diff --git a/htdocs/document.php b/htdocs/document.php index 17f0d61676e..2090fe89838 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -61,6 +61,7 @@ if (isset($_GET["hashp"]) && !defined("NOLOGIN")) { } } // Some value of modulepart can be used to get resources that are public so no login are required. +// Keep $_GET here, GETPOST is not available yet if ((isset($_GET["modulepart"]) && $_GET["modulepart"] == 'medias')) { if (!defined("NOLOGIN")) { define("NOLOGIN", 1); @@ -98,7 +99,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php'; $encoding = ''; $action = GETPOST('action', 'aZ09'); -$original_file = GETPOST('file', 'alphanohtml'); // Do not use urldecode here ($_GET are already decoded by PHP). +$original_file = GETPOST('file', 'alphanohtml'); $hashp = GETPOST('hashp', 'aZ09'); $modulepart = GETPOST('modulepart', 'alpha'); $urlsource = GETPOST('urlsource', 'alpha'); diff --git a/htdocs/exports/export.php b/htdocs/exports/export.php index 638dbd6b700..90439554f76 100644 --- a/htdocs/exports/export.php +++ b/htdocs/exports/export.php @@ -219,11 +219,11 @@ if ($action == 'selectfield') { // Selection of field at step 2 } } if ($action == 'unselectfield') { - if ($_GET["field"] == 'all') { + if (GETPOST("field") == 'all') { $array_selected = array(); $_SESSION["export_selected_fields"] = $array_selected; } else { - unset($array_selected[$_GET["field"]]); + unset($array_selected[GETPOST("field")]); // Renumber fields of array_selected (from 1 to nb_elements) asort($array_selected); $i = 0; @@ -238,7 +238,7 @@ if ($action == 'unselectfield') { } if ($action == 'downfield' || $action == 'upfield') { - $pos = $array_selected[$_GET["field"]]; + $pos = $array_selected[GETPOST("field")]; if ($action == 'downfield') { $newpos = $pos + 1; } @@ -253,9 +253,9 @@ if ($action == 'downfield' || $action == 'upfield') { break; } } - //print("Switch pos=$pos (code=".$_GET["field"].") and newpos=$newpos (code=$newcode)"); + //print("Switch pos=$pos (code=".GETPOST("field").") and newpos=$newpos (code=$newcode)"); if ($newcode) { // Si newcode trouve (protection contre resoumission de page) - $array_selected[$_GET["field"]] = $newpos; + $array_selected[GETPOST("field")] = $newpos; $array_selected[$newcode] = $pos; $_SESSION["export_selected_fields"] = $array_selected; } @@ -290,7 +290,7 @@ if ($action == 'builddoc') { // Delete file if ($step == 5 && $action == 'confirm_deletefile' && $confirm == 'yes') { - $file = $upload_dir."/".GETPOST('file'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). + $file = $upload_dir."/".GETPOST('file'); $ret = dol_delete_file($file); if ($ret) { diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index 0f716bcecc1..9b1c7d93518 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -1420,7 +1420,7 @@ if (empty($reshook)) { $langs->load("errors"); $db->rollback(); $action = 'create'; - $_GET['socid'] = $_POST['socid']; + //$_GET['socid'] = $_POST['socid']; } else { $db->commit(); header("Location: ".$_SERVER['PHP_SELF']."?id=".urlencode((string) ($id))); diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index e7a23eab863..b7ecdb9b8ee 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -730,8 +730,8 @@ if (empty($reshook)) { } else { $db->rollback(); $action = 'create'; - $_GET["origin"] = $_POST["origin"]; - $_GET["originid"] = $_POST["originid"]; + $_GET["origin"] = $_POST["origin"]; // Keep this ? + $_GET["originid"] = $_POST["originid"]; // Keep this ? setEventMessages("Error", null, 'errors'); $error++; } diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index ead7de640e9..e5e347d37c4 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -801,7 +801,7 @@ if (empty($reshook)) { if (empty($dateinvoice)) { setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentities('DateInvoice')), null, 'errors'); $action = 'create'; - $_GET['socid'] = $_POST['socid']; + //$_GET['socid'] = $_POST['socid']; $error++; } elseif ($dateinvoice > (dol_get_last_hour(dol_now('tzuserrel')) + (!getDolGlobalString('INVOICE_MAX_FUTURE_DELAY') ? 0 : $conf->global->INVOICE_MAX_FUTURE_DELAY))) { $error++; @@ -867,7 +867,7 @@ if (empty($reshook)) { if (empty($dateinvoice)) { setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentities('DateInvoice')), null, 'errors'); $action = 'create'; - $_GET['socid'] = $_POST['socid']; + //$_GET['socid'] = $_POST['socid']; $error++; } elseif ($dateinvoice > (dol_get_last_hour(dol_now('tzuserrel')) + (!getDolGlobalString('INVOICE_MAX_FUTURE_DELAY') ? 0 : $conf->global->INVOICE_MAX_FUTURE_DELAY))) { $error++; @@ -878,7 +878,7 @@ if (empty($reshook)) { if (!GETPOST('ref_supplier')) { setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentities('RefSupplierBill')), null, 'errors'); $action = 'create'; - $_GET['socid'] = $_POST['socid']; + //$_GET['socid'] = $_POST['socid']; $error++; } @@ -1035,7 +1035,7 @@ if (empty($reshook)) { if (empty($dateinvoice)) { setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentities('DateInvoice')), null, 'errors'); $action = 'create'; - $_GET['socid'] = $_POST['socid']; + //$_GET['socid'] = $_POST['socid']; $error++; } elseif ($dateinvoice > (dol_get_last_hour(dol_now('tzuserrel')) + (!getDolGlobalString('INVOICE_MAX_FUTURE_DELAY') ? 0 : $conf->global->INVOICE_MAX_FUTURE_DELAY))) { $error++; @@ -1046,7 +1046,7 @@ if (empty($reshook)) { if (!GETPOST('ref_supplier')) { setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentities('RefSupplierBill')), null, 'errors'); $action = 'create'; - $_GET['socid'] = $_POST['socid']; + //$_GET['socid'] = $_POST['socid']; $error++; } @@ -1405,7 +1405,7 @@ if (empty($reshook)) { setEventMessages($object->error, $object->errors, 'errors'); $action = 'create'; - $_GET['socid'] = $_POST['socid']; + //$_GET['socid'] = $_POST['socid']; } else { $db->commit(); diff --git a/htdocs/fourn/facture/document.php b/htdocs/fourn/facture/document.php index ea6fe3335d0..584f9c20303 100644 --- a/htdocs/fourn/facture/document.php +++ b/htdocs/fourn/facture/document.php @@ -157,7 +157,7 @@ if ($object->id > 0) { * Confirm delete file */ if ($action == 'delete') { - print $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id.'&urlfile='.urlencode($_GET["urlfile"]), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1); + print $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id.'&urlfile='.urlencode(GETPOST("urlfile")), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1); } print ''; diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index 190a837fca0..9a57e3ddf0d 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -137,7 +137,6 @@ $socid = GETPOSTINT('socid'); // Security check if ($user->socid > 0) { $action = ''; - $_GET["action"] = ''; $socid = $user->socid; } diff --git a/htdocs/imports/emptyexample.php b/htdocs/imports/emptyexample.php index 6d8b3f2d647..e1ca1e55bbd 100644 --- a/htdocs/imports/emptyexample.php +++ b/htdocs/imports/emptyexample.php @@ -80,13 +80,13 @@ $fieldstarget = $objimport->array_import_fields[0]; $valuestarget = $objimport->array_import_examplevalues[0]; $attachment = true; -if (isset($_GET["attachment"])) { - $attachment = $_GET["attachment"]; +if (GETPOSTISSET("attachment")) { + $attachment = GETPOST("attachment"); } //$attachment = false; $contenttype = dol_mimetype($format); -if (isset($_GET["contenttype"])) { - $contenttype = $_GET["contenttype"]; +if (GETPOSTISSET("contenttype")) { + $contenttype = GETPOST("contenttype"); } //$contenttype='text/plain'; $outputencoding = 'UTF-8'; diff --git a/htdocs/imports/import.php b/htdocs/imports/import.php index ba8128b7316..57071a1b17d 100644 --- a/htdocs/imports/import.php +++ b/htdocs/imports/import.php @@ -184,41 +184,6 @@ if (empty($array_match_file_to_database)) { * Actions */ -/* -if ($action=='downfield' || $action=='upfield') -{ - $pos=$array_match_file_to_database[$_GET["field"]]; - if ($action=='downfield') $newpos=$pos+1; - if ($action=='upfield') $newpos=$pos-1; - // Recherche code avec qui switcher - $newcode=""; - foreach($array_match_file_to_database as $code=>$value) - { - if ($value == $newpos) - { - $newcode=$code; - break; - } - } - //print("Switch pos=$pos (code=".$_GET["field"].") and newpos=$newpos (code=$newcode)"); - if ($newcode) // Si newcode trouve (protection contre resoumission de page) - { - $array_match_file_to_database[$_GET["field"]]=$newpos; - $array_match_file_to_database[$newcode]=$pos; - $_SESSION["dol_array_match_file_to_database"]=$serialized_array_match_file_to_database; - } -} -*/ -// if ($action == 'builddoc') { -// // Build import file -// $result = $objimport->build_file($user, GETPOST('model', 'alpha'), $datatoimport, $array_match_file_to_database); -// if ($result < 0) { -// setEventMessages($objimport->error, $objimport->errors, 'errors'); -// } else { -// setEventMessages($langs->trans("FileSuccessfullyBuilt"), null, 'mesgs'); -// } -// } - if ($action == 'deleteprof') { if (GETPOSTINT("id")) { $objimport->fetch(GETPOSTINT("id")); @@ -286,7 +251,7 @@ if ($step == 3 && $datatoimport) { $param .= '&endatlinenb='.urlencode($endatlinenb); } - $file = $conf->import->dir_temp.'/'.GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). + $file = $conf->import->dir_temp.'/'.GETPOST('urlfile'); $ret = dol_delete_file($file); if ($ret) { setEventMessages($langs->trans("FileWasRemoved", GETPOST('urlfile')), null, 'mesgs'); @@ -2085,7 +2050,7 @@ if ($step == 6 && $datatoimport) { $obj->import_close_file(); } - $nboflines = (!empty($_GET["nboflines"]) ? $_GET["nboflines"] : dol_count_nb_of_line($conf->import->dir_temp.'/'.$filetoimport)); + $nboflines = GETPOST("nboflines", dol_count_nb_of_line($conf->import->dir_temp.'/'.$filetoimport)); $param = '&format='.$format.'&datatoimport='.urlencode($datatoimport).'&filetoimport='.urlencode($filetoimport).'&nboflines='.urlencode($nboflines); if ($excludefirstline) { diff --git a/htdocs/index.php b/htdocs/index.php index 6ab07c74f12..1402d4de8e5 100644 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -32,7 +32,7 @@ require 'main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; // If not defined, we select menu "home" -$_GET['mainmenu'] = GETPOST('mainmenu', 'aZ09') ? GETPOST('mainmenu', 'aZ09') : 'home'; +$_GET['mainmenu'] = GETPOST('mainmenu', 'aZ09') ? GETPOST('mainmenu', 'aZ09') : 'home'; // Keep this ? $action = GETPOST('action', 'aZ09'); $hookmanager->initHooks(array('index')); diff --git a/htdocs/install/step4.php b/htdocs/install/step4.php index 7d7d3133e53..c93f4c815e1 100644 --- a/htdocs/install/step4.php +++ b/htdocs/install/step4.php @@ -87,13 +87,13 @@ if ($db->ok) { print ''; print '
'; - if (isset($_GET["error"]) && $_GET["error"] == 1) { + if (GETPOSTINT("error") == 1) { print '
'; print '
'.$langs->trans("PasswordsMismatch").'
'; $error = 0; // We show button } - if (isset($_GET["error"]) && $_GET["error"] == 2) { + if (GETPOSTINT("error") == 2) { print '
'; print '
'; print $langs->trans("PleaseTypePassword"); @@ -101,7 +101,7 @@ if ($db->ok) { $error = 0; // We show button } - if (isset($_GET["error"]) && $_GET["error"] == 3) { + if (GETPOSTINT("error") == 3) { print '
'; print '
'.$langs->trans("PleaseTypeALogin").'
'; $error = 0; // We show button diff --git a/htdocs/install/upgrade.php b/htdocs/install/upgrade.php index d80205028c8..67b22abf07d 100644 --- a/htdocs/install/upgrade.php +++ b/htdocs/install/upgrade.php @@ -418,9 +418,9 @@ if (!$ok && isset($argv[1])) { } dolibarr_install_syslog("Exit ".$ret); -dolibarr_install_syslog("--- upgrade: end ".((int) (!$ok && empty($_GET["ignoreerrors"])))." dirmodule=".$dirmodule); +dolibarr_install_syslog("--- upgrade: end ".((int) (!$ok && !GETPOST("ignoreerrors")))." dirmodule=".$dirmodule); -$nonext = (!$ok && empty($_GET["ignoreerrors"])) ? 2 : 0; +$nonext = (!$ok && !GETPOST("ignoreerrors")) ? 2 : 0; if ($dirmodule) { $nonext = 1; } diff --git a/htdocs/product/ajax/products.php b/htdocs/product/ajax/products.php index 3f26a9ad2b4..711af593d2e 100644 --- a/htdocs/product/ajax/products.php +++ b/htdocs/product/ajax/products.php @@ -35,7 +35,7 @@ if (!defined('NOREQUIREHTML')) { if (!defined('NOREQUIREAJAX')) { define('NOREQUIREAJAX', '1'); } -if (empty($_GET['keysearch']) && !defined('NOREQUIREHTML')) { +if (empty($_GET['keysearch']) && !defined('NOREQUIREHTML')) { // Keep $_GET here, GETPOST is not yet defined define('NOREQUIREHTML', '1'); } @@ -67,7 +67,6 @@ restrictedArea($user, 'produit|service|commande|propal|facture', 0, 'product&pro */ // print ''."\n"; -// print_r($_GET); if ($action == 'fetch' && !empty($id)) { // action='fetch' is used to get product information on a product. So when action='fetch', id must be the product id. diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 646c8fc7fef..3de815d6f73 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -66,8 +66,8 @@ $extrafields = new ExtraFields($db); // If socid provided by ajax company selector if (GETPOSTINT('search_fourn_id')) { - $_GET['id_fourn'] = GETPOSTINT('search_fourn_id'); - $_POST['id_fourn'] = GETPOSTINT('search_fourn_id'); + $_GET['id_fourn'] = GETPOSTINT('search_fourn_id'); // Keep set to $_GET an $_POST. Used later. + $_POST['id_fourn'] = GETPOSTINT('search_fourn_id'); // Keep set to $_GET an $_POST. Used later. } // Security check diff --git a/htdocs/product/stock/massstockmove.php b/htdocs/product/stock/massstockmove.php index 88b51aa78ab..8963040b36e 100644 --- a/htdocs/product/stock/massstockmove.php +++ b/htdocs/product/stock/massstockmove.php @@ -519,7 +519,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes') { $param .= '&endatlinenb='.urlencode($endatlinenb); } - $file = $conf->stock->dir_temp.'/'.GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). + $file = $conf->stock->dir_temp.'/'.GETPOST('urlfile'); $ret = dol_delete_file($file); if ($ret) { setEventMessages($langs->trans("FileWasRemoved", GETPOST('urlfile')), null, 'mesgs'); diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php index 39f35080378..0677267100c 100644 --- a/htdocs/product/stock/product.php +++ b/htdocs/product/stock/product.php @@ -70,7 +70,7 @@ $ref = GETPOST('ref', 'alpha'); $stocklimit = (float) GETPOST('seuil_stock_alerte'); $desiredstock = GETPOST('desiredstock'); $cancel = GETPOST('cancel', 'alpha'); -$fieldid = isset($_GET["ref"]) ? 'ref' : 'rowid'; +$fieldid = GETPOSTISSET("ref") ? 'ref' : 'rowid'; $d_eatby = dol_mktime(0, 0, 0, GETPOSTINT('eatbymonth'), GETPOSTINT('eatbyday'), GETPOSTINT('eatbyyear')); $d_sellby = dol_mktime(0, 0, 0, GETPOSTINT('sellbymonth'), GETPOSTINT('sellbyday'), GETPOSTINT('sellbyyear')); $pdluoid = GETPOSTINT('pdluoid'); diff --git a/htdocs/product/stock/valo.php b/htdocs/product/stock/valo.php index 259f139a177..36ab59584ae 100644 --- a/htdocs/product/stock/valo.php +++ b/htdocs/product/stock/valo.php @@ -30,30 +30,32 @@ require_once DOL_DOCUMENT_ROOT.'/product/stock/class/entrepot.class.php'; // Load translation files required by the page $langs->load("stocks"); -// Security check -$result = restrictedArea($user, 'stock'); - $sref = GETPOST("sref", 'alpha'); $snom = GETPOST("snom", 'alpha'); $sall = trim((GETPOST('search_all', 'alphanohtml') != '') ? GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml')); +$limit = GETPOSTINT('limit') ? GETPOSTINT('limit') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); $sortorder = GETPOST('sortorder', 'aZ09comma'); +$page = GETPOSTISSET('pageplusone') ? (GETPOSTINT('pageplusone') - 1) : GETPOSTINT('page'); +if (empty($page) || $page < 0 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha')) { + // If $page is not defined, or '' or -1 or if we click on clear filters + $page = 0; +} +$offset = $limit * $page; + if (!$sortfield) { $sortfield = "e.ref"; } if (!$sortorder) { $sortorder = "ASC"; } -$page = $_GET["page"]; -if ($page < 0) { - $page = 0; -} -$limit = GETPOSTINT('limit') ? GETPOSTINT('limit') : $conf->liste_limit; -$offset = $limit * $page; $year = dol_print_date(dol_now('gmt'), "%Y", 'gmt'); +// Security check +$result = restrictedArea($user, 'stock'); + /* * View diff --git a/htdocs/projet/tasks/contact.php b/htdocs/projet/tasks/contact.php index 015c70a72e2..723a31e9122 100644 --- a/htdocs/projet/tasks/contact.php +++ b/htdocs/projet/tasks/contact.php @@ -426,7 +426,7 @@ if ($id > 0 || !empty($ref)) { print ''; $thirdpartyofproject = $projectstatic->getListContactId('thirdparty'); - $selectedCompany = isset($_GET["newcompany"]) ? $_GET["newcompany"] : $projectstatic->socid; + $selectedCompany = GETPOSISSET("newcompany") ? GETPOST("newcompany") : $projectstatic->socid; $selectedCompany = $formcompany->selectCompaniesForNewContact($object, 'id', $selectedCompany, 'newcompany', $thirdpartyofproject, 0, '&withproject='.$withproject); print ''; diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index d36587339a1..b2bbf98186f 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -2338,7 +2338,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser // Product if (!empty($arrayfields['t.fk_product']['checked'])) { print ''; - if ($action == 'editline' && $_GET['lineid'] == $task_time->rowid) { + if ($action == 'editline' && GETPOSTINT('lineid') == $task_time->rowid) { print img_picto('', 'service'); print $form->select_produits($task_time->fk_product, 'fk_product', '1', 0, $projectstatic->thirdparty->price_level, 1, 2, '', 1, array(), $projectstatic->thirdparty->id, 'None', 0, 'maxwidth500', 0, '', null, 1); } elseif (!empty($task_time->fk_product)) { @@ -2395,7 +2395,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser if ($task_time->invoice_id) { $result = $tmpinvoice->fetch($task_time->invoice_id); if ($result > 0) { - if ($action == 'editline' && $_GET['lineid'] == $task_time->rowid) { + if ($action == 'editline' && GETPOSTINT('lineid') == $task_time->rowid) { print $formproject->selectInvoiceAndLine($task_time->invoice_id, $task_time->invoice_line_id, 'invoiceid', 'invoicelineid', 'maxwidth500', array('p.rowid' => $projectstatic->id)); } else { print $tmpinvoice->getNomUrl(1); diff --git a/htdocs/public/agenda/agendaexport.php b/htdocs/public/agenda/agendaexport.php index 484b3bab1d3..b4d6f415b33 100644 --- a/htdocs/public/agenda/agendaexport.php +++ b/htdocs/public/agenda/agendaexport.php @@ -178,7 +178,7 @@ if ($reshook < 0) { llxFooterVierge(); } elseif (empty($reshook)) { // Check exportkey - if (empty($_GET["exportkey"]) || getDolGlobalString('MAIN_AGENDA_XCAL_EXPORTKEY') != $_GET["exportkey"]) { + if (!GETPOST("exportkey") || getDolGlobalString('MAIN_AGENDA_XCAL_EXPORTKEY') != GETPOST("exportkey")) { $user->getrights(); top_httphead(); @@ -328,13 +328,13 @@ if ($format == 'rss') { $result = $agenda->build_exportfile($format, $type, $cachedelay, $filename, $filters, $exportholidays); if ($result >= 0) { $attachment = false; - if (isset($_GET["attachment"])) { - $attachment = $_GET["attachment"]; + if (GETPOSTISSET("attachment")) { + $attachment = GETPOST("attachment"); } //$attachment = false; $contenttype = 'application/rss+xml'; - if (isset($_GET["contenttype"])) { - $contenttype = $_GET["contenttype"]; + if (GETPOSTISSET("contenttype")) { + $contenttype = GETPOST("contenttype"); } //$contenttype='text/plain'; $outputencoding = 'UTF-8'; diff --git a/htdocs/public/eventorganization/subscriptionok.php b/htdocs/public/eventorganization/subscriptionok.php index e432909c0a2..fab5a6e70bf 100644 --- a/htdocs/public/eventorganization/subscriptionok.php +++ b/htdocs/public/eventorganization/subscriptionok.php @@ -42,7 +42,7 @@ if (!defined('NOBROWSERNOTIF')) { // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php -// TODO This should be useless. Because entity must be retrieve from object ref and not from url. +// Because 2 entities can have the same ref. $entity = (!empty($_GET['e']) ? (int) $_GET['e'] : (!empty($_POST['e']) ? (int) $_POST['e'] : 1)); if (is_numeric($entity)) { define("DOLENTITY", $entity); diff --git a/htdocs/public/members/new.php b/htdocs/public/members/new.php index b3c02132dde..6f4525031ea 100644 --- a/htdocs/public/members/new.php +++ b/htdocs/public/members/new.php @@ -53,6 +53,7 @@ if (!defined('NOBROWSERNOTIF')) { // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php +// Because 2 entities can have the same ref. $entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); if (is_numeric($entity)) { define("DOLENTITY", $entity); diff --git a/htdocs/public/members/public_card.php b/htdocs/public/members/public_card.php index ead24c23bd1..2862d9004b0 100644 --- a/htdocs/public/members/public_card.php +++ b/htdocs/public/members/public_card.php @@ -40,7 +40,7 @@ if (!defined('NOBROWSERNOTIF')) { // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php -// TODO This should be useless. Because entity must be retrieve from object ref and not from url. +// Because 2 entities can have the same ref. $entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); if (is_numeric($entity)) { define("DOLENTITY", $entity); diff --git a/htdocs/public/members/public_list.php b/htdocs/public/members/public_list.php index 1401d22b82a..1f2fcf4bac7 100644 --- a/htdocs/public/members/public_list.php +++ b/htdocs/public/members/public_list.php @@ -39,7 +39,7 @@ if (!defined('NOBROWSERNOTIF')) { // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php -// TODO This should be useless. Because entity must be retrieve from object ref and not from url. +// Because 2 entities can have the same ref. $entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); if (is_numeric($entity)) { define("DOLENTITY", $entity); diff --git a/htdocs/public/partnership/new.php b/htdocs/public/partnership/new.php index 4b1a1420fae..9a1db3d88cc 100644 --- a/htdocs/public/partnership/new.php +++ b/htdocs/public/partnership/new.php @@ -45,7 +45,7 @@ if (!defined('NOBROWSERNOTIF')) { // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php -// TODO This should be useless. Because entity must be retrieve from object ref and not from url. +// Because 2 entities can have the same ref. $entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); if (is_numeric($entity)) { define("DOLENTITY", $entity); diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index ad4b0d1bdd8..79623a7d393 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -51,6 +51,7 @@ if (!defined('NOBROWSERNOTIF')) { // For MultiCompany module. // Do not use GETPOST here, function is not defined and get of entity must be done before including main.inc.php +// Because 2 entities can have the same ref. $entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : (!empty($_GET['e']) ? (int) $_GET['e'] : (!empty($_POST['e']) ? (int) $_POST['e'] : 1)))); if (is_numeric($entity)) { define("DOLENTITY", $entity); diff --git a/htdocs/public/payment/paymentko.php b/htdocs/public/payment/paymentko.php index 4e1b3825ca2..dcb89788136 100644 --- a/htdocs/public/payment/paymentko.php +++ b/htdocs/public/payment/paymentko.php @@ -40,7 +40,7 @@ if (!defined('NOBROWSERNOTIF')) { // For MultiCompany module. // Do not use GETPOST here, function is not defined and this test must be done before including main.inc.php -// TODO This should be useless. Because entity must be retrieve from object ref and not from url. +// Because 2 entities can have the same ref. $entity = (!empty($_GET['e']) ? (int) $_GET['e'] : (!empty($_POST['e']) ? (int) $_POST['e'] : 1)); if (is_numeric($entity)) { define("DOLENTITY", $entity); diff --git a/htdocs/public/payment/paymentok.php b/htdocs/public/payment/paymentok.php index 4a6c958ba9a..87c49592c93 100644 --- a/htdocs/public/payment/paymentok.php +++ b/htdocs/public/payment/paymentok.php @@ -44,7 +44,7 @@ if (!defined('NOBROWSERNOTIF')) { // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php -// TODO This should be useless. Because entity must be retrieve from object ref and not from url. +// Because 2 entities can have the same ref. $entity = (!empty($_GET['e']) ? (int) $_GET['e'] : (!empty($_POST['e']) ? (int) $_POST['e'] : 1)); if (is_numeric($entity)) { define("DOLENTITY", $entity); diff --git a/htdocs/public/project/index.php b/htdocs/public/project/index.php index 60c91239254..c7a33c386df 100644 --- a/htdocs/public/project/index.php +++ b/htdocs/public/project/index.php @@ -36,6 +36,7 @@ if (!defined('NOBROWSERNOTIF')) { // For MultiCompany module. // Do not use GETPOST here, function is not defined and get of entity must be done before including main.inc.php +// Because 2 entities can have the same ref. $entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : (!empty($_GET['e']) ? (int) $_GET['e'] : (!empty($_POST['e']) ? (int) $_POST['e'] : 1)))); if (is_numeric($entity)) { define("DOLENTITY", $entity); diff --git a/htdocs/public/project/new.php b/htdocs/public/project/new.php index 284a6a5e93b..0b41a315145 100644 --- a/htdocs/public/project/new.php +++ b/htdocs/public/project/new.php @@ -44,6 +44,7 @@ if (!defined('NOBROWSERNOTIF')) { // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php +// Because 2 entities can have the same ref. $entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); if (is_numeric($entity)) { define("DOLENTITY", $entity); diff --git a/htdocs/public/project/suggestbooth.php b/htdocs/public/project/suggestbooth.php index 005122121be..d5abd931716 100644 --- a/htdocs/public/project/suggestbooth.php +++ b/htdocs/public/project/suggestbooth.php @@ -38,7 +38,7 @@ if (!defined('NOBROWSERNOTIF')) { // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php -// TODO This should be useless. Because entity must be retrieve from object ref and not from url. +// Because 2 entities can have the same ref. $entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); if (is_numeric($entity)) { define("DOLENTITY", $entity); diff --git a/htdocs/public/project/suggestconference.php b/htdocs/public/project/suggestconference.php index c92edcb7973..063c0508d20 100644 --- a/htdocs/public/project/suggestconference.php +++ b/htdocs/public/project/suggestconference.php @@ -38,7 +38,7 @@ if (!defined('NOBROWSERNOTIF')) { // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php -// TODO This should be useless. Because entity must be retrieve from object ref and not from url. +// Because 2 entities can have the same ref. $entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); if (is_numeric($entity)) { define("DOLENTITY", $entity); diff --git a/htdocs/public/project/viewandvote.php b/htdocs/public/project/viewandvote.php index 90b56165cc2..7c088fa7249 100644 --- a/htdocs/public/project/viewandvote.php +++ b/htdocs/public/project/viewandvote.php @@ -36,6 +36,7 @@ if (!defined('NOBROWSERNOTIF')) { // For MultiCompany module. // Do not use GETPOST here, function is not defined and get of entity must be done before including main.inc.php +// Because 2 entities can have the same ref. $entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : (!empty($_GET['e']) ? (int) $_GET['e'] : (!empty($_POST['e']) ? (int) $_POST['e'] : 1)))); if (is_numeric($entity)) { define("DOLENTITY", $entity); diff --git a/htdocs/public/stripe/ipn.php b/htdocs/public/stripe/ipn.php index ed8dac838c5..0285d408390 100644 --- a/htdocs/public/stripe/ipn.php +++ b/htdocs/public/stripe/ipn.php @@ -31,6 +31,7 @@ if (!defined('NOBROWSERNOTIF')) { define('NOBROWSERNOTIF', '1'); } +// Because 2 entities can have the same ref. $entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); if (is_numeric($entity)) { define("DOLENTITY", $entity); @@ -58,8 +59,8 @@ require_once DOL_DOCUMENT_ROOT.'/stripe/class/stripe.class.php'; // You can find your endpoint's secret in your webhook settings -if (isset($_GET['connect'])) { - if (isset($_GET['test'])) { +if (GETPOSTISSET('connect')) { + if (GETPOSTISSET('test')) { $endpoint_secret = getDolGlobalString('STRIPE_TEST_WEBHOOK_CONNECT_KEY'); $service = 'StripeTest'; $servicestatus = 0; @@ -69,7 +70,7 @@ if (isset($_GET['connect'])) { $servicestatus = 1; } } else { - if (isset($_GET['test'])) { + if (GETPOSTISSET('test')) { $endpoint_secret = getDolGlobalString('STRIPE_TEST_WEBHOOK_KEY'); $service = 'StripeTest'; $servicestatus = 0; diff --git a/htdocs/public/test/test_arrays.php b/htdocs/public/test/test_arrays.php index 838052dac5b..e14597b9eee 100644 --- a/htdocs/public/test/test_arrays.php +++ b/htdocs/public/test/test_arrays.php @@ -53,7 +53,7 @@ if (empty($usedolheader)) { - " /> + " /> diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index 1a482944772..f7c408c07ed 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -45,6 +45,7 @@ if (!defined('NOBROWSERNOTIF')) { // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php +// Because 2 entities can have the same ref. $entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); if (is_numeric($entity)) { define("DOLENTITY", $entity); diff --git a/htdocs/public/ticket/index.php b/htdocs/public/ticket/index.php index 64a70c95c0d..860a82ec0ff 100644 --- a/htdocs/public/ticket/index.php +++ b/htdocs/public/ticket/index.php @@ -40,6 +40,7 @@ if (!defined('NOBROWSERNOTIF')) { // For MultiCompany module // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php +// Because 2 entities can have the same ref. $entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); if (is_numeric($entity)) { define("DOLENTITY", $entity); diff --git a/htdocs/public/ticket/list.php b/htdocs/public/ticket/list.php index 1842af349b4..aa6687371a9 100644 --- a/htdocs/public/ticket/list.php +++ b/htdocs/public/ticket/list.php @@ -38,6 +38,7 @@ if (!defined('NOBROWSERNOTIF')) { // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php +// Because 2 entities can have the same ref. $entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); if (is_numeric($entity)) { define("DOLENTITY", $entity); diff --git a/htdocs/public/ticket/view.php b/htdocs/public/ticket/view.php index a966813ca05..60a3c512969 100644 --- a/htdocs/public/ticket/view.php +++ b/htdocs/public/ticket/view.php @@ -40,6 +40,7 @@ if (!defined('NOBROWSERNOTIF')) { // For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php +// Because 2 entities can have the same ref. $entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); if (is_numeric($entity)) { define("DOLENTITY", $entity); diff --git a/htdocs/reception/card.php b/htdocs/reception/card.php index 2d1da5c8336..1fceafab74e 100644 --- a/htdocs/reception/card.php +++ b/htdocs/reception/card.php @@ -450,7 +450,7 @@ if (empty($reshook)) { exit; } else { $db->rollback(); - $_GET["commande_id"] = GETPOSTINT('commande_id'); + //$_GET["commande_id"] = GETPOSTINT('commande_id'); $action = 'create'; } } elseif ($action == 'confirm_valid' && $confirm == 'yes' && $permissiontovalidate) { diff --git a/htdocs/reception/list.php b/htdocs/reception/list.php index 5721ff01232..73020077bc5 100644 --- a/htdocs/reception/list.php +++ b/htdocs/reception/list.php @@ -571,8 +571,8 @@ if (empty($reshook)) { $db->rollback(); $action = 'create'; - $_GET["origin"] = $_POST["origin"]; - $_GET["originid"] = $_POST["originid"]; + $_GET["origin"] = $_POST["origin"]; // Keep this ? + $_GET["originid"] = $_POST["originid"]; // Keep this ? setEventMessages($object->error, $errors, 'errors'); $error++; } diff --git a/htdocs/societe/ajax/company.php b/htdocs/societe/ajax/company.php index 7505ea18ece..e0c5e1fe42d 100644 --- a/htdocs/societe/ajax/company.php +++ b/htdocs/societe/ajax/company.php @@ -74,7 +74,6 @@ restrictedArea($user, 'societe', $object->id, '&societe'); top_httphead('application/json'); //print ''."\n"; -//print_r($_GET); if (!empty($action) && $action == 'fetch' && !empty($id)) { require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; diff --git a/htdocs/societe/canvas/actions_card_common.class.php b/htdocs/societe/canvas/actions_card_common.class.php index 5125bfdc389..42820ce8369 100644 --- a/htdocs/societe/canvas/actions_card_common.class.php +++ b/htdocs/societe/canvas/actions_card_common.class.php @@ -93,19 +93,19 @@ abstract class ActionsCardCommon $this->assign_post($action); } - if ($_GET["type"] == 'f') { + if (GETPOST("type") == 'f') { $this->object->fournisseur = 1; } - if ($_GET["type"] == 'c') { + if (GETPOST("type") == 'c') { $this->object->client = 1; } - if ($_GET["type"] == 'p') { + if (GETPOST("type") == 'p') { $this->object->client = 2; } - if ($_GET["type"] == 'cp') { + if (GETPOST("type") == 'cp') { $this->object->client = 3; } - if ($_REQUEST["private"] == 1) { + if (GETPOST("private") == 1) { $this->object->particulier = 1; } diff --git a/htdocs/takepos/admin/other.php b/htdocs/takepos/admin/other.php index 5e2af98b966..c8540ecb5e0 100644 --- a/htdocs/takepos/admin/other.php +++ b/htdocs/takepos/admin/other.php @@ -29,10 +29,10 @@ require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; require_once DOL_DOCUMENT_ROOT."/core/lib/takepos.lib.php"; // If socid provided by ajax company selector -if (!empty($_REQUEST['CASHDESK_ID_THIRDPARTY_id'])) { - $_GET['CASHDESK_ID_THIRDPARTY'] = GETPOST('CASHDESK_ID_THIRDPARTY_id', 'alpha'); - $_POST['CASHDESK_ID_THIRDPARTY'] = GETPOST('CASHDESK_ID_THIRDPARTY_id', 'alpha'); - $_REQUEST['CASHDESK_ID_THIRDPARTY'] = GETPOST('CASHDESK_ID_THIRDPARTY_id', 'alpha'); +if (GETPOST('CASHDESK_ID_THIRDPARTY_id', 'alpha')) { + $_GET['CASHDESK_ID_THIRDPARTY'] = GETPOST('CASHDESK_ID_THIRDPARTY_id', 'alpha'); // Keep this ? + $_POST['CASHDESK_ID_THIRDPARTY'] = GETPOST('CASHDESK_ID_THIRDPARTY_id', 'alpha'); // Keep this ? + $_REQUEST['CASHDESK_ID_THIRDPARTY'] = GETPOST('CASHDESK_ID_THIRDPARTY_id', 'alpha'); // Keep this ? } // Security check diff --git a/htdocs/takepos/admin/printqr.php b/htdocs/takepos/admin/printqr.php index 8d6a27faff0..4e130ff18cc 100644 --- a/htdocs/takepos/admin/printqr.php +++ b/htdocs/takepos/admin/printqr.php @@ -33,7 +33,7 @@ $langs->load("cashdesk"); $id = GETPOSTINT('id'); -$_GET['optioncss'] = "print"; +//$_GET['optioncss'] = "print"; print '
'; diff --git a/htdocs/takepos/admin/setup.php b/htdocs/takepos/admin/setup.php index 453d0115797..c94a0cc1db9 100644 --- a/htdocs/takepos/admin/setup.php +++ b/htdocs/takepos/admin/setup.php @@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT."/core/lib/takepos.lib.php"; require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; // If socid provided by ajax company selector -if (!empty($_REQUEST['CASHDESK_ID_THIRDPARTY_id'])) { +if (GETPOST('CASHDESK_ID_THIRDPARTY_id', 'alpha')) { $_GET['CASHDESK_ID_THIRDPARTY'] = GETPOST('CASHDESK_ID_THIRDPARTY_id', 'alpha'); $_POST['CASHDESK_ID_THIRDPARTY'] = GETPOST('CASHDESK_ID_THIRDPARTY_id', 'alpha'); $_REQUEST['CASHDESK_ID_THIRDPARTY'] = GETPOST('CASHDESK_ID_THIRDPARTY_id', 'alpha'); diff --git a/htdocs/takepos/admin/terminal.php b/htdocs/takepos/admin/terminal.php index f417c2a9988..b6b2b2857b7 100644 --- a/htdocs/takepos/admin/terminal.php +++ b/htdocs/takepos/admin/terminal.php @@ -35,7 +35,7 @@ require_once DOL_DOCUMENT_ROOT.'/stripe/class/stripe.class.php'; $terminal = GETPOSTINT('terminal'); // If socid provided by ajax company selector -if (!empty($_REQUEST['CASHDESK_ID_THIRDPARTY'.$terminal.'_id'])) { +if (GETPOST('CASHDESK_ID_THIRDPARTY'.$terminal.'_id', 'alpha')) { $_GET['CASHDESK_ID_THIRDPARTY'.$terminal] = GETPOST('CASHDESK_ID_THIRDPARTY'.$terminal.'_id', 'alpha'); $_POST['CASHDESK_ID_THIRDPARTY'.$terminal] = GETPOST('CASHDESK_ID_THIRDPARTY'.$terminal.'_id', 'alpha'); $_REQUEST['CASHDESK_ID_THIRDPARTY'.$terminal] = GETPOST('CASHDESK_ID_THIRDPARTY'.$terminal.'_id', 'alpha'); diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index b6433a6eac8..b042a7908c4 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -107,9 +107,9 @@ if (!$sortorder) { $sortorder = "DESC"; } -if (GETPOST('search_fk_status', 'alpha') == 'non_closed') { +/*if (GETPOST('search_fk_status', 'alpha') == 'non_closed') { $_GET['search_fk_statut'][] = 'openall'; // For backward compatibility -} +}*/ // Initialize array of search criteria $search_all = (GETPOSTISSET("search_all") ? GETPOST("search_all", 'alpha') : GETPOST('sall')); diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index c5b582cc254..6daec2a1569 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -55,6 +55,7 @@ if (!defined('NOREQUIREAJAX')) { // Some value of modulepart can be used to get resources that are public so no login are required. // Note that only directory logo is free to access without login. $needlogin = 1; +// Keep $_GET here, GETPOST is not available yet if (isset($_GET["modulepart"])) { // Some value of modulepart can be used to get resources that are public so no login are required. @@ -129,9 +130,9 @@ require 'main.inc.php'; // Load $user and permissions require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $action = GETPOST('action', 'aZ09'); -$original_file = GETPOST('file', 'alphanohtml'); // Do not use urldecode here ($_GET are already decoded by PHP). -$hashp = GETPOST('hashp', 'aZ09', 1); // Must be read only by GET -$modulepart = GETPOST('modulepart', 'alpha', 1); // Must be read only by GET +$original_file = GETPOST('file', 'alphanohtml'); +$hashp = GETPOST('hashp', 'aZ09', 1); +$modulepart = GETPOST('modulepart', 'alpha', 1); $urlsource = GETPOST('urlsource', 'alpha'); $entity = (GETPOSTINT('entity') ? GETPOSTINT('entity') : $conf->entity); diff --git a/htdocs/webportal/controllers/document.controller.class.php b/htdocs/webportal/controllers/document.controller.class.php index d09b4dc5fb2..cf457c63ecf 100644 --- a/htdocs/webportal/controllers/document.controller.class.php +++ b/htdocs/webportal/controllers/document.controller.class.php @@ -110,7 +110,7 @@ class DocumentController extends Controller if (preg_match('/\.(html|htm)$/i', $original_file)) { $attachment = false; } - if (isset($_GET["attachment"])) { + if (GETPOSTISSET("attachment")) { $attachment = GETPOST("attachment", 'alpha') ? true : false; } if (getDolGlobalString('MAIN_DISABLE_FORCE_SAVEAS')) { diff --git a/htdocs/website/samples/wrapper.php b/htdocs/website/samples/wrapper.php index e6f78442c1e..4e39f2bbbaa 100644 --- a/htdocs/website/samples/wrapper.php +++ b/htdocs/website/samples/wrapper.php @@ -62,7 +62,7 @@ $attachment = true; if (preg_match('/\.(html|htm)$/i', $original_file)) { $attachment = false; } -if (isset($_GET["attachment"])) { +if (GETPOSTISSET("attachment")) { $attachment = (GETPOST("attachment", 'alphanohtml') ? true : false); } if (getDolGlobalString('MAIN_DISABLE_FORCE_SAVEAS_WEBSITE')) { @@ -183,13 +183,13 @@ if ($rss) { if ($result >= 0) { $attachment = false; - if (isset($_GET["attachment"])) { - $attachment = $_GET["attachment"]; + if (GETPOSTISSET("attachment")) { + $attachment = GETPOST("attachment"); } //$attachment = false; $contenttype = 'application/rss+xml'; - if (isset($_GET["contenttype"])) { - $contenttype = $_GET["contenttype"]; + if (GETPOSTISSET("contenttype")) { + $contenttype = GETPOST("contenttype"); } //$contenttype='text/plain'; $outputencoding = 'UTF-8';