diff --git a/ChangeLog b/ChangeLog index 3aa4f789f3f..584b7c1ee0c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,9 +20,110 @@ Following changes may create regressions for some external modules, but were nec * The deprecated method get_OutstandingBill has been removed. You can use getOutstandingBills() instead. * The hook "moreFamily" must return payment into var "totalpayment" and no more "paiement" (english replace french). * Removed deprecated method actioncomm->add(), use create() instead -* If you develop your own emailing target selector and used parent::add_to_target(...), you must now use parent::addToTargets(...) +* If you have developed your own emailing target selector and used parent::add_to_target(...), you must now use parent::addToTargets(...) + +***** ChangeLog for 10.0.2 compared to 10.0.1 ***** + +FIX: #10460 compatibility with MariaDB 10.4 +FIX: #11401 Adherent unknown language key +FIX: #11422 Can't edit his own events with standard rights +FIX: #11427 require product class (fixes POST /supplierinvoices REST API endpoint) +FIX: #11570 +FIX: #11591 FIX: #11592 +FIX: #11671 CVE-2019-15062 +FIX: #11672 +FIX: #11685 +FIX: #11702 +FIX: #11711 +FIX: #11720 +FIX: #11746 Unable to modify amount of insurance of a loan +FIX: #11752 +FIX: #11789 FIX: #11790 +FIX: #11804 list of tickets from a customer card display ALL tickets +FIX: #11834 +FIX: Add char $ and ; in sanitizing of filenames. +FIX: Add comment before protected functions +FIX: Add log and type of content in dolWebsiteOutput and +FIX: Add repair.php option 'restore' to restore user picture after v10 +FIX: amount opened on thirdparty card dont care of credit note not converted +FIX: Api of documents work with value 'thirdparty' +FIX: author in message / ticket API +FIX: avoid sql error if fk_project is empty during update +FIX: avoid Warning: A non-numeric value encountered +FIX: bad consistency in list of invoice for direct debit order. +FIX: Bad error management in zip compress and web site export +FIX: bad substitution for extrafields type checkbox +FIX: better help message with multicompany +FIX: calculation of $products_dispatched +FIX: Can't add a new chart of account +FIX: Can't delete a draft leave even if it should +FIX: Can't save setup of mailman module +FIX: column jabberid missing +FIX: Confirmation of deletion +FIX: Consistency in direct debit order lists. +FIX: Content send before header warning +FIX: credit note can be split +FIX: credit note used on list +FIX: Css was saved on wrong website. +FIX: delivery extrafields +FIX: Disabling a website does not put it offline +FIX: display only stripe sources for customer +FIX: display payment intent in stripe's charge list +FIX: document list for products in API +FIX: dol_thirdparty_id for stripe PI +FIX: Do not show tooltip if tooltip is empty +FIX: duplicate css tag, decrease padding-bottom for boxes in eldy theme +FIX: duration when creating service +FIX: EDB-ID:47370 +FIX: Enable web site +FIX: error management when adding a property with type real +FIX: Fatal situation if payment removed on expense report. Action +FIX: filepath of generated documents doesn't handle products with special characters +FIX: for MAIN_MAXTABS_IN_CARD = $i card +FIX: gzip and bzip2 must use option -f +FIX: It was possible to create cashfence without entering data. +FIX: javascript error when using dol_use_jmobile=1 +FIX: logout redirect to takepos.php +FIX: Look and feel v10 +FIX: Make protected all pfd models functions +FIX: management of extrafields in modulebuilder +FIX: Missing div for buttons in tax, loan, various payment modules +FIX: missing include (dol_convert_file not found) +FIX: Missing some replacements in website module +FIX: missing test on permission on button to delete ledger record +FIX: Missing the filter fields in export of expense report and leaves +FIX: Missing ticket icon on md theme +FIX: Missing transaction +FIX: Mode smartphone was not triggered when there is too loo menu +FIX: Must escape shell +FIX: Must exclude logs and some dirs for compressed backup +FIX: name and position of hook FIX: #11710 +FIX: Not showing MAIN_INVERT_SENDER_RECIPIENT when edit field +FIX: Nowrap missing on amount in boxes +FIX: Option to use ZipArchive instead of PclZip bugged with large files. +FIX: order or proposals billed if both workflow conf activated +FIX: permission check on API intervention +FIX: phpcs +FIX: placement function +FIX: qty in invoice list on product's stats +FIX: remove disabled product type from product list +FIX: Return code of pdf_einstein.modules.php and proformat +FIX: round for application fee in stripe +FIX: Sens of the balance (Debit - Credit in accountancy not contrary) +FIX: Several pb in export of documents +FIX: SQL syntax error and CSRF check on vat reports +FIX: takepos layout clear or focus search +FIX: too many record in sql request. Whena criteria is a filter, we must +FIX: Translation of month +FIX: USEDOLIBARREDITOR not always set +FIX: VAT number for Monaco (it uses FR) +FIX: vulenrability in uploading file found by 美创科技安全实验室 +FIX: wrong display (and hidden input) for already dispatched quantity +FIX: wrong parameters (same error in branch 9, 10, develop) +FIX: Wrong variable. Must be PROJECT_HIDE_UNSELECTABLES + ***** ChangeLog for 10.0.1 compared to 10.0.0 ***** FIX: #10930 FIX: #10984 diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index eb3e225c4d6..34133a7482e 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -2110,10 +2110,8 @@ class Adherent extends CommonObject if (! empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER) && $withpictoimg) $withpictoimg=0; - $notooltip=0; - $result=''; $label=''; - $link=''; $linkstart=''; $linkend=''; + $linkstart=''; $linkend=''; if (! empty($this->photo)) { @@ -2146,7 +2144,7 @@ class Adherent extends CommonObject if ($add_save_lastsearch_values) $url.='&save_lastsearch_values=1'; } - $link = ''; + $linkstart.=$linkclose.'>'; $linkend=''; - $result.=$link; + $result.=$linkstart; if ($withpictoimg) $result.='
'; if ($withpictoimg) { diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index a9dd837fc8c..003203940a8 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -221,7 +221,7 @@ if ($action == 'add') } // Initialisation objet cactioncomm - if (! GETPOST('actioncode') > 0) // actioncode is id + if (GETPOSTISSET('actioncode') && ! GETPOST('actioncode', 'aZ09')) // actioncode is '0' { $error++; $donotclearsession=1; $action = 'create'; @@ -229,7 +229,7 @@ if ($action == 'add') } else { - $object->type_code = GETPOST('actioncode'); + $object->type_code = GETPOST('actioncode', 'aZ09'); } if (! $error) @@ -243,7 +243,7 @@ if ($action == 'add') $object->elementtype = GETPOST("elementtype", 'alpha'); if (! GETPOST('label')) { - if (GETPOST('actioncode') == 'AC_RDV' && $contact->getFullName($langs)) + if (GETPOST('actioncode', 'aZ09') == 'AC_RDV' && $contact->getFullName($langs)) { $object->label = $langs->transnoentitiesnoconv("TaskRDVWith", $contact->getFullName($langs)); } @@ -426,15 +426,15 @@ if ($action == 'update') $datep=dol_mktime($fulldayevent?'00':$aphour, $fulldayevent?'00':$apmin, 0, $_POST["apmonth"], $_POST["apday"], $_POST["apyear"]); $datef=dol_mktime($fulldayevent?'23':$p2hour, $fulldayevent?'59':$p2min, $fulldayevent?'59':'0', $_POST["p2month"], $_POST["p2day"], $_POST["p2year"]); - $object->type_id = dol_getIdFromCode($db, GETPOST("actioncode"), 'c_actioncomm'); - $object->label = GETPOST("label"); + $object->type_id = dol_getIdFromCode($db, GETPOST("actioncode", 'aZ09'), 'c_actioncomm'); + $object->label = GETPOST("label", "alphanohtml"); $object->datep = $datep; $object->datef = $datef; $object->percentage = $percentage; - $object->priority = GETPOST("priority"); + $object->priority = GETPOST("priority", "alphanohtml"); $object->fulldayevent= GETPOST("fullday")?1:0; - $object->location = GETPOST('location'); - $object->socid = GETPOST("socid"); + $object->location = GETPOST('location', "alphanohtml"); + $object->socid = GETPOST("socid", "int"); $socpeopleassigned = GETPOST("socpeopleassigned", 'array'); $object->socpeopleassigned = array(); foreach ($socpeopleassigned as $cid) $object->socpeopleassigned[$cid] = array('id' => $cid); @@ -446,8 +446,8 @@ if ($action == 'update') $object->fk_project = GETPOST("projectid", 'int'); $object->note = GETPOST("note", "none"); // deprecated $object->note_private= GETPOST("note", "none"); - $object->fk_element = GETPOST("fk_element"); - $object->elementtype = GETPOST("elementtype"); + $object->fk_element = GETPOST("fk_element", "int"); + $object->elementtype = GETPOST("elementtype", "alphanohtml"); if (! $datef && $percentage == 100) { @@ -491,7 +491,7 @@ if ($action == 'update') } // Check parameters - if (! GETPOST('actioncode') > 0) + if (GETPOSTISSET('actioncode') && ! GETPOST('actioncode', 'aZ09')) // actioncode is '0' { $error++; $donotclearsession=1; $action = 'edit'; @@ -499,7 +499,7 @@ if ($action == 'update') } else { - $result=$cactioncomm->fetch(GETPOST('actioncode')); + $result=$cactioncomm->fetch(GETPOST('actioncode', 'aZ09')); } if (empty($object->userownerid)) { @@ -689,7 +689,7 @@ if ($action == 'create') if ($backtopage) print ''; if (empty($conf->global->AGENDA_USE_EVENT_TYPE)) print ''; - if (GETPOST("actioncode") == 'AC_RDV') print load_fiche_titre($langs->trans("AddActionRendezVous"), '', 'title_agenda'); + if (GETPOST("actioncode", 'aZ09') == 'AC_RDV') print load_fiche_titre($langs->trans("AddActionRendezVous"), '', 'title_agenda'); else print load_fiche_titre($langs->trans("AddAnAction"), '', 'title_agenda'); dol_fiche_head(); @@ -701,7 +701,7 @@ if ($action == 'create') { print ''.$langs->trans("Type").''; $default=(empty($conf->global->AGENDA_USE_EVENT_TYPE_DEFAULT)?'':$conf->global->AGENDA_USE_EVENT_TYPE_DEFAULT); - $formactions->select_type_actions(GETPOST("actioncode")?GETPOST("actioncode"):($object->type_code?$object->type_code:$default), "actioncode", "systemauto", 0, -1); + $formactions->select_type_actions(GETPOST("actioncode", 'aZ09')?GETPOST("actioncode", 'aZ09'):($object->type_code?$object->type_code:$default), "actioncode", "systemauto", 0, -1); print ''; } @@ -731,7 +731,7 @@ if ($action == 'create') { $datef=dol_time_plus_duree($datep, $conf->global->AGENDA_AUTOSET_END_DATE_WITH_DELTA_HOURS, 'h'); } - print ''.$langs->trans("DateActionEnd").''; + print ''.$langs->trans("DateActionEnd").''; if (GETPOST("afaire") == 1) { print $form->selectDate($datef, 'p2', 1, 1, 1, "action", 1, 1, 0, 'fulldayend'); } elseif (GETPOST("afaire") == 2) { @@ -1010,15 +1010,15 @@ if ($id > 0) $datep=dol_mktime($fulldayevent?'00':$aphour, $fulldayevent?'00':$apmin, 0, $_POST["apmonth"], $_POST["apday"], $_POST["apyear"]); $datef=dol_mktime($fulldayevent?'23':$p2hour, $fulldayevent?'59':$p2min, $fulldayevent?'59':'0', $_POST["p2month"], $_POST["p2day"], $_POST["p2year"]); - $object->type_id = dol_getIdFromCode($db, GETPOST("actioncode"), 'c_actioncomm'); - $object->label = GETPOST("label"); + $object->type_id = dol_getIdFromCode($db, GETPOST("actioncode", 'aZ09'), 'c_actioncomm'); + $object->label = GETPOST("label", "alphanohtml"); $object->datep = $datep; $object->datef = $datef; $object->percentage = $percentage; - $object->priority = GETPOST("priority"); + $object->priority = GETPOST("priority", "alphanohtml"); $object->fulldayevent= GETPOST("fullday")?1:0; - $object->location = GETPOST('location'); - $object->socid = GETPOST("socid"); + $object->location = GETPOST('location', "alpanohtml"); + $object->socid = GETPOST("socid", "int"); $socpeopleassigned = GETPOST("socpeopleassigned", 'array'); foreach ($socpeopleassigned as $tmpid) $object->socpeopleassigned[$id] = array('id' => $tmpid); $object->contactid = GETPOST("contactid", 'int'); @@ -1101,7 +1101,7 @@ if ($id > 0) print ''.$langs->trans("Type").''; if ($object->type_code != 'AC_OTH_AUTO') { - $formactions->select_type_actions(GETPOST("actioncode")?GETPOST("actioncode"):$object->type_code, "actioncode", "systemauto"); + $formactions->select_type_actions(GETPOST("actioncode", 'aZ09')?GETPOST("actioncode", 'aZ09'):$object->type_code, "actioncode", "systemauto"); } else { diff --git a/htdocs/comm/action/class/cactioncomm.class.php b/htdocs/comm/action/class/cactioncomm.class.php index eb7fb885d8d..5d3290599b9 100644 --- a/htdocs/comm/action/class/cactioncomm.class.php +++ b/htdocs/comm/action/class/cactioncomm.class.php @@ -84,7 +84,7 @@ class CActionComm $sql = "SELECT id, code, type, libelle as label, color, active, picto"; $sql.= " FROM ".MAIN_DB_PREFIX."c_actioncomm"; if (is_numeric($id)) $sql.= " WHERE id=".$id; - else $sql.= " WHERE code='".$id."'"; + else $sql.= " WHERE code='".$this->db->escape($id)."'"; dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql=$this->db->query($sql); diff --git a/htdocs/compta/localtax/card.php b/htdocs/compta/localtax/card.php index 821e4d05d7e..0a741e7691b 100644 --- a/htdocs/compta/localtax/card.php +++ b/htdocs/compta/localtax/card.php @@ -156,8 +156,6 @@ $title=$langs->trans("LT".$object->ltt) . " - " . $langs->trans("Card"); $help_url=''; llxHeader("", $title, $helpurl); - - if ($action == 'create') { print load_fiche_titre($langs->transcountry($lttype==2?"newLT2Payment":"newLT1Payment", $mysoc->country_code)); diff --git a/htdocs/compta/localtax/clients.php b/htdocs/compta/localtax/clients.php index 58b1ccd3f21..c4157d81984 100644 --- a/htdocs/compta/localtax/clients.php +++ b/htdocs/compta/localtax/clients.php @@ -85,6 +85,12 @@ $socid = GETPOST('socid', 'int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'tax', '', '', 'charges'); +if (empty($local)) +{ + accessforbidden('Parameter localTaxType is missing'); + exit; +} + /* @@ -106,11 +112,12 @@ llxHeader('', '', '', '', 0, 0, '', '', $morequerystring); $name=$langs->transcountry($local==1?"LT1ReportByCustomers":"LT2ReportByCustomers", $mysoc->country_code); -$fsearch.='
'; -$fsearch.=' '; -$fsearch.=' '; -$fsearch.=' '.$langs->trans("SalesTurnoverMinimum").': '; -$fsearch.=' '; +$fsearch =''; +$fsearch.=''; +$fsearch.=''; +$fsearch.=''; +$fsearch.=$langs->trans("SalesTurnoverMinimum").': '; +$fsearch.=''; $calc=$conf->global->MAIN_INFO_LOCALTAX_CALC.$local; // Affiche en-tete du rapport diff --git a/htdocs/compta/localtax/index.php b/htdocs/compta/localtax/index.php index 8d288274049..ef5013c84f6 100644 --- a/htdocs/compta/localtax/index.php +++ b/htdocs/compta/localtax/index.php @@ -188,6 +188,19 @@ function pt($db, $sql, $date) } } +if (empty($localTaxType)) +{ + accessforbidden('Parameter localTaxType is missing'); + exit; +} + + +/* + * Actions + */ + +// None + /* * View @@ -213,7 +226,11 @@ if($localTaxType==1) { $CalcLT= $conf->global->MAIN_INFO_LOCALTAX_CALC2; } -$fsearch.=' '; +$fsearch = ''; +$fsearch.= ''; +$fsearch.= ''; +$fsearch.= ''; + $description = $fsearch; // Show report header @@ -528,7 +545,7 @@ while ((($y < $yend) || ($y == $yend && $m <= $mend)) && $mcursor < 1000) // $mc $total = $total + $diff; $subtotal = price2num($subtotal + $diff, 'MT'); - print ''.price(price2num($diff, 'MT')).'\n'; + print ''.price(price2num($diff, 'MT')).''."\n"; print " \n"; print "\n"; diff --git a/htdocs/compta/localtax/quadri_detail.php b/htdocs/compta/localtax/quadri_detail.php index 54fa04d33a2..d73d15793d1 100644 --- a/htdocs/compta/localtax/quadri_detail.php +++ b/htdocs/compta/localtax/quadri_detail.php @@ -97,6 +97,12 @@ $socid = GETPOST('socid', 'int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'tax', '', '', 'charges'); +if (empty($local)) +{ + accessforbidden('Parameter localTaxType is missing'); + exit; +} + /* @@ -122,9 +128,10 @@ foreach ($listofparams as $param) llxHeader('', $langs->trans("LocalTaxReport"), '', '', 0, 0, '', '', $morequerystring); -$fsearch.=' '; -$fsearch.=' '; -$fsearch.=' '; +$fsearch = ''; +$fsearch.= ''; +$fsearch.= ''; +$fsearch.= ''; $name=$langs->transcountry($local==1?"LT1ReportByQuarters":"LT2ReportByQuarters", $mysoc->country_code); $calcmode=''; @@ -161,7 +168,7 @@ if (! empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) { $description.='
'.$langs->trans("DepositsAreNotIncluded"); } */ -if (! empty($conf->global->MAIN_MODULE_ACCOUNTING)) $description.='
'.$langs->trans("ThisIsAnEstimatedValue"); +if (! empty($conf->global->MAIN_MODULE_ACCOUNTING)) $description.=$langs->trans("ThisIsAnEstimatedValue"); // Customers invoices $elementcust=$langs->trans("CustomersInvoices"); @@ -186,15 +193,14 @@ if ($mysoc->tva_assuj) { report_header($name, '', $period, $periodlink, $description, $builddate, $exportlink, array(), $calcmode); - if($local==1){ - $vatcust=$langs->transcountry("LocalTax1", $mysoc->country_code); - $vatsup=$langs->transcountry("LocalTax1", $mysoc->country_code); - $vatexpensereport=$langs->transcountry("LocalTax1", $mysoc->country_code); + $vatcust=$langs->transcountry("LT1", $mysoc->country_code); + $vatsup=$langs->transcountry("LT1", $mysoc->country_code); + $vatexpensereport=$langs->transcountry("LT1", $mysoc->country_code); }else{ - $vatcust=$langs->transcountry("LocalTax2", $mysoc->country_code); - $vatsup=$langs->transcountry("LocalTax2", $mysoc->country_code); - $vatexpensereport=$langs->transcountry("LocalTax2", $mysoc->country_code); + $vatcust=$langs->transcountry("LT2", $mysoc->country_code); + $vatsup=$langs->transcountry("LT2", $mysoc->country_code); + $vatexpensereport=$langs->transcountry("LT2", $mysoc->country_code); } // VAT Received and paid diff --git a/htdocs/compta/tva/clients.php b/htdocs/compta/tva/clients.php index e977b31e5e4..5319be3cbbb 100644 --- a/htdocs/compta/tva/clients.php +++ b/htdocs/compta/tva/clients.php @@ -123,11 +123,11 @@ if (isset($_REQUEST['extra_report']) && $_REQUEST['extra_report'] == 1) { llxHeader('', $langs->trans("VATReport"), '', '', 0, 0, '', '', $morequerystring); -$fsearch.='
'; -$fsearch.=' '; -$fsearch.=' '; -$fsearch.=' '.$langs->trans("SalesTurnoverMinimum").': '; -$fsearch.=' '; +$fsearch =''; +$fsearch.=''; +$fsearch.=''; +$fsearch.=$langs->trans("SalesTurnoverMinimum").': '; +$fsearch.=''; // Show report header $name=$langs->trans("VATReportByThirdParties"); diff --git a/htdocs/compta/tva/index.php b/htdocs/compta/tva/index.php index f0c96dccdd6..6a83d25070b 100644 --- a/htdocs/compta/tva/index.php +++ b/htdocs/compta/tva/index.php @@ -198,7 +198,11 @@ $form=new Form($db); $company_static=new Societe($db); $tva = new Tva($db); -$description = ''; +$fsearch =''; +$fsearch.=''; +$fsearch.=''; + +$description = $fsearch; // Show report header $name = $langs->trans("ReportByMonth"); @@ -208,7 +212,7 @@ if ($modetax == 1) $calcmode=$langs->trans('OptionVATDebitOption'); if ($modetax == 2) $calcmode=$langs->trans('OptionPaymentForProductAndServices'); $calcmode.='
('.$langs->trans("TaxModuleSetupToModifyRules", DOL_URL_ROOT.'/admin/taxes.php').')'; -$description = $langs->trans("VATSummary").'
'; +$description .= $langs->trans("VATSummary").'
'; if ($conf->global->TAX_MODE_SELL_PRODUCT == 'invoice') $description.=$langs->trans("RulesVATDueProducts"); if ($conf->global->TAX_MODE_SELL_PRODUCT == 'payment') $description.=$langs->trans("RulesVATInProducts"); if ($conf->global->TAX_MODE_SELL_SERVICE == 'invoice') $description.='
'.$langs->trans("RulesVATDueServices"); diff --git a/htdocs/compta/tva/quadri_detail.php b/htdocs/compta/tva/quadri_detail.php index 26601308ccf..68f4ae1e9f6 100644 --- a/htdocs/compta/tva/quadri_detail.php +++ b/htdocs/compta/tva/quadri_detail.php @@ -124,8 +124,9 @@ llxHeader('', $title, '', '', 0, 0, '', '', $morequerystring); //print load_fiche_titre($langs->trans("VAT"),""); //$fsearch.='
'; -$fsearch.=' '; -$fsearch.=' '; +$fsearch =''; +$fsearch.=''; +$fsearch.=''; //$fsearch.=' '.$langs->trans("SalesTurnoverMinimum").': '; //$fsearch.=' '; diff --git a/htdocs/core/lib/date.lib.php b/htdocs/core/lib/date.lib.php index 9f1963dc9b9..6ed17305096 100644 --- a/htdocs/core/lib/date.lib.php +++ b/htdocs/core/lib/date.lib.php @@ -795,7 +795,8 @@ function num_public_holiday($timestampStart, $timestampEnd, $country_code = '', if (in_array('fronleichnam', $specialdayrule)) { // Fronleichnam (60 days after easter sunday) - $date_fronleichnam = mktime( + $date_paques = easter_date($annee); + $date_fronleichnam = mktime( date("H", $date_paques), date("i", $date_paques), date("s", $date_paques), diff --git a/htdocs/core/lib/project.lib.php b/htdocs/core/lib/project.lib.php index d37c7d5f960..e3f4673d4ea 100644 --- a/htdocs/core/lib/project.lib.php +++ b/htdocs/core/lib/project.lib.php @@ -699,7 +699,7 @@ function projectLinesa(&$inc, $parent, &$lines, &$level, $var, $showproject, &$t // resume print ''; - if ($total_projectlinesa_planned){ + if ($total_projectlinesa_planned) { print ''; print '
'; print '
'; diff --git a/htdocs/core/lib/tax.lib.php b/htdocs/core/lib/tax.lib.php index 884ff4fc922..d959a660224 100644 --- a/htdocs/core/lib/tax.lib.php +++ b/htdocs/core/lib/tax.lib.php @@ -124,7 +124,7 @@ function tax_by_thirdparty($type, $db, $y, $date_start, $date_end, $modetax, $di $invoicefieldref='ref'; } - if ( strpos($type, 'localtax') === 0 ) { + if (strpos($type, 'localtax') === 0) { $f_rate = $type . '_tx'; } else { $f_rate = 'tva_tx'; diff --git a/htdocs/core/modules/DolibarrModules.class.php b/htdocs/core/modules/DolibarrModules.class.php index 16d3969652d..e2c70823f4b 100644 --- a/htdocs/core/modules/DolibarrModules.class.php +++ b/htdocs/core/modules/DolibarrModules.class.php @@ -61,7 +61,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it /** * @var string Family - * @see familyinfo + * @see $familyinfo * * Native values: 'crm', 'financial', 'hr', 'projects', 'products', 'ecm', 'technic', 'other'. * Use familyinfo to declare a custom value. @@ -70,7 +70,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it /** * @var array Custom family informations - * @see family + * @see $family * * e.g.: * array( @@ -259,26 +259,6 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it */ public $core_enabled; - /** - * @var string Relative path to module style sheet - * @deprecated - * @see module_parts - */ - public $style_sheet = ''; - - /** - * @var 0|1|2|3 Where to display the module in setup page - * @deprecated @since 4.0.0 - * @see family - * @see familyinfo - * - * 0: common - * 1: interface - * 2: others - * 3: very specific - */ - public $special; - /** * @var string Name of image file used for this module * @@ -297,20 +277,20 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it /** - * @var string[] List of module class names that must be enabled if this module is enabled. - * - * e.g.: array('modAnotherModule', 'FR'=>'modYetAnotherModule') + * @var string[] List of module class names that must be enabled if this module is enabled. e.g.: array('modAnotherModule', 'FR'=>'modYetAnotherModule') + * @see $requiredby */ public $depends; /** - * @var int[] List of module ids to disable if this one is disabled. + * @var string[] List of module class names to disable if the module is disabled. + * @see $depends */ public $requiredby; /** * @var string[] List of module class names as string this module is in conflict with. - * @see depends + * @see $depends */ public $conflictwith; @@ -915,7 +895,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it /** * Gives the last date of activation * - * @return timestamp|string Date of last activation + * @return int|string Date of last activation or '' if module was never activated */ public function getLastActivationDate() { diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php index 472e77e1974..d34d43384d0 100644 --- a/htdocs/install/repair.php +++ b/htdocs/install/repair.php @@ -69,6 +69,7 @@ print '

'.$langs->trans("Repair").'

'; print 'Option standard (\'test\' or \'confirmed\') is '.(GETPOST('standard', 'alpha')?GETPOST('standard', 'alpha'):'undefined').'
'."\n"; print 'Option restore_thirdparties_logos (\'test\' or \'confirmed\') is '.(GETPOST('restore_thirdparties_logos', 'alpha')?GETPOST('restore_thirdparties_logos', 'alpha'):'undefined').'
'."\n"; +print 'Option restore_user_pictures (\'test\' or \'confirmed\') is '.(GETPOST('restore_user_pictures', 'alpha')?GETPOST('restore_user_pictures', 'alpha'):'undefined').'
'."\n"; print 'Option clean_linked_elements (\'test\' or \'confirmed\') is '.(GETPOST('clean_linked_elements', 'alpha')?GETPOST('clean_linked_elements', 'alpha'):'undefined').'
'."\n"; print 'Option clean_menus (\'test\' or \'confirmed\') is '.(GETPOST('clean_menus', 'alpha')?GETPOST('clean_menus', 'alpha'):'undefined').'
'."\n"; print 'Option clean_orphelin_dir (\'test\' or \'confirmed\') is '.(GETPOST('clean_orphelin_dir', 'alpha')?GETPOST('clean_orphelin_dir', 'alpha'):'undefined').'
'."\n"; @@ -492,70 +493,183 @@ if ($ok && GETPOST('restore_thirdparties_logos')) $ext=''; print '
*** Restore thirdparties logo
'; - //foreach($exts as $ext) - //{ - $sql="SELECT s.rowid, s.nom as name, s.logo FROM ".MAIN_DB_PREFIX."societe as s ORDER BY s.nom"; - $resql=$db->query($sql); - if ($resql) + + $sql="SELECT s.rowid, s.nom as name, s.logo FROM ".MAIN_DB_PREFIX."societe as s ORDER BY s.nom"; + $resql=$db->query($sql); + if ($resql) + { + $num=$db->num_rows($resql); + $i=0; + + while($i < $num) { - $num=$db->num_rows($resql); - $i=0; + $obj=$db->fetch_object($resql); - while($i < $num) + /* + $name=preg_replace('/é/','',$obj->name); + $name=preg_replace('/ /','_',$name); + $name=preg_replace('/\'/','',$name); + */ + + $tmp=explode('.', $obj->logo); + $name=$tmp[0]; + if (isset($tmp[1])) $ext='.'.$tmp[1]; + + if (! empty($name)) { - $obj=$db->fetch_object($resql); - - /* - $name=preg_replace('/é/','',$obj->name); - $name=preg_replace('/ /','_',$name); - $name=preg_replace('/\'/','',$name); - */ - - $tmp=explode('.', $obj->logo); - $name=$tmp[0]; - if (isset($tmp[1])) $ext='.'.$tmp[1]; - - if (! empty($name)) + $filetotest=$dolibarr_main_data_root.'/societe/logos/'.$name.$ext; + $filetotestsmall=$dolibarr_main_data_root.'/societe/logos/thumbs/'.$name.'_small'.$ext; + $exists=dol_is_file($filetotest); + print 'Check thirdparty '.$obj->rowid.' name='.$obj->name.' logo='.$obj->logo.' file '.$filetotest." exists=".$exists."
\n"; + if ($exists) { - $filetotest=$dolibarr_main_data_root.'/societe/logos/'.$name.$ext; - $filetotestsmall=$dolibarr_main_data_root.'/societe/logos/thumbs/'.$name.$ext; - $exists=dol_is_file($filetotest); - print 'Check thirdparty '.$obj->rowid.' name='.$obj->name.' logo='.$obj->logo.' file '.$filetotest." exists=".$exists."
\n"; - if ($exists) + $filetarget=$dolibarr_main_data_root.'/societe/'.$obj->rowid.'/logos/'.$name.$ext; + $filetargetsmall=$dolibarr_main_data_root.'/societe/'.$obj->rowid.'/logos/thumbs/'.$name.'_small'.$ext; + $existt=dol_is_file($filetarget); + if (! $existt) { - $filetarget=$dolibarr_main_data_root.'/societe/'.$obj->rowid.'/logos/'.$name.$ext; - $filetargetsmall=$dolibarr_main_data_root.'/societe/'.$obj->rowid.'/logos/thumbs/'.$name.'_small'.$ext; - $existt=dol_is_file($filetarget); - if (! $existt) + if (GETPOST('restore_thirdparties_logos', 'alpha') == 'confirmed') { dol_mkdir($dolibarr_main_data_root.'/societe/'.$obj->rowid.'/logos'); - - print "       -> Copy file ".$filetotest." -> ".$filetarget."
\n"; - dol_copy($filetotest, $filetarget, '', 0); } - $existtt=dol_is_file($filetargetsmall); - if (! $existtt) + print "       -> Copy file ".$filetotest." -> ".$filetarget."
\n"; + if (GETPOST('restore_thirdparties_logos', 'alpha') == 'confirmed') + { + dol_copy($filetotest, $filetarget, '', 0); + } + } + + $existtt=dol_is_file($filetargetsmall); + if (! $existtt) + { + if (GETPOST('restore_thirdparties_logos', 'alpha') == 'confirmed') { dol_mkdir($dolibarr_main_data_root.'/societe/'.$obj->rowid.'/logos/thumbs'); - - print "       -> Copy file ".$filetotestsmall." -> ".$filetargetsmall."
\n"; + } + print "       -> Copy file ".$filetotestsmall." -> ".$filetargetsmall."
\n"; + if (GETPOST('restore_thirdparties_logos', 'alpha') == 'confirmed') + { dol_copy($filetotestsmall, $filetargetsmall, '', 0); } } } - - $i++; } + + $i++; } - else - { - $ok=0; - dol_print_error($db); - } + } + else + { + $ok=0; + dol_print_error($db); + } + + print ''; +} + + + +// restore_user_pictures: Move pictures to correct new directory. +if ($ok && GETPOST('restore_user_pictures', 'alpha')) +{ + //$exts=array('gif','png','jpg'); + + $ext=''; + + print '
*** Restore user pictures
'; + + $sql="SELECT s.rowid, s.firstname, s.lastname, s.login, s.photo FROM ".MAIN_DB_PREFIX."user as s ORDER BY s.rowid"; + $resql=$db->query($sql); + if ($resql) + { + $num=$db->num_rows($resql); + $i=0; + + while($i < $num) + { + $obj=$db->fetch_object($resql); + + /* + $name=preg_replace('/é/','',$obj->name); + $name=preg_replace('/ /','_',$name); + $name=preg_replace('/\'/','',$name); + */ + + $tmp=explode('.', $obj->photo); + $name=$tmp[0]; + if (isset($tmp[1])) $ext='.'.$tmp[1]; + + if (! empty($name)) + { + $filetotest=$dolibarr_main_data_root.'/users/'.substr(sprintf('%08d', $obj->rowid), -1, 1).'/'.substr(sprintf('%08d', $obj->rowid), -2, 1).'/'.$name.$ext; + $filetotestsmall=$dolibarr_main_data_root.'/users/'.substr(sprintf('%08d', $obj->rowid), -1, 1).'/'.substr(sprintf('%08d', $obj->rowid), -2, 1).'/thumbs/'.$name.'_small'.$ext; + $filetotestmini=$dolibarr_main_data_root.'/users/'.substr(sprintf('%08d', $obj->rowid), -1, 1).'/'.substr(sprintf('%08d', $obj->rowid), -2, 1).'/thumbs/'.$name.'_mini'.$ext; + $exists=dol_is_file($filetotest); + print 'Check user '.$obj->rowid.' lastname='.$obj->lastname.' fistname='.$obj->firstname.' photo='.$obj->photo.' file '.$filetotest." exists=".$exists."
\n"; + if ($exists) + { + $filetarget=$dolibarr_main_data_root.'/users/'.$obj->rowid.'/'.$name.$ext; + $filetargetsmall=$dolibarr_main_data_root.'/users/'.$obj->rowid.'/thumbs/'.$name.'_small'.$ext; + $filetargetmini=$dolibarr_main_data_root.'/users/'.$obj->rowid.'/thumbs/'.$name.'_mini'.$ext; + + $existt=dol_is_file($filetarget); + if (! $existt) + { + if (GETPOST('restore_user_pictures', 'alpha') == 'confirmed') + { + dol_mkdir($dolibarr_main_data_root.'/users/'.$obj->rowid); + } + + print "       -> Copy file ".$filetotest." -> ".$filetarget."
\n"; + if (GETPOST('restore_user_pictures', 'alpha') == 'confirmed') + { + dol_copy($filetotest, $filetarget, '', 0); + } + } + + $existtt=dol_is_file($filetargetsmall); + if (! $existtt) + { + if (GETPOST('restore_user_pictures', 'alpha') == 'confirmed') + { + dol_mkdir($dolibarr_main_data_root.'/users/'.$obj->rowid.'/thumbs'); + } + + print "       -> Copy file ".$filetotestsmall." -> ".$filetargetsmall."
\n"; + if (GETPOST('restore_user_pictures', 'alpha') == 'confirmed') + { + dol_copy($filetotestsmall, $filetargetsmall, '', 0); + } + } + + $existtt=dol_is_file($filetargetmini); + if (! $existtt) + { + if (GETPOST('restore_user_pictures', 'alpha') == 'confirmed') + { + dol_mkdir($dolibarr_main_data_root.'/users/'.$obj->rowid.'/thumbs'); + } + + print "       -> Copy file ".$filetotestmini." -> ".$filetargetmini."
\n"; + if (GETPOST('restore_user_pictures', 'alpha') == 'confirmed') + { + dol_copy($filetotestmini, $filetargetmini, '', 0); + } + } + } + } + + $i++; + } + } + else + { + $ok=0; + dol_print_error($db); + } print ''; - //} } diff --git a/htdocs/langs/en_US/companies.lang b/htdocs/langs/en_US/companies.lang index dccd53c597a..532fbf14cb7 100644 --- a/htdocs/langs/en_US/companies.lang +++ b/htdocs/langs/en_US/companies.lang @@ -96,8 +96,6 @@ LocalTax1IsNotUsedES= RE is not used LocalTax2IsUsed=Use third tax LocalTax2IsUsedES= IRPF is used LocalTax2IsNotUsedES= IRPF is not used -LocalTax1ES=RE -LocalTax2ES=IRPF WrongCustomerCode=Customer code invalid WrongSupplierCode=Vendor code invalid CustomerCodeModel=Customer code model diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 9183cbb5f00..014ca843236 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -360,7 +360,7 @@ if (! defined('NOTOKENRENEWAL')) if ((! defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && ! empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN)) || defined('CSRFCHECK_WITH_TOKEN')) // Check validity of token, only if option MAIN_SECURITY_CSRF_WITH_TOKEN enabled or if constant CSRFCHECK_WITH_TOKEN is set { - if ($_SERVER['REQUEST_METHOD'] == 'POST' && ! GETPOSTISSET('token')) // Note, offender can still send request by GET + if ($_SERVER['REQUEST_METHOD'] == 'POST' && ! GETPOSTISSET('token')) // Note: offender can still send request by GET { dol_syslog("--- Access to ".$_SERVER["PHP_SELF"]." refused by CSRFCHECK_WITH_TOKEN protection. Token not provided."); print "Access by POST method refused by CSRF protection in main.inc.php. Token not provided.\n"; @@ -368,17 +368,14 @@ if ((! defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && ! empty($conf-> die; } - //if ($_SERVER['REQUEST_METHOD'] === 'POST') // This test must be after loading $_SESSION['token']. - //{ if (GETPOSTISSET('token') && GETPOST('token', 'alpha') != $_SESSION['token']) { dol_syslog("--- Access to ".$_SERVER["PHP_SELF"]." refused due to invalid token, so we disable POST and some GET parameters - referer=".$_SERVER['HTTP_REFERER'].", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha').", _SESSION['token']=".$_SESSION['token'], LOG_WARNING); //print 'Unset POST by CSRF protection in main.inc.php.'; // Do not output anything because this create problems when using the BACK button on browsers. - if ($conf->global->MAIN_FEATURES_LEVEL>1) setEventMessages('Unset POST by CSRF protection in main.inc.php (POST was already done or was done by a not allowed web page).'."
\n".'$_SERVER[REQUEST_URI] = '.$_SERVER['REQUEST_URI'].' $_SERVER[REQUEST_METHOD] = '.$_SERVER['REQUEST_METHOD'].' GETPOST(token) = '.GETPOST('token', 'alpha').' $_SESSION[token] = '.$_SESSION['token'], null, 'warnings'); + if ($conf->global->MAIN_FEATURES_LEVEL>1) setEventMessages('Unset POST by CSRF protection in main.inc.php (POST for this token was already done or was done by a not allowed web page with a wrong token).'."
\n".'$_SERVER[REQUEST_URI] = '.$_SERVER['REQUEST_URI'].' $_SERVER[REQUEST_METHOD] = '.$_SERVER['REQUEST_METHOD'].' GETPOST(token) = '.GETPOST('token', 'alpha').' $_SESSION[token] = '.$_SESSION['token'], null, 'warnings'); unset($_POST); unset($_GET['confirm']); } - //} } // Disable modules (this must be after session_start and after conf has been loaded) diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index db37b15345b..4b6364ea3be 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -2249,12 +2249,19 @@ if (preg_match('/^dopayment/', $action)) // If we choosed/click on the payment function stripeTokenHandler(token) { // Insert the token ID into the form so it gets submitted to the server var form = document.getElementById('payment-form'); + var hiddenInput = document.createElement('input'); hiddenInput.setAttribute('type', 'hidden'); hiddenInput.setAttribute('name', 'stripeToken'); hiddenInput.setAttribute('value', token.id); form.appendChild(hiddenInput); + var hiddenInput2 = document.createElement('input'); + hiddenInput2.setAttribute('type', 'hidden'); + hiddenInput2.setAttribute('name', 'token'); + hiddenInput2.setAttribute('value', ''); + form.appendChild(hiddenInput2); + // Submit the form jQuery('#buttontopay').hide(); jQuery('#hourglasstopay').show(); @@ -2266,12 +2273,19 @@ if (preg_match('/^dopayment/', $action)) // If we choosed/click on the payment function stripeSourceHandler(source) { // Insert the source ID into the form so it gets submitted to the server var form = document.getElementById('payment-form'); + var hiddenInput = document.createElement('input'); hiddenInput.setAttribute('type', 'hidden'); hiddenInput.setAttribute('name', 'stripeSource'); hiddenInput.setAttribute('value', source.id); form.appendChild(hiddenInput); + var hiddenInput2 = document.createElement('input'); + hiddenInput2.setAttribute('type', 'hidden'); + hiddenInput2.setAttribute('name', 'token'); + hiddenInput2.setAttribute('value', ''); + form.appendChild(hiddenInput2); + // Submit the form jQuery('#buttontopay').hide(); jQuery('#hourglasstopay').show();