From a2f1f4331e35549ce0ca76373f5493ef42f4bca1 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Fri, 18 Mar 2022 11:11:25 +0100 Subject: [PATCH 1/5] NEW add selectCompaniesForNewContactListWhere hook --- htdocs/core/class/html.formcompany.class.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/htdocs/core/class/html.formcompany.class.php b/htdocs/core/class/html.formcompany.class.php index 5b3d07fe80f..fbaee3331c5 100644 --- a/htdocs/core/class/html.formcompany.class.php +++ b/htdocs/core/class/html.formcompany.class.php @@ -618,7 +618,7 @@ class FormCompany extends Form */ public function selectCompaniesForNewContact($object, $var_id, $selected = '', $htmlname = 'newcompany', $limitto = '', $forceid = 0, $moreparam = '', $morecss = '') { - global $conf, $langs; + global $conf, $hookmanager; if (!empty($conf->use_javascript_ajax) && !empty($conf->global->COMPANY_USE_SEARCH_TO_SELECT)) { // Use Ajax search @@ -718,6 +718,10 @@ class FormCompany extends Form if (is_array($limitto) && count($limitto)) { $sql .= " AND s.rowid IN (".$this->db->sanitize(join(',', $limitto)).")"; } + // Add where from hooks + $parameters = array(); + $reshook = $hookmanager->executeHooks('selectCompaniesForNewContactListWhere', $parameters); // Note that $action and $object may have been modified by hook + $sql .= $hookmanager->resPrint; $sql .= " ORDER BY s.nom ASC"; $resql = $this->db->query($sql); From 33398a3031b651693b45884f60db731cf18555f4 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 22 Mar 2022 10:10:42 +0100 Subject: [PATCH 2/5] FIX missing object and action hooks parameters --- htdocs/contact/list.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index 66561730829..b661bc61713 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -384,7 +384,7 @@ if (!empty($conf->mailing->enabled)) { } // Add fields from hooks $parameters = array(); -$reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters); // Note that $action and $object may have been modified by hook +$reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters, $object, $action); // Note that $action and $object may have been modified by hook $sql .= $hookmanager->resPrint; $sql .= " FROM ".MAIN_DB_PREFIX."socpeople as p"; if (isset($extrafields->attributes[$object->table_element]['label']) && is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) { @@ -543,7 +543,7 @@ if (!empty($socid)) { include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; // Add where from hooks $parameters = array(); -$reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook +$reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters, $object, $action); // Note that $action and $object may have been modified by hook $sql .= $hookmanager->resPrint; // Add order if ($view == "recent") { @@ -767,7 +767,7 @@ $moreforfilter .= ''; print '
'; print $moreforfilter; $parameters = array('type'=>$type); -$reshook = $hookmanager->executeHooks('printFieldPreListTitle', $parameters); // Note that $action and $object may have been modified by hook +$reshook = $hookmanager->executeHooks('printFieldPreListTitle', $parameters, $object, $action); // Note that $action and $object may have been modified by hook print $hookmanager->resPrint; print '
'; @@ -910,7 +910,7 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_input.tpl.php'; // Fields from hook $parameters = array('arrayfields'=>$arrayfields); -$reshook = $hookmanager->executeHooks('printFieldListOption', $parameters); // Note that $action and $object may have been modified by hook +$reshook = $hookmanager->executeHooks('printFieldListOption', $parameters, $object, $action); // Note that $action and $object may have been modified by hook print $hookmanager->resPrint; // Date creation if (!empty($arrayfields['p.datec']['checked'])) { @@ -1018,7 +1018,7 @@ $parameters = array( 'sortfield'=>$sortfield, 'sortorder'=>$sortorder, ); -$reshook = $hookmanager->executeHooks('printFieldListTitle', $parameters); // Note that $action and $object may have been modified by hook +$reshook = $hookmanager->executeHooks('printFieldListTitle', $parameters, $object, $action); // Note that $action and $object may have been modified by hook print $hookmanager->resPrint; if (!empty($arrayfields['p.datec']['checked'])) { print_liste_field_titre($arrayfields['p.datec']['label'], $_SERVER["PHP_SELF"], "p.datec", "", $param, '', $sortfield, $sortorder, 'center nowrap '); @@ -1255,7 +1255,7 @@ while ($i < min($num, $limit)) { include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_print_fields.tpl.php'; // Fields from hook $parameters = array('arrayfields'=>$arrayfields, 'obj'=>$obj, 'i'=>$i, 'totalarray'=>&$totalarray); - $reshook = $hookmanager->executeHooks('printFieldListValue', $parameters); // Note that $action and $object may have been modified by hook + $reshook = $hookmanager->executeHooks('printFieldListValue', $parameters, $object, $action); // Note that $action and $object may have been modified by hook print $hookmanager->resPrint; // Date creation if (!empty($arrayfields['p.datec']['checked'])) { @@ -1312,7 +1312,7 @@ while ($i < min($num, $limit)) { $db->free($resql); $parameters = array('arrayfields'=>$arrayfields, 'sql'=>$sql); -$reshook = $hookmanager->executeHooks('printFieldListFooter', $parameters); // Note that $action and $object may have been modified by hook +$reshook = $hookmanager->executeHooks('printFieldListFooter', $parameters, $object, $action); // Note that $action and $object may have been modified by hook print $hookmanager->resPrint; print ""; From 4efe10a9a55367baf5eb76a4db7bfd448511e43b Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 22 Mar 2022 10:46:26 +0100 Subject: [PATCH 3/5] NEW add hook printFieldListWhere in "show_contacts" function --- htdocs/core/lib/company.lib.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 4bf8a0e7219..7f1f03cd121 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -1102,6 +1102,10 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '') // Add where from extra fields $extrafieldsobjectkey = $contactstatic->table_element; include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; + // Add where from hooks + $parameters = array('socid' => $object->id); + $reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters, $object); // Note that $action and $object may have been modified by hook + $sql .= $hookmanager->resPrint; if ($sortfield == "t.name") { $sql .= " ORDER BY t.lastname $sortorder, t.firstname $sortorder"; } else { From ca3a4839e5fdd4ae74802e58ccfed4ad2990868e Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 22 Mar 2022 12:06:37 +0100 Subject: [PATCH 4/5] FIX try to fix CodingPhpTest::testPHP error --- htdocs/core/customreports.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/customreports.php b/htdocs/core/customreports.php index ec0ce330dc4..df7ff549bbb 100644 --- a/htdocs/core/customreports.php +++ b/htdocs/core/customreports.php @@ -565,7 +565,7 @@ if (!empty($search_measures) && !empty($search_xaxis)) { $tmpval = explode('.', $val); //var_dump($arrayofxaxis[$val]['table']); if (! in_array($arrayofxaxis[$val]['table'], $listoftablesalreadyadded)) { // We do not add join for main table already added - $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.$arrayofxaxis[$val]['table'].' as '.$tmpval[0]; + $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.$arrayofxaxis[$val]['table'].' as '.$db->escape($tmpval[0]); $listoftablesalreadyadded[$arrayofxaxis[$val]['table']] = $arrayofxaxis[$val]['table']; } } else { From 5adcdd6b4e9715189a2a40b70ba70c3e55b1df0a Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 22 Mar 2022 12:27:36 +0100 Subject: [PATCH 5/5] FIX use sanitize instead escape --- htdocs/core/customreports.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/customreports.php b/htdocs/core/customreports.php index df7ff549bbb..b640df8768f 100644 --- a/htdocs/core/customreports.php +++ b/htdocs/core/customreports.php @@ -565,7 +565,7 @@ if (!empty($search_measures) && !empty($search_xaxis)) { $tmpval = explode('.', $val); //var_dump($arrayofxaxis[$val]['table']); if (! in_array($arrayofxaxis[$val]['table'], $listoftablesalreadyadded)) { // We do not add join for main table already added - $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.$arrayofxaxis[$val]['table'].' as '.$db->escape($tmpval[0]); + $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.$arrayofxaxis[$val]['table'].' as '.$db->sanitize($tmpval[0]); $listoftablesalreadyadded[$arrayofxaxis[$val]['table']] = $arrayofxaxis[$val]['table']; } } else {