lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote branch 'origin/develop' into develop

Browse Source
This commit is contained in:
FHenry 2012-02-29 14:32:33 +01:00
commit 16408b6310
188 changed files with 1457 additions and 1151 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -52,9 +52,12 @@ For users:
- New: Increase usability of module project.
- New: Automatic list of documents in ECM module is ok for customers,
suppliers invoice, orders, customers orders, proposals and social contributions.
- New: All professional id can contains up to 128 chars instead of 32.
- New: [ task #176 ] Allow to use ODT templates for proposals and orders like it's done for invoices
- New: Add hidden option MAIN_ADD_PDF_BACKGROUND to add a PDF as background of invoice/order generated PDF.
- Fix: Can use POS module with several concurrent users.
- Fix: Installer don't fails with Mysql version that added a ssl_cypher field.
- Fix: Sanitize input parameters.
For developers:
- New: Can add a left menu into an existing top menu or left menu.

2
dev/skeletons/skeleton_class.class.php
View File

@ -51,7 +51,7 @@ class Skeleton_Class // extends CommonObject
*
* @param DoliDb $db Database handler
*/
function Skeleton_Class($db)
function __construct($db)
{
$this->db = $db;
return 1;

2
htdocs/adherents/agenda.php
View File

@ -37,7 +37,7 @@ $langs->load("members");
$mesg=isset($_GET["mesg"])?'<div class="ok">'.$_GET["mesg"].'</div>':'';
$id = GETPOST("id");
$id = GETPOST('id','int');
// Security check
if (! $user->rights->adherent->lire) accessforbidden();

8
htdocs/adherents/card_subscriptions.php
View File

@ -141,10 +141,10 @@ if ($action == 'setsocid')
$error=0;
if (! $error)
{
if (GETPOST("socid") != $adh->fk_soc) // If link differs from currently in database
if (GETPOST('socid','int') != $adh->fk_soc) // If link differs from currently in database
{
$sql ="SELECT rowid FROM ".MAIN_DB_PREFIX."adherent";
$sql.=" WHERE fk_soc = '".GETPOST("socid")."'";
$sql.=" WHERE fk_soc = '".GETPOST('socid','int')."'";
$resql = $db->query($sql);
if ($resql)
{
@ -154,7 +154,7 @@ if ($action == 'setsocid')
$othermember=new Adherent($db);
$othermember->fetch($obj->rowid);
$thirdparty=new Societe($db);
$thirdparty->fetch(GETPOST("socid"));
$thirdparty->fetch(GETPOST('socid','int'));
$error++;
$mesg='<div class="error">'.$langs->trans("ErrorMemberIsAlreadyLinkedToThisThirdParty",$othermember->getFullName($langs),$othermember->login,$thirdparty->name).'</div>';
}
@ -162,7 +162,7 @@ if ($action == 'setsocid')
if (! $error)
{
$result=$adh->setThirdPartyId(GETPOST("socid"));
$result=$adh->setThirdPartyId(GETPOST('socid','int'));
if ($result < 0) dol_print_error($adh->db,$adh->error);
$_POST['action']='';
$action='';

2
htdocs/adherents/document.php
View File

@ -37,7 +37,7 @@ $langs->load('other');
$mesg = "";
// Security check
$id = GETPOST('id');
$id = GETPOST('id','int');
if ($user->societe_id > 0)
{
$id = $user->societe_id;

99
htdocs/adherents/fiche.php
View File

@ -2,7 +2,7 @@
/* Copyright (C) 2001-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2002-2003 Jean-Louis Bergamo <jlb@j1b.org>
* Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -49,11 +49,14 @@ $extrafields = new ExtraFields($db);
$errmsg=''; $errmsgs=array();
$action=GETPOST("action");
$rowid=GETPOST("rowid");
$typeid=GETPOST("typeid");
$action=GETPOST('action','alpha');
$confirm=GETPOST('confirm','alpha');
$rowid=GETPOST('rowid','int');
$typeid=GETPOST('typeid','int');
$userid=GETPOST('userid','int');
$socid=GETPOST('socid','int');
if ($rowid)
if ($rowid > 0)
{
// Load member
$result = $object->fetch($rowid);
@ -70,6 +73,10 @@ if ($rowid)
|| (($user->id != $adh->user_id) && $user->rights->user->user->password) );
}
}
else
{
accessforbidden();
}
// Define variables to know what current user can do on members
$canaddmember=$user->rights->adherent->creer;
@ -93,12 +100,12 @@ $parameters=array('socid'=>$socid);
$reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks
if ($_POST['action'] == 'setuserid' && ($user->rights->user->self->creer || $user->rights->user->user->creer))
if ($action == 'setuserid' && ($user->rights->user->self->creer || $user->rights->user->user->creer))
{
$error=0;
if (empty($user->rights->user->user->creer)) // If can edit only itself user, we can link to itself only
{
if ($_POST["userid"] != $user->id && $_POST["userid"] != $object->user_id)
if ($userid != $user->id && $userid != $object->user_id)
{
$error++;
$mesg='<div class="error">'.$langs->trans("ErrorUserPermissionAllowsToLinksToItselfOnly").'</div>';
@ -107,24 +114,23 @@ if ($_POST['action'] == 'setuserid' && ($user->rights->user->self->creer || $use
if (! $error)
{
if ($_POST["userid"] != $object->user_id) // If link differs from currently in database
if ($userid != $object->user_id) // If link differs from currently in database
{
$result=$object->setUserId($_POST["userid"]);
$result=$object->setUserId($userid);
if ($result < 0) dol_print_error($object->db,$object->error);
$_POST['action']='';
$action='';
}
}
}
if ($_POST['action'] == 'setsocid')
if ($action == 'setsocid')
{
$error=0;
if (! $error)
{
if ($_POST["socid"] != $object->fk_soc) // If link differs from currently in database
if ($socid != $object->fk_soc) // If link differs from currently in database
{
$sql ="SELECT rowid FROM ".MAIN_DB_PREFIX."adherent";
$sql.=" WHERE fk_soc = '".$_POST["socid"]."'";
$sql.=" WHERE fk_soc = '".$socid."'";
$sql.=" AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)
@ -135,7 +141,7 @@ if ($_POST['action'] == 'setsocid')
$othermember=new Adherent($db);
$othermember->fetch($obj->rowid);
$thirdparty=new Societe($db);
$thirdparty->fetch($_POST["socid"]);
$thirdparty->fetch($socid);
$error++;
$errmsg='<div class="error">'.$langs->trans("ErrorMemberIsAlreadyLinkedToThisThirdParty",$othermember->getFullName($langs),$othermember->login,$thirdparty->name).'</div>';
}
@ -143,9 +149,8 @@ if ($_POST['action'] == 'setsocid')
if (! $error)
{
$result=$object->setThirdPartyId($_POST["socid"]);
$result=$object->setThirdPartyId($socid);
if ($result < 0) dol_print_error($object->db,$object->error);
$_POST['action']='';
$action='';
}
}
@ -153,13 +158,13 @@ if ($_POST['action'] == 'setsocid')
}
// Create user from a member
if ($_POST["action"] == 'confirm_create_user' && $_POST["confirm"] == 'yes' && $user->rights->user->user->creer)
if ($action == 'confirm_create_user' && $confirm == 'yes' && $user->rights->user->user->creer)
{
if ($result > 0)
{
// Creation user
$nuser = new User($db);
$result=$nuser->create_from_member($object,$_POST["login"]);
$result=$nuser->create_from_member($object,GETPOST('login','alpha'));
if ($result < 0)
{
@ -174,13 +179,13 @@ if ($_POST["action"] == 'confirm_create_user' && $_POST["confirm"] == 'yes' && $
}
// Create third party from a member
if ($_POST["action"] == 'confirm_create_thirdparty' && $_POST["confirm"] == 'yes' && $user->rights->societe->creer)
if ($action == 'confirm_create_thirdparty' && $confirm == 'yes' && $user->rights->societe->creer)
{
if ($result > 0)
{
// Creation user
$company = new Societe($db);
$result=$company->create_from_member($object,$_POST["companyname"]);
$result=$company->create_from_member($object,GETPOST('companyname','alpha'));
if ($result < 0)
{
@ -195,7 +200,7 @@ if ($_POST["action"] == 'confirm_create_thirdparty' && $_POST["confirm"] == 'yes
}
}
if ($_REQUEST["action"] == 'confirm_sendinfo' && $_REQUEST["confirm"] == 'yes')
if ($action == 'confirm_sendinfo' && $confirm == 'yes')
{
if ($object->email)
{
@ -204,7 +209,7 @@ if ($_REQUEST["action"] == 'confirm_sendinfo' && $_REQUEST["confirm"] == 'yes')
}
}
if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->adherent->creer)
if ($action == 'update' && ! $_POST["cancel"] && $user->rights->adherent->creer)
{
require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
@ -328,8 +333,8 @@ if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->adhe
}
}
$_GET["rowid"]=$object->id;
$_REQUEST["action"]='';
$rowid=$object->id;
$action='';
}
else
{
@ -340,7 +345,7 @@ if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->adhe
}
}
if ($_POST["action"] == 'add' && $user->rights->adherent->creer)
if ($action == 'add' && $user->rights->adherent->creer)
{
$datenaiss='';
if (isset($_POST["naissday"]) && $_POST["naissday"]
@ -499,7 +504,7 @@ if ($_POST["action"] == 'add' && $user->rights->adherent->creer)
}
}
if ($user->rights->adherent->supprimer && $_REQUEST["action"] == 'confirm_delete' && $_REQUEST["confirm"] == 'yes')
if ($user->rights->adherent->supprimer && $action == 'confirm_delete' && $confirm == 'yes')
{
$result=$object->delete($rowid);
if ($result > 0)
@ -513,7 +518,7 @@ if ($user->rights->adherent->supprimer && $_REQUEST["action"] == 'confirm_delete
}
}
if ($user->rights->adherent->creer && $_POST["action"] == 'confirm_valid' && $_POST["confirm"] == 'yes')
if ($user->rights->adherent->creer && $action == 'confirm_valid' && $confirm == 'yes')
{
$result=$object->validate($user);
@ -547,7 +552,7 @@ if ($user->rights->adherent->creer && $_POST["action"] == 'confirm_valid' && $_P
}
}
if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_resign' && $_POST["confirm"] == 'yes')
if ($user->rights->adherent->supprimer && $action == 'confirm_resign' && $confirm == 'yes')
{
$adht = new AdherentType($db);
$adht->fetch($object->typeid);
@ -580,7 +585,7 @@ if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_resign' &
}
}
if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_del_spip' && $_POST["confirm"] == 'yes')
if ($user->rights->adherent->supprimer && $action == 'confirm_del_spip' && $confirm == 'yes')
{
if (! count($object->errors))
{
@ -591,7 +596,7 @@ if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_del_spip'
}
}
if ($user->rights->adherent->creer && $_POST["action"] == 'confirm_add_spip' && $_POST["confirm"] == 'yes')
if ($user->rights->adherent->creer && $action == 'confirm_add_spip' && $confirm == 'yes')
{
if (! count($object->errors))
{
@ -629,7 +634,7 @@ if ($action == 'create')
$object->fk_departement = $_POST["departement_id"];
// We set country_id, country_code and country for the selected country
$object->country_id=$_POST["country_id"]?$_POST["country_id"]:$mysoc->country_id;
$object->country_id=GETPOST('country_id','int')?GETPOST('country_id','int'):$mysoc->country_id;
if ($object->country_id)
{
$tmparray=getCountry($object->country_id,'all');
@ -674,7 +679,7 @@ if ($action == 'create')
$morphys["phy"] = $langs->trans("Physical");
$morphys["mor"] = $langs->trans("Moral");
print '<tr><td><span class="fieldrequired">'.$langs->trans("Nature")."</span></td><td>\n";
print $form->selectarray("morphy", $morphys, isset($_POST["morphy"])?$_POST["morphy"]:$object->morphy, 1);
print $form->selectarray("morphy", $morphys, GETPOST('morphy','alpha')?GETPOST('morphy','alpha'):$object->morphy, 1);
print "</td>\n";
// Type
@ -682,26 +687,26 @@ if ($action == 'create')
$listetype=$adht->liste_array();
if (count($listetype))
{
print $form->selectarray("typeid", $listetype, isset($_POST["typeid"])?$_POST["typeid"]:$typeid, 1);
print $form->selectarray("typeid", $listetype, GETPOST('typeid','int')?GETPOST('typeid','int'):$typeid, 1);
} else {
print '<font class="error">'.$langs->trans("NoTypeDefinedGoToSetup").'</font>';
}
print "</td>\n";
// Company
print '<tr><td>'.$langs->trans("Company").'</td><td><input type="text" name="societe" size="40" value="'.(isset($_POST["societe"])?$_POST["societe"]:$object->societe).'"></td></tr>';
print '<tr><td>'.$langs->trans("Company").'</td><td><input type="text" name="societe" size="40" value="'.(GETPOST('societe','alpha')?GETPOST('societe','alpha'):$object->societe).'"></td></tr>';
// Civility
print '<tr><td>'.$langs->trans("UserTitle").'</td><td>';
print $formcompany->select_civility(isset($_POST["civilite_id"])?$_POST["civilite_id"]:$object->civilite_id,'civilite_id').'</td>';
print $formcompany->select_civility(GETPOST('civilite_id','int')?GETPOST('civilite_id','int'):$object->civilite_id,'civilite_id').'</td>';
print '</tr>';
// Lastname
print '<tr><td><span class="fieldrequired">'.$langs->trans("Lastname").'</span></td><td><input type="text" name="nom" value="'.(isset($_POST["nom"])?$_POST["nom"]:$object->lastname).'" size="40"></td>';
print '<tr><td><span class="fieldrequired">'.$langs->trans("Lastname").'</span></td><td><input type="text" name="nom" value="'.(GETPOST('nom','alpha')?GETPOST('nom','alpha'):$object->lastname).'" size="40"></td>';
print '</tr>';
// Firstname
print '<tr><td><span class="fieldrequired">'.$langs->trans("Firstname").'</td><td><input type="text" name="prenom" size="40" value="'.(isset($_POST["prenom"])?$_POST["prenom"]:$object->firstname).'"></td>';
print '<tr><td><span class="fieldrequired">'.$langs->trans("Firstname").'</td><td><input type="text" name="prenom" size="40" value="'.(GETPOST('prenom','alpha')?GETPOST('prenom','alpha'):$object->firstname).'"></td>';
print '</tr>';
// Password
@ -716,20 +721,20 @@ if ($action == 'create')
// Address
print '<tr><td valign="top">'.$langs->trans("Address").'</td><td>';
print '<textarea name="address" wrap="soft" cols="40" rows="2">'.(isset($_POST["address"])?$_POST["address"]:$object->address).'</textarea>';
print '<textarea name="address" wrap="soft" cols="40" rows="2">'.(GETPOST('address','alpha')?GETPOST('address','alpha'):$object->address).'</textarea>';
print '</td></tr>';
// Zip / Town
print '<tr><td>'.$langs->trans("Zip").' / '.$langs->trans("Town").'</td><td>';
print $formcompany->select_ziptown((isset($_POST["zipcode"])?$_POST["zipcode"]:$object->zip),'zipcode',array('town','selectcountry_id','departement_id'),6);
print $formcompany->select_ziptown((GETPOST('zipcode','alpha')?GETPOST('zipcode','alpha'):$object->zip),'zipcode',array('town','selectcountry_id','departement_id'),6);
print ' ';
print $formcompany->select_ziptown((isset($_POST["town"])?$_POST["town"]:$object->town),'town',array('zipcode','selectcountry_id','departement_id'));
print $formcompany->select_ziptown((GETPOST('town','alpha')?GETPOST('town','alpha'):$object->town),'town',array('zipcode','selectcountry_id','departement_id'));
print '</td></tr>';
// Country
$object->country_id=$object->country_id?$object->country_id:$mysoc->country_id;
print '<tr><td width="25%">'.$langs->trans('Country').'</td><td>';
print $form->select_country(isset($_POST["country_id"])?$_POST["country_id"]:$object->country_id,'country_id');
print $form->select_country(GETPOST('country_id','alpha')?GETPOST('country_id','alpha'):$object->country_id,'country_id');
if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionnarySetup"),1);
print '</td></tr>';
@ -739,7 +744,7 @@ if ($action == 'create')
print '<tr><td>'.$langs->trans('State').'</td><td>';
if ($object->country_id)
{
print $formcompany->select_state(isset($_POST["departement_id"])?$_POST["departement_id"]:$object->fk_departement,$object->country_code);
print $formcompany->select_state(GETPOST('departement_id','int')?GETPOST('departement_id','int'):$object->fk_departement,$object->country_code);
}
else
{
@ -749,16 +754,16 @@ if ($action == 'create')
}
// Tel pro
print '<tr><td>'.$langs->trans("PhonePro").'</td><td><input type="text" name="phone" size="20" value="'.(isset($_POST["phone"])?$_POST["phone"]:$object->phone).'"></td></tr>';
print '<tr><td>'.$langs->trans("PhonePro").'</td><td><input type="text" name="phone" size="20" value="'.(GETPOST('phone','alpha')?GETPOST('phone','alpha'):$object->phone).'"></td></tr>';
// Tel perso
print '<tr><td>'.$langs->trans("PhonePerso").'</td><td><input type="text" name="phone_perso" size="20" value="'.(isset($_POST["phone_perso"])?$_POST["phone_perso"]:$object->phone_perso).'"></td></tr>';
print '<tr><td>'.$langs->trans("PhonePerso").'</td><td><input type="text" name="phone_perso" size="20" value="'.(GETPOST('phone_perso','alpha')?GETPOST('phone_perso','alpha'):$object->phone_perso).'"></td></tr>';
// Tel mobile
print '<tr><td>'.$langs->trans("PhoneMobile").'</td><td><input type="text" name="phone_mobile" size="20" value="'.(isset($_POST["phone_mobile"])?$_POST["phone_mobile"]:$object->phone_mobile).'"></td></tr>';
print '<tr><td>'.$langs->trans("PhoneMobile").'</td><td><input type="text" name="phone_mobile" size="20" value="'.(GETPOST('phone_mobile','alpha')?GETPOST('phone_mobile','alpha'):$object->phone_mobile).'"></td></tr>';
// EMail
print '<tr><td>'.($conf->global->ADHERENT_MAIL_REQUIRED?'<span class="fieldrequired">':'').$langs->trans("EMail").($conf->global->ADHERENT_MAIL_REQUIRED?'</span>':'').'</td><td><input type="text" name="member_email" size="40" value="'.(isset($_POST["member_email"])?$_POST["member_email"]:$object->email).'"></td></tr>';
print '<tr><td>'.($conf->global->ADHERENT_MAIL_REQUIRED?'<span class="fieldrequired">':'').$langs->trans("EMail").($conf->global->ADHERENT_MAIL_REQUIRED?'</span>':'').'</td><td><input type="text" name="member_email" size="40" value="'.(GETPOST('member_email','alpha')?GETPOST('member_email','alpha'):$object->email).'"></td></tr>';
// Birthday
print "<tr><td>".$langs->trans("Birthday")."</td><td>\n";
@ -777,7 +782,7 @@ if ($action == 'create')
{
foreach($extrafields->attribute_label as $key=>$label)
{
$value=(isset($_POST["options_".$key])?$_POST["options_".$key]:$object->array_options["options_".$key]);
$value=(isset($_POST["options_".$key])?GETPOST('options_'.$key,'alpha'):$object->array_options["options_".$key]);
print '<tr><td>'.$label.'</td><td>';
print $extrafields->showInputField($key,$value);
print '</td></tr>'."\n";

2
htdocs/adherents/ldap.php
View File

@ -34,7 +34,7 @@ $langs->load("members");
$langs->load("ldap");
$langs->load("admin");
$rowid = GETPOST("id");
$rowid = GETPOST('id','int');
$action = GETPOST('action');
// Protection

2
htdocs/adherents/liste.php
View File

@ -79,7 +79,7 @@ llxHeader('',$langs->trans("Member"),'EN:Module_Foundations|FR:Module_Adh&eacute
$now=dol_now();
$sql = "SELECT d.rowid, d.login, d.prenom as firstname, d.nom as name, d.societe, ";
$sql = "SELECT d.rowid, d.login, d.nom as lastname, d.prenom as firstname, d.societe, ";
$sql.= " d.datefin,";
$sql.= " d.email, d.fk_adherent_type as type_id, d.morphy, d.statut,";
$sql.= " t.libelle as type, t.cotisation";

2
htdocs/adherents/note.php
View File

@ -28,7 +28,7 @@ require_once(DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php');
require_once(DOL_DOCUMENT_ROOT."/adherents/class/adherent_type.class.php");
$action=GETPOST('action');
$id=GETPOST("id");
$id=GETPOST('id','int');
$langs->load("companies");
$langs->load("members");

4
htdocs/adherents/stats/index.php
View File

@ -31,8 +31,8 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/member.lib.php");
$WIDTH=500;
$HEIGHT=200;
$userid=GETPOST('userid'); if ($userid < 0) $userid=0;
$socid=GETPOST('socid'); if ($socid < 0) $socid=0;
$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
// Security check
if ($user->societe_id > 0)
{

10
htdocs/admin/dict.php
View File

@ -296,7 +296,7 @@ complete_dictionnary_with_modules($taborder,$tabname,$tablib,$tabsql,$tabsqlsort
// Define elementList and sourceList (used for dictionnary "type of contacts")
$elementList = array();
$sourceList=array();
if (GETPOST("id") == 11)
if (GETPOST('id','int') == 11)
{
$langs->load("orders");
$langs->load("contracts");
@ -702,7 +702,7 @@ if ($_GET["id"])
if ($num > $listlimit)
{
print '<tr class="none"><td align="right" colspan="'.(3+count($fieldlist)).'">';
print_fleche_navigation($page,$_SERVER["PHP_SELF"],'&id='.GETPOST('id'),($num > $listlimit),$langs->trans("Page").' '.($page+1));
print_fleche_navigation($page,$_SERVER["PHP_SELF"],'&id='.GETPOST('id','int'),($num > $listlimit),$langs->trans("Page").' '.($page+1));
print '</td></tr>';
}
@ -737,10 +737,10 @@ if ($_GET["id"])
// Affiche nom du champ
if ($showfield)
{
print_liste_field_titre($valuetoshow,"dict.php",$fieldlist[$field],($page?'page='.$page.'&':'').'&id='.GETPOST("id"),"","",$sortfield,$sortorder);
print_liste_field_titre($valuetoshow,"dict.php",$fieldlist[$field],($page?'page='.$page.'&':'').'&id='.GETPOST('id','int'),"","",$sortfield,$sortorder);
}
}
print_liste_field_titre($langs->trans("Status"),"dict.php","active",($page?'page='.$page.'&':'').'&id='.GETPOST("id"),"",'align="center"',$sortfield,$sortorder);
print_liste_field_titre($langs->trans("Status"),"dict.php","active",($page?'page='.$page.'&':'').'&id='.GETPOST('id','int'),"",'align="center"',$sortfield,$sortorder);
print '<td colspan="2" class="liste_titre">&nbsp;</td>';
print '</tr>';
@ -756,7 +756,7 @@ if ($_GET["id"])
{
print '<form action="dict.php" method="post">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="id" value="'.GETPOST("id").'">';
print '<input type="hidden" name="id" value="'.GETPOST('id','int').'">';
print '<input type="hidden" name="page" value="'.$page.'">';
print '<input type="hidden" name="rowid" value="'.$_GET["rowid"].'">';

12
htdocs/boxes.php
View File

@ -210,11 +210,11 @@ class InfoBox
}
else
{
$boxname=preg_replace('/.php$/i','',$obj->file);
$sourcefile = DOL_DOCUMENT_ROOT."/core/boxes/".$boxname.".php";
$boxname=preg_replace('/\.php$/i','',$obj->file);
$sourcefile = "/core/boxes/".$boxname.".php";
}
dol_include_once($sourcefile);
dol_include_once($sourcefile); // Do not use dol_include_once here because sourcefile is already good fullpath
if (class_exists($boxname))
{
$box=new $boxname($this->db,$obj->note);
@ -271,15 +271,15 @@ class InfoBox
{
$boxname = $regs[1];
$module = $regs[2];
$sourcefile = "/".$module."/core/boxes/".$boxname.".php";
$relsourcefile = "/".$module."/core/boxes/".$boxname.".php";
}
else
{
$boxname=preg_replace('/.php$/i','',$obj->file);
$sourcefile = "/core/boxes/".$boxname.".php";
$relsourcefile = "/core/boxes/".$boxname.".php";
}
dol_include_once($sourcefile);
dol_include_once($relsourcefile);
if (class_exists($boxname))
{
$box=new $boxname($this->db,$obj->note);

4
htdocs/cashdesk/admin/cashdesk.php
View File

@ -49,11 +49,11 @@ if (GETPOST("action") == 'set')
{
$db->begin();
if (GETPOST("socid") < 0) $_POST["socid"]='';
if (GETPOST('socid','int') < 0) $_POST["socid"]='';
/*if (GETPOST("CASHDESK_ID_BANKACCOUNT") < 0) $_POST["CASHDESK_ID_BANKACCOUNT"]='';
if (GETPOST("CASHDESK_ID_WAREHOUSE") < 0) $_POST["CASHDESK_ID_WAREHOUSE"]='';*/
$res = dolibarr_set_const($db,"CASHDESK_ID_THIRDPARTY",GETPOST("socid"),'chaine',0,'',$conf->entity);
$res = dolibarr_set_const($db,"CASHDESK_ID_THIRDPARTY",GETPOST('socid','int'),'chaine',0,'',$conf->entity);
$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CASH",GETPOST("CASHDESK_ID_BANKACCOUNT_CASH"),'chaine',0,'',$conf->entity);
$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CHEQUE",GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE"),'chaine',0,'',$conf->entity);
$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CB",GETPOST("CASHDESK_ID_BANKACCOUNT_CB"),'chaine',0,'',$conf->entity);

2
htdocs/cashdesk/index.php
View File

@ -93,7 +93,7 @@ print '<td>';
$disabled=0;
$langs->load("companies");
if (! empty($conf->global->CASHDESK_ID_THIRDPARTY)) $disabled=1; // If a particular third party is defined, we disable choice
print $form->select_company(GETPOST('socid')?GETPOST('socid'):$conf->global->CASHDESK_ID_THIRDPARTY,'socid','s.client in (1,3)',!$disabled,$disabled,1);
print $form->select_company(GETPOST('socid','int')?GETPOST('socid','int'):$conf->global->CASHDESK_ID_THIRDPARTY,'socid','s.client in (1,3)',!$disabled,$disabled,1);
//print '<input name="warehouse_id" class="texte_login" type="warehouse_id" value="" />';
print '</td>';
print "</tr>\n";

2
htdocs/cashdesk/index_verif.php
View File

@ -30,7 +30,7 @@ $langs->load("cashdesk");
$username = GETPOST("txtUsername");
$password = GETPOST("pwdPassword");
$thirdpartyid = (GETPOST("socid")!='')?GETPOST("socid"):$conf->global->CASHDESK_ID_THIRDPARTY;
$thirdpartyid = (GETPOST('socid','int')!='')?GETPOST('socid','int'):$conf->global->CASHDESK_ID_THIRDPARTY;
$warehouseid = (GETPOST("warehouseid")!='')?GETPOST("warehouseid"):$conf->global->CASHDESK_ID_WAREHOUSE;
// Check username

2
htdocs/cashdesk/tpl/ticket.tpl.php
View File

@ -20,7 +20,7 @@ include_once(DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php');
$langs->load("main");
header("Content-type: text/html; charset=".$conf->file->character_set_client);
$facid=GETPOST('facid');
$facid=GETPOST('facid','int');
$object=new Facture($db);
$object->fetch($facid);

4
htdocs/categories/categorie.php
View File

@ -32,8 +32,8 @@ require_once(DOL_DOCUMENT_ROOT."/categories/class/categorie.class.php");
$langs->load("categories");
$langs->load("products");
$socid = GETPOST('socid');
$id = GETPOST('id');
$socid = GETPOST('socid','int');
$id = GETPOST('id','int');
$ref = GETPOST('ref');
$type = GETPOST('type');
$mesg = GETPOST('mesg');

2
htdocs/categories/edit.php
View File

@ -28,7 +28,7 @@ require("../main.inc.php");
require_once(DOL_DOCUMENT_ROOT."/categories/class/categorie.class.php");
$id=GETPOST('id');
$id=GETPOST('id','int');
$ref=GETPOST('ref');
$type=GETPOST('type');
$action=GETPOST('action');

15
htdocs/categories/fiche.php
View File

@ -31,16 +31,15 @@ $langs->load("categories");
// Security check
$socid=GETPOST('socid');
$socid=GETPOST('socid','int');
if (!$user->rights->categorie->lire) accessforbidden();
$action = GETPOST('action');
$cancel = GETPOST('cancel');
$origin = GETPOST('origin');
$catorigin = GETPOST('catorigin');
$nbcats = (GETPOST('choix') ? GETPOST('choix') : 1);
$type = GETPOST('type');
$urlfrom = GETPOST("urlfrom");
$action = GETPOST('action','alpha');
$cancel = GETPOST('cancel','alpha');
$origin = GETPOST('origin','alpha');
$catorigin = GETPOST('catorigin','int');
$type = GETPOST('type','alpha');
$urlfrom = GETPOST('urlfrom','alpha');
if ($origin)
{

2
htdocs/categories/photos.php
View File

@ -35,7 +35,7 @@ $langs->load("bills");
$mesg = '';
$id=GETPOST('id');
$id=GETPOST('id','int');
$ref=GETPOST('ref');
$type=GETPOST('type');
$action=GETPOST('action');

2
htdocs/categories/viewcat.php
View File

@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/categories.lib.php");
$langs->load("categories");
$mesg = '';
$id=GETPOST('id');
$id=GETPOST('id','int');
$ref=GETPOST('ref');
$type=GETPOST('type');
$action=GETPOST('action');

4
htdocs/comm/action/document.php
View File

@ -2,7 +2,7 @@
/* Copyright (C) 2003-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2010 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005 Marc Barilley / Ocebo <marc@ocebo.com>
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005 Simon TOSSER <simon@kornog-computing.com>
*
* This program is free software; you can redistribute it and/or modify
@ -40,7 +40,7 @@ $langs->load("other");
$langs->load("bills");
if (isset($_GET["error"])) $error=$_GET["error"];
$objectid = GETPOST("id");
$objectid = GETPOST('id','int');
// Security check
if ($user->societe_id > 0)

40
htdocs/comm/action/fiche.php
View File

@ -2,7 +2,7 @@
/* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2012 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005 Simon TOSSER <simon@kornog-computing.com>
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2010 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
@ -43,11 +43,12 @@ $langs->load("bills");
$langs->load("orders");
$langs->load("agenda");
$action=GETPOST("action");
$action=GETPOST('action','alpha');
$backtopage=GETPOST('backtopage','alpha');
// Security check
$socid = GETPOST('socid');
$id = GETPOST('id');
$socid = GETPOST('socid','int');
$id = GETPOST('id','int');
if ($user->societe_id) $socid=$user->societe_id;
//$result = restrictedArea($user, 'agenda', $id, 'actioncomm', 'actions', '', 'id');
@ -66,9 +67,7 @@ if ($action == 'add_action')
{
$error=0;
$backtopage='';
if (! empty($_POST["backtopage"])) $backtopage=$_POST["backtopage"];
if (! $backtopage)
if (empty($backtopage))
{
if ($socid > 0) $backtopage = DOL_URL_ROOT.'/societe/agenda.php?socid='.$socid;
else $backtopage=DOL_URL_ROOT.'/comm/action/index.php';
@ -154,10 +153,10 @@ if ($action == 'add_action')
$actioncomm->note = trim($_POST["note"]);
if (isset($_POST["contactid"])) $actioncomm->contact = $contact;
if (GETPOST("socid") > 0)
if (GETPOST('socid','int') > 0)
{
$societe = new Societe($db);
$societe->fetch(GETPOST("socid"));
$societe->fetch(GETPOST('socid','int'));
$actioncomm->societe = $societe;
}
@ -339,14 +338,9 @@ if ($action == 'update')
}
else
{
if (! empty($_POST["from"])) // deprecated. Use backtopage instead
{
header("Location: ".$_POST["from"]);
exit;
}
if (! empty($_POST["backtopage"]))
if (! empty($backtopage))
{
header("Location: ".$_POST["backtopage"]);
header("Location: ".$backtopage);
exit;
}
}
@ -426,7 +420,7 @@ if ($action == 'create')
print '<form name="formaction" action="'.DOL_URL_ROOT.'/comm/action/fiche.php" method="POST">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add_action">';
if (GETPOST("backtopage")) print '<input type="hidden" name="backtopage" value="'.(GETPOST("backtopage") != 1 ? GETPOST("backtopage") : $_SERVER["HTTP_REFERER"]).'">';
print '<input type="hidden" name="backtopage" value="'.(! empty($backtopage) ? $backtopage : $_SERVER["HTTP_REFERER"]).'">';
if (GETPOST("actioncode") == 'AC_RDV') print_fiche_titre($langs->trans("AddActionRendezVous"));
else print_fiche_titre($langs->trans("AddAnAction"));
@ -514,12 +508,12 @@ if ($action == 'create')
// Societe, contact
print '<tr><td width="30%" nowrap="nowrap">'.$langs->trans("ActionOnCompany").'</td><td>';
if (GETPOST("socid") > 0)
if (GETPOST('socid','int') > 0)
{
$societe = new Societe($db);
$societe->fetch(GETPOST("socid"));
$societe->fetch(GETPOST('socid','int'));
print $societe->getNomUrl(1);
print '<input type="hidden" name="socid" value="'.GETPOST("socid").'">';
print '<input type="hidden" name="socid" value="'.GETPOST('socid','int').'">';
}
else
{
@ -528,10 +522,10 @@ if ($action == 'create')
print '</td></tr>';
// If company is forced, we propose contacts (may be contact is also forced)
if (GETPOST("contactid") > 0 || GETPOST("socid") > 0)
if (GETPOST("contactid") > 0 || GETPOST('socid','int') > 0)
{
print '<tr><td nowrap>'.$langs->trans("ActionOnContact").'</td><td>';
$form->select_contacts(GETPOST("socid"),GETPOST('contactid'),'contactid',1);
$form->select_contacts(GETPOST('socid','int'),GETPOST('contactid'),'contactid',1);
print '</td></tr>';
}
@ -679,7 +673,7 @@ if ($id)
print '<input type="hidden" name="action" value="update">';
print '<input type="hidden" name="id" value="'.$id.'">';
print '<input type="hidden" name="ref_ext" value="'.$act->ref_ext.'">';
if (GETPOST("backtopage")) print '<input type="hidden" name="backtopage" value="'.(GETPOST("backtopage") ? GETPOST("backtopage") : $_SERVER["HTTP_REFERER"]).'">';
print '<input type="hidden" name="backtopage" value="'.(! empty($backtopage) ? $backtopage : $_SERVER["HTTP_REFERER"]).'">';
print '<table class="border" width="100%">';

4
htdocs/comm/action/rapport/index.php
View File

@ -40,7 +40,7 @@ if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="a.datep";
// Security check
$socid = GETPOST("socid");
$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'agenda', $socid, '', 'myactions');
@ -53,7 +53,7 @@ $langs->load("commercial");
if ($_GET["action"] == 'builddoc')
{
$cat = new CommActionRapport($db, $_GET["month"], $_GET["year"]);
$result=$cat->write_file(GETPOST("id"));
$result=$cat->write_file(GETPOST('id','int'));
if ($result < 0)
{
$mesg=$cat->error;

2
htdocs/comm/contact.php
View File

@ -40,7 +40,7 @@ $offset = $limit * $page ;
$type=$_GET["type"];
// Security check
$socid = GETPOST('socid');
$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'societe',$socid,'');

2
htdocs/comm/fiche.php
View File

@ -49,7 +49,7 @@ if ($conf->notification->enabled) $langs->load("mails");
if (!empty($conf->global->MAIN_MODULE_CHRONODOCS)) $langs->load("chronodocs");
// Security check
$id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id'));
$id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id','int'));
if ($user->societe_id > 0) $id=$user->societe_id;
$result = restrictedArea($user,'societe',$id,'&societe');

2
htdocs/comm/list.php
View File

@ -32,7 +32,7 @@ $langs->load("suppliers");
$langs->load("commercial");
// Security check
$socid = GETPOST("socid");
$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user,'societe',$socid,'');

2
htdocs/comm/mailing/cibles.php
View File

@ -47,7 +47,7 @@ $pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="email";
$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id');
$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id','int');
$action=GETPOST("action");
$search_nom=GETPOST("search_nom");
$search_prenom=GETPOST("search_prenom");

6
htdocs/comm/propal.php
View File

@ -1080,7 +1080,7 @@ if ($id > 0 || ! empty($ref))
//'text' => $langs->trans("ConfirmClone"),
//array('type' => 'checkbox', 'name' => 'clone_content', 'label' => $langs->trans("CloneMainAttributes"), 'value' => 1),
//array('type' => 'checkbox', 'name' => 'update_prices', 'label' => $langs->trans("PuttingPricesUpToDate"), 'value' => 1),
array('type' => 'other', 'name' => 'socid', 'label' => $langs->trans("SelectThirdParty"), 'value' => $form->select_company(GETPOST('socid'),'socid','(s.client=1 OR s.client=3)'))
array('type' => 'other', 'name' => 'socid', 'label' => $langs->trans("SelectThirdParty"), 'value' => $form->select_company(GETPOST('socid','int'),'socid','(s.client=1 OR s.client=3)'))
);
// Paiement incomplet. On demande si motif = escompte ou autre
$formconfirm=$form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id,$langs->trans('ClonePropal'),$langs->trans('ConfirmClonePropal',$object->ref),'confirm_clone',$formquestion,'yes',1);
@ -1352,11 +1352,11 @@ if ($id > 0 || ! empty($ref))
if ($action == 'editdelivery_address')
{
$formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid'),'fk_address','propal',$object->id);
$formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid','int'),'fk_address','propal',$object->id);
}
else
{
$formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid'),'none','propal',$object->id);
$formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid','int'),'none','propal',$object->id);
}
print '</td></tr>';
}

2
htdocs/comm/propal/apercu.php
View File

@ -37,7 +37,7 @@ $langs->load('compta');
// Security check
$socid=0;
$id = GETPOST("id");
$id = GETPOST('id','int');
$ref = GETPOST("ref");
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'propale', $id, 'propal');

2
htdocs/comm/propal/document.php
View File

@ -35,7 +35,7 @@ $langs->load('other');
$action = GETPOST('action');
$confirm = GETPOST('confirm');
$id = GETPOST('id');
$id = GETPOST('id','int');
$ref = GETPOST('ref');
// Security check

4
htdocs/comm/propal/stats/index.php
View File

@ -30,8 +30,8 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/dolgraph.class.php");
$WIDTH=500;
$HEIGHT=200;
$userid=GETPOST('userid'); if ($userid < 0) $userid=0;
$socid=GETPOST('socid'); if ($socid < 0) $socid=0;
$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
// Security check
if ($user->societe_id > 0)
{

2
htdocs/comm/prospect/fiche.php
View File

@ -37,7 +37,7 @@ $langs->load('projects');
$langs->load('propal');
// Security check
$socid = GETPOST("socid");
$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'societe', $socid, '&societe');

16
htdocs/comm/remise.php
View File

@ -30,21 +30,23 @@ $langs->load("companies");
$langs->load("orders");
$langs->load("bills");
$socid = GETPOST("id");
$socid = GETPOST('id','int');
// Security check
if ($user->societe_id > 0)
{
$socid = $user->societe_id;
}
$backtopage = GETPOST('backtopage','alpha');
/*
* Actions
*/
if (GETPOST('cancel') && GETPOST('backtopage'))
if (GETPOST('cancel') && ! empty($backtopage))
{
Header("Location: ".GETPOST("backtopage"));
Header("Location: ".$backtopage);
exit;
}
@ -56,9 +58,9 @@ if (GETPOST("action") == 'setremise')
if ($result > 0)
{
if (GETPOST('backtopage'))
if (! empty($backtopage))
{
Header("Location: ".GETPOST('backtopage'));
Header("Location: ".$backtopage);
exit;
}
else
@ -122,7 +124,7 @@ if ($socid > 0)
print '<form method="POST" action="remise.php?id='.$objsoc->id.'">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="setremise">';
print '<input type="hidden" name="backtopage" value="'.GETPOST('backtopage').'">';
print '<input type="hidden" name="backtopage" value="'.$backtopage.'">';
print '<table class="border" width="100%">';
@ -138,7 +140,7 @@ if ($socid > 0)
print '<center>';
print '<input type="submit" class="button" value="'.$langs->trans("Modify").'">';
if (GETPOST("backtopage"))
if (! empty($backtopage))
{
print '&nbsp; &nbsp; ';
print '<input type="submit" class="button" name="cancel" value="'.$langs->trans("Cancel").'">';

19
htdocs/comm/remx.php
View File

@ -32,10 +32,11 @@ $langs->load("orders");
$langs->load("bills");
$langs->load("companies");
$action=GETPOST('action');
$action=GETPOST('action','alpha');
$backtopage=GETPOST('backtopage','alpha');
// Security check
$socid = GETPOST("id");
$socid = GETPOST('id','int');
if ($user->societe_id > 0)
{
$socid = $user->societe_id;
@ -46,9 +47,9 @@ if ($user->societe_id > 0)
* Actions
*/
if (GETPOST('cancel') && GETPOST('backtopage'))
if (GETPOST('cancel') && ! empty($backtopage))
{
Header("Location: ".GETPOST("backtopage"));
Header("Location: ".$backtopage);
exit;
}
@ -151,9 +152,9 @@ if ($action == 'setremise')
if ($discountid > 0)
{
if (GETPOST("backtopage"))
if (! empty($backtopage))
{
Header("Location: ".GETPOST("backtopage").'&discountid='.$discountid);
Header("Location: ".$backtopage.'&discountid='.$discountid);
exit;
}
else
@ -188,7 +189,7 @@ if (GETPOST("action") == 'confirm_remove' && GETPOST("confirm")=='yes')
if ($result > 0)
{
$db->commit();
header("Location: ".$_SERVER["PHP_SELF"].'?id='.GETPOST('id')); // To avoid pb whith back
header("Location: ".$_SERVER["PHP_SELF"].'?id='.GETPOST('id','int')); // To avoid pb whith back
exit;
}
else
@ -228,7 +229,7 @@ if ($socid > 0)
print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'?id='.$objsoc->id.'">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="setremise">';
print '<input type="hidden" name="backtopage" value="'.GETPOST('backtopage').'">';
print '<input type="hidden" name="backtopage" value="'.$backtopage.'">';
print '<table class="border" width="100%">';
@ -280,7 +281,7 @@ if ($socid > 0)
print '<center>';
print '<input type="submit" class="button" name="submit" value="'.$langs->trans("AddGlobalDiscount").'">';
if (GETPOST("backtopage"))
if (! empty($backtopage))
{
print '&nbsp; &nbsp; ';
print '<input type="submit" class="button" name="cancel" value="'.$langs->trans("Cancel").'">';

2
htdocs/commande/apercu.php
View File

@ -40,7 +40,7 @@ $langs->load('sendings');
// Security check
$socid=0;
$id = GETPOST("id");
$id = GETPOST('id','int');
$ref = GETPOST("ref");
if ($user->societe_id) $socid=$user->societe_id;
$result=restrictedArea($user,'commande',$id,'');

2
htdocs/commande/contact.php
View File

@ -79,7 +79,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->commande->creer)
if ($_GET["action"] == 'swapstatut' && $user->rights->commande->creer)
{
$commande = new Commande($db);
if ($commande->fetch(GETPOST("id")))
if ($commande->fetch(GETPOST('id','int')))
{
$result=$commande->swapContactStatus(GETPOST('ligne'));
}

2
htdocs/commande/document.php
View File

@ -36,7 +36,7 @@ $langs->load('other');
$action = GETPOST('action');
$confirm = GETPOST('confirm');
$id = GETPOST('id');
$id = GETPOST('id','int');
$ref = GETPOST('ref');
// Security check

34
htdocs/commande/fiche.php
View File

@ -51,9 +51,9 @@ $langs->load('propal');
$langs->load('deliveries');
$langs->load('products');
$id = (GETPOST("id")?GETPOST("id"):GETPOST("orderid"));
$id = (GETPOST('id','int')?GETPOST('id','int'):GETPOST("orderid"));
$ref = GETPOST('ref');
$socid = GETPOST('socid');
$socid = GETPOST('socid','int');
$action = GETPOST('action');
$confirm = GETPOST('confirm');
$lineid = GETPOST('lineid');
@ -191,7 +191,7 @@ if ($action == 'add' && $user->rights->commande->creer)
$datecommande = dol_mktime(12, 0, 0, $_POST['remonth'], $_POST['reday'], $_POST['reyear']);
$datelivraison = dol_mktime(12, 0, 0, $_POST['liv_month'],$_POST['liv_day'],$_POST['liv_year']);
$object->socid=GETPOST('socid');
$object->socid=GETPOST('socid','int');
$object->fetch_thirdparty();
$db->begin();
@ -229,7 +229,7 @@ if ($action == 'add' && $user->rights->commande->creer)
$object->origin = $_POST['origin'];
$object->origin_id = $_POST['originid'];
// Possibility to add external linked objects with hooks
$object->linked_objects[$object->origin] = $object->origin_id;
if (is_array($_POST['other_linked_objects']) && ! empty($_POST['other_linked_objects']))
@ -637,18 +637,18 @@ if ($action == 'addline' && $user->rights->commande->creer)
if ($result > 0)
{
// Define output language
$outputlangs = $langs;
$newlang='';
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id'];
if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang;
if (! empty($newlang))
{
$outputlangs = new Translate("",$conf);
$outputlangs->setDefaultLang($newlang);
}
if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE))
{
// Define output language
$outputlangs = $langs;
$newlang=GETPOST('lang_id','alpha');
if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang;
if (! empty($newlang))
{
$outputlangs = new Translate("",$conf);
$outputlangs->setDefaultLang($newlang);
}
$ret=$object->fetch($id); // Reload to get new records
commande_pdf_create($db, $object, $object->modelpdf, $outputlangs, GETPOST('hidedetails'), GETPOST('hidedesc'), GETPOST('hideref'), $hookmanager);
}
@ -1652,7 +1652,7 @@ else
//'text' => $langs->trans("ConfirmClone"),
//array('type' => 'checkbox', 'name' => 'clone_content', 'label' => $langs->trans("CloneMainAttributes"), 'value' => 1),
//array('type' => 'checkbox', 'name' => 'update_prices', 'label' => $langs->trans("PuttingPricesUpToDate"), 'value' => 1),
array('type' => 'other', 'name' => 'socid', 'label' => $langs->trans("SelectThirdParty"), 'value' => $form->select_company(GETPOST('socid'),'socid','(s.client=1 OR s.client=3)'))
array('type' => 'other', 'name' => 'socid', 'label' => $langs->trans("SelectThirdParty"), 'value' => $form->select_company(GETPOST('socid','int'),'socid','(s.client=1 OR s.client=3)'))
);
// Paiement incomplet. On demande si motif = escompte ou autre
$formconfirm=$form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id,$langs->trans('CloneOrder'),$langs->trans('ConfirmCloneOrder',$object->ref),'confirm_clone',$formquestion,'yes',1);
@ -1816,11 +1816,11 @@ else
if ($action == 'editdelivery_adress')
{
$form->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,$socid,'fk_address','commande',$object->id);
$formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,$socid,'fk_address','commande',$object->id);
}
else
{
$form->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,$socid,'none','commande',$object->id);
$formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,$socid,'none','commande',$object->id);
}
print '</td></tr>';
}

2
htdocs/commande/index.php
View File

@ -33,7 +33,7 @@ if (!$user->rights->commande->lire) accessforbidden();
$langs->load("orders");
// Security check
$socid=GETPOST('socid');
$socid=GETPOST('socid','int');
if ($user->societe_id > 0)
{
$action = '';

2
htdocs/commande/liste.php
View File

@ -44,7 +44,7 @@ $sall=GETPOST('sall');
$socid=GETPOST('socid','int');
// Security check
$id = (GETPOST('orderid')?GETPOST('orderid'):GETPOST('id'));
$id = (GETPOST('orderid')?GETPOST('orderid'):GETPOST('id','int'));
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'commande', $id,'');

4
htdocs/commande/stats/index.php
View File

@ -34,8 +34,8 @@ $mode=GETPOST("mode")?GETPOST("mode"):'customer';
if ($mode == 'customer' && ! $user->rights->commande->lire) accessforbidden();
if ($mode == 'supplier' && ! $user->rights->fournisseur->commande->lire) accessforbidden();
$userid=GETPOST('userid'); if ($userid < 0) $userid=0;
$socid=GETPOST('socid'); if ($socid < 0) $socid=0;
$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
// Security check
if ($user->societe_id > 0)
{

4
htdocs/compta/bank/fiche.php
View File

@ -468,10 +468,10 @@ else
/* */
/* ************************************************************************** */
if (GETPOST("id") && $action == 'edit' && $user->rights->banque->configurer)
if (GETPOST('id','int') && $action == 'edit' && $user->rights->banque->configurer)
{
$account = new Account($db);
$account->fetch(GETPOST("id"));
$account->fetch(GETPOST('id','int'));
print_fiche_titre($langs->trans("EditFinancialAccount"));
print "<br>";

4
htdocs/compta/deplacement/fiche.php
View File

@ -36,7 +36,7 @@ $langs->load("trips");
// Security check
$id = GETPOST('id');
$id = GETPOST('id','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'deplacement', $id,'');
@ -287,7 +287,7 @@ if ($action == 'create')
// Company
print "<tr>";
print '<td>'.$langs->trans("CompanyVisited").'</td><td>';
print $form->select_company(GETPOST("socid"),'socid','',1);
print $form->select_company(GETPOST('socid','int'),'socid','',1);
print '</td></tr>';
// Public note

2
htdocs/compta/deplacement/index.php
View File

@ -32,7 +32,7 @@ $langs->load("users");
$langs->load("trips");
// Security check
$socid = GETPOST('socid');
$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'deplacement','','');

2
htdocs/compta/deplacement/info.php
View File

@ -30,7 +30,7 @@ require_once(DOL_DOCUMENT_ROOT."/compta/deplacement/class/deplacement.class.php"
$langs->load("trips");
// Security check
$id = GETPOST('id');
$id = GETPOST('id','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'deplacement', $id, '');

2
htdocs/compta/deplacement/list.php
View File

@ -32,7 +32,7 @@ $langs->load("users");
$langs->load("trips");
// Security check
$socid = GETPOST('socid');
$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'deplacement','','');

4
htdocs/compta/deplacement/stats/index.php
View File

@ -31,8 +31,8 @@ $langs->load("trips");
$WIDTH=500;
$HEIGHT=200;
$userid=GETPOST('userid'); if ($userid < 0) $userid=0;
$socid=GETPOST('socid'); if ($socid < 0) $socid=0;
$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
// Securite acces client
if ($user->societe_id > 0)
{

2
htdocs/compta/dons/fiche.php
View File

@ -34,7 +34,7 @@ $langs->load("companies");
$langs->load("donations");
$langs->load("bills");
$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id');
$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id','int');
$action=GETPOST('action');
$mesg="";

4
htdocs/compta/facture.php
View File

@ -53,7 +53,7 @@ if (GETPOST('mesg','int',1) && isset($_SESSION['message'])) $mesg=$_SESSION['mes
$sall=trim(GETPOST('sall'));
$projectid=(GETPOST('projectid')?GETPOST('projectid','int'):0);
$id=(GETPOST('id')?GETPOST('id','int'):GETPOST('facid','int')); // For backward compatibility
$id=(GETPOST('id','int')?GETPOST('id','int'):GETPOST('facid','int')); // For backward compatibility
$ref=GETPOST('ref','alpha');
$socid=GETPOST('socid','int');
$action=GETPOST('action','alpha');
@ -558,7 +558,7 @@ if ($action == 'confirm_converttoreduc' && $confirm == 'yes' && $user->rights->f
*/
if ($action == 'add' && $user->rights->facture->creer)
{
$object->socid=GETPOST('socid');
$object->socid=GETPOST('socid','int');
$db->begin();

2
htdocs/compta/facture/apercu.php
View File

@ -36,7 +36,7 @@ $langs->load("bills");
// Security check
$socid=0;
$id = GETPOST("facid");
$id = GETPOST('facid','int');
$ref = GETPOST("ref");
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'facture', $id);

16
htdocs/compta/facture/class/facture.class.php
View File

@ -838,7 +838,7 @@ class Facture extends CommonObject
$sql.= ' l.rang, l.special_code,';
$sql.= ' l.date_start as date_start, l.date_end as date_end,';
$sql.= ' l.info_bits, l.total_ht, l.total_tva, l.total_localtax1, l.total_localtax2, l.total_ttc, l.fk_code_ventilation, l.fk_export_compta,';
$sql.= ' p.ref as product_ref, p.fk_product_type as fk_product_type, p.label as label, p.description as product_desc';
$sql.= ' p.ref as product_ref, p.fk_product_type as fk_product_type, p.label as product_label, p.description as product_desc';
$sql.= ' FROM '.MAIN_DB_PREFIX.'facturedet as l';
$sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON l.fk_product = p.rowid';
$sql.= ' WHERE l.fk_facture = '.$this->id;
@ -856,12 +856,12 @@ class Facture extends CommonObject
$line = new FactureLigne($this->db);
$line->rowid = $objp->rowid;
$line->desc = $objp->description; // Description line
$line->product_type = $objp->product_type; // Type of line
$line->product_ref = $objp->product_ref; // Ref product
$line->libelle = $objp->label; // Label product
$line->product_label = $objp->product_label;
$line->product_desc = $objp->product_desc; // Description product
$line->desc = $objp->description; // Description line
$line->product_type = $objp->product_type; // Type of line
$line->product_ref = $objp->product_ref; // Ref product
$line->libelle = $objp->product_label; // TODO deprecated
$line->product_label = $objp->product_label; // Label product
$line->product_desc = $objp->product_desc; // Description product
$line->fk_product_type = $objp->fk_product_type; // Type of product
$line->qty = $objp->qty;
$line->subprice = $objp->subprice;
@ -3411,7 +3411,7 @@ class FactureLigne
$sql = 'SELECT fd.rowid, fd.fk_facture, fd.fk_parent_line, fd.fk_product, fd.product_type, fd.description, fd.price, fd.qty, fd.tva_tx,';
$sql.= ' fd.localtax1_tx, fd. localtax2_tx, fd.remise, fd.remise_percent, fd.fk_remise_except, fd.subprice,';
$sql.= ' fd.date_start as date_start, fd.date_end as date_end,';
$sql.= ' fd.info_bits, fd.total_ht, fd.total_tva, fd.total_ttc, fd.rang,';
$sql.= ' fd.info_bits, fd.total_ht, fd.total_tva, fd.total_ttc, fd.total_localtax1, fd.total_localtax2, fd.rang,';
$sql.= ' fd.fk_code_ventilation, fd.fk_export_compta,';
$sql.= ' p.ref as product_ref, p.label as product_libelle, p.description as product_desc';
$sql.= ' FROM '.MAIN_DB_PREFIX.'facturedet as fd';

15
htdocs/compta/facture/contact.php
View File

@ -32,7 +32,9 @@ require_once(DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php');
$langs->load("bills");
$langs->load("companies");
$facid = isset($_GET["facid"])?$_GET["facid"]:'';
$facid = GETPOST('facid');
$id = GETPOST('facid');
$ref= GETPOST('ref');
// Security check
if ($user->societe_id) $socid=$user->societe_id;
@ -45,12 +47,11 @@ $result = restrictedArea($user, 'facture', $facid);
if ($_POST["action"] == 'addcontact' && $user->rights->facture->creer)
{
$result = 0;
$facture = new Facture($db);
$result = $facture->fetch($_GET["facid"]);
$result = $facture->fetch($facid);
if ($result > 0 && $_GET["facid"] > 0)
if ($result > 0 && $facid > 0)
{
$result = $facture->add_contact($_POST["contactid"], $_POST["type"], $_POST["source"]);
}
@ -78,7 +79,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->facture->creer)
if ($_GET["action"] == 'swapstatut' && $user->rights->facture->creer)
{
$facture = new Facture($db);
if ($facture->fetch(GETPOST("facid")))
if ($facture->fetch($facid))
{
$result=$facture->swapContactStatus(GETPOST('ligne'));
}
@ -92,7 +93,7 @@ if ($_GET["action"] == 'swapstatut' && $user->rights->facture->creer)
if ($_GET["action"] == 'deleteline' && $user->rights->facture->creer)
{
$facture = new Facture($db);
$facture->fetch($_GET["facid"]);
$facture->fetch($facid);
$result = $facture->delete_contact($_GET["lineid"]);
if ($result >= 0)
@ -125,8 +126,6 @@ $userstatic=new User($db);
/* *************************************************************************** */
dol_htmloutput_mesg($mesg);
$id = $_GET['facid'];
$ref= $_GET['ref'];
if ($id > 0 || ! empty($ref))
{
$facture = new Facture($db);

2
htdocs/compta/facture/document.php
View File

@ -39,7 +39,7 @@ $langs->load("bills");
$action = GETPOST('action');
$confirm = GETPOST('confirm');
$id = GETPOST('facid');
$id = GETPOST('facid','int');
$ref = GETPOST('ref');
// Security check

4
htdocs/compta/facture/fiche-rec.php
View File

@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT."/product/class/product.class.php");
$langs->load('bills');
// Security check
$facid=GETPOST("facid");
$facid=GETPOST('facid','int');
$action=GETPOST("action");
if ($user->societe_id) $socid=$user->societe_id;
$objecttype = 'facture_rec';
@ -81,7 +81,7 @@ if ($_POST["action"] == 'add')
if ($_REQUEST["action"] == 'delete' && $user->rights->facture->supprimer)
{
$facrec = new FactureRec($db);
$facrec->fetch(GETPOST("facid"));
$facrec->fetch(GETPOST('facid','int'));
$facrec->delete();
$facid = 0 ;
}

4
htdocs/compta/facture/stats/index.php
View File

@ -33,8 +33,8 @@ $mode=GETPOST("mode")?GETPOST("mode"):'customer';
if ($mode == 'customer' && ! $user->rights->facture->lire) accessforbidden();
if ($mode == 'supplier' && ! $user->rights->fournisseur->facture->lire) accessforbidden();
$userid=GETPOST('userid'); if ($userid < 0) $userid=0;
$socid=GETPOST('socid'); if ($socid < 0) $socid=0;
$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
// Security check
if ($user->societe_id > 0)
{

2
htdocs/compta/localtax/clients.php
View File

@ -75,7 +75,7 @@ $modetax = $conf->global->TAX_MODE;
if (isset($_REQUEST["modetax"])) $modetax=$_REQUEST["modetax"];
// Security check
$socid = GETPOST("socid");
$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'tax', '', '', 'charges');

2
htdocs/compta/paiement.php
View File

@ -37,7 +37,7 @@ $langs->load('banks');
$action = GETPOST('action');
$confirm = GETPOST('confirm');
$facid = GETPOST('facid');
$facid = GETPOST('facid','int');
$socname = GETPOST('socname');
$accountid = GETPOST('accountid');
$paymentnum = GETPOST('num_paiement');

4
htdocs/compta/paiement/cheque/fiche.php
View File

@ -35,7 +35,7 @@ $langs->load('banks');
$langs->load('companies');
$langs->load('compta');
$id =GETPOST("id");
$id =GETPOST('id','int');
$ref=GETPOST("ref");
$action=GETPOST('action');
@ -67,7 +67,7 @@ $filteraccountid=GETPOST('accountid');
if ($action == 'setdate' && $user->rights->banque->cheque)
{
$remisecheque = new RemiseCheque($db);
$result = $remisecheque->fetch(GETPOST('id'));
$result = $remisecheque->fetch(GETPOST('id','int'));
if ($result > 0)
{
//print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year'];

6
htdocs/compta/paiement/liste.php
View File

@ -30,9 +30,9 @@ require_once(DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php');
$langs->load("bills");
// Security check
$facid =GETPOST("facid");
$socid =GETPOST("socid");
$userid=GETPOST('userid');
$facid =GETPOST('facid','int');
$socid =GETPOST('socid','int');
$userid=GETPOST('userid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'facture',$facid,'');

2
htdocs/compta/prelevement/bon.php
View File

@ -33,7 +33,7 @@ $langs->load("categories");
// Security check
$socid=0;
$id = GETPOST("id");
$id = GETPOST('id','int');
$ref = GETPOST("ref");
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'prelevement', $id);

2
htdocs/compta/prelevement/bons.php
View File

@ -31,7 +31,7 @@ $langs->load("widthdrawals");
$langs->load("categories");
// Security check
$socid = GETPOST("socid");
$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'prelevement','','','bons');

2
htdocs/compta/prelevement/demandes.php
View File

@ -32,7 +32,7 @@ $langs->load("companies");
$langs->load("categories");
// Security check
$socid = GETPOST("socid");
$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'prelevement','','','bons');

4
htdocs/compta/prelevement/factures.php
View File

@ -37,8 +37,8 @@ $langs->load("categories");
if ($user->societe_id > 0) accessforbidden();
// Get supervariables
$prev_id = GETPOST("id");
$socid = GETPOST("socid");
$prev_id = GETPOST('id','int');
$socid = GETPOST('socid','int');
$page = GETPOST("page");
$sortorder = ((GETPOST("sortorder")=="")) ? "DESC" : GETPOST("sortorder");
$sortfield = ((GETPOST("sortfield")=="")) ? "p.ref" : GETPOST("sortfield");

2
htdocs/compta/prelevement/fiche-rejet.php
View File

@ -35,7 +35,7 @@ $langs->load("categories");
if ($user->societe_id > 0) accessforbidden();
// Get supervariables
$prev_id = GETPOST("id");
$prev_id = GETPOST('id','int');
$page = GETPOST("page");
/*

2
htdocs/compta/prelevement/fiche-stat.php
View File

@ -34,7 +34,7 @@ $langs->load("withdrawals");
$langs->load("categories");
// Get supervariables
$prev_id = GETPOST("id");
$prev_id = GETPOST('id','int');
$page = GETPOST("page");
/*

2
htdocs/compta/prelevement/fiche.php
View File

@ -40,7 +40,7 @@ if ($user->societe_id > 0) accessforbidden();
// Get supervariables
$action = GETPOST("action");
$id = GETPOST("id");
$id = GETPOST('id','int');
/*
* Actions

2
htdocs/compta/prelevement/index.php
View File

@ -32,7 +32,7 @@ $langs->load("withdrawals");
$langs->load("categories");
// Security check
$socid = GETPOST("socid");
$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'prelevement','','');

4
htdocs/compta/prelevement/ligne.php
View File

@ -39,8 +39,8 @@ $langs->load("categories");
// Get supervariables
$action = GETPOST("action");
$id = GETPOST("id");
$socid = GETPOST("socid");
$id = GETPOST('id','int');
$socid = GETPOST('socid','int');
$page = GETPOST("page");
$sortorder = GETPOST("sortorder");

4
htdocs/compta/prelevement/lignes.php
View File

@ -36,8 +36,8 @@ if ($user->societe_id > 0) accessforbidden();
$langs->load("categories");
// Get supervariables
$prev_id = GETPOST("id");
$socid = GETPOST("socid");
$prev_id = GETPOST('id','int');
$socid = GETPOST('socid','int');
$page = GETPOST("page");
$sortorder = ((GETPOST("sortorder")=="")) ? "DESC" : GETPOST("sortorder");
$sortfield = ((GETPOST("sortfield")=="")) ? "pl.fk_soc" : GETPOST("sortfield");

2
htdocs/compta/prelevement/liste.php
View File

@ -32,7 +32,7 @@ $langs->load("companies");
$langs->load("categories");
// Security check
$socid = GETPOST("socid");
$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'prelevement','','','bons');

2
htdocs/compta/prelevement/rejets.php
View File

@ -30,7 +30,7 @@ $langs->load("companies");
$langs->load("categories");
// Security check
$socid = GETPOST("socid");
$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'prelevement','','','bons');

2
htdocs/compta/prelevement/stats.php
View File

@ -31,7 +31,7 @@ $langs->load("companies");
$langs->load("categories");
// Security check
$socid = GETPOST("socid");
$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'prelevement','','','bons');

2
htdocs/compta/resultat/clientfourn.php
View File

@ -33,7 +33,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php");
$langs->load("bills");
// Security check
$socid = GETPOST("socid");
$socid = GETPOST('socid','int');
if ($user->societe_id > 0) $socid = $user->societe_id;
if (!$user->rights->compta->resultat->lire && !$user->rights->accounting->comptarapport->lire) accessforbidden();

2
htdocs/compta/resultat/index.php
View File

@ -38,7 +38,7 @@ else {
}
// Security check
$socid = GETPOST('socid');
$socid = GETPOST('socid','int');
if ($user->societe_id > 0) $socid = $user->societe_id;
if (!$user->rights->compta->resultat->lire && !$user->rights->accounting->comptarapport->lire)
accessforbidden();

4
htdocs/compta/sociales/charges.php
View File

@ -30,11 +30,11 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/tax.lib.php");
$langs->load("compta");
$langs->load("bills");
$id=GETPOST("id");
$id=GETPOST('id','int');
$action=GETPOST("action");
// Security check
$socid = GETPOST("socid");
$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'tax', $langs->trans("SocialContribution"), '', 'charges');

2
htdocs/compta/sociales/document.php
View File

@ -38,7 +38,7 @@ $langs->load("companies");
$langs->load("compta");
$langs->load("bills");
$id = GETPOST("id");
$id = GETPOST('id','int');
$action = GETPOST("action");
// Security check

4
htdocs/compta/sociales/info.php
View File

@ -29,11 +29,11 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/functions2.lib.php");
$langs->load("compta");
$langs->load("bills");
$id=GETPOST("id");
$id=GETPOST('id','int');
$action=GETPOST("action");
// Security check
$socid = GETPOST("socid");
$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'tax', $langs->trans("SocialContribution"), '', 'charges');

4
htdocs/compta/stats/index.php
View File

@ -37,8 +37,8 @@ else {
$year_end=$year_start + ($nbofyear-1);
}
$userid=GETPOST('userid');
$socid=GETPOST('socid');
$userid=GETPOST('userid','int');
$socid=GETPOST('socid','int');
// Security check
if ($user->societe_id > 0) $socid = $user->societe_id;
if (!$user->rights->compta->resultat->lire && !$user->rights->accounting->comptarapport->lire) accessforbidden();

2
htdocs/compta/tva/clients.php
View File

@ -78,7 +78,7 @@ $modetax = $conf->global->TAX_MODE;
if (isset($_REQUEST["modetax"])) $modetax=$_REQUEST["modetax"];
// Security check
$socid = GETPOST("socid");
$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'tax', '', '', 'charges');

2
htdocs/compta/tva/quadri_detail.php
View File

@ -85,7 +85,7 @@ if (isset($_REQUEST["modetax"])) $modetax=$_REQUEST["modetax"];
if (empty($modetax)) $modetax=0;
// Security check
$socid = GETPOST("socid");
$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'tax', '', '', 'charges');

4
htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php
View File

@ -32,10 +32,10 @@ echo $this->control->tpl['ajax_selectcountry'];
<br>
<form method="post" name="formsoc" action="<?php echo $_SERVER["PHP_SELF"].'?id='.GETPOST("id"); ?>">
<form method="post" name="formsoc" action="<?php echo $_SERVER["PHP_SELF"].'?id='.GETPOST('id','int'); ?>">
<input type="hidden" name="token" value="<?php echo $_SESSION['newtoken']; ?>">
<input type="hidden" name="canvas" value="<?php echo $canvas ?>">
<input type="hidden" name="id" value="<?php echo GETPOST("id"); ?>">
<input type="hidden" name="id" value="<?php echo GETPOST('id','int'); ?>">
<input type="hidden" name="action" value="update">
<input type="hidden" name="contactid" value="<?php echo $this->control->tpl['id']; ?>">
<input type="hidden" name="old_name" value="<?php echo $this->control->tpl['name']; ?>">

3
htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php
View File

@ -17,7 +17,6 @@
*/
$contact = $GLOBALS['objcanvas']->control->object;
?>
<!-- BEGIN PHP TEMPLATE CONTACTCARD_VIEW.TPL.PHP DEFAULT -->
@ -98,7 +97,7 @@ dol_htmloutput_errors($this->control->tpl['error'],$this->control->tpl['errors']
<td><?php echo $this->control->tpl['email']; ?></td>
<?php if ($this->control->tpl['nb_emailing']) { ?>
<td nowrap><?php echo $langs->trans("NbOfEMailingsReceived"); ?></td>
<td><a href="<?php echo DOL_URL_ROOT.'/comm/mailing/liste.php?filteremail='.urlencode($this->control->tpl['email']); ?>"><?php echo $this->control->tpl['nb_emailing']; ?></a></td>
<td><?php echo $this->control->tpl['nb_emailing']; ?></td>
<?php } else { ?>
<td colspan="2">&nbsp;</td>
<?php } ?>

37
htdocs/contact/fiche.php
View File

@ -39,10 +39,11 @@ $langs->load("commercial");
$mesg=''; $error=0; $errors=array();
$action = (GETPOST('action') ? GETPOST('action') : 'view');
$confirm = GETPOST('confirm');
$id = GETPOST("id");
$socid = GETPOST("socid");
$action = (GETPOST('action','alpha') ? GETPOST('action','alpha') : 'view');
$confirm = GETPOST('confirm','alpha');
$backtopage = GETPOST('backtopage','alpha');
$id = GETPOST('id','int');
$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$object = new Contact($db);
@ -76,9 +77,9 @@ $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action);
if (empty($reshook))
{
// Cancel
if (GETPOST("cancel") && GETPOST('backtopage'))
if (GETPOST("cancel") && ! empty($backtopage))
{
header("Location: ".GETPOST('backtopage'));
header("Location: ".$backtopage);
exit;
}
@ -86,7 +87,7 @@ if (empty($reshook))
if ($action == 'confirm_create_user' && $confirm == 'yes' && $user->rights->user->user->creer)
{
// Recuperation contact actuel
$result = $object->fetch($_GET["id"]);
$result = $object->fetch($id);
if ($result > 0)
{
@ -172,7 +173,7 @@ if (empty($reshook))
if (! $error && $id > 0)
{
$db->commit();
if (GETPOST('backtopage')) $url=GETPOST('backtopage');
if (! empty($backtopage)) $url=$backtopage;
else $url='fiche.php?id='.$id;
Header("Location: ".$url);
exit;
@ -248,10 +249,12 @@ if (empty($reshook))
{
$object->old_name='';
$object->old_firstname='';
$action = 'view';
}
else
{
$error=$object->error; $errors=$object->errors;
$action = 'edit';
}
}
}
@ -276,7 +279,7 @@ if ($socid > 0)
$objsoc->fetch($socid);
}
if (is_object($objcanvas) && $objcanvas->displayCanvasExists())
if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action))
{
// -----------------------------------------
// When used with CANVAS
@ -287,7 +290,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists())
$object->fetch($id); // For use with "pure canvas" (canvas that contains templates only)
}
$objcanvas->assign_values($action, $id); // Set value for templates
$objcanvas->display_canvas(); // Show template
$objcanvas->display_canvas($action); // Show template
}
else
{
@ -368,7 +371,7 @@ else
print '<form method="post" name="formsoc" action="'.$_SERVER["PHP_SELF"].'">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add">';
print '<input type="hidden" name="backtopage" value="'.GETPOST('backtopage').'">';
print '<input type="hidden" name="backtopage" value="'.$backtopage.'">';
print '<table class="border" width="100%">';
// Name
@ -389,7 +392,7 @@ else
}
else {
print '<tr><td>'.$langs->trans("Company").'</td><td colspan="3">';
print $form->select_company(GETPOST("socid"),'socid','',1);
print $form->select_company(GETPOST('socid','int'),'socid','',1);
print '</td></tr>';
}
}
@ -497,7 +500,7 @@ else
print '<center>';
print '<input type="submit" class="button" name="add" value="'.$langs->trans("Add").'">';
if (GETPOST('backtopage'))
if (! empty($backtopage))
{
print ' &nbsp; &nbsp; ';
print '<input type="submit" class="button" name="cancel" value="'.$langs->trans("Cancel").'">';
@ -537,11 +540,11 @@ else
print '</script>';
}
print '<form method="post" action="'.$_SERVER["PHP_SELF"].'?id='.GETPOST("id").'" name="formsoc">';
print '<form method="post" action="'.$_SERVER["PHP_SELF"].'?id='.$id.'" name="formsoc">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="id" value="'.GETPOST("id").'">';
print '<input type="hidden" name="id" value="'.$id.'">';
print '<input type="hidden" name="action" value="update">';
print '<input type="hidden" name="backtopage" value="'.GETPOST('backtopage').'">';
print '<input type="hidden" name="backtopage" value="'.$backtopage.'">';
print '<input type="hidden" name="contactid" value="'.$object->id.'">';
print '<input type="hidden" name="old_name" value="'.$object->name.'">';
print '<input type="hidden" name="old_firstname" value="'.$object->firstname.'">';
@ -561,7 +564,7 @@ else
{
print '<tr><td>'.$langs->trans("Company").'</td>';
print '<td colspan="3">';
print $form->select_company(GETPOST("socid")?GETPOST("socid"):($object->socid?$object->socid:-1),'socid','',1);
print $form->select_company(GETPOST('socid','int')?GETPOST('socid','int'):($object->socid?$object->socid:-1),'socid','',1);
print '</td>';
print '</tr>';
}

2
htdocs/contrat/contact.php
View File

@ -77,7 +77,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->contrat->creer)
if ($_GET["action"] == 'swapstatut' && $user->rights->contrat->creer)
{
$contrat = new Contrat($db);
if ($contrat->fetch(GETPOST("id")))
if ($contrat->fetch(GETPOST('id','int')))
{
$result=$contrat->swapContactStatus(GETPOST('ligne'));
}

4
htdocs/contrat/fiche.php
View File

@ -41,8 +41,8 @@ $langs->load("bills");
$langs->load("products");
$action=GETPOST('action');
$socid = GETPOST("socid");
$contratid = GETPOST("id");
$socid = GETPOST('socid','int');
$contratid = GETPOST('id','int');
// Security check
if ($user->societe_id) $socid=$user->societe_id;

4
htdocs/contrat/services.php
View File

@ -48,10 +48,10 @@ $search_nom=GETPOST("search_nom");
$search_contract=GETPOST("search_contract");
$search_service=GETPOST("search_service");
$statut=isset($_GET["statut"])?$_GET["statut"]:1;
$socid=GETPOST("socid");
$socid=GETPOST('socid','int');
// Security check
$contratid = GETPOST("id");
$contratid = GETPOST('id','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'contrat',$contratid,'');

12
htdocs/core/ajax/loadinplace.php
View File

@ -54,7 +54,7 @@ if((isset($_GET['field']) && ! empty($_GET['field']))
$type = GETPOST('type');
$loadmethod = (GETPOST('loadmethod') ? GETPOST('loadmethod') : 'getValueFrom');
if (preg_match('/^([^_]+)_([^_]+)/i',$element,$regs))
if ($element != 'order_supplier' && $element != 'invoice_supplier' && preg_match('/^([^_]+)_([^_]+)/i',$element,$regs))
{
$element = $regs[1];
$subelement = $regs[2];
@ -62,9 +62,17 @@ if((isset($_GET['field']) && ! empty($_GET['field']))
if ($element == 'propal') $element = 'propale';
else if ($element == 'fichinter') $element = 'ficheinter';
else if ($element == 'order_supplier') {
$element = 'fournisseur';
$subelement = 'commande';
}
else if ($element == 'invoice_supplier') {
$element = 'fournisseur';
$subelement = 'facture';
}
if ($user->rights->$element->lire || $user->rights->$element->read
|| $user->rights->$element->$subelement->lire || $user->rights->$element->$subelement->read
|| (isset($subelement) && ($user->rights->$element->$subelement->lire || $user->rights->$element->$subelement->read))
|| ($element == 'payment' && $user->rights->facture->lire)
|| ($element == 'payment_supplier' && $user->rights->fournisseur->facture->lire))
{

12
htdocs/core/ajax/saveinplace.php
View File

@ -61,7 +61,7 @@ if((isset($_POST['field']) && ! empty($_POST['field']))
$return=array();
$error=0;
if (preg_match('/^([^_]+)_([^_]+)/i',$element,$regs))
if ($element != 'order_supplier' && $element != 'invoice_supplier' && preg_match('/^([^_]+)_([^_]+)/i',$element,$regs))
{
$element = $regs[1];
$subelement = $regs[2];
@ -69,9 +69,17 @@ if((isset($_POST['field']) && ! empty($_POST['field']))
if ($element == 'propal') $element = 'propale';
else if ($element == 'fichinter') $element = 'ficheinter';
else if ($element == 'order_supplier') {
$element = 'fournisseur';
$subelement = 'commande';
}
else if ($element == 'invoice_supplier') {
$element = 'fournisseur';
$subelement = 'facture';
}
if ($user->rights->$element->creer || $user->rights->$element->write
|| $user->rights->$element->$subelement->creer || $user->rights->$element->$subelement->write
|| (isset($subelement) && ($user->rights->$element->$subelement->creer || $user->rights->$element->$subelement->write))
|| ($element == 'payment' && $user->rights->facture->paiement)
|| ($element == 'payment_supplier' && $user->rights->fournisseur->facture->creer))
{

16
htdocs/core/class/canvas.class.php
View File

@ -50,9 +50,9 @@ class Canvas
* @param DoliDB $DB Database handler
* @param string $actiontype Action type ('create', 'view', 'edit', 'list')
*/
function __construct($DB, $actiontype='view')
function __construct($db, $actiontype='view')
{
$this->db = $DB;
$this->db = $db;
$this->actiontype = $actiontype;
if ($this->actiontype == 'add') $this->actiontype='create';
@ -128,11 +128,11 @@ class Canvas
*
* @return int 0=Canvas template file does not exist, 1=Canvas template file exists
*/
function displayCanvasExists()
{
function displayCanvasExists($action)
{
if (empty($this->template_dir)) return 0;
//print $this->template_dir.($this->card?$this->card.'_':'').$this->actiontype.'.tpl.php';
if (file_exists($this->template_dir.($this->card?$this->card.'_':'').$this->actiontype.'.tpl.php')) return 1;
if (file_exists($this->template_dir.($this->card?$this->card.'_':'').$this->action.'.tpl.php')) return 1;
else return 0;
}
@ -142,12 +142,12 @@ class Canvas
*
* @return void
*/
function display_canvas()
function display_canvas($action)
{
global $db, $conf, $langs, $user, $canvas;
global $form, $formfile;
include($this->template_dir.($this->card?$this->card.'_':'').$this->actiontype.'.tpl.php'); // Include native PHP template
include($this->template_dir.($this->card?$this->card.'_':'').$this->action.'.tpl.php'); // Include native PHP template
}

2
htdocs/core/class/conf.class.php
View File

@ -161,7 +161,7 @@ class Conf
$partname = strtolower($reg[2]);
$varname = $partname.'_modules';
if (! is_array($this->$varname)) { $this->$varname = array(); }
$arrValue = unserialize($value);
$arrValue = @unserialize($value);
if (is_array($arrValue) && ! empty($arrValue)) $value = $arrValue;
else $value = ($value == 1 ? '/'.$modulename.'/core/'.$partname.'/' : $value);
$this->$varname = array_merge($this->$varname, array($modulename => $value));

9
htdocs/core/class/html.formcompany.class.php
View File

@ -528,7 +528,7 @@ class FormCompany
}
}
$sql.= " ORDER BY nom ASC";
$resql = $this->db->query($sql);
if ($resql)
{
@ -669,7 +669,7 @@ class FormCompany
{
global $conf,$langs;
$formlength=24;
$formlength=0;
if ($country_code == 'FR' && empty($conf->global->MAIN_DISABLEPROFIDRULES))
{
if ($idprof==1) $formlength=9;
@ -691,7 +691,10 @@ class FormCompany
if (! $selected && $idprof==3) $selected=$this->idprof3;
if (! $selected && $idprof==4) $selected=$this->idprof4;
$out = '<input type="text" name="'.$htmlname.'" size="'.($formlength+1).'" maxlength="'.$formlength.'" value="'.$selected.'">';
$maxlength=$formlength;
if (empty($formlength)) { $formlength=24; $maxlength=128; }
$out = '<input type="text" name="'.$htmlname.'" size="'.($formlength+1).'" maxlength="'.$maxlength.'" value="'.$selected.'">';
return $out;
}

1014
htdocs/core/class/html.formother.class.php
View File

File diff suppressed because it is too large Load Diff

16
htdocs/core/lib/functions.lib.php
View File

@ -249,15 +249,21 @@ function GETPOST($paramname,$check='',$method=0)
elseif ($method==1) $out = isset($_GET[$paramname])?$_GET[$paramname]:'';
elseif ($method==2) $out = isset($_POST[$paramname])?$_POST[$paramname]:'';
elseif ($method==3) $out = isset($_POST[$paramname])?$_POST[$paramname]:(isset($_GET[$paramname])?$_GET[$paramname]:'');
else return 'BadParameter';
if (! empty($check))
{
$out=trim($out);
// Check if numeric
if ($check == 'int' && ! preg_match('/^[-\.,0-9]+$/i',trim($out))) $out='';
if ($check == 'int' && ! preg_match('/^[-\.,0-9]+$/i',$out)) $out='';
// Check if alpha
//if ($check == 'alpha' && ! preg_match('/^[ =:@#\/\\\(\)\-\._a-z0-9]+$/i',trim($out))) $out='';
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
if ($check == 'alpha' && preg_match('/"/',trim($out))) $out='';
elseif ($check == 'alpha')
{
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals
if (preg_match('/"/',$out)) $out='';
else if (preg_match('/\.\.\//',$out)) $out='';
}
}
return $out;
@ -3405,7 +3411,7 @@ function dol_textishtml($msg,$option=0)
* @param string $chaine Source string in which we must do substitution
* @param array $substitutionarray Array with key->val to substitute
* @return string Output string after subsitutions
* @see make_substitutions
* @see complete_substitutions_array
*/
function make_substitutions($chaine,$substitutionarray)
{

2
htdocs/core/lib/security2.lib.php
View File

@ -209,7 +209,7 @@ function dol_loginfunction($langs,$conf,$mysoc)
$sessiontimeout='DOLSESSTIMEOUT_'.$prefix;
if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", '', 0);
if (GETPOST("urlfrom")) $_SESSION["urlfrom"]=GETPOST("urlfrom");
if (GETPOST('urlfrom','alpha')) $_SESSION["urlfrom"]=GETPOST('urlfrom','alpha');
else unset($_SESSION["urlfrom"]);
if (! GETPOST("username")) $focus_element='username';

4
htdocs/core/modules/DolibarrModules.class.php
View File

@ -35,7 +35,7 @@ abstract class DolibarrModules
//! Database handler
var $db;
//! Relative path to module style sheet
var $style_sheet = '';
var $style_sheet = ''; // deprecated
//! Path to create when module activated
var $dirs = array();
//! Tableau des boites
@ -46,6 +46,8 @@ abstract class DolibarrModules
var $rights;
//! Tableau des menus
var $menu=array();
//! Module parts array
var $module_parts=array();
//! Tableau des documents ???
var $docs;

2
htdocs/core/modules/commande/doc/doc_generic_order_odt.modules.php
View File

@ -129,7 +129,7 @@ class doc_generic_order_odt extends ModelePDFCommandes
global $conf;
return array(
'line_fulldesc'=>doc_getlinedesc($line),
'line_fulldesc'=>doc_getlinedesc($line,$outputlangs),
'line_product_ref'=>$line->product_ref,
'line_product_label'=>$line->product_label,
'line_desc'=>$line->desc,

12
htdocs/core/modules/commande/doc/pdf_edison.modules.php
View File

@ -148,6 +148,12 @@ class pdf_edison extends ModelePDFCommandes
$pdf->setPrintFooter(false);
}
$pdf->SetFont(pdf_getPDFFont($outputlangs));
// Set path to the background PDF File
if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND))
{
$pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND);
$tplidx = $pdf->importPage(1);
}
$pdf->Open();
$pagenb=0;
@ -165,6 +171,7 @@ class pdf_edison extends ModelePDFCommandes
// New page
$pdf->AddPage();
if (! empty($tplidx)) $pdf->useTemplate($tplidx);
$pagenb++;
$this->_pagehead($pdf, $object, 1, $outputlangs);
$pdf->SetFont('','', $default_font_size - 1);
@ -240,6 +247,7 @@ class pdf_edison extends ModelePDFCommandes
// New page
$pdf->AddPage();
if (! empty($tplidx)) $pdf->useTemplate($tplidx);
$pagenb++;
$this->_pagehead($pdf, $object, 0, $outputlangs);
$pdf->SetFont('','', $default_font_size - 1);
@ -611,7 +619,7 @@ class pdf_edison extends ModelePDFCommandes
$pdf->SetFont('','', $default_font_size - 2);
$pdf->SetXY($posx+2,$posy-5);
$pdf->MultiCell(80,5, $outputlangs->transnoentities("BillTo").":",0,'L');
$pdf->rect($posx, $posy, 100, $hautcadre);
$pdf->Rect($posx, $posy, 100, $hautcadre);
// Show recipient name
$pdf->SetXY($posx+2,$posy+3);
@ -620,7 +628,7 @@ class pdf_edison extends ModelePDFCommandes
// Show recipient information
$pdf->SetFont('','', $default_font_size - 1);
$pdf->SetXY($posx+2,$posy+8);
$pdf->SetXY($posx+2,$posy+4+(dol_nboflines_bis($carac_client_name,50)*4));
$pdf->MultiCell(86,4, $carac_client, 0, 'L');
}

12
htdocs/core/modules/commande/doc/pdf_einstein.modules.php
View File

@ -185,6 +185,12 @@ class pdf_einstein extends ModelePDFCommandes
$pdf->setPrintFooter(false);
}
$pdf->SetFont(pdf_getPDFFont($outputlangs));
// Set path to the background PDF File
if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND))
{
$pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND);
$tplidx = $pdf->importPage(1);
}
$pdf->Open();
$pagenb=0;
@ -211,6 +217,7 @@ class pdf_einstein extends ModelePDFCommandes
// New page
$pdf->AddPage();
if (! empty($tplidx)) $pdf->useTemplate($tplidx);
$pagenb++;
$this->_pagehead($pdf, $object, 1, $outputlangs);
$pdf->SetFont('','', $default_font_size - 1);
@ -356,6 +363,7 @@ class pdf_einstein extends ModelePDFCommandes
// New page
$pdf->AddPage();
if (! empty($tplidx)) $pdf->useTemplate($tplidx);
$pagenb++;
$this->_pagehead($pdf, $object, 0, $outputlangs);
$pdf->SetFont('','', $default_font_size - 1);
@ -982,7 +990,7 @@ class pdf_einstein extends ModelePDFCommandes
$pdf->SetFont('','', $default_font_size - 2);
$pdf->SetXY($posx+2,$posy-5);
$pdf->MultiCell(80,5, $outputlangs->transnoentities("BillTo").":",0,'L');
$pdf->rect($posx, $posy, 100, $hautcadre);
$pdf->Rect($posx, $posy, 100, $hautcadre);
// Show recipient name
$pdf->SetXY($posx+2,$posy+3);
@ -991,7 +999,7 @@ class pdf_einstein extends ModelePDFCommandes
// Show recipient information
$pdf->SetFont('','', $default_font_size - 1);
$pdf->SetXY($posx+2,$posy+8);
$pdf->SetXY($posx+2,$posy+4+(dol_nboflines_bis($carac_client_name,50)*4));
$pdf->MultiCell(86,4, $carac_client, 0, 'L');
}
}

33
htdocs/core/modules/expedition/doc/pdf_expedition_merou.modules.php
View File

@ -42,7 +42,7 @@ Class pdf_expedition_merou extends ModelePdfExpedition
/**
* Constructor
*
* @param DoliDB $DB Database handler
* @param DoliDB $db Database handler
*/
function pdf_expedition_merou($db=0)
{
@ -72,10 +72,11 @@ Class pdf_expedition_merou extends ModelePdfExpedition
/**
* \brief Fonction generant le document sur le disque
* \param object Objet expedition a generer (ou id si ancienne methode)
* \param outputlangs Lang output object
* \return int 1=ok, 0=ko
* Fonction generant le document sur le disque
*
* @param object Objet expedition a generer (ou id si ancienne methode)
* @param outputlangs Lang output object
* @return int 1=ok, 0=ko
*/
function write_file(&$object, $outputlangs)
{
@ -154,6 +155,12 @@ Class pdf_expedition_merou extends ModelePdfExpedition
$pdf->setPrintFooter(false);
}
$pdf->SetFont(pdf_getPDFFont($outputlangs));
// Set path to the background PDF File
if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND))
{
$pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND);
$tplidx = $pdf->importPage(1);
}
$pdf->Open();
$pagenb=0;
@ -200,8 +207,8 @@ Class pdf_expedition_merou extends ModelePdfExpedition
// Description de la ligne produit
//Creation des cases a cocher
$pdf->rect(10+3, $curY+1, 3, 3);
$pdf->rect(20+3, $curY+1, 3, 3);
$pdf->Rect(10+3, $curY+1, 3, 3);
$pdf->Rect(20+3, $curY+1, 3, 3);
//Insertion de la reference du produit
$pdf->SetXY(30, $curY+1 );
$pdf->SetFont('','B', $default_font_size - 3);
@ -400,7 +407,7 @@ Class pdf_expedition_merou extends ModelePdfExpedition
//Num Expedition
$Yoff = $Yoff+7;
$Xoff = 142;
//$pdf->rect($Xoff, $Yoff, 85, 8);
//$pdf->Rect($Xoff, $Yoff, 85, 8);
$pdf->SetXY($Xoff,$Yoff);
$pdf->SetFont('','', $default_font_size - 2);
$pdf->SetTextColor(0,0,0);
@ -542,20 +549,20 @@ Class pdf_expedition_merou extends ModelePdfExpedition
$blW=50;
$Yoff = $Ydef +1;
$pdf->Rect($blDestX, $Yoff-1, $blW, 26);
//Titre
// Show recipient frame
$pdf->SetFont('','B', $default_font_size - 3);
$pdf->SetXY($blDestX,$Yoff-4);
$pdf->MultiCell($blW,3, $outputlangs->transnoentities("Recipient"), 0, 'L');
$pdf->Rect($blDestX, $Yoff-1, $blW, 26);
// Show customer/recipient
// Show recipient name
$pdf->SetFont('','B', $default_font_size - 3);
$pdf->SetXY($blDestX,$Yoff);
$pdf->MultiCell($blW,3, $carac_client_name, 0, 'L');
// Show recipient information
$pdf->SetFont('','', $default_font_size - 3);
$pdf->SetXY($blDestX,$Yoff+4);
$pdf->SetXY($blDestX,$Yoff+(dol_nboflines_bis($carac_client_name,50)*4));
$pdf->MultiCell($blW,2, $carac_client, 0, 'L');
}
}

Some files were not shown because too many files have changed in this diff Show More