diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php
index f5b21ee2501..e49beb53e0d 100644
--- a/htdocs/comm/card.php
+++ b/htdocs/comm/card.php
@@ -1589,6 +1589,7 @@ if ($object->id > 0) {
if (isModEnabled('facture') && $object->status == 1) {
if (empty($user->rights->facture->creer)) {
+ $langs->load("bills");
print '';
} else {
$langs->loadLangs(array("orders", "bills"));
@@ -1601,7 +1602,7 @@ if ($object->id > 0) {
print '';
}
} else {
- print '';
+ print '';
}
}
diff --git a/htdocs/comm/propal/class/api_proposals.class.php b/htdocs/comm/propal/class/api_proposals.class.php
index 8658c759202..2d59bb1ac65 100644
--- a/htdocs/comm/propal/class/api_proposals.class.php
+++ b/htdocs/comm/propal/class/api_proposals.class.php
@@ -293,8 +293,6 @@ class Proposals extends DolibarrApi
*/
public function getLines($id, $sqlfilters = '')
{
- $filters = "";
-
if (!DolibarrApiAccess::$user->hasRight('propal', 'lire')) {
throw new RestException(401);
}
@@ -308,6 +306,7 @@ class Proposals extends DolibarrApi
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
+ $sql = '';
if (!empty($sqlfilters)) {
$errormessage = '';
$sql = forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
diff --git a/htdocs/core/actions_massactions.inc.php b/htdocs/core/actions_massactions.inc.php
index 22510525a64..fb7477a16b4 100644
--- a/htdocs/core/actions_massactions.inc.php
+++ b/htdocs/core/actions_massactions.inc.php
@@ -565,8 +565,8 @@ if (!$error && $massaction == 'confirm_presend') {
$resaction .= ''.$mailfile->error.'
';
} else {
$result = $mailfile->sendfile();
- if ($result) {
- $resaction .= $langs->trans('MailSuccessfulySent', $mailfile->getValidAddress($from, 2), $mailfile->getValidAddress($sendto, 2)).'
'; // Must not contain "
+ if ($result > 0) {
+ $resaction .= $langs->trans('MailSuccessfulySent', $mailfile->getValidAddress($mailfile->addr_from, 2), $mailfile->getValidAddress($mailfile->addr_to, 2)).'
'; // Must not contain "
$error = 0;
diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php
index 63f10dc2b17..e07ca8bb6cc 100644
--- a/htdocs/expensereport/class/expensereport.class.php
+++ b/htdocs/expensereport/class/expensereport.class.php
@@ -1298,8 +1298,8 @@ class ExpenseReport extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element;
$sql .= " SET ref = '".$this->db->escape($num)."',";
$sql .= " fk_statut = ".self::STATUS_VALIDATED.",";
- $sql .= " date_valid='".$this->db->idate($this->date_valid)."',";
- $sql .= " fk_user_valid = ".$user->id;
+ $sql .= " date_valid = '".$this->db->idate($this->date_valid)."',";
+ $sql .= " fk_user_valid = ".((int) $user->id);
$sql .= " WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
@@ -1322,7 +1322,7 @@ class ExpenseReport extends CommonObject
// Now we rename also files into index
$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'expensereport/".$this->db->escape($this->newref)."'";
- $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'expensereport/".$this->db->escape($this->ref)."' and entity = ".$conf->entity;
+ $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'expensereport/".$this->db->escape($this->ref)."' AND entity = ".((int) $this->entity);
$resql = $this->db->query($sql);
if (!$resql) {
$error++; $this->error = $this->db->lasterror();
@@ -1331,15 +1331,15 @@ class ExpenseReport extends CommonObject
// We rename directory ($this->ref = old ref, $num = new ref) in order not to lose the attachments
$oldref = dol_sanitizeFileName($this->ref);
$newref = dol_sanitizeFileName($num);
- $dirsource = $conf->expensereport->dir_output.'/'.$oldref;
- $dirdest = $conf->expensereport->dir_output.'/'.$newref;
+ $dirsource = $conf->expensereport->multidir_output[$this->entity].'/'.$oldref;
+ $dirdest = $conf->expensereport->multidir_output[$this->entity].'/'.$newref;
if (!$error && file_exists($dirsource)) {
dol_syslog(get_class($this)."::setValidate() rename dir ".$dirsource." into ".$dirdest);
if (@rename($dirsource, $dirdest)) {
dol_syslog("Rename ok");
// Rename docs starting with $oldref with $newref
- $listoffiles = dol_dir_list($conf->expensereport->dir_output.'/'.$newref, 'files', 1, '^'.preg_quote($oldref, '/'));
+ $listoffiles = dol_dir_list($dirdest, 'files', 1, '^'.preg_quote($oldref, '/'));
foreach ($listoffiles as $fileentry) {
$dirsource = $fileentry['name'];
$dirdest = preg_replace('/^'.preg_quote($oldref, '/').'/', $newref, $dirsource);
diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php
index fca9363df25..8a13fe69b97 100644
--- a/htdocs/fourn/commande/card.php
+++ b/htdocs/fourn/commande/card.php
@@ -1378,6 +1378,7 @@ if (empty($reshook)) {
);
if ($result < 0) {
+ setEventMessages($object->error, $object->errors, 'errors');
$error++;
break;
}
diff --git a/htdocs/public/notice.php b/htdocs/public/notice.php
index 57f47424501..c107fba3d3b 100644
--- a/htdocs/public/notice.php
+++ b/htdocs/public/notice.php
@@ -59,3 +59,5 @@ if (!GETPOST('transkey', 'alphanohtml') && !GETPOST('transphrase', 'alphanohtml'
print dol_escape_htmltag($langs->trans(GETPOST('transkey', 'alphanohtml')));
}
}
+
+$db->close();
diff --git a/htdocs/salaries/document.php b/htdocs/salaries/document.php
index c90069ef8bf..f5be79b373d 100644
--- a/htdocs/salaries/document.php
+++ b/htdocs/salaries/document.php
@@ -92,6 +92,7 @@ if ($id > 0 || !empty($ref)) {
if (!empty($user->rights->salaries->read) && $object->fk_user > 0 && in_array($object->fk_user, $childids)) {
$canread = 1;
}
+
if (!$canread) {
accessforbidden();
}