Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix bad parameter for GETPOST

Browse Source
This commit is contained in:
Laurent Destailleur 2024-02-26 15:02:39 +01:00
parent 1141cdca18
commit fa2cfb97b1
16 changed files with 28 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/admin/mails.php
View File

@ -99,10 +99,10 @@ if ($action == 'update' && !$cancel) {
dolibarr_set_const($db, "MAIN_MAIL_SMTPS_PW", GETPOST("MAIN_MAIL_SMTPS_PW", 'none'), 'chaine', 0, '', $conf->entity);
}
if (GETPOSTISSET("MAIN_MAIL_SMTPS_AUTH_TYPE")) {
dolibarr_set_const($db, "MAIN_MAIL_SMTPS_AUTH_TYPE", GETPOST("MAIN_MAIL_SMTPS_AUTH_TYPE", 'chaine'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_SMTPS_AUTH_TYPE", GETPOST("MAIN_MAIL_SMTPS_AUTH_TYPE", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
}
if (GETPOSTISSET("MAIN_MAIL_SMTPS_OAUTH_SERVICE")) {
dolibarr_set_const($db, "MAIN_MAIL_SMTPS_OAUTH_SERVICE", GETPOST("MAIN_MAIL_SMTPS_OAUTH_SERVICE", 'chaine'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_SMTPS_OAUTH_SERVICE", GETPOST("MAIN_MAIL_SMTPS_OAUTH_SERVICE", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
}
dolibarr_set_const($db, "MAIN_MAIL_EMAIL_TLS", GETPOST("MAIN_MAIL_EMAIL_TLS", 'int'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_EMAIL_STARTTLS", GETPOST("MAIN_MAIL_EMAIL_STARTTLS", 'int'), 'chaine', 0, '', $conf->entity);

4
htdocs/admin/mails_emailing.php
View File

@ -88,10 +88,10 @@ if ($action == 'update' && !$cancel) {
dolibarr_set_const($db, "MAIN_MAIL_SMTPS_PW_EMAILING", GETPOST("MAIN_MAIL_SMTPS_PW_EMAILING", 'none'), 'chaine', 0, '', $conf->entity);
}
if (GETPOSTISSET("MAIN_MAIL_SMTPS_AUTH_TYPE_EMAILING")) {
dolibarr_set_const($db, "MAIN_MAIL_SMTPS_AUTH_TYPE_EMAILING", GETPOST("MAIN_MAIL_SMTPS_AUTH_TYPE_EMAILING", 'chaine'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_SMTPS_AUTH_TYPE_EMAILING", GETPOST("MAIN_MAIL_SMTPS_AUTH_TYPE_EMAILING", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
}
if (GETPOSTISSET("MAIN_MAIL_SMTPS_OAUTH_SERVICE_EMAILING")) {
dolibarr_set_const($db, "MAIN_MAIL_SMTPS_OAUTH_SERVICE_EMAILING", GETPOST("MAIN_MAIL_SMTPS_OAUTH_SERVICE_EMAILING", 'chaine'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_SMTPS_OAUTH_SERVICE_EMAILING", GETPOST("MAIN_MAIL_SMTPS_OAUTH_SERVICE_EMAILING", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
}
dolibarr_set_const($db, "MAIN_MAIL_EMAIL_TLS_EMAILING", GETPOST("MAIN_MAIL_EMAIL_TLS_EMAILING"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_EMAIL_STARTTLS_EMAILING", GETPOST("MAIN_MAIL_EMAIL_STARTTLS_EMAILING"), 'chaine', 0, '', $conf->entity);

8
htdocs/admin/mails_ticket.php
View File

@ -86,10 +86,10 @@ if ($action == 'update' && !$cancel) {
dolibarr_set_const($db, "MAIN_MAIL_SMTPS_PW_TICKET", GETPOST("MAIN_MAIL_SMTPS_PW_TICKET", 'none'), 'chaine', 0, '', $conf->entity);
}
if (GETPOSTISSET("MAIN_MAIL_SMTPS_AUTH_TYPE_TICKET")) {
dolibarr_set_const($db, "MAIN_MAIL_SMTPS_AUTH_TYPE_TICKET", GETPOST("MAIN_MAIL_SMTPS_AUTH_TYPE_TICKET", 'chaine'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_SMTPS_AUTH_TYPE_TICKET", GETPOST("MAIN_MAIL_SMTPS_AUTH_TYPE_TICKET", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
}
if (GETPOSTISSET("MAIN_MAIL_SMTPS_OAUTH_SERVICE_TICKET")) {
dolibarr_set_const($db, "MAIN_MAIL_SMTPS_OAUTH_SERVICE_TICKET", GETPOST("MAIN_MAIL_SMTPS_OAUTH_SERVICE_TICKET", 'chaine'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_SMTPS_OAUTH_SERVICE_TICKET", GETPOST("MAIN_MAIL_SMTPS_OAUTH_SERVICE_TICKET", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
}
dolibarr_set_const($db, "MAIN_MAIL_EMAIL_TLS_TICKET", GETPOST("MAIN_MAIL_EMAIL_TLS_TICKET"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_EMAIL_STARTTLS_TICKET", GETPOST("MAIN_MAIL_EMAIL_STARTTLS_TICKET"), 'chaine', 0, '', $conf->entity);
@ -672,8 +672,8 @@ if ($action == 'edit') {
// Cree l'objet formulaire mail
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
$formmail = new FormMail($db);
$formmail->fromname = (GETPOSTISSET('fromname') ? GETPOST('fromname', 'restricthtml') : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->frommail = (GETPOSTISSET('frommail') ? GETPOST('frommail', 'restricthtml') : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->fromname = (GETPOSTISSET('fromname') ? GETPOST('fromname', 'restricthtml') : getDolGlobalString('MAIN_MAIL_EMAIL_FROM'));
$formmail->frommail = (GETPOSTISSET('frommail') ? GETPOST('frommail', 'restricthtml') : getDolGlobalString('MAIN_MAIL_EMAIL_FROM'));
$formmail->trackid = (($action == 'testhtml') ? "testhtml" : "test");
$formmail->fromid = $user->id;
$formmail->fromalsorobot = 1;

2
htdocs/admin/menus/edit.php
View File

@ -362,7 +362,7 @@ if ($action == 'create') {
// Picto
print '<tr><td class="fieldrequired">'.$langs->trans('Image').'</td>';
print '<td><input type="text" class="minwidth300" name="picto" value="'.dol_escape_htmltag(GETPOST("picto", 'alphanohtmlallowclass')).'"></td><td>'.$langs->trans('Example').': fa-global</td></tr>';
print '<td><input type="text" class="minwidth300" name="picto" value="'.dol_escape_htmltag(GETPOST("picto", 'alphanohtml')).'"></td><td>'.$langs->trans('Example').': fa-global</td></tr>';
// URL
print '<tr><td class="fieldrequired">'.$langs->trans('URL').'</td>';

4
htdocs/comm/propal/stats/index.php
View File

@ -41,8 +41,8 @@ $HEIGHT = DolGraph::getDefaultGraphSizeForStats('height');
$mode = GETPOSTISSET("mode") ? GETPOST("mode", 'aZ09') : 'customer';
$object_status = GETPOST('object_status', 'intcomma');
$typent_id = GETPOST('typent_id', 'int');
$categ_id = GETPOST('categ_id', 'categ_id');
$typent_id = GETPOSTINT('typent_id');
$categ_id = GETPOSTINT('categ_id');
$userid = GETPOST('userid', 'int');
$socid = GETPOST('socid', 'int');

4
htdocs/commande/stats/index.php
View File

@ -62,8 +62,8 @@ if ($mode == 'supplier') {
}
$typent_id = GETPOST('typent_id', 'int');
$categ_id = GETPOST('categ_id', 'categ_id');
$typent_id = GETPOSTINT('typent_id');
$categ_id = GETPOSTINT('categ_id');
$userid = GETPOST('userid', 'int');
$socid = GETPOST('socid', 'int');

4
htdocs/compta/facture/card.php
View File

@ -442,13 +442,13 @@ if (empty($reshook)) {
}
} elseif ($action == 'setretainedwarranty' && $user->hasRight('facture', 'creer')) {
$object->fetch($id);
$result = $object->setRetainedWarranty(GETPOST('retained_warranty', 'float'));
$result = $object->setRetainedWarranty(GETPOSTFLOAT('retained_warranty'));
if ($result < 0) {
dol_print_error($db, $object->error);
}
} elseif ($action == 'setretainedwarrantydatelimit' && $user->hasRight('facture', 'creer')) {
$object->fetch($id);
$result = $object->setRetainedWarrantyDateLimit(GETPOST('retained_warranty_date_limit', 'float'));
$result = $object->setRetainedWarrantyDateLimit(GETPOSTFLOAT('retained_warranty_date_limit'));
if ($result < 0) {
dol_print_error($db, $object->error);
}

4
htdocs/compta/facture/stats/index.php
View File

@ -52,8 +52,8 @@ if ($mode == 'supplier' && !$user->hasRight('fournisseur', 'facture', 'lire')) {
}
$object_status = GETPOST('object_status', 'intcomma');
$typent_id = GETPOST('typent_id', 'int');
$categ_id = GETPOST('categ_id', 'categ_id');
$typent_id = GETPOSTINT('typent_id');
$categ_id = GETPOSTINT('categ_id');
$userid = GETPOST('userid', 'int');
$socid = GETPOST('socid', 'int');

2
htdocs/core/actions_massactions.inc.php
View File

@ -1684,7 +1684,7 @@ if (!$error && ($massaction == 'increaseholiday' || ($action == 'increaseholiday
$objecttmp = new $objectclass($db);
$nbok = 0;
$typeholiday = GETPOST('typeholiday', 'alpha');
$nbdaysholidays = GETPOST('nbdaysholidays', 'double');
$nbdaysholidays = GETPOSTFLOAT('nbdaysholidays'); // May be 1.5
if ($nbdaysholidays <= 0) {
setEventMessages($langs->trans("WrongAmount"), "", 'errors');

2
htdocs/core/modules/commande/doc/pdf_einstein.modules.php
View File

@ -217,7 +217,7 @@ class pdf_einstein extends ModelePDFCommandes
// Possibility to use suffix for proforma
$suffix = '';
if (getDolGlobalString('PROFORMA_PDF_WITH_SUFFIX')) {
$suffix = (GETPOST('model', 2)=='proforma') ? $conf->global->PROFORMA_PDF_WITH_SUFFIX : '';
$suffix = (GETPOST('model') == 'proforma') ? $conf->global->PROFORMA_PDF_WITH_SUFFIX : '';
$suffix = dol_sanitizeFileName($suffix);
}

2
htdocs/modulebuilder/admin/setup.php
View File

@ -45,7 +45,7 @@ if ($action == "update") {
$res4 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_EDITOR_NAME', GETPOST('MODULEBUILDER_SPECIFIC_EDITOR_NAME', 'alphanohtml'), 'chaine', 0, '', $conf->entity);
$res5 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_EDITOR_URL', GETPOST('MODULEBUILDER_SPECIFIC_EDITOR_URL', 'alphanohtml'), 'chaine', 0, '', $conf->entity);
$res6 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_FAMILY', GETPOST('MODULEBUILDER_SPECIFIC_FAMILY', 'alphanohtml'), 'chaine', 0, '', $conf->entity);
$res7 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_AUTHOR', GETPOST('MODULEBUILDER_SPECIFIC_AUTHOR', 'html'), 'chaine', 0, '', $conf->entity);
$res7 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_AUTHOR', GETPOST('MODULEBUILDER_SPECIFIC_AUTHOR', 'restricthtml'), 'chaine', 0, '', $conf->entity);
$res8 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_VERSION', GETPOST('MODULEBUILDER_SPECIFIC_VERSION', 'alphanohtml'), 'chaine', 0, '', $conf->entity);
if ($res1 < 0 || $res2 < 0 || $res3 < 0 || $res4 < 0 || $res5 < 0 || $res6 < 0 || $res7 < 0 || $res8 < 0) {
setEventMessages('ErrorFailedToSaveDate', null, 'errors');

2
htdocs/mrp/mo_card.php
View File

@ -203,7 +203,7 @@ if (empty($reshook)) {
}
$error = 0;
$deleteChilds = GETPOST('deletechilds', 'boolean');
$deleteChilds = GETPOST('deletechilds', 'aZ');
// Start the database transaction
$db->begin();

2
htdocs/projet/tasks/time.php
View File

@ -425,7 +425,7 @@ if ($action == 'confirm_generateinvoice') {
$db->begin();
$idprod = GETPOST('productid', 'int');
$generateinvoicemode = GETPOST('generateinvoicemode', 'string');
$generateinvoicemode = GETPOST('generateinvoicemode', 'alphanohtml');
$invoiceToUse = GETPOST('invoiceid', 'int');
$prodDurationHoursBase = 1.0;

2
htdocs/reception/card.php
View File

@ -414,7 +414,7 @@ if (empty($reshook)) {
$sellbydate = str_replace('/', '-', $sellby);
if (getDolGlobalString('STOCK_CALCULATE_ON_RECEPTION') || getDolGlobalString('STOCK_CALCULATE_ON_RECEPTION_CLOSE')) {
$ret = $object->addline($entrepot_id, GETPOST($idl, 'int'), GETPOST($qty, 'int'), $array_options[$i], GETPOST($comment, 'alpha'), strtotime($eatbydate), strtotime($sellbydate), GETPOST($batch, 'alpha'), price2num(GETPOST($cost_price, 'double'), 'MU'));
$ret = $object->addline($entrepot_id, GETPOST($idl, 'int'), GETPOST($qty, 'int'), $array_options[$i], GETPOST($comment, 'alpha'), strtotime($eatbydate), strtotime($sellbydate), GETPOST($batch, 'alpha'), GETPOSTFLOAT($cost_price, 'MU'));
} else {
$ret = $object->addline($entrepot_id, GETPOST($idl, 'int'), GETPOST($qty, 'int'), $array_options[$i], GETPOST($comment, 'alpha'), strtotime($eatbydate), strtotime($sellbydate), GETPOST($batch, 'alpha'));
}

6
htdocs/webportal/class/controller.class.php
View File

@ -164,11 +164,11 @@ class Controller
}
/**
* Load a template
* Load a template .tpl file
*
* @param string $templateName Template name
* @param string $templateName Template file name (without the .tpl.php)
* @param mixed $vars Data to transmit to template
* @return bool True if template found, else false
* @return bool True if template found, else false
*/
public function loadTemplate($templateName, $vars = false)
{

2
htdocs/webportal/controllers/document.controller.class.php
View File

@ -95,9 +95,11 @@ class DocumentController extends Controller
// Security check
if (empty($modulepart)) {
httponly_accessforbidden('Bad link. Bad value for parameter modulepart', 400);
exit;
}
if (empty($original_file)) {
httponly_accessforbidden('Bad link. Missing identification to find file (original_file)', 400);
exit;
}
// get original file