Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge branch 'develop' of ssh://git@github.com/Dolibarr/dolibarr.git …

…into develop
  • Loading branch information...
commit 3659191d83578f17d6ac570d8dfe6cb04f3bf548 2 parents ec542f5 + b204ad5
@eldy eldy authored
View
14 htdocs/admin/commande.php
@@ -47,8 +47,8 @@
if ($action == 'updateMask')
{
- $maskconstorder=GETPOST("maskconstorder");
- $maskorder=GETPOST("maskorder");
+ $maskconstorder=GETPOST('maskconstorder','alpha');
+ $maskorder=GETPOST('maskorder','alpha');
if ($maskconstorder) $res = dolibarr_set_const($db,$maskconstorder,$maskorder,'chaine',0,'',$conf->entity);
@@ -66,7 +66,7 @@
if ($action == 'specimen')
{
- $modele=GETPOST("module");
+ $modele=GETPOST('module','alpha');
$commande = new Commande($db);
$commande->initAsSpecimen();
@@ -111,8 +111,8 @@
if ($action == 'set')
{
- $label = GETPOST("label");
- $scandir = GETPOST("scandir");
+ $label = GETPOST('label','alpha');
+ $scandir = GETPOST('scandir','alpha');
$type='order';
$sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
@@ -142,8 +142,8 @@
if ($action == 'setdoc')
{
- $label = GETPOST("label");
- $scandir = GETPOST("scandir");
+ $label = GETPOST('label','alpha');
+ $scandir = GETPOST('scandir','alpha');
$db->begin();
View
4 htdocs/admin/confexped.php
@@ -2,7 +2,7 @@
/* Copyright (C) 2004-2010 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2006 Andre Cianfarani <acianfa@free.fr>
- * Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
+ * Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -34,7 +34,7 @@
if (!$user->admin)
accessforbidden();
-$action=GETPOST("action");
+$action=GETPOST('action','alpha');
// Shipment note
if ($action == 'activate_sending')
View
10 htdocs/admin/contract.php
@@ -1,5 +1,5 @@
<?php
-/* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
+/* Copyright (C) 2011-2012 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -30,8 +30,8 @@
if (!$user->admin) accessforbidden();
-$action = GETPOST("action");
-$value = GETPOST("value");
+$action = GETPOST('action','alpha');
+$value = GETPOST('value','alpha');
if (empty($conf->global->CONTRACT_ADDON))
{
@@ -45,8 +45,8 @@
if ($action == 'updateMask')
{
- $maskconst=$_POST['maskconstcontract'];
- $maskvalue=$_POST['maskcontract'];
+ $maskconst = GETPOST('maskconstcontract','alpha');
+ $maskvalue = GETPOST('maskcontract','alpha');
if ($maskconst) $res = dolibarr_set_const($db,$maskconst,$maskvalue,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;
View
32 htdocs/admin/expedition.php
@@ -5,7 +5,7 @@
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
* Copyright (C) 2004 Eric Seigne <eric.seigne@ryxeo.com>
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
- * Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
+ * Copyright (C) 2011-2012 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -37,8 +37,8 @@
if (!$user->admin) accessforbidden();
-$action=GETPOST("action");
-$value=GETPOST("value");
+$action=GETPOST('action','alpha');
+$value=GETPOST('value','alpha');
if (empty($conf->global->EXPEDITION_ADDON_NUMBER))
{
@@ -51,7 +51,7 @@
*/
if ($action == 'specimen')
{
- $modele=GETPOST("module");
+ $modele=GETPOST('module','alpha');
$exp = new Expedition($db);
$exp->initAsSpecimen();
@@ -89,8 +89,8 @@
// Activate a model
if ($action == 'set')
{
- $label = GETPOST("label");
- $scandir = GETPOST("scandir");
+ $label = GETPOST('label','alpha');
+ $scandir = GETPOST('scandir','alpha');
$type='shipping';
$sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
@@ -121,8 +121,8 @@
// Set default model
if ($action == 'setdoc')
{
- $label = GETPOST("label");
- $scandir = GETPOST("scandir");
+ $label = GETPOST('label','alpha');
+ $scandir = GETPOST('scandir','alpha');
$db->begin();
@@ -158,9 +158,9 @@
// TODO A quoi servent les methode d'expedition ?
if ($action == 'setmethod' || $action== 'setmod')
{
- $module=GETPOST("module");
- $moduleid=GETPOST("moduleid");
- $statut=GETPOST("statut");
+ $module=GETPOST('module','alpha');
+ $moduleid=GETPOST('moduleid','alpha');
+ $statut=GETPOST('statut','alpha');
require_once(DOL_DOCUMENT_ROOT."/core/modules/expedition/methode_expedition_$module.modules.php");
@@ -231,7 +231,7 @@
// TODO Verifier si module numerotation choisi peut etre active
// par appel methode canBeActivated
- $module=GETPOST("module");
+ $module=GETPOST('module','alpha');
dolibarr_set_const($db, "EXPEDITION_ADDON",$module,'chaine',0,'',$conf->entity);
@@ -239,8 +239,8 @@
if ($action == 'updateMask')
{
- $maskconst=GETPOST("maskconstexpedition");
- $maskvalue=GETPOST("maskexpedition");
+ $maskconst=GETPOST('maskconstexpedition','alpha');
+ $maskvalue=GETPOST('maskexpedition','alpha');
if ($maskconst) $res = dolibarr_set_const($db,$maskconst,$maskvalue,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;
@@ -262,7 +262,7 @@
if ($action == 'set_SHIPPING_DRAFT_WATERMARK')
{
- $draft=GETPOST("SHIPPING_DRAFT_WATERMARK");
+ $draft=GETPOST('SHIPPING_DRAFT_WATERMARK','alpha');
$res = dolibarr_set_const($db, "SHIPPING_DRAFT_WATERMARK",trim($draft),'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;
@@ -279,7 +279,7 @@
if ($action == 'set_SHIPPING_FREE_TEXT')
{
- $free=GETPOST("SHIPPING_FREE_TEXT");
+ $free=GETPOST('SHIPPING_FREE_TEXT','alpha');
$res = dolibarr_set_const($db, "SHIPPING_FREE_TEXT",$free,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;
View
24 htdocs/admin/fichinter.php
@@ -5,7 +5,7 @@
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2008 Raphael Bertrand (Resultic) <raphael.bertrand@resultic.fr>
- * Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
+ * Copyright (C) 2011-2012 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2011-2012 Philippe Grand <philippe.grand@atoo-net.com>
*
* This program is free software; you can redistribute it and/or modify
@@ -39,8 +39,8 @@
if (!$user->admin)
accessforbidden();
-$action = GETPOST("action");
-$value = GETPOST("value");
+$action = GETPOST('action','alpha');
+$value = GETPOST('value','alpha');
/*
@@ -48,8 +48,8 @@
*/
if ($action == 'updateMask')
{
- $maskconst=GETPOST("maskconst");
- $maskvalue=GETPOST("maskvalue");
+ $maskconst=GETPOST('maskconst','alpha');
+ $maskvalue=GETPOST('maskvalue','alpha');
if ($maskconst) $res = dolibarr_set_const($db,$maskconst,$maskvalue,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;
@@ -66,7 +66,7 @@
if ($action == 'set_FICHINTER_FREE_TEXT')
{
- $freetext= GETPOST("FICHINTER_FREE_TEXT");
+ $freetext= GETPOST('FICHINTER_FREE_TEXT','alpha');
$res = dolibarr_set_const($db, "FICHINTER_FREE_TEXT",$freetext,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;
@@ -83,7 +83,7 @@
if ($action == 'set_FICHINTER_DRAFT_WATERMARK')
{
- $draft= GETPOST("FICHINTER_DRAFT_WATERMARK");
+ $draft= GETPOST('FICHINTER_DRAFT_WATERMARK','alpha');
$res = dolibarr_set_const($db, "FICHINTER_DRAFT_WATERMARK",trim($draft),'chaine',0,'',$conf->entity);
@@ -101,7 +101,7 @@
if ($action == 'specimen')
{
- $modele=$_GET["module"];
+ $modele= GETPOST('module','alpha');
$inter = new Fichinter($db);
$inter->initAsSpecimen();
@@ -146,8 +146,8 @@
if ($action == 'set')
{
- $label = GETPOST("label");
- $scandir = GETPOST("scandir");
+ $label = GETPOST('label','alpha');
+ $scandir = GETPOST('scandir','alpha');
$type='ficheinter';
$sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
@@ -177,8 +177,8 @@
if ($action == 'setdoc')
{
- $label = GETPOST("label");
- $scandir = GETPOST("scandir");
+ $label = GETPOST('label','alpha');
+ $scandir = GETPOST('scandir','alpha');
$db->begin();
View
22 htdocs/admin/livraison.php
@@ -5,7 +5,7 @@
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
* Copyright (C) 2004 Eric Seigne <eric.seigne@ryxeo.com>
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
- * Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
+ * Copyright (C) 2011-2012 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -36,8 +36,8 @@
if (!$user->admin) accessforbidden();
-$action = GETPOST("action");
-$value = GETPOST("value");
+$action = GETPOST('action','alpha');
+$value = GETPOST('value','alpha');
/*
* Actions
@@ -45,8 +45,8 @@
if ($action == 'updateMask')
{
- $maskconstdelivery=GETPOST("maskconstdelivery");
- $maskdelivery=GETPOST("maskdelivery");
+ $maskconstdelivery=GETPOST('maskconstdelivery','alpha');
+ $maskdelivery=GETPOST('maskdelivery','alpha');
if ($maskconstdelivery) $res = dolibarr_set_const($db,$maskconstdelivery,$maskdelivery,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;
@@ -63,7 +63,7 @@
if ($action == 'specimen')
{
- $modele=GETPOST("module");
+ $modele=GETPOST('module','alpha');
$sending = new Livraison($db);
$sending->initAsSpecimen();
@@ -99,8 +99,8 @@
if ($action == 'set')
{
- $label = GETPOST("label");
- $scandir = GETPOST("scandir");
+ $label = GETPOST('label','alpha');
+ $scandir = GETPOST('scandir','alpha');
$type='delivery';
$sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
@@ -127,8 +127,8 @@
if ($action == 'setdoc')
{
- $label = GETPOST("label");
- $scandir = GETPOST("scandir");
+ $label = GETPOST('label','alpha');
+ $scandir = GETPOST('scandir','alpha');
$db->begin();
if (dolibarr_set_const($db, "LIVRAISON_ADDON_PDF",$value,'chaine',0,'',$conf->entity))
@@ -162,7 +162,7 @@
if ($action == 'set_DELIVERY_FREE_TEXT')
{
- $free=GETPOST("DELIVERY_FREE_TEXT");
+ $free=GETPOST('DELIVERY_FREE_TEXT','alpha');
$res=dolibarr_set_const($db, "DELIVERY_FREE_TEXT",$free,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;
View
24 htdocs/categories/class/categorie.class.php
@@ -523,22 +523,28 @@ function del_type($obj,$type)
/**
* Return list of contents of a category
*
- * @param string $field Field name for select in table. Full field name will be fk_field.
- * @param string $classname PHP Class of object to store entity
- * @param string $table Table name for select in table. Full table name will be PREFIX_categorie_table.
+ * @param string $field Field name for select in table. Full field name will be fk_field.
+ * @param string $classname PHP Class of object to store entity
+ * @param string $category_table Table name for select in table. Full table name will be PREFIX_categorie_table.
+ * @param string $object_table Table name for select in table. Full table name will be PREFIX_table.
* @return void
*/
- function get_type($field,$classname,$table='')
+ function get_type($field,$classname,$category_table='',$object_table='')
{
$objs = array();
// Clean parameters
- if (empty($table)) $table=$field;
+ if (empty($category_table)) $category_table=$field;
+ if (empty($object_table)) $object_table=$field;
- $sql = "SELECT fk_".$field." FROM ".MAIN_DB_PREFIX."categorie_".$table;
- $sql.= " WHERE fk_categorie = ".$this->id;
+ $sql = "SELECT c.fk_".$field;
+ $sql.= " FROM ".MAIN_DB_PREFIX."categorie_".$category_table." as c";
+ $sql.= ", ".MAIN_DB_PREFIX.$object_table." as o";
+ $sql.= " WHERE c.fk_categorie = ".$this->id;
+ $sql.= " AND c.fk_".$field." = o.rowid";
+ $sql.= " AND o.entity IN (".getEntity($field, 1).")";
- dol_syslog("Categorie::get_type sql=".$sql);
+ dol_syslog(get_class($this)."::get_type sql=".$sql);
$resql = $this->db->query($sql);
if ($resql)
{
@@ -553,7 +559,7 @@ function get_type($field,$classname,$table='')
else
{
$this->error=$this->db->error().' sql='.$sql;
- dol_syslog("Categorie::get_type ".$this->error, LOG_ERR);
+ dol_syslog(get_class($this)."::get_type ".$this->error, LOG_ERR);
return -1;
}
}
View
4 htdocs/categories/viewcat.php
@@ -322,7 +322,7 @@
{
require_once(DOL_DOCUMENT_ROOT."/adherents/class/adherent.class.php");
- $prods = $object->get_type("member","Adherent");
+ $prods = $object->get_type("member","Adherent","","adherent");
if ($prods < 0)
{
dol_print_error($db,$object->error);
@@ -358,7 +358,7 @@
}
}
-$db->close();
llxFooter();
+$db->close();
?>
View
9 htdocs/societe/info.php
@@ -1,6 +1,7 @@
<?php
-/* Copyright (C) 2004-2009 Laurent Destailleur <eldy@users.sourceforge.net>
- * Copyright (C) 2010 Juanjo Menent <jmenent@2byte.es>
+/* Copyright (C) 2004-2009 Laurent Destailleur <eldy@users.sourceforge.net>
+ * Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
+ * Copyright (C) 2010 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -32,9 +33,9 @@
if ($conf->notification->enabled) $langs->load("mails");
// Security check
-$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'societe','','');
+$result = restrictedArea($user, 'societe', $socid, '&societe');
/*
View
2  htdocs/societe/soc.php
@@ -66,7 +66,7 @@
}
// Security check
-$result = restrictedArea($user, 'societe', $socid, '&societe', '', '', '', $objcanvas);
+$result = restrictedArea($user, 'societe', $socid, '&societe', '', 'fk_soc', 'rowid', $objcanvas);
// Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array
include_once(DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php');
Please sign in to comment.
Something went wrong with that request. Please try again.