From 3968161686cfd7b2335e655fb87e36fd4ecb6f9d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 22 Dec 2022 01:42:53 +0100 Subject: [PATCH 1/4] Fix filter on active on list of account --- htdocs/accountancy/admin/card.php | 3 +- .../core/class/html.formaccounting.class.php | 31 +++++++++++-------- htdocs/langs/en_US/accountancy.lang | 16 +++++----- 3 files changed, 28 insertions(+), 22 deletions(-) diff --git a/htdocs/accountancy/admin/card.php b/htdocs/accountancy/admin/card.php index 9eabd378e11..97d2509b898 100644 --- a/htdocs/accountancy/admin/card.php +++ b/htdocs/accountancy/admin/card.php @@ -329,7 +329,8 @@ if ($action == 'create') { // Account parent print ''.$langs->trans("Accountparent").''; print ''; - print $formaccounting->select_account($object->account_parent, 'account_parent', 1); + // Note: We accept disabled account as parent account so we can build a hierarchy and use only childs + print $formaccounting->select_account($object->account_parent, 'account_parent', 1, array(), 0, 0, 'minwidth100 maxwidth300 maxwidthonsmartphone', 1, ''); print ''; // Chart of accounts type diff --git a/htdocs/core/class/html.formaccounting.class.php b/htdocs/core/class/html.formaccounting.class.php index 10e23f3d2e4..19ef75c8aaa 100644 --- a/htdocs/core/class/html.formaccounting.class.php +++ b/htdocs/core/class/html.formaccounting.class.php @@ -331,17 +331,18 @@ class FormAccounting extends Form /** * Return list of accounts with label by chart of accounts * - * @param string $selectid Preselected id of accounting accounts (depends on $select_in) - * @param string $htmlname Name of HTML field id. If name start with '.', it is name of HTML css class, so several component with same name in different forms can be used. - * @param int|string $showempty 1=Add an empty field, 2=Add an empty field+'None' field - * @param array $event Event options - * @param int $select_in 0=selectid value is a aa.rowid (default) or 1=selectid is aa.account_number - * @param int $select_out Set value returned by select. 0=rowid (default), 1=account_number - * @param string $morecss More css non HTML object - * @param string $usecache Key to use to store result into a cache. Next call with same key will reuse the cache. - * @return string String with HTML select + * @param string $selectid Preselected id of accounting accounts (depends on $select_in) + * @param string $htmlname Name of HTML field id. If name start with '.', it is name of HTML css class, so several component with same name in different forms can be used. + * @param int|string $showempty 1=Add an empty field, 2=Add an empty field+'None' field + * @param array $event Event options + * @param int $select_in 0=selectid value is a aa.rowid (default) or 1=selectid is aa.account_number + * @param int $select_out Set value returned by select. 0=rowid (default), 1=account_number + * @param string $morecss More css non HTML object + * @param string $usecache Key to use to store result into a cache. Next call with same key will reuse the cache. + * @param string $active Filter on status active or not: '0', '1' or '' for no filter + * @return string String with HTML select */ - public function select_account($selectid, $htmlname = 'account', $showempty = 0, $event = array(), $select_in = 0, $select_out = 0, $morecss = 'minwidth100 maxwidth300 maxwidthonsmartphone', $usecache = '') + public function select_account($selectid, $htmlname = 'account', $showempty = 0, $event = array(), $select_in = 0, $select_out = 0, $morecss = 'minwidth100 maxwidth300 maxwidthonsmartphone', $usecache = '', $active = '1') { // phpcs:enable global $conf, $langs; @@ -360,14 +361,18 @@ class FormAccounting extends Form $options = $options + $this->options_cache[$usecache]; // We use + instead of array_merge because we don't want to reindex key from 0 $selected = $selectid; } else { - $trunclength = empty($conf->global->ACCOUNTING_LENGTH_DESCRIPTION_ACCOUNT) ? 50 : $conf->global->ACCOUNTING_LENGTH_DESCRIPTION_ACCOUNT; + $trunclength = getDolGlobalInt('ACCOUNTING_LENGTH_DESCRIPTION_ACCOUNT', 50); $sql = "SELECT DISTINCT aa.account_number, aa.label, aa.labelshort, aa.rowid, aa.fk_pcg_version"; $sql .= " FROM ".$this->db->prefix()."accounting_account as aa"; $sql .= " INNER JOIN ".$this->db->prefix()."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version"; $sql .= " AND asy.rowid = ".((int) $conf->global->CHARTOFACCOUNTS); - $sql .= " AND aa.active = 1"; - $sql .= " AND aa.entity=".$conf->entity; + if ($active === '1') { + $sql .= " AND aa.active = 1"; + } elseif ($active === '0') { + $sql .= " AND aa.active = 0"; + } + $sql .= " AND aa.entity=".((int) $conf->entity); $sql .= " ORDER BY aa.account_number"; dol_syslog(get_class($this)."::select_account", LOG_DEBUG); diff --git a/htdocs/langs/en_US/accountancy.lang b/htdocs/langs/en_US/accountancy.lang index a3ed5f9b7b6..b6bf1b90aef 100644 --- a/htdocs/langs/en_US/accountancy.lang +++ b/htdocs/langs/en_US/accountancy.lang @@ -271,13 +271,13 @@ Reconcilable=Reconcilable TotalVente=Total turnover before tax TotalMarge=Total sales margin -DescVentilCustomer=Consult here the list of customer invoice lines bound (or not) to a product accounting account -DescVentilMore=In most cases, if you use predefined products or services and you set the account number on the product/service card, the application will be able to make all the binding between your invoice lines and the accounting account of your chart of accounts, just in one click with the button "%s". If account was not set on product/service cards or if you still have some lines not bound to an account, you will have to make a manual binding from the menu "%s". -DescVentilDoneCustomer=Consult here the list of the lines of invoices customers and their product accounting account -DescVentilTodoCustomer=Bind invoice lines not already bound with a product accounting account -ChangeAccount=Change the product/service accounting account for selected lines with the following accounting account: +DescVentilCustomer=Consult here the list of customer invoice lines bound (or not) to a product account from chart of account +DescVentilMore=In most cases, if you use predefined products or services and you set the account (from chart of account) on the product/service card, the application will be able to make all the binding between your invoice lines and the accounting account of your chart of accounts, just in one click with the button "%s". If account was not set on product/service cards or if you still have some lines not bound to an account, you will have to make a manual binding from the menu "%s". +DescVentilDoneCustomer=Consult here the list of the lines of invoices customers and their product account from chart of account +DescVentilTodoCustomer=Bind invoice lines not already bound with a product account from chart of account +ChangeAccount=Change the product/service account (from chart of account) for the selected lines with the following account: Vide=- -DescVentilSupplier=Consult here the list of vendor invoice lines bound or not yet bound to a product accounting account (only record not already transfered in accountancy are visible) +DescVentilSupplier=Consult here the list of vendor invoice lines bound or not yet bound to a product account from chart of account (only record not already transfered in accountancy are visible) DescVentilDoneSupplier=Consult here the list of the lines of vendor invoices and their accounting account DescVentilTodoExpenseReport=Bind expense report lines not already bound with a fee accounting account DescVentilExpenseReport=Consult here the list of expense report lines bound (or not) to a fee accounting account @@ -295,14 +295,14 @@ DescValidateMovements=Any modification or deletion of writing, lettering and del ValidateHistory=Bind Automatically AutomaticBindingDone=Automatic bindings done (%s) - Automatic binding not possible for some record (%s) -ErrorAccountancyCodeIsAlreadyUse=Error, you cannot delete this accounting account because it is used +ErrorAccountancyCodeIsAlreadyUse=Error, you cannot remove or disable this account of chart of account because it is used MvtNotCorrectlyBalanced=Movement not correctly balanced. Debit = %s & Credit = %s Balancing=Balancing FicheVentilation=Binding card GeneralLedgerIsWritten=Transactions are written in the Ledger GeneralLedgerSomeRecordWasNotRecorded=Some of the transactions could not be journalized. If there is no other error message, this is probably because they were already journalized. NoNewRecordSaved=No more record to transfer -ListOfProductsWithoutAccountingAccount=List of products not bound to any accounting account +ListOfProductsWithoutAccountingAccount=List of products not bound to any account of chart of account ChangeBinding=Change the binding Accounted=Accounted in ledger NotYetAccounted=Not yet transferred to accounting From 242713bb972d2294c5a6542ded6c1ebfd6a947b9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 22 Dec 2022 02:11:05 +0100 Subject: [PATCH 2/4] FIX Duplicate test --- htdocs/accountancy/admin/categories_list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index 3a6664b8b44..a33616fc09e 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -190,7 +190,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { setEventMessages($langs->transnoentities('ErrorCodeCantContainZero'), null, 'errors'); } } - if (!is_numeric(GETPOST('position', 'alpha'))) { + if (GETPOST('position') && !is_numeric(GETPOST('position', 'alpha'))) { $langs->loadLangs(array("errors")); $ok = 0; setEventMessages($langs->transnoentities('ErrorFieldMustBeANumeric', $langs->transnoentities("Position")), null, 'errors'); From 46db4b51d18d40128c508ed3f486dda52b0d5286 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 22 Dec 2022 03:06:53 +0100 Subject: [PATCH 3/4] FIX Debug v17 --- htdocs/accountancy/admin/account.php | 4 +-- htdocs/accountancy/admin/categories.php | 29 ++++++++++--------- htdocs/accountancy/admin/categories_list.php | 12 ++++---- .../core/class/html.formaccounting.class.php | 6 +++- htdocs/core/lib/functions.lib.php | 19 +++++++----- 5 files changed, 40 insertions(+), 30 deletions(-) diff --git a/htdocs/accountancy/admin/account.php b/htdocs/accountancy/admin/account.php index 2a23ee5eb85..21d60103135 100644 --- a/htdocs/accountancy/admin/account.php +++ b/htdocs/accountancy/admin/account.php @@ -399,7 +399,7 @@ if ($resql) { } print ""; print ajax_combobox("chartofaccounts"); - print ''; + print ''; print '
'; @@ -436,7 +436,7 @@ if ($resql) { } if (!empty($arrayfields['aa.account_parent']['checked'])) { print ''; - print $formaccounting->select_account($search_accountparent, 'search_accountparent', 2); + print $formaccounting->select_account($search_accountparent, 'search_accountparent', 2, array(), 0, 0, 'maxwidth150'); print ''; } if (!empty($arrayfields['aa.pcg_type']['checked'])) { diff --git a/htdocs/accountancy/admin/categories.php b/htdocs/accountancy/admin/categories.php index 7b86902e009..87e6a3b490c 100644 --- a/htdocs/accountancy/admin/categories.php +++ b/htdocs/accountancy/admin/categories.php @@ -110,18 +110,22 @@ print ''; // Select the category print ''; print ''; +print '
'.$langs->trans("AccountingCategory").''; -$formaccounting->select_accounting_category($cat_id, 'account_category', 1, 0, 0, 1); -print ''; +$formaccounting->select_accounting_category($cat_id, 'account_category', 1, 0, 0, 0); +print ''; print '
'; + +print dol_get_fiche_end(); + + // Select the accounts if (!empty($cat_id)) { $return = $accountingcategory->getAccountsWithNoCategory($cat_id); if ($return < 0) { setEventMessages(null, $accountingcategory->errors, 'errors'); } - print ''.$langs->trans("AddAccountFromBookKeepingWithNoCategories").''; - print ''; + print '
'; $arraykeyvalue = array(); foreach ($accountingcategory->lines_cptbk as $key => $val) { @@ -130,8 +134,9 @@ if (!empty($cat_id)) { } if (is_array($accountingcategory->lines_cptbk) && count($accountingcategory->lines_cptbk) > 0) { - print $form->multiselectarray('cpt_bk', $arraykeyvalue, GETPOST('cpt_bk', 'array'), null, null, null, null, "90%"); - print '
'; + print img_picto($langs->trans("AccountingAccount"), 'accounting_account', 'class="pictofixedwith"'); + print $form->multiselectarray('cpt_bk', $arraykeyvalue, GETPOST('cpt_bk', 'array'), null, null, '', 0, "80%", '', '', $langs->transnoentitiesnoconv("AddAccountFromBookKeepingWithNoCategories")); + //print '
'; /*print '
'; print ajax_combobox('cpt_bk'); */ - print ' '; + print ' '; } - print ''; } -print ''; - -print dol_get_fiche_end(); - print ''; if ($action == 'display' || $action == 'delete') { - print "\n"; + print '
'; + print '
'."\n"; print ''; print '"; print '"; @@ -177,6 +178,8 @@ if ($action == 'display' || $action == 'delete') { print ""; print "\n"; } + } else { + print ''; } } diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index a33616fc09e..0e7bd908c9a 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -605,7 +605,7 @@ if ($resql) { if ($showfield) { if ($value == 'country') { print ''; $filterfound++; } else { @@ -725,11 +725,11 @@ if ($resql) { print ''; print ''; print ''; print ''; } else { @@ -887,10 +887,10 @@ function fieldListAccountingCategories($fieldlist, $obj = '', $tabname = '', $co if ($context == 'add') { $fieldname = 'country_id'; $preselectcountrycode = GETPOSTISSET('country_id') ? GETPOST('country_id', 'int') : $mysoc->country_code; - print $form->select_country($preselectcountrycode, $fieldname, '', 28, 'maxwidth200 maxwidthonsmartphone'); + print $form->select_country($preselectcountrycode, $fieldname, '', 28, 'maxwidth150 maxwidthonsmartphone'); } else { $preselectcountrycode = (empty($obj->country_code) ? (empty($obj->country) ? $mysoc->country_code : $obj->country) : $obj->country_code); - print $form->select_country($preselectcountrycode, $fieldname, '', 28, 'maxwidth200 maxwidthonsmartphone'); + print $form->select_country($preselectcountrycode, $fieldname, '', 28, 'maxwidth150 maxwidthonsmartphone'); } print ''; } elseif ($fieldlist[$field] == 'country_id') { diff --git a/htdocs/core/class/html.formaccounting.class.php b/htdocs/core/class/html.formaccounting.class.php index 19ef75c8aaa..8ebac3611cb 100644 --- a/htdocs/core/class/html.formaccounting.class.php +++ b/htdocs/core/class/html.formaccounting.class.php @@ -270,12 +270,16 @@ class FormAccounting extends Form } while ($i < $num) { $obj = $this->db->fetch_object($resql); + + $titletoshowhtml = ($maxlen ? dol_trunc($obj->type, $maxlen) : $obj->type).($obj->range_account ? ' ('.$obj->range_account.')' : ''); + $titletoshow = ($maxlen ? dol_trunc($obj->type, $maxlen) : $obj->type).($obj->range_account ? ' ('.$obj->range_account.')' : ''); + $out .= ''; $i++; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index ca7e346b2bd..24e4a332e10 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -6914,24 +6914,27 @@ function dol_string_nohtmltag($stringtoclean, $removelinefeed = 1, $pagecodeto = /** * Clean a string to keep only desirable HTML tags. - * WARNING: This also clean HTML comments (used to obfuscate tag name). + * WARNING: This also clean HTML comments (because they can be used to obfuscate tag name). * * @param string $stringtoclean String to clean * @param int $cleanalsosomestyles Remove absolute/fixed positioning from inline styles * @param int $removeclassattribute 1=Remove the class attribute from tags * @param int $cleanalsojavascript Remove also occurence of 'javascript:'. * @param int $allowiframe Allow iframe tags. + * @param array $allowed_tags List of allowed tags to replace the default list * @return string String cleaned * * @see dol_escape_htmltag() strip_tags() dol_string_nohtmltag() dol_string_neverthesehtmltags() */ -function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1, $removeclassattribute = 1, $cleanalsojavascript = 0, $allowiframe = 0) +function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1, $removeclassattribute = 1, $cleanalsojavascript = 0, $allowiframe = 0, $allowed_tags = array()) { - $allowed_tags = array( - "html", "head", "meta", "body", "article", "a", "abbr", "b", "blockquote", "br", "cite", "div", "dl", "dd", "dt", "em", "font", "img", "ins", "hr", "i", "li", "link", - "ol", "p", "q", "s", "section", "span", "strike", "strong", "title", "table", "tr", "th", "td", "u", "ul", "sup", "sub", "blockquote", "pre", "h1", "h2", "h3", "h4", "h5", "h6", - "comment" // this tags is added to manage comment that are replaced into ... - ); + if (empty($allowed_tags)) { + $allowed_tags = array( + "html", "head", "meta", "body", "article", "a", "abbr", "b", "blockquote", "br", "cite", "div", "dl", "dd", "dt", "em", "font", "img", "ins", "hr", "i", "li", "link", + "ol", "p", "q", "s", "section", "span", "strike", "strong", "title", "table", "tr", "th", "td", "u", "ul", "sup", "sub", "blockquote", "pre", "h1", "h2", "h3", "h4", "h5", "h6" + ); + } + $allowed_tags[] = "comment"; // this tags is added to manage comment that are replaced into ... if ($allowiframe) { $allowed_tags[] = "iframe"; } @@ -6949,7 +6952,7 @@ function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1, $stringtoclean = preg_replace('/:/i', ':', $stringtoclean); $stringtoclean = preg_replace('/:|�+58|:/i', '', $stringtoclean); // refused string ':' encoded (no reason to have a : encoded like this) to disable 'javascript:...' - $temp = strip_tags($stringtoclean, $allowed_tags_string); // Warning: This remove also undesired changing string obfuscated with that pass injection detection into harmfull string + $temp = strip_tags($stringtoclean, $allowed_tags_string); // Warning: This remove also undesired , so may changes string obfuscated with that pass the injection detection into a harmfull string if ($cleanalsosomestyles) { // Clean for remaining html tags $temp = preg_replace('/position\s*:\s*(absolute|fixed)\s*!\s*important/i', '', $temp); // Note: If hacker try to introduce css comment into string to bypass this regex, the string must also be encoded by the dol_htmlentitiesbr during output so it become harmless From 58fe0721c379c1b88fc372c4c8af893486071038 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 22 Dec 2022 03:15:23 +0100 Subject: [PATCH 4/4] Try fix in travis --- .travis.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 1469894dfc3..6ae9da1b2c2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -96,10 +96,9 @@ notifications: install: - | echo "Updating Composer (version 2.5 is bugged and generate phpunit error Exception: Serialization of 'Closure' is not allowed)" + composer -V #rm $TRAVIS_BUILD_DIR/composer.json #rm $TRAVIS_BUILD_DIR/composer.lock - composer -V - composer self-update 2.4.4 #composer -n init #composer -n config vendor-dir htdocs/includes composer -n config -g vendor-dir htdocs/includes @@ -108,6 +107,7 @@ install: - | echo "Installing Composer dependencies - PHP Unit, Parallel Lint, PHP CodeSniffer, PHP Vardump check - for $TRAVIS_PHP_VERSION" if [ "$TRAVIS_PHP_VERSION" = '7.0' ] || [ "$TRAVIS_PHP_VERSION" = '7.1' ] || [ "$TRAVIS_PHP_VERSION" = '7.2' ]; then + composer self-update 2.2.18 composer -n require phpunit/phpunit ^6 \ php-parallel-lint/php-parallel-lint ^1 \ php-parallel-lint/php-console-highlighter ^0 \ @@ -115,6 +115,7 @@ install: squizlabs/php_codesniffer ^3 fi if [ "$TRAVIS_PHP_VERSION" = '7.3' ] || [ "$TRAVIS_PHP_VERSION" = '7.4' ]; then + composer self-update 2.2.18 composer -n require phpunit/phpunit ^7 \ php-parallel-lint/php-parallel-lint ^1.2 \ php-parallel-lint/php-console-highlighter ^0 \ @@ -123,6 +124,7 @@ install: fi # phpunit 9 is required for php 8 if [ "$TRAVIS_PHP_VERSION" = '8.0' ] || [ "$TRAVIS_PHP_VERSION" = '8.1' ] || [ "$TRAVIS_PHP_VERSION" = 'nightly' ]; then + composer self-update 2.4.4 composer -n require --ignore-platform-reqs phpunit/phpunit ^8 \ php-parallel-lint/php-parallel-lint ^1.2 \ php-parallel-lint/php-console-highlighter ^0 \
'.$langs->trans("AccountAccounting")."'.$langs->trans("Label")."
'.$langs->trans("NoRecordFound").'
'; - print $form->select_country($search_country_id, 'search_country_id', '', 28, 'maxwidth200 maxwidthonsmartphone'); + print $form->select_country($search_country_id, 'search_country_id', '', 28, 'maxwidth150 maxwidthonsmartphone'); print ''; + print '
'; print ''; print ''; - print ''; - print '
'; - print ''; + print ''; + print ''; print '