FIX: TakePos sometimes thirdpartyid = undefined #36343
Conversation
the-dolibear-bot-for-v18
bot
added
the
Issue for v18 maintenance Team
the-dolibear-bot-for-v18
bot
requested review from
lvessiller-opendsi and
rycks
htdocs/takepos/index.php
Outdated
|
|
||
| // Only show products for sale (tosell=1) | ||
| let socid = jQuery('#thirdpartyid').val(); | ||
| if ((socid === undefined || socid === "") && parseInt("<?= $socid ?>") > 0) { |
There was a problem hiding this comment.
Use of <?= is forbidden
Must use <?php echo for better compatibility and security
There was a problem hiding this comment.
I corrected it, but why is it forbidden ? According to the PHP documentation, both uses are exactly the same since PHP 5.4.
There was a problem hiding this comment.
I corrected it, but why is it forbidden ? According to the PHP documentation, both uses are exactly the same since PHP 5.4.
Several reason mentionned into wiki:
PHP code section must start with '''<?php''' (the "smart tags" <? or <?=, also known as the "short tags", depend on php configuration option '''short_open_tag''' even if this is no more true after php5.4. The use of <? can still have conflict with XML syntax. The smartags may not be supported by all IDE. Also, the use of <?= make easier for a hacker to make PHP injection. To fight this, some Dolibarr components, like the website PHP editor, accepts only full php tags to detect, parse and filter PHP. Finaly, using the same tag everywhere make also easier to make code scanning or impact analysis when we are sure of the tags that is used, and the best solution, to be sure of which tag is used, is to use one, only one and the same tag everywhere.
eldy
added
the
PR to fix - See feedback in comments
2 participants
Linked to 36341
Sometimes jQuery('#thirdpartyid').val() is undefined because the input is described in takepos/invoice.php.
But it needs to be defined before, to prevent wrong price to be fetched in case of multilevel prices.