diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index 26a45271801..c51fa86cec6 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -670,7 +670,7 @@ if ($rowid > 0) { print '
'; if ($object->statut > 0) { - print '
'.$langs->trans("AddSubscription")."
"; + print '
'.$langs->trans("AddSubscription")."
"; } else { print '
'.$langs->trans("AddSubscription").'
'; } diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php index aaadde965a2..65906b83f3c 100644 --- a/htdocs/admin/menus/edit.php +++ b/htdocs/admin/menus/edit.php @@ -281,7 +281,7 @@ if ($action == 'create') { print load_fiche_titre($langs->trans("NewMenu"), '', 'title_setup'); - print '
'; + print ''; print ''; print dol_get_fiche_head(); diff --git a/htdocs/admin/paymentbybanktransfer.php b/htdocs/admin/paymentbybanktransfer.php index ba7690bb6e3..50a266a2efe 100644 --- a/htdocs/admin/paymentbybanktransfer.php +++ b/htdocs/admin/paymentbybanktransfer.php @@ -429,7 +429,7 @@ if (! empty($conf->global->MAIN_MODULE_NOTIFICATION)) } - print ''; + print ''; print ''; print ''; print ''; diff --git a/htdocs/admin/perms.php b/htdocs/admin/perms.php index 8f4c0c6f763..d2f0d79e4f3 100644 --- a/htdocs/admin/perms.php +++ b/htdocs/admin/perms.php @@ -236,7 +236,7 @@ if ($result) { print ''; } else { print '
'; - print ''; + print ''; //print img_edit_add(); print img_picto('', 'switch_off'); print ''; diff --git a/htdocs/admin/prelevement.php b/htdocs/admin/prelevement.php index 90a75626e7c..e09dd13b045 100644 --- a/htdocs/admin/prelevement.php +++ b/htdocs/admin/prelevement.php @@ -443,7 +443,7 @@ if (! empty($conf->global->MAIN_MODULE_NOTIFICATION)) } - print ''; + print ''; print ''; print ''; print ''; diff --git a/htdocs/categories/photos.php b/htdocs/categories/photos.php index 06c3caae43c..5c014b6206f 100644 --- a/htdocs/categories/photos.php +++ b/htdocs/categories/photos.php @@ -231,7 +231,7 @@ if ($object->id) { // On propose la generation de la vignette si elle n'existe pas et si la taille est superieure aux limites if (!$obj['photo_vignette'] && preg_match('/(\.bmp|\.gif|\.jpg|\.jpeg|\.png)$/i', $obj['photo']) && ($object->imgWidth > $maxWidth || $object->imgHeight > $maxHeight)) { - print ''.img_picto($langs->trans('GenerateThumb'), 'refresh').'  '; + print ''.img_picto($langs->trans('GenerateThumb'), 'refresh').'  '; } if ($user->rights->categorie->creer) { print ''; diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php index 3283957f8a2..e3d151c6bbb 100644 --- a/htdocs/comm/mailing/cibles.php +++ b/htdocs/comm/mailing/cibles.php @@ -378,7 +378,7 @@ if ($object->fetch($id) >= 0) { $var = !$var; if ($allowaddtarget) { - print ''; + print ''; print ''; } else { print '
'; diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index f6a03c1d11d..eabe47e54ca 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -932,10 +932,10 @@ if ($resql) { $newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/bank/various_payment/card.php?action=create&accountid='.urlencode($search_account).'&backtopage='.urlencode($_SERVER['PHP_SELF'].'?id='.urlencode($search_account)), '', $user->rights->banque->modifier); } else // If direct entries is not done using miscellaneous payments { - $newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"].'?action=addline&page='.$page.$param, '', $user->rights->banque->modifier); + $newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"].'?action=addline&token='.newToken().'&page='.$page.$param, '', $user->rights->banque->modifier); } } else { - $newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"].'?action=addline&page='.$page.$param, '', -1); + $newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"].'?action=addline&token='.newToken().'&page='.$page.$param, '', -1); } } diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index b1110212293..6020e0b2723 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -8220,7 +8220,7 @@ abstract class CommonObject $return .= '
'; // On propose la generation de la vignette si elle n'existe pas et si la taille est superieure aux limites if ($photo_vignette && (image_format_supported($photo) > 0) && ($this->imgWidth > $maxWidth || $this->imgHeight > $maxHeight)) { - $return .= ''.img_picto($langs->trans('GenerateThumb'), 'refresh').'  '; + $return .= ''.img_picto($langs->trans('GenerateThumb'), 'refresh').'  '; } // Special cas for product if ($modulepart == 'product' && ($user->rights->produit->creer || $user->rights->service->creer)) { diff --git a/htdocs/fourn/class/fournisseur.product.class.php b/htdocs/fourn/class/fournisseur.product.class.php index b08d9237c63..854f043670f 100644 --- a/htdocs/fourn/class/fournisseur.product.class.php +++ b/htdocs/fourn/class/fournisseur.product.class.php @@ -1183,7 +1183,7 @@ class ProductFournisseur extends Product $label .= $this->displayPriceProductFournisseurLog($logPrices); } - $url = dol_buildpath('/product/fournisseurs.php', 1).'?id='.$this->id.'&action=add_price&socid='.$this->fourn_id.'&rowid='.$this->product_fourn_price_id; + $url = dol_buildpath('/product/fournisseurs.php', 1).'?id='.$this->id.'&action=add_price&token='.newToken().'&socid='.$this->fourn_id.'&rowid='.$this->product_fourn_price_id; if ($option != 'nolink') { // Add param to save lastsearch_values or not diff --git a/htdocs/imports/import.php b/htdocs/imports/import.php index 5139e12ab7a..2ab7e3976aa 100644 --- a/htdocs/imports/import.php +++ b/htdocs/imports/import.php @@ -1205,7 +1205,7 @@ if ($step == 4 && $datatoimport) { // async: false // });'."\n"; // Now reload page - print 'var newlocation= \''.$_SERVER["PHP_SELF"].'?step=4'.$param.'&action=saveorder&boxorder=\' + boxorder;'."\n"; + print 'var newlocation= \''.$_SERVER["PHP_SELF"].'?step=4'.$param.'&action=saveorder&token='.newToken().'&boxorder=\' + boxorder;'."\n"; //print 'alert(newlocation);'; print 'window.location.href=newlocation;'."\n"; print '}'."\n"; diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index a52bb7dcf2b..834cffc4f28 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -471,7 +471,7 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt( } elseif (getDolGlobalInt('MAIN_SECURITY_CSRF_WITH_TOKEN') >= 2) { // Few GET actions coded with a &token into url are processed as sensitive. $arrayofactiontoforcetokencheck = array( - 'activate', 'add', 'addrights', 'addtimespent', + 'activate', 'doprev', 'donext', 'dvprev', 'dvnext', 'install', 'reopen' @@ -479,7 +479,7 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt( if (in_array(GETPOST('action', 'aZ09'), $arrayofactiontoforcetokencheck)) { $sensitiveget = true; } - if (preg_match('/^(classify|close|confirm|del|disable|enable|remove|set|unset|update)/', GETPOST('action', 'aZ09'))) { + if (preg_match('/^(add|classify|close|confirm|copy|del|disable|enable|remove|set|unset|update|save|)/', GETPOST('action', 'aZ09'))) { $sensitiveget = true; } } diff --git a/htdocs/mrp/mo_production.php b/htdocs/mrp/mo_production.php index 84dab109b91..784b91f6f4c 100644 --- a/htdocs/mrp/mo_production.php +++ b/htdocs/mrp/mo_production.php @@ -704,7 +704,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea $newlinetext = ''; if ($object->status != $object::STATUS_PRODUCED && $object->status != $object::STATUS_CANCELED && $action != 'consumeorproduce' && $action != 'consumeandproduceall') { - $newlinetext = ''.$langs->trans("AddNewConsumeLines").''; + $newlinetext = ''.$langs->trans("AddNewConsumeLines").''; } print load_fiche_titre($langs->trans('Consumption'), '', '', 0, '', '', $newlinetext); @@ -996,7 +996,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea $newlinetext = ''; if ($object->status != $object::STATUS_PRODUCED && $object->status != $object::STATUS_CANCELED && $action != 'consumeorproduce' && $action != 'consumeandproduceall') { if ($nblinetoproduce == 0 || $object->mrptype == 1) { - $newlinetext = ''.$langs->trans("AddNewProduceLines").''; + $newlinetext = ''.$langs->trans("AddNewProduceLines").''; } } print load_fiche_titre($langs->trans('Production'), '', '', 0, '', '', $newlinetext); diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 285331a091a..a3ae38184e9 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -767,11 +767,6 @@ END; // Barcode if (!empty($conf->barcode->enabled)) { - // Option to define a transport cost on supplier price - print '
'; - print ''; - print ''; - print ''; $formbarcode = new FormBarCode($db); // Barcode type @@ -781,6 +776,12 @@ END; print $formbarcode->selectBarcodeType(($rowid ? $object->supplier_fk_barcode_type : $conf->global->PRODUIT_DEFAULT_BARCODE_TYPE), 'fk_barcode_type', 1); print ''; print ''; + + // Barcode value + print ''; + print ''; + print ''; + print ''; } // Option to define a transport cost on supplier price @@ -788,7 +789,7 @@ END; if (!empty($conf->margin->enabled)) { print ''; print ''; - print ''; print ''; } @@ -893,7 +894,7 @@ END; $reshook = $hookmanager->executeHooks('addMoreActionsButtons', $parameters, $object, $action); // Note that $action and $object may have been modified by hook if (empty($reshook)) { if ($usercancreate) { - print ''; + print ''; print $langs->trans("AddSupplierPrice").''; } } @@ -933,8 +934,8 @@ END; 'pfp.multicurrency_unitprice'=>array('label'=>$langs->trans("UnitPriceHTCurrency"), 'enabled' => $conf->multicurrency->enabled, 'checked'=>0, 'position'=>10), 'pfp.delivery_time_days'=>array('label'=>$langs->trans("NbDaysToDelivery"), 'checked'=>1, 'position'=>13), 'pfp.supplier_reputation'=>array('label'=>$langs->trans("ReputationForThisProduct"), 'checked'=>1, 'position'=>14), - 'pfp.barcode'=>array('label'=>$langs->trans("BarcodeValue"), 'enabled' => $conf->barcode->enabled, 'checked'=>0, 'position'=>15), - 'pfp.fk_barcode_type'=>array('label'=>$langs->trans("BarcodeType"), 'enabled' => $conf->barcode->enabled, 'checked'=>0, 'position'=>16), + 'pfp.fk_barcode_type'=>array('label'=>$langs->trans("BarcodeType"), 'enabled' => $conf->barcode->enabled, 'checked'=>0, 'position'=>15), + 'pfp.barcode'=>array('label'=>$langs->trans("BarcodeValue"), 'enabled' => $conf->barcode->enabled, 'checked'=>0, 'position'=>16), 'pfp.packaging'=>array('label'=>$langs->trans("PackagingForThisProduct"), 'enabled' => !empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING), 'checked'=>0, 'position'=>17), 'pfp.tms'=>array('label'=>$langs->trans("DateModification"), 'enabled' => $conf->barcode->enabled, 'checked'=>1, 'position'=>18), ); @@ -1007,12 +1008,12 @@ END; if (!empty($arrayfields['pfp.supplier_reputation']['checked'])) { print_liste_field_titre("ReputationForThisProduct", $_SERVER["PHP_SELF"], "pfp.supplier_reputation", "", $param, '', $sortfield, $sortorder, 'center '); } - if (!empty($arrayfields['pfp.barcode']['checked'])) { - print_liste_field_titre("BarcodeValue", $_SERVER["PHP_SELF"], "pfp.barcode", "", $param, '', $sortfield, $sortorder, 'center '); - } if (!empty($arrayfields['pfp.fk_barcode_type']['checked'])) { print_liste_field_titre("BarcodeType", $_SERVER["PHP_SELF"], "pfp.fk_barcode_type", "", $param, '', $sortfield, $sortorder, 'center '); } + if (!empty($arrayfields['pfp.barcode']['checked'])) { + print_liste_field_titre("BarcodeValue", $_SERVER["PHP_SELF"], "pfp.barcode", "", $param, '', $sortfield, $sortorder, 'center '); + } if (!empty($arrayfields['pfp.packaging']['checked'])) { print_liste_field_titre("PackagingForThisProduct", $_SERVER["PHP_SELF"], "pfp.packaging", "", $param, 'align="center"', $sortfield, $sortorder); } @@ -1152,13 +1153,6 @@ END; print''; } - // Barcode - if (!empty($arrayfields['pfp.barcode']['checked'])) { - print ''; - } - // Barcode type if (!empty($arrayfields['pfp.fk_barcode_type']['checked'])) { print ''; } + // Barcode + if (!empty($arrayfields['pfp.barcode']['checked'])) { + print ''; + } + // Packaging if (!empty($arrayfields['pfp.packaging']['checked'])) { print ''; if ($caneditperms) { print ''; } print ''; @@ -302,9 +302,9 @@ if ($object->id > 0) { print ''; if ($caneditperms) { print ''; } else { print ''; @@ -353,7 +353,7 @@ if ($object->id > 0) { } else { // Do not own permission if ($caneditperms) { - print ''; diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index 7c7fe868b2f..d3ba33a5acf 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -420,7 +420,7 @@ if ($result) { } else { // Do not own permission if ($caneditperms) { - print ''; @@ -430,7 +430,7 @@ if ($result) { } else { // Do not own permission if ($caneditperms) { - print ''; diff --git a/htdocs/variants/combinations.php b/htdocs/variants/combinations.php index a3ad036ca9a..d70419060f5 100644 --- a/htdocs/variants/combinations.php +++ b/htdocs/variants/combinations.php @@ -587,7 +587,7 @@ if (!empty($id) || !empty($ref)) { $htmltext = $langs->trans("GoOnMenuToCreateVairants", $langs->transnoentities("Product"), $langs->transnoentities("VariantAttributes")); print $form->textwithpicto('', $htmltext); - /*print '     id).'">'; + /*print '     id).'">'; print $langs->trans("Create"); print '';*/ @@ -605,7 +605,7 @@ if (!empty($id) || !empty($ref)) { $htmltext = $langs->trans("GoOnMenuToCreateVairants", $langs->transnoentities("Product"), $langs->transnoentities("VariantAttributes")); print $form->textwithpicto('', $htmltext); /* - print '     id).'">'; + print '     id).'">'; print $langs->trans("Create"); print ''; */
'.$langs->trans('BarcodeValue').''.img_picto('', 'barcode', 'class="pictofixedwidth"').'
'.$langs->trans('BarcodeValue').''.img_picto('', 'barcode', 'class="pictofixedwidth"').'
'.$langs->trans("Charges").''; + print ''; print '
'; - print $productfourn->supplier_barcode; - print ''; @@ -1168,6 +1162,13 @@ END; print ''; + print $productfourn->supplier_barcode; + print ''; diff --git a/htdocs/product/price.php b/htdocs/product/price.php index 49ffd69fd0b..773a097fed8 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -1161,7 +1161,7 @@ if (!$action || $action == 'delete' || $action == 'showlog_customer_price' || $a if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { if ($user->rights->produit->creer || $user->rights->service->creer) { - print '
id . '">' . $langs->trans("AddCustomerPrice") . '
'; + print '
id . '">' . $langs->trans("AddCustomerPrice") . '
'; } } diff --git a/htdocs/public/members/new.php b/htdocs/public/members/new.php index b6498ca4032..c00c1d70367 100644 --- a/htdocs/public/members/new.php +++ b/htdocs/public/members/new.php @@ -381,7 +381,7 @@ if (empty($reshook) && $action == 'add') { $urlback = $conf->global->MEMBER_URL_REDIRECT_SUBSCRIPTION; // TODO Make replacement of __AMOUNT__, etc... } else { - $urlback = $_SERVER["PHP_SELF"]."?action=added"; + $urlback = $_SERVER["PHP_SELF"]."?action=added&token=".newToken(); } if (!empty($conf->global->MEMBER_NEWFORM_PAYONLINE) && $conf->global->MEMBER_NEWFORM_PAYONLINE != '-1') { diff --git a/htdocs/public/project/new.php b/htdocs/public/project/new.php index ca7101a3679..1d673991d3d 100644 --- a/htdocs/public/project/new.php +++ b/htdocs/public/project/new.php @@ -311,7 +311,7 @@ if (empty($reshook) && $action == 'add') { $urlback = $conf->global->PROJECT_URL_REDIRECT_LEAD; // TODO Make replacement of __AMOUNT__, etc... } else { - $urlback = $_SERVER["PHP_SELF"]."?action=added"; + $urlback = $_SERVER["PHP_SELF"]."?action=added&token=".newToken(); } if (!empty($entity)) { diff --git a/htdocs/societe/price.php b/htdocs/societe/price.php index c29717f002d..21dd3b9643b 100644 --- a/htdocs/societe/price.php +++ b/htdocs/societe/price.php @@ -525,7 +525,7 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { print "\n".'
'."\n"; if ($user->rights->produit->creer || $user->rights->service->creer) { - print '
id.'">'.$langs->trans("AddCustomerPrice").'
'; + print '
id.'">'.$langs->trans("AddCustomerPrice").'
'; } print "\n
\n"; diff --git a/htdocs/takepos/floors.php b/htdocs/takepos/floors.php index b3ba955f4e8..64040a24466 100644 --- a/htdocs/takepos/floors.php +++ b/htdocs/takepos/floors.php @@ -212,9 +212,9 @@ $( document ).ready(function() { admin) {?> &place="+place+"&idproduct="+idproduct+"&selectedline="+selectedline, function() { global->TAKEPOS_CUSTOMER_DISPLAY)) echo "CustomerDisplay();";?> }); } diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php index ad5d8f9fbd2..8b2e5ca78b7 100644 --- a/htdocs/takepos/invoice.php +++ b/htdocs/takepos/invoice.php @@ -1056,12 +1056,12 @@ function DolibarrTakeposPrinting(id) { } function CreditNote() { - $("#poslines").load("invoice.php?action=creditnote&invoiceid="+placeid, function() { + $("#poslines").load("invoice.php?action=creditnote&token=&invoiceid="+placeid, function() { }); } function SetNote() { - $("#poslines").load("invoice.php?action=addnote&invoiceid="+placeid+"&idline="+selectedline+"&addnote="+$("#textinput").val(), function() { + $("#poslines").load("invoice.php?action=addnote&token=&invoiceid="+placeid+"&idline="+selectedline+"&addnote="+$("#textinput").val(), function() { }); } diff --git a/htdocs/takepos/phone.php b/htdocs/takepos/phone.php index 7eaa4d9ec68..b655d9f7789 100644 --- a/htdocs/takepos/phone.php +++ b/htdocs/takepos/phone.php @@ -238,10 +238,10 @@ function AddProductConfirm(placeid, productid){ place=placeid; diff --git a/htdocs/user/group/perms.php b/htdocs/user/group/perms.php index 46506163c1f..478e345f2e3 100644 --- a/htdocs/user/group/perms.php +++ b/htdocs/user/group/perms.php @@ -248,9 +248,9 @@ if ($object->id > 0) { print '		'.$langs->trans("Module").''; - print ''.$langs->trans("All").""; + print ''.$langs->trans("All").""; print '/'; - print ''.$langs->trans("None").""; + print ''.$langs->trans("None").""; print ' '; - print 'module.'&token='.newToken().'">'.$langs->trans("All").""; + print 'module.'&token='.newToken().'">'.$langs->trans("All").""; print '/'; - print 'module.'&token='.newToken().'">'.$langs->trans("None").""; + print 'module.'&token='.newToken().'">'.$langs->trans("None").""; print ' id.'&confirm=yes&token='.newToken().'">'; + print 'id.'&confirm=yes&token='.newToken().'">'; //print img_edit_add($langs->trans("Add")); print img_picto($langs->trans("Add"), 'switch_off'); print 'id.'&confirm=yes&token='.newToken().'">'; + print 'id.'&confirm=yes&token='.newToken().'">'; //print img_edit_add($langs->trans("Add")); print img_picto($langs->trans("Add"), 'switch_off'); print 'id.'&confirm=yes&token='.newToken().'">'; + print 'id.'&confirm=yes&token='.newToken().'">'; //print img_edit_add($langs->trans("Add")); print img_picto($langs->trans("Add"), 'switch_off'); print '