diff --git a/doc/images/dolibarr_screenshot11_1024x768.jpg b/doc/images/dolibarr_screenshot11_1024x768.jpg new file mode 100644 index 00000000000..65c246353a7 Binary files /dev/null and b/doc/images/dolibarr_screenshot11_1024x768.jpg differ diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 418c5b10213..30af7e049e7 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -591,7 +591,7 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null // '"' is dangerous because param in url can close the href= or src= and add javascript functions. // '../' is dangerous because it allows dir transversals $out = str_replace(array('"', '../'), '', trim($out)); - $out = dol_string_nohtmltag($out); + $out = dol_string_nohtmltag($out, 1); } break; case 'restricthtml': // Recommended for most html textarea diff --git a/htdocs/langs/en_US/website.lang b/htdocs/langs/en_US/website.lang index 04338f38e6e..4f07b0ca9fb 100644 --- a/htdocs/langs/en_US/website.lang +++ b/htdocs/langs/en_US/website.lang @@ -130,4 +130,5 @@ PublicAuthorAlias=Public author alias AvailableLanguagesAreDefinedIntoWebsiteProperties=Available languages are defined into website properties ReplacementDoneInXPages=Replacement done in %s pages or containers RSSFeed=RSS Feed -RSSFeedDesc=You can get a RSS feed of latest articles with type 'blogpost' using this URL \ No newline at end of file +RSSFeedDesc=You can get a RSS feed of latest articles with type 'blogpost' using this URL +PagesRegenerated=%s page(s)/container(s) regenerated \ No newline at end of file diff --git a/htdocs/mrp/mo_production.php b/htdocs/mrp/mo_production.php index b168371c0ea..f44e4371f50 100644 --- a/htdocs/mrp/mo_production.php +++ b/htdocs/mrp/mo_production.php @@ -649,7 +649,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea if (in_array($action, array('consumeorproduce', 'consumeandproduceall', 'addconsumeline'))) { - print '
'; + print ''; print ''; print ''; print ''; @@ -661,7 +661,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea //$defaultstockmovementcode = GETPOST('inventorycode', 'alphanohtml') ? GETPOST('inventorycode', 'alphanohtml') : $object->ref.'_'.dol_print_date(dol_now(), 'dayhourlog'); $defaultstockmovementcode = GETPOST('inventorycode', 'alphanohtml') ? GETPOST('inventorycode', 'alphanohtml') : $langs->trans("ProductionForRef", $object->ref); - print '
'; + print '
'; print ''.$langs->trans("ConfirmProductionDesc", $langs->transnoentitiesnoconv("Confirm")).'
'; print $langs->trans("MovementLabel").':   '; print $langs->trans("InventoryCode").':

'; @@ -669,7 +669,9 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print ''; print '   '; print ''; + print '

'; print '
'; + print '
'; } } diff --git a/htdocs/website/class/website.class.php b/htdocs/website/class/website.class.php index e4e7fc10dbd..4f40f197723 100644 --- a/htdocs/website/class/website.class.php +++ b/htdocs/website/class/website.class.php @@ -1281,7 +1281,7 @@ class Website extends CommonObject * Rebuild all files of a containers of a website. TODO Add other files too. * Note: Files are already regenerated during importWebSite so this function is useless when importing a website. * - * @return int <0 if KO, >0 if OK + * @return int <0 if KO, >=0 if OK */ public function rebuildWebSiteFiles() { @@ -1348,9 +1348,8 @@ class Website extends CommonObject if ($error) { return -1; - } - else { - return 1; + } else { + return $num; } } diff --git a/htdocs/website/index.php b/htdocs/website/index.php index 4923a585454..f23cc45ebf6 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -930,17 +930,16 @@ if ($action == 'addcontainer') $objectpage->grabbed_from = $urltograb; } } - } - else { - $objectpage->title = GETPOST('WEBSITE_TITLE', 'alphanohtml'); + } else { + $objectpage->title = str_replace(array('<', '>'), '', GETPOST('WEBSITE_TITLE', 'alphanohtml')); $objectpage->type_container = GETPOST('WEBSITE_TYPE_CONTAINER', 'aZ09'); $objectpage->pageurl = GETPOST('WEBSITE_PAGENAME', 'alpha'); - $objectpage->aliasalt = GETPOST('WEBSITE_ALIASALT', 'alphanohtml'); - $objectpage->description = GETPOST('WEBSITE_DESCRIPTION', 'alphanohtml'); + $objectpage->aliasalt = str_replace(array('<', '>'), '', GETPOST('WEBSITE_ALIASALT', 'alphanohtml')); + $objectpage->description = str_replace(array('<', '>'), '', GETPOST('WEBSITE_DESCRIPTION', 'alphanohtml')); $objectpage->lang = GETPOST('WEBSITE_LANG', 'aZ09'); $objectpage->otherlang = GETPOST('WEBSITE_OTHERLANG', 'aZ09comma'); $objectpage->image = GETPOST('WEBSITE_IMAGE', 'alpha'); - $objectpage->keywords = GETPOST('WEBSITE_KEYWORDS', 'alphanohtml'); + $objectpage->keywords = str_replace(array('<', '>'), '', GETPOST('WEBSITE_KEYWORDS', 'alphanohtml')); $objectpage->htmlheader = GETPOST('htmlheader', 'none'); $objectpage->author_alias = GETPOST('WEBSITE_AUTHORALIAS', 'alphanohtml'); @@ -1602,22 +1601,31 @@ if ($action == 'updatemeta') $websitepagetemp = new WebsitePage($db); foreach ($arrayofaliastotest as $aliastotest) { - $result = $websitepagetemp->fetch(-1 * $objectpage->id, $object->id, $aliastotest); - if ($result < 0) - { + // Disallow alias name pageX (already used to save the page with id) + if (preg_match('/^page\d+/i', $aliastotest)) { $error++; $langs->load("errors"); - setEventMessages($websitepagetemp->error, $websitepagetemp->errors, 'errors'); - $action = 'editmeta'; - break; - } - if ($result > 0) - { - $error++; - $langs->load("errors"); - setEventMessages($langs->trans("ErrorAPageWithThisNameOrAliasAlreadyExists", $websitepagetemp->pageurl), null, 'errors'); + setEventMessages("Alias 'pageX' is not allowed", null, 'errors'); $action = 'editmeta'; break; + } else { + $result = $websitepagetemp->fetch(-1 * $objectpage->id, $object->id, $aliastotest); + if ($result < 0) + { + $error++; + $langs->load("errors"); + setEventMessages($websitepagetemp->error, $websitepagetemp->errors, 'errors'); + $action = 'editmeta'; + break; + } + if ($result > 0) + { + $error++; + $langs->load("errors"); + setEventMessages($langs->trans("ErrorAPageWithThisNameOrAliasAlreadyExists", $websitepagetemp->pageurl), null, 'errors'); + $action = 'editmeta'; + break; + } } } } @@ -1626,15 +1634,15 @@ if ($action == 'updatemeta') { $objectpage->old_object = clone $objectpage; - $objectpage->title = GETPOST('WEBSITE_TITLE', 'alphanohtml'); - $objectpage->type_container = GETPOST('WEBSITE_TYPE_CONTAINER', 'alphanohtml'); + $objectpage->title = str_replace(array('<', '>'), '', GETPOST('WEBSITE_TITLE', 'alphanohtml')); + $objectpage->type_container = GETPOST('WEBSITE_TYPE_CONTAINER', 'aZ09'); $objectpage->pageurl = GETPOST('WEBSITE_PAGENAME', 'alpha'); - $objectpage->aliasalt = GETPOST('WEBSITE_ALIASALT', 'alpha'); + $objectpage->aliasalt = str_replace(array('<', '>'), '', GETPOST('WEBSITE_ALIASALT', 'alphanohtml')); $objectpage->lang = GETPOST('WEBSITE_LANG', 'aZ09'); $objectpage->otherlang = GETPOST('WEBSITE_OTHERLANG', 'aZ09comma'); - $objectpage->description = GETPOST('WEBSITE_DESCRIPTION', 'alphanohtml'); + $objectpage->description = str_replace(array('<', '>'), '', GETPOST('WEBSITE_DESCRIPTION', 'alphanohtml')); $objectpage->image = GETPOST('WEBSITE_IMAGE', 'alpha'); - $objectpage->keywords = GETPOST('WEBSITE_KEYWORDS', 'alphanohtml'); + $objectpage->keywords = str_replace(array('<', '>'), '', GETPOST('WEBSITE_KEYWORDS', 'alphanohtml')); $objectpage->htmlheader = trim(GETPOST('htmlheader', 'none')); $objectpage->fk_page = (GETPOST('pageidfortranslation', 'int') > 0 ? GETPOST('pageidfortranslation', 'int') : 0); $objectpage->author_alias = trim(GETPOST('WEBSITE_AUTHORALIAS', 'alphanohtml')); @@ -2054,7 +2062,7 @@ if ($action == 'regeneratesite') $result = $object->rebuildWebSiteFiles(); if ($result > 0) { - setEventMessages($langs->trans("PagesRegenerated"), null, 'mesgs'); + setEventMessages($langs->trans("PagesRegenerated", $result), null, 'mesgs'); $action = 'preview'; } else { setEventMessages($object->error, $object->errors, 'errors'); @@ -3303,12 +3311,12 @@ if ($action == 'editmeta' || $action == 'createcontainer') $pageauthoralias = ''; $pagestatus = 1; } - if (GETPOST('WEBSITE_TITLE', 'alpha')) $pagetitle = GETPOST('WEBSITE_TITLE', 'alpha'); + if (GETPOST('WEBSITE_TITLE', 'alpha')) $pagetitle = str_replace(array('<', '>'), '', GETPOST('WEBSITE_TITLE', 'alphanohtml')); if (GETPOST('WEBSITE_PAGENAME', 'alpha')) $pageurl = GETPOST('WEBSITE_PAGENAME', 'alpha'); - if (GETPOST('WEBSITE_ALIASALT', 'alpha')) $pagealiasalt = GETPOST('WEBSITE_ALIASALT', 'alpha'); - if (GETPOST('WEBSITE_DESCRIPTION', 'alpha')) $pagedescription = GETPOST('WEBSITE_DESCRIPTION', 'alpha'); + if (GETPOST('WEBSITE_ALIASALT', 'alpha')) $pagealiasalt = str_replace(array('<', '>'), '', GETPOST('WEBSITE_ALIASALT', 'alphanohtml')); + if (GETPOST('WEBSITE_DESCRIPTION', 'alpha')) $pagedescription = str_replace(array('<', '>'), '', GETPOST('WEBSITE_DESCRIPTION', 'alphanohtml')); if (GETPOST('WEBSITE_IMAGE', 'alpha')) $pageimage = GETPOST('WEBSITE_IMAGE', 'alpha'); - if (GETPOST('WEBSITE_KEYWORDS', 'alpha')) $pagekeywords = GETPOST('WEBSITE_KEYWORDS', 'alpha'); + if (GETPOST('WEBSITE_KEYWORDS', 'alpha')) $pagekeywords = str_replace(array('<', '>'), '', GETPOST('WEBSITE_KEYWORDS', 'alphanohtml')); if (GETPOST('WEBSITE_LANG', 'aZ09')) $pagelang = GETPOST('WEBSITE_LANG', 'aZ09'); if (GETPOST('htmlheader', 'none')) $pagehtmlheader = GETPOST('htmlheader', 'none');