/export.php | 2 +- htdocs/admin/tools/export_files.php | 2 +- htdocs/admin/tools/listevents.php | 2 +- htdocs/admin/website.php | 2 +- htdocs/admin/website_options.php | 2 +- htdocs/asset/list.php | 2 +- htdocs/blockedlog/admin/blockedlog_list.php | 2 +- htdocs/bom/bom_list.php | 2 +- htdocs/bookmarks/list.php | 2 +- htdocs/categories/viewcat.php | 2 +- htdocs/comm/contact.php | 2 +- htdocs/comm/mailing/advtargetemailing.php | 2 +- htdocs/comm/mailing/cibles.php | 2 +- htdocs/compta/accounting-files.php | 2 +- htdocs/compta/bank/various_payment/document.php | 2 +- htdocs/compta/cashcontrol/cashcontrol_list.php | 2 +- htdocs/compta/deplacement/document.php | 2 +- htdocs/compta/paiement/cheque/card.php | 2 +- htdocs/compta/paiement/tovalidate.php | 2 +- htdocs/compta/prelevement/bons.php | 2 +- htdocs/compta/prelevement/card.php | 2 +- htdocs/compta/prelevement/factures.php | 2 +- htdocs/compta/prelevement/fiche-rejet.php | 2 +- htdocs/compta/prelevement/fiche-stat.php | 2 +- htdocs/compta/prelevement/line.php | 2 +- htdocs/compta/prelevement/list.php | 2 +- htdocs/compta/prelevement/rejets.php | 2 +- htdocs/compta/recap-compta.php | 2 +- htdocs/contact/list.php | 2 +- htdocs/contrat/index.php | 2 +- htdocs/core/customreports.php | 2 +- htdocs/don/document.php | 2 +- htdocs/expedition/list.php | 2 +- htdocs/expensereport/document.php | 2 +- htdocs/expensereport/list.php | 2 +- htdocs/fichinter/document.php | 2 +- htdocs/fichinter/list.php | 2 +- htdocs/fourn/product/list.php | 2 +- htdocs/holiday/define_holiday.php | 2 +- htdocs/holiday/document.php | 2 +- htdocs/holiday/list.php | 2 +- htdocs/holiday/view_log.php | 2 +- htdocs/loan/list.php | 2 +- htdocs/margin/agentMargins.php | 2 +- htdocs/margin/checkMargins.php | 2 +- htdocs/margin/customerMargins.php | 2 +- htdocs/margin/productMargins.php | 2 +- htdocs/modulebuilder/template/myobject_list.php | 2 +- htdocs/mrp/mo_list.php | 2 +- htdocs/opensurvey/list.php | 2 +- htdocs/product/inventory/list.php | 2 +- htdocs/product/stats/commande_fournisseur.php | 2 +- htdocs/product/stats/propal.php | 2 +- htdocs/product/stats/supplier_proposal.php | 2 +- htdocs/product/stock/list.php | 2 +- htdocs/product/stock/massstockmove.php | 2 +- htdocs/product/stock/productlot_list.php | 2 +- htdocs/product/stock/replenish.php | 2 +- htdocs/product/stock/stockatdate.php | 2 +- htdocs/reception/list.php | 2 +- htdocs/recruitment/recruitmentcandidature_list.php | 2 +- htdocs/recruitment/recruitmentjobposition_list.php | 2 +- htdocs/resource/document.php | 2 +- htdocs/salaries/document.php | 2 +- htdocs/ticket/card.php | 2 +- htdocs/ticket/list.php | 2 +- htdocs/user/group/list.php | 2 +- htdocs/user/list.php | 2 +- htdocs/zapier/hook_list.php | 2 +- 85 files changed, 85 insertions(+), 85 deletions(-) diff --git a/htdocs/accountancy/admin/fiscalyear.php b/htdocs/accountancy/admin/fiscalyear.php index 89aad6e2d0d..5728f78b791 100644 --- a/htdocs/accountancy/admin/fiscalyear.php +++ b/htdocs/accountancy/admin/fiscalyear.php @@ -30,7 +30,7 @@ $action = GETPOST('action', 'aZ09'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/accountancy/bookkeeping/balance.php b/htdocs/accountancy/bookkeeping/balance.php index a5000dda461..9079d95d670 100644 --- a/htdocs/accountancy/bookkeeping/balance.php +++ b/htdocs/accountancy/bookkeeping/balance.php @@ -47,7 +47,7 @@ $action = GETPOST('action', 'aZ09'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index 9a623287fc2..29b5c2eb7fe 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -92,7 +92,7 @@ $search_not_reconciled = GETPOST('search_reconciled_option', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page < 0) { $page = 0; } $offset = $limit * $page; diff --git a/htdocs/accountancy/bookkeeping/listbyaccount.php b/htdocs/accountancy/bookkeeping/listbyaccount.php index f23a1988a45..6e7b9dfb54f 100644 --- a/htdocs/accountancy/bookkeeping/listbyaccount.php +++ b/htdocs/accountancy/bookkeeping/listbyaccount.php @@ -69,7 +69,7 @@ if (GETPOST("button_delmvt_x") || GETPOST("button_delmvt.x") || GETPOST("button_ // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page < 0) { $page = 0; } $offset = $limit * $page; diff --git a/htdocs/accountancy/customer/lines.php b/htdocs/accountancy/customer/lines.php index 6b326ec872f..2baed5d4653 100644 --- a/htdocs/accountancy/customer/lines.php +++ b/htdocs/accountancy/customer/lines.php @@ -62,7 +62,7 @@ $search_tvaintra = GETPOST('search_tvaintra', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page < 0) $page = 0; $offset = $limit * $page; diff --git a/htdocs/accountancy/customer/list.php b/htdocs/accountancy/customer/list.php index 4e8e5f2ab00..79a693978d1 100644 --- a/htdocs/accountancy/customer/list.php +++ b/htdocs/accountancy/customer/list.php @@ -70,7 +70,7 @@ $btn_ventil = GETPOST('ventil', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page < 0) { $page = 0; } $offset = $limit * $page; diff --git a/htdocs/accountancy/expensereport/lines.php b/htdocs/accountancy/expensereport/lines.php index 4fdc29b2c0f..afb6ae13a6e 100644 --- a/htdocs/accountancy/expensereport/lines.php +++ b/htdocs/accountancy/expensereport/lines.php @@ -56,7 +56,7 @@ $search_year = GETPOST("search_year", "int"); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page < 0) $page = 0; $pageprev = $page - 1; diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php index 1a79f5579da..61e2a95fd88 100644 --- a/htdocs/accountancy/expensereport/list.php +++ b/htdocs/accountancy/expensereport/list.php @@ -66,7 +66,7 @@ $search_year = GETPOST("search_year", "int"); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page < 0) { $page = 0; } $offset = $limit * $page; diff --git a/htdocs/accountancy/supplier/lines.php b/htdocs/accountancy/supplier/lines.php index 6a5e234532c..dacca2a226d 100644 --- a/htdocs/accountancy/supplier/lines.php +++ b/htdocs/accountancy/supplier/lines.php @@ -63,7 +63,7 @@ $search_tvaintra = GETPOST('search_tvaintra', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page < 0) $page = 0; $offset = $limit * $page; diff --git a/htdocs/accountancy/supplier/list.php b/htdocs/accountancy/supplier/list.php index 0580aeb63f4..9b700aeac56 100644 --- a/htdocs/accountancy/supplier/list.php +++ b/htdocs/accountancy/supplier/list.php @@ -70,7 +70,7 @@ $btn_ventil = GETPOST('ventil', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page < 0) { $page = 0; } $offset = $limit * $page; diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index f7192dfc5ae..88924efdf93 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -48,7 +48,7 @@ $typeid = GETPOST('typeid', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/admin/const.php b/htdocs/admin/const.php index 3317e0aaf97..33d3951236a 100644 --- a/htdocs/admin/const.php +++ b/htdocs/admin/const.php @@ -47,7 +47,7 @@ $constnote = GETPOST('constnote', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/admin/emailcollector_list.php b/htdocs/admin/emailcollector_list.php index ef00ece52fc..b538a64c9e9 100644 --- a/htdocs/admin/emailcollector_list.php +++ b/htdocs/admin/emailcollector_list.php @@ -52,7 +52,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/admin/events.php b/htdocs/admin/events.php index 92ff5c7631a..fe87c2a9ef4 100644 --- a/htdocs/admin/events.php +++ b/htdocs/admin/events.php @@ -42,7 +42,7 @@ $optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' // Load variable for pagination $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page < 0 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters $offset = $limit * $page; diff --git a/htdocs/admin/mails_senderprofile_list.php b/htdocs/admin/mails_senderprofile_list.php index 2de3c436826..a471c0369a4 100644 --- a/htdocs/admin/mails_senderprofile_list.php +++ b/htdocs/admin/mails_senderprofile_list.php @@ -48,7 +48,7 @@ $rowid = GETPOST('rowid', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/admin/tools/dolibarr_export.php b/htdocs/admin/tools/dolibarr_export.php index be9a478e730..b8e6dc8c15e 100644 --- a/htdocs/admin/tools/dolibarr_export.php +++ b/htdocs/admin/tools/dolibarr_export.php @@ -32,7 +32,7 @@ $langs->load("admin"); $action = GETPOST('action', 'aZ09'); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (!$sortorder) $sortorder = "DESC"; if (!$sortfield) $sortfield = "date"; diff --git a/htdocs/admin/tools/export.php b/htdocs/admin/tools/export.php index ed2d718463c..3614e412318 100644 --- a/htdocs/admin/tools/export.php +++ b/htdocs/admin/tools/export.php @@ -38,7 +38,7 @@ $file = GETPOST('filename_template', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/admin/tools/export_files.php b/htdocs/admin/tools/export_files.php index 0a3ee9fd3f9..45b02716524 100644 --- a/htdocs/admin/tools/export_files.php +++ b/htdocs/admin/tools/export_files.php @@ -40,7 +40,7 @@ $file = dol_sanitizeFileName($file); $file = preg_replace('/(\.zip|\.tar|\.tgz|\.gz|\.tar\.gz|\.bz2)$/i', '', $file); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (!$sortorder) $sortorder = "DESC"; if (!$sortfield) $sortfield = "date"; diff --git a/htdocs/admin/tools/listevents.php b/htdocs/admin/tools/listevents.php index 634f2068641..172c49abeb8 100644 --- a/htdocs/admin/tools/listevents.php +++ b/htdocs/admin/tools/listevents.php @@ -47,7 +47,7 @@ $langs->loadLangs(array("companies", "admin", "users", "other")); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/admin/website.php b/htdocs/admin/website.php index 4254408ed90..7c098aa1c4b 100644 --- a/htdocs/admin/website.php +++ b/htdocs/admin/website.php @@ -52,7 +52,7 @@ $actl[1] = img_picto($langs->trans("Activated"), 'switch_on'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/admin/website_options.php b/htdocs/admin/website_options.php index 6f0cffa41c8..2bbe3e84638 100644 --- a/htdocs/admin/website_options.php +++ b/htdocs/admin/website_options.php @@ -47,7 +47,7 @@ $status = 1; // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/asset/list.php b/htdocs/asset/list.php index ab31c6c9831..224caea2e58 100644 --- a/htdocs/asset/list.php +++ b/htdocs/asset/list.php @@ -48,7 +48,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/blockedlog/admin/blockedlog_list.php b/htdocs/blockedlog/admin/blockedlog_list.php index 41bb81c72da..818c84a8b5e 100644 --- a/htdocs/blockedlog/admin/blockedlog_list.php +++ b/htdocs/blockedlog/admin/blockedlog_list.php @@ -57,7 +57,7 @@ if (($search_start == -1 || empty($search_start)) && !GETPOSTISSET('search_start // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/bom/bom_list.php b/htdocs/bom/bom_list.php index 6092f11aea5..5f1728ef055 100644 --- a/htdocs/bom/bom_list.php +++ b/htdocs/bom/bom_list.php @@ -46,7 +46,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/bookmarks/list.php b/htdocs/bookmarks/list.php index 2a477c6ce74..3ea33b329ff 100644 --- a/htdocs/bookmarks/list.php +++ b/htdocs/bookmarks/list.php @@ -43,7 +43,7 @@ $optioncss = GETPOST('optioncss', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/categories/viewcat.php b/htdocs/categories/viewcat.php index 0e5b50085c9..2648a0c09f4 100644 --- a/htdocs/categories/viewcat.php +++ b/htdocs/categories/viewcat.php @@ -54,7 +54,7 @@ $optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always ' // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php index d3075916367..83dfd203d0c 100644 --- a/htdocs/comm/contact.php +++ b/htdocs/comm/contact.php @@ -30,7 +30,7 @@ require '../main.inc.php'; $langs->load("companies"); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (!$sortorder) $sortorder = "ASC"; if (!$sortfield) $sortfield = "p.name"; diff --git a/htdocs/comm/mailing/advtargetemailing.php b/htdocs/comm/mailing/advtargetemailing.php index da24f7bcb4f..fbdf3097139 100644 --- a/htdocs/comm/mailing/advtargetemailing.php +++ b/htdocs/comm/mailing/advtargetemailing.php @@ -47,7 +47,7 @@ if (!$user->rights->mailing->lire || $user->socid > 0) // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php index 27e0c2e5b0c..be0518be553 100644 --- a/htdocs/comm/mailing/cibles.php +++ b/htdocs/comm/mailing/cibles.php @@ -42,7 +42,7 @@ if (!$user->rights->mailing->lire || $user->socid > 0) accessforbidden(); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/accounting-files.php b/htdocs/compta/accounting-files.php index 9b79660c14f..d73e7228b82 100644 --- a/htdocs/compta/accounting-files.php +++ b/htdocs/compta/accounting-files.php @@ -68,7 +68,7 @@ $hookmanager->initHooks(array('comptafileslist', 'globallist')); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/bank/various_payment/document.php b/htdocs/compta/bank/various_payment/document.php index 68928daef1f..267908cde41 100644 --- a/htdocs/compta/bank/various_payment/document.php +++ b/htdocs/compta/bank/various_payment/document.php @@ -45,7 +45,7 @@ $result = restrictedArea($user, 'banque', '', '', ''); // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/cashcontrol/cashcontrol_list.php b/htdocs/compta/cashcontrol/cashcontrol_list.php index d24c4ac1059..ae2837a35cd 100644 --- a/htdocs/compta/cashcontrol/cashcontrol_list.php +++ b/htdocs/compta/cashcontrol/cashcontrol_list.php @@ -64,7 +64,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/compta/deplacement/document.php b/htdocs/compta/deplacement/document.php index 75db16c8348..98354e328f0 100644 --- a/htdocs/compta/deplacement/document.php +++ b/htdocs/compta/deplacement/document.php @@ -50,7 +50,7 @@ $result = restrictedArea($user, 'deplacement', $id, ''); // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/paiement/cheque/card.php b/htdocs/compta/paiement/cheque/card.php index f3eab05912b..1691fe3ecfc 100644 --- a/htdocs/compta/paiement/cheque/card.php +++ b/htdocs/compta/paiement/cheque/card.php @@ -47,7 +47,7 @@ if ($user->socid) $socid = $user->socid; $result = restrictedArea($user, 'cheque', $id, 'bordereau_cheque', '', 'fk_user_author', $fieldname); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (!$sortorder) $sortorder = "ASC"; if (!$sortfield) $sortfield = "b.dateo,b.rowid"; diff --git a/htdocs/compta/paiement/tovalidate.php b/htdocs/compta/paiement/tovalidate.php index 349c483a5db..df0b92b5f44 100644 --- a/htdocs/compta/paiement/tovalidate.php +++ b/htdocs/compta/paiement/tovalidate.php @@ -41,7 +41,7 @@ if ($user->socid > 0) $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/bons.php b/htdocs/compta/prelevement/bons.php index 608c9fe594d..cb702174434 100644 --- a/htdocs/compta/prelevement/bons.php +++ b/htdocs/compta/prelevement/bons.php @@ -42,7 +42,7 @@ $type = GETPOST('type', 'aZ09'); $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/card.php b/htdocs/compta/prelevement/card.php index 0b9abd21e37..a70a464b428 100644 --- a/htdocs/compta/prelevement/card.php +++ b/htdocs/compta/prelevement/card.php @@ -46,7 +46,7 @@ $type = GETPOST('type', 'aZ09'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/factures.php b/htdocs/compta/prelevement/factures.php index c4cb6f0c7c4..4104633e111 100644 --- a/htdocs/compta/prelevement/factures.php +++ b/htdocs/compta/prelevement/factures.php @@ -46,7 +46,7 @@ $type = GETPOST('type', 'aZ09'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/fiche-rejet.php b/htdocs/compta/prelevement/fiche-rejet.php index 2cfc40bb30c..29d799a8554 100644 --- a/htdocs/compta/prelevement/fiche-rejet.php +++ b/htdocs/compta/prelevement/fiche-rejet.php @@ -46,7 +46,7 @@ $type = GETPOST('type', 'aZ09'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/fiche-stat.php b/htdocs/compta/prelevement/fiche-stat.php index c59ed2d4232..3bb71f8c441 100644 --- a/htdocs/compta/prelevement/fiche-stat.php +++ b/htdocs/compta/prelevement/fiche-stat.php @@ -44,7 +44,7 @@ $type = GETPOST('type', 'aZ09'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/line.php b/htdocs/compta/prelevement/line.php index 5949c155799..4120672b44e 100644 --- a/htdocs/compta/prelevement/line.php +++ b/htdocs/compta/prelevement/line.php @@ -46,7 +46,7 @@ $socid = GETPOST('socid', 'int'); $type = GETPOST('type', 'aZ09'); $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $sortfield = GETPOST('sortfield', 'alpha'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if ($page == -1 || $page == null) { $page = 0; } diff --git a/htdocs/compta/prelevement/list.php b/htdocs/compta/prelevement/list.php index 2666e8587e6..1255a2b861e 100644 --- a/htdocs/compta/prelevement/list.php +++ b/htdocs/compta/prelevement/list.php @@ -51,7 +51,7 @@ $type = GETPOST('type', 'aZ09'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/rejets.php b/htdocs/compta/prelevement/rejets.php index a8481d25f7a..6c38e65981b 100644 --- a/htdocs/compta/prelevement/rejets.php +++ b/htdocs/compta/prelevement/rejets.php @@ -42,7 +42,7 @@ $type = GETPOST('type', 'aZ09'); // Get supervariables $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $sortfield = GETPOST('sortfield', 'alpha'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 diff --git a/htdocs/compta/recap-compta.php b/htdocs/compta/recap-compta.php index 8b75ec38fce..3106235430e 100644 --- a/htdocs/compta/recap-compta.php +++ b/htdocs/compta/recap-compta.php @@ -47,7 +47,7 @@ $hookmanager->initHooks(array('recapcomptacard', 'globalcard')); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index 253be5ddaea..50f5a98fa4e 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -105,7 +105,7 @@ $view = GETPOST("view", 'alpha'); $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); $userid = GETPOST('userid', 'int'); $begin = GETPOST('begin'); diff --git a/htdocs/contrat/index.php b/htdocs/contrat/index.php index 40a9a4100da..1293da8cf26 100644 --- a/htdocs/contrat/index.php +++ b/htdocs/contrat/index.php @@ -38,7 +38,7 @@ $hookmanager->initHooks(array('contractindex')); $langs->loadLangs(array('products', 'companies', 'contracts')); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); $statut = GETPOST('statut') ?GETPOST('statut') : 1; diff --git a/htdocs/core/customreports.php b/htdocs/core/customreports.php index a8bd9e93c3c..fa30da5b10a 100644 --- a/htdocs/core/customreports.php +++ b/htdocs/core/customreports.php @@ -55,7 +55,7 @@ if (!defined('USE_CUSTOME_REPORT_AS_INCLUDE')) // Load variable for pagination $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); - $sortorder = GETPOST('sortorder', 'alpha'); + $sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/don/document.php b/htdocs/don/document.php index de43e6d3682..d0009f5fb23 100644 --- a/htdocs/don/document.php +++ b/htdocs/don/document.php @@ -57,7 +57,7 @@ $result = restrictedArea($user, 'don', $id, ''); // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php index 5c94ff3da95..615373be5f4 100644 --- a/htdocs/expedition/list.php +++ b/htdocs/expedition/list.php @@ -77,7 +77,7 @@ $optioncss = GETPOST('optioncss', 'alpha'); $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (!$sortfield) $sortfield = "e.ref"; if (!$sortorder) $sortorder = "DESC"; diff --git a/htdocs/expensereport/document.php b/htdocs/expensereport/document.php index 4c4d68e7589..53d4d51ba84 100644 --- a/htdocs/expensereport/document.php +++ b/htdocs/expensereport/document.php @@ -50,7 +50,7 @@ $result = restrictedArea($user, 'expensereport', $id, 'expensereport'); // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/expensereport/list.php b/htdocs/expensereport/list.php index a21ed4d6612..2ca0558f72c 100644 --- a/htdocs/expensereport/list.php +++ b/htdocs/expensereport/list.php @@ -75,7 +75,7 @@ $diroutputmassaction = $conf->expensereport->dir_output.'/temp/massgeneration/'. // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/fichinter/document.php b/htdocs/fichinter/document.php index 46ccb34de96..529b3086794 100644 --- a/htdocs/fichinter/document.php +++ b/htdocs/fichinter/document.php @@ -54,7 +54,7 @@ $result = restrictedArea($user, 'ficheinter', $id, 'fichinter'); // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php index 62280d5829c..89223158445 100644 --- a/htdocs/fichinter/list.php +++ b/htdocs/fichinter/list.php @@ -66,7 +66,7 @@ $diroutputmassaction = $conf->ficheinter->dir_output.'/temp/massgeneration/'.$us $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/fourn/product/list.php b/htdocs/fourn/product/list.php index 53ef035c151..dde0e8a435f 100644 --- a/htdocs/fourn/product/list.php +++ b/htdocs/fourn/product/list.php @@ -44,7 +44,7 @@ $optioncss = GETPOST('optioncss', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/holiday/define_holiday.php b/htdocs/holiday/define_holiday.php index 0e83d68509d..4c57f112fef 100644 --- a/htdocs/holiday/define_holiday.php +++ b/htdocs/holiday/define_holiday.php @@ -42,7 +42,7 @@ $search_supervisor = GETPOST('search_supervisor', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/holiday/document.php b/htdocs/holiday/document.php index 47a2d5dc86b..717c71dda29 100644 --- a/htdocs/holiday/document.php +++ b/htdocs/holiday/document.php @@ -51,7 +51,7 @@ $result = restrictedArea($user, 'holiday', $id, 'holiday'); // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/holiday/list.php b/htdocs/holiday/list.php index e5d20b9f12f..02874815022 100644 --- a/htdocs/holiday/list.php +++ b/htdocs/holiday/list.php @@ -84,7 +84,7 @@ $diroutputmassaction = $conf->holiday->dir_output.'/temp/massgeneration/'.$user- // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/holiday/view_log.php b/htdocs/holiday/view_log.php index 44d57e9860a..2d4b41826a6 100644 --- a/htdocs/holiday/view_log.php +++ b/htdocs/holiday/view_log.php @@ -52,7 +52,7 @@ if (empty($year)) // Load variable for pagination $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/loan/list.php b/htdocs/loan/list.php index fc0e766ed9b..ec5031a7079 100644 --- a/htdocs/loan/list.php +++ b/htdocs/loan/list.php @@ -37,7 +37,7 @@ $result = restrictedArea($user, 'loan', '', '', ''); $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/margin/agentMargins.php b/htdocs/margin/agentMargins.php index 6ff9cdc7274..7cad5068d93 100644 --- a/htdocs/margin/agentMargins.php +++ b/htdocs/margin/agentMargins.php @@ -37,7 +37,7 @@ $mesg = ''; // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/margin/checkMargins.php b/htdocs/margin/checkMargins.php index 83e743e0d68..62f110677be 100644 --- a/htdocs/margin/checkMargins.php +++ b/htdocs/margin/checkMargins.php @@ -42,7 +42,7 @@ $optioncss = GETPOST('optioncss', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/margin/customerMargins.php b/htdocs/margin/customerMargins.php index e1fd6876e0f..185f8df13f4 100644 --- a/htdocs/margin/customerMargins.php +++ b/htdocs/margin/customerMargins.php @@ -46,7 +46,7 @@ $mesg = ''; // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/margin/productMargins.php b/htdocs/margin/productMargins.php index 7039beddd30..ca9f2b6f96d 100644 --- a/htdocs/margin/productMargins.php +++ b/htdocs/margin/productMargins.php @@ -50,7 +50,7 @@ $mesg = ''; // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index 333c7dce45a..9f2cda9bcc3 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -84,7 +84,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page < 0 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters $offset = $limit * $page; diff --git a/htdocs/mrp/mo_list.php b/htdocs/mrp/mo_list.php index 57efff54bc0..5b77e3b1b87 100644 --- a/htdocs/mrp/mo_list.php +++ b/htdocs/mrp/mo_list.php @@ -52,7 +52,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/opensurvey/list.php b/htdocs/opensurvey/list.php index e4eed717333..e9ff7f72a84 100644 --- a/htdocs/opensurvey/list.php +++ b/htdocs/opensurvey/list.php @@ -48,7 +48,7 @@ $search_status = GETPOST('search_status', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/product/inventory/list.php b/htdocs/product/inventory/list.php index 851c37ed258..f8aa47d79e8 100644 --- a/htdocs/product/inventory/list.php +++ b/htdocs/product/inventory/list.php @@ -46,7 +46,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/product/stats/commande_fournisseur.php b/htdocs/product/stats/commande_fournisseur.php index c111e075972..c2133e12a53 100644 --- a/htdocs/product/stats/commande_fournisseur.php +++ b/htdocs/product/stats/commande_fournisseur.php @@ -51,7 +51,7 @@ $mesg = ''; // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/product/stats/propal.php b/htdocs/product/stats/propal.php index f5b097d0655..5dac77e8193 100644 --- a/htdocs/product/stats/propal.php +++ b/htdocs/product/stats/propal.php @@ -51,7 +51,7 @@ $mesg = ''; // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/product/stats/supplier_proposal.php b/htdocs/product/stats/supplier_proposal.php index 5a59cbb9c83..1745a232799 100644 --- a/htdocs/product/stats/supplier_proposal.php +++ b/htdocs/product/stats/supplier_proposal.php @@ -51,7 +51,7 @@ $mesg = ''; // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/product/stock/list.php b/htdocs/product/stock/list.php index 3a5aac6ab35..478b07b3d91 100644 --- a/htdocs/product/stock/list.php +++ b/htdocs/product/stock/list.php @@ -60,7 +60,7 @@ if (!empty($conf->categorie->enabled)) // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/product/stock/massstockmove.php b/htdocs/product/stock/massstockmove.php index b281a41815d..168166ac487 100644 --- a/htdocs/product/stock/massstockmove.php +++ b/htdocs/product/stock/massstockmove.php @@ -54,7 +54,7 @@ $qty = GETPOST('qty'); $idline = GETPOST('idline'); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 diff --git a/htdocs/product/stock/productlot_list.php b/htdocs/product/stock/productlot_list.php index 2acfc513197..e1b7469ef53 100644 --- a/htdocs/product/stock/productlot_list.php +++ b/htdocs/product/stock/productlot_list.php @@ -52,7 +52,7 @@ $search_import_key = GETPOST('search_import_key', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php index b7e7c808bdc..e418f8b519b 100644 --- a/htdocs/product/stock/replenish.php +++ b/htdocs/product/stock/replenish.php @@ -66,7 +66,7 @@ $fk_entrepot = GETPOST('fk_entrepot', 'int'); $texte = ''; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; diff --git a/htdocs/product/stock/stockatdate.php b/htdocs/product/stock/stockatdate.php index f8046ba6448..59d85de6b6a 100644 --- a/htdocs/product/stock/stockatdate.php +++ b/htdocs/product/stock/stockatdate.php @@ -65,7 +65,7 @@ $productid = GETPOST('productid', 'int'); $fk_warehouse = GETPOST('fk_warehouse', 'int'); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; diff --git a/htdocs/reception/list.php b/htdocs/reception/list.php index 53b15dacb70..a92c72a4b51 100644 --- a/htdocs/reception/list.php +++ b/htdocs/reception/list.php @@ -62,7 +62,7 @@ $optioncss = GETPOST('optioncss', 'alpha'); $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (!$sortfield) $sortfield = "e.ref"; if (!$sortorder) $sortorder = "DESC"; diff --git a/htdocs/recruitment/recruitmentcandidature_list.php b/htdocs/recruitment/recruitmentcandidature_list.php index 2bc5ce3e015..f3ee50665e0 100644 --- a/htdocs/recruitment/recruitmentcandidature_list.php +++ b/htdocs/recruitment/recruitmentcandidature_list.php @@ -84,7 +84,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page < 0 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters $offset = $limit * $page; diff --git a/htdocs/recruitment/recruitmentjobposition_list.php b/htdocs/recruitment/recruitmentjobposition_list.php index 38657db557b..a0194feb647 100644 --- a/htdocs/recruitment/recruitmentjobposition_list.php +++ b/htdocs/recruitment/recruitmentjobposition_list.php @@ -84,7 +84,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page < 0 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters $offset = $limit * $page; diff --git a/htdocs/resource/document.php b/htdocs/resource/document.php index 13447b03dde..fa7fb07dbb0 100644 --- a/htdocs/resource/document.php +++ b/htdocs/resource/document.php @@ -51,7 +51,7 @@ $result = restrictedArea($user, 'resource', $id, 'resource'); // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/salaries/document.php b/htdocs/salaries/document.php index be8ff801bca..06d572012bb 100644 --- a/htdocs/salaries/document.php +++ b/htdocs/salaries/document.php @@ -52,7 +52,7 @@ $result = restrictedArea($user, 'salaries', '', '', ''); // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/ticket/card.php b/htdocs/ticket/card.php index fcf1013d982..9d91b2ab2d3 100644 --- a/htdocs/ticket/card.php +++ b/htdocs/ticket/card.php @@ -56,7 +56,7 @@ $action = GETPOST('action', 'aZ09'); $notifyTiers = GETPOST("notify_tiers_at_create", 'alpha'); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); if (GETPOST('actioncode', 'array')) { $actioncode = GETPOST('actioncode', 'array', 3); diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index c4c1cbadcc9..fe36e8bced0 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -62,7 +62,7 @@ $mode = GETPOST('mode', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page < 0 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters $offset = $limit * $page; diff --git a/htdocs/user/group/list.php b/htdocs/user/group/list.php index ace4e863c01..336fbc19727 100644 --- a/htdocs/user/group/list.php +++ b/htdocs/user/group/list.php @@ -58,7 +58,7 @@ if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } $offset = $limit * $page; diff --git a/htdocs/user/list.php b/htdocs/user/list.php index b51a486d58d..81fbf006f28 100644 --- a/htdocs/user/list.php +++ b/htdocs/user/list.php @@ -52,7 +52,7 @@ $mode = GETPOST("mode", 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } $offset = $limit * $page; diff --git a/htdocs/zapier/hook_list.php b/htdocs/zapier/hook_list.php index 8b2a8d70bc4..ab69c576445 100644 --- a/htdocs/zapier/hook_list.php +++ b/htdocs/zapier/hook_list.php @@ -50,7 +50,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action From 7cc75ac873773e42518c673459842cc2a56de59e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 14:43:58 +0200 Subject: [PATCH 37/75] Fix: removing also " when removing " from a received parameter. --- htdocs/core/lib/functions.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index eba9db46df6..cbcc685e32a 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -592,7 +592,7 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null { // '"' is dangerous because param in url can close the href= or src= and add javascript functions. // '../' is dangerous because it allows dir transversals - $out = str_replace(array('"', '../'), '', trim($out)); + $out = str_replace(array('"', '"', '../'), '', trim($out)); $out = dol_string_nohtmltag($out, 0); } break; @@ -5716,7 +5716,7 @@ function dol_htmlcleanlastbr($stringtodecode) * @param string $a Operand a * @param string $b Operand b (ENT_QUOTES=convert simple and double quotes) * @param string $c Operand c - * @param string $keepsomeentities Entities but &, <, >, " are not converted. + * @param string $keepsomeentities Entities but &, <, >, " are not converted. * @return string String decoded */ function dol_html_entity_decode($a, $b, $c = 'UTF-8', $keepsomeentities = 0) From e123a4cb849b2bad155aa53fd073891f4c937e2c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 15:09:29 +0200 Subject: [PATCH 38/75] Fix help on minimum nb of chars --- .../modules/security/generate/modGeneratePassPerso.class.php | 4 ++-- .../security/generate/modGeneratePassStandard.class.php | 2 +- htdocs/langs/en_US/admin.lang | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/core/modules/security/generate/modGeneratePassPerso.class.php b/htdocs/core/modules/security/generate/modGeneratePassPerso.class.php index 6251f02a0de..79d6865037a 100644 --- a/htdocs/core/modules/security/generate/modGeneratePassPerso.class.php +++ b/htdocs/core/modules/security/generate/modGeneratePassPerso.class.php @@ -81,8 +81,8 @@ class modGeneratePassPerso extends ModeleGenPassword $this->user = $user; if (empty($conf->global->USER_PASSWORD_PATTERN)) { - // default value (8carac, 1maj, 1digit, 1spe, 3 repeat, no ambi at auto generation. - dolibarr_set_const($db, "USER_PASSWORD_PATTERN", '8;1;1;1;3;1', 'chaine', 0, '', $conf->entity); + // default value (10carac, 1maj, 1digit, 1spe, 3 repeat, no ambi at auto generation. + dolibarr_set_const($db, "USER_PASSWORD_PATTERN", '10;1;1;1;3;1', 'chaine', 0, '', $conf->entity); } $this->Maj = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; diff --git a/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php b/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php index 23b71244cbd..0c5f2c1807c 100644 --- a/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php +++ b/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php @@ -75,7 +75,7 @@ class modGeneratePassStandard extends ModeleGenPassword public function getDescription() { global $langs; - return $langs->trans("PasswordGenerationStandard"); + return $langs->trans("PasswordGenerationStandard", $this->length); } /** diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 9545335b378..bbee1152ec1 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -1309,7 +1309,7 @@ GetBarCode=Get barcode NumberingModules=Numbering models DocumentModules=Document models ##### Module password generation -PasswordGenerationStandard=Return a password generated according to internal Dolibarr algorithm: 8 characters containing shared numbers and characters in lowercase. +PasswordGenerationStandard=Return a password generated according to internal Dolibarr algorithm: %s characters containing shared numbers and characters in lowercase. PasswordGenerationNone=Do not suggest a generated password. Password must be typed in manually. PasswordGenerationPerso=Return a password according to your personally defined configuration. SetupPerso=According to your configuration From f575c503f10f0e56d1a1f38b78e357a16f736f0f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 15:21:59 +0200 Subject: [PATCH 39/75] Fix css --- htdocs/user/card.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 8142ab323a1..60d898a064d 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -1,7 +1,7 @@ * Copyright (C) 2002-2003 Jean-Louis Bergamo - * Copyright (C) 2004-2015 Laurent Destailleur + * Copyright (C) 2004-2020 Laurent Destailleur * Copyright (C) 2004 Eric Seigne * Copyright (C) 2005-2018 Regis Houssin * Copyright (C) 2005 Lionel Cousteix @@ -1434,7 +1434,7 @@ if ($action == 'create' || $action == 'adduserldap') { if ($object->pass) $valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').preg_replace('/./i', '*', $object->pass); else { - if ($user->admin) $valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').$langs->trans("Crypted").': '.$object->pass_indatabase_crypted; + if ($user->admin && $user->id == $object->id) $valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').$langs->trans("Crypted").': '.$object->pass_indatabase_crypted; else $valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').''.$langs->trans("Hidden").''; } } @@ -1453,7 +1453,7 @@ if ($action == 'create' || $action == 'adduserldap') if (!empty($conf->api->enabled) && $user->admin) { print ''.$langs->trans("ApiKey").''; print ''; - if (!empty($object->api_key)) print preg_replace('/./', '*', $object->api_key); + if (!empty($object->api_key)) print ''.preg_replace('/./', '*', $object->api_key).''; print ''; } From 6bcc1d65eb0d87c842ed3dc49770553066ec729d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 15:28:16 +0200 Subject: [PATCH 40/75] Always hide hash --- htdocs/user/card.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 60d898a064d..d5c8fc4320e 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -1434,7 +1434,12 @@ if ($action == 'create' || $action == 'adduserldap') { if ($object->pass) $valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').preg_replace('/./i', '*', $object->pass); else { - if ($user->admin && $user->id == $object->id) $valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').$langs->trans("Crypted").': '.$object->pass_indatabase_crypted; + if ($user->admin && $user->id == $object->id) { + $valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').$langs->trans("Crypted").': '; + print ''.$langs->trans("Hidden").''; + // TODO Add a feature to reveal the hash + print ''; + } else $valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').''.$langs->trans("Hidden").''; } } @@ -1454,6 +1459,9 @@ if ($action == 'create' || $action == 'adduserldap') print ''.$langs->trans("ApiKey").''; print ''; if (!empty($object->api_key)) print ''.preg_replace('/./', '*', $object->api_key).''; + if ($user->admin || $user->id == $object->id) { + // TODO Add a feature to reveal the hash + } print ''; } From dbf8ed2feccacadb8fb8cc416992c7748b386cdb Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 15:29:13 +0200 Subject: [PATCH 41/75] Fix output --- htdocs/user/card.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/user/card.php b/htdocs/user/card.php index d5c8fc4320e..36b834a401e 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -1436,9 +1436,9 @@ if ($action == 'create' || $action == 'adduserldap') else { if ($user->admin && $user->id == $object->id) { $valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').$langs->trans("Crypted").': '; - print ''.$langs->trans("Hidden").''; + $valuetoshow .= ''.$langs->trans("Hidden").''; // TODO Add a feature to reveal the hash - print ''; + $valuetoshow .= ''; } else $valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').''.$langs->trans("Hidden").''; } From 5a22a07637d6ddda066fcaabc4ac0e2596792180 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 15:30:20 +0200 Subject: [PATCH 42/75] css --- htdocs/user/card.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 36b834a401e..9943eddb694 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -1435,7 +1435,8 @@ if ($action == 'create' || $action == 'adduserldap') if ($object->pass) $valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').preg_replace('/./i', '*', $object->pass); else { if ($user->admin && $user->id == $object->id) { - $valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').$langs->trans("Crypted").': '; + $valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : ''); + $valuetoshow .= ''.$langs->trans("Crypted").' - '; $valuetoshow .= ''.$langs->trans("Hidden").''; // TODO Add a feature to reveal the hash $valuetoshow .= ''; From d73642559cb793f23f1789b441570eb7b17b12fe Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 15:31:16 +0200 Subject: [PATCH 43/75] Fix --- htdocs/user/card.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 9943eddb694..39bc9ee2fc2 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -1436,10 +1436,10 @@ if ($action == 'create' || $action == 'adduserldap') else { if ($user->admin && $user->id == $object->id) { $valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : ''); - $valuetoshow .= ''.$langs->trans("Crypted").' - '; + //$valuetoshow .= ''.$langs->trans("Crypted").' - '; $valuetoshow .= ''.$langs->trans("Hidden").''; // TODO Add a feature to reveal the hash - $valuetoshow .= ''; + $valuetoshow .= ''; } else $valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').''.$langs->trans("Hidden").''; } From d04d1d1499e4d2226721bf36bf1f867f6a3cc475 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 16:13:57 +0200 Subject: [PATCH 44/75] Use note_private instead of note --- htdocs/cron/card.php | 10 ++++++---- htdocs/cron/class/cronjob.class.php | 18 +++++++++--------- htdocs/user/card.php | 4 ++-- 3 files changed, 17 insertions(+), 15 deletions(-) diff --git a/htdocs/cron/card.php b/htdocs/cron/card.php index a39d4ba48b5..de4b8a03daa 100644 --- a/htdocs/cron/card.php +++ b/htdocs/cron/card.php @@ -136,7 +136,7 @@ if ($action == 'add') $object->params = GETPOST('params'); $object->md5params = GETPOST('md5params'); $object->module_name = GETPOST('module_name', 'alpha'); - $object->note = GETPOST('note', 'none'); + $object->note_private = GETPOST('note', 'restricthtml'); $object->datestart = dol_mktime(GETPOST('datestarthour', 'int'), GETPOST('datestartmin', 'int'), 0, GETPOST('datestartmonth', 'int'), GETPOST('datestartday', 'int'), GETPOST('datestartyear', 'int')); $object->dateend = dol_mktime(GETPOST('dateendhour', 'int'), GETPOST('dateendmin', 'int'), 0, GETPOST('dateendmonth', 'int'), GETPOST('dateendday', 'int'), GETPOST('dateendyear', 'int')); $object->datenextrun = dol_mktime(GETPOST('datenextrunhour', 'int'), GETPOST('datenextrunmin', 'int'), 0, GETPOST('datenextrunmonth', 'int'), GETPOST('datenextrunday', 'int'), GETPOST('datenextrunyear', 'int')); @@ -171,7 +171,7 @@ if ($action == 'update') $object->params = GETPOST('params'); $object->md5params = GETPOST('md5params'); $object->module_name = GETPOST('module_name', 'alpha'); - $object->note = GETPOST('note', 'none'); + $object->note_private = GETPOST('note', 'restricthtml'); $object->datestart = dol_mktime(GETPOST('datestarthour', 'int'), GETPOST('datestartmin', 'int'), 0, GETPOST('datestartmonth', 'int'), GETPOST('datestartday', 'int'), GETPOST('datestartyear', 'int')); $object->dateend = dol_mktime(GETPOST('dateendhour', 'int'), GETPOST('dateendmin', 'int'), 0, GETPOST('dateendmonth', 'int'), GETPOST('dateendday', 'int'), GETPOST('dateendyear', 'int')); $object->datenextrun = dol_mktime(GETPOST('datenextrunhour', 'int'), GETPOST('datenextrunmin', 'int'), 0, GETPOST('datenextrunmonth', 'int'), GETPOST('datenextrunday', 'int'), GETPOST('datenextrunyear', 'int')); @@ -382,7 +382,7 @@ if (($action == "create") || ($action == "edit")) print ''; print $langs->trans('CronNote').""; - $doleditor = new DolEditor('note', $object->note, '', 160, 'dolibarr_notes', 'In', true, false, 0, ROWS_4, '90%'); + $doleditor = new DolEditor('note', $object->note_private, '', 160, 'dolibarr_notes', 'In', true, false, 0, ROWS_4, '90%'); $doleditor->Create(); print ""; print ""; @@ -581,7 +581,9 @@ if (($action == "create") || ($action == "edit")) print ''; print $langs->trans('CronNote').""; - print $langs->trans($object->note); + if (!is_null($object->note_private) && $object->note_private != '') { + print $langs->trans($object->note_private); + } print ""; if (!empty($conf->multicompany->enabled)) diff --git a/htdocs/cron/class/cronjob.class.php b/htdocs/cron/class/cronjob.class.php index fc038bb78bf..e1c9861cc9e 100644 --- a/htdocs/cron/class/cronjob.class.php +++ b/htdocs/cron/class/cronjob.class.php @@ -151,7 +151,7 @@ class Cronjob extends CommonObject if (isset($this->unitfrequency)) $this->unitfrequency = trim($this->unitfrequency); if (isset($this->frequency)) $this->frequency = trim($this->frequency); if (isset($this->status)) $this->status = trim($this->status); - if (isset($this->note)) $this->note = trim($this->note); + if (isset($this->note_private)) $this->note_private = trim($this->note_private); if (isset($this->nbrun)) $this->nbrun = trim($this->nbrun); if (isset($this->libname)) $this->libname = trim($this->libname); if (isset($this->test)) $this->test = trim($this->test); @@ -251,7 +251,7 @@ class Cronjob extends CommonObject $sql .= " ".(!isset($this->status) ? '0' : $this->status).","; $sql .= " ".$user->id.","; $sql .= " ".$user->id.","; - $sql .= " ".(!isset($this->note) ? 'NULL' : "'".$this->db->escape($this->note)."'").","; + $sql .= " ".(!isset($this->note_private) ? 'NULL' : "'".$this->db->escape($this->note_private)."'").","; $sql .= " ".(!isset($this->nbrun) ? '0' : $this->db->escape($this->nbrun)).","; $sql .= " ".(empty($this->maxrun) ? '0' : $this->db->escape($this->maxrun)).","; $sql .= " ".(!isset($this->libname) ? 'NULL' : "'".$this->db->escape($this->libname)."'").","; @@ -322,7 +322,7 @@ class Cronjob extends CommonObject $sql .= " t.processing,"; $sql .= " t.fk_user_author,"; $sql .= " t.fk_user_mod,"; - $sql .= " t.note,"; + $sql .= " t.note as note_private,"; $sql .= " t.nbrun,"; $sql .= " t.maxrun,"; $sql .= " t.libname,"; @@ -366,7 +366,7 @@ class Cronjob extends CommonObject $this->processing = $obj->processing; $this->fk_user_author = $obj->fk_user_author; $this->fk_user_mod = $obj->fk_user_mod; - $this->note = $obj->note; + $this->note_private = $obj->note_private; $this->nbrun = $obj->nbrun; $this->maxrun = $obj->maxrun; $this->libname = $obj->libname; @@ -429,7 +429,7 @@ class Cronjob extends CommonObject $sql .= " t.processing,"; $sql .= " t.fk_user_author,"; $sql .= " t.fk_user_mod,"; - $sql .= " t.note,"; + $sql .= " t.note as note_private,"; $sql .= " t.nbrun,"; $sql .= " t.libname,"; $sql .= " t.test"; @@ -501,7 +501,7 @@ class Cronjob extends CommonObject $line->processing = $obj->processing; $line->fk_user_author = $obj->fk_user_author; $line->fk_user_mod = $obj->fk_user_mod; - $line->note = $obj->note; + $line->note_private = $obj->note_private; $line->nbrun = $obj->nbrun; $line->libname = $obj->libname; $line->test = $obj->test; @@ -551,7 +551,7 @@ class Cronjob extends CommonObject if (isset($this->unitfrequency)) $this->unitfrequency = trim($this->unitfrequency); if (isset($this->frequency)) $this->frequency = trim($this->frequency); if (isset($this->status)) $this->status = trim($this->status); - if (isset($this->note)) $this->note = trim($this->note); + if (isset($this->note_private)) $this->note_private = trim($this->note_private); if (isset($this->nbrun)) $this->nbrun = trim($this->nbrun); if (isset($this->libname)) $this->libname = trim($this->libname); if (isset($this->test)) $this->test = trim($this->test); @@ -625,7 +625,7 @@ class Cronjob extends CommonObject $sql .= " status=".(isset($this->status) ? $this->status : "null").","; $sql .= " processing=".((isset($this->processing) && $this->processing > 0) ? $this->processing : "0").","; $sql .= " fk_user_mod=".$user->id.","; - $sql .= " note=".(isset($this->note) ? "'".$this->db->escape($this->note)."'" : "null").","; + $sql .= " note=".(isset($this->note_private) ? "'".$this->db->escape($this->note_private)."'" : "null").","; $sql .= " nbrun=".((isset($this->nbrun) && $this->nbrun > 0) ? $this->nbrun : "null").","; $sql .= " maxrun=".((isset($this->maxrun) && $this->maxrun > 0) ? $this->maxrun : "0").","; $sql .= " libname=".(isset($this->libname) ? "'".$this->db->escape($this->libname)."'" : "null").","; @@ -785,7 +785,7 @@ class Cronjob extends CommonObject $this->processing = 0; $this->fk_user_author = 0; $this->fk_user_mod = 0; - $this->note = ''; + $this->note_private = ''; $this->nbrun = ''; $this->maxrun = 100; $this->libname = ''; diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 39bc9ee2fc2..209d70d5213 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -1153,7 +1153,7 @@ if ($action == 'create' || $action == 'adduserldap') print $langs->trans("Note"); print ''; require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; - $doleditor = new DolEditor('note', GETPOSTISSET('note') ?GETPOST('note', 'none') : '', '', 120, 'dolibarr_notes', '', false, true, $conf->global->FCKEDITOR_ENABLE_SOCIETE, ROWS_3, '90%'); + $doleditor = new DolEditor('note', GETPOSTISSET('note') ? GETPOST('note', 'restricthtml') : '', '', 120, 'dolibarr_notes', '', false, true, $conf->global->FCKEDITOR_ENABLE_SOCIETE, ROWS_3, '90%'); $doleditor->Create(); print "\n"; @@ -1161,7 +1161,7 @@ if ($action == 'create' || $action == 'adduserldap') print ''.$langs->trans("Signature").''; print ''; require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; - $doleditor = new DolEditor('signature', GETPOST('signature'), '', 138, 'dolibarr_notes', 'In', true, true, empty($conf->global->FCKEDITOR_ENABLE_USERSIGN) ? 0 : 1, ROWS_4, '90%'); + $doleditor = new DolEditor('signature', GETPOST('signature', 'restricthtml'), '', 138, 'dolibarr_notes', 'In', true, true, empty($conf->global->FCKEDITOR_ENABLE_USERSIGN) ? 0 : 1, ROWS_4, '90%'); print $doleditor->Create(1); print ''; From eae5410ced1ae22563c253c3669fd4dca0035c63 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 16:57:39 +0200 Subject: [PATCH 45/75] Protect md file --- htdocs/core/boxes/modules_boxes.php | 1 + htdocs/core/lib/functions.lib.php | 1 + htdocs/modulebuilder/index.php | 8 +++++++- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/htdocs/core/boxes/modules_boxes.php b/htdocs/core/boxes/modules_boxes.php index e5fa9d8fb0d..51719ec6c15 100644 --- a/htdocs/core/boxes/modules_boxes.php +++ b/htdocs/core/boxes/modules_boxes.php @@ -422,6 +422,7 @@ class ModeleBoxes // Can't be abtract as it is instantiated to build "empty" box { while (($file = readdir($handle)) !== false) { + $reg = array(); if (is_readable($newdir.'/'.$file) && preg_match('/^(.+)\.php/', $file, $reg)) { if (preg_match('/\.back$/', $file)) continue; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index cbcc685e32a..585d3394cf9 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -7970,6 +7970,7 @@ function dol_mimetype($file, $default = 'application/octet-stream', $mode = 0) if (preg_match('/\.ini$/i', $tmpfile)) { $mime = 'text/plain'; $imgmime = 'text.png'; $srclang = 'ini'; $famime = 'file-text-o'; } if (preg_match('/\.md$/i', $tmpfile)) { $mime = 'text/plain'; $imgmime = 'text.png'; $srclang = 'md'; $famime = 'file-text-o'; } if (preg_match('/\.css$/i', $tmpfile)) { $mime = 'text/css'; $imgmime = 'css.png'; $srclang = 'css'; $famime = 'file-text-o'; } + if (preg_match('/\.lang$/i', $tmpfile)) { $mime = 'text/plain'; $imgmime = 'text.png'; $srclang = 'lang'; $famime = 'file-text-o'; } // Certificate files if (preg_match('/\.(crt|cer|key|pub)$/i', $tmpfile)) { $mime = 'text/plain'; $imgmime = 'text.png'; $famime = 'file-text-o'; } // XML based (HTML/XML/XAML) diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index eb350eb9a3a..87226e0fe10 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -1463,7 +1463,13 @@ if ($action == 'savefile' && empty($cancel)) dol_copy($pathoffile, $pathoffilebackup, 0, 1); } - $content = GETPOST('editfilecontent', 'none'); + $check = 'restricthtml'; + $srclang = dol_mimetype($pathoffile, '', 3); + if ($srclang == 'md') $check = 'restricthtml'; + if ($srclang == 'lang') $check = 'restricthtml'; + if ($srclang == 'php') $check = 'none'; + + $content = GETPOST('editfilecontent', $check); // Save file on disk if ($content) From 08f4b4f64a67d6b0c48b713f1274e659e1d6174b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 17:05:03 +0200 Subject: [PATCH 46/75] Typo --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index e18c662955e..c08148c4c5a 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -62,7 +62,7 @@ No vulnerability disclosure, including partial is allowed for the moment. ## Scope for qualified vulnerabilities -ONLY vulnerabilities discovered, when the following setup on tested platform is used, are accepted: +ONLY vulnerabilities discovered, when the following setup on test platform is used, are accepted: * $dolibarr_main_prod must be set to 1 into conf.php * $dolibarr_nocsrfcheck must be kept to the value 0 into conf.php (this is the default value) From 28fad93fb740c552f52cfdc7941e645cf0379b25 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 17:30:44 +0200 Subject: [PATCH 47/75] Typo --- htdocs/paypal/admin/paypal.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/paypal/admin/paypal.php b/htdocs/paypal/admin/paypal.php index 8ac4cacb231..1e88163c563 100644 --- a/htdocs/paypal/admin/paypal.php +++ b/htdocs/paypal/admin/paypal.php @@ -202,7 +202,7 @@ print ''; print ''; -print $langs->trans("VendorName").''; +print $langs->trans("PublicVendorName").''; print ''; print '   '.$langs->trans("Example").': '.$mysoc->name.''; print ''; From caaf0d370a99c9c0c56ce46dc7b9ac24ebef2a85 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 19:01:01 +0200 Subject: [PATCH 48/75] Fix #yogosha4474 --- htdocs/projet/card.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index b0b830fb666..b748b3ce9a9 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -119,12 +119,12 @@ if (empty($reshook)) if ($action == 'add' && $user->rights->projet->creer) { $error = 0; - if (empty($_POST["ref"])) + if (! GETPOST('ref')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Ref")), null, 'errors'); $error++; } - if (empty($_POST["title"])) + if (! GETPOST('title')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Label")), null, 'errors'); $error++; @@ -148,13 +148,13 @@ if (empty($reshook)) $db->begin(); - $object->ref = GETPOST('ref', 'alpha'); - $object->title = GETPOST('title', 'none'); // Do not use 'alpha' here, we want field as it is + $object->ref = GETPOST('ref', 'alphanohtml'); + $object->title = GETPOST('title', 'alphanohtml'); $object->socid = GETPOST('socid', 'int'); $object->description = GETPOST('description', 'restricthtml'); // Do not use 'alpha' here, we want field as it is - $object->public = GETPOST('public', 'alpha'); - $object->opp_amount = price2num(GETPOST('opp_amount', 'alpha')); - $object->budget_amount = price2num(GETPOST('budget_amount', 'alpha')); + $object->public = GETPOST('public', 'alphanohtml'); + $object->opp_amount = price2num(GETPOST('opp_amount', 'alphanohtml')); + $object->budget_amount = price2num(GETPOST('budget_amount', 'alphanohtml')); $object->date_c = dol_now(); $object->date_start = $date_start; $object->date_end = $date_end; From f5908c29daf24efd9e3fb0fce12e26282e49fa67 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 20:55:20 +0200 Subject: [PATCH 49/75] Fix regression in website module to get javascript files --- htdocs/document.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/document.php b/htdocs/document.php index 1bb4ce285e8..d4d2b5fb909 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -157,7 +157,8 @@ $type = 'application/octet-stream'; // By default if (GETPOST('type', 'alpha')) $type = GETPOST('type', 'alpha'); else $type = dol_mimetype($original_file); // Security: Force to octet-stream if file is a dangerous file. For example when it is a .noexe file -if (!dolIsAllowedForPreview($original_file)) { +// We do not force if file is a javascript to be able to get js from website module with From 534846c5c70498a986bf2d754bebe0eb5508db5e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 18 Sep 2020 04:30:24 +0200 Subject: [PATCH 66/75] NEW Framework is ready for CSRF token protection on explicit GET URLs. --- htdocs/core/lib/functions.lib.php | 4 +- htdocs/core/modules/modOpenSurvey.class.php | 2 +- htdocs/langs/en_US/main.lang | 1 + htdocs/main.inc.php | 15 +++++--- .../template/myobject_agenda.php | 22 ++++++++++- .../modulebuilder/template/myobject_card.php | 2 +- .../template/myobject_document.php | 20 ++++++++++ .../modulebuilder/template/myobject_list.php | 37 ++++++++++--------- .../modulebuilder/template/myobject_note.php | 22 ++++++++++- htdocs/user/perms.php | 24 ++++++------ 10 files changed, 108 insertions(+), 41 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 879e6ac8b61..051f8a031ca 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -3160,8 +3160,8 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ // Define $color $arrayconvpictotocolor = array( - 'address'=>'#aaa', 'building'=>'#aaa', 'bom'=>'#a69944', - 'companies'=>'#aaa', 'company'=>'#aaa', 'contact'=>'#37a', 'dynamicprice'=>'#a69944', + 'address'=>'#6c6aa8', 'building'=>'#6c6aa8', 'bom'=>'#a69944', + 'companies'=>'#6c6aa8', 'company'=>'#6c6aa8', 'contact'=>'#37a', 'dynamicprice'=>'#a69944', 'edit'=>'#444', 'note'=>'#999', 'error'=>'', 'help'=>'#bbb', 'listlight'=>'#999', 'dolly'=>'#a69944', 'dollyrevert'=>'#a69944', 'lot'=>'#a69944', 'map-marker-alt'=>'#aaa', 'mrp'=>'#a69944', 'product'=>'#a69944', 'service'=>'#a69944', 'stock'=>'#a69944', diff --git a/htdocs/core/modules/modOpenSurvey.class.php b/htdocs/core/modules/modOpenSurvey.class.php index 165cb9d5858..1c1774c83fd 100644 --- a/htdocs/core/modules/modOpenSurvey.class.php +++ b/htdocs/core/modules/modOpenSurvey.class.php @@ -64,7 +64,7 @@ class modOpenSurvey extends DolibarrModules // Name of image file used for this module. // If file is in theme/yourtheme/img directory under name object_pictovalue.png, use this->picto='pictovalue' // If file is in module/img directory under name object_pictovalue.png, use this->picto='pictovalue@module' - $this->picto = '^date@opensurvey'; + $this->picto = 'poll'; // Data directories to create when module is enabled $this->dirs = array(); diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang index 04d29a7e0e2..31f0e536558 100644 --- a/htdocs/langs/en_US/main.lang +++ b/htdocs/langs/en_US/main.lang @@ -1092,3 +1092,4 @@ APPROVEDInDolibarr=Record %s approved DefaultMailModel=Default Mail Model PublicVendorName=Public name of vendor DateOfBirth=Date of birth +SecurityTokenHasExpiredSoActionHasBeenCanceledPleaseRetry=Security token has expired, so action has been canceled. Please try again. \ No newline at end of file diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index db8f7beec45..84356148724 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -351,19 +351,22 @@ if (!defined('NOTOKENRENEWAL')) if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN)) || defined('CSRFCHECK_WITH_TOKEN')) // Check validity of token, only if option MAIN_SECURITY_CSRF_WITH_TOKEN enabled or if constant CSRFCHECK_WITH_TOKEN is set { - if ($_SERVER['REQUEST_METHOD'] == 'POST' && !GETPOSTISSET('token')) // Note: offender can still send request by GET + if ($_SERVER['REQUEST_METHOD'] == 'POST' || (GETPOSTISSET('action') && defined('CSRFCHECK_WITH_TOKEN'))) // Note: offender can still send request by GET without token (but never for an action on page with CSRFCHECK_WITH_TOKEN defined) { - dol_syslog("--- Access to ".$_SERVER["PHP_SELF"]." refused by CSRFCHECK_WITH_TOKEN protection. Token not provided."); - print "Access by POST method refused by CSRF protection in main.inc.php. Token not provided.\n"; - print "If you access your server behind a proxy using url rewriting, you might check that all HTTP header is propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file or MAIN_SECURITY_CSRF_WITH_TOKEN to 0 into setup).\n"; - die; + if (!GETPOSTISSET('token')) { + dol_syslog("--- Access to ".$_SERVER["PHP_SELF"]." refused by CSRFCHECK_WITH_TOKEN protection. Token not provided."); + print "Access by POST method (or to a page with CSRFCHECK_WITH_TOKEN on) is refused by CSRF protection in main.inc.php. Token not provided.\n"; + print "If you access your server behind a proxy using url rewriting, you might check that all HTTP header is propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file or MAIN_SECURITY_CSRF_WITH_TOKEN to 0 into setup).\n"; + die; + } } if (GETPOSTISSET('token') && GETPOST('token', 'alpha') != $_SESSION['token']) { dol_syslog("--- Access to ".$_SERVER["PHP_SELF"]." refused due to invalid token, so we disable POST and some GET parameters - referer=".$_SERVER['HTTP_REFERER'].", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha').", _SESSION['token']=".$_SESSION['token'], LOG_WARNING); //print 'Unset POST by CSRF protection in main.inc.php.'; // Do not output anything because this create problems when using the BACK button on browsers. - if ($conf->global->MAIN_FEATURES_LEVEL > 1) setEventMessages('Unset POST by CSRF protection in main.inc.php (POST for this token was already done or was done by a not allowed web page with a wrong token).'."
\n".'$_SERVER[REQUEST_URI] = '.$_SERVER['REQUEST_URI'].' $_SERVER[REQUEST_METHOD] = '.$_SERVER['REQUEST_METHOD'].' GETPOST(token) = '.GETPOST('token', 'alpha').' $_SESSION[token] = '.$_SESSION['token'], null, 'warnings'); + setEventMessages('SecurityTokenHasExpiredSoActionHasBeenCanceledPleaseRetry', null, 'warnings'); + //if ($conf->global->MAIN_FEATURES_LEVEL >= 1) setEventMessages('Unset POST and GET params by CSRF protection in main.inc.php (Token provided was not generated by the previous page).'."
\n".'$_SERVER[REQUEST_URI] = '.$_SERVER['REQUEST_URI'].' $_SERVER[REQUEST_METHOD] = '.$_SERVER['REQUEST_METHOD'].' GETPOST(token) = '.GETPOST('token', 'alpha').' $_SESSION[token] = '.$_SESSION['token'], null, 'warnings'); unset($_POST); unset($_GET['confirm']); } diff --git a/htdocs/modulebuilder/template/myobject_agenda.php b/htdocs/modulebuilder/template/myobject_agenda.php index 96396437314..e05b4e93491 100644 --- a/htdocs/modulebuilder/template/myobject_agenda.php +++ b/htdocs/modulebuilder/template/myobject_agenda.php @@ -19,9 +19,29 @@ /** * \file htdocs/modulebuilder/template/myobject_agenda.php * \ingroup mymodule - * \brief Page of MyObject events + * \brief Tab of events on MyObject */ +//if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1'); // Do not create database handler $db +//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1'); // Do not load object $user +//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); // Do not load object $mysoc +//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); // Do not load object $langs +//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION','1'); // Do not check injection attack on GET parameters +//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION','1'); // Do not check injection attack on POST parameters +//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). +//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) +//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK','1'); // Do not check style html tag into posted data +//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); // If there is no need to load and show top and left menu +//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1'); // If we don't need to load the html.form.class.php +//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1'); // Do not load ajax.lib.php library +//if (! defined("NOLOGIN")) define("NOLOGIN",'1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. +//if (! defined('NOIPCHECK')) define('NOIPCHECK','1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT','auto'); // Force lang to a particular value +//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE','aloginmodule'); // Force authentication handler +//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN',1); // The main.inc.php does not make a redirect if not logged, instead show simple error message +//if (! defined("FORCECSP")) define('FORCECSP','none'); // Disable all Content Security Policies +//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN','1'); // Force use of CSRF protection with tokens even for GET + // Load Dolibarr environment $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index 1fcfabbe7c6..d97bc8f7f35 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -40,7 +40,7 @@ //if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE','aloginmodule'); // Force authentication handler //if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN',1); // The main.inc.php does not make a redirect if not logged, instead show simple error message //if (! defined("FORCECSP")) define('FORCECSP','none'); // Disable all Content Security Policies - +//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN','1'); // Force use of CSRF protection with tokens even for GET // Load Dolibarr environment $res = 0; diff --git a/htdocs/modulebuilder/template/myobject_document.php b/htdocs/modulebuilder/template/myobject_document.php index 186edc11da1..46a8d0c3a10 100644 --- a/htdocs/modulebuilder/template/myobject_document.php +++ b/htdocs/modulebuilder/template/myobject_document.php @@ -22,6 +22,26 @@ * \brief Tab for documents linked to MyObject */ +//if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1'); // Do not create database handler $db +//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1'); // Do not load object $user +//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); // Do not load object $mysoc +//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); // Do not load object $langs +//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION','1'); // Do not check injection attack on GET parameters +//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION','1'); // Do not check injection attack on POST parameters +//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). +//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) +//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK','1'); // Do not check style html tag into posted data +//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); // If there is no need to load and show top and left menu +//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1'); // If we don't need to load the html.form.class.php +//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1'); // Do not load ajax.lib.php library +//if (! defined("NOLOGIN")) define("NOLOGIN",'1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. +//if (! defined('NOIPCHECK')) define('NOIPCHECK','1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT','auto'); // Force lang to a particular value +//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE','aloginmodule'); // Force authentication handler +//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN',1); // The main.inc.php does not make a redirect if not logged, instead show simple error message +//if (! defined("FORCECSP")) define('FORCECSP','none'); // Disable all Content Security Policies +//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN','1'); // Force use of CSRF protection with tokens even for GET + // Load Dolibarr environment $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index 9f2cda9bcc3..86c0e456e14 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -22,24 +22,25 @@ * \brief List page for myobject */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session) -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', '1'); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("XFRAMEOPTIONS_ALLOWALL")) define('XFRAMEOPTIONS_ALLOWALL', '1'); // Do not add the HTTP header 'X-Frame-Options: SAMEORIGIN' but 'X-Frame-Options: ALLOWALL' +//if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1'); // Do not create database handler $db +//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1'); // Do not load object $user +//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); // Do not load object $mysoc +//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); // Do not load object $langs +//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION','1'); // Do not check injection attack on GET parameters +//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION','1'); // Do not check injection attack on POST parameters +//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). +//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) +//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK','1'); // Do not check style html tag into posted data +//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); // If there is no need to load and show top and left menu +//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1'); // If we don't need to load the html.form.class.php +//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1'); // Do not load ajax.lib.php library +//if (! defined("NOLOGIN")) define("NOLOGIN",'1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. +//if (! defined('NOIPCHECK')) define('NOIPCHECK','1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT','auto'); // Force lang to a particular value +//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE','aloginmodule'); // Force authentication handler +//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN',1); // The main.inc.php does not make a redirect if not logged, instead show simple error message +//if (! defined("FORCECSP")) define('FORCECSP','none'); // Disable all Content Security Policies +//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN','1'); // Force use of CSRF protection with tokens even for GET // Load Dolibarr environment $res = 0; diff --git a/htdocs/modulebuilder/template/myobject_note.php b/htdocs/modulebuilder/template/myobject_note.php index 99b706d4a76..1a6fd1a4cc6 100644 --- a/htdocs/modulebuilder/template/myobject_note.php +++ b/htdocs/modulebuilder/template/myobject_note.php @@ -19,9 +19,29 @@ /** * \file htdocs/modulebuilder/template/myobject_note.php * \ingroup mymodule - * \brief Car with notes on MyObject + * \brief Tab for notes on MyObject */ +//if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1'); // Do not create database handler $db +//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1'); // Do not load object $user +//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); // Do not load object $mysoc +//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); // Do not load object $langs +//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION','1'); // Do not check injection attack on GET parameters +//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION','1'); // Do not check injection attack on POST parameters +//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). +//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) +//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK','1'); // Do not check style html tag into posted data +//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); // If there is no need to load and show top and left menu +//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1'); // If we don't need to load the html.form.class.php +//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1'); // Do not load ajax.lib.php library +//if (! defined("NOLOGIN")) define("NOLOGIN",'1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. +//if (! defined('NOIPCHECK')) define('NOIPCHECK','1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip +//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT','auto'); // Force lang to a particular value +//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE','aloginmodule'); // Force authentication handler +//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN',1); // The main.inc.php does not make a redirect if not logged, instead show simple error message +//if (! defined("FORCECSP")) define('FORCECSP','none'); // Disable all Content Security Policies +//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN','1'); // Force use of CSRF protection with tokens even for GET + // Load Dolibarr environment $res = 0; // Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index a6f5fbe1c7f..4827af26bb6 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -23,9 +23,11 @@ /** * \file htdocs/user/perms.php - * \brief Onglet user et permissions de la fiche utilisateur + * \brief Page to set permission of a user record */ +if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN','1'); // Force use of CSRF protection with tokens even for GET + require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; @@ -87,7 +89,7 @@ $reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); if (empty($reshook)) { - if ($action == 'addrights' && $caneditperms) { + if ($action == 'addrights' && $caneditperms && $confirm == 'yes') { $edituser = new User($db); $edituser->fetch($object->id); $result = $edituser->addrights($rights, $module, '', $entity); @@ -107,7 +109,7 @@ if (empty($reshook)) { $object->getrights(); } - if ($action == 'delrights' && $caneditperms) { + if ($action == 'delrights' && $caneditperms && $confirm == 'yes') { $edituser = new User($db); $edituser->fetch($object->id); $result = $edituser->delrights($rights, $module, '', $entity); @@ -278,9 +280,9 @@ if (($caneditperms && empty($objMod->rights_admin_allowed)) || empty($object->ad if ($caneditperms) { print ''; - print ''.$langs->trans("All").""; + print ''.$langs->trans("All").""; print ' / '; - print ''.$langs->trans("None").""; + print ''.$langs->trans("None").""; print ''; } print ' '; @@ -349,9 +351,9 @@ if ($result) if ($caneditperms) { print ''; - print 'module.'">'.$langs->trans("All").""; + print 'module.'&confirm=yes&token='.newToken().'">'.$langs->trans("All").""; print ' / '; - print 'module.'">'.$langs->trans("None").""; + print 'module.'&confirm=yes&token='.newToken().'">'.$langs->trans("None").""; print ''; } print ' '; @@ -365,7 +367,7 @@ if ($result) print ' '; // Module Id - if ($user->admin) print ''.$objMod->numero.''; + print ''; print ''."\n"; } @@ -392,7 +394,7 @@ if ($result) { if ($caneditperms) { - print 'id.'">'.img_edit_remove($langs->trans("Remove")).''; + print 'id.'&confirm=yes&token='.newToken().'">'.img_edit_remove($langs->trans("Remove")).''; } print ''; print img_picto($langs->trans("Active"), 'tick'); @@ -414,7 +416,7 @@ if ($result) // Do not own permission if ($caneditperms) { - print 'id.'">'.img_edit_add($langs->trans("Add")).''; + print 'id.'&confirm=yes&token='.newToken().'">'.img_edit_add($langs->trans("Add")).''; } print ' '; } @@ -422,7 +424,7 @@ if ($result) // Do not own permission if ($caneditperms) { - print 'id.'">'.img_edit_add($langs->trans("Add")).''; + print 'id.'&confirm=yes&token='.newToken().'">'.img_edit_add($langs->trans("Add")).''; } print ' '; } From aa3f9063709bdb53c3bf02617a12ce8b8320ae4f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 18 Sep 2020 04:53:43 +0200 Subject: [PATCH 67/75] Standardize code --- htdocs/core/menus/init_menu_auguria.sql | 2 +- htdocs/core/menus/standard/eldy.lib.php | 2 +- htdocs/holiday/card.php | 49 ++++++++++++++----------- htdocs/holiday/document.php | 30 ++++++++++++--- htdocs/holiday/list.php | 4 +- 5 files changed, 56 insertions(+), 31 deletions(-) diff --git a/htdocs/core/menus/init_menu_auguria.sql b/htdocs/core/menus/init_menu_auguria.sql index 8d4a033efb3..b5f96655ed7 100644 --- a/htdocs/core/menus/init_menu_auguria.sql +++ b/htdocs/core/menus/init_menu_auguria.sql @@ -405,7 +405,7 @@ insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, left insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->hrm->enabled', __HANDLER__, 'left', 4602__+MAX_llx_menu__, 'hrm', '', 4600__+MAX_llx_menu__, '/user/list.php?mainmenu=hrm&leftmenu=hrm&mode=employee&contextpage=employeelist', 'List', 1, 'hrm', '$user->rights->hrm->employee->read', '', 0, 2, __ENTITY__); -- HRM - Holiday insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->holiday->enabled', __HANDLER__, 'left', 5000__+MAX_llx_menu__, 'hrm', 'hrm', 15__+MAX_llx_menu__, '/holiday/list.php?mainmenu=hrm&leftmenu=hrm', 'CPTitreMenu', 0, 'holiday', '$user->rights->holiday->read', '', 0, 1, __ENTITY__); -insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->holiday->enabled', __HANDLER__, 'left', 5001__+MAX_llx_menu__, 'hrm', '', 5000__+MAX_llx_menu__, '/holiday/card.php?mainmenu=hrm&action=request', 'MenuAddCP', 1, 'holiday', '$user->rights->holiday->write', '', 0, 1, __ENTITY__); +insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->holiday->enabled', __HANDLER__, 'left', 5001__+MAX_llx_menu__, 'hrm', '', 5000__+MAX_llx_menu__, '/holiday/card.php?mainmenu=hrm&action=create', 'MenuAddCP', 1, 'holiday', '$user->rights->holiday->write', '', 0, 1, __ENTITY__); insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->holiday->enabled', __HANDLER__, 'left', 5002__+MAX_llx_menu__, 'hrm', '', 5000__+MAX_llx_menu__, '/holiday/list.php?mainmenu=hrm&leftmenu=hrm', 'List', 1, 'holiday', '$user->rights->holiday->read', '', 0, 1, __ENTITY__); insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->holiday->enabled', __HANDLER__, 'left', 5003__+MAX_llx_menu__, 'hrm', '', 5002__+MAX_llx_menu__, '/holiday/list.php?mainmenu=hrm&search_statut=2&leftmenu=hrm', 'ListToApprove', 2, 'trips', '$user->rights->holiday->read', '', 0, 1, __ENTITY__); insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->holiday->enabled', __HANDLER__, 'left', 5004__+MAX_llx_menu__, 'hrm', '', 5000__+MAX_llx_menu__, '/holiday/define_holiday.php?mainmenu=hrm&action=request', 'MenuConfCP', 1, 'holiday', '$user->rights->holiday->define_holiday', '', 0, 2, __ENTITY__); diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index a76a4839242..f721d7d4c5c 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -1773,7 +1773,7 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM $langs->loadLangs(array("holiday", "trips")); $newmenu->add("/holiday/list.php?mainmenu=hrm&leftmenu=hrm", $langs->trans("CPTitreMenu"), 0, $user->rights->holiday->read, '', $mainmenu, 'hrm'); - $newmenu->add("/holiday/card.php?mainmenu=hrm&leftmenu=holiday&action=request", $langs->trans("New"), 1, $user->rights->holiday->write); + $newmenu->add("/holiday/card.php?mainmenu=hrm&leftmenu=holiday&action=create", $langs->trans("New"), 1, $user->rights->holiday->write); $newmenu->add("/holiday/list.php?mainmenu=hrm&leftmenu=hrm", $langs->trans("List"), 1, $user->rights->holiday->read); if ($usemenuhider || empty($leftmenu) || $leftmenu == "hrm") { $newmenu->add("/holiday/list.php?search_statut=1&mainmenu=hrm&leftmenu=hrm", $langs->trans("DraftCP"), 2, $user->rights->holiday->read); diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php index a1956d72ecb..3bacf8d6d6a 100644 --- a/htdocs/holiday/card.php +++ b/htdocs/holiday/card.php @@ -114,15 +114,15 @@ if (empty($reshook)) $action = ''; } - // If create a request - if ($action == 'create') + // Add leave request + if ($action == 'add') { // If no right to create a request if (!$cancreate) { $error++; setEventMessages($langs->trans('CantCreateCP'), null, 'errors'); - $action = 'request'; + $action = 'create'; } if (!$error) @@ -151,7 +151,7 @@ if (empty($reshook)) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Type")), null, 'errors'); $error++; - $action = 'create'; + $action = 'add'; } // If no start date @@ -159,21 +159,21 @@ if (empty($reshook)) { setEventMessages($langs->trans("NoDateDebut"), null, 'errors'); $error++; - $action = 'create'; + $action = 'add'; } // If no end date if (empty($date_fin)) { setEventMessages($langs->trans("NoDateFin"), null, 'errors'); $error++; - $action = 'create'; + $action = 'add'; } // If start date after end date if ($date_debut > $date_fin) { setEventMessages($langs->trans("ErrorEndDateCP"), null, 'errors'); $error++; - $action = 'create'; + $action = 'add'; } // Check if there is already holiday for this period @@ -182,7 +182,7 @@ if (empty($reshook)) { setEventMessages($langs->trans("alreadyCPexist"), null, 'errors'); $error++; - $action = 'create'; + $action = 'add'; } // If there is no Business Days within request @@ -191,7 +191,7 @@ if (empty($reshook)) { setEventMessages($langs->trans("ErrorDureeCP"), null, 'errors'); $error++; - $action = 'create'; + $action = 'add'; } // If no validator designated @@ -275,7 +275,8 @@ if (empty($reshook)) // If no right to modify a request if (!$user->rights->holiday->write) { - header('Location: '.$_SERVER["PHP_SELF"].'?action=request&error=CantUpdate'); + setEventMessages($langs->trans("CantUpdate"), null, 'errors'); + header('Location: '.$_SERVER["PHP_SELF"].'?action=create'); exit; } @@ -863,7 +864,7 @@ $listhalfday = array('morning'=>$langs->trans("Morning"), "afternoon"=>$langs->t llxHeader('', $langs->trans('CPTitreMenu')); -if ((empty($id) && empty($ref)) || $action == 'add' || $action == 'request' || $action == 'create') +if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add') { // Si l'utilisateur n'a pas le droit de faire une demande if (($fuserid == $user->id && empty($user->rights->holiday->write)) || ($fuserid != $user->id && empty($user->rights->holiday->write_all))) @@ -943,7 +944,7 @@ if ((empty($id) && empty($ref)) || $action == 'add' || $action == 'request' || $ // Formulaire de demande print '
'."\n"; print ''."\n"; - print ''."\n"; + print ''."\n"; if (empty($conf->global->HOLIDAY_HIDE_BALANCE)) { @@ -1008,8 +1009,7 @@ if ((empty($id) && empty($ref)) || $action == 'add' || $action == 'request' || $ // Date start print ''; print ''; - print $langs->trans("DateDebCP"); - print ' ('.$langs->trans("FirstDayOfHoliday").')'; + print $form->textwithpicto($langs->trans("DateDebCP"), $langs->trans("FirstDayOfHoliday")); print ''; print ''; // Si la demande ne vient pas de l'agenda @@ -1027,8 +1027,7 @@ if ((empty($id) && empty($ref)) || $action == 'add' || $action == 'request' || $ // Date end print ''; print ''; - print $langs->trans("DateFinCP"); - print ' ('.$langs->trans("LastDayOfHoliday").')'; + print $form->textwithpicto($langs->trans("DateFinCP"), $langs->trans("LastDayOfHoliday")); print ''; print ''; // Si la demande ne vient pas de l'agenda @@ -1197,7 +1196,9 @@ if ((empty($id) && empty($ref)) || $action == 'add' || $action == 'request' || $ if (!$edit) { print ''; - print ''.$langs->trans('DateDebCP').' ('.$langs->trans("FirstDayOfHoliday").')'; + print ''; + print $form->textwithpicto($langs->trans('DateDebCP'), $langs->trans("FirstDayOfHoliday")); + print ''; print ''.dol_print_date($object->date_debut, 'day'); print '     '; print ''.$langs->trans($listhalfday[$starthalfday]).''; @@ -1205,7 +1206,9 @@ if ((empty($id) && empty($ref)) || $action == 'add' || $action == 'request' || $ print ''; } else { print ''; - print ''.$langs->trans('DateDebCP').' ('.$langs->trans("FirstDayOfHoliday").')'; + print ''; + print $form->textwithpicto($langs->trans('DateDebCP'), $langs->trans("FirstDayOfHoliday")); + print ''; print ''; print $form->selectDate($object->date_debut, 'date_debut_'); print '     '; @@ -1217,7 +1220,9 @@ if ((empty($id) && empty($ref)) || $action == 'add' || $action == 'request' || $ if (!$edit) { print ''; - print ''.$langs->trans('DateFinCP').' ('.$langs->trans("LastDayOfHoliday").')'; + print ''; + print $form->textwithpicto($langs->trans('DateFinCP'), $langs->trans("LastDayOfHoliday")); + print ''; print ''.dol_print_date($object->date_fin, 'day'); print '     '; print ''.$langs->trans($listhalfday[$endhalfday]).''; @@ -1225,7 +1230,9 @@ if ((empty($id) && empty($ref)) || $action == 'add' || $action == 'request' || $ print ''; } else { print ''; - print ''.$langs->trans('DateFinCP').' ('.$langs->trans("LastDayOfHoliday").')'; + print ''; + print $form->textwithpicto($langs->trans('DateFinCP'), $langs->trans("LastDayOfHoliday")); + print ''; print ''; print $form->selectDate($object->date_fin, 'date_fin_'); print '     '; @@ -1236,7 +1243,7 @@ if ((empty($id) && empty($ref)) || $action == 'add' || $action == 'request' || $ // Nb of days print ''; - print ''; + print ''; $htmlhelp = $langs->trans('NbUseDaysCPHelp'); $includesaturday = (isset($conf->global->MAIN_NON_WORKING_DAYS_INCLUDE_SATURDAY) ? $conf->global->MAIN_NON_WORKING_DAYS_INCLUDE_SATURDAY : 1); $includesunday = (isset($conf->global->MAIN_NON_WORKING_DAYS_INCLUDE_SUNDAY) ? $conf->global->MAIN_NON_WORKING_DAYS_INCLUDE_SUNDAY : 1); diff --git a/htdocs/holiday/document.php b/htdocs/holiday/document.php index 717c71dda29..9fd7f7b45b8 100644 --- a/htdocs/holiday/document.php +++ b/htdocs/holiday/document.php @@ -130,7 +130,8 @@ if ($object->id) print ''.$langs->trans("Type").''; print ''; $typeleaves = $object->getTypes(1, -1); - print empty($typeleaves[$object->fk_type]['label']) ? $langs->trans("TypeWasDisabledOrRemoved", $object->fk_type) : $typeleaves[$object->fk_type]['label']; + $labeltoshow = (($typeleaves[$object->fk_type]['code'] && $langs->trans($typeleaves[$object->fk_type]['code']) != $typeleaves[$object->fk_type]['code']) ? $langs->trans($typeleaves[$object->fk_type]['code']) : $typeleaves[$object->fk_type]['label']); + print empty($labeltoshow) ? $langs->trans("TypeWasDisabledOrRemoved", $object->fk_type) : $labeltoshow; print ''; print ''; @@ -140,7 +141,9 @@ if ($object->id) if (!$edit) { print ''; - print ''.$langs->trans('DateDebCP').' ('.$langs->trans("FirstDayOfHoliday").')'; + print ''; + print $form->textwithpicto($langs->trans('DateDebCP'), $langs->trans("FirstDayOfHoliday")); + print ''; print ''.dol_print_date($object->date_debut, 'day'); print '     '; print ''.$langs->trans($listhalfday[$starthalfday]).''; @@ -148,7 +151,9 @@ if ($object->id) print ''; } else { print ''; - print ''.$langs->trans('DateDebCP').' ('.$langs->trans("FirstDayOfHoliday").')'; + print ''; + print $form->textwithpicto($langs->trans('DateDebCP'), $langs->trans("FirstDayOfHoliday")); + print ''; print ''; print $form->selectDate($object->date_debut, 'date_debut_'); print '     '; @@ -160,7 +165,9 @@ if ($object->id) if (!$edit) { print ''; - print ''.$langs->trans('DateFinCP').' ('.$langs->trans("LastDayOfHoliday").')'; + print ''; + print $form->textwithpicto($langs->trans('DateFinCP'), $langs->trans("LastDayOfHoliday")); + print ''; print ''.dol_print_date($object->date_fin, 'day'); print '     '; print ''.$langs->trans($listhalfday[$endhalfday]).''; @@ -168,7 +175,9 @@ if ($object->id) print ''; } else { print ''; - print ''.$langs->trans('DateFinCP').' ('.$langs->trans("LastDayOfHoliday").')'; + print ''; + print $form->textwithpicto($langs->trans('DateFinCP'), $langs->trans("LastDayOfHoliday")); + print ''; print ''; print $form->selectDate($object->date_fin, 'date_fin_'); print '     '; @@ -176,8 +185,17 @@ if ($object->id) print ''; print ''; } + + // Nb days consumed print ''; - print ''.$langs->trans('NbUseDaysCP').''; + print ''; + $htmlhelp = $langs->trans('NbUseDaysCPHelp'); + $includesaturday = (isset($conf->global->MAIN_NON_WORKING_DAYS_INCLUDE_SATURDAY) ? $conf->global->MAIN_NON_WORKING_DAYS_INCLUDE_SATURDAY : 1); + $includesunday = (isset($conf->global->MAIN_NON_WORKING_DAYS_INCLUDE_SUNDAY) ? $conf->global->MAIN_NON_WORKING_DAYS_INCLUDE_SUNDAY : 1); + if ($includesaturday) $htmlhelp .= '
'.$langs->trans("DayIsANonWorkingDay", $langs->trans("Saturday")); + if ($includesunday) $htmlhelp .= '
'.$langs->trans("DayIsANonWorkingDay", $langs->trans("Sunday")); + print $form->textwithpicto($langs->trans('NbUseDaysCP'), $htmlhelp); + print ''; print ''.num_open_day($object->date_debut_gmt, $object->date_fin_gmt, 0, 1, $object->halfday).''; print ''; diff --git a/htdocs/holiday/list.php b/htdocs/holiday/list.php index 02874815022..50de7121833 100644 --- a/htdocs/holiday/list.php +++ b/htdocs/holiday/list.php @@ -425,7 +425,7 @@ if ($resql) if ($canedit) { - print ''.$langs->trans("AddCP").''; + print ''.$langs->trans("AddCP").''; } print '
'; @@ -435,7 +435,7 @@ if ($resql) $newcardbutton = ''; if ($user->rights->holiday->write) { - $newcardbutton .= dolGetButtonTitle($langs->trans('MenuAddCP'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/holiday/card.php?action=request'); + $newcardbutton .= dolGetButtonTitle($langs->trans('MenuAddCP'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/holiday/card.php?action=create'); } print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'title_hrm', 0, $newcardbutton, '', $limit, 0, 0, 1); From 234b9f1f575c82c91d2a3cbf5d7f4534d17e8969 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 18 Sep 2020 05:07:58 +0200 Subject: [PATCH 68/75] Fix CSRF --- htdocs/main.inc.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 84356148724..995327bdee2 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -351,7 +351,8 @@ if (!defined('NOTOKENRENEWAL')) if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN)) || defined('CSRFCHECK_WITH_TOKEN')) // Check validity of token, only if option MAIN_SECURITY_CSRF_WITH_TOKEN enabled or if constant CSRFCHECK_WITH_TOKEN is set { - if ($_SERVER['REQUEST_METHOD'] == 'POST' || (GETPOSTISSET('action') && defined('CSRFCHECK_WITH_TOKEN'))) // Note: offender can still send request by GET without token (but never for an action on page with CSRFCHECK_WITH_TOKEN defined) + // Check all cases that need a token (all POST and some GET) + if ($_SERVER['REQUEST_METHOD'] == 'POST' || (GETPOSTISSET('action') && defined('CSRFCHECK_WITH_TOKEN')) || in_array(GETPOST('action', 'aZ09'), array('add', 'update'))) { if (!GETPOSTISSET('token')) { dol_syslog("--- Access to ".$_SERVER["PHP_SELF"]." refused by CSRFCHECK_WITH_TOKEN protection. Token not provided."); From bb55572abf1f7f735351d4607abbf37cd4a5f8a5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 18 Sep 2020 05:11:29 +0200 Subject: [PATCH 69/75] Update scope of security --- SECURITY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index c08148c4c5a..406b4c9fda1 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -67,13 +67,13 @@ ONLY vulnerabilities discovered, when the following setup on test platform is us * $dolibarr_main_prod must be set to 1 into conf.php * $dolibarr_nocsrfcheck must be kept to the value 0 into conf.php (this is the default value) * $dolibarr_main_force_https must be set to something else than 0. -* The module DebugBar must NOT be enabled (by default, this module is not enabled. This is a developer tool) -* The module ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool) * The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this protection should be enabled soon by default) +* The module DebugBar must NOT be enabled (by default, this module is not enabled. This is a developer tool) * The module ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool) * ONLY security reports on modules provided by default and with the "stable" status are allowed (troubles into "experimental", "developement" or external modules are not accepted). * The root of web server must link to htdocs and the documents directory must be outside of the web server root (this is the default when using the default installer but may differs with external installer). * The web server setup must be done so only the documents directory is in write mode. The root directory with htdocs must be readonly. +* Ability for a high level user to edit web site pages in the CMS by including javascript is an expected feature. Scope is the web application (back office) and the APIs. From 05d85ee4c1f032886d3c0ed9a30947e8f1cbc336 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 18 Sep 2020 05:34:50 +0200 Subject: [PATCH 70/75] Update scope --- SECURITY.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 406b4c9fda1..be4c601fb45 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -72,7 +72,8 @@ ONLY vulnerabilities discovered, when the following setup on test platform is us * The module ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool) * ONLY security reports on modules provided by default and with the "stable" status are allowed (troubles into "experimental", "developement" or external modules are not accepted). * The root of web server must link to htdocs and the documents directory must be outside of the web server root (this is the default when using the default installer but may differs with external installer). -* The web server setup must be done so only the documents directory is in write mode. The root directory with htdocs must be readonly. +* The web server setup must be done so only the documents directory is in write mode. The root directory called htdocs must be readonly. +* CSRF attacks are accepted for all when using a POST URL, but are accepted only for creating or updating data from pages resctricted to the admin users when using GET URL. * Ability for a high level user to edit web site pages in the CMS by including javascript is an expected feature. Scope is the web application (back office) and the APIs. From ca2e79395c0b574bbe58bca4fb3522f4ccec27b5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 18 Sep 2020 05:35:37 +0200 Subject: [PATCH 71/75] typo --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index be4c601fb45..06d1407229a 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -73,7 +73,7 @@ ONLY vulnerabilities discovered, when the following setup on test platform is us * ONLY security reports on modules provided by default and with the "stable" status are allowed (troubles into "experimental", "developement" or external modules are not accepted). * The root of web server must link to htdocs and the documents directory must be outside of the web server root (this is the default when using the default installer but may differs with external installer). * The web server setup must be done so only the documents directory is in write mode. The root directory called htdocs must be readonly. -* CSRF attacks are accepted for all when using a POST URL, but are accepted only for creating or updating data from pages resctricted to the admin users when using GET URL. +* CSRF attacks are accepted for all when using a POST URL, but are accepted only for creating or updating data resctricted to the admin user when using GET URL. * Ability for a high level user to edit web site pages in the CMS by including javascript is an expected feature. Scope is the web application (back office) and the APIs. From b49211b27806bc441647685a85a357a5413fe7f7 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 18 Sep 2020 05:37:20 +0200 Subject: [PATCH 72/75] Phpcs --- htdocs/user/perms.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index 4827af26bb6..5ffa87c4758 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -26,7 +26,7 @@ * \brief Page to set permission of a user record */ -if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN','1'); // Force use of CSRF protection with tokens even for GET +if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN','1'); // Force use of CSRF protection with tokens even for GET require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php'; From b35db6b9dd7cd4cb1b51786ab54a712d033d5210 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 18 Sep 2020 06:02:52 +0200 Subject: [PATCH 73/75] Clean code managing canvas --- htdocs/adherents/card.php | 2 +- htdocs/contact/agenda.php | 2 +- htdocs/contact/card.php | 2 +- htdocs/contact/document.php | 2 +- htdocs/core/ajax/contacts.php | 6 +++++- htdocs/product/list.php | 6 +++--- htdocs/societe/card.php | 3 +-- htdocs/societe/contact.php | 7 ++----- 8 files changed, 15 insertions(+), 15 deletions(-) diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 90151eca32b..d7a05a1805e 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -82,7 +82,7 @@ if (!empty($canvas)) { } // Security check -$result = restrictedArea($user, 'adherent', $id, '', '', 'socid', 'rowid', $objcanvas); +$result = restrictedArea($user, 'adherent', $id, '', '', 'socid', 'rowid', 0); if ($id > 0) { // Load member diff --git a/htdocs/contact/agenda.php b/htdocs/contact/agenda.php index 0ea0018632b..7ac512bd32f 100644 --- a/htdocs/contact/agenda.php +++ b/htdocs/contact/agenda.php @@ -83,7 +83,7 @@ $search_agenda_label = GETPOST('search_agenda_label'); // Security check if ($user->socid) $socid = $user->socid; -$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', $objcanvas); // If we create a contact with no company (shared contacts), no check on write permission +$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', 0); // If we create a contact with no company (shared contacts), no check on write permission $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php index 71657966e4e..dab7242b598 100644 --- a/htdocs/contact/card.php +++ b/htdocs/contact/card.php @@ -78,7 +78,7 @@ if (!empty($canvas)) // Security check if ($user->socid) $socid = $user->socid; -$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', $objcanvas); // If we create a contact with no company (shared contacts), no check on write permission +$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', 0); // If we create a contact with no company (shared contacts), no check on write permission // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('contactcard', 'globalcard')); diff --git a/htdocs/contact/document.php b/htdocs/contact/document.php index e21ee3e492b..f8498ddae9a 100644 --- a/htdocs/contact/document.php +++ b/htdocs/contact/document.php @@ -52,7 +52,7 @@ if (!empty($canvas)) // Security check if ($user->socid) $socid = $user->socid; -$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', $objcanvas); // If we create a contact with no company (shared contacts), no check on write permission +$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', 0); // If we create a contact with no company (shared contacts), no check on write permission // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; diff --git a/htdocs/core/ajax/contacts.php b/htdocs/core/ajax/contacts.php index 104e57df592..b352cf7aa16 100644 --- a/htdocs/core/ajax/contacts.php +++ b/htdocs/core/ajax/contacts.php @@ -27,11 +27,15 @@ if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); require '../../main.inc.php'; -$id = GETPOST('id', 'int'); +$id = GETPOST('id', 'int'); // id of thirdparty $action = GETPOST('action', 'aZ09'); $htmlname = GETPOST('htmlname', 'alpha'); $showempty = GETPOST('showempty', 'int'); +// Security check +$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', $objcanvas); + + /* * View */ diff --git a/htdocs/product/list.php b/htdocs/product/list.php index 2217d85ccfc..50d59168342 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -127,9 +127,9 @@ if (!empty($canvas)) } // Security check -if ($search_type == '0') $result = restrictedArea($user, 'produit', '', '', '', '', '', $objcanvas); -elseif ($search_type == '1') $result = restrictedArea($user, 'service', '', '', '', '', '', $objcanvas); -else $result = restrictedArea($user, 'produit|service', '', '', '', '', '', $objcanvas); +if ($search_type == '0') $result = restrictedArea($user, 'produit', '', '', '', '', '', 0); +elseif ($search_type == '1') $result = restrictedArea($user, 'service', '', '', '', '', '', 0); +else $result = restrictedArea($user, 'produit|service', '', '', '', '', '', 0); // Define virtualdiffersfromphysical $virtualdiffersfromphysical = 0; diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index f8500d49068..b19c3bc814a 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -85,7 +85,6 @@ if (!($object->id > 0) && $action == 'view') } // Get object canvas (By default, this is not defined, so standard usage of dolibarr) -$object->getCanvas($socid); $canvas = $object->canvas ? $object->canvas : GETPOST("canvas"); $objcanvas = null; if (!empty($canvas)) @@ -96,7 +95,7 @@ if (!empty($canvas)) } // Security check -$result = restrictedArea($user, 'societe', $socid, '&societe', '', 'fk_soc', 'rowid', $objcanvas); +$result = restrictedArea($user, 'societe', $socid, '&societe', '', 'fk_soc', 'rowid', 0); $permissiontoread = $user->rights->societe->lire; $permissiontoadd = $user->rights->societe->creer; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php diff --git a/htdocs/societe/contact.php b/htdocs/societe/contact.php index 2b362268c4b..c1761c7f601 100644 --- a/htdocs/societe/contact.php +++ b/htdocs/societe/contact.php @@ -68,7 +68,7 @@ $extrafields->fetch_name_optionals_label($object->table_element); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('thirdpartycontact', 'globalcard')); -if ($action == 'view' && $object->fetch($socid) <= 0) +if ($object->fetch($socid) <= 0 && $action == 'view') { $langs->load("errors"); print($langs->trans('ErrorRecordNotFound')); @@ -76,7 +76,6 @@ if ($action == 'view' && $object->fetch($socid) <= 0) } // Get object canvas (By default, this is not defined, so standard usage of dolibarr) -$object->getCanvas($socid); $canvas = $object->canvas ? $object->canvas : GETPOST("canvas"); $objcanvas = null; if (!empty($canvas)) @@ -87,12 +86,10 @@ if (!empty($canvas)) } // Security check -$result = restrictedArea($user, 'societe', $socid, '&societe', '', 'fk_soc', 'rowid', $objcanvas); +$result = restrictedArea($user, 'societe', $socid, '&societe', '', 'fk_soc', 'rowid', 0); if (empty($user->rights->societe->contact->lire)) accessforbidden(); - - /* * Actions */ From a7a8ca0a6b1e92a5afe4e81a9d03182541f9a54e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 18 Sep 2020 06:03:59 +0200 Subject: [PATCH 74/75] Fix phpcs --- htdocs/user/perms.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index 5ffa87c4758..97cf6007327 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -26,7 +26,7 @@ * \brief Page to set permission of a user record */ -if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN','1'); // Force use of CSRF protection with tokens even for GET +if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php'; From 1ad6461ade72aa06c1789ba98ddc1c199efeae39 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 18 Sep 2020 06:10:41 +0200 Subject: [PATCH 75/75] Fix #yogosha4500 --- htdocs/core/ajax/contacts.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/ajax/contacts.php b/htdocs/core/ajax/contacts.php index b352cf7aa16..6b476a8f59a 100644 --- a/htdocs/core/ajax/contacts.php +++ b/htdocs/core/ajax/contacts.php @@ -1,6 +1,6 @@ - * Copyright (C) 2016 Laurent Destailleur + * Copyright (C) 2020 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -33,7 +33,7 @@ $htmlname = GETPOST('htmlname', 'alpha'); $showempty = GETPOST('showempty', 'int'); // Security check -$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', $objcanvas); +$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0); /*