| '.$langs->trans("AddIn").' | ';
print $formecm->selectAllSections((GETPOST("catParent", 'alpha') ? GETPOST("catParent", 'alpha') : $ecmdir->fk_parent), 'catParent', $module);
diff --git a/htdocs/ecm/index.php b/htdocs/ecm/index.php
index 6edf59dcbed..6f4b9577c92 100644
--- a/htdocs/ecm/index.php
+++ b/htdocs/ecm/index.php
@@ -83,6 +83,12 @@ if ($user->socid) {
}
$result = restrictedArea($user, 'ecm', 0);
+$permissiontoread = $user->hasRight('ecm', 'read');
+$permissiontocreate = $user->hasRight('ecm', 'upload');
+$permissiontocreatedir = $user->hasRight('ecm', 'setup');
+$permissiontodelete = $user->hasRight('ecm', 'upload');
+$permissiontodeletedir = $user->hasRight('ecm', 'setup');
+
/*
* Actions
@@ -93,7 +99,7 @@ $result = restrictedArea($user, 'ecm', 0);
//include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';
// Upload file (code similar but different than actions_linkedfiles.inc.php)
-if (GETPOST("sendit", 'alphanohtml') && !empty($conf->global->MAIN_UPLOAD_DOC)) {
+if (GETPOST("sendit", 'alphanohtml') && !empty($conf->global->MAIN_UPLOAD_DOC) && $permissiontocreate) {
// Define relativepath and upload_dir
$relativepath = '';
if ($ecmdir->id) {
@@ -130,7 +136,7 @@ if (GETPOST("sendit", 'alphanohtml') && !empty($conf->global->MAIN_UPLOAD_DOC))
}
// Remove file (code similar but different than actions_linkedfiles.inc.php)
-if ($action == 'confirm_deletefile') {
+if ($action == 'confirm_deletefile' && $permissiontodelete) {
if (GETPOST('confirm') == 'yes') {
// GETPOST('urlfile','alpha') is full relative URL from ecm root dir. Contains path of all sections.
@@ -152,7 +158,7 @@ if ($action == 'confirm_deletefile') {
}
// Add directory
-if ($action == 'add' && $user->rights->ecm->setup) {
+if ($action == 'add' && $permissiontocreatedir) {
$ecmdir->ref = 'NOTUSEDYET';
$ecmdir->label = GETPOST("label");
$ecmdir->description = GETPOST("desc");
@@ -170,7 +176,7 @@ if ($action == 'add' && $user->rights->ecm->setup) {
}
// Remove directory
-if ($action == 'confirm_deletesection' && GETPOST('confirm', 'alpha') == 'yes') {
+if ($action == 'confirm_deletesection' && GETPOST('confirm', 'alpha') == 'yes' && $permissiontodeletedir) {
$result = $ecmdir->delete($user);
setEventMessages($langs->trans("ECMSectionWasRemoved", $ecmdir->label), null, 'mesgs');
@@ -180,7 +186,7 @@ if ($action == 'confirm_deletesection' && GETPOST('confirm', 'alpha') == 'yes')
// Refresh directory view
// This refresh list of dirs, not list of files (for preformance reason). List of files is refresh only if dir was not synchronized.
// To refresh content of dir with cache, just open the dir in edit mode.
-if ($action == 'refreshmanual') {
+if ($action == 'refreshmanual' && $permissiontoread) {
$ecmdirtmp = new EcmDirectory($db);
// This part of code is same than into file ecm/ajax/ecmdatabase.php TODO Remove duplicate
diff --git a/htdocs/ecm/index_auto.php b/htdocs/ecm/index_auto.php
index 3944e869da0..ae641047b30 100644
--- a/htdocs/ecm/index_auto.php
+++ b/htdocs/ecm/index_auto.php
@@ -34,12 +34,6 @@ require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php';
// Load translation files required by the page
$langs->loadLangs(array("ecm", "companies", "other", "users", "orders", "propal", "bills", "contracts"));
-// Security check
-if ($user->socid) {
- $socid = $user->socid;
-}
-$result = restrictedArea($user, 'ecm', 0);
-
// Get parameters
$socid = GETPOST('socid', 'int');
$action = GETPOST('action', 'aZ09');
@@ -87,6 +81,12 @@ $userstatic = new User($db);
$error = 0;
+// Security check
+if ($user->socid) {
+ $socid = $user->socid;
+}
+$result = restrictedArea($user, 'ecm', 0);
+
/*
* Actions
diff --git a/htdocs/eventorganization/class/conferenceorbooth.class.php b/htdocs/eventorganization/class/conferenceorbooth.class.php
index 9da7aa06a84..658aa8d5bb5 100644
--- a/htdocs/eventorganization/class/conferenceorbooth.class.php
+++ b/htdocs/eventorganization/class/conferenceorbooth.class.php
@@ -106,8 +106,8 @@ class ConferenceOrBooth extends ActionComm
'id' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>'1', 'position'=>1, 'notnull'=>1, 'visible'=>0, 'noteditable'=>'1', 'index'=>1, 'css'=>'left', 'comment'=>"Id"),
'ref' => array('type'=>'integer', 'label'=>'Ref', 'enabled'=>'1', 'position'=>1, 'notnull'=>1, 'visible'=>2, 'noteditable'=>'1', 'index'=>1, 'css'=>'left', 'csslist'=>'left', 'comment'=>"Id"),
'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>'1', 'position'=>30, 'notnull'=>1, 'visible'=>1, 'searchall'=>1, 'css'=>'minwidth300', 'csslist'=>'tdoverflowmax125', 'help'=>"OrganizationEvenLabelName", 'showoncombobox'=>'1', 'autofocusoncreate'=>1),
- 'fk_project' => array('type'=>'integer:Project:projet/class/project.class.php:1:t.usage_organize_event=1', 'label'=>'Project', 'enabled'=>"isModEnabled('project')", 'position'=>52, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'picto'=>'project', 'css'=>'tdoverflowmax150 maxwidth500', 'csslist'=>'width100'),
- 'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'enabled'=>'$conf->societe->enabled', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'help'=>"OrganizationEventLinkToThirdParty", 'picto'=>'company', 'csslist'=>'tdoverflowmax125', 'css'=>'maxwidth500'),
+ 'fk_project' => array('type'=>'integer:Project:projet/class/project.class.php:1:(t.usage_organize_event:=:1)', 'label'=>'Project', 'enabled'=>"isModEnabled('project')", 'position'=>52, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'picto'=>'project', 'css'=>'tdoverflowmax150 maxwidth500', 'csslist'=>'width100'),
+ 'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:((status:=:1) AND (entity:IN:__SHARED_ENTITIES__))', 'label'=>'ThirdParty', 'enabled'=>'$conf->societe->enabled', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'help'=>"OrganizationEventLinkToThirdParty", 'picto'=>'company', 'csslist'=>'tdoverflowmax125', 'css'=>'maxwidth500'),
'note' => array('type'=>'html', 'label'=>'Description', 'enabled'=>'1', 'position'=>60, 'notnull'=>0, 'visible'=>3),
'fk_action' => array('type'=>'sellist:c_actioncomm:libelle:id::module LIKE (\'%@eventorganization\')', 'label'=>'Format', 'enabled'=>'1', 'position'=>60, 'notnull'=>1, 'visible'=>1, 'css'=>'width100', 'csslist'=>'tdoverflowmax100'),
'datep' => array('type'=>'datetime', 'label'=>'DateStart', 'enabled'=>'1', 'position'=>70, 'notnull'=>0, 'visible'=>1, 'showoncombobox'=>'2',),
diff --git a/htdocs/eventorganization/class/conferenceorboothattendee.class.php b/htdocs/eventorganization/class/conferenceorboothattendee.class.php
index afee798829f..0ac9fdb4481 100644
--- a/htdocs/eventorganization/class/conferenceorboothattendee.class.php
+++ b/htdocs/eventorganization/class/conferenceorboothattendee.class.php
@@ -108,7 +108,7 @@ class ConferenceOrBoothAttendee extends CommonObject
'email' => array('type'=>'mail', 'label'=>'EmailAttendee', 'enabled'=>'1', 'position'=>30, 'notnull'=>1, 'visible'=>1, 'index'=>1, 'autofocusoncreate'=>1, 'searchall'=>1),
'firstname' => array('type'=>'varchar(100)', 'label'=>'Firstname', 'enabled'=>'1', 'position'=>31, 'notnull'=>0, 'visible'=>1, 'index'=>1, 'searchall'=>1),
'lastname' => array('type'=>'varchar(100)', 'label'=>'Lastname', 'enabled'=>'1', 'position'=>32, 'notnull'=>0, 'visible'=>1, 'index'=>1, 'searchall'=>1),
- 'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:status = 1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'enabled'=>'isModEnabled("societe")', 'position'=>40, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'help'=>"OrganizationEventLinkToThirdParty", 'picto'=>'company', 'css'=>'tdoverflowmax150 maxwidth500'),
+ 'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:((status:=:1) AND (entity:IN:__SHARED_ENTITIES__))', 'label'=>'ThirdParty', 'enabled'=>'isModEnabled("societe")', 'position'=>40, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'help'=>"OrganizationEventLinkToThirdParty", 'picto'=>'company', 'css'=>'tdoverflowmax150 maxwidth500'),
'email_company' => array('type'=>'mail', 'label'=>'EmailCompany', 'enabled'=>'1', 'position'=>41, 'notnull'=>0, 'visible'=>-2, 'searchall'=>1),
'date_subscription' => array('type'=>'datetime', 'label'=>'DateOfRegistration', 'enabled'=>'1', 'position'=>56, 'notnull'=>1, 'visible'=>1, 'showoncombobox'=>'1',),
'fk_invoice' => array('type'=>'integer:Facture:compta/facture/class/facture.class.php', 'label'=>'Invoice', 'enabled'=>'$conf->facture->enabled', 'position'=>57, 'notnull'=>0, 'visible'=>-1, 'index'=>0, 'picto'=>'bill', 'css'=>'tdoverflowmax150 maxwidth500'),
diff --git a/htdocs/expedition/class/api_shipments.class.php b/htdocs/expedition/class/api_shipments.class.php
index 6a753a24cdb..d2f9da404e4 100644
--- a/htdocs/expedition/class/api_shipments.class.php
+++ b/htdocs/expedition/class/api_shipments.class.php
@@ -145,11 +145,10 @@ class Shipments extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
diff --git a/htdocs/expensereport/class/api_expensereports.class.php b/htdocs/expensereport/class/api_expensereports.class.php
index 876b08f18f0..c3bfeb2264d 100644
--- a/htdocs/expensereport/class/api_expensereports.class.php
+++ b/htdocs/expensereport/class/api_expensereports.class.php
@@ -118,11 +118,10 @@ class ExpenseReports extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
diff --git a/htdocs/fichinter/class/api_interventions.class.php b/htdocs/fichinter/class/api_interventions.class.php
index 78b324c288d..98cb04368a1 100644
--- a/htdocs/fichinter/class/api_interventions.class.php
+++ b/htdocs/fichinter/class/api_interventions.class.php
@@ -150,11 +150,10 @@ class Interventions extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php
index da199f42206..e1cafba1ff1 100644
--- a/htdocs/fichinter/class/fichinter.class.php
+++ b/htdocs/fichinter/class/fichinter.class.php
@@ -39,7 +39,7 @@ class Fichinter extends CommonObject
public $fields = array(
'rowid' =>array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>10),
'fk_soc' =>array('type'=>'integer:Societe:societe/class/societe.class.php', 'label'=>'ThirdParty', 'enabled'=>'isModEnabled("societe")', 'visible'=>-1, 'notnull'=>1, 'position'=>15),
- 'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Fk projet', 'enabled'=>'isModEnabled("project")', 'visible'=>-1, 'position'=>20),
+ 'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:(fk_statut:=:1)', 'label'=>'Fk projet', 'enabled'=>'isModEnabled("project")', 'visible'=>-1, 'position'=>20),
'fk_contrat' =>array('type'=>'integer', 'label'=>'Fk contrat', 'enabled'=>'$conf->contrat->enabled', 'visible'=>-1, 'position'=>25),
'ref' =>array('type'=>'varchar(30)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'showoncombobox'=>1, 'position'=>30),
'ref_ext' =>array('type'=>'varchar(255)', 'label'=>'Ref ext', 'enabled'=>1, 'visible'=>0, 'position'=>35),
diff --git a/htdocs/fourn/class/api_supplier_invoices.class.php b/htdocs/fourn/class/api_supplier_invoices.class.php
index 5cc3e5592a2..02bed2c5e0a 100644
--- a/htdocs/fourn/class/api_supplier_invoices.class.php
+++ b/htdocs/fourn/class/api_supplier_invoices.class.php
@@ -160,11 +160,10 @@ class SupplierInvoices extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
diff --git a/htdocs/fourn/class/api_supplier_orders.class.php b/htdocs/fourn/class/api_supplier_orders.class.php
index 1b7098d9cc5..bd37c81e57e 100644
--- a/htdocs/fourn/class/api_supplier_orders.class.php
+++ b/htdocs/fourn/class/api_supplier_orders.class.php
@@ -176,11 +176,10 @@ class SupplierOrders extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php
index 99685ea140c..4f74168b4cb 100644
--- a/htdocs/fourn/class/fournisseur.commande.class.php
+++ b/htdocs/fourn/class/fournisseur.commande.class.php
@@ -247,7 +247,7 @@ class CommandeFournisseur extends CommonOrder
'ref' =>array('type'=>'varchar(255)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>1, 'showoncombobox'=>1, 'position'=>25, 'searchall'=>1),
'ref_ext' =>array('type'=>'varchar(255)', 'label'=>'Ref ext', 'enabled'=>1, 'visible'=>0, 'position'=>35),
'ref_supplier' =>array('type'=>'varchar(255)', 'label'=>'RefOrderSupplierShort', 'enabled'=>1, 'visible'=>1, 'position'=>40, 'searchall'=>1),
- 'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Project', 'enabled'=>"isModEnabled('project')", 'visible'=>-1, 'position'=>45),
+ 'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:(fk_statut:=:1)', 'label'=>'Project', 'enabled'=>"isModEnabled('project')", 'visible'=>-1, 'position'=>45),
'date_valid' =>array('type'=>'datetime', 'label'=>'DateValidation', 'enabled'=>1, 'visible'=>-1, 'position'=>60),
'date_approve' =>array('type'=>'datetime', 'label'=>'DateApprove', 'enabled'=>1, 'visible'=>-1, 'position'=>62),
'date_approve2' =>array('type'=>'datetime', 'label'=>'DateApprove2', 'enabled'=>1, 'visible'=>3, 'position'=>64),
diff --git a/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php b/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php
index 0806514b968..42b3ce9acd2 100644
--- a/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php
+++ b/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php
@@ -199,11 +199,10 @@ class KnowledgeManagement extends DolibarrApi
}
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
diff --git a/htdocs/langs/en_US/ecm.lang b/htdocs/langs/en_US/ecm.lang
index 5ced4ec5617..724e5aa59d7 100644
--- a/htdocs/langs/en_US/ecm.lang
+++ b/htdocs/langs/en_US/ecm.lang
@@ -19,7 +19,7 @@ ECMArea=DMS/ECM area
ECMAreaDesc=The DMS/ECM (Document Management System / Electronic Content Management) area allows you to save, share and search quickly all kind of documents in Dolibarr.
ECMAreaDesc2a=* Manual directories can be used to save documents not linked to a particular element.
ECMAreaDesc2b=* Automatic directories are filled automatically when adding documents from the page of an element.
-ECMAreaDesc3=* Medias directories are files into the subdirectory /medias of documents directory, readable by everybody with no need to be logged and no need to have the file shared explicitely. It is used to store image files from emailing or website module.
+ECMAreaDesc3=* Medias directories are files into the subdirectory /medias of documents directory, readable by everybody with no need to be logged and no need to have the file shared explicitely. It is used to store image files for the emailing or website module for example.
ECMSectionWasRemoved=Directory %s has been deleted.
ECMSectionWasCreated=Directory %s has been created.
ECMSearchByKeywords=Search by keywords
diff --git a/htdocs/modulebuilder/template/class/api_mymodule.class.php b/htdocs/modulebuilder/template/class/api_mymodule.class.php
index ce92ef5ea8e..fdb56ff3c67 100644
--- a/htdocs/modulebuilder/template/class/api_mymodule.class.php
+++ b/htdocs/modulebuilder/template/class/api_mymodule.class.php
@@ -156,11 +156,10 @@ class MyModuleApi extends DolibarrApi
}
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
diff --git a/htdocs/modulebuilder/template/class/myobject.class.php b/htdocs/modulebuilder/template/class/myobject.class.php
index 5143f8a9790..2dcb87ea523 100644
--- a/htdocs/modulebuilder/template/class/myobject.class.php
+++ b/htdocs/modulebuilder/template/class/myobject.class.php
@@ -120,7 +120,7 @@ class MyObject extends CommonObject
'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>1, 'visible'=>1, 'position'=>30, 'searchall'=>1, 'css'=>'minwidth300', 'cssview'=>'wordbreak', 'help'=>'Help text', 'showoncombobox'=>2, 'validate'=>1, 'alwayseditable'=>1),
'amount' => array('type'=>'price', 'label'=>'Amount', 'enabled'=>1, 'visible'=>1, 'default'=>'null', 'position'=>40, 'searchall'=>0, 'isameasure'=>1, 'help'=>'Help text for amount', 'validate'=>1),
'qty' => array('type'=>'real', 'label'=>'Qty', 'enabled'=>1, 'visible'=>1, 'default'=>'0', 'position'=>45, 'searchall'=>0, 'isameasure'=>1, 'help'=>'Help text for quantity', 'css'=>'maxwidth75imp', 'validate'=>1),
- 'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'picto'=>'company', 'label'=>'ThirdParty', 'visible'=> 1, 'enabled'=>'isModEnabled("societe")', 'position'=>50, 'notnull'=>-1, 'index'=>1, 'help'=>'OrganizationEventLinkToThirdParty', 'validate'=>1, 'css'=>'maxwidth500 widthcentpercentminusxx', 'csslist'=>'tdoverflowmax150'),
+ 'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:((status:=:1) AND (entity:IN:__SHARED_ENTITIES__))', 'picto'=>'company', 'label'=>'ThirdParty', 'visible'=> 1, 'enabled'=>'isModEnabled("societe")', 'position'=>50, 'notnull'=>-1, 'index'=>1, 'help'=>'OrganizationEventLinkToThirdParty', 'validate'=>1, 'css'=>'maxwidth500 widthcentpercentminusxx', 'csslist'=>'tdoverflowmax150'),
'fk_project' => array('type'=>'integer:Project:projet/class/project.class.php:1', 'label'=>'Project', 'picto'=>'project', 'enabled'=>'$conf->project->enabled', 'visible'=>-1, 'position'=>52, 'notnull'=>-1, 'index'=>1, 'validate'=>1, 'css'=>'maxwidth500 widthcentpercentminusxx', 'csslist'=>'tdoverflowmax150'),
'description' => array('type'=>'text', 'label'=>'Description', 'enabled'=>1, 'visible'=>3, 'position'=>60, 'validate'=>1),
'note_public' => array('type'=>'html', 'label'=>'NotePublic', 'enabled'=>1, 'visible'=>0, 'position'=>61, 'validate'=>1, 'cssview'=>'wordbreak'),
@@ -1162,7 +1162,7 @@ class MyObject extends CommonObject
*/
public function doScheduledJob()
{
- global $conf, $langs;
+ //global $conf, $langs;
//$conf->global->SYSLOG_FILE = 'DOL_DATA_ROOT/dolibarr_mydedicatedlofile.log';
diff --git a/htdocs/mrp/class/api_mos.class.php b/htdocs/mrp/class/api_mos.class.php
index b747e5eafce..2312f4bd636 100644
--- a/htdocs/mrp/class/api_mos.class.php
+++ b/htdocs/mrp/class/api_mos.class.php
@@ -148,11 +148,10 @@ class Mos extends DolibarrApi
}
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
diff --git a/htdocs/mrp/class/mo.class.php b/htdocs/mrp/class/mo.class.php
index 446880684d5..2e9072ac0f2 100644
--- a/htdocs/mrp/class/mo.class.php
+++ b/htdocs/mrp/class/mo.class.php
@@ -98,13 +98,13 @@ class Mo extends CommonObject
'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-2, 'position'=>1, 'notnull'=>1, 'index'=>1, 'comment'=>"Id",),
'entity' => array('type'=>'integer', 'label'=>'Entity', 'enabled'=>1, 'visible'=>0, 'position'=>5, 'notnull'=>1, 'default'=>'1', 'index'=>1),
'ref' => array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>4, 'position'=>10, 'notnull'=>1, 'default'=>'(PROV)', 'index'=>1, 'searchall'=>1, 'comment'=>"Reference of object", 'showoncombobox'=>'1', 'noteditable'=>1),
- 'fk_bom' => array('type'=>'integer:Bom:bom/class/bom.class.php:0:t.status=1', 'filter'=>'active=1', 'label'=>'BOM', 'enabled'=>'$conf->bom->enabled', 'visible'=>1, 'position'=>33, 'notnull'=>-1, 'index'=>1, 'comment'=>"Original BOM", 'css'=>'minwidth100 maxwidth300', 'csslist'=>'nowraponall', 'picto'=>'bom'),
+ 'fk_bom' => array('type'=>'integer:Bom:bom/class/bom.class.php:0:(t.status:=:1)', 'filter'=>'active=1', 'label'=>'BOM', 'enabled'=>'$conf->bom->enabled', 'visible'=>1, 'position'=>33, 'notnull'=>-1, 'index'=>1, 'comment'=>"Original BOM", 'css'=>'minwidth100 maxwidth300', 'csslist'=>'nowraponall', 'picto'=>'bom'),
'mrptype' => array('type'=>'integer', 'label'=>'Type', 'enabled'=>1, 'visible'=>1, 'position'=>34, 'notnull'=>1, 'default'=>'0', 'arrayofkeyval'=>array(0=>'Manufacturing', 1=>'Disassemble'), 'css'=>'minwidth150', 'csslist'=>'minwidth150 center'),
'fk_product' => array('type'=>'integer:Product:product/class/product.class.php:0', 'label'=>'Product', 'enabled'=>'$conf->product->enabled', 'visible'=>1, 'position'=>35, 'notnull'=>1, 'index'=>1, 'comment'=>"Product to produce", 'css'=>'maxwidth300', 'csslist'=>'tdoverflowmax100', 'picto'=>'product'),
'qty' => array('type'=>'real', 'label'=>'QtyToProduce', 'enabled'=>1, 'visible'=>1, 'position'=>40, 'notnull'=>1, 'comment'=>"Qty to produce", 'css'=>'width75', 'default'=>1, 'isameasure'=>1),
'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>1, 'visible'=>1, 'position'=>42, 'notnull'=>-1, 'searchall'=>1, 'showoncombobox'=>'2', 'css'=>'maxwidth300', 'csslist'=>'tdoverflowmax200', 'alwayseditable'=>1),
'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1', 'label'=>'ThirdParty', 'picto'=>'company', 'enabled'=>'isModEnabled("societe")', 'visible'=>-1, 'position'=>50, 'notnull'=>-1, 'index'=>1, 'css'=>'maxwidth400', 'csslist'=>'tdoverflowmax150'),
- 'fk_project' => array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Project', 'picto'=>'project', 'enabled'=>'$conf->project->enabled', 'visible'=>-1, 'position'=>51, 'notnull'=>-1, 'index'=>1, 'css'=>'minwidth200 maxwidth400', 'csslist'=>'tdoverflowmax100'),
+ 'fk_project' => array('type'=>'integer:Project:projet/class/project.class.php:1:(fk_statut:=:1)', 'label'=>'Project', 'picto'=>'project', 'enabled'=>'$conf->project->enabled', 'visible'=>-1, 'position'=>51, 'notnull'=>-1, 'index'=>1, 'css'=>'minwidth200 maxwidth400', 'csslist'=>'tdoverflowmax100'),
'fk_warehouse' => array('type'=>'integer:Entrepot:product/stock/class/entrepot.class.php:0', 'label'=>'WarehouseForProduction', 'picto'=>'stock', 'enabled'=>'$conf->stock->enabled', 'visible'=>1, 'position'=>52, 'css'=>'maxwidth400', 'csslist'=>'tdoverflowmax200'),
'note_public' => array('type'=>'html', 'label'=>'NotePublic', 'enabled'=>1, 'visible'=>0, 'position'=>61, 'notnull'=>-1,),
'note_private' => array('type'=>'html', 'label'=>'NotePrivate', 'enabled'=>1, 'visible'=>0, 'position'=>62, 'notnull'=>-1,),
diff --git a/htdocs/partnership/class/api_partnership.class.php b/htdocs/partnership/class/api_partnership.class.php
index 1e1c7ca80fe..13bc447c51d 100644
--- a/htdocs/partnership/class/api_partnership.class.php
+++ b/htdocs/partnership/class/api_partnership.class.php
@@ -156,11 +156,10 @@ class PartnershipApi extends DolibarrApi
}
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
diff --git a/htdocs/partnership/class/partnership.class.php b/htdocs/partnership/class/partnership.class.php
index acdea0fd665..49da9b1812f 100644
--- a/htdocs/partnership/class/partnership.class.php
+++ b/htdocs/partnership/class/partnership.class.php
@@ -104,8 +104,8 @@ class Partnership extends CommonObject
'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>'1', 'position'=>1, 'notnull'=>1, 'visible'=>0, 'noteditable'=>'1', 'index'=>1, 'css'=>'left', 'comment'=>"Id"),
'ref' => array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>'1', 'position'=>10, 'notnull'=>1, 'visible'=>4, 'noteditable'=>'1', 'default'=>'(PROV)', 'index'=>1, 'searchall'=>1, 'showoncombobox'=>'1', 'comment'=>"Reference of object"),
'entity' => array('type'=>'integer', 'label'=>'Entity', 'enabled'=>'1', 'position'=>15, 'notnull'=>1, 'visible'=>-2, 'default'=>'1', 'index'=>1,),
- 'fk_type' => array('type'=>'integer:PartnershipType:partnership/class/partnership_type.class.php:0:active=1', 'label'=>'Type', 'enabled'=>'1', 'position'=>20, 'notnull'=>1, 'visible'=>1, 'csslist'=>'tdoverflowmax100'),
- 'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'picto'=>'company', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'css'=>'maxwidth500', 'csslist'=>'tdoverflowmax125',),
+ 'fk_type' => array('type'=>'integer:PartnershipType:partnership/class/partnership_type.class.php:0:(active:=:1)', 'label'=>'Type', 'enabled'=>'1', 'position'=>20, 'notnull'=>1, 'visible'=>1, 'csslist'=>'tdoverflowmax100'),
+ 'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:((status:=:1) AND (entity:IN:__SHARED_ENTITIES__))', 'label'=>'ThirdParty', 'picto'=>'company', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'css'=>'maxwidth500', 'csslist'=>'tdoverflowmax125',),
'note_public' => array('type'=>'html', 'label'=>'NotePublic', 'enabled'=>'1', 'position'=>61, 'notnull'=>0, 'visible'=>0,),
'note_private' => array('type'=>'html', 'label'=>'NotePrivate', 'enabled'=>'1', 'position'=>62, 'notnull'=>0, 'visible'=>0,),
'date_creation' => array('type'=>'datetime', 'label'=>'DateCreation', 'enabled'=>'1', 'position'=>500, 'notnull'=>1, 'visible'=>-2,),
@@ -198,7 +198,7 @@ class Partnership extends CommonObject
if (getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR') == 'member') {
$this->fields['fk_member'] = array('type'=>'integer:Adherent:adherents/class/adherent.class.php:1', 'label'=>'Member', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'picto'=>'member', 'csslist'=>'tdoverflowmax150');
} else {
- $this->fields['fk_soc'] = array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'picto'=>'company', 'css'=>'maxwidth500', 'csslist'=>'tdoverflowmax150');
+ $this->fields['fk_soc'] = array('type'=>'integer:Societe:societe/class/societe.class.php:1:((status:=:1) AND (entity:IN:__SHARED_ENTITIES__))', 'label'=>'ThirdParty', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'picto'=>'company', 'css'=>'maxwidth500', 'csslist'=>'tdoverflowmax150');
}
if (empty($conf->global->MAIN_SHOW_TECHNICAL_ID) && isset($this->fields['rowid']) && !empty($this->fields['ref'])) {
diff --git a/htdocs/product/class/api_products.class.php b/htdocs/product/class/api_products.class.php
index a81b342740b..2e1d926f5f7 100644
--- a/htdocs/product/class/api_products.class.php
+++ b/htdocs/product/class/api_products.class.php
@@ -222,12 +222,10 @@ class Products extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- //var_dump($sqlfilters);exit;
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)'; // We must accept datc:<:2020-01-01 10:10:10
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
//this query will return total products with the filters given
@@ -905,11 +903,10 @@ class Products extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
@@ -1033,11 +1030,10 @@ class Products extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
diff --git a/htdocs/product/stock/class/api_stockmovements.class.php b/htdocs/product/stock/class/api_stockmovements.class.php
index 472d38ea245..5250913a5f6 100644
--- a/htdocs/product/stock/class/api_stockmovements.class.php
+++ b/htdocs/product/stock/class/api_stockmovements.class.php
@@ -110,11 +110,10 @@ class StockMovements extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
diff --git a/htdocs/product/stock/class/api_warehouses.class.php b/htdocs/product/stock/class/api_warehouses.class.php
index 0cf0e57fe3a..a0646598d96 100644
--- a/htdocs/product/stock/class/api_warehouses.class.php
+++ b/htdocs/product/stock/class/api_warehouses.class.php
@@ -117,11 +117,10 @@ class Warehouses extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php
index b9e0c11ed56..6b0d558c689 100644
--- a/htdocs/product/stock/class/entrepot.class.php
+++ b/htdocs/product/stock/class/entrepot.class.php
@@ -127,8 +127,8 @@ class Entrepot extends CommonObject
'ref' =>array('type'=>'varchar(255)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>1, 'showoncombobox'=>1, 'position'=>25, 'searchall'=>1),
'description' =>array('type'=>'text', 'label'=>'Description', 'enabled'=>1, 'visible'=>-2, 'position'=>35, 'searchall'=>1),
'lieu' =>array('type'=>'varchar(64)', 'label'=>'LocationSummary', 'enabled'=>1, 'visible'=>1, 'position'=>40, 'showoncombobox'=>2, 'searchall'=>1),
- 'fk_parent' =>array('type'=>'integer:Entrepot:product/stock/class/entrepot.class.php:1:statut=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ParentWarehouse', 'enabled'=>1, 'visible'=>-2, 'position'=>41),
- 'fk_project' =>array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Project', 'enabled'=>'$conf->project->enabled', 'visible'=>-1, 'position'=>25),
+ 'fk_parent' =>array('type'=>'integer:Entrepot:product/stock/class/entrepot.class.php:1:((status:=:1) AND (entity:IN:__SHARED_ENTITIES__))', 'label'=>'ParentWarehouse', 'enabled'=>1, 'visible'=>-2, 'position'=>41),
+ 'fk_project' =>array('type'=>'integer:Project:projet/class/project.class.php:1:(fk_statut:=:1)', 'label'=>'Project', 'enabled'=>'$conf->project->enabled', 'visible'=>-1, 'position'=>25),
'address' =>array('type'=>'varchar(255)', 'label'=>'Address', 'enabled'=>1, 'visible'=>-2, 'position'=>45, 'searchall'=>1),
'zip' =>array('type'=>'varchar(10)', 'label'=>'Zip', 'enabled'=>1, 'visible'=>-2, 'position'=>50, 'searchall'=>1),
'town' =>array('type'=>'varchar(50)', 'label'=>'Town', 'enabled'=>1, 'visible'=>-2, 'position'=>55, 'searchall'=>1),
diff --git a/htdocs/product/stock/class/mouvementstock.class.php b/htdocs/product/stock/class/mouvementstock.class.php
index 6c491bfc6e0..62526483542 100644
--- a/htdocs/product/stock/class/mouvementstock.class.php
+++ b/htdocs/product/stock/class/mouvementstock.class.php
@@ -127,12 +127,12 @@ class MouvementStock extends CommonObject
'fk_origin' =>array('type'=>'integer', 'label'=>'Fk origin', 'enabled'=>1, 'visible'=>-1, 'position'=>60),
'origintype' =>array('type'=>'varchar(32)', 'label'=>'Origintype', 'enabled'=>1, 'visible'=>-1, 'position'=>65),
'model_pdf' =>array('type'=>'varchar(255)', 'label'=>'Model pdf', 'enabled'=>1, 'visible'=>0, 'position'=>70),
- 'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Project', 'enabled'=>'$conf->project->enabled', 'visible'=>-1, 'notnull'=>1, 'position'=>75),
+ 'fk_projet' =>array('type'=>'integer:Project:projet/class/project.class.php:1:(fk_statut:=:1)', 'label'=>'Project', 'enabled'=>'$conf->project->enabled', 'visible'=>-1, 'notnull'=>1, 'position'=>75),
'inventorycode' =>array('type'=>'varchar(128)', 'label'=>'InventoryCode', 'enabled'=>1, 'visible'=>-1, 'position'=>80),
'batch' =>array('type'=>'varchar(30)', 'label'=>'Batch', 'enabled'=>1, 'visible'=>-1, 'position'=>85),
'eatby' =>array('type'=>'date', 'label'=>'Eatby', 'enabled'=>1, 'visible'=>-1, 'position'=>90),
'sellby' =>array('type'=>'date', 'label'=>'Sellby', 'enabled'=>1, 'visible'=>-1, 'position'=>95),
- 'fk_project' =>array('type'=>'integer:Project:projet/class/project.class.php:1:fk_statut=1', 'label'=>'Fk project', 'enabled'=>1, 'visible'=>-1, 'position'=>100),
+ 'fk_project' =>array('type'=>'integer:Project:projet/class/project.class.php:1:(fk_statut:=:1)', 'label'=>'Fk project', 'enabled'=>1, 'visible'=>-1, 'position'=>100),
);
diff --git a/htdocs/product/stock/stocktransfer/class/stocktransfer.class.php b/htdocs/product/stock/stocktransfer/class/stocktransfer.class.php
index 1abde2eb4ae..f07610c6898 100644
--- a/htdocs/product/stock/stocktransfer/class/stocktransfer.class.php
+++ b/htdocs/product/stock/stocktransfer/class/stocktransfer.class.php
@@ -131,7 +131,7 @@ class StockTransfer extends CommonObject
'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>'1', 'position'=>30, 'notnull'=>0, 'visible'=>1, 'searchall'=>1, 'css'=>'minwidth200'/*, 'help'=>"Help text"*/, 'showoncombobox'=>'1',),
'description' => array('type'=>'text', 'label'=>'Description', 'enabled'=>'1', 'position'=>31, 'notnull'=>0, 'visible'=>3,),
'fk_project' => array('type'=>'integer:Project:projet/class/project.class.php:1', 'label'=>'Project', 'enabled'=>'$conf->project->enabled', 'position'=>32, 'notnull'=>-1, 'visible'=>-1, 'index'=>1,),
- 'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1/*, 'help'=>"LinkToThirdparty"*/,),
+ 'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:((status:=:1) AND (entity:IN:__SHARED_ENTITIES__))', 'label'=>'ThirdParty', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1/*, 'help'=>"LinkToThirdparty"*/,),
'fk_warehouse_source' => array('type'=>'integer:Entrepot:product/stock/class/entrepot.class.php', 'label'=>'Entrepôt source', 'enabled'=>'1', 'position'=>50, 'notnull'=>0, 'visible'=>1, 'help'=>'HelpWarehouseStockTransferSource',),
'fk_warehouse_destination' => array('type'=>'integer:Entrepot:product/stock/class/entrepot.class.php', 'label'=>'Entrepôt de destination', 'enabled'=>'1', 'position'=>51, 'notnull'=>0, 'visible'=>1, 'help'=>'HelpWarehouseStockTransferDestination'),
'note_public' => array('type'=>'html', 'label'=>'NotePublic', 'enabled'=>'1', 'position'=>61, 'notnull'=>0, 'visible'=>0,),
diff --git a/htdocs/projet/class/api_projects.class.php b/htdocs/projet/class/api_projects.class.php
index fa936969754..cf27619d3c7 100644
--- a/htdocs/projet/class/api_projects.class.php
+++ b/htdocs/projet/class/api_projects.class.php
@@ -151,11 +151,10 @@ class Projects extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
diff --git a/htdocs/projet/class/api_tasks.class.php b/htdocs/projet/class/api_tasks.class.php
index 775c81425d6..1c8105ea931 100644
--- a/htdocs/projet/class/api_tasks.class.php
+++ b/htdocs/projet/class/api_tasks.class.php
@@ -150,11 +150,10 @@ class Tasks extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
diff --git a/htdocs/reception/class/api_receptions.class.php b/htdocs/reception/class/api_receptions.class.php
index a7b8bdb02ce..c9f4cba44cc 100644
--- a/htdocs/reception/class/api_receptions.class.php
+++ b/htdocs/reception/class/api_receptions.class.php
@@ -144,11 +144,10 @@ class Receptions extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
diff --git a/htdocs/recruitment/class/api_recruitment.class.php b/htdocs/recruitment/class/api_recruitment.class.php
index c8e21a3e029..b665bda1279 100644
--- a/htdocs/recruitment/class/api_recruitment.class.php
+++ b/htdocs/recruitment/class/api_recruitment.class.php
@@ -194,11 +194,10 @@ class Recruitment extends DolibarrApi
}
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
@@ -302,11 +301,10 @@ class Recruitment extends DolibarrApi
}
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
diff --git a/htdocs/recruitment/class/recruitmentjobposition.class.php b/htdocs/recruitment/class/recruitmentjobposition.class.php
index a63e6b012b2..69ec74deb9d 100644
--- a/htdocs/recruitment/class/recruitmentjobposition.class.php
+++ b/htdocs/recruitment/class/recruitmentjobposition.class.php
@@ -120,11 +120,11 @@ class RecruitmentJobPosition extends CommonObject
'label' => array('type'=>'varchar(255)', 'label'=>'JobLabel', 'enabled'=>'1', 'position'=>30, 'notnull'=>1, 'visible'=>1, 'searchall'=>1, 'css'=>'minwidth500', 'csslist'=>'tdoverflowmax300', 'showoncombobox'=>'2', 'autofocusoncreate'=>1),
'qty' => array('type'=>'integer', 'label'=>'NbOfEmployeesExpected', 'enabled'=>'1', 'position'=>45, 'notnull'=>1, 'visible'=>1, 'default'=>'1', 'isameasure'=>'1', 'css'=>'maxwidth75imp'),
'fk_project' => array('type'=>'integer:Project:projet/class/project.class.php:1', 'label'=>'Project', 'enabled'=>'$conf->project->enabled', 'position'=>52, 'notnull'=>-1, 'visible'=>-1, 'index'=>1, 'css'=>'maxwidth500', 'picto'=>'project'),
- 'fk_user_recruiter' => array('type'=>'integer:User:user/class/user.class.php:status=1', 'label'=>'ResponsibleOfRecruitement', 'enabled'=>'1', 'position'=>54, 'notnull'=>1, 'visible'=>1, 'foreignkey'=>'user.rowid', 'css'=>'maxwidth500', 'csslist'=>'tdoverflowmax150', 'picto'=>'user'),
+ 'fk_user_recruiter' => array('type'=>'integer:User:user/class/user.class.php:1:(statut:=:1)', 'label'=>'ResponsibleOfRecruitement', 'enabled'=>'1', 'position'=>54, 'notnull'=>1, 'visible'=>1, 'foreignkey'=>'user.rowid', 'css'=>'maxwidth500', 'csslist'=>'tdoverflowmax150', 'picto'=>'user'),
'email_recruiter' => array('type'=>'varchar(255)', 'label'=>'EmailRecruiter', 'enabled'=>'1', 'position'=>54, 'notnull'=>0, 'visible'=>-1, 'help'=>'ToUseAGenericEmail', 'picto'=>'email'),
- 'fk_user_supervisor' => array('type'=>'integer:User:user/class/user.class.php:t.statut = 1', 'label'=>'FutureManager', 'enabled'=>'1', 'position'=>55, 'notnull'=>0, 'visible'=>-1, 'foreignkey'=>'user.rowid', 'css'=>'maxwidth500', 'csslist'=>'tdoverflowmax150', 'picto'=>'user'),
+ 'fk_user_supervisor' => array('type'=>'integer:User:user/class/user.class.php:1:(statut:=:1)', 'label'=>'FutureManager', 'enabled'=>'1', 'position'=>55, 'notnull'=>0, 'visible'=>-1, 'foreignkey'=>'user.rowid', 'css'=>'maxwidth500', 'csslist'=>'tdoverflowmax150', 'picto'=>'user'),
'fk_establishment' => array('type'=>'integer:Establishment:hrm/class/establishment.class.php', 'label'=>'Establishment', 'enabled'=>'$conf->hrm->enabled', 'position'=>56, 'notnull'=>0, 'visible'=>-1, 'foreignkey'=>'establishment.rowid',),
- 'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'WorkPlace', 'enabled'=>'isModEnabled("societe")', 'position'=>57, 'notnull'=>-1, 'visible'=>-1, 'css'=>'maxwidth500', 'index'=>1, 'help'=>"IfJobIsLocatedAtAPartner", 'picto'=>'company'),
+ 'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:((status:=:1) AND (entity:IN:__SHARED_ENTITIES__))', 'label'=>'WorkPlace', 'enabled'=>'isModEnabled("societe")', 'position'=>57, 'notnull'=>-1, 'visible'=>-1, 'css'=>'maxwidth500', 'index'=>1, 'help'=>"IfJobIsLocatedAtAPartner", 'picto'=>'company'),
'date_planned' => array('type'=>'date', 'label'=>'DateExpected', 'enabled'=>'1', 'position'=>60, 'notnull'=>0, 'visible'=>1,),
'remuneration_suggested' => array('type'=>'varchar(255)', 'label'=>'Remuneration', 'enabled'=>'1', 'position'=>62, 'notnull'=>0, 'visible'=>1,),
'description' => array('type'=>'html', 'label'=>'Description', 'enabled'=>'1', 'position'=>65, 'notnull'=>0, 'visible'=>3,),
@@ -381,8 +381,6 @@ class RecruitmentJobPosition extends CommonObject
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
{
- global $conf;
-
dol_syslog(__METHOD__, LOG_DEBUG);
$records = array();
@@ -501,7 +499,7 @@ class RecruitmentJobPosition extends CommonObject
*/
public function validate($user, $notrigger = 0)
{
- global $conf, $langs;
+ global $conf;
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
@@ -1087,7 +1085,7 @@ class RecruitmentJobPosition extends CommonObject
*/
public function doScheduledJob()
{
- global $conf, $langs;
+ //global $conf, $langs;
//$conf->global->SYSLOG_FILE = 'DOL_DATA_ROOT/dolibarr_mydedicatedlofile.log';
diff --git a/htdocs/societe/class/api_contacts.class.php b/htdocs/societe/class/api_contacts.class.php
index 68bba46a3cb..88e9398f5fa 100644
--- a/htdocs/societe/class/api_contacts.class.php
+++ b/htdocs/societe/class/api_contacts.class.php
@@ -225,11 +225,10 @@ class Contacts extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
diff --git a/htdocs/societe/class/api_thirdparties.class.php b/htdocs/societe/class/api_thirdparties.class.php
index 1a1b3818848..8552f257fcc 100644
--- a/htdocs/societe/class/api_thirdparties.class.php
+++ b/htdocs/societe/class/api_thirdparties.class.php
@@ -204,11 +204,10 @@ class Thirdparties extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
diff --git a/htdocs/supplier_proposal/class/api_supplier_proposals.class.php b/htdocs/supplier_proposal/class/api_supplier_proposals.class.php
index 496d67df829..2a18ce0bfd2 100644
--- a/htdocs/supplier_proposal/class/api_supplier_proposals.class.php
+++ b/htdocs/supplier_proposal/class/api_supplier_proposals.class.php
@@ -140,11 +140,10 @@ class Supplierproposals extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
diff --git a/htdocs/ticket/class/api_tickets.class.php b/htdocs/ticket/class/api_tickets.class.php
index c2c34438177..8b53680ac95 100644
--- a/htdocs/ticket/class/api_tickets.class.php
+++ b/htdocs/ticket/class/api_tickets.class.php
@@ -247,11 +247,10 @@ class Tickets extends DolibarrApi
// Add sql filters
if ($sqlfilters) {
$errormessage = '';
- if (!DolibarrApi::_checkFilters($sqlfilters, $errormessage)) {
- throw new RestException(503, 'Error when validating parameter sqlfilters -> '.$errormessage);
+ $sql .= forgeSQLFromUniversalSearchCriteria($sqlfilters, $errormessage);
+ if ($errormessage) {
+ throw new RestException(400, 'Error when validating parameter sqlfilters -> '.$errormessage);
}
- $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
- $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $this->db->order($sortfield, $sortorder);
diff --git a/htdocs/user/card.php b/htdocs/user/card.php
index 04086a90304..4dda56557b4 100644
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -63,6 +63,9 @@ if (isModEnabled('stock')) {
require_once DOL_DOCUMENT_ROOT.'/product/class/html.formproduct.class.php';
}
+// Load translation files required by page
+$langs->loadLangs(array('users', 'companies', 'ldap', 'admin', 'hrm', 'stocks', 'other'));
+
$id = GETPOST('id', 'int');
$action = GETPOST('action', 'aZ09');
$mode = GETPOST('mode', 'alpha');
@@ -81,42 +84,8 @@ $datestartvalidity = dol_mktime(0, 0, 0, GETPOST('datestartvaliditymonth', 'int'
$dateendvalidity = dol_mktime(0, 0, 0, GETPOST('dateendvaliditymonth', 'int'), GETPOST('dateendvalidityday', 'int'), GETPOST('dateendvalidityyear', 'int'));
$dateofbirth = dol_mktime(0, 0, 0, GETPOST('dateofbirthmonth', 'int'), GETPOST('dateofbirthday', 'int'), GETPOST('dateofbirthyear', 'int'));
-// Define value to know what current user can do on users
-$canadduser = (!empty($user->admin) || $user->hasRight("user", "user", "write"));
-$canreaduser = (!empty($user->admin) || $user->hasRight("user", "user", "read"));
-$canedituser = (!empty($user->admin) || $user->hasRight("user", "user", "write"));
-$candisableuser = (!empty($user->admin) || $user->hasRight("user", "user", "delete"));
-$canreadgroup = $canreaduser;
-$caneditgroup = $canedituser;
-if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) {
- $canreadgroup = (!empty($user->admin) || $user->hasRight("user", "group_advance", "read"));
- $caneditgroup = (!empty($user->admin) || $user->hasRight("user", "group_advance", "write"));
-}
-
$childids = $user->getAllChildIds(1); // For later, test on salary visibility
-// Define value to know what current user can do on properties of edited user
-if ($id > 0) {
- // $user is the current logged user, $id is the user we want to edit
- $caneditfield = ((($user->id == $id) && $user->hasRight("user", "self", "write")) || (($user->id != $id) && $user->hasRight("user", "user", "write")));
- $caneditpassword = ((($user->id == $id) && $user->hasRight("user", "self", "password")) || (($user->id != $id) && $user->hasRight("user", "user", "password")));
-}
-
-// Security check
-$socid = 0;
-if ($user->socid > 0) {
- $socid = $user->socid;
-}
-$feature2 = 'user';
-$result = restrictedArea($user, 'user', $id, 'user', $feature2);
-
-if ($user->id != $id && !$canreaduser) {
- accessforbidden();
-}
-
-// Load translation files required by page
-$langs->loadLangs(array('users', 'companies', 'ldap', 'admin', 'hrm', 'stocks', 'other'));
-
$object = new User($db);
$extrafields = new ExtraFields($db);
@@ -133,6 +102,38 @@ $error = 0;
$acceptlocallinktomedia = (acceptLocalLinktoMedia() > 0 ? 1 : 0);
+// Security check
+$socid = 0;
+if ($user->socid > 0) {
+ $socid = $user->socid;
+}
+$feature2 = 'user';
+$result = restrictedArea($user, 'user', $id, 'user', $feature2);
+
+// Define value to know what current user can do on users
+$canadduser = (!empty($user->admin) || $user->hasRight("user", "user", "write"));
+$canreaduser = (!empty($user->admin) || $user->hasRight("user", "user", "read"));
+$canedituser = (!empty($user->admin) || $user->hasRight("user", "user", "write")); // edit other user
+$candisableuser = (!empty($user->admin) || $user->hasRight("user", "user", "delete"));
+$canreadgroup = $canreaduser;
+$caneditgroup = $canedituser;
+if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) {
+ $canreadgroup = (!empty($user->admin) || $user->hasRight("user", "group_advance", "read"));
+ $caneditgroup = (!empty($user->admin) || $user->hasRight("user", "group_advance", "write"));
+}
+
+if ($user->id != $id && !$canreaduser) {
+ accessforbidden();
+}
+
+// Define value to know what current user can do on properties of edited user
+if ($id > 0) {
+ // $user is the current logged user, $id is the user we want to edit
+ $canedituser = (($user->id == $id) && $user->hasRight("user", "self", "write")); // can edit myself
+ $caneditfield = ((($user->id == $id) && $user->hasRight("user", "self", "write")) || (($user->id != $id) && $user->hasRight("user", "user", "write")));
+ $caneditpassword = ((($user->id == $id) && $user->hasRight("user", "self", "password")) || (($user->id != $id) && $user->hasRight("user", "user", "password")));
+}
+
/**
* Actions
@@ -395,7 +396,7 @@ if (empty($reshook)) {
}
}
- if ($action == 'update' && !$cancel) {
+ if ($action == 'update' && $canedituser) {
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
if ($caneditfield) { // Case we can edit all field
@@ -435,8 +436,12 @@ if (empty($reshook)) {
$object->national_registration_number = GETPOST("national_registration_number", 'alphanohtml');
}
$object->gender = GETPOST("gender", 'aZ09');
- $object->pass = GETPOST("password", 'none'); // We can keep 'none' for password fields
- $object->api_key = (GETPOST("api_key", 'alphanohtml')) ? GETPOST("api_key", 'alphanohtml') : $object->api_key;
+ if ($caneditpassword) {
+ $object->pass = GETPOST("password", 'none'); // We can keep 'none' for password fields
+ }
+ if ($caneditpassword || $user->hasRight("api", "apikey", "generate")) {
+ $object->api_key = (GETPOST("api_key", 'alphanohtml')) ? GETPOST("api_key", 'alphanohtml') : $object->api_key;
+ }
if (!empty($user->admin)) { // admin flag can only be set/unset by an admin user. A test is also done later when forging sql request
$object->admin = GETPOST("admin", "int");
}
@@ -2096,7 +2101,7 @@ if ($action == 'create' || $action == 'adduserldap') {
print " |
\n";
}
} else {
- print '