From 6b8793e1711269310bf1f044a7d904b4baf548cf Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 19 Feb 2022 00:41:45 +0100 Subject: [PATCH 01/59] Fix sql error on web service --- htdocs/webservices/server_supplier_invoice.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/webservices/server_supplier_invoice.php b/htdocs/webservices/server_supplier_invoice.php index 926fa8f6418..1581d569f27 100644 --- a/htdocs/webservices/server_supplier_invoice.php +++ b/htdocs/webservices/server_supplier_invoice.php @@ -350,8 +350,8 @@ function getSupplierInvoicesForThirdParty($authentication, $idthirdparty) if (!$error) { $linesinvoice = array(); - $sql .= "SELECT f.rowid as facid"; - $sql .= " FROM '.MAIN_DB_PREFIX.'facture_fourn as f"; + $sql = "SELECT f.rowid as facid"; + $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn as f"; $sql .= " WHERE f.entity = ".((int) $conf->entity); if ($idthirdparty != 'all') { $sql .= " AND f.fk_soc = ".((int) $idthirdparty); From 996dcdde8262544692b8eb25e04869417f6c0332 Mon Sep 17 00:00:00 2001 From: ptibogxiv Date: Sat, 19 Feb 2022 18:34:53 +0100 Subject: [PATCH 02/59] FIX error with php8 --- htdocs/admin/system/filecheck.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/system/filecheck.php b/htdocs/admin/system/filecheck.php index 1f183e1b730..0d5a5673db1 100644 --- a/htdocs/admin/system/filecheck.php +++ b/htdocs/admin/system/filecheck.php @@ -416,7 +416,7 @@ if (empty($error) && !empty($xml)) { $outexpectedchecksum = ($checksumtoget ? $checksumtoget : $langs->trans("Unknown")); if ($checksumget == $checksumtoget) { - if (count($file_list['added'])) { + if (is_countable($file_list['added'])) { $resultcode = 'warning'; $resultcomment = 'FileIntegrityIsOkButFilesWereAdded'; $outcurrentchecksum = $checksumget.' - '.$langs->trans($resultcomment).''; From b8d82671b3df6d603f75c3553920629e3921eab9 Mon Sep 17 00:00:00 2001 From: ptibogxiv Date: Sun, 20 Feb 2022 10:39:59 +0100 Subject: [PATCH 03/59] Update filecheck.php --- htdocs/admin/system/filecheck.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/system/filecheck.php b/htdocs/admin/system/filecheck.php index 0d5a5673db1..10edae1a24b 100644 --- a/htdocs/admin/system/filecheck.php +++ b/htdocs/admin/system/filecheck.php @@ -416,7 +416,7 @@ if (empty($error) && !empty($xml)) { $outexpectedchecksum = ($checksumtoget ? $checksumtoget : $langs->trans("Unknown")); if ($checksumget == $checksumtoget) { - if (is_countable($file_list['added'])) { + if (is_array($file_list['added']) && count($file_list['added'])) { $resultcode = 'warning'; $resultcomment = 'FileIntegrityIsOkButFilesWereAdded'; $outcurrentchecksum = $checksumget.' - '.$langs->trans($resultcomment).''; From 678c3bdb76c09db995401176c3b9a7de7ec0d1ed Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 20 Feb 2022 18:07:10 +0100 Subject: [PATCH 04/59] Fix switch to login page --- htdocs/main.inc.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 3f8da14338b..46315f2d688 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -533,7 +533,10 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt( dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"]) ? '' : $_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (invalid token), so we disable POST and some GET parameters - referer=".$_SERVER['HTTP_REFERER'].", action=".GETPOST('action', 'aZ09').", _GET|POST['token']=".GETPOST('token', 'alpha').", _SESSION['token']=".$_SESSION['token'], LOG_WARNING); //print 'Unset POST by CSRF protection in main.inc.php.'; // Do not output anything because this create problems when using the BACK button on browsers. setEventMessages('SecurityTokenHasExpiredSoActionHasBeenCanceledPleaseRetry', null, 'warnings'); - if (isset($_POST['id'])) $savid = ((int) $_POST['id']); + $savid = null; + if (isset($_POST['id'])) { + $savid = ((int) $_POST['id']); + } unset($_POST); //unset($_POST['action']); unset($_POST['massaction']); //unset($_POST['confirm']); unset($_POST['confirmmassaction']); @@ -541,7 +544,10 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && getDolGlobalInt( unset($_GET['action']); unset($_GET['confirmmassaction']); unset($_GET['massaction']); - if (isset($savid)) $_POST['id'] = ((int) $savid); + unset($_GET['token']); // TODO Make a redirect if we have a token in url to remove it ? + if (isset($savid)) { + $_POST['id'] = ((int) $savid); + } } // Note: There is another CSRF protection into the filefunc.inc.php From f544219d922c6249aac9f3e13908adb5d25fb370 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 22 Feb 2022 16:44:17 +0100 Subject: [PATCH 05/59] FIX permission to download files of expense report with readall. --- htdocs/core/lib/files.lib.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index c70ea041e0a..d1364598c07 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2424,10 +2424,10 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, } $original_file = $conf->fournisseur->facture->dir_output.'/'.$original_file; } elseif (($modulepart == 'holiday') && !empty($conf->holiday->dir_output)) { - if ($fuser->rights->holiday->{$read} || preg_match('/^specimen/i', $original_file)) { + if ($fuser->rights->holiday->{$read} || !empty($fuser->rights->holiday->readall) || preg_match('/^specimen/i', $original_file)) { $accessallowed = 1; // If we known $id of holiday, call checkUserAccessToObject to check permission on properties and hierarchy of leave request - if ($refname && !preg_match('/^specimen/i', $original_file)) { + if ($refname && empty($fuser->rights->holiday->readall) && !preg_match('/^specimen/i', $original_file)) { include_once DOL_DOCUMENT_ROOT.'/holiday/class/holiday.class.php'; $tmpholiday = new Holiday($db); $tmpholiday->fetch('', $refname); @@ -2436,10 +2436,10 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, } $original_file = $conf->holiday->dir_output.'/'.$original_file; } elseif (($modulepart == 'expensereport') && !empty($conf->expensereport->dir_output)) { - if ($fuser->rights->expensereport->{$lire} || preg_match('/^specimen/i', $original_file)) { + if ($fuser->rights->expensereport->{$lire} || !empty($fuser->rights->expensereport->readall) || preg_match('/^specimen/i', $original_file)) { $accessallowed = 1; // If we known $id of expensereport, call checkUserAccessToObject to check permission on properties and hierarchy of expense report - if ($refname && !preg_match('/^specimen/i', $original_file)) { + if ($refname && empty($fuser->rights->expensereport->readall) && !preg_match('/^specimen/i', $original_file)) { include_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php'; $tmpexpensereport = new ExpenseReport($db); $tmpexpensereport->fetch('', $refname); From 65ecd2f3eff5ac37d5211842639646c64c9442f8 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Tue, 22 Feb 2022 17:06:10 +0100 Subject: [PATCH 06/59] Fix : fix error of permission in holiday --- htdocs/holiday/card.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php index 70d9c8da54d..cbee61c6962 100644 --- a/htdocs/holiday/card.php +++ b/htdocs/holiday/card.php @@ -113,7 +113,7 @@ if ($object->statut == Holiday::STATUS_DRAFT && $user->rights->holiday->write && if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'holiday', $object->id, 'holiday'); +$result = restrictedArea($user, 'holiday', $object->id, 'holiday','','','rowid',$object->statut); /* @@ -1400,7 +1400,7 @@ if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add') { // Confirmation messages if ($action == 'delete') { - if ($user->rights->holiday->delete) { + if ($candelete) { print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$object->id, $langs->trans("TitleDeleteCP"), $langs->trans("ConfirmDeleteCP"), "confirm_delete", '', 0, 1); } } From 19dbed1804c0a74195a785f81381a765e0ac3fa4 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Tue, 22 Feb 2022 16:10:56 +0000 Subject: [PATCH 07/59] Fixing style errors. --- htdocs/holiday/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php index cbee61c6962..bbabc5327d8 100644 --- a/htdocs/holiday/card.php +++ b/htdocs/holiday/card.php @@ -113,7 +113,7 @@ if ($object->statut == Holiday::STATUS_DRAFT && $user->rights->holiday->write && if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'holiday', $object->id, 'holiday','','','rowid',$object->statut); +$result = restrictedArea($user, 'holiday', $object->id, 'holiday', '', '', 'rowid', $object->statut); /* From 0e0dd1ec6cb0e551d0f665b070f3e077b787f683 Mon Sep 17 00:00:00 2001 From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com> Date: Tue, 22 Feb 2022 17:42:11 +0100 Subject: [PATCH 08/59] FIX: invoice pdf: lines originating from deposits were not detailed anymore --- htdocs/core/lib/pdf.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/pdf.lib.php b/htdocs/core/lib/pdf.lib.php index 54c7d9060ab..9bc7df340cf 100644 --- a/htdocs/core/lib/pdf.lib.php +++ b/htdocs/core/lib/pdf.lib.php @@ -1271,7 +1271,7 @@ function pdf_getlinedesc($object, $i, $outputlangs, $hideref = 0, $hidedesc = 0, $textwasmodified = ($note == $prodser->note); if (!empty($prodser->multilangs[$outputlangs->defaultlang]["note"]) && ($textwasmodified || $translatealsoifmodified)) $note = $prodser->multilangs[$outputlangs->defaultlang]["note"]; } - } elseif ($object->element == 'facture' || $object->element == 'facturefourn') { + } elseif (($object->element == 'facture' || $object->element == 'facturefourn') && preg_match('/^\(DEPOSIT\).+/', $desc)) { // We must not replace '(DEPOSIT)' when it is alone, it will be translated and detailed later $desc = str_replace('(DEPOSIT)', $outputlangs->trans('Deposit'), $desc); } From 2d841d5b99d1733e6933a0db6c985f8e468b97a2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 22 Feb 2022 18:48:25 +0100 Subject: [PATCH 09/59] Fix param --- htdocs/website/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/website/index.php b/htdocs/website/index.php index 610607f0321..cdf425e3ae3 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -3487,7 +3487,7 @@ if ($action == 'createsite') { $siteref = $sitedesc = $sitelang = $siteotherlang = ''; if (GETPOST('WEBSITE_REF')) { - $siteref = GETPOST('WEBSITE_REF', 'alpha'); + $siteref = GETPOST('WEBSITE_REF', 'aZ09'); } if (GETPOST('WEBSITE_DESCRIPTION')) { $sitedesc = GETPOST('WEBSITE_DESCRIPTION', 'alpha'); From fb58b7e93090e69df3a8975fa766b429dd3ab374 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 22 Feb 2022 18:46:46 +0100 Subject: [PATCH 10/59] FIX #yogosha9048 --- htdocs/website/class/website.class.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/htdocs/website/class/website.class.php b/htdocs/website/class/website.class.php index 0e66e01db01..80a48048151 100644 --- a/htdocs/website/class/website.class.php +++ b/htdocs/website/class/website.class.php @@ -655,6 +655,13 @@ class Website extends CommonObject dol_syslog(__METHOD__, LOG_DEBUG); + $newref = dol_sanitizeFileName($newref); + + if (empty($newref)) { + $this->error = 'ErrorBadParameter'; + return -1; + } + $object = new self($this->db); // Check no site with ref exists @@ -671,8 +678,8 @@ class Website extends CommonObject $oldidforhome = $object->fk_default_home; $oldref = $object->ref; - $pathofwebsiteold = $dolibarr_main_data_root.'/website/'.$oldref; - $pathofwebsitenew = $dolibarr_main_data_root.'/website/'.$newref; + $pathofwebsiteold = $dolibarr_main_data_root.'/website/'.dol_sanitizeFileName($oldref); + $pathofwebsitenew = $dolibarr_main_data_root.'/website/'.dol_sanitizeFileName($newref); dol_delete_dir_recursive($pathofwebsitenew); $fileindex = $pathofwebsitenew.'/index.php'; From d6786459b4b7db881f30a194ed1434b1ed817d3a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 22 Feb 2022 22:03:34 +0100 Subject: [PATCH 11/59] FIX #yogosha9054 --- htdocs/accountancy/admin/journals_list.php | 60 ++++------------------ 1 file changed, 11 insertions(+), 49 deletions(-) diff --git a/htdocs/accountancy/admin/journals_list.php b/htdocs/accountancy/admin/journals_list.php index 7f000290e1c..de6b8374c2a 100644 --- a/htdocs/accountancy/admin/journals_list.php +++ b/htdocs/accountancy/admin/journals_list.php @@ -165,45 +165,19 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { // Check that all fields are filled $ok = 1; - foreach ($listfield as $f => $value) { - if ($fieldnamekey == 'libelle' || ($fieldnamekey == 'label')) { - $fieldnamekey = 'Label'; - } - if ($fieldnamekey == 'code') { - $fieldnamekey = 'Code'; - } - if ($fieldnamekey == 'nature') { - $fieldnamekey = 'NatureOfJournal'; - } - } + // Other checks if (GETPOSTISSET("code")) { if (GETPOST("code") == '0') { $ok = 0; setEventMessages($langs->transnoentities('ErrorCodeCantContainZero'), null, 'errors'); } - /*if (!is_numeric($_POST['code'])) // disabled, code may not be in numeric base - { - $ok = 0; - $msg .= $langs->transnoentities('ErrorFieldFormat', $langs->transnoentities('Code')).'
'; - }*/ } if (!GETPOST('label', 'alpha')) { setEventMessages($langs->transnoentities("ErrorFieldRequired", $langs->transnoentitiesnoconv("Label")), null, 'errors'); $ok = 0; } - // Clean some parameters - if ($_POST["accountancy_code"] <= 0) { - $_POST["accountancy_code"] = ''; // If empty, we force to null - } - if ($_POST["accountancy_code_sell"] <= 0) { - $_POST["accountancy_code_sell"] = ''; // If empty, we force to null - } - if ($_POST["accountancy_code_buy"] <= 0) { - $_POST["accountancy_code_buy"] = ''; // If empty, we force to null - } - // Si verif ok et action add, on ajoute la ligne if ($ok && GETPOST('actionadd', 'alpha')) { if ($tabrowid[$id]) { @@ -235,16 +209,13 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { } $i = 0; foreach ($listfieldinsert as $f => $value) { - if ($value == 'entity') { - $_POST[$listfieldvalue[$i]] = $conf->entity; - } if ($i) { $sql .= ","; } - if ($_POST[$listfieldvalue[$i]] == '') { + if (GETPOST($listfieldvalue[$i]) == '') { $sql .= "null"; // For vat, we want/accept code = '' } else { - $sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'"; + $sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'"; } $i++; } @@ -254,7 +225,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { $result = $db->query($sql); if ($result) { // Add is ok setEventMessages($langs->transnoentities("RecordSaved"), null, 'mesgs'); - $_POST = array('id'=>$id); // Clean $_POST array, we keep only + $_POST = array('id'=>$id); // Clean $_POST array, we keep only id } else { if ($db->errno() == 'DB_ERROR_RECORD_ALREADY_EXISTS') { setEventMessages($langs->transnoentities("ErrorRecordAlreadyExists"), null, 'errors'); @@ -281,24 +252,15 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { } $i = 0; foreach ($listfieldmodify as $field) { - if ($field == 'price' || preg_match('/^amount/i', $field) || $field == 'taux') { - $_POST[$listfieldvalue[$i]] = price2num($_POST[$listfieldvalue[$i]], 'MU'); - } elseif ($field == 'entity') { - $_POST[$listfieldvalue[$i]] = $conf->entity; - } if ($i) { $sql .= ","; } - $sql .= $field."="; - if ($_POST[$listfieldvalue[$i]] == '' && !($listfieldvalue[$i] == 'code' && $id == 10)) { - $sql .= "null"; // For vat, we want/accept code = '' - } else { - $sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'"; - } + $sql .= $field." = "; + $sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'"; $i++; } $sql .= " WHERE ".$rowidcol." = ".((int) $rowid); - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); dol_syslog("actionmodify", LOG_DEBUG); //print $sql; @@ -323,7 +285,7 @@ if ($action == 'confirm_delete' && $confirm == 'yes') { // delete } $sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol." = ".((int) $rowid); - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); dol_syslog("delete", LOG_DEBUG); $result = $db->query($sql); @@ -410,7 +372,7 @@ if ($action == 'delete') { if ($id) { // Complete requete recherche valeurs avec critere de tri $sql = $tabsql[$id]; - $sql .= " WHERE a.entity = ".$conf->entity; + $sql .= " WHERE a.entity = ".((int) $conf->entity); // If sort order is "country", we use country_code instead if ($sortfield == 'country') { @@ -510,7 +472,7 @@ if ($id) { $num = $db->num_rows($resql); $i = 0; - $param = '&id='.$id; + $param = '&id='.((int) $id); if ($search_country_id > 0) { $param .= '&search_country_id='.urlencode($search_country_id); } @@ -635,7 +597,7 @@ if ($id) { $class = 'tddict'; // Show value for field if ($showfield) { - print ''.$valuetoshow.''; + print ''.dol_escape_htmltag($valuetoshow).''; } } } From 27cc6078ed47863c3d16851397d9cf4acfa15ef2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 22 Feb 2022 22:15:29 +0100 Subject: [PATCH 12/59] Clean code --- htdocs/admin/dict.php | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index fb28aa3d045..4de4c682483 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -706,19 +706,19 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) { continue; // For some pages, country is not mandatory } // Discard check of mandatory fiedls for other fields - if ($value == 'localtax1' && empty($_POST['localtax1_type'])) { + if ($value == 'localtax1' && !GETPOST('localtax1_type')) { continue; } - if ($value == 'localtax2' && empty($_POST['localtax2_type'])) { + if ($value == 'localtax2' && !GETPOST('localtax2_type')) { continue; } - if ($value == 'color' && empty($_POST['color'])) { + if ($value == 'color' && !GETPOST('color')) { continue; } - if ($value == 'formula' && empty($_POST['formula'])) { + if ($value == 'formula' && !GETPOST('formula')) { continue; } - if ($value == 'dayrule' && empty($_POST['dayrule'])) { + if ($value == 'dayrule' && !GETPOST('dayrule')) { continue; } if ($value == 'sortorder') { @@ -794,11 +794,6 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) { $ok = 0; setEventMessages($langs->transnoentities('ErrorCodeCantContainZero'), null, 'errors'); } - /*if (!is_numeric($_POST['code'])) // disabled, code may not be in numeric base - { - $ok = 0; - $msg .= $langs->transnoentities('ErrorFieldFormat', $langs->transnoentities('Code')).'
'; - }*/ } if (GETPOSTISSET("country") && (GETPOST("country") == '0') && ($id != 2)) { if (in_array($tablib[$id], array('DictionaryCompanyType', 'DictionaryHolidayTypes'))) { // Field country is no mandatory for such dictionaries @@ -830,7 +825,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) { $_POST["accountancy_code_buy"] = ''; // If empty, we force to null } if ($id == 10 && GETPOSTISSET("code")) { // Spaces are not allowed into code for tax dictionary - $_POST["code"] = preg_replace('/[^a-zA-Z0-9\-\+]/', '', $_POST["code"]); + $_POST["code"] = preg_replace('/[^a-zA-Z0-9\-\+]/', '', GETPOST("code")); } // If check ok and action add, add the line @@ -883,7 +878,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) { if ($keycode == 'sortorder') { // For column name 'sortorder', we use the field name 'position' $sql .= (int) GETPOST('position', 'int'); - } elseif ($_POST[$keycode] == '' && !($keycode == 'code' && $id == 10)) { + } elseif (GETPOST($keycode) == '' && !($keycode == 'code' && $id == 10)) { $sql .= "null"; // For vat, we want/accept code = '' } elseif ($keycode == 'content') { $sql .= "'".$db->escape(GETPOST($keycode, 'restricthtml'))."'"; @@ -952,7 +947,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) { $sql .= $field."="; if ($listfieldvalue[$i] == 'sortorder') { // For column name 'sortorder', we use the field name 'position' $sql .= (int) GETPOST('position', 'int'); - } elseif ($_POST[$keycode] == '' && !($keycode == 'code' && $id == 10)) { + } elseif (GETPOST($keycode) == '' && !($keycode == 'code' && $id == 10)) { $sql .= "null"; // For vat, we want/accept code = '' } elseif ($keycode == 'content') { $sql .= "'".$db->escape(GETPOST($keycode, 'restricthtml'))."'"; From e0c24e5d2985ba5acf526cb61701f5f87494fb2a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 22 Feb 2022 22:19:32 +0100 Subject: [PATCH 13/59] Enhance WAF --- htdocs/main.inc.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 093813f5776..9f9659e292f 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -149,7 +149,7 @@ function testSqlAndScriptInject($val, $type) // List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp and https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers $inj += preg_match('/on(mouse|drag|key|load|touch|pointer|select|transition)([a-z]*)\s*=/i', $val); // onmousexxx can be set on img or any html tag like $inj += preg_match('/on(abort|afterprint|animation|auxclick|beforecopy|beforecut|beforeprint|beforeunload|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|copy|cut)\s*=/i', $val); - $inj += preg_match('/on(dblclick|drop|durationchange|emptied|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)\s*=/i', $val); + $inj += preg_match('/on(dblclick|drop|durationchange|emptied|end|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)\s*=/i', $val); $inj += preg_match('/on(lostpointercapture|offline|online|pagehide|pageshow)\s*=/i', $val); $inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeked|seeking|show|stalled|start|submit|suspend)\s*=/i', $val); $inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting|wheel)\s*=/i', $val); @@ -158,8 +158,8 @@ function testSqlAndScriptInject($val, $type) $tmpval = preg_replace('/<[^<]+>/', '', $val); // List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp and https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers $inj += preg_match('/on(mouse|drag|key|load|touch|pointer|select|transition)([a-z]*)\s*=/i', $val); // onmousexxx can be set on img or any html tag like - $inj += preg_match('/on(abort|afterprint|animation|auxclick|beforeprint|beforeunload|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|copy|cut)\s*=/i', $tmpval); - $inj += preg_match('/on(dblclick|drop|durationchange|emptied|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)\s*=/i', $tmpval); + $inj += preg_match('/on(abort|afterprint|animation|auxclick|beforecopy|beforecut|beforeprint|beforeunload|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|copy|cut)\s*=/i', $tmpval); + $inj += preg_match('/on(dblclick|drop|durationchange|emptied|end|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)\s*=/i', $tmpval); $inj += preg_match('/on(lostpointercapture|offline|online|pagehide|pageshow)\s*=/i', $tmpval); $inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeked|seeking|show|stalled|start|submit|suspend)\s*=/i', $tmpval); $inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting|wheel)\s*=/i', $tmpval); From c7c0c75429931e3dc635aeadf1d123f667d3f26b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 22 Feb 2022 22:27:09 +0100 Subject: [PATCH 14/59] Clean code --- htdocs/accountancy/admin/accountmodel.php | 13 ++++--------- htdocs/accountancy/admin/categories_list.php | 12 ++++++------ .../{llx_website-website.sql => llx_website.sql} | 0 3 files changed, 10 insertions(+), 15 deletions(-) rename htdocs/install/mysql/tables/{llx_website-website.sql => llx_website.sql} (100%) diff --git a/htdocs/accountancy/admin/accountmodel.php b/htdocs/accountancy/admin/accountmodel.php index 29c2b7d5510..b5b5318a1cc 100644 --- a/htdocs/accountancy/admin/accountmodel.php +++ b/htdocs/accountancy/admin/accountmodel.php @@ -185,11 +185,6 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { $ok = 0; setEventMessages($langs->transnoentities('ErrorCodeCantContainZero'), null, 'errors'); } - /*if (!is_numeric($_POST['code'])) // disabled, code may not be in numeric base - { - $ok = 0; - $msg .= $langs->transnoentities('ErrorFieldFormat', $langs->transnoentities('Code')).'
'; - }*/ } if (GETPOSTISSET("country") && (GETPOST("country") == '0') && ($id != 2)) { $ok = 0; @@ -228,7 +223,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { $i = 0; foreach ($listfieldinsert as $f => $value) { if ($value == 'price' || preg_match('/^amount/i', $value) || $value == 'taux') { - $_POST[$listfieldvalue[$i]] = price2num($_POST[$listfieldvalue[$i]], 'MU'); + $_POST[$listfieldvalue[$i]] = price2num(GETPOST($listfieldvalue[$i]), 'MU'); } elseif ($value == 'entity') { $_POST[$listfieldvalue[$i]] = $conf->entity; } @@ -238,7 +233,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { if ($_POST[$listfieldvalue[$i]] == '') { $sql .= "null"; } else { - $sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'"; + $sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'"; } $i++; } @@ -276,7 +271,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { $i = 0; foreach ($listfieldmodify as $field) { if ($field == 'price' || preg_match('/^amount/i', $field) || $field == 'taux') { - $_POST[$listfieldvalue[$i]] = price2num($_POST[$listfieldvalue[$i]], 'MU'); + $_POST[$listfieldvalue[$i]] = price2num(GETPOST($listfieldvalue[$i]), 'MU'); } elseif ($field == 'entity') { $_POST[$listfieldvalue[$i]] = $conf->entity; } @@ -287,7 +282,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { if ($_POST[$listfieldvalue[$i]] == '') { $sql .= "null"; } else { - $sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'"; + $sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'"; } $i++; } diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index bb629577ab6..cab20e31010 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -148,10 +148,10 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { if ($value == 'formula' && !GETPOST('formula')) { continue; } - if ($value == 'range_account' && empty($_POST['range_account'])) { + if ($value == 'range_account' && !GETPOST('range_account')) { continue; } - if (($value == 'country' || $value == 'country_id') && (!empty($_POST['country_id']))) { + if (($value == 'country' || $value == 'country_id') && GETPOST('country_id')) { continue; } if (!GETPOSTISSET($value) || GETPOST($value) == '') { @@ -283,8 +283,8 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { } $i = 0; foreach ($listfieldmodify as $field) { - if ($field == 'fk_country' && $_POST['country'] > 0) { - $_POST[$listfieldvalue[$i]] = $_POST['country']; + if ($field == 'fk_country' && GETPOST('country') > 0) { + $_POST[$listfieldvalue[$i]] = GETPOST('country'); } elseif ($field == 'entity') { $_POST[$listfieldvalue[$i]] = $conf->entity; } @@ -292,10 +292,10 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { $sql .= ","; } $sql .= $field."="; - if ($_POST[$listfieldvalue[$i]] == '' && !$listfieldvalue[$i] == 'range_account') { + if (GETPOST($listfieldvalue[$i]) == '' && !$listfieldvalue[$i] == 'range_account') { $sql .= "null"; // For range_account, we want/accept code = '' } else { - $sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'"; + $sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'"; } $i++; } diff --git a/htdocs/install/mysql/tables/llx_website-website.sql b/htdocs/install/mysql/tables/llx_website.sql similarity index 100% rename from htdocs/install/mysql/tables/llx_website-website.sql rename to htdocs/install/mysql/tables/llx_website.sql From e96061dd18d234d70e9fe13b33d4373920efe642 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 22 Feb 2022 23:44:56 +0100 Subject: [PATCH 15/59] Fix phpunit SecurityTest --- htdocs/accountancy/admin/accountmodel.php | 4 +- htdocs/accountancy/admin/categories_list.php | 13 +------ htdocs/adherents/subscription/card.php | 10 ++--- htdocs/admin/agenda.php | 1 - htdocs/admin/mails.php | 10 ++--- htdocs/admin/mails_templates.php | 2 +- htdocs/admin/mails_ticket.php | 10 ++--- htdocs/admin/menus/edit.php | 12 +++--- htdocs/admin/modules.php | 1 - htdocs/admin/sms.php | 2 +- htdocs/admin/website.php | 8 ++-- htdocs/barcode/printsheet.php | 2 +- htdocs/comm/card.php | 2 +- htdocs/comm/mailing/card.php | 2 +- htdocs/comm/propal/card.php | 6 +-- htdocs/comm/propal/contact.php | 6 --- htdocs/comm/remx.php | 2 +- htdocs/commande/card.php | 2 - htdocs/commande/contact.php | 7 ---- htdocs/compta/ajaxpayment.php | 8 ++-- htdocs/compta/bank/card.php | 2 +- htdocs/compta/facture/card-rec.php | 2 +- htdocs/compta/facture/card.php | 14 +++---- htdocs/compta/paiement.php | 8 ++-- htdocs/compta/paiement/card.php | 6 +-- htdocs/compta/paiement/cheque/card.php | 5 +-- htdocs/compta/paiement_charge.php | 2 +- htdocs/compta/tva/card.php | 2 +- htdocs/contrat/card.php | 6 +-- htdocs/core/actions_massactions.inc.php | 16 ++++---- htdocs/core/actions_sendmails.inc.php | 24 ++++++------ htdocs/core/ajax/ajaxdirtree.php | 3 -- htdocs/core/ajax/saveinplace.php | 1 + .../boxes/box_graph_nb_ticket_last_x_days.php | 6 +-- htdocs/core/class/commonobject.class.php | 4 +- htdocs/core/class/html.formticket.class.php | 2 +- htdocs/core/lib/functions.lib.php | 12 +++--- htdocs/core/login/functions_googleoauth.php | 2 +- .../modules/mailings/thirdparties.modules.php | 2 +- htdocs/core/photos_resize.php | 1 - htdocs/don/payment/payment.php | 4 +- .../core/actions_massactions_mail.inc.php | 12 +++--- htdocs/expedition/card.php | 2 - htdocs/expedition/shipment.php | 1 - htdocs/expensereport/payment/payment.php | 4 +- htdocs/exports/export.php | 4 +- htdocs/fourn/commande/card.php | 4 +- htdocs/fourn/commande/dispatch.php | 4 +- htdocs/fourn/facture/card.php | 13 ++++--- htdocs/fourn/facture/note.php | 2 +- htdocs/fourn/facture/paiement.php | 16 ++++---- htdocs/fourn/paiement/card.php | 6 +-- htdocs/holiday/card.php | 2 +- htdocs/holiday/define_holiday.php | 3 +- htdocs/hrm/establishment/card.php | 4 +- htdocs/hrm/evaluation_card.php | 3 -- htdocs/hrm/job_card.php | 3 -- htdocs/hrm/position.php | 3 -- htdocs/hrm/skill_card.php | 3 -- .../knowledgerecord_card.php | 3 -- htdocs/margin/admin/margin.php | 6 +-- htdocs/opensurvey/results.php | 6 +-- htdocs/opensurvey/wizard/choix_date.php | 37 ++++++++++++------- htdocs/partnership/partnership_card.php | 3 -- htdocs/product/inventory/card.php | 3 -- htdocs/product/stock/product.php | 4 +- htdocs/product/stock/productlot_card.php | 3 -- htdocs/projet/activity/permonth.php | 2 +- htdocs/projet/activity/perweek.php | 2 +- htdocs/projet/tasks.php | 4 +- htdocs/projet/tasks/task.php | 2 +- htdocs/projet/tasks/time.php | 4 +- htdocs/public/demo/index.php | 2 +- htdocs/public/opensurvey/studs.php | 1 - htdocs/public/ticket/create_ticket.php | 2 +- htdocs/reception/card.php | 9 ++--- .../recruitmentcandidature_card.php | 3 -- htdocs/salaries/paiement_salary.php | 2 +- htdocs/societe/price.php | 2 +- htdocs/societe/societecontact.php | 7 ---- htdocs/supplier_proposal/card.php | 6 +-- htdocs/user/passwordforgotten.php | 2 +- test/phpunit/SecurityTest.php | 2 +- 83 files changed, 189 insertions(+), 251 deletions(-) diff --git a/htdocs/accountancy/admin/accountmodel.php b/htdocs/accountancy/admin/accountmodel.php index b5b5318a1cc..fd0ff2e72da 100644 --- a/htdocs/accountancy/admin/accountmodel.php +++ b/htdocs/accountancy/admin/accountmodel.php @@ -230,7 +230,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { if ($i) { $sql .= ","; } - if ($_POST[$listfieldvalue[$i]] == '') { + if (GETPOST($listfieldvalue[$i]) == '') { $sql .= "null"; } else { $sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'"; @@ -279,7 +279,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { $sql .= ","; } $sql .= $field."="; - if ($_POST[$listfieldvalue[$i]] == '') { + if (GETPOST($listfieldvalue[$i]) == '') { $sql .= "null"; } else { $sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'"; diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index cab20e31010..c0439445261 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -195,17 +195,6 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { setEventMessages($langs->transnoentities('ErrorFieldMustBeANumeric', $langs->transnoentities("Position")), null, 'errors'); } - // Clean some parameters - if ($_POST["accountancy_code"] <= 0) { - $_POST["accountancy_code"] = ''; // If empty, we force to null - } - if ($_POST["accountancy_code_sell"] <= 0) { - $_POST["accountancy_code_sell"] = ''; // If empty, we force to null - } - if ($_POST["accountancy_code_buy"] <= 0) { - $_POST["accountancy_code_buy"] = ''; // If empty, we force to null - } - // Si verif ok et action add, on ajoute la ligne if ($ok && GETPOST('actionadd', 'alpha')) { if ($tabrowid[$id]) { @@ -243,7 +232,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { if ($i) { $sql .= ","; } - if ($_POST[$listfieldvalue[$i]] == '' && !$listfieldvalue[$i] == 'formula') { + if (GETPOST($listfieldvalue[$i]) == '' && !$listfieldvalue[$i] == 'formula') { $sql .= "null"; // For vat, we want/accept code = '' } else { $sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'"; diff --git a/htdocs/adherents/subscription/card.php b/htdocs/adherents/subscription/card.php index 5967d670856..a18259fefe4 100644 --- a/htdocs/adherents/subscription/card.php +++ b/htdocs/adherents/subscription/card.php @@ -93,8 +93,8 @@ if ($user->rights->adherent->cotisation->creer && $action == 'update' && !$cance if ($accountline->rappro) { $errmsg = $langs->trans("SubscriptionLinkedToConciliatedTransaction"); } else { - $accountline->datev = dol_mktime($_POST['datesubhour'], $_POST['datesubmin'], 0, $_POST['datesubmonth'], $_POST['datesubday'], $_POST['datesubyear']); - $accountline->dateo = dol_mktime($_POST['datesubhour'], $_POST['datesubmin'], 0, $_POST['datesubmonth'], $_POST['datesubday'], $_POST['datesubyear']); + $accountline->datev = dol_mktime(GETPOST('datesubhour', 'int'), GETPOST('datesubmin', 'int'), 0, GETPOST('datesubmonth', 'int'), GETPOST('datesubday', 'int'), GETPOST('datesubyear', 'int')); + $accountline->dateo = dol_mktime(GETPOST('datesubhour', 'int'), GETPOST('datesubmin', 'int'), 0, GETPOST('datesubmonth', 'int'), GETPOST('datesubday', 'int'), GETPOST('datesubyear', 'int')); $accountline->amount = $amount; $result = $accountline->update($user); if ($result < 0) { @@ -105,12 +105,12 @@ if ($user->rights->adherent->cotisation->creer && $action == 'update' && !$cance if (!$errmsg) { // Modify values - $object->dateh = dol_mktime($_POST['datesubhour'], $_POST['datesubmin'], 0, $_POST['datesubmonth'], $_POST['datesubday'], $_POST['datesubyear']); - $object->datef = dol_mktime($_POST['datesubendhour'], $_POST['datesubendmin'], 0, $_POST['datesubendmonth'], $_POST['datesubendday'], $_POST['datesubendyear']); + $object->dateh = dol_mktime(GETPOST('datesubhour', 'int'), GETPOST('datesubmin', 'int'), 0, GETPOST('datesubmonth', 'int'), GETPOST('datesubday', 'int'), GETPOST('datesubyear', 'int')); + $object->datef = dol_mktime(GETPOST('datesubendhour', 'int'), GETPOST('datesubendmin', 'int'), 0, GETPOST('datesubendmonth', 'int'), GETPOST('datesubendday', 'int'), GETPOST('datesubendyear', 'int')); $object->fk_type = $typeid; $object->note = $note; + $object->note_private = $note; $object->amount = $amount; - //print 'datef='.$object->datef.' '.$_POST['datesubendday']; $result = $object->update($user); if ($result >= 0 && !count($object->errors)) { diff --git a/htdocs/admin/agenda.php b/htdocs/admin/agenda.php index a730f199213..af09d32bc73 100644 --- a/htdocs/admin/agenda.php +++ b/htdocs/admin/agenda.php @@ -88,7 +88,6 @@ if ($action == "save" && empty($cancel)) { foreach ($triggers as $trigger) { $keyparam = 'MAIN_AGENDA_ACTIONAUTO_'.$trigger['code']; - //print "param=".$param." - ".$_POST[$param]; if ($search_event === '' || preg_match('/'.preg_quote($search_event, '/').'/i', $keyparam)) { $res = dolibarr_set_const($db, $keyparam, (GETPOST($keyparam, 'alpha') ?GETPOST($keyparam, 'alpha') : ''), 'chaine', 0, '', $conf->entity); if (!($res > 0)) { diff --git a/htdocs/admin/mails.php b/htdocs/admin/mails.php index 41a436b70a8..fc8e24b9322 100644 --- a/htdocs/admin/mails.php +++ b/htdocs/admin/mails.php @@ -903,8 +903,8 @@ if ($action == 'edit') { include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php'; $formmail = new FormMail($db); $formmail->trackid = (($action == 'testhtml') ? "testhtml" : "test"); - $formmail->fromname = (GETPOSTISSET('fromname') ? $_POST['fromname'] : $conf->global->MAIN_MAIL_EMAIL_FROM); - $formmail->frommail = (GETPOSTISSET('frommail') ? $_POST['frommail'] : $conf->global->MAIN_MAIL_EMAIL_FROM); + $formmail->fromname = (GETPOSTISSET('fromname') ? GETPOST('fromname') : $conf->global->MAIN_MAIL_EMAIL_FROM); + $formmail->frommail = (GETPOSTISSET('frommail') ? GETPOST('frommail') : $conf->global->MAIN_MAIL_EMAIL_FROM); $formmail->fromid = $user->id; $formmail->fromalsorobot = 1; $formmail->fromtype = (GETPOSTISSET('fromtype') ?GETPOST('fromtype', 'aZ09') : (!empty($conf->global->MAIN_MAIL_DEFAULT_FROMTYPE) ? $conf->global->MAIN_MAIL_DEFAULT_FROMTYPE : 'user')); @@ -912,9 +912,9 @@ if ($action == 'edit') { $formmail->withsubstit = 1; $formmail->withfrom = 1; $formmail->witherrorsto = 1; - $formmail->withto = (!empty($_POST['sendto']) ? GETPOST('sendto', 'restricthtml') : ($user->email ? $user->email : 1)); - $formmail->withtocc = (!empty($_POST['sendtocc']) ? GETPOST('sendtocc', 'restricthtml') : 1); // ! empty to keep field if empty - $formmail->withtoccc = (!empty($_POST['sendtoccc']) ? GETPOST('sendtoccc', 'restricthtml') : 1); // ! empty to keep field if empty + $formmail->withto = (GETPOSTISSET('sendto') ? GETPOST('sendto', 'restricthtml') : ($user->email ? $user->email : 1)); + $formmail->withtocc = (GETPOSTISSET('sendtocc') ? GETPOST('sendtocc', 'restricthtml') : 1); // ! empty to keep field if empty + $formmail->withtoccc = (GETPOSTISSET('sendtoccc') ? GETPOST('sendtoccc', 'restricthtml') : 1); // ! empty to keep field if empty $formmail->withtopic = (GETPOSTISSET('subject') ? GETPOST('subject') : $langs->trans("Test")); $formmail->withtopicreadonly = 0; $formmail->withfile = 2; diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php index fb3a1ccf702..476f15459cb 100644 --- a/htdocs/admin/mails_templates.php +++ b/htdocs/admin/mails_templates.php @@ -308,7 +308,7 @@ if (empty($reshook)) { // Rename some POST variables into a generic name if (GETPOST('actionmodify', 'alpha') && $value == 'topic') { - $_POST['topic'] = $_POST['topic-'.$rowid]; + $_POST['topic'] = GETPOST('topic-'.$rowid); } if ((!GETPOSTISSET($value) || GETPOST($value) == '' || GETPOST($value) == '-1') && $value != 'lang' && $value != 'fk_user' && $value != 'position') { diff --git a/htdocs/admin/mails_ticket.php b/htdocs/admin/mails_ticket.php index 79c549c0609..481fcad212c 100644 --- a/htdocs/admin/mails_ticket.php +++ b/htdocs/admin/mails_ticket.php @@ -537,16 +537,16 @@ if ($action == 'edit') { // Cree l'objet formulaire mail include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php'; $formmail = new FormMail($db); - $formmail->fromname = (GETPOSTISSET('fromname') ? $_POST['fromname'] : $conf->global->MAIN_MAIL_EMAIL_FROM); - $formmail->frommail = (GETPOSTISSET('frommail') ? $_POST['frommail'] : $conf->global->MAIN_MAIL_EMAIL_FROM); + $formmail->fromname = (GETPOSTISSET('fromname') ? GETPOST('fromname') : $conf->global->MAIN_MAIL_EMAIL_FROM); + $formmail->frommail = (GETPOSTISSET('frommail') ? GETPOST('frommail') : $conf->global->MAIN_MAIL_EMAIL_FROM); $formmail->trackid = (($action == 'testhtml') ? "testhtml" : "test"); $formmail->withfromreadonly = 0; $formmail->withsubstit = 0; $formmail->withfrom = 1; $formmail->witherrorsto = 1; - $formmail->withto = (!empty($_POST['sendto']) ? GETPOST('sendto', 'restricthtml') : ($user->email ? $user->email : 1)); - $formmail->withtocc = (!empty($_POST['sendtocc']) ? GETPOST('sendtocc', 'restricthtml') : 1); // ! empty to keep field if empty - $formmail->withtoccc = (!empty($_POST['sendtoccc']) ? GETPOST('sendtoccc', 'restricthtml') : 1); // ! empty to keep field if empty + $formmail->withto = (GETPOSTISSET('sendto') ? GETPOST('sendto', 'restricthtml') : ($user->email ? $user->email : 1)); + $formmail->withtocc = (GETPOSTISSET('sendtocc') ? GETPOST('sendtocc', 'restricthtml') : 1); + $formmail->withtoccc = (GETPOSTISSET('sendtoccc') ? GETPOST('sendtoccc', 'restricthtml') : 1); $formmail->withtopic = (GETPOSTISSET('subject') ? GETPOST('subject') : $langs->trans("Test")); $formmail->withtopicreadonly = 0; $formmail->withfile = 2; diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php index 02c46d8ca35..b3c3e5066c2 100644 --- a/htdocs/admin/menus/edit.php +++ b/htdocs/admin/menus/edit.php @@ -152,32 +152,32 @@ if ($action == 'add') { $langs->load("errors"); $error = 0; - if (!$error && !$_POST['menu_handler']) { + if (!$error && !GETPOST('menu_handler')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("MenuHandler")), null, 'errors'); $action = 'create'; $error++; } - if (!$error && !$_POST['type']) { + if (!$error && !GETPOST('type')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Type")), null, 'errors'); $action = 'create'; $error++; } - if (!$error && !$_POST['url']) { + if (!$error && !GETPOST('url')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("URL")), null, 'errors'); $action = 'create'; $error++; } - if (!$error && !$_POST['titre']) { + if (!$error && !GETPOST('titre')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Title")), null, 'errors'); $action = 'create'; $error++; } - if (!$error && $_POST['menuId'] && $_POST['type'] == 'top') { + if (!$error && GETPOST('menuId') && GETPOST('type') == 'top') { setEventMessages($langs->trans("ErrorTopMenuMustHaveAParentWithId0"), null, 'errors'); $action = 'create'; $error++; } - if (!$error && !$_POST['menuId'] && $_POST['type'] == 'left') { + if (!$error && !GETPOST('menuId') && GETPOST('type') == 'left') { setEventMessages($langs->trans("ErrorLeftMenuMustHaveAParentId"), null, 'errors'); $action = 'create'; $error++; diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index 29d2335a0f9..4ad384233d8 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -48,7 +48,6 @@ if (empty($mode)) { $mode = 'common'; } $action = GETPOST('action', 'aZ09'); -//var_dump($_POST);exit; $value = GETPOST('value', 'alpha'); $page_y = GETPOST('page_y', 'int'); $search_keyword = GETPOST('search_keyword', 'alpha'); diff --git a/htdocs/admin/sms.php b/htdocs/admin/sms.php index 05abf8c3995..19a94d05dd8 100644 --- a/htdocs/admin/sms.php +++ b/htdocs/admin/sms.php @@ -62,7 +62,7 @@ if ($action == 'update' && !$cancel) { // Send sms -if ($action == 'send' && !$_POST['cancel']) { +if ($action == 'send' && !$cancel) { $error = 0; $smsfrom = ''; diff --git a/htdocs/admin/website.php b/htdocs/admin/website.php index d1a24ff072c..b5098bfd3ce 100644 --- a/htdocs/admin/website.php +++ b/htdocs/admin/website.php @@ -198,15 +198,15 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { $_POST[$listfieldvalue[$i]] = $conf->entity; } if ($value == 'ref') { - $_POST[$listfieldvalue[$i]] = strtolower($_POST[$listfieldvalue[$i]]); + $_POST[$listfieldvalue[$i]] = strtolower(GETPOST($listfieldvalue[$i])); } if ($i) { $sql .= ","; } - if ($_POST[$listfieldvalue[$i]] == '') { + if (GETPOST($listfieldvalue[$i]) == '') { $sql .= "null"; } else { - $sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'"; + $sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'"; } $i++; } @@ -259,7 +259,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { if ($_POST[$listfieldvalue[$i]] == '') { $sql .= "null"; } else { - $sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'"; + $sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'"; } $i++; } diff --git a/htdocs/barcode/printsheet.php b/htdocs/barcode/printsheet.php index 8663d50e66a..763463d6fb8 100644 --- a/htdocs/barcode/printsheet.php +++ b/htdocs/barcode/printsheet.php @@ -23,7 +23,7 @@ * \brief Page to print sheets with barcodes using the document templates into core/modules/printsheets */ -if (!empty($_POST['mode']) && $_POST['mode'] === 'label') { // Page is called to build a PDF and output, we must ne renew the token. +if (!empty($_POST['mode']) && $_POST['mode'] === 'label') { // Page is called to build a PDF and output, we must not renew the token. if (!defined('NOTOKENRENEWAL')) { define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) } diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php index 90d3ed128f7..eabcb1a55bf 100644 --- a/htdocs/comm/card.php +++ b/htdocs/comm/card.php @@ -214,7 +214,7 @@ if (empty($reshook)) { // assujetissement a la TVA if ($action == 'setassujtva' && $user->rights->societe->creer) { $object->fetch($id); - $object->tva_assuj = $_POST['assujtva_value']; + $object->tva_assuj = GETPOST('assujtva_value'); $result = $object->update($object->id); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php index 79faf4b2cd2..f82df06313b 100644 --- a/htdocs/comm/mailing/card.php +++ b/htdocs/comm/mailing/card.php @@ -745,7 +745,7 @@ if ($action == 'create') { print ''; print ''; print ''; print '
'.$langs->trans("MailTopic").'
'.$langs->trans("BackgroundColorByDefault").''; - print $htmlother->selectColor($_POST['bgcolor'], 'bgcolor', '', 0); + print $htmlother->selectColor(GETPOST('bgcolor'), 'bgcolor', '', 0); print '
'; diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index 45a4d2fdb57..61a406a2378 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -302,7 +302,7 @@ if (empty($reshook)) { } } } elseif ($action == 'setdate' && $usercancreate) { - $datep = dol_mktime(12, 0, 0, $_POST['remonth'], $_POST['reday'], $_POST['reyear']); + $datep = dol_mktime(12, 0, 0, GETPOST('remonth', 'int'), GETPOST('reday', 'int'), GETPOST('reyear', 'int')); if (empty($datep)) { $error++; @@ -316,7 +316,7 @@ if (empty($reshook)) { } } } elseif ($action == 'setecheance' && $usercancreate) { - $result = $object->set_echeance($user, dol_mktime(12, 0, 0, $_POST['echmonth'], $_POST['echday'], $_POST['echyear'])); + $result = $object->set_echeance($user, dol_mktime(12, 0, 0, GETPOST('echmonth', 'int'), GETPOST('echday', 'int'), GETPOST('echyear', 'int'))); if ($result >= 0) { if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) { $outputlangs = $langs; @@ -339,7 +339,7 @@ if (empty($reshook)) { setEventMessages($object->error, $object->errors, 'errors'); } } elseif ($action == 'setdate_livraison' && $usercancreate) { - $result = $object->setDeliveryDate($user, dol_mktime(12, 0, 0, $_POST['date_livraisonmonth'], $_POST['date_livraisonday'], $_POST['date_livraisonyear'])); + $result = $object->setDeliveryDate($user, dol_mktime(12, 0, 0, GETPOST('date_livraisonmonth', 'int'), GETPOST('date_livraisonday', 'int'), GETPOST('date_livraisonyear', 'int'))); if ($result < 0) { dol_print_error($db, $object->error); } diff --git a/htdocs/comm/propal/contact.php b/htdocs/comm/propal/contact.php index fedf6a6233d..989dcfe7098 100644 --- a/htdocs/comm/propal/contact.php +++ b/htdocs/comm/propal/contact.php @@ -107,12 +107,6 @@ if ($action == 'addcontact' && $user->rights->propale->creer) { dol_print_error($db); } } -/* -elseif ($action == 'setaddress' && $user->rights->propale->creer) -{ - $result=$object->setDeliveryAddress($_POST['fk_address']); - if ($result < 0) dol_print_error($db,$object->error); -}*/ /* diff --git a/htdocs/comm/remx.php b/htdocs/comm/remx.php index 4404f9758a6..d44093dbab5 100644 --- a/htdocs/comm/remx.php +++ b/htdocs/comm/remx.php @@ -160,7 +160,7 @@ if ($action == 'setremise' && $user->rights->societe->creer) { $amount_ht = price2num(GETPOST('amount_ht', 'alpha')); $desc = GETPOST('desc', 'alpha'); $tva_tx = GETPOST('tva_tx', 'alpha'); - $discount_type = !empty($_POST['discount_type']) ?GETPOST('discount_type', 'alpha') : 0; + $discount_type = GETPOSTISSET('discount_type') ? GETPOST('discount_type', 'alpha') : 0; if ($amount_ht > 0) { $error = 0; diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 72851c3943a..9b11a477d52 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -533,7 +533,6 @@ if (empty($reshook)) { } } } elseif ($action == 'setdate' && $usercancreate) { - // print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year']; $date = dol_mktime(0, 0, 0, GETPOST('order_month', 'int'), GETPOST('order_day', 'int'), GETPOST('order_year', 'int')); $result = $object->set_date($user, $date); @@ -541,7 +540,6 @@ if (empty($reshook)) { setEventMessages($object->error, $object->errors, 'errors'); } } elseif ($action == 'setdate_livraison' && $usercancreate) { - // print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year']; $date_delivery = dol_mktime(GETPOST('liv_hour', 'int'), GETPOST('liv_min', 'int'), 0, GETPOST('liv_month', 'int'), GETPOST('liv_day', 'int'), GETPOST('liv_year', 'int')); $object->fetch($id); diff --git a/htdocs/commande/contact.php b/htdocs/commande/contact.php index a4d857a47fd..b89623fc3a0 100644 --- a/htdocs/commande/contact.php +++ b/htdocs/commande/contact.php @@ -91,13 +91,6 @@ if ($action == 'addcontact' && $user->rights->commande->creer) { setEventMessages($object->error, $object->errors, 'errors'); } } -/* -elseif ($action == 'setaddress' && $user->rights->commande->creer) -{ - $object->fetch($id); - $result=$object->setDeliveryAddress($_POST['fk_address']); - if ($result < 0) dol_print_error($db,$object->error); -}*/ /* diff --git a/htdocs/compta/ajaxpayment.php b/htdocs/compta/ajaxpayment.php index bdeeb072e97..0332a925f9d 100644 --- a/htdocs/compta/ajaxpayment.php +++ b/htdocs/compta/ajaxpayment.php @@ -47,10 +47,10 @@ $langs->load('compta'); //init var $invoice_type = GETPOST('invoice_type', 'int'); -$amountPayment = $_POST['amountPayment']; -$amounts = $_POST['amounts']; // from text inputs : invoice amount payment (check required) -$remains = $_POST['remains']; // from dolibarr's object (no need to check) -$currentInvId = $_POST['imgClicked']; // from DOM elements : imgId (equals invoice id) +$amountPayment = GETPOST('amountPayment'); +$amounts = GETPOST('amounts'); // from text inputs : invoice amount payment (check required) +$remains = GETPOST('remains'); // from dolibarr's object (no need to check) +$currentInvId = GETPOST('imgClicked'); // from DOM elements : imgId (equals invoice id) // Getting the posted keys=>values, sanitize the ones who are from text inputs $amountPayment = $amountPayment != '' ? (is_numeric(price2num($amountPayment)) ? price2num($amountPayment) : '') : ''; // keep void if not a valid entry diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php index 8430d9e7440..4e37268756d 100644 --- a/htdocs/compta/bank/card.php +++ b/htdocs/compta/bank/card.php @@ -283,7 +283,7 @@ if (empty($reshook)) { $categories = GETPOST('categories', 'array'); $object->setCategories($categories); - $_GET["id"] = $_POST["id"]; // Force chargement page en mode visu + $_GET["id"] = GETPOST("id", 'int'); // Force chargement page en mode visu } else { $error++; setEventMessages($object->error, $object->errors, 'errors'); diff --git a/htdocs/compta/facture/card-rec.php b/htdocs/compta/facture/card-rec.php index 3909d9437b4..a30abcc9ca1 100644 --- a/htdocs/compta/facture/card-rec.php +++ b/htdocs/compta/facture/card-rec.php @@ -488,7 +488,7 @@ if (empty($reshook)) { // Define special_code for special lines $special_code = 0; - // if (empty($_POST['qty'])) $special_code=3; // Options should not exists on invoices + // if (!GETPOST('qty')) $special_code=3; // Options should not exists on invoices // Ecrase $pu par celui du produit // Ecrase $desc par celui du produit diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 1e2f521e3d9..278a7837374 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -367,7 +367,7 @@ if (empty($reshook)) { } } elseif ($action == 'classin' && $usercancreate) { $object->fetch($id); - $object->setProject($_POST['projectid']); + $object->setProject(GETPOST('projectid', 'int')); } elseif ($action == 'setmode' && $usercancreate) { $object->fetch($id); $result = $object->setPaymentMethods(GETPOST('mode_reglement_id', 'int')); @@ -489,7 +489,7 @@ if (empty($reshook)) { } } elseif ($action == 'setpaymentterm' && $usercancreate) { $object->fetch($id); - $object->date_lim_reglement = dol_mktime(12, 0, 0, $_POST['paymenttermmonth'], $_POST['paymenttermday'], $_POST['paymenttermyear']); + $object->date_lim_reglement = dol_mktime(12, 0, 0, GETPOST('paymenttermmonth', 'int'), GETPOST('paymenttermday', 'int'), GETPOST('paymenttermyear', 'int')); if ($object->date_lim_reglement < $object->date) { $object->date_lim_reglement = $object->calculate_date_lim_reglement(); setEventMessages($langs->trans("DatePaymentTermCantBeLowerThanObjectDate"), null, 'warnings'); @@ -2110,7 +2110,7 @@ if (empty($reshook)) { // Define special_code for special lines $special_code = 0; - // if (empty($_POST['qty'])) $special_code=3; // Options should not exists on invoices + // if (!GETPOST(qty)) $special_code=3; // Options should not exists on invoices // Ecrase $pu par celui du produit // Ecrase $desc par celui du produit @@ -2284,7 +2284,7 @@ if (empty($reshook)) { } // Insert line - $result = $object->addline($desc, $pu_ht, $qty, $tva_tx, $localtax1_tx, $localtax2_tx, $idprod, $remise_percent, $date_start, $date_end, 0, $info_bits, '', $price_base_type, $pu_ttc, $type, - 1, $special_code, '', 0, GETPOST('fk_parent_line'), $fournprice, $buyingprice, $label, $array_options, $_POST['progress'], '', $fk_unit, $pu_ht_devise); + $result = $object->addline($desc, $pu_ht, $qty, $tva_tx, $localtax1_tx, $localtax2_tx, $idprod, $remise_percent, $date_start, $date_end, 0, $info_bits, '', $price_base_type, $pu_ttc, $type, - 1, $special_code, '', 0, GETPOST('fk_parent_line'), $fournprice, $buyingprice, $label, $array_options, GETPOST('progress'), '', $fk_unit, $pu_ht_devise); if ($result > 0) { // Define output language and generate document @@ -2579,7 +2579,7 @@ if (empty($reshook)) { setEventMessages($object->error, $object->errors, 'errors'); } } - } elseif ($action == 'updatealllines' && $usercancreate && $_POST['all_percent'] == $langs->trans('Modifier')) { // Update all lines of situation invoice + } elseif ($action == 'updatealllines' && $usercancreate && GETPOST('all_percent') == $langs->trans('Modifier')) { // Update all lines of situation invoice if (!$object->fetch($id) > 0) { dol_print_error($db); } @@ -2592,11 +2592,11 @@ if (empty($reshook)) { setEventMessages($mesg, null, 'warnings'); $result = -1; } else { - $object->update_percent($line, $_POST['all_progress']); + $object->update_percent($line, GETPOST('all_progress')); } } } - } elseif ($action == 'updateline' && $usercancreate && $_POST['cancel'] == $langs->trans("Cancel")) { + } elseif ($action == 'updateline' && $usercancreate && !$cancel) { header('Location: '.$_SERVER["PHP_SELF"].'?facid='.$id); // To show again edited page exit(); } elseif ($action == 'confirm_situationout' && $confirm == 'yes' && $usercancreate) { diff --git a/htdocs/compta/paiement.php b/htdocs/compta/paiement.php index 635727233d3..5039507e3f5 100644 --- a/htdocs/compta/paiement.php +++ b/htdocs/compta/paiement.php @@ -127,7 +127,7 @@ if (empty($reshook)) { } } - $formquestion[$i++] = array('type' => 'hidden', 'name' => $key, 'value' => $_POST[$key]); + $formquestion[$i++] = array('type' => 'hidden', 'name' => $key, 'value' => GETPOST($key)); } elseif (substr($key, 0, 21) == 'multicurrency_amount_') { $cursorfacid = substr($key, 21); $multicurrency_amounts[$cursorfacid] = price2num(GETPOST($key)); @@ -702,11 +702,11 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie if (!empty($conf->use_javascript_ajax)) { print img_picto("Auto fill", 'rightarrow', "class='AutoFillAmout' data-rowname='".$namef."' data-value='".($sign * $multicurrency_remaintopay)."'"); } - print ''; + print ''; print ''; } else { - print ''; - print ''; + print ''; + print ''; } } print ""; diff --git a/htdocs/compta/paiement/card.php b/htdocs/compta/paiement/card.php index 93fdd415513..33558ddf38a 100644 --- a/htdocs/compta/paiement/card.php +++ b/htdocs/compta/paiement/card.php @@ -173,8 +173,8 @@ if ($action == 'confirm_validate' && $confirm == 'yes' && $user->rights->facture } } -if ($action == 'setnum_paiement' && !empty($_POST['num_paiement'])) { - $res = $object->update_num($_POST['num_paiement']); +if ($action == 'setnum_paiement' && GETPOST('num_paiement')) { + $res = $object->update_num(GETPOST('num_paiement')); if ($res === 0) { setEventMessages($langs->trans('PaymentNumberUpdateSucceeded'), null, 'mesgs'); } else { @@ -182,7 +182,7 @@ if ($action == 'setnum_paiement' && !empty($_POST['num_paiement'])) { } } -if ($action == 'setdatep' && !empty($_POST['datepday'])) { +if ($action == 'setdatep' && GETPOST('datepday')) { $datepaye = dol_mktime(GETPOST('datephour', 'int'), GETPOST('datepmin', 'int'), GETPOST('datepsec', 'int'), GETPOST('datepmonth', 'int'), GETPOST('datepday', 'int'), GETPOST('datepyear', 'int')); $res = $object->update_date($datepaye); if ($res === 0) { diff --git a/htdocs/compta/paiement/cheque/card.php b/htdocs/compta/paiement/cheque/card.php index 0dd6c57313e..610974e5528 100644 --- a/htdocs/compta/paiement/cheque/card.php +++ b/htdocs/compta/paiement/cheque/card.php @@ -77,8 +77,7 @@ $object = new RemiseCheque($db); if ($action == 'setdate' && $user->rights->banque->cheque) { $result = $object->fetch(GETPOST('id', 'int')); if ($result > 0) { - //print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year']; - $date = dol_mktime(0, 0, 0, $_POST['datecreate_month'], $_POST['datecreate_day'], $_POST['datecreate_year']); + $date = dol_mktime(0, 0, 0, GETPOST('datecreate_month', 'int'), GETPOST('datecreate_day', 'int'), GETPOST('datecreate_year', 'int')); $result = $object->set_date($user, $date); if ($result < 0) { @@ -118,7 +117,7 @@ if ($action == 'setref' && $user->rights->banque->cheque) { } if ($action == 'create' && GETPOST("accountid", "int") > 0 && $user->rights->banque->cheque) { - if (is_array($_POST['toRemise'])) { + if (is_array(GETPOST('toRemise'))) { $result = $object->create($user, GETPOST("accountid", "int"), 0, GETPOST('toRemise')); if ($result > 0) { if ($object->statut == 1) { // If statut is validated, we build doc diff --git a/htdocs/compta/paiement_charge.php b/htdocs/compta/paiement_charge.php index 6ed84de293c..7cd49a9427c 100644 --- a/htdocs/compta/paiement_charge.php +++ b/htdocs/compta/paiement_charge.php @@ -83,7 +83,7 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y foreach ($_POST as $key => $value) { if (substr($key, 0, 7) == 'amount_') { $other_chid = substr($key, 7); - $amounts[$other_chid] = price2num($_POST[$key]); + $amounts[$other_chid] = price2num(GETPOST($key)); } } diff --git a/htdocs/compta/tva/card.php b/htdocs/compta/tva/card.php index 317838009c7..538b561e7fe 100644 --- a/htdocs/compta/tva/card.php +++ b/htdocs/compta/tva/card.php @@ -468,7 +468,7 @@ if ($action == 'create') { } else { $label = $langs->trans("VATPayment"); } - print ''.$langs->trans("Label").''; + print ''.$langs->trans("Label").''; print ''.$form->textwithpicto($langs->trans("PeriodEndDate"), $langs->trans("LastDayTaxIsRelatedTo")).''; print $form->selectDate((GETPOST("datevmonth", 'int') ? $datev : -1), "datev", '', '', '', 'add', 1, 1); diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index abc89ecc1eb..87d6b98475b 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -534,9 +534,9 @@ if (empty($reshook)) { $localtax2_tx = get_localtax($tva_tx, 2, $object->thirdparty, $mysoc, $tva_npr); // ajout prix achat - $fk_fournprice = $_POST['fournprice']; - if (!empty($_POST['buying_price'])) { - $pa_ht = $_POST['buying_price']; + $fk_fournprice = GETPOST('fournprice'); + if (GETPOST('buying_price')) { + $pa_ht = GETPOST('buying_price'); } else { $pa_ht = null; } diff --git a/htdocs/core/actions_massactions.inc.php b/htdocs/core/actions_massactions.inc.php index 602897d34f9..af92138c5d5 100644 --- a/htdocs/core/actions_massactions.inc.php +++ b/htdocs/core/actions_massactions.inc.php @@ -143,7 +143,7 @@ if (!$error && $massaction == 'confirm_presend') { $massaction = 'presend'; } - $receiver = $_POST['receiver']; + $receiver = GETPOST('receiver', 'alphawithlgt'); if (!is_array($receiver)) { if (empty($receiver) || $receiver == '-1') { $receiver = array(); @@ -181,7 +181,7 @@ if (!$error && $massaction == 'confirm_presend') { $tmparray = array(); if (trim($_POST['sendto'])) { // Recipients are provided into free text - $tmparray[] = trim($_POST['sendto']); + $tmparray[] = trim(GETPOST('sendto', 'alphawithlgt')); } if (count($receiver) > 0) { foreach ($receiver as $key => $val) { @@ -197,7 +197,7 @@ if (!$error && $massaction == 'confirm_presend') { $sendto = implode(',', $tmparray); // Define $sendtocc - $receivercc = $_POST['receivercc']; + $receivercc = GETPOST('receivercc', 'alphawithlgt'); if (!is_array($receivercc)) { if ($receivercc == '-1') { $receivercc = array(); @@ -207,7 +207,7 @@ if (!$error && $massaction == 'confirm_presend') { } $tmparray = array(); if (trim($_POST['sendtocc'])) { - $tmparray[] = trim($_POST['sendtocc']); + $tmparray[] = trim(GETPOST('sendtocc', 'alphawithlgt')); } if (count($receivercc) > 0) { foreach ($receivercc as $key => $val) { @@ -298,7 +298,7 @@ if (!$error && $massaction == 'confirm_presend') { continue; } - if ($_POST['addmaindocfile']) { + if (GETPOST('addmaindocfile')) { // TODO Use future field $objectobj->fullpathdoc to know where is stored default file // TODO If not defined, use $objectobj->model_pdf (or defaut invoice config) to know what is template to use to regenerate doc. $filename = dol_sanitizeFileName($objectobj->ref).'.pdf'; @@ -347,7 +347,7 @@ if (!$error && $massaction == 'confirm_presend') { $reg = array(); $fromtype = GETPOST('fromtype'); if ($fromtype === 'user') { - $from = $user->getFullName($langs).' <'.$user->email.'>'; + $from = dol_string_nospecial($user->getFullName($langs), ' ', array(",")).' <'.$user->email.'>'; } elseif ($fromtype === 'company') { $from = $conf->global->MAIN_INFO_SOCIETE_NOM.' <'.$conf->global->MAIN_INFO_SOCIETE_MAIL.'>'; } elseif (preg_match('/user_aliases_(\d+)/', $fromtype, $reg)) { @@ -361,10 +361,10 @@ if (!$error && $massaction == 'confirm_presend') { $resql = $db->query($sql); $obj = $db->fetch_object($resql); if ($obj) { - $from = $obj->label.' <'.$obj->email.'>'; + $from = dol_string_nospecial($obj->label, ' ', array(",")).' <'.$obj->email.'>'; } } else { - $from = $_POST['fromname'].' <'.$_POST['frommail'].'>'; + $from = GETPOST('fromname').' <'.GETPOST('frommail').'>'; } $replyto = $from; diff --git a/htdocs/core/actions_sendmails.inc.php b/htdocs/core/actions_sendmails.inc.php index 55416354441..d31f8d60dfc 100644 --- a/htdocs/core/actions_sendmails.inc.php +++ b/htdocs/core/actions_sendmails.inc.php @@ -49,7 +49,7 @@ if (GETPOST('addfile', 'alpha')) { /* * Remove file in email form */ -if (!empty($_POST['removedfile']) && empty($_POST['removAll'])) { +if (GETPOST('removedfile') && !GETPOST('removAll')) { $trackid = GETPOST('trackid', 'aZ09'); require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; @@ -103,7 +103,7 @@ if (GETPOST('removAll', 'alpha')) { /* * Send mail */ -if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST['removAll'] && !$_POST['removedfile'] && !$_POST['cancel'] && !$_POST['modelselected']) { +if (($action == 'send' || $action == 'relance') && !GETPOST('addfile') && !GETPOST('removAll') && !GETPOST('removedfile') && !GETPOST('cancel') && !GETPOST('modelselected')) { if (empty($trackid)) { $trackid = GETPOST('trackid', 'aZ09'); } @@ -171,7 +171,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST $sendtoccuserid = array(); // Define $sendto - $receiver = $_POST['receiver']; + $receiver = GETPOST('receiver', 'alphawithlgt'); if (!is_array($receiver)) { if ($receiver == '-1') { $receiver = array(); @@ -183,12 +183,12 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST $tmparray = array(); if (trim($_POST['sendto'])) { // Recipients are provided into free text field - $tmparray[] = trim($_POST['sendto']); + $tmparray[] = trim(GETPOST('sendto', 'alphawithlgt')); } if (trim($_POST['tomail'])) { // Recipients are provided into free hidden text field - $tmparray[] = trim($_POST['tomail']); + $tmparray[] = trim(GETPOST('tomail', 'alphawithlgt')); } if (count($receiver) > 0) { @@ -207,7 +207,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST } if (!empty($conf->global->MAIN_MAIL_ENABLED_USER_DEST_SELECT)) { - $receiveruser = $_POST['receiveruser']; + $receiveruser = GETPOST('receiveruser', 'alphawithlgt'); if (is_array($receiveruser) && count($receiveruser) > 0) { $fuserdest = new User($db); foreach ($receiveruser as $key => $val) { @@ -220,7 +220,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST $sendto = implode(',', $tmparray); // Define $sendtocc - $receivercc = $_POST['receivercc']; + $receivercc = GETPOST('receivercc', 'alphawithlgt'); if (!is_array($receivercc)) { if ($receivercc == '-1') { $receivercc = array(); @@ -230,7 +230,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST } $tmparray = array(); if (trim($_POST['sendtocc'])) { - $tmparray[] = trim($_POST['sendtocc']); + $tmparray[] = trim(GETPOST('sendtocc', 'alphawithlgt')); } if (count($receivercc) > 0) { foreach ($receivercc as $key => $val) { @@ -248,7 +248,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST } } if (!empty($conf->global->MAIN_MAIL_ENABLED_USER_DEST_SELECT)) { - $receiverccuser = $_POST['receiverccuser']; + $receiverccuser = GETPOST('receiverccuser', 'alphawithlgt'); if (is_array($receiverccuser) && count($receiverccuser) > 0) { $fuserdest = new User($db); @@ -293,10 +293,10 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST $from = dol_string_nospecial($obj->label, ' ', array(",")).' <'.$obj->email.'>'; } } else { - $from = dol_string_nospecial($_POST['fromname'], ' ', array(",")).' <'.$_POST['frommail'].'>'; + $from = dol_string_nospecial(GETPOST('fromname'), ' ', array(",")).' <'.GETPOST('frommail').'>'; } - $replyto = dol_string_nospecial($_POST['replytoname'], ' ', array(",")).' <'.$_POST['replytomail'].'>'; + $replyto = dol_string_nospecial(GETPOST('replytoname'), ' ', array(",")).' <'.GETPOST('replytomail').'>'; $message = GETPOST('message', 'restricthtml'); $subject = GETPOST('subject', 'restricthtml'); @@ -313,7 +313,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST $sendtobcc .= (empty($conf->global->$autocopy) ? '' : (($sendtobcc ? ", " : "").$conf->global->$autocopy)); } - $deliveryreceipt = $_POST['deliveryreceipt']; + $deliveryreceipt = GETPOST('deliveryreceipt'); if ($action == 'send' || $action == 'relance') { $actionmsg2 = $langs->transnoentities('MailSentBy').' '.CMailFile::getValidAddress($from, 4, 0, 1).' '.$langs->transnoentities('To').' '.CMailFile::getValidAddress($sendto, 4, 0, 1); diff --git a/htdocs/core/ajax/ajaxdirtree.php b/htdocs/core/ajax/ajaxdirtree.php index 19c389ec7f8..7daa715bbb9 100644 --- a/htdocs/core/ajax/ajaxdirtree.php +++ b/htdocs/core/ajax/ajaxdirtree.php @@ -47,8 +47,6 @@ if (!isset($mode) || $mode != 'noajax') { // For ajax call include_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php'; include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php'; - //if (GETPOST('preopened')) { $_GET['dir'] = $_POST['dir'] = '/bbb/'; } - $openeddir = GETPOST('openeddir'); $modulepart = GETPOST('modulepart'); $selecteddir = jsUnEscape(GETPOST('dir')); // relative path. We must decode using same encoding function used by javascript: escape() @@ -60,7 +58,6 @@ if (!isset($mode) || $mode != 'noajax') { // For ajax call } } else { // For no ajax call - //if (GETPOST('preopened')) { $_GET['dir'] = $_POST['dir'] = GETPOST('preopened'); } $openeddir = GETPOST('openeddir'); $modulepart = GETPOST('modulepart'); diff --git a/htdocs/core/ajax/saveinplace.php b/htdocs/core/ajax/saveinplace.php index 2f88cebf58b..05fad8148fa 100644 --- a/htdocs/core/ajax/saveinplace.php +++ b/htdocs/core/ajax/saveinplace.php @@ -103,6 +103,7 @@ if (!empty($field) && !empty($element) && !empty($table_element) && !empty($fk_e } $_POST['action'] = 'update'; // Hack so restrictarea will test permissions on write too + $feature = $newelement; $feature2 = $subelement; $object_id = $fk_element; diff --git a/htdocs/core/boxes/box_graph_nb_ticket_last_x_days.php b/htdocs/core/boxes/box_graph_nb_ticket_last_x_days.php index 2ce9444f677..5c8bd2c8555 100644 --- a/htdocs/core/boxes/box_graph_nb_ticket_last_x_days.php +++ b/htdocs/core/boxes/box_graph_nb_ticket_last_x_days.php @@ -87,11 +87,11 @@ class box_graph_nb_ticket_last_x_days extends ModeleBoxes $param_day = 'DOLUSERCOOKIE_ticket_last_days'; - if (!empty($_POST[$param_day])) { - if ($_POST[$param_day] >= 15) { + if (GETPOST($param_day)) { + if (GETPOST($param_day) >= 15) { $days = 14; } else { - $days = $_POST[$param_day]; + $days = GETPOST($param_day); } } else { $days = 7; diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 80fe8b95e5f..aaa3aa6a766 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -5708,11 +5708,11 @@ abstract class CommonObject if (in_array($key_type, array('date'))) { // Clean parameters // TODO GMT date in memory must be GMT so we should add gm=true in parameters - $value_key = dol_mktime(0, 0, 0, $_POST[$postfieldkey."month"], $_POST[$postfieldkey."day"], $_POST[$postfieldkey."year"]); + $value_key = dol_mktime(0, 0, 0, GETPOST($postfieldkey."month", 'int'), GETPOST($postfieldkey."day", 'int'), GETPOST($postfieldkey."year", 'int')); } elseif (in_array($key_type, array('datetime'))) { // Clean parameters // TODO GMT date in memory must be GMT so we should add gm=true in parameters - $value_key = dol_mktime($_POST[$postfieldkey."hour"], $_POST[$postfieldkey."min"], 0, $_POST[$postfieldkey."month"], $_POST[$postfieldkey."day"], $_POST[$postfieldkey."year"]); + $value_key = dol_mktime(GETPOST($postfieldkey."hour", 'int'), GETPOST($postfieldkey."min", 'int'), 0, GETPOST($postfieldkey."month", 'int'), GETPOST($postfieldkey."day", 'int'), GETPOST($postfieldkey."year", 'int')); } elseif (in_array($key_type, array('checkbox', 'chkbxlst'))) { $value_arr = GETPOST($postfieldkey, 'array'); // check if an array if (!empty($value_arr)) { diff --git a/htdocs/core/class/html.formticket.class.php b/htdocs/core/class/html.formticket.class.php index ad83c706c12..aba62587fa1 100644 --- a/htdocs/core/class/html.formticket.class.php +++ b/htdocs/core/class/html.formticket.class.php @@ -1364,7 +1364,7 @@ class FormTicket } elseif (!dol_textishtml($defaultmessage) && dol_textishtml($this->substit['__USER_SIGNATURE__'])) { $defaultmessage = dol_nl2br($defaultmessage); } - if (GETPOSTISSET("message") && !$_POST['modelselected']) { + if (GETPOSTISSET("message") && !GETPOST('modelselected')) { $defaultmessage = GETPOST('message', 'restricthtml'); } else { $defaultmessage = make_substitutions($defaultmessage, $this->substit); diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 24f36d61404..aea77cd018d 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -713,11 +713,11 @@ function GETPOSTINT($paramname, $method = 0) /** * Return a value after checking on a rule. A sanitization may also have been done. * - * @param string $out Value to check/clear. - * @param string $check Type of check/sanitizing - * @param int $filter Filter to apply when $check is set to 'custom'. (See http://php.net/manual/en/filter.filters.php for détails) - * @param mixed $options Options to pass to filter_var when $check is set to 'custom' - * @return string|array Value sanitized (string or array). It may be '' if format check fails. + * @param string|array $out Value to check/clear. + * @param string $check Type of check/sanitizing + * @param int $filter Filter to apply when $check is set to 'custom'. (See http://php.net/manual/en/filter.filters.php for détails) + * @param mixed $options Options to pass to filter_var when $check is set to 'custom' + * @return string|array Value sanitized (string or array). It may be '' if format check fails. */ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = null) { @@ -8799,7 +8799,7 @@ function printCommonFooter($zone = 'private') // A div to store page_y POST parameter so we can read it using javascript print "\n\n"; - print ''."\n"; + print ''."\n"; $parameters = array(); $reshook = $hookmanager->executeHooks('printCommonFooter', $parameters); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/core/login/functions_googleoauth.php b/htdocs/core/login/functions_googleoauth.php index 0fce5d50587..9e4bbe72c19 100644 --- a/htdocs/core/login/functions_googleoauth.php +++ b/htdocs/core/login/functions_googleoauth.php @@ -50,7 +50,7 @@ function check_user_password_googleoauth($usertotest, $passwordtotest, $entityto // Get identity from user and redirect browser to Google OAuth Server if (GETPOSTISSET('username')) { /*$openid = new SimpleOpenID(); - $openid->SetIdentity($_POST['username']); + $openid->SetIdentity(GETPOST('username')); $protocol = ($conf->file->main_force_https ? 'https://' : 'http://'); $openid->SetTrustRoot($protocol . $_SERVER["HTTP_HOST"]); $openid->SetRequiredFields(array('email','fullname')); diff --git a/htdocs/core/modules/mailings/thirdparties.modules.php b/htdocs/core/modules/mailings/thirdparties.modules.php index 8550440d5d1..23aaf6bcd59 100644 --- a/htdocs/core/modules/mailings/thirdparties.modules.php +++ b/htdocs/core/modules/mailings/thirdparties.modules.php @@ -72,7 +72,7 @@ class mailing_thirdparties extends MailingTargets $addDescription = ""; // Select the third parties from category - if (empty($_POST['filter'])) { + if (!GETPOST('filter')) { $sql = "SELECT s.rowid as id, s.email as email, s.nom as name, null as fk_contact, null as firstname, null as label"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= " WHERE s.email <> ''"; diff --git a/htdocs/core/photos_resize.php b/htdocs/core/photos_resize.php index e5c652d7d51..65a3275dab7 100644 --- a/htdocs/core/photos_resize.php +++ b/htdocs/core/photos_resize.php @@ -413,7 +413,6 @@ if ($action == 'confirm_crop') { $fullpath = $dir."/".$original_file; - //var_dump($fullpath.' '.$_POST['w'].'x'.$_POST['h'].'-'.$_POST['x'].'x'.$_POST['y']);exit; $result = dol_imageResizeOrCrop($fullpath, 1, GETPOST('w', 'int'), GETPOST('h', 'int'), GETPOST('x', 'int'), GETPOST('y', 'int')); if ($result == $fullpath) { diff --git a/htdocs/don/payment/payment.php b/htdocs/don/payment/payment.php index e81a4a30af5..5128509c88c 100644 --- a/htdocs/don/payment/payment.php +++ b/htdocs/don/payment/payment.php @@ -78,7 +78,7 @@ if ($action == 'add_payment') { foreach ($_POST as $key => $value) { if (substr($key, 0, 7) == 'amount_') { $other_chid = substr($key, 7); - $amounts[$other_chid] = price2num($_POST[$key]); + $amounts[$other_chid] = price2num(GETPOST($key)); } } @@ -110,7 +110,7 @@ if ($action == 'add_payment') { } if (!$error) { - $result = $payment->addPaymentToBank($user, 'payment_donation', '(DonationPayment)', $_POST['accountid'], '', ''); + $result = $payment->addPaymentToBank($user, 'payment_donation', '(DonationPayment)', GETPOST('accountid', 'int'), '', ''); if (!$result > 0) { $errmsg = $payment->error; setEventMessages($errmsg, null, 'errors'); diff --git a/htdocs/eventorganization/core/actions_massactions_mail.inc.php b/htdocs/eventorganization/core/actions_massactions_mail.inc.php index afdee363f24..cda9274e6d6 100644 --- a/htdocs/eventorganization/core/actions_massactions_mail.inc.php +++ b/htdocs/eventorganization/core/actions_massactions_mail.inc.php @@ -111,7 +111,7 @@ if (!$error && $massaction == 'confirm_presend_attendees') { $massaction = 'presend_attendees'; } - $receiver = $_POST['receiver']; + $receiver = GETPOST('receiver', 'alphawithlgt'); if (!is_array($receiver)) { if (empty($receiver) || $receiver == '-1') { $receiver = array(); @@ -143,7 +143,7 @@ if (!$error && $massaction == 'confirm_presend_attendees') { $sendto = $attendees->thirdparty->name . '<' . trim($attendees->email) . '>'; // Define $sendtocc - $receivercc = $_POST['receivercc']; + $receivercc = GETPOST('receivercc', 'alphawithlgt'); if (!is_array($receivercc)) { if ($receivercc == '-1') { $receivercc = array(); @@ -153,7 +153,7 @@ if (!$error && $massaction == 'confirm_presend_attendees') { } $tmparray = array(); if (trim($_POST['sendtocc'])) { - $tmparray[] = trim($_POST['sendtocc']); + $tmparray[] = trim(GETPOST('sendtocc', 'alphawithlgt')); } $sendtocc = implode(',', $tmparray); @@ -177,17 +177,17 @@ if (!$error && $massaction == 'confirm_presend_attendees') { $resql = $db->query($sql); $obj = $db->fetch_object($resql); if ($obj) { - $from = $obj->label . ' <' . $obj->email . '>'; + $from = dol_string_nospecial($obj->label, ' ', array(",")) . ' <' . $obj->email . '>'; } } else { - $from = $_POST['fromname'] . ' <' . $_POST['frommail'] . '>'; + $from = dol_string_nospecial(GETPOST('fromname'), ' ', array(",")) . ' <' . GETPOST('frommail') . '>'; } $replyto = $from; $subject = GETPOST('subject', 'restricthtml'); $message = GETPOST('message', 'restricthtml'); - $sendtobcc = GETPOST('sendtoccc'); + $sendtobcc = GETPOST('sendtoccc', 'alphawithlgt'); // $objecttmp is a real object or an empty object if we choose to send one email per thirdparty instead of one per object // Make substitution in email content diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index f835e293f5f..00693469948 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -304,7 +304,6 @@ if (empty($reshook)) { $qty = "qtyl".$i.'_'.$j; } } else { - //var_dump(GETPOST($qty,'alpha')); var_dump($_POST); var_dump($batch);exit; //shipment line for product with no batch management and no multiple stock location if (GETPOST($qty, 'int') > 0) { $totalqty += price2num(GETPOST($qty, 'alpha'), 'MS'); @@ -473,7 +472,6 @@ if (empty($reshook)) { // } //} } elseif ($action == 'setdate_livraison' && $user->rights->expedition->creer) { - //print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year']; $datedelivery = dol_mktime(GETPOST('liv_hour', 'int'), GETPOST('liv_min', 'int'), 0, GETPOST('liv_month', 'int'), GETPOST('liv_day', 'int'), GETPOST('liv_year', 'int')); $object->fetch($id); diff --git a/htdocs/expedition/shipment.php b/htdocs/expedition/shipment.php index bfa48e9aa0f..2919a42bdb7 100644 --- a/htdocs/expedition/shipment.php +++ b/htdocs/expedition/shipment.php @@ -112,7 +112,6 @@ if (empty($reshook)) { } if ($action == 'setdatedelivery' && $user->rights->commande->creer) { - //print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year']; $datedelivery = dol_mktime(GETPOST('liv_hour', 'int'), GETPOST('liv_min', 'int'), 0, GETPOST('liv_month', 'int'), GETPOST('liv_day', 'int'), GETPOST('liv_year', 'int')); $object->fetch($id); diff --git a/htdocs/expensereport/payment/payment.php b/htdocs/expensereport/payment/payment.php index 845b8852cc1..ee80c9bc24a 100644 --- a/htdocs/expensereport/payment/payment.php +++ b/htdocs/expensereport/payment/payment.php @@ -87,8 +87,8 @@ if ($action == 'add_payment') { // Read possible payments foreach ($_POST as $key => $value) { if (substr($key, 0, 7) == 'amount_') { - $amounts[$expensereport->fk_user_author] = price2num($_POST[$key]); - $total += price2num($_POST[$key]); + $amounts[$expensereport->fk_user_author] = price2num(GETPOST($key)); + $total += price2num(GETPOST($key)); } } diff --git a/htdocs/exports/export.php b/htdocs/exports/export.php index ae5629b733b..b07d68f8591 100644 --- a/htdocs/exports/export.php +++ b/htdocs/exports/export.php @@ -388,7 +388,7 @@ if ($step == 4 && $action == 'submitFormField') { $_SESSION["export_filtered_fields"] = array(); foreach ($objexport->array_export_TypeFields[0] as $code => $type) { // $code: s.fieldname $value: Text|Boolean|List:ccc $newcode = (string) preg_replace('/\./', '_', $code); - //print 'xxx '.$code."=".$newcode."=".$type."=".$_POST[$newcode]."\n
"; + //print 'xxx '.$code."=".$newcode."=".$type."=".GETPOST($newcode)."\n
"; $check = 'alphanohtml'; $filterqualified = 1; if (!GETPOSTISSET($newcode) || GETPOST($newcode, $check) == '') { @@ -1212,7 +1212,7 @@ if ($step == 5 && $datatoexport) { // Show existing generated documents // NB: La fonction show_documents rescanne les modules qd genallowed=1, sinon prend $liste - print $formfile->showdocuments('export', '', $upload_dir, $_SERVER["PHP_SELF"].'?step=5&datatoexport='.$datatoexport, $liste, 1, (!empty($_POST['model']) ? $_POST['model'] : 'csv'), 1, 1, 0, 0, 0, '', 'none', '', '', ''); + print $formfile->showdocuments('export', '', $upload_dir, $_SERVER["PHP_SELF"].'?step=5&datatoexport='.$datatoexport, $liste, 1, (GETPOST('model') ? GETPOST('model') : 'csv'), 1, 1, 0, 0, 0, '', 'none', '', '', ''); } llxFooter(); diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index 35e5257fce0..c7a937518d7 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -1707,12 +1707,12 @@ if ($action == 'create') { // Payment term print ''.$langs->trans('PaymentConditionsShort').''; - $form->select_conditions_paiements(isset($_POST['cond_reglement_id']) ? $_POST['cond_reglement_id'] : $cond_reglement_id, 'cond_reglement_id'); + $form->select_conditions_paiements(GETPOSTISSET('cond_reglement_id') ? GETPOST('cond_reglement_id') : $cond_reglement_id, 'cond_reglement_id'); print ''; // Payment mode print ''.$langs->trans('PaymentMode').''; - $form->select_types_paiements(isset($_POST['mode_reglement_id']) ? $_POST['mode_reglement_id'] : $mode_reglement_id, 'mode_reglement_id'); + $form->select_types_paiements(GETPOSTISSET('mode_reglement_id') ? GETPOST('mode_reglement_id') : $mode_reglement_id, 'mode_reglement_id'); print ''; // Planned delivery date diff --git a/htdocs/fourn/commande/dispatch.php b/htdocs/fourn/commande/dispatch.php index f93e51dc850..ca9bd1b3065 100644 --- a/htdocs/fourn/commande/dispatch.php +++ b/htdocs/fourn/commande/dispatch.php @@ -305,8 +305,8 @@ if ($action == 'dispatch' && $permissiontoreceive) { $pu = 'pu_'.$reg[1].'_'.$reg[2]; $fk_commandefourndet = 'fk_commandefourndet_'.$reg[1].'_'.$reg[2]; $lot = 'lot_number_'.$reg[1].'_'.$reg[2]; - $dDLUO = dol_mktime(12, 0, 0, $_POST['dluo_'.$reg[1].'_'.$reg[2].'month'], $_POST['dluo_'.$reg[1].'_'.$reg[2].'day'], $_POST['dluo_'.$reg[1].'_'.$reg[2].'year']); - $dDLC = dol_mktime(12, 0, 0, $_POST['dlc_'.$reg[1].'_'.$reg[2].'month'], $_POST['dlc_'.$reg[1].'_'.$reg[2].'day'], $_POST['dlc_'.$reg[1].'_'.$reg[2].'year']); + $dDLUO = dol_mktime(12, 0, 0, GETPOST('dluo_'.$reg[1].'_'.$reg[2].'month', 'int'), GETPOST('dluo_'.$reg[1].'_'.$reg[2].'day', 'int'), GETPOST('dluo_'.$reg[1].'_'.$reg[2].'year', 'int')); + $dDLC = dol_mktime(12, 0, 0, GETPOST('dlc_'.$reg[1].'_'.$reg[2].'month', 'int'), GETPOST('dlc_'.$reg[1].'_'.$reg[2].'day', 'int'), GETPOST('dlc_'.$reg[1].'_'.$reg[2].'year', 'int')); $fk_commandefourndet = 'fk_commandefourndet_'.$reg[1].'_'.$reg[2]; diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index 4b052981955..d384f3f90d2 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -990,7 +990,7 @@ if (empty($reshook)) { if (!$error && GETPOST('origin', 'alpha') && GETPOST('originid')) { // Parse element/subelement (ex: project_task) $element = $subelement = GETPOST('origin', 'alpha'); - /*if (preg_match('/^([^_]+)_([^_]+)/i',$_POST['origin'],$regs)) + /*if (preg_match('/^([^_]+)_([^_]+)/i', GETPOST('origin'),$regs)) { $element = $regs[1]; $subelement = $regs[2]; @@ -1954,7 +1954,7 @@ if ($action == 'create') { $datetmp = dol_mktime(12, 0, 0, GETPOST('remonth', 'int'), GETPOST('reday', 'int'), GETPOST('reyear', 'int')); $dateinvoice = ($datetmp == '' ? (empty($conf->global->MAIN_AUTOFILL_DATE) ?-1 : '') : $datetmp); - $datetmp = dol_mktime(12, 0, 0, $_POST['echmonth'], $_POST['echday'], $_POST['echyear']); + $datetmp = dol_mktime(12, 0, 0, GETPOST('echmonth', 'int'), GETPOST('echday', 'int'), GETPOST('echyear', 'int')); $datedue = ($datetmp == '' ?-1 : $datetmp); // Replicate extrafields @@ -1967,7 +1967,7 @@ if ($action == 'create') { $fk_account = $societe->fk_account; $datetmp = dol_mktime(12, 0, 0, GETPOST('remonth', 'int'), GETPOST('reday', 'int'), GETPOST('reyear', 'int')); $dateinvoice = ($datetmp == '' ? (empty($conf->global->MAIN_AUTOFILL_DATE) ?-1 : '') : $datetmp); - $datetmp = dol_mktime(12, 0, 0, $_POST['echmonth'], $_POST['echday'], $_POST['echyear']); + $datetmp = dol_mktime(12, 0, 0, GETPOST('echmonth', 'int'), GETPOST('echday', 'int'), GETPOST('echyear', 'int')); $datedue = ($datetmp == '' ?-1 : $datetmp); if (!empty($conf->multicurrency->enabled) && !empty($soc->multicurrency_code)) { @@ -2110,7 +2110,7 @@ if ($action == 'create') { } // Ref supplier - print ''.$langs->trans('RefSupplier').''.$langs->trans('RefSupplier').'id > 0) { print ' autofocus'; } @@ -2203,8 +2203,9 @@ if ($action == 'create') { foreach ($facids as $facparam) { $options .= ''; @@ -2446,7 +2447,7 @@ if ($action == 'create') { if (!empty($conf->intracommreport->enabled)) { $langs->loadLangs(array("intracommreport")); print ''.$langs->trans('IntracommReportTransportMode').''; - $form->selectTransportMode(isset($_POST['transport_mode_id']) ? $_POST['transport_mode_id'] : $transport_mode_id, 'transport_mode_id'); + $form->selectTransportMode(GETPOSTISSET('transport_mode_id') ? GETPOST('transport_mode_id') : $transport_mode_id, 'transport_mode_id'); print ''; } diff --git a/htdocs/fourn/facture/note.php b/htdocs/fourn/facture/note.php index d59aefe7831..3b14dfeaf28 100644 --- a/htdocs/fourn/facture/note.php +++ b/htdocs/fourn/facture/note.php @@ -69,7 +69,7 @@ if (empty($reshook)) { // Set label if ($action == 'setlabel' && ($user->rights->fournisseur->facture->creer || $user->rights->supplier_invoice->creer)) { - $object->label = $_POST['label']; + $object->label = GETPOST('label'); $result = $object->update($user); if ($result < 0) { dol_print_error($db); diff --git a/htdocs/fourn/facture/paiement.php b/htdocs/fourn/facture/paiement.php index 6dc609041c8..4b6e5bf151c 100644 --- a/htdocs/fourn/facture/paiement.php +++ b/htdocs/fourn/facture/paiement.php @@ -187,7 +187,7 @@ if (empty($reshook)) { } } - $formquestion[$i++] = array('type' => 'hidden', 'name' => $key, 'value' => $_POST[$key]); + $formquestion[$i++] = array('type' => 'hidden', 'name' => $key, 'value' => GETPOST($key)); } elseif (substr($key, 0, 21) == 'multicurrency_amount_') { $cursorfacid = substr($key, 21); $multicurrency_amounts[$cursorfacid] = (GETPOST($key) ? price2num(GETPOST($key)) : 0); @@ -219,7 +219,7 @@ if (empty($reshook)) { } // Check parameters - if ($_POST['paiementid'] <= 0) { + if (GETPOST('paiementid') <= 0) { setEventMessages($langs->transnoentities('ErrorFieldRequired', $langs->transnoentities('PaymentMode')), null, 'errors'); $error++; } @@ -494,7 +494,7 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie print $form->selectDate($dateinvoice, '', '', '', 0, "addpaiement", 1, 1, 0, '', '', $object->date); print ''; print ''.$langs->trans('PaymentMode').''; - $form->select_types_paiements(empty($_POST['paiementid']) ? $obj->fk_mode_reglement : $_POST['paiementid'], 'paiementid'); + $form->select_types_paiements(!GETPOST('paiementid') ? $obj->fk_mode_reglement : GETPOST('paiementid'), 'paiementid'); print ''; if (!empty($conf->banque->enabled)) { print ''.$langs->trans('Account').''; @@ -504,10 +504,10 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie } else { print ' '; } - print ''.$langs->trans('Numero').''; + print ''.$langs->trans('Numero').''; print ''.$langs->trans('Comments').''; print ''; - print ''; + print ''; print ''; print dol_get_fiche_end(); @@ -683,10 +683,10 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie print img_picto("Auto fill", 'rightarrow', "class='AutoFillAmout' data-rowname='".$namef."' data-value='".($sign * $multicurrency_remaintopay)."'"); } print ''; - print ''; + print ''; } else { - print ''; - print ''; + print ''; + print ''; } } print ""; diff --git a/htdocs/fourn/paiement/card.php b/htdocs/fourn/paiement/card.php index f8f484f0cc9..1f421230bbb 100644 --- a/htdocs/fourn/paiement/card.php +++ b/htdocs/fourn/paiement/card.php @@ -108,9 +108,9 @@ if ($action == 'confirm_validate' && $confirm == 'yes' && } } -if ($action == 'setnum_paiement' && !empty($_POST['num_paiement'])) { +if ($action == 'setnum_paiement' && GETPOST('num_paiement')) { $object->fetch($id); - $res = $object->update_num($_POST['num_paiement']); + $res = $object->update_num(GETPOST('num_paiement')); if ($res === 0) { setEventMessages($langs->trans('PaymentNumberUpdateSucceeded'), null, 'mesgs'); } else { @@ -118,7 +118,7 @@ if ($action == 'setnum_paiement' && !empty($_POST['num_paiement'])) { } } -if ($action == 'setdatep' && !empty($_POST['datepday'])) { +if ($action == 'setdatep' && GETPOST('datepday')) { $object->fetch($id); $datepaye = dol_mktime(GETPOST('datephour', 'int'), GETPOST('datepmin', 'int'), GETPOST('datepsec', 'int'), GETPOST('datepmonth', 'int'), GETPOST('datepday', 'int'), GETPOST('datepyear', 'int')); $res = $object->update_date($datepaye); diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php index fb53811aeaf..6ea0ec3b83c 100644 --- a/htdocs/holiday/card.php +++ b/htdocs/holiday/card.php @@ -654,7 +654,7 @@ if (empty($reshook)) { } if ($action == 'confirm_refuse' && GETPOST('confirm', 'alpha') == 'yes') { - if (!empty($_POST['detail_refuse'])) { + if (GETPOST('detail_refuse')) { $object->fetch($id); // If status pending validation and validator = user diff --git a/htdocs/holiday/define_holiday.php b/htdocs/holiday/define_holiday.php index 621443fb408..12a32ba3f50 100644 --- a/htdocs/holiday/define_holiday.php +++ b/htdocs/holiday/define_holiday.php @@ -145,7 +145,8 @@ if (empty($reshook)) { } //If the user set a comment, we add it to the log comment - $comment = ((isset($_POST['note_holiday'][$userID]) && !empty($_POST['note_holiday'][$userID])) ? ' ('.$_POST['note_holiday'][$userID].')' : ''); + $note_holiday = GETPOST('note_holiday'); + $comment = ((isset($note_holiday[$userID]) && !empty($note_holiday[$userID])) ? ' ('.$note_holiday[$userID].')' : ''); //print 'holiday: '.$val['rowid'].'-'.$userValue; if ($userValue != '') { diff --git a/htdocs/hrm/establishment/card.php b/htdocs/hrm/establishment/card.php index 0ce7d793003..1fe67dd0bd1 100644 --- a/htdocs/hrm/establishment/card.php +++ b/htdocs/hrm/establishment/card.php @@ -135,14 +135,14 @@ if ($action == 'confirm_delete' && $confirm == "yes") { $result = $object->update($user); if ($result > 0) { - header("Location: ".$_SERVER["PHP_SELF"]."?id=".$_POST['id']); + header("Location: ".$_SERVER["PHP_SELF"]."?id=".GETPOST('id', 'int')); exit; } else { setEventMessages($object->error, $object->errors, 'errors'); } } } else { - header("Location: ".$_SERVER["PHP_SELF"]."?id=".$_POST['id']); + header("Location: ".$_SERVER["PHP_SELF"]."?id=".GETPOST('id', 'int')); exit; } } diff --git a/htdocs/hrm/evaluation_card.php b/htdocs/hrm/evaluation_card.php index 8aeadeaa18c..7b0b7bcfd7d 100644 --- a/htdocs/hrm/evaluation_card.php +++ b/htdocs/hrm/evaluation_card.php @@ -269,9 +269,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print ''."\n"; // Common attributes diff --git a/htdocs/hrm/job_card.php b/htdocs/hrm/job_card.php index d4501c8e685..906eb83b945 100644 --- a/htdocs/hrm/job_card.php +++ b/htdocs/hrm/job_card.php @@ -195,9 +195,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print '
' . "\n"; // Common attributes diff --git a/htdocs/hrm/position.php b/htdocs/hrm/position.php index d36d352e895..19749d94c19 100644 --- a/htdocs/hrm/position.php +++ b/htdocs/hrm/position.php @@ -915,9 +915,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print '
' . "\n"; // Common attributes diff --git a/htdocs/hrm/skill_card.php b/htdocs/hrm/skill_card.php index a06cf40952a..45e2bfea16a 100644 --- a/htdocs/hrm/skill_card.php +++ b/htdocs/hrm/skill_card.php @@ -196,9 +196,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print '
' . "\n"; // Common attributes diff --git a/htdocs/knowledgemanagement/knowledgerecord_card.php b/htdocs/knowledgemanagement/knowledgerecord_card.php index 2fcf05a4393..91f127b0057 100644 --- a/htdocs/knowledgemanagement/knowledgerecord_card.php +++ b/htdocs/knowledgemanagement/knowledgerecord_card.php @@ -184,9 +184,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print '
'."\n"; // Common attributes diff --git a/htdocs/margin/admin/margin.php b/htdocs/margin/admin/margin.php index 30c85197337..94330eb8dc1 100644 --- a/htdocs/margin/admin/margin.php +++ b/htdocs/margin/admin/margin.php @@ -64,7 +64,7 @@ if (preg_match('/del_([a-z0-9_\-]+)/i', $action, $reg)) { } if ($action == 'remises') { - if (dolibarr_set_const($db, 'MARGIN_METHODE_FOR_DISCOUNT', $_POST['MARGIN_METHODE_FOR_DISCOUNT'], 'chaine', 0, '', $conf->entity) > 0) { + if (dolibarr_set_const($db, 'MARGIN_METHODE_FOR_DISCOUNT', GETPOST('MARGIN_METHODE_FOR_DISCOUNT'), 'chaine', 0, '', $conf->entity) > 0) { setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs'); } else { dol_print_error($db); @@ -72,7 +72,7 @@ if ($action == 'remises') { } if ($action == 'typemarges') { - if (dolibarr_set_const($db, 'MARGIN_TYPE', $_POST['MARGIN_TYPE'], 'chaine', 0, '', $conf->entity) > 0) { + if (dolibarr_set_const($db, 'MARGIN_TYPE', GETPOST('MARGIN_TYPE'), 'chaine', 0, '', $conf->entity) > 0) { setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs'); } else { dol_print_error($db); @@ -80,7 +80,7 @@ if ($action == 'typemarges') { } if ($action == 'contact') { - if (dolibarr_set_const($db, 'AGENT_CONTACT_TYPE', $_POST['AGENT_CONTACT_TYPE'], 'chaine', 0, '', $conf->entity) > 0) { + if (dolibarr_set_const($db, 'AGENT_CONTACT_TYPE', GETPOST('AGENT_CONTACT_TYPE'), 'chaine', 0, '', $conf->entity) > 0) { setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs'); } else { dol_print_error($db); diff --git a/htdocs/opensurvey/results.php b/htdocs/opensurvey/results.php index e37f9bf3de5..5b564f617fd 100644 --- a/htdocs/opensurvey/results.php +++ b/htdocs/opensurvey/results.php @@ -103,13 +103,13 @@ $testmodifier = false; $testligneamodifier = false; $ligneamodifier = -1; for ($i = 0; $i < $nblines; $i++) { - if (isset($_POST['modifierligne'.$i])) { + if (GETPOSTISSET('modifierligne'.$i)) { $ligneamodifier = $i; $testligneamodifier = true; } //test pour voir si une ligne est a modifier - if (isset($_POST['validermodifier'.$i])) { + if (GETPOSTISSET('validermodifier'.$i)) { $modifier = $i; $testmodifier = true; } @@ -153,7 +153,7 @@ if (GETPOST("ajoutercolonne") && GETPOST('nouvellecolonne') && $object->format = //on rajoute la valeur a la fin de tous les sujets deja entrés $nouveauxsujets .= ','; - $nouveauxsujets .= str_replace(array(",", "@"), " ", GETPOST("nouvellecolonne")).(empty($_POST["typecolonne"]) ? '' : '@'.GETPOST("typecolonne")); + $nouveauxsujets .= str_replace(array(",", "@"), " ", GETPOST("nouvellecolonne")).(!GETPOST("typecolonne") ? '' : '@'.GETPOST("typecolonne")); //mise a jour avec les nouveaux sujets dans la base $sql = 'UPDATE '.MAIN_DB_PREFIX."opensurvey_sondage"; diff --git a/htdocs/opensurvey/wizard/choix_date.php b/htdocs/opensurvey/wizard/choix_date.php index 817f3d88139..762770acee6 100644 --- a/htdocs/opensurvey/wizard/choix_date.php +++ b/htdocs/opensurvey/wizard/choix_date.php @@ -51,7 +51,8 @@ if (GETPOST('confirmation')) { for ($i = 0; $i < $nbofchoice; $i++) { // Show hours choices for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) { - $_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j]; + $horairesi = GETPOST("horaires".$i); + $_SESSION["horaires$i"][$j] = $horairesi[$j]; $tmphorairesi = GETPOST('horaires'.$i, 'array'); @@ -248,7 +249,8 @@ if (issetAndNoEmpty('moisavant_x') || issetAndNoEmpty('moisavant')) { for ($i = 0; $i < $nbofchoice; $i++) { //affichage des 5 cases horaires for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) { - $_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j]; + $horairesi = GETPOST("horaires".$i); + $_SESSION["horaires$i"][$j] = $horairesi[$j]; } } } @@ -269,7 +271,8 @@ if (issetAndNoEmpty('moisapres_x') || issetAndNoEmpty('moisapres')) { for ($i = 0; $i < $nbofchoice; $i++) { //affichage des 5 cases horaires for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) { - $_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j]; + $horairesi = GETPOST("horaires".$i); + $_SESSION["horaires$i"][$j] = $horairesi[$j]; } } } @@ -285,7 +288,8 @@ if (issetAndNoEmpty('anneeavant_x') || issetAndNoEmpty('anneeavant')) { for ($i = 0; $i < $nbofchoice; $i++) { //affichage des 5 cases horaires for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) { - $_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j]; + $horairesi = GETPOST("horaires".$i); + $_SESSION["horaires$i"][$j] = $horairesi[$j]; } } } @@ -301,7 +305,8 @@ if (issetAndNoEmpty('anneeapres_x') || issetAndNoEmpty('anneeapres')) { for ($i = 0; $i < $nbofchoice; $i++) { //affichage des 5 cases horaires for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) { - $_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j]; + $horairesi = GETPOST("horaires".$i); + $_SESSION["horaires$i"][$j] = $horairesi[$j]; } } } @@ -365,7 +370,8 @@ if (issetAndNoEmpty('choixjourajout')) { if (issetAndNoEmpty('totalchoixjour', $_SESSION) === true && issetAndNoEmpty('choixjourajout') === true) { $nbofchoice = count($_SESSION["totalchoixjour"]); for ($i = 0; $i < $nbofchoice; $i++) { - if ($_SESSION["totalchoixjour"][$i] == mktime(0, 0, 0, $_SESSION["mois"], $_POST["choixjourajout"][0], $_SESSION["annee"])) { + $choixjourajout = GETPOST("choixjourajout"); + if ($_SESSION["totalchoixjour"][$i] == mktime(0, 0, 0, $_SESSION["mois"], $choixjourajout[0], $_SESSION["annee"])) { $journeuf = false; } } @@ -373,15 +379,17 @@ if (issetAndNoEmpty('choixjourajout')) { // Si le test est passé, alors on insere la valeur dans la variable de session qui contient les dates if ($journeuf && issetAndNoEmpty('choixjourajout') === true) { - array_push($_SESSION["totalchoixjour"], dol_mktime(0, 0, 0, $_SESSION["mois"], $_POST["choixjourajout"][0], $_SESSION["annee"])); + $choixjourajout = GETPOST("choixjourajout"); + array_push($_SESSION["totalchoixjour"], dol_mktime(0, 0, 0, $_SESSION["mois"], $choixjourajout[0], $_SESSION["annee"])); sort($_SESSION["totalchoixjour"]); - $cle = array_search(dol_mktime(0, 0, 0, $_SESSION["mois"], $_POST["choixjourajout"][0], $_SESSION["annee"]), $_SESSION["totalchoixjour"]); + $cle = array_search(dol_mktime(0, 0, 0, $_SESSION["mois"], $choixjourajout[0], $_SESSION["annee"]), $_SESSION["totalchoixjour"]); //On sauvegarde les heures deja entrées for ($i = 0; $i < $cle; $i++) { + $horairesi = GETPOST("horaires".$i); for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) { if (issetAndNoEmpty('horaires'.$i) === true && issetAndNoEmpty($i, $_POST['horaires'.$i]) === true) { - $_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j]; + $_SESSION["horaires$i"][$j] = $horairesi[$j]; } } } @@ -391,7 +399,8 @@ if (issetAndNoEmpty('choixjourajout')) { $k = $i + 1; if (issetAndNoEmpty('horaires'.$i) === true && issetAndNoEmpty($i, $_POST['horaires'.$i]) === true) { for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) { - $_SESSION["horaires$k"][$j] = $_POST["horaires$i"][$j]; + $horairesi = GETPOST("horaires".$i); + $_SESSION["horaires$i"][$j] = $horairesi[$j]; } } } @@ -407,12 +416,14 @@ if (issetAndNoEmpty('choixjourretrait')) { for ($i = 0; $i < $nbofchoice; $i++) { //affichage des 5 cases horaires for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) { - $_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j]; + $horairesi = GETPOST("horaires".$i); + $_SESSION["horaires$i"][$j] = $horairesi[$j]; } } for ($i = 0; $i < $nbofchoice; $i++) { - if ($_SESSION["totalchoixjour"][$i] == mktime(0, 0, 0, $_SESSION["mois"], $_POST["choixjourretrait"][0], $_SESSION["annee"])) { + $choixjourretrait = GETPOST('choixjourretrait'); + if ($_SESSION["totalchoixjour"][$i] == mktime(0, 0, 0, $_SESSION["mois"], $choixjourretrait[0], $_SESSION["annee"])) { for ($j = $i; $j < $nbofchoice; $j++) { $k = $j + 1; $_SESSION["horaires$j"] = $_SESSION["horaires$k"]; @@ -425,7 +436,7 @@ if (issetAndNoEmpty('choixjourretrait')) { //report des horaires dans toutes les cases if (issetAndNoEmpty('reporterhoraires')) { - $_SESSION["horaires0"] = $_POST["horaires0"]; + $_SESSION["horaires0"] = GETPOST("horaires0"); $nbofchoice = count($_SESSION["totalchoixjour"]); for ($i = 0; $i < $nbofchoice; $i++) { $j = $i + 1; diff --git a/htdocs/partnership/partnership_card.php b/htdocs/partnership/partnership_card.php index 6afb9c88912..c460024be0f 100644 --- a/htdocs/partnership/partnership_card.php +++ b/htdocs/partnership/partnership_card.php @@ -273,9 +273,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print '
'."\n"; // Common attributes diff --git a/htdocs/product/inventory/card.php b/htdocs/product/inventory/card.php index 23473545b11..b71047a5f47 100644 --- a/htdocs/product/inventory/card.php +++ b/htdocs/product/inventory/card.php @@ -196,9 +196,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print '
'."\n"; // Common attributes diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php index f522e61bec2..3d16b6bac7c 100644 --- a/htdocs/product/stock/product.php +++ b/htdocs/product/stock/product.php @@ -496,8 +496,8 @@ if ($action == 'updateline' && GETPOST('save') == $langs->trans("Save")) { if ((!GETPOST("sellby")) && (!GETPOST("eatby")) && (!$batchnumber)) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("atleast1batchfield")), null, 'errors'); } else { - $d_eatby = dol_mktime(0, 0, 0, $_POST['eatbymonth'], $_POST['eatbyday'], $_POST['eatbyyear']); - $d_sellby = dol_mktime(0, 0, 0, $_POST['sellbymonth'], $_POST['sellbyday'], $_POST['sellbyyear']); + $d_eatby = dol_mktime(0, 0, 0, GETPOST('eatbymonth', 'int'), GETPOST('eatbyday', 'int'), GETPOST('eatbyyear', 'int')); + $d_sellby = dol_mktime(0, 0, 0, GETPOST('sellbymonth', 'int'), GETPOST('sellbyday', 'int'), GETPOST('sellbyyear', 'int')); $pdluo->batch = $batchnumber; $pdluo->eatby = $d_eatby; $pdluo->sellby = $d_sellby; diff --git a/htdocs/product/stock/productlot_card.php b/htdocs/product/stock/productlot_card.php index cbf7c901b37..eb6084e5f22 100644 --- a/htdocs/product/stock/productlot_card.php +++ b/htdocs/product/stock/productlot_card.php @@ -386,9 +386,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print '
'."\n"; // Common attributes diff --git a/htdocs/projet/activity/permonth.php b/htdocs/projet/activity/permonth.php index 8238d112b7b..c8af7348716 100644 --- a/htdocs/projet/activity/permonth.php +++ b/htdocs/projet/activity/permonth.php @@ -196,7 +196,7 @@ if ($action == 'addtime' && $user->rights->projet->lire && GETPOST('assigntask') } if ($action == 'addtime' && $user->rights->projet->lire) { - $timetoadd = $_POST['task']; + $timetoadd = GETPOST('task'); if (empty($timetoadd)) { setEventMessages($langs->trans("ErrorTimeSpentIsEmpty"), null, 'errors'); } else { diff --git a/htdocs/projet/activity/perweek.php b/htdocs/projet/activity/perweek.php index 763ecefe650..6cb4a8600fc 100644 --- a/htdocs/projet/activity/perweek.php +++ b/htdocs/projet/activity/perweek.php @@ -257,7 +257,7 @@ if ($action == 'addtime' && $user->rights->projet->lire && GETPOST('assigntask') } if ($action == 'addtime' && $user->rights->projet->lire && GETPOST('formfilteraction') != 'listafterchangingselectedfields') { - $timetoadd = $_POST['task']; + $timetoadd = GETPOST('task'); if (empty($timetoadd)) { setEventMessages($langs->trans("ErrorTimeSpentIsEmpty"), null, 'errors'); } else { diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php index 64d134a7254..310857e24cc 100644 --- a/htdocs/projet/tasks.php +++ b/htdocs/projet/tasks.php @@ -303,8 +303,6 @@ if ($action == 'createtask' && $user->rights->projet->creer) { $error = 0; // If we use user timezone, we must change also view/list to use user timezone everywhere - //$date_start = dol_mktime($_POST['dateohour'],$_POST['dateomin'],0,$_POST['dateomonth'],$_POST['dateoday'],$_POST['dateoyear'],'user'); - //$date_end = dol_mktime($_POST['dateehour'],$_POST['dateemin'],0,$_POST['dateemonth'],$_POST['dateeday'],$_POST['dateeyear'],'user'); $date_start = dol_mktime(GETPOST('dateohour', 'int'), GETPOST('dateomin', 'int'), 0, GETPOST('dateomonth', 'int'), GETPOST('dateoday', 'int'), GETPOST('dateoyear', 'int')); $date_end = dol_mktime(GETPOST('dateehour', 'int'), GETPOST('dateemin', 'int'), 0, GETPOST('dateemonth', 'int'), GETPOST('dateeday', 'int'), GETPOST('dateeyear', 'int')); @@ -318,7 +316,7 @@ if ($action == 'createtask' && $user->rights->projet->creer) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Label")), null, 'errors'); $action = 'create'; $error++; - } elseif (empty($_POST['task_parent'])) { + } elseif (!GETPOST('task_parent')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("ChildOfProjectTask")), null, 'errors'); $action = 'create'; $error++; diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php index 8e773f92788..19be96cc558 100644 --- a/htdocs/projet/tasks/task.php +++ b/htdocs/projet/tasks/task.php @@ -91,7 +91,7 @@ if ($action == 'update' && !GETPOST("cancel") && $user->rights->projet->creer) { if (!$error) { $object->oldcopy = clone $object; - $tmparray = explode('_', $_POST['task_parent']); + $tmparray = explode('_', GETPOST('task_parent')); $task_parent = $tmparray[1]; if (empty($task_parent)) { $task_parent = 0; // If task_parent is '' diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index bc6ec7d15cf..3890b2a9990 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -1433,12 +1433,12 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser // Note print ''; // Duration - Time spent print '
'; - print ''; + print ''; print ''; - $durationtouse = ($_POST['timespent_duration'] ? $_POST['timespent_duration'] : ''); + $durationtouse = (GETPOST('timespent_duration') ? GETPOST('timespent_duration') : ''); if (GETPOSTISSET('timespent_durationhour') || GETPOSTISSET('timespent_durationmin')) { $durationtouse = (GETPOST('timespent_durationhour') * 3600 + GETPOST('timespent_durationmin') * 60); } diff --git a/htdocs/public/demo/index.php b/htdocs/public/demo/index.php index 94ee0bb00b2..49bde1a2b9b 100644 --- a/htdocs/public/demo/index.php +++ b/htdocs/public/demo/index.php @@ -212,7 +212,7 @@ if (GETPOST('action', 'aZ09') == 'gotodemo') { // Action run when we click o // If we disable modules using personalized list foreach ($modules as $val) { $modulekeyname = strtolower($val->name); - if (empty($_POST[$modulekeyname]) && empty($val->always_enabled) && !in_array($modulekeyname, $alwayscheckedmodules)) { + if (!GETPOST($modulekeyname) && empty($val->always_enabled) && !in_array($modulekeyname, $alwayscheckedmodules)) { $disablestring .= $modulekeyname.','; if ($modulekeyname == 'propale') { $disablestring .= 'propal,'; diff --git a/htdocs/public/opensurvey/studs.php b/htdocs/public/opensurvey/studs.php index 42cde055ac2..c14935d6708 100644 --- a/htdocs/public/opensurvey/studs.php +++ b/htdocs/public/opensurvey/studs.php @@ -202,7 +202,6 @@ for ($i = 0; $i < $nblines; $i++) { } if ($testmodifier) { - //var_dump($_POST);exit; $nouveauchoix = ''; for ($i = 0; $i < $nbcolonnes; $i++) { if (GETPOSTISSET("choix".$i) && GETPOST("choix".$i) == '1') { diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index f2b72693a13..51424d9277e 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -126,7 +126,7 @@ if (empty($reshook) && GETPOST('removedfile', 'alpha') && !GETPOST('save', 'alph $upload_dir_tmp = $vardir.'/temp/'.session_id(); // TODO Delete only files that was uploaded from email form - dol_remove_file_process($_POST['removedfile'], 0, 0); + dol_remove_file_process(GETPOST('removedfile'), 0, 0); $action = 'create_ticket'; } diff --git a/htdocs/reception/card.php b/htdocs/reception/card.php index 2d7c46e0c85..93140b88ef5 100644 --- a/htdocs/reception/card.php +++ b/htdocs/reception/card.php @@ -323,7 +323,6 @@ if (empty($reshook)) { $stockLocation = "ent1".$i."_0"; $qty = "qtyl".$i; - //var_dump(GETPOST($qty,'int')); var_dump($_POST); var_dump($batch);exit; //reception line for product with no batch management and no multiple stock location if (GETPOST($qty, 'alpha') > 0) { $totalqty += price2num(GETPOST($qty, 'alpha'), 'MS'); @@ -335,7 +334,6 @@ if (empty($reshook)) { if ($totalqty > 0) { // There is at least one thing to ship - //var_dump($_POST);exit; for ($i = 1; $i <= $num; $i++) { $lineToTest = ''; $lineId = GETPOST($idl, 'int'); @@ -466,7 +464,6 @@ if (empty($reshook)) { setEventMessages($object->error, $object->errors, 'errors'); }*/ } elseif ($action == 'setdate_livraison' && $permissiontoadd) { - //print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year']; $datedelivery = dol_mktime(GETPOST('liv_hour', 'int'), GETPOST('liv_min', 'int'), 0, GETPOST('liv_month', 'int'), GETPOST('liv_day', 'int'), GETPOST('liv_year', 'int')); $object->fetch($id); @@ -956,10 +953,10 @@ if ($action == 'create') { $ent = 'entrepot_' . $paramSuffix; $pu = 'pu_' . $paramSuffix; $lot = 'lot_number_' . $paramSuffix; - $dDLUO = dol_mktime(12, 0, 0, $_POST['dluo_'.$paramSuffix.'month'], $_POST['dluo_'.$paramSuffix.'day'], $_POST['dluo_'.$paramSuffix.'year']); - $dDLC = dol_mktime(12, 0, 0, $_POST['dlc_'.$paramSuffix.'month'], $_POST['dlc_'.$paramSuffix.'day'], $_POST['dlc_'.$paramSuffix.'year']); + $dDLUO = dol_mktime(12, 0, 0, GETPOST('dluo_'.$paramSuffix.'month', 'int'), GETPOST('dluo_'.$paramSuffix.'day', 'int'), GETPOST('dluo_'.$paramSuffix.'year', 'int')); + $dDLC = dol_mktime(12, 0, 0, GETPOST('dlc_'.$paramSuffix.'month', 'int'), GETPOST('dlc_'.$paramSuffix.'day', 'int'), GETPOST('dlc_'.$paramSuffix.'year', 'int')); $fk_commandefourndet = 'fk_commandefourndet_'.$paramSuffix; - $dispatchLines[$numAsked] = array('prod' => GETPOST($prod, 'int'), 'qty' => price2num(GETPOST($qty), 'MS'), 'ent' =>GETPOST($ent, 'int'), 'pu' => price2num(GETPOST($pu), 'MU'), 'comment' =>GETPOST('comment'), 'fk_commandefourndet' => GETPOST($fk_commandefourndet, 'int'), 'DLC'=> $dDLC, 'DLUO'=> $dDLUO, 'lot'=> GETPOST($lot, 'alpha')); + $dispatchLines[$numAsked] = array('prod' => GETPOST($prod, 'int'), 'qty' => price2num(GETPOST($qty), 'MS'), 'ent' => GETPOST($ent, 'int'), 'pu' => price2num(GETPOST($pu), 'MU'), 'comment' => GETPOST('comment'), 'fk_commandefourndet' => GETPOST($fk_commandefourndet, 'int'), 'DLC'=> $dDLC, 'DLUO'=> $dDLUO, 'lot'=> GETPOST($lot, 'alpha')); } // If create form is coming from same page, it means that post was sent but an error occured diff --git a/htdocs/recruitment/recruitmentcandidature_card.php b/htdocs/recruitment/recruitmentcandidature_card.php index ac6fc37591a..42145f66c43 100644 --- a/htdocs/recruitment/recruitmentcandidature_card.php +++ b/htdocs/recruitment/recruitmentcandidature_card.php @@ -325,9 +325,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print ''."\n"; // Common attributes diff --git a/htdocs/salaries/paiement_salary.php b/htdocs/salaries/paiement_salary.php index 221e5cf2c0e..cfca26efca4 100644 --- a/htdocs/salaries/paiement_salary.php +++ b/htdocs/salaries/paiement_salary.php @@ -87,7 +87,7 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y foreach ($_POST as $key => $value) { if (substr($key, 0, 7) == 'amount_') { $other_chid = substr($key, 7); - $amounts[$other_chid] = price2num($_POST[$key]); + $amounts[$other_chid] = price2num(GETPOST($key)); } } diff --git a/htdocs/societe/price.php b/htdocs/societe/price.php index 75818a34f72..897a372dc27 100644 --- a/htdocs/societe/price.php +++ b/htdocs/societe/price.php @@ -156,7 +156,7 @@ if (empty($reshook)) { $action = ''; } - if ($action == 'update_customer_price_confirm' && !$_POST ["cancel"] && ($user->rights->produit->creer || $user->rights->service->creer)) { + if ($action == 'update_customer_price_confirm' && !$cancel && ($user->rights->produit->creer || $user->rights->service->creer)) { $prodcustprice->fetch(GETPOST('lineid', 'int')); $update_child_soc = GETPOST('updatechildprice'); diff --git a/htdocs/societe/societecontact.php b/htdocs/societe/societecontact.php index 82d815f0ac4..df10c0d4bf9 100644 --- a/htdocs/societe/societecontact.php +++ b/htdocs/societe/societecontact.php @@ -111,13 +111,6 @@ if ($action == 'addcontact' && $user->rights->societe->creer) { dol_print_error($db); } } -/* -elseif ($action == 'setaddress' && $user->rights->societe->creer) -{ - $object->fetch($id); - $result=$object->setDeliveryAddress($_POST['fk_address']); - if ($result < 0) dol_print_error($db,$object->error); -}*/ /* diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index a5837c2557f..b66dfc94ed6 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -244,7 +244,7 @@ if (empty($reshook)) { } } } elseif ($action == 'setdate_livraison' && $usercancreate) { - $result = $object->setDeliveryDate($user, dol_mktime(12, 0, 0, $_POST['liv_month'], $_POST['liv_day'], $_POST['liv_year'])); + $result = $object->setDeliveryDate($user, dol_mktime(12, 0, 0, GETPOST('liv_month', 'int'), GETPOST('liv_day', 'int'), GETPOST('liv_year', 'int'))); if ($result < 0) { dol_print_error($db, $object->error); } @@ -895,7 +895,7 @@ if (empty($reshook)) { if (!empty($productid)) { $productsupplier = new ProductFournisseur($db); if (!empty($conf->global->SUPPLIER_PROPOSAL_WITH_PREDEFINED_PRICES_ONLY)) { - if ($productid > 0 && $productsupplier->get_buyprice(0, price2num($_POST['qty']), $productid, 'none', GETPOST('socid', 'int')) < 0) { + if ($productid > 0 && $productsupplier->get_buyprice(0, price2num(GETPOST('qty')), $productid, 'none', GETPOST('socid', 'int')) < 0) { setEventMessages($langs->trans("ErrorQtyTooLowForThisSupplier"), null, 'warnings'); } } @@ -1007,7 +1007,7 @@ if (empty($reshook)) { $object->setProject(GETPOST('projectid'), 'int'); } elseif ($action == 'setavailability' && $usercancreate) { // Delivery delay - $result = $object->availability($_POST['availability_id']); + $result = $object->availability(GETPOST('availability_id')); } elseif ($action == 'setconditions' && $usercancreate) { // Terms of payments $result = $object->setPaymentTerms(GETPOST('cond_reglement_id', 'int')); diff --git a/htdocs/user/passwordforgotten.php b/htdocs/user/passwordforgotten.php index 5da92482785..dabac0727dc 100644 --- a/htdocs/user/passwordforgotten.php +++ b/htdocs/user/passwordforgotten.php @@ -113,7 +113,7 @@ if (empty($reshook)) { // Action modif mot de passe if ($action == 'buildnewpassword' && $username) { $sessionkey = 'dol_antispam_value'; - $ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) == strtolower($_POST['code']))); + $ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) == strtolower(GETPOST('code')))); // Verify code if (!$ok) { diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index 15e4eaa8bda..ad73d5ce14a 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -574,7 +574,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase $_POST["backtopage"]='javascripT&javascript#javascriptxjavascript3a alert(1)'; $result=GETPOST("backtopage"); print __METHOD__." result=".$result."\n"; - $this->assertEquals('x3a alert(1)', $result, 'Test for backtopage param'); + $this->assertEquals('x3aalert(1)', $result, 'Test for backtopage param'); return $result; } From 73b04deb19b7a2d2a0a4a2681441587f0dbfeced Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 23 Feb 2022 00:17:49 +0100 Subject: [PATCH 16/59] Fix error management. --- htdocs/comm/propal/card.php | 2 +- htdocs/commande/card.php | 10 ++++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index c96f24760c0..63f2977acdb 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -1944,7 +1944,7 @@ if ($action == 'create') { // We verify whether the object is provisionally numbering $ref = substr($object->ref, 1, 4); - if ($ref == 'PROV') { + if ($ref == 'PROV' || $ref == '') { $numref = $object->getNextNumRef($soc); if (empty($numref)) { $error++; diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index ba96725ddbd..3ed5ede556c 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -1877,8 +1877,12 @@ if ($action == 'create' && $usercancreate) { if ($action == 'validate') { // We check that object has a temporary ref $ref = substr($object->ref, 1, 4); - if ($ref == 'PROV') { + if ($ref == 'PROV' || $ref == '') { $numref = $object->getNextNumRef($soc); + if (empty($numref)) { + $error++; + setEventMessages($object->error, $object->errors, 'errors'); + } } else { $numref = $object->ref; } @@ -1915,7 +1919,9 @@ if ($action == 'create' && $usercancreate) { ); } - $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('ValidateOrder'), $text, 'confirm_validate', $formquestion, 0, 1, 220); + if (!$error) { + $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('ValidateOrder'), $text, 'confirm_validate', $formquestion, 0, 1, 220); + } } // Confirm back to draft status From 7f29668c62f0b2af8a8a33fc64ba7282f3a4cac3 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Wed, 23 Feb 2022 06:43:01 +0100 Subject: [PATCH 17/59] Increase the length of the ref_supplier field --- htdocs/install/mysql/migration/15.0.0-16.0.0.sql | 2 ++ htdocs/install/mysql/tables/llx_reception.sql | 8 ++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/htdocs/install/mysql/migration/15.0.0-16.0.0.sql b/htdocs/install/mysql/migration/15.0.0-16.0.0.sql index cbf3c8fadc5..bc038f99d37 100644 --- a/htdocs/install/mysql/migration/15.0.0-16.0.0.sql +++ b/htdocs/install/mysql/migration/15.0.0-16.0.0.sql @@ -245,3 +245,5 @@ create table llx_inventory_extrafields import_key varchar(14) -- import key ) ENGINE=innodb; ALTER TABLE llx_inventory_extrafields ADD INDEX idx_inventory_extrafields (fk_object); + +ALTER TABLE llx_reception MODIFY COLUMN ref_supplier varchar(128); diff --git a/htdocs/install/mysql/tables/llx_reception.sql b/htdocs/install/mysql/tables/llx_reception.sql index 7989f80cf58..8de59edcb77 100644 --- a/htdocs/install/mysql/tables/llx_reception.sql +++ b/htdocs/install/mysql/tables/llx_reception.sql @@ -26,11 +26,11 @@ create table llx_reception ref varchar(30) NOT NULL, entity integer DEFAULT 1 NOT NULL, -- multi company id fk_soc integer NOT NULL, - fk_projet integer DEFAULT NULL, + fk_projet integer DEFAULT NULL, ref_ext varchar(30), -- reference into an external system (not used by dolibarr) - ref_int varchar(30), -- reference into an internal system (deprecated) - ref_supplier varchar(30), -- customer number + ref_int varchar(30), -- reference into an internal system (deprecated) + ref_supplier varchar(128), -- supplier number date_creation datetime, -- date de creation fk_user_author integer, -- author of creation @@ -38,7 +38,7 @@ create table llx_reception date_valid datetime, -- date de validation fk_user_valid integer, -- valideur date_delivery datetime DEFAULT NULL, -- date planned of delivery - date_reception datetime, + date_reception datetime, fk_shipping_method integer, tracking_number varchar(50), fk_statut smallint DEFAULT 0, -- 0 = draft, 1 = validated, 2 = billed or closed depending on WORKFLOW_BILL_ON_SHIPMENT option From e119ea0524b103f0adc7bf8eca2b09db0cfdce9d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 23 Feb 2022 12:31:32 +0100 Subject: [PATCH 18/59] css --- htdocs/societe/list.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index da056ec33da..81ceb22b9c4 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -1604,11 +1604,11 @@ while ($i < min($num, $limit)) { } // VAT if (!empty($arrayfields['s.tva_intra']['checked'])) { - print "\n"; if (!$i) { $totalarray['nbfield']++; From 88f1ae9c13beb1e93599e412fbb55ab8735ee7cf Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 23 Feb 2022 12:55:15 +0100 Subject: [PATCH 19/59] NEW A module can embed a sql script run at each Dolibarr upgrade --- htdocs/install/upgrade.php | 5 ++++- .../template/sql/dolibarr_allversions.sql | 3 +++ .../template/sql/update_x.x.x-y.y.y.sql | 14 ++------------ 3 files changed, 9 insertions(+), 13 deletions(-) create mode 100644 htdocs/modulebuilder/template/sql/dolibarr_allversions.sql diff --git a/htdocs/install/upgrade.php b/htdocs/install/upgrade.php index e58ae528f97..53cd1755dda 100644 --- a/htdocs/install/upgrade.php +++ b/htdocs/install/upgrade.php @@ -355,7 +355,7 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ // Scan if there is migration scripts that depends of Dolibarr version - // for modules htdocs/module/sql or htdocs/custom/module/sql (files called "dolibarr_x.y.z-a.b.c.sql") + // for modules htdocs/module/sql or htdocs/custom/module/sql (files called "dolibarr_x.y.z-a.b.c.sql" or "dolibarr_always.sql") $modulesfile = array(); foreach ($conf->file->dol_document_root as $type => $dirroot) { $handlemodule = @opendir($dirroot); // $dirroot may be '..' @@ -366,6 +366,9 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ if (is_file($dirroot.'/'.$filemodule.'/sql/dolibarr_'.$file)) { $modulesfile[$dirroot.'/'.$filemodule.'/sql/dolibarr_'.$file] = '/'.$filemodule.'/sql/dolibarr_'.$file; } + if (is_file($dirroot.'/'.$filemodule.'/sql/dolibarr_allversions.sql')) { + $modulesfile[$dirroot.'/'.$filemodule.'/sql/dolibarr_allversions.sql'] = '/'.$filemodule.'/sql/dolibarr_allversions.sql'; + } } } closedir($handlemodule); diff --git a/htdocs/modulebuilder/template/sql/dolibarr_allversions.sql b/htdocs/modulebuilder/template/sql/dolibarr_allversions.sql new file mode 100644 index 00000000000..5026bb4f5d8 --- /dev/null +++ b/htdocs/modulebuilder/template/sql/dolibarr_allversions.sql @@ -0,0 +1,3 @@ +-- +-- Script run when an upgrade of Dolibarr is done. Whatever is the Dolibarr version. +-- diff --git a/htdocs/modulebuilder/template/sql/update_x.x.x-y.y.y.sql b/htdocs/modulebuilder/template/sql/update_x.x.x-y.y.y.sql index 4ab8b39d548..2988bd71202 100644 --- a/htdocs/modulebuilder/template/sql/update_x.x.x-y.y.y.sql +++ b/htdocs/modulebuilder/template/sql/update_x.x.x-y.y.y.sql @@ -1,14 +1,4 @@ --- Copyright (C) ---Put here your own copyright and developer email--- -- --- This program is free software: you can redistribute it and/or modify --- it under the terms of the GNU General Public License as published by --- the Free Software Foundation, either version 3 of the License, or --- (at your option) any later version. +-- Script run to make a migration of module version x.x.x to module version y.y.y -- --- This program is distributed in the hope that it will be useful, --- but WITHOUT ANY WARRANTY; without even the implied warranty of --- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --- GNU General Public License for more details. --- --- You should have received a copy of the GNU General Public License --- along with this program. If not, see https://www.gnu.org/licenses/. + \ No newline at end of file From 64ce13e2733fdb8b67daf68b5e5df32abf719daa Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 23 Feb 2022 13:20:14 +0100 Subject: [PATCH 20/59] Clean setup page --- htdocs/core/lib/admin.lib.php | 16 ++++++++-------- htdocs/install/default.css | 4 ++++ htdocs/install/upgrade.php | 7 ++++++- 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php index a068f5fb5f5..45caefa61c1 100644 --- a/htdocs/core/lib/admin.lib.php +++ b/htdocs/core/lib/admin.lib.php @@ -335,7 +335,7 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle // Add log of request if (!$silent) { - print '\n"; + print '\n"; } dol_syslog('Admin.lib::run_sql Request '.($i + 1), LOG_DEBUG); $sqlmodified = 0; @@ -454,18 +454,18 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle //if (!empty($conf->use_javascript_ajax)) { // use_javascript_ajax is not defined print ''; - print ' - '.$langs->trans("ShowHideDetails").''; + print ' - '.$langs->trans("ShowHideDetails").''; //} print ''."\n"; diff --git a/htdocs/install/default.css b/htdocs/install/default.css index d18e54c0c1c..e7bbe6c7771 100644 --- a/htdocs/install/default.css +++ b/htdocs/install/default.css @@ -32,6 +32,10 @@ vertical-align: middle; } +.right { + text-align: right; +} + .opacitymedium { opacity: 0.5; } diff --git a/htdocs/install/upgrade.php b/htdocs/install/upgrade.php index 53cd1755dda..25dd1ee84fd 100644 --- a/htdocs/install/upgrade.php +++ b/htdocs/install/upgrade.php @@ -235,8 +235,12 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ // Force l'affichage de la progression if ($ok) { - print ''; + print ''; + print '
"; - print $obj->tva_intra; + print ''; if ($obj->tva_intra && !isValidVATID($companystatic)) { - print img_warning("BadVATNumber", '', ''); + print img_warning("BadVATNumber", '', 'pictofixedwidth'); } + print $obj->tva_intra; print "
'.$langs->trans("Request").' '.($i + 1)." sql='".dol_htmlentities($newsql, ENT_NOQUOTES)."'
'.$langs->trans("Request").' '.($i + 1)." sql='".dol_htmlentities($newsql, ENT_NOQUOTES)."'
'.$langs->trans("PleaseBePatient").'
'.$langs->trans("PleaseBePatient").'
'; + flush(); + + print ''; } @@ -401,6 +405,7 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ } } + if (empty($actiondone)) { print '
'.$langs->trans("ErrorWrongParameters").'
'; } From ed6f4b4ee1a0cf96ec64427623c41ff0055fd2b4 Mon Sep 17 00:00:00 2001 From: atm-lena Date: Wed, 23 Feb 2022 15:33:51 +0100 Subject: [PATCH 21/59] Display Salary Paiement on compta report --- htdocs/compta/resultat/clientfourn.php | 4 +++- htdocs/compta/resultat/index.php | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/resultat/clientfourn.php b/htdocs/compta/resultat/clientfourn.php index b5aca49aaae..f650244d677 100644 --- a/htdocs/compta/resultat/clientfourn.php +++ b/htdocs/compta/resultat/clientfourn.php @@ -857,7 +857,7 @@ if ($modecompta == 'BOOKKEEPING') { if ($modecompta == 'CREANCES-DETTES' || $modecompta == 'RECETTES-DEPENSES') { if ($modecompta == 'CREANCES-DETTES') { - $column = 'p.datev'; + $column = 'b.datev'; } else { $column = 'p.datep'; } @@ -865,6 +865,7 @@ if ($modecompta == 'BOOKKEEPING') { $sql = "SELECT u.rowid, u.firstname, u.lastname, s.fk_user as fk_user, p.label as label, date_format($column,'%Y-%m') as dm, sum(p.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as p"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."salary as s ON s.rowid=p.fk_salary"; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."bank as b ON p.fk_bank=b.rowid"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid=s.fk_user"; $sql .= " WHERE p.entity IN (".getEntity('payment_salary').")"; if (!empty($date_start) && !empty($date_end)) { @@ -876,6 +877,7 @@ if ($modecompta == 'BOOKKEEPING') { $sql .= " UNION "; $sql .= " SELECT u.rowid, u.firstname, u.lastname, p.fk_user as fk_user, p.label as label, date_format($column,'%Y-%m') as dm, sum(p.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as p"; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."bank as b ON p.fk_bank=b.rowid"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid=p.fk_user"; $sql .= " WHERE p.entity IN (".getEntity('payment_salary').")"; if (!empty($date_start) && !empty($date_end)) { diff --git a/htdocs/compta/resultat/index.php b/htdocs/compta/resultat/index.php index 2d4ea6fc9e0..5f10013f294 100644 --- a/htdocs/compta/resultat/index.php +++ b/htdocs/compta/resultat/index.php @@ -611,7 +611,7 @@ if (!empty($conf->tax->enabled) && ($modecompta == 'CREANCES-DETTES' || $modecom if (!empty($conf->salaries->enabled) && ($modecompta == 'CREANCES-DETTES' || $modecompta == "RECETTES-DEPENSES")) { if ($modecompta == 'CREANCES-DETTES') { - $column = 'p.datev'; + $column = 'b.datev'; } if ($modecompta == "RECETTES-DEPENSES") { $column = 'p.datep'; @@ -621,6 +621,7 @@ if (!empty($conf->salaries->enabled) && ($modecompta == 'CREANCES-DETTES' || $mo $subtotal_ttc = 0; $sql = "SELECT p.label as nom, date_format(".$column.",'%Y-%m') as dm, sum(p.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as p"; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."bank as b ON p.fk_bank=b.rowid"; $sql .= " WHERE p.entity IN (".getEntity('payment_salary').")"; if (!empty($date_start) && !empty($date_end)) { $sql .= " AND ".$column." >= '".$db->idate($date_start)."' AND ".$column." <= '".$db->idate($date_end)."'"; From 80d85b42395c8d3978a14410d901c0ca5d899082 Mon Sep 17 00:00:00 2001 From: Thomas Negre Date: Wed, 23 Feb 2022 16:17:18 +0100 Subject: [PATCH 22/59] db migration: add a column in llx_bank_account to store the expected SEPA format concerning PmtTpInf. --- htdocs/install/mysql/migration/15.0.0-16.0.0.sql | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/install/mysql/migration/15.0.0-16.0.0.sql b/htdocs/install/mysql/migration/15.0.0-16.0.0.sql index cbf3c8fadc5..957a16152b8 100644 --- a/htdocs/install/mysql/migration/15.0.0-16.0.0.sql +++ b/htdocs/install/mysql/migration/15.0.0-16.0.0.sql @@ -245,3 +245,5 @@ create table llx_inventory_extrafields import_key varchar(14) -- import key ) ENGINE=innodb; ALTER TABLE llx_inventory_extrafields ADD INDEX idx_inventory_extrafields (fk_object); + +ALTER TABLE llx_bank_account ADD COLUMN pti_in_ctti integer DEFAULT 0 AFTER domiciliation; From 6136de6a4afe3cc124d86788750f706df48c645c Mon Sep 17 00:00:00 2001 From: Thomas Negre Date: Wed, 23 Feb 2022 12:11:40 +0100 Subject: [PATCH 23/59] add 'pti_in_ctti' property for Account object. Update related methods. --- htdocs/compta/bank/class/account.class.php | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index cb2de5aca46..f0f1b54dd7b 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -145,6 +145,12 @@ class Account extends CommonObject */ public $iban_prefix; + /** + * XML SEPA format: place Payment Type Information (PmtTpInf) in Credit Transfer Transaction Information (CdtTrfTxInf) + * @var int + */ + public $pti_in_ctti = 0; + /** * Name of account holder * @var string @@ -680,6 +686,7 @@ class Account extends CommonObject $sql .= ", bic"; $sql .= ", iban_prefix"; $sql .= ", domiciliation"; + $sql .= ", pti_in_ctti"; $sql .= ", proprio"; $sql .= ", owner_address"; $sql .= ", currency_code"; @@ -706,6 +713,7 @@ class Account extends CommonObject $sql .= ", '".$this->db->escape($this->bic)."'"; $sql .= ", '".$this->db->escape($this->iban)."'"; $sql .= ", '".$this->db->escape($this->domiciliation)."'"; + $sql .= ", ".((int) $this->pti_in_ctti); $sql .= ", '".$this->db->escape($this->proprio)."'"; $sql .= ", '".$this->db->escape($this->owner_address)."'"; $sql .= ", '".$this->db->escape($this->currency_code)."'"; @@ -828,6 +836,7 @@ class Account extends CommonObject $sql .= ",bic='".$this->db->escape($this->bic)."'"; $sql .= ",iban_prefix = '".$this->db->escape($this->iban)."'"; $sql .= ",domiciliation='".$this->db->escape($this->domiciliation)."'"; + $sql .= ",pti_in_ctti=".((int) $this->pti_in_ctti); $sql .= ",proprio = '".$this->db->escape($this->proprio)."'"; $sql .= ",owner_address = '".$this->db->escape($this->owner_address)."'"; @@ -949,7 +958,7 @@ class Account extends CommonObject $sql = "SELECT ba.rowid, ba.ref, ba.label, ba.bank, ba.number, ba.courant, ba.clos, ba.rappro, ba.url,"; $sql .= " ba.code_banque, ba.code_guichet, ba.cle_rib, ba.bic, ba.iban_prefix as iban,"; - $sql .= " ba.domiciliation, ba.proprio, ba.owner_address, ba.state_id, ba.fk_pays as country_id,"; + $sql .= " ba.domiciliation, ba.pti_in_ctti, ba.proprio, ba.owner_address, ba.state_id, ba.fk_pays as country_id,"; $sql .= " ba.account_number, ba.fk_accountancy_journal, ba.currency_code,"; $sql .= " ba.min_allowed, ba.min_desired, ba.comment,"; $sql .= " ba.datec as date_creation, ba.tms as date_update, ba.ics, ba.ics_transfer,"; @@ -992,6 +1001,7 @@ class Account extends CommonObject $this->bic = $obj->bic; $this->iban = $obj->iban; $this->domiciliation = $obj->domiciliation; + $this->pti_in_ctti = $obj->pti_in_ctti; $this->proprio = $obj->proprio; $this->owner_address = $obj->owner_address; From 7a13112ad8e142e51130c718cd1c7007d7708486 Mon Sep 17 00:00:00 2001 From: Thomas Negre Date: Wed, 23 Feb 2022 11:41:42 +0100 Subject: [PATCH 24/59] bank card interface modification to allow configuration of payment type information in SEPA XML --- htdocs/compta/bank/card.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php index 4e37268756d..0d9ea0ecfb3 100644 --- a/htdocs/compta/bank/card.php +++ b/htdocs/compta/bank/card.php @@ -124,6 +124,7 @@ if (empty($reshook)) { $object->bic = trim(GETPOST("bic")); $object->iban = trim(GETPOST("iban")); $object->domiciliation = trim(GETPOST("domiciliation", "nohtml")); + $object->pti_in_ctti = empty(GETPOST("pti_in_ctti")) ? 0 : 1; $object->proprio = trim(GETPOST("proprio", 'alphanohtml')); $object->owner_address = trim(GETPOST("owner_address", 'nohtml')); @@ -224,6 +225,7 @@ if (empty($reshook)) { $object->bic = trim(GETPOST("bic")); $object->iban = trim(GETPOST("iban")); $object->domiciliation = trim(GETPOST("domiciliation", "nohtml")); + $object->pti_in_ctti = empty(GETPOST("pti_in_ctti")) ? 0 : 1; $object->proprio = trim(GETPOST("proprio", 'alphanohtml')); $object->owner_address = trim(GETPOST("owner_address", 'nohtml')); @@ -537,6 +539,11 @@ if ($action == 'create') { print ''; print ''; + print ''; + print ''; + print ''; // Duration - Time spent print 'attributes[$object->table_element]['label'])) { print ' trextrafields_collapse_last'; } - print '">'; + print '"'; + if (empty($extrafields->expand_display[$collapse_group])) { + print ' style="display: none;"'; + } + print '>'; $extrafields_collapse_num_old = $extrafields_collapse_num; print ''; } print ''; print ''; print ''; @@ -394,12 +417,11 @@ if ($result) { print ''; // Accounting account affected - print ''; - print ''; print ""; diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php index 863001c3bc0..908159cbe1c 100644 --- a/htdocs/accountancy/expensereport/list.php +++ b/htdocs/accountancy/expensereport/list.php @@ -1,6 +1,6 @@ - * Copyright (C) 2013-2017 Alexandre Spangaro + * Copyright (C) 2013-2022 Alexandre Spangaro * Copyright (C) 2014-2015 Ari Elbaz (elarifr) * Copyright (C) 2013-2014 Florian Henry * Copyright (C) 2014 Juanjo Menent s @@ -30,9 +30,9 @@ require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php'; require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingaccount.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; // Load translation files required by the page @@ -59,9 +59,14 @@ $search_desc = GETPOST('search_desc', 'alpha'); $search_amount = GETPOST('search_amount', 'alpha'); $search_account = GETPOST('search_account', 'alpha'); $search_vat = GETPOST('search_vat', 'alpha'); -$search_day = GETPOST("search_day", "int"); -$search_month = GETPOST("search_month", "int"); -$search_year = GETPOST("search_year", "int"); +$search_date_startday = GETPOST('search_date_startday', 'int'); +$search_date_startmonth = GETPOST('search_date_startmonth', 'int'); +$search_date_startyear = GETPOST('search_date_startyear', 'int'); +$search_date_endday = GETPOST('search_date_endday', 'int'); +$search_date_endmonth = GETPOST('search_date_endmonth', 'int'); +$search_date_endyear = GETPOST('search_date_endyear', 'int'); +$search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear); // Use tzserver +$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); @@ -83,6 +88,9 @@ if (!$sortorder) { } } +// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context +$hookmanager->initHooks(array('accountancyexpensereportlist')); + $formaccounting = new FormAccounting($db); $accounting = new AccountingAccount($db); @@ -101,7 +109,7 @@ if (empty($user->rights->accounting->mouvements->lire)) { /* - * Action + * Actions */ if (GETPOST('cancel', 'alpha')) { @@ -111,30 +119,47 @@ if (!GETPOST('confirmmassaction', 'alpha') && $massaction != 'presend' && $massa $massaction = ''; } -// Purge search criteria -if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All test are required to be compatible with all browsers - $search_login = ''; - $search_expensereport = ''; - $search_label = ''; - $search_desc = ''; - $search_amount = ''; - $search_account = ''; - $search_vat = ''; - $search_day = ''; - $search_month = ''; - $search_year = ''; +$parameters = array(); +$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks +if ($reshook < 0) { + setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); } +if (empty($reshook)) { + // Purge search criteria + if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All test are required to be compatible with all browsers + $search_login = ''; + $search_expensereport = ''; + $search_label = ''; + $search_desc = ''; + $search_amount = ''; + $search_account = ''; + $search_vat = ''; + $search_date_startday = ''; + $search_date_startmonth = ''; + $search_date_startyear = ''; + $search_date_endday = ''; + $search_date_endmonth = ''; + $search_date_endyear = ''; + $search_date_start = ''; + $search_date_end = ''; + $search_country = ''; + $search_tvaintra = ''; + } + // Mass actions -$objectclass = 'ExpenseReport'; -$objectlabel = 'ExpenseReport'; -$permissiontoread = $user->rights->expensereport->read; -$permissiontodelete = $user->rights->expensereport->delete; -$uploaddir = $conf->expensereport->dir_output; -include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php'; + $objectclass = 'ExpenseReport'; + $objectlabel = 'ExpenseReport'; + $permissiontoread = $user->rights->expensereport->read; + $permissiontodelete = $user->rights->expensereport->delete; + $uploaddir = $conf->expensereport->dir_output; + include DOL_DOCUMENT_ROOT . '/core/actions_massactions.inc.php'; +} + if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $msg = ''; + //print '
' . $langs->trans("Processing") . '...
'; if (!empty($mesCasesCochees)) { $msg = '
'.$langs->trans("SelectedLines").': '.count($mesCasesCochees).'
'; @@ -159,7 +184,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); - dol_syslog('accountancy/expensereport/list.php', LOG_DEBUG); + dol_syslog('accountancy/expensereport/list.php:: sql='.$sql, LOG_DEBUG); if ($db->query($sql)) { $msg .= '
'.$langs->trans("LineOfExpenseReport").' '.$monId.' - '.$langs->trans("VentilatedinAccount").' : '.length_accountg($accountventilated->account_number).'
'; $ok++; @@ -201,6 +226,9 @@ $sql .= " erd.rowid, erd.fk_c_type_fees, erd.comments, erd.total_ht as price, er $sql .= " f.id as type_fees_id, f.code as type_fees_code, f.label as type_fees_label, f.accountancy_code as code_buy,"; $sql .= " u.rowid as userid, u.login, u.lastname, u.firstname, u.email, u.gender, u.employee, u.photo, u.statut,"; $sql .= " aa.rowid as aarowid"; +$parameters = array(); +$reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters); // Note that $action and $object may have been modified by hook +$sql .= $hookmanager->resPrint; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport as er"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."expensereport_det as erd ON er.rowid = erd.fk_expensereport"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_fees as f ON f.id = erd.fk_c_type_fees"; @@ -233,9 +261,19 @@ if (strlen(trim($search_account))) { if (strlen(trim($search_vat))) { $sql .= natural_search("erd.tva_tx", $search_vat, 1); } -$sql .= dolSqlDateFilter('erd.date', $search_day, $search_month, $search_year); +if ($search_date_start) { + $sql .= " AND erd.date >= '".$db->idate($search_date_start)."'"; +} +if ($search_date_end) { + $sql .= " AND erd.date <= '".$db->idate($search_date_end)."'"; +} $sql .= " AND er.entity IN (".getEntity('expensereport', 0).")"; // We don't share object for accountancy +// Add where from hooks +$parameters = array(); +$reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook +$sql .= $hookmanager->resPrint; + $sql .= $db->order($sortfield, $sortorder); // Count total nb of records @@ -251,7 +289,13 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { $sql .= $db->plimit($limit + 1, $offset); -dol_syslog('accountancy/expensereport/list.php'); +dol_syslog("accountancy/expensereport/list.php", LOG_DEBUG); +// MAX_JOIN_SIZE can be very low (ex: 300000) on some limited configurations (ex: https://www.online.net/fr/hosting/online-perso) +// This big SELECT command may exceed the MAX_JOIN_SIZE limit => Therefore we use SQL_BIG_SELECTS=1 to disable the MAX_JOIN_SIZE security +if ($db->type == 'mysqli') { + $db->query("SET SQL_BIG_SELECTS=1"); +} + $result = $db->query($sql); if ($result) { $num_lines = $db->num_rows($result); @@ -272,14 +316,23 @@ if ($result) { if ($search_lineid) { $param .= '&search_lineid='.urlencode($search_lineid); } - if ($search_day) { - $param .= '&search_day='.urlencode($search_day); + if ($search_date_startday) { + $param .= '&search_date_startday='.urlencode($search_date_startday); } - if ($search_month) { - $param .= '&search_month='.urlencode($search_month); + if ($search_date_startmonth) { + $param .= '&search_date_startmonth='.urlencode($search_date_startmonth); } - if ($search_year) { - $param .= '&search_year='.urlencode($search_year); + if ($search_date_startyear) { + $param .= '&search_date_startyear='.urlencode($search_date_startyear); + } + if ($search_date_endday) { + $param .= '&search_date_endday='.urlencode($search_date_endday); + } + if ($search_date_endmonth) { + $param .= '&search_date_endmonth='.urlencode($search_date_endmonth); + } + if ($search_date_endyear) { + $param .= '&search_date_endyear='.urlencode($search_date_endyear); } if ($search_expensereport) { $param .= '&search_expensereport='.urlencode($search_expensereport); @@ -302,7 +355,6 @@ if ($result) { ); $massactionbutton = $form->selectMassAction('ventil', $arrayofmassactions, 1); - print ''."\n"; print ''; if ($optioncss != '') { @@ -335,20 +387,21 @@ if ($result) { if (!empty($conf->global->ACCOUNTANCY_USE_EXPENSE_REPORT_VALIDATION_DATE)) { print ''; } - print ''; print ''; print ''; - print ''; - print ''; + print ''; + print ''; print ''; print ''; - print ''; @@ -468,6 +521,9 @@ if ($result) { } else { print $db->error(); } +if ($db->type == 'mysqli') { + $db->query("SET SQL_BIG_SELECTS=0"); // Enable MAX_JOIN_SIZE limitation +} // Add code to auto check the box when we select an account print ''; + } + return $out; } From c0dd96a45654aa8f85f5fcc7278bfcc510cf97bb Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Fri, 25 Feb 2022 10:36:02 +0000 Subject: [PATCH 53/59] Fixing style errors. --- htdocs/accountancy/bookkeeping/card.php | 5 ++--- htdocs/core/class/html.formaccounting.class.php | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/htdocs/accountancy/bookkeeping/card.php b/htdocs/accountancy/bookkeeping/card.php index df43f28bd1f..01e78cf4d27 100644 --- a/htdocs/accountancy/bookkeeping/card.php +++ b/htdocs/accountancy/bookkeeping/card.php @@ -659,7 +659,7 @@ if ($action == 'create') { // Also, it is not possible to use a value that is not in the list. // Also, the label is not automatically filled when a value is selected. if (!empty($conf->global->ACCOUNTANCY_COMBO_FOR_AUX)) { - print $formaccounting->select_auxaccount((GETPOSTISSET("subledger_account") ? GETPOST("subledger_account", "alpha") : $line->subledger_account), 'subledger_account', 1,'maxwidth250','','subledger_label'); + print $formaccounting->select_auxaccount((GETPOSTISSET("subledger_account") ? GETPOST("subledger_account", "alpha") : $line->subledger_account), 'subledger_account', 1, 'maxwidth250', '', 'subledger_label'); } else { print 'subledger_account).'" placeholder="'.dol_escape_htmltag($langs->trans("SubledgerAccount")).'">'; } @@ -728,7 +728,7 @@ if ($action == 'create') { // Also, it is not possible to use a value that is not in the list. // Also, the label is not automatically filled when a value is selected. if (!empty($conf->global->ACCOUNTANCY_COMBO_FOR_AUX)) { - print $formaccounting->select_auxaccount('', 'subledger_account', 1,'maxwidth250','','subledger_label'); + print $formaccounting->select_auxaccount('', 'subledger_account', 1, 'maxwidth250', '', 'subledger_label'); } else { print ''; } @@ -758,7 +758,6 @@ if ($action == 'create') { print ""; } print ''; - } } } else { diff --git a/htdocs/core/class/html.formaccounting.class.php b/htdocs/core/class/html.formaccounting.class.php index 638d3a4bdfd..645e045a903 100644 --- a/htdocs/core/class/html.formaccounting.class.php +++ b/htdocs/core/class/html.formaccounting.class.php @@ -518,7 +518,7 @@ class FormAccounting extends Form '; } - + return $out; } From a9450f5673e60320ed86e2ffd84dafaa3398cf3f Mon Sep 17 00:00:00 2001 From: Anthony Berton <34568357+bb2a@users.noreply.github.com> Date: Fri, 25 Feb 2022 11:50:41 +0100 Subject: [PATCH 54/59] Update societe.php --- htdocs/societe/admin/societe.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/societe/admin/societe.php b/htdocs/societe/admin/societe.php index 95e1d5e47cb..3d7725c7d19 100644 --- a/htdocs/societe/admin/societe.php +++ b/htdocs/societe/admin/societe.php @@ -612,7 +612,7 @@ foreach ($dirsociete as $dirroot) { // Preview print '
'.$langs->trans($bickey).'
'.$langs->trans("SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformation").' '; + print img_picto($langs->trans("SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformationHelp"), 'info'); + print '
'.$langs->trans("BankAccountDomiciliation").''; print ''; + print ''; print ''; - $durationtouse = ($_POST['timespent_duration'] ? $_POST['timespent_duration'] : ''); + $durationtouse = (GETPOST('timespent_duration') ? GETPOST('timespent_duration') : ''); if (GETPOSTISSET('timespent_durationhour') || GETPOSTISSET('timespent_durationmin')) { $durationtouse = (GETPOST('timespent_durationhour') * 3600 + GETPOST('timespent_durationmin') * 60); } From 118b211807f2b5ddffe4db03d6c7289d08feba1e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 24 Feb 2022 12:37:20 +0100 Subject: [PATCH 36/59] Fix error on null --- htdocs/core/lib/functions.lib.php | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index aea77cd018d..3b0e90c9013 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -6582,16 +6582,18 @@ function dol_string_onlythesehtmlattributes($stringtoclean, $allowed_attributes } elseif (in_array($attrs->item($ii)->name, array('style'))) { $valuetoclean = $attrs->item($ii)->value; - do { - $oldvaluetoclean = $valuetoclean; - $valuetoclean = preg_replace('/\/\*.*\*\//m', '', $valuetoclean); // clean css comments - $valuetoclean = preg_replace('/position\s*:\s*[a-z]+/mi', '', $valuetoclean); - if ($els->item($i)->tagName == 'a') { // more paranoiac cleaning for clickable tags. - $valuetoclean = preg_replace('/display\s*://m', '', $valuetoclean); - $valuetoclean = preg_replace('/z-index\s*://m', '', $valuetoclean); - $valuetoclean = preg_replace('/\s+(top|left|right|bottom)\s*://m', '', $valuetoclean); - } - } while ($oldvaluetoclean != $valuetoclean); + if (isset($valuetoclean)) { + do { + $oldvaluetoclean = $valuetoclean; + $valuetoclean = preg_replace('/\/\*.*\*\//m', '', $valuetoclean); // clean css comments + $valuetoclean = preg_replace('/position\s*:\s*[a-z]+/mi', '', $valuetoclean); + if ($els->item($i)->tagName == 'a') { // more paranoiac cleaning for clickable tags. + $valuetoclean = preg_replace('/display\s*://m', '', $valuetoclean); + $valuetoclean = preg_replace('/z-index\s*://m', '', $valuetoclean); + $valuetoclean = preg_replace('/\s+(top|left|right|bottom)\s*://m', '', $valuetoclean); + } + } while ($oldvaluetoclean != $valuetoclean); + } $attrs->item($ii)->value = $valuetoclean; } From a6e7a41e98ba057b1117e982af4b3a3409ed9135 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 24 Feb 2022 12:54:33 +0100 Subject: [PATCH 37/59] FIX Reduce flash effect on collapse extrafield FIX Reduce flash effect on edit inline feature. --- htdocs/core/class/extrafields.class.php | 86 +++++++++++++----------- htdocs/core/class/html.form.class.php | 12 ++-- htdocs/core/tpl/extrafields_view.tpl.php | 9 ++- htdocs/theme/eldy/global.inc.php | 22 +++--- htdocs/theme/md/style.css.php | 17 +++-- 5 files changed, 85 insertions(+), 61 deletions(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index 31c33716233..319447b0996 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -66,6 +66,11 @@ class ExtraFields */ public $attributes; + /** + * @var array Array with boolean of status of groups + */ + public $expand_display; + /** * @var string Error code (or message) */ @@ -1866,55 +1871,58 @@ class ExtraFields $colspan=0; } + $extrafield_param = $this->attributes[$object->table_element]['param'][$key]; + $extrafield_param_list = array(); + if (!empty($extrafield_param) && is_array($extrafield_param)) { + $extrafield_param_list = array_keys($extrafield_param['options']); + } + $extrafield_collapse_display_value = -1; + $expand_display = false; + if (is_array($extrafield_param_list) && count($extrafield_param_list) > 0) { + $extrafield_collapse_display_value = intval($extrafield_param_list[0]); + $expand_display = ((isset($_COOKIE['DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key]) || GETPOST('ignorecollapsesetup', 'int')) ? ($_COOKIE['DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key] ? true : false) : ($extrafield_collapse_display_value == 2 ? false : true)); + } + $out = '<'.$tagtype.' id="trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').'" class="trextrafieldseparator trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').'">'; $out .= '<'.$tagtype_dyn.' '.(!empty($colspan)?'colspan="' . $colspan . '"':'').'>'; // Some js code will be injected here to manage the collapsing of extrafields - $out .=''; + $out .= ' '; + $out .= ''; $out .= $langs->trans($this->attributes[$object->table_element]['label'][$key]); $out .= ''; $out .= ''; $out .= ''; - $extrafield_param = $this->attributes[$object->table_element]['param'][$key]; - if (!empty($extrafield_param) && is_array($extrafield_param)) { - $extrafield_param_list = array_keys($extrafield_param['options']); + if ($extrafield_collapse_display_value == 1 || $extrafield_collapse_display_value == 2) { + // Set the collapse_display status to cookie in priority or if ignorecollapsesetup is 1, if cookie and ignorecollapsesetup not defined, use the setup. + $extrafields_collapse_num = $this->attributes[$object->table_element]['pos'][$key].(!empty($object->id)?'_'.$object->id:''); + $this->expand_display[$extrafields_collapse_num] = $expand_display; - if (count($extrafield_param_list) > 0) { - $extrafield_collapse_display_value = intval($extrafield_param_list[0]); - if ($extrafield_collapse_display_value == 1 || $extrafield_collapse_display_value == 2) { - // Set the collapse_display status to cookie in priority or if ignorecollapsesetup is 1, if cookie and ignorecollapsesetup not defined, use the setup. - $collapse_display = ((isset($_COOKIE['DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key]) || GETPOST('ignorecollapsesetup', 'int')) ? ($_COOKIE['DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key] ? true : false) : ($extrafield_collapse_display_value == 2 ? false : true)); - $extrafields_collapse_num = $this->attributes[$object->table_element]['pos'][$key].(!empty($object->id)?'_'.$object->id:''); - - if (!empty($conf->use_javascript_ajax)) { - $out .= ''."\n"; - $out .= ''."\n"; - } + if (!empty($conf->use_javascript_ajax)) { + $out .= ''."\n"; + $out .= ''."\n"; } } diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 68fe5152407..b4f1daf9674 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -141,9 +141,9 @@ class Form } } } else { - if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { + //if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { $ret .= ''; - } + //} if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { $ret .= ''; } - if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { + //if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { $ret .= '
'; - } + //} if ($fieldrequired) { $ret .= ''; } @@ -158,9 +158,9 @@ class Form if (!empty($notabletag)) { $ret .= ' '; } - if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { + //if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { $ret .= ''; } @@ -176,9 +176,9 @@ class Form if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { $ret .= '
'; - } + //} } return $ret; diff --git a/htdocs/core/tpl/extrafields_view.tpl.php b/htdocs/core/tpl/extrafields_view.tpl.php index b5656c89339..8afa9a16ff0 100644 --- a/htdocs/core/tpl/extrafields_view.tpl.php +++ b/htdocs/core/tpl/extrafields_view.tpl.php @@ -125,14 +125,19 @@ if (empty($reshook) && isset($extrafields->attributes[$object->table_element]['l $lastseparatorkeyfound = $tmpkeyextra; } else { - print '
'; print ''; diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index b55ad42182c..74807d8f216 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -223,7 +223,7 @@ input { padding-left: 5px; } select { - padding-top: 5px; + padding-top: 4px; padding-right: 4px; padding-bottom: 5px; padding-left: 2px; @@ -550,6 +550,13 @@ div#moretabsList, div#moretabsListaction { hr { border: 0; border-top: 1px solid #ccc; } .tabBar hr { margin-top: 20px; margin-bottom: 17px; } + +table.tableforfield .button:not(.bordertransp):not(.buttonpayment), +table.tableforfield .buttonDelete:not(.bordertransp):not(.buttonpayment) { + margin-bottom: 2px; + margin-top: 2px; +} + .button:not(.bordertransp):not(.buttonpayment), .buttonDelete:not(.bordertransp):not(.buttonpayment) { margin-bottom: 3px; @@ -3495,11 +3502,10 @@ table.border, table.bordernooddeven, table.dataTable, .table-border, .table-bord table.borderplus { border: 1px solid #BBB; } -.border tbody tr, .bordernooddeven tbody tr, .border tbody tr td, .bordernooddeven tbody tr td, div.tabBar table.border tr, div.tabBar table.border tr td, div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border-col, div.tabBar div.border .table-val-border-col { - height: 22px; -} +.border tbody tr, .bordernooddeven tbody tr, .border tbody tr td, .bordernooddeven tbody tr td, +div.tabBar table.border tr, div.tabBar table.border tr td, div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border-col, div.tabBar div.border .table-val-border-col, tr.liste_titre.box_titre td table td, .bordernooddeven tr td { - height: 22px; + height: 28px; } div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border-col, div.tabBar .table-val-border-col { @@ -3507,17 +3513,15 @@ div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border } div .tdtop { vertical-align: top !important; - /*padding-top: 10px !important; - padding-bottom: 2px !important; */ } table.border td, table.bordernooddeven td, div.border div div.tagtd { - padding: 5px 2px 5px 2px; + padding: 2px 2px 2px 2px; border-collapse: collapse; } div.tabBar .fichecenter table.border>tbody>tr>td, div.tabBar .fichecenter div.border div div.tagtd, div.tabBar div.border div div.tagtd { - padding-top: 5px; + padding-top: 2px; border-bottom: 1px solid #E0E0E0; } diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index 5c5b4992806..11e15869f45 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -730,6 +730,14 @@ div#moretabsList, div#moretabsListaction { } hr { border: 0; border-top: 1px solid #ccc; } +.tabBar hr { margin-top: 20px; margin-bottom: 17px; } + + +table.tableforfield .button:not(.bordertransp):not(.buttonpayment), +table.tableforfield .buttonDelete:not(.bordertransp):not(.buttonpayment) { + margin-bottom: 2px; + margin-top: 2px; +} .button:not(.bordertransp):not(.buttonpayment), .buttonDelete:not(.bordertransp):not(.buttonpayment) { border-color: #c5c5c5; @@ -3564,15 +3572,14 @@ table.borderplus { border: 1px solid #BBB; } -.border tbody tr, .bordernooddeven tbody tr, .border tbody tr td, .bordernooddeven tbody tr td, div.tabBar table.border tr, div.tabBar table.border tr td, div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border-col, div.tabBar div.border .table-val-border-col { - height: 26px; -} +.border tbody tr, .bordernooddeven tbody tr, .border tbody tr td, .bordernooddeven tbody tr td, +div.tabBar table.border tr, div.tabBar table.border tr td, div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border-col, div.tabBar div.border .table-val-border-col, tr.liste_titre.box_titre td table td, .bordernooddeven tr td { - height: 26px; + height: 28px; } table.border td, table.bordernooddeven td, div.border div div.tagtd { - padding: 4px 4px 4px 4px; + padding: 3px 4px 3px 4px; border: 1px solid #f0f0f0; border-collapse: collapse; } From ba3856f9e9f6b424ceeae7007e7105ee984cfb34 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 24 Feb 2022 14:14:04 +0100 Subject: [PATCH 38/59] Fix regression --- htdocs/core/class/extrafields.class.php | 2 +- htdocs/core/class/html.form.class.php | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index 319447b0996..e9b23bfdbd9 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1886,7 +1886,7 @@ class ExtraFields $out = '<'.$tagtype.' id="trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').'" class="trextrafieldseparator trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').'">'; $out .= '<'.$tagtype_dyn.' '.(!empty($colspan)?'colspan="' . $colspan . '"':'').'>'; // Some js code will be injected here to manage the collapsing of extrafields - $out .= ' '; + $out .= ' '; $out .= ''; $out .= $langs->trans($this->attributes[$object->table_element]['label'][$key]); $out .= ''; diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index b4f1daf9674..6e5c0a572d2 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -141,9 +141,9 @@ class Form } } } else { - //if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { + if (empty($notabletag) && $perm) { $ret .= '
'; - //} - if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { + } + if (empty($notabletag) && $perm) { $ret .= ''; } - //if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { + if (empty($notabletag) && $perm) { $ret .= '
'; - //} + } if ($fieldrequired) { $ret .= ''; } @@ -158,10 +158,10 @@ class Form if (!empty($notabletag)) { $ret .= ' '; } - //if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { + if (empty($notabletag) && $perm) { $ret .= ''; } if ($htmlname && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { @@ -173,12 +173,12 @@ class Form if (!empty($notabletag) && $notabletag == 3) { $ret .= ' '; } - if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { + if (empty($notabletag) && $perm) { $ret .= '
'; - //} + } } return $ret; From 4d2dde0fe48d335a434a0e88a5101d878d1c7b7e Mon Sep 17 00:00:00 2001 From: Thomas Negre Date: Thu, 24 Feb 2022 14:34:06 +0100 Subject: [PATCH 39/59] fix bookmarks info bubble --- htdocs/bookmarks/bookmarks.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/bookmarks/bookmarks.lib.php b/htdocs/bookmarks/bookmarks.lib.php index d24ba63ef55..f8daff1cd14 100644 --- a/htdocs/bookmarks/bookmarks.lib.php +++ b/htdocs/bookmarks/bookmarks.lib.php @@ -66,7 +66,7 @@ function printDropdownBookmarksList() // Url to list bookmark - $listbtn = ''; + $listbtn = ''; $listbtn .= img_picto('', 'bookmark', 'class="paddingright"').$langs->trans('Bookmarks').''; // Url to go on create new bookmark page From 517562b465eee56d3b1df297086e4fe39cfe091d Mon Sep 17 00:00:00 2001 From: Gauthier PC portable 024 Date: Thu, 24 Feb 2022 15:26:11 +0100 Subject: [PATCH 40/59] NEW : solde() function evolution to be able to get solde until a chosen date --- htdocs/compta/bank/class/account.class.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index cb2de5aca46..655c49bcc44 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -1188,9 +1188,11 @@ class Account extends CommonObject * Return current sold * * @param int $option 1=Exclude future operation date (this is to exclude input made in advance and have real account sold) - * @return int Current sold (value date <= today) + * @param tms $date_end Date until we want to get bank account sold + * @param string $field dateo or datev + * @return int current sold (value date <= today) */ - public function solde($option = 0) + public function solde($option = 0, $date_end='', $field='dateo') { $solde = 0; @@ -1198,7 +1200,7 @@ class Account extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."bank"; $sql .= " WHERE fk_account = ".((int) $this->id); if ($option == 1) { - $sql .= " AND dateo <= '".$this->db->idate(dol_now())."'"; + $sql .= " AND ".$this->db->escape($field)." <= '".(!empty($date_end) ? $this->db->idate($date_end) : $this->db->idate(dol_now()))."'"; } $resql = $this->db->query($sql); From a0bc41cdba3fd8561f2ed84c5dc6aa3511413c0f Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Thu, 24 Feb 2022 14:32:59 +0000 Subject: [PATCH 41/59] Fixing style errors. --- htdocs/compta/bank/class/account.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index 655c49bcc44..18fc015fb2d 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -1192,7 +1192,7 @@ class Account extends CommonObject * @param string $field dateo or datev * @return int current sold (value date <= today) */ - public function solde($option = 0, $date_end='', $field='dateo') + public function solde($option = 0, $date_end = '', $field = 'dateo') { $solde = 0; From f0c5fe31f818f743cfefe62d880c25e1e1faed56 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 24 Feb 2022 17:49:52 +0100 Subject: [PATCH 42/59] FIX #yogosha9083 --- htdocs/main.inc.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 624c7bd6e73..9a9da452a44 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -97,15 +97,15 @@ function testSqlAndScriptInject($val, $type) //$val = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', 'realCharForNumericEntities', $val); // Sometimes we have entities without the ; at end so html_entity_decode does not work but entities is still interpreted by browser. $val = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', function ($m) { return realCharForNumericEntities($m); }, $val); + + // We clean string because some hacks try to obfuscate evil strings by inserting non printable chars. Example: 'java(ascci09)scr(ascii00)ipt' is processed like 'javascript' (whatever is place of evil ascii char) + // We should use dol_string_nounprintableascii but function is not yet loaded/available + $val = preg_replace('/[\x00-\x1F\x7F]/u', '', $val); // /u operator makes UTF8 valid characters being ignored so are not included into the replace + // We clean html comments because some hacks try to obfuscate evil strings by inserting HTML comments. Example: onerror=alert(1) + $val = preg_replace('//', '', $val); } while ($oldval != $val); //print "after decoding $val\n"; - // We clean string because some hacks try to obfuscate evil strings by inserting non printable chars. Example: 'java(ascci09)scr(ascii00)ipt' is processed like 'javascript' (whatever is place of evil ascii char) - // We should use dol_string_nounprintableascii but function is not yet loaded/available - $val = preg_replace('/[\x00-\x1F\x7F]/u', '', $val); // /u operator makes UTF8 valid characters being ignored so are not included into the replace - // We clean html comments because some hacks try to obfuscate evil strings by inserting HTML comments. Example: onerror=alert(1) - $val = preg_replace('//', '', $val); - $inj = 0; // For SQL Injection (only GET are used to scan for such injection strings) if ($type == 1 || $type == 3) { From 98da84f9b2594124841659ab00b887a59a219f92 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 24 Feb 2022 18:15:04 +0100 Subject: [PATCH 43/59] FIX #yogosha9086 --- htdocs/core/lib/website.lib.php | 4 +++ htdocs/website/index.php | 48 ++++++++++++++++++++++----------- 2 files changed, 36 insertions(+), 16 deletions(-) diff --git a/htdocs/core/lib/website.lib.php b/htdocs/core/lib/website.lib.php index ea40cb2dd7e..138be225166 100644 --- a/htdocs/core/lib/website.lib.php +++ b/htdocs/core/lib/website.lib.php @@ -31,6 +31,8 @@ */ function dolStripPhpCode($str, $replacewith = '') { + $str = str_replace('\n*/ims', '/<\/html>\n*/ims'), array('', ''), $dataposted); + $dataposted = str_replace('\n";*/ - $htmlheadercontent .= preg_replace(array('/\n*/ims', '/<\/html>\n*/ims'), array('', ''), GETPOST('WEBSITE_HTML_HEADER', 'none')); + $htmlheadercontent .= $dataposted."\n"; /*$htmlheadercontent.= "\n".'"."\n";*/ - $htmlheadercontent = trim($htmlheadercontent)."\n"; - $result = dolSaveHtmlHeader($filehtmlheader, $htmlheadercontent); if (!$result) { $error++; @@ -1443,10 +1445,12 @@ if ($action == 'updatecss' && $usercanedit) { $error++; } + $dataposted = trim(GETPOST('WEBSITE_CSS_INLINE', 'none')); + $dataposted = str_replace('\n"; - $csscontent .= trim(GETPOST('WEBSITE_CSS_INLINE', 'none'))."\n"; + $csscontent .= $dataposted."\n"; $csscontent .= '\n"; - $jscontent .= trim(GETPOST('WEBSITE_JS_INLINE', 'none'))."\n"; + $jscontent .= $dataposted."\n"; $jscontent .= '\n";*/ - $robotcontent .= trim(GETPOST('WEBSITE_ROBOT', 'restricthtml'))."\n"; + $robotcontent .= $dataposted."\n"; /*$robotcontent.= "\n".'\n"; - $manifestjsoncontent .= trim(GETPOST('WEBSITE_MANIFEST_JSON', 'none'))."\n"; + $manifestjsoncontent .= $dataposted."\n"; $manifestjsoncontent .= '\n";*/ - $readmecontent .= trim(GETPOST('WEBSITE_README', 'restricthtml'))."\n"; + $readmecontent .= $dataposted."\n"; /*$readmecontent.= ' Date: Thu, 24 Feb 2022 18:29:24 +0100 Subject: [PATCH 44/59] FIX #yogosha9083 --- htdocs/opensurvey/card.php | 10 +++++----- htdocs/public/opensurvey/studs.php | 8 ++++---- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/htdocs/opensurvey/card.php b/htdocs/opensurvey/card.php index 3f822679350..bc018a2dda1 100644 --- a/htdocs/opensurvey/card.php +++ b/htdocs/opensurvey/card.php @@ -137,18 +137,18 @@ if (empty($reshook)) { if (GETPOST('ajoutcomment')) { $error = 0; - if (!GETPOST('comment')) { + if (!GETPOST('comment', "alphanohtml")) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Comment")), null, 'errors'); } - if (!GETPOST('commentuser')) { + if (!GETPOST('commentuser', "alphanohtml")) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("User")), null, 'errors'); } if (!$error) { - $comment = (string) GETPOST("comment", "restricthtml"); - $comment_user = (string) GETPOST('commentuser', "restricthtml"); + $comment = (string) GETPOST("comment", "alphanohtml"); + $comment_user = (string) GETPOST('commentuser', "alphanohtml"); $resql = $object->addComment($comment, $comment_user); @@ -422,7 +422,7 @@ print '
'; if ($object->allow_comments) { print $langs->trans("AddACommentForPoll").'
'; print '
'."\n"; - print $langs->trans("Name").': '."\n"; + print $langs->trans("Name").': '."\n"; print '
'."\n"; } diff --git a/htdocs/public/opensurvey/studs.php b/htdocs/public/opensurvey/studs.php index c14935d6708..a1c9efed6c3 100644 --- a/htdocs/public/opensurvey/studs.php +++ b/htdocs/public/opensurvey/studs.php @@ -79,8 +79,8 @@ if (GETPOST('ajoutcomment', 'alpha')) { $error = 0; - $comment = GETPOST("comment", 'restricthtml'); - $comment_user = GETPOST('commentuser', 'nohtml'); + $comment = GETPOST("comment", 'alphanohtml'); + $comment_user = GETPOST('commentuser', 'alphanohtml'); if (!$comment) { $error++; @@ -780,9 +780,9 @@ if ($comments) { if ($object->allow_comments) { print '
'.$langs->trans("AddACommentForPoll")."
\n"; - print '
'."\n"; + print '
'."\n"; print $langs->trans("Name").': '; - print '   '."\n"; + print '   '."\n"; print '
'."\n"; print ''."\n"; From 8c61a29051e1225cf050bc5e2d11b0d95e62e890 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 25 Feb 2022 01:30:34 +0100 Subject: [PATCH 45/59] Show value of short_open_tags --- htdocs/admin/system/security.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index 9321fa11c12..c48acebe140 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -99,6 +99,7 @@ if (!ini_get('session.cookie_samesite') || ini_get('session.cookie_samesite') == } print "
\n"; print "PHP open_basedir = ".(ini_get('open_basedir') ? ini_get('open_basedir') : yn(0).'   ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("ARestrictedPath").', '.$langs->transnoentitiesnoconv("Example").': '.$_SERVER["DOCUMENT_ROOT"].','.DOL_DATA_ROOT).')')."
\n"; +print "PHP short_open_tag = ".((empty(ini_get('short_open_tag')) || ini_get('short_open_tag') == 'Off') ? yn(0) : img_warning().' '.yn(0)).'   ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).')'."
\n"; print "PHP allow_url_fopen = ".(ini_get('allow_url_fopen') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_fopen') : yn(0)).'   ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).")
\n"; print "PHP allow_url_include = ".(ini_get('allow_url_include') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_include') : yn(0)).'   ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).")
\n"; //print "PHP safe_mode = ".(ini_get('safe_mode') ? ini_get('safe_mode') : yn(0)).'   '.$langs->trans("Deprecated")." (removed in PHP 5.4)
\n"; From c097ee533187cbf1619f8fd4f3c5fa8ea8f14dd8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 25 Feb 2022 01:49:38 +0100 Subject: [PATCH 46/59] FIX #yogosha9089 --- htdocs/core/lib/website2.lib.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/htdocs/core/lib/website2.lib.php b/htdocs/core/lib/website2.lib.php index 64111e295d2..f61bd298c62 100644 --- a/htdocs/core/lib/website2.lib.php +++ b/htdocs/core/lib/website2.lib.php @@ -647,6 +647,11 @@ function checkPHPCode($phpfullcodestringold, $phpfullcodestring) break; } } + // Check dynamic functions $xxx( + if (preg_match('/\$[a-z0-9_]+\(/ims', $phpfullcodestring)) { + $error++; + setEventMessages($langs->trans("DynamicPHPCodeContainsAForbiddenInstruction", '$...('), null, 'errors'); + } if (!$error && empty($user->rights->website->writephp)) { if ($phpfullcodestringold != $phpfullcodestring) { From 6b4c4f19aba356a05b76735a91747df9a7848019 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Fri, 25 Feb 2022 04:55:55 +0100 Subject: [PATCH 47/59] NEW Accountancy - Add date from/to on expense report binding & uniformize --- htdocs/accountancy/expensereport/lines.php | 78 +++++++---- htdocs/accountancy/expensereport/list.php | 142 ++++++++++++++------- 2 files changed, 149 insertions(+), 71 deletions(-) diff --git a/htdocs/accountancy/expensereport/lines.php b/htdocs/accountancy/expensereport/lines.php index fb3bf1a6e04..ff7b9295693 100644 --- a/htdocs/accountancy/expensereport/lines.php +++ b/htdocs/accountancy/expensereport/lines.php @@ -1,6 +1,6 @@ - * Copyright (C) 2013-2017 Alexandre Spangaro + * Copyright (C) 2013-2022 Alexandre Spangaro * Copyright (C) 2014-2015 Ari Elbaz (elarifr) * Copyright (C) 2013-2016 Florian Henry * Copyright (C) 2014 Juanjo Menent @@ -26,8 +26,8 @@ */ require '../../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php'; require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingaccount.class.php'; require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php'; @@ -49,9 +49,14 @@ $search_desc = GETPOST('search_desc', 'alpha'); $search_amount = GETPOST('search_amount', 'alpha'); $search_account = GETPOST('search_account', 'alpha'); $search_vat = GETPOST('search_vat', 'alpha'); -$search_day = GETPOST("search_day", "int"); -$search_month = GETPOST("search_month", "int"); -$search_year = GETPOST("search_year", "int"); +$search_date_startday = GETPOST('search_date_startday', 'int'); +$search_date_startmonth = GETPOST('search_date_startmonth', 'int'); +$search_date_startyear = GETPOST('search_date_startyear', 'int'); +$search_date_endday = GETPOST('search_date_endday', 'int'); +$search_date_endmonth = GETPOST('search_date_endmonth', 'int'); +$search_date_endyear = GETPOST('search_date_endyear', 'int'); +$search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear); // Use tzserver +$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); @@ -61,9 +66,9 @@ $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("pa if (empty($page) || $page < 0) { $page = 0; } +$offset = $limit * $page; $pageprev = $page - 1; $pagenext = $page + 1; -$offset = $limit * $page; if (!$sortfield) { $sortfield = "erd.date, erd.rowid"; } @@ -101,9 +106,14 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x' $search_amount = ''; $search_account = ''; $search_vat = ''; - $search_day = ''; - $search_month = ''; - $search_year = ''; + $search_date_startday = ''; + $search_date_startmonth = ''; + $search_date_startyear = ''; + $search_date_endday = ''; + $search_date_endmonth = ''; + $search_date_endyear = ''; + $search_date_start = ''; + $search_date_end = ''; } if (is_array($changeaccount) && count($changeaccount) > 0 && $user->rights->accounting->bind->write) { @@ -204,7 +214,12 @@ if (strlen(trim($search_account))) { if (strlen(trim($search_vat))) { $sql .= natural_search("erd.tva_tx", price2num($search_vat), 1); } -$sql .= dolSqlDateFilter('erd.date', $search_day, $search_month, $search_year); +if ($search_date_start) { + $sql .= " AND erd.date >= '".$db->idate($search_date_start)."'"; +} +if ($search_date_end) { + $sql .= " AND erd.date <= '".$db->idate($search_date_end)."'"; +} $sql .= " AND er.entity IN (".getEntity('expensereport', 0).")"; // We don't share object for accountancy $sql .= $db->order($sortfield, $sortorder); @@ -222,9 +237,8 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { $sql .= $db->plimit($limit + 1, $offset); -dol_syslog('accountancy/expensereport/lines.php::list'); +dol_syslog("accountancy/expensereport/lines.php", LOG_DEBUG); $result = $db->query($sql); - if ($result) { $num_lines = $db->num_rows($result); $i = 0; @@ -254,14 +268,23 @@ if ($result) { if ($search_vat) { $param .= "&search_vat=".urlencode($search_vat); } - if ($search_day) { - $param .= '&search_day='.urlencode($search_day); + if ($search_date_startday) { + $param .= '&search_date_startday='.urlencode($search_date_startday); } - if ($search_month) { - $param .= '&search_month='.urlencode($search_month); + if ($search_date_startmonth) { + $param .= '&search_date_startmonth='.urlencode($search_date_startmonth); } - if ($search_year) { - $param .= '&search_year='.urlencode($search_year); + if ($search_date_startyear) { + $param .= '&search_date_startyear='.urlencode($search_date_startyear); + } + if ($search_date_endday) { + $param .= '&search_date_endday='.urlencode($search_date_endday); + } + if ($search_date_endmonth) { + $param .= '&search_date_endmonth='.urlencode($search_date_endmonth); + } + if ($search_date_endyear) { + $param .= '&search_date_endyear='.urlencode($search_date_endyear); } print '
'."\n"; @@ -276,12 +299,11 @@ if ($result) { print ''; print_barre_liste($langs->trans("ExpenseReportLinesDone"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num_lines, $nbtotalofrecords, 'title_accountancy', 0, '', '', $limit); - print ''.$langs->trans("DescVentilDoneExpenseReport").'
'; - print '
'.$langs->trans("ChangeAccount").'
'; + print '
'.$langs->trans("ChangeAccount").' '; print $formaccounting->select_account($account_parent, 'account_parent', 2, array(), 0, 0, 'maxwidth300 maxwidthonsmartphone valignmiddle'); - print '
'; + print '
'; $moreforfilter = ''; @@ -296,11 +318,12 @@ if ($result) { print '
'; - if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) { - print ''; - } - print ''; - $formother->select_year($search_year, 'search_year', 1, 20, 5); + print '
'; + print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')); + print '
'; + print '
'; + print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')); + print '
'; print '		'.vatrate($objp->tva_tx.($objp->vat_src_code ? ' ('.$objp->vat_src_code.')' : '')).''; + print ''; print $accountingaccountstatic->getNomUrl(0, 1, 1, '', 1); print ' '; print img_edit(); print '
'; - if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) { - print ''; - } - print ''; - $formother->select_year($search_year, 'search_year', 1, 20, 5); + print ''; + print '
'; + print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')); + print '
'; + print '
'; + print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')); + print '
'; print '		'; + print ''; $searchpicto = $form->showFilterButtons(); print $searchpicto; print ''; if ($module->type == 'pdf') { - $linkspec = ''.img_object($langs->trans("Preview"), 'bill').''; + $linkspec = ''.img_object($langs->trans("Preview"), 'pdf').''; } else { $linkspec = img_object($langs->trans("PreviewNotAvailable"), 'generic'); } From cb862246131978fa1c62cde353f6c813216f5681 Mon Sep 17 00:00:00 2001 From: Sylvain Legrand Date: Fri, 25 Feb 2022 09:33:08 +0100 Subject: [PATCH 55/59] new : allow to show all logos on a table --- htdocs/core/lib/files.lib.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index d1364598c07..04c3a481d00 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -987,7 +987,7 @@ function dol_unescapefile($filename) */ function dolCheckVirus($src_file) { - global $conf; + global $conf, $db; if (!empty($conf->global->MAIN_ANTIVIRUS_COMMAND)) { if (!class_exists('AntiVir')) { @@ -2371,6 +2371,10 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, // Wrapping for users photos $accessallowed = 1; $original_file = $conf->user->dir_output.'/'.$original_file; + } elseif (($modulepart == 'companylogo') && !empty($conf->mycompany->dir_output)) { + // Wrapping for users logos + $accessallowed = 1; + $original_file = $conf->mycompany->dir_output.'/logos/'.$original_file; } elseif ($modulepart == 'memberphoto' && !empty($conf->adherent->dir_output)) { // Wrapping for members photos $accessallowed = 1; From be95662ece21162f475fb42876cff87e2843cf06 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 25 Feb 2022 13:19:01 +0100 Subject: [PATCH 56/59] Revert "NEW : accoutancy : subleger label input automatic filling when selecting subleger account in select2 list" --- htdocs/accountancy/bookkeeping/card.php | 4 ++-- htdocs/core/class/html.formaccounting.class.php | 15 +-------------- 2 files changed, 3 insertions(+), 16 deletions(-) diff --git a/htdocs/accountancy/bookkeeping/card.php b/htdocs/accountancy/bookkeeping/card.php index 01e78cf4d27..c156a388735 100644 --- a/htdocs/accountancy/bookkeeping/card.php +++ b/htdocs/accountancy/bookkeeping/card.php @@ -659,7 +659,7 @@ if ($action == 'create') { // Also, it is not possible to use a value that is not in the list. // Also, the label is not automatically filled when a value is selected. if (!empty($conf->global->ACCOUNTANCY_COMBO_FOR_AUX)) { - print $formaccounting->select_auxaccount((GETPOSTISSET("subledger_account") ? GETPOST("subledger_account", "alpha") : $line->subledger_account), 'subledger_account', 1, 'maxwidth250', '', 'subledger_label'); + print $formaccounting->select_auxaccount((GETPOSTISSET("subledger_account") ? GETPOST("subledger_account", "alpha") : $line->subledger_account), 'subledger_account', 1); } else { print 'subledger_account).'" placeholder="'.dol_escape_htmltag($langs->trans("SubledgerAccount")).'">'; } @@ -728,7 +728,7 @@ if ($action == 'create') { // Also, it is not possible to use a value that is not in the list. // Also, the label is not automatically filled when a value is selected. if (!empty($conf->global->ACCOUNTANCY_COMBO_FOR_AUX)) { - print $formaccounting->select_auxaccount('', 'subledger_account', 1, 'maxwidth250', '', 'subledger_label'); + print $formaccounting->select_auxaccount('', 'subledger_account', 1); } else { print ''; } diff --git a/htdocs/core/class/html.formaccounting.class.php b/htdocs/core/class/html.formaccounting.class.php index 645e045a903..dc6e6d8c6cd 100644 --- a/htdocs/core/class/html.formaccounting.class.php +++ b/htdocs/core/class/html.formaccounting.class.php @@ -441,7 +441,7 @@ class FormAccounting extends Form * @param string $usecache Key to use to store result into a cache. Next call with same key will reuse the cache. * @return string String with HTML select */ - public function select_auxaccount($selectid, $htmlname = 'account_num_aux', $showempty = 0, $morecss = 'maxwidth250', $usecache = '', $labelhtmlname = '') + public function select_auxaccount($selectid, $htmlname = 'account_num_aux', $showempty = 0, $morecss = 'maxwidth250', $usecache = '') { // phpcs:enable @@ -505,19 +505,6 @@ class FormAccounting extends Form // Build select $out .= Form::selectarray($htmlname, $aux_account, $selectid, ($showempty ? (is_numeric($showempty) ? 1 : $showempty): 0), 0, 0, '', 0, 0, 0, '', $morecss, 1); - //automatic filling if we give the name of the subledger_label input - if (!empty($labelhtmlname)) { - $out .= ''; - } return $out; } From 84db3437bd60524105b93f98da0ab4a5adf510a5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 25 Feb 2022 14:13:42 +0100 Subject: [PATCH 57/59] Add missing ' in command --- htdocs/admin/tools/export_files.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/tools/export_files.php b/htdocs/admin/tools/export_files.php index 36be1f273ff..a3c20d0dffc 100644 --- a/htdocs/admin/tools/export_files.php +++ b/htdocs/admin/tools/export_files.php @@ -173,7 +173,7 @@ if ($compression == 'zip') { // We also exclude '/temp/' dir and 'documents/admin/documents' // We make escapement here and call executeCLI without escapement because we don't want to have the '*.log' escaped. - $cmd = "tar -cf ".escapeshellcmd($outputdir."/".$file)." --exclude-vcs --exclude-caches-all --exclude='temp' --exclude='*.log' --exclude='*.pdf_preview-*.png' --exclude='documents/admin/documents' -C '".escapeshellcmd(dol_sanitizePathName($dirtoswitch))."' '".escapeshellcmd(dol_sanitizeFileName($dirtocompress))."'"; + $cmd = "tar -cf '".escapeshellcmd($outputdir."/".$file)."' --exclude-vcs --exclude-caches-all --exclude='temp' --exclude='*.log' --exclude='*.pdf_preview-*.png' --exclude='documents/admin/documents' -C '".escapeshellcmd(dol_sanitizePathName($dirtoswitch))."' '".escapeshellcmd(dol_sanitizeFileName($dirtocompress))."'"; $result = $utils->executeCLI($cmd, $outputfile, 0, null, 1); From b989c257ad956c79a5d990a1f51e733790416c79 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 25 Feb 2022 18:53:21 +0100 Subject: [PATCH 58/59] Fix report on salaries --- htdocs/compta/resultat/clientfourn.php | 45 ++++++++++++-------------- htdocs/compta/resultat/index.php | 27 ++++++++++------ 2 files changed, 38 insertions(+), 34 deletions(-) diff --git a/htdocs/compta/resultat/clientfourn.php b/htdocs/compta/resultat/clientfourn.php index f650244d677..8f71015517c 100644 --- a/htdocs/compta/resultat/clientfourn.php +++ b/htdocs/compta/resultat/clientfourn.php @@ -857,34 +857,29 @@ if ($modecompta == 'BOOKKEEPING') { if ($modecompta == 'CREANCES-DETTES' || $modecompta == 'RECETTES-DEPENSES') { if ($modecompta == 'CREANCES-DETTES') { - $column = 'b.datev'; + $column = 's.dateep'; // We use the date of end of period of salary + + $sql = "SELECT u.rowid, u.firstname, u.lastname, s.fk_user as fk_user, s.label as label, date_format($column,'%Y-%m') as dm, sum(s.amount) as amount"; + $sql .= " FROM ".MAIN_DB_PREFIX."salary as s"; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid = s.fk_user"; + $sql .= " WHERE s.entity IN (".getEntity('salary').")"; + if (!empty($date_start) && !empty($date_end)) { + $sql .= " AND $column >= '".$db->idate($date_start)."' AND $column <= '".$db->idate($date_end)."'"; + } + $sql .= " GROUP BY u.rowid, u.firstname, u.lastname, s.fk_user, s.label, dm"; } else { $column = 'p.datep'; + $sql = "SELECT u.rowid, u.firstname, u.lastname, s.fk_user as fk_user, p.label as label, date_format($column,'%Y-%m') as dm, sum(p.amount) as amount"; + $sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as p"; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."salary as s ON s.rowid = p.fk_salary"; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid = s.fk_user"; + $sql .= " WHERE p.entity IN (".getEntity('payment_salary').")"; + if (!empty($date_start) && !empty($date_end)) { + $sql .= " AND $column >= '".$db->idate($date_start)."' AND $column <= '".$db->idate($date_end)."'"; + } + $sql .= " GROUP BY u.rowid, u.firstname, u.lastname, s.fk_user, p.label, dm"; } - $sql = "SELECT u.rowid, u.firstname, u.lastname, s.fk_user as fk_user, p.label as label, date_format($column,'%Y-%m') as dm, sum(p.amount) as amount"; - $sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as p"; - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."salary as s ON s.rowid=p.fk_salary"; - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."bank as b ON p.fk_bank=b.rowid"; - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid=s.fk_user"; - $sql .= " WHERE p.entity IN (".getEntity('payment_salary').")"; - if (!empty($date_start) && !empty($date_end)) { - $sql .= " AND $column >= '".$db->idate($date_start)."' AND $column <= '".$db->idate($date_end)."'"; - } - $sql .= " GROUP BY u.rowid, u.firstname, u.lastname, s.fk_user, p.label, dm"; - - // For backward compatibility with old module salary - $sql .= " UNION "; - $sql .= " SELECT u.rowid, u.firstname, u.lastname, p.fk_user as fk_user, p.label as label, date_format($column,'%Y-%m') as dm, sum(p.amount) as amount"; - $sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as p"; - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."bank as b ON p.fk_bank=b.rowid"; - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid=p.fk_user"; - $sql .= " WHERE p.entity IN (".getEntity('payment_salary').")"; - if (!empty($date_start) && !empty($date_end)) { - $sql .= " AND $column >= '".$db->idate($date_start)."' AND $column <= '".$db->idate($date_end)."'"; - } - $sql .= " GROUP BY u.rowid, u.firstname, u.lastname, p.fk_user, p.label, dm"; - $newsortfield = $sortfield; if ($newsortfield == 's.nom, s.rowid') { $newsortfield = 'u.firstname, u.lastname'; @@ -898,7 +893,7 @@ if ($modecompta == 'BOOKKEEPING') { $sql .= $db->order($newsortfield, $sortorder); } - dol_syslog("get payment salaries"); + dol_syslog("get salaries"); $result = $db->query($sql); $subtotal_ht = 0; $subtotal_ttc = 0; diff --git a/htdocs/compta/resultat/index.php b/htdocs/compta/resultat/index.php index 5f10013f294..2d3ba90cd7d 100644 --- a/htdocs/compta/resultat/index.php +++ b/htdocs/compta/resultat/index.php @@ -611,22 +611,31 @@ if (!empty($conf->tax->enabled) && ($modecompta == 'CREANCES-DETTES' || $modecom if (!empty($conf->salaries->enabled) && ($modecompta == 'CREANCES-DETTES' || $modecompta == "RECETTES-DEPENSES")) { if ($modecompta == 'CREANCES-DETTES') { - $column = 'b.datev'; + $column = 's.dateep'; // we use the date of end of period of salary + + $sql = "SELECT s.label as nom, date_format(".$column.",'%Y-%m') as dm, sum(s.amount) as amount"; + $sql .= " FROM ".MAIN_DB_PREFIX."salary as s"; + $sql .= " WHERE s.entity IN (".getEntity('salary').")"; + if (!empty($date_start) && !empty($date_end)) { + $sql .= " AND ".$column." >= '".$db->idate($date_start)."' AND ".$column." <= '".$db->idate($date_end)."'"; + } + $sql .= " GROUP BY s.label, dm"; } if ($modecompta == "RECETTES-DEPENSES") { $column = 'p.datep'; + + $sql = "SELECT p.label as nom, date_format(".$column.",'%Y-%m') as dm, sum(p.amount) as amount"; + $sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as p"; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."salary as s ON p.fk_salary = s.rowid"; + $sql .= " WHERE p.entity IN (".getEntity('payment_salary').")"; + if (!empty($date_start) && !empty($date_end)) { + $sql .= " AND ".$column." >= '".$db->idate($date_start)."' AND ".$column." <= '".$db->idate($date_end)."'"; + } + $sql .= " GROUP BY p.label, dm"; } $subtotal_ht = 0; $subtotal_ttc = 0; - $sql = "SELECT p.label as nom, date_format(".$column.",'%Y-%m') as dm, sum(p.amount) as amount"; - $sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as p"; - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."bank as b ON p.fk_bank=b.rowid"; - $sql .= " WHERE p.entity IN (".getEntity('payment_salary').")"; - if (!empty($date_start) && !empty($date_end)) { - $sql .= " AND ".$column." >= '".$db->idate($date_start)."' AND ".$column." <= '".$db->idate($date_end)."'"; - } - $sql .= " GROUP BY p.label, dm"; dol_syslog("get social salaries payments"); $result = $db->query($sql); From acf6d195005b55b1ecb2c818c30af3e6a45d040a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 25 Feb 2022 21:45:29 +0100 Subject: [PATCH 59/59] Fix CSS --- htdocs/core/class/html.form.class.php | 15 ++++++++------- htdocs/core/class/html.formcategory.class.php | 4 ++-- htdocs/core/class/html.formother.class.php | 19 ++++++++++--------- htdocs/projet/list.php | 6 +++--- 4 files changed, 23 insertions(+), 21 deletions(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 6e5c0a572d2..1bdd1161770 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -1599,7 +1599,7 @@ class Form * @param string $exclude List of contacts id to exclude * @param string $limitto Disable answers that are not id in this array list * @param integer $showfunction Add function into label - * @param string $moreclass Add more class to class style + * @param string $morecss Add more class to class style * @param integer $showsoc Add company into label * @param int $forcecombo Force to use combo box * @param array $events Event options. Example: array(array('method'=>'getContacts', 'url'=>dol_buildpath('/core/ajax/contacts.php',1), 'htmlname'=>'contactid', 'params'=>array('add-customer-contact'=>'disabled'))) @@ -1609,10 +1609,10 @@ class Form * @return int <0 if KO, Nb of contact in list if OK * @deprecated You can use selectcontacts directly (warning order of param was changed) */ - public function select_contacts($socid, $selected = '', $htmlname = 'contactid', $showempty = 0, $exclude = '', $limitto = '', $showfunction = 0, $moreclass = '', $showsoc = 0, $forcecombo = 0, $events = array(), $options_only = false, $moreparam = '', $htmlid = '') + public function select_contacts($socid, $selected = '', $htmlname = 'contactid', $showempty = 0, $exclude = '', $limitto = '', $showfunction = 0, $morecss = '', $showsoc = 0, $forcecombo = 0, $events = array(), $options_only = false, $moreparam = '', $htmlid = '') { // phpcs:enable - print $this->selectcontacts($socid, $selected, $htmlname, $showempty, $exclude, $limitto, $showfunction, $moreclass, $options_only, $showsoc, $forcecombo, $events, $moreparam, $htmlid); + print $this->selectcontacts($socid, $selected, $htmlname, $showempty, $exclude, $limitto, $showfunction, $morecss, $options_only, $showsoc, $forcecombo, $events, $moreparam, $htmlid); return $this->num; } @@ -1629,7 +1629,7 @@ class Form * @param string $exclude List of contacts id to exclude * @param string $limitto Disable answers that are not id in this array list * @param integer $showfunction Add function into label - * @param string $moreclass Add more class to class style + * @param string $morecss Add more class to class style * @param bool $options_only Return options only (for ajax treatment) * @param integer $showsoc Add company into label * @param int $forcecombo Force to use combo box (so no ajax beautify effect) @@ -1640,7 +1640,7 @@ class Form * @param integer $disableifempty Set tag 'disabled' on select if there is no choice * @return int|string <0 if KO, HTML with select string if OK. */ - public function selectcontacts($socid, $selected = '', $htmlname = 'contactid', $showempty = 0, $exclude = '', $limitto = '', $showfunction = 0, $moreclass = '', $options_only = false, $showsoc = 0, $forcecombo = 0, $events = array(), $moreparam = '', $htmlid = '', $multiple = false, $disableifempty = 0) + public function selectcontacts($socid, $selected = '', $htmlname = 'contactid', $showempty = 0, $exclude = '', $limitto = '', $showfunction = 0, $morecss = '', $options_only = false, $showsoc = 0, $forcecombo = 0, $events = array(), $moreparam = '', $htmlid = '', $multiple = false, $disableifempty = 0) { global $conf, $langs, $hookmanager, $action; @@ -1687,7 +1687,7 @@ class Form $num = $this->db->num_rows($resql); if ($htmlname != 'none' && !$options_only) { - $out .= ''; } if ($showempty && ! is_numeric($showempty)) { @@ -2085,7 +2085,7 @@ class Form if ($num) { // Enhance with select2 include_once DOL_DOCUMENT_ROOT.'/core/lib/ajax.lib.php'; - $out = ajax_combobox($htmlname).$out; + $out .= ajax_combobox($htmlname); } } else { dol_print_error($this->db); @@ -2094,6 +2094,7 @@ class Form if ($outputmode) { return $outarray; } + return $out; } diff --git a/htdocs/core/class/html.formcategory.class.php b/htdocs/core/class/html.formcategory.class.php index 518a8f93290..1a2c02deb54 100644 --- a/htdocs/core/class/html.formcategory.class.php +++ b/htdocs/core/class/html.formcategory.class.php @@ -49,13 +49,13 @@ class FormCategory extends Form $categoryArray = $this->select_all_categories($type, "", "", 64, 0, 1); $categoryArray[-2] = "- ".$langs->trans('NotCategorized')." -"; - $tmptitle = $langs->trans("Category"); + $tmptitle = $langs->transnoentitiesnoconv("Category"); $filter = ''; $filter .= '
'; $filter .= img_picto($tmptitle, 'category', 'class="pictofixedwidth"'); //$filter .= $langs->trans('Categories').": "; - $filter .= Form::multiselectarray($htmlName, $categoryArray, $preSelected, 0, 0, "minwidth300", 0, 0, '', '', $tmptitle); + $filter .= Form::multiselectarray($htmlName, $categoryArray, $preSelected, 0, 0, "minwidth300 widthcentpercentminusx", 0, 0, '', '', $tmptitle); $filter .= "
"; return $filter; diff --git a/htdocs/core/class/html.formother.class.php b/htdocs/core/class/html.formother.class.php index 0c55a1fd853..f1f0a846f93 100644 --- a/htdocs/core/class/html.formother.class.php +++ b/htdocs/core/class/html.formother.class.php @@ -473,15 +473,6 @@ class FormOther $langs->load('users'); $out = ''; - // Enhance with select2 - if ($conf->use_javascript_ajax) { - include_once DOL_DOCUMENT_ROOT.'/core/lib/ajax.lib.php'; - - $comboenhancement = ajax_combobox($htmlname); - if ($comboenhancement) { - $out .= $comboenhancement; - } - } $reshook = $hookmanager->executeHooks('addSQLWhereFilterOnSelectSalesRep', array(), $this, $action); @@ -622,6 +613,16 @@ class FormOther $out .= ''; + // Enhance with select2 + if ($conf->use_javascript_ajax) { + include_once DOL_DOCUMENT_ROOT.'/core/lib/ajax.lib.php'; + + $comboenhancement = ajax_combobox($htmlname); + if ($comboenhancement) { + $out .= $comboenhancement; + } + } + return $out; } diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index b19bc407537..54cb72f744e 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -821,12 +821,12 @@ $includeonly = ''; if (empty($user->rights->user->user->lire)) { $includeonly = array($user->id); } -$moreforfilter .= img_picto($tmptitle, 'user', 'class="pictofixedwidth"').$form->select_dolusers($search_project_user ? $search_project_user : '', 'search_project_user', $tmptitle, '', 0, $includeonly, '', 0, 0, 0, '', 0, '', 'maxwidth250'); +$moreforfilter .= img_picto($tmptitle, 'user', 'class="pictofixedwidth"').$form->select_dolusers($search_project_user ? $search_project_user : '', 'search_project_user', $tmptitle, '', 0, $includeonly, '', 0, 0, 0, '', 0, '', 'maxwidth250 widthcentpercentminusx'); $moreforfilter .= ''; $moreforfilter .= '
'; $tmptitle = $langs->trans('ProjectsWithThisContact'); -$moreforfilter .= img_picto($tmptitle, 'user', 'class="pictofixedwidth"').$form->selectcontacts(0, $search_project_contact ? $search_project_contact : '', 'search_project_contact', $tmptitle); +$moreforfilter .= img_picto($tmptitle, 'user', 'class="pictofixedwidth"').$form->selectcontacts(0, $search_project_contact ? $search_project_contact : '', 'search_project_contact', $tmptitle, '', '', 0, 'maxwidth250 widthcentpercentminusx'); $moreforfilter .= '
'; // If the user can view thirdparties other than his' @@ -834,7 +834,7 @@ if ($user->rights->societe->client->voir || $socid) { $langs->load("commercial"); $moreforfilter .= '
'; $tmptitle = $langs->trans('ThirdPartiesOfSaleRepresentative'); - $moreforfilter .= img_picto($tmptitle, 'user', 'class="pictofixedwidth"').$formother->select_salesrepresentatives($search_sale, 'search_sale', $user, 0, $tmptitle, 'maxwidth250'); + $moreforfilter .= img_picto($tmptitle, 'user', 'class="pictofixedwidth"').$formother->select_salesrepresentatives($search_sale, 'search_sale', $user, 0, $tmptitle, 'maxwidth250 widthcentpercentminusx'); $moreforfilter .= '
'; }