FIX #yogosha5668

htdocs/compta/bank/bankentries_list.php

@@ -898,18 +898,21 @@ if ($resql) {
 		print '<br>';
 	}
 
-	/// ajax to adjust value date with plus and less picto
+	// Code to adjust value date with plus and less picto using an Ajax call instead of a full reload of page
+	$urlajax = DOL_URL_ROOT.'/core/ajax/bankconciliate.php?token='.currentToken();
 	print '
     <script type="text/javascript">
     $(function() {
-    	$("a.ajax").each(function(){
+    	$("a.ajaxforbankoperationchange").each(function(){
     		var current = $(this);
     		current.click(function()
     		{
-    			$.get("'.DOL_URL_ROOT.'/core/ajax/bankconciliate.php?"+current.attr("href").split("?")[1], function(data)
+				var url = "'.$urlajax.'&"+current.attr("href").split("?")[1];
+    			$.get(url, function(data)
     			{
-    			    console.log(data)
-    				current.parent().prev().replaceWith(data);
+    			    console.log(url)
+					console.log(data)
+					current.parent().parent().find(".spanforajaxedit").replaceWith(data);
     			});
     			return false;
     		});
@@ -1448,12 +1451,12 @@ if ($resql) {
 		// Date ope
 		if (!empty($arrayfields['b.dateo']['checked'])) {
 			print '<td align="center" class="nowrap">';
-			print '<span id="dateoperation_'.$objp->rowid.'">'.dol_print_date($db->jdate($objp->do), "day")."</span>";
+			print '<span class="spanforajaxedit" id="dateoperation_'.$objp->rowid.'">'.dol_print_date($db->jdate($objp->do), "day")."</span>";
 			print '&nbsp;';
 			print '<span class="inline-block">';
-			print '<a class="ajax" href="'.$_SERVER['PHP_SELF'].'?action=doprev&amp;account='.$objp->bankid.'&amp;rowid='.$objp->rowid.'">';
+			print '<a class="ajaxforbankoperationchange" href="'.$_SERVER['PHP_SELF'].'?action=doprev&amp;account='.$objp->bankid.'&amp;rowid='.$objp->rowid.'">';
 			print img_edit_remove()."</a> ";
-			print '<a class="ajax" href="'.$_SERVER['PHP_SELF'].'?action=donext&amp;account='.$objp->bankid.'&amp;rowid='.$objp->rowid.'">';
+			print '<a class="ajaxforbankoperationchange" href="'.$_SERVER['PHP_SELF'].'?action=donext&amp;account='.$objp->bankid.'&amp;rowid='.$objp->rowid.'">';
 			print img_edit_add()."</a>";
 			print '</span>';
 			print "</td>\n";
@@ -1465,12 +1468,12 @@ if ($resql) {
 		// Date value
 		if (!empty($arrayfields['b.datev']['checked'])) {
 			print '<td align="center" class="nowrap">';
-			print '<span id="datevalue_'.$objp->rowid.'">'.dol_print_date($db->jdate($objp->dv), "day")."</span>";
+			print '<span class="spanforajaxedit" id="datevalue_'.$objp->rowid.'">'.dol_print_date($db->jdate($objp->dv), "day")."</span>";
 			print '&nbsp;';
 			print '<span class="inline-block">';
-			print '<a class="ajax" href="'.$_SERVER['PHP_SELF'].'?action=dvprev&amp;account='.$objp->bankid.'&amp;rowid='.$objp->rowid.'">';
+			print '<a class="ajaxforbankoperationchange" href="'.$_SERVER['PHP_SELF'].'?action=dvprev&amp;account='.$objp->bankid.'&amp;rowid='.$objp->rowid.'">';
 			print img_edit_remove()."</a> ";
-			print '<a class="ajax" href="'.$_SERVER['PHP_SELF'].'?action=dvnext&amp;account='.$objp->bankid.'&amp;rowid='.$objp->rowid.'">';
+			print '<a class="ajaxforbankoperationchange" href="'.$_SERVER['PHP_SELF'].'?action=dvnext&amp;account='.$objp->bankid.'&amp;rowid='.$objp->rowid.'">';
 			print img_edit_add()."</a>";
 			print '</span>';
 			print "</td>\n";

htdocs/compta/bank/class/account.class.php

@@ -2098,12 +2098,12 @@ class AccountLine extends CommonObject
 		}
 
 		$sql = "UPDATE ".MAIN_DB_PREFIX."bank SET";
-		$sql .= " rappro = ".$conciliated;
+		$sql .= " rappro = ".((int) $conciliated);
 		$sql .= ", num_releve = '".$this->db->escape($this->num_releve)."'";
 		if ($conciliated) {
 			$sql .= ", fk_user_rappro = ".$user->id;
 		}
-		$sql .= " WHERE rowid = ".$this->id;
+		$sql .= " WHERE rowid = ".((int) $this->id);
 
 		dol_syslog(get_class($this)."::update_conciliation", LOG_DEBUG);
 		$resql = $this->db->query($sql);
@@ -2145,7 +2145,7 @@ class AccountLine extends CommonObject
 	public function datev_change($rowid, $sign = 1)
 	{
 		// phpcs:enable
-		$sql = "SELECT datev FROM ".MAIN_DB_PREFIX."bank WHERE rowid = ".$rowid;
+		$sql = "SELECT datev FROM ".MAIN_DB_PREFIX."bank WHERE rowid = ".((int) $rowid);
 		$resql = $this->db->query($sql);
 		if ($resql) {
 			$obj = $this->db->fetch_object($resql);
@@ -2153,7 +2153,7 @@ class AccountLine extends CommonObject
 
 			$sql = "UPDATE ".MAIN_DB_PREFIX."bank SET";
 			$sql .= " datev = '".$this->db->idate($newdate)."'";
-			$sql .= " WHERE rowid = ".$rowid;
+			$sql .= " WHERE rowid = ".((int) $rowid);
 
 			$result = $this->db->query($sql);
 			if ($result) {
@@ -2208,7 +2208,7 @@ class AccountLine extends CommonObject
 	public function dateo_change($rowid, $sign = 1)
 	{
 		// phpcs:enable
-		$sql = "SELECT dateo FROM ".MAIN_DB_PREFIX."bank WHERE rowid = ".$rowid;
+		$sql = "SELECT dateo FROM ".MAIN_DB_PREFIX."bank WHERE rowid = ".((int) $rowid);
 		$resql = $this->db->query($sql);
 		if ($resql) {
 			$obj = $this->db->fetch_object($resql);
@@ -2216,7 +2216,7 @@ class AccountLine extends CommonObject
 
 			$sql = "UPDATE ".MAIN_DB_PREFIX."bank SET";
 			$sql .= " dateo = '".$this->db->idate($newdate)."'";
-			$sql .= " WHERE rowid = ".$rowid;
+			$sql .= " WHERE rowid = ".((int) $rowid);
 
 			$result = $this->db->query($sql);
 			if ($result) {

htdocs/compta/bank/line.php

@@ -92,16 +92,16 @@ if ($cancel) {
 
 if ($user->rights->banque->consolidate && $action == 'donext') {
 	$al = new AccountLine($db);
-	$al->dateo_next($_GET["rowid"]);
+	$al->dateo_next(GETPOST("rowid", 'int'));
 } elseif ($user->rights->banque->consolidate && $action == 'doprev') {
 	$al = new AccountLine($db);
-	$al->dateo_previous($_GET["rowid"]);
+	$al->dateo_previous(GETPOST("rowid", 'int'));
 } elseif ($user->rights->banque->consolidate && $action == 'dvnext') {
 	$al = new AccountLine($db);
-	$al->datev_next($_GET["rowid"]);
+	$al->datev_next(GETPOST("rowid", 'int'));
 } elseif ($user->rights->banque->consolidate && $action == 'dvprev') {
 	$al = new AccountLine($db);
-	$al->datev_previous($_GET["rowid"]);
+	$al->datev_previous(GETPOST("rowid", 'int'));
 }
 
 if ($action == 'confirm_delete_categ' && $confirm == "yes" && $user->rights->banque->modifier) {
@@ -489,9 +489,9 @@ if ($result) {
 			print $form->selectDate($db->jdate($objp->do), 'dateo', '', '', '', 'update', 1, 0, $objp->rappro);
 			if (!$objp->rappro) {
 				print '   ';
-				print '<a href="'.$_SERVER['PHP_SELF'].'?action=doprev&amp;id='.$id.'&amp;rowid='.$objp->rowid.'">';
+				print '<a class="ajaxforbankoperationchange" href="'.$_SERVER['PHP_SELF'].'?action=doprev&amp;id='.$id.'&amp;rowid='.$objp->rowid.'">';
 				print img_edit_remove()."</a> ";
-				print '<a href="'.$_SERVER['PHP_SELF'].'?action=donext&amp;id='.$id.'&amp;rowid='.$objp->rowid.'">';
+				print '<a class="ajaxforbankoperationchange" href="'.$_SERVER['PHP_SELF'].'?action=donext&amp;id='.$id.'&amp;rowid='.$objp->rowid.'">';
 				print img_edit_add()."</a>";
 			}
 			print '</td>';
@@ -509,9 +509,9 @@ if ($result) {
 			print $form->selectDate($db->jdate($objp->dv), 'datev', '', '', '', 'update', 1, 0, $objp->rappro);
 			if (!$objp->rappro) {
 				print ' &nbsp; ';
-				print '<a href="'.$_SERVER['PHP_SELF'].'?action=dvprev&amp;id='.$id.'&amp;rowid='.$objp->rowid.'">';
+				print '<a class="ajaxforbankoperationchange" href="'.$_SERVER['PHP_SELF'].'?action=dvprev&amp;id='.$id.'&amp;rowid='.$objp->rowid.'">';
 				print img_edit_remove()."</a> ";
-				print '<a href="'.$_SERVER['PHP_SELF'].'?action=dvnext&amp;id='.$id.'&amp;rowid='.$objp->rowid.'">';
+				print '<a class="ajaxforbankoperationchange" href="'.$_SERVER['PHP_SELF'].'?action=dvnext&amp;id='.$id.'&amp;rowid='.$objp->rowid.'">';
 				print img_edit_add()."</a>";
 			}
 			print '</td>';
@@ -573,6 +573,30 @@ if ($result) {
 
 		print "</table>";
 
+		// Code to adjust value date with plus and less picto using an Ajax call instead of a full reload of page
+		/* Not yet ready. We must manage inline replacemet of input date field
+		$urlajax = DOL_URL_ROOT.'/core/ajax/bankconciliate.php?token='.currentToken();
+		print '
+			<script type="text/javascript">
+			$(function() {
+				$("a.ajaxforbankoperationchange").each(function(){
+					var current = $(this);
+					current.click(function()
+					{
+						var url = "'.$urlajax.'&"+current.attr("href").split("?")[1];
+						$.get(url, function(data)
+						{
+							console.log(url)
+							console.log(data)
+							current.parent().prev().replaceWith(data);
+						});
+						return false;
+					});
+				});
+			});
+			</script>
+			';
+		*/
 		print '</div>';
 
 		print dol_get_fiche_end();

htdocs/compta/bank/releve.php

@@ -454,11 +454,14 @@ if (empty($numref)) {
 
 			// Date de valeur
 			print '<td valign="center" class="center nowrap">';
-			print dol_print_date($db->jdate($objp->dv), "day").' ';
-			print '<a class="ajax reposition" href="'.$_SERVER['PHP_SELF'].'?action=dvprev&amp;num='.$numref.'&amp;account='.$object->id.'&amp;dvid='.$objp->rowid.'">';
+			print '<span class="spanforajaxedit">'.dol_print_date($db->jdate($objp->dv), "day").'</span>';
+			print '&nbsp;';
+			print '<span class="inline-block">';
+			print '<a class="ajaxforbankoperationchange reposition" href="'.$_SERVER['PHP_SELF'].'?action=dvprev&amp;num='.$numref.'&amp;account='.$object->id.'&amp;rowid='.$objp->rowid.'&amp;dvid='.$objp->rowid.'">';
 			print img_edit_remove()."</a> ";
-			print '<a class="ajax reposition" href="'.$_SERVER['PHP_SELF'].'?action=dvnext&amp;num='.$numref.'&amp;account='.$object->id.'&amp;dvid='.$objp->rowid.'">';
+			print '<a class="ajaxforbankoperationchange reposition" href="'.$_SERVER['PHP_SELF'].'?action=dvnext&amp;num='.$numref.'&amp;account='.$object->id.'&amp;rowid='.$objp->rowid.'&amp;dvid='.$objp->rowid.'">';
 			print img_edit_add()."</a>";
+			print '</span>';
 			print "</td>\n";
 
 			// Type and num
@@ -656,6 +659,29 @@ if (empty($numref)) {
 	print "</tr>\n";
 	print "</table>";
 
+	// Code to adjust value date with plus and less picto using an Ajax call instead of a full reload of page
+	$urlajax = DOL_URL_ROOT.'/core/ajax/bankconciliate.php?token='.currentToken();
+	print '
+    <script type="text/javascript">
+    $(function() {
+    	$("a.ajaxforbankoperationchange").each(function(){
+    		var current = $(this);
+    		current.click(function()
+    		{
+				var url = "'.$urlajax.'&"+current.attr("href").split("?")[1];
+    			$.get(url, function(data)
+    			{
+    			    console.log(url)
+					console.log(data)
+    				current.parent().parent().find(".spanforajaxedit").replaceWith(data);
+    			});
+    			return false;
+    		});
+    	});
+    });
+    </script>
+    ';
+
 	print "</div>";
 
 	print "</form>\n";

htdocs/core/ajax/bankconciliate.php

@@ -48,10 +48,6 @@ $action = GETPOST('action', 'aZ09');
  * View
  */
 
-// Ajout directives pour resoudre bug IE
-//header('Cache-Control: Public, must-revalidate');
-//header('Pragma: public');
-
 //top_htmlhead("", "", 1);  // Replaced with top_httphead. An ajax page does not need html header.
 top_httphead();
 
@@ -63,7 +59,7 @@ if (($user->rights->banque->modifier || $user->rights->banque->consolidate) && $
 	$al->datev_next(GETPOST('rowid', 'int'));
 	$al->fetch(GETPOST('rowid', 'int'));
 
-	print '<span>'.dol_print_date($db->jdate($al->datev), "day").'</span>';
+	print '<span class="spanforajaxedit" id="datevalue_'.$al->id.'">'.dol_print_date($db->jdate($al->datev), "day").'</span>';
 
 	exit;
 }
@@ -74,7 +70,7 @@ if (($user->rights->banque->modifier || $user->rights->banque->consolidate) && $
 	$al->datev_previous(GETPOST('rowid', 'int'));
 	$al->fetch(GETPOST('rowid', 'int'));
 
-	print '<span>'.dol_print_date($db->jdate($al->datev), "day").'</span>';
+	print '<span class="spanforajaxedit" id="datevalue_'.$al->id.'">'.dol_print_date($db->jdate($al->datev), "day").'</span>';
 
 	exit;
 }
@@ -85,7 +81,7 @@ if (($user->rights->banque->modifier || $user->rights->banque->consolidate) && $
 	$al->dateo_next(GETPOST('rowid', 'int'));
 	$al->fetch(GETPOST('rowid', 'int'));
 
-	print '<span>'.dol_print_date($db->jdate($al->dateo), "day").'</span>';
+	print '<span class="spanforajaxedit" id="dateoperation_'.$al->id.'">'.dol_print_date($db->jdate($al->dateo), "day").'</span>';
 
 	exit;
 }
@@ -96,7 +92,7 @@ if (($user->rights->banque->modifier || $user->rights->banque->consolidate) && $
 	$al->dateo_previous(GETPOST('rowid', 'int'));
 	$al->fetch(GETPOST('rowid', 'int'));
 
-	print '<span>'.dol_print_date($db->jdate($al->dateo), "day").'</span>';
+	print '<span class="spanforajaxedit" id="dateoperation_'.$al->id.'">'.dol_print_date($db->jdate($al->dateo), "day").'</span>';
 
 	exit;
 }

htdocs/main.inc.php

@@ -427,7 +427,7 @@ if (!defined('NOTOKENRENEWAL')) {
 	dol_syslog("NEW TOKEN reclaimed by : " . $_SERVER['PHP_SELF'], LOG_DEBUG);
 }
 
-//dol_syslog("aaaa - ".defined('NOCSRFCHECK')." - ".$dolibarr_nocsrfcheck." - ".$conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN." - ".$_SERVER['REQUEST_METHOD']." - ".GETPOST('token', 'alpha').' '.$_SESSION['token']);
+//dol_syslog("aaaa - ".defined('NOCSRFCHECK')." - ".$dolibarr_nocsrfcheck." - ".$conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN." - ".$_SERVER['REQUEST_METHOD']." - ".GETPOST('token', 'alpha'));
 
 // Check validity of token, only if option MAIN_SECURITY_CSRF_WITH_TOKEN enabled or if constant CSRFCHECK_WITH_TOKEN is set into page
 if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN)) || defined('CSRFCHECK_WITH_TOKEN')) {
@@ -457,7 +457,9 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->gl
 		}
 	}
 
-	if (GETPOSTISSET('token') && GETPOST('token', 'alpha') != $_SESSION['token']) {
+	$sessiontokenforthisurl = $_SESSION['token'];
+	// TODO Get the sessiontokenforthisurl into the array of session token
+	if (GETPOSTISSET('token') && GETPOST('token', 'alpha') != $sessiontokenforthisurl) {
 		dol_syslog("--- Access to ".$_SERVER["PHP_SELF"]." refused due to invalid token, so we disable POST and some GET parameters - referer=".$_SERVER['HTTP_REFERER'].", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha').", _SESSION['token']=".$_SESSION['token'], LOG_WARNING);
 		//print 'Unset POST by CSRF protection in main.inc.php.';	// Do not output anything because this create problems when using the BACK button on browsers.
 		setEventMessages('SecurityTokenHasExpiredSoActionHasBeenCanceledPleaseRetry', null, 'warnings');
@@ -1094,7 +1096,7 @@ if (!defined('NOLOGIN')) {
 
 dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"])?'':$_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"].' - action='.GETPOST('action', 'aZ09').', massaction='.GETPOST('massaction', 'aZ09').' NOTOKENRENEWAL='.(defined('NOTOKENRENEWAL') ?constant('NOTOKENRENEWAL') : ''));
 //Another call for easy debugg
-//dol_syslog("Access to ".$_SERVER["PHP_SELF"].' GET='.join(',',array_keys($_GET)).'->'.join(',',$_GET).' POST:'.join(',',array_keys($_POST)).'->'.join(',',$_POST));
+//dol_syslog("Access to ".$_SERVER["PHP_SELF"].' '.$_SERVER["HTTP_REFERER"].' GET='.join(',',array_keys($_GET)).'->'.join(',',$_GET).' POST:'.join(',',array_keys($_POST)).'->'.join(',',$_POST));
 
 // Load main languages files
 if (!defined('NOREQUIRETRAN')) {
@@ -1237,7 +1239,7 @@ if (!function_exists("llxHeader")) {
 
 
 /**
- *  Show HTTP header
+ *  Show HTTP header. Called by top_htmlhead().
  *
  *  @param  string  $contenttype    Content type. For example, 'text/html'
  *  @param	int		$forcenocache	Force disabling of cache for the page
@@ -1303,7 +1305,7 @@ function top_httphead($contenttype = 'text/html', $forcenocache = 0)
 }
 
 /**
- * Ouput html header of a page.
+ * Ouput html header of a page. It calls also top_httphead()
  * This code is also duplicated into security2.lib.php::dol_loginfunction
  *
  * @param 	string 	$head			 Optionnal head lines