lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' of https://github.com/Dolibarr/dolibarr.git into develop

Browse Source
This commit is contained in:
Laurent Destailleur 2013-04-26 19:17:51 +02:00
commit 162cb4ffea
16 changed files with 81 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/comm/action/class/actioncomm.class.php
View File

@ -35,7 +35,7 @@ class ActionComm extends CommonObject
public $element='action';
public $table_element = 'actioncomm';
public $table_rowid = 'id';
protected $ismultientitymanaged = 2; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
protected $ismultientitymanaged = 1; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
var $id;

2
htdocs/comm/action/document.php
View File

@ -51,6 +51,8 @@ if ($user->societe_id > 0)
$socid = $user->societe_id;
}
$result = restrictedArea($user, 'agenda', $objectid, 'actioncomm&societe', 'myactions&allactions', '', 'id');
$act = new ActionComm($db);
if ($objectid > 0)

2
htdocs/comm/action/fiche.php
View File

@ -53,7 +53,7 @@ $contactid=GETPOST('contactid','int');
$socid = GETPOST('socid','int');
$id = GETPOST('id','int');
if ($user->societe_id) $socid=$user->societe_id;
//$result = restrictedArea($user, 'agenda', $id, 'actioncomm', 'actions', '', 'id');
$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions&allactions', '', 'id');
$error=GETPOST("error");
$mesg='';

7
htdocs/comm/action/info.php
View File

@ -31,6 +31,8 @@ require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';
$langs->load("commercial");
$id = GETPOST('id','int');
// Security check
if ($user->societe_id > 0)
{
@ -38,6 +40,7 @@ if ($user->societe_id > 0)
$socid = $user->societe_id;
}
$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions&allactions', '', 'id');
/*
@ -48,8 +51,8 @@ $help_url='EN:Module_Agenda_En|FR:Module_Agenda|ES:M&omodulodulo_Agenda';
llxHeader('',$langs->trans("Agenda"),$help_url);
$act = new ActionComm($db);
$act->fetch($_GET["id"]);
$act->info($_GET["id"]);
$act->fetch($id);
$act->info($act->id);
$head=actions_prepare_head($act);
dol_fiche_head($head, 'info', $langs->trans("Action"),0,'action');

1
htdocs/contact/class/contact.class.php
View File

@ -36,6 +36,7 @@ class Contact extends CommonObject
{
public $element='contact';
public $table_element='socpeople';
protected $ismultientitymanaged = 1; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
var $id;
var $civilite_id; // In fact we store civility_code

14
htdocs/contact/exportimport.php
View File

@ -29,26 +29,28 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/contact.lib.php';
$langs->load("companies");
// Security check
$contactid = isset($_GET["id"])?$_GET["id"]:'';
$id = GETPOST('id', 'int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'contact', $contactid, 'socpeople&societe');
$result = restrictedArea($user, 'contact', $id, 'socpeople&societe');
/*
* View
*/
llxHeader('',$langs->trans("ContactsAddresses"),'EN:Module_Third_Parties|FR:Module_Tiers|ES:Módulo_Empresas');
$title = (! empty($conf->global->SOCIETE_ADDRESSES_MANAGEMENT) ? $langs->trans("Contacts") : $langs->trans("ContactsAddresses"));
llxHeader('',$title,'EN:Module_Third_Parties|FR:Module_Tiers|ES:Módulo_Empresas');
$form = new Form($db);
$contact = new Contact($db);
$contact->fetch($_GET["id"], $user);
$contact->fetch($id, $user);
$head = contact_prepare_head($contact);
dol_fiche_head($head, 'exportimport', $langs->trans("ContactsAddresses"), 0, 'contact');
dol_fiche_head($head, 'exportimport', $title, 0, 'contact');
/*
@ -97,7 +99,7 @@ print '</div>';
print '<br>';
print $langs->trans("ExportCardToFormat").': ';
print '<a href="'.DOL_URL_ROOT.'/contact/vcard.php?id='.$_GET["id"].'">';
print '<a href="'.DOL_URL_ROOT.'/contact/vcard.php?id='.$contact->id.'">';
print img_picto($langs->trans("VCard"),'vcard.png').' ';
print $langs->trans("VCard");
print '</a>';

2
htdocs/contact/fiche.php
View File

@ -67,7 +67,7 @@ if (! empty($canvas))
}
// Security check
$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', '', $objcanvas); // If we create a contact with no company (shared contacts), no check on write permission
$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', $objcanvas); // If we create a contact with no company (shared contacts), no check on write permission
// Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array
$hookmanager->initHooks(array('contactcard'));

12
htdocs/contact/ldap.php
View File

@ -35,12 +35,12 @@ $langs->load("admin");
$action=GETPOST('action');
// Security check
$contactid = isset($_GET["id"])?$_GET["id"]:'';
$id = GETPOST('id', 'int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'contact', $contactid, 'socpeople&societe');
$result = restrictedArea($user, 'contact', $id, 'socpeople&societe');
$contact = new Contact($db);
$contact->fetch($_GET["id"], $user);
$contact->fetch($id, $user);
/*
@ -79,13 +79,15 @@ if ($action == 'dolibarr2ldap')
* View
*/
llxHeader('',$langs->trans("ContactsAddresses"),'EN:Module_Third_Parties|FR:Module_Tiers|ES:M&oacute;dulo_Empresas');
$title = (! empty($conf->global->SOCIETE_ADDRESSES_MANAGEMENT) ? $langs->trans("Contacts") : $langs->trans("ContactsAddresses"));
llxHeader('',$title,'EN:Module_Third_Parties|FR:Module_Tiers|ES:M&oacute;dulo_Empresas');
$form = new Form($db);
$head = contact_prepare_head($contact);
dol_fiche_head($head, 'ldap', $langs->trans("ContactsAddresses"), 0, 'contact');
dol_fiche_head($head, 'ldap', $title, 0, 'contact');
print '<table class="border" width="100%">';

6
htdocs/contact/perso.php
View File

@ -69,7 +69,9 @@ if ($action == 'update' && ! $_POST["cancel"] && $user->rights->societe->contact
$now=dol_now();
llxHeader('',$langs->trans("ContactsAddresses"),'EN:Module_Third_Parties|FR:Module_Tiers|ES:M&oacute;dulo_Empresas');
$title = (! empty($conf->global->SOCIETE_ADDRESSES_MANAGEMENT) ? $langs->trans("Contacts") : $langs->trans("ContactsAddresses"));
llxHeader('',$title,'EN:Module_Third_Parties|FR:Module_Tiers|ES:M&oacute;dulo_Empresas');
$form = new Form($db);
@ -77,7 +79,7 @@ $object->fetch($id, $user);
$head = contact_prepare_head($object);
dol_fiche_head($head, 'perso', $langs->trans("ContactsAddresses"), 0, 'contact');
dol_fiche_head($head, 'perso', $title, 0, 'contact');
if ($action == 'edit')
{

7
htdocs/contact/vcard.php
View File

@ -29,8 +29,13 @@ require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/vcard.class.php';
$id = GETPOST('id', 'int');
// Security check
$result = restrictedArea($user, 'contact', $id, 'socpeople&societe');
$contact = new Contact($db);
$result=$contact->fetch($_GET["id"]);
$result=$contact->fetch($id);
$physicalperson=1;

27
htdocs/core/lib/security.lib.php
View File

@ -112,11 +112,15 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature
if (method_exists($objcanvas->control,'restrictedArea')) return $objcanvas->control->restrictedArea($user,$features,$objectid,$dbtablename,$feature2,$dbt_keyfield,$dbt_select);
}
if ($dbt_select != 'rowid') $objectid = "'".$objectid."'";
if ($dbt_select != 'rowid' && $dbt_select != 'id') $objectid = "'".$objectid."'";
// More features to check
$features = explode("&", $features);
// More subfeatures to check
if (!empty($feature2))
$feature2 = explode("&", $feature2);
// More parameters
$params = explode('&', $dbtablename);
$dbtablename=(! empty($params[0]) ? $params[0] : '');
@ -160,8 +164,11 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature
}
else if (! empty($feature2)) // This should be used for future changes
{
if (empty($user->rights->$feature->$feature2->lire)
&& empty($user->rights->$feature->$feature2->read)) $readok=0;
foreach($feature2 as $subfeature)
{
if (empty($user->rights->$feature->$subfeature->lire) && empty($user->rights->$feature->$subfeature->read)) $readok=0;
else { $readok=1; break; } // For bypass the second test if the first is ok
}
}
else if (! empty($feature) && ($feature!='user' && $feature!='usergroup')) // This is for old permissions
{
@ -206,8 +213,11 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature
}
else if (! empty($feature2)) // This should be used for future changes
{
if (empty($user->rights->$feature->$feature2->creer)
&& empty($user->rights->$feature->$feature2->write)) $createok=0;
foreach($feature2 as $subfeature)
{
if (empty($user->rights->$feature->$subfeature->creer) && empty($user->rights->$feature->$subfeature->write)) $createok=0;
else { $createok=1; break; } // For bypass the second test if the first is ok
}
}
else if (! empty($feature)) // This is for old permissions
{
@ -267,8 +277,11 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature
}
else if (! empty($feature2)) // This should be used for future changes
{
if (empty($user->rights->$feature->$feature2->supprimer)
&& empty($user->rights->$feature->$feature2->delete)) $deleteok=0;
foreach($feature2 as $subfeature)
{
if (empty($user->rights->$feature->$subfeature->supprimer) && empty($user->rights->$feature->$subfeature->delete)) $deleteok=0;
else { $deleteok=1; break; } // For bypass the second test if the first is ok
}
}
else if (! empty($feature)) // This is for old permissions
{

3
htdocs/core/modules/import/import_csv.modules.php
View File

@ -267,6 +267,9 @@ class ImportCsv extends ModeleImports
$arrayres=fgetcsv($this->handle,100000,$this->separator,$this->enclosure,$this->escape);
}
// End of file
if ($arrayres === false) return false;
//var_dump($this->handle);
//var_dump($arrayres);exit;
$newarrayres=array();

4
htdocs/core/modules/modAdherent.class.php
View File

@ -207,7 +207,7 @@ class modAdherent extends DolibarrModules
$this->import_entities_array[$r]=array(); // We define here only fields that use another icon that the one defined into import_icon
$this->import_tables_array[$r]=array('a'=>MAIN_DB_PREFIX.'adherent','extra'=>MAIN_DB_PREFIX.'adherent_extrafields');
$this->import_tables_creator_array[$r]=array('a'=>'fk_user_author'); // Fields to store import user id
$this->import_fields_array[$r]=array('a.civilite'=>"UserTitle",'a.nom'=>"Lastname*",'a.firstname'=>"Firstname",'a.login'=>"Login*","a.pass"=>"Password","a.fk_adherent_type"=>"MemberType*",'a.morphy'=>'Nature*','a.societe'=>'Company','a.address'=>"Address",'a.zip'=>"Zip",'a.town'=>"Town",'a.country'=>"Country",'a.phone'=>"PhonePro",'a.phone_perso'=>"PhonePerso",'a.phone_mobile'=>"PhoneMobile",'a.email'=>"Email",'a.birth'=>"Birthday",'a.statut'=>"Status*",'a.photo'=>"Photo",'a.note'=>"Note",'a.datec'=>'DateCreation','a.datefin'=>'DateEndSubscription');
$this->import_fields_array[$r]=array('a.civilite'=>"UserTitle",'a.lastname'=>"Lastname*",'a.firstname'=>"Firstname",'a.login'=>"Login*","a.pass"=>"Password","a.fk_adherent_type"=>"MemberType*",'a.morphy'=>'Nature*','a.societe'=>'Company','a.address'=>"Address",'a.zip'=>"Zip",'a.town'=>"Town",'a.country'=>"Country",'a.phone'=>"PhonePro",'a.phone_perso'=>"PhonePerso",'a.phone_mobile'=>"PhoneMobile",'a.email'=>"Email",'a.birth'=>"Birthday",'a.statut'=>"Status*",'a.photo'=>"Photo",'a.note'=>"Note",'a.datec'=>'DateCreation','a.datefin'=>'DateEndSubscription');
// Add extra fields
$sql="SELECT name, label, fieldrequired FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'member'";
$resql=$this->db->query($sql);
@ -223,7 +223,7 @@ class modAdherent extends DolibarrModules
// End add extra fields
$this->import_fieldshidden_array[$r]=array('extra.fk_object'=>'lastrowid-'.MAIN_DB_PREFIX.'adherent'); // aliastable.field => ('user->id' or 'lastrowid-'.tableparent)
$this->import_regex_array[$r]=array('a.civilite'=>'code@'.MAIN_DB_PREFIX.'c_civilite','a.fk_adherent_type'=>'rowid@'.MAIN_DB_PREFIX.'adherent_type','a.morphy'=>'(phy|mor)','a.statut'=>'^[0|1]','a.datec'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$','a.datefin'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$');
$this->import_examplevalues_array[$r]=array('a.civilite'=>"MR",'a.nom'=>'Smith','a.firstname'=>'John','a.login'=>'jsmith','a.pass'=>'passofjsmith','a.fk_adherent_type'=>'1','a.morphy'=>'"mor" or "phy"','a.societe'=>'JS company','a.address'=>'21 jump street','a.zip'=>'55000','a.town'=>'New York','a.country'=>'1','a.email'=>'jsmith@example.com','a.birth'=>'1972-10-10','a.statut'=>"0 or 1",'a.note'=>"This is a comment on member",'a.datec'=>dol_print_date($now,'%Y-%m-%d'),'a.datefin'=>dol_print_date(dol_time_plus_duree($now, 1, 'y'),'%Y-%m-%d'));
$this->import_examplevalues_array[$r]=array('a.civilite'=>"MR",'a.lastname'=>'Smith','a.firstname'=>'John','a.login'=>'jsmith','a.pass'=>'passofjsmith','a.fk_adherent_type'=>'1','a.morphy'=>'"mor" or "phy"','a.societe'=>'JS company','a.address'=>'21 jump street','a.zip'=>'55000','a.town'=>'New York','a.country'=>'1','a.email'=>'jsmith@example.com','a.birth'=>'1972-10-10','a.statut'=>"0 or 1",'a.note'=>"This is a comment on member",'a.datec'=>dol_print_date($now,'%Y-%m-%d'),'a.datefin'=>dol_print_date(dol_time_plus_duree($now, 1, 'y'),'%Y-%m-%d'));
}

20
htdocs/imports/import.php
View File

@ -1307,13 +1307,19 @@ if ($step == 5 && $datatoimport)
$result=$obj->import_open_file($pathfile,$langs);
if ($result > 0)
{
$sourcelinenb=0;
$sourcelinenb=0; $endoffile=0;
// Loop on each input file record
while ($sourcelinenb < $nboflines)
while ($sourcelinenb < $nboflines && ! $endoffile)
{
$sourcelinenb++;
// Read line and stor it into $arrayrecord
$arrayrecord=$obj->import_read_record();
if ($arrayrecord === false)
{
$arrayofwarnings[$sourcelinenb][0]=array('lib'=>'File has '.$nboflines.' lines. However we reach end of file after record '.$sourcelinenb.'. This may occurs when some records are split onto several lines.','type'=>'EOF_RECORD_ON_SEVERAL_LINES');
$endoffile++;
continue;
}
if ($excludefirstline && $sourcelinenb == 1) continue;
//
@ -1615,11 +1621,17 @@ if ($step == 6 && $datatoimport)
$result=$obj->import_open_file($pathfile,$langs);
if ($result > 0)
{
$sourcelinenb=0;
while ($sourcelinenb < $nboflines)
$sourcelinenb=0; $endoffile=0;
while ($sourcelinenb < $nboflines && ! $endoffile)
{
$sourcelinenb++;
$arrayrecord=$obj->import_read_record();
if ($arrayrecord === false)
{
$arrayofwarnings[$sourcelinenb][0]=array('lib'=>'File has '.$nboflines.' lines. However we reach end of file after record '.$sourcelinenb.'. This may occurs when some records are split onto several lines.','type'=>'EOF_RECORD_ON_SEVERAL_LINES');
$endoffile++;
continue;
}
if ($excludefirstline && $sourcelinenb == 1) continue;
$result=$obj->import_insert($arrayrecord,$array_match_file_to_database,$objimport,count($fieldssource),$importid);

4
htdocs/langs/en_US/errors.lang
View File

@ -77,7 +77,7 @@ ErrorContactEMail=A technical error occured. Please, contact administrator to fo
ErrorWrongValueForField=Wrong value for field number <b>%s</b> (value '<b>%s</b>' does not match regex rule <b>%s</b>)
ErrorFieldValueNotIn=Wrong value for field number <b>%s</b> (value '<b>%s</b>' is not a value available into field <b>%s</b> of table <b>%s</b>)
ErrorFieldRefNotIn=Wrong value for field number <b>%s</b> (value '<b>%s</b>' is not a <b>%s</b> existing ref)
ErrorsOnXLines=Errors on <b>%s</b> source lines
ErrorsOnXLines=Errors on <b>%s</b> source record(s)
ErrorFileIsInfectedWithAVirus=The antivirus program was not able to validate the file (file might be infected by a virus)
ErrorSpecialCharNotAllowedForField=Special characters are not allowed for field "%s"
ErrorDatabaseParameterWrong=Database setup parameter '<b>%s</b>' has a value not compatible to use Dolibarr (must have value '<b>%s</b>').
@ -131,7 +131,7 @@ WarningBuildScriptNotRunned=Script <b>%s</b> was not yet ran to build graphics,
WarningBookmarkAlreadyExists=A bookmark with this title or this target (URL) already exists.
WarningPassIsEmpty=Warning, database password is empty. This is a security hole. You should add a password to your database and change your conf.php file to reflect this.
WarningConfFileMustBeReadOnly=Warning, your config file (<b>htdocs/conf/conf.php</b>) can be overwritten by the web server. This is a serious security hole. Modify permissions on file to be in read only mode for operating system user used by Web server. If you use Windows and FAT format for your disk, you must know that this file system does not allow to add permissions on file, so can't be completely safe.
WarningsOnXLines=Warnings on <b>%s</b> source lines
WarningsOnXLines=Warnings on <b>%s</b> source record(s)
WarningNoDocumentModelActivated=No model, for document generation, has been activated. A model will be choosed by default until you check your module setup.
WarningLockFileDoesNotExists=Warning, once setup is finished, you must disable install/migrate tools by adding a file <b>install.lock</b> into directory <b>%s</b>. Missing this file is a security hole.
WarningUntilDirRemoved=All security warnings (visible by admin users only) will remain active as long as the vulnerability is present (or that constant MAIN_REMOVE_INSTALL_WARNING is added in Setup->Other setup).

4
htdocs/langs/fr_FR/errors.lang
View File

@ -78,7 +78,7 @@ ErrorContactEMail=Une erreur technique est apparue. Merci de contacter l'adminis
ErrorWrongValueForField=Mauvaise valeur pour le champ numéro <b>%s</b> (la valeur '<b>%s</b>' ne respecte pas la règle <b>%s</b>)
ErrorFieldValueNotIn=Mauvaise valeur pour le champ numéro <b>%s</b> (la valeur '<b>%s</b>' n'est pas une valeure présente dans le champ <b>%s</b> de la table <b>%s</b>)
ErrorFieldRefNotIn=Mauvaise valeur pour le champ numéro <b>%s</b> (la valeur '<b>%s</b>' n'est pas une référence existante comme <b>%s</b>)
ErrorsOnXLines=Erreurs sur <b>%s</b> lignes sources
ErrorsOnXLines=Erreurs sur <b>%s</b> enregistrement(s) source
ErrorFileIsInfectedWithAVirus=L'antivirus n'a pas pu valider ce fichier (il est probablement infecté par un virus) !
ErrorSpecialCharNotAllowedForField=Les caractères spéciaux ne sont pas admis pour le champ "%s"
ErrorDatabaseParameterWrong=Le paramètre de configuration de la base de donnée '<b>%s</b>' a une valeur non compatible pour une utilisation de Dolibarr (doit avoir la valeur '<b>%s</b>').
@ -132,7 +132,7 @@ WarningBuildScriptNotRunned=Le script <b>%s</b> n'a pas encore été lancé pour
WarningBookmarkAlreadyExists=Un marque-page avec ce titre ou cette destination (URL) existe déjà.
WarningPassIsEmpty=Attention, le mot de passe de la base de données Dolibarr est vide. Cela représente une faille de sécurité. Il est recommandé d'ajouter manuellement un mot de passe à la base et de modifier le fichier conf.php pour refléter ce changement.
WarningConfFileMustBeReadOnly=Attention, votre fichier de configuration (<b>htdocs/conf/conf.php</b>) est accessible en écriture au serveur Web. Ceci représente une faille sérieuse de sécurité. Modifiez les permissions pour qu'il soit en lecture seule pour le compte sous lequel tourne le serveur Web et non lisible pour les autres.<br>Si vous êtes sous Windows sur un disque dur utilisant un formatage FAT, sachez que ce système de fichier ne permet pas de protéger des fichiers et n'offre donc aucune solution pour réduire les risques de manipulation de ce fichier.
WarningsOnXLines=Alertes sur <b>%s</b> lignes sources
WarningsOnXLines=Alertes sur <b>%s</b> enregistrement(s) source
WarningNoDocumentModelActivated=Aucun modèle, pour la génération de document, n'a été activé. Un modèle sera pris par défaut en attendant la correction de configuration du module.
WarningLockFileDoesNotExists=Attention, une fois l'installation terminée, les outils d'installation/migration doivent être désactivés en ajoutant un fichier <b>install.lock</b> dans le répertoire <b>%s</b>. L'absence de ce fichier représente une faille de sécurité.
WarningUntilDirRemoved=Les alertes de sécurité sont visibles par les administrateurs uniquement et resteront actives tant que la vulnérabilité sera avérée (ou que la constante MAIN_REMOVE_INSTALL_WARNING aura été définie dans Configuration->Divers)