lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/develop' into productmerge

Browse Source
This commit is contained in:
Frédéric FRANCE 2022-02-27 08:40:01 +01:00
commit 018fc53554
No known key found for this signature in database
GPG Key ID: 06809324E4B2ABC1
133 changed files with 2229 additions and 1693 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dev/dolibarr_changes.txt
View File

@ -111,6 +111,10 @@ with
// DOL CHANGE If we keep this, the image is not visible on pages after the first one.
//var_dump($file.' '.(!@TCPDF_STATIC::file_exists($file)));
//return false;
$tfile = str_replace(' ', '%20', $file);
if (@TCPDF_STATIC::file_exists($tfile)) {
$file = $tfile;
}
}
* Replace in tcpdf.php

2
dev/examples/zapier/package.json
View File

@ -15,7 +15,7 @@
"npm": ">=5.6.0"
},
"dependencies": {
"zapier-platform-core": "11.0.1"
"zapier-platform-core": "11.3.1"
},
"devDependencies": {
"mocha": "^5.2.0",

17
htdocs/accountancy/admin/accountmodel.php
View File

@ -185,11 +185,6 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
$ok = 0;
setEventMessages($langs->transnoentities('ErrorCodeCantContainZero'), null, 'errors');
}
/*if (!is_numeric($_POST['code'])) // disabled, code may not be in numeric base
{
$ok = 0;
$msg .= $langs->transnoentities('ErrorFieldFormat', $langs->transnoentities('Code')).'<br>';
}*/
}
if (GETPOSTISSET("country") && (GETPOST("country") == '0') && ($id != 2)) {
$ok = 0;
@ -228,17 +223,17 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
$i = 0;
foreach ($listfieldinsert as $f => $value) {
if ($value == 'price' || preg_match('/^amount/i', $value) || $value == 'taux') {
$_POST[$listfieldvalue[$i]] = price2num($_POST[$listfieldvalue[$i]], 'MU');
$_POST[$listfieldvalue[$i]] = price2num(GETPOST($listfieldvalue[$i]), 'MU');
} elseif ($value == 'entity') {
$_POST[$listfieldvalue[$i]] = $conf->entity;
}
if ($i) {
$sql .= ",";
}
if ($_POST[$listfieldvalue[$i]] == '') {
if (GETPOST($listfieldvalue[$i]) == '') {
$sql .= "null";
} else {
$sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'";
$sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'";
}
$i++;
}
@ -276,7 +271,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
$i = 0;
foreach ($listfieldmodify as $field) {
if ($field == 'price' || preg_match('/^amount/i', $field) || $field == 'taux') {
$_POST[$listfieldvalue[$i]] = price2num($_POST[$listfieldvalue[$i]], 'MU');
$_POST[$listfieldvalue[$i]] = price2num(GETPOST($listfieldvalue[$i]), 'MU');
} elseif ($field == 'entity') {
$_POST[$listfieldvalue[$i]] = $conf->entity;
}
@ -284,10 +279,10 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
$sql .= ",";
}
$sql .= $field."=";
if ($_POST[$listfieldvalue[$i]] == '') {
if (GETPOST($listfieldvalue[$i]) == '') {
$sql .= "null";
} else {
$sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'";
$sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'";
}
$i++;
}

25
htdocs/accountancy/admin/categories_list.php
View File

@ -148,10 +148,10 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
if ($value == 'formula' && !GETPOST('formula')) {
continue;
}
if ($value == 'range_account' && empty($_POST['range_account'])) {
if ($value == 'range_account' && !GETPOST('range_account')) {
continue;
}
if (($value == 'country' || $value == 'country_id') && (!empty($_POST['country_id']))) {
if (($value == 'country' || $value == 'country_id') && GETPOST('country_id')) {
continue;
}
if (!GETPOSTISSET($value) || GETPOST($value) == '') {
@ -195,17 +195,6 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
setEventMessages($langs->transnoentities('ErrorFieldMustBeANumeric', $langs->transnoentities("Position")), null, 'errors');
}
// Clean some parameters
if ($_POST["accountancy_code"] <= 0) {
$_POST["accountancy_code"] = ''; // If empty, we force to null
}
if ($_POST["accountancy_code_sell"] <= 0) {
$_POST["accountancy_code_sell"] = ''; // If empty, we force to null
}
if ($_POST["accountancy_code_buy"] <= 0) {
$_POST["accountancy_code_buy"] = ''; // If empty, we force to null
}
// Si verif ok et action add, on ajoute la ligne
if ($ok && GETPOST('actionadd', 'alpha')) {
if ($tabrowid[$id]) {
@ -243,7 +232,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
if ($i) {
$sql .= ",";
}
if ($_POST[$listfieldvalue[$i]] == '' && !$listfieldvalue[$i] == 'formula') {
if (GETPOST($listfieldvalue[$i]) == '' && !$listfieldvalue[$i] == 'formula') {
$sql .= "null"; // For vat, we want/accept code = ''
} else {
$sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'";
@ -283,8 +272,8 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
}
$i = 0;
foreach ($listfieldmodify as $field) {
if ($field == 'fk_country' && $_POST['country'] > 0) {
$_POST[$listfieldvalue[$i]] = $_POST['country'];
if ($field == 'fk_country' && GETPOST('country') > 0) {
$_POST[$listfieldvalue[$i]] = GETPOST('country');
} elseif ($field == 'entity') {
$_POST[$listfieldvalue[$i]] = $conf->entity;
}
@ -292,10 +281,10 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
$sql .= ",";
}
$sql .= $field."=";
if ($_POST[$listfieldvalue[$i]] == '' && !$listfieldvalue[$i] == 'range_account') {
if (GETPOST($listfieldvalue[$i]) == '' && !$listfieldvalue[$i] == 'range_account') {
$sql .= "null"; // For range_account, we want/accept code = ''
} else {
$sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'";
$sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'";
}
$i++;
}

60
htdocs/accountancy/admin/journals_list.php
View File

@ -165,45 +165,19 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
// Check that all fields are filled
$ok = 1;
foreach ($listfield as $f => $value) {
if ($fieldnamekey == 'libelle' || ($fieldnamekey == 'label')) {
$fieldnamekey = 'Label';
}
if ($fieldnamekey == 'code') {
$fieldnamekey = 'Code';
}
if ($fieldnamekey == 'nature') {
$fieldnamekey = 'NatureOfJournal';
}
}
// Other checks
if (GETPOSTISSET("code")) {
if (GETPOST("code") == '0') {
$ok = 0;
setEventMessages($langs->transnoentities('ErrorCodeCantContainZero'), null, 'errors');
}
/*if (!is_numeric($_POST['code'])) // disabled, code may not be in numeric base
{
$ok = 0;
$msg .= $langs->transnoentities('ErrorFieldFormat', $langs->transnoentities('Code')).'<br>';
}*/
}
if (!GETPOST('label', 'alpha')) {
setEventMessages($langs->transnoentities("ErrorFieldRequired", $langs->transnoentitiesnoconv("Label")), null, 'errors');
$ok = 0;
}
// Clean some parameters
if ($_POST["accountancy_code"] <= 0) {
$_POST["accountancy_code"] = ''; // If empty, we force to null
}
if ($_POST["accountancy_code_sell"] <= 0) {
$_POST["accountancy_code_sell"] = ''; // If empty, we force to null
}
if ($_POST["accountancy_code_buy"] <= 0) {
$_POST["accountancy_code_buy"] = ''; // If empty, we force to null
}
// Si verif ok et action add, on ajoute la ligne
if ($ok && GETPOST('actionadd', 'alpha')) {
if ($tabrowid[$id]) {
@ -235,16 +209,13 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
}
$i = 0;
foreach ($listfieldinsert as $f => $value) {
if ($value == 'entity') {
$_POST[$listfieldvalue[$i]] = $conf->entity;
}
if ($i) {
$sql .= ",";
}
if ($_POST[$listfieldvalue[$i]] == '') {
if (GETPOST($listfieldvalue[$i]) == '') {
$sql .= "null"; // For vat, we want/accept code = ''
} else {
$sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'";
$sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'";
}
$i++;
}
@ -254,7 +225,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
$result = $db->query($sql);
if ($result) { // Add is ok
setEventMessages($langs->transnoentities("RecordSaved"), null, 'mesgs');
$_POST = array('id'=>$id); // Clean $_POST array, we keep only
$_POST = array('id'=>$id); // Clean $_POST array, we keep only id
} else {
if ($db->errno() == 'DB_ERROR_RECORD_ALREADY_EXISTS') {
setEventMessages($langs->transnoentities("ErrorRecordAlreadyExists"), null, 'errors');
@ -281,24 +252,15 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
}
$i = 0;
foreach ($listfieldmodify as $field) {
if ($field == 'price' || preg_match('/^amount/i', $field) || $field == 'taux') {
$_POST[$listfieldvalue[$i]] = price2num($_POST[$listfieldvalue[$i]], 'MU');
} elseif ($field == 'entity') {
$_POST[$listfieldvalue[$i]] = $conf->entity;
}
if ($i) {
$sql .= ",";
}
$sql .= $field."=";
if ($_POST[$listfieldvalue[$i]] == '' && !($listfieldvalue[$i] == 'code' && $id == 10)) {
$sql .= "null"; // For vat, we want/accept code = ''
} else {
$sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'";
}
$sql .= $field." = ";
$sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'";
$i++;
}
$sql .= " WHERE ".$rowidcol." = ".((int) $rowid);
$sql .= " AND entity = ".$conf->entity;
$sql .= " AND entity = ".((int) $conf->entity);
dol_syslog("actionmodify", LOG_DEBUG);
//print $sql;
@ -323,7 +285,7 @@ if ($action == 'confirm_delete' && $confirm == 'yes') { // delete
}
$sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol." = ".((int) $rowid);
$sql .= " AND entity = ".$conf->entity;
$sql .= " AND entity = ".((int) $conf->entity);
dol_syslog("delete", LOG_DEBUG);
$result = $db->query($sql);
@ -410,7 +372,7 @@ if ($action == 'delete') {
if ($id) {
// Complete requete recherche valeurs avec critere de tri
$sql = $tabsql[$id];
$sql .= " WHERE a.entity = ".$conf->entity;
$sql .= " WHERE a.entity = ".((int) $conf->entity);
// If sort order is "country", we use country_code instead
if ($sortfield == 'country') {
@ -510,7 +472,7 @@ if ($id) {
$num = $db->num_rows($resql);
$i = 0;
$param = '&id='.$id;
$param = '&id='.((int) $id);
if ($search_country_id > 0) {
$param .= '&search_country_id='.urlencode($search_country_id);
}
@ -635,7 +597,7 @@ if ($id) {
$class = 'tddict';
// Show value for field
if ($showfield) {
print '<!-- '.$fieldlist[$field].' --><td class="'.$class.'">'.$valuetoshow.'</td>';
print '<!-- '.$fieldlist[$field].' --><td class="'.$class.'">'.dol_escape_htmltag($valuetoshow).'</td>';
}
}
}

78
htdocs/accountancy/expensereport/lines.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2013-2016 Olivier Geffroy <jeff@jeffinfo.com>
* Copyright (C) 2013-2017 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2013-2022 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2014-2015 Ari Elbaz (elarifr) <github@accedinfo.com>
* Copyright (C) 2013-2016 Florian Henry <florian.henry@open-concept.pro>
* Copyright (C) 2014 Juanjo Menent <jmenent@2byte.es>
@ -26,8 +26,8 @@
*/
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingaccount.class.php';
require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
@ -49,9 +49,14 @@ $search_desc = GETPOST('search_desc', 'alpha');
$search_amount = GETPOST('search_amount', 'alpha');
$search_account = GETPOST('search_account', 'alpha');
$search_vat = GETPOST('search_vat', 'alpha');
$search_day = GETPOST("search_day", "int");
$search_month = GETPOST("search_month", "int");
$search_year = GETPOST("search_year", "int");
$search_date_startday = GETPOST('search_date_startday', 'int');
$search_date_startmonth = GETPOST('search_date_startmonth', 'int');
$search_date_startyear = GETPOST('search_date_startyear', 'int');
$search_date_endday = GETPOST('search_date_endday', 'int');
$search_date_endmonth = GETPOST('search_date_endmonth', 'int');
$search_date_endyear = GETPOST('search_date_endyear', 'int');
$search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear); // Use tzserver
$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear);
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION);
@ -61,9 +66,9 @@ $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("pa
if (empty($page) || $page < 0) {
$page = 0;
}
$offset = $limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
$offset = $limit * $page;
if (!$sortfield) {
$sortfield = "erd.date, erd.rowid";
}
@ -101,9 +106,14 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x'
$search_amount = '';
$search_account = '';
$search_vat = '';
$search_day = '';
$search_month = '';
$search_year = '';
$search_date_startday = '';
$search_date_startmonth = '';
$search_date_startyear = '';
$search_date_endday = '';
$search_date_endmonth = '';
$search_date_endyear = '';
$search_date_start = '';
$search_date_end = '';
}
if (is_array($changeaccount) && count($changeaccount) > 0 && $user->rights->accounting->bind->write) {
@ -204,7 +214,12 @@ if (strlen(trim($search_account))) {
if (strlen(trim($search_vat))) {
$sql .= natural_search("erd.tva_tx", price2num($search_vat), 1);
}
$sql .= dolSqlDateFilter('erd.date', $search_day, $search_month, $search_year);
if ($search_date_start) {
$sql .= " AND erd.date >= '".$db->idate($search_date_start)."'";
}
if ($search_date_end) {
$sql .= " AND erd.date <= '".$db->idate($search_date_end)."'";
}
$sql .= " AND er.entity IN (".getEntity('expensereport', 0).")"; // We don't share object for accountancy
$sql .= $db->order($sortfield, $sortorder);
@ -222,9 +237,8 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) {
$sql .= $db->plimit($limit + 1, $offset);
dol_syslog('accountancy/expensereport/lines.php::list');
dol_syslog("accountancy/expensereport/lines.php", LOG_DEBUG);
$result = $db->query($sql);
if ($result) {
$num_lines = $db->num_rows($result);
$i = 0;
@ -254,14 +268,23 @@ if ($result) {
if ($search_vat) {
$param .= "&search_vat=".urlencode($search_vat);
}
if ($search_day) {
$param .= '&search_day='.urlencode($search_day);
if ($search_date_startday) {
$param .= '&search_date_startday='.urlencode($search_date_startday);
}
if ($search_month) {
$param .= '&search_month='.urlencode($search_month);
if ($search_date_startmonth) {
$param .= '&search_date_startmonth='.urlencode($search_date_startmonth);
}
if ($search_year) {
$param .= '&search_year='.urlencode($search_year);
if ($search_date_startyear) {
$param .= '&search_date_startyear='.urlencode($search_date_startyear);
}
if ($search_date_endday) {
$param .= '&search_date_endday='.urlencode($search_date_endday);
}
if ($search_date_endmonth) {
$param .= '&search_date_endmonth='.urlencode($search_date_endmonth);
}
if ($search_date_endyear) {
$param .= '&search_date_endyear='.urlencode($search_date_endyear);
}
print '<form action="'.$_SERVER["PHP_SELF"].'" method="post">'."\n";
@ -276,12 +299,11 @@ if ($result) {
print '<input type="hidden" name="page" value="'.$page.'">';
print_barre_liste($langs->trans("ExpenseReportLinesDone"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num_lines, $nbtotalofrecords, 'title_accountancy', 0, '', '', $limit);
print '<span class="opacitymedium">'.$langs->trans("DescVentilDoneExpenseReport").'</span><br>';
print '<br><div class="inline-block divButAction">'.$langs->trans("ChangeAccount").'<br>';
print '<br><div class="inline-block divButAction paddingbottom">'.$langs->trans("ChangeAccount").' ';
print $formaccounting->select_account($account_parent, 'account_parent', 2, array(), 0, 0, 'maxwidth300 maxwidthonsmartphone valignmiddle');
print '<input type="submit" class="button valignmiddle" value="'.$langs->trans("ChangeBinding").'" /></div>';
print '<input type="submit" class="button small valignmiddle" value="'.$langs->trans("ChangeBinding").'"/></div>';
$moreforfilter = '';
@ -296,11 +318,12 @@ if ($result) {
print '<td class="liste_titre"></td>';
}
print '<td class="liste_titre center">';
if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) {
print '<input class="flat valignmiddle maxwidth25" type="text" maxlength="2" name="search_day" value="'.$search_day.'">';
}
print '<input class="flat valignmiddle maxwidth25" type="text" maxlength="2" name="search_month" value="'.$search_month.'">';
$formother->select_year($search_year, 'search_year', 1, 20, 5);
print '<div class="nowrap">';
print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
print '</div>';
print '<div class="nowrap">';
print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
print '</div>';
print '</td>';
print '<td class="liste_titre"><input type="text" class="flat maxwidth50" name="search_label" value="'.dol_escape_htmltag($search_label).'"></td>';
print '<td class="liste_titre"><input type="text" class="flat maxwidth50" name="search_desc" value="'.dol_escape_htmltag($search_desc).'"></td>';
@ -394,12 +417,11 @@ if ($result) {
print '<td class="center">'.vatrate($objp->tva_tx.($objp->vat_src_code ? ' ('.$objp->vat_src_code.')' : '')).'</td>';
// Accounting account affected
print '<td>';
print '<td class="center">';
print $accountingaccountstatic->getNomUrl(0, 1, 1, '', 1);
print ' <a class="editfielda reposition marginleftonly marginrightonly" href="./card.php?id='.$objp->rowid.'&backtopage='.urlencode($_SERVER["PHP_SELF"].($param ? '?'.$param : '')).'">';
print img_edit();
print '</a></td>';
print '<td class="center"><input type="checkbox" class="checkforaction" name="changeaccount[]" value="'.$objp->rowid.'"/></td>';
print "</tr>";

144
htdocs/accountancy/expensereport/list.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2013-2014 Olivier Geffroy <jeff@jeffinfo.com>
* Copyright (C) 2013-2017 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2013-2022 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2014-2015 Ari Elbaz (elarifr) <github@accedinfo.com>
* Copyright (C) 2013-2014 Florian Henry <florian.henry@open-concept.pro>
* Copyright (C) 2014 Juanjo Menent <jmenent@2byte.es>s
@ -30,9 +30,9 @@ require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingaccount.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
// Load translation files required by the page
@ -59,9 +59,14 @@ $search_desc = GETPOST('search_desc', 'alpha');
$search_amount = GETPOST('search_amount', 'alpha');
$search_account = GETPOST('search_account', 'alpha');
$search_vat = GETPOST('search_vat', 'alpha');
$search_day = GETPOST("search_day", "int");
$search_month = GETPOST("search_month", "int");
$search_year = GETPOST("search_year", "int");
$search_date_startday = GETPOST('search_date_startday', 'int');
$search_date_startmonth = GETPOST('search_date_startmonth', 'int');
$search_date_startyear = GETPOST('search_date_startyear', 'int');
$search_date_endday = GETPOST('search_date_endday', 'int');
$search_date_endmonth = GETPOST('search_date_endmonth', 'int');
$search_date_endyear = GETPOST('search_date_endyear', 'int');
$search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear); // Use tzserver
$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear);
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION);
@ -83,6 +88,9 @@ if (!$sortorder) {
}
}
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('accountancyexpensereportlist'));
$formaccounting = new FormAccounting($db);
$accounting = new AccountingAccount($db);
@ -101,7 +109,7 @@ if (empty($user->rights->accounting->mouvements->lire)) {
/*
* Action
* Actions
*/
if (GETPOST('cancel', 'alpha')) {
@ -111,30 +119,47 @@ if (!GETPOST('confirmmassaction', 'alpha') && $massaction != 'presend' && $massa
$massaction = '';
}
// Purge search criteria
if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All test are required to be compatible with all browsers
$search_login = '';
$search_expensereport = '';
$search_label = '';
$search_desc = '';
$search_amount = '';
$search_account = '';
$search_vat = '';
$search_day = '';
$search_month = '';
$search_year = '';
$parameters = array();
$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
if ($reshook < 0) {
setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
}
if (empty($reshook)) {
// Purge search criteria
if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All test are required to be compatible with all browsers
$search_login = '';
$search_expensereport = '';
$search_label = '';
$search_desc = '';
$search_amount = '';
$search_account = '';
$search_vat = '';
$search_date_startday = '';
$search_date_startmonth = '';
$search_date_startyear = '';
$search_date_endday = '';
$search_date_endmonth = '';
$search_date_endyear = '';
$search_date_start = '';
$search_date_end = '';
$search_country = '';
$search_tvaintra = '';
}
// Mass actions
$objectclass = 'ExpenseReport';
$objectlabel = 'ExpenseReport';
$permissiontoread = $user->rights->expensereport->read;
$permissiontodelete = $user->rights->expensereport->delete;
$uploaddir = $conf->expensereport->dir_output;
include DOL_DOCUMENT_ROOT . '/core/actions_massactions.inc.php';
}
// Mass actions
$objectclass = 'ExpenseReport';
$objectlabel = 'ExpenseReport';
$permissiontoread = $user->rights->expensereport->read;
$permissiontodelete = $user->rights->expensereport->delete;
$uploaddir = $conf->expensereport->dir_output;
include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
if ($massaction == 'ventil' && $user->rights->accounting->bind->write) {
$msg = '';
//print '<div><span style="color:red">' . $langs->trans("Processing") . '...</span></div>';
if (!empty($mesCasesCochees)) {
$msg = '<div>'.$langs->trans("SelectedLines").': '.count($mesCasesCochees).'</div>';
@ -159,7 +184,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) {
$accountventilated = new AccountingAccount($db);
$accountventilated->fetch($monCompte, '', 1);
dol_syslog('accountancy/expensereport/list.php', LOG_DEBUG);
dol_syslog('accountancy/expensereport/list.php:: sql='.$sql, LOG_DEBUG);
if ($db->query($sql)) {
$msg .= '<div><span style="color:green">'.$langs->trans("LineOfExpenseReport").' '.$monId.' - '.$langs->trans("VentilatedinAccount").' : '.length_accountg($accountventilated->account_number).'</span></div>';
$ok++;
@ -201,6 +226,9 @@ $sql .= " erd.rowid, erd.fk_c_type_fees, erd.comments, erd.total_ht as price, er
$sql .= " f.id as type_fees_id, f.code as type_fees_code, f.label as type_fees_label, f.accountancy_code as code_buy,";
$sql .= " u.rowid as userid, u.login, u.lastname, u.firstname, u.email, u.gender, u.employee, u.photo, u.statut,";
$sql .= " aa.rowid as aarowid";
$parameters = array();
$reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters); // Note that $action and $object may have been modified by hook
$sql .= $hookmanager->resPrint;
$sql .= " FROM ".MAIN_DB_PREFIX."expensereport as er";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."expensereport_det as erd ON er.rowid = erd.fk_expensereport";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_fees as f ON f.id = erd.fk_c_type_fees";
@ -233,9 +261,19 @@ if (strlen(trim($search_account))) {
if (strlen(trim($search_vat))) {
$sql .= natural_search("erd.tva_tx", $search_vat, 1);
}
$sql .= dolSqlDateFilter('erd.date', $search_day, $search_month, $search_year);
if ($search_date_start) {
$sql .= " AND erd.date >= '".$db->idate($search_date_start)."'";
}
if ($search_date_end) {
$sql .= " AND erd.date <= '".$db->idate($search_date_end)."'";
}
$sql .= " AND er.entity IN (".getEntity('expensereport', 0).")"; // We don't share object for accountancy
// Add where from hooks
$parameters = array();
$reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook
$sql .= $hookmanager->resPrint;
$sql .= $db->order($sortfield, $sortorder);
// Count total nb of records
@ -251,7 +289,13 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) {
$sql .= $db->plimit($limit + 1, $offset);
dol_syslog('accountancy/expensereport/list.php');
dol_syslog("accountancy/expensereport/list.php", LOG_DEBUG);
// MAX_JOIN_SIZE can be very low (ex: 300000) on some limited configurations (ex: https://www.online.net/fr/hosting/online-perso)
// This big SELECT command may exceed the MAX_JOIN_SIZE limit => Therefore we use SQL_BIG_SELECTS=1 to disable the MAX_JOIN_SIZE security
if ($db->type == 'mysqli') {
$db->query("SET SQL_BIG_SELECTS=1");
}
$result = $db->query($sql);
if ($result) {
$num_lines = $db->num_rows($result);
@ -272,14 +316,23 @@ if ($result) {
if ($search_lineid) {
$param .= '&search_lineid='.urlencode($search_lineid);
}
if ($search_day) {
$param .= '&search_day='.urlencode($search_day);
if ($search_date_startday) {
$param .= '&search_date_startday='.urlencode($search_date_startday);
}
if ($search_month) {
$param .= '&search_month='.urlencode($search_month);
if ($search_date_startmonth) {
$param .= '&search_date_startmonth='.urlencode($search_date_startmonth);
}
if ($search_year) {
$param .= '&search_year='.urlencode($search_year);
if ($search_date_startyear) {
$param .= '&search_date_startyear='.urlencode($search_date_startyear);
}
if ($search_date_endday) {
$param .= '&search_date_endday='.urlencode($search_date_endday);
}
if ($search_date_endmonth) {
$param .= '&search_date_endmonth='.urlencode($search_date_endmonth);
}
if ($search_date_endyear) {
$param .= '&search_date_endyear='.urlencode($search_date_endyear);
}
if ($search_expensereport) {
$param .= '&search_expensereport='.urlencode($search_expensereport);
@ -302,7 +355,6 @@ if ($result) {
);
$massactionbutton = $form->selectMassAction('ventil', $arrayofmassactions, 1);
print '<form action="'.$_SERVER["PHP_SELF"].'" method="post">'."\n";
print '<input type="hidden" name="action" value="ventil">';
if ($optioncss != '') {
@ -335,20 +387,21 @@ if ($result) {
if (!empty($conf->global->ACCOUNTANCY_USE_EXPENSE_REPORT_VALIDATION_DATE)) {
print '<td class="liste_titre"></td>';
}
print '<td class="liste_titre center nowraponall minwidth100imp">';
if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) {
print '<input class="flat valignmiddle maxwidth25" type="text" maxlength="2" name="search_day" value="'.$search_day.'">';
}
print '<input class="flat valignmiddle maxwidth25" type="text" maxlength="2" name="search_month" value="'.$search_month.'">';
$formother->select_year($search_year, 'search_year', 1, 20, 5);
print '<td class="liste_titre center">';
print '<div class="nowrap">';
print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
print '</div>';
print '<div class="nowrap">';
print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
print '</div>';
print '</td>';
print '<td class="liste_titre"><input type="text" class="flat maxwidth50" name="search_label" value="'.dol_escape_htmltag($search_label).'"></td>';
print '<td class="liste_titre"><input type="text" class="flat maxwidthonsmartphone" name="search_desc" value="'.dol_escape_htmltag($search_desc).'"></td>';
print '<td class="liste_titre right"><input type="text" class="right flat maxwidth50" name="search_amount" value="'.dol_escape_htmltag($search_amount).'"></td>';
print '<td class="liste_titre right"><input type="text" class="right flat maxwidth50" name="search_vat" placeholder="%" size="1" value="'.dol_escape_htmltag($search_vat).'"></td>';
print '<td class="liste_titre right"><input type="text" class="flat maxwidth50 right" name="search_amount" value="'.dol_escape_htmltag($search_amount).'"></td>';
print '<td class="liste_titre right"><input type="text" class="flat maxwidth50 right" name="search_vat" placeholder="%" size="1" value="'.dol_escape_htmltag($search_vat).'"></td>';
print '<td class="liste_titre"></td>';
print '<td class="liste_titre"></td>';
print '<td class="center" class="liste_titre">';
print '<td class="center liste_titre">';
$searchpicto = $form->showFilterButtons();
print $searchpicto;
print '</td>';
@ -468,6 +521,9 @@ if ($result) {
} else {
print $db->error();
}
if ($db->type == 'mysqli') {
$db->query("SET SQL_BIG_SELECTS=0"); // Enable MAX_JOIN_SIZE limitation
}
// Add code to auto check the box when we select an account
print '<script type="text/javascript">

10
htdocs/adherents/subscription/card.php
View File

@ -93,8 +93,8 @@ if ($user->rights->adherent->cotisation->creer && $action == 'update' && !$cance
if ($accountline->rappro) {
$errmsg = $langs->trans("SubscriptionLinkedToConciliatedTransaction");
} else {
$accountline->datev = dol_mktime($_POST['datesubhour'], $_POST['datesubmin'], 0, $_POST['datesubmonth'], $_POST['datesubday'], $_POST['datesubyear']);
$accountline->dateo = dol_mktime($_POST['datesubhour'], $_POST['datesubmin'], 0, $_POST['datesubmonth'], $_POST['datesubday'], $_POST['datesubyear']);
$accountline->datev = dol_mktime(GETPOST('datesubhour', 'int'), GETPOST('datesubmin', 'int'), 0, GETPOST('datesubmonth', 'int'), GETPOST('datesubday', 'int'), GETPOST('datesubyear', 'int'));
$accountline->dateo = dol_mktime(GETPOST('datesubhour', 'int'), GETPOST('datesubmin', 'int'), 0, GETPOST('datesubmonth', 'int'), GETPOST('datesubday', 'int'), GETPOST('datesubyear', 'int'));
$accountline->amount = $amount;
$result = $accountline->update($user);
if ($result < 0) {
@ -105,12 +105,12 @@ if ($user->rights->adherent->cotisation->creer && $action == 'update' && !$cance
if (!$errmsg) {
// Modify values
$object->dateh = dol_mktime($_POST['datesubhour'], $_POST['datesubmin'], 0, $_POST['datesubmonth'], $_POST['datesubday'], $_POST['datesubyear']);
$object->datef = dol_mktime($_POST['datesubendhour'], $_POST['datesubendmin'], 0, $_POST['datesubendmonth'], $_POST['datesubendday'], $_POST['datesubendyear']);
$object->dateh = dol_mktime(GETPOST('datesubhour', 'int'), GETPOST('datesubmin', 'int'), 0, GETPOST('datesubmonth', 'int'), GETPOST('datesubday', 'int'), GETPOST('datesubyear', 'int'));
$object->datef = dol_mktime(GETPOST('datesubendhour', 'int'), GETPOST('datesubendmin', 'int'), 0, GETPOST('datesubendmonth', 'int'), GETPOST('datesubendday', 'int'), GETPOST('datesubendyear', 'int'));
$object->fk_type = $typeid;
$object->note = $note;
$object->note_private = $note;
$object->amount = $amount;
//print 'datef='.$object->datef.' '.$_POST['datesubendday'];
$result = $object->update($user);
if ($result >= 0 && !count($object->errors)) {

1
htdocs/admin/agenda.php
View File

@ -88,7 +88,6 @@ if ($action == "save" && empty($cancel)) {
foreach ($triggers as $trigger) {
$keyparam = 'MAIN_AGENDA_ACTIONAUTO_'.$trigger['code'];
//print "param=".$param." - ".$_POST[$param];
if ($search_event === '' || preg_match('/'.preg_quote($search_event, '/').'/i', $keyparam)) {
$res = dolibarr_set_const($db, $keyparam, (GETPOST($keyparam, 'alpha') ?GETPOST($keyparam, 'alpha') : ''), 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {

21
htdocs/admin/dict.php
View File

@ -706,19 +706,19 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) {
continue; // For some pages, country is not mandatory
}
// Discard check of mandatory fiedls for other fields
if ($value == 'localtax1' && empty($_POST['localtax1_type'])) {
if ($value == 'localtax1' && !GETPOST('localtax1_type')) {
continue;
}
if ($value == 'localtax2' && empty($_POST['localtax2_type'])) {
if ($value == 'localtax2' && !GETPOST('localtax2_type')) {
continue;
}
if ($value == 'color' && empty($_POST['color'])) {
if ($value == 'color' && !GETPOST('color')) {
continue;
}
if ($value == 'formula' && empty($_POST['formula'])) {
if ($value == 'formula' && !GETPOST('formula')) {
continue;
}
if ($value == 'dayrule' && empty($_POST['dayrule'])) {
if ($value == 'dayrule' && !GETPOST('dayrule')) {
continue;
}
if ($value == 'sortorder') {
@ -794,11 +794,6 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) {
$ok = 0;
setEventMessages($langs->transnoentities('ErrorCodeCantContainZero'), null, 'errors');
}
/*if (!is_numeric($_POST['code'])) // disabled, code may not be in numeric base
{
$ok = 0;
$msg .= $langs->transnoentities('ErrorFieldFormat', $langs->transnoentities('Code')).'<br>';
}*/
}
if (GETPOSTISSET("country") && (GETPOST("country") == '0') && ($id != 2)) {
if (in_array($tablib[$id], array('DictionaryCompanyType', 'DictionaryHolidayTypes'))) { // Field country is no mandatory for such dictionaries
@ -830,7 +825,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) {
$_POST["accountancy_code_buy"] = ''; // If empty, we force to null
}
if ($id == 10 && GETPOSTISSET("code")) { // Spaces are not allowed into code for tax dictionary
$_POST["code"] = preg_replace('/[^a-zA-Z0-9\-\+]/', '', $_POST["code"]);
$_POST["code"] = preg_replace('/[^a-zA-Z0-9\-\+]/', '', GETPOST("code"));
}
// If check ok and action add, add the line
@ -883,7 +878,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) {
if ($keycode == 'sortorder') { // For column name 'sortorder', we use the field name 'position'
$sql .= (int) GETPOST('position', 'int');
} elseif ($_POST[$keycode] == '' && !($keycode == 'code' && $id == 10)) {
} elseif (GETPOST($keycode) == '' && !($keycode == 'code' && $id == 10)) {
$sql .= "null"; // For vat, we want/accept code = ''
} elseif ($keycode == 'content') {
$sql .= "'".$db->escape(GETPOST($keycode, 'restricthtml'))."'";
@ -952,7 +947,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) {
$sql .= $field."=";
if ($listfieldvalue[$i] == 'sortorder') { // For column name 'sortorder', we use the field name 'position'
$sql .= (int) GETPOST('position', 'int');
} elseif ($_POST[$keycode] == '' && !($keycode == 'code' && $id == 10)) {
} elseif (GETPOST($keycode) == '' && !($keycode == 'code' && $id == 10)) {
$sql .= "null"; // For vat, we want/accept code = ''
} elseif ($keycode == 'content') {
$sql .= "'".$db->escape(GETPOST($keycode, 'restricthtml'))."'";

10
htdocs/admin/mails.php
View File

@ -903,8 +903,8 @@ if ($action == 'edit') {
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
$formmail = new FormMail($db);
$formmail->trackid = (($action == 'testhtml') ? "testhtml" : "test");
$formmail->fromname = (GETPOSTISSET('fromname') ? $_POST['fromname'] : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->frommail = (GETPOSTISSET('frommail') ? $_POST['frommail'] : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->fromname = (GETPOSTISSET('fromname') ? GETPOST('fromname') : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->frommail = (GETPOSTISSET('frommail') ? GETPOST('frommail') : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->fromid = $user->id;
$formmail->fromalsorobot = 1;
$formmail->fromtype = (GETPOSTISSET('fromtype') ?GETPOST('fromtype', 'aZ09') : (!empty($conf->global->MAIN_MAIL_DEFAULT_FROMTYPE) ? $conf->global->MAIN_MAIL_DEFAULT_FROMTYPE : 'user'));
@ -912,9 +912,9 @@ if ($action == 'edit') {
$formmail->withsubstit = 1;
$formmail->withfrom = 1;
$formmail->witherrorsto = 1;
$formmail->withto = (!empty($_POST['sendto']) ? GETPOST('sendto', 'restricthtml') : ($user->email ? $user->email : 1));
$formmail->withtocc = (!empty($_POST['sendtocc']) ? GETPOST('sendtocc', 'restricthtml') : 1); // ! empty to keep field if empty
$formmail->withtoccc = (!empty($_POST['sendtoccc']) ? GETPOST('sendtoccc', 'restricthtml') : 1); // ! empty to keep field if empty
$formmail->withto = (GETPOSTISSET('sendto') ? GETPOST('sendto', 'restricthtml') : ($user->email ? $user->email : 1));
$formmail->withtocc = (GETPOSTISSET('sendtocc') ? GETPOST('sendtocc', 'restricthtml') : 1); // ! empty to keep field if empty
$formmail->withtoccc = (GETPOSTISSET('sendtoccc') ? GETPOST('sendtoccc', 'restricthtml') : 1); // ! empty to keep field if empty
$formmail->withtopic = (GETPOSTISSET('subject') ? GETPOST('subject') : $langs->trans("Test"));
$formmail->withtopicreadonly = 0;
$formmail->withfile = 2;

2
htdocs/admin/mails_templates.php
View File

@ -308,7 +308,7 @@ if (empty($reshook)) {
// Rename some POST variables into a generic name
if (GETPOST('actionmodify', 'alpha') && $value == 'topic') {
$_POST['topic'] = $_POST['topic-'.$rowid];
$_POST['topic'] = GETPOST('topic-'.$rowid);
}
if ((!GETPOSTISSET($value) || GETPOST($value) == '' || GETPOST($value) == '-1') && $value != 'lang' && $value != 'fk_user' && $value != 'position') {

10
htdocs/admin/mails_ticket.php
View File

@ -537,16 +537,16 @@ if ($action == 'edit') {
// Cree l'objet formulaire mail
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
$formmail = new FormMail($db);
$formmail->fromname = (GETPOSTISSET('fromname') ? $_POST['fromname'] : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->frommail = (GETPOSTISSET('frommail') ? $_POST['frommail'] : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->fromname = (GETPOSTISSET('fromname') ? GETPOST('fromname') : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->frommail = (GETPOSTISSET('frommail') ? GETPOST('frommail') : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->trackid = (($action == 'testhtml') ? "testhtml" : "test");
$formmail->withfromreadonly = 0;
$formmail->withsubstit = 0;
$formmail->withfrom = 1;
$formmail->witherrorsto = 1;
$formmail->withto = (!empty($_POST['sendto']) ? GETPOST('sendto', 'restricthtml') : ($user->email ? $user->email : 1));
$formmail->withtocc = (!empty($_POST['sendtocc']) ? GETPOST('sendtocc', 'restricthtml') : 1); // ! empty to keep field if empty
$formmail->withtoccc = (!empty($_POST['sendtoccc']) ? GETPOST('sendtoccc', 'restricthtml') : 1); // ! empty to keep field if empty
$formmail->withto = (GETPOSTISSET('sendto') ? GETPOST('sendto', 'restricthtml') : ($user->email ? $user->email : 1));
$formmail->withtocc = (GETPOSTISSET('sendtocc') ? GETPOST('sendtocc', 'restricthtml') : 1);
$formmail->withtoccc = (GETPOSTISSET('sendtoccc') ? GETPOST('sendtoccc', 'restricthtml') : 1);
$formmail->withtopic = (GETPOSTISSET('subject') ? GETPOST('subject') : $langs->trans("Test"));
$formmail->withtopicreadonly = 0;
$formmail->withfile = 2;

12
htdocs/admin/menus/edit.php
View File

@ -152,32 +152,32 @@ if ($action == 'add') {
$langs->load("errors");
$error = 0;
if (!$error && !$_POST['menu_handler']) {
if (!$error && !GETPOST('menu_handler')) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("MenuHandler")), null, 'errors');
$action = 'create';
$error++;
}
if (!$error && !$_POST['type']) {
if (!$error && !GETPOST('type')) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Type")), null, 'errors');
$action = 'create';
$error++;
}
if (!$error && !$_POST['url']) {
if (!$error && !GETPOST('url')) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("URL")), null, 'errors');
$action = 'create';
$error++;
}
if (!$error && !$_POST['titre']) {
if (!$error && !GETPOST('titre')) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Title")), null, 'errors');
$action = 'create';
$error++;
}
if (!$error && $_POST['menuId'] && $_POST['type'] == 'top') {
if (!$error && GETPOST('menuId') && GETPOST('type') == 'top') {
setEventMessages($langs->trans("ErrorTopMenuMustHaveAParentWithId0"), null, 'errors');
$action = 'create';
$error++;
}
if (!$error && !$_POST['menuId'] && $_POST['type'] == 'left') {
if (!$error && !GETPOST('menuId') && GETPOST('type') == 'left') {
setEventMessages($langs->trans("ErrorLeftMenuMustHaveAParentId"), null, 'errors');
$action = 'create';
$error++;

1
htdocs/admin/modules.php
View File

@ -48,7 +48,6 @@ if (empty($mode)) {
$mode = 'common';
}
$action = GETPOST('action', 'aZ09');
//var_dump($_POST);exit;
$value = GETPOST('value', 'alpha');
$page_y = GETPOST('page_y', 'int');
$search_keyword = GETPOST('search_keyword', 'alpha');

2
htdocs/admin/sms.php
View File

@ -62,7 +62,7 @@ if ($action == 'update' && !$cancel) {
// Send sms
if ($action == 'send' && !$_POST['cancel']) {
if ($action == 'send' && !$cancel) {
$error = 0;
$smsfrom = '';

2
htdocs/admin/system/filecheck.php
View File

@ -416,7 +416,7 @@ if (empty($error) && !empty($xml)) {
$outexpectedchecksum = ($checksumtoget ? $checksumtoget : $langs->trans("Unknown"));
if ($checksumget == $checksumtoget) {
if (count($file_list['added'])) {
if (is_array($file_list['added']) && count($file_list['added'])) {
$resultcode = 'warning';
$resultcomment = 'FileIntegrityIsOkButFilesWereAdded';
$outcurrentchecksum = $checksumget.' - <span class="'.$resultcode.'">'.$langs->trans($resultcomment).'</span>';

1
htdocs/admin/system/security.php
View File

@ -99,6 +99,7 @@ if (!ini_get('session.cookie_samesite') || ini_get('session.cookie_samesite') ==
}
print "<br>\n";
print "<strong>PHP open_basedir</strong> = ".(ini_get('open_basedir') ? ini_get('open_basedir') : yn(0).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("ARestrictedPath").', '.$langs->transnoentitiesnoconv("Example").': '.$_SERVER["DOCUMENT_ROOT"].','.DOL_DATA_ROOT).')</span>')."<br>\n";
print "<strong>PHP short_open_tag</strong> = ".((empty(ini_get('short_open_tag')) || ini_get('short_open_tag') == 'Off') ? yn(0) : img_warning().' '.yn(0)).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).')</span>'."<br>\n";
print "<strong>PHP allow_url_fopen</strong> = ".(ini_get('allow_url_fopen') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_fopen') : yn(0)).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).")</span><br>\n";
print "<strong>PHP allow_url_include</strong> = ".(ini_get('allow_url_include') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_include') : yn(0)).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).")</span><br>\n";
//print "<strong>PHP safe_mode</strong> = ".(ini_get('safe_mode') ? ini_get('safe_mode') : yn(0)).' &nbsp; <span class="opacitymedium">'.$langs->trans("Deprecated")." (removed in PHP 5.4)</span><br>\n";

2
htdocs/admin/tools/export_files.php
View File

@ -173,7 +173,7 @@ if ($compression == 'zip') {
// We also exclude '/temp/' dir and 'documents/admin/documents'
// We make escapement here and call executeCLI without escapement because we don't want to have the '*.log' escaped.
$cmd = "tar -cf ".escapeshellcmd($outputdir."/".$file)." --exclude-vcs --exclude-caches-all --exclude='temp' --exclude='*.log' --exclude='*.pdf_preview-*.png' --exclude='documents/admin/documents' -C '".escapeshellcmd(dol_sanitizePathName($dirtoswitch))."' '".escapeshellcmd(dol_sanitizeFileName($dirtocompress))."'";
$cmd = "tar -cf '".escapeshellcmd($outputdir."/".$file)."' --exclude-vcs --exclude-caches-all --exclude='temp' --exclude='*.log' --exclude='*.pdf_preview-*.png' --exclude='documents/admin/documents' -C '".escapeshellcmd(dol_sanitizePathName($dirtoswitch))."' '".escapeshellcmd(dol_sanitizeFileName($dirtocompress))."'";
$result = $utils->executeCLI($cmd, $outputfile, 0, null, 1);

8
htdocs/admin/website.php
View File

@ -198,15 +198,15 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
$_POST[$listfieldvalue[$i]] = $conf->entity;
}
if ($value == 'ref') {
$_POST[$listfieldvalue[$i]] = strtolower($_POST[$listfieldvalue[$i]]);
$_POST[$listfieldvalue[$i]] = strtolower(GETPOST($listfieldvalue[$i]));
}
if ($i) {
$sql .= ",";
}
if ($_POST[$listfieldvalue[$i]] == '') {
if (GETPOST($listfieldvalue[$i]) == '') {
$sql .= "null";
} else {
$sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'";
$sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'";
}
$i++;
}
@ -259,7 +259,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
if ($_POST[$listfieldvalue[$i]] == '') {
$sql .= "null";
} else {
$sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'";
$sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'";
}
$i++;
}

2
htdocs/barcode/printsheet.php
View File

@ -23,7 +23,7 @@
* \brief Page to print sheets with barcodes using the document templates into core/modules/printsheets
*/
if (!empty($_POST['mode']) && $_POST['mode'] === 'label') { // Page is called to build a PDF and output, we must ne renew the token.
if (!empty($_POST['mode']) && $_POST['mode'] === 'label') { // Page is called to build a PDF and output, we must not renew the token.
if (!defined('NOTOKENRENEWAL')) {
define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on)
}

2
htdocs/bookmarks/bookmarks.lib.php
View File

@ -66,7 +66,7 @@ function printDropdownBookmarksList()
// Url to list bookmark
$listbtn = '<a class="top-menu-dropdown-link" title="'.$langs->trans('Bookmarks').'" href="'.DOL_URL_ROOT.'/bookmarks/list.php" >';
$listbtn = '<a class="top-menu-dropdown-link" title="'.dol_escape_htmltag($langs->trans('Bookmarks')).'" href="'.DOL_URL_ROOT.'/bookmarks/list.php">';
$listbtn .= img_picto('', 'bookmark', 'class="paddingright"').$langs->trans('Bookmarks').'</a>';
// Url to go on create new bookmark page

2
htdocs/comm/card.php
View File

@ -214,7 +214,7 @@ if (empty($reshook)) {
// assujetissement a la TVA
if ($action == 'setassujtva' && $user->rights->societe->creer) {
$object->fetch($id);
$object->tva_assuj = $_POST['assujtva_value'];
$object->tva_assuj = GETPOST('assujtva_value');
$result = $object->update($object->id);
if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');

2
htdocs/comm/mailing/card.php
View File

@ -745,7 +745,7 @@ if ($action == 'create') {
print '<table class="border centpercent">';
print '<tr><td class="fieldrequired titlefieldcreate">'.$langs->trans("MailTopic").'</td><td><input class="flat minwidth200 quatrevingtpercent" name="sujet" value="'.dol_escape_htmltag(GETPOST('sujet', 'alphanohtml')).'"></td></tr>';
print '<tr><td>'.$langs->trans("BackgroundColorByDefault").'</td><td colspan="3">';
print $htmlother->selectColor($_POST['bgcolor'], 'bgcolor', '', 0);
print $htmlother->selectColor(GETPOST('bgcolor'), 'bgcolor', '', 0);
print '</td></tr>';
print '</table>';

8
htdocs/comm/propal/card.php
View File

@ -302,7 +302,7 @@ if (empty($reshook)) {
}
}
} elseif ($action == 'setdate' && $usercancreate) {
$datep = dol_mktime(12, 0, 0, $_POST['remonth'], $_POST['reday'], $_POST['reyear']);
$datep = dol_mktime(12, 0, 0, GETPOST('remonth', 'int'), GETPOST('reday', 'int'), GETPOST('reyear', 'int'));
if (empty($datep)) {
$error++;
@ -316,7 +316,7 @@ if (empty($reshook)) {
}
}
} elseif ($action == 'setecheance' && $usercancreate) {
$result = $object->set_echeance($user, dol_mktime(12, 0, 0, $_POST['echmonth'], $_POST['echday'], $_POST['echyear']));
$result = $object->set_echeance($user, dol_mktime(12, 0, 0, GETPOST('echmonth', 'int'), GETPOST('echday', 'int'), GETPOST('echyear', 'int')));
if ($result >= 0) {
if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) {
$outputlangs = $langs;
@ -339,7 +339,7 @@ if (empty($reshook)) {
setEventMessages($object->error, $object->errors, 'errors');
}
} elseif ($action == 'setdate_livraison' && $usercancreate) {
$result = $object->setDeliveryDate($user, dol_mktime(12, 0, 0, $_POST['date_livraisonmonth'], $_POST['date_livraisonday'], $_POST['date_livraisonyear']));
$result = $object->setDeliveryDate($user, dol_mktime(12, 0, 0, GETPOST('date_livraisonmonth', 'int'), GETPOST('date_livraisonday', 'int'), GETPOST('date_livraisonyear', 'int')));
if ($result < 0) {
dol_print_error($db, $object->error);
}
@ -1955,7 +1955,7 @@ if ($action == 'create') {
// We verify whether the object is provisionally numbering
$ref = substr($object->ref, 1, 4);
if ($ref == 'PROV') {
if ($ref == 'PROV' || $ref == '') {
$numref = $object->getNextNumRef($soc);
if (empty($numref)) {
$error++;

6
htdocs/comm/propal/contact.php
View File

@ -107,12 +107,6 @@ if ($action == 'addcontact' && $user->rights->propale->creer) {
dol_print_error($db);
}
}
/*
elseif ($action == 'setaddress' && $user->rights->propale->creer)
{
$result=$object->setDeliveryAddress($_POST['fk_address']);
if ($result < 0) dol_print_error($db,$object->error);
}*/
/*

2
htdocs/comm/remx.php
View File

@ -160,7 +160,7 @@ if ($action == 'setremise' && $user->rights->societe->creer) {
$amount_ht = price2num(GETPOST('amount_ht', 'alpha'));
$desc = GETPOST('desc', 'alpha');
$tva_tx = GETPOST('tva_tx', 'alpha');
$discount_type = !empty($_POST['discount_type']) ?GETPOST('discount_type', 'alpha') : 0;
$discount_type = GETPOSTISSET('discount_type') ? GETPOST('discount_type', 'alpha') : 0;
if ($amount_ht > 0) {
$error = 0;

13
htdocs/commande/card.php
View File

@ -533,7 +533,6 @@ if (empty($reshook)) {
}
}
} elseif ($action == 'setdate' && $usercancreate) {
// print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year'];
$date = dol_mktime(0, 0, 0, GETPOST('order_month', 'int'), GETPOST('order_day', 'int'), GETPOST('order_year', 'int'));
$result = $object->set_date($user, $date);
@ -541,7 +540,6 @@ if (empty($reshook)) {
setEventMessages($object->error, $object->errors, 'errors');
}
} elseif ($action == 'setdate_livraison' && $usercancreate) {
// print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year'];
$date_delivery = dol_mktime(GETPOST('liv_hour', 'int'), GETPOST('liv_min', 'int'), 0, GETPOST('liv_month', 'int'), GETPOST('liv_day', 'int'), GETPOST('liv_year', 'int'));
$object->fetch($id);
@ -1902,8 +1900,12 @@ if ($action == 'create' && $usercancreate) {
if ($action == 'validate') {
// We check that object has a temporary ref
$ref = substr($object->ref, 1, 4);
if ($ref == 'PROV') {
if ($ref == 'PROV' || $ref == '') {
$numref = $object->getNextNumRef($soc);
if (empty($numref)) {
$error++;
setEventMessages($object->error, $object->errors, 'errors');
}
} else {
$numref = $object->ref;
}
@ -1954,8 +1956,9 @@ if ($action == 'create' && $usercancreate) {
if ($nbMandated > 0 ) $text .= '<div><span class="clearboth nowraponall warning">'.$langs->trans("mandatoryPeriodNeedTobeSetMsgValidate").'</span></div>';
$formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('ValidateOrder'), $text, 'confirm_validate', $formquestion, 0, 1, 220);
if (!$error) {
$formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('ValidateOrder'), $text, 'confirm_validate', $formquestion, 0, 1, 220);
}
}
// Confirm back to draft status

7
htdocs/commande/contact.php
View File

@ -91,13 +91,6 @@ if ($action == 'addcontact' && $user->rights->commande->creer) {
setEventMessages($object->error, $object->errors, 'errors');
}
}
/*
elseif ($action == 'setaddress' && $user->rights->commande->creer)
{
$object->fetch($id);
$result=$object->setDeliveryAddress($_POST['fk_address']);
if ($result < 0) dol_print_error($db,$object->error);
}*/
/*

8
htdocs/compta/ajaxpayment.php
View File

@ -47,10 +47,10 @@ $langs->load('compta');
//init var
$invoice_type = GETPOST('invoice_type', 'int');
$amountPayment = $_POST['amountPayment'];
$amounts = $_POST['amounts']; // from text inputs : invoice amount payment (check required)
$remains = $_POST['remains']; // from dolibarr's object (no need to check)
$currentInvId = $_POST['imgClicked']; // from DOM elements : imgId (equals invoice id)
$amountPayment = GETPOST('amountPayment');
$amounts = GETPOST('amounts'); // from text inputs : invoice amount payment (check required)
$remains = GETPOST('remains'); // from dolibarr's object (no need to check)
$currentInvId = GETPOST('imgClicked'); // from DOM elements : imgId (equals invoice id)
// Getting the posted keys=>values, sanitize the ones who are from text inputs
$amountPayment = $amountPayment != '' ? (is_numeric(price2num($amountPayment)) ? price2num($amountPayment) : '') : ''; // keep void if not a valid entry

21
htdocs/compta/bank/card.php
View File

@ -124,6 +124,7 @@ if (empty($reshook)) {
$object->bic = trim(GETPOST("bic"));
$object->iban = trim(GETPOST("iban"));
$object->domiciliation = trim(GETPOST("domiciliation", "nohtml"));
$object->pti_in_ctti = empty(GETPOST("pti_in_ctti")) ? 0 : 1;
$object->proprio = trim(GETPOST("proprio", 'alphanohtml'));
$object->owner_address = trim(GETPOST("owner_address", 'nohtml'));
@ -224,6 +225,7 @@ if (empty($reshook)) {
$object->bic = trim(GETPOST("bic"));
$object->iban = trim(GETPOST("iban"));
$object->domiciliation = trim(GETPOST("domiciliation", "nohtml"));
$object->pti_in_ctti = empty(GETPOST("pti_in_ctti")) ? 0 : 1;
$object->proprio = trim(GETPOST("proprio", 'alphanohtml'));
$object->owner_address = trim(GETPOST("owner_address", 'nohtml'));
@ -283,7 +285,7 @@ if (empty($reshook)) {
$categories = GETPOST('categories', 'array');
$object->setCategories($categories);
$_GET["id"] = $_POST["id"]; // Force chargement page en mode visu
$_GET["id"] = GETPOST("id", 'int'); // Force chargement page en mode visu
} else {
$error++;
setEventMessages($object->error, $object->errors, 'errors');
@ -537,6 +539,13 @@ if ($action == 'create') {
print '<tr><td>'.$langs->trans($bickey).'</td>';
print '<td><input maxlength="11" type="text" class="flat minwidth150" name="bic" value="'.(GETPOST('bic') ?GETPOST('bic', 'alpha') : $object->bic).'"></td></tr>';
if ($conf->paymentbybanktransfer->enabled) {
print '<tr><td>'.$langs->trans("SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformation").'</td>';
print '<td><input type="checkbox" class="flat minwidth150" name="pti_in_ctti"'. (empty(GETPOST('pti_in_ctti')) ? '' : ' checked ') . '>&nbsp;';
print img_picto($langs->trans("SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformationHelp"), 'info');
print '</td></tr>';
}
print '<tr><td>'.$langs->trans("BankAccountDomiciliation").'</td><td>';
print '<textarea class="flat quatrevingtpercent" name="domiciliation" rows="'.ROWS_2.'">';
print (GETPOST('domiciliation') ?GETPOST('domiciliation') : $object->domiciliation);
@ -777,6 +786,11 @@ if ($action == 'create') {
print '<tr><td>'.$langs->trans("ICS").' ('.$langs->trans("BankTransfer").')</td>';
print '<td>'.$object->ics_transfer.'</td>';
print '</tr>';
print '<tr><td>'.$langs->trans("SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformation").'</td><td>';
print (empty($object->pti_in_ctti) ? $langs->trans("No") : $langs->trans("Yes")) . '&nbsp;';
print img_picto($langs->trans("SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformationHelp"), 'info');
print "</td></tr>\n";
}
print '<tr><td>'.$langs->trans("BankAccountDomiciliation").'</td><td>';
@ -1074,6 +1088,11 @@ if ($action == 'create') {
if ($conf->paymentbybanktransfer->enabled) {
print '<tr><td>'.$langs->trans("ICS").' ('.$langs->trans("BankTransfer").')</td>';
print '<td><input class="minwidth150 maxwidth200onsmartphone" maxlength="32" type="text" class="flat" name="ics_transfer" value="'.(GETPOSTISSET('ics_transfer') ? GETPOST('ics_transfer', 'alphanohtml') : $object->ics_transfer).'"></td></tr>';
print '<tr><td>'.$langs->trans("SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformation").'</td>';
print '<td><input type="checkbox" class="flat minwidth150" name="pti_in_ctti"'. ($object->pti_in_ctti ? ' checked ' : '') . '>&nbsp;';
print img_picto($langs->trans("SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformationHelp"), 'info');
print '</td></tr>';
}
print '<tr><td>'.$langs->trans("BankAccountDomiciliation").'</td><td>';

20
htdocs/compta/bank/class/account.class.php
View File

@ -145,6 +145,12 @@ class Account extends CommonObject
*/
public $iban_prefix;
/**
* XML SEPA format: place Payment Type Information (PmtTpInf) in Credit Transfer Transaction Information (CdtTrfTxInf)
* @var int
*/
public $pti_in_ctti = 0;
/**
* Name of account holder
* @var string
@ -680,6 +686,7 @@ class Account extends CommonObject
$sql .= ", bic";
$sql .= ", iban_prefix";
$sql .= ", domiciliation";
$sql .= ", pti_in_ctti";
$sql .= ", proprio";
$sql .= ", owner_address";
$sql .= ", currency_code";
@ -706,6 +713,7 @@ class Account extends CommonObject
$sql .= ", '".$this->db->escape($this->bic)."'";
$sql .= ", '".$this->db->escape($this->iban)."'";
$sql .= ", '".$this->db->escape($this->domiciliation)."'";
$sql .= ", ".((int) $this->pti_in_ctti);
$sql .= ", '".$this->db->escape($this->proprio)."'";
$sql .= ", '".$this->db->escape($this->owner_address)."'";
$sql .= ", '".$this->db->escape($this->currency_code)."'";
@ -828,6 +836,7 @@ class Account extends CommonObject
$sql .= ",bic='".$this->db->escape($this->bic)."'";
$sql .= ",iban_prefix = '".$this->db->escape($this->iban)."'";
$sql .= ",domiciliation='".$this->db->escape($this->domiciliation)."'";
$sql .= ",pti_in_ctti=".((int) $this->pti_in_ctti);
$sql .= ",proprio = '".$this->db->escape($this->proprio)."'";
$sql .= ",owner_address = '".$this->db->escape($this->owner_address)."'";
@ -949,7 +958,7 @@ class Account extends CommonObject
$sql = "SELECT ba.rowid, ba.ref, ba.label, ba.bank, ba.number, ba.courant, ba.clos, ba.rappro, ba.url,";
$sql .= " ba.code_banque, ba.code_guichet, ba.cle_rib, ba.bic, ba.iban_prefix as iban,";
$sql .= " ba.domiciliation, ba.proprio, ba.owner_address, ba.state_id, ba.fk_pays as country_id,";
$sql .= " ba.domiciliation, ba.pti_in_ctti, ba.proprio, ba.owner_address, ba.state_id, ba.fk_pays as country_id,";
$sql .= " ba.account_number, ba.fk_accountancy_journal, ba.currency_code,";
$sql .= " ba.min_allowed, ba.min_desired, ba.comment,";
$sql .= " ba.datec as date_creation, ba.tms as date_update, ba.ics, ba.ics_transfer,";
@ -992,6 +1001,7 @@ class Account extends CommonObject
$this->bic = $obj->bic;
$this->iban = $obj->iban;
$this->domiciliation = $obj->domiciliation;
$this->pti_in_ctti = $obj->pti_in_ctti;
$this->proprio = $obj->proprio;
$this->owner_address = $obj->owner_address;
@ -1188,9 +1198,11 @@ class Account extends CommonObject
* Return current sold
*
* @param int $option 1=Exclude future operation date (this is to exclude input made in advance and have real account sold)
* @return int Current sold (value date <= today)
* @param tms $date_end Date until we want to get bank account sold
* @param string $field dateo or datev
* @return int current sold (value date <= today)
*/
public function solde($option = 0)
public function solde($option = 0, $date_end = '', $field = 'dateo')
{
$solde = 0;
@ -1198,7 +1210,7 @@ class Account extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."bank";
$sql .= " WHERE fk_account = ".((int) $this->id);
if ($option == 1) {
$sql .= " AND dateo <= '".$this->db->idate(dol_now())."'";
$sql .= " AND ".$this->db->escape($field)." <= '".(!empty($date_end) ? $this->db->idate($date_end) : $this->db->idate(dol_now()))."'";
}
$resql = $this->db->query($sql);

2
htdocs/compta/facture/card-rec.php
View File

@ -488,7 +488,7 @@ if (empty($reshook)) {
// Define special_code for special lines
$special_code = 0;
// if (empty($_POST['qty'])) $special_code=3; // Options should not exists on invoices
// if (!GETPOST('qty')) $special_code=3; // Options should not exists on invoices
// Ecrase $pu par celui du produit
// Ecrase $desc par celui du produit

14
htdocs/compta/facture/card.php
View File

@ -367,7 +367,7 @@ if (empty($reshook)) {
}
} elseif ($action == 'classin' && $usercancreate) {
$object->fetch($id);
$object->setProject($_POST['projectid']);
$object->setProject(GETPOST('projectid', 'int'));
} elseif ($action == 'setmode' && $usercancreate) {
$object->fetch($id);
$result = $object->setPaymentMethods(GETPOST('mode_reglement_id', 'int'));
@ -489,7 +489,7 @@ if (empty($reshook)) {
}
} elseif ($action == 'setpaymentterm' && $usercancreate) {
$object->fetch($id);
$object->date_lim_reglement = dol_mktime(12, 0, 0, $_POST['paymenttermmonth'], $_POST['paymenttermday'], $_POST['paymenttermyear']);
$object->date_lim_reglement = dol_mktime(12, 0, 0, GETPOST('paymenttermmonth', 'int'), GETPOST('paymenttermday', 'int'), GETPOST('paymenttermyear', 'int'));
if ($object->date_lim_reglement < $object->date) {
$object->date_lim_reglement = $object->calculate_date_lim_reglement();
setEventMessages($langs->trans("DatePaymentTermCantBeLowerThanObjectDate"), null, 'warnings');
@ -2110,7 +2110,7 @@ if (empty($reshook)) {
// Define special_code for special lines
$special_code = 0;
// if (empty($_POST['qty'])) $special_code=3; // Options should not exists on invoices
// if (!GETPOST(qty)) $special_code=3; // Options should not exists on invoices
// Ecrase $pu par celui du produit
// Ecrase $desc par celui du produit
@ -2284,7 +2284,7 @@ if (empty($reshook)) {
}
// Insert line
$result = $object->addline($desc, $pu_ht, $qty, $tva_tx, $localtax1_tx, $localtax2_tx, $idprod, $remise_percent, $date_start, $date_end, 0, $info_bits, '', $price_base_type, $pu_ttc, $type, - 1, $special_code, '', 0, GETPOST('fk_parent_line'), $fournprice, $buyingprice, $label, $array_options, $_POST['progress'], '', $fk_unit, $pu_ht_devise);
$result = $object->addline($desc, $pu_ht, $qty, $tva_tx, $localtax1_tx, $localtax2_tx, $idprod, $remise_percent, $date_start, $date_end, 0, $info_bits, '', $price_base_type, $pu_ttc, $type, - 1, $special_code, '', 0, GETPOST('fk_parent_line'), $fournprice, $buyingprice, $label, $array_options, GETPOST('progress'), '', $fk_unit, $pu_ht_devise);
if ($result > 0) {
// Define output language and generate document
@ -2579,7 +2579,7 @@ if (empty($reshook)) {
setEventMessages($object->error, $object->errors, 'errors');
}
}
} elseif ($action == 'updatealllines' && $usercancreate && $_POST['all_percent'] == $langs->trans('Modifier')) { // Update all lines of situation invoice
} elseif ($action == 'updatealllines' && $usercancreate && GETPOST('all_percent') == $langs->trans('Modifier')) { // Update all lines of situation invoice
if (!$object->fetch($id) > 0) {
dol_print_error($db);
}
@ -2592,11 +2592,11 @@ if (empty($reshook)) {
setEventMessages($mesg, null, 'warnings');
$result = -1;
} else {
$object->update_percent($line, $_POST['all_progress']);
$object->update_percent($line, GETPOST('all_progress'));
}
}
}
} elseif ($action == 'updateline' && $usercancreate && $_POST['cancel'] == $langs->trans("Cancel")) {
} elseif ($action == 'updateline' && $usercancreate && !$cancel) {
header('Location: '.$_SERVER["PHP_SELF"].'?facid='.$id); // To show again edited page
exit();
} elseif ($action == 'confirm_situationout' && $confirm == 'yes' && $usercancreate) {

8
htdocs/compta/paiement.php
View File

@ -127,7 +127,7 @@ if (empty($reshook)) {
}
}
$formquestion[$i++] = array('type' => 'hidden', 'name' => $key, 'value' => $_POST[$key]);
$formquestion[$i++] = array('type' => 'hidden', 'name' => $key, 'value' => GETPOST($key));
} elseif (substr($key, 0, 21) == 'multicurrency_amount_') {
$cursorfacid = substr($key, 21);
$multicurrency_amounts[$cursorfacid] = price2num(GETPOST($key));
@ -702,11 +702,11 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
if (!empty($conf->use_javascript_ajax)) {
print img_picto("Auto fill", 'rightarrow', "class='AutoFillAmout' data-rowname='".$namef."' data-value='".($sign * $multicurrency_remaintopay)."'");
}
print '<input type="text" class="maxwidth75 multicurrency_amount" name="'.$namef.'" value="'.$_POST[$namef].'">';
print '<input type="text" class="maxwidth75 multicurrency_amount" name="'.$namef.'" value="'.GETPOST($namef).'">';
print '<input type="hidden" class="multicurrency_remain" name="'.$nameRemain.'" value="'.$multicurrency_remaintopay.'">';
} else {
print '<input type="text" class="maxwidth75" name="'.$namef.'_disabled" value="'.$_POST[$namef].'" disabled>';
print '<input type="hidden" name="'.$namef.'" value="'.$_POST[$namef].'">';
print '<input type="text" class="maxwidth75" name="'.$namef.'_disabled" value="'.GETPOST($namef).'" disabled>';
print '<input type="hidden" name="'.$namef.'" value="'.GETPOST($namef).'">';
}
}
print "</td>";

6
htdocs/compta/paiement/card.php
View File

@ -173,8 +173,8 @@ if ($action == 'confirm_validate' && $confirm == 'yes' && $user->rights->facture
}
}
if ($action == 'setnum_paiement' && !empty($_POST['num_paiement'])) {
$res = $object->update_num($_POST['num_paiement']);
if ($action == 'setnum_paiement' && GETPOST('num_paiement')) {
$res = $object->update_num(GETPOST('num_paiement'));
if ($res === 0) {
setEventMessages($langs->trans('PaymentNumberUpdateSucceeded'), null, 'mesgs');
} else {
@ -182,7 +182,7 @@ if ($action == 'setnum_paiement' && !empty($_POST['num_paiement'])) {
}
}
if ($action == 'setdatep' && !empty($_POST['datepday'])) {
if ($action == 'setdatep' && GETPOST('datepday')) {
$datepaye = dol_mktime(GETPOST('datephour', 'int'), GETPOST('datepmin', 'int'), GETPOST('datepsec', 'int'), GETPOST('datepmonth', 'int'), GETPOST('datepday', 'int'), GETPOST('datepyear', 'int'));
$res = $object->update_date($datepaye);
if ($res === 0) {

5
htdocs/compta/paiement/cheque/card.php
View File

@ -77,8 +77,7 @@ $object = new RemiseCheque($db);
if ($action == 'setdate' && $user->rights->banque->cheque) {
$result = $object->fetch(GETPOST('id', 'int'));
if ($result > 0) {
//print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year'];
$date = dol_mktime(0, 0, 0, $_POST['datecreate_month'], $_POST['datecreate_day'], $_POST['datecreate_year']);
$date = dol_mktime(0, 0, 0, GETPOST('datecreate_month', 'int'), GETPOST('datecreate_day', 'int'), GETPOST('datecreate_year', 'int'));
$result = $object->set_date($user, $date);
if ($result < 0) {
@ -118,7 +117,7 @@ if ($action == 'setref' && $user->rights->banque->cheque) {
}
if ($action == 'create' && GETPOST("accountid", "int") > 0 && $user->rights->banque->cheque) {
if (is_array($_POST['toRemise'])) {
if (is_array(GETPOST('toRemise'))) {
$result = $object->create($user, GETPOST("accountid", "int"), 0, GETPOST('toRemise'));
if ($result > 0) {
if ($object->statut == 1) { // If statut is validated, we build doc

2
htdocs/compta/paiement_charge.php
View File

@ -83,7 +83,7 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y
foreach ($_POST as $key => $value) {
if (substr($key, 0, 7) == 'amount_') {
$other_chid = substr($key, 7);
$amounts[$other_chid] = price2num($_POST[$key]);
$amounts[$other_chid] = price2num(GETPOST($key));
}
}

48
htdocs/compta/prelevement/class/bonprelevement.class.php
View File

@ -64,6 +64,7 @@ class BonPrelevement extends CommonObject
public $emetteur_numero_compte;
public $emetteur_code_banque;
public $emetteur_number_key;
public $sepa_xml_pti_in_ctti;
public $emetteur_iban;
public $emetteur_bic;
@ -107,6 +108,7 @@ class BonPrelevement extends CommonObject
$this->emetteur_numero_compte = "";
$this->emetteur_code_banque = "";
$this->emetteur_number_key = "";
$this->sepa_xml_pti_in_ctti = false;
$this->emetteur_iban = "";
$this->emetteur_bic = "";
@ -1038,10 +1040,11 @@ class BonPrelevement extends CommonObject
}
$account = new Account($this->db);
if ($account->fetch($id) > 0) {
$this->emetteur_code_banque = $account->code_banque;
$this->emetteur_code_banque = $account->code_banque;
$this->emetteur_code_guichet = $account->code_guichet;
$this->emetteur_numero_compte = $account->number;
$this->emetteur_number_key = $account->cle_rib;
$this->emetteur_number_key = $account->cle_rib;
$this->sepa_xml_pti_in_ctti = (bool) $account->pti_in_ctti;
$this->emetteur_iban = $account->iban;
$this->emetteur_bic = $account->bic;
@ -1881,6 +1884,24 @@ class BonPrelevement extends CommonObject
// Add EndToEndId. Must be a unique ID for each payment (for example by including bank, buyer or seller, date, checksum)
$XML_CREDITOR .= ' <EndToEndId>'.(($conf->global->PRELEVEMENT_END_TO_END != "") ? $conf->global->PRELEVEMENT_END_TO_END : ('CT-'.dol_trunc($row_idfac.'-'.$row_ref, 20, 'right', 'UTF-8', 1)).'-'.$Rowing).'</EndToEndId>'.$CrLf; // ISO20022 states that EndToEndId has a MaxLength of 35 characters
$XML_CREDITOR .= ' </PmtId>'.$CrLf;
if ($this->sepa_xml_pti_in_ctti) {
$XML_CREDITOR .= ' <PmtTpInf>' . $CrLf;
// Can be 'NORM' for normal or 'HIGH' for high priority level
if (!empty($conf->global->PAYMENTBYBANKTRANSFER_FORCE_HIGH_PRIORITY)) {
$instrprty = 'HIGH';
} else {
$instrprty = 'NORM';
}
$XML_CREDITOR .= ' <InstrPrty>'.$instrprty.'</InstrPrty>' . $CrLf;
$XML_CREDITOR .= ' <SvcLvl>' . $CrLf;
$XML_CREDITOR .= ' <Cd>SEPA</Cd>' . $CrLf;
$XML_CREDITOR .= ' </SvcLvl>' . $CrLf;
$XML_CREDITOR .= ' <CtgyPurp>' . $CrLf;
$XML_CREDITOR .= ' <Cd>CORE</Cd>' . $CrLf;
$XML_CREDITOR .= ' </CtgyPurp>' . $CrLf;
$XML_CREDITOR .= ' </PmtTpInf>' . $CrLf;
}
$XML_CREDITOR .= ' <Amt>'.$CrLf;
$XML_CREDITOR .= ' <InstdAmt Ccy="EUR">'.round($row_somme, 2).'</InstdAmt>'.$CrLf;
$XML_CREDITOR .= ' </Amt>'.$CrLf;
@ -2031,6 +2052,7 @@ class BonPrelevement extends CommonObject
$this->emetteur_code_guichet = $account->code_guichet;
$this->emetteur_numero_compte = $account->number;
$this->emetteur_number_key = $account->cle_rib;
$this->sepa_xml_pti_in_ctti = (bool) $account->pti_in_ctti;
$this->emetteur_iban = $account->iban;
$this->emetteur_bic = $account->bic;
@ -2125,17 +2147,17 @@ class BonPrelevement extends CommonObject
//$XML_SEPA_INFO .= ' <BtchBookg>False</BtchBookg>'.$CrLf;
$XML_SEPA_INFO .= ' <NbOfTxs>'.$nombre.'</NbOfTxs>'.$CrLf;
$XML_SEPA_INFO .= ' <CtrlSum>'.$total.'</CtrlSum>'.$CrLf;
/*
$XML_SEPA_INFO .= ' <PmtTpInf>'.$CrLf;
$XML_SEPA_INFO .= ' <SvcLvl>'.$CrLf;
$XML_SEPA_INFO .= ' <Cd>SEPA</Cd>'.$CrLf;
$XML_SEPA_INFO .= ' </SvcLvl>'.$CrLf;
$XML_SEPA_INFO .= ' <LclInstrm>'.$CrLf;
$XML_SEPA_INFO .= ' <Cd>TRF</Cd>'.$CrLf;
$XML_SEPA_INFO .= ' </LclInstrm>'.$CrLf;
$XML_SEPA_INFO .= ' <CtgyPurp><Cd>SECU</Cd></CtgyPurp>'.$CrLf;
$XML_SEPA_INFO .= ' </PmtTpInf>'.$CrLf;
*/
if (!$this->sepa_xml_pti_in_ctti) {
$XML_SEPA_INFO .= ' <PmtTpInf>' . $CrLf;
$XML_SEPA_INFO .= ' <SvcLvl>' . $CrLf;
$XML_SEPA_INFO .= ' <Cd>SEPA</Cd>' . $CrLf;
$XML_SEPA_INFO .= ' </SvcLvl>' . $CrLf;
$XML_SEPA_INFO .= ' <LclInstrm>' . $CrLf;
$XML_SEPA_INFO .= ' <Cd>CORE</Cd>' . $CrLf;
$XML_SEPA_INFO .= ' </LclInstrm>' . $CrLf;
$XML_SEPA_INFO .= ' <SeqTp>' . $format . '</SeqTp>' . $CrLf;
$XML_SEPA_INFO .= ' </PmtTpInf>' . $CrLf;
}
$XML_SEPA_INFO .= ' <ReqdExctnDt>'.dol_print_date($dateTime_ETAD, 'dayrfc').'</ReqdExctnDt>'.$CrLf;
$XML_SEPA_INFO .= ' <Dbtr>'.$CrLf;
$XML_SEPA_INFO .= ' <Nm>'.dolEscapeXML(strtoupper(dol_string_unaccent($this->raison_sociale))).'</Nm>'.$CrLf;

44
htdocs/compta/resultat/clientfourn.php
View File

@ -934,33 +934,29 @@ if ($modecompta == 'BOOKKEEPING') {
if ($modecompta == 'CREANCES-DETTES' || $modecompta == 'RECETTES-DEPENSES') {
if ($modecompta == 'CREANCES-DETTES') {
//$column = 's.dateep'; // We use the date of salary
$column = 'p.datep';
$column = 's.dateep'; // We use the date of end of period of salary
$sql = "SELECT u.rowid, u.firstname, u.lastname, s.fk_user as fk_user, s.label as label, date_format($column,'%Y-%m') as dm, sum(s.amount) as amount";
$sql .= " FROM ".MAIN_DB_PREFIX."salary as s";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid = s.fk_user";
$sql .= " WHERE s.entity IN (".getEntity('salary').")";
if (!empty($date_start) && !empty($date_end)) {
$sql .= " AND $column >= '".$db->idate($date_start)."' AND $column <= '".$db->idate($date_end)."'";
}
$sql .= " GROUP BY u.rowid, u.firstname, u.lastname, s.fk_user, s.label, dm";
} else {
$column = 'p.datep';
}
$sql = "SELECT u.rowid, u.firstname, u.lastname, s.fk_user as fk_user, p.label as label, date_format($column,'%Y-%m') as dm, sum(p.amount) as amount";
$sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as p";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."salary as s ON s.rowid=p.fk_salary";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid=s.fk_user";
$sql .= " WHERE s.entity IN (".getEntity('salary').")";
if (!empty($date_start) && !empty($date_end)) {
$sql .= " AND $column >= '".$db->idate($date_start)."' AND $column <= '".$db->idate($date_end)."'";
$sql = "SELECT u.rowid, u.firstname, u.lastname, s.fk_user as fk_user, p.label as label, date_format($column,'%Y-%m') as dm, sum(p.amount) as amount";
$sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as p";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."salary as s ON s.rowid = p.fk_salary";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid = s.fk_user";
$sql .= " WHERE p.entity IN (".getEntity('payment_salary').")";
if (!empty($date_start) && !empty($date_end)) {
$sql .= " AND $column >= '".$db->idate($date_start)."' AND $column <= '".$db->idate($date_end)."'";
}
$sql .= " GROUP BY u.rowid, u.firstname, u.lastname, s.fk_user, p.label, dm";
}
$sql .= " GROUP BY u.rowid, u.firstname, u.lastname, s.fk_user, p.label, dm";
// For backward compatibility with old module salary
$column = 'p.datep';
$sql .= " UNION ";
$sql .= " SELECT u.rowid, u.firstname, u.lastname, p.fk_user as fk_user, p.label as label, date_format($column,'%Y-%m') as dm, sum(p.amount) as amount";
$sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as p";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid=p.fk_user";
$sql .= " WHERE p.entity IN (".getEntity('payment_salary').")";
if (!empty($date_start) && !empty($date_end)) {
$sql .= " AND $column >= '".$db->idate($date_start)."' AND $column <= '".$db->idate($date_end)."'";
}
$sql .= " GROUP BY u.rowid, u.firstname, u.lastname, p.fk_user, p.label, dm";
$newsortfield = $sortfield;
if ($newsortfield == 's.nom, s.rowid') {
@ -975,7 +971,7 @@ if ($modecompta == 'BOOKKEEPING') {
$sql .= $db->order($newsortfield, $sortorder);
}
dol_syslog("get payment salaries");
dol_syslog("get salaries");
$result = $db->query($sql);
$subtotal_ht = 0;
$subtotal_ttc = 0;

28
htdocs/compta/resultat/index.php
View File

@ -615,23 +615,31 @@ if (!empty($conf->tax->enabled) && ($modecompta == 'CREANCES-DETTES' || $modecom
if (!empty($conf->salaries->enabled) && ($modecompta == 'CREANCES-DETTES' || $modecompta == "RECETTES-DEPENSES")) {
if ($modecompta == 'CREANCES-DETTES') {
//$column = 's.dateep'; // we use the date of salary
$column = 'p.datep';
$column = 's.dateep'; // we use the date of end of period of salary
$sql = "SELECT s.label as nom, date_format(".$column.",'%Y-%m') as dm, sum(s.amount) as amount";
$sql .= " FROM ".MAIN_DB_PREFIX."salary as s";
$sql .= " WHERE s.entity IN (".getEntity('salary').")";
if (!empty($date_start) && !empty($date_end)) {
$sql .= " AND ".$column." >= '".$db->idate($date_start)."' AND ".$column." <= '".$db->idate($date_end)."'";
}
$sql .= " GROUP BY s.label, dm";
}
if ($modecompta == "RECETTES-DEPENSES") {
$column = 'p.datep';
$sql = "SELECT p.label as nom, date_format(".$column.",'%Y-%m') as dm, sum(p.amount) as amount";
$sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as p";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."salary as s ON p.fk_salary = s.rowid";
$sql .= " WHERE p.entity IN (".getEntity('payment_salary').")";
if (!empty($date_start) && !empty($date_end)) {
$sql .= " AND ".$column." >= '".$db->idate($date_start)."' AND ".$column." <= '".$db->idate($date_end)."'";
}
$sql .= " GROUP BY p.label, dm";
}
$subtotal_ht = 0;
$subtotal_ttc = 0;
$sql = "SELECT p.label as nom, date_format(".$column.",'%Y-%m') as dm, sum(p.amount) as amount";
$sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as p, ".MAIN_DB_PREFIX."salary as s";
$sql .= " WHERE p.fk_salary = s.rowid";
$sql .= " AND s.entity IN (".getEntity('salary').")";
if (!empty($date_start) && !empty($date_end)) {
$sql .= " AND ".$column." >= '".$db->idate($date_start)."' AND ".$column." <= '".$db->idate($date_end)."'";
}
$sql .= " GROUP BY p.label, dm";
dol_syslog("get social salaries payments");
$result = $db->query($sql);

2
htdocs/compta/tva/card.php
View File

@ -468,7 +468,7 @@ if ($action == 'create') {
} else {
$label = $langs->trans("VATPayment");
}
print '<tr><td class="titlefieldcreate fieldrequired">'.$langs->trans("Label").'</td><td><input class="minwidth300" name="label" id="label" value="'.($_POST["label"] ?GETPOST("label", '', 2) : $label).'" autofocus></td></tr>';
print '<tr><td class="titlefieldcreate fieldrequired">'.$langs->trans("Label").'</td><td><input class="minwidth300" name="label" id="label" value="'.(GETPOSTISSET("label") ? GETPOST("label", '', 2) : $label).'" autofocus></td></tr>';
print '<tr><td class="titlefieldcreate fieldrequired">'.$form->textwithpicto($langs->trans("PeriodEndDate"), $langs->trans("LastDayTaxIsRelatedTo")).'</td><td>';
print $form->selectDate((GETPOST("datevmonth", 'int') ? $datev : -1), "datev", '', '', '', 'add', 1, 1);

6
htdocs/contrat/card.php
View File

@ -534,9 +534,9 @@ if (empty($reshook)) {
$localtax2_tx = get_localtax($tva_tx, 2, $object->thirdparty, $mysoc, $tva_npr);
// ajout prix achat
$fk_fournprice = $_POST['fournprice'];
if (!empty($_POST['buying_price'])) {
$pa_ht = $_POST['buying_price'];
$fk_fournprice = GETPOST('fournprice');
if (GETPOST('buying_price')) {
$pa_ht = GETPOST('buying_price');
} else {
$pa_ht = null;
}

16
htdocs/core/actions_massactions.inc.php
View File

@ -143,7 +143,7 @@ if (!$error && $massaction == 'confirm_presend') {
$massaction = 'presend';
}
$receiver = $_POST['receiver'];
$receiver = GETPOST('receiver', 'alphawithlgt');
if (!is_array($receiver)) {
if (empty($receiver) || $receiver == '-1') {
$receiver = array();
@ -181,7 +181,7 @@ if (!$error && $massaction == 'confirm_presend') {
$tmparray = array();
if (trim($_POST['sendto'])) {
// Recipients are provided into free text
$tmparray[] = trim($_POST['sendto']);
$tmparray[] = trim(GETPOST('sendto', 'alphawithlgt'));
}
if (count($receiver) > 0) {
foreach ($receiver as $key => $val) {
@ -197,7 +197,7 @@ if (!$error && $massaction == 'confirm_presend') {
$sendto = implode(',', $tmparray);
// Define $sendtocc
$receivercc = $_POST['receivercc'];
$receivercc = GETPOST('receivercc', 'alphawithlgt');
if (!is_array($receivercc)) {
if ($receivercc == '-1') {
$receivercc = array();
@ -207,7 +207,7 @@ if (!$error && $massaction == 'confirm_presend') {
}
$tmparray = array();
if (trim($_POST['sendtocc'])) {
$tmparray[] = trim($_POST['sendtocc']);
$tmparray[] = trim(GETPOST('sendtocc', 'alphawithlgt'));
}
if (count($receivercc) > 0) {
foreach ($receivercc as $key => $val) {
@ -298,7 +298,7 @@ if (!$error && $massaction == 'confirm_presend') {
continue;
}
if ($_POST['addmaindocfile']) {
if (GETPOST('addmaindocfile')) {
// TODO Use future field $objectobj->fullpathdoc to know where is stored default file
// TODO If not defined, use $objectobj->model_pdf (or defaut invoice config) to know what is template to use to regenerate doc.
$filename = dol_sanitizeFileName($objectobj->ref).'.pdf';
@ -347,7 +347,7 @@ if (!$error && $massaction == 'confirm_presend') {
$reg = array();
$fromtype = GETPOST('fromtype');
if ($fromtype === 'user') {
$from = $user->getFullName($langs).' <'.$user->email.'>';
$from = dol_string_nospecial($user->getFullName($langs), ' ', array(",")).' <'.$user->email.'>';
} elseif ($fromtype === 'company') {
$from = $conf->global->MAIN_INFO_SOCIETE_NOM.' <'.$conf->global->MAIN_INFO_SOCIETE_MAIL.'>';
} elseif (preg_match('/user_aliases_(\d+)/', $fromtype, $reg)) {
@ -361,10 +361,10 @@ if (!$error && $massaction == 'confirm_presend') {
$resql = $db->query($sql);
$obj = $db->fetch_object($resql);
if ($obj) {
$from = $obj->label.' <'.$obj->email.'>';
$from = dol_string_nospecial($obj->label, ' ', array(",")).' <'.$obj->email.'>';
}
} else {
$from = $_POST['fromname'].' <'.$_POST['frommail'].'>';
$from = GETPOST('fromname').' <'.GETPOST('frommail').'>';
}
$replyto = $from;

24
htdocs/core/actions_sendmails.inc.php
View File

@ -49,7 +49,7 @@ if (GETPOST('addfile', 'alpha')) {
/*
* Remove file in email form
*/
if (!empty($_POST['removedfile']) && empty($_POST['removAll'])) {
if (GETPOST('removedfile') && !GETPOST('removAll')) {
$trackid = GETPOST('trackid', 'aZ09');
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
@ -103,7 +103,7 @@ if (GETPOST('removAll', 'alpha')) {
/*
* Send mail
*/
if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST['removAll'] && !$_POST['removedfile'] && !$_POST['cancel'] && !$_POST['modelselected']) {
if (($action == 'send' || $action == 'relance') && !GETPOST('addfile') && !GETPOST('removAll') && !GETPOST('removedfile') && !GETPOST('cancel') && !GETPOST('modelselected')) {
if (empty($trackid)) {
$trackid = GETPOST('trackid', 'aZ09');
}
@ -171,7 +171,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST
$sendtoccuserid = array();
// Define $sendto
$receiver = $_POST['receiver'];
$receiver = GETPOST('receiver', 'alphawithlgt');
if (!is_array($receiver)) {
if ($receiver == '-1') {
$receiver = array();
@ -183,12 +183,12 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST
$tmparray = array();
if (trim($_POST['sendto'])) {
// Recipients are provided into free text field
$tmparray[] = trim($_POST['sendto']);
$tmparray[] = trim(GETPOST('sendto', 'alphawithlgt'));
}
if (trim($_POST['tomail'])) {
// Recipients are provided into free hidden text field
$tmparray[] = trim($_POST['tomail']);
$tmparray[] = trim(GETPOST('tomail', 'alphawithlgt'));
}
if (count($receiver) > 0) {
@ -207,7 +207,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST
}
if (!empty($conf->global->MAIN_MAIL_ENABLED_USER_DEST_SELECT)) {
$receiveruser = $_POST['receiveruser'];
$receiveruser = GETPOST('receiveruser', 'alphawithlgt');
if (is_array($receiveruser) && count($receiveruser) > 0) {
$fuserdest = new User($db);
foreach ($receiveruser as $key => $val) {
@ -220,7 +220,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST
$sendto = implode(',', $tmparray);
// Define $sendtocc
$receivercc = $_POST['receivercc'];
$receivercc = GETPOST('receivercc', 'alphawithlgt');
if (!is_array($receivercc)) {
if ($receivercc == '-1') {
$receivercc = array();
@ -230,7 +230,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST
}
$tmparray = array();
if (trim($_POST['sendtocc'])) {
$tmparray[] = trim($_POST['sendtocc']);
$tmparray[] = trim(GETPOST('sendtocc', 'alphawithlgt'));
}
if (count($receivercc) > 0) {
foreach ($receivercc as $key => $val) {
@ -248,7 +248,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST
}
}
if (!empty($conf->global->MAIN_MAIL_ENABLED_USER_DEST_SELECT)) {
$receiverccuser = $_POST['receiverccuser'];
$receiverccuser = GETPOST('receiverccuser', 'alphawithlgt');
if (is_array($receiverccuser) && count($receiverccuser) > 0) {
$fuserdest = new User($db);
@ -293,10 +293,10 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST
$from = dol_string_nospecial($obj->label, ' ', array(",")).' <'.$obj->email.'>';
}
} else {
$from = dol_string_nospecial($_POST['fromname'], ' ', array(",")).' <'.$_POST['frommail'].'>';
$from = dol_string_nospecial(GETPOST('fromname'), ' ', array(",")).' <'.GETPOST('frommail').'>';
}
$replyto = dol_string_nospecial($_POST['replytoname'], ' ', array(",")).' <'.$_POST['replytomail'].'>';
$replyto = dol_string_nospecial(GETPOST('replytoname'), ' ', array(",")).' <'.GETPOST('replytomail').'>';
$message = GETPOST('message', 'restricthtml');
$subject = GETPOST('subject', 'restricthtml');
@ -313,7 +313,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST
$sendtobcc .= (empty($conf->global->$autocopy) ? '' : (($sendtobcc ? ", " : "").$conf->global->$autocopy));
}
$deliveryreceipt = $_POST['deliveryreceipt'];
$deliveryreceipt = GETPOST('deliveryreceipt');
if ($action == 'send' || $action == 'relance') {
$actionmsg2 = $langs->transnoentities('MailSentBy').' '.CMailFile::getValidAddress($from, 4, 0, 1).' '.$langs->transnoentities('To').' '.CMailFile::getValidAddress($sendto, 4, 0, 1);

3
htdocs/core/ajax/ajaxdirtree.php
View File

@ -47,8 +47,6 @@ if (!isset($mode) || $mode != 'noajax') { // For ajax call
include_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php';
include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php';
//if (GETPOST('preopened')) { $_GET['dir'] = $_POST['dir'] = '/bbb/'; }
$openeddir = GETPOST('openeddir');
$modulepart = GETPOST('modulepart');
$selecteddir = jsUnEscape(GETPOST('dir')); // relative path. We must decode using same encoding function used by javascript: escape()
@ -60,7 +58,6 @@ if (!isset($mode) || $mode != 'noajax') { // For ajax call
}
} else {
// For no ajax call
//if (GETPOST('preopened')) { $_GET['dir'] = $_POST['dir'] = GETPOST('preopened'); }
$openeddir = GETPOST('openeddir');
$modulepart = GETPOST('modulepart');

1
htdocs/core/ajax/saveinplace.php
View File

@ -103,6 +103,7 @@ if (!empty($field) && !empty($element) && !empty($table_element) && !empty($fk_e
}
$_POST['action'] = 'update'; // Hack so restrictarea will test permissions on write too
$feature = $newelement;
$feature2 = $subelement;
$object_id = $fk_element;

6
htdocs/core/boxes/box_graph_nb_ticket_last_x_days.php
View File

@ -87,11 +87,11 @@ class box_graph_nb_ticket_last_x_days extends ModeleBoxes
$param_day = 'DOLUSERCOOKIE_ticket_last_days';
if (!empty($_POST[$param_day])) {
if ($_POST[$param_day] >= 15) {
if (GETPOST($param_day)) {
if (GETPOST($param_day) >= 15) {
$days = 14;
} else {
$days = $_POST[$param_day];
$days = GETPOST($param_day);
}
} else {
$days = 7;

4
htdocs/core/class/commonobject.class.php
View File

@ -5708,11 +5708,11 @@ abstract class CommonObject
if (in_array($key_type, array('date'))) {
// Clean parameters
// TODO GMT date in memory must be GMT so we should add gm=true in parameters
$value_key = dol_mktime(0, 0, 0, $_POST[$postfieldkey."month"], $_POST[$postfieldkey."day"], $_POST[$postfieldkey."year"]);
$value_key = dol_mktime(0, 0, 0, GETPOST($postfieldkey."month", 'int'), GETPOST($postfieldkey."day", 'int'), GETPOST($postfieldkey."year", 'int'));
} elseif (in_array($key_type, array('datetime'))) {
// Clean parameters
// TODO GMT date in memory must be GMT so we should add gm=true in parameters
$value_key = dol_mktime($_POST[$postfieldkey."hour"], $_POST[$postfieldkey."min"], 0, $_POST[$postfieldkey."month"], $_POST[$postfieldkey."day"], $_POST[$postfieldkey."year"]);
$value_key = dol_mktime(GETPOST($postfieldkey."hour", 'int'), GETPOST($postfieldkey."min", 'int'), 0, GETPOST($postfieldkey."month", 'int'), GETPOST($postfieldkey."day", 'int'), GETPOST($postfieldkey."year", 'int'));
} elseif (in_array($key_type, array('checkbox', 'chkbxlst'))) {
$value_arr = GETPOST($postfieldkey, 'array'); // check if an array
if (!empty($value_arr)) {

86
htdocs/core/class/extrafields.class.php
View File

@ -66,6 +66,11 @@ class ExtraFields
*/
public $attributes;
/**
* @var array Array with boolean of status of groups
*/
public $expand_display;
/**
* @var string Error code (or message)
*/
@ -1866,55 +1871,58 @@ class ExtraFields
$colspan=0;
}
$extrafield_param = $this->attributes[$object->table_element]['param'][$key];
$extrafield_param_list = array();
if (!empty($extrafield_param) && is_array($extrafield_param)) {
$extrafield_param_list = array_keys($extrafield_param['options']);
}
$extrafield_collapse_display_value = -1;
$expand_display = false;
if (is_array($extrafield_param_list) && count($extrafield_param_list) > 0) {
$extrafield_collapse_display_value = intval($extrafield_param_list[0]);
$expand_display = ((isset($_COOKIE['DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key]) || GETPOST('ignorecollapsesetup', 'int')) ? ($_COOKIE['DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key] ? true : false) : ($extrafield_collapse_display_value == 2 ? false : true));
}
$out = '<'.$tagtype.' id="trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').'" class="trextrafieldseparator trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').'">';
$out .= '<'.$tagtype_dyn.' '.(!empty($colspan)?'colspan="' . $colspan . '"':'').'>';
// Some js code will be injected here to manage the collapsing of extrafields
$out .='<strong>';
$out .= '<span class="cursorpointer far fa-'.($expand_display ? 'minus' : 'plus').'-square"></span>&nbsp;';
$out .= '<strong>';
$out .= $langs->trans($this->attributes[$object->table_element]['label'][$key]);
$out .= '</strong>';
$out .= '</'.$tagtype_dyn.'>';
$out .= '</'.$tagtype.'>';
$extrafield_param = $this->attributes[$object->table_element]['param'][$key];
if (!empty($extrafield_param) && is_array($extrafield_param)) {
$extrafield_param_list = array_keys($extrafield_param['options']);
if ($extrafield_collapse_display_value == 1 || $extrafield_collapse_display_value == 2) {
// Set the collapse_display status to cookie in priority or if ignorecollapsesetup is 1, if cookie and ignorecollapsesetup not defined, use the setup.
$extrafields_collapse_num = $this->attributes[$object->table_element]['pos'][$key].(!empty($object->id)?'_'.$object->id:'');
$this->expand_display[$extrafields_collapse_num] = $expand_display;
if (count($extrafield_param_list) > 0) {
$extrafield_collapse_display_value = intval($extrafield_param_list[0]);
if ($extrafield_collapse_display_value == 1 || $extrafield_collapse_display_value == 2) {
// Set the collapse_display status to cookie in priority or if ignorecollapsesetup is 1, if cookie and ignorecollapsesetup not defined, use the setup.
$collapse_display = ((isset($_COOKIE['DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key]) || GETPOST('ignorecollapsesetup', 'int')) ? ($_COOKIE['DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key] ? true : false) : ($extrafield_collapse_display_value == 2 ? false : true));
$extrafields_collapse_num = $this->attributes[$object->table_element]['pos'][$key].(!empty($object->id)?'_'.$object->id:'');
if (!empty($conf->use_javascript_ajax)) {
$out .= '<!-- Add js script to manage the collapse/uncollapse of extrafields separators '.$key.' -->'."\n";
$out .= '<script type="text/javascript">'."\n";
$out .= 'jQuery(document).ready(function(){'."\n";
if ($collapse_display === false) {
$out .= ' console.log("Inject js for the collapsing of extrafield '.$key.' - hide");';
$out .= ' jQuery("#trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').' '.$tagtype_dyn.'").prepend("<span class=\"cursorpointer far fa-plus-square\"></span>&nbsp;");'."\n";
$out .= ' jQuery(".trextrafields_collapse'.$extrafields_collapse_num.'").hide();'."\n";
} else {
$out .= ' console.log("Inject js for collapsing of extrafield '.$key.' - keep visible and set cookie");';
$out .= ' jQuery("#trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').' '.$tagtype_dyn.'").prepend("<span class=\"cursorpointer far fa-minus-square\"></span>&nbsp;");'."\n";
$out .= ' document.cookie = "DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key.'=1; path='.$_SERVER["PHP_SELF"].'"'."\n";
}
$out .= ' jQuery("#trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').'").click(function(){'."\n";
$out .= ' console.log("We click on collapse/uncollapse .trextrafields_collapse'.$extrafields_collapse_num.'");'."\n";
$out .= ' jQuery(".trextrafields_collapse'.$extrafields_collapse_num.'").toggle(100, function(){'."\n";
$out .= ' if (jQuery(".trextrafields_collapse'.$extrafields_collapse_num.'").is(":hidden")) {'."\n";
$out .= ' jQuery("#trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').' '.$tagtype_dyn.' span").addClass("fa-plus-square").removeClass("fa-minus-square");'."\n";
$out .= ' document.cookie = "DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key.'=0; path='.$_SERVER["PHP_SELF"].'"'."\n";
$out .= ' } else {'."\n";
$out .= ' jQuery("#trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').' '.$tagtype_dyn.' span").addClass("fa-minus-square").removeClass("fa-plus-square");'."\n";
$out .= ' document.cookie = "DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key.'=1; path='.$_SERVER["PHP_SELF"].'"'."\n";
$out .= ' }'."\n";
$out .= ' });'."\n";
$out .= ' });'."\n";
$out .= '});'."\n";
$out .= '</script>'."\n";
}
if (!empty($conf->use_javascript_ajax)) {
$out .= '<!-- Add js script to manage the collapse/uncollapse of extrafields separators '.$key.' -->'."\n";
$out .= '<script type="text/javascript">'."\n";
$out .= 'jQuery(document).ready(function(){'."\n";
if ($expand_display === false) {
$out .= ' console.log("Inject js for the collapsing of extrafield '.$key.' - hide");'."\n";
$out .= ' jQuery(".trextrafields_collapse'.$extrafields_collapse_num.'").hide();'."\n";
} else {
$out .= ' console.log("Inject js for collapsing of extrafield '.$key.' - keep visible and set cookie");'."\n";
$out .= ' document.cookie = "DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key.'=1; path='.$_SERVER["PHP_SELF"].'"'."\n";
}
$out .= ' jQuery("#trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').'").click(function(){'."\n";
$out .= ' console.log("We click on collapse/uncollapse .trextrafields_collapse'.$extrafields_collapse_num.'");'."\n";
$out .= ' jQuery(".trextrafields_collapse'.$extrafields_collapse_num.'").toggle(100, function(){'."\n";
$out .= ' if (jQuery(".trextrafields_collapse'.$extrafields_collapse_num.'").is(":hidden")) {'."\n";
$out .= ' jQuery("#trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').' '.$tagtype_dyn.' span").addClass("fa-plus-square").removeClass("fa-minus-square");'."\n";
$out .= ' document.cookie = "DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key.'=0; path='.$_SERVER["PHP_SELF"].'"'."\n";
$out .= ' } else {'."\n";
$out .= ' jQuery("#trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').' '.$tagtype_dyn.' span").addClass("fa-minus-square").removeClass("fa-plus-square");'."\n";
$out .= ' document.cookie = "DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key.'=1; path='.$_SERVER["PHP_SELF"].'"'."\n";
$out .= ' }'."\n";
$out .= ' });'."\n";
$out .= ' });'."\n";
$out .= '});'."\n";
$out .= '</script>'."\n";
}
}

25
htdocs/core/class/html.form.class.php
View File

@ -141,7 +141,7 @@ class Form
}
}
} else {
if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) {
if (empty($notabletag) && $perm) {
$ret .= '<table class="nobordernopadding centpercent"><tr><td class="nowrap">';
}
if ($fieldrequired) {
@ -158,10 +158,10 @@ class Form
if (!empty($notabletag)) {
$ret .= ' ';
}
if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) {
if (empty($notabletag) && $perm) {
$ret .= '</td>';
}
if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) {
if (empty($notabletag) && $perm) {
$ret .= '<td class="right">';
}
if ($htmlname && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) {
@ -173,10 +173,10 @@ class Form
if (!empty($notabletag) && $notabletag == 3) {
$ret .= ' ';
}
if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) {
if (empty($notabletag) && $perm) {
$ret .= '</td>';
}
if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) {
if (empty($notabletag) && $perm) {
$ret .= '</tr></table>';
}
}
@ -1599,7 +1599,7 @@ class Form
* @param string $exclude List of contacts id to exclude
* @param string $limitto Disable answers that are not id in this array list
* @param integer $showfunction Add function into label
* @param string $moreclass Add more class to class style
* @param string $morecss Add more class to class style
* @param integer $showsoc Add company into label
* @param int $forcecombo Force to use combo box
* @param array $events Event options. Example: array(array('method'=>'getContacts', 'url'=>dol_buildpath('/core/ajax/contacts.php',1), 'htmlname'=>'contactid', 'params'=>array('add-customer-contact'=>'disabled')))
@ -1609,10 +1609,10 @@ class Form
* @return int <0 if KO, Nb of contact in list if OK
* @deprecated You can use selectcontacts directly (warning order of param was changed)
*/
public function select_contacts($socid, $selected = '', $htmlname = 'contactid', $showempty = 0, $exclude = '', $limitto = '', $showfunction = 0, $moreclass = '', $showsoc = 0, $forcecombo = 0, $events = array(), $options_only = false, $moreparam = '', $htmlid = '')
public function select_contacts($socid, $selected = '', $htmlname = 'contactid', $showempty = 0, $exclude = '', $limitto = '', $showfunction = 0, $morecss = '', $showsoc = 0, $forcecombo = 0, $events = array(), $options_only = false, $moreparam = '', $htmlid = '')
{
// phpcs:enable
print $this->selectcontacts($socid, $selected, $htmlname, $showempty, $exclude, $limitto, $showfunction, $moreclass, $options_only, $showsoc, $forcecombo, $events, $moreparam, $htmlid);
print $this->selectcontacts($socid, $selected, $htmlname, $showempty, $exclude, $limitto, $showfunction, $morecss, $options_only, $showsoc, $forcecombo, $events, $moreparam, $htmlid);
return $this->num;
}
@ -1629,7 +1629,7 @@ class Form
* @param string $exclude List of contacts id to exclude
* @param string $limitto Disable answers that are not id in this array list
* @param integer $showfunction Add function into label
* @param string $moreclass Add more class to class style
* @param string $morecss Add more class to class style
* @param bool $options_only Return options only (for ajax treatment)
* @param integer $showsoc Add company into label
* @param int $forcecombo Force to use combo box (so no ajax beautify effect)
@ -1640,7 +1640,7 @@ class Form
* @param integer $disableifempty Set tag 'disabled' on select if there is no choice
* @return int|string <0 if KO, HTML with select string if OK.
*/
public function selectcontacts($socid, $selected = '', $htmlname = 'contactid', $showempty = 0, $exclude = '', $limitto = '', $showfunction = 0, $moreclass = '', $options_only = false, $showsoc = 0, $forcecombo = 0, $events = array(), $moreparam = '', $htmlid = '', $multiple = false, $disableifempty = 0)
public function selectcontacts($socid, $selected = '', $htmlname = 'contactid', $showempty = 0, $exclude = '', $limitto = '', $showfunction = 0, $morecss = '', $options_only = false, $showsoc = 0, $forcecombo = 0, $events = array(), $moreparam = '', $htmlid = '', $multiple = false, $disableifempty = 0)
{
global $conf, $langs, $hookmanager, $action;
@ -1687,7 +1687,7 @@ class Form
$num = $this->db->num_rows($resql);
if ($htmlname != 'none' && !$options_only) {
$out .= '<select class="flat'.($moreclass ? ' '.$moreclass : '').'" id="'.$htmlid.'" name="'.$htmlname.(($num || empty($disableifempty)) ? '' : ' disabled').($multiple ? '[]' : '').'" '.($multiple ? 'multiple' : '').' '.(!empty($moreparam) ? $moreparam : '').'>';
$out .= '<select class="flat'.($morecss ? ' '.$morecss : '').'" id="'.$htmlid.'" name="'.$htmlname.(($num || empty($disableifempty)) ? '' : ' disabled').($multiple ? '[]' : '').'" '.($multiple ? 'multiple' : '').' '.(!empty($moreparam) ? $moreparam : '').'>';
}
if ($showempty && ! is_numeric($showempty)) {
@ -2085,7 +2085,7 @@ class Form
if ($num) {
// Enhance with select2
include_once DOL_DOCUMENT_ROOT.'/core/lib/ajax.lib.php';
$out = ajax_combobox($htmlname).$out;
$out .= ajax_combobox($htmlname);
}
} else {
dol_print_error($this->db);
@ -2094,6 +2094,7 @@ class Form
if ($outputmode) {
return $outarray;
}
return $out;
}

4
htdocs/core/class/html.formcategory.class.php
View File

@ -49,13 +49,13 @@ class FormCategory extends Form
$categoryArray = $this->select_all_categories($type, "", "", 64, 0, 1);
$categoryArray[-2] = "- ".$langs->trans('NotCategorized')." -";
$tmptitle = $langs->trans("Category");
$tmptitle = $langs->transnoentitiesnoconv("Category");
$filter = '';
$filter .= '<div class="divsearchfield">';
$filter .= img_picto($tmptitle, 'category', 'class="pictofixedwidth"');
//$filter .= $langs->trans('Categories').": ";
$filter .= Form::multiselectarray($htmlName, $categoryArray, $preSelected, 0, 0, "minwidth300", 0, 0, '', '', $tmptitle);
$filter .= Form::multiselectarray($htmlName, $categoryArray, $preSelected, 0, 0, "minwidth300 widthcentpercentminusx", 0, 0, '', '', $tmptitle);
$filter .= "</div>";
return $filter;

19
htdocs/core/class/html.formother.class.php
View File

@ -473,15 +473,6 @@ class FormOther
$langs->load('users');
$out = '';
// Enhance with select2
if ($conf->use_javascript_ajax) {
include_once DOL_DOCUMENT_ROOT.'/core/lib/ajax.lib.php';
$comboenhancement = ajax_combobox($htmlname);
if ($comboenhancement) {
$out .= $comboenhancement;
}
}
$reshook = $hookmanager->executeHooks('addSQLWhereFilterOnSelectSalesRep', array(), $this, $action);
@ -622,6 +613,16 @@ class FormOther
$out .= '</select>';
// Enhance with select2
if ($conf->use_javascript_ajax) {
include_once DOL_DOCUMENT_ROOT.'/core/lib/ajax.lib.php';
$comboenhancement = ajax_combobox($htmlname);
if ($comboenhancement) {
$out .= $comboenhancement;
}
}
return $out;
}

2
htdocs/core/class/html.formticket.class.php
View File

@ -1364,7 +1364,7 @@ class FormTicket
} elseif (!dol_textishtml($defaultmessage) && dol_textishtml($this->substit['__USER_SIGNATURE__'])) {
$defaultmessage = dol_nl2br($defaultmessage);
}
if (GETPOSTISSET("message") && !$_POST['modelselected']) {
if (GETPOSTISSET("message") && !GETPOST('modelselected')) {
$defaultmessage = GETPOST('message', 'restricthtml');
} else {
$defaultmessage = make_substitutions($defaultmessage, $this->substit);

17
htdocs/core/lib/admin.lib.php
View File

@ -320,6 +320,7 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle
// Loop on each request to execute request
$cursorinsert = 0;
$listofinsertedrowid = array();
$keyforsql = md5($sqlfile);
foreach ($arraysql as $i => $sql) {
if ($sql) {
// Replace the prefix tables
@ -335,7 +336,7 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle
// Add log of request
if (!$silent) {
print '<tr class="trforrunsql"><td class="tdtop opacitymedium"'.($colspan ? ' colspan="'.$colspan.'"' : '').'>'.$langs->trans("Request").' '.($i + 1)." sql='".dol_htmlentities($newsql, ENT_NOQUOTES)."'</td></tr>\n";
print '<tr class="trforrunsql'.$keyforsql.'"><td class="tdtop opacitymedium"'.($colspan ? ' colspan="'.$colspan.'"' : '').'>'.$langs->trans("Request").' '.($i + 1)." sql='".dol_htmlentities($newsql, ENT_NOQUOTES)."'</td></tr>\n";
}
dol_syslog('Admin.lib::run_sql Request '.($i + 1), LOG_DEBUG);
$sqlmodified = 0;
@ -454,18 +455,18 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle
//if (!empty($conf->use_javascript_ajax)) { // use_javascript_ajax is not defined
print '<script type="text/javascript">
jQuery(document).ready(function() {
function init_trrunsql()
function init_trrunsql'.$keyforsql.'()
{
console.log("toggle .trforrunsql");
jQuery(".trforrunsql").toggle();
console.log("toggle .trforrunsql'.$keyforsql.'");
jQuery(".trforrunsql'.$keyforsql.'").toggle();
}
init_trrunsql();
jQuery(".trforrunsqlshowhide").click(function() {
init_trrunsql();
init_trrunsql'.$keyforsql.'();
jQuery(".trforrunsqlshowhide'.$keyforsql.'").click(function() {
init_trrunsql'.$keyforsql.'();
});
});
</script>';
print ' - <a class="trforrunsqlshowhide" href="#">'.$langs->trans("ShowHideDetails").'</a>';
print ' - <a class="trforrunsqlshowhide'.$keyforsql.'" href="#">'.$langs->trans("ShowHideDetails").'</a>';
//}
print '</td></tr>'."\n";

14
htdocs/core/lib/files.lib.php
View File

@ -987,7 +987,7 @@ function dol_unescapefile($filename)
*/
function dolCheckVirus($src_file)
{
global $conf;
global $conf, $db;
if (!empty($conf->global->MAIN_ANTIVIRUS_COMMAND)) {
if (!class_exists('AntiVir')) {
@ -2374,6 +2374,10 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
$accessallowed = 1;
}
$original_file = $conf->user->dir_output.'/'.$original_file;
} elseif (($modulepart == 'companylogo') && !empty($conf->mycompany->dir_output)) {
// Wrapping for users logos
$accessallowed = 1;
$original_file = $conf->mycompany->dir_output.'/logos/'.$original_file;
} elseif ($modulepart == 'memberphoto' && !empty($conf->adherent->dir_output)) {
// Wrapping for members photos
$accessallowed = 0;
@ -2430,10 +2434,10 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
}
$original_file = $conf->fournisseur->facture->dir_output.'/'.$original_file;
} elseif (($modulepart == 'holiday') && !empty($conf->holiday->dir_output)) {
if ($fuser->rights->holiday->{$read} || preg_match('/^specimen/i', $original_file)) {
if ($fuser->rights->holiday->{$read} || !empty($fuser->rights->holiday->readall) || preg_match('/^specimen/i', $original_file)) {
$accessallowed = 1;
// If we known $id of holiday, call checkUserAccessToObject to check permission on properties and hierarchy of leave request
if ($refname && !preg_match('/^specimen/i', $original_file)) {
if ($refname && empty($fuser->rights->holiday->readall) && !preg_match('/^specimen/i', $original_file)) {
include_once DOL_DOCUMENT_ROOT.'/holiday/class/holiday.class.php';
$tmpholiday = new Holiday($db);
$tmpholiday->fetch('', $refname);
@ -2442,10 +2446,10 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
}
$original_file = $conf->holiday->dir_output.'/'.$original_file;
} elseif (($modulepart == 'expensereport') && !empty($conf->expensereport->dir_output)) {
if ($fuser->rights->expensereport->{$lire} || preg_match('/^specimen/i', $original_file)) {
if ($fuser->rights->expensereport->{$lire} || !empty($fuser->rights->expensereport->readall) || preg_match('/^specimen/i', $original_file)) {
$accessallowed = 1;
// If we known $id of expensereport, call checkUserAccessToObject to check permission on properties and hierarchy of expense report
if ($refname && !preg_match('/^specimen/i', $original_file)) {
if ($refname && empty($fuser->rights->expensereport->readall) && !preg_match('/^specimen/i', $original_file)) {
include_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
$tmpexpensereport = new ExpenseReport($db);
$tmpexpensereport->fetch('', $refname);

34
htdocs/core/lib/functions.lib.php
View File

@ -713,11 +713,11 @@ function GETPOSTINT($paramname, $method = 0)
/**
* Return a value after checking on a rule. A sanitization may also have been done.
*
* @param string $out Value to check/clear.
* @param string $check Type of check/sanitizing
* @param int $filter Filter to apply when $check is set to 'custom'. (See http://php.net/manual/en/filter.filters.php for détails)
* @param mixed $options Options to pass to filter_var when $check is set to 'custom'
* @return string|array Value sanitized (string or array). It may be '' if format check fails.
* @param string|array $out Value to check/clear.
* @param string $check Type of check/sanitizing
* @param int $filter Filter to apply when $check is set to 'custom'. (See http://php.net/manual/en/filter.filters.php for détails)
* @param mixed $options Options to pass to filter_var when $check is set to 'custom'
* @return string|array Value sanitized (string or array). It may be '' if format check fails.
*/
function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = null)
{
@ -6582,16 +6582,18 @@ function dol_string_onlythesehtmlattributes($stringtoclean, $allowed_attributes
} elseif (in_array($attrs->item($ii)->name, array('style'))) {
$valuetoclean = $attrs->item($ii)->value;
do {
$oldvaluetoclean = $valuetoclean;
$valuetoclean = preg_replace('/\/\*.*\*\//m', '', $valuetoclean); // clean css comments
$valuetoclean = preg_replace('/position\s*:\s*[a-z]+/mi', '', $valuetoclean);
if ($els->item($i)->tagName == 'a') { // more paranoiac cleaning for clickable tags.
$valuetoclean = preg_replace('/display\s*://m', '', $valuetoclean);
$valuetoclean = preg_replace('/z-index\s*://m', '', $valuetoclean);
$valuetoclean = preg_replace('/\s+(top|left|right|bottom)\s*://m', '', $valuetoclean);
}
} while ($oldvaluetoclean != $valuetoclean);
if (isset($valuetoclean)) {
do {
$oldvaluetoclean = $valuetoclean;
$valuetoclean = preg_replace('/\/\*.*\*\//m', '', $valuetoclean); // clean css comments
$valuetoclean = preg_replace('/position\s*:\s*[a-z]+/mi', '', $valuetoclean);
if ($els->item($i)->tagName == 'a') { // more paranoiac cleaning for clickable tags.
$valuetoclean = preg_replace('/display\s*://m', '', $valuetoclean);
$valuetoclean = preg_replace('/z-index\s*://m', '', $valuetoclean);
$valuetoclean = preg_replace('/\s+(top|left|right|bottom)\s*://m', '', $valuetoclean);
}
} while ($oldvaluetoclean != $valuetoclean);
}
$attrs->item($ii)->value = $valuetoclean;
}
@ -8799,7 +8801,7 @@ function printCommonFooter($zone = 'private')
// A div to store page_y POST parameter so we can read it using javascript
print "\n<!-- A div to store page_y POST parameter -->\n";
print '<div id="page_y" style="display: none;">'.(empty($_POST['page_y']) ? '' : $_POST['page_y']).'</div>'."\n";
print '<div id="page_y" style="display: none;">'.(GETPOST('page_y') ? GETPOST('page_y') : '').'</div>'."\n";
$parameters = array();
$reshook = $hookmanager->executeHooks('printCommonFooter', $parameters); // Note that $action and $object may have been modified by some hooks

2
htdocs/core/lib/pdf.lib.php
View File

@ -1393,7 +1393,7 @@ function pdf_getlinedesc($object, $i, $outputlangs, $hideref = 0, $hidedesc = 0,
$note = $prodser->multilangs[$outputlangs->defaultlang]["other"];
}
}
} elseif ($object->element == 'facture' || $object->element == 'facturefourn') {
} elseif (($object->element == 'facture' || $object->element == 'facturefourn') && preg_match('/^\(DEPOSIT\).+/', $desc)) { // We must not replace '(DEPOSIT)' when it is alone, it will be translated and detailed later
$desc = str_replace('(DEPOSIT)', $outputlangs->trans('Deposit'), $desc);
}

4
htdocs/core/lib/website.lib.php
View File

@ -31,6 +31,8 @@
*/
function dolStripPhpCode($str, $replacewith = '')
{
$str = str_replace('<?=', '<?php', $str);
$newstr = '';
//split on each opening tag
@ -71,6 +73,8 @@ function dolStripPhpCode($str, $replacewith = '')
*/
function dolKeepOnlyPhpCode($str)
{
$str = str_replace('<?=', '<?php', $str);
$newstr = '';
//split on each opening tag

5
htdocs/core/lib/website2.lib.php
View File

@ -647,6 +647,11 @@ function checkPHPCode($phpfullcodestringold, $phpfullcodestring)
break;
}
}
// Check dynamic functions $xxx(
if (preg_match('/\$[a-z0-9_]+\(/ims', $phpfullcodestring)) {
$error++;
setEventMessages($langs->trans("DynamicPHPCodeContainsAForbiddenInstruction", '$...('), null, 'errors');
}
if (!$error && empty($user->rights->website->writephp)) {
if ($phpfullcodestringold != $phpfullcodestring) {

2
htdocs/core/login/functions_googleoauth.php
View File

@ -50,7 +50,7 @@ function check_user_password_googleoauth($usertotest, $passwordtotest, $entityto
// Get identity from user and redirect browser to Google OAuth Server
if (GETPOSTISSET('username')) {
/*$openid = new SimpleOpenID();
$openid->SetIdentity($_POST['username']);
$openid->SetIdentity(GETPOST('username'));
$protocol = ($conf->file->main_force_https ? 'https://' : 'http://');
$openid->SetTrustRoot($protocol . $_SERVER["HTTP_HOST"]);
$openid->SetRequiredFields(array('email','fullname'));

2
htdocs/core/modules/mailings/thirdparties.modules.php
View File

@ -72,7 +72,7 @@ class mailing_thirdparties extends MailingTargets
$addDescription = "";
// Select the third parties from category
if (empty($_POST['filter'])) {
if (!GETPOST('filter')) {
$sql = "SELECT s.rowid as id, s.email as email, s.nom as name, null as fk_contact, null as firstname, null as label";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= " WHERE s.email <> ''";

1
htdocs/core/photos_resize.php
View File

@ -413,7 +413,6 @@ if ($action == 'confirm_crop') {
$fullpath = $dir."/".$original_file;
//var_dump($fullpath.' '.$_POST['w'].'x'.$_POST['h'].'-'.$_POST['x'].'x'.$_POST['y']);exit;
$result = dol_imageResizeOrCrop($fullpath, 1, GETPOST('w', 'int'), GETPOST('h', 'int'), GETPOST('x', 'int'), GETPOST('y', 'int'));
if ($result == $fullpath) {

9
htdocs/core/tpl/extrafields_view.tpl.php
View File

@ -125,14 +125,19 @@ if (empty($reshook) && isset($extrafields->attributes[$object->table_element]['l
$lastseparatorkeyfound = $tmpkeyextra;
} else {
print '<tr class="trextrafields_collapse'.$extrafields_collapse_num.(!empty($object->id) ? '_'.$object->id : '');
$collapse_group = $extrafields_collapse_num.(!empty($object->id) ? '_'.$object->id : '');
print '<tr class="trextrafields_collapse'.$collapse_group;
/*if ($extrafields_collapse_num && $extrafields_collapse_num_old && $extrafields_collapse_num != $extrafields_collapse_num_old) {
print ' trextrafields_collapse_new';
}*/
if ($extrafields_collapse_num && $i == count($extrafields->attributes[$object->table_element]['label'])) {
print ' trextrafields_collapse_last';
}
print '">';
print '"';
if (empty($extrafields->expand_display[$collapse_group])) {
print ' style="display: none;"';
}
print '>';
$extrafields_collapse_num_old = $extrafields_collapse_num;
print '<td class="titlefield">';
print '<table class="nobordernopadding centpercent">';

4
htdocs/don/payment/payment.php
View File

@ -78,7 +78,7 @@ if ($action == 'add_payment') {
foreach ($_POST as $key => $value) {
if (substr($key, 0, 7) == 'amount_') {
$other_chid = substr($key, 7);
$amounts[$other_chid] = price2num($_POST[$key]);
$amounts[$other_chid] = price2num(GETPOST($key));
}
}
@ -110,7 +110,7 @@ if ($action == 'add_payment') {
}
if (!$error) {
$result = $payment->addPaymentToBank($user, 'payment_donation', '(DonationPayment)', $_POST['accountid'], '', '');
$result = $payment->addPaymentToBank($user, 'payment_donation', '(DonationPayment)', GETPOST('accountid', 'int'), '', '');
if (!$result > 0) {
$errmsg = $payment->error;
setEventMessages($errmsg, null, 'errors');

12
htdocs/eventorganization/core/actions_massactions_mail.inc.php
View File

@ -111,7 +111,7 @@ if (!$error && $massaction == 'confirm_presend_attendees') {
$massaction = 'presend_attendees';
}
$receiver = $_POST['receiver'];
$receiver = GETPOST('receiver', 'alphawithlgt');
if (!is_array($receiver)) {
if (empty($receiver) || $receiver == '-1') {
$receiver = array();
@ -143,7 +143,7 @@ if (!$error && $massaction == 'confirm_presend_attendees') {
$sendto = $attendees->thirdparty->name . '<' . trim($attendees->email) . '>';
// Define $sendtocc
$receivercc = $_POST['receivercc'];
$receivercc = GETPOST('receivercc', 'alphawithlgt');
if (!is_array($receivercc)) {
if ($receivercc == '-1') {
$receivercc = array();
@ -153,7 +153,7 @@ if (!$error && $massaction == 'confirm_presend_attendees') {
}
$tmparray = array();
if (trim($_POST['sendtocc'])) {
$tmparray[] = trim($_POST['sendtocc']);
$tmparray[] = trim(GETPOST('sendtocc', 'alphawithlgt'));
}
$sendtocc = implode(',', $tmparray);
@ -177,17 +177,17 @@ if (!$error && $massaction == 'confirm_presend_attendees') {
$resql = $db->query($sql);
$obj = $db->fetch_object($resql);
if ($obj) {
$from = $obj->label . ' <' . $obj->email . '>';
$from = dol_string_nospecial($obj->label, ' ', array(",")) . ' <' . $obj->email . '>';
}
} else {
$from = $_POST['fromname'] . ' <' . $_POST['frommail'] . '>';
$from = dol_string_nospecial(GETPOST('fromname'), ' ', array(",")) . ' <' . GETPOST('frommail') . '>';
}
$replyto = $from;
$subject = GETPOST('subject', 'restricthtml');
$message = GETPOST('message', 'restricthtml');
$sendtobcc = GETPOST('sendtoccc');
$sendtobcc = GETPOST('sendtoccc', 'alphawithlgt');
// $objecttmp is a real object or an empty object if we choose to send one email per thirdparty instead of one per object
// Make substitution in email content

2
htdocs/expedition/card.php
View File

@ -304,7 +304,6 @@ if (empty($reshook)) {
$qty = "qtyl".$i.'_'.$j;
}
} else {
//var_dump(GETPOST($qty,'alpha')); var_dump($_POST); var_dump($batch);exit;
//shipment line for product with no batch management and no multiple stock location
if (GETPOST($qty, 'int') > 0) {
$totalqty += price2num(GETPOST($qty, 'alpha'), 'MS');
@ -473,7 +472,6 @@ if (empty($reshook)) {
// }
//}
} elseif ($action == 'setdate_livraison' && $user->rights->expedition->creer) {
//print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year'];
$datedelivery = dol_mktime(GETPOST('liv_hour', 'int'), GETPOST('liv_min', 'int'), 0, GETPOST('liv_month', 'int'), GETPOST('liv_day', 'int'), GETPOST('liv_year', 'int'));
$object->fetch($id);

1
htdocs/expedition/shipment.php
View File

@ -112,7 +112,6 @@ if (empty($reshook)) {
}
if ($action == 'setdatedelivery' && $user->rights->commande->creer) {
//print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year'];
$datedelivery = dol_mktime(GETPOST('liv_hour', 'int'), GETPOST('liv_min', 'int'), 0, GETPOST('liv_month', 'int'), GETPOST('liv_day', 'int'), GETPOST('liv_year', 'int'));
$object->fetch($id);

4
htdocs/expensereport/payment/payment.php
View File

@ -87,8 +87,8 @@ if ($action == 'add_payment') {
// Read possible payments
foreach ($_POST as $key => $value) {
if (substr($key, 0, 7) == 'amount_') {
$amounts[$expensereport->fk_user_author] = price2num($_POST[$key]);
$total += price2num($_POST[$key]);
$amounts[$expensereport->fk_user_author] = price2num(GETPOST($key));
$total += price2num(GETPOST($key));
}
}

4
htdocs/exports/export.php
View File

@ -388,7 +388,7 @@ if ($step == 4 && $action == 'submitFormField') {
$_SESSION["export_filtered_fields"] = array();
foreach ($objexport->array_export_TypeFields[0] as $code => $type) { // $code: s.fieldname $value: Text|Boolean|List:ccc
$newcode = (string) preg_replace('/\./', '_', $code);
//print 'xxx '.$code."=".$newcode."=".$type."=".$_POST[$newcode]."\n<br>";
//print 'xxx '.$code."=".$newcode."=".$type."=".GETPOST($newcode)."\n<br>";
$check = 'alphanohtml';
$filterqualified = 1;
if (!GETPOSTISSET($newcode) || GETPOST($newcode, $check) == '') {
@ -1212,7 +1212,7 @@ if ($step == 5 && $datatoexport) {
// Show existing generated documents
// NB: La fonction show_documents rescanne les modules qd genallowed=1, sinon prend $liste
print $formfile->showdocuments('export', '', $upload_dir, $_SERVER["PHP_SELF"].'?step=5&datatoexport='.$datatoexport, $liste, 1, (!empty($_POST['model']) ? $_POST['model'] : 'csv'), 1, 1, 0, 0, 0, '', 'none', '', '', '');
print $formfile->showdocuments('export', '', $upload_dir, $_SERVER["PHP_SELF"].'?step=5&datatoexport='.$datatoexport, $liste, 1, (GETPOST('model') ? GETPOST('model') : 'csv'), 1, 1, 0, 0, 0, '', 'none', '', '', '');
}
llxFooter();

4
htdocs/fichinter/card.php
View File

@ -265,9 +265,9 @@ if (empty($reshook)) {
$error++;
$action = 'create';
}
$array_options = $extrafields->getOptionalsFromPost($object->table_element);
//$array_options = $extrafields->getOptionalsFromPost($object->table_element);
$object->array_options = $array_options;
//$object->array_options = $array_options;
$id = $object->create($user);

4
htdocs/fourn/commande/card.php
View File

@ -1707,12 +1707,12 @@ if ($action == 'create') {
// Payment term
print '<tr><td class="nowrap">'.$langs->trans('PaymentConditionsShort').'</td><td>';
$form->select_conditions_paiements(isset($_POST['cond_reglement_id']) ? $_POST['cond_reglement_id'] : $cond_reglement_id, 'cond_reglement_id');
$form->select_conditions_paiements(GETPOSTISSET('cond_reglement_id') ? GETPOST('cond_reglement_id') : $cond_reglement_id, 'cond_reglement_id');
print '</td></tr>';
// Payment mode
print '<tr><td>'.$langs->trans('PaymentMode').'</td><td>';
$form->select_types_paiements(isset($_POST['mode_reglement_id']) ? $_POST['mode_reglement_id'] : $mode_reglement_id, 'mode_reglement_id');
$form->select_types_paiements(GETPOSTISSET('mode_reglement_id') ? GETPOST('mode_reglement_id') : $mode_reglement_id, 'mode_reglement_id');
print '</td></tr>';
// Planned delivery date

4
htdocs/fourn/commande/dispatch.php
View File

@ -305,8 +305,8 @@ if ($action == 'dispatch' && $permissiontoreceive) {
$pu = 'pu_'.$reg[1].'_'.$reg[2];
$fk_commandefourndet = 'fk_commandefourndet_'.$reg[1].'_'.$reg[2];
$lot = 'lot_number_'.$reg[1].'_'.$reg[2];
$dDLUO = dol_mktime(12, 0, 0, $_POST['dluo_'.$reg[1].'_'.$reg[2].'month'], $_POST['dluo_'.$reg[1].'_'.$reg[2].'day'], $_POST['dluo_'.$reg[1].'_'.$reg[2].'year']);
$dDLC = dol_mktime(12, 0, 0, $_POST['dlc_'.$reg[1].'_'.$reg[2].'month'], $_POST['dlc_'.$reg[1].'_'.$reg[2].'day'], $_POST['dlc_'.$reg[1].'_'.$reg[2].'year']);
$dDLUO = dol_mktime(12, 0, 0, GETPOST('dluo_'.$reg[1].'_'.$reg[2].'month', 'int'), GETPOST('dluo_'.$reg[1].'_'.$reg[2].'day', 'int'), GETPOST('dluo_'.$reg[1].'_'.$reg[2].'year', 'int'));
$dDLC = dol_mktime(12, 0, 0, GETPOST('dlc_'.$reg[1].'_'.$reg[2].'month', 'int'), GETPOST('dlc_'.$reg[1].'_'.$reg[2].'day', 'int'), GETPOST('dlc_'.$reg[1].'_'.$reg[2].'year', 'int'));
$fk_commandefourndet = 'fk_commandefourndet_'.$reg[1].'_'.$reg[2];

13
htdocs/fourn/facture/card.php
View File

@ -990,7 +990,7 @@ if (empty($reshook)) {
if (!$error && GETPOST('origin', 'alpha') && GETPOST('originid')) {
// Parse element/subelement (ex: project_task)
$element = $subelement = GETPOST('origin', 'alpha');
/*if (preg_match('/^([^_]+)_([^_]+)/i',$_POST['origin'],$regs))
/*if (preg_match('/^([^_]+)_([^_]+)/i', GETPOST('origin'),$regs))
{
$element = $regs[1];
$subelement = $regs[2];
@ -1954,7 +1954,7 @@ if ($action == 'create') {
$datetmp = dol_mktime(12, 0, 0, GETPOST('remonth', 'int'), GETPOST('reday', 'int'), GETPOST('reyear', 'int'));
$dateinvoice = ($datetmp == '' ? (empty($conf->global->MAIN_AUTOFILL_DATE) ?-1 : '') : $datetmp);
$datetmp = dol_mktime(12, 0, 0, $_POST['echmonth'], $_POST['echday'], $_POST['echyear']);
$datetmp = dol_mktime(12, 0, 0, GETPOST('echmonth', 'int'), GETPOST('echday', 'int'), GETPOST('echyear', 'int'));
$datedue = ($datetmp == '' ?-1 : $datetmp);
// Replicate extrafields
@ -1967,7 +1967,7 @@ if ($action == 'create') {
$fk_account = $societe->fk_account;
$datetmp = dol_mktime(12, 0, 0, GETPOST('remonth', 'int'), GETPOST('reday', 'int'), GETPOST('reyear', 'int'));
$dateinvoice = ($datetmp == '' ? (empty($conf->global->MAIN_AUTOFILL_DATE) ?-1 : '') : $datetmp);
$datetmp = dol_mktime(12, 0, 0, $_POST['echmonth'], $_POST['echday'], $_POST['echyear']);
$datetmp = dol_mktime(12, 0, 0, GETPOST('echmonth', 'int'), GETPOST('echday', 'int'), GETPOST('echyear', 'int'));
$datedue = ($datetmp == '' ?-1 : $datetmp);
if (!empty($conf->multicurrency->enabled) && !empty($soc->multicurrency_code)) {
@ -2110,7 +2110,7 @@ if ($action == 'create') {
}
// Ref supplier
print '<tr><td class="fieldrequired">'.$langs->trans('RefSupplier').'</td><td><input name="ref_supplier" value="'.(isset($_POST['ref_supplier']) ? $_POST['ref_supplier'] : $objectsrc->ref_supplier).'" type="text"';
print '<tr><td class="fieldrequired">'.$langs->trans('RefSupplier').'</td><td><input name="ref_supplier" value="'.(GETPOSTISSET('ref_supplier') ? GETPOST('ref_supplier') : $objectsrc->ref_supplier).'" type="text"';
if ($societe->id > 0) {
print ' autofocus';
}
@ -2203,8 +2203,9 @@ if ($action == 'create') {
foreach ($facids as $facparam)
{
$options .= '<option value="' . $facparam ['id'] . '"';
if ($facparam ['id'] == $_POST['fac_replacement'])
if ($facparam ['id'] == GETPOST('fac_replacement') {
$options .= ' selected';
}
$options .= '>' . $facparam ['ref'];
$options .= ' (' . $facturestatic->LibStatut(0, $facparam ['status']) . ')';
$options .= '</option>';
@ -2446,7 +2447,7 @@ if ($action == 'create') {
if (!empty($conf->intracommreport->enabled)) {
$langs->loadLangs(array("intracommreport"));
print '<tr><td>'.$langs->trans('IntracommReportTransportMode').'</td><td>';
$form->selectTransportMode(isset($_POST['transport_mode_id']) ? $_POST['transport_mode_id'] : $transport_mode_id, 'transport_mode_id');
$form->selectTransportMode(GETPOSTISSET('transport_mode_id') ? GETPOST('transport_mode_id') : $transport_mode_id, 'transport_mode_id');
print '</td></tr>';
}

1
htdocs/fourn/facture/contact.php
View File

@ -46,6 +46,7 @@ if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'fournisseur', $id, 'facture_fourn', 'facture');
$hookmanager->initHooks(array('invoicesuppliercardcontact'));
$object = new FactureFournisseur($db);

1
htdocs/fourn/facture/document.php
View File

@ -51,6 +51,7 @@ if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'fournisseur', $id, 'facture_fourn', 'facture');
$hookmanager->initHooks(array('invoicesuppliercarddocument'));
// Get parameters
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;

1
htdocs/fourn/facture/info.php
View File

@ -44,6 +44,7 @@ if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'fournisseur', $id, 'facture_fourn', 'facture');
$hookmanager->initHooks(array('invoicesuppliercardinfo'));
$object = new FactureFournisseur($db);

2
htdocs/fourn/facture/note.php
View File

@ -69,7 +69,7 @@ if (empty($reshook)) {
// Set label
if ($action == 'setlabel' && ($user->rights->fournisseur->facture->creer || $user->rights->supplier_invoice->creer)) {
$object->label = $_POST['label'];
$object->label = GETPOST('label');
$result = $object->update($user);
if ($result < 0) {
dol_print_error($db);

16
htdocs/fourn/facture/paiement.php
View File

@ -187,7 +187,7 @@ if (empty($reshook)) {
}
}
$formquestion[$i++] = array('type' => 'hidden', 'name' => $key, 'value' => $_POST[$key]);
$formquestion[$i++] = array('type' => 'hidden', 'name' => $key, 'value' => GETPOST($key));
} elseif (substr($key, 0, 21) == 'multicurrency_amount_') {
$cursorfacid = substr($key, 21);
$multicurrency_amounts[$cursorfacid] = (GETPOST($key) ? price2num(GETPOST($key)) : 0);
@ -219,7 +219,7 @@ if (empty($reshook)) {
}
// Check parameters
if ($_POST['paiementid'] <= 0) {
if (GETPOST('paiementid') <= 0) {
setEventMessages($langs->transnoentities('ErrorFieldRequired', $langs->transnoentities('PaymentMode')), null, 'errors');
$error++;
}
@ -494,7 +494,7 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
print $form->selectDate($dateinvoice, '', '', '', 0, "addpaiement", 1, 1, 0, '', '', $object->date);
print '</td></tr>';
print '<tr><td class="fieldrequired">'.$langs->trans('PaymentMode').'</td><td>';
$form->select_types_paiements(empty($_POST['paiementid']) ? $obj->fk_mode_reglement : $_POST['paiementid'], 'paiementid');
$form->select_types_paiements(!GETPOST('paiementid') ? $obj->fk_mode_reglement : GETPOST('paiementid'), 'paiementid');
print '</td>';
if (!empty($conf->banque->enabled)) {
print '<tr><td class="fieldrequired">'.$langs->trans('Account').'</td><td>';
@ -504,10 +504,10 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
} else {
print '<tr><td>&nbsp;</td></tr>';
}
print '<tr><td>'.$langs->trans('Numero').'</td><td><input name="num_paiement" type="text" value="'.(empty($_POST['num_paiement']) ? '' : $_POST['num_paiement']).'"></td></tr>';
print '<tr><td>'.$langs->trans('Numero').'</td><td><input name="num_paiement" type="text" value="'.(!GETPOST('num_paiement') ? '' : GETPOST('num_paiement')).'"></td></tr>';
print '<tr><td>'.$langs->trans('Comments').'</td>';
print '<td class="tdtop">';
print '<textarea name="comment" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.(empty($_POST['comment']) ? '' : $_POST['comment']).'</textarea></td></tr>';
print '<textarea name="comment" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.(!GETPOST('comment') ? '' : GETPOST('comment')).'</textarea></td></tr>';
print '</table>';
print dol_get_fiche_end();
@ -683,10 +683,10 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
print img_picto("Auto fill", 'rightarrow', "class='AutoFillAmout' data-rowname='".$namef."' data-value='".($sign * $multicurrency_remaintopay)."'");
}
print '<input type=hidden class="multicurrency_remain" name="'.$nameRemain.'" value="'.$multicurrency_remaintopay.'">';
print '<input type="text" size="8" class="multicurrency_amount" name="'.$namef.'" value="'.$_POST[$namef].'">';
print '<input type="text" size="8" class="multicurrency_amount" name="'.$namef.'" value="'.GETPOST($namef).'">';
} else {
print '<input type="text" size="8" name="'.$namef.'_disabled" value="'.$_POST[$namef].'" disabled>';
print '<input type="hidden" name="'.$namef.'" value="'.$_POST[$namef].'">';
print '<input type="text" size="8" name="'.$namef.'_disabled" value="'.GETPOST($namef).'" disabled>';
print '<input type="hidden" name="'.$namef.'" value="'.GETPOST($namef).'">';
}
}
print "</td>";

6
htdocs/fourn/paiement/card.php
View File

@ -108,9 +108,9 @@ if ($action == 'confirm_validate' && $confirm == 'yes' &&
}
}
if ($action == 'setnum_paiement' && !empty($_POST['num_paiement'])) {
if ($action == 'setnum_paiement' && GETPOST('num_paiement')) {
$object->fetch($id);
$res = $object->update_num($_POST['num_paiement']);
$res = $object->update_num(GETPOST('num_paiement'));
if ($res === 0) {
setEventMessages($langs->trans('PaymentNumberUpdateSucceeded'), null, 'mesgs');
} else {
@ -118,7 +118,7 @@ if ($action == 'setnum_paiement' && !empty($_POST['num_paiement'])) {
}
}
if ($action == 'setdatep' && !empty($_POST['datepday'])) {
if ($action == 'setdatep' && GETPOST('datepday')) {
$object->fetch($id);
$datepaye = dol_mktime(GETPOST('datephour', 'int'), GETPOST('datepmin', 'int'), GETPOST('datepsec', 'int'), GETPOST('datepmonth', 'int'), GETPOST('datepday', 'int'), GETPOST('datepyear', 'int'));
$res = $object->update_date($datepaye);

6
htdocs/holiday/card.php
View File

@ -112,7 +112,7 @@ if ($object->statut == Holiday::STATUS_DRAFT && $user->rights->holiday->write &&
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'holiday', $object->id, 'holiday');
$result = restrictedArea($user, 'holiday', $object->id, 'holiday', '', '', 'rowid', $object->statut);
/*
@ -654,7 +654,7 @@ if (empty($reshook)) {
}
if ($action == 'confirm_refuse' && GETPOST('confirm', 'alpha') == 'yes') {
if (!empty($_POST['detail_refuse'])) {
if (GETPOST('detail_refuse')) {
$object->fetch($id);
// If status pending validation and validator = user
@ -1414,7 +1414,7 @@ if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add') {
// Confirmation messages
if ($action == 'delete') {
if ($user->rights->holiday->delete) {
if ($candelete) {
print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$object->id, $langs->trans("TitleDeleteCP"), $langs->trans("ConfirmDeleteCP"), "confirm_delete", '', 0, 1);
}
}

3
htdocs/holiday/define_holiday.php
View File

@ -145,7 +145,8 @@ if (empty($reshook)) {
}
//If the user set a comment, we add it to the log comment
$comment = ((isset($_POST['note_holiday'][$userID]) && !empty($_POST['note_holiday'][$userID])) ? ' ('.$_POST['note_holiday'][$userID].')' : '');
$note_holiday = GETPOST('note_holiday');
$comment = ((isset($note_holiday[$userID]) && !empty($note_holiday[$userID])) ? ' ('.$note_holiday[$userID].')' : '');
//print 'holiday: '.$val['rowid'].'-'.$userValue;
if ($userValue != '') {

4
htdocs/hrm/establishment/card.php
View File

@ -135,14 +135,14 @@ if ($action == 'confirm_delete' && $confirm == "yes") {
$result = $object->update($user);
if ($result > 0) {
header("Location: ".$_SERVER["PHP_SELF"]."?id=".$_POST['id']);
header("Location: ".$_SERVER["PHP_SELF"]."?id=".GETPOST('id', 'int'));
exit;
} else {
setEventMessages($object->error, $object->errors, 'errors');
}
}
} else {
header("Location: ".$_SERVER["PHP_SELF"]."?id=".$_POST['id']);
header("Location: ".$_SERVER["PHP_SELF"]."?id=".GETPOST('id', 'int'));
exit;
}
}

3
htdocs/hrm/evaluation_card.php
View File

@ -269,9 +269,6 @@ if ($action == 'create') {
print dol_get_fiche_head(array(), '');
// Set some default values
//if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue';
print '<table class="border centpercent tableforfieldcreate">'."\n";
// Common attributes

3
htdocs/hrm/job_card.php
View File

@ -195,9 +195,6 @@ if ($action == 'create') {
print dol_get_fiche_head(array(), '');
// Set some default values
//if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue';
print '<table class="border centpercent tableforfieldcreate">' . "\n";
// Common attributes

3
htdocs/hrm/position.php
View File

@ -915,9 +915,6 @@ if ($action == 'create') {
print dol_get_fiche_head(array(), '');
// Set some default values
//if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue';
print '<table class="border centpercent tableforfieldcreate">' . "\n";
// Common attributes

3
htdocs/hrm/skill_card.php
View File

@ -196,9 +196,6 @@ if ($action == 'create') {
print dol_get_fiche_head(array(), '');
// Set some default values
//if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue';
print '<table class="border centpercent tableforfieldcreate">' . "\n";
// Common attributes

2521
htdocs/includes/tecnickcom/tcpdf/tcpdf.php
View File

File diff suppressed because it is too large Load Diff

4
htdocs/install/default.css
View File

@ -32,6 +32,10 @@
vertical-align: middle;
}
.right {
text-align: right;
}
.opacitymedium {
opacity: 0.5;
}

6
htdocs/install/mysql/migration/15.0.0-16.0.0.sql
View File

@ -245,3 +245,9 @@ create table llx_inventory_extrafields
import_key varchar(14) -- import key
) ENGINE=innodb;
ALTER TABLE llx_inventory_extrafields ADD INDEX idx_inventory_extrafields (fk_object);
ALTER TABLE llx_reception MODIFY COLUMN ref_supplier varchar(128);
ALTER TABLE llx_bank_account ADD COLUMN pti_in_ctti smallint DEFAULT 0 AFTER domiciliation;

1
htdocs/install/mysql/tables/llx_bank_account.sql
View File

@ -42,6 +42,7 @@ create table llx_bank_account
country_iban varchar(2), -- deprecated
cle_iban varchar(2),
domiciliation varchar(255),
pti_in_ctti smallint DEFAULT 0,
state_id integer DEFAULT NULL,
fk_pays integer NOT NULL,
proprio varchar(60),

8
htdocs/install/mysql/tables/llx_reception.sql
View File

@ -26,11 +26,11 @@ create table llx_reception
ref varchar(30) NOT NULL,
entity integer DEFAULT 1 NOT NULL, -- multi company id
fk_soc integer NOT NULL,
fk_projet integer DEFAULT NULL,
fk_projet integer DEFAULT NULL,
ref_ext varchar(30), -- reference into an external system (not used by dolibarr)
ref_int varchar(30), -- reference into an internal system (deprecated)
ref_supplier varchar(30), -- customer number
ref_int varchar(30), -- reference into an internal system (deprecated)
ref_supplier varchar(128), -- supplier number
date_creation datetime, -- date de creation
fk_user_author integer, -- author of creation
@ -38,7 +38,7 @@ create table llx_reception
date_valid datetime, -- date de validation
fk_user_valid integer, -- valideur
date_delivery datetime DEFAULT NULL, -- date planned of delivery
date_reception datetime,
date_reception datetime,
fk_shipping_method integer,
tracking_number varchar(50),
fk_statut smallint DEFAULT 0, -- 0 = draft, 1 = validated, 2 = billed or closed depending on WORKFLOW_BILL_ON_SHIPMENT option

0
htdocs/install/mysql/tables/llx_website-website.sql → htdocs/install/mysql/tables/llx_website.sql
View File

12
htdocs/install/upgrade.php
View File

@ -235,8 +235,12 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
// Force l'affichage de la progression
if ($ok) {
print '<tr><td colspan="2">'.$langs->trans("PleaseBePatient").'</td></tr>';
print '<tr><td colspan="2"><span class="opacitymedium messagebepatient">'.$langs->trans("PleaseBePatient").'</span></td></tr>';
print '</table>';
flush();
print '<table cellspacing="0" cellpadding="1" border="0" width="100%">';
}
@ -355,7 +359,7 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
// Scan if there is migration scripts that depends of Dolibarr version
// for modules htdocs/module/sql or htdocs/custom/module/sql (files called "dolibarr_x.y.z-a.b.c.sql")
// for modules htdocs/module/sql or htdocs/custom/module/sql (files called "dolibarr_x.y.z-a.b.c.sql" or "dolibarr_always.sql")
$modulesfile = array();
foreach ($conf->file->dol_document_root as $type => $dirroot) {
$handlemodule = @opendir($dirroot); // $dirroot may be '..'
@ -366,6 +370,9 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
if (is_file($dirroot.'/'.$filemodule.'/sql/dolibarr_'.$file)) {
$modulesfile[$dirroot.'/'.$filemodule.'/sql/dolibarr_'.$file] = '/'.$filemodule.'/sql/dolibarr_'.$file;
}
if (is_file($dirroot.'/'.$filemodule.'/sql/dolibarr_allversions.sql')) {
$modulesfile[$dirroot.'/'.$filemodule.'/sql/dolibarr_allversions.sql'] = '/'.$filemodule.'/sql/dolibarr_allversions.sql';
}
}
}
closedir($handlemodule);
@ -398,6 +405,7 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
}
}
if (empty($actiondone)) {
print '<div class="error">'.$langs->trans("ErrorWrongParameters").'</div>';
}

3
htdocs/knowledgemanagement/knowledgerecord_card.php
View File

@ -184,9 +184,6 @@ if ($action == 'create') {
print dol_get_fiche_head(array(), '');
// Set some default values
//if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue';
print '<table class="border centpercent tableforfieldcreate">'."\n";
// Common attributes

2
htdocs/langs/en_US/banks.lang
View File

@ -182,3 +182,5 @@ IfYouDontReconcileDisableProperty=If you don't make the bank reconciliations on
NoBankAccountDefined=No bank account defined
NoRecordFoundIBankcAccount=No record found in bank account. Commonly, this occurs when a record has been deleted manually from the list of transaction in the bank account (for example during a reconciliation of the bank account). Another reason is that the payment was recorded when the module "%s" was disabled.
AlreadyOneBankAccount=Already one bank account defined
SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformation=SEPA transfer: 'Payment Type' at 'Credit Transfer' level
SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformationHelp=SEPA XML: PaymentTypeInformation is mandatory and can now be placed at CreditTransferTransactionInformation level (instead of Payment level). We strongly recommend to place PaymentTypeInformation at Payment level, as all banks will not necessarily accept it at CreditTransferTransactionInformation level. Contact your bank before placing PaymentTypeInformation at CreditTransferTransactionInformation level.

28
htdocs/main.inc.php
View File

@ -97,15 +97,15 @@ function testSqlAndScriptInject($val, $type)
//$val = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', 'realCharForNumericEntities', $val); // Sometimes we have entities without the ; at end so html_entity_decode does not work but entities is still interpreted by browser.
$val = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', function ($m) {
return realCharForNumericEntities($m); }, $val);
// We clean string because some hacks try to obfuscate evil strings by inserting non printable chars. Example: 'java(ascci09)scr(ascii00)ipt' is processed like 'javascript' (whatever is place of evil ascii char)
// We should use dol_string_nounprintableascii but function is not yet loaded/available
$val = preg_replace('/[\x00-\x1F\x7F]/u', '', $val); // /u operator makes UTF8 valid characters being ignored so are not included into the replace
// We clean html comments because some hacks try to obfuscate evil strings by inserting HTML comments. Example: on<!-- -->error=alert(1)
$val = preg_replace('/<!--[^>]*-->/', '', $val);
} while ($oldval != $val);
//print "after decoding $val\n";
// We clean string because some hacks try to obfuscate evil strings by inserting non printable chars. Example: 'java(ascci09)scr(ascii00)ipt' is processed like 'javascript' (whatever is place of evil ascii char)
// We should use dol_string_nounprintableascii but function is not yet loaded/available
$val = preg_replace('/[\x00-\x1F\x7F]/u', '', $val); // /u operator makes UTF8 valid characters being ignored so are not included into the replace
// We clean html comments because some hacks try to obfuscate evil strings by inserting HTML comments. Example: on<!-- -->error=alert(1)
$val = preg_replace('/<!--[^>]*-->/', '', $val);
$inj = 0;
// For SQL Injection (only GET are used to scan for such injection strings)
if ($type == 1 || $type == 3) {
@ -149,7 +149,7 @@ function testSqlAndScriptInject($val, $type)
// List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp and https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers
$inj += preg_match('/on(mouse|drag|key|load|touch|pointer|select|transition)([a-z]*)\s*=/i', $val); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
$inj += preg_match('/on(abort|afterprint|animation|auxclick|beforecopy|beforecut|beforeprint|beforeunload|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|copy|cut)\s*=/i', $val);
$inj += preg_match('/on(dblclick|drop|durationchange|emptied|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)\s*=/i', $val);
$inj += preg_match('/on(dblclick|drop|durationchange|emptied|end|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)\s*=/i', $val);
$inj += preg_match('/on(lostpointercapture|offline|online|pagehide|pageshow)\s*=/i', $val);
$inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeked|seeking|show|stalled|start|submit|suspend)\s*=/i', $val);
$inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting|wheel)\s*=/i', $val);
@ -158,8 +158,8 @@ function testSqlAndScriptInject($val, $type)
$tmpval = preg_replace('/<[^<]+>/', '', $val);
// List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp and https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers
$inj += preg_match('/on(mouse|drag|key|load|touch|pointer|select|transition)([a-z]*)\s*=/i', $val); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
$inj += preg_match('/on(abort|afterprint|animation|auxclick|beforeprint|beforeunload|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|copy|cut)\s*=/i', $tmpval);
$inj += preg_match('/on(dblclick|drop|durationchange|emptied|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)\s*=/i', $tmpval);
$inj += preg_match('/on(abort|afterprint|animation|auxclick|beforecopy|beforecut|beforeprint|beforeunload|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|copy|cut)\s*=/i', $tmpval);
$inj += preg_match('/on(dblclick|drop|durationchange|emptied|end|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)\s*=/i', $tmpval);
$inj += preg_match('/on(lostpointercapture|offline|online|pagehide|pageshow)\s*=/i', $tmpval);
$inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeked|seeking|show|stalled|start|submit|suspend)\s*=/i', $tmpval);
$inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting|wheel)\s*=/i', $tmpval);
@ -533,7 +533,10 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt(
dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (invalid token), so we disable POST and some GET parameters - referer=".$_SERVER['HTTP_REFERER'].", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha').", _SESSION['token']=".$_SESSION['token'], LOG_WARNING);
//print 'Unset POST by CSRF protection in main.inc.php.'; // Do not output anything because this create problems when using the BACK button on browsers.
setEventMessages('SecurityTokenHasExpiredSoActionHasBeenCanceledPleaseRetry', null, 'warnings');
if (isset($_POST['id'])) $savid = ((int) $_POST['id']);
$savid = null;
if (isset($_POST['id'])) {
$savid = ((int) $_POST['id']);
}
unset($_POST);
//unset($_POST['action']); unset($_POST['massaction']);
//unset($_POST['confirm']); unset($_POST['confirmmassaction']);
@ -541,7 +544,10 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt(
unset($_GET['action']);
unset($_GET['confirmmassaction']);
unset($_GET['massaction']);
if (isset($savid)) $_POST['id'] = ((int) $savid);
unset($_GET['token']); // TODO Make a redirect if we have a token in url to remove it ?
if (isset($savid)) {
$_POST['id'] = ((int) $savid);
}
}
// Note: There is another CSRF protection into the filefunc.inc.php

6
htdocs/margin/admin/margin.php
View File

@ -64,7 +64,7 @@ if (preg_match('/del_([a-z0-9_\-]+)/i', $action, $reg)) {
}
if ($action == 'remises') {
if (dolibarr_set_const($db, 'MARGIN_METHODE_FOR_DISCOUNT', $_POST['MARGIN_METHODE_FOR_DISCOUNT'], 'chaine', 0, '', $conf->entity) > 0) {
if (dolibarr_set_const($db, 'MARGIN_METHODE_FOR_DISCOUNT', GETPOST('MARGIN_METHODE_FOR_DISCOUNT'), 'chaine', 0, '', $conf->entity) > 0) {
setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs');
} else {
dol_print_error($db);
@ -72,7 +72,7 @@ if ($action == 'remises') {
}
if ($action == 'typemarges') {
if (dolibarr_set_const($db, 'MARGIN_TYPE', $_POST['MARGIN_TYPE'], 'chaine', 0, '', $conf->entity) > 0) {
if (dolibarr_set_const($db, 'MARGIN_TYPE', GETPOST('MARGIN_TYPE'), 'chaine', 0, '', $conf->entity) > 0) {
setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs');
} else {
dol_print_error($db);
@ -80,7 +80,7 @@ if ($action == 'typemarges') {
}
if ($action == 'contact') {
if (dolibarr_set_const($db, 'AGENT_CONTACT_TYPE', $_POST['AGENT_CONTACT_TYPE'], 'chaine', 0, '', $conf->entity) > 0) {
if (dolibarr_set_const($db, 'AGENT_CONTACT_TYPE', GETPOST('AGENT_CONTACT_TYPE'), 'chaine', 0, '', $conf->entity) > 0) {
setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs');
} else {
dol_print_error($db);

3
htdocs/modulebuilder/template/sql/dolibarr_allversions.sql Normal file
View File

@ -0,0 +1,3 @@
--
-- Script run when an upgrade of Dolibarr is done. Whatever is the Dolibarr version.
--

14
htdocs/modulebuilder/template/sql/update_x.x.x-y.y.y.sql
View File

@ -1,14 +1,4 @@
-- Copyright (C) ---Put here your own copyright and developer email---
--
-- This program is free software: you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation, either version 3 of the License, or
-- (at your option) any later version.
-- Script run to make a migration of module version x.x.x to module version y.y.y
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program. If not, see https://www.gnu.org/licenses/.

Some files were not shown because too many files have changed in this diff Show More