mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-02-20 13:46:52 +01:00
FIX Protection against bad value into accurancy setup
This commit is contained in:
Laurent Destailleur
parent
85a764afc6
commit
509c85672e
|
|
@ -1,5 +1,5 @@
|
|||
<?php
|
||||
/* Copyright (C) 2007-2020 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
/* Copyright (C) 2007-2022 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2009-2018 Regis Houssin <regis.houssin@inodbox.com>
|
||||
* Copyright (C) 2010 Juanjo Menent <jmenent@2byte.es>
|
||||
*
|
||||
|
|
@ -29,11 +29,8 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/price.lib.php';
|
|||
// Load translation files required by the page
|
||||
$langs->loadLangs(array('companies', 'products', 'admin'));
|
||||
|
||||
if (!$user->admin) {
|
||||
accessforbidden();
|
||||
}
|
||||
|
||||
$action = GETPOST('action', 'aZ09');
|
||||
$cancel = GETPOST('cancel', 'aZ09');
|
||||
$currencycode = GETPOST('currencycode', 'alpha');
|
||||
|
||||
if (!empty($conf->multicurrency->enabled) && !empty($conf->global->MULTICURRENCY_USE_LIMIT_BY_CURRENCY)) {
|
||||
|
|
@ -48,25 +45,36 @@ $mainroundingruletot = 'MAIN_ROUNDING_RULE_TOT'.(!empty($currencycode) ? '_'.$cu
|
|||
|
||||
$valmainmaxdecimalsunit = GETPOST($mainmaxdecimalsunit, 'int');
|
||||
$valmainmaxdecimalstot = GETPOST($mainmaxdecimalstot, 'int');
|
||||
$valmainmaxdecimalsshown = GETPOST($mainmaxdecimalsshown, 'int');
|
||||
$valmainmaxdecimalsshown = GETPOST($mainmaxdecimalsshown, 'alpha'); // Can be 'x.y' but also 'x...'
|
||||
$valmainroundingruletot = price2num(GETPOST($mainroundingruletot, 'alphanohtml'), '', 2);
|
||||
|
||||
if ($action == 'update') {
|
||||
if (!$user->admin) {
|
||||
accessforbidden();
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
*/
|
||||
|
||||
if ($action == 'update' && !$cancel) {
|
||||
$error = 0;
|
||||
$MAXDEC = 8;
|
||||
if ($_POST[$mainmaxdecimalsunit] > $MAXDEC
|
||||
|| $_POST[$mainmaxdecimalstot] > $MAXDEC
|
||||
|| $_POST[$mainmaxdecimalsshown] > $MAXDEC) {
|
||||
if ($valmainmaxdecimalsunit > $MAXDEC
|
||||
|| $valmainmaxdecimalstot > $MAXDEC
|
||||
|| $valmainmaxdecimalsshown > $MAXDEC) {
|
||||
$error++;
|
||||
setEventMessages($langs->trans("ErrorDecimalLargerThanAreForbidden", $MAXDEC), null, 'errors');
|
||||
$action = 'edit';
|
||||
}
|
||||
|
||||
if ($_POST[$mainmaxdecimalsunit].(!empty($currencycode) ? '_'.$currencycode : '') < 0
|
||||
|| $_POST[$mainmaxdecimalstot] < 0
|
||||
|| $_POST[$mainmaxdecimalsshown] < 0) {
|
||||
if ($valmainmaxdecimalsunit < 0
|
||||
|| $valmainmaxdecimalstot < 0
|
||||
|| $valmainmaxdecimalsshown < 0) {
|
||||
$langs->load("errors");
|
||||
$error++;
|
||||
setEventMessages($langs->trans("ErrorNegativeValueNotAllowed"), null, 'errors');
|
||||
$action = 'edit';
|
||||
}
|
||||
|
||||
if ($valmainroundingruletot) {
|
||||
|
|
@ -74,9 +82,23 @@ if ($action == 'update') {
|
|||
$langs->load("errors");
|
||||
$error++;
|
||||
setEventMessages($langs->trans("ErrorMAIN_ROUNDING_RULE_TOTCanMAIN_MAX_DECIMALS_TOT"), null, 'errors');
|
||||
$action = 'edit';
|
||||
}
|
||||
}
|
||||
|
||||
if ((float) $valmainmaxdecimalsshown == 0) {
|
||||
$langs->load("errors");
|
||||
$error++;
|
||||
setEventMessages($langs->trans("ErrorValueCantBeNull", dol_trunc(dol_string_nohtmltag($langs->transnoentitiesnoconv("MAIN_MAX_DECIMALS_SHOWN")), 40)), null, 'errors');
|
||||
$action = 'edit';
|
||||
}
|
||||
if (! $error && ((float) $valmainmaxdecimalsshown < $valmainmaxdecimalsunit || (float) $valmainmaxdecimalsshown < $valmainmaxdecimalstot)) {
|
||||
$langs->load("errors");
|
||||
$error++;
|
||||
setEventMessages($langs->trans("ErrorValueForTooLow", dol_trunc(dol_string_nohtmltag($langs->transnoentitiesnoconv("MAIN_MAX_DECIMALS_SHOWN")), 40)), null, 'errors');
|
||||
$action = 'edit';
|
||||
}
|
||||
|
||||
if (!$error) {
|
||||
dolibarr_set_const($db, $mainmaxdecimalsunit, $valmainmaxdecimalsunit, 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, $mainmaxdecimalstot, $valmainmaxdecimalstot, 'chaine', 0, '', $conf->entity);
|
||||
|
|
@ -143,24 +165,25 @@ if ($action == 'edit') {
|
|||
|
||||
print '<tr class="oddeven"><td>';
|
||||
print $form->textwithpicto($langs->trans("MAIN_MAX_DECIMALS_UNIT"), $langs->trans("ParameterActiveForNextInputOnly"));
|
||||
print '</td><td><input class="flat" name="'.$mainmaxdecimalsunit.'" size="3" value="'.(isset($conf->global->$mainmaxdecimalsunit) ? $conf->global->$mainmaxdecimalsunit : $conf->global->MAIN_MAX_DECIMALS_UNIT).'"></td></tr>';
|
||||
print '</td><td><input class="flat right" name="'.$mainmaxdecimalsunit.'" size="3" value="'.(GETPOSTISSET($mainmaxdecimalsunit) ? GETPOST($mainmaxdecimalsunit) : getDolGlobalInt('MAIN_MAX_DECIMALS_UNIT', 0)).'"></td></tr>';
|
||||
|
||||
print '<tr class="oddeven"><td>';
|
||||
print $form->textwithpicto($langs->trans("MAIN_MAX_DECIMALS_TOT"), $langs->trans("ParameterActiveForNextInputOnly"));
|
||||
print '</td><td><input class="flat" name="'.$mainmaxdecimalstot.'" size="3" value="'.(isset($conf->global->$mainmaxdecimalstot) ? $conf->global->$mainmaxdecimalstot : $conf->global->MAIN_MAX_DECIMALS_TOT).'"></td></tr>';
|
||||
print '</td><td><input class="flat right" name="'.$mainmaxdecimalstot.'" size="3" value="'.(GETPOSTISSET($mainmaxdecimalstot) ? GETPOST($mainmaxdecimalstot) : getDolGlobalInt('MAIN_MAX_DECIMALS_TOT', 0)).'"></td></tr>';
|
||||
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("MAIN_MAX_DECIMALS_SHOWN").'</td>';
|
||||
print '<td><input class="flat" name="'.$mainmaxdecimalsshown.'" size="3" value="'.(isset($conf->global->$mainmaxdecimalsshown) ? $conf->global->$mainmaxdecimalsshown : $conf->global->MAIN_MAX_DECIMALS_SHOWN).'"></td></tr>';
|
||||
print '<td><input class="flat right" name="'.$mainmaxdecimalsshown.'" size="3" value="'.(GETPOSTISSET($mainmaxdecimalsshown) ? GETPOST($mainmaxdecimalsshown) : getDolGlobalString('MAIN_MAX_DECIMALS_SHOWN')).'"></td></tr>';
|
||||
|
||||
print '<tr class="oddeven"><td>';
|
||||
print $form->textwithpicto($langs->trans("MAIN_ROUNDING_RULE_TOT"), $langs->trans("ParameterActiveForNextInputOnly"));
|
||||
print '</td><td><input class="flat" name="'.$mainroundingruletot.'" size="3" value="'.(isset($conf->global->$mainroundingruletot) ? $conf->global->$mainroundingruletot : (!empty($conf->global->MAIN_ROUNDING_RULE_TOT) ? $conf->global->MAIN_ROUNDING_RULE_TOT : '')).'"></td></tr>';
|
||||
print '</td><td><input class="flat right" name="'.$mainroundingruletot.'" size="3" value="'.(GETPOSTISSET($mainroundingruletot) ? GETPOST($mainroundingruletot) : getDolGlobalString('MAIN_ROUNDING_RULE_TOT')).'"></td></tr>';
|
||||
|
||||
print '</table>';
|
||||
|
||||
print '<br>';
|
||||
print '<div class="center">';
|
||||
print '<input class="button button-save" type="submit" value="'.$langs->trans("Save").'">';
|
||||
print '<input class="button button-save" type="submit" name="save" value="'.$langs->trans("Save").'">';
|
||||
print ' ';
|
||||
print '<input class="button button-cancel" type="submit" name="cancel" value="'.$langs->trans("Cancel").'">';
|
||||
print '</div>';
|
||||
print '<br>';
|
||||
|
||||
|
|
@ -169,7 +192,7 @@ if ($action == 'edit') {
|
|||
} else {
|
||||
print '<div class="div-table-responsive-no-min">';
|
||||
print '<table class="noborder centpercent">';
|
||||
print '<tr class="liste_titre"><td>'.$langs->trans("Parameter").'</td><td>'.$langs->trans("Value").'</td></tr>';
|
||||
print '<tr class="liste_titre"><td>'.$langs->trans("Parameter").'</td><td class="right">'.$langs->trans("Value").'</td></tr>';
|
||||
|
||||
print '<tr class="oddeven"><td>';
|
||||
print $form->textwithpicto($langs->trans("MAIN_MAX_DECIMALS_UNIT"), $langs->trans("ParameterActiveForNextInputOnly"));
|
||||
|
|
@ -190,7 +213,7 @@ if ($action == 'edit') {
|
|||
print '</div>';
|
||||
|
||||
print '<div class="tabsAction">';
|
||||
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?action=edit&token='.newToken().''.(!empty($currencycode) ? '¤cycode='.$currencycode : '').'">'.$langs->trans("Modify").'</a>';
|
||||
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?action=edit&token='.newToken().(!empty($currencycode) ? '¤cycode='.$currencycode : '').'">'.$langs->trans("Modify").'</a>';
|
||||
print '</div>';
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -291,6 +291,8 @@ ErrorAjaxRequestFailed=Request failed
|
|||
ErrorThirpdartyOrMemberidIsMandatory=Third party or Member of partnership is mandatory
|
||||
ErrorFailedToWriteInTempDirectory=Failed to write in temp directory
|
||||
ErrorQuantityIsLimitedTo=Quantity is limited to %s
|
||||
ErrorValueForTooLow=Value for <b>%s</b> is too low
|
||||
ErrorValueCantBeNull=Value for <b>%s</b> can't be null
|
||||
|
||||
# Warnings
|
||||
WarningParamUploadMaxFileSizeHigherThanPostMaxSize=Your PHP parameter upload_max_filesize (%s) is higher than PHP parameter post_max_size (%s). This is not a consistent setup.
|
||||
|
|
@ -327,7 +329,7 @@ WarningModuleXDisabledSoYouMayMissEventHere=Module %s has not been enabled. So y
|
|||
WarningPaypalPaymentNotCompatibleWithStrict=The value 'Strict' makes the online payment features not working correctly. Use 'Lax' instead.
|
||||
WarningThemeForcedTo=Warning, theme has been forced to <b>%s</b> by hidden constant MAIN_FORCETHEME
|
||||
WarningAutoValNotPossibleWhenStockIsDecreasedOnInvoiceVal=Automatic validation is disabled when option to decrease stock is set on "Invoice validation".
|
||||
|
||||
|
||||
# Validate
|
||||
RequireValidValue = Value not valid
|
||||
RequireAtLeastXString = Requires at least %s character(s)
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user