From 00bf8caa8caef6c77599a70480e998c92da210c6 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 25 Mar 2016 17:55:58 +0100 Subject: [PATCH 1/5] FIX #4870 --- htdocs/core/class/commonobject.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 6c5c1496eec..678db0f95bd 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -2726,7 +2726,7 @@ abstract class CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql.= " SET fk_incoterms = ".($id_incoterm > 0 ? $id_incoterm : "null"); - $sql.= ", location_incoterms = '".($id_incoterm > 0 ? $this->db->escape($location) : "null")."'"; + $sql.= ", location_incoterms = ".($id_incoterm > 0 ? "'".$this->db->escape($location)."'" : "null"); $sql.= " WHERE rowid = " . $this->id; dol_syslog(get_class($this).'::setIncoterms', LOG_DEBUG); $resql=$this->db->query($sql); From 2a19326a3f6c28b7e4261ae48d35b0bec8d1fc49 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 31 Mar 2016 21:47:32 +0200 Subject: [PATCH 2/5] FIX Missing database escaping on supplier price insert/update --- htdocs/product/class/product.class.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 57fbcd01257..78ea0cb39c7 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -2506,7 +2506,7 @@ class Product extends CommonObject $sql = "SELECT rowid, fk_product"; $sql.= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; $sql.= " WHERE fk_soc = ".$id_fourn; - $sql.= " AND ref_fourn = '".$ref_fourn."'"; + $sql.= " AND ref_fourn = '".$this->db->escape($ref_fourn)."'"; $sql.= " AND fk_product != ".$this->id; $sql.= " AND entity = ".$conf->entity; @@ -2528,7 +2528,7 @@ class Product extends CommonObject $sql = "SELECT rowid"; $sql.= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; $sql.= " WHERE fk_soc = ".$id_fourn; - if ($ref_fourn) $sql.= " AND ref_fourn = '".$ref_fourn."'"; + if ($ref_fourn) $sql.= " AND ref_fourn = '".$this->db->escape($ref_fourn)."'"; else $sql.= " AND (ref_fourn = '' OR ref_fourn IS NULL)"; $sql.= " AND quantity = '".$quantity."'"; $sql.= " AND fk_product = ".$this->id; @@ -2557,7 +2557,7 @@ class Product extends CommonObject $sql.= ", ".$conf->entity; $sql.= ", ".$this->id; $sql.= ", ".$id_fourn; - $sql.= ", '".$ref_fourn."'"; + $sql.= ", '".$this->db->escape($ref_fourn)."'"; $sql.= ", ".$quantity; $sql.= ", ".$user->id; $sql.= ", 0"; From d4529d19c7bc760a9e5153ab3f632dd247a122ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Fri, 1 Apr 2016 17:32:58 +0200 Subject: [PATCH 3/5] Update facture.php ref_client in order ref_customer in shipping --- htdocs/compta/facture.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php index 5fab485e655..c13d8197801 100644 --- a/htdocs/compta/facture.php +++ b/htdocs/compta/facture.php @@ -1906,7 +1906,7 @@ if ($action == 'create') $objectsrc->fetch_thirdparty(); $projectid = (! empty($projectid) ? $projectid : $objectsrc->fk_project); - $ref_client = (! empty($objectsrc->ref_client) ? $objectsrc->ref_client : ''); + $ref_client = (! empty($objectsrc->ref_client) ? $objectsrc->ref_client : (! empty($objectsrc->ref_customer) ? $objectsrc->ref_customer:'')); $ref_int = (! empty($objectsrc->ref_int) ? $objectsrc->ref_int : ''); // only if socid not filled else it's allready done upper From 599b225489ceca826190f331a1070e8d85c0c9f3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 2 Apr 2016 14:15:38 +0200 Subject: [PATCH 4/5] FIX Creation of thumb image for size "small" was not done. Conflicts: htdocs/core/lib/files.lib.php --- htdocs/core/lib/files.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 8fc5bea72b6..42615ec51f4 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1139,7 +1139,7 @@ function dol_add_file_process($upload_dir, $allowoverwrite=0, $donotupdatesessio { // Create small thumbs for image (Ratio is near 16/9) // Used on logon for example - $imgThumbSmall = vignette($destpath, $maxwidthsmall, $maxheigthsmall, '_small', 50, "thumbs"); + $imgThumbSmall = vignette($destpath, $maxwidthsmall, $maxheightsmall, '_small', 50, "thumbs"); // Create mini thumbs for image (Ratio is near 16/9) // Used on menu or for setup page for example $imgThumbMini = vignette($destpath, $maxwidthmini, $maxheightmini, '_mini', 50, "thumbs"); From f7fb95cab8d88c975fdaf0439899743919823957 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 7 Apr 2016 19:24:29 +0200 Subject: [PATCH 5/5] FIX Box disabled because bugged --- htdocs/core/boxes/box_task.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/core/boxes/box_task.php b/htdocs/core/boxes/box_task.php index d6a65884ffb..e7e8dafb22a 100644 --- a/htdocs/core/boxes/box_task.php +++ b/htdocs/core/boxes/box_task.php @@ -36,7 +36,8 @@ class box_task extends ModeleBoxes //var $depends = array("projet"); var $db; var $param; - + var $enabled = 0; // Disabled because bugged. + var $info_box_head = array(); var $info_box_contents = array();