diff --git a/ChangeLog b/ChangeLog index 6556db79da2..e685669f01d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,53 @@ English Dolibarr ChangeLog -------------------------------------------------------------- +***** ChangeLog for 13.0.2 compared to 13.0.1 ***** + +FIX: 11.0 - $this->socid injected in query without checking for empty value +FIX: #16096 #16085 Any call of ajax pages must provide the token +FIX: #16296 +FIX: #16325 +FIX: #16341 : Fetch the Product ExtraFields in Shippment lines +FIX: #16366 +FIX: #16393 Do not sanitize +FIX: #16420 #16423 #16488 #16477 +FIX: #16431 +FIX: #16465 +FIX: #16480 +FIX: #16485 +FIX: #16487 +FIX: #16503 +FIX: #16530 +FIX: #16533 +FIX: #16629 +FIX: #16671 Can not generate zip file of documents in backup tool +FIX: Add "Now" link on social charges creation card +FIX: avoid undefined url and missing token +FIX: Bad project filter in ticket list +FIX: Buttons to disable bindings not working +FIX: class not found when creating recuring invoice from invoice+discount +FIX: File attachment on lots +FIX: handling $heightforinfotot when he's superior to a page height on Supplier Invoice +FIX: hourglass and hide button to pay +FIX: massaction validate invoice do not regenerate pdf +FIX: missing mp4 video mime +FIX: picto on shipment to reset qty to 0. Some quantities were not reset. +FIX: Protection to avoid #16504 +FIX: rounding amount on card updating +FIX: Rounding amount on social charges card updating +FIX: select list dependencies now work for ModuleBuilder sellist field +FIX: Status in popup of member in widget +FIX: status on tooltip on widgets +FIX: Timezone management for datetime on list of events +FIX: Timezone management for datetime with modulebuilder and extrafields +FIX: Total_ht not show in contract link element +FIX: use post instead get +FIX: use var "saved_url" instead global var "$url" +FIX: Various payment - Missing fields for check transmitter & bank name +FIX: warning if setup of chart of account is not yet done. +FIX: wrong extension + + ***** ChangeLog for 13.0.1 compared to 13.0.0 ***** FIX: 10.0 before crediting a withdrawal receipt, check whether it has been credited already. diff --git a/htdocs/admin/tools/export_files.php b/htdocs/admin/tools/export_files.php index 6e0b0508a07..5ec1d5d56f7 100644 --- a/htdocs/admin/tools/export_files.php +++ b/htdocs/admin/tools/export_files.php @@ -113,7 +113,8 @@ $utils = new Utils($db); if ($compression == 'zip') { $file .= '.zip'; - $ret = dol_compress_dir(DOL_DATA_ROOT, $outputdir."/".$file, $compression, '/(\.back|\.old|\.log|[\\\/]temp[\\\/]|documents[\\\/]admin[\\\/]documents[\\\/])/i'); + $excludefiles = '/(\.back|\.old|\.log|[\/\\\]temp[\/\\\]|documents[\/\\\]admin[\/\\\]documents[\/\\\])/i'; + $ret = dol_compress_dir(DOL_DATA_ROOT, $outputdir."/".$file, $compression, $excludefiles); if ($ret < 0) { if ($ret == -2) { diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index 6779adc60c6..73ea01bc3f8 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -285,6 +285,7 @@ if (empty($reshook)) } elseif ($action == 'setecheance' && $usercancreate) { $result = $object->set_echeance($user, dol_mktime(12, 0, 0, $_POST['echmonth'], $_POST['echday'], $_POST['echyear'])); + $result = $object->generateDocument($model, $outputlangs, $hidedetails, $hidedesc, $hideref); if ($result < 0) dol_print_error($db, $object->error); } elseif ($action == 'setdate_livraison' && $usercancreate) diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index a47e46401bd..f23a1ff6715 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -2240,6 +2240,7 @@ class Commande extends CommonOrder $sql .= ' FROM '.MAIN_DB_PREFIX.'expedition as e'; $sql .= ', '.MAIN_DB_PREFIX.'element_element as el'; $sql .= ' WHERE el.fk_source = '.$this->id; + $sql .= " AND el.sourcetype = 'commande'"; $sql .= " AND el.fk_target = e.rowid"; $sql .= " AND el.targettype = 'shipping'"; diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index 63021eb3b07..7abd2c6a2b7 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -515,13 +515,17 @@ if ($search_description) } $sql .= natural_search("b.label", $search_description_to_use); // Warning some text are just translation keys, not translated strings } -if ($search_bid > 0) $sql .= " AND b.rowid=l.lineid AND l.fk_categ=".$search_bid; -if (!empty($search_type)) $sql .= " AND b.fk_type = '".$db->escape($search_type)."' "; +if ($search_bid > 0) $sql .= " AND b.rowid=l.lineid AND l.fk_categ=".((int) $search_bid); +if (!empty($search_type)) $sql .= " AND b.fk_type = '".$db->escape($search_type)."'"; // Search criteria amount -$search_debit = price2num(str_replace('-', '', $search_debit)); -$search_credit = price2num(str_replace('-', '', $search_credit)); -if ($search_debit) $sql .= natural_search('- b.amount', $search_debit, 1); -if ($search_credit) $sql .= natural_search('b.amount', $search_credit, 1); +if ($search_debit) { + $sql .= natural_search('ABS(b.amount)', $search_debit, 1); + $sql .= ' AND b.amount <= 0'; +} +if ($search_credit) { + $sql .= natural_search('b.amount', $search_credit, 1); + $sql .= ' AND b.amount >= 0'; +} // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; diff --git a/htdocs/compta/paiement_charge.php b/htdocs/compta/paiement_charge.php index 247f66b5acf..45ad2114368 100644 --- a/htdocs/compta/paiement_charge.php +++ b/htdocs/compta/paiement_charge.php @@ -247,7 +247,7 @@ if ($action == 'create') print ''; print ''.$langs->trans("Comments").''; - print ''; + print ''; print ''; print ''; @@ -293,6 +293,7 @@ if ($action == 'create') print ''.price($objp->amount - $sumpaid).""; print ''; + if ($sumpaid < $objp->amount) { $namef = "amount_".$objp->id; @@ -301,7 +302,7 @@ if ($action == 'create') print img_picto("Auto fill", 'rightarrow', "class='AutoFillAmount' data-rowid='".$namef."' data-value='".($objp->amount - $sumpaid)."'"); $remaintopay = $objp->amount - $sumpaid; print ''; - print ''; + print ''; } else { print '-'; } diff --git a/htdocs/compta/sociales/card.php b/htdocs/compta/sociales/card.php index b44968e21bf..25e96c79a28 100644 --- a/htdocs/compta/sociales/card.php +++ b/htdocs/compta/sociales/card.php @@ -45,7 +45,7 @@ $langs->loadLangs(array('compta', 'bills', 'banks')); $id = GETPOST('id', 'int'); $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm'); -$projectid = (GETPOST('projectid') ? GETPOST('projectid', 'int') : 0); +$fk_project = (GETPOST('fk_project') ? GETPOST('fk_project', 'int') : 0); $dateech = dol_mktime(GETPOST('echhour'), GETPOST('echmin'), GETPOST('echsec'), GETPOST('echmonth'), GETPOST('echday'), GETPOST('echyear')); $dateperiod = dol_mktime(GETPOST('periodhour'), GETPOST('periodmin'), GETPOST('periodsec'), GETPOST('periodmonth'), GETPOST('periodday'), GETPOST('periodyear')); @@ -91,7 +91,7 @@ if ($action == 'reopen' && $user->rights->tax->charges->creer) { if ($action == 'classin' && $user->rights->tax->charges->creer) { $object->fetch($id); - $object->setProject(GETPOST('projectid')); + $object->setProject(GETPOST('fk_project')); } if ($action == 'setlib' && $user->rights->tax->charges->creer) @@ -352,21 +352,21 @@ if ($action == 'create') print ''.$langs->trans("Project").''; - $numproject = $formproject->select_projects(-1, $projectid, 'fk_project', 0, 0, 1, 1); + $numproject = $formproject->select_projects(-1, $fk_project, 'fk_project', 0, 0, 1, 1); print ''; } // Payment Mode print ''.$langs->trans('PaymentMode').''; - $form->select_types_paiements($mode_reglement_id, 'mode_reglement_id'); + $form->select_types_paiements(GETPOST('mode_reglement_id', 'int'), 'mode_reglement_id'); print ''; // Bank Account if (!empty($conf->banque->enabled)) { print ''.$langs->trans('BankAccount').''; - $form->select_comptes($fk_account, 'fk_account', 0, '', 2); + $form->select_comptes(GETPOST('fk_account', 'int'), 'fk_account', 0, '', 2); print ''; } @@ -457,7 +457,7 @@ if ($id > 0) $morehtmlref .= '
'; $morehtmlref .= ''; $morehtmlref .= ''; - $morehtmlref .= $formproject->select_projects(0, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); + $morehtmlref .= $formproject->select_projects(0, $object->fk_project, 'fk_project', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); $morehtmlref .= ''; $morehtmlref .= '
'; } else { diff --git a/htdocs/core/modules/propale/doc/pdf_azur.modules.php b/htdocs/core/modules/propale/doc/pdf_azur.modules.php index 0ad654e49d0..856828edc00 100644 --- a/htdocs/core/modules/propale/doc/pdf_azur.modules.php +++ b/htdocs/core/modules/propale/doc/pdf_azur.modules.php @@ -762,9 +762,9 @@ class pdf_azur extends ModelePDFPropales } } else { if (!empty($conf->product->enabled)) { - $filetomerge_dir = $conf->product->multidir_output[$entity_product_file].'/'.get_exdir(0, 0, 0, 0, $product, 'product').dol_sanitizeFileName($product->ref); + $filetomerge_dir = $conf->product->multidir_output[$entity_product_file].'/'.get_exdir(0, 0, 0, 0, $product, 'product'); } elseif (!empty($conf->service->enabled)) { - $filetomerge_dir = $conf->service->multidir_output[$entity_product_file].'/'.get_exdir(0, 0, 0, 0, $product, 'product').dol_sanitizeFileName($product->ref); + $filetomerge_dir = $conf->service->multidir_output[$entity_product_file].'/'.get_exdir(0, 0, 0, 0, $product, 'product'); } } diff --git a/htdocs/core/modules/propale/doc/pdf_cyan.modules.php b/htdocs/core/modules/propale/doc/pdf_cyan.modules.php index c4f11568456..c82fb592d82 100644 --- a/htdocs/core/modules/propale/doc/pdf_cyan.modules.php +++ b/htdocs/core/modules/propale/doc/pdf_cyan.modules.php @@ -907,9 +907,9 @@ class pdf_cyan extends ModelePDFPropales } } else { if (!empty($conf->product->enabled)) { - $filetomerge_dir = $conf->product->multidir_output[$entity_product_file].'/'.get_exdir(0, 0, 0, 0, $product, 'product').dol_sanitizeFileName($product->ref); + $filetomerge_dir = $conf->product->multidir_output[$entity_product_file].'/'.get_exdir(0, 0, 0, 0, $product, 'product'); } elseif (!empty($conf->service->enabled)) { - $filetomerge_dir = $conf->service->multidir_output[$entity_product_file].'/'.get_exdir(0, 0, 0, 0, $product, 'product').dol_sanitizeFileName($product->ref); + $filetomerge_dir = $conf->service->multidir_output[$entity_product_file].'/'.get_exdir(0, 0, 0, 0, $product, 'product'); } } diff --git a/htdocs/core/modules/societe/mod_codeclient_elephant.php b/htdocs/core/modules/societe/mod_codeclient_elephant.php index 18947732b16..accdfae89f6 100644 --- a/htdocs/core/modules/societe/mod_codeclient_elephant.php +++ b/htdocs/core/modules/societe/mod_codeclient_elephant.php @@ -305,6 +305,11 @@ class mod_codeclient_elephant extends ModeleThirdPartyCode { $this->error = $result; return -6; + } else { + $is_dispo = $this->verif_dispo($db, $code, $soc, $type); + if ($is_dispo <> 0) { + $result = -3; + } } } diff --git a/htdocs/cron/list.php b/htdocs/cron/list.php index fe81b57dbf5..ae7cbee0cf0 100644 --- a/htdocs/cron/list.php +++ b/htdocs/cron/list.php @@ -465,7 +465,7 @@ if ($num > 0) print $object->priority; print ''; - print ''; + print ''; if ($obj->jobtype == 'method') { $text = $langs->trans("CronClass"); diff --git a/htdocs/fourn/commande/dispatch.php b/htdocs/fourn/commande/dispatch.php index 6a42ad77aa3..13989286e33 100644 --- a/htdocs/fourn/commande/dispatch.php +++ b/htdocs/fourn/commande/dispatch.php @@ -411,7 +411,7 @@ if ($action == 'confirm_deleteline' && $confirm == 'yes' && $user->rights->fourn $product = $supplierorderdispatch->fk_product; $price = GETPOST('price'); $comment = $supplierorderdispatch->comment; - $eatby = $supplierorderdispatch->fk_product; + $eatby = $supplierorderdispatch->eatby; $sellby = $supplierorderdispatch->sellby; $batch = $supplierorderdispatch->batch; diff --git a/htdocs/opensurvey/card.php b/htdocs/opensurvey/card.php index ef583d08ff5..1a61773993f 100644 --- a/htdocs/opensurvey/card.php +++ b/htdocs/opensurvey/card.php @@ -32,7 +32,9 @@ require_once DOL_DOCUMENT_ROOT."/opensurvey/fonctions.php"; // Security check -if (!$user->rights->opensurvey->read) accessforbidden(); +if (empty($user->rights->opensurvey->read)) { + accessforbidden(); +} // Initialisation des variables $action = GETPOST('action', 'aZ09'); diff --git a/htdocs/opensurvey/exportcsv.php b/htdocs/opensurvey/exportcsv.php index 6f9a699273b..5abfd76f88e 100644 --- a/htdocs/opensurvey/exportcsv.php +++ b/htdocs/opensurvey/exportcsv.php @@ -39,6 +39,11 @@ $object = new Opensurveysondage($db); $result = $object->fetch(0, $numsondage); if ($result <= 0) dol_print_error('', 'Failed to get survey id '.$numsondage); +// Security check +if (empty($user->rights->opensurvey->read)) { + accessforbidden(); +} + /* * Actions diff --git a/htdocs/opensurvey/fonctions.php b/htdocs/opensurvey/fonctions.php index 0ea701ebf0b..5832e57c46d 100644 --- a/htdocs/opensurvey/fonctions.php +++ b/htdocs/opensurvey/fonctions.php @@ -31,7 +31,6 @@ */ function opensurvey_prepare_head(Opensurveysondage $object) { - global $langs, $conf; $h = 0; diff --git a/htdocs/opensurvey/index.php b/htdocs/opensurvey/index.php index 50198e5202f..c8cc35a0c61 100644 --- a/htdocs/opensurvey/index.php +++ b/htdocs/opensurvey/index.php @@ -31,7 +31,9 @@ require_once DOL_DOCUMENT_ROOT."/core/lib/files.lib.php"; $langs->load("opensurvey"); // Security check -if (!$user->rights->opensurvey->read) accessforbidden(); +if (empty($user->rights->opensurvey->read)) { + accessforbidden(); +} $hookmanager = new HookManager($db); diff --git a/htdocs/opensurvey/results.php b/htdocs/opensurvey/results.php index ea07900ba67..fe03c433738 100644 --- a/htdocs/opensurvey/results.php +++ b/htdocs/opensurvey/results.php @@ -29,10 +29,10 @@ require_once DOL_DOCUMENT_ROOT."/core/lib/files.lib.php"; require_once DOL_DOCUMENT_ROOT."/opensurvey/class/opensurveysondage.class.php"; require_once DOL_DOCUMENT_ROOT."/opensurvey/fonctions.php"; - // Security check -if (!$user->rights->opensurvey->read) accessforbidden(); - +if (empty($user->rights->opensurvey->read)) { + accessforbidden(); +} // Init vars $action = GETPOST('action', 'aZ09'); @@ -596,7 +596,10 @@ if (GETPOST('ajoutsujet')) } if ($user->rights->opensurvey->write) { - print ''.$langs->trans("PollAdminDesc", img_picto('', 'delete'), $langs->trans("Add")).'
'; + print ''; + $s = $langs->trans("PollAdminDesc", '{s1}', $langs->trans("Add")); + print str_replace('{s1}', img_picto('', 'delete'), $s); + print '
'; } $nbcolonnes = substr_count($object->sujet, ',') + 1; diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index 364cb30633a..e986fc4c8fa 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -215,7 +215,7 @@ if (empty($reshook)) } } else { $db->rollback(); - + unset($_POST["ref"]); $action = 'create'; } } else { diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index 1c81faca1ad..678d45f70ca 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -307,7 +307,9 @@ if (empty($reshook) && $action == 'create_ticket' && GETPOST('add', 'alpha')) { //setEventMessages($langs->trans('YourTicketSuccessfullySaved'), null, 'mesgs'); // Make a redirect to avoid to have ticket submitted twice if we make back - setEventMessages($langs->trans('MesgInfosPublicTicketCreatedWithTrackId', ''.$object->track_id.'', ''.$object->ref.''), null, 'warnings'); + $messagetoshow = $langs->trans('MesgInfosPublicTicketCreatedWithTrackId', '{s1}', '{s2}'); + $messagetoshow = str_replace(array('{s1}', '{s2}'), array(''.$object->track_id.'', ''.$object->ref.''), $messagetoshow); + setEventMessages($messagetoshow, null, 'warnings'); setEventMessages($langs->trans('PleaseRememberThisId'), null, 'warnings'); header("Location: index.php"); exit; diff --git a/test/phpunit/FilesLibTest.php b/test/phpunit/FilesLibTest.php index d80abac42fe..ef84b8db752 100644 --- a/test/phpunit/FilesLibTest.php +++ b/test/phpunit/FilesLibTest.php @@ -425,6 +425,13 @@ class FilesLibTest extends PHPUnit\Framework\TestCase $result=dol_uncompress($fileout, $dirout); print __METHOD__." result=".join(',', $result)."\n"; $this->assertEquals(0, count($result), "Pb with dol_uncompress_file of file ".$fileout); + + $excludefiles = '/(\.back|\.old|\.log|documents[\/\\\]admin[\/\\\]documents[\/\\\])/i'; + if (preg_match($excludefiles, 'a/temp/b')) { echo '----- Regex OK -----'."\n"; } + $result=dol_compress_dir($dirout, $conf->admin->dir_temp.'/testdir.zip', 'zip', $excludefiles); + print __METHOD__." result=".$result."\n"; + print join(', ', $conf->logbuffer); + $this->assertGreaterThanOrEqual(1, $result, "Pb with dol_compress_dir of ".$dirout." into ".$conf->admin->dir_temp.'/testdir.zip'); } /**