diff --git a/ChangeLog b/ChangeLog index bcbfb1a959c..67cf9513a4a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -78,7 +78,7 @@ FIX: we must export company mail address on contact vcard only if contact email FIX: when we filter a list on a view status, we want this filter to be on bookmark that we create FIX: Wrong Sql on getListOfTowns api method FIX: wrong user right's name to top menu "commercial" -FIX: XSS Vulnerability +FIX: XSS Vulnerability reported by Mehmet Kelepçe / Gais Cyber Security ***** ChangeLog for 11.0.3 compared to 11.0.2 ***** FIX: unit price for selected supplier products not set. NaN was used. diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index 2ad521f79a2..b7f65ddf91f 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -644,6 +644,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) if ($value == 'localtax2' && empty($_POST['localtax2_type'])) continue; if ($value == 'color' && empty($_POST['color'])) continue; if ($value == 'formula' && empty($_POST['formula'])) continue; + if ($value == 'dayrule' && empty($_POST['dayrule'])) continue; if ($value == 'sortorder') continue; // For a column name 'sortorder', we use the field name 'position' if ((!isset($_POST[$value]) || $_POST[$value] == '') && (!in_array($listfield[$f], array('decalage', 'module', 'accountancy_code', 'accountancy_code_sell', 'accountancy_code_buy', 'tracking')) // Fields that are not mandatory diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index 26229561472..817d6c4a3cd 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -681,6 +681,7 @@ class ActionComm extends CommonObject $sql = "SELECT a.id,"; $sql .= " a.id as ref,"; + $sql .= " a.entity,"; $sql .= " a.ref_ext,"; $sql .= " a.datep,"; $sql .= " a.datep2,"; @@ -717,6 +718,7 @@ class ActionComm extends CommonObject $obj = $this->db->fetch_object($resql); $this->id = $obj->id; + $this->entity = $obj->entity; $this->ref = $obj->ref; $this->ref_ext = $obj->ref_ext; diff --git a/htdocs/compta/paiement/card.php b/htdocs/compta/paiement/card.php index 887fe2ec570..59da7387f62 100644 --- a/htdocs/compta/paiement/card.php +++ b/htdocs/compta/paiement/card.php @@ -342,7 +342,7 @@ if ($resql) print ''; print ''.$langs->trans('Bill').''; print ''.$langs->trans('Company').''; - if ($conf->global->MULTICOMPANY_INVOICE_SHARING_ENABLED)print ''.$langs->trans('Entity').''; + if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_INVOICE_SHARING_ENABLED)) print ''.$langs->trans('Entity').''; print ''.$langs->trans('ExpectedToPay').''; print ''.$langs->trans('PayedByThisPayment').''; print ''.$langs->trans('RemainderToPay').''; @@ -379,7 +379,7 @@ if ($resql) print ''; // Expected to pay - if ($conf->global->MULTICOMPANY_INVOICE_SHARING_ENABLED) { + if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_INVOICE_SHARING_ENABLED)) { print ''; $mc->getInfo($objp->entity); print $mc->label; diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index a2235097811..8a1b26e9d33 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -1576,7 +1576,7 @@ class Contact extends CommonObject public static function replaceThirdparty(DoliDB $db, $origin_id, $dest_id) { $tables = array( - 'socpeople' + 'socpeople', 'societe_contacts' ); return CommonObject::commonReplaceThirdparty($db, $origin_id, $dest_id, $tables); diff --git a/htdocs/datapolicy/class/datapolicycron.class.php b/htdocs/datapolicy/class/datapolicycron.class.php index 0d241f75334..ac364c78f30 100644 --- a/htdocs/datapolicy/class/datapolicycron.class.php +++ b/htdocs/datapolicy/class/datapolicycron.class.php @@ -470,15 +470,15 @@ class DataPolicyCron { $sql = sprintf($params['sql'], (int) $conf->entity, (int) $conf->global->$key, (int) $conf->global->$key); - $resql = $db->query($sql); + $resql = $this->db->query($sql); - if ($resql && $db->num_rows($resql) > 0) + if ($resql && $this->db->num_rows($resql) > 0) { - $num = $db->num_rows($resql); + $num = $this->db->num_rows($resql); $i = 0; require_once $params['file']; - $object = new $params['class']($db); + $object = new $params['class']($this->db); while ($i < $num && ! $error) { diff --git a/htdocs/expedition/class/expedition.class.php b/htdocs/expedition/class/expedition.class.php index 006db734a0a..f0b82a659ae 100644 --- a/htdocs/expedition/class/expedition.class.php +++ b/htdocs/expedition/class/expedition.class.php @@ -533,7 +533,7 @@ class Expedition extends CommonObject // Check parameters if (empty($id) && empty($ref) && empty($ref_ext) && empty($ref_int)) return -1; - $sql = "SELECT e.rowid, e.ref, e.fk_soc as socid, e.date_creation, e.ref_customer, e.ref_ext, e.ref_int, e.fk_user_author, e.fk_statut, e.fk_projet as fk_project, e.billed"; + $sql = "SELECT e.rowid, e.entity, e.ref, e.fk_soc as socid, e.date_creation, e.ref_customer, e.ref_ext, e.ref_int, e.fk_user_author, e.fk_statut, e.fk_projet as fk_project, e.billed"; $sql.= ", e.date_valid"; $sql.= ", e.weight, e.weight_units, e.size, e.size_units, e.width, e.height"; $sql.= ", e.date_expedition as date_expedition, e.model_pdf, e.fk_address, e.date_delivery"; @@ -562,6 +562,7 @@ class Expedition extends CommonObject $obj = $this->db->fetch_object($result); $this->id = $obj->rowid; + $this->entity = $obj->entity; $this->ref = $obj->ref; $this->socid = $obj->socid; $this->ref_customer = $obj->ref_customer; diff --git a/htdocs/societe/checkvat/checkVatPopup.php b/htdocs/societe/checkvat/checkVatPopup.php index 1d5fa1a1f2a..4b331a1ff83 100644 --- a/htdocs/societe/checkvat/checkVatPopup.php +++ b/htdocs/societe/checkvat/checkVatPopup.php @@ -28,9 +28,9 @@ require_once NUSOAP_PATH.'/nusoap.php'; $langs->load("companies"); //http://ec.europa.eu/taxation_customs/vies/checkVatService.wsdl -$WS_DOL_URL='http://ec.europa.eu/taxation_customs/vies/services/checkVatService'; +$WS_DOL_URL='https://ec.europa.eu/taxation_customs/vies/services/checkVatService'; //$WS_DOL_URL_WSDL=$WS_DOL_URL.'?wsdl'; -$WS_DOL_URL_WSDL='http://ec.europa.eu/taxation_customs/vies/checkVatService.wsdl'; +$WS_DOL_URL_WSDL='https://ec.europa.eu/taxation_customs/vies/checkVatService.wsdl'; $WS_METHOD ='checkVat'; diff --git a/scripts/cron/cron_run_jobs.php b/scripts/cron/cron_run_jobs.php index cb1313c3f70..3f01e4db171 100755 --- a/scripts/cron/cron_run_jobs.php +++ b/scripts/cron/cron_run_jobs.php @@ -176,11 +176,12 @@ if (is_array($qualifiedjobs) && (count($qualifiedjobs) > 0)) { // Force reload of setup for the current entity if ((empty($line->entity)?1:$line->entity) != $conf->entity) { - dol_syslog("cron_run_jobs.php we work on another entity conf than ".$conf->entity." so we reload user and conf", LOG_DEBUG); - echo " -> we change entity so we reload user and conf"; + dol_syslog("cron_run_jobs.php we work on another entity conf than ".$conf->entity." so we reload mysoc, langs, user and conf", LOG_DEBUG); + echo " -> we change entity so we reload mysoc, langs, user and conf"; $conf->entity = (empty($line->entity)?1:$line->entity); $conf->setValues($db); // This make also the $mc->setValues($conf); that reload $mc->sharings + $mysoc->setMysoc($conf); // Force recheck that user is ok for the entity to process and reload permission for entity if ($conf->entity != $user->entity && $user->entity != 0) @@ -203,6 +204,11 @@ if (is_array($qualifiedjobs) && (count($qualifiedjobs) > 0)) { } $user->getrights(); } + + // Reload langs + $langcode = (empty($conf->global->MAIN_LANG_DEFAULT)?'auto':$conf->global->MAIN_LANG_DEFAULT); + if (! empty($user->conf->MAIN_LANG_DEFAULT)) $langcode = $user->conf->MAIN_LANG_DEFAULT; + if ($langs->getDefaultLang() != $langcode) $langs->setDefaultLang($langcode); } //If date_next_jobs is less of current date, execute the program, and store the execution time of the next execution in database