36 changes: 18 additions & 18 deletions htdocs/societe/societe.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
* Copyright (C) 2004-2013 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2012 Regis Houssin <regis.houssin@capnetworks.com>
* Copyright (C) 2012 Marcos García <marcosgdf@gmail.com>
* Copyright (C) 2013 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
* Copyright (C) 2013-2015 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
Expand Down Expand Up @@ -210,12 +210,12 @@
// Insert sale filter
if ($search_sale)
{
$sql .= " AND sc.fk_user = ".$search_sale;
$sql .= " AND sc.fk_user = ".$db->escape($search_sale);
}
// Insert categ filter
if ($search_categ)
{
$sql .= " AND cs.fk_categorie = ".$search_categ;
$sql .= " AND cs.fk_categorie = ".$db->escape($search_categ);
}
if ($search_nom_only)
{
Expand Down Expand Up @@ -272,12 +272,12 @@
$num = $db->num_rows($resql);
$i = 0;

$params = "&amp;socname=".$socname."&amp;search_nom=".$search_nom."&amp;search_town=".$search_town;
$params.= ($sbarcode?"&amp;sbarcode=".$sbarcode:"");
$params.= '&amp;search_idprof1='.$search_idprof1;
$params.= '&amp;search_idprof2='.$search_idprof2;
$params.= '&amp;search_idprof3='.$search_idprof3;
$params.= '&amp;search_idprof4='.$search_idprof4;
$params = "&amp;socname=".htmlspecialchars($socname)."&amp;search_nom=".htmlspecialchars($search_nom)."&amp;search_town=".htmlspecialchars($search_town);
$params.= ($sbarcode?"&amp;sbarcode=".htmlspecialchars($sbarcode):"");
$params.= '&amp;search_idprof1='.htmlspecialchars($search_idprof1);
$params.= '&amp;search_idprof2='.htmlspecialchars($search_idprof2);
$params.= '&amp;search_idprof3='.htmlspecialchars($search_idprof3);
$params.= '&amp;search_idprof4='.htmlspecialchars($search_idprof4);

print_barre_liste($title, $page, $_SERVER["PHP_SELF"],$params,$sortfield,$sortorder,'',$num,$nbtotalofrecords);

Expand Down Expand Up @@ -348,34 +348,34 @@
print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
if (! empty($search_nom_only) && empty($search_nom)) $search_nom=$search_nom_only;
print '<input class="flat" type="text" name="search_nom" value="'.$search_nom.'">';
print '<input class="flat" type="text" name="search_nom" value="'.htmlspecialchars($search_nom).'">';
print '</td>';
// Barcode
if (! empty($conf->barcode->enabled))
{
print '<td class="liste_titre">';
print '<input class="flat" type="text" name="sbarcode" size="6" value="'.$sbarcode.'">';
print '</td>';
print '<td class="liste_titre">';
print '<input class="flat" type="text" name="sbarcode" size="6" value="'.htmlspecialchars($sbarcode).'">';
print '</td>';
}
// Town
print '<td class="liste_titre">';
print '<input class="flat" size="10" type="text" name="search_town" value="'.$search_town.'">';
print '<input class="flat" size="10" type="text" name="search_town" value="'.htmlspecialchars($search_town).'">';
print '</td>';
// IdProf1
print '<td class="liste_titre">';
print '<input class="flat" size="4" type="text" name="search_idprof1" value="'.$search_idprof1.'">';
print '<input class="flat" size="4" type="text" name="search_idprof1" value="'.htmlspecialchars($search_idprof1).'">';
print '</td>';
// IdProf2
print '<td class="liste_titre">';
print '<input class="flat" size="4" type="text" name="search_idprof2" value="'.$search_idprof2.'">';
print '<input class="flat" size="4" type="text" name="search_idprof2" value="'.htmlspecialchars($search_idprof2).'">';
print '</td>';
// IdProf3
print '<td class="liste_titre">';
print '<input class="flat" size="4" type="text" name="search_idprof3" value="'.$search_idprof3.'">';
print '<input class="flat" size="4" type="text" name="search_idprof3" value="'.htmlspecialchars($search_idprof3).'">';
print '</td>';
// IdProf4
print '<td class="liste_titre">';
print '<input class="flat" size="4" type="text" name="search_idprof4" value="'.$search_idprof4.'">';
print '<input class="flat" size="4" type="text" name="search_idprof4" value="'.htmlspecialchars($search_idprof4).'">';
print '</td>';
// Type (customer/prospect/supplier)
print '<td class="liste_titre" align="middle">';
Expand Down