lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '5.0' of https://github.com/Dolibarr/dolibarr into 5.0

Browse Source
This commit is contained in:
Maxime Kohlhaas 2017-06-20 09:29:26 +02:00
commit 166b5da560
63 changed files with 390 additions and 377 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
ChangeLog
View File

@ -2,6 +2,22 @@
English Dolibarr ChangeLog
--------------------------------------------------------------
***** ChangeLog for 5.0.4 compared to 5.0.3 *****
FIX: #6880
FIX: #6925
FIX: #6926
FIX: Can set supplier invoice to billed.
FIX: Can't create invoice if PO disapproved
FIX: contratligne update
FIX: CVE-2017-7886
FIX: default param
FIX: Line of invoices not inserted when using POS module and VAT NPR.
FIX: origin & originid on supplierproposal
FIX: Redirect to payment page from member subscription page failed if a unique security key was defined.
FIX: REST api to get project when user has permission to read all.
FIX: situation_progress param default value must be 100 and not 0
FIX: SQL injection on user/index.php parameter search_statut.
FIX: Warnings
***** ChangeLog for 5.0.3 compared to 5.0.2 *****
FIX: #6677 Expired contracts dashboard box does not show the name of the thirdparty

2
htdocs/admin/tools/index.php
View File

@ -38,7 +38,7 @@ if (! $user->admin)
$form = new Form($db);
$title=$langs->trans("SystemToolsArea");
if (GETPOST('leftmenu') == 'admintools') $title=$langs->trans("ModulesSystemTools");
if (GETPOST('leftmenu',"aZ09") == 'admintools') $title=$langs->trans("ModulesSystemTools");
llxHeader('', $title);

2
htdocs/bookmarks/bookmarks.lib.php
View File

@ -40,7 +40,7 @@ function printBookmarksList($aDb, $aLangs)
$langs->load("bookmarks");
$url= $_SERVER["PHP_SELF"].(! empty($_SERVER["QUERY_STRING"])?'?'.$_SERVER["QUERY_STRING"]:'');
$url= $_SERVER["PHP_SELF"].(dol_escape_htmltag($_SERVER["QUERY_STRING"])?'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]):'');
$ret = '';
// Menu bookmark

39
htdocs/comm/propal/document.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2003-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2009 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2017 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005 Marc Barilley / Ocebo <marc@ocebo.com>
* Copyright (C) 2005-2012 Regis Houssin <regis.houssin@capnetworks.com>
* Copyright (C) 2013 Cédric Salvador <csalvador@gpcsolutions.fr>
@ -63,17 +63,18 @@ if (! $sortfield) $sortfield="name";
$object = new Propal($db);
$object->fetch($id,$ref);
if ($object->id > 0)
{
$object->fetch_thirdparty();
$upload_dir = $conf->propal->dir_output.'/'.dol_sanitizeFileName($object->ref);
include_once DOL_DOCUMENT_ROOT . '/core/actions_linkedfiles.inc.php';
}
/*
* Actions
*/
if ($object->id > 0)
{
$object->fetch_thirdparty();
$upload_dir = $conf->propal->dir_output.'/'.dol_sanitizeFileName($object->ref);
include_once DOL_DOCUMENT_ROOT . '/core/actions_linkedfiles.inc.php';
}
/*
@ -101,10 +102,10 @@ if ($object->id > 0)
// Proposal card
$linkback = '<a href="' . DOL_URL_ROOT . '/comm/propal/list.php' . (! empty($socid) ? '?socid=' . $socid : '') . '">' . $langs->trans("BackToList") . '</a>';
$morehtmlref='<div class="refidno">';
// Ref customer
$morehtmlref.=$form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1);
@ -145,24 +146,24 @@ if ($object->id > 0)
}
}
$morehtmlref.='</div>';
dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref);
print '<div class="fichecenter">';
print '<div class="underbanner clearboth"></div>';
print '<table class="border" width="100%">';
// Files infos
print '<tr><td class="titlefield">'.$langs->trans("NbOfAttachedFiles").'</td><td>'.count($filearray).'</td></tr>';
print '<tr><td>'.$langs->trans("TotalSizeOfAttachedFiles").'</td><td>'.$totalsize.' '.$langs->trans("bytes").'</td></tr>';
print "</table>\n";
print '</div>';
dol_fiche_end();
$modulepart = 'propal';

154
htdocs/comm/propal/list.php
View File

@ -161,7 +161,7 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab
}
}
$object = new Propal($db); // To be passed as parameter of executeHooks that need
$object = new Propal($db); // To be passed as parameter of executeHooks that need
/*
@ -273,25 +273,25 @@ if (! $user->rights->societe->client->voir && ! $socid) //restriction
$sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
}
if ($search_town) $sql.= natural_search('s.town', $search_town);
if ($search_zip) $sql.= natural_search("s.zip",$search_zip);
if ($search_state) $sql.= natural_search("state.nom",$search_state);
if ($search_country) $sql .= " AND s.fk_pays IN (".$search_country.')';
if ($search_type_thirdparty) $sql .= " AND s.fk_typent IN (".$search_type_thirdparty.')';
if ($search_ref) $sql .= natural_search('p.ref', $search_ref);
if ($search_zip) $sql.= natural_search("s.zip", $search_zip);
if ($search_state) $sql.= natural_search("state.nom", $search_state);
if ($search_country) $sql .= " AND s.fk_pays IN (".$db->escape($search_country).')';
if ($search_type_thirdparty) $sql .= " AND s.fk_typent IN (".$db->escape($search_type_thirdparty).')';
if ($search_ref) $sql .= natural_search('p.ref', $search_ref);
if ($search_refcustomer) $sql .= natural_search('p.ref_client', $search_refcustomer);
if ($search_societe) $sql .= natural_search('s.nom', $search_societe);
if ($search_login) $sql.= " AND u.login LIKE '%".$db->escape(trim($search_login))."%'";
if ($search_societe) $sql .= natural_search('s.nom', $search_societe);
if ($search_login) $sql .= natural_search("u.login", $search_login);
if ($search_montant_ht != '') $sql.= natural_search("p.total_ht", $search_montant_ht, 1);
if ($search_montant_vat != '') $sql.= natural_search("p.tva", $search_montant_vat, 1);
if ($search_montant_ttc != '') $sql.= natural_search("p.total", $search_montant_ttc, 1);
if ($sall) {
$sql .= natural_search(array_keys($fieldstosearchall), $sall);
}
if ($search_product_category > 0) $sql.=" AND cp.fk_categorie = ".$search_product_category;
if ($search_product_category > 0) $sql.=" AND cp.fk_categorie = ".$db->escape($search_product_category);
if ($socid > 0) $sql.= ' AND s.rowid = '.$socid;
if ($viewstatut != '' && $viewstatut != '-1')
{
$sql.= ' AND p.fk_statut IN ('.$viewstatut.')';
$sql.= ' AND p.fk_statut IN ('.$db->escape($viewstatut).')';
}
if ($month > 0)
{
@ -300,16 +300,16 @@ if ($month > 0)
else if ($year > 0 && ! empty($day))
$sql.= " AND p.datep BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $month, $day, $year))."' AND '".$db->idate(dol_mktime(23, 59, 59, $month, $day, $year))."'";
else
$sql.= " AND date_format(p.datep, '%m') = '".$month."'";
$sql.= " AND date_format(p.datep, '%m') = '".$db->escape($month)."'";
}
else if ($year > 0)
{
$sql.= " AND p.datep BETWEEN '".$db->idate(dol_get_first_day($year,1,false))."' AND '".$db->idate(dol_get_last_day($year,12,false))."'";
}
if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$search_sale;
if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$db->escape($search_sale);
if ($search_user > 0)
{
$sql.= " AND c.fk_c_type_contact = tc.rowid AND tc.element='propal' AND tc.source='internal' AND c.element_id = p.rowid AND c.fk_socpeople = ".$search_user;
$sql.= " AND c.fk_c_type_contact = tc.rowid AND tc.element='propal' AND tc.source='internal' AND c.element_id = p.rowid AND c.fk_socpeople = ".$db->escape($search_user);
}
// Add where from extra fields
foreach ($search_array_options as $key => $val)
@ -357,28 +357,28 @@ if ($resql)
else
{
$title = $langs->trans('ListOfProposals');
}
}
$num = $db->num_rows($resql);
$arrayofselected=is_array($toselect)?$toselect:array();
$param='&viewstatut='.$viewstatut;
if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.$contextpage;
if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.$limit;
if ($sall) $param.='&sall='.$sall;
if ($month) $param.='&month='.$month;
if ($year) $param.='&year='.$year;
if ($search_ref) $param.='&search_ref=' .$search_ref;
if ($search_refcustomer) $param.='&search_refcustomer=' .$search_refcustomer;
if ($search_societe) $param.='&search_societe=' .$search_societe;
if ($search_user > 0) $param.='&search_user='.$search_user;
if ($search_sale > 0) $param.='&search_sale='.$search_sale;
if ($search_montant_ht) $param.='&search_montant_ht='.$search_montant_ht;
if ($search_login) $param.='&search_login='.$search_login;
if ($search_town) $param.='&search_town='.$search_town;
if ($socid > 0) $param.='&socid='.$socid;
if ($optioncss != '') $param.='&optioncss='.$optioncss;
$param='&viewstatut='.urlencode($viewstatut);
if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.urlencode($contextpage);
if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.urlencode($limit);
if ($sall) $param.='&sall='.urlencode($sall);
if ($month) $param.='&month='.urlencode($month);
if ($year) $param.='&year='.urlencode($year);
if ($search_ref) $param.='&search_ref='.urlencode($search_ref);
if ($search_refcustomer) $param.='&search_refcustomer='.urlencode($search_refcustomer);
if ($search_societe) $param.='&search_societe='.urlencode($search_societe);
if ($search_user > 0) $param.='&search_user='.urlencode($search_user);
if ($search_sale > 0) $param.='&search_sale='.urlencode($search_sale);
if ($search_montant_ht) $param.='&search_montant_ht='.urlencode($search_montant_ht);
if ($search_login) $param.='&search_login='.urlencode($search_login);
if ($search_town) $param.='&search_town='.urlencode($search_town);
if ($socid > 0) $param.='&socid='.urlencode($socid);
if ($optioncss != '') $param.='&optioncss='.urlencode($optioncss);
// Add $param from extra fields
foreach ($search_array_options as $key => $val)
{
@ -386,7 +386,7 @@ if ($resql)
$tmpkey=preg_replace('/search_options_/','',$key);
if ($val != '') $param.='&search_options_'.$tmpkey.'='.urlencode($val);
}
// List of mass actions available
$arrayofmassactions = array(
'presend'=>$langs->trans("SendByMail"),
@ -395,7 +395,7 @@ if ($resql)
if ($user->rights->propal->supprimer) $arrayofmassactions['delete']=$langs->trans("Delete");
if ($massaction == 'presend') $arrayofmassactions=array();
$massactionbutton=$form->selectMassAction('', $arrayofmassactions);
// Lignes des champs de filtre
print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
@ -406,11 +406,11 @@ if ($resql)
print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'title_commercial.png', 0, '', '', $limit);
if ($massaction == 'presend')
{
$langs->load("mails");
if (! GETPOST('cancel'))
{
$objecttmp=new Propal($db);
@ -429,17 +429,17 @@ if ($resql)
}
}
}
print '<input type="hidden" name="massaction" value="confirm_presend">';
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
$formmail = new FormMail($db);
dol_fiche_head(null, '', '');
$topicmail="SendSupplierProposalRef";
$modelmail="supplier_proposal_send";
// Cree l'objet formulaire mail
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
$formmail = new FormMail($db);
@ -492,25 +492,25 @@ if ($resql)
$formmail->substit['__REFCLIENT__']='__REFCLIENT__'; // We want to keep the tag
$formmail->substit['__PERSONALIZED__']='';
$formmail->substit['__CONTACTCIVNAME__']='';
// Tableau des parametres complementaires du post
$formmail->param['action']=$action;
$formmail->param['models']=$modelmail;
$formmail->param['models_id']=GETPOST('modelmailselected','int');
$formmail->param['id']=join(',',$arrayofselected);
//$formmail->param['returnurl']=$_SERVER["PHP_SELF"].'?id='.$object->id;
print $formmail->get_form();
dol_fiche_end();
}
if ($sall)
{
foreach($fieldstosearchall as $key => $val) $fieldstosearchall[$key]=$langs->trans($val);
print $langs->trans("FilterOnInto", $sall) . join(', ',$fieldstosearchall);
}
$i = 0;
$moreforfilter='';
@ -546,7 +546,7 @@ if ($resql)
$reshook=$hookmanager->executeHooks('printFieldPreListTitle',$parameters); // Note that $action and $object may have been modified by hook
if (empty($reshook)) $moreforfilter .= $hookmanager->resPrint;
else $moreforfilter = $hookmanager->resPrint;
if (! empty($moreforfilter))
{
print '<div class="liste_titre liste_titre_bydiv centpercent">';
@ -556,10 +556,10 @@ if ($resql)
$varpage=empty($contextpage)?$_SERVER["PHP_SELF"]:$contextpage;
$selectedfields=$form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage); // This also change content of $arrayfields
print '<div class="div-table-responsive">';
print '<table class="tagtable liste'.($moreforfilter?" listwithfilterbefore":"").'">'."\n";
// Fields title
print '<tr class="liste_titre">';
if (! empty($arrayfields['p.ref']['checked'])) print_liste_field_titre($arrayfields['p.ref']['label'],$_SERVER["PHP_SELF"],'p.ref','',$param,'',$sortfield,$sortorder);
@ -579,9 +579,9 @@ if ($resql)
// Extra fields
if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label))
{
foreach($extrafields->attribute_label as $key => $val)
foreach($extrafields->attribute_label as $key => $val)
{
if (! empty($arrayfields["ef.".$key]['checked']))
if (! empty($arrayfields["ef.".$key]['checked']))
{
$align=$extrafields->getAlignFlag($key);
print_liste_field_titre($extralabels[$key],$_SERVER["PHP_SELF"],"ef.".$key,"",$param,($align?'align="'.$align.'"':''),$sortfield,$sortorder);
@ -597,9 +597,9 @@ if ($resql)
if (! empty($arrayfields['p.fk_statut']['checked'])) print_liste_field_titre($arrayfields['p.fk_statut']['label'],$_SERVER["PHP_SELF"],"p.fk_statut","",$param,'align="right"',$sortfield,$sortorder);
print_liste_field_titre($selectedfields, $_SERVER["PHP_SELF"],"",'','','align="right"',$sortfield,$sortorder,'maxwidthsearch ');
print '</tr>'."\n";
print '<tr class="liste_titre">';
if (! empty($arrayfields['p.ref']['checked']))
if (! empty($arrayfields['p.ref']['checked']))
{
print '<td class="liste_titre">';
print '<input class="flat" size="6" type="text" name="search_ref" value="'.$search_ref.'">';
@ -641,7 +641,7 @@ if ($resql)
print '</td>';
}
// Date
if (! empty($arrayfields['p.date']['checked']))
if (! empty($arrayfields['p.date']['checked']))
{
print '<td class="liste_titre" colspan="1" align="center">';
//print $langs->trans('Month').': ';
@ -653,7 +653,7 @@ if ($resql)
print '</td>';
}
// Date end
if (! empty($arrayfields['p.fin_validite']['checked']))
if (! empty($arrayfields['p.fin_validite']['checked']))
{
print '<td class="liste_titre" colspan="1">&nbsp;</td>';
}
@ -736,7 +736,7 @@ if ($resql)
$searchpitco=$form->showFilterAndCheckAddButtons($massactionbutton?1:0, 'checkforselect', 1);
print $searchpitco;
print '</td>';
print "</tr>\n";
$now = dol_now();
@ -747,16 +747,16 @@ if ($resql)
{
$obj = $db->fetch_object($resql);
$var=!$var;
$objectstatic->id=$obj->rowid;
$objectstatic->ref=$obj->ref;
print '<tr '.$bc[$var].'>';
if (! empty($arrayfields['p.ref']['checked']))
{
print '<td class="nowrap">';
print '<table class="nobordernopadding"><tr class="nocellnopadd">';
// Picto + Ref
print '<td class="nobordernopadding nowrap">';
@ -785,11 +785,11 @@ if ($resql)
$urlsource=$_SERVER['PHP_SELF'].'?id='.$obj->rowid;
print $formfile->getDocumentsLink($objectstatic->element, $filename, $filedir);
print '</td></tr></table>';
print "</td>\n";
if (! $i) $totalarray['nbfield']++;
}
if (! empty($arrayfields['p.ref_client']['checked']))
{
// Customer ref
@ -798,12 +798,12 @@ if ($resql)
print '</td>';
if (! $i) $totalarray['nbfield']++;
}
$companystatic->id=$obj->socid;
$companystatic->name=$obj->name;
$companystatic->client=$obj->client;
$companystatic->code_client=$obj->code_client;
// Thirdparty
if (! empty($arrayfields['s.nom']['checked']))
{
@ -812,7 +812,7 @@ if ($resql)
print '</td>';
if (! $i) $totalarray['nbfield']++;
}
// Town
if (! empty($arrayfields['s.town']['checked']))
{
@ -853,7 +853,7 @@ if ($resql)
print '</td>';
if (! $i) $totalarray['nbfield']++;
}
// Date proposal
if (! empty($arrayfields['p.date']['checked']))
{
@ -862,7 +862,7 @@ if ($resql)
print "</td>\n";
if (! $i) $totalarray['nbfield']++;
}
// Date end validity
if (! empty($arrayfields['p.fin_validite']['checked']))
{
@ -877,7 +877,7 @@ if ($resql)
}
if (! $i) $totalarray['nbfield']++;
}
// Amount HT
if (! empty($arrayfields['p.total_ht']['checked']))
{
@ -902,7 +902,7 @@ if ($resql)
if (! $i) $totalarray['totalttcfield']=$totalarray['nbfield'];
$totalarray['totalttc'] += $obj->total_ttc;
}
$userstatic->id=$obj->fk_user_author;
$userstatic->login=$obj->login;
@ -915,7 +915,7 @@ if ($resql)
print "</td>\n";
if (! $i) $totalarray['nbfield']++;
}
// Extra fields
if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label))
{
@ -1000,20 +1000,20 @@ if ($resql)
else print '<td></td>';
}
print '</tr>';
}
$db->free($resql);
$parameters=array('arrayfields'=>$arrayfields, 'sql'=>$sql);
$reshook=$hookmanager->executeHooks('printFieldListFooter',$parameters); // Note that $action and $object may have been modified by hook
print $hookmanager->resPrint;
print '</table>'."\n";
print '</div>'."\n";
print '</form>'."\n";
if ($massaction == 'builddoc' || $action == 'remove_file' || $show_files)
{
/*
@ -1021,18 +1021,18 @@ if ($resql)
*/
$urlsource=$_SERVER['PHP_SELF'].'?sortfield='.$sortfield.'&sortorder='.$sortorder;
$urlsource.=str_replace('&amp;','&',$param);
$filedir=$diroutputmassaction;
$genallowed=$user->rights->propal->lire;
$delallowed=$user->rights->propal->lire;
print $formfile->showdocuments('massfilesarea_proposals','',$filedir,$urlsource,0,$delallowed,'',1,1,0,48,1,$param,'','');
}
else
{
print '<br><a name="show_files"></a><a href="'.$_SERVER["PHP_SELF"].'?show_files=1'.$param.'#show_files">'.$langs->trans("ShowTempMassFilesArea").'</a>';
}
}
else
{

23
htdocs/compta/facture.php
View File

@ -3327,7 +3327,7 @@ else if ($id > 0 || ! empty($ref))
print $object->situation_counter;
print '</td>';
print '<td align="right" class="nowrap">';
print '<td align="left" class="nowrap">';
$prevsits_total_amount = 0;
foreach ($prevsits as $situation) {
@ -3335,9 +3335,10 @@ else if ($id > 0 || ! empty($ref))
}
$prevsits_total_amount += $object->total_ht;
print price($prevsits_total_amount);
print '</td>';
print '<td>' . $langs->trans('Currency' . $conf->currency) . '</td></tr>';
print price($prevsits_total_amount, 0, $langs, 1, -1, -1, (!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency) );
print '</td></tr>';
// Previous situation(s) deduction(s)
for ($i = 0; $i < $cprevsits; $i++) {
@ -3348,10 +3349,10 @@ else if ($id > 0 || ! empty($ref))
print $prevsits[$i]->situation_counter;
print '</a></td>';
print '<td align="right" class="nowrap">';
print '- ' . price($prevsits[$i]->total_ht);
print '</td>';
print '<td>' . $langs->trans('Currency' . $conf->currency) . '</td></tr>';
print '<td align="left" class="nowrap">';
print '- ' . price($prevsits[$i]->total_ht, 0, $langs, 1, -1, -1, (!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency) );
print '</td></tr>';
}
}
}
@ -3489,7 +3490,7 @@ else if ($id > 0 || ! empty($ref))
if ($object->type == Facture::TYPE_SITUATION && ! empty($conf->global->INVOICE_USE_SITUATION))
{
if (count($object->tab_previous_situation_invoice) > 0 || count($object->tab_next_situation_invoice) > 0)
print '<table class="nobordernopadding paymenttable" width="100%">';
print '<table class="noborder situationstable" width="100%">';
if (count($object->tab_previous_situation_invoice) > 0) {
// List of previous invoices
@ -3523,7 +3524,7 @@ else if ($id > 0 || ! empty($ref))
}
print '<tr ' . $bc[$var] . '>';
print '<td colspan="2" align="right"></td>';
print '<td colspan="3" align="right"></td>';
print '<td align="right"><b>' . price($total_prev_ht) . '</b></td>';
print '<td align="right"><b>' . price($total_prev_ttc) . '</b></td>';
print '<td width="18">&nbsp;</td>';
@ -3563,7 +3564,7 @@ else if ($id > 0 || ! empty($ref))
}
print '<tr ' . $bc[$var] . '>';
print '<td colspan="2" align="right"></td>';
print '<td colspan="3" align="right"></td>';
print '<td align="right"><b>' . price($total_next_ht) . '</b></td>';
print '<td align="right"><b>' . price($total_next_ttc) . '</b></td>';
print '<td width="18">&nbsp;</td>';

19
htdocs/core/actions_linkedfiles.inc.php
View File

@ -71,7 +71,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes')
$ret = dol_delete_file($file, 0, 0, 0, $object);
if (! empty($fileold)) dol_delete_file($fileold, 0, 0, 0, $object); // Delete file using old path
// Si elle existe, on efface la vignette
if (preg_match('/(\.jpg|\.jpeg|\.bmp|\.gif|\.png|\.tiff)$/i',$file,$regs))
{
@ -150,19 +150,28 @@ elseif ($action == 'renamefile' && GETPOST('renamefilesave'))
{
$filenamefrom=dol_sanitizeFileName(GETPOST('renamefilefrom'));
$filenameto=dol_sanitizeFileName(GETPOST('renamefileto'));
// Security:
// Disallow file with some extensions. We rename them.
// Because if we put the documents directory into a directory inside web root (very bad), this allows to execute on demand arbitrary code.
if (preg_match('/\.htm|\.html|\.php|\.pl|\.cgi$/i',$filenameto) && empty($conf->global->MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED))
{
$filenameto.= '.noexe';
}
if ($filenamefrom && $filenameto)
{
$srcpath = $upload_dir.'/'.$filenamefrom;
$destpath = $upload_dir.'/'.$filenameto;
$result = dol_move($srcpath, $destpath);
if ($result)
if ($result)
{
$object->addThumbs($destpath);
// TODO Add revert function of addThumbs
//$object->delThumbs($srcpath);
setEventMessages($langs->trans("FileRenamed"), null);
}
else setEventMessages($langs->trans("ErrorFailToRenameFile", $filenamefrom, $filenameto), null, 'errors');

2
htdocs/core/ajax/ajaxdirpreview.php
View File

@ -139,7 +139,7 @@ if (! dol_is_dir($upload_dir))
}
print '<!-- ajaxdirpreview type='.$type.' -->'."\n";
print '<!-- Page called with mode='.(isset($mode)?$mode:'').' type='.$type.' module='.$module.' url='.$url.' '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Page called with mode='.dol_escape_htmltag(isset($mode)?$mode:'').' type='.dol_escape_htmltag($type).' module='.dol_escape_htmltag($module).' url='.dol_escape_htmltag($url).' '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
$param=($sortfield?'&sortfield='.$sortfield:'').($sortorder?'&sortorder='.$sortorder:'');

2
htdocs/core/ajax/bankconciliate.php
View File

@ -45,7 +45,7 @@ $action=GETPOST('action');
//top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header.
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
if (($user->rights->banque->modifier || $user->rights->banque->consolidate) && $action == 'dvnext')
{

2
htdocs/core/ajax/box.php
View File

@ -50,7 +50,7 @@ $userid=GETPOST('userid','int');
//top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header.
top_httphead();
print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Add a box
if ($boxid > 0 && $zone !='' && $userid > 0)

2
htdocs/core/ajax/constantonoff.php
View File

@ -45,7 +45,7 @@ $name=GETPOST('name','alpha');
//top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header.
top_httphead();
print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Registering the location of boxes
if (! empty($action) && ! empty($name))

8
htdocs/core/ajax/contacts.php
View File

@ -41,20 +41,20 @@ $showempty = GETPOST('showempty','int');
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Load original field value
if (! empty($id) && ! empty($action) && ! empty($htmlname))
{
$form = new Form($db);
$return=array();
if (empty($showempty)) $showempty=0;
$return['value'] = $form->selectcontacts($id,'',$htmlname,$showempty,'','',0,'',true);
$return['num'] = $form->num;
$return['error'] = $form->error;
echo json_encode($return);
}

18
htdocs/core/ajax/extraparams.php
View File

@ -40,17 +40,17 @@ $type = GETPOST('type', 'alpha');
top_httphead();
print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
if(! empty($id) && ! empty($element) && ! empty($htmlelement) && ! empty($type))
{
$value = GETPOST('value','alpha');
$params=array();
dol_syslog("AjaxSetExtraParameters id=".$id." element=".$element." htmlelement=".$htmlelement." type=".$type." value=".$value, LOG_DEBUG);
$classpath = $subelement = $element;
// For compatibility
if ($element == 'order' || $element == 'commande') { $classpath = $subelement = 'commande'; }
else if ($element == 'propal') { $classpath = 'comm/propal'; $subelement = 'propal'; }
@ -60,19 +60,19 @@ if(! empty($id) && ! empty($element) && ! empty($htmlelement) && ! empty($type))
else if ($element == 'deplacement') { $classpath = 'compta/deplacement'; $subelement = 'deplacement'; }
else if ($element == 'order_supplier') { $classpath = 'fourn'; $subelement = 'fournisseur.commande'; }
else if ($element == 'invoice_supplier') { $classpath = 'fourn'; $subelement = 'fournisseur.facture'; }
dol_include_once('/'.$classpath.'/class/'.$subelement.'.class.php');
if ($element == 'order_supplier') { $classname = 'CommandeFournisseur'; }
else if ($element == 'invoice_supplier') { $classname = 'FactureFournisseur'; }
else $classname = ucfirst($subelement);
$object = new $classname($db);
$object->fetch($id);
$params[$htmlelement] = array($type => $value);
$object->extraparams = array_merge($object->extraparams, $params);
$result=$object->setExtraParameters();
}

2
htdocs/core/ajax/loadinplace.php
View File

@ -41,7 +41,7 @@ $fk_element = GETPOST('fk_element','alpha');
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Load original field value
if (! empty($field) && ! empty($element) && ! empty($table_element) && ! empty($fk_element))

2
htdocs/core/ajax/objectonoff.php
View File

@ -42,7 +42,7 @@ $object = new GenericObject($db);
top_httphead();
print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Registering new values
if (($action == 'set') && ! empty($id))

2
htdocs/core/ajax/price.php
View File

@ -39,7 +39,7 @@ $tva_tx = str_replace('*','',GETPOST('tva_tx','alpha'));
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Load original field value
if (! empty($output) && isset($amount) && isset($tva_tx))

6
htdocs/core/ajax/row.php
View File

@ -17,8 +17,8 @@
/**
* \file htdocs/core/ajax/row.php
* \brief File to return Ajax response on Row move.
* This ajax page is called when doing an up or down drag and drop.
* \brief File to return Ajax response on Row move.
* This ajax page is called when doing an up or down drag and drop.
*/
if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Disable token renewal
@ -39,7 +39,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/genericobject.class.php';
top_httphead();
print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Registering the location of boxes
if ((isset($_POST['roworder']) && ! empty($_POST['roworder'])) && (isset($_POST['table_element_line']) && ! empty($_POST['table_element_line']))

2
htdocs/core/ajax/saveinplace.php
View File

@ -54,7 +54,7 @@ savemethodname:
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
//print_r($_POST);
// Load original field value

6
htdocs/core/ajax/security.php
View File

@ -17,8 +17,8 @@
/**
* \file htdocs/core/ajax/security.php
* \brief This ajax component is used to generated has keys for security purposes
* like key to use into URL to protect them.
* \brief This ajax component is used to generated has keys for security purposes
* like key to use into URL to protect them.
*/
if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Disables token renewal
@ -38,7 +38,7 @@ require '../../main.inc.php';
//top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header.
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Registering the location of boxes
if (isset($_GET['action']) && ! empty($_GET['action']))

2
htdocs/core/ajax/vatrates.php
View File

@ -41,7 +41,7 @@ $productid = (GETPOST('productid','int')?GETPOST('productid','int'):0);
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Load original field value
if (! empty($id) && ! empty($action) && ! empty($htmlname))

2
htdocs/core/ajax/ziptown.php
View File

@ -45,7 +45,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
//top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header.
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
dol_syslog("GET is ".join(',',$_GET).', MAIN_USE_ZIPTOWN_DICTIONNARY='.(empty($conf->global->MAIN_USE_ZIPTOWN_DICTIONNARY)?'':$conf->global->MAIN_USE_ZIPTOWN_DICTIONNARY));
//var_dump($_GET);

4
htdocs/core/class/conf.class.php
View File

@ -489,8 +489,8 @@ class Conf
// By default, we propagate contacts
if (! isset($this->global->MAIN_PROPAGATE_CONTACTS_FROM_ORIGIN)) $this->global->MAIN_PROPAGATE_CONTACTS_FROM_ORIGIN='*'; // Can be also '*' or '^(BILLING|SHIPPING|CUSTOMER|.*)$' (regex not yet implemented)
// By default, we use the zip town autofill
if (! isset($this->global->MAIN_USE_ZIPTOWN_DICTIONNARY)) $this->global->MAIN_USE_ZIPTOWN_DICTIONNARY=1;
// By default, we do not use the zip town autofill
if (! isset($this->global->MAIN_USE_ZIPTOWN_DICTIONNARY)) $this->global->MAIN_USE_ZIPTOWN_DICTIONNARY=0;
// Define list of limited modules (value must be key found for "name" property of module, so for example 'supplierproposal' for Module "Supplier Proposal"
if (! isset($this->global->MAIN_MODULES_FOR_EXTERNAL)) $this->global->MAIN_MODULES_FOR_EXTERNAL='user,societe,propal,commande,facture,categorie,supplierproposal,fournisseur,contact,projet,contrat,ficheinter,expedition,agenda,resource,adherent'; // '' means 'all'. Note that contact is added here as it should be a module later.

4
htdocs/core/class/html.formother.class.php
View File

@ -1062,7 +1062,7 @@ class FormOther
async: false
});
// We force reload to be sure to get all boxes into list
window.location.search=\'mainmenu='.GETPOST("mainmenu").'&leftmenu='.GETPOST('leftmenu').'&action=delbox\';
window.location.search=\'mainmenu='.GETPOST("mainmenu","aZ09").'&leftmenu='.GETPOST('leftmenu',"aZ09").'&action=delbox\';
}
else
{
@ -1084,7 +1084,7 @@ class FormOther
url: \''.DOL_URL_ROOT.'/core/ajax/box.php?boxorder=\'+boxorder+\'&boxid=\'+boxid+\'&zone='.$areacode.'&userid='.$user->id.'\',
async: false
});
window.location.search=\'mainmenu='.GETPOST("mainmenu").'&leftmenu='.GETPOST('leftmenu').'&action=addbox&boxid=\'+boxid;
window.location.search=\'mainmenu='.GETPOST("mainmenu","aZ09").'&leftmenu='.GETPOST('leftmenu',"aZ09").'&action=addbox&boxid=\'+boxid;
}
});';
if (! count($arrayboxtoactivatelabel)) $selectboxlist.='jQuery("#boxcombo").hide();';

2
htdocs/core/datepicker.php
View File

@ -39,7 +39,7 @@ if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML',1);
require_once '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL by the main.inc.php
if (GETPOST('lang', 'aZ09')) $langs->setDefaultLang(GETPOST('lang', 'aZ09')); // If language was forced on URL by the main.inc.php
$langs->load("main");
$langs->load("agenda");
$right=($langs->trans("DIRECTION")=='rtl'?'left':'right');

2
htdocs/core/get_menudiv.php
View File

@ -35,7 +35,7 @@ if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML',1);
require_once '../main.inc.php';
if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL by the main.inc.php
if (GETPOST('lang', 'aZ09')) $langs->setDefaultLang(GETPOST('lang', 'aZ09')); // If language was forced on URL by the main.inc.php
$langs->load("main");
$right=($langs->trans("DIRECTION")=='rtl'?'left':'right');
$left=($langs->trans("DIRECTION")=='rtl'?'right':'left');

6
htdocs/core/lib/files.lib.php
View File

@ -634,9 +634,9 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable
}
}
// Security:
// Disallow file with some extensions. We renamed them.
// Car si on a mis le rep documents dans un rep de la racine web (pas bien), cela permet d'executer du code a la demande.
// Security:
// Disallow file with some extensions. We rename them.
// Because if we put the documents directory into a directory inside web root (very bad), this allows to execute on demand arbitrary code.
if (preg_match('/\.htm|\.html|\.php|\.pl|\.cgi$/i',$dest_file) && empty($conf->global->MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED))
{
$file_name.= '.noexe';

6
htdocs/core/lib/functions.lib.php
View File

@ -611,7 +611,7 @@ function dol_string_unaccent($str)
*/
function dol_string_nospecial($str,$newstr='_',$badcharstoreplace='')
{
$forbidden_chars_to_replace=array(" ","'","/","\\",":","*","?","\"","<",">","|","[","]",",",";","=");
$forbidden_chars_to_replace=array(" ", "'", "/", "\\", ":", "*", "?", "\"", "<", ">", "|", "[", "]", ",", ";", "=");
$forbidden_chars_to_remove=array();
if (is_array($badcharstoreplace)) $forbidden_chars_to_replace=$badcharstoreplace;
//$forbidden_chars_to_remove=array("(",")");
@ -2928,8 +2928,8 @@ function dol_print_error($db='',$error='',$errors=null)
$out.="<b>".$langs->trans("Referer").":</b> ".(isset($_SERVER["HTTP_REFERER"])?dol_htmlentities($_SERVER["HTTP_REFERER"],ENT_COMPAT,'UTF-8'):'')."<br>\n";
$out.="<b>".$langs->trans("MenuManager").":</b> ".(isset($conf->standard_menu)?$conf->standard_menu:'')."<br>\n";
$out.="<br>\n";
$syslog.="url=".$_SERVER["REQUEST_URI"];
$syslog.=", query_string=".$_SERVER["QUERY_STRING"];
$syslog.="url=".dol_escape_htmltag($_SERVER["REQUEST_URI"]);
$syslog.=", query_string=".dol_escape_htmltag($_SERVER["QUERY_STRING"]);
}
else // Mode CLI
{

6
htdocs/core/lib/security2.lib.php
View File

@ -144,10 +144,6 @@ function dol_loginfunction($langs,$conf,$mysoc)
$dol_url_root = DOL_URL_ROOT;
$php_self = $_SERVER['PHP_SELF'];
$php_self.= $_SERVER["QUERY_STRING"]?'?'.$_SERVER["QUERY_STRING"]:'';
if (! preg_match('/mainmenu=/',$php_self)) $php_self.=(preg_match('/\?/',$php_self)?'&':'?').'mainmenu=home';
// Title
$appli=constant('DOL_APPLICATION_TITLE');
$title=$appli.' '.DOL_VERSION;
@ -422,7 +418,7 @@ function encodedecode_dbpassconf($level=0)
fflush($fp);
fclose($fp);
clearstatcache();
// It's config file, so we set read permission for creator only.
// Should set permission to web user and groups for users used by batch
//@chmod($file, octdec('0600'));

33
htdocs/core/menus/standard/auguria.lib.php
View File

@ -54,20 +54,20 @@ function print_auguria_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$m
if (empty($noout)) print_start_menu_array_auguria();
$usemenuhider = (GETPOST('testmenuhider') || ! empty($conf->global->MAIN_TESTMENUHIDER));
// Show/Hide vertical menu
if ($mode != 'jmobile' && $mode != 'topnb' && $usemenuhider && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER))
{
$showmode=1;
$classname = 'class="tmenu menuhider"';
$idsel='menu';
if (empty($noout)) print_start_menu_entry_auguria($idsel,$classname,$showmode);
if (empty($noout)) print_text_menu_entry_auguria('', 1, '#', $id, $idsel, $classname, $atarget);
if (empty($noout)) print_end_menu_entry_auguria($showmode);
$menu->add('#', '', 0, $showmode, $atarget, "xxx", '');
}
$num = count($newTabMenu);
for($i = 0; $i < $num; $i++)
{
@ -77,7 +77,7 @@ function print_auguria_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$m
if ($showmode == 1)
{
$url = $shorturl = $newTabMenu[$i]['url'];
if (! preg_match("/^(http:\/\/|https:\/\/)/i",$newTabMenu[$i]['url']))
{
$tmp=explode('?',$newTabMenu[$i]['url'],2);
@ -85,11 +85,11 @@ function print_auguria_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$m
$param = (isset($tmp[1])?$tmp[1]:'');
// Complete param to force leftmenu to '' to closed opend menu when we click on a link with no leftmenu defined.
if ((! preg_match('/mainmenu/i',$param)) && (! preg_match('/leftmenu/i',$param)) && ! empty($newTabMenu[$i]['url']))
if ((! preg_match('/mainmenu/i',$param)) && (! preg_match('/leftmenu/i',$param)) && ! empty($newTabMenu[$i]['url']))
{
$param.=($param?'&':'').'mainmenu='.$newTabMenu[$i]['url'].'&leftmenu=';
}
if ((! preg_match('/mainmenu/i',$param)) && (! preg_match('/leftmenu/i',$param)) && empty($newTabMenu[$i]['url']))
if ((! preg_match('/mainmenu/i',$param)) && (! preg_match('/leftmenu/i',$param)) && empty($newTabMenu[$i]['url']))
{
$param.=($param?'&':'').'leftmenu=';
}
@ -136,7 +136,7 @@ function print_auguria_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$m
function print_start_menu_array_auguria()
{
global $conf;
print '<div class="tmenudiv">';
print '<ul class="tmenu"'.(empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)?'':' title="Top menu"').'>';
}
@ -250,7 +250,7 @@ function print_left_auguria_menu($db,$menu_array_before,$menu_array_after,&$tabM
$usemenuhider = (GETPOST('testmenuhider') || ! empty($conf->global->MAIN_TESTMENUHIDER));
global $usemenuhider;
// Show logo company
if (empty($noout) && ! empty($conf->global->MAIN_SHOW_LOGO) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER))
{
@ -284,7 +284,7 @@ function print_left_auguria_menu($db,$menu_array_before,$menu_array_after,&$tabM
print '</div>'."\n";
print "<!-- End SearchForm -->\n";
}
// We update newmenu with entries found into database
$menuArbo = new Menubase($db,'auguria');
$newmenu = $menuArbo->menuLeftCharger($newmenu,$mainmenu,$leftmenu,($user->societe_id?1:0),'auguria',$tabMenu);
@ -401,7 +401,7 @@ function print_left_auguria_menu($db,$menu_array_before,$menu_array_after,&$tabM
for($j = ($i + 1); $j < $num; $j++)
{
if (empty($menu_array[$j]['level'])) $lastopened=false;
}
}
if ($altok % 2 == 0)
{
print '<div class="blockvmenuimpair'.($lastopened?' blockvmenulast':'').($altok == 1 ? ' blockvmenufirst':'').'">'."\n";
@ -454,9 +454,12 @@ function print_left_auguria_menu($db,$menu_array_before,$menu_array_after,&$tabM
// Menu niveau > 0
if ($menu_array[$i]['level'] > 0)
{
if ($menu_array[$i]['enabled'])
$cssmenu = '';
if ($menu_array[$i]['url']) $cssmenu = ' menu_contenu'.dol_string_nospecial(preg_replace('/\.php.*$/','',$menu_array[$i]['url']));
if ($menu_array[$i]['enabled'])
{
print '<div class="menu_contenu">'.$tabstring;
print '<div class="menu_contenu'.$cssmenu.'">'.$tabstring;
if ($menu_array[$i]['url']) print '<a class="vsmenu" href="'.$url.'"'.($menu_array[$i]['target']?' target="'.$menu_array[$i]['target'].'"':'').'>';
else print '<span class="vsmenu">';
print $menu_array[$i]['titre'];
@ -468,7 +471,7 @@ function print_left_auguria_menu($db,$menu_array_before,$menu_array_after,&$tabM
}
else if ($showmenu)
{
print '<div class="menu_contenu">'.$tabstring.'<font class="vsmenudisabled vsmenudisabledmargin">'.$menu_array[$i]['titre'].'</font><br></div>'."\n";
print '<div class="menu_contenu'.$cssmenu.'">'.$tabstring.'<font class="vsmenudisabled vsmenudisabledmargin">'.$menu_array[$i]['titre'].'</font><br></div>'."\n";
}
}
@ -480,7 +483,7 @@ function print_left_auguria_menu($db,$menu_array_before,$menu_array_after,&$tabM
if ($blockvmenuopened) { print "</div>\n"; $blockvmenuopened=false; }
}
}
if ($altok) print '<div class="blockvmenuend"></div>';
}
@ -493,7 +496,7 @@ function print_left_auguria_menu($db,$menu_array_before,$menu_array_after,&$tabM
print '</div>'."\n";
print "<!-- End Bookmarks -->\n";
}
return count($menu_array);
}

9
htdocs/core/menus/standard/eldy.lib.php
View File

@ -1561,9 +1561,12 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu
// Menu niveau > 0
if ($menu_array[$i]['level'] > 0)
{
if ($menu_array[$i]['enabled'])
$cssmenu = '';
if ($menu_array[$i]['url']) $cssmenu = ' menu_contenu'.dol_string_nospecial(preg_replace('/\.php.*$/','',$menu_array[$i]['url']));
if ($menu_array[$i]['enabled'])
{
print '<div class="menu_contenu">'.$tabstring;
print '<div class="menu_contenu'.$cssmenu.'">'.$tabstring;
if ($menu_array[$i]['url']) print '<a class="vsmenu" href="'.$url.'"'.($menu_array[$i]['target']?' target="'.$menu_array[$i]['target'].'"':'').'>';
else print '<span class="vsmenu">';
print $menu_array[$i]['titre'];
@ -1575,7 +1578,7 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu
}
else if ($showmenu)
{
print '<div class="menu_contenu">'.$tabstring.'<font class="vsmenudisabled vsmenudisabledmargin">'.$menu_array[$i]['titre'].'</font><br></div>'."\n";
print '<div class="menu_contenu'.$cssmenu.'">'.$tabstring.'<font class="vsmenudisabled vsmenudisabledmargin">'.$menu_array[$i]['titre'].'</font><br></div>'."\n";
}
}

20
htdocs/core/menus/standard/empty.php
View File

@ -82,7 +82,7 @@ class MenuManager
{
return 1;
}
if ($mode == 'top' || $mode == 'jmobile')
{
if (empty($noout)) print_start_menu_array_empty();
@ -98,13 +98,13 @@ class MenuManager
$showmode=1;
$classname = 'class="tmenu menuhider"';
$idsel='menu';
if (empty($noout)) print_start_menu_entry($idsel,$classname,$showmode);
if (empty($noout)) print_text_menu_entry('', 1, '#', $id, $idsel, $classname, $atarget);
if (empty($noout)) print_end_menu_entry($showmode);
$menu->add('#', '', 0, $showmode, $atarget, "xxx", '');
}
}
if (empty($noout)) print_start_menu_entry_empty($idsel, $classname, $showmode);
if (empty($noout)) print_text_menu_entry_empty($langs->trans("Home"), 1, dol_buildpath('/index.php',1).'?mainmenu=home&amp;leftmenu=', $id, $idsel, $classname, $this->atarget);
if (empty($noout)) print_end_menu_entry_empty($showmode);
@ -201,8 +201,12 @@ class MenuManager
print '<div class="menu_top"></div>'."\n";
}
if ($this->menu->liste[$i]['level'] > 0) {
print '<div class="menu_contenu">';
if ($this->menu->liste[$i]['level'] > 0)
{
$cssmenu = '';
if ($this->menu->liste[$i]['url']) $cssmenu = ' menu_contenu'.dol_string_nospecial(preg_replace('/\.php.*$/','',$this->menu->liste[$i]['url']));
print '<div class="menu_contenu'.$cssmenu.'">';
if ($this->menu->liste[$i]['enabled'])
{
@ -229,7 +233,7 @@ class MenuManager
print "</div>\n";
}
}
if ($altok) print '<div class="blockvmenuend"></div>';
}
@ -308,7 +312,7 @@ class MenuManager
function print_start_menu_array_empty()
{
global $conf;
print '<div class="tmenudiv">';
print '<ul class="tmenu"'.(empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)?'':' title="Top menu"').'>';
}

8
htdocs/core/search_page.php
View File

@ -35,7 +35,7 @@ if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU',1);
require_once '../main.inc.php';
if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL by the main.inc.php
if (GETPOST('lang', 'aZ09')) $langs->setDefaultLang(GETPOST('lang', 'aZ09')); // If language was forced on URL by the main.inc.php
$langs->load("main");
$right=($langs->trans("DIRECTION")=='rtl'?'left':'right');
$left=($langs->trans("DIRECTION")=='rtl'?'right':'left');
@ -76,11 +76,11 @@ if ($conf->use_javascript_ajax && 1 == 2) // select2 is ko with jmobile
else
{
$conf->global->MAIN_HTML5_PLACEHOLDER = 1;
$usedbyinclude = 1; // Used into next include
include DOL_DOCUMENT_ROOT.'/core/ajax/selectsearchbox.php';
$accesskeyalreadyassigned=array();
foreach($arrayresult as $key => $val)
{

2
htdocs/core/tpl/ajax/fileupload_main.tpl.php
View File

@ -45,7 +45,7 @@ $(function () {
// Events
$('#fileupload').fileupload({
stop: function (e, data) {
location.href='<?php echo $_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"]; ?>';
location.href='<?php echo dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]); ?>';
},
destroy: function (e, data) {
var that = $(this).data('fileupload');

6
htdocs/core/tpl/login.tpl.php
View File

@ -31,6 +31,10 @@ if (GETPOST('dol_use_jmobile')) $conf->dol_use_jmobile=1;
// If we force to use jmobile, then we reenable javascript
if (! empty($conf->dol_use_jmobile)) $conf->use_javascript_ajax=1;
$php_self = dol_escape_htmltag($_SERVER['PHP_SELF']);
$php_self.= dol_escape_htmltag($_SERVER["QUERY_STRING"])?'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]):'';
if (! preg_match('/mainmenu=/',$php_self)) $php_self.=(preg_match('/\?/',$php_self)?'&':'?').'mainmenu=home';
// Javascript code on logon page only to detect user tz, dst_observed, dst_first, dst_second
$arrayofjs=array(
'/includes/jstz/jstz.min.js'.(empty($conf->dol_use_jmobile)?'':'?version='.urlencode(DOL_VERSION)),
@ -80,7 +84,7 @@ $(document).ready(function () {
<tr class="vmenu"><td class="center">
<?php
if ($disablenofollow) echo '<a class="login_table_title" href="https://www.dolibarr.org" target="_blank">';
echo dol_escape_htmltag($title);
echo dol_escape_htmltag($title);
if ($disablenofollow) echo '</a>';
?>
</td></tr>

2
htdocs/core/tpl/objectline_create.tpl.php
View File

@ -725,7 +725,7 @@ function setforpredef() {
jQuery("#select_type").val(-1);
jQuery("#prod_entry_mode_free").prop('checked',false);
jQuery("#prod_entry_mode_predef").prop('checked',true);
jQuery("#price_ht").hide();
jQuery("#price_ht").val('').hide();
jQuery("#multicurrency_price_ht").hide();
jQuery("#price_ttc").hide(); // May no exists
jQuery("#tva_tx").hide();

7
htdocs/core/tpl/passwordforgotten.tpl.php
View File

@ -28,6 +28,9 @@ if (GETPOST('dol_use_jmobile')) $conf->dol_use_jmobile=1;
// If we force to use jmobile, then we reenable javascript
if (! empty($conf->dol_use_jmobile)) $conf->use_javascript_ajax=1;
$php_self = dol_escape_htmltag($_SERVER['PHP_SELF']);
$php_self.= dol_escape_htmltag($_SERVER["QUERY_STRING"])?'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]):'';
print top_htmlhead('',$langs->trans('SendNewPassword'));
?>
<!-- BEGIN PHP TEMPLATE PASSWORDFORGOTTEN.TPL.PHP -->
@ -94,7 +97,7 @@ if (! empty($hookmanager->resArray['options'])) {
}
?>
<?php if ($captcha) {
<?php if ($captcha) {
// Add a variable param to force not using cache (jmobile)
$php_self = preg_replace('/[&\?]time=(\d+)/','',$php_self); // Remove param time
if (preg_match('/\?/',$php_self)) $php_self.='&time='.dol_print_date(dol_now(),'dayhourlog');
@ -129,7 +132,7 @@ if (! empty($hookmanager->resArray['options'])) {
<div id="login_line2" style="clear: both">
<!-- Button Send password -->
<br><input id="password" type="submit" <?php echo $disabled; ?> class="button" name="password" value="<?php echo $langs->trans('SendNewPassword'); ?>" tabindex="4" />
<br><input type="submit" <?php echo $disabled; ?> class="button" name="password" value="<?php echo $langs->trans('SendNewPassword'); ?>" tabindex="4" />
<br>
<div align="center" style="margin-top: 8px;">

87
htdocs/don/card.php
View File

@ -50,7 +50,7 @@ $cancel=GETPOST('cancel');
$amount=GETPOST('amount');
$donation_date=dol_mktime(12, 0, 0, GETPOST('remonth'), GETPOST('reday'), GETPOST('reyear'));
$projectid = (GETPOST('projectid') ? GETPOST('projectid', 'int') : 0);
$object = new Don($db);
$extrafields = new ExtraFields($db);
@ -316,17 +316,17 @@ if ($action == 'create')
print '</td>';
// Amount
print "<tr>".'<td class="fieldrequired">'.$langs->trans("Amount").'</td><td><input type="text" name="amount" value="'.GETPOST("amount").'" size="10"> '.$langs->trans("Currency".$conf->currency).'</td></tr>';
print "<tr>".'<td class="fieldrequired">'.$langs->trans("Amount").'</td><td><input type="text" name="amount" value="'.dol_escape_htmltag(GETPOST("amount")).'" size="10"> '.$langs->trans("Currency".$conf->currency).'</td></tr>';
print '<tr><td class="fieldrequired">'.$langs->trans("PublicDonation")."</td><td>";
print $form->selectyesno("public",isset($_POST["public"])?$_POST["public"]:1,1);
print "</td></tr>\n";
print "<tr>".'<td>'.$langs->trans("Company").'</td><td><input type="text" name="societe" value="'.GETPOST("societe").'" size="40"></td></tr>';
print "<tr>".'<td>'.$langs->trans("Lastname").'</td><td><input type="text" name="lastname" value="'.GETPOST("lastname").'" size="40"></td></tr>';
print "<tr>".'<td>'.$langs->trans("Firstname").'</td><td><input type="text" name="firstname" value="'.GETPOST("firstname").'" size="40"></td></tr>';
print "<tr>".'<td>'.$langs->trans("Company").'</td><td><input type="text" name="societe" value="'.dol_escape_htmltag(GETPOST("societe")).'" size="40"></td></tr>';
print "<tr>".'<td>'.$langs->trans("Lastname").'</td><td><input type="text" name="lastname" value="'.dol_escape_htmltag(GETPOST("lastname")).'" size="40"></td></tr>';
print "<tr>".'<td>'.$langs->trans("Firstname").'</td><td><input type="text" name="firstname" value="'.dol_escape_htmltag(GETPOST("firstname")).'" size="40"></td></tr>';
print "<tr>".'<td>'.$langs->trans("Address").'</td><td>';
print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="3">'.GETPOST("address").'</textarea></td></tr>';
print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="3">'.dol_escape_htmltag(GETPOST("address")).'</textarea></td></tr>';
// Zip / Town
print '<tr><td>'.$langs->trans("Zip").' / '.$langs->trans("Town").'</td><td>';
@ -341,7 +341,7 @@ if ($action == 'create')
if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"),1);
print '</td></tr>';
print "<tr>".'<td>'.$langs->trans("EMail").'</td><td><input type="text" name="email" value="'.GETPOST("email").'" size="40"></td></tr>';
print "<tr>".'<td>'.$langs->trans("EMail").'</td><td><input type="text" name="email" value="'.dol_escape_htmltag(GETPOST("email")).'" size="40"></td></tr>';
// Public note
print '<tr>';
@ -384,9 +384,9 @@ if ($action == 'create')
dol_fiche_end();
print '<div class="center">';
print '<input type="submit" class="button" name="save" value="'.$langs->trans("Save").'">';
print '<input type="submit" class="button" name="save" value="'.dol_escape_htmltag($langs->trans("Save")).'">';
print '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;';
print '<input type="button" class="button" value="' . $langs->trans("Cancel") . '" onClick="javascript:history.go(-1)">';
print '<input type="button" class="button" value="'.dol_escape_htmltag($langs->trans("Cancel")).'" onClick="javascript:history.go(-1)">';
print '</div>';
print "</form>\n";
@ -438,7 +438,7 @@ if (! empty($id) && $action == 'edit')
// Amount
if ($object->statut == 0)
{
print "<tr>".'<td class="fieldrequired">'.$langs->trans("Amount").'</td><td><input type="text" name="amount" size="10" value="'.$object->amount.'"> '.$langs->trans("Currency".$conf->currency).'</td></tr>';
print "<tr>".'<td class="fieldrequired">'.$langs->trans("Amount").'</td><td><input type="text" name="amount" size="10" value="'.dol_escape_htmltag($object->amount).'"> '.$langs->trans("Currency".$conf->currency).'</td></tr>';
}
else
{
@ -453,11 +453,11 @@ if (! empty($id) && $action == 'edit')
print "</tr>\n";
$langs->load("companies");
print '<tr><td>'.$langs->trans("Company").'</td><td><input type="text" name="societe" size="40" value="'.$object->societe.'"></td></tr>';
print '<tr><td>'.$langs->trans("Lastname").'</td><td><input type="text" name="lastname" size="40" value="'.$object->lastname.'"></td></tr>';
print '<tr><td>'.$langs->trans("Firstname").'</td><td><input type="text" name="firstname" size="40" value="'.$object->firstname.'"></td></tr>';
print '<tr><td>'.$langs->trans("Company").'</td><td><input type="text" name="societe" size="40" value="'.dol_escape_htmltag($object->societe).'"></td></tr>';
print '<tr><td>'.$langs->trans("Lastname").'</td><td><input type="text" name="lastname" size="40" value="'.dol_escape_htmltag($object->lastname).'"></td></tr>';
print '<tr><td>'.$langs->trans("Firstname").'</td><td><input type="text" name="firstname" size="40" value="'.dol_escape_htmltag($object->firstname).'"></td></tr>';
print '<tr><td>'.$langs->trans("Address").'</td><td>';
print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.$object->address.'</textarea></td></tr>';
print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.dol_escape_htmltag($object->address).'</textarea></td></tr>';
// Zip / Town
print '<tr><td>'.$langs->trans("Zip").' / '.$langs->trans("Town").'</td><td>';
@ -472,7 +472,7 @@ if (! empty($id) && $action == 'edit')
if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"),1);
print '</td></tr>';
print "<tr>".'<td>'.$langs->trans("EMail").'</td><td><input type="text" name="email" size="40" value="'.$object->email.'"></td></tr>';
print "<tr>".'<td>'.$langs->trans("EMail").'</td><td><input type="text" name="email" size="40" value="'.dol_escape_htmltag($object->email).'"></td></tr>';
print "<tr><td>".$langs->trans("PaymentMode")."</td><td>\n";
@ -544,9 +544,9 @@ if (! empty($id) && $action != 'edit')
// Print form confirm
print $formconfirm;
$linkback = '<a href="'.DOL_URL_ROOT.'/don/list.php'.(! empty($socid)?'?socid='.$socid:'').'">'.$langs->trans("BackToList").'</a>';
$morehtmlref='<div class="refidno">';
// Project
if (! empty($conf->projet->enabled))
@ -581,8 +581,8 @@ if (! empty($id) && $action != 'edit')
}
}
$morehtmlref.='</div>';
dol_banner_tab($object, 'rowid', $linkback, 1, 'rowid', 'ref', $morehtmlref);
@ -592,13 +592,6 @@ if (! empty($id) && $action != 'edit')
print '<table class="border" width="100%">';
// Ref
/*
print '<tr><td class="titlefield">'.$langs->trans("Ref").'</td><td colspan="2">';
print $form->showrefnav($object, 'rowid', $linkback, 1, 'rowid', 'ref', '');
print '</td>';
print '</tr>';
*/
// Date
print '<tr><td class="titlefield">'.$langs->trans("Date").'</td><td colspan="2">';
print dol_print_date($object->date,"day");
@ -615,52 +608,12 @@ if (! empty($id) && $action != 'edit')
print '<tr><td>'.$langs->trans("Company").'</td><td colspan="2">'.$object->societe.'</td></tr>';
print '<tr><td>'.$langs->trans("Lastname").'</td><td colspan="2">'.$object->lastname.'</td></tr>';
print '<tr><td>'.$langs->trans("Firstname").'</td><td colspan="2">'.$object->firstname.'</td></tr>';
/*print '<tr><td>'.$langs->trans("Address").'</td><td>'.dol_nl2br($object->address).'</td>';
// Zip / Town
print '<tr><td>'.$langs->trans("Zip").' / '.$langs->trans("Town").'</td><td>';
print $object->zip.($object->zip && $object->town?' / ':'').$object->town.'</td></tr>';
// Country
print '<tr><td>'.$langs->trans('Country').'</td><td>';
if (! empty($object->country_code))
{
$img=picto_from_langcode($object->country_code);
print ($img?$img.' ':'');
print $object->country;
}
else
{
print $object->country_olddata;
}
print '</td></tr>';
// EMail
print "<tr>".'<td>'.$langs->trans("EMail").'</td><td>'.dol_print_email($object->email).'</td></tr>';
*/
// Payment mode
print "<tr><td>".$langs->trans("PaymentMode")."</td><td>";
$form->form_modes_reglement(null, $object->modepaymentid,'none');
print "</td></tr>\n";
//print "<tr>".'<td>'.$langs->trans("Status").'</td><td>'.$object->getLibStatut(4).'</td></tr>';
// Project
/*
if (! empty($conf->projet->enabled))
{
print '<tr>';
print '<td>'.$langs->trans("Project").'</td>';
print '<td>';
$projettmp=new Project($db);
$projettmp->id=$object->fk_projet;
$projettmp->ref=$object->project;
if(! empty($object->fk_projet)) print $projettmp->getNomUrl(1);
print '</td>';
print '</tr>';
}*/
// Other attributes
$cols = 2;
include DOL_DOCUMENT_ROOT . '/core/tpl/extrafields_view.tpl.php';

2
htdocs/ecm/ajax/ecmdatabase.php
View File

@ -39,7 +39,7 @@ $element = GETPOST('element', 'alpha');
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Load original field value
if (isset($action) && ! empty($action))

2
htdocs/expensereport/ajax/ajaxprojet.php
View File

@ -46,7 +46,7 @@ require '../../main.inc.php';
//top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header.
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
dol_syslog(join(',',$_GET));

6
htdocs/externalsite/frames.php
View File

@ -34,11 +34,11 @@ if (empty($conf->global->EXTERNALSITE_URL))
llxFooter();
}
$mainmenu=GETPOST('mainmenu', 'alpha');
$leftmenu=GETPOST('leftmenu', 'alpha');
$mainmenu=GETPOST('mainmenu', "aZ09");
$leftmenu=GETPOST('leftmenu', "aZ09");
$idmenu=GETPOST('idmenu', 'int');
$theme=GETPOST('theme', 'alpha');
$codelang=GETPOST('lang', 'alpha');
$codelang=GETPOST('lang', 'aZ09');
print "
<html>

18
htdocs/fourn/ajax/getSupplierPrices.php
View File

@ -46,7 +46,7 @@ $langs->load('margins');
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
if ($idprod > 0)
{
@ -55,7 +55,7 @@ if ($idprod > 0)
$sorttouse = 's.nom, pfp.quantity, pfp.price';
if (GETPOST('bestpricefirst')) $sorttouse = 'pfp.unitprice, s.nom, pfp.quantity, pfp.price';
$productSupplierArray = $producttmp->list_product_fournisseur_price($idprod, $sorttouse); // We list all price per supplier, and then firstly with the lower quantity. So we can choose first one with enough quantity into list.
if ( is_array($productSupplierArray))
{
@ -63,15 +63,15 @@ if ($idprod > 0)
{
$price = $productSupplier->fourn_price * (1 - $productSupplier->fourn_remise_percent / 100);
$unitprice = $productSupplier->fourn_unitprice * (1 - $productSupplier->fourn_remise_percent / 100);
$title = $productSupplier->fourn_name.' - '.$productSupplier->fourn_ref.' - ';
if ($productSupplier->fourn_qty == 1)
{
$title.= price($price,0,$langs,0,0,-1,$conf->currency)."/";
}
$title.= $productSupplier->fourn_qty.' '.($productSupplier->fourn_qty == 1 ? $langs->trans("Unit") : $langs->trans("Units"));
if ($productSupplier->fourn_qty > 1)
{
$title.=" - ";
@ -84,19 +84,19 @@ if ($idprod > 0)
$title.= price($productSupplier->fourn_unitcharges,0,$langs,0,0,-1,$conf->currency);
$price += $productSupplier->fourn_unitcharges;
}
$label = price($price,0,$langs,0,0,-1,$conf->currency)."/".$langs->trans("Unit");
if ($productSupplier->fourn_ref) $label.=' ('.$productSupplier->fourn_ref.')';
$prices[] = array("id" => $productSupplier->product_fourn_price_id, "price" => price2num($price,0,'',0), "label" => $label, "title" => $title); // For price field, we must use price2num(), for label or title, price()
}
}
// Add price for costprice
$price=$producttmp->cost_price;
$prices[] = array("id" => 'costprice', "price" => price2num($price), "label" => $langs->trans("CostPrice").': '.price($price,0,$langs,0,0,-1,$conf->currency), "title" => $langs->trans("PMPValueShort").': '.price($price,0,$langs,0,0,-1,$conf->currency)); // For price field, we must use price2num(), for label or title, price()
if(!empty($conf->stock->enabled))
if(!empty($conf->stock->enabled))
{
// Add price for pmp
$price=$producttmp->pmp;

74
htdocs/fourn/commande/card.php
View File

@ -275,7 +275,7 @@ if (empty($reshook))
if ($action == 'addline' && $user->rights->fournisseur->commande->creer)
{
$db->begin();
$langs->load('errors');
$error = 0;
@ -441,7 +441,7 @@ if (empty($reshook))
$ht = $ttc / (1 + ($tva_tx / 100));
$price_base_type = 'HT';
}
$pu_ht_devise = price2num($price_ht_devise, 'MU');
$result=$object->addline($desc, $ht, $qty, $tva_tx, $localtax1_tx, $localtax2_tx, 0, 0, '', $remise_percent, $price_base_type, $ttc, $type,'','', $date_start, $date_end, $array_options, $fk_unit, $pu_ht_devise);
@ -451,7 +451,7 @@ if (empty($reshook))
if (! $error && $result > 0)
{
$db->commit();
$ret=$object->fetch($object->id); // Reload to get new records
// Define output language
@ -508,7 +508,7 @@ if (empty($reshook))
$db->rollback();
setEventMessages($object->error, $object->errors, 'errors');
}
$action = '';
}
@ -543,7 +543,7 @@ if (empty($reshook))
$localtax1_tx=get_localtax($tva_tx,1,$mysoc,$object->thirdparty);
$localtax2_tx=get_localtax($tva_tx,2,$mysoc,$object->thirdparty);
$pu_ht_devise = GETPOST('multicurrency_subprice');
// Extrafields Lines
@ -1391,7 +1391,7 @@ if ($action=='create')
// If not defined, set default value from constant
if (empty($cond_reglement_id) && ! empty($conf->global->SUPPLIER_ORDER_DEFAULT_PAYMENT_TERM_ID)) $cond_reglement_id=$conf->global->SUPPLIER_ORDER_DEFAULT_PAYMENT_TERM_ID;
if (empty($mode_reglement_id) && ! empty($conf->global->SUPPLIER_ORDER_DEFAULT_PAYMENT_MODE_ID)) $mode_reglement_id=$conf->global->SUPPLIER_ORDER_DEFAULT_PAYMENT_MODE_ID;
print '<form name="add" action="'.$_SERVER["PHP_SELF"].'" method="post">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add">';
@ -1577,7 +1577,7 @@ if ($action=='create')
elseif (! empty($object->id))
{
$result = $object->fetch($id, $ref);
$societe = new Fournisseur($db);
$result=$societe->fetch($object->socid);
if ($result < 0) dol_print_error($db);
@ -1587,7 +1587,7 @@ elseif (! empty($object->id))
$res=$object->fetch_optionals($object->id,$extralabels);
$head = ordersupplier_prepare_head($object);
$title=$langs->trans("SupplierOrder");
@ -1724,11 +1724,11 @@ elseif (! empty($object->id))
// Print form confirm
print $formconfirm;
// Supplier order card
$linkback = '<a href="'.DOL_URL_ROOT.'/fourn/commande/list.php'.(! empty($socid)?'?socid='.$socid:'').'">'.$langs->trans("BackToList").'</a>';
$morehtmlref='<div class="refidno">';
// Ref supplier
$morehtmlref.=$form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->fournisseur->commande->creer, 'string', '', 0, 1);
@ -1768,15 +1768,15 @@ elseif (! empty($object->id))
}
}
$morehtmlref.='</div>';
dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref);
dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref);
print '<div class="fichecenter">';
print '<div class="fichehalfleft">';
print '<div class="underbanner clearboth"></div>';
print '<table class="border" width="100%">';
// Date
@ -1969,12 +1969,12 @@ elseif (! empty($object->id))
include DOL_DOCUMENT_ROOT . '/core/tpl/extrafields_view.tpl.php';
print '</table>';
print '</div>';
print '<div class="fichehalfright">';
print '<div class="ficheaddleft">';
print '<div class="underbanner clearboth"></div>';
print '<table class="border centpercent">';
if (!empty($conf->multicurrency->enabled))
@ -1983,18 +1983,18 @@ elseif (! empty($object->id))
print '<tr><td class="titlefieldmiddle">' . fieldLabel('MulticurrencyAmountHT','multicurrency_total_ht') . '</td>';
print '<td class="nowrap">' . price($object->multicurrency_total_ht, '', $langs, 0, - 1, - 1, (!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency)) . '</td>';
print '</tr>';
// Multicurrency Amount VAT
print '<tr><td>' . fieldLabel('MulticurrencyAmountVAT','multicurrency_total_tva') . '</td>';
print '<td class="nowrap">' . price($object->multicurrency_total_tva, '', $langs, 0, - 1, - 1, (!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency)) . '</td>';
print '</tr>';
// Multicurrency Amount TTC
print '<tr><td>' . fieldLabel('MulticurrencyAmountTTC','multicurrency_total_ttc') . '</td>';
print '<td class="nowrap">' . price($object->multicurrency_total_ttc, '', $langs, 0, - 1, - 1, (!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency)) . '</td>';
print '</tr>';
}
// Total
print '<tr><td class="titlefieldmiddle">'.$langs->trans("AmountHT").'</td>';
print '<td>'.price($object->total_ht,'',$langs,1,-1,-1,$conf->currency).'</td>';
@ -2023,19 +2023,19 @@ elseif (! empty($object->id))
print '</tr>';
print '</table>';
// Margin Infos
/*if (! empty($conf->margin->enabled)) {
$formmargin->displayMarginInfos($object);
}*/
print '</div>';
print '</div>';
print '</div>';
print '<div class="clearboth"></div><br>';
if (! empty($conf->global->MAIN_DISABLE_CONTACTS_TAB))
{
$blocname = 'contacts';
@ -2591,19 +2591,29 @@ elseif (! empty($object->id))
// Create bill
if (! empty($conf->facture->enabled))
{
if (! empty($conf->fournisseur->enabled) && ($object->statut >= 2 && $object->billed != 1)) // 2 means accepted
if (! empty($conf->fournisseur->enabled) && ($object->statut >= 2 && $object->statut != 7 && $object->billed != 1)) // statut 2 means approved, 7 means canceled
{
if ($user->rights->fournisseur->facture->creer)
{
print '<a class="butAction" href="'.DOL_URL_ROOT.'/fourn/facture/card.php?action=create&amp;origin='.$object->element.'&amp;originid='.$object->id.'&amp;socid='.$object->socid.'">'.$langs->trans("CreateBill").'</a>';
}
if ($user->rights->fournisseur->commande->creer && $object->statut >= 2 && !empty($object->linkedObjectsIds['invoice_supplier']))
{
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=classifybilled">'.$langs->trans("ClassifyBilled").'</a>';
}
}
}
// Classify billed manually (need one invoice if module invoice is on, no condition on invoice if not)
if ($user->rights->fournisseur->commande->creer && $object->statut >= 2 && $object->statut != 7 && $object->billed != 1) // statut 2 means approved
{
if (empty($conf->facture->enabled))
{
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=classifybilled">'.$langs->trans("ClassifyBilled").'</a>';
}
else if (!empty($object->linkedObjectsIds['invoice_supplier']))
{
if ($user->rights->fournisseur->facture->creer)
{
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=classifybilled">'.$langs->trans("ClassifyBilled").'</a>';
}
}
}
// Create a remote order using WebService only if module is activated
@ -2696,7 +2706,7 @@ elseif (! empty($object->id))
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="livraison">';
print load_fiche_titre($langs->trans("Receive"),'','');
print '<table class="noborder" width="100%">';
//print '<tr class="liste_titre"><td colspan="2">'.$langs->trans("Receive").'</td></tr>';
print '<tr><td>'.$langs->trans("DeliveryDate").'</td><td>';

20
htdocs/holiday/list.php
View File

@ -66,7 +66,7 @@ $year_end = GETPOST('year_end');
$search_employe = GETPOST('search_employe');
$search_valideur = GETPOST('search_valideur');
$search_statut = GETPOST('select_statut');
$type = GETPOST('type','int');
$type = GETPOST('type','int');
// List of fields to search into when doing a "search in all"
$fieldstosearchall = array(
@ -82,7 +82,7 @@ $fieldstosearchall = array(
* Actions
*/
if (GETPOST("button_removefilter_x") || GETPOST("button_removefilter.x") || GETPOST("button_removefilter")) // Both test are required to be compatible with all browsers
if (GETPOST("button_removefilter_x") || GETPOST("button_removefilter.x") || GETPOST("button_removefilter")) // All tests are required to be compatible with all browsers
{
$search_ref="";
$month_create="";
@ -138,7 +138,7 @@ if($year_start > 0) {
}
} else {
if($month_start > 0) {
$filter.= " AND date_format(cp.date_debut, '%m') = '$month_start'";
$filter.= " AND date_format(cp.date_debut, '%m') = '".$db->escape($month_start)."'";
}
}
@ -153,7 +153,7 @@ if($year_end > 0) {
}
} else {
if($month_end > 0) {
$filter.= " AND date_format(cp.date_fin, '%m') = '$month_end'";
$filter.= " AND date_format(cp.date_fin, '%m') = '".$db->escape($month_end)."'";
}
}
@ -168,7 +168,7 @@ if($year_create > 0) {
}
} else {
if($month_create > 0) {
$filter.= " AND date_format(cp.date_create, '%m') = '$month_create'";
$filter.= " AND date_format(cp.date_create, '%m') = '".$db->escape($month_create)."'";
}
}
@ -313,7 +313,7 @@ print '</td>';
// DATE CREATE
print '<td class="liste_titre" align="center">';
print '<input class="flat" type="text" size="1" maxlength="2" name="month_create" value="'.$month_create.'">';
print '<input class="flat" type="text" size="1" maxlength="2" name="month_create" value="'.dol_escape_htmltag($month_create).'">';
$formother->select_year($year_create,'year_create',1, $min_year, 0);
print '</td>';
@ -368,13 +368,13 @@ print '<td class="liste_titre">&nbsp;</td>';
// DATE DEBUT
print '<td class="liste_titre" align="center">';
print '<input class="flat" type="text" size="1" maxlength="2" name="month_start" value="'.$month_start.'">';
print '<input class="flat" type="text" size="1" maxlength="2" name="month_start" value="'.dol_escape_htmltag($month_start).'">';
$formother->select_year($year_start,'year_start',1, $min_year, $max_year);
print '</td>';
// DATE FIN
print '<td class="liste_titre" align="center">';
print '<input class="flat" type="text" size="1" maxlength="2" name="month_end" value="'.$month_end.'">';
print '<input class="flat" type="text" size="1" maxlength="2" name="month_end" value="'.dol_escape_htmltag($month_end).'">';
$formother->select_year($year_end,'year_end',1, $min_year, $max_year);
print '</td>';
@ -409,7 +409,7 @@ if (! empty($holiday->holiday))
$userstatic->login=$infos_CP['user_login'];
$userstatic->statut=$infos_CP['user_statut'];
$userstatic->photo=$infos_CP['user_photo'];
// Valideur
$approbatorstatic->id=$infos_CP['fk_validator'];
$approbatorstatic->lastname=$infos_CP['validator_lastname'];
@ -417,7 +417,7 @@ if (! empty($holiday->holiday))
$approbatorstatic->login=$infos_CP['validator_login'];
$approbatorstatic->statut=$infos_CP['validator_statut'];
$approbatorstatic->photo=$infos_CP['validator_photo'];
$date = $infos_CP['date_create'];
print '<tr '.$bc[$var].'>';

6
htdocs/install/inc.php
View File

@ -265,7 +265,7 @@ if (function_exists('get_magic_quotes_gpc')) // magic_quotes_* removed in PHP 5.
// Defini objet langs
$langs = new Translate('..',$conf);
if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang'));
if (GETPOST('lang', 'aZ09')) $langs->setDefaultLang(GETPOST('lang', 'aZ09'));
else $langs->setDefaultLang('auto');
$bc[false]=' class="bg1"';
@ -452,9 +452,9 @@ function pFooter($nonext=0,$setuplang='',$jscheckfunction='', $withpleasewait=0)
print '<div class="nextbutton" id="nextbutton">';
if ($nonext == '2')
{
print $langs->trans("ErrorFoundDuringMigration", $_SERVER["REQUEST_URI"].'&ignoreerrors=1').'<br><br>';
print $langs->trans("ErrorFoundDuringMigration", $_SERVER["REQUEST_URI"].'&ignoreerrors=1').'<br><br>';
}
print '<input type="submit" '.($nonext == '2' ? 'disabled="disabled" ':'').'value="'.$langs->trans("NextStep").' ->"';
if ($jscheckfunction) print ' onClick="return '.$jscheckfunction.'();"';
print '></div>';

15
htdocs/install/mysql/migration/3.5.0-3.6.0.sql
View File

@ -62,6 +62,21 @@ ALTER TABLE llx_societe MODIFY COLUMN fk_currency varchar(3) NULL;
ALTER TABLE llx_bookmark ADD COLUMN entity integer DEFAULT 1 NOT NULL;
ALTER TABLE llx_bookmark MODIFY COLUMN url varchar(255) NOT NULL;
ALTER TABLE llx_opensurvey_sondage MODIFY COLUMN tms timestamp DEFAULT '2001-01-01 00:00:00';
-- Clean corrupted values for tms
-- VMYSQL4.1 SET sql_mode = 'ALLOW_INVALID_DATES';
-- VMYSQL4.1 update llx_opensurvey_sondage set tms = date_fin where DATE(STR_TO_DATE(tms, '%Y-%m-%d')) IS NULL;
-- VMYSQL4.1 SET sql_mode = 'NO_ZERO_DATE';
-- VMYSQL4.1 update llx_opensurvey_sondage set tms = date_fin where DATE(STR_TO_DATE(tms, '%Y-%m-%d')) IS NULL;
-- Remove default not null on date_fin
-- VMYSQL4.3 ALTER TABLE llx_opensurvey_sondage MODIFY COLUMN date_fin DATETIME NULL DEFAULT NULL;
-- VPGSQL8.2 ALTER TABLE llx_opensurvey_sondage ALTER COLUMN date_fin DROP NOT NULL;
ALTER TABLE llx_opensurvey_sondage MODIFY COLUMN tms timestamp DEFAULT CURRENT_TIMESTAMP;
ALTER TABLE llx_opensurvey_sondage ADD COLUMN entity integer DEFAULT 1 NOT NULL;
ALTER TABLE llx_opensurvey_sondage ADD COLUMN allow_comments tinyint NOT NULL DEFAULT 1;
-- ALTER TABLE llx_opensurvey_sondage DROP COLUMN survey_link_visible;

15
htdocs/main.inc.php
View File

@ -97,8 +97,9 @@ function test_sql_and_script_inject($val, $type)
$sql_inj += preg_match('/<script/i', $val);
if (! defined('NOSTYLECHECK')) $sql_inj += preg_match('/<style/i', $val);
$sql_inj += preg_match('/base[\s]+href/si', $val);
$sql_inj += preg_match('/<.*onmouse/si', $val); // onmousexxx can be set on img or any html tag like <img title='>' onmouseover=alert(1)>
$sql_inj += preg_match('/onerror\s*=/i', $val); // onerror can be set on img or any html tag like <img title='>' onerror = alert(1)>
$sql_inj += preg_match('/<.*onmouse/si', $val); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
$sql_inj += preg_match('/onerror\s*=/i', $val); // onerror can be set on img or any html tag like <img title='...' onerror = alert(1)>
// $sql_inj += preg_match('/onfocus\s*=/i', $val); // onfocus can be set on input text html tag like <input type='text' value='...' onfocus = alert(1)>
if ($type == 1)
{
$sql_inj += preg_match('/javascript:/i', $val);
@ -576,7 +577,7 @@ if (! defined('NOLOGIN'))
$paramsurl=array();
if (GETPOST('textbrowser')) $paramsurl[]='textbrowser='.GETPOST('textbrowser','int');
if (GETPOST('nojs')) $paramsurl[]='nojs='.GETPOST('nojs','int');
if (GETPOST('lang')) $paramsurl[]='lang='.GETPOST('lang','alpha');
if (GETPOST('lang')) $paramsurl[]='lang='.GETPOST('lang', 'aZ09');
header('Location: '.DOL_URL_ROOT.'/index.php'.(count($paramsurl)?'?'.implode('&',$paramsurl):''));
exit;
}
@ -635,7 +636,7 @@ if (! defined('NOLOGIN'))
$paramsurl=array();
if (GETPOST('textbrowser')) $paramsurl[]='textbrowser='.GETPOST('textbrowser','int');
if (GETPOST('nojs')) $paramsurl[]='nojs='.GETPOST('nojs','int');
if (GETPOST('lang')) $paramsurl[]='lang='.GETPOST('lang','alpha');
if (GETPOST('lang')) $paramsurl[]='lang='.GETPOST('lang', 'aZ09');
header('Location: '.DOL_URL_ROOT.'/index.php'.(count($paramsurl)?'?'.implode('&',$paramsurl):''));
exit;
}
@ -1477,14 +1478,14 @@ function top_menu($head, $title='', $target='', $disablejs=0, $disablehead=0, $a
// Link to print main content area
if (empty($conf->global->MAIN_PRINT_DISABLELINK) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER) && empty($conf->browser->phone))
{
$qs=$_SERVER["QUERY_STRING"];
$qs=dol_escape_htmltag($_SERVER["QUERY_STRING"]);
foreach($_POST as $key=>$value) {
if($key!=='action' && !is_array($value))$qs.='&'.$key.'='.urlencode($value);
if ($key!=='action' && !is_array($value)) $qs.='&'.$key.'='.urlencode($value);
}
$qs.=(($qs && $morequerystring)?'&':'').$morequerystring;
$text ='<a href="'.$_SERVER["PHP_SELF"].'?'.$qs.($qs?'&':'').'optioncss=print" target="_blank">';
$text ='<a href="'.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.$qs.($qs?'&':'').'optioncss=print" target="_blank">';
$text.= img_picto(":".$langs->trans("PrintContentArea"), 'printer_top.png', 'class="printer"');
$text.='</a>';
$toprightmenu.=@Form::textwithtooltip('',$langs->trans("PrintContentArea"),2,1,$text,'login_block_elem',2);

2
htdocs/master.inc.php
View File

@ -246,7 +246,7 @@ if (! defined('NOREQUIREDB') && ! defined('NOREQUIRESOC'))
// Set default language (must be after the setValues setting global $conf->global->MAIN_LANG_DEFAULT. Page main.inc.php will overwrite langs->defaultlang with user value later)
if (! defined('NOREQUIRETRAN'))
{
$langcode=(GETPOST('lang')?GETPOST('lang','alpha',1):(empty($conf->global->MAIN_LANG_DEFAULT)?'auto':$conf->global->MAIN_LANG_DEFAULT));
$langcode=(GETPOST('lang', 'aZ09')?GETPOST('lang', 'aZ09', 1):(empty($conf->global->MAIN_LANG_DEFAULT)?'auto':$conf->global->MAIN_LANG_DEFAULT));
$langs->setDefaultLang($langcode);
}

2
htdocs/product/ajax/products.php
View File

@ -57,7 +57,7 @@ $warehouseStatus = GETPOST('warehousestatus', 'alpha');
* View
*/
// print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
// print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
dol_syslog(join(',', $_GET));
// print_r($_GET);

2
htdocs/product/stats/card.php
View File

@ -69,7 +69,7 @@ if (! empty($id) || ! empty($ref) || GETPOST('id') == 'all')
{
llxHeader("",$langs->trans("ProductStatistics"));
$type = GETPOST('type');
$type = GETPOST('type', 'intcomma');
$helpurl='';
if ($type == '0')

2
htdocs/public/paybox/paymentko.php
View File

@ -62,7 +62,7 @@ $langs->load("paypal");
* View
*/
dol_syslog("Callback url when a PayBox payment was canceled. query_string=".(empty($_SERVER["QUERY_STRING"])?'':$_SERVER["QUERY_STRING"])." script_uri=".(empty($_SERVER["SCRIPT_URI"])?'':$_SERVER["SCRIPT_URI"]), LOG_DEBUG, 0, '_paybox');
dol_syslog("Callback url when a PayBox payment was canceled. query_string=".(dol_escape_htmltag($_SERVER["QUERY_STRING"])?dol_escape_htmltag($_SERVER["QUERY_STRING"]):'')." script_uri=".(dol_escape_htmltag($_SERVER["SCRIPT_URI"])?dol_escape_htmltag($_SERVER["SCRIPT_URI"]):''), LOG_DEBUG, 0, '_paybox');
$tracepost = "";
foreach($_POST as $k => $v) $tracepost .= "{$k} - {$v}\n";

2
htdocs/public/paybox/paymentok.php
View File

@ -70,7 +70,7 @@ if (empty($PAYBOXFULLTAG)) $PAYBOXFULLTAG=GETPOST('fulltag');
* View
*/
dol_syslog("Callback url when a PayBox payment was done. query_string=".(empty($_SERVER["QUERY_STRING"])?'':$_SERVER["QUERY_STRING"])." script_uri=".(empty($_SERVER["SCRIPT_URI"])?'':$_SERVER["SCRIPT_URI"]), LOG_DEBUG, 0, '_paybox');
dol_syslog("Callback url when a PayBox payment was done. query_string=".(dol_escape_htmltag($_SERVER["QUERY_STRING"])?dol_escape_htmltag($_SERVER["QUERY_STRING"]):'')." script_uri=".(dol_escape_htmltag($_SERVER["SCRIPT_URI"])?dol_escape_htmltag($_SERVER["SCRIPT_URI"]):''), LOG_DEBUG, 0, '_paybox');
$tracepost = "";
foreach($_POST as $k => $v) $tracepost .= "{$k} - {$v}\n";

6
htdocs/public/paypal/paymentko.php
View File

@ -70,7 +70,7 @@ if (empty($PAYPALFULLTAG)) $PAYPALFULLTAG=GETPOST('fulltag');
* View
*/
dol_syslog("Callback url when a PayPal payment was canceled. query_string=".(empty($_SERVER["QUERY_STRING"])?'':$_SERVER["QUERY_STRING"])." script_uri=".(empty($_SERVER["SCRIPT_URI"])?'':$_SERVER["SCRIPT_URI"]), LOG_DEBUG, 0, '_paypal');
dol_syslog("Callback url when a PayPal payment was canceled. query_string=".(dol_escape_htmltag($_SERVER["QUERY_STRING"])?dol_escape_htmltag($_SERVER["QUERY_STRING"]):'')." script_uri=".(dol_escape_htmltag($_SERVER["SCRIPT_URI"])?dol_escape_htmltag($_SERVER["SCRIPT_URI"]):''), LOG_DEBUG, 0, '_paypal');
$tracepost = "";
foreach($_POST as $k => $v) $tracepost .= "{$k} - {$v}\n";
@ -90,8 +90,8 @@ if (! empty($conf->global->PAYPAL_PAYONLINE_SENDEMAIL))
$FinalPaymentAmt = $_SESSION["Payment_Amount"];
// From env
$ipaddress = $_SESSION['ipaddress'];
$sendto=$conf->global->PAYPAL_PAYONLINE_SENDEMAIL;
$from=$conf->global->MAILING_EMAIL_FROM;

2
htdocs/public/paypal/paymentok.php
View File

@ -100,7 +100,7 @@ if (empty($PAYPALFULLTAG)) $PAYPALFULLTAG=GETPOST('fulltag');
* View
*/
dol_syslog("Callback url when a PayPal payment was done. query_string=".(empty($_SERVER["QUERY_STRING"])?'':$_SERVER["QUERY_STRING"])." script_uri=".(empty($_SERVER["SCRIPT_URI"])?'':$_SERVER["SCRIPT_URI"]), LOG_DEBUG, 0, '_paypal');
dol_syslog("Callback url when a PayPal payment was done. query_string=".(dol_escape_htmltag($_SERVER["QUERY_STRING"])?dol_escape_htmltag($_SERVER["QUERY_STRING"]):'')." script_uri=".(dol_escape_htmltag($_SERVER["SCRIPT_URI"])?dol_escape_htmltag($_SERVER["SCRIPT_URI"]):''), LOG_DEBUG, 0, '_paypal');
$tracepost = "";
foreach($_POST as $k => $v) $tracepost .= "{$k} - {$v}\n";

4
htdocs/societe/ajax/company.php
View File

@ -43,7 +43,7 @@ $id=GETPOST('id', 'int');
* View
*/
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
dol_syslog(join(',', $_GET));
//print_r($_GET);
@ -62,7 +62,7 @@ if (! empty($action) && $action == 'fetch' && ! empty($id))
$outlabel = '';
$outdesc = '';
$outtype = $object->type;
$outjson = array('ref' => $outref,'name' => $outname,'desc' => $outdesc,'type' => $outtype);
}

2
htdocs/societe/ajaxcompanies.php
View File

@ -44,7 +44,7 @@ require '../main.inc.php';
//top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header.
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
dol_syslog(join(',',$_GET));

2
htdocs/societe/ajaxcountries.php
View File

@ -45,7 +45,7 @@ $country=GETPOST('country', 'alpha');
//top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header.
top_httphead();
print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
dol_syslog(join(',',$_POST));

5
htdocs/supplier_proposal/card.php
View File

@ -808,11 +808,6 @@ if (empty($reshook))
$price_min = $product->multiprices_min [$object->thirdparty->price_level];
$label = ((GETPOST('update_label') && GETPOST('product_label')) ? GETPOST('product_label') : '');
if ($price_min && (price2num($pu_ht) * (1 - price2num(GETPOST('remise_percent')) / 100) < price2num($price_min))) {
setEventMessages($langs->trans("CantBeLessThanMinPrice", price(price2num($price_min, 'MU'), 0, $langs, 0, 0, - 1, $conf->currency)), null, 'errors');
$error ++;
}
} else {
$type = GETPOST('type');
$label = (GETPOST('product_label') ? GETPOST('product_label') : '');

2
htdocs/support/inc.php
View File

@ -149,7 +149,7 @@ if (empty($conf->db->user)) $conf->db->user='';
// Defini objet langs
$langs = new Translate('..',$conf);
if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang'));
if (GETPOST('lang', 'aZ09')) $langs->setDefaultLang(GETPOST('lang', 'aZ09'));
else $langs->setDefaultLang('auto');
$bc[false]=' class="bg1"';

2
htdocs/theme/eldy/style.css.php
View File

@ -53,7 +53,7 @@ else header('Cache-Control: no-cache');
// On the fly GZIP compression for all pages (if browser support it). Must set the bit 3 of constant to 1.
if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x04)) { ob_start("ob_gzhandler"); }
if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang', 'alpha')); // If language was forced on URL
if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang', 'aZ09')); // If language was forced on URL
if (GETPOST('theme')) $conf->theme=GETPOST('theme', 'alpha'); // If theme was forced on URL
$langs->load("main",0,1);
$right=($langs->trans("DIRECTION")=='rtl'?'left':'right');

2
htdocs/theme/md/style.css.php
View File

@ -54,7 +54,7 @@ else header('Cache-Control: no-cache');
// On the fly GZIP compression for all pages (if browser support it). Must set the bit 3 of constant to 1.
if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x04)) { ob_start("ob_gzhandler"); }
if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL
if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang', 'aZ09')); // If language was forced on URL
if (GETPOST('theme')) $conf->theme=GETPOST('theme'); // If theme was forced on URL
$langs->load("main",0,1);
$right=($langs->trans("DIRECTION")=='rtl'?'left':'right');

48
htdocs/user/card.php
View File

@ -299,7 +299,7 @@ if (empty($reshook)) {
}
}
if ($action == 'update' && ! $cancel)
if ($action == 'update' && ! $cancel)
{
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
@ -318,7 +318,7 @@ if (empty($reshook)) {
$error ++;
}
if (!$error)
if (!$error)
{
$object->fetch($id);
@ -455,7 +455,7 @@ if (empty($reshook)) {
setEventMessages($langs->trans("ErrorFailedToSaveFile"), null, 'errors');
} else {
// Create thumbs
$object->addThumbs($newfile);
$object->addThumbs($newfile);
}
} else {
$error ++;
@ -464,7 +464,7 @@ if (empty($reshook)) {
}
}
}
if (! $error && ! count($object->errors))
{
// Then we add the associated categories
@ -475,7 +475,7 @@ if (empty($reshook)) {
if (!$error && !count($object->errors)) {
setEventMessages($langs->trans("UserModified"), null, 'mesgs');
$db->commit();
$login = $_SESSION["dol_login"];
if ($login && $login == $object->oldcopy->login && $object->oldcopy->login != $object->login) // Current user has changed its login
{
@ -494,11 +494,11 @@ if (empty($reshook)) {
if ($caneditpassword) // Case we can edit only password
{
dol_syslog("Not allowed to change fields, only password");
$object->fetch($id);
$object->oldcopy = clone $object;
$ret = $object->setPassword($user, GETPOST("password"));
if ($ret < 0)
{
@ -1059,7 +1059,7 @@ if (($action == 'create') || ($action == 'adduserldap'))
print '<input size="8" type="text" name="weeklyhours" value="'.GETPOST('weeklyhours').'">';
print '</td>';
print "</tr>\n";
// Date employment
print '<tr><td>'.$langs->trans("DateEmployment").'</td>';
print '<td>';
@ -1084,9 +1084,9 @@ if (($action == 'create') || ($action == 'adduserldap'))
print $formother->selectColor(GETPOST('color')?GETPOST('color'):$object->color, 'color', null, 1, '', 'hideifnotset');
print '</td></tr>';
}
// Categories
if (! empty($conf->categorie->enabled) && ! empty($user->rights->categorie->lire))
if (! empty($conf->categorie->enabled) && ! empty($user->rights->categorie->lire))
{
print '<tr><td>' . fieldLabel('Categories', 'usercats') . '</td><td colspan="3">';
$cate_arbo = $form->select_all_categories('user', null, 'parent', null, null, 1);
@ -1094,7 +1094,7 @@ if (($action == 'create') || ($action == 'adduserldap'))
null, '90%' );
print "</td></tr>";
}
// Note
print '<tr><td class="tdtop">';
print $langs->trans("Note");
@ -1137,10 +1137,10 @@ else
$object->fetch($id);
if ($res < 0) { dol_print_error($db,$object->error); exit; }
$res=$object->fetch_optionals($object->id,$extralabels);
// Check if user has rights
$object->getrights();
if(empty($object->nb_rights)) setEventMessages($langs->trans('UserHasNoPermissions'), null, 'warnings');
if (empty($object->nb_rights) && $object->statut != 0) setEventMessages($langs->trans('UserHasNoPermissions'), null, 'warnings');
// Connexion ldap
// pour recuperer passDoNotExpire et userChangePassNextLogon
@ -1455,7 +1455,7 @@ else
}
// Categories
if (! empty($conf->categorie->enabled) && ! empty($user->rights->categorie->lire))
if (! empty($conf->categorie->enabled) && ! empty($user->rights->categorie->lire))
{
print '<tr><td>' . $langs->trans( "Categories" ) . '</td>';
print '<td colspan="3">';
@ -1482,22 +1482,22 @@ else
print "</td></tr>\n";
}
}
if (isset($conf->file->main_authentication) && preg_match('/openid/',$conf->file->main_authentication) && ! empty($conf->global->MAIN_OPENIDURL_PERUSER))
{
print '<tr><td>'.$langs->trans("OpenIDURL").'</td>';
print '<td>'.$object->openid.'</td>';
print "</tr>\n";
}
print '<tr><td class="titlefield">'.$langs->trans("LastConnexion").'</td>';
print '<td>'.dol_print_date($object->datelastlogin,"dayhour").'</td>';
print "</tr>\n";
print '<tr><td>'.$langs->trans("PreviousConnexion").'</td>';
print '<td>'.dol_print_date($object->datepreviouslogin,"dayhour").'</td>';
print "</tr>\n";
// Other attributes
$parameters=array();
$reshook=$hookmanager->executeHooks('formObjectOptions',$parameters,$object,$action); // Note that $action and $object may have been modified by hook
@ -1505,7 +1505,7 @@ else
{
print $object->showOptionals($extrafields);
}
// Company / Contact
if (! empty($conf->societe->enabled))
{
@ -1673,7 +1673,7 @@ else
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'" />';
print '<input type="hidden" name="action" value="addgroup" />';
}
print '<table class="noborder" width="100%">'."\n";
print '<tr class="liste_titre"><th class="liste_titre" width="25%">'.$langs->trans("Groups").'</th>'."\n";
if(! empty($conf->multicompany->enabled) && !empty($conf->multicompany->transverse_mode) && $conf->entity == 1 && $user->admin && ! $user->entity)
@ -1765,7 +1765,7 @@ else
}
print "</table>";
if ($caneditgroup)
{
print '</form>';
@ -2237,9 +2237,9 @@ else
print $form->showphoto('userphoto',$object,60,0,$caneditfield,'photowithmargin','small');
print '</td>';
print '</tr>';
// Categories
if (!empty( $conf->categorie->enabled ) && !empty( $user->rights->categorie->lire ))
if (!empty( $conf->categorie->enabled ) && !empty( $user->rights->categorie->lire ))
{
print '<tr><td>' . fieldLabel( 'Categories', 'usercats' ) . '</td>';
print '<td>';

4
htdocs/user/index.php
View File

@ -647,9 +647,11 @@ while ($i < min($num,$limit))
print '<td align="center">'.$userstatic->getLibStatut(3).'</td>';
}
// Action column
print '<td></td>';
print '<td>';
print '</td>';
print "</tr>\n";
$i++;
}

3
htdocs/user/passwordforgotten.php
View File

@ -152,9 +152,6 @@ if ($action == 'buildnewpassword' && $username)
* View
*/
$php_self = $_SERVER['PHP_SELF'];
$php_self.= $_SERVER["QUERY_STRING"]?'?'.$_SERVER["QUERY_STRING"]:'';
$dol_url_root = DOL_URL_ROOT;
// Title