From b34fb95f4f8163ebc7287587803502054f4fba8f Mon Sep 17 00:00:00 2001 From: Gerhard Stephan Date: Mon, 8 Nov 2021 10:59:04 +0100 Subject: [PATCH 01/45] Load product data optional fields to the line -> enables to use "line_options_{extrafield}" --- htdocs/core/class/commondocgenerator.class.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/htdocs/core/class/commondocgenerator.class.php b/htdocs/core/class/commondocgenerator.class.php index a92179e7b6a..e5a2ef4c9db 100644 --- a/htdocs/core/class/commondocgenerator.class.php +++ b/htdocs/core/class/commondocgenerator.class.php @@ -559,6 +559,15 @@ abstract class CommonDocGenerator $resarray = $this->fill_substitutionarray_with_extrafields($object, $resarray, $extrafields, $array_key, $outputlangs); } + // Load product data optional fields to the line -> enables to use "line_options_{extrafield}" + if (isset($line->fk_product) && $line->fk_product > 0) + { + $tmpproduct = new Product($this->db); + $result = $tmpproduct->fetch($line->fk_product); + foreach($tmpproduct->array_options as $key=>$label) + $resarray["line_".$key] = $label; + } + return $resarray; } From 0a3a0862ffaf4c63396f4d96f765238e9f3e92cf Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Mon, 8 Nov 2021 13:33:24 +0100 Subject: [PATCH 02/45] fixes to be pure markdown --- SECURITY.md | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 427b1cc7ae2..9c28e2874b9 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -12,8 +12,7 @@ This file contains some policies about the security reports on Dolibarr ERP CRM ## Reporting a Vulnerability -To report a vulnerability, please use GitHub security advisory at https://github.com/Dolibarr/dolibarr/security/advisories/new (if you have permissions) or alternatively send an email to security@dolibarr.org (for everybody) - +To report a vulnerability, please use GitHub security advisory at [https://github.com/Dolibarr/dolibarr/security/advisories/new](https://github.com/Dolibarr/dolibarr/security/advisories/new) (if you have permissions) or alternatively send an email to security@dolibarr.org (for everybody) ## Hunting vulnerabilities on Dolibarr @@ -23,7 +22,7 @@ If you believe you've found a security bug in our service, we are happy to work Any type of denial of service attacks is strictly forbidden, as well as any interference with network equipment and Dolibarr infrastructure. -We recommand to install Dolibarr ERP CRM on your own server (as most Open Source software, download and use is free: https://www.dolibarr.org/download) to get access on every side of application. +We recommand to install Dolibarr ERP CRM on your own server (as most Open Source software, download and use is free: [https://www.dolibarr.org/download](https://www.dolibarr.org/download)) to get access on every side of application. ### User Agent @@ -31,8 +30,7 @@ If you try to find bug on Dolibarr, we recommend to append to your user-agent he ### Account access -You can install the web application yourself on your own platform/server so you get full access to application and sources. Download the zip of the files to put into your own web server virtual host from https://www.dolibarr.org/download - +You can install the web application yourself on your own platform/server so you get full access to application and sources. Download the zip of the files to put into your own web server virtual host from [https://www.dolibarr.org/download](https://www.dolibarr.org/download) ## Eligibility and Responsible Disclosure @@ -46,7 +44,6 @@ You must avoid tests that could cause degradation or interruption of our service You must not leak, manipulate, or destroy any user data of third parties to find your vulnerability. - ## Scope for qualified vulnerabilities ONLY vulnerabilities discovered, when the following setup on test platform is used, are "valid": @@ -64,7 +61,6 @@ ONLY vulnerabilities discovered, when the following setup on test platform is us Scope is the web application (back office) and the APIs. - ## Qualifying vulnerabilities for reporting * Remote code execution (RCE) @@ -81,7 +77,6 @@ Scope is the web application (back office) and the APIs. * Software version disclosure (for non admin users only) * Stack traces or path disclosure (for non admin users only) - ## Non-qualifying vulnerabilities for reporting * "Self" XSS @@ -99,4 +94,3 @@ Scope is the web application (back office) and the APIs. * Software version or private IP disclosure when logged user is admin * Stack traces or path disclosure when logged user is admin * Any vulnerabilities due to a configuration different than the one defined into chapter "Scope for qualified vulnerabilities". - From d06d6c51cd7ca5802bcac3047386e9011e0fb14a Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Mon, 8 Nov 2021 13:44:46 +0100 Subject: [PATCH 03/45] MD041 - First line in a file should be a top-level heading --- htdocs/modulebuilder/template/core/boxes/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/modulebuilder/template/core/boxes/README.md b/htdocs/modulebuilder/template/core/boxes/README.md index b641e7136bc..3989bca5847 100644 --- a/htdocs/modulebuilder/template/core/boxes/README.md +++ b/htdocs/modulebuilder/template/core/boxes/README.md @@ -1 +1 @@ -Directory where widgets files are stored. \ No newline at end of file +# Directory where widgets files are stored From 85a3bbba3d9fc491b16ba761ce82afdef42b7af8 Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Mon, 8 Nov 2021 13:51:03 +0100 Subject: [PATCH 04/45] Translations --- .../mailings/mailinglist_mymodule_myobject.modules.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/modulebuilder/template/core/modules/mailings/mailinglist_mymodule_myobject.modules.php b/htdocs/modulebuilder/template/core/modules/mailings/mailinglist_mymodule_myobject.modules.php index dc797b99a94..b50f4acf741 100644 --- a/htdocs/modulebuilder/template/core/modules/mailings/mailinglist_mymodule_myobject.modules.php +++ b/htdocs/modulebuilder/template/core/modules/mailings/mailinglist_mymodule_myobject.modules.php @@ -55,9 +55,9 @@ class mailing_mailinglist_mymodule_myobject extends MailingTargets /** - * Affiche formulaire de filtre qui apparait dans page de selection des destinataires de mailings + * Displays the filter form that appears in the mailing recipient selection page * - * @return string Retourne zone select + * @return string Return select zone */ public function formFilter() { @@ -83,7 +83,7 @@ class mailing_mailinglist_mymodule_myobject extends MailingTargets /** - * Renvoie url lien vers fiche de la source du destinataire du mailing + * Returns url link to file of the source of the recipient of the mailing * * @param int $id ID * @return string Url lien @@ -115,7 +115,7 @@ class mailing_mailinglist_mymodule_myobject extends MailingTargets } $sql .= " ORDER BY email"; - // Stocke destinataires dans target + // Store recipients in target $result = $this->db->query($sql); if ($result) { $num = $this->db->num_rows($result); From c1a2e7b12e1706f02dd9f5df50256cc7f0c1fc2b Mon Sep 17 00:00:00 2001 From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com> Date: Mon, 8 Nov 2021 17:51:19 +0100 Subject: [PATCH 05/45] FIX: project task list: extrafields could not be displayed --- htdocs/projet/tasks.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php index d61dffeee3c..03816ff91df 100644 --- a/htdocs/projet/tasks.php +++ b/htdocs/projet/tasks.php @@ -135,6 +135,7 @@ if ($object->usage_bill_time) { } // Extra fields +$extrafieldsobjectkey = $taskstatic->table_element; include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php'; $arrayfields = dol_sort_array($arrayfields, 'position'); @@ -774,7 +775,6 @@ if ($action == 'create' && $user->rights->projet->creer && (empty($object->third if (!empty($conf->global->PROJECT_SHOW_CONTACTS_IN_LIST)) print ''; - $extrafieldsobjectkey = $taskstatic->table_element; include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_input.tpl.php'; // Action column From ebdcff3b49e6bc76c8e519f784864b15fe6465eb Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 8 Nov 2021 20:07:03 +0100 Subject: [PATCH 06/45] FIX filter for export of accounting documents --- htdocs/compta/accounting-files.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/accounting-files.php b/htdocs/compta/accounting-files.php index 2c94cea750c..791da74b030 100644 --- a/htdocs/compta/accounting-files.php +++ b/htdocs/compta/accounting-files.php @@ -610,8 +610,12 @@ if (!empty($date_start) && !empty($date_stop)) { echo dol_print_date($date_start, 'day')." - ".dol_print_date($date_stop, 'day'); - print ''; - print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; foreach ($listofchoices as $choice => $val) { print ''; } From d28edae46009f9ca0f01042946e0fcf905b10263 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 8 Nov 2021 20:11:32 +0100 Subject: [PATCH 07/45] Fix idate must be jdate --- htdocs/compta/accounting-files.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/compta/accounting-files.php b/htdocs/compta/accounting-files.php index 791da74b030..15096e28b4f 100644 --- a/htdocs/compta/accounting-files.php +++ b/htdocs/compta/accounting-files.php @@ -348,8 +348,8 @@ if (($action == 'searchfiles' || $action == 'dl')) { $nofile = array(); $nofile['id'] = $objd->id; $nofile['entity'] = $objd->entity; - $nofile['date'] = $db->idate($objd->date); - $nofile['date_due'] = $db->idate($objd->date_due); + $nofile['date'] = $db->jdate($objd->date); + $nofile['date_due'] = $db->jdate($objd->date_due); $nofile['paid'] = $objd->paid; $nofile['amount_ht'] = $objd->total_ht; $nofile['amount_ttc'] = $objd->total_ttc; @@ -368,8 +368,8 @@ if (($action == 'searchfiles' || $action == 'dl')) { foreach ($files as $key => $file) { $file['id'] = $objd->id; $file['entity'] = $objd->entity; - $file['date'] = $db->idate($objd->date); - $file['date_due'] = $db->idate($objd->date_due); + $file['date'] = $db->jdate($objd->date); + $file['date_due'] = $db->jdate($objd->date_due); $file['paid'] = $objd->paid; $file['amount_ht'] = $objd->total_ht; $file['amount_ttc'] = $objd->total_ttc; From 9f8e21bc2cd3f0a2e6edffdd33a53c162a9b9a23 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 8 Nov 2021 20:39:52 +0100 Subject: [PATCH 08/45] Fix filter on dates --- htdocs/compta/accounting-files.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/htdocs/compta/accounting-files.php b/htdocs/compta/accounting-files.php index 15096e28b4f..a06dd8dacaf 100644 --- a/htdocs/compta/accounting-files.php +++ b/htdocs/compta/accounting-files.php @@ -57,12 +57,12 @@ $date_start = GETPOST('date_start', 'alpha'); $date_startDay = GETPOST('date_startday', 'int'); $date_startMonth = GETPOST('date_startmonth', 'int'); $date_startYear = GETPOST('date_startyear', 'int'); -$date_start = ($date_startDay ? dol_mktime(0, 0, 0, $date_startMonth, $date_startDay, $date_startYear, 'tzuserrel') : dol_stringtotime($date_start)); +$date_start = dol_mktime(0, 0, 0, $date_startMonth, $date_startDay, $date_startYear, 'tzuserrel'); $date_stop = GETPOST('date_stop', 'alpha'); $date_stopDay = GETPOST('date_stopday', 'int'); $date_stopMonth = GETPOST('date_stopmonth', 'int'); $date_stopYear = GETPOST('date_stopyear', 'int'); -$date_stop = ($date_stopDay ? dol_mktime(23, 59, 59, $date_stopMonth, $date_stopDay, $date_stopYear, 'tzuserrel') : dol_stringtotime($date_stop)); +$date_stop = dol_mktime(23, 59, 59, $date_stopMonth, $date_stopDay, $date_stopYear, 'tzuserrel'); $action = GETPOST('action', 'aZ09'); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context @@ -460,7 +460,7 @@ if ($result && $action == "dl" && !$error) { $log .= ','.$langs->transnoentitiesnoconv("Country"); $log .= ','.$langs->transnoentitiesnoconv("VATIntra"); $log .= ','.$langs->transnoentitiesnoconv("Sens")."\n"; - $zipname = $dirfortmpfile.'/'.dol_print_date($date_start, 'dayrfc')."-".dol_print_date($date_stop, 'dayrfc').'_export.zip'; + $zipname = $dirfortmpfile.'/'.dol_print_date($date_start, 'dayrfc', 'tzuserrel')."-".dol_print_date($date_stop, 'dayrfc', 'tzuserrel').'_export.zip'; dol_delete_file($zipname); @@ -608,7 +608,7 @@ if (!empty($date_start) && !empty($date_stop)) { print '
'."\n"; print ''; - echo dol_print_date($date_start, 'day')." - ".dol_print_date($date_stop, 'day'); + echo dol_print_date($date_start, 'day', 'tzuserrel')." - ".dol_print_date($date_stop, 'day', 'tzuserrel'); print ''; print ''; @@ -745,19 +745,19 @@ if (!empty($date_start) && !empty($date_stop)) { print ''.$data['paid'].''; // Total ET - print ''.price($data['sens'] ? $data['amount_ht'] : -$data['amount_ht'])."\n"; + print ''.price(price2num($data['sens'] ? $data['amount_ht'] : -$data['amount_ht'], 'MT'))."\n"; // Total IT - print ''.price($data['sens'] ? $data['amount_ttc'] : -$data['amount_ttc'])."\n"; + print ''.price(price2num($data['sens'] ? $data['amount_ttc'] : -$data['amount_ttc'], 'MT'))."\n"; // Total VAT - print ''.price($data['sens'] ? $data['amount_vat'] : -$data['amount_vat'])."\n"; + print ''.price(price2num($data['sens'] ? $data['amount_vat'] : -$data['amount_vat'], 'MT'))."\n"; - print ''.$data['thirdparty_name']."\n"; + print ''.dol_escape_htmltag($data['thirdparty_name'])."\n"; print ''.$data['thirdparty_code']."\n"; print ''.$data['country_code']."\n"; - print ''.$data['vatnum']."\n"; + print ''.dol_escape_htmltag($data['vatnum'])."\n"; if ($data['sens']) { $totalET_credit += $data['amount_ht']; From 33e40c12c8e5552f568f8c70f620b53f2dfa168a Mon Sep 17 00:00:00 2001 From: lvessiller Date: Tue, 9 Nov 2021 14:12:28 +0100 Subject: [PATCH 09/45] FIX close cash with some terminals in TakePOS --- htdocs/takepos/index.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/takepos/index.php b/htdocs/takepos/index.php index 344955a9167..f3b9991061e 100644 --- a/htdocs/takepos/index.php +++ b/htdocs/takepos/index.php @@ -732,6 +732,7 @@ $( document ).ready(function() { if ($conf->global->TAKEPOS_CONTROL_CASH_OPENING) { $sql = "SELECT rowid, status FROM ".MAIN_DB_PREFIX."pos_cash_fence WHERE"; $sql .= " entity = ".$conf->entity." AND "; + $sql .= " posnumber = ".$_SESSION["takeposterminal"]." AND "; $sql .= " date(date_creation) = CURDATE()"; $resql = $db->query($sql); if ($resql) { @@ -918,6 +919,7 @@ if ($conf->global->TAKEPOS_PRINT_METHOD == "receiptprinter") { $sql = "SELECT rowid, status, entity FROM ".MAIN_DB_PREFIX."pos_cash_fence WHERE"; $sql .= " entity = ".$conf->entity." AND "; +$sql .= " posnumber = ".$_SESSION["takeposterminal"]." AND "; $sql .= " date(date_creation) = CURDATE()"; $resql = $db->query($sql); if ($resql) From cea3d93b91c3eaa829f34ae73aa9ee2d8bed676a Mon Sep 17 00:00:00 2001 From: daraelmin Date: Tue, 9 Nov 2021 20:51:27 +0100 Subject: [PATCH 10/45] Fix wrong sign in test --- htdocs/adherents/subscription.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index 05e55206c02..d9ab62336a1 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -943,7 +943,7 @@ if ($rowid > 0) { } if (!$datefrom) { $datefrom = $object->datevalid; - if ($object->datefin > 0 && dol_time_plus_duree($object->datefin, $defaultdelay, $defaultdelayunit) < dol_now()) { + if ($object->datefin > 0 && dol_time_plus_duree($object->datefin, $defaultdelay, $defaultdelayunit) > dol_now()) { $datefrom = dol_time_plus_duree($object->datefin, 1, 'd'); } else { $datefrom = dol_get_first_day(dol_print_date(time(), "%Y")); From e5d40bf464894bb815a7032590f72373fd0afbf5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 10 Nov 2021 12:06:39 +0100 Subject: [PATCH 11/45] error display --- htdocs/compta/cashcontrol/cashcontrol_card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/cashcontrol/cashcontrol_card.php b/htdocs/compta/cashcontrol/cashcontrol_card.php index c7b74abfc39..4e82aa12686 100644 --- a/htdocs/compta/cashcontrol/cashcontrol_card.php +++ b/htdocs/compta/cashcontrol/cashcontrol_card.php @@ -128,7 +128,7 @@ if (GETPOST('cancel', 'alpha')) { if ($action == "reopen") { $result = $object->setStatut($object::STATUS_DRAFT, null, '', 'CASHFENCE_REOPEN'); if ($result < 0) { - dol_print_error($db, $object->error, $object->error); + setEventMessages($object->error, $object->error, 'errors'); } $action = 'view'; From 005254ad3438ce400c6136d88b56eb0b0f626e7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 10 Nov 2021 12:21:03 +0100 Subject: [PATCH 12/45] Update cashcontrol_card.php --- htdocs/compta/cashcontrol/cashcontrol_card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/cashcontrol/cashcontrol_card.php b/htdocs/compta/cashcontrol/cashcontrol_card.php index 4e82aa12686..2cb658f135f 100644 --- a/htdocs/compta/cashcontrol/cashcontrol_card.php +++ b/htdocs/compta/cashcontrol/cashcontrol_card.php @@ -356,7 +356,7 @@ if ($action == "create" || $action == "start" || $action == 'close') { } elseif ($syear && $smonth && $sday) { $sql .= " AND datef BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $smonth, $sday, $syear))."' AND '".$db->idate(dol_mktime(23, 59, 59, $smonth, $sday, $syear))."'"; } else { - dol_print_error('', 'Year not defined'); + setEventMessages($langs->trans('Year not defined'), null, 'errors'); } $resql = $db->query($sql); From 06e6479a123c74b11cf732814077e485b8cb184a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 10 Nov 2021 12:24:53 +0100 Subject: [PATCH 13/45] Update cashcontrol_card.php --- htdocs/compta/cashcontrol/cashcontrol_card.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/cashcontrol/cashcontrol_card.php b/htdocs/compta/cashcontrol/cashcontrol_card.php index 2cb658f135f..1950cdb5392 100644 --- a/htdocs/compta/cashcontrol/cashcontrol_card.php +++ b/htdocs/compta/cashcontrol/cashcontrol_card.php @@ -312,7 +312,7 @@ if ($action == "create" || $action == "start" || $action == 'close') { } elseif ($syear && $smonth && $sday) { $sql .= " AND dateo < '".$db->idate(dol_mktime(0, 0, 0, $smonth, $sday, $syear))."'"; } else { - dol_print_error('', 'Year not defined'); + setEventMessages($langs->trans('YearNotDefined'), null, 'errors'); } $resql = $db->query($sql); @@ -356,7 +356,7 @@ if ($action == "create" || $action == "start" || $action == 'close') { } elseif ($syear && $smonth && $sday) { $sql .= " AND datef BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $smonth, $sday, $syear))."' AND '".$db->idate(dol_mktime(23, 59, 59, $smonth, $sday, $syear))."'"; } else { - setEventMessages($langs->trans('Year not defined'), null, 'errors'); + setEventMessages($langs->trans('YearNotDefined'), null, 'errors'); } $resql = $db->query($sql); From c9517db43badbc80b514d35625358cad2efe63a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 10 Nov 2021 12:26:28 +0100 Subject: [PATCH 14/45] Update cashdesk.lang --- htdocs/langs/en_US/cashdesk.lang | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/langs/en_US/cashdesk.lang b/htdocs/langs/en_US/cashdesk.lang index 22d5afed2fc..5792e015040 100644 --- a/htdocs/langs/en_US/cashdesk.lang +++ b/htdocs/langs/en_US/cashdesk.lang @@ -133,3 +133,4 @@ SplitSale=Split sale PrintWithoutDetailsButton=Add "Print without details" button PrintWithoutDetailsLabelDefault=Line label by default on printing without details PrintWithoutDetails=Print without details +YearNotDefined=Year is not defined From 0afaf080ee0bb5f94458427eb2bfe24f66b79c5c Mon Sep 17 00:00:00 2001 From: ptibogxiv Date: Wed, 10 Nov 2021 14:53:17 +0100 Subject: [PATCH 15/45] FIX bug if multicompany disabled avoid bad constantes --- htdocs/core/class/html.form.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 56f7c41994b..fb0bba95ac4 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -1926,7 +1926,7 @@ class Form $sql .= " WHERE u.entity IS NOT NULL"; } } else { - if (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { + if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."usergroup_user as ug"; $sql .= " ON ug.fk_user = u.rowid"; $sql .= " WHERE ug.entity = ".$conf->entity; From 285bd67d90d60743124bf7f81e6f699b3a0c6b21 Mon Sep 17 00:00:00 2001 From: Gerhard Stephan Date: Wed, 10 Nov 2021 15:16:36 +0100 Subject: [PATCH 16/45] Added -Propal- as a missing class name to the commondocgenerator.class.php --- htdocs/core/class/commondocgenerator.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/class/commondocgenerator.class.php b/htdocs/core/class/commondocgenerator.class.php index e5a2ef4c9db..544a08198f8 100644 --- a/htdocs/core/class/commondocgenerator.class.php +++ b/htdocs/core/class/commondocgenerator.class.php @@ -492,7 +492,7 @@ abstract class CommonDocGenerator $array_key.'_remain_to_pay'=>price2num($object->total_ttc - $already_payed_all, 'MT') ); - if (method_exists($object, 'getTotalDiscount') && in_array(get_class($object), array('Proposal', 'Commande', 'Facture', 'SupplierProposal', 'CommandeFournisseur', 'FactureFournisseur'))) { + if (method_exists($object, 'getTotalDiscount') && in_array(get_class($object), array('Propal', 'Proposal', 'Commande', 'Facture', 'SupplierProposal', 'CommandeFournisseur', 'FactureFournisseur'))) { $resarray[$array_key.'_total_discount_ht_locale'] = price($object->getTotalDiscount(), 0, $outputlangs); $resarray[$array_key.'_total_discount_ht'] = price2num($object->getTotalDiscount()); } else { @@ -538,7 +538,7 @@ abstract class CommonDocGenerator // Note that this added fields does not match a field into database in Dolibarr (Dolibarr manage discount on lines not as a global property of object) $resarray['object_total_up'] = $totalUp; $resarray['object_total_up_locale'] = price($resarray['object_total_up'], 0, $outputlangs); - if (method_exists($object, 'getTotalDiscount') && in_array(get_class($object), array('Proposal', 'Commande', 'Facture', 'SupplierProposal', 'CommandeFournisseur', 'FactureFournisseur'))) { + if (method_exists($object, 'getTotalDiscount') && in_array(get_class($object), array('Propal', 'Proposal', 'Commande', 'Facture', 'SupplierProposal', 'CommandeFournisseur', 'FactureFournisseur'))) { $totalDiscount = $object->getTotalDiscount(); } else { $totalDiscount = 0; From 7c5810dee61f7416521e3e157dfc9e5d06824702 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Wed, 10 Nov 2021 14:19:14 +0000 Subject: [PATCH 17/45] Fixing style errors. --- htdocs/core/class/commondocgenerator.class.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/htdocs/core/class/commondocgenerator.class.php b/htdocs/core/class/commondocgenerator.class.php index 544a08198f8..a0f3f311ed4 100644 --- a/htdocs/core/class/commondocgenerator.class.php +++ b/htdocs/core/class/commondocgenerator.class.php @@ -560,14 +560,13 @@ abstract class CommonDocGenerator } // Load product data optional fields to the line -> enables to use "line_options_{extrafield}" - if (isset($line->fk_product) && $line->fk_product > 0) - { + if (isset($line->fk_product) && $line->fk_product > 0) { $tmpproduct = new Product($this->db); $result = $tmpproduct->fetch($line->fk_product); - foreach($tmpproduct->array_options as $key=>$label) + foreach ($tmpproduct->array_options as $key=>$label) $resarray["line_".$key] = $label; } - + return $resarray; } From 6a216e520f202142e93c4f9f21099ef527cd9003 Mon Sep 17 00:00:00 2001 From: Christian Foellmann Date: Thu, 11 Nov 2021 11:06:05 +0100 Subject: [PATCH 18/45] block deletion of items not free to delete (is_deletable) --- htdocs/core/actions_massactions.inc.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/htdocs/core/actions_massactions.inc.php b/htdocs/core/actions_massactions.inc.php index 8ccff0eb017..7c24257594f 100644 --- a/htdocs/core/actions_massactions.inc.php +++ b/htdocs/core/actions_massactions.inc.php @@ -1295,7 +1295,14 @@ if (!$error && ($massaction == 'delete' || ($action == 'delete' && $confirm == ' if ($objectclass == 'Facture' && empty($conf->global->INVOICE_CAN_ALWAYS_BE_REMOVED) && $objecttmp->status != Facture::STATUS_DRAFT) { $langs->load("errors"); $nbignored++; - $resaction .= '
'.$langs->trans('ErrorOnlyDraftStatusCanBeDeletedInMassAction', $objecttmp->ref).'

'; + $TMsg[] = '
'.$langs->trans('ErrorOnlyDraftStatusCanBeDeletedInMassAction', $objecttmp->ref).'

'; + continue; + } + + if ($objecttmp->is_erasable() <= 0) { + $langs->load("errors"); + $nbignored++; + $TMsg[] = '
'.$langs->trans('ErrorRecordHasChildren').' '.$objecttmp->ref.'

'; continue; } From 28e14ac336f16610449c3de73c84934d6c97f845 Mon Sep 17 00:00:00 2001 From: Christian Foellmann Date: Thu, 11 Nov 2021 13:28:33 +0100 Subject: [PATCH 19/45] fix permission on supplier_order document upload --- htdocs/supplier_proposal/document.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/supplier_proposal/document.php b/htdocs/supplier_proposal/document.php index a8b85fc25b5..884519a4f9a 100644 --- a/htdocs/supplier_proposal/document.php +++ b/htdocs/supplier_proposal/document.php @@ -75,7 +75,7 @@ if ($object->id > 0) { $upload_dir = $conf->supplier_proposal->dir_output.'/'.dol_sanitizeFileName($object->ref); } - +$permissiontoadd = $user->rights->supplier_proposal->creer; /* * Actions From bbd97c6e16a42d3e57c4df7c7680d95236a90df6 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 11 Nov 2021 13:36:04 +0100 Subject: [PATCH 20/45] Code comment --- htdocs/core/db/DoliDB.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/db/DoliDB.class.php b/htdocs/core/db/DoliDB.class.php index 1aecd205da3..1ebea289470 100644 --- a/htdocs/core/db/DoliDB.class.php +++ b/htdocs/core/db/DoliDB.class.php @@ -233,7 +233,7 @@ abstract class DoliDB implements Database * Define sort criteria of request * * @param string $sortfield List of sort fields, separated by comma. Example: 't1.fielda,t2.fieldb' - * @param string $sortorder Sort order, separated by comma. Example: 'ASC,DESC'; + * @param string $sortorder Sort order, separated by comma. Example: 'ASC,DESC'. Note: If the quantity fo sortorder values is lower than sortfield, we used the last value for missing values. * @return string String to provide syntax of a sort sql string */ public function order($sortfield = null, $sortorder = null) From fd3fd9d945f51a14146df69be9e60baf2f755946 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 11 Nov 2021 13:46:58 +0100 Subject: [PATCH 21/45] Fix getpost --- htdocs/compta/bank/transfer.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/bank/transfer.php b/htdocs/compta/bank/transfer.php index 9665a8a2b1f..f728dc74f4e 100644 --- a/htdocs/compta/bank/transfer.php +++ b/htdocs/compta/bank/transfer.php @@ -61,8 +61,8 @@ if ($action == 'add') { $dateo = dol_mktime(12, 0, 0, GETPOST('remonth', 'int'), GETPOST('reday', 'int'), GETPOST('reyear', 'int')); $label = GETPOST('label', 'alpha'); - $amount = price2num(GETPOST('amount', 'alpha'), 'MT'); - $amountto = price2num(GETPOST('amountto', 'alpha'), 'MT'); + $amount = price2num(GETPOST('amount', 'alpha'), 'MT', 2); + $amountto = price2num(GETPOST('amountto', 'alpha'), 'MT', 2); if (!$label) { $error++; From 0443302c3d5fb814eb6e813c1bafe27393730c08 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 11 Nov 2021 13:49:21 +0100 Subject: [PATCH 22/45] FIX calculation of balance in conciliation page on desc sorting. --- htdocs/compta/bank/bankentries_list.php | 13 ++++++------- htdocs/core/lib/functions.lib.php | 8 +++++++- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index 8628e287bd0..00a61a7ce7e 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -178,7 +178,6 @@ $object->fields = dol_sort_array($object->fields, 'position'); $arrayfields = dol_sort_array($arrayfields, 'position'); - /* * Actions */ @@ -270,13 +269,15 @@ if ((GETPOST('confirm_savestatement', 'alpha') || GETPOST('confirm_reconcile', ' if (!$error) { $param = 'action=reconcile&contextpage=banktransactionlist&id='.$id.'&search_account='.$id; - $param .= '&search_conciliated='.urlencode($search_conciliated); if ($page) { $param .= '&page='.urlencode($page); } if ($offset) { $param .= '&offset='.urlencode($offset); } + if ($search_conciliated != '' && $search_conciliated != '-1') { + $param .= '&search_conciliated='.urlencode($search_conciliated); + } if ($search_thirdparty_user) { $param .= '&search_thirdparty='.urlencode($search_thirdparty_user); } @@ -419,7 +420,6 @@ $banklinestatic = new AccountLine($db); $now = dol_now(); - // Must be before button action $param = ''; if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) { @@ -757,7 +757,7 @@ if ($resql) { // Confirmation delete if ($action == 'delete') { $text = $langs->trans('ConfirmDeleteTransaction'); - print $form->formconfirm($_SERVER['PHP_SELF'].'?id='.$object->id.'&rowid='.GETPOST("rowid"), $langs->trans('DeleteTransaction'), $text, 'confirm_delete', null, '', 1); + print $form->formconfirm($_SERVER['PHP_SELF'].'?id='.$object->id.'&rowid='.GETPOST("rowid", 'int'), $langs->trans('DeleteTransaction'), $text, 'confirm_delete', null, '', 1); } // Lines of title fields @@ -1200,7 +1200,7 @@ if ($resql) { $objforbalance = $db->fetch_object($resqlforbalance); if ($objforbalance) { // If sort is desc,desc,desc then total of previous date + amount is the balancebefore of the previous line before the line to show - if ($sortfield == 'b.datev,b.dateo,b.rowid' && $sortorder == 'desc,desc,desc') { + if ($sortfield == 'b.datev,b.dateo,b.rowid' && ($sortorder == 'desc' || $sortorder == 'desc,desc' || $sortorder == 'desc,desc,desc')) { $balancebefore = $objforbalance->previoustotal + ($sign * $objp->amount); } else { // If sort is asc,asc,asc then total of previous date is balance of line before the next line to show @@ -1285,8 +1285,7 @@ if ($resql) { } } - - if ($sortfield == 'b.datev,b.dateo,b.rowid' && $sortorder == 'desc,desc,desc') { + if ($sortfield == 'b.datev,b.dateo,b.rowid' && ($sortorder == 'desc' || $sortorder == 'desc,desc' || $sortorder == 'desc,desc,desc')) { $balance = price2num($balancebefore, 'MT'); // balance = balancebefore of previous line (sort is desc) $balancebefore = price2num($balancebefore - ($sign * $objp->amount), 'MT'); } else { diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 81a5413182e..54a44753513 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -5378,13 +5378,16 @@ function price2num($amount, $rounding = '', $option = 0) if ($thousand != ',' && $thousand != '.') { $amount = str_replace(',', '.', $amount); // To accept 2 notations for french users } + $amount = str_replace(' ', '', $amount); // To avoid spaces $amount = str_replace($thousand, '', $amount); // Replace of thousand before replace of dec to avoid pb if thousand is . $amount = str_replace($dec, '.', $amount); + + $amount = preg_replace('/[^0-9\-\.]/', '', $amount); // Clean non numeric chars (so it clean some UTF8 spaces for example. } //print ' XX'.$amount.' '.$rounding; - // Now, make a rounding if required + // Now, $amount is a real PHP float number. We make a rounding if required. if ($rounding) { $nbofdectoround = ''; if ($rounding == 'MU') { @@ -5424,9 +5427,12 @@ function price2num($amount, $rounding = '', $option = 0) if ($thousand != ',' && $thousand != '.') { $amount = str_replace(',', '.', $amount); // To accept 2 notations for french users } + $amount = str_replace(' ', '', $amount); // To avoid spaces $amount = str_replace($thousand, '', $amount); // Replace of thousand before replace of dec to avoid pb if thousand is . $amount = str_replace($dec, '.', $amount); + + $amount = preg_replace('/[^0-9\-\.]/', '', $amount); // Clean non numeric chars (so it clean some UTF8 spaces for example. } return $amount; From 28aa17e4fd5d17511f1646021ebf98b397990903 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 11 Nov 2021 13:49:21 +0100 Subject: [PATCH 23/45] FIX calculation of balance in conciliation page on desc sorting. --- htdocs/compta/bank/bankentries_list.php | 13 ++++++------- htdocs/core/lib/functions.lib.php | 8 +++++++- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index 14aeee29d69..84938f24dbc 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -175,7 +175,6 @@ $object->fields = dol_sort_array($object->fields, 'position'); $arrayfields = dol_sort_array($arrayfields, 'position'); - /* * Actions */ @@ -266,13 +265,15 @@ if ((GETPOST('confirm_savestatement', 'alpha') || GETPOST('confirm_reconcile', ' if (!$error) { $param = 'action=reconcile&contextpage=banktransactionlist&id='.$id.'&search_account='.$id; - $param .= '&search_conciliated='.urlencode($search_conciliated); if ($page) { $param .= '&page='.urlencode($page); } if ($offset) { $param .= '&offset='.urlencode($offset); } + if ($search_conciliated != '' && $search_conciliated != '-1') { + $param .= '&search_conciliated='.urlencode($search_conciliated); + } if ($search_thirdparty_user) { $param .= '&search_thirdparty='.urlencode($search_thirdparty_user); } @@ -415,7 +416,6 @@ $banklinestatic = new AccountLine($db); $now = dol_now(); - // Must be before button action $param = ''; if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) { @@ -748,7 +748,7 @@ if ($resql) { // Confirmation delete if ($action == 'delete') { $text = $langs->trans('ConfirmDeleteTransaction'); - print $form->formconfirm($_SERVER['PHP_SELF'].'?id='.$object->id.'&rowid='.GETPOST("rowid"), $langs->trans('DeleteTransaction'), $text, 'confirm_delete', null, '', 1); + print $form->formconfirm($_SERVER['PHP_SELF'].'?id='.$object->id.'&rowid='.GETPOST("rowid", 'int'), $langs->trans('DeleteTransaction'), $text, 'confirm_delete', null, '', 1); } // Lines of title fields @@ -1189,7 +1189,7 @@ if ($resql) { $objforbalance = $db->fetch_object($resqlforbalance); if ($objforbalance) { // If sort is desc,desc,desc then total of previous date + amount is the balancebefore of the previous line before the line to show - if ($sortfield == 'b.datev,b.dateo,b.rowid' && $sortorder == 'desc,desc,desc') { + if ($sortfield == 'b.datev,b.dateo,b.rowid' && ($sortorder == 'desc' || $sortorder == 'desc,desc' || $sortorder == 'desc,desc,desc')) { $balancebefore = $objforbalance->previoustotal + ($sign * $objp->amount); } else { // If sort is asc,asc,asc then total of previous date is balance of line before the next line to show @@ -1274,8 +1274,7 @@ if ($resql) { } } - - if ($sortfield == 'b.datev,b.dateo,b.rowid' && $sortorder == 'desc,desc,desc') { + if ($sortfield == 'b.datev,b.dateo,b.rowid' && ($sortorder == 'desc' || $sortorder == 'desc,desc' || $sortorder == 'desc,desc,desc')) { $balance = price2num($balancebefore, 'MT'); // balance = balancebefore of previous line (sort is desc) $balancebefore = price2num($balancebefore - ($sign * $objp->amount), 'MT'); } else { diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index eae8546a338..07ff2930f0f 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -5329,13 +5329,16 @@ function price2num($amount, $rounding = '', $option = 0) if ($thousand != ',' && $thousand != '.') { $amount = str_replace(',', '.', $amount); // To accept 2 notations for french users } + $amount = str_replace(' ', '', $amount); // To avoid spaces $amount = str_replace($thousand, '', $amount); // Replace of thousand before replace of dec to avoid pb if thousand is . $amount = str_replace($dec, '.', $amount); + + $amount = preg_replace('/[^0-9\-\.]/', '', $amount); // Clean non numeric chars (so it clean some UTF8 spaces for example. } //print ' XX'.$amount.' '.$rounding; - // Now, make a rounding if required + // Now, $amount is a real PHP float number. We make a rounding if required. if ($rounding) { $nbofdectoround = ''; if ($rounding == 'MU') { @@ -5375,9 +5378,12 @@ function price2num($amount, $rounding = '', $option = 0) if ($thousand != ',' && $thousand != '.') { $amount = str_replace(',', '.', $amount); // To accept 2 notations for french users } + $amount = str_replace(' ', '', $amount); // To avoid spaces $amount = str_replace($thousand, '', $amount); // Replace of thousand before replace of dec to avoid pb if thousand is . $amount = str_replace($dec, '.', $amount); + + $amount = preg_replace('/[^0-9\-\.]/', '', $amount); // Clean non numeric chars (so it clean some UTF8 spaces for example. } return $amount; From 9cb094b46638fe37b8028084214a6525650686c5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 11 Nov 2021 14:37:25 +0100 Subject: [PATCH 24/45] Fix error method not defined --- htdocs/core/actions_massactions.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/actions_massactions.inc.php b/htdocs/core/actions_massactions.inc.php index 7c24257594f..80ba0b671eb 100644 --- a/htdocs/core/actions_massactions.inc.php +++ b/htdocs/core/actions_massactions.inc.php @@ -1299,7 +1299,7 @@ if (!$error && ($massaction == 'delete' || ($action == 'delete' && $confirm == ' continue; } - if ($objecttmp->is_erasable() <= 0) { + if (method_exists($objecttmp, 'is_erasable') && $objecttmp->is_erasable() <= 0) { $langs->load("errors"); $nbignored++; $TMsg[] = '
'.$langs->trans('ErrorRecordHasChildren').' '.$objecttmp->ref.'

'; From da2f3e7b406fdcfa76be9651b7d54a7ad6c1b51f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 11 Nov 2021 14:55:59 +0100 Subject: [PATCH 25/45] Code comment --- htdocs/core/class/commondocgenerator.class.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/core/class/commondocgenerator.class.php b/htdocs/core/class/commondocgenerator.class.php index a92179e7b6a..e5d8db4cb53 100644 --- a/htdocs/core/class/commondocgenerator.class.php +++ b/htdocs/core/class/commondocgenerator.class.php @@ -516,8 +516,9 @@ abstract class CommonDocGenerator // Add vat by rates if (is_array($object->lines) && count($object->lines) > 0) { $totalUp = 0; + // Set substitution keys for different VAT rates foreach ($object->lines as $line) { - // $line->tva_tx format depends on database field accuraty, no reliable. This is kept for backward compatibility + // $line->tva_tx format depends on database field accuracy, no reliable. This is kept for backward compatibility if (empty($resarray[$array_key.'_total_vat_'.$line->tva_tx])) { $resarray[$array_key.'_total_vat_'.$line->tva_tx] = 0; } From c6ecf87a8a8ee583cb99264f70c03d0e9778a189 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 11 Nov 2021 15:02:51 +0100 Subject: [PATCH 26/45] Update commondocgenerator.class.php --- htdocs/core/class/commondocgenerator.class.php | 8 -------- 1 file changed, 8 deletions(-) diff --git a/htdocs/core/class/commondocgenerator.class.php b/htdocs/core/class/commondocgenerator.class.php index a0f3f311ed4..0f962a9ca09 100644 --- a/htdocs/core/class/commondocgenerator.class.php +++ b/htdocs/core/class/commondocgenerator.class.php @@ -559,14 +559,6 @@ abstract class CommonDocGenerator $resarray = $this->fill_substitutionarray_with_extrafields($object, $resarray, $extrafields, $array_key, $outputlangs); } - // Load product data optional fields to the line -> enables to use "line_options_{extrafield}" - if (isset($line->fk_product) && $line->fk_product > 0) { - $tmpproduct = new Product($this->db); - $result = $tmpproduct->fetch($line->fk_product); - foreach ($tmpproduct->array_options as $key=>$label) - $resarray["line_".$key] = $label; - } - return $resarray; } From 66f1dd854584717bfbaa95002e3d933da8abc20f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 11 Nov 2021 15:12:31 +0100 Subject: [PATCH 27/45] Fix avoid too large PDF --- htdocs/core/lib/pdf.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/pdf.lib.php b/htdocs/core/lib/pdf.lib.php index dda52e653fe..255d4dcf453 100644 --- a/htdocs/core/lib/pdf.lib.php +++ b/htdocs/core/lib/pdf.lib.php @@ -2247,7 +2247,7 @@ function pdf_getLinkedObjects(&$object, $outputlangs) } elseif ($objecttype == 'commande' || $objecttype == 'supplier_order') { $outputlangs->load('orders'); - if (count($objects) > 1) { + if (count($objects) > 1 && count($objects) <= (getDolGlobalInt("MAXREFONDOC") ? getDolGlobalInt("MAXREFONDOC") : 5)) { $object->note_public .= dol_concatdesc($object->note_public, '
'.$outputlangs->transnoentities("RefOrder").' :
'); foreach ($objects as $elementobject) { $object->note_public .= dol_concatdesc($object->note_public, $outputlangs->transnoentities($elementobject->ref).($elementobject->ref_client ? ' ('.$elementobject->ref_client.')' : '').($elementobject->ref_supplier ? ' ('.$elementobject->ref_supplier.')' : '').' '); From 436dbcd81d176737fe6a6a4f8288d38b0d5eb16a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 11 Nov 2021 15:22:54 +0100 Subject: [PATCH 28/45] Shorter pdf label --- htdocs/langs/en_US/propal.lang | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/langs/en_US/propal.lang b/htdocs/langs/en_US/propal.lang index ed07831fcba..db7b559a8a7 100644 --- a/htdocs/langs/en_US/propal.lang +++ b/htdocs/langs/en_US/propal.lang @@ -5,7 +5,7 @@ ProposalShort=Proposal ProposalsDraft=Draft commercial proposals ProposalsOpened=Open commercial proposals CommercialProposal=Commercial proposal -PdfCommercialProposalTitle=Commercial proposal +PdfCommercialProposalTitle=Proposal ProposalCard=Proposal card NewProp=New commercial proposal NewPropal=New proposal From 06f378db18d4dfb18956c04b822c630ce48cbbaf Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 11 Nov 2021 15:31:19 +0100 Subject: [PATCH 29/45] FIX Bad use of dol_concatdesc() --- htdocs/core/lib/pdf.lib.php | 27 ++++++++++---------- htdocs/datapolicy/class/datapolicy.class.php | 16 ++++++------ 2 files changed, 22 insertions(+), 21 deletions(-) diff --git a/htdocs/core/lib/pdf.lib.php b/htdocs/core/lib/pdf.lib.php index 255d4dcf453..873b375496e 100644 --- a/htdocs/core/lib/pdf.lib.php +++ b/htdocs/core/lib/pdf.lib.php @@ -2247,13 +2247,11 @@ function pdf_getLinkedObjects(&$object, $outputlangs) } elseif ($objecttype == 'commande' || $objecttype == 'supplier_order') { $outputlangs->load('orders'); - if (count($objects) > 1 && count($objects) <= (getDolGlobalInt("MAXREFONDOC") ? getDolGlobalInt("MAXREFONDOC") : 5)) { - $object->note_public .= dol_concatdesc($object->note_public, '
'.$outputlangs->transnoentities("RefOrder").' :
'); + if (count($objects) > 1 && count($objects) <= (getDolGlobalInt("MAXREFONDOC") ? getDolGlobalInt("MAXREFONDOC") : 10)) { + $object->note_public = dol_concatdesc($object->note_public, '
'.$outputlangs->transnoentities("RefOrder").' :
'); foreach ($objects as $elementobject) { - $object->note_public .= dol_concatdesc($object->note_public, $outputlangs->transnoentities($elementobject->ref).($elementobject->ref_client ? ' ('.$elementobject->ref_client.')' : '').($elementobject->ref_supplier ? ' ('.$elementobject->ref_supplier.')' : '').' '); - $object->note_public .= dol_concatdesc($object->note_public, $outputlangs->transnoentities("OrderDate").' : '); - $object->note_public .= dol_concatdesc($object->note_public, dol_print_date($elementobject->date, 'day', '', $outputlangs)); - $object->note_public .= dol_concatdesc($object->note_public, '
'); + $object->note_public = dol_concatdesc($object->note_public, $outputlangs->transnoentities($elementobject->ref).($elementobject->ref_client ? ' ('.$elementobject->ref_client.')' : '').($elementobject->ref_supplier ? ' ('.$elementobject->ref_supplier.')' : '').' '); + $object->note_public = dol_concatdesc($object->note_public, $outputlangs->transnoentities("OrderDate").' : '.dol_print_date($elementobject->date, 'day', '', $outputlangs).'
'); } } elseif (count($objects) == 1) { $elementobject = array_shift($objects); @@ -2283,8 +2281,11 @@ function pdf_getLinkedObjects(&$object, $outputlangs) if (count($objects) > 1) { $order = null; - if (empty($object->linkedObjects['commande']) && $object->element != 'commande') $object->note_public .= dol_concatdesc($object->note_public, '
'.$outputlangs->transnoentities("RefOrder").' / '.$outputlangs->transnoentities("RefSending").' :
'); - else $object->note_public .= dol_concatdesc($object->note_public, '
'.$outputlangs->transnoentities("RefSending").' :
'); + if (empty($object->linkedObjects['commande']) && $object->element != 'commande') { + $object->note_public = dol_concatdesc($object->note_public, '
'.$outputlangs->transnoentities("RefOrder").' / '.$outputlangs->transnoentities("RefSending").' :
'); + } else { + $object->note_public = dol_concatdesc($object->note_public, '
'.$outputlangs->transnoentities("RefSending").' :
'); + } // We concat this record info into fields xxx_value. title is overwrote. foreach ($objects as $elementobject) { if (empty($object->linkedObjects['commande']) && $object->element != 'commande') { // There is not already a link to order and object is not the order, so we show also info with order @@ -2300,12 +2301,12 @@ function pdf_getLinkedObjects(&$object, $outputlangs) } if (! is_object($order)) { - $object->note_public .= dol_concatdesc($object->note_public, $outputlangs->transnoentities($elementobject->ref)); - $object->note_public .= dol_concatdesc($object->note_public, '
'); + $object->note_public = dol_concatdesc($object->note_public, $outputlangs->transnoentities($elementobject->ref)); + $object->note_public = dol_concatdesc($object->note_public, '
'); } else { - $object->note_public .= dol_concatdesc($object->note_public, $outputlangs->convToOutputCharset($order->ref).($order->ref_client ? ' ('.$order->ref_client.')' : '')); - $object->note_public .= dol_concatdesc($object->note_public, ' / '.$outputlangs->transnoentities($elementobject->ref)); - $object->note_public .= dol_concatdesc($object->note_public, '
'); + $object->note_public = dol_concatdesc($object->note_public, $outputlangs->convToOutputCharset($order->ref).($order->ref_client ? ' ('.$order->ref_client.')' : '')); + $object->note_public = dol_concatdesc($object->note_public, ' / '.$outputlangs->transnoentities($elementobject->ref)); + $object->note_public = dol_concatdesc($object->note_public, '
'); } } } elseif (count($objects) == 1) { diff --git a/htdocs/datapolicy/class/datapolicy.class.php b/htdocs/datapolicy/class/datapolicy.class.php index a7ed08d7e6f..7d53020ce3a 100644 --- a/htdocs/datapolicy/class/datapolicy.class.php +++ b/htdocs/datapolicy/class/datapolicy.class.php @@ -269,11 +269,11 @@ class DataPolicy $actionmsg = $langs->transnoentities('MailSentBy').' '.$from.' '.$langs->transnoentities('To').' '.$sendto; if ($message) { if ($sendtocc) { - $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('Bcc').": ".$sendtocc); + $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('Bcc').": ".$sendtocc); } - $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('MailTopic').": ".$subject); - $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('TextUsedInTheMessageBody').":"); - $actionmsg .= dol_concatdesc($actionmsg, $message); + $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('MailTopic').": ".$subject); + $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('TextUsedInTheMessageBody').":"); + $actionmsg = dol_concatdesc($actionmsg, $message); } // Send mail @@ -343,11 +343,11 @@ class DataPolicy $actionmsg = $langs->transnoentities('MailSentBy').' '.$from.' '.$langs->transnoentities('To').' '.$sendto; if ($message) { if ($sendtocc) { - $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('Bcc').": ".$sendtocc); + $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('Bcc').": ".$sendtocc); } - $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('MailTopic').": ".$subject); - $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('TextUsedInTheMessageBody').":"); - $actionmsg .= dol_concatdesc($actionmsg, $message); + $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('MailTopic').": ".$subject); + $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('TextUsedInTheMessageBody').":"); + $actionmsg = dol_concatdesc($actionmsg, $message); } From fa4b5d99c0f728c66238e1da52694190af5c7bd0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 11 Nov 2021 15:35:34 +0100 Subject: [PATCH 30/45] FIX Bad use of dol_concatdesc() --- htdocs/datapolicy/class/datapolicy.class.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/htdocs/datapolicy/class/datapolicy.class.php b/htdocs/datapolicy/class/datapolicy.class.php index a7ed08d7e6f..7d53020ce3a 100644 --- a/htdocs/datapolicy/class/datapolicy.class.php +++ b/htdocs/datapolicy/class/datapolicy.class.php @@ -269,11 +269,11 @@ class DataPolicy $actionmsg = $langs->transnoentities('MailSentBy').' '.$from.' '.$langs->transnoentities('To').' '.$sendto; if ($message) { if ($sendtocc) { - $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('Bcc').": ".$sendtocc); + $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('Bcc').": ".$sendtocc); } - $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('MailTopic').": ".$subject); - $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('TextUsedInTheMessageBody').":"); - $actionmsg .= dol_concatdesc($actionmsg, $message); + $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('MailTopic').": ".$subject); + $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('TextUsedInTheMessageBody').":"); + $actionmsg = dol_concatdesc($actionmsg, $message); } // Send mail @@ -343,11 +343,11 @@ class DataPolicy $actionmsg = $langs->transnoentities('MailSentBy').' '.$from.' '.$langs->transnoentities('To').' '.$sendto; if ($message) { if ($sendtocc) { - $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('Bcc').": ".$sendtocc); + $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('Bcc').": ".$sendtocc); } - $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('MailTopic').": ".$subject); - $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('TextUsedInTheMessageBody').":"); - $actionmsg .= dol_concatdesc($actionmsg, $message); + $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('MailTopic').": ".$subject); + $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('TextUsedInTheMessageBody').":"); + $actionmsg = dol_concatdesc($actionmsg, $message); } From ba724204a430cc841a068b777ebf1d6e2ca727cc Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 11 Nov 2021 15:50:32 +0100 Subject: [PATCH 31/45] FIX Bad use of dol_concatdesc() --- htdocs/datapolicy/class/datapolicy.class.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/htdocs/datapolicy/class/datapolicy.class.php b/htdocs/datapolicy/class/datapolicy.class.php index bf1033084d5..7383e059ae3 100644 --- a/htdocs/datapolicy/class/datapolicy.class.php +++ b/htdocs/datapolicy/class/datapolicy.class.php @@ -259,11 +259,11 @@ class DataPolicy { if ($sendtocc) { - $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('Bcc') . ": " . $sendtocc); + $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('Bcc') . ": " . $sendtocc); } - $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('MailTopic') . ": " . $subject); - $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('TextUsedInTheMessageBody') . ":"); - $actionmsg .= dol_concatdesc($actionmsg, $message); + $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('MailTopic') . ": " . $subject); + $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('TextUsedInTheMessageBody') . ":"); + $actionmsg = dol_concatdesc($actionmsg, $message); } // Send mail @@ -329,11 +329,11 @@ class DataPolicy $actionmsg = $langs->transnoentities('MailSentBy') . ' ' . $from . ' ' . $langs->transnoentities('To') . ' ' . $sendto; if ($message) { if ($sendtocc) { - $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('Bcc') . ": " . $sendtocc); + $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('Bcc') . ": " . $sendtocc); } - $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('MailTopic') . ": " . $subject); - $actionmsg .= dol_concatdesc($actionmsg, $langs->transnoentities('TextUsedInTheMessageBody') . ":"); - $actionmsg .= dol_concatdesc($actionmsg, $message); + $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('MailTopic') . ": " . $subject); + $actionmsg = dol_concatdesc($actionmsg, $langs->transnoentities('TextUsedInTheMessageBody') . ":"); + $actionmsg = dol_concatdesc($actionmsg, $message); } From 00213812010a43454ab7a61558f67009cdd638da Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 11 Nov 2021 17:08:35 +0100 Subject: [PATCH 32/45] Fix #yogosha7605 --- htdocs/core/db/mysqli.class.php | 16 ++++++++++++---- htdocs/core/db/pgsql.class.php | 12 ++++++++---- htdocs/core/db/sqlite3.class.php | 16 ++++++++++++---- htdocs/install/upgrade.php | 1 + test/phpunit/CodingPhpTest.php | 4 ++-- test/phpunit/CodingSqlTest.php | 2 +- 6 files changed, 36 insertions(+), 15 deletions(-) diff --git a/htdocs/core/db/mysqli.class.php b/htdocs/core/db/mysqli.class.php index 0db4e16a897..b64ec0708e2 100644 --- a/htdocs/core/db/mysqli.class.php +++ b/htdocs/core/db/mysqli.class.php @@ -663,9 +663,13 @@ class DoliDBMysqli extends DoliDB $like = ''; if ($table) { - $like = "LIKE '".$table."'"; + $tmptable = preg_replace('/[^a-z0-9\.\-\_%]/i', '', $table); + + $like = "LIKE '".$this->escape($tmptable)."'"; } - $sql = "SHOW TABLES FROM ".$database." ".$like.";"; + $tmpdatabase = preg_replace('/[^a-z0-9\.\-\_]/i', '', $database); + + $sql = "SHOW TABLES FROM ".$tmpdatabase." ".$like.";"; //print $sql; $result = $this->query($sql); if ($result) { @@ -688,7 +692,9 @@ class DoliDBMysqli extends DoliDB // phpcs:enable $infotables = array(); - $sql = "SHOW FULL COLUMNS FROM ".$table.";"; + $tmptable = preg_replace('/[^a-z0-9\.\-\_]/i', '', $table); + + $sql = "SHOW FULL COLUMNS FROM ".$tmptable.";"; dol_syslog($sql, LOG_DEBUG); $result = $this->query($sql); @@ -794,7 +800,9 @@ class DoliDBMysqli extends DoliDB public function DDLDropTable($table) { // phpcs:enable - $sql = "DROP TABLE ".$table; + $tmptable = preg_replace('/[^a-z0-9\.\-\_]/i', '', $table); + + $sql = "DROP TABLE ".$tmptable; if (!$this->query($sql)) { return -1; diff --git a/htdocs/core/db/pgsql.class.php b/htdocs/core/db/pgsql.class.php index 5997349d0c5..ac6b8de33f3 100644 --- a/htdocs/core/db/pgsql.class.php +++ b/htdocs/core/db/pgsql.class.php @@ -937,7 +937,9 @@ class DoliDBPgsql extends DoliDB $escapedlike = ''; if ($table) { - $escapedlike = " AND table_name LIKE '".$this->escape($table)."'"; + $tmptable = preg_replace('/[^a-z0-9\.\-\_%]/i', '', $table); + + $escapedlike = " AND table_name LIKE '".$this->escape($tmptable)."'"; } $result = pg_query($this->db, "SELECT table_name FROM information_schema.tables WHERE table_schema = 'public'".$escapedlike." ORDER BY table_name"); if ($result) { @@ -973,8 +975,8 @@ class DoliDBPgsql extends DoliDB $sql .= " '' as \"Extra\","; $sql .= " '' as \"Privileges\""; $sql .= " FROM information_schema.columns infcol"; - $sql .= " WHERE table_schema='public' "; - $sql .= " AND table_name='".$this->escape($table)."'"; + $sql .= " WHERE table_schema = 'public' "; + $sql .= " AND table_name = '".$this->escape($table)."'"; $sql .= " ORDER BY ordinal_position;"; dol_syslog($sql, LOG_DEBUG); @@ -1078,7 +1080,9 @@ class DoliDBPgsql extends DoliDB public function DDLDropTable($table) { // phpcs:enable - $sql = "DROP TABLE ".$table; + $tmptable = preg_replace('/[^a-z0-9\.\-\_]/i', '', $table); + + $sql = "DROP TABLE ".$tmptable; if (!$this->query($sql)) { return -1; diff --git a/htdocs/core/db/sqlite3.class.php b/htdocs/core/db/sqlite3.class.php index c03d2a5ee04..bc01ee7a535 100644 --- a/htdocs/core/db/sqlite3.class.php +++ b/htdocs/core/db/sqlite3.class.php @@ -875,9 +875,13 @@ class DoliDBSqlite3 extends DoliDB $like = ''; if ($table) { - $like = "LIKE '".$table."'"; + $tmptable = preg_replace('/[^a-z0-9\.\-\_%]/i', '', $table); + + $like = "LIKE '".$this->escape($tmptable)."'"; } - $sql = "SHOW TABLES FROM ".$database." ".$like.";"; + $tmpdatabase = preg_replace('/[^a-z0-9\.\-\_]/i', '', $database); + + $sql = "SHOW TABLES FROM ".$tmpdatabase." ".$like.";"; //print $sql; $result = $this->query($sql); if ($result) { @@ -901,7 +905,9 @@ class DoliDBSqlite3 extends DoliDB // phpcs:enable $infotables = array(); - $sql = "SHOW FULL COLUMNS FROM ".$table.";"; + $tmptable = preg_replace('/[^a-z0-9\.\-\_]/i', '', $table); + + $sql = "SHOW FULL COLUMNS FROM ".$tmptable.";"; dol_syslog($sql, LOG_DEBUG); $result = $this->query($sql); @@ -1002,7 +1008,9 @@ class DoliDBSqlite3 extends DoliDB public function DDLDropTable($table) { // phpcs:enable - $sql = "DROP TABLE ".$table; + $tmptable = preg_replace('/[^a-z0-9\.\-\_]/i', '', $table); + + $sql = "DROP TABLE ".$tmptable; if (!$this->query($sql)) { return -1; diff --git a/htdocs/install/upgrade.php b/htdocs/install/upgrade.php index b36914ad36b..c03678151fc 100644 --- a/htdocs/install/upgrade.php +++ b/htdocs/install/upgrade.php @@ -260,6 +260,7 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ ); $listtables = $db->DDLListTables($conf->db->name, ''); + foreach ($listtables as $val) { // Database prefix filter if (preg_match('/^'.MAIN_DB_PREFIX.'/', $val)) { diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index 2681164c857..383c37e95e5 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -17,7 +17,7 @@ */ /** - * \file test/phpunit/SqlTest.php + * \file test/phpunit/CodingPhpTest.php * \ingroup test * \brief PHPUnit test * \remarks To run this script as CLI: phpunit filename.php @@ -363,7 +363,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Check string sql|set|WHERE|...'".$yyy->xxx with xxx that is not 'escape', 'idate', .... It means we forget a db->escape when forging sql request. $ok=true; $matches=array(); - preg_match_all('/(sql|SET|WHERE|INSERT|VALUES).+\s*\'"\s*\.\s*\$(.......)/', $filecontent, $matches, PREG_SET_ORDER); + preg_match_all('/(sql|SET|WHERE|INSERT|VALUES|LIKE).+\s*\'"\s*\.\s*\$(.......)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { if (! in_array($val[2], array('this->d', 'this->e', 'db->esc', 'dbs->es', 'mydb->e', 'dbsessi', 'db->ida', 'escaped', 'exclude', 'include'))) { $ok=false; // This will generate error diff --git a/test/phpunit/CodingSqlTest.php b/test/phpunit/CodingSqlTest.php index 9217ebbe7f6..f79205a0443 100644 --- a/test/phpunit/CodingSqlTest.php +++ b/test/phpunit/CodingSqlTest.php @@ -17,7 +17,7 @@ */ /** - * \file test/phpunit/SqlTest.php + * \file test/phpunit/CodingSqlTest.php * \ingroup test * \brief PHPUnit test * \remarks To run this script as CLI: phpunit filename.php From aab9c2e6cacb0ca194d028481645c236be4652f3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 11 Nov 2021 18:20:31 +0100 Subject: [PATCH 33/45] Fix #yogosha7605 --- htdocs/core/db/mysqli.class.php | 5 +++-- htdocs/core/db/pgsql.class.php | 5 +++-- htdocs/core/db/sqlite3.class.php | 5 +++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/htdocs/core/db/mysqli.class.php b/htdocs/core/db/mysqli.class.php index b64ec0708e2..4dd71f0e351 100644 --- a/htdocs/core/db/mysqli.class.php +++ b/htdocs/core/db/mysqli.class.php @@ -933,8 +933,9 @@ class DoliDBMysqli extends DoliDB public function DDLDropField($table, $field_name) { // phpcs:enable - $sql = "ALTER TABLE ".$table." DROP COLUMN `".$field_name."`"; - dol_syslog(get_class($this)."::DDLDropField ".$sql, LOG_DEBUG); + $tmp_field_name = preg_replace('/[^a-z0-9\.\-\_]/i', '', $field_name); + + $sql = "ALTER TABLE ".$table." DROP COLUMN `".$tmp_field_name."`"; if ($this->query($sql)) { return 1; } diff --git a/htdocs/core/db/pgsql.class.php b/htdocs/core/db/pgsql.class.php index ac6b8de33f3..7cf0a5d905a 100644 --- a/htdocs/core/db/pgsql.class.php +++ b/htdocs/core/db/pgsql.class.php @@ -1240,8 +1240,9 @@ class DoliDBPgsql extends DoliDB public function DDLDropField($table, $field_name) { // phpcs:enable - $sql = "ALTER TABLE ".$table." DROP COLUMN ".$field_name; - dol_syslog($sql, LOG_DEBUG); + $tmp_field_name = preg_replace('/[^a-z0-9\.\-\_]/i', '', $field_name); + + $sql = "ALTER TABLE ".$table." DROP COLUMN ".$tmp_field_name; if (!$this->query($sql)) { $this->error = $this->lasterror(); return -1; diff --git a/htdocs/core/db/sqlite3.class.php b/htdocs/core/db/sqlite3.class.php index bc01ee7a535..d1d6a4b680a 100644 --- a/htdocs/core/db/sqlite3.class.php +++ b/htdocs/core/db/sqlite3.class.php @@ -1120,8 +1120,9 @@ class DoliDBSqlite3 extends DoliDB public function DDLDropField($table, $field_name) { // phpcs:enable - $sql = "ALTER TABLE ".$table." DROP COLUMN `".$field_name."`"; - dol_syslog(get_class($this)."::DDLDropField ".$sql, LOG_DEBUG); + $tmp_field_name = preg_replace('/[^a-z0-9\.\-\_]/i', '', $field_name); + + $sql = "ALTER TABLE ".$table." DROP COLUMN `".$tmp_field_name."`"; if (!$this->query($sql)) { $this->error = $this->lasterror(); return -1; From a725ffefdd80286502770c9eddfda64d69f30aa4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 11 Nov 2021 18:30:17 +0100 Subject: [PATCH 34/45] Fix sql error --- htdocs/takepos/index.php | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/htdocs/takepos/index.php b/htdocs/takepos/index.php index 4d729bde2fa..1ec50dd3799 100644 --- a/htdocs/takepos/index.php +++ b/htdocs/takepos/index.php @@ -1037,13 +1037,10 @@ if ($conf->global->TAKEPOS_PRINT_METHOD == "receiptprinter") { } $sql = "SELECT rowid, status, entity FROM ".MAIN_DB_PREFIX."pos_cash_fence WHERE"; -$sql .= " entity = ".$conf->entity." AND "; -<<<<<<< HEAD +$sql .= " entity = ".((int) $conf->entity)." AND "; +$sql .= " posnumber = ".((int) $_SESSION["takeposterminal"])." AND "; $sql .= " date_creation > '".$db->idate(dol_get_first_hour(dol_now()))."'"; -======= -$sql .= " posnumber = ".$_SESSION["takeposterminal"]." AND "; -$sql .= " date(date_creation) = CURDATE()"; ->>>>>>> branch '12.0' of git@github.com:Dolibarr/dolibarr.git + $resql = $db->query($sql); if ($resql) { From 21c2dba9222913883e3aa46d6ea0af9ef007a64b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 11 Nov 2021 19:06:55 +0100 Subject: [PATCH 35/45] Fix phpcs --- htdocs/compta/facture/card.php | 1 - 1 file changed, 1 deletion(-) diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index d9be7ff3f1c..e01d71a1020 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -5118,7 +5118,6 @@ if ($action == 'create') { print ' :'.price($retainedWarranty).' '; } } else { // Credit note - $resteapayeraffiche = $resteapayer; $cssforamountpaymentcomplete = 'amountpaymentneutral'; From 3b21fc2d37e71f057a0f971a5ac233e5a00a7127 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 12 Nov 2021 10:50:19 +0100 Subject: [PATCH 36/45] Better way to report value of stock when PRODUIT_MULTIPRICES is on --- htdocs/langs/en_US/stocks.lang | 2 +- htdocs/product/stock/product.php | 69 +++++++++++++++++++++++++------- 2 files changed, 55 insertions(+), 16 deletions(-) diff --git a/htdocs/langs/en_US/stocks.lang b/htdocs/langs/en_US/stocks.lang index 8c0cc76f075..19875f55148 100644 --- a/htdocs/langs/en_US/stocks.lang +++ b/htdocs/langs/en_US/stocks.lang @@ -96,7 +96,7 @@ RealStock=Real Stock RealStockDesc=Physical/real stock is the stock currently in the warehouses. RealStockWillAutomaticallyWhen=The real stock will be modified according to this rule (as defined in the Stock module): VirtualStock=Virtual stock -VirtualStockAtDate=Virtual stock at date +VirtualStockAtDate=Virtual stock at a future date VirtualStockAtDateDesc=Virtual stock once all the pending orders that are planned to be processed before the chosen date will be finished VirtualStockDesc=Virtual stock is the calculated stock available once all open/pending actions (that affect stocks) are closed (purchase orders received, sales orders shipped, manufacturing orders produced, etc) AtDate=At date diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php index 23900c85c0b..247d11d00c6 100644 --- a/htdocs/product/stock/product.php +++ b/htdocs/product/stock/product.php @@ -763,7 +763,7 @@ if ($id > 0 || $ref) { if ($result < 0) { dol_print_error($db, $object->error); } - $helpondiff .= ' ('.$langs->trans("ProductQtyInDraft").': '.$object->stats_commande['qty'].')'; + $helpondiff .= ' ('.$langs->trans("ProductQtyInDraft").': '.$object->stats_commande['qty'].')'; } // Number of product from customer order already sent (partial shipping) @@ -797,7 +797,7 @@ if ($id > 0 || $ref) { if ($result < 0) { dol_print_error($db, $object->error); } - $helpondiff .= ' ('.$langs->trans("ProductQtyInDraftOrWaitingApproved").': '.$object->stats_commande_fournisseur['qty'].')'; + $helpondiff .= ' ('.$langs->trans("ProductQtyInDraftOrWaitingApproved").': '.$object->stats_commande_fournisseur['qty'].')'; } // Number of product from supplier order already received (partial receipt) @@ -983,6 +983,7 @@ if (!$variants) { $entrepotstatic = new Entrepot($db); $product_lot_static = new Productlot($db); + $num = 0; $total = 0; $totalvalue = $totalvaluesell = 0; @@ -1025,18 +1026,45 @@ if (!$variants) { print ''.(price2num($object->pmp) ? price(price2num($object->pmp * $obj->reel, 'MT')) : '').''; // Sell price + $minsellprice = null; $maxsellprice = null; print ''; - print price(price2num($object->price, 'MU'), 1); if (!empty($conf->global->PRODUIT_MULTIPRICES)) { + foreach ($object->multiprices as $priceforlevel) { + if (is_numeric($priceforlevel)) { + if (is_null($maxsellprice) || $priceforlevel > $maxsellprice) { + $maxsellprice = $priceforlevel; + } + if (is_null($minsellprice) || $priceforlevel < $minsellprice) { + $minsellprice = $priceforlevel; + } + } + } + print ''; + if ($minsellprice != $maxsellprice) { + print price(price2num($minsellprice, 'MU'), 1).' - '.price(price2num($maxsellprice, 'MU'), 1); + } else { + print price(price2num($minsellprice, 'MU'), 1); + } + print ''; print $form->textwithpicto('', $langs->trans("Variable")); + } else { + print price(price2num($object->price, 'MU'), 1); } print ''; // Value sell print ''; - print price(price2num($object->price * $obj->reel, 'MT'), 1); if (!empty($conf->global->PRODUIT_MULTIPRICES)) { + print ''; + if ($minsellprice != $maxsellprice) { + print price(price2num($minsellprice * $obj->reel, 'MT'), 1).' - '.price(price2num($maxsellprice * $obj->reel, 'MT'), 1); + } else { + print price(price2num($minsellprice * $obj->reel, 'MT'), 1); + } + print ''; print $form->textwithpicto('', $langs->trans("Variable")); + } else { + print price(price2num($object->price * $obj->reel, 'MT'), 1); } print ''; print ''; @@ -1148,17 +1176,28 @@ if (!$variants) { print $totalvalue ? price(price2num($totalvalue, 'MT'), 1) : ' '; print ''; print ''; - print ($total ? price($totalvaluesell / $total, 1) : ' '); - if (!empty($conf->global->PRODUIT_MULTIPRICES)) { - print $form->textwithpicto('', $langs->trans("Variable")); + if ($num) { + if ($total) { + print ''; + if (!empty($conf->global->PRODUIT_MULTIPRICES)) { + print $form->textwithpicto('', $langs->trans("Variable")); + } else { + print price($totalvaluesell / $total, 1); + } + print ''; + } } print ''; // Value to sell - print ''; - if (empty($conf->global->PRODUIT_MULTIPRICES)) { - print price(price2num($totalvaluesell, 'MT'), 1); - } else { - print $langs->trans("Variable"); + print ''; + if ($num) { + print ''; + if (empty($conf->global->PRODUIT_MULTIPRICES)) { + print price(price2num($totalvaluesell, 'MT'), 1); + } else { + print $form->textwithpicto('', $langs->trans("Variable")); + } + print ''; } print ''; print ''; @@ -1180,13 +1219,13 @@ if (!$variants) { } print ''; if (!empty($user->rights->produit->creer)) { - print ''; + print ''; print ''; print ''; print ''; print ''; } else { - print ''; + print ''; print ''; print ''; print ''; @@ -1200,7 +1239,7 @@ if (!$variants) { foreach ($lines as $line) { $ent = new Entrepot($db); $ent->fetch($line['fk_entrepot']); - print ''; + print ''; print ''; print ''; if (!empty($user->rights->produit->creer)) { From 715a65eab25ef3fdb932c0c31763dc1be5bd62d1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 12 Nov 2021 13:33:59 +0100 Subject: [PATCH 37/45] Clean code for md theme --- htdocs/admin/modulehelp.php | 3 +++ htdocs/core/class/html.form.class.php | 3 ++- htdocs/main.inc.php | 2 +- htdocs/theme/md/style.css.php | 5 +++++ 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/htdocs/admin/modulehelp.php b/htdocs/admin/modulehelp.php index f0211d1b795..da76f01fd6c 100644 --- a/htdocs/admin/modulehelp.php +++ b/htdocs/admin/modulehelp.php @@ -70,6 +70,9 @@ print ''."\n".''; $arrayofnatures = array('core'=>$langs->transnoentitiesnoconv("Core"), 'external'=>$langs->transnoentitiesnoconv("External").' - '.$langs->trans("AllPublishers")); diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index fb0bba95ac4..92dba4d4de0 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -4905,8 +4905,9 @@ class Form $formconfirm .= ($question ? '
'.img_help('', '').' '.$question.'
' : ''); $formconfirm .= ''."\n"; - $formconfirm .= "\n\n"; + $formconfirm .= "\n\n"; $formconfirm .= '
'.$formproduct->selectWarehouses('', 'fk_entrepot').'
'.$formproduct->selectWarehouses('', 'fk_entrepot').'
'.$langs->trans("Warehouse").'
'.$langs->trans("Warehouse").''.$langs->trans("StockLimit").''.$langs->trans("DesiredStock").'
'.$ent->getNomUrl(3).'
'.$ent->getNomUrl(3).''.$line['seuil_stock_alerte'].''.$line['desiredstock'].'