[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 01/01: Protect function extract , the use of
|
From: |
Dany De Bontridder |
|
Subject: |
[Noalyss-commit] [noalyss] 01/01: Protect function extract , the use of this function will be removed during the rewriting |
|
Date: |
Thu, 16 Feb 2017 04:30:46 -0500 (EST) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit c6e274fcb3505ada0417b868e968b6ea83f1489b
Author: Dany De Bontridder <address@hidden>
Date: Thu Feb 16 10:30:20 2017 +0100
Protect function extract , the use of this function will be removed during
the rewriting
---
html/ajax_misc.php | 2 +-
html/compute.php | 2 +-
html/do.php | 2 +-
html/user_login.php | 18 ++++++++++-----
include/ajax/ajax_account_update.php | 2 +-
include/ajax/ajax_bank_saldo.php | 2 +-
include/ajax/ajax_card.php | 4 ++--
include/ajax/ajax_get_receipt.php | 2 +-
include/ajax/ajax_min_row.php | 2 +-
include/ajax/ajax_poste.php | 2 +-
include/ajax/ajax_update_predef.php | 2 +-
include/class/class_acc_ledger.php | 22 ++++++++++--------
include/class/class_acc_ledger_fin.php | 8 +++----
include/class/class_acc_ledger_purchase.php | 6 ++---
include/class/class_acc_ledger_sold.php | 8 +++----
include/class/class_acc_report_row.php | 2 +-
include/class/class_anc_operation.php | 8 +++----
include/class/class_document.php | 36 ++++++++++++++---------------
include/class/class_fiche.php | 2 +-
include/class/class_fiche_def.php | 2 +-
include/class/class_follow_up.php | 6 ++---
include/class/class_pre_op_ach.php | 4 ++--
include/class/class_pre_op_advanced.php | 4 ++--
include/class/class_pre_op_ven.php | 2 +-
include/class/class_stock_goods.php | 4 ++--
include/company.inc.php | 2 +-
include/export/export_balance_pdf.php | 2 +-
include/export/export_fiche_detail_pdf.php | 2 +-
include/export/export_form_pdf.php | 2 +-
include/export/export_gl_csv.php | 2 +-
include/export/export_gl_pdf.php | 2 +-
include/export/export_poste_detail_pdf.php | 2 +-
include/export/export_rec_csv.php | 2 +-
include/lib/class_html_input.php | 2 +-
include/lib/config_file.php | 6 ++---
include/menu.inc.php | 6 ++---
include/periode.inc.php | 2 +-
include/poste.inc.php | 2 +-
include/profile.inc.php | 8 +++----
include/tva.inc.php | 2 +-
40 files changed, 104 insertions(+), 94 deletions(-)
diff --git a/html/ajax_misc.php b/html/ajax_misc.php
index 7d18c84..bca9379 100644
--- a/html/ajax_misc.php
+++ b/html/ajax_misc.php
@@ -59,7 +59,7 @@ foreach ($var as $v)
}
if ($cont != 0)
exit();
-extract($_REQUEST);
+extract($_REQUEST, EXTR_SKIP );
if ( isset($div)) ajax_disconnected($div);
global $g_user, $cn, $g_parameter;
//
diff --git a/html/compute.php b/html/compute.php
index f4f9de7..d349ca3 100644
--- a/html/compute.php
+++ b/html/compute.php
@@ -38,7 +38,7 @@ require_once NOALYSS_INCLUDE.'/class/class_acc_tva.php';
require_once NOALYSS_INCLUDE.'/class/class_user.php';
// Check if the needed field does exist
-extract ($_GET);
+extract ($_GET, EXTR_SKIP );
foreach (array('t','c','p','q','n','gDossier') as $a)
{
if ( ! isset (${$a}) )
diff --git a/html/do.php b/html/do.php
index aa7e1fb..b01ab8d 100644
--- a/html/do.php
+++ b/html/do.php
@@ -70,7 +70,7 @@ if ( ! $cn->exist_table('version')) {
*/
if ( isset ($_POST['set_preference'])) {
//// Save value
- extract($_POST);
+ extract($_POST, EXTR_SKIP );
if (strlen(trim($pass_1)) != 0 && strlen(trim($pass_2)) != 0)
{
diff --git a/html/user_login.php b/html/user_login.php
index 25a37a4..86bbffc 100644
--- a/html/user_login.php
+++ b/html/user_login.php
@@ -104,17 +104,23 @@
$priv=($User->admin==1)?_("Administrateur"):_("Utilisateur");
load_all_script();
if ( isset ($_POST['set_preference'])) {
//// Save value
- extract($_POST);
-
+ $pass_1=HtmlInput::default_value_post("pass_1", "");
+ $pass_2=HtmlInput::default_value_post("pass_2", "");
+ $style_user=HtmlInput::default_value_post("style_user", "");
+ $lang=HtmlInput::default_value_post("lang", "");
if (strlen(trim($pass_1)) != 0 && strlen(trim($pass_2)) != 0)
{
$User->save_password($pass_1,$pass_2);
}
- $User->save_global_preference('THEME', $style_user);
- $User->save_global_preference('LANG', $lang);
- $_SESSION['g_theme']=$style_user;
- $_SESSION['g_lang']=$lang;
+ if (trim($style_user) != "") {
+ $User->save_global_preference('THEME',$style_user);
+ $_SESSION['g_theme']=$style_user;
+ }
+ if (trim($lang) != "") {
+ $User->save_global_preference('LANG', $lang);
+ $_SESSION['g_lang']=$lang;
+ }
$User->load();
$User->save_email($p_email);
}
diff --git a/include/ajax/ajax_account_update.php
b/include/ajax/ajax_account_update.php
index 8a768da..558cac3 100644
--- a/include/ajax/ajax_account_update.php
+++ b/include/ajax/ajax_account_update.php
@@ -49,7 +49,7 @@ for ($i=0; $i<count($var); $i++)
throw new Exception($name." is not set");
}
$ctl='ok';
-extract($_GET);
+extract($_GET,, EXTR_SKIP);
//----------------------------------------------------------------------
// Modification
//----------------------------------------------------------------------
diff --git a/include/ajax/ajax_bank_saldo.php b/include/ajax/ajax_bank_saldo.php
index 2931f0f..165b2d1 100644
--- a/include/ajax/ajax_bank_saldo.php
+++ b/include/ajax/ajax_bank_saldo.php
@@ -38,7 +38,7 @@ if ( ! defined ('ALLOWED') ) die('Appel direct ne sont pas
permis');
require_once NOALYSS_INCLUDE.'/class/class_user.php';
require_once NOALYSS_INCLUDE.'/class/class_dossier.php';
require_once NOALYSS_INCLUDE.'/class/class_fiche.php';
-extract($_GET);
+extract($_GET, EXTR_SKIP);
/* check the parameters */
foreach ( array('j','ctl') as $a )
{
diff --git a/include/ajax/ajax_card.php b/include/ajax/ajax_card.php
index bdd9f53..6c6d515 100644
--- a/include/ajax/ajax_card.php
+++ b/include/ajax/ajax_card.php
@@ -76,7 +76,7 @@ foreach ($var as $v)
$cont=1;
}
}
-extract($_REQUEST );
+extract($_REQUEST, EXTR_SKIP );
if ( $cont != 0 ) exit();
@@ -148,7 +148,7 @@ case 'dc':
if ($can_modify==1)
{
- $html.='<form id="form_'.$ctl.'"method="get"
onsubmit="update_card(this);return false;">';
+ $html.='<form id="form_'.$ctl.'" method="get"
onsubmit="update_card(this);return false;">';
$html.=dossier::hidden();
$html.=HtmlInput::hidden('f_id',$f->id);
$html.=HtmlInput::hidden('ctl',$ctl);
diff --git a/include/ajax/ajax_get_receipt.php
b/include/ajax/ajax_get_receipt.php
index 1f6159b..73dfa84 100644
--- a/include/ajax/ajax_get_receipt.php
+++ b/include/ajax/ajax_get_receipt.php
@@ -36,7 +36,7 @@ require_once NOALYSS_INCLUDE.'/class/class_acc_ledger.php';
require_once NOALYSS_INCLUDE.'/class/class_user.php';
// Check if the needed field does exist
-extract ($_GET);
+extract ($_GET, EXTR_SKIP);
foreach (array('l','gDossier') as $a)
{
if ( ! isset (${$a}) )
diff --git a/include/ajax/ajax_min_row.php b/include/ajax/ajax_min_row.php
index 05302cd..1f06964 100644
--- a/include/ajax/ajax_min_row.php
+++ b/include/ajax/ajax_min_row.php
@@ -28,7 +28,7 @@
if ( ! defined ('ALLOWED') ) die('Appel direct ne sont pas permis');
require_once NOALYSS_INCLUDE.'/class/class_user.php';
require_once NOALYSS_INCLUDE.'/class/class_dossier.php';
-extract($_GET);
+extract($_GET, EXTR_SKIP);
/* check the parameters */
foreach ( array('j','ctl') as $a )
{
diff --git a/include/ajax/ajax_poste.php b/include/ajax/ajax_poste.php
index ef3111e..d498b73 100644
--- a/include/ajax/ajax_poste.php
+++ b/include/ajax/ajax_poste.php
@@ -41,7 +41,7 @@ require_once NOALYSS_INCLUDE.'/lib/function_javascript.php';
require_once NOALYSS_INCLUDE.'/class/class_acc_account_ledger.php';
mb_internal_encoding("UTF-8");
-extract($_REQUEST);
+extract($_REQUEST, EXTR_SKIP);
if ($g_user->check_dossier(dossier::id()) == 'X') exit();
diff --git a/include/ajax/ajax_update_predef.php
b/include/ajax/ajax_update_predef.php
index 7768d3b..3e86ca7 100644
--- a/include/ajax/ajax_update_predef.php
+++ b/include/ajax/ajax_update_predef.php
@@ -34,7 +34,7 @@ require_once NOALYSS_INCLUDE.'/class/class_dossier.php';
require_once NOALYSS_INCLUDE.'/class/class_pre_operation.php';
// Check if the needed field does exist
-extract ($_GET);
+extract ($_GET, EXTR_SKIP);
foreach (array('l','t','d','gDossier') as $a)
{
if ( ! isset (${$a}) )
diff --git a/include/class/class_acc_ledger.php
b/include/class/class_acc_ledger.php
index 47ab7b6..822e029 100644
--- a/include/class/class_acc_ledger.php
+++ b/include/class/class_acc_ledger.php
@@ -79,6 +79,10 @@ class Acc_Ledger extends jrn_def_sql
function get_last_pj()
{
+ if (isNumber($this->id) == 0) {
+ throw new Exception(_("Paramètre invalide"));
+ return;
+ }
if ($this->db->exist_sequence("s_jrn_pj" . $this->id))
{
$ret = $this->db->get_array("select
last_value,is_called from s_jrn_pj" . $this->id);
@@ -1418,7 +1422,7 @@ class Acc_Ledger extends jrn_def_sql
if (empty($p_array))
return 'Aucun résultat';
$anc = null;
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
$lPeriode = new Periode($this->db);
if ($this->check_periode() == true)
{
@@ -1587,7 +1591,7 @@ class Acc_Ledger extends jrn_def_sql
return $this->confirm($p_array);
if ($p_array != null)
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
$add_js = "";
if ($g_parameter->MY_PJ_SUGGEST == 'Y')
{
@@ -1844,7 +1848,7 @@ class Acc_Ledger extends jrn_def_sql
*/
check_parameter($p_array,'p_jrn,e_date');
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
global $g_user;
$tot_cred = 0;
$tot_deb = 0;
@@ -2000,7 +2004,7 @@ class Acc_Ledger extends jrn_def_sql
if ($p_array == null)
throw new Exception('save cannot use a empty array');
global $g_parameter;
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
try
{
$msg = $this->verify($p_array);
@@ -2443,7 +2447,7 @@ class Acc_Ledger extends jrn_def_sql
function create_document($internal, $p_array)
{
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
$doc = new Document($this->db);
$doc->f_id = $e_client;
$doc->md_id = $gen_doc;
@@ -2738,7 +2742,7 @@ class Acc_Ledger extends jrn_def_sql
join parm_periode on p_id=jr_tech_per";
if (!empty($p_array))
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
if (isset($op) )
$r_jrn = (isset(${$op."r_jrn"})) ? ${$op."r_jrn"} : -1;
@@ -3555,7 +3559,7 @@ class Acc_Ledger extends jrn_def_sql
*/
function verify_ledger($array)
{
- extract($array);
+ extract($array, EXTR_SKIP);
try
{
if (isNumber($p_jrn) == 0)
@@ -3593,7 +3597,7 @@ class Acc_Ledger extends jrn_def_sql
if ($array == null)
throw new Exception('save cannot use a empty array');
- extract($array);
+ extract($array, EXTR_SKIP);
$this->jrn_def_id = $p_jrn;
$this->jrn_def_name = $p_jrn_name;
$this->jrn_def_ech_lib = $p_ech_lib;
@@ -3755,7 +3759,7 @@ class Acc_Ledger extends jrn_def_sql
function save_new($array)
{
$this->load();
- extract($array);
+ extract($array, EXTR_SKIP);
$this->jrn_def_id = -1;
$this->jrn_def_name = $p_jrn_name;
$this->jrn_def_ech_lib = $p_ech_lib;
diff --git a/include/class/class_acc_ledger_fin.php
b/include/class/class_acc_ledger_fin.php
index bef6e39..7a8cd6f 100644
--- a/include/class/class_acc_ledger_fin.php
+++ b/include/class/class_acc_ledger_fin.php
@@ -64,7 +64,7 @@ class Acc_Ledger_Fin extends Acc_Ledger
check_parameter($p_array,'p_jrn');
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
/* check for a double reload */
if (isset($mt) && $this->db->count_sql('select jr_mt from jrn
where jr_mt=$1', array($mt)) != 0)
throw new Exception(_('Double Encodage'), 5);
@@ -242,7 +242,7 @@ class Acc_Ledger_Fin extends Acc_Ledger
{
global $g_parameter, $g_user;
if ($p_array != null)
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
$pview_only = false;
@@ -460,7 +460,7 @@ class Acc_Ledger_Fin extends Acc_Ledger
global $g_parameter,$g_user;
$r = "";
bcscale(2);
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
$pPeriode = new Periode($this->db);
if ($this->check_periode() == true)
{
@@ -689,7 +689,7 @@ class Acc_Ledger_Fin extends Acc_Ledger
bcscale(2);
$internal_code = "";
$oid = 0;
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
$ret = '';
// Debit = banque
$bank_id = $this->get_bank();
diff --git a/include/class/class_acc_ledger_purchase.php
b/include/class/class_acc_ledger_purchase.php
index 194bce3..e4ca02b 100644
--- a/include/class/class_acc_ledger_purchase.php
+++ b/include/class/class_acc_ledger_purchase.php
@@ -69,7 +69,7 @@ class Acc_Ledger_Purchase extends Acc_Ledger
*/
check_parameter($p_array,'p_jrn,e_date,e_client');
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
/* check if we can write into this ledger */
if ( $g_user->check_jrn($p_jrn) != 'W' )
throw new Exception (_('Accès interdit'),20);
@@ -484,7 +484,7 @@ class Acc_Ledger_Purchase extends Acc_Ledger
public function insert($p_array=null)
{
global $g_parameter;
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
$this->verify($p_array) ;
$group=$this->db->get_next_seq("s_oa_group"); /* for analytic */
@@ -961,7 +961,7 @@ class Acc_Ledger_Purchase extends Acc_Ledger
public function input($p_array=null,$p_readonly=0)
{
global $g_parameter,$g_user;
- if ( $p_array != null ) extract($p_array);
+ if ( $p_array != null ) extract($p_array, EXTR_SKIP);
$flag_tva=$g_parameter->MY_TVA_USE;
/* Add button */
diff --git a/include/class/class_acc_ledger_sold.php
b/include/class/class_acc_ledger_sold.php
index f3aad41..6fceee8 100644
--- a/include/class/class_acc_ledger_sold.php
+++ b/include/class/class_acc_ledger_sold.php
@@ -68,7 +68,7 @@ class Acc_Ledger_Sold extends Acc_Ledger {
if (is_array($p_array ) == false || empty($p_array))
throw new Exception ("Array empty");
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
/*
* Check needed value
@@ -232,7 +232,7 @@ class Acc_Ledger_Sold extends Acc_Ledger {
public function insert($p_array = null) {
global $g_parameter;
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
$this->verify($p_array);
$group = $this->db->get_next_seq("s_oa_group"); /* for analytic */
@@ -607,7 +607,7 @@ class Acc_Ledger_Sold extends Acc_Ledger {
function confirm($p_array, $p_summary = false) {
global $g_parameter;
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
// don't need to verify for a summary
if (!$p_summary)
@@ -1003,7 +1003,7 @@ EOF;
function input($p_array = null, $p_readonly = 0) {
global $g_parameter, $g_user;
if ($p_array != null)
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
$flag_tva = $g_parameter->MY_TVA_USE;
/* Add button */
diff --git a/include/class/class_acc_report_row.php
b/include/class/class_acc_report_row.php
index 97e1b32..d74dea1 100644
--- a/include/class/class_acc_report_row.php
+++ b/include/class/class_acc_report_row.php
@@ -75,7 +75,7 @@ class Acc_Report_Row
*/
public function from_array($p_array)
{
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
$ret=array();
$ix=0;
$found=0;
diff --git a/include/class/class_anc_operation.php
b/include/class/class_anc_operation.php
index ab0491d..042831f 100644
--- a/include/class/class_anc_operation.php
+++ b/include/class/class_anc_operation.php
@@ -536,7 +536,7 @@ class Anc_Operation
function
display_form_plan($p_array,$p_null,$p_mode,$p_seq,$p_amount,$p_id='',$p_add_button=true)
{
if ( $p_array != null)
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
$result="";
$plan=new Anc_Plan($this->db);
$a_plan=$plan->get_list(" order by pa_id ");
@@ -660,7 +660,7 @@ class Anc_Operation
function save_form_plan_vat_nd($p_array,$p_item,$p_j_id,$p_nd)
{
bcscale(4);
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
if (! isset ($hplan) ) return;
if ( ! isset(${'amount_t'.$p_item}) )
@@ -746,7 +746,7 @@ class Anc_Operation
*/
function save_form_plan($p_array,$p_item,$p_j_id)
{
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
if (! isset ($hplan) ) return;
/* variable for in array
pa_id array of existing pa_id
@@ -799,7 +799,7 @@ class Anc_Operation
*/
function save_update_form($p_array)
{
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
if ( ! isset($opanc)) return;
for ($i = 0; $i < count($opanc); $i++)
{
diff --git a/include/class/class_document.php b/include/class/class_document.php
index 1ab9fee..07ace7b 100644
--- a/include/class/class_document.php
+++ b/include/class/class_document.php
@@ -835,13 +835,13 @@ class Document
* - [DATE_LIMIT]
*/
case 'DATE_LIMIT_CALC':
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
$id='e_ech' ;
if ( !isset (${$id}) ) return "";
$r=format_date(${$id},'DD.MM.YYYY','YYYY-MM-DD');
break;
case 'DATE_LIMIT':
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
$id='e_ech' ;
if ( !isset (${$id}) ) return "";
$r=${$id};
@@ -852,7 +852,7 @@ class Document
break;
case 'VEN_ART_NAME':
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
$id='e_march'.$this->counter;
// check if the march exists
if ( ! isset (${$id})) return "";
@@ -866,7 +866,7 @@ class Document
else $r = "";
break;
case 'VEN_ART_LABEL':
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
$id='e_march'.$this->counter."_label";
// check if the march exists
@@ -892,7 +892,7 @@ class Document
$r=${'e_march'.$this->counter.'_label'};
break;
case 'VEN_ART_STOCK_CODE':
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
$id = 'e_march' . $this->counter;
// check if the march exists
if (!isset(${$id}))
@@ -910,7 +910,7 @@ class Document
}
break;
case 'VEN_ART_PRICE':
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
$id='e_march'.$this->counter.'_price' ;
if ( !isset (${$id}) ) return "";
if (${$id} == 0 ) return "";
@@ -919,7 +919,7 @@ class Document
case 'TVA_RATE':
case 'VEN_ART_TVA_RATE':
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
$id='e_march'.$this->counter.'_tva_id';
if ( !isset (${$id}) ) return "";
if ( ${$id} == -1 || ${$id}=='' ) return "";
@@ -933,7 +933,7 @@ class Document
case 'TVA_CODE':
case 'VEN_ART_TVA_CODE':
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
$id='e_march'.$this->counter.'_tva_id';
if ( !isset (${$id}) ) return "";
if ( ${$id} == -1 ) return "";
@@ -948,7 +948,7 @@ class Document
break;
case 'TVA_LABEL':
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
$id='e_march'.$this->counter.'_tva_id';
if ( !isset (${$id}) ) return "";
$march_id='e_march'.$this->counter.'_price' ;
@@ -963,7 +963,7 @@ class Document
/* total VAT for one sold */
case 'TVA_AMOUNT':
case 'VEN_TVA':
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
$qt='e_quant'.$this->counter;
$price='e_march'.$this->counter.'_price' ;
$tva='e_march'.$this->counter.'_tva_id';
@@ -980,7 +980,7 @@ class Document
/* TVA automatically computed */
case 'VEN_ART_TVA':
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
$qt='e_quant'.$this->counter;
$price='e_march'.$this->counter.'_price' ;
$tva='e_march'.$this->counter.'_tva_id';
@@ -997,7 +997,7 @@ class Document
break;
case 'VEN_ART_TVAC':
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
$qt='e_quant'.$this->counter;
$price='e_march'.$this->counter.'_price' ;
$tva='e_march'.$this->counter.'_tva_id';
@@ -1021,7 +1021,7 @@ class Document
break;
case 'VEN_ART_QUANT':
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
$id='e_quant'.$this->counter;
if ( !isset (${$id}) ) return "";
// check that something is sold
@@ -1034,7 +1034,7 @@ class Document
break;
case 'VEN_HTVA':
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
$id='e_march'.$this->counter.'_price' ;
$quant='e_quant'.$this->counter;
if ( !isset (${$id}) ) return "";
@@ -1050,7 +1050,7 @@ class Document
break;
case 'VEN_TVAC':
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
$id='e_march'.$this->counter.'_tva_amount' ;
$price='e_march'.$this->counter.'_price' ;
$quant='e_quant'.$this->counter;
@@ -1070,7 +1070,7 @@ class Document
break;
case 'TOTAL_VEN_HTVA':
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
bcscale(4);
$sum=0.0;
for ($i=0;$i<$nb_item;$i++)
@@ -1092,7 +1092,7 @@ class Document
$r=round($sum,2);
break;
case 'TOTAL_VEN_TVAC':
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
$sum=0.0;
bcscale(4);
for ($i=0;$i<$nb_item;$i++)
@@ -1114,7 +1114,7 @@ class Document
break;
case 'TOTAL_TVA':
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
$sum=0.0;
for ($i=0;$i<$nb_item;$i++)
{
diff --git a/include/class/class_fiche.php b/include/class/class_fiche.php
index 9a4b381..c4e5d02 100644
--- a/include/class/class_fiche.php
+++ b/include/class/class_fiche.php
@@ -1846,7 +1846,7 @@ class Fiche
function build_sql($array)
{
if (!empty($array))
- extract($array);
+ extract($array, EXTR_SKIP);
$and='';
$filter_fd_id='true';
$filter_query='';
diff --git a/include/class/class_fiche_def.php
b/include/class/class_fiche_def.php
index 5600217..21dd502 100644
--- a/include/class/class_fiche_def.php
+++ b/include/class/class_fiche_def.php
@@ -657,7 +657,7 @@ $order
*/
function save_order($p_array)
{
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
$this->GetAttribut();
foreach ($this->attribut as $row)
{
diff --git a/include/class/class_follow_up.php
b/include/class/class_follow_up.php
index 9ee6d38..08425b3 100644
--- a/include/class/class_follow_up.php
+++ b/include/class/class_follow_up.php
@@ -1294,7 +1294,7 @@ class Follow_Up
if ($p_array==null)
$p_array=$_GET;
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
$query="";
if (count($searchtag)==0)
return "";
@@ -1317,7 +1317,7 @@ class Follow_Up
if ($p_array==null)
$p_array=$_GET;
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
$action_query="";
@@ -1463,7 +1463,7 @@ class Follow_Up
*/
function export_csv($p_array)
{
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
$p_search=self::create_query($this->db, $p_array);
diff --git a/include/class/class_pre_op_ach.php
b/include/class/class_pre_op_ach.php
index 34d40c6..1975a8d 100644
--- a/include/class/class_pre_op_ach.php
+++ b/include/class/class_pre_op_ach.php
@@ -163,9 +163,9 @@ class Pre_op_ach extends Pre_operation_detail
{
require_once NOALYSS_INCLUDE.'/class/class_acc_ledger_purchase.php';
global $g_parameter,$g_user;
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
$ledger=new Acc_Ledger_Purchase($this->db,$this->jrn_def_id);
- if ( $p_array != null ) extract($p_array);
+ if ( $p_array != null ) extract($p_array, EXTR_SKIP);
$flag_tva=$g_parameter->MY_TVA_USE;
/* Add button */
diff --git a/include/class/class_pre_op_advanced.php
b/include/class/class_pre_op_advanced.php
index 35d5ead..f48bd1b 100644
--- a/include/class/class_pre_op_advanced.php
+++ b/include/class/class_pre_op_advanced.php
@@ -39,7 +39,7 @@ class Pre_Op_Advanced extends Pre_operation_detail
{
parent::get_post();
- extract($_POST);
+ extract($_POST, EXTR_SKIP);
for ($i=0;$i<$this->operation->nb_item;$i++)
{
@@ -162,7 +162,7 @@ class Pre_Op_Advanced extends Pre_operation_detail
$legder->nb=$legder->get_min_row();
if ($p_array != null)
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
$add_js = "";
$ret = "";
diff --git a/include/class/class_pre_op_ven.php
b/include/class/class_pre_op_ven.php
index 1e9dbb8..d726370 100644
--- a/include/class/class_pre_op_ven.php
+++ b/include/class/class_pre_op_ven.php
@@ -166,7 +166,7 @@ class Pre_op_ven extends Pre_operation_detail
function display($p_array)
{
global $g_parameter,$g_user;
- if ( $p_array != null ) extract($p_array);
+ if ( $p_array != null ) extract($p_array, EXTR_SKIP);
require_once NOALYSS_INCLUDE.'/class/class_acc_ledger_sold.php';
$ledger=new Acc_Ledger_Sold($this->db,$this->jrn_def_id);
diff --git a/include/class/class_stock_goods.php
b/include/class/class_stock_goods.php
index 25857c5..ac451f0 100644
--- a/include/class/class_stock_goods.php
+++ b/include/class/class_stock_goods.php
@@ -53,7 +53,7 @@ class Stock_Goods extends Stock_Goods_Sql
if ($p_array != null)
{
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
}
else
{
@@ -179,7 +179,7 @@ class Stock_Goods extends Stock_Goods_Sql
static function insert_goods(&$p_cn,$p_array)
{
global $g_user;
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
if ($g_user->can_write_repo($repo) == false)
return false;
diff --git a/include/company.inc.php b/include/company.inc.php
index fee8952..1bfac93 100644
--- a/include/company.inc.php
+++ b/include/company.inc.php
@@ -29,7 +29,7 @@ require_once NOALYSS_INCLUDE.'/class/class_own.php';
if (isset($_POST['record_company']))
{
$m = new Own($cn);
- extract($_POST);
+ extract($_POST, EXTR_SKIP);
$m->MY_NAME = $p_name;
$m->MY_TVA = $p_tva;
$m->MY_STREET = $p_street;
diff --git a/include/export/export_balance_pdf.php
b/include/export/export_balance_pdf.php
index dae5c20..e54d00e 100644
--- a/include/export/export_balance_pdf.php
+++ b/include/export/export_balance_pdf.php
@@ -45,7 +45,7 @@ $g_user->Check();
$bal=new Acc_Balance($cn);
-extract ($_GET);
+extract ($_GET, EXTR_SKIP);
$bal->jrn=null;
switch( $_GET['p_filter'])
{
diff --git a/include/export/export_fiche_detail_pdf.php
b/include/export/export_fiche_detail_pdf.php
index 5942928..6be26d7 100644
--- a/include/export/export_fiche_detail_pdf.php
+++ b/include/export/export_fiche_detail_pdf.php
@@ -35,7 +35,7 @@ $gDossier=dossier::id();
$cn=Dossier::connect();
-extract($_GET);
+extract($_GET, EXTR_SKIP);
$ret="";
$pdf= new PDF($cn);
diff --git a/include/export/export_form_pdf.php
b/include/export/export_form_pdf.php
index 80ff724..e967c08 100644
--- a/include/export/export_form_pdf.php
+++ b/include/export/export_form_pdf.php
@@ -37,7 +37,7 @@ $gDossier=dossier::id();
$cn=Dossier::connect();
-extract($_GET);
+extract($_GET, EXTR_SKIP);
$ret="";
$Form=new Acc_Report($cn,$form_id);
$Libelle=sprintf("%s ",$Form->get_name());
diff --git a/include/export/export_gl_csv.php b/include/export/export_gl_csv.php
index fbc6950..bc82929 100644
--- a/include/export/export_gl_csv.php
+++ b/include/export/export_gl_csv.php
@@ -37,7 +37,7 @@ $gDossier=dossier::id();
$cn=Dossier::connect();
$export=new Noalyss_Csv(_('grandlivre'));
-extract($_GET);
+extract($_GET, EXTR_SKIP);
$export->send_header();
if ( isset($poste_id) && strlen(trim($poste_id)) != 0 && isNumber($poste_id) )
{
diff --git a/include/export/export_gl_pdf.php b/include/export/export_gl_pdf.php
index ccfe51c..80aa54b 100644
--- a/include/export/export_gl_pdf.php
+++ b/include/export/export_gl_pdf.php
@@ -42,7 +42,7 @@ $g_user->check_dossier($gDossier);
$sql="select pcm_val from tmp_pcmn ";
-extract($_GET);
+extract($_GET, EXTR_SKIP);
$cond_poste="";
if ($from_poste != '')
{
diff --git a/include/export/export_poste_detail_pdf.php
b/include/export/export_poste_detail_pdf.php
index b84c767..04977a3 100644
--- a/include/export/export_poste_detail_pdf.php
+++ b/include/export/export_poste_detail_pdf.php
@@ -36,7 +36,7 @@ $gDossier=dossier::id();
/* Security */
$cn=Dossier::connect();
-extract($_GET);
+extract($_GET, EXTR_SKIP);
if ( isset ( $poste_fille) )
{ //choisit de voir tous les postes
diff --git a/include/export/export_rec_csv.php
b/include/export/export_rec_csv.php
index 9e95eb0..901ade8 100644
--- a/include/export/export_rec_csv.php
+++ b/include/export/export_rec_csv.php
@@ -23,7 +23,7 @@ foreach (array('choice','p_end','p_start') as $arg)
die ("argument [".$arg."] is missing");
}
}
-extract($_GET);
+extract($_GET, EXTR_SKIP);
$r_jrn=(isset($r_jrn))?$r_jrn:'';
// -------------------------
// Create object and export
diff --git a/include/lib/class_html_input.php b/include/lib/class_html_input.php
index c4dad1f..5fad2b7 100755
--- a/include/lib/class_html_input.php
+++ b/include/lib/class_html_input.php
@@ -901,7 +901,7 @@ class HtmlInput
*/
static function button_choice_ledger($p_array)
{
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
$bledger_param = json_encode(array(
'dossier' => $_REQUEST['gDossier'],
'type' => $type,
diff --git a/include/lib/config_file.php b/include/lib/config_file.php
index 09edd1d..3f2592b 100644
--- a/include/lib/config_file.php
+++ b/include/lib/config_file.php
@@ -72,7 +72,7 @@ function config_file_form($p_array=null)
$cadmin='admin';
}
- else extract ($p_array);
+ else extract ($p_array, EXTR_SKIP);
$ictmp=new IText('ctmp',$ctmp);
$ictmp->size=25;
@@ -115,7 +115,7 @@ function config_file_form($p_array=null)
*/
function display_file_config($p_array,$from_setup=1,$p_os=1)
{
- extract($p_array);
+ extract($p_array, EXTR_SKIP);
print ('<?php ');
print ("\r\n");
print ( 'date_default_timezone_set (\'Europe/Brussels\');');
@@ -234,7 +234,7 @@ function display_file_config($p_array,$from_setup=1,$p_os=1)
*/
function config_file_create($p_array,$from_setup,$p_os=1)
{
- extract ($p_array);
+ extract ($p_array, EXTR_SKIP);
$hFile= fopen(NOALYSS_INCLUDE.'/config.inc.php','w');
ob_start();
display_file_config($p_array,$from_setup,$p_os);
diff --git a/include/menu.inc.php b/include/menu.inc.php
index 7f58108..01de3c7 100644
--- a/include/menu.inc.php
+++ b/include/menu.inc.php
@@ -38,7 +38,7 @@ echo '<div class="content">';
*/
if ( isset($_POST['save_plugin']))
{
- extract($_POST);
+ extract($_POST, EXTR_SKIP);
$plugin=new Extension($cn);
$plugin->me_code=$me_code;
$plugin->me_menu=$me_menu;
@@ -52,7 +52,7 @@ if ( isset($_POST['save_plugin']))
*/
if (isset($_POST['mod_plugin']))
{
- extract ($_POST);
+ extract ($_POST, EXTR_SKIP);
$plugin=new Extension($cn);
$plugin->me_code=strtoupper($me_code);
$plugin->me_menu=$me_menu;
@@ -73,7 +73,7 @@ if (isset($_POST['mod_plugin']))
*/
if ( isset($_POST['create_menu'])|| isset($_POST['modify_menu']))
{
- extract($_POST);
+ extract($_POST, EXTR_SKIP);
$menu_ref=new Menu_Ref($cn);
$menu_ref->me_code=strtoupper($me_code);
$menu_ref->me_menu=$me_menu;
diff --git a/include/periode.inc.php b/include/periode.inc.php
index 98eb8bd..be12ad2 100644
--- a/include/periode.inc.php
+++ b/include/periode.inc.php
@@ -38,7 +38,7 @@ if ($choose=='Valider') $choose='yes';
if ( isset ($_POST["add_per"] ))
{
- extract($_POST);
+ extract($_POST, EXTR_SKIP);
$obj=new Periode($cn);
if ( $obj->insert($p_date_start,$p_date_end,$p_exercice) == 1 )
{
diff --git a/include/poste.inc.php b/include/poste.inc.php
index 8e37ef2..8a331dd 100644
--- a/include/poste.inc.php
+++ b/include/poste.inc.php
@@ -32,7 +32,7 @@ $gDossier=dossier::id();
// confirm mod
if ( isset( $_POST['confirm_mod'] ) )
{
- extract($_POST);
+ extract($_POST, EXTR_SKIP);
$update=new Acc_Parm_Code($cn,$p_code);
$update->p_comment=$p_comment;
$update->p_value=$p_value;
diff --git a/include/profile.inc.php b/include/profile.inc.php
index 6e3e71e..9ad4aa4 100644
--- a/include/profile.inc.php
+++ b/include/profile.inc.php
@@ -28,7 +28,7 @@ global $cn;
//**********************************************
if (isset($_POST['change_profile']))
{
- extract($_POST);
+ extract($_POST, EXTR_SKIP);
try
{
for ($e=0; $e<count($right); $e++)
@@ -67,7 +67,7 @@ if (isset($_POST['change_profile']))
//**********************************************
if (isset($_POST['change_stock']))
{
- extract($_POST);
+ extract($_POST, EXTR_SKIP);
try
{
for ($e=0; $e<count($right); $e++)
@@ -108,7 +108,7 @@ if (isset($_POST['change_stock']))
if (isset($_POST['save_name']))
{
- extract($_POST);
+ extract($_POST, EXTR_SKIP);
try
{
if (strlen(trim($p_name))==0)
@@ -187,7 +187,7 @@ if (isset($_POST['clone']))
//************************************
if (isset($_POST['delete_profil']))
{
- extract($_POST);
+ extract($_POST, EXTR_SKIP);
try
{
$cn->start();
diff --git a/include/tva.inc.php b/include/tva.inc.php
index 8ca5c11..e0f9768 100644
--- a/include/tva.inc.php
+++ b/include/tva.inc.php
@@ -41,7 +41,7 @@ $both_side=(isset($_REQUEST['both']))?1:0;
if (isset($_POST['confirm_mod'])
|| isset($_POST['confirm_add']))
{
- extract($_POST);
+ extract($_POST, EXTR_SKIP);
// remove space
$tva_poste = str_replace(" ", "", $tva_poste);
$err = 0; // Error code