diff --git a/.travis.yml b/.travis.yml index 639183de6ff..2479de608ef 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,8 +6,6 @@ os: linux dist: xenial #dist: bionic -# Deprecated: The key sudo has no effect anymore. -#sudo: required language: php @@ -33,49 +31,25 @@ addons: # We need pgloader for import mysql database into pgsql - pgloader -php: -- '5.6' -- '7.4' -- nightly - env: global: # Set to true for very verbose output - DEBUG=false - jobs: - # MariaDB overrides MySQL installation so it's not possible to test both yet - #- DB=mariadb - - DB=mysql - - DB=postgresql - # See https://docs.travis-ci.com/user/languages/php/#Apache-%2B-PHP - #- WS=apache - # See https://github.com/DracoBlue/travis-ci-nginx-php-fpm-test - #- WS=nginx jobs: fast_finish: true allow_failures: - php: nightly - # We exclude some combinations not usefull to save Travis CPU - exclude: - - php: '7.0' - env: DB=mysql - - php: '7.1' - env: DB=mysql - - php: '7.2' - env: DB=mysql - - php: '7.3' - env: DB=mysql - - php: '7.0' - env: DB=postgresql - - php: '7.1' - env: DB=postgresql - - php: '7.2' - env: DB=postgresql - - php: '7.3' - env: DB=postgresql - - php: nightly - env: DB=postgresql + include: + - if: type = push + php: '5.6' + env: DB=postgresql + - if: type = pull_request OR type = push + php: '7.4' + env: DB=mysql + - if: type = push AND branch = develop + php: nightly + env: DB=mysql notifications: email: @@ -426,7 +400,7 @@ script: php step5.php 12.0.0 13.0.0 > $TRAVIS_BUILD_DIR/upgrade12001300-3.log # Enable modules not enabled into original dump - php upgrade2.php 0.0.0 0.0.0 MAIN_MODULE_API,MAIN_MODULE_SUPPLIERPROPOSAL,MAIN_MODULE_WEBSITE,MAIN_MODULE_TICKET,MAIN_MODULE_ACCOUNTING,MAIN_MODULE_MRP > $TRAVIS_BUILD_DIR/enablemodule.log + php upgrade2.php 0.0.0 0.0.0 MAIN_MODULE_API,MAIN_MODULE_SUPPLIERPROPOSAL,MAIN_MODULE_WEBSITE,MAIN_MODULE_TICKET,MAIN_MODULE_ACCOUNTING,MAIN_MODULE_MRP,MAIN_MODULE_RECRUITMENT > $TRAVIS_BUILD_DIR/enablemodule.log echo $? cd - set +e diff --git a/ChangeLog b/ChangeLog index 16811fd8f8b..4745cea7736 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,12 +9,12 @@ For users: ---------- NEW: Add module "Credit transfer SEPA" to manage payment of vendors using bank credit transfer SEPA files. NEW: Module Reception (for a more accurate management of your receptions) moved from experimental to stable. +NEW: Module Recruitment to manage Job position and applications. NEW: Several security issues after a private bug bounty campaign. -NEW: #15065 Put the product label in bold in the PDF templates if configured NEW: Accountancy - add chart of sub accounts NEW: Accountancy - add options to disable binding on sales, purchases & expense reports independently of the modules NEW: Accountancy balance - add a menu entry to show subtotal by group -NEW: Accountancy - move to real ledger, real journals, menu disposition +NEW: Accountancy - change menu disposition NEW: Accountancy - on transfers, select the periodicity by default NEW: Accountancy - Add export for Gestinum (v3 & v5) NEW: new currency rate editor @@ -29,25 +29,20 @@ NEW: Support documents generation for ticket edition (PDF or ODT) NEW: add column payment term into list of supplier invoices NEW: add column quantity in product margin page NEW: add column vat rate in page to define accounting account on product/service -NEW: add common list function for available app/module page NEW: add costprice in fields of products list NEW: added an import profile for CUSTOMER ORDER, PO, PROPOSAL MODULE, SUPPLIER INVOICE -NEW: added incoterms data into the substitution array NEW: add employee link in expense report binding page NEW: add EORI No. as ProfID5 -NEW: add export for various payment +NEW: add export for various payments NEW: add Extrafields labels and values in mail on create ticket NEW: add Extrafields support on ECM module NEW: add filter rules "is answer" and "is not answer" in email collector NEW: add focus when editing on product/stock/product.php Close #14548 -NEW: add formConfirm hook on product page NEW: add free text on each terminal of cash desk -NEW: add function dolButtonToOpenUrlInDialogPopup() to be able to open NEW: add global search for customer payments and vendor payments NEW: add global search for miscellaneous payments NEW: add helper function for table headers with numbers -NEW: add hooks on stats pages -NEW: add link to edit property from search result of website pages +NEW: add link to edit property from the search result of website pages NEW: add link to reset qty on supplier dispatch page NEW: add MAIN_EMAILCOLLECTOR_MAIL_WITHOUT_HEADER const to remove header stored by email collector NEW: add Manufacturing Orders attached files into the automatic ECM view @@ -55,9 +50,6 @@ NEW: add margin info in invoice list NEW: add mass action to set category on a list of website pages NEW: add mass deletion for events NEW: add mass deletion for draft invoices -NEW: add __MEMBER_TYPE__ substitution key -NEW: add a message in error_log after detection of SQL or script injection -NEW: add module Credit transfer SEPA to manage payment of supplier using NEW: add more filters on monthly statement list NEW: add option TAKEPOS_CAN_FORCE_BANK_ACCOUNT_DURING_PAYMENT NEW: add option to define a default warehouse at user level @@ -65,35 +57,27 @@ NEW: add option to include products without alert in replenish NEW: add order by lastname and firstname by default in get sales representatives NEW: add param to not show links when output tags NEW: add PDF document templates for warehouses (list of stock) -NEW: add property cssview when declaring fields of an object -NEW: add prospect status managment for the contact with managment of custom icon +NEW: add a prospect status for the contact with managment of custom icon NEW: add public note on products ; this also partially fix the #14342 -NEW: add quick dropdown menu in top right menu (MAIN_USE_TOP_MENU_QUICKADD_DROPDOWN) +NEW: add quick dropdown menu in top right menu (experimental with MAIN_USE_TOP_MENU_QUICKADD_DROPDOWN) NEW: add region in export companies and contacts NEW: add rights on margin info on invoice list NEW: add search param for close date on order list -NEW: add send context for ticket NEW: add show preview for mail attachement on form mail -NEW: add state origin for product NEW: add State/Province origin for products NEW: add the workflow interaction close intervention on closing ticket NEW: add third order printer to TakePOS NEW: add tracking number in list and search_all items -NEW: add two hooks printFieldListFrom and printFieldSearchParam -NEW: add __TYPE__ substitution key -NEW: add validation of MX domain for emails NEW: add vcard for adherent and user NEW: add week number for month view in agenda -NEW: Algeria data (TVA and forme_juridique) +NEW: Algeria data (VAT and forme_juridique) NEW: allow click on all header numbers on commerce area NEW: allow to reopen interventions (green button) -NEW: allow zero quality on supplier/vendor order line +NEW: allow zero quantity on supplier/vendor order line NEW: appearance tab in TakePOS with more visual parameters NEW: better currency rate editor -NEW: calculate the virtual stock in transverse mode ( not on getEntity('commande'), ... but on getEntity('stock') ) -NEW: can add event to log into blockedlog module with a constant NEW: can build vendor invoice from vendor orders -NEW: can change a product in line of recurring invoice or contract +NEW: can change a product in lines of a recurring invoice or contract NEW: can change size of logo on PDF documents NEW: can change VAT rate of all lines of a draft object in one step NEW: can define date range of validity of a login during creation @@ -102,47 +86,34 @@ NEW: can edit and set sales representatives directly on thirdparty card NEW: can edit the list of sending email profiles NEW: can enable/disable users in bulk actions NEW: can filter on accounting system ref in export of chart of account -NEW: can filter on container type, language and tags in the list of pages -NEW: can force the antivirus from conf file or autoprepend ini setup +NEW: can filter on container type, language and tags in the list of web pages NEW: can hide eatby, sellby dates with option PRODUCT_DISABLE_SELLBY and PRODUCT_DISABLE_EATBY NEW: can import proposals, sales orders, supplier invoices NEW: can set a dedicated SMTP config for sending email from public ticket interface NEW: can set tags/categories to website pages NEW: can set type of price without tax per default for new sale price creation NEW: can use desired stock of a given warehouse for replenishment -NEW: can use THEME_DARKMODEENABLED=2 for a preview of theme in dark mode NEW: change thirdparty with barcode scan in TakePOS NEW: common behavior for monthly leave list view -NEW: conf to allow show full arbo in warehouse getnomurl NEW: convert all subscription in datetime -NEW: create thirdparty customer from TakePOS +NEW: can create a thirdparty customer from TakePOS NEW: date shipment from order accepts hours -NEW: declinaison price level compatibility +NEW: price level compatibility for variant NEW: delayed payment in TakePOS -NEW: development of module Recruitment NEW: display date range if exist in TakePOS NEW: display resiliate status in TakePOS for member NEW: display stat for BOM on "object referent"/linked Object product tab -NEW: edit and update a ticket -NEW: edit or delete dispatched lines -NEW: Email configuration - allow auto signed certificat when smtp ssl activated +NEW: Email configuration - allow auto signed certificate when smtp ssl activated NEW: enable free emails input with select2 -NEW: endpoint getContacts and Clean results NEW: Events in agenda for contact -NEW: Field to link website page to an other object -NEW: fill ECM src object fields in dol_add_file_process NEW: filter on progress column in task list NEW: filter product list by country and/or state/province NEW: format tickets sent by mail in public interface -NEW: add juridical status for Algeria NEW: form to add customer/supplier into categories NEW: Framework is ready for CSRF token protection on explicit GET URLs -NEW: get all child recursively -NEW: get contacts list of a given order NEW: helper functions for export with phpspreadsheet NEW: hide closed contract lines NEW: hide label in PDF for variants -NEW: Hook on propal card NEW: if specific help page is available, we change color of icon NEW: include the tag editor of page as a popup into website editor NEW: introduce constant FACTUREFOURN_REUSE_NOTES_ON_CREATE_FROM @@ -168,21 +139,17 @@ NEW: rate editor for multicurrency NEW: ref_ext field for Commande lines, order lines, Attributes and Combinations, Invoice lines, payments, order lines NEW: remove new lines in mail on add ticket message NEW: restrict thirdparty to customer in TakePOS -NEW: allow to edit "demand reason" field though API NEW: Rule "email to" accept wildcard * NEW: Save filter of the project homepage -NEW: select-able columns on customer invoice paymnet list +NEW: select-able columns on customer and supplier invoice paymnet list NEW: select-able columns on miscellaneous payments + more data columns NEW: select-able columns on social taxes list -NEW: select-able columns on supplier invoice payment list NEW: send context and remove new lines on create ticket -NEW: set entity when creating invoice on takepos NEW: show available stock in TakePOS NEW: show category filter on lists only when user have rights to read categories -NEW: show header number and make it clickable in warehouse arean, payment area, shipment area +NEW: show header number and make it clickable in warehouse area, payment area, shipment area NEW: show image of user in the combo select of users NEW: show label on batch card -NEW: show line number on intervention card (via MAIN_VIEW_LINE_NUMBER) NEW: show links for select and multi-select in category extra field NEW: show module and permission ids on user/group rights (only admin) NEW: show place from events on import calender @@ -200,19 +167,33 @@ NEW: Thirdparty module : box on customer/supplier tab for invoice outsantding am NEW: ticket classification on create from email collector NEW: Ticket message notifications when edited from public interface NEW: translate classification labels in ticket -NEW: triggers create, modify, delete -NEW: VAT for Algeria -NEW: Use preselect third-party from list on new card -NEW: VAT report - Invert constant to show by default zero vat in reports +NEW: Add VAT and juridical status for Algeria +NEW: VAT report - Invert constant to show by default zero VAT in reports NEW: website page fields selection NEW: Weighing Scale compatibility with TakePOS connector -NEW: when creating a user from a member linked to a thirdparty, you can choose to create if as external or internal user -NEW: add clone functionality on miscellaneous payment +NEW: when creating a user from a member linked to a thirdparty, you can choose to create it as external or internal user +NEW: add clone button on miscellaneous payment +NEW: #15065 Add option to put the product label in bold in the PDF templates if configured For developers: --------------- +NEW: Hook on propal card +NEW: add __MEMBER_TYPE__ substitution key +NEW: add function dolButtonToOpenUrlInDialogPopup() to be able to open page into a popup +NEW: add hooks on stats pages +NEW: show line number on intervention card (via MAIN_VIEW_LINE_NUMBER) +NEW: API get contacts list of a given order +NEW: API endpoint getContacts and Clean results +NEW: Add some fields to link website page to an other object +NEW: fill ECM src object fields in dol_add_file_process +NEW: conf to allow to show the full tree in warehouse popup +NEW: can use THEME_DARKMODEENABLED=2 for a preview of theme in dark mode +NEW: can force the antivirus from conf file or autoprepend ini setup +NEW: can add event to log into blockedlog module with a constant +NEW: add property cssview when declaring fields of an object NEW: Can use dynamic code into the 'enabled' property of DAO fields +NEW: allow to edit "demand reason" field though API NEW: API can update a payment NEW: API get member by thirdparty NEW: API get thirdparty by barcode @@ -230,6 +211,14 @@ NEW: Thirdparty REST API: endpoint to set price level NEW: use new category API for project list view NEW: Triggers Attributes and Attributes values NEW: add hooks on newpayment page to allow external payment modules +NEW: added incoterms data into the substitution array +NEW: add formConfirm hook on product page +NEW: add send context for ticket +NEW: add a message in error_log after detection of SQL or script injection +NEW: add two hooks printFieldListFrom and printFieldSearchParam +NEW: add __TYPE__ substitution key +NEW: add validation of MX domain for emails +NEW: calculate the virtual stock in transverse mode ( not on getEntity('commande'), ... but on getEntity('stock') ) WARNING: diff --git a/build/generate_filelist_xml.php b/build/generate_filelist_xml.php index 581353b758b..41c20740d78 100755 --- a/build/generate_filelist_xml.php +++ b/build/generate_filelist_xml.php @@ -125,6 +125,11 @@ $checksumconcat=array(); $outputfile=$outputdir.'/filelist-'.$release.'.xml'; $fp = fopen($outputfile, 'w'); +if (empty($fp)) { + print 'Failed to open file '.$outputfile."\n"; + exit(-1); +} + fputs($fp, ''."\n"); fputs($fp, ''."\n"); diff --git a/dev/translation/autotranslator.php b/dev/translation/autotranslator.php index 5e8cc13c3c8..fd02febbdcc 100755 --- a/dev/translation/autotranslator.php +++ b/dev/translation/autotranslator.php @@ -21,8 +21,8 @@ * \ingroup dev * \brief This script uses google language ajax api as the translator engine * The main translator function can be found at: - * http://code.google.com/intl/fr/apis/language/translate/overview.html - * http://translate.google.com/translate_tools + * defunct -http://code.google.com/intl/fr/apis/language/translate/overview.html- + * defunct -http://translate.google.com/translate_tools- * https://code.google.com/apis/console */ @@ -58,7 +58,7 @@ $dir=DOL_DOCUMENT_ROOT."/langs"; if (! isset($argv[3])) { print "Usage: ".$script_file." lang_code_src lang_code_dest|all APIKEY [langfile.lang]\n"; print "Example: ".$script_file." en_US pt_PT 123456\n"; - print "Rem: lang_code to use can be found on http://www.google.com/language_tools\n"; + print "Rem: lang_code to use can be found on https://translate.google.com\n"; exit; } diff --git a/htdocs/accountancy/bookkeeping/balance.php b/htdocs/accountancy/bookkeeping/balance.php index a930ed12852..55797290058 100644 --- a/htdocs/accountancy/bookkeeping/balance.php +++ b/htdocs/accountancy/bookkeeping/balance.php @@ -227,8 +227,8 @@ if ($action != 'export_csv') $moreforfilter .= $form->selectDate($search_date_end ? $search_date_end : -1, 'date_end', 0, 0, 1, '', 1, 0); $moreforfilter .= ' - '; - $moreforfilter .= $langs->trans('ShowSubtotalByGroup').': '; - $moreforfilter .= ''; + $moreforfilter .= ': '; + $moreforfilter .= ''; $moreforfilter .= ''; @@ -272,6 +272,8 @@ if ($action != 'export_csv') $total_credit = 0; $sous_total_debit = 0; $sous_total_credit = 0; + $total_opening_balance = 0; + $sous_total_opening_balance = 0; $displayed_account = ""; $accountingaccountstatic = new AccountingAccount($db); @@ -302,7 +304,13 @@ if ($action != 'export_csv') $link = ''; $total_debit += $line->debit; $total_credit += $line->credit; - $root_account_description = $object->get_compte_racine($line->numero_compte); + $opening_balance = isset($opening_balances["'".$line->numero_compte."'"]) ? $opening_balances["'".$line->numero_compte."'"] : 0; + $total_opening_balance += $opening_balance; + + $tmparrayforrootaccount = $object->getRootAccount($line->numero_compte); + $root_account_description = $tmparrayforrootaccount['label']; + $root_account_number = $tmparrayforrootaccount['account_number']; + if (empty($accountingaccountstatic->account_number)) { $link = ''.img_edit_add().''; } @@ -311,14 +319,14 @@ if ($action != 'export_csv') if (!empty($show_subgroup)) { // Show accounting account - if (empty($displayed_account) || $root_account_description != $displayed_account) { + if (empty($displayed_account) || $root_account_number != $displayed_account) { // Show subtotal per accounting account if ($displayed_account != "") { print ''; print ''.$langs->trans("SubTotal").':'; print ''.price($sous_total_debit).''; print ''.price($sous_total_credit).''; - print ''.price(price2num($sous_total_credit - $sous_total_debit)).''; + print ''.price(price2num($sous_total_opening_balance + $sous_total_credit - $sous_total_debit)).''; print "\n"; print ''; } @@ -328,18 +336,18 @@ if ($action != 'export_csv') print ''.$line->numero_compte.($root_account_description ? ' - '.$root_account_description : '').''; print ''; - $displayed_account = $root_account_description; + $displayed_account = $root_account_number; $sous_total_debit = 0; $sous_total_credit = 0; + $sous_total_opening_balance = 0; } } - // $object->get_compte_racine($line->numero_compte); print ''.$accounting_account.''; - print ''.price($opening_balances["'".$line->numero_compte."'"]).''; + print ''.price($opening_balance).''; print ''.price($line->debit).''; print ''.price($line->credit).''; - print ''.price(price2num($line->debit - $line->credit, 'MT')).''; + print ''.price(price2num($opening_balance + $line->debit - $line->credit, 'MT')).''; print ''.$link; print ''; print "\n"; @@ -347,6 +355,7 @@ if ($action != 'export_csv') // Records the sub-total $sous_total_debit += $line->debit; $sous_total_credit += $line->credit; + $sous_total_opening_balance += $opening_balance; } if (!empty($show_subgroup)) diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index 299a9700364..097eb38b47f 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -630,7 +630,7 @@ else $buttonLabel = $langs->trans("ExportList"); $parameters = array(); $reshook = $hookmanager->executeHooks('addMoreActionsButtons', $parameters, $object, $action); // Note that $action and $object may have been modified by hook if (empty($reshook)) { -// Button re-export + // Button re-export if (!empty($conf->global->ACCOUNTING_REEXPORT)) { $newcardbutton = '' . img_picto($langs->trans("Activated"), 'switch_on') . ' '; } else { diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index 505c51d27fe..8312b155b8b 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -1898,23 +1898,22 @@ class BookKeeping extends CommonObject return $out; } - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** - * Description of a root accounting account + * Return id and description of a root accounting account. + * This function takes the parent of parent to get the root account ! * * @param string $account Accounting account * @return string Root account */ - public function get_compte_racine($account = null) + public function getRootAccount($account = null) { - // phpcs:enable global $conf; $pcgver = $conf->global->CHARTOFACCOUNTS; - $sql = "SELECT root.account_number, root.label as label"; + $sql = "SELECT root.rowid, root.account_number, root.label as label"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as aa"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version"; - $sql .= " AND asy.rowid = ".$pcgver; + $sql .= " AND asy.rowid = ".((int) $pcgver); $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as parent ON aa.account_parent = parent.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as root ON parent.account_parent = root.rowid"; $sql .= " WHERE aa.account_number = '".$this->db->escape($account)."'"; @@ -1930,7 +1929,7 @@ class BookKeeping extends CommonObject $obj = $this->db->fetch_object($resql); } - return $obj->label; + return array('id'=>$obj->rowid, 'account_number'=>$obj->account_number, 'label'=>$obj->label); } else { $this->error = "Error ".$this->db->lasterror(); dol_syslog(__METHOD__." ".$this->error, LOG_ERR); diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 9bedb1a39ca..15494596e0f 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -1988,11 +1988,11 @@ class Adherent extends CommonObject * @param int $withpictoimg 0=No picto, 1=Include picto into link, 2=Only picto, -1=Include photo into link, -2=Only picto photo, -3=Only photo very small) * @param int $maxlen length max label * @param string $option Page for link ('card', 'category', 'subscription', ...) - * @param string $mode ''=Show firstname+lastname as label (using default order), 'firstname'=Show only firstname, 'login'=Show login, 'ref'=Show ref + * @param string $mode ''=Show firstname+lastname as label (using default order), 'firstname'=Show only firstname, 'lastname'=Show only lastname, 'login'=Show login, 'ref'=Show ref * @param string $morecss Add more css on link * @param int $save_lastsearch_value -1=Auto, 0=No save of lastsearch_values when clicking, 1=Save lastsearch_values whenclicking * @param int $notooltip 1=Disable tooltip - * @param int $addlinktonotes 1=Add link to notes + * @param int $addlinktonotes 1=Add link to notes * @return string Chaine avec URL */ public function getNomUrl($withpictoimg = 0, $maxlen = 0, $option = 'card', $mode = '', $morecss = '', $save_lastsearch_value = -1, $notooltip = 0, $addlinktonotes = 0) @@ -2072,7 +2072,7 @@ class Adherent extends CommonObject } elseif ($mode == 'ref') { $result .= $this->id; } else { - $result .= $this->getFullName($langs, '', ($mode == 'firstname' ? 2 : -1), $maxlen); + $result .= $this->getFullName($langs, '', ($mode == 'firstname' ? 2 : ($mode == 'lastname' ? 4 : -1)), $maxlen); } if (empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) $result .= ''; } diff --git a/htdocs/adherents/subscription/list.php b/htdocs/adherents/subscription/list.php index b8cfb64a39f..05a0567a8d9 100644 --- a/htdocs/adherents/subscription/list.php +++ b/htdocs/adherents/subscription/list.php @@ -433,9 +433,7 @@ while ($i < min($num, $limit)) { // Lastname if (!empty($arrayfields['d.lastname']['checked'])) { - $adherent->firstname = ''; - print ''.$adherent->getNomUrl(-1).''; - $adherent->firstname = $obj->firstname; + print ''.$adherent->getNomUrl(-1, 0, 'card', 'lastname').''; if (!$i) $totalarray['nbfield']++; } // Firstname diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php index 448d2bb4bfb..872c0d414eb 100644 --- a/htdocs/admin/mails_templates.php +++ b/htdocs/admin/mails_templates.php @@ -268,6 +268,7 @@ if (empty($reshook)) { if ($value == 'content') continue; if ($value == 'content_lines') continue; + // Rename some POST variables into a generic name if (GETPOST('actionmodify', 'alpha') && $value == 'topic') $_POST['topic'] = $_POST['topic-'.$rowid]; if ((!isset($_POST[$value]) || $_POST[$value] == '' || $_POST[$value] == '-1') && $value != 'lang' && $value != 'fk_user' && $value != 'position') @@ -306,6 +307,7 @@ if (empty($reshook)) { if ($value == 'lang') $keycode = 'langcode'; if (empty($keycode)) $keycode = $value; + // Clean input variables if ($value == 'entity') $_POST[$keycode] = $conf->entity; if ($value == 'fk_user' && !($_POST[$keycode] > 0)) $_POST[$keycode] = ''; if ($value == 'private' && !is_numeric($_POST[$keycode])) $_POST[$keycode] = '0'; @@ -319,11 +321,11 @@ if (empty($reshook)) { if (!$user->admin) { // A non admin user can only edit its own template $sql .= " ".((int) $user->id); } else { - $sql .= " ".((int) GETPOST($keycode, 'fk_user')); + $sql .= " ".((int) GETPOST($keycode, 'int')); } } elseif ($keycode == 'content') { $sql .= "'".$db->escape(GETPOST($keycode, 'restricthtml'))."'"; - } elseif (in_array($keycode, array('joinfile', 'private', 'position'))) { + } elseif (in_array($keycode, array('joinfiles', 'private', 'position'))) { $sql .= (int) GETPOST($keycode, 'int'); } else { $sql .= "'".$db->escape(GETPOST($keycode, 'nohtml'))."'"; @@ -362,6 +364,7 @@ if (empty($reshook)) { if ($field == 'lang') $keycode = 'langcode'; if (empty($keycode)) $keycode = $field; + // Rename some POST variables into a generic name if ($field == 'fk_user' && !($_POST['fk_user'] > 0)) $_POST['fk_user'] = ''; if ($field == 'topic') $_POST['topic'] = $_POST['topic-'.$rowid]; if ($field == 'joinfiles') $_POST['joinfiles'] = $_POST['joinfiles-'.$rowid]; @@ -378,11 +381,11 @@ if (empty($reshook)) { if (!$user->admin) { // A non admin user can only edit its own template $sql .= " ".((int) $user->id); } else { - $sql .= " ".((int) GETPOST($keycode, 'fk_user')); + $sql .= " ".((int) GETPOST($keycode, 'int')); } } elseif ($keycode == 'content') { $sql .= "'".$db->escape(GETPOST($keycode, 'restricthtml'))."'"; - } elseif (in_array($keycode, array('joinfile', 'private', 'position'))) { + } elseif (in_array($keycode, array('joinfiles', 'private', 'position'))) { $sql .= (int) GETPOST($keycode, 'int'); } else { $sql .= "'".$db->escape(GETPOST($keycode, 'nohtml'))."'"; @@ -393,7 +396,7 @@ if (empty($reshook)) { $sql .= " WHERE ".$rowidcol." = ".((int) $rowid); if (!$user->admin) { // A non admin user can only edit its own template - $sql .= " AND fk_user = ".$user->id; + $sql .= " AND fk_user = ".((int) $user->id); } //print $sql;exit; dol_syslog("actionmodify", LOG_DEBUG); @@ -414,7 +417,7 @@ if (empty($reshook)) { $sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol."=".((int) $rowid); if (!$user->admin) { // A non admin user can only edit its own template - $sql .= " AND fk_user = ".$user->id; + $sql .= " AND fk_user = ".((int) $user->id); } dol_syslog("delete", LOG_DEBUG); $result = $db->query($sql); diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php index 6181754e979..f182fb39cbd 100644 --- a/htdocs/admin/menus/edit.php +++ b/htdocs/admin/menus/edit.php @@ -34,13 +34,14 @@ $langs->loadLangs(array("other", "admin")); $cancel = GETPOST('cancel', 'alphanohtml'); // We click on a Cancel button $confirm = GETPOST('confirm'); -if (!$user->admin) accessforbidden(); +if (!$user->admin) { + accessforbidden(); +} $dirstandard = array(); $dirsmartphone = array(); $dirmenus = array_merge(array("/core/menus/"), (array) $conf->modules_parts['menus']); -foreach ($dirmenus as $dirmenu) -{ +foreach ($dirmenus as $dirmenu) { $dirstandard[] = $dirmenu.'standard'; $dirsmartphone[] = $dirmenu.'smartphone'; } @@ -56,8 +57,12 @@ $menu_handler_smartphone = preg_replace('/_frontoffice.php/i', '', $menu_handler $menu_handler = $menu_handler_top; -if (GETPOST("handler_origine")) $menu_handler = GETPOST("handler_origine"); -if (GETPOST("menu_handler")) $menu_handler = GETPOST("menu_handler"); +if (GETPOST("handler_origine")) { + $menu_handler = GETPOST("handler_origine"); +} +if (GETPOST("menu_handler")) { + $menu_handler = GETPOST("menu_handler"); +} @@ -65,22 +70,16 @@ if (GETPOST("menu_handler")) $menu_handler = GETPOST("menu_handler"); * Actions */ -if ($action == 'update') -{ - if (!$cancel) - { +if ($action == 'update') { + if (!$cancel) { $leftmenu = ''; $mainmenu = ''; - if (GETPOST('menuIdParent', 'alphanohtml') && !is_numeric(GETPOST('menuIdParent', 'alphanohtml'))) - { + if (GETPOST('menuIdParent', 'alphanohtml') && !is_numeric(GETPOST('menuIdParent', 'alphanohtml'))) { $tmp = explode('&', GETPOST('menuIdParent', 'alphanohtml')); - foreach ($tmp as $s) - { - if (preg_match('/fk_mainmenu=/', $s)) - { + foreach ($tmp as $s) { + if (preg_match('/fk_mainmenu=/', $s)) { $mainmenu = preg_replace('/fk_mainmenu=/', '', $s); } - if (preg_match('/fk_leftmenu=/', $s)) - { + if (preg_match('/fk_leftmenu=/', $s)) { $leftmenu = preg_replace('/fk_leftmenu=/', '', $s); } } @@ -88,31 +87,31 @@ if ($action == 'update') $menu = new Menubase($db); $result = $menu->fetch(GETPOST('menuId', 'int')); - if ($result > 0) - { - $menu->title = GETPOST('titre', 'alphanohtml'); - $menu->leftmenu = GETPOST('leftmenu', 'aZ09'); - $menu->url = GETPOST('url', 'alphanohtml'); - $menu->langs = GETPOST('langs', 'alphanohtml'); - $menu->position = GETPOST('position', 'int'); - $menu->enabled = GETPOST('enabled', 'alphanohtml'); - $menu->perms = GETPOST('perms', 'alphanohtml'); - $menu->target = GETPOST('target', 'alphanohtml'); - $menu->user = GETPOST('user', 'alphanohtml'); - $menu->mainmenu = GETPOST('propertymainmenu', 'alphanohtml'); - if (is_numeric(GETPOST('menuIdParent', 'alphanohtml'))) - { - $menu->fk_menu = GETPOST('menuIdParent', 'alphanohtml'); + if ($result > 0) { + $menu->title = (string) GETPOST('titre', 'alphanohtml'); + $menu->leftmenu = (string) GETPOST('leftmenu', 'aZ09'); + $menu->url = (string) GETPOST('url', 'alphanohtml'); + $menu->langs = (string) GETPOST('langs', 'alphanohtml'); + $menu->position = (int) GETPOST('position', 'int'); + $menu->enabled = (string) GETPOST('enabled', 'alphanohtml'); + $menu->perms = (string) GETPOST('perms', 'alphanohtml'); + $menu->target = (string) GETPOST('target', 'alphanohtml'); + $menu->user = (string) GETPOST('user', 'alphanohtml'); + $menu->mainmenu = (string) GETPOST('propertymainmenu', 'alphanohtml'); + if (is_numeric(GETPOST('menuIdParent', 'alphanohtml'))) { + $menu->fk_menu = (int) GETPOST('menuIdParent', 'alphanohtml'); } else { - if (GETPOST('type', 'alphanohtml') == 'top') $menu->fk_menu = 0; - else $menu->fk_menu = -1; + if (GETPOST('type', 'alphanohtml') == 'top') { + $menu->fk_menu = 0; + } else { + $menu->fk_menu = -1; + } $menu->fk_mainmenu = $mainmenu; $menu->fk_leftmenu = $leftmenu; } $result = $menu->update($user); - if ($result > 0) - { + if ($result > 0) { setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs'); } else { setEventMessages($menu->error, $menu->errors, 'errors'); @@ -130,26 +129,21 @@ if ($action == 'update') } } -if ($action == 'add') -{ - if ($cancel) - { +if ($action == 'add') { + if ($cancel) { header("Location: ".DOL_URL_ROOT."/admin/menus/index.php?menu_handler=".$menu_handler); exit; } - $leftmenu = ''; $mainmenu = ''; - if (GETPOST('menuId', 'alphanohtml', 3) && !is_numeric(GETPOST('menuId', 'alphanohtml', 3))) - { + $leftmenu = ''; + $mainmenu = ''; + if (GETPOST('menuId', 'alphanohtml', 3) && !is_numeric(GETPOST('menuId', 'alphanohtml', 3))) { $tmp = explode('&', GETPOST('menuId', 'alphanohtml', 3)); - foreach ($tmp as $s) - { - if (preg_match('/fk_mainmenu=/', $s)) - { + foreach ($tmp as $s) { + if (preg_match('/fk_mainmenu=/', $s)) { $mainmenu = preg_replace('/fk_mainmenu=/', '', $s); } - if (preg_match('/fk_leftmenu=/', $s)) - { + if (preg_match('/fk_leftmenu=/', $s)) { $leftmenu = preg_replace('/fk_leftmenu=/', '', $s); } } @@ -158,70 +152,64 @@ if ($action == 'add') $langs->load("errors"); $error = 0; - if (!$error && !$_POST['menu_handler']) - { + if (!$error && !$_POST['menu_handler']) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("MenuHandler")), null, 'errors'); $action = 'create'; $error++; } - if (!$error && !$_POST['type']) - { + if (!$error && !$_POST['type']) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Type")), null, 'errors'); $action = 'create'; $error++; } - if (!$error && !$_POST['url']) - { + if (!$error && !$_POST['url']) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("URL")), null, 'errors'); $action = 'create'; $error++; } - if (!$error && !$_POST['titre']) - { + if (!$error && !$_POST['titre']) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Title")), null, 'errors'); $action = 'create'; $error++; } - if (!$error && $_POST['menuId'] && $_POST['type'] == 'top') - { + if (!$error && $_POST['menuId'] && $_POST['type'] == 'top') { setEventMessages($langs->trans("ErrorTopMenuMustHaveAParentWithId0"), null, 'errors'); $action = 'create'; $error++; } - if (!$error && !$_POST['menuId'] && $_POST['type'] == 'left') - { + if (!$error && !$_POST['menuId'] && $_POST['type'] == 'left') { setEventMessages($langs->trans("ErrorLeftMenuMustHaveAParentId"), null, 'errors'); $action = 'create'; $error++; } - if (!$error) - { + if (!$error) { $menu = new Menubase($db); $menu->menu_handler = preg_replace('/_menu$/', '', GETPOST('menu_handler', 'aZ09')); - $menu->type = GETPOST('type', 'alphanohtml'); - $menu->title = GETPOST('titre', 'alphanohtml'); - $menu->url = GETPOST('url', 'alphanohtml'); - $menu->langs = GETPOST('langs', 'alphanohtml'); - $menu->position = GETPOST('position', 'int'); - $menu->enabled = GETPOST('enabled', 'alphanohtml'); - $menu->perms = GETPOST('perms', 'alphanohtml'); - $menu->target = GETPOST('target', 'alphanohtml'); - $menu->user = GETPOST('user', 'alphanohtml'); - $menu->mainmenu = GETPOST('propertymainmenu', 'alphanohtml'); - if (is_numeric(GETPOST('menuId', 'alphanohtml', 3))) - { - $menu->fk_menu = GETPOST('menuId', 'alphanohtml', 3); + $menu->type = (string) GETPOST('type', 'alphanohtml'); + $menu->title = (string) GETPOST('titre', 'alphanohtml'); + $menu->url = (string) GETPOST('url', 'alphanohtml'); + $menu->langs = (string) GETPOST('langs', 'alphanohtml'); + $menu->position = (int) GETPOST('position', 'int'); + $menu->enabled = (string) GETPOST('enabled', 'alphanohtml'); + $menu->perms = (string) GETPOST('perms', 'alphanohtml'); + $menu->target = (string) GETPOST('target', 'alphanohtml'); + $menu->user = (string) GETPOST('user', 'alphanohtml'); + $menu->mainmenu = (string) GETPOST('propertymainmenu', 'alphanohtml'); + if (is_numeric(GETPOST('menuId', 'alphanohtml', 3))) { + $menu->fk_menu = (int) GETPOST('menuId', 'alphanohtml', 3); } else { - if (GETPOST('type', 'alphanohtml') == 'top') $menu->fk_menu = 0; - else $menu->fk_menu = -1; + if (GETPOST('type', 'alphanohtml') == 'top') { + $menu->fk_menu = 0; + } else { + $menu->fk_menu = -1; + } $menu->fk_mainmenu = $mainmenu; $menu->fk_leftmenu = $leftmenu; } $result = $menu->create($user); - if ($result > 0) - { + if ($result > 0) { header("Location: ".DOL_URL_ROOT."/admin/menus/index.php?menu_handler=".GETPOST('menu_handler', 'aZ09')); exit; } else { @@ -232,15 +220,13 @@ if ($action == 'add') } // delete -if ($action == 'confirm_delete' && $confirm == 'yes') -{ +if ($action == 'confirm_delete' && $confirm == 'yes') { $db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."menu WHERE rowid = ".GETPOST('menuId', 'int'); $result = $db->query($sql); - if ($result == 0) - { + if ($result == 0) { $db->commit(); llxHeader(); @@ -268,8 +254,7 @@ $formadmin = new FormAdmin($db); llxHeader('', $langs->trans("Menu")); -if ($action == 'create') -{ +if ($action == 'create') { print ''; - print ' - '.$langs->trans("ShowHideDetails").''; - //} - print ''."\n"; + if (!$silent) { + print ''.$langs->trans("ProcessMigrateScript").''; + print ''; + if ($error == 0) { + print ''.$langs->trans("OK").''; + } else { + print ''.$langs->trans("Error").''; } + //if (! empty($conf->use_javascript_ajax)) { + print ''; + print ' - '.$langs->trans("ShowHideDetails").''; + //} + print ''."\n"; + } + + if ($error == 0) { $ok = 1; } else { - if (!$silent) { - print ''.$langs->trans("ProcessMigrateScript").''; - print ''.$langs->trans("KO").''; - print ''."\n"; - } $ok = 0; } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index f0d6ff9a53c..97ed1fc1c81 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -1060,7 +1060,7 @@ function dol_escape_json($stringtoescape) * Returns text escaped for inclusion in HTML alt or title tags, or into values of HTML input fields. * * @param string $stringtoescape String to escape - * @param int $keepb 1=Preserve b tags (otherwise, remove them) + * @param int $keepb 1=Keep b tags and escape them, 0=remove them * @param int $keepn 1=Preserve \r\n strings (otherwise, replace them with escaped value). Set to 1 when escaping for a