diff --git a/ChangeLog b/ChangeLog index af3f8290f70..2c0e2377f61 100644 --- a/ChangeLog +++ b/ChangeLog @@ -52,9 +52,12 @@ For users: - New: Increase usability of module project. - New: Automatic list of documents in ECM module is ok for customers, suppliers invoice, orders, customers orders, proposals and social contributions. +- New: All professional id can contains up to 128 chars instead of 32. - New: [ task #176 ] Allow to use ODT templates for proposals and orders like it's done for invoices +- New: Add hidden option MAIN_ADD_PDF_BACKGROUND to add a PDF as background of invoice/order generated PDF. - Fix: Can use POS module with several concurrent users. - Fix: Installer don't fails with Mysql version that added a ssl_cypher field. +- Fix: Sanitize input parameters. For developers: - New: Can add a left menu into an existing top menu or left menu. diff --git a/dev/skeletons/skeleton_class.class.php b/dev/skeletons/skeleton_class.class.php index 1c63ce5c43e..f5de8e82f8c 100644 --- a/dev/skeletons/skeleton_class.class.php +++ b/dev/skeletons/skeleton_class.class.php @@ -51,7 +51,7 @@ class Skeleton_Class // extends CommonObject * * @param DoliDb $db Database handler */ - function Skeleton_Class($db) + function __construct($db) { $this->db = $db; return 1; diff --git a/htdocs/adherents/agenda.php b/htdocs/adherents/agenda.php index 973762b780c..bd5f0f66894 100644 --- a/htdocs/adherents/agenda.php +++ b/htdocs/adherents/agenda.php @@ -37,7 +37,7 @@ $langs->load("members"); $mesg=isset($_GET["mesg"])?'
'.$_GET["mesg"].'
':''; -$id = GETPOST("id"); +$id = GETPOST('id','int'); // Security check if (! $user->rights->adherent->lire) accessforbidden(); diff --git a/htdocs/adherents/card_subscriptions.php b/htdocs/adherents/card_subscriptions.php index 4291d998559..a831ec46a2e 100644 --- a/htdocs/adherents/card_subscriptions.php +++ b/htdocs/adherents/card_subscriptions.php @@ -141,10 +141,10 @@ if ($action == 'setsocid') $error=0; if (! $error) { - if (GETPOST("socid") != $adh->fk_soc) // If link differs from currently in database + if (GETPOST('socid','int') != $adh->fk_soc) // If link differs from currently in database { $sql ="SELECT rowid FROM ".MAIN_DB_PREFIX."adherent"; - $sql.=" WHERE fk_soc = '".GETPOST("socid")."'"; + $sql.=" WHERE fk_soc = '".GETPOST('socid','int')."'"; $resql = $db->query($sql); if ($resql) { @@ -154,7 +154,7 @@ if ($action == 'setsocid') $othermember=new Adherent($db); $othermember->fetch($obj->rowid); $thirdparty=new Societe($db); - $thirdparty->fetch(GETPOST("socid")); + $thirdparty->fetch(GETPOST('socid','int')); $error++; $mesg='
'.$langs->trans("ErrorMemberIsAlreadyLinkedToThisThirdParty",$othermember->getFullName($langs),$othermember->login,$thirdparty->name).'
'; } @@ -162,7 +162,7 @@ if ($action == 'setsocid') if (! $error) { - $result=$adh->setThirdPartyId(GETPOST("socid")); + $result=$adh->setThirdPartyId(GETPOST('socid','int')); if ($result < 0) dol_print_error($adh->db,$adh->error); $_POST['action']=''; $action=''; diff --git a/htdocs/adherents/document.php b/htdocs/adherents/document.php index c7e596fe1a1..f62b7781be8 100644 --- a/htdocs/adherents/document.php +++ b/htdocs/adherents/document.php @@ -37,7 +37,7 @@ $langs->load('other'); $mesg = ""; // Security check -$id = GETPOST('id'); +$id = GETPOST('id','int'); if ($user->societe_id > 0) { $id = $user->societe_id; diff --git a/htdocs/adherents/fiche.php b/htdocs/adherents/fiche.php index 7621df556b1..27acbae6c54 100644 --- a/htdocs/adherents/fiche.php +++ b/htdocs/adherents/fiche.php @@ -2,7 +2,7 @@ /* Copyright (C) 2001-2004 Rodolphe Quiedeville * Copyright (C) 2002-2003 Jean-Louis Bergamo * Copyright (C) 2004-2011 Laurent Destailleur - * Copyright (C) 2005-2011 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -49,11 +49,14 @@ $extrafields = new ExtraFields($db); $errmsg=''; $errmsgs=array(); -$action=GETPOST("action"); -$rowid=GETPOST("rowid"); -$typeid=GETPOST("typeid"); +$action=GETPOST('action','alpha'); +$confirm=GETPOST('confirm','alpha'); +$rowid=GETPOST('rowid','int'); +$typeid=GETPOST('typeid','int'); +$userid=GETPOST('userid','int'); +$socid=GETPOST('socid','int'); -if ($rowid) +if ($rowid > 0) { // Load member $result = $object->fetch($rowid); @@ -70,6 +73,10 @@ if ($rowid) || (($user->id != $adh->user_id) && $user->rights->user->user->password) ); } } +else +{ + accessforbidden(); +} // Define variables to know what current user can do on members $canaddmember=$user->rights->adherent->creer; @@ -93,12 +100,12 @@ $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks -if ($_POST['action'] == 'setuserid' && ($user->rights->user->self->creer || $user->rights->user->user->creer)) +if ($action == 'setuserid' && ($user->rights->user->self->creer || $user->rights->user->user->creer)) { $error=0; if (empty($user->rights->user->user->creer)) // If can edit only itself user, we can link to itself only { - if ($_POST["userid"] != $user->id && $_POST["userid"] != $object->user_id) + if ($userid != $user->id && $userid != $object->user_id) { $error++; $mesg='
'.$langs->trans("ErrorUserPermissionAllowsToLinksToItselfOnly").'
'; @@ -107,24 +114,23 @@ if ($_POST['action'] == 'setuserid' && ($user->rights->user->self->creer || $use if (! $error) { - if ($_POST["userid"] != $object->user_id) // If link differs from currently in database + if ($userid != $object->user_id) // If link differs from currently in database { - $result=$object->setUserId($_POST["userid"]); + $result=$object->setUserId($userid); if ($result < 0) dol_print_error($object->db,$object->error); - $_POST['action']=''; $action=''; } } } -if ($_POST['action'] == 'setsocid') +if ($action == 'setsocid') { $error=0; if (! $error) { - if ($_POST["socid"] != $object->fk_soc) // If link differs from currently in database + if ($socid != $object->fk_soc) // If link differs from currently in database { $sql ="SELECT rowid FROM ".MAIN_DB_PREFIX."adherent"; - $sql.=" WHERE fk_soc = '".$_POST["socid"]."'"; + $sql.=" WHERE fk_soc = '".$socid."'"; $sql.=" AND entity = ".$conf->entity; $resql = $db->query($sql); if ($resql) @@ -135,7 +141,7 @@ if ($_POST['action'] == 'setsocid') $othermember=new Adherent($db); $othermember->fetch($obj->rowid); $thirdparty=new Societe($db); - $thirdparty->fetch($_POST["socid"]); + $thirdparty->fetch($socid); $error++; $errmsg='
'.$langs->trans("ErrorMemberIsAlreadyLinkedToThisThirdParty",$othermember->getFullName($langs),$othermember->login,$thirdparty->name).'
'; } @@ -143,9 +149,8 @@ if ($_POST['action'] == 'setsocid') if (! $error) { - $result=$object->setThirdPartyId($_POST["socid"]); + $result=$object->setThirdPartyId($socid); if ($result < 0) dol_print_error($object->db,$object->error); - $_POST['action']=''; $action=''; } } @@ -153,13 +158,13 @@ if ($_POST['action'] == 'setsocid') } // Create user from a member -if ($_POST["action"] == 'confirm_create_user' && $_POST["confirm"] == 'yes' && $user->rights->user->user->creer) +if ($action == 'confirm_create_user' && $confirm == 'yes' && $user->rights->user->user->creer) { if ($result > 0) { // Creation user $nuser = new User($db); - $result=$nuser->create_from_member($object,$_POST["login"]); + $result=$nuser->create_from_member($object,GETPOST('login','alpha')); if ($result < 0) { @@ -174,13 +179,13 @@ if ($_POST["action"] == 'confirm_create_user' && $_POST["confirm"] == 'yes' && $ } // Create third party from a member -if ($_POST["action"] == 'confirm_create_thirdparty' && $_POST["confirm"] == 'yes' && $user->rights->societe->creer) +if ($action == 'confirm_create_thirdparty' && $confirm == 'yes' && $user->rights->societe->creer) { if ($result > 0) { // Creation user $company = new Societe($db); - $result=$company->create_from_member($object,$_POST["companyname"]); + $result=$company->create_from_member($object,GETPOST('companyname','alpha')); if ($result < 0) { @@ -195,7 +200,7 @@ if ($_POST["action"] == 'confirm_create_thirdparty' && $_POST["confirm"] == 'yes } } -if ($_REQUEST["action"] == 'confirm_sendinfo' && $_REQUEST["confirm"] == 'yes') +if ($action == 'confirm_sendinfo' && $confirm == 'yes') { if ($object->email) { @@ -204,7 +209,7 @@ if ($_REQUEST["action"] == 'confirm_sendinfo' && $_REQUEST["confirm"] == 'yes') } } -if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->adherent->creer) +if ($action == 'update' && ! $_POST["cancel"] && $user->rights->adherent->creer) { require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php"); @@ -328,8 +333,8 @@ if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->adhe } } - $_GET["rowid"]=$object->id; - $_REQUEST["action"]=''; + $rowid=$object->id; + $action=''; } else { @@ -340,7 +345,7 @@ if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->adhe } } -if ($_POST["action"] == 'add' && $user->rights->adherent->creer) +if ($action == 'add' && $user->rights->adherent->creer) { $datenaiss=''; if (isset($_POST["naissday"]) && $_POST["naissday"] @@ -499,7 +504,7 @@ if ($_POST["action"] == 'add' && $user->rights->adherent->creer) } } -if ($user->rights->adherent->supprimer && $_REQUEST["action"] == 'confirm_delete' && $_REQUEST["confirm"] == 'yes') +if ($user->rights->adherent->supprimer && $action == 'confirm_delete' && $confirm == 'yes') { $result=$object->delete($rowid); if ($result > 0) @@ -513,7 +518,7 @@ if ($user->rights->adherent->supprimer && $_REQUEST["action"] == 'confirm_delete } } -if ($user->rights->adherent->creer && $_POST["action"] == 'confirm_valid' && $_POST["confirm"] == 'yes') +if ($user->rights->adherent->creer && $action == 'confirm_valid' && $confirm == 'yes') { $result=$object->validate($user); @@ -547,7 +552,7 @@ if ($user->rights->adherent->creer && $_POST["action"] == 'confirm_valid' && $_P } } -if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_resign' && $_POST["confirm"] == 'yes') +if ($user->rights->adherent->supprimer && $action == 'confirm_resign' && $confirm == 'yes') { $adht = new AdherentType($db); $adht->fetch($object->typeid); @@ -580,7 +585,7 @@ if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_resign' & } } -if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_del_spip' && $_POST["confirm"] == 'yes') +if ($user->rights->adherent->supprimer && $action == 'confirm_del_spip' && $confirm == 'yes') { if (! count($object->errors)) { @@ -591,7 +596,7 @@ if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_del_spip' } } -if ($user->rights->adherent->creer && $_POST["action"] == 'confirm_add_spip' && $_POST["confirm"] == 'yes') +if ($user->rights->adherent->creer && $action == 'confirm_add_spip' && $confirm == 'yes') { if (! count($object->errors)) { @@ -629,7 +634,7 @@ if ($action == 'create') $object->fk_departement = $_POST["departement_id"]; // We set country_id, country_code and country for the selected country - $object->country_id=$_POST["country_id"]?$_POST["country_id"]:$mysoc->country_id; + $object->country_id=GETPOST('country_id','int')?GETPOST('country_id','int'):$mysoc->country_id; if ($object->country_id) { $tmparray=getCountry($object->country_id,'all'); @@ -674,7 +679,7 @@ if ($action == 'create') $morphys["phy"] = $langs->trans("Physical"); $morphys["mor"] = $langs->trans("Moral"); print ''.$langs->trans("Nature")."\n"; - print $form->selectarray("morphy", $morphys, isset($_POST["morphy"])?$_POST["morphy"]:$object->morphy, 1); + print $form->selectarray("morphy", $morphys, GETPOST('morphy','alpha')?GETPOST('morphy','alpha'):$object->morphy, 1); print "\n"; // Type @@ -682,26 +687,26 @@ if ($action == 'create') $listetype=$adht->liste_array(); if (count($listetype)) { - print $form->selectarray("typeid", $listetype, isset($_POST["typeid"])?$_POST["typeid"]:$typeid, 1); + print $form->selectarray("typeid", $listetype, GETPOST('typeid','int')?GETPOST('typeid','int'):$typeid, 1); } else { print ''.$langs->trans("NoTypeDefinedGoToSetup").''; } print "\n"; // Company - print ''.$langs->trans("Company").'societe).'">'; + print ''.$langs->trans("Company").''; // Civility print ''.$langs->trans("UserTitle").''; - print $formcompany->select_civility(isset($_POST["civilite_id"])?$_POST["civilite_id"]:$object->civilite_id,'civilite_id').''; + print $formcompany->select_civility(GETPOST('civilite_id','int')?GETPOST('civilite_id','int'):$object->civilite_id,'civilite_id').''; print ''; // Lastname - print ''.$langs->trans("Lastname").'lastname).'" size="40">'; + print ''.$langs->trans("Lastname").''; print ''; // Firstname - print ''.$langs->trans("Firstname").'firstname).'">'; + print ''.$langs->trans("Firstname").''; print ''; // Password @@ -716,20 +721,20 @@ if ($action == 'create') // Address print ''.$langs->trans("Address").''; - print ''; + print ''; print ''; // Zip / Town print ''.$langs->trans("Zip").' / '.$langs->trans("Town").''; - print $formcompany->select_ziptown((isset($_POST["zipcode"])?$_POST["zipcode"]:$object->zip),'zipcode',array('town','selectcountry_id','departement_id'),6); + print $formcompany->select_ziptown((GETPOST('zipcode','alpha')?GETPOST('zipcode','alpha'):$object->zip),'zipcode',array('town','selectcountry_id','departement_id'),6); print ' '; - print $formcompany->select_ziptown((isset($_POST["town"])?$_POST["town"]:$object->town),'town',array('zipcode','selectcountry_id','departement_id')); + print $formcompany->select_ziptown((GETPOST('town','alpha')?GETPOST('town','alpha'):$object->town),'town',array('zipcode','selectcountry_id','departement_id')); print ''; // Country $object->country_id=$object->country_id?$object->country_id:$mysoc->country_id; print ''.$langs->trans('Country').''; - print $form->select_country(isset($_POST["country_id"])?$_POST["country_id"]:$object->country_id,'country_id'); + print $form->select_country(GETPOST('country_id','alpha')?GETPOST('country_id','alpha'):$object->country_id,'country_id'); if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionnarySetup"),1); print ''; @@ -739,7 +744,7 @@ if ($action == 'create') print ''.$langs->trans('State').''; if ($object->country_id) { - print $formcompany->select_state(isset($_POST["departement_id"])?$_POST["departement_id"]:$object->fk_departement,$object->country_code); + print $formcompany->select_state(GETPOST('departement_id','int')?GETPOST('departement_id','int'):$object->fk_departement,$object->country_code); } else { @@ -749,16 +754,16 @@ if ($action == 'create') } // Tel pro - print ''.$langs->trans("PhonePro").'phone).'">'; + print ''.$langs->trans("PhonePro").''; // Tel perso - print ''.$langs->trans("PhonePerso").'phone_perso).'">'; + print ''.$langs->trans("PhonePerso").''; // Tel mobile - print ''.$langs->trans("PhoneMobile").'phone_mobile).'">'; + print ''.$langs->trans("PhoneMobile").''; // EMail - print ''.($conf->global->ADHERENT_MAIL_REQUIRED?'':'').$langs->trans("EMail").($conf->global->ADHERENT_MAIL_REQUIRED?'':'').'email).'">'; + print ''.($conf->global->ADHERENT_MAIL_REQUIRED?'':'').$langs->trans("EMail").($conf->global->ADHERENT_MAIL_REQUIRED?'':'').''; // Birthday print "".$langs->trans("Birthday")."\n"; @@ -777,7 +782,7 @@ if ($action == 'create') { foreach($extrafields->attribute_label as $key=>$label) { - $value=(isset($_POST["options_".$key])?$_POST["options_".$key]:$object->array_options["options_".$key]); + $value=(isset($_POST["options_".$key])?GETPOST('options_'.$key,'alpha'):$object->array_options["options_".$key]); print ''.$label.''; print $extrafields->showInputField($key,$value); print ''."\n"; diff --git a/htdocs/adherents/ldap.php b/htdocs/adherents/ldap.php index 5e3456c2cfd..304e0664225 100644 --- a/htdocs/adherents/ldap.php +++ b/htdocs/adherents/ldap.php @@ -34,7 +34,7 @@ $langs->load("members"); $langs->load("ldap"); $langs->load("admin"); -$rowid = GETPOST("id"); +$rowid = GETPOST('id','int'); $action = GETPOST('action'); // Protection diff --git a/htdocs/adherents/liste.php b/htdocs/adherents/liste.php index a88056930b7..57eb88dee8e 100644 --- a/htdocs/adherents/liste.php +++ b/htdocs/adherents/liste.php @@ -79,7 +79,7 @@ llxHeader('',$langs->trans("Member"),'EN:Module_Foundations|FR:Module_Adhé $now=dol_now(); -$sql = "SELECT d.rowid, d.login, d.prenom as firstname, d.nom as name, d.societe, "; +$sql = "SELECT d.rowid, d.login, d.nom as lastname, d.prenom as firstname, d.societe, "; $sql.= " d.datefin,"; $sql.= " d.email, d.fk_adherent_type as type_id, d.morphy, d.statut,"; $sql.= " t.libelle as type, t.cotisation"; diff --git a/htdocs/adherents/note.php b/htdocs/adherents/note.php index 7a2b9c3aca3..0cae0490222 100644 --- a/htdocs/adherents/note.php +++ b/htdocs/adherents/note.php @@ -28,7 +28,7 @@ require_once(DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'); require_once(DOL_DOCUMENT_ROOT."/adherents/class/adherent_type.class.php"); $action=GETPOST('action'); -$id=GETPOST("id"); +$id=GETPOST('id','int'); $langs->load("companies"); $langs->load("members"); diff --git a/htdocs/adherents/stats/index.php b/htdocs/adherents/stats/index.php index c3486f5aeb1..8c5484d3e92 100644 --- a/htdocs/adherents/stats/index.php +++ b/htdocs/adherents/stats/index.php @@ -31,8 +31,8 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/member.lib.php"); $WIDTH=500; $HEIGHT=200; -$userid=GETPOST('userid'); if ($userid < 0) $userid=0; -$socid=GETPOST('socid'); if ($socid < 0) $socid=0; +$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0; +$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0; // Security check if ($user->societe_id > 0) { diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index 65f1fc4f64a..3b5baa48d1e 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -296,7 +296,7 @@ complete_dictionnary_with_modules($taborder,$tabname,$tablib,$tabsql,$tabsqlsort // Define elementList and sourceList (used for dictionnary "type of contacts") $elementList = array(); $sourceList=array(); -if (GETPOST("id") == 11) +if (GETPOST('id','int') == 11) { $langs->load("orders"); $langs->load("contracts"); @@ -702,7 +702,7 @@ if ($_GET["id"]) if ($num > $listlimit) { print ''; - print_fleche_navigation($page,$_SERVER["PHP_SELF"],'&id='.GETPOST('id'),($num > $listlimit),$langs->trans("Page").' '.($page+1)); + print_fleche_navigation($page,$_SERVER["PHP_SELF"],'&id='.GETPOST('id','int'),($num > $listlimit),$langs->trans("Page").' '.($page+1)); print ''; } @@ -737,10 +737,10 @@ if ($_GET["id"]) // Affiche nom du champ if ($showfield) { - print_liste_field_titre($valuetoshow,"dict.php",$fieldlist[$field],($page?'page='.$page.'&':'').'&id='.GETPOST("id"),"","",$sortfield,$sortorder); + print_liste_field_titre($valuetoshow,"dict.php",$fieldlist[$field],($page?'page='.$page.'&':'').'&id='.GETPOST('id','int'),"","",$sortfield,$sortorder); } } - print_liste_field_titre($langs->trans("Status"),"dict.php","active",($page?'page='.$page.'&':'').'&id='.GETPOST("id"),"",'align="center"',$sortfield,$sortorder); + print_liste_field_titre($langs->trans("Status"),"dict.php","active",($page?'page='.$page.'&':'').'&id='.GETPOST('id','int'),"",'align="center"',$sortfield,$sortorder); print ' '; print ''; @@ -756,7 +756,7 @@ if ($_GET["id"]) { print '
'; print ''; - print ''; + print ''; print ''; print ''; diff --git a/htdocs/boxes.php b/htdocs/boxes.php index 77c63b8bce1..c83a37ef87e 100644 --- a/htdocs/boxes.php +++ b/htdocs/boxes.php @@ -210,11 +210,11 @@ class InfoBox } else { - $boxname=preg_replace('/.php$/i','',$obj->file); - $sourcefile = DOL_DOCUMENT_ROOT."/core/boxes/".$boxname.".php"; + $boxname=preg_replace('/\.php$/i','',$obj->file); + $sourcefile = "/core/boxes/".$boxname.".php"; } - dol_include_once($sourcefile); + dol_include_once($sourcefile); // Do not use dol_include_once here because sourcefile is already good fullpath if (class_exists($boxname)) { $box=new $boxname($this->db,$obj->note); @@ -271,15 +271,15 @@ class InfoBox { $boxname = $regs[1]; $module = $regs[2]; - $sourcefile = "/".$module."/core/boxes/".$boxname.".php"; + $relsourcefile = "/".$module."/core/boxes/".$boxname.".php"; } else { $boxname=preg_replace('/.php$/i','',$obj->file); - $sourcefile = "/core/boxes/".$boxname.".php"; + $relsourcefile = "/core/boxes/".$boxname.".php"; } - dol_include_once($sourcefile); + dol_include_once($relsourcefile); if (class_exists($boxname)) { $box=new $boxname($this->db,$obj->note); diff --git a/htdocs/cashdesk/admin/cashdesk.php b/htdocs/cashdesk/admin/cashdesk.php index 254ea1c6263..8b3bb8a9fcf 100644 --- a/htdocs/cashdesk/admin/cashdesk.php +++ b/htdocs/cashdesk/admin/cashdesk.php @@ -49,11 +49,11 @@ if (GETPOST("action") == 'set') { $db->begin(); - if (GETPOST("socid") < 0) $_POST["socid"]=''; + if (GETPOST('socid','int') < 0) $_POST["socid"]=''; /*if (GETPOST("CASHDESK_ID_BANKACCOUNT") < 0) $_POST["CASHDESK_ID_BANKACCOUNT"]=''; if (GETPOST("CASHDESK_ID_WAREHOUSE") < 0) $_POST["CASHDESK_ID_WAREHOUSE"]='';*/ - $res = dolibarr_set_const($db,"CASHDESK_ID_THIRDPARTY",GETPOST("socid"),'chaine',0,'',$conf->entity); + $res = dolibarr_set_const($db,"CASHDESK_ID_THIRDPARTY",GETPOST('socid','int'),'chaine',0,'',$conf->entity); $res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CASH",GETPOST("CASHDESK_ID_BANKACCOUNT_CASH"),'chaine',0,'',$conf->entity); $res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CHEQUE",GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE"),'chaine',0,'',$conf->entity); $res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CB",GETPOST("CASHDESK_ID_BANKACCOUNT_CB"),'chaine',0,'',$conf->entity); diff --git a/htdocs/cashdesk/index.php b/htdocs/cashdesk/index.php index 104532b469d..3f5edb9e290 100644 --- a/htdocs/cashdesk/index.php +++ b/htdocs/cashdesk/index.php @@ -93,7 +93,7 @@ print ''; $disabled=0; $langs->load("companies"); if (! empty($conf->global->CASHDESK_ID_THIRDPARTY)) $disabled=1; // If a particular third party is defined, we disable choice -print $form->select_company(GETPOST('socid')?GETPOST('socid'):$conf->global->CASHDESK_ID_THIRDPARTY,'socid','s.client in (1,3)',!$disabled,$disabled,1); +print $form->select_company(GETPOST('socid','int')?GETPOST('socid','int'):$conf->global->CASHDESK_ID_THIRDPARTY,'socid','s.client in (1,3)',!$disabled,$disabled,1); //print ''; print ''; print "\n"; diff --git a/htdocs/cashdesk/index_verif.php b/htdocs/cashdesk/index_verif.php index 104035ce6e3..50b18218902 100644 --- a/htdocs/cashdesk/index_verif.php +++ b/htdocs/cashdesk/index_verif.php @@ -30,7 +30,7 @@ $langs->load("cashdesk"); $username = GETPOST("txtUsername"); $password = GETPOST("pwdPassword"); -$thirdpartyid = (GETPOST("socid")!='')?GETPOST("socid"):$conf->global->CASHDESK_ID_THIRDPARTY; +$thirdpartyid = (GETPOST('socid','int')!='')?GETPOST('socid','int'):$conf->global->CASHDESK_ID_THIRDPARTY; $warehouseid = (GETPOST("warehouseid")!='')?GETPOST("warehouseid"):$conf->global->CASHDESK_ID_WAREHOUSE; // Check username diff --git a/htdocs/cashdesk/tpl/ticket.tpl.php b/htdocs/cashdesk/tpl/ticket.tpl.php index af52f517f8d..a3a055ac082 100644 --- a/htdocs/cashdesk/tpl/ticket.tpl.php +++ b/htdocs/cashdesk/tpl/ticket.tpl.php @@ -20,7 +20,7 @@ include_once(DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'); $langs->load("main"); header("Content-type: text/html; charset=".$conf->file->character_set_client); -$facid=GETPOST('facid'); +$facid=GETPOST('facid','int'); $object=new Facture($db); $object->fetch($facid); diff --git a/htdocs/categories/categorie.php b/htdocs/categories/categorie.php index 5ca949410b6..1a159d03257 100644 --- a/htdocs/categories/categorie.php +++ b/htdocs/categories/categorie.php @@ -32,8 +32,8 @@ require_once(DOL_DOCUMENT_ROOT."/categories/class/categorie.class.php"); $langs->load("categories"); $langs->load("products"); -$socid = GETPOST('socid'); -$id = GETPOST('id'); +$socid = GETPOST('socid','int'); +$id = GETPOST('id','int'); $ref = GETPOST('ref'); $type = GETPOST('type'); $mesg = GETPOST('mesg'); diff --git a/htdocs/categories/edit.php b/htdocs/categories/edit.php index efc432e7f94..ca82944a32a 100644 --- a/htdocs/categories/edit.php +++ b/htdocs/categories/edit.php @@ -28,7 +28,7 @@ require("../main.inc.php"); require_once(DOL_DOCUMENT_ROOT."/categories/class/categorie.class.php"); -$id=GETPOST('id'); +$id=GETPOST('id','int'); $ref=GETPOST('ref'); $type=GETPOST('type'); $action=GETPOST('action'); diff --git a/htdocs/categories/fiche.php b/htdocs/categories/fiche.php index 893afea90e3..15ccad5b5d1 100644 --- a/htdocs/categories/fiche.php +++ b/htdocs/categories/fiche.php @@ -31,16 +31,15 @@ $langs->load("categories"); // Security check -$socid=GETPOST('socid'); +$socid=GETPOST('socid','int'); if (!$user->rights->categorie->lire) accessforbidden(); -$action = GETPOST('action'); -$cancel = GETPOST('cancel'); -$origin = GETPOST('origin'); -$catorigin = GETPOST('catorigin'); -$nbcats = (GETPOST('choix') ? GETPOST('choix') : 1); -$type = GETPOST('type'); -$urlfrom = GETPOST("urlfrom"); +$action = GETPOST('action','alpha'); +$cancel = GETPOST('cancel','alpha'); +$origin = GETPOST('origin','alpha'); +$catorigin = GETPOST('catorigin','int'); +$type = GETPOST('type','alpha'); +$urlfrom = GETPOST('urlfrom','alpha'); if ($origin) { diff --git a/htdocs/categories/photos.php b/htdocs/categories/photos.php index 76f65ac07a0..747d2c92a5b 100644 --- a/htdocs/categories/photos.php +++ b/htdocs/categories/photos.php @@ -35,7 +35,7 @@ $langs->load("bills"); $mesg = ''; -$id=GETPOST('id'); +$id=GETPOST('id','int'); $ref=GETPOST('ref'); $type=GETPOST('type'); $action=GETPOST('action'); diff --git a/htdocs/categories/viewcat.php b/htdocs/categories/viewcat.php index 88f5dcec269..5efa8c9ecec 100644 --- a/htdocs/categories/viewcat.php +++ b/htdocs/categories/viewcat.php @@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/categories.lib.php"); $langs->load("categories"); $mesg = ''; -$id=GETPOST('id'); +$id=GETPOST('id','int'); $ref=GETPOST('ref'); $type=GETPOST('type'); $action=GETPOST('action'); diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php index da79ff42233..9993faac02b 100755 --- a/htdocs/comm/action/document.php +++ b/htdocs/comm/action/document.php @@ -2,7 +2,7 @@ /* Copyright (C) 2003-2004 Rodolphe Quiedeville * Copyright (C) 2004-2010 Laurent Destailleur * Copyright (C) 2005 Marc Barilley / Ocebo - * Copyright (C) 2005-2009 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2005 Simon TOSSER * * This program is free software; you can redistribute it and/or modify @@ -40,7 +40,7 @@ $langs->load("other"); $langs->load("bills"); if (isset($_GET["error"])) $error=$_GET["error"]; -$objectid = GETPOST("id"); +$objectid = GETPOST('id','int'); // Security check if ($user->societe_id > 0) diff --git a/htdocs/comm/action/fiche.php b/htdocs/comm/action/fiche.php index 85bb92979bd..023a12b1fee 100644 --- a/htdocs/comm/action/fiche.php +++ b/htdocs/comm/action/fiche.php @@ -2,7 +2,7 @@ /* Copyright (C) 2001-2005 Rodolphe Quiedeville * Copyright (C) 2004-2012 Laurent Destailleur * Copyright (C) 2005 Simon TOSSER - * Copyright (C) 2005-2011 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2010 Juanjo Menent * * This program is free software; you can redistribute it and/or modify @@ -43,11 +43,12 @@ $langs->load("bills"); $langs->load("orders"); $langs->load("agenda"); -$action=GETPOST("action"); +$action=GETPOST('action','alpha'); +$backtopage=GETPOST('backtopage','alpha'); // Security check -$socid = GETPOST('socid'); -$id = GETPOST('id'); +$socid = GETPOST('socid','int'); +$id = GETPOST('id','int'); if ($user->societe_id) $socid=$user->societe_id; //$result = restrictedArea($user, 'agenda', $id, 'actioncomm', 'actions', '', 'id'); @@ -66,9 +67,7 @@ if ($action == 'add_action') { $error=0; - $backtopage=''; - if (! empty($_POST["backtopage"])) $backtopage=$_POST["backtopage"]; - if (! $backtopage) + if (empty($backtopage)) { if ($socid > 0) $backtopage = DOL_URL_ROOT.'/societe/agenda.php?socid='.$socid; else $backtopage=DOL_URL_ROOT.'/comm/action/index.php'; @@ -154,10 +153,10 @@ if ($action == 'add_action') $actioncomm->note = trim($_POST["note"]); if (isset($_POST["contactid"])) $actioncomm->contact = $contact; - if (GETPOST("socid") > 0) + if (GETPOST('socid','int') > 0) { $societe = new Societe($db); - $societe->fetch(GETPOST("socid")); + $societe->fetch(GETPOST('socid','int')); $actioncomm->societe = $societe; } @@ -339,14 +338,9 @@ if ($action == 'update') } else { - if (! empty($_POST["from"])) // deprecated. Use backtopage instead - { - header("Location: ".$_POST["from"]); - exit; - } - if (! empty($_POST["backtopage"])) + if (! empty($backtopage)) { - header("Location: ".$_POST["backtopage"]); + header("Location: ".$backtopage); exit; } } @@ -426,7 +420,7 @@ if ($action == 'create') print ''; print ''; print ''; - if (GETPOST("backtopage")) print ''; + print ''; if (GETPOST("actioncode") == 'AC_RDV') print_fiche_titre($langs->trans("AddActionRendezVous")); else print_fiche_titre($langs->trans("AddAnAction")); @@ -514,12 +508,12 @@ if ($action == 'create') // Societe, contact print ''.$langs->trans("ActionOnCompany").''; - if (GETPOST("socid") > 0) + if (GETPOST('socid','int') > 0) { $societe = new Societe($db); - $societe->fetch(GETPOST("socid")); + $societe->fetch(GETPOST('socid','int')); print $societe->getNomUrl(1); - print ''; + print ''; } else { @@ -528,10 +522,10 @@ if ($action == 'create') print ''; // If company is forced, we propose contacts (may be contact is also forced) - if (GETPOST("contactid") > 0 || GETPOST("socid") > 0) + if (GETPOST("contactid") > 0 || GETPOST('socid','int') > 0) { print ''.$langs->trans("ActionOnContact").''; - $form->select_contacts(GETPOST("socid"),GETPOST('contactid'),'contactid',1); + $form->select_contacts(GETPOST('socid','int'),GETPOST('contactid'),'contactid',1); print ''; } @@ -679,7 +673,7 @@ if ($id) print ''; print ''; print ''; - if (GETPOST("backtopage")) print ''; + print ''; print ''; diff --git a/htdocs/comm/action/rapport/index.php b/htdocs/comm/action/rapport/index.php index 25d0403f3c4..57c23879b45 100644 --- a/htdocs/comm/action/rapport/index.php +++ b/htdocs/comm/action/rapport/index.php @@ -40,7 +40,7 @@ if (! $sortorder) $sortorder="DESC"; if (! $sortfield) $sortfield="a.datep"; // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'agenda', $socid, '', 'myactions'); @@ -53,7 +53,7 @@ $langs->load("commercial"); if ($_GET["action"] == 'builddoc') { $cat = new CommActionRapport($db, $_GET["month"], $_GET["year"]); - $result=$cat->write_file(GETPOST("id")); + $result=$cat->write_file(GETPOST('id','int')); if ($result < 0) { $mesg=$cat->error; diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php index 38c9c4bed4c..38c20e438a6 100644 --- a/htdocs/comm/contact.php +++ b/htdocs/comm/contact.php @@ -40,7 +40,7 @@ $offset = $limit * $page ; $type=$_GET["type"]; // Security check -$socid = GETPOST('socid'); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe',$socid,''); diff --git a/htdocs/comm/fiche.php b/htdocs/comm/fiche.php index 56e78a0f523..cc83e426ca0 100644 --- a/htdocs/comm/fiche.php +++ b/htdocs/comm/fiche.php @@ -49,7 +49,7 @@ if ($conf->notification->enabled) $langs->load("mails"); if (!empty($conf->global->MAIN_MODULE_CHRONODOCS)) $langs->load("chronodocs"); // Security check -$id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id')); +$id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id','int')); if ($user->societe_id > 0) $id=$user->societe_id; $result = restrictedArea($user,'societe',$id,'&societe'); diff --git a/htdocs/comm/list.php b/htdocs/comm/list.php index 0c47814e6f1..b636c8bd3b7 100755 --- a/htdocs/comm/list.php +++ b/htdocs/comm/list.php @@ -32,7 +32,7 @@ $langs->load("suppliers"); $langs->load("commercial"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user,'societe',$socid,''); diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php index 45092f15267..01cd0bd4347 100644 --- a/htdocs/comm/mailing/cibles.php +++ b/htdocs/comm/mailing/cibles.php @@ -47,7 +47,7 @@ $pagenext = $page + 1; if (! $sortorder) $sortorder="ASC"; if (! $sortfield) $sortfield="email"; -$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id'); +$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id','int'); $action=GETPOST("action"); $search_nom=GETPOST("search_nom"); $search_prenom=GETPOST("search_prenom"); diff --git a/htdocs/comm/propal.php b/htdocs/comm/propal.php index cab31680ba3..4310a9de860 100644 --- a/htdocs/comm/propal.php +++ b/htdocs/comm/propal.php @@ -1080,7 +1080,7 @@ if ($id > 0 || ! empty($ref)) //'text' => $langs->trans("ConfirmClone"), //array('type' => 'checkbox', 'name' => 'clone_content', 'label' => $langs->trans("CloneMainAttributes"), 'value' => 1), //array('type' => 'checkbox', 'name' => 'update_prices', 'label' => $langs->trans("PuttingPricesUpToDate"), 'value' => 1), - array('type' => 'other', 'name' => 'socid', 'label' => $langs->trans("SelectThirdParty"), 'value' => $form->select_company(GETPOST('socid'),'socid','(s.client=1 OR s.client=3)')) + array('type' => 'other', 'name' => 'socid', 'label' => $langs->trans("SelectThirdParty"), 'value' => $form->select_company(GETPOST('socid','int'),'socid','(s.client=1 OR s.client=3)')) ); // Paiement incomplet. On demande si motif = escompte ou autre $formconfirm=$form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id,$langs->trans('ClonePropal'),$langs->trans('ConfirmClonePropal',$object->ref),'confirm_clone',$formquestion,'yes',1); @@ -1352,11 +1352,11 @@ if ($id > 0 || ! empty($ref)) if ($action == 'editdelivery_address') { - $formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid'),'fk_address','propal',$object->id); + $formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid','int'),'fk_address','propal',$object->id); } else { - $formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid'),'none','propal',$object->id); + $formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid','int'),'none','propal',$object->id); } print ''; } diff --git a/htdocs/comm/propal/apercu.php b/htdocs/comm/propal/apercu.php index 56a0c9c06de..ea03bf2875a 100644 --- a/htdocs/comm/propal/apercu.php +++ b/htdocs/comm/propal/apercu.php @@ -37,7 +37,7 @@ $langs->load('compta'); // Security check $socid=0; -$id = GETPOST("id"); +$id = GETPOST('id','int'); $ref = GETPOST("ref"); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'propale', $id, 'propal'); diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php index 56f8fd581fa..30592f90426 100644 --- a/htdocs/comm/propal/document.php +++ b/htdocs/comm/propal/document.php @@ -35,7 +35,7 @@ $langs->load('other'); $action = GETPOST('action'); $confirm = GETPOST('confirm'); -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref = GETPOST('ref'); // Security check diff --git a/htdocs/comm/propal/stats/index.php b/htdocs/comm/propal/stats/index.php index 7dcff4a5b54..408abed65cf 100644 --- a/htdocs/comm/propal/stats/index.php +++ b/htdocs/comm/propal/stats/index.php @@ -30,8 +30,8 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/dolgraph.class.php"); $WIDTH=500; $HEIGHT=200; -$userid=GETPOST('userid'); if ($userid < 0) $userid=0; -$socid=GETPOST('socid'); if ($socid < 0) $socid=0; +$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0; +$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0; // Security check if ($user->societe_id > 0) { diff --git a/htdocs/comm/prospect/fiche.php b/htdocs/comm/prospect/fiche.php index db6a493c54e..020cc203f10 100644 --- a/htdocs/comm/prospect/fiche.php +++ b/htdocs/comm/prospect/fiche.php @@ -37,7 +37,7 @@ $langs->load('projects'); $langs->load('propal'); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe', $socid, '&societe'); diff --git a/htdocs/comm/remise.php b/htdocs/comm/remise.php index abfb5005972..b124a83714f 100644 --- a/htdocs/comm/remise.php +++ b/htdocs/comm/remise.php @@ -30,21 +30,23 @@ $langs->load("companies"); $langs->load("orders"); $langs->load("bills"); -$socid = GETPOST("id"); +$socid = GETPOST('id','int'); // Security check if ($user->societe_id > 0) { $socid = $user->societe_id; } +$backtopage = GETPOST('backtopage','alpha'); + /* * Actions */ -if (GETPOST('cancel') && GETPOST('backtopage')) +if (GETPOST('cancel') && ! empty($backtopage)) { - Header("Location: ".GETPOST("backtopage")); + Header("Location: ".$backtopage); exit; } @@ -56,9 +58,9 @@ if (GETPOST("action") == 'setremise') if ($result > 0) { - if (GETPOST('backtopage')) + if (! empty($backtopage)) { - Header("Location: ".GETPOST('backtopage')); + Header("Location: ".$backtopage); exit; } else @@ -122,7 +124,7 @@ if ($socid > 0) print ''; print ''; print ''; - print ''; + print ''; print '
'; @@ -138,7 +140,7 @@ if ($socid > 0) print '
'; print ''; - if (GETPOST("backtopage")) + if (! empty($backtopage)) { print '    '; print ''; diff --git a/htdocs/comm/remx.php b/htdocs/comm/remx.php index 8f26a58463e..828d231d3b8 100644 --- a/htdocs/comm/remx.php +++ b/htdocs/comm/remx.php @@ -32,10 +32,11 @@ $langs->load("orders"); $langs->load("bills"); $langs->load("companies"); -$action=GETPOST('action'); +$action=GETPOST('action','alpha'); +$backtopage=GETPOST('backtopage','alpha'); // Security check -$socid = GETPOST("id"); +$socid = GETPOST('id','int'); if ($user->societe_id > 0) { $socid = $user->societe_id; @@ -46,9 +47,9 @@ if ($user->societe_id > 0) * Actions */ -if (GETPOST('cancel') && GETPOST('backtopage')) +if (GETPOST('cancel') && ! empty($backtopage)) { - Header("Location: ".GETPOST("backtopage")); + Header("Location: ".$backtopage); exit; } @@ -151,9 +152,9 @@ if ($action == 'setremise') if ($discountid > 0) { - if (GETPOST("backtopage")) + if (! empty($backtopage)) { - Header("Location: ".GETPOST("backtopage").'&discountid='.$discountid); + Header("Location: ".$backtopage.'&discountid='.$discountid); exit; } else @@ -188,7 +189,7 @@ if (GETPOST("action") == 'confirm_remove' && GETPOST("confirm")=='yes') if ($result > 0) { $db->commit(); - header("Location: ".$_SERVER["PHP_SELF"].'?id='.GETPOST('id')); // To avoid pb whith back + header("Location: ".$_SERVER["PHP_SELF"].'?id='.GETPOST('id','int')); // To avoid pb whith back exit; } else @@ -228,7 +229,7 @@ if ($socid > 0) print ''; print ''; print ''; - print ''; + print ''; print '
'; @@ -280,7 +281,7 @@ if ($socid > 0) print '
'; print ''; - if (GETPOST("backtopage")) + if (! empty($backtopage)) { print '    '; print ''; diff --git a/htdocs/commande/apercu.php b/htdocs/commande/apercu.php index 70561e6b8d4..0407eced627 100644 --- a/htdocs/commande/apercu.php +++ b/htdocs/commande/apercu.php @@ -40,7 +40,7 @@ $langs->load('sendings'); // Security check $socid=0; -$id = GETPOST("id"); +$id = GETPOST('id','int'); $ref = GETPOST("ref"); if ($user->societe_id) $socid=$user->societe_id; $result=restrictedArea($user,'commande',$id,''); diff --git a/htdocs/commande/contact.php b/htdocs/commande/contact.php index 966e2c660fc..828dc7c0a26 100644 --- a/htdocs/commande/contact.php +++ b/htdocs/commande/contact.php @@ -79,7 +79,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->commande->creer) if ($_GET["action"] == 'swapstatut' && $user->rights->commande->creer) { $commande = new Commande($db); - if ($commande->fetch(GETPOST("id"))) + if ($commande->fetch(GETPOST('id','int'))) { $result=$commande->swapContactStatus(GETPOST('ligne')); } diff --git a/htdocs/commande/document.php b/htdocs/commande/document.php index e2b9f431043..f4838e1663e 100644 --- a/htdocs/commande/document.php +++ b/htdocs/commande/document.php @@ -36,7 +36,7 @@ $langs->load('other'); $action = GETPOST('action'); $confirm = GETPOST('confirm'); -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref = GETPOST('ref'); // Security check diff --git a/htdocs/commande/fiche.php b/htdocs/commande/fiche.php index f252443df80..a8383c52d55 100644 --- a/htdocs/commande/fiche.php +++ b/htdocs/commande/fiche.php @@ -51,9 +51,9 @@ $langs->load('propal'); $langs->load('deliveries'); $langs->load('products'); -$id = (GETPOST("id")?GETPOST("id"):GETPOST("orderid")); +$id = (GETPOST('id','int')?GETPOST('id','int'):GETPOST("orderid")); $ref = GETPOST('ref'); -$socid = GETPOST('socid'); +$socid = GETPOST('socid','int'); $action = GETPOST('action'); $confirm = GETPOST('confirm'); $lineid = GETPOST('lineid'); @@ -191,7 +191,7 @@ if ($action == 'add' && $user->rights->commande->creer) $datecommande = dol_mktime(12, 0, 0, $_POST['remonth'], $_POST['reday'], $_POST['reyear']); $datelivraison = dol_mktime(12, 0, 0, $_POST['liv_month'],$_POST['liv_day'],$_POST['liv_year']); - $object->socid=GETPOST('socid'); + $object->socid=GETPOST('socid','int'); $object->fetch_thirdparty(); $db->begin(); @@ -229,7 +229,7 @@ if ($action == 'add' && $user->rights->commande->creer) $object->origin = $_POST['origin']; $object->origin_id = $_POST['originid']; - + // Possibility to add external linked objects with hooks $object->linked_objects[$object->origin] = $object->origin_id; if (is_array($_POST['other_linked_objects']) && ! empty($_POST['other_linked_objects'])) @@ -637,18 +637,18 @@ if ($action == 'addline' && $user->rights->commande->creer) if ($result > 0) { - // Define output language - $outputlangs = $langs; - $newlang=''; - if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id']; - if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang; - if (! empty($newlang)) - { - $outputlangs = new Translate("",$conf); - $outputlangs->setDefaultLang($newlang); - } if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) { + // Define output language + $outputlangs = $langs; + $newlang=GETPOST('lang_id','alpha'); + if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang; + if (! empty($newlang)) + { + $outputlangs = new Translate("",$conf); + $outputlangs->setDefaultLang($newlang); + } + $ret=$object->fetch($id); // Reload to get new records commande_pdf_create($db, $object, $object->modelpdf, $outputlangs, GETPOST('hidedetails'), GETPOST('hidedesc'), GETPOST('hideref'), $hookmanager); } @@ -1652,7 +1652,7 @@ else //'text' => $langs->trans("ConfirmClone"), //array('type' => 'checkbox', 'name' => 'clone_content', 'label' => $langs->trans("CloneMainAttributes"), 'value' => 1), //array('type' => 'checkbox', 'name' => 'update_prices', 'label' => $langs->trans("PuttingPricesUpToDate"), 'value' => 1), - array('type' => 'other', 'name' => 'socid', 'label' => $langs->trans("SelectThirdParty"), 'value' => $form->select_company(GETPOST('socid'),'socid','(s.client=1 OR s.client=3)')) + array('type' => 'other', 'name' => 'socid', 'label' => $langs->trans("SelectThirdParty"), 'value' => $form->select_company(GETPOST('socid','int'),'socid','(s.client=1 OR s.client=3)')) ); // Paiement incomplet. On demande si motif = escompte ou autre $formconfirm=$form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id,$langs->trans('CloneOrder'),$langs->trans('ConfirmCloneOrder',$object->ref),'confirm_clone',$formquestion,'yes',1); @@ -1816,11 +1816,11 @@ else if ($action == 'editdelivery_adress') { - $form->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,$socid,'fk_address','commande',$object->id); + $formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,$socid,'fk_address','commande',$object->id); } else { - $form->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,$socid,'none','commande',$object->id); + $formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,$socid,'none','commande',$object->id); } print ''; } diff --git a/htdocs/commande/index.php b/htdocs/commande/index.php index 94946d75c65..d70aaf52af1 100644 --- a/htdocs/commande/index.php +++ b/htdocs/commande/index.php @@ -33,7 +33,7 @@ if (!$user->rights->commande->lire) accessforbidden(); $langs->load("orders"); // Security check -$socid=GETPOST('socid'); +$socid=GETPOST('socid','int'); if ($user->societe_id > 0) { $action = ''; diff --git a/htdocs/commande/liste.php b/htdocs/commande/liste.php index 6ffe19b3df9..d628610b94c 100644 --- a/htdocs/commande/liste.php +++ b/htdocs/commande/liste.php @@ -44,7 +44,7 @@ $sall=GETPOST('sall'); $socid=GETPOST('socid','int'); // Security check -$id = (GETPOST('orderid')?GETPOST('orderid'):GETPOST('id')); +$id = (GETPOST('orderid')?GETPOST('orderid'):GETPOST('id','int')); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'commande', $id,''); diff --git a/htdocs/commande/stats/index.php b/htdocs/commande/stats/index.php index 57ce188be25..6ef7e808126 100644 --- a/htdocs/commande/stats/index.php +++ b/htdocs/commande/stats/index.php @@ -34,8 +34,8 @@ $mode=GETPOST("mode")?GETPOST("mode"):'customer'; if ($mode == 'customer' && ! $user->rights->commande->lire) accessforbidden(); if ($mode == 'supplier' && ! $user->rights->fournisseur->commande->lire) accessforbidden(); -$userid=GETPOST('userid'); if ($userid < 0) $userid=0; -$socid=GETPOST('socid'); if ($socid < 0) $socid=0; +$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0; +$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0; // Security check if ($user->societe_id > 0) { diff --git a/htdocs/compta/bank/fiche.php b/htdocs/compta/bank/fiche.php index 5a57bef27b7..f61d78641bb 100644 --- a/htdocs/compta/bank/fiche.php +++ b/htdocs/compta/bank/fiche.php @@ -468,10 +468,10 @@ else /* */ /* ************************************************************************** */ - if (GETPOST("id") && $action == 'edit' && $user->rights->banque->configurer) + if (GETPOST('id','int') && $action == 'edit' && $user->rights->banque->configurer) { $account = new Account($db); - $account->fetch(GETPOST("id")); + $account->fetch(GETPOST('id','int')); print_fiche_titre($langs->trans("EditFinancialAccount")); print "
"; diff --git a/htdocs/compta/deplacement/fiche.php b/htdocs/compta/deplacement/fiche.php index fce385ea57e..66680ef089d 100644 --- a/htdocs/compta/deplacement/fiche.php +++ b/htdocs/compta/deplacement/fiche.php @@ -36,7 +36,7 @@ $langs->load("trips"); // Security check -$id = GETPOST('id'); +$id = GETPOST('id','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'deplacement', $id,''); @@ -287,7 +287,7 @@ if ($action == 'create') // Company print "
"; print ''; // Public note diff --git a/htdocs/compta/deplacement/index.php b/htdocs/compta/deplacement/index.php index 273e27bec66..1fe0e9549ac 100644 --- a/htdocs/compta/deplacement/index.php +++ b/htdocs/compta/deplacement/index.php @@ -32,7 +32,7 @@ $langs->load("users"); $langs->load("trips"); // Security check -$socid = GETPOST('socid'); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'deplacement','',''); diff --git a/htdocs/compta/deplacement/info.php b/htdocs/compta/deplacement/info.php index 7dee9417339..1d0874af388 100644 --- a/htdocs/compta/deplacement/info.php +++ b/htdocs/compta/deplacement/info.php @@ -30,7 +30,7 @@ require_once(DOL_DOCUMENT_ROOT."/compta/deplacement/class/deplacement.class.php" $langs->load("trips"); // Security check -$id = GETPOST('id'); +$id = GETPOST('id','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'deplacement', $id, ''); diff --git a/htdocs/compta/deplacement/list.php b/htdocs/compta/deplacement/list.php index bd3ffc66e36..cc3d4542316 100755 --- a/htdocs/compta/deplacement/list.php +++ b/htdocs/compta/deplacement/list.php @@ -32,7 +32,7 @@ $langs->load("users"); $langs->load("trips"); // Security check -$socid = GETPOST('socid'); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'deplacement','',''); diff --git a/htdocs/compta/deplacement/stats/index.php b/htdocs/compta/deplacement/stats/index.php index d9847f8cb52..d07f816f1bc 100755 --- a/htdocs/compta/deplacement/stats/index.php +++ b/htdocs/compta/deplacement/stats/index.php @@ -31,8 +31,8 @@ $langs->load("trips"); $WIDTH=500; $HEIGHT=200; -$userid=GETPOST('userid'); if ($userid < 0) $userid=0; -$socid=GETPOST('socid'); if ($socid < 0) $socid=0; +$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0; +$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0; // Securite acces client if ($user->societe_id > 0) { diff --git a/htdocs/compta/dons/fiche.php b/htdocs/compta/dons/fiche.php index 5ee0351d559..5ee0ae1c95b 100644 --- a/htdocs/compta/dons/fiche.php +++ b/htdocs/compta/dons/fiche.php @@ -34,7 +34,7 @@ $langs->load("companies"); $langs->load("donations"); $langs->load("bills"); -$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id'); +$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id','int'); $action=GETPOST('action'); $mesg=""; diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php index 33ef351b0f8..e608d07d1a9 100644 --- a/htdocs/compta/facture.php +++ b/htdocs/compta/facture.php @@ -53,7 +53,7 @@ if (GETPOST('mesg','int',1) && isset($_SESSION['message'])) $mesg=$_SESSION['mes $sall=trim(GETPOST('sall')); $projectid=(GETPOST('projectid')?GETPOST('projectid','int'):0); -$id=(GETPOST('id')?GETPOST('id','int'):GETPOST('facid','int')); // For backward compatibility +$id=(GETPOST('id','int')?GETPOST('id','int'):GETPOST('facid','int')); // For backward compatibility $ref=GETPOST('ref','alpha'); $socid=GETPOST('socid','int'); $action=GETPOST('action','alpha'); @@ -558,7 +558,7 @@ if ($action == 'confirm_converttoreduc' && $confirm == 'yes' && $user->rights->f */ if ($action == 'add' && $user->rights->facture->creer) { - $object->socid=GETPOST('socid'); + $object->socid=GETPOST('socid','int'); $db->begin(); diff --git a/htdocs/compta/facture/apercu.php b/htdocs/compta/facture/apercu.php index 6c07791e272..f29038bf0d3 100644 --- a/htdocs/compta/facture/apercu.php +++ b/htdocs/compta/facture/apercu.php @@ -36,7 +36,7 @@ $langs->load("bills"); // Security check $socid=0; -$id = GETPOST("facid"); +$id = GETPOST('facid','int'); $ref = GETPOST("ref"); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'facture', $id); diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 3a7e59c7a80..8a1cb98c4b7 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -838,7 +838,7 @@ class Facture extends CommonObject $sql.= ' l.rang, l.special_code,'; $sql.= ' l.date_start as date_start, l.date_end as date_end,'; $sql.= ' l.info_bits, l.total_ht, l.total_tva, l.total_localtax1, l.total_localtax2, l.total_ttc, l.fk_code_ventilation, l.fk_export_compta,'; - $sql.= ' p.ref as product_ref, p.fk_product_type as fk_product_type, p.label as label, p.description as product_desc'; + $sql.= ' p.ref as product_ref, p.fk_product_type as fk_product_type, p.label as product_label, p.description as product_desc'; $sql.= ' FROM '.MAIN_DB_PREFIX.'facturedet as l'; $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON l.fk_product = p.rowid'; $sql.= ' WHERE l.fk_facture = '.$this->id; @@ -856,12 +856,12 @@ class Facture extends CommonObject $line = new FactureLigne($this->db); $line->rowid = $objp->rowid; - $line->desc = $objp->description; // Description line - $line->product_type = $objp->product_type; // Type of line - $line->product_ref = $objp->product_ref; // Ref product - $line->libelle = $objp->label; // Label product - $line->product_label = $objp->product_label; - $line->product_desc = $objp->product_desc; // Description product + $line->desc = $objp->description; // Description line + $line->product_type = $objp->product_type; // Type of line + $line->product_ref = $objp->product_ref; // Ref product + $line->libelle = $objp->product_label; // TODO deprecated + $line->product_label = $objp->product_label; // Label product + $line->product_desc = $objp->product_desc; // Description product $line->fk_product_type = $objp->fk_product_type; // Type of product $line->qty = $objp->qty; $line->subprice = $objp->subprice; @@ -3411,7 +3411,7 @@ class FactureLigne $sql = 'SELECT fd.rowid, fd.fk_facture, fd.fk_parent_line, fd.fk_product, fd.product_type, fd.description, fd.price, fd.qty, fd.tva_tx,'; $sql.= ' fd.localtax1_tx, fd. localtax2_tx, fd.remise, fd.remise_percent, fd.fk_remise_except, fd.subprice,'; $sql.= ' fd.date_start as date_start, fd.date_end as date_end,'; - $sql.= ' fd.info_bits, fd.total_ht, fd.total_tva, fd.total_ttc, fd.rang,'; + $sql.= ' fd.info_bits, fd.total_ht, fd.total_tva, fd.total_ttc, fd.total_localtax1, fd.total_localtax2, fd.rang,'; $sql.= ' fd.fk_code_ventilation, fd.fk_export_compta,'; $sql.= ' p.ref as product_ref, p.label as product_libelle, p.description as product_desc'; $sql.= ' FROM '.MAIN_DB_PREFIX.'facturedet as fd'; diff --git a/htdocs/compta/facture/contact.php b/htdocs/compta/facture/contact.php index 410cfcff75e..8e34d0aa48f 100644 --- a/htdocs/compta/facture/contact.php +++ b/htdocs/compta/facture/contact.php @@ -32,7 +32,9 @@ require_once(DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'); $langs->load("bills"); $langs->load("companies"); -$facid = isset($_GET["facid"])?$_GET["facid"]:''; +$facid = GETPOST('facid'); +$id = GETPOST('facid'); +$ref= GETPOST('ref'); // Security check if ($user->societe_id) $socid=$user->societe_id; @@ -45,12 +47,11 @@ $result = restrictedArea($user, 'facture', $facid); if ($_POST["action"] == 'addcontact' && $user->rights->facture->creer) { - $result = 0; $facture = new Facture($db); - $result = $facture->fetch($_GET["facid"]); + $result = $facture->fetch($facid); - if ($result > 0 && $_GET["facid"] > 0) + if ($result > 0 && $facid > 0) { $result = $facture->add_contact($_POST["contactid"], $_POST["type"], $_POST["source"]); } @@ -78,7 +79,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->facture->creer) if ($_GET["action"] == 'swapstatut' && $user->rights->facture->creer) { $facture = new Facture($db); - if ($facture->fetch(GETPOST("facid"))) + if ($facture->fetch($facid)) { $result=$facture->swapContactStatus(GETPOST('ligne')); } @@ -92,7 +93,7 @@ if ($_GET["action"] == 'swapstatut' && $user->rights->facture->creer) if ($_GET["action"] == 'deleteline' && $user->rights->facture->creer) { $facture = new Facture($db); - $facture->fetch($_GET["facid"]); + $facture->fetch($facid); $result = $facture->delete_contact($_GET["lineid"]); if ($result >= 0) @@ -125,8 +126,6 @@ $userstatic=new User($db); /* *************************************************************************** */ dol_htmloutput_mesg($mesg); -$id = $_GET['facid']; -$ref= $_GET['ref']; if ($id > 0 || ! empty($ref)) { $facture = new Facture($db); diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php index 720d37f7772..d76b6fc4b2d 100644 --- a/htdocs/compta/facture/document.php +++ b/htdocs/compta/facture/document.php @@ -39,7 +39,7 @@ $langs->load("bills"); $action = GETPOST('action'); $confirm = GETPOST('confirm'); -$id = GETPOST('facid'); +$id = GETPOST('facid','int'); $ref = GETPOST('ref'); // Security check diff --git a/htdocs/compta/facture/fiche-rec.php b/htdocs/compta/facture/fiche-rec.php index 36f8777f234..2960624597a 100644 --- a/htdocs/compta/facture/fiche-rec.php +++ b/htdocs/compta/facture/fiche-rec.php @@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT."/product/class/product.class.php"); $langs->load('bills'); // Security check -$facid=GETPOST("facid"); +$facid=GETPOST('facid','int'); $action=GETPOST("action"); if ($user->societe_id) $socid=$user->societe_id; $objecttype = 'facture_rec'; @@ -81,7 +81,7 @@ if ($_POST["action"] == 'add') if ($_REQUEST["action"] == 'delete' && $user->rights->facture->supprimer) { $facrec = new FactureRec($db); - $facrec->fetch(GETPOST("facid")); + $facrec->fetch(GETPOST('facid','int')); $facrec->delete(); $facid = 0 ; } diff --git a/htdocs/compta/facture/stats/index.php b/htdocs/compta/facture/stats/index.php index 54dc1244aeb..3b579f6e56f 100644 --- a/htdocs/compta/facture/stats/index.php +++ b/htdocs/compta/facture/stats/index.php @@ -33,8 +33,8 @@ $mode=GETPOST("mode")?GETPOST("mode"):'customer'; if ($mode == 'customer' && ! $user->rights->facture->lire) accessforbidden(); if ($mode == 'supplier' && ! $user->rights->fournisseur->facture->lire) accessforbidden(); -$userid=GETPOST('userid'); if ($userid < 0) $userid=0; -$socid=GETPOST('socid'); if ($socid < 0) $socid=0; +$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0; +$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0; // Security check if ($user->societe_id > 0) { diff --git a/htdocs/compta/localtax/clients.php b/htdocs/compta/localtax/clients.php index ce0dbf389d8..bea4c61aec4 100644 --- a/htdocs/compta/localtax/clients.php +++ b/htdocs/compta/localtax/clients.php @@ -75,7 +75,7 @@ $modetax = $conf->global->TAX_MODE; if (isset($_REQUEST["modetax"])) $modetax=$_REQUEST["modetax"]; // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'tax', '', '', 'charges'); diff --git a/htdocs/compta/paiement.php b/htdocs/compta/paiement.php index 95658793d12..7d8caf6e69c 100644 --- a/htdocs/compta/paiement.php +++ b/htdocs/compta/paiement.php @@ -37,7 +37,7 @@ $langs->load('banks'); $action = GETPOST('action'); $confirm = GETPOST('confirm'); -$facid = GETPOST('facid'); +$facid = GETPOST('facid','int'); $socname = GETPOST('socname'); $accountid = GETPOST('accountid'); $paymentnum = GETPOST('num_paiement'); diff --git a/htdocs/compta/paiement/cheque/fiche.php b/htdocs/compta/paiement/cheque/fiche.php index a67c000f748..6c49ce2a582 100644 --- a/htdocs/compta/paiement/cheque/fiche.php +++ b/htdocs/compta/paiement/cheque/fiche.php @@ -35,7 +35,7 @@ $langs->load('banks'); $langs->load('companies'); $langs->load('compta'); -$id =GETPOST("id"); +$id =GETPOST('id','int'); $ref=GETPOST("ref"); $action=GETPOST('action'); @@ -67,7 +67,7 @@ $filteraccountid=GETPOST('accountid'); if ($action == 'setdate' && $user->rights->banque->cheque) { $remisecheque = new RemiseCheque($db); - $result = $remisecheque->fetch(GETPOST('id')); + $result = $remisecheque->fetch(GETPOST('id','int')); if ($result > 0) { //print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year']; diff --git a/htdocs/compta/paiement/liste.php b/htdocs/compta/paiement/liste.php index ddc95aa5642..b7c53db2c67 100644 --- a/htdocs/compta/paiement/liste.php +++ b/htdocs/compta/paiement/liste.php @@ -30,9 +30,9 @@ require_once(DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'); $langs->load("bills"); // Security check -$facid =GETPOST("facid"); -$socid =GETPOST("socid"); -$userid=GETPOST('userid'); +$facid =GETPOST('facid','int'); +$socid =GETPOST('socid','int'); +$userid=GETPOST('userid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'facture',$facid,''); diff --git a/htdocs/compta/prelevement/bon.php b/htdocs/compta/prelevement/bon.php index 67d7baee6ef..4a42b1fb08e 100644 --- a/htdocs/compta/prelevement/bon.php +++ b/htdocs/compta/prelevement/bon.php @@ -33,7 +33,7 @@ $langs->load("categories"); // Security check $socid=0; -$id = GETPOST("id"); +$id = GETPOST('id','int'); $ref = GETPOST("ref"); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'prelevement', $id); diff --git a/htdocs/compta/prelevement/bons.php b/htdocs/compta/prelevement/bons.php index ff656c9857e..4cfbbf0a481 100644 --- a/htdocs/compta/prelevement/bons.php +++ b/htdocs/compta/prelevement/bons.php @@ -31,7 +31,7 @@ $langs->load("widthdrawals"); $langs->load("categories"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'prelevement','','','bons'); diff --git a/htdocs/compta/prelevement/demandes.php b/htdocs/compta/prelevement/demandes.php index 82ab1bb4402..4038446afb1 100644 --- a/htdocs/compta/prelevement/demandes.php +++ b/htdocs/compta/prelevement/demandes.php @@ -32,7 +32,7 @@ $langs->load("companies"); $langs->load("categories"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'prelevement','','','bons'); diff --git a/htdocs/compta/prelevement/factures.php b/htdocs/compta/prelevement/factures.php index 58fe3761db9..67e47420061 100644 --- a/htdocs/compta/prelevement/factures.php +++ b/htdocs/compta/prelevement/factures.php @@ -37,8 +37,8 @@ $langs->load("categories"); if ($user->societe_id > 0) accessforbidden(); // Get supervariables -$prev_id = GETPOST("id"); -$socid = GETPOST("socid"); +$prev_id = GETPOST('id','int'); +$socid = GETPOST('socid','int'); $page = GETPOST("page"); $sortorder = ((GETPOST("sortorder")=="")) ? "DESC" : GETPOST("sortorder"); $sortfield = ((GETPOST("sortfield")=="")) ? "p.ref" : GETPOST("sortfield"); diff --git a/htdocs/compta/prelevement/fiche-rejet.php b/htdocs/compta/prelevement/fiche-rejet.php index 0fb5e55cf77..f3ad78b9b64 100644 --- a/htdocs/compta/prelevement/fiche-rejet.php +++ b/htdocs/compta/prelevement/fiche-rejet.php @@ -35,7 +35,7 @@ $langs->load("categories"); if ($user->societe_id > 0) accessforbidden(); // Get supervariables -$prev_id = GETPOST("id"); +$prev_id = GETPOST('id','int'); $page = GETPOST("page"); /* diff --git a/htdocs/compta/prelevement/fiche-stat.php b/htdocs/compta/prelevement/fiche-stat.php index 9d8261cf209..63b269c6286 100644 --- a/htdocs/compta/prelevement/fiche-stat.php +++ b/htdocs/compta/prelevement/fiche-stat.php @@ -34,7 +34,7 @@ $langs->load("withdrawals"); $langs->load("categories"); // Get supervariables -$prev_id = GETPOST("id"); +$prev_id = GETPOST('id','int'); $page = GETPOST("page"); /* diff --git a/htdocs/compta/prelevement/fiche.php b/htdocs/compta/prelevement/fiche.php index 4b76e9c3a02..e2d5a32fafe 100644 --- a/htdocs/compta/prelevement/fiche.php +++ b/htdocs/compta/prelevement/fiche.php @@ -40,7 +40,7 @@ if ($user->societe_id > 0) accessforbidden(); // Get supervariables $action = GETPOST("action"); -$id = GETPOST("id"); +$id = GETPOST('id','int'); /* * Actions diff --git a/htdocs/compta/prelevement/index.php b/htdocs/compta/prelevement/index.php index 7c9a1347d9b..a208b9d6b47 100644 --- a/htdocs/compta/prelevement/index.php +++ b/htdocs/compta/prelevement/index.php @@ -32,7 +32,7 @@ $langs->load("withdrawals"); $langs->load("categories"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'prelevement','',''); diff --git a/htdocs/compta/prelevement/ligne.php b/htdocs/compta/prelevement/ligne.php index 0914abbdc65..9af1d17b642 100644 --- a/htdocs/compta/prelevement/ligne.php +++ b/htdocs/compta/prelevement/ligne.php @@ -39,8 +39,8 @@ $langs->load("categories"); // Get supervariables $action = GETPOST("action"); -$id = GETPOST("id"); -$socid = GETPOST("socid"); +$id = GETPOST('id','int'); +$socid = GETPOST('socid','int'); $page = GETPOST("page"); $sortorder = GETPOST("sortorder"); diff --git a/htdocs/compta/prelevement/lignes.php b/htdocs/compta/prelevement/lignes.php index 6df698b529a..4d0db99de3c 100644 --- a/htdocs/compta/prelevement/lignes.php +++ b/htdocs/compta/prelevement/lignes.php @@ -36,8 +36,8 @@ if ($user->societe_id > 0) accessforbidden(); $langs->load("categories"); // Get supervariables -$prev_id = GETPOST("id"); -$socid = GETPOST("socid"); +$prev_id = GETPOST('id','int'); +$socid = GETPOST('socid','int'); $page = GETPOST("page"); $sortorder = ((GETPOST("sortorder")=="")) ? "DESC" : GETPOST("sortorder"); $sortfield = ((GETPOST("sortfield")=="")) ? "pl.fk_soc" : GETPOST("sortfield"); diff --git a/htdocs/compta/prelevement/liste.php b/htdocs/compta/prelevement/liste.php index ba827ad3675..c27e09502d6 100644 --- a/htdocs/compta/prelevement/liste.php +++ b/htdocs/compta/prelevement/liste.php @@ -32,7 +32,7 @@ $langs->load("companies"); $langs->load("categories"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'prelevement','','','bons'); diff --git a/htdocs/compta/prelevement/rejets.php b/htdocs/compta/prelevement/rejets.php index 7a2faf26d59..2428cd8c016 100644 --- a/htdocs/compta/prelevement/rejets.php +++ b/htdocs/compta/prelevement/rejets.php @@ -30,7 +30,7 @@ $langs->load("companies"); $langs->load("categories"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'prelevement','','','bons'); diff --git a/htdocs/compta/prelevement/stats.php b/htdocs/compta/prelevement/stats.php index 85b525d2917..62ec73caa64 100644 --- a/htdocs/compta/prelevement/stats.php +++ b/htdocs/compta/prelevement/stats.php @@ -31,7 +31,7 @@ $langs->load("companies"); $langs->load("categories"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'prelevement','','','bons'); diff --git a/htdocs/compta/resultat/clientfourn.php b/htdocs/compta/resultat/clientfourn.php index e023149849a..4160071c1e4 100644 --- a/htdocs/compta/resultat/clientfourn.php +++ b/htdocs/compta/resultat/clientfourn.php @@ -33,7 +33,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php"); $langs->load("bills"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id > 0) $socid = $user->societe_id; if (!$user->rights->compta->resultat->lire && !$user->rights->accounting->comptarapport->lire) accessforbidden(); diff --git a/htdocs/compta/resultat/index.php b/htdocs/compta/resultat/index.php index 5237142309c..928c74e24ce 100644 --- a/htdocs/compta/resultat/index.php +++ b/htdocs/compta/resultat/index.php @@ -38,7 +38,7 @@ else { } // Security check -$socid = GETPOST('socid'); +$socid = GETPOST('socid','int'); if ($user->societe_id > 0) $socid = $user->societe_id; if (!$user->rights->compta->resultat->lire && !$user->rights->accounting->comptarapport->lire) accessforbidden(); diff --git a/htdocs/compta/sociales/charges.php b/htdocs/compta/sociales/charges.php index 097571677f7..f9124c2edfd 100644 --- a/htdocs/compta/sociales/charges.php +++ b/htdocs/compta/sociales/charges.php @@ -30,11 +30,11 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/tax.lib.php"); $langs->load("compta"); $langs->load("bills"); -$id=GETPOST("id"); +$id=GETPOST('id','int'); $action=GETPOST("action"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'tax', $langs->trans("SocialContribution"), '', 'charges'); diff --git a/htdocs/compta/sociales/document.php b/htdocs/compta/sociales/document.php index 953d394896c..3261fab405a 100644 --- a/htdocs/compta/sociales/document.php +++ b/htdocs/compta/sociales/document.php @@ -38,7 +38,7 @@ $langs->load("companies"); $langs->load("compta"); $langs->load("bills"); -$id = GETPOST("id"); +$id = GETPOST('id','int'); $action = GETPOST("action"); // Security check diff --git a/htdocs/compta/sociales/info.php b/htdocs/compta/sociales/info.php index fc1a30fc15e..d48386bb623 100644 --- a/htdocs/compta/sociales/info.php +++ b/htdocs/compta/sociales/info.php @@ -29,11 +29,11 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/functions2.lib.php"); $langs->load("compta"); $langs->load("bills"); -$id=GETPOST("id"); +$id=GETPOST('id','int'); $action=GETPOST("action"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'tax', $langs->trans("SocialContribution"), '', 'charges'); diff --git a/htdocs/compta/stats/index.php b/htdocs/compta/stats/index.php index 8d2ed89267d..8fef71e5ff8 100644 --- a/htdocs/compta/stats/index.php +++ b/htdocs/compta/stats/index.php @@ -37,8 +37,8 @@ else { $year_end=$year_start + ($nbofyear-1); } -$userid=GETPOST('userid'); -$socid=GETPOST('socid'); +$userid=GETPOST('userid','int'); +$socid=GETPOST('socid','int'); // Security check if ($user->societe_id > 0) $socid = $user->societe_id; if (!$user->rights->compta->resultat->lire && !$user->rights->accounting->comptarapport->lire) accessforbidden(); diff --git a/htdocs/compta/tva/clients.php b/htdocs/compta/tva/clients.php index be5ab8163ab..9aeb55fa505 100644 --- a/htdocs/compta/tva/clients.php +++ b/htdocs/compta/tva/clients.php @@ -78,7 +78,7 @@ $modetax = $conf->global->TAX_MODE; if (isset($_REQUEST["modetax"])) $modetax=$_REQUEST["modetax"]; // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'tax', '', '', 'charges'); diff --git a/htdocs/compta/tva/quadri_detail.php b/htdocs/compta/tva/quadri_detail.php index 62c3a1f052e..7123e828c1d 100644 --- a/htdocs/compta/tva/quadri_detail.php +++ b/htdocs/compta/tva/quadri_detail.php @@ -85,7 +85,7 @@ if (isset($_REQUEST["modetax"])) $modetax=$_REQUEST["modetax"]; if (empty($modetax)) $modetax=0; // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'tax', '', '', 'charges'); diff --git a/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php b/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php index 43278ab3794..2ba3716dc6d 100644 --- a/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php +++ b/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php @@ -32,10 +32,10 @@ echo $this->control->tpl['ajax_selectcountry'];
-"> -"> + diff --git a/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php b/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php index 20e8f544bb4..53531c72d0e 100644 --- a/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php +++ b/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php @@ -17,7 +17,6 @@ */ $contact = $GLOBALS['objcanvas']->control->object; - ?> @@ -98,7 +97,7 @@ dol_htmloutput_errors($this->control->tpl['error'],$this->control->tpl['errors'] control->tpl['nb_emailing']) { ?> - + diff --git a/htdocs/contact/fiche.php b/htdocs/contact/fiche.php index 213980d55a1..d50dd537181 100644 --- a/htdocs/contact/fiche.php +++ b/htdocs/contact/fiche.php @@ -39,10 +39,11 @@ $langs->load("commercial"); $mesg=''; $error=0; $errors=array(); -$action = (GETPOST('action') ? GETPOST('action') : 'view'); -$confirm = GETPOST('confirm'); -$id = GETPOST("id"); -$socid = GETPOST("socid"); +$action = (GETPOST('action','alpha') ? GETPOST('action','alpha') : 'view'); +$confirm = GETPOST('confirm','alpha'); +$backtopage = GETPOST('backtopage','alpha'); +$id = GETPOST('id','int'); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $object = new Contact($db); @@ -76,9 +77,9 @@ $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); if (empty($reshook)) { // Cancel - if (GETPOST("cancel") && GETPOST('backtopage')) + if (GETPOST("cancel") && ! empty($backtopage)) { - header("Location: ".GETPOST('backtopage')); + header("Location: ".$backtopage); exit; } @@ -86,7 +87,7 @@ if (empty($reshook)) if ($action == 'confirm_create_user' && $confirm == 'yes' && $user->rights->user->user->creer) { // Recuperation contact actuel - $result = $object->fetch($_GET["id"]); + $result = $object->fetch($id); if ($result > 0) { @@ -172,7 +173,7 @@ if (empty($reshook)) if (! $error && $id > 0) { $db->commit(); - if (GETPOST('backtopage')) $url=GETPOST('backtopage'); + if (! empty($backtopage)) $url=$backtopage; else $url='fiche.php?id='.$id; Header("Location: ".$url); exit; @@ -248,10 +249,12 @@ if (empty($reshook)) { $object->old_name=''; $object->old_firstname=''; + $action = 'view'; } else { $error=$object->error; $errors=$object->errors; + $action = 'edit'; } } } @@ -276,7 +279,7 @@ if ($socid > 0) $objsoc->fetch($socid); } -if (is_object($objcanvas) && $objcanvas->displayCanvasExists()) +if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // ----------------------------------------- // When used with CANVAS @@ -287,7 +290,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists()) $object->fetch($id); // For use with "pure canvas" (canvas that contains templates only) } $objcanvas->assign_values($action, $id); // Set value for templates - $objcanvas->display_canvas(); // Show template + $objcanvas->display_canvas($action); // Show template } else { @@ -368,7 +371,7 @@ else print ''; print ''; print ''; - print ''; + print ''; print '
'.$langs->trans("CompanyVisited").''; - print $form->select_company(GETPOST("socid"),'socid','',1); + print $form->select_company(GETPOST('socid','int'),'socid','',1); print '
control->tpl['email']; ?> trans("NbOfEMailingsReceived"); ?>control->tpl['nb_emailing']; ?>control->tpl['nb_emailing']; ?>  
'; // Name @@ -389,7 +392,7 @@ else } else { print ''; } } @@ -497,7 +500,7 @@ else print '
'; print ''; - if (GETPOST('backtopage')) + if (! empty($backtopage)) { print '     '; print ''; @@ -537,11 +540,11 @@ else print ''; } - print ''; + print ''; print ''; - print ''; + print ''; print ''; - print ''; + print ''; print ''; print ''; print ''; @@ -561,7 +564,7 @@ else { print '
'; print ''; print ''; } diff --git a/htdocs/contrat/contact.php b/htdocs/contrat/contact.php index df9f6cc6126..158fe53da6c 100644 --- a/htdocs/contrat/contact.php +++ b/htdocs/contrat/contact.php @@ -77,7 +77,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->contrat->creer) if ($_GET["action"] == 'swapstatut' && $user->rights->contrat->creer) { $contrat = new Contrat($db); - if ($contrat->fetch(GETPOST("id"))) + if ($contrat->fetch(GETPOST('id','int'))) { $result=$contrat->swapContactStatus(GETPOST('ligne')); } diff --git a/htdocs/contrat/fiche.php b/htdocs/contrat/fiche.php index 769190bbae4..0714edb72c2 100644 --- a/htdocs/contrat/fiche.php +++ b/htdocs/contrat/fiche.php @@ -41,8 +41,8 @@ $langs->load("bills"); $langs->load("products"); $action=GETPOST('action'); -$socid = GETPOST("socid"); -$contratid = GETPOST("id"); +$socid = GETPOST('socid','int'); +$contratid = GETPOST('id','int'); // Security check if ($user->societe_id) $socid=$user->societe_id; diff --git a/htdocs/contrat/services.php b/htdocs/contrat/services.php index fdcf83dba1f..30e0e81a72c 100644 --- a/htdocs/contrat/services.php +++ b/htdocs/contrat/services.php @@ -48,10 +48,10 @@ $search_nom=GETPOST("search_nom"); $search_contract=GETPOST("search_contract"); $search_service=GETPOST("search_service"); $statut=isset($_GET["statut"])?$_GET["statut"]:1; -$socid=GETPOST("socid"); +$socid=GETPOST('socid','int'); // Security check -$contratid = GETPOST("id"); +$contratid = GETPOST('id','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'contrat',$contratid,''); diff --git a/htdocs/core/ajax/loadinplace.php b/htdocs/core/ajax/loadinplace.php index 17c909b9c3f..4e70f4a5a92 100644 --- a/htdocs/core/ajax/loadinplace.php +++ b/htdocs/core/ajax/loadinplace.php @@ -54,7 +54,7 @@ if((isset($_GET['field']) && ! empty($_GET['field'])) $type = GETPOST('type'); $loadmethod = (GETPOST('loadmethod') ? GETPOST('loadmethod') : 'getValueFrom'); - if (preg_match('/^([^_]+)_([^_]+)/i',$element,$regs)) + if ($element != 'order_supplier' && $element != 'invoice_supplier' && preg_match('/^([^_]+)_([^_]+)/i',$element,$regs)) { $element = $regs[1]; $subelement = $regs[2]; @@ -62,9 +62,17 @@ if((isset($_GET['field']) && ! empty($_GET['field'])) if ($element == 'propal') $element = 'propale'; else if ($element == 'fichinter') $element = 'ficheinter'; + else if ($element == 'order_supplier') { + $element = 'fournisseur'; + $subelement = 'commande'; + } + else if ($element == 'invoice_supplier') { + $element = 'fournisseur'; + $subelement = 'facture'; + } if ($user->rights->$element->lire || $user->rights->$element->read - || $user->rights->$element->$subelement->lire || $user->rights->$element->$subelement->read + || (isset($subelement) && ($user->rights->$element->$subelement->lire || $user->rights->$element->$subelement->read)) || ($element == 'payment' && $user->rights->facture->lire) || ($element == 'payment_supplier' && $user->rights->fournisseur->facture->lire)) { diff --git a/htdocs/core/ajax/saveinplace.php b/htdocs/core/ajax/saveinplace.php index fb80c1bd7fb..7462e66283b 100644 --- a/htdocs/core/ajax/saveinplace.php +++ b/htdocs/core/ajax/saveinplace.php @@ -61,7 +61,7 @@ if((isset($_POST['field']) && ! empty($_POST['field'])) $return=array(); $error=0; - if (preg_match('/^([^_]+)_([^_]+)/i',$element,$regs)) + if ($element != 'order_supplier' && $element != 'invoice_supplier' && preg_match('/^([^_]+)_([^_]+)/i',$element,$regs)) { $element = $regs[1]; $subelement = $regs[2]; @@ -69,9 +69,17 @@ if((isset($_POST['field']) && ! empty($_POST['field'])) if ($element == 'propal') $element = 'propale'; else if ($element == 'fichinter') $element = 'ficheinter'; + else if ($element == 'order_supplier') { + $element = 'fournisseur'; + $subelement = 'commande'; + } + else if ($element == 'invoice_supplier') { + $element = 'fournisseur'; + $subelement = 'facture'; + } if ($user->rights->$element->creer || $user->rights->$element->write - || $user->rights->$element->$subelement->creer || $user->rights->$element->$subelement->write + || (isset($subelement) && ($user->rights->$element->$subelement->creer || $user->rights->$element->$subelement->write)) || ($element == 'payment' && $user->rights->facture->paiement) || ($element == 'payment_supplier' && $user->rights->fournisseur->facture->creer)) { diff --git a/htdocs/core/class/canvas.class.php b/htdocs/core/class/canvas.class.php index a2b88dc7572..6caf410ee85 100644 --- a/htdocs/core/class/canvas.class.php +++ b/htdocs/core/class/canvas.class.php @@ -50,9 +50,9 @@ class Canvas * @param DoliDB $DB Database handler * @param string $actiontype Action type ('create', 'view', 'edit', 'list') */ - function __construct($DB, $actiontype='view') + function __construct($db, $actiontype='view') { - $this->db = $DB; + $this->db = $db; $this->actiontype = $actiontype; if ($this->actiontype == 'add') $this->actiontype='create'; @@ -128,11 +128,11 @@ class Canvas * * @return int 0=Canvas template file does not exist, 1=Canvas template file exists */ - function displayCanvasExists() - { + function displayCanvasExists($action) + { if (empty($this->template_dir)) return 0; - //print $this->template_dir.($this->card?$this->card.'_':'').$this->actiontype.'.tpl.php'; - if (file_exists($this->template_dir.($this->card?$this->card.'_':'').$this->actiontype.'.tpl.php')) return 1; + + if (file_exists($this->template_dir.($this->card?$this->card.'_':'').$this->action.'.tpl.php')) return 1; else return 0; } @@ -142,12 +142,12 @@ class Canvas * * @return void */ - function display_canvas() + function display_canvas($action) { global $db, $conf, $langs, $user, $canvas; global $form, $formfile; - include($this->template_dir.($this->card?$this->card.'_':'').$this->actiontype.'.tpl.php'); // Include native PHP template + include($this->template_dir.($this->card?$this->card.'_':'').$this->action.'.tpl.php'); // Include native PHP template } diff --git a/htdocs/core/class/conf.class.php b/htdocs/core/class/conf.class.php index 6fb47d6100f..84b49901ce8 100644 --- a/htdocs/core/class/conf.class.php +++ b/htdocs/core/class/conf.class.php @@ -161,7 +161,7 @@ class Conf $partname = strtolower($reg[2]); $varname = $partname.'_modules'; if (! is_array($this->$varname)) { $this->$varname = array(); } - $arrValue = unserialize($value); + $arrValue = @unserialize($value); if (is_array($arrValue) && ! empty($arrValue)) $value = $arrValue; else $value = ($value == 1 ? '/'.$modulename.'/core/'.$partname.'/' : $value); $this->$varname = array_merge($this->$varname, array($modulename => $value)); diff --git a/htdocs/core/class/html.formcompany.class.php b/htdocs/core/class/html.formcompany.class.php index c0adef92519..1f81f385944 100644 --- a/htdocs/core/class/html.formcompany.class.php +++ b/htdocs/core/class/html.formcompany.class.php @@ -528,7 +528,7 @@ class FormCompany } } $sql.= " ORDER BY nom ASC"; - + $resql = $this->db->query($sql); if ($resql) { @@ -669,7 +669,7 @@ class FormCompany { global $conf,$langs; - $formlength=24; + $formlength=0; if ($country_code == 'FR' && empty($conf->global->MAIN_DISABLEPROFIDRULES)) { if ($idprof==1) $formlength=9; @@ -691,7 +691,10 @@ class FormCompany if (! $selected && $idprof==3) $selected=$this->idprof3; if (! $selected && $idprof==4) $selected=$this->idprof4; - $out = ''; + $maxlength=$formlength; + if (empty($formlength)) { $formlength=24; $maxlength=128; } + + $out = ''; return $out; } diff --git a/htdocs/core/class/html.formother.class.php b/htdocs/core/class/html.formother.class.php index 3ecce003beb..c1640110553 100644 --- a/htdocs/core/class/html.formother.class.php +++ b/htdocs/core/class/html.formother.class.php @@ -37,355 +37,436 @@ */ class FormOther { - var $db; - var $error; + var $db; + var $error; - /** - * Constructor - * - * @param DoliDB $db Database handler - */ - function FormOther($db) - { - $this->db = $db; + /** + * Constructor + * + * @param DoliDB $db Database handler + */ + function FormOther($db) + { + $this->db = $db; - return 1; - } + return 1; + } - /** + /** * Return HTML select list of export models * - * @param string $selected Id modele pre-selectionne - * @param string $htmlname Nom de la zone select - * @param string $type Type des modeles recherches - * @param int $useempty Affiche valeur vide dans liste - * @return void - */ - function select_export_model($selected='',$htmlname='exportmodelid',$type='',$useempty=0) - { - $sql = "SELECT rowid, label"; - $sql.= " FROM ".MAIN_DB_PREFIX."export_model"; - $sql.= " WHERE type = '".$type."'"; - $sql.= " ORDER BY rowid"; - $result = $this->db->query($sql); - if ($result) - { - print ''; + if ($useempty) + { + print ''; + } - $num = $this->db->num_rows($result); - $i = 0; - while ($i < $num) - { - $obj = $this->db->fetch_object($result); - if ($selected == $obj->rowid) - { - print ''; - $i++; - } - print ""; - } - else { - dol_print_error($this->db); - } - } + $num = $this->db->num_rows($result); + $i = 0; + while ($i < $num) + { + $obj = $this->db->fetch_object($result); + if ($selected == $obj->rowid) + { + print ''; + $i++; + } + print ""; + } + else { + dol_print_error($this->db); + } + } - /** + /** * Return list of export models * - * @param string $selected Id modele pre-selectionne - * @param string $htmlname Nom de la zone select - * @param string $type Type des modeles recherches - * @param int $useempty Affiche valeur vide dans liste - * @return void - */ - function select_import_model($selected='',$htmlname='importmodelid',$type='',$useempty=0) - { - $sql = "SELECT rowid, label"; - $sql.= " FROM ".MAIN_DB_PREFIX."import_model"; - $sql.= " WHERE type = '".$type."'"; - $sql.= " ORDER BY rowid"; - $result = $this->db->query($sql); - if ($result) - { - print ''; + if ($useempty) + { + print ''; + } - $num = $this->db->num_rows($result); - $i = 0; - while ($i < $num) - { - $obj = $this->db->fetch_object($result); - if ($selected == $obj->rowid) - { - print ''; - $i++; - } - print ""; - } - else { - dol_print_error($this->db); - } - } + $num = $this->db->num_rows($result); + $i = 0; + while ($i < $num) + { + $obj = $this->db->fetch_object($result); + if ($selected == $obj->rowid) + { + print ''; + $i++; + } + print ""; + } + else { + dol_print_error($this->db); + } + } - /** - * Retourne la liste des ecotaxes avec tooltip sur le libelle - * - * @param string $selected code ecotaxes pre-selectionne - * @param string $htmlname nom de la liste deroulante - * @return void - */ - function select_ecotaxes($selected='',$htmlname='ecotaxe_id') - { - global $langs; + /** + * Retourne la liste des ecotaxes avec tooltip sur le libelle + * + * @param string $selected code ecotaxes pre-selectionne + * @param string $htmlname nom de la liste deroulante + * @return void + */ + function select_ecotaxes($selected='',$htmlname='ecotaxe_id') + { + global $langs; - $sql = "SELECT e.rowid, e.code, e.libelle, e.price, e.organization,"; - $sql.= " p.libelle as pays"; - $sql.= " FROM ".MAIN_DB_PREFIX."c_ecotaxe as e,".MAIN_DB_PREFIX."c_pays as p"; - $sql.= " WHERE e.active = 1 AND e.fk_pays = p.rowid"; - $sql.= " ORDER BY pays, e.organization ASC, e.code ASC"; + $sql = "SELECT e.rowid, e.code, e.libelle, e.price, e.organization,"; + $sql.= " p.libelle as pays"; + $sql.= " FROM ".MAIN_DB_PREFIX."c_ecotaxe as e,".MAIN_DB_PREFIX."c_pays as p"; + $sql.= " WHERE e.active = 1 AND e.fk_pays = p.rowid"; + $sql.= " ORDER BY pays, e.organization ASC, e.code ASC"; $resql=$this->db->query($sql); - if ($resql) - { - print ''; - return 0; - } - else - { - dol_print_error($this->db); - return 1; - } - } + if ($resql) + { + print ''; + return 0; + } + else + { + dol_print_error($this->db); + return 1; + } + } - /** - * Return a HTML select list to select a percent - * - * @param string $selected pourcentage pre-selectionne - * @param string $htmlname nom de la liste deroulante - * @param int $increment increment value - * @param int $start start value - * @param int $end end value - * @return string HTML select string - */ - function select_percent($selected=0,$htmlname='percent',$disabled=0,$increment=5,$start=0,$end=100) - { - $return = ''; - for ($i = $start ; $i <= $end ; $i += $increment) - { - if ($selected == $i) - { - $return.= ''; - } + for ($i = $start ; $i <= $end ; $i += $increment) + { + if ($selected == $i) + { + $return.= ''; + } - $return.= ''; + $return.= ''; - return $return; - } + return $return; + } - /** - * Return select list for categories (to use in form search selectors) - * - * @param int $type Type of categories (0=product, 1=suppliers, 2=customers, 3=members) - * @param string $selected Preselected value - * @param string $htmlname Name of combo list - * @return string Html combo list code - */ - function select_categories($type,$selected=0,$htmlname='search_categ') - { - global $langs; - require_once(DOL_DOCUMENT_ROOT."/categories/class/categorie.class.php"); + /** + * Return select list for categories (to use in form search selectors) + * + * @param int $type Type of categories (0=product, 1=suppliers, 2=customers, 3=members) + * @param string $selected Preselected value + * @param string $htmlname Name of combo list + * @return string Html combo list code + */ + function select_categories($type,$selected=0,$htmlname='search_categ') + { + global $langs; + require_once(DOL_DOCUMENT_ROOT."/categories/class/categorie.class.php"); - // Load list of "categories" - $static_categs = new Categorie($this->db); - $tab_categs = $static_categs->get_full_arbo($type); + // Load list of "categories" + $static_categs = new Categorie($this->db); + $tab_categs = $static_categs->get_full_arbo($type); - // Print a select with each of them - $moreforfilter =''; + $moreforfilter.=''; - if (is_array($tab_categs)) - { - foreach ($tab_categs as $categ) - { - $moreforfilter.=''; - // Get list of users allowed to be viewed - $sql_usr = "SELECT u.rowid, u.name as name, u.firstname, u.login"; - $sql_usr.= " FROM ".MAIN_DB_PREFIX."user as u"; - $sql_usr.= " WHERE u.entity IN (0,".$conf->entity.")"; - if (empty($user->rights->user->user->lire)) $sql_usr.=" AND u.fk_societe = ".($user->societe_id?$user->societe_id:0); + // Get list of users allowed to be viewed + $sql_usr = "SELECT u.rowid, u.name as name, u.firstname, u.login"; + $sql_usr.= " FROM ".MAIN_DB_PREFIX."user as u"; + $sql_usr.= " WHERE u.entity IN (0,".$conf->entity.")"; + if (empty($user->rights->user->user->lire)) $sql_usr.=" AND u.fk_societe = ".($user->societe_id?$user->societe_id:0); // Add existing sales representatives of company - if (empty($user->rights->user->user->lire) && $user->societe_id) - { + if (empty($user->rights->user->user->lire) && $user->societe_id) + { $sql_usr.=" UNION "; $sql_usr.= "SELECT u2.rowid, u2.name as name, u2.firstname, u2.login"; $sql_usr.= " FROM ".MAIN_DB_PREFIX."user as u2, ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql_usr.= " WHERE u2.entity IN (0,".$conf->entity.")"; $sql_usr.= " AND u2.rowid = sc.fk_user AND sc.fk_soc=".$user->societe_id; - } + } $sql_usr.= " ORDER BY name ASC"; //print $sql_usr;exit; $resql_usr = $this->db->query($sql_usr); - if ($resql_usr) - { - while ($obj_usr = $this->db->fetch_object($resql_usr)) - { - $moreforfilter.=''; - } - $this->db->free($resql_usr); - } - else - { - dol_print_error($this->db); - } - $moreforfilter.=''; + $moreforfilter.='>'; + $moreforfilter.=$obj_usr->firstname." ".$obj_usr->name." (".$obj_usr->login.')'; + $moreforfilter.=''; + } + $this->db->free($resql_usr); + } + else + { + dol_print_error($this->db); + } + $moreforfilter.=''; - return $moreforfilter; - } + return $moreforfilter; + } - /** - * Return list of project and tasks - * - * @param int $selectedtask Pre-selected task - * @param int $projectid Project id - * @param string $htmlname Name of html select - * @param int $modeproject 1 to restrict on projects owned by user - * @param int $modetask 1 to restrict on tasks associated to user - * @param int $mode 0=Return list of tasks and their projects, 1=Return projects and tasks if exists - * @param int $useempty 0=Allow empty values - * @return void - */ - function selectProjectTasks($selectedtask='', $projectid=0, $htmlname='task_parent', $modeproject=0, $modetask=0, $mode=0, $useempty=0) - { - global $user, $langs; + /** + * Return list of project and tasks + * + * @param int $selectedtask Pre-selected task + * @param int $projectid Project id + * @param string $htmlname Name of html select + * @param int $modeproject 1 to restrict on projects owned by user + * @param int $modetask 1 to restrict on tasks associated to user + * @param int $mode 0=Return list of tasks and their projects, 1=Return projects and tasks if exists + * @param int $useempty 0=Allow empty values + * @return void + */ + function selectProjectTasks($selectedtask='', $projectid=0, $htmlname='task_parent', $modeproject=0, $modetask=0, $mode=0, $useempty=0) + { + global $user, $langs; - require_once(DOL_DOCUMENT_ROOT."/projet/class/task.class.php"); + require_once(DOL_DOCUMENT_ROOT."/projet/class/task.class.php"); - //print $modeproject.'-'.$modetask; - $task=new Task($this->db); - $tasksarray=$task->getTasksArray($modetask?$user:0, $modeproject?$user:0, $projectid, 0, $mode); - if ($tasksarray) - { - print ''; - } - else - { - print '
'.$langs->trans("NoProject").'
'; - } - } + //print $modeproject.'-'.$modetask; + $task=new Task($this->db); + $tasksarray=$task->getTasksArray($modetask?$user:0, $modeproject?$user:0, $projectid, 0, $mode); + if ($tasksarray) + { + print ''; + } + else + { + print '
'.$langs->trans("NoProject").'
'; + } + } + /** + * Write all lines of a project (if parent = 0) + * + * @param int &$inc Cursor counter + * @param int $parent Id parent + * @param Object $lines Line object + * @param int $level Level + * @param int $selectedtask Id selected task + * @param int $selectedproject Id selected project + * @return void + */ + private function _pLineSelect(&$inc, $parent, $lines, $level=0, $selectedtask=0, $selectedproject=0) + { + global $langs, $user, $conf; - /** - * Output a HTML code to select a color - * - * @param string $set_color Pre-selected color - * @param string $prefix Name of HTML field - * @param string $form_name Name of form - * @param int $showcolorbox 1=Show color code and color box, 0=Show only color code - * @param array $arrayofcolors Array of colors. Example: array('29527A','5229A3','A32929','7A367A','B1365F','0D7813') - * @return void - */ - function select_color($set_color='', $prefix='f_color', $form_name='objForm', $showcolorbox=1, $arrayofcolors='') - { - global $langs; - if (! is_array($arrayofcolors) || count($arrayofcolors) < 1) - { - $langs->load("other"); - print ''; + $lastprojectid=0; + + $numlines=count($lines); + for ($i = 0 ; $i < $numlines ; $i++) + { + if ($lines[$i]->fk_parent == $parent) + { + $var = !$var; + + // Break on a new project + if ($parent == 0) + { + if ($lines[$i]->fk_project != $lastprojectid) + { + if ($i > 0 && $conf->browser->firefox) print ''; + print '\n"; + + $lastprojectid=$lines[$i]->fk_project; + $inc++; + } + } + + // Print task + if ($lines[$i]->id > 0) + { + print '\n"; + $inc++; + } + + $level++; + if ($lines[$i]->id) $this->_pLineSelect($inc, $lines[$i]->id, $lines, $level, $selectedtask, $selectedproject); + $level--; + } + } + } + + /** + * Output a HTML code to select a color + * + * @param string $set_color Pre-selected color + * @param string $prefix Name of HTML field + * @param string $form_name Name of form + * @param int $showcolorbox 1=Show color code and color box, 0=Show only color code + * @param array $arrayofcolors Array of colors. Example: array('29527A','5229A3','A32929','7A367A','B1365F','0D7813') + * @return void + */ + function select_color($set_color='', $prefix='f_color', $form_name='objForm', $showcolorbox=1, $arrayofcolors='') + { + global $langs; + if (! is_array($arrayofcolors) || count($arrayofcolors) < 1) + { + $langs->load("other"); + print ''; print ''; print ''; print ''; - } - else // In most cases, this is not used. We used instead function with no specific list of colors - { + } + else // In most cases, this is not used. We used instead function with no specific list of colors + { print ''; print ''; - print ''; - print ''; - } - } + print ''; + } + } - /** - * Creation d'un icone de couleur - * - * @param string $color Couleur de l'image - * @param string $module Nom du module - * @param string $name Nom de l'image - * @param int $x Largeur de l'image en pixels - * @param int $y Hauteur de l'image en pixels - */ - function CreateColorIcon($color,$module,$name,$x='12',$y='12') - { - global $conf; + /** + * Creation d'un icone de couleur + * + * @param string $color Couleur de l'image + * @param string $module Nom du module + * @param string $name Nom de l'image + * @param int $x Largeur de l'image en pixels + * @param int $y Hauteur de l'image en pixels + * @return void + */ + function CreateColorIcon($color,$module,$name,$x='12',$y='12') + { + global $conf; - $file = $conf->$module->dir_temp.'/'.$name.'.png'; + $file = $conf->$module->dir_temp.'/'.$name.'.png'; - // On cree le repertoire contenant les icones - if (! file_exists($conf->$module->dir_temp)) - { - dol_mkdir($conf->$module->dir_temp); - } + // On cree le repertoire contenant les icones + if (! file_exists($conf->$module->dir_temp)) + { + dol_mkdir($conf->$module->dir_temp); + } - // On cree l'image en vraies couleurs - $image = imagecreatetruecolor($x,$y); + // On cree l'image en vraies couleurs + $image = imagecreatetruecolor($x,$y); - $color = substr($color,1,6); + $color = substr($color,1,6); - $rouge = hexdec(substr($color,0,2)); //conversion du canal rouge - $vert = hexdec(substr($color,2,2)); //conversion du canal vert - $bleu = hexdec(substr($color,4,2)); //conversion du canal bleu + $rouge = hexdec(substr($color,0,2)); //conversion du canal rouge + $vert = hexdec(substr($color,2,2)); //conversion du canal vert + $bleu = hexdec(substr($color,4,2)); //conversion du canal bleu - $couleur = imagecolorallocate($image,$rouge,$vert,$bleu); - //print $rouge.$vert.$bleu; - imagefill($image,0,0,$couleur); //on remplit l'image - // On cree la couleur et on l'attribue a une variable pour ne pas la perdre - ImagePng($image,$file); //renvoie une image sous format png - ImageDestroy($image); - } + $couleur = imagecolorallocate($image,$rouge,$vert,$bleu); + //print $rouge.$vert.$bleu; + imagefill($image,0,0,$couleur); //on remplit l'image + // On cree la couleur et on l'attribue a une variable pour ne pas la perdre + ImagePng($image,$file); //renvoie une image sous format png + ImageDestroy($image); + } /** * Return HTML combo list of week @@ -541,7 +623,7 @@ class FormOther */ function select_month($selected='',$htmlname='monthid',$useempty=0) { - global $langs; + global $langs; require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php"); @@ -569,36 +651,42 @@ class FormOther } /** - * Return HTML combo list of years + * Return HTML combo list of years * - * @param string $selected Preselected value (''=current year, -1=none, year otherwise) - * @param string $htmlname Name of HTML select object - * @param int $useempty Affiche valeur vide dans liste - * @param int $min_year Offset of minimum year into list (by default current year -10) - * @param int $max_year Offset of maximum year into list (by default current year + 5) - * @return void + * @param string $selected Preselected value (''=current year, -1=none, year otherwise) + * @param string $htmlname Name of HTML select object + * @param int $useempty Affiche valeur vide dans liste + * @param int $min_year Offset of minimum year into list (by default current year -10) + * @param int $max_year Offset of maximum year into list (by default current year + 5) + * @param int $offset Offset + * @param int $invert Invert + * @param string $option Option + * @return void */ - function select_year($selected='',$htmlname='yearid',$useempty=0, $min_year=10, $max_year=5, $offset=0, $invert=0, $option='') + function select_year($selected='',$htmlname='yearid',$useempty=0, $min_year=10, $max_year=5, $offset=0, $invert=0, $option='') { - print $this->selectyear($selected,$htmlname,$useempty,$min_year,$max_year,$offset,$invert,$option); + print $this->selectyear($selected,$htmlname,$useempty,$min_year,$max_year,$offset,$invert,$option); } /** - * Return HTML combo list of years + * Return HTML combo list of years * - * @param string $selected Preselected value (''=current year, -1=none, year otherwise) - * @param string $htmlname Name of HTML select object - * @param int $useempty Affiche valeur vide dans liste - * @param int $min_year Offset of minimum year into list (by default current year -10) - * @param int $max_year Offset of maximum year into list (by default current year + 5) - * @return void + * @param string $selected Preselected value (''=current year, -1=none, year otherwise) + * @param string $htmlname Name of HTML select object + * @param int $useempty Affiche valeur vide dans liste + * @param int $min_year Offset of minimum year into list (by default current year -10) + * @param int $max_year Offset of maximum year into list (by default current year + 5) + * @param int $offset Offset + * @param int $invert Invert + * @param string $option Option + * @return void */ - function selectyear($selected='',$htmlname='yearid',$useempty=0, $min_year=10, $max_year=5, $offset=0, $invert=0, $option='') + function selectyear($selected='',$htmlname='yearid',$useempty=0, $min_year=10, $max_year=5, $offset=0, $invert=0, $option='') { - $out=''; + $out=''; $currentyear = date("Y")+$offset; - $max_year = $currentyear+$max_year; + $max_year = $currentyear+$max_year; $min_year = $currentyear-$min_year; if(empty($selected)) $selected = $currentyear; @@ -610,154 +698,70 @@ class FormOther } if (! $invert) { - for ($y = $max_year; $y >= $min_year; $y--) - { - $selected_html=''; - if ($selected > 0 && $y == $selected) $selected_html = ' selected="selected"'; - $out.= ''; - } + for ($y = $max_year; $y >= $min_year; $y--) + { + $selected_html=''; + if ($selected > 0 && $y == $selected) $selected_html = ' selected="selected"'; + $out.= ''; + } } else { - for ($y = $min_year; $y <= $max_year; $y++) - { - $selected_html=''; - if ($selected > 0 && $y == $selected) $selected_html = ' selected="selected"'; - $out.= ''; - } + for ($y = $min_year; $y <= $max_year; $y++) + { + $selected_html=''; + if ($selected > 0 && $y == $selected) $selected_html = ' selected="selected"'; + $out.= ''; + } } $out.= "\n"; return $out; } -} - - -/** - * Write all lines of a project (if parent = 0) - * - * @param int &$inc Cursor counter - * @param int $parent Id parent - * @param Object $lines Line object - * @param int $level Level - * @param int $selectedtask Id selected task - * @param int $selectedproject Id selected project - * @return void - */ -function PLineSelect(&$inc, $parent, $lines, $level=0, $selectedtask=0, $selectedproject=0) -{ - global $langs, $user, $conf; - - $lastprojectid=0; - - $numlines=count($lines); - for ($i = 0 ; $i < $numlines ; $i++) - { - if ($lines[$i]->fk_parent == $parent) - { - $var = !$var; - - // Break on a new project - if ($parent == 0) - { - if ($lines[$i]->fk_project != $lastprojectid) - { - if ($i > 0 && $conf->browser->firefox) print ''; - print '\n"; - - $lastprojectid=$lines[$i]->fk_project; - $inc++; - } - } - - // Print task - if ($lines[$i]->id > 0) - { - print '\n"; - $inc++; - } - - $level++; - if ($lines[$i]->id) PLineSelect($inc, $lines[$i]->id, $lines, $level, $selectedtask, $selectedproject); - $level--; - } - } - - - /** - * Show form to select addresse - * - * @param int $page Page - * @param string $selected Id condition pre-selectionne - * @param string $htmlname Nom du formulaire select - * @param string $origin Origine de l'appel pour pouvoir creer un retour - * @param int $originid Id de l'origine - * @return void - * @deprecated - */ - function form_address($page, $selected='', $socid, $htmlname='address_id', $origin='', $originid='') - { - global $langs,$conf; - if ($htmlname != "none") - { - print ''; - print ''; - print ''; - print '
'.$langs->trans("Company").''; - print $form->select_company(GETPOST("socid"),'socid','',1); + print $form->select_company(GETPOST('socid','int'),'socid','',1); print '
'.$langs->trans("Company").''; - print $form->select_company(GETPOST("socid")?GETPOST("socid"):($object->socid?$object->socid:-1),'socid','',1); + print $form->select_company(GETPOST('socid','int')?GETPOST('socid','int'):($object->socid?$object->socid:-1),'socid','',1); print '
'; - print ''; - print '
'; - $this->select_address($selected, $socid, $htmlname, 1); - print ''; - $langs->load("companies"); - print '   '.$langs->trans("AddAddress").''; - print '
'; - } - else - { - if ($selected) - { - require_once(DOL_DOCUMENT_ROOT ."/societe/class/address.class.php"); - $address=new Address($this->db); - $result=$address->fetch_address($selected); - print ''.$address->label.''; - } - else - { - print " "; - } - } - } + /** + * Show form to select addresse + * + * @param int $page Page + * @param string $selected Id condition pre-selectionne + * @param int $socid Id of third party + * @param string $htmlname Nom du formulaire select + * @param string $origin Origine de l'appel pour pouvoir creer un retour + * @param int $originid Id de l'origine + * @return void + */ + function form_address($page, $selected, $socid, $htmlname='address_id', $origin='', $originid='') + { + global $langs,$conf; + if ($htmlname != "none") + { + print '
'; + print ''; + print ''; + print ''; + print ''; + print '
'; + $this->select_address($selected, $socid, $htmlname, 1); + print ''; + $langs->load("companies"); + print '   '.$langs->trans("AddAddress").''; + print '
'; + } + else + { + if ($selected) + { + require_once(DOL_DOCUMENT_ROOT ."/societe/class/address.class.php"); + $address=new Address($this->db); + $result=$address->fetch_address($selected); + print ''.$address->label.''; + } + else + { + print " "; + } + } + } } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 07535a8adec..90167a94b87 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -249,15 +249,21 @@ function GETPOST($paramname,$check='',$method=0) elseif ($method==1) $out = isset($_GET[$paramname])?$_GET[$paramname]:''; elseif ($method==2) $out = isset($_POST[$paramname])?$_POST[$paramname]:''; elseif ($method==3) $out = isset($_POST[$paramname])?$_POST[$paramname]:(isset($_GET[$paramname])?$_GET[$paramname]:''); + else return 'BadParameter'; if (! empty($check)) { + $out=trim($out); // Check if numeric - if ($check == 'int' && ! preg_match('/^[-\.,0-9]+$/i',trim($out))) $out=''; + if ($check == 'int' && ! preg_match('/^[-\.,0-9]+$/i',$out)) $out=''; // Check if alpha - //if ($check == 'alpha' && ! preg_match('/^[ =:@#\/\\\(\)\-\._a-z0-9]+$/i',trim($out))) $out=''; - // '"' is dangerous because param in url can close the href= or src= and add javascript functions. - if ($check == 'alpha' && preg_match('/"/',trim($out))) $out=''; + elseif ($check == 'alpha') + { + // '"' is dangerous because param in url can close the href= or src= and add javascript functions. + // '../' is dangerous because it allows dir transversals + if (preg_match('/"/',$out)) $out=''; + else if (preg_match('/\.\.\//',$out)) $out=''; + } } return $out; @@ -3405,7 +3411,7 @@ function dol_textishtml($msg,$option=0) * @param string $chaine Source string in which we must do substitution * @param array $substitutionarray Array with key->val to substitute * @return string Output string after subsitutions - * @see make_substitutions + * @see complete_substitutions_array */ function make_substitutions($chaine,$substitutionarray) { diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php index 338efbb5e80..10846f14e16 100644 --- a/htdocs/core/lib/security2.lib.php +++ b/htdocs/core/lib/security2.lib.php @@ -209,7 +209,7 @@ function dol_loginfunction($langs,$conf,$mysoc) $sessiontimeout='DOLSESSTIMEOUT_'.$prefix; if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", '', 0); - if (GETPOST("urlfrom")) $_SESSION["urlfrom"]=GETPOST("urlfrom"); + if (GETPOST('urlfrom','alpha')) $_SESSION["urlfrom"]=GETPOST('urlfrom','alpha'); else unset($_SESSION["urlfrom"]); if (! GETPOST("username")) $focus_element='username'; diff --git a/htdocs/core/modules/DolibarrModules.class.php b/htdocs/core/modules/DolibarrModules.class.php index 8137f6151f6..ffb90f0ec9a 100644 --- a/htdocs/core/modules/DolibarrModules.class.php +++ b/htdocs/core/modules/DolibarrModules.class.php @@ -35,7 +35,7 @@ abstract class DolibarrModules //! Database handler var $db; //! Relative path to module style sheet - var $style_sheet = ''; + var $style_sheet = ''; // deprecated //! Path to create when module activated var $dirs = array(); //! Tableau des boites @@ -46,6 +46,8 @@ abstract class DolibarrModules var $rights; //! Tableau des menus var $menu=array(); + //! Module parts array + var $module_parts=array(); //! Tableau des documents ??? var $docs; diff --git a/htdocs/core/modules/commande/doc/doc_generic_order_odt.modules.php b/htdocs/core/modules/commande/doc/doc_generic_order_odt.modules.php index a124b6a5f35..667971d4b86 100644 --- a/htdocs/core/modules/commande/doc/doc_generic_order_odt.modules.php +++ b/htdocs/core/modules/commande/doc/doc_generic_order_odt.modules.php @@ -129,7 +129,7 @@ class doc_generic_order_odt extends ModelePDFCommandes global $conf; return array( - 'line_fulldesc'=>doc_getlinedesc($line), + 'line_fulldesc'=>doc_getlinedesc($line,$outputlangs), 'line_product_ref'=>$line->product_ref, 'line_product_label'=>$line->product_label, 'line_desc'=>$line->desc, diff --git a/htdocs/core/modules/commande/doc/pdf_edison.modules.php b/htdocs/core/modules/commande/doc/pdf_edison.modules.php index 6c802f673f3..ed649b24c62 100644 --- a/htdocs/core/modules/commande/doc/pdf_edison.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_edison.modules.php @@ -148,6 +148,12 @@ class pdf_edison extends ModelePDFCommandes $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; @@ -165,6 +171,7 @@ class pdf_edison extends ModelePDFCommandes // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -240,6 +247,7 @@ class pdf_edison extends ModelePDFCommandes // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 0, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -611,7 +619,7 @@ class pdf_edison extends ModelePDFCommandes $pdf->SetFont('','', $default_font_size - 2); $pdf->SetXY($posx+2,$posy-5); $pdf->MultiCell(80,5, $outputlangs->transnoentities("BillTo").":",0,'L'); - $pdf->rect($posx, $posy, 100, $hautcadre); + $pdf->Rect($posx, $posy, 100, $hautcadre); // Show recipient name $pdf->SetXY($posx+2,$posy+3); @@ -620,7 +628,7 @@ class pdf_edison extends ModelePDFCommandes // Show recipient information $pdf->SetFont('','', $default_font_size - 1); - $pdf->SetXY($posx+2,$posy+8); + $pdf->SetXY($posx+2,$posy+4+(dol_nboflines_bis($carac_client_name,50)*4)); $pdf->MultiCell(86,4, $carac_client, 0, 'L'); } diff --git a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php index e3b43203cf6..67794b02c91 100644 --- a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php @@ -185,6 +185,12 @@ class pdf_einstein extends ModelePDFCommandes $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; @@ -211,6 +217,7 @@ class pdf_einstein extends ModelePDFCommandes // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -356,6 +363,7 @@ class pdf_einstein extends ModelePDFCommandes // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 0, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -982,7 +990,7 @@ class pdf_einstein extends ModelePDFCommandes $pdf->SetFont('','', $default_font_size - 2); $pdf->SetXY($posx+2,$posy-5); $pdf->MultiCell(80,5, $outputlangs->transnoentities("BillTo").":",0,'L'); - $pdf->rect($posx, $posy, 100, $hautcadre); + $pdf->Rect($posx, $posy, 100, $hautcadre); // Show recipient name $pdf->SetXY($posx+2,$posy+3); @@ -991,7 +999,7 @@ class pdf_einstein extends ModelePDFCommandes // Show recipient information $pdf->SetFont('','', $default_font_size - 1); - $pdf->SetXY($posx+2,$posy+8); + $pdf->SetXY($posx+2,$posy+4+(dol_nboflines_bis($carac_client_name,50)*4)); $pdf->MultiCell(86,4, $carac_client, 0, 'L'); } } diff --git a/htdocs/core/modules/expedition/doc/pdf_expedition_merou.modules.php b/htdocs/core/modules/expedition/doc/pdf_expedition_merou.modules.php index dd0878f55b8..eca5df7abd3 100644 --- a/htdocs/core/modules/expedition/doc/pdf_expedition_merou.modules.php +++ b/htdocs/core/modules/expedition/doc/pdf_expedition_merou.modules.php @@ -42,7 +42,7 @@ Class pdf_expedition_merou extends ModelePdfExpedition /** * Constructor * - * @param DoliDB $DB Database handler + * @param DoliDB $db Database handler */ function pdf_expedition_merou($db=0) { @@ -72,10 +72,11 @@ Class pdf_expedition_merou extends ModelePdfExpedition /** - * \brief Fonction generant le document sur le disque - * \param object Objet expedition a generer (ou id si ancienne methode) - * \param outputlangs Lang output object - * \return int 1=ok, 0=ko + * Fonction generant le document sur le disque + * + * @param object Objet expedition a generer (ou id si ancienne methode) + * @param outputlangs Lang output object + * @return int 1=ok, 0=ko */ function write_file(&$object, $outputlangs) { @@ -154,6 +155,12 @@ Class pdf_expedition_merou extends ModelePdfExpedition $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; @@ -200,8 +207,8 @@ Class pdf_expedition_merou extends ModelePdfExpedition // Description de la ligne produit //Creation des cases a cocher - $pdf->rect(10+3, $curY+1, 3, 3); - $pdf->rect(20+3, $curY+1, 3, 3); + $pdf->Rect(10+3, $curY+1, 3, 3); + $pdf->Rect(20+3, $curY+1, 3, 3); //Insertion de la reference du produit $pdf->SetXY(30, $curY+1 ); $pdf->SetFont('','B', $default_font_size - 3); @@ -400,7 +407,7 @@ Class pdf_expedition_merou extends ModelePdfExpedition //Num Expedition $Yoff = $Yoff+7; $Xoff = 142; - //$pdf->rect($Xoff, $Yoff, 85, 8); + //$pdf->Rect($Xoff, $Yoff, 85, 8); $pdf->SetXY($Xoff,$Yoff); $pdf->SetFont('','', $default_font_size - 2); $pdf->SetTextColor(0,0,0); @@ -542,20 +549,20 @@ Class pdf_expedition_merou extends ModelePdfExpedition $blW=50; $Yoff = $Ydef +1; - $pdf->Rect($blDestX, $Yoff-1, $blW, 26); - - //Titre + // Show recipient frame $pdf->SetFont('','B', $default_font_size - 3); $pdf->SetXY($blDestX,$Yoff-4); $pdf->MultiCell($blW,3, $outputlangs->transnoentities("Recipient"), 0, 'L'); + $pdf->Rect($blDestX, $Yoff-1, $blW, 26); - // Show customer/recipient + // Show recipient name $pdf->SetFont('','B', $default_font_size - 3); $pdf->SetXY($blDestX,$Yoff); $pdf->MultiCell($blW,3, $carac_client_name, 0, 'L'); + // Show recipient information $pdf->SetFont('','', $default_font_size - 3); - $pdf->SetXY($blDestX,$Yoff+4); + $pdf->SetXY($blDestX,$Yoff+(dol_nboflines_bis($carac_client_name,50)*4)); $pdf->MultiCell($blW,2, $carac_client, 0, 'L'); } } diff --git a/htdocs/core/modules/expedition/doc/pdf_expedition_rouget.modules.php b/htdocs/core/modules/expedition/doc/pdf_expedition_rouget.modules.php index 45ec40686d5..4a813247a3b 100644 --- a/htdocs/core/modules/expedition/doc/pdf_expedition_rouget.modules.php +++ b/htdocs/core/modules/expedition/doc/pdf_expedition_rouget.modules.php @@ -74,10 +74,11 @@ Class pdf_expedition_rouget extends ModelePdfExpedition } /** - * \brief Fonction generant le document sur le disque - * \param object Objet expedition a generer (ou id si ancienne methode) - * \param outputlangs Lang output object - * \return int 1=ok, 0=ko + * Fonction generant le document sur le disque + * + * @param object Objet expedition a generer (ou id si ancienne methode) + * @param outputlangs Lang output object + * @return int 1=ok, 0=ko */ function write_file(&$object, $outputlangs) { @@ -133,6 +134,12 @@ Class pdf_expedition_rouget extends ModelePdfExpedition $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; @@ -152,6 +159,7 @@ Class pdf_expedition_rouget extends ModelePdfExpedition // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -517,7 +525,7 @@ Class pdf_expedition_rouget extends ModelePdfExpedition $pdf->SetFont('','', $default_font_size - 2); $pdf->SetXY($posx,$posy-5); $pdf->MultiCell(80, 4, $outputlangs->transnoentities("Recipient").":", 0, 'L'); - $pdf->rect($posx, $posy, 100, $hautcadre); + $pdf->Rect($posx, $posy, 100, $hautcadre); $pdf->SetTextColor(0,0,0); // Show recipient name @@ -527,7 +535,7 @@ Class pdf_expedition_rouget extends ModelePdfExpedition // Show recipient information $pdf->SetFont('','', $default_font_size - 1); - $pdf->SetXY($posx+2,$posy+8); + $pdf->SetXY($posx+2,$posy+4+(dol_nboflines_bis($carac_client_name,50)*4)); $pdf->MultiCell(86,4, $carac_client, 0, 'L'); } diff --git a/htdocs/core/modules/facture/doc/doc_generic_invoice_odt.modules.php b/htdocs/core/modules/facture/doc/doc_generic_invoice_odt.modules.php index e84184c85b9..831df574b3d 100644 --- a/htdocs/core/modules/facture/doc/doc_generic_invoice_odt.modules.php +++ b/htdocs/core/modules/facture/doc/doc_generic_invoice_odt.modules.php @@ -139,7 +139,7 @@ class doc_generic_invoice_odt extends ModelePDFFactures global $conf; return array( - 'line_fulldesc'=>doc_getlinedesc($line), + 'line_fulldesc'=>doc_getlinedesc($line,$outputlangs), 'line_product_ref'=>$line->product_ref, 'line_product_label'=>$line->product_label, 'line_desc'=>$line->desc, diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php index 9b8fe8f3aa4..01002ddf9f9 100755 --- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2004-2012 Laurent Destailleur * Copyright (C) 2005-2011 Regis Houssin * Copyright (C) 2008 Raphael Bertrand * Copyright (C) 2010-2011 Juanjo Menent @@ -22,7 +22,7 @@ /** * \file htdocs/core/modules/facture/doc/pdf_crabe.modules.php * \ingroup facture - * \brief File of class to generate customers invoices from crab model + * \brief File of class to generate customers invoices from crabe model */ require_once(DOL_DOCUMENT_ROOT."/core/modules/facture/modules_facture.php"); @@ -33,10 +33,8 @@ require_once(DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php'); /** - * \class pdf_crabe - * \brief Classe permettant de generer les factures au modele Crabe + * Class to manage PDF invoice template Crabe */ - class pdf_crabe extends ModelePDFFactures { var $db; @@ -187,6 +185,12 @@ class pdf_crabe extends ModelePDFFactures $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; @@ -213,6 +217,7 @@ class pdf_crabe extends ModelePDFFactures // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -362,6 +367,7 @@ class pdf_crabe extends ModelePDFFactures // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 0, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -1222,7 +1228,7 @@ class pdf_crabe extends ModelePDFFactures $pdf->SetFont('','', $default_font_size - 2); $pdf->SetXY($posx+2,$posy-5); $pdf->MultiCell(80,5, $outputlangs->transnoentities("BillTo").":",0,'L'); - $pdf->rect($posx, $posy, 100, $hautcadre); + $pdf->Rect($posx, $posy, 100, $hautcadre); // Show recipient name $pdf->SetXY($posx+2,$posy+3); @@ -1231,7 +1237,7 @@ class pdf_crabe extends ModelePDFFactures // Show recipient information $pdf->SetFont('','', $default_font_size - 1); - $pdf->SetXY($posx+2,$posy+8); + $pdf->SetXY($posx+2,$posy+4+(dol_nboflines_bis($carac_client_name,50)*4)); $pdf->MultiCell(86,4, $carac_client, 0, 'L'); } } diff --git a/htdocs/core/modules/facture/doc/pdf_oursin.modules.php b/htdocs/core/modules/facture/doc/pdf_oursin.modules.php index 80f2b3706a5..db3cc2218b6 100755 --- a/htdocs/core/modules/facture/doc/pdf_oursin.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_oursin.modules.php @@ -174,6 +174,12 @@ class pdf_oursin extends ModelePDFFactures $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; @@ -191,6 +197,7 @@ class pdf_oursin extends ModelePDFFactures // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -260,6 +267,7 @@ class pdf_oursin extends ModelePDFFactures // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 0, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -905,7 +913,7 @@ class pdf_oursin extends ModelePDFFactures $pdf->SetFont('','', $default_font_size - 2); $pdf->SetXY($posx+2,$posy-5); $pdf->MultiCell(80,5, $outputlangs->transnoentities("BillTo").":",0,'L'); - $pdf->rect($posx, $posy, 100, $hautcadre); + $pdf->Rect($posx, $posy, 100, $hautcadre); // Show recipient name $pdf->SetXY($posx+2,$posy+3); @@ -914,7 +922,7 @@ class pdf_oursin extends ModelePDFFactures // Show recipient information $pdf->SetFont('','', $default_font_size - 1); - $pdf->SetXY($posx+2,$posy+8); + $pdf->SetXY($posx+2,$posy+4+(dol_nboflines_bis($carac_client_name,50)*4)); $pdf->MultiCell(86,4, $carac_client, 0, 'L'); } diff --git a/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php b/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php index bc0d10ad00f..a173051ec76 100644 --- a/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php +++ b/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php @@ -41,10 +41,10 @@ class pdf_soleil extends ModelePDFFicheinter var $name; var $description; var $type; - + var $phpmin = array(4,3,0); // Minimum version of PHP required by module var $version = 'dolibarr'; - + var $page_largeur; var $page_hauteur; var $format; @@ -142,6 +142,12 @@ class pdf_soleil extends ModelePDFFicheinter $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; @@ -159,6 +165,7 @@ class pdf_soleil extends ModelePDFFicheinter // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetTextColor(0,0,0); @@ -289,6 +296,7 @@ class pdf_soleil extends ModelePDFFicheinter // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 0, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -299,7 +307,7 @@ class pdf_soleil extends ModelePDFFicheinter } } } - + // Show square if ($pagenb == 1) { @@ -556,7 +564,7 @@ class pdf_soleil extends ModelePDFFicheinter $pdf->SetTextColor(0,0,0); $pdf->SetFont('','', $default_font_size - 2); $pdf->SetXY($posx,$posy-5); - $pdf->rect($posx, $posy, 100, $hautcadre); + $pdf->Rect($posx, $posy, 100, $hautcadre); $pdf->SetTextColor(0,0,0); // Show recipient name @@ -566,7 +574,7 @@ class pdf_soleil extends ModelePDFFicheinter // Show recipient information $pdf->SetFont('','', $default_font_size - 1); - $pdf->SetXY($posx+2,$posy+8); + $pdf->SetXY($posx+2,$posy+4+(dol_nboflines_bis($carac_client_name,50)*4)); $pdf->MultiCell(100,4, $carac_client, 0, 'L'); } } diff --git a/htdocs/core/modules/livraison/pdf/pdf_sirocco.modules.php b/htdocs/core/modules/livraison/pdf/pdf_sirocco.modules.php index 22b0592b370..e401d748da7 100644 --- a/htdocs/core/modules/livraison/pdf/pdf_sirocco.modules.php +++ b/htdocs/core/modules/livraison/pdf/pdf_sirocco.modules.php @@ -126,6 +126,12 @@ class pdf_sirocco extends ModelePDFDeliveryOrder $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } // Complete object by loading several other informations $expedition=new Expedition($this->db); @@ -155,6 +161,7 @@ class pdf_sirocco extends ModelePDFDeliveryOrder // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -395,7 +402,7 @@ class pdf_sirocco extends ModelePDFDeliveryOrder $pdf->SetFont('','B', $default_font_size); $pdf->SetXY(102,47); $pdf->MultiCell(96,5, $carac_client, 0, 'L'); - $pdf->rect(100, 40, 100, 40); + $pdf->Rect(100, 40, 100, 40); $pdf->SetTextColor(0,0,60); diff --git a/htdocs/core/modules/livraison/pdf/pdf_typhon.modules.php b/htdocs/core/modules/livraison/pdf/pdf_typhon.modules.php index 2995e984349..dc129126ccb 100644 --- a/htdocs/core/modules/livraison/pdf/pdf_typhon.modules.php +++ b/htdocs/core/modules/livraison/pdf/pdf_typhon.modules.php @@ -148,6 +148,12 @@ class pdf_typhon extends ModelePDFDeliveryOrder $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } // Complete object by loading several other informations $expedition=new Expedition($this->db); @@ -188,6 +194,7 @@ class pdf_typhon extends ModelePDFDeliveryOrder // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -617,7 +624,7 @@ class pdf_typhon extends ModelePDFDeliveryOrder $pdf->MultiCell(80,5, $outputlangs->transnoentities("DeliveryAddress").":", 0, 'L'); // Cadre client destinataire - $pdf->rect(100, $posy, 100, $hautcadre); + $pdf->Rect(100, $posy, 100, $hautcadre); // If SHIPPING contact defined on invoice, we use it $usecontact=false; diff --git a/htdocs/core/modules/modSociete.class.php b/htdocs/core/modules/modSociete.class.php index 111c9dd4c09..6f5f3080ef2 100644 --- a/htdocs/core/modules/modSociete.class.php +++ b/htdocs/core/modules/modSociete.class.php @@ -199,6 +199,7 @@ class modSociete extends DolibarrModules $this->export_icon[$r]='company'; $this->export_permission[$r]=array(array("societe","export")); $this->export_fields_array[$r]=array('s.rowid'=>"Id",'s.nom'=>"Name",'s.status'=>"Status",'s.client'=>"Customer",'s.fournisseur'=>"Supplier",'s.datec'=>"DateCreation",'s.tms'=>"DateLastModification",'s.code_client'=>"CustomerCode",'s.code_fournisseur'=>"SupplierCode",'s.address'=>"Address",'s.cp'=>"Zip",'s.ville'=>"Town",'p.libelle'=>"Country",'p.code'=>"CountryCode",'s.tel'=>"Phone",'s.fax'=>"Fax",'s.url'=>"Url",'s.email'=>"Email",'s.default_lang'=>"DefaultLang",'s.siret'=>"IdProf1",'s.siren'=>"IdProf2",'s.ape'=>"IdProf3",'s.idprof4'=>"IdProf4",'s.tva_intra'=>"VATIntraShort",'s.capital'=>"Capital",'s.note'=>"Note",'t.libelle'=>"ThirdPartyType",'ce.code'=>"Effectif","cfj.libelle"=>"JuridicalStatus",'s.fk_prospectlevel'=>'ProspectLevel','s.fk_stcomm'=>'ProspectStatus','d.nom'=>'State'); + if (! empty($conf->global->SOCIETE_USEPREFIX)) $this->export_fields_array[$r]['s.prefix']='Prefix'; $this->export_entities_array[$r]=array(); // We define here only fields that use another picto // Add extra fields $sql="SELECT name, label FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'company'"; diff --git a/htdocs/core/modules/propale/doc/doc_generic_proposal_odt.modules.php b/htdocs/core/modules/propale/doc/doc_generic_proposal_odt.modules.php index ee12598ce52..73a3b64a3a2 100644 --- a/htdocs/core/modules/propale/doc/doc_generic_proposal_odt.modules.php +++ b/htdocs/core/modules/propale/doc/doc_generic_proposal_odt.modules.php @@ -128,7 +128,7 @@ class doc_generic_proposal_odt extends ModelePDFPropales global $conf; return array( - 'line_fulldesc'=>doc_getlinedesc($line), + 'line_fulldesc'=>doc_getlinedesc($line,$outputlangs), 'line_product_ref'=>$line->product_ref, 'line_product_label'=>$line->product_label, 'line_desc'=>$line->desc, diff --git a/htdocs/core/modules/propale/doc/pdf_azur.modules.php b/htdocs/core/modules/propale/doc/pdf_azur.modules.php index d2df8d79190..0a710b986c4 100644 --- a/htdocs/core/modules/propale/doc/pdf_azur.modules.php +++ b/htdocs/core/modules/propale/doc/pdf_azur.modules.php @@ -170,6 +170,12 @@ class pdf_azur extends ModelePDFPropales $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; @@ -196,6 +202,7 @@ class pdf_azur extends ModelePDFPropales // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -341,6 +348,7 @@ class pdf_azur extends ModelePDFPropales // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 0, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -1031,7 +1039,7 @@ class pdf_azur extends ModelePDFPropales $pdf->SetFont('','', $default_font_size - 2); $pdf->SetXY($posx,$posy-5); $pdf->MultiCell(100, 4, $outputlangs->transnoentities("BillTo").":", 0, 'L'); - $pdf->rect($posx, $posy, 100, $hautcadre); + $pdf->Rect($posx, $posy, 100, $hautcadre); $pdf->SetTextColor(0,0,0); // Show recipient name @@ -1041,7 +1049,7 @@ class pdf_azur extends ModelePDFPropales // Show recipient information $pdf->SetFont('','', $default_font_size - 1); - $pdf->SetXY($posx+2,$posy+8); + $pdf->SetXY($posx+2,$posy+4+(dol_nboflines_bis($carac_client_name,50)*4)); $pdf->MultiCell(100,4, $carac_client, 0, 'L'); } } diff --git a/htdocs/core/modules/propale/doc/pdf_jaune.modules.php b/htdocs/core/modules/propale/doc/pdf_jaune.modules.php index 50977092f3f..2873569fab9 100644 --- a/htdocs/core/modules/propale/doc/pdf_jaune.modules.php +++ b/htdocs/core/modules/propale/doc/pdf_jaune.modules.php @@ -170,6 +170,12 @@ class pdf_jaune extends ModelePDFPropales $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; @@ -196,6 +202,7 @@ class pdf_jaune extends ModelePDFPropales // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -341,6 +348,7 @@ class pdf_jaune extends ModelePDFPropales // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 0, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -1031,7 +1039,7 @@ class pdf_jaune extends ModelePDFPropales $pdf->SetFont('','', $default_font_size - 2); $pdf->SetXY($posx,$posy-5); $pdf->MultiCell(100, 4, $outputlangs->transnoentities("BillTo").":", 0, 'L'); - $pdf->rect($posx, $posy, 100, $hautcadre); + $pdf->Rect($posx, $posy, 100, $hautcadre); $pdf->SetTextColor(0,0,0); // Show recipient name @@ -1041,7 +1049,7 @@ class pdf_jaune extends ModelePDFPropales // Show recipient information $pdf->SetFont('','', $default_font_size - 1); - $pdf->SetXY($posx+2,$posy+8); + $pdf->SetXY($posx+2,$posy+4+(dol_nboflines_bis($carac_client_name,50)*4)); $pdf->MultiCell(100,4, $carac_client, 0, 'L'); } } diff --git a/htdocs/core/modules/supplier_invoice/pdf/pdf_canelle.modules.php b/htdocs/core/modules/supplier_invoice/pdf/pdf_canelle.modules.php index 829f6e20420..4cd34062c50 100755 --- a/htdocs/core/modules/supplier_invoice/pdf/pdf_canelle.modules.php +++ b/htdocs/core/modules/supplier_invoice/pdf/pdf_canelle.modules.php @@ -177,6 +177,12 @@ class pdf_canelle extends ModelePDFSuppliersInvoices $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; @@ -203,6 +209,7 @@ class pdf_canelle extends ModelePDFSuppliersInvoices // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -347,6 +354,7 @@ class pdf_canelle extends ModelePDFSuppliersInvoices // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 0, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -893,7 +901,7 @@ class pdf_canelle extends ModelePDFSuppliersInvoices $pdf->SetFont('','', $default_font_size - 2); $pdf->SetXY($posx+2,$posy-5); $pdf->MultiCell(80,5, $outputlangs->transnoentities("BillTo").":",0,'L'); - $pdf->rect($posx, $posy, 100, $hautcadre); + $pdf->Rect($posx, $posy, 100, $hautcadre); // Show recipient name $pdf->SetXY($posx+2,$posy+3); @@ -902,7 +910,7 @@ class pdf_canelle extends ModelePDFSuppliersInvoices // Show recipient information $pdf->SetFont('','', $default_font_size - 1); - $pdf->SetXY($posx+2,$posy+8); + $pdf->SetXY($posx+2,$posy+4+(dol_nboflines_bis($carac_client_name,50)*4)); $pdf->MultiCell(86,4, $carac_client, 0, 'L'); } } diff --git a/htdocs/core/modules/supplier_order/pdf/pdf_muscadet.modules.php b/htdocs/core/modules/supplier_order/pdf/pdf_muscadet.modules.php index 7dd01cb4b0d..257b44340fb 100644 --- a/htdocs/core/modules/supplier_order/pdf/pdf_muscadet.modules.php +++ b/htdocs/core/modules/supplier_order/pdf/pdf_muscadet.modules.php @@ -183,6 +183,12 @@ class pdf_muscadet extends ModelePDFSuppliersOrders $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; @@ -209,6 +215,7 @@ class pdf_muscadet extends ModelePDFSuppliersOrders // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -353,6 +360,7 @@ class pdf_muscadet extends ModelePDFSuppliersOrders // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 0, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -975,7 +983,7 @@ class pdf_muscadet extends ModelePDFSuppliersOrders $pdf->SetFont('','', $default_font_size - 2); $pdf->SetXY($posx+2,$posy-5); $pdf->MultiCell(80,5, $outputlangs->transnoentities("BillTo").":",0,'L'); - $pdf->rect($posx, $posy, 100, $hautcadre); + $pdf->Rect($posx, $posy, 100, $hautcadre); // Show recipient name $pdf->SetXY($posx+2,$posy+3); @@ -984,7 +992,7 @@ class pdf_muscadet extends ModelePDFSuppliersOrders // Show recipient information $pdf->SetFont('','', $default_font_size - 1); - $pdf->SetXY($posx+2,$posy+8); + $pdf->SetXY($posx+2,$posy+4+(dol_nboflines_bis($carac_client_name,50)*4)); $pdf->MultiCell(86,4, $carac_client, 0, 'L'); } } diff --git a/htdocs/document.php b/htdocs/document.php index 9c59f1da051..8836ebdbf97 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -2,7 +2,7 @@ /* Copyright (C) 2004-2007 Rodolphe Quiedeville * Copyright (C) 2004-2012 Laurent Destailleur * Copyright (C) 2005 Simon Tosser - * Copyright (C) 2005-2011 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2010 Pierre Morin * Copyright (C) 2010 Juanjo Menent * @@ -50,10 +50,10 @@ require("./main.inc.php"); // Load $user and permissions require_once(DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'); $encoding = ''; -$action = GETPOST("action"); -$original_file = GETPOST("file"); // Do not use urldecode here ($_GET are already decoded by PHP). -$modulepart = GETPOST("modulepart"); -$urlsource = GETPOST("urlsource"); +$action = GETPOST('action','alpha'); +$original_file = GETPOST('file','alpha'); // Do not use urldecode here ($_GET are already decoded by PHP). +$modulepart = GETPOST('modulepart','alpha'); +$urlsource = GETPOST('urlsource','alpha'); // Security check if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart'); @@ -72,7 +72,7 @@ if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart'); // Define mime type $type = 'application/octet-stream'; -if (GETPOST('type')) $type=GETPOST('type'); +if (GETPOST('type','alpha')) $type=GETPOST('type','alpha'); else $type=dol_mimetype($original_file); //print 'X'.$type.'-'.$original_file;exit; diff --git a/htdocs/ecm/index.php b/htdocs/ecm/index.php index 712f51e2cda..4258632f8c2 100644 --- a/htdocs/ecm/index.php +++ b/htdocs/ecm/index.php @@ -50,7 +50,7 @@ $result = restrictedArea($user, 'ecm', 0); $user->getrights('ecm'); // Get parameters -$socid=GETPOST('socid'); +$socid=GETPOST('socid','int'); $action=GETPOST("action"); $section=GETPOST("section"); $module=GETPOST("module"); diff --git a/htdocs/expedition/fiche.php b/htdocs/expedition/fiche.php index ac06265df3f..40fb5917e89 100644 --- a/htdocs/expedition/fiche.php +++ b/htdocs/expedition/fiche.php @@ -50,7 +50,7 @@ $langs->load('other'); $langs->load('propal'); $origin = GETPOST("origin")?GETPOST("origin"):'expedition'; // Example: commande, propal -$origin_id = GETPOST("id")?GETPOST("id"):''; +$origin_id = GETPOST('id','int')?GETPOST('id','int'):''; if (empty($origin_id)) $origin_id = GETPOST("origin_id"); // Id of order or propal if (empty($origin_id)) $origin_id = GETPOST("object_id"); // Id of order or propal $id = $origin_id; diff --git a/htdocs/fichinter/apercu.php b/htdocs/fichinter/apercu.php index 5d713eda2ca..f338c0b5b0d 100644 --- a/htdocs/fichinter/apercu.php +++ b/htdocs/fichinter/apercu.php @@ -35,7 +35,7 @@ $langs->load('interventions'); // Security check $socid=0; -$id = GETPOST("id"); +$id = GETPOST('id','int'); $ref = GETPOST("ref"); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'ficheinter', $id, 'fichinter'); diff --git a/htdocs/fichinter/contact.php b/htdocs/fichinter/contact.php index 467e8683527..74fa3b5b9a3 100644 --- a/htdocs/fichinter/contact.php +++ b/htdocs/fichinter/contact.php @@ -78,7 +78,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->ficheinter->creer) if ($_GET["action"] == 'swapstatut' && $user->rights->ficheinter->creer) { $fichinter = new Fichinter($db); - if ($fichinter->fetch(GETPOST("id"))) + if ($fichinter->fetch(GETPOST('id','int'))) { $result=$fichinter->swapContactStatus(GETPOST('ligne')); } diff --git a/htdocs/fichinter/document.php b/htdocs/fichinter/document.php index be142263326..23c1196a088 100644 --- a/htdocs/fichinter/document.php +++ b/htdocs/fichinter/document.php @@ -38,7 +38,7 @@ $langs->load("fichinter"); $langs->load("companies"); $langs->load("interventions"); -$id = GETPOST("id"); +$id = GETPOST('id','int'); $action = GETPOST("action"); // Security check diff --git a/htdocs/fichinter/fiche.php b/htdocs/fichinter/fiche.php index 40c42a2e81c..9f753db3060 100644 --- a/htdocs/fichinter/fiche.php +++ b/htdocs/fichinter/fiche.php @@ -43,9 +43,9 @@ if (! empty($conf->global->FICHEINTER_ADDON) && is_readable(DOL_DOCUMENT_ROOT ." $langs->load("companies"); $langs->load("interventions"); -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref = GETPOST('ref'); -$socid = GETPOST('socid'); +$socid = GETPOST('socid','int'); $action = GETPOST("action"); $confirm = GETPOST("confirm"); $mesg = GETPOST("msg"); diff --git a/htdocs/fichinter/info.php b/htdocs/fichinter/info.php index 05c74544d24..1029880d487 100644 --- a/htdocs/fichinter/info.php +++ b/htdocs/fichinter/info.php @@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/fichinter.lib.php"); $langs->load('companies'); $langs->load("interventions"); -$fichinterid = GETPOST("id"); +$fichinterid = GETPOST('id','int'); // Security check if ($user->societe_id) $socid=$user->societe_id; diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php index dfd0b4d39e5..a693e261e6c 100755 --- a/htdocs/fichinter/list.php +++ b/htdocs/fichinter/list.php @@ -40,11 +40,11 @@ $offset = $conf->liste_limit * $page; $pageprev = $page - 1; $pagenext = $page + 1; -$socid=GETPOST("socid"); +$socid=GETPOST('socid','int'); $page=GETPOST("page"); // Security check -$fichinterid = GETPOST("id"); +$fichinterid = GETPOST('id','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'ficheinter', $fichinterid,'fichinter'); diff --git a/htdocs/fichinter/note.php b/htdocs/fichinter/note.php index 2622e58c6f2..891ffca9036 100644 --- a/htdocs/fichinter/note.php +++ b/htdocs/fichinter/note.php @@ -29,7 +29,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/fichinter.lib.php"); $langs->load('companies'); $langs->load("interventions"); -$fichinterid = GETPOST("id"); +$fichinterid = GETPOST('id','int'); $action=GETPOST("action"); // Security check diff --git a/htdocs/fourn/commande/fiche.php b/htdocs/fourn/commande/fiche.php index ef5e30ff7d2..19b175a6c71 100644 --- a/htdocs/fourn/commande/fiche.php +++ b/htdocs/fourn/commande/fiche.php @@ -47,12 +47,12 @@ $langs->load('deliveries'); $langs->load('products'); $langs->load('stocks'); -$id = GETPOST("id"); +$id = GETPOST('id','int'); $ref = GETPOST("ref"); $action = GETPOST("action"); $confirm = GETPOST("confirm"); $comclientid = GETPOST("comid"); -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); $projectid = GETPOST("projectid"); // Security check @@ -162,8 +162,8 @@ if ($action == 'addline' && $user->rights->fournisseur->commande->creer) $type = $productsupplier->type; // Local Taxes - $localtax1_tx= get_localtax($tva_tx, 1, $object->thirdparty); - $localtax2_tx= get_localtax($tva_tx, 2, $object->thirdparty); + $localtax1_tx= get_localtax($tva_tx, 1, $mysoc); + $localtax2_tx= get_localtax($tva_tx, 2, $mysoc); $result=$object->addline( $desc, @@ -222,14 +222,18 @@ if ($action == 'addline' && $user->rights->fournisseur->commande->creer) //print "xx".$tva_tx; exit; if ($result > 0) { - $outputlangs = $langs; - if (! empty($_REQUEST['lang_id'])) - { - $outputlangs = new Translate("",$conf); - $outputlangs->setDefaultLang($_REQUEST['lang_id']); - } if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) { + // Define output language + $outputlangs = $langs; + $newlang=GETPOST('lang_id','alpha'); + if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang; + if (! empty($newlang)) + { + $outputlangs = new Translate("",$conf); + $outputlangs->setDefaultLang($newlang); + } + $ret=$object->fetch($id); // Reload to get new records supplier_order_pdf_create($db, $object, $object->modelpdf, $outputlangs, GETPOST('hidedetails'), GETPOST('hidedesc'), GETPOST('hideref')); } diff --git a/htdocs/fourn/facture/contact.php b/htdocs/fourn/facture/contact.php index c10bf7bca87..42993e32703 100644 --- a/htdocs/fourn/facture/contact.php +++ b/htdocs/fourn/facture/contact.php @@ -80,7 +80,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->fournisseur->facture->cre if ($_GET["action"] == 'swapstatut' && $user->rights->fournisseur->facture->creer) { $facture = new FactureFournisseur($db); - if ($facture->fetch(GETPOST("facid"))) + if ($facture->fetch(GETPOST('facid','int'))) { $result=$facture->swapContactStatus(GETPOST('ligne')); } diff --git a/htdocs/fourn/facture/document.php b/htdocs/fourn/facture/document.php index 5a934218c9f..f007070618c 100644 --- a/htdocs/fourn/facture/document.php +++ b/htdocs/fourn/facture/document.php @@ -35,7 +35,7 @@ $langs->load('bills'); $langs->load('other'); $langs->load("companies"); -$facid = GETPOST("facid")?GETPOST("facid"):GETPOST("id"); +$facid = GETPOST('facid','int')?GETPOST('facid','int'):GETPOST('id','int'); $action=empty($_GET['action']) ? (empty($_POST['action']) ? '' : $_POST['action']) : $_GET['action']; // Security check diff --git a/htdocs/fourn/facture/fiche.php b/htdocs/fourn/facture/fiche.php index 2769bb79adc..1d192e5291e 100644 --- a/htdocs/fourn/facture/fiche.php +++ b/htdocs/fourn/facture/fiche.php @@ -42,7 +42,7 @@ $langs->load('suppliers'); $langs->load('companies'); $mesg=''; -$id = (GETPOST("facid") ? GETPOST("facid") : GETPOST("id")); +$id = (GETPOST('facid','int') ? GETPOST('facid','int') : GETPOST('id','int')); $action = GETPOST("action"); $confirm = GETPOST("confirm"); @@ -87,7 +87,7 @@ if ($action == 'confirm_clone' && $confirm == 'yes') } } -if ($action == 'confirm_valid' && $confirm == 'yes' && $user->rights->fournisseur->facture->valider) +elseif ($action == 'confirm_valid' && $confirm == 'yes' && $user->rights->fournisseur->facture->valider) { $idwarehouse=GETPOST('idwarehouse'); @@ -116,7 +116,7 @@ if ($action == 'confirm_valid' && $confirm == 'yes' && $user->rights->fournisseu } } -if ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->fournisseur->facture->supprimer) +elseif ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->fournisseur->facture->supprimer) { $object->fetch($id); $result=$object->delete($id); @@ -131,7 +131,7 @@ if ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->fournisse } } -if ($action == 'confirm_deleteline' && $confirm == 'yes' && $user->rights->fournisseur->facture->creer) +elseif ($action == 'confirm_deleteline' && $confirm == 'yes' && $user->rights->fournisseur->facture->creer) { $object->fetch($id); $ret = $object->deleteline(GETPOST('lineid')); @@ -146,21 +146,21 @@ if ($action == 'confirm_deleteline' && $confirm == 'yes' && $user->rights->fourn } } -if ($action == 'confirm_paid' && $confirm == 'yes' && $user->rights->fournisseur->facture->creer) +elseif ($action == 'confirm_paid' && $confirm == 'yes' && $user->rights->fournisseur->facture->creer) { $object->fetch($id); $result=$object->set_paid($user); } // Set supplier ref -if (($action == 'setref_supplier' || $action == 'set_ref_supplier') && $user->rights->fournisseur->facture->creer) +elseif (($action == 'setref_supplier' || $action == 'set_ref_supplier') && $user->rights->fournisseur->facture->creer) { $object->fetch($id); $result=$object->set_ref_supplier($user, $_POST['ref_supplier']); } // Set label -if ($action == 'setlabel' && $user->rights->fournisseur->facture->creer) +elseif ($action == 'setlabel' && $user->rights->fournisseur->facture->creer) { $object->fetch($id); $object->label=$_POST['label']; @@ -168,25 +168,25 @@ if ($action == 'setlabel' && $user->rights->fournisseur->facture->creer) if ($result < 0) dol_print_error($db); } -if ($action == 'setdate' && $user->rights->fournisseur->facture->creer) +elseif ($action == 'setdate' && $user->rights->fournisseur->facture->creer) { $object->fetch($id); - $object->date=dol_mktime(12,0,0,$_POST['datemonth'],$_POST['dateday'],$_POST['dateyear']); + $object->date=dol_mktime(12,0,0,$_POST['datefmonth'],$_POST['datefday'],$_POST['datefyear']); if ($object->date_echeance < $object->date) $object->date_echeance=$object->date; $result=$object->update($user); if ($result < 0) dol_print_error($db,$object->error); } -if ($action == 'setdate_echeance' && $user->rights->fournisseur->facture->creer) +elseif ($action == 'setdate_echeance' && $user->rights->fournisseur->facture->creer) { $object->fetch($id); - $object->date_echeance=dol_mktime(12,0,0,$_POST['date_echeancemonth'],$_POST['date_echeanceday'],$_POST['date_echeanceyear']); + $object->date_echeance=dol_mktime(12,0,0,$_POST['date_lim_reglementmonth'],$_POST['date_lim_reglementday'],$_POST['date_lim_reglementyear']); if ($object->date_echeance < $object->date) $object->date_echeance=$object->date; $result=$object->update($user); if ($result < 0) dol_print_error($db,$object->error); } // Delete payment -if($action == 'deletepaiement') +elseif($action == 'deletepaiement') { $object->fetch($id); if ($object->statut == 1 && $object->paye == 0 && $user->societe_id == 0) @@ -198,7 +198,7 @@ if($action == 'deletepaiement') } // Create -if ($action == 'add' && $user->rights->fournisseur->facture->creer) +elseif ($action == 'add' && $user->rights->fournisseur->facture->creer) { $error=0; @@ -384,7 +384,7 @@ if ($action == 'add' && $user->rights->fournisseur->facture->creer) } // Modification d'une ligne -if ($action == 'update_line') +elseif ($action == 'update_line') { if ($_REQUEST['etat'] == '1' && ! $_REQUEST['cancel']) // si on valide la modification { @@ -421,8 +421,8 @@ if ($action == 'update_line') } $label = $_POST['desc']; $type = $_POST["type"]?$_POST["type"]:0; - $localtax1tx= get_localtax($_POST['tauxtva'], 1, $societe); - $localtax2tx= get_localtax($_POST['tauxtva'], 2, $societe); + $localtax1tx= get_localtax($_POST['tauxtva'], 1, $mysoc); + $localtax2tx= get_localtax($_POST['tauxtva'], 2, $mysoc); } $result=$object->updateline($_GET['lineid'], $label, $pu, $_POST['tauxtva'], $localtax1tx, $localtax2tx, $_POST['qty'], $_POST['idprod'], $price_base_type, 0, $type); @@ -433,7 +433,7 @@ if ($action == 'update_line') } } -if ($action == 'addline') +elseif ($action == 'addline') { $ret=$object->fetch($id); if ($ret < 0) @@ -441,12 +441,7 @@ if ($action == 'addline') dol_print_error($db,$object->error); exit; } - - if ($object->socid) - { - $societe=new Societe($db); - $societe->fetch($object->socid); - } + $ret=$object->fetch_thirdparty(); if ($_POST['idprodfournprice']) // > 0 or -1 { @@ -461,10 +456,10 @@ if ($action == 'addline') // $label = '['.$product->ref.'] - '. $product->libelle; $label = $product->description; - $tvatx=get_default_tva($societe,$mysoc,$product->id); + $tvatx=get_default_tva($object->thirdparty,$mysoc,$product->id); - $localtax1tx= get_localtax($tvatx, 1, $societe); - $localtax2tx= get_localtax($tvatx, 2, $societe); + $localtax1tx= get_localtax($tvatx, 1, $mysoc); + $localtax2tx= get_localtax($tvatx, 2, $mysoc); $type = $product->type; @@ -481,8 +476,8 @@ if ($action == 'addline') else { $tauxtva = price2num($_POST['tauxtva']); - $localtax1tx= get_localtax($tauxtva, 1, $societe); - $localtax2tx= get_localtax($tauxtva, 2, $societe); + $localtax1tx= get_localtax($tauxtva, 1, $mysoc); + $localtax2tx= get_localtax($tauxtva, 2, $mysoc); if (! $_POST['dp_desc']) { @@ -512,12 +507,15 @@ if ($action == 'addline') //print "xx".$tva_tx; exit; if ($result > 0) { - $outputlangs = $langs; - if (! empty($_REQUEST['lang_id'])) - { - $outputlangs = new Translate("",$conf); - $outputlangs->setDefaultLang($_REQUEST['lang_id']); - } + // Define output language + $outputlangs = $langs; + $newlang=GETPOST('lang_id','alpha'); + if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang; + if (! empty($newlang)) + { + $outputlangs = new Translate("",$conf); + $outputlangs->setDefaultLang($newlang); + } //if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) supplier_invoice_pdf_create($db, $object->id, $object->modelpdf, $outputlangs); unset($_POST['qty']); @@ -540,7 +538,7 @@ if ($action == 'addline') $action = ''; } -if ($action == 'classin') +elseif ($action == 'classin') { $object->fetch($id); $result=$object->setProject($_POST['projectid']); @@ -548,7 +546,7 @@ if ($action == 'classin') // Set invoice to draft status -if ($action == 'edit' && $user->rights->fournisseur->facture->creer) +elseif ($action == 'edit' && $user->rights->fournisseur->facture->creer) { $object->fetch($id); @@ -574,7 +572,7 @@ if ($action == 'edit' && $user->rights->fournisseur->facture->creer) } // Set invoice to validated/unpaid status -if ($action == 'reopen' && $user->rights->fournisseur->facture->creer) +elseif ($action == 'reopen' && $user->rights->fournisseur->facture->creer) { $result = $object->fetch($id); if ($object->statut == 2 @@ -779,7 +777,7 @@ if ($action == 'send' && ! $_POST['addfile'] && ! $_POST['removedfile'] && ! $_P } // Build document -if ($action == 'builddoc') +elseif ($action == 'builddoc') { // Save modele used $object->fetch($id); @@ -808,7 +806,7 @@ if ($action == 'builddoc') } // Delete file in doc form -if ($action == 'remove_file') +elseif ($action == 'remove_file') { require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php"); @@ -1341,13 +1339,13 @@ else print ''; // Date - print ''.$form->editfieldkey("Date",'date',$object->datep,$object,($object->statut<2 && $user->rights->fournisseur->facture->creer && $object->getSommePaiement() <= 0),'datepicker').''; - print $form->editfieldval("Date",'date',$object->datep,$object,($object->statut<2 && $user->rights->fournisseur->facture->creer && $object->getSommePaiement() <= 0),'datepicker'); + print ''.$form->editfieldkey("Date",'datef',$object->datep,$object,($object->statut<2 && $user->rights->fournisseur->facture->creer && $object->getSommePaiement() <= 0),'datepicker').''; + print $form->editfieldval("Date",'datef',$object->datep,$object,($object->statut<2 && $user->rights->fournisseur->facture->creer && $object->getSommePaiement() <= 0),'datepicker'); print ''; // Due date - print ''.$form->editfieldkey("DateMaxPayment",'date_echeance',$object->date_echeance,$object,($object->statut<2 && $user->rights->fournisseur->facture->creer && $object->getSommePaiement() <= 0),'datepicker').''; - print $form->editfieldval("DateMaxPayment",'date_echeance',$object->date_echeance,$object,($object->statut<2 && $user->rights->fournisseur->facture->creer && $object->getSommePaiement() <= 0),'datepicker'); + print ''.$form->editfieldkey("DateMaxPayment",'date_lim_reglement',$object->date_echeance,$object,($object->statut<2 && $user->rights->fournisseur->facture->creer && $object->getSommePaiement() <= 0),'datepicker').''; + print $form->editfieldval("DateMaxPayment",'date_lim_reglement',$object->date_echeance,$object,($object->statut<2 && $user->rights->fournisseur->facture->creer && $object->getSommePaiement() <= 0),'datepicker'); print ''; // Status diff --git a/htdocs/fourn/facture/index.php b/htdocs/fourn/facture/index.php index 372534d9bc0..eabafefda14 100644 --- a/htdocs/fourn/facture/index.php +++ b/htdocs/fourn/facture/index.php @@ -34,7 +34,7 @@ if (!$user->rights->fournisseur->facture->lire) accessforbidden(); $langs->load("companies"); $langs->load("bills"); -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); // Security check if ($user->societe_id > 0) diff --git a/htdocs/fourn/facture/note.php b/htdocs/fourn/facture/note.php index 98b73a767f6..7522b527fdb 100644 --- a/htdocs/fourn/facture/note.php +++ b/htdocs/fourn/facture/note.php @@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php'); $langs->load('bills'); $langs->load("companies"); -$facid = GETPOST("facid")?GETPOST("facid"):GETPOST('id'); +$facid = GETPOST('facid','int')?GETPOST('facid','int'):GETPOST('id','int'); $action = GETPOST('action'); // Security check diff --git a/htdocs/fourn/facture/paiement.php b/htdocs/fourn/facture/paiement.php index e36158bfa00..1024a16c8f9 100644 --- a/htdocs/fourn/facture/paiement.php +++ b/htdocs/fourn/facture/paiement.php @@ -34,7 +34,7 @@ $langs->load('companies'); $langs->load('bills'); $langs->load('banks'); -$facid=GETPOST('facid'); +$facid=GETPOST('facid','int'); $action=GETPOST('action'); $socid=GETPOST('socid','int'); diff --git a/htdocs/fourn/fiche.php b/htdocs/fourn/fiche.php index 7741ddfc42f..abf566aab22 100644 --- a/htdocs/fourn/fiche.php +++ b/htdocs/fourn/fiche.php @@ -42,7 +42,7 @@ $langs->load('commercial'); $action = GETPOST('action'); // Security check -$id = (GETPOST("socid") ? GETPOST("socid") : GETPOST("id")); +$id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id','int')); if ($user->societe_id) $id=$user->societe_id; $result = restrictedArea($user, 'societe&fournisseur', $id, ''); diff --git a/htdocs/fourn/liste.php b/htdocs/fourn/liste.php index 71da3a75c5b..c8fdfb40d83 100644 --- a/htdocs/fourn/liste.php +++ b/htdocs/fourn/liste.php @@ -39,7 +39,7 @@ $search_compta_fournisseur = GETPOST("search_compta_fournisseur"); $search_datec = GETPOST("search_datec"); // Security check -$socid = GETPOST('socid'); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user,'societe',$socid,''); diff --git a/htdocs/includes/tcpdf/config/tcpdf_config.php b/htdocs/includes/tcpdf/config/tcpdf_config.php index 55304504120..bf575fbe2c6 100644 --- a/htdocs/includes/tcpdf/config/tcpdf_config.php +++ b/htdocs/includes/tcpdf/config/tcpdf_config.php @@ -82,6 +82,7 @@ if (!defined('K_TCPDF_EXTERNAL_CONFIG')) { * cache directory for temporary files (full path) */ // define ('K_PATH_CACHE', K_PATH_MAIN.'cache/'); +// DOL_CHANGE define ('K_PATH_CACHE', DOL_DATA_ROOT.'/admin/temp/'); dol_mkdir(K_PATH_CACHE); diff --git a/htdocs/install/mysql/migration/3.1.0-3.2.0.sql b/htdocs/install/mysql/migration/3.1.0-3.2.0.sql index d3f867b464f..bc0a4ac8223 100755 --- a/htdocs/install/mysql/migration/3.1.0-3.2.0.sql +++ b/htdocs/install/mysql/migration/3.1.0-3.2.0.sql @@ -31,7 +31,13 @@ ALTER TABLE llx_user ADD COLUMN ref_int varchar(50) AFTER ref_ext; ALTER TABLE llx_societe MODIFY code_client varchar(24); ALTER TABLE llx_societe MODIFY code_fournisseur varchar(24); +ALTER TABLE llx_societe MODIFY siren varchar(128); +ALTER TABLE llx_societe MODIFY siret varchar(128); +ALTER TABLE llx_societe MODIFY ape varchar(128); +ALTER TABLE llx_societe MODIFY idprof4 varchar(128); +ALTER TABLE llx_societe ADD COLUMN idprof5 varchar(128); + ALTER TABLE llx_chargesociales ADD COLUMN tms timestamp; ALTER TABLE llx_chargesociales ADD COLUMN date_creation datetime; ALTER TABLE llx_chargesociales ADD COLUMN date_valid datetime; @@ -191,6 +197,43 @@ ALTER TABLE llx_expedition ADD CONSTRAINT fk_expedition_fk_expedition_methode F -- VMYSQL4.1 UPDATE llx_chargesociales set tms = date_creation WHERE tms = '0000-00-00 00:00:00'; +ALTER TABLE llx_propal ADD COLUMN fk_account integer AFTER total; +ALTER TABLE llx_propal ADD COLUMN fk_currency varchar(2) AFTER fk_account; +ALTER TABLE llx_propal ADD INDEX idx_propal_fk_user_author (fk_user_author); +ALTER TABLE llx_propal ADD INDEX idx_propal_fk_user_valid (fk_user_valid); +ALTER TABLE llx_propal ADD INDEX idx_propal_fk_user_cloture (fk_user_cloture); +ALTER TABLE llx_propal ADD INDEX idx_propal_fk_projet (fk_projet); +ALTER TABLE llx_propal ADD INDEX idx_propal_fk_account(fk_account); +ALTER TABLE llx_propal ADD INDEX idx_propal_fk_currency(fk_currency); +ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_author FOREIGN KEY (fk_user_author) REFERENCES llx_user (rowid); +ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_valid FOREIGN KEY (fk_user_valid) REFERENCES llx_user (rowid); +ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_cloture FOREIGN KEY (fk_user_cloture) REFERENCES llx_user (rowid); +ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_projet FOREIGN KEY (fk_projet) REFERENCES llx_projet (rowid); +ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_currency FOREIGN KEY (fk_currency) REFERENCES llx_c_currencies (code); +ALTER TABLE llx_propal DROP FOREIGN KEY fk_propal_fk_account; + +ALTER TABLE llx_commande ADD COLUMN fk_account integer AFTER facture; +ALTER TABLE llx_commande ADD COLUMN fk_currency varchar(2) AFTER fk_account; +ALTER TABLE llx_commande ADD INDEX idx_commande_fk_user_author (fk_user_author); +ALTER TABLE llx_commande ADD INDEX idx_commande_fk_user_valid (fk_user_valid); +ALTER TABLE llx_commande ADD INDEX idx_commande_fk_user_cloture (fk_user_cloture); +ALTER TABLE llx_commande ADD INDEX idx_commande_fk_projet (fk_projet); +ALTER TABLE llx_commande ADD INDEX idx_commande_fk_account(fk_account); +ALTER TABLE llx_commande ADD INDEX idx_commande_fk_currency(fk_currency); +ALTER TABLE llx_commande ADD CONSTRAINT fk_commande_fk_user_author FOREIGN KEY (fk_user_author) REFERENCES llx_user (rowid); +ALTER TABLE llx_commande ADD CONSTRAINT fk_commande_fk_user_valid FOREIGN KEY (fk_user_valid) REFERENCES llx_user (rowid); +ALTER TABLE llx_commande ADD CONSTRAINT fk_commande_fk_user_cloture FOREIGN KEY (fk_user_cloture) REFERENCES llx_user (rowid); +ALTER TABLE llx_commande ADD CONSTRAINT fk_commande_fk_projet FOREIGN KEY (fk_projet) REFERENCES llx_projet (rowid); +ALTER TABLE llx_commande ADD CONSTRAINT fk_commande_fk_currency FOREIGN KEY (fk_currency) REFERENCES llx_c_currencies (code); +ALTER TABLE llx_commande DROP FOREIGN KEY fk_commande_fk_account; + +ALTER TABLE llx_facture ADD COLUMN fk_account integer AFTER fk_projet; +ALTER TABLE llx_facture ADD COLUMN fk_currency varchar(2) AFTER fk_account; +ALTER TABLE llx_facture ADD INDEX idx_facture_fk_account (fk_account); +ALTER TABLE llx_facture ADD INDEX idx_facture_fk_currency (fk_currency); +ALTER TABLE llx_facture ADD CONSTRAINT fk_facture_fk_currency FOREIGN KEY (fk_currency) REFERENCES llx_c_currencies (code); +ALTER TABLE llx_facture DROP FOREIGN KEY fk_facture_fk_account; + ALTER TABLE llx_actioncomm DROP COLUMN propalrowid; ALTER TABLE llx_actioncomm DROP COLUMN fk_facture; ALTER TABLE llx_actioncomm DROP COLUMN fk_supplier_order; diff --git a/htdocs/install/mysql/migration/repair.sql b/htdocs/install/mysql/migration/repair.sql index 312dcf5adcd..e293c763f83 100644 --- a/htdocs/install/mysql/migration/repair.sql +++ b/htdocs/install/mysql/migration/repair.sql @@ -23,3 +23,13 @@ update llx_deplacement set dated='2010-01-01' where dated < '2000-01-01'; update llx_cotisation set fk_bank = null where fk_bank not in (select rowid from llx_bank); +update llx_propal set fk_projet = null where fk_projet not in (select rowid from llx_projet); +update llx_commande set fk_projet = null where fk_projet not in (select rowid from llx_projet); +update llx_facture set fk_projet = null where fk_projet not in (select rowid from llx_projet); +update llx_commande_fournisseur set fk_projet = null where fk_projet not in (select rowid from llx_projet); +update llx_contrat set fk_projet = null where fk_projet not in (select rowid from llx_projet); +update llx_deplacement set fk_projet = null where fk_projet not in (select rowid from llx_projet); +update llx_facture_fourn set fk_projet = null where fk_projet not in (select rowid from llx_projet); +update llx_facture_rec set fk_projet = null where fk_projet not in (select rowid from llx_projet); +update llx_fichinter set fk_projet = null where fk_projet not in (select rowid from llx_projet); +update llx_projet_task set fk_projet = null where fk_projet not in (select rowid from llx_projet); diff --git a/htdocs/install/mysql/tables/llx_commande.key.sql b/htdocs/install/mysql/tables/llx_commande.key.sql index e03e853ce15..a608b46f075 100644 --- a/htdocs/install/mysql/tables/llx_commande.key.sql +++ b/htdocs/install/mysql/tables/llx_commande.key.sql @@ -1,6 +1,6 @@ -- ============================================================================ --- Copyright (C) 2006 Laurent Destailleur --- Copyright (C) 2009 Regis Houssin +-- Copyright (C) 2006 Laurent Destailleur +-- Copyright (C) 2009-2012 Regis Houssin -- -- This program is free software; you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published by @@ -24,4 +24,16 @@ ALTER TABLE llx_commande ADD UNIQUE INDEX uk_commande_ref (ref, entity); ALTER TABLE llx_commande ADD INDEX idx_commande_fk_soc (fk_soc); -ALTER TABLE llx_commande ADD CONSTRAINT fk_commande_fk_soc FOREIGN KEY (fk_soc) REFERENCES llx_societe (rowid); +ALTER TABLE llx_commande ADD INDEX idx_commande_fk_user_author (fk_user_author); +ALTER TABLE llx_commande ADD INDEX idx_commande_fk_user_valid (fk_user_valid); +ALTER TABLE llx_commande ADD INDEX idx_commande_fk_user_cloture (fk_user_cloture); +ALTER TABLE llx_commande ADD INDEX idx_commande_fk_projet (fk_projet); +ALTER TABLE llx_commande ADD INDEX idx_commande_fk_account(fk_account); +ALTER TABLE llx_commande ADD INDEX idx_commande_fk_currency(fk_currency); + +ALTER TABLE llx_commande ADD CONSTRAINT fk_commande_fk_soc FOREIGN KEY (fk_soc) REFERENCES llx_societe (rowid); +ALTER TABLE llx_commande ADD CONSTRAINT fk_commande_fk_user_author FOREIGN KEY (fk_user_author) REFERENCES llx_user (rowid); +ALTER TABLE llx_commande ADD CONSTRAINT fk_commande_fk_user_valid FOREIGN KEY (fk_user_valid) REFERENCES llx_user (rowid); +ALTER TABLE llx_commande ADD CONSTRAINT fk_commande_fk_user_cloture FOREIGN KEY (fk_user_cloture) REFERENCES llx_user (rowid); +ALTER TABLE llx_commande ADD CONSTRAINT fk_commande_fk_projet FOREIGN KEY (fk_projet) REFERENCES llx_projet (rowid); +ALTER TABLE llx_commande ADD CONSTRAINT fk_commande_fk_currency FOREIGN KEY (fk_currency) REFERENCES llx_c_currencies (code); diff --git a/htdocs/install/mysql/tables/llx_commande.sql b/htdocs/install/mysql/tables/llx_commande.sql index 0c972d3bc8d..f72bae34f18 100644 --- a/htdocs/install/mysql/tables/llx_commande.sql +++ b/htdocs/install/mysql/tables/llx_commande.sql @@ -1,6 +1,6 @@ -- =================================================================== -- Copyright (C) 2003 Rodolphe Quiedeville --- Copyright (C) 2005-2009 Regis Houssin +-- Copyright (C) 2005-2012 Regis Houssin -- Copyright (C) 2010 Juanjo Menent -- -- This program is free software; you can redistribute it and/or modify @@ -20,46 +20,50 @@ create table llx_commande ( - rowid integer AUTO_INCREMENT PRIMARY KEY, - ref varchar(30) NOT NULL, -- order reference number - entity integer DEFAULT 1 NOT NULL, -- multi company id + rowid integer AUTO_INCREMENT PRIMARY KEY, + ref varchar(30) NOT NULL, -- order reference number + entity integer DEFAULT 1 NOT NULL, -- multi company id - ref_ext varchar(255), -- reference into an external system (not used by dolibarr) + ref_ext varchar(255), -- reference into an external system (not used by dolibarr) ref_int varchar(255), -- reference into an internal system (used by dolibarr) - ref_client varchar(255), -- reference for customer + ref_client varchar(255), -- reference for customer - fk_soc integer NOT NULL, - fk_projet integer DEFAULT 0, -- projet auquel est rattache la commande + fk_soc integer NOT NULL, + fk_projet integer DEFAULT 0, -- projet auquel est rattache la commande - tms timestamp, - date_creation datetime, -- date de creation - date_valid datetime, -- date de validation - date_cloture datetime, -- date de cloture - date_commande date, -- date de la commande - fk_user_author integer, -- createur de la commande - fk_user_valid integer, -- valideur de la commande - fk_user_cloture integer, -- auteur cloture - source smallint, - fk_statut smallint default 0, - amount_ht real default 0, - remise_percent real default 0, - remise_absolue real default 0, - remise real default 0, - tva double(24,8) default 0, - localtax1 double(24,8) default 0, -- total localtax1 - localtax2 double(24,8) default 0, -- total localtax2 - total_ht double(24,8) default 0, - total_ttc double(24,8) default 0, - note text, - note_public text, - model_pdf varchar(255), + tms timestamp, + date_creation datetime, -- date de creation + date_valid datetime, -- date de validation + date_cloture datetime, -- date de cloture + date_commande date, -- date de la commande + fk_user_author integer, -- createur de la commande + fk_user_valid integer, -- valideur de la commande + fk_user_cloture integer, -- auteur cloture + source smallint, + fk_statut smallint default 0, + amount_ht real default 0, + remise_percent real default 0, + remise_absolue real default 0, + remise real default 0, + tva double(24,8) default 0, + localtax1 double(24,8) default 0, -- total localtax1 + localtax2 double(24,8) default 0, -- total localtax2 + total_ht double(24,8) default 0, + total_ttc double(24,8) default 0, + note text, + note_public text, + model_pdf varchar(255), - facture tinyint default 0, - fk_cond_reglement integer, -- condition de reglement - fk_mode_reglement integer, -- mode de reglement - date_livraison date default NULL, - fk_availability integer NULL, + facture tinyint default 0, + fk_account integer, -- bank account + fk_currency varchar(2), -- currency code + fk_cond_reglement integer, -- condition de reglement + fk_mode_reglement integer, -- mode de reglement + + date_livraison date default NULL, + fk_availability integer NULL, fk_demand_reason integer, -- should be named fk_input_reason - fk_adresse_livraison integer, -- delivery address (deprecated) - import_key varchar(14) + fk_adresse_livraison integer, -- delivery address (deprecated) + import_key varchar(14) + )ENGINE=innodb; diff --git a/htdocs/install/mysql/tables/llx_facture.key.sql b/htdocs/install/mysql/tables/llx_facture.key.sql index 22e9aaa2200..e4034b5e4a3 100644 --- a/htdocs/install/mysql/tables/llx_facture.key.sql +++ b/htdocs/install/mysql/tables/llx_facture.key.sql @@ -1,7 +1,7 @@ -- ============================================================================ -- Copyright (C) 2002-2004 Rodolphe Quiedeville --- Copyright (C) 2004-2009 Laurent Destailleur --- Copyright (C) 2005-2009 Regis Houssin +-- Copyright (C) 2004-2012 Laurent Destailleur +-- Copyright (C) 2005-2012 Regis Houssin -- -- This program is free software; you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published by @@ -26,9 +26,12 @@ ALTER TABLE llx_facture ADD INDEX idx_facture_fk_user_author (fk_user_author); ALTER TABLE llx_facture ADD INDEX idx_facture_fk_user_valid (fk_user_valid); ALTER TABLE llx_facture ADD INDEX idx_facture_fk_facture_source (fk_facture_source); ALTER TABLE llx_facture ADD INDEX idx_facture_fk_projet (fk_projet); +ALTER TABLE llx_facture ADD INDEX idx_facture_fk_account (fk_account); +ALTER TABLE llx_facture ADD INDEX idx_facture_fk_currency (fk_currency); ALTER TABLE llx_facture ADD CONSTRAINT fk_facture_fk_soc FOREIGN KEY (fk_soc) REFERENCES llx_societe (rowid); ALTER TABLE llx_facture ADD CONSTRAINT fk_facture_fk_user_author FOREIGN KEY (fk_user_author) REFERENCES llx_user (rowid); ALTER TABLE llx_facture ADD CONSTRAINT fk_facture_fk_user_valid FOREIGN KEY (fk_user_valid) REFERENCES llx_user (rowid); ALTER TABLE llx_facture ADD CONSTRAINT fk_facture_fk_facture_source FOREIGN KEY (fk_facture_source) REFERENCES llx_facture (rowid); ALTER TABLE llx_facture ADD CONSTRAINT fk_facture_fk_projet FOREIGN KEY (fk_projet) REFERENCES llx_projet (rowid); +ALTER TABLE llx_facture ADD CONSTRAINT fk_facture_fk_currency FOREIGN KEY (fk_currency) REFERENCES llx_c_currencies (code); \ No newline at end of file diff --git a/htdocs/install/mysql/tables/llx_facture.sql b/htdocs/install/mysql/tables/llx_facture.sql index be0ac897b42..b35ce19f309 100644 --- a/htdocs/install/mysql/tables/llx_facture.sql +++ b/htdocs/install/mysql/tables/llx_facture.sql @@ -1,7 +1,7 @@ -- =========================================================================== -- Copyright (C) 2001-2005 Rodolphe Quiedeville --- Copyright (C) 2004-2010 Laurent Destailleur --- Copyright (C) 2005-2009 Regis Houssin +-- Copyright (C) 2004-2012 Laurent Destailleur +-- Copyright (C) 2005-2012 Regis Houssin -- Copyright (C) 2010 Juanjo Menent -- -- This program is free software; you can redistribute it and/or modify @@ -22,52 +22,54 @@ create table llx_facture ( - rowid integer AUTO_INCREMENT PRIMARY KEY, + rowid integer AUTO_INCREMENT PRIMARY KEY, - facnumber varchar(30) NOT NULL, -- invoice reference number - entity integer DEFAULT 1 NOT NULL, -- multi company id + facnumber varchar(30) NOT NULL, -- invoice reference number + entity integer DEFAULT 1 NOT NULL, -- multi company id - ref_ext varchar(255), -- reference into an external system (not used by dolibarr) - ref_int varchar(255), -- reference into an internal system (used by dolibarr) - ref_client varchar(255), -- reference for customer + ref_ext varchar(255), -- reference into an external system (not used by dolibarr) + ref_int varchar(255), -- reference into an internal system (used by dolibarr) + ref_client varchar(255), -- reference for customer - type smallint DEFAULT 0 NOT NULL, -- type of invoice - increment varchar(10), - fk_soc integer NOT NULL, - datec datetime, -- date de creation de la facture - datef date, -- date de la facture - date_valid date, -- date de validation - tms timestamp, -- date creation/modification - paye smallint DEFAULT 0 NOT NULL, - amount double(24,8) DEFAULT 0 NOT NULL, - remise_percent real DEFAULT 0, -- remise relative - remise_absolue real DEFAULT 0, -- remise absolue - remise real DEFAULT 0, -- remise totale calculee + type smallint DEFAULT 0 NOT NULL, -- type of invoice + increment varchar(10), + fk_soc integer NOT NULL, + datec datetime, -- date de creation de la facture + datef date, -- date de la facture + date_valid date, -- date de validation + tms timestamp, -- date creation/modification + paye smallint DEFAULT 0 NOT NULL, + amount double(24,8) DEFAULT 0 NOT NULL, + remise_percent real DEFAULT 0, -- remise relative + remise_absolue real DEFAULT 0, -- remise absolue + remise real DEFAULT 0, -- remise totale calculee - close_code varchar(16), -- Code motif cloture sans paiement complet - close_note varchar(128), -- Commentaire cloture sans paiement complet + close_code varchar(16), -- Code motif cloture sans paiement complet + close_note varchar(128), -- Commentaire cloture sans paiement complet - tva double(24,8) DEFAULT 0, -- montant tva apres remise totale - localtax1 double(24,8) DEFAULT 0, -- amount localtax1 - localtax2 double(24,8) DEFAULT 0, -- amount localtax2 - total double(24,8) DEFAULT 0, -- montant total ht apres remise totale - total_ttc double(24,8) DEFAULT 0, -- montant total ttc apres remise totale + tva double(24,8) DEFAULT 0, -- montant tva apres remise totale + localtax1 double(24,8) DEFAULT 0, -- amount localtax1 + localtax2 double(24,8) DEFAULT 0, -- amount localtax2 + total double(24,8) DEFAULT 0, -- montant total ht apres remise totale + total_ttc double(24,8) DEFAULT 0, -- montant total ttc apres remise totale - fk_statut smallint DEFAULT 0 NOT NULL, + fk_statut smallint DEFAULT 0 NOT NULL, - fk_user_author integer, -- createur de la facture - fk_user_valid integer, -- valideur de la facture + fk_user_author integer, -- createur de la facture + fk_user_valid integer, -- valideur de la facture - fk_facture_source integer, -- facture origine si facture avoir - fk_projet integer, -- projet auquel est associee la facture + fk_facture_source integer, -- facture origine si facture avoir + fk_projet integer, -- projet auquel est associee la facture - fk_cond_reglement integer DEFAULT 1 NOT NULL, -- condition de reglement (30 jours, fin de mois ...) - fk_mode_reglement integer, -- mode de reglement (Virement, Prelevement) - date_lim_reglement date, -- date limite de reglement + fk_account integer, -- bank account + fk_currency varchar(2), -- currency code + fk_cond_reglement integer DEFAULT 1 NOT NULL, -- condition de reglement (30 jours, fin de mois ...) + fk_mode_reglement integer, -- mode de reglement (Virement, Prelevement) + date_lim_reglement date, -- date limite de reglement - note text, - note_public text, - model_pdf varchar(255), - import_key varchar(14) + note text, + note_public text, + model_pdf varchar(255), + import_key varchar(14) )ENGINE=innodb; diff --git a/htdocs/install/mysql/tables/llx_propal.key.sql b/htdocs/install/mysql/tables/llx_propal.key.sql index b9f28962876..92200fca65c 100644 --- a/htdocs/install/mysql/tables/llx_propal.key.sql +++ b/htdocs/install/mysql/tables/llx_propal.key.sql @@ -1,7 +1,7 @@ -- ============================================================================ -- Copyright (C) 2002-2004 Rodolphe Quiedeville -- Copyright (C) 2004-2005 Laurent Destailleur --- Copyright (C) 2005-2009 Regis Houssin +-- Copyright (C) 2005-2012 Regis Houssin -- -- This program is free software; you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published by @@ -22,4 +22,16 @@ ALTER TABLE llx_propal ADD UNIQUE INDEX uk_propal_ref (ref, entity); ALTER TABLE llx_propal ADD INDEX idx_propal_fk_soc (fk_soc); -ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_soc FOREIGN KEY (fk_soc) REFERENCES llx_societe (rowid); \ No newline at end of file +ALTER TABLE llx_propal ADD INDEX idx_propal_fk_user_author (fk_user_author); +ALTER TABLE llx_propal ADD INDEX idx_propal_fk_user_valid (fk_user_valid); +ALTER TABLE llx_propal ADD INDEX idx_propal_fk_user_cloture (fk_user_cloture); +ALTER TABLE llx_propal ADD INDEX idx_propal_fk_projet (fk_projet); +ALTER TABLE llx_propal ADD INDEX idx_propal_fk_account(fk_account); +ALTER TABLE llx_propal ADD INDEX idx_propal_fk_currency(fk_currency); + +ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_soc FOREIGN KEY (fk_soc) REFERENCES llx_societe (rowid); +ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_author FOREIGN KEY (fk_user_author) REFERENCES llx_user (rowid); +ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_valid FOREIGN KEY (fk_user_valid) REFERENCES llx_user (rowid); +ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_cloture FOREIGN KEY (fk_user_cloture) REFERENCES llx_user (rowid); +ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_projet FOREIGN KEY (fk_projet) REFERENCES llx_projet (rowid); +ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_currency FOREIGN KEY (fk_currency) REFERENCES llx_c_currencies (code); \ No newline at end of file diff --git a/htdocs/install/mysql/tables/llx_propal.sql b/htdocs/install/mysql/tables/llx_propal.sql index a293e9b5c0e..4e433b27b90 100644 --- a/htdocs/install/mysql/tables/llx_propal.sql +++ b/htdocs/install/mysql/tables/llx_propal.sql @@ -1,6 +1,6 @@ -- =================================================================== -- Copyright (C) 2001-2003 Rodolphe Quiedeville --- Copyright (C) 2005-2011 Regis Houssin +-- Copyright (C) 2005-2012 Regis Houssin -- Copyright (C) 2010 Laurent Destailleur -- Copyright (C) 2010 Juanjo Menent -- @@ -21,45 +21,47 @@ create table llx_propal ( - rowid integer AUTO_INCREMENT PRIMARY KEY, - ref varchar(30) NOT NULL, -- proposal reference number - entity integer DEFAULT 1 NOT NULL, -- multi company id + rowid integer AUTO_INCREMENT PRIMARY KEY, + ref varchar(30) NOT NULL, -- proposal reference number + entity integer DEFAULT 1 NOT NULL, -- multi company id - ref_ext varchar(255), -- reference into an external system (not used by dolibarr) - ref_int varchar(255), -- reference into an internal system (used by dolibarr) - ref_client varchar(255), -- customer proposal number + ref_ext varchar(255), -- reference into an external system (not used by dolibarr) + ref_int varchar(255), -- reference into an internal system (used by dolibarr) + ref_client varchar(255), -- customer proposal number - fk_soc integer, - fk_projet integer DEFAULT 0, -- projet auquel est rattache la propale + fk_soc integer, + fk_projet integer DEFAULT 0, -- projet auquel est rattache la propale - tms timestamp, - datec datetime, -- date de creation - datep date, -- date de la propal - fin_validite datetime, -- date de fin de validite - date_valid datetime, -- date de validation - date_cloture datetime, -- date de cloture - fk_user_author integer, -- createur de la propale - fk_user_valid integer, -- valideur de la propale - fk_user_cloture integer, -- cloture de la propale signee ou non signee - fk_statut smallint DEFAULT 0 NOT NULL, - price real DEFAULT 0, -- (obsolete) - remise_percent real DEFAULT 0, -- remise globale relative en pourcent (obsolete) - remise_absolue real DEFAULT 0, -- remise globale absolue (obsolete) - remise real DEFAULT 0, -- remise calculee (obsolete) - total_ht double(24,8) DEFAULT 0, -- montant total ht apres remise globale - tva double(24,8) DEFAULT 0, -- montant total tva apres remise globale - localtax1 double(24,8) DEFAULT 0, -- amount total localtax1 - localtax2 double(24,8) DEFAULT 0, -- amount total localtax2 - total double(24,8) DEFAULT 0, -- montant total ttc apres remise globale + tms timestamp, + datec datetime, -- date de creation + date date, -- date de la propal + fin_validite datetime, -- date de fin de validite + date_valid datetime, -- date de validation + date_cloture datetime, -- date de cloture + fk_user_author integer, -- createur de la propale + fk_user_valid integer, -- valideur de la propale + fk_user_cloture integer, -- cloture de la propale signee ou non signee + fk_statut smallint DEFAULT 0 NOT NULL, + price real DEFAULT 0, -- (obsolete) + remise_percent real DEFAULT 0, -- remise globale relative en pourcent (obsolete) + remise_absolue real DEFAULT 0, -- remise globale absolue (obsolete) + remise real DEFAULT 0, -- remise calculee (obsolete) + total_ht double(24,8) DEFAULT 0, -- montant total ht apres remise globale + tva double(24,8) DEFAULT 0, -- montant total tva apres remise globale + localtax1 double(24,8) DEFAULT 0, -- amount total localtax1 + localtax2 double(24,8) DEFAULT 0, -- amount total localtax2 + total double(24,8) DEFAULT 0, -- montant total ttc apres remise globale - fk_cond_reglement integer, -- condition de reglement (30 jours, fin de mois ...) - fk_mode_reglement integer, -- mode de reglement (Virement, Prelevement) + fk_account integer, -- bank account + fk_currency varchar(2), -- currency code + fk_cond_reglement integer, -- condition de reglement (30 jours, fin de mois ...) + fk_mode_reglement integer, -- mode de reglement (Virement, Prelevement) note text, note_public text, model_pdf varchar(255), - date_livraison date DEFAULT NULL, -- delivery date - fk_availability integer NULL, + date_livraison date DEFAULT NULL, -- delivery date + fk_availability integer NULL, fk_demand_reason integer, - fk_adresse_livraison integer -- delivery address (deprecated) + fk_adresse_livraison integer -- delivery address (deprecated) )ENGINE=innodb; diff --git a/htdocs/install/mysql/tables/llx_societe.sql b/htdocs/install/mysql/tables/llx_societe.sql index 16713302e6a..e0ac91bf360 100644 --- a/htdocs/install/mysql/tables/llx_societe.sql +++ b/htdocs/install/mysql/tables/llx_societe.sql @@ -52,12 +52,13 @@ create table llx_societe fk_secteur integer DEFAULT 0, -- fk_effectif integer DEFAULT 0, -- fk_typent integer DEFAULT 0, -- - fk_forme_juridique integer DEFAULT 0, -- forme juridique INSEE + fk_forme_juridique integer DEFAULT 0, -- juridical status fk_currency integer DEFAULT 0, -- currency - siren varchar(32), -- IDProf1: siren ou RCS pour france - siret varchar(32), -- IDProf2: siret pour france - ape varchar(32), -- IDProf3: code ape pour france - idprof4 varchar(32), -- IDProf4: nu pour france + siren varchar(128), -- IDProf1: siren or RCS for france + siret varchar(128), -- IDProf2: siret for france + ape varchar(128), -- IDProf3: code ape for france + idprof4 varchar(128), -- IDProf4: nu for france + idprof5 varchar(128), -- IDProf5: nu for france tva_intra varchar(20), -- tva capital real, -- capital de la societe description text, -- diff --git a/htdocs/langs/ca_ES/admin.lang b/htdocs/langs/ca_ES/admin.lang index f67c7d64036..71a131af213 100644 --- a/htdocs/langs/ca_ES/admin.lang +++ b/htdocs/langs/ca_ES/admin.lang @@ -19,6 +19,7 @@ ConfirmLockNewSessions=Esteu segur de voler restringir l'accés a Dolibarr al se UnlockNewSessions=Eliminar bloqueig de connexions YourSession=La seva sessió Sessions=Sessions d'usuaris +WebUserGroup=Servidor web usuari/grup NoSessionFound=Sembla que el seu PHP no pot llistar les sessions actives. El directori de salvaguardat de sessions (%s) pot estar protegit (per exemple, pels permisos del sistema operatiu o per la directiva open_basedir del seu PHP) HTMLCharset=Charset de les pàgines HTML DBStoringCharset=Charset base de dades per emmagatzematge de dades @@ -168,6 +169,7 @@ Datas=Dades NameColumn=Nom de les columnes ExtendedInsert=Instruccions INSERT esteses DelayedInsert=Insercions amb retard +NoLockBeforeInsert=Sense intrucció LOCK abans del INSERT EncodeBinariesInHexa=Codificar els camps binaris en hexacesimal IgnoreDuplicateRecords=Ignorar els errors de duplicació (INSERT IGNORE) Yes=Sí @@ -370,8 +372,10 @@ Module80Name=Expedicions Module80Desc=Gestió d'expedicions i recepcions Module85Name=Bancs i caixes Module85Desc=Gestió dels comptes financers de tipus comptes bancaris, postals o efectiu -Module100Name=ExternalSite +Module100Name=External site Module100Desc=Inclou qualsevol lloc web extern en els menús de Dolibarr, veient-lo en un frame +Module105Name=Mailman i Sip +Module105Desc=Interface amb Mailman o Spip per al mòdul Membres Module200Name=LDAP Module200Desc=sincronització amb un anuari LDAP Module210Name=PostNuke @@ -865,6 +869,10 @@ ExtraFields=Atributs addicionals ExtraFieldHasWrongValue=L'atribut %s te un valor incorrecte. SendingMailSetup=Configuració de l'enviament per mail SendmailOptionNotComplete=Atenció, en alguns sistemes Linux, amb aquest mètode d'enviament, per poder enviar mails en nom seu, la configuració de sendmail ha de contenir l'opció -ba (paràmetre mail.force_extra_parameters a l'arxiu php.ini). Si alguns dels seus destinataris no reben els seus missatges, proveu de modificar aquest paràmetre PHP amb mail.force_extra_parameters =-ba . +PathToDocuments=Rutes d'accés a documents +PathDirectory=Directori +SendmailOptionMayHurtBuggedMTA=La funcionalitat d'enviar correu electrònic a través del "correu directe PHP" genera una sol·licitud que pot ser mal interpretada per alguns servidors de correu. Això es tradueix en missatges de correu electrònic il·legibles per a les persones allotjades en aquestes plataformes. Aquest és el cas de clients en certs proveïdors de serveis d'Internet (Ex: Orange). Això no és un problema ni de Dolibarr ni de PHP, però sí del servidor de correu. No obstant això, podeu afegir l'opció MAIN_FIX_FOR_BUGGED_MTA amb valor 1 en configuració-varis per tractar que Dolibarr eviti l'error. Una altra solució (recomanada) és utilitzar el mètode d'enviament per SMTP que no té aquest inconvenient. + ##### Module password generation PasswordGenerationStandard=Retorna una contrasenya generada per l'algoritme intern Dolibarr: 8 caràcters, números i caràcters en minúscules barrejades. PasswordGenerationNone=No ofereix contrasenyes. La contrasenya s'introdueix manualment. diff --git a/htdocs/langs/ca_ES/banks.lang b/htdocs/langs/ca_ES/banks.lang index ea189a52be2..c740fa5ef87 100644 --- a/htdocs/langs/ca_ES/banks.lang +++ b/htdocs/langs/ca_ES/banks.lang @@ -142,4 +142,8 @@ AllAccounts=Tots els comptes bancaris/de caixa BackToAccount=Tornar al compte ShowAllAccounts=Mostra per a tots els comptes FutureTransaction=Transacció futura. No és possible conciliar. -SelectChequeTransactionAndGenerate=Seleccioneu/filtreu els xecs a incloure a la remesa i feu clic a "Crear". \ No newline at end of file +SelectChequeTransactionAndGenerate=Seleccioneu/filtreu els xecs a incloure a la remesa i feu clic a "Crear". +InputReceiptNumber=Indiqui l'extracte bancari relacionat amb la conciliació. Utilitzeu un valor numèric ordenable (per exemple, AAAAMM) +EventualyAddCategory=Eventualment, indiqui una categoria en la qual classificar els registres +ToConciliate=A conciliar? +ThenCheckLinesAndConciliate=A continuació, comproveu les línies presents en l'extracte bancari i feu clic \ No newline at end of file diff --git a/htdocs/langs/ca_ES/companies.lang b/htdocs/langs/ca_ES/companies.lang index 3cdf9b80129..2838478d6c1 100644 --- a/htdocs/langs/ca_ES/companies.lang +++ b/htdocs/langs/ca_ES/companies.lang @@ -115,6 +115,12 @@ ProfId2BE=- ProfId3BE=- ProfId4BE=- ProfId5BE=- +#ProfId1BR=CNAE +#ProfId2BR=CNPJ +#ProfId3BR=CPF +#ProfId4BR=INSS +#ProfId5BR=IE +#ProfId6BR=IM ProfId1CH=- ProfId2CH=- ProfId3CH=Número federat diff --git a/htdocs/langs/ca_ES/compta.lang b/htdocs/langs/ca_ES/compta.lang index 5f099381a98..24f410badb2 100644 --- a/htdocs/langs/ca_ES/compta.lang +++ b/htdocs/langs/ca_ES/compta.lang @@ -48,7 +48,7 @@ ToGetBack=A recuperar TaxAndDividendsArea=Àrea impostos, càrregues socials i dividends SocialContribution=Càrrega social SocialContributions=Càrregues socials -MenuTaxAndDividends=Impostos i dividends +MenuTaxAndDividends=Impostos i càrregues MenuSocialContributions=Càrregues socials MenuNewSocialContribution=Nova càrrega NewSocialContribution=Nova càrrega social diff --git a/htdocs/langs/ca_ES/errors.lang b/htdocs/langs/ca_ES/errors.lang index 70153f88163..a1ff701cdd2 100644 --- a/htdocs/langs/ca_ES/errors.lang +++ b/htdocs/langs/ca_ES/errors.lang @@ -1,7 +1,7 @@ # Dolibarr language file - ca_ES - errors CHARSET=UTF-8 MenuManager=Gestor de menú -# Errors=undefined= +# Errors Error=Error Errors=Errors ErrorBadEMail=e-mail %s incorrecte @@ -10,6 +10,7 @@ ErrorLoginAlreadyExists=El login %s ja existeix. ErrorGroupAlreadyExists=El grup %s ja existeix. ErrorRecordNotFound=Registre no trobat ErrorDuplicateTrigger=Un arxiu trigger de nom '%s' està carregat. Treure el doble de la carpeta '%s'. +ErrorFailToCopyFile=Error al copiar l'arxiu '%s' a '%s'. ErrorFailToRenameFile=Error al renomenar l'arxiu '%s' a '%s'. ErrorFailToCreateFile=Error al crear l'arxiu '%s' ErrorFailToDeleteFile=Error al suprimir el fitxer '%s'. @@ -102,6 +103,8 @@ ErrorLoginHasNoEmail=Aquest usuari no té e-mail. Impossible continuar. ErrorBadValueForCode=Valor no vàlid per al codi. Torneu a intentar-ho amb un nou valor ... ErrorBothFieldCantBeNegative=Els camps %s i %s no poden ser negatius ErrorNoActivatedBarcode=Cap tipus de codi de barres activat +ErrorWebServerUserHasNotPermission=El compte d'execució del servidor web %s no disposa dels permisos per això +ErrorNoActivatedBarcode=No hi ha activat cap tipus de codi de barres # Warnings WarningSafeModeOnCheckExecDir=Atenció, està activada l'opció PHP safe_mode, la comanda ha d'estar dins d'un directori declarat dins del paràmetre php safe_mode_exec_dir. diff --git a/htdocs/langs/ca_ES/mails.lang b/htdocs/langs/ca_ES/mails.lang index 30605b3e2a4..24a5be04af4 100644 --- a/htdocs/langs/ca_ES/mails.lang +++ b/htdocs/langs/ca_ES/mails.lang @@ -39,6 +39,7 @@ MailingStatusDraft=Esborrany MailingStatusValidated=Validat MailingStatusApproved=Aprovat MailingStatusSent=Enviat +MailingStatusRead=Llegit MailingStatusSentPartialy=Enviat parcialment MailingStatusSentCompletely=Enviat completament MailingStatusError=Error diff --git a/htdocs/langs/ca_ES/main.lang b/htdocs/langs/ca_ES/main.lang index fb34a2976a3..3db44046497 100644 --- a/htdocs/langs/ca_ES/main.lang +++ b/htdocs/langs/ca_ES/main.lang @@ -175,7 +175,7 @@ Info=Log Family=Familia Description=Descripció Designation=Descripción -Action=Esdeveniment +Action=Acció Model=Model DefaultModel=Model per defecte About=Sobre @@ -330,6 +330,7 @@ ActionDoneShort=Acabat CompanyFoundation=Empresa o institució ContactsForCompany=Contactes/adreces d'aquest tercer ActionsOnCompany=Esdeveniments respecte aquest tercer +ActionsOnMember=Esdeveniments respecte aquest membre NActions=%s esdeveniments NActionsLate=%s en retard Filter=Filtre @@ -607,6 +608,16 @@ URLPhoto=Url de la foto/logo SetLinkToThirdParty=Vincular a un altre tercer CreateDraft=Crea esborrany ClickToEdit=Clic per a editar +ObjectDeleted=Objecte %s eliminat +ByCountry=Per país +ByTown=Per població +ByDate=Per data +ByMonthYear=Per mes/any +ByYear=Per any +ByMonth=Per mes +ByDay=Per dia +BySalesRepresentative=Per comercial + # Week day Monday=Dilluns diff --git a/htdocs/langs/ca_ES/paypal.lang b/htdocs/langs/ca_ES/paypal.lang index 4759aa1f822..762d2628b42 100644 --- a/htdocs/langs/ca_ES/paypal.lang +++ b/htdocs/langs/ca_ES/paypal.lang @@ -15,4 +15,5 @@ ThisIsTransactionId=Identificador de la transacció: %s PAYPAL_ADD_PAYMENT_URL=Afegir la url del pagament Paypal en enviar un document per e-mail PAYPAL_IPN_MAIL_ADDRESS=Adreça e-mail per les notificacions instantànies de pagament (IPN) PredefinedMailContentSendOrderWithPaypalLink=Us adjuntem la comanda __ORDERREF__\n\nPodeu fer clic a l'enllaç assegurança de sota per realitzar el seu pagament a través de PayPal\n\n%s\n\nCordialment\n\n -PredefinedMailContentSendInvoiceWithPaypalLink=Us adjuntem la factura __FACREF__\n\nPodeu fer clic a l'enllaç assegurança de sota per realitzar el seu pagament a través de PayPal\n\n%s\n\nCordialment\n\n \ No newline at end of file +PredefinedMailContentSendInvoiceWithPaypalLink=Us adjuntem la factura __FACREF__\n\nPodeu fer clic a l'enllaç assegurança de sota per realitzar el seu pagament a través de PayPal\n\n%s\n\nCordialment\n\n +YouAreCurrentlyInSandboxMode=Actualment es troba en mode "sandbox" \ No newline at end of file diff --git a/htdocs/langs/en_US/companies.lang b/htdocs/langs/en_US/companies.lang index 10b28da4546..e2ba0bd1f11 100644 --- a/htdocs/langs/en_US/companies.lang +++ b/htdocs/langs/en_US/companies.lang @@ -113,6 +113,12 @@ ProfId2BE=- ProfId3BE=- ProfId4BE=- ProfId5BE=- +#ProfId1BR=CNAE +#ProfId2BR=CNPJ +#ProfId3BR=CPF +#ProfId4BR=INSS +#ProfId5BR=IE +#ProfId6BR=IM ProfId1CH=- ProfId2CH=- ProfId3CH=Prof Id 1 (Federal number) diff --git a/htdocs/langs/es_ES/admin.lang b/htdocs/langs/es_ES/admin.lang index 1e4ddc292f0..4104ffd7dd2 100644 --- a/htdocs/langs/es_ES/admin.lang +++ b/htdocs/langs/es_ES/admin.lang @@ -19,6 +19,7 @@ ConfirmLockNewSessions=¿Está seguro de querer restringir el acceso a Dolibarr UnlockNewSessions=Eliminar bloqueo de conexiones YourSession=Su sesión Sessions=Sesiones de usuarios +WebUserGroup=Servidor web usuario/grupo NoSessionFound=Parece que su PHP no puede listar las sesiones activas. El directorio de salvaguardado de sesiones (%s) puede estar protegido (por ejemplo, por los permisos del sistema operativo o por la directiva open_basedir de su PHP). HTMLCharset=Charset de las páginas HTML DBStoringCharset=Charset base de datos para almacenamiento de datos @@ -167,6 +168,7 @@ AddDropTable=Añadir órdenes DROP TABLE Datas=Datos NameColumn=Nombre las columnas ExtendedInsert=Instrucciones INSERT extendidas +NoLockBeforeInsert=Sin intrucción LOCK antes del INSERT DelayedInsert=Inserciones con retraso EncodeBinariesInHexa=Codificar los campos binarios en hexadecimal IgnoreDuplicateRecords=Ignorar los errores de duplicación (INSERT IGNORE) @@ -370,8 +372,10 @@ Module80Name=Expediciones Module80Desc=Gestión de expediciones y recepciones Module85Name=Bancos y cajas Module85Desc=Gestión de las cuentas financieras de tipo cuentas bancarias, postales o efectivo -Module100Name=ExternalSite +Module100Name=External site Module100Desc=Incluye cualquier sitio web externo en los menús de Dolibarr, viéndolo en un frame +Module105Name=Mailman y Sip +Module105Desc=Interface con Mailman o Spip para el módulo Miembros Module200Name=LDAP Module200Desc=sincronización con un anuario LDAP Module210Name=PostNuke @@ -866,8 +870,9 @@ ExtraFieldHasWrongValue=El atributo %s tiene un valor incorrecto. SendingMailSetup=Configuració de l'enviament per mail SendmailOptionNotComplete=Atención, en algunos sistemas Linux, con este método de envio, para poder enviar mails en su nombre, la configuración de sendmail debe contener la opción -ba (parámetro mail.force_extra_parameters en el archivo php.ini). Si algunos de sus destinatarios no reciben sus mensajes, pruebe a modificar este parámetro PHP con mail.force_extra_parameters=-ba. PathToDocuments=Rutas de acceso a documentos -PathDirectory=Catálogo -##### Module password generation= undefined= +PathDirectory=Directorio +SendmailOptionMayHurtBuggedMTA=La funcionalidad de enviar correo electrónico a través del "correo directo PHP" genera una solicitud que puede ser mal interpretado por algunos servidores de correo. Esto se traduce en mensajes de correo electrónico ilegibles para las personas alojadas en estas plataformas. Este es el caso de clientes en ciertos proveedores de servicios de Internet (Ej: Orange). Esto no es un problema ni de Dolibarr ni de PHP, pero sí del servidor de correo. Sin embargo, puede agregar la opción MAIN_FIX_FOR_BUGGED_MTA con valor 1 en configuración-varios para tratar que Dolibarr evite el error. Otra solución (recomendada) es utilizar el método de envío por SMTP que no tiene este inconveniente. +##### Module password generation PasswordGenerationStandard=Devuelve una contraseña generada por el algoritmo interno Dolibarr: 8 caracteres, números y caracteres en minúsculas mezcladas. PasswordGenerationNone=No ofrece contraseñas. La contraseña se introduce manualmente. ##### Users setup ##### diff --git a/htdocs/langs/es_ES/banks.lang b/htdocs/langs/es_ES/banks.lang index 9e87caff24f..8c0ae21ca39 100644 --- a/htdocs/langs/es_ES/banks.lang +++ b/htdocs/langs/es_ES/banks.lang @@ -142,4 +142,8 @@ AllAccounts=Todas las cuentas bancarias/de caja BackToAccount=Volver a la cuenta ShowAllAccounts=Mostrar para todas las cuentas FutureTransaction=Transacción futura. No es posible conciliar. -SelectChequeTransactionAndGenerate=Seleccione/filtre los cheques a incluir en la remesa y haga clic en "Crear". \ No newline at end of file +SelectChequeTransactionAndGenerate=Seleccione/filtre los cheques a incluir en la remesa y haga clic en "Crear". +InputReceiptNumber=Indique el extracto bancario relacionado con la conciliación. Utilice un valor numérico ordenable (por ejemplo, AAAAMM) +EventualyAddCategory=Eventualmente, indique una categoría en la que clasificar los registros +ToConciliate=¿A conciliar? +ThenCheckLinesAndConciliate=A continuación, compruebe las líneas presentes en el extracto bancario y haga clic \ No newline at end of file diff --git a/htdocs/langs/es_ES/companies.lang b/htdocs/langs/es_ES/companies.lang index 199f90333c8..9ca56737e70 100644 --- a/htdocs/langs/es_ES/companies.lang +++ b/htdocs/langs/es_ES/companies.lang @@ -115,6 +115,12 @@ ProfId2BE=- ProfId3BE=- ProfId4BE=- ProfId5BE=- +#ProfId1BR=CNAE +#ProfId2BR=CNPJ +#ProfId3BR=CPF +#ProfId4BR=INSS +#ProfId5BR=IE +#ProfId6BR=IM ProfId1CH=- ProfId2CH=- ProfId3CH=Número federado diff --git a/htdocs/langs/es_ES/compta.lang b/htdocs/langs/es_ES/compta.lang index 3a59b93ea84..b92ae7380b9 100644 --- a/htdocs/langs/es_ES/compta.lang +++ b/htdocs/langs/es_ES/compta.lang @@ -48,7 +48,7 @@ ToGetBack=A recuperar TaxAndDividendsArea=Área impuestos, cargas sociales y dividendos SocialContribution=Carga social SocialContributions=Cargas sociales -MenuTaxAndDividends=Impuestos y dividendos +MenuTaxAndDividends=Impuestos y cargas MenuSocialContributions=Cargas sociales MenuNewSocialContribution=Nueva carga NewSocialContribution=Nueva carga social diff --git a/htdocs/langs/es_ES/errors.lang b/htdocs/langs/es_ES/errors.lang index f4bcee3f9e2..d1a35024ea9 100644 --- a/htdocs/langs/es_ES/errors.lang +++ b/htdocs/langs/es_ES/errors.lang @@ -10,6 +10,7 @@ ErrorLoginAlreadyExists=El login %s ya existe. ErrorGroupAlreadyExists=El grupo %s ya existe. ErrorRecordNotFound=Registro no encontrado ErrorDuplicateTrigger=Un archivo trigger de nombre '%s' está cargado. Elimine el doble del directorio '%s'. +ErrorFailToCopyFile=Error al copiar el archivo '%s' en '%s'. ErrorFailToRenameFile=Error al renombrar el archivo '%s' a '%s'. ErrorFailToCreateFile=Error al crear el archivo '%s' ErrorFailToDeleteFile=Error al eliminar el archivo '%s'. @@ -102,6 +103,8 @@ ErrorLoginHasNoEmail=Este usuario no tiene e-mail. Imposible continuar. ErrorBadValueForCode=Valor incorrecto para el código. Vuelva a intentar con un nuevo valor... ErrorBothFieldCantBeNegative=Los campos %s y %s no pueden ser negativos ErrorNoActivatedBarcode=Ningún tipo de código de barra activado +ErrorWebServerUserHasNotPermission=La cuenta de ejecución del servidor web %s no dispone de los permisos para esto +ErrorNoActivatedBarcode=No hay activado ningún tipo de código de barras # Warnings WarningSafeModeOnCheckExecDir=Atención, está activada la opción PHP safe_mode, el comando deberá estar dentro de un directorio declarado dentro del parámetro php safe_mode_exec_dir. diff --git a/htdocs/langs/es_ES/mails.lang b/htdocs/langs/es_ES/mails.lang index c5c2ed7e51e..3957b886cae 100644 --- a/htdocs/langs/es_ES/mails.lang +++ b/htdocs/langs/es_ES/mails.lang @@ -39,6 +39,7 @@ MailingStatusDraft=Borrador MailingStatusValidated=Validado MailingStatusApproved=Aprovado MailingStatusSent=Enviado +MailingStatusRead=Leido MailingStatusSentPartialy=Enviado parcialmente MailingStatusSentCompletely=Enviado completamente MailingStatusError=Error diff --git a/htdocs/langs/es_ES/main.lang b/htdocs/langs/es_ES/main.lang index 6c6a579d777..578803f08bd 100644 --- a/htdocs/langs/es_ES/main.lang +++ b/htdocs/langs/es_ES/main.lang @@ -175,7 +175,7 @@ Info=Log Family=Familia Description=Descripción Designation=Descripción -Action=Evento +Action=Acción Model=Modelo DefaultModel=Modelo por defecto About=Acerca de @@ -330,6 +330,7 @@ ActionDoneShort=Terminado CompanyFoundation=Empresa o institución ContactsForCompany=Contactos/direcciones de este tercero ActionsOnCompany=Eventos respecto a este tercero +ActionsOnMember=Eventos respecto a este miembro NActions=%s eventos NActionsLate=%s en retraso Filter=Filtro @@ -607,6 +608,15 @@ URLPhoto=Url de la foto/logo SetLinkToThirdParty=Vincular a otro tercero CreateDraft=Crear borrador ClickToEdit=Clic para editar +ObjectDeleted=Objeto %s eliminado +ByCountry=Par país +ByTown=Por población +ByDate=Por fecha +ByMonthYear=Por mes/año +ByYear=Por año +ByMonth=Por mes +ByDay=Por día +BySalesRepresentative=Por comercial # Week day Monday=Lunes diff --git a/htdocs/langs/es_ES/paypal.lang b/htdocs/langs/es_ES/paypal.lang index 8616d2e5e2b..2320ceebc39 100644 --- a/htdocs/langs/es_ES/paypal.lang +++ b/htdocs/langs/es_ES/paypal.lang @@ -15,4 +15,5 @@ ThisIsTransactionId=Identificador de la transacción: %s PAYPAL_ADD_PAYMENT_URL=Añadir la url del pago Paypal al enviar un documento por e-mail PAYPAL_IPN_MAIL_ADDRESS=Dirección e-mail para las notificaciones instantáneas de pago (IPN) PredefinedMailContentSendOrderWithPaypalLink=Le adjuntamos el pedido __ORDERREF__\n\nPuede hacer clic en el enlace seguro de abajo para realizar su pago a través de PayPal\n\n%s\n\nCordialmente\n\n -PredefinedMailContentSendInvoiceWithPaypalLink=Le adjuntamos la factura __FACREF__\n\nPuede hacer clic en el enlace seguro de abajo para realizar su pago a través de PayPal\n\n%s\n\nCordialmente\n\n \ No newline at end of file +PredefinedMailContentSendInvoiceWithPaypalLink=Le adjuntamos la factura __FACREF__\n\nPuede hacer clic en el enlace seguro de abajo para realizar su pago a través de PayPal\n\n%s\n\nCordialmente\n\n +YouAreCurrentlyInSandboxMode=Actualmente se encuentra en modo "sandbox" \ No newline at end of file diff --git a/htdocs/langs/fr_FR/companies.lang b/htdocs/langs/fr_FR/companies.lang index e86327e4959..ff4fe6e02b4 100644 --- a/htdocs/langs/fr_FR/companies.lang +++ b/htdocs/langs/fr_FR/companies.lang @@ -115,6 +115,12 @@ ProfId2BE=- ProfId3BE=- ProfId4BE=- ProfId5BE=- +#ProfId1BR=CNAE +#ProfId2BR=CNPJ +#ProfId3BR=CPF +#ProfId4BR=INSS +#ProfId5BR=IE +#ProfId6BR=IM ProfId1CH=- ProfId2CH=- ProfId3CH=Numéro fédéral diff --git a/htdocs/langs/pt_BR/companies.lang b/htdocs/langs/pt_BR/companies.lang index cc06891a942..b966398e699 100644 --- a/htdocs/langs/pt_BR/companies.lang +++ b/htdocs/langs/pt_BR/companies.lang @@ -35,7 +35,7 @@ Companies=Empresas CountryIsInEEC=País da Comunidadeee Económica Europeia ThirdParty=Fornecedor -## Alterado o THirdParties em 19/04/2011 para Empresas pois uma forma mais generica dos Thirs Parties +## Alterado o THirdParties em 19/04/2011 para Empresas pois � uma forma mais generica dos Thirs Parties #ThirdParties=Fornecedores ThirdParties=Empresas ThirdPartyAll=Fornecedores (Todos) @@ -92,7 +92,7 @@ ProfId1AU=ABN ProfId2AU=- ProfId3AU=- ProfId4AU=- -ProfId1BE=N� da Ordem +ProfId1BE=Núm da Ordem ProfId2BE=- ProfId3BE=- ProfId4BE=- @@ -112,6 +112,12 @@ ProfId1PT=NIPC ProfId2PT=Núm. Segurança Social ProfId3PT=Num. Reg. Comercial ProfId4PT=Conservatória +#ProfId1BR=CNAE +#ProfId2BR=CNPJ +#ProfId3BR=CPF +#ProfId4BR=INSS +#ProfId5BR=IE +#ProfId6BR=IM ProfId1TN=RC ProfId2TN=Matrícula Fiscal ProfId3TN=Código na Alfandega @@ -183,7 +189,7 @@ NoContactForAnyProposal=Este contato não é contato de nenhum orçamento NoContactForAnyContract=Este contato não é contato de nenhum contrato NoContactForAnyInvoice=Este contato não é contato de nenhuma fatura NewContact=Novo Contato -LastContacts=�ltimos contatos +LastContacts=Ultimos contatos MyContacts=Os Meus Contatos Phones=Telefones Capital=Capital @@ -234,7 +240,7 @@ ChangeContactInProcess=Alterar o Estado para 'Contato em Curso' ChangeContactDone=Alterar o Estado para 'Contato Realizado' ProspectsByStatus=Clientes Potenciais por Estado BillingContact=Contato para Faturação -NbOfAttachedFiles=N� de Arquivos Anexos +NbOfAttachedFiles=N de Arquivos Anexos AttachANewFile=Adicionar um Novo Arquivo NoRIB=Nenhuma Conta Definida NoParentCompany=Nenhuma diff --git a/htdocs/product/fiche.php b/htdocs/product/fiche.php index a81069d21dd..d6360b1dd6f 100644 --- a/htdocs/product/fiche.php +++ b/htdocs/product/fiche.php @@ -49,7 +49,7 @@ $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $action=(GETPOST('action') ? GETPOST('action') : 'view'); $confirm=GETPOST('confirm'); -$socid=GETPOST("socid"); +$socid=GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $object = new Product($db); @@ -661,7 +661,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) $object->fetch($id, $ref); // For use with "pure canvas" (canvas that contains templates only) } $objcanvas->assign_values($action, $id, $ref); // Set value for templates - $objcanvas->display_canvas(); // Show template + $objcanvas->display_canvas($action); // Show template } else { diff --git a/htdocs/product/stats/fiche.php b/htdocs/product/stats/fiche.php index c567b876561..8c0752d0c7c 100644 --- a/htdocs/product/stats/fiche.php +++ b/htdocs/product/stats/fiche.php @@ -34,7 +34,7 @@ $langs->load("products"); $langs->load("bills"); $langs->load("other"); -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref = GETPOST('ref'); $mode = (GETPOST('mode') ? GETPOST('mode') : 'byunit'); $error = 0; diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php index 4554d82000e..8ff30ceebec 100644 --- a/htdocs/product/stock/class/entrepot.class.php +++ b/htdocs/product/stock/class/entrepot.class.php @@ -28,10 +28,8 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/commonobject.class.php"); /** - * \class Entrepot - * \brief Classe permettant la gestion des entrepots + * Class to manage warehouses */ - class Entrepot extends CommonObject { public $element='label'; @@ -52,11 +50,11 @@ class Entrepot extends CommonObject /** * Constructor * - * @param DoliDB $DB Database handler + * @param DoliDB $db Database handler */ - function Entrepot($DB) + function __construct($db) { - $this->db = $DB; + $this->db = $db; // List of short language codes for status $this->statuts[0] = 'Closed2'; @@ -78,12 +76,14 @@ class Entrepot extends CommonObject return 0; } + $now=dol_now(); + $this->db->begin(); $sql = "INSERT INTO ".MAIN_DB_PREFIX."entrepot (datec, fk_user_author, label)"; - $sql .= " VALUES (".$this->db->idate(mktime()).",".$user->id.",'".$this->db->escape($this->libelle)."')"; + $sql .= " VALUES (".$this->db->idate($now).",".$user->id.",'".$this->db->escape($this->libelle)."')"; - dol_syslog("Entrepot::create sql=".$sql); + dol_syslog(get_class($this)."::create sql=".$sql); $result=$this->db->query($sql); if ($result) { @@ -99,21 +99,21 @@ class Entrepot extends CommonObject } else { - dol_syslog("Entrepot::Create return -3"); + dol_syslog(get_class($this)."::create return -3"); $this->db->rollback(); return -3; } } else { $this->error="Failed to get insert id"; - dol_syslog("Entrepot::Create return -2"); + dol_syslog(get_class($this)."::create return -2"); return -2; } } else { $this->error=$this->db->error(); - dol_syslog("Entrepot::Create Error ".$this->db->error()); + dol_syslog(get_class($this)."::create Error ".$this->db->error()); $this->db->rollback(); return -1; } @@ -153,7 +153,7 @@ class Entrepot extends CommonObject $this->db->begin(); - dol_syslog("Entrepot::update sql=".$sql); + dol_syslog(get_class($this)."::update sql=".$sql); $resql=$this->db->query($sql); if ($resql) { @@ -164,7 +164,7 @@ class Entrepot extends CommonObject { $this->db->rollback(); $this->error=$this->db->lasterror(); - dol_syslog("Entrepot::update ".$this->error, LOG_ERR); + dol_syslog(get_class($this)."::update ".$this->error, LOG_ERR); return -1; } } @@ -196,7 +196,7 @@ class Entrepot extends CommonObject $sql = "DELETE FROM ".MAIN_DB_PREFIX."entrepot"; $sql.= " WHERE rowid = " . $this->id; - dol_syslog("Entrepot::delete sql=".$sql); + dol_syslog(get_class($this)."::delete sql=".$sql); $resql=$this->db->query($sql); if ($resql) { @@ -207,7 +207,7 @@ class Entrepot extends CommonObject { $this->db->rollback(); $this->error=$this->db->lasterror(); - dol_syslog("Entrepot::delete ".$this->error, LOG_ERR); + dol_syslog(get_class($this)."::delete ".$this->error, LOG_ERR); return -1; } } @@ -215,7 +215,7 @@ class Entrepot extends CommonObject { $this->db->rollback(); $this->error=$this->db->lasterror(); - dol_syslog("Entrepot::delete ".$this->error, LOG_ERR); + dol_syslog(get_class($this)."::delete ".$this->error, LOG_ERR); return -1; } @@ -234,7 +234,7 @@ class Entrepot extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."entrepot"; $sql .= " WHERE rowid = ".$id; - dol_syslog("Entrepot::fetch sql=".$sql); + dol_syslog(get_class($this)."::fetch sql=".$sql); $result = $this->db->query($sql); if ($result) { @@ -254,25 +254,13 @@ class Entrepot extends CommonObject $this->town = $obj->town; $this->country_id = $obj->country_id; - if ($this->country_id) - { - $sqlp = "SELECT code,libelle from ".MAIN_DB_PREFIX."c_pays where rowid = ".$this->country_id; - $resql=$this->db->query($sqlp); - if ($resql) - { - $objp = $this->db->fetch_object($resql); - } - else - { - dol_print_error($this->db); - } - $this->pays=$objp->libelle; - $this->pays_code=$objp->code; - $this->country=$objp->libelle; - $this->country_code=$objp->code; - } + include_once(DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'); + $tmp=getCountry($this->country_id,'all'); + $this->pays=$tmp['label']; + $this->pays_code=$tmp['code']; + $this->country=$tmp['label']; + $this->country_code=$tmp['code']; - $this->db->free($result); return 1; } else diff --git a/htdocs/product/stock/mouvement.php b/htdocs/product/stock/mouvement.php index 24705f4069a..5797b3671a3 100644 --- a/htdocs/product/stock/mouvement.php +++ b/htdocs/product/stock/mouvement.php @@ -36,6 +36,7 @@ $langs->load("stocks"); if (!$user->rights->produit->lire) accessforbidden(); +$id=GETPOST('id','int'); $idproduct = isset($_GET["idproduct"])?$_GET["idproduct"]:$_PRODUCT["idproduct"]; $year = isset($_GET["year"])?$_GET["year"]:$_POST["year"]; $month = isset($_GET["month"])?$_GET["month"]:$_POST["month"]; @@ -79,16 +80,16 @@ $sql.= " e.label as stock, e.rowid as entrepot_id,"; $sql.= " m.rowid as mid, m.value, m.datem, m.fk_user_author, m.label,"; $sql.= " u.login"; $sql.= " FROM (".MAIN_DB_PREFIX."entrepot as e,"; -$sql.= " ".MAIN_DB_PREFIX."stock_mouvement as m,"; -$sql.= " ".MAIN_DB_PREFIX."product as p)"; +$sql.= " ".MAIN_DB_PREFIX."product as p,"; +$sql.= " ".MAIN_DB_PREFIX."stock_mouvement as m)"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON m.fk_user_author = u.rowid"; $sql.= " WHERE m.fk_product = p.rowid"; $sql.= " AND m.fk_entrepot = e.rowid"; $sql.= " AND e.entity = ".$conf->entity; if (empty($conf->global->STOCK_SUPPORTS_SERVICES)) $sql.= " AND p.fk_product_type = 0"; -if ($_GET["id"]) +if ($id) { - $sql.= " AND e.rowid ='".$_GET["id"]."'"; + $sql.= " AND e.rowid ='".$id."'"; } if ($month > 0) { @@ -119,7 +120,7 @@ if (! empty($search_user)) } if (! empty($_GET['idproduct'])) { - $sql.= " AND p.rowid = '".$_GET['idproduct']."'"; + $sql.= " AND p.rowid = '".$idproduct."'"; } $sql.= $db->order($sortfield,$sortorder); $sql.= $db->plimit($conf->liste_limit+1, $offset); @@ -139,7 +140,7 @@ if ($resql) if ($_GET["id"]) { $entrepot = new Entrepot($db); - $result = $entrepot->fetch($_GET["id"]); + $result = $entrepot->fetch($id); if ($result < 0) { dol_print_error($db); @@ -156,7 +157,7 @@ if ($resql) /* * Show tab only if we ask a particular warehouse */ - if ($_GET["id"]) + if ($id) { $head = stock_prepare_head($entrepot); @@ -180,18 +181,18 @@ if ($resql) print $entrepot->address; print ''; - // Ville - print ''.$langs->trans('Zip').''.$entrepot->cp.''; - print ''.$langs->trans('Town').''.$entrepot->ville.''; + // Town + print ''.$langs->trans('Zip').''.$entrepot->zip.''; + print ''.$langs->trans('Town').''.$entrepot->town.''; // Country print ''.$langs->trans('Country').''; $img=picto_from_langcode($entrepot->country_code); print ($img?$img.' ':''); - print $entrepot->pays; + print $entrepot->country; print ''; - // Statut + // Status print ''.$langs->trans("Status").''.$entrepot->getLibStatut(4).''; $calcproducts=$entrepot->nb_products(); @@ -207,7 +208,7 @@ if ($resql) print ""; // Last movement - $sql = "SELECT max(m.datem) as datem"; + $sql = "SELECT MAX(m.datem) as datem"; $sql .= " FROM ".MAIN_DB_PREFIX."stock_mouvement as m"; $sql .= " WHERE m.fk_entrepot = '".$entrepot->id."'"; $resqlbis = $db->query($sql); @@ -238,7 +239,7 @@ if ($resql) } $param=''; - if ($_GET["id"]) $param.='&id='.$_GET["id"]; + if ($id) $param.='&id='.$id; if ($search_movement) $param.='&search_movement='.urlencode($search_movement); if ($search_product) $param.='&search_product='.urlencode($search_product); if ($search_warehouse) $param.='&search_warehouse='.urlencode($search_warehouse); @@ -246,7 +247,7 @@ if ($resql) if ($snom) $param.='&snom='.urlencode($snom); if ($search_user) $param.='&search_user='.urlencode($search_user); if ($idproduct > 0) $param.='&idproduct='.$idproduct; - if ($_GET["id"]) print_barre_liste($texte, $page, "mouvement.php", $param, $sortfield, $sortorder,'',$num,0,''); + if ($id) print_barre_liste($texte, $page, "mouvement.php", $param, $sortfield, $sortorder,'',$num,0,''); else print_barre_liste($texte, $page, "mouvement.php", $param, $sortfield, $sortorder,'',$num); print ''; @@ -255,20 +256,20 @@ if ($resql) print_liste_field_titre($langs->trans("Date"),$_SERVER["PHP_SELF"], "m.datem","",$param,"",$sortfield,$sortorder); print_liste_field_titre($langs->trans("Label"),$_SERVER["PHP_SELF"], "m.label","",$param,"",$sortfield,$sortorder); print_liste_field_titre($langs->trans("Product"),$_SERVER["PHP_SELF"], "p.ref","",$param,"",$sortfield,$sortorder); - print_liste_field_titre($langs->trans("Warehouse"),$_SERVER["PHP_SELF"], "s.label","",$param,"",$sortfield,$sortorder); + print_liste_field_titre($langs->trans("Warehouse"),$_SERVER["PHP_SELF"], "e.label","",$param,"",$sortfield,$sortorder); print_liste_field_titre($langs->trans("Author"),$_SERVER["PHP_SELF"], "m.fk_user_author","",$param,"",$sortfield,$sortorder); print_liste_field_titre($langs->trans("Units"),$_SERVER["PHP_SELF"], "m.value","",$param,'align="right"',$sortfield,$sortorder); print "\n"; // Lignes des champs de filtre print ''; + if ($id) print ''; print ''; print ''; // Label of movement diff --git a/htdocs/projet/activity/list.php b/htdocs/projet/activity/list.php index 254beb16949..fc876fcc7a5 100644 --- a/htdocs/projet/activity/list.php +++ b/htdocs/projet/activity/list.php @@ -34,7 +34,7 @@ $langs->load('projects'); $action=GETPOST('action'); $mode=GETPOST("mode"); -$id=GETPOST('id'); +$id=GETPOST('id','int'); $mine=0; if ($mode == 'mine') $mine=1; diff --git a/htdocs/projet/contact.php b/htdocs/projet/contact.php index 2a218703394..d7f501e0a0f 100644 --- a/htdocs/projet/contact.php +++ b/htdocs/projet/contact.php @@ -30,7 +30,7 @@ require_once(DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'); $langs->load("projects"); $langs->load("companies"); -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref= GETPOST('ref'); $mine = $_REQUEST['mode']=='mine' ? 1 : 0; diff --git a/htdocs/projet/document.php b/htdocs/projet/document.php index 9d2fc5cbaff..5bf9971b9d7 100644 --- a/htdocs/projet/document.php +++ b/htdocs/projet/document.php @@ -33,7 +33,7 @@ $langs->load('other'); $action=GETPOST('action'); $mine = $_REQUEST['mode']=='mine' ? 1 : 0; //if (! $user->rights->projet->all->lire) $mine=1; // Special for projects -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref= GETPOST('ref'); // Security check diff --git a/htdocs/projet/fiche.php b/htdocs/projet/fiche.php index 95aba87efb0..d93a6462db6 100644 --- a/htdocs/projet/fiche.php +++ b/htdocs/projet/fiche.php @@ -34,8 +34,9 @@ $langs->load("projects"); $langs->load('companies'); $id=GETPOST('id','int'); -$ref = GETPOST('ref'); -$action=GETPOST('action'); +$ref = GETPOST('ref','alpha'); +$action=GETPOST('action','alpha'); +$backtopage=GETPOST('backtopage','alpha'); if ($id == '' && $ref == '' && ($action != "create" && $action != "add" && $action != "update" && ! $_POST["cancel"])) accessforbidden(); @@ -55,9 +56,9 @@ $result = restrictedArea($user, 'projet', $id); */ // Cancel -if (GETPOST("cancel") && GETPOST('backtopage')) +if (GETPOST("cancel") && ! empty($backtopage)) { - header("Location: ".GETPOST('backtopage')); + header("Location: ".$backtopage); exit; } @@ -276,7 +277,7 @@ if ($action == 'create' && $user->rights->projet->creer) print ''; print ''; print ''; - print ''; + print ''; print '
'; print $langs->trans('Month').': '; print ' '.$langs->trans('Year').': '; - $max_year = date("Y"); - $syear = $year; + $syear = GETPOST('year')?GETPOST('year'):-1; $formother->select_year($syear,'year',1, 20, 5); print '
'; @@ -301,7 +302,7 @@ if ($action == 'create' && $user->rights->projet->creer) // Customer print ''; @@ -332,7 +333,7 @@ if ($action == 'create' && $user->rights->projet->creer) print '
'; print ''; - if (GETPOST('backtopage')) + if (! empty($backtopage)) { print '     '; print ''; diff --git a/htdocs/projet/ganttview.php b/htdocs/projet/ganttview.php index b22deee7ff7..bd759d27bbe 100644 --- a/htdocs/projet/ganttview.php +++ b/htdocs/projet/ganttview.php @@ -30,7 +30,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/project.lib.php"); require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php"); require_once(DOL_DOCUMENT_ROOT."/core/class/html.formother.class.php"); -$id=GETPOST('id'); +$id=GETPOST('id','int'); $ref=GETPOST('ref'); $mine = $_REQUEST['mode']=='mine' ? 1 : 0; //if (! $user->rights->projet->all->lire) $mine=1; // Special for projects diff --git a/htdocs/projet/note.php b/htdocs/projet/note.php index dc7a81e7774..51493df8346 100644 --- a/htdocs/projet/note.php +++ b/htdocs/projet/note.php @@ -28,7 +28,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/project.lib.php"); $langs->load('projects'); $action=GETPOST('action'); -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref= GETPOST('ref'); $mine = $_REQUEST['mode']=='mine' ? 1 : 0; diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php index c05bac91f4e..6c4ccb733fa 100644 --- a/htdocs/projet/tasks.php +++ b/htdocs/projet/tasks.php @@ -36,6 +36,7 @@ $langs->load("projects"); $action = GETPOST('action', 'alpha'); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); +$backtopage=GETPOST('backtopage','alpha'); $mode = GETPOST('mode', 'alpha'); $mine = ($mode == 'mine' ? 1 : 0); @@ -111,9 +112,9 @@ if ($action == 'createtask' && $user->rights->projet->creer) if (! $error) { - if (GETPOST('backtopage')) + if (! empty($backtopage)) { - Header("Location: ".GETPOST('backtopage')); + Header("Location: ".$backtopage); exit; } else if (empty($projectid)) @@ -125,9 +126,9 @@ if ($action == 'createtask' && $user->rights->projet->creer) } else { - if (GETPOST('backtopage')) + if (! empty($backtopage)) { - Header("Location: ".GETPOST('backtopage')); + Header("Location: ".$backtopage); exit; } else if (empty($id)) @@ -219,7 +220,7 @@ if ($action == 'create' && $user->rights->projet->creer && (empty($object->socie print ''; print ''; print ''; - print ''; + print ''; if (! empty($object->id)) print ''; if (! empty($mode)) print ''; diff --git a/htdocs/projet/tasks/contact.php b/htdocs/projet/tasks/contact.php index bf1cd5ae804..0e745f928ca 100644 --- a/htdocs/projet/tasks/contact.php +++ b/htdocs/projet/tasks/contact.php @@ -34,7 +34,7 @@ $langs->load("projects"); $langs->load("companies"); $taskid = isset($_GET["id"])?$_GET["id"]:''; -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref= GETPOST('ref'); $action=GETPOST('action'); $withproject=GETPOST('withproject'); diff --git a/htdocs/projet/tasks/document.php b/htdocs/projet/tasks/document.php index 3b8b260d9ee..bb5fd636665 100644 --- a/htdocs/projet/tasks/document.php +++ b/htdocs/projet/tasks/document.php @@ -35,7 +35,7 @@ $langs->load('other'); $action=GETPOST('action'); $mine = $_REQUEST['mode']=='mine' ? 1 : 0; //if (! $user->rights->projet->all->lire) $mine=1; // Special for projects -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref= GETPOST('ref'); $withproject=GETPOST('withproject'); diff --git a/htdocs/projet/tasks/index.php b/htdocs/projet/tasks/index.php index 406eae738a5..94bb854e933 100644 --- a/htdocs/projet/tasks/index.php +++ b/htdocs/projet/tasks/index.php @@ -32,7 +32,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php"); $langs->load('projects'); $langs->load('users'); -$id=GETPOST('id'); +$id=GETPOST('id','int'); // Security check $socid=0; diff --git a/htdocs/projet/tasks/note.php b/htdocs/projet/tasks/note.php index 2fb8e0c9bdf..b22351ac2bd 100644 --- a/htdocs/projet/tasks/note.php +++ b/htdocs/projet/tasks/note.php @@ -31,7 +31,7 @@ $langs->load('projects'); $action=GETPOST('action'); $mine = $_REQUEST['mode']=='mine' ? 1 : 0; //if (! $user->rights->projet->all->lire) $mine=1; // Special for projects -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref= GETPOST('ref'); $withproject=GETPOST('withproject'); diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php index 821ff229059..5903649c5e5 100644 --- a/htdocs/projet/tasks/task.php +++ b/htdocs/projet/tasks/task.php @@ -29,9 +29,9 @@ require_once(DOL_DOCUMENT_ROOT."/projet/class/task.class.php"); require_once(DOL_DOCUMENT_ROOT."/core/lib/project.lib.php"); require_once(DOL_DOCUMENT_ROOT."/core/class/html.formother.class.php"); -$taskid = GETPOST("id"); +$taskid = GETPOST('id','int'); $taskref = GETPOST("ref"); -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref= GETPOST('ref'); $action=GETPOST('action'); $withproject=GETPOST('withproject'); diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index bed27babac4..ac6bda48e22 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -33,7 +33,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php"); $langs->load('projects'); $taskid = isset($_GET["id"])?$_GET["id"]:''; -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref= GETPOST('ref'); $action=GETPOST('action'); $withproject=GETPOST('withproject'); diff --git a/htdocs/public/demo/index.php b/htdocs/public/demo/index.php index 9926d7f54fc..e5619c3db1e 100644 --- a/htdocs/public/demo/index.php +++ b/htdocs/public/demo/index.php @@ -222,7 +222,7 @@ if (GETPOST("action") == 'gotodemo') if ($disablestring) { $url=DOL_URL_ROOT.'/index.php?disablemodules='.$disablestring; - if (GETPOST("urlfrom")) $url.='&urlfrom='.GETPOST("urlfrom"); + if (GETPOST('urlfrom','alpha')) $url.='&urlfrom='.GETPOST('urlfrom','alpha'); header("Location: ".$url); exit; } diff --git a/htdocs/public/members/new.php b/htdocs/public/members/new.php index fc7feedb0ae..d1d63d0310e 100644 --- a/htdocs/public/members/new.php +++ b/htdocs/public/members/new.php @@ -47,8 +47,8 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/company.lib.php"); $errmsg=''; $num=0; $error=0; -$backtopage=GETPOST('backtopage'); -$action=GETPOST('action'); +$backtopage=GETPOST('backtopage','alpha'); +$action=GETPOST('action','alpha'); // Load translation files $langs->load("main"); @@ -255,7 +255,7 @@ if ($action == 'add') $result=$adh->send_an_email($conf->global->ADHERENT_AUTOREGISTER_MAIL,$conf->global->ADHERENT_AUTOREGISTER_MAIL_SUBJECT,array(),array(),array(),"","",0,-1); } - if ($backtopage) $urlback=$backtopage; + if (! empty($backtopage)) $urlback=$backtopage; else if ($conf->global->MEMBER_URL_REDIRECT_SUBSCRIPTION) { $urlback=$conf->global->MEMBER_URL_REDIRECT_SUBSCRIPTION; @@ -545,7 +545,7 @@ print "
'.$langs->trans("ThirdParty").''; - $text=$form->select_company(GETPOST("socid"),'socid','',1,1); + $text=$form->select_company(GETPOST('socid','int'),'socid','',1,1); $texthelp=$langs->trans("IfNeedToUseOhterObjectKeepEmpty"); print $form->textwithtooltip($text.' '.img_help(),$texthelp,1); print '
\n"; // Save print '
'; print ''; -if ($backtopage) +if (! empty($backtopage)) { print '     '; } diff --git a/htdocs/societe/agenda.php b/htdocs/societe/agenda.php index 330cff56858..3c033a9f80e 100644 --- a/htdocs/societe/agenda.php +++ b/htdocs/societe/agenda.php @@ -35,7 +35,7 @@ $langs->load("companies"); $mesg=isset($_GET["mesg"])?'
'.$_GET["mesg"].'
':''; // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe', $socid); diff --git a/htdocs/societe/ajaxcompanies.php b/htdocs/societe/ajaxcompanies.php index 1127542dc78..49b49988eaf 100644 --- a/htdocs/societe/ajaxcompanies.php +++ b/htdocs/societe/ajaxcompanies.php @@ -50,7 +50,7 @@ dol_syslog(join(',',$_GET)); // Generation liste des societes -if (GETPOST('newcompany') || GETPOST('socid') || GETPOST('id_fourn')) +if (GETPOST('newcompany') || GETPOST('socid','int') || GETPOST('id_fourn')) { $return_arr = array(); diff --git a/htdocs/societe/document.php b/htdocs/societe/document.php index fe2ec2a24f7..792ef0e99cc 100644 --- a/htdocs/societe/document.php +++ b/htdocs/societe/document.php @@ -37,7 +37,7 @@ $mesg=''; $action = GETPOST('action'); $confirm = GETPOST('confirm'); -$socid = (GETPOST('socid') ? GETPOST('socid') : GETPOST('id')); +$socid = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id','int')); // Security check if ($user->societe_id > 0) diff --git a/htdocs/societe/lien.php b/htdocs/societe/lien.php index 6ae5d7fb4dc..a8d80f2f84a 100644 --- a/htdocs/societe/lien.php +++ b/htdocs/societe/lien.php @@ -33,7 +33,7 @@ $langs->load("suppliers"); $langs->load("banks"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe','',''); diff --git a/htdocs/societe/soc.php b/htdocs/societe/soc.php index 4ebe1a4aeb3..0ba5c8e23fb 100644 --- a/htdocs/societe/soc.php +++ b/htdocs/societe/soc.php @@ -49,7 +49,7 @@ $mesg=''; $error=0; $errors=array(); $action = (GETPOST('action') ? GETPOST('action') : 'view'); $confirm = GETPOST('confirm'); -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $object = new Societe($db); @@ -468,7 +468,7 @@ $formcompany = new FormCompany($db); $countrynotdefined=$langs->trans("ErrorSetACountryFirst").' ('.$langs->trans("SeeAbove").')'; -if (is_object($objcanvas) && $objcanvas->displayCanvasExists()) +if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // ----------------------------------------- // When used with CANVAS @@ -479,7 +479,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists()) $object->fetch($socid); // For use with "pure canvas" (canvas that contains templates only) } $objcanvas->assign_values($action, $socid); // Set value for templates - $objcanvas->display_canvas(); // Show template + $objcanvas->display_canvas($action); // Show template } else { diff --git a/htdocs/societe/societe.php b/htdocs/societe/societe.php index 99f456cdd73..2403a204c02 100644 --- a/htdocs/societe/societe.php +++ b/htdocs/societe/societe.php @@ -32,7 +32,7 @@ $langs->load("customers"); $langs->load("suppliers"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user,'societe',$socid,''); diff --git a/htdocs/user/group/perms.php b/htdocs/user/group/perms.php index 9b367e7aeb4..175f005646a 100644 --- a/htdocs/user/group/perms.php +++ b/htdocs/user/group/perms.php @@ -30,7 +30,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/usergroups.lib.php"); $langs->load("users"); -$id=GETPOST("id"); +$id=GETPOST('id','int'); $action=GETPOST("action"); $confirm=GETPOST("confirm"); $module=GETPOST("module"); diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index f4deb98b7a3..10d395ff94e 100755 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -144,8 +144,9 @@ class SecurityTest extends PHPUnit_Framework_TestCase $_POST["param1"]="333"; $_GET["param2"]='a/b#e(pr)qq-rr\cc'; $_GET["param3"]='"a/b#e(pr)qq-rr\cc'; // Same than param2 + " + $_GET["param4"]='../dir'; - $result=GETPOST("id"); // Must return nothing + $result=GETPOST('id','int'); // Must return nothing print __METHOD__." result=".$result."\n"; $this->assertEquals($result,''); @@ -161,11 +162,15 @@ class SecurityTest extends PHPUnit_Framework_TestCase print __METHOD__." result=".$result."\n"; $this->assertEquals($result,$_GET["param2"]); - $result=GETPOST("param3",'alpha'); // Must return '' as there is a forbidden char + $result=GETPOST("param3",'alpha'); // Must return '' as there is a forbidden char " print __METHOD__." result=".$result."\n"; $this->assertEquals($result,''); - return $result; + $result=GETPOST("param4",'alpha'); // Must return '' as there is a forbidden char ../ + print __METHOD__." result=".$result."\n"; + $this->assertEquals($result,''); + + return $result; } /**