From 86a48c89624a382f6a4181200eeef4c3ae5ac4ce Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 23 Nov 2011 21:43:25 +0100 Subject: [PATCH 01/12] Fix: change the last database prefix --- htdocs/adherents/card_subscriptions.php | 2 +- htdocs/admin/accounting.php | 2 +- htdocs/admin/boxes.php | 8 ++++---- htdocs/boutique/admin/boutique.php | 4 ++-- htdocs/compta/localtax/class/localtax.class.php | 2 +- .../class/paymentsocialcontribution.class.php | 2 +- htdocs/compta/stats/index.php | 2 +- htdocs/compta/tva/class/tva.class.php | 2 +- htdocs/core/class/html.formcompany.class.php | 2 +- htdocs/core/lib/admin.lib.php | 2 +- .../core/modules/mailings/framboise.modules.php | 13 ++++++++----- .../modules/mailings/thirdparties.modules.php | 13 ++++++++----- htdocs/install/etape5.php | 16 ++++++++-------- htdocs/product/stock/fiche.php | 2 +- htdocs/product/stock/mouvement.php | 2 +- htdocs/product/stock/product.php | 2 +- 16 files changed, 41 insertions(+), 35 deletions(-) diff --git a/htdocs/adherents/card_subscriptions.php b/htdocs/adherents/card_subscriptions.php index 6385aa43be1..69caf4eeb5f 100644 --- a/htdocs/adherents/card_subscriptions.php +++ b/htdocs/adherents/card_subscriptions.php @@ -403,7 +403,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'cotisation' && ! $ } // Update fk_bank for subscriptions - $sql = 'UPDATE llx_cotisation set fk_bank='.$bank_line_id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'cotisation SET fk_bank='.$bank_line_id; $sql.= ' WHERE rowid='.$crowid; dol_syslog('sql='.$sql); $result = $db->query($sql); diff --git a/htdocs/admin/accounting.php b/htdocs/admin/accounting.php index 18a14a755fe..5fdfc965143 100644 --- a/htdocs/admin/accounting.php +++ b/htdocs/admin/accounting.php @@ -101,7 +101,7 @@ print "
\n"; // Cas des autres param�tres COMPTA_* /* $sql ="SELECT rowid, name, value, type, note"; -$sql.=" FROM llx_const"; +$sql.=" FROM ".MAIN_DB_PREFIX."const"; $sql.=" WHERE name like 'COMPTA_%' and name not in ('COMPTA_MODE')"; $result = $db->query($sql); if ($result) diff --git a/htdocs/admin/boxes.php b/htdocs/admin/boxes.php index 106b6e4841c..1836de2c76b 100644 --- a/htdocs/admin/boxes.php +++ b/htdocs/admin/boxes.php @@ -217,13 +217,13 @@ if ($resql) if (preg_match("/[13579]{1}/",substr($record['box_order'],-1))) { $box_order = "A0".$record['box_order']; - $sql="update llx_boxes set box_order = '".$box_order."' where box_order = ".$record['box_order']; + $sql="UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$box_order."' WHERE box_order = ".$record['box_order']; $resql = $db->query($sql); } else if (preg_match("/[02468]{1}/",substr($record['box_order'],-1))) { $box_order = "B0".$record['box_order']; - $sql="update llx_boxes set box_order = '".$box_order."' where box_order = ".$record['box_order']; + $sql="UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$box_order."' WHERE box_order = ".$record['box_order']; $resql = $db->query($sql); } } @@ -232,13 +232,13 @@ if ($resql) if (preg_match("/[13579]{1}/",substr($record['box_order'],-1))) { $box_order = "A".$record['box_order']; - $sql="update llx_boxes set box_order = '".$box_order."' where box_order = ".$record['box_order']; + $sql="UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$box_order."' WHERE box_order = ".$record['box_order']; $resql = $db->query($sql); } else if (preg_match("/[02468]{1}/",substr($record['box_order'],-1))) { $box_order = "B".$record['box_order']; - $sql="update llx_boxes set box_order = '".$box_order."' where box_order = ".$record['box_order']; + $sql="UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$box_order."' WHERE box_order = ".$record['box_order']; $resql = $db->query($sql); } } diff --git a/htdocs/boutique/admin/boutique.php b/htdocs/boutique/admin/boutique.php index ce5e070b402..664a7041480 100644 --- a/htdocs/boutique/admin/boutique.php +++ b/htdocs/boutique/admin/boutique.php @@ -66,7 +66,7 @@ if ($_POST["save"]) } elseif ($_POST["test"]) { - //$resql=$db->query("select count(*) from llx_const"); + //$resql=$db->query("select count(*) from ".MAIN_DB_PREFIX."const"); //print "< ".$db." - ".$db->db." - ".$resql." - ".$db->error().">
\n"; // Test de la connexion a la database webcalendar @@ -111,7 +111,7 @@ elseif ($_POST["test"]) $mesg.=""; } - //$resql=$db->query("select count(*) from llx_const"); + //$resql=$db->query("select count(*) from ".MAIN_DB_PREFIX."const"); //print "< ".$db." - ".$db->db." - ".$resql." - ".$db->error().">
\n"; } diff --git a/htdocs/compta/localtax/class/localtax.class.php b/htdocs/compta/localtax/class/localtax.class.php index b6ac1e02af9..4e0c70f07fa 100644 --- a/htdocs/compta/localtax/class/localtax.class.php +++ b/htdocs/compta/localtax/class/localtax.class.php @@ -551,7 +551,7 @@ class localtax extends CommonObject */ function update_fk_bank($id) { - $sql = 'UPDATE llx_localtax set fk_bank = '.$id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'localtax SET fk_bank = '.$id; $sql.= ' WHERE rowid = '.$this->id; $result = $this->db->query($sql); if ($result) diff --git a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php index 9e8c08c8e03..f481755a6d4 100644 --- a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php +++ b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php @@ -552,7 +552,7 @@ class PaymentSocialContribution extends CommonObject */ function update_fk_bank($id_bank) { - $sql = "UPDATE llx_paiementcharge set fk_bank = ".$id_bank." where rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."paiementcharge SET fk_bank = ".$id_bank." WHERE rowid = ".$this->id; dol_syslog(get_class($this)."::update_fk_bank sql=".$sql); $result = $this->db->query($sql); diff --git a/htdocs/compta/stats/index.php b/htdocs/compta/stats/index.php index ebbec0f43af..420acbb93a2 100644 --- a/htdocs/compta/stats/index.php +++ b/htdocs/compta/stats/index.php @@ -451,7 +451,7 @@ print ""; En attendant correction. $sql = "SELECT sum(f.total) as tot_fht,sum(f.total_ttc) as tot_fttc, p.rowid, p.ref, s.nom, s.rowid as socid, p.total_ht, p.total_ttc - FROM ".MAIN_DB_PREFIX."commande AS p, llx_societe AS s + FROM ".MAIN_DB_PREFIX."commande AS p, ".MAIN_DB_PREFIX."societe AS s LEFT JOIN ".MAIN_DB_PREFIX."co_fa AS co_fa ON co_fa.fk_commande = p.rowid LEFT JOIN ".MAIN_DB_PREFIX."facture AS f ON co_fa.fk_facture = f.rowid WHERE p.fk_soc = s.rowid diff --git a/htdocs/compta/tva/class/tva.class.php b/htdocs/compta/tva/class/tva.class.php index 13bd7a5d0f4..98b494120a2 100644 --- a/htdocs/compta/tva/class/tva.class.php +++ b/htdocs/compta/tva/class/tva.class.php @@ -579,7 +579,7 @@ class Tva extends CommonObject */ function update_fk_bank($id_bank) { - $sql = 'UPDATE llx_tva set fk_bank = '.$id_bank; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'tva SET fk_bank = '.$id_bank; $sql.= ' WHERE rowid = '.$this->id; $result = $this->db->query($sql); if ($result) diff --git a/htdocs/core/class/html.formcompany.class.php b/htdocs/core/class/html.formcompany.class.php index f878dee86c3..41e570591a7 100644 --- a/htdocs/core/class/html.formcompany.class.php +++ b/htdocs/core/class/html.formcompany.class.php @@ -420,7 +420,7 @@ class FormCompany // On recherche les formes juridiques actives des pays actifs $sql = "SELECT f.rowid, f.code as code , f.libelle as nom, f.active, p.libelle as libelle_pays, p.code as code_pays"; - $sql .= " FROM llx_c_forme_juridique as f, llx_c_pays as p"; + $sql .= " FROM ".MAIN_DB_PREFIX."c_forme_juridique as f, ".MAIN_DB_PREFIX."c_pays as p"; $sql .= " WHERE f.fk_pays=p.rowid"; $sql .= " AND f.active = 1 AND p.active = 1"; if ($pays_code) $sql .= " AND p.code = '".$pays_code."'"; diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php index 949df2d1e7b..b79072b0ada 100644 --- a/htdocs/core/lib/admin.lib.php +++ b/htdocs/core/lib/admin.lib.php @@ -448,7 +448,7 @@ function dolibarr_set_const($db, $name, $value, $type='chaine', $visible=0, $not if (strcmp($value,'')) // true if different. Must work for $value='0' or $value=0 { - $sql = "INSERT INTO llx_const(name,value,type,visible,note,entity)"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity)"; $sql.= " VALUES ("; $sql.= $db->encrypt($name,1); $sql.= ", ".$db->encrypt($value,1); diff --git a/htdocs/core/modules/mailings/framboise.modules.php b/htdocs/core/modules/mailings/framboise.modules.php index 6d689d7b081..3cc151abdda 100644 --- a/htdocs/core/modules/mailings/framboise.modules.php +++ b/htdocs/core/modules/mailings/framboise.modules.php @@ -63,14 +63,17 @@ class mailing_framboise extends MailingTargets // CHANGE THIS // Select the members from category $sql = "SELECT s.rowid as id, s.email as email, s.nom as name, null as fk_contact, null as firstname,"; - if ($_POST['filter']) $sql.= " llx_categorie.label as label"; + if ($_POST['filter']) $sql.= " c.label"; else $sql.=" null as label"; - $sql.= " FROM llx_adherent as s"; - if ($_POST['filter']) $sql.= " LEFT JOIN llx_categorie_member ON llx_categorie_member.fk_member=s.rowid"; - if ($_POST['filter']) $sql.= " LEFT JOIN llx_categorie ON llx_categorie.rowid = llx_categorie_member.fk_categorie"; + $sql.= " FROM ".MAIN_DB_PREFIX."adherent as s"; + if ($_POST['filter']) + { + $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_member as cm ON cm.fk_member = s.rowid"; + $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie as c ON c.rowid = cm.fk_categorie"; + } $sql.= " WHERE s.email != ''"; $sql.= " AND s.entity = ".$conf->entity; - if ($_POST['filter']) $sql.= " AND llx_categorie.rowid='".$_POST['filter']."'"; + if ($_POST['filter']) $sql.= " AND ".MAIN_DB_PREFIX."categorie.rowid='".$_POST['filter']."'"; $sql.= " ORDER BY s.email"; // Stocke destinataires dans cibles diff --git a/htdocs/core/modules/mailings/thirdparties.modules.php b/htdocs/core/modules/mailings/thirdparties.modules.php index afa6f987d35..b3d62e8fdbe 100755 --- a/htdocs/core/modules/mailings/thirdparties.modules.php +++ b/htdocs/core/modules/mailings/thirdparties.modules.php @@ -63,14 +63,17 @@ class mailing_thirdparties extends MailingTargets // CHANGE THIS // Select the third parties from category $sql = "SELECT s.rowid as id, s.email as email, s.nom as name, null as fk_contact, null as firstname,"; - if ($_POST['filter']) $sql.= " llx_categorie.label as label"; + if ($_POST['filter']) $sql.= " c.label"; else $sql.=" null as label"; - $sql.= " FROM llx_societe as s"; - if ($_POST['filter']) $sql.= " LEFT JOIN llx_categorie_societe ON llx_categorie_societe.fk_societe=s.rowid"; - if ($_POST['filter']) $sql.= " LEFT JOIN llx_categorie ON llx_categorie.rowid = llx_categorie_societe.fk_categorie"; + $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; + if ($_POST['filter']) + { + $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_societe as cs ON cs.fk_societe = s.rowid"; + $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie as c ON c.rowid = cs.fk_categorie"; + } $sql.= " WHERE s.email != ''"; $sql.= " AND s.entity = ".$conf->entity; - if ($_POST['filter']) $sql.= " AND llx_categorie.rowid='".$_POST['filter']."'"; + if ($_POST['filter']) $sql.= " AND c.rowid='".$_POST['filter']."'"; $sql.= " ORDER BY s.email"; // Stocke destinataires dans cibles diff --git a/htdocs/install/etape5.php b/htdocs/install/etape5.php index 2f49092703b..89859bff6ea 100644 --- a/htdocs/install/etape5.php +++ b/htdocs/install/etape5.php @@ -197,18 +197,18 @@ if ($action == "set" || preg_match('/upgrade/i',$action)) $db->begin(); dolibarr_install_syslog('install/etape5.php set MAIN_VERSION_LAST_INSTALL const to '.$targetversion, LOG_DEBUG); - $resql=$db->query("DELETE FROM llx_const WHERE ".$db->decrypt('name')."='MAIN_VERSION_LAST_INSTALL'"); + $resql=$db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')."='MAIN_VERSION_LAST_INSTALL'"); if (! $resql) dol_print_error($db,'Error in setup program'); - $resql=$db->query("INSERT INTO llx_const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_VERSION_LAST_INSTALL',1).",".$db->encrypt($targetversion,1).",'chaine',0,'Dolibarr version when install',0)"); + $resql=$db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_VERSION_LAST_INSTALL',1).",".$db->encrypt($targetversion,1).",'chaine',0,'Dolibarr version when install',0)"); if (! $resql) dol_print_error($db,'Error in setup program'); $conf->global->MAIN_VERSION_LAST_INSTALL=$targetversion; if ($useforcedwizard) { dolibarr_install_syslog('install/etape5.php set MAIN_REMOVE_INSTALL_WARNING const to 1', LOG_DEBUG); - $resql=$db->query("DELETE FROM llx_const WHERE ".$db->decrypt('name')."='MAIN_REMOVE_INSTALL_WARNING'"); + $resql=$db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')."='MAIN_REMOVE_INSTALL_WARNING'"); if (! $resql) dol_print_error($db,'Error in setup program'); - $resql=$db->query("INSERT INTO llx_const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_REMOVE_INSTALL_WARNING',1).",".$db->encrypt(1,1).",'chaine',1,'Disable install warnings',0)"); + $resql=$db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_REMOVE_INSTALL_WARNING',1).",".$db->encrypt(1,1).",'chaine',1,'Disable install warnings',0)"); if (! $resql) dol_print_error($db,'Error in setup program'); $conf->global->MAIN_REMOVE_INSTALL_WARNING=1; } @@ -235,7 +235,7 @@ if ($action == "set" || preg_match('/upgrade/i',$action)) } dolibarr_install_syslog('install/etape5.php Remove MAIN_NOT_INSTALLED const', LOG_DEBUG); - $resql=$db->query("DELETE FROM llx_const WHERE ".$db->decrypt('name')."='MAIN_NOT_INSTALLED'"); + $resql=$db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')."='MAIN_NOT_INSTALLED'"); if (! $resql) dol_print_error($db,'Error in setup program'); $db->commit(); @@ -266,9 +266,9 @@ if ($action == "set" || preg_match('/upgrade/i',$action)) if ($tagdatabase) { dolibarr_install_syslog('install/etape5.php set MAIN_VERSION_LAST_UPGRADE const to value '.$targetversion, LOG_DEBUG); - $resql=$db->query("DELETE FROM llx_const WHERE ".$db->decrypt('name')."='MAIN_VERSION_LAST_UPGRADE'"); + $resql=$db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')."='MAIN_VERSION_LAST_UPGRADE'"); if (! $resql) dol_print_error($db,'Error in setup program'); - $resql=$db->query("INSERT INTO llx_const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_VERSION_LAST_UPGRADE',1).",".$db->encrypt($targetversion,1).",'chaine',0,'Dolibarr version for last upgrade',0)"); + $resql=$db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) VALUES (".$db->encrypt('MAIN_VERSION_LAST_UPGRADE',1).",".$db->encrypt($targetversion,1).",'chaine',0,'Dolibarr version for last upgrade',0)"); if (! $resql) dol_print_error($db,'Error in setup program'); $conf->global->MAIN_VERSION_LAST_UPGRADE=$targetversion; } @@ -288,7 +288,7 @@ if ($action == "set" || preg_match('/upgrade/i',$action)) } // May fail if parameter already defined - $resql=$db->query("INSERT INTO llx_const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_LANG_DEFAULT',1).",".$db->encrypt($setuplang,1).",'chaine',0,'Default language',1)"); + $resql=$db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) VALUES (".$db->encrypt('MAIN_LANG_DEFAULT',1).",".$db->encrypt($setuplang,1).",'chaine',0,'Default language',1)"); //if (! $resql) dol_print_error($db,'Error in setup program'); print ''; diff --git a/htdocs/product/stock/fiche.php b/htdocs/product/stock/fiche.php index f8043f306d8..20ef429d4c8 100644 --- a/htdocs/product/stock/fiche.php +++ b/htdocs/product/stock/fiche.php @@ -292,7 +292,7 @@ else // Last movement $sql = "SELECT max(m.datem) as datem"; - $sql .= " FROM llx_stock_mouvement as m"; + $sql .= " FROM ".MAIN_DB_PREFIX."stock_mouvement as m"; $sql .= " WHERE m.fk_entrepot = '".$object->id."'"; $resqlbis = $db->query($sql); if ($resqlbis) diff --git a/htdocs/product/stock/mouvement.php b/htdocs/product/stock/mouvement.php index fdfc8a86f66..8eb06a963d5 100644 --- a/htdocs/product/stock/mouvement.php +++ b/htdocs/product/stock/mouvement.php @@ -208,7 +208,7 @@ if ($resql) // Last movement $sql = "SELECT max(m.datem) as datem"; - $sql .= " FROM llx_stock_mouvement as m"; + $sql .= " FROM ".MAIN_DB_PREFIX."stock_mouvement as m"; $sql .= " WHERE m.fk_entrepot = '".$entrepot->id."'"; $resqlbis = $db->query($sql); if ($resqlbis) diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php index 873c27b1ff2..3f2e0bfb660 100644 --- a/htdocs/product/stock/product.php +++ b/htdocs/product/stock/product.php @@ -283,7 +283,7 @@ if ($_GET["id"] || $_GET["ref"]) // Last movement $sql = "SELECT max(m.datem) as datem"; - $sql.= " FROM llx_stock_mouvement as m"; + $sql.= " FROM ".MAIN_DB_PREFIX."stock_mouvement as m"; $sql.= " WHERE m.fk_product = '".$product->id."'"; $resqlbis = $db->query($sql); if ($resqlbis) From d82a254e030b1ee943bcf22c9c34e391bbebcc29 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 23 Nov 2011 23:09:57 +0100 Subject: [PATCH 02/12] New: add prefix field in install form and in conf.php --- htdocs/conf/conf.php.example | 8 ++++++++ htdocs/install/etape1.php | 17 ++++++++++++++--- htdocs/install/fileconf.php | 34 ++++++++++++++++++++++------------ 3 files changed, 44 insertions(+), 15 deletions(-) diff --git a/htdocs/conf/conf.php.example b/htdocs/conf/conf.php.example index ff1cce52ee7..26ed4bb8c92 100644 --- a/htdocs/conf/conf.php.example +++ b/htdocs/conf/conf.php.example @@ -96,6 +96,14 @@ $dolibarr_main_db_port=''; $dolibarr_main_db_name=''; +# dolibarr_main_db_prefix +# This parameter contains prefix of Dolibarr database. +# Examples: +# $dolibarr_main_db_prefix='llx_'; +# +$dolibarr_main_db_prefix=''; + + # dolibarr_main_db_user # This parameter contains user name used to read and write into # Dolibarr database. diff --git a/htdocs/install/etape1.php b/htdocs/install/etape1.php index f1da07fa947..fe3278fb81d 100644 --- a/htdocs/install/etape1.php +++ b/htdocs/install/etape1.php @@ -84,6 +84,11 @@ if (empty($_POST["db_name"])) print '
'.$langs->trans("ErrorFieldRequired",$langs->transnoentities("DatabaseName")).'
'; $error++; } +if (empty($_POST["db_prefix"])) +{ + print '
'.$langs->trans("ErrorFieldRequired",$langs->transnoentities("DatabasePrefix")).'
'; + $error++; +} if (empty($_POST["db_user"])) { print '
'.$langs->trans("ErrorFieldRequired",$langs->transnoentities("Login")).'
'; @@ -365,12 +370,15 @@ if (! $error && $db->connected && $action == "set") } } } + + // Table prefix + $main_db_prefix = ((GETPOST("db_prefix") && GETPOST("db_prefix") != '') ? GETPOST("db_prefix") : 'llx_'); // Force https - $main_force_https = ((GETPOST("main_force_https") && ( GETPOST("main_force_https") == "on" || GETPOST("main_force_https") == 1) ) ? '1' : '0'); + $main_force_https = ((GETPOST("main_force_https") && (GETPOST("main_force_https") == "on" || GETPOST("main_force_https") == 1)) ? '1' : '0'); // Use alternative directory - $main_use_alt_dir = ((GETPOST("main_use_alt_dir") && ( GETPOST("main_use_alt_dir") == "on" || GETPOST("main_use_alt_dir") == 1) ) ? '' : '#'); + $main_use_alt_dir = ((GETPOST("main_use_alt_dir") && (GETPOST("main_use_alt_dir") == "on" || GETPOST("main_use_alt_dir") == 1)) ? '' : '#'); // Alternative root directory name $main_alt_dir_name = ((GETPOST("main_alt_dir_name") && GETPOST("main_alt_dir_name") != '') ? GETPOST("main_alt_dir_name") : 'custom'); @@ -724,7 +732,7 @@ function write_master_file($masterfile,$main_dir) function write_conf_file($conffile) { global $conf,$langs; - global $_POST,$main_dir,$main_data_dir,$main_force_https,$main_use_alt_dir,$main_alt_dir_name; + global $_POST,$main_dir,$main_data_dir,$main_force_https,$main_use_alt_dir,$main_alt_dir_name,$main_db_prefix; global $dolibarr_main_url_root,$dolibarr_main_document_root,$dolibarr_main_data_root,$dolibarr_main_db_host; global $dolibarr_main_db_port,$dolibarr_main_db_name,$dolibarr_main_db_user,$dolibarr_main_db_pass; global $dolibarr_main_db_type,$dolibarr_main_db_character_set,$dolibarr_main_db_collation,$dolibarr_main_authentication; @@ -777,6 +785,9 @@ function write_conf_file($conffile) fputs($fp, '$dolibarr_main_db_name=\''.addslashes($_POST["db_name"]).'\';'); fputs($fp,"\n"); + + fputs($fp, '$dolibarr_main_db_prefix=\''.addslashes($main_db_prefix).'\';'); + fputs($fp,"\n"); fputs($fp, '$dolibarr_main_db_user=\''.addslashes($_POST["db_user"]).'\';'); fputs($fp,"\n"); diff --git a/htdocs/install/fileconf.php b/htdocs/install/fileconf.php index 9c5e21fbf3e..b32d0e54a0a 100644 --- a/htdocs/install/fileconf.php +++ b/htdocs/install/fileconf.php @@ -40,16 +40,17 @@ $langs->load("errors"); // install.forced.php into directory htdocs/install (This is the case with some wizard // installer like DoliWamp, DoliMamp or DoliBuntu). // We first init "forced values" to nothing. -if (! isset($force_install_noedit)) $force_install_noedit=''; -if (! isset($force_install_type)) $force_install_type=''; -if (! isset($force_install_dbserver)) $force_install_dbserver=''; -if (! isset($force_install_port)) $force_install_port=''; -if (! isset($force_install_database)) $force_install_database=''; -if (! isset($force_install_createdatabase)) $force_install_createdatabase=''; -if (! isset($force_install_databaselogin)) $force_install_databaselogin=''; -if (! isset($force_install_databasepass)) $force_install_databasepass=''; -if (! isset($force_install_databaserootlogin)) $force_install_databaserootlogin=''; -if (! isset($force_install_databaserootpass)) $force_install_databaserootpass=''; +if (! isset($force_install_noedit)) $force_install_noedit=''; +if (! isset($force_install_type)) $force_install_type=''; +if (! isset($force_install_dbserver)) $force_install_dbserver=''; +if (! isset($force_install_port)) $force_install_port=''; +if (! isset($force_install_database)) $force_install_database=''; +if (! isset($force_install_prefix)) $force_install_prefix=''; +if (! isset($force_install_createdatabase)) $force_install_createdatabase=''; +if (! isset($force_install_databaselogin)) $force_install_databaselogin=''; +if (! isset($force_install_databasepass)) $force_install_databasepass=''; +if (! isset($force_install_databaserootlogin)) $force_install_databaserootlogin=''; +if (! isset($force_install_databaserootpass)) $force_install_databaserootpass=''; // Now we load forced value from install.forced.php file. $useforcedwizard=false; if (file_exists("./install.forced.php")) { $useforcedwizard=true; include_once("./install.forced.php"); } @@ -80,8 +81,7 @@ if (! empty($force_install_message)) } ?> - +
+ + + + + + +
@@ -348,6 +348,16 @@ if (! empty($force_install_message)) value=""> trans("DatabaseName"); ?>
trans("DatabasePrefix"); ?> + trans("DatabasePrefix"); ?>
trans("CreateDatabase"); ?> From 89b521ccfef6cae078f6c52b40860445464c9c91 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Thu, 24 Nov 2011 07:38:34 +0100 Subject: [PATCH 03/12] Fix: W3C --- htdocs/install/fileconf.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/install/fileconf.php b/htdocs/install/fileconf.php index b32d0e54a0a..4b2caef19dd 100644 --- a/htdocs/install/fileconf.php +++ b/htdocs/install/fileconf.php @@ -81,7 +81,7 @@ if (! empty($force_install_message)) } ?> - +
"; $requestnb++; if ($conf->file->character_set_client == "UTF-8") @@ -538,6 +550,12 @@ if ($action == "set") // We loop on each requests foreach($arrayofrequests as $buffer) { + // Replace the prefix tables + if ($dolibarr_main_db_prefix != 'llx_') + { + $buffer=preg_replace('/llx_/i',$dolibarr_main_db_prefix,$buffer); + } + //dolibarr_install_syslog("Request: ".$buffer,LOG_DEBUG); $resql=$db->query($buffer); if ($resql) From 919523f2e2f67f87a53108c054beb61a2dc76409 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Thu, 24 Nov 2011 08:23:16 +0100 Subject: [PATCH 05/12] Change default prefix if needed --- htdocs/core/lib/admin.lib.php | 6 ++++++ htdocs/core/modules/DolibarrModules.class.php | 2 +- htdocs/install/etape2.php | 18 ++++++++++++++++++ 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php index b79072b0ada..c8bf01a17c9 100644 --- a/htdocs/core/lib/admin.lib.php +++ b/htdocs/core/lib/admin.lib.php @@ -220,6 +220,12 @@ function run_sql($sqlfile,$silent=1,$entity='',$usesavepoint=1,$handler='') { if ($sql) { + // Replace the prefix tables + if (MAIN_DB_PREFIX != 'llx_') + { + $sql=preg_replace('/llx_/i',MAIN_DB_PREFIX,$sql); + } + if (!empty($handler)) $sql=preg_replace('/__HANDLER__/i',"'".$handler."'",$sql); $newsql=preg_replace('/__ENTITY__/i',(!empty($entity)?$entity:$conf->entity),$sql); diff --git a/htdocs/core/modules/DolibarrModules.class.php b/htdocs/core/modules/DolibarrModules.class.php index 463ae3c172f..59673f7971c 100644 --- a/htdocs/core/modules/DolibarrModules.class.php +++ b/htdocs/core/modules/DolibarrModules.class.php @@ -408,7 +408,7 @@ abstract class DolibarrModules $sql = "DELETE FROM ".MAIN_DB_PREFIX."dolibarr_modules"; $sql.= " WHERE numero = ".$this->numero; - $sql.= " AND entity in (0, ".$conf->entity.")"; + $sql.= " AND entity IN (0, ".$conf->entity.")"; dol_syslog(get_class($this)."::_dbunactive sql=".$sql, LOG_DEBUG); $this->db->query($sql); diff --git a/htdocs/install/etape2.php b/htdocs/install/etape2.php index 865989f9e61..8f81e55614c 100644 --- a/htdocs/install/etape2.php +++ b/htdocs/install/etape2.php @@ -188,6 +188,12 @@ if ($action == "set") { $buffer=preg_replace('/type=innodb/i','ENGINE=innodb',$buffer); } + + // Replace the prefix tables + if ($dolibarr_main_db_prefix != 'llx_') + { + $buffer=preg_replace('/llx_/i',$dolibarr_main_db_prefix,$buffer); + } //print ""; $requestnb++; if ($conf->file->character_set_client == "UTF-8") @@ -538,6 +550,12 @@ if ($action == "set") // We loop on each requests foreach($arrayofrequests as $buffer) { + // Replace the prefix tables + if ($dolibarr_main_db_prefix != 'llx_') + { + $buffer=preg_replace('/llx_/i',$dolibarr_main_db_prefix,$buffer); + } + //dolibarr_install_syslog("Request: ".$buffer,LOG_DEBUG); $resql=$db->query($buffer); if ($resql) From 6073705dde343b726e6727392534149b50ef9511 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Thu, 24 Nov 2011 08:58:52 +0100 Subject: [PATCH 06/12] Fix: check prefix validity --- htdocs/install/etape1.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/htdocs/install/etape1.php b/htdocs/install/etape1.php index fe3278fb81d..ebfea90aa06 100644 --- a/htdocs/install/etape1.php +++ b/htdocs/install/etape1.php @@ -84,11 +84,6 @@ if (empty($_POST["db_name"])) print '
'.$langs->trans("ErrorFieldRequired",$langs->transnoentities("DatabaseName")).'
'; $error++; } -if (empty($_POST["db_prefix"])) -{ - print '
'.$langs->trans("ErrorFieldRequired",$langs->transnoentities("DatabasePrefix")).'
'; - $error++; -} if (empty($_POST["db_user"])) { print '
'.$langs->trans("ErrorFieldRequired",$langs->transnoentities("Login")).'
'; @@ -99,6 +94,11 @@ if (! empty($_POST["db_port"]) && ! is_numeric($_POST["db_port"])) print '
'.$langs->trans("ErrorBadValueForParameter",$_POST["db_port"],$langs->transnoentities("Port")).'
'; $error++; } +if (! empty($_POST["db_prefix"]) && ! preg_match('/^[a-z0-9]+_$/i', $_POST["db_prefix"])) +{ + print '
'.$langs->trans("ErrorBadValueForParameter",$_POST["db_prefix"],$langs->transnoentities("DatabasePrefix")).'
'; + $error++; +} // Remove last / into dans main_dir From be0ed900bc0156aeac6bf135cc3d90415b21e059 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Thu, 24 Nov 2011 09:16:21 +0100 Subject: [PATCH 07/12] Fix: translation --- .../compta/sociales/class/paymentsocialcontribution.class.php | 2 +- htdocs/install/etape1.php | 1 + htdocs/langs/en_US/install.lang | 1 + htdocs/langs/fr_FR/install.lang | 1 + 4 files changed, 4 insertions(+), 1 deletion(-) diff --git a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php index f481755a6d4..ab3dc275892 100644 --- a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php +++ b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php @@ -78,7 +78,7 @@ class PaymentSocialContribution extends CommonObject // Validate parametres if (! $this->datepaye) { - $this->error='ErrorBadValueForParameters'; + $this->error='ErrorBadValueForParameter'; return -1; } diff --git a/htdocs/install/etape1.php b/htdocs/install/etape1.php index ebfea90aa06..f10362dff79 100644 --- a/htdocs/install/etape1.php +++ b/htdocs/install/etape1.php @@ -35,6 +35,7 @@ $langs->setDefaultLang($setuplang); $langs->load("admin"); $langs->load("install"); +$langs->load("errors"); // Recuparation des information de connexion $userroot=isset($_POST["db_user_root"])?$_POST["db_user_root"]:""; diff --git a/htdocs/langs/en_US/install.lang b/htdocs/langs/en_US/install.lang index 437e11c0faa..700f4750687 100644 --- a/htdocs/langs/en_US/install.lang +++ b/htdocs/langs/en_US/install.lang @@ -51,6 +51,7 @@ ServerAddressDescription=Name or ip address for database server, usually 'localh ServerPortDescription=Database server port. Keep empty if unknown. DatabaseServer=Database server DatabaseName=Database name +DatabasePrefix=Database prefix table Login=Login AdminLogin=Login for Dolibarr database owner. Password=Password diff --git a/htdocs/langs/fr_FR/install.lang b/htdocs/langs/fr_FR/install.lang index 83619fd68aa..55872123ef4 100644 --- a/htdocs/langs/fr_FR/install.lang +++ b/htdocs/langs/fr_FR/install.lang @@ -51,6 +51,7 @@ ServerAddressDescription=Nom ou adresse ip du serveur de base de données, gén ServerPortDescription=Port du serveur. Ne rien mettre si inconnu. DatabaseServer=Serveur de la base de données DatabaseName=Nom de la base de données +DatabasePrefix=Préfixe des tables Login=Login AdminLogin=Login du propriétaire de la base de données Dolibarr. Password=Mot de passe From 6476a6e8bbf95c66c87dbe31c2da44c7e6199b9a Mon Sep 17 00:00:00 2001 From: Juanjo Menent Date: Thu, 24 Nov 2011 17:04:24 +0100 Subject: [PATCH 08/12] Trad: Add ca_ES and es_ES translations --- htdocs/langs/ca_ES/bills.lang | 4 +++- htdocs/langs/ca_ES/boxes.lang | 10 ++++---- htdocs/langs/ca_ES/contracts.lang | 3 ++- htdocs/langs/ca_ES/errors.lang | 15 ++++++------ htdocs/langs/ca_ES/install.lang | 38 ++++++++++++++++--------------- htdocs/langs/es_ES/bills.lang | 4 +++- htdocs/langs/es_ES/boxes.lang | 12 ++++++---- htdocs/langs/es_ES/contracts.lang | 5 ++-- htdocs/langs/es_ES/errors.lang | 9 ++++---- htdocs/langs/es_ES/install.lang | 32 ++++++++++++++------------ 10 files changed, 72 insertions(+), 60 deletions(-) diff --git a/htdocs/langs/ca_ES/bills.lang b/htdocs/langs/ca_ES/bills.lang index 0bed48fefee..0c2333182d3 100644 --- a/htdocs/langs/ca_ES/bills.lang +++ b/htdocs/langs/ca_ES/bills.lang @@ -231,6 +231,7 @@ ReductionsShort=Dto. Discount=Descompte Discounts=Descomptes ShowDiscount=Veure el abonament +ShowReduc=Visualitzar la deducció RelativeDiscount=Descompte relatiu GlobalDiscount=Descompte fixe CreditNote=Abonament @@ -342,6 +343,7 @@ LawApplicationPart2=les mercaderies romanen en propietat de LawApplicationPart3=venedor fins al cobrament de LawApplicationPart4=els seus preus LimitedLiabilityCompanyCapital=SRL amb capital de +UseLine=Aplicar UseDiscount=Aplicar descompte UseCredit=Utilitzar crèdit UseCreditNoteInInvoicePayment=Reduir el pagament amb aquest crèdit @@ -384,4 +386,4 @@ PDFCrabeDescription=Model de factura complet (model recomanat per defecte) # oursin PDF Model PDFOursinDescription=Model de factura complet (model alternatiu) # NumRef Modules -TerreNumRefModelDesc1=Retorna el nombre sota el format %syymm-nnnn per a les factures i %syymm-nnnn per als abonaments on yy és l'any, mm. el mes i nnnn un comptador seqüencial sense ruptura i sense permanència a 0 +TerreNumRefModelDesc1=Retorna el nombre sota el format %syymm-nnnn per a les factures i %syymm-nnnn per als abonaments on yy és l'any, mm. el mes i nnnn un comptador seqüencial sense ruptura i sense permanència a 0 \ No newline at end of file diff --git a/htdocs/langs/ca_ES/boxes.lang b/htdocs/langs/ca_ES/boxes.lang index 5c1e38c97b7..f87373490c4 100644 --- a/htdocs/langs/ca_ES/boxes.lang +++ b/htdocs/langs/ca_ES/boxes.lang @@ -46,16 +46,18 @@ BoxTitleTotalUnpaidSuppliersBills=Pendent a proveïdors BoxTitleLastModifiedContacts=Els últims %s contactes/adreçes modificades BoxTitleLastModifiedMembers=Els %s últims membres modificats BoxMyLastBookmarks=Els meus %s darrers marcadors +BoxOldestExpiredServices=Serveis antics expirats +BoxLastExpiredServices=Els %s contractes més antics amb serveis actius expirats +BoxTitleLastActionsToDo=Les %s últims esdeveniments a realitzar +BoxTitleLastContracts=Els %s últims contractes +BoxTitleLastModifiedDonations=Les %s últimes subvencions modificades +BoxTitleLastModifiedExpenses=Els %s últims honoraris modificats FailedToRefreshDataInfoNotUpToDate=Error en el refresc del flux RSS. Data de l'últim refresc :%s LastRefreshDate=Data darrera actualització NoRecordedBookmarks=No hi ha marcadors personals. ClickToAdd=Haga feu clic aquí per afegir. NoRecordedCustomers=Cap client registrat NoRecordedContacts=Cap contacte registrat -BoxTitleLastActionsToDo=Les %s últims esdeveniments a realitzar -BoxTitleLastContracts=Els %s últims contractes -BoxTitleLastModifiedDonations=Les %s últimes subvencions modificades -BoxTitleLastModifiedExpenses=Els %s últims honoraris modificats NoActionsToDo=Sense esdeveniments a realitzar NoRecordedOrders=Sense comandes de clients registrats NoRecordedProposals=Sense pressupostos registrats diff --git a/htdocs/langs/ca_ES/contracts.lang b/htdocs/langs/ca_ES/contracts.lang index bfd921fc256..fdfb72003a4 100644 --- a/htdocs/langs/ca_ES/contracts.lang +++ b/htdocs/langs/ca_ES/contracts.lang @@ -1,4 +1,4 @@ -# Dolibarr language file - ca_ES - contracts +# Dolibarr language file - ca_ES - contracts CHARSET=UTF-8 ContractsArea=Àrea contractes ListOfContracts=Llistat de contractes @@ -84,6 +84,7 @@ ConfirmMoveToAnotherContractQuestion=Escolliu qualsevol altre contracte del mate PaymentRenewContractId=Renovació servei (número %s) ExpiredSince=Expirat des del RelatedContracts=Contractes associats +NoExpiredServices=Sense serveis actius expirats ##### Types de contacts ##### TypeContact_contrat_internal_SALESREPSIGN=Comercial signant del contracte TypeContact_contrat_internal_SALESREPFOLL=Comercial seguiment del contracte diff --git a/htdocs/langs/ca_ES/errors.lang b/htdocs/langs/ca_ES/errors.lang index 08be00bafa6..dd2057d7bd2 100644 --- a/htdocs/langs/ca_ES/errors.lang +++ b/htdocs/langs/ca_ES/errors.lang @@ -1,8 +1,7 @@ -# Dolibarr language file - ca_ES - errors +# Dolibarr language file - ca_ES - errors CHARSET=UTF-8 MenuManager=Gestor de menú - -# Errors +# Errors=undefined= Error=Error Errors=Errors ErrorBadEMail=e-mail %s incorrecte @@ -71,7 +70,7 @@ ErrorFileIsInfectedWithAVirus=L'antivirus no ha pogut validar aquest arxiu (és ErrorSpecialCharNotAllowedForField=Els caràcters especials no són admesos pel camp "%s" ErrorDatabaseParameterWrong=El paràmetre de configuració de la base de dades '%s' té un valor no compatible per una instal lació de Dolibarr (ha de tenir el valor '%s'). ErrorNumRefModel=Hi ha una referència a la base de dades (%s) i és incompatible amb aquesta numeració. Elimineu la línia o renomeneu la referència per activar aquest mòdul. -ErrorQtyTooLowForThisSupplier= Quantitat insuficient per aquest proveïdor +ErrorQtyTooLowForThisSupplier=Quantitat insuficient per aquest proveïdor ErrorModuleSetupNotComplete=La configuració del mòdul sembla incompleta. Aneu al àrea Configuració - Mòduls per corregir ErrorBadMask=Error en la màscara ErrorBadMaskFailedToLocatePosOfSequence=Error, sense número de seqüència en la màscara @@ -98,15 +97,15 @@ ErrorFailedToChangePassword=Error en la modificació de la contrasenya ErrorLoginDoesNotExists=El compte d'usuari de %s no s'ha trobat. ErrorLoginHasNoEmail=Aquest usuari no té e-mail. Impossible continuar. ErrorBadValueForCode=Valor no vàlid per al codi. Torneu a intentar-ho amb un nou valor ... - +ErrorBothFieldCantBeNegative=Els camps %s i %s no poden ser negatius # Warnings -WarningNoDocumentModelActivated=No hi ha cap model per a la generació del document activat. Es prendrà un model per defecte fins que es configuri el mòdul. -WarningsOnXLines=Alertes a %s línies font -WarningConfFileMustBeReadOnly=Atenció, el seu fitxer (htdocs/conf/conf.php) és accessible en escriptura al servidor web. Això representa un error seriós de seguretat. Modifiqueu els permisos per ser llegit únicament pel compte que executa el servidor Web.Si està executant Windows en undisco amb format FAT, sigui conscient que aquest sistema d'arxius no protegeix els arxius i no ofereix cap solució per reduir els riscos de manipulació d'aquest fitxer. WarningSafeModeOnCheckExecDir=Atenció, està activada l'opció PHP safe_mode, la comanda ha d'estar dins d'un directori declarat dins del paràmetre php safe_mode_exec_dir. WarningAllowUrlFopenMustBeOn=El paràmetre allow_url_fopen ha de ser especificat a on a l'arxiu php.ini per disposar d'aquest mòdul completament actiu. Ha de modificar aquest arxiu manualment WarningBuildScriptNotRunned=L'script %s encara no ha executat la construcció de gràfics. WarningBookmarkAlreadyExists=Ja existeix un marcador amb aquest títol o aquest URL. WarningPassIsEmpty=Atenció: La contrasenya de la base de dades està buida. Això és un forat de seguretat. Cal afegir una contrasenya a la seva base de dades i canviar el seu arxiu conf.php per reflectir això. +WarningConfFileMustBeReadOnly=Atenció, el seu fitxer (htdocs/conf/conf.php) és accessible en escriptura al servidor web. Això representa un error seriós de seguretat. Modifiqueu els permisos per ser llegit únicament pel compte que executa el servidor Web.Si està executant Windows en undisco amb format FAT, sigui conscient que aquest sistema d'arxius no protegeix els arxius i no ofereix cap solució per reduir els riscos de manipulació d'aquest fitxer. +WarningsOnXLines=Alertes a %s línies font +WarningNoDocumentModelActivated=No hi ha cap model per a la generació del document activat. Es prendrà un model per defecte fins que es configuri el mòdul. WarningInstallDirExists=Atenció: La carpeta install (htdocs/install) encara existeix. Una vegada finalitzada la instal·lació la seva presència no és necessària, i representa un error seriós de seguretat. Hauríeu eliminar-la el més aviat possible. WarningUntilDirRemoved=Aquesta alerta seguirà activa mentre la carpeta existeixi (alerta visible per als usuaris admin solament). \ No newline at end of file diff --git a/htdocs/langs/ca_ES/install.lang b/htdocs/langs/ca_ES/install.lang index c3ac01b7081..1a6b3862337 100644 --- a/htdocs/langs/ca_ES/install.lang +++ b/htdocs/langs/ca_ES/install.lang @@ -1,4 +1,4 @@ -# Dolibarr language file - ca_ES - install +# Dolibarr language file - ca_ES - install CHARSET=UTF-8 InstallEasy=Hem procurat que la instal·lació sigui el més simple possible, vostè només ha de seguir els passos un a un. MiscellanousChecks=Comprovació dels Prerequisits @@ -51,6 +51,7 @@ ServerAddressDescription=Nom o adreça IP del servidor de base de dades, general ServerPortDescription=Port del servidor de la base de dades. Deixar en blanc si ho desconeix. DatabaseServer=Servidor de la base de dades DatabaseName=Nom de la base de dades +DatabasePrefix=Prefixe per a les taules Login=Usuari AdminLogin=Usuari de l'administrador de la base de dades Dolibarr. Deixi buit si es connecta com a anonymous Password=Contrasenya @@ -152,8 +153,9 @@ MigrationShippingDelivery=Actualització de les dades de expedicions MigrationShippingDelivery2=Actualització de les dades expedicions 2 MigrationFinished=Acabada l'actualització LastStepDesc=Últim pas: Indiqueu aquí el compte i la contrasenya del primer usuari que fareu servir per connectar-se a l'aplicació. No perdi aquests identificadors, és el compte que permet administrar la resta. -######### -# upgrade +ActivateModule=Activació del mòdul %s +#########=undefined +# upgrade=undefined MigrationFixData=Correcció de dades desnormalitzades MigrationOrder=Migració de dades de les comandes clients MigrationSupplierOrder=Migració de dades de les comandes a proveïdors @@ -163,56 +165,56 @@ MigrationContract=Migració de dades dels contractes MigrationSuccessfullUpdate=Actualització finalitzada MigrationUpdateFailed=L'actualització ha fallat MigrationRelationshipTables=Migració de les taules de relació (%s) -# Payments Update +# Payments Update MigrationPaymentsUpdate=Actualització dels pagaments (vincle nn pagaments-factures) MigrationPaymentsNumberToUpdate=%s pagament(s) a actualitzar MigrationProcessPaymentUpdate=Actualització pagament(s) %s MigrationPaymentsNothingToUpdate=No hi ha més pagaments orfes que hagin de corregir. MigrationPaymentsNothingUpdatable=Cap pagament orfe de correcció. -# Contracts Update +# Contracts Update MigrationContractsUpdate=Actualització dels contractes sense detalls (gestió del contracte + detall de contracte) MigrationContractsNumberToUpdate=%s contracte(s) a actualitzar MigrationContractsLineCreation=Creació linia contracte per contracte Ref. %s MigrationContractsNothingToUpdate=No hi ha més contractes (vinculats a un producte) sense línies de detalls que hagin de corregir. MigrationContractsFieldDontExist=Els camps fk_facture no existeixen ja. No hi ha operació pendent. -# Contracts Empty Dates Update +# Contracts Empty Dates Update MigrationContractsEmptyDatesUpdate=Actualització de les dades de contractes no indicades MigrationContractsEmptyDatesUpdateSuccess=Ok per data de contracte MigrationContractsEmptyDatesNothingToUpdate=No hi ha més properes dates de contractes. MigrationContractsEmptyCreationDatesUpdateSuccess=Ok per la data de creació MigrationContractsEmptyCreationDatesNothingToUpdate=No hi ha més properes dates de creació. -# Contracts Invalid Dates Update +# Contracts Invalid Dates Update MigrationContractsInvalidDatesUpdate=Actualització dades contracte incorrectes (per contractes amb detall en servei) MigrationContractsInvalidDateFix=Corregir contracte %s (data contracte=%s, Data posada en servei min=%s) MigrationContractsInvalidDatesNumber=%s contractes modificats MigrationContractsInvalidDatesNothingToUpdate=No hi ha més de contractes que hagin de corregir-se. -# Contracts Incoherent Dates Update +# Contracts Incoherent Dates Update MigrationContractsIncoherentCreationDateUpdate=Actualització de les dades de creació de contracte que tenen un valor incoherent MigrationContractsIncoherentCreationDateUpdateSuccess=Ok MigrationContractsIncoherentCreationDateNothingToUpdate=No hi ha més dades de contractes. -# Reopening Contracts +# Reopening Contracts MigrationReopeningContracts=Reobertura dels contractes que tenen almenys un servei actiu no tancat MigrationReopenThisContract=Reobertura contracte %s MigrationReopenedContractsNumber=%s contractes modificats MigrationReopeningContractsNothingToUpdate=No hi ha més contractes que hagin de reobrirse. -# Migration transfert +# Migration transfert MigrationBankTransfertsUpdate=Actualització dels vincles entre registres bancaris i una transferència entre compte MigrationBankTransfertsNothingToUpdate=Cap vincle desfasat -# Migration delivery +# Migration delivery MigrationShipmentOrderMatching=Actualitzar notes d'expedició MigrationDeliveryOrderMatching=Actualitzar recepcions MigrationDeliveryDetail=Actualitzar recepcions -# Migration stock +# Migration stock MigrationStockDetail=Actualitzar valor en stock dels productes -# Migration menus +# Migration menus MigrationMenusDetail=Actualització de la taula de menús dinàmics -# Migration delivery address +# Migration delivery address MigrationDeliveryAddress=Actualització de les adreces d'enviament en les notes de lliurament -# Migration project task actors +# Migration project task actors MigrationProjectTaskActors=Migració de la taula llx_projet_task_actors -# Migration project user resp +# Migration project user resp MigrationProjectUserResp=Migració del camp fk_user_resp de llx_projet a llx_element_contact -# Migration project task time +# Migration project task time MigrationProjectTaskTime=Actualització de temps dedicat en segons -# Migration Acctioncom +# Migration Acctioncom=undefined MigrationActioncommElement=Actualització de les dades de accions sobre elements \ No newline at end of file diff --git a/htdocs/langs/es_ES/bills.lang b/htdocs/langs/es_ES/bills.lang index 9501abc248f..e51b916dc7b 100644 --- a/htdocs/langs/es_ES/bills.lang +++ b/htdocs/langs/es_ES/bills.lang @@ -231,6 +231,7 @@ ReductionsShort=Dto. Discount=Descuento Discounts=Descuentos ShowDiscount=Ver el abono +ShowReduc=Visualizar la deducción RelativeDiscount=Descuento relativo GlobalDiscount=Descuento fijo CreditNote=Abono @@ -342,6 +343,7 @@ LawApplicationPart2=las mercancías permanecen en propiedad de LawApplicationPart3=vendedor hasta el completo cobro de LawApplicationPart4=sus precios LimitedLiabilityCompanyCapital=SRL con capital de +UseLine=Aplicar UseDiscount=Aplicar descuento UseCredit=Usar crédito UseCreditNoteInInvoicePayment=Reducir el pago con este crédito @@ -384,4 +386,4 @@ PDFCrabeDescription=Modelo de factura completo (modelo recomendado por defecto) # oursin PDF Model PDFOursinDescription=Modelo de factura completo (modelo alternativo) # NumRef Modules -TerreNumRefModelDesc1=Devuelve el número bajo el formato %syymm-nnnn para las facturas y %syymm-nnnn para los abonos donde yy es el año, mm. el mes y nnnn un contador secuencial sin ruptura y sin permanencia a 0 +TerreNumRefModelDesc1=Devuelve el número bajo el formato %syymm-nnnn para las facturas y %syymm-nnnn para los abonos donde yy es el año, mm. el mes y nnnn un contador secuencial sin ruptura y sin permanencia a 0 \ No newline at end of file diff --git a/htdocs/langs/es_ES/boxes.lang b/htdocs/langs/es_ES/boxes.lang index 7ff3a8d01ad..734c8e0c8cd 100644 --- a/htdocs/langs/es_ES/boxes.lang +++ b/htdocs/langs/es_ES/boxes.lang @@ -1,4 +1,4 @@ -# Dolibarr language file - es_ES - boxes +# Dolibarr language file - es_ES - boxes CHARSET=UTF-8 BoxLastRssInfos=Hilos de información RSS BoxLastProducts=Los %s últimos productos/servicios @@ -46,16 +46,18 @@ BoxTitleTotalUnpaidSuppliersBills=Pendiente a proveedores BoxTitleLastModifiedContacts=Los %s últimos contactos/direcciones modificadas BoxTitleLastModifiedMembers=Los %s últimos miembros modificados BoxMyLastBookmarks=Mis %s últimos marcadores +BoxOldestExpiredServices=Servicios antiguos expirados +BoxLastExpiredServices=Los %s contratos más antiguos con servicios activos expirados +BoxTitleLastActionsToDo=Los %s últimos eventos a realizar +BoxTitleLastContracts=Los %s últimos contratos +BoxTitleLastModifiedDonations=Las %s últimas subvenciones modificadas +BoxTitleLastModifiedExpenses=Los %s últimos honorarios modificados FailedToRefreshDataInfoNotUpToDate=Error en el refresco del flujo RSS. Fecha del último refresco: %s LastRefreshDate=Fecha última actualización NoRecordedBookmarks=No hay marcadores personales. ClickToAdd=Haga clic aquí para añadir. NoRecordedCustomers=Ningún cliente registrado NoRecordedContacts=Ningún contacto registrado -BoxTitleLastActionsToDo=Los %s últimos eventos a realizar -BoxTitleLastContracts=Los %s últimos contratos -BoxTitleLastModifiedDonations=Las %s últimas subvenciones modificadas -BoxTitleLastModifiedExpenses=Los %s últimos honorarios modificados NoActionsToDo=Sin eventos a realizar NoRecordedOrders=Sin pedidos de clientes registrados NoRecordedProposals=Sin presupuestos registrados diff --git a/htdocs/langs/es_ES/contracts.lang b/htdocs/langs/es_ES/contracts.lang index 114ba38906b..12298ce4ca6 100644 --- a/htdocs/langs/es_ES/contracts.lang +++ b/htdocs/langs/es_ES/contracts.lang @@ -1,4 +1,4 @@ -# Dolibarr language file - es_ES - contracts +# Dolibarr language file - es_ES - contracts CHARSET=UTF-8 ContractsArea=Área contratos ListOfContracts=Listado de contratos @@ -84,10 +84,11 @@ ConfirmMoveToAnotherContractQuestion=Elija cualquier otro contrato del mismo ter PaymentRenewContractId=Renovación servicio (número %s) ExpiredSince=Expirado desde el RelatedContracts=Contratos asociados +NoExpiredServices=Sin servicios activos expirados ##### Types de contacts ##### TypeContact_contrat_internal_SALESREPSIGN=Comercial firmante del contrato TypeContact_contrat_internal_SALESREPFOLL=Comercial seguimiento del contrato TypeContact_contrat_external_BILLING=Contacto cliente de facturación del contrato TypeContact_contrat_external_CUSTOMER=Contacto cliente seguimiento del contrato TypeContact_contrat_external_SALESREPSIGN=Contacto cliente firmante del contrato -Error_CONTRACT_ADDON_NotDefined=Constante CONTRACT_ADDON no definida \ No newline at end of file +Error_CONTRACT_ADDON_NotDefined=Constante CONTRACT_ADDON no definida \ No newline at end of file diff --git a/htdocs/langs/es_ES/errors.lang b/htdocs/langs/es_ES/errors.lang index 78a6d28c59e..170e20451b0 100644 --- a/htdocs/langs/es_ES/errors.lang +++ b/htdocs/langs/es_ES/errors.lang @@ -1,8 +1,7 @@ -# Dolibarr language file - es_ES - errors +# Dolibarr language file - es_ES - errors CHARSET=UTF-8 MenuManager=Gestor de menú - -# Errors +# Errors=undefined Error=Error Errors=Errores ErrorBadEMail=e-mail %s no correcto @@ -71,7 +70,7 @@ ErrorFileIsInfectedWithAVirus=¡El antivirus no ha podido validar este archivo ( ErrorSpecialCharNotAllowedForField=Los caracteres especiales no son admitidos por el campo "%s" ErrorDatabaseParameterWrong=El parámetro de configuración de la base de datos '%s' tiene un valor no compatible para una instalación de Dolibarr (debe tener el valor '%s'). ErrorNumRefModel=Hay una referencia en la base de datos (%s) y es incompatible con esta numeración. Elimine la línea o renombre la referencia para activar este módulo. -ErrorQtyTooLowForThisSupplier= Cantidad insuficiente para este proveedor +ErrorQtyTooLowForThisSupplier=Cantidad insuficiente para este proveedor ErrorModuleSetupNotComplete=La configuración del módulo parece incompleta. Vaya al área Configuración - Módulos para corregir ErrorBadMask=Error en la máscara ErrorBadMaskFailedToLocatePosOfSequence=Error, sin número de secuencia en la máscara @@ -98,7 +97,7 @@ ErrorFailedToChangePassword=Error en la modificación de la contraseña ErrorLoginDoesNotExists=La cuenta de usuario de %s no se ha encontrado. ErrorLoginHasNoEmail=Este usuario no tiene e-mail. Imposible continuar. ErrorBadValueForCode=Valor incorrecto para el código. Vuelva a intentar con un nuevo valor... - +ErrorBothFieldCantBeNegative=Los campos %s y %s no pueden ser negativos # Warnings WarningSafeModeOnCheckExecDir=Atención, está activada la opción PHP safe_mode, el comando deberá estar dentro de un directorio declarado dentro del parámetro php safe_mode_exec_dir. WarningAllowUrlFopenMustBeOn=El parámetro allow_url_fopen debe ser especificado a on en el archivo php.ini para disponer de este módulo completamente activo. Debe modificar este archivo manualmente diff --git a/htdocs/langs/es_ES/install.lang b/htdocs/langs/es_ES/install.lang index dcd1d5eeb40..1009d1a1e9f 100644 --- a/htdocs/langs/es_ES/install.lang +++ b/htdocs/langs/es_ES/install.lang @@ -51,6 +51,7 @@ ServerAddressDescription=Nombre o dirección IP del servidor de base de datos, g ServerPortDescription=Puerto del servidor de la base de datos. Dejar en blanco si lo desconoce. DatabaseServer=Servidor de la base de datos DatabaseName=Nombre de la base de datos +DatabasePrefix=Prefijo para las tablas Login=Usuario AdminLogin=Usuario del administrador de la base de datos Dolibarr. Deje vacío si se conecta en anonymous Password=Contraseña @@ -152,6 +153,7 @@ MigrationShippingDelivery=Actualización de los datos de expediciones MigrationShippingDelivery2=Actualización de los datos de expediciones 2 MigrationFinished=Actualización terminada LastStepDesc=Último paso: Indique aquí la cuenta y la contraseña del primer usuario que usted utilizará para conectarse a la aplicación. No pierda estos identificadores, es la cuenta que permite administrar el resto. +ActivateModule=Activación del módulo %s ######### # upgrade MigrationFixData=Corrección de datos desnormalizados @@ -163,56 +165,56 @@ MigrationContract=Migración de datos de los contratos MigrationSuccessfullUpdate=Actualización finalizada MigrationUpdateFailed=La actualización ha fallado MigrationRelationshipTables=Migración de las tablas de relación (%s) -# Payments Update +# Payments Update= MigrationPaymentsUpdate=Actualización de los pagos (vínculo n-n pagos-facturas) MigrationPaymentsNumberToUpdate=%s pago(s) a actualizar MigrationProcessPaymentUpdate=Actualización pago(s) %s MigrationPaymentsNothingToUpdate=No hay más pagos huérfanos que deban corregirse. MigrationPaymentsNothingUpdatable=Ningún pago huérfano corregible. -# Contracts Update +# Contracts Update= MigrationContractsUpdate=Actualización de los contratos sin detalles (gestión del contrato + detalle de contrato) MigrationContractsNumberToUpdate=%s contrato(s) a actualizar MigrationContractsLineCreation=Creación linea contrato para contrato Ref. %s MigrationContractsNothingToUpdate=No hay más contratos (vinculados a un producto) sin líneas de detalles que deban corregirse. MigrationContractsFieldDontExist=Los campos fk_facture no existen ya. No hay operación pendiente. -# Contracts Empty Dates Update +# Contracts Empty Dates Update= MigrationContractsEmptyDatesUpdate=Actualización de las fechas de contratos no indicadas MigrationContractsEmptyDatesUpdateSuccess=Ok para fecha de contrato MigrationContractsEmptyDatesNothingToUpdate=No hay más próximas fechas de contratos. MigrationContractsEmptyCreationDatesUpdateSuccess=Ok para la fecha de creación MigrationContractsEmptyCreationDatesNothingToUpdate=No hay más próximas fechas de creación. -# Contracts Invalid Dates Update +# Contracts Invalid Dates Update= MigrationContractsInvalidDatesUpdate=Actualización fechas contrato incorrectas (para contratos con detalle en servicio) MigrationContractsInvalidDateFix=Corregir contrato %s (fecha contrato=%s, Fecha puesta en servicio min=%s) MigrationContractsInvalidDatesNumber=%s contratos modificados MigrationContractsInvalidDatesNothingToUpdate=No hay más de contratos que deban corregirse. -# Contracts Incoherent Dates Update +# Contracts Incoherent Dates Update= MigrationContractsIncoherentCreationDateUpdate=Actualización de las fechas de creación de contrato que tienen un valor incoherente MigrationContractsIncoherentCreationDateUpdateSuccess=Ok MigrationContractsIncoherentCreationDateNothingToUpdate=No hay más fechas de contratos. -# Reopening Contracts +# Reopening Contracts= MigrationReopeningContracts=Reapertura de los contratos que tienen al menos un servicio activo no cerrado MigrationReopenThisContract=Reapertura contrato %s MigrationReopenedContractsNumber=%s contratos modificados MigrationReopeningContractsNothingToUpdate=No hay más contratos que deban reabrirse. -# Migration transfert +# Migration transfert= MigrationBankTransfertsUpdate=Actualización de los vínculos entre registros bancarios y una transferencia entre cuenta MigrationBankTransfertsNothingToUpdate=Ningún vínculo desfasado -# Migration delivery +# Migration delivery= MigrationShipmentOrderMatching=Actualizar notas de expedición MigrationDeliveryOrderMatching=Actualizar recepciones MigrationDeliveryDetail=Actualizar recepciones -# Migration stock +# Migration stock= MigrationStockDetail=Actualizar valor en stock de los productos -# Migration menus +# Migration menus= MigrationMenusDetail=Actualización de la tabla de menús dinámicos -# Migration delivery address +# Migration delivery address= MigrationDeliveryAddress=Actualización de las direcciones de envío en las notas de entrega -# Migration project task actors +# Migration project task actors= MigrationProjectTaskActors=Migración de la tabla llx_projet_task_actors -# Migration project user resp +# Migration project user resp= MigrationProjectUserResp=Migración del campo fk_user_resp de llx_projet a llx_element_contact -# Migration project task time +# Migration project task time= MigrationProjectTaskTime=Actualización de tiempo dedicado en segundos # Migration Acctioncom -MigrationActioncommElement=Actualización de los datos de acciones sobre elementos \ No newline at end of file +MigrationActioncommElement=Actualización de los datos de acciones sobre elementos From 781b41737f82a6c6647d35bca7cc46ce0d6c6239 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 25 Nov 2011 02:03:02 +0100 Subject: [PATCH 09/12] Fix: filter by categ --- htdocs/core/modules/mailings/contacts3.modules.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/htdocs/core/modules/mailings/contacts3.modules.php b/htdocs/core/modules/mailings/contacts3.modules.php index 7bbb2c0c9c5..81d59d137b3 100755 --- a/htdocs/core/modules/mailings/contacts3.modules.php +++ b/htdocs/core/modules/mailings/contacts3.modules.php @@ -77,15 +77,15 @@ class mailing_contacts3 extends MailingTargets $sql.= " sp.name as name, sp.firstname as firstname, sp.civilite,"; $sql.= " s.nom as companyname"; $sql.= " FROM ".MAIN_DB_PREFIX."socpeople as sp,"; - $sql.= " ".MAIN_DB_PREFIX."societe as s,"; - $sql.= " ".MAIN_DB_PREFIX."categorie as c,"; - $sql.= " ".MAIN_DB_PREFIX."categorie_societe as cs"; + $sql.= " ".MAIN_DB_PREFIX."societe as s"; + if ($filtersarray[0] <> 'all') $sql.= ", ".MAIN_DB_PREFIX."categorie as c,"; + if ($filtersarray[0] <> 'all') $sql.= " ".MAIN_DB_PREFIX."categorie_societe as cs"; $sql.= " WHERE s.rowid = sp.fk_soc"; $sql.= " AND sp.email != ''"; // Note that null != '' is false $sql.= " AND sp.entity = ".$conf->entity; - $sql.= " AND cs.fk_categorie = c.rowid"; - $sql.= " AND cs.fk_societe = sp.fk_soc"; - if ($filtersarray[0] <> 'all') $sql.= " AND c.label = '".$filtersarray[0]."'"; + if ($filtersarray[0] <> 'all') $sql.= " AND cs.fk_categorie = c.rowid"; + if ($filtersarray[0] <> 'all') $sql.= " AND cs.fk_societe = sp.fk_soc"; + if ($filtersarray[0] <> 'all') $sql.= " AND c.label = '".$this->db->escape($filtersarray[0])."'"; $sql.= " ORDER BY sp.name, sp.firstname"; $resql = $this->db->query($sql); From 3fb1db1cf2b812120c8236d07e5f1971986e74e4 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Fri, 25 Nov 2011 16:47:57 +0100 Subject: [PATCH 10/12] Fix: XSS injection --- htdocs/compta/facture.php | 35 +++++++++++++++---------------- htdocs/core/lib/functions.lib.php | 32 ++++++++++++++-------------- 2 files changed, 33 insertions(+), 34 deletions(-) diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php index 44926e4ecf2..11856e52758 100644 --- a/htdocs/compta/facture.php +++ b/htdocs/compta/facture.php @@ -59,7 +59,10 @@ $action=GETPOST('action'); $confirm=GETPOST('confirm'); $lineid=GETPOST('lineid'); $userid=GETPOST('userid'); -$search_ref=GETPOST('sf_ref')?GETPOST('sf_ref'):GETPOST('search_ref'); +$search_ref=GETPOST('sf_ref')?GETPOST('sf_ref','alpha'):GETPOST('search_ref','alpha'); +$search_societe=GETPOST('search_societe','alpha'); +$search_montant_ht=GETPOST('search_montant_ht','alpha'); +$search_montant_ttc=GETPOST('search_montant_ht','alpha'); // Security check $fieldid = isset($_GET["ref"])?'facnumber':'rowid'; @@ -3053,8 +3056,8 @@ else $pageprev = $page - 1; $pagenext = $page + 1; - $month =GETPOST('month','int'); - $year =GETPOST('year','int'); + $month = GETPOST('month','int'); + $year = GETPOST('year','int'); $facturestatic=new Facture($db); @@ -3088,21 +3091,21 @@ else $sql .= ' AND ' . trim($filt[0]) . ' = ' . trim($filt[1]); } } - if ($_GET['search_ref']) + if ($search_ref) { - $sql.= ' AND f.facnumber LIKE \'%'.$db->escape(trim($_GET['search_ref'])).'%\''; + $sql.= ' AND f.facnumber LIKE \'%'.$db->escape(trim($search_ref)).'%\''; } - if ($_GET['search_societe']) + if ($search_societe) { - $sql.= ' AND s.nom LIKE \'%'.$db->escape(trim($_GET['search_societe'])).'%\''; + $sql.= ' AND s.nom LIKE \'%'.$db->escape(trim($search_societe)).'%\''; } - if ($_GET['search_montant_ht']) + if ($search_montant_ht) { - $sql.= ' AND f.total = \''.$db->escape(trim($_GET['search_montant_ht'])).'\''; + $sql.= ' AND f.total = \''.$db->escape(trim($search_montant_ht)).'\''; } - if ($_GET['search_montant_ttc']) + if ($search_montant_ttc) { - $sql.= ' AND f.total_ttc = \''.$db->escape(trim($_GET['search_montant_ttc'])).'\''; + $sql.= ' AND f.total_ttc = \''.$db->escape(trim($search_montant_ttc)).'\''; } if ($month > 0) { @@ -3115,10 +3118,6 @@ else { $sql.= " AND f.datef BETWEEN '".$db->idate(dol_get_first_day($year,1,false))."' AND '".$db->idate(dol_get_last_day($year,12,false))."'"; } - if (trim($search_ref) != '') - { - $sql.= ' AND f.facnumber LIKE \'%'.$db->escape(trim($search_ref)) . '%\''; - } if (! $sall) { $sql.= ' GROUP BY f.rowid, f.facnumber, f.type, f.increment, f.total, f.total_ttc,'; @@ -3183,11 +3182,11 @@ else print ''; print ''; print ''; print ''; print ''; print ''; print '
From c64f16da1c06eda54d0d410531f4f1093d8c0fa3 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Thu, 24 Nov 2011 07:48:33 +0100 Subject: [PATCH 04/12] Change default prefix if needed --- htdocs/install/etape2.php | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/htdocs/install/etape2.php b/htdocs/install/etape2.php index 865989f9e61..8f81e55614c 100644 --- a/htdocs/install/etape2.php +++ b/htdocs/install/etape2.php @@ -188,6 +188,12 @@ if ($action == "set") { $buffer=preg_replace('/type=innodb/i','ENGINE=innodb',$buffer); } + + // Replace the prefix tables + if ($dolibarr_main_db_prefix != 'llx_') + { + $buffer=preg_replace('/llx_/i',$dolibarr_main_db_prefix,$buffer); + } //print "
Creation de la table $name/td>"; $requestnb++; @@ -330,6 +336,12 @@ if ($action == "set") $buffer=trim($req); if ($buffer) { + // Replace the prefix tables + if ($dolibarr_main_db_prefix != 'llx_') + { + $buffer=preg_replace('/llx_/i',$dolibarr_main_db_prefix,$buffer); + } + //print "
Creation des cles et index de la table $name: '$buffer'
Creation de la table $name/td>"; $requestnb++; @@ -330,6 +336,12 @@ if ($action == "set") $buffer=trim($req); if ($buffer) { + // Replace the prefix tables + if ($dolibarr_main_db_prefix != 'llx_') + { + $buffer=preg_replace('/llx_/i',$dolibarr_main_db_prefix,$buffer); + } + //print "
Creation des cles et index de la table $name: '$buffer' '; - print ''; + print ''; print ''; - print ''; + print ''; print ''; - print ''; + print ''; print ''; print ' '; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index eafd2c9cb22..39fc2b599d9 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -185,22 +185,22 @@ function dol_shutdown() */ function GETPOST($paramname,$check='',$method=0) { - if (empty($method)) $out = isset($_GET[$paramname])?$_GET[$paramname]:(isset($_POST[$paramname])?$_POST[$paramname]:''); - elseif ($method==1) $out = isset($_GET[$paramname])?$_GET[$paramname]:''; - elseif ($method==2) $out = isset($_POST[$paramname])?$_POST[$paramname]:''; - elseif ($method==3) $out = isset($_POST[$paramname])?$_POST[$paramname]:(isset($_GET[$paramname])?$_GET[$paramname]:''); - - if (!empty($check)) - { - // Check if numeric - if ($check == 'int' && ! preg_match('/^[\.,0-9]+$/i',trim($out))) $out=''; - // Check if alpha - //if ($check == 'alpha' && ! preg_match('/^[ =:@#\/\\\(\)\-\._a-z0-9]+$/i',trim($out))) $out=''; - // '"' is dangerous because param in url can close the href= or src= and add javascript functions. - if ($check == 'alpha' && preg_match('/"/',trim($out))) $out=''; - } - - return $out; + if (empty($method)) $out = isset($_GET[$paramname])?$_GET[$paramname]:(isset($_POST[$paramname])?$_POST[$paramname]:''); + elseif ($method==1) $out = isset($_GET[$paramname])?$_GET[$paramname]:''; + elseif ($method==2) $out = isset($_POST[$paramname])?$_POST[$paramname]:''; + elseif ($method==3) $out = isset($_POST[$paramname])?$_POST[$paramname]:(isset($_GET[$paramname])?$_GET[$paramname]:''); + + if (! empty($check)) + { + // Check if numeric + if ($check == 'int' && ! preg_match('/^[\.,0-9]+$/i',trim($out))) $out=''; + // Check if alpha + //if ($check == 'alpha' && ! preg_match('/^[ =:@#\/\\\(\)\-\._a-z0-9]+$/i',trim($out))) $out=''; + // '"' is dangerous because param in url can close the href= or src= and add javascript functions. + if ($check == 'alpha' && preg_match('/"/',trim($out))) $out=''; + } + + return $out; } From 2ce2c94f5d7566848e61e68aab4e53e0633e76b3 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Fri, 25 Nov 2011 17:12:39 +0100 Subject: [PATCH 11/12] Fix: XSS injection --- htdocs/compta/facture.php | 53 +++++++++++++++---------------- htdocs/core/lib/functions.lib.php | 32 +++++++++---------- 2 files changed, 42 insertions(+), 43 deletions(-) diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php index 44926e4ecf2..a945c37fc4c 100644 --- a/htdocs/compta/facture.php +++ b/htdocs/compta/facture.php @@ -50,19 +50,22 @@ $langs->load('main'); if (GETPOST('mesg','int',1) && isset($_SESSION['message'])) $mesg=$_SESSION['message']; $sall=trim(GETPOST('sall')); -$projectid=isset($_GET['projectid'])?$_GET['projectid']:0; +$projectid=(GETPOST('projectid')?GETPOST('projectid','int'):0); -$id=(GETPOST('id')?GETPOST("id"):GETPOST("facid")); // For backward compatibility -$ref=GETPOST('ref'); -$socid=GETPOST('socid'); -$action=GETPOST('action'); -$confirm=GETPOST('confirm'); -$lineid=GETPOST('lineid'); -$userid=GETPOST('userid'); -$search_ref=GETPOST('sf_ref')?GETPOST('sf_ref'):GETPOST('search_ref'); +$id=(GETPOST('id')?GETPOST('id','int'):GETPOST('facid','int')); // For backward compatibility +$ref=GETPOST('ref','alpha'); +$socid=GETPOST('socid','int'); +$action=GETPOST('action','alpha'); +$confirm=GETPOST('confirm','alpha'); +$lineid=GETPOST('lineid','int'); +$userid=GETPOST('userid','int'); +$search_ref=GETPOST('sf_ref')?GETPOST('sf_ref','alpha'):GETPOST('search_ref','alpha'); +$search_societe=GETPOST('search_societe','alpha'); +$search_montant_ht=GETPOST('search_montant_ht','alpha'); +$search_montant_ttc=GETPOST('search_montant_ht','alpha'); // Security check -$fieldid = isset($_GET["ref"])?'facnumber':'rowid'; +$fieldid = (! empty($ref)?'facnumber':'rowid'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'facture', $id,'','','fk_soc',$fieldid); @@ -3053,8 +3056,8 @@ else $pageprev = $page - 1; $pagenext = $page + 1; - $month =GETPOST('month','int'); - $year =GETPOST('year','int'); + $month = GETPOST('month','int'); + $year = GETPOST('year','int'); $facturestatic=new Facture($db); @@ -3088,21 +3091,21 @@ else $sql .= ' AND ' . trim($filt[0]) . ' = ' . trim($filt[1]); } } - if ($_GET['search_ref']) + if ($search_ref) { - $sql.= ' AND f.facnumber LIKE \'%'.$db->escape(trim($_GET['search_ref'])).'%\''; + $sql.= ' AND f.facnumber LIKE \'%'.$db->escape(trim($search_ref)).'%\''; } - if ($_GET['search_societe']) + if ($search_societe) { - $sql.= ' AND s.nom LIKE \'%'.$db->escape(trim($_GET['search_societe'])).'%\''; + $sql.= ' AND s.nom LIKE \'%'.$db->escape(trim($search_societe)).'%\''; } - if ($_GET['search_montant_ht']) + if ($search_montant_ht) { - $sql.= ' AND f.total = \''.$db->escape(trim($_GET['search_montant_ht'])).'\''; + $sql.= ' AND f.total = \''.$db->escape(trim($search_montant_ht)).'\''; } - if ($_GET['search_montant_ttc']) + if ($search_montant_ttc) { - $sql.= ' AND f.total_ttc = \''.$db->escape(trim($_GET['search_montant_ttc'])).'\''; + $sql.= ' AND f.total_ttc = \''.$db->escape(trim($search_montant_ttc)).'\''; } if ($month > 0) { @@ -3115,10 +3118,6 @@ else { $sql.= " AND f.datef BETWEEN '".$db->idate(dol_get_first_day($year,1,false))."' AND '".$db->idate(dol_get_last_day($year,12,false))."'"; } - if (trim($search_ref) != '') - { - $sql.= ' AND f.facnumber LIKE \'%'.$db->escape(trim($search_ref)) . '%\''; - } if (! $sall) { $sql.= ' GROUP BY f.rowid, f.facnumber, f.type, f.increment, f.total, f.total_ttc,'; @@ -3183,11 +3182,11 @@ else print ' '; - print ''; + print ''; print ''; - print ''; + print ''; print ''; - print ''; + print ''; print ''; print ' '; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index eafd2c9cb22..39fc2b599d9 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -185,22 +185,22 @@ function dol_shutdown() */ function GETPOST($paramname,$check='',$method=0) { - if (empty($method)) $out = isset($_GET[$paramname])?$_GET[$paramname]:(isset($_POST[$paramname])?$_POST[$paramname]:''); - elseif ($method==1) $out = isset($_GET[$paramname])?$_GET[$paramname]:''; - elseif ($method==2) $out = isset($_POST[$paramname])?$_POST[$paramname]:''; - elseif ($method==3) $out = isset($_POST[$paramname])?$_POST[$paramname]:(isset($_GET[$paramname])?$_GET[$paramname]:''); - - if (!empty($check)) - { - // Check if numeric - if ($check == 'int' && ! preg_match('/^[\.,0-9]+$/i',trim($out))) $out=''; - // Check if alpha - //if ($check == 'alpha' && ! preg_match('/^[ =:@#\/\\\(\)\-\._a-z0-9]+$/i',trim($out))) $out=''; - // '"' is dangerous because param in url can close the href= or src= and add javascript functions. - if ($check == 'alpha' && preg_match('/"/',trim($out))) $out=''; - } - - return $out; + if (empty($method)) $out = isset($_GET[$paramname])?$_GET[$paramname]:(isset($_POST[$paramname])?$_POST[$paramname]:''); + elseif ($method==1) $out = isset($_GET[$paramname])?$_GET[$paramname]:''; + elseif ($method==2) $out = isset($_POST[$paramname])?$_POST[$paramname]:''; + elseif ($method==3) $out = isset($_POST[$paramname])?$_POST[$paramname]:(isset($_GET[$paramname])?$_GET[$paramname]:''); + + if (! empty($check)) + { + // Check if numeric + if ($check == 'int' && ! preg_match('/^[\.,0-9]+$/i',trim($out))) $out=''; + // Check if alpha + //if ($check == 'alpha' && ! preg_match('/^[ =:@#\/\\\(\)\-\._a-z0-9]+$/i',trim($out))) $out=''; + // '"' is dangerous because param in url can close the href= or src= and add javascript functions. + if ($check == 'alpha' && preg_match('/"/',trim($out))) $out=''; + } + + return $out; } From f803ca4e958826b26eea4b40b0d6ac6e731f478f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 25 Nov 2011 18:36:39 +0100 Subject: [PATCH 12/12] Fix: Bad parameters --- htdocs/core/tpl/freeproductline_view.tpl.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/tpl/freeproductline_view.tpl.php b/htdocs/core/tpl/freeproductline_view.tpl.php index 4d581d707d9..3039a9cf15f 100644 --- a/htdocs/core/tpl/freeproductline_view.tpl.php +++ b/htdocs/core/tpl/freeproductline_view.tpl.php @@ -50,7 +50,7 @@ } else { - echo ($txt?' - ':'').dol_htmlentitiesbr($line->description,1,true); + echo ($txt?' - ':'').dol_htmlentitiesbr($line->description); } } } @@ -59,7 +59,7 @@ if (! empty($line->fk_parent_line)) echo img_picto('', 'rightarrow'); if ($type==1) $text = img_object($langs->trans('Service'),'service'); else $text = img_object($langs->trans('Product'),'product'); - echo $text.' '.dol_htmlentitiesbr($line->description,1,true); + echo $text.' '.dol_htmlentitiesbr($line->description); // Show range print_date_range($line->date_start,$line->date_end); }