diff --git a/htdocs/admin/commande.php b/htdocs/admin/commande.php
index 16e255cb374..12c691374de 100644
--- a/htdocs/admin/commande.php
+++ b/htdocs/admin/commande.php
@@ -90,7 +90,11 @@ if ($_GET["action"] == 'specimen')
if ($_GET["action"] == 'set')
{
$type='order';
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES ('".$_GET["value"]."','".$type."',".$conf->entity.")";
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
+ $sql.= " VALUES ('".$db->escape($_GET["value"])."','".$type."',".$conf->entity.", ";
+ $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
+ $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+ $sql.= ")";
if ($db->query($sql))
{
@@ -123,11 +127,16 @@ if ($_GET["action"] == 'setdoc')
// On active le modele
$type='order';
$sql_del = "DELETE FROM ".MAIN_DB_PREFIX."document_model";
- $sql_del.= " WHERE nom = '".$_GET["value"]."'";
+ $sql_del.= " WHERE nom = '".$db->escape($_GET["value"])."'";
$sql_del.= " AND type = '".$type."'";
$sql_del.= " AND entity = ".$conf->entity;
$result1=$db->query($sql_del);
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom,type,entity) VALUES ('".$_GET["value"]."','".$type."',".$conf->entity.")";
+
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
+ $sql.= " VALUES ('".$_GET["value"]."', '".$type."', ".$conf->entity.", ";
+ $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
+ $sql.= (! empty($_GET["scandir"])?"'".$_GET["scandir"]."'":"null");
+ $sql.= ")";
$result2=$db->query($sql);
if ($result1 && $result2)
{
@@ -354,7 +363,7 @@ if (is_resource($handle))
{
if ($conf->global->COMMANDE_ADDON_PDF != "$name")
{
- print '';
+ print 'scandir.'&label='.urlencode($module->name).'">';
print img_picto($langs->trans("Activated"),'on');
print '';
}
@@ -365,7 +374,7 @@ if (is_resource($handle))
}
else
{
- print '';
+ print 'scandir.'&label='.urlencode($module->name).'">';
print img_picto($langs->trans("Disabled"),'off');
print '';
}
@@ -379,7 +388,7 @@ if (is_resource($handle))
}
else
{
- print '';
+ print 'scandir.'&label='.urlencode($module->name).'">';
print img_picto($langs->trans("No"),'off');
print '';
}
diff --git a/htdocs/admin/contract.php b/htdocs/admin/contract.php
index e3cc97fc61e..0b0aedf70e3 100644
--- a/htdocs/admin/contract.php
+++ b/htdocs/admin/contract.php
@@ -120,7 +120,7 @@ if (is_resource($handle))
}
else
{
- print '';
+ print 'scandir.'&label='.urlencode($module->name).'">';
print img_picto($langs->trans("Disabled"),'off');
print '';
}
diff --git a/htdocs/admin/dons.php b/htdocs/admin/dons.php
index 9c3f51b5f7f..88beb285bbb 100644
--- a/htdocs/admin/dons.php
+++ b/htdocs/admin/dons.php
@@ -85,9 +85,14 @@ if ($_GET["action"] == 'setdoc')
// On active le modele
$type='donation';
$sql_del = "DELETE FROM ".MAIN_DB_PREFIX."document_model";
- $sql_del.= " WHERE nom = '".$_GET["value"]."' AND type = '".$type."'";
+ $sql_del.= " WHERE nom = '".$db->escape($_GET["value"])."' AND type = '".$type."'";
$result1=$db->query($sql_del);
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom,type) VALUES ('".$_GET["value"]."','".$type."')";
+
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
+ $sql.= " VALUES ('".$db->escape($_GET["value"])."', '".$type."', ".$conf->entity.", ";
+ $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
+ $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+ $sql.= ")";
$result2=$db->query($sql);
if ($result1 && $result2)
{
@@ -102,7 +107,11 @@ if ($_GET["action"] == 'setdoc')
if ($_GET["action"] == 'set')
{
$type='donation';
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type) VALUES ('".$_GET["value"]."','".$type."')";
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
+ $sql.= " VALUES ('".$db->escape($_GET["value"])."','".$type."',".$conf->entity.", ";
+ $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
+ $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+ $sql.= ")";
if ($db->query($sql))
{
@@ -215,14 +224,14 @@ if (is_resource($handle))
{
print ' ';
print '| ';
- print ''.img_picto($langs->trans("Enabled"),'on').'';
+ print ''.img_picto($langs->trans("Enabled"),'on').'';
}
print ' | ';
}
else
{
print "\n";
- print ''.img_picto($langs->trans("Disabled"),'off').'';
+ print 'scandir.'&label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'off').'';
print " | ";
}
@@ -234,7 +243,7 @@ if (is_resource($handle))
}
else
{
- print ''.img_picto($langs->trans("Disabled"),'off').'';
+ print 'scandir.'&label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'';
}
print '';
diff --git a/htdocs/admin/expedition.php b/htdocs/admin/expedition.php
index 73c0d21fb22..b65159e822d 100644
--- a/htdocs/admin/expedition.php
+++ b/htdocs/admin/expedition.php
@@ -85,7 +85,11 @@ if ($_GET["action"] == 'specimen')
if ($_GET["action"] == 'set')
{
$type='shipping';
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES ('".$_GET["value"]."','".$type."',".$conf->entity.")";
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
+ $sql.= " VALUES ('".$db->escape($_GET["value"])."','".$type."',".$conf->entity.", ";
+ $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
+ $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+ $sql.= ")";
if ($db->query($sql))
{
@@ -119,11 +123,16 @@ if ($_GET["action"] == 'setdoc')
// On active le modele
$type='shipping';
$sql_del = "DELETE FROM ".MAIN_DB_PREFIX."document_model";
- $sql_del.= " WHERE nom = '".$_GET["value"]."'";
+ $sql_del.= " WHERE nom = '".$db->escape($_GET["value"])."'";
$sql_del.= " AND type = '".$type."'";
$sql_del.= " AND entity = ".$conf->entity;
$result1=$db->query($sql_del);
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom,type,entity) VALUES ('".$_GET["value"]."','".$type."',".$conf->entity.")";
+
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
+ $sql.= " VALUES ('".$db->escape($_GET["value"])."', '".$type."', ".$conf->entity.", ";
+ $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
+ $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+ $sql.= ")";
$result2=$db->query($sql);
if ($result1 && $result2)
{
@@ -321,7 +330,7 @@ if (is_resource($handle))
}
else
{
- print '';
+ print 'scandir.'&label='.urlencode($module->name).'">';
print img_picto($langs->trans("Disabled"),'off');
print '';
}
@@ -461,7 +470,7 @@ if(is_dir($dir))
}
else
{
- print ''.img_picto($langs->trans("Disabled"),'off').'';
+ print 'scandir.'&label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'';
}
print '';
@@ -475,7 +484,7 @@ if(is_dir($dir))
print $html->textwithpicto('',$htmltooltip,1,0);
print '';
print '';
- print ''.img_object($langs->trans("Preview"),'sending').'';
+ print 'scandir.'&label='.urlencode($module->name).'">'.img_object($langs->trans("Preview"),'sending').'';
print ' | ';
print '';
diff --git a/htdocs/admin/facture.php b/htdocs/admin/facture.php
index bcfd02bf1e6..7f108e565af 100644
--- a/htdocs/admin/facture.php
+++ b/htdocs/admin/facture.php
@@ -110,7 +110,11 @@ if ($_POST["action"] == 'setModuleOptions')
if ($_GET["action"] == 'set')
{
$type='invoice';
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES ('".$_GET["value"]."','".$type."',".$conf->entity.")";
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
+ $sql.= " VALUES ('".$db->escape($_GET["value"])."','".$type."',".$conf->entity.", ";
+ $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
+ $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+ $sql.= ")";
if ($db->query($sql))
{
@@ -144,14 +148,18 @@ if ($_GET["action"] == 'setdoc')
$type='invoice';
$sql_del = "DELETE FROM ".MAIN_DB_PREFIX."document_model";
- $sql_del.= " WHERE nom = '".addslashes($_GET["value"])."'";
+ $sql_del.= " WHERE nom = '".$db->escape($_GET["value"])."'";
$sql_del.= " AND type = '".$type."'";
$sql_del.= " AND entity = ".$conf->entity;
dol_syslog("facture.php ".$sql_del);
$result1=$db->query($sql_del);
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom,type,entity) VALUES ('".addslashes($_GET["value"])."','".$type."',".$conf->entity.")";
- dol_syslog("facture.php ".$sql);
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
+ $sql.= " VALUES ('".$_GET["value"]."', '".$type."', ".$conf->entity.", ";
+ $sql.= ($_GET["label"]?"'".addslashes($_GET["label"])."'":'null').", ";
+ $sql.= (! empty($_GET["scandir"])?"'".$_GET["scandir"]."'":"null");
+ $sql.= ")";
+ dol_syslog("facture.php ".$sql);
$result2=$db->query($sql);
if ($result1 && $result2)
{
@@ -306,7 +314,7 @@ foreach ($conf->file->dol_document_root as $dirroot)
}
else
{
- print ''.img_picto($langs->trans("Disabled"),'off').'';
+ print 'scandir.'&label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'';
}
print '';
@@ -459,7 +467,7 @@ foreach ($conf->file->dol_document_root as $dirroot)
else
{
print "\n";
- print ''.img_picto($langs->trans("Disabled"),'off').'';
+ print 'scandir.'&label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'off').'';
print " | ";
}
@@ -471,7 +479,7 @@ foreach ($conf->file->dol_document_root as $dirroot)
}
else
{
- print ''.img_picto($langs->trans("Disabled"),'off').'';
+ print 'scandir.'&label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'';
}
print '';
diff --git a/htdocs/admin/fichinter.php b/htdocs/admin/fichinter.php
index 5ebd52b5a45..ce0c0e07223 100644
--- a/htdocs/admin/fichinter.php
+++ b/htdocs/admin/fichinter.php
@@ -99,7 +99,11 @@ if ($_GET["action"] == 'specimen')
if ($_GET["action"] == 'set')
{
$type='ficheinter';
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES ('".$_GET["value"]."','".$type."',".$conf->entity.")";
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
+ $sql.= " VALUES ('".$db->escape($_GET["value"])."','".$type."',".$conf->entity.", ";
+ $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
+ $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+ $sql.= ")";
if ($db->query($sql))
{
@@ -134,13 +138,17 @@ if ($_GET["action"] == 'setdoc')
// On active le modele
$type='ficheinter';
$sql_del = "DELETE FROM ".MAIN_DB_PREFIX."document_model";
- $sql_del.= " WHERE nom = '".$_GET["value"]."'";
+ $sql_del.= " WHERE nom = '".$db->escape($_GET["value"])."'";
$sql_del.= " AND type = '".$type."'";
$sql_del.= " AND entity = ".$conf->entity;
dol_syslog("fichinter: sql_del=".$sql_del);
$result1=$db->query($sql_del);
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom,type,entity) VALUES ('".$_GET["value"]."','".$type."',".$conf->entity.")";
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
+ $sql.= " VALUES ('".$db->escape($_GET["value"])."', '".$type."', ".$conf->entity.", ";
+ $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
+ $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+ $sql.= ")";
dol_syslog("fichinter: sql_del=".$sql_del);
$result2=$db->query($sql);
if ($result1 && $result2)
@@ -329,7 +337,7 @@ if (is_resource($handle))
print "\n";
if ($conf->global->FICHEINTER_ADDON_PDF != "$name")
{
- print '';
+ print 'scandir.'&label='.urlencode($module->name).'">';
print img_picto($langs->trans("Enabled"),'on');
print '';
}
@@ -342,7 +350,7 @@ if (is_resource($handle))
else
{
print " | \n";
- print ''.img_picto($langs->trans("Disabled"),'off').'';
+ print 'scandir.'&label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'off').'';
print " | ";
}
@@ -354,7 +362,7 @@ if (is_resource($handle))
}
else
{
- print ''.img_picto($langs->trans("Disabled"),'off').'';
+ print 'scandir.'&label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'';
}
print '';
diff --git a/htdocs/admin/fournisseur.php b/htdocs/admin/fournisseur.php
index 1c56c0fb952..205b8b37d6c 100644
--- a/htdocs/admin/fournisseur.php
+++ b/htdocs/admin/fournisseur.php
@@ -131,7 +131,11 @@ if ($_GET["action"] == 'specimenfacture') // For invoices
if ($_GET["action"] == 'set')
{
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES ('".$_GET["value"]."','".$_GET["type"]."',".$conf->entity.")";
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
+ $sql.= " VALUES ('".$db->escape($_GET["value"])."','".$type."',".$conf->entity.", ";
+ $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
+ $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+ $sql.= ")";
$res=$db->query($sql);
if ($res)
{
@@ -170,11 +174,16 @@ if ($_GET["action"] == 'setdoc')
// On active le modele
$sql_del = "DELETE FROM ".MAIN_DB_PREFIX."document_model";
- $sql_del.= " WHERE nom = '".$_GET["value"]."'";
+ $sql_del.= " WHERE nom = '".$db->escape($_GET["value"])."'";
$sql_del.= " AND type = '".$_GET["type"]."'";
$sql_del.= " AND entity = ".$conf->entity;
$result1=$db->query($sql_del);
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom,type,entity) VALUES ('".$_GET["value"]."','".$_GET["type"]."',".$conf->entity.")";
+
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
+ $sql.= " VALUES ('".$db->escape($_GET["value"])."', '".$type."', ".$conf->entity.", ";
+ $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
+ $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+ $sql.= ")";
$result2=$db->query($sql);
if ($result1 && $result2)
{
@@ -384,7 +393,7 @@ if (is_resource($handle))
print ''."\n";
if ($conf->global->COMMANDE_SUPPLIER_ADDON_PDF != "$name")
{
- print '';
+ print 'scandir.'&label='.urlencode($module->name).'&type=order_supplier">';
print img_picto($langs->trans("Enabled"),'on');
print '';
}
@@ -397,7 +406,7 @@ if (is_resource($handle))
else
{
print ' | '."\n";
- print ''.img_picto($langs->trans("Disabled"),'off').'';
+ print 'scandir.'&label='.urlencode($module->name).'&type=order_supplier">'.img_picto($langs->trans("Disabled"),'off').'';
print " | ";
}
@@ -409,7 +418,7 @@ if (is_resource($handle))
}
else
{
- print ''.img_picto($langs->trans("Disabled"),'on').'';
+ print 'scandir.'&label='.urlencode($module->name).'&type=order_supplier"" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'on').'';
}
print '';
@@ -508,7 +517,7 @@ if (is_resource($handle))
print "\n";
if ($conf->global->INVOICE_SUPPLIER_ADDON_PDF != "$name")
{
- print '';
+ print 'scandir.'&label='.urlencode($module->name).'&type=invoice_supplier">';
print img_picto($langs->trans("Enabled"),'on');
print '';
}
@@ -521,7 +530,7 @@ if (is_resource($handle))
else
{
print " | \n";
- print ''.img_picto($langs->trans("Disabled"),'off').'';
+ print 'scandir.'&label='.urlencode($module->name).'&type=invoice_supplier">'.img_picto($langs->trans("Disabled"),'off').'';
print " | ";
}
@@ -533,7 +542,7 @@ if (is_resource($handle))
}
else
{
- print ''.img_picto($langs->trans("Disabled"),'on').'';
+ print 'scandir.'&label='.urlencode($module->name).'&type=invoice_supplier" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'on').'';
}
print '';
diff --git a/htdocs/admin/livraison.php b/htdocs/admin/livraison.php
index 5601967e539..0bb1d08c8f0 100644
--- a/htdocs/admin/livraison.php
+++ b/htdocs/admin/livraison.php
@@ -90,7 +90,11 @@ if ($_GET["action"] == 'specimen')
if ($_GET["action"] == 'set')
{
$type='delivery';
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES ('".$_GET["value"]."','".$type."',".$conf->entity.")";
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
+ $sql.= " VALUES ('".$db->escape($_GET["value"])."','".$type."',".$conf->entity.", ";
+ $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
+ $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+ $sql.= ")";
if ($db->query($sql))
{
@@ -123,11 +127,16 @@ if ($_GET["action"] == 'setdoc')
// On active le modele
$type='delivery';
$sql_del = "DELETE FROM ".MAIN_DB_PREFIX."document_model";
- $sql_del.= " WHERE nom = '".$_GET["value"]."'";
+ $sql_del.= " WHERE nom = '".$db->escape($_GET["value"])."'";
$sql_del.= " AND type = '".$type."'";
$sql_del.= " AND entity = ".$conf->entity;
$result1=$db->query($sql_del);
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom,type,entity) VALUES ('".$_GET["value"]."','".$type."',".$conf->entity.")";
+
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
+ $sql.= " VALUES ('".$db->escape($_GET["value"])."', '".$type."', ".$conf->entity.", ";
+ $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
+ $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+ $sql.= ")";
$result2=$db->query($sql);
if ($result1 && $result2)
{
@@ -354,7 +363,7 @@ if(is_dir($dir))
print "\n";
if ($conf->global->LIVRAISON_ADDON_PDF != "$name")
{
- print '';
+ print 'scandir.'&label='.urlencode($module->name).'">';
print img_picto($langs->trans("Enabled"),'on');
print '';
}
@@ -367,7 +376,7 @@ if(is_dir($dir))
else
{
print " | \n";
- print ''.img_picto($langs->trans("Disabled"),'off').'';
+ print 'scandir.'&label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'off').'';
print " | ";
}
@@ -379,7 +388,7 @@ if(is_dir($dir))
}
else
{
- print ''.img_picto($langs->trans("Disabled"),'off').'';
+ print 'scandir.'&label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'';
}
print '';
diff --git a/htdocs/admin/project.php b/htdocs/admin/project.php
index 2116edba57a..7e77ae704bf 100644
--- a/htdocs/admin/project.php
+++ b/htdocs/admin/project.php
@@ -85,7 +85,11 @@ if ($_GET["action"] == 'specimen')
if ($_GET["action"] == 'set')
{
$type='project';
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES ('".$_GET["value"]."','".$type."',".$conf->entity.")";
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
+ $sql.= " VALUES ('".$db->escape($_GET["value"])."','".$type."',".$conf->entity.", ";
+ $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
+ $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+ $sql.= ")";
if ($db->query($sql))
{
@@ -117,11 +121,16 @@ if ($_GET["action"] == 'setdoc')
// On active le modele
$type='project';
$sql_del = "DELETE FROM ".MAIN_DB_PREFIX."document_model";
- $sql_del.= " WHERE nom = '".$_GET["value"]."'";
+ $sql_del.= " WHERE nom = '".$db->escape($_GET["value"])."'";
$sql_del.= " AND type = '".$type."'";
$sql_del.= " AND entity = ".$conf->entity;
$result1=$db->query($sql_del);
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom,type,entity) VALUES ('".$_GET["value"]."','".$type."',".$conf->entity.")";
+
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
+ $sql.= " VALUES ('".$db->escape($_GET["value"])."', '".$type."', ".$conf->entity.", ";
+ $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
+ $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+ $sql.= ")";
$result2=$db->query($sql);
if ($result1 && $result2)
{
@@ -317,7 +326,7 @@ if (is_resource($handle))
print "\n";
if ($conf->global->PROJECT_ADDON_PDF != "$name")
{
- print '';
+ print 'scandir.'&label='.urlencode($module->name).'">';
print img_picto($langs->trans("Enabled"),'on');
print '';
}
@@ -330,7 +339,7 @@ if (is_resource($handle))
else
{
print " | \n";
- print ''.img_picto($langs->trans("Disabled"),'off').'';
+ print 'scandir.'&label='.urlencode($module->name).'">'.img_picto($langs->trans("Disabled"),'off').'';
print " | ";
}
@@ -342,7 +351,7 @@ if (is_resource($handle))
}
else
{
- print ''.img_picto($langs->trans("Disabled"),'off').'';
+ print 'scandir.'&label='.urlencode($module->name).'" alt="'.$langs->trans("Default").'">'.img_picto($langs->trans("Disabled"),'off').'';
}
print '';
diff --git a/htdocs/admin/propale.php b/htdocs/admin/propale.php
index fd4d276c913..25ae4d608c4 100644
--- a/htdocs/admin/propale.php
+++ b/htdocs/admin/propale.php
@@ -120,7 +120,11 @@ if ($_POST["action"] == 'setusecustomercontactasrecipient')
if ($_GET["action"] == 'set')
{
$type='propal';
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES ('".$_GET["value"]."','".$type."',".$conf->entity.")";
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
+ $sql.= " VALUES ('".$db->escape($_GET["value"])."','".$type."',".$conf->entity.", ";
+ $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
+ $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+ $sql.= ")";
if ($db->query($sql))
{
@@ -151,11 +155,16 @@ if ($_GET["action"] == 'setdoc')
// On active le modele
$type='propal';
$sql_del = "DELETE FROM ".MAIN_DB_PREFIX."document_model";
- $sql_del.= " WHERE nom = '".$_GET["value"]."'";
+ $sql_del.= " WHERE nom = '".$db->escape($_GET["value"])."'";
$sql_del.= " AND type = '".$type."'";
$sql_del.= " AND entity = ".$conf->entity;
$result1=$db->query($sql_del);
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom,type,entity) VALUES ('".$_GET["value"]."','".$type."',".$conf->entity.")";
+
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
+ $sql.= " VALUES ('".$db->escape($_GET["value"])."', '".$type."', ".$conf->entity.", ";
+ $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
+ $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+ $sql.= ")";
$result2=$db->query($sql);
if ($result1 && $result2)
{
@@ -347,7 +356,7 @@ foreach ($conf->file->dol_document_root as $dirroot)
{
$name = substr($file, 12, dol_strlen($file) - 24);
$classname = substr($file, 0, dol_strlen($file) -12);
-
+
$var=!$var;
print "\n | ";
print $name;
@@ -356,14 +365,14 @@ foreach ($conf->file->dol_document_root as $dirroot)
$module = new $classname($db);
print $module->description;
print ' | ';
-
+
// Activate
print ''."\n";
if (in_array($name, $def))
{
if ($conf->global->PROPALE_ADDON_PDF != "$name")
{
- print '';
+ print 'scandir.'&label='.urlencode($module->name).'">';
print img_picto($langs->trans("Activated"),'on');
print '';
}
@@ -374,12 +383,12 @@ foreach ($conf->file->dol_document_root as $dirroot)
}
else
{
- print '';
+ print 'scandir.'&label='.urlencode($module->name).'">';
print img_picto($langs->trans("Disabled"),'off');
print '';
}
print " | ";
-
+
// Default
print '';
if ($conf->global->PROPALE_ADDON_PDF == "$name")
@@ -388,12 +397,12 @@ foreach ($conf->file->dol_document_root as $dirroot)
}
else
{
- print '';
+ print 'scandir.'&label='.urlencode($module->name).'">';
print img_picto($langs->trans("No"),'off');
print '';
}
print ' | ';
-
+
// Info
$htmltooltip = ''.$langs->trans("Name").': '.$module->name;
$htmltooltip.='
'.$langs->trans("Type").': '.($module->type?$module->type:$langs->trans("Unknown"));
@@ -406,14 +415,14 @@ foreach ($conf->file->dol_document_root as $dirroot)
//$htmltooltip.='
'.$langs->trans("Escompte").': '.yn($module->option_escompte,1,1);
//$htmltooltip.='
'.$langs->trans("CreditNote").': '.yn($module->option_credit_note,1,1);
$htmltooltip.='
'.$langs->trans("WatermarkOnDraftProposal").': '.yn($module->option_draft_watermark,1,1);
-
+
print '';
print $html->textwithpicto('',$htmltooltip,1,0);
print ' | ';
print '';
print ''.img_object($langs->trans("Preview"),'propal').'';
print ' | ';
-
+
print "
\n";
}
}
diff --git a/htdocs/admin/societe.php b/htdocs/admin/societe.php
index adbbf93e87d..39601b559aa 100644
--- a/htdocs/admin/societe.php
+++ b/htdocs/admin/societe.php
@@ -96,9 +96,9 @@ if ($_GET["action"] == 'set')
{
$type='company';
$sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
- $sql.= " VALUES ('".addslashes($_GET["value"])."','".$type."',".$conf->entity.", ";
- $sql.= ($_GET["label"]?"'".addslashes($_GET["label"])."'":'null').", ";
- $sql.= (! empty($_GET["scandir"])?"'".$_GET["scandir"]."'":"null");
+ $sql.= " VALUES ('".$db->escape($_GET["value"])."','".$type."',".$conf->entity.", ";
+ $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
+ $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
$sql.= ")";
if ($db->query($sql))
{
@@ -133,16 +133,18 @@ if ($_GET["action"] == 'setdoc')
// On active le modele
$type='company';
$sql_del = "DELETE FROM ".MAIN_DB_PREFIX."document_model";
- $sql_del.= " WHERE nom = '".$_GET["value"]."'";
+ $sql_del.= " WHERE nom = '".$db->escape($_GET["value"])."'";
$sql_del.= " AND type = '".$type."'";
$sql_del.= " AND entity = ".$conf->entity;
+ dol_syslog("societe.php ".$sql);
$result1=$db->query($sql_del);
$sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
- $sql.= " VALUES ('".$_GET["value"]."', '".$type."', ".$conf->entity.", ";
- $sql.= ($_GET["label"]?"'".addslashes($_GET["label"])."'":'null').", ";
- $sql.= (! empty($_GET["scandir"])?"'".$_GET["scandir"]."'":"null");
+ $sql.= " VALUES ('".$db->escape($_GET["value"])."', '".$type."', ".$conf->entity.", ";
+ $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
+ $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
$sql.= ")";
+ dol_syslog("societe.php ".$sql);
$result2=$db->query($sql);
if ($result1 && $result2)
{
@@ -150,7 +152,8 @@ if ($_GET["action"] == 'setdoc')
}
else
{
- $db->rollback();
+ dol_syslog("societe.php ".$db->lasterror(), LOG_ERR);
+ $db->rollback();
}
}
diff --git a/htdocs/includes/modules/facture/doc/doc_generic_invoice_odt.modules.php b/htdocs/includes/modules/facture/doc/doc_generic_invoice_odt.modules.php
index 16ee26fa186..c6809ac57b5 100644
--- a/htdocs/includes/modules/facture/doc/doc_generic_invoice_odt.modules.php
+++ b/htdocs/includes/modules/facture/doc/doc_generic_invoice_odt.modules.php
@@ -219,11 +219,11 @@ class doc_generic_invoice_odt extends ModelePDFFactures
}
/**
- * \brief Function to build a document on disk using the generic odt module.
- * \param object Object source to build document
- * \param outputlangs Lang output object
- * \param $srctemplatepath Full path of source filename for generator using a template file
- * \return int 1 if OK, <=0 if KO
+ * Function to build a document on disk using the generic odt module.
+ * @param object Object source to build document
+ * @param outputlangs Lang output object
+ * @param srctemplatepath Full path of source filename for generator using a template file
+ * @return int 1 if OK, <=0 if KO
*/
function write_file($object,$outputlangs,$srctemplatepath)
{
diff --git a/htdocs/includes/modules/facture/pdf_crabe.modules.php b/htdocs/includes/modules/facture/doc/pdf_crabe.modules.php
old mode 100644
new mode 100755
similarity index 100%
rename from htdocs/includes/modules/facture/pdf_crabe.modules.php
rename to htdocs/includes/modules/facture/doc/pdf_crabe.modules.php
diff --git a/htdocs/includes/modules/facture/pdf_oursin.modules.php b/htdocs/includes/modules/facture/doc/pdf_oursin.modules.php
old mode 100644
new mode 100755
similarity index 99%
rename from htdocs/includes/modules/facture/pdf_oursin.modules.php
rename to htdocs/includes/modules/facture/doc/pdf_oursin.modules.php
index 00024fa8dd2..73b4ed9d610
--- a/htdocs/includes/modules/facture/pdf_oursin.modules.php
+++ b/htdocs/includes/modules/facture/doc/pdf_oursin.modules.php
@@ -22,7 +22,7 @@
*/
/**
- * \file htdocs/includes/modules/facture/pdf_oursin.modules.php
+ * \file htdocs/includes/modules/facture/pdf/pdf_oursin.modules.php
* \ingroup facture
* \brief Fichier de la classe permettant de generer les factures au modele oursin
* \author Sylvain SCATTOLINI base sur un modele de Laurent Destailleur
diff --git a/htdocs/includes/modules/facture/modules_facture.php b/htdocs/includes/modules/facture/modules_facture.php
index 0124abc0362..aae7b4fe47f 100644
--- a/htdocs/includes/modules/facture/modules_facture.php
+++ b/htdocs/includes/modules/facture/modules_facture.php
@@ -154,6 +154,7 @@ function facture_pdf_create($db, $object, $message, $modele, $outputlangs)
error_reporting($err);
$dir = DOL_DOCUMENT_ROOT . "/includes/modules/facture/";
+ $srctemplatepath='';
// Positionne modele sur le nom du modele a utiliser
if (! dol_strlen($modele))
@@ -170,11 +171,32 @@ function facture_pdf_create($db, $object, $message, $modele, $outputlangs)
}
}
- // Charge le modele
- $file = "pdf_".$modele.".modules.php";
- if (file_exists($dir.$file))
+ // If selected modele is a filename template (then $modele="modelname:filename")
+print 'eee'.$modele;exit;
+ $tmp=explode(':',$modele,2);
+ if (! empty($tmp[1]))
+ {
+ $modele=$tmp[0];
+ $srctemplatepath=$tmp[1];
+ }
+
+ // Search template file
+ $file=''; $classname=''; $filefound=0;
+ foreach(array('doc','pdf') as $prefix)
+ {
+ $file = $prefix."_".$modele.".modules.php";
+ if (file_exists($dir.'doc/'.$file))
+ {
+ $filefound=1;
+ $classname=$prefix.'_'.$modele;
+ $dir=$dir.'doc/';
+ break;
+ }
+ }
+
+ // Charge le modele
+ if ($filefound)
{
- $classname = "pdf_".$modele;
require_once($dir.$file);
$obj = new $classname($db);
@@ -183,7 +205,7 @@ function facture_pdf_create($db, $object, $message, $modele, $outputlangs)
// We save charset_output to restore it because write_file can change it if needed for
// output format that does not support UTF8.
$sav_charset_output=$outputlangs->charset_output;
- if ($obj->write_file($object, $outputlangs) > 0)
+ if ($obj->write_file($object, $outputlangs, $dir.$file) > 0)
{
// Success in building document. We build meta file.
facture_meta_create($db, $object->id);