lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' of ssh://git@github.com/Dolibarr/dolibarr.git into develop

Browse Source
This commit is contained in:
Laurent Destailleur 2012-03-05 13:02:41 +01:00
commit 08dfbb8fe3
9 changed files with 129 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/admin/commande.php
View File

@ -73,7 +73,7 @@ if ($action == 'specimen')
// Search template files // Search template files
$file=''; $classname=''; $filefound=0; $file=''; $classname=''; $filefound=0;
$dirmodels=array_merge(array('/'),(array)$conf->modules_parts['models']); $dirmodels=array_merge(array('/'),(array) $conf->modules_parts['models']);
foreach($dirmodels as $reldir) foreach($dirmodels as $reldir)
{ {
$file=dol_buildpath($reldir."core/modules/commande/doc/pdf_".$modele.".modules.php",0); $file=dol_buildpath($reldir."core/modules/commande/doc/pdf_".$modele.".modules.php",0);
@ -223,7 +223,7 @@ if ($action == 'set_COMMANDE_FREE_TEXT')
* View * View
*/ */
$dirmodels=array_merge(array('/'),(array)$conf->modules_parts['models']); $dirmodels=array_merge(array('/'),(array) $conf->modules_parts['models']);
llxHeader(); llxHeader();

4
htdocs/admin/facture.php
View File

@ -72,7 +72,7 @@ if ($action == 'specimen')
// Search template files // Search template files
$file=''; $classname=''; $filefound=0; $file=''; $classname=''; $filefound=0;
$dirmodels=array_merge(array('/'),(array)$conf->modules_parts['models']); $dirmodels=array_merge(array('/'),(array) $conf->modules_parts['models']);
foreach($dirmodels as $reldir) foreach($dirmodels as $reldir)
{ {
$file=dol_buildpath($reldir."core/modules/facture/doc/pdf_".$modele.".modules.php",0); $file=dol_buildpath($reldir."core/modules/facture/doc/pdf_".$modele.".modules.php",0);
@ -291,7 +291,7 @@ if ($action == 'setforcedate')
* View * View
*/ */
$dirmodels=array_merge(array('/'),(array)$conf->modules_parts['models']); $dirmodels=array_merge(array('/'),(array) $conf->modules_parts['models']);
llxHeader("",$langs->trans("BillsSetup"),'EN:Invoice_Configuration|FR:Configuration_module_facture|ES:ConfiguracionFactura'); llxHeader("",$langs->trans("BillsSetup"),'EN:Invoice_Configuration|FR:Configuration_module_facture|ES:ConfiguracionFactura');

6
htdocs/admin/fournisseur.php
View File

@ -78,7 +78,7 @@ if ($action == 'specimen') // For orders
// Search template files // Search template files
$file=''; $classname=''; $filefound=0; $file=''; $classname=''; $filefound=0;
$dirmodels=array_merge(array('/'),(array)$conf->modules_parts['models']); $dirmodels=array_merge(array('/'),(array) $conf->modules_parts['models']);
foreach($dirmodels as $reldir) foreach($dirmodels as $reldir)
{ {
$file=dol_buildpath($reldir."core/modules/supplier_order/pdf/pdf_".$modele.".modules.php",0); $file=dol_buildpath($reldir."core/modules/supplier_order/pdf/pdf_".$modele.".modules.php",0);
@ -124,7 +124,7 @@ if ($action == 'specimenfacture') // For invoices
// Search template files // Search template files
$file=''; $classname=''; $filefound=0; $file=''; $classname=''; $filefound=0;
$dirmodels=array_merge(array('/'),(array)$conf->modules_parts['models']); $dirmodels=array_merge(array('/'),(array) $conf->modules_parts['models']);
foreach($dirmodels as $reldir) foreach($dirmodels as $reldir)
{ {
$file=dol_buildpath($reldir."core/modules/supplier_invoice/pdf/pdf_".$modele.".modules.php",0); $file=dol_buildpath($reldir."core/modules/supplier_invoice/pdf/pdf_".$modele.".modules.php",0);
@ -262,7 +262,7 @@ if ($action == 'set_SUPPLIER_INVOICE_FREE_TEXT')
* View * View
*/ */
$dirmodels=array_merge(array('/'),(array)$conf->modules_parts['models']); $dirmodels=array_merge(array('/'),(array) $conf->modules_parts['models']);
llxHeader(); llxHeader();

4
htdocs/fichinter/apercu.php
View File

@ -2,7 +2,7 @@
/* Copyright (C) 2002-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org> /* Copyright (C) 2002-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2005 Laurent Destailleur <eldy@users.sourceforge.net> * Copyright (C) 2004-2005 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr> * Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es> * Copyright (C) 2011-2012 Juanjo Menent <jmenent@2byte.es>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -36,7 +36,7 @@ $langs->load('interventions');
// Security check // Security check
$socid=0; $socid=0;
$id = GETPOST('id','int'); $id = GETPOST('id','int');
$ref = GETPOST("ref"); $ref = GETPOST('ref','alpha');
if ($user->societe_id) $socid=$user->societe_id; if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'ficheinter', $id, 'fichinter'); $result = restrictedArea($user, 'ficheinter', $id, 'fichinter');

42
htdocs/fichinter/contact.php
View File

@ -1,6 +1,7 @@
<?php <?php
/* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr> /* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2007-2009 Laurent Destailleur <eldy@users.sourceforge.net> * Copyright (C) 2007-2009 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2012 Juanjo Menent <jmenent@2byte.es>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -32,7 +33,8 @@ $langs->load("interventions");
$langs->load("sendings"); $langs->load("sendings");
$langs->load("companies"); $langs->load("companies");
$fichinterid = isset($_GET["id"])?$_GET["id"]:''; $fichinterid = GETPOST('id','int');
$action = GETPOST('action','alpha');
// Security check // Security check
if ($user->societe_id) $socid=$user->societe_id; if ($user->societe_id) $socid=$user->societe_id;
@ -43,16 +45,16 @@ $result = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter');
* Ajout d'un nouveau contact * Ajout d'un nouveau contact
*/ */
if ($_POST["action"] == 'addcontact' && $user->rights->ficheinter->creer) if ($action == 'addcontact' && $user->rights->ficheinter->creer)
{ {
$result = 0; $result = 0;
$fichinter = new Fichinter($db); $fichinter = new Fichinter($db);
$result = $fichinter->fetch($_GET["id"]); $result = $fichinter->fetch($fichinterid);
if ($result > 0 && $_GET["id"] > 0) if ($result > 0 && $fichinterid > 0)
{ {
$result = $fichinter->add_contact($_POST["contactid"], $_POST["type"], $_POST["source"]); $result = $fichinter->add_contact(GETPOST('contactid','int'), GETPOST('type','int'), GETPOST('source','alpha'));
} }
if ($result >= 0) if ($result >= 0)
@ -75,12 +77,12 @@ if ($_POST["action"] == 'addcontact' && $user->rights->ficheinter->creer)
} }
// bascule du statut d'un contact // bascule du statut d'un contact
if ($_GET["action"] == 'swapstatut' && $user->rights->ficheinter->creer) if ($action == 'swapstatut' && $user->rights->ficheinter->creer)
{ {
$fichinter = new Fichinter($db); $fichinter = new Fichinter($db);
if ($fichinter->fetch(GETPOST('id','int'))) if ($fichinter->fetch($fichinterid))
{ {
$result=$fichinter->swapContactStatus(GETPOST('ligne')); $result=$fichinter->swapContactStatus(GETPOST('ligne','int'));
} }
else else
{ {
@ -89,11 +91,11 @@ if ($_GET["action"] == 'swapstatut' && $user->rights->ficheinter->creer)
} }
// Efface un contact // Efface un contact
if ($_GET["action"] == 'deleteline' && $user->rights->ficheinter->creer) if ($action == 'deleteline' && $user->rights->ficheinter->creer)
{ {
$fichinter = new Fichinter($db); $fichinter = new Fichinter($db);
$fichinter->fetch($_GET["id"]); $fichinter->fetch($fichinterid);
$result = $fichinter->delete_contact($_GET["lineid"]); $result = $fichinter->delete_contact(GETPOST('lineid','int'));
if ($result >= 0) if ($result >= 0)
{ {
@ -125,11 +127,11 @@ $userstatic=new User($db);
/* *************************************************************************** */ /* *************************************************************************** */
dol_htmloutput_mesg($mesg); dol_htmloutput_mesg($mesg);
$id = $_GET["id"];
if ($id > 0) if ($fichinterid > 0)
{ {
$fichinter = new Fichinter($db); $fichinter = new Fichinter($db);
if ($fichinter->fetch($_GET['id']) > 0) if ($fichinter->fetch($fichinterid) > 0)
{ {
$soc = new Societe($db); $soc = new Societe($db);
$soc->fetch($fichinter->socid); $soc->fetch($fichinter->socid);
@ -168,7 +170,7 @@ if ($id > 0)
* Ajouter une ligne de contact * Ajouter une ligne de contact
* Non affiche en mode modification de ligne * Non affiche en mode modification de ligne
*/ */
if ($_GET["action"] != 'editline' && $user->rights->ficheinter->creer) if ($action != 'editline' && $user->rights->ficheinter->creer)
{ {
print '<tr class="liste_titre">'; print '<tr class="liste_titre">';
print '<td>'.$langs->trans("Source").'</td>'; print '<td>'.$langs->trans("Source").'</td>';
@ -180,11 +182,11 @@ if ($id > 0)
$var = false; $var = false;
print '<form action="contact.php?id='.$id.'" method="post">'; print '<form action="contact.php?id='.$fichinterid.'" method="post">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">'; print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="addcontact">'; print '<input type="hidden" name="action" value="addcontact">';
print '<input type="hidden" name="source" value="internal">'; print '<input type="hidden" name="source" value="internal">';
print '<input type="hidden" name="id" value="'.$id.'">'; print '<input type="hidden" name="id" value="'.$fichinterid.'">';
// Ligne ajout pour contact interne // Ligne ajout pour contact interne
print "<tr $bc[$var]>"; print "<tr $bc[$var]>";
@ -209,11 +211,11 @@ if ($id > 0)
print '</form>'; print '</form>';
print '<form action="contact.php?id='.$id.'" method="post">'; print '<form action="contact.php?id='.$fichinterid.'" method="post">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">'; print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="addcontact">'; print '<input type="hidden" name="action" value="addcontact">';
print '<input type="hidden" name="source" value="external">'; print '<input type="hidden" name="source" value="external">';
print '<input type="hidden" name="id" value="'.$id.'">'; print '<input type="hidden" name="id" value="'.$fichinterid.'">';
// Ligne ajout pour contact externe // Ligne ajout pour contact externe
$var=!$var; $var=!$var;
@ -224,7 +226,7 @@ if ($id > 0)
print '</td>'; print '</td>';
print '<td colspan="1">'; print '<td colspan="1">';
$selectedCompany = isset($_GET["newcompany"])?$_GET["newcompany"]:$fichinter->client->id; $selectedCompany = GETPOST('newcompany','int')?GETPOST('newcompany','int'):$fichinter->client->id;
$selectedCompany = $formcompany->selectCompaniesForNewContact($fichinter, 'id', $selectedCompany, $htmlname = 'newcompany'); $selectedCompany = $formcompany->selectCompaniesForNewContact($fichinter, 'id', $selectedCompany, $htmlname = 'newcompany');
print '</td>'; print '</td>';

14
htdocs/fichinter/document.php
View File

@ -4,7 +4,7 @@
* Copyright (C) 2005 Marc Barilley / Ocebo <marc@ocebo.com> * Copyright (C) 2005 Marc Barilley / Ocebo <marc@ocebo.com>
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr> * Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005 Simon TOSSER <simon@kornog-computing.com> * Copyright (C) 2005 Simon TOSSER <simon@kornog-computing.com>
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es> * Copyright (C) 2011-2012 Juanjo Menent <jmenent@2byte.es>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -39,7 +39,7 @@ $langs->load("companies");
$langs->load("interventions"); $langs->load("interventions");
$id = GETPOST('id','int'); $id = GETPOST('id','int');
$action = GETPOST("action"); $action = GETPOST('action','alpha');
// Security check // Security check
if ($user->societe_id) $socid=$user->societe_id; if ($user->societe_id) $socid=$user->societe_id;
@ -47,9 +47,9 @@ $result = restrictedArea($user, 'ficheinter', $id, 'fichinter');
// Get parameters // Get parameters
$sortfield = GETPOST("sortfield",'alpha'); $sortfield = GETPOST('sortfield','alpha');
$sortorder = GETPOST("sortorder",'alpha'); $sortorder = GETPOST('sortorder','alpha');
$page = GETPOST("page",'int'); $page = GETPOST('page','int');
if ($page == -1) { $page = 0; } if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page; $offset = $conf->liste_limit * $page;
$pageprev = $page - 1; $pageprev = $page - 1;
@ -69,7 +69,7 @@ $modulepart='fichinter';
* Actions * Actions
*/ */
if (GETPOST("sendit") && ! empty($conf->global->MAIN_UPLOAD_DOC)) if (GETPOST('sendit','alpha') && ! empty($conf->global->MAIN_UPLOAD_DOC))
{ {
require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php"); require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
@ -133,7 +133,7 @@ if ($object->id)
if ($action == 'delete') if ($action == 'delete')
{ {
$file = $upload_dir . '/' . GETPOST("urlfile"); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). $file = $upload_dir . '/' . GETPOST('urlfile','alpha'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
$result=dol_delete_file($file); $result=dol_delete_file($file);
//if ($result >= 0) $mesg=$langs->trans("FileWasRemoced"); //if ($result >= 0) $mesg=$langs->trans("FileWasRemoced");
} }

144
htdocs/fichinter/fiche.php
View File

@ -2,7 +2,7 @@
/* Copyright (C) 2002-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org> /* Copyright (C) 2002-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net> * Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr> * Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es> * Copyright (C) 2011-2012 Juanjo Menent <jmenent@2byte.es>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -44,11 +44,11 @@ $langs->load("companies");
$langs->load("interventions"); $langs->load("interventions");
$id = GETPOST('id','int'); $id = GETPOST('id','int');
$ref = GETPOST('ref'); $ref = GETPOST('ref','alpha');
$socid = GETPOST('socid','int'); $socid = GETPOST('socid','int');
$action = GETPOST("action"); $action = GETPOST('action','alpha');
$confirm = GETPOST("confirm"); $confirm = GETPOST('confirm','alpha');
$mesg = GETPOST("msg"); $mesg = GETPOST('msg','alpha');
// Security check // Security check
if ($user->societe_id) $socid=$user->societe_id; if ($user->societe_id) $socid=$user->societe_id;
@ -72,14 +72,14 @@ if ($action == 'confirm_validate' && $confirm == 'yes')
// Define output language // Define output language
$outputlangs = $langs; $outputlangs = $langs;
$newlang=''; $newlang='';
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id']; if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id','alpha')) $newlang=GETPOST('lang_id','alpha');
if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang; if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang;
if (! empty($newlang)) if (! empty($newlang))
{ {
$outputlangs = new Translate("",$conf); $outputlangs = new Translate("",$conf);
$outputlangs->setDefaultLang($newlang); $outputlangs->setDefaultLang($newlang);
} }
$result=fichinter_create($db, $object, $_REQUEST['model'], $outputlangs); $result=fichinter_create($db, $object, GETPOST('model','alpha'), $outputlangs);
Header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id); Header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
exit; exit;
} }
@ -100,14 +100,14 @@ if ($action == 'confirm_modify' && $confirm == 'yes')
// Define output language // Define output language
$outputlangs = $langs; $outputlangs = $langs;
$newlang=''; $newlang='';
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id']; if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id','alpha')) $newlang=GETPOST('lang_id','alpha');
if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang; if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang;
if (! empty($newlang)) if (! empty($newlang))
{ {
$outputlangs = new Translate("",$conf); $outputlangs = new Translate("",$conf);
$outputlangs->setDefaultLang($newlang); $outputlangs->setDefaultLang($newlang);
} }
$result=fichinter_create($db, $object, (empty($_REQUEST['model'])?$object->model:$_REQUEST['model']), $outputlangs); $result=fichinter_create($db, $object, (!GETPOST('model','alpha'))?$object->model:GETPOST('model','apha'), $outputlangs);
Header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id); Header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
exit; exit;
} }
@ -120,14 +120,14 @@ if ($action == 'confirm_modify' && $confirm == 'yes')
if ($action == 'add') if ($action == 'add')
{ {
$object->socid = $socid; $object->socid = $socid;
$object->duree = $_POST["duree"]; $object->duree = GETPOST('duree','int');
$object->fk_project = $_POST["projectid"]; $object->fk_project = GETPOST('projectid','int');
$object->author = $user->id; $object->author = $user->id;
$object->description = $_POST["description"]; $object->description = GETPOST('description','alpha');
$object->ref = $ref; $object->ref = $ref;
$object->modelpdf = $_POST["model"]; $object->modelpdf = GETPOST('model','alpha');
$object->note_private = $_POST["note_private"]; $object->note_private = GETPOST('note_private','alpha');
$object->note_public = $_POST["note_public"]; $object->note_public = GETPOST('note_public','alpha');
if ($object->socid > 0) if ($object->socid > 0)
{ {
@ -155,9 +155,9 @@ if ($action == 'update')
$object->fetch($id); $object->fetch($id);
$object->socid = $socid; $object->socid = $socid;
$object->fk_project = $_POST["projectid"]; $object->fk_project = GETPOST('projectid','int');
$object->author = $user->id; $object->author = $user->id;
$object->description = $_POST["description"]; $object->description = GETPOST('description','alpha');
$object->ref = $ref; $object->ref = $ref;
$object->update(); $object->update();
@ -172,22 +172,22 @@ if ($action == 'builddoc') // En get ou en post
$object->fetch_thirdparty(); $object->fetch_thirdparty();
$object->fetch_lines(); $object->fetch_lines();
if ($_REQUEST['model']) if (GETPOST('model','alpha'))
{ {
$object->setDocModel($user, $_REQUEST['model']); $object->setDocModel($user, GETPOST('model','alpha'));
} }
// Define output language // Define output language
$outputlangs = $langs; $outputlangs = $langs;
$newlang=''; $newlang='';
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id']; if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id','alpha')) $newlang=GETPOST('lang_id','alpha');
if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang; if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang;
if (! empty($newlang)) if (! empty($newlang))
{ {
$outputlangs = new Translate("",$conf); $outputlangs = new Translate("",$conf);
$outputlangs->setDefaultLang($newlang); $outputlangs->setDefaultLang($newlang);
} }
$result=fichinter_create($db, $object, $_REQUEST['model'], $outputlangs); $result=fichinter_create($db, $object, GETPOST('model','alpha'), $outputlangs);
if ($result <= 0) if ($result <= 0)
{ {
dol_print_error($db,$result); dol_print_error($db,$result);
@ -199,7 +199,7 @@ if ($action == 'builddoc') // En get ou en post
if ($action == 'classin') if ($action == 'classin')
{ {
$object->fetch($id); $object->fetch($id);
$result=$object->setProject($_POST['projectid']); $result=$object->setProject(GETPOST('projectid','int'));
if ($result < 0) dol_print_error($db,$object->error); if ($result < 0) dol_print_error($db,$object->error);
} }
@ -217,31 +217,31 @@ if ($action == 'confirm_delete' && $confirm == 'yes')
if ($action == 'setdescription') if ($action == 'setdescription')
{ {
$object->fetch($id); $object->fetch($id);
$result=$object->set_description($user,$_POST['description']); $result=$object->set_description($user,GETPOST('description','alpha'));
if ($result < 0) dol_print_error($db,$object->error); if ($result < 0) dol_print_error($db,$object->error);
} }
if ($action == 'setnote_public') if ($action == 'setnote_public')
{ {
$object->fetch($id); $object->fetch($id);
$result=$object->update_note_public($_POST['note_public']); $result=$object->update_note_public(GETPOST('note_public','alpha'));
if ($result < 0) dol_print_error($db,$object->error); if ($result < 0) dol_print_error($db,$object->error);
} }
if ($action == 'setnote_private') if ($action == 'setnote_private')
{ {
$object->fetch($id); $object->fetch($id);
$result=$object->update_note($_POST['note_private']); $result=$object->update_note(GETPOST('note_private','alpha'));
if ($result < 0) dol_print_error($db,$object->error); if ($result < 0) dol_print_error($db,$object->error);
} }
// Add line // Add line
if ($action == "addline" && $user->rights->ficheinter->creer) if ($action == "addline" && $user->rights->ficheinter->creer)
{ {
if (empty($_POST['np_desc'])) if (!GETPOST('np_desc','alpha'))
{ {
$mesg='<div class="error">'.$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("Description")).'</div>'; $mesg='<div class="error">'.$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("Description")).'</div>';
$error++; $error++;
} }
if (empty($_POST['durationhour']) && empty($_POST['durationmin'])) if (!GETPOST('durationhour','int') && !GETPOST('durationmin','int'))
{ {
$mesg='<div class="error">'.$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("Duration")).'</div>'; $mesg='<div class="error">'.$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("Duration")).'</div>';
$error++; $error++;
@ -253,9 +253,9 @@ if ($action == "addline" && $user->rights->ficheinter->creer)
$ret=$object->fetch($id); $ret=$object->fetch($id);
$object->fetch_thirdparty(); $object->fetch_thirdparty();
$desc=$_POST['np_desc']; $desc=GETPOST('np_desc','alpha');
$date_intervention = dol_mktime($_POST["dihour"], $_POST["dimin"], 0, $_POST["dimonth"], $_POST["diday"], $_POST["diyear"]); $date_intervention = dol_mktime(GETPOST('dihour','int'), GETPOST('dimin','int'), 0, GETPOST('dimonth','int'), GETPOST('diday','int'), GETPOST('diyear','int'));
$duration = convertTime2Seconds($_POST['durationhour'],$_POST['durationmin']); $duration = convertTime2Seconds(GETPOST('durationhour','int'),GETPOST('durationmin','int'));
$result=$object->addline( $result=$object->addline(
$id, $id,
@ -267,7 +267,7 @@ if ($action == "addline" && $user->rights->ficheinter->creer)
// Define output language // Define output language
$outputlangs = $langs; $outputlangs = $langs;
$newlang=''; $newlang='';
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id']; if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id','alpha')) $newlang=GETPOST('lang_id','alpha');
if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang; if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang;
if (! empty($newlang)) if (! empty($newlang))
{ {
@ -310,10 +310,10 @@ if ($action == 'classifybilled')
/* /*
* Mise a jour d'une ligne d'intervention * Mise a jour d'une ligne d'intervention
*/ */
if ($action == 'updateline' && $user->rights->ficheinter->creer && $_POST["save"] == $langs->trans("Save")) if ($action == 'updateline' && $user->rights->ficheinter->creer && GETPOST('save','alpha') == $langs->trans("Save"))
{ {
$objectline = new FichinterLigne($db); $objectline = new FichinterLigne($db);
if ($objectline->fetch($_POST['line_id']) <= 0) if ($objectline->fetch(GETPOST('line_id','int')) <= 0)
{ {
dol_print_error($db); dol_print_error($db);
exit; exit;
@ -326,9 +326,9 @@ if ($action == 'updateline' && $user->rights->ficheinter->creer && $_POST["save"
} }
$object->fetch_thirdparty(); $object->fetch_thirdparty();
$desc = $_POST['np_desc']; $desc = GETPOST('np_desc','alpha');
$date_inter = dol_mktime($_POST["dihour"], $_POST["dimin"], 0, $_POST["dimonth"], $_POST["diday"], $_POST["diyear"]); $date_inter = dol_mktime(GETPOST('dihour','int'), GETPOST('dimin','int'), 0, GETPOST('dimonth','int'), GETPOST('diday','int'), GETPOST('diyear','int'));
$duration = convertTime2Seconds($_POST['durationhour'],$_POST['durationmin']); $duration = convertTime2Seconds(GETPOST('durationhour','int'),GETPOST('durationmin','int'));
$objectline->datei = $date_inter; $objectline->datei = $date_inter;
$objectline->desc = $desc; $objectline->desc = $desc;
@ -343,7 +343,7 @@ if ($action == 'updateline' && $user->rights->ficheinter->creer && $_POST["save"
// Define output language // Define output language
$outputlangs = $langs; $outputlangs = $langs;
$newlang=''; $newlang='';
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id']; if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id','alpha')) $newlang=GETPOST('lang_id','alpha');
if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang; if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang;
if (! empty($newlang)) if (! empty($newlang))
{ {
@ -364,7 +364,7 @@ if ($action == 'confirm_deleteline' && $confirm == 'yes')
if ($user->rights->ficheinter->creer) if ($user->rights->ficheinter->creer)
{ {
$objectline = new FichinterLigne($db); $objectline = new FichinterLigne($db);
if ($objectline->fetch($_GET['line_id']) <= 0) if ($objectline->fetch(GETPOST('line_id','int')) <= 0)
{ {
dol_print_error($db); dol_print_error($db);
exit; exit;
@ -380,7 +380,7 @@ if ($action == 'confirm_deleteline' && $confirm == 'yes')
// Define output language // Define output language
$outputlangs = $langs; $outputlangs = $langs;
$newlang=''; $newlang='';
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id']; if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id','alpha')) $newlang=GETPOST('lang_id','alpha');
if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang; if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang;
if (! empty($newlang)) if (! empty($newlang))
{ {
@ -401,12 +401,12 @@ if ($action == 'up' && $user->rights->ficheinter->creer)
{ {
$object->fetch($id); $object->fetch($id);
$object->fetch_thirdparty(); $object->fetch_thirdparty();
$object->line_up($_GET['line_id']); $object->line_up(GETPOST('line_id','int'));
// Define output language // Define output language
$outputlangs = $langs; $outputlangs = $langs;
$newlang=''; $newlang='';
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id']; if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id','alpha')) $newlang=GETPOST('lang_id','alpha');
if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang; if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang;
if (! empty($newlang)) if (! empty($newlang))
{ {
@ -414,7 +414,7 @@ if ($action == 'up' && $user->rights->ficheinter->creer)
$outputlangs->setDefaultLang($newlang); $outputlangs->setDefaultLang($newlang);
} }
fichinter_create($db, $object, $object->modelpdf, $outputlangs); fichinter_create($db, $object, $object->modelpdf, $outputlangs);
Header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id.'#'.$_GET['line_id']); Header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id.'#'.GETPOST('line_id','int'));
exit; exit;
} }
@ -422,12 +422,12 @@ if ($action == 'down' && $user->rights->ficheinter->creer)
{ {
$object->fetch($id); $object->fetch($id);
$object->fetch_thirdparty(); $object->fetch_thirdparty();
$object->line_down($_GET['line_id']); $object->line_down(GETPOST('line_id','int'));
// Define output language // Define output language
$outputlangs = $langs; $outputlangs = $langs;
$newlang=''; $newlang='';
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id']; if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id','alpha')) $newlang=GETPOST('lang_id','alpha');
if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang; if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang;
if (! empty($newlang)) if (! empty($newlang))
{ {
@ -435,7 +435,7 @@ if ($action == 'down' && $user->rights->ficheinter->creer)
$outputlangs->setDefaultLang($newlang); $outputlangs->setDefaultLang($newlang);
} }
fichinter_create($db, $object, $object->modelpdf, $outputlangs); fichinter_create($db, $object, $object->modelpdf, $outputlangs);
Header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id.'#'.$_GET['line_id']); Header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id.'#'.GETPOST('line_id','int'));
exit; exit;
} }
@ -443,7 +443,7 @@ if ($action == 'down' && $user->rights->ficheinter->creer)
/* /*
* Add file in email form * Add file in email form
*/ */
if ($_POST['addfile']) if (GETPOST('addfile','alpha'))
{ {
require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php"); require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
@ -459,7 +459,7 @@ if ($_POST['addfile'])
/* /*
* Remove file in email form * Remove file in email form
*/ */
if (! empty($_POST['removedfile'])) if (GETPOST('removedfile','alpha'))
{ {
require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php"); require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
@ -468,7 +468,7 @@ if (! empty($_POST['removedfile']))
$upload_dir_tmp = $vardir.'/temp'; $upload_dir_tmp = $vardir.'/temp';
// TODO Delete only files that was uploaded from email form // TODO Delete only files that was uploaded from email form
$mesg=dol_remove_file_process($_POST['removedfile'],0); $mesg=dol_remove_file_process(GETPOST('removedfile','alpha'),0);
$action='presend'; $action='presend';
} }
@ -476,7 +476,7 @@ if (! empty($_POST['removedfile']))
/* /*
* Send mail * Send mail
*/ */
if ($action == 'send' && ! $_POST['cancel'] && (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights->ficheinter->ficheinter_advance->send)) if ($action == 'send' && ! GETPOST('cancel','alpha') && (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights->ficheinter->ficheinter_advance->send))
{ {
$langs->load('mails'); $langs->load('mails');
@ -489,24 +489,24 @@ if ($action == 'send' && ! $_POST['cancel'] && (empty($conf->global->MAIN_USE_AD
{ {
$object->fetch_thirdparty(); $object->fetch_thirdparty();
if ($_POST['sendto']) if (GETPOST('sendto','alpha'))
{ {
// Le destinataire a ete fourni via le champ libre // Le destinataire a ete fourni via le champ libre
$sendto = $_POST['sendto']; $sendto = GETPOST('sendto','alpha');
$sendtoid = 0; $sendtoid = 0;
} }
elseif ($_POST['receiver'] != '-1') elseif (GETPOST('receiver','alpha') != '-1')
{ {
// Recipient was provided from combo list // Recipient was provided from combo list
if ($_POST['receiver'] == 'thirdparty') // Id of third party if (GETPOST('receiver','alpha') == 'thirdparty') // Id of third party
{ {
$sendto = $object->client->email; $sendto = $object->client->email;
$sendtoid = 0; $sendtoid = 0;
} }
else // Id du contact else // Id du contact
{ {
$sendto = $object->client->contact_get_email($_POST['receiver']); $sendto = $object->client->contact_get_email(GETPOST('receiver','alpha'));
$sendtoid = $_POST['receiver']; $sendtoid = GETPOST('receiver','alpha');
} }
} }
@ -514,15 +514,15 @@ if ($action == 'send' && ! $_POST['cancel'] && (empty($conf->global->MAIN_USE_AD
{ {
$langs->load("commercial"); $langs->load("commercial");
$from = $_POST['fromname'] . ' <' . $_POST['frommail'] .'>'; $from = GETPOST('fromname','alpha') . ' <' . GETPOST('frommail','alpha') .'>';
$replyto = $_POST['replytoname']. ' <' . $_POST['replytomail'].'>'; $replyto = GETPOST('replytoname','alpha'). ' <' . GETPOST('replytomail','alpha').'>';
$message = $_POST['message']; $message = GETPOST('message','alpha');
$sendtocc = $_POST['sendtocc']; $sendtocc = GETPOST('sendtocc','alpha');
$deliveryreceipt = $_POST['deliveryreceipt']; $deliveryreceipt = GETPOST('deliveryreceipt','alpha');
if ($action == 'send') if ($action == 'send')
{ {
if (strlen($_POST['subject'])) $subject = $_POST['subject']; if (strlen(GETPOST('subject','alphs'))) $subject = GETPOST('subject','alpha');
else $subject = $langs->transnoentities('Intervention').' '.$object->ref; else $subject = $langs->transnoentities('Intervention').' '.$object->ref;
$actiontypecode='AC_FICH'; $actiontypecode='AC_FICH';
$actionmsg = $langs->transnoentities('MailSentBy').' '.$from.' '.$langs->transnoentities('To').' '.$sendto.".\n"; $actionmsg = $langs->transnoentities('MailSentBy').' '.$from.' '.$langs->transnoentities('To').' '.$sendto.".\n";
@ -695,7 +695,7 @@ if ($action == 'create')
$langs->load("project"); $langs->load("project");
print '<tr><td valign="top">'.$langs->trans("Project").'</td><td>'; print '<tr><td valign="top">'.$langs->trans("Project").'</td><td>';
$numprojet=select_projects($soc->id,$_POST["projectid"],'projectid'); $numprojet=select_projects($soc->id,GETPOST('projectid','int'),'projectid');
if ($numprojet==0) if ($numprojet==0)
{ {
print ' &nbsp; <a href="'.DOL_DOCUMENT_ROOT.'/projet/fiche.php?socid='.$soc->id.'&action=create">'.$langs->trans("AddProject").'</a>'; print ' &nbsp; <a href="'.DOL_DOCUMENT_ROOT.'/projet/fiche.php?socid='.$soc->id.'&action=create">'.$langs->trans("AddProject").'</a>';
@ -796,7 +796,7 @@ else if ($id > 0 || ! empty($ref))
// Confirmation de la suppression d'une ligne d'intervention // Confirmation de la suppression d'une ligne d'intervention
if ($action == 'ask_deleteline') if ($action == 'ask_deleteline')
{ {
$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$object->id.'&line_id='.$_GET["line_id"], $langs->trans('DeleteInterventionLine'), $langs->trans('ConfirmDeleteInterventionLine'), 'confirm_deleteline','',0,1); $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$object->id.'&line_id='.GETPOST('line_id','int'), $langs->trans('DeleteInterventionLine'), $langs->trans('ConfirmDeleteInterventionLine'), 'confirm_deleteline','',0,1);
if ($ret == 'html') print '<br>'; if ($ret == 'html') print '<br>';
} }
@ -908,7 +908,7 @@ else if ($id > 0 || ! empty($ref))
$var=!$var; $var=!$var;
// Ligne en mode visu // Ligne en mode visu
if ($action != 'editline' || $_GET['line_id'] != $objp->rowid) if ($action != 'editline' || GETPOST('line_id','int') != $objp->rowid)
{ {
print '<tr '.$bc[$var].'>'; print '<tr '.$bc[$var].'>';
print '<td>'; print '<td>';
@ -963,13 +963,13 @@ else if ($id > 0 || ! empty($ref))
} }
// Ligne en mode update // Ligne en mode update
if ($object->statut == 0 && $action == 'editline' && $user->rights->ficheinter->creer && $_GET["line_id"] == $objp->rowid) if ($object->statut == 0 && $action == 'editline' && $user->rights->ficheinter->creer && GETPOST('line_id','int') == $objp->rowid)
{ {
print '<form action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'#'.$objp->rowid.'" method="post">'; print '<form action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'#'.$objp->rowid.'" method="post">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">'; print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="updateline">'; print '<input type="hidden" name="action" value="updateline">';
print '<input type="hidden" name="id" value="'.$object->id.'">'; print '<input type="hidden" name="id" value="'.$object->id.'">';
print '<input type="hidden" name="line_id" value="'.$_GET["line_id"].'">'; print '<input type="hidden" name="line_id" value="'.GETPOST('line_id','int').'">';
print '<tr '.$bc[$var].'>'; print '<tr '.$bc[$var].'>';
print '<td>'; print '<td>';
print '<a name="'.$objp->rowid.'"></a>'; // ancre pour retourner sur la ligne print '<a name="'.$objp->rowid.'"></a>'; // ancre pour retourner sur la ligne
@ -1031,21 +1031,21 @@ else if ($id > 0 || ! empty($ref))
print '<td>'; print '<td>';
// editeur wysiwyg // editeur wysiwyg
require_once(DOL_DOCUMENT_ROOT."/core/class/doleditor.class.php"); require_once(DOL_DOCUMENT_ROOT."/core/class/doleditor.class.php");
$doleditor=new DolEditor('np_desc',$_POST["np_desc"],'',100,'dolibarr_details','',false,true,$conf->global->FCKEDITOR_ENABLE_DETAILS,ROWS_2,70); $doleditor=new DolEditor('np_desc',GETPOST('np_desc','alpha'),'',100,'dolibarr_details','',false,true,$conf->global->FCKEDITOR_ENABLE_DETAILS,ROWS_2,70);
$doleditor->Create(); $doleditor->Create();
print '</td>'; print '</td>';
// Date intervention // Date intervention
print '<td align="center" nowrap="nowrap">'; print '<td align="center" nowrap="nowrap">';
$timearray=dol_getdate(mktime()); $timearray=dol_getdate(mktime());
if (empty($_POST['diday'])) $timewithnohour=dol_mktime(0,0,0,$timearray['mon'],$timearray['mday'],$timearray['year']); if (!GETPOST('diday','int')) $timewithnohour=dol_mktime(0,0,0,$timearray['mon'],$timearray['mday'],$timearray['year']);
else $timewithnohour=dol_mktime($_POST['dihour'],$_POST['dimin'],$_POST['disec'],$_POST['dimonth'],$_POST['diday'],$_POST['diyear']); else $timewithnohour=dol_mktime(GETPOST('dihour','int'),GETPOST('dimin','int'),GETPOST('disec','int'),GETPOST('dimonth','int'),GETPOST('diday','int'),GETPOST('diyear','int'));
$form->select_date($timewithnohour,'di',1,1,0,"addinter"); $form->select_date($timewithnohour,'di',1,1,0,"addinter");
print '</td>'; print '</td>';
// Duration // Duration
print '<td align="right">'; print '<td align="right">';
$form->select_duration('duration',(empty($_POST["durationhour"]) && empty($_POST["durationmin"]))?3600:(60*60*$_POST["durationhour"]+60*$_POST["durationmin"])); $form->select_duration('duration',(!GETPOST('durationhour','int') && !GETPOST('durationmin','int'))?3600:(60*60*GETPOST('durationhour','int')+60*GETPOST('durationmin','int')));
print '</td>'; print '</td>';
print '<td align="center" valign="middle" colspan="4"><input type="submit" class="button" value="'.$langs->trans('Add').'" name="addline"></td>'; print '<td align="center" valign="middle" colspan="4"><input type="submit" class="button" value="'.$langs->trans('Add').'" name="addline"></td>';
@ -1191,7 +1191,7 @@ else if ($id > 0 || ! empty($ref))
$formmail->fromname = $user->getFullName($langs); $formmail->fromname = $user->getFullName($langs);
$formmail->frommail = $user->email; $formmail->frommail = $user->email;
$formmail->withfrom=1; $formmail->withfrom=1;
$formmail->withto=empty($_POST["sendto"])?1:$_POST["sendto"]; $formmail->withto=(!GETPOST('sendto','alpha'))?1:GETPOST('sendto','alpha');
$formmail->withtosocid=$societe->id; $formmail->withtosocid=$societe->id;
$formmail->withtocc=1; $formmail->withtocc=1;
$formmail->withtoccsocid=0; $formmail->withtoccsocid=0;
@ -1212,7 +1212,7 @@ else if ($id > 0 || ! empty($ref))
$formmail->param['returnurl']=$_SERVER["PHP_SELF"].'?id='.$object->id; $formmail->param['returnurl']=$_SERVER["PHP_SELF"].'?id='.$object->id;
// Init list of files // Init list of files
if (! empty($_REQUEST["mode"]) && $_REQUEST["mode"]=='init') if (GETPOST('mode','alpha')=='init')
{ {
$formmail->clear_attached_files(); $formmail->clear_attached_files();
$formmail->add_attached_files($file,$object->ref.'.pdf','application/pdf'); $formmail->add_attached_files($file,$object->ref.'.pdf','application/pdf');

27
htdocs/fichinter/list.php
View File

@ -2,7 +2,7 @@
/* Copyright (C) 2002-2003 Rodolphe Quiedeville <rodolphe@quiedeville.org> /* Copyright (C) 2002-2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net> * Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr> * Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es> * Copyright (C) 2011-2012 Juanjo Menent <jmenent@2byte.es>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -32,22 +32,23 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php");
$langs->load("companies"); $langs->load("companies");
$langs->load("interventions"); $langs->load("interventions");
$sortfield = GETPOST("sortfield",'alpha');
$sortorder = GETPOST("sortorder",'alpha');
$page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
$socid=GETPOST('socid','int'); $socid=GETPOST('socid','int');
$page=GETPOST("page");
// Security check // Security check
$fichinterid = GETPOST('id','int'); $fichinterid = GETPOST('id','int');
if ($user->societe_id) $socid=$user->societe_id; if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'ficheinter', $fichinterid,'fichinter'); $result = restrictedArea($user, 'ficheinter', $fichinterid,'fichinter');
$sortfield = GETPOST('sortfield','alpha');
$sortorder = GETPOST('sortorder','alpha');
$page = GETPOST('page','int');
if ($page == -1) {
$page = 0;
}
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC"; if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="fd.date"; if (! $sortfield) $sortfield="fd.date";
if ($page == -1) { $page = 0 ; } if ($page == -1) { $page = 0 ; }
@ -57,9 +58,9 @@ $offset = $limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
$search_ref=GETPOST("search_ref"); $search_ref=GETPOST('search_ref','alpha');
$search_company=GETPOST("search_company"); $search_company=GETPOST('search_company','alpha');
$search_desc=GETPOST("search_desc"); $search_desc=GETPOST('search_desc','alpha');
/* /*

10
htdocs/fichinter/note.php
View File

@ -1,6 +1,6 @@
<?php <?php
/* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr> /* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es> * Copyright (C) 2011-2012 Juanjo Menent <jmenent@2byte.es>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -30,7 +30,7 @@ $langs->load('companies');
$langs->load("interventions"); $langs->load("interventions");
$fichinterid = GETPOST('id','int'); $fichinterid = GETPOST('id','int');
$action=GETPOST("action"); $action=GETPOST('action','alpha');
// Security check // Security check
if ($user->societe_id) $socid=$user->societe_id; if ($user->societe_id) $socid=$user->societe_id;
@ -48,7 +48,7 @@ if ($action == 'update_public' && $user->rights->ficheinter->creer)
$db->begin(); $db->begin();
$res=$fichinter->update_note_public(GETPOST("note_public"),$user); $res=$fichinter->update_note_public(GETPOST('note_public','alpha'),$user);
if ($res < 0) if ($res < 0)
{ {
$mesg='<div class="error">'.$fichinter->error.'</div>'; $mesg='<div class="error">'.$fichinter->error.'</div>';
@ -67,7 +67,7 @@ if ($action == 'update' && $user->rights->ficheinter->creer)
$db->begin(); $db->begin();
$res=$fichinter->update_note(GETPOST("note_private"),$user); $res=$fichinter->update_note(GETPOST('note_private','alpha'),$user);
if ($res < 0) if ($res < 0)
{ {
$mesg='<div class="error">'.$fichinter->error.'</div>'; $mesg='<div class="error">'.$fichinter->error.'</div>';
@ -157,7 +157,7 @@ if ($fichinterid)
*/ */
print '<div class="tabsAction">'; print '<div class="tabsAction">';
if ($user->rights->ficheinter->creer && GETPOST("action") <> 'edit') if ($user->rights->ficheinter->creer && $action <> 'edit')
{ {
print '<a class="butAction" href="note.php?id='.$fichinter->id.'&amp;action=edit">'.$langs->trans('Modify').'</a>'; print '<a class="butAction" href="note.php?id='.$fichinter->id.'&amp;action=edit">'.$langs->trans('Modify').'</a>';
} }