Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '17.0' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source
This commit is contained in:
Laurent Destailleur 2023-02-25 20:12:48 +01:00
commit ed5c890769
63 changed files with 403 additions and 417 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
htdocs/adherents/class/api_members.class.php
View File

@ -238,11 +238,10 @@ class Members extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

5
htdocs/adherents/class/api_memberstypes.class.php
View File

@ -103,11 +103,10 @@ class MembersTypes extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

5
htdocs/adherents/class/api_subscriptions.class.php
View File

@ -101,11 +101,10 @@ class Subscriptions extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

4
htdocs/api/class/api.class.php
View File

@ -302,6 +302,7 @@ class DolibarrApi
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
/**
* Return if a $sqlfilters parameter is valid
* Function no more used. Kept for backward compatibility with old APIs of modules
*
* @param string $sqlfilters sqlfilter string
* @param string $error Error message
@ -317,7 +318,8 @@ class DolibarrApi
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
/**
* Function to forge a SQL criteria from a Generic filter string
* Function to forge a SQL criteria from a Generic filter string.
* Function no more used. Kept for backward compatibility with old APIs of modules
*
* @param array $matches Array of found string by regex search.
* Each entry is 1 and only 1 criteria.

112
htdocs/api/class/api_setup.class.php
View File

@ -77,11 +77,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
@ -141,11 +140,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
@ -206,11 +204,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
@ -277,11 +274,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
@ -378,11 +374,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
@ -550,11 +545,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
@ -665,11 +659,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
@ -729,11 +722,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
@ -798,11 +790,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
@ -864,11 +855,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
@ -939,11 +929,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
@ -1010,11 +999,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
@ -1084,11 +1072,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
@ -1149,11 +1136,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
@ -1209,11 +1195,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
@ -1270,11 +1255,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
@ -1333,11 +1317,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
@ -1392,11 +1375,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
@ -1458,11 +1440,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
@ -1519,11 +1500,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
@ -1582,11 +1562,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
@ -1646,11 +1625,10 @@ class Setup extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}

2
htdocs/asset/class/asset.class.php
View File

@ -98,7 +98,7 @@ class Asset extends CommonObject
'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>'1', 'position'=>1, 'notnull'=>1, 'visible'=>0, 'noteditable'=>'1', 'index'=>1, 'css'=>'left', 'comment'=>"Id"),
'ref' => array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>'1', 'position'=>20, 'notnull'=>1, 'visible'=>1, 'noteditable'=>'0', 'index'=>1, 'searchall'=>1, 'showoncombobox'=>'1', 'validate'=>'1', 'comment'=>"Reference of object"),
'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>'1', 'position'=>30, 'notnull'=>1, 'visible'=>1, 'searchall'=>1, 'css'=>'minwidth300', 'cssview'=>'wordbreak', 'showoncombobox'=>'2', 'validate'=>'1',),
'fk_asset_model' => array('type'=>'integer:AssetModel:asset/class/assetmodel.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'AssetModel', 'enabled'=>'1', 'position'=>40, 'notnull'=>0, 'visible'=>1, 'index'=>1, 'validate'=>'1',),
'fk_asset_model' => array('type'=>'integer:AssetModel:asset/class/assetmodel.class.php:1:((status:=:1) and (entity:IN:__SHARED_ENTITIES__))', 'label'=>'AssetModel', 'enabled'=>'1', 'position'=>40, 'notnull'=>0, 'visible'=>1, 'index'=>1, 'validate'=>'1',),
'qty' => array('type'=>'real', 'label'=>'Qty', 'enabled'=>'1', 'position'=>50, 'notnull'=>1, 'visible'=>0, 'default'=>'1', 'isameasure'=>'1', 'css'=>'maxwidth75imp', 'validate'=>'1',),
'acquisition_type' => array('type'=>'smallint', 'label'=>'AssetAcquisitionType', 'enabled'=>'1', 'position'=>60, 'notnull'=>1, 'visible'=>1, 'arrayofkeyval'=>array('0'=>'AssetAcquisitionTypeNew', '1'=>'AssetAcquisitionTypeOccasion'), 'validate'=>'1',),
'asset_type' => array('type'=>'smallint', 'label'=>'AssetType', 'enabled'=>'1', 'position'=>70, 'notnull'=>1, 'visible'=>1, 'arrayofkeyval'=>array('0'=>'AssetTypeIntangible', '1'=>'AssetTypeTangible', '2'=>'AssetTypeInProgress', '3'=>'AssetTypeFinancial'), 'validate'=>'1',),

7
htdocs/bom/class/api_boms.class.php
View File

@ -150,11 +150,10 @@ class Boms extends DolibarrApi
}
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

2
htdocs/bookcal/class/booking.class.php
View File

@ -104,7 +104,7 @@ class Booking extends CommonObject
public $fields=array(
'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>'1', 'position'=>1, 'notnull'=>1, 'visible'=>0, 'noteditable'=>'1', 'index'=>1, 'css'=>'left', 'comment'=>"Id"),
'ref' => array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>'1', 'position'=>1.2, 'notnull'=>1, 'visible'=>1, 'index'=>1, 'searchall'=>1, 'validate'=>'1', 'comment'=>"Reference of object"),
'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'picto'=>'company', 'enabled'=>'isModEnabled("societe")', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'css'=>'maxwidth500 widthcentpercentminusxx', 'help'=>"LinkToThirparty", 'validate'=>'1',),
'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:((status:=:1) and (entity:IN:__SHARED_ENTITIES__))', 'label'=>'ThirdParty', 'picto'=>'company', 'enabled'=>'isModEnabled("societe")', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'css'=>'maxwidth500 widthcentpercentminusxx', 'help'=>"LinkToThirparty", 'validate'=>'1',),
'fk_project' => array('type'=>'integer:Project:projet/class/project.class.php:1', 'label'=>'Project', 'picto'=>'project', 'enabled'=>'$conf->project->enabled', 'position'=>52, 'notnull'=>-1, 'visible'=>-1, 'index'=>1, 'css'=>'maxwidth500 widthcentpercentminusxx', 'validate'=>'1',),
'description' => array('type'=>'text', 'label'=>'Description', 'enabled'=>'1', 'position'=>60, 'notnull'=>0, 'visible'=>3, 'validate'=>'1',),
'note_public' => array('type'=>'html', 'label'=>'NotePublic', 'enabled'=>'1', 'position'=>61, 'notnull'=>0, 'visible'=>0, 'cssview'=>'wordbreak', 'validate'=>'1',),

7
htdocs/categories/class/api_categories.class.php
View File

@ -149,11 +149,10 @@ class Categories extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

7
htdocs/comm/action/class/api_agendaevents.class.php
View File

@ -159,11 +159,10 @@ class AgendaEvents extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

17
htdocs/comm/propal/class/api_proposals.class.php
View File

@ -204,11 +204,10 @@ class Proposals extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
@ -309,14 +308,14 @@ class Proposals extends DolibarrApi
}
if (!empty($sqlfilters)) {
if (!DolibarrApi::_checkFilters($sqlfilters)) {
throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
$errormessage = '';
$sql = forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
$filters = " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$this->propal->getLinesArray($filters);
$this->propal->getLinesArray($sql);
$result = array();
foreach ($this->propal->lines as $line) {
array_push($result, $this->_cleanObjectDatas($line));

2
htdocs/comm/propal/class/propal.class.php
View File

@ -302,7 +302,7 @@ class Propal extends CommonObject
'ref_client' =>array('type'=>'varchar(255)', 'label'=>'RefCustomer', 'enabled'=>1, 'visible'=>-1, 'position'=>22),
'ref_ext' =>array('type'=>'varchar(255)', 'label'=>'RefExt', 'enabled'=>1, 'visible'=>0, 'position'=>40),
'fk_soc' =>array('type'=>'integer:Societe:societe/class/societe.class.php', 'label'=>'ThirdParty', 'enabled'=>'isModEnabled("societe")', 'visible'=>-1, 'position'=>23),
'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Fk projet', 'enabled'=>"isModEnabled('project')", 'visible'=>-1, 'position'=>24),
'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:(fk_statut:=:1)', 'label'=>'Fk projet', 'enabled'=>"isModEnabled('project')", 'visible'=>-1, 'position'=>24),
'tms' =>array('type'=>'timestamp', 'label'=>'DateModification', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>25),
'datec' =>array('type'=>'datetime', 'label'=>'DateCreation', 'enabled'=>1, 'visible'=>-1, 'position'=>55),
'datep' =>array('type'=>'date', 'label'=>'Date', 'enabled'=>1, 'visible'=>-1, 'position'=>60),

7
htdocs/commande/class/api_orders.class.php
View File

@ -207,11 +207,10 @@ class Orders extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

2
htdocs/commande/class/commande.class.php
View File

@ -312,7 +312,7 @@ class Commande extends CommonOrder
'ref_ext' =>array('type'=>'varchar(255)', 'label'=>'RefExt', 'enabled'=>1, 'visible'=>0, 'position'=>26),
'ref_client' =>array('type'=>'varchar(255)', 'label'=>'RefCustomer', 'enabled'=>1, 'visible'=>-1, 'position'=>28),
'fk_soc' =>array('type'=>'integer:Societe:societe/class/societe.class.php', 'label'=>'ThirdParty', 'enabled'=>'isModEnabled("societe")', 'visible'=>-1, 'notnull'=>1, 'position'=>20),
'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Project', 'enabled'=>"isModEnabled('project')", 'visible'=>-1, 'position'=>25),
'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:(fk_statut:=:1)', 'label'=>'Project', 'enabled'=>"isModEnabled('project')", 'visible'=>-1, 'position'=>25),
'date_commande' =>array('type'=>'date', 'label'=>'Date', 'enabled'=>1, 'visible'=>1, 'position'=>60),
'date_valid' =>array('type'=>'datetime', 'label'=>'DateValidation', 'enabled'=>1, 'visible'=>-1, 'position'=>62),
'date_cloture' =>array('type'=>'datetime', 'label'=>'DateClosing', 'enabled'=>1, 'visible'=>-1, 'position'=>65),

14
htdocs/compta/bank/class/api_bankaccounts.class.php
View File

@ -82,11 +82,10 @@ class BankAccounts extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
@ -440,11 +439,10 @@ class BankAccounts extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= " ORDER BY rowid";

7
htdocs/compta/facture/class/api_invoices.class.php
View File

@ -237,11 +237,10 @@ class Invoices extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

2
htdocs/compta/facture/class/facture-rec.class.php
View File

@ -181,7 +181,7 @@ class FactureRec extends CommonInvoice
'total_ht' =>array('type'=>'double(24,8)', 'label'=>'Total', 'enabled'=>1, 'visible'=>-1, 'position'=>70, 'isameasure'=>1),
'total_ttc' =>array('type'=>'double(24,8)', 'label'=>'Total ttc', 'enabled'=>1, 'visible'=>-1, 'position'=>75, 'isameasure'=>1),
'fk_user_author' =>array('type'=>'integer:User:user/class/user.class.php', 'label'=>'Fk user author', 'enabled'=>1, 'visible'=>-1, 'position'=>80),
'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Fk projet', 'enabled'=>"isModEnabled('project')", 'visible'=>-1, 'position'=>85),
'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:(fk_statut:=:1)', 'label'=>'Fk projet', 'enabled'=>"isModEnabled('project')", 'visible'=>-1, 'position'=>85),
'fk_cond_reglement' =>array('type'=>'integer', 'label'=>'Fk cond reglement', 'enabled'=>1, 'visible'=>-1, 'position'=>90),
'fk_mode_reglement' =>array('type'=>'integer', 'label'=>'Fk mode reglement', 'enabled'=>1, 'visible'=>-1, 'position'=>95),
'date_lim_reglement' =>array('type'=>'date', 'label'=>'Date lim reglement', 'enabled'=>1, 'visible'=>-1, 'position'=>100),

2
htdocs/compta/facture/class/facture.class.php
View File

@ -336,7 +336,7 @@ class Facture extends CommonInvoice
'fk_user_valid' =>array('type'=>'integer:User:user/class/user.class.php', 'label'=>'UserValidation', 'enabled'=>1, 'visible'=>-1, 'position'=>167),
'fk_user_closing' =>array('type'=>'integer:User:user/class/user.class.php', 'label'=>'UserClosing', 'enabled'=>1, 'visible'=>-1, 'position'=>168),
'fk_facture_source' =>array('type'=>'integer', 'label'=>'SourceInvoice', 'enabled'=>1, 'visible'=>-1, 'position'=>170),
'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Project', 'enabled'=>1, 'visible'=>-1, 'position'=>175),
'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:(fk_statut:=:1)', 'label'=>'Project', 'enabled'=>1, 'visible'=>-1, 'position'=>175),
'fk_account' =>array('type'=>'integer', 'label'=>'Fk account', 'enabled'=>1, 'visible'=>-1, 'position'=>180),
'fk_currency' =>array('type'=>'varchar(3)', 'label'=>'CurrencyCode', 'enabled'=>1, 'visible'=>-1, 'position'=>185),
'fk_cond_reglement' =>array('type'=>'integer', 'label'=>'PaymentTerm', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>190),

7
htdocs/contrat/class/api_contracts.class.php
View File

@ -148,11 +148,10 @@ class Contracts extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

2
htdocs/contrat/class/contrat.class.php
View File

@ -235,7 +235,7 @@ class Contrat extends CommonObject
'datec' =>array('type'=>'datetime', 'label'=>'DateCreation', 'enabled'=>1, 'visible'=>-1, 'position'=>40),
'date_contrat' =>array('type'=>'datetime', 'label'=>'Date contrat', 'enabled'=>1, 'visible'=>-1, 'position'=>45),
'fk_soc' =>array('type'=>'integer:Societe:societe/class/societe.class.php', 'label'=>'ThirdParty', 'enabled'=>'isModEnabled("societe")', 'visible'=>-1, 'notnull'=>1, 'position'=>70),
'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Project', 'enabled'=>"isModEnabled('project')", 'visible'=>-1, 'position'=>75),
'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:(fk_statut:=:1)', 'label'=>'Project', 'enabled'=>"isModEnabled('project')", 'visible'=>-1, 'position'=>75),
'fk_commercial_signature' =>array('type'=>'integer:User:user/class/user.class.php', 'label'=>'SaleRepresentative Signature', 'enabled'=>1, 'visible'=>-1, 'position'=>80),
'fk_commercial_suivi' =>array('type'=>'integer:User:user/class/user.class.php', 'label'=>'SaleRepresentative follower', 'enabled'=>1, 'visible'=>-1, 'position'=>85),
'fk_user_author' =>array('type'=>'integer:User:user/class/user.class.php', 'label'=>'UserAuthor', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>90),

64
htdocs/core/class/html.form.class.php
View File

@ -7816,47 +7816,6 @@ class Form
return $out;
}
/**
* Function to forge a SQL criteria from a Dolibarr filter syntax string.
*
* @param array $matches Array of found string by regex search. Example: "t.ref:like:'SO-%'" or "t.date_creation:<:'20160101'" or "t.nature:is:NULL"
* @return string Forged criteria. Example: "t.field like 'abc%'"
*/
protected static function forgeCriteriaCallback($matches)
{
global $db;
//dol_syslog("Convert matches ".$matches[1]);
if (empty($matches[1])) {
return '';
}
$tmp = explode(':', $matches[1]);
if (count($tmp) < 3) {
return '1=2'; // An always false request
}
$tmpescaped = $tmp[2];
$regbis = array();
if (preg_match('/^\'(.*)\'$/', $tmpescaped, $regbis)) {
$tmpescaped = "'".$db->escape($regbis[1])."'";
} else {
$tmpescaped = $db->escape($tmpescaped);
}
if ($tmp[1] == '!=') {
$tmp[1] = '<>';
}
if (preg_match('/[\(\)]/', $tmp[0])) {
return '1=2'; // An always false request
}
if (! in_array($tmp[1], array('<', '>', '<>', 'is', 'isnot', '=', 'like'))) {
return '1=2'; // An always false request
}
return $db->escape($tmp[0]).' '.strtoupper($db->escape($tmp[1])).' '.$tmpescaped;
}
/**
* Output html form to select an object.
@ -7970,12 +7929,11 @@ class Form
}
if ($filter) { // Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
/*if (! DolibarrApi::_checkFilters($filter))
{
throw new RestException(503, 'Error when validating parameter sqlfilters '.$filter);
}*/
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'Form::forgeCriteriaCallback', $filter).")";
$errormessage = '';
$sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage);
if ($errormessage) {
return 'Error forging a SQL request from an universal criteria: '.$errormessage;
}
}
}
$sql .= $this->db->order($sortfield ? $sortfield : $fieldstoshow, "ASC");
@ -10331,14 +10289,12 @@ class Form
$search_component_params_hidden .= '('.$search_component_params_hidden.')';
}
$errormessage = '';
if (!dolCheckFilters($search_component_params_hidden, $errormessage)) {
print 'ERROR in parsing search string';
$searchtags = forgeSQLFromUniversalSearchCriteria($search_component_params_hidden, $errormessage);
if ($errormessage) {
print 'ERROR in parsing search string: '.dol_escape_htmltag($errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
//var_dump($search_component_params_hidden);
$htmltags = preg_replace_callback('/'.$regexstring.'/', 'dolForgeCriteriaCallback', $search_component_params_hidden);
//var_dump($htmltags);
$ret .= '<span class="marginleftonlyshort valignmiddle tagsearch"><span class="tagsearchdelete select2-selection__choice__remove">x</span> '.$htmltags.'</span>';
//var_dump($searchtags);
$ret .= '<span class="marginleftonlyshort valignmiddle tagsearch"><span class="tagsearchdelete select2-selection__choice__remove">x</span> '.dol_escape_htmltag($searchtags).'</span>';
}
//$ret .= '<button type="submit" class="liste_titre button_search paddingleftonly" name="button_search_x" value="x"><span class="fa fa-search"></span></button>';

15
htdocs/core/customreports.php
View File

@ -295,12 +295,7 @@ if (is_array($search_groupby) && count($search_groupby)) {
$sqlfilters = GETPOST('search_component_params_hidden', 'alphanohtml');
if ($sqlfilters) {
$errormessage = '';
if (dolCheckFilters($sqlfilters, $errormessage)) {
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " WHERE (".preg_replace_callback('/'.$regexstring.'/', 'dolForgeCriteriaCallback', $sqlfilters).")";
} else {
print $errormessage;
}
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
}*/
$sql .= " LIMIT ".((int) ($MAXUNIQUEVALFORGROUP + 1));
@ -684,11 +679,9 @@ if (!empty($search_measures) && !empty($search_xaxis)) {
$sqlfilters = $search_component_params_hidden;
if ($sqlfilters) {
$errormessage = '';
if (dolCheckFilters($sqlfilters, $errormessage)) {
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'dolForgeCriteriaCallback', $sqlfilters).")";
} else {
print $errormessage;
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
print dol_escape_htmltag($errormessage);
}
}
$sql .= " GROUP BY ";

118
htdocs/core/lib/functions.lib.php
View File

@ -11582,15 +11582,34 @@ function jsonOrUnserialize($stringtodecode)
/**
* Return if a $sqlfilters parameter is valid and will pass the preg_replace_callback() to replace Generic filter string with SQL filter string
* Example of usage:
* if ($sqlfilters) {
* $errormessage = '';
* if (dolCheckFilters($sqlfilters, $errormessage)) {
* $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
* $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'dolForgeCriteriaCallback', $sqlfilters).")";
* }
* }
* forgeSQLFromUniversalSearchCriteria
*
* @param string $filter String with universal search string
* @param string $error Error message
* @return string Return forged SQL string
*/
function forgeSQLFromUniversalSearchCriteria($filter, &$error = '')
{
$regexstring = '\(([a-zA-Z0-9_\.]+:[<>!=insotlke]+:[^\(\)]+)\)'; // Must be (aaa:bbb:...) with aaa is a field name (with alias or not) and bbb is one of this operator '=', '<', '>', '<=', '>=', '!=', 'in', 'notin', 'like', 'notlike', 'is', 'isnot'
if (!dolCheckFilters($filter, $error)) {
return '1 = 2'; // Bad balance of parenthesis, we force a SQL not found
}
// Test the filter syntax
$t = preg_replace_callback('/'.$regexstring.'/i', 'dolForgeDummyCriteriaCallback', $filter);
$t = str_replace(array('and','or','AND','OR',' '), '', $t); // Remove the only strings allowed between each () criteria
// If the string result contains something else than '()', the syntax was wrong
if (preg_match('/[^\(\)]/', $t)) {
$error = 'Bad syntax of the search string, filter criteria is inhalited';
return '1 = 3'; // Bad syntax of the search string, we force a SQL not found
}
return " AND (".preg_replace_callback('/'.$regexstring.'/', 'dolForgeCriteriaCallback', $filter).")";
}
/**
* Return if a $sqlfilters parameter has a valid balance of parenthesis
*
* @param string $sqlfilters sqlfilter string
* @param string $error Error message
@ -11611,7 +11630,7 @@ function dolCheckFilters($sqlfilters, &$error = '')
$counter--;
}
if ($counter < 0) {
$error = "Bad sqlfilters=".$sqlfilters;
$error = "Wrond balance of parenthesis in sqlfilters=".$sqlfilters;
dol_syslog($error, LOG_WARNING);
return false;
}
@ -11621,57 +11640,92 @@ function dolCheckFilters($sqlfilters, &$error = '')
}
/**
* Function to forge a SQL criteria from a Generic filter string.
* Example of usage:
* if ($sqlfilters) {
* $errormessage = '';
* if (dolCheckFilters($sqlfilters, $errormessage)) {
* $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
* $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'dolForgeCriteriaCallback', $sqlfilters).")";
* }
* }
* Function to forge a SQL criteria from a Dolibarr filter syntax string.
* This method is called by forgeSQLFromUniversalSearchCriteria()
*
* @param array $matches Array of found string by regex search.
* Example: "t.ref:like:'SO-%'" or "t.date_creation:<:'20160101'" or "t.date_creation:<:'2016-01-01 12:30:00'" or "t.nature:is:NULL"
* @return string Forged criteria. Example: "t.field like 'abc%'"
* @param array $matches Array of found string by regex search. Example: "t.ref:like:'SO-%'" or "t.date_creation:<:'20160101'" or "t.nature:is:NULL"
* @return string Forged criteria. Example: "t.field like 'abc%'"
*/
function dolForgeDummyCriteriaCallback($matches)
{
//dol_syslog("Convert matches ".$matches[1]);
if (empty($matches[1])) {
return '';
}
$tmp = explode(':', $matches[1]);
if (count($tmp) < 3) {
return '';
}
return '()'; // An empty criteria
}
/**
* Function to forge a SQL criteria from a Dolibarr filter syntax string.
* This method is called by forgeSQLFromUniversalSearchCriteria()
*
* @param array $matches Array of found string by regex search.
* Example: "t.ref:like:'SO-%'" or "t.date_creation:<:'20160101'" or "t.date_creation:<:'2016-01-01 12:30:00'" or "t.nature:is:NULL"
* @return string Forged criteria. Example: "t.field like 'abc%'"
*/
function dolForgeCriteriaCallback($matches)
{
global $db;
dol_syslog("Convert matches ".$matches[1]);
//dol_syslog("Convert matches ".$matches[1]);
if (empty($matches[1])) {
return '';
}
$tmp = explode(':', $matches[1], 3);
$tmp = explode(':', $matches[1]);
if (count($tmp) < 3) {
return '';
}
$operand = preg_replace('/[^a-z0-9\._]/i', '', trim($tmp[0]));
$operator = strtoupper(preg_replace('/[^a-z<>=]/i', '', trim($tmp[1])));
if ($operator == 'NOTLIKE') {
$operator = 'NOT LIKE';
}
if ($operator == 'ISNOT') {
$operator = 'IS NOT';
}
if ($operator == '!=') {
$operator = '<>';
}
$tmpescaped = trim($tmp[2]);
$tmpescaped = $tmp[2];
$regbis = array();
if ($operator == 'IN') {
$tmpescaped = "(".$db->sanitize($tmpescaped, 1).")";
if ($operator == 'IN') { // IN is allowed for list of ID or code only
//if (!preg_match('/^\(.*\)$/', $tmpescaped)) {
$tmpescaped = '('.$db->escape($db->sanitize($tmpescaped, 1, 0)).')';
//} else {
// $tmpescaped = $db->escape($db->sanitize($tmpescaped, 1));
//}
} elseif ($operator == 'LIKE' || $operator == 'NOT LIKE') {
if (preg_match('/^\'(.*)\'$/', $tmpescaped, $regbis)) {
$tmpescaped = $regbis[1];
}
//$tmpescaped = "'".$db->escapeforlike($db->escape($regbis[1]))."'";
$tmpescaped = "'".$db->escape($tmpescaped)."'"; // We do not escape the _ and % so the like will works
} elseif (preg_match('/^\'(.*)\'$/', $tmpescaped, $regbis)) {
$tmpescaped = "'".$db->escape($regbis[1])."'";
} else {
$tmpescaped = $db->sanitize($db->escape($tmpescaped));
if (strtoupper($tmpescaped) == 'NULL') {
$tmpescaped = 'NULL';
} elseif (is_int($tmpescaped)) {
$tmpescaped = (int) $tmpescaped;
} else {
$tmpescaped = (float) $tmpescaped;
}
}
return $db->escape($operand).' '.$db->escape($operator)." ".$tmpescaped;
return $db->escape($tmp[0]).' '.strtoupper($operator).' '.$tmpescaped;
}
/**
* Get timeline icon
*
* @param ActionComm $actionstatic actioncomm
* @param array $histo histo
* @param int $key key

7
htdocs/don/class/api_donations.class.php
View File

@ -129,11 +129,10 @@ class Donations extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

8
htdocs/ecm/dir_add_card.php
View File

@ -94,13 +94,16 @@ if (!empty($section)) {
// Permissions
$permissiontoadd = 0;
$permissiontodelete = 0;
$permissiontoupload = 0;
if ($module == 'ecm') {
$permissiontoadd = $user->rights->ecm->setup;
$permissiontodelete = $user->rights->ecm->setup;
$permissiontoupload = $user->rights->ecm->upload;
}
if ($module == 'medias') {
$permissiontoadd = ($user->rights->mailing->creer || $user->rights->website->write);
$permissiontodelete = ($user->rights->mailing->creer || $user->rights->website->write);
$permissiontoupload = ($user->rights->mailing->creer || $user->rights->website->write);
}
@ -189,7 +192,7 @@ if ($action == 'add' && $permissiontoadd) {
exit;
}
}
} elseif ($action == 'confirm_deletesection' && $confirm == 'yes' && $permissiontoadd) {
} elseif ($action == 'confirm_deletesection' && $confirm == 'yes' && $permissiontodelete) {
// Deleting file
$result = $ecmdir->delete($user);
setEventMessages($langs->trans("ECMSectionWasRemoved", $ecmdir->label), null, 'mesgs');
@ -231,7 +234,8 @@ if ($action == 'create') {
print '<table class="border centpercent">';
// Label
print '<tr><td class="titlefieldcreate fieldrequired">'.$langs->trans("Label").'</td><td><input name="label" class="minwidth100" maxlength="32" value="'.(GETPOST("label", 'alpha') ? GETPOST("label", 'alpha') : $ecmdir->label).'" autofocus></td></tr>'."\n";
print '<tr><td class="titlefieldcreate fieldrequired">'.$langs->trans("Label").'</td><td>';
print '<input name="label" class="minwidth100" maxlength="32" value="'.GETPOST("label", 'alpha').'" autofocus></td></tr>'."\n";
print '<tr><td>'.$langs->trans("AddIn").'</td><td>';
print $formecm->selectAllSections((GETPOST("catParent", 'alpha') ? GETPOST("catParent", 'alpha') : $ecmdir->fk_parent), 'catParent', $module);

16
htdocs/ecm/index.php
View File

@ -83,6 +83,12 @@ if ($user->socid) {
}
$result = restrictedArea($user, 'ecm', 0);
$permissiontoread = $user->hasRight('ecm', 'read');
$permissiontocreate = $user->hasRight('ecm', 'upload');
$permissiontocreatedir = $user->hasRight('ecm', 'setup');
$permissiontodelete = $user->hasRight('ecm', 'upload');
$permissiontodeletedir = $user->hasRight('ecm', 'setup');
/*
* Actions
@ -93,7 +99,7 @@ $result = restrictedArea($user, 'ecm', 0);
//include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';
// Upload file (code similar but different than actions_linkedfiles.inc.php)
if (GETPOST("sendit", 'alphanohtml') && !empty($conf->global->MAIN_UPLOAD_DOC)) {
if (GETPOST("sendit", 'alphanohtml') && !empty($conf->global->MAIN_UPLOAD_DOC) && $permissiontocreate) {
// Define relativepath and upload_dir
$relativepath = '';
if ($ecmdir->id) {
@ -130,7 +136,7 @@ if (GETPOST("sendit", 'alphanohtml') && !empty($conf->global->MAIN_UPLOAD_DOC))
}
// Remove file (code similar but different than actions_linkedfiles.inc.php)
if ($action == 'confirm_deletefile') {
if ($action == 'confirm_deletefile' && $permissiontodelete) {
if (GETPOST('confirm') == 'yes') {
// GETPOST('urlfile','alpha') is full relative URL from ecm root dir. Contains path of all sections.
@ -152,7 +158,7 @@ if ($action == 'confirm_deletefile') {
}
// Add directory
if ($action == 'add' && $user->rights->ecm->setup) {
if ($action == 'add' && $permissiontocreatedir) {
$ecmdir->ref = 'NOTUSEDYET';
$ecmdir->label = GETPOST("label");
$ecmdir->description = GETPOST("desc");
@ -170,7 +176,7 @@ if ($action == 'add' && $user->rights->ecm->setup) {
}
// Remove directory
if ($action == 'confirm_deletesection' && GETPOST('confirm', 'alpha') == 'yes') {
if ($action == 'confirm_deletesection' && GETPOST('confirm', 'alpha') == 'yes' && $permissiontodeletedir) {
$result = $ecmdir->delete($user);
setEventMessages($langs->trans("ECMSectionWasRemoved", $ecmdir->label), null, 'mesgs');
@ -180,7 +186,7 @@ if ($action == 'confirm_deletesection' && GETPOST('confirm', 'alpha') == 'yes')
// Refresh directory view
// This refresh list of dirs, not list of files (for preformance reason). List of files is refresh only if dir was not synchronized.
// To refresh content of dir with cache, just open the dir in edit mode.
if ($action == 'refreshmanual') {
if ($action == 'refreshmanual' && $permissiontoread) {
$ecmdirtmp = new EcmDirectory($db);
// This part of code is same than into file ecm/ajax/ecmdatabase.php TODO Remove duplicate

12
htdocs/ecm/index_auto.php
View File

@ -34,12 +34,6 @@ require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php';
// Load translation files required by the page
$langs->loadLangs(array("ecm", "companies", "other", "users", "orders", "propal", "bills", "contracts"));
// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'ecm', 0);
// Get parameters
$socid = GETPOST('socid', 'int');
$action = GETPOST('action', 'aZ09');
@ -87,6 +81,12 @@ $userstatic = new User($db);
$error = 0;
// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'ecm', 0);
/*
* Actions

4
htdocs/eventorganization/class/conferenceorbooth.class.php
View File

@ -106,8 +106,8 @@ class ConferenceOrBooth extends ActionComm
'id' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>'1', 'position'=>1, 'notnull'=>1, 'visible'=>0, 'noteditable'=>'1', 'index'=>1, 'css'=>'left', 'comment'=>"Id"),
'ref' => array('type'=>'integer', 'label'=>'Ref', 'enabled'=>'1', 'position'=>1, 'notnull'=>1, 'visible'=>2, 'noteditable'=>'1', 'index'=>1, 'css'=>'left', 'csslist'=>'left', 'comment'=>"Id"),
'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>'1', 'position'=>30, 'notnull'=>1, 'visible'=>1, 'searchall'=>1, 'css'=>'minwidth300', 'csslist'=>'tdoverflowmax125', 'help'=>"OrganizationEvenLabelName", 'showoncombobox'=>'1', 'autofocusoncreate'=>1),
'fk_project' => array('type'=>'integer:Project:projet/class/project.class.php:1:t.usage_organize_event=1', 'label'=>'Project', 'enabled'=>"isModEnabled('project')", 'position'=>52, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'picto'=>'project', 'css'=>'tdoverflowmax150 maxwidth500', 'csslist'=>'width100'),
'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'enabled'=>'$conf->societe->enabled', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'help'=>"OrganizationEventLinkToThirdParty", 'picto'=>'company', 'csslist'=>'tdoverflowmax125', 'css'=>'maxwidth500'),
'fk_project' => array('type'=>'integer:Project:projet/class/project.class.php:1:(t.usage_organize_event:=:1)', 'label'=>'Project', 'enabled'=>"isModEnabled('project')", 'position'=>52, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'picto'=>'project', 'css'=>'tdoverflowmax150 maxwidth500', 'csslist'=>'width100'),
'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:((status:=:1) AND (entity:IN:__SHARED_ENTITIES__))', 'label'=>'ThirdParty', 'enabled'=>'$conf->societe->enabled', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'help'=>"OrganizationEventLinkToThirdParty", 'picto'=>'company', 'csslist'=>'tdoverflowmax125', 'css'=>'maxwidth500'),
'note' => array('type'=>'html', 'label'=>'Description', 'enabled'=>'1', 'position'=>60, 'notnull'=>0, 'visible'=>3),
'fk_action' => array('type'=>'sellist:c_actioncomm:libelle:id::module LIKE (\'%@eventorganization\')', 'label'=>'Format', 'enabled'=>'1', 'position'=>60, 'notnull'=>1, 'visible'=>1, 'css'=>'width100', 'csslist'=>'tdoverflowmax100'),
'datep' => array('type'=>'datetime', 'label'=>'DateStart', 'enabled'=>'1', 'position'=>70, 'notnull'=>0, 'visible'=>1, 'showoncombobox'=>'2',),

2
htdocs/eventorganization/class/conferenceorboothattendee.class.php
View File

@ -108,7 +108,7 @@ class ConferenceOrBoothAttendee extends CommonObject
'email' => array('type'=>'mail', 'label'=>'EmailAttendee', 'enabled'=>'1', 'position'=>30, 'notnull'=>1, 'visible'=>1, 'index'=>1, 'autofocusoncreate'=>1, 'searchall'=>1),
'firstname' => array('type'=>'varchar(100)', 'label'=>'Firstname', 'enabled'=>'1', 'position'=>31, 'notnull'=>0, 'visible'=>1, 'index'=>1, 'searchall'=>1),
'lastname' => array('type'=>'varchar(100)', 'label'=>'Lastname', 'enabled'=>'1', 'position'=>32, 'notnull'=>0, 'visible'=>1, 'index'=>1, 'searchall'=>1),
'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:status = 1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'enabled'=>'isModEnabled("societe")', 'position'=>40, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'help'=>"OrganizationEventLinkToThirdParty", 'picto'=>'company', 'css'=>'tdoverflowmax150 maxwidth500'),
'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:((status:=:1) AND (entity:IN:__SHARED_ENTITIES__))', 'label'=>'ThirdParty', 'enabled'=>'isModEnabled("societe")', 'position'=>40, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'help'=>"OrganizationEventLinkToThirdParty", 'picto'=>'company', 'css'=>'tdoverflowmax150 maxwidth500'),
'email_company' => array('type'=>'mail', 'label'=>'EmailCompany', 'enabled'=>'1', 'position'=>41, 'notnull'=>0, 'visible'=>-2, 'searchall'=>1),
'date_subscription' => array('type'=>'datetime', 'label'=>'DateOfRegistration', 'enabled'=>'1', 'position'=>56, 'notnull'=>1, 'visible'=>1, 'showoncombobox'=>'1',),
'fk_invoice' => array('type'=>'integer:Facture:compta/facture/class/facture.class.php', 'label'=>'Invoice', 'enabled'=>'$conf->facture->enabled', 'position'=>57, 'notnull'=>0, 'visible'=>-1, 'index'=>0, 'picto'=>'bill', 'css'=>'tdoverflowmax150 maxwidth500'),

7
htdocs/expedition/class/api_shipments.class.php
View File

@ -145,11 +145,10 @@ class Shipments extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

7
htdocs/expensereport/class/api_expensereports.class.php
View File

@ -118,11 +118,10 @@ class ExpenseReports extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

7
htdocs/fichinter/class/api_interventions.class.php
View File

@ -150,11 +150,10 @@ class Interventions extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

2
htdocs/fichinter/class/fichinter.class.php
View File

@ -39,7 +39,7 @@ class Fichinter extends CommonObject
public $fields = array(
'rowid' =>array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>10),
'fk_soc' =>array('type'=>'integer:Societe:societe/class/societe.class.php', 'label'=>'ThirdParty', 'enabled'=>'isModEnabled("societe")', 'visible'=>-1, 'notnull'=>1, 'position'=>15),
'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Fk projet', 'enabled'=>'isModEnabled("project")', 'visible'=>-1, 'position'=>20),
'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:(fk_statut:=:1)', 'label'=>'Fk projet', 'enabled'=>'isModEnabled("project")', 'visible'=>-1, 'position'=>20),
'fk_contrat' =>array('type'=>'integer', 'label'=>'Fk contrat', 'enabled'=>'$conf->contrat->enabled', 'visible'=>-1, 'position'=>25),
'ref' =>array('type'=>'varchar(30)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'showoncombobox'=>1, 'position'=>30),
'ref_ext' =>array('type'=>'varchar(255)', 'label'=>'Ref ext', 'enabled'=>1, 'visible'=>0, 'position'=>35),

7
htdocs/fourn/class/api_supplier_invoices.class.php
View File

@ -160,11 +160,10 @@ class SupplierInvoices extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

7
htdocs/fourn/class/api_supplier_orders.class.php
View File

@ -176,11 +176,10 @@ class SupplierOrders extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

2
htdocs/fourn/class/fournisseur.commande.class.php
View File

@ -247,7 +247,7 @@ class CommandeFournisseur extends CommonOrder
'ref' =>array('type'=>'varchar(255)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>1, 'showoncombobox'=>1, 'position'=>25, 'searchall'=>1),
'ref_ext' =>array('type'=>'varchar(255)', 'label'=>'Ref ext', 'enabled'=>1, 'visible'=>0, 'position'=>35),
'ref_supplier' =>array('type'=>'varchar(255)', 'label'=>'RefOrderSupplierShort', 'enabled'=>1, 'visible'=>1, 'position'=>40, 'searchall'=>1),
'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Project', 'enabled'=>"isModEnabled('project')", 'visible'=>-1, 'position'=>45),
'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:(fk_statut:=:1)', 'label'=>'Project', 'enabled'=>"isModEnabled('project')", 'visible'=>-1, 'position'=>45),
'date_valid' =>array('type'=>'datetime', 'label'=>'DateValidation', 'enabled'=>1, 'visible'=>-1, 'position'=>60),
'date_approve' =>array('type'=>'datetime', 'label'=>'DateApprove', 'enabled'=>1, 'visible'=>-1, 'position'=>62),
'date_approve2' =>array('type'=>'datetime', 'label'=>'DateApprove2', 'enabled'=>1, 'visible'=>3, 'position'=>64),

7
htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php
View File

@ -199,11 +199,10 @@ class KnowledgeManagement extends DolibarrApi
}
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

2
htdocs/langs/en_US/ecm.lang
View File

@ -19,7 +19,7 @@ ECMArea=DMS/ECM area
ECMAreaDesc=The DMS/ECM (Document Management System / Electronic Content Management) area allows you to save, share and search quickly all kind of documents in Dolibarr.
ECMAreaDesc2a=* Manual directories can be used to save documents not linked to a particular element.
ECMAreaDesc2b=* Automatic directories are filled automatically when adding documents from the page of an element.
ECMAreaDesc3=* Medias directories are files into the subdirectory <b>/medias</b> of documents directory, readable by everybody with no need to be logged and no need to have the file shared explicitely. It is used to store image files from emailing or website module.
ECMAreaDesc3=* Medias directories are files into the subdirectory <b>/medias</b> of documents directory, readable by everybody with no need to be logged and no need to have the file shared explicitely. It is used to store image files for the emailing or website module for example.
ECMSectionWasRemoved=Directory <b>%s</b> has been deleted.
ECMSectionWasCreated=Directory <b>%s</b> has been created.
ECMSearchByKeywords=Search by keywords

7
htdocs/modulebuilder/template/class/api_mymodule.class.php
View File

@ -156,11 +156,10 @@ class MyModuleApi extends DolibarrApi
}
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

4
htdocs/modulebuilder/template/class/myobject.class.php
View File

@ -120,7 +120,7 @@ class MyObject extends CommonObject
'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>1, 'visible'=>1, 'position'=>30, 'searchall'=>1, 'css'=>'minwidth300', 'cssview'=>'wordbreak', 'help'=>'Help text', 'showoncombobox'=>2, 'validate'=>1, 'alwayseditable'=>1),
'amount' => array('type'=>'price', 'label'=>'Amount', 'enabled'=>1, 'visible'=>1, 'default'=>'null', 'position'=>40, 'searchall'=>0, 'isameasure'=>1, 'help'=>'Help text for amount', 'validate'=>1),
'qty' => array('type'=>'real', 'label'=>'Qty', 'enabled'=>1, 'visible'=>1, 'default'=>'0', 'position'=>45, 'searchall'=>0, 'isameasure'=>1, 'help'=>'Help text for quantity', 'css'=>'maxwidth75imp', 'validate'=>1),
'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'picto'=>'company', 'label'=>'ThirdParty', 'visible'=> 1, 'enabled'=>'isModEnabled("societe")', 'position'=>50, 'notnull'=>-1, 'index'=>1, 'help'=>'OrganizationEventLinkToThirdParty', 'validate'=>1, 'css'=>'maxwidth500 widthcentpercentminusxx', 'csslist'=>'tdoverflowmax150'),
'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:((status:=:1) AND (entity:IN:__SHARED_ENTITIES__))', 'picto'=>'company', 'label'=>'ThirdParty', 'visible'=> 1, 'enabled'=>'isModEnabled("societe")', 'position'=>50, 'notnull'=>-1, 'index'=>1, 'help'=>'OrganizationEventLinkToThirdParty', 'validate'=>1, 'css'=>'maxwidth500 widthcentpercentminusxx', 'csslist'=>'tdoverflowmax150'),
'fk_project' => array('type'=>'integer:Project:projet/class/project.class.php:1', 'label'=>'Project', 'picto'=>'project', 'enabled'=>'$conf->project->enabled', 'visible'=>-1, 'position'=>52, 'notnull'=>-1, 'index'=>1, 'validate'=>1, 'css'=>'maxwidth500 widthcentpercentminusxx', 'csslist'=>'tdoverflowmax150'),
'description' => array('type'=>'text', 'label'=>'Description', 'enabled'=>1, 'visible'=>3, 'position'=>60, 'validate'=>1),
'note_public' => array('type'=>'html', 'label'=>'NotePublic', 'enabled'=>1, 'visible'=>0, 'position'=>61, 'validate'=>1, 'cssview'=>'wordbreak'),
@ -1162,7 +1162,7 @@ class MyObject extends CommonObject
*/
public function doScheduledJob()
{
global $conf, $langs;
//global $conf, $langs;
//$conf->global->SYSLOG_FILE = 'DOL_DATA_ROOT/dolibarr_mydedicatedlofile.log';

7
htdocs/mrp/class/api_mos.class.php
View File

@ -148,11 +148,10 @@ class Mos extends DolibarrApi
}
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

4
htdocs/mrp/class/mo.class.php
View File

@ -98,13 +98,13 @@ class Mo extends CommonObject
'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-2, 'position'=>1, 'notnull'=>1, 'index'=>1, 'comment'=>"Id",),
'entity' => array('type'=>'integer', 'label'=>'Entity', 'enabled'=>1, 'visible'=>0, 'position'=>5, 'notnull'=>1, 'default'=>'1', 'index'=>1),
'ref' => array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>4, 'position'=>10, 'notnull'=>1, 'default'=>'(PROV)', 'index'=>1, 'searchall'=>1, 'comment'=>"Reference of object", 'showoncombobox'=>'1', 'noteditable'=>1),
'fk_bom' => array('type'=>'integer:Bom:bom/class/bom.class.php:0:t.status=1', 'filter'=>'active=1', 'label'=>'BOM', 'enabled'=>'$conf->bom->enabled', 'visible'=>1, 'position'=>33, 'notnull'=>-1, 'index'=>1, 'comment'=>"Original BOM", 'css'=>'minwidth100 maxwidth300', 'csslist'=>'nowraponall', 'picto'=>'bom'),
'fk_bom' => array('type'=>'integer:Bom:bom/class/bom.class.php:0:(t.status:=:1)', 'filter'=>'active=1', 'label'=>'BOM', 'enabled'=>'$conf->bom->enabled', 'visible'=>1, 'position'=>33, 'notnull'=>-1, 'index'=>1, 'comment'=>"Original BOM", 'css'=>'minwidth100 maxwidth300', 'csslist'=>'nowraponall', 'picto'=>'bom'),
'mrptype' => array('type'=>'integer', 'label'=>'Type', 'enabled'=>1, 'visible'=>1, 'position'=>34, 'notnull'=>1, 'default'=>'0', 'arrayofkeyval'=>array(0=>'Manufacturing', 1=>'Disassemble'), 'css'=>'minwidth150', 'csslist'=>'minwidth150 center'),
'fk_product' => array('type'=>'integer:Product:product/class/product.class.php:0', 'label'=>'Product', 'enabled'=>'$conf->product->enabled', 'visible'=>1, 'position'=>35, 'notnull'=>1, 'index'=>1, 'comment'=>"Product to produce", 'css'=>'maxwidth300', 'csslist'=>'tdoverflowmax100', 'picto'=>'product'),
'qty' => array('type'=>'real', 'label'=>'QtyToProduce', 'enabled'=>1, 'visible'=>1, 'position'=>40, 'notnull'=>1, 'comment'=>"Qty to produce", 'css'=>'width75', 'default'=>1, 'isameasure'=>1),
'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>1, 'visible'=>1, 'position'=>42, 'notnull'=>-1, 'searchall'=>1, 'showoncombobox'=>'2', 'css'=>'maxwidth300', 'csslist'=>'tdoverflowmax200', 'alwayseditable'=>1),
'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1', 'label'=>'ThirdParty', 'picto'=>'company', 'enabled'=>'isModEnabled("societe")', 'visible'=>-1, 'position'=>50, 'notnull'=>-1, 'index'=>1, 'css'=>'maxwidth400', 'csslist'=>'tdoverflowmax150'),
'fk_project' => array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Project', 'picto'=>'project', 'enabled'=>'$conf->project->enabled', 'visible'=>-1, 'position'=>51, 'notnull'=>-1, 'index'=>1, 'css'=>'minwidth200 maxwidth400', 'csslist'=>'tdoverflowmax100'),
'fk_project' => array('type'=>'integer:Project:projet/class/project.class.php:1:(fk_statut:=:1)', 'label'=>'Project', 'picto'=>'project', 'enabled'=>'$conf->project->enabled', 'visible'=>-1, 'position'=>51, 'notnull'=>-1, 'index'=>1, 'css'=>'minwidth200 maxwidth400', 'csslist'=>'tdoverflowmax100'),
'fk_warehouse' => array('type'=>'integer:Entrepot:product/stock/class/entrepot.class.php:0', 'label'=>'WarehouseForProduction', 'picto'=>'stock', 'enabled'=>'$conf->stock->enabled', 'visible'=>1, 'position'=>52, 'css'=>'maxwidth400', 'csslist'=>'tdoverflowmax200'),
'note_public' => array('type'=>'html', 'label'=>'NotePublic', 'enabled'=>1, 'visible'=>0, 'position'=>61, 'notnull'=>-1,),
'note_private' => array('type'=>'html', 'label'=>'NotePrivate', 'enabled'=>1, 'visible'=>0, 'position'=>62, 'notnull'=>-1,),

7
htdocs/partnership/class/api_partnership.class.php
View File

@ -156,11 +156,10 @@ class PartnershipApi extends DolibarrApi
}
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

6
htdocs/partnership/class/partnership.class.php
View File

@ -104,8 +104,8 @@ class Partnership extends CommonObject
'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>'1', 'position'=>1, 'notnull'=>1, 'visible'=>0, 'noteditable'=>'1', 'index'=>1, 'css'=>'left', 'comment'=>"Id"),
'ref' => array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>'1', 'position'=>10, 'notnull'=>1, 'visible'=>4, 'noteditable'=>'1', 'default'=>'(PROV)', 'index'=>1, 'searchall'=>1, 'showoncombobox'=>'1', 'comment'=>"Reference of object"),
'entity' => array('type'=>'integer', 'label'=>'Entity', 'enabled'=>'1', 'position'=>15, 'notnull'=>1, 'visible'=>-2, 'default'=>'1', 'index'=>1,),
'fk_type' => array('type'=>'integer:PartnershipType:partnership/class/partnership_type.class.php:0:active=1', 'label'=>'Type', 'enabled'=>'1', 'position'=>20, 'notnull'=>1, 'visible'=>1, 'csslist'=>'tdoverflowmax100'),
'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'picto'=>'company', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'css'=>'maxwidth500', 'csslist'=>'tdoverflowmax125',),
'fk_type' => array('type'=>'integer:PartnershipType:partnership/class/partnership_type.class.php:0:(active:=:1)', 'label'=>'Type', 'enabled'=>'1', 'position'=>20, 'notnull'=>1, 'visible'=>1, 'csslist'=>'tdoverflowmax100'),
'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:((status:=:1) AND (entity:IN:__SHARED_ENTITIES__))', 'label'=>'ThirdParty', 'picto'=>'company', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'css'=>'maxwidth500', 'csslist'=>'tdoverflowmax125',),
'note_public' => array('type'=>'html', 'label'=>'NotePublic', 'enabled'=>'1', 'position'=>61, 'notnull'=>0, 'visible'=>0,),
'note_private' => array('type'=>'html', 'label'=>'NotePrivate', 'enabled'=>'1', 'position'=>62, 'notnull'=>0, 'visible'=>0,),
'date_creation' => array('type'=>'datetime', 'label'=>'DateCreation', 'enabled'=>'1', 'position'=>500, 'notnull'=>1, 'visible'=>-2,),
@ -198,7 +198,7 @@ class Partnership extends CommonObject
if (getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR') == 'member') {
$this->fields['fk_member'] = array('type'=>'integer:Adherent:adherents/class/adherent.class.php:1', 'label'=>'Member', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'picto'=>'member', 'csslist'=>'tdoverflowmax150');
} else {
$this->fields['fk_soc'] = array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'picto'=>'company', 'css'=>'maxwidth500', 'csslist'=>'tdoverflowmax150');
$this->fields['fk_soc'] = array('type'=>'integer:Societe:societe/class/societe.class.php:1:((status:=:1) AND (entity:IN:__SHARED_ENTITIES__))', 'label'=>'ThirdParty', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'picto'=>'company', 'css'=>'maxwidth500', 'csslist'=>'tdoverflowmax150');
}
if (empty($conf->global->MAIN_SHOW_TECHNICAL_ID) && isset($this->fields['rowid']) && !empty($this->fields['ref'])) {

22
htdocs/product/class/api_products.class.php
View File

@ -222,12 +222,10 @@ class Products extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
//var_dump($sqlfilters);exit;
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)'; // We must accept datc:<:2020-01-01 10:10:10
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
//this query will return total products with the filters given
@ -905,11 +903,10 @@ class Products extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
@ -1033,11 +1030,10 @@ class Products extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

7
htdocs/product/stock/class/api_stockmovements.class.php
View File

@ -110,11 +110,10 @@ class StockMovements extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

7
htdocs/product/stock/class/api_warehouses.class.php
View File

@ -117,11 +117,10 @@ class Warehouses extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

4
htdocs/product/stock/class/entrepot.class.php
View File

@ -127,8 +127,8 @@ class Entrepot extends CommonObject
'ref' =>array('type'=>'varchar(255)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>1, 'showoncombobox'=>1, 'position'=>25, 'searchall'=>1),
'description' =>array('type'=>'text', 'label'=>'Description', 'enabled'=>1, 'visible'=>-2, 'position'=>35, 'searchall'=>1),
'lieu' =>array('type'=>'varchar(64)', 'label'=>'LocationSummary', 'enabled'=>1, 'visible'=>1, 'position'=>40, 'showoncombobox'=>2, 'searchall'=>1),
'fk_parent' =>array('type'=>'integer:Entrepot:product/stock/class/entrepot.class.php:1:statut=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ParentWarehouse', 'enabled'=>1, 'visible'=>-2, 'position'=>41),
'fk_project' =>array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Project', 'enabled'=>'$conf->project->enabled', 'visible'=>-1, 'position'=>25),
'fk_parent' =>array('type'=>'integer:Entrepot:product/stock/class/entrepot.class.php:1:((status:=:1) AND (entity:IN:__SHARED_ENTITIES__))', 'label'=>'ParentWarehouse', 'enabled'=>1, 'visible'=>-2, 'position'=>41),
'fk_project' =>array('type'=>'integer:Project:projet/class/project.class.php:1:(fk_statut:=:1)', 'label'=>'Project', 'enabled'=>'$conf->project->enabled', 'visible'=>-1, 'position'=>25),
'address' =>array('type'=>'varchar(255)', 'label'=>'Address', 'enabled'=>1, 'visible'=>-2, 'position'=>45, 'searchall'=>1),
'zip' =>array('type'=>'varchar(10)', 'label'=>'Zip', 'enabled'=>1, 'visible'=>-2, 'position'=>50, 'searchall'=>1),
'town' =>array('type'=>'varchar(50)', 'label'=>'Town', 'enabled'=>1, 'visible'=>-2, 'position'=>55, 'searchall'=>1),

4
htdocs/product/stock/class/mouvementstock.class.php
View File

@ -127,12 +127,12 @@ class MouvementStock extends CommonObject
'fk_origin' =>array('type'=>'integer', 'label'=>'Fk origin', 'enabled'=>1, 'visible'=>-1, 'position'=>60),
'origintype' =>array('type'=>'varchar(32)', 'label'=>'Origintype', 'enabled'=>1, 'visible'=>-1, 'position'=>65),
'model_pdf' =>array('type'=>'varchar(255)', 'label'=>'Model pdf', 'enabled'=>1, 'visible'=>0, 'position'=>70),
'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Project', 'enabled'=>'$conf->project->enabled', 'visible'=>-1, 'notnull'=>1, 'position'=>75),
'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:(fk_statut:=:1)', 'label'=>'Project', 'enabled'=>'$conf->project->enabled', 'visible'=>-1, 'notnull'=>1, 'position'=>75),
'inventorycode' =>array('type'=>'varchar(128)', 'label'=>'InventoryCode', 'enabled'=>1, 'visible'=>-1, 'position'=>80),
'batch' =>array('type'=>'varchar(30)', 'label'=>'Batch', 'enabled'=>1, 'visible'=>-1, 'position'=>85),
'eatby' =>array('type'=>'date', 'label'=>'Eatby', 'enabled'=>1, 'visible'=>-1, 'position'=>90),
'sellby' =>array('type'=>'date', 'label'=>'Sellby', 'enabled'=>1, 'visible'=>-1, 'position'=>95),
'fk_project' =>array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Fk project', 'enabled'=>1, 'visible'=>-1, 'position'=>100),
'fk_project' =>array('type'=>'integer:Project:projet/class/project.class.php:1:(fk_statut:=:1)', 'label'=>'Fk project', 'enabled'=>1, 'visible'=>-1, 'position'=>100),
);

2
htdocs/product/stock/stocktransfer/class/stocktransfer.class.php
View File

@ -131,7 +131,7 @@ class StockTransfer extends CommonObject
'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>'1', 'position'=>30, 'notnull'=>0, 'visible'=>1, 'searchall'=>1, 'css'=>'minwidth200'/*, 'help'=>"Help text"*/, 'showoncombobox'=>'1',),
'description' => array('type'=>'text', 'label'=>'Description', 'enabled'=>'1', 'position'=>31, 'notnull'=>0, 'visible'=>3,),
'fk_project' => array('type'=>'integer:Project:projet/class/project.class.php:1', 'label'=>'Project', 'enabled'=>'$conf->project->enabled', 'position'=>32, 'notnull'=>-1, 'visible'=>-1, 'index'=>1,),
'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1/*, 'help'=>"LinkToThirdparty"*/,),
'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:((status:=:1) AND (entity:IN:__SHARED_ENTITIES__))', 'label'=>'ThirdParty', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1/*, 'help'=>"LinkToThirdparty"*/,),
'fk_warehouse_source' => array('type'=>'integer:Entrepot:product/stock/class/entrepot.class.php', 'label'=>'Entrepôt source', 'enabled'=>'1', 'position'=>50, 'notnull'=>0, 'visible'=>1, 'help'=>'HelpWarehouseStockTransferSource',),
'fk_warehouse_destination' => array('type'=>'integer:Entrepot:product/stock/class/entrepot.class.php', 'label'=>'Entrepôt de destination', 'enabled'=>'1', 'position'=>51, 'notnull'=>0, 'visible'=>1, 'help'=>'HelpWarehouseStockTransferDestination'),
'note_public' => array('type'=>'html', 'label'=>'NotePublic', 'enabled'=>'1', 'position'=>61, 'notnull'=>0, 'visible'=>0,),

7
htdocs/projet/class/api_projects.class.php
View File

@ -151,11 +151,10 @@ class Projects extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

7
htdocs/projet/class/api_tasks.class.php
View File

@ -150,11 +150,10 @@ class Tasks extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

7
htdocs/reception/class/api_receptions.class.php
View File

@ -144,11 +144,10 @@ class Receptions extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

14
htdocs/recruitment/class/api_recruitment.class.php
View File

@ -194,11 +194,10 @@ class Recruitment extends DolibarrApi
}
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
@ -302,11 +301,10 @@ class Recruitment extends DolibarrApi
}
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

12
htdocs/recruitment/class/recruitmentjobposition.class.php
View File

@ -120,11 +120,11 @@ class RecruitmentJobPosition extends CommonObject
'label' => array('type'=>'varchar(255)', 'label'=>'JobLabel', 'enabled'=>'1', 'position'=>30, 'notnull'=>1, 'visible'=>1, 'searchall'=>1, 'css'=>'minwidth500', 'csslist'=>'tdoverflowmax300', 'showoncombobox'=>'2', 'autofocusoncreate'=>1),
'qty' => array('type'=>'integer', 'label'=>'NbOfEmployeesExpected', 'enabled'=>'1', 'position'=>45, 'notnull'=>1, 'visible'=>1, 'default'=>'1', 'isameasure'=>'1', 'css'=>'maxwidth75imp'),
'fk_project' => array('type'=>'integer:Project:projet/class/project.class.php:1', 'label'=>'Project', 'enabled'=>'$conf->project->enabled', 'position'=>52, 'notnull'=>-1, 'visible'=>-1, 'index'=>1, 'css'=>'maxwidth500', 'picto'=>'project'),
'fk_user_recruiter' => array('type'=>'integer:User:user/class/user.class.php:status=1', 'label'=>'ResponsibleOfRecruitement', 'enabled'=>'1', 'position'=>54, 'notnull'=>1, 'visible'=>1, 'foreignkey'=>'user.rowid', 'css'=>'maxwidth500', 'csslist'=>'tdoverflowmax150', 'picto'=>'user'),
'fk_user_recruiter' => array('type'=>'integer:User:user/class/user.class.php:1:(statut:=:1)', 'label'=>'ResponsibleOfRecruitement', 'enabled'=>'1', 'position'=>54, 'notnull'=>1, 'visible'=>1, 'foreignkey'=>'user.rowid', 'css'=>'maxwidth500', 'csslist'=>'tdoverflowmax150', 'picto'=>'user'),
'email_recruiter' => array('type'=>'varchar(255)', 'label'=>'EmailRecruiter', 'enabled'=>'1', 'position'=>54, 'notnull'=>0, 'visible'=>-1, 'help'=>'ToUseAGenericEmail', 'picto'=>'email'),
'fk_user_supervisor' => array('type'=>'integer:User:user/class/user.class.php:t.statut = 1', 'label'=>'FutureManager', 'enabled'=>'1', 'position'=>55, 'notnull'=>0, 'visible'=>-1, 'foreignkey'=>'user.rowid', 'css'=>'maxwidth500', 'csslist'=>'tdoverflowmax150', 'picto'=>'user'),
'fk_user_supervisor' => array('type'=>'integer:User:user/class/user.class.php:1:(statut:=:1)', 'label'=>'FutureManager', 'enabled'=>'1', 'position'=>55, 'notnull'=>0, 'visible'=>-1, 'foreignkey'=>'user.rowid', 'css'=>'maxwidth500', 'csslist'=>'tdoverflowmax150', 'picto'=>'user'),
'fk_establishment' => array('type'=>'integer:Establishment:hrm/class/establishment.class.php', 'label'=>'Establishment', 'enabled'=>'$conf->hrm->enabled', 'position'=>56, 'notnull'=>0, 'visible'=>-1, 'foreignkey'=>'establishment.rowid',),
'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'WorkPlace', 'enabled'=>'isModEnabled("societe")', 'position'=>57, 'notnull'=>-1, 'visible'=>-1, 'css'=>'maxwidth500', 'index'=>1, 'help'=>"IfJobIsLocatedAtAPartner", 'picto'=>'company'),
'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:((status:=:1) AND (entity:IN:__SHARED_ENTITIES__))', 'label'=>'WorkPlace', 'enabled'=>'isModEnabled("societe")', 'position'=>57, 'notnull'=>-1, 'visible'=>-1, 'css'=>'maxwidth500', 'index'=>1, 'help'=>"IfJobIsLocatedAtAPartner", 'picto'=>'company'),
'date_planned' => array('type'=>'date', 'label'=>'DateExpected', 'enabled'=>'1', 'position'=>60, 'notnull'=>0, 'visible'=>1,),
'remuneration_suggested' => array('type'=>'varchar(255)', 'label'=>'Remuneration', 'enabled'=>'1', 'position'=>62, 'notnull'=>0, 'visible'=>1,),
'description' => array('type'=>'html', 'label'=>'Description', 'enabled'=>'1', 'position'=>65, 'notnull'=>0, 'visible'=>3,),
@ -381,8 +381,6 @@ class RecruitmentJobPosition extends CommonObject
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
{
global $conf;
dol_syslog(__METHOD__, LOG_DEBUG);
$records = array();
@ -501,7 +499,7 @@ class RecruitmentJobPosition extends CommonObject
*/
public function validate($user, $notrigger = 0)
{
global $conf, $langs;
global $conf;
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
@ -1087,7 +1085,7 @@ class RecruitmentJobPosition extends CommonObject
*/
public function doScheduledJob()
{
global $conf, $langs;
//global $conf, $langs;
//$conf->global->SYSLOG_FILE = 'DOL_DATA_ROOT/dolibarr_mydedicatedlofile.log';

7
htdocs/societe/class/api_contacts.class.php
View File

@ -225,11 +225,10 @@ class Contacts extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

7
htdocs/societe/class/api_thirdparties.class.php
View File

@ -204,11 +204,10 @@ class Thirdparties extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

7
htdocs/supplier_proposal/class/api_supplier_proposals.class.php
View File

@ -140,11 +140,10 @@ class Supplierproposals extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

7
htdocs/ticket/class/api_tickets.class.php
View File

@ -247,11 +247,10 @@ class Tickets extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

101
htdocs/user/card.php
View File

@ -63,6 +63,9 @@ if (isModEnabled('stock')) {
require_once DOL_DOCUMENT_ROOT.'/product/class/html.formproduct.class.php';
}
// Load translation files required by page
$langs->loadLangs(array('users', 'companies', 'ldap', 'admin', 'hrm', 'stocks', 'other'));
$id = GETPOST('id', 'int');
$action = GETPOST('action', 'aZ09');
$mode = GETPOST('mode', 'alpha');
@ -81,42 +84,8 @@ $datestartvalidity = dol_mktime(0, 0, 0, GETPOST('datestartvaliditymonth', 'int'
$dateendvalidity = dol_mktime(0, 0, 0, GETPOST('dateendvaliditymonth', 'int'), GETPOST('dateendvalidityday', 'int'), GETPOST('dateendvalidityyear', 'int'));
$dateofbirth = dol_mktime(0, 0, 0, GETPOST('dateofbirthmonth', 'int'), GETPOST('dateofbirthday', 'int'), GETPOST('dateofbirthyear', 'int'));
// Define value to know what current user can do on users
$canadduser = (!empty($user->admin) || $user->hasRight("user", "user", "write"));
$canreaduser = (!empty($user->admin) || $user->hasRight("user", "user", "read"));
$canedituser = (!empty($user->admin) || $user->hasRight("user", "user", "write"));
$candisableuser = (!empty($user->admin) || $user->hasRight("user", "user", "delete"));
$canreadgroup = $canreaduser;
$caneditgroup = $canedituser;
if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) {
$canreadgroup = (!empty($user->admin) || $user->hasRight("user", "group_advance", "read"));
$caneditgroup = (!empty($user->admin) || $user->hasRight("user", "group_advance", "write"));
}
$childids = $user->getAllChildIds(1); // For later, test on salary visibility
// Define value to know what current user can do on properties of edited user
if ($id > 0) {
// $user is the current logged user, $id is the user we want to edit
$caneditfield = ((($user->id == $id) && $user->hasRight("user", "self", "write")) || (($user->id != $id) && $user->hasRight("user", "user", "write")));
$caneditpassword = ((($user->id == $id) && $user->hasRight("user", "self", "password")) || (($user->id != $id) && $user->hasRight("user", "user", "password")));
}
// Security check
$socid = 0;
if ($user->socid > 0) {
$socid = $user->socid;
}
$feature2 = 'user';
$result = restrictedArea($user, 'user', $id, 'user', $feature2);
if ($user->id != $id && !$canreaduser) {
accessforbidden();
}
// Load translation files required by page
$langs->loadLangs(array('users', 'companies', 'ldap', 'admin', 'hrm', 'stocks', 'other'));
$object = new User($db);
$extrafields = new ExtraFields($db);
@ -133,6 +102,38 @@ $error = 0;
$acceptlocallinktomedia = (acceptLocalLinktoMedia() > 0 ? 1 : 0);
// Security check
$socid = 0;
if ($user->socid > 0) {
$socid = $user->socid;
}
$feature2 = 'user';
$result = restrictedArea($user, 'user', $id, 'user', $feature2);
// Define value to know what current user can do on users
$canadduser = (!empty($user->admin) || $user->hasRight("user", "user", "write"));
$canreaduser = (!empty($user->admin) || $user->hasRight("user", "user", "read"));
$canedituser = (!empty($user->admin) || $user->hasRight("user", "user", "write")); // edit other user
$candisableuser = (!empty($user->admin) || $user->hasRight("user", "user", "delete"));
$canreadgroup = $canreaduser;
$caneditgroup = $canedituser;
if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) {
$canreadgroup = (!empty($user->admin) || $user->hasRight("user", "group_advance", "read"));
$caneditgroup = (!empty($user->admin) || $user->hasRight("user", "group_advance", "write"));
}
if ($user->id != $id && !$canreaduser) {
accessforbidden();
}
// Define value to know what current user can do on properties of edited user
if ($id > 0) {
// $user is the current logged user, $id is the user we want to edit
$canedituser = (($user->id == $id) && $user->hasRight("user", "self", "write")); // can edit myself
$caneditfield = ((($user->id == $id) && $user->hasRight("user", "self", "write")) || (($user->id != $id) && $user->hasRight("user", "user", "write")));
$caneditpassword = ((($user->id == $id) && $user->hasRight("user", "self", "password")) || (($user->id != $id) && $user->hasRight("user", "user", "password")));
}
/**
* Actions
@ -395,7 +396,7 @@ if (empty($reshook)) {
}
}
if ($action == 'update' && !$cancel) {
if ($action == 'update' && $canedituser) {
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
if ($caneditfield) { // Case we can edit all field
@ -435,8 +436,12 @@ if (empty($reshook)) {
$object->national_registration_number = GETPOST("national_registration_number", 'alphanohtml');
}
$object->gender = GETPOST("gender", 'aZ09');
$object->pass = GETPOST("password", 'none'); // We can keep 'none' for password fields
$object->api_key = (GETPOST("api_key", 'alphanohtml')) ? GETPOST("api_key", 'alphanohtml') : $object->api_key;
if ($caneditpassword) {
$object->pass = GETPOST("password", 'none'); // We can keep 'none' for password fields
}
if ($caneditpassword || $user->hasRight("api", "apikey", "generate")) {
$object->api_key = (GETPOST("api_key", 'alphanohtml')) ? GETPOST("api_key", 'alphanohtml') : $object->api_key;
}
if (!empty($user->admin)) { // admin flag can only be set/unset by an admin user. A test is also done later when forging sql request
$object->admin = GETPOST("admin", "int");
}
@ -2096,7 +2101,7 @@ if ($action == 'create' || $action == 'adduserldap') {
print "</td></tr>\n";
}
} else {
print '<tr class="oddeven"><td colspan="3" class="opacitymedium">'.$langs->trans("None").'</td></tr>';
print '<tr class="oddeven"><td colspan="3"><span class="opacitymedium">'.$langs->trans("None").'</span></td></tr>';
}
print "</table>";
@ -2113,7 +2118,7 @@ if ($action == 'create' || $action == 'adduserldap') {
/*
* Card in edit mode
*/
if ($action == 'edit' && ($canedituser || $caneditfield || $caneditpassword || ($user->id == $object->id))) {
if ($action == 'edit' && ($canedituser || $caneditpassword)) {
print '<form action="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'" method="POST" name="updateuser" enctype="multipart/form-data">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="update">';
@ -2439,12 +2444,14 @@ if ($action == 'create' || $action == 'adduserldap') {
print "</td></tr>\n";
// API key
if (!empty($conf->api->enabled) && ($user->id == $id || $user->admin || $user->hasRight("api", "apikey", "generate"))) {
if (isModEnabled('api')) {
print '<tr><td>'.$langs->trans("ApiKey").'</td>';
print '<td>';
print '<input class="minwidth300" maxsize="32" type="text" id="api_key" name="api_key" value="'.$object->api_key.'" autocomplete="off">';
if (!empty($conf->use_javascript_ajax)) {
print '&nbsp;'.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_api_key" class="linkobject"');
if ($caneditpassword || $user->hasRight("api", "apikey", "generate")) {
print '<input class="minwidth300" maxsize="32" type="text" id="api_key" name="api_key" value="'.$object->api_key.'" autocomplete="off">';
if (!empty($conf->use_javascript_ajax)) {
print '&nbsp;'.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_api_key" class="linkobject"');
}
}
print '</td></tr>';
}
@ -2902,10 +2909,10 @@ if ($action == 'create' || $action == 'adduserldap') {
}
}
if (!empty($conf->api->enabled)) {
// Add button to autosuggest a key
include_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
print dolJSToSetRandomPassword('password', 'generate_password', 0);
// Add button to autosuggest a key
include_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
print dolJSToSetRandomPassword('password', 'generate_password', 0);
if (isModEnabled('api')) {
print dolJSToSetRandomPassword('api_key', 'generate_api_key', 1);
}

14
htdocs/user/class/api_users.class.php
View File

@ -100,11 +100,10 @@ class Users extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
@ -544,11 +543,10 @@ class Users extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

7
htdocs/zapier/class/api_zapier.class.php
View File

@ -198,11 +198,10 @@ class Zapier extends DolibarrApi
}
if ($sqlfilters) {
$errormessage = '';
if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
$sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
if ($errormessage) {
throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);

28
test/phpunit/FunctionsLibTest.php
View File

@ -167,6 +167,34 @@ class FunctionsLibTest extends PHPUnit\Framework\TestCase
print __METHOD__."\n";
}
/**
* testDolForgeCriteriaCallback
*
* @return boolean
*/
public function testDolForgeCriteriaCallback()
{
global $conf, $langs;
// An attempt for SQL injection
$filter='if(now()=sysdate()%2Csleep(6)%2C0)';
$sql = forgeSQLFromUniversalSearchCriteria($filter);
$this->assertEquals($sql, '1 = 3');
// A real search string
$filter='(((statut:=:1) or (entity:in:__AAA__)) and (abc:<:2.0) and (abc:!=:1.23))';
$sql = forgeSQLFromUniversalSearchCriteria($filter);
$this->assertEquals($sql, ' AND (((statut = 1 or entity IN (__AAA__)) and abc < 2 and abc = 1.23))');
$filter="(t.ref:like:'SO-%') or (t.date_creation:<:'20160101') or (t.date_creation:<:'2016-01-01 12:30:00') or (t.nature:is:NULL)";
$sql = forgeSQLFromUniversalSearchCriteria($filter);
$this->assertEquals($sql, " AND (t.ref LIKE 'SO-%' or t.date_creation < '20160101' or t.date_creation < 0 or t.nature IS NULL)");
return true;
}
/**
* testDolClone
*