From c4d8a25c5a09f018fd42a9b346085c36fa8a87ee Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Mon, 10 Aug 2020 13:40:55 +0200 Subject: [PATCH 01/18] fix external module multidiroutput --- htdocs/core/lib/files.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 23b631bae53..cb139edd29b 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2992,7 +2992,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, if ($partofdirinoriginalfile && ($fuser->rights->$modulepart->$partofdirinoriginalfile->{$lire} || $fuser->rights->$modulepart->$partofdirinoriginalfile->{$read})) $accessallowed = 1; if ($fuser->rights->$modulepart->{$lire} || $fuser->rights->$modulepart->{$read}) $accessallowed = 1; //} - $original_file = $conf->$modulepart->dir_output.'/'.$original_file; + $original_file = $conf->$modulepart->multidir_output[$entity].'/'.$original_file; } // For modules who wants to manage different levels of permissions for documents From 6928b6543c9f6db15e1c7fc8ba257602debd1c52 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Wed, 16 Sep 2020 21:24:24 +0200 Subject: [PATCH 02/18] Revert "FIX Yogosha report 4425 (backport)" This reverts commit 23c4cfe913429a38b3e4f9edec33bdfb0166d274. --- htdocs/core/lib/functions.lib.php | 37 +++++++------------------------ htdocs/document.php | 9 ++++---- 2 files changed, 12 insertions(+), 34 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 3f4229589dd..97ad5d58969 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -7705,16 +7705,19 @@ function getAdvancedPreviewUrl($modulepart, $relativepath, $alldata = 0, $param if (empty($conf->use_javascript_ajax)) return ''; - $isAllowedForPreview = dolIsAllowedForPreview($relativepath); + $mime_preview = array('bmp', 'jpeg', 'png', 'gif', 'tiff', 'pdf', 'plain', 'css', 'svg+xml'); + //$mime_preview[]='vnd.oasis.opendocument.presentation'; + //$mime_preview[]='archive'; + $num_mime = array_search(dol_mimetype($relativepath, '', 1), $mime_preview); if ($alldata == 1) { - if (isAllowedForPreview) return array('target'=>'_blank', 'css'=>'documentpreview', 'url'=>DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param?'&'.$param:''), 'mime'=>dol_mimetype($relativepath), ); + if ($num_mime !== false) return array('target'=>'_blank', 'css'=>'documentpreview', 'url'=>DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param?'&'.$param:''), 'mime'=>dol_mimetype($relativepath), ); else return array(); } - // old behavior, return a string - if ($isAllowedForPreview) return 'javascript:document_preview(\''.dol_escape_js(DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param?'&'.$param:'')).'\', \''.dol_mimetype($relativepath).'\', \''.dol_escape_js($langs->trans('Preview')).'\')'; + // old behavior + if ($num_mime !== false) return 'javascript:document_preview(\''.dol_escape_js(DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param?'&'.$param:'')).'\', \''.dol_mimetype($relativepath).'\', \''.dol_escape_js($langs->trans('Preview')).'\')'; else return ''; } @@ -7738,30 +7741,6 @@ function ajax_autoselect($htmlname, $addlink = '') return $out; } -/** - * Return if a file is qualified for preview - * - * @param string $file Filename we looking for information - * @return int 1 If allowed, 0 otherwise - * @see dol_mimetype(), image_format_supported() from images.lib.php - */ -function dolIsAllowedForPreview($file) { - global $conf; - - // Check .noexe extension in filename - if (preg_match('/\.noexe$/i', $file)) return 0; - - // Check mime types - $mime_preview = array('bmp', 'jpeg', 'png', 'gif', 'tiff', 'pdf', 'plain', 'css', 'webp'); - if (!empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES)) $mime_preview[] = 'svg+xml'; - //$mime_preview[]='vnd.oasis.opendocument.presentation'; - //$mime_preview[]='archive'; - $num_mime = array_search(dol_mimetype($file, '', 1), $mime_preview); - if ($num_mime !== false) return 1; - - // By default, not allowed for preview - return 0; -} /** * Return mime type of a file @@ -7770,7 +7749,7 @@ function dolIsAllowedForPreview($file) { * @param string $default Default mime type if extension not found in known list * @param int $mode 0=Return full mime, 1=otherwise short mime string, 2=image for mime type, 3=source language, 4=css of font fa * @return string Return a mime type family (text/xxx, application/xxx, image/xxx, audio, video, archive) - * @see dolIsAllowedForPreview(), image_format_supported() from images.lib.php + * @see image_format_supported() from images.lib.php */ function dol_mimetype($file, $default = 'application/octet-stream', $mode = 0) { diff --git a/htdocs/document.php b/htdocs/document.php index ccd404f7315..2b37792d69a 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -156,13 +156,12 @@ if (isset($_GET["attachment"])) $attachment = GETPOST("attachment", 'alpha')?tru if (! empty($conf->global->MAIN_DISABLE_FORCE_SAVEAS)) $attachment=false; // Define mime type -$type = 'application/octet-stream'; // By default +$type = 'application/octet-stream'; if (GETPOST('type', 'alpha')) $type=GETPOST('type', 'alpha'); else $type=dol_mimetype($original_file); -// Security: Force to octet-stream if file is a dangerous file. For example when it is a .noexe file -if (!dolIsAllowedForPreview($original_file)) { - $type = 'application/octet-stream'; -} +// Security: Force to octet-stream if file is a dangerous file +if (preg_match('/\.noexe$/i', $original_file)) $type = 'application/octet-stream'; + // Security: Delete string ../ into $original_file $original_file = str_replace("../", "/", $original_file); From 55e3f8365e74477f0e582cae10638bfc44848aec Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Wed, 16 Sep 2020 21:36:55 +0200 Subject: [PATCH 03/18] FIX Yogosha report 4434 (backport) --- htdocs/adherents/card.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index c6ec8569a09..f8289e04cb2 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -286,7 +286,7 @@ if (empty($reshook)) $object->firstname = trim(GETPOST("firstname", 'alpha')); $object->lastname = trim(GETPOST("lastname", 'alpha')); $object->gender = trim(GETPOST("gender", 'alpha')); - $object->login = trim(GETPOST("login", 'alpha')); + $object->login = trim(GETPOST("login", 'alphanohtml')); $object->pass = trim(GETPOST("pass", 'alpha')); $object->societe = trim(GETPOST("societe", 'alpha')); @@ -453,7 +453,7 @@ if (empty($reshook)) $facebook=GETPOST("member_facebook", 'alpha'); $linkedin=GETPOST("member_linkedin", 'alpha'); $email=preg_replace('/\s+/', '', GETPOST("member_email", 'alpha')); - $login=GETPOST("member_login", 'alpha'); + $login=GETPOST("member_login", 'alphanohtml'); $pass=GETPOST("password", 'alpha'); $photo=GETPOST("photo", 'alpha'); //$comment=GETPOST("comment",'none'); @@ -914,7 +914,7 @@ else // Login if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED)) { - print ''.$langs->trans("Login").' / '.$langs->trans("Id").'login).'" autofocus="autofocus">'; + print ''.$langs->trans("Login").' / '.$langs->trans("Id").'login).'" autofocus="autofocus">'; } // Password @@ -1171,7 +1171,7 @@ else // Login if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED)) { - print ''.$langs->trans("Login").' / '.$langs->trans("Id").'login).'">'; + print ''.$langs->trans("Login").' / '.$langs->trans("Id").'login).'">'; } // Password From f453e43ccafd649c6bffce6eab6ac1135fafd455 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Fri, 18 Sep 2020 01:37:15 +0200 Subject: [PATCH 04/18] FIX Yogosha report 4425 (backport) --- htdocs/document.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/htdocs/document.php b/htdocs/document.php index 2b37792d69a..ccd404f7315 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -156,12 +156,13 @@ if (isset($_GET["attachment"])) $attachment = GETPOST("attachment", 'alpha')?tru if (! empty($conf->global->MAIN_DISABLE_FORCE_SAVEAS)) $attachment=false; // Define mime type -$type = 'application/octet-stream'; +$type = 'application/octet-stream'; // By default if (GETPOST('type', 'alpha')) $type=GETPOST('type', 'alpha'); else $type=dol_mimetype($original_file); -// Security: Force to octet-stream if file is a dangerous file -if (preg_match('/\.noexe$/i', $original_file)) $type = 'application/octet-stream'; - +// Security: Force to octet-stream if file is a dangerous file. For example when it is a .noexe file +if (!dolIsAllowedForPreview($original_file)) { + $type = 'application/octet-stream'; +} // Security: Delete string ../ into $original_file $original_file = str_replace("../", "/", $original_file); From 6d7f5ef0a8dcfccdcbde227fb109035e7d36c117 Mon Sep 17 00:00:00 2001 From: Pascal Hubrecht Date: Tue, 22 Sep 2020 12:40:26 +0200 Subject: [PATCH 05/18] Fix label inversion Private and public labels where inverted. --- htdocs/fichinter/class/fichinter.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index 488040ff5d3..f370b8bb571 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -58,8 +58,8 @@ class Fichinter extends CommonObject 'datet' =>array('type'=>'date', 'label'=>'Datet', 'enabled'=>1, 'visible'=>-1, 'position'=>95), 'duree' =>array('type'=>'double', 'label'=>'Duree', 'enabled'=>1, 'visible'=>-1, 'position'=>100), 'description' =>array('type'=>'text', 'label'=>'Description', 'enabled'=>1, 'visible'=>-1, 'position'=>105, 'showoncombobox'=>1), - 'note_private' =>array('type'=>'text', 'label'=>'NotePublic', 'enabled'=>1, 'visible'=>0, 'position'=>110), - 'note_public' =>array('type'=>'text', 'label'=>'NotePrivate', 'enabled'=>1, 'visible'=>0, 'position'=>115), + 'note_private' =>array('type'=>'text', 'label'=>'NotePrivate', 'enabled'=>1, 'visible'=>0, 'position'=>110), + 'note_public' =>array('type'=>'text', 'label'=>'NotePublic', 'enabled'=>1, 'visible'=>0, 'position'=>115), 'model_pdf' =>array('type'=>'varchar(255)', 'label'=>'Model pdf', 'enabled'=>1, 'visible'=>0, 'position'=>120), 'last_main_doc' =>array('type'=>'varchar(255)', 'label'=>'Last main doc', 'enabled'=>1, 'visible'=>-1, 'position'=>125), 'import_key' =>array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>1, 'visible'=>-2, 'position'=>130), From fcfe5423f42245af690a5466f6c246b6a4a8cc21 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 22 Sep 2020 16:34:38 +0200 Subject: [PATCH 06/18] FIX missing field entity --- htdocs/compta/paiement/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/paiement/card.php b/htdocs/compta/paiement/card.php index e14581f6531..d3dec6fde82 100644 --- a/htdocs/compta/paiement/card.php +++ b/htdocs/compta/paiement/card.php @@ -318,7 +318,7 @@ dol_fiche_end(); * List of invoices */ -$sql = 'SELECT f.rowid as facid, f.ref, f.type, f.total_ttc, f.paye, f.fk_statut, pf.amount, s.nom as name, s.rowid as socid'; +$sql = 'SELECT f.rowid as facid, f.ref, f.type, f.total_ttc, f.paye, f.entity, f.fk_statut, pf.amount, s.nom as name, s.rowid as socid'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf,'.MAIN_DB_PREFIX.'facture as f,'.MAIN_DB_PREFIX.'societe as s'; $sql .= ' WHERE pf.fk_facture = f.rowid'; $sql .= ' AND f.fk_soc = s.rowid'; From 0fc6e9b84f9cc12c8d8161df600e1dc8dc8d3163 Mon Sep 17 00:00:00 2001 From: atm-lena Date: Wed, 23 Sep 2020 10:54:49 +0200 Subject: [PATCH 07/18] FIX - Backtick not work with postgresql --- htdocs/install/mysql/migration/10.0.0-11.0.0.sql | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/install/mysql/migration/10.0.0-11.0.0.sql b/htdocs/install/mysql/migration/10.0.0-11.0.0.sql index 7055898ada6..37bb2962724 100644 --- a/htdocs/install/mysql/migration/10.0.0-11.0.0.sql +++ b/htdocs/install/mysql/migration/10.0.0-11.0.0.sql @@ -98,7 +98,8 @@ ALTER TABLE llx_bom_bomline ADD COLUMN position integer NOT NULL DEFAULT 0; ALTER TABLE llx_bom_bomline ADD COLUMN qty_frozen smallint DEFAULT 0; ALTER TABLE llx_bom_bomline ADD COLUMN disable_stock_change smallint DEFAULT 0; -ALTER TABLE llx_bom_bomline DROP COLUMN `rank`; +-- VMYSQL4.1 ALTER TABLE llx_bom_bomline DROP COLUMN `rank`; +-- VPGSQL8.2 ALTER TABLE llx_bom_bomline DROP COLUMN rank; create table llx_categorie_warehouse ( From 905f676c71318adedab7ed4cdc3297b8d683a0f3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 23 Sep 2020 19:27:55 +0200 Subject: [PATCH 08/18] Fix 12.0.3 --- htdocs/filefunc.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/filefunc.inc.php b/htdocs/filefunc.inc.php index ffd2e9bd5ff..94ecf930724 100644 --- a/htdocs/filefunc.inc.php +++ b/htdocs/filefunc.inc.php @@ -31,7 +31,7 @@ */ if (!defined('DOL_APPLICATION_TITLE')) define('DOL_APPLICATION_TITLE', 'Dolibarr'); -if (!defined('DOL_VERSION')) define('DOL_VERSION', '12.0.4'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c +if (!defined('DOL_VERSION')) define('DOL_VERSION', '12.0.3'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c if (!defined('EURO')) define('EURO', chr(128)); From d38c557fba732229f71b99c8494bd4e1651ba8f9 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Sun, 21 Jun 2020 19:52:15 +0200 Subject: [PATCH 09/18] FIX Can create user but not update user with activedirectory --- htdocs/core/class/ldap.class.php | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/htdocs/core/class/ldap.class.php b/htdocs/core/class/ldap.class.php index ea4ec500405..b09db176852 100644 --- a/htdocs/core/class/ldap.class.php +++ b/htdocs/core/class/ldap.class.php @@ -55,6 +55,10 @@ class Ldap /** * Version du protocole ldap */ + public $ldapProtocolVersion; + /** + * Server DN + */ public $domain; /** * User administrateur Ldap @@ -466,8 +470,6 @@ class Ldap */ public function modify($dn, $info, $user) { - global $conf; - dol_syslog(get_class($this)."::modify dn=".$dn." info=".join(',', $info)); // Check parameters @@ -492,7 +494,11 @@ class Ldap $this->dump($dn, $info); //print_r($info); - $result = @ldap_modify($this->connection, $dn, $info); + // For better compatibility with Samba4 AD + if ($this->serverType == "activedirectory") { + unset($info['cn']); // For avoid error : Operation not allowed on RDN (Code 67) + } + $result=@ldap_modify($this->connection, $dn, $info); if ($result) { @@ -520,9 +526,7 @@ class Ldap */ public function rename($dn, $newrdn, $newparent, $user, $deleteoldrdn = true) { - global $conf; - - dol_syslog(get_class($this)."::modify dn=".$dn." newrdn=".$newrdn." newparent=".$newparent." deleteoldrdn=".($deleteoldrdn ? 1 : 0)); + dol_syslog(get_class($this)."::modify dn=".$dn." newrdn=".$newrdn." newparent=".$newparent." deleteoldrdn=".($deleteoldrdn?1:0)); // Check parameters if (!$this->connection) @@ -571,8 +575,6 @@ class Ldap */ public function update($dn, $info, $user, $olddn, $newrdn = false, $newparent = false) { - global $conf; - dol_syslog(get_class($this)."::update dn=".$dn." olddn=".$olddn); // Check parameters @@ -589,7 +591,7 @@ class Ldap if (!$olddn || $olddn != $dn) { - if (!empty($olddn) && !empty($newrdn) && !empty($newparent) && $conf->global->LDAP_SERVER_PROTOCOLVERSION === '3') + if (! empty($olddn) && ! empty($newrdn) && ! empty($newparent) && $this->ldapProtocolVersion === '3') { // This function currently only works with LDAPv3 $result = $this->rename($olddn, $newrdn, $newparent, $user, true); @@ -631,8 +633,6 @@ class Ldap */ public function delete($dn) { - global $conf; - dol_syslog(get_class($this)."::delete Delete LDAP entry dn=".$dn); // Check parameters From 7a9332815c6e852e564d8ad47cae19cb06d4d1c6 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 25 Sep 2020 12:22:24 +0200 Subject: [PATCH 10/18] Fix migration --- htdocs/install/mysql/migration/3.2.0-3.3.0.sql | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/install/mysql/migration/3.2.0-3.3.0.sql b/htdocs/install/mysql/migration/3.2.0-3.3.0.sql index 91c155d3d84..c0efe6d68b3 100644 --- a/htdocs/install/mysql/migration/3.2.0-3.3.0.sql +++ b/htdocs/install/mysql/migration/3.2.0-3.3.0.sql @@ -315,6 +315,7 @@ ALTER TABLE llx_c_chargesociales ADD COLUMN accountancy_code varchar(15) DEFAULT -- Tables for accountancy expert DROP TABLE llx_accountingaccount; +DROP TABLE llx_accounting_account; DROP TABLE llx_accountingsystem; DROP TABLE llx_accounting_system; From 0dcd85485aba5e1b7566d6a3bf616aeed556114f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 25 Sep 2020 12:36:32 +0200 Subject: [PATCH 11/18] Fix migration --- htdocs/install/mysql/migration/3.3.0-3.4.0.sql | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/htdocs/install/mysql/migration/3.3.0-3.4.0.sql b/htdocs/install/mysql/migration/3.3.0-3.4.0.sql index 0f84c92ef22..88d9ae1b685 100644 --- a/htdocs/install/mysql/migration/3.3.0-3.4.0.sql +++ b/htdocs/install/mysql/migration/3.3.0-3.4.0.sql @@ -102,6 +102,10 @@ ALTER TABLE llx_expedition DROP FOREIGN KEY fk_expedition_fk_shipping_method; ALTER TABLE llx_expedition DROP INDEX idx_expedition_fk_expedition_methode; ALTER TABLE llx_expedition CHANGE COLUMN fk_expedition_methode fk_shipping_method integer; +-- This table and constraint should not exists as it appears in more recent version, but we may have it if we load an old dump +-- on a newly created database and we want to be sure upgrade of rowid into autoincrement done later will works. +ALTER TABLE llx_reception DROP FOREIGN KEY fk_reception_fk_shipping_method; + ALTER TABLE llx_c_shipment_mode ADD COLUMN tracking VARCHAR(255) NOT NULL DEFAULT '' AFTER description; --ALTER TABLE llx_c_shipment_mode DROP COLUMN CASCADE; From fcbc48fa287d80a51c041ed9e8298186e42d0bda Mon Sep 17 00:00:00 2001 From: root Date: Fri, 25 Sep 2020 14:24:26 +0200 Subject: [PATCH 12/18] Bug fix last_gen should be date_last_gen --- htdocs/compta/facture/class/facture-rec.class.php | 2 +- htdocs/fichinter/class/fichinterrec.class.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/compta/facture/class/facture-rec.class.php b/htdocs/compta/facture/class/facture-rec.class.php index 8a13cf0f814..c5bd8a987ac 100644 --- a/htdocs/compta/facture/class/facture-rec.class.php +++ b/htdocs/compta/facture/class/facture-rec.class.php @@ -155,7 +155,7 @@ class FactureRec extends CommonInvoice 'note_private' =>array('type'=>'text', 'label'=>'NotePublic', 'enabled'=>1, 'visible'=>0, 'position'=>105), 'note_public' =>array('type'=>'text', 'label'=>'NotePrivate', 'enabled'=>1, 'visible'=>0, 'position'=>110), 'modelpdf' =>array('type'=>'varchar(255)', 'label'=>'Modelpdf', 'enabled'=>1, 'visible'=>-1, 'position'=>115), - 'last_gen' =>array('type'=>'varchar(7)', 'label'=>'Last gen', 'enabled'=>1, 'visible'=>-1, 'position'=>120), + 'date_last_gen' =>array('type'=>'varchar(7)', 'label'=>'Last gen', 'enabled'=>1, 'visible'=>-1, 'position'=>120), 'unit_frequency' =>array('type'=>'varchar(2)', 'label'=>'Unit frequency', 'enabled'=>1, 'visible'=>-1, 'position'=>125), 'date_when' =>array('type'=>'datetime', 'label'=>'Date when', 'enabled'=>1, 'visible'=>-1, 'position'=>130), 'date_last_gen' =>array('type'=>'datetime', 'label'=>'Date last gen', 'enabled'=>1, 'visible'=>-1, 'position'=>135), diff --git a/htdocs/fichinter/class/fichinterrec.class.php b/htdocs/fichinter/class/fichinterrec.class.php index 679d231d6a8..a09547b3164 100644 --- a/htdocs/fichinter/class/fichinterrec.class.php +++ b/htdocs/fichinter/class/fichinterrec.class.php @@ -567,14 +567,14 @@ class FichinterRec extends Fichinter if ($user->rights->fichinter->creer) { $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter_rec "; $sql .= " SET frequency='".$this->db->escape($freq)."'"; - $sql .= ", last_gen='".$this->db->escape($courant)."'"; + $sql .= ", date_last_gen='".$this->db->escape($courant)."'"; $sql .= " WHERE rowid = ".$this->id; $resql = $this->db->query($sql); if ($resql) { $this->frequency = $freq; - $this->last_gen = $courant; + $this->date_last_gen = $courant; return 0; } else { dol_print_error($this->db); From 5ff7e376962e0a78d7c292a441b24fd28c80c122 Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Sun, 27 Sep 2020 18:05:19 +0200 Subject: [PATCH 13/18] review code --- htdocs/core/lib/files.lib.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index cb139edd29b..ddd20159e09 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2992,7 +2992,11 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, if ($partofdirinoriginalfile && ($fuser->rights->$modulepart->$partofdirinoriginalfile->{$lire} || $fuser->rights->$modulepart->$partofdirinoriginalfile->{$read})) $accessallowed = 1; if ($fuser->rights->$modulepart->{$lire} || $fuser->rights->$modulepart->{$read}) $accessallowed = 1; //} - $original_file = $conf->$modulepart->multidir_output[$entity].'/'.$original_file; + if (is_array($conf->$modulepart->multidir_output) && array_key_exists($entity, $conf->$modulepart->multidir_output)) { + $original_file = $conf->$modulepart->multidir_output[$entity].'/'.$original_file; + } else { + $original_file = $conf->$modulepart->dir_output.'/'.$original_file; + } } // For modules who wants to manage different levels of permissions for documents From 5c9ad3ec9bad0399314195855ebc57429e67a94f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 27 Sep 2020 18:55:09 +0200 Subject: [PATCH 14/18] Update files.lib.php --- htdocs/core/lib/files.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index ddd20159e09..2d126b4e4f7 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2992,7 +2992,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, if ($partofdirinoriginalfile && ($fuser->rights->$modulepart->$partofdirinoriginalfile->{$lire} || $fuser->rights->$modulepart->$partofdirinoriginalfile->{$read})) $accessallowed = 1; if ($fuser->rights->$modulepart->{$lire} || $fuser->rights->$modulepart->{$read}) $accessallowed = 1; //} - if (is_array($conf->$modulepart->multidir_output) && array_key_exists($entity, $conf->$modulepart->multidir_output)) { + if (is_array($conf->$modulepart->multidir_output) && !empty($conf->$modulepart->multidir_output[$entity])) { $original_file = $conf->$modulepart->multidir_output[$entity].'/'.$original_file; } else { $original_file = $conf->$modulepart->dir_output.'/'.$original_file; From 4a7df013397cdf61bbf8538a87d9cb3a132894be Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 27 Sep 2020 19:23:52 +0200 Subject: [PATCH 15/18] Fix the MAIN_EXTERNAL_SMTP_SPF_STRING_TO_ADD should be MAIN_EXTERNAL_MAIL_SPF_STRING_TO_ADD --- htdocs/admin/mails.php | 16 +++++++++++----- htdocs/langs/en_US/admin.lang | 4 ++-- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/htdocs/admin/mails.php b/htdocs/admin/mails.php index 5fccd2b07c9..305c7f65851 100644 --- a/htdocs/admin/mails.php +++ b/htdocs/admin/mails.php @@ -764,11 +764,17 @@ else if ($conf->global->MAIN_MAIL_SENDMODE == 'mail') { - // MAIN_EXTERNAL_SMTP_CLIENT_IP_ADDRESS is list of IPs where email is sent from. Example: '1.2.3.4, [aaaa:bbbb:cccc:dddd]'. - if (!empty($conf->global->MAIN_EXTERNAL_SMTP_CLIENT_IP_ADDRESS)) + if (!empty($conf->global->MAIN_EXTERNAL_MAIL_SPF_STRING_TO_ADD)) { - // List of IP show as record to add in SPF if we use the mail method - $text .= ($text ? '

' : '').$langs->trans("WarningPHPMailSPF", $conf->global->MAIN_EXTERNAL_SMTP_CLIENT_IP_ADDRESS); + // List of string to add in SPF if the setup use the mail method + $text .= ($text ? '

' : '').$langs->trans("WarningPHPMailSPF", $conf->global->MAIN_EXTERNAL_MAIL_SPF_STRING_TO_ADD); + } else { + // MAIN_EXTERNAL_SMTP_CLIENT_IP_ADDRESS is list of IPs where email is sent from. Example: '1.2.3.4, [aaaa:bbbb:cccc:dddd]'. + if (!empty($conf->global->MAIN_EXTERNAL_SMTP_CLIENT_IP_ADDRESS)) + { + // List of IP show as record to add in SPF if we use the mail method + $text .= ($text ? '

' : '').$langs->trans("WarningPHPMailSPF", $conf->global->MAIN_EXTERNAL_SMTP_CLIENT_IP_ADDRESS); + } } } else { if (!empty($conf->global->MAIN_EXTERNAL_SMTP_CLIENT_IP_ADDRESS)) @@ -776,7 +782,7 @@ else // List of IP show as record to add as allowed IP if we use the smtp method $text .= ($text ? '

' : '').$langs->trans("WarningPHPMail2", $conf->global->MAIN_EXTERNAL_SMTP_CLIENT_IP_ADDRESS); } - if (!empty($conf->global->MAIN_EXTERNAL_SMTP_SPF_STRING_TO_ADD)) + if (!empty($conf->global->MAIN_EXTERNAL_SMTP_SPF_STRING_TO_ADD)) // Should be required only if you have set to use your own SMTP and wat to warn users to update their domain name to match your SMTP server. { // List of string to add in SPF if we use the smtp method $text .= ($text ? '

' : '').$langs->trans("WarningPHPMailSPF", $conf->global->MAIN_EXTERNAL_SMTP_SPF_STRING_TO_ADD); diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index ed10332352c..431ef75ac63 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -479,8 +479,8 @@ ModuleCompanyCodeSupplierDigitaria=%s followed by the truncated supplier name by Use3StepsApproval=By default, Purchase Orders need to be created and approved by 2 different users (one step/user to create and one step/user to approve. Note that if user has both permission to create and approve, one step/user will be enough). You can ask with this option to introduce a third step/user approval, if amount is higher than a dedicated value (so 3 steps will be necessary: 1=validation, 2=first approval and 3=second approval if amount is enough).
Set this to empty if one approval (2 steps) is enough, set it to a very low value (0.1) if a second approval (3 steps) is always required. UseDoubleApproval=Use a 3 steps approval when amount (without tax) is higher than... WarningPHPMail=WARNING: It is often better to setup outgoing emails to use the email server of your provider instead of the default setup. Some email providers (like Yahoo) do not allow you to send an email from another server than their own server. Your current setup uses the server of the application to send email and not the server of your email provider, so some recipients (the one compatible with the restrictive DMARC protocol), will ask your email provider if they can accept your email and some email providers (like Yahoo) may respond "no" because the server is not theirs, so few of your sent Emails may not be accepted (be careful also of your email provider's sending quota).
If your Email provider (like Yahoo) has this restriction, you must change Email setup to choose the other method "SMTP server" and enter the SMTP server and credentials provided by your Email provider. -WarningPHPMail2=If your email SMTP provider need to restrict email client to some IP addresses (very rare), this is the IP address of the mail user agent (MUA) for your ERP CRM application: %s. -WarningPHPMailSPF=If the domain name in your sender email address is protected by SPF (ask you email provider), you must include the following IPs in the SPF record of the DNS of your domain: %s. +WarningPHPMail2=If your email SMTP provider need to restrict email client to some IP addresses (for example with some SMTP relay like smtp-relay.google.com), this is the IP address of the mail user agent (MUA) for your ERP CRM application: %s. +WarningPHPMailSPF=If the domain name in your sender email address is protected by a SPF record (ask you domain name registar), you must add the following IPs in the SPF record of the DNS of your domain: %s. ClickToShowDescription=Click to show description DependsOn=This module needs the module(s) RequiredBy=This module is required by module(s) From 57b7666bf163c064d21583c043b2e374f72a5c66 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 27 Sep 2020 22:20:24 +0200 Subject: [PATCH 16/18] FIX #14326 --- htdocs/bom/bom_card.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/bom/bom_card.php b/htdocs/bom/bom_card.php index bd5e6fe7789..591e9a69d88 100644 --- a/htdocs/bom/bom_card.php +++ b/htdocs/bom/bom_card.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2017-2020 Laurent Destailleur * Copyright (C) 2019 Frédéric France * * This program is free software; you can redistribute it and/or modify @@ -183,6 +183,8 @@ if (empty($reshook)) unset($_POST['qty']); unset($_POST['qty_frozen']); unset($_POST['disable_stock_change']); + + $object->fetchLines(); } } } From 6c1700d84a7dc3396222459ccae107700b688df2 Mon Sep 17 00:00:00 2001 From: "Sekan, Tobias" Date: Mon, 28 Sep 2020 08:12:12 +0200 Subject: [PATCH 17/18] Fix contratcs are always zero on statistics board --- htdocs/contrat/class/contrat.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 1153f89689d..58be7fdcb45 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -2329,7 +2329,7 @@ class Contrat extends CommonObject { while ($obj = $this->db->fetch_object($resql)) { - $this->nb["Contracts"] = $obj->nb; + $this->nb["contracts"] = $obj->nb; } $this->db->free($resql); return 1; From 43c167f0c8a21bb96dea59a19e11182cdc9f4322 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 28 Sep 2020 20:47:36 +0200 Subject: [PATCH 18/18] Fix init var --- htdocs/core/class/CMailFile.class.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/core/class/CMailFile.class.php b/htdocs/core/class/CMailFile.class.php index 2c158fefc39..709b0f25189 100644 --- a/htdocs/core/class/CMailFile.class.php +++ b/htdocs/core/class/CMailFile.class.php @@ -1544,6 +1544,7 @@ class CMailFile $i = 0; foreach ($arrayaddress as $val) { + $regs = array(); if (preg_match('/^(.*)<(.*)>$/i', trim($val), $regs)) { $name = trim($regs[1]);