diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php index 95d88c80c87..292fb55a29f 100644 --- a/htdocs/accountancy/class/accountancycategory.class.php +++ b/htdocs/accountancy/class/accountancycategory.class.php @@ -261,7 +261,7 @@ class AccountancyCategory // extends CommonObject $sql .= " t.active"; $sql .= " FROM ".MAIN_DB_PREFIX."c_accounting_category as t"; if ($id) { - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); } else { $sql .= " WHERE t.entity IN (".getEntity('c_accounting_category').")"; // Dont't use entity if you use rowid if ($code) { @@ -354,7 +354,7 @@ class AccountancyCategory // extends CommonObject $sql .= " position=".(isset($this->position) ? $this->position : "null").","; $sql .= " fk_country=".(isset($this->fk_country) ? $this->fk_country : "null").","; $sql .= " active=".(isset($this->active) ? $this->active : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -392,7 +392,7 @@ class AccountancyCategory // extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."c_accounting_category"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/accountancy/class/accountingaccount.class.php b/htdocs/accountancy/class/accountingaccount.class.php index d5fad9b8f60..a7d89c45294 100644 --- a/htdocs/accountancy/class/accountingaccount.class.php +++ b/htdocs/accountancy/class/accountingaccount.class.php @@ -414,7 +414,7 @@ class AccountingAccount extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."accounting_account"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete sql=".$sql); $resql = $this->db->query($sql); @@ -553,7 +553,7 @@ class AccountingAccount extends CommonObject { $sql = 'SELECT a.rowid, a.datec, a.fk_user_author, a.fk_user_modif, a.tms'; $sql .= ' FROM '.MAIN_DB_PREFIX.'accounting_account as a'; - $sql .= ' WHERE a.rowid = '.$id; + $sql .= ' WHERE a.rowid = '.((int) $id); dol_syslog(get_class($this).'::info sql='.$sql); $result = $this->db->query($sql); diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index 27a84270e95..7286e954d0e 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -729,7 +729,7 @@ class BookKeeping extends CommonObject if (null !== $ref) { $sql .= " AND t.ref = '".$this->db->escape($ref)."'"; } else { - $sql .= ' AND t.rowid = '.$id; + $sql .= ' AND t.rowid = '.((int) $id); } $resql = $this->db->query($sql); @@ -1262,7 +1262,7 @@ class BookKeeping extends CommonObject $sql .= ' code_journal = '.(isset($this->code_journal) ? "'".$this->db->escape($this->code_journal)."'" : "null").','; $sql .= ' journal_label = '.(isset($this->journal_label) ? "'".$this->db->escape($this->journal_label)."'" : "null").','; $sql .= ' piece_num = '.(isset($this->piece_num) ? $this->piece_num : "null"); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $this->db->begin(); @@ -1359,7 +1359,7 @@ class BookKeeping extends CommonObject if (!$error) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.$mode; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/accountancy/customer/card.php b/htdocs/accountancy/customer/card.php index 9807922c43f..1209576ddba 100644 --- a/htdocs/accountancy/customer/card.php +++ b/htdocs/accountancy/customer/card.php @@ -55,7 +55,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) { $sql = " UPDATE ".MAIN_DB_PREFIX."facturedet"; $sql .= " SET fk_code_ventilation = ".$codeventil; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); $resql = $db->query($sql); if (!$resql) { @@ -99,7 +99,7 @@ if (!empty($id)) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON l.fk_code_ventilation = aa.rowid"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture as f ON f.rowid = l.fk_facture"; - $sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".$id; + $sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".((int) $id); $sql .= " AND f.entity IN (".getEntity('invoice', 0).")"; // We don't share object for accountancy dol_syslog("/accounting/customer/card.php sql=".$sql, LOG_DEBUG); diff --git a/htdocs/accountancy/expensereport/card.php b/htdocs/accountancy/expensereport/card.php index d68326ad68e..f997f666e6e 100644 --- a/htdocs/accountancy/expensereport/card.php +++ b/htdocs/accountancy/expensereport/card.php @@ -59,7 +59,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) { $sql = " UPDATE ".MAIN_DB_PREFIX."expensereport_det"; $sql .= " SET fk_code_ventilation = ".$codeventil; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); $resql = $db->query($sql); if (!$resql) { @@ -101,7 +101,7 @@ if (!empty($id)) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_fees as f ON f.id = erd.fk_c_type_fees"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON erd.fk_code_ventilation = aa.rowid"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."expensereport as er ON er.rowid = erd.fk_expensereport"; - $sql .= " WHERE er.fk_statut > 0 AND erd.rowid = ".$id; + $sql .= " WHERE er.fk_statut > 0 AND erd.rowid = ".((int) $id); $sql .= " AND er.entity IN (".getEntity('expensereport', 0).")"; // We don't share object for accountancy dol_syslog("/accounting/expensereport/card.php sql=".$sql, LOG_DEBUG); diff --git a/htdocs/accountancy/index.php b/htdocs/accountancy/index.php index 5b2f807fcd7..242fc71d80c 100644 --- a/htdocs/accountancy/index.php +++ b/htdocs/accountancy/index.php @@ -1,7 +1,7 @@ * Copyright (C) 2016-2019 Alexandre Spangaro - * Copyright (C) 2019 Frédéric France + * Copyright (C) 2019-2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -220,7 +220,7 @@ if ($conf->accounting->enabled) { /* * Show boxes */ - $boxlist .= '
'; + $boxlist = '
'; $boxlist .= '
'; diff --git a/htdocs/accountancy/supplier/card.php b/htdocs/accountancy/supplier/card.php index 25a3fc04ca4..0d86b928a26 100644 --- a/htdocs/accountancy/supplier/card.php +++ b/htdocs/accountancy/supplier/card.php @@ -59,7 +59,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) { $sql = " UPDATE ".MAIN_DB_PREFIX."facture_fourn_det"; $sql .= " SET fk_code_ventilation = ".$codeventil; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); $resql = $db->query($sql); if (!$resql) { @@ -101,7 +101,7 @@ if (!empty($id)) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON l.fk_code_ventilation = aa.rowid"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture_fourn as f ON f.rowid = l.fk_facture_fourn "; - $sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".$id; + $sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".((int) $id); $sql .= " AND f.entity IN (".getEntity('facture_fourn', 0).")"; // We don't share object for accountancy dol_syslog("/accounting/supplier/card.php sql=".$sql, LOG_DEBUG); diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 43447665b94..6429f86311a 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -2085,9 +2085,9 @@ class Adherent extends CommonObject } $label .= '
'; - $url = DOL_URL_ROOT.'/adherents/card.php?rowid='.$this->id; + $url = DOL_URL_ROOT.'/adherents/card.php?rowid='.((int) $this->id); if ($option == 'subscription') { - $url = DOL_URL_ROOT.'/adherents/subscription.php?rowid='.$this->id; + $url = DOL_URL_ROOT.'/adherents/subscription.php?rowid='.((int) $this->id); } if ($option != 'nolink') { @@ -2216,7 +2216,7 @@ class Adherent extends CommonObject $statusType = 'status1'; $labelStatus = $langs->trans("MemberStatusActive"); $labelStatusShort = $langs->trans("MemberStatusActiveShort"); - } elseif ($date_end_subscription < time()) { + } elseif ($date_end_subscription < dol_now()) { $statusType = 'status3'; $labelStatus = $langs->trans("MemberStatusActiveLate"); $labelStatusShort = $langs->trans("MemberStatusActiveLateShort"); @@ -2644,7 +2644,7 @@ class Adherent extends CommonObject $sql .= ' a.tms as datem,'; $sql .= ' a.fk_user_author, a.fk_user_valid, a.fk_user_mod'; $sql .= ' FROM '.MAIN_DB_PREFIX.'adherent as a'; - $sql .= ' WHERE a.rowid = '.$id; + $sql .= ' WHERE a.rowid = '.((int) $id); dol_syslog(get_class($this)."::info", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/adherents/class/adherent_type.class.php b/htdocs/adherents/class/adherent_type.class.php index 40e3e97deb4..9acecaab1ce 100644 --- a/htdocs/adherents/class/adherent_type.class.php +++ b/htdocs/adherents/class/adherent_type.class.php @@ -623,7 +623,7 @@ class AdherentType extends CommonObject $label .= '
'.$langs->trans("SubscriptionRequired").': '.yn($this->subscription); } - $linkstart = ''; + $linkstart = ''; $linkend = ''; $result .= $linkstart; diff --git a/htdocs/adherents/class/subscription.class.php b/htdocs/adherents/class/subscription.class.php index dff127d6d2b..65b01991100 100644 --- a/htdocs/adherents/class/subscription.class.php +++ b/htdocs/adherents/class/subscription.class.php @@ -417,7 +417,7 @@ class Subscription extends CommonObject $label .= '
'.$langs->trans('DateEnd').': '.dol_print_date($this->datef, 'day'); } - $url = DOL_URL_ROOT.'/adherents/subscription/card.php?rowid='.$this->id; + $url = DOL_URL_ROOT.'/adherents/subscription/card.php?rowid='.((int) $this->id); if ($option != 'nolink') { // Add param to save lastsearch_values or not @@ -483,7 +483,7 @@ class Subscription extends CommonObject $sql = 'SELECT c.rowid, c.datec,'; $sql .= ' c.tms as datem'; $sql .= ' FROM '.MAIN_DB_PREFIX.'subscription as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/adherents/index.php b/htdocs/adherents/index.php index 7ec39b7eda8..4a4724593e4 100644 --- a/htdocs/adherents/index.php +++ b/htdocs/adherents/index.php @@ -79,10 +79,10 @@ $subscriptionstatic = new Subscription($db); print load_fiche_titre($langs->trans("MembersArea"), $resultboxes['selectboxlist'], 'members'); -$Adherents = array(); -$AdherentsAValider = array(); -$MemberUpToDate = array(); -$AdherentsResilies = array(); +$MembersValidated = array(); +$MembersToValidate = array(); +$MembersUpToDate = array(); +$MembersResiliated = array(); $AdherentType = array(); @@ -111,7 +111,7 @@ if ($result) { $AdherentType[$objp->rowid] = $adhtype; if ($objp->statut == -1) { - $MemberToValidate[$objp->rowid] = $objp->somme; + $MembersToValidate[$objp->rowid] = $objp->somme; } if ($objp->statut == 1) { $MembersValidated[$objp->rowid] = $objp->somme; @@ -144,7 +144,7 @@ if ($result) { $i = 0; while ($i < $num) { $objp = $db->fetch_object($result); - $MemberUpToDate[$objp->fk_adherent_type] = $objp->somme; + $MembersUpToDate[$objp->fk_adherent_type] = $objp->somme; $i++; } $db->free(); @@ -202,13 +202,13 @@ if ($conf->use_javascript_ajax) { $dataval = array(); $i = 0; foreach ($AdherentType as $key => $adhtype) { - $dataval['draft'][] = array($i, isset($MemberToValidate[$key]) ? $MemberToValidate[$key] : 0); - $dataval['notuptodate'][] = array($i, isset($MembersValidated[$key]) ? $MembersValidated[$key] - (isset($MemberUpToDate[$key]) ? $MemberUpToDate[$key] : 0) : 0); - $dataval['uptodate'][] = array($i, isset($MemberUpToDate[$key]) ? $MemberUpToDate[$key] : 0); + $dataval['draft'][] = array($i, isset($MembersToValidate[$key]) ? $MembersToValidate[$key] : 0); + $dataval['notuptodate'][] = array($i, isset($MembersValidated[$key]) ? $MembersValidated[$key] - (isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0) : 0); + $dataval['uptodate'][] = array($i, isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0); $dataval['resiliated'][] = array($i, isset($MembersResiliated[$key]) ? $MembersResiliated[$key] : 0); - $SommeA += isset($MemberToValidate[$key]) ? $MemberToValidate[$key] : 0; - $SommeB += isset($MembersValidated[$key]) ? $MembersValidated[$key] - (isset($MemberUpToDate[$key]) ? $MemberUpToDate[$key] : 0) : 0; - $SommeC += isset($MemberUpToDate[$key]) ? $MemberUpToDate[$key] : 0; + $SommeA += isset($MembersToValidate[$key]) ? $MembersToValidate[$key] : 0; + $SommeB += isset($MembersValidated[$key]) ? $MembersValidated[$key] - (isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0) : 0; + $SommeC += isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0; $SommeD += isset($MembersResiliated[$key]) ? $MembersResiliated[$key] : 0; $i++; } @@ -476,9 +476,9 @@ print "\n"; foreach ($AdherentType as $key => $adhtype) { print ''; print ''.$adhtype->getNomUrl(1, dol_size(32)).''; - print ''.(isset($MemberToValidate[$key]) && $MemberToValidate[$key] > 0 ? $MemberToValidate[$key] : '').' '.$staticmember->LibStatut(-1, $adhtype->subscription, 0, 3).''; - print ''.(isset($MembersValidated[$key]) && ($MembersValidated[$key] - (isset($MemberUpToDate[$key]) ? $MemberUpToDate[$key] : 0) > 0) ? $MembersValidated[$key] - (isset($MemberUpToDate[$key]) ? $MemberUpToDate[$key] : 0) : '').' '.$staticmember->LibStatut(1, $adhtype->subscription, 0, 3).''; - print ''.(isset($MemberUpToDate[$key]) && $MemberUpToDate[$key] > 0 ? $MemberUpToDate[$key] : '').' '.$staticmember->LibStatut(1, $adhtype->subscription, $now, 3).''; + print ''.(isset($MembersToValidate[$key]) && $MembersToValidate[$key] > 0 ? $MembersToValidate[$key] : '').' '.$staticmember->LibStatut(-1, $adhtype->subscription, 0, 3).''; + print ''.(isset($MembersValidated[$key]) && ($MembersValidated[$key] - (isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0) > 0) ? $MembersValidated[$key] - (isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0) : '').' '.$staticmember->LibStatut(1, $adhtype->subscription, 0, 3).''; + print ''.(isset($MembersUpToDate[$key]) && $MembersUpToDate[$key] > 0 ? $MembersUpToDate[$key] : '').' '.$staticmember->LibStatut(1, $adhtype->subscription, $now, 3).''; print ''.(isset($MembersResiliated[$key]) && $MembersResiliated[$key] > 0 ? $MembersResiliated[$key] : '').' '.$staticmember->LibStatut(0, $adhtype->subscription, 0, 3).''; print "\n"; } diff --git a/htdocs/admin/eventorganization_confbooth_extrafields.php b/htdocs/admin/eventorganization_confbooth_extrafields.php index 4e45b0fddc3..4b6f9bdc46a 100644 --- a/htdocs/admin/eventorganization_confbooth_extrafields.php +++ b/htdocs/admin/eventorganization_confbooth_extrafields.php @@ -60,7 +60,7 @@ require DOL_DOCUMENT_ROOT.'/core/actions_extrafields.inc.php'; */ -llxHeader('', $langs->trans("EventOrganizationSetup"), $help_url); +llxHeader('', $langs->trans("EventOrganizationSetup")); $linkback = ''.$langs->trans("BackToModuleList").''; diff --git a/htdocs/admin/index.php b/htdocs/admin/index.php index c16a01e5816..d94c8a3fffd 100644 --- a/htdocs/admin/index.php +++ b/htdocs/admin/index.php @@ -81,7 +81,7 @@ print '
'; if (empty($conf->global->MAIN_INFO_SOCIETE_NOM) || empty($conf->global->MAIN_INFO_SOCIETE_COUNTRY)) { $setupcompanynotcomplete = 1; } -print img_picto('', 'puce').' '.$langs->trans("SetupDescription3", DOL_URL_ROOT.'/admin/company.php?mainmenu=home'.(empty($setupcompanynotcomplete) ? '' : '&action=edit'), $langs->transnoentities("Setup"), $langs->transnoentities("MenuCompanySetup")); +print img_picto('', 'company', 'class="paddingright"').' '.$langs->trans("SetupDescription3", DOL_URL_ROOT.'/admin/company.php?mainmenu=home'.(empty($setupcompanynotcomplete) ? '' : '&action=edit'), $langs->transnoentities("Setup"), $langs->transnoentities("MenuCompanySetup")); if (!empty($setupcompanynotcomplete)) { $langs->load("errors"); $warnpicto = img_warning($langs->trans("WarningMandatorySetupNotComplete"), 'style="padding-right: 6px;"'); @@ -92,7 +92,7 @@ print '
'; print '
'; // Show info setup module -print img_picto('', 'puce').' '.$langs->trans("SetupDescription4", DOL_URL_ROOT.'/admin/modules.php?mainmenu=home', $langs->transnoentities("Setup"), $langs->transnoentities("Modules")); +print img_picto('', 'cog', 'class="paddingright"').' '.$langs->trans("SetupDescription4", DOL_URL_ROOT.'/admin/modules.php?mainmenu=home', $langs->transnoentities("Setup"), $langs->transnoentities("Modules")); if (count($conf->modules) <= (empty($conf->global->MAIN_MIN_NB_ENABLED_MODULE_FOR_WARNING) ? 1 : $conf->global->MAIN_MIN_NB_ENABLED_MODULE_FOR_WARNING)) { // If only user module enabled $langs->load("errors"); $warnpicto = img_warning($langs->trans("WarningEnableYourModulesApplications"), 'style="padding-right: 6px;"'); diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index a5867d63553..5cf852fdacb 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -464,7 +464,7 @@ asort($orders); $nbofactivatedmodules = count($conf->modules); $moreinfo = $langs->trans("TitleNumberOfActivatedModules"); -$moreinfo2 = ($nbofactivatedmodules - 1)." / ".count($modules); +$moreinfo2 = ''.($nbofactivatedmodules - 1).' / '.count($modules).''; if ($nbofactivatedmodules <= 1) { $moreinfo2 .= ' '.img_warning($langs->trans("YouMustEnableOneModule")); } @@ -476,16 +476,16 @@ $deschelp = ''; if ($mode == 'common' || $mode == 'commonkanban') { $desc = $langs->trans("ModulesDesc", '{picto}'); $desc = str_replace('{picto}', img_picto('', 'switch_off'), $desc); - $deschelp = ''.$desc."

\n"; + $deschelp = '
'.$desc."

\n"; } if ($mode == 'marketplace') { - $deschelp = ''.$langs->trans("ModulesMarketPlaceDesc")."

\n"; + //$deschelp = '
'.$langs->trans("ModulesMarketPlaceDesc")."

\n"; } if ($mode == 'deploy') { - $deschelp = ''.$langs->trans("ModulesDeployDesc", $langs->transnoentitiesnoconv("AvailableModules"))."

\n"; + $deschelp = '
'.$langs->trans("ModulesDeployDesc", $langs->transnoentitiesnoconv("AvailableModules"))."

\n"; } if ($mode == 'develop') { - $deschelp = ''.$langs->trans("ModulesDevelopDesc")."

\n"; + $deschelp = '
'.$langs->trans("ModulesDevelopDesc")."

\n"; } $head = modules_prepare_head(); @@ -521,11 +521,11 @@ if ($mode == 'common' || $mode == 'commonkanban') { $moreforfilter .= dolGetButtonTitle($langs->trans('ViewList'), '', 'fa fa-list-alt imgforviewmode', $_SERVER["PHP_SELF"].'?mode=common'.$param, '', 1, array('morecss'=>'reposition'.($mode == 'commonkanban' ? '' : ' btnTitleSelected'))); $moreforfilter .= '
'; - $moreforfilter .= '
'.$moreinfo.'
'.$moreinfo2.'
'; + $moreforfilter .= '
'.$moreinfo.' '.$moreinfo2.'
'; $moreforfilter .= '
'; $moreforfilter .= '
'; - $moreforfilter .= img_picto($langs->trans("Filter"), 'filter', 'class="paddingright opacitymedium"').''; + $moreforfilter .= img_picto($langs->trans("Filter"), 'filter', 'class="paddingright opacityhigh"').''; $moreforfilter .= '
'; $moreforfilter .= '
'; $moreforfilter .= $form->selectarray('search_nature', $arrayofnatures, dol_escape_htmltag($search_nature), $langs->trans('Origin'), 0, 0, '', 0, 0, 0, '', 'maxwidth200', 1); @@ -745,7 +745,7 @@ if ($mode == 'common' || $mode == 'commonkanban') { } } else { if (!empty($objMod->warnings_unactivation[$mysoc->country_code]) && method_exists($objMod, 'alreadyUsed') && $objMod->alreadyUsed()) { - $codeenabledisable .= 'warnings_unactivation[$mysoc->country_code].'&value='.$modName.'&mode='.$mode.$param.'">'; + $codeenabledisable .= 'warnings_unactivation[$mysoc->country_code]).'&value='.$modName.'&mode='.$mode.$param.'">'; $codeenabledisable .= img_picto($langs->trans("Activated"), 'switch_on'); $codeenabledisable .= ''; } else { @@ -762,13 +762,13 @@ if ($mode == 'common' || $mode == 'commonkanban') { $backtourlparam .= ($backtourlparam ? '&' : '?').'search_keyword='.$search_keyword; // No urlencode here, done later } if ($search_nature > -1) { - $backtourlparam .= ($backtourlparam ? '&' : '?').'search_nature='.$search_nature; + $backtourlparam .= ($backtourlparam ? '&' : '?').'search_nature='.$search_nature; // No urlencode here, done later } if ($search_version > -1) { - $backtourlparam .= ($backtourlparam ? '&' : '?').'search_version='.$search_version; + $backtourlparam .= ($backtourlparam ? '&' : '?').'search_version='.$search_version; // No urlencode here, done later } if ($search_status > -1) { - $backtourlparam .= ($backtourlparam ? '&' : '?').'search_status='.$search_status; + $backtourlparam .= ($backtourlparam ? '&' : '?').'search_status='.$search_status; // No urlencode here, done later } $backtourl = $_SERVER["PHP_SELF"].$backtourlparam; @@ -955,7 +955,7 @@ if ($mode == 'marketplace') { print ''."\n"; $url = 'https://www.dolistore.com'; print ''; - print ''.$langs->trans("DoliStoreDesc").''; + print ''.$langs->trans("DoliStoreDesc").''; print ''.$url.''; print ''; diff --git a/htdocs/asset/class/asset.class.php b/htdocs/asset/class/asset.class.php index 48f66ae5ccf..66cd9bcb4cf 100644 --- a/htdocs/asset/class/asset.class.php +++ b/htdocs/asset/class/asset.class.php @@ -414,7 +414,7 @@ class Asset extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/asset/class/asset_type.class.php b/htdocs/asset/class/asset_type.class.php index 7354b8dfd15..6b345aaef68 100644 --- a/htdocs/asset/class/asset_type.class.php +++ b/htdocs/asset/class/asset_type.class.php @@ -397,7 +397,7 @@ class AssetType extends CommonObject $result = ''; $label = $langs->trans("ShowTypeCard", $this->label); - $linkstart = ''; + $linkstart = ''; $linkend = ''; $result .= $linkstart; diff --git a/htdocs/blockedlog/class/authority.class.php b/htdocs/blockedlog/class/authority.class.php index 0913223da0d..9fc10fdc59e 100644 --- a/htdocs/blockedlog/class/authority.class.php +++ b/htdocs/blockedlog/class/authority.class.php @@ -161,7 +161,7 @@ class BlockedLogAuthority $sql .= " FROM ".MAIN_DB_PREFIX."blockedlog_authority as b"; if ($id) { - $sql .= " WHERE b.rowid = ".$id; + $sql .= " WHERE b.rowid = ".((int) $id); } elseif ($signature) { $sql .= " WHERE b.signature = '".$this->db->escape($signature)."'"; } @@ -259,7 +259,7 @@ class BlockedLogAuthority $sql = "UPDATE ".MAIN_DB_PREFIX."blockedlog_authority SET "; $sql .= " blockchain='".$this->db->escape($this->blockchain)."'"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $res = $this->db->query($sql); if ($res) { diff --git a/htdocs/blockedlog/class/blockedlog.class.php b/htdocs/blockedlog/class/blockedlog.class.php index 69ba6cd1308..366d7042d77 100644 --- a/htdocs/blockedlog/class/blockedlog.class.php +++ b/htdocs/blockedlog/class/blockedlog.class.php @@ -796,7 +796,7 @@ class BlockedLog public function setCertified() { - $res = $this->db->query("UPDATE ".MAIN_DB_PREFIX."blockedlog SET certified=1 WHERE rowid=".$this->id); + $res = $this->db->query("UPDATE ".MAIN_DB_PREFIX."blockedlog SET certified=1 WHERE rowid=".((int) $this->id)); if ($res === false) { return false; } diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index db1abb28c42..b3af3a43fd2 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -892,7 +892,7 @@ class BOM extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { @@ -1469,7 +1469,7 @@ class BOMLine extends CommonObjectLine $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/bom/lib/bom.lib.php b/htdocs/bom/lib/bom.lib.php index a5be872a096..8f3cadeedc2 100644 --- a/htdocs/bom/lib/bom.lib.php +++ b/htdocs/bom/lib/bom.lib.php @@ -1,6 +1,6 @@ - * Copyright (C) 2019 Frédéric France + * Copyright (C) 2019-2021 Frédéric France * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -41,17 +41,11 @@ function bomAdminPrepareHead() $head[$h][2] = 'settings'; $h++; - $head[$h][0] = dol_buildpath("/admin/bom_extrafields.php", 1); + $head[$h][0] = DOL_URL_ROOT."/admin/bom_extrafields.php"; $head[$h][1] = $langs->trans("ExtraFields"); $head[$h][2] = 'bom_extrafields'; $h++; - /*$head[$h][0] = DOL_URL_ROOT."/bom/admin/about.php"; - $head[$h][1] = $langs->trans("About"); - $head[$h][2] = 'about'; - $h++; - */ - // Show more tabs from modules // Entries must be declared in modules descriptor with line //$this->tabs = array( diff --git a/htdocs/bookmarks/class/bookmark.class.php b/htdocs/bookmarks/class/bookmark.class.php index f5bbefae3d3..4fe8c3cee83 100644 --- a/htdocs/bookmarks/class/bookmark.class.php +++ b/htdocs/bookmarks/class/bookmark.class.php @@ -117,7 +117,7 @@ class Bookmark extends CommonObject $sql = "SELECT rowid, fk_user, dateb as datec, url, target,"; $sql .= " title, position, favicon"; $sql .= " FROM ".MAIN_DB_PREFIX."bookmark"; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); $sql .= " AND entity = ".$conf->entity; dol_syslog("Bookmark::fetch", LOG_DEBUG); @@ -239,7 +239,7 @@ class Bookmark extends CommonObject public function remove($id) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."bookmark"; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog("Bookmark::remove", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index d83bc794baa..ba8ffe0e89f 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -323,8 +323,8 @@ class Categorie extends CommonObject $sql = "SELECT rowid, fk_parent, entity, label, description, color, fk_soc, visible, type, ref_ext"; $sql .= ", date_creation, tms, fk_user_creat, fk_user_modif"; $sql .= " FROM ".MAIN_DB_PREFIX."categorie"; - if ($id > 0) { - $sql .= " WHERE rowid = ".$id; + if ($id) { + $sql .= " WHERE rowid = ".((int) $id); } elseif (!empty($ref_ext)) { $sql .= " WHERE ref_ext LIKE '".$this->db->escape($ref_ext)."'"; } else { diff --git a/htdocs/categories/index.php b/htdocs/categories/index.php index aa2dc20e2b2..6ca392aef47 100644 --- a/htdocs/categories/index.php +++ b/htdocs/categories/index.php @@ -5,6 +5,7 @@ * Copyright (C) 2007 Patrick Raguin * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2015 Raphaël Doursenaud + * Copyright (C) 2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -151,7 +152,7 @@ $cate_arbo = $categstatic->get_full_arbo($typetext); $fulltree = $cate_arbo; // Load possible missing includes -if ($conf->global->CATEGORY_SHOW_COUNTS) { +if (!empty($conf->global->CATEGORY_SHOW_COUNTS)) { if ($type == Categorie::TYPE_MEMBER) { require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; } @@ -177,7 +178,7 @@ foreach ($fulltree as $key => $val) { $desc = dol_htmlcleanlastbr($val['description']); $counter = ''; - if ($conf->global->CATEGORY_SHOW_COUNTS) { + if (!empty($conf->global->CATEGORY_SHOW_COUNTS)) { // we need only a count of the elements, so it is enough to consume only the id's from the database $elements = $type == Categorie::TYPE_ACCOUNT ? $categstatic->getObjectsInCateg("account", 1) // Categorie::TYPE_ACCOUNT is "bank_account" instead of "account" diff --git a/htdocs/categories/info.php b/htdocs/categories/info.php index 5666664b848..f5b54f50de9 100644 --- a/htdocs/categories/info.php +++ b/htdocs/categories/info.php @@ -71,11 +71,11 @@ $title = Categorie::$MAP_TYPE_TITLE_AREA[$type]; $head = categories_prepare_head($object, $type); print dol_get_fiche_head($head, 'info', $langs->trans($title), -1, 'category'); -$backtolist = (GETPOST('backtolist') ? GETPOST('backtolist') : DOL_URL_ROOT.'/categories/index.php?leftmenu=cat&type='.$type); -$linkback = ''.$langs->trans("BackToList").''; +$backtolist = (GETPOST('backtolist') ? GETPOST('backtolist') : DOL_URL_ROOT.'/categories/index.php?leftmenu=cat&type='.urlencode($type)); +$linkback = ''.$langs->trans("BackToList").''; $object->next_prev_filter = ' type = '.$object->type; $object->ref = $object->label; -$morehtmlref = '
'.$langs->trans("Root").' >> '; +$morehtmlref = '
'.$langs->trans("Root").' >> '; $ways = $object->print_all_ways(" >> ", '', 1); foreach ($ways as $way) { $morehtmlref .= $way."
\n"; diff --git a/htdocs/categories/photos.php b/htdocs/categories/photos.php index cfc722df83f..c7e574939ff 100644 --- a/htdocs/categories/photos.php +++ b/htdocs/categories/photos.php @@ -108,7 +108,8 @@ if ($object->id) { $head = categories_prepare_head($object, $type); print dol_get_fiche_head($head, 'photos', $langs->trans($title), -1, 'category'); - $linkback = ''.$langs->trans("BackToList").''; + $backtolist = (GETPOST('backtolist') ? GETPOST('backtolist') : DOL_URL_ROOT.'/categories/index.php?leftmenu=cat&type='.urlencode($type)); + $linkback = ''.$langs->trans("BackToList").''; $object->next_prev_filter = ' type = '.$object->type; $object->ref = $object->label; $morehtmlref = '
'.$langs->trans("Root").' >> '; diff --git a/htdocs/categories/traduction.php b/htdocs/categories/traduction.php index 9f2ed6936ef..de59aca376d 100644 --- a/htdocs/categories/traduction.php +++ b/htdocs/categories/traduction.php @@ -184,7 +184,8 @@ if (!empty($object->multilangs)) { print dol_get_fiche_head($head, 'translation', $langs->trans($title), -1, 'category'); -$linkback = ''.$langs->trans("BackToList").''; +$backtolist = (GETPOST('backtolist') ? GETPOST('backtolist') : DOL_URL_ROOT.'/categories/index.php?leftmenu=cat&type='.urlencode($type)); +$linkback = ''.$langs->trans("BackToList").''; $object->next_prev_filter = ' type = '.$object->type; $object->ref = $object->label; $morehtmlref = '
'.$langs->trans("Root").' >> '; diff --git a/htdocs/categories/viewcat.php b/htdocs/categories/viewcat.php index 7f19194a3c3..dedb368202d 100644 --- a/htdocs/categories/viewcat.php +++ b/htdocs/categories/viewcat.php @@ -215,18 +215,18 @@ $title = Categorie::$MAP_TYPE_TITLE_AREA[$type]; $head = categories_prepare_head($object, $type); print dol_get_fiche_head($head, 'card', $langs->trans($title), -1, 'category'); -$backtolist = (GETPOST('backtolist') ? GETPOST('backtolist') : DOL_URL_ROOT.'/categories/index.php?leftmenu=cat&type='.$type); -$linkback = ''.$langs->trans("BackToList").''; +$backtolist = (GETPOST('backtolist') ? GETPOST('backtolist') : DOL_URL_ROOT.'/categories/index.php?leftmenu=cat&type='.urlencode($type)); +$linkback = ''.$langs->trans("BackToList").''; $object->next_prev_filter = ' type = '.$object->type; $object->ref = $object->label; -$morehtmlref = '
'.$langs->trans("Root").' >> '; +$morehtmlref = '
'.$langs->trans("Root").' >> '; $ways = $object->print_all_ways(" >> ", '', 1); foreach ($ways as $way) { $morehtmlref .= $way."
\n"; } $morehtmlref .= '
'; -dol_banner_tab($object, 'label', $linkback, ($user->socid ? 0 : 1), 'label', 'label', $morehtmlref, '&type='.$type, 0, '', '', 1); +dol_banner_tab($object, 'label', $linkback, ($user->socid ? 0 : 1), 'label', 'label', $morehtmlref, '&type='.urlencode($type), 0, '', '', 1); /* diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index a125dc466f8..3616de126be 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -7,7 +7,7 @@ * Copyright (C) 2014 Cedric GROSS * Copyright (C) 2015 Marcos García * Copyright (C) 2017 Open-DSI - * Copyright (C) 2018 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -258,7 +258,13 @@ if (empty($conf->global->AGENDA_DISABLE_EXT)) { $buggedfile = 'AGENDA_EXT_BUGGEDFILE'.$i; if (!empty($conf->global->$source) && !empty($conf->global->$name)) { // Note: $conf->global->buggedfile can be empty or 'uselocalandtznodaylight' or 'uselocalandtzdaylight' - $listofextcals[] = array('src'=>$conf->global->$source, 'name'=>$conf->global->$name, 'offsettz'=>$conf->global->$offsettz, 'color'=>$conf->global->$color, 'buggedfile'=>(isset($conf->global->buggedfile) ? $conf->global->buggedfile : 0)); + $listofextcals[] = array( + 'src'=>$conf->global->$source, + 'name'=>$conf->global->$name, + 'offsettz' => (!empty($conf->global->$offsettz) ? $conf->global->$offsettz : 0), + 'color'=>$conf->global->$color, + 'buggedfile'=>(isset($conf->global->buggedfile) ? $conf->global->buggedfile : 0) + ); } } } @@ -275,7 +281,13 @@ if (empty($user->conf->AGENDA_DISABLE_EXT)) { $buggedfile = 'AGENDA_EXT_BUGGEDFILE_'.$user->id.'_'.$i; if (!empty($user->conf->$source) && !empty($user->conf->$name)) { // Note: $conf->global->buggedfile can be empty or 'uselocalandtznodaylight' or 'uselocalandtzdaylight' - $listofextcals[] = array('src'=>$user->conf->$source, 'name'=>$user->conf->$name, 'offsettz'=>$user->conf->$offsettz, 'color'=>$user->conf->$color, 'buggedfile'=>(isset($user->conf->buggedfile) ? $user->conf->buggedfile : 0)); + $listofextcals[] = array( + 'src'=>$user->conf->$source, + 'name'=>$user->conf->$name, + 'offsettz' => (!empty($user->conf->$offsettz) ? $user->conf->$offsettz : 0), + 'color'=>$user->conf->$color, + 'buggedfile'=>(isset($user->conf->buggedfile) ? $user->conf->buggedfile : 0) + ); } } } diff --git a/htdocs/comm/action/rapport/index.php b/htdocs/comm/action/rapport/index.php index 44bd8547e8a..908819e1d1a 100644 --- a/htdocs/comm/action/rapport/index.php +++ b/htdocs/comm/action/rapport/index.php @@ -38,6 +38,7 @@ $action = GETPOST('action', 'aZ09'); $month = GETPOST('month', 'int'); $year = GETPOST('year', 'int'); +$optioncss = GETPOST('optioncss', 'alpha'); $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); $sortorder = GETPOST("sortorder", 'alpha'); diff --git a/htdocs/comm/mailing/class/advtargetemailing.class.php b/htdocs/comm/mailing/class/advtargetemailing.class.php index 719ec5b6c49..c811b673197 100644 --- a/htdocs/comm/mailing/class/advtargetemailing.class.php +++ b/htdocs/comm/mailing/class/advtargetemailing.class.php @@ -228,7 +228,7 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " t.tms"; $sql .= " FROM ".MAIN_DB_PREFIX."advtargetemailing as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); $resql = $this->db->query($sql); @@ -419,7 +419,7 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " filtervalue=".(isset($this->filtervalue) ? "'".$this->db->escape($this->filtervalue)."'" : "null").","; $sql .= " fk_user_mod=".$user->id; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); @@ -459,7 +459,7 @@ class AdvanceTargetingMailing extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."advtargetemailing"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete sql=".$sql); $resql = $this->db->query($sql); diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index af77b56bc15..197c9c7074f 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -1644,7 +1644,7 @@ class Propal extends CommonObject $sql .= " note_public=".(isset($this->note_public) ? "'".$this->db->escape($this->note_public)."'" : "null").","; $sql .= " model_pdf=".(isset($this->model_pdf) ? "'".$this->db->escape($this->model_pdf)."'" : "null").","; $sql .= " import_key=".(isset($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -2996,7 +2996,7 @@ class Propal extends CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.'propal'; $sql .= ' SET fk_availability = '.$availability_id; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__.' availability('.$availability_id.')', LOG_DEBUG); $resql = $this->db->query($sql); @@ -3060,7 +3060,7 @@ class Propal extends CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.'propal'; $sql .= ' SET fk_input_reason = '.$demand_reason_id; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__.' demand_reason('.$demand_reason_id.')', LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index 4d5f75c7c24..cc744f9eb56 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -1060,7 +1060,7 @@ class Commande extends CommonOrder $initialref = $this->ref; } - $sql = 'UPDATE '.MAIN_DB_PREFIX."commande SET ref='".$this->db->escape($initialref)."' WHERE rowid=".$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX."commande SET ref='".$this->db->escape($initialref)."' WHERE rowid=".((int) $this->id); if ($this->db->query($sql)) { $this->ref = $initialref; @@ -2741,7 +2741,7 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; $sql .= ' SET fk_availability = '.$availability_id; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2805,7 +2805,7 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; $sql .= ' SET fk_input_reason = '.$demand_reason_id; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -3310,7 +3310,7 @@ class Commande extends CommonOrder $sql .= " model_pdf=".(isset($this->model_pdf) ? "'".$this->db->escape($this->model_pdf)."'" : "null").","; $sql .= " import_key=".(isset($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -3763,7 +3763,7 @@ class Commande extends CommonOrder $sql .= ' date_cloture as datecloture,'; $sql .= ' fk_user_author, fk_user_valid, fk_user_cloture'; $sql .= ' FROM '.MAIN_DB_PREFIX.'commande as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/compta/accounting-files.php b/htdocs/compta/accounting-files.php index 29f1fb5ca3e..596abdf0e97 100644 --- a/htdocs/compta/accounting-files.php +++ b/htdocs/compta/accounting-files.php @@ -694,7 +694,7 @@ if (!empty($date_start) && !empty($date_stop)) { } elseif ($data['item'] == 'SalaryPayment') { $salary_payment->id = $data['id']; $salary_payment->ref = $data['ref']; - print $salary_payment->getNomUrl(1, '', 0, '', 0); + print $salary_payment->getNomUrl(1); } elseif ($data['item'] == 'Donation') { $don->id = $data['id']; $don->ref = $data['ref']; diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index 7cabbc98500..16e26b9bc94 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -2271,7 +2271,7 @@ class AccountLine extends CommonObject $sql = 'SELECT b.rowid, b.datec, b.tms as datem,'; $sql .= ' b.fk_user_author, b.fk_user_rappro'; $sql .= ' FROM '.MAIN_DB_PREFIX.'bank as b'; - $sql .= ' WHERE b.rowid = '.$id; + $sql .= ' WHERE b.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { @@ -2319,7 +2319,7 @@ class AccountLine extends CommonObject $label = img_picto('', $this->picto).' '.$langs->trans("Transaction").':
'; $label .= ''.$langs->trans("Ref").': '.$this->ref; - $linkstart = ''; + $linkstart = ''; $linkend = ''; $result .= $linkstart; diff --git a/htdocs/compta/bank/class/bankcateg.class.php b/htdocs/compta/bank/class/bankcateg.class.php index be023fe630c..ccf5828d40a 100644 --- a/htdocs/compta/bank/class/bankcateg.class.php +++ b/htdocs/compta/bank/class/bankcateg.class.php @@ -126,7 +126,7 @@ class BankCateg // extends CommonObject $sql .= " t.rowid,"; $sql .= " t.label"; $sql .= " FROM ".MAIN_DB_PREFIX."bank_categ as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); $sql .= " AND t.entity = ".$conf->entity; dol_syslog(get_class($this)."::fetch", LOG_DEBUG); @@ -170,7 +170,7 @@ class BankCateg // extends CommonObject // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."bank_categ SET"; $sql .= " label=".(isset($this->label) ? "'".$this->db->escape($this->label)."'" : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $this->db->begin(); @@ -237,7 +237,7 @@ class BankCateg // extends CommonObject // Delete bank categ if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_categ"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/compta/bank/class/paymentvarious.class.php b/htdocs/compta/bank/class/paymentvarious.class.php index 8be1c392426..dccdcd5cd24 100644 --- a/htdocs/compta/bank/class/paymentvarious.class.php +++ b/htdocs/compta/bank/class/paymentvarious.class.php @@ -214,7 +214,7 @@ class PaymentVarious extends CommonObject $sql .= " fk_bank=".($this->fk_bank > 0 ? $this->fk_bank : "null").","; $sql .= " fk_user_author=".(int) $this->fk_user_author.","; $sql .= " fk_user_modif=".(int) $this->fk_user_modif; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -274,7 +274,7 @@ class PaymentVarious extends CommonObject $sql .= " b.rappro"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_various as v"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON v.fk_bank = b.rowid"; - $sql .= " WHERE v.rowid = ".$id; + $sql .= " WHERE v.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -334,7 +334,7 @@ class PaymentVarious extends CommonObject $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_various"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); @@ -742,7 +742,7 @@ class PaymentVarious extends CommonObject { $sql = 'SELECT v.rowid, v.datec, v.fk_user_author'; $sql .= ' FROM '.MAIN_DB_PREFIX.'payment_various as v'; - $sql .= ' WHERE v.rowid = '.$id; + $sql .= ' WHERE v.rowid = '.((int) $id); dol_syslog(get_class($this).'::info', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/cashcontrol/class/cashcontrol.class.php b/htdocs/compta/cashcontrol/class/cashcontrol.class.php index fd6d7d9fa25..1b9860c976a 100644 --- a/htdocs/compta/cashcontrol/class/cashcontrol.class.php +++ b/htdocs/compta/cashcontrol/class/cashcontrol.class.php @@ -244,7 +244,7 @@ class CashControl extends CommonObject $sql .= " SET status = ".self::STATUS_VALIDATED.","; $sql .= " date_valid='".$this->db->idate($now)."',"; $sql .= " fk_user_valid = ".$user->id; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/compta/deplacement/class/deplacement.class.php b/htdocs/compta/deplacement/class/deplacement.class.php index 1c7a4e75552..c34d89bfa2f 100644 --- a/htdocs/compta/deplacement/class/deplacement.class.php +++ b/htdocs/compta/deplacement/class/deplacement.class.php @@ -278,7 +278,7 @@ class Deplacement extends CommonObject if ($ref) { $sql .= " AND ref ='".$this->db->escape($ref)."'"; } else { - $sql .= " AND rowid = ".$id; + $sql .= " AND rowid = ".((int) $id); } dol_syslog(get_class($this)."::fetch", LOG_DEBUG); @@ -317,7 +317,7 @@ class Deplacement extends CommonObject { $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."deplacement WHERE rowid = ".$id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."deplacement WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $result = $this->db->query($sql); @@ -471,7 +471,7 @@ class Deplacement extends CommonObject $sql = 'SELECT c.rowid, c.datec, c.fk_user_author, c.fk_user_modif,'; $sql .= ' c.tms'; $sql .= ' FROM '.MAIN_DB_PREFIX.'deplacement as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); dol_syslog(get_class($this).'::info', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/facture/class/facture-rec.class.php b/htdocs/compta/facture/class/facture-rec.class.php index 09efdb60f29..4119846e394 100644 --- a/htdocs/compta/facture/class/facture-rec.class.php +++ b/htdocs/compta/facture/class/facture-rec.class.php @@ -1967,7 +1967,7 @@ class FactureLigneRec extends CommonInvoiceLine } if (!$error) { - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.' WHERE rowid='.$this->id; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.' WHERE rowid='.((int) $this->id); $res = $this->db->query($sql); if ($res === false) { diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index dfd50147109..69356287288 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -694,7 +694,7 @@ class Facture extends CommonInvoice // Update ref with new one $this->ref = '(PROV'.$this->id.')'; - $sql = 'UPDATE '.MAIN_DB_PREFIX."facture SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX."facture SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -1978,7 +1978,7 @@ class Facture extends CommonInvoice $sql .= " retained_warranty=".(empty($this->retained_warranty) ? "0" : $this->db->escape($this->retained_warranty)).","; $sql .= " retained_warranty_date_limit=".(strval($this->retained_warranty_date_limit) != '' ? "'".$this->db->idate($this->retained_warranty_date_limit)."'" : 'null').","; $sql .= " retained_warranty_fk_cond_reglement=".(isset($this->retained_warranty_fk_cond_reglement) ?intval($this->retained_warranty_fk_cond_reglement) : "null"); - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -2375,7 +2375,7 @@ class Facture extends CommonInvoice $now = dol_now(); - dol_syslog(get_class($this)."::set_paid rowid=".$this->id, LOG_DEBUG); + dol_syslog(get_class($this)."::set_paid rowid=".((int) $this->id), LOG_DEBUG); $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET'; $sql .= ' fk_statut='.self::STATUS_CLOSED; @@ -2513,7 +2513,7 @@ class Facture extends CommonInvoice */ public function setCanceled($user, $close_code = '', $close_note = '') { - dol_syslog(get_class($this)."::setCanceled rowid=".$this->id, LOG_DEBUG); + dol_syslog(get_class($this)."::setCanceled rowid=".((int) $this->id), LOG_DEBUG); $this->db->begin(); @@ -3955,7 +3955,7 @@ class Facture extends CommonInvoice $sql .= ' date_closing as dateclosing,'; $sql .= ' fk_user_author, fk_user_valid, fk_user_closing'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facture as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { @@ -4825,7 +4825,7 @@ class Facture extends CommonInvoice $fieldname = 'retained_warranty'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET '.$fieldname.' = '.floatval($value); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { $this->retained_warranty = floatval($value); @@ -4862,7 +4862,7 @@ class Facture extends CommonInvoice $fieldname = 'retained_warranty_date_limit'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET '.$fieldname.' = '.(strval($timestamp) != '' ? '\''.$this->db->idate($timestamp).'\'' : 'null'); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { $this->retained_warranty_date_limit = $timestamp; diff --git a/htdocs/compta/facture/class/paymentterm.class.php b/htdocs/compta/facture/class/paymentterm.class.php index d9c0fa36c9a..87cd50d27c6 100644 --- a/htdocs/compta/facture/class/paymentterm.class.php +++ b/htdocs/compta/facture/class/paymentterm.class.php @@ -192,7 +192,7 @@ class PaymentTerm // extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."c_payment_term as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php index 9e25cc3deee..542d7aeb1bd 100644 --- a/htdocs/compta/index.php +++ b/htdocs/compta/index.php @@ -9,6 +9,7 @@ * Copyright (C) 2019 Nicolas ZABOURI * Copyright (C) 2020 Tobias Sekan * Copyright (C) 2020 Josep Lluís Amador + * Copyright (C) 2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -997,6 +998,7 @@ if (!empty($conf->facture->enabled) && $user->rights->facture->lire) { $sql .= ", s.nom as name"; $sql .= ", s.rowid as socid, s.email"; $sql .= ", s.code_client, s.code_compta"; + $sql .= ", s.code_fournisseur, s.code_compta_fournisseur"; $sql .= ", cc.rowid as country_id, cc.code as country_code"; $sql .= ", sum(pf.amount) as am"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s LEFT JOIN ".MAIN_DB_PREFIX."c_country as cc ON cc.rowid = s.fk_pays,".MAIN_DB_PREFIX."facture as f"; @@ -1019,6 +1021,7 @@ if (!empty($conf->facture->enabled) && $user->rights->facture->lire) { $sql .= " GROUP BY f.rowid, f.ref, f.fk_statut, f.datef, f.type, f.total, f.tva, f.total_ttc, f.paye, f.tms, f.date_lim_reglement,"; $sql .= " s.nom, s.rowid, s.email, s.code_client, s.code_compta, cc.rowid, cc.code"; + $sql .= ", s.code_fournisseur, s.code_compta_fournisseur"; $sql .= " ORDER BY f.datef ASC, f.ref ASC"; $resql = $db->query($sql); diff --git a/htdocs/compta/localtax/class/localtax.class.php b/htdocs/compta/localtax/class/localtax.class.php index cdea12902bc..46b2b2b7805 100644 --- a/htdocs/compta/localtax/class/localtax.class.php +++ b/htdocs/compta/localtax/class/localtax.class.php @@ -180,7 +180,7 @@ class Localtax extends CommonObject $sql .= " fk_bank=".(int) $this->fk_bank.","; $sql .= " fk_user_creat=".(int) $this->fk_user_creat.","; $sql .= " fk_user_modif=".(int) $this->fk_user_modif; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -234,7 +234,7 @@ class Localtax extends CommonObject $sql .= " b.rappro"; $sql .= " FROM ".MAIN_DB_PREFIX."localtax as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON t.fk_bank = b.rowid"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -284,7 +284,7 @@ class Localtax extends CommonObject // End call triggers $sql = "DELETE FROM ".MAIN_DB_PREFIX."localtax"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/paiement/cheque/class/remisecheque.class.php b/htdocs/compta/paiement/cheque/class/remisecheque.class.php index 3d73c59d967..8af9d5a6543 100644 --- a/htdocs/compta/paiement/cheque/class/remisecheque.class.php +++ b/htdocs/compta/paiement/cheque/class/remisecheque.class.php @@ -191,7 +191,7 @@ class RemiseCheque extends CommonObject if ($this->id > 0 && $this->errno == 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; $sql .= " SET ref='(PROV".$this->id.")'"; - $sql .= " WHERE rowid=".$this->id.""; + $sql .= " WHERE rowid=".((int) $this->id).""; $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index 06d13e78023..42b05f39263 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -169,7 +169,7 @@ class Paiement extends CommonObject $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON p.fk_bank = b.rowid'; $sql .= ' WHERE p.entity IN ('.getEntity('invoice').')'; if ($id > 0) { - $sql .= ' AND p.rowid = '.$id; + $sql .= ' AND p.rowid = '.((int) $id); } elseif ($ref) { $sql .= " AND p.ref = '".$ref."'"; } elseif ($fk_bank) { @@ -899,7 +899,7 @@ class Paiement extends CommonObject { $sql = 'SELECT p.rowid, p.datec, p.fk_user_creat, p.fk_user_modif, p.tms'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement as p'; - $sql .= ' WHERE p.rowid = '.$id; + $sql .= ' WHERE p.rowid = '.((int) $id); dol_syslog(get_class($this).'::info', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index f70daf75c3a..3d04cf1f6a5 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -427,7 +427,7 @@ class BonPrelevement extends CommonObject $sql .= " SET fk_user_credit = ".$user->id; $sql .= ", statut = ".self::STATUS_CREDITED; $sql .= ", date_credit = '".$this->db->idate($date)."'"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $sql .= " AND statut = ".self::STATUS_TRANSFERED; diff --git a/htdocs/compta/prelevement/class/rejetprelevement.class.php b/htdocs/compta/prelevement/class/rejetprelevement.class.php index 70742d24685..0faea8a159c 100644 --- a/htdocs/compta/prelevement/class/rejetprelevement.class.php +++ b/htdocs/compta/prelevement/class/rejetprelevement.class.php @@ -128,7 +128,7 @@ class RejetPrelevement // Tag the line to refused $sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_lignes "; $sql .= " SET statut = 3"; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); if (!$this->db->query($sql)) { dol_syslog("RejetPrelevement::create Erreur 5"); diff --git a/htdocs/compta/sociales/class/chargesociales.class.php b/htdocs/compta/sociales/class/chargesociales.class.php index 91a0708c361..d7fcd9278a9 100644 --- a/htdocs/compta/sociales/class/chargesociales.class.php +++ b/htdocs/compta/sociales/class/chargesociales.class.php @@ -149,7 +149,7 @@ class ChargeSociales extends CommonObject if ($ref) { $sql .= " AND cs.rowid = ".$ref; } else { - $sql .= " AND cs.rowid = ".$id; + $sql .= " AND cs.rowid = ".((int) $id); } dol_syslog(get_class($this)."::fetch", LOG_DEBUG); @@ -311,7 +311,7 @@ class ChargeSociales extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."chargesociales WHERE rowid=".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."chargesociales WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -350,7 +350,7 @@ class ChargeSociales extends CommonObject $sql .= ", fk_projet=".($this->fk_project > 0 ? $this->db->escape($this->fk_project) : "NULL"); $sql .= ", fk_user=".($this->fk_user > 0 ? $this->db->escape($this->fk_user) : "NULL"); $sql .= ", fk_user_modif=".$user->id; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -672,7 +672,7 @@ class ChargeSociales extends CommonObject $sql = "SELECT e.rowid, e.tms as datem, e.date_creation as datec, e.date_valid as datev, e.import_key,"; $sql .= " e.fk_user_author, e.fk_user_modif, e.fk_user_valid"; $sql .= " FROM ".MAIN_DB_PREFIX."chargesociales as e"; - $sql .= " WHERE e.rowid = ".$id; + $sql .= " WHERE e.rowid = ".((int) $id); dol_syslog(get_class($this)."::info", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php index bb9a48b4c4c..8f7f13e6043 100644 --- a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php +++ b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php @@ -262,7 +262,7 @@ class PaymentSocialContribution extends CommonObject $sql .= ' b.fk_account'; $sql .= " FROM ".MAIN_DB_PREFIX."paiementcharge as t LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pt ON t.fk_typepaiement = pt.id"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON t.fk_bank = b.rowid'; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); // TODO link on entity of tax; dol_syslog(get_class($this)."::fetch", LOG_DEBUG); @@ -362,7 +362,7 @@ class PaymentSocialContribution extends CommonObject $sql .= " fk_user_modif=".(isset($this->fk_user_modif) ? $this->fk_user_modif : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -416,7 +416,7 @@ class PaymentSocialContribution extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."paiementcharge"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/stats/byratecountry.php b/htdocs/compta/stats/byratecountry.php index e2047d00738..79379ee0b24 100644 --- a/htdocs/compta/stats/byratecountry.php +++ b/htdocs/compta/stats/byratecountry.php @@ -1,6 +1,6 @@ - * Copyright (C) 2018 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -114,7 +114,7 @@ if (empty($min)) { // Define modetax (0 or 1) // 0=normal, 1=option vat for services is on debit, 2=option on payments for products -$modetax = $conf->global->TAX_MODE; +$modetax = empty($conf->global->TAX_MODE) ? 0 : $conf->global->TAX_MODE; if (GETPOSTISSET("modetax")) { $modetax = GETPOST("modetax", 'int'); } diff --git a/htdocs/compta/tva/class/paymentvat.class.php b/htdocs/compta/tva/class/paymentvat.class.php index 4f816164db0..9ba1bd2ed1d 100644 --- a/htdocs/compta/tva/class/paymentvat.class.php +++ b/htdocs/compta/tva/class/paymentvat.class.php @@ -261,7 +261,7 @@ class PaymentVAT extends CommonObject $sql .= ' b.fk_account'; $sql .= " FROM ".MAIN_DB_PREFIX."payment_vat as t LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pt ON t.fk_typepaiement = pt.id"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON t.fk_bank = b.rowid'; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); // TODO link on entity of tax; dol_syslog(get_class($this)."::fetch", LOG_DEBUG); @@ -365,7 +365,7 @@ class PaymentVAT extends CommonObject $sql .= " fk_user_modif=".(isset($this->fk_user_modif) ? $this->fk_user_modif : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -419,7 +419,7 @@ class PaymentVAT extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_vat"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/tva/class/tva.class.php b/htdocs/compta/tva/class/tva.class.php index f45112aedda..552195cf2d2 100644 --- a/htdocs/compta/tva/class/tva.class.php +++ b/htdocs/compta/tva/class/tva.class.php @@ -209,7 +209,7 @@ class Tva extends CommonObject $sql .= " note='".$this->db->escape($this->note)."',"; $sql .= " fk_user_creat=".$this->fk_user_creat.","; $sql .= " fk_user_modif=".($this->fk_user_modif > 0 ? $this->fk_user_modif : $user->id).""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -305,7 +305,7 @@ class Tva extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."tva as t"; //$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON t.fk_bank = b.rowid"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -360,7 +360,7 @@ class Tva extends CommonObject // End call triggers $sql = "DELETE FROM ".MAIN_DB_PREFIX."tva"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/tva/quadri_detail.php b/htdocs/compta/tva/quadri_detail.php index 788067ec696..c1f89dd3bbc 100644 --- a/htdocs/compta/tva/quadri_detail.php +++ b/htdocs/compta/tva/quadri_detail.php @@ -4,7 +4,7 @@ * Copyright (C) 2004-2013 Laurent Destailleur * Copyright (C) 2006-2015 Yannick Warnier * Copyright (C) 2014 Ferran Marcet - * Copyright (C) 2018 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * Copyright (C) 2019 Eric Seigne * * This program is free software; you can redistribute it and/or modify @@ -116,16 +116,16 @@ if (empty($min)) { // Define modetax (0 or 1) // 0=normal, 1=option vat for services is on debit, 2=option on payments for products -$modetax = $conf->global->TAX_MODE; +$modetax = (empty($conf->global->TAX_MODE) ? 0 : $conf->global->TAX_MODE); if (GETPOSTISSET("modetax")) { - $modetax = GETPOST("modetax", 'int'); + $modetax = GETPOSTINT("modetax"); } if (empty($modetax)) { $modetax = 0; } // Security check -$socid = GETPOST('socid', 'int'); +$socid = GETPOSTINT('socid'); if ($user->socid) { $socid = $user->socid; } @@ -242,7 +242,7 @@ if ($mysoc->tva_assuj) { $vatsup .= ' ('.$langs->trans("ToGetBack").')'; } -$optioncss = GETPOST('optioncss'); +$optioncss = GETPOST('optioncss', 'alpha'); if ($optioncss != "print") { report_header($name, '', $period, $periodlink, $description, $builddate, $exportlink, array(), $calcmode); } diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index ede8e6698dd..5e0c65e1b70 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -1275,7 +1275,7 @@ class Contact extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."socpeople"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $result = $this->db->query($sql); if (!$result) { diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 94da51cca8a..36a97be3b27 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -979,7 +979,7 @@ class Contrat extends CommonObject if (!empty($modCodeContract->code_auto)) { // Force the ref to a draft value if numbering module is an automatic numbering - $sql = 'UPDATE '.MAIN_DB_PREFIX."contrat SET ref='(PROV".$this->id.")' WHERE rowid=".$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX."contrat SET ref='(PROV".$this->id.")' WHERE rowid=".((int) $this->id); if ($this->db->query($sql)) { if ($this->id) { $this->ref = "(PROV".$this->id.")"; @@ -1225,7 +1225,7 @@ class Contrat extends CommonObject // Delete contract if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."contrat"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete contrat", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1353,7 +1353,7 @@ class Contrat extends CommonObject $sql .= " note_public=".(isset($this->note_public) ? "'".$this->db->escape($this->note_public)."'" : "null").","; $sql .= " import_key=".(isset($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null").""; //$sql.= " extraparams=".(isset($this->extraparams)?"'".$this->db->escape($this->extraparams)."'":"null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -2873,7 +2873,7 @@ class ContratLigne extends CommonObjectLine $sql .= " t.fk_unit"; $sql .= " FROM ".MAIN_DB_PREFIX."contratdet as t LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = t.fk_product"; if ($id) { - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); } if ($ref) { $sql .= " WHERE t.rowid = '".$this->db->escape($ref)."'"; @@ -3098,7 +3098,7 @@ class ContratLigne extends CommonObjectLine $sql .= " fk_user_cloture=".($this->fk_user_cloture > 0 ? $this->fk_user_cloture : "NULL").","; $sql .= " commentaire='".$this->db->escape($this->commentaire)."',"; $sql .= " fk_unit=".(!$this->fk_unit ? 'NULL' : $this->fk_unit); - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/core/boxes/box_accountancy_last_manual_entries.php b/htdocs/core/boxes/box_accountancy_last_manual_entries.php index f3893692845..13b4d92a36f 100644 --- a/htdocs/core/boxes/box_accountancy_last_manual_entries.php +++ b/htdocs/core/boxes/box_accountancy_last_manual_entries.php @@ -102,9 +102,11 @@ class box_accountancy_last_manual_entries extends ModeleBoxes $date = $this->db->jdate($objp->date_movement); $journal = $objp->code_journal; $label = $objp->label_operation; - $amount = $objp->amount; + $amount = $objp->amount; - $bookkeepingstatic->id = $objp->id; + // adding id (rowid) will give two lines (debit and credit) + // so rowid isn't in sql request + // $bookkeepingstatic->id = $objp->id; $bookkeepingstatic->piece_num = $objp->piece_num; $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/class/ccountry.class.php b/htdocs/core/class/ccountry.class.php index ad088002caf..4f448845e80 100644 --- a/htdocs/core/class/ccountry.class.php +++ b/htdocs/core/class/ccountry.class.php @@ -240,7 +240,7 @@ class Ccountry // extends CommonObject $sql .= " code_iso=".(isset($this->code_iso) ? "'".$this->db->escape($this->code_iso)."'" : "null").","; $sql .= " label=".(isset($this->label) ? "'".$this->db->escape($this->label)."'" : "null").","; $sql .= " active=".(isset($this->active) ? $this->active : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -279,7 +279,7 @@ class Ccountry // extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."c_country"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/core/class/comment.class.php b/htdocs/core/class/comment.class.php index a8da44b0d79..78f168fd8f7 100644 --- a/htdocs/core/class/comment.class.php +++ b/htdocs/core/class/comment.class.php @@ -262,7 +262,7 @@ class Comment extends CommonObject $sql .= " fk_user_modif=".$user->id.","; $sql .= " entity=".(!empty($this->entity) ? $this->entity : '1').","; $sql .= " import_key=".(!empty($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null"); - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -316,7 +316,7 @@ class Comment extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index a392fd793d5..0b4954e5e88 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1847,7 +1847,7 @@ abstract class CommonObject $result = false; if (!empty($id) && !empty($field) && !empty($table)) { $sql = "SELECT ".$field." FROM ".MAIN_DB_PREFIX.$table; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(get_class($this).'::getValueFrom', LOG_DEBUG); $resql = $this->db->query($sql); @@ -2243,7 +2243,7 @@ abstract class CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET '.$fieldname.' = '.(($id > 0 || $id == '0') ? $id : 'NULL'); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { $this->mode_reglement_id = $id; @@ -2278,7 +2278,7 @@ abstract class CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET '.$fieldname." = '".$this->db->escape($code)."'"; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { $this->multicurrency_code = $code; @@ -2316,7 +2316,7 @@ abstract class CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET '.$fieldname.' = '.$rate; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { $this->multicurrency_tx = $rate; @@ -2524,7 +2524,7 @@ abstract class CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET '.$fieldname.' = '.(($id > 0 || $id == '0') ? $id : 'NULL'); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { $this->cond_reglement_id = $id; @@ -2566,7 +2566,7 @@ abstract class CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET '.$fieldname.' = '.(($id > 0 || $id == '0') ? $id : 'NULL'); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { $this->transport_mode_id = $id; @@ -2601,7 +2601,7 @@ abstract class CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET '.$fieldname.' = '.$id; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { $this->retained_warranty_fk_cond_reglement = $id; @@ -2679,7 +2679,7 @@ abstract class CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET fk_shipping_method = ".$shipping_method_id; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { dol_syslog(get_class($this).'::setShippingMethod Error ', LOG_DEBUG); @@ -2726,7 +2726,7 @@ abstract class CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET fk_warehouse = ".$warehouse_id; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); if ($this->db->query($sql)) { $this->warehouse_id = ($warehouse_id == 'NULL') ?null:$warehouse_id; @@ -2803,7 +2803,7 @@ abstract class CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET fk_account = ".$fk_account; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -4173,7 +4173,7 @@ abstract class CommonObject $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element; $sql .= " WHERE entity IN (".getEntity($this->element).")"; if (!empty($id)) { - $sql .= " AND rowid = ".$id; + $sql .= " AND rowid = ".((int) $id); } if (!empty($ref)) { $sql .= " AND ref = '".$this->db->escape($ref)."'"; @@ -8480,7 +8480,7 @@ abstract class CommonObject $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; if (!empty($id)) { - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); } elseif (!empty($ref)) { $sql .= " WHERE t.ref = ".$this->quote($ref, $this->fields['ref']); } else { @@ -8622,7 +8622,7 @@ abstract class CommonObject }*/ } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET '.implode(', ', $tmp).' WHERE rowid='.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET '.implode(', ', $tmp).' WHERE rowid='.((int) $this->id); $this->db->begin(); if (!$error) { @@ -8768,7 +8768,7 @@ abstract class CommonObject } if (!$error) { - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.' WHERE rowid='.$this->id; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.' WHERE rowid='.((int) $this->id); $res = $this->db->query($sql); if ($res === false) { diff --git a/htdocs/core/class/cproductnature.class.php b/htdocs/core/class/cproductnature.class.php index c95822bf226..6c3a1f7bb9d 100644 --- a/htdocs/core/class/cproductnature.class.php +++ b/htdocs/core/class/cproductnature.class.php @@ -151,7 +151,7 @@ class CProductNature // extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as t"; $sql_where = array(); if ($id) { - $sql_where[] = " t.rowid = ".$id; + $sql_where[] = " t.rowid = ".((int) $id); } if ($code >= 0) { $sql_where[] = " t.code = ".((int) $code); diff --git a/htdocs/core/class/cstate.class.php b/htdocs/core/class/cstate.class.php index 66ee803d41a..2b9b1d6880e 100644 --- a/htdocs/core/class/cstate.class.php +++ b/htdocs/core/class/cstate.class.php @@ -163,7 +163,7 @@ class Cstate // extends CommonObject $sql .= " t.active"; $sql .= " FROM ".MAIN_DB_PREFIX."c_departements as t"; if ($id) { - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); } elseif ($code) { $sql .= " WHERE t.code_departement = '".$this->db->escape($code)."'"; } @@ -223,7 +223,7 @@ class Cstate // extends CommonObject $sql .= " code_departement=".(isset($this->code_departement) ? "'".$this->db->escape($this->code_departement)."'" : "null").","; $sql .= " nom=".(isset($this->nom) ? "'".$this->db->escape($this->nom)."'" : "null").","; $sql .= " active=".(isset($this->active) ? $this->active : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -261,7 +261,7 @@ class Cstate // extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."c_departements"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/core/class/ctyperesource.class.php b/htdocs/core/class/ctyperesource.class.php index 77d2fe507d3..6ba04c044e9 100644 --- a/htdocs/core/class/ctyperesource.class.php +++ b/htdocs/core/class/ctyperesource.class.php @@ -320,7 +320,7 @@ class Ctyperesource $sql .= ' active = '.(isset($this->active) ? $this->active : "null"); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $this->db->begin(); @@ -383,7 +383,7 @@ class Ctyperesource if (!$error) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/core/class/cunits.class.php b/htdocs/core/class/cunits.class.php index e55d227de0e..ed3981d243d 100644 --- a/htdocs/core/class/cunits.class.php +++ b/htdocs/core/class/cunits.class.php @@ -181,7 +181,7 @@ class CUnits // extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."c_units as t"; $sql_where = array(); if ($id) { - $sql_where[] = " t.rowid = ".$id; + $sql_where[] = " t.rowid = ".((int) $id); } if ($unit_type) { $sql_where[] = " t.unit_type = '".$this->db->escape($unit_type)."'"; @@ -345,7 +345,7 @@ class CUnits // extends CommonObject $sql .= " unit_type=".(isset($this->unit_type) ? "'".$this->db->escape($this->unit_type)."'" : "null").","; $sql .= " scale=".(isset($this->scale) ? "'".$this->db->escape($this->scale)."'" : "null").","; $sql .= " active=".(isset($this->active) ? $this->active : "null"); - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -384,7 +384,7 @@ class CUnits // extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."c_units"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/core/class/emailsenderprofile.class.php b/htdocs/core/class/emailsenderprofile.class.php index 39a5aec95fe..d4b9f0bd93e 100644 --- a/htdocs/core/class/emailsenderprofile.class.php +++ b/htdocs/core/class/emailsenderprofile.class.php @@ -350,7 +350,7 @@ class EmailSenderProfile extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/core/class/events.class.php b/htdocs/core/class/events.class.php index 980c8c53dde..1771f0d18f0 100644 --- a/htdocs/core/class/events.class.php +++ b/htdocs/core/class/events.class.php @@ -206,7 +206,7 @@ class Events // extends CommonObject $sql .= " type='".$this->db->escape($this->type)."',"; $sql .= " dateevent='".$this->db->idate($this->dateevent)."',"; $sql .= " description='".$this->db->escape($this->description)."'"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -238,7 +238,7 @@ class Events // extends CommonObject $sql .= " t.user_agent,"; $sql .= " t.prefix_session"; $sql .= " FROM ".MAIN_DB_PREFIX."events as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -275,7 +275,7 @@ class Events // extends CommonObject public function delete($user) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."events"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/core/class/fiscalyear.class.php b/htdocs/core/class/fiscalyear.class.php index ebcf4adc7b0..566407cffc4 100644 --- a/htdocs/core/class/fiscalyear.class.php +++ b/htdocs/core/class/fiscalyear.class.php @@ -222,7 +222,7 @@ class Fiscalyear extends CommonObject { $sql = "SELECT rowid, label, date_start, date_end, statut"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_fiscalyear"; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); @@ -253,7 +253,7 @@ class Fiscalyear extends CommonObject { $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."accounting_fiscalyear WHERE rowid = ".$id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."accounting_fiscalyear WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $result = $this->db->query($sql); @@ -417,7 +417,7 @@ class Fiscalyear extends CommonObject $sql = 'SELECT fy.rowid, fy.datec, fy.fk_user_author, fy.fk_user_modif,'; $sql .= ' fy.tms'; $sql .= ' FROM '.MAIN_DB_PREFIX.'accounting_fiscalyear as fy'; - $sql .= ' WHERE fy.rowid = '.$id; + $sql .= ' WHERE fy.rowid = '.((int) $id); dol_syslog(get_class($this)."::fetch info", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index fb618813f56..4a0114b5244 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -7,7 +7,7 @@ * Copyright (C) 2014 Marcos García * Copyright (C) 2015 Bahfir Abbes * Copyright (C) 2016-2017 Ferran Marcet - * Copyright (C) 2019 Frédéric France + * Copyright (C) 2019-2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -966,6 +966,7 @@ class FormFile // Loop on each file found $found = 0; + $i = 0; foreach ($file_list as $file) { $i++; if ($filter && !preg_match('/'.$filter.'/i', $file["name"])) { diff --git a/htdocs/core/class/menubase.class.php b/htdocs/core/class/menubase.class.php index 97c63e62d67..65fdaff9645 100644 --- a/htdocs/core/class/menubase.class.php +++ b/htdocs/core/class/menubase.class.php @@ -294,7 +294,7 @@ class Menubase $resql = $this->db->query($sql); if ($resql) { $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX."menu"); - dol_syslog(get_class($this)."::create record added has rowid=".$this->id, LOG_DEBUG); + dol_syslog(get_class($this)."::create record added has rowid=".((int) $this->id), LOG_DEBUG); return $this->id; } else { @@ -364,7 +364,7 @@ class Menubase $sql .= " perms='".$this->db->escape($this->perms)."',"; $sql .= " enabled='".$this->db->escape($this->enabled)."',"; $sql .= " usertype='".$this->db->escape($this->user)."'"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -410,7 +410,7 @@ class Menubase $sql .= " t.usertype as user,"; $sql .= " t.tms"; $sql .= " FROM ".MAIN_DB_PREFIX."menu as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -461,7 +461,7 @@ class Menubase //global $conf, $langs; $sql = "DELETE FROM ".MAIN_DB_PREFIX."menu"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/core/lib/accounting.lib.php b/htdocs/core/lib/accounting.lib.php index 6b2526477b3..36a74f8f85e 100644 --- a/htdocs/core/lib/accounting.lib.php +++ b/htdocs/core/lib/accounting.lib.php @@ -3,6 +3,7 @@ * Copyright (C) 2013-2017 Alexandre Spangaro * Copyright (C) 2014 Florian Henry * Copyright (C) 2019 Eric Seigne + * Copyright (C) 2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -274,8 +275,7 @@ function getDefaultDatesForTransfer() global $db, $conf; // Period by default on transfer (0: previous month | 1: current month | 2: fiscal year) - $periodbydefaultontransfer = $conf->global->ACCOUNTING_DEFAULT_PERIOD_ON_TRANSFER; - isset($periodbydefaultontransfer) ? $periodbydefaultontransfer : 0; + $periodbydefaultontransfer = (empty($conf->global->ACCOUNTING_DEFAULT_PERIOD_ON_TRANSFER) ? 0 : $conf->global->ACCOUNTING_DEFAULT_PERIOD_ON_TRANSFER); if ($periodbydefaultontransfer == 2) { $sql = "SELECT date_start, date_end from ".MAIN_DB_PREFIX."accounting_fiscalyear "; $sql .= " where date_start < '".$db->idate(dol_now())."' and date_end > '".$db->idate(dol_now())."'"; diff --git a/htdocs/core/lib/cron.lib.php b/htdocs/core/lib/cron.lib.php index 4207e6c3b4f..2d111e37ef8 100644 --- a/htdocs/core/lib/cron.lib.php +++ b/htdocs/core/lib/cron.lib.php @@ -34,12 +34,12 @@ function cronadmin_prepare_head() $h = 0; $head = array(); - $head[$h][0] = dol_buildpath('/cron/admin/cron.php', 1); + $head[$h][0] = DOL_URL_ROOT.'/cron/admin/cron.php'; $head[$h][1] = $langs->trans("Miscellaneous"); $head[$h][2] = 'setup'; $h++; - $head[$h][0] = dol_buildpath('/cron/list.php?mode=modulesetup', 1); + $head[$h][0] = DOL_URL_ROOT.'/cron/list.php?mode=modulesetup'; $head[$h][1] = $langs->trans("Module2300Name"); $head[$h][2] = 'jobs'; $h++; @@ -64,12 +64,12 @@ function cron_prepare_head(Cronjob $object) $h = 0; $head = array(); - $head[$h][0] = dol_buildpath('/cron/card.php', 1).'?id='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/cron/card.php?id='.$object->id; $head[$h][1] = $langs->trans("CronTask"); $head[$h][2] = 'card'; $h++; - $head[$h][0] = dol_buildpath('/cron/info.php', 1).'?id='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/cron/info.php?id='.$object->id; $head[$h][1] = $langs->trans("Info"); $head[$h][2] = 'info'; $h++; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 6df447e41cb..0d5e94a23f0 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -611,9 +611,16 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null } // Sanitizing for special parameters. There is no reason to allow the backtopage parameter to contains an external URL. - if ($paramname == 'backtopage') { + if ($paramname == 'backtopage' || $paramname == 'backtolist') { $out = str_replace('\\', '/', $out); - $out = preg_replace(array('/^\/\/+/', '/^[a-z]*:/i'), '', $out); + $out = str_replace(array(':', ';', '@'), '', $out); + + do { + $oldstringtoclean = $out; + $out = str_ireplace(array('javascript', 'vbscript', '&colon', '&#'), '', $out); + } while ($oldstringtoclean != $out); + + $out = preg_replace(array('/^[a-z]*\/\/+/i'), '', $out); } // Code for search criteria persistence. @@ -999,6 +1006,43 @@ function dol_sanitizePathName($str, $newstr = '_', $unaccent = 1) return dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars); } +/** + * Clean a string to use it as an URL (into a href or src attribute) + * + * @param string $stringtoclean String to clean + * @param int $type 0=Accept all Url, 1=Clean external Url (keep only relative Url) + * @return string Escaped string. + */ +function dol_sanitizeUrl($stringtoclean, $type = 1) +{ + // We clean string because some hacks try to obfuscate evil strings by inserting non printable chars. Example: 'java(ascci09)scr(ascii00)ipt' is processed like 'javascript' (whatever is place of evil ascii char) + // We should use dol_string_nounprintableascii but function may not be yet loaded/available + $stringtoclean = preg_replace('/[\x00-\x1F\x7F]/u', '', $stringtoclean); // /u operator makes UTF8 valid characters being ignored so are not included into the replace + // We clean html comments because some hacks try to obfuscate evil strings by inserting HTML comments. Example: onerror=alert(1) + $stringtoclean = preg_replace('//', '', $stringtoclean); + + $stringtoclean = str_replace('\\', '/', $stringtoclean); + if ($type == 1) { + // removing : should disable links to external url like http:aaa) + // removing ';' should disable "named" html entities encode into an url (we should not have this into an url) + $stringtoclean = str_replace(array(':', ';', '@'), '', $stringtoclean); + } + + do { + $oldstringtoclean = $stringtoclean; + // removing '&colon' should disable links to external url like http:aaa) + // removing '&#' should disable "numeric" html entities encode into an url (we should not have this into an url) + $stringtoclean = str_ireplace(array('javascript', 'vbscript', '&colon', '&#'), '', $stringtoclean); + } while ($oldstringtoclean != $stringtoclean); + + if ($type == 1) { + // removing '//' should disable links to external url like //aaa or http//) + $stringtoclean = preg_replace(array('/^[a-z]*\/\/+/i'), '', $stringtoclean); + } + + return $stringtoclean; +} + /** * Clean a string from all accent characters to be used as ref, login or by dol_sanitizeFileName * @@ -1097,7 +1141,6 @@ function dol_string_nounprintableascii($str, $removetabcrlf = 1) } } - /** * Returns text escaped for inclusion into javascript code * @@ -3443,7 +3486,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ '1downarrow', '1uparrow', '1leftarrow', '1rightarrow', '1uparrow_selected', '1downarrow_selected', '1leftarrow_selected', '1rightarrow_selected', 'accountancy', 'account', 'accountline', 'action', 'add', 'address', 'angle-double-down', 'angle-double-up', 'asset', 'bank_account', 'barcode', 'bank', 'bill', 'billa', 'billr', 'billd', 'bookmark', 'bom', 'building', - 'cash-register', 'category', 'chart', 'check', 'clock', 'close_title', 'cog', 'company', 'contact', 'contract', 'cron', 'cubes', + 'cash-register', 'category', 'chart', 'check', 'clock', 'close_title', 'cog', 'collab', 'company', 'contact', 'contract', 'cron', 'cubes', 'delete', 'dolly', 'dollyrevert', 'donation', 'download', 'edit', 'ellipsis-h', 'email', 'eraser', 'external-link-alt', 'external-link-square-alt', 'filter', 'file-code', 'file-export', 'file-import', 'file-upload', 'folder', 'folder-open', 'globe', 'globe-americas', 'grip', 'grip_title', 'group', 'help', 'holiday', @@ -3474,7 +3517,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ 'recruitmentcandidature', 'recruitmentjobposition', 'resource', 'shapes', 'supplier_proposal', 'supplier_order', 'supplier_invoice', 'timespent', 'title_setup', 'title_accountancy', 'title_bank', 'title_hrm', 'title_agenda', - 'user-cog', + 'user-cog', 'website', 'eventorganization', 'object_eventorganization' ))) { $pictowithouttext = str_replace('object_', '', $pictowithouttext); @@ -3494,7 +3537,8 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ 'account'=>'university', 'accountline'=>'receipt', 'accountancy'=>'search-dollar', 'action'=>'calendar-alt', 'add'=>'plus-circle', 'address'=> 'address-book', 'asset'=>'money-check-alt', 'bank_account'=>'university', 'bill'=>'file-invoice-dollar', 'billa'=>'file-excel', 'billr'=>'file-invoice-dollar', 'supplier_invoicea'=>'file-excel', 'billd'=>'file-medical', 'supplier_invoiced'=>'file-medical', 'bom'=>'shapes', - 'chart'=>'chart-line', 'company'=>'building', 'contact'=>'address-book', 'contract'=>'suitcase', 'conversation'=>'comments', 'donation'=>'file-alt', 'dynamicprice'=>'hand-holding-usd', + 'chart'=>'chart-line', 'company'=>'building', 'contact'=>'address-book', 'contract'=>'suitcase', 'collab'=>'people-arrows', 'conversation'=>'comments', + 'donation'=>'file-alt', 'dynamicprice'=>'hand-holding-usd', 'setup'=>'cog', 'companies'=>'building', 'products'=>'cube', 'commercial'=>'suitcase', 'invoicing'=>'coins', 'accounting'=>'chart-line', 'category'=>'tag', 'dollyrevert'=>'dolly', 'hrm'=>'user-tie', 'margin'=>'calculator', 'members'=>'user-friends', 'ticket'=>'ticket-alt', 'globe'=>'external-link-alt', 'lot'=>'barcode', @@ -3552,10 +3596,10 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ $fakey = 'fa-'.$pictowithouttext; } - if (in_array($pictowithouttext, array('holiday', 'dollyrevert', 'member', 'members', 'contract', 'group', 'resource', 'shipment'))) { + if (in_array($pictowithouttext, array('dollyrevert', 'member', 'members', 'contract', 'group', 'resource', 'shipment'))) { $morecss = 'em092'; } - if (in_array($pictowithouttext, array('holiday', 'project'))) { + if (in_array($pictowithouttext, array('collab', 'holiday', 'project'))) { $morecss = 'em088'; } if (in_array($pictowithouttext, array('intervention', 'info', 'payment', 'loan', 'stock', 'technic'))) { @@ -3577,7 +3621,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ 'action'=>'infobox-action', 'account'=>'infobox-bank_account', 'accountline'=>'infobox-bank_account', 'accountancy'=>'infobox-bank_account', 'asset'=>'infobox-bank_account', 'bank_account'=>'bg-infobox-bank_account', 'bill'=>'infobox-commande', 'billa'=>'infobox-commande', 'billr'=>'infobox-commande', 'billd'=>'infobox-commande', - 'cash-register'=>'infobox-bank_account', 'contract'=>'infobox-contrat', 'check'=>'font-status4', 'conversation'=>'infobox-contrat', + 'cash-register'=>'infobox-bank_account', 'contract'=>'infobox-contrat', 'check'=>'font-status4', 'collab'=>'infobox-action', 'conversation'=>'infobox-contrat', 'donation'=>'infobox-commande', 'dollyrevert'=>'flip', 'ecm'=>'infobox-action', 'hrm'=>'infobox-adherent', 'group'=>'infobox-adherent', 'intervention'=>'infobox-contrat', 'multicurrency'=>'infobox-bank_account', @@ -6153,12 +6197,13 @@ function dol_string_nohtmltag($stringtoclean, $removelinefeed = 1, $pagecodeto = if ($strip_tags) { $temp = strip_tags($temp); } else { + $temp = str_replace('<>', '', $temp); // No reason to have this into a text, except if value is to try bypass the next html cleaning $pattern = "/<[^<>]+>/"; // Example of $temp: 0000-021 $temp = preg_replace($pattern, "", $temp); // pass 1 - $temp after pass 1: 0000-021 $temp = preg_replace($pattern, "", $temp); // pass 2 - $temp after pass 2: 0000-021 - // Remove '<' into remainging, so non closing html tags like '', '__!DOCTYPE_HTML__', $stringtoclean); // Replace DOCTYPE to avoid to have it removed by the strip_tags $stringtoclean = dol_string_nounprintableascii($stringtoclean, 0); - $stringtoclean = preg_replace('/:/i', ':', $stringtoclean); $stringtoclean = preg_replace('//', '', $stringtoclean); - $stringtoclean = preg_replace('/:|:|:/i', '', $stringtoclean); // refused string ':' encoded (no reason to have it encoded) to lock 'javascript:...' + + $stringtoclean = preg_replace('/:/i', ':', $stringtoclean); + $stringtoclean = preg_replace('/:|�+58|:/i', '', $stringtoclean); // refused string ':' encoded (no reason to have a : encoded like this) to disable 'javascript:...' $stringtoclean = preg_replace('/javascript\s*:/i', '', $stringtoclean); $temp = strip_tags($stringtoclean, $allowed_tags_string); @@ -6221,7 +6267,7 @@ function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1, } // Remove 'javascript:' that we should not find into a text with - // Warning: This is not reliable to fight against obfuscated javascript, there is a lot of other solution to include js into a common html tag (only filtered by the GETPOST). + // Warning: This is not reliable to fight against obfuscated javascript, there is a lot of other solution to include js into a common html tag (only filtered by a GETPOST(.., powerfullfilter)). if ($cleanalsojavascript) { $temp = preg_replace('/javascript\s*:/i', '', $temp); } diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 84a69b4a276..89e63c16db4 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -76,7 +76,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = $menu_arr[] = array( 'name' => 'Home', 'link' => '/index.php?mainmenu=home&leftmenu=home', - 'title' => (!empty($conf->global->THEME_TOPMENU_DISABLE_IMAGE) ? '' : "Home"), + 'title' => "Home", 'level' => 0, 'enabled' => $showmode = 1, 'target' => $atarget, @@ -86,7 +86,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'home', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "home") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', + 'prefix' => '', 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "home") ? 0 : 1), 'loadLangs' => array(), 'submenus' => array(), @@ -111,7 +111,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'members', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "members") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', + 'prefix' => img_picto('', 'member', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "members") ? 0 : 1), 'loadLangs' => array(), 'submenus' => array(), @@ -140,7 +140,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'companies', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "companies") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', + 'prefix' => img_picto('', 'company', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "companies") ? 0 : 1), 'loadLangs' => array("companies", "suppliers"), 'submenus' => array(), @@ -167,7 +167,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'products', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "products") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', + 'prefix' => img_picto('', 'product', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "products") ? 0 : 1), 'loadLangs' => array("products"), 'submenus' => array(), @@ -192,7 +192,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'mrp', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "mrp") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', + 'prefix' => img_picto('', 'mrp', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "mrp") ? 0 : 1), 'loadLangs' => array("mrp"), 'submenus' => array(), @@ -217,7 +217,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'project', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "project") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', + 'prefix' => img_picto('', 'project', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "project") ? 0 : 1), 'loadLangs' => array("projects"), 'submenus' => array(), @@ -263,7 +263,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'commercial', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "commercial") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', + 'prefix' => img_picto('', 'contract', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "commercial") ? 0 : 1), 'loadLangs' => array("commercial"), 'submenus' => array(), @@ -297,7 +297,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'billing', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "billing") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', + 'prefix' => img_picto('', 'bill', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "billing") ? 0 : 1), 'loadLangs' => array("compta"), 'submenus' => array(), @@ -322,10 +322,8 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'bank', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "bank") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', - + 'prefix' => img_picto('', 'bank', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "bank") ? 0 : 1), - 'loadLangs' => array("compta", "banks"), 'submenus' => array(), ); @@ -349,10 +347,8 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'accountancy', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "accountancy") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', - + 'prefix' => img_picto('', 'account', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "accountancy") ? 0 : 1), - 'loadLangs' => array("compta", "accountancy", "assets", "intracommreport"), 'submenus' => array(), ); @@ -377,10 +373,8 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'hrm', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "hrm") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', - + 'prefix' => img_picto('', 'hrm', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "hrm") ? 0 : 1), - 'loadLangs' => array("holiday"), 'submenus' => array(), ); @@ -404,10 +398,8 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'tools', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "tools") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', - + 'prefix' => img_picto('', 'tools', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "tools") ? 0 : 1), - 'loadLangs' => array("other"), 'submenus' => array(), ); @@ -496,7 +488,8 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = $newTabMenu[$i]['position'], $id, $idsel, - $classname + $classname, + $newTabMenu[$i]['prefix'] ); } @@ -712,7 +705,7 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM $newmenu->add("/index.php?mainmenu=home&leftmenu=home", $langs->trans("MyDashboard"), 0, 1, '', $mainmenu, 'home', 0, '', '', '', ''); // Setup - $newmenu->add("/admin/index.php?mainmenu=home&leftmenu=setup", $langs->trans("Setup"), 0, $user->admin, '', $mainmenu, 'setup', 0, '', '', '', ''); + $newmenu->add("/admin/index.php?mainmenu=home&leftmenu=setup", $langs->trans("Setup"), 0, $user->admin, '', $mainmenu, 'setup', 0, '', '', '', ''); if ($usemenuhider || empty($leftmenu) || $leftmenu == "setup") { // Load translation files required by the page diff --git a/htdocs/core/menus/standard/eldy_menu.php b/htdocs/core/menus/standard/eldy_menu.php index a024e6743e8..f5f280b659b 100644 --- a/htdocs/core/menus/standard/eldy_menu.php +++ b/htdocs/core/menus/standard/eldy_menu.php @@ -185,8 +185,8 @@ class MenuManager print ''; // Add font-awesome - if ($val['level'] == 0 && $val['mainmenu'] == 'home') { - print ''; + if ($val['level'] == 0 && !empty($val['prefix'])) { + print $val['prefix']; } print $val['titre']; @@ -213,7 +213,7 @@ class MenuManager print str_pad('', 1).'
  • '; // ui-btn to highlight on clic print ''; if ($langs->trans(ucfirst($val['mainmenu'])."Dashboard") == ucfirst($val['mainmenu'])."Dashboard") { // No translation - if (in_array($val['mainmenu'], array('cashdesk', 'externalsite', 'website', 'collab'))) { + if (in_array($val['mainmenu'], array('cashdesk', 'externalsite', 'website', 'collab', 'takepos'))) { print $langs->trans("Access"); } else { print $langs->trans("Dashboard"); diff --git a/htdocs/core/modules/mailings/modules_mailings.php b/htdocs/core/modules/mailings/modules_mailings.php index d875c3695a3..cb7eb93b074 100644 --- a/htdocs/core/modules/mailings/modules_mailings.php +++ b/htdocs/core/modules/mailings/modules_mailings.php @@ -184,7 +184,7 @@ class MailingTargets // This can't be abstract as it is used for some method $sql .= "'".$this->db->escape($targetarray['other'])."',"; $sql .= "'".$this->db->escape($targetarray['source_url'])."',"; $sql .= (empty($targetarray['source_id']) ? 'null' : "'".$this->db->escape($targetarray['source_id'])."'").","; - $sql .= "'".$this->db->escape(dol_hash($dolibarr_main_instance_unique_id.';'.$targetarray['email'].';'.$targetarray['lastname'].';'.$mailing_id.';'.$conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY), 'md5')."',"; + $sql .= "'".$this->db->escape(dol_hash($dolibarr_main_instance_unique_id.';'.$targetarray['email'].';'.$targetarray['lastname'].';'.$mailing_id.';'.$conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY, 'md5'))."',"; $sql .= "'".$this->db->escape($targetarray['source_type'])."')"; dol_syslog(__METHOD__, LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/core/modules/modAgenda.class.php b/htdocs/core/modules/modAgenda.class.php index 91788238419..7dd7a801f9d 100644 --- a/htdocs/core/modules/modAgenda.class.php +++ b/htdocs/core/modules/modAgenda.class.php @@ -206,6 +206,7 @@ class modAgenda extends DolibarrModules 'fk_menu'=>0, 'type'=>'top', 'titre'=>'TMenuAgenda', + 'prefix' => img_picto('', $this->picto, 'class="paddingright pictofixedwidth"'), 'mainmenu'=>'agenda', 'url'=>'/comm/action/index.php', 'langs'=>'agenda', diff --git a/htdocs/core/modules/modCollab.class.php b/htdocs/core/modules/modCollab.class.php index 6f6b4730b14..be82722f331 100644 --- a/htdocs/core/modules/modCollab.class.php +++ b/htdocs/core/modules/modCollab.class.php @@ -55,7 +55,7 @@ class modCollab extends DolibarrModules // Key used in llx_const table to save module status enabled/disabled (where MYMODULE is value of property name of module in uppercase) $this->const_name = 'MAIN_MODULE_'.strtoupper($this->name); // Name of image file used for this module. - $this->picto = 'website'; + $this->picto = 'collab'; // Data directories to create when module is enabled $this->dirs = array("/collab/temp"); @@ -113,6 +113,7 @@ class modCollab extends DolibarrModules 'fk_menu'=>'0', // Use 'fk_mainmenu=xxx' or 'fk_mainmenu=xxx,fk_leftmenu=yyy' where xxx is mainmenucode and yyy is a leftmenucode 'type'=>'top', // This is a Left menu entry 'titre'=>'Collab', + 'prefix' => img_picto('', $this->picto, 'class="paddingright pictofixedwidth em092"'), 'mainmenu'=>'collab', 'url'=>'/collab/index.php', 'langs'=>'collab', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. diff --git a/htdocs/core/modules/modECM.class.php b/htdocs/core/modules/modECM.class.php index b97dce7157b..222e50c76e0 100644 --- a/htdocs/core/modules/modECM.class.php +++ b/htdocs/core/modules/modECM.class.php @@ -127,6 +127,7 @@ class modECM extends DolibarrModules 'fk_menu'=>0, 'type'=>'top', 'titre'=>'MenuECM', + 'prefix' => img_picto('', $this->picto, 'class="paddingright pictofixedwidth"'), 'mainmenu'=>'ecm', 'url'=>'/ecm/index.php', 'langs'=>'ecm', diff --git a/htdocs/core/modules/modExternalSite.class.php b/htdocs/core/modules/modExternalSite.class.php index 54c7a9d9b0b..42c60067aa8 100644 --- a/htdocs/core/modules/modExternalSite.class.php +++ b/htdocs/core/modules/modExternalSite.class.php @@ -59,7 +59,7 @@ class modExternalSite extends DolibarrModules // Key used in llx_const table to save module status enabled/disabled (XXX is id value) $this->const_name = 'MAIN_MODULE_'.strtoupper($this->name); // Name of png file (without png) used for this module - $this->picto = 'bookmark'; + $this->picto = 'website'; // Call to inside lang's file $this->langfiles = array("externalsite"); @@ -103,6 +103,7 @@ class modExternalSite extends DolibarrModules 'fk_menu'=>0, 'type'=>'top', 'titre'=>'__[EXTERNALSITE_LABEL]__', + 'prefix' => img_picto('', $this->picto, 'class="paddingright pictofixedwidth em092"'), 'mainmenu'=>'externalsite', 'url'=>'/externalsite/frames.php', 'langs'=>'other', diff --git a/htdocs/core/modules/modTicket.class.php b/htdocs/core/modules/modTicket.class.php index 2db99938778..e186f5fdc1c 100644 --- a/htdocs/core/modules/modTicket.class.php +++ b/htdocs/core/modules/modTicket.class.php @@ -198,6 +198,7 @@ class modTicket extends DolibarrModules $this->menu[$r] = array('fk_menu' => 0, // Put 0 if this is a top menu 'type' => 'top', // This is a Top menu entry 'titre' => 'Ticket', + 'prefix' => img_picto('', $this->picto, 'class="paddingright pictofixedwidth em092"'), 'mainmenu' => 'ticket', 'leftmenu' => '1', // Use 1 if you also want to add left menu entries using this descriptor. 'url' => '/ticket/index.php', diff --git a/htdocs/core/modules/modWebsite.class.php b/htdocs/core/modules/modWebsite.class.php index efb5a38f297..f16a29728be 100644 --- a/htdocs/core/modules/modWebsite.class.php +++ b/htdocs/core/modules/modWebsite.class.php @@ -114,6 +114,7 @@ class modWebsite extends DolibarrModules $this->menu[$r] = array('fk_menu'=>'0', // Use 'fk_mainmenu=xxx' or 'fk_mainmenu=xxx,fk_leftmenu=yyy' where xxx is mainmenucode and yyy is a leftmenucode 'type'=>'top', // This is a Left menu entry 'titre'=>'WebSites', + 'prefix' => img_picto('', $this->picto, 'class="paddingright pictofixedwidth em092"'), 'mainmenu'=>'website', 'url'=>'/website/index.php', 'langs'=>'website', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. diff --git a/htdocs/core/tpl/extrafields_list_array_fields.tpl.php b/htdocs/core/tpl/extrafields_list_array_fields.tpl.php index d1fe41d8c1f..ebab4e8608a 100644 --- a/htdocs/core/tpl/extrafields_list_array_fields.tpl.php +++ b/htdocs/core/tpl/extrafields_list_array_fields.tpl.php @@ -14,7 +14,7 @@ if (empty($extrafieldsobjectkey) && is_object($object)) { // Loop to show all columns of extrafields from $obj, $extrafields and $db if (!empty($extrafieldsobjectkey)) { // $extrafieldsobject is the $object->table_element like 'societe', 'socpeople', ... - if (is_array($extrafields->attributes[$extrafieldsobjectkey]['label']) && count($extrafields->attributes[$extrafieldsobjectkey]['label']) > 0) { + if (isset($extrafields->attributes[$extrafieldsobjectkey]['label']) && is_array($extrafields->attributes[$extrafieldsobjectkey]['label']) && count($extrafields->attributes[$extrafieldsobjectkey]['label']) > 0) { if (empty($extrafieldsobjectprefix)) { $extrafieldsobjectprefix = 'ef.'; } diff --git a/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php b/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php index afdfd904299..fc626adbedb 100644 --- a/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php +++ b/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php @@ -62,7 +62,7 @@ class InterfaceWorkflowManager extends DolibarrTriggers */ public function runTrigger($action, $object, User $user, Translate $langs, Conf $conf) { - if (empty($conf->workflow->enabled)) { + if (empty($conf->workflow) || empty($conf->workflow->enabled)) { return 0; // Module not active, we do nothing } diff --git a/htdocs/core/triggers/interface_50_modAgenda_ActionsAuto.class.php b/htdocs/core/triggers/interface_50_modAgenda_ActionsAuto.class.php index 6d69c2d8a31..fdd18638053 100644 --- a/htdocs/core/triggers/interface_50_modAgenda_ActionsAuto.class.php +++ b/htdocs/core/triggers/interface_50_modAgenda_ActionsAuto.class.php @@ -75,7 +75,7 @@ class InterfaceActionsAuto extends DolibarrTriggers */ public function runTrigger($action, $object, User $user, Translate $langs, Conf $conf) { - if (empty($conf->agenda->enabled)) { + if (empty($conf->agenda) || empty($conf->agenda->enabled)) { return 0; // Module not active, we do nothing } diff --git a/htdocs/core/triggers/interface_50_modBlockedlog_ActionsBlockedLog.class.php b/htdocs/core/triggers/interface_50_modBlockedlog_ActionsBlockedLog.class.php index 061af9baf2b..cab0702c5c1 100644 --- a/htdocs/core/triggers/interface_50_modBlockedlog_ActionsBlockedLog.class.php +++ b/htdocs/core/triggers/interface_50_modBlockedlog_ActionsBlockedLog.class.php @@ -59,7 +59,7 @@ class InterfaceActionsBlockedLog extends DolibarrTriggers */ public function runTrigger($action, $object, User $user, Translate $langs, Conf $conf) { - if (empty($conf->blockedlog->enabled)) { + if (empty($conf->blockedlog) || empty($conf->blockedlog->enabled)) { return 0; // Module not active, we do nothing } diff --git a/htdocs/core/triggers/interface_50_modEventOrganization_EventOrganization.class.php b/htdocs/core/triggers/interface_50_modEventOrganization_EventOrganization.class.php index c30ee8c4190..04f9aaa17cc 100644 --- a/htdocs/core/triggers/interface_50_modEventOrganization_EventOrganization.class.php +++ b/htdocs/core/triggers/interface_50_modEventOrganization_EventOrganization.class.php @@ -71,7 +71,7 @@ class InterfaceEventOrganization extends DolibarrTriggers */ public function runTrigger($action, $object, User $user, Translate $langs, Conf $conf) { - if (empty($conf->eventorganization->enabled)) { + if (empty($conf->eventorganization) || empty($conf->eventorganization->enabled)) { return 0; // Module not active, we do nothing } diff --git a/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php b/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php index c3d91fefc33..b8454b80ea1 100644 --- a/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php +++ b/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php @@ -61,7 +61,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers */ public function runTrigger($action, $object, User $user, Translate $langs, Conf $conf) { - if (empty($conf->ldap->enabled)) { + if (empty($conf->ldap) || empty($conf->ldap->enabled)) { return 0; // Module not active, we do nothing } if (defined('DISABLE_LDAP_SYNCHRO')) { diff --git a/htdocs/core/triggers/interface_50_modMailmanspip_Mailmanspipsynchro.class.php b/htdocs/core/triggers/interface_50_modMailmanspip_Mailmanspipsynchro.class.php index 3233fb8eaaf..f8abd2e3539 100644 --- a/htdocs/core/triggers/interface_50_modMailmanspip_Mailmanspipsynchro.class.php +++ b/htdocs/core/triggers/interface_50_modMailmanspip_Mailmanspipsynchro.class.php @@ -59,7 +59,7 @@ class InterfaceMailmanSpipsynchro extends DolibarrTriggers */ public function runTrigger($action, $object, User $user, Translate $langs, Conf $conf) { - if (empty($conf->mailmanspip->enabled)) { + if (empty($conf->mailmanspip) || empty($conf->mailmanspip->enabled)) { return 0; // Module not active, we do nothing } diff --git a/htdocs/core/triggers/interface_50_modNotification_Notification.class.php b/htdocs/core/triggers/interface_50_modNotification_Notification.class.php index f3176cef0de..fc0aeb3cd5e 100644 --- a/htdocs/core/triggers/interface_50_modNotification_Notification.class.php +++ b/htdocs/core/triggers/interface_50_modNotification_Notification.class.php @@ -80,7 +80,7 @@ class InterfaceNotification extends DolibarrTriggers */ public function runTrigger($action, $object, User $user, Translate $langs, Conf $conf) { - if (empty($conf->notification->enabled)) { + if (empty($conf->notification) || empty($conf->notification->enabled)) { return 0; // Module not active, we do nothing } diff --git a/htdocs/core/triggers/interface_50_modTicket_TicketEmail.class.php b/htdocs/core/triggers/interface_50_modTicket_TicketEmail.class.php index 6f1acac7050..12b688d9b61 100644 --- a/htdocs/core/triggers/interface_50_modTicket_TicketEmail.class.php +++ b/htdocs/core/triggers/interface_50_modTicket_TicketEmail.class.php @@ -61,7 +61,7 @@ class InterfaceTicketEmail extends DolibarrTriggers { $ok = 0; - if (empty($conf->ticket->enabled)) { + if (empty($conf->ticket) || empty($conf->ticket->enabled)) { return 0; // Module not active, we do nothing } diff --git a/htdocs/core/triggers/interface_80_modStripe_Stripe.class.php b/htdocs/core/triggers/interface_80_modStripe_Stripe.class.php index a7678029fd9..64d30eeeb93 100644 --- a/htdocs/core/triggers/interface_80_modStripe_Stripe.class.php +++ b/htdocs/core/triggers/interface_80_modStripe_Stripe.class.php @@ -69,13 +69,13 @@ class InterfaceStripe extends DolibarrTriggers // Data and type of action are stored into $object and $action global $langs, $db, $conf; - require_once DOL_DOCUMENT_ROOT.'/stripe/class/stripe.class.php'; - $stripe = new Stripe($db); - - if (empty($conf->stripe->enabled)) { + if (empty($conf->stripe) || empty($conf->stripe->enabled)) { return 0; } + require_once DOL_DOCUMENT_ROOT.'/stripe/class/stripe.class.php'; + $stripe = new Stripe($db); + $ok = 1; $service = 'StripeTest'; diff --git a/htdocs/core/triggers/interface_99_modZapier_ZapierTriggers.class.php b/htdocs/core/triggers/interface_99_modZapier_ZapierTriggers.class.php index de81e54165a..f2d77553827 100644 --- a/htdocs/core/triggers/interface_99_modZapier_ZapierTriggers.class.php +++ b/htdocs/core/triggers/interface_99_modZapier_ZapierTriggers.class.php @@ -70,10 +70,11 @@ class InterfaceZapierTriggers extends DolibarrTriggers */ public function runTrigger($action, $object, User $user, Translate $langs, Conf $conf) { - if (empty($conf->zapier->enabled)) { + if (empty($conf->zapier) || empty($conf->zapier->enabled)) { // Module not active, we do nothing return 0; } + $logtriggeraction = false; $sql = ''; if ($action != '') { diff --git a/htdocs/cron/class/cronjob.class.php b/htdocs/cron/class/cronjob.class.php index daca243cb6f..0b926f6a802 100644 --- a/htdocs/cron/class/cronjob.class.php +++ b/htdocs/cron/class/cronjob.class.php @@ -435,7 +435,7 @@ class Cronjob extends CommonObject $sql .= " t.test"; $sql .= " FROM ".MAIN_DB_PREFIX."cronjob as t"; if ($id > 0) { - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); } else { $sql .= " WHERE t.entity IN(0, ".getEntity('cron').")"; $sql .= " AND t.objectname = '".$this->db->escape($objectname)."'"; @@ -786,7 +786,7 @@ class Cronjob extends CommonObject $sql .= " maxrun=".((isset($this->maxrun) && $this->maxrun > 0) ? $this->maxrun : "0").","; $sql .= " libname=".(isset($this->libname) ? "'".$this->db->escape($this->libname)."'" : "null").","; $sql .= " test=".(isset($this->test) ? "'".$this->db->escape($this->test)."'" : "null"); - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -825,7 +825,7 @@ class Cronjob extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."cronjob"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1027,7 +1027,7 @@ class Cronjob extends CommonObject $sql = "SELECT"; $sql .= " f.rowid, f.datec, f.tms, f.fk_user_mod, f.fk_user_author"; $sql .= " FROM ".MAIN_DB_PREFIX."cronjob as f"; - $sql .= " WHERE f.rowid = ".$id; + $sql .= " WHERE f.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/delivery/class/delivery.class.php b/htdocs/delivery/class/delivery.class.php index c91b9780edb..5b14b509de4 100644 --- a/htdocs/delivery/class/delivery.class.php +++ b/htdocs/delivery/class/delivery.class.php @@ -307,7 +307,7 @@ class Delivery extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."delivery as l"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."element_element as el ON el.fk_target = l.rowid AND el.targettype = '".$this->db->escape($this->element)."'"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON l.fk_incoterms = i.rowid'; - $sql .= " WHERE l.rowid = ".$id; + $sql .= " WHERE l.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/don/class/don.class.php b/htdocs/don/class/don.class.php index fdd5393d64c..a5fb676e314 100644 --- a/htdocs/don/class/don.class.php +++ b/htdocs/don/class/don.class.php @@ -565,7 +565,7 @@ class Don extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."don"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -787,7 +787,7 @@ class Don extends CommonObject public function set_cancel($id) { // phpcs:enable - $sql = "UPDATE ".MAIN_DB_PREFIX."don SET fk_statut = -1 WHERE rowid = ".$id; + $sql = "UPDATE ".MAIN_DB_PREFIX."don SET fk_statut = -1 WHERE rowid = ".((int) $id); $resql = $this->db->query($sql); if ($resql) { @@ -953,7 +953,7 @@ class Don extends CommonObject $sql = 'SELECT d.rowid, d.datec, d.fk_user_author, d.fk_user_valid,'; $sql .= ' d.tms'; $sql .= ' FROM '.MAIN_DB_PREFIX.'don as d'; - $sql .= ' WHERE d.rowid = '.$id; + $sql .= ' WHERE d.rowid = '.((int) $id); dol_syslog(get_class($this).'::info', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/don/class/paymentdonation.class.php b/htdocs/don/class/paymentdonation.class.php index 5f03215efac..7c8bd71ccd2 100644 --- a/htdocs/don/class/paymentdonation.class.php +++ b/htdocs/don/class/paymentdonation.class.php @@ -234,7 +234,7 @@ class PaymentDonation extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."payment_donation as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pt ON t.fk_typepayment = pt.id"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON t.fk_bank = b.rowid'; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -394,7 +394,7 @@ class PaymentDonation extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_donation"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/don/payment/card.php b/htdocs/don/payment/card.php index bc14780c1b2..40cf0298895 100644 --- a/htdocs/don/payment/card.php +++ b/htdocs/don/payment/card.php @@ -150,7 +150,7 @@ $sql = 'SELECT d.rowid as did, d.paid, d.amount as d_amount, pd.amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'payment_donation as pd,'.MAIN_DB_PREFIX.'don as d'; $sql .= ' WHERE pd.fk_donation = d.rowid'; $sql .= ' AND d.entity = '.$conf->entity; -$sql .= ' AND pd.rowid = '.$id; +$sql .= ' AND pd.rowid = '.((int) $id); dol_syslog("don/payment/card.php", LOG_DEBUG); $resql = $db->query($sql); diff --git a/htdocs/ecm/class/ecmdirectory.class.php b/htdocs/ecm/class/ecmdirectory.class.php index 802e3681bd7..5222fc0d21a 100644 --- a/htdocs/ecm/class/ecmdirectory.class.php +++ b/htdocs/ecm/class/ecmdirectory.class.php @@ -262,7 +262,7 @@ class EcmDirectory extends CommonObject $sql .= " label='".$this->db->escape($this->label)."',"; $sql .= " fk_parent='".$this->db->escape($this->fk_parent)."',"; $sql .= " description='".$this->db->escape($this->description)."'"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -403,7 +403,7 @@ class EcmDirectory extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."ecm_directories"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/ecm/class/ecmfiles.class.php b/htdocs/ecm/class/ecmfiles.class.php index bd550dbf751..e5e7ce8549b 100644 --- a/htdocs/ecm/class/ecmfiles.class.php +++ b/htdocs/ecm/class/ecmfiles.class.php @@ -679,7 +679,7 @@ class EcmFiles extends CommonObject $sql .= ' acl = '.(isset($this->acl) ? "'".$this->db->escape($this->acl)."'" : "null").','; $sql .= ' src_object_id = '.($this->src_object_id > 0 ? $this->src_object_id : "null").','; $sql .= ' src_object_type = '.(isset($this->src_object_type) ? "'".$this->db->escape($this->src_object_type)."'" : "null"); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $this->db->begin(); @@ -742,7 +742,7 @@ class EcmFiles extends CommonObject if (!$error) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/emailcollector/class/emailcollector.class.php b/htdocs/emailcollector/class/emailcollector.class.php index ff05dc4f4c4..9bff240c3ac 100644 --- a/htdocs/emailcollector/class/emailcollector.class.php +++ b/htdocs/emailcollector/class/emailcollector.class.php @@ -610,7 +610,7 @@ class EmailCollector extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/emailcollector/class/emailcollectoraction.class.php b/htdocs/emailcollector/class/emailcollectoraction.class.php index 0b8dfbca973..10fe00a816d 100644 --- a/htdocs/emailcollector/class/emailcollectoraction.class.php +++ b/htdocs/emailcollector/class/emailcollectoraction.class.php @@ -477,7 +477,7 @@ class EmailCollectorAction extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/emailcollector/class/emailcollectorfilter.class.php b/htdocs/emailcollector/class/emailcollectorfilter.class.php index 0e6e54529a8..736aeda47f4 100644 --- a/htdocs/emailcollector/class/emailcollectorfilter.class.php +++ b/htdocs/emailcollector/class/emailcollectorfilter.class.php @@ -451,7 +451,7 @@ class EmailCollectorFilter extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/expedition/class/expedition.class.php b/htdocs/expedition/class/expedition.class.php index a79ee76a2fa..c251fdaf7cd 100644 --- a/htdocs/expedition/class/expedition.class.php +++ b/htdocs/expedition/class/expedition.class.php @@ -1143,7 +1143,7 @@ class Expedition extends CommonObject $sql .= " model_pdf=".(isset($this->model_pdf) ? "'".$this->db->escape($this->model_pdf)."'" : "null").","; $sql .= " entity=".$conf->entity; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index f95302cdba2..89178693a43 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -294,7 +294,7 @@ class ExpenseReport extends CommonObject $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX.$this->table_element); $this->ref = '(PROV'.$this->id.')'; - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element." SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element." SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); @@ -548,7 +548,7 @@ class ExpenseReport extends CommonObject if ($ref) { $sql .= " WHERE d.ref = '".$this->db->escape($ref)."'"; } else { - $sql .= " WHERE d.rowid = ".$id; + $sql .= " WHERE d.rowid = ".((int) $id); } //$sql.= $restrict; @@ -751,7 +751,7 @@ class ExpenseReport extends CommonObject $sql .= " f.fk_user_valid,"; $sql .= " f.fk_user_approve"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport as f"; - $sql .= " WHERE f.rowid = ".$id; + $sql .= " WHERE f.rowid = ".((int) $id); $sql .= " AND f.entity = ".$conf->entity; $resql = $this->db->query($sql); @@ -993,7 +993,7 @@ class ExpenseReport extends CommonObject $sql .= " total_ht = ".$total_ht; $sql .= " , total_ttc = ".$total_ttc; $sql .= " , total_tva = ".$total_tva; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); $result = $this->db->query($sql); if ($result) : $this->db->free($result); diff --git a/htdocs/expensereport/class/paymentexpensereport.class.php b/htdocs/expensereport/class/paymentexpensereport.class.php index 56525e7b99c..c9cf0cdaf41 100644 --- a/htdocs/expensereport/class/paymentexpensereport.class.php +++ b/htdocs/expensereport/class/paymentexpensereport.class.php @@ -218,7 +218,7 @@ class PaymentExpenseReport extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."payment_expensereport as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pt ON t.fk_typepayment = pt.id"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON t.fk_bank = b.rowid'; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -317,7 +317,7 @@ class PaymentExpenseReport extends CommonObject $sql .= " fk_user_modif=".(isset($this->fk_user_modif) ? $this->fk_user_modif : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -370,7 +370,7 @@ class PaymentExpenseReport extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_expensereport"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); @@ -665,7 +665,7 @@ class PaymentExpenseReport extends CommonObject { $sql = 'SELECT e.rowid, e.datec, e.fk_user_creat, e.fk_user_modif, e.tms'; $sql .= ' FROM '.MAIN_DB_PREFIX.'payment_expensereport as e'; - $sql .= ' WHERE e.rowid = '.$id; + $sql .= ' WHERE e.rowid = '.((int) $id); dol_syslog(get_class($this).'::info', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/expensereport/payment/card.php b/htdocs/expensereport/payment/card.php index 608309ceee0..7b86f295b5b 100644 --- a/htdocs/expensereport/payment/card.php +++ b/htdocs/expensereport/payment/card.php @@ -162,7 +162,7 @@ $sql = 'SELECT er.rowid as eid, er.paid, er.total_ttc, per.amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'payment_expensereport as per,'.MAIN_DB_PREFIX.'expensereport as er'; $sql .= ' WHERE per.fk_expensereport = er.rowid'; $sql .= ' AND er.entity IN ('.getEntity('expensereport').')'; -$sql .= ' AND per.rowid = '.$id; +$sql .= ' AND per.rowid = '.((int) $id); dol_syslog("expensereport/payment/card.php", LOG_DEBUG); $resql = $db->query($sql); diff --git a/htdocs/exports/class/export.class.php b/htdocs/exports/class/export.class.php index 174a7271d25..8c1bf9642b1 100644 --- a/htdocs/exports/class/export.class.php +++ b/htdocs/exports/class/export.class.php @@ -798,7 +798,7 @@ class Export $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."export_model"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index cea1b1ca48c..f5602bc5abb 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -305,7 +305,7 @@ class Fichinter extends CommonObject if ($this->id) { $this->ref = '(PROV'.$this->id.')'; - $sql = 'UPDATE '.MAIN_DB_PREFIX."fichinter SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX."fichinter SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); @@ -896,7 +896,7 @@ class Fichinter extends CommonObject $sql .= " f.fk_user_modif as fk_user_modification,"; $sql .= " f.fk_user_valid"; $sql .= " FROM ".MAIN_DB_PREFIX."fichinter as f"; - $sql .= " WHERE f.rowid = ".$id; + $sql .= " WHERE f.rowid = ".((int) $id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index b2e06e77824..b3500a4e45d 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -1214,7 +1214,7 @@ class CommandeFournisseur extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur"; $sql .= " SET fk_statut=".self::STATUS_ORDERSENT.", fk_input_method=".$methode.", date_commande='".$this->db->idate($date)."', "; $sql .= " note_private='".$this->db->escape($newnoteprivate)."'"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::commande", LOG_DEBUG); if ($this->db->query($sql)) { @@ -1381,7 +1381,7 @@ class CommandeFournisseur extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur"; $sql .= " SET ref='(PROV".$this->id.")'"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::create", LOG_DEBUG); if ($this->db->query($sql)) { // Add link with price request and supplier order @@ -1510,7 +1510,7 @@ class CommandeFournisseur extends CommonOrder $sql .= " model_pdf=".(isset($this->model_pdf) ? "'".$this->db->escape($this->model_pdf)."'" : "null").","; $sql .= " import_key=".(isset($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -2879,7 +2879,7 @@ class CommandeFournisseur extends CommonOrder $sql = 'SELECT c.rowid, date_creation as datec, tms as datem, date_valid as date_validation, date_approve as datea, date_approve2 as datea2,'; $sql .= ' fk_user_author, fk_user_modif, fk_user_valid, fk_user_approve, fk_user_approve2'; $sql .= ' FROM '.MAIN_DB_PREFIX.'commande_fournisseur as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { @@ -3820,7 +3820,7 @@ class CommandeFournisseurLigne extends CommonOrderLine return -1; } - $sql = 'DELETE FROM '.MAIN_DB_PREFIX."commande_fournisseurdet WHERE rowid=".$this->id; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX."commande_fournisseurdet WHERE rowid=".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php index c79a53297f2..21c36ced633 100644 --- a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php +++ b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php @@ -286,7 +286,7 @@ class CommandeFournisseurDispatch extends CommonObject if ($ref) { $sql .= " WHERE t.ref = '".$ref."'"; } else { - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); } dol_syslog(get_class($this)."::fetch"); @@ -389,7 +389,7 @@ class CommandeFournisseurDispatch extends CommonObject $sql .= " sellby=".(dol_strlen($this->sellby) != 0 ? "'".$this->db->idate($this->sellby)."'" : 'null').""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -472,7 +472,7 @@ class CommandeFournisseurDispatch extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index f4b85a1b0c8..dccb3901069 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -442,7 +442,7 @@ class FactureFournisseur extends CommonInvoice // Update ref with new one $this->ref = '(PROV'.$this->id.')'; - $sql = 'UPDATE '.MAIN_DB_PREFIX."facture_fourn SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX."facture_fourn SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1007,7 +1007,7 @@ class FactureFournisseur extends CommonInvoice $sql .= " note_public=".(isset($this->note_public) ? "'".$this->db->escape($this->note_public)."'" : "null").","; $sql .= " model_pdf=".(isset($this->model_pdf) ? "'".$this->db->escape($this->model_pdf)."'" : "null").","; $sql .= " import_key=".(isset($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -2140,7 +2140,7 @@ class FactureFournisseur extends CommonInvoice $sql = 'SELECT c.rowid, datec, tms as datem, '; $sql .= ' fk_user_author, fk_user_modif, fk_user_valid'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facture_fourn as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { @@ -3166,7 +3166,7 @@ class SupplierInvoiceLine extends CommonObjectLine { global $user, $conf; - dol_syslog(get_class($this)."::deleteline rowid=".$this->id, LOG_DEBUG); + dol_syslog(get_class($this)."::deleteline rowid=".((int) $this->id), LOG_DEBUG); $error = 0; diff --git a/htdocs/fourn/class/paiementfourn.class.php b/htdocs/fourn/class/paiementfourn.class.php index ceb7bb835ef..41c780f70c8 100644 --- a/htdocs/fourn/class/paiementfourn.class.php +++ b/htdocs/fourn/class/paiementfourn.class.php @@ -99,7 +99,7 @@ class PaiementFourn extends Paiement $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON p.fk_bank = b.rowid'; $sql .= ' WHERE p.entity IN ('.getEntity('facture_fourn').')'; if ($id > 0) { - $sql .= ' AND p.rowid = '.$id; + $sql .= ' AND p.rowid = '.((int) $id); } elseif ($ref) { $sql .= ' AND p.rowid = '.$ref; } elseif ($fk_bank) { @@ -394,7 +394,7 @@ class PaiementFourn extends Paiement { $sql = 'SELECT c.rowid, datec, fk_user_author as fk_user_creat, tms'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index b28d2ef4756..7943df254c1 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -4,7 +4,7 @@ * Copyright (C) 2012-2016 Regis Houssin * Copyright (C) 2013 Florian Henry * Copyright (C) 2016 Juanjo Menent - * Copyright (C) 2018 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -306,7 +306,7 @@ class Holiday extends CommonObject $initialref = $this->ref; } - $sql = 'UPDATE '.MAIN_DB_PREFIX."holiday SET ref='".$this->db->escape($initialref)."' WHERE rowid=".$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX."holiday SET ref='".$this->db->escape($initialref)."' WHERE rowid=".((int) $this->id); if ($this->db->query($sql)) { $this->ref = $initialref; @@ -380,7 +380,7 @@ class Holiday extends CommonObject $sql .= " cp.entity"; $sql .= " FROM ".MAIN_DB_PREFIX."holiday as cp"; if ($id > 0) { - $sql .= " WHERE cp.rowid = ".$id; + $sql .= " WHERE cp.rowid = ".((int) $id); } else { $sql .= " WHERE cp.ref = '".$this->db->escape($ref)."'"; } @@ -976,7 +976,7 @@ class Holiday extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."holiday"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -1183,9 +1183,10 @@ class Holiday extends CommonObject * * @param int $withpicto 0=_No picto, 1=Includes the picto in the linkn, 2=Picto only * @param int $save_lastsearch_value -1=Auto, 0=No save of lastsearch_values when clicking, 1=Save lastsearch_values whenclicking + * @param int $notooltip 1=Disable tooltip * @return string String with URL */ - public function getNomUrl($withpicto = 0, $save_lastsearch_value = -1) + public function getNomUrl($withpicto = 0, $save_lastsearch_value = -1, $notooltip = 0) { global $langs; @@ -2116,7 +2117,7 @@ class Holiday extends CommonObject $sql .= " f.fk_validator as fk_user_approve,"; $sql .= " f.fk_user_refuse as fk_user_refuse"; $sql .= " FROM ".MAIN_DB_PREFIX."holiday as f"; - $sql .= " WHERE f.rowid = ".$id; + $sql .= " WHERE f.rowid = ".((int) $id); $sql .= " AND f.entity = ".$conf->entity; $resql = $this->db->query($sql); diff --git a/htdocs/hrm/class/establishment.class.php b/htdocs/hrm/class/establishment.class.php index 28a354c757f..bca81f2e45d 100644 --- a/htdocs/hrm/class/establishment.class.php +++ b/htdocs/hrm/class/establishment.class.php @@ -293,7 +293,7 @@ class Establishment extends CommonObject $sql .= ' c.code as country_code, c.label as country'; $sql .= " FROM ".MAIN_DB_PREFIX."establishment as e"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_country as c ON e.fk_country = c.rowid'; - $sql .= " WHERE e.rowid = ".$id; + $sql .= " WHERE e.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); @@ -330,7 +330,7 @@ class Establishment extends CommonObject { $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."establishment WHERE rowid = ".$id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."establishment WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $result = $this->db->query($sql); @@ -397,7 +397,7 @@ class Establishment extends CommonObject { $sql = 'SELECT e.rowid, e.ref, e.datec, e.fk_user_author, e.tms, e.fk_user_mod, e.entity'; $sql .= ' FROM '.MAIN_DB_PREFIX.'establishment as e'; - $sql .= ' WHERE e.rowid = '.$id; + $sql .= ' WHERE e.rowid = '.((int) $id); dol_syslog(get_class($this)."::fetch info", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/hrm/index.php b/htdocs/hrm/index.php index 94dd7f98cd1..e40ceb3f9ba 100644 --- a/htdocs/hrm/index.php +++ b/htdocs/hrm/index.php @@ -4,6 +4,7 @@ * Copyright (C) 2012-2014 Regis Houssin * Copyright (C) 2015-2016 Alexandre Spangaro * Copyright (C) 2019 Nicolas ZABOURI + * Copyright (C) 2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -150,6 +151,7 @@ if (!empty($conf->holiday->enabled)) { print ''; $out = ''; + $nb_holiday = 0; $typeleaves = $holiday->getTypes(1, 1); foreach ($typeleaves as $key => $val) { $nb_type = $holiday->getCPforUser($user->id, $val['rowid']); diff --git a/htdocs/imports/class/import.class.php b/htdocs/imports/class/import.class.php index c9bb41389c9..5372a6e16c5 100644 --- a/htdocs/imports/class/import.class.php +++ b/htdocs/imports/class/import.class.php @@ -328,7 +328,7 @@ class Import $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."import_model"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/index.php b/htdocs/index.php index 0754d297606..debdec757cb 100644 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -464,7 +464,7 @@ if (empty($conf->global->MAIN_DISABLE_GLOBAL_WORKBOARD)) { $globalStatsKey = $groupElement['globalStatsKey']; $groupElement['globalStats'] = array(); - if (is_array($keys) && in_array($globalStatsKey, $keys)) { + if (isset($keys) && is_array($keys) && in_array($globalStatsKey, $keys)) { // get key index of stats used in $includes, $classes, $keys, $icons, $titres, $links $keyIndex = array_search($globalStatsKey, $keys); diff --git a/htdocs/install/lib/repair.lib.php b/htdocs/install/lib/repair.lib.php index 97ceba0a6fa..6133f3eccc8 100644 --- a/htdocs/install/lib/repair.lib.php +++ b/htdocs/install/lib/repair.lib.php @@ -33,7 +33,7 @@ function checkElementExist($id, $table) global $db; $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE rowid = '.$id; + $sql .= ' WHERE rowid = '.((int) $id); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/loan/class/loan.class.php b/htdocs/loan/class/loan.class.php index c82be7848a6..b628de1b68b 100644 --- a/htdocs/loan/class/loan.class.php +++ b/htdocs/loan/class/loan.class.php @@ -131,7 +131,7 @@ class Loan extends CommonObject $sql = "SELECT l.rowid, l.label, l.capital, l.datestart, l.dateend, l.nbterm, l.rate, l.note_private, l.note_public, l.insurance_amount,"; $sql .= " l.paid, l.accountancy_account_capital, l.accountancy_account_insurance, l.accountancy_account_interest, l.fk_projet as fk_project"; $sql .= " FROM ".MAIN_DB_PREFIX."loan as l"; - $sql .= " WHERE l.rowid = ".$id; + $sql .= " WHERE l.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -317,7 +317,7 @@ class Loan extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."loan where rowid=".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."loan where rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -364,7 +364,7 @@ class Loan extends CommonObject $sql .= " fk_projet=".(empty($this->fk_project) ? 'NULL' : $this->fk_project).","; $sql .= " fk_user_modif = ".$user->id.","; $sql .= " insurance_amount = '".price2num($this->db->escape($this->insurance_amount))."'"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -681,7 +681,7 @@ class Loan extends CommonObject { $sql = 'SELECT l.rowid, l.datec, l.fk_user_author, l.fk_user_modif,'; $sql .= ' l.tms'; - $sql .= ' WHERE l.rowid = '.$id; + $sql .= ' WHERE l.rowid = '.((int) $id); dol_syslog(get_class($this).'::info', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/loan/class/loanschedule.class.php b/htdocs/loan/class/loanschedule.class.php index 4f6f1423aa7..bc819f747ca 100644 --- a/htdocs/loan/class/loanschedule.class.php +++ b/htdocs/loan/class/loanschedule.class.php @@ -236,7 +236,7 @@ class LoanSchedule extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pt ON t.fk_typepayment = pt.id"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON t.fk_bank = b.rowid'; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -339,7 +339,7 @@ class LoanSchedule extends CommonObject $sql .= " fk_user_creat=".(isset($this->fk_user_creat) ? $this->fk_user_creat : "null").","; $sql .= " fk_user_modif=".(isset($this->fk_user_modif) ? $this->fk_user_modif : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -376,7 +376,7 @@ class LoanSchedule extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/loan/class/paymentloan.class.php b/htdocs/loan/class/paymentloan.class.php index 1ca8e1c0a4d..c7f1940943b 100644 --- a/htdocs/loan/class/paymentloan.class.php +++ b/htdocs/loan/class/paymentloan.class.php @@ -239,7 +239,7 @@ class PaymentLoan extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."payment_loan as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pt ON t.fk_typepayment = pt.id"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON t.fk_bank = b.rowid'; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -348,7 +348,7 @@ class PaymentLoan extends CommonObject $sql .= " fk_user_creat=".(isset($this->fk_user_creat) ? $this->fk_user_creat : "null").","; $sql .= " fk_user_modif=".(isset($this->fk_user_modif) ? $this->fk_user_modif : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -400,7 +400,7 @@ class PaymentLoan extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_loan"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 2c799e21591..336748d0c03 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -13,6 +13,7 @@ * Copyright (C) 2015 Raphaël Doursenaud * Copyright (C) 2020 Demarest Maxime * Copyright (C) 2020 Charlene Benke + * Copyright (C) 2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -71,12 +72,16 @@ if (!function_exists('is_countable')) { */ function testSqlAndScriptInject($val, $type) { - // Decode string first + // Decode string first bcause a lot of things are obfuscated by encoding or multiple encoding. // So db->escape($newdefaultvatcode)."'" : "null").","; $sql .= " tva_tx='".price2num($newvat)."',"; $sql .= " recuperableonly='".$this->db->escape($newnpr)."'"; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::update_price", LOG_DEBUG); $resql = $this->db->query($sql); @@ -4223,14 +4223,15 @@ class Product extends CommonObject * Fonction recursive uniquement utilisee par get_arbo_each_prod, recompose l'arborescence des sousproduits * Define value of this->res * - * @param array $prod Products array - * @param string $compl_path Directory path of parents to add before - * @param int $multiply Because each sublevel must be multiplicated by parent nb - * @param int $level Init level - * @param int $id_parent Id parent + * @param array $prod Products array + * @param string $compl_path Directory path of parents to add before + * @param int $multiply Because each sublevel must be multiplicated by parent nb + * @param int $level Init level + * @param int $id_parent Id parent + * @param int $ignore_stock_load Ignore stock load * @return void */ - public function fetch_prod_arbo($prod, $compl_path = "", $multiply = 1, $level = 1, $id_parent = 0) + public function fetch_prod_arbo($prod, $compl_path = '', $multiply = 1, $level = 1, $id_parent = 0, $ignore_stock_load = 0) { // phpcs:enable global $conf, $langs; @@ -4243,7 +4244,7 @@ class Product extends CommonObject $nb = (!empty($desc_pere[1]) ? $desc_pere[1] : ''); $type = (!empty($desc_pere[2]) ? $desc_pere[2] : ''); $label = (!empty($desc_pere[3]) ? $desc_pere[3] : ''); - $incdec = !empty($desc_pere[4]) ? $desc_pere[4] : 0; + $incdec = (!empty($desc_pere[4]) ? $desc_pere[4] : 0); if ($multiply < 1) { $multiply = 1; @@ -4254,9 +4255,11 @@ class Product extends CommonObject $tmpproduct = new Product($this->db); // So we initialize tmpproduct only once for all loop. } $tmpproduct->fetch($id); // Load product to get ->ref - $tmpproduct->load_stock('nobatch,novirtual'); // Load stock to get true ->stock_reel - //$this->fetch($id); // Load product to get ->ref - //$this->load_stock('nobatch,novirtual'); // Load stock to get true ->stock_reel + + if (empty($ignore_stock_load) && ($tmpproduct->isProduct() || !empty($conf->global->STOCK_SUPPORTS_SERVICES))) { + $tmpproduct->load_stock('nobatch,novirtual'); // Load stock to get true ->stock_reel + } + $this->res[] = array( 'id'=>$id, // Id product 'id_parent'=>$id_parent, @@ -4277,7 +4280,7 @@ class Product extends CommonObject // Recursive call if there is childs to child if (is_array($desc_pere['childs'])) { //print 'YYY We go down for '.$desc_pere[3]." -> \n"; - $this->fetch_prod_arbo($desc_pere['childs'], $compl_path.$desc_pere[3]." -> ", $desc_pere[1] * $multiply, $level + 1, $id); + $this->fetch_prod_arbo($desc_pere['childs'], $compl_path.$desc_pere[3]." -> ", $desc_pere[1] * $multiply, $level + 1, $id, $ignore_stock_load); } } } @@ -4285,20 +4288,21 @@ class Product extends CommonObject // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** - * Build the tree of subproducts into an array - * this->sousprods is loaded by this->get_sousproduits_arbo() + * Build the tree of subproducts into an array ->res and return it. + * this->sousprods must have been loaded by this->get_sousproduits_arbo() * - * @param int $multiply Because each sublevel must be multiplicated by parent nb - * @return array $this->res + * @param int $multiply Because each sublevel must be multiplicated by parent nb + * @param int $ignore_stock_load Ignore stock load + * @return array $this->res */ - public function get_arbo_each_prod($multiply = 1) + public function get_arbo_each_prod($multiply = 1, $ignore_stock_load = 0) { // phpcs:enable $this->res = array(); if (isset($this->sousprods) && is_array($this->sousprods)) { foreach ($this->sousprods as $prod_name => $desc_product) { if (is_array($desc_product)) { - $this->fetch_prod_arbo($desc_product, "", $multiply, 1, $this->id); + $this->fetch_prod_arbo($desc_product, "", $multiply, 1, $this->id, $ignore_stock_load); } } } @@ -5706,7 +5710,7 @@ class Product extends CommonObject $sql = "SELECT p.rowid, p.ref, p.datec as date_creation, p.tms as date_modification,"; $sql .= " p.fk_user_author, p.fk_user_modif"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as p"; - $sql .= " WHERE p.rowid = ".$id; + $sql .= " WHERE p.rowid = ".((int) $id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/product/class/productbatch.class.php b/htdocs/product/class/productbatch.class.php index ac21ec166dc..10704f2f53e 100644 --- a/htdocs/product/class/productbatch.class.php +++ b/htdocs/product/class/productbatch.class.php @@ -151,7 +151,7 @@ class Productbatch extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."product_batch as t INNER JOIN ".MAIN_DB_PREFIX."product_stock w on t.fk_product_stock = w.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_lot as pl on pl.fk_product = w.fk_product and pl.batch = t.batch"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -206,7 +206,7 @@ class Productbatch extends CommonObject $sql .= " batch=".(isset($this->batch) ? "'".$this->db->escape($this->batch)."'" : "null").","; $sql .= " qty=".(isset($this->qty) ? $this->qty : "null").","; $sql .= " import_key=".(isset($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -246,7 +246,7 @@ class Productbatch extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.self::$_table_element.""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/class/productcustomerprice.class.php b/htdocs/product/class/productcustomerprice.class.php index 90c958a3e43..046aed05a10 100644 --- a/htdocs/product/class/productcustomerprice.class.php +++ b/htdocs/product/class/productcustomerprice.class.php @@ -274,8 +274,8 @@ class Productcustomerprice extends CommonObject /** * Load object in memory from the database * - * @param int $id object - * @return int <0 if KO, >0 if OK + * @param int $id ID of customer price + * @return int <0 if KO, 0 if not found, >0 if OK */ public function fetch($id) { @@ -301,9 +301,8 @@ class Productcustomerprice extends CommonObject $sql .= " t.localtax2_tx,"; $sql .= " t.fk_user,"; $sql .= " t.import_key"; - $sql .= " FROM ".MAIN_DB_PREFIX."product_customer_price as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -331,10 +330,15 @@ class Productcustomerprice extends CommonObject $this->localtax2_tx = $obj->localtax2_tx; $this->fk_user = $obj->fk_user; $this->import_key = $obj->import_key; - } - $this->db->free($resql); - return 1; + $this->db->free($resql); + + return 1; + } else { + $this->db->free($resql); + + return 0; + } } else { $this->error = "Error ".$this->db->lasterror(); return -1; @@ -451,7 +455,7 @@ class Productcustomerprice extends CommonObject $line->socname = $obj->socname; $line->prodref = $obj->prodref; - $this->lines [] = $line; + $this->lines[] = $line; } $this->db->free($resql); @@ -487,7 +491,6 @@ class Productcustomerprice extends CommonObject $sql = "SELECT"; $sql .= " t.rowid,"; - $sql .= " t.entity,"; $sql .= " t.datec,"; $sql .= " t.fk_product,"; @@ -507,27 +510,25 @@ class Productcustomerprice extends CommonObject $sql .= " t.import_key,"; $sql .= " soc.nom as socname,"; $sql .= " prod.ref as prodref"; - $sql .= " FROM ".MAIN_DB_PREFIX."product_customer_price_log as t "; - $sql .= " ,".MAIN_DB_PREFIX."product as prod "; - $sql .= " ,".MAIN_DB_PREFIX."societe as soc "; - $sql .= " WHERE soc.rowid=t.fk_soc "; + $sql .= " FROM ".MAIN_DB_PREFIX."product_customer_price_log as t"; + $sql .= " ,".MAIN_DB_PREFIX."product as prod"; + $sql .= " ,".MAIN_DB_PREFIX."societe as soc"; + $sql .= " WHERE soc.rowid=t.fk_soc"; $sql .= " AND prod.rowid=t.fk_product "; $sql .= " AND prod.entity IN (".getEntity('product').")"; $sql .= " AND t.entity IN (".getEntity('productprice').")"; - // Manage filter if (count($filter) > 0) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year $sql .= ' AND '.$key.' = \''.$value.'\''; } elseif ($key == 'soc.nom') { - $sql .= ' AND '.$key.' LIKE \'%'.$value.'%\''; + $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; } else { - $sql .= ' AND '.$key.' = '.$value; + $sql .= ' AND '.$key.' = '.((int) $value); } } } - $sql .= $this->db->order($sortfield, $sortorder); if (!empty($limit)) { $sql .= ' '.$this->db->plimit($limit + 1, $offset); @@ -754,7 +755,7 @@ class Productcustomerprice extends CommonObject $sql .= " fk_user=".$user->id.","; $sql .= " import_key=".(isset($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -897,7 +898,6 @@ class Productcustomerprice extends CommonObject */ public function delete($user, $notrigger = 0) { - global $conf, $langs; $error = 0; @@ -912,7 +912,7 @@ class Productcustomerprice extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_customer_price"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/class/propalmergepdfproduct.class.php b/htdocs/product/class/propalmergepdfproduct.class.php index dd45651b54e..f7cf48df5e0 100644 --- a/htdocs/product/class/propalmergepdfproduct.class.php +++ b/htdocs/product/class/propalmergepdfproduct.class.php @@ -181,7 +181,7 @@ class Propalmergepdfproduct extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -324,7 +324,7 @@ class Propalmergepdfproduct extends CommonObject $sql .= " fk_user_mod=".$user->id; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -365,7 +365,7 @@ class Propalmergepdfproduct extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/dynamic_price/class/price_expression.class.php b/htdocs/product/dynamic_price/class/price_expression.class.php index ce213222bb9..546c2050990 100644 --- a/htdocs/product/dynamic_price/class/price_expression.class.php +++ b/htdocs/product/dynamic_price/class/price_expression.class.php @@ -149,7 +149,7 @@ class PriceExpression $sql = "SELECT title, expression"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/product/dynamic_price/class/price_global_variable.class.php b/htdocs/product/dynamic_price/class/price_global_variable.class.php index 4e67b835b07..29505ff8573 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable.class.php @@ -143,7 +143,7 @@ class PriceGlobalVariable { $sql = "SELECT code, description, value"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php index eb72a8425f7..f43d6bc731d 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php @@ -159,7 +159,7 @@ class PriceGlobalVariableUpdater { $sql = "SELECT type, description, parameters, fk_variable, update_interval, next_update, last_status"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/product/index.php b/htdocs/product/index.php index 89054a11cc5..9cdbe85cf4b 100644 --- a/htdocs/product/index.php +++ b/htdocs/product/index.php @@ -125,7 +125,13 @@ if (!empty($conf->global->MAIN_SEARCH_FORM_ON_HOME_AREAS)) { // This is usel if ((!empty($conf->product->enabled) || !empty($conf->service->enabled)) && ($user->rights->produit->lire || $user->rights->service->lire)) { $prodser = array(); $prodser[0][0] = $prodser[0][1] = $prodser[0][2] = $prodser[0][3] = 0; + $prodser[0]['sell'] = 0; + $prodser[0]['buy'] = 0; + $prodser[0]['none'] = 0; $prodser[1][0] = $prodser[1][1] = $prodser[1][2] = $prodser[1][3] = 0; + $prodser[1]['sell'] = 0; + $prodser[1]['buy'] = 0; + $prodser[1]['none'] = 0; $sql = "SELECT COUNT(p.rowid) as total, p.fk_product_type, p.tosell, p.tobuy"; $sql .= " FROM ".MAIN_DB_PREFIX."product as p"; diff --git a/htdocs/product/inventory/class/inventory.class.php b/htdocs/product/inventory/class/inventory.class.php index 601a2f34759..ce585c51a10 100644 --- a/htdocs/product/inventory/class/inventory.class.php +++ b/htdocs/product/inventory/class/inventory.class.php @@ -584,7 +584,7 @@ class Inventory extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php index 7450b19715f..9d601dc9687 100644 --- a/htdocs/product/stock/class/entrepot.class.php +++ b/htdocs/product/stock/class/entrepot.class.php @@ -299,7 +299,7 @@ class Entrepot extends CommonObject $sql .= ", fk_pays = ".$this->country_id; $sql .= ", phone = '".$this->db->escape($this->phone)."'"; $sql .= ", fax = '".$this->db->escape($this->fax)."'"; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); $this->db->begin(); @@ -499,7 +499,7 @@ class Entrepot extends CommonObject { $sql = "SELECT e.rowid, e.datec, e.tms as datem, e.fk_user_author"; $sql .= " FROM ".MAIN_DB_PREFIX."entrepot as e"; - $sql .= " WHERE e.rowid = ".$id; + $sql .= " WHERE e.rowid = ".((int) $id); dol_syslog(get_class($this)."::info", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/product/stock/class/mouvementstock.class.php b/htdocs/product/stock/class/mouvementstock.class.php index 59bc60f342b..3c04618c900 100644 --- a/htdocs/product/stock/class/mouvementstock.class.php +++ b/htdocs/product/stock/class/mouvementstock.class.php @@ -687,7 +687,7 @@ class MouvementStock extends CommonObject //if (null !== $ref) { //$sql .= ' AND t.ref = ' . '\'' . $ref . '\''; //} else { - $sql .= ' AND t.rowid = '.$id; + $sql .= ' AND t.rowid = '.((int) $id); //} $resql = $this->db->query($sql); diff --git a/htdocs/product/stock/class/productlot.class.php b/htdocs/product/stock/class/productlot.class.php index 10294b2c585..9b6c0a38a1c 100644 --- a/htdocs/product/stock/class/productlot.class.php +++ b/htdocs/product/stock/class/productlot.class.php @@ -277,7 +277,7 @@ class Productlot extends CommonObject if ($product_id > 0 && $batch != '') { $sql .= " WHERE t.batch = '".$this->db->escape($batch)."' AND t.fk_product = ".$product_id; } else { - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); } $resql = $this->db->query($sql); @@ -376,7 +376,7 @@ class Productlot extends CommonObject $sql .= ' fk_user_creat = '.(isset($this->fk_user_creat) ? $this->fk_user_creat : "null").','; $sql .= ' fk_user_modif = '.(isset($this->fk_user_modif) ? $this->fk_user_modif : "null").','; $sql .= ' import_key = '.(isset($this->import_key) ? $this->import_key : "null"); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $this->db->begin(); @@ -446,7 +446,7 @@ class Productlot extends CommonObject if (!$error) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/product/stock/class/productstockentrepot.class.php b/htdocs/product/stock/class/productstockentrepot.class.php index 98632325ead..88fc636e07e 100644 --- a/htdocs/product/stock/class/productstockentrepot.class.php +++ b/htdocs/product/stock/class/productstockentrepot.class.php @@ -194,7 +194,7 @@ class ProductStockEntrepot extends CommonObject $sql .= " t.import_key"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; if (!empty($id)) { - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); } else { $sql .= ' WHERE t.fk_product = '.$fk_product.' AND t.fk_entrepot = '.$fk_entrepot; } @@ -365,7 +365,7 @@ class ProductStockEntrepot extends CommonObject $sql .= ' import_key = '.(isset($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null"); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $this->db->begin(); @@ -426,7 +426,7 @@ class ProductStockEntrepot extends CommonObject if (!$error) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index e83a4c86a10..af35f691cd0 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -449,7 +449,7 @@ $title = $langs->trans("Project").' - '.$object->ref.($object->thirdparty->name if (!empty($conf->global->MAIN_HTML_TITLE) && preg_match('/projectnameonly/', $conf->global->MAIN_HTML_TITLE)) { $title = $object->ref.($object->thirdparty->name ? ' - '.$object->thirdparty->name : '').($object->title ? ' - '.$object->title : ''); } -$help_url = "EN:Module_Projects|FR:Module_Projets|ES:Módulo_Proyectos"; +$help_url = "EN:Module_Projects|FR:Module_Projets|ES:Módulo_Proyectos|DE:Modul_Projekte"; llxHeader("", $title, $help_url); diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index f28eccf3982..750f58c1526 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -550,7 +550,7 @@ class Project extends CommonObject $sql .= " accept_conference_suggestions, accept_booth_suggestions, price_registration, price_booth"; $sql .= " FROM ".MAIN_DB_PREFIX."projet"; if (!empty($id)) { - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); } else { $sql .= " WHERE entity IN (".getEntity('project').")"; if (!empty($ref)) { @@ -832,7 +832,7 @@ class Project extends CommonObject // Delete project if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."projet"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -2104,7 +2104,7 @@ class Project extends CommonObject $sql .= ' date_close as datecloture,'; $sql .= ' fk_user_creat as fk_user_author, fk_user_close as fk_use_cloture'; $sql .= ' FROM '.MAIN_DB_PREFIX.'projet as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 586839f3c69..9a72124199c 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -276,7 +276,7 @@ class Task extends CommonObject if (!empty($ref)) { $sql .= "t.ref = '".$this->db->escape($ref)."'"; } else { - $sql .= "t.rowid = ".$id; + $sql .= "t.rowid = ".((int) $id); } dol_syslog(get_class($this)."::fetch", LOG_DEBUG); @@ -381,7 +381,7 @@ class Task extends CommonObject $sql .= " datee=".($this->date_end != '' ? "'".$this->db->idate($this->date_end)."'" : 'null').","; $sql .= " progress=".(($this->progress != '' && $this->progress >= 0) ? $this->progress : 'null').","; $sql .= " rang=".((!empty($this->rang)) ? $this->rang : "0"); - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -535,7 +535,7 @@ class Task extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."projet_task"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -1369,7 +1369,7 @@ class Task extends CommonObject $sql .= " t.thm,"; $sql .= " t.note"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetchTimeSpent", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/reception/class/reception.class.php b/htdocs/reception/class/reception.class.php index a3775498293..a8a55c7faf2 100644 --- a/htdocs/reception/class/reception.class.php +++ b/htdocs/reception/class/reception.class.php @@ -853,7 +853,7 @@ class Reception extends CommonObject $sql .= " model_pdf=".(isset($this->modelpdf) ? "'".$this->db->escape($this->modelpdf)."'" : "null").","; $sql .= " entity=".$conf->entity; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/recruitment/class/recruitmentcandidature.class.php b/htdocs/recruitment/class/recruitmentcandidature.class.php index 3d80c9b58f5..99ac555ba8e 100644 --- a/htdocs/recruitment/class/recruitmentcandidature.class.php +++ b/htdocs/recruitment/class/recruitmentcandidature.class.php @@ -834,7 +834,7 @@ class RecruitmentCandidature extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/recruitment/class/recruitmentjobposition.class.php b/htdocs/recruitment/class/recruitmentjobposition.class.php index 3e5a926d67a..d82e2265e7e 100644 --- a/htdocs/recruitment/class/recruitmentjobposition.class.php +++ b/htdocs/recruitment/class/recruitmentjobposition.class.php @@ -928,7 +928,7 @@ class RecruitmentJobPosition extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/resource/class/dolresource.class.php b/htdocs/resource/class/dolresource.class.php index 0dcf23a9ffb..b3d7fab8082 100644 --- a/htdocs/resource/class/dolresource.class.php +++ b/htdocs/resource/class/dolresource.class.php @@ -275,7 +275,7 @@ class Dolresource extends CommonObject $sql .= " fk_country=".($this->country_id > 0 ? $this->country_id : "null").","; $sql .= " fk_code_type_resource=".(isset($this->fk_code_type_resource) ? "'".$this->db->escape($this->fk_code_type_resource)."'" : "null").","; $sql .= " tms=".(dol_strlen($this->tms) != 0 ? "'".$this->db->idate($this->tms)."'" : 'null').""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -779,7 +779,7 @@ class Dolresource extends CommonObject $sql .= " mandatory=".(isset($this->mandatory) ? $this->mandatory : "null").","; $sql .= " tms=".(dol_strlen($this->tms) != 0 ? "'".$this->db->idate($this->tms)."'" : 'null').""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/resource/list.php b/htdocs/resource/list.php index e5cbcc22d67..356df3a746e 100644 --- a/htdocs/resource/list.php +++ b/htdocs/resource/list.php @@ -1,7 +1,7 @@ * Copyright (C) 2018 Nicolas ZABOURI - * Copyright (C) 2018-2019 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -40,6 +40,7 @@ $resource_id = GETPOST('resource_id', 'int'); $sortorder = GETPOST('sortorder', 'alpha'); $sortfield = GETPOST('sortfield', 'aZ09comma'); +$optioncss = GETPOST('optioncss', 'alpha'); // Initialize context for list $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'resourcelist'; diff --git a/htdocs/salaries/card.php b/htdocs/salaries/card.php index 72d7d4838c0..d8e7e4d4009 100755 --- a/htdocs/salaries/card.php +++ b/htdocs/salaries/card.php @@ -3,7 +3,7 @@ * Copyright (C) 2014-2020 Laurent Destailleur * Copyright (C) 2015 Jean-François Ferry * Copyright (C) 2015 Charlie BENKE - * Copyright (C) 2018 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * Copyright (C) 2021 Gauthier VERDOL * * This program is free software; you can redistribute it and/or modify @@ -44,7 +44,7 @@ if (!empty($conf->projet->enabled)) { $langs->load("projects"); } -$id = GETPOST("id", 'int'); +$id = GETPOSTINT('id'); $action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $accountid = GETPOST('accountid', 'int') > 0 ? GETPOST('accountid', 'int') : 0; @@ -60,11 +60,11 @@ $datep = dol_mktime(12, 0, 0, GETPOST("datepmonth", 'int'), GETPOST("datepday", $datev = dol_mktime(12, 0, 0, GETPOST("datevmonth", 'int'), GETPOST("datevday", 'int'), GETPOST("datevyear", 'int')); $datesp = dol_mktime(12, 0, 0, GETPOST("datespmonth", 'int'), GETPOST("datespday", 'int'), GETPOST("datespyear", 'int')); $dateep = dol_mktime(12, 0, 0, GETPOST("dateepmonth", 'int'), GETPOST("dateepday", 'int'), GETPOST("dateepyear", 'int')); -$label = GETPOST('label'); -$fk_user = GETPOST('userid', 'int'); +$label = GETPOST('label', 'alphanohtml'); +$fk_user = GETPOSTINT('userid'); // Security check -$socid = GETPOST("socid", "int"); +$socid = GETPOSTINT('socid'); if ($user->socid) { $socid = $user->socid; } diff --git a/htdocs/salaries/class/paymentsalary.class.php b/htdocs/salaries/class/paymentsalary.class.php index 0feefbfb076..dc7e310d560 100644 --- a/htdocs/salaries/class/paymentsalary.class.php +++ b/htdocs/salaries/class/paymentsalary.class.php @@ -97,6 +97,13 @@ class PaymentSalary extends CommonObject */ public $fk_user_modif; + /** + * @var array + */ + public $fields = array( + 'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-2, 'notnull'=>1, 'index'=>1, 'position'=>1, 'comment'=>'Id'), + ); + /** * Constructor * @@ -238,7 +245,7 @@ class PaymentSalary extends CommonObject $sql .= ' b.fk_account'; $sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as t LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pt ON t.fk_typepayment = pt.id"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON t.fk_bank = b.rowid'; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); // TODO link on entity of tax; dol_syslog(get_class($this)."::fetch", LOG_DEBUG); @@ -319,7 +326,7 @@ class PaymentSalary extends CommonObject $sql .= " fk_bank=".(isset($this->fk_bank) ? $this->fk_bank : "null").","; $sql .= " fk_user_author=".(isset($this->fk_user_author) ? $this->fk_user_author : "null").","; $sql .= " fk_user_modif=".(isset($this->fk_user_modif) ? $this->fk_user_modif : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -370,7 +377,7 @@ class PaymentSalary extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_salary"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/salaries/class/salary.class.php b/htdocs/salaries/class/salary.class.php index 6990445efd0..fdd1bfd7f73 100644 --- a/htdocs/salaries/class/salary.class.php +++ b/htdocs/salaries/class/salary.class.php @@ -148,7 +148,7 @@ class Salary extends CommonObject $sql .= " fk_user_author=".((int) $this->fk_user_author).","; $sql .= " fk_user_modif=".($this->fk_user_modif > 0 ? (int) $this->fk_user_modif : 'null'); - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -218,7 +218,7 @@ class Salary extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."salary as s"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON s.fk_bank = b.rowid"; - $sql .= " WHERE s.rowid = ".$id; + $sql .= " WHERE s.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -293,7 +293,7 @@ class Salary extends CommonObject }*/ $sql = "DELETE FROM ".MAIN_DB_PREFIX."salary"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); @@ -585,7 +585,7 @@ class Salary extends CommonObject { $sql = 'SELECT ps.rowid, ps.datec, ps.fk_user_author'; $sql .= ' FROM '.MAIN_DB_PREFIX.'salary as ps'; - $sql .= ' WHERE ps.rowid = '.$id; + $sql .= ' WHERE ps.rowid = '.((int) $id); dol_syslog(get_class($this).'::info', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/salaries/index.html b/htdocs/salaries/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/salaries/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/societe/class/companybankaccount.class.php b/htdocs/societe/class/companybankaccount.class.php index ab8271d7b70..c611ccab462 100644 --- a/htdocs/societe/class/companybankaccount.class.php +++ b/htdocs/societe/class/companybankaccount.class.php @@ -214,7 +214,7 @@ class CompanyBankAccount extends Account $sql .= " owner_address, default_rib, label, datec, tms as datem, rum, frstrecur, date_rum"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_rib"; if ($id) { - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); } if ($socid) { $sql .= " WHERE fk_soc = ".$socid; diff --git a/htdocs/societe/class/companypaymentmode.class.php b/htdocs/societe/class/companypaymentmode.class.php index 39b14862f12..db19840fd8e 100644 --- a/htdocs/societe/class/companypaymentmode.class.php +++ b/htdocs/societe/class/companypaymentmode.class.php @@ -544,7 +544,7 @@ class CompanyPaymentMode extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index fa8ed580ac0..5d6f8e44703 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -1937,7 +1937,7 @@ class Societe extends CommonObject // Remove third party if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe"; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); if (!$this->db->query($sql)) { $error++; $this->errors[] = $this->db->lasterror(); @@ -3632,7 +3632,7 @@ class Societe extends CommonObject $sql = "SELECT s.rowid, s.nom as name, s.datec as date_creation, tms as date_modification,"; $sql .= " fk_user_creat, fk_user_modif"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; - $sql .= " WHERE s.rowid = ".$id; + $sql .= " WHERE s.rowid = ".((int) $id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/societe/class/societeaccount.class.php b/htdocs/societe/class/societeaccount.class.php index 64a914ff549..5be05d99a56 100644 --- a/htdocs/societe/class/societeaccount.class.php +++ b/htdocs/societe/class/societeaccount.class.php @@ -514,7 +514,7 @@ class SocieteAccount extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index 7c3500f7e78..74685d37b05 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -79,7 +79,7 @@ $search_zip = trim(GETPOST("search_zip", 'alpha')); $search_state = trim(GETPOST("search_state", 'alpha')); $search_region = trim(GETPOST("search_region", 'alpha')); $search_email = trim(GETPOST('search_email', 'alpha')); -$search_phone = trim(GETPOST('search_phone', 'ahttps://wiki.dolibarr.org/index.php?title=Migrer_mon_Dolibarr_vers_une_offre_Cloudlpha')); +$search_phone = trim(GETPOST('search_phone', 'alpha')); $search_fax = trim(GETPOST('search_fax', 'alpha')); $search_url = trim(GETPOST('search_url', 'alpha')); $search_idprof1 = trim(GETPOST('search_idprof1', 'alpha')); diff --git a/htdocs/societe/price.php b/htdocs/societe/price.php index a101f74258f..d7d373f721a 100644 --- a/htdocs/societe/price.php +++ b/htdocs/societe/price.php @@ -145,7 +145,7 @@ if (empty($reshook)) { if ($action == 'delete_customer_price' && ($user->rights->produit->creer || $user->rights->service->creer)) { // Delete price by customer - $prodcustprice->id = GETPOST('lineid'); + $prodcustprice->id = GETPOST('lineid', 'int'); $result = $prodcustprice->delete($user); if ($result < 0) { @@ -368,99 +368,101 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { print load_fiche_titre($langs->trans('PriceByCustomer')); $result = $prodcustprice->fetch(GETPOST('lineid', 'int')); - if ($result < 0) { + + if ($result <= 0) { setEventMessages($prodcustprice->error, $prodcustprice->errors, 'errors'); - } - - print '
    '; - print '
    '; - print ''; - print ''; - $staticprod = new Product($db); - $staticprod->fetch($prodcustprice->fk_product); - print ""; - print ''; - - // Ref. Customer - print ''; - print ''; - - // VAT - print ''; - - // Price base - print ''; - print ''; - print ''; - - // Price - print ''; - - // Price minimum - print ''; - - // Update all child soc - print ''; - print ''; - print ''; - - print '
    '.$langs->trans('Product').'".$staticprod->getNomUrl(1)."
    '.$langs->trans('RefCustomer').'
    '.$langs->trans("VATRate").''; - print $form->load_tva("tva_tx", $prodcustprice->tva_tx, $mysoc, '', $staticprod->id, $prodcustprice->recuperableonly); - print '
    '; - print $langs->trans('PriceBase'); - print ''; - print $form->selectPriceBaseType($prodcustprice->price_base_type, "price_base_type"); - print '
    '; - $text = $langs->trans('SellingPrice'); - print $form->textwithpicto($text, $langs->trans("PrecisionUnitIsLimitedToXDecimals", $conf->global->MAIN_MAX_DECIMALS_UNIT), 1, 1); - print ''; - if ($prodcustprice->price_base_type == 'TTC') { - print ''; } else { - print ''; + print '
    '; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + $staticprod = new Product($db); + $staticprod->fetch($prodcustprice->fk_product); + print ""; + print ''; + + // Ref. Customer + print ''; + print ''; + + // VAT + print ''; + + // Price base + print ''; + print ''; + print ''; + + // Price + print ''; + + // Price minimum + print ''; + + // Update all child soc + print ''; + print ''; + print ''; + + print '
    '.$langs->trans('Product').'".$staticprod->getNomUrl(1)."
    '.$langs->trans('RefCustomer').'
    '.$langs->trans("VATRate").''; + print $form->load_tva("tva_tx", $prodcustprice->tva_tx, $mysoc, '', $staticprod->id, $prodcustprice->recuperableonly); + print '
    '; + print $langs->trans('PriceBase'); + print ''; + print $form->selectPriceBaseType($prodcustprice->price_base_type, "price_base_type"); + print '
    '; + $text = $langs->trans('SellingPrice'); + print $form->textwithpicto($text, $langs->trans("PrecisionUnitIsLimitedToXDecimals", $conf->global->MAIN_MAX_DECIMALS_UNIT), 1, 1); + print ''; + if ($prodcustprice->price_base_type == 'TTC') { + print ''; + } else { + print ''; + } + print '
    '; + $text = $langs->trans('MinPrice'); + print $form->textwithpicto($text, $langs->trans("PrecisionUnitIsLimitedToXDecimals", $conf->global->MAIN_MAX_DECIMALS_UNIT), 1, 1); + print ''; + if ($prodcustprice->price_base_type == 'TTC') { + print ''; + } else { + print ''; + } + print '
    '; + print $langs->trans('ForceUpdateChildPriceSoc'); + print ''; + print ''; + print '
    '; + + print '
    '; + print ''; + print '     '; + print ''; + print '
    '; + + print '
    '; } - print '
    '; - $text = $langs->trans('MinPrice'); - print $form->textwithpicto($text, $langs->trans("PrecisionUnitIsLimitedToXDecimals", $conf->global->MAIN_MAX_DECIMALS_UNIT), 1, 1); - print ''; - if ($prodcustprice->price_base_type == 'TTC') { - print ''; - } else { - print ''; - } - print '
    '; - print $langs->trans('ForceUpdateChildPriceSoc'); - print ''; - print ''; - print '
    '; - - print '
    '; - print ''; - print '     '; - print ''; - print '
    '; - - print '
    '; } elseif ($action == 'showlog_customer_price') { print '
    '; print ''."\n"; $filter = array( - 't.fk_product' => GETPOST('prodid', 'int'), 't.fk_soc' => $socid + 't.fk_product' => GETPOST('prodid', 'int'), + 't.fk_soc' => $socid ); // Count total nb of records $nbtotalofrecords = ''; - if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { - $nbtotalofrecords = $prodcustprice->fetch_all_log($sortorder, $sortfield, $conf->liste_limit, $offset, $filter); - } - $result = $prodcustprice->fetch_all_log($sortorder, $sortfield, $conf->liste_limit, $offset, $filter); if ($result < 0) { setEventMessages($prodcustprice->error, $prodcustprice->errors, 'errors'); + } else { + if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { + $nbtotalofrecords = $result; + } } $option = '&socid='.GETPOST('socid', 'int').'&prodid='.GETPOST('prodid', 'int'); @@ -485,14 +487,18 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { print ''.$langs->trans("MinPrice").' '.$langs->trans("HT").''; print ''.$langs->trans("MinPrice").' '.$langs->trans("TTC").''; print ''.$langs->trans("ChangedBy").''; - print ' '; + print ''; print ''; foreach ($prodcustprice->lines as $line) { - print ''; $staticprod = new Product($db); $staticprod->fetch($line->fk_product); + $userstatic = new User($db); + $userstatic->fetch($line->fk_user); + + print ''; + print "".$staticprod->getNomUrl(1).""; print ''.$line->ref_customer.''; print "".dol_print_date($line->datec, "dayhour").""; @@ -505,11 +511,10 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { print ''.price($line->price_min_ttc).''; // User - $userstatic = new User($db); - $userstatic->fetch($line->fk_user); print ''; - print $userstatic->getLoginUrl(1); + print $userstatic->getNomUrl(-1); print ''; + print ''; } print ""; } else { @@ -571,17 +576,22 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { print ''.$langs->trans("MinPrice").' '.$langs->trans("HT").''; print ''.$langs->trans("MinPrice").' '.$langs->trans("TTC").''; print ''.$langs->trans("ChangedBy").''; - print ' '; + print ''; print ''; if (count($prodcustprice->lines) > 0 || $search_prod) { print ''; print ''; print ''; - print ' '; - print ''; - print ''; - print ' '; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; // Print the search button print ''; $searchpicto = $form->showFilterAndCheckAddButtons(0); @@ -592,30 +602,28 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { if (count($prodcustprice->lines) > 0) { foreach ($prodcustprice->lines as $line) { - print ''; - $staticprod = new Product($db); $staticprod->fetch($line->fk_product); + $userstatic = new User($db); + $userstatic->fetch($line->fk_user); + + print ''; + print "".$staticprod->getNomUrl(1).""; print "".$staticprod->label.""; print ''.$line->ref_customer.''; print "".dol_print_date($line->datec, "dayhour").""; - print ''.$langs->trans($line->price_base_type).""; print ''.vatrate($line->tva_tx.($line->default_vat_code ? ' ('.$line->default_vat_code.')' : ''), true, $line->recuperableonly).""; print ''.price($line->price).""; print ''.price($line->price_ttc).""; print ''.price($line->price_min).''; print ''.price($line->price_min_ttc).''; - // User - $userstatic = new User($db); - $userstatic->fetch($line->fk_user); print ''; - print $userstatic->getLoginUrl(1); + print $userstatic->getNomUrl(-1); print ''; - // Action if ($user->rights->produit->creer || $user->rights->service->creer) { print ''; diff --git a/htdocs/stripe/transaction.php b/htdocs/stripe/transaction.php index 9206507464b..cde14647061 100644 --- a/htdocs/stripe/transaction.php +++ b/htdocs/stripe/transaction.php @@ -1,6 +1,6 @@ - * Copyright (C) 2018 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -51,7 +51,7 @@ if (empty($page) || $page == -1) { $offset = $limit * $page; $pageprev = $page - 1; $pagenext = $page + 1; - +$optioncss = GETPOST('optioncss', 'alpha'); /* @@ -185,12 +185,10 @@ if (!$rowid) { //print "".$charge->customer."\n"; // Link /*print ""; - if ($societestatic->id > 0) - { + if ($societestatic->id > 0) { print $societestatic->getNomUrl(1); } - if ($memberstatic->id > 0) - { + if ($memberstatic->id > 0) { print $memberstatic->getNomUrl(1); } print "\n";*/ diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index f413dfa2f78..78b1df5f6a4 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -959,7 +959,7 @@ class SupplierProposal extends CommonObject if ($this->id) { $this->ref = '(PROV'.$this->id.')'; - $sql = 'UPDATE '.MAIN_DB_PREFIX."supplier_proposal SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX."supplier_proposal SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php index 208c8242ab4..0bb4936d460 100644 --- a/htdocs/supplier_proposal/list.php +++ b/htdocs/supplier_proposal/list.php @@ -90,6 +90,7 @@ $yearvalid = GETPOST("yearvalid"); $monthvalid = GETPOST("monthvalid"); $dayvalid = GETPOST("dayvalid"); +$optioncss = GETPOST('optioncss', 'alpha'); $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); $sortorder = GETPOST("sortorder", 'alpha'); diff --git a/htdocs/takepos/ajax/ajax.php b/htdocs/takepos/ajax/ajax.php index 9be52f21031..136841a8683 100644 --- a/htdocs/takepos/ajax/ajax.php +++ b/htdocs/takepos/ajax/ajax.php @@ -47,7 +47,7 @@ if (!defined('NOBROWSERNOTIF')) { require '../../main.inc.php'; // Load $user and permissions require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; -$category = GETPOST('category', 'alpha'); +$category = GETPOST('category', 'alphanohtml'); // Can be id of category or 'supplements' $action = GETPOST('action', 'aZ09'); $term = GETPOST('term', 'alpha'); $id = GETPOST('id', 'int'); diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php index f78d8d44811..7fd162c5fbd 100644 --- a/htdocs/takepos/invoice.php +++ b/htdocs/takepos/invoice.php @@ -850,6 +850,7 @@ if ($action == "valid" || $action == "history" || $action == 'creditnote') { } } + /* * View */ @@ -1009,7 +1010,7 @@ function DolibarrTakeposPrinting(id) { console.log("DolibarrTakeposPrinting Printing invoice ticket " + id) $.ajax({ type: "GET", - url: "" + id, + url: "" + id, }); } diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index b3d148e9d39..d3909983c52 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -2010,7 +2010,7 @@ span.widthpictotitle.pictotitle { padding-right: 1px; padding-top: 1px; padding-bottom: 1px; - width: 44px; + width: 50px; text-align:center; } div.attacharea { diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index fdf5686df1c..2209c87c22b 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -1981,7 +1981,7 @@ img.hideonsmartphone.pictoactionview { padding-right: 1px; padding-top: 1px; padding-bottom: 1px; - width: 44px; + width: 50px; text-align:center; } div.attacharea { diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index c4730008285..237edd265de 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -914,7 +914,7 @@ class Ticket extends CommonObject $sql .= " datec=".(dol_strlen($this->datec) != 0 ? "'".$this->db->idate($this->datec)."'" : 'null').","; $sql .= " date_read=".(dol_strlen($this->date_read) != 0 ? "'".$this->db->idate($this->date_read)."'" : 'null').","; $sql .= " date_close=".(dol_strlen($this->date_close) != 0 ? "'".$this->db->idate($this->date_close)."'" : 'null').""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -1008,7 +1008,7 @@ class Ticket extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."ticket"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete sql=".$sql); $resql = $this->db->query($sql); @@ -2909,6 +2909,7 @@ class Ticket extends CommonObject global $conf, $user, $langs; $now = dol_now(); + $delay_warning = 0; $this->nbtodo = $this->nbtodolate = 0; $clause = " WHERE"; @@ -2951,8 +2952,8 @@ class Ticket extends CommonObject while ($obj = $this->db->fetch_object($resql)) { $response->nbtodo++; if ($mode == 'opened') { - $datelimit = $this->db->jdate($obj->datefin); - if ($datelimit < ($now - $delay_warning)) { + $datelimit = $this->db->jdate($obj->datec) + $delay_warning; + if ($datelimit < $now) { //$response->nbtodolate++; } } diff --git a/htdocs/ticket/index.php b/htdocs/ticket/index.php index 31a1efe2481..de341f2f62d 100644 --- a/htdocs/ticket/index.php +++ b/htdocs/ticket/index.php @@ -1,6 +1,7 @@ * Copyright (C) - 2019 Nicolas ZABOURI + * Copyright (C) 2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -127,11 +128,13 @@ print '
    '; $tick = array( 'unread' => 0, 'read' => 0, + 'needmoreinfo' => 0, 'answered' => 0, 'assigned' => 0, 'inprogress' => 0, 'waiting' => 0, 'closed' => 0, + 'canceled' => 0, 'deleted' => 0, ); @@ -144,7 +147,7 @@ $sql .= ' WHERE t.entity IN ('.getEntity('ticket').')'; $sql .= dolSqlDateFilter('datec', 0, 0, $endyear); if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } // External users restriction @@ -153,7 +156,7 @@ if ($user->socid > 0) { } else { // For internals users, if (!empty($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY) && !$user->rights->ticket->manage) { - $sql .= " AND t.fk_user_assign = ".$user->id; + $sql .= " AND t.fk_user_assign = ".((int) $user->id); } } $sql .= " GROUP BY t.fk_statut"; @@ -322,7 +325,7 @@ if ($user->socid > 0) { $sql .= " AND t.fk_soc= ".((int) $user->socid); } else { // Restricted to assigned user only - if ($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY && !$user->rights->ticket->manage) { + if (!empty($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY) && !$user->rights->ticket->manage) { $sql .= " AND t.fk_user_assign=".$user->id; } } diff --git a/htdocs/user/card.php b/htdocs/user/card.php index f3866e0caf5..c1abbc2e4ae 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -13,7 +13,7 @@ * Copyright (C) 2015 Ari Elbaz (elarifr) * Copyright (C) 2015-2018 Charlene Benke * Copyright (C) 2016 Raphaël Doursenaud - * Copyright (C) 2018-2020 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * Copyright (C) 2018 David Beniamine * * This program is free software; you can redistribute it and/or modify @@ -1247,9 +1247,10 @@ if ($action == 'create' || $action == 'adduserldap') { } else { // View and edit mode if ($id > 0) { - $object->fetch($id, '', '', 1); + $res = $object->fetch($id, '', '', 1); if ($res < 0) { - dol_print_error($db, $object->error); exit; + dol_print_error($db, $object->error); + exit; } $res = $object->fetch_optionals(); diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index bcf42ffe43e..b27e12e3f3e 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -457,7 +457,7 @@ class User extends CommonObject } elseif ($email) { $sql .= " AND u.email = '".$this->db->escape($email)."'"; } else { - $sql .= " AND u.rowid = ".$id; + $sql .= " AND u.rowid = ".((int) $id); } $sql .= " ORDER BY u.entity ASC"; // Avoid random result when there is 2 login in 2 different entities @@ -1503,7 +1503,7 @@ class User extends CommonObject } elseif (!empty($this->pass_crypted)) { // If a crypted password is already known, we save it directly into database because the previous create did not save it. $sql = "UPDATE ".MAIN_DB_PREFIX."user"; $sql .= " SET pass_crypted = '".$this->db->escape($this->pass_crypted)."'"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -1514,7 +1514,7 @@ class User extends CommonObject if ($result > 0 && $member->fk_soc) { // If member is linked to a thirdparty $sql = "UPDATE ".MAIN_DB_PREFIX."user"; $sql .= " SET fk_soc=".$member->fk_soc; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::create_from_member", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2866,7 +2866,7 @@ class User extends CommonObject $sql = "SELECT u.rowid, u.login as ref, u.datec,"; $sql .= " u.tms as date_modification, u.entity"; $sql .= " FROM ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE u.rowid = ".$id; + $sql .= " WHERE u.rowid = ".((int) $id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/user/class/userbankaccount.class.php b/htdocs/user/class/userbankaccount.class.php index f113fb3ea32..7323fb93ab2 100644 --- a/htdocs/user/class/userbankaccount.class.php +++ b/htdocs/user/class/userbankaccount.class.php @@ -169,7 +169,7 @@ class UserBankAccount extends Account $sql .= " owner_address, label, datec, tms as datem"; $sql .= " FROM ".MAIN_DB_PREFIX."user_rib"; if ($id) { - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); } if ($ref) { $sql .= " WHERE label = '".$this->db->escape($ref)."'"; diff --git a/htdocs/user/hierarchy.php b/htdocs/user/hierarchy.php index 10cc58d43b9..6073ca4c88f 100644 --- a/htdocs/user/hierarchy.php +++ b/htdocs/user/hierarchy.php @@ -4,7 +4,7 @@ * Copyright (C) 2006-2015 Laurent Destailleur * Copyright (C) 2007 Patrick Raguin * Copyright (C) 2005-2012 Regis Houssin - * Copyright (C) 2019 Frédéric France + * Copyright (C) 2019-2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -44,6 +44,7 @@ if ($user->socid > 0) { $sall = trim((GETPOST('search_all', 'alphanohtml') != '') ?GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml')); $search_user = GETPOST('search_user', 'alpha'); +$optioncss = GETPOST('optioncss', 'alpha'); // Load mode employee $mode = GETPOST("mode", 'alpha'); diff --git a/htdocs/website/class/website.class.php b/htdocs/website/class/website.class.php index fe2e6aab4cf..1d30b71ad0a 100644 --- a/htdocs/website/class/website.class.php +++ b/htdocs/website/class/website.class.php @@ -522,7 +522,7 @@ class Website extends CommonObject $sql .= ' fk_user_modif = '.(!isset($this->fk_user_modif) ? $user->id : $this->fk_user_modif).','; $sql .= ' date_creation = '.(!isset($this->date_creation) || dol_strlen($this->date_creation) != 0 ? "'".$this->db->idate($this->date_creation)."'" : 'null').','; $sql .= ' tms = '.(dol_strlen($this->date_modification) != 0 ? "'".$this->db->idate($this->date_modification)."'" : "'".$this->db->idate(dol_now())."'"); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $this->db->begin(); @@ -597,7 +597,7 @@ class Website extends CommonObject if (!$error) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/website/class/websitepage.class.php b/htdocs/website/class/websitepage.class.php index c6c4d81d04e..f59b8bbc5a5 100644 --- a/htdocs/website/class/websitepage.class.php +++ b/htdocs/website/class/websitepage.class.php @@ -284,7 +284,7 @@ class WebsitePage extends CommonObject //$sql .= ' WHERE entity IN ('.getEntity('website').')'; // entity is on website level $sql .= ' WHERE 1 = 1'; if ($id > 0) { - $sql .= ' AND t.rowid = '.$id; + $sql .= ' AND t.rowid = '.((int) $id); } else { if ($id < 0) { $sql .= ' AND t.rowid <> '.abs($id); diff --git a/htdocs/website/index.php b/htdocs/website/index.php index 03cd9366aba..36601a39f52 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -394,12 +394,12 @@ if ($cancel) { } $savbacktopage = $backtopage; -$backtopage = $_SERVER["PHP_SELF"].'?file_manager=1&website='.$websitekey.'&pageid='.$pageid.(GETPOST('section_dir', 'alpha') ? '§ion_dir='.urlencode(GETPOST('section_dir', 'alpha')) : ''); // used after a confirm_deletefile into actions_linkedfiles.inc.php +$backtopage = $_SERVER["PHP_SELF"].'?file_manager=1&website='.urlencode($websitekey).'&pageid='.urlencode($pageid).(GETPOST('section_dir', 'alpha') ? '§ion_dir='.urlencode(GETPOST('section_dir', 'alpha')) : ''); // used after a confirm_deletefile into actions_linkedfiles.inc.php if ($sortfield) { - $backtopage .= '&sortfield='.$sortfield; + $backtopage .= '&sortfield='.urlencode($sortfield); } if ($sortorder) { - $backtopage .= '&sortorder='.$sortorder; + $backtopage .= '&sortorder='.urlencode($sortorder); } include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; $backtopage = $savbacktopage; @@ -1511,6 +1511,7 @@ if ($action == 'updatecss') { if (!GETPOSTISSET('updateandstay')) { // If we click on "Save And Stay", we don not make the redirect $action = 'preview'; if ($backtopage) { + $backtopage = preg_replace('/searchstring=[^&]*/', '', $backtopage); // Clean backtopage url header("Location: ".$backtopage); exit; } @@ -1907,7 +1908,7 @@ if (($action == 'updatesource' || $action == 'updatecontent' || $action == 'conf // Security analysis $phpfullcodestring = dolKeepOnlyPhpCode($objectpage->content); //print dol_escape_htmltag($phpfullcodestring);exit; - $forbiddenphpcommands = array("exec", "passthru", "system", "shell_exec", "proc_open"); + $forbiddenphpcommands = array("exec", "passthru", "system", "shell_exec", "proc_open", "eval", "dol_eval"); if (empty($conf->global->WEBSITE_PHP_ALLOW_WRITE)) { // If option is not on, we disallow functions to write files $forbiddenphpcommands = array_merge($forbiddenphpcommands, array("fopen", "file_put_contents", "fputs", "fputscsv", "fwrite", "fpassthru", "unlink", "mkdir", "rmdir", "symlink", "touch", "umask")); } diff --git a/htdocs/workstation/class/workstation.class.php b/htdocs/workstation/class/workstation.class.php index e96056688e4..07edb353aa4 100755 --- a/htdocs/workstation/class/workstation.class.php +++ b/htdocs/workstation/class/workstation.class.php @@ -177,8 +177,8 @@ class Workstation extends CommonObject { global $conf, $langs; - dol_include_once('/workstation/class/workstationusergroup.class.php'); - dol_include_once('/workstation/class/workstationresource.class.php'); + require_once DOL_DOCUMENT_ROOT.'/workstation/class/workstationusergroup.class.php'; + require_once DOL_DOCUMENT_ROOT.'/workstation/class/workstationresource.class.php'; $this->db = $db; @@ -872,7 +872,7 @@ class Workstation extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/zapier/class/hook.class.php b/htdocs/zapier/class/hook.class.php index 412a9d602fa..92066e496e2 100644 --- a/htdocs/zapier/class/hook.class.php +++ b/htdocs/zapier/class/hook.class.php @@ -639,7 +639,7 @@ class Hook extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index 55c3ea6de28..b3a95d5f816 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -184,9 +184,15 @@ class SecurityTest extends PHPUnit\Framework\TestCase // Should be OK $expectedresult=0; + /* + $test = ''; + $result=testSqlAndScriptInject($test, 0); + $this->assertGreaterThanOrEqual(0, $result, 'Error on testSqlAndScriptInject kkk'); + */ + $_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices'; $result=testSqlAndScriptInject($_SERVER["PHP_SELF"], 2); - $this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject expected 0a'); + $this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject for PHP_SELF that should be ok'); $test = 'This is a < inside string with < and > also and tag like before the >'; $result=testSqlAndScriptInject($test, 0); @@ -197,7 +203,11 @@ class SecurityTest extends PHPUnit\Framework\TestCase $_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices;badaction'; $result=testSqlAndScriptInject($_SERVER["PHP_SELF"], 2); - $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject 1b'); + $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject for PHP_SELF that should detect XSS'); + + $test = 'javascript&colon;alert(1)'; + $result=testSqlAndScriptInject($test, 0); + $this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject expected 1a'); $test=""; $result=testSqlAndScriptInject($test, 0); @@ -312,10 +322,13 @@ class SecurityTest extends PHPUnit\Framework\TestCase $_POST['param8c']='< with space after is ok'; $_POST['param8d']='objnotdefined\''; $_POST["param11"]=' Name '; $_POST["param12"]='aaa'; + //$_POST["param13"]='javascript%26colon%26%23x3B%3Balert(1)'; + //$_POST["param14"]='javascripT&javascript#x3a alert(1)'; $result=GETPOST('id', 'int'); // Must return nothing print __METHOD__." result=".$result."\n"; @@ -330,6 +343,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase $this->assertEquals($result, 333, 'Test on param1 with 3rd param = 2'); // Test alpha + $result=GETPOST("param2", 'alpha'); print __METHOD__." result=".$result."\n"; $this->assertEquals($result, $_GET["param2"], 'Test on param2'); @@ -343,6 +357,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase $this->assertEquals($result, 'dir'); // Test aZ09 + $result=GETPOST("param1", 'aZ09'); print __METHOD__." result=".$result."\n"; $this->assertEquals($result, $_GET["param1"]); @@ -372,6 +387,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase $this->assertEquals('">', $result); // With restricthtml we must remove html open/close tag and content but not htmlentities like n + $result=GETPOST("param7", 'restricthtml'); print __METHOD__." result=".$result."\n"; $this->assertEquals('"c:\this is a path~1\aaan" abcdef', $result); @@ -397,6 +413,10 @@ class SecurityTest extends PHPUnit\Framework\TestCase print __METHOD__." result=".$result."\n"; $this->assertEquals($_POST['param8e'], $result, 'Test a string with non closing html tag with alphanohtml'); + $result=GETPOST("param8f", 'alphanohtml'); + print __METHOD__." result=".$result."\n"; + $this->assertEquals('abcsvg animate onbegin=alert(document.domain) a', $result, 'Test a string with html tag open with several <'); + $result=GETPOST("param9", 'alphanohtml'); print __METHOD__." result=".$result."\n"; $this->assertEquals($_POST["param9"], $result); @@ -417,6 +437,47 @@ class SecurityTest extends PHPUnit\Framework\TestCase print __METHOD__." result=".$result."\n"; $this->assertEquals(trim($_POST["param12"]), $result, 'Test a string with DOCTYPE and restricthtml'); + /*$result=GETPOST("param13", 'alphanohtml'); + print __METHOD__." result=".$result."\n"; + $this->assertEquals(trim($_POST["param13"]), $result, 'Test a string and alphanohtml'); + + $result=GETPOST("param14", 'alphanohtml'); + print __METHOD__." result=".$result."\n"; + $this->assertEquals(trim($_POST["param14"]), $result, 'Test a string and alphanohtml'); + */ + + // Special test for GETPOST of backtopage or backtolist parameter + + $_POST["backtopage"]='//www.google.com'; + $result=GETPOST("backtopage"); + print __METHOD__." result=".$result."\n"; + $this->assertEquals('www.google.com', $result, 'Test for backtopage param'); + + $_POST["backtopage"]='https:https://www.google.com'; + $result=GETPOST("backtopage"); + print __METHOD__." result=".$result."\n"; + $this->assertEquals('www.google.com', $result, 'Test for backtopage param'); + + $_POST["backtolist"]='::HTTPS://www.google.com'; + $result=GETPOST("backtolist"); + print __METHOD__." result=".$result."\n"; + $this->assertEquals('www.google.com', $result, 'Test for backtopage param'); + + $_POST["backtopage"]='http:www.google.com'; + $result=GETPOST("backtopage"); + print __METHOD__." result=".$result."\n"; + $this->assertEquals('httpwww.google.com', $result, 'Test for backtopage param'); + + $_POST["backtopage"]='/mydir/mypage.php?aa=a%10a'; + $result=GETPOST("backtopage"); + print __METHOD__." result=".$result."\n"; + $this->assertEquals('/mydir/mypage.php?aa=a%10a', $result, 'Test for backtopage param'); + + $_POST["backtopage"]='javascripT&javascript#javascriptxjavascript3a alert(1)'; + $result=GETPOST("backtopage"); + print __METHOD__." result=".$result."\n"; + $this->assertEquals('x3a alert(1)', $result, 'Test for backtopage param'); + return $result; } @@ -615,6 +676,32 @@ class SecurityTest extends PHPUnit\Framework\TestCase return 0; } + /** + * testDolSanitizeUrl + * + * @return void + */ + public function testDolSanitizeUrl() + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $test = 'javascripT&javascript#x3a alert(1)'; + $result=dol_sanitizeUrl($test); + $this->assertEquals('x3a alert(1)', $result, 'Test on dol_sanitizeUrl A'); + + $test = 'javajavascriptscript&cjavascriptolon;alert(1)'; + $result=dol_sanitizeUrl($test); + $this->assertEquals('alert(1)', $result, 'Test on dol_sanitizeUrl B'); + + $test = '/javas:cript/google.com'; + $result=dol_sanitizeUrl($test); + $this->assertEquals('google.com', $result, 'Test on dol_sanitizeUrl C'); + } + /** * testDolSanitizeFileName *