From 9ab12e24551ca712a1a6025ca3d78af540f99d14 Mon Sep 17 00:00:00 2001 From: Antonin MARCHAL Date: Fri, 7 May 2021 17:06:53 +0200 Subject: [PATCH 01/93] add (getNomUrl) --- htdocs/fourn/class/fournisseur.commande.class.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 331e211e5ac..3728771c8aa 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -765,7 +765,7 @@ class CommandeFournisseur extends CommonOrder */ public function getNomUrl($withpicto = 0, $option = '', $notooltip = 0, $save_lastsearch_value = -1, $addlinktonotes = 0) { - global $langs, $conf, $user; + global $langs, $conf, $user, $hookmanager; $result = ''; @@ -774,7 +774,15 @@ class CommandeFournisseur extends CommonOrder if ($user->rights->fournisseur->commande->lire) { $label = ''.$langs->trans("SupplierOrder").''; if (isset($this->statut)) { - $label .= ' '.$this->getLibStatut(5); + $statusText = ' '.$this->getLibStatut(5); + $parameters = array('obj' => $this); + $reshook = $hookmanager->executeHooks('moreHtmlStatus', $parameters, $object); // Note that $action and $object may have been modified by hook + if (empty($reshook)) { + $statusText .= $hookmanager->resPrint; + } else { + $statusText = $hookmanager->resPrint; + } + $label .= $statusText; } if (!empty($this->ref)) { $label .= '
'.$langs->trans('Ref').': '.$this->ref; From c6d646f39e0ad1047493ef2960d4b3155770c3dc Mon Sep 17 00:00:00 2001 From: Antonin MARCHAL Date: Fri, 7 May 2021 17:08:36 +0200 Subject: [PATCH 02/93] add(prop)list --- htdocs/fourn/commande/list.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index d32e466444c..a294d2a4712 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -1283,6 +1283,7 @@ if ($resql) { $objectstatic->id = $obj->rowid; $objectstatic->ref = $obj->ref; + $objectstatic->socid = $obj->socid; $objectstatic->ref_supplier = $obj->ref_supplier; $objectstatic->total_ht = $obj->total_ht; $objectstatic->total_tva = $obj->total_tva; From a91d1b2e07d9262c9aeecf53f5777e9b90c6a891 Mon Sep 17 00:00:00 2001 From: Antonin MARCHAL Date: Fri, 7 May 2021 17:09:39 +0200 Subject: [PATCH 03/93] add(list) hook --- htdocs/fourn/commande/list.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index a294d2a4712..0aae47cd7fc 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -1537,7 +1537,15 @@ if ($resql) { } // Status if (!empty($arrayfields['cf.fk_statut']['checked'])) { - print ''.$objectstatic->LibStatut($obj->fk_statut, 5, $obj->billed).''; + $parameters = array('obj' => $obj); + $morehtmlstatus = $objectstatic->LibStatut($obj->fk_statut, 5, $obj->billed); + $reshook = $hookmanager->executeHooks('moreHtmlStatus', $parameters, $object); // Note that $action and $object may have been modified by hook + if (empty($reshook)) { + $morehtmlstatus .= $hookmanager->resPrint; + } else { + $morehtmlstatus = $hookmanager->resPrint; + } + print '' . $morehtmlstatus . ''; if (!$i) { $totalarray['nbfield']++; } From 1bfcfc3a0ca69e8c44fb55d0d8c16b9059843056 Mon Sep 17 00:00:00 2001 From: Antonin MARCHAL Date: Wed, 12 May 2021 16:55:03 +0200 Subject: [PATCH 04/93] rename Hook and moved it into LibStatut method --- htdocs/fourn/class/fournisseur.commande.class.php | 7 ++++++- htdocs/fourn/commande/list.php | 10 +--------- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 3728771c8aa..99b64ccead4 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -690,7 +690,7 @@ class CommandeFournisseur extends CommonOrder public function LibStatut($status, $mode = 0, $billed = 0) { // phpcs:enable - global $conf, $langs; + global $conf, $langs, $hookmanager; if (empty($this->statuts) || empty($this->statutshort)) { $langs->load('orders'); @@ -749,6 +749,11 @@ class CommandeFournisseur extends CommonOrder $statusLong = $langs->transnoentitiesnoconv($this->statuts[$status]).$billedtext; $statusShort = $langs->transnoentitiesnoconv($this->statutshort[$status]); + $parameters = array('status' => $status, 'mode' => $mode, 'billed' => $billed, 'obj'=>$this); + $reshook = $hookmanager->executeHooks('diffHtmlStatus', $parameters, $object); // Note that $action and $object may have been modified by hook + if ($reshook > 0) { + return $hookmanager->resPrint; + } return dolGetStatus($statusLong, $statusShort, '', $statusClass, $mode); } diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index 0aae47cd7fc..a294d2a4712 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -1537,15 +1537,7 @@ if ($resql) { } // Status if (!empty($arrayfields['cf.fk_statut']['checked'])) { - $parameters = array('obj' => $obj); - $morehtmlstatus = $objectstatic->LibStatut($obj->fk_statut, 5, $obj->billed); - $reshook = $hookmanager->executeHooks('moreHtmlStatus', $parameters, $object); // Note that $action and $object may have been modified by hook - if (empty($reshook)) { - $morehtmlstatus .= $hookmanager->resPrint; - } else { - $morehtmlstatus = $hookmanager->resPrint; - } - print '' . $morehtmlstatus . ''; + print ''.$objectstatic->LibStatut($obj->fk_statut, 5, $obj->billed).''; if (!$i) { $totalarray['nbfield']++; } From ea0d8605930e51a0e84bd38c739cdcf2cc3e3a0e Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Wed, 12 May 2021 14:55:32 +0000 Subject: [PATCH 05/93] Fixing style errors. --- htdocs/fourn/class/fournisseur.commande.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 99b64ccead4..abfe6df1edc 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -753,7 +753,7 @@ class CommandeFournisseur extends CommonOrder $reshook = $hookmanager->executeHooks('diffHtmlStatus', $parameters, $object); // Note that $action and $object may have been modified by hook if ($reshook > 0) { return $hookmanager->resPrint; - } + } return dolGetStatus($statusLong, $statusShort, '', $statusClass, $mode); } From c6aa078892f89198178258484550681ad1762e2b Mon Sep 17 00:00:00 2001 From: Antonin MARCHAL Date: Mon, 17 May 2021 13:46:01 +0200 Subject: [PATCH 06/93] renamed LibStatut hook + removed useless hook --- htdocs/fourn/class/fournisseur.commande.class.php | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index abfe6df1edc..e8d6c0ed9c9 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -750,7 +750,7 @@ class CommandeFournisseur extends CommonOrder $statusShort = $langs->transnoentitiesnoconv($this->statutshort[$status]); $parameters = array('status' => $status, 'mode' => $mode, 'billed' => $billed, 'obj'=>$this); - $reshook = $hookmanager->executeHooks('diffHtmlStatus', $parameters, $object); // Note that $action and $object may have been modified by hook + $reshook = $hookmanager->executeHooks('LibStatut', $parameters, $object); // Note that $action and $object may have been modified by hook if ($reshook > 0) { return $hookmanager->resPrint; } @@ -779,15 +779,7 @@ class CommandeFournisseur extends CommonOrder if ($user->rights->fournisseur->commande->lire) { $label = ''.$langs->trans("SupplierOrder").''; if (isset($this->statut)) { - $statusText = ' '.$this->getLibStatut(5); - $parameters = array('obj' => $this); - $reshook = $hookmanager->executeHooks('moreHtmlStatus', $parameters, $object); // Note that $action and $object may have been modified by hook - if (empty($reshook)) { - $statusText .= $hookmanager->resPrint; - } else { - $statusText = $hookmanager->resPrint; - } - $label .= $statusText; + $label = ' '.$this->getLibStatut(5); } if (!empty($this->ref)) { $label .= '
'.$langs->trans('Ref').': '.$this->ref; From 779c868eaede3368a6d5b3f8674942565df26e84 Mon Sep 17 00:00:00 2001 From: Antonin MARCHAL Date: Mon, 17 May 2021 13:48:21 +0200 Subject: [PATCH 07/93] fix mistake and removed hookmanager unused --- htdocs/fourn/class/fournisseur.commande.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index e8d6c0ed9c9..9b643ff1464 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -770,7 +770,7 @@ class CommandeFournisseur extends CommonOrder */ public function getNomUrl($withpicto = 0, $option = '', $notooltip = 0, $save_lastsearch_value = -1, $addlinktonotes = 0) { - global $langs, $conf, $user, $hookmanager; + global $langs, $conf, $user; $result = ''; @@ -779,7 +779,7 @@ class CommandeFournisseur extends CommonOrder if ($user->rights->fournisseur->commande->lire) { $label = ''.$langs->trans("SupplierOrder").''; if (isset($this->statut)) { - $label = ' '.$this->getLibStatut(5); + $label .= ' '.$this->getLibStatut(5); } if (!empty($this->ref)) { $label .= '
'.$langs->trans('Ref').': '.$this->ref; From 2182e7fd54e299f7db7edd9bc5cecce82b6240c3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 4 Jun 2021 14:36:52 +0200 Subject: [PATCH 08/93] Look and feel v14 --- htdocs/compta/facture/invoicetemplate_list.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/htdocs/compta/facture/invoicetemplate_list.php b/htdocs/compta/facture/invoicetemplate_list.php index 52dac1c462a..5f7e277076c 100644 --- a/htdocs/compta/facture/invoicetemplate_list.php +++ b/htdocs/compta/facture/invoicetemplate_list.php @@ -50,8 +50,7 @@ $confirm = GETPOST('confirm', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); $toselect = GETPOST('toselect', 'array'); $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'invoicetemplatelist'; // To manage different context of search - -$socid = GETPOST('socid', 'int'); +$optioncss = GETPOST('optioncss', 'alpha'); $socid = GETPOST('socid', 'int'); @@ -394,7 +393,7 @@ if ($resql) { if ($search_payment_term != '') { $param .= '&search_payment_term='.urlencode($search_payment_term); } - if ($search_recurring != '' && $search_recurrning != '-1') { + if ($search_recurring != '' && $search_recurring != '-1') { $param .= '&search_recurring='.urlencode($search_recurring); } if ($search_frequency > 0) { @@ -570,7 +569,7 @@ if ($resql) { if (!empty($arrayfields['s.nom']['checked'])) { print_liste_field_titre($arrayfields['s.nom']['label'], $_SERVER['PHP_SELF'], "s.nom", "", $param, "", $sortfield, $sortorder); } - if (!empty($arrayfields['f.total_total']['checked'])) { + if (!empty($arrayfields['f.total_ht']['checked'])) { print_liste_field_titre($arrayfields['f.total_ht']['label'], $_SERVER['PHP_SELF'], "f.total_ht", "", $param, 'class="right"', $sortfield, $sortorder); } if (!empty($arrayfields['f.total_tva']['checked'])) { @@ -789,12 +788,13 @@ if ($resql) { } } // Action column - print ''; + print ''; if ($user->rights->facture->creer && empty($invoicerectmp->suspended)) { if ($invoicerectmp->isMaxNbGenReached()) { print $langs->trans("MaxNumberOfGenerationReached"); } elseif (empty($objp->frequency) || $db->jdate($objp->date_when) <= $today) { print ''; + print img_picto($langs->trans("CreateBill"), 'add', 'class="paddingrightonly"'); print $langs->trans("CreateBill").''; } else { print $form->textwithpicto('', $langs->trans("DateIsNotEnough")); From 0147ffa737073733b603947ddd6aa2a7b15880f6 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 4 Jun 2021 14:38:22 +0200 Subject: [PATCH 09/93] Fix css --- .../triggers/interface_50_modLdap_Ldapsynchro.class.php | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php b/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php index 81054338b88..d4db5ebccfc 100644 --- a/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php +++ b/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php @@ -138,8 +138,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers $container = $usergroup->_load_ldap_dn($oldinfo, 1); $search = "(".$usergroup->_load_ldap_dn($oldinfo, 2).")"; $records = $ldap->search($container, $search); - if (count($records) && $records['count'] == 0) - { + if (count($records) && $records['count'] == 0) { $olddn = ''; } @@ -157,12 +156,11 @@ class InterfaceLdapsynchro extends DolibarrTriggers $oldinfo = $usergroup->_load_ldap_info(); $olddn = $usergroup->_load_ldap_dn($oldinfo); - // Verify if entry exist + // Verify if an entry exists $container = $usergroup->_load_ldap_dn($oldinfo, 1); $search = "(".$usergroup->_load_ldap_dn($oldinfo, 2).")"; $records = $ldap->search($container, $search); - if (count($records) && $records['count'] == 0) - { + if (count($records) && $records['count'] == 0) { $olddn = ''; } From 3fb1fb63b471b3f6a639a4dab7d6ce74ef68d7ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Fri, 4 Jun 2021 22:16:25 +0200 Subject: [PATCH 10/93] test zapier --- dev/examples/zapier/creates/thirdparty.js | 4 ++-- dev/examples/zapier/package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dev/examples/zapier/creates/thirdparty.js b/dev/examples/zapier/creates/thirdparty.js index 3e20fd10e41..2abeef6ae4c 100644 --- a/dev/examples/zapier/creates/thirdparty.js +++ b/dev/examples/zapier/creates/thirdparty.js @@ -6,7 +6,7 @@ const createThirdparty = async (z, bundle) => { const response = await z.request({ method: 'POST', url: apiurl, - body: JSON.stringify({ + body: { name: bundle.inputData.name, name_alias: bundle.inputData.name_alias, ref_ext: bundle.inputData.ref_ext, @@ -24,7 +24,7 @@ const createThirdparty = async (z, bundle) => { code_client: bundle.inputData.code_client, code_fournisseur: bundle.inputData.code_fournisseur, sens: 'fromzapier' - }) + } }); const result = z.JSON.parse(response.content); // api returns an integer when ok, a json when ko diff --git a/dev/examples/zapier/package.json b/dev/examples/zapier/package.json index cc0768a27ef..4d5c5daa867 100644 --- a/dev/examples/zapier/package.json +++ b/dev/examples/zapier/package.json @@ -15,7 +15,7 @@ "npm": ">=5.6.0" }, "dependencies": { - "zapier-platform-core": "11.0.0" + "zapier-platform-core": "11.0.1" }, "devDependencies": { "mocha": "^5.2.0", From 3440024efebf877b219d66c55917d7ad4e0201f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Fri, 4 Jun 2021 22:35:05 +0200 Subject: [PATCH 11/93] test zapier --- dev/examples/zapier/triggers/thirdparty.js | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/dev/examples/zapier/triggers/thirdparty.js b/dev/examples/zapier/triggers/thirdparty.js index 4656f836e74..0fecd4434ce 100644 --- a/dev/examples/zapier/triggers/thirdparty.js +++ b/dev/examples/zapier/triggers/thirdparty.js @@ -56,6 +56,12 @@ const getThirdparty = (z, bundle) => { fournisseur: bundle.cleanedRequest.fournisseur, code_client: bundle.cleanedRequest.code_client, code_fournisseur: bundle.cleanedRequest.code_fournisseur, + idprof1: bundle.cleanedRequest.idprof1, + idprof2: bundle.cleanedRequest.idprof2, + idprof3: bundle.cleanedRequest.idprof3, + idprof4: bundle.cleanedRequest.idprof4, + idprof5: bundle.cleanedRequest.idprof5, + idprof6: bundle.cleanedRequest.idprof6, authorId: bundle.cleanedRequest.authorId, createdAt: bundle.cleanedRequest.createdAt, action: bundle.cleanedRequest.action @@ -170,7 +176,13 @@ module.exports = { {key: 'client', label: 'Customer/Prospect 0/1/2/3'}, {key: 'fournisseur', label: 'Supplier 0/1'}, {key: 'code_client', label: 'Customer code'}, - {key: 'code_fournisseur', label: 'Supplier code'} + {key: 'code_fournisseur', label: 'Supplier code'}, + {key: 'idprof1', label: 'Id Prof 1'}, + {key: 'idprof2', label: 'Id Prof 2'}, + {key: 'idprof3', label: 'Id Prof 3'}, + {key: 'idprof4', label: 'Id Prof 4'}, + {key: 'idprof5', label: 'Id Prof 5'}, + {key: 'idprof6', label: 'Id Prof 6'} ] } }; From c94946b934758236a82f3668ffcf969912b823a8 Mon Sep 17 00:00:00 2001 From: daraelmin Date: Fri, 4 Jun 2021 23:14:31 +0200 Subject: [PATCH 12/93] Fix #17743 - token was hashed with membersubscription #Fix #17743 - token was hashed with membersubscription for retro-compatibility we must try to hash token wth both "membre" ans "membersubscription" to verify unique secure key d'or member --- htdocs/public/payment/newpayment.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index 377077531ae..f19aef7f79c 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -281,6 +281,9 @@ if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) { if (!empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) { if ($tmpsource && $REF) { $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$tmpsource.$REF, 2); // Use the source in the hash to avoid duplicates if the references are identical + if ($SECUREKEY != $token) { + $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$source.$REF, 2); // for retro-compatibility (token may have been hashed with membersubscription in external module) + } } else { $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN, 2); } From d327de4e80b0e0bf60e9256bd5f186f7ee00e792 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 4 Jun 2021 23:39:52 +0200 Subject: [PATCH 13/93] Doc --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 531a19e0be9..34162fd5682 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ You can freely use, study, modify or distribute it according to its licence. You can use it as a standalone application or as a web application to access it from the Internet or a LAN. -Dolibarr has a large community ready to help you, free forums and [officially preferred partners ready to offer commercial support should you need it](https://partners.dolibarr.org) +Dolibarr has a large community ready to help you, free forums and [preferred partners ready to offer commercial support should you need it](https://partners.dolibarr.org) ![ScreenShot](https://www.dolibarr.org/medias/dolibarr_screenshot1_1920x1080.jpg) @@ -122,7 +122,7 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog) - Electronic Document Management (EDM) - Foundations members management - Point of Sale (POS) -- … (around 100 modules available by default, + 1000 on the addon market place) +- … (around 100 modules available by default, 1000+ on the addon market place) ### Other application/modules From 420bf440ef32c98f08a9b6c6f50284336edf93a3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 5 Jun 2021 00:53:07 +0200 Subject: [PATCH 14/93] Update newpayment.php --- htdocs/public/payment/newpayment.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index f19aef7f79c..a0e6a1854fd 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -278,11 +278,13 @@ if ($tmpsource == 'membersubscription') { } $valid = true; if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) { + $token = ''; + $tokenoldcompat = ''; if (!empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) { if ($tmpsource && $REF) { $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$tmpsource.$REF, 2); // Use the source in the hash to avoid duplicates if the references are identical - if ($SECUREKEY != $token) { - $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$source.$REF, 2); // for retro-compatibility (token may have been hashed with membersubscription in external module) + if ($tmpsource != $source) { + $tokenoldcompat = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$source.$REF, 2); // for retro-compatibility (token may have been hashed with membersubscription in external module) } } else { $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN, 2); @@ -290,7 +292,7 @@ if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) { } else { $token = $conf->global->PAYMENT_SECURITY_TOKEN; } - if ($SECUREKEY != $token) { + if ($SECUREKEY != $token && $SECUREKEY != $tokenoldcompat) { if (empty($conf->global->PAYMENT_SECURITY_ACCEPT_ANY_TOKEN)) { $valid = false; // PAYMENT_SECURITY_ACCEPT_ANY_TOKEN is for backward compatibility } else { From 246cb09ba58a02b8479d21a48f9a5916c256fa29 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 5 Jun 2021 00:56:28 +0200 Subject: [PATCH 15/93] Update newpayment.php --- htdocs/public/payment/newpayment.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index a0e6a1854fd..b71dd2df499 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -292,7 +292,7 @@ if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) { } else { $token = $conf->global->PAYMENT_SECURITY_TOKEN; } - if ($SECUREKEY != $token && $SECUREKEY != $tokenoldcompat) { + if ($SECUREKEY != $token && (empty($tokenoldcompat) || $SECUREKEY != $tokenoldcompat)) { if (empty($conf->global->PAYMENT_SECURITY_ACCEPT_ANY_TOKEN)) { $valid = false; // PAYMENT_SECURITY_ACCEPT_ANY_TOKEN is for backward compatibility } else { From 6ae4a75ac2405562adbda1a045f5571b6b19cae5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 5 Jun 2021 01:04:09 +0200 Subject: [PATCH 16/93] Update fournisseur.commande.class.php --- htdocs/fourn/class/fournisseur.commande.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 9b643ff1464..be13ad412aa 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -749,8 +749,8 @@ class CommandeFournisseur extends CommonOrder $statusLong = $langs->transnoentitiesnoconv($this->statuts[$status]).$billedtext; $statusShort = $langs->transnoentitiesnoconv($this->statutshort[$status]); - $parameters = array('status' => $status, 'mode' => $mode, 'billed' => $billed, 'obj'=>$this); - $reshook = $hookmanager->executeHooks('LibStatut', $parameters, $object); // Note that $action and $object may have been modified by hook + $parameters = array('status' => $status, 'mode' => $mode, 'billed' => $billed); + $reshook = $hookmanager->executeHooks('LibStatut', $parameters, $this); // Note that $action and $object may have been modified by hook if ($reshook > 0) { return $hookmanager->resPrint; } From f0118183c848cbf5443bc394fa8c0cdad20e4d0e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 5 Jun 2021 01:11:05 +0200 Subject: [PATCH 17/93] Clean code --- .../class/fournisseur.commande.class.php | 2 + htdocs/public/payment/newpayment.php | 185 +++++++++--------- 2 files changed, 94 insertions(+), 93 deletions(-) diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index d094916ef38..06f893026a5 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -156,6 +156,8 @@ class CommandeFournisseur extends CommonOrder public $user_approve_id; public $user_approve_id2; // Used when SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED is set + public $refuse_note; + public $extraparams = array(); /** diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index 377077531ae..49093e0913e 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -907,7 +907,6 @@ print ''.$langs->trans("T $found = false; $error = 0; -$var = false; $object = null; @@ -923,17 +922,17 @@ if (!$source) { } // Creditor - print ''.$langs->trans("Creditor"); - print ''.$creditor.''; + print ''.$langs->trans("Creditor"); + print ''.$creditor.''; print ''; print ''."\n"; // Amount - print ''.$langs->trans("Amount"); + print ''.$langs->trans("Amount"); if (empty($amount)) { print ' ('.$langs->trans("ToComplete").')'; } - print ''; + print ''; if (empty($amount) || !is_numeric($amount)) { print ''; print ''; @@ -948,8 +947,8 @@ if (!$source) { print ''."\n"; // Tag - print ''.$langs->trans("PaymentCode"); - print ''.$fulltag.''; + print ''.$langs->trans("PaymentCode"); + print ''.$fulltag.''; print ''; print ''; print ''."\n"; @@ -995,14 +994,14 @@ if ($source == 'order') { $fulltag = dol_string_unaccent($fulltag); // Creditor - print ''.$langs->trans("Creditor"); - print ''.$creditor.''; + print ''.$langs->trans("Creditor"); + print ''.$creditor.''; print ''; print ''."\n"; // Debitor - print ''.$langs->trans("ThirdParty"); - print ''.$order->thirdparty->name.''; + print ''.$langs->trans("ThirdParty"); + print ''.$order->thirdparty->name.''; print ''."\n"; // Object @@ -1010,8 +1009,8 @@ if ($source == 'order') { if (GETPOST('desc', 'alpha')) { $text = ''.$langs->trans(GETPOST('desc', 'alpha')).''; } - print ''.$langs->trans("Designation"); - print ''.$text; + print ''.$langs->trans("Designation"); + print ''.$text; print ''; print ''; print ''; @@ -1024,11 +1023,11 @@ if ($source == 'order') { print ''."\n"; // Amount - print ''.$langs->trans("Amount"); + print ''.$langs->trans("Amount"); if (empty($amount)) { print ' ('.$langs->trans("ToComplete").')'; } - print ''; + print ''; if (empty($amount) || !is_numeric($amount)) { print ''; print ''; @@ -1043,8 +1042,8 @@ if ($source == 'order') { print ''."\n"; // Tag - print ''.$langs->trans("PaymentCode"); - print ''.$fulltag.''; + print ''.$langs->trans("PaymentCode"); + print ''.$fulltag.''; print ''; print ''; print ''."\n"; @@ -1119,14 +1118,14 @@ if ($source == 'invoice') { $fulltag = dol_string_unaccent($fulltag); // Creditor - print ''.$langs->trans("Creditor"); - print ''.$creditor.''; + print ''.$langs->trans("Creditor"); + print ''.$creditor.''; print ''; print ''."\n"; // Debitor - print ''.$langs->trans("ThirdParty"); - print ''.$invoice->thirdparty->name.''; + print ''.$langs->trans("ThirdParty"); + print ''.$invoice->thirdparty->name.''; print ''."\n"; // Object @@ -1134,8 +1133,8 @@ if ($source == 'invoice') { if (GETPOST('desc', 'alpha')) { $text = ''.$langs->trans(GETPOST('desc', 'alpha')).''; } - print ''.$langs->trans("Designation"); - print ''.$text; + print ''.$langs->trans("Designation"); + print ''.$text; print ''; print ''; print ''; @@ -1148,11 +1147,11 @@ if ($source == 'invoice') { print ''."\n"; // Amount - print ''.$langs->trans("PaymentAmount"); + print ''.$langs->trans("PaymentAmount"); if (empty($amount) && empty($object->paye)) { print ' ('.$langs->trans("ToComplete").')'; } - print ''; + print ''; if ($object->type == $object::TYPE_CREDIT_NOTE) { print ''.$langs->trans("CreditNote").''; } elseif (empty($object->paye)) { @@ -1174,8 +1173,8 @@ if ($source == 'invoice') { print ''."\n"; // Tag - print ''.$langs->trans("PaymentCode"); - print ''.$fulltag.''; + print ''.$langs->trans("PaymentCode"); + print ''.$fulltag.''; print ''; print ''; print ''."\n"; @@ -1290,14 +1289,14 @@ if ($source == 'contractline') { } // Creditor - print ''.$langs->trans("Creditor"); - print ''.$creditor.''; + print ''.$langs->trans("Creditor"); + print ''.$creditor.''; print ''; print ''."\n"; // Debitor - print ''.$langs->trans("ThirdParty"); - print ''.$contract->thirdparty->name.''; + print ''.$langs->trans("ThirdParty"); + print ''.$contract->thirdparty->name.''; print ''."\n"; // Object @@ -1319,8 +1318,8 @@ if ($source == 'contractline') { if (GETPOST('desc', 'alpha')) { $text = ''.$langs->trans(GETPOST('desc', 'alpha')).''; } - print ''.$langs->trans("Designation"); - print ''.$text; + print ''.$langs->trans("Designation"); + print ''.$text; print ''; print ''; print ''; @@ -1349,17 +1348,17 @@ if ($source == 'contractline') { $duration = $contractline->product->duration_value.' '.$dur[$contractline->product->duration_unit]; } } - print ''.$label.''; - print ''.($duration ? $duration : $qty).''; + print ''.$label.''; + print ''.($duration ? $duration : $qty).''; print ''; print ''."\n"; // Amount - print ''.$langs->trans("Amount"); + print ''.$langs->trans("Amount"); if (empty($amount)) { print ' ('.$langs->trans("ToComplete").')'; } - print ''; + print ''; if (empty($amount) || !is_numeric($amount)) { print ''; print ''; @@ -1374,8 +1373,8 @@ if ($source == 'contractline') { print ''."\n"; // Tag - print ''.$langs->trans("PaymentCode"); - print ''.$fulltag.''; + print ''.$langs->trans("PaymentCode"); + print ''.$fulltag.''; print ''; print ''; print ''."\n"; @@ -1451,14 +1450,14 @@ if ($source == 'member' || $source == 'membersubscription') { $fulltag = dol_string_unaccent($fulltag); // Creditor - print ''.$langs->trans("Creditor"); - print ''.$creditor.''; + print ''.$langs->trans("Creditor"); + print ''.$creditor.''; print ''; print ''."\n"; // Debitor - print ''.$langs->trans("Member"); - print ''; + print ''.$langs->trans("Member"); + print ''; if ($member->morphy == 'mor' && !empty($member->societe)) { print $member->societe; } else { @@ -1472,29 +1471,29 @@ if ($source == 'member' || $source == 'membersubscription') { if (GETPOST('desc', 'alpha')) { $text = ''.$langs->trans(GETPOST('desc', 'alpha')).''; } - print ''.$langs->trans("Designation"); - print ''.$text; + print ''.$langs->trans("Designation"); + print ''.$text; print ''; print ''; print ''."\n"; if ($object->datefin > 0) { - print ''.$langs->trans("DateEndSubscription"); - print ''.dol_print_date($member->datefin, 'day'); + print ''.$langs->trans("DateEndSubscription"); + print ''.dol_print_date($member->datefin, 'day'); print ''."\n"; } if ($member->last_subscription_date || $member->last_subscription_amount) { // Last subscription date - print ''.$langs->trans("LastSubscriptionDate"); - print ''.dol_print_date($member->last_subscription_date, 'day'); + print ''.$langs->trans("LastSubscriptionDate"); + print ''.dol_print_date($member->last_subscription_date, 'day'); print ''."\n"; // Last subscription amount - print ''.$langs->trans("LastSubscriptionAmount"); - print ''.price($member->last_subscription_amount); + print ''.$langs->trans("LastSubscriptionAmount"); + print ''.price($member->last_subscription_amount); print ''."\n"; if (empty($amount) && !GETPOST('newamount', 'alpha')) { @@ -1513,8 +1512,8 @@ if ($source == 'member' || $source == 'membersubscription') { $amountbytype = $adht->amountByType(1); // Last member type - print ''.$langs->trans("LastMemberType"); - print ''.dol_escape_htmltag($member->type); + print ''.$langs->trans("LastMemberType"); + print ''.dol_escape_htmltag($member->type); print "\n"; // Set the new member type @@ -1526,25 +1525,25 @@ if ($source == 'member' || $source == 'membersubscription') { // Set amount for the subscription $amount = (!empty($amountbytype[$member->typeid])) ? $amountbytype[$member->typeid] : $member->last_subscription_amount; - print ''.$langs->trans("NewSubscription"); - print ''; + print ''.$langs->trans("NewSubscription"); + print ''; print $form->selectarray("typeid", $adht->liste_array(1), $member->typeid, 0, 0, 0, 'onchange="window.location.replace(\''.$urlwithroot.'/public/payment/newpayment.php?source='.urlencode($source).'&ref='.urlencode($ref).'&amount='.urlencode($amount).'&typeid=\' + this.value + \'&securekey='.urlencode($SECUREKEY).'\');"', 0, 0, 0, '', '', 1); print "\n"; } elseif ($action == dopayment) { - print ''.$langs->trans("NewMemberType"); - print ''.dol_escape_htmltag($member->type); + print ''.$langs->trans("NewMemberType"); + print ''.dol_escape_htmltag($member->type); print ''; print "\n"; } } else { - print ''.$langs->trans("MemberType"); - print ''.dol_escape_htmltag($member->type); + print ''.$langs->trans("MemberType"); + print ''.dol_escape_htmltag($member->type); print "\n"; } } // Amount - print ''.$langs->trans("Amount"); + print ''.$langs->trans("Amount"); if (empty($amount)) { if (empty($conf->global->MEMBER_NEWFORM_AMOUNT)) { print ' ('.$langs->trans("ToComplete"); @@ -1556,7 +1555,7 @@ if ($source == 'member' || $source == 'membersubscription') { print ')'; } } - print ''; + print ''; $valtoshow = ''; if (empty($amount) || !is_numeric($amount)) { $valtoshow = price2num(GETPOST("newamount", 'alpha'), 'MT'); @@ -1601,8 +1600,8 @@ if ($source == 'member' || $source == 'membersubscription') { print ''."\n"; // Tag - print ''.$langs->trans("PaymentCode"); - print ''.$fulltag.''; + print ''.$langs->trans("PaymentCode"); + print ''.$fulltag.''; print ''; print ''; print ''."\n"; @@ -1677,14 +1676,14 @@ if ($source == 'donation') { $fulltag = dol_string_unaccent($fulltag); // Creditor - print ''.$langs->trans("Creditor"); - print ''.$creditor.''; + print ''.$langs->trans("Creditor"); + print ''.$creditor.''; print ''; print ''."\n"; // Debitor - print ''.$langs->trans("ThirdParty"); - print ''; + print ''.$langs->trans("ThirdParty"); + print ''; if ($don->morphy == 'mor' && !empty($don->societe)) { print $don->societe; } else { @@ -1698,14 +1697,14 @@ if ($source == 'donation') { if (GETPOST('desc', 'alpha')) { $text = ''.$langs->trans(GETPOST('desc', 'alpha')).''; } - print ''.$langs->trans("Designation"); - print ''.$text; + print ''.$langs->trans("Designation"); + print ''.$text; print ''; print ''; print ''."\n"; // Amount - print ''.$langs->trans("Amount"); + print ''.$langs->trans("Amount"); if (empty($amount)) { if (empty($conf->global->MEMBER_NEWFORM_AMOUNT)) { print ' ('.$langs->trans("ToComplete"); @@ -1717,7 +1716,7 @@ if ($source == 'donation') { print ')'; } } - print ''; + print ''; $valtoshow = ''; if (empty($amount) || !is_numeric($amount)) { $valtoshow = price2num(GETPOST("newamount", 'alpha'), 'MT'); @@ -1757,8 +1756,8 @@ if ($source == 'donation') { print ''."\n"; // Tag - print ''.$langs->trans("PaymentCode"); - print ''.$fulltag.''; + print ''.$langs->trans("PaymentCode"); + print ''.$fulltag.''; print ''; print ''; print ''."\n"; @@ -1811,29 +1810,29 @@ if ($source == 'conferencesubscription') { $fulltag = dol_string_unaccent($fulltag); // Creditor - print ''.$langs->trans("Creditor"); - print ''.$creditor.''; + print ''.$langs->trans("Creditor"); + print ''.$creditor.''; print ''; print ''."\n"; // Debitor - print ''.$langs->trans("Attendee"); - print ''; + print ''.$langs->trans("Attendee"); + print ''; print $thirdparty->name; print ''; print ''."\n"; // Object $text = ''.$langs->trans("PaymentConferenceAttendee").''; - print ''.$langs->trans("Designation"); - print ''.$text; + print ''.$langs->trans("Designation"); + print ''.$text; print ''; print ''; print ''."\n"; // Amount - print ''.$langs->trans("Amount"); - print ''; + print ''.$langs->trans("Amount"); + print ''; $valtoshow = $amount; print ''.price($valtoshow).''; print ''; @@ -1845,8 +1844,8 @@ if ($source == 'conferencesubscription') { print ''."\n"; // Tag - print ''.$langs->trans("PaymentCode"); - print ''.$fulltag.''; + print ''.$langs->trans("PaymentCode"); + print ''.$fulltag.''; print ''; print ''; print ''."\n"; @@ -1897,29 +1896,29 @@ if ($source == 'boothlocation') { $fulltag = dol_string_unaccent($fulltag); // Creditor - print ''.$langs->trans("Creditor"); - print ''.$creditor.''; + print ''.$langs->trans("Creditor"); + print ''.$creditor.''; print ''; print ''."\n"; // Debitor - print ''.$langs->trans("Attendee"); - print ''; + print ''.$langs->trans("Attendee"); + print ''; print $thirdparty->name; print ''; print ''."\n"; // Object $text = ''.$langs->trans("PaymentBoothLocation").''; - print ''.$langs->trans("Designation"); - print ''.$text; + print ''.$langs->trans("Designation"); + print ''.$text; print ''; print ''; print ''."\n"; // Amount - print ''.$langs->trans("Amount"); - print ''; + print ''.$langs->trans("Amount"); + print ''; $valtoshow = $amount; print ''.price($valtoshow).''; print ''; @@ -1931,8 +1930,8 @@ if ($source == 'boothlocation') { print ''."\n"; // Tag - print ''.$langs->trans("PaymentCode"); - print ''.$fulltag.''; + print ''.$langs->trans("PaymentCode"); + print ''.$fulltag.''; print ''; print ''; print ''."\n"; From 3e53ab5bfe13144ce3deee0e7fe345dac8fe31d2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 5 Jun 2021 01:17:16 +0200 Subject: [PATCH 18/93] Fix scrutinizer --- htdocs/user/class/api_users.class.php | 6 ++---- htdocs/user/class/user.class.php | 5 +++++ 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/htdocs/user/class/api_users.class.php b/htdocs/user/class/api_users.class.php index e760997f3c8..9fa84042c3a 100644 --- a/htdocs/user/class/api_users.class.php +++ b/htdocs/user/class/api_users.class.php @@ -248,8 +248,8 @@ class Users extends DolibarrApi * * @url GET /info * - * @param int $includepermissions Set this to 1 to have the array of permissions loaded (not done by default for performance purpose) - * @return array|mixed Data without useless information + * @param int $includepermissions Set this to 1 to have the array of permissions loaded (not done by default for performance purpose) + * @return array|mixed Data without useless information * * @throws RestException 401 Insufficient rights * @throws RestException 404 User or group not found @@ -371,11 +371,9 @@ class Users extends DolibarrApi if ($field == 'pass') { if ($this->useraccount->id != DolibarrApiAccess::$user->id && empty(DolibarrApiAccess::$user->rights->user->user->password)) { throw new RestException(401, 'You are not allowed to modify password of other users'); - continue; } if ($this->useraccount->id == DolibarrApiAccess::$user->id && empty(DolibarrApiAccess::$user->rights->user->self->password)) { throw new RestException(401, 'You are not allowed to modify your own password'); - continue; } } if (DolibarrApiAccess::$user->admin) { // If user for API is admin diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index b8e63ea8f19..910edce8c17 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -299,6 +299,11 @@ class User extends CommonObject */ public $nb_rights; + /** + * @var array To store list of groups of user (used by API /info for example) + */ + public $user_group_list; + /** * @var array Cache array of already loaded permissions */ From 39adaec7eb9616c543d709ab539461dec48a27af Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 5 Jun 2021 01:29:24 +0200 Subject: [PATCH 19/93] Fix var not found --- htdocs/compta/bank/class/account.class.php | 8 +++++++- htdocs/compta/charges/index.php | 10 ++++++---- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index 8c29a9ffc36..e629d7620f0 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -177,6 +177,10 @@ class Account extends CommonObject * @var int ID */ public $fk_accountancy_journal; + /** + * @var string Label of journal + */ + public $accountancy_journal; /** * Currency code @@ -281,6 +285,7 @@ class Account extends CommonObject 'rappro' =>array('type'=>'smallint(6)', 'label'=>'Rappro', 'enabled'=>1, 'visible'=>-1, 'position'=>120), 'url' =>array('type'=>'varchar(128)', 'label'=>'Url', 'enabled'=>1, 'visible'=>-1, 'position'=>125), 'account_number' =>array('type'=>'varchar(32)', 'label'=>'Account number', 'enabled'=>1, 'visible'=>-1, 'position'=>130), + 'fk_accountancy_journal' =>array('type'=>'integer', 'label'=>'Accountancy journal ID', 'enabled'=>1, 'visible'=>-1, 'position'=>132), 'accountancy_journal' =>array('type'=>'varchar(20)', 'label'=>'Accountancy journal', 'enabled'=>1, 'visible'=>-1, 'position'=>135), 'currency_code' =>array('type'=>'varchar(3)', 'label'=>'Currency code', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>140), 'min_allowed' =>array('type'=>'integer', 'label'=>'Min allowed', 'enabled'=>1, 'visible'=>-1, 'position'=>145), @@ -294,7 +299,6 @@ class Account extends CommonObject 'model_pdf' =>array('type'=>'varchar(255)', 'label'=>'Model pdf', 'enabled'=>1, 'visible'=>0, 'position'=>175), 'import_key' =>array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>1, 'visible'=>-2, 'position'=>180), 'extraparams' =>array('type'=>'varchar(255)', 'label'=>'Extraparams', 'enabled'=>1, 'visible'=>-1, 'position'=>185), - 'fk_accountancy_journal' =>array('type'=>'integer', 'label'=>'Fk accountancy journal', 'enabled'=>1, 'visible'=>-1, 'position'=>190), ); // END MODULEBUILDER PROPERTIES @@ -311,9 +315,11 @@ class Account extends CommonObject */ const TYPE_SAVINGS = 0; + const STATUS_OPEN = 0; const STATUS_CLOSED = 1; + /** * Constructor * diff --git a/htdocs/compta/charges/index.php b/htdocs/compta/charges/index.php index f171546f6c1..be7c88c0a1a 100644 --- a/htdocs/compta/charges/index.php +++ b/htdocs/compta/charges/index.php @@ -227,9 +227,10 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) { $accountstatic->id = $obj->bid; $accountstatic->ref = $obj->bref; $accountstatic->number = $obj->bnumber; - $accountstatic->accountancy_number = $obj->account_number; - $accountstatic->accountancy_journal = $obj->accountancy_journal; + $accountstatic->account_number = $obj->account_number; + $accountstatic->fk_accountancy_journal = $obj->fk_accountancy_journal; $accountstatic->label = $obj->blabel; + print $accountstatic->getNomUrl(1); } else { print ' '; @@ -348,9 +349,10 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) { $accountstatic->id = $obj->bid; $accountstatic->ref = $obj->bref; $accountstatic->number = $obj->bnumber; - $accountstatic->accountancy_number = $obj->account_number; - $accountstatic->accountancy_journal = $obj->accountancy_journal; + $accountstatic->account_number = $obj->account_number; + $accountstatic->fk_accountancy_journal = $obj->fk_accountancy_journal; $accountstatic->label = $obj->blabel; + print $accountstatic->getNomUrl(1); } else { print ' '; From b6ba1de3b39acb2835f9fa5e4fc9fbc760631e7c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 5 Jun 2021 02:18:45 +0200 Subject: [PATCH 20/93] Fix remove use of captcha on backoffice for ticket creation --- htdocs/core/class/html.formticket.class.php | 2 +- htdocs/ticket/card.php | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/core/class/html.formticket.class.php b/htdocs/core/class/html.formticket.class.php index 23c220d43df..b10ac80416f 100644 --- a/htdocs/core/class/html.formticket.class.php +++ b/htdocs/core/class/html.formticket.class.php @@ -259,7 +259,7 @@ class FormTicket $doleditor->Create(); print ''; - if (!empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA)) { + if ($public && !empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA)) { require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; print ''; print ''; diff --git a/htdocs/ticket/card.php b/htdocs/ticket/card.php index 5e2ef1e804b..96a5ad0c120 100644 --- a/htdocs/ticket/card.php +++ b/htdocs/ticket/card.php @@ -53,6 +53,7 @@ $ref = GETPOST('ref', 'alpha'); $projectid = GETPOST('projectid', 'int'); $cancel = GETPOST('cancel', 'alpha'); $action = GETPOST('action', 'aZ09'); +$backtopage = GETPOST('$backtopage', 'alpha'); $notifyTiers = GETPOST("notify_tiers_at_create", 'alpha'); @@ -152,7 +153,7 @@ if (empty($reshook)) { } // Action to add an action (not a message) - if (GETPOST('add', 'alpha') && $user->rights->ticket->write) { + if (GETPOST('add', 'alpha') && !empty($user->rights->ticket->write)) { $error = 0; if (!GETPOST("subject", 'alphanohtml')) { From 865bf3b8493c4273f0e0f6e30fa05aa8ddc7c843 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 5 Jun 2021 02:42:49 +0200 Subject: [PATCH 21/93] CSS --- htdocs/theme/eldy/global.inc.php | 4 ++-- htdocs/theme/md/style.css.php | 9 +++++++-- htdocs/ticket/class/actions_ticket.class.php | 8 +++++--- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index 4468c36a7da..70e5229ba28 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -348,7 +348,7 @@ a.butStatus { padding-right: 5px; background-color: transparent; color: var(--colortext) !important; - border: 2px solid var( --butactionbg); + border: 2px solid var( --butactionbg) !important; margin: 0 0.45em !important; } @@ -3894,7 +3894,7 @@ table.noborder.paymenttable { } .paymenttable tr td:first-child, .margintable tr td:first-child { - padding-left: 2px; + //padding-left: 2px; } .paymenttable, .margintable tr td { height: 22px; diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index f1fb649f4af..7dd19673b5e 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -3902,14 +3902,19 @@ tr.liste_sub_total, tr.liste_sub_total td { } .paymenttable, .margintable { + margin: 0px 0px 0px 0px !important; +} +.paymenttable, .margintable:not(.margintablenotop) { border-top-width: px !important; border-top-color: rgb() !important; border-top-style: solid !important; - margin: 0px 0px 0px 0px !important; +} +.margintable.margintablenotop { + border-top-width: 0; } .paymenttable tr td:first-child, .margintable tr td:first-child { - padding-left: 2px; + //padding-left: 2px; } .paymenttable, .margintable tr td { height: 22px; diff --git a/htdocs/ticket/class/actions_ticket.class.php b/htdocs/ticket/class/actions_ticket.class.php index eb6193d58f1..b787a437899 100644 --- a/htdocs/ticket/class/actions_ticket.class.php +++ b/htdocs/ticket/class/actions_ticket.class.php @@ -192,7 +192,7 @@ class ActionsTicket // Initial message print '
'; print '
'; // You can use div-table-responsive-no-min if you dont need reserved height for your table - print ''; + print '
'; print ''; print ''; print ''; -print ''; +print ''; print ''; print '
'; print $langs->trans("InitialMessage"); print ''; @@ -391,7 +391,7 @@ class ActionsTicket { global $langs; - print '
'; + print '
'; print '
'; // Exclude status which requires specific method $exclude_status = array(Ticket::STATUS_CLOSED, Ticket::STATUS_CANCELED); @@ -419,7 +419,9 @@ class ActionsTicket print '
'; } } - print '

'; + print ''; + print ''; + print '
'; } /** From 7a93365836d0a6ad7450d3d3de193fbb1a470f8c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 5 Jun 2021 11:07:38 +0200 Subject: [PATCH 22/93] Fix bad name of var --- htdocs/core/lib/pdf.lib.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/htdocs/core/lib/pdf.lib.php b/htdocs/core/lib/pdf.lib.php index d1c793c621c..6095abff8ee 100644 --- a/htdocs/core/lib/pdf.lib.php +++ b/htdocs/core/lib/pdf.lib.php @@ -1325,31 +1325,31 @@ function pdf_getlinedesc($object, $i, $outputlangs, $hideref = 0, $hidedesc = 0, $translatealsoifmodified = (!empty($conf->global->MAIN_MULTILANG_TRANSLATE_EVEN_IF_MODIFIED)); // By default if value was modified manually, we keep it (no translation because we don't have it) // TODO Instead of making a compare to see if param was modified, check that content contains reference translation. If yes, add the added part to the new translation - // ($textwasmodified is replaced with $textwasmodifiedorcompleted and we add completion). + // ($textwasnotmodified is replaced with $textwasmodifiedorcompleted and we add completion). // Set label // If we want another language, and if label is same than default language (we did force it to a specific value), we can use translation. //var_dump($outputlangs->defaultlang.' - '.$langs->defaultlang.' - '.$label.' - '.$prodser->label);exit; - $textwasmodified = ($label == $prodser->label); - if (!empty($prodser->multilangs[$outputlangs->defaultlang]["label"]) && ($textwasmodified || $translatealsoifmodified)) { + $textwasnotmodified = ($label == $prodser->label); + if (!empty($prodser->multilangs[$outputlangs->defaultlang]["label"]) && ($textwasnotmodified || $translatealsoifmodified)) { $label = $prodser->multilangs[$outputlangs->defaultlang]["label"]; } // Set desc // Manage HTML entities description test because $prodser->description is store with htmlentities but $desc no - $textwasmodified = false; + $textwasnotmodified = false; if (!empty($desc) && dol_textishtml($desc) && !empty($prodser->description) && dol_textishtml($prodser->description)) { - $textwasmodified = (strpos(dol_html_entity_decode($desc, ENT_QUOTES | ENT_HTML5), dol_html_entity_decode($prodser->description, ENT_QUOTES | ENT_HTML5)) !== false); + $textwasnotmodified = (strpos(dol_html_entity_decode($desc, ENT_QUOTES | ENT_HTML5), dol_html_entity_decode($prodser->description, ENT_QUOTES | ENT_HTML5)) !== false); } else { - $textwasmodified = ($desc == $prodser->description); + $textwasnotmodified = ($desc == $prodser->description); } - if (!empty($prodser->multilangs[$outputlangs->defaultlang]["description"]) && ($textwasmodified || $translatealsoifmodified)) { + if (!empty($prodser->multilangs[$outputlangs->defaultlang]["description"]) && ($textwasnotmodified || $translatealsoifmodified)) { $desc = $prodser->multilangs[$outputlangs->defaultlang]["description"]; } // Set note - $textwasmodified = ($note == $prodser->note); - if (!empty($prodser->multilangs[$outputlangs->defaultlang]["note"]) && ($textwasmodified || $translatealsoifmodified)) { + $textwasnotmodified = ($note == $prodser->note_public); + if (!empty($prodser->multilangs[$outputlangs->defaultlang]["note"]) && ($textwasnotmodified || $translatealsoifmodified)) { $note = $prodser->multilangs[$outputlangs->defaultlang]["note"]; } } From ddbfb5d73484954ff29a3d9e4bb67ddf948a6b89 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 5 Jun 2021 11:14:06 +0200 Subject: [PATCH 23/93] Fix translation of note of product --- htdocs/core/lib/pdf.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/pdf.lib.php b/htdocs/core/lib/pdf.lib.php index 6095abff8ee..880c63970f7 100644 --- a/htdocs/core/lib/pdf.lib.php +++ b/htdocs/core/lib/pdf.lib.php @@ -1349,8 +1349,8 @@ function pdf_getlinedesc($object, $i, $outputlangs, $hideref = 0, $hidedesc = 0, // Set note $textwasnotmodified = ($note == $prodser->note_public); - if (!empty($prodser->multilangs[$outputlangs->defaultlang]["note"]) && ($textwasnotmodified || $translatealsoifmodified)) { - $note = $prodser->multilangs[$outputlangs->defaultlang]["note"]; + if (!empty($prodser->multilangs[$outputlangs->defaultlang]["other"]) && ($textwasnotmodified || $translatealsoifmodified)) { + $note = $prodser->multilangs[$outputlangs->defaultlang]["other"]; } } } elseif ($object->element == 'facture' || $object->element == 'facturefourn') { From be97d66f5ba5e725dee3117dc90c9a29d1b15c72 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 5 Jun 2021 12:58:14 +0200 Subject: [PATCH 24/93] Look and feel v14 --- htdocs/langs/en_US/partnership.lang | 4 ++- .../admin/partnership_extrafields.php | 2 +- htdocs/partnership/admin/setup.php | 35 +++++++++++++++---- 3 files changed, 32 insertions(+), 9 deletions(-) diff --git a/htdocs/langs/en_US/partnership.lang b/htdocs/langs/en_US/partnership.lang index df9619533de..72868ab6ddf 100644 --- a/htdocs/langs/en_US/partnership.lang +++ b/htdocs/langs/en_US/partnership.lang @@ -32,10 +32,12 @@ ListOfPartnerships=List of partnership PartnershipSetup=Partnership setup PartnershipAbout=About Partnership PartnershipAboutPage=Partnership about page -partnershipforthirdpartyormember=Partnership is for a 'thirdparty' or for a 'member' +partnershipforthirdpartyormember=Partner status must be set on a 'thirdparty' or a 'member' PARTNERSHIP_IS_MANAGED_FOR=Partnership managed for PARTNERSHIP_BACKLINKS_TO_CHECK=Backlinks to check PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL=Nb of days before cancel status of partnership when subscription is expired +ReferingWebsiteCheck=Check of website referring +ReferingWebsiteCheckDesc=You can enable a feature to check that your partners has added a backlink to your website domains on their own website. # # Object diff --git a/htdocs/partnership/admin/partnership_extrafields.php b/htdocs/partnership/admin/partnership_extrafields.php index 7d819b3bbcb..f178bc893cd 100644 --- a/htdocs/partnership/admin/partnership_extrafields.php +++ b/htdocs/partnership/admin/partnership_extrafields.php @@ -98,7 +98,7 @@ llxHeader('', $title, $help_url); $linkback = ''.$langs->trans("BackToModuleList").''; -print load_fiche_titre($langs->trans("PartnershipSetup"), $linkback, 'object_partnership'); +print load_fiche_titre($langs->trans("PartnershipSetup"), $linkback, 'title_setup'); $head = partnershipAdminPrepareHead(); diff --git a/htdocs/partnership/admin/setup.php b/htdocs/partnership/admin/setup.php index d681274106c..79c8c469eec 100644 --- a/htdocs/partnership/admin/setup.php +++ b/htdocs/partnership/admin/setup.php @@ -139,22 +139,22 @@ print ''; print ''; print ''; +print '
'; // You can use div-table-responsive-no-min if you dont need reserved height for your table print ''; - print ''; -print ''; -print ''; -print ''; +print ''; +print ''; +print ''; print ''; - print ''; print ''; print ''; print ''; @@ -163,7 +163,7 @@ print ''; if ($conf->global->PARTNERSHIP_IS_MANAGED_FOR == 'member') { print ''; print ''; @@ -171,6 +171,25 @@ if ($conf->global->PARTNERSHIP_IS_MANAGED_FOR == 'member') { print ''; } +print '
'.$langs->trans("Setting").''.$langs->trans("Value").''.$langs->trans("Examples").''.$langs->trans("Setting").''.$langs->trans("Value").''.$langs->trans("Examples").'
'.$langs->trans("PARTNERSHIP_IS_MANAGED_FOR").''; print ''; +print ajax_combobox('select_PARTNERSHIP_IS_MANAGED_FOR'); print ''.$langs->trans("partnershipforthirdpartyormember").'
'.$langs->trans("PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL").''; - $dnbdays = '7'; + $dnbdays = '15'; $backlinks = (!empty($conf->global->PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL)) ? $conf->global->PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL : $dnbdays; print ''; print '
'; +print '
'; + +print '
'; + + +print_fiche_titre($langs->trans("ReferingWebsiteCheck"), '', ''); + +print ''.$langs->trans("ReferingWebsiteCheckDesc").'
'; +print '
'; + +print '
'; // You can use div-table-responsive-no-min if you dont need reserved height for your table +print ''; + +print ''; +print ''; +print ''; +print ''; +print ''; print ''; print ''; print ''; print ''; - print '
'.$langs->trans("Setting").''.$langs->trans("Value").''.$langs->trans("Examples").'
'.$langs->trans("PARTNERSHIP_BACKLINKS_TO_CHECK").''; @@ -181,8 +200,10 @@ print ''.$dbacklinks.'
'; +print '
'; + + print '
'; print ''; print '
'; From 4695bbbd600c9d75eaae3dbfc9c6ad9a88c6babe Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 5 Jun 2021 12:59:19 +0200 Subject: [PATCH 25/93] Trans --- htdocs/langs/en_US/partnership.lang | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/langs/en_US/partnership.lang b/htdocs/langs/en_US/partnership.lang index 72868ab6ddf..7decec2a003 100644 --- a/htdocs/langs/en_US/partnership.lang +++ b/htdocs/langs/en_US/partnership.lang @@ -35,7 +35,7 @@ PartnershipAboutPage=Partnership about page partnershipforthirdpartyormember=Partner status must be set on a 'thirdparty' or a 'member' PARTNERSHIP_IS_MANAGED_FOR=Partnership managed for PARTNERSHIP_BACKLINKS_TO_CHECK=Backlinks to check -PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL=Nb of days before cancel status of partnership when subscription is expired +PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL=Nb of days before cancelling status of a partnership when a subscription has expired ReferingWebsiteCheck=Check of website referring ReferingWebsiteCheckDesc=You can enable a feature to check that your partners has added a backlink to your website domains on their own website. From 1e657b86212a25d006eaecbbdc7ed2fe3dd1129f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 5 Jun 2021 15:14:10 +0200 Subject: [PATCH 26/93] Fix value of showoncombobox --- htdocs/adherents/class/adherent.class.php | 6 +-- htdocs/adherents/partnership.php | 44 +++++-------------- htdocs/bom/class/bom.class.php | 2 +- htdocs/core/lib/company.lib.php | 6 +-- .../class/conferenceorbooth.class.php | 4 +- htdocs/fichinter/class/fichinter.class.php | 2 +- htdocs/hrm/class/establishment.class.php | 2 +- .../template/class/myobject.class.php | 6 +-- htdocs/mrp/class/mo.class.php | 2 +- htdocs/product/class/product.class.php | 4 +- htdocs/product/stock/class/entrepot.class.php | 2 +- htdocs/projet/class/project.class.php | 2 +- .../class/recruitmentjobposition.class.php | 2 +- htdocs/societe/class/societe.class.php | 2 +- .../workstation/class/workstation.class.php | 2 +- htdocs/zapier/class/hook.class.php | 9 ++-- 16 files changed, 35 insertions(+), 62 deletions(-) diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index a663cea85d2..18d8746cca7 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -296,15 +296,15 @@ class Adherent extends CommonObject 'entity' => array('type' => 'integer', 'label' => 'Entity', 'default' => 1, 'enabled' => 1, 'visible' => -2, 'notnull' => 1, 'position' => 15, 'index' => 1), 'ref_ext' => array('type' => 'varchar(128)', 'label' => 'Ref ext', 'enabled' => 1, 'visible' => 0, 'position' => 20), 'civility' => array('type' => 'varchar(6)', 'label' => 'Civility', 'enabled' => 1, 'visible' => -1, 'position' => 25), - 'lastname' => array('type' => 'varchar(50)', 'label' => 'Lastname', 'enabled' => 1, 'visible' => -1, 'position' => 30), - 'firstname' => array('type' => 'varchar(50)', 'label' => 'Firstname', 'enabled' => 1, 'visible' => -1, 'position' => 35), + 'lastname' => array('type' => 'varchar(50)', 'label' => 'Lastname', 'enabled' => 1, 'visible' => -1, 'position' => 30, 'showoncombobox'=>1), + 'firstname' => array('type' => 'varchar(50)', 'label' => 'Firstname', 'enabled' => 1, 'visible' => -1, 'position' => 35, 'showoncombobox'=>1), 'login' => array('type' => 'varchar(50)', 'label' => 'Login', 'enabled' => 1, 'visible' => -1, 'position' => 40), 'gender' => array('type' => 'varchar(10)', 'label' => 'Gender', 'enabled' => 1, 'visible' => -1, 'position' => 250), 'pass' => array('type' => 'varchar(50)', 'label' => 'Pass', 'enabled' => 1, 'visible' => -1, 'position' => 45), 'pass_crypted' => array('type' => 'varchar(128)', 'label' => 'Pass crypted', 'enabled' => 1, 'visible' => -1, 'position' => 50), 'fk_adherent_type' => array('type' => 'integer', 'label' => 'Fk adherent type', 'enabled' => 1, 'visible' => -1, 'notnull' => 1, 'position' => 55), 'morphy' => array('type' => 'varchar(3)', 'label' => 'MorPhy', 'enabled' => 1, 'visible' => -1, 'notnull' => 1, 'position' => 60), - 'societe' => array('type' => 'varchar(128)', 'label' => 'Societe', 'enabled' => 1, 'visible' => -1, 'position' => 65), + 'societe' => array('type' => 'varchar(128)', 'label' => 'Societe', 'enabled' => 1, 'visible' => -1, 'position' => 65, 'showoncombobox'=>2), 'fk_soc' => array('type' => 'integer:Societe:societe/class/societe.class.php', 'label' => 'ThirdParty', 'enabled' => 1, 'visible' => -1, 'position' => 70), 'address' => array('type' => 'text', 'label' => 'Address', 'enabled' => 1, 'visible' => -1, 'position' => 75), 'zip' => array('type' => 'varchar(10)', 'label' => 'Zip', 'enabled' => 1, 'visible' => -1, 'position' => 80), diff --git a/htdocs/adherents/partnership.php b/htdocs/adherents/partnership.php index 3cd70de3228..5bdf758e84f 100644 --- a/htdocs/adherents/partnership.php +++ b/htdocs/adherents/partnership.php @@ -44,43 +44,14 @@ //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} - +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/member.lib.php'; require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php'; -dol_include_once('/partnership/class/partnership.class.php'); -dol_include_once('/partnership/lib/partnership.lib.php'); +require_once DOL_DOCUMENT_ROOT.'/partnership/class/partnership.class.php'; +require_once DOL_DOCUMENT_ROOT.'/partnership/lib/partnership.lib.php'; // Load translation files required by the page $langs->loadLangs(array("companies","members","partnership", "other")); @@ -150,6 +121,12 @@ if (($action == 'update' || $action == 'edit') && $object->status != $object::ST if (empty($memberid) && $object) { $memberid = $object->fk_member; } + + +// Security check +$result = restrictedArea($user, 'adherent', $memberid, '', '', 'socid', 'rowid', 0); + + /* * Actions */ @@ -271,10 +248,9 @@ $object->fields['fk_member']['visible'] = 0; if ($object->id > 0 && $object->status == $object::STATUS_REFUSED && empty($action)) $object->fields['reason_decline_or_cancel']['visible'] = 1; $object->fields['note_public']['visible'] = 1; + /* * View - * - * Put here all code to build page */ $form = new Form($db); diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index 9fe0543c4cf..220c724ad89 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -96,7 +96,7 @@ class BOM extends CommonObject 'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-1, 'position'=>1, 'notnull'=>1, 'index'=>1, 'comment'=>"Id",), 'entity' => array('type'=>'integer', 'label'=>'Entity', 'enabled'=>1, 'visible'=>0, 'notnull'=> 1, 'default'=>1, 'index'=>1, 'position'=>5), 'ref' => array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>1, 'noteditable'=>1, 'visible'=>4, 'position'=>10, 'notnull'=>1, 'default'=>'(PROV)', 'index'=>1, 'searchall'=>1, 'comment'=>"Reference of BOM", 'showoncombobox'=>'1',), - 'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>1, 'visible'=>1, 'position'=>30, 'notnull'=>1, 'searchall'=>1, 'showoncombobox'=>'1', 'autofocusoncreate'=>1), + 'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>1, 'visible'=>1, 'position'=>30, 'notnull'=>1, 'searchall'=>1, 'showoncombobox'=>'2', 'autofocusoncreate'=>1), 'bomtype' => array('type'=>'integer', 'label'=>'Type', 'enabled'=>1, 'visible'=>1, 'position'=>33, 'notnull'=>1, 'default'=>'0', 'arrayofkeyval'=>array(0=>'Manufacturing', 1=>'Disassemble'), 'css'=>'minwidth150', 'csslist'=>'minwidth150 center'), //'bomtype' => array('type'=>'integer', 'label'=>'Type', 'enabled'=>1, 'visible'=>-1, 'position'=>32, 'notnull'=>1, 'default'=>'0', 'arrayofkeyval'=>array(0=>'Manufacturing')), 'fk_product' => array('type'=>'integer:Product:product/class/product.class.php:1:(finished IS NULL or finished <> 0)', 'label'=>'Product', 'picto'=>'product', 'enabled'=>1, 'visible'=>1, 'position'=>35, 'notnull'=>1, 'index'=>1, 'help'=>'ProductBOMHelp', 'css'=>'maxwidth500'), diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 99bcd2c3921..61332d8041b 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -963,9 +963,9 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '') $contactstatic->fields = array( 'name' =>array('type'=>'varchar(128)', 'label'=>'Name', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'showoncombobox'=>1, 'index'=>1, 'position'=>10, 'searchall'=>1), - 'poste' =>array('type'=>'varchar(128)', 'label'=>'PostOrFunction', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'showoncombobox'=>1, 'index'=>1, 'position'=>20), - 'address' =>array('type'=>'varchar(128)', 'label'=>'Address', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'showoncombobox'=>1, 'index'=>1, 'position'=>30), - 'role' =>array('type'=>'checkbox', 'label'=>'Role', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'showoncombobox'=>1, 'index'=>1, 'position'=>40), + 'poste' =>array('type'=>'varchar(128)', 'label'=>'PostOrFunction', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'showoncombobox'=>2, 'index'=>1, 'position'=>20), + 'address' =>array('type'=>'varchar(128)', 'label'=>'Address', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'showoncombobox'=>3, 'index'=>1, 'position'=>30), + 'role' =>array('type'=>'checkbox', 'label'=>'Role', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'showoncombobox'=>4, 'index'=>1, 'position'=>40), 'statut' =>array('type'=>'integer', 'label'=>'Status', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'default'=>0, 'index'=>1, 'position'=>50, 'arrayofkeyval'=>array(0=>$contactstatic->LibStatut(0, 1), 1=>$contactstatic->LibStatut(1, 1))), ); diff --git a/htdocs/eventorganization/class/conferenceorbooth.class.php b/htdocs/eventorganization/class/conferenceorbooth.class.php index bb8649106b9..ae35f3eb892 100644 --- a/htdocs/eventorganization/class/conferenceorbooth.class.php +++ b/htdocs/eventorganization/class/conferenceorbooth.class.php @@ -110,8 +110,8 @@ class ConferenceOrBooth extends ActionComm 'fk_project' => array('type'=>'integer:Project:projet/class/project.class.php:1::eventorganization', 'label'=>'Project', 'enabled'=>'1', 'position'=>52, 'notnull'=>-1, 'visible'=>-1, 'index'=>1,), 'note' => array('type'=>'text', 'label'=>'Description', 'enabled'=>'1', 'position'=>60, 'notnull'=>0, 'visible'=>1,), 'fk_action' => array('type'=>'sellist:c_actioncomm:libelle:id::module LIKE (\'%@eventorganization\')', 'label'=>'Format', 'enabled'=>'1', 'position'=>60, 'notnull'=>1, 'visible'=>1,), - 'datep' => array('type'=>'datetime', 'label'=>'DateStart', 'enabled'=>'1', 'position'=>70, 'notnull'=>0, 'visible'=>1, 'showoncombobox'=>'1',), - 'datep2' => array('type'=>'datetime', 'label'=>'DateEnd', 'enabled'=>'1', 'position'=>71, 'notnull'=>0, 'visible'=>1, 'showoncombobox'=>'1',), + 'datep' => array('type'=>'datetime', 'label'=>'DateStart', 'enabled'=>'1', 'position'=>70, 'notnull'=>0, 'visible'=>1, 'showoncombobox'=>'2',), + 'datep2' => array('type'=>'datetime', 'label'=>'DateEnd', 'enabled'=>'1', 'position'=>71, 'notnull'=>0, 'visible'=>1, 'showoncombobox'=>'3',), 'datec' => array('type'=>'datetime', 'label'=>'DateCreation', 'enabled'=>'1', 'position'=>500, 'notnull'=>1, 'visible'=>-2,), 'tms' => array('type'=>'timestamp', 'label'=>'DateModification', 'enabled'=>'1', 'position'=>501, 'notnull'=>0, 'visible'=>-2,), 'fk_user_author' => array('type'=>'integer:User:user/class/user.class.php', 'label'=>'UserAuthor', 'enabled'=>'1', 'position'=>510, 'notnull'=>1, 'visible'=>-2, 'foreignkey'=>'user.rowid',), diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index 1c1c1ab37be..e2ac86f55bd 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -57,7 +57,7 @@ class Fichinter extends CommonObject 'datee' =>array('type'=>'date', 'label'=>'Datee', 'enabled'=>1, 'visible'=>-1, 'position'=>90), 'datet' =>array('type'=>'date', 'label'=>'Datet', 'enabled'=>1, 'visible'=>-1, 'position'=>95), 'duree' =>array('type'=>'double', 'label'=>'Duree', 'enabled'=>1, 'visible'=>-1, 'position'=>100), - 'description' =>array('type'=>'text', 'label'=>'Description', 'enabled'=>1, 'visible'=>-1, 'position'=>105, 'showoncombobox'=>1), + 'description' =>array('type'=>'text', 'label'=>'Description', 'enabled'=>1, 'visible'=>-1, 'position'=>105, 'showoncombobox'=>2), 'note_private' =>array('type'=>'text', 'label'=>'NotePrivate', 'enabled'=>1, 'visible'=>0, 'position'=>110), 'note_public' =>array('type'=>'text', 'label'=>'NotePublic', 'enabled'=>1, 'visible'=>0, 'position'=>115), 'model_pdf' =>array('type'=>'varchar(255)', 'label'=>'Model pdf', 'enabled'=>1, 'visible'=>0, 'position'=>120), diff --git a/htdocs/hrm/class/establishment.class.php b/htdocs/hrm/class/establishment.class.php index c63ab29a14a..c2fa520442b 100644 --- a/htdocs/hrm/class/establishment.class.php +++ b/htdocs/hrm/class/establishment.class.php @@ -133,7 +133,7 @@ class Establishment extends CommonObject 'rowid' =>array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>10), 'entity' =>array('type'=>'integer', 'label'=>'Entity', 'default'=>1, 'enabled'=>1, 'visible'=>-2, 'notnull'=>1, 'position'=>15, 'index'=>1), 'ref' =>array('type'=>'varchar(30)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'showoncombobox'=>1, 'position'=>20), - 'label' =>array('type'=>'varchar(128)', 'label'=>'Label', 'enabled'=>1, 'visible'=>-1, 'showoncombobox'=>1, 'position'=>22), + 'label' =>array('type'=>'varchar(128)', 'label'=>'Label', 'enabled'=>1, 'visible'=>-1, 'showoncombobox'=>2, 'position'=>22), 'address' =>array('type'=>'varchar(255)', 'label'=>'Address', 'enabled'=>1, 'visible'=>-1, 'position'=>25), 'zip' =>array('type'=>'varchar(25)', 'label'=>'Zip', 'enabled'=>1, 'visible'=>-1, 'position'=>30), 'town' =>array('type'=>'varchar(50)', 'label'=>'Town', 'enabled'=>1, 'visible'=>-1, 'position'=>35), diff --git a/htdocs/modulebuilder/template/class/myobject.class.php b/htdocs/modulebuilder/template/class/myobject.class.php index e69c5bc333d..76c6bb691f5 100644 --- a/htdocs/modulebuilder/template/class/myobject.class.php +++ b/htdocs/modulebuilder/template/class/myobject.class.php @@ -101,9 +101,9 @@ class MyObject extends CommonObject */ public $fields = array( 'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-2, 'noteditable'=>1, 'notnull'=> 1, 'index'=>1, 'position'=>1, 'comment'=>'Id', 'css'=>'left'), - 'ref' => array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>1, 'noteditable'=>0, 'default'=>'', 'notnull'=> 1, 'showoncombobox'=>1, 'index'=>1, 'position'=>10, 'searchall'=>1, 'comment'=>'Reference of object'), - 'entity' => array('type'=>'integer', 'label'=>'Entity', 'enabled'=>1, 'visible'=>0, 'notnull'=> 1, 'default'=>1, 'index'=>1, 'position'=>20), - 'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>1, 'visible'=>1, 'position'=>30, 'searchall'=>1, 'css'=>'minwidth300', 'cssview'=>'wordbreak', 'help'=>'Help text', 'showoncombobox'=>1), + 'entity' => array('type'=>'integer', 'label'=>'Entity', 'enabled'=>1, 'visible'=>0, 'notnull'=> 1, 'default'=>1, 'index'=>1, 'position'=>10), + 'ref' => array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>1, 'noteditable'=>0, 'default'=>'', 'notnull'=> 1, 'showoncombobox'=>1, 'index'=>1, 'position'=>20, 'searchall'=>1, 'comment'=>'Reference of object'), + 'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>1, 'visible'=>1, 'position'=>30, 'searchall'=>1, 'css'=>'minwidth300', 'cssview'=>'wordbreak', 'help'=>'Help text', 'showoncombobox'=>2), 'amount' => array('type'=>'price', 'label'=>'Amount', 'enabled'=>1, 'visible'=>1, 'default'=>'null', 'position'=>40, 'searchall'=>0, 'isameasure'=>1, 'help'=>'Help text for amount'), 'qty' => array('type'=>'real', 'label'=>'Qty', 'enabled'=>1, 'visible'=>1, 'default'=>'0', 'position'=>45, 'searchall'=>0, 'isameasure'=>1, 'help'=>'Help text for quantity', 'css'=>'maxwidth75imp'), 'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'picto'=>'company', 'label'=>'ThirdParty', 'visible'=> 1, 'enabled'=>1, 'position'=>50, 'notnull'=>-1, 'index'=>1, 'help'=>'LinkToThirparty'), diff --git a/htdocs/mrp/class/mo.class.php b/htdocs/mrp/class/mo.class.php index d48d4959fd1..115844c916d 100644 --- a/htdocs/mrp/class/mo.class.php +++ b/htdocs/mrp/class/mo.class.php @@ -103,7 +103,7 @@ class Mo extends CommonObject 'fk_bom' => array('type'=>'integer:Bom:bom/class/bom.class.php:0:t.status=1', 'filter'=>'active=1', 'label'=>'BOM', 'enabled'=>1, 'visible'=>1, 'position'=>33, 'notnull'=>-1, 'index'=>1, 'comment'=>"Original BOM", 'css'=>'minwidth100 maxwidth300', 'csslist'=>'nowraponall'), 'fk_product' => array('type'=>'integer:Product:product/class/product.class.php:0', 'label'=>'Product', 'enabled'=>1, 'visible'=>1, 'position'=>35, 'notnull'=>1, 'index'=>1, 'comment'=>"Product to produce", 'css'=>'maxwidth300', 'picto'=>'product'), 'qty' => array('type'=>'real', 'label'=>'QtyToProduce', 'enabled'=>1, 'visible'=>1, 'position'=>40, 'notnull'=>1, 'comment'=>"Qty to produce", 'css'=>'width75', 'default'=>1, 'isameasure'=>1), - 'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>1, 'visible'=>1, 'position'=>42, 'notnull'=>-1, 'searchall'=>1, 'showoncombobox'=>'1',), + 'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>1, 'visible'=>1, 'position'=>42, 'notnull'=>-1, 'searchall'=>1, 'showoncombobox'=>'2',), 'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1', 'label'=>'ThirdParty', 'picto'=>'company', 'enabled'=>1, 'visible'=>-1, 'position'=>50, 'notnull'=>-1, 'index'=>1, 'css'=>'maxwidth400'), 'fk_project' => array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Project', 'picto'=>'project', 'enabled'=>1, 'visible'=>-1, 'position'=>51, 'notnull'=>-1, 'index'=>1, 'css'=>'minwidth200 maxwidth400'), 'fk_warehouse' => array('type'=>'integer:Entrepot:product/stock/class/entrepot.class.php:0', 'label'=>'WarehouseForProduction', 'picto'=>'stock', 'enabled'=>1, 'visible'=>1, 'position'=>52, 'css'=>'maxwidth400'), diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index f76a6fec0ad..6aee9af9c60 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -433,8 +433,8 @@ class Product extends CommonObject 'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-2, 'notnull'=>1, 'index'=>1, 'position'=>1, 'comment'=>'Id'), 'ref' =>array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'showoncombobox'=>1, 'index'=>1, 'position'=>10, 'searchall'=>1, 'comment'=>'Reference of object'), 'entity' =>array('type'=>'integer', 'label'=>'Entity', 'enabled'=>1, 'visible'=>0, 'default'=>1, 'notnull'=>1, 'index'=>1, 'position'=>5), - 'label' =>array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'showoncombobox'=>1, 'position'=>15), - 'barcode' =>array('type'=>'varchar(255)', 'label'=>'Barcode', 'enabled'=>'!empty($conf->barcode->enabled)', 'position'=>20, 'visible'=>-1, 'showoncombobox'=>1), + 'label' =>array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'showoncombobox'=>2, 'position'=>15), + 'barcode' =>array('type'=>'varchar(255)', 'label'=>'Barcode', 'enabled'=>'!empty($conf->barcode->enabled)', 'position'=>20, 'visible'=>-1, 'showoncombobox'=>3), 'fk_barcode_type' => array('type'=>'integer', 'label'=>'BarcodeType', 'enabled'=>'1', 'position'=>21, 'notnull'=>0, 'visible'=>-1,), 'note_public' =>array('type'=>'html', 'label'=>'NotePublic', 'enabled'=>1, 'visible'=>0, 'position'=>61), 'note' =>array('type'=>'html', 'label'=>'NotePrivate', 'enabled'=>1, 'visible'=>0, 'position'=>62), diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php index dc15e092155..35791bfd158 100644 --- a/htdocs/product/stock/class/entrepot.class.php +++ b/htdocs/product/stock/class/entrepot.class.php @@ -127,7 +127,7 @@ class Entrepot extends CommonObject 'ref' =>array('type'=>'varchar(255)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>1, 'showoncombobox'=>1, 'position'=>25, 'searchall'=>1), 'entity' =>array('type'=>'integer', 'label'=>'Entity', 'enabled'=>1, 'visible'=>0, 'notnull'=>1, 'position'=>30), 'description' =>array('type'=>'text', 'label'=>'Description', 'enabled'=>1, 'visible'=>-2, 'position'=>35, 'searchall'=>1), - 'lieu' =>array('type'=>'varchar(64)', 'label'=>'LocationSummary', 'enabled'=>1, 'visible'=>1, 'position'=>40, 'showoncombobox'=>1, 'searchall'=>1), + 'lieu' =>array('type'=>'varchar(64)', 'label'=>'LocationSummary', 'enabled'=>1, 'visible'=>1, 'position'=>40, 'showoncombobox'=>2, 'searchall'=>1), 'fk_parent' =>array('type'=>'integer:Entrepot:product/stock/class/entrepot.class.php:1:statut=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ParentWarehouse', 'enabled'=>1, 'visible'=>-2, 'position'=>41), 'fk_project' =>array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Project', 'enabled'=>1, 'visible'=>-1, 'position'=>25), 'address' =>array('type'=>'varchar(255)', 'label'=>'Address', 'enabled'=>1, 'visible'=>-2, 'position'=>45, 'searchall'=>1), diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index ca42e8a3fd1..851703ce96b 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -224,7 +224,7 @@ class Project extends CommonObject public $fields = array( 'rowid' =>array('type'=>'integer', 'label'=>'ID', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>10), 'ref' =>array('type'=>'varchar(50)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>1, 'showoncombobox'=>1, 'position'=>15, 'searchall'=>1), - 'title' =>array('type'=>'varchar(255)', 'label'=>'ProjectLabel', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'position'=>17, 'showoncombobox'=>1, 'searchall'=>1), + 'title' =>array('type'=>'varchar(255)', 'label'=>'ProjectLabel', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'position'=>17, 'showoncombobox'=>2, 'searchall'=>1), 'entity' =>array('type'=>'integer', 'label'=>'Entity', 'default'=>1, 'enabled'=>1, 'visible'=>3, 'notnull'=>1, 'position'=>19), 'fk_soc' =>array('type'=>'integer', 'label'=>'Thirdparty', 'enabled'=>1, 'visible'=>0, 'position'=>20), 'dateo' =>array('type'=>'date', 'label'=>'DateStart', 'enabled'=>1, 'visible'=>1, 'position'=>30), diff --git a/htdocs/recruitment/class/recruitmentjobposition.class.php b/htdocs/recruitment/class/recruitmentjobposition.class.php index 86cd99e7180..2f180bcc8ec 100644 --- a/htdocs/recruitment/class/recruitmentjobposition.class.php +++ b/htdocs/recruitment/class/recruitmentjobposition.class.php @@ -102,7 +102,7 @@ class RecruitmentJobPosition extends CommonObject 'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>'1', 'position'=>1, 'notnull'=>1, 'visible'=>0, 'noteditable'=>'1', 'index'=>1, 'comment'=>"Id"), 'entity' => array('type'=>'integer', 'label'=>'Entity', 'enabled'=>1, 'visible'=>0, 'position'=>5, 'notnull'=>1, 'default'=>'1', 'index'=>1), 'ref' => array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>'1', 'position'=>10, 'notnull'=>1, 'visible'=>4, 'noteditable'=>'1', 'default'=>'(PROV)', 'index'=>1, 'searchall'=>1, 'showoncombobox'=>'1', 'comment'=>"Reference of object"), - 'label' => array('type'=>'varchar(255)', 'label'=>'JobLabel', 'enabled'=>'1', 'position'=>30, 'notnull'=>1, 'visible'=>1, 'searchall'=>1, 'css'=>'minwidth500', 'csslist'=>'tdoverflowmax300', 'showoncombobox'=>'1', 'autofocusoncreate'=>1), + 'label' => array('type'=>'varchar(255)', 'label'=>'JobLabel', 'enabled'=>'1', 'position'=>30, 'notnull'=>1, 'visible'=>1, 'searchall'=>1, 'css'=>'minwidth500', 'csslist'=>'tdoverflowmax300', 'showoncombobox'=>'2', 'autofocusoncreate'=>1), 'qty' => array('type'=>'integer', 'label'=>'NbOfEmployeesExpected', 'enabled'=>'1', 'position'=>45, 'notnull'=>1, 'visible'=>1, 'default'=>'1', 'isameasure'=>'1', 'css'=>'maxwidth75imp'), 'fk_project' => array('type'=>'integer:Project:projet/class/project.class.php:1', 'label'=>'Project', 'enabled'=>'1', 'position'=>52, 'notnull'=>-1, 'visible'=>-1, 'index'=>1, 'css'=>'maxwidth500', 'picto'=>'project'), 'fk_user_recruiter' => array('type'=>'integer:User:user/class/user.class.php', 'label'=>'ResponsibleOfRecruitement', 'enabled'=>'1', 'position'=>54, 'notnull'=>1, 'visible'=>1, 'foreignkey'=>'user.rowid', 'csslist'=>'tdoverflowmax150'), diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 7554ad2fbe2..97723f83f37 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -162,7 +162,7 @@ class Societe extends CommonObject 'tms' =>array('type'=>'timestamp', 'label'=>'DateModification', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>25), 'datec' =>array('type'=>'datetime', 'label'=>'DateCreation', 'enabled'=>1, 'visible'=>-1, 'position'=>30), 'nom' =>array('type'=>'varchar(128)', 'label'=>'Nom', 'enabled'=>1, 'visible'=>-1, 'position'=>35, 'showoncombobox'=>1), - 'name_alias' =>array('type'=>'varchar(128)', 'label'=>'Name alias', 'enabled'=>1, 'visible'=>-1, 'position'=>36, 'showoncombobox'=>1), + 'name_alias' =>array('type'=>'varchar(128)', 'label'=>'Name alias', 'enabled'=>1, 'visible'=>-1, 'position'=>36, 'showoncombobox'=>2), 'entity' =>array('type'=>'integer', 'label'=>'Entity', 'default'=>1, 'enabled'=>1, 'visible'=>-2, 'notnull'=>1, 'position'=>40, 'index'=>1), 'ref_ext' =>array('type'=>'varchar(255)', 'label'=>'RefExt', 'enabled'=>1, 'visible'=>0, 'position'=>45), 'code_client' =>array('type'=>'varchar(24)', 'label'=>'CustomerCode', 'enabled'=>1, 'visible'=>-1, 'position'=>55), diff --git a/htdocs/workstation/class/workstation.class.php b/htdocs/workstation/class/workstation.class.php index d81bab42eab..5cb6baf3565 100755 --- a/htdocs/workstation/class/workstation.class.php +++ b/htdocs/workstation/class/workstation.class.php @@ -101,7 +101,7 @@ class Workstation extends CommonObject public $fields=array( 'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>'1', 'position'=>1, 'notnull'=>1, 'visible'=>0, 'noteditable'=>'1', 'index'=>1, 'css'=>'left', 'comment'=>"Id"), 'ref' => array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>'1', 'position'=>10, 'notnull'=>1, 'visible'=>1, 'noteditable'=>'0', 'default'=>'', 'index'=>1, 'searchall'=>1, 'showoncombobox'=>'1', 'comment'=>"Reference of object"), - 'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>'1', 'position'=>30, 'notnull'=>1, 'visible'=>1, 'searchall'=>1, 'css'=>'minwidth300', 'showoncombobox'=>'1',), + 'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>'1', 'position'=>30, 'notnull'=>1, 'visible'=>1, 'searchall'=>1, 'css'=>'minwidth300', 'showoncombobox'=>'2',), 'type' => array('type'=>'varchar(8)', 'label'=>'Type', 'enabled'=>'1', 'position'=>32, 'default'=>1, 'notnull'=>1, 'visible'=>1, 'arrayofkeyval'=>array('HUMAN'=>'Human', 'MACHINE'=>'Machine', 'BOTH'=>'HumanMachine'),), 'note_public' => array('type'=>'html', 'label'=>'NotePublic', 'enabled'=>'1', 'position'=>61, 'notnull'=>0, 'visible'=>0,), 'note_private' => array('type'=>'html', 'label'=>'NotePrivate', 'enabled'=>'1', 'position'=>62, 'notnull'=>0, 'visible'=>0,), diff --git a/htdocs/zapier/class/hook.class.php b/htdocs/zapier/class/hook.class.php index 9197942b5c0..ba04f504da6 100644 --- a/htdocs/zapier/class/hook.class.php +++ b/htdocs/zapier/class/hook.class.php @@ -121,8 +121,7 @@ class Hook extends CommonObject 'position' => 30, 'searchall' => 1, 'css' => 'minwidth200', - 'help' => 'Hook url', - 'showoncombobox' => 1, + 'help' => 'Hook url' ), 'module' => array( 'type' => 'varchar(128)', @@ -132,8 +131,7 @@ class Hook extends CommonObject 'position' => 30, 'searchall' => 1, 'css' => 'minwidth200', - 'help' => 'Hook module', - 'showoncombobox' => 1, + 'help' => 'Hook module' ), 'action' => array( 'type' => 'varchar(128)', @@ -143,8 +141,7 @@ class Hook extends CommonObject 'position' => 30, 'searchall' => 1, 'css' => 'minwidth200', - 'help' => 'Hook action trigger', - 'showoncombobox' => 1, + 'help' => 'Hook action trigger' ), 'event' => array( 'type' => 'varchar(255)', From fb0d2cdddcc2be2f9bf1f4e47066224b8747452e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 5 Jun 2021 15:27:49 +0200 Subject: [PATCH 27/93] Debug v14 --- htdocs/core/class/html.form.class.php | 5 ++++- htdocs/partnership/class/partnership.class.php | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 0944918f815..1dd6712dba6 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -6840,9 +6840,12 @@ class Form $obj = $this->db->fetch_object($resql); $label = ''; $tmparray = explode(',', $fieldstoshow); + $oldvalueforshowoncombobox = 0; foreach ($tmparray as $key => $val) { $val = preg_replace('/t\./', '', $val); - $label .= (($label && $obj->$val) ? ' - ' : '').$obj->$val; + $label .= (($label && $obj->$val) ? ($oldvalueforshowoncombobox != $objecttmp->fields[$val]['showoncombobox'] ? ' - ' : ' ') : ''); + $label .= $obj->$val; + $oldvalueforshowoncombobox = $objecttmp->fields[$val]['showoncombobox']; } if (empty($outputmode)) { if ($preselectedvalue > 0 && $preselectedvalue == $obj->rowid) { diff --git a/htdocs/partnership/class/partnership.class.php b/htdocs/partnership/class/partnership.class.php index 77ae16d9d2d..f33a19f312e 100644 --- a/htdocs/partnership/class/partnership.class.php +++ b/htdocs/partnership/class/partnership.class.php @@ -198,9 +198,9 @@ class Partnership extends CommonObject ); if ($conf->global->PARTNERSHIP_IS_MANAGED_FOR == 'member') { - $this->fields['fk_member'] = array('type'=>'integer:Adherent:adherents/class/adherent.class.php:1', 'label'=>'Member', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1,); + $this->fields['fk_member'] = array('type'=>'integer:Adherent:adherents/class/adherent.class.php:1', 'label'=>'Member', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'picto'=>'member'); } else { - $this->fields['fk_soc'] = array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1,); + $this->fields['fk_soc'] = array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'picto'=>'societe'); } if (empty($conf->global->MAIN_SHOW_TECHNICAL_ID) && isset($this->fields['rowid'])) { From 70af18148b9324d91c257c10b6a5177c5a4b2986 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 5 Jun 2021 17:48:30 +0200 Subject: [PATCH 28/93] Debug modulebuilder v14 --- htdocs/core/lib/functions.lib.php | 7 ++++--- htdocs/install/mysql/migration/13.0.0-14.0.0.sql | 2 ++ htdocs/modulebuilder/template/myobject_card.php | 3 +-- htdocs/partnership/partnership_card.php | 5 ++--- 4 files changed, 9 insertions(+), 8 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 61a3869fe1a..b018b4d2fb0 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -9671,7 +9671,7 @@ function dolGetStatus($statusLabel = '', $statusLabelShort = '', $html = '', $st /** * Function dolGetButtonAction * - * @param string $label label of button no html : use in alt attribute for accessibility $html is not empty + * @param string $label label of button without HTML : use in alt attribute for accessibility $html is not empty * @param string $html optional : content with html * @param string $actionType default, delete, danger * @param string $url the url for link @@ -9689,8 +9689,9 @@ function dolGetButtonAction($label, $html = '', $actionType = 'default', $url = } $attr = array( - 'class' => $class - ,'href' => empty($url) ? '' : $url + 'class' => $class, + 'href' => empty($url) ? '' : $url, + 'title' => $label ); if (empty($html)) { diff --git a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql index 3fb671fa9b2..cc4b791725d 100644 --- a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql +++ b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql @@ -450,6 +450,8 @@ CREATE TABLE llx_partnership( model_pdf varchar(255) ) ENGINE=innodb; +ALTER TABLE llx_partnership ADD COLUMN last_check_backlink datetime NULL; + ALTER TABLE llx_partnership ADD INDEX idx_partnership_rowid (rowid); ALTER TABLE llx_partnership ADD INDEX idx_partnership_ref (ref); ALTER TABLE llx_partnership ADD INDEX idx_partnership_fk_soc (fk_soc); diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index 1f9da9c80ae..739596b5653 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -505,8 +505,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print dolGetButtonAction($langs->trans('Validate'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_validate&confirm=yes', '', $permissiontoadd); } else { $langs->load("errors"); - //print dolGetButtonAction($langs->trans('Validate'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_validate&confirm=yes', '', 0); - print ''.$langs->trans("Validate").''; + print dolGetButtonAction($langs->trans("ErrorAddAtLeastOneLineFirst"), $langs->trans("Validate"), 'default', '#', '', 0); } } diff --git a/htdocs/partnership/partnership_card.php b/htdocs/partnership/partnership_card.php index b31ced3556f..f724ace839d 100644 --- a/htdocs/partnership/partnership_card.php +++ b/htdocs/partnership/partnership_card.php @@ -639,8 +639,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print dolGetButtonAction($langs->trans('Validate'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_accept&confirm=yes', '', $permissiontoadd); } else { $langs->load("errors"); - //print dolGetButtonAction($langs->trans('Accept'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_accept&confirm=yes', '', 0); - print ''.$langs->trans("Validate").''; + print dolGetButtonAction($langs->trans("ErrorAddAtLeastOneLineFirst"), $langs->trans("Validate"), 'default', '#', '', 0); } } @@ -657,7 +656,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea // Refuse if ($permissiontoadd) { if ($object->status != $object::STATUS_CANCELED && $object->status != $object::STATUS_REFUSED) { - print ''.$langs->trans("Refuse").''."\n"; + print dolGetButtonAction($langs->trans('Refuse'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=refuse&token='.newToken(), '', $permissiontoadd); } } From 92b6425ce0832639c7e3f19e31199405f5634d27 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 5 Jun 2021 18:20:07 +0200 Subject: [PATCH 29/93] Debug v14 --- htdocs/adherents/partnership.php | 6 ++- htdocs/langs/en_US/partnership.lang | 2 +- .../modulebuilder/template/myobject_card.php | 4 +- htdocs/partnership/partnership_card.php | 10 ++-- htdocs/societe/partnership.php | 48 +++++-------------- 5 files changed, 24 insertions(+), 46 deletions(-) diff --git a/htdocs/adherents/partnership.php b/htdocs/adherents/partnership.php index 5bdf758e84f..28b041240a3 100644 --- a/htdocs/adherents/partnership.php +++ b/htdocs/adherents/partnership.php @@ -510,20 +510,22 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea if (empty($reshook)) { if ($object->status == $object::STATUS_DRAFT) { - print dolGetButtonAction($langs->trans('Modify'), '', 'default', $_SERVER["PHP_SELF"].'?rowid='.$memberid.'&action=edit', '', $permissiontoadd); + print dolGetButtonAction($langs->trans('Modify'), '', 'default', $_SERVER["PHP_SELF"].'?rowid='.$memberid.'&action=edit&token='.newToken(), '', $permissiontoadd); } // Show if ($permissiontoadd) { - print dolGetButtonAction($langs->trans('ShowPartnership'), '', 'default', dol_buildpath('/partnership/partnership_card.php', 1).'?id='.$object->id, '', $permissiontoadd); + print dolGetButtonAction($langs->trans('ManagePartnership'), '', 'default', dol_buildpath('/partnership/partnership_card.php', 1).'?id='.$object->id, '', $permissiontoadd); } // Cancel + /* if ($permissiontoadd) { if ($object->status == $object::STATUS_ACCEPTED) { print dolGetButtonAction($langs->trans('Cancel'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=close&token='.newToken(), '', $permissiontoadd); } } + */ } print ''."\n"; } diff --git a/htdocs/langs/en_US/partnership.lang b/htdocs/langs/en_US/partnership.lang index 7decec2a003..6d0c7dc0ac9 100644 --- a/htdocs/langs/en_US/partnership.lang +++ b/htdocs/langs/en_US/partnership.lang @@ -50,7 +50,7 @@ DatePartnershipEnd=End date ReasonDecline=Decline reason ReasonDeclineOrCancel=Decline reason PartnershipAlreadyExist=Partnership already exist -ShowPartnership=Show partnership +ManagePartnership=Manage partnership BacklinkNotFoundOnPartnerWebsite=Backlink not found on partner website ConfirmClosePartnershipAsk=Are you sure you want to cancel this partnership? diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index 739596b5653..7111b59b582 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -489,7 +489,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea if (empty($reshook)) { // Send if (empty($user->socid)) { - print dolGetButtonAction($langs->trans('SendMail'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&mode=init#formmailbeforetitle'); + print dolGetButtonAction($langs->trans('SendMail'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&mode=init&token='.newToken().'#formmailbeforetitle'); } // Back to draft @@ -502,7 +502,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea // Validate if ($object->status == $object::STATUS_DRAFT) { if (empty($object->table_element_line) || (is_array($object->lines) && count($object->lines) > 0)) { - print dolGetButtonAction($langs->trans('Validate'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_validate&confirm=yes', '', $permissiontoadd); + print dolGetButtonAction($langs->trans('Validate'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_validate&confirm=yes&token='.newToken(), '', $permissiontoadd); } else { $langs->load("errors"); print dolGetButtonAction($langs->trans("ErrorAddAtLeastOneLineFirst"), $langs->trans("Validate"), 'default', '#', '', 0); diff --git a/htdocs/partnership/partnership_card.php b/htdocs/partnership/partnership_card.php index f724ace839d..72e0bc22bdd 100644 --- a/htdocs/partnership/partnership_card.php +++ b/htdocs/partnership/partnership_card.php @@ -623,20 +623,20 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea if (empty($reshook)) { // Send if (empty($user->socid)) { - print dolGetButtonAction($langs->trans('SendMail'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&mode=init#formmailbeforetitle'); + print dolGetButtonAction($langs->trans('SendMail'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&mode=init&token='.newToken().'#formmailbeforetitle'); } // Back to draft if ($object->status != $object::STATUS_DRAFT) { - print dolGetButtonAction($langs->trans('SetToDraft'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=confirm_setdraft&confirm=yes', '', $permissiontoadd); + print dolGetButtonAction($langs->trans('SetToDraft'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=confirm_setdraft&confirm=yes&token='.newToken(), '', $permissiontoadd); } - print dolGetButtonAction($langs->trans('Modify'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit', '', $permissiontoadd); + print dolGetButtonAction($langs->trans('Modify'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit&token='.newToken(), '', $permissiontoadd); // Accept if ($object->status == $object::STATUS_DRAFT) { if (empty($object->table_element_line) || (is_array($object->lines) && count($object->lines) > 0)) { - print dolGetButtonAction($langs->trans('Validate'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_accept&confirm=yes', '', $permissiontoadd); + print dolGetButtonAction($langs->trans('Validate'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=confirm_accept&confirm=yes&token='.newToken(), '', $permissiontoadd); } else { $langs->load("errors"); print dolGetButtonAction($langs->trans("ErrorAddAtLeastOneLineFirst"), $langs->trans("Validate"), 'default', '#', '', 0); @@ -655,7 +655,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea // Refuse if ($permissiontoadd) { - if ($object->status != $object::STATUS_CANCELED && $object->status != $object::STATUS_REFUSED) { + if ($object->status != $object::STATUS_ACCEPTED && $object->status != $object::STATUS_CANCELED && $object->status != $object::STATUS_REFUSED) { print dolGetButtonAction($langs->trans('Refuse'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=refuse&token='.newToken(), '', $permissiontoadd); } } diff --git a/htdocs/societe/partnership.php b/htdocs/societe/partnership.php index 0a5205799a9..6a45c657126 100644 --- a/htdocs/societe/partnership.php +++ b/htdocs/societe/partnership.php @@ -44,42 +44,13 @@ //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} - +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; -dol_include_once('/partnership/class/partnership.class.php'); -dol_include_once('/partnership/lib/partnership.lib.php'); +require_once DOL_DOCUMENT_ROOT.'/partnership/class/partnership.class.php'; +require_once DOL_DOCUMENT_ROOT.'/partnership/lib/partnership.lib.php'; // Load translation files required by the page $langs->loadLangs(array("companies","partnership", "other")); @@ -153,6 +124,11 @@ if (($action == 'update' || $action == 'edit') && $object->status != $object::ST if (empty($socid) && $object) { $socid = $object->fk_soc; } + +// Security check +$result = restrictedArea($user, 'societe', $socid, '&societe', '', 'fk_soc', 'rowid', 0); + + /* * Actions */ @@ -276,8 +252,6 @@ $object->fields['note_public']['visible'] = 1; /* * View - * - * Put here all code to build page */ $form = new Form($db); @@ -528,20 +502,22 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea if (empty($reshook)) { if ($object->status == $object::STATUS_DRAFT) { - print dolGetButtonAction($langs->trans('Modify'), '', 'default', $_SERVER["PHP_SELF"].'?socid='.$socid.'&action=edit', '', $permissiontoadd); + print dolGetButtonAction($langs->trans('Modify'), '', 'default', $_SERVER["PHP_SELF"].'?socid='.$socid.'&action=edit&token='.newtoken(), '', $permissiontoadd); } // Show if ($permissiontoadd) { - print dolGetButtonAction($langs->trans('ShowPartnership'), '', 'default', dol_buildpath('/partnership/partnership_card.php', 1).'?id='.$object->id, '', $permissiontoadd); + print dolGetButtonAction($langs->trans('ManagePartnership'), '', 'default', dol_buildpath('/partnership/partnership_card.php', 1).'?id='.$object->id, '', $permissiontoadd); } // Cancel + /* if ($permissiontoadd) { if ($object->status == $object::STATUS_ACCEPTED) { print dolGetButtonAction($langs->trans('Cancel'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=close&token='.newToken(), '', $permissiontoadd); } } + */ } print ''."\n"; } From a1bb7129dab6ebb2f457ed32efa0025354bebb36 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 6 Jun 2021 15:29:49 +0200 Subject: [PATCH 30/93] Debug v14 --- htdocs/adherents/partnership.php | 10 ++++--- htdocs/core/lib/member.lib.php | 30 ++++++++++++++++++-- htdocs/core/modules/modPartnership.class.php | 4 +-- htdocs/cron/list.php | 3 +- htdocs/langs/en_US/partnership.lang | 3 ++ htdocs/partnership/admin/setup.php | 5 ++-- 6 files changed, 40 insertions(+), 15 deletions(-) diff --git a/htdocs/adherents/partnership.php b/htdocs/adherents/partnership.php index 28b041240a3..3dab1f86064 100644 --- a/htdocs/adherents/partnership.php +++ b/htdocs/adherents/partnership.php @@ -449,6 +449,9 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print $formconfirm; + // TODO Replace this card into a list of all partnerships. + + // Object card // ------------------------------------------------------------ $linkback = ''.$langs->trans("BackToList").''; @@ -498,6 +501,9 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print dol_get_fiche_end(); + + + // Buttons for actions if ($action != 'presend') { @@ -509,10 +515,6 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea } if (empty($reshook)) { - if ($object->status == $object::STATUS_DRAFT) { - print dolGetButtonAction($langs->trans('Modify'), '', 'default', $_SERVER["PHP_SELF"].'?rowid='.$memberid.'&action=edit&token='.newToken(), '', $permissiontoadd); - } - // Show if ($permissiontoadd) { print dolGetButtonAction($langs->trans('ManagePartnership'), '', 'default', dol_buildpath('/partnership/partnership_card.php', 1).'?id='.$object->id, '', $permissiontoadd); diff --git a/htdocs/core/lib/member.lib.php b/htdocs/core/lib/member.lib.php index 484f34c265c..fc274e0d624 100644 --- a/htdocs/core/lib/member.lib.php +++ b/htdocs/core/lib/member.lib.php @@ -63,6 +63,33 @@ function member_prepare_head(Adherent $object) $h++; } + $tabtoadd = (!empty(getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR')) && getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR') == 'member') ? 'member' : 'thirdparty'; + + if ($tabtoadd == 'member') { + if (!empty($user->rights->partnership->read)) { + $nbPartnership = is_array($object->partnerships) ? count($object->partnerships) : 0; + $head[$h][0] = DOL_URL_ROOT.'/adherents/partnership.php?rowid='.$object->id; + $head[$h][1] = $langs->trans("Partnership"); + $head[$h][2] = 'partnership'; + if ($nbPartnership > 0) { + $head[$h][1] .= ''.$nbPartnership.''; + } + $h++; + } + } else { + if (!empty($user->rights->partnership->read)) { + $nbPartnership = is_array($object->partnerships) ? count($object->partnerships) : 0; + $head[$h][0] = DOL_URL_ROOT.'/societe/partnership.php?socid='.$object->id; + $head[$h][1] = $langs->trans("Partnership"); + $head[$h][2] = 'partnership'; + if ($nbPartnership > 0) { + $head[$h][1] .= ''.$nbPartnership.''; + } + $h++; + } + } + + // Show more tabs from modules // Entries must be declared in modules descriptor with line // $this->tabs = array('entity:+tabname:Title:@mymodule:/mymodule/mypage.php?id=__ID__'); to add new tab @@ -70,9 +97,6 @@ function member_prepare_head(Adherent $object) complete_head_from_modules($conf, $langs, $object, $head, $h, 'member'); $nbNote = 0; - if (!empty($object->note)) { - $nbNote++; - } if (!empty($object->note_private)) { $nbNote++; } diff --git a/htdocs/core/modules/modPartnership.class.php b/htdocs/core/modules/modPartnership.class.php index d12cd610238..889f18cde73 100644 --- a/htdocs/core/modules/modPartnership.class.php +++ b/htdocs/core/modules/modPartnership.class.php @@ -180,10 +180,8 @@ class modPartnership extends DolibarrModules $tabtoadd = (!empty(getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR')) && getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR') == 'member') ? 'member' : 'thirdparty'; if ($tabtoadd == 'member') { - $this->tabs[] = array('data'=>'member:+partnership:Partnership:partnership@partnership:$user->rights->partnership->read:/adherents/partnership.php?rowid=__ID__'); $fk_mainmenu = "members"; } else { - $this->tabs[] = array('data'=>'thirdparty:+partnership:Partnership:partnership@partnership:$user->rights->partnership->read:/societe/partnership.php?socid=__ID__'); $fk_mainmenu = "companies"; } @@ -258,7 +256,7 @@ class modPartnership extends DolibarrModules $this->cronjobs = array( 0 => array('priority'=>60, 'label'=>'CancelPartnershipForExpiredMembers', 'jobtype'=>'method', 'class'=>'/partnership/class/partnershiputils.class.php', 'objectname'=>'PartnershipUtils', 'method'=>'doCancelStatusOfMemberPartnership', 'parameters'=>'', 'comment'=>'Cancel status of partnership when subscription is expired + x days.', 'frequency'=>1, 'unitfrequency'=>86400, 'status'=>1, 'test'=>'$conf->partnership->enabled', 'datestart'=>$datestart), - 1 => array('priority'=>61, 'label'=>'CheckDolibarrBacklink', 'jobtype'=>'method', 'class'=>'/partnership/class/partnershiputils.class.php', 'objectname'=>'PartnershipUtils', 'method'=>'doWarningOfPartnershipIfDolibarrBacklinkNotfound', 'parameters'=>'', 'comment'=>'Warning of partnership if Dolibarr backlink not found on partner website.', 'frequency'=>1, 'unitfrequency'=>86400, 'status'=>0, 'test'=>'$conf->partnership->enabled', 'datestart'=>$datestart), + 1 => array('priority'=>61, 'label'=>'PartnershipCheckBacklink', 'jobtype'=>'method', 'class'=>'/partnership/class/partnershiputils.class.php', 'objectname'=>'PartnershipUtils', 'method'=>'doWarningOfPartnershipIfDolibarrBacklinkNotfound', 'parameters'=>'', 'comment'=>'Warning of partnership if Dolibarr backlink not found on partner website.', 'frequency'=>1, 'unitfrequency'=>86400, 'status'=>0, 'test'=>'$conf->partnership->enabled', 'datestart'=>$datestart), ); // Permissions provided by this module diff --git a/htdocs/cron/list.php b/htdocs/cron/list.php index 80371b14889..4d829258b2b 100644 --- a/htdocs/cron/list.php +++ b/htdocs/cron/list.php @@ -1,7 +1,7 @@ - * Copyright (C) 2013-2019 Laurent Destailleur + * Copyright (C) 2013-2021 Laurent Destailleur * Copyright (C) 2019 Frédéric France * * This program is free software; you can redistribute it and/or modify @@ -24,7 +24,6 @@ * \brief Lists Jobs */ - require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; require_once DOL_DOCUMENT_ROOT.'/cron/class/cronjob.class.php'; diff --git a/htdocs/langs/en_US/partnership.lang b/htdocs/langs/en_US/partnership.lang index 6d0c7dc0ac9..04fe88b3442 100644 --- a/htdocs/langs/en_US/partnership.lang +++ b/htdocs/langs/en_US/partnership.lang @@ -20,6 +20,9 @@ ModulePartnershipName=Partnership management PartnershipDescription=Module Partnership management PartnershipDescriptionLong= Module Partnership management +CancelPartnershipForExpiredMembers=Partnership: Cancel partnership of members with expired subscriptions +PartnershipCheckBacklink=Partnership: Check referring backlink + # # Menu # diff --git a/htdocs/partnership/admin/setup.php b/htdocs/partnership/admin/setup.php index 79c8c469eec..7fa0ef62b5e 100644 --- a/htdocs/partnership/admin/setup.php +++ b/htdocs/partnership/admin/setup.php @@ -193,11 +193,10 @@ print '
'.$langs->trans("PARTNERSHIP_BACKLINKS_TO_CHECK").''; -$dbacklinks = 'dolibarr.org|dolibarr.fr|dolibarr.es'; -$backlinks = (!empty($conf->global->PARTNERSHIP_BACKLINKS_TO_CHECK)) ? $conf->global->PARTNERSHIP_BACKLINKS_TO_CHECK : $dbacklinks; +$backlinks = (empty($conf->global->PARTNERSHIP_BACKLINKS_TO_CHECK) ? '' : $conf->global->PARTNERSHIP_BACKLINKS_TO_CHECK); print ''; print ''.$dbacklinks.'dolibarr.org|dolibarr.fr|dolibarr.es
'; From 9f177a0c63c07269497f3894e68db37441f3787f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 6 Jun 2021 16:36:41 +0200 Subject: [PATCH 31/93] Debug v14 --- htdocs/adherents/partnership.php | 388 ++++-------------- htdocs/admin/dict.php | 4 +- htdocs/core/modules/modPartnership.class.php | 21 +- .../install/mysql/migration/13.0.0-14.0.0.sql | 14 +- .../mysql/tables/llx_c_partnership_type.sql | 35 ++ htdocs/langs/en_US/partnership.lang | 2 + .../partnership/class/partnership.class.php | 27 +- htdocs/partnership/partnership_card.php | 51 +-- htdocs/societe/partnership.php | 346 +++------------- 9 files changed, 200 insertions(+), 688 deletions(-) create mode 100644 htdocs/install/mysql/tables/llx_c_partnership_type.sql diff --git a/htdocs/adherents/partnership.php b/htdocs/adherents/partnership.php index 3dab1f86064..cf0e11d70e0 100644 --- a/htdocs/adherents/partnership.php +++ b/htdocs/adherents/partnership.php @@ -57,8 +57,7 @@ require_once DOL_DOCUMENT_ROOT.'/partnership/lib/partnership.lib.php'; $langs->loadLangs(array("companies","members","partnership", "other")); // Get parameters -$id = GETPOST('id', 'int'); -$memberid = GETPOST('rowid', 'int'); +$id = GETPOST('rowid', 'int') ? GETPOST('rowid', 'int') : GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); @@ -68,9 +67,9 @@ $backtopage = GETPOST('backtopage', 'alpha'); $backtopageforcancel = GETPOST('backtopageforcancel', 'alpha'); //$lineid = GETPOST('lineid', 'int'); -$member = new Adherent($db); -if ($memberid > 0) { - $member->fetch($memberid); +$object = new Adherent($db); +if ($id > 0) { + $object->fetch($id); } // Initialize technical objects @@ -112,19 +111,13 @@ if (empty($conf->partnership->enabled)) accessforbidden(); if (empty($permissiontoread)) accessforbidden(); if ($action == 'edit' && empty($permissiontoadd)) accessforbidden(); -$partnershipid = $object->fetch(0, "", $memberid); -if (empty($action) && empty($partnershipid)) { - $action = 'create'; -} -if (($action == 'update' || $action == 'edit') && $object->status != $object::STATUS_DRAFT) accessforbidden(); - -if (empty($memberid) && $object) { - $memberid = $object->fk_member; +if (($action == 'update' || $action == 'edit') && $object->status != $object::STATUS_DRAFT) { + accessforbidden(); } // Security check -$result = restrictedArea($user, 'adherent', $memberid, '', '', 'socid', 'rowid', 0); +$result = restrictedArea($user, 'adherent', $id, '', '', 'socid', 'rowid', 0); /* @@ -143,102 +136,7 @@ $date_end = dol_mktime(0, 0, 0, GETPOST('date_partnership_endmonth', 'int'), GET if (empty($reshook)) { $error = 0; - $backtopage = dol_buildpath('/partnership/partnership.php', 1).'?rowid='.($memberid > 0 ? $memberid : '__ID__'); - - $triggermodname = 'PARTNERSHIP_MODIFY'; // Name of trigger action code to execute when we modify record - - if ($action == 'add' && $permissiontoread) { - $error = 0; - - $db->begin(); - - $now = dol_now(); - - if (!$error) { - $old_start_date = $object->date_partnership_start; - - $object->fk_member = $memberid; - $object->date_partnership_start = (!GETPOST('date_partnership_start')) ? '' : $date_start; - $object->date_partnership_end = (!GETPOST('date_partnership_end')) ? '' : $date_end; - $object->note_public = GETPOST('note_public', 'restricthtml'); - $object->date_creation = $now; - $object->fk_user_creat = $user->id; - $object->entity = $conf->entity; - - // Fill array 'array_options' with data from add form - $ret = $extrafields->setOptionalsFromPost(null, $object); - if ($ret < 0) { - $error++; - } - } - - if (!$error) { - $result = $object->create($user); - if ($result < 0) { - $error++; - if ($result == -4) { - setEventMessages($langs->trans("ErrorRefAlreadyExists"), null, 'errors'); - } else { - setEventMessages($object->error, $object->errors, 'errors'); - } - } - } - - if ($error) { - $db->rollback(); - $action = 'create'; - } else { - $db->commit(); - } - } elseif ($action == 'update' && $permissiontoread) { - $error = 0; - - $db->begin(); - - $now = dol_now(); - - if (!$error) { - $object->oldcopy = clone $object; - - $old_start_date = $object->date_partnership_start; - - $object->date_partnership_start = (!GETPOST('date_partnership_start')) ? '' : $date_start; - $object->date_partnership_end = (!GETPOST('date_partnership_end')) ? '' : $date_end; - $object->note_public = GETPOST('note_public', 'restricthtml'); - $object->fk_user_creat = $user->id; - $object->fk_user_modif = $user->id; - - // Fill array 'array_options' with data from add form - $ret = $extrafields->setOptionalsFromPost(null, $object); - if ($ret < 0) { - $error++; - } - } - - if (!$error) { - $result = $object->update($user); - if ($result < 0) { - $error++; - if ($result == -4) { - setEventMessages($langs->trans("ErrorRefAlreadyExists"), null, 'errors'); - } else { - setEventMessages($object->error, $object->errors, 'errors'); - } - } - } - - if ($error) { - $db->rollback(); - $action = 'edit'; - } else { - $db->commit(); - } - } elseif ($action == 'confirm_close' || $action == 'update_extras') { - include DOL_DOCUMENT_ROOT.'/core/actions_addupdatedelete.inc.php'; - - header("Location: ".$_SERVER['PHP_SELF']."?rowid=".$memberid); - exit; - } + $backtopage = dol_buildpath('/partnership/partnership.php', 1).'?rowid='.($id > 0 ? $id : '__ID__'); // Actions when linking object each other include DOL_DOCUMENT_ROOT.'/core/actions_dellink.inc.php'; @@ -261,11 +159,11 @@ llxHeader('', $title); $form = new Form($db); -if ($memberid) { +if ($id > 0) { $langs->load("members"); - $member = new Adherent($db); - $result = $member->fetch($memberid); + $object = new Adherent($db); + $result = $object->fetch($id); if (!empty($conf->notification->enabled)) { $langs->load("mails"); @@ -273,13 +171,13 @@ if ($memberid) { $adht->fetch($object->typeid); - $head = member_prepare_head($member); + $head = member_prepare_head($object); print dol_get_fiche_head($head, 'partnership', $langs->trans("ThirdParty"), -1, 'user'); $linkback = ''.$langs->trans("BackToList").''; - dol_banner_tab($member, 'rowid', $linkback); + dol_banner_tab($object, 'rowid', $linkback); print '
'; @@ -288,21 +186,21 @@ if ($memberid) { // Login if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED)) { - print ''.$langs->trans("Login").' / '.$langs->trans("Id").''.$member->login.' '; + print ''.$langs->trans("Login").' / '.$langs->trans("Id").''.$object->login.' '; } // Type print ''.$langs->trans("Type").''.$adht->getNomUrl(1)."\n"; // Morphy - print ''.$langs->trans("MemberNature").''.$member->getmorphylib().''; + print ''.$langs->trans("MemberNature").''.$object->getmorphylib().''; print ''; // Company - print ''.$langs->trans("Company").''.$member->company.''; + print ''.$langs->trans("Company").''.$object->company.''; // Civility - print ''.$langs->trans("UserTitle").''.$member->getCivilityLabel().' '; + print ''.$langs->trans("UserTitle").''.$object->getCivilityLabel().' '; print ''; print ''; @@ -310,200 +208,13 @@ if ($memberid) { print '
'; print dol_get_fiche_end(); - - $params = ''; - - print '
'; } else { dol_print_error('', 'Parameter rowid not defined'); } -// Part to create -if ($action == 'create') { - print load_fiche_titre($langs->trans("NewObject", $langs->transnoentitiesnoconv("Partnership")), '', ''); - - $backtopageforcancel = DOL_URL_ROOT.'/partnership/partnership.php?rowid='.$memberid; - - print '
'; - print ''; - print ''; - print ''; - print ''; - - if ($backtopage) { - print ''; - } - if ($backtopageforcancel) { - print ''; - } - - print dol_get_fiche_head(array(), ''); - - print ''."\n"; - - // Common attributes - include DOL_DOCUMENT_ROOT.'/core/tpl/commonfields_add.tpl.php'; - - // Other attributes - include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_add.tpl.php'; - - print '
'."\n"; - - print dol_get_fiche_end(); - - print '
'; - print ''; - print '  '; - // print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; - - print '
'; -} - -// Part to edit record -if (($partnershipid || $ref) && $action == 'edit') { - print load_fiche_titre($langs->trans("Partnership"), '', ''); - - $backtopageforcancel = DOL_URL_ROOT.'/partnership/partnership.php?rowid='.$memberid; - - print '
'; - print ''; - print ''; - print ''; - print ''; - if ($backtopage) { - print ''; - } - if ($backtopageforcancel) { - print ''; - } - - print dol_get_fiche_head(); - - print ''."\n"; - - // Common attributes - include DOL_DOCUMENT_ROOT.'/core/tpl/commonfields_edit.tpl.php'; - - // Other attributes - include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_edit.tpl.php'; - - print '
'; - - print dol_get_fiche_end(); - - print '
'; - print '   '; - print '
'; - - print '
'; -} // Part to show record if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'create'))) { - print load_fiche_titre($langs->trans("PartnershipDedicatedToThisMember", $langs->transnoentitiesnoconv("Partnership")), '', ''); - - $res = $object->fetch_optionals(); - - // $head = partnershipPrepareHead($object); - // print dol_get_fiche_head($head, 'card', $langs->trans("Partnership"), -1, $object->picto); - - $linkback = ''; - dol_banner_tab($object, 'id', $linkback, 0, 'rowid', 'ref'); - - $formconfirm = ''; - - // Close confirmation - if ($action == 'close') { - // Create an array for form - $formquestion = array(); - $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('ToClose'), $langs->trans('ConfirmClosePartnershipAsk', $object->ref), 'confirm_close', $formquestion, 'yes', 1); - } - // Reopon confirmation - if ($action == 'reopen') { - // Create an array for form - $formquestion = array(); - $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('ToReopon'), $langs->trans('ConfirmReoponAsk', $object->ref), 'confirm_reopen', $formquestion, 'yes', 1); - } - - // Refuse confirmatio - if ($action == 'refuse') { - //Form to close proposal (signed or not) - $formquestion = array( - array('type' => 'text', 'name' => 'reason_decline_or_cancel', 'label' => $langs->trans("Note"), 'morecss' => 'reason_decline_or_cancel', 'value' => '') // Field to complete private note (not replace) - ); - - $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('ReasonDecline'), $text, 'confirm_refuse', $formquestion, '', 1, 250); - } - - // Call Hook formConfirm - $parameters = array('formConfirm' => $formconfirm, 'lineid' => $lineid); - $reshook = $hookmanager->executeHooks('formConfirm', $parameters, $object, $action); // Note that $action and $object may have been modified by hook - if (empty($reshook)) { - $formconfirm .= $hookmanager->resPrint; - } elseif ($reshook > 0) { - $formconfirm = $hookmanager->resPrint; - } - - // Print form confirm - print $formconfirm; - - - // TODO Replace this card into a list of all partnerships. - - - // Object card - // ------------------------------------------------------------ - $linkback = ''.$langs->trans("BackToList").''; - - print '
'; - print '
'; - print '
'; - print ''."\n"; - - // Common attributes - //$keyforbreak='fieldkeytoswitchonsecondcolumn'; // We change column just before this field - //unset($object->fields['fk_project']); // Hide field already shown in banner - //unset($object->fields['fk_member']); // Hide field already shown in banner - include DOL_DOCUMENT_ROOT.'/core/tpl/commonfields_view.tpl.php'; - - // End of subscription date - $fadherent = new Adherent($db); - $fadherent->fetch($object->fk_member); - print ''; - - // Other attributes. Fields from hook formObjectOptions and Extrafields. - include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_view.tpl.php'; - - print '
'.$langs->trans("SubscriptionEndDate").''; - if ($fadherent->datefin) { - print dol_print_date($fadherent->datefin, 'day'); - if ($fadherent->hasDelay()) { - print " ".img_warning($langs->trans("Late")); - } - } else { - if (!$adht->subscription) { - print $langs->trans("SubscriptionNotRecorded"); - if ($fadherent->statut > 0) { - print " ".img_warning($langs->trans("Late")); // Display a delay picto only if it is not a draft and is not canceled - } - } else { - print $langs->trans("SubscriptionNotReceived"); - if ($fadherent->statut > 0) { - print " ".img_warning($langs->trans("Late")); // Display a delay picto only if it is not a draft and is not canceled - } - } - } - print '
'; - print '
'; - - print '
'; - - print dol_get_fiche_end(); - - - - // Buttons for actions if ($action != 'presend') { @@ -517,20 +228,65 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea if (empty($reshook)) { // Show if ($permissiontoadd) { - print dolGetButtonAction($langs->trans('ManagePartnership'), '', 'default', dol_buildpath('/partnership/partnership_card.php', 1).'?id='.$object->id, '', $permissiontoadd); + print dolGetButtonAction($langs->trans('AddPartnership'), '', 'default', DOL_URL_ROOT.'/partnership/partnership_card.php?action=create&fk_member='.$object->id.'&backtopage='.urlencode(DOL_URL_ROOT.'/adherents/partnership.php?id='.$object->id), '', $permissiontoadd); } - - // Cancel - /* - if ($permissiontoadd) { - if ($object->status == $object::STATUS_ACCEPTED) { - print dolGetButtonAction($langs->trans('Cancel'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=close&token='.newToken(), '', $permissiontoadd); - } - } - */ } print '
'."\n"; } + + + //$morehtmlright = 'partnership/partnership_card.php?action=create&backtopage=%2Fdolibarr%2Fhtdocs%2Fpartnership%2Fpartnership_list.php'; + $morehtmlright = ''; + + print load_fiche_titre($langs->trans("PartnershipDedicatedToThisMember", $langs->transnoentitiesnoconv("Partnership")), $morehtmlright, ''); + + $memberid = $object->id; + + + // TODO Replace this card with the list of all partnerships. + + $object = new Partnership($db); + $partnershipid = $object->fetch(0, "", $memberid); + + if ($partnershipid > 0) { + print '
'; + print '
'; + print '
'; + print ''."\n"; + + // Common attributes + //$keyforbreak='fieldkeytoswitchonsecondcolumn'; // We change column just before this field + //unset($object->fields['fk_project']); // Hide field already shown in banner + //unset($object->fields['fk_member']); // Hide field already shown in banner + include DOL_DOCUMENT_ROOT.'/core/tpl/commonfields_view.tpl.php'; + + // End of subscription date + $fadherent = new Adherent($db); + $fadherent->fetch($object->fk_member); + print ''; + + print '
'.$langs->trans("SubscriptionEndDate").''; + if ($fadherent->datefin) { + print dol_print_date($fadherent->datefin, 'day'); + if ($fadherent->hasDelay()) { + print " ".img_warning($langs->trans("Late")); + } + } else { + if (!$adht->subscription) { + print $langs->trans("SubscriptionNotRecorded"); + if ($fadherent->statut > 0) { + print " ".img_warning($langs->trans("Late")); // Display a delay picto only if it is not a draft and is not canceled + } + } else { + print $langs->trans("SubscriptionNotReceived"); + if ($fadherent->statut > 0) { + print " ".img_warning($langs->trans("Late")); // Display a delay picto only if it is not a draft and is not canceled + } + } + } + print '
'; + print '
'; + } } // End of page diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index d03574d473b..650c0016f9a 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -100,7 +100,7 @@ $hookmanager->initHooks(array('admin')); // Put here declaration of dictionaries properties // Sort order to show dictionary (0 is space). All other dictionaries (added by modules) will be at end of this. -$taborder = array(9, 0, 4, 3, 2, 0, 1, 8, 19, 16, 39, 27, 40, 38, 0, 5, 11, 0, 6, 0, 29, 0, 33, 34, 32, 24, 28, 17, 35, 36, 0, 10, 23, 12, 13, 7, 0, 14, 0, 22, 20, 18, 21, 41, 0, 15, 30, 0, 37, 42, 0, 25, 0, 43, 0); +$taborder = array(9, 0, 4, 3, 2, 0, 1, 8, 19, 16, 39, 27, 40, 38, 0, 5, 11, 0, 6, 0, 29, 0, 33, 34, 32, 24, 28, 17, 35, 36, 0, 10, 23, 12, 13, 7, 0, 14, 0, 22, 20, 18, 21, 41, 0, 15, 30, 0, 37, 42, 0,43, 0, 25, 0); // Name of SQL tables of dictionaries $tabname = array(); @@ -608,7 +608,7 @@ $tabcomplete = array( 'c_prospectcontactlevel'=>array('picto'=>'company'), 'c_stcommcontact'=>array('picto'=>'company'), 'c_product_nature'=>array('picto'=>'product'), - 'c_productbatch_qcstatus'=>array('picto'=>'batch'), + 'c_productbatch_qcstatus'=>array('picto'=>'lot'), ); diff --git a/htdocs/core/modules/modPartnership.class.php b/htdocs/core/modules/modPartnership.class.php index 889f18cde73..d7041eca754 100644 --- a/htdocs/core/modules/modPartnership.class.php +++ b/htdocs/core/modules/modPartnership.class.php @@ -212,30 +212,27 @@ class modPartnership extends DolibarrModules // 'user' to add a tab in user view // Dictionaries - $this->dictionaries = array(); - /* Example: $this->dictionaries=array( 'langs'=>'partnership@partnership', // List of tables we want to see into dictonnary editor - 'tabname'=>array(MAIN_DB_PREFIX."table1", MAIN_DB_PREFIX."table2", MAIN_DB_PREFIX."table3"), + 'tabname'=>array(MAIN_DB_PREFIX."c_partnership_type"), // Label of tables - 'tablib'=>array("Table1", "Table2", "Table3"), + 'tablib'=>array("PartnershipType"), // Request to select fields - 'tabsql'=>array('SELECT f.rowid as rowid, f.code, f.label, f.active FROM '.MAIN_DB_PREFIX.'table1 as f', 'SELECT f.rowid as rowid, f.code, f.label, f.active FROM '.MAIN_DB_PREFIX.'table2 as f', 'SELECT f.rowid as rowid, f.code, f.label, f.active FROM '.MAIN_DB_PREFIX.'table3 as f'), + 'tabsql'=>array('SELECT f.rowid as rowid, f.code, f.label, f.active FROM '.MAIN_DB_PREFIX.'c_partnership_type as f WHERE f.entity = '.$conf->entity), // Sort order - 'tabsqlsort'=>array("label ASC", "label ASC", "label ASC"), + 'tabsqlsort'=>array("label ASC"), // List of fields (result of select to show dictionary) - 'tabfield'=>array("code,label", "code,label", "code,label"), + 'tabfield'=>array("code,label"), // List of fields (list of fields to edit a record) - 'tabfieldvalue'=>array("code,label", "code,label", "code,label"), + 'tabfieldvalue'=>array("code,label"), // List of fields (list of fields for insert) - 'tabfieldinsert'=>array("code,label", "code,label", "code,label"), + 'tabfieldinsert'=>array("code,label"), // Name of columns with primary key (try to always name it 'rowid') - 'tabrowid'=>array("rowid", "rowid", "rowid"), + 'tabrowid'=>array("rowid"), // Condition to show each dictionary - 'tabcond'=>array($conf->partnership->enabled, $conf->partnership->enabled, $conf->partnership->enabled) + 'tabcond'=>array($conf->partnership->enabled) ); - */ // Boxes/Widgets // Add here list of php file(s) stored in partnership/core/boxes that contains a class to show a widget. diff --git a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql index cc4b791725d..741d92a88a1 100644 --- a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql +++ b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql @@ -173,7 +173,9 @@ CREATE TABLE llx_workstation_workstation_usergroup( fk_workstation integer ) ENGINE=innodb; -CREATE TABLE llx_c_producbatch_qcstatus( +DROP TABLE llx_c_producbatch_qcstatus; -- delete table with bad name + +CREATE TABLE llx_c_productbatch_qcstatus( rowid integer AUTO_INCREMENT PRIMARY KEY NOT NULL, entity integer NOT NULL DEFAULT 1, code varchar(16) NOT NULL, @@ -532,3 +534,13 @@ INSERT INTO llx_c_action_trigger (code,label,description,elementtype,rang) VALUE INSERT INTO llx_c_action_trigger (code,label,description,elementtype,rang) VALUES ('CONTACT_MODIFY','Contact address update','Executed when a contact is updated','contact',51); +create table llx_c_partnership_type +( + rowid integer AUTO_INCREMENT PRIMARY KEY, + entity integer DEFAULT 1 NOT NULL, + code varchar(32) NOT NULL, + label varchar(64) NOT NULL, + active tinyint DEFAULT 1 NOT NULL +)ENGINE=innodb; + + diff --git a/htdocs/install/mysql/tables/llx_c_partnership_type.sql b/htdocs/install/mysql/tables/llx_c_partnership_type.sql new file mode 100644 index 00000000000..23d5a89e16c --- /dev/null +++ b/htdocs/install/mysql/tables/llx_c_partnership_type.sql @@ -0,0 +1,35 @@ +-- ======================================================================== +-- Copyright (C) 2021 Laurent Destailleur +-- +-- This program is free software; you can redistribute it and/or modify +-- it under the terms of the GNU General Public License as published by +-- the Free Software Foundation; either version 3 of the License, or +-- (at your option) any later version. +-- +-- This program is distributed in the hope that it will be useful, +-- but WITHOUT ANY WARRANTY; without even the implied warranty of +-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-- GNU General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License +-- along with this program. If not, see . +-- +-- Defini les types de contact d'un element sert de reference pour +-- la table llx_element_contact +-- +-- element est le nom de la table utilisant le type de contact. +-- i.e. contact, facture, projet, societe (sans le llx_ devant). +-- Libelle est un texte decrivant le type de contact. +-- active precise si cette valeur est 'active' ou 'archive'. +-- +-- ======================================================================== + +create table llx_c_partnership_type +( + rowid integer AUTO_INCREMENT PRIMARY KEY, + entity integer DEFAULT 1 NOT NULL, + code varchar(32) NOT NULL, + label varchar(64) NOT NULL, + active tinyint DEFAULT 1 NOT NULL +)ENGINE=innodb; + diff --git a/htdocs/langs/en_US/partnership.lang b/htdocs/langs/en_US/partnership.lang index 04fe88b3442..3a653e29967 100644 --- a/htdocs/langs/en_US/partnership.lang +++ b/htdocs/langs/en_US/partnership.lang @@ -20,6 +20,7 @@ ModulePartnershipName=Partnership management PartnershipDescription=Module Partnership management PartnershipDescriptionLong= Module Partnership management +AddPartnership=Add partnership CancelPartnershipForExpiredMembers=Partnership: Cancel partnership of members with expired subscriptions PartnershipCheckBacklink=Partnership: Check referring backlink @@ -56,6 +57,7 @@ PartnershipAlreadyExist=Partnership already exist ManagePartnership=Manage partnership BacklinkNotFoundOnPartnerWebsite=Backlink not found on partner website ConfirmClosePartnershipAsk=Are you sure you want to cancel this partnership? +PartnershipType=Partnership type # # Template Mail diff --git a/htdocs/partnership/class/partnership.class.php b/htdocs/partnership/class/partnership.class.php index f33a19f312e..d04d0c335eb 100644 --- a/htdocs/partnership/class/partnership.class.php +++ b/htdocs/partnership/class/partnership.class.php @@ -105,7 +105,7 @@ class Partnership extends CommonObject /** * @var int rowid * @deprecated - * @see id + * @see $id */ public $rowid; @@ -180,6 +180,7 @@ class Partnership extends CommonObject 'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>'1', 'position'=>1, 'notnull'=>1, 'visible'=>0, 'noteditable'=>'1', 'index'=>1, 'css'=>'left', 'comment'=>"Id"), 'ref' => array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>'1', 'position'=>10, 'notnull'=>1, 'visible'=>4, 'noteditable'=>'1', 'default'=>'(PROV)', 'index'=>1, 'searchall'=>1, 'showoncombobox'=>'1', 'comment'=>"Reference of object"), 'entity' => array('type' => 'integer', 'label' => 'Entity', 'default' => 1, 'enabled' => 1, 'visible' => -2, 'notnull' => 1, 'position' => 15, 'index' => 1), + //'fk_type' => array('type' => 'integer:PartnershipType:partnership/class/partnershiptype.class.php', 'label' => 'Type', 'default' => 1, 'enabled' => 1, 'visible' => 1, 'position' => 20), 'note_public' => array('type'=>'html', 'label'=>'NotePublic', 'enabled'=>'1', 'position'=>61, 'notnull'=>0, 'visible'=>0,), 'note_private' => array('type'=>'html', 'label'=>'NotePrivate', 'enabled'=>'1', 'position'=>62, 'notnull'=>0, 'visible'=>0,), 'date_creation' => array('type'=>'datetime', 'label'=>'DateCreation', 'enabled'=>'1', 'position'=>500, 'notnull'=>1, 'visible'=>-2,), @@ -353,15 +354,16 @@ class Partnership extends CommonObject * * @param int $id Id of object to load * @param string $ref Ref of object - * @param int $fk_soc_or_member fk_soc or fk_member + * @param int $fk_soc fk_soc + * @param int $fk_member fk_member * @return int >0 if OK, <0 if KO, 0 if not found */ - public function fetch($id, $ref = null, $fk_soc_or_member = null) + public function fetch($id, $ref = null, $fk_member = null, $fk_soc = null) { global $conf; // Check parameters - if (empty($id) && empty($ref) && empty($fk_soc_or_member)) { + if (empty($id) && empty($ref) && empty($fk_member) && empty($fk_soc)) { return -1; } @@ -375,7 +377,7 @@ class Partnership extends CommonObject $sql .= ' FROM '.MAIN_DB_PREFIX.'partnership as p'; if ($id) { - $sql .= " WHERE p.rowid=".$id; + $sql .= " WHERE p.rowid=".((int) $id); } else { $sql .= " WHERE p.entity IN (0,".getEntity('partnership').")"; // Dont't use entity if you use rowid } @@ -384,14 +386,13 @@ class Partnership extends CommonObject $sql .= " AND p.ref='".$this->db->escape($ref)."'"; } - if ($fk_soc_or_member) { - $sql .= ' AND'; - if ($conf->global->PARTNERSHIP_IS_MANAGED_FOR == 'member') - $sql .= ' p.fk_member = '; - else $sql .= ' p.fk_soc = '; - $sql .= $fk_soc_or_member; - $sql .= ' ORDER BY p.date_partnership_end DESC'; + if ($fk_member > 0) { + $sql .= ' AND p.fk_member = '.((int) $fk_member); } + if ($fk_soc > 0) { + $sql .= ' AND p.fk_soc = '.((int) $fk_soc); + } + $sql .= ' ORDER BY p.date_partnership_end DESC'; dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); @@ -420,8 +421,6 @@ class Partnership extends CommonObject $this->import_key = $obj->import_key; $this->model_pdf = $obj->model_pdf; - $this->lines = array(); - // Retrieve all extrafield // fetch optionals attributes and labels $this->fetch_optionals(); diff --git a/htdocs/partnership/partnership_card.php b/htdocs/partnership/partnership_card.php index 72e0bc22bdd..21c5cbdf68b 100644 --- a/htdocs/partnership/partnership_card.php +++ b/htdocs/partnership/partnership_card.php @@ -44,41 +44,12 @@ //if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} - +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php'; -dol_include_once('/partnership/class/partnership.class.php'); -dol_include_once('/partnership/lib/partnership.lib.php'); +require_once DOL_DOCUMENT_ROOT.'/partnership/class/partnership.class.php'; +require_once DOL_DOCUMENT_ROOT.'/partnership/lib/partnership.lib.php'; // Load translation files required by the page $langs->loadLangs(array("partnership", "other")); @@ -164,21 +135,11 @@ if (empty($reshook)) { $fk_partner = ($managedfor == 'member') ? GETPOST('fk_member', 'int') : GETPOST('fk_soc', 'int'); $obj_partner = ($managedfor == 'member') ? $object->fk_member : $object->fk_soc; - if ($action == 'add' || ($action == 'update' && $obj_partner != $fk_partner)) { - $fpartnership = new Partnership($db); - - $partnershipid = $fpartnership->fetch(0, "", $fk_partner); - if ($partnershipid > 0) { - setEventMessages($langs->trans('PartnershipAlreadyExist').' : '.$fpartnership->getNomUrl(0, '', 1), '', 'errors'); - $action = ($action == 'add') ? 'create' : 'edit'; - } - } - - $triggermodname = 'PARTNERSHIP_MODIFY'; // Name of trigger action code to execute when we modify record - // Actions cancel, add, update, update_extras, confirm_validate, confirm_delete, confirm_deleteline, confirm_clone, confirm_close, confirm_setdraft, confirm_reopen include DOL_DOCUMENT_ROOT.'/core/actions_addupdatedelete.inc.php'; + $triggermodname = 'PARTNERSHIP_MODIFY'; // Name of trigger action code to execute when we modify record + // Action accept object if ($action == 'confirm_accept' && $confirm == 'yes' && $permissiontoadd) { $result = $object->accept($user); @@ -275,8 +236,6 @@ if ($object->id > 0 && $object->status == $object::STATUS_REFUSED) $object->fiel /* * View - * - * Put here all code to build page */ $form = new Form($db); diff --git a/htdocs/societe/partnership.php b/htdocs/societe/partnership.php index 6a45c657126..d109421fe8d 100644 --- a/htdocs/societe/partnership.php +++ b/htdocs/societe/partnership.php @@ -48,6 +48,7 @@ require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php'; +require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/partnership/class/partnership.class.php'; require_once DOL_DOCUMENT_ROOT.'/partnership/lib/partnership.lib.php'; @@ -70,11 +71,12 @@ $backtopageforcancel = GETPOST('backtopageforcancel', 'alpha'); $socid = GETPOST('socid', 'int'); if (!empty($user->socid)) { $socid = $user->socid; + $id = $socid; } -$societe = new Societe($db); -if ($socid > 0) { - $societe->fetch($socid); +$object = new Societe($db); +if ($id > 0) { + $object->fetch($id); } // Initialize technical objects @@ -115,18 +117,13 @@ if (empty($conf->partnership->enabled)) accessforbidden(); if (empty($permissiontoread)) accessforbidden(); if ($action == 'edit' && empty($permissiontoadd)) accessforbidden(); -$partnershipid = $object->fetch(0, "", $socid); -if (empty($action) && empty($partnershipid)) { - $action = 'create'; +if (($action == 'update' || $action == 'edit') && $object->status != $object::STATUS_DRAFT && !empty($user->socid)) { + accessforbidden(); } -if (($action == 'update' || $action == 'edit') && $object->status != $object::STATUS_DRAFT && !empty($user->socid)) accessforbidden(); -if (empty($socid) && $object) { - $socid = $object->fk_soc; -} // Security check -$result = restrictedArea($user, 'societe', $socid, '&societe', '', 'fk_soc', 'rowid', 0); +$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0); /* @@ -145,102 +142,7 @@ $date_end = dol_mktime(0, 0, 0, GETPOST('date_partnership_endmonth', 'int'), GET if (empty($reshook)) { $error = 0; - $backtopage = dol_buildpath('/partnership/partnership.php', 1).'?socid='.($socid > 0 ? $socid : '__ID__'); - - $triggermodname = 'PARTNERSHIP_MODIFY'; // Name of trigger action code to execute when we modify record - - if ($action == 'add' && $permissiontoread) { - $error = 0; - - $db->begin(); - - $now = dol_now(); - - if (!$error) { - $old_start_date = $object->date_partnership_start; - - $object->fk_soc = $socid; - $object->date_partnership_start = (!GETPOST('date_partnership_start')) ? '' : $date_start; - $object->date_partnership_end = (!GETPOST('date_partnership_end')) ? '' : $date_end; - $object->note_public = GETPOST('note_public', 'restricthtml'); - $object->date_creation = $now; - $object->fk_user_creat = $user->id; - $object->entity = $conf->entity; - - // Fill array 'array_options' with data from add form - $ret = $extrafields->setOptionalsFromPost(null, $object); - if ($ret < 0) { - $error++; - } - } - - if (!$error) { - $result = $object->create($user); - if ($result < 0) { - $error++; - if ($result == -4) { - setEventMessages($langs->trans("ErrorRefAlreadyExists"), null, 'errors'); - } else { - setEventMessages($object->error, $object->errors, 'errors'); - } - } - } - - if ($error) { - $db->rollback(); - $action = 'create'; - } else { - $db->commit(); - } - } elseif ($action == 'update' && $permissiontoread) { - $error = 0; - - $db->begin(); - - $now = dol_now(); - - if (!$error) { - $object->oldcopy = clone $object; - - $old_start_date = $object->date_partnership_start; - - $object->date_partnership_start = (!GETPOST('date_partnership_start')) ? '' : $date_start; - $object->date_partnership_end = (!GETPOST('date_partnership_end')) ? '' : $date_end; - $object->note_public = GETPOST('note_public', 'restricthtml'); - $object->fk_user_creat = $user->id; - $object->fk_user_modif = $user->id; - - // Fill array 'array_options' with data from add form - $ret = $extrafields->setOptionalsFromPost(null, $object); - if ($ret < 0) { - $error++; - } - } - - if (!$error) { - $result = $object->update($user); - if ($result < 0) { - $error++; - if ($result == -4) { - setEventMessages($langs->trans("ErrorRefAlreadyExists"), null, 'errors'); - } else { - setEventMessages($object->error, $object->errors, 'errors'); - } - } - } - - if ($error) { - $db->rollback(); - $action = 'edit'; - } else { - $db->commit(); - } - } elseif ($action == 'confirm_close' || $action == 'update_extras') { - include DOL_DOCUMENT_ROOT.'/core/actions_addupdatedelete.inc.php'; - - header("Location: ".$_SERVER['PHP_SELF']."?socid=".$socid); - exit; - } + $backtopage = dol_buildpath('/partnership/partnership.php', 1).'?id='.($id > 0 ? $id : '__ID__'); // Actions when linking object each other include DOL_DOCUMENT_ROOT.'/core/actions_dellink.inc.php'; @@ -250,6 +152,7 @@ $object->fields['fk_soc']['visible'] = 0; if ($object->id > 0 && $object->status == $object::STATUS_REFUSED && empty($action)) $object->fields['reason_decline_or_cancel']['visible'] = 1; $object->fields['note_public']['visible'] = 1; + /* * View */ @@ -262,25 +165,22 @@ llxHeader('', $title); $form = new Form($db); -if ($socid) { - require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; - require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; - +if ($id > 0) { $langs->load("companies"); - $societe = new Societe($db); - $result = $societe->fetch($socid); + $object = new Societe($db); + $result = $object->fetch($id); if (!empty($conf->notification->enabled)) { $langs->load("mails"); } - $head = societe_prepare_head($societe); + $head = societe_prepare_head($object); print dol_get_fiche_head($head, 'partnership', $langs->trans("ThirdParty"), -1, 'company'); $linkback = ''.$langs->trans("BackToList").''; - dol_banner_tab($societe, 'socid', $linkback, ($user->socid ? 0 : 1), 'rowid', 'nom'); + dol_banner_tab($object, 'socid', $linkback, ($user->socid ? 0 : 1), 'rowid', 'nom'); print '
'; @@ -310,7 +210,8 @@ if ($socid) { if ($tmpcheck != 0 && $tmpcheck != -5) { print ' ('.$langs->trans("WrongSupplierCode").')'; } - print ''; + print ''; + print ''; } print ''; @@ -318,178 +219,12 @@ if ($socid) { print '
'; print dol_get_fiche_end(); - - $params = ''; - - print '
'; } else { - dol_print_error('', 'Parameter socid not defined'); -} - -// Part to create -if ($action == 'create') { - print load_fiche_titre($langs->trans("NewObject", $langs->transnoentitiesnoconv("Partnership")), '', ''); - - $backtopageforcancel = DOL_URL_ROOT.'/partnership/partnership.php?socid='.$socid; - - print '
'; - print ''; - print ''; - print ''; - print ''; - - if ($backtopage) { - print ''; - } - if ($backtopageforcancel) { - print ''; - } - - print dol_get_fiche_head(array(), ''); - - print ''."\n"; - - // Common attributes - include DOL_DOCUMENT_ROOT.'/core/tpl/commonfields_add.tpl.php'; - - // Other attributes - include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_add.tpl.php'; - - print '
'."\n"; - - print dol_get_fiche_end(); - - print '
'; - print ''; - print '  '; - // print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; - - print '
'; -} - -// Part to edit record -if (($partnershipid || $ref) && $action == 'edit') { - print load_fiche_titre($langs->trans("Partnership"), '', ''); - - $backtopageforcancel = DOL_URL_ROOT.'/partnership/partnership.php?socid='.$socid; - - print '
'; - print ''; - print ''; - print ''; - print ''; - if ($backtopage) { - print ''; - } - if ($backtopageforcancel) { - print ''; - } - - print dol_get_fiche_head(); - - print ''."\n"; - - // Common attributes - include DOL_DOCUMENT_ROOT.'/core/tpl/commonfields_edit.tpl.php'; - - // Other attributes - include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_edit.tpl.php'; - - print '
'; - - print dol_get_fiche_end(); - - print '
'; - print '   '; - print '
'; - - print '
'; + dol_print_error('', 'Parameter id not defined'); } // Part to show record if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'create'))) { - print load_fiche_titre($langs->trans("PartnershipDedicatedToThisThirdParty", $langs->transnoentitiesnoconv("Partnership")), '', ''); - - $res = $object->fetch_optionals(); - - // $head = partnershipPrepareHead($object); - // print dol_get_fiche_head($head, 'card', $langs->trans("Partnership"), -1, $object->picto); - - $linkback = ''; - dol_banner_tab($object, 'id', $linkback, 0, 'rowid', 'ref'); - - $formconfirm = ''; - - // Close confirmation - if ($action == 'close') { - // Create an array for form - $formquestion = array(); - $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('ToClose'), $langs->trans('ConfirmClosePartnershipAsk', $object->ref), 'confirm_close', $formquestion, 'yes', 1); - } - // Reopon confirmation - if ($action == 'reopen') { - // Create an array for form - $formquestion = array(); - $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('ToReopon'), $langs->trans('ConfirmReoponAsk', $object->ref), 'confirm_reopen', $formquestion, 'yes', 1); - } - - // Refuse confirmatio - if ($action == 'refuse') { - //Form to close proposal (signed or not) - $formquestion = array( - array('type' => 'text', 'name' => 'reason_decline_or_cancel', 'label' => $langs->trans("Note"), 'morecss' => 'reason_decline_or_cancel', 'value' => '') // Field to complete private note (not replace) - ); - - // if (!empty($conf->notification->enabled)) { - // require_once DOL_DOCUMENT_ROOT.'/core/class/notify.class.php'; - // $notify = new Notify($db); - // $formquestion = array_merge($formquestion, array( - // array('type' => 'onecolumn', 'value' => $notify->confirmMessage('PROPAL_CLOSE_SIGNED', $object->socid, $object)), - // )); - // } - - $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('ReasonDecline'), $text, 'confirm_refuse', $formquestion, '', 1, 250); - } - - // Call Hook formConfirm - $parameters = array('formConfirm' => $formconfirm, 'lineid' => $lineid); - $reshook = $hookmanager->executeHooks('formConfirm', $parameters, $object, $action); // Note that $action and $object may have been modified by hook - if (empty($reshook)) { - $formconfirm .= $hookmanager->resPrint; - } elseif ($reshook > 0) { - $formconfirm = $hookmanager->resPrint; - } - - // Print form confirm - print $formconfirm; - - - // Object card - // ------------------------------------------------------------ - $linkback = ''.$langs->trans("BackToList").''; - - print '
'; - print '
'; - print '
'; - print ''."\n"; - - // Common attributes - //$keyforbreak='fieldkeytoswitchonsecondcolumn'; // We change column just before this field - //unset($object->fields['fk_project']); // Hide field already shown in banner - //unset($object->fields['fk_soc']); // Hide field already shown in banner - include DOL_DOCUMENT_ROOT.'/core/tpl/commonfields_view.tpl.php'; - - // Other attributes. Fields from hook formObjectOptions and Extrafields. - include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_view.tpl.php'; - - print '
'; - print '
'; - - print '
'; - - print dol_get_fiche_end(); - // Buttons for actions if ($action != 'presend') { @@ -501,26 +236,43 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea } if (empty($reshook)) { - if ($object->status == $object::STATUS_DRAFT) { - print dolGetButtonAction($langs->trans('Modify'), '', 'default', $_SERVER["PHP_SELF"].'?socid='.$socid.'&action=edit&token='.newtoken(), '', $permissiontoadd); - } - // Show if ($permissiontoadd) { - print dolGetButtonAction($langs->trans('ManagePartnership'), '', 'default', dol_buildpath('/partnership/partnership_card.php', 1).'?id='.$object->id, '', $permissiontoadd); + print dolGetButtonAction($langs->trans('AddPartnership'), '', 'default', DOL_URL_ROOT.'/partnership/partnership_card.php?action=create&fk_soc='.$object->id.'&backtopage='.urlencode(DOL_URL_ROOT.'/societe/partnership.php?id='.$object->id), '', $permissiontoadd); } - - // Cancel - /* - if ($permissiontoadd) { - if ($object->status == $object::STATUS_ACCEPTED) { - print dolGetButtonAction($langs->trans('Cancel'), '', 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=close&token='.newToken(), '', $permissiontoadd); - } - } - */ } print '
'."\n"; } + + + //$morehtmlright = 'partnership/partnership_card.php?action=create&backtopage=%2Fdolibarr%2Fhtdocs%2Fpartnership%2Fpartnership_list.php'; + $morehtmlright = ''; + + print load_fiche_titre($langs->trans("PartnershipDedicatedToThisThirdParty", $langs->transnoentitiesnoconv("Partnership")), $morehtmlright, ''); + + $socid = $object->id; + + + // TODO Replace this card with the list of all partnerships. + + $object = new Partnership($db); + $partnershipid = $object->fetch(0, '', 0, $socid); + + if ($partnershipid > 0) { + print '
'; + print '
'; + print '
'; + print ''."\n"; + + // Common attributes + //$keyforbreak='fieldkeytoswitchonsecondcolumn'; // We change column just before this field + //unset($object->fields['fk_project']); // Hide field already shown in banner + //unset($object->fields['fk_member']); // Hide field already shown in banner + include DOL_DOCUMENT_ROOT.'/core/tpl/commonfields_view.tpl.php'; + + print '
'; + print '
'; + } } // End of page From 46a06f8e9512bbff7c48e51ceee11af025a58082 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 6 Jun 2021 16:37:45 +0200 Subject: [PATCH 32/93] Fix phpcs --- htdocs/admin/dict.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index 650c0016f9a..b8bf1a5998a 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -100,7 +100,7 @@ $hookmanager->initHooks(array('admin')); // Put here declaration of dictionaries properties // Sort order to show dictionary (0 is space). All other dictionaries (added by modules) will be at end of this. -$taborder = array(9, 0, 4, 3, 2, 0, 1, 8, 19, 16, 39, 27, 40, 38, 0, 5, 11, 0, 6, 0, 29, 0, 33, 34, 32, 24, 28, 17, 35, 36, 0, 10, 23, 12, 13, 7, 0, 14, 0, 22, 20, 18, 21, 41, 0, 15, 30, 0, 37, 42, 0,43, 0, 25, 0); +$taborder = array(9, 0, 4, 3, 2, 0, 1, 8, 19, 16, 39, 27, 40, 38, 0, 5, 11, 0, 6, 0, 29, 0, 33, 34, 32, 24, 28, 17, 35, 36, 0, 10, 23, 12, 13, 7, 0, 14, 0, 22, 20, 18, 21, 41, 0, 15, 30, 0, 37, 42, 0, 43, 0, 25, 0); // Name of SQL tables of dictionaries $tabname = array(); From cc24013d42b5b515c3087713f0bcfa54a381804d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sun, 6 Jun 2021 17:13:18 +0200 Subject: [PATCH 33/93] Update partnership_agenda.php --- htdocs/partnership/partnership_agenda.php | 55 ++--------------------- 1 file changed, 3 insertions(+), 52 deletions(-) diff --git a/htdocs/partnership/partnership_agenda.php b/htdocs/partnership/partnership_agenda.php index 51f417399df..799aadd24cd 100644 --- a/htdocs/partnership/partnership_agenda.php +++ b/htdocs/partnership/partnership_agenda.php @@ -22,63 +22,14 @@ * \brief Tab of events on Partnership */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies -//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET -//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification - // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; -dol_include_once('/partnership/class/partnership.class.php'); -dol_include_once('/partnership/lib/partnership.lib.php'); +require_once DOL_DOCUMENT_ROOT.'/partnership/class/partnership.class.php'; +require_once DOL_DOCUMENT_ROOT.'/partnership/lib/partnership.lib.php'; // Load translation files required by the page From 83cd127f0b28b6aa154bfb1b400a0a5377e060d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sun, 6 Jun 2021 17:14:02 +0200 Subject: [PATCH 34/93] Update partnership_card.php --- htdocs/partnership/partnership_card.php | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/htdocs/partnership/partnership_card.php b/htdocs/partnership/partnership_card.php index 21c5cbdf68b..4fc4b08adb1 100644 --- a/htdocs/partnership/partnership_card.php +++ b/htdocs/partnership/partnership_card.php @@ -22,27 +22,6 @@ * \brief Page to create/edit/view partnership */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies -//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET -//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification - // Load Dolibarr environment require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; From 5fecaa2a5bde91cc98f164609ff79c42c4f8d082 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sun, 6 Jun 2021 17:15:36 +0200 Subject: [PATCH 35/93] Update partnership_contact.php --- htdocs/partnership/partnership_contact.php | 35 +++------------------- 1 file changed, 4 insertions(+), 31 deletions(-) diff --git a/htdocs/partnership/partnership_contact.php b/htdocs/partnership/partnership_contact.php index 632047acf25..1c416cf690c 100644 --- a/htdocs/partnership/partnership_contact.php +++ b/htdocs/partnership/partnership_contact.php @@ -22,41 +22,14 @@ * \brief Tab for contacts linked to Partnership */ + // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; -dol_include_once('/partnership/class/partnership.class.php'); -dol_include_once('/partnership/lib/partnership.lib.php'); +require_once DOL_DOCUMENT_ROOT.'/partnership/class/partnership.class.php'; +require_once DOL_DOCUMENT_ROOT.'/partnership/lib/partnership.lib.php'; // Load translation files required by the page $langs->loadLangs(array("partnership", "companies", "other", "mails")); From 4ac3576a7493936d759352a2f38da568e1a7c3f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sun, 6 Jun 2021 17:16:27 +0200 Subject: [PATCH 36/93] Update partnership_document.php --- htdocs/partnership/partnership_document.php | 55 ++------------------- 1 file changed, 3 insertions(+), 52 deletions(-) diff --git a/htdocs/partnership/partnership_document.php b/htdocs/partnership/partnership_document.php index d6f89c07d00..e7fae7ee7ff 100644 --- a/htdocs/partnership/partnership_document.php +++ b/htdocs/partnership/partnership_document.php @@ -22,64 +22,15 @@ * \brief Tab for documents linked to Partnership */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies -//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET -//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification - // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; -dol_include_once('/partnership/class/partnership.class.php'); -dol_include_once('/partnership/lib/partnership.lib.php'); +require_once DOL_DOCUMENT_ROOT.'/partnership/class/partnership.class.php'; +require_once DOL_DOCUMENT_ROOT.'/partnership/lib/partnership.lib.php'; // Load translation files required by the page $langs->loadLangs(array("partnership", "companies", "other", "mails")); From 0eb61a6063472efcf244d2541bd8756d6929c1b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sun, 6 Jun 2021 17:17:50 +0200 Subject: [PATCH 37/93] Update partnership_list.php --- htdocs/partnership/partnership_list.php | 67 ++++--------------------- 1 file changed, 9 insertions(+), 58 deletions(-) diff --git a/htdocs/partnership/partnership_list.php b/htdocs/partnership/partnership_list.php index 1ae90d0d4cf..457d0345c31 100644 --- a/htdocs/partnership/partnership_list.php +++ b/htdocs/partnership/partnership_list.php @@ -22,57 +22,8 @@ * \brief List page for partnership */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies -//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET -//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification - // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; @@ -80,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; // load partnership libraries -require_once __DIR__.'/class/partnership.class.php'; +require_once DOL_DOCUMENT_ROOT.'/partnership/class/partnership.class.php'; // for other modules //dol_include_once('/othermodule/class/otherobject.class.php'); @@ -88,12 +39,12 @@ require_once __DIR__.'/class/partnership.class.php'; // Load translation files required by the page $langs->loadLangs(array("partnership", "members", "other")); -$action = GETPOST('action', 'aZ09') ?GETPOST('action', 'aZ09') : 'view'; // The action 'add', 'create', 'edit', 'update', 'view', ... +$action = GETPOST('action', 'aZ09') ?GETPOST('action', 'aZ09') : 'view'; // The action 'add', 'create', 'edit', 'update', 'view', ... $massaction = GETPOST('massaction', 'alpha'); // The bulk action (combo box choice into lists) $show_files = GETPOST('show_files', 'int'); // Show files area generated by bulk actions ? -$confirm = GETPOST('confirm', 'alpha'); // Result of a confirmation -$cancel = GETPOST('cancel', 'alpha'); // We click on a Cancel button -$toselect = GETPOST('toselect', 'array'); // Array of ids of elements selected into a list +$confirm = GETPOST('confirm', 'alpha'); // Result of a confirmation +$cancel = GETPOST('cancel', 'alpha'); // We click on a Cancel button +$toselect = GETPOST('toselect', 'array'); // Array of ids of elements selected into a list $contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'partnershiplist'; // To manage different context of search $backtopage = GETPOST('backtopage', 'alpha'); // Go back to a dedicated page $optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print') @@ -113,9 +64,9 @@ $pageprev = $page - 1; $pagenext = $page + 1; // Initialize technical objects -$object = new Partnership($db); -$extrafields = new ExtraFields($db); -$adherent = new Adherent($db); +$object = new Partnership($db); +$extrafields = new ExtraFields($db); +$adherent = new Adherent($db); $diroutputmassaction = $conf->partnership->dir_output.'/temp/massgeneration/'.$user->id; $hookmanager->initHooks(array('partnershiplist')); // Note that conf->hooks_modules contains array From b1ff123155e9672c377adf18bde07be089667365 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sun, 6 Jun 2021 17:19:20 +0200 Subject: [PATCH 38/93] Update partnership_note.php --- htdocs/partnership/partnership_note.php | 59 +++---------------------- 1 file changed, 5 insertions(+), 54 deletions(-) diff --git a/htdocs/partnership/partnership_note.php b/htdocs/partnership/partnership_note.php index 29a59f67ef4..b9607e5aeb6 100644 --- a/htdocs/partnership/partnership_note.php +++ b/htdocs/partnership/partnership_note.php @@ -22,69 +22,20 @@ * \brief Tab for notes on Partnership */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies -//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET -//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification - // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} +require '../main.inc.php'; -dol_include_once('/partnership/class/partnership.class.php'); -dol_include_once('/partnership/lib/partnership.lib.php'); +require_once DOL_DOCUMENT_ROOT.'/partnership/class/partnership.class.php'; +require_once DOL_DOCUMENT_ROOT.'/partnership/lib/partnership.lib.php'; // Load translation files required by the page $langs->loadLangs(array("partnership", "companies")); // Get parameters $id = GETPOST('id', 'int'); -$ref = GETPOST('ref', 'alpha'); +$ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); -$cancel = GETPOST('cancel', 'aZ09'); +$cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); // Initialize technical objects From 594cd90c4b1dd97d419a272b14eb0fb03d2fa411 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sun, 6 Jun 2021 17:22:20 +0200 Subject: [PATCH 39/93] Update partnershipindex.php --- htdocs/partnership/partnershipindex.php | 68 +++++-------------------- 1 file changed, 12 insertions(+), 56 deletions(-) diff --git a/htdocs/partnership/partnershipindex.php b/htdocs/partnership/partnershipindex.php index 8076f105dbb..536729a473d 100644 --- a/htdocs/partnership/partnershipindex.php +++ b/htdocs/partnership/partnershipindex.php @@ -25,35 +25,7 @@ */ // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; @@ -100,8 +72,7 @@ print '
'; /* BEGIN MODULEBUILDER DRAFT MYOBJECT // Draft MyObject -if (! empty($conf->partnership->enabled) && $user->rights->partnership->read) -{ +if (! empty($conf->partnership->enabled) && $user->rights->partnership->read) { $langs->load("orders"); $sql = "SELECT c.rowid, c.ref, c.ref_client, c.total_ht, c.tva as total_tva, c.total_ttc, s.rowid as socid, s.nom as name, s.client, s.canvas"; @@ -116,8 +87,7 @@ if (! empty($conf->partnership->enabled) && $user->rights->partnership->read) if ($socid) $sql.= " AND c.fk_soc = ".$socid; $resql = $db->query($sql); - if ($resql) - { + if ($resql) { $total = 0; $num = $db->num_rows($resql); @@ -126,12 +96,9 @@ if (! empty($conf->partnership->enabled) && $user->rights->partnership->read) print ''.$langs->trans("DraftMyObjects").($num?''.$num.'':'').''; $var = true; - if ($num > 0) - { + if ($num > 0) { $i = 0; - while ($i < $num) - { - + while ($i < $num) { $obj = $db->fetch_object($resql); print ''; @@ -150,23 +117,16 @@ if (! empty($conf->partnership->enabled) && $user->rights->partnership->read) $i++; $total += $obj->total_ttc; } - if ($total>0) - { - + if ($total>0) { print ''.$langs->trans("Total").''.price($total).""; } - } - else - { - + } else { print ''.$langs->trans("NoOrder").''; } print "
"; $db->free($resql); - } - else - { + } else { dol_print_error($db); } } @@ -181,8 +141,7 @@ $max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT; /* BEGIN MODULEBUILDER LASTMODIFIED MYOBJECT // Last modified myobject -if (! empty($conf->partnership->enabled) && $user->rights->partnership->read) -{ +if (! empty($conf->partnership->enabled) && $user->rights->partnership->read) { $sql = "SELECT s.rowid, s.ref, s.label, s.date_creation, s.tms"; $sql.= " FROM ".MAIN_DB_PREFIX."partnership_myobject as s"; //if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; @@ -193,8 +152,7 @@ if (! empty($conf->partnership->enabled) && $user->rights->partnership->read) $sql .= $db->plimit($max, 0); $resql = $db->query($sql); - if ($resql) - { + if ($resql) { $num = $db->num_rows($resql); $i = 0; @@ -205,10 +163,8 @@ if (! empty($conf->partnership->enabled) && $user->rights->partnership->read) print ''; print ''.$langs->trans("DateModificationShort").''; print ''; - if ($num) - { - while ($i < $num) - { + if ($num) { + while ($i < $num) { $objp = $db->fetch_object($resql); $myobjectstatic->id=$objp->rowid; From ccc35326a52f85b7a0710345cc1593b588b667a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sun, 6 Jun 2021 17:25:44 +0200 Subject: [PATCH 40/93] Update partnershiputils.class.php --- htdocs/partnership/class/partnershiputils.class.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/partnership/class/partnershiputils.class.php b/htdocs/partnership/class/partnershiputils.class.php index 992fca2703e..aef1bf18e49 100644 --- a/htdocs/partnership/class/partnershiputils.class.php +++ b/htdocs/partnership/class/partnershiputils.class.php @@ -28,10 +28,10 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php'; -dol_include_once('partnership/lib/partnership.lib.php'); -dol_include_once('/partnership/class/partnership.class.php'); +require_once DOL_DOCUMENT_ROOT.'/partnership/lib/partnership.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/partnership/class/partnership.class.php'; -require_once DOL_DOCUMENT_ROOT."/societe/class/societe.class.php"; +require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; /** * Class with cron tasks of Partnership module From 8a359c9009edc7c0e2363253d8474244b4788560 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sun, 6 Jun 2021 17:34:03 +0200 Subject: [PATCH 41/93] Update partnership.class.php --- htdocs/partnership/class/partnership.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/partnership/class/partnership.class.php b/htdocs/partnership/class/partnership.class.php index d04d0c335eb..125dacb1e53 100644 --- a/htdocs/partnership/class/partnership.class.php +++ b/htdocs/partnership/class/partnership.class.php @@ -354,8 +354,8 @@ class Partnership extends CommonObject * * @param int $id Id of object to load * @param string $ref Ref of object - * @param int $fk_soc fk_soc * @param int $fk_member fk_member + * @param int $fk_soc fk_soc * @return int >0 if OK, <0 if KO, 0 if not found */ public function fetch($id, $ref = null, $fk_member = null, $fk_soc = null) From a47df8246899ee2500b44373c94db12eef46ba27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sun, 6 Jun 2021 19:14:42 +0200 Subject: [PATCH 42/93] fix warning --- htdocs/societe/partnership.php | 27 +++------------------------ 1 file changed, 3 insertions(+), 24 deletions(-) diff --git a/htdocs/societe/partnership.php b/htdocs/societe/partnership.php index d109421fe8d..912307a5675 100644 --- a/htdocs/societe/partnership.php +++ b/htdocs/societe/partnership.php @@ -22,27 +22,6 @@ * \brief Page to create/edit/view partnership */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies -//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET -//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification - // Load Dolibarr environment require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; @@ -80,8 +59,8 @@ if ($id > 0) { } // Initialize technical objects -$object = new Partnership($db); -$extrafields = new ExtraFields($db); +$object = new Partnership($db); +$extrafields = new ExtraFields($db); $diroutputmassaction = $conf->partnership->dir_output.'/temp/massgeneration/'.$user->id; $hookmanager->initHooks(array('partnershipthirdparty', 'globalcard')); // Note that conf->hooks_modules contains array @@ -112,7 +91,7 @@ $usercanclose = $user->rights->partnership->write; // Used by the include of $upload_dir = $conf->partnership->multidir_output[isset($object->entity) ? $object->entity : 1]; -if ($conf->global->PARTNERSHIP_IS_MANAGED_FOR != 'thirdparty') accessforbidden(); +if (!empty($conf->global->PARTNERSHIP_IS_MANAGED_FOR) && $conf->global->PARTNERSHIP_IS_MANAGED_FOR != 'thirdparty') accessforbidden(); if (empty($conf->partnership->enabled)) accessforbidden(); if (empty($permissiontoread)) accessforbidden(); if ($action == 'edit' && empty($permissiontoadd)) accessforbidden(); From d54d4da8cd6ee03b0d4948d4ed095df13f3922fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sun, 6 Jun 2021 19:18:02 +0200 Subject: [PATCH 43/93] Update setup.php --- htdocs/partnership/admin/setup.php | 29 ++--------------------------- 1 file changed, 2 insertions(+), 27 deletions(-) diff --git a/htdocs/partnership/admin/setup.php b/htdocs/partnership/admin/setup.php index 7fa0ef62b5e..3f933c2bc94 100644 --- a/htdocs/partnership/admin/setup.php +++ b/htdocs/partnership/admin/setup.php @@ -23,32 +23,7 @@ */ // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} +require '../main.inc.php'; global $langs, $user; @@ -160,7 +135,7 @@ print ''.$langs->trans("partnershipforthirdparty print ''; -if ($conf->global->PARTNERSHIP_IS_MANAGED_FOR == 'member') { +if (!empty($conf->global->PARTNERSHIP_IS_MANAGED_FOR) && $conf->global->PARTNERSHIP_IS_MANAGED_FOR == 'member') { print ''.$langs->trans("PARTNERSHIP_NBDAYS_AFTER_MEMBER_EXPIRATION_BEFORE_CANCEL").''; print ''; $dnbdays = '15'; From f3a3ce90e12a017aa245eb0bcb7a7d30f815353c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sun, 6 Jun 2021 21:18:23 +0200 Subject: [PATCH 44/93] Update partnership_card.php --- htdocs/partnership/partnership_card.php | 32 ------------------------- 1 file changed, 32 deletions(-) diff --git a/htdocs/partnership/partnership_card.php b/htdocs/partnership/partnership_card.php index 4fc4b08adb1..29789072773 100644 --- a/htdocs/partnership/partnership_card.php +++ b/htdocs/partnership/partnership_card.php @@ -225,22 +225,6 @@ $title = $langs->trans("Partnership"); $help_url = ''; llxHeader('', $title, $help_url); -// Example : Adding jquery code -print ''; - - // Part to create if ($action == 'create') { print load_fiche_titre($langs->trans("NewObject", $langs->transnoentitiesnoconv("Partnership")), '', 'object_'.$object->picto); @@ -373,22 +357,6 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('ToRefuse'), $text, 'confirm_refuse', $formquestion, '', 1, 250); } - // Confirmation of action xxxx - if ($action == 'xxx') { - $formquestion = array(); - /* - $forcecombo=0; - if ($conf->browser->name == 'ie') $forcecombo = 1; // There is a bug in IE10 that make combo inside popup crazy - $formquestion = array( - // 'text' => $langs->trans("ConfirmClone"), - // array('type' => 'checkbox', 'name' => 'clone_content', 'label' => $langs->trans("CloneMainAttributes"), 'value' => 1), - // array('type' => 'checkbox', 'name' => 'update_prices', 'label' => $langs->trans("PuttingPricesUpToDate"), 'value' => 1), - // array('type' => 'other', 'name' => 'idwarehouse', 'label' => $langs->trans("SelectWarehouseForStockDecrease"), 'value' => $formproduct->selectWarehouses(GETPOST('idwarehouse')?GETPOST('idwarehouse'):'ifone', 'idwarehouse', '', 1, 0, 0, '', 0, $forcecombo)) - ); - */ - $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('XXX'), $text, 'confirm_xxx', $formquestion, 0, 1, 220); - } - // Call Hook formConfirm $parameters = array('formConfirm' => $formconfirm, 'lineid' => $lineid); $reshook = $hookmanager->executeHooks('formConfirm', $parameters, $object, $action); // Note that $action and $object may have been modified by hook From a586afd8b33d2cd8fd1cfdfe8a9df7c099ad0904 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sun, 6 Jun 2021 21:35:39 +0200 Subject: [PATCH 45/93] clean code --- htdocs/admin/knowledgemanagement.php | 28 +--------- htdocs/admin/knowledgerecord_extrafields.php | 27 +-------- .../class/knowledgerecord.class.php | 2 +- .../knowledgemanagementindex.php | 30 +--------- .../knowledgerecord_agenda.php | 55 +------------------ .../knowledgerecord_card.php | 55 +------------------ .../knowledgerecord_contact.php | 34 +----------- .../knowledgerecord_document.php | 55 +------------------ .../knowledgerecord_list.php | 53 +----------------- .../knowledgerecord_note.php | 55 +------------------ .../lib/knowledgemanagement.lib.php | 6 +- ...nowledgemanagement_knowledgerecord.lib.php | 10 ++-- .../partnership/class/partnership.class.php | 2 +- 13 files changed, 31 insertions(+), 381 deletions(-) diff --git a/htdocs/admin/knowledgemanagement.php b/htdocs/admin/knowledgemanagement.php index 5bc994bb086..b8434773f67 100644 --- a/htdocs/admin/knowledgemanagement.php +++ b/htdocs/admin/knowledgemanagement.php @@ -23,32 +23,8 @@ */ // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} +require '../main.inc.php'; + global $langs, $user; // Libraries diff --git a/htdocs/admin/knowledgerecord_extrafields.php b/htdocs/admin/knowledgerecord_extrafields.php index 823366e1fbe..d6c94e4ceeb 100644 --- a/htdocs/admin/knowledgerecord_extrafields.php +++ b/htdocs/admin/knowledgerecord_extrafields.php @@ -27,32 +27,7 @@ */ // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; require_once DOL_DOCUMENT_ROOT.'/knowledgemanagement/lib/knowledgemanagement.lib.php'; diff --git a/htdocs/knowledgemanagement/class/knowledgerecord.class.php b/htdocs/knowledgemanagement/class/knowledgerecord.class.php index 4d46794aaf8..85d8a1bcb9e 100644 --- a/htdocs/knowledgemanagement/class/knowledgerecord.class.php +++ b/htdocs/knowledgemanagement/class/knowledgerecord.class.php @@ -17,7 +17,7 @@ */ /** - * \file class/knowledgerecord.class.php + * \file htdocs/knowledgemanagement/class/knowledgerecord.class.php * \ingroup knowledgemanagement * \brief This file is a CRUD class file for KnowledgeRecord (Create/Read/Update/Delete) */ diff --git a/htdocs/knowledgemanagement/knowledgemanagementindex.php b/htdocs/knowledgemanagement/knowledgemanagementindex.php index 86ea3f10e08..f4fc767e9d5 100644 --- a/htdocs/knowledgemanagement/knowledgemanagementindex.php +++ b/htdocs/knowledgemanagement/knowledgemanagementindex.php @@ -25,35 +25,7 @@ */ // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; diff --git a/htdocs/knowledgemanagement/knowledgerecord_agenda.php b/htdocs/knowledgemanagement/knowledgerecord_agenda.php index 5144b736b98..7853aa7e2ff 100644 --- a/htdocs/knowledgemanagement/knowledgerecord_agenda.php +++ b/htdocs/knowledgemanagement/knowledgerecord_agenda.php @@ -22,63 +22,14 @@ * \brief Tab of events on KnowledgeRecord */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies -//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET -//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification - // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; -dol_include_once('/knowledgemanagement/class/knowledgerecord.class.php'); -dol_include_once('/knowledgemanagement/lib/knowledgemanagement_knowledgerecord.lib.php'); +require_once DOL_DOCUMENT_ROOT.'/knowledgemanagement/class/knowledgerecord.class.php'; +require_once DOL_DOCUMENT_ROOT.'/knowledgemanagement/lib/knowledgemanagement_knowledgerecord.lib.php'; // Load translation files required by the page diff --git a/htdocs/knowledgemanagement/knowledgerecord_card.php b/htdocs/knowledgemanagement/knowledgerecord_card.php index f4e949a8603..b33ecb652f7 100644 --- a/htdocs/knowledgemanagement/knowledgerecord_card.php +++ b/htdocs/knowledgemanagement/knowledgerecord_card.php @@ -22,63 +22,14 @@ * \brief Page to create/edit/view knowledgerecord */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies -//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET -//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification - // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php'; -dol_include_once('/knowledgemanagement/class/knowledgerecord.class.php'); -dol_include_once('/knowledgemanagement/lib/knowledgemanagement_knowledgerecord.lib.php'); +require_once DOL_DOCUMENT_ROOT.'/knowledgemanagement/class/knowledgerecord.class.php'; +require_once DOL_DOCUMENT_ROOT.'/knowledgemanagement/lib/knowledgemanagement_knowledgerecord.lib.php'; // Load translation files required by the page $langs->loadLangs(array("knowledgemanagement", "other")); diff --git a/htdocs/knowledgemanagement/knowledgerecord_contact.php b/htdocs/knowledgemanagement/knowledgerecord_contact.php index e5af4a54611..1eb80efafa1 100644 --- a/htdocs/knowledgemanagement/knowledgerecord_contact.php +++ b/htdocs/knowledgemanagement/knowledgerecord_contact.php @@ -23,40 +23,12 @@ */ // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; -dol_include_once('/knowledgemanagement/class/knowledgerecord.class.php'); -dol_include_once('/knowledgemanagement/lib/knowledgemanagement_knowledgerecord.lib.php'); +require_once DOL_DOCUMENT_ROOT.'/knowledgemanagement/class/knowledgerecord.class.php'; +require_once DOL_DOCUMENT_ROOT.'/knowledgemanagement/lib/knowledgemanagement_knowledgerecord.lib.php'; // Load translation files required by the page $langs->loadLangs(array("knowledgemanagement", "companies", "other", "mails")); diff --git a/htdocs/knowledgemanagement/knowledgerecord_document.php b/htdocs/knowledgemanagement/knowledgerecord_document.php index 5261fde7118..4a572ee22bb 100644 --- a/htdocs/knowledgemanagement/knowledgerecord_document.php +++ b/htdocs/knowledgemanagement/knowledgerecord_document.php @@ -22,64 +22,15 @@ * \brief Tab for documents linked to KnowledgeRecord */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies -//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET -//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification - // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; -dol_include_once('/knowledgemanagement/class/knowledgerecord.class.php'); -dol_include_once('/knowledgemanagement/lib/knowledgemanagement_knowledgerecord.lib.php'); +require_once DOL_DOCUMENT_ROOT.'/knowledgemanagement/class/knowledgerecord.class.php'; +require_once DOL_DOCUMENT_ROOT.'/knowledgemanagement/lib/knowledgemanagement_knowledgerecord.lib.php'; // Load translation files required by the page $langs->loadLangs(array("knowledgemanagement", "companies", "other", "mails")); diff --git a/htdocs/knowledgemanagement/knowledgerecord_list.php b/htdocs/knowledgemanagement/knowledgerecord_list.php index bd4c8829be5..c886d6931a0 100644 --- a/htdocs/knowledgemanagement/knowledgerecord_list.php +++ b/htdocs/knowledgemanagement/knowledgerecord_list.php @@ -22,64 +22,15 @@ * \brief List page for knowledgerecord */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies -//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET -//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification - // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; // load knowledgemanagement libraries -require_once __DIR__.'/class/knowledgerecord.class.php'; +require_once DOL_DOCUMENT_ROOT.'/knowledgemanagement/class/knowledgerecord.class.php'; // for other modules //dol_include_once('/othermodule/class/otherobject.class.php'); diff --git a/htdocs/knowledgemanagement/knowledgerecord_note.php b/htdocs/knowledgemanagement/knowledgerecord_note.php index 31c15ff2064..bcf9fb9b801 100644 --- a/htdocs/knowledgemanagement/knowledgerecord_note.php +++ b/htdocs/knowledgemanagement/knowledgerecord_note.php @@ -22,60 +22,11 @@ * \brief Tab for notes on KnowledgeRecord */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies -//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET -//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification - // Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} +require '../main.inc.php'; -dol_include_once('/knowledgemanagement/class/knowledgerecord.class.php'); -dol_include_once('/knowledgemanagement/lib/knowledgemanagement_knowledgerecord.lib.php'); +require_once DOL_DOCUMENT_ROOT.'/knowledgemanagement/class/knowledgerecord.class.php'; +require_once DOL_DOCUMENT_ROOT.'/knowledgemanagement/lib/knowledgemanagement_knowledgerecord.lib.php'; // Load translation files required by the page $langs->loadLangs(array("knowledgemanagement", "companies")); diff --git a/htdocs/knowledgemanagement/lib/knowledgemanagement.lib.php b/htdocs/knowledgemanagement/lib/knowledgemanagement.lib.php index ba81dd49057..0b07e7b46e8 100644 --- a/htdocs/knowledgemanagement/lib/knowledgemanagement.lib.php +++ b/htdocs/knowledgemanagement/lib/knowledgemanagement.lib.php @@ -35,18 +35,18 @@ function knowledgemanagementAdminPrepareHead() $h = 0; $head = array(); - $head[$h][0] = dol_buildpath("/admin/knowledgemanagement.php", 1); + $head[$h][0] = DOL_URL_ROOT.'/admin/knowledgemanagement.php'; $head[$h][1] = $langs->trans("Setup"); $head[$h][2] = 'setup'; $h++; - $head[$h][0] = dol_buildpath("admin/knowledgerecord_extrafields.php", 1); + $head[$h][0] = DOL_URL_ROOT.'/admin/knowledgerecord_extrafields.php'; $head[$h][1] = $langs->trans("ExtraFields"); $head[$h][2] = 'extra'; $h++; - /*$head[$h][0] = dol_buildpath("/knowledgemanagement/admin/about.php", 1); + /*$head[$h][0] = DOL_URL_ROOT.'/knowledgemanagement/admin/about.php'; $head[$h][1] = $langs->trans("About"); $head[$h][2] = 'about'; $h++;*/ diff --git a/htdocs/knowledgemanagement/lib/knowledgemanagement_knowledgerecord.lib.php b/htdocs/knowledgemanagement/lib/knowledgemanagement_knowledgerecord.lib.php index 1da21a3e413..e70b4654d19 100644 --- a/htdocs/knowledgemanagement/lib/knowledgemanagement_knowledgerecord.lib.php +++ b/htdocs/knowledgemanagement/lib/knowledgemanagement_knowledgerecord.lib.php @@ -16,7 +16,7 @@ */ /** - * \file lib/knowledgemanagement_knowledgerecord.lib.php + * \file htdocs/knowledgemanagementlib/knowledgemanagement_knowledgerecord.lib.php * \ingroup knowledgemanagement * \brief Library files with common functions for KnowledgeRecord */ @@ -36,7 +36,7 @@ function knowledgerecordPrepareHead($object) $h = 0; $head = array(); - $head[$h][0] = dol_buildpath("/knowledgemanagement/knowledgerecord_card.php", 1).'?id='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/knowledgemanagement/knowledgerecord_card.php?id='.$object->id; $head[$h][1] = $langs->trans("KnowledgeRecord"); $head[$h][2] = 'card'; $h++; @@ -49,7 +49,7 @@ function knowledgerecordPrepareHead($object) if (!empty($object->note_public)) { $nbNote++; } - $head[$h][0] = dol_buildpath('/knowledgemanagement/knowledgerecord_note.php', 1).'?id='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/knowledgemanagement/knowledgerecord_note.php?id='.$object->id; $head[$h][1] = $langs->trans('Notes'); if ($nbNote > 0) { $head[$h][1] .= (empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER) ? ''.$nbNote.'' : ''); @@ -63,7 +63,7 @@ function knowledgerecordPrepareHead($object) $upload_dir = $conf->knowledgemanagement->dir_output."/knowledgerecord/".dol_sanitizeFileName($object->ref); $nbFiles = count(dol_dir_list($upload_dir, 'files', 0, '', '(\.meta|_preview.*\.png)$')); $nbLinks = Link::count($db, $object->element, $object->id); - $head[$h][0] = dol_buildpath("/knowledgemanagement/knowledgerecord_document.php", 1).'?id='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/knowledgemanagement/knowledgerecord_document.php?id='.$object->id; $head[$h][1] = $langs->trans('Documents'); if (($nbFiles + $nbLinks) > 0) { $head[$h][1] .= ''.($nbFiles + $nbLinks).''; @@ -71,7 +71,7 @@ function knowledgerecordPrepareHead($object) $head[$h][2] = 'document'; $h++; - $head[$h][0] = dol_buildpath("/knowledgemanagement/knowledgerecord_agenda.php", 1).'?id='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/knowledgemanagement/knowledgerecord_agenda.php?id='.$object->id; $head[$h][1] = $langs->trans("Events"); $head[$h][2] = 'agenda'; $h++; diff --git a/htdocs/partnership/class/partnership.class.php b/htdocs/partnership/class/partnership.class.php index f33a19f312e..78eb60a3ab3 100644 --- a/htdocs/partnership/class/partnership.class.php +++ b/htdocs/partnership/class/partnership.class.php @@ -197,7 +197,7 @@ class Partnership extends CommonObject 'reason_decline_or_cancel' => array('type'=>'text', 'label'=>'ReasonDeclineOrCancel', 'enabled'=>'1', 'position'=>64, 'notnull'=>0, 'visible'=>-2,), ); - if ($conf->global->PARTNERSHIP_IS_MANAGED_FOR == 'member') { + if (!empty($conf->global->PARTNERSHIP_IS_MANAGED_FOR) && $conf->global->PARTNERSHIP_IS_MANAGED_FOR == 'member') { $this->fields['fk_member'] = array('type'=>'integer:Adherent:adherents/class/adherent.class.php:1', 'label'=>'Member', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'picto'=>'member'); } else { $this->fields['fk_soc'] = array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'picto'=>'societe'); From a06fb441d300617b3f9c2a7a24c0b8bf5335f835 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sun, 6 Jun 2021 21:40:47 +0200 Subject: [PATCH 46/93] clean code --- .../knowledgemanagementindex.php | 18 +++++++----------- .../knowledgerecord_note.php | 6 +++--- .../lib/knowledgemanagement.lib.php | 2 +- 3 files changed, 11 insertions(+), 15 deletions(-) diff --git a/htdocs/knowledgemanagement/knowledgemanagementindex.php b/htdocs/knowledgemanagement/knowledgemanagementindex.php index f4fc767e9d5..8add69ae86d 100644 --- a/htdocs/knowledgemanagement/knowledgemanagementindex.php +++ b/htdocs/knowledgemanagement/knowledgemanagementindex.php @@ -19,7 +19,7 @@ */ /** - * \file knowledgemanagement/knowledgemanagementindex.php + * \file htdocs/knowledgemanagement/knowledgemanagementindex.php * \ingroup knowledgemanagement * \brief Home page of knowledgemanagement top menu */ @@ -148,13 +148,12 @@ END MODULEBUILDER DRAFT MYOBJECT */ print '
'; -$NBMAX = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT; -$max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT; +$NBMAX = (empty($conf->global->MAIN_SIZE_SHORTLIST_LIMIT) ? 25 : $conf->global->MAIN_SIZE_SHORTLIST_LIMIT); +$max = $NBMAX; /* BEGIN MODULEBUILDER LASTMODIFIED MYOBJECT // Last modified myobject -if (! empty($conf->knowledgemanagement->enabled) && $user->rights->knowledgemanagement->read) -{ +if (! empty($conf->knowledgemanagement->enabled) && $user->rights->knowledgemanagement->read) { $sql = "SELECT s.rowid, s.ref, s.label, s.date_creation, s.tms"; $sql.= " FROM ".MAIN_DB_PREFIX."knowledgemanagement_myobject as s"; //if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; @@ -165,8 +164,7 @@ if (! empty($conf->knowledgemanagement->enabled) && $user->rights->knowledgemana $sql .= $db->plimit($max, 0); $resql = $db->query($sql); - if ($resql) - { + if ($resql) { $num = $db->num_rows($resql); $i = 0; @@ -177,10 +175,8 @@ if (! empty($conf->knowledgemanagement->enabled) && $user->rights->knowledgemana print ''; print ''.$langs->trans("DateModificationShort").''; print ''; - if ($num) - { - while ($i < $num) - { + if ($num) { + while ($i < $num) { $objp = $db->fetch_object($resql); $myobjectstatic->id=$objp->rowid; diff --git a/htdocs/knowledgemanagement/knowledgerecord_note.php b/htdocs/knowledgemanagement/knowledgerecord_note.php index bcf9fb9b801..a6a9974a9c8 100644 --- a/htdocs/knowledgemanagement/knowledgerecord_note.php +++ b/htdocs/knowledgemanagement/knowledgerecord_note.php @@ -17,7 +17,7 @@ */ /** - * \file knowledgerecord_note.php + * \file htdocs/knowledgemanagement/knowledgerecord_note.php * \ingroup knowledgemanagement * \brief Tab for notes on KnowledgeRecord */ @@ -33,9 +33,9 @@ $langs->loadLangs(array("knowledgemanagement", "companies")); // Get parameters $id = GETPOST('id', 'int'); -$ref = GETPOST('ref', 'alpha'); +$ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); -$cancel = GETPOST('cancel', 'aZ09'); +$cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); // Initialize technical objects diff --git a/htdocs/knowledgemanagement/lib/knowledgemanagement.lib.php b/htdocs/knowledgemanagement/lib/knowledgemanagement.lib.php index 0b07e7b46e8..12db6245087 100644 --- a/htdocs/knowledgemanagement/lib/knowledgemanagement.lib.php +++ b/htdocs/knowledgemanagement/lib/knowledgemanagement.lib.php @@ -16,7 +16,7 @@ */ /** - * \file knowledgemanagement/lib/knowledgemanagement.lib.php + * \file htdocs/knowledgemanagement/lib/knowledgemanagement.lib.php * \ingroup knowledgemanagement * \brief Library files with common functions for KnowledgeManagement */ From 242f8b2544833f8d8d70ab6dd300782511717e21 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 7 Jun 2021 01:23:34 +0200 Subject: [PATCH 47/93] Debug v14 --- htdocs/core/boxes/box_graph_nb_ticket_last_x_days.php | 5 +++-- htdocs/core/boxes/box_graph_new_vs_close_ticket.php | 2 +- htdocs/core/boxes/box_graph_ticket_by_severity.php | 9 +++++---- htdocs/langs/en_US/ticket.lang | 2 +- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/htdocs/core/boxes/box_graph_nb_ticket_last_x_days.php b/htdocs/core/boxes/box_graph_nb_ticket_last_x_days.php index 18ce00d0af3..baa822dcf29 100644 --- a/htdocs/core/boxes/box_graph_nb_ticket_last_x_days.php +++ b/htdocs/core/boxes/box_graph_nb_ticket_last_x_days.php @@ -168,8 +168,9 @@ class box_graph_nb_ticket_last_x_days extends ModeleBoxes $totalnb += $value['data']; } $px1->SetData($data); - $px1->setShowLegend(2); - $px1->SetType(array('bar')); + //$px1->setShowLegend(2); + $px1->setShowLegend(0); + $px1->SetType(array('bars')); $px1->SetLegend(array($langs->trans('BoxNumberOfTicketByDay'))); $px1->SetMaxValue($px1->GetCeilMaxValue()); $px1->SetHeight(192); diff --git a/htdocs/core/boxes/box_graph_new_vs_close_ticket.php b/htdocs/core/boxes/box_graph_new_vs_close_ticket.php index bd835d6cc07..5b17c335f3f 100644 --- a/htdocs/core/boxes/box_graph_new_vs_close_ticket.php +++ b/htdocs/core/boxes/box_graph_new_vs_close_ticket.php @@ -149,7 +149,7 @@ class box_graph_new_vs_close_ticket extends ModeleBoxes } $stringtoprint .= '
'; $this->info_box_contents[][]=array( - 'td' => 'center', + 'td' => 'class="center"', 'text' => $stringtoprint ); } else { diff --git a/htdocs/core/boxes/box_graph_ticket_by_severity.php b/htdocs/core/boxes/box_graph_ticket_by_severity.php index ce769da4752..787e9cebb33 100644 --- a/htdocs/core/boxes/box_graph_ticket_by_severity.php +++ b/htdocs/core/boxes/box_graph_ticket_by_severity.php @@ -30,7 +30,6 @@ require_once DOL_DOCUMENT_ROOT."/core/boxes/modules_boxes.php"; */ class box_graph_ticket_by_severity extends ModeleBoxes { - public $boxcode = "box_ticket_by_severity"; public $boximg = "ticket"; public $boxlabel; @@ -168,16 +167,18 @@ class box_graph_ticket_by_severity extends ModeleBoxes $mesg = $px1->isGraphKo(); $totalnb = 0; if (!$mesg) { - $px1->SetDataColor(array_values($colorseriesstat)); + //$px1->SetDataColor(array_values($colorseriesstat)); $data = array(); $legend = array(); foreach ($dataseries as $value) { $data[] = array($value['label'], $value['data']); $totalnb += $value['data']; } + $px1->SetData($data); - $px1->setShowLegend(2); - $px1->SetType(array('pie')); + //$px1->setShowLegend(2); + $px1->setShowLegend(0); + $px1->SetType(array('bars')); $px1->SetLegend($legend); $px1->SetMaxValue($px1->GetCeilMaxValue()); //$px1->SetHeight($HEIGHT); diff --git a/htdocs/langs/en_US/ticket.lang b/htdocs/langs/en_US/ticket.lang index 50fa8c970ae..0f87504a0a5 100644 --- a/htdocs/langs/en_US/ticket.lang +++ b/htdocs/langs/en_US/ticket.lang @@ -304,7 +304,7 @@ BoxLastModifiedTicket=Latest modified tickets BoxLastModifiedTicketDescription=Latest %s modified tickets BoxLastModifiedTicketContent= BoxLastModifiedTicketNoRecordedTickets=No recent modified tickets -BoxTicketType=Number of open tickets by type +BoxTicketType=Distribution of open tickets by type BoxTicketSeverity=Number of open tickets by severity BoxNoTicketSeverity=No tickets opened BoxTicketLastXDays=Number of new tickets by days the last %s days From d6cbb9007ff6234c2f757c46724258b961c3ad17 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 7 Jun 2021 01:43:24 +0200 Subject: [PATCH 48/93] Debug ticket form to add a local file --- htdocs/core/class/html.formticket.class.php | 10 ++++++---- htdocs/core/lib/functions.lib.php | 3 ++- htdocs/public/ticket/view.php | 11 +++++++++-- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/htdocs/core/class/html.formticket.class.php b/htdocs/core/class/html.formticket.class.php index b10ac80416f..f4e076640c4 100644 --- a/htdocs/core/class/html.formticket.class.php +++ b/htdocs/core/class/html.formticket.class.php @@ -1099,6 +1099,8 @@ class FormTicket print ''; } + $uselocalbrowser = false; + // Intro // External users can't send message email if ($user->rights->ticket->write && !$user->socid) { @@ -1109,15 +1111,15 @@ class FormTicket print ''; include_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; - $uselocalbrowser = true; - $doleditor = new DolEditor('mail_intro', $mail_intro, '100%', 90, 'dolibarr_details', '', false, true, $conf->global->FCKEDITOR_ENABLE_SOCIETE, ROWS_2, 70); + $doleditor = new DolEditor('mail_intro', $mail_intro, '100%', 90, 'dolibarr_details', '', false, $uselocalbrowser, $conf->global->FCKEDITOR_ENABLE_SOCIETE, ROWS_2, 70); $doleditor->Create(); print ''; } // MESSAGE + $defaultmessage = ""; if (is_object($arraydefaultmessage) && $arraydefaultmessage->content) { $defaultmessage = $arraydefaultmessage->content; @@ -1147,7 +1149,7 @@ class FormTicket //$toolbarname = 'dolibarr_details'; $toolbarname = 'dolibarr_notes'; include_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; - $doleditor = new DolEditor('message', $defaultmessage, '100%', 200, $toolbarname, '', false, true, $conf->global->FCKEDITOR_ENABLE_SOCIETE, ROWS_5, 70); + $doleditor = new DolEditor('message', $defaultmessage, '100%', 200, $toolbarname, '', false, $uselocalbrowser, $conf->global->FCKEDITOR_ENABLE_SOCIETE, ROWS_5, 70); $doleditor->Create(); print ''; @@ -1159,7 +1161,7 @@ class FormTicket print $form->textwithpicto('', $langs->trans("TicketMessageMailSignatureHelp"), 1, 'help'); print ''; include_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; - $doleditor = new DolEditor('mail_signature', $mail_signature, '100%', 150, 'dolibarr_details', '', false, true, $conf->global->FCKEDITOR_ENABLE_SOCIETE, ROWS_2, 70); + $doleditor = new DolEditor('mail_signature', $mail_signature, '100%', 150, 'dolibarr_details', '', false, $uselocalbrowser, $conf->global->FCKEDITOR_ENABLE_SOCIETE, ROWS_2, 70); $doleditor->Create(); print ''; } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index b018b4d2fb0..165d9c503a4 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -3499,7 +3499,8 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ 'accountancy', 'account', 'accountline', 'action', 'add', 'address', 'angle-double-down', 'angle-double-up', 'asset', 'bank_account', 'barcode', 'bank', 'bill', 'billa', 'billr', 'billd', 'bookmark', 'bom', 'bug', 'building', 'calendar', 'calendarmonth', 'calendarweek', 'calendarday', 'calendarperuser', 'calendarpertype', - 'cash-register', 'category', 'chart', 'check', 'clock', 'close_title', 'cog', 'collab', 'company', 'contact', 'country', 'contract', 'cron', 'cubes', 'multicurrency', + 'cash-register', 'category', 'chart', 'check', 'clock', 'close_title', 'cog', 'collab', 'company', 'contact', 'country', 'contract', 'conversation', 'cron', 'cubes', + 'multicurrency', 'delete', 'dolly', 'dollyrevert', 'donation', 'download', 'dynamicprice', 'edit', 'ellipsis-h', 'email', 'eraser', 'establishment', 'expensereport', 'external-link-alt', 'external-link-square-alt', 'filter', 'file-code', 'file-export', 'file-import', 'file-upload', 'autofill', 'folder', 'folder-open', 'folder-plus', diff --git a/htdocs/public/ticket/view.php b/htdocs/public/ticket/view.php index 2f70ded9914..3fec075160b 100644 --- a/htdocs/public/ticket/view.php +++ b/htdocs/public/ticket/view.php @@ -234,6 +234,7 @@ if ($action == "view_ticket" || $action == "presend" || $action == "close" || $a // Ref print ''.$langs->trans("Ref").''; + print img_picto('', 'ticket', 'class="pictofixedwidth"'); print dol_escape_htmltag($object->dao->ref); print ''; @@ -244,7 +245,9 @@ if ($action == "view_ticket" || $action == "presend" || $action == "close" || $a // Subject print ''.$langs->trans("Subject").''; + print ''; print dol_escape_htmltag($object->dao->subject); + print ''; print ''; // Statut @@ -259,6 +262,7 @@ if ($action == "view_ticket" || $action == "presend" || $action == "close" || $a // Category print ''.$langs->trans("Category").''; + print img_picto('', 'category', 'class="pictofixedwidth"'); print dol_escape_htmltag($object->dao->category_label); print ''; @@ -278,8 +282,10 @@ if ($action == "view_ticket" || $action == "presend" || $action == "close" || $a $langs->load("users"); $fuser = new User($db); $fuser->fetch($object->dao->fk_user_create); + print img_picto('', 'user', 'class="pictofixedwidth"'); print $fuser->getFullName($langs); } else { + print img_picto('', 'email', 'class="pictofixedwidth"'); print dol_escape_htmltag($object->dao->origin_email); } @@ -304,6 +310,7 @@ if ($action == "view_ticket" || $action == "presend" || $action == "close" || $a if ($object->dao->fk_user_assign > 0) { $fuser = new User($db); $fuser->fetch($object->dao->fk_user_assign); + print img_picto('', 'user', 'class="pictofixedwidth"'); print $fuser->getFullName($langs, 1); } print ''; @@ -320,7 +327,7 @@ if ($action == "view_ticket" || $action == "presend" || $action == "close" || $a print '
'; if ($action == 'presend') { - print load_fiche_titre($langs->trans('TicketAddMessage'), '', 'messages@ticket'); + print load_fiche_titre($langs->trans('TicketAddMessage'), '', 'conversation'); $formticket = new FormTicket($db); @@ -364,7 +371,7 @@ if ($action == "view_ticket" || $action == "presend" || $action == "close" || $a } // Message list - print load_fiche_titre($langs->trans('TicketMessagesList'), '', 'object_conversation'); + print load_fiche_titre($langs->trans('TicketMessagesList'), '', 'conversation'); $object->viewTicketMessages(false, true, $object->dao); } else { print '
Not Allowed
'.$langs->trans('Back').'
'; From beca3c8ad30bc307c228e8a746bcfdc0c774cd95 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 7 Jun 2021 01:51:56 +0200 Subject: [PATCH 49/93] Debug v14 --- htdocs/public/ticket/list.php | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/htdocs/public/ticket/list.php b/htdocs/public/ticket/list.php index 1e1eb08dd5e..3c5dfffba17 100644 --- a/htdocs/public/ticket/list.php +++ b/htdocs/public/ticket/list.php @@ -561,14 +561,19 @@ if ($action == "view_ticketlist") { // Ref if (!empty($arrayfields['t.ref']['checked'])) { print ''; + print ''; + print img_picto('', 'ticket', 'class="paddingrightonly"'); print $obj->ref; + print ''; print ''; } // Subject if (!empty($arrayfields['t.subject']['checked'])) { print ''; - print ''.$obj->subject.''; + print ''; + print $obj->subject; + print ''; print ''; } @@ -602,13 +607,14 @@ if ($action == "view_ticketlist") { // Message author if (!empty($arrayfields['t.fk_user_create']['checked'])) { - print ''; + print ''; if ($obj->fk_user_create > 0) { $user_create->firstname = (!empty($obj->user_create_firstname) ? $obj->user_create_firstname : ''); $user_create->name = (!empty($obj->user_create_lastname) ? $obj->user_create_lastname : ''); $user_create->id = (!empty($obj->fk_user_create) ? $obj->fk_user_create : ''); print $user_create->getFullName($langs); } else { + print img_picto('', 'email', 'class="paddingrightonly"'); print $langs->trans('Email'); } print ''; @@ -617,10 +623,11 @@ if ($action == "view_ticketlist") { // Assigned author if (!empty($arrayfields['t.fk_user_assign']['checked'])) { print ''; - if ($obj->fk_user_assig > 0) { + if ($obj->fk_user_assign > 0) { $user_assign->firstname = (!empty($obj->user_assign_firstname) ? $obj->user_assign_firstname : ''); $user_assign->lastname = (!empty($obj->user_assign_lastname) ? $obj->user_assign_lastname : ''); $user_assign->id = (!empty($obj->fk_user_assign) ? $obj->fk_user_assign : ''); + print img_picto('', 'user', 'class="paddingrightonly"'); print $user_assign->getFullName($langs); } print ''; From 2dbf9537b3be79350d0e2855230270b24c0de505 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Mon, 7 Jun 2021 08:59:47 +0200 Subject: [PATCH 50/93] Update llx_c_chargesociales.sql --- .../mysql/data/llx_c_chargesociales.sql | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/htdocs/install/mysql/data/llx_c_chargesociales.sql b/htdocs/install/mysql/data/llx_c_chargesociales.sql index a7e12df0d31..afc8afea2f8 100644 --- a/htdocs/install/mysql/data/llx_c_chargesociales.sql +++ b/htdocs/install/mysql/data/llx_c_chargesociales.sql @@ -50,20 +50,20 @@ insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays -- -- Belgique -- -insert into llx_c_chargesociales (fk_pays, id, libelle, deductible, active, code) values ('2', 201, 'ONSS', 1,1,'TAXBEONSS'); -insert into llx_c_chargesociales (fk_pays, id, libelle, deductible, active, code) values ('2', 210, 'Precompte professionnel', 1,1,'TAXBEPREPRO'); -insert into llx_c_chargesociales (fk_pays, id, libelle, deductible, active, code) values ('2', 220, 'Prime existence', 1,1,'TAXBEPRIEXI'); -insert into llx_c_chargesociales (fk_pays, id, libelle, deductible, active, code) values ('2', 230, 'Precompte immobilier', 1,1,'TAXBEPREIMMO'); +insert into llx_c_chargesociales (fk_pays, id, libelle, deductible, active, code) values (2, 201, 'ONSS', 1,1,'TAXBEONSS'); +insert into llx_c_chargesociales (fk_pays, id, libelle, deductible, active, code) values (2, 210, 'Precompte professionnel', 1,1,'TAXBEPREPRO'); +insert into llx_c_chargesociales (fk_pays, id, libelle, deductible, active, code) values (2, 220, 'Prime existence', 1,1,'TAXBEPRIEXI'); +insert into llx_c_chargesociales (fk_pays, id, libelle, deductible, active, code) values (2, 230, 'Precompte immobilier', 1,1,'TAXBEPREIMMO'); -- -- Austria -- -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values (4101, 'Krankenversicherung', 1,1,'TAXATKV' ,'41'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values (4102, 'Unfallversicherung', 1,1,'TAXATUV' ,'41'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values (4103, 'Pensionsversicherung', 1,1,'TAXATPV' ,'41'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values (4104, 'Arbeitslosenversicherung', 1,1,'TAXATAV' ,'41'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values (4105, 'Insolvenzentgeltsicherungsfond', 1,1,'TAXATIESG' ,'41'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values (4106, 'Wohnbauförderung', 1,1,'TAXATWF' ,'41'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values (4107, 'Arbeiterkammerumlage', 1,1,'TAXATAK' ,'41'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values (4108, 'Mitarbeitervorsorgekasse', 1,1,'TAXATMVK' ,'41'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values (4109, 'Familienlastenausgleichsfond', 1,1,'TAXATFLAF' ,'41'); +insert into llx_c_chargesociales (fk_pays, id, libelle, deductible, active, code) values (41, 4101, 'Krankenversicherung', 1,1,'TAXATKV'); +insert into llx_c_chargesociales (fk_pays, id, libelle, deductible, active, code) values (41, 4102, 'Unfallversicherung', 1,1,'TAXATUV'); +insert into llx_c_chargesociales (fk_pays, id, libelle, deductible, active, code) values (41, 4103, 'Pensionsversicherung', 1,1,'TAXATPV'); +insert into llx_c_chargesociales (fk_pays, id, libelle, deductible, active, code) values (41, 4104, 'Arbeitslosenversicherung', 1,1,'TAXATAV'); +insert into llx_c_chargesociales (fk_pays, id, libelle, deductible, active, code) values (41, 4105, 'Insolvenzentgeltsicherungsfond', 1,1,'TAXATIESG'); +insert into llx_c_chargesociales (fk_pays, id, libelle, deductible, active, code) values (41, 4106, 'Wohnbauförderung', 1,1,'TAXATWF'); +insert into llx_c_chargesociales (fk_pays, id, libelle, deductible, active, code) values (41, 4107, 'Arbeiterkammerumlage', 1,1,'TAXATAK'); +insert into llx_c_chargesociales (fk_pays, id, libelle, deductible, active, code) values (41, 4108, 'Mitarbeitervorsorgekasse', 1,1,'TAXATMVK'); +insert into llx_c_chargesociales (fk_pays, id, libelle, deductible, active, code) values (41, 4109, 'Familienlastenausgleichsfond', 1,1,'TAXATFLAF'); From e74c57167ee9971cebe6d55d2dd10ac4bf98a62c Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Mon, 7 Jun 2021 09:39:05 +0200 Subject: [PATCH 51/93] Update README.md --- README.md | 85 ++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 56 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index 34162fd5682..736925bec72 100644 --- a/README.md +++ b/README.md @@ -97,41 +97,68 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog) ### Main application/modules (all optional) -- Customers, Prospects (Leads) and/or Suppliers directory + Contacts -- Members/Membership management -- Products and/or Services catalog -- Commercial proposals management -- Customer & Supplier Orders management -- Invoices and payment management -- Shipping management -- Warehouse/Stock management/Inventory -- Manufacturing Orders -- Bank accounts management -- Direct debit orders management (European SEPA) -- Accounting management -- Shared calendar/agenda (with ical and vcal export for third party tools integration) -- Opportunities or Leads management -- Projects & Tasks management -- Ticket System -- Contracts management -- Interventions management -- Employee's leave requests management -- Expense reports -- Recruitment management -- Timesheets -- Electronic Document Management (EDM) -- Foundations members management -- Point of Sale (POS) -- … (around 100 modules available by default, 1000+ on the addon market place) +- Third-Parties Management: Customers, Prospects (Leads) and/or Suppliers + Contacts +- Members/Membership/Foundation management + + Product Management +- Products and/or Services catalog +- Stock / Warehouse management + Inventory +- Barcodes +- Batches / Lots / Serials +- Product Variants +- Bill of Materials +- Manufacturing Orders + + Customer/Sales Management +- Customers/Prospects + Contacts management +- Opportunities or Leads management +- Commercial proposals management +- Customer Orders management +- Contracts/Subscription management +- Interventions management +- Ticket System +- Shipping management +- Customer Invoices/Credit notes and payment management +- Point of Sale (POS) + + Supplier/Purchase Management +- Suppliers/Vendors + Contacts +- Supplier (price) requests +- Purchase Order management +- Delivery/Receiption +- Supplier Invoices/credit notes and payment management + + Finance / Accounting +- Invoices / Payments +- Bank accounts management +- Direct debit orders management (European SEPA) +- Accounting management +- Donations management +- Loan management +- Margins +- Reports + + +- Shared calendar/agenda (with ical and vcal export for third party tools integration) +- Projects & Tasks management +- Ticket System + +- Employee's leave requests management +- Expense reports +- Recruitment management +- Timesheets + +- (around 100 modules available by default, 1000+ on the addon market place) + ### Other application/modules +- Electronic Document Management (EDM) - Bookmarks management -- Donations management - Reporting - Surveys - Data export/import -- Barcodes support +- Barcodes - Margin calculations - LDAP connectivity - ClickToDial integration @@ -139,7 +166,7 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog) - RSS integration - Skype integration - Payment platforms integration (PayPal, Stripe, Paybox...) -- … +- ### Other general features From 4f6a5cf5f7694c9a9eb5c000a13b0c8c99b96484 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 7 Jun 2021 10:08:31 +0200 Subject: [PATCH 52/93] Debug v14 --- htdocs/adherents/class/adherent.class.php | 40 +++++++++++++++++++---- 1 file changed, 34 insertions(+), 6 deletions(-) diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 18d8746cca7..b7852280ddf 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -260,9 +260,9 @@ class Adherent extends CommonObject public $datefin; - // From member table - // Fields loaded by fetch_subscriptions() + // Fields loaded by fetch_subscriptions() from member table + public $first_subscription_date; public $first_subscription_amount; @@ -277,6 +277,12 @@ class Adherent extends CommonObject public $subscriptions = array(); + + // Fields loaded by fetchPartnerships() from partnership table + + public $partnerships = array(); + + /** * @var Adherent To contains a clone of this when we need to save old properties of object */ @@ -1439,11 +1445,12 @@ class Adherent extends CommonObject // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** - * Function to get member subscriptions data - * first_subscription_date, first_subscription_date_start, first_subscription_date_end, first_subscription_amount - * last_subscription_date, last_subscription_date_start, last_subscription_date_end, last_subscription_amount + * Function to get member subscriptions data: + * subscriptions, + * first_subscription_date, first_subscription_date_start, first_subscription_date_end, first_subscription_amount + * last_subscription_date, last_subscription_date_start, last_subscription_date_end, last_subscription_amount * - * @return int <0 si KO, >0 si OK + * @return int <0 if KO, >0 if OK */ public function fetch_subscriptions() { @@ -1503,6 +1510,27 @@ class Adherent extends CommonObject } + // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps + /** + * Function to get partnerships array + * + * @param string $mode 'member' or 'thirdparty' + * @return int <0 if KO, >0 if OK + */ + public function fetchPartnerships($mode) + { + // phpcs:enable + global $langs; + + require_once DOL_DOCUMENT_ROOT.'/parntership/class/partnership.class.php'; + + + $this->partnerships[] = array(); + + return 1; + } + + /** * Insert subscription into database and eventually add links to banks, mailman, etc... * From 0144d6c0fdba1c38f9c60535cd6911b83c32ea73 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 7 Jun 2021 11:30:46 +0200 Subject: [PATCH 53/93] Inventory is now stable feature --- htdocs/core/menus/standard/eldy.lib.php | 28 ++++++++++++------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 2232b3333dd..7f6121fb07d 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -1598,21 +1598,19 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM } // Inventory - if ($conf->global->MAIN_FEATURES_LEVEL >= 2) { - if (!empty($conf->stock->enabled)) { - $langs->load("stocks"); - if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { - $newmenu->add("/product/inventory/list.php?leftmenu=stock_inventories", $langs->trans("Inventories"), 0, $user->rights->stock->lire, '', $mainmenu, 'stock', 0, '', '', '', img_picto('', 'inventory', 'class="pictofixedwidth"')); - if ($usemenuhider || empty($leftmenu) || $leftmenu == "stock_inventories") { - $newmenu->add("/product/inventory/card.php?action=create&leftmenu=stock_inventories", $langs->trans("NewInventory"), 1, $user->rights->stock->creer); - $newmenu->add("/product/inventory/list.php?leftmenu=stock_inventories", $langs->trans("List"), 1, $user->rights->stock->lire); - } - } else { - $newmenu->add("/product/inventory/list.php?leftmenu=stock_inventories", $langs->trans("Inventories"), 0, $user->rights->stock->inventory_advance->read, '', $mainmenu, 'stock', 0, '', '', '', img_picto('', 'inventory', 'class="pictofixedwidth"')); - if ($usemenuhider || empty($leftmenu) || $leftmenu == "stock_inventories") { - $newmenu->add("/product/inventory/card.php?action=create&leftmenu=stock_inventories", $langs->trans("NewInventory"), 1, $user->rights->stock->inventory_advance->write); - $newmenu->add("/product/inventory/list.php?leftmenu=stock_inventories", $langs->trans("List"), 1, $user->rights->stock->inventory_advance->read); - } + if (!empty($conf->stock->enabled)) { + $langs->load("stocks"); + if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { + $newmenu->add("/product/inventory/list.php?leftmenu=stock_inventories", $langs->trans("Inventories"), 0, $user->rights->stock->lire, '', $mainmenu, 'stock', 0, '', '', '', img_picto('', 'inventory', 'class="pictofixedwidth"')); + if ($usemenuhider || empty($leftmenu) || $leftmenu == "stock_inventories") { + $newmenu->add("/product/inventory/card.php?action=create&leftmenu=stock_inventories", $langs->trans("NewInventory"), 1, $user->rights->stock->creer); + $newmenu->add("/product/inventory/list.php?leftmenu=stock_inventories", $langs->trans("List"), 1, $user->rights->stock->lire); + } + } else { + $newmenu->add("/product/inventory/list.php?leftmenu=stock_inventories", $langs->trans("Inventories"), 0, $user->rights->stock->inventory_advance->read, '', $mainmenu, 'stock', 0, '', '', '', img_picto('', 'inventory', 'class="pictofixedwidth"')); + if ($usemenuhider || empty($leftmenu) || $leftmenu == "stock_inventories") { + $newmenu->add("/product/inventory/card.php?action=create&leftmenu=stock_inventories", $langs->trans("NewInventory"), 1, $user->rights->stock->inventory_advance->write); + $newmenu->add("/product/inventory/list.php?leftmenu=stock_inventories", $langs->trans("List"), 1, $user->rights->stock->inventory_advance->read); } } } From cac63ddd3fcd64e39df0431c562cb78684be52ae Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 7 Jun 2021 12:16:11 +0200 Subject: [PATCH 54/93] Add missing translation --- htdocs/langs/en_US/languages.lang | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/langs/en_US/languages.lang b/htdocs/langs/en_US/languages.lang index cbc94b4481c..598eec1fdca 100644 --- a/htdocs/langs/en_US/languages.lang +++ b/htdocs/langs/en_US/languages.lang @@ -3,6 +3,7 @@ Language_am_ET=Ethiopian Language_ar_AR=Arabic Language_ar_EG=Arabic (Egypt) Language_ar_SA=Arabic +Language_ar_TN=Arabic (Tunisia) Language_az_AZ=Azerbaijani Language_bn_BD=Bengali Language_bn_IN=Bengali (India) From 7e95c5ec207ee1c07349dbdb8e846671c4837f28 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 8 Jun 2021 11:40:50 +0200 Subject: [PATCH 55/93] Clean code --- htdocs/product/card.php | 87 +++++++++++++++-------------- htdocs/product/composition/card.php | 12 +++- htdocs/product/stock/product.php | 12 +++- htdocs/variants/combinations.php | 19 +++++-- 4 files changed, 79 insertions(+), 51 deletions(-) diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 61568a5510a..1b732cd721e 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -1974,14 +1974,14 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print '
'; print '
'; - print ''; + print '
'; // Type if (!empty($conf->product->enabled) && !empty($conf->service->enabled)) { $typeformat = 'select;0:'.$langs->trans("Product").',1:'.$langs->trans("Service"); print ''; } @@ -1996,7 +1996,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print ''; } print '
'; print (empty($conf->global->PRODUCT_DENY_CHANGE_PRODUCT_TYPE)) ? $form->editfieldkey("Type", 'fk_product_type', $object->type, $object, $usercancreate, $typeformat) : $langs->trans('Type'); - print ''; + print ''; print $form->editfieldval("Type", 'fk_product_type', $object->type, $object, $usercancreate, $typeformat); print '
id.'">'.img_edit($langs->trans('Edit'), 1).'
'; - print ''; + print ''; if ($action == 'editbarcodetype' || $action == 'editbarcode') { require_once DOL_DOCUMENT_ROOT.'/core/class/html.formbarcode.class.php'; $formbarcode = new FormBarCode($db); @@ -2022,7 +2022,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print 'id.'">'.img_edit($langs->trans('Edit'), 1).''; } print ''; - print ''; + print ''; if ($action == 'editbarcode') { $tmpcode = GETPOSTISSET('barcode') ? GETPOST('barcode') : $object->barcode; if (empty($tmpcode) && !empty($modBarCodeProduct->code_auto)) { @@ -2042,10 +2042,25 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print ''."\n"; } + // Batch number management (to batch) + if (!empty($conf->productbatch->enabled)) { + if ($object->isProduct() || !empty($conf->global->STOCK_SUPPORTS_SERVICES)) { + print ''.$langs->trans("ManageLotSerial").''; + print $object->getLibStatut(0, 2); + print ''; + if ((($object->status_batch == '1' &&$conf->global->PRODUCTBATCH_LOT_USE_PRODUCT_MASKS && $conf->global->PRODUCTBATCH_LOT_ADDON == 'mod_lot_advanced') + || ($object->status_batch == '2' && $conf->global->PRODUCTBATCH_SN_ADDON == 'mod_sn_advanced' && $conf->global->PRODUCTBATCH_SN_USE_PRODUCT_MASKS))) { + print ''.$langs->trans("ManageLotMask").''; + print $object->batch_mask; + print ''; + } + } + } + // Accountancy sell code print ''; print $langs->trans("ProductAccountancySellCode"); - print ''; + print ''; if (!empty($conf->accounting->enabled)) { if (!empty($object->accountancy_code_sell)) { $accountingaccount = new AccountingAccount($db); @@ -2062,7 +2077,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if ($mysoc->isInEEC()) { print ''; print $langs->trans("ProductAccountancySellIntraCode"); - print ''; + print ''; if (!empty($conf->accounting->enabled)) { if (!empty($object->accountancy_code_sell_intra)) { $accountingaccount2 = new AccountingAccount($db); @@ -2079,7 +2094,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Accountancy sell code export print ''; print $langs->trans("ProductAccountancySellExportCode"); - print ''; + print ''; if (!empty($conf->accounting->enabled)) { if (!empty($object->accountancy_code_sell_export)) { $accountingaccount3 = new AccountingAccount($db); @@ -2095,7 +2110,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Accountancy buy code print ''; print $langs->trans("ProductAccountancyBuyCode"); - print ''; + print ''; if (!empty($conf->accounting->enabled)) { if (!empty($object->accountancy_code_buy)) { $accountingaccount4 = new AccountingAccount($db); @@ -2112,7 +2127,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if ($mysoc->isInEEC()) { print ''; print $langs->trans("ProductAccountancyBuyIntraCode"); - print ''; + print ''; if (!empty($conf->accounting->enabled)) { if (!empty($object->accountancy_code_buy_intra)) { $accountingaccount5 = new AccountingAccount($db); @@ -2129,7 +2144,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Accountancy buy code export print ''; print $langs->trans("ProductAccountancyBuyExportCode"); - print ''; + print ''; if (!empty($conf->accounting->enabled)) { if (!empty($object->accountancy_code_buy_export)) { $accountingaccount6 = new AccountingAccount($db); @@ -2142,26 +2157,11 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { } print ''; - // Batch number management (to batch) - if (!empty($conf->productbatch->enabled)) { - if ($object->isProduct() || !empty($conf->global->STOCK_SUPPORTS_SERVICES)) { - print ''.$langs->trans("ManageLotSerial").''; - print $object->getLibStatut(0, 2); - print ''; - if ((($object->status_batch == '1' &&$conf->global->PRODUCTBATCH_LOT_USE_PRODUCT_MASKS && $conf->global->PRODUCTBATCH_LOT_ADDON == 'mod_lot_advanced') - || ($object->status_batch == '2' && $conf->global->PRODUCTBATCH_SN_ADDON == 'mod_sn_advanced' && $conf->global->PRODUCTBATCH_SN_USE_PRODUCT_MASKS))) { - print ''.$langs->trans("ManageLotMask").''; - print $object->batch_mask; - print ''; - } - } - } - // Description - print ''.$langs->trans("Description").''.(dol_textishtml($object->description) ? $object->description : dol_nl2br($object->description, 1, true)).''; + print ''.$langs->trans("Description").''.(dol_textishtml($object->description) ? $object->description : dol_nl2br($object->description, 1, true)).''; // Public URL - print ''.$langs->trans("PublicUrl").''; + print ''.$langs->trans("PublicUrl").''; print dol_print_url($object->url); print ''; @@ -2184,7 +2184,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { $prodstatic->fetch($combination->fk_product_parent); // Parent product - print ''.$langs->trans("ParentProduct").''; + print ''.$langs->trans("ParentProduct").''; print $prodstatic->getNomUrl(1); print ''; } @@ -2195,11 +2195,11 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print '
'; print '
'; - print ''; + print '
'; if ($object->isService()) { // Duration - print ''; } else { // Nature - print ''; // Brut Weight - print ''; } } @@ -2285,10 +2286,10 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Custom code if (!$object->isService() && empty($conf->global->PRODUCT_DISABLE_CUSTOM_INFO)) { - print ''; + print ''; // Origin country code - print ''; - print ''; + print ''.$object->lifetime.''; + print ''; } // Other attributes - $parameters = array('colspan' => ' colspan="'.(2 + (($showphoto || $showbarcode) ? 1 : 0)).'"', 'cols' => (2 + (($showphoto || $showbarcode) ? 1 : 0))); + $parameters = array(); include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_view.tpl.php'; // Categories if ($conf->categorie->enabled) { - print '"; } @@ -2315,7 +2316,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Note private if (!empty($conf->global->MAIN_DISABLE_NOTES_TAB)) { print ' '."\n"; - print ''."\n"; + print ''."\n"; print ' '."\n"; } diff --git a/htdocs/product/composition/card.php b/htdocs/product/composition/card.php index c9499bf415b..e1250f10cb3 100644 --- a/htdocs/product/composition/card.php +++ b/htdocs/product/composition/card.php @@ -200,7 +200,7 @@ print dol_get_fiche_head($head, 'subproduct', $titre, -1, $picto); if ($id > 0 || !empty($ref)) { /* - * Fiche en mode edition + * Product card */ if ($user->rights->produit->lire || $user->rights->service->lire) { $linkback = ''.$langs->trans("BackToList").''; @@ -218,6 +218,16 @@ if ($id > 0 || !empty($ref)) { print '
'.$langs->trans("Duration").''.$object->duration_value.' '; + print '
'.$langs->trans("Duration").''.$object->duration_value.' '; if ($object->duration_value > 1) { $dur = array("i"=>$langs->trans("Minute"), "h"=>$langs->trans("Hours"), "d"=>$langs->trans("Days"), "w"=>$langs->trans("Weeks"), "m"=>$langs->trans("Months"), "y"=>$langs->trans("Years")); } elseif ($object->duration_value > 0) { @@ -2210,12 +2210,12 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print '
'.$form->textwithpicto($langs->trans("NatureOfProductShort"), $langs->trans("NatureOfProductDesc")).''; + print '
'.$form->textwithpicto($langs->trans("NatureOfProductShort"), $langs->trans("NatureOfProductDesc")).''; print $object->getLibFinished(); print '
'.$langs->trans("Weight").''; + print '
'.$langs->trans("Weight").''; if ($object->weight != '') { print $object->weight." ".measuringUnitString(0, "weight", $object->weight_units); } else { @@ -2225,7 +2225,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if (empty($conf->global->PRODUCT_DISABLE_SIZE)) { // Brut Length - print '
'.$langs->trans("Length").' x '.$langs->trans("Width").' x '.$langs->trans("Height").''; + print '
'.$langs->trans("Length").' x '.$langs->trans("Width").' x '.$langs->trans("Height").''; if ($object->length != '' || $object->width != '' || $object->height != '') { print $object->length; if ($object->width) { @@ -2242,7 +2242,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { } if (empty($conf->global->PRODUCT_DISABLE_SURFACE)) { // Brut Surface - print '
'.$langs->trans("Surface").''; + print '
'.$langs->trans("Surface").''; if ($object->surface != '') { print $object->surface." ".measuringUnitString(0, "surface", $object->surface_units); } else { @@ -2252,7 +2252,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { } if (empty($conf->global->PRODUCT_DISABLE_VOLUME)) { // Brut Volume - print '
'.$langs->trans("Volume").''; + print '
'.$langs->trans("Volume").''; if ($object->volume != '') { print $object->volume." ".measuringUnitString(0, "volume", $object->volume_units); } else { @@ -2263,12 +2263,13 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if (!empty($conf->global->PRODUCT_ADD_NET_MEASURE)) { // Net Measure - print '
'.$langs->trans("NetMeasure").''; + print '
'.$langs->trans("NetMeasure").''; if ($object->net_measure != '') { print $object->net_measure." ".measuringUnitString($object->net_measure_units); } else { print ' '; } + print '
'.$langs->trans("CustomCode").''.$object->customcode.'
'.$langs->trans("CustomCode").''.$object->customcode.'
'.$langs->trans("Origin").''.getCountry($object->country_id, 0, $db); + print '
'.$langs->trans("Origin").''.getCountry($object->country_id, 0, $db); if (!empty($object->state_id)) { print ' - '.getState($object->state_id, 0, $db); } @@ -2297,17 +2298,17 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Quality Control if (!empty($conf->global->PRODUCT_LOT_ENABLE_QUALITY_CONTROL)) { - print '
'.$langs->trans("LifeTime").''.$object->lifetime.'
'.$langs->trans("QCFrequency").''.$object->qc_frequency.'
'.$langs->trans("LifeTime").'
'.$langs->trans("QCFrequency").''.$object->qc_frequency.'
'.$langs->trans("Categories").''; + print '
'.$langs->trans("Categories").''; print $form->showCategories($object->id, Categorie::TYPE_PRODUCT, 1); print "
'.$langs->trans("NotePrivate").''.(dol_textishtml($object->note_private) ? $object->note_private : dol_nl2br($object->note_private, 1, true)).'
'.$langs->trans("NotePrivate").''.(dol_textishtml($object->note_private) ? $object->note_private : dol_nl2br($object->note_private, 1, true)).'
'; + // Type + if (!empty($conf->product->enabled) && !empty($conf->service->enabled)) { + $typeformat = 'select;0:'.$langs->trans("Product").',1:'.$langs->trans("Service"); + print ''; + } + // Nature if ($object->type != Product::TYPE_SERVICE) { print ''; print ''; print ''; + } + // User modification + if (!empty($arrayfields['f.fk_user_modif']['checked'])) { + print ''; + } // Date creation if (!empty($arrayfields['f.datec']['checked'])) { print ''; + if (!$i) { + $totalarray['nbfield']++; + } + } + if (!empty($arrayfields['f.fk_user_modif']['checked'])) { + print ''; + if (!$i) { + $totalarray['nbfield']++; + } + } if (!empty($arrayfields['f.datec']['checked'])) { print ''; @@ -673,7 +676,7 @@ if ($resql) { } } if (!empty($arrayfields['f.total_ht']['checked'])) { - print ''."\n"; + print ''."\n"; if (!$i) { $totalarray['nbfield']++; } From 53af424a3dc082ace87de3ba16804b4fe5acc7dd Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 Jun 2021 02:12:29 +0200 Subject: [PATCH 91/93] Fix total tva --- htdocs/compta/facture/invoicetemplate_list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/facture/invoicetemplate_list.php b/htdocs/compta/facture/invoicetemplate_list.php index 19da4b97f63..c60690ce96b 100644 --- a/htdocs/compta/facture/invoicetemplate_list.php +++ b/htdocs/compta/facture/invoicetemplate_list.php @@ -686,7 +686,7 @@ if ($resql) { $totalarray['val']['f.total_ht'] += $objp->total_ht; } if (!empty($arrayfields['f.total_tva']['checked'])) { - print ''."\n"; + print ''."\n"; if (!$i) { $totalarray['nbfield']++; } From c0c773dd1d285fa27278bf2fba60c737e3bd4420 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 Jun 2021 11:32:09 +0200 Subject: [PATCH 92/93] css --- htdocs/public/demo/index.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/htdocs/public/demo/index.php b/htdocs/public/demo/index.php index e39a332d3fb..bbb4a85aadf 100644 --- a/htdocs/public/demo/index.php +++ b/htdocs/public/demo/index.php @@ -118,7 +118,7 @@ if (empty($reshook)) { 'mailmanspip', 'notification', 'oauth', 'syslog', 'user', 'webservices', 'workflow', // Extended modules 'memcached', 'numberwords', 'zipautofillfr'); - $alwayshiddenuncheckedmodules = array('collab', 'dav', 'debugbar', 'emailcollector', 'ftp', 'hrm', 'modulebuilder', 'printing', 'webservicesclient', 'zappier', + $alwayshiddenuncheckedmodules = array('cashdesk', 'collab', 'dav', 'debugbar', 'emailcollector', 'ftp', 'hrm', 'modulebuilder', 'printing', 'webservicesclient', 'zappier', // Extended modules 'awstats', 'bittorrent', 'bootstrap', 'cabinetmed', 'cmcic', 'concatpdf', 'customfield', 'datapolicy', 'deplacement', 'dolicloud', 'filemanager', 'lightbox', 'mantis', 'monitoring', 'moretemplates', 'multicompany', 'nltechno', 'numberingpack', 'openstreetmap', 'ovh', 'phenix', 'phpsysinfo', 'pibarcode', 'postnuke', 'dynamicprices', 'receiptprinter', 'selectbank', 'skincoloreditor', 'submiteverywhere', 'survey', 'thomsonphonebook', 'topten', 'tvacerfa', 'voyage', 'webcalendar', 'webmail'); @@ -352,13 +352,13 @@ foreach ($demoprofiles as $profilearray) { if (empty($profilearray['url'])) { print ''; print ''; print '
'; From c4dcad5e6b6440c3d09d66711777cfc58b7f0e13 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 Jun 2021 11:57:42 +0200 Subject: [PATCH 93/93] Fix regression --- htdocs/core/lib/functions.lib.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index dd4d8cba1f2..29a27ccd38b 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -8005,17 +8005,20 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1) } // We block using of php exec or php file functions - $forbiddenphpcommands = array("exec(", "passthru(", "shell_exec(", "system(", "proc_open(", "popen(", "eval(", "dol_eval(", "executeCLI("); - $forbiddenphpcommands = array_merge($forbiddenphpcommands, array("fopen(", "file_put_contents(", "fputs(", "fputscsv(", "fwrite(", "fpassthru(", "unlink(", "mkdir(", "rmdir(", "symlink(", "touch(", "umask(")); - $forbiddenphpcommands = array_merge($forbiddenphpcommands, array('function(', '$$', 'call_user_func(')); - $forbiddenphpcommands = array_merge($forbiddenphpcommands, array('global', '_ENV', '_SESSION', '_COOKIE', '_GET', '_POST', '_REQUEST')); + $forbiddenphpstrings = array("exec(", "passthru(", "shell_exec(", "system(", "proc_open(", "popen(", "eval(", "dol_eval(", "executeCLI("); + $forbiddenphpstrings = array_merge($forbiddenphpstrings, array("fopen(", "file_put_contents(", "fputs(", "fputscsv(", "fwrite(", "fpassthru(", "unlink(", "mkdir(", "rmdir(", "symlink(", "touch(", "umask(")); + $forbiddenphpstrings = array_merge($forbiddenphpstrings, array('function(', '$$', 'call_user_func(')); + $forbiddenphpstrings = array_merge($forbiddenphpstrings, array('_ENV', '_SESSION', '_COOKIE', '_GET', '_POST', '_REQUEST')); + $forbiddenphpregex = array('global\s+\$'); do { $oldstringtoclean = $s; - $s = str_ireplace($forbiddenphpcommands, '__forbiddenstring__', $s); + $s = str_ireplace($forbiddenphpstrings, '__forbiddenstring__', $s); + $s = preg_replace('/'.$forbiddenphpregex.'/', '__forbiddenstring__', $s); //$s = preg_replace('/\$[a-zA-Z0-9_\->\$]+\(/i', '', $s); // Remove $function( call and $mycall->mymethod( } while ($oldstringtoclean != $s); if (strpos($s, '__forbiddenstring__') !== false) { + dol_syslog('Bad string syntax to evaluate: '.$s, LOG_WARNING); return 'Bad string syntax to evaluate: '.$s; }
'; + print (empty($conf->global->PRODUCT_DENY_CHANGE_PRODUCT_TYPE)) ? $form->editfieldkey("Type", 'fk_product_type', $object->type, $object, $usercancreate, $typeformat) : $langs->trans('Type'); + print ''; + print $form->editfieldval("Type", 'fk_product_type', $object->type, $object, $usercancreate, $typeformat); + print '
'.$langs->trans("Nature").''; diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php index 5908785e1cb..0220df610e4 100644 --- a/htdocs/product/stock/product.php +++ b/htdocs/product/stock/product.php @@ -596,8 +596,18 @@ if ($id > 0 || $ref) { print ''; + // Type + if (!empty($conf->product->enabled) && !empty($conf->service->enabled)) { + $typeformat = 'select;0:'.$langs->trans("Product").',1:'.$langs->trans("Service"); + print ''; + } + if ($conf->productbatch->enabled) { - print ''; } diff --git a/htdocs/variants/combinations.php b/htdocs/variants/combinations.php index a7ad432b3ba..0d9de5d857f 100644 --- a/htdocs/variants/combinations.php +++ b/htdocs/variants/combinations.php @@ -356,15 +356,25 @@ if (!empty($id) || !empty($ref)) { $linkback = ''.$langs->trans("BackToList").''; $object->next_prev_filter = " fk_product_type = ".$object->type; - dol_banner_tab($object, 'ref', $linkback, ($user->socid ? 0 : 1), 'ref', '', '', '', 0, '', '', 1); + dol_banner_tab($object, 'ref', $linkback, ($user->socid ? 0 : 1), 'ref', '', '', '', 0, '', ''); print '
'; print '
'; - print '
'; + print (empty($conf->global->PRODUCT_DENY_CHANGE_PRODUCT_TYPE)) ? $form->editfieldkey("Type", 'fk_product_type', $object->type, $object, $usercancreate, $typeformat) : $langs->trans('Type'); + print ''; + print $form->editfieldval("Type", 'fk_product_type', $object->type, $object, $usercancreate, $typeformat); + print '
'.$langs->trans("ManageLotSerial").''; + print '
'.$langs->trans("ManageLotSerial").''; print $object->getLibStatut(0, 2); print '
'; + print '
'; + + // Type + if (!empty($conf->product->enabled) && !empty($conf->service->enabled)) { + $typeformat = 'select;0:'.$langs->trans("Product").',1:'.$langs->trans("Service"); + print ''; + } // TVA - print '\n"; - - - print "
'; + print (empty($conf->global->PRODUCT_DENY_CHANGE_PRODUCT_TYPE)) ? $form->editfieldkey("Type", 'fk_product_type', $object->type, $object, $usercancreate, $typeformat) : $langs->trans('Type'); + print ''; + print $form->editfieldval("Type", 'fk_product_type', $object->type, $object, $usercancreate, $typeformat); + print '
'.$langs->trans("DefaultTaxRate").''; + print '
'.$langs->trans("DefaultTaxRate").''; $positiverates = ''; if (price2num($object->tva_tx)) { @@ -415,9 +425,6 @@ if (!empty($id) || !empty($ref)) { } print "
\n"; print ''; From 1aeb91eb9a3ab439f66fb5717e3dff8de8a95b38 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 8 Jun 2021 13:44:11 +0200 Subject: [PATCH 56/93] FIX entry menus that has been lost in v13 Look and feel v14 --- htdocs/compta/stats/cabyprodserv.php | 6 ++- htdocs/compta/stats/casoc.php | 9 +++-- htdocs/compta/stats/index.php | 12 ++++-- htdocs/compta/stats/supplier_turnover.php | 30 +++++++++++--- .../stats/supplier_turnover_by_prodserv.php | 6 ++- .../stats/supplier_turnover_by_thirdparty.php | 14 ++++--- htdocs/core/menus/standard/eldy.lib.php | 39 ++++++++++++++----- 7 files changed, 82 insertions(+), 34 deletions(-) diff --git a/htdocs/compta/stats/cabyprodserv.php b/htdocs/compta/stats/cabyprodserv.php index d48a931ca2c..83eb9ce68b9 100644 --- a/htdocs/compta/stats/cabyprodserv.php +++ b/htdocs/compta/stats/cabyprodserv.php @@ -391,7 +391,8 @@ if ($modecompta == 'CREANCES-DETTES') { // Category filter print '
'; - print $langs->trans("Category").': '.$formother->select_categories(Categorie::TYPE_PRODUCT, $selected_cat, 'search_categ', true); + print img_picto('', 'category', 'class="paddingrightonly"'); + print $formother->select_categories(Categorie::TYPE_PRODUCT, $selected_cat, 'search_categ', 0, $langs->trans("Category")); print ' '; print $langs->trans("SubCats").'? '; print ''; - print $langs->trans("ThirdParty").': '.$form->select_thirdparty_list($selected_soc, 'search_soc', '', 1); + print img_picto('', 'company', 'class="paddingrightonly"'); + print $form->select_thirdparty_list($selected_soc, 'search_soc', '', $langs->trans("ThirdParty")); print ''; diff --git a/htdocs/compta/stats/casoc.php b/htdocs/compta/stats/casoc.php index af3f2bc8a53..10f7956c6b7 100644 --- a/htdocs/compta/stats/casoc.php +++ b/htdocs/compta/stats/casoc.php @@ -405,7 +405,8 @@ print ''; print ''; print ''; print ''; print ''; print ''; print ''; print '\n"; // Loop on each record - $sign = 1; $cash = $bank = $cheque = $other = 0; - $totalarray = array(); + $totalqty = 0; $cachebankaccount = array(); + $transactionspertype = array(); $amountpertype = array(); + + $totalarray = array(); while ($i < $num) { $objp = $db->fetch_object($resql); + $totalqty += $objp->qty; + + if (empty($cachebankaccount[$objp->bankid])) { $bankaccounttmp = new Account($db); $bankaccounttmp->fetch($objp->bankid); @@ -243,25 +250,42 @@ if ($resql) { $totalarray['nbfield']++; } - // Bank account - print '\n"; @@ -327,21 +351,21 @@ if ($resql) { print '
'; print '

'; - print $langs->trans("Cash").': '.price($cash).''; + print $langs->trans("Cash").' '.($transactionspertype['CASH']?'('.$transactionspertype['CASH'].')':'').': '.price($cash).''; if ($object->status == $object::STATUS_VALIDATED && $cash != $object->cash) { print ' <> '.$langs->trans("Declared").': '.price($object->cash).''; } print "
"; //print '
'; - print $langs->trans("PaymentTypeCHQ").': '.price($cheque).''; + print $langs->trans("PaymentTypeCHQ").' '.($transactionspertype['CHQ']?'('.$transactionspertype['CHQ'].')':'').': '.price($cheque).''; if ($object->status == $object::STATUS_VALIDATED && $cheque != $object->cheque) { print ' <> '.$langs->trans("Declared").': '.price($object->cheque).''; } print "
"; //print '
'; - print $langs->trans("PaymentTypeCB").': '.price($bank).''; + print $langs->trans("PaymentTypeCB").' '.($transactionspertype['CB']?'('.$transactionspertype['CB'].')':'').': '.price($bank).''; if ($object->status == $object::STATUS_VALIDATED && $bank != $object->card) { print ' <> '.$langs->trans("Declared").': '.price($object->card).''; } @@ -349,11 +373,11 @@ if ($resql) { // print '
'; if ($other) { - print ''.$langs->trans("Other").': '.price($other).""; + print ''.$langs->trans("Other").' '.($transactionspertype['OTHER']?'('.$transactionspertype['OTHER'].')':'').': '.price($other).""; print '
'; } - print $langs->trans("Total").': '.price($cash + $cheque + $bank + $other).''; + print $langs->trans("Total").' ('.$totalqty.' '.$langs->trans("Articles").') : '.price($cash + $cheque + $bank + $other).''; print '

'; print '
'; From cfa268e0d30147011abaeb6e37f629e019f261d3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Jun 2021 04:13:57 +0200 Subject: [PATCH 64/93] Fix we must add total vat on cash fence receipts (Ticket Z) --- htdocs/compta/cashcontrol/report.php | 35 ++++++++++++++-------------- 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/htdocs/compta/cashcontrol/report.php b/htdocs/compta/cashcontrol/report.php index 15345584f73..fb6e75c68c4 100644 --- a/htdocs/compta/cashcontrol/report.php +++ b/htdocs/compta/cashcontrol/report.php @@ -120,10 +120,9 @@ $sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CB; $sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE; $sql.=")"; */ -$sql = "SELECT f.rowid as facid, f.ref, f.datef as do, pf.amount as amount, b.fk_account as bankid, cp.code, SUM(fd.qty) as qty"; -$sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."facture as f, ".MAIN_DB_PREFIX."paiement as p, ".MAIN_DB_PREFIX."c_paiement as cp, ".MAIN_DB_PREFIX."bank as b,"; -$sql .= " ".MAIN_DB_PREFIX."facturedet as fd"; -$sql .= " WHERE pf.fk_facture = f.rowid AND p.rowid = pf.fk_paiement AND cp.id = p.fk_paiement AND p.fk_bank = b.rowid AND fd.fk_facture = f.rowid"; +$sql = "SELECT f.rowid as facid, f.ref, f.datef as do, pf.amount as amount, b.fk_account as bankid, cp.code"; +$sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."facture as f, ".MAIN_DB_PREFIX."paiement as p, ".MAIN_DB_PREFIX."c_paiement as cp, ".MAIN_DB_PREFIX."bank as b"; +$sql .= " WHERE pf.fk_facture = f.rowid AND p.rowid = pf.fk_paiement AND cp.id = p.fk_paiement AND p.fk_bank = b.rowid"; $sql .= " AND f.module_source = '".$db->escape($posmodule)."'"; $sql .= " AND f.pos_source = '".$db->escape($terminalid)."'"; $sql .= " AND f.paye = 1"; @@ -145,7 +144,6 @@ if ($syear && !$smonth) { } else { dol_print_error('', 'Year not defined'); } -$sql .= " GROUP BY f.rowid, f.ref, f.datef, pf.amount, b.fk_account, cp.code"; $resql = $db->query($sql); if ($resql) { @@ -161,8 +159,8 @@ if ($resql) { print $langs->trans("CashControl")." - ".$langs->trans("Draft"); } print ""; - print $langs->trans("DateCreationShort").": ".dol_print_date($object->date_creation, 'dayhour'); - print '
'.$mysoc->name; + print $mysoc->name; + print '
'.$langs->trans("DateCreationShort").": ".dol_print_date($object->date_creation, 'dayhour'); $userauthor = $object->fk_user_valid; if (empty($userauthor)) { $userauthor = $object->fk_user_creat; @@ -201,7 +199,9 @@ if ($resql) { $cash = $bank = $cheque = $other = 0; $totalqty = 0; + $totalvat = 0; $cachebankaccount = array(); + $cacheinvoiceid = array(); $transactionspertype = array(); $amountpertype = array(); @@ -209,9 +209,7 @@ if ($resql) { while ($i < $num) { $objp = $db->fetch_object($resql); - $totalqty += $objp->qty; - - + // Load bankaccount if (empty($cachebankaccount[$objp->bankid])) { $bankaccounttmp = new Account($db); $bankaccounttmp->fetch($objp->bankid); @@ -223,14 +221,13 @@ if ($resql) { $invoicetmp->fetch($objp->facid); - /*if ($first == "yes") - { - print ''; - print ''; - print ''; - print ''; - $first = "no"; - }*/ + if (empty($cacheinvoiceid[$objp->facid])) { + $cacheinvoiceid[$objp->facid] = $objp->facid; // First time this invoice is found into list of invoice x payments + foreach($invoicetmp->lines as $line) { + $totalqty += $line->qty; + $totalvat += $line->total_tva; + } + } print ''; @@ -378,6 +375,8 @@ if ($resql) { } print $langs->trans("Total").' ('.$totalqty.' '.$langs->trans("Articles").') : '.price($cash + $cheque + $bank + $other).''; + print '
'.$langs->trans("TotalVAT").' : '.price($totalvat).''; + // TODO Add total localtaxes. print ''; print ''; From c375668ab6d87612490377787ac5a233196ef11d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Jun 2021 12:41:53 +0200 Subject: [PATCH 65/93] Clean code --- htdocs/admin/system/security.php | 2 +- htdocs/core/lib/geturl.lib.php | 7 +++++-- test/phpunit/SecurityTest.php | 11 ++++++++--- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index e972581beaa..5214808985d 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -277,7 +277,7 @@ if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') { print '
'; -print 'MAIN_SECURITY_ANTI_SSRF_SERVER_IP = '.(empty($conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP)."
"; +print 'MAIN_SECURITY_ANTI_SSRF_SERVER_IP = '.(empty($conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Example").': static-ips-of-server - '.$langs->trans("Note").': common loopback ip like 127.*.*.*, [::1] are already added)' : $conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP)."
"; print '
'; print 'MAIN_ALLOW_SVG_FILES_AS_IMAGES = '.(empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES) ? '0   ('.$langs->trans("Recommanded").': 0)' : $conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES)."
"; diff --git a/htdocs/core/lib/geturl.lib.php b/htdocs/core/lib/geturl.lib.php index 9feddb6f7f5..f87e7b7b4cd 100644 --- a/htdocs/core/lib/geturl.lib.php +++ b/htdocs/core/lib/geturl.lib.php @@ -24,7 +24,9 @@ /** * Function to get a content from an URL (use proxy if proxy defined). * Support Dolibarr setup for timeout and proxy. - * Enhancement of CURL to add an anti SSRF protection. + * Enhancement of CURL to add an anti SSRF protection: + * - you can set MAIN_SECURITY_ANTI_SSRF_SERVER_IP to set static ip of server + * - common local lookup ips like 127.*.*.* are automatically added * * @param string $url URL to call. * @param string $postorget 'POST', 'GET', 'HEAD', 'PUT', 'PUTALREADYFORMATED', 'POSTALREADYFORMATED', 'DELETE' @@ -199,12 +201,13 @@ function getURLContent($url, $postorget = 'GET', $param = '', $followlocation = } } if ($localurl == 1) { // Only local url allowed (dangerous, may allow to get metadata on server or make internal port scanning) + // Deny ips NOT like 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 0.0.0.0/8, 169.254.0.0/16, 127.0.0.0/8 et 240.0.0.0/4, ::1/128, ::/128, ::ffff:0:0/96, fe80::/10... if (filter_var($iptocheck, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) { $info['http_code'] = 400; $info['content'] = 'Error bad hostname '.$iptocheck.'. Must be a local URL.'; break; } - if (!empty($conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP) && !in_array($iptocheck, explode(',', '127.0.0.1,::1,'.$conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP))) { + if (!empty($conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP) && !in_array($iptocheck, explode(',', $conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP))) { $info['http_code'] = 400; $info['content'] = 'Error bad hostname IP (IP is not a local IP defined into list MAIN_SECURITY_SERVER_IP). Must be a local URL in allowed list.'; break; diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index 944d4f4cbe5..f889a6c542b 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -703,17 +703,22 @@ class SecurityTest extends PHPUnit\Framework\TestCase $url = 'http://127.0.0.1'; $tmp = getURLContent($url, 'GET', '', 0, array(), array('http', 'https'), 0); // Only external URL print __METHOD__." url=".$url."\n"; - $this->assertEquals(400, $tmp['http_code'], 'GET url to '.$url.' that is a local URL'); // Test we receive an error because localtest.me is not an external URL + $this->assertEquals(400, $tmp['http_code'], 'GET url to '.$url.' that is a local URL'); // Test we receive an error because 127.0.0.1 is not an external URL + + $url = 'http://127.0.2.1'; + $tmp = getURLContent($url, 'GET', '', 0, array(), array('http', 'https'), 0); // Only external URL + print __METHOD__." url=".$url."\n"; + $this->assertEquals(400, $tmp['http_code'], 'GET url to '.$url.' that is a local URL'); // Test we receive an error because 127.0.2.1 is not an external URL $url = 'https://169.254.0.1'; $tmp = getURLContent($url, 'GET', '', 0, array(), array('http', 'https'), 0); // Only external URL print __METHOD__." url=".$url."\n"; - $this->assertEquals(400, $tmp['http_code'], 'GET url to '.$url.' that is a local URL'); // Test we receive an error because localtest.me is not an external URL + $this->assertEquals(400, $tmp['http_code'], 'GET url to '.$url.' that is a local URL'); // Test we receive an error because 169.254.0.1 is not an external URL $url = 'http://[::1]'; $tmp = getURLContent($url, 'GET', '', 0, array(), array('http', 'https'), 0); // Only external URL print __METHOD__." url=".$url."\n"; - $this->assertEquals(400, $tmp['http_code'], 'GET url to '.$url.' that is a local URL'); // Test we receive an error because localtest.me is not an external URL + $this->assertEquals(400, $tmp['http_code'], 'GET url to '.$url.' that is a local URL'); // Test we receive an error because [::1] is not an external URL /*$url = 'localtest.me'; $tmp = getURLContent($url, 'GET', '', 0, array(), array('http', 'https'), 0); // Only external URL From 14e3d04e25eceb52baafa43202f69759bf08717e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Jun 2021 13:02:17 +0200 Subject: [PATCH 66/93] Add more info on security page --- htdocs/admin/system/security.php | 14 ++++++++++++++ htdocs/langs/en_US/admin.lang | 6 ++++-- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index 5214808985d..b076cd020be 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -245,8 +245,22 @@ if (empty($dolibarr_main_restrict_ip)) { print ''.$langs->trans("None").''; //print ' ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("IPsOfUsers")).')'; } + print '
'; +if (empty($conf->global->SECURITY_DISABLE_TEST_ON_OBFUSCATED_CONF)) { + print '$dolibarr_main_db_pass: '; + if (!empty($dolibarr_main_db_pass) && !preg_match('/^crypted:/', $dolibarr_main_db_pass)) { + print img_picto('', 'warning').' '.$langs->trans("DatabasePasswordNotObfuscated").'   ('.$langs->trans("Recommanded").': '.$langs->trans("SetOptionTo", $langs->transnoentitiesnoconv("MainDbPasswordFileConfEncrypted"), yn(1)).')'; + //print ' ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("IPsOfUsers")).')'; + } else { + print img_picto('', 'tick').' '.$langs->trans(""); + } + + print '
'; +} + + // Menu security diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index b7618f64739..5ae901dc7b2 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -221,8 +221,8 @@ NotCompatible=This module does not seem compatible with your Dolibarr %s (Min %s CompatibleAfterUpdate=This module requires an update to your Dolibarr %s (Min %s - Max %s). SeeInMarkerPlace=See in Market place SeeSetupOfModule=See setup of module %s +SetOptionTo=Set option %s to %s Updated=Updated -Nouveauté=Novelty AchatTelechargement=Buy / Download GoModuleSetupArea=To deploy/install a new module, go to the Module setup area: %s. DoliStoreDesc=DoliStore, the official market place for Dolibarr ERP/CRM external modules @@ -2141,4 +2141,6 @@ ModuleUpdateAvailable=An update is available NoExternalModuleWithUpdate=No updates found for external modules SwaggerDescriptionFile=Swagger API description file (for use with redoc for example) YouEnableDeprecatedWSAPIsUseRESTAPIsInstead=You enabled deprecated WS API. You should use REST API instead. -RandomlySelectedIfSeveral=Randomly selected if several pictures are available \ No newline at end of file +RandomlySelectedIfSeveral=Randomly selected if several pictures are available +DatabasePasswordObfuscated=Database password obfucated in conf file +DatabasePasswordNotObfuscated=Database password obfucated in conf file From a78d29bb710cd913c6de7853a4c3f1a35645b3a4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Jun 2021 13:05:32 +0200 Subject: [PATCH 67/93] Fix trans --- htdocs/langs/en_US/admin.lang | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 5ae901dc7b2..2939d93b0c6 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -1191,7 +1191,7 @@ SetupDescription4=%s -> %s

This software is a suite of m SetupDescription5=Other Setup menu entries manage optional parameters. AuditedSecurityEvents=Security events that are audited NoSecurityEventsAreAduited=No security events are audited. You can enable them from menu %s -Audit=Audit +Audit=Security events InfoDolibarr=About Dolibarr InfoBrowser=About Browser InfoOS=About OS From 997674aebc8af3e4d3042096ff3f9ab8f86b82cc Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Jun 2021 13:15:47 +0200 Subject: [PATCH 68/93] Fix trans --- htdocs/langs/en_US/admin.lang | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 2939d93b0c6..ef97369f040 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -2142,5 +2142,5 @@ NoExternalModuleWithUpdate=No updates found for external modules SwaggerDescriptionFile=Swagger API description file (for use with redoc for example) YouEnableDeprecatedWSAPIsUseRESTAPIsInstead=You enabled deprecated WS API. You should use REST API instead. RandomlySelectedIfSeveral=Randomly selected if several pictures are available -DatabasePasswordObfuscated=Database password obfucated in conf file -DatabasePasswordNotObfuscated=Database password obfucated in conf file +DatabasePasswordObfuscated=Database password is obfuscated in conf file +DatabasePasswordNotObfuscated=Database password is NOT obfuscated in conf file From 458ef9f8daacc73830ae7f481dc10e05a8682061 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Jun 2021 13:31:00 +0200 Subject: [PATCH 69/93] Fix security test --- htdocs/admin/system/security.php | 4 ++-- htdocs/filefunc.inc.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index b076cd020be..85ad40775d2 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -250,11 +250,11 @@ print '
'; if (empty($conf->global->SECURITY_DISABLE_TEST_ON_OBFUSCATED_CONF)) { print '$dolibarr_main_db_pass: '; - if (!empty($dolibarr_main_db_pass) && !preg_match('/^crypted:/', $dolibarr_main_db_pass)) { + if (!empty($dolibarr_main_db_pass) && empty($dolibarr_main_db_encrypted_pass)) { print img_picto('', 'warning').' '.$langs->trans("DatabasePasswordNotObfuscated").'   ('.$langs->trans("Recommanded").': '.$langs->trans("SetOptionTo", $langs->transnoentitiesnoconv("MainDbPasswordFileConfEncrypted"), yn(1)).')'; //print ' ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("IPsOfUsers")).')'; } else { - print img_picto('', 'tick').' '.$langs->trans(""); + print img_picto('', 'tick').' '.$langs->trans("DatabasePasswordObfuscated"); } print '
'; diff --git a/htdocs/filefunc.inc.php b/htdocs/filefunc.inc.php index 2c7795b9ac8..777fde21885 100644 --- a/htdocs/filefunc.inc.php +++ b/htdocs/filefunc.inc.php @@ -349,7 +349,7 @@ if ((!empty($dolibarr_main_db_pass) && preg_match('/crypted:/i', $dolibarr_main_ if (!empty($dolibarr_main_db_pass) && preg_match('/crypted:/i', $dolibarr_main_db_pass)) { $dolibarr_main_db_pass = preg_replace('/crypted:/i', '', $dolibarr_main_db_pass); $dolibarr_main_db_pass = dol_decode($dolibarr_main_db_pass); - $dolibarr_main_db_encrypted_pass = $dolibarr_main_db_pass; // We need to set this as it is used to know the password was initially crypted + $dolibarr_main_db_encrypted_pass = $dolibarr_main_db_pass; // We need to set this so we can use it later to know the password was initially crypted } else { $dolibarr_main_db_pass = dol_decode($dolibarr_main_db_encrypted_pass); } From e915e3403c8030d3dc8c98f064f309af09d966b9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Jun 2021 13:36:37 +0200 Subject: [PATCH 70/93] Trans --- htdocs/langs/fr_FR/admin.lang | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/langs/fr_FR/admin.lang b/htdocs/langs/fr_FR/admin.lang index e9b5ddf5c4e..ecaa4b6e600 100644 --- a/htdocs/langs/fr_FR/admin.lang +++ b/htdocs/langs/fr_FR/admin.lang @@ -1584,7 +1584,7 @@ NotInstalled=Non installé. NotSlowedDownByThis=Non ralenti par cela. NotRiskOfLeakWithThis=Pas de risque de fuite de données avec cela. ApplicativeCache=Cache applicatif -MemcachedNotAvailable=Aucun cache applicatif trouvé. Vous pouvez accélérer les performances de Dolibarr en installant un serveur de cache Memcached et un module de cache applicatif exploitant ce serveur.
Plus d'info icihttps://wiki.dolibarr.org/index.php/Module_MemCached.
Notez que de nombreux hébergeurs low-cost ne fournissent pas de tels serveurs de cache dans leur infrastructure. +MemcachedNotAvailable=Aucun cache applicatif trouvé. Vous pouvez accélérer les performances de Dolibarr en installant un serveur de cache Memcached et un module de cache applicatif exploitant ce serveur.
Plus d'info ici https://wiki.dolibarr.org/index.php/Module_MemCached.
Notez que de nombreux hébergeurs low-cost ne fournissent pas de tels serveurs de cache dans leur infrastructure. MemcachedModuleAvailableButNotSetup=Le module memcached pour le cache applicatif a été trouvé mais la configuration de ce module n'est pas complète. MemcachedAvailableAndSetup=Le module memcached dédié à l'utilisation du serveur de cache memcached est activé. OPCodeCache=Cache OPCode From d4ca6bf42a358b96982ce8f29adab250956ff1ab Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Jun 2021 13:56:03 +0200 Subject: [PATCH 71/93] Clean code --- htdocs/admin/system/security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index 85ad40775d2..3e01a99cb61 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -228,7 +228,7 @@ print '
'; print '
'; print load_fiche_titre($langs->trans("ConfigurationFile").' ('.$conffile.')', '', 'folder'); -print '$dolibarr_main_prod: '.$dolibarr_main_prod; +print '$dolibarr_main_prod: '.($dolibarr_main_prod ? $dolibarr_main_prod : '0'); if (empty($dolibarr_main_prod)) { print '   '.img_picto('', 'warning').' '.$langs->trans("IfYouAreOnAProductionSetThis", 1); } From fb46ece9061a87bc289e1998d234a559a5c32565 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Jun 2021 15:36:47 +0200 Subject: [PATCH 72/93] Fix yogosha 6347 --- htdocs/accountancy/admin/categories_list.php | 2 +- .../class/accountancycategory.class.php | 4 +- .../class/accountingaccount.class.php | 4 +- .../accountancy/class/bookkeeping.class.php | 4 +- htdocs/accountancy/journal/bankjournal.php | 2 +- htdocs/adherents/class/adherent.class.php | 6 +-- .../adherents/class/adherent_type.class.php | 2 +- htdocs/adherents/class/api_members.class.php | 6 +-- htdocs/adherents/class/subscription.class.php | 8 ++-- htdocs/api/class/api_setup.class.php | 10 ++-- htdocs/asset/class/asset_type.class.php | 4 +- htdocs/bom/class/bom.class.php | 4 +- htdocs/bookmarks/bookmarks.lib.php | 2 +- htdocs/bookmarks/list.php | 2 +- htdocs/categories/class/categorie.class.php | 6 +-- htdocs/comm/action/class/actioncomm.class.php | 4 +- htdocs/comm/action/index.php | 4 +- htdocs/comm/action/pertype.php | 2 +- htdocs/comm/action/peruser.php | 4 +- htdocs/comm/contact.php | 8 ---- htdocs/comm/propal/class/propal.class.php | 10 ++-- htdocs/comm/propal/index.php | 8 ++-- htdocs/comm/propal/list.php | 12 ++--- htdocs/comm/prospect/index.php | 8 ++-- htdocs/commande/class/commande.class.php | 10 ++-- htdocs/commande/customer.php | 3 -- htdocs/commande/index.php | 8 ++-- htdocs/commande/list.php | 2 +- htdocs/compta/bank/bankentries_list.php | 2 +- htdocs/compta/bank/class/account.class.php | 4 +- .../bank/class/api_bankaccounts.class.php | 2 +- htdocs/compta/bank/line.php | 2 +- htdocs/compta/bank/releve.php | 2 +- htdocs/compta/bank/various_payment/list.php | 10 ++-- htdocs/compta/clients.php | 20 +++----- .../facture/class/api_invoices.class.php | 2 +- .../facture/class/facture-rec.class.php | 16 +++---- htdocs/compta/facture/class/facture.class.php | 6 +-- htdocs/compta/facture/list.php | 12 ++--- htdocs/compta/index.php | 6 +-- .../compta/localtax/class/localtax.class.php | 2 +- htdocs/compta/localtax/index.php | 4 +- htdocs/compta/paiement/cheque/card.php | 2 +- htdocs/compta/paiement/cheque/list.php | 2 +- htdocs/compta/paiement/tovalidate.php | 2 +- .../class/bonprelevement.class.php | 2 +- .../class/rejetprelevement.class.php | 6 +-- htdocs/compta/prelevement/fiche-rejet.php | 6 +-- htdocs/compta/recap-compta.php | 2 +- htdocs/compta/resultat/clientfourn.php | 2 +- htdocs/compta/sociales/list.php | 6 +-- htdocs/compta/stats/cabyuser.php | 2 +- htdocs/compta/stats/index.php | 2 +- htdocs/compta/stats/supplier_turnover.php | 4 +- .../stats/supplier_turnover_by_thirdparty.php | 2 +- htdocs/compta/tva/class/tva.class.php | 2 +- htdocs/compta/tva/list.php | 6 +-- htdocs/contact/class/contact.class.php | 16 +++---- htdocs/contact/list.php | 12 ++--- htdocs/contrat/class/contrat.class.php | 8 ++-- htdocs/contrat/index.php | 2 +- htdocs/contrat/list.php | 8 ++-- htdocs/contrat/services_list.php | 2 +- htdocs/core/class/commonobject.class.php | 26 +++++----- htdocs/core/class/discount.class.php | 2 +- htdocs/core/class/extrafields.class.php | 6 +-- htdocs/core/class/html.form.class.php | 12 ++--- .../core/class/html.formaccounting.class.php | 2 +- .../class/html.formintervention.class.php | 4 +- htdocs/core/class/html.formmail.class.php | 6 +-- .../class/html.formsocialcontrib.class.php | 2 +- htdocs/core/class/infobox.class.php | 8 ++-- htdocs/core/class/menubase.class.php | 4 +- htdocs/core/class/notify.class.php | 10 ++-- htdocs/core/lib/agenda.lib.php | 4 +- htdocs/core/lib/company.lib.php | 8 ++-- htdocs/core/lib/fourn.lib.php | 2 +- htdocs/core/lib/invoice.lib.php | 8 ++-- htdocs/core/lib/sendings.lib.php | 2 +- htdocs/core/lib/ticket.lib.php | 2 +- htdocs/core/lib/usergroups.lib.php | 2 +- htdocs/core/modules/DolibarrModules.class.php | 6 +-- .../core/modules/mailings/pomme.modules.php | 2 +- .../modules/mailings/thirdparties.modules.php | 6 +-- .../thirdparties_services_expired.modules.php | 2 +- .../movement/doc/pdf_standard.modules.php | 4 +- .../doc/doc_generic_project_odt.modules.php | 2 +- .../task/doc/doc_generic_task_odt.modules.php | 2 +- .../modules/rapport/pdf_paiement.class.php | 2 +- .../stock/doc/pdf_standard.modules.php | 2 +- .../class/actions_datapolicy.class.php | 2 +- htdocs/don/class/api_donations.class.php | 2 +- htdocs/don/class/don.class.php | 8 ++-- htdocs/ecm/class/ecmfiles.class.php | 2 +- .../conferenceorboothattendee_list.php | 2 +- htdocs/expedition/card.php | 2 +- .../expedition/class/api_shipments.class.php | 2 +- htdocs/expedition/class/expedition.class.php | 6 +-- .../class/expeditionbatch.class.php | 2 +- htdocs/expedition/list.php | 8 ++-- htdocs/expedition/shipment.php | 2 +- .../class/expensereport.class.php | 28 +++++------ htdocs/fichinter/card-rec.php | 2 +- htdocs/fichinter/class/fichinter.class.php | 4 +- .../class/api_supplier_invoices.class.php | 2 +- .../fourn/class/api_supplier_orders.class.php | 2 +- .../class/fournisseur.commande.class.php | 2 +- .../fourn/class/fournisseur.facture.class.php | 12 ++--- .../fourn/class/fournisseur.product.class.php | 8 ++-- htdocs/fourn/commande/index.php | 6 +-- htdocs/fourn/commande/list.php | 8 ++-- htdocs/fourn/contact.php | 2 +- htdocs/fourn/facture/list.php | 4 +- htdocs/fourn/index.php | 4 +- htdocs/fourn/product/list.php | 4 +- htdocs/fourn/recap-fourn.php | 2 +- htdocs/holiday/class/holiday.class.php | 4 +- htdocs/hrm/class/establishment.class.php | 8 ++-- htdocs/hrm/index.php | 4 +- htdocs/install/upgrade2.php | 18 +++---- htdocs/intracommreport/list.php | 4 +- .../knowledgemanagementindex.php | 2 +- htdocs/loan/class/loan.class.php | 6 +-- htdocs/margin/agentMargins.php | 4 +- htdocs/margin/tabs/productMargins.php | 2 +- .../template/class/api_mymodule.class.php | 4 +- .../modulebuilder/template/mymoduleindex.php | 2 +- htdocs/mrp/class/api_mos.class.php | 4 +- .../class/opensurveysondage.class.php | 6 +-- .../class/partnershiputils.class.php | 4 +- htdocs/partnership/partnershipindex.php | 2 +- htdocs/product/ajax/products.php | 4 +- .../product/actions_card_product.class.php | 8 ++-- .../service/actions_card_service.class.php | 18 +++---- htdocs/product/class/api_products.class.php | 4 +- htdocs/product/class/product.class.php | 48 +++++++++---------- htdocs/product/class/productbatch.class.php | 6 +-- .../class/propalmergepdfproduct.class.php | 4 +- .../class/price_global_variable.class.php | 2 +- .../price_global_variable_updater.class.php | 8 ++-- htdocs/product/index.php | 6 +-- htdocs/product/list.php | 2 +- htdocs/product/popuprop.php | 2 +- htdocs/product/reassort.php | 2 +- htdocs/product/reassortlot.php | 2 +- htdocs/product/stats/bom.php | 7 ++- htdocs/product/stats/commande.php | 4 +- htdocs/product/stats/commande_fournisseur.php | 4 +- htdocs/product/stats/contrat.php | 2 +- htdocs/product/stats/facture.php | 2 +- htdocs/product/stats/facture_fournisseur.php | 2 +- htdocs/product/stats/mo.php | 2 +- htdocs/product/stats/propal.php | 2 +- htdocs/product/stats/supplier_proposal.php | 2 +- htdocs/product/stock/card.php | 2 +- htdocs/product/stock/class/entrepot.class.php | 6 +-- htdocs/product/stock/product.php | 2 +- htdocs/product/stock/stockatdate.php | 4 +- htdocs/projet/activity/index.php | 2 +- htdocs/projet/class/api_projects.class.php | 2 +- htdocs/projet/class/project.class.php | 20 ++++---- htdocs/projet/class/projectstats.class.php | 4 +- htdocs/projet/class/task.class.php | 14 +++--- htdocs/projet/index.php | 2 +- htdocs/projet/list.php | 6 +-- htdocs/projet/tasks/list.php | 9 +--- htdocs/projet/tasks/time.php | 2 +- .../public/emailing/mailing-unsubscribe.php | 2 +- htdocs/reception/card.php | 4 +- htdocs/reception/index.php | 6 +-- htdocs/reception/list.php | 4 +- htdocs/recruitment/recruitmentindex.php | 2 +- htdocs/resource/class/dolresource.class.php | 6 +-- htdocs/salaries/class/salary.class.php | 6 +-- htdocs/salaries/list.php | 4 +- htdocs/salaries/payments.php | 2 +- htdocs/societe/class/api_contacts.class.php | 2 +- .../societe/class/api_thirdparties.class.php | 6 +-- .../class/companybankaccount.class.php | 4 +- htdocs/societe/class/societe.class.php | 8 ++-- htdocs/societe/list.php | 10 ++-- htdocs/societe/notify/card.php | 12 ++--- htdocs/societe/paymentmodes.php | 4 +- .../class/supplier_proposal.class.php | 6 +-- htdocs/supplier_proposal/index.php | 4 +- htdocs/supplier_proposal/list.php | 2 +- htdocs/takepos/floors.php | 2 +- htdocs/takepos/invoice.php | 2 +- htdocs/ticket/class/api_tickets.class.php | 4 +- htdocs/ticket/class/ticket.class.php | 5 +- htdocs/user/class/api_users.class.php | 2 +- htdocs/user/class/user.class.php | 6 +-- htdocs/user/class/usergroup.class.php | 12 ++--- htdocs/user/list.php | 2 +- htdocs/webservices/server_invoice.php | 2 +- htdocs/webservices/server_order.php | 2 +- .../webservices/server_productorservice.php | 6 +-- .../webservices/server_supplier_invoice.php | 2 +- htdocs/webservices/server_thirdparty.php | 6 +-- 199 files changed, 507 insertions(+), 533 deletions(-) diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index c5091ef4207..9a8a84893fe 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -444,7 +444,7 @@ if ($search_country_id > 0) { } else { $sql .= " WHERE "; } - $sql .= " (a.fk_country = ".$search_country_id." OR a.fk_country = 0)"; + $sql .= " (a.fk_country = ".((int) $search_country_id)." OR a.fk_country = 0)"; } // If sort order is "country", we use country_code instead diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php index d8e1598d1ac..aa200c770e4 100644 --- a/htdocs/accountancy/class/accountancycategory.class.php +++ b/htdocs/accountancy/class/accountancycategory.class.php @@ -675,7 +675,7 @@ class AccountancyCategory // extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."c_accounting_category as c"; $sql .= " WHERE c.active = 1"; $sql .= " AND c.entity = ".$conf->entity; - $sql .= " AND (c.fk_country = ".$mysoc->country_id." OR c.fk_country = 0)"; + $sql .= " AND (c.fk_country = ".((int) $mysoc->country_id)." OR c.fk_country = 0)"; $sql .= " AND cat.rowid = t.fk_accounting_category"; $sql .= " AND t.entity = ".$conf->entity; $sql .= " ORDER BY cat.position ASC"; @@ -806,7 +806,7 @@ class AccountancyCategory // extends CommonObject if ($categorytype >= 0) { $sql .= " AND c.category_type = 1"; } - $sql .= " AND (c.fk_country = ".$mysoc->country_id." OR c.fk_country = 0)"; + $sql .= " AND (c.fk_country = ".((int) $mysoc->country_id)." OR c.fk_country = 0)"; $sql .= " ORDER BY c.position ASC"; $resql = $this->db->query($sql); diff --git a/htdocs/accountancy/class/accountingaccount.class.php b/htdocs/accountancy/class/accountingaccount.class.php index 28601380ac1..99a0dc0dc48 100644 --- a/htdocs/accountancy/class/accountingaccount.class.php +++ b/htdocs/accountancy/class/accountingaccount.class.php @@ -602,7 +602,7 @@ class AccountingAccount extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."accounting_account "; $sql .= "SET ".$fieldtouse." = '0'"; - $sql .= " WHERE rowid = ".$this->db->escape($id); + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::accountDeactivate ".$fieldtouse." sql=".$sql, LOG_DEBUG); $result = $this->db->query($sql); @@ -640,7 +640,7 @@ class AccountingAccount extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."accounting_account"; $sql .= " SET ".$fieldtouse." = '1'"; - $sql .= " WHERE rowid = ".$this->db->escape($id); + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::account_activate ".$fieldtouse." sql=".$sql, LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index 3594bb26fc8..97ad7767be5 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -294,7 +294,7 @@ class BookKeeping extends CommonObject $sql = "SELECT count(*) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element; $sql .= " WHERE doc_type = '".$this->db->escape($this->doc_type)."'"; - $sql .= " AND fk_doc = ".$this->fk_doc; + $sql .= " AND fk_doc = ".((int) $this->fk_doc); if (!empty($conf->global->ACCOUNTANCY_ENABLE_FKDOCDET)) { // DO NOT USE THIS IN PRODUCTION. This will generate a lot of trouble into reports and will corrupt database (by generating duplicate entries. $sql .= " AND fk_docdet = " . $this->fk_docdet; // This field can be 0 if record is for several lines @@ -312,7 +312,7 @@ class BookKeeping extends CommonObject $sqlnum = "SELECT piece_num"; $sqlnum .= " FROM ".MAIN_DB_PREFIX.$this->table_element; $sqlnum .= " WHERE doc_type = '".$this->db->escape($this->doc_type)."'"; // For example doc_type = 'bank' - $sqlnum .= " AND fk_doc = ".$this->fk_doc; + $sqlnum .= " AND fk_doc = ".((int) $this->fk_doc); if (!empty($conf->global->ACCOUNTANCY_ENABLE_FKDOCDET)) { // fk_docdet is rowid into llx_bank or llx_facturedet or llx_facturefourndet, or ... $sqlnum .= " AND fk_docdet = ".((int) $this->fk_docdet); diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php index 76984d55fba..32670b15575 100644 --- a/htdocs/accountancy/journal/bankjournal.php +++ b/htdocs/accountancy/journal/bankjournal.php @@ -1320,7 +1320,7 @@ function getSourceDocRef($val, $typerecord) if ($typerecord == 'payment') { $sqlmid = 'SELECT payfac.fk_facture as id, f.ref as ref'; $sqlmid .= " FROM ".MAIN_DB_PREFIX."paiement_facture as payfac, ".MAIN_DB_PREFIX."facture as f"; - $sqlmid .= " WHERE payfac.fk_facture = f.rowid AND payfac.fk_paiement=".$val["paymentid"]; + $sqlmid .= " WHERE payfac.fk_facture = f.rowid AND payfac.fk_paiement=".((int) $val["paymentid"]); $ref = $langs->transnoentitiesnoconv("Invoice"); } elseif ($typerecord == 'payment_supplier') { $sqlmid = 'SELECT payfac.fk_facturefourn as id, f.ref'; diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 4c0c602cbc1..91f01d19f89 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -598,8 +598,8 @@ class Adherent extends CommonObject if ($this->user_id) { // Add link to user $sql = "UPDATE ".MAIN_DB_PREFIX."user SET"; - $sql .= " fk_member = ".$this->id; - $sql .= " WHERE rowid = ".$this->user_id; + $sql .= " fk_member = ".((int) $this->id); + $sql .= " WHERE rowid = ".((int) $this->user_id); dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -728,7 +728,7 @@ class Adherent extends CommonObject if (!empty($this->oldcopy) && $this->typeid != $this->oldcopy->typeid) { $sql2 = "SELECT libelle as label"; $sql2 .= " FROM ".MAIN_DB_PREFIX."adherent_type"; - $sql2 .= " WHERE rowid = ".$this->typeid; + $sql2 .= " WHERE rowid = ".((int) $this->typeid); $resql2 = $this->db->query($sql2); if ($resql2) { while ($obj = $this->db->fetch_object($resql2)) { diff --git a/htdocs/adherents/class/adherent_type.class.php b/htdocs/adherents/class/adherent_type.class.php index 0104f8f36e8..1cb9fcdb12c 100644 --- a/htdocs/adherents/class/adherent_type.class.php +++ b/htdocs/adherents/class/adherent_type.class.php @@ -362,7 +362,7 @@ class AdherentType extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."adherent_type "; $sql .= "SET "; - $sql .= "statut = ".$this->status.","; + $sql .= "statut = ".((int) $this->status).","; $sql .= "libelle = '".$this->db->escape($this->label)."',"; $sql .= "morphy = '".$this->db->escape($this->morphy)."',"; $sql .= "subscription = '".$this->db->escape($this->subscription)."',"; diff --git a/htdocs/adherents/class/api_members.class.php b/htdocs/adherents/class/api_members.class.php index 5573961456f..d57a01510d4 100644 --- a/htdocs/adherents/class/api_members.class.php +++ b/htdocs/adherents/class/api_members.class.php @@ -228,12 +228,12 @@ class Members extends DolibarrApi } $sql .= ' WHERE t.entity IN ('.getEntity('adherent').')'; if (!empty($typeid)) { - $sql .= ' AND t.fk_adherent_type='.$typeid; + $sql .= ' AND t.fk_adherent_type='.((int) $typeid); } // Select members of given category if ($category > 0) { - $sql .= " AND c.fk_categorie = ".$this->db->escape($category); - $sql .= " AND c.fk_member = t.rowid "; + $sql .= " AND c.fk_categorie = ".((int) $category); + $sql .= " AND c.fk_member = t.rowid"; } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/adherents/class/subscription.class.php b/htdocs/adherents/class/subscription.class.php index 1285b12b2d0..bb5cdd20bd5 100644 --- a/htdocs/adherents/class/subscription.class.php +++ b/htdocs/adherents/class/subscription.class.php @@ -267,14 +267,14 @@ class Subscription extends CommonObject } $sql = "UPDATE ".MAIN_DB_PREFIX."subscription SET "; - $sql .= " fk_type = ".$this->fk_type.","; - $sql .= " fk_adherent = ".$this->fk_adherent.","; + $sql .= " fk_type = ".((int) $this->fk_type).","; + $sql .= " fk_adherent = ".((int) $this->fk_adherent).","; $sql .= " note=".($this->note ? "'".$this->db->escape($this->note)."'" : 'null').","; $sql .= " subscription = ".price2num($this->amount).","; $sql .= " dateadh='".$this->db->idate($this->dateh)."',"; $sql .= " datef='".$this->db->idate($this->datef)."',"; $sql .= " datec='".$this->db->idate($this->datec)."',"; - $sql .= " fk_bank = ".($this->fk_bank ? $this->fk_bank : 'null'); + $sql .= " fk_bank = ".($this->fk_bank ? ((int) $this->fk_bank) : 'null'); $sql .= " WHERE rowid = ".$this->id; dol_syslog(get_class($this)."::update", LOG_DEBUG); @@ -341,7 +341,7 @@ class Subscription extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/api/class/api_setup.class.php b/htdocs/api/class/api_setup.class.php index 15d31140874..1f59762c865 100644 --- a/htdocs/api/class/api_setup.class.php +++ b/htdocs/api/class/api_setup.class.php @@ -200,7 +200,7 @@ class Setup extends DolibarrApi $sql = "SELECT id, code, type, libelle as label, module"; $sql .= " FROM ".MAIN_DB_PREFIX."c_paiement as t"; $sql .= " WHERE t.entity IN (".getEntity('c_paiement').")"; - $sql .= " AND t.active = ".$active; + $sql .= " AND t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { @@ -1055,7 +1055,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid AS id, zip, town, fk_county, fk_pays AS fk_country"; $sql .= " FROM ".MAIN_DB_PREFIX."c_ziptown as t"; - $sql .= " AND t.active = ".$active; + $sql .= " AND t.active = ".((int) $active); if ($zipcode) { $sql .= " AND t.zip LIKE '%".$this->db->escape($zipcode)."%'"; } @@ -1125,7 +1125,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid as id, code, sortorder, libelle as label, libelle_facture as descr, type_cdr, nbjour, decalage, module"; $sql .= " FROM ".MAIN_DB_PREFIX."c_payment_term as t"; $sql .= " WHERE t.entity IN (".getEntity('c_payment_term').")"; - $sql .= " AND t.active = ".$active; + $sql .= " AND t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { @@ -1183,7 +1183,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid as id, code, libelle as label, description, tracking, module"; $sql .= " FROM ".MAIN_DB_PREFIX."c_shipment_mode as t"; $sql .= " WHERE t.entity IN (".getEntity('c_shipment_mode').")"; - $sql .= " AND t.active = ".$active; + $sql .= " AND t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { @@ -1307,7 +1307,7 @@ class Setup extends DolibarrApi $sql = "SELECT t.rowid, t.entity, t.code, t.label, t.url, t.icon, t.active"; $sql .= " FROM ".MAIN_DB_PREFIX."c_socialnetworks as t"; $sql .= " WHERE t.entity IN (".getEntity('c_socialnetworks').")"; - $sql .= " AND t.active = ".$active; + $sql .= " AND t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { diff --git a/htdocs/asset/class/asset_type.class.php b/htdocs/asset/class/asset_type.class.php index 36c654c28ba..335cd63115a 100644 --- a/htdocs/asset/class/asset_type.class.php +++ b/htdocs/asset/class/asset_type.class.php @@ -332,7 +332,7 @@ class AssetType extends CommonObject /** * Return array of Asset objects for asset type this->id (or all if this->id not defined) * - * @param string $excludefilter Filter to exclude. This parameter must not be provided by input of users + * @param string $excludefilter Filter string to exclude. This parameter must not be provided by input of users * @param int $mode 0=Return array of asset instance * 1=Return array of asset instance without extra data * 2=Return array of asset id only @@ -347,7 +347,7 @@ class AssetType extends CommonObject $sql = "SELECT a.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."asset as a"; $sql .= " WHERE a.entity IN (".getEntity('asset').")"; - $sql .= " AND a.fk_asset_type = ".$this->id; + $sql .= " AND a.fk_asset_type = ".((int) $this->id); if (!empty($excludefilter)) { $sql .= ' AND ('.$excludefilter.')'; } diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index 220c724ad89..728bdef6cf6 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -614,8 +614,8 @@ class BOM extends CommonObject $sql .= " SET ref = '".$this->db->escape($num)."',"; $sql .= " status = ".self::STATUS_VALIDATED.","; $sql .= " date_valid='".$this->db->idate($now)."',"; - $sql .= " fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " fk_user_valid = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/bookmarks/bookmarks.lib.php b/htdocs/bookmarks/bookmarks.lib.php index 199944165b4..a977ae57fbc 100644 --- a/htdocs/bookmarks/bookmarks.lib.php +++ b/htdocs/bookmarks/bookmarks.lib.php @@ -80,7 +80,7 @@ function printDropdownBookmarksList() // Menu with list of bookmarks $sql = "SELECT rowid, title, url, target FROM ".MAIN_DB_PREFIX."bookmark"; - $sql .= " WHERE (fk_user = ".$user->id." OR fk_user is NULL OR fk_user = 0)"; + $sql .= " WHERE (fk_user = ".((int) $user->id)." OR fk_user is NULL OR fk_user = 0)"; $sql .= " AND entity IN (".getEntity('bookmarks').")"; $sql .= " ORDER BY position"; if ($resql = $db->query($sql)) { diff --git a/htdocs/bookmarks/list.php b/htdocs/bookmarks/list.php index 7d644d3a103..17be6be9cef 100644 --- a/htdocs/bookmarks/list.php +++ b/htdocs/bookmarks/list.php @@ -98,7 +98,7 @@ $sql .= " FROM ".MAIN_DB_PREFIX."bookmark as b LEFT JOIN ".MAIN_DB_PREFIX."user $sql .= " WHERE 1=1"; $sql .= " AND b.entity IN (".getEntity('bookmark').")"; if (!$user->admin) { - $sql .= " AND (b.fk_user = ".$user->id." OR b.fk_user is NULL OR b.fk_user = 0)"; + $sql .= " AND (b.fk_user = ".((int) $user->id)." OR b.fk_user is NULL OR b.fk_user = 0)"; } $sql .= $db->order($sortfield.", position", $sortorder); diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index 5f30a96c9c1..b98cff5b3a5 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -774,7 +774,7 @@ class Categorie extends CommonObject $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]); $sql .= " WHERE fk_categorie = ".$this->id; - $sql .= " AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".$obj->id; + $sql .= " AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $obj->id); dol_syslog(get_class($this).'::del_type', LOG_DEBUG); if ($this->db->query($sql)) { @@ -1303,7 +1303,7 @@ class Categorie extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."categorie as c "; $sql .= " WHERE c.entity IN (".getEntity('category').")"; $sql .= " AND c.type = ".((int) $type); - $sql .= " AND c.fk_parent = ".$this->fk_parent; + $sql .= " AND c.fk_parent = ".((int) $this->fk_parent); $sql .= " AND c.label = '".$this->db->escape($this->label)."'"; dol_syslog(get_class($this)."::already_exists", LOG_DEBUG); @@ -1552,7 +1552,7 @@ class Categorie extends CommonObject // Generation requete recherche $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."categorie"; - $sql .= " WHERE type = ".$this->MAP_ID[$type]; + $sql .= " WHERE type = ".((int) $this->MAP_ID[$type]); $sql .= " AND entity IN (".getEntity('category').")"; if ($nom) { if (!$exact) { diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index 3943a37e5a7..38acaac0fc9 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -1896,7 +1896,7 @@ class ActionComm extends CommonObject $userforfilter = new User($this->db); $result = $userforfilter->fetch('', $logint); if ($result > 0) { - $sql .= " AND ar.fk_element = ".$userforfilter->id; + $sql .= " AND ar.fk_element = ".((int) $userforfilter->id); } elseif ($result < 0 || $condition == '=') { $sql .= " AND ar.fk_element = 0"; } @@ -2410,7 +2410,7 @@ class ActionComm extends CommonObject // Delete also very old past events (we do not keep more than 1 month record in past) $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_reminder"; $sql .= " WHERE dateremind < '".$this->db->idate($now - (3600 * 24 * 32))."'"; - $sql .= " AND status = ".$actionCommReminder::STATUS_DONE; + $sql .= " AND status = ".((int) $actionCommReminder::STATUS_DONE); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index 459ede423b1..465f1be8701 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -741,10 +741,10 @@ if ($status == 'todo') { if ($filtert > 0 || $usergroup > 0) { $sql .= " AND ("; if ($filtert > 0) { - $sql .= "ar.fk_element = ".$filtert; + $sql .= "ar.fk_element = ".((int) $filtert); } if ($usergroup > 0) { - $sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".$usergroup; + $sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".((int) $usergroup); } $sql .= ")"; } diff --git a/htdocs/comm/action/pertype.php b/htdocs/comm/action/pertype.php index 32eaccdcce1..b39d6c3141d 100644 --- a/htdocs/comm/action/pertype.php +++ b/htdocs/comm/action/pertype.php @@ -616,7 +616,7 @@ if ($filtert > 0 || $usergroup > 0) { $sql .= "ar.fk_element = ".$filtert; } if ($usergroup > 0) { - $sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".$usergroup; + $sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".((int) $usergroup); } $sql .= ")"; } diff --git a/htdocs/comm/action/peruser.php b/htdocs/comm/action/peruser.php index 76330d39453..10d9871c4c9 100644 --- a/htdocs/comm/action/peruser.php +++ b/htdocs/comm/action/peruser.php @@ -637,7 +637,7 @@ if ($filtert > 0 || $usergroup > 0) { $sql .= "ar.fk_element = ".$filtert; } if ($usergroup > 0) { - $sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".$usergroup; + $sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".((int) $usergroup); } $sql .= ")"; } @@ -899,7 +899,7 @@ while ($currentdaytoshow < $lastdaytoshow) { } $sql .= " WHERE u.statut = 1 AND u.entity IN (".getEntity('user').")"; if ($usergroup > 0) { - $sql .= " AND ug.fk_usergroup = ".$usergroup; + $sql .= " AND ug.fk_usergroup = ".((int) $usergroup); } //print $sql; $resql = $db->query($sql); diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php index 9945ca0e186..1d74cba61cd 100644 --- a/htdocs/comm/contact.php +++ b/htdocs/comm/contact.php @@ -104,23 +104,15 @@ if ($type == "f") { if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); } - -if (dol_strlen($stcomm)) { - $sql .= " AND s.fk_stcomm=".$db->escape($stcomm); -} - if (!empty($search_lastname)) { $sql .= " AND p.name LIKE '%".$db->escape($search_lastname)."%'"; } - if (!empty($search_firstname)) { $sql .= " AND p.firstname LIKE '%".$db->escape($search_firstname)."%'"; } - if (!empty($search_company)) { $sql .= " AND s.nom LIKE '%".$db->escape($search_company)."%'"; } - if (!empty($contactname)) { // acces a partir du module de recherche $sql .= " AND (p.name LIKE '%".$db->escape($contactname)."%' OR lower(p.firstname) LIKE '%".$db->escape($contactname)."%') "; $sortfield = "p.name"; diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index c544f5f7fe9..6c670c82364 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -2463,12 +2463,12 @@ class Propal extends CommonObject $error = 0; $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; - $sql .= " SET fk_statut = ".$status.","; + $sql .= " SET fk_statut = ".((int) $status).","; if (!empty($note)) { $sql .= " note_private = '".$this->db->escape($note)."',"; } $sql .= " date_cloture=NULL, fk_user_cloture=NULL"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -4305,7 +4305,7 @@ class PropaleLigne extends CommonObjectLine } $sql .= ", fk_parent_line=".($this->fk_parent_line > 0 ? $this->fk_parent_line : "null"); if (!empty($this->rang)) { - $sql .= ", rang=".$this->rang; + $sql .= ", rang=".((int) $this->rang); } $sql .= ", date_start=".(!empty($this->date_start) ? "'".$this->db->idate($this->date_start)."'" : "null"); $sql .= ", date_end=".(!empty($this->date_end) ? "'".$this->db->idate($this->date_end)."'" : "null"); @@ -4317,7 +4317,7 @@ class PropaleLigne extends CommonObjectLine $sql .= ", multicurrency_total_tva=".price2num($this->multicurrency_total_tva).""; $sql .= ", multicurrency_total_ttc=".price2num($this->multicurrency_total_ttc).""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -4365,7 +4365,7 @@ class PropaleLigne extends CommonObjectLine $sql .= " total_ht=".price2num($this->total_ht, 'MT').""; $sql .= ",total_tva=".price2num($this->total_tva, 'MT').""; $sql .= ",total_ttc=".price2num($this->total_ttc, 'MT').""; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog("PropaleLigne::update_total", LOG_DEBUG); diff --git a/htdocs/comm/propal/index.php b/htdocs/comm/propal/index.php index 3973071d1f0..7ff3e405499 100644 --- a/htdocs/comm/propal/index.php +++ b/htdocs/comm/propal/index.php @@ -88,7 +88,7 @@ if (!empty($conf->propal->enabled)) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND p.fk_soc = ".$socid; + $sql .= " AND p.fk_soc = ".((int) $socid); } $resql = $db->query($sql); @@ -160,7 +160,7 @@ $sql .= " WHERE c.entity IN (".getEntity($propalstatic->element).")"; $sql .= " AND c.fk_soc = s.rowid"; //$sql.= " AND c.fk_statut > 2"; if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; @@ -318,7 +318,7 @@ if (! empty($conf->propal->enabled)) $sql.= " WHERE c.fk_soc = s.rowid"; $sql.= " AND c.entity = ".$conf->entity; $sql.= " AND c.fk_statut = 1"; - if ($socid) $sql.= " AND c.fk_soc = ".$socid; + if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; $sql.= " ORDER BY c.rowid DESC"; @@ -393,7 +393,7 @@ if (! empty($conf->propal->enabled)) $sql.= " WHERE c.fk_soc = s.rowid"; $sql.= " AND c.entity = ".$conf->entity; $sql.= " AND c.fk_statut = 2 "; - if ($socid) $sql.= " AND c.fk_soc = ".$socid; + if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; $sql.= " ORDER BY c.rowid DESC"; diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index ceb945d1e72..95d461eac39 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -593,27 +593,27 @@ if ($sall) { $sql .= natural_search(array_keys($fieldstosearchall), $sall); } if ($search_categ_cus > 0) { - $sql .= " AND cc.fk_categorie = ".$db->escape($search_categ_cus); + $sql .= " AND cc.fk_categorie = ".((int) $search_categ_cus); } if ($search_categ_cus == -2) { $sql .= " AND cc.fk_categorie IS NULL"; } if ($search_fk_cond_reglement > 0) { - $sql .= " AND p.fk_cond_reglement = ".$db->escape($search_fk_cond_reglement); + $sql .= " AND p.fk_cond_reglement = ".((int) $search_fk_cond_reglement); } if ($search_fk_shipping_method > 0) { - $sql .= " AND p.fk_shipping_method = ".$db->escape($search_fk_shipping_method); + $sql .= " AND p.fk_shipping_method = ".((int) $search_fk_shipping_method); } if ($search_fk_input_reason > 0) { - $sql .= " AND p.fk_input_reason = ".$db->escape($search_fk_input_reason); + $sql .= " AND p.fk_input_reason = ".((int) $search_fk_input_reason); } if ($search_fk_mode_reglement > 0) { - $sql .= " AND p.fk_mode_reglement = ".$db->escape($search_fk_mode_reglement); + $sql .= " AND p.fk_mode_reglement = ".((int) $search_fk_mode_reglement); } if ($search_product_category > 0) { - $sql .= " AND cp.fk_categorie = ".$db->escape($search_product_category); + $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); } if ($socid > 0) { $sql .= ' AND s.rowid = '.((int) $socid); diff --git a/htdocs/comm/prospect/index.php b/htdocs/comm/prospect/index.php index 8883e0af6f3..d2f60c36212 100644 --- a/htdocs/comm/prospect/index.php +++ b/htdocs/comm/prospect/index.php @@ -87,7 +87,7 @@ $sql .= " WHERE s.fk_stcomm = st.id"; $sql .= " AND s.client IN (2, 3)"; $sql .= " AND s.entity IN (".getEntity($companystatic->element).")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY st.id"; $sql .= " ORDER BY st.id"; @@ -129,7 +129,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) { $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('propal').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $db->query($sql); @@ -191,7 +191,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) { $sql .= " AND p.fk_statut = 1"; $sql .= " AND p.entity IN (".getEntity('propal').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -250,7 +250,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE s.fk_stcomm = 1"; $sql .= " AND s.entity IN (".getEntity($companystatic->element).")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY s.tms ASC"; $sql .= $db->plimit(15, 0); diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index c0851dfee1d..c19cc6c379f 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -2539,7 +2539,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET date_commande = ".($date ? "'".$this->db->idate($date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".((int) self::STATUS_DRAFT); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -4559,14 +4559,14 @@ class OrderLine extends CommonOrderLine } $sql .= " , fk_product_fournisseur_price=".(!empty($this->fk_fournprice) ? $this->fk_fournprice : "null"); $sql .= " , buy_price_ht='".price2num($this->pa_ht)."'"; - $sql .= " , info_bits=".$this->info_bits; - $sql .= " , special_code=".$this->special_code; + $sql .= " , info_bits=".((int) $this->info_bits); + $sql .= " , special_code=".((int) $this->special_code); $sql .= " , date_start=".(!empty($this->date_start) ? "'".$this->db->idate($this->date_start)."'" : "null"); $sql .= " , date_end=".(!empty($this->date_end) ? "'".$this->db->idate($this->date_end)."'" : "null"); $sql .= " , product_type=".$this->product_type; $sql .= " , fk_parent_line=".(!empty($this->fk_parent_line) ? $this->fk_parent_line : "null"); if (!empty($this->rang)) { - $sql .= ", rang=".$this->rang; + $sql .= ", rang=".((int) $this->rang); } $sql .= " , fk_unit=".(!$this->fk_unit ? 'NULL' : $this->fk_unit); @@ -4576,7 +4576,7 @@ class OrderLine extends CommonOrderLine $sql .= " , multicurrency_total_tva=".price2num($this->multicurrency_total_tva).""; $sql .= " , multicurrency_total_ttc=".price2num($this->multicurrency_total_ttc).""; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/commande/customer.php b/htdocs/commande/customer.php index 6dfa898a024..62f8c4772f6 100644 --- a/htdocs/commande/customer.php +++ b/htdocs/commande/customer.php @@ -89,9 +89,6 @@ $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } -if (dol_strlen($stcomm)) { - $sql .= " AND s.fk_stcomm=".$stcomm; -} if (GETPOST("search_nom")) { $sql .= natural_search("s.nom", GETPOST("search_nom")); } diff --git a/htdocs/commande/index.php b/htdocs/commande/index.php index 48f1f600126..73f40668cea 100644 --- a/htdocs/commande/index.php +++ b/htdocs/commande/index.php @@ -166,7 +166,7 @@ $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('commande').")"; //$sql.= " AND c.fk_statut > 2"; if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; @@ -250,7 +250,7 @@ if (!empty($conf->commande->enabled)) { $sql .= " AND c.entity IN (".getEntity('commande').")"; $sql .= " AND c.fk_statut = ".Commande::STATUS_VALIDATED; if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; @@ -337,9 +337,9 @@ if (!empty($conf->commande->enabled)) { } $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('commande').")"; - $sql .= " AND c.fk_statut = ".Commande::STATUS_ACCEPTED; + $sql .= " AND c.fk_statut = ".((int) Commande::STATUS_ACCEPTED); if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php index f42b7c08de9..98bbd00b351 100644 --- a/htdocs/commande/list.php +++ b/htdocs/commande/list.php @@ -473,7 +473,7 @@ if ($search_user > 0) { $sql .= ' WHERE c.fk_soc = s.rowid'; $sql .= ' AND c.entity IN ('.getEntity('commande').')'; if ($search_product_category > 0) { - $sql .= " AND cp.fk_categorie = ".$search_product_category; + $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); } if ($socid > 0) { $sql .= ' AND s.rowid = '.((int) $socid); diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index 0a9784fce75..666621cbdd6 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -1181,7 +1181,7 @@ if ($resql) { $sqlforbalance .= " ".MAIN_DB_PREFIX."bank as b"; $sqlforbalance .= " WHERE b.fk_account = ba.rowid"; $sqlforbalance .= " AND ba.entity IN (".getEntity('bank_account').")"; - $sqlforbalance .= " AND b.fk_account = ".$search_account; + $sqlforbalance .= " AND b.fk_account = ".((int) $search_account); $sqlforbalance .= " AND (b.datev < '".$db->idate($db->jdate($objp->dv))."' OR (b.datev = '".$db->idate($db->jdate($objp->dv))."' AND (b.dateo < '".$db->idate($db->jdate($objp->do))."' OR (b.dateo = '".$db->idate($db->jdate($objp->do))."' AND b.rowid < ".$objp->rowid."))))"; $resqlforbalance = $db->query($sqlforbalance); //print $sqlforbalance; diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index e629d7620f0..0d97ed69a07 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -1070,7 +1070,7 @@ class Account extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_account"; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $result = $this->db->query($sql); @@ -2090,7 +2090,7 @@ class AccountLine extends CommonObject $sql .= " amount = ".price2num($this->amount).","; $sql .= " datev='".$this->db->idate($this->datev)."',"; $sql .= " dateo='".$this->db->idate($this->dateo)."'"; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/bank/class/api_bankaccounts.class.php b/htdocs/compta/bank/class/api_bankaccounts.class.php index 10357155295..fd7ed1838f2 100644 --- a/htdocs/compta/bank/class/api_bankaccounts.class.php +++ b/htdocs/compta/bank/class/api_bankaccounts.class.php @@ -77,7 +77,7 @@ class BankAccounts extends DolibarrApi $sql .= ' WHERE t.entity IN ('.getEntity('bank_account').')'; // Select accounts of given category if ($category > 0) { - $sql .= " AND c.fk_categorie = ".$this->db->escape($category)." AND c.fk_account = t.rowid "; + $sql .= " AND c.fk_categorie = ".((int) $category)." AND c.fk_account = t.rowid"; } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/compta/bank/line.php b/htdocs/compta/bank/line.php index c84f52ffee1..2c33085aa6d 100644 --- a/htdocs/compta/bank/line.php +++ b/htdocs/compta/bank/line.php @@ -173,7 +173,7 @@ if ($user->rights->banque->modifier && $action == "update") { $sql .= " datev = '".$db->idate($dateval)."',"; } } - $sql .= " fk_account = ".$actarget->id; + $sql .= " fk_account = ".((int) $actarget->id); $sql .= " WHERE rowid = ".((int) $acline->id); $result = $db->query($sql); diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php index f45d2a64af4..167c809a8b1 100644 --- a/htdocs/compta/bank/releve.php +++ b/htdocs/compta/bank/releve.php @@ -606,7 +606,7 @@ if (empty($numref)) { $sql .= ", ".MAIN_DB_PREFIX."bank_class as cl"; $sql .= " WHERE ct.rowid = cl.fk_categ"; $sql .= " AND ct.entity = ".$conf->entity; - $sql .= " AND cl.lineid = ".$objp->rowid; + $sql .= " AND cl.lineid = ".((int) $objp->rowid); $resc = $db->query($sql); if ($resc) { diff --git a/htdocs/compta/bank/various_payment/list.php b/htdocs/compta/bank/various_payment/list.php index f78e004f571..dda68a096a1 100644 --- a/htdocs/compta/bank/various_payment/list.php +++ b/htdocs/compta/bank/various_payment/list.php @@ -250,19 +250,19 @@ if ($search_amount_cred) { $sql .= natural_search("v.amount", $search_amount_cred, 1); } if ($search_bank_account > 0) { - $sql .= " AND b.fk_account=".$db->escape($search_bank_account); + $sql .= " AND b.fk_account = ".((int) $search_bank_account); } if ($search_bank_entry > 0) { - $sql .= " AND b.fk_account=".$db->escape($search_bank_account); + $sql .= " AND b.fk_account = ".((int) $search_bank_account); } if ($search_accountancy_account > 0) { - $sql .= " AND v.accountancy_code=".$db->escape($search_accountancy_account); + $sql .= " AND v.accountancy_code = ".((int) $search_accountancy_account); } if ($search_accountancy_subledger > 0) { - $sql .= " AND v.subledger_account=".$db->escape($search_accountancy_subledger); + $sql .= " AND v.subledger_account = ".((int) $search_accountancy_subledger); } if ($typeid > 0) { - $sql .= " AND v.fk_typepayment=".$typeid; + $sql .= " AND v.fk_typepayment=".((int) $typeid); } if ($search_all) { $sql .= natural_search(array_keys($fieldstosearchall), $search_all); diff --git a/htdocs/compta/clients.php b/htdocs/compta/clients.php index 60924dae644..b0a4716b7e1 100644 --- a/htdocs/compta/clients.php +++ b/htdocs/compta/clients.php @@ -71,7 +71,7 @@ llxHeader(); $thirdpartystatic = new Societe($db); if ($action == 'note') { - $sql = "UPDATE ".MAIN_DB_PREFIX."societe SET note='".$db->escape($note)."' WHERE rowid=".$socid; + $sql = "UPDATE ".MAIN_DB_PREFIX."societe SET note='".$db->escape($note)."' WHERE rowid=".((int) $socid); $result = $db->query($sql); } @@ -107,29 +107,21 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if (dol_strlen($stcomm)) { - $sql .= " AND s.fk_stcomm=".$stcomm; + $sql .= " AND s.fk_stcomm=".((int) $stcomm); } -if ($socname) { - $sql .= natural_search("s.nom", $socname); - $sortfield = "s.nom"; - $sortorder = "ASC"; -} -if ($_GET["search_nom"]) { +if (GETPOST("search_nom")) { $sql .= natural_search("s.nom", GETPOST("search_nom")); } -if ($_GET["search_compta"]) { +if (GETPOST("search_compta")) { $sql .= natural_search("s.code_compta", GETPOST("search_compta")); } -if ($_GET["search_code_client"]) { +if (GETPOST("search_code_client")) { $sql .= natural_search("s.code_client", GETPOST("search_code_client")); } -if (dol_strlen($begin)) { - $sql .= natural_search("s.nom", $begin); -} if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); } -$sql .= " ORDER BY $sortfield $sortorder "; +$sql .= " ORDER BY $sortfield $sortorder"; $sql .= $db->plimit($conf->liste_limit + 1, $offset); //print $sql; diff --git a/htdocs/compta/facture/class/api_invoices.class.php b/htdocs/compta/facture/class/api_invoices.class.php index 84b4df207a5..3dfa5f70603 100644 --- a/htdocs/compta/facture/class/api_invoices.class.php +++ b/htdocs/compta/facture/class/api_invoices.class.php @@ -217,7 +217,7 @@ class Invoices extends DolibarrApi } // Insert sale filter if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/compta/facture/class/facture-rec.class.php b/htdocs/compta/facture/class/facture-rec.class.php index 286b5a1ccea..7d2ffe9e022 100644 --- a/htdocs/compta/facture/class/facture-rec.class.php +++ b/htdocs/compta/facture/class/facture-rec.class.php @@ -470,9 +470,9 @@ class FactureRec extends CommonInvoice $error = 0; $sql = "UPDATE ".MAIN_DB_PREFIX."facture_rec SET"; - $sql .= " fk_soc = ".$this->fk_soc; + $sql .= " fk_soc = ".((int) $this->fk_soc); // TODO Add missing fields - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1136,12 +1136,12 @@ class FactureRec extends CommonInvoice $sql .= ", qty=".price2num($qty); $sql .= ", tva_tx=".price2num($txtva); $sql .= ", vat_src_code='".$this->db->escape($vat_src_code)."'"; - $sql .= ", localtax1_tx=".$txlocaltax1; + $sql .= ", localtax1_tx=".((float) $txlocaltax1); $sql .= ", localtax1_type='".$this->db->escape($localtaxes_type[0])."'"; - $sql .= ", localtax2_tx=".$txlocaltax2; + $sql .= ", localtax2_tx=".((float) $txlocaltax2); $sql .= ", localtax2_type='".$this->db->escape($localtaxes_type[2])."'"; $sql .= ", fk_product=".(!empty($fk_product) ? "'".$this->db->escape($fk_product)."'" : "null"); - $sql .= ", product_type=".$product_type; + $sql .= ", product_type=".((int) $product_type); $sql .= ", remise_percent='".price2num($remise_percent)."'"; $sql .= ", subprice='".price2num($pu_ht)."'"; $sql .= ", total_ht='".price2num($total_ht)."'"; @@ -2124,11 +2124,11 @@ class FactureLigneRec extends CommonInvoiceLine $sql .= ", total_localtax2=".price2num($this->total_localtax2); $sql .= ", total_ttc=".price2num($this->total_ttc); } - $sql .= ", rang=".$this->rang; - $sql .= ", special_code=".$this->special_code; + $sql .= ", rang=".((int) $this->rang); + $sql .= ", special_code=".((int) $this->special_code); $sql .= ", fk_unit=".($this->fk_unit ? "'".$this->db->escape($this->fk_unit)."'" : "null"); $sql .= ", fk_contract_line=".($this->fk_contract_line ? $this->fk_contract_line : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 6dd67d4d931..40a14eb1711 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -4105,7 +4105,7 @@ class Facture extends CommonInvoice $sql .= " AND pf.fk_paiement IS NULL"; // Aucun paiement deja fait $sql .= " AND ff.fk_statut IS NULL"; // Renvoi vrai si pas facture de remplacement if ($socid > 0) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " ORDER BY f.ref"; @@ -5594,7 +5594,7 @@ class FactureLigne extends CommonInvoiceLine $sql .= ", buy_price_ht=".(($this->pa_ht || $this->pa_ht === 0 || $this->pa_ht === '0') ? price2num($this->pa_ht) : "null"); // $this->pa_ht should always be defined (set to 0 or to sell price depending on option) $sql .= ", fk_parent_line=".($this->fk_parent_line > 0 ? $this->fk_parent_line : "null"); if (!empty($this->rang)) { - $sql .= ", rang=".$this->rang; + $sql .= ", rang=".((int) $this->rang); } $sql .= ", situation_percent=".$this->situation_percent; $sql .= ", fk_unit=".(!$this->fk_unit ? 'NULL' : $this->fk_unit); @@ -5606,7 +5606,7 @@ class FactureLigne extends CommonInvoiceLine $sql .= ", multicurrency_total_tva=".price2num($this->multicurrency_total_tva).""; $sql .= ", multicurrency_total_ttc=".price2num($this->multicurrency_total_ttc).""; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index fb4089fabec..a375bc677f2 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -546,7 +546,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($search_product_category > 0) { - $sql .= " AND cp.fk_categorie = ".$db->escape($search_product_category); + $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); } if ($socid > 0) { $sql .= ' AND s.rowid = '.((int) $socid); @@ -634,7 +634,7 @@ if ($search_login) { $sql .= natural_search(array('u.login', 'u.firstname', 'u.lastname'), $search_login); } if ($search_categ_cus > 0) { - $sql .= " AND cc.fk_categorie = ".$db->escape($search_categ_cus); + $sql .= " AND cc.fk_categorie = ".((int) $search_categ_cus); } if ($search_categ_cus == -2) { $sql .= " AND cc.fk_categorie IS NULL"; @@ -659,10 +659,10 @@ if ($search_status != '-1' && $search_status != '') { } if ($search_paymentmode > 0) { - $sql .= " AND f.fk_mode_reglement = ".$db->escape($search_paymentmode); + $sql .= " AND f.fk_mode_reglement = ".((int) $search_paymentmode); } if ($search_paymentterms > 0) { - $sql .= " AND f.fk_cond_reglement = ".$db->escape($search_paymentterms); + $sql .= " AND f.fk_cond_reglement = ".((int) $search_paymentterms); } if ($search_module_source) { $sql .= natural_search("f.module_source", $search_module_source); @@ -692,10 +692,10 @@ if ($option == 'late') { $sql .= " AND f.date_lim_reglement < '".$db->idate(dol_now() - $conf->facture->client->warning_delay)."'"; } if ($search_sale > 0) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".(int) $search_sale; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale); } if ($search_user > 0) { - $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='facture' AND tc.source='internal' AND ec.element_id = f.rowid AND ec.fk_socpeople = ".$search_user; + $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='facture' AND tc.source='internal' AND ec.element_id = f.rowid AND ec.fk_socpeople = ".((int) $search_user); } // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php index e33ddc35610..18519955bf6 100644 --- a/htdocs/compta/index.php +++ b/htdocs/compta/index.php @@ -138,7 +138,7 @@ if (!empty($conf->facture->enabled) && !empty($user->rights->facture->lire)) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } // Add where from hooks $parameters = array(); @@ -283,7 +283,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND ff.fk_soc = ".$socid; + $sql .= " AND ff.fk_soc = ".((int) $socid); } // Add where from hooks $parameters = array(); @@ -593,7 +593,7 @@ if (!empty($conf->facture->enabled) && !empty($conf->commande->enabled) && $user $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $sql .= " AND c.fk_statut = ".Commande::STATUS_CLOSED; $sql .= " AND c.facture = 0"; diff --git a/htdocs/compta/localtax/class/localtax.class.php b/htdocs/compta/localtax/class/localtax.class.php index dc133977202..115dce99c9e 100644 --- a/htdocs/compta/localtax/class/localtax.class.php +++ b/htdocs/compta/localtax/class/localtax.class.php @@ -170,7 +170,7 @@ class Localtax extends CommonObject // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."localtax SET"; - $sql .= " localtaxtype=".$this->ltt.","; + $sql .= " localtaxtype=".((int) $this->ltt).","; $sql .= " tms='".$this->db->idate($this->tms)."',"; $sql .= " datep='".$this->db->idate($this->datep)."',"; $sql .= " datev='".$this->db->idate($this->datev)."',"; diff --git a/htdocs/compta/localtax/index.php b/htdocs/compta/localtax/index.php index 86fa3fe52f0..f9ea0ac02d9 100644 --- a/htdocs/compta/localtax/index.php +++ b/htdocs/compta/localtax/index.php @@ -584,7 +584,7 @@ $sql .= "SELECT SUM(amount) as mm, date_format(f.datev,'%Y-%m') as dm, 'claimed' $sql .= " FROM ".MAIN_DB_PREFIX."localtax as f"; $sql .= " WHERE f.entity = ".$conf->entity; $sql .= " AND (f.datev >= '".$db->idate($date_start)."' AND f.datev <= '".$db->idate($date_end)."')"; -$sql .= " AND localtaxtype=".$localTaxType; +$sql .= " AND localtaxtype=".((int) $localTaxType); $sql .= " GROUP BY dm"; $sql .= " UNION "; @@ -593,7 +593,7 @@ $sql .= "SELECT SUM(amount) as mm, date_format(f.datep,'%Y-%m') as dm, 'paid' as $sql .= " FROM ".MAIN_DB_PREFIX."localtax as f"; $sql .= " WHERE f.entity = ".$conf->entity; $sql .= " AND (f.datep >= '".$db->idate($date_start)."' AND f.datep <= '".$db->idate($date_end)."')"; -$sql .= " AND localtaxtype=".$localTaxType; +$sql .= " AND localtaxtype=".((int) $localTaxType); $sql .= " GROUP BY dm"; $sql .= " ORDER BY dm ASC, mode ASC"; diff --git a/htdocs/compta/paiement/cheque/card.php b/htdocs/compta/paiement/cheque/card.php index 04eee81ced0..32f81532ecf 100644 --- a/htdocs/compta/paiement/cheque/card.php +++ b/htdocs/compta/paiement/cheque/card.php @@ -606,7 +606,7 @@ if ($action == 'new') { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiement as p ON p.fk_bank = b.rowid"; $sql .= " WHERE ba.entity IN (".getEntity('bank_account').")"; $sql .= " AND b.fk_type= 'CHQ'"; - $sql .= " AND b.fk_bordereau = ".$object->id; + $sql .= " AND b.fk_bordereau = ".((int) $object->id); $sql .= $db->order($sortfield, $sortorder); $resql = $db->query($sql); diff --git a/htdocs/compta/paiement/cheque/list.php b/htdocs/compta/paiement/cheque/list.php index 0c4a6d9c478..f4d6c9e2686 100644 --- a/htdocs/compta/paiement/cheque/list.php +++ b/htdocs/compta/paiement/cheque/list.php @@ -104,7 +104,7 @@ if ($search_ref) { $sql .= natural_search("bc.ref", $search_ref); } if ($search_account > 0) { - $sql .= " AND bc.fk_bank_account=".$search_account; + $sql .= " AND bc.fk_bank_account = ".((int) $search_account); } if ($search_amount) { $sql .= natural_search("bc.amount", price2num($search_amount)); diff --git a/htdocs/compta/paiement/tovalidate.php b/htdocs/compta/paiement/tovalidate.php index 4e464243df6..6b811bc2d13 100644 --- a/htdocs/compta/paiement/tovalidate.php +++ b/htdocs/compta/paiement/tovalidate.php @@ -78,7 +78,7 @@ if ($socid) { } $sql .= " WHERE p.entity IN (".getEntity('invoice').')'; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " AND p.statut = 0"; diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index dbf2d67778a..f69c7b476a2 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -203,7 +203,7 @@ class BonPrelevement extends CommonObject $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes"; $sql .= " WHERE fk_prelevement_bons = ".$this->id; - $sql .= " AND fk_soc =".$client_id; + $sql .= " AND fk_soc =".((int) $client_id); $sql .= " AND code_banque = '".$this->db->escape($code_banque)."'"; $sql .= " AND code_guichet = '".$this->db->escape($code_guichet)."'"; $sql .= " AND number = '".$this->db->escape($number)."'"; diff --git a/htdocs/compta/prelevement/class/rejetprelevement.class.php b/htdocs/compta/prelevement/class/rejetprelevement.class.php index 0faea8a159c..dcf3c1a8bc5 100644 --- a/htdocs/compta/prelevement/class/rejetprelevement.class.php +++ b/htdocs/compta/prelevement/class/rejetprelevement.class.php @@ -329,7 +329,7 @@ class RejetPrelevement $sql = "SELECT pr.date_rejet as dr, motif, afacturer"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_rejet as pr"; - $sql .= " WHERE pr.fk_prelevement_lignes =".$rowid; + $sql .= " WHERE pr.fk_prelevement_lignes =".((int) $rowid); $resql = $this->db->query($sql); if ($resql) { @@ -345,11 +345,11 @@ class RejetPrelevement return 0; } else { - dol_syslog("RejetPrelevement::Fetch Erreur rowid=$rowid numrows=0"); + dol_syslog("RejetPrelevement::Fetch Erreur rowid=".$rowid." numrows=0"); return -1; } } else { - dol_syslog("RejetPrelevement::Fetch Erreur rowid=$rowid"); + dol_syslog("RejetPrelevement::Fetch Erreur rowid=".$rowid); return -2; } } diff --git a/htdocs/compta/prelevement/fiche-rejet.php b/htdocs/compta/prelevement/fiche-rejet.php index 928be9c4245..8711f663d55 100644 --- a/htdocs/compta/prelevement/fiche-rejet.php +++ b/htdocs/compta/prelevement/fiche-rejet.php @@ -170,15 +170,15 @@ $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_bons as p"; $sql .= " , ".MAIN_DB_PREFIX."prelevement_lignes as pl"; $sql .= " , ".MAIN_DB_PREFIX."societe as s"; $sql .= " , ".MAIN_DB_PREFIX."prelevement_rejet as pr"; -$sql .= " WHERE p.rowid=".$object->id; +$sql .= " WHERE p.rowid=".((int) $object->id); $sql .= " AND pl.fk_prelevement_bons = p.rowid"; $sql .= " AND p.entity = ".$conf->entity; $sql .= " AND pl.fk_soc = s.rowid"; $sql .= " AND pl.statut = 3 "; $sql .= " AND pr.fk_prelevement_lignes = pl.rowid"; -if ($socid) { +/*if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); -} +}*/ $sql .= " ORDER BY pl.amount DESC"; // Count total nb of records diff --git a/htdocs/compta/recap-compta.php b/htdocs/compta/recap-compta.php index 3abdf04ae1b..d98a6aab251 100644 --- a/htdocs/compta/recap-compta.php +++ b/htdocs/compta/recap-compta.php @@ -189,7 +189,7 @@ if ($id > 0) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON p.fk_user_creat = u.rowid"; $sql .= " WHERE pf.fk_paiement = p.rowid"; $sql .= " AND p.entity = ".$conf->entity; - $sql .= " AND pf.fk_facture = ".$fac->id; + $sql .= " AND pf.fk_facture = ".((int) $fac->id); $sql .= " ORDER BY p.datep ASC, p.rowid ASC"; $resqlp = $db->query($sql); diff --git a/htdocs/compta/resultat/clientfourn.php b/htdocs/compta/resultat/clientfourn.php index bd871fd3ea3..5aca25466a3 100644 --- a/htdocs/compta/resultat/clientfourn.php +++ b/htdocs/compta/resultat/clientfourn.php @@ -403,7 +403,7 @@ if ($modecompta == 'BOOKKEEPING') { } $sql .= " AND f.entity IN (".getEntity('invoice').")"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " GROUP BY name, socid"; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/compta/sociales/list.php b/htdocs/compta/sociales/list.php index db754390e5e..a4deec56715 100644 --- a/htdocs/compta/sociales/list.php +++ b/htdocs/compta/sociales/list.php @@ -218,7 +218,7 @@ if ($search_amount) { $sql .= natural_search("cs.amount", $search_amount, 1); } if ($search_status != '' && $search_status >= 0) { - $sql .= " AND cs.paye = ".$db->escape($search_status); + $sql .= " AND cs.paye = ".((int) $search_status); } $sql .= dolSqlDateFilter("cs.periode", $search_day_lim, $search_month_lim, $search_year_lim); //$sql.= dolSqlDateFilter("cs.periode", 0, 0, $year); @@ -230,8 +230,8 @@ if ($year > 0) { $sql .= "OR (cs.periode IS NULL AND date_format(cs.date_ech, '%Y') = '".$db->escape($year)."')"; $sql .= ")"; } -if ($search_typeid) { - $sql .= " AND cs.fk_type=".$db->escape($search_typeid); +if ($search_typeid > 0) { + $sql .= " AND cs.fk_type = ".((int) $search_typeid); } $sql .= " GROUP BY cs.rowid, cs.fk_type, cs.fk_user, cs.amount, cs.date_ech, cs.libelle, cs.paye, cs.periode, c.libelle, cs.fk_account, ba.label, ba.ref, ba.number, ba.account_number, ba.iban_prefix, ba.bic, ba.currency_code, ba.clos, pay.code, u.lastname"; if (!empty($conf->projet->enabled)) { diff --git a/htdocs/compta/stats/cabyuser.php b/htdocs/compta/stats/cabyuser.php index 63798baf62f..8e3169f1e8c 100644 --- a/htdocs/compta/stats/cabyuser.php +++ b/htdocs/compta/stats/cabyuser.php @@ -262,7 +262,7 @@ if ($modecompta == 'CREANCES-DETTES') { } $sql .= " AND f.entity IN (".getEntity('invoice').")"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " GROUP BY u.rowid, u.lastname, u.firstname"; $sql .= " ORDER BY u.rowid"; diff --git a/htdocs/compta/stats/index.php b/htdocs/compta/stats/index.php index 05bbbab99d3..e7ec8c61db7 100644 --- a/htdocs/compta/stats/index.php +++ b/htdocs/compta/stats/index.php @@ -681,7 +681,7 @@ print ''; AND p.facture =0"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " GROUP BY p.rowid"; diff --git a/htdocs/compta/stats/supplier_turnover.php b/htdocs/compta/stats/supplier_turnover.php index 0afcb72da2d..7273e8ed529 100644 --- a/htdocs/compta/stats/supplier_turnover.php +++ b/htdocs/compta/stats/supplier_turnover.php @@ -197,7 +197,7 @@ if ($modecompta == 'CREANCES-DETTES') { $sql .= " AND f.type IN (0,2)"; $sql .= " AND f.entity IN (".getEntity('supplier_invoice').")"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } } elseif ($modecompta == "RECETTES-DEPENSES") { $sql = "SELECT date_format(p.datep,'%Y-%m') as dm, sum(pf.amount) as amount_ttc"; @@ -208,7 +208,7 @@ if ($modecompta == 'CREANCES-DETTES') { $sql .= " AND pf.fk_facturefourn = f.rowid"; $sql .= " AND f.entity IN (".getEntity('supplier_invoice').")"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } } elseif ($modecompta == "BOOKKEEPING") { $pcgverid = $conf->global->CHARTOFACCOUNTS; diff --git a/htdocs/compta/stats/supplier_turnover_by_thirdparty.php b/htdocs/compta/stats/supplier_turnover_by_thirdparty.php index a97e15d1499..0ea8418381d 100644 --- a/htdocs/compta/stats/supplier_turnover_by_thirdparty.php +++ b/htdocs/compta/stats/supplier_turnover_by_thirdparty.php @@ -301,7 +301,7 @@ if ($search_country > 0) { } $sql .= " AND f.entity IN (".getEntity('supplier_invoice').")"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " GROUP BY s.rowid, s.nom, s.zip, s.town, s.fk_pays"; $sql .= " ORDER BY s.rowid"; diff --git a/htdocs/compta/tva/class/tva.class.php b/htdocs/compta/tva/class/tva.class.php index daed5b19f5e..45d3d2e74b4 100644 --- a/htdocs/compta/tva/class/tva.class.php +++ b/htdocs/compta/tva/class/tva.class.php @@ -207,7 +207,7 @@ class Tva extends CommonObject $sql .= " amount=".price2num($this->amount).","; $sql .= " label='".$this->db->escape($this->label)."',"; $sql .= " note='".$this->db->escape($this->note)."',"; - $sql .= " fk_user_creat=".$this->fk_user_creat.","; + $sql .= " fk_user_creat=".((int) $this->fk_user_creat).","; $sql .= " fk_user_modif=".($this->fk_user_modif > 0 ? $this->fk_user_modif : $user->id).""; $sql .= " WHERE rowid=".((int) $this->id); diff --git a/htdocs/compta/tva/list.php b/htdocs/compta/tva/list.php index 17237732cea..69ce8ae8ae5 100644 --- a/htdocs/compta/tva/list.php +++ b/htdocs/compta/tva/list.php @@ -171,16 +171,16 @@ if (!empty($search_datepayment_end)) { $sql .= ' AND t.datep <= "'.$db->idate($search_datepayment_end).'"'; } if (!empty($search_type) && $search_type > 0) { - $sql .= ' AND t.fk_typepayment='.$search_type; + $sql .= ' AND t.fk_typepayment = '.((int) $search_type); } if (!empty($search_account) && $search_account > 0) { - $sql .= ' AND t.fk_account='.$search_account; + $sql .= ' AND t.fk_account = '.((int) $search_account); } if (!empty($search_amount)) { $sql .= natural_search('t.amount', price2num(trim($search_amount)), 1); } if ($search_status != '' && $search_status >= 0) { - $sql .= " AND t.paye = ".$db->escape($search_status); + $sql .= " AND t.paye = ".((int) $search_status); } $sql .= " GROUP BY t.rowid, t.amount, t.label, t.datev, t.datep, t.paye, t.fk_typepayment, t.fk_account, ba.label, ba.ref, ba.number, ba.account_number, ba.iban_prefix, ba.bic, ba.currency_code, ba.clos, t.num_payment, pst.code"; diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 78e4ffae99b..e1f987ac2f4 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -591,11 +591,11 @@ class Contact extends CommonObject if (isset($this->stcomm_id)) { $sql .= ", fk_stcommcontact = ".($this->stcomm_id > 0 || $this->stcomm_id == -1 ? $this->stcomm_id : "0"); } - $sql .= ", statut = ".$this->db->escape($this->statut); + $sql .= ", statut = ".((int) $this->statut); $sql .= ", fk_user_modif=".($user->id > 0 ? "'".$this->db->escape($user->id)."'" : "NULL"); $sql .= ", default_lang=".($this->default_lang ? "'".$this->db->escape($this->default_lang)."'" : "NULL"); - $sql .= ", entity = ".$this->db->escape($this->entity); - $sql .= " WHERE rowid=".$this->db->escape($id); + $sql .= ", entity = ".((int) $this->entity); + $sql .= " WHERE rowid=".((int) $id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); @@ -1221,7 +1221,7 @@ class Contact extends CommonObject $obj = $this->db->fetch_object($resql); $sqldel = "DELETE FROM ".MAIN_DB_PREFIX."element_contact"; - $sqldel .= " WHERE rowid = ".$obj->rowid; + $sqldel .= " WHERE rowid = ".((int) $obj->rowid); dol_syslog(__METHOD__, LOG_DEBUG); $result = $this->db->query($sqldel); if (!$result) { @@ -1324,7 +1324,7 @@ class Contact extends CommonObject $sql = "SELECT c.rowid, c.datec as datec, c.fk_user_creat,"; $sql .= " c.tms as tms, c.fk_user_modif"; $sql .= " FROM ".MAIN_DB_PREFIX."socpeople as c"; - $sql .= " WHERE c.rowid = ".$this->db->escape($id); + $sql .= " WHERE c.rowid = ".((int) $id); $resql = $this->db->query($sql); if ($resql) { @@ -1770,10 +1770,10 @@ class Contact extends CommonObject $sql = "SELECT sc.fk_socpeople as id, sc.fk_c_type_contact"; $sql .= " FROM ".MAIN_DB_PREFIX."c_type_contact tc"; $sql .= ", ".MAIN_DB_PREFIX."societe_contacts sc"; - $sql .= " WHERE sc.fk_soc =".$this->socid; + $sql .= " WHERE sc.fk_soc =".((int) $this->socid); $sql .= " AND sc.fk_c_type_contact=tc.rowid"; - $sql .= " AND tc.element='".$this->db->escape($element)."'"; - $sql .= " AND tc.active=1"; + $sql .= " AND tc.element = '".$this->db->escape($element)."'"; + $sql .= " AND tc.active = 1"; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index 74e3c704739..5ef0a10deb5 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -392,7 +392,7 @@ if (!$user->rights->societe->client->voir && !$socid) { //restriction $sql .= " AND (sc.fk_user = ".$user->id." OR p.fk_soc IS NULL)"; } if (!empty($userid)) { // propre au commercial - $sql .= " AND p.fk_user_creat=".$db->escape($userid); + $sql .= " AND p.fk_user_creat=".((int) $userid); } if ($search_level) { $sql .= natural_search("p.fk_prospectcontactlevel", join(',', $search_level), 3); @@ -414,19 +414,19 @@ if ($search_priv != '0' && $search_priv != '1') { } if ($search_categ > 0) { - $sql .= " AND cc.fk_categorie = ".$db->escape($search_categ); + $sql .= " AND cc.fk_categorie = ".((int) $search_categ); } if ($search_categ == -2) { $sql .= " AND cc.fk_categorie IS NULL"; } if ($search_categ_thirdparty > 0) { - $sql .= " AND cs.fk_categorie = ".$db->escape($search_categ_thirdparty); + $sql .= " AND cs.fk_categorie = ".((int) $search_categ_thirdparty); } if ($search_categ_thirdparty == -2) { $sql .= " AND cs.fk_categorie IS NULL"; } if ($search_categ_supplier > 0) { - $sql .= " AND cs2.fk_categorie = ".$db->escape($search_categ_supplier); + $sql .= " AND cs2.fk_categorie = ".((int) $search_categ_supplier); } if ($search_categ_supplier == -2) { $sql .= " AND cs2.fk_categorie IS NULL"; @@ -495,10 +495,10 @@ if (count($search_roles) > 0) { $sql .= " AND p.rowid IN (SELECT sc.fk_socpeople FROM ".MAIN_DB_PREFIX."societe_contacts as sc WHERE sc.fk_c_type_contact IN (".$db->sanitize(implode(',', $search_roles))."))"; } if ($search_no_email != '' && $search_no_email >= 0) { - $sql .= " AND p.no_email = ".$db->escape($search_no_email); + $sql .= " AND p.no_email = ".((int) $search_no_email); } if ($search_status != '' && $search_status >= 0) { - $sql .= " AND p.statut = ".$db->escape($search_status); + $sql .= " AND p.statut = ".((int) $search_status); } if ($search_import_key) { $sql .= natural_search("p.import_key", $search_import_key); diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 186e4ee5761..0275baeb3a9 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -3066,9 +3066,9 @@ class ContratLigne extends CommonObjectLine // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."contratdet SET"; - $sql .= " fk_contrat=".$this->fk_contrat.","; + $sql .= " fk_contrat=".((int) $this->fk_contrat).","; $sql .= " fk_product=".($this->fk_product ? "'".$this->db->escape($this->fk_product)."'" : 'null').","; - $sql .= " statut=".$this->statut.","; + $sql .= " statut=".((int) $this->statut).","; $sql .= " label='".$this->db->escape($this->label)."',"; $sql .= " description='".$this->db->escape($this->description)."',"; $sql .= " date_commande=".($this->date_commande != '' ? "'".$this->db->idate($this->date_commande)."'" : "null").","; @@ -3373,11 +3373,11 @@ class ContratLigne extends CommonObjectLine $this->db->begin(); - $sql = "UPDATE ".MAIN_DB_PREFIX."contratdet SET statut = ".ContratLigne::STATUS_CLOSED.","; + $sql = "UPDATE ".MAIN_DB_PREFIX."contratdet SET statut = ".((int) ContratLigne::STATUS_CLOSED).","; $sql .= " date_cloture = '".$this->db->idate($date_end)."',"; $sql .= " fk_user_cloture = ".$user->id.","; $sql .= " commentaire = '".$this->db->escape($comment)."'"; - $sql .= " WHERE rowid = ".$this->id." AND statut = ".ContratLigne::STATUS_OPEN; + $sql .= " WHERE rowid = ".$this->id." AND statut = ".((int) ContratLigne::STATUS_OPEN); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/contrat/index.php b/htdocs/contrat/index.php index aed4cba2fe1..a5e3da943b7 100644 --- a/htdocs/contrat/index.php +++ b/htdocs/contrat/index.php @@ -250,7 +250,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $resql = $db->query($sql); diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php index cf19f1178f6..ccb36830844 100644 --- a/htdocs/contrat/list.php +++ b/htdocs/contrat/list.php @@ -265,10 +265,10 @@ if ($search_type_thirdparty != '' && $search_type_thirdparty > 0) { $sql .= " AND s.fk_typent IN (".$db->sanitize($db->escape($search_type_thirdparty)).')'; } if ($search_product_category > 0) { - $sql .= " AND cp.fk_categorie = ".$search_product_category; + $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); } if ($socid) { - $sql .= " AND s.rowid = ".$db->escape($socid); + $sql .= " AND s.rowid = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; @@ -296,13 +296,13 @@ if ($search_town) { $sql .= natural_search(array('s.town'), $search_town); } if ($search_sale > 0) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$search_sale; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale); } if ($sall) { $sql .= natural_search(array_keys($fieldstosearchall), $sall); } if ($search_user > 0) { - $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='contrat' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".$search_user; + $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='contrat' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".((int) $search_user); } // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; diff --git a/htdocs/contrat/services_list.php b/htdocs/contrat/services_list.php index a0ecc6b4be8..8368bffbab2 100644 --- a/htdocs/contrat/services_list.php +++ b/htdocs/contrat/services_list.php @@ -257,7 +257,7 @@ if ($search_product_category > 0) { $sql .= " WHERE c.entity = ".$conf->entity; $sql .= " AND c.rowid = cd.fk_contrat"; if ($search_product_category > 0) { - $sql .= " AND cp.fk_categorie = ".$search_product_category; + $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); } $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 9e312bee679..f3c68711edd 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -531,7 +531,7 @@ abstract class CommonObject $sql .= " WHERE entity IN (".getEntity($element).")"; if ($id > 0) { - $sql .= " AND rowid = ".$db->escape($id); + $sql .= " AND rowid = ".((int) $id); } elseif ($ref) { $sql .= " AND ref = '".$db->escape($ref)."'"; } elseif ($ref_ext) { @@ -542,7 +542,7 @@ abstract class CommonObject return -1; } if ($ref || $ref_ext) { - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); } dol_syslog(get_class()."::isExistingObject", LOG_DEBUG); @@ -1278,7 +1278,7 @@ abstract class CommonObject } $sql .= " AND tc.active=1"; if ($status >= 0) { - $sql .= " AND ec.statut = ".$status; + $sql .= " AND ec.statut = ".((int) $status); } $sql .= " ORDER BY t.lastname ASC"; @@ -1926,7 +1926,7 @@ abstract class CommonObject if ($format == 'text') { $sql .= $field." = '".$this->db->escape($value)."'"; } elseif ($format == 'int') { - $sql .= $field." = ".$this->db->escape($value); + $sql .= $field." = ".((int) $value); } elseif ($format == 'date') { $sql .= $field." = ".($value ? "'".$this->db->idate($value)."'" : "null"); } @@ -3709,19 +3709,19 @@ abstract class CommonObject $sql .= " WHERE "; if ($justsource || $justtarget) { if ($justsource) { - $sql .= "fk_source = ".$sourceid." AND sourcetype = '".$this->db->escape($sourcetype)."'"; + $sql .= "fk_source = ".((int) $sourceid)." AND sourcetype = '".$this->db->escape($sourcetype)."'"; if ($withtargettype) { $sql .= " AND targettype = '".$this->db->escape($targettype)."'"; } } elseif ($justtarget) { - $sql .= "fk_target = ".$targetid." AND targettype = '".$this->db->escape($targettype)."'"; + $sql .= "fk_target = ".((int) $targetid)." AND targettype = '".$this->db->escape($targettype)."'"; if ($withsourcetype) { $sql .= " AND sourcetype = '".$this->db->escape($sourcetype)."'"; } } } else { - $sql .= "(fk_source = ".$sourceid." AND sourcetype = '".$this->db->escape($sourcetype)."')"; - $sql .= " ".$clause." (fk_target = ".$targetid." AND targettype = '".$this->db->escape($targettype)."')"; + $sql .= "(fk_source = ".((int) $sourceid)." AND sourcetype = '".$this->db->escape($sourcetype)."')"; + $sql .= " ".$clause." (fk_target = ".((int) $targetid)." AND targettype = '".$this->db->escape($targettype)."')"; } $sql .= ' ORDER BY '.$orderby; @@ -4106,12 +4106,12 @@ abstract class CommonObject } $sql = "UPDATE ".MAIN_DB_PREFIX.$elementTable; - $sql .= " SET ".$fieldstatus." = ".$status; + $sql .= " SET ".$fieldstatus." = ".((int) $status); // If status = 1 = validated, update also fk_user_valid if ($status == 1 && $elementTable == 'expensereport') { $sql .= ", fk_user_valid = ".$user->id; } - $sql .= " WHERE rowid=".$elementId; + $sql .= " WHERE rowid=".((int) $elementId); dol_syslog(get_class($this)."::setStatut", LOG_DEBUG); if ($this->db->query($sql)) { @@ -7122,11 +7122,11 @@ abstract class CommonObject $sql .= ' as main'; } if ($selectkey == 'rowid' && empty($value)) { - $sql .= " WHERE ".$selectkey."=0"; + $sql .= " WHERE ".$selectkey." = 0"; } elseif ($selectkey == 'rowid') { - $sql .= " WHERE ".$selectkey."=".$this->db->escape($value); + $sql .= " WHERE ".$selectkey." = ".((int) $value); } else { - $sql .= " WHERE ".$selectkey."='".$this->db->escape($value)."'"; + $sql .= " WHERE ".$selectkey." = '".$this->db->escape($value)."'"; } //$sql.= ' AND entity = '.$conf->entity; diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php index 32d7faa1557..aaf0f315c1b 100644 --- a/htdocs/core/class/discount.class.php +++ b/htdocs/core/class/discount.class.php @@ -292,7 +292,7 @@ class DiscountAbsolute $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except"; $sql .= " WHERE (fk_facture_line IS NOT NULL"; // Not used as absolute simple discount $sql .= " OR fk_facture IS NOT NULL)"; // Not used as credit note and not used as deposit - $sql .= " AND fk_facture_source = ".$this->fk_facture_source; + $sql .= " AND fk_facture_source = ".((int) $this->fk_facture_source); //$sql.=" AND rowid != ".$this->id; dol_syslog(get_class($this)."::delete Check if we can remove discount", LOG_DEBUG); diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index dc3726f2634..2f8b0871a83 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1722,11 +1722,11 @@ class ExtraFields $sql .= ' as main'; } if ($selectkey == 'rowid' && empty($value)) { - $sql .= " WHERE ".$selectkey."=0"; + $sql .= " WHERE ".$selectkey." = 0"; } elseif ($selectkey == 'rowid') { - $sql .= " WHERE ".$selectkey."=".$this->db->escape($value); + $sql .= " WHERE ".$selectkey." = ".((int) $value); } else { - $sql .= " WHERE ".$selectkey."='".$this->db->escape($value)."'"; + $sql .= " WHERE ".$selectkey." = '".$this->db->escape($value)."'"; } //$sql.= ' AND entity = '.$conf->entity; diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 1dd6712dba6..e084757fe28 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -2497,18 +2497,18 @@ class Form } if ($finished == 0) { - $sql .= " AND p.finished = ".$finished; + $sql .= " AND p.finished = ".((int) $finished); } elseif ($finished == 1) { - $sql .= " AND p.finished = ".$finished; + $sql .= " AND p.finished = ".((int) $finished); if ($status >= 0) { - $sql .= " AND p.tosell = ".$status; + $sql .= " AND p.tosell = ".((int) $status); } } elseif ($status >= 0) { - $sql .= " AND p.tosell = ".$status; + $sql .= " AND p.tosell = ".((int) $status); } // Filter by product type if (strval($filtertype) != '') { - $sql .= " AND p.fk_product_type = ".$filtertype; + $sql .= " AND p.fk_product_type = ".((int) $filtertype); } elseif (empty($conf->product->enabled)) { // when product module is disabled, show services only $sql .= " AND p.fk_product_type = 1"; } elseif (empty($conf->service->enabled)) { // when service module is disabled, show products only @@ -3828,7 +3828,6 @@ class Form $sql = "SELECT id, code, libelle as label, type, active"; $sql .= " FROM ".MAIN_DB_PREFIX."c_paiement"; $sql .= " WHERE entity IN (".getEntity('c_paiement').")"; - //if ($active >= 0) $sql.= " AND active = ".$active; $resql = $this->db->query($sql); if ($resql) { @@ -4061,7 +4060,6 @@ class Form $sql = "SELECT rowid, code, label, active"; $sql .= " FROM ".MAIN_DB_PREFIX."c_transport_mode"; $sql .= " WHERE entity IN (".getEntity('c_transport_mode').")"; - //if ($active >= 0) $sql.= " AND active = ".$active; $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/core/class/html.formaccounting.class.php b/htdocs/core/class/html.formaccounting.class.php index a57e39f1779..fbfde88198b 100644 --- a/htdocs/core/class/html.formaccounting.class.php +++ b/htdocs/core/class/html.formaccounting.class.php @@ -242,7 +242,7 @@ class FormAccounting extends Form $sql .= " WHERE c.active = 1"; $sql .= " AND c.category_type = 0"; if (empty($allcountries)) { - $sql .= " AND c.fk_country = ".$mysoc->country_id; + $sql .= " AND c.fk_country = ".((int) $mysoc->country_id); } $sql .= " ORDER BY c.label ASC"; } else { diff --git a/htdocs/core/class/html.formintervention.class.php b/htdocs/core/class/html.formintervention.class.php index aa0259ba288..7058e80b1d7 100644 --- a/htdocs/core/class/html.formintervention.class.php +++ b/htdocs/core/class/html.formintervention.class.php @@ -77,14 +77,14 @@ class FormIntervention if ($socid == '0') { $sql .= " AND (f.fk_soc = 0 OR f.fk_soc IS NULL)"; } else { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } } dol_syslog(get_class($this)."::select_intervention", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { - $out .= ''; if ($showempty) { $out .= ''; } diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php index a9da488907d..00c1c4236c4 100644 --- a/htdocs/core/class/html.formmail.class.php +++ b/htdocs/core/class/html.formmail.class.php @@ -1275,10 +1275,10 @@ class FormMail extends Form $sql .= " AND entity IN (".getEntity('c_email_templates').")"; $sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // Get all public or private owned if ($active >= 0) { - $sql .= " AND active = ".$active; + $sql .= " AND active = ".((int) $active); } if ($label) { - $sql .= " AND label ='".$db->escape($label)."'"; + $sql .= " AND label = '".$db->escape($label)."'"; } if (!($id > 0) && $languagetosearch) { $sql .= " AND (lang = '".$db->escape($languagetosearch)."'".($languagetosearchmain ? " OR lang = '".$db->escape($languagetosearchmain)."'" : "")." OR lang IS NULL OR lang = '')"; @@ -1434,7 +1434,7 @@ class FormMail extends Form $sql .= " AND entity IN (".getEntity('c_email_templates').")"; $sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // See all public templates or templates I own. if ($active >= 0) { - $sql .= " AND active = ".$active; + $sql .= " AND active = ".((int) $active); } //if (is_object($outputlangs)) $sql.= " AND (lang = '".$this->db->escape($outputlangs->defaultlang)."' OR lang IS NULL OR lang = '')"; // Return all languages $sql .= $this->db->order("position,lang,label", "ASC"); diff --git a/htdocs/core/class/html.formsocialcontrib.class.php b/htdocs/core/class/html.formsocialcontrib.class.php index 8a40eed9da8..3455b572888 100644 --- a/htdocs/core/class/html.formsocialcontrib.class.php +++ b/htdocs/core/class/html.formsocialcontrib.class.php @@ -76,7 +76,7 @@ class FormSocialContrib $sql = "SELECT c.id, c.libelle as type"; $sql .= " FROM ".MAIN_DB_PREFIX."c_chargesociales as c"; $sql .= " WHERE c.active = 1"; - $sql .= " AND c.fk_pays = ".$mysoc->country_id; + $sql .= " AND c.fk_pays = ".((int) $mysoc->country_id); $sql .= " ORDER BY c.libelle ASC"; } else { $sql = "SELECT c.id, c.libelle as type"; diff --git a/htdocs/core/class/infobox.class.php b/htdocs/core/class/infobox.class.php index 076dace54f0..545d3c12274 100644 --- a/htdocs/core/class/infobox.class.php +++ b/htdocs/core/class/infobox.class.php @@ -105,7 +105,7 @@ class InfoBox $sql .= " WHERE b.box_id = d.rowid"; $sql .= " AND b.entity IN (0,".$conf->entity.")"; if ($zone >= 0) { - $sql .= " AND b.position = ".$zone; + $sql .= " AND b.position = ".((int) $zone); } if (is_object($user)) { $sql .= " AND b.fk_user IN (0,".$user->id.")"; @@ -116,7 +116,7 @@ class InfoBox } else { // available $sql = "SELECT d.rowid as box_id, d.file, d.note, d.tms"; $sql .= " FROM ".MAIN_DB_PREFIX."boxes_def as d"; - $sql .= " WHERE d.entity IN (0,".$conf->entity.")"; + $sql .= " WHERE d.entity IN (0, ".$conf->entity.")"; } dol_syslog(get_class()."::listBoxes get default box list for mode=".$mode." userid=".(is_object($user) ? $user->id : '')."", LOG_DEBUG); @@ -254,8 +254,8 @@ class InfoBox // Delete all lines $sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes"; $sql .= " WHERE entity = ".$conf->entity; - $sql .= " AND fk_user = ".$userid; - $sql .= " AND position = ".$zone; + $sql .= " AND fk_user = ".((int) $userid); + $sql .= " AND position = ".((int) $zone); dol_syslog(get_class()."::saveboxorder", LOG_DEBUG); $result = $db->query($sql); diff --git a/htdocs/core/class/menubase.class.php b/htdocs/core/class/menubase.class.php index 65fdaff9645..6f024c91b0b 100644 --- a/htdocs/core/class/menubase.class.php +++ b/htdocs/core/class/menubase.class.php @@ -352,10 +352,10 @@ class Menubase $sql .= " type='".$this->db->escape($this->type)."',"; $sql .= " mainmenu='".$this->db->escape($this->mainmenu)."',"; $sql .= " leftmenu='".$this->db->escape($this->leftmenu)."',"; - $sql .= " fk_menu=".$this->fk_menu.","; + $sql .= " fk_menu=".((int) $this->fk_menu).","; $sql .= " fk_mainmenu=".($this->fk_mainmenu ? "'".$this->db->escape($this->fk_mainmenu)."'" : "null").","; $sql .= " fk_leftmenu=".($this->fk_leftmenu ? "'".$this->db->escape($this->fk_leftmenu)."'" : "null").","; - $sql .= " position=".($this->position > 0 ? $this->position : 0).","; + $sql .= " position=".($this->position > 0 ? ((int) $this->position) : 0).","; $sql .= " url='".$this->db->escape($this->url)."',"; $sql .= " target='".$this->db->escape($this->target)."',"; $sql .= " titre='".$this->db->escape($this->title)."',"; diff --git a/htdocs/core/class/notify.class.php b/htdocs/core/class/notify.class.php index 345ec5b38e3..6b32799bc89 100644 --- a/htdocs/core/class/notify.class.php +++ b/htdocs/core/class/notify.class.php @@ -176,7 +176,7 @@ class Notify $sqlnotifcode = ''; if ($notifcode) { if (is_numeric($notifcode)) { - $sqlnotifcode = " AND n.fk_action = ".$notifcode; // Old usage + $sqlnotifcode = " AND n.fk_action = ".((int) $notifcode); // Old usage } else { $sqlnotifcode = " AND a.code = '".$this->db->escape($notifcode)."'"; // New usage } @@ -195,7 +195,7 @@ class Notify $sql .= $sqlnotifcode; $sql .= " AND s.entity IN (".getEntity('societe').")"; if ($socid > 0) { - $sql .= " AND s.rowid = ".$socid; + $sql .= " AND s.rowid = ".((int) $socid); } dol_syslog(__METHOD__." ".$notifcode.", ".$socid."", LOG_DEBUG); @@ -233,7 +233,7 @@ class Notify $sql .= $sqlnotifcode; $sql .= " AND c.entity IN (".getEntity('user').")"; if ($userid > 0) { - $sql .= " AND c.rowid = ".$userid; + $sql .= " AND c.rowid = ".((int) $userid); } dol_syslog(__METHOD__." ".$notifcode.", ".$socid."", LOG_DEBUG); @@ -380,11 +380,11 @@ class Notify $sql .= " AND n.fk_soc = s.rowid"; $sql .= " AND c.statut = 1"; if (is_numeric($notifcode)) { - $sql .= " AND n.fk_action = ".$notifcode; // Old usage + $sql .= " AND n.fk_action = ".((int) $notifcode); // Old usage } else { $sql .= " AND a.code = '".$this->db->escape($notifcode)."'"; // New usage } - $sql .= " AND s.rowid = ".$object->socid; + $sql .= " AND s.rowid = ".((int) $object->socid); $sql .= "\nUNION\n"; } diff --git a/htdocs/core/lib/agenda.lib.php b/htdocs/core/lib/agenda.lib.php index 939e6514c13..ef635b259ff 100644 --- a/htdocs/core/lib/agenda.lib.php +++ b/htdocs/core/lib/agenda.lib.php @@ -168,7 +168,7 @@ function show_array_actions_to_do($max = 5) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND s.rowid = ".$socid; + $sql .= " AND s.rowid = ".((int) $socid); } $sql .= " ORDER BY a.datep DESC, a.id DESC"; $sql .= $db->plimit($max, 0); @@ -284,7 +284,7 @@ function show_array_last_actions_done($max = 5) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND s.rowid = ".$socid; + $sql .= " AND s.rowid = ".((int) $socid); } $sql .= " ORDER BY a.datep2 DESC"; $sql .= $db->plimit($max, 0); diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 61332d8041b..5abc6bfc2ac 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -227,7 +227,7 @@ function societe_prepare_head(Societe $object) if (empty($conf->stripe->enabled)) { $sql .= " AND n.stripe_card_ref IS NULL"; } else { - $sql .= " AND (n.stripe_card_ref IS NULL OR (n.stripe_card_ref IS NOT NULL AND n.status = ".$servicestatus."))"; + $sql .= " AND (n.stripe_card_ref IS NULL OR (n.stripe_card_ref IS NOT NULL AND n.status = ".((int) $servicestatus)."))"; } $resql = $db->query($sql); @@ -1448,7 +1448,7 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin if (is_object($objcon) && $objcon->id > 0) { $force_filter_contact = true; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm_resources as r ON a.id = r.fk_actioncomm"; - $sql .= " AND r.element_type = '".$db->escape($objcon->table_element)."' AND r.fk_element = ".$objcon->id; + $sql .= " AND r.element_type = '".$db->escape($objcon->table_element)."' AND r.fk_element = ".((int) $objcon->id); } if (is_object($filterobj) && in_array(get_class($filterobj), array('Societe', 'Client', 'Fournisseur'))) { @@ -1457,7 +1457,7 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin $sql .= " INNER JOIN ".MAIN_DB_PREFIX."element_resources as er"; $sql .= " ON er.resource_type = 'dolresource'"; $sql .= " AND er.element_id = a.id"; - $sql .= " AND er.resource_id = ".$filterobj->id; + $sql .= " AND er.resource_id = ".((int) $filterobj->id); } elseif (is_object($filterobj) && get_class($filterobj) == 'Project') { /* Nothing */ } elseif (is_object($filterobj) && get_class($filterobj) == 'Adherent') { @@ -1940,7 +1940,7 @@ function show_subsidiaries($conf, $langs, $db, $object) $sql = "SELECT s.rowid, s.client, s.fournisseur, s.nom as name, s.name_alias, s.email, s.address, s.zip, s.town, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur, s.canvas"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; - $sql .= " WHERE s.parent = ".$object->id; + $sql .= " WHERE s.parent = ".((int) $object->id); $sql .= " AND s.entity IN (".getEntity('societe').")"; $sql .= " ORDER BY s.nom"; diff --git a/htdocs/core/lib/fourn.lib.php b/htdocs/core/lib/fourn.lib.php index 68910357269..efc9f60147c 100644 --- a/htdocs/core/lib/fourn.lib.php +++ b/htdocs/core/lib/fourn.lib.php @@ -59,7 +59,7 @@ function facturefourn_prepare_head($object) $nbStandingOrders = 0; $sql = "SELECT COUNT(pfd.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; - $sql .= " WHERE pfd.fk_facture_fourn = ".$object->id; + $sql .= " WHERE pfd.fk_facture_fourn = ".((int) $object->id); $sql .= " AND pfd.ext_payment_id IS NULL"; $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/core/lib/invoice.lib.php b/htdocs/core/lib/invoice.lib.php index 16891214ca5..0cbb89ae47b 100644 --- a/htdocs/core/lib/invoice.lib.php +++ b/htdocs/core/lib/invoice.lib.php @@ -734,7 +734,7 @@ function getDraftSupplierTable($maxCount = 500, $socid = 0) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } // Add where from hooks $parameters = array(); @@ -950,7 +950,7 @@ function getPurchaseInvoiceLatestEditTable($maxCount = 5, $socid = 0) $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('facture_fourn').")"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; @@ -1062,7 +1062,7 @@ function getCustomerInvoiceUnpaidOpenTable($maxCount = 500, $socid = 0) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } // Add where from hooks $parameters = array(); @@ -1250,7 +1250,7 @@ function getPurchaseInvoiceUnpaidOpenTable($maxCount = 500, $socid = 0) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND ff.fk_soc = ".$socid; + $sql .= " AND ff.fk_soc = ".((int) $socid); } // Add where from hooks $parameters = array(); diff --git a/htdocs/core/lib/sendings.lib.php b/htdocs/core/lib/sendings.lib.php index 880019d7b97..0814c0f4825 100644 --- a/htdocs/core/lib/sendings.lib.php +++ b/htdocs/core/lib/sendings.lib.php @@ -246,7 +246,7 @@ function show_list_sending_receive($origin, $origin_id, $filter = '') $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON obj.fk_product = p.rowid"; //TODO Add link to expeditiondet_batch $sql .= " WHERE e.entity IN (".getEntity('expedition').")"; - $sql .= " AND obj.fk_".$origin." = ".$origin_id; + $sql .= " AND obj.fk_".$origin." = ".((int) $origin_id); $sql .= " AND obj.rowid = ed.fk_origin_line"; $sql .= " AND ed.fk_expedition = e.rowid"; if ($filter) { diff --git a/htdocs/core/lib/ticket.lib.php b/htdocs/core/lib/ticket.lib.php index 4d9d4bb2fa2..0ba7f56c615 100644 --- a/htdocs/core/lib/ticket.lib.php +++ b/htdocs/core/lib/ticket.lib.php @@ -336,7 +336,7 @@ function show_ticket_messaging($conf, $langs, $db, $filterobj, $objcon = '', $no if (is_object($objcon) && $objcon->id > 0) { $force_filter_contact = true; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm_resources as r ON a.id = r.fk_actioncomm"; - $sql .= " AND r.element_type = '".$db->escape($objcon->table_element)."' AND r.fk_element = ".$objcon->id; + $sql .= " AND r.element_type = '".$db->escape($objcon->table_element)."' AND r.fk_element = ".((int) $objcon->id); } if (is_object($filterobj) && get_class($filterobj) == 'Societe') { diff --git a/htdocs/core/lib/usergroups.lib.php b/htdocs/core/lib/usergroups.lib.php index 6d01fcfee0a..cd9ae5ad297 100644 --- a/htdocs/core/lib/usergroups.lib.php +++ b/htdocs/core/lib/usergroups.lib.php @@ -110,7 +110,7 @@ function user_prepare_head($object) $nbNote = 0; $sql = "SELECT COUNT(n.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."notify_def as n"; - $sql .= " WHERE fk_user = ".$object->id; + $sql .= " WHERE fk_user = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/core/modules/DolibarrModules.class.php b/htdocs/core/modules/DolibarrModules.class.php index 5fbfc05a9fb..3b7cc0d1184 100644 --- a/htdocs/core/modules/DolibarrModules.class.php +++ b/htdocs/core/modules/DolibarrModules.class.php @@ -1371,7 +1371,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it if ($command) { $sql .= " AND command = '".$this->db->escape($command)."'"; } - $sql .= " AND entity = ".$entity; // Must be exact entity + $sql .= " AND entity = ".((int) $entity); // Must be exact entity $now = dol_now(); @@ -1612,7 +1612,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it $sql = "SELECT count(*)"; $sql .= " FROM ".MAIN_DB_PREFIX."const"; $sql .= " WHERE ".$this->db->decrypt('name')." = '".$this->db->escape($name)."'"; - $sql .= " AND entity = ".$entity; + $sql .= " AND entity = ".((int) $entity); $result = $this->db->query($sql); if ($result) { @@ -2197,7 +2197,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it $sql = "DELETE FROM ".MAIN_DB_PREFIX."const"; $sql .= " WHERE ".$this->db->decrypt('name')." LIKE '".$this->db->escape($this->const_name)."_".strtoupper($key)."'"; - $sql .= " AND entity = ".$entity; + $sql .= " AND entity = ".((int) $entity); dol_syslog(get_class($this)."::delete_const_".$key."", LOG_DEBUG); if (!$this->db->query($sql)) { diff --git a/htdocs/core/modules/mailings/pomme.modules.php b/htdocs/core/modules/mailings/pomme.modules.php index 03334e62322..a2a54c02c55 100644 --- a/htdocs/core/modules/mailings/pomme.modules.php +++ b/htdocs/core/modules/mailings/pomme.modules.php @@ -171,7 +171,7 @@ class mailing_pomme extends MailingTargets $sql .= " FROM ".MAIN_DB_PREFIX."user as u"; $sql .= " WHERE u.email <> ''"; // u.email IS NOT NULL est implicite dans ce test $sql .= " AND u.entity IN (0,".$conf->entity.")"; - $sql .= " AND u.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")"; + $sql .= " AND u.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")"; if (GETPOSTISSET("filter") && GETPOST("filter") == '1') { $sql .= " AND u.statut=1"; } diff --git a/htdocs/core/modules/mailings/thirdparties.modules.php b/htdocs/core/modules/mailings/thirdparties.modules.php index b3b88224df6..f764c3f5f71 100644 --- a/htdocs/core/modules/mailings/thirdparties.modules.php +++ b/htdocs/core/modules/mailings/thirdparties.modules.php @@ -77,7 +77,7 @@ class mailing_thirdparties extends MailingTargets $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= " WHERE s.email <> ''"; $sql .= " AND s.entity IN (".getEntity('societe').")"; - $sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")"; + $sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")"; } else { $addFilter = ""; if (GETPOSTISSET("filter_client") && GETPOST("filter_client") <> '-1') { @@ -112,7 +112,7 @@ class mailing_thirdparties extends MailingTargets $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."categorie_societe as cs, ".MAIN_DB_PREFIX."categorie as c"; $sql .= " WHERE s.email <> ''"; $sql .= " AND s.entity IN (".getEntity('societe').")"; - $sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")"; + $sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")"; $sql .= " AND cs.fk_soc = s.rowid"; $sql .= " AND c.rowid = cs.fk_categorie"; $sql .= " AND c.rowid=".((int) GETPOST('filter', 'int')); @@ -122,7 +122,7 @@ class mailing_thirdparties extends MailingTargets $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."categorie_fournisseur as cs, ".MAIN_DB_PREFIX."categorie as c"; $sql .= " WHERE s.email <> ''"; $sql .= " AND s.entity IN (".getEntity('societe').")"; - $sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")"; + $sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")"; $sql .= " AND cs.fk_soc = s.rowid"; $sql .= " AND c.rowid = cs.fk_categorie"; $sql .= " AND c.rowid=".((int) GETPOST('filter', 'int')); diff --git a/htdocs/core/modules/mailings/thirdparties_services_expired.modules.php b/htdocs/core/modules/mailings/thirdparties_services_expired.modules.php index 7b5d4f38737..4c848b69ac0 100644 --- a/htdocs/core/modules/mailings/thirdparties_services_expired.modules.php +++ b/htdocs/core/modules/mailings/thirdparties_services_expired.modules.php @@ -110,7 +110,7 @@ class mailing_thirdparties_services_expired extends MailingTargets $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c"; $sql .= ", ".MAIN_DB_PREFIX."contratdet as cd, ".MAIN_DB_PREFIX."product as p"; $sql .= " WHERE s.entity IN (".getEntity('societe').")"; - $sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")"; + $sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")"; $sql .= " AND s.rowid = c.fk_soc AND cd.fk_contrat = c.rowid AND s.email != ''"; $sql .= " AND cd.statut= 4 AND cd.fk_product=p.rowid AND p.ref = '".$this->db->escape($product)."'"; $sql .= " AND cd.date_fin_validite < '".$this->db->idate($now)."'"; diff --git a/htdocs/core/modules/movement/doc/pdf_standard.modules.php b/htdocs/core/modules/movement/doc/pdf_standard.modules.php index 82d930a1aac..872890958ff 100644 --- a/htdocs/core/modules/movement/doc/pdf_standard.modules.php +++ b/htdocs/core/modules/movement/doc/pdf_standard.modules.php @@ -529,8 +529,8 @@ class pdf_stdandard extends ModelePDFMovement if (!empty($conf->global->MAIN_MULTILANGS)) { // si l'option est active $sql = "SELECT label"; $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sql .= " WHERE fk_product=".$objp->rowid; - $sql .= " AND lang='".$this->db->escape($langs->getDefaultLang())."'"; + $sql .= " WHERE fk_product = ".((int) $objp->rowid); + $sql .= " AND lang = '".$this->db->escape($langs->getDefaultLang())."'"; $sql .= " LIMIT 1"; $result = $this->db->query($sql); diff --git a/htdocs/core/modules/project/doc/doc_generic_project_odt.modules.php b/htdocs/core/modules/project/doc/doc_generic_project_odt.modules.php index d007b421fd7..da95e841728 100644 --- a/htdocs/core/modules/project/doc/doc_generic_project_odt.modules.php +++ b/htdocs/core/modules/project/doc/doc_generic_project_odt.modules.php @@ -742,7 +742,7 @@ class doc_generic_project_odt extends ModelePDFProjects $sql .= ", u.lastname, u.firstname, t.thm"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time as t"; $sql .= " , ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE t.fk_task =".$task->id; + $sql .= " WHERE t.fk_task =".((int) $task->id); $sql .= " AND t.fk_user = u.rowid"; $sql .= " ORDER BY t.task_date DESC"; diff --git a/htdocs/core/modules/project/task/doc/doc_generic_task_odt.modules.php b/htdocs/core/modules/project/task/doc/doc_generic_task_odt.modules.php index 2d263aae6c0..0662e1a5a76 100644 --- a/htdocs/core/modules/project/task/doc/doc_generic_task_odt.modules.php +++ b/htdocs/core/modules/project/task/doc/doc_generic_task_odt.modules.php @@ -657,7 +657,7 @@ class doc_generic_task_odt extends ModelePDFTask $sql .= ", u.lastname, u.firstname"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time as t"; $sql .= " , ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE t.fk_task =".$object->id; + $sql .= " WHERE t.fk_task =".((int) $object->id); $sql .= " AND t.fk_user = u.rowid"; $sql .= " ORDER BY t.task_date DESC"; diff --git a/htdocs/core/modules/rapport/pdf_paiement.class.php b/htdocs/core/modules/rapport/pdf_paiement.class.php index b69ebdeb828..9f85aca1aff 100644 --- a/htdocs/core/modules/rapport/pdf_paiement.class.php +++ b/htdocs/core/modules/rapport/pdf_paiement.class.php @@ -209,7 +209,7 @@ class pdf_paiement $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if (!empty($socid)) { - $sql .= " AND s.rowid = ".$socid; + $sql .= " AND s.rowid = ".((int) $socid); } // If global param PAYMENTS_REPORT_GROUP_BY_MOD is set, payement are ordered by paiement_code if (!empty($conf->global->PAYMENTS_REPORT_GROUP_BY_MOD)) { diff --git a/htdocs/core/modules/stock/doc/pdf_standard.modules.php b/htdocs/core/modules/stock/doc/pdf_standard.modules.php index a57b996086b..b0cc07dcb62 100644 --- a/htdocs/core/modules/stock/doc/pdf_standard.modules.php +++ b/htdocs/core/modules/stock/doc/pdf_standard.modules.php @@ -315,7 +315,7 @@ class pdf_standard extends ModelePDFStock $sql .= " FROM ".MAIN_DB_PREFIX."product_stock as ps, ".MAIN_DB_PREFIX."product as p"; $sql .= " WHERE ps.fk_product = p.rowid"; $sql .= " AND ps.reel <> 0"; // We do not show if stock is 0 (no product in this warehouse) - $sql .= " AND ps.fk_entrepot = ".$object->id; + $sql .= " AND ps.fk_entrepot = ".((int) $object->id); $sql .= $this->db->order($sortfield, $sortorder); //dol_syslog('List products', LOG_DEBUG); diff --git a/htdocs/datapolicy/class/actions_datapolicy.class.php b/htdocs/datapolicy/class/actions_datapolicy.class.php index cbcaceec743..7a3ba77fb5a 100644 --- a/htdocs/datapolicy/class/actions_datapolicy.class.php +++ b/htdocs/datapolicy/class/actions_datapolicy.class.php @@ -121,7 +121,7 @@ class ActionsDatapolicy if ($object->update($object->id, $user, 0)) { // On supprime les contacts associé - $sql = "DELETE FROM ".MAIN_DB_PREFIX."socpeople WHERE fk_soc = ".$object->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."socpeople WHERE fk_soc = ".((int) $object->id); $this->db->query($sql); setEventMessages($langs->trans('ANONYMISER_SUCCESS'), array()); diff --git a/htdocs/don/class/api_donations.class.php b/htdocs/don/class/api_donations.class.php index 3ae04c64833..cfd9e8ccd8b 100644 --- a/htdocs/don/class/api_donations.class.php +++ b/htdocs/don/class/api_donations.class.php @@ -123,7 +123,7 @@ class Donations extends DolibarrApi $sql .= " AND t.fk_soc = sc.fk_soc"; } if ($thirdparty_ids) { - $sql .= " AND t.fk_soc = ".$thirdparty_ids." "; + $sql .= " AND t.fk_soc = ".((int) $thirdparty_ids)." "; } // Add sql filters diff --git a/htdocs/don/class/don.class.php b/htdocs/don/class/don.class.php index 56062868d86..181b3fc0ca3 100644 --- a/htdocs/don/class/don.class.php +++ b/htdocs/don/class/don.class.php @@ -476,8 +476,8 @@ class Don extends CommonObject $sql .= ",address='".$this->db->escape($this->address)."'"; $sql .= ",zip='".$this->db->escape($this->zip)."'"; $sql .= ",town='".$this->db->escape($this->town)."'"; - $sql .= ",fk_country = ".($this->country_id > 0 ? $this->country_id : '0'); - $sql .= ",public=".$this->public; + $sql .= ",fk_country = ".($this->country_id > 0 ? ((int) $this->country_id) : '0'); + $sql .= ",public=".((int) $this->public); $sql .= ",fk_projet=".($this->fk_project > 0 ? $this->fk_project : 'null'); $sql .= ",note_private=".(!empty($this->note_private) ? ("'".$this->db->escape($this->note_private)."'") : "NULL"); $sql .= ",note_public=".(!empty($this->note_public) ? ("'".$this->db->escape($this->note_public)."'") : "NULL"); @@ -486,8 +486,8 @@ class Don extends CommonObject $sql .= ",email='".$this->db->escape(trim($this->email))."'"; $sql .= ",phone='".$this->db->escape(trim($this->phone))."'"; $sql .= ",phone_mobile='".$this->db->escape(trim($this->phone_mobile))."'"; - $sql .= ",fk_statut=".$this->statut; - $sql .= " WHERE rowid = ".$this->id; + $sql .= ",fk_statut=".((int) $this->statut); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::Update", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/ecm/class/ecmfiles.class.php b/htdocs/ecm/class/ecmfiles.class.php index b292dd33429..035a7aee9c6 100644 --- a/htdocs/ecm/class/ecmfiles.class.php +++ b/htdocs/ecm/class/ecmfiles.class.php @@ -425,7 +425,7 @@ class EcmFiles extends CommonObject //$sql .= " AND t.entity = ".$conf->entity; // hashforshare already unique } elseif ($src_object_type && $src_object_id) { // Warning: May return several record, and only first one is returned ! - $sql .= " AND t.src_object_type ='".$this->db->escape($src_object_type)."' AND t.src_object_id = ".$this->db->escape($src_object_id); + $sql .= " AND t.src_object_type = '".$this->db->escape($src_object_type)."' AND t.src_object_id = ".((int) $src_object_id); $sql .= " AND t.entity = ".$conf->entity; } else { $sql .= ' AND t.rowid = '.((int) $id); // rowid already unique diff --git a/htdocs/eventorganization/conferenceorboothattendee_list.php b/htdocs/eventorganization/conferenceorboothattendee_list.php index e282da6a4d9..6ece0bc115e 100644 --- a/htdocs/eventorganization/conferenceorboothattendee_list.php +++ b/htdocs/eventorganization/conferenceorboothattendee_list.php @@ -234,7 +234,7 @@ $reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters, $obje $sql .= preg_replace('/^,/', '', $hookmanager->resPrint); $sql = preg_replace('/,\s*$/', '', $sql); $sql .= " FROM ".MAIN_DB_PREFIX.$object->table_element." as t"; -$sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as a on a.id=t.fk_actioncomm AND a.id=".$confOrBooth->id; +$sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as a on a.id=t.fk_actioncomm AND a.id=".((int) $confOrBooth->id); if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$object->table_element."_extrafields as ef on (t.rowid = ef.fk_object)"; } diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index ae643ee688a..02ac007d30f 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -1982,7 +1982,7 @@ if ($action == 'create') { //if ($conf->delivery_note->enabled) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."delivery as l ON l.fk_expedition = e.rowid LEFT JOIN ".MAIN_DB_PREFIX."deliverydet as ld ON ld.fk_delivery = l.rowid AND obj.rowid = ld.fk_origin_line"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON obj.fk_product = p.rowid"; $sql .= " WHERE e.entity IN (".getEntity('expedition').")"; - $sql .= " AND obj.fk_".$origin." = ".$origin_id; + $sql .= " AND obj.fk_".$origin." = ".((int) $origin_id); $sql .= " AND obj.rowid = ed.fk_origin_line"; $sql .= " AND ed.fk_expedition = e.rowid"; //if ($filter) $sql.= $filter; diff --git a/htdocs/expedition/class/api_shipments.class.php b/htdocs/expedition/class/api_shipments.class.php index dcd619da76e..2a4b6765b4e 100644 --- a/htdocs/expedition/class/api_shipments.class.php +++ b/htdocs/expedition/class/api_shipments.class.php @@ -140,7 +140,7 @@ class Shipments extends DolibarrApi } // Insert sale filter if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/expedition/class/expedition.class.php b/htdocs/expedition/class/expedition.class.php index ea5bd17fdfb..ee7324a22c4 100644 --- a/htdocs/expedition/class/expedition.class.php +++ b/htdocs/expedition/class/expedition.class.php @@ -2125,7 +2125,7 @@ class Expedition extends CommonObject if (!empty($this->shipping_method_id)) { $sql = "SELECT em.code, em.tracking"; $sql .= " FROM ".MAIN_DB_PREFIX."c_shipment_mode as em"; - $sql .= " WHERE em.rowid = ".$this->shipping_method_id; + $sql .= " WHERE em.rowid = ".((int) $this->shipping_method_id); $resql = $this->db->query($sql); if ($resql) { @@ -2981,8 +2981,8 @@ class ExpeditionLigne extends CommonObjectLine // update line $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET"; $sql .= " fk_entrepot = ".($this->entrepot_id > 0 ? $this->entrepot_id : 'null'); - $sql .= " , qty = ".$qty; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " , qty = ".((float) price2num($qty, 'MS')); + $sql .= " WHERE rowid = ".((int) $this->id); if (!$this->db->query($sql)) { $this->errors[] = $this->db->lasterror()." - sql=$sql"; diff --git a/htdocs/expedition/class/expeditionbatch.class.php b/htdocs/expedition/class/expeditionbatch.class.php index 736cfba6e42..03066869450 100644 --- a/htdocs/expedition/class/expeditionbatch.class.php +++ b/htdocs/expedition/class/expeditionbatch.class.php @@ -186,7 +186,7 @@ class ExpeditionLineBatch extends CommonObject } $sql .= " FROM ".MAIN_DB_PREFIX.self::$_table_element." as eb"; if ($fk_product > 0) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_lot as pl ON pl.batch = eb.batch AND pl.fk_product = ".$fk_product; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_lot as pl ON pl.batch = eb.batch AND pl.fk_product = ".((int) $fk_product); } $sql .= " WHERE fk_expeditiondet=".(int) $id_line_expdet; diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php index a1070d02ef1..5a110d33f2a 100644 --- a/htdocs/expedition/list.php +++ b/htdocs/expedition/list.php @@ -282,7 +282,7 @@ if ($search_user > 0) { } $sql .= " WHERE e.entity IN (".getEntity('expedition').")"; if ($search_product_category > 0) { - $sql .= " AND cp.fk_categorie = ".$search_product_category; + $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); } if ($socid > 0) { $sql .= ' AND s.rowid = '.$socid; @@ -292,7 +292,7 @@ if (!$user->rights->societe->client->voir && !$socid) { // Internal user with no $sql .= " AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND e.fk_soc = ".$socid; + $sql .= " AND e.fk_soc = ".((int) $socid); } if ($search_status <> '' && $search_status >= 0) { $sql .= " AND e.fk_statut = ".((int) $search_status); @@ -322,7 +322,7 @@ if ($search_type_thirdparty != '' && $search_type_thirdparty > 0) { $sql .= " AND s.fk_typent IN (".$db->sanitize($search_type_thirdparty).')'; } if ($search_sale > 0) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$search_sale; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale); } if ($search_user > 0) { // The contact on a shipment is also the contact of the order. @@ -353,7 +353,7 @@ if ($sall) { $sql .= natural_search(array_keys($fieldstosearchall), $sall); } if ($search_categ_cus > 0) { - $sql .= " AND cc.fk_categorie = ".$db->escape($search_categ_cus); + $sql .= " AND cc.fk_categorie = ".((int) $search_categ_cus); } if ($search_categ_cus == -2) { $sql .= " AND cc.fk_categorie IS NULL"; diff --git a/htdocs/expedition/shipment.php b/htdocs/expedition/shipment.php index 8f5903dd988..42b8630bd3c 100644 --- a/htdocs/expedition/shipment.php +++ b/htdocs/expedition/shipment.php @@ -626,7 +626,7 @@ if ($id > 0 || !empty($ref)) { $sql .= ' p.surface, p.surface_units, p.volume, p.volume_units'; $sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid"; - $sql .= " WHERE cd.fk_commande = ".$object->id; + $sql .= " WHERE cd.fk_commande = ".((int) $object->id); $sql .= " ORDER BY cd.rang, cd.rowid"; //print $sql; diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index 34bef81e5a2..6cd3531f82d 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -990,9 +990,9 @@ class ExpenseReport extends CommonObject $total_ttc = $total_ht + $total_tva; $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET"; - $sql .= " total_ht = ".$total_ht; - $sql .= " , total_ttc = ".$total_ttc; - $sql .= " , total_tva = ".$total_tva; + $sql .= " total_ht = ".price2num($total_ht, 'MT'); + $sql .= " , total_ttc = ".price2num($total_ttc, 'MT'); + $sql .= " , total_tva = ".price2num($total_tva, 'MT'); $sql .= " WHERE rowid = ".((int) $id); $result = $this->db->query($sql); if ($result) : @@ -2811,30 +2811,30 @@ class ExpenseReportLine // Update line in database $sql = "UPDATE ".MAIN_DB_PREFIX."expensereport_det SET"; $sql .= " comments='".$this->db->escape($this->comments)."'"; - $sql .= ",value_unit=".$this->db->escape($this->value_unit); - $sql .= ",qty=".$this->db->escape($this->qty); + $sql .= ",value_unit = ".((float) $this->value_unit); + $sql .= ",qty=".((float) $this->qty); $sql .= ",date='".$this->db->idate($this->date)."'"; - $sql .= ",total_ht=".$this->db->escape($this->total_ht).""; - $sql .= ",total_tva=".$this->db->escape($this->total_tva).""; - $sql .= ",total_ttc=".$this->db->escape($this->total_ttc).""; - $sql .= ",tva_tx=".$this->db->escape($this->vatrate); + $sql .= ",total_ht=".((float) price2num($this->total_ht, 'MT')).""; + $sql .= ",total_tva=".((float) price2num($this->total_tva, 'MT')).""; + $sql .= ",total_ttc=".((float) price2num($this->total_ttc, 'MT')).""; + $sql .= ",tva_tx=".((float) $this->vatrate); $sql .= ",vat_src_code='".$this->db->escape($this->vat_src_code)."'"; $sql .= ",rule_warning_message='".$this->db->escape($this->rule_warning_message)."'"; $sql .= ",fk_c_exp_tax_cat=".$this->db->escape($this->fk_c_exp_tax_cat); - $sql .= ",fk_ecm_files=".($this->fk_ecm_files > 0 ? $this->fk_ecm_files : 'null'); + $sql .= ",fk_ecm_files=".($this->fk_ecm_files > 0 ? ((int) $this->fk_ecm_files) : 'null'); if ($this->fk_c_type_fees) { - $sql .= ",fk_c_type_fees=".$this->db->escape($this->fk_c_type_fees); + $sql .= ",fk_c_type_fees = ".((int) $this->fk_c_type_fees); } else { $sql .= ",fk_c_type_fees=null"; } if ($this->fk_project > 0) { - $sql .= ",fk_projet=".$this->db->escape($this->fk_project); + $sql .= ",fk_projet=".((int) $this->fk_project); } else { $sql .= ",fk_projet=null"; } - $sql .= " WHERE rowid = ".$this->db->escape($this->rowid ? $this->rowid : $this->id); + $sql .= " WHERE rowid = ".((int) ($this->rowid ? $this->rowid : $this->id)); - dol_syslog("ExpenseReportLine::update sql=".$sql); + dol_syslog("ExpenseReportLine::update"); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/fichinter/card-rec.php b/htdocs/fichinter/card-rec.php index fb031d81583..44ff46b233c 100644 --- a/htdocs/fichinter/card-rec.php +++ b/htdocs/fichinter/card-rec.php @@ -388,7 +388,7 @@ if ($action == 'create') { $sql = 'SELECT l.rowid, l.description, l.duree'; $sql .= " FROM ".MAIN_DB_PREFIX."fichinterdet as l"; - $sql .= " WHERE l.fk_fichinter= ".$object->id; + $sql .= " WHERE l.fk_fichinter= ".((int) $object->id); //$sql.= " AND l.fk_product is null "; $sql .= " ORDER BY l.rang"; diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index e2ac86f55bd..2e9d8a4a9b1 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -379,8 +379,8 @@ class Fichinter extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter SET "; $sql .= "description = '".$this->db->escape($this->description)."'"; - $sql .= ", duree = ".$this->duration; - $sql .= ", fk_projet = ".$this->fk_project; + $sql .= ", duree = ".((int) $this->duration); + $sql .= ", fk_projet = ".((int) $this->fk_project); $sql .= ", note_private = ".($this->note_private ? "'".$this->db->escape($this->note_private)."'" : "null"); $sql .= ", note_public = ".($this->note_public ? "'".$this->db->escape($this->note_public)."'" : "null"); $sql .= ", fk_user_modif = ".$user->id; diff --git a/htdocs/fourn/class/api_supplier_invoices.class.php b/htdocs/fourn/class/api_supplier_invoices.class.php index 34939bb599a..df1bf36b723 100644 --- a/htdocs/fourn/class/api_supplier_invoices.class.php +++ b/htdocs/fourn/class/api_supplier_invoices.class.php @@ -155,7 +155,7 @@ class SupplierInvoices extends DolibarrApi } // Insert sale filter if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/fourn/class/api_supplier_orders.class.php b/htdocs/fourn/class/api_supplier_orders.class.php index 09c9209629f..d4eedcd0fd9 100644 --- a/htdocs/fourn/class/api_supplier_orders.class.php +++ b/htdocs/fourn/class/api_supplier_orders.class.php @@ -171,7 +171,7 @@ class SupplierOrders extends DolibarrApi } // Insert sale filter if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index e2196d5595d..d9ca371c133 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -3058,7 +3058,7 @@ class CommandeFournisseur extends CommonOrder if ($this->methode_commande_id > 0) { $sql = "SELECT rowid, code, libelle as label"; $sql .= " FROM ".MAIN_DB_PREFIX.'c_input_method'; - $sql .= " WHERE active=1 AND rowid = ".$this->db->escape($this->methode_commande_id); + $sql .= " WHERE active=1 AND rowid = ".((int) $this->methode_commande_id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index 81533dae324..a48d00c820b 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -3401,7 +3401,7 @@ class SupplierInvoiceLine extends CommonObjectLine $sql .= ", pu_ttc = ".price2num($this->pu_ttc); $sql .= ", qty = ".price2num($this->qty); $sql .= ", remise_percent = ".price2num($this->remise_percent); - if ($this->fk_remise_except) $sql.= ", fk_remise_except=".$this->fk_remise_except; + if ($this->fk_remise_except) $sql.= ", fk_remise_except=".((int) $this->fk_remise_except); else $sql.= ", fk_remise_except=null"; $sql .= ", vat_src_code = '".$this->db->escape(empty($this->vat_src_code) ? '' : $this->vat_src_code)."'"; $sql .= ", tva_tx = ".price2num($this->tva_tx); @@ -3414,10 +3414,10 @@ class SupplierInvoiceLine extends CommonObjectLine $sql .= ", total_localtax1= ".price2num($this->total_localtax1); $sql .= ", total_localtax2= ".price2num($this->total_localtax2); $sql .= ", total_ttc = ".price2num($this->total_ttc); - $sql .= ", fk_product = ".$fk_product; - $sql .= ", product_type = ".$this->product_type; - $sql .= ", info_bits = ".$this->info_bits; - $sql .= ", fk_unit = ".$fk_unit; + $sql .= ", fk_product = ".((int) $fk_product); + $sql .= ", product_type = ".((int) $this->product_type); + $sql .= ", info_bits = ".((int) $this->info_bits); + $sql .= ", fk_unit = ".((int) $fk_unit); // Multicurrency $sql .= " , multicurrency_subprice=".price2num($this->multicurrency_subprice).""; @@ -3425,7 +3425,7 @@ class SupplierInvoiceLine extends CommonObjectLine $sql .= " , multicurrency_total_tva=".price2num($this->multicurrency_total_tva).""; $sql .= " , multicurrency_total_ttc=".price2num($this->multicurrency_total_ttc).""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/fourn/class/fournisseur.product.class.php b/htdocs/fourn/class/fournisseur.product.class.php index 21b4ec377a2..2172af578e9 100644 --- a/htdocs/fourn/class/fournisseur.product.class.php +++ b/htdocs/fourn/class/fournisseur.product.class.php @@ -789,14 +789,14 @@ class ProductFournisseur extends Product $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."product_fournisseur_price as pfp"; $sql .= " WHERE s.entity IN (".getEntity('societe').")"; $sql .= " AND pfp.entity = ".$conf->entity; // only current entity - $sql .= " AND pfp.fk_product = ".$prodid; + $sql .= " AND pfp.fk_product = ".((int) $prodid); $sql .= " AND pfp.fk_soc = s.rowid"; $sql .= " AND s.status = 1"; // only enabled society if ($qty > 0) { - $sql .= " AND pfp.quantity <= ".$qty; + $sql .= " AND pfp.quantity <= ".((float) $qty); } if ($socid > 0) { - $sql .= ' AND pfp.fk_soc = '.$socid; + $sql .= ' AND pfp.fk_soc = '.((int) $socid); } dol_syslog(get_class($this)."::find_min_price_product_fournisseur", LOG_DEBUG); @@ -1001,7 +1001,7 @@ class ProductFournisseur extends Product $sql .= " WHERE pfp.entity IN (".getEntity('productprice').")"; $sql .= " AND pfpl.fk_user = u.rowid"; $sql .= " AND pfp.rowid = pfpl.fk_product_fournisseur"; - $sql .= " AND pfpl.fk_product_fournisseur = ".$product_fourn_price_id; + $sql .= " AND pfpl.fk_product_fournisseur = ".((int) $product_fourn_price_id); if (empty($sortfield)) { $sql .= " ORDER BY pfpl.datec"; } else { diff --git a/htdocs/fourn/commande/index.php b/htdocs/fourn/commande/index.php index eef851c6d73..1ea5db20b59 100644 --- a/htdocs/fourn/commande/index.php +++ b/htdocs/fourn/commande/index.php @@ -183,7 +183,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $sql .= " AND c.entity IN (".getEntity("supplier_order").")"; // Thirdparty sharing is mandatory with supplier order sharing $sql .= " AND c.fk_statut = 0"; if (!empty($socid)) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; @@ -290,7 +290,7 @@ $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity = ".$conf->entity; //$sql.= " AND c.fk_statut > 2"; if (!empty($socid)) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; @@ -359,7 +359,7 @@ if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX $sql.= " WHERE c.fk_soc = s.rowid"; $sql.= " AND c.entity = ".$conf->entity; $sql.= " AND c.fk_statut = 1"; -if ($socid) $sql.= " AND c.fk_soc = ".$socid; +if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; $sql.= " ORDER BY c.rowid DESC"; diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index d8959ada7c0..25f71f85eb4 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -651,7 +651,7 @@ $sql .= $hookmanager->resPrint; $sql .= ' WHERE cf.fk_soc = s.rowid'; $sql .= ' AND cf.entity IN ('.getEntity('supplier_order').')'; if ($socid > 0) { - $sql .= " AND s.rowid = ".$socid; + $sql .= " AND s.rowid = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; @@ -672,10 +672,10 @@ if ($search_request_author) { $sql .= natural_search(array('u.lastname', 'u.firstname', 'u.login'), $search_request_author); } if ($search_billed != '' && $search_billed >= 0) { - $sql .= " AND cf.billed = ".$db->escape($search_billed); + $sql .= " AND cf.billed = ".((int) $search_billed); } if ($search_product_category > 0) { - $sql .= " AND cp.fk_categorie = ".$search_product_category; + $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); } //Required triple check because statut=0 means draft filter if (GETPOST('statut', 'intcomma') !== '') { @@ -705,7 +705,7 @@ if ($search_company) { $sql .= natural_search('s.nom', $search_company); } if ($search_sale > 0) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$db->escape($search_sale); + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale); } if ($search_user > 0) { $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='supplier_order' AND tc.source='internal' AND ec.element_id = cf.rowid AND ec.fk_socpeople = ".$db->escape($search_user); diff --git a/htdocs/fourn/contact.php b/htdocs/fourn/contact.php index 82c8df6ac66..3196ffed7ac 100644 --- a/htdocs/fourn/contact.php +++ b/htdocs/fourn/contact.php @@ -94,7 +94,7 @@ if ($contactname) { } if ($socid) { - $sql .= " AND s.rowid = ".$socid; + $sql .= " AND s.rowid = ".((int) $socid); } $sql .= " ORDER BY $sortfield $sortorder "; diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index 0c4f21ae4be..8578f82137d 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -451,10 +451,10 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($search_product_category > 0) { - $sql .= " AND cp.fk_categorie = ".$search_product_category; + $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); } if ($socid > 0) { - $sql .= ' AND s.rowid = '.$socid; + $sql .= ' AND s.rowid = '.((int) $socid); } if ($search_ref) { if (is_numeric($search_ref)) { diff --git a/htdocs/fourn/index.php b/htdocs/fourn/index.php index 4a761ea8b70..8d124f46350 100644 --- a/htdocs/fourn/index.php +++ b/htdocs/fourn/index.php @@ -172,7 +172,7 @@ if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_S $sql .= " AND ff.entity = ".$conf->entity; $sql .= " AND ff.fk_statut = 0"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $resql = $db->query($sql); @@ -243,7 +243,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND s.rowid = ".$socid; + $sql .= " AND s.rowid = ".((int) $socid); } $sql .= " ORDER BY s.tms DESC"; $sql .= $db->plimit($max, 0); diff --git a/htdocs/fourn/product/list.php b/htdocs/fourn/product/list.php index ed137fd5d86..5ecec959614 100644 --- a/htdocs/fourn/product/list.php +++ b/htdocs/fourn/product/list.php @@ -174,10 +174,10 @@ if ($snom) { $sql .= natural_search('p.label', $snom); } if ($catid) { - $sql .= " AND cp.fk_categorie = ".$catid; + $sql .= " AND cp.fk_categorie = ".((int) $catid); } if ($fourn_id > 0) { - $sql .= " AND ppf.fk_soc = ".$fourn_id; + $sql .= " AND ppf.fk_soc = ".((int) $fourn_id); } // Add WHERE filters from hooks diff --git a/htdocs/fourn/recap-fourn.php b/htdocs/fourn/recap-fourn.php index adeaf7b1447..353083bd717 100644 --- a/htdocs/fourn/recap-fourn.php +++ b/htdocs/fourn/recap-fourn.php @@ -134,7 +134,7 @@ if ($socid > 0) { $sql .= " ".MAIN_DB_PREFIX."paiementfourn as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON p.fk_user_author = u.rowid"; $sql .= " WHERE pf.fk_paiementfourn = p.rowid"; - $sql .= " AND pf.fk_facturefourn = ".$fac->id; + $sql .= " AND pf.fk_facturefourn = ".((int) $fac->id); $resqlp = $db->query($sql); if ($resqlp) { diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index 55dd1c4bafb..7e3585bd5bc 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -1477,7 +1477,7 @@ class Holiday extends CommonObject if ($num > 0) { // Update for user $sql = "UPDATE ".MAIN_DB_PREFIX."holiday_users SET"; - $sql .= " nb_holiday = ".$nbHoliday; + $sql .= " nb_holiday = ".((int) $nbHoliday); $sql .= " WHERE fk_user = ".(int) $userID." AND fk_type = ".(int) $fk_type; $result = $this->db->query($sql); if (!$result) { @@ -1487,7 +1487,7 @@ class Holiday extends CommonObject } else { // Insert for user $sql = "INSERT INTO ".MAIN_DB_PREFIX."holiday_users(nb_holiday, fk_user, fk_type) VALUES ("; - $sql .= $nbHoliday; + $sql .= ((int) $nbHoliday); $sql .= ", ".(int) $userID.", ".(int) $fk_type.")"; $result = $this->db->query($sql); if (!$result) { diff --git a/htdocs/hrm/class/establishment.class.php b/htdocs/hrm/class/establishment.class.php index c2fa520442b..2cac4a1352b 100644 --- a/htdocs/hrm/class/establishment.class.php +++ b/htdocs/hrm/class/establishment.class.php @@ -264,10 +264,10 @@ class Establishment extends CommonObject $sql .= ", zip = '".$this->db->escape($this->zip)."'"; $sql .= ", town = '".$this->db->escape($this->town)."'"; $sql .= ", fk_country = ".($this->country_id > 0 ? $this->country_id : 'null'); - $sql .= ", status = ".$this->db->escape($this->status); - $sql .= ", fk_user_mod = ".$user->id; - $sql .= ", entity = ".$this->entity; - $sql .= " WHERE rowid = ".$this->id; + $sql .= ", status = ".((int) $this->status); + $sql .= ", fk_user_mod = ".((int) $user->id); + $sql .= ", entity = ".((int) $this->entity); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/hrm/index.php b/htdocs/hrm/index.php index 50fd4c3f521..2315edc100c 100644 --- a/htdocs/hrm/index.php +++ b/htdocs/hrm/index.php @@ -190,7 +190,7 @@ if (!empty($conf->holiday->enabled) && $user->rights->holiday->read) { $sql .= ' AND x.fk_user IN ('.$db->sanitize(join(',', $childids)).')'; } //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " AND x.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; - //if (!empty($socid)) $sql.= " AND x.fk_soc = ".$socid; + //if (!empty($socid)) $sql.= " AND x.fk_soc = ".((int) $socid); $sql .= $db->order("x.tms", "DESC"); $sql .= $db->plimit($max, 0); @@ -271,7 +271,7 @@ if (!empty($conf->expensereport->enabled) && $user->rights->expensereport->lire) $sql .= ' AND x.fk_user_author IN ('.$db->sanitize(join(',', $childids)).')'; } //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " AND x.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; - //if (!empty($socid)) $sql.= " AND x.fk_soc = ".$socid; + //if (!empty($socid)) $sql.= " AND x.fk_soc = ".((int) $socid); $sql .= $db->order("x.tms", "DESC"); $sql .= $db->plimit($max, 0); diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index f94e461398b..23acc7d4a1b 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -1183,7 +1183,7 @@ function migrate_contracts_date2($db, $langs, $conf) print $langs->trans('MigrationContractsInvalidDateFix', $obj->cref, $obj->date_contrat, $obj->datemin)."
\n"; $sql = "UPDATE ".MAIN_DB_PREFIX."contrat"; $sql .= " SET date_contrat='".$db->idate($datemin)."'"; - $sql .= " WHERE rowid=".$obj->cref; + $sql .= " WHERE rowid = ".((int) $obj->cref); $resql2 = $db->query($sql); if (!$resql2) { dol_print_error($db); @@ -1275,8 +1275,8 @@ function migrate_contracts_open($db, $langs, $conf) print $langs->trans('MigrationReopenThisContract', $obj->cref)."
\n"; $sql = "UPDATE ".MAIN_DB_PREFIX."contrat"; - $sql .= " SET statut=1"; - $sql .= " WHERE rowid=".$obj->cref; + $sql .= " SET statut = 1"; + $sql .= " WHERE rowid = ".((int) $obj->cref); $resql2 = $db->query($sql); if (!$resql2) { dol_print_error($db); @@ -2835,8 +2835,8 @@ function migrate_project_task_time($db, $langs, $conf) $newtime = $hour + $min; $sql2 = "UPDATE ".MAIN_DB_PREFIX."projet_task_time SET"; - $sql2 .= " task_duration = ".$newtime; - $sql2 .= " WHERE rowid = ".$obj->rowid; + $sql2 .= " task_duration = ".((int) $newtime); + $sql2 .= " WHERE rowid = ".((int) $obj->rowid); $resql2 = $db->query($sql2); if (!$resql2) { @@ -2865,7 +2865,7 @@ function migrate_project_task_time($db, $langs, $conf) if ($oldtime > 0) { foreach ($totaltime as $taskid => $total_duration) { $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task SET"; - $sql .= " duration_effective = ".$total_duration; + $sql .= " duration_effective = ".((int) $total_duration); $sql .= " WHERE rowid = ".((int) $taskid); $resql = $db->query($sql); @@ -2945,7 +2945,7 @@ function migrate_customerorder_shipping($db, $langs, $conf) $sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."expedition SET"; $sqlUpdate .= " ref_customer = '".$db->escape($obj->ref_client)."'"; $sqlUpdate .= ", date_delivery = '".$db->escape($obj->delivery_date ? $obj->delivery_date : 'null')."'"; - $sqlUpdate .= " WHERE rowid = ".$obj->shipping_id; + $sqlUpdate .= " WHERE rowid = ".((int) $obj->shipping_id); $result = $db->query($sqlUpdate); if (!$result) { @@ -3407,8 +3407,8 @@ function migrate_categorie_association($db, $langs, $conf) $obj = $db->fetch_object($resql); $sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."categorie SET "; - $sqlUpdate .= "fk_parent = ".$obj->fk_categorie_mere; - $sqlUpdate .= " WHERE rowid = ".$obj->fk_categorie_fille; + $sqlUpdate .= "fk_parent = ".((int) $obj->fk_categorie_mere); + $sqlUpdate .= " WHERE rowid = ".((int) $obj->fk_categorie_fille); $result = $db->query($sqlUpdate); if (!$result) { diff --git a/htdocs/intracommreport/list.php b/htdocs/intracommreport/list.php index 1ba796026c6..686bd16d5de 100644 --- a/htdocs/intracommreport/list.php +++ b/htdocs/intracommreport/list.php @@ -237,8 +237,8 @@ if (dol_strlen($search_type) && $search_type != '-1') { if ($search_ref) $sql .= natural_search('i.ref', $search_ref); if ($search_label) $sql .= natural_search('i.label', $search_label); if ($search_barcode) $sql .= natural_search('i.barcode', $search_barcode); -if (isset($search_tosell) && dol_strlen($search_tosell) > 0 && $search_tosell!=-1) $sql.= " AND i.tosell = ".$db->escape($search_tosell); -if (isset($search_tobuy) && dol_strlen($search_tobuy) > 0 && $search_tobuy!=-1) $sql.= " AND i.tobuy = ".$db->escape($search_tobuy); +if (isset($search_tosell) && dol_strlen($search_tosell) > 0 && $search_tosell!=-1) $sql.= " AND i.tosell = ".((int) $search_tosell); +if (isset($search_tobuy) && dol_strlen($search_tobuy) > 0 && $search_tobuy!=-1) $sql.= " AND i.tobuy = ".((int) $search_tobuy); if (dol_strlen($canvas) > 0) $sql.= " AND i.canvas = '".$db->escape($canvas)."'"; */ diff --git a/htdocs/knowledgemanagement/knowledgemanagementindex.php b/htdocs/knowledgemanagement/knowledgemanagementindex.php index 86ea3f10e08..0402ab07710 100644 --- a/htdocs/knowledgemanagement/knowledgemanagementindex.php +++ b/htdocs/knowledgemanagement/knowledgemanagementindex.php @@ -113,7 +113,7 @@ if (! empty($conf->knowledgemanagement->enabled) && $user->rights->knowledgemana $sql.= " AND c.fk_statut = 0"; $sql.= " AND c.entity IN (".getEntity('commande').")"; if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; - if ($socid) $sql.= " AND c.fk_soc = ".$socid; + if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); $resql = $db->query($sql); if ($resql) diff --git a/htdocs/loan/class/loan.class.php b/htdocs/loan/class/loan.class.php index b628de1b68b..b5c0ffc0add 100644 --- a/htdocs/loan/class/loan.class.php +++ b/htdocs/loan/class/loan.class.php @@ -356,12 +356,12 @@ class Loan extends CommonObject $sql .= " capital='".price2num($this->db->escape($this->capital))."',"; $sql .= " datestart='".$this->db->idate($this->datestart)."',"; $sql .= " dateend='".$this->db->idate($this->dateend)."',"; - $sql .= " nbterm=".$this->nbterm.","; - $sql .= " rate=".$this->db->escape($this->rate).","; + $sql .= " nbterm=".((float) $this->nbterm).","; + $sql .= " rate=".((float) $this->rate).","; $sql .= " accountancy_account_capital = '".$this->db->escape($this->account_capital)."',"; $sql .= " accountancy_account_insurance = '".$this->db->escape($this->account_insurance)."',"; $sql .= " accountancy_account_interest = '".$this->db->escape($this->account_interest)."',"; - $sql .= " fk_projet=".(empty($this->fk_project) ? 'NULL' : $this->fk_project).","; + $sql .= " fk_projet=".(empty($this->fk_project) ? 'NULL' : ((int) $this->fk_project)).","; $sql .= " fk_user_modif = ".$user->id.","; $sql .= " insurance_amount = '".price2num($this->db->escape($this->insurance_amount))."'"; $sql .= " WHERE rowid=".((int) $this->id); diff --git a/htdocs/margin/agentMargins.php b/htdocs/margin/agentMargins.php index 1ac670c4a7f..5f8c7320cd1 100644 --- a/htdocs/margin/agentMargins.php +++ b/htdocs/margin/agentMargins.php @@ -171,9 +171,9 @@ $sql .= ' AND s.entity IN ('.getEntity('societe').')'; $sql .= " AND d.fk_facture = f.rowid"; if ($agentid > 0) { if (!empty($conf->global->AGENT_CONTACT_TYPE)) { - $sql .= " AND ((e.fk_socpeople IS NULL AND sc.fk_user = ".$agentid.") OR (e.fk_socpeople IS NOT NULL AND e.fk_socpeople = ".$agentid."))"; + $sql .= " AND ((e.fk_socpeople IS NULL AND sc.fk_user = ".((int) $agentid).") OR (e.fk_socpeople IS NOT NULL AND e.fk_socpeople = ".((int) $agentid)."))"; } else { - $sql .= " AND sc.fk_user = ".$agentid; + $sql .= " AND sc.fk_user = ".((int) $agentid); } } if (!empty($startdate)) { diff --git a/htdocs/margin/tabs/productMargins.php b/htdocs/margin/tabs/productMargins.php index 6f2337d1baf..a5e6e6af6e9 100644 --- a/htdocs/margin/tabs/productMargins.php +++ b/htdocs/margin/tabs/productMargins.php @@ -158,7 +158,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " AND f.fk_statut > 0"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND d.fk_facture = f.rowid"; - $sql .= " AND d.fk_product =".$object->id; + $sql .= " AND d.fk_product = ".((int) $object->id); if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } diff --git a/htdocs/modulebuilder/template/class/api_mymodule.class.php b/htdocs/modulebuilder/template/class/api_mymodule.class.php index bc52cf7378f..faeb22a095b 100644 --- a/htdocs/modulebuilder/template/class/api_mymodule.class.php +++ b/htdocs/modulebuilder/template/class/api_mymodule.class.php @@ -145,14 +145,14 @@ class MyModuleApi extends DolibarrApi $sql .= " AND t.fk_soc = sc.fk_soc"; } if ($restrictonsocid && $socid) { - $sql .= " AND t.fk_soc = ".$socid; + $sql .= " AND t.fk_soc = ".((int) $socid); } if ($restrictonsocid && $search_sale > 0) { $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale } // Insert sale filter if ($restrictonsocid && $search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { diff --git a/htdocs/modulebuilder/template/mymoduleindex.php b/htdocs/modulebuilder/template/mymoduleindex.php index 2d262aeeb36..990a6d91bfa 100644 --- a/htdocs/modulebuilder/template/mymoduleindex.php +++ b/htdocs/modulebuilder/template/mymoduleindex.php @@ -113,7 +113,7 @@ if (! empty($conf->mymodule->enabled) && $user->rights->mymodule->read) $sql.= " AND c.fk_statut = 0"; $sql.= " AND c.entity IN (".getEntity('commande').")"; if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; - if ($socid) $sql.= " AND c.fk_soc = ".$socid; + if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); $resql = $db->query($sql); if ($resql) diff --git a/htdocs/mrp/class/api_mos.class.php b/htdocs/mrp/class/api_mos.class.php index a2558fe6252..0ece243dc39 100644 --- a/htdocs/mrp/class/api_mos.class.php +++ b/htdocs/mrp/class/api_mos.class.php @@ -137,14 +137,14 @@ class Mos extends DolibarrApi $sql .= " AND t.fk_soc = sc.fk_soc"; } if ($restrictonsocid && $socid) { - $sql .= " AND t.fk_soc = ".$socid; + $sql .= " AND t.fk_soc = ".((int) $socid); } if ($restrictonsocid && $search_sale > 0) { $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale } // Insert sale filter if ($restrictonsocid && $search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { diff --git a/htdocs/opensurvey/class/opensurveysondage.class.php b/htdocs/opensurvey/class/opensurveysondage.class.php index e11fb65184a..e35abff84bb 100644 --- a/htdocs/opensurvey/class/opensurveysondage.class.php +++ b/htdocs/opensurvey/class/opensurveysondage.class.php @@ -321,9 +321,9 @@ class Opensurveysondage extends CommonObject $sql .= " date_fin=".(dol_strlen($this->date_fin) != 0 ? "'".$this->db->idate($this->date_fin)."'" : 'null').","; $sql .= " status=".(isset($this->status) ? "'".$this->db->escape($this->status)."'" : "null").","; $sql .= " format=".(isset($this->format) ? "'".$this->db->escape($this->format)."'" : "null").","; - $sql .= " mailsonde=".(isset($this->mailsonde) ? $this->db->escape($this->mailsonde) : "null").","; - $sql .= " allow_comments=".$this->db->escape($this->allow_comments).","; - $sql .= " allow_spy=".$this->db->escape($this->allow_spy); + $sql .= " mailsonde=".(isset($this->mailsonde) ? ((int) $this->mailsonde) : "null").","; + $sql .= " allow_comments=".((int) $this->allow_comments).","; + $sql .= " allow_spy=".((int) $this->allow_spy); $sql .= " WHERE id_sondage='".$this->db->escape($this->id_sondage)."'"; $this->db->begin(); diff --git a/htdocs/partnership/class/partnershiputils.class.php b/htdocs/partnership/class/partnershiputils.class.php index 992fca2703e..04f5db251e5 100644 --- a/htdocs/partnership/class/partnershiputils.class.php +++ b/htdocs/partnership/class/partnershiputils.class.php @@ -102,7 +102,7 @@ class PartnershipUtils $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."adherent_type as dty on (dty.rowid = d.fk_adherent_type)"; $sql .= " WHERE fk_member > 0"; $sql .= " AND (d.datefin < '".$this->db->idate($datetotest)."' AND dty.subscription = 1)"; - $sql .= " AND p.status = ".$partnership::STATUS_ACCEPTED; // Only accepted not yet canceled + $sql .= " AND p.status = ".((int) $partnership::STATUS_ACCEPTED); // Only accepted not yet canceled $sql .= $this->db->order('d.rowid', 'ASC'); // Limit is managed into loop later @@ -263,7 +263,7 @@ class PartnershipUtils $sql .= " WHERE 1 = 1"; $sql .= " AND p.".$fk_partner." > 0"; - $sql .= " AND p.status = ".$partnership::STATUS_ACCEPTED; // Only accepted not yet canceled + $sql .= " AND p.status = ".((int) $partnership::STATUS_ACCEPTED); // Only accepted not yet canceled $sql .= " AND (p.last_check_backlink IS NULL OR p.last_check_backlink <= '".$this->db->idate($now - 7 * 24 * 3600)."')"; // Every week, check that website contains a link to dolibarr. $sql .= $this->db->order('p.rowid', 'ASC'); // Limit is managed into loop later diff --git a/htdocs/partnership/partnershipindex.php b/htdocs/partnership/partnershipindex.php index 8076f105dbb..ce7a17b8fce 100644 --- a/htdocs/partnership/partnershipindex.php +++ b/htdocs/partnership/partnershipindex.php @@ -113,7 +113,7 @@ if (! empty($conf->partnership->enabled) && $user->rights->partnership->read) $sql.= " AND c.fk_statut = 0"; $sql.= " AND c.entity IN (".getEntity('commande').")"; if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; - if ($socid) $sql.= " AND c.fk_soc = ".$socid; + if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); $resql = $db->query($sql); if ($resql) diff --git a/htdocs/product/ajax/products.php b/htdocs/product/ajax/products.php index 901e2b387e3..ac2e70e3287 100644 --- a/htdocs/product/ajax/products.php +++ b/htdocs/product/ajax/products.php @@ -122,8 +122,8 @@ if (!empty($action) && $action == 'fetch' && !empty($id)) { // Price by qty if (!empty($price_by_qty_rowid) && $price_by_qty_rowid >= 1 && (!empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY) || !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES))) { // If we need a particular price related to qty $sql = "SELECT price, unitprice, quantity, remise_percent"; - $sql .= " FROM ".MAIN_DB_PREFIX."product_price_by_qty "; - $sql .= " WHERE rowid=".$price_by_qty_rowid.""; + $sql .= " FROM ".MAIN_DB_PREFIX."product_price_by_qty"; + $sql .= " WHERE rowid = ".((int) $price_by_qty_rowid); $result = $db->query($sql); if ($result) { diff --git a/htdocs/product/canvas/product/actions_card_product.class.php b/htdocs/product/canvas/product/actions_card_product.class.php index 3bda877af62..d155abdc2c2 100644 --- a/htdocs/product/canvas/product/actions_card_product.class.php +++ b/htdocs/product/canvas/product/actions_card_product.class.php @@ -349,11 +349,11 @@ class ActionsCardProduct } } - if (isset($_GET["tosell"]) && dol_strlen($_GET["tosell"]) > 0) { - $sql .= " AND p.tosell = ".$this->db->escape($_GET["tosell"]); + if (GETPOSTISSET("tosell")) { + $sql .= " AND p.tosell = ".((int) GETPOST("tosell", "int")); } - if (isset($_GET["canvas"]) && dol_strlen($_GET["canvas"]) > 0) { - $sql .= " AND p.canvas = '".$this->db->escape($_GET["canvas"])."'"; + if (GETPOSTISSET("canvas")) { + $sql .= " AND p.canvas = '".$this->db->escape(GETPOST("canvas"))."'"; } $sql .= $this->db->order($sortfield, $sortorder); $sql .= $this->db->plimit($limit + 1, $offset); diff --git a/htdocs/product/canvas/service/actions_card_service.class.php b/htdocs/product/canvas/service/actions_card_service.class.php index 53e0df73212..c4296dc63a8 100644 --- a/htdocs/product/canvas/service/actions_card_service.class.php +++ b/htdocs/product/canvas/service/actions_card_service.class.php @@ -298,29 +298,29 @@ class ActionsCardService $sql .= " AND (p.ref LIKE '%".$this->db->escape($sall)."%' OR p.label LIKE '%".$this->db->escape($sall)."%' OR p.description LIKE '%".$this->db->escape($sall)."%' OR p.note LIKE '%".$this->db->escape($sall)."%')"; } if ($sref) { - $sql .= " AND p.ref LIKE '%".$sref."%'"; + $sql .= " AND p.ref LIKE '%".$this->db->escape($sref)."%'"; } if ($search_barcode) { - $sql .= " AND p.barcode LIKE '%".$search_barcode."%'"; + $sql .= " AND p.barcode LIKE '%".$this->db->escape($search_barcode)."%'"; } if ($snom) { $sql .= " AND p.label LIKE '%".$this->db->escape($snom)."%'"; } - if (isset($_GET["tosell"]) && dol_strlen($_GET["tosell"]) > 0) { - $sql .= " AND p.tosell = ".$this->db->escape($_GET["tosell"]); + if (GETPOSTISSET("tosell")) { + $sql .= " AND p.tosell = ".((int) GETPOST("tosell", 'int')); } - if (isset($_GET["canvas"]) && dol_strlen($_GET["canvas"]) > 0) { - $sql .= " AND p.canvas = '".$this->db->escape($_GET["canvas"])."'"; + if (GETPOSTISSET("canvas")) { + $sql .= " AND p.canvas = '".$this->db->escape(GETPOST("canvas"))."'"; } if ($catid) { - $sql .= " AND cp.fk_categorie = ".$catid; + $sql .= " AND cp.fk_categorie = ".((int) $catid); } if ($fourn_id > 0) { - $sql .= " AND p.rowid = pfp.fk_product AND pfp.fk_soc = ".$fourn_id; + $sql .= " AND p.rowid = pfp.fk_product AND pfp.fk_soc = ".((int) $fourn_id); } // Insert categ filter if ($search_categ) { - $sql .= " AND cp.fk_categorie = ".$this->db->escape($search_categ); + $sql .= " AND cp.fk_categorie = ".((int) $search_categ); } $sql .= $this->db->order($sortfield, $sortorder); $sql .= $this->db->plimit($limit + 1, $offset); diff --git a/htdocs/product/class/api_products.class.php b/htdocs/product/class/api_products.class.php index b4e860a1069..2e0d21b0456 100644 --- a/htdocs/product/class/api_products.class.php +++ b/htdocs/product/class/api_products.class.php @@ -206,8 +206,8 @@ class Products extends DolibarrApi // Select products of given category if ($category > 0) { - $sql .= " AND c.fk_categorie = ".$this->db->escape($category); - $sql .= " AND c.fk_product = t.rowid "; + $sql .= " AND c.fk_categorie = ".((int) $category); + $sql .= " AND c.fk_product = t.rowid"; } if ($mode == 1) { // Show only products diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 6aee9af9c60..1afd1e74e23 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -1055,16 +1055,16 @@ class Product extends CommonObject $sql .= " SET label = '".$this->db->escape($this->label)."'"; if ($updatetype && ($this->isProduct() || $this->isService())) { - $sql .= ", fk_product_type = ".$this->type; + $sql .= ", fk_product_type = ".((int) $this->type); } $sql .= ", ref = '".$this->db->escape($this->ref)."'"; $sql .= ", ref_ext = ".(!empty($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : "null"); $sql .= ", default_vat_code = ".($this->default_vat_code ? "'".$this->db->escape($this->default_vat_code)."'" : "null"); - $sql .= ", tva_tx = ".$this->tva_tx; - $sql .= ", recuperableonly = ".$this->tva_npr; - $sql .= ", localtax1_tx = ".$this->localtax1_tx; - $sql .= ", localtax2_tx = ".$this->localtax2_tx; + $sql .= ", tva_tx = ".((float) $this->tva_tx); + $sql .= ", recuperableonly = ".((int) $this->tva_npr); + $sql .= ", localtax1_tx = ".((float) $this->localtax1_tx); + $sql .= ", localtax2_tx = ".((float) $this->localtax2_tx); $sql .= ", localtax1_type = ".($this->localtax1_type != '' ? "'".$this->db->escape($this->localtax1_type)."'" : "'0'"); $sql .= ", localtax2_type = ".($this->localtax2_type != '' ? "'".$this->db->escape($this->localtax2_type)."'" : "'0'"); @@ -2391,8 +2391,8 @@ class Product extends CommonObject $sql .= " price_base_type, tva_tx, default_vat_code, tosell, price_by_qty, rowid, recuperableonly"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price"; $sql .= " WHERE entity IN (".getEntity('productprice').")"; - $sql .= " AND price_level=".$i; - $sql .= " AND fk_product = ".$this->id; + $sql .= " AND price_level=".((int) $i); + $sql .= " AND fk_product = ".((int) $this->id); $sql .= " ORDER BY date_price DESC, rowid DESC"; $sql .= " LIMIT 1"; $resql = $this->db->query($sql); @@ -2501,7 +2501,7 @@ class Product extends CommonObject $sql .= " price_base_type, tva_tx, default_vat_code, tosell, price_by_qty, rowid, recuperableonly"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price"; $sql .= " WHERE entity IN (".getEntity('productprice').")"; - $sql .= " AND price_level=".$i; + $sql .= " AND price_level=".((int) $i); $sql .= " AND fk_product = ".$this->id; $sql .= " ORDER BY date_price DESC, rowid DESC"; $sql .= " LIMIT 1"; @@ -2613,7 +2613,7 @@ class Product extends CommonObject $sql .= " AND mp.fk_product =".$this->id; $sql .= " AND mp.role ='".$this->db->escape($role)."'"; if ($socid > 0) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $result = $this->db->query($sql); @@ -2739,7 +2739,7 @@ class Product extends CommonObject } //$sql.= " AND pr.fk_statut != 0"; if ($socid > 0) { - $sql .= " AND p.fk_soc = ".$socid; + $sql .= " AND p.fk_soc = ".((int) $socid); } $result = $this->db->query($sql); @@ -2814,7 +2814,7 @@ class Product extends CommonObject } //$sql.= " AND pr.fk_statut != 0"; if ($socid > 0) { - $sql .= " AND p.fk_soc = ".$socid; + $sql .= " AND p.fk_soc = ".((int) $socid); } $result = $this->db->query($sql); @@ -2869,7 +2869,7 @@ class Product extends CommonObject $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid > 0) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if ($filtrestatut <> '') { $sql .= " AND c.fk_statut in (".$this->db->sanitize($filtrestatut).")"; @@ -2971,7 +2971,7 @@ class Product extends CommonObject $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid > 0) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if ($filtrestatut != '') { $sql .= " AND c.fk_statut in (".$this->db->sanitize($filtrestatut).")"; // Peut valoir 0 @@ -3033,7 +3033,7 @@ class Product extends CommonObject $sql .= " AND e.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid > 0) { - $sql .= " AND e.fk_soc = ".$socid; + $sql .= " AND e.fk_soc = ".((int) $socid); } if ($filtrestatut <> '') { $sql .= " AND c.fk_statut IN (".$this->db->sanitize($filtrestatut).")"; @@ -3114,7 +3114,7 @@ class Product extends CommonObject $sql .= " AND cf.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid > 0) { - $sql .= " AND cf.fk_soc = ".$socid; + $sql .= " AND cf.fk_soc = ".((int) $socid); } if ($filtrestatut <> '') { $sql .= " AND cf.fk_statut IN (".$this->db->sanitize($filtrestatut).")"; @@ -3170,7 +3170,7 @@ class Product extends CommonObject $sql .= " AND m.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid > 0) { - $sql .= " AND m.fk_soc = ".$socid; + $sql .= " AND m.fk_soc = ".((int) $socid); } if ($filtrestatut <> '') { $sql .= " AND m.status IN (".$this->db->sanitize($filtrestatut).")"; @@ -3265,7 +3265,7 @@ class Product extends CommonObject } //$sql.= " AND c.statut != 0"; if ($socid > 0) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $result = $this->db->query($sql); @@ -3339,7 +3339,7 @@ class Product extends CommonObject } //$sql.= " AND f.fk_statut != 0"; if ($socid > 0) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $result = $this->db->query($sql); @@ -3413,7 +3413,7 @@ class Product extends CommonObject } //$sql.= " AND f.fk_statut != 0"; if ($socid > 0) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $result = $this->db->query($sql); @@ -3655,7 +3655,7 @@ class Product extends CommonObject $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid > 0) { - $sql .= " AND p.fk_soc = ".$socid; + $sql .= " AND p.fk_soc = ".((int) $socid); } $sql .= $morefilter; $sql .= " GROUP BY date_format(p.datep,'%Y%m')"; @@ -3758,7 +3758,7 @@ class Product extends CommonObject $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid > 0) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $sql .= $morefilter; $sql .= " GROUP BY date_format(c.date_commande,'%Y%m')"; @@ -3809,7 +3809,7 @@ class Product extends CommonObject $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid > 0) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $sql .= $morefilter; $sql .= " GROUP BY date_format(c.date_commande,'%Y%m')"; @@ -3863,7 +3863,7 @@ class Product extends CommonObject $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid > 0) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $sql .= $morefilter; $sql .= " GROUP BY date_format(c.date_contrat,'%Y%m')"; @@ -3916,7 +3916,7 @@ class Product extends CommonObject $sql .= " AND d.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid > 0) { - $sql .= " AND d.fk_soc = ".$socid; + $sql .= " AND d.fk_soc = ".((int) $socid); } $sql .= $morefilter; $sql .= " GROUP BY date_format(d.date_valid,'%Y%m')"; diff --git a/htdocs/product/class/productbatch.class.php b/htdocs/product/class/productbatch.class.php index 10704f2f53e..529284af464 100644 --- a/htdocs/product/class/productbatch.class.php +++ b/htdocs/product/class/productbatch.class.php @@ -384,7 +384,7 @@ class Productbatch extends CommonObject $sql .= " t.qty,"; $sql .= " t.import_key"; $sql .= " FROM ".MAIN_DB_PREFIX.self::$_table_element." as t"; - $sql .= " WHERE fk_product_stock=".$fk_product_stock; + $sql .= " WHERE fk_product_stock=".((int) $fk_product_stock); if (!empty($eatby)) { array_push($where, " eatby = '".$this->db->idate($eatby)."'"); // deprecated @@ -454,10 +454,10 @@ class Productbatch extends CommonObject } $sql .= " FROM ".MAIN_DB_PREFIX."product_batch as t"; if ($fk_product > 0) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_lot as pl ON pl.fk_product = ".$fk_product." AND pl.batch = t.batch"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_lot as pl ON pl.fk_product = ".((int) $fk_product)." AND pl.batch = t.batch"; // TODO May add extrafields to ? } - $sql .= " WHERE fk_product_stock=".$fk_product_stock; + $sql .= " WHERE fk_product_stock=".((int) $fk_product_stock); if ($with_qty) { $sql .= " AND t.qty <> 0"; } diff --git a/htdocs/product/class/propalmergepdfproduct.class.php b/htdocs/product/class/propalmergepdfproduct.class.php index a1d92cc492a..0b5ea0cc2a6 100644 --- a/htdocs/product/class/propalmergepdfproduct.class.php +++ b/htdocs/product/class/propalmergepdfproduct.class.php @@ -408,10 +408,10 @@ class Propalmergepdfproduct extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product"; - $sql .= " WHERE fk_product=".$product_id; + $sql .= " WHERE fk_product = ".((int) $product_id); if ($conf->global->MAIN_MULTILANGS && !empty($lang_id)) { - $sql .= " AND lang='".$this->db->escape($lang_id)."'"; + $sql .= " AND lang = '".$this->db->escape($lang_id)."'"; } dol_syslog(__METHOD__, LOG_DEBUG); diff --git a/htdocs/product/dynamic_price/class/price_global_variable.class.php b/htdocs/product/dynamic_price/class/price_global_variable.class.php index 5286b932ca7..0404f0bd97a 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable.class.php @@ -182,7 +182,7 @@ class PriceGlobalVariable $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET"; $sql .= " code = ".(isset($this->code) ? "'".$this->db->escape($this->code)."'" : "''").","; $sql .= " description = ".(isset($this->description) ? "'".$this->db->escape($this->description)."'" : "''").","; - $sql .= " value = ".$this->value; + $sql .= " value = ".((float) $this->value); $sql .= " WHERE rowid = ".$this->id; $this->db->begin(); diff --git a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php index 172c004a2d7..4272beb44bc 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php @@ -200,12 +200,12 @@ class PriceGlobalVariableUpdater // Update request $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET"; - $sql .= " type = ".$this->type.","; + $sql .= " type = ".((int) $this->type).","; $sql .= " description = ".(isset($this->description) ? "'".$this->db->escape($this->description)."'" : "''").","; $sql .= " parameters = ".(isset($this->parameters) ? "'".$this->db->escape($this->parameters)."'" : "''").","; - $sql .= " fk_variable = ".$this->fk_variable.","; - $sql .= " update_interval = ".$this->update_interval.","; - $sql .= " next_update = ".$this->next_update.","; + $sql .= " fk_variable = ".((int) $this->fk_variable).","; + $sql .= " update_interval = ".((int) $this->update_interval).","; + $sql .= " next_update = ".((int) $this->next_update).","; $sql .= " last_status = ".(isset($this->last_status) ? "'".$this->db->escape($this->last_status)."'" : "''"); $sql .= " WHERE rowid = ".$this->id; diff --git a/htdocs/product/index.php b/htdocs/product/index.php index 0e709f54f99..4aaaf3a0fa7 100644 --- a/htdocs/product/index.php +++ b/htdocs/product/index.php @@ -287,7 +287,7 @@ if ((!empty($conf->product->enabled) || !empty($conf->service->enabled)) && ($us $sql .= " FROM ".MAIN_DB_PREFIX."product as p"; $sql .= " WHERE p.entity IN (".getEntity($product_static->element, 1).")"; if ($type != '') { - $sql .= " AND p.fk_product_type = ".$type; + $sql .= " AND p.fk_product_type = ".((int) $type); } // Add where from hooks $parameters = array(); @@ -445,8 +445,8 @@ function activitytrim($product_type) $sql .= " WHERE f.entity IN (".getEntity('invoice').")"; $sql .= " AND f.rowid = fd.fk_facture"; $sql .= " AND pf.fk_facture = f.rowid"; - $sql .= " AND pf.fk_paiement= p.rowid"; - $sql .= " AND fd.product_type=".$product_type; + $sql .= " AND pf.fk_paiement = p.rowid"; + $sql .= " AND fd.product_type = ".((int) $product_type); $sql .= " AND p.datep >= '".$db->idate(dol_get_first_day($yearofbegindate), 1)."'"; $sql .= " GROUP BY annee, mois "; $sql .= " ORDER BY annee, mois "; diff --git a/htdocs/product/list.php b/htdocs/product/list.php index eb3fc71d53a..0c922fab0dd 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -451,7 +451,7 @@ if (dol_strlen($canvas) > 0) { $sql .= " AND p.canvas = '".$db->escape($canvas)."'"; } if ($catid > 0) { - $sql .= " AND cp.fk_categorie = ".$catid; + $sql .= " AND cp.fk_categorie = ".((int) $catid); } if ($catid == -2) { $sql .= " AND cp.fk_categorie IS NULL"; diff --git a/htdocs/product/popuprop.php b/htdocs/product/popuprop.php index 5aa54b0963c..8ffae0bee8c 100644 --- a/htdocs/product/popuprop.php +++ b/htdocs/product/popuprop.php @@ -211,7 +211,7 @@ if ($mode && $mode != '-1') { if (!empty($conf->global->MAIN_MULTILANGS)) { // si l'option est active $sql = "SELECT label"; $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sql .= " WHERE fk_product=".$prodid; + $sql .= " WHERE fk_product = ".((int) $prodid); $sql .= " AND lang='".$db->escape($langs->getDefaultLang())."'"; $sql .= " LIMIT 1"; diff --git a/htdocs/product/reassort.php b/htdocs/product/reassort.php index 342acb49b6e..f8db6915409 100644 --- a/htdocs/product/reassort.php +++ b/htdocs/product/reassort.php @@ -190,7 +190,7 @@ if ($fourn_id > 0) { } // Insert categ filter if ($search_categ) { - $sql .= " AND cp.fk_categorie = ".$db->escape($search_categ); + $sql .= " AND cp.fk_categorie = ".((int) $search_categ); } $sql .= " GROUP BY p.rowid, p.ref, p.label, p.barcode, p.price, p.price_ttc, p.price_base_type, p.entity,"; $sql .= " p.fk_product_type, p.tms, p.duration, p.tosell, p.tobuy, p.seuil_stock_alerte, p.desiredstock"; diff --git a/htdocs/product/reassortlot.php b/htdocs/product/reassortlot.php index 38b16cea44a..ea9901a3794 100644 --- a/htdocs/product/reassortlot.php +++ b/htdocs/product/reassortlot.php @@ -179,7 +179,7 @@ if ($fourn_id > 0) { } // Insert categ filter if ($search_categ) { - $sql .= " AND cp.fk_categorie = ".$db->escape($search_categ); + $sql .= " AND cp.fk_categorie = ".((int) $search_categ); } if ($search_warehouse) { $sql .= natural_search("e.ref", $search_warehouse); diff --git a/htdocs/product/stats/bom.php b/htdocs/product/stats/bom.php index 505bc8ed060..8db7c63d83e 100644 --- a/htdocs/product/stats/bom.php +++ b/htdocs/product/stats/bom.php @@ -138,7 +138,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " FROM ".MAIN_DB_PREFIX."bom_bom as b"; $sql .= " WHERE "; $sql .= " b.entity IN (".getEntity('bom').")"; - $sql .= " AND b.fk_product =".$product->id; + $sql .= " AND b.fk_product = ".((int) $product->id); $sql .= $db->order($sortfield, $sortorder); // Count total nb of records @@ -184,9 +184,8 @@ if ($id > 0 || !empty($ref)) { $sql .= " SUM(bl.qty) as qty_toconsume"; $sql .= " FROM ".MAIN_DB_PREFIX."bom_bom as b"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."bom_bomline as bl ON bl.fk_bom=b.rowid"; - $sql .= " WHERE "; - $sql .= " b.entity IN (".getEntity('bom').")"; - $sql .= " AND bl.fk_product=".$product->id; + $sql .= " WHERE b.entity IN (".getEntity('bom').")"; + $sql .= " AND bl.fk_product = ".((int) $product->id); $sql .= " GROUP BY b.rowid, b.ref, b.date_valid, b.status"; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/product/stats/commande.php b/htdocs/product/stats/commande.php index 9ba4dee7081..623306536b7 100644 --- a/htdocs/product/stats/commande.php +++ b/htdocs/product/stats/commande.php @@ -151,7 +151,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('commande').")"; $sql .= " AND d.fk_commande = c.rowid"; - $sql .= " AND d.fk_product =".$product->id; + $sql .= " AND d.fk_product = ".((int) $product->id); if (!empty($search_month)) { $sql .= ' AND MONTH(c.date_commande) IN ('.$db->sanitize($search_month).')'; } @@ -159,7 +159,7 @@ if ($id > 0 || !empty($ref)) { $sql .= ' AND YEAR(c.date_commande) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); diff --git a/htdocs/product/stats/commande_fournisseur.php b/htdocs/product/stats/commande_fournisseur.php index 6037f608b58..e42905811a8 100644 --- a/htdocs/product/stats/commande_fournisseur.php +++ b/htdocs/product/stats/commande_fournisseur.php @@ -152,7 +152,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity = ".$conf->entity; $sql .= " AND d.fk_commande = c.rowid"; - $sql .= " AND d.fk_product =".$product->id; + $sql .= " AND d.fk_product = ".((int) $product->id); if (!empty($search_month)) { $sql .= ' AND MONTH(c.date_commande) IN ('.$db->sanitize($search_month).')'; } @@ -160,7 +160,7 @@ if ($id > 0 || !empty($ref)) { $sql .= ' AND YEAR(c.date_commande) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); diff --git a/htdocs/product/stats/contrat.php b/htdocs/product/stats/contrat.php index f91e74edf50..f71c907a430 100644 --- a/htdocs/product/stats/contrat.php +++ b/htdocs/product/stats/contrat.php @@ -142,7 +142,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " WHERE c.rowid = cd.fk_contrat"; $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('contract').")"; - $sql .= " AND cd.fk_product =".$product->id; + $sql .= " AND cd.fk_product = ".((int) $product->id); if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } diff --git a/htdocs/product/stats/facture.php b/htdocs/product/stats/facture.php index 0681aa9b5ca..b8a83e847c2 100644 --- a/htdocs/product/stats/facture.php +++ b/htdocs/product/stats/facture.php @@ -168,7 +168,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND d.fk_facture = f.rowid"; - $sql .= " AND d.fk_product =".$product->id; + $sql .= " AND d.fk_product = ".((int) $product->id); if (!empty($search_month)) { $sql .= ' AND MONTH(f.datef) IN ('.$db->sanitize($search_month).')'; } diff --git a/htdocs/product/stats/facture_fournisseur.php b/htdocs/product/stats/facture_fournisseur.php index 69ef83ae5a7..2ad05313762 100644 --- a/htdocs/product/stats/facture_fournisseur.php +++ b/htdocs/product/stats/facture_fournisseur.php @@ -151,7 +151,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('facture_fourn').")"; $sql .= " AND d.fk_facture_fourn = f.rowid"; - $sql .= " AND d.fk_product =".$product->id; + $sql .= " AND d.fk_product = ".((int) $product->id); if (!empty($search_month)) { $sql .= ' AND MONTH(f.datef) IN ('.$db->sanitize($search_month).')'; } diff --git a/htdocs/product/stats/mo.php b/htdocs/product/stats/mo.php index fefb89592e7..81bb29650db 100644 --- a/htdocs/product/stats/mo.php +++ b/htdocs/product/stats/mo.php @@ -137,7 +137,7 @@ if ($id > 0 || !empty($ref)) { $sql .= ", ".MAIN_DB_PREFIX."mrp_production as cd"; $sql .= " WHERE c.rowid = cd.fk_mo"; $sql .= " AND c.entity IN (".getEntity('mo').")"; - $sql .= " AND cd.fk_product =".$product->id; + $sql .= " AND cd.fk_product = ".((int) $product->id); if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); } diff --git a/htdocs/product/stats/propal.php b/htdocs/product/stats/propal.php index 96303ac598d..f2a26d4af73 100644 --- a/htdocs/product/stats/propal.php +++ b/htdocs/product/stats/propal.php @@ -153,7 +153,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " WHERE p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('propal').")"; $sql .= " AND d.fk_propal = p.rowid"; - $sql .= " AND d.fk_product =".$product->id; + $sql .= " AND d.fk_product = ".((int) $product->id); if (!empty($search_month)) { $sql .= ' AND MONTH(p.datep) IN ('.$db->sanitize($search_month).')'; } diff --git a/htdocs/product/stats/supplier_proposal.php b/htdocs/product/stats/supplier_proposal.php index 1b236ed3999..3de03aa73c1 100644 --- a/htdocs/product/stats/supplier_proposal.php +++ b/htdocs/product/stats/supplier_proposal.php @@ -152,7 +152,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " WHERE p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; $sql .= " AND d.fk_supplier_proposal = p.rowid"; - $sql .= " AND d.fk_product =".$product->id; + $sql .= " AND d.fk_product = ".((int) $product->id); if (!empty($search_month)) { $sql .= ' AND MONTH(p.datep) IN ('.$db->sanitize($search_month).')'; } diff --git a/htdocs/product/stock/card.php b/htdocs/product/stock/card.php index 91284944397..55ab129edee 100644 --- a/htdocs/product/stock/card.php +++ b/htdocs/product/stock/card.php @@ -645,7 +645,7 @@ if ($action == 'create') { $sql .= " WHERE ps.fk_product = p.rowid"; $sql .= " AND ps.reel <> 0"; // We do not show if stock is 0 (no product in this warehouse) - $sql .= " AND ps.fk_entrepot = ".$object->id; + $sql .= " AND ps.fk_entrepot = ".((int) $object->id); if ($separatedPMP) { $sql .= " AND pa.fk_product = p.rowid AND pa.entity = ". (int) $conf->entity; diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php index 35791bfd158..c7516066e7f 100644 --- a/htdocs/product/stock/class/entrepot.class.php +++ b/htdocs/product/stock/class/entrepot.class.php @@ -293,17 +293,17 @@ class Entrepot extends CommonObject $this->town = trim($this->town); $this->country_id = ($this->country_id > 0 ? $this->country_id : 0); - $sql = "UPDATE ".MAIN_DB_PREFIX."entrepot "; + $sql = "UPDATE ".MAIN_DB_PREFIX."entrepot"; $sql .= " SET ref = '".$this->db->escape($this->label)."'"; $sql .= ", fk_parent = ".(($this->fk_parent > 0) ? $this->fk_parent : "NULL"); $sql .= ", fk_project = ".(($this->fk_project > 0) ? $this->fk_project : "NULL"); $sql .= ", description = '".$this->db->escape($this->description)."'"; - $sql .= ", statut = ".$this->statut; + $sql .= ", statut = ".((int) $this->statut); $sql .= ", lieu = '".$this->db->escape($this->lieu)."'"; $sql .= ", address = '".$this->db->escape($this->address)."'"; $sql .= ", zip = '".$this->db->escape($this->zip)."'"; $sql .= ", town = '".$this->db->escape($this->town)."'"; - $sql .= ", fk_pays = ".$this->country_id; + $sql .= ", fk_pays = ".((int) $this->country_id); $sql .= ", phone = '".$this->db->escape($this->phone)."'"; $sql .= ", fax = '".$this->db->escape($this->fax)."'"; $sql .= " WHERE rowid = ".((int) $id); diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php index 0220df610e4..ef1393dfb63 100644 --- a/htdocs/product/stock/product.php +++ b/htdocs/product/stock/product.php @@ -951,7 +951,7 @@ if (!$variants) { $sql .= " WHERE ps.reel != 0"; $sql .= " AND ps.fk_entrepot = e.rowid"; $sql .= " AND e.entity IN (".getEntity('stock').")"; - $sql .= " AND ps.fk_product = ".$object->id; + $sql .= " AND ps.fk_product = ".((int) $object->id); $sql .= " ORDER BY e.ref"; $entrepotstatic = new Entrepot($db); diff --git a/htdocs/product/stock/stockatdate.php b/htdocs/product/stock/stockatdate.php index 52addeba637..77923d9e7c9 100644 --- a/htdocs/product/stock/stockatdate.php +++ b/htdocs/product/stock/stockatdate.php @@ -136,10 +136,10 @@ if ($date && $dateIsValid) { // Avoid heavy sql if mandatory date is not defined $sql .= " AND w.statut IN (".$db->sanitize(implode(',', $warehouseStatus)).")"; } if ($productid > 0) { - $sql .= " AND ps.fk_product = ".$productid; + $sql .= " AND ps.fk_product = ".((int) $productid); } if ($fk_warehouse > 0) { - $sql .= " AND ps.fk_entrepot = ".$fk_warehouse; + $sql .= " AND ps.fk_entrepot = ".((int) $fk_warehouse); } $sql .= " GROUP BY fk_product, fk_entrepot"; //print $sql; diff --git a/htdocs/projet/activity/index.php b/htdocs/projet/activity/index.php index 0191cc74ef8..60484eb4f17 100644 --- a/htdocs/projet/activity/index.php +++ b/htdocs/projet/activity/index.php @@ -425,7 +425,7 @@ if (empty($conf->global->PROJECT_HIDE_TASKS) && !empty($conf->global->PROJECT_SH $sql .= " AND ect.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listoftaskcontacttype))).") AND ect.element_id = t.rowid AND ect.fk_socpeople = ".$user->id; } if ($socid) { - $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; } $sql .= " AND p.fk_statut=1"; $sql .= " GROUP BY p.ref, p.title, p.rowid, p.fk_statut, p.fk_opp_status, p.public, t.label, t.rowid, t.planned_workload, t.duration_effective, t.progress, t.dateo, t.datee"; diff --git a/htdocs/projet/class/api_projects.class.php b/htdocs/projet/class/api_projects.class.php index b0b94264fb0..38f525626ba 100644 --- a/htdocs/projet/class/api_projects.class.php +++ b/htdocs/projet/class/api_projects.class.php @@ -146,7 +146,7 @@ class Projects extends DolibarrApi } // Select projects of given category if ($category > 0) { - $sql .= " AND c.fk_categorie = ".$this->db->escape($category)." AND c.fk_project = t.rowid "; + $sql .= " AND c.fk_categorie = ".((int) $category)." AND c.fk_project = t.rowid "; } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index 851703ce96b..e381aaabfb3 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -486,7 +486,7 @@ class Project extends CommonObject $sql .= ", title = '".$this->db->escape($this->title)."'"; $sql .= ", description = '".$this->db->escape($this->description)."'"; $sql .= ", fk_soc = ".($this->socid > 0 ? $this->socid : "null"); - $sql .= ", fk_statut = ".$this->statut; + $sql .= ", fk_statut = ".((int) $this->statut); $sql .= ", fk_opp_status = ".((is_numeric($this->opp_status) && $this->opp_status > 0) ? $this->opp_status : 'null'); $sql .= ", opp_percent = ".((is_numeric($this->opp_percent) && $this->opp_percent != '') ? $this->opp_percent : 'null'); $sql .= ", public = ".($this->public ? 1 : 0); @@ -1777,13 +1777,13 @@ class Project extends CommonObject if ($tableName == "actioncomm") { $sql .= " SET fk_project=".$this->id; - $sql .= " WHERE id=".$elementSelectId; + $sql .= " WHERE id=".((int) $elementSelectId); } elseif ($tableName == "entrepot") { $sql .= " SET fk_project=".$this->id; - $sql .= " WHERE rowid=".$elementSelectId; + $sql .= " WHERE rowid=".((int) $elementSelectId); } else { $sql .= " SET fk_projet=".$this->id; - $sql .= " WHERE rowid=".$elementSelectId; + $sql .= " WHERE rowid=".((int) $elementSelectId); } dol_syslog(get_class($this)."::update_element", LOG_DEBUG); @@ -1813,10 +1813,10 @@ class Project extends CommonObject if ($tableName == "actioncomm") { $sql .= " SET fk_project=NULL"; - $sql .= " WHERE id=".$elementSelectId; + $sql .= " WHERE id=".((int) $elementSelectId); } else { $sql .= " SET ".$projectfield."=NULL"; - $sql .= " WHERE rowid=".$elementSelectId; + $sql .= " WHERE rowid=".((int) $elementSelectId); } dol_syslog(get_class($this)."::remove_element", LOG_DEBUG); @@ -1888,10 +1888,10 @@ class Project extends CommonObject $sql .= " AND (ptt.task_date >= '".$this->db->idate($datestart)."' "; $sql .= " AND ptt.task_date <= '".$this->db->idate(dol_time_plus_duree($datestart, 1, 'w') - 1)."')"; if ($taskid) { - $sql .= " AND ptt.fk_task=".$taskid; + $sql .= " AND ptt.fk_task=".((int) $taskid); } if (is_numeric($userid)) { - $sql .= " AND ptt.fk_user=".$userid; + $sql .= " AND ptt.fk_user=".((int) $userid); } //print $sql; @@ -1951,10 +1951,10 @@ class Project extends CommonObject $sql .= " AND (ptt.task_date >= '".$this->db->idate($datestart)."' "; $sql .= " AND ptt.task_date <= '".$this->db->idate(dol_time_plus_duree($datestart, 1, 'm') - 1)."')"; if ($task_id) { - $sql .= " AND ptt.fk_task=".$taskid; + $sql .= " AND ptt.fk_task=".((int) $taskid); } if (is_numeric($userid)) { - $sql .= " AND ptt.fk_user=".$userid; + $sql .= " AND ptt.fk_user=".((int) $userid); } //print $sql; diff --git a/htdocs/projet/class/projectstats.class.php b/htdocs/projet/class/projectstats.class.php index 42c5ae2135f..1845e303704 100644 --- a/htdocs/projet/class/projectstats.class.php +++ b/htdocs/projet/class/projectstats.class.php @@ -68,7 +68,7 @@ class ProjectStats extends Stats $sql .= ", ".MAIN_DB_PREFIX."c_lead_status as cls"; $sql .= $this->buildWhere(); // For external user, no check is done on company permission because readability is managed by public status of project and assignement. - //if ($socid > 0) $sql.= " AND t.fk_soc = ".$socid; + //if ($socid > 0) $sql.= " AND t.fk_soc = ".((int) $socid); // No check is done on company permission because readability is managed by public status of project and assignement. //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; $sql .= " AND t.fk_opp_status = cls.rowid"; @@ -133,7 +133,7 @@ class ProjectStats extends Stats // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; $sql .= $this->buildWhere(); // For external user, no check is done on company permission because readability is managed by public status of project and assignement. - //if ($socid > 0) $sql.= " AND t.fk_soc = ".$socid; + //if ($socid > 0) $sql.= " AND t.fk_soc = ".((int) $socid); // No check is done on company permission because readability is managed by public status of project and assignement. //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; $sql .= " GROUP BY year"; diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 9f81218ba8d..bd25398776e 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -854,7 +854,7 @@ class Task extends CommonObject $sql .= " AND p.rowid = ec.element_id"; $sql .= " AND ctc.rowid = ec.fk_c_type_contact"; $sql .= " AND ctc.element = 'project'"; - $sql .= " AND ec.fk_socpeople = ".$filteronprojuser; + $sql .= " AND ec.fk_socpeople = ".((int) $filteronprojuser); $sql .= " AND ec.statut = 4"; $sql .= " AND ctc.source = 'internal'"; } @@ -863,12 +863,12 @@ class Task extends CommonObject $sql .= " AND p.rowid = ec2.element_id"; $sql .= " AND ctc2.rowid = ec2.fk_c_type_contact"; $sql .= " AND ctc2.element = 'project_task'"; - $sql .= " AND ec2.fk_socpeople = ".$filterontaskuser; + $sql .= " AND ec2.fk_socpeople = ".((int) $filterontaskuser); $sql .= " AND ec2.statut = 4"; $sql .= " AND ctc2.source = 'internal'"; } if ($socid) { - $sql .= " AND p.fk_soc = ".$socid; + $sql .= " AND p.fk_soc = ".((int) $socid); } if ($projectid) { $sql .= " AND p.rowid IN (".$this->db->sanitize($projectid).")"; @@ -1525,10 +1525,10 @@ class Task extends CommonObject $sql .= " task_date = '".$this->db->idate($this->timespent_date)."',"; $sql .= " task_datehour = '".$this->db->idate($this->timespent_datehour)."',"; $sql .= " task_date_withhour = ".(empty($this->timespent_withhour) ? 0 : 1).","; - $sql .= " task_duration = ".$this->timespent_duration.","; - $sql .= " fk_user = ".$this->timespent_fk_user.","; + $sql .= " task_duration = ".((int) $this->timespent_duration).","; + $sql .= " fk_user = ".((int) $this->timespent_fk_user).","; $sql .= " note = ".(isset($this->timespent_note) ? "'".$this->db->escape($this->timespent_note)."'" : "null"); - $sql .= " WHERE rowid = ".$this->timespent_id; + $sql .= " WHERE rowid = ".((int) $this->timespent_id); dol_syslog(get_class($this)."::updateTimeSpent", LOG_DEBUG); if ($this->db->query($sql)) { @@ -2082,7 +2082,7 @@ class Task extends CommonObject // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; if ($socid) { - $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id.") OR (s.rowid IS NULL))"; diff --git a/htdocs/projet/index.php b/htdocs/projet/index.php index d8c875d2933..aa9d9a8a437 100644 --- a/htdocs/projet/index.php +++ b/htdocs/projet/index.php @@ -213,7 +213,7 @@ if ($mine || empty($user->rights->projet->all->lire)) { $sql .= " AND p.rowid IN (".$db->sanitize($projectsListId).")"; // If we have this test true, it also means projectset is not 2 } if ($socid) { - $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; } $sql .= " ORDER BY p.tms DESC"; $sql .= $db->plimit($max, 0); diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index aa1229ccb42..c95ae10e79a 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -402,12 +402,12 @@ if ($search_status >= 0) { if ($search_status == 99) { $sql .= " AND p.fk_statut <> 2"; } else { - $sql .= " AND p.fk_statut = ".$db->escape($search_status); + $sql .= " AND p.fk_statut = ".((int) $search_status); } } if ($search_opp_status) { if (is_numeric($search_opp_status) && $search_opp_status > 0) { - $sql .= " AND p.fk_opp_status = ".$db->escape($search_opp_status); + $sql .= " AND p.fk_opp_status = ".((int) $search_opp_status); } if ($search_opp_status == 'all') { $sql .= " AND (p.fk_opp_status IS NOT NULL AND p.fk_opp_status <> -1)"; @@ -423,7 +423,7 @@ if ($search_opp_status) { } } if ($search_public != '') { - $sql .= " AND p.public = ".$db->escape($search_public); + $sql .= " AND p.public = ".((int) $search_public); } // For external user, no check is done on company permission because readability is managed by public status of project and assignement. //if ($socid > 0) $sql.= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/projet/tasks/list.php b/htdocs/projet/tasks/list.php index e842b409eae..bbb7b1e51f9 100644 --- a/htdocs/projet/tasks/list.php +++ b/htdocs/projet/tasks/list.php @@ -39,6 +39,7 @@ $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); $confirm = GETPOST('confirm', 'alpha'); $toselect = GETPOST('toselect', 'array'); +$optioncss = GETPOST('optioncss', 'aZ09'); $id = GETPOST('id', 'int'); @@ -382,12 +383,9 @@ if ($search_projectstatus >= 0) { if ($search_projectstatus == 99) { $sql .= " AND p.fk_statut <> 2"; } else { - $sql .= " AND p.fk_statut = ".$db->escape($search_projectstatus); + $sql .= " AND p.fk_statut = ".((int) $search_projectstatus); } } -if ($search_public != '') { - $sql .= " AND p.public = ".$db->escape($search_public); -} if ($search_project_user > 0) { $sql .= " AND ecp.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listofprojectcontacttype))).") AND ecp.element_id = p.rowid AND ecp.fk_socpeople = ".$search_project_user; } @@ -512,9 +510,6 @@ if ($search_projectstatus != '') { if ((is_numeric($search_opp_status) && $search_opp_status >= 0) || in_array($search_opp_status, array('all', 'none'))) { $param .= '&search_opp_status='.urlencode($search_opp_status); } -if ($search_public != '') { - $param .= '&search_public='.urlencode($search_public); -} if ($search_project_user != '') { $param .= '&search_project_user='.urlencode($search_project_user); } diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index 01622a41945..a9316bcedcd 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -1043,7 +1043,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0) { $sql .= " ".MAIN_DB_PREFIX."projet_task as pt, ".MAIN_DB_PREFIX."user as u"; $sql .= " WHERE t.fk_user = u.rowid AND t.fk_task = pt.rowid"; if (empty($projectidforalltimes)) { - $sql .= " AND t.fk_task =".$object->id; + $sql .= " AND t.fk_task =".((int) $object->id); } else { $sql .= " AND pt.fk_projet IN (".$db->sanitize($projectidforalltimes).")"; } diff --git a/htdocs/public/emailing/mailing-unsubscribe.php b/htdocs/public/emailing/mailing-unsubscribe.php index 9c39dafa18d..6648bafd07a 100644 --- a/htdocs/public/emailing/mailing-unsubscribe.php +++ b/htdocs/public/emailing/mailing-unsubscribe.php @@ -127,7 +127,7 @@ if (!empty($tag) && ($unsuscrib == '1')) { // Update status of mail in recipient mailing list table $statut = '3'; - $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".$statut." WHERE tag='".$db->escape($tag)."'"; + $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".((int) $statut)." WHERE tag = '".$db->escape($tag)."'"; $resql = $db->query($sql); if (!$resql) { diff --git a/htdocs/reception/card.php b/htdocs/reception/card.php index cd34b0f916f..531fdf9c23a 100644 --- a/htdocs/reception/card.php +++ b/htdocs/reception/card.php @@ -1699,10 +1699,10 @@ if ($action == 'create') { //if ($conf->delivery_note->enabled) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."delivery as l ON l.fk_reception = e.rowid LEFT JOIN ".MAIN_DB_PREFIX."deliverydet as ld ON ld.fk_delivery = l.rowid AND obj.rowid = ld.fk_origin_line"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON obj.fk_product = p.rowid"; $sql .= " WHERE e.entity IN (".getEntity('reception').")"; - $sql .= " AND obj.fk_commande = ".$origin_id; + $sql .= " AND obj.fk_commande = ".((int) $origin_id); $sql .= " AND obj.rowid = ed.fk_commandefourndet"; $sql .= " AND ed.fk_reception = e.rowid"; - $sql .= " AND ed.fk_reception !=".$object->id; + $sql .= " AND ed.fk_reception !=".(int) $object->id); //if ($filter) $sql.= $filter; $sql .= " ORDER BY obj.fk_product"; diff --git a/htdocs/reception/index.php b/htdocs/reception/index.php index 9eadc3be41a..7cb26dee0ca 100644 --- a/htdocs/reception/index.php +++ b/htdocs/reception/index.php @@ -94,7 +94,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= $clause." e.fk_statut = 0"; $sql .= " AND e.entity IN (".getEntity('reception').")"; if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $resql = $db->query($sql); @@ -160,7 +160,7 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= " AND e.fk_statut = 1"; if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $sql .= " ORDER BY e.date_delivery DESC"; $sql .= $db->plimit($max, 0); @@ -219,7 +219,7 @@ $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('supplier_order').")"; $sql .= " AND c.fk_statut IN (".CommandeFournisseur::STATUS_ORDERSENT.", ".CommandeFournisseur::STATUS_RECEIVED_PARTIALLY.")"; if ($socid > 0) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; diff --git a/htdocs/reception/list.php b/htdocs/reception/list.php index 7295b3df75a..a6ecd37cc6d 100644 --- a/htdocs/reception/list.php +++ b/htdocs/reception/list.php @@ -454,10 +454,10 @@ if (!$user->rights->societe->client->voir && !$socid) { // Internal user with no $sql .= " AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND e.fk_soc = ".$socid; + $sql .= " AND e.fk_soc = ".((int) $socid); } if ($search_status <> '' && $search_status >= 0) { - $sql .= " AND e.fk_statut = ".$search_status; + $sql .= " AND e.fk_statut = ".((int) $search_status); } if ($search_billed != '' && $search_billed >= 0) { $sql .= ' AND e.billed = '.((int) $search_billed); diff --git a/htdocs/recruitment/recruitmentindex.php b/htdocs/recruitment/recruitmentindex.php index 7e369fe6bb2..d3f97e6f3d1 100644 --- a/htdocs/recruitment/recruitmentindex.php +++ b/htdocs/recruitment/recruitmentindex.php @@ -255,7 +255,7 @@ if (! empty($conf->recruitment->enabled) && $user->rights->recruitment->read) $sql.= " AND c.fk_statut = 0"; $sql.= " AND c.entity IN (".getEntity('commande').")"; if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; - if ($socid) $sql.= " AND c.fk_soc = ".$socid; + if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); $resql = $db->query($sql); if ($resql) diff --git a/htdocs/resource/class/dolresource.class.php b/htdocs/resource/class/dolresource.class.php index 4979a883d9c..91f68951842 100644 --- a/htdocs/resource/class/dolresource.class.php +++ b/htdocs/resource/class/dolresource.class.php @@ -200,7 +200,7 @@ class Dolresource extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_resource as ty ON ty.code=t.fk_code_type_resource"; if ($id) { - $sql .= " WHERE t.rowid = ".$this->db->escape($id); + $sql .= " WHERE t.rowid = ".((int) $id); } else { $sql .= " WHERE t.ref = '".$this->db->escape($ref)."'"; } @@ -415,7 +415,7 @@ class Dolresource extends CommonObject dol_syslog(get_class($this), LOG_DEBUG); if ($this->db->query($sql)) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."element_resources"; - $sql .= " WHERE element_type='resource' AND resource_id =".$this->db->escape($rowid); + $sql .= " WHERE element_type='resource' AND resource_id = ".((int) $rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -831,7 +831,7 @@ class Dolresource extends CommonObject // Links beetween objects are stored in this table $sql = 'SELECT rowid, resource_id, resource_type, busy, mandatory'; $sql .= ' FROM '.MAIN_DB_PREFIX.'element_resources'; - $sql .= " WHERE element_id=".$element_id." AND element_type='".$this->db->escape($element)."'"; + $sql .= " WHERE element_id=".((int) $element_id)." AND element_type='".$this->db->escape($element)."'"; if ($resource_type) { $sql .= " AND resource_type LIKE '%".$this->db->escape($resource_type)."%'"; } diff --git a/htdocs/salaries/class/salary.class.php b/htdocs/salaries/class/salary.class.php index e7f1af66e0c..2f87fdd99d2 100644 --- a/htdocs/salaries/class/salary.class.php +++ b/htdocs/salaries/class/salary.class.php @@ -132,14 +132,13 @@ class Salary extends CommonObject // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."salary SET"; - $sql .= " tms='".$this->db->idate(dol_now())."',"; - $sql .= " fk_user=".$this->fk_user.","; + $sql .= " fk_user=".((int) $this->fk_user).","; /*$sql .= " datep='".$this->db->idate($this->datep)."',"; $sql .= " datev='".$this->db->idate($this->datev)."',";*/ $sql .= " amount=".price2num($this->amount).","; $sql .= " fk_projet=".((int) $this->fk_project).","; - $sql .= " fk_typepayment=".$this->type_payment.","; + $sql .= " fk_typepayment=".((int) $this->type_payment).","; $sql .= " label='".$this->db->escape($this->label)."',"; $sql .= " datesp='".$this->db->idate($this->datesp)."',"; $sql .= " dateep='".$this->db->idate($this->dateep)."',"; @@ -147,7 +146,6 @@ class Salary extends CommonObject $sql .= " fk_bank=".($this->fk_bank > 0 ? (int) $this->fk_bank : "null").","; $sql .= " fk_user_author=".((int) $this->fk_user_author).","; $sql .= " fk_user_modif=".($this->fk_user_modif > 0 ? (int) $this->fk_user_modif : (int) $user->id); - $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); diff --git a/htdocs/salaries/list.php b/htdocs/salaries/list.php index 382e05e4f0d..b4abbb04a26 100644 --- a/htdocs/salaries/list.php +++ b/htdocs/salaries/list.php @@ -273,10 +273,10 @@ if ($search_account > 0) { $sql .= " AND s.fk_account=".((int) $search_account); } if ($search_status != '' && $search_status >= 0) { - $sql .= " AND s.paye = ".$db->escape($search_status); + $sql .= " AND s.paye = ".((int) $search_status); } if ($search_type_id) { - $sql .= " AND s.fk_typepayment=".$search_type_id; + $sql .= " AND s.fk_typepayment=".((int) $search_type_id); } $sql .= " GROUP BY u.rowid, u.lastname, u.firstname, u.login, u.email, u.admin, u.salary, u.fk_soc, u.statut,"; $sql .= " s.rowid, s.fk_account, s.paye, s.fk_user, s.amount, s.salary, s.label, s.datesp, s.dateep, s.fk_typepayment, s.fk_bank,"; diff --git a/htdocs/salaries/payments.php b/htdocs/salaries/payments.php index f0602e88a5c..7af7fa4d986 100644 --- a/htdocs/salaries/payments.php +++ b/htdocs/salaries/payments.php @@ -218,7 +218,7 @@ if ($search_fk_bank) $sql .= " AND s.fk_bank=".((int) $search_fk_bank); if ($search_chq_number) $sql .= natural_search(array('s.num_payment'), $search_chq_number); if ($search_type_id > 0) { - $sql .= " AND s.fk_typepayment=".$search_type_id; + $sql .= " AND s.fk_typepayment=".((int) $search_type_id); } $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/societe/class/api_contacts.class.php b/htdocs/societe/class/api_contacts.class.php index f62fb894bd0..f8cd7f9d7ea 100644 --- a/htdocs/societe/class/api_contacts.class.php +++ b/htdocs/societe/class/api_contacts.class.php @@ -210,7 +210,7 @@ class Contacts extends DolibarrApi // Select contacts of given category if ($category > 0) { - $sql .= " AND c.fk_categorie = ".$this->db->escape($category); + $sql .= " AND c.fk_categorie = ".((int) $category); $sql .= " AND c.fk_socpeople = t.rowid "; } diff --git a/htdocs/societe/class/api_thirdparties.class.php b/htdocs/societe/class/api_thirdparties.class.php index 253a35e710c..0257b692b62 100644 --- a/htdocs/societe/class/api_thirdparties.class.php +++ b/htdocs/societe/class/api_thirdparties.class.php @@ -178,11 +178,11 @@ class Thirdparties extends DolibarrApi // Select thirdparties of given category if ($category > 0) { if (!empty($mode) && $mode != 4) { - $sql .= " AND c.fk_categorie = ".$this->db->escape($category)." AND c.fk_soc = t.rowid"; + $sql .= " AND c.fk_categorie = ".((int) $category)." AND c.fk_soc = t.rowid"; } elseif (!empty($mode) && $mode == 4) { - $sql .= " AND cc.fk_categorie = ".$this->db->escape($category)." AND cc.fk_soc = t.rowid"; + $sql .= " AND cc.fk_categorie = ".((int) $category)." AND cc.fk_soc = t.rowid"; } else { - $sql .= " AND ((c.fk_categorie = ".$this->db->escape($category)." AND c.fk_soc = t.rowid) OR (cc.fk_categorie = ".$this->db->escape($category)." AND cc.fk_soc = t.rowid))"; + $sql .= " AND ((c.fk_categorie = ".((int) $category)." AND c.fk_soc = t.rowid) OR (cc.fk_categorie = ".((int) $category)." AND cc.fk_soc = t.rowid))"; } } diff --git a/htdocs/societe/class/companybankaccount.class.php b/htdocs/societe/class/companybankaccount.class.php index 3e410019b22..6c52359979e 100644 --- a/htdocs/societe/class/companybankaccount.class.php +++ b/htdocs/societe/class/companybankaccount.class.php @@ -156,10 +156,10 @@ class CompanyBankAccount extends Account $sql .= ",cle_rib='".$this->db->escape($this->cle_rib)."'"; $sql .= ",bic='".$this->db->escape($this->bic)."'"; $sql .= ",iban_prefix = '".$this->db->escape($this->iban)."'"; - $sql .= ",domiciliation='".$this->db->escape($this->domiciliation)."'"; + $sql .= ",domiciliation = '".$this->db->escape($this->domiciliation)."'"; $sql .= ",proprio = '".$this->db->escape($this->proprio)."'"; $sql .= ",owner_address = '".$this->db->escape($this->owner_address)."'"; - $sql .= ",default_rib = ".$this->default_rib; + $sql .= ",default_rib = ".((int) $this->default_rib); if ($conf->prelevement->enabled) { $sql .= ",frstrecur = '".$this->db->escape($this->frstrecur)."'"; $sql .= ",rum = '".$this->db->escape($this->rum)."'"; diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 97723f83f37..149801a65e2 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -1386,7 +1386,7 @@ class Societe extends CommonObject $sql .= ",tva_assuj = ".($this->tva_assuj != '' ? "'".$this->db->escape($this->tva_assuj)."'" : "null"); $sql .= ",tva_intra = '".$this->db->escape($this->tva_intra)."'"; - $sql .= ",status = ".$this->status; + $sql .= ",status = ".((int) $this->status); // Local taxes $sql .= ",localtax1_assuj = ".($this->localtax1_assuj != '' ? "'".$this->db->escape($this->localtax1_assuj)."'" : "null"); @@ -1449,7 +1449,7 @@ class Societe extends CommonObject $sql .= ",webservices_key = ".(!empty($this->webservices_key) ? "'".$this->db->escape($this->webservices_key)."'" : "null"); //Incoterms - $sql .= ", fk_incoterms = ".$this->fk_incoterms; + $sql .= ", fk_incoterms = ".((int) $this->fk_incoterms); $sql .= ", location_incoterms = ".(!empty($this->location_incoterms) ? "'".$this->db->escape($this->location_incoterms)."'" : "null"); if ($customer) { @@ -3941,8 +3941,8 @@ class Societe extends CommonObject } $sql = "UPDATE ".MAIN_DB_PREFIX."adherent"; - $sql .= " SET fk_soc=".$this->id; - $sql .= " WHERE rowid=".$member->id; + $sql .= " SET fk_soc = ".((int) $this->id); + $sql .= " WHERE rowid = ".((int) $member->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index bf39dbc608c..5935ac43b70 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -288,7 +288,7 @@ if ($action == "change") { // Change customer for TakePOS $invoice->module_source = 'takepos'; $invoice->pos_source = $_SESSION["takeposterminal"]; $placeid = $invoice->create($user); - $sql = "UPDATE ".MAIN_DB_PREFIX."facture set ref='(PROV-POS".$_SESSION["takeposterminal"]."-".$place.")' where rowid=".$placeid; + $sql = "UPDATE ".MAIN_DB_PREFIX."facture set ref='(PROV-POS".$_SESSION["takeposterminal"]."-".$place.")' where rowid = ".((int) $placeid); $db->query($sql); } @@ -526,13 +526,13 @@ if (!$user->rights->fournisseur->lire) { if ($search_sale == -2) { $sql .= " AND sc.fk_user IS NULL"; } elseif ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".$db->escape($search_sale); + $sql .= " AND sc.fk_user = ".((int) $search_sale); } if ($search_categ_cus > 0) { - $sql .= " AND cc.fk_categorie = ".$db->escape($search_categ_cus); + $sql .= " AND cc.fk_categorie = ".((int) $search_categ_cus); } if ($search_categ_sup > 0) { - $sql .= " AND cs.fk_categorie = ".$db->escape($search_categ_sup); + $sql .= " AND cs.fk_categorie = ".((int) $search_categ_sup); } if ($search_categ_cus == -2) { $sql .= " AND cc.fk_categorie IS NULL"; @@ -667,7 +667,7 @@ $parameters = array('socid' => $socid); $reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook if (empty($reshook)) { if ($socid) { - $sql .= " AND s.rowid = ".$socid; + $sql .= " AND s.rowid = ".((int) $socid); } } $sql .= $hookmanager->resPrint; diff --git a/htdocs/societe/notify/card.php b/htdocs/societe/notify/card.php index 55ae070363a..7e4a1084ec1 100644 --- a/htdocs/societe/notify/card.php +++ b/htdocs/societe/notify/card.php @@ -34,8 +34,8 @@ $langs->loadLangs(array("companies", "mails", "admin", "other", "errors")); $socid = GETPOST("socid", 'int'); $action = GETPOST('action', 'aZ09'); -$contactid = GETPOST('contactid'); // May be an int or 'thirdparty' -$actionid = GETPOST('actionid'); +$contactid = GETPOST('contactid', 'alpha'); // May be an int or 'thirdparty' +$actionid = GETPOST('actionid', 'int'); $optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print') // Security check @@ -98,10 +98,10 @@ if (empty($reshook)) { $db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def"; - $sql .= " WHERE fk_soc=".$socid." AND fk_contact=".$contactid." AND fk_action=".$actionid; + $sql .= " WHERE fk_soc=".((int) $socid)." AND fk_contact=".((int) $contactid)." AND fk_action=".((int) $actionid); if ($db->query($sql)) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify_def (datec,fk_soc, fk_contact, fk_action)"; - $sql .= " VALUES ('".$db->idate($now)."',".$socid.",".$contactid.",".$actionid.")"; + $sql .= " VALUES ('".$db->idate($now)."',".((int) $socid).",".((int) $contactid).",".((int) $actionid).")"; if (!$db->query($sql)) { $error++; @@ -230,7 +230,7 @@ if ($result > 0) { $sql .= " ".MAIN_DB_PREFIX."socpeople c"; $sql .= " WHERE a.rowid = n.fk_action"; $sql .= " AND c.rowid = n.fk_contact"; - $sql .= " AND c.fk_soc = ".$object->id; + $sql .= " AND c.fk_soc = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { @@ -399,7 +399,7 @@ if ($result > 0) { $sql .= " ".MAIN_DB_PREFIX."notify as n "; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople as c ON n.fk_contact = c.rowid"; $sql .= " WHERE a.rowid = n.fk_action"; - $sql .= " AND n.fk_soc = ".$object->id; + $sql .= " AND n.fk_soc = ".((int) $object->id); $sql .= $db->order($sortfield, $sortorder); // Count total nb of records diff --git a/htdocs/societe/paymentmodes.php b/htdocs/societe/paymentmodes.php index ed392c0c0a1..2d2869fd1cc 100644 --- a/htdocs/societe/paymentmodes.php +++ b/htdocs/societe/paymentmodes.php @@ -977,8 +977,8 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX."societe_rib"; $sql .= " WHERE type in ('card')"; - $sql .= " AND fk_soc = ".$object->id; - $sql .= " AND status = ".$servicestatus; + $sql .= " AND fk_soc = ".((int) $object->id); + $sql .= " AND status = ".((int) $servicestatus); $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index 47793509bab..5906db24ee7 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -3211,7 +3211,7 @@ class SupplierProposalLine extends CommonObjectLine $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposaldet SET"; $sql .= " description='".$this->db->escape($this->desc)."'"; $sql .= " , label=".(!empty($this->label) ? "'".$this->db->escape($this->label)."'" : "null"); - $sql .= " , product_type=".$this->product_type; + $sql .= " , product_type=".((int) $this->product_type); $sql .= " , date_start=".($this->date_start ? "'".$this->db->idate($this->date_start)."'" : "null"); $sql .= " , date_end=".($this->date_end ? "'".$this->db->idate($this->date_end)."'" : "null"); $sql .= " , tva_tx='".price2num($this->tva_tx)."'"; @@ -3233,11 +3233,11 @@ class SupplierProposalLine extends CommonObjectLine $sql .= " , fk_product_fournisseur_price=".(!empty($this->fk_fournprice) ? "'".$this->db->escape($this->fk_fournprice)."'" : "null"); $sql .= " , buy_price_ht=".price2num($this->pa_ht); if (strlen($this->special_code)) { - $sql .= " , special_code=".$this->special_code; + $sql .= " , special_code=".((int) $this->special_code); } $sql .= " , fk_parent_line=".($this->fk_parent_line > 0 ? $this->fk_parent_line : "null"); if (!empty($this->rang)) { - $sql .= ", rang=".$this->rang; + $sql .= ", rang=".((int) $this->rang); } $sql .= " , ref_fourn=".(!empty($this->ref_fourn) ? "'".$this->db->escape($this->ref_fourn)."'" : "null"); $sql .= " , fk_unit=".($this->fk_unit ? $this->fk_unit : 'null'); diff --git a/htdocs/supplier_proposal/index.php b/htdocs/supplier_proposal/index.php index 75eba410d0f..85f5f96c1af 100644 --- a/htdocs/supplier_proposal/index.php +++ b/htdocs/supplier_proposal/index.php @@ -173,7 +173,7 @@ if (!empty($conf->supplier_proposal->enabled)) { $sql .= " AND c.entity = ".$conf->entity; $sql .= " AND c.fk_statut = 0"; if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; @@ -231,7 +231,7 @@ $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity = ".$conf->entity; //$sql.= " AND c.fk_statut > 2"; if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php index 3b9a7892310..5fcafb2fdc4 100644 --- a/htdocs/supplier_proposal/list.php +++ b/htdocs/supplier_proposal/list.php @@ -382,7 +382,7 @@ if ($search_sale > 0) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale); } if ($search_user > 0) { - $sql .= " AND c.fk_c_type_contact = tc.rowid AND tc.element='supplier_proposal' AND tc.source='internal' AND c.element_id = sp.rowid AND c.fk_socpeople = ".$search_user; + $sql .= " AND c.fk_c_type_contact = tc.rowid AND tc.element='supplier_proposal' AND tc.source='internal' AND c.element_id = sp.rowid AND c.fk_socpeople = ".((int) $search_user); } // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; diff --git a/htdocs/takepos/floors.php b/htdocs/takepos/floors.php index 92d7e8288e1..0aa45028ddd 100644 --- a/htdocs/takepos/floors.php +++ b/htdocs/takepos/floors.php @@ -70,7 +70,7 @@ if (empty($user->rights->takepos->run)) { */ if ($action == "getTables") { - $sql = "SELECT rowid, entity, label, leftpos, toppos, floor FROM ".MAIN_DB_PREFIX."takepos_floor_tables where floor=".$floor; + $sql = "SELECT rowid, entity, label, leftpos, toppos, floor FROM ".MAIN_DB_PREFIX."takepos_floor_tables where floor = ".((int) $floor); $resql = $db->query($sql); $rows = array(); while ($row = $db->fetch_array($resql)) { diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php index 6582ec96172..60276c545ca 100644 --- a/htdocs/takepos/invoice.php +++ b/htdocs/takepos/invoice.php @@ -478,7 +478,7 @@ if (($action == "addline" || $action == "freezone") && $placeid == 0) { if ($placeid < 0) { dol_htmloutput_errors($invoice->error, $invoice->errors, 1); } - $sql = "UPDATE ".MAIN_DB_PREFIX."facture set ref='(PROV-POS".$_SESSION["takeposterminal"]."-".$place.")' where rowid=".$placeid; + $sql = "UPDATE ".MAIN_DB_PREFIX."facture set ref='(PROV-POS".$_SESSION["takeposterminal"]."-".$place.")' where rowid = ".((int) $placeid); $db->query($sql); } } diff --git a/htdocs/ticket/class/api_tickets.class.php b/htdocs/ticket/class/api_tickets.class.php index 7f2d2cf1be0..e104d425bf4 100644 --- a/htdocs/ticket/class/api_tickets.class.php +++ b/htdocs/ticket/class/api_tickets.class.php @@ -262,7 +262,7 @@ class Tickets extends DolibarrApi $sql .= " AND t.fk_soc = sc.fk_soc"; } if ($socid > 0) { - $sql .= " AND t.fk_soc = ".$socid; + $sql .= " AND t.fk_soc = ".((int) $socid); } if ($search_sale > 0) { $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale @@ -270,7 +270,7 @@ class Tickets extends DolibarrApi // Insert sale filter if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index 61a6d15d9a1..f4e92ecab18 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -1829,19 +1829,22 @@ class Ticket extends CommonObject public function searchSocidByEmail($email, $type = '0', $filters = array(), $clause = 'AND') { $thirdparties = array(); + $case = 0; + $exact = 0; // Generation requete recherche $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe"; $sql .= " WHERE entity IN (".getEntity('ticket', 1).")"; if (!empty($type)) { if ($type == 1 || $type == 2) { - $sql .= " AND client = ".$type; + $sql .= " AND client = ".((int) $type); } elseif ($type == 3) { $sql .= " AND fournisseur = 1"; } } if (!empty($email)) { if (!$exact) { + $regs = array(); if (preg_match('/^([\*])?[^*]+([\*])?$/', $email, $regs) && count($regs) > 1) { $email = str_replace('*', '%', $email); } else { diff --git a/htdocs/user/class/api_users.class.php b/htdocs/user/class/api_users.class.php index 9fa84042c3a..e0cbd849092 100644 --- a/htdocs/user/class/api_users.class.php +++ b/htdocs/user/class/api_users.class.php @@ -93,7 +93,7 @@ class Users extends DolibarrApi // Select products of given category if ($category > 0) { - $sql .= " AND c.fk_categorie = ".$this->db->escape($category); + $sql .= " AND c.fk_categorie = ".((int) $category); $sql .= " AND c.fk_user = t.rowid"; } diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 910edce8c17..ec09aafeef5 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -1418,10 +1418,10 @@ class User extends CommonObject $result = $this->create($user, 1); if ($result > 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."user"; - $sql .= " SET fk_socpeople=".$contact->id; + $sql .= " SET fk_socpeople=".((int) $contact->id); $sql .= ", civility='".$this->db->escape($contact->civility_code)."'"; if ($contact->socid > 0) { - $sql .= ", fk_soc=".$contact->socid; + $sql .= ", fk_soc=".((int) $contact->socid); } $sql .= " WHERE rowid=".((int) $this->id); @@ -1517,7 +1517,7 @@ class User extends CommonObject if ($result > 0 && $member->fk_soc) { // If member is linked to a thirdparty $sql = "UPDATE ".MAIN_DB_PREFIX."user"; - $sql .= " SET fk_soc=".$member->fk_soc; + $sql .= " SET fk_soc=".((int) $member->fk_soc); $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::create_from_member", LOG_DEBUG); diff --git a/htdocs/user/class/usergroup.class.php b/htdocs/user/class/usergroup.class.php index cacaeb54fc1..083b1bcc18c 100644 --- a/htdocs/user/class/usergroup.class.php +++ b/htdocs/user/class/usergroup.class.php @@ -194,7 +194,7 @@ class UserGroup extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."usergroup as g,"; $sql .= " ".MAIN_DB_PREFIX."usergroup_user as ug"; $sql .= " WHERE ug.fk_usergroup = g.rowid"; - $sql .= " AND ug.fk_user = ".$userid; + $sql .= " AND ug.fk_user = ".((int) $userid); if (!empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && !$user->entity) { $sql .= " AND g.entity IS NOT NULL"; } else { @@ -359,7 +359,7 @@ class UserGroup extends CommonObject //print "$module-$perms-$subperms"; $sql = "SELECT id"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql .= " WHERE entity = ".$entity; + $sql .= " WHERE entity = ".((int) $entity); if (!empty($whereforadd) && $whereforadd != 'allmodules') { $sql .= " AND ".$whereforadd; } @@ -438,8 +438,8 @@ class UserGroup extends CommonObject // les caracteristiques module, perms et subperms de ce droit. $sql = "SELECT module, perms, subperms"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql .= " WHERE id = '".$this->db->escape($rid)."'"; - $sql .= " AND entity = ".$entity; + $sql .= " WHERE id = ".((int) $rid); + $sql .= " AND entity = ".((int) $entity); $result = $this->db->query($sql); if ($result) { @@ -454,8 +454,8 @@ class UserGroup extends CommonObject dol_print_error($this->db); } - // Where pour la liste des droits a supprimer - $wherefordel = "id=".$this->db->escape($rid); + // Where for the list of permissions to delete + $wherefordel = "id = ".((int) $rid); // Suppression des droits induits if ($subperms == 'lire' || $subperms == 'read') { $wherefordel .= " OR (module='".$this->db->escape($module)."' AND perms='".$this->db->escape($perms)."' AND subperms IS NOT NULL)"; diff --git a/htdocs/user/list.php b/htdocs/user/list.php index bd82824cb05..62372df637a 100644 --- a/htdocs/user/list.php +++ b/htdocs/user/list.php @@ -423,7 +423,7 @@ if ($search_categ == -2) { $sql .= " AND cu.fk_categorie IS NULL"; } if ($search_warehouse > 0) { - $sql .= " AND u.fk_warehouse = ".$db->escape($search_warehouse); + $sql .= " AND u.fk_warehouse = ".((int) $search_warehouse); } if ($mode == 'employee' && empty($user->rights->salaries->readall)) { $sql .= " AND u.rowid IN (".$db->sanitize(join(',', $childids)).")"; diff --git a/htdocs/webservices/server_invoice.php b/htdocs/webservices/server_invoice.php index d1382ac7c62..3fa61960b8c 100644 --- a/htdocs/webservices/server_invoice.php +++ b/htdocs/webservices/server_invoice.php @@ -425,7 +425,7 @@ function getInvoicesForThirdParty($authentication, $idthirdparty) $sql .= ' FROM '.MAIN_DB_PREFIX.'facture as f'; $sql .= " WHERE f.entity IN (".getEntity('invoice').")"; if ($idthirdparty != 'all') { - $sql .= " AND f.fk_soc = ".$db->escape($idthirdparty); + $sql .= " AND f.fk_soc = ".((int) $idthirdparty); } $resql = $db->query($sql); diff --git a/htdocs/webservices/server_order.php b/htdocs/webservices/server_order.php index 8f3d5af17e6..73769d43cec 100644 --- a/htdocs/webservices/server_order.php +++ b/htdocs/webservices/server_order.php @@ -537,7 +537,7 @@ function getOrdersForThirdParty($authentication, $idthirdparty) $sql .= ' FROM '.MAIN_DB_PREFIX.'commande as c'; $sql .= " WHERE c.entity = ".$conf->entity; if ($idthirdparty != 'all') { - $sql .= " AND c.fk_soc = ".$db->escape($idthirdparty); + $sql .= " AND c.fk_soc = ".((int) $idthirdparty); } diff --git a/htdocs/webservices/server_productorservice.php b/htdocs/webservices/server_productorservice.php index 95b7246d021..35997d16d6e 100644 --- a/htdocs/webservices/server_productorservice.php +++ b/htdocs/webservices/server_productorservice.php @@ -916,13 +916,13 @@ function getListOfProductsOrServices($authentication, $filterproduct) $sql .= " WHERE entity=".$conf->entity; foreach ($filterproduct as $key => $val) { if ($key == 'type' && $val >= 0) { - $sql .= " AND fk_product_type = ".$db->escape($val); + $sql .= " AND fk_product_type = ".((int) $val); } if ($key == 'status_tosell') { - $sql .= " AND tosell = ".$db->escape($val); + $sql .= " AND tosell = ".((int) $val); } if ($key == 'status_tobuy') { - $sql .= " AND tobuy = ".$db->escape($val); + $sql .= " AND tobuy = ".((int) $val); } } $resql = $db->query($sql); diff --git a/htdocs/webservices/server_supplier_invoice.php b/htdocs/webservices/server_supplier_invoice.php index 2a17ea15265..6803133d527 100644 --- a/htdocs/webservices/server_supplier_invoice.php +++ b/htdocs/webservices/server_supplier_invoice.php @@ -358,7 +358,7 @@ function getSupplierInvoicesForThirdParty($authentication, $idthirdparty) //$sql.=" WHERE f.fk_soc = s.rowid AND nom = '".$db->escape($idthirdparty)."'"; $sql .= " WHERE f.entity = ".$conf->entity; if ($idthirdparty != 'all') { - $sql .= " AND f.fk_soc = ".$db->escape($idthirdparty); + $sql .= " AND f.fk_soc = ".((int) $idthirdparty); } $resql = $db->query($sql); diff --git a/htdocs/webservices/server_thirdparty.php b/htdocs/webservices/server_thirdparty.php index c256e975217..dbf2f3dd125 100644 --- a/htdocs/webservices/server_thirdparty.php +++ b/htdocs/webservices/server_thirdparty.php @@ -707,13 +707,13 @@ function getListOfThirdParties($authentication, $filterthirdparty) $sql .= " AND s.name LIKE '%".$db->escape($val)."%'"; } if ($key == 'client' && (int) $val > 0) { - $sql .= " AND s.client = ".$db->escape($val); + $sql .= " AND s.client = ".((int) $val); } if ($key == 'supplier' && (int) $val > 0) { - $sql .= " AND s.fournisseur = ".$db->escape($val); + $sql .= " AND s.fournisseur = ".((int) $val); } if ($key == 'category' && (int) $val > 0) { - $sql .= " AND s.rowid IN (SELECT fk_soc FROM ".MAIN_DB_PREFIX."categorie_societe WHERE fk_categorie=".$db->escape($val).") "; + $sql .= " AND s.rowid IN (SELECT fk_soc FROM ".MAIN_DB_PREFIX."categorie_societe WHERE fk_categorie = ".((int) $val).") "; } } dol_syslog("Function: getListOfThirdParties", LOG_DEBUG); From 2681d581075c69544b67cb1bd491b848896f46ea Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Jun 2021 16:37:15 +0200 Subject: [PATCH 73/93] FIx CVE ID: CVE-2021-33816 --- htdocs/core/class/utils.class.php | 2 +- htdocs/website/index.php | 25 +++++++++++++++++++++++-- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/htdocs/core/class/utils.class.php b/htdocs/core/class/utils.class.php index a4f6bb11706..bdd6cc2b83a 100644 --- a/htdocs/core/class/utils.class.php +++ b/htdocs/core/class/utils.class.php @@ -594,7 +594,7 @@ class Utils * Execute a CLI command. * * @param string $command Command line to execute. - * @param string $outputfile Output file (used only when method is 2). For exemple $conf->admin->dir_temp.'/out.tmp'; + * @param string $outputfile A path for an output file (used only when method is 2). For example: $conf->admin->dir_temp.'/out.tmp'; * @param int $execmethod 0=Use default method (that is 1 by default), 1=Use the PHP 'exec', 2=Use the 'popen' method * @return array array('result'=>...,'output'=>...,'error'=>...). result = 0 means OK. */ diff --git a/htdocs/website/index.php b/htdocs/website/index.php index fe1bdce10d4..9361aae865f 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -1998,8 +1998,12 @@ if ($usercanedit && (($action == 'updatesource' || $action == 'updatecontent' || // Security analysis $phpfullcodestring = dolKeepOnlyPhpCode($objectpage->content); - //print dol_escape_htmltag($phpfullcodestring);exit; - $forbiddenphpcommands = array("exec", "passthru", "system", "shell_exec", "proc_open", "eval", "dol_eval"); + + // First check forbidden commands + $forbiddenphpcommands = array(); + if (empty($conf->global->WEBSITE_PHP_ALLOW_EXEC)) { // If option is not on, we disallow functions to execute commands + $forbiddenphpcommands = array("exec", "passthru", "shell_exec", "system", "proc_open", "popen", "eval", "dol_eval", "executeCLI"); + } if (empty($conf->global->WEBSITE_PHP_ALLOW_WRITE)) { // If option is not on, we disallow functions to write files $forbiddenphpcommands = array_merge($forbiddenphpcommands, array("fopen", "file_put_contents", "fputs", "fputscsv", "fwrite", "fpassthru", "unlink", "mkdir", "rmdir", "symlink", "touch", "umask")); } @@ -2015,6 +2019,23 @@ if ($usercanedit && (($action == 'updatesource' || $action == 'updatecontent' || } } } + // This char can be used to execute RCE for example using with echo `ls` + $forbiddenphpchars = array(); + if (empty($conf->global->WEBSITE_PHP_ALLOW_DANGEROUS_CHARS)) { // If option is not on, we disallow functions to execute commands + $forbiddenphpchars = array("`"); + } + foreach ($forbiddenphpchars as $forbiddenphpchar) { + if (preg_match('/'.$forbiddenphpchar.'/ms', $phpfullcodestring)) { + $error++; + setEventMessages($langs->trans("DynamicPHPCodeContainsAForbiddenInstruction", $forbiddenphpchar), null, 'errors'); + if ($action == 'updatesource') { + $action = 'editsource'; + } + if ($action == 'updatecontent') { + $action = 'editcontent'; + } + } + } if (empty($user->rights->website->writephp)) { if ($phpfullcodestringold != $phpfullcodestring) { From 0b7b12685fac454c450430dfdb100dc72f3778c4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Jun 2021 16:41:43 +0200 Subject: [PATCH 74/93] Clean code --- htdocs/core/lib/functions2.lib.php | 51 ------------------------------ 1 file changed, 51 deletions(-) diff --git a/htdocs/core/lib/functions2.lib.php b/htdocs/core/lib/functions2.lib.php index e279ced2a3d..37f78563c02 100644 --- a/htdocs/core/lib/functions2.lib.php +++ b/htdocs/core/lib/functions2.lib.php @@ -2679,57 +2679,6 @@ if (!function_exists('dolEscapeXML')) { } -/** - * Return automatic or manual in current language - * - * @param string $automaticmanual Value to test (1, 'automatic', 'true' or 0, 'manual', 'false') - * @param integer $case 1=Yes/No, 0=yes/no, 2=Disabled checkbox, 3=Disabled checkbox + Automatic/Manual - * @param int $color 0=texte only, 1=Text is formated with a color font style ('ok' or 'error'), 2=Text is formated with 'ok' color. - * @return string HTML string - */ -function autoOrManual($automaticmanual, $case = 1, $color = 0) -{ - global $langs; - $result = 'unknown'; - $classname = ''; - if ($automaticmanual == 1 || strtolower($automaticmanual) == 'automatic' || strtolower($automaticmanual) == 'true') { // A mettre avant test sur no a cause du == 0 - $result = $langs->trans('automatic'); - if ($case == 1 || $case == 3) { - $result = $langs->trans("Automatic"); - } - if ($case == 2) { - $result = ''; - } - if ($case == 3) { - $result = ' '.$result; - } - - $classname = 'ok'; - } elseif ($automaticmanual == 0 || strtolower($automaticmanual) == 'manual' || strtolower($automaticmanual) == 'false') { - $result = $langs->trans("manual"); - if ($case == 1 || $case == 3) { - $result = $langs->trans("Manual"); - } - if ($case == 2) { - $result = ''; - } - if ($case == 3) { - $result = ' '.$result; - } - - if ($color == 2) { - $classname = 'ok'; - } else { - $classname = 'error'; - } - } - if ($color) { - return ''.$result.''; - } - return $result; -} - - /** * Convert links to local wrapper to medias files into a string into a public external URL readable on internet * From f1c94ac659175c78fc5034dab2d0510eadf4a567 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Jun 2021 17:44:42 +0200 Subject: [PATCH 75/93] NEW Reduce scope of dol_eval function. --- htdocs/core/lib/functions.lib.php | 19 +++++++++++++ test/phpunit/SecurityTest.php | 44 +++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 165d9c503a4..61f268d7871 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -7995,6 +7995,25 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1) global $obj; // To get $obj used into list when dol_eval is used for computed fields and $obj is not yet $object global $soc; // For backward compatibility + // Replace dangerous char (used for RCE), we allow only PHP variable testing. + if (strpos($s, '`') !== false) { + return 'Bad string syntax to evaluate: '.$s; + } + + // We block using of php exec or php file functions + $forbiddenphpcommands = array("exec(", "passthru(", "shell_exec(", "system(", "proc_open(", "popen(", "eval(", "dol_eval(", "executeCLI("); + $forbiddenphpcommands = array_merge($forbiddenphpcommands, array("fopen(", "file_put_contents(", "fputs(", "fputscsv(", "fwrite(", "fpassthru(", "unlink(", "mkdir(", "rmdir(", "symlink(", "touch(", "umask(")); + $forbiddenphpcommands = array_merge($forbiddenphpcommands, array('function(', '$$', 'call_user_func(', '_SESSION', '_COOKIE')); + do { + $oldstringtoclean = $s; + $s = str_ireplace($forbiddenphpcommands, '__forbiddenstring__', $s); + //$s = preg_replace('/\$[a-zA-Z0-9_\->\$]+\(/i', '', $s); // Remove $function( call and $mycall->mymethod( + } while ($oldstringtoclean != $s); + + if (strpos($s, '__forbiddenstring__') !== false) { + return 'Bad string syntax to evaluate: '.$s; + } + //print $s."
\n"; if ($returnvalue) { if ($hideerrors) { diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index f889a6c542b..b1a32249ffc 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -777,4 +777,48 @@ class SecurityTest extends PHPUnit\Framework\TestCase $result=dol_sanitizeFileName('bad file --evilparam'); $this->assertEquals('bad file _evilparam', $result); } + + /** + * testDolEval + * + * @return void + */ + public function testDolEval() + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $result=dol_eval('1==1', 1, 0); + print "result = ".$result."\n"; + $this->assertTrue($result); + + $result=dol_eval('1==2', 1, 0); + print "result = ".$result."\n"; + $this->assertFalse($result); + + include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; + include_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php'; + $result=dol_eval('(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref: "Parent project not found"', 1, 1); + print "result = ".$result."\n"; + $this->assertEquals('Parent project not found', $result); + + $result=dol_eval('$a=function() { }; $a;', 1, 1); + print "result = ".$result."\n"; + $this->assertContains('Bad string syntax to evaluate', $result); + + $result=dol_eval('$a=exec("ls");', 1, 1); + print "result = ".$result."\n"; + $this->assertContains('Bad string syntax to evaluate', $result); + + $result=dol_eval('$a="test"; $$a;', 1, 0); + print "result = ".$result."\n"; + $this->assertContains('Bad string syntax to evaluate', $result); + + $result=dol_eval('`ls`', 1, 0); + print "result = ".$result."\n"; + $this->assertContains('Bad string syntax to evaluate', $result); + } } From f472ff4fd9aac82fc75b2c454d357bb90c1eec49 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Jun 2021 17:47:27 +0200 Subject: [PATCH 76/93] Add phpunit for dol_eval --- htdocs/core/lib/functions.lib.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 61f268d7871..1857be0146c 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -8003,7 +8003,8 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1) // We block using of php exec or php file functions $forbiddenphpcommands = array("exec(", "passthru(", "shell_exec(", "system(", "proc_open(", "popen(", "eval(", "dol_eval(", "executeCLI("); $forbiddenphpcommands = array_merge($forbiddenphpcommands, array("fopen(", "file_put_contents(", "fputs(", "fputscsv(", "fwrite(", "fpassthru(", "unlink(", "mkdir(", "rmdir(", "symlink(", "touch(", "umask(")); - $forbiddenphpcommands = array_merge($forbiddenphpcommands, array('function(', '$$', 'call_user_func(', '_SESSION', '_COOKIE')); + $forbiddenphpcommands = array_merge($forbiddenphpcommands, array('function(', '$$', 'call_user_func(')); + $forbiddenphpcommands = array_merge($forbiddenphpcommands, array('global', '_ENV', '_SESSION', '_COOKIE', '_GET', '_POST', '_REQUEST')); do { $oldstringtoclean = $s; $s = str_ireplace($forbiddenphpcommands, '__forbiddenstring__', $s); From 16f1210e8afddd451ead51fce9fadff0cf360c83 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Jun 2021 17:50:21 +0200 Subject: [PATCH 77/93] Fix phpcs --- htdocs/compta/cashcontrol/report.php | 2 +- htdocs/partnership/class/partnership.class.php | 2 +- htdocs/product/card.php | 8 ++++---- htdocs/reception/card.php | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/htdocs/compta/cashcontrol/report.php b/htdocs/compta/cashcontrol/report.php index fb6e75c68c4..de597a608dc 100644 --- a/htdocs/compta/cashcontrol/report.php +++ b/htdocs/compta/cashcontrol/report.php @@ -223,7 +223,7 @@ if ($resql) { if (empty($cacheinvoiceid[$objp->facid])) { $cacheinvoiceid[$objp->facid] = $objp->facid; // First time this invoice is found into list of invoice x payments - foreach($invoicetmp->lines as $line) { + foreach ($invoicetmp->lines as $line) { $totalqty += $line->qty; $totalvat += $line->total_tva; } diff --git a/htdocs/partnership/class/partnership.class.php b/htdocs/partnership/class/partnership.class.php index d04d0c335eb..125dacb1e53 100644 --- a/htdocs/partnership/class/partnership.class.php +++ b/htdocs/partnership/class/partnership.class.php @@ -354,8 +354,8 @@ class Partnership extends CommonObject * * @param int $id Id of object to load * @param string $ref Ref of object - * @param int $fk_soc fk_soc * @param int $fk_member fk_member + * @param int $fk_soc fk_soc * @return int >0 if OK, <0 if KO, 0 if not found */ public function fetch($id, $ref = null, $fk_member = null, $fk_soc = null) diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 1b732cd721e..5067b9ce838 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -2050,10 +2050,10 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print ''; if ((($object->status_batch == '1' &&$conf->global->PRODUCTBATCH_LOT_USE_PRODUCT_MASKS && $conf->global->PRODUCTBATCH_LOT_ADDON == 'mod_lot_advanced') || ($object->status_batch == '2' && $conf->global->PRODUCTBATCH_SN_ADDON == 'mod_sn_advanced' && $conf->global->PRODUCTBATCH_SN_USE_PRODUCT_MASKS))) { - print ''; - } + print ''; + } } } diff --git a/htdocs/reception/card.php b/htdocs/reception/card.php index 531fdf9c23a..c9a638e7cde 100644 --- a/htdocs/reception/card.php +++ b/htdocs/reception/card.php @@ -1702,7 +1702,7 @@ if ($action == 'create') { $sql .= " AND obj.fk_commande = ".((int) $origin_id); $sql .= " AND obj.rowid = ed.fk_commandefourndet"; $sql .= " AND ed.fk_reception = e.rowid"; - $sql .= " AND ed.fk_reception !=".(int) $object->id); + $sql .= " AND ed.fk_reception !=".((int) $object->id); //if ($filter) $sql.= $filter; $sql .= " ORDER BY obj.fk_product"; From c00bef83a8d919aeb624c9cf23adf653d28aacf1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Jun 2021 18:05:56 +0200 Subject: [PATCH 78/93] Fix php unit --- htdocs/fourn/class/fournisseur.facture.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index a48d00c820b..377f09028df 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -3417,7 +3417,7 @@ class SupplierInvoiceLine extends CommonObjectLine $sql .= ", fk_product = ".((int) $fk_product); $sql .= ", product_type = ".((int) $this->product_type); $sql .= ", info_bits = ".((int) $this->info_bits); - $sql .= ", fk_unit = ".((int) $fk_unit); + $sql .= ", fk_unit = ".($fk_unit > 0 ? (int) $fk_unit : 'null'); // Multicurrency $sql .= " , multicurrency_subprice=".price2num($this->multicurrency_subprice).""; From e4d3fd4861d6f384dd575bb61efcc67814bc3f63 Mon Sep 17 00:00:00 2001 From: prolyfix Date: Wed, 9 Jun 2021 23:09:31 +0200 Subject: [PATCH 79/93] bug resolution: exception when a user test the send mail functionality, an exception is thrown: $object is null in the method_exists's function. and thus not allowed. Adding is_object resolve the problem --- htdocs/core/actions_sendmails.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/actions_sendmails.inc.php b/htdocs/core/actions_sendmails.inc.php index b4e583387c9..83a823edeb2 100644 --- a/htdocs/core/actions_sendmails.inc.php +++ b/htdocs/core/actions_sendmails.inc.php @@ -345,7 +345,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST $subject = make_substitutions($subject, $substitutionarray); $message = make_substitutions($message, $substitutionarray); - if (method_exists($object, 'makeSubstitution')) { + if (is_object($object) && method_exists($object, 'makeSubstitution')) { $subject = $object->makeSubstitution($subject); $message = $object->makeSubstitution($message); } From f3d54aada5df4794466b5010c12486218bc4178d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Jun 2021 23:48:28 +0200 Subject: [PATCH 80/93] Clean code --- htdocs/adherents/class/adherent.class.php | 2 -- htdocs/societe/class/societe.class.php | 24 +++++++++++++++++++++++ 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 91f01d19f89..5a69c30abdb 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -1510,7 +1510,6 @@ class Adherent extends CommonObject } - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** * Function to get partnerships array * @@ -1519,7 +1518,6 @@ class Adherent extends CommonObject */ public function fetchPartnerships($mode) { - // phpcs:enable global $langs; require_once DOL_DOCUMENT_ROOT.'/parntership/class/partnership.class.php'; diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 149801a65e2..e20643fb589 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -740,6 +740,12 @@ class Societe extends CommonObject public $multicurrency_code; + // Fields loaded by fetchPartnerships() + + public $partnerships = array(); + + + /** * @var Account|string Default BAN account */ @@ -4806,4 +4812,22 @@ class Societe extends CommonObject return -1; } } + + /** + * Function to get partnerships array + * + * @param string $mode 'member' or 'thirdparty' + * @return int <0 if KO, >0 if OK + */ + public function fetchPartnerships($mode) + { + global $langs; + + require_once DOL_DOCUMENT_ROOT.'/parntership/class/partnership.class.php'; + + + $this->partnerships[] = array(); + + return 1; + } } From 9b7795dc44ebabda3eaf0944a531f445471f7d86 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Jun 2021 23:55:56 +0200 Subject: [PATCH 81/93] Debug v14 --- htdocs/partnership/admin/setup.php | 2 +- .../class/partnershiputils.class.php | 19 +++++++++---------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/htdocs/partnership/admin/setup.php b/htdocs/partnership/admin/setup.php index 7fa0ef62b5e..97e21647b81 100644 --- a/htdocs/partnership/admin/setup.php +++ b/htdocs/partnership/admin/setup.php @@ -177,7 +177,7 @@ print ''; print '
'; -print_fiche_titre($langs->trans("ReferingWebsiteCheck"), '', ''); +print load_fiche_titre($langs->trans("ReferingWebsiteCheck"), '', ''); print ''.$langs->trans("ReferingWebsiteCheckDesc").'
'; print '
'; diff --git a/htdocs/partnership/class/partnershiputils.class.php b/htdocs/partnership/class/partnershiputils.class.php index 04f5db251e5..7cf01c2957c 100644 --- a/htdocs/partnership/class/partnershiputils.class.php +++ b/htdocs/partnership/class/partnershiputils.class.php @@ -27,12 +27,11 @@ require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php'; - -dol_include_once('partnership/lib/partnership.lib.php'); -dol_include_once('/partnership/class/partnership.class.php'); - -require_once DOL_DOCUMENT_ROOT."/societe/class/societe.class.php"; +require_once DOL_DOCUMENT_ROOT.'/partnership/lib/partnership.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/partnership/class/partnership.class.php'; +require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; + /** * Class with cron tasks of Partnership module */ @@ -273,6 +272,7 @@ class PartnershipUtils $numofexpiredmembers = $this->db->num_rows($resql); $somethingdoneonpartnership = 0; $ifetchpartner = 0; + $websitenotfound = ''; while ($ifetchpartner < $numofexpiredmembers) { $ifetchpartner++; @@ -393,11 +393,10 @@ class PartnershipUtils /** * Action to check if Dolibarr backlink not found on partner website * - * CAN BE A CRON TASK - * @param $website Partner's website - * @return int 0 if KO, 1 if OK + * @param $website Website Partner's website + * @return int 0 if KO, 1 if OK */ - public function checkDolibarrBacklink($website = null) + private function checkDolibarrBacklink($website = null) { global $conf, $langs, $user; @@ -406,7 +405,7 @@ class PartnershipUtils $webcontent = ''; // $website = 'https://nextgestion.com/'; // For Test - $tmpgeturl = getURLContent($website); + $tmpgeturl = getURLContent($website, 'GET', '', 1, array(), array('http', 'https'), 0); if ($tmpgeturl['curl_error_no']) { $error++; dol_syslog('Error getting '.$website.': '.$tmpgeturl['curl_error_msg']); From 7b31ef0ff3ba416fd0c8c4c5c20a3000365adcd4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 Jun 2021 00:00:49 +0200 Subject: [PATCH 82/93] Fix warnings --- htdocs/comm/action/list.php | 3 ++- htdocs/comm/action/rapport/index.php | 3 ++- htdocs/compta/prelevement/line.php | 3 ++- htdocs/modulebuilder/template/myobject_list.php | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php index 8c6fc94e31f..8bf35df622d 100644 --- a/htdocs/comm/action/list.php +++ b/htdocs/comm/action/list.php @@ -106,7 +106,8 @@ $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); $sortorder = GETPOST("sortorder", 'alpha'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); -if ($page == -1 || $page == null) { +if (empty($page) || $page < 0 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha')) { + // If $page is not defined, or '' or -1 or if we click on clear filters $page = 0; } $offset = $limit * $page; diff --git a/htdocs/comm/action/rapport/index.php b/htdocs/comm/action/rapport/index.php index a90bc1cf5a3..9b6238ca0de 100644 --- a/htdocs/comm/action/rapport/index.php +++ b/htdocs/comm/action/rapport/index.php @@ -43,7 +43,8 @@ $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); $sortorder = GETPOST("sortorder", 'alpha'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); -if ($page == -1 || $page == null) { +if (empty($page) || $page < 0 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha')) { + // If $page is not defined, or '' or -1 or if we click on clear filters $page = 0; } $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/line.php b/htdocs/compta/prelevement/line.php index bc3a06c2e6d..5aa7344eea5 100644 --- a/htdocs/compta/prelevement/line.php +++ b/htdocs/compta/prelevement/line.php @@ -51,7 +51,8 @@ $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortorder = GETPOST('sortorder', 'aZ09comma'); $sortfield = GETPOST('sortfield', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); -if ($page == -1 || $page == null) { +if (empty($page) || $page < 0 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha')) { + // If $page is not defined, or '' or -1 or if we click on clear filters $page = 0; } $offset = $limit * $page; diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index 05cce2ba934..e2c817c12cc 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -105,8 +105,9 @@ $sortfield = GETPOST('sortfield', 'aZ09comma'); $sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); if (empty($page) || $page < 0 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha')) { + // If $page is not defined, or '' or -1 or if we click on clear filters $page = 0; -} // If $page is not defined, or '' or -1 or if we click on clear filters +} $offset = $limit * $page; $pageprev = $page - 1; $pagenext = $page + 1; From 067f37e22e46864822507906a03449dd3373cf93 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 Jun 2021 00:09:38 +0200 Subject: [PATCH 83/93] Clean code --- .../contact/canvas/actions_contactcard_common.class.php | 6 +----- .../canvas/default/tpl/contactcard_create.tpl.php | 5 ----- htdocs/contact/card.php | 4 +--- htdocs/contact/class/contact.class.php | 9 ++++----- htdocs/contact/perso.php | 4 ++-- htdocs/core/class/commondocgenerator.class.php | 1 - htdocs/datapolicy/class/actions_datapolicy.class.php | 1 - htdocs/install/upgrade2.php | 2 +- htdocs/webservices/server_contact.php | 4 +--- 9 files changed, 10 insertions(+), 26 deletions(-) diff --git a/htdocs/contact/canvas/actions_contactcard_common.class.php b/htdocs/contact/canvas/actions_contactcard_common.class.php index 0e80df07676..f63f25b2a18 100644 --- a/htdocs/contact/canvas/actions_contactcard_common.class.php +++ b/htdocs/contact/canvas/actions_contactcard_common.class.php @@ -283,10 +283,7 @@ abstract class ActionsContactCardCommon // phpcs:enable global $langs, $mysoc; - $this->object->old_name = GETPOST("old_name"); - $this->object->old_firstname = GETPOST("old_firstname"); - - $this->object->socid = GETPOST("socid"); + $this->object->socid = GETPOST("socid", 'int'); $this->object->lastname = GETPOST("name"); $this->object->firstname = GETPOST("firstname"); $this->object->civility_id = GETPOST("civility_id"); @@ -301,7 +298,6 @@ abstract class ActionsContactCardCommon $this->object->phone_mobile = GETPOST("phone_mobile"); $this->object->fax = GETPOST("fax"); $this->object->email = GETPOST("email"); - $this->object->jabberid = GETPOST("jabberid"); $this->object->priv = GETPOST("priv"); $this->object->note = GETPOST("note", "restricthtml"); $this->object->canvas = GETPOST("canvas"); diff --git a/htdocs/contact/canvas/default/tpl/contactcard_create.tpl.php b/htdocs/contact/canvas/default/tpl/contactcard_create.tpl.php index bd5cf24e195..a6c134d0a9a 100644 --- a/htdocs/contact/canvas/default/tpl/contactcard_create.tpl.php +++ b/htdocs/contact/canvas/default/tpl/contactcard_create.tpl.php @@ -109,11 +109,6 @@ echo $this->control->tpl['ajax_selectcountry']; ?> - - - - - diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php index b877909cc58..d185815b51a 100644 --- a/htdocs/contact/card.php +++ b/htdocs/contact/card.php @@ -297,7 +297,7 @@ if (empty($reshook)) { $object->old_lastname = (string) GETPOST("old_lastname", 'alpha'); $object->old_firstname = (string) GETPOST("old_firstname", 'alpha'); - $result = $object->delete(); + $result = $object->delete(); // TODO Add $user as first param if ($result > 0) { if ($backtopage) { header("Location: ".$backtopage); @@ -443,8 +443,6 @@ if (empty($reshook)) { } } - $object->old_lastname = ''; - $object->old_firstname = ''; $action = 'view'; } else { setEventMessages($object->error, $object->errors, 'errors'); diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index e1f987ac2f4..86d38c5b3e1 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -545,8 +545,6 @@ class Contact extends CommonObject $this->phone_pro = trim($this->phone_pro); $this->phone_perso = trim($this->phone_perso); $this->phone_mobile = trim($this->phone_mobile); - $this->jabberid = trim($this->jabberid); - $this->skype = trim($this->skype); $this->photo = trim($this->photo); $this->fax = trim($this->fax); $this->zip = (empty($this->zip) ? '' : trim($this->zip)); @@ -1190,10 +1188,11 @@ class Contact extends CommonObject } /** - * Efface le contact de la base + * Delete a contact from database + * // TODO Add $user as first param * - * @param int $notrigger Disable all trigger - * @return int <0 if KO, >0 if OK + * @param int $notrigger Disable all trigger + * @return int <0 if KO, >0 if OK */ public function delete($notrigger = 0) { diff --git a/htdocs/contact/perso.php b/htdocs/contact/perso.php index 628c73b0afc..261ffebf29c 100644 --- a/htdocs/contact/perso.php +++ b/htdocs/contact/perso.php @@ -60,8 +60,8 @@ if ($action == 'update' && !GETPOST("cancel") && $user->rights->societe->contact $result = $object->update_perso($id, $user); if ($result > 0) { - $object->old_name = ''; - $object->old_firstname = ''; + $object->oldcopy = clone $object; + // Logo/Photo save $dir = $conf->societe->dir_output.'/contact/'.get_exdir($object->id, 0, 0, 1, $object, 'contact').'/photos'; diff --git a/htdocs/core/class/commondocgenerator.class.php b/htdocs/core/class/commondocgenerator.class.php index 30ea40fbbb2..6e91d9d175b 100644 --- a/htdocs/core/class/commondocgenerator.class.php +++ b/htdocs/core/class/commondocgenerator.class.php @@ -321,7 +321,6 @@ abstract class CommonDocGenerator $array_key.'_statut' => $object->statut, $array_key.'_code' => $object->code, $array_key.'_email' => $object->email, - $array_key.'_jabberid' => $object->jabberid, // deprecated $array_key.'_phone_pro' => $object->phone_pro, $array_key.'_phone_perso' => $object->phone_perso, $array_key.'_phone_mobile' => $object->phone_mobile, diff --git a/htdocs/datapolicy/class/actions_datapolicy.class.php b/htdocs/datapolicy/class/actions_datapolicy.class.php index 7a3ba77fb5a..e54086149fe 100644 --- a/htdocs/datapolicy/class/actions_datapolicy.class.php +++ b/htdocs/datapolicy/class/actions_datapolicy.class.php @@ -196,7 +196,6 @@ class ActionsDatapolicy echo $object->phone_pro.';'; echo $object->phone_perso.';'; echo $object->phone_mobile.';'; - echo $object->jabberid.';'; echo dol_print_date($object->birth).';'; exit; } elseif ($parameters['currentcontext'] == 'contactcard' && $action == 'send_datapolicy') { diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index 23acc7d4a1b..e814e69574a 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -4710,7 +4710,7 @@ function migrate_contacts_socialnetworks() $db->begin(); print '
'; -print $langs->trans("Category").': '.$formother->select_categories(Categorie::TYPE_CUSTOMER, $selected_cat, 'search_categ', true); +print img_picto('', 'category', 'class="paddingrightonly"'); +print $formother->select_categories(Categorie::TYPE_CUSTOMER, $selected_cat, 'search_categ', 0, $langs->trans("Category")); print ' '; print $langs->trans("SubCats").'? '; print ''; print '
'; -print ''; +print ''; print ''; -print ''; +print ''; print ''; -print ''; +print ''; print ''; print $form->select_country($search_country, 'search_country'); diff --git a/htdocs/compta/stats/index.php b/htdocs/compta/stats/index.php index b93d3c507b3..05bbbab99d3 100644 --- a/htdocs/compta/stats/index.php +++ b/htdocs/compta/stats/index.php @@ -149,9 +149,11 @@ if ($modecompta == "CREANCES-DETTES") { $name = $langs->trans("Turnover"); $calcmode = $langs->trans("CalcModeDebt"); //$calcmode.='
('.$langs->trans("SeeReportInInputOutputMode",'','').')'; - $calcmode .= '
('.$langs->trans("SeeReportInBookkeepingMode", '{link1}', '{link2}').')'; - $calcmode = str_replace('{link1}', '', $calcmode); - $calcmode = str_replace('{link2}', '', $calcmode); + if (!empty($conf->accounting->enabled)) { + $calcmode .= '
('.$langs->trans("SeeReportInBookkeepingMode", '{link1}', '{link2}').')'; + $calcmode = str_replace('{link1}', '', $calcmode); + $calcmode = str_replace('{link2}', '', $calcmode); + } $periodlink = ($year_start ? "".img_previous()." ".img_next()."" : ""); $description = $langs->trans("RulesCADue"); if (!empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) { @@ -164,8 +166,10 @@ if ($modecompta == "CREANCES-DETTES") { } elseif ($modecompta == "RECETTES-DEPENSES") { $name = $langs->trans("TurnoverCollected"); $calcmode = $langs->trans("CalcModeEngagement"); - //$calcmode.='
('.$langs->trans("SeeReportInDueDebtMode",'','').')'; + //$calcmode .= '
('.$langs->trans("SeeReportInDueDebtMode",'','').')'; + //if (!empty($conf->accounting->enabled)) { //$calcmode.='
('.$langs->trans("SeeReportInBookkeepingMode",'','').')'; + //} $periodlink = ($year_start ? "".img_previous()." ".img_next()."" : ""); $description = $langs->trans("RulesCAIn"); $description .= $langs->trans("DepositsAreIncluded"); diff --git a/htdocs/compta/stats/supplier_turnover.php b/htdocs/compta/stats/supplier_turnover.php index bb341c6a3a5..0afcb72da2d 100644 --- a/htdocs/compta/stats/supplier_turnover.php +++ b/htdocs/compta/stats/supplier_turnover.php @@ -128,23 +128,31 @@ llxHeader(); $form = new Form($db); +// TODO Report from bookkeeping not yet available, so we switch on report on business events +if ($modecompta == "BOOKKEEPING") { + $modecompta = "CREANCES-DETTES"; +} +if ($modecompta == "BOOKKEEPINGCOLLECTED") { + $modecompta = "RECETTES-DEPENSES"; +} + // Affiche en-tete du rapport if ($modecompta == "CREANCES-DETTES") { $name = $langs->trans("PurchaseTurnover"); $calcmode = $langs->trans("CalcModeDebt"); - $calcmode .= '
('.$langs->trans("SeeReportInBookkeepingMode", '{link1}', '{link2}').')'; - $calcmode = str_replace('{link1}', '', $calcmode); - $calcmode = str_replace('{link2}', '', $calcmode); + if (!empty($conf->accounting->enabled)) { + $calcmode .= '
('.$langs->trans("SeeReportInBookkeepingMode", '{link1}', '{link2}').')'; + $calcmode = str_replace('{link1}', '', $calcmode); + $calcmode = str_replace('{link2}', '', $calcmode); + } $periodlink = ($year_start ? "".img_previous()." ".img_next()."" : ""); $description = $langs->trans("RulesPurchaseTurnoverDue"); - $builddate = dol_now(); //$exportlink=$langs->trans("NotYetAvailable"); } elseif ($modecompta == "RECETTES-DEPENSES") { $name = $langs->trans("PurchaseTurnoverCollected"); $calcmode = $langs->trans("CalcModeEngagement"); $periodlink = ($year_start ? "".img_previous()." ".img_next()."" : ""); $description = $langs->trans("RulesPurchaseTurnoverIn"); - $builddate = dol_now(); //$exportlink=$langs->trans("NotYetAvailable"); } elseif ($modecompta == "BOOKKEEPING") { $name = $langs->trans("PurchaseTurnover"); @@ -154,9 +162,19 @@ if ($modecompta == "CREANCES-DETTES") { $calcmode = str_replace('{link2}', '', $calcmode); $periodlink = ($year_start ? "".img_previous()." ".img_next()."" : ""); $description = $langs->trans("RulesPurchaseTurnoverOfExpenseAccounts"); - $builddate = dol_now(); + //$exportlink=$langs->trans("NotYetAvailable"); +} elseif ($modecompta == "BOOKKEEPINGCOLLECTED") { + $name = $langs->trans("PurchaseTurnoverCollected"); + $calcmode = $langs->trans("CalcModeBookkeeping"); + $calcmode .= '
('.$langs->trans("SeeReportInDueDebtMode", '{link1}', '{link2}').')'; + $calcmode = str_replace('{link1}', '', $calcmode); + $calcmode = str_replace('{link2}', '', $calcmode); + $periodlink = ($year_start ? "".img_previous()." ".img_next()."" : ""); + $description = $langs->trans("RulesPurchaseTurnoverCollectedOfExpenseAccounts"); //$exportlink=$langs->trans("NotYetAvailable"); } + +$builddate = dol_now(); $period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); $period .= ' - '; $period .= $form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); diff --git a/htdocs/compta/stats/supplier_turnover_by_prodserv.php b/htdocs/compta/stats/supplier_turnover_by_prodserv.php index 1af51249433..4e92325a323 100644 --- a/htdocs/compta/stats/supplier_turnover_by_prodserv.php +++ b/htdocs/compta/stats/supplier_turnover_by_prodserv.php @@ -345,7 +345,8 @@ if ($modecompta == 'CREANCES-DETTES') { // Category filter print '
'; - print $langs->trans("Category").': '.$formother->select_categories(Categorie::TYPE_PRODUCT, $selected_cat, 'search_categ', true); + print img_picto('', 'category', 'class="paddingrightonly"'); + print $formother->select_categories(Categorie::TYPE_PRODUCT, $selected_cat, 'search_categ', 0, $langs->trans("Category")); print ' '; print $langs->trans("SubCats").'? '; print ''; - print $langs->trans("ThirdParty").': '.$form->select_thirdparty_list($selected_soc, 'search_soc', '', 1); + print img_picto('', 'company', 'class="paddingrightonly"'); + print $form->select_thirdparty_list($selected_soc, 'search_soc', '', $langs->trans("ThirdParty")); print ''; diff --git a/htdocs/compta/stats/supplier_turnover_by_thirdparty.php b/htdocs/compta/stats/supplier_turnover_by_thirdparty.php index b1b1f219f53..a97e15d1499 100644 --- a/htdocs/compta/stats/supplier_turnover_by_thirdparty.php +++ b/htdocs/compta/stats/supplier_turnover_by_thirdparty.php @@ -200,18 +200,19 @@ if ($modecompta == "CREANCES-DETTES") { $calcmode = $langs->trans("CalcModeDebt"); //$calcmode.='
('.$langs->trans("SeeReportInInputOutputMode",'','').')'; $description = $langs->trans("RulesPurchaseTurnoverDue"); - $builddate = dol_now(); //$exportlink=$langs->trans("NotYetAvailable"); } elseif ($modecompta == "RECETTES-DEPENSES") { $name = $langs->trans("PurchaseTurnoverCollected").', '.$langs->trans("ByThirdParties"); $calcmode = $langs->trans("CalcModeEngagement"); //$calcmode.='
('.$langs->trans("SeeReportInDueDebtMode",'','').')'; $description = $langs->trans("RulesPurchaseTurnoverIn"); - $builddate = dol_now(); //$exportlink=$langs->trans("NotYetAvailable"); } elseif ($modecompta == "BOOKKEEPING") { + // TODO } elseif ($modecompta == "BOOKKEEPINGCOLLECTED") { + // TODO } +$builddate = dol_now(); $period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); $period .= ' - '; $period .= $form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver'); @@ -344,7 +345,8 @@ print ''; print ''; print ''; print ''; print ''; print ''."\n"; From fa4786a3f64083895c257863c8d2b5ed463c0776 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 8 Jun 2021 16:19:21 +0200 Subject: [PATCH 59/93] Fix permission --- htdocs/adherents/document.php | 2 +- htdocs/asset/document.php | 2 +- htdocs/bom/bom_document.php | 2 +- htdocs/comm/action/document.php | 2 +- htdocs/comm/propal/document.php | 2 +- htdocs/commande/document.php | 2 +- htdocs/compta/bank/account_statement_document.php | 2 +- htdocs/compta/bank/document.php | 2 +- htdocs/compta/bank/various_payment/document.php | 2 +- htdocs/compta/deplacement/document.php | 2 +- htdocs/compta/facture/document.php | 2 +- htdocs/compta/sociales/document.php | 2 +- htdocs/compta/tva/document.php | 2 +- htdocs/contact/document.php | 2 +- htdocs/contrat/document.php | 2 +- htdocs/don/document.php | 2 +- htdocs/expedition/document.php | 2 +- htdocs/expensereport/document.php | 2 +- htdocs/fichinter/document.php | 2 +- htdocs/fourn/commande/document.php | 2 +- htdocs/holiday/document.php | 2 +- htdocs/loan/document.php | 2 +- htdocs/modulebuilder/template/myobject_document.php | 4 ++-- htdocs/mrp/mo_document.php | 2 +- htdocs/product/stock/productlot_document.php | 1 - htdocs/projet/document.php | 2 +- htdocs/projet/tasks/document.php | 2 +- htdocs/recruitment/recruitmentcandidature_document.php | 2 +- htdocs/recruitment/recruitmentjobposition_document.php | 2 +- htdocs/resource/document.php | 2 +- htdocs/salaries/document.php | 2 +- htdocs/societe/document.php | 2 +- htdocs/supplier_proposal/document.php | 2 +- htdocs/ticket/document.php | 2 +- htdocs/user/document.php | 2 +- 35 files changed, 35 insertions(+), 36 deletions(-) diff --git a/htdocs/adherents/document.php b/htdocs/adherents/document.php index f2a7c6f3f55..98c0e026139 100644 --- a/htdocs/adherents/document.php +++ b/htdocs/adherents/document.php @@ -182,7 +182,7 @@ if ($id > 0) { print dol_get_fiche_end(); $modulepart = 'member'; - $permission = $user->rights->adherent->creer; + $permissiontoadd = $user->rights->adherent->creer; $permtoedit = $user->rights->adherent->creer; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; diff --git a/htdocs/asset/document.php b/htdocs/asset/document.php index 91e46269994..b4ee3a0a175 100644 --- a/htdocs/asset/document.php +++ b/htdocs/asset/document.php @@ -128,7 +128,7 @@ if ($id > 0 || !empty($ref)) { print dol_get_fiche_end(); $modulepart = 'asset'; - $permission = $user->rights->asset->write; + $permissiontoadd = $user->rights->asset->write; $permtoedit = $user->rights->asset->write; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; diff --git a/htdocs/bom/bom_document.php b/htdocs/bom/bom_document.php index e59b22c45b2..9952423da99 100644 --- a/htdocs/bom/bom_document.php +++ b/htdocs/bom/bom_document.php @@ -147,7 +147,7 @@ if ($object->id) { print dol_get_fiche_end(); $modulepart = 'bom'; - $permission = $user->rights->bom->write; + $permissiontoadd = $user->rights->bom->write; $permtoedit = $user->rights->bom->write; $param = '&id='.$object->id; diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php index 7465e613611..eb1ac59cfe0 100644 --- a/htdocs/comm/action/document.php +++ b/htdocs/comm/action/document.php @@ -287,7 +287,7 @@ if ($object->id > 0) { $modulepart = 'actions'; - $permission = $user->rights->agenda->myactions->create || $user->rights->agenda->allactions->create; + $permissiontoadd = $user->rights->agenda->myactions->create || $user->rights->agenda->allactions->create; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; } else { diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php index 2b21c545c63..a60f892274c 100644 --- a/htdocs/comm/propal/document.php +++ b/htdocs/comm/propal/document.php @@ -189,7 +189,7 @@ if ($object->id > 0) { print dol_get_fiche_end(); $modulepart = 'propal'; - $permission = $user->rights->propal->creer; + $permissiontoadd = $user->rights->propal->creer; $permtoedit = $user->rights->propal->creer; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; diff --git a/htdocs/commande/document.php b/htdocs/commande/document.php index c289112ee9f..f8cc503e0ec 100644 --- a/htdocs/commande/document.php +++ b/htdocs/commande/document.php @@ -184,7 +184,7 @@ if ($id > 0 || !empty($ref)) { print dol_get_fiche_end(); $modulepart = 'commande'; - $permission = $user->rights->commande->creer; + $permissiontoadd = $user->rights->commande->creer; $permtoedit = $user->rights->commande->creer; $param = '&id='.$object->id.'&entity='.(!empty($object->entity) ? $object->entity : $conf->entity); include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; diff --git a/htdocs/compta/bank/account_statement_document.php b/htdocs/compta/bank/account_statement_document.php index 4f317c1a9ed..03209ad7673 100644 --- a/htdocs/compta/bank/account_statement_document.php +++ b/htdocs/compta/bank/account_statement_document.php @@ -183,7 +183,7 @@ if ($id > 0 || !empty($ref)) { $modulepart = 'bank'; - $permission = $user->rights->banque->modifier; + $permissiontoadd = $user->rights->banque->modifier; $permtoedit = $user->rights->banque->modifier; $param = '&id='.$object->id.'&num='.urlencode($numref); $moreparam = '&num='.urlencode($numref); diff --git a/htdocs/compta/bank/document.php b/htdocs/compta/bank/document.php index f97dbca114b..ec46002b031 100644 --- a/htdocs/compta/bank/document.php +++ b/htdocs/compta/bank/document.php @@ -136,7 +136,7 @@ if ($id > 0 || !empty($ref)) { $modulepart = 'bank'; - $permission = $user->rights->banque->modifier; + $permissiontoadd = $user->rights->banque->modifier; $permtoedit = $user->rights->banque->modifier; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; diff --git a/htdocs/compta/bank/various_payment/document.php b/htdocs/compta/bank/various_payment/document.php index ce793f7e6ee..1b5fd5fd383 100644 --- a/htdocs/compta/bank/various_payment/document.php +++ b/htdocs/compta/bank/various_payment/document.php @@ -150,7 +150,7 @@ if ($object->id) { print dol_get_fiche_end(); $modulepart = 'banque'; - $permission = $user->rights->banque->modifier; + $permissiontoadd = $user->rights->banque->modifier; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; } else { diff --git a/htdocs/compta/deplacement/document.php b/htdocs/compta/deplacement/document.php index bd4437715d8..cdb4b5f0f0f 100644 --- a/htdocs/compta/deplacement/document.php +++ b/htdocs/compta/deplacement/document.php @@ -126,7 +126,7 @@ if ($object->id) { print ''; $modulepart = 'deplacement'; - $permission = $user->rights->deplacement->creer; + $permissiontoadd = $user->rights->deplacement->creer; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; } else { diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php index 16cdee4ac53..5196216c57c 100644 --- a/htdocs/compta/facture/document.php +++ b/htdocs/compta/facture/document.php @@ -181,7 +181,7 @@ if ($id > 0 || !empty($ref)) { print dol_get_fiche_end(); $modulepart = 'facture'; - $permission = $user->rights->facture->creer; + $permissiontoadd = $user->rights->facture->creer; $permtoedit = $user->rights->facture->creer; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; diff --git a/htdocs/compta/sociales/document.php b/htdocs/compta/sociales/document.php index 3335174d86f..1fbfdfa296a 100644 --- a/htdocs/compta/sociales/document.php +++ b/htdocs/compta/sociales/document.php @@ -164,7 +164,7 @@ if ($object->id) { print dol_get_fiche_end(); $modulepart = 'tax'; - $permission = $user->rights->tax->charges->creer; + $permissiontoadd = $user->rights->tax->charges->creer; $permtoedit = $user->rights->tax->charges->creer; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; diff --git a/htdocs/compta/tva/document.php b/htdocs/compta/tva/document.php index eee1abcd2f5..e2f0dcec96d 100644 --- a/htdocs/compta/tva/document.php +++ b/htdocs/compta/tva/document.php @@ -150,7 +150,7 @@ if ($object->id) { print dol_get_fiche_end(); - $permission = $user->rights->tax->charges->creer; + $permissiontoadd = $user->rights->tax->charges->creer; $permtoedit = $user->rights->tax->charges->creer; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; diff --git a/htdocs/contact/document.php b/htdocs/contact/document.php index e980b0ee94c..3005c6b7827 100644 --- a/htdocs/contact/document.php +++ b/htdocs/contact/document.php @@ -182,7 +182,7 @@ if ($object->id) { print dol_get_fiche_end(); $modulepart = 'contact'; - $permission = $user->rights->societe->contact->creer; + $permissiontoadd = $user->rights->societe->contact->creer; $permtoedit = $user->rights->societe->contact->creer; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; diff --git a/htdocs/contrat/document.php b/htdocs/contrat/document.php index 1dd87fd75e3..0d66204f81d 100644 --- a/htdocs/contrat/document.php +++ b/htdocs/contrat/document.php @@ -192,7 +192,7 @@ if ($object->id) { print dol_get_fiche_end(); $modulepart = 'contract'; - $permission = $user->rights->contrat->creer; + $permissiontoadd = $user->rights->contrat->creer; $permtoedit = $user->rights->contrat->creer; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; diff --git a/htdocs/don/document.php b/htdocs/don/document.php index 0bd4edbc77b..374306bc7b0 100644 --- a/htdocs/don/document.php +++ b/htdocs/don/document.php @@ -188,7 +188,7 @@ if ($object->id) { print dol_get_fiche_end(); $modulepart = 'don'; - $permission = $user->rights->don->creer; + $permissiontoadd = $user->rights->don->creer; $permtoedit = $user->rights->don->creer; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; diff --git a/htdocs/expedition/document.php b/htdocs/expedition/document.php index c392187d607..200a4b67aac 100644 --- a/htdocs/expedition/document.php +++ b/htdocs/expedition/document.php @@ -177,7 +177,7 @@ if ($id > 0 || !empty($ref)) { print dol_get_fiche_end(); $modulepart = 'expedition'; - $permission = $user->rights->expedition->creer; + $permissiontoadd = $user->rights->expedition->creer; $permtoedit = $user->rights->expedition->creer; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; diff --git a/htdocs/expensereport/document.php b/htdocs/expensereport/document.php index 147f0842e4c..d7ecea8fcc9 100644 --- a/htdocs/expensereport/document.php +++ b/htdocs/expensereport/document.php @@ -154,7 +154,7 @@ if ($object->id) { $modulepart = 'expensereport'; - $permission = $user->rights->expensereport->creer; + $permissiontoadd = $user->rights->expensereport->creer; $permtoedit = $user->rights->expensereport->creer; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; diff --git a/htdocs/fichinter/document.php b/htdocs/fichinter/document.php index 576e6be0e5e..71f52212978 100644 --- a/htdocs/fichinter/document.php +++ b/htdocs/fichinter/document.php @@ -170,7 +170,7 @@ if ($object->id) { print dol_get_fiche_end(); $modulepart = 'ficheinter'; - $permission = $user->rights->ficheinter->creer; + $permissiontoadd = $user->rights->ficheinter->creer; $permtoedit = $user->rights->ficheinter->creer; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; diff --git a/htdocs/fourn/commande/document.php b/htdocs/fourn/commande/document.php index 5bb8baf4879..c38751fc138 100644 --- a/htdocs/fourn/commande/document.php +++ b/htdocs/fourn/commande/document.php @@ -178,7 +178,7 @@ if ($object->id > 0) { $modulepart = 'commande_fournisseur'; - $permission = ($user->rights->fournisseur->commande->creer || $user->rights->supplier_order->creer); + $permissiontoadd = ($user->rights->fournisseur->commande->creer || $user->rights->supplier_order->creer); $permtoedit = ($user->rights->fournisseur->commande->creer || $user->rights->supplier_order->creer); $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; diff --git a/htdocs/holiday/document.php b/htdocs/holiday/document.php index d1be99b0446..063a3330ffd 100644 --- a/htdocs/holiday/document.php +++ b/htdocs/holiday/document.php @@ -349,7 +349,7 @@ if ($object->id) { $modulepart = 'holiday'; - $permission = $user->rights->holiday->write; + $permissiontoadd = $user->rights->holiday->write; $permtoedit = $user->rights->holiday->write; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; diff --git a/htdocs/loan/document.php b/htdocs/loan/document.php index 85c958dd545..97c0ea56b15 100644 --- a/htdocs/loan/document.php +++ b/htdocs/loan/document.php @@ -160,7 +160,7 @@ if ($object->id) { print dol_get_fiche_end(); $modulepart = 'loan'; - $permission = $user->rights->loan->write; + $permissiontoadd = $user->rights->loan->write; $permtoedit = $user->rights->loan->write; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; diff --git a/htdocs/modulebuilder/template/myobject_document.php b/htdocs/modulebuilder/template/myobject_document.php index e3fa6390e93..2db325b8b41 100644 --- a/htdocs/modulebuilder/template/myobject_document.php +++ b/htdocs/modulebuilder/template/myobject_document.php @@ -233,8 +233,8 @@ if ($object->id) { print dol_get_fiche_end(); $modulepart = 'mymodule'; - //$permission = $user->rights->mymodule->myobject->write; - $permission = 1; + //$permissiontoadd = $user->rights->mymodule->myobject->write; + $permissiontoadd = 1; //$permtoedit = $user->rights->mymodule->myobject->write; $permtoedit = 1; $param = '&id='.$object->id; diff --git a/htdocs/mrp/mo_document.php b/htdocs/mrp/mo_document.php index 96041171da6..101d26223f5 100644 --- a/htdocs/mrp/mo_document.php +++ b/htdocs/mrp/mo_document.php @@ -179,7 +179,7 @@ if ($object->id) { print dol_get_fiche_end(); $modulepart = 'mrp'; - $permission = $user->rights->mrp->write; + $permissiontoadd = $user->rights->mrp->write; $permtoedit = $user->rights->mrp->write; $param = '&id='.$object->id; diff --git a/htdocs/product/stock/productlot_document.php b/htdocs/product/stock/productlot_document.php index 820ad4d38bb..08b565c90a0 100644 --- a/htdocs/product/stock/productlot_document.php +++ b/htdocs/product/stock/productlot_document.php @@ -193,7 +193,6 @@ if ($object->id) { print dol_get_fiche_end(); - $permission = ($user->rights->produit->creer); $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; } else { diff --git a/htdocs/projet/document.php b/htdocs/projet/document.php index 6bb905d6696..b088dcf7141 100644 --- a/htdocs/projet/document.php +++ b/htdocs/projet/document.php @@ -165,7 +165,7 @@ if ($object->id > 0) { print dol_get_fiche_end(); $modulepart = 'project'; - $permission = ($userWrite > 0); + $permissiontoadd = ($userWrite > 0); $permtoedit = ($userWrite > 0); include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; } else { diff --git a/htdocs/projet/tasks/document.php b/htdocs/projet/tasks/document.php index 575f949bb75..d9c49001dfc 100644 --- a/htdocs/projet/tasks/document.php +++ b/htdocs/projet/tasks/document.php @@ -324,7 +324,7 @@ if ($object->id > 0) { $param .= '&withproject=1'; } $modulepart = 'project_task'; - $permission = $user->rights->projet->creer; + $permissiontoadd = $user->rights->projet->creer; $permtoedit = $user->rights->projet->creer; $relativepathwithnofile = dol_sanitizeFileName($projectstatic->ref).'/'.dol_sanitizeFileName($object->ref).'/'; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; diff --git a/htdocs/recruitment/recruitmentcandidature_document.php b/htdocs/recruitment/recruitmentcandidature_document.php index 24b9f6d4e67..2e8c29cf2fe 100644 --- a/htdocs/recruitment/recruitmentcandidature_document.php +++ b/htdocs/recruitment/recruitmentcandidature_document.php @@ -212,7 +212,7 @@ if ($object->id) { print dol_get_fiche_end(); $modulepart = 'recruitment'; - $permission = $user->rights->recruitment->recruitmentjobposition->write; + $permissiontoadd = $user->rights->recruitment->recruitmentjobposition->write; $permtoedit = $user->rights->recruitment->recruitmentjobposition->write; $param = '&id='.$object->id; diff --git a/htdocs/recruitment/recruitmentjobposition_document.php b/htdocs/recruitment/recruitmentjobposition_document.php index e8ede6f0bdd..43d80901f3d 100644 --- a/htdocs/recruitment/recruitmentjobposition_document.php +++ b/htdocs/recruitment/recruitmentjobposition_document.php @@ -211,7 +211,7 @@ if ($object->id) { print dol_get_fiche_end(); $modulepart = 'recruitment'; - $permission = $user->rights->recruitment->recruitmentjobposition->write; + $permissiontoadd = $user->rights->recruitment->recruitmentjobposition->write; $permtoedit = $user->rights->recruitment->recruitmentjobposition->write; $param = '&id='.$object->id; diff --git a/htdocs/resource/document.php b/htdocs/resource/document.php index 6f4c714fac4..fec869d5620 100644 --- a/htdocs/resource/document.php +++ b/htdocs/resource/document.php @@ -139,7 +139,7 @@ if ($object->id > 0) { print dol_get_fiche_end(); $modulepart = 'dolresource'; - $permission = $user->rights->resource->write; + $permissiontoadd = $user->rights->resource->write; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; } else { diff --git a/htdocs/salaries/document.php b/htdocs/salaries/document.php index 5950fc88798..ea21b49159c 100644 --- a/htdocs/salaries/document.php +++ b/htdocs/salaries/document.php @@ -149,7 +149,7 @@ if ($object->id) { print dol_get_fiche_end(); $modulepart = 'salaries'; - $permission = $user->rights->salaries->write; + $permissiontoadd = $user->rights->salaries->write; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; } else { diff --git a/htdocs/societe/document.php b/htdocs/societe/document.php index 653069882e0..0b8376e4f88 100644 --- a/htdocs/societe/document.php +++ b/htdocs/societe/document.php @@ -176,7 +176,7 @@ if ($object->id) { print dol_get_fiche_end(); $modulepart = 'societe'; - $permission = $user->rights->societe->creer; + $permissiontoadd = $user->rights->societe->creer; $permtoedit = $user->rights->societe->creer; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; diff --git a/htdocs/supplier_proposal/document.php b/htdocs/supplier_proposal/document.php index eaf02981966..580c0f0974e 100644 --- a/htdocs/supplier_proposal/document.php +++ b/htdocs/supplier_proposal/document.php @@ -163,7 +163,7 @@ if ($object->id > 0) { print dol_get_fiche_end(); $modulepart = 'supplier_proposal'; - $permission = $user->rights->supplier_proposal->creer; + $permissiontoadd = $user->rights->supplier_proposal->creer; $permtoedit = $user->rights->supplier_proposal->creer; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; diff --git a/htdocs/ticket/document.php b/htdocs/ticket/document.php index 8edd2787c44..d534e8a1123 100644 --- a/htdocs/ticket/document.php +++ b/htdocs/ticket/document.php @@ -203,7 +203,7 @@ if ($object->id) { //$object->ref = $object->track_id; // For compatibility we use track ID for directory $modulepart = 'ticket'; - $permission = $user->rights->ticket->write; + $permissiontoadd = $user->rights->ticket->write; $permtoedit = $user->rights->ticket->write; $param = '&id='.$object->id; diff --git a/htdocs/user/document.php b/htdocs/user/document.php index 297243f36ef..8cf6c2b2a81 100644 --- a/htdocs/user/document.php +++ b/htdocs/user/document.php @@ -176,7 +176,7 @@ if ($object->id) { $modulepart = 'user'; - $permission = $user->rights->user->user->creer; + $permissiontoadd = $user->rights->user->user->creer; $permtoedit = $user->rights->user->user->creer; $param = '&id='.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; From af6bbe23cad2c28c33fb65adc6d58eadbc083a5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Tue, 8 Jun 2021 17:39:13 +0200 Subject: [PATCH 60/93] add warning if outstanding limit is exceeded --- htdocs/comm/propal/card.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index b5bd94f0c2e..8b5f757ad0e 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -2294,6 +2294,7 @@ if ($action == 'create') { print $langs->trans('OutstandingBill'); print ''; From 71dbb8733d5516b02b0d8c1e418f69059fbc6ebf Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Tue, 8 Jun 2021 20:18:31 +0200 Subject: [PATCH 61/93] fix: #17827 --- htdocs/projet/document.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/projet/document.php b/htdocs/projet/document.php index b088dcf7141..df31724d07c 100644 --- a/htdocs/projet/document.php +++ b/htdocs/projet/document.php @@ -164,7 +164,7 @@ if ($object->id > 0) { print dol_get_fiche_end(); - $modulepart = 'project'; + $modulepart = 'projet'; $permissiontoadd = ($userWrite > 0); $permtoedit = ($userWrite > 0); include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; From 27f803cab0e73b2fb2bf69a7fe67be604b8acc54 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Jun 2021 03:35:22 +0200 Subject: [PATCH 62/93] Fix receipt of cash fence must contains more legal information --- .../cashcontrol/class/cashcontrol.class.php | 19 +-- htdocs/compta/cashcontrol/report.php | 108 ++++++++++-------- 2 files changed, 71 insertions(+), 56 deletions(-) diff --git a/htdocs/compta/cashcontrol/class/cashcontrol.class.php b/htdocs/compta/cashcontrol/class/cashcontrol.class.php index a59816eebd7..59580cb7c46 100644 --- a/htdocs/compta/cashcontrol/class/cashcontrol.class.php +++ b/htdocs/compta/cashcontrol/class/cashcontrol.class.php @@ -93,10 +93,12 @@ class CashControl extends CommonObject 'year_close' =>array('type'=>'integer', 'label'=>'Year close', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'position'=>50, 'css'=>'center'), 'month_close' =>array('type'=>'integer', 'label'=>'Month close', 'enabled'=>1, 'visible'=>1, 'position'=>55, 'css'=>'center'), 'day_close' =>array('type'=>'integer', 'label'=>'Day close', 'enabled'=>1, 'visible'=>1, 'position'=>60, 'css'=>'center'), - 'date_valid' =>array('type'=>'datetime', 'label'=>'DateValidation', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>490), 'date_creation' =>array('type'=>'datetime', 'label'=>'DateCreation', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>500), + 'date_valid' =>array('type'=>'datetime', 'label'=>'DateValidation', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>502), 'tms' =>array('type'=>'timestamp', 'label'=>'Tms', 'enabled'=>1, 'visible'=>0, 'notnull'=>1, 'position'=>505), - 'import_key' =>array('type'=>'varchar(14)', 'label'=>'Import key', 'enabled'=>1, 'visible'=>0, 'position'=>510), + 'fk_user_creat' =>array('type'=>'integer:User', 'label'=>'userCreation', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>600), + 'fk_user_valid' =>array('type'=>'integer:User', 'label'=>'UserValidation', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>602), + 'import_key' =>array('type'=>'varchar(14)', 'label'=>'Import key', 'enabled'=>1, 'visible'=>0, 'position'=>700), 'status' => array('type'=>'integer', 'label'=>'Status', 'enabled'=>1, 'visible'=>1, 'position'=>1000, 'notnull'=>1, 'index'=>1, 'arrayofkeyval'=>array('0'=>'Brouillon', '1'=>'Validated')), ); @@ -115,21 +117,24 @@ class CashControl extends CommonObject public $cheque; public $card; - /** - * @var integer|string $date_valid - */ - public $date_valid; - /** * @var integer|string date_creation */ public $date_creation; + public $fk_user_creat; /** * @var integer|string $date_modification */ public $date_modification; + /** + * @var integer|string $date_valid + */ + public $date_valid; + public $fk_user_valid; + + const STATUS_DRAFT = 0; const STATUS_VALIDATED = 1; const STATUS_CLOSED = 1; // For the moment CLOSED = VALIDATED diff --git a/htdocs/compta/cashcontrol/report.php b/htdocs/compta/cashcontrol/report.php index 653161ca3bc..12dff9d460a 100644 --- a/htdocs/compta/cashcontrol/report.php +++ b/htdocs/compta/cashcontrol/report.php @@ -26,7 +26,7 @@ /** * \file htdocs/compta/cashcontrol/report.php * \ingroup cashdesk|takepos - * \brief List of bank transactions + * \brief List of sales from POS */ if (!defined('NOREQUIREMENU')) { @@ -36,6 +36,8 @@ if (!defined('NOBROWSERNOTIF')) { define('NOBROWSERNOTIF', '1'); // Disable browser notification } +$_GET['optioncss'] = "print"; + require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/compta/cashcontrol/class/cashcontrol.class.php'; require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; @@ -48,10 +50,8 @@ $langs->loadLangs(array("bills", "banks")); $id = GETPOST('id', 'int'); -$_GET['optioncss'] = "print"; - -$cashcontrol = new CashControl($db); -$cashcontrol->fetch($id); +$object = new CashControl($db); +$object->fetch($id); //$limit = GETPOST('limit')?GETPOST('limit', 'int'):$conf->liste_limit; $sortorder = 'ASC'; @@ -67,19 +67,19 @@ $arrayfields = array( 'b.credit'=>array('label'=>$langs->trans("Credit"), 'checked'=>1, 'position'=>605), ); -$syear = $cashcontrol->year_close; -$smonth = $cashcontrol->month_close; -$sday = $cashcontrol->day_close; +$syear = $object->year_close; +$smonth = $object->month_close; +$sday = $object->day_close; -$posmodule = $cashcontrol->posmodule; -$terminalid = $cashcontrol->posnumber; +$posmodule = $object->posmodule; +$terminalid = $object->posnumber; // Security check if ($user->socid > 0) { // Protection if external user //$socid = $user->socid; accessforbidden(); } -if (!$user->rights->cashdesk->run && !$user->rights->takepos->run) { +if (empty($user->rights->cashdesk->run) && empty($user->rights->takepos->run)) { accessforbidden(); } @@ -106,8 +106,8 @@ $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."bank_url as bu ON bu.fk_bank = b.rowid AND $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."facture as f ON bu.url_id = f.rowid"; $sql.= " WHERE b.fk_account = ba.rowid"; // Define filter on invoice -$sql.= " AND f.module_source = '".$db->escape($cashcontrol->posmodule)."'"; -$sql.= " AND f.pos_source = '".$db->escape($cashcontrol->posnumber)."'"; +$sql.= " AND f.module_source = '".$db->escape($object->posmodule)."'"; +$sql.= " AND f.pos_source = '".$db->escape($object->posnumber)."'"; $sql.= " AND f.entity IN (".getEntity('facture').")"; // Define filter on data if ($syear && ! $smonth) $sql.= " AND dateo BETWEEN '".$db->idate(dol_get_first_day($syear, 1))."' AND '".$db->idate(dol_get_last_day($syear, 12))."'"; @@ -151,19 +151,33 @@ if ($resql) { $i = 0; print "\n"; - print "

"; - if ($cashcontrol->status != $cashcontrol::STATUS_DRAFT) { - print $langs->trans("CashControl")." ".$cashcontrol->id; + print '
'; + print '

'; + if ($object->status != $object::STATUS_DRAFT) { + print $langs->trans("CashControl")." ".$object->id; } else { print $langs->trans("CashControl")." - ".$langs->trans("Draft"); } - print "
".$langs->trans("DateCreationShort").": ".dol_print_date($cashcontrol->date_creation, 'dayhour'); - print "

"; + print "

"; + print $langs->trans("DateCreationShort").": ".dol_print_date($object->date_creation, 'dayhour'); + print '
'.$mysoc->name; + $userauthor = $object->fk_user_valid; + if (empty($userauthor)) { + $userauthor = $object->fk_user_creat; + } + + $uservalid = new User($db); + if ($userauthor > 0) { + $uservalid->fetch($userauthor); + print '
'.$langs->trans("Author").': '.$uservalid->getFullName($langs); + } + print '
'.$langs->trans("Period").': '.$object->year_close.($object->month_close ? '-'.$object->month_close : '').($object->day_close ? '-'.$object->day_close : ''); + print '
'; $invoicetmp = new Facture($db); print "

"; - print $langs->trans("InitialBankBalance").' - '.$langs->trans("Cash")." : ".price($cashcontrol->opening); + print $langs->trans("InitialBankBalance").' - '.$langs->trans("Cash").' : '.price($object->opening).''; print "

"; print '
'; @@ -206,7 +220,7 @@ if ($resql) { { print '
'; print ''; - print ''; + print ''; print ''; $first = "no"; }*/ @@ -232,8 +246,8 @@ if ($resql) { // Bank account print '
'; -print $langs->trans("Category").': '.$formother->select_categories(Categorie::TYPE_SUPPLIER, $selected_cat, 'search_categ', true); +print img_picto('', 'category', 'class="paddingrightonly"'); +print $formother->select_categories(Categorie::TYPE_SUPPLIER, $selected_cat, 'search_categ', 0, $langs->trans("Category")); print ' '; print $langs->trans("SubCats").'? '; print ''; print '
'; -print ''; +print ''; print ''; -print ''; +print ''; print ''; -print ''; +print ''; print ''; print $form->select_country($search_country, 'search_country'); diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 7f6121fb07d..80ea1d5ea7b 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -1373,7 +1373,7 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM $modecompta = 'CREANCES-DETTES'; if (!empty($conf->accounting->enabled) && !empty($user->rights->accounting->comptarapport->lire) && $mainmenu == 'accountancy') { - $modecompta = 'BOOKKEEPING'; // Not yet implemented. Should be BOOKKEEPINGCOLLECTED + $modecompta = 'BOOKKEEPING'; // Not yet implemented. } if ($modecompta && ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD)) || !empty($conf->supplier_invoice->enabled))) { if ($usemenuhider || empty($leftmenu) || preg_match('/accountancy_report/', $leftmenu)) { @@ -1384,7 +1384,9 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM } $modecompta = 'RECETTES-DEPENSES'; - //if (! empty($conf->accounting->enabled) && ! empty($user->rights->accounting->comptarapport->lire) && $mainmenu == 'accountancy') $modecompta=''; // Not yet implemented. Should be BOOKKEEPINGCOLLECTED + if (!empty($conf->accounting->enabled) && !empty($user->rights->accounting->comptarapport->lire) && $mainmenu == 'accountancy') { + $modecompta = 'BOOKKEEPINGCOLLECTED'; // Not yet implemented. + } if ($modecompta && ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD)) || !empty($conf->supplier_invoice->enabled))) { if ($usemenuhider || empty($leftmenu) || preg_match('/accountancy_report/', $leftmenu)) { $newmenu->add("/compta/stats/supplier_turnover.php?leftmenu=accountancy_report&modecompta=".$modecompta, $langs->trans("ReportPurchaseTurnoverCollected"), 2, $user->rights->accounting->comptarapport->lire); @@ -1410,7 +1412,6 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM $newmenu->add("/compta/resultat/compteres.php?leftmenu=report","Compte de resultat",2,$user->rights->compta->resultat->lire); $newmenu->add("/compta/resultat/bilan.php?leftmenu=report","Bilan",2,$user->rights->compta->resultat->lire); */ - $newmenu->add("/compta/stats/index.php?leftmenu=report", $langs->trans("ReportTurnover"), 1, $user->rights->compta->resultat->lire); /* $newmenu->add("/compta/stats/cumul.php?leftmenu=report","Cumule",2,$user->rights->compta->resultat->lire); @@ -1419,14 +1420,32 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM $newmenu->add("/compta/stats/comp.php?leftmenu=report","Transforme",2,$user->rights->compta->resultat->lire); } */ - $newmenu->add("/compta/stats/casoc.php?leftmenu=report", $langs->trans("ByCompanies"), 2, $user->rights->compta->resultat->lire); - $newmenu->add("/compta/stats/cabyuser.php?leftmenu=report", $langs->trans("ByUsers"), 2, $user->rights->compta->resultat->lire); - $newmenu->add("/compta/stats/cabyprodserv.php?leftmenu=report", $langs->trans("ByProductsAndServices"), 2, $user->rights->compta->resultat->lire); - $newmenu->add("/compta/stats/byratecountry.php?leftmenu=report", $langs->trans("ByVatRate"), 2, $user->rights->compta->resultat->lire); + + $modecompta = 'CREANCES-DETTES'; + $newmenu->add("/compta/stats/index.php?leftmenu=report&modecompta=".$modecompta, $langs->trans("ReportTurnover"), 1, $user->rights->compta->resultat->lire); + $newmenu->add("/compta/stats/casoc.php?leftmenu=report&modecompta=".$modecompta, $langs->trans("ByCompanies"), 2, $user->rights->compta->resultat->lire); + $newmenu->add("/compta/stats/cabyuser.php?leftmenu=report&modecompta=".$modecompta, $langs->trans("ByUsers"), 2, $user->rights->compta->resultat->lire); + $newmenu->add("/compta/stats/cabyprodserv.php?leftmenu=report&modecompta=".$modecompta, $langs->trans("ByProductsAndServices"), 2, $user->rights->compta->resultat->lire); + $newmenu->add("/compta/stats/byratecountry.php?leftmenu=report&modecompta=".$modecompta, $langs->trans("ByVatRate"), 2, $user->rights->compta->resultat->lire); + + $modecompta = 'RECETTES-DEPENSES'; + $newmenu->add("/compta/stats/index.php?leftmenu=accountancy_report&modecompta=".$modecompta, $langs->trans("ReportTurnoverCollected"), 1, $user->rights->compta->resultat->lire); + $newmenu->add("/compta/stats/casoc.php?leftmenu=accountancy_report&modecompta=".$modecompta, $langs->trans("ByCompanies"), 2, $user->rights->compta->resultat->lire); + $newmenu->add("/compta/stats/cabyuser.php?leftmenu=accountancy_report&modecompta=".$modecompta, $langs->trans("ByUsers"), 2, $user->rights->compta->resultat->lire); + //Achats - $newmenu->add("/compta/stats/supplier_turnover.php?leftmenu=accountancy_report", $langs->trans("ReportPurchaseTurnover"), 1, $user->rights->compta->resultat->lire); - $newmenu->add("/compta/stats/supplier_turnover_by_thirdparty.php?leftmenu=accountancy_report", $langs->trans("ByCompanies"), 2, $user->rights->compta->resultat->lire); - $newmenu->add("/compta/stats/supplier_turnover_by_prodserv.php?leftmenu=accountancy_report", $langs->trans("ByProductsAndServices"), 2, $user->rights->compta->resultat->lire); + $modecompta = 'CREANCES-DETTES'; + $newmenu->add("/compta/stats/supplier_turnover.php?leftmenu=accountancy_report&modecompta=".$modecompta, $langs->trans("ReportPurchaseTurnover"), 1, $user->rights->compta->resultat->lire); + $newmenu->add("/compta/stats/supplier_turnover_by_thirdparty.php?leftmenu=accountancy_report&modecompta=".$modecompta, $langs->trans("ByCompanies"), 2, $user->rights->compta->resultat->lire); + $newmenu->add("/compta/stats/supplier_turnover_by_prodserv.php?leftmenu=accountancy_report&modecompta=".$modecompta, $langs->trans("ByProductsAndServices"), 2, $user->rights->compta->resultat->lire); + + /* + $modecompta = 'RECETTES-DEPENSES'; + $newmenu->add("/compta/stats/index.php?leftmenu=accountancy_report&modecompta=".$modecompta, $langs->trans("ReportPurchaseTurnoverCollected"), 1, $user->rights->compta->resultat->lire); + $newmenu->add("/compta/stats/casoc.php?leftmenu=accountancy_report&modecompta=".$modecompta, $langs->trans("ByCompanies"), 2, $user->rights->compta->resultat->lire); + $newmenu->add("/compta/stats/cabyuser.php?leftmenu=accountancy_report&modecompta=".$modecompta, $langs->trans("ByUsers"), 2, $user->rights->compta->resultat->lire); + */ + // Journals $newmenu->add("/compta/journal/sellsjournal.php?leftmenu=report", $langs->trans("SellsJournal"), 1, $user->rights->compta->resultat->lire, '', '', '', 50); $newmenu->add("/compta/journal/purchasesjournal.php?leftmenu=report", $langs->trans("PurchasesJournal"), 1, $user->rights->compta->resultat->lire, '', '', '', 51); From 6eab0f56619eb204b594857ce783cd25f2def604 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 8 Jun 2021 15:49:26 +0200 Subject: [PATCH 57/93] Fix css --- htdocs/comm/propal/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index 48ad9783367..ceb945d1e72 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -1419,7 +1419,7 @@ if ($resql) { if (!empty($arrayfields['pr.ref']['checked'])) { // Project ref - print ''; + print ''; if ($obj->project_id > 0) { print $projectstatic->getNomUrl(1); } From facf594b2da40a8462b7b744c4a8040896daed9c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 8 Jun 2021 16:01:26 +0200 Subject: [PATCH 58/93] FIX Date of invoice generated from membership must be current date --- htdocs/adherents/class/adherent.class.php | 3 ++- htdocs/public/payment/newpayment.php | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index b7852280ddf..4c0c602cbc1 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -1740,7 +1740,8 @@ class Adherent extends CommonObject } } $invoice->socid = $this->fk_soc; - $invoice->date = $datesubscription; + //$invoice->date = $datesubscription; + $invoice->date = dol_now(); // Possibility to add external linked objects with hooks $invoice->linked_objects['subscription'] = $subscriptionid; diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index 3a7f9a4ed9f..fb95432256d 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -1419,6 +1419,8 @@ if ($source == 'contractline') { // Payment on member subscription if ($source == 'member' || $source == 'membersubscription') { + $newsource = 'member'; + $found = true; $langs->load("members"); @@ -1478,7 +1480,7 @@ if ($source == 'member' || $source == 'membersubscription') { } print '
'.$langs->trans("Designation"); print ''.$text; - print ''; + print ''; print ''; print '
'; $arrayoutstandingbills = $soc->getOutstandingBills(); + print ($arrayoutstandingbills['opened'] > $soc->outstanding_limit ? img_warning() : ''); print price($arrayoutstandingbills['opened']).' / '; print price($soc->outstanding_limit, 0, $langs, 1, - 1, - 1, $conf->currency); print '
'.$langs->trans("InitialBankBalance").' - '.$langs->trans("Cash").''.price($cashcontrol->opening).''.price($object->opening).'
'; print $bankaccount->getNomUrl(1); - if ($cashcontrol->posmodule == "takepos") { - $var1 = 'CASHDESK_ID_BANKACCOUNT_CASH'.$cashcontrol->posnumber; + if ($object->posmodule == "takepos") { + $var1 = 'CASHDESK_ID_BANKACCOUNT_CASH'.$object->posnumber; } else { $var1 = 'CASHDESK_ID_BANKACCOUNT_CASH'; } @@ -305,48 +319,44 @@ if ($resql) { include DOL_DOCUMENT_ROOT.'/core/tpl/list_print_total.tpl.php'; print "
"; + print ""; - //$cash = $amountpertype['LIQ'] + $cashcontrol->opening; - $cash = price2num($cash + $cashcontrol->opening, 'MT'); + //$cash = $amountpertype['LIQ'] + $object->opening; + $cash = price2num($cash + $object->opening, 'MT'); - print '

'; - print $langs->trans("Cash").": ".price($cash); - if ($cashcontrol->status == $cashcontrol::STATUS_VALIDATED && $cash != $cashcontrol->cash) { - print ' <> '.$langs->trans("Declared").': '.price($cashcontrol->cash).''; + print '
'; + print '

'; + + print $langs->trans("Cash").': '.price($cash).''; + if ($object->status == $object::STATUS_VALIDATED && $cash != $object->cash) { + print ' <> '.$langs->trans("Declared").': '.price($object->cash).''; } - print "

"; + print "
"; //print '
'; - print $langs->trans("PaymentTypeCHQ").": ".price($cheque); - if ($cashcontrol->status == $cashcontrol::STATUS_VALIDATED && $cheque != $cashcontrol->cheque) { - print ' <> '.$langs->trans("Declared").': '.price($cashcontrol->cheque).''; + print $langs->trans("PaymentTypeCHQ").': '.price($cheque).''; + if ($object->status == $object::STATUS_VALIDATED && $cheque != $object->cheque) { + print ' <> '.$langs->trans("Declared").': '.price($object->cheque).''; } - print "

"; + print "
"; //print '
'; - print $langs->trans("PaymentTypeCB").": ".price($bank); - if ($cashcontrol->status == $cashcontrol::STATUS_VALIDATED && $bank != $cashcontrol->card) { - print ' <> '.$langs->trans("Declared").': '.price($cashcontrol->card).''; + print $langs->trans("PaymentTypeCB").': '.price($bank).''; + if ($object->status == $object::STATUS_VALIDATED && $bank != $object->card) { + print ' <> '.$langs->trans("Declared").': '.price($object->card).''; } - print "

"; + print "
"; // print '
'; if ($other) { - print '
'.$langs->trans("Other").": ".price($other)."

"; + print ''.$langs->trans("Other").': '.price($other).""; + print '
'; } - print "

"; - //save totals to DB - /* - $sql = "UPDATE ".MAIN_DB_PREFIX."pos_cash_fence "; - $sql .= "SET"; - $sql .= " cash='".$db->escape($cash)."'"; - $sql .= ", card='".$db->escape($bank)."'"; - $sql .= " where rowid = ".((int) $id); - $db->query($sql); - */ + print $langs->trans("Total").': '.price($cash + $cheque + $bank + $other).''; - print "

"; + print ''; + print ''; print ''; From f17e7a6979a9373183943d0afb906a69f41f0df3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 9 Jun 2021 03:54:19 +0200 Subject: [PATCH 63/93] Add more info --- htdocs/compta/cashcontrol/report.php | 50 ++++++++++++++++++++-------- 1 file changed, 37 insertions(+), 13 deletions(-) diff --git a/htdocs/compta/cashcontrol/report.php b/htdocs/compta/cashcontrol/report.php index 12dff9d460a..15345584f73 100644 --- a/htdocs/compta/cashcontrol/report.php +++ b/htdocs/compta/cashcontrol/report.php @@ -120,9 +120,10 @@ $sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CB; $sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE; $sql.=")"; */ -$sql = "SELECT f.rowid as facid, f.ref, f.datef as do, pf.amount as amount, b.fk_account as bankid, cp.code"; -$sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."facture as f, ".MAIN_DB_PREFIX."paiement as p, ".MAIN_DB_PREFIX."c_paiement as cp, ".MAIN_DB_PREFIX."bank as b"; -$sql .= " WHERE pf.fk_facture = f.rowid AND p.rowid = pf.fk_paiement AND cp.id = p.fk_paiement AND p.fk_bank = b.rowid"; +$sql = "SELECT f.rowid as facid, f.ref, f.datef as do, pf.amount as amount, b.fk_account as bankid, cp.code, SUM(fd.qty) as qty"; +$sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."facture as f, ".MAIN_DB_PREFIX."paiement as p, ".MAIN_DB_PREFIX."c_paiement as cp, ".MAIN_DB_PREFIX."bank as b,"; +$sql .= " ".MAIN_DB_PREFIX."facturedet as fd"; +$sql .= " WHERE pf.fk_facture = f.rowid AND p.rowid = pf.fk_paiement AND cp.id = p.fk_paiement AND p.fk_bank = b.rowid AND fd.fk_facture = f.rowid"; $sql .= " AND f.module_source = '".$db->escape($posmodule)."'"; $sql .= " AND f.pos_source = '".$db->escape($terminalid)."'"; $sql .= " AND f.paye = 1"; @@ -144,6 +145,7 @@ if ($syear && !$smonth) { } else { dol_print_error('', 'Year not defined'); } +$sql .= " GROUP BY f.rowid, f.ref, f.datef, pf.amount, b.fk_account, cp.code"; $resql = $db->query($sql); if ($resql) { @@ -196,15 +198,20 @@ if ($resql) { print "
'; - print $bankaccount->getNomUrl(1); if ($object->posmodule == "takepos") { $var1 = 'CASHDESK_ID_BANKACCOUNT_CASH'.$object->posnumber; } else { $var1 = 'CASHDESK_ID_BANKACCOUNT_CASH'; } + + // Bank account + print ''; + print $bankaccount->getNomUrl(1); if ($objp->code == 'CHQ') { $cheque += $objp->amount; + if (empty($transactionspertype[$objp->code])) { + $transactionspertype[$objp->code] = 0; + } + $transactionspertype[$objp->code] += 1; } elseif ($objp->code == 'CB') { $bank += $objp->amount; + if (empty($transactionspertype[$objp->code])) { + $transactionspertype[$objp->code] = 0; + } + $transactionspertype[$objp->code] += 1; } else { if ($conf->global->$var1 == $bankaccount->id) { $cash += $objp->amount; // } elseif ($conf->global->$var2 == $bankaccount->id) $bank+=$objp->amount; //elseif ($conf->global->$var3 == $bankaccount->id) $cheque+=$objp->amount; + if (empty($transactionspertype['CASH'])) { + $transactionspertype['CASH'] = 0; + } + $transactionspertype['CASH'] += 1; } else { $other += $objp->amount; + if (empty($transactionspertype['OTHER'])) { + $transactionspertype['OTHER'] = 0; + } + $transactionspertype['OTHER'] += 1; } } print "
'.$langs->trans("InitialBankBalance").' - '.$langs->trans("Cash").''.price($object->opening).'
'.$langs->trans("ManageLotMask").''; - print $object->batch_mask; - print '
'.$langs->trans("ManageLotMask").''; + print $object->batch_mask; + print '
trans("IM"); ?>
trans("ContactVisibility"); ?> control->tpl['select_visibility']; ?>
'; $sql = 'SELECT rowid, socialnetworks'; - $sql .= ', jabberid, skype, twitter, facebook, linkedin, instagram, snapchat, googleplus, youtube, whatsapp FROM '.MAIN_DB_PREFIX.'socpeople WHERE '; + $sql .= ', jabberid, skype, twitter, facebook, linkedin, instagram, snapchat, googleplus, youtube, whatsapp FROM '.MAIN_DB_PREFIX.'socpeople WHERE'; $sql .= " jabberid IS NOT NULL OR jabberid <> ''"; $sql .= " OR skype IS NOT NULL OR skype <> ''"; $sql .= " OR twitter IS NOT NULL OR twitter <> ''"; diff --git a/htdocs/webservices/server_contact.php b/htdocs/webservices/server_contact.php index a28371443d5..37d86dcded9 100644 --- a/htdocs/webservices/server_contact.php +++ b/htdocs/webservices/server_contact.php @@ -492,8 +492,7 @@ function getContactsForThirdParty($authentication, $idthirdparty) $sql .= " c.fk_pays as country_id,"; $sql .= " c.fk_departement as state_id,"; $sql .= " c.birthday,"; - $sql .= " c.poste, c.phone, c.phone_perso, c.phone_mobile, c.fax, c.email, c.jabberid,"; - //$sql.= " c.priv, c.note, c.default_lang, c.canvas,"; + $sql .= " c.poste, c.phone, c.phone_perso, c.phone_mobile, c.fax, c.email,"; $sql .= " co.label as country, co.code as country_code,"; $sql .= " d.nom as state, d.code_departement as state_code,"; $sql .= " u.rowid as user_id, u.login as user_login,"; @@ -545,7 +544,6 @@ function getContactsForThirdParty($authentication, $idthirdparty) 'phone_mobile' => $contact->phone_mobile ? $contact->phone_mobile : '', 'email' => $contact->email ? $contact->email : '', - 'jabberid' => $contact->jabberid ? $contact->jabberid : '', 'priv' => $contact->priv ? $contact->priv : '', 'mail' => $contact->mail ? $contact->mail : '', From 3cc478b1335ad6f4e422d770125b73c332b6f035 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 Jun 2021 00:13:23 +0200 Subject: [PATCH 84/93] Fix use of get url --- htdocs/blockedlog/class/authority.class.php | 22 +++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/htdocs/blockedlog/class/authority.class.php b/htdocs/blockedlog/class/authority.class.php index 4ec3fc6d07e..7240aaf0151 100644 --- a/htdocs/blockedlog/class/authority.class.php +++ b/htdocs/blockedlog/class/authority.class.php @@ -71,7 +71,7 @@ class BlockedLogAuthority $this->blockchain = ''; - if (is_array($bocks)) { + if (is_array($blocks)) { foreach ($blocks as &$b) { $this->blockchain .= $b->signature; } @@ -299,16 +299,18 @@ class BlockedLogAuthority $signature = $block_static->getSignature(); - foreach ($blocks as &$block) { - $url = $conf->global->BLOCKEDLOG_AUTHORITY_URL.'/blockedlog/ajax/authority.php?s='.$signature.'&b='.$block->signature; + if (is_array($blocks)) { + foreach ($blocks as &$block) { + $url = $conf->global->BLOCKEDLOG_AUTHORITY_URL.'/blockedlog/ajax/authority.php?s='.$signature.'&b='.$block->signature; - $res = file_get_contents($url); - echo $block->signature.' '.$url.' '.$res.'
'; - if ($res === 'blockalreadyadded' || $res === 'blockadded') { - $block->setCertified(); - } else { - $this->error = $langs->trans('ImpossibleToContactAuthority ', $url); - return -1; + $res = getURLContent($url); + echo $block->signature.' '.$url.' '.$res.'
'; + if ($res === 'blockalreadyadded' || $res === 'blockadded') { + $block->setCertified(); + } else { + $this->error = $langs->trans('ImpossibleToContactAuthority ', $url); + return -1; + } } } From 9afe8e54a7d164153339e3306d5eb9661067977d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 Jun 2021 00:41:15 +0200 Subject: [PATCH 85/93] Fix --- htdocs/compta/facture/index.php | 4 ++-- htdocs/core/lib/invoice.lib.php | 24 +++++++++++++++--------- htdocs/fourn/facture/index.php | 4 ++-- 3 files changed, 19 insertions(+), 13 deletions(-) diff --git a/htdocs/compta/facture/index.php b/htdocs/compta/facture/index.php index 0b2f4538636..66a2fccaf08 100644 --- a/htdocs/compta/facture/index.php +++ b/htdocs/compta/facture/index.php @@ -59,8 +59,8 @@ print load_fiche_titre($langs->trans("CustomersInvoicesArea"), '', 'bill'); print '
'; print '
'; - -print getCustomerInvoicePieChart($socid); +print getNumberInvoicesPieChart('customers'); +//print getCustomerInvoicePieChart($socid); print '
'; print getCustomerInvoiceDraftTable($max, $socid); diff --git a/htdocs/core/lib/invoice.lib.php b/htdocs/core/lib/invoice.lib.php index 0cbb89ae47b..43cff7d3c3e 100644 --- a/htdocs/core/lib/invoice.lib.php +++ b/htdocs/core/lib/invoice.lib.php @@ -458,8 +458,9 @@ function getPurchaseInvoicePieChart($socid = 0) /** * Return an HTML table that contains a pie chart of the number of customers or supplier invoices - * @param string $mode Can be customer or fourn - * @return string A HTML table that contains a pie chart of customers or supplier invoices + * + * @param string $mode Can be 'customers' or 'suppliers' + * @return string A HTML table that contains a pie chart of customers or supplier invoices */ function getNumberInvoicesPieChart($mode) { @@ -487,13 +488,17 @@ function getNumberInvoicesPieChart($mode) $sql .= ", sum(".$db->ifsql("f.date_lim_reglement > '".date_format($datenowadd30, 'Y-m-d')."'", 1, 0).") as nbnotlate30"; if ($mode == 'customers') { $sql .= " FROM ".MAIN_DB_PREFIX."facture as f"; - } elseif ($mode == 'fourn') { + } elseif ($mode == 'fourn' || $mode == 'suppliers') { $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn as f"; } else { return ''; } $sql .= " WHERE f.type <> 2"; $sql .= " AND f.fk_statut = 1"; + if (isset($user->socid) && $user->socid > 0) { + $sql .= " AND f.fk_soc = ".((int) $user->socid); + } + $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); @@ -519,14 +524,15 @@ function getNumberInvoicesPieChart($mode) $result = '
'; $result .= ''; $result .= ''; - $result .= ''; - } elseif ($mode == 'fourn') { - $result .= $langs->trans("SupplierInvoice").''; + $result .= $langs->trans("CustomerInvoice"); + } elseif ($mode == 'fourn' || $mode == 'suppliers') { + $result .= $langs->trans("SupplierInvoice"); } else { return ''; } + $result .= ''; $result .= ''; $dolgraph = new DolGraph(); @@ -539,13 +545,13 @@ function getNumberInvoicesPieChart($mode) $dolgraph->setWidth('300'); if ($mode == 'customers') { $dolgraph->draw('idgraphcustomerinvoices'); - } elseif ($mode == 'fourn') { + } elseif ($mode == 'fourn' || $mode == 'suppliers') { $dolgraph->draw('idgraphfourninvoices'); } else { return ''; } $result .= ''; - $result .= ''; + $result .= ''; $result .= ''; $result .= '
'.$langs->trans("Statistics").' - '; + $result .= ''.$langs->trans("Statistics").' - '; if ($mode == 'customers') { - $result .= $langs->trans("CustomerInvoice").'
'.$dolgraph->show($total ? 0 : 1).''.$dolgraph->show($total ? 0 : 1).'
'; $result .= '
'; diff --git a/htdocs/fourn/facture/index.php b/htdocs/fourn/facture/index.php index e76426f54c2..c695eed9285 100644 --- a/htdocs/fourn/facture/index.php +++ b/htdocs/fourn/facture/index.php @@ -58,8 +58,8 @@ print load_fiche_titre($langs->trans("SupplierInvoicesArea"), '', 'supplier_invo print '
'; print '
'; - -print getPurchaseInvoicePieChart($socid); +print getNumberInvoicesPieChart('suppliers'); +//print getPurchaseInvoicePieChart($socid); print '
'; print getDraftSupplierTable($maxDraftCount, $socid); From c40bc085b2dd309bd09118172d4084599eafd651 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 Jun 2021 00:55:10 +0200 Subject: [PATCH 86/93] Fix v14 --- htdocs/core/lib/invoice.lib.php | 40 +++++++++++++++++++-------------- htdocs/langs/en_US/bills.lang | 1 + 2 files changed, 24 insertions(+), 17 deletions(-) diff --git a/htdocs/core/lib/invoice.lib.php b/htdocs/core/lib/invoice.lib.php index 43cff7d3c3e..b6618b5df26 100644 --- a/htdocs/core/lib/invoice.lib.php +++ b/htdocs/core/lib/invoice.lib.php @@ -505,6 +505,7 @@ function getNumberInvoicesPieChart($mode) $i = 0; $total = 0; $dataseries = array(); + while ($i < $num) { $obj = $db->fetch_object($resql); $dataseries = array(array($langs->trans('InvoiceLate30Days'),$obj->nblate30) @@ -520,21 +521,22 @@ function getNumberInvoicesPieChart($mode) } $colorseries = array($badgeStatus8, $badgeStatus1, $badgeStatus3, $badgeStatus4, $badgeStatus11, '-'.$badgeStatus11); - if ($conf->use_javascript_ajax) { - $result = '
'; - $result .= ''; - $result .= ''; - $result .= ''; - $result .= ''; + $result = '
'; + $result .= '
'.$langs->trans("Statistics").' - '; - if ($mode == 'customers') { - $result .= $langs->trans("CustomerInvoice"); - } elseif ($mode == 'fourn' || $mode == 'suppliers') { - $result .= $langs->trans("SupplierInvoice"); - } else { - return ''; - } - $result .= '
'; + $result .= ''; + $result .= ''; + $result .= ''; + + if ($conf->use_javascript_ajax) { $dolgraph = new DolGraph(); $dolgraph->SetData($dataseries); $dolgraph->SetDataColor(array_values($colorseries)); @@ -551,11 +553,15 @@ function getNumberInvoicesPieChart($mode) return ''; } $result .= ''; - $result .= ''; + $result .= ''; $result .= ''; - $result .= '
'.$langs->trans("Statistics").' - '; + if ($mode == 'customers') { + $result .= $langs->trans("CustomerInvoice"); + } elseif ($mode == 'fourn' || $mode == 'suppliers') { + $result .= $langs->trans("SupplierInvoice"); + } else { + return ''; + } + $result .= '
'.$dolgraph->show($total ? 0 : 1).''.$dolgraph->show($total ? 0 : $langs->trans("NoOpenInvoice")).'
'; - $result .= '
'; + } else { + // Print text lines } + + $result .= '
'; + $result .= ''; + return $result; } else { dol_print_error($db); diff --git a/htdocs/langs/en_US/bills.lang b/htdocs/langs/en_US/bills.lang index 940da4e35b4..0c660de8e22 100644 --- a/htdocs/langs/en_US/bills.lang +++ b/htdocs/langs/en_US/bills.lang @@ -259,6 +259,7 @@ DateMaxPayment=Payment due on DateInvoice=Invoice date DatePointOfTax=Point of tax NoInvoice=No invoice +NoOpenInvoice=No open invoice ClassifyBill=Classify invoice SupplierBillsToPay=Unpaid vendor invoices CustomerBillsUnpaid=Unpaid customer invoices From ea0db5a574db32eab922845e924b2577eccc1eab Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 Jun 2021 01:10:35 +0200 Subject: [PATCH 87/93] Fix popup of invoice --- htdocs/core/lib/functions.lib.php | 8 ++++++-- htdocs/core/lib/invoice.lib.php | 16 ++++++++++++---- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 1857be0146c..dd4d8cba1f2 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -3515,7 +3515,9 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ 'github', 'jabber', 'skype', 'twitter', 'facebook', 'linkedin', 'instagram', 'snapchat', 'youtube', 'google-plus-g', 'whatsapp', 'chevron-left', 'chevron-right', 'chevron-down', 'chevron-top', 'commercial', 'companies', 'generic', 'home', 'hrm', 'members', 'products', 'invoicing', - 'partnership', 'payment', 'pencil-ruler', 'preview', 'project', 'projectpub', 'projecttask', 'question', 'refresh', 'salary', 'shipment', 'supplier_invoice', 'technic', 'ticket', + 'partnership', 'payment', 'pencil-ruler', 'preview', 'project', 'projectpub', 'projecttask', 'question', 'refresh', 'salary', 'shipment', + 'supplier_invoice', 'supplier_invoicea', 'supplier_invoicer', 'supplier_invoiced', + 'technic', 'ticket', 'error', 'warning', 'recent', 'reception', 'recruitmentcandidature', 'recruitmentjobposition', 'resource', 'shapes', 'supplier', 'supplier_proposal', 'supplier_order', 'supplier_invoice', @@ -3536,7 +3538,9 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ $arrayconvpictotofa = array( 'account'=>'university', 'accountline'=>'receipt', 'accountancy'=>'search-dollar', 'action'=>'calendar-alt', 'add'=>'plus-circle', 'address'=> 'address-book', 'asset'=>'money-check-alt', 'autofill'=>'fill', - 'bank_account'=>'university', 'bill'=>'file-invoice-dollar', 'billa'=>'file-excel', 'billr'=>'file-invoice-dollar', 'supplier_invoicea'=>'file-excel', 'billd'=>'file-medical', 'supplier_invoiced'=>'file-medical', + 'bank_account'=>'university', + 'bill'=>'file-invoice-dollar', 'billa'=>'file-excel', 'billr'=>'file-invoice-dollar', 'billd'=>'file-medical', + 'supplier_invoice'=>'file-invoice-dollar', 'supplier_invoicea'=>'file-excel', 'supplier_invoicer'=>'file-invoice-dollar', 'supplier_invoiced'=>'file-medical', 'bom'=>'shapes', 'chart'=>'chart-line', 'company'=>'building', 'contact'=>'address-book', 'contract'=>'suitcase', 'collab'=>'people-arrows', 'conversation'=>'comments', 'country'=>'globe-americas', 'cron'=>'business-time', 'donation'=>'file-alt', 'dynamicprice'=>'hand-holding-usd', diff --git a/htdocs/core/lib/invoice.lib.php b/htdocs/core/lib/invoice.lib.php index b6618b5df26..c328d659b93 100644 --- a/htdocs/core/lib/invoice.lib.php +++ b/htdocs/core/lib/invoice.lib.php @@ -854,8 +854,8 @@ function getCustomerInvoiceLatestEditTable($maxCount = 5, $socid = 0) { global $conf, $db, $langs, $user; - $sql = "SELECT f.rowid, f.entity, f.ref, f.fk_statut as status, f.paye, s.nom as socname, s.rowid as socid, s.canvas, s.client,"; - $sql .= " f.datec"; + $sql = "SELECT f.rowid, f.entity, f.ref, f.fk_statut as status, f.paye, f.type, f.total_ht, f.total_tva, f.total_ttc, f.datec,"; + $sql .= " s.nom as socname, s.rowid as socid, s.canvas, s.client"; $sql .= " FROM ".MAIN_DB_PREFIX."facture as f"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; if (!$user->rights->societe->client->voir && !$socid) { @@ -904,6 +904,10 @@ function getCustomerInvoiceLatestEditTable($maxCount = 5, $socid = 0) $objectstatic->ref = $obj->ref; $objectstatic->paye = $obj->paye; $objectstatic->statut = $obj->status; + $objectstatic->total_ht = $obj->total_ht; + $objectstatic->total_tva = $obj->total_tva; + $objectstatic->total_ttc = $obj->total_ttc; + $objectstatic->type = $obj->type; $companystatic->id = $obj->socid; $companystatic->name = $obj->socname; @@ -952,8 +956,8 @@ function getPurchaseInvoiceLatestEditTable($maxCount = 5, $socid = 0) { global $conf, $db, $langs, $user; - $sql = "SELECT f.rowid, f.entity, f.ref, f.fk_statut as status, f.paye, s.nom as socname, s.rowid as socid, s.canvas, s.client,"; - $sql .= " f.datec"; + $sql = "SELECT f.rowid, f.entity, f.ref, f.fk_statut as status, f.paye, f.total_ht, f.total_tva, f.total_ttc, f.type, f.ref_supplier, f.datec,"; + $sql .= " s.nom as socname, s.rowid as socid, s.canvas, s.client"; $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn as f"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; if (!$user->rights->societe->client->voir && !$socid) { @@ -1002,6 +1006,10 @@ function getPurchaseInvoiceLatestEditTable($maxCount = 5, $socid = 0) $objectstatic->ref = $obj->ref; $objectstatic->paye = $obj->paye; $objectstatic->statut = $obj->status; + $objectstatic->total_ht = $obj->total_ht; + $objectstatic->total_tva = $obj->total_tva; + $objectstatic->total_ttc = $obj->total_ttc; + $objectstatic->type = $obj->type; $companystatic->id = $obj->socid; $companystatic->name = $obj->socname; From 4c89a1146c1553c8cdda1693057e7e06617f9a5c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 Jun 2021 01:13:50 +0200 Subject: [PATCH 88/93] Fix popup --- htdocs/compta/index.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php index 18519955bf6..8db217747ef 100644 --- a/htdocs/compta/index.php +++ b/htdocs/compta/index.php @@ -267,7 +267,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $langs->load("boxes"); $facstatic = new FactureFournisseur($db); - $sql = "SELECT ff.rowid, ff.ref, ff.fk_statut as status, ff.libelle, ff.total_ht, ff.total_tva, ff.total_ttc, ff.tms, ff.paye"; + $sql = "SELECT ff.rowid, ff.ref, ff.fk_statut as status, ff.type, ff.libelle, ff.total_ht, ff.total_tva, ff.total_ttc, ff.tms, ff.paye, ff.ref_supplier"; $sql .= ", s.nom as name"; $sql .= ", s.rowid as socid"; $sql .= ", s.code_fournisseur, s.code_compta_fournisseur, s.email"; @@ -290,7 +290,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $reshook = $hookmanager->executeHooks('printFieldListWhereSupplierLastModified', $parameters); $sql .= $hookmanager->resPrint; - $sql .= " GROUP BY ff.rowid, ff.ref, ff.fk_statut, ff.libelle, ff.total_ht, ff.tva, ff.total_tva, ff.total_ttc, ff.tms, ff.paye,"; + $sql .= " GROUP BY ff.rowid, ff.ref, ff.fk_statut, ff.type, ff.libelle, ff.total_ht, ff.tva, ff.total_tva, ff.total_ttc, ff.tms, ff.paye, ff.ref_supplier,"; $sql .= " s.nom, s.rowid, s.code_fournisseur, s.code_compta_fournisseur, s.email"; $sql .= " ORDER BY ff.tms DESC "; $sql .= $db->plimit($max, 0); @@ -332,6 +332,8 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $facstatic->total_ttc = $obj->total_ttc; $facstatic->statut = $obj->status; $facstatic->paye = $obj->paye; + $facstatic->type = $obj->type; + $facstatic->ref_supplier = $obj->ref_supplier; $thirdpartystatic->id = $obj->socid; $thirdpartystatic->name = $obj->name; From ae6d2ba9b51013747c650926e445a7b914b067e7 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 Jun 2021 01:56:20 +0200 Subject: [PATCH 89/93] Fix missing user creation/modif of template invoice --- .../compta/facture/invoicetemplate_list.php | 51 +++++++++++++++++-- htdocs/compta/facture/list.php | 2 +- 2 files changed, 47 insertions(+), 6 deletions(-) diff --git a/htdocs/compta/facture/invoicetemplate_list.php b/htdocs/compta/facture/invoicetemplate_list.php index 5f7e277076c..af6678ffd71 100644 --- a/htdocs/compta/facture/invoicetemplate_list.php +++ b/htdocs/compta/facture/invoicetemplate_list.php @@ -137,9 +137,11 @@ $arrayfields = array( 'f.nb_gen_done'=>array('label'=>"NbOfGenerationDoneShort", 'checked'=>1), 'f.date_last_gen'=>array('label'=>"DateLastGenerationShort", 'checked'=>1), 'f.date_when'=>array('label'=>"NextDateToExecutionShort", 'checked'=>1), - 'status'=>array('label'=>"Status", 'checked'=>1, 'position'=>100), - 'f.datec'=>array('label'=>"DateCreation", 'checked'=>0, 'position'=>500), - 'f.tms'=>array('label'=>"DateModificationShort", 'checked'=>0, 'position'=>500), + 'f.fk_user_author'=>array('label'=>"UserCreation", 'checked'=>0, 'position'=>500), + 'f.fk_user_modif'=>array('label'=>"UserModification", 'checked'=>0, 'position'=>505), + 'f.datec'=>array('label'=>"DateCreation", 'checked'=>0, 'position'=>520), + 'f.tms'=>array('label'=>"DateModificationShort", 'checked'=>0, 'position'=>525), + 'status'=>array('label'=>"Status", 'checked'=>1, 'position'=>1000), ); // Extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php'; @@ -240,6 +242,7 @@ if (!empty($conf->projet->enabled)) { } $companystatic = new Societe($db); $invoicerectmp = new FactureRec($db); +$tmpuser = new User($db); $now = dol_now(); $tmparray = dol_getdate($now); @@ -252,7 +255,7 @@ $today = dol_mktime(23, 59, 59, $tmparray['mon'], $tmparray['mday'], $tmparray[' $sql = "SELECT s.nom as name, s.rowid as socid, f.rowid as facid, f.titre as title, f.total_ht, f.total_tva, f.total_ttc, f.frequency, f.unit_frequency,"; $sql .= " f.nb_gen_done, f.nb_gen_max, f.date_last_gen, f.date_when, f.suspended,"; -$sql .= " f.datec, f.tms,"; +$sql .= " f.datec, f.fk_user_author, f.tms, f.fk_user_modif,"; $sql .= " f.fk_cond_reglement, f.fk_mode_reglement"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { @@ -274,7 +277,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= ' AND f.entity IN ('.getEntity('invoice').')'; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_ref) { $sql .= natural_search('f.titre', $search_ref); @@ -534,6 +537,16 @@ if ($resql) { $parameters = array('arrayfields'=>$arrayfields); $reshook = $hookmanager->executeHooks('printFieldListOption', $parameters); // Note that $action and $object may have been modified by hook print $hookmanager->resPrint; + // User creation + if (!empty($arrayfields['f.fk_user_author']['checked'])) { + print '		'; + print ''; + print ''; @@ -602,6 +615,12 @@ if ($resql) { if (!empty($arrayfields['f.date_when']['checked'])) { print_liste_field_titre($arrayfields['f.date_when']['label'], $_SERVER['PHP_SELF'], "f.date_when", "", $param, 'align="center"', $sortfield, $sortorder); } + if (!empty($arrayfields['f.fk_user_author']['checked'])) { + print_liste_field_titre($arrayfields['f.fk_user_author']['label'], $_SERVER['PHP_SELF'], "f.fk_user_author", "", $param, 'align="center"', $sortfield, $sortorder); + } + if (!empty($arrayfields['f.fk_user_modif']['checked'])) { + print_liste_field_titre($arrayfields['f.fk_user_modif']['label'], $_SERVER['PHP_SELF'], "f.fk_user_modif", "", $param, 'align="center"', $sortfield, $sortorder); + } if (!empty($arrayfields['f.datec']['checked'])) { print_liste_field_titre($arrayfields['f.datec']['label'], $_SERVER['PHP_SELF'], "f.datec", "", $param, 'align="center"', $sortfield, $sortorder); } @@ -754,6 +773,28 @@ if ($resql) { $totalarray['nbfield']++; } } + if (!empty($arrayfields['f.fk_user_author']['checked'])) { + print ''; + if ($objp->fk_user_author > 0) { + $tmpuser->fetch($objp->fk_user_author); + print $tmpuser->getNomUrl(1); + } + print ''; + if ($objp->fk_user_author > 0) { + $tmpuser->fetch($objp->fk_user_author); + print $tmpuser->getNomUrl(1); + } + print ''; print dol_print_date($db->jdate($objp->datec), 'dayhour'); diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index a375bc677f2..de6c3f66065 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -240,7 +240,7 @@ $arrayfields = array( 'total_margin_rate' => array('label' => 'MarginRate', 'checked' => 0, 'position' => 302, 'enabled' => (empty($conf->margin->enabled) || !$user->rights->margins->liretous || empty($conf->global->DISPLAY_MARGIN_RATES) ? 0 : 1)), 'total_mark_rate' => array('label' => 'MarkRate', 'checked' => 0, 'position' => 303, 'enabled' => (empty($conf->margin->enabled) || !$user->rights->margins->liretous || empty($conf->global->DISPLAY_MARK_RATES) ? 0 : 1)), 'f.datec'=>array('label'=>"DateCreation", 'checked'=>0, 'position'=>500), - 'f.tms'=>array('label'=>"DateModificationShort", 'checked'=>0, 'position'=>500), + 'f.tms'=>array('label'=>"DateModificationShort", 'checked'=>0, 'position'=>502), 'f.note_public'=>array('label'=>'NotePublic', 'checked'=>0, 'position'=>510, 'enabled'=>(empty($conf->global->MAIN_LIST_ALLOW_PUBLIC_NOTES))), 'f.note_private'=>array('label'=>'NotePrivate', 'checked'=>0, 'position'=>511, 'enabled'=>(empty($conf->global->MAIN_LIST_ALLOW_PRIVATE_NOTES))), 'f.fk_statut'=>array('label'=>"Status", 'checked'=>1, 'position'=>1000), From 5f925d9e3b183f32bf8ea0d455b2d66edcf9c53f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 Jun 2021 02:10:58 +0200 Subject: [PATCH 90/93] Fix total -> total_ht --- htdocs/compta/facture/invoicetemplate_list.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/htdocs/compta/facture/invoicetemplate_list.php b/htdocs/compta/facture/invoicetemplate_list.php index af6678ffd71..19da4b97f63 100644 --- a/htdocs/compta/facture/invoicetemplate_list.php +++ b/htdocs/compta/facture/invoicetemplate_list.php @@ -654,6 +654,9 @@ if ($resql) { $invoicerectmp->nb_gen_max = $objp->nb_gen_max; $invoicerectmp->nb_gen_done = $objp->nb_gen_done; $invoicerectmp->ref = $objp->title; + $invoicerectmp->total_ht = $objp->total_ht; + $invoicerectmp->total_tva = $objp->total_tva; + $invoicerectmp->total_ttc = $objp->total_ttc; print '
'.price($objp->total).''.price($objp->total_ht).''.price($objp->total_vat).''.price($objp->total_tva).'