From df17c2f26adcee1a292fc3022bcaec90ee64cccc Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 28 Nov 2020 16:48:32 +0100 Subject: [PATCH 1/4] Removed dead code generating warning. CSS --- htdocs/admin/system/phpinfo.php | 84 ++------------------------------- 1 file changed, 4 insertions(+), 80 deletions(-) diff --git a/htdocs/admin/system/phpinfo.php b/htdocs/admin/system/phpinfo.php index 3627daab7d9..c5d3e2d7b7e 100644 --- a/htdocs/admin/system/phpinfo.php +++ b/htdocs/admin/system/phpinfo.php @@ -137,7 +137,7 @@ print ''; print '
'; -$activatedExtensions = array_map('strtolower', getActivatedExtensions()); +$activatedExtensions = array(); $loadedExtensions = array_map('strtolower', get_loaded_extensions(false)); print ''; @@ -154,7 +154,6 @@ $name = "GD"; print ""; print ""; -//print getTableColumn($name, $activatedExtensions); print getTableColumn($name, $loadedExtensions); print getTableColumnFunction($functions); print getResultColumn($name, $activatedExtensions, $loadedExtensions, $functions); @@ -165,7 +164,6 @@ $name = "Curl"; print ""; print ""; -//print getTableColumn($name, $activatedExtensions); print getTableColumn($name, $loadedExtensions); print getTableColumnFunction($functions); print getResultColumn($name, $activatedExtensions, $loadedExtensions, $functions); @@ -178,7 +176,6 @@ if (empty($_SERVER["SERVER_ADMIN"]) || $_SERVER["SERVER_ADMIN"] != 'doliwamp@loc print ""; print ""; - //print getTableColumn($name, $activatedExtensions); print getTableColumn($name, $loadedExtensions); print getTableColumnFunction($functions); print getResultColumn($name, $activatedExtensions, $loadedExtensions, $functions); @@ -191,7 +188,6 @@ $name = "xDebug"; print ""; print ""; -//print getTableColumn($name, $activatedExtensions); print getTableColumn($name, $loadedExtensions); print getTableColumnFunction($functions); print getResultColumn($name, $activatedExtensions, $loadedExtensions, $functions); @@ -221,7 +217,7 @@ foreach ($phparray as $key => $value) print ''; $valtoshow = $keyvalue; if ($keyparam == 'X-ChromePhp-Data') $valtoshow = dol_trunc($keyvalue, 80); - print ''; - print ''; + print ''; $i = 0; foreach ($keyvalue as $keyparam2 => $keyvalue2) { @@ -256,78 +252,6 @@ foreach ($phparray as $key => $value) llxFooter(); $db->close(); -/** - * Return all list with all activated, but possible not loaded PHP extensions - * - * @return array - */ -function getActivatedExtensions() -{ - $file = getConfigFilePath(); - $handle = fopen(GetConfigFilePath(), "r"); - $content = fread($handle, filesize($file)); - - fclose($handle); - - $configLines = explode("\r", $content); - - $extensions = array(); - $lastLine = ""; - - foreach ($configLines as $line) - { - $line = trim($line); - - // ignore comment lines - if (substr($line, 0, 1) === ";") - { - continue; - } - - // extension - if (substr($line, 0, 9) === "extension" && substr($line, 0, 10) !== "extension_") - { - $value = trim(end(explode("=", $line))); - - $extensions[] = $value === "gd2" ? "gd" : $value; - } - - // zend_extension - if (substr($line, 0, 14) === "zend_extension") - { - $extensions[] = str_replace("[", "", str_replace("]", "", $lastLine)); - } - - $lastLine = $line; - } - - return array_unique($extensions); -} - -/** - * Return the path to the current used php config file - * - * @return string - */ -function getConfigFilePath() -{ - $phparray = phpinfo_array(); - - foreach ($phparray as $value) - { - foreach ($value as $keyparam => $keyvalue) - { - if (strtolower($keyparam) !== "loaded configuration file") - { - continue; - } - - return $keyvalue; - } - } - - return ""; -} /** * Return a table column with a indicator (okay or warning), based on the given name and list @@ -400,7 +324,7 @@ function getTableColumnFunction(array $functions) * Return a result column with a translated result text * * @param string $name The name of the PHP extension - * @param array $activated A list with all activated PHP extensions + * @param array $activated A list with all activated PHP extensions. Deprecated. * @param array $loaded A list with all loaded PHP extensions * @param array $functions A list with all PHP functions to check * From d3a2aa664fb5f67c76f5afddc4c9b7d34dca4f56 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 29 Nov 2020 20:27:40 +0100 Subject: [PATCH 2/4] FIX #15572 --- htdocs/comm/propal/stats/index.php | 6 +++--- htdocs/commande/card.php | 15 ++------------- htdocs/commande/stats/index.php | 8 ++++---- htdocs/compta/facture/stats/index.php | 4 ++-- htdocs/core/lib/functions.lib.php | 1 + htdocs/expensereport/stats/index.php | 8 ++++---- htdocs/fichinter/stats/index.php | 4 ++-- htdocs/ticket/stats/index.php | 6 +++--- test/phpunit/FunctionsLibTest.php | 6 ++++-- 9 files changed, 25 insertions(+), 33 deletions(-) diff --git a/htdocs/comm/propal/stats/index.php b/htdocs/comm/propal/stats/index.php index add31f13f08..da3c24f6f01 100644 --- a/htdocs/comm/propal/stats/index.php +++ b/htdocs/comm/propal/stats/index.php @@ -37,11 +37,11 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; $WIDTH = DolGraph::getDefaultGraphSizeForStats('width'); $HEIGHT = DolGraph::getDefaultGraphSizeForStats('height'); -$mode = GETPOST("mode") ?GETPOST("mode") : 'customer'; +$mode = GETPOSTISSET("mode") ? GETPOST("mode", 'aZ09') : 'customer'; if ($mode == 'customer' && !$user->rights->propale->lire) accessforbidden(); if ($mode == 'supplier' && !$user->rights->supplier_proposal->lire) accessforbidden(); -$object_status = GETPOST('object_status'); +$object_status = GETPOST('object_status', 'intcomma'); $typent_id = GETPOST('typent_id', 'int'); $categ_id = GETPOST('categ_id', 'categ_id'); @@ -55,7 +55,7 @@ if ($user->socid > 0) } $nowyear = strftime("%Y", dol_now()); -$year = GETPOST('year') > 0 ?GETPOST('year') : $nowyear; +$year = GETPOST('year') > 0 ? GETPOST('year', 'int') : $nowyear; //$startyear=$year-2; $startyear = $year - 1; $endyear = $year; diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 4175509eb28..8ba4620b108 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -460,26 +460,15 @@ if (empty($reshook)) if (!$error) { $object_id = $object->create($user); - - // If some invoice's lines already known - $NBLINES = 8; - for ($i = 1; $i <= $NBLINES; $i++) { - if ($_POST['idprod'.$i]) { - $xid = 'idprod'.$i; - $xqty = 'qty'.$i; - $xremise = 'remise_percent'.$i; - $object->add_product($_POST[$xid], $_POST[$xqty], $_POST[$xremise]); - } - } } } // Insert default contacts if defined if ($object_id > 0) { - if (GETPOST('contactid')) + if (GETPOST('contactid', 'int')) { - $result = $object->add_contact(GETPOST('contactid'), 'CUSTOMER', 'external'); + $result = $object->add_contact(GETPOST('contactid', 'int'), 'CUSTOMER', 'external'); if ($result < 0) { setEventMessages($langs->trans("ErrorFailedToAddContact"), null, 'errors'); $error++; diff --git a/htdocs/commande/stats/index.php b/htdocs/commande/stats/index.php index 4e7ed481882..d89559af113 100644 --- a/htdocs/commande/stats/index.php +++ b/htdocs/commande/stats/index.php @@ -38,11 +38,11 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/dolgraph.class.php'; $WIDTH = DolGraph::getDefaultGraphSizeForStats('width'); $HEIGHT = DolGraph::getDefaultGraphSizeForStats('height'); -$mode = GETPOST("mode") ?GETPOST("mode") : 'customer'; +$mode = GETPOSTISSET("mode") ? GETPOST("mode", 'aZ09') : 'customer'; if ($mode == 'customer' && !$user->rights->commande->lire) accessforbidden(); if ($mode == 'supplier' && !$user->rights->fournisseur->commande->lire) accessforbidden(); -$object_status = GETPOST('object_status'); +$object_status = GETPOST('object_status', 'intcomma'); $typent_id = GETPOST('typent_id', 'int'); $categ_id = GETPOST('categ_id', 'categ_id'); @@ -308,11 +308,11 @@ if ($mode == 'customer') Commande::STATUS_CLOSED=>$langs->trans("StatusOrderDelivered"), Commande::STATUS_CANCELED=>$langs->trans("StatusOrderCanceled") ); - print $form->selectarray('object_status', $liststatus, GETPOST('object_status', 'int'), -4); + print $form->selectarray('object_status', $liststatus, GETPOST('object_status', 'intcomma'), -4); } if ($mode == 'supplier') { - $formorder->selectSupplierOrderStatus((strstr($object_status, ',') ?-1 : $object_status), 0, 'object_status'); + $formorder->selectSupplierOrderStatus((strstr($object_status, ',') ? -1 : $object_status), 0, 'object_status'); } print ''; // Year diff --git a/htdocs/compta/facture/stats/index.php b/htdocs/compta/facture/stats/index.php index 284186b73ce..49f9be88ac6 100644 --- a/htdocs/compta/facture/stats/index.php +++ b/htdocs/compta/facture/stats/index.php @@ -44,7 +44,7 @@ $mode = GETPOST("mode") ?GETPOST("mode") : 'customer'; if ($mode == 'customer' && !$user->rights->facture->lire) accessforbidden(); if ($mode == 'supplier' && !$user->rights->fournisseur->facture->lire) accessforbidden(); -$object_status = GETPOST('object_status'); +$object_status = GETPOST('object_status', 'intcomma'); $typent_id = GETPOST('typent_id', 'int'); $categ_id = GETPOST('categ_id', 'categ_id'); @@ -59,7 +59,7 @@ if ($user->socid > 0) } $nowyear = strftime("%Y", dol_now()); -$year = GETPOST('year') > 0 ?GETPOST('year') : $nowyear; +$year = GETPOST('year') > 0 ? GETPOST('year', 'int') : $nowyear; if(!empty($conf->global->INVOICE_STATS_GRAPHS_SHOW_2_YEARS)) $startyear=$year-2; else $startyear=$year-1; $endyear = $year; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 24ec5645ffd..02a78b87c92 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -4723,6 +4723,7 @@ function price2num($amount, $rounding = '', $option = 0) // Convert value to universal number format (no thousand separator, '.' as decimal separator) if ($option != 1) { // If not a PHP number or unknown, we change or clean format //print 'PP'.$amount.' - '.$dec.' - '.$thousand.' - '.intval($amount).'
'; + $amount = preg_replace('/[a-zA-Z\/\\\*\(\)\<\>\-]/', '', $amount); if ($option == 2 && $thousand == '.' && preg_match('/\.(\d\d\d)$/', (string) $amount)) { // It means the . is used as a thousand separator and string come frominput data, so 1.123 is 1123 $amount = str_replace($thousand, '', $amount); diff --git a/htdocs/expensereport/stats/index.php b/htdocs/expensereport/stats/index.php index 3b931bd4418..5a781942095 100644 --- a/htdocs/expensereport/stats/index.php +++ b/htdocs/expensereport/stats/index.php @@ -34,8 +34,8 @@ $langs->loadLangs(array('trips', 'companies')); $WIDTH = DolGraph::getDefaultGraphSizeForStats('width'); $HEIGHT = DolGraph::getDefaultGraphSizeForStats('height'); -$mode = GETPOST("mode") ?GETPOST("mode") : 'customer'; -$object_status = GETPOST('object_status'); +$mode = GETPOSTISSET("mode") ? GETPOST("mode", 'aZ09') : 'customer'; +$object_status = GETPOST('object_status', 'intcomma'); $userid = GETPOST('userid', 'int'); $socid = GETPOST('socid', 'int'); if ($socid < 0) $socid = 0; @@ -51,7 +51,7 @@ if ($user->socid) $socid = $user->socid; $result = restrictedArea($user, 'expensereport', $id, ''); $nowyear = strftime("%Y", dol_now()); -$year = GETPOST('year') > 0 ?GETPOST('year') : $nowyear; +$year = GETPOST('year') > 0 ? GETPOST('year', 'int') : $nowyear; //$startyear=$year-2; $startyear = $year - 1; $endyear = $year; @@ -231,7 +231,7 @@ print ''; // Status print ''; // Year print ''; // Year print '
".$name."
".$name."
".$name."
".$name."'.$keyparam.''; + print ''; if ($keyparam == 'Path') $valtoshow = implode('; ', explode(';', trim($valtoshow))); if ($keyparam == 'PATH') $valtoshow = implode('; ', explode(';', trim($valtoshow))); if ($keyparam == '_SERVER["PATH"]') $valtoshow = implode('; ', explode(';', trim($valtoshow))); @@ -232,7 +228,7 @@ foreach ($phparray as $key => $value) else { print '
'.$keyparam.''.$keyparam.'
'.$langs->trans("Status").''; $liststatus = $tmpexpensereport->statuts; -print $form->selectarray('object_status', $liststatus, GETPOST('object_status', 'int'), -4, 0, 0, '', 1); +print $form->selectarray('object_status', $liststatus, GETPOST('object_status', 'intcomma'), -4, 0, 0, '', 1); print '
'; diff --git a/htdocs/fichinter/stats/index.php b/htdocs/fichinter/stats/index.php index 0ca948312c6..8e385ebb5d7 100644 --- a/htdocs/fichinter/stats/index.php +++ b/htdocs/fichinter/stats/index.php @@ -42,12 +42,12 @@ if ($user->socid > 0) } $nowyear = strftime("%Y", dol_now()); -$year = GETPOST('year') > 0 ?GETPOST('year') : $nowyear; +$year = GETPOST('year') > 0 ? GETPOST('year', 'int') : $nowyear; //$startyear=$year-2; $startyear = $year - 1; $endyear = $year; -$object_status = GETPOST('object_status'); +$object_status = GETPOST('object_status', 'intcomma'); // Load translation files required by the page $langs->loadLangs(array('interventions', 'companies', 'other', 'suppliers')); diff --git a/htdocs/ticket/stats/index.php b/htdocs/ticket/stats/index.php index b39ba0fd366..e48c0147fad 100644 --- a/htdocs/ticket/stats/index.php +++ b/htdocs/ticket/stats/index.php @@ -32,7 +32,7 @@ $HEIGHT = DolGraph::getDefaultGraphSizeForStats('height'); if (!$user->rights->ticket->read) accessforbidden(); -$object_status = GETPOST('object_status'); +$object_status = GETPOST('object_status', 'intcomma'); $userid = GETPOST('userid', 'int'); $socid = GETPOST('socid', 'int'); @@ -44,7 +44,7 @@ if ($user->socid > 0) } $nowyear = strftime("%Y", dol_now()); -$year = GETPOST('year') > 0 ?GETPOST('year') : $nowyear; +$year = GETPOST('year') > 0 ? GETPOST('year', 'int') : $nowyear; //$startyear=$year-2; $startyear = $year - 1; $endyear = $year; @@ -241,7 +241,7 @@ print $form->select_dolusers($userid, 'userid', 1, '', 0, '', '', 0, 0, 0, '', 0 // Status print '
'.$langs->trans("Status").''; $liststatus = $object->fields['fk_statut']['arrayofkeyval']; -print $form->selectarray('object_status', $liststatus, GETPOST('object_status', 'int'), -4, 0, 0, '', 1); +print $form->selectarray('object_status', $liststatus, GETPOST('object_status', 'intcomma'), -4, 0, 0, '', 1); print '
'.$langs->trans("Year").''; diff --git a/test/phpunit/FunctionsLibTest.php b/test/phpunit/FunctionsLibTest.php index a987f28c7ed..3d098131f21 100644 --- a/test/phpunit/FunctionsLibTest.php +++ b/test/phpunit/FunctionsLibTest.php @@ -1234,7 +1234,9 @@ class FunctionsLibTest extends PHPUnit\Framework\TestCase $newlangs->load("main"); $langs = $newlangs; - $this->assertEquals(1000, price2num('1 000.0')); + $this->assertEquals(150, price2num('(SELECT/**/CASE/**/WHEN/**/(0<1)/**/THEN/**/SLEEP(5)/**/ELSE/**/SLEEP(0)/**/END)')); + + $this->assertEquals(1000, price2num('1 000.0')); $this->assertEquals(1000, price2num('1 000', 'MT')); $this->assertEquals(1000, price2num('1 000', 'MU')); @@ -1252,7 +1254,7 @@ class FunctionsLibTest extends PHPUnit\Framework\TestCase // Text can't be converted $this->assertEquals('12.4$', price2num('12.4$')); - $this->assertEquals('12r.4$', price2num('12r.4$')); + $this->assertEquals('12.4$', price2num('12r.4$')); // For spanish language $newlangs2 = new Translate('', $conf); From d45fe6c17f6c93333aa3caf47056f9d01bcdec07 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 29 Nov 2020 20:39:11 +0100 Subject: [PATCH 3/4] FIx #15551 --- htdocs/install/mysql/migration/11.0.0-12.0.0.sql | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/install/mysql/migration/11.0.0-12.0.0.sql b/htdocs/install/mysql/migration/11.0.0-12.0.0.sql index 994e5d89495..a7cb8a4729f 100644 --- a/htdocs/install/mysql/migration/11.0.0-12.0.0.sql +++ b/htdocs/install/mysql/migration/11.0.0-12.0.0.sql @@ -335,3 +335,6 @@ insert into llx_c_tva(rowid,fk_pays,taux,recuperableonly,note,active) values (72 insert into llx_c_tva(rowid,fk_pays,taux,recuperableonly,localtax1,localtax1_type,note,active) values (722, 72, '18','0', '0.9', '1', 'VAT Rate 18+0.9', 1); ALTER TABLE llx_expedition ADD COLUMN billed smallint DEFAULT 0; + +-- VMYSQL4.3 ALTER TABLE llx_mrp_mo MODIFY COLUMN tms timestamp DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP; + From 58eaef37d28c3f6fa1578d301a6e6c68434d7756 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 29 Nov 2020 21:29:22 +0100 Subject: [PATCH 4/4] Fix regression --- htdocs/core/lib/functions.lib.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 02a78b87c92..2a9052d0916 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -4723,7 +4723,9 @@ function price2num($amount, $rounding = '', $option = 0) // Convert value to universal number format (no thousand separator, '.' as decimal separator) if ($option != 1) { // If not a PHP number or unknown, we change or clean format //print 'PP'.$amount.' - '.$dec.' - '.$thousand.' - '.intval($amount).'
'; - $amount = preg_replace('/[a-zA-Z\/\\\*\(\)\<\>\-]/', '', $amount); + if (!is_numeric($amount)) { + $amount = preg_replace('/[a-zA-Z\/\\\*\(\)\<\>\-]/', '', $amount); + } if ($option == 2 && $thousand == '.' && preg_match('/\.(\d\d\d)$/', (string) $amount)) { // It means the . is used as a thousand separator and string come frominput data, so 1.123 is 1123 $amount = str_replace($thousand, '', $amount);