Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/develop' into socialnetworks

Browse Source
This commit is contained in:
Frédéric FRANCE 2019-09-12 21:52:06 +02:00
commit de3a67f5bd
No known key found for this signature in database
GPG Key ID: 06809324E4B2ABC1
19 changed files with 377 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
ChangeLog
View File

@ -20,9 +20,110 @@ Following changes may create regressions for some external modules, but were nec
* The deprecated method get_OutstandingBill has been removed. You can use getOutstandingBills() instead.
* The hook "moreFamily" must return payment into var "totalpayment" and no more "paiement" (english replace french).
* Removed deprecated method actioncomm->add(), use create() instead
* If you develop your own emailing target selector and used parent::add_to_target(...), you must now use parent::addToTargets(...)
* If you have developed your own emailing target selector and used parent::add_to_target(...), you must now use parent::addToTargets(...)
***** ChangeLog for 10.0.2 compared to 10.0.1 *****
FIX: #10460 compatibility with MariaDB 10.4
FIX: #11401 Adherent unknown language key
FIX: #11422 Can't edit his own events with standard rights
FIX: #11427 require product class (fixes POST /supplierinvoices REST API endpoint)
FIX: #11570
FIX: #11591 FIX: #11592
FIX: #11671 CVE-2019-15062
FIX: #11672
FIX: #11685
FIX: #11702
FIX: #11711
FIX: #11720
FIX: #11746 Unable to modify amount of insurance of a loan
FIX: #11752
FIX: #11789 FIX: #11790
FIX: #11804 list of tickets from a customer card display ALL tickets
FIX: #11834
FIX: Add char $ and ; in sanitizing of filenames.
FIX: Add comment before protected functions
FIX: Add log and type of content in dolWebsiteOutput and
FIX: Add repair.php option 'restore' to restore user picture after v10
FIX: amount opened on thirdparty card dont care of credit note not converted
FIX: Api of documents work with value 'thirdparty'
FIX: author in message / ticket API
FIX: avoid sql error if fk_project is empty during update
FIX: avoid Warning: A non-numeric value encountered
FIX: bad consistency in list of invoice for direct debit order.
FIX: Bad error management in zip compress and web site export
FIX: bad substitution for extrafields type checkbox
FIX: better help message with multicompany
FIX: calculation of $products_dispatched
FIX: Can't add a new chart of account
FIX: Can't delete a draft leave even if it should
FIX: Can't save setup of mailman module
FIX: column jabberid missing
FIX: Confirmation of deletion
FIX: Consistency in direct debit order lists.
FIX: Content send before header warning
FIX: credit note can be split
FIX: credit note used on list
FIX: Css was saved on wrong website.
FIX: delivery extrafields
FIX: Disabling a website does not put it offline
FIX: display only stripe sources for customer
FIX: display payment intent in stripe's charge list
FIX: document list for products in API
FIX: dol_thirdparty_id for stripe PI
FIX: Do not show tooltip if tooltip is empty
FIX: duplicate css tag, decrease padding-bottom for boxes in eldy theme
FIX: duration when creating service
FIX: EDB-ID:47370
FIX: Enable web site
FIX: error management when adding a property with type real
FIX: Fatal situation if payment removed on expense report. Action
FIX: filepath of generated documents doesn't handle products with special characters
FIX: for MAIN_MAXTABS_IN_CARD = $i card
FIX: gzip and bzip2 must use option -f
FIX: It was possible to create cashfence without entering data.
FIX: javascript error when using dol_use_jmobile=1
FIX: logout redirect to takepos.php
FIX: Look and feel v10
FIX: Make protected all pfd models functions
FIX: management of extrafields in modulebuilder
FIX: Missing div for buttons in tax, loan, various payment modules
FIX: missing include (dol_convert_file not found)
FIX: Missing some replacements in website module
FIX: missing test on permission on button to delete ledger record
FIX: Missing the filter fields in export of expense report and leaves
FIX: Missing ticket icon on md theme
FIX: Missing transaction
FIX: Mode smartphone was not triggered when there is too loo menu
FIX: Must escape shell
FIX: Must exclude logs and some dirs for compressed backup
FIX: name and position of hook FIX: #11710
FIX: Not showing MAIN_INVERT_SENDER_RECIPIENT when edit field
FIX: Nowrap missing on amount in boxes
FIX: Option to use ZipArchive instead of PclZip bugged with large files.
FIX: order or proposals billed if both workflow conf activated
FIX: permission check on API intervention
FIX: phpcs
FIX: placement function
FIX: qty in invoice list on product's stats
FIX: remove disabled product type from product list
FIX: Return code of pdf_einstein.modules.php and proformat
FIX: round for application fee in stripe
FIX: Sens of the balance (Debit - Credit in accountancy not contrary)
FIX: Several pb in export of documents
FIX: SQL syntax error and CSRF check on vat reports
FIX: takepos layout clear or focus search
FIX: too many record in sql request. Whena criteria is a filter, we must
FIX: Translation of month
FIX: USEDOLIBARREDITOR not always set
FIX: VAT number for Monaco (it uses FR)
FIX: vulenrability in uploading file found by 美创科技安全实验室
FIX: wrong display (and hidden input) for already dispatched quantity
FIX: wrong parameters (same error in branch 9, 10, develop)
FIX: Wrong variable. Must be PROJECT_HIDE_UNSELECTABLES
***** ChangeLog for 10.0.1 compared to 10.0.0 *****
FIX: #10930
FIX: #10984

10
htdocs/adherents/class/adherent.class.php
View File

@ -2110,10 +2110,8 @@ class Adherent extends CommonObject
if (! empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER) && $withpictoimg) $withpictoimg=0;
$notooltip=0;
$result=''; $label='';
$link=''; $linkstart=''; $linkend='';
$linkstart=''; $linkend='';
if (! empty($this->photo))
{
@ -2146,7 +2144,7 @@ class Adherent extends CommonObject
if ($add_save_lastsearch_values) $url.='&save_lastsearch_values=1';
}
$link = '<a href="'.$url.'"';
$linkstart.= '<a href="'.$url.'"';
$linkclose="";
if (empty($notooltip))
{
@ -2160,10 +2158,10 @@ class Adherent extends CommonObject
$linkclose.= ' class="classfortooltip'.($morecss?' '.$morecss:'').'"';
}
$link.=$linkclose.'>';
$linkstart.=$linkclose.'>';
$linkend='</a>';
$result.=$link;
$result.=$linkstart;
if ($withpictoimg) $result.='<div class="inline-block nopadding valignmiddle">';
if ($withpictoimg)
{

42
htdocs/comm/action/card.php
View File

@ -221,7 +221,7 @@ if ($action == 'add')
}
// Initialisation objet cactioncomm
if (! GETPOST('actioncode') > 0) // actioncode is id
if (GETPOSTISSET('actioncode') && ! GETPOST('actioncode', 'aZ09')) // actioncode is '0'
{
$error++; $donotclearsession=1;
$action = 'create';
@ -229,7 +229,7 @@ if ($action == 'add')
}
else
{
$object->type_code = GETPOST('actioncode');
$object->type_code = GETPOST('actioncode', 'aZ09');
}
if (! $error)
@ -243,7 +243,7 @@ if ($action == 'add')
$object->elementtype = GETPOST("elementtype", 'alpha');
if (! GETPOST('label'))
{
if (GETPOST('actioncode') == 'AC_RDV' && $contact->getFullName($langs))
if (GETPOST('actioncode', 'aZ09') == 'AC_RDV' && $contact->getFullName($langs))
{
$object->label = $langs->transnoentitiesnoconv("TaskRDVWith", $contact->getFullName($langs));
}
@ -426,15 +426,15 @@ if ($action == 'update')
$datep=dol_mktime($fulldayevent?'00':$aphour, $fulldayevent?'00':$apmin, 0, $_POST["apmonth"], $_POST["apday"], $_POST["apyear"]);
$datef=dol_mktime($fulldayevent?'23':$p2hour, $fulldayevent?'59':$p2min, $fulldayevent?'59':'0', $_POST["p2month"], $_POST["p2day"], $_POST["p2year"]);
$object->type_id = dol_getIdFromCode($db, GETPOST("actioncode"), 'c_actioncomm');
$object->label = GETPOST("label");
$object->type_id = dol_getIdFromCode($db, GETPOST("actioncode", 'aZ09'), 'c_actioncomm');
$object->label = GETPOST("label", "alphanohtml");
$object->datep = $datep;
$object->datef = $datef;
$object->percentage = $percentage;
$object->priority = GETPOST("priority");
$object->priority = GETPOST("priority", "alphanohtml");
$object->fulldayevent= GETPOST("fullday")?1:0;
$object->location = GETPOST('location');
$object->socid = GETPOST("socid");
$object->location = GETPOST('location', "alphanohtml");
$object->socid = GETPOST("socid", "int");
$socpeopleassigned = GETPOST("socpeopleassigned", 'array');
$object->socpeopleassigned = array();
foreach ($socpeopleassigned as $cid) $object->socpeopleassigned[$cid] = array('id' => $cid);
@ -446,8 +446,8 @@ if ($action == 'update')
$object->fk_project = GETPOST("projectid", 'int');
$object->note = GETPOST("note", "none"); // deprecated
$object->note_private= GETPOST("note", "none");
$object->fk_element = GETPOST("fk_element");
$object->elementtype = GETPOST("elementtype");
$object->fk_element = GETPOST("fk_element", "int");
$object->elementtype = GETPOST("elementtype", "alphanohtml");
if (! $datef && $percentage == 100)
{
@ -491,7 +491,7 @@ if ($action == 'update')
}
// Check parameters
if (! GETPOST('actioncode') > 0)
if (GETPOSTISSET('actioncode') && ! GETPOST('actioncode', 'aZ09')) // actioncode is '0'
{
$error++; $donotclearsession=1;
$action = 'edit';
@ -499,7 +499,7 @@ if ($action == 'update')
}
else
{
$result=$cactioncomm->fetch(GETPOST('actioncode'));
$result=$cactioncomm->fetch(GETPOST('actioncode', 'aZ09'));
}
if (empty($object->userownerid))
{
@ -689,7 +689,7 @@ if ($action == 'create')
if ($backtopage) print '<input type="hidden" name="backtopage" value="'.($backtopage != '1' ? $backtopage : $_SERVER["HTTP_REFERER"]).'">';
if (empty($conf->global->AGENDA_USE_EVENT_TYPE)) print '<input type="hidden" name="actioncode" value="'.dol_getIdFromCode($db, 'AC_OTH', 'c_actioncomm').'">';
if (GETPOST("actioncode") == 'AC_RDV') print load_fiche_titre($langs->trans("AddActionRendezVous"), '', 'title_agenda');
if (GETPOST("actioncode", 'aZ09') == 'AC_RDV') print load_fiche_titre($langs->trans("AddActionRendezVous"), '', 'title_agenda');
else print load_fiche_titre($langs->trans("AddAnAction"), '', 'title_agenda');
dol_fiche_head();
@ -701,7 +701,7 @@ if ($action == 'create')
{
print '<tr><td class="titlefieldcreate"><span class="fieldrequired">'.$langs->trans("Type").'</span></b></td><td>';
$default=(empty($conf->global->AGENDA_USE_EVENT_TYPE_DEFAULT)?'':$conf->global->AGENDA_USE_EVENT_TYPE_DEFAULT);
$formactions->select_type_actions(GETPOST("actioncode")?GETPOST("actioncode"):($object->type_code?$object->type_code:$default), "actioncode", "systemauto", 0, -1);
$formactions->select_type_actions(GETPOST("actioncode", 'aZ09')?GETPOST("actioncode", 'aZ09'):($object->type_code?$object->type_code:$default), "actioncode", "systemauto", 0, -1);
print '</td></tr>';
}
@ -731,7 +731,7 @@ if ($action == 'create')
{
$datef=dol_time_plus_duree($datep, $conf->global->AGENDA_AUTOSET_END_DATE_WITH_DELTA_HOURS, 'h');
}
print '<tr><td><span id="dateend"'.(GETPOST("actioncode") == 'AC_RDV'?' class="fieldrequired"':'').'>'.$langs->trans("DateActionEnd").'</span></td><td>';
print '<tr><td><span id="dateend"'.(GETPOST("actioncode", 'aZ09') == 'AC_RDV'?' class="fieldrequired"':'').'>'.$langs->trans("DateActionEnd").'</span></td><td>';
if (GETPOST("afaire") == 1) {
print $form->selectDate($datef, 'p2', 1, 1, 1, "action", 1, 1, 0, 'fulldayend');
} elseif (GETPOST("afaire") == 2) {
@ -1010,15 +1010,15 @@ if ($id > 0)
$datep=dol_mktime($fulldayevent?'00':$aphour, $fulldayevent?'00':$apmin, 0, $_POST["apmonth"], $_POST["apday"], $_POST["apyear"]);
$datef=dol_mktime($fulldayevent?'23':$p2hour, $fulldayevent?'59':$p2min, $fulldayevent?'59':'0', $_POST["p2month"], $_POST["p2day"], $_POST["p2year"]);
$object->type_id = dol_getIdFromCode($db, GETPOST("actioncode"), 'c_actioncomm');
$object->label = GETPOST("label");
$object->type_id = dol_getIdFromCode($db, GETPOST("actioncode", 'aZ09'), 'c_actioncomm');
$object->label = GETPOST("label", "alphanohtml");
$object->datep = $datep;
$object->datef = $datef;
$object->percentage = $percentage;
$object->priority = GETPOST("priority");
$object->priority = GETPOST("priority", "alphanohtml");
$object->fulldayevent= GETPOST("fullday")?1:0;
$object->location = GETPOST('location');
$object->socid = GETPOST("socid");
$object->location = GETPOST('location', "alpanohtml");
$object->socid = GETPOST("socid", "int");
$socpeopleassigned = GETPOST("socpeopleassigned", 'array');
foreach ($socpeopleassigned as $tmpid) $object->socpeopleassigned[$id] = array('id' => $tmpid);
$object->contactid = GETPOST("contactid", 'int');
@ -1101,7 +1101,7 @@ if ($id > 0)
print '<tr><td class="fieldrequired">'.$langs->trans("Type").'</td><td colspan="3">';
if ($object->type_code != 'AC_OTH_AUTO')
{
$formactions->select_type_actions(GETPOST("actioncode")?GETPOST("actioncode"):$object->type_code, "actioncode", "systemauto");
$formactions->select_type_actions(GETPOST("actioncode", 'aZ09')?GETPOST("actioncode", 'aZ09'):$object->type_code, "actioncode", "systemauto");
}
else
{

2
htdocs/comm/action/class/cactioncomm.class.php
View File

@ -84,7 +84,7 @@ class CActionComm
$sql = "SELECT id, code, type, libelle as label, color, active, picto";
$sql.= " FROM ".MAIN_DB_PREFIX."c_actioncomm";
if (is_numeric($id)) $sql.= " WHERE id=".$id;
else $sql.= " WHERE code='".$id."'";
else $sql.= " WHERE code='".$this->db->escape($id)."'";
dol_syslog(get_class($this)."::fetch", LOG_DEBUG);
$resql=$this->db->query($sql);

2
htdocs/compta/localtax/card.php
View File

@ -156,8 +156,6 @@ $title=$langs->trans("LT".$object->ltt) . " - " . $langs->trans("Card");
$help_url='';
llxHeader("", $title, $helpurl);
if ($action == 'create')
{
print load_fiche_titre($langs->transcountry($lttype==2?"newLT2Payment":"newLT1Payment", $mysoc->country_code));

17
htdocs/compta/localtax/clients.php
View File

@ -85,6 +85,12 @@ $socid = GETPOST('socid', 'int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'tax', '', '', 'charges');
if (empty($local))
{
accessforbidden('Parameter localTaxType is missing');
exit;
}
/*
@ -106,11 +112,12 @@ llxHeader('', '', '', '', 0, 0, '', '', $morequerystring);
$name=$langs->transcountry($local==1?"LT1ReportByCustomers":"LT2ReportByCustomers", $mysoc->country_code);
$fsearch.='<br>';
$fsearch.=' <input type="hidden" name="year" value="'.$year.'">';
$fsearch.=' <input type="hidden" name="modetax" value="'.$modetax.'">';
$fsearch.=' '.$langs->trans("SalesTurnoverMinimum").': ';
$fsearch.=' <input type="text" name="min" id="min" value="'.$min.'" size="6">';
$fsearch ='<!-- hidden fields for form -->';
$fsearch.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
$fsearch.='<input type="hidden" name="modetax" value="'.$modetax.'">';
$fsearch.='<input type="hidden" name="localTaxType" value="'.$local.'">';
$fsearch.=$langs->trans("SalesTurnoverMinimum").': ';
$fsearch.='<input type="text" name="min" id="min" value="'.$min.'" size="6">';
$calc=$conf->global->MAIN_INFO_LOCALTAX_CALC.$local;
// Affiche en-tete du rapport

21
htdocs/compta/localtax/index.php
View File

@ -188,6 +188,19 @@ function pt($db, $sql, $date)
}
}
if (empty($localTaxType))
{
accessforbidden('Parameter localTaxType is missing');
exit;
}
/*
* Actions
*/
// None
/*
* View
@ -213,7 +226,11 @@ if($localTaxType==1) {
$CalcLT= $conf->global->MAIN_INFO_LOCALTAX_CALC2;
}
$fsearch.=' <input type="hidden" name="localTaxType" value="'.$localTaxType.'">';
$fsearch = '<!-- hidden fields for form -->';
$fsearch.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
$fsearch.= '<input type="hidden" name="localTaxType" value="'.$localTaxType.'">';
$fsearch.= '<input type="hidden" name="modetax" value="'.$modetax.'">';
$description = $fsearch;
// Show report header
@ -528,7 +545,7 @@ while ((($y < $yend) || ($y == $yend && $m <= $mend)) && $mcursor < 1000) // $mc
$total = $total + $diff;
$subtotal = price2num($subtotal + $diff, 'MT');
print '<td class="nowrap right">'.price(price2num($diff, 'MT')).'</td>\n';
print '<td class="nowrap right">'.price(price2num($diff, 'MT')).'</td>'."\n";
print "<td>&nbsp;</td>\n";
print "</tr>\n";

28
htdocs/compta/localtax/quadri_detail.php
View File

@ -97,6 +97,12 @@ $socid = GETPOST('socid', 'int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'tax', '', '', 'charges');
if (empty($local))
{
accessforbidden('Parameter localTaxType is missing');
exit;
}
/*
@ -122,9 +128,10 @@ foreach ($listofparams as $param)
llxHeader('', $langs->trans("LocalTaxReport"), '', '', 0, 0, '', '', $morequerystring);
$fsearch.=' <input type="hidden" name="year" value="'.$year.'">';
$fsearch.=' <input type="hidden" name="modetax" value="'.$modetax.'">';
$fsearch.=' <input type="hidden" name="localTaxType" value="'.$local.'">';
$fsearch = '<!-- hidden fields for form -->';
$fsearch.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
$fsearch.= '<input type="hidden" name="modetax" value="'.$modetax.'">';
$fsearch.= '<input type="hidden" name="localTaxType" value="'.$local.'">';
$name=$langs->transcountry($local==1?"LT1ReportByQuarters":"LT2ReportByQuarters", $mysoc->country_code);
$calcmode='';
@ -161,7 +168,7 @@ if (! empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) {
$description.='<br>'.$langs->trans("DepositsAreNotIncluded");
}
*/
if (! empty($conf->global->MAIN_MODULE_ACCOUNTING)) $description.='<br>'.$langs->trans("ThisIsAnEstimatedValue");
if (! empty($conf->global->MAIN_MODULE_ACCOUNTING)) $description.=$langs->trans("ThisIsAnEstimatedValue");
// Customers invoices
$elementcust=$langs->trans("CustomersInvoices");
@ -186,15 +193,14 @@ if ($mysoc->tva_assuj) {
report_header($name, '', $period, $periodlink, $description, $builddate, $exportlink, array(), $calcmode);
if($local==1){
$vatcust=$langs->transcountry("LocalTax1", $mysoc->country_code);
$vatsup=$langs->transcountry("LocalTax1", $mysoc->country_code);
$vatexpensereport=$langs->transcountry("LocalTax1", $mysoc->country_code);
$vatcust=$langs->transcountry("LT1", $mysoc->country_code);
$vatsup=$langs->transcountry("LT1", $mysoc->country_code);
$vatexpensereport=$langs->transcountry("LT1", $mysoc->country_code);
}else{
$vatcust=$langs->transcountry("LocalTax2", $mysoc->country_code);
$vatsup=$langs->transcountry("LocalTax2", $mysoc->country_code);
$vatexpensereport=$langs->transcountry("LocalTax2", $mysoc->country_code);
$vatcust=$langs->transcountry("LT2", $mysoc->country_code);
$vatsup=$langs->transcountry("LT2", $mysoc->country_code);
$vatexpensereport=$langs->transcountry("LT2", $mysoc->country_code);
}
// VAT Received and paid

10
htdocs/compta/tva/clients.php
View File

@ -123,11 +123,11 @@ if (isset($_REQUEST['extra_report']) && $_REQUEST['extra_report'] == 1) {
llxHeader('', $langs->trans("VATReport"), '', '', 0, 0, '', '', $morequerystring);
$fsearch.='<br>';
$fsearch.=' <input type="hidden" name="year" value="'.$year.'">';
$fsearch.=' <input type="hidden" name="modetax" value="'.$modetax.'">';
$fsearch.=' '.$langs->trans("SalesTurnoverMinimum").': ';
$fsearch.=' <input type="text" name="min" id="min" value="'.$min.'" size="6">';
$fsearch ='<!-- hidden fields for form -->';
$fsearch.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
$fsearch.='<input type="hidden" name="modetax" value="'.$modetax.'">';
$fsearch.=$langs->trans("SalesTurnoverMinimum").': ';
$fsearch.='<input type="text" name="min" id="min" value="'.$min.'" size="6">';
// Show report header
$name=$langs->trans("VATReportByThirdParties");

8
htdocs/compta/tva/index.php
View File

@ -198,7 +198,11 @@ $form=new Form($db);
$company_static=new Societe($db);
$tva = new Tva($db);
$description = '';
$fsearch ='<!-- hidden fields for form -->';
$fsearch.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
$fsearch.='<input type="hidden" name="modetax" value="'.$modetax.'">';
$description = $fsearch;
// Show report header
$name = $langs->trans("ReportByMonth");
@ -208,7 +212,7 @@ if ($modetax == 1) $calcmode=$langs->trans('OptionVATDebitOption');
if ($modetax == 2) $calcmode=$langs->trans('OptionPaymentForProductAndServices');
$calcmode.='<br>('.$langs->trans("TaxModuleSetupToModifyRules", DOL_URL_ROOT.'/admin/taxes.php').')';
$description = $langs->trans("VATSummary").'<br>';
$description .= $langs->trans("VATSummary").'<br>';
if ($conf->global->TAX_MODE_SELL_PRODUCT == 'invoice') $description.=$langs->trans("RulesVATDueProducts");
if ($conf->global->TAX_MODE_SELL_PRODUCT == 'payment') $description.=$langs->trans("RulesVATInProducts");
if ($conf->global->TAX_MODE_SELL_SERVICE == 'invoice') $description.='<br>'.$langs->trans("RulesVATDueServices");

5
htdocs/compta/tva/quadri_detail.php
View File

@ -124,8 +124,9 @@ llxHeader('', $title, '', '', 0, 0, '', '', $morequerystring);
//print load_fiche_titre($langs->trans("VAT"),"");
//$fsearch.='<br>';
$fsearch.=' <input type="hidden" name="year" value="'.$year.'">';
$fsearch.=' <input type="hidden" name="modetax" value="'.$modetax.'">';
$fsearch ='<!-- hidden fields for form -->';
$fsearch.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
$fsearch.='<input type="hidden" name="modetax" value="'.$modetax.'">';
//$fsearch.=' '.$langs->trans("SalesTurnoverMinimum").': ';
//$fsearch.=' <input type="text" name="min" value="'.$min.'">';

3
htdocs/core/lib/date.lib.php
View File

@ -795,7 +795,8 @@ function num_public_holiday($timestampStart, $timestampEnd, $country_code = '',
if (in_array('fronleichnam', $specialdayrule))
{
// Fronleichnam (60 days after easter sunday)
$date_fronleichnam = mktime(
$date_paques = easter_date($annee);
$date_fronleichnam = mktime(
date("H", $date_paques),
date("i", $date_paques),
date("s", $date_paques),

2
htdocs/core/lib/project.lib.php
View File

@ -699,7 +699,7 @@ function projectLinesa(&$inc, $parent, &$lines, &$level, $var, $showproject, &$t
// resume
print '<td class="right">';
if ($total_projectlinesa_planned){
if ($total_projectlinesa_planned) {
print '</span>';
print ' <div class="progress sm" title="'.$totalAverageDeclaredProgress.'%" >';
print ' <div class="progress-bar '.$progressBarClass.'" style="width: '.$totalAverageDeclaredProgress.'%"></div>';

2
htdocs/core/lib/tax.lib.php
View File

@ -124,7 +124,7 @@ function tax_by_thirdparty($type, $db, $y, $date_start, $date_end, $modetax, $di
$invoicefieldref='ref';
}
if ( strpos($type, 'localtax') === 0 ) {
if (strpos($type, 'localtax') === 0) {
$f_rate = $type . '_tx';
} else {
$f_rate = 'tva_tx';

36
htdocs/core/modules/DolibarrModules.class.php
View File

@ -61,7 +61,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it
/**
* @var string Family
* @see familyinfo
* @see $familyinfo
*
* Native values: 'crm', 'financial', 'hr', 'projects', 'products', 'ecm', 'technic', 'other'.
* Use familyinfo to declare a custom value.
@ -70,7 +70,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it
/**
* @var array Custom family informations
* @see family
* @see $family
*
* e.g.:
* array(
@ -259,26 +259,6 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it
*/
public $core_enabled;
/**
* @var string Relative path to module style sheet
* @deprecated
* @see module_parts
*/
public $style_sheet = '';
/**
* @var 0|1|2|3 Where to display the module in setup page
* @deprecated @since 4.0.0
* @see family
* @see familyinfo
*
* 0: common
* 1: interface
* 2: others
* 3: very specific
*/
public $special;
/**
* @var string Name of image file used for this module
*
@ -297,20 +277,20 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it
/**
* @var string[] List of module class names that must be enabled if this module is enabled.
*
* e.g.: array('modAnotherModule', 'FR'=>'modYetAnotherModule')
* @var string[] List of module class names that must be enabled if this module is enabled. e.g.: array('modAnotherModule', 'FR'=>'modYetAnotherModule')
* @see $requiredby
*/
public $depends;
/**
* @var int[] List of module ids to disable if this one is disabled.
* @var string[] List of module class names to disable if the module is disabled.
* @see $depends
*/
public $requiredby;
/**
* @var string[] List of module class names as string this module is in conflict with.
* @see depends
* @see $depends
*/
public $conflictwith;
@ -915,7 +895,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it
/**
* Gives the last date of activation
*
* @return timestamp|string Date of last activation
* @return int|string Date of last activation or '' if module was never activated
*/
public function getLastActivationDate()
{

204
htdocs/install/repair.php
View File

@ -69,6 +69,7 @@ print '<h3>'.$langs->trans("Repair").'</h3>';
print 'Option standard (\'test\' or \'confirmed\') is '.(GETPOST('standard', 'alpha')?GETPOST('standard', 'alpha'):'undefined').'<br>'."\n";
print 'Option restore_thirdparties_logos (\'test\' or \'confirmed\') is '.(GETPOST('restore_thirdparties_logos', 'alpha')?GETPOST('restore_thirdparties_logos', 'alpha'):'undefined').'<br>'."\n";
print 'Option restore_user_pictures (\'test\' or \'confirmed\') is '.(GETPOST('restore_user_pictures', 'alpha')?GETPOST('restore_user_pictures', 'alpha'):'undefined').'<br>'."\n";
print 'Option clean_linked_elements (\'test\' or \'confirmed\') is '.(GETPOST('clean_linked_elements', 'alpha')?GETPOST('clean_linked_elements', 'alpha'):'undefined').'<br>'."\n";
print 'Option clean_menus (\'test\' or \'confirmed\') is '.(GETPOST('clean_menus', 'alpha')?GETPOST('clean_menus', 'alpha'):'undefined').'<br>'."\n";
print 'Option clean_orphelin_dir (\'test\' or \'confirmed\') is '.(GETPOST('clean_orphelin_dir', 'alpha')?GETPOST('clean_orphelin_dir', 'alpha'):'undefined').'<br>'."\n";
@ -492,70 +493,183 @@ if ($ok && GETPOST('restore_thirdparties_logos'))
$ext='';
print '<tr><td colspan="2"><br>*** Restore thirdparties logo<br>';
//foreach($exts as $ext)
//{
$sql="SELECT s.rowid, s.nom as name, s.logo FROM ".MAIN_DB_PREFIX."societe as s ORDER BY s.nom";
$resql=$db->query($sql);
if ($resql)
$sql="SELECT s.rowid, s.nom as name, s.logo FROM ".MAIN_DB_PREFIX."societe as s ORDER BY s.nom";
$resql=$db->query($sql);
if ($resql)
{
$num=$db->num_rows($resql);
$i=0;
while($i < $num)
{
$num=$db->num_rows($resql);
$i=0;
$obj=$db->fetch_object($resql);
while($i < $num)
/*
$name=preg_replace('/é/','',$obj->name);
$name=preg_replace('/ /','_',$name);
$name=preg_replace('/\'/','',$name);
*/
$tmp=explode('.', $obj->logo);
$name=$tmp[0];
if (isset($tmp[1])) $ext='.'.$tmp[1];
if (! empty($name))
{
$obj=$db->fetch_object($resql);
/*
$name=preg_replace('/é/','',$obj->name);
$name=preg_replace('/ /','_',$name);
$name=preg_replace('/\'/','',$name);
*/
$tmp=explode('.', $obj->logo);
$name=$tmp[0];
if (isset($tmp[1])) $ext='.'.$tmp[1];
if (! empty($name))
$filetotest=$dolibarr_main_data_root.'/societe/logos/'.$name.$ext;
$filetotestsmall=$dolibarr_main_data_root.'/societe/logos/thumbs/'.$name.'_small'.$ext;
$exists=dol_is_file($filetotest);
print 'Check thirdparty '.$obj->rowid.' name='.$obj->name.' logo='.$obj->logo.' file '.$filetotest." exists=".$exists."<br>\n";
if ($exists)
{
$filetotest=$dolibarr_main_data_root.'/societe/logos/'.$name.$ext;
$filetotestsmall=$dolibarr_main_data_root.'/societe/logos/thumbs/'.$name.$ext;
$exists=dol_is_file($filetotest);
print 'Check thirdparty '.$obj->rowid.' name='.$obj->name.' logo='.$obj->logo.' file '.$filetotest." exists=".$exists."<br>\n";
if ($exists)
$filetarget=$dolibarr_main_data_root.'/societe/'.$obj->rowid.'/logos/'.$name.$ext;
$filetargetsmall=$dolibarr_main_data_root.'/societe/'.$obj->rowid.'/logos/thumbs/'.$name.'_small'.$ext;
$existt=dol_is_file($filetarget);
if (! $existt)
{
$filetarget=$dolibarr_main_data_root.'/societe/'.$obj->rowid.'/logos/'.$name.$ext;
$filetargetsmall=$dolibarr_main_data_root.'/societe/'.$obj->rowid.'/logos/thumbs/'.$name.'_small'.$ext;
$existt=dol_is_file($filetarget);
if (! $existt)
if (GETPOST('restore_thirdparties_logos', 'alpha') == 'confirmed')
{
dol_mkdir($dolibarr_main_data_root.'/societe/'.$obj->rowid.'/logos');
print " &nbsp; &nbsp; &nbsp; -> Copy file ".$filetotest." -> ".$filetarget."<br>\n";
dol_copy($filetotest, $filetarget, '', 0);
}
$existtt=dol_is_file($filetargetsmall);
if (! $existtt)
print " &nbsp; &nbsp; &nbsp; -> Copy file ".$filetotest." -> ".$filetarget."<br>\n";
if (GETPOST('restore_thirdparties_logos', 'alpha') == 'confirmed')
{
dol_copy($filetotest, $filetarget, '', 0);
}
}
$existtt=dol_is_file($filetargetsmall);
if (! $existtt)
{
if (GETPOST('restore_thirdparties_logos', 'alpha') == 'confirmed')
{
dol_mkdir($dolibarr_main_data_root.'/societe/'.$obj->rowid.'/logos/thumbs');
print " &nbsp; &nbsp; &nbsp; -> Copy file ".$filetotestsmall." -> ".$filetargetsmall."<br>\n";
}
print " &nbsp; &nbsp; &nbsp; -> Copy file ".$filetotestsmall." -> ".$filetargetsmall."<br>\n";
if (GETPOST('restore_thirdparties_logos', 'alpha') == 'confirmed')
{
dol_copy($filetotestsmall, $filetargetsmall, '', 0);
}
}
}
$i++;
}
$i++;
}
else
{
$ok=0;
dol_print_error($db);
}
}
else
{
$ok=0;
dol_print_error($db);
}
print '</td></tr>';
}
// restore_user_pictures: Move pictures to correct new directory.
if ($ok && GETPOST('restore_user_pictures', 'alpha'))
{
//$exts=array('gif','png','jpg');
$ext='';
print '<tr><td colspan="2"><br>*** Restore user pictures<br>';
$sql="SELECT s.rowid, s.firstname, s.lastname, s.login, s.photo FROM ".MAIN_DB_PREFIX."user as s ORDER BY s.rowid";
$resql=$db->query($sql);
if ($resql)
{
$num=$db->num_rows($resql);
$i=0;
while($i < $num)
{
$obj=$db->fetch_object($resql);
/*
$name=preg_replace('/é/','',$obj->name);
$name=preg_replace('/ /','_',$name);
$name=preg_replace('/\'/','',$name);
*/
$tmp=explode('.', $obj->photo);
$name=$tmp[0];
if (isset($tmp[1])) $ext='.'.$tmp[1];
if (! empty($name))
{
$filetotest=$dolibarr_main_data_root.'/users/'.substr(sprintf('%08d', $obj->rowid), -1, 1).'/'.substr(sprintf('%08d', $obj->rowid), -2, 1).'/'.$name.$ext;
$filetotestsmall=$dolibarr_main_data_root.'/users/'.substr(sprintf('%08d', $obj->rowid), -1, 1).'/'.substr(sprintf('%08d', $obj->rowid), -2, 1).'/thumbs/'.$name.'_small'.$ext;
$filetotestmini=$dolibarr_main_data_root.'/users/'.substr(sprintf('%08d', $obj->rowid), -1, 1).'/'.substr(sprintf('%08d', $obj->rowid), -2, 1).'/thumbs/'.$name.'_mini'.$ext;
$exists=dol_is_file($filetotest);
print 'Check user '.$obj->rowid.' lastname='.$obj->lastname.' fistname='.$obj->firstname.' photo='.$obj->photo.' file '.$filetotest." exists=".$exists."<br>\n";
if ($exists)
{
$filetarget=$dolibarr_main_data_root.'/users/'.$obj->rowid.'/'.$name.$ext;
$filetargetsmall=$dolibarr_main_data_root.'/users/'.$obj->rowid.'/thumbs/'.$name.'_small'.$ext;
$filetargetmini=$dolibarr_main_data_root.'/users/'.$obj->rowid.'/thumbs/'.$name.'_mini'.$ext;
$existt=dol_is_file($filetarget);
if (! $existt)
{
if (GETPOST('restore_user_pictures', 'alpha') == 'confirmed')
{
dol_mkdir($dolibarr_main_data_root.'/users/'.$obj->rowid);
}
print " &nbsp; &nbsp; &nbsp; -> Copy file ".$filetotest." -> ".$filetarget."<br>\n";
if (GETPOST('restore_user_pictures', 'alpha') == 'confirmed')
{
dol_copy($filetotest, $filetarget, '', 0);
}
}
$existtt=dol_is_file($filetargetsmall);
if (! $existtt)
{
if (GETPOST('restore_user_pictures', 'alpha') == 'confirmed')
{
dol_mkdir($dolibarr_main_data_root.'/users/'.$obj->rowid.'/thumbs');
}
print " &nbsp; &nbsp; &nbsp; -> Copy file ".$filetotestsmall." -> ".$filetargetsmall."<br>\n";
if (GETPOST('restore_user_pictures', 'alpha') == 'confirmed')
{
dol_copy($filetotestsmall, $filetargetsmall, '', 0);
}
}
$existtt=dol_is_file($filetargetmini);
if (! $existtt)
{
if (GETPOST('restore_user_pictures', 'alpha') == 'confirmed')
{
dol_mkdir($dolibarr_main_data_root.'/users/'.$obj->rowid.'/thumbs');
}
print " &nbsp; &nbsp; &nbsp; -> Copy file ".$filetotestmini." -> ".$filetargetmini."<br>\n";
if (GETPOST('restore_user_pictures', 'alpha') == 'confirmed')
{
dol_copy($filetotestmini, $filetargetmini, '', 0);
}
}
}
}
$i++;
}
}
else
{
$ok=0;
dol_print_error($db);
}
print '</td></tr>';
//}
}

2
htdocs/langs/en_US/companies.lang
View File

@ -96,8 +96,6 @@ LocalTax1IsNotUsedES= RE is not used
LocalTax2IsUsed=Use third tax
LocalTax2IsUsedES= IRPF is used
LocalTax2IsNotUsedES= IRPF is not used
LocalTax1ES=RE
LocalTax2ES=IRPF
WrongCustomerCode=Customer code invalid
WrongSupplierCode=Vendor code invalid
CustomerCodeModel=Customer code model

7
htdocs/main.inc.php
View File

@ -360,7 +360,7 @@ if (! defined('NOTOKENRENEWAL'))
if ((! defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && ! empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN))
|| defined('CSRFCHECK_WITH_TOKEN')) // Check validity of token, only if option MAIN_SECURITY_CSRF_WITH_TOKEN enabled or if constant CSRFCHECK_WITH_TOKEN is set
{
if ($_SERVER['REQUEST_METHOD'] == 'POST' && ! GETPOSTISSET('token')) // Note, offender can still send request by GET
if ($_SERVER['REQUEST_METHOD'] == 'POST' && ! GETPOSTISSET('token')) // Note: offender can still send request by GET
{
dol_syslog("--- Access to ".$_SERVER["PHP_SELF"]." refused by CSRFCHECK_WITH_TOKEN protection. Token not provided.");
print "Access by POST method refused by CSRF protection in main.inc.php. Token not provided.\n";
@ -368,17 +368,14 @@ if ((! defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && ! empty($conf->
die;
}
//if ($_SERVER['REQUEST_METHOD'] === 'POST') // This test must be after loading $_SESSION['token'].
//{
if (GETPOSTISSET('token') && GETPOST('token', 'alpha') != $_SESSION['token'])
{
dol_syslog("--- Access to ".$_SERVER["PHP_SELF"]." refused due to invalid token, so we disable POST and some GET parameters - referer=".$_SERVER['HTTP_REFERER'].", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha').", _SESSION['token']=".$_SESSION['token'], LOG_WARNING);
//print 'Unset POST by CSRF protection in main.inc.php.'; // Do not output anything because this create problems when using the BACK button on browsers.
if ($conf->global->MAIN_FEATURES_LEVEL>1) setEventMessages('Unset POST by CSRF protection in main.inc.php (POST was already done or was done by a not allowed web page).'."<br>\n".'$_SERVER[REQUEST_URI] = '.$_SERVER['REQUEST_URI'].' $_SERVER[REQUEST_METHOD] = '.$_SERVER['REQUEST_METHOD'].' GETPOST(token) = '.GETPOST('token', 'alpha').' $_SESSION[token] = '.$_SESSION['token'], null, 'warnings');
if ($conf->global->MAIN_FEATURES_LEVEL>1) setEventMessages('Unset POST by CSRF protection in main.inc.php (POST for this token was already done or was done by a not allowed web page with a wrong token).'."<br>\n".'$_SERVER[REQUEST_URI] = '.$_SERVER['REQUEST_URI'].' $_SERVER[REQUEST_METHOD] = '.$_SERVER['REQUEST_METHOD'].' GETPOST(token) = '.GETPOST('token', 'alpha').' $_SESSION[token] = '.$_SESSION['token'], null, 'warnings');
unset($_POST);
unset($_GET['confirm']);
}
//}
}
// Disable modules (this must be after session_start and after conf has been loaded)

14
htdocs/public/payment/newpayment.php
View File

@ -2249,12 +2249,19 @@ if (preg_match('/^dopayment/', $action)) // If we choosed/click on the payment
function stripeTokenHandler(token) {
// Insert the token ID into the form so it gets submitted to the server
var form = document.getElementById('payment-form');
var hiddenInput = document.createElement('input');
hiddenInput.setAttribute('type', 'hidden');
hiddenInput.setAttribute('name', 'stripeToken');
hiddenInput.setAttribute('value', token.id);
form.appendChild(hiddenInput);
var hiddenInput2 = document.createElement('input');
hiddenInput2.setAttribute('type', 'hidden');
hiddenInput2.setAttribute('name', 'token');
hiddenInput2.setAttribute('value', '<?php echo $_SESSION["newtoken"]; ?>');
form.appendChild(hiddenInput2);
// Submit the form
jQuery('#buttontopay').hide();
jQuery('#hourglasstopay').show();
@ -2266,12 +2273,19 @@ if (preg_match('/^dopayment/', $action)) // If we choosed/click on the payment
function stripeSourceHandler(source) {
// Insert the source ID into the form so it gets submitted to the server
var form = document.getElementById('payment-form');
var hiddenInput = document.createElement('input');
hiddenInput.setAttribute('type', 'hidden');
hiddenInput.setAttribute('name', 'stripeSource');
hiddenInput.setAttribute('value', source.id);
form.appendChild(hiddenInput);
var hiddenInput2 = document.createElement('input');
hiddenInput2.setAttribute('type', 'hidden');
hiddenInput2.setAttribute('name', 'token');
hiddenInput2.setAttribute('value', '<?php echo $_SESSION["newtoken"]; ?>');
form.appendChild(hiddenInput2);
// Submit the form
jQuery('#buttontopay').hide();
jQuery('#hourglasstopay').show();