lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/develop' into 14a27

Browse Source
This commit is contained in:
Alexandre SPANGARO 2021-03-20 07:47:54 +01:00
commit 17d3b85ec4
150 changed files with 1082 additions and 693 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build/doxygen/doxygen_header.html
View File

@ -2,7 +2,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>$title</title>
<title>Dolibarr source code documentation</title>
<!-- from dolibarr.org -->
<meta http-equiv="Content-Type" content="text/html" charset=utf-8 />
<meta name="verify-v1"

8
htdocs/accountancy/admin/account.php
View File

@ -529,11 +529,11 @@ if ($resql) {
if (!empty($arrayfields['aa.reconcilable']['checked'])) {
print '<td class="center">';
if (empty($obj->reconcilable)) {
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=enable&mode=1">';
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=enable&mode=1&token='.newToken().'">';
print img_picto($langs->trans("Disabled"), 'switch_off');
print '</a>';
} else {
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=disable&mode=1">';
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=disable&mode=1&token='.newToken().'">';
print img_picto($langs->trans("Activated"), 'switch_on');
print '</a>';
}
@ -548,11 +548,11 @@ if ($resql) {
if (!empty($arrayfields['aa.active']['checked'])) {
print '<td class="center">';
if (empty($obj->active)) {
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=enable&mode=0">';
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=enable&mode=0&token='.newToken().'">';
print img_picto($langs->trans("Disabled"), 'switch_off');
print '</a>';
} else {
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=disable&mode=0">';
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=disable&mode=0&token='.newToken().'">';
print img_picto($langs->trans("Activated"), 'switch_on');
print '</a>';
}

6
htdocs/accountancy/admin/card.php
View File

@ -212,8 +212,10 @@ $accountsystem = new AccountancySystem($db);
$accountsystem->fetch($conf->global->CHARTOFACCOUNTS);
$title = $langs->trans('AccountAccounting')." - ".$langs->trans('Card');
$helpurl = '';
llxheader('', $title, $helpurl);
$help_url = 'EN:Category:Accounting';
llxheader('', $title, $help_url);
// Create mode

4
htdocs/accountancy/admin/subaccount.php
View File

@ -419,11 +419,11 @@ if ($resql) {
if (!empty($arrayfields['reconcilable']['checked'])) {
print '<td class="center">';
if (empty($obj->reconcilable)) {
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=enable&mode=1">';
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=enable&mode=1&token='.newToken().'">';
print img_picto($langs->trans("Disabled"), 'switch_off');
print '</a>';
} else {
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=disable&mode=1">';
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$obj->rowid.'&action=disable&mode=1&token='.newToken().'">';
print img_picto($langs->trans("Activated"), 'switch_on');
print '</a>';
}

12
htdocs/accountancy/bookkeeping/balance.php
View File

@ -135,6 +135,18 @@ if (!empty($search_accountancy_code_end)) {
$param .= '&amp;search_accountancy_code_end='.$search_accountancy_code_end;
}
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
/*
* Action
*/

22
htdocs/accountancy/bookkeeping/card.php
View File

@ -44,13 +44,6 @@ $id = GETPOST('id', 'int'); // id of record
$mode = GETPOST('mode', 'aZ09'); // '' or '_tmp'
$piece_num = GETPOST("piece_num", 'int'); // id of transaction (several lines share the same transaction id)
// Security check
if ($user->socid > 0) {
accessforbidden();
}
$mesg = '';
$accountingaccount = new AccountingAccount($db);
$accountingjournal = new AccountingJournal($db);
@ -83,6 +76,17 @@ if (!empty($update)) {
$object = new BookKeeping($db);
// Security check
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
/*
* Actions
@ -539,11 +543,11 @@ if ($action == 'create') {
print '<td class="titlefield">' . $langs->trans("Status") . '</td>';
print '<td>';
if (empty($object->validated)) {
print '<a class="reposition" href="' . $_SERVER["PHP_SELF"] . '?piece_num=' . $line->id . '&action=enable">';
print '<a class="reposition" href="' . $_SERVER["PHP_SELF"] . '?piece_num=' . $line->id . '&action=enable&token='.newToken().'">';
print img_picto($langs->trans("Disabled"), 'switch_off');
print '</a>';
} else {
print '<a class="reposition" href="' . $_SERVER["PHP_SELF"] . '?piece_num=' . $line->id . '&action=disable">';
print '<a class="reposition" href="' . $_SERVER["PHP_SELF"] . '?piece_num=' . $line->id . '&action=disable&token='.newToken().'">';
print img_picto($langs->trans("Activated"), 'switch_on');
print '</a>';
}

10
htdocs/accountancy/bookkeeping/list.php
View File

@ -171,6 +171,16 @@ if (empty($listofformat[$formatexportset])) {
$error = 0;
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
/*
* Actions

10
htdocs/accountancy/bookkeeping/listbyaccount.php
View File

@ -163,6 +163,16 @@ if ($search_date_end && empty($search_date_endyear)) {
$search_date_endday = $tmparray['mday'];
}
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
/*
* Action

11
htdocs/accountancy/bookkeeping/listbysubaccount.php
View File

@ -163,10 +163,21 @@ if ($search_date_end && empty($search_date_endyear)) {
$search_date_endday = $tmparray['mday'];
}
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
/*
* Action
*/
if (GETPOST('cancel', 'alpha')) {
$action = 'list'; $massaction = '';
}

10
htdocs/accountancy/bookkeeping/thirdparty_lettering_customer.php
View File

@ -94,6 +94,16 @@ if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');
}
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
/*
* Action

11
htdocs/accountancy/bookkeeping/thirdparty_lettering_supplier.php
View File

@ -94,10 +94,21 @@ if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');
}
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
/*
* Action
*/
if ($action == 'lettering') {
$result = $lettering->updateLettering($toselect);

26
htdocs/accountancy/closure/index.php
View File

@ -35,17 +35,6 @@ $socid = GETPOST('socid', 'int');
$action = GETPOST('action', 'aZ09');
// Security check
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (!$user->rights->accounting->fiscalyear->write) {
accessforbidden();
}
$object = new BookKeeping($db);
$month_start = ($conf->global->SOCIETE_FISCAL_MONTH_START ? ($conf->global->SOCIETE_FISCAL_MONTH_START) : 1);
@ -67,10 +56,23 @@ $search_date_start = dol_mktime(0, 0, 0, $month_start, 1, $year_start);
$search_date_end = dol_get_last_day($year_end, $month_end);
$year_current = $year_start;
// Security check
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (!$user->rights->accounting->fiscalyear->write) {
accessforbidden();
}
/*
* Actions
*/
if ($action == 'validate_movements_confirm' && $user->rights->accounting->fiscalyear->write) {
if ($action == 'validate_movements_confirm' && !empty($user->rights->accounting->fiscalyear->write)) {
$result = $object->fetchAll();
if ($result < 0) {

7
htdocs/accountancy/customer/card.php
View File

@ -38,9 +38,16 @@ $codeventil = GETPOST('codeventil', 'int');
$id = GETPOST('id', 'int');
// Security check
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
/*

8
htdocs/accountancy/customer/lines.php
View File

@ -80,13 +80,17 @@ if (!$sortorder) {
}
// Security check
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (!$user->rights->accounting->bind->write) {
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
$formaccounting = new FormAccounting($db);
@ -112,7 +116,7 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x'
$search_tvaintra = '';
}
if (is_array($changeaccount) && count($changeaccount) > 0) {
if (is_array($changeaccount) && count($changeaccount) > 0 && $user->rights->accounting->bind->write) {
$error = 0;
if (!(GETPOST('account_parent', 'int') >= 0)) {

7
htdocs/accountancy/customer/list.php
View File

@ -88,10 +88,13 @@ if (!$sortorder) {
}
// Security check
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (!$user->rights->accounting->bind->write) {
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
@ -148,7 +151,7 @@ if (empty($reshook)) {
}
if ($massaction == 'ventil') {
if ($massaction == 'ventil' && $user->rights->accounting->bind->write) {
$msg = '';
//print '<div><span style="color:red">' . $langs->trans("Processing") . '...</span></div>';

6
htdocs/accountancy/expensereport/card.php
View File

@ -42,9 +42,15 @@ $codeventil = GETPOST('codeventil', 'int');
$id = GETPOST('id', 'int');
// Security check
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
/*

23
htdocs/accountancy/expensereport/index.php
View File

@ -32,17 +32,6 @@ require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
// Load translation files required by the page
$langs->loadLangs(array("compta", "bills", "other", "main", "accountancy"));
// Security check
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (!$user->rights->accounting->bind->write) {
accessforbidden();
}
$month_start = ($conf->global->SOCIETE_FISCAL_MONTH_START ? ($conf->global->SOCIETE_FISCAL_MONTH_START) : 1);
if (GETPOST("year", 'int')) {
$year_start = GETPOST("year", 'int');
@ -65,13 +54,23 @@ $year_current = $year_start;
// Validate History
$action = GETPOST('action', 'aZ09');
// Security check
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
/*
* Actions
*/
if ($action == 'clean' || $action == 'validatehistory') {
if (($action == 'clean' || $action == 'validatehistory') && $user->rights->accounting->bind->write) {
// Clean database
$db->begin();
$sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det as erd";

8
htdocs/accountancy/expensereport/lines.php
View File

@ -74,13 +74,17 @@ if (!$sortorder) {
}
// Security check
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (!$user->rights->accounting->bind->write) {
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
$formaccounting = new FormAccounting($db);
@ -102,7 +106,7 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x'
$search_year = '';
}
if (is_array($changeaccount) && count($changeaccount) > 0) {
if (is_array($changeaccount) && count($changeaccount) > 0 && $user->rights->accounting->bind->write) {
$error = 0;
if (!(GETPOST('account_parent', 'int') >= 0)) {

21
htdocs/accountancy/expensereport/list.php
View File

@ -83,19 +83,22 @@ if (!$sortorder) {
}
}
// Security check
if ($user->socid > 0) {
accessforbidden();
}
if (!$user->rights->accounting->bind->write) {
accessforbidden();
}
$formaccounting = new FormAccounting($db);
$accounting = new AccountingAccount($db);
$chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version');
// Security check
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
/*
* Action
@ -130,7 +133,7 @@ $permissiontodelete = $user->rights->expensereport->delete;
$uploaddir = $conf->expensereport->dir_output;
include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
if ($massaction == 'ventil') {
if ($massaction == 'ventil' && $user->rights->accounting->bind->write) {
$msg = '';
//print '<div><span style="color:red">' . $langs->trans("Processing") . '...</span></div>';
if (!empty($mesCasesCochees)) {

11
htdocs/accountancy/index.php
View File

@ -31,13 +31,20 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
// Load translation files required by the page
$langs->loadLangs(array("compta", "bills", "other", "accountancy", "loans", "banks", "admin", "dict"));
// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array of hooks
$hookmanager->initHooks(array('accountancyindex'));
// Security check
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array of hooks
$hookmanager->initHooks(array('accountancyindex'));
/*

19
htdocs/accountancy/journal/bankjournal.php
View File

@ -7,7 +7,7 @@
* Copyright (C) 2013-2019 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2013-2014 Florian Henry <florian.henry@open-concept.pro>
* Copyright (C) 2013-2014 Olivier Geffroy <jeff@jeffinfo.com>
* Copyright (C) 2017-2020 Frédéric France <frederic.france@netlogic.fr>
* Copyright (C) 2017-2021 Frédéric France <frederic.france@netlogic.fr>
* Copyright (C) 2018 Ferran Marcet <fmarcet@2byte.es>
* Copyright (C) 2018 Eric Seigne <eric.seigne@cap-rel.fr>
* Copyright (C) 2021 Gauthier VERDOL <gauthier.verdol@atm-consulting.fr>
@ -83,7 +83,13 @@ $now = dol_now();
$action = GETPOST('action', 'aZ09');
// Security check
if ($user->socid > 0 && empty($id_journal)) {
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
@ -954,13 +960,18 @@ if (empty($action) || $action == 'view') {
$nom = $langs->trans("FinanceJournal").' | '.$accountingjournalstatic->getNomUrl(0, 1, 1, '', 1);
$builddate = dol_now();
//$description = $langs->trans("DescFinanceJournal") . '<br>';
$description .= $langs->trans("DescJournalOnlyBindedVisible").'<br>';
$description = $langs->trans("DescJournalOnlyBindedVisible").'<br>';
$listofchoices = array('notyet'=>$langs->trans("NotYetInGeneralLedger"), 'already'=>$langs->trans("AlreadyInGeneralLedger"));
$listofchoices = array(
'notyet'=>$langs->trans("NotYetInGeneralLedger"),
'already'=>$langs->trans("AlreadyInGeneralLedger")
);
$period = $form->selectDate($date_start ? $date_start : -1, 'date_start', 0, 0, 0, '', 1, 0).' - '.$form->selectDate($date_end ? $date_end : -1, 'date_end', 0, 0, 0, '', 1, 0);
$period .= ' - '.$langs->trans("JournalizationInLedgerStatus").' '.$form->selectarray('in_bookkeeping', $listofchoices, $in_bookkeeping, 1);
$varlink = 'id_journal='.$id_journal;
$periodlink = '';
$exportlink = '';
journalHead($nom, '', $period, $periodlink, $description, $builddate, $exportlink, array('action' => ''), '', $varlink);

8
htdocs/accountancy/journal/expensereportsjournal.php
View File

@ -58,13 +58,21 @@ if ($in_bookkeeping == '') {
$now = dol_now();
// Security check
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
/*
* Actions
*/
$accountingaccount = new AccountingAccount($db);
// Get informations of journal

12
htdocs/accountancy/journal/purchasesjournal.php
View File

@ -57,17 +57,25 @@ if ($in_bookkeeping == '') {
$now = dol_now();
$hookmanager->initHooks(array('purchasesjournal'));
$parameters = array();
// Security check
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
$hookmanager->initHooks(array('purchasesjournal'));
$parameters = array();
/*
* Actions
*/
$reshook = $hookmanager->executeHooks('doActions', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks
$accountingaccount = new AccountingAccount($db);

15
htdocs/accountancy/journal/sellsjournal.php
View File

@ -8,7 +8,7 @@
* Copyright (C) 2013-2016 Florian Henry <florian.henry@open-concept.pro>
* Copyright (C) 2013-2016 Olivier Geffroy <jeff@jeffinfo.com>
* Copyright (C) 2014 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
* Copyright (C) 2018 Frédéric France <frederic.france@netlogic.fr>
* Copyright (C) 2018-2021 Frédéric France <frederic.france@netlogic.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -59,13 +59,20 @@ if ($in_bookkeeping == '') {
$now = dol_now();
$hookmanager->initHooks(array('sellsjournal'));
$parameters = array();
// Security check
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
$hookmanager->initHooks(array('sellsjournal'));
$parameters = array();
/*
* Actions
@ -663,7 +670,7 @@ if (empty($action) || $action == 'view') {
$periodlink = '';
$exportlink = '';
$builddate = dol_now();
$description .= $langs->trans("DescJournalOnlyBindedVisible").'<br>';
$description = $langs->trans("DescJournalOnlyBindedVisible").'<br>';
if (!empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) {
$description .= $langs->trans("DepositsAreNotIncluded");
} else {

6
htdocs/accountancy/supplier/card.php
View File

@ -42,9 +42,15 @@ $codeventil = GETPOST('codeventil', 'int');
$id = GETPOST('id', 'int');
// Security check
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
/*

13
htdocs/accountancy/supplier/index.php
View File

@ -69,12 +69,23 @@ $action = GETPOST('action', 'aZ09');
$chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version');
// Security check
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
/*
* Actions
*/
if ($action == 'clean' || $action == 'validatehistory') {
if (($action == 'clean' || $action == 'validatehistory') && $user->rights->accounting->bind->write) {
// Clean database
$db->begin();
$sql1 = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det as fd";

9
htdocs/accountancy/supplier/lines.php
View File

@ -80,16 +80,19 @@ if (!$sortorder) {
}
}
$formaccounting = new FormAccounting($db);
// Security check
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (!$user->rights->accounting->bind->write) {
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
$formaccounting = new FormAccounting($db);
/*
* Actions

19
htdocs/accountancy/supplier/list.php
View File

@ -88,14 +88,6 @@ if (!$sortorder) {
}
}
// Security check
if ($user->socid > 0) {
accessforbidden();
}
if (!$user->rights->accounting->bind->write) {
accessforbidden();
}
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('accountancysupplierlist'));
@ -107,6 +99,17 @@ $aarowid_p = $accounting->fetch('', $conf->global->ACCOUNTING_PRODUCT_BUY_ACCOUN
$chartaccountcode = dol_getIdFromCode($db, $conf->global->CHARTOFACCOUNTS, 'accounting_system', 'rowid', 'pcg_version');
// Security check
if (empty($conf->accounting->enabled)) {
accessforbidden();
}
if ($user->socid > 0) {
accessforbidden();
}
if (empty($user->rights->accounting->mouvements->lire)) {
accessforbidden();
}
/*
* Actions

5
htdocs/adherents/admin/adherent.php
View File

@ -8,7 +8,7 @@
* Copyright (C) 2011-2012 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2012 J. Fernando Lagrange <fernando@demo-tic.org>
* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
* Copyright (C) 2020 Frédéric France <frederic.france@netlogic.fr>
* Copyright (C) 2020-2021 Frédéric France <frederic.france@netlogic.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -254,7 +254,8 @@ if ($conf->facture->enabled) {
if (!empty($conf->product->enabled) || !empty($conf->service->enabled)) {
print '<tr class="oddeven"><td>'.$langs->trans("ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS").'</td>';
print '<td>';
$form->select_produits($conf->global->ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS, 'ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS', '', 0);
$selected = (empty($conf->global->ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS) ? '' : $conf->global->ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS);
$form->select_produits($selected, 'ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS', '', 0);
print '</td>';
}
print "</tr>\n";

3
htdocs/adherents/card.php
View File

@ -1691,6 +1691,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
*/
print '<div class="tabsAction">';
$isinspip = 0;
$parameters = array();
$reshook = $hookmanager->executeHooks('addMoreActionsButtons', $parameters, $object, $action); // Note that $action and $object may have been
if (empty($reshook)) {
@ -1827,7 +1828,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
$genallowed = $user->rights->adherent->lire;
$delallowed = $user->rights->adherent->creer;
print $formfile->showdocuments('member', $filename, $filedir, $urlsource, $genallowed, $delallowed, $object->model_pdf, 1, 0, 0, 28, 0, '', '', '', $object->default_lang, '', $object);
print $formfile->showdocuments('member', $filename, $filedir, $urlsource, $genallowed, $delallowed, $object->model_pdf, 1, 0, 0, 28, 0, '', '', '', (empty($object->default_lang) ? '' : $object->default_lang), '', $object);
$somethingshown = $formfile->numoffiles;
// Show links to link elements

3
htdocs/adherents/cartes/carte.php
View File

@ -50,6 +50,9 @@ $extrafields = new ExtraFields($db);
// Fetch optionals attributes and labels
$extrafields->fetch_name_optionals_label($object->table_element);
// Security check
$result = restrictedArea($user, 'adherent');
/*
* Actions

6
htdocs/adherents/list.php
View File

@ -41,9 +41,6 @@ $confirm = GETPOST('confirm', 'alpha');
$toselect = GETPOST('toselect', 'array');
$contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'memberslist'; // To manage different context of search
// Security check
$result = restrictedArea($user, 'adherent');
$search = GETPOST("search", 'alpha');
$search_ref = GETPOST("search_ref", 'alpha');
$search_lastname = GETPOST("search_lastname", 'alpha');
@ -162,6 +159,9 @@ $arrayfields = array(
// Extra fields
include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php';
// Security check
$result = restrictedArea($user, 'adherent');
/*
* Actions

3
htdocs/adherents/type.php
View File

@ -213,7 +213,8 @@ if ($action == 'confirm_delete' && $user->rights->adherent->configurer) {
$form = new Form($db);
$formproduct = new FormProduct($db);
$help_url = 'EN:Module_Foundations|FR:Module_Adh&eacute;rents|ES:M&oacute;dulo_Miembros';
$help_url = 'EN:Module_Foundations|FR:Module_Adh&eacute;rents|ES:M&oacute;dulo_Miembros|DE:Modul_Mitglieder';
llxHeader('', $langs->trans("MembersTypeSetup"), $help_url);
// List of members type

8
htdocs/admin/confexped.php
View File

@ -110,11 +110,11 @@ print '<td class="center">';
print $langs->trans("Required");
/*if (empty($conf->global->MAIN_SUBMODULE_EXPEDITION))
{
print '<a href="confexped.php?action=activate_sending">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
print '<a href="confexped.php?action=activate_sending&token='.newToken().'">'.img_picto($langs->trans("Disabled"),'switch_off').'</a>';
}
else
{
print '<a href="confexped.php?action=disable_sending">'.img_picto($langs->trans("Enabled"),'switch_on').'</a>';
print '<a href="confexped.php?action=disable_sending&token='.newToken().'">'.img_picto($langs->trans("Enabled"),'switch_on').'</a>';
}*/
print "</td>";
print '</tr>';
@ -130,9 +130,9 @@ print '</td>';
print '<td class="center">';
if (empty($conf->global->MAIN_SUBMODULE_DELIVERY)) {
print '<a href="confexped.php?action=activate_delivery">'.img_picto($langs->trans("Disabled"), 'switch_off').'</a>';
print '<a href="'.$_SERVER["PHP_SELF"].'?action=activate_delivery&token='.newToken().'">'.img_picto($langs->trans("Disabled"), 'switch_off').'</a>';
} else {
print '<a href="confexped.php?action=disable_delivery">'.img_picto($langs->trans("Enabled"), 'switch_on').'</a>';
print '<a href="'.$_SERVER["PHP_SELF"].'?action=disable_delivery&token='.newToken().'">'.img_picto($langs->trans("Enabled"), 'switch_on').'</a>';
}
print "</td>";

6
htdocs/admin/fckeditor.php
View File

@ -89,7 +89,7 @@ $picto = array(
*/
foreach ($modules as $const => $desc) {
if ($action == 'activate_'.strtolower($const)) {
if ($action == 'enable_'.strtolower($const)) {
dolibarr_set_const($db, "FCKEDITOR_ENABLE_".$const, "1", 'chaine', 0, '', $conf->entity);
// If fckeditor is active in the product/service description, it is activated in the forms
if ($const == 'PRODUCTDESC' && !empty($conf->global->PRODUIT_DESC_IN_FORM)) {
@ -166,9 +166,9 @@ if (empty($conf->use_javascript_ajax)) {
$constante = 'FCKEDITOR_ENABLE_'.$const;
$value = (isset($conf->global->$constante) ? $conf->global->$constante : 0);
if ($value == 0) {
print '<a href="'.$_SERVER['PHP_SELF'].'?action=activate_'.strtolower($const).'">'.img_picto($langs->trans("Disabled"), 'switch_off').'</a>';
print '<a href="'.$_SERVER['PHP_SELF'].'?action=enable_'.strtolower($const).'&token='.newToken().'">'.img_picto($langs->trans("Disabled"), 'switch_off').'</a>';
} elseif ($value == 1) {
print '<a href="'.$_SERVER['PHP_SELF'].'?action=disable_'.strtolower($const).'">'.img_picto($langs->trans("Enabled"), 'switch_on').'</a>';
print '<a href="'.$_SERVER['PHP_SELF'].'?action=disable_'.strtolower($const).'&token='.newToken().'">'.img_picto($langs->trans("Enabled"), 'switch_on').'</a>';
}
print "</td>";

47
htdocs/admin/mails_senderprofile_list.php
View File

@ -76,14 +76,6 @@ if (!$sortorder) {
$sortorder = "ASC";
}
// Security check
$socid = 0;
if ($user->socid > 0) { // Protection if external user
//$socid = $user->socid;
accessforbidden();
}
//$result = restrictedArea($user, 'mymodule', $id, '');
// Initialize array of search criterias
$search_all = GETPOST("search_all", 'alpha');
$search = array();
@ -133,6 +125,19 @@ if ($id > 0) {
$object->fetch($id);
}
// Security check
$socid = 0;
if ($user->socid > 0) { // Protection if external user
//$socid = $user->socid;
accessforbidden();
}
// A non admin user can see profiles but limited to its own user
if (!$user->admin) {
if ($object->id > 0 && $object->private != $user->id) {
accessforbidden();
}
}
/*
* Actions
@ -261,6 +266,10 @@ foreach ($search as $key => $val) {
if ($search_all) {
$sql .= natural_search(array_keys($fieldstosearchall), $search_all);
}
// If non admin, restrict list to itself
if (empty($user->admin)) {
$sql .= " AND private = ".((int) $user->id);
}
//$sql.= dolSqlDateFilter("t.field", $search_xxxday, $search_xxxmonth, $search_xxxyear);
// Add where from extra fields
include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php';
@ -315,32 +324,10 @@ if (is_numeric($nbtotalofrecords) && ($limit > $nbtotalofrecords || empty($limit
$num = $db->num_rows($resql);
}
// Direct jump if only one record found
if ($num == 1 && !empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && $search_all && !$page) {
$obj = $db->fetch_object($resql);
$id = $obj->rowid;
header("Location: ".DOL_URL_ROOT.'/monmodule/emailsenderprofile_card.php?id='.$id);
exit;
}
// Output page
// --------------------------------------------------------------------
// Example : Adding jquery code
print '<script type="text/javascript" language="javascript">
jQuery(document).ready(function() {
function init_myfunc()
{
jQuery("#myid").removeAttr(\'disabled\');
jQuery("#myid").attr(\'disabled\',\'disabled\');
}
init_myfunc();
jQuery("#mybutton").click(function() {
init_myfunc();
});
});
</script>';
$arrayofselected = is_array($toselect) ? $toselect : array();
$param = '';

8
htdocs/admin/mails_ticket.php
View File

@ -32,10 +32,6 @@ $langs->loadLangs(array('companies', 'products', 'admin', 'mails', 'other', 'err
$action = GETPOST('action', 'aZ09');
if (!$user->admin) {
accessforbidden();
}
$usersignature = $user->signature;
// For action = test or send, we ensure that content is not html, even for signature, because this we want a test with NO html.
if ($action == 'test' || $action == 'send') {
@ -53,6 +49,10 @@ $substitutionarrayfortest = array(
);
complete_substitutions_array($substitutionarrayfortest, $langs);
// Security check
if (!$user->admin) {
accessforbidden();
}
/*

10
htdocs/admin/security.php
View File

@ -406,7 +406,7 @@ if (!empty($conf->global->DATABASE_PWD_ENCRYPTED)) {
if ($allow_disable_encryption) {
//On n'autorise pas l'annulation de l'encryption car les mots de passe ne peuvent pas etre decodes
//Do not allow "disable encryption" as passwords cannot be decrypted
print '<a href="security.php?action=disable_encrypt">'.$langs->trans("Disable").'</a>';
print '<a href="'.$_SERVER["PHP_SELF"].'?action=disable_encrypt&token='.newToken().'">'.$langs->trans("Disable").'</a>';
} else {
print '-';
}
@ -432,10 +432,10 @@ if (empty($dolibarr_main_db_pass) && empty($dolibarr_main_db_encrypted_pass)) {
print img_warning($langs->trans("WarningPassIsEmpty"));
} else {
if (empty($dolibarr_main_db_encrypted_pass)) {
print '<a href="security.php?action=activate_encryptdbpassconf">'.$langs->trans("Activate").'</a>';
print '<a href="'.$_SERVER["PHP_SELF"].'?action=activate_encryptdbpassconf&token='.newToken().'">'.$langs->trans("Activate").'</a>';
}
if (!empty($dolibarr_main_db_encrypted_pass)) {
print '<a href="security.php?action=disable_encryptdbpassconf">'.$langs->trans("Disable").'</a>';
print '<a href="'.$_SERVER["PHP_SELF"].'?action=disable_encryptdbpassconf&token='.newToken().'">'.$langs->trans("Disable").'</a>';
}
}
print "</td>";
@ -455,12 +455,12 @@ if (!empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)) {
print '</td>';
if (empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)) {
print '<td align="center" width="100">';
print '<a href="security.php?action=activate_MAIN_SECURITY_DISABLEFORGETPASSLINK">'.$langs->trans("Activate").'</a>';
print '<a href="'.$_SERVER["PHP_SELF"].'?action=activate_MAIN_SECURITY_DISABLEFORGETPASSLINK&token='.newToken().'">'.$langs->trans("Activate").'</a>';
print "</td>";
}
if (!empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)) {
print '<td align="center" width="100">';
print '<a href="security.php?action=disable_MAIN_SECURITY_DISABLEFORGETPASSLINK">'.$langs->trans("Disable").'</a>';
print '<a href="'.$_SERVER["PHP_SELF"].'?action=disable_MAIN_SECURITY_DISABLEFORGETPASSLINK&token='.newToken().'">'.$langs->trans("Disable").'</a>';
print "</td>";
}
print "</td>";

2
htdocs/admin/system/dolibarr.php
View File

@ -442,7 +442,7 @@ foreach ($configfileparameters as $key => $value) {
print img_warning($langs->trans('SwitchThisForABetterSecurity', 0));
}
} else {
print ${$newkey};
print (empty(${$newkey}) ? '' : ${$newkey});
}
if ($newkey == 'dolibarr_main_url_root' && ${$newkey} != DOL_MAIN_URL_ROOT) {
print ' (currently overwritten by autodetected value: '.DOL_MAIN_URL_ROOT.')';

4
htdocs/barcode/printsheet.php
View File

@ -286,7 +286,7 @@ print '<div class="tagtable">';
// Sheet format
print ' <div class="tagtr">';
print ' <div class="tagtd" style="overflow: hidden; white-space: nowrap; max-width: 300px;">';
print ' <div class="tagtd">';
print $langs->trans("DescADHERENT_ETIQUETTE_TYPE").' &nbsp; ';
print '</div><div class="tagtd maxwidthonsmartphone" style="overflow: hidden; white-space: nowrap;">';
// List of possible labels (defined into $_Avery_Labels variable set into core/lib/format_cards.lib.php)
@ -302,7 +302,7 @@ print '</div></div>';
// Number of stickers to print
print ' <div class="tagtr">';
print ' <div class="tagtd" style="overflow: hidden; white-space: nowrap; max-width: 300px;">';
print ' <div class="tagtd">';
print $langs->trans("NumberOfStickers").' &nbsp; ';
print '</div><div class="tagtd maxwidthonsmartphone" style="overflow: hidden; white-space: nowrap;">';
print '<input size="4" type="text" name="numberofsticker" value="'.(GETPOST('numberofsticker') ?GETPOST('numberofsticker', 'int') : 10).'">';

10
htdocs/bom/bom_agenda.php
View File

@ -51,11 +51,6 @@ if (GETPOST('actioncode', 'array')) {
}
$search_agenda_label = GETPOST('search_agenda_label');
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
//$result = restrictedArea($user, 'bom', $id);
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
$sortorder = GETPOST("sortorder", 'alpha');
@ -87,6 +82,11 @@ if ($id > 0 || !empty($ref)) {
$upload_dir = $conf->bom->multidir_output[$object->entity]."/".$object->id;
}
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
/*

8
htdocs/bom/bom_card.php
View File

@ -75,8 +75,8 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be includ
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
//$isdraft = (($object->statut == $object::STATUS_DRAFT) ? 1 : 0);
//$result = restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
$result = restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
$permissionnote = $user->rights->bom->write; // Used by the include of actions_setnotes.inc.php
$permissiondellink = $user->rights->bom->write; // Used by the include of actions_dellink.inc.php
@ -656,11 +656,11 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
{
if ($object->status == 1)
{
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=disable">'.$langs->trans("Disable").'</a>'."\n";
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=disable&token='.newToken().'">'.$langs->trans("Disable").'</a>'."\n";
}
else
{
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=enable">'.$langs->trans("Enable").'</a>'."\n";
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=enable&token='.newToken().'">'.$langs->trans("Enable").'</a>'."\n";
}
}
*/

6
htdocs/bom/bom_document.php
View File

@ -79,6 +79,12 @@ if ($id > 0 || !empty($ref)) {
$upload_dir = $conf->bom->multidir_output[$object->entity ? $object->entity : 1]."/bom/".get_exdir(0, 0, 0, 1, $object);
}
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
/*
* Actions

19
htdocs/bom/bom_list.php
View File

@ -76,18 +76,6 @@ if (!$sortorder) {
$sortorder = "ASC";
}
// Security check
if (empty($conf->bom->enabled)) {
accessforbidden('Module not enabled');
}
$socid = 0;
if ($user->socid > 0) {
// Protection if external user
//$socid = $user->socid;
accessforbidden();
}
//$result = restrictedArea($user, 'bom', $id, '');
// Initialize array of search criterias
$search_all = GETPOST("search_all", 'alpha');
$search = array();
@ -133,6 +121,13 @@ $permissiontoread = $user->rights->bom->read;
$permissiontoadd = $user->rights->bom->write;
$permissiontodelete = $user->rights->bom->delete;
// Security check
if ($user->socid > 0) {
// Protection if external user
accessforbidden();
}
$result = restrictedArea($user, 'bom');
/*
* Actions

8
htdocs/bom/bom_note.php
View File

@ -57,9 +57,13 @@ if ($id > 0 || !empty($ref)) {
$upload_dir = $conf->bom->multidir_output[$object->entity]."/".$object->id;
}
$permissionnote = 1;
//$permissionnote=$user->rights->bom->creer; // Used by the include of actions_setnotes.inc.php
$permissionnote = $user->rights->bom->write; // Used by the include of actions_setnotes.inc.php
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
/*

2
htdocs/comm/propal/stats/index.php
View File

@ -81,7 +81,7 @@ $langs->loadLangs(array('propal', 'other', 'companies'));
if ($mode == 'customer') {
$picto = 'propal';
$title = $langs->trans("ProposalsStatistics");
$dir = $conf->propale->dir_temp;
$dir = $conf->propal->dir_temp;
$cat_type = Categorie::TYPE_CUSTOMER;
$cat_label = $langs->trans("Category").' '.lcfirst($langs->trans("Customer"));
}

56
htdocs/compta/accounting-files.php
View File

@ -34,6 +34,7 @@ if ((array_key_exists('action', $_GET) && $_GET['action'] == 'dl') || (array_key
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
require_once DOL_DOCUMENT_ROOT.'/compta/paiement/class/paiement.class.php';
require_once DOL_DOCUMENT_ROOT.'/salaries/class/paymentsalary.class.php';
@ -56,13 +57,12 @@ $date_start = GETPOST('date_start', 'alpha');
$date_startDay = GETPOST('date_startday', 'int');
$date_startMonth = GETPOST('date_startmonth', 'int');
$date_startYear = GETPOST('date_startyear', 'int');
$date_start = ($date_startDay) ?dol_mktime(0, 0, 0, $date_startMonth, $date_startDay, $date_startYear) : strtotime($date_start);
$date_start = ($date_startDay ? dol_mktime(0, 0, 0, $date_startMonth, $date_startDay, $date_startYear, 'tzuserrel') : dol_stringtotime($date_start));
$date_stop = GETPOST('date_stop', 'alpha');
$date_stopDay = GETPOST('date_stopday', 'int');
$date_stopMonth = GETPOST('date_stopmonth', 'int');
$date_stopYear = GETPOST('date_stopyear', 'int');
//FIXME doldate
$date_stop = ($date_stopDay) ?dol_mktime(23, 59, 59, $date_stopMonth, $date_stopDay, $date_stopYear) : strtotime($date_stop);
$date_stop = ($date_stopDay ? dol_mktime(23, 59, 59, $date_stopMonth, $date_stopDay, $date_stopYear, 'tzuserrel') : dol_stringtotime($date_stop));
$action = GETPOST('action', 'aZ09');
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
@ -126,6 +126,17 @@ if (empty($entity)) {
$error = 0;
$listofchoices = array(
'selectinvoices'=>array('label'=>'Invoices', 'lang'=>'bills', 'enabled' => !empty($conf->facture->enabled), 'perms' => !empty($user->rights->facture->lire)),
'selectsupplierinvoices'=>array('label'=>'BillsSuppliers', 'lang'=>'bills', 'enabled' => !empty($conf->supplier_invoice->enabled), 'perms' => !empty($user->rights->fournisseur->facture->lire)),
'selectexpensereports'=>array('label'=>'ExpenseReports', 'lang'=>'trips', 'enabled' => !empty($conf->expensereport->enabled), 'perms' => !empty($user->rights->expensereport->lire)),
'selectdonations'=>array('label'=>'Donations', 'lang'=>'donation', 'enabled' => !empty($conf->don->enabled), 'perms' => !empty($user->rights->don->lire)),
'selectsocialcontributions'=>array('label'=>'SocialContributions', 'enabled' => !empty($conf->tax->enabled), 'perms' => !empty($user->rights->tax->charges->lire)),
'selectpaymentsofsalaries'=>array('label'=>'SalariesPayments', 'lang'=>'salaries', 'enabled' => !empty($conf->salaries->enabled), 'perms' => !empty($user->rights->salaries->read)),
'selectvariouspayment'=>array('label'=>'VariousPayment', 'enabled' => !empty($conf->banque->enabled), 'perms' => !empty($user->rights->banque->lire)),
'selectloanspayment'=>array('label'=>'PaymentLoan', 'enabled' => !empty($conf->loan->enabled), 'perms' => !empty($user->rights->loan->read)),
);
/*
@ -155,7 +166,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$wheretail = " '".$db->idate($date_start)."' AND '".$db->idate($date_stop)."'";
// Customer invoices
if (GETPOST('selectinvoices')) {
if (GETPOST('selectinvoices') && !empty($listofchoices['selectinvoices']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
@ -166,7 +177,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " AND t.fk_statut <> ".Facture::STATUS_DRAFT;
}
// Vendor invoices
if (GETPOST('selectsupplierinvoices')) {
if (GETPOST('selectsupplierinvoices') && !empty($listofchoices['selectsupplierinvoices']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
@ -177,7 +188,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " AND t.fk_statut <> ".FactureFournisseur::STATUS_DRAFT;
}
// Expense reports
if (GETPOST('selectexpensereports')) {
if (GETPOST('selectexpensereports') && !empty($listofchoices['selectexpensereports']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
@ -188,7 +199,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " AND t.fk_statut <> ".ExpenseReport::STATUS_DRAFT;
}
// Donations
if (GETPOST('selectdonations')) {
if (GETPOST('selectdonations') && !empty($listofchoices['selectdonations']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
@ -199,7 +210,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " AND t.fk_statut <> ".Don::STATUS_DRAFT;
}
// Payments of salaries
if (GETPOST('selectpaymentsofsalaries')) {
if (GETPOST('selectpaymentsofsalaries') && !empty($listofchoices['selectpaymentsofsalaries']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
@ -210,7 +221,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
//$sql.=" AND fk_statut <> ".PaymentSalary::STATUS_DRAFT;
}
// Social contributions
if (GETPOST('selectsocialcontributions')) {
if (GETPOST('selectsocialcontributions') && !empty($listofchoices['selectsocialcontributions']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
@ -221,7 +232,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
//$sql.=" AND fk_statut <> ".ChargeSociales::STATUS_DRAFT;
}
// Various payments
if (GETPOST('selectvariouspayment')) {
if (GETPOST('selectvariouspayment') && !empty($listofchoices['selectvariouspayment']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
@ -231,7 +242,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
}
// Loan payments
if (GETPOST('selectloanspayment')) {
if (GETPOST('selectloanspayment') && !empty($listofchoices['selectloanspayment']['perms'])) {
if (!empty($sql)) {
$sql .= " UNION ALL";
}
@ -539,8 +550,11 @@ print '<input type="hidden" name="token" value="'.newToken().'">';
print '<span class="opacitymedium">'.$langs->trans("ExportAccountingSourceDocHelp", $langs->transnoentitiesnoconv("Accounting"), $langs->transnoentitiesnoconv("Journals")).'</span><br>';
print '<br>';
print $langs->trans("ReportPeriod").': '.$form->selectDate($date_start, 'date_start', 0, 0, 0, "", 1, 1, 0);
print ' - '.$form->selectDate($date_stop, 'date_stop', 0, 0, 0, "", 1, 1, 0)."\n";
print $langs->trans("ReportPeriod").': ';
print $form->selectDate($date_start, 'date_start', 0, 0, 0, "", 1, 1, 0, '', '', '', '', 1, '', '', 'tzuserrel');
print ' - ';
print $form->selectDate($date_stop, 'date_stop', 0, 0, 0, "", 1, 1, 0, '', '', '', '', 1, '', '', 'tzuserrel');
print "\n";
// Export is for current company only
if (!empty($conf->multicompany->enabled) && is_object($mc)) {
@ -558,22 +572,16 @@ if (!empty($conf->multicompany->enabled) && is_object($mc)) {
print '<br>';
$listofchoices = array(
'selectinvoices'=>array('label'=>'Invoices', 'lang'=>'bills', 'enabled' => !empty($conf->facture->enabled)),
'selectsupplierinvoices'=>array('label'=>'BillsSuppliers', 'lang'=>'bills', 'enabled' => !empty($conf->supplier_invoice->enabled)),
'selectexpensereports'=>array('label'=>'ExpenseReports', 'lang'=>'trips', 'enabled' => !empty($conf->expensereport->enabled)),
'selectdonations'=>array('label'=>'Donations', 'lang'=>'donation', 'enabled' => !empty($conf->don->enabled)),
'selectsocialcontributions'=>array('label'=>'SocialContributions', 'enabled' => !empty($conf->tax->enabled)),
'selectpaymentsofsalaries'=>array('label'=>'SalariesPayments', 'lang'=>'salaries', 'enabled' => !empty($conf->salaries->enabled)),
'selectvariouspayment'=>array('label'=>'VariousPayment', 'enabled' => !empty($conf->banque->enabled)),
'selectloanspayment'=>array('label'=>'PaymentLoan', 'enabled' => !empty($conf->loan->enabled)),
);
foreach ($listofchoices as $choice => $val) {
if (empty($val['enabled'])) {
continue; // list not qualified
}
$disabled = '';
if (empty($val['perms'])) {
$disabled = ' disabled';
}
$checked = (((!GETPOSTISSET('search') && $action != 'searchfiles') || GETPOST($choice)) ? ' checked="checked"' : '');
print '<div class="paddingleft inline-block marginrightonly"><input type="checkbox" id="'.$choice.'" name="'.$choice.'" value="1"'.$checked.'> <label for="'.$choice.'">'.$langs->trans($val['label']).'</label></div>';
print '<div class="paddingleft inline-block marginrightonly"><input type="checkbox" id="'.$choice.'" name="'.$choice.'" value="1"'.$checked.$disabled.'> <label for="'.$choice.'">'.$langs->trans($val['label']).'</label></div>';
}
print '<input class="button" type="submit" name="search" value="'.$langs->trans("Search").'">';

25
htdocs/compta/bank/bankentries_list.php
View File

@ -898,18 +898,21 @@ if ($resql) {
print '<br>';
}
/// ajax to adjust value date with plus and less picto
// Code to adjust value date with plus and less picto using an Ajax call instead of a full reload of page
$urlajax = DOL_URL_ROOT.'/core/ajax/bankconciliate.php?token='.currentToken();
print '
<script type="text/javascript">
$(function() {
$("a.ajax").each(function(){
$("a.ajaxforbankoperationchange").each(function(){
var current = $(this);
current.click(function()
{
$.get("'.DOL_URL_ROOT.'/core/ajax/bankconciliate.php?"+current.attr("href").split("?")[1], function(data)
var url = "'.$urlajax.'&"+current.attr("href").split("?")[1];
$.get(url, function(data)
{
console.log(data)
current.parent().prev().replaceWith(data);
console.log(url)
console.log(data)
current.parent().parent().find(".spanforajaxedit").replaceWith(data);
});
return false;
});
@ -1448,12 +1451,12 @@ if ($resql) {
// Date ope
if (!empty($arrayfields['b.dateo']['checked'])) {
print '<td align="center" class="nowrap">';
print '<span id="dateoperation_'.$objp->rowid.'">'.dol_print_date($db->jdate($objp->do), "day")."</span>";
print '<span class="spanforajaxedit" id="dateoperation_'.$objp->rowid.'">'.dol_print_date($db->jdate($objp->do), "day")."</span>";
print '&nbsp;';
print '<span class="inline-block">';
print '<a class="ajax" href="'.$_SERVER['PHP_SELF'].'?action=doprev&amp;account='.$objp->bankid.'&amp;rowid='.$objp->rowid.'">';
print '<a class="ajaxforbankoperationchange" href="'.$_SERVER['PHP_SELF'].'?action=doprev&amp;account='.$objp->bankid.'&amp;rowid='.$objp->rowid.'">';
print img_edit_remove()."</a> ";
print '<a class="ajax" href="'.$_SERVER['PHP_SELF'].'?action=donext&amp;account='.$objp->bankid.'&amp;rowid='.$objp->rowid.'">';
print '<a class="ajaxforbankoperationchange" href="'.$_SERVER['PHP_SELF'].'?action=donext&amp;account='.$objp->bankid.'&amp;rowid='.$objp->rowid.'">';
print img_edit_add()."</a>";
print '</span>';
print "</td>\n";
@ -1465,12 +1468,12 @@ if ($resql) {
// Date value
if (!empty($arrayfields['b.datev']['checked'])) {
print '<td align="center" class="nowrap">';
print '<span id="datevalue_'.$objp->rowid.'">'.dol_print_date($db->jdate($objp->dv), "day")."</span>";
print '<span class="spanforajaxedit" id="datevalue_'.$objp->rowid.'">'.dol_print_date($db->jdate($objp->dv), "day")."</span>";
print '&nbsp;';
print '<span class="inline-block">';
print '<a class="ajax" href="'.$_SERVER['PHP_SELF'].'?action=dvprev&amp;account='.$objp->bankid.'&amp;rowid='.$objp->rowid.'">';
print '<a class="ajaxforbankoperationchange" href="'.$_SERVER['PHP_SELF'].'?action=dvprev&amp;account='.$objp->bankid.'&amp;rowid='.$objp->rowid.'">';
print img_edit_remove()."</a> ";
print '<a class="ajax" href="'.$_SERVER['PHP_SELF'].'?action=dvnext&amp;account='.$objp->bankid.'&amp;rowid='.$objp->rowid.'">';
print '<a class="ajaxforbankoperationchange" href="'.$_SERVER['PHP_SELF'].'?action=dvnext&amp;account='.$objp->bankid.'&amp;rowid='.$objp->rowid.'">';
print img_edit_add()."</a>";
print '</span>';
print "</td>\n";

12
htdocs/compta/bank/card.php
View File

@ -54,12 +54,6 @@ $langs->loadLangs(array("banks", "bills", "categories", "companies", "compta"));
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel', 'alpha');
// Security check
$id = GETPOST("id", 'int') ? GETPOST("id", 'int') : GETPOST('ref', 'alpha');
$fieldid = GETPOSTISSET("ref") ? 'ref' : 'rowid';
$result = restrictedArea($user, 'banque', $id, 'bank_account&bank_account', '', '', $fieldid);
$object = new Account($db);
$extrafields = new ExtraFields($db);
@ -69,6 +63,12 @@ $extrafields->fetch_name_optionals_label($object->table_element);
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('bankcard', 'globalcard'));
// Security check
$id = GETPOST("id", 'int') ? GETPOST("id", 'int') : GETPOST('ref', 'alpha');
$fieldid = GETPOSTISSET("ref") ? 'ref' : 'rowid';
$result = restrictedArea($user, 'banque', $id, 'bank_account&bank_account', '', '', $fieldid);
/*
* Actions
*/

12
htdocs/compta/bank/class/account.class.php
View File

@ -2098,12 +2098,12 @@ class AccountLine extends CommonObject
}
$sql = "UPDATE ".MAIN_DB_PREFIX."bank SET";
$sql .= " rappro = ".$conciliated;
$sql .= " rappro = ".((int) $conciliated);
$sql .= ", num_releve = '".$this->db->escape($this->num_releve)."'";
if ($conciliated) {
$sql .= ", fk_user_rappro = ".$user->id;
}
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::update_conciliation", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2145,7 +2145,7 @@ class AccountLine extends CommonObject
public function datev_change($rowid, $sign = 1)
{
// phpcs:enable
$sql = "SELECT datev FROM ".MAIN_DB_PREFIX."bank WHERE rowid = ".$rowid;
$sql = "SELECT datev FROM ".MAIN_DB_PREFIX."bank WHERE rowid = ".((int) $rowid);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);
@ -2153,7 +2153,7 @@ class AccountLine extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."bank SET";
$sql .= " datev = '".$this->db->idate($newdate)."'";
$sql .= " WHERE rowid = ".$rowid;
$sql .= " WHERE rowid = ".((int) $rowid);
$result = $this->db->query($sql);
if ($result) {
@ -2208,7 +2208,7 @@ class AccountLine extends CommonObject
public function dateo_change($rowid, $sign = 1)
{
// phpcs:enable
$sql = "SELECT dateo FROM ".MAIN_DB_PREFIX."bank WHERE rowid = ".$rowid;
$sql = "SELECT dateo FROM ".MAIN_DB_PREFIX."bank WHERE rowid = ".((int) $rowid);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);
@ -2216,7 +2216,7 @@ class AccountLine extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."bank SET";
$sql .= " dateo = '".$this->db->idate($newdate)."'";
$sql .= " WHERE rowid = ".$rowid;
$sql .= " WHERE rowid = ".((int) $rowid);
$result = $this->db->query($sql);
if ($result) {

1
htdocs/compta/bank/document.php
View File

@ -71,6 +71,7 @@ if ($id > 0 || !empty($ref)) {
$object->fetch($id, $ref);
}
$result = restrictedArea($user, 'banque', $object->id, 'bank_account', '', '');

12
htdocs/compta/bank/info.php
View File

@ -30,6 +30,18 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
$langs->loadLangs(array('banks', 'categories', 'companies'));
$id = GETPOST("rowid", 'int');
$ref = GETPOST('ref', 'alpha');
// Security check
$fieldvalue = (!empty($id) ? $id : (!empty($ref) ? $ref : ''));
$fieldtype = (!empty($ref) ? 'ref' : 'rowid');
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'banque', $fieldvalue, 'bank_account', '', '', $fieldtype);
if (!$user->rights->banque->lire && !$user->rights->banque->consolidate) {
accessforbidden();
}
/*

40
htdocs/compta/bank/line.php
View File

@ -92,16 +92,16 @@ if ($cancel) {
if ($user->rights->banque->consolidate && $action == 'donext') {
$al = new AccountLine($db);
$al->dateo_next($_GET["rowid"]);
$al->dateo_next(GETPOST("rowid", 'int'));
} elseif ($user->rights->banque->consolidate && $action == 'doprev') {
$al = new AccountLine($db);
$al->dateo_previous($_GET["rowid"]);
$al->dateo_previous(GETPOST("rowid", 'int'));
} elseif ($user->rights->banque->consolidate && $action == 'dvnext') {
$al = new AccountLine($db);
$al->datev_next($_GET["rowid"]);
$al->datev_next(GETPOST("rowid", 'int'));
} elseif ($user->rights->banque->consolidate && $action == 'dvprev') {
$al = new AccountLine($db);
$al->datev_previous($_GET["rowid"]);
$al->datev_previous(GETPOST("rowid", 'int'));
}
if ($action == 'confirm_delete_categ' && $confirm == "yes" && $user->rights->banque->modifier) {
@ -489,9 +489,9 @@ if ($result) {
print $form->selectDate($db->jdate($objp->do), 'dateo', '', '', '', 'update', 1, 0, $objp->rappro);
if (!$objp->rappro) {
print ' &nbsp; ';
print '<a href="'.$_SERVER['PHP_SELF'].'?action=doprev&amp;id='.$id.'&amp;rowid='.$objp->rowid.'">';
print '<a class="ajaxforbankoperationchange" href="'.$_SERVER['PHP_SELF'].'?action=doprev&amp;id='.$id.'&amp;rowid='.$objp->rowid.'">';
print img_edit_remove()."</a> ";
print '<a href="'.$_SERVER['PHP_SELF'].'?action=donext&amp;id='.$id.'&amp;rowid='.$objp->rowid.'">';
print '<a class="ajaxforbankoperationchange" href="'.$_SERVER['PHP_SELF'].'?action=donext&amp;id='.$id.'&amp;rowid='.$objp->rowid.'">';
print img_edit_add()."</a>";
}
print '</td>';
@ -509,9 +509,9 @@ if ($result) {
print $form->selectDate($db->jdate($objp->dv), 'datev', '', '', '', 'update', 1, 0, $objp->rappro);
if (!$objp->rappro) {
print ' &nbsp; ';
print '<a href="'.$_SERVER['PHP_SELF'].'?action=dvprev&amp;id='.$id.'&amp;rowid='.$objp->rowid.'">';
print '<a class="ajaxforbankoperationchange" href="'.$_SERVER['PHP_SELF'].'?action=dvprev&amp;id='.$id.'&amp;rowid='.$objp->rowid.'">';
print img_edit_remove()."</a> ";
print '<a href="'.$_SERVER['PHP_SELF'].'?action=dvnext&amp;id='.$id.'&amp;rowid='.$objp->rowid.'">';
print '<a class="ajaxforbankoperationchange" href="'.$_SERVER['PHP_SELF'].'?action=dvnext&amp;id='.$id.'&amp;rowid='.$objp->rowid.'">';
print img_edit_add()."</a>";
}
print '</td>';
@ -573,6 +573,30 @@ if ($result) {
print "</table>";
// Code to adjust value date with plus and less picto using an Ajax call instead of a full reload of page
/* Not yet ready. We must manage inline replacemet of input date field
$urlajax = DOL_URL_ROOT.'/core/ajax/bankconciliate.php?token='.currentToken();
print '
<script type="text/javascript">
$(function() {
$("a.ajaxforbankoperationchange").each(function(){
var current = $(this);
current.click(function()
{
var url = "'.$urlajax.'&"+current.attr("href").split("?")[1];
$.get(url, function(data)
{
console.log(url)
console.log(data)
current.parent().prev().replaceWith(data);
});
return false;
});
});
});
</script>
';
*/
print '</div>';
print dol_get_fiche_end();

32
htdocs/compta/bank/releve.php
View File

@ -454,11 +454,14 @@ if (empty($numref)) {
// Date de valeur
print '<td valign="center" class="center nowrap">';
print dol_print_date($db->jdate($objp->dv), "day").' ';
print '<a class="ajax reposition" href="'.$_SERVER['PHP_SELF'].'?action=dvprev&amp;num='.$numref.'&amp;account='.$object->id.'&amp;dvid='.$objp->rowid.'">';
print '<span class="spanforajaxedit">'.dol_print_date($db->jdate($objp->dv), "day").'</span>';
print '&nbsp;';
print '<span class="inline-block">';
print '<a class="ajaxforbankoperationchange reposition" href="'.$_SERVER['PHP_SELF'].'?action=dvprev&amp;num='.$numref.'&amp;account='.$object->id.'&amp;rowid='.$objp->rowid.'&amp;dvid='.$objp->rowid.'">';
print img_edit_remove()."</a> ";
print '<a class="ajax reposition" href="'.$_SERVER['PHP_SELF'].'?action=dvnext&amp;num='.$numref.'&amp;account='.$object->id.'&amp;dvid='.$objp->rowid.'">';
print '<a class="ajaxforbankoperationchange reposition" href="'.$_SERVER['PHP_SELF'].'?action=dvnext&amp;num='.$numref.'&amp;account='.$object->id.'&amp;rowid='.$objp->rowid.'&amp;dvid='.$objp->rowid.'">';
print img_edit_add()."</a>";
print '</span>';
print "</td>\n";
// Type and num
@ -656,6 +659,29 @@ if (empty($numref)) {
print "</tr>\n";
print "</table>";
// Code to adjust value date with plus and less picto using an Ajax call instead of a full reload of page
$urlajax = DOL_URL_ROOT.'/core/ajax/bankconciliate.php?token='.currentToken();
print '
<script type="text/javascript">
$(function() {
$("a.ajaxforbankoperationchange").each(function(){
var current = $(this);
current.click(function()
{
var url = "'.$urlajax.'&"+current.attr("href").split("?")[1];
$.get(url, function(data)
{
console.log(url)
console.log(data)
current.parent().parent().find(".spanforajaxedit").replaceWith(data);
});
return false;
});
});
});
</script>
';
print "</div>";
print "</form>\n";

1
htdocs/compta/bank/transfer.php
View File

@ -233,6 +233,7 @@ $account_from = '';
$account_to = '';
$label = '';
$amount = '';
$amountto = '';
if ($error) {
$account_from = GETPOST('account_from', 'int');

23
htdocs/compta/bank/treso.php
View File

@ -37,22 +37,23 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
$langs->loadLangs(array('banks', 'categories', 'bills', 'companies'));
// Security check
if (isset($_GET["account"]) || isset($_GET["ref"])) {
$id = isset($_GET["account"]) ? $_GET["account"] : (isset($_GET["ref"]) ? $_GET["ref"] : '');
if (GETPOSTISSET("account") || GETPOSTISSET("ref")) {
$id = GETPOSTISSET("account") ? GETPOST("account") : (GETPOSTISSET("ref") ? GETPOST("ref") : '');
}
$fieldid = isset($_GET["ref"]) ? 'ref' : 'rowid';
$fieldid = GETPOSTISSET("ref") ? 'ref' : 'rowid';
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'banque', $id, 'bank_account&bank_account', '', '', $fieldid);
$vline = isset($_GET["vline"]) ? $_GET["vline"] : $_POST["vline"];
$page = isset($_GET["page"]) ? $_GET["page"] : 0;
$vline = GETPOST('vline');
$page = GETPOSTISSET("page") ? GETPOST("page") : 0;
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('banktreso', 'globalcard'));
/*
* View
*/
@ -68,7 +69,7 @@ $socialcontribstatic = new ChargeSociales($db);
$form = new Form($db);
if ($_REQUEST["account"] || $_REQUEST["ref"]) {
if (GETPOST("account") || GETPOST("ref")) {
if ($vline) {
$viewline = $vline;
} else {
@ -76,11 +77,11 @@ if ($_REQUEST["account"] || $_REQUEST["ref"]) {
}
$object = new Account($db);
if ($_GET["account"]) {
$result = $object->fetch($_GET["account"]);
if (GETPOST("account", 'int')) {
$result = $object->fetch(GETPOST("account", 'int'));
}
if ($_GET["ref"]) {
$result = $object->fetch(0, $_GET["ref"]);
if (GETPOST("ref")) {
$result = $object->fetch(0, GETPOST("ref"));
$_GET["account"] = $object->id;
}
@ -91,6 +92,8 @@ if ($_REQUEST["account"] || $_REQUEST["ref"]) {
$linkback = '<a href="'.DOL_URL_ROOT.'/compta/bank/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
$morehtmlref = '';
dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref, '', 0, '', '', 1);
print dol_get_fiche_end();

14
htdocs/compta/cashcontrol/cashcontrol_card.php
View File

@ -67,11 +67,6 @@ if ($contextpage == 'takepos') {
$_GET['optioncss'] = 'print';
}
// Security check
if (!$user->rights->cashdesk->run && !$user->rights->takepos->run) {
accessforbidden();
}
$arrayofpaymentmode = array('cash'=>'Cash', 'cheque'=>'Cheque', 'card'=>'CreditCard');
$arrayofposavailable = array();
@ -95,6 +90,15 @@ $hookmanager->initHooks(array('cashcontrolcard', 'globalcard'));
// Load object
include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once.
// Security check
if ($user->socid > 0) { // Protection if external user
//$socid = $user->socid;
accessforbidden();
}
if (!$user->rights->cashdesk->run && !$user->rights->takepos->run) {
accessforbidden();
}
/*
* Actions

16
htdocs/compta/cashcontrol/cashcontrol_list.php
View File

@ -94,14 +94,6 @@ if (!$sortorder) {
$sortorder = "ASC";
}
// Security check
$socid = 0;
if ($user->socid > 0) { // Protection if external user
//$socid = $user->socid;
accessforbidden();
}
//$result = restrictedArea($user, 'monmodule', $id, '');
// Initialize array of search criterias
$search_all = GETPOST("search_all", 'alpha');
$search = array();
@ -133,6 +125,14 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php';
$object->fields = dol_sort_array($object->fields, 'position');
$arrayfields = dol_sort_array($arrayfields, 'position');
// Security check
if ($user->socid > 0) { // Protection if external user
//$socid = $user->socid;
accessforbidden();
}
if (!$user->rights->cashdesk->run && !$user->rights->takepos->run) {
accessforbidden();
}
/*

9
htdocs/compta/cashcontrol/report.php
View File

@ -72,6 +72,15 @@ $sday = $cashcontrol->day_close;
$posmodule = $cashcontrol->posmodule;
$terminalid = $cashcontrol->posnumber;
// Security check
if ($user->socid > 0) { // Protection if external user
//$socid = $user->socid;
accessforbidden();
}
if (!$user->rights->cashdesk->run && !$user->rights->takepos->run) {
accessforbidden();
}
/*
* View

9
htdocs/compta/facture/card-rec.php
View File

@ -65,7 +65,6 @@ $objecttype = 'facture_rec';
if ($action == "create" || $action == "add") {
$objecttype = '';
}
$result = restrictedArea($user, 'facture', $id, $objecttype);
$projectid = GETPOST('projectid', 'int');
$year_date_when = GETPOST('year_date_when');
@ -127,6 +126,8 @@ $now = dol_now();
$error = 0;
$result = restrictedArea($user, 'facture', $object->id, $objecttype);
/*
* Actions
@ -1657,15 +1658,15 @@ if ($action == 'create') {
if ($user->rights->facture->creer) {
if (empty($object->suspended)) {
print '<div class="inline-block divButAction"><a class="butActionDelete" href="'.DOL_URL_ROOT.'/compta/facture/card-rec.php?action=disable&id='.$object->id.'">'.$langs->trans("Disable").'</a></div>';
print '<div class="inline-block divButAction"><a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?action=disable&id='.$object->id.'&token='.newToken().'">'.$langs->trans("Disable").'</a></div>';
} else {
print '<div class="inline-block divButAction"><a class="butAction" href="'.DOL_URL_ROOT.'/compta/facture/card-rec.php?action=enable&id='.$object->id.'">'.$langs->trans("Enable").'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?action=enable&id='.$object->id.'&token='.newToken().'">'.$langs->trans("Enable").'</a></div>';
}
}
//if ($object->statut == Facture::STATUS_DRAFT && $user->rights->facture->supprimer)
if ($user->rights->facture->supprimer) {
print '<div class="inline-block divButAction"><a class="butActionDelete" href="'.$_SERVER['PHP_SELF'].'?action=ask_deleteinvoice&id='.$object->id.'">'.$langs->trans('Delete').'</a></div>';
print '<div class="inline-block divButAction"><a class="butActionDelete" href="'.$_SERVER['PHP_SELF'].'?action=ask_deleteinvoice&id='.$object->id.'&token='.newToken().'">'.$langs->trans('Delete').'</a></div>';
}
print '</div>';

14
htdocs/compta/facture/card.php
View File

@ -138,19 +138,19 @@ $permissiondellink = $usercancreate; // Used by the include of actions_dellink.i
$permissiontoedit = $usercancreate; // Used by the include of actions_lineupdonw.inc.php
$permissiontoadd = $usercancreate; // Used by the include of actions_addupdatedelete.inc.php
// retained warranty invoice available type
$retainedWarrantyInvoiceAvailableType = array();
if (!empty($conf->global->INVOICE_USE_RETAINED_WARRANTY)) {
$retainedWarrantyInvoiceAvailableType = explode('+', $conf->global->INVOICE_USE_RETAINED_WARRANTY);
}
// Security check
$fieldid = (!empty($ref) ? 'ref' : 'rowid');
if ($user->socid) {
$socid = $user->socid;
}
$isdraft = (($object->statut == Facture::STATUS_DRAFT) ? 1 : 0);
$result = restrictedArea($user, 'facture', $id, '', '', 'fk_soc', $fieldid, $isdraft);
// retained warranty invoice available type
$retainedWarrantyInvoiceAvailableType = array();
if (!empty($conf->global->INVOICE_USE_RETAINED_WARRANTY)) {
$retainedWarrantyInvoiceAvailableType = explode('+', $conf->global->INVOICE_USE_RETAINED_WARRANTY);
}
$result = restrictedArea($user, 'facture', $object->id, '', '', 'fk_soc', $fieldid, $isdraft);
/*

9
htdocs/compta/facture/class/facture.class.php
View File

@ -1543,6 +1543,13 @@ class Facture extends CommonInvoice
}
}
global $action, $hookmanager;
$hookmanager->initHooks(array('invoicedao'));
$parameters = array('id'=>$this->id, 'getnomurl'=>$result, 'notooltip' => $notooltip, 'addlinktonotes' => $addlinktonotes, 'save_lastsearch_value'=> $save_lastsearch_value, 'target' => $target);
$reshook = $hookmanager->executeHooks('getNomUrl', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks
if ($reshook > 0) $result = $hookmanager->resPrint;
else $result .= $hookmanager->resPrint;
return $result;
}
@ -1553,7 +1560,7 @@ class Facture extends CommonInvoice
* @param string $ref Reference of invoice
* @param string $ref_ext External reference of invoice
* @param int $notused Not used
* @param bool $fetch_situation Fetch the previous and next situation in $tab_previous_situation_invoice and $tab_next_situation_invoice
* @param bool $fetch_situation Load also the previous and next situation invoice into $tab_previous_situation_invoice and $tab_next_situation_invoice
* @return int >0 if OK, <0 if KO, 0 if not found
*/
public function fetch($rowid, $ref = '', $ref_ext = '', $notused = '', $fetch_situation = false)

16
htdocs/compta/facture/contact.php
View File

@ -48,9 +48,14 @@ $action = GETPOST('action', 'aZ09');
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'facture', $id);
$object = new Facture($db);
// Load object
if ($id > 0 || !empty($ref)) {
$ret = $object->fetch($id, $ref, '', '', $conf->global->INVOICE_USE_SITUATION);
}
$result = restrictedArea($user, 'facture', $object->id);
/*
@ -58,8 +63,6 @@ $object = new Facture($db);
*/
if ($action == 'addcontact' && $user->rights->facture->creer) {
$result = $object->fetch($id);
if ($result > 0 && $id > 0) {
$contactid = (GETPOST('userid') ? GETPOST('userid', 'int') : GETPOST('contactid', 'int'));
$typeid = (GETPOST('typecontact') ? GETPOST('typecontact') : GETPOST('type'));
@ -79,14 +82,9 @@ if ($action == 'addcontact' && $user->rights->facture->creer) {
}
} elseif ($action == 'swapstatut' && $user->rights->facture->creer) {
// Toggle the status of a contact
if ($object->fetch($id)) {
$result = $object->swapContactStatus(GETPOST('ligne'));
} else {
dol_print_error($db);
}
$result = $object->swapContactStatus(GETPOST('ligne'));
} elseif ($action == 'deletecontact' && $user->rights->facture->creer) {
// Deletes a contact
$object->fetch($id);
$result = $object->delete_contact($lineid);
if ($result >= 0) {

14
htdocs/compta/facture/document.php
View File

@ -48,12 +48,6 @@ $socid = GETPOST('socid', 'int');
$action = GETPOST('action', 'aZ09');
$confirm = GETPOST('confirm', 'alpha');
// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'facture', $id, '');
// Get parameters
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
@ -73,11 +67,17 @@ if (!$sortfield) {
}
$object = new Facture($db);
if ($object->fetch($id)) {
if ($object->fetch($id, $ref)) {
$object->fetch_thirdparty();
$upload_dir = $conf->facture->dir_output."/".dol_sanitizeFileName($object->ref);
}
// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'facture', $object->id, '');
/*
* Actions

26
htdocs/compta/facture/info.php
View File

@ -38,6 +38,25 @@ $langs->loadLangs(array('companies', 'bills'));
$id = GETPOST("facid", "int");
$ref = GETPOST("ref", 'alpha');
$object = new Facture($db);
$extrafields = new ExtraFields($db);
// Fetch optionals attributes and labels
$extrafields->fetch_name_optionals_label($object->table_element);
// Load object
if ($id > 0 || !empty($ref)) {
$ret = $object->fetch($id, $ref, '', '', $conf->global->INVOICE_USE_SITUATION);
}
// Security check
$fieldid = (!empty($ref) ? 'ref' : 'rowid');
if ($user->socid) {
$socid = $user->socid;
}
$isdraft = (($object->statut == Facture::STATUS_DRAFT) ? 1 : 0);
$result = restrictedArea($user, 'facture', $object->id, '', '', 'fk_soc', $fieldid, $isdraft);
/*
* View
@ -46,11 +65,10 @@ $ref = GETPOST("ref", 'alpha');
$form = new Form($db);
$title = $langs->trans('InvoiceCustomer')." - ".$langs->trans('Info');
$helpurl = "EN:Customers_Invoices|FR:Factures_Clients|ES:Facturas_a_clientes";
llxHeader('', $title, $helpurl);
$help_url = "EN:Customers_Invoices|FR:Factures_Clients|ES:Facturas_a_clientes";
llxHeader('', $title, $help_url);
$object = new Facture($db);
$object->fetch($id, $ref);
$object->fetch_thirdparty();
$object->info($object->id);

5
htdocs/compta/facture/invoicetemplate_list.php
View File

@ -165,6 +165,11 @@ if ($socid > 0) {
}
}
$objecttype = 'facture_rec';
$result = restrictedArea($user, 'facture', $object->id, $objecttype);
/*
* Actions
*/

17
htdocs/compta/facture/list.php
View File

@ -493,6 +493,10 @@ if ($search_user > 0) {
$sql .= ", ".MAIN_DB_PREFIX."element_contact as ec";
$sql .= ", ".MAIN_DB_PREFIX."c_type_contact as tc";
}
// Add table from hooks
$parameters = array();
$reshook = $hookmanager->executeHooks('printFieldListFrom', $parameters, $object); // Note that $action and $object may have been modified by hook
$sql .= $hookmanager->resPrint;
$sql .= ' WHERE f.fk_soc = s.rowid';
$sql .= ' AND f.entity IN ('.getEntity('invoice').')';
@ -689,10 +693,19 @@ if (!$sall) {
$sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key : '');
}
}
// Add GroupBy from hooks
$parameters = array('all' => $all, 'fieldstosearchall' => $fieldstosearchall);
$reshook = $hookmanager->executeHooks('printFieldListGroupBy', $parameters, $object); // Note that $action and $object may have been modified by hook
$sql .= $hookmanager->resPrint;
} else {
$sql .= natural_search(array_keys($fieldstosearchall), $sall);
}
// Add HAVING from hooks
$parameters = array();
$reshook = $hookmanager->executeHooks('printFieldListHaving', $parameters, $object); // Note that $action and $object may have been modified by hook
$sql .= !empty($hookmanager->resPrint) ? (' HAVING 1=1 ' . $hookmanager->resPrint) : '';
$sql .= ' ORDER BY ';
$listfield = explode(',', $sortfield);
$listorder = explode(',', $sortorder);
@ -865,6 +878,10 @@ if ($resql) {
// Add $param from extra fields
include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php';
// Add $param from hooks
$parameters = array();
$reshook = $hookmanager->executeHooks('printFieldListSearchParam', $parameters, $object); // Note that $action and $object may have been modified by hook
$param .= $hookmanager->resPrint;
$arrayofmassactions = array(
'validate'=>$langs->trans("Validate"),

13
htdocs/compta/facture/note.php
View File

@ -41,6 +41,14 @@ $ref = GETPOST('ref', 'alpha');
$socid = GETPOST('socid', 'int');
$action = GETPOST('action', 'aZ09');
$object = new Facture($db);
// Load object
if ($id > 0 || !empty($ref)) {
$object->fetch($id, $ref, '', '', $conf->global->INVOICE_USE_SITUATION);
}
$permissionnote = $user->rights->facture->creer; // Used by the include of actions_setnotes.inc.php
// Security check
$socid = 0;
if ($user->socid) {
@ -48,11 +56,6 @@ if ($user->socid) {
}
$result = restrictedArea($user, 'facture', $id, '');
$object = new Facture($db);
$object->fetch($id);
$permissionnote = $user->rights->facture->creer; // Used by the include of actions_setnotes.inc.php
/*
* Actions

23
htdocs/compta/resultat/clientfourn.php
View File

@ -49,18 +49,6 @@ $date_endday = GETPOST('date_endday', 'int');
$date_endyear = GETPOST('date_endyear', 'int');
$showaccountdetail = GETPOST('showaccountdetail', 'aZ09') ?GETPOST('showaccountdetail', 'aZ09') : 'no';
// Security check
$socid = GETPOST('socid', 'int');
if ($user->socid > 0) {
$socid = $user->socid;
}
if (!empty($conf->comptabilite->enabled)) {
$result = restrictedArea($user, 'compta', '', '', 'resultat');
}
if (!empty($conf->accounting->enabled)) {
$result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
}
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
$sortorder = GETPOST("sortorder", 'alpha');
@ -151,6 +139,17 @@ if (GETPOST("modecompta", 'alpha')) {
$AccCat = new AccountancyCategory($db);
// Security check
$socid = GETPOST('socid', 'int');
if ($user->socid > 0) {
$socid = $user->socid;
}
if (!empty($conf->comptabilite->enabled)) {
$result = restrictedArea($user, 'compta', '', '', 'resultat');
}
if (!empty($conf->accounting->enabled)) {
$result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
}
/*

17
htdocs/compta/resultat/index.php
View File

@ -108,6 +108,14 @@ $year_end = $tmpe['year'];
$nbofyear = ($year_end - $year_start) + 1;
//var_dump("year_start=".$year_start." year_end=".$year_end." nbofyear=".$nbofyear." date_start=".dol_print_date($date_start, 'dayhour')." date_end=".dol_print_date($date_end, 'dayhour'));
// Define modecompta ('CREANCES-DETTES' or 'RECETTES-DEPENSES' or 'BOOKKEEPING')
$modecompta = $conf->global->ACCOUNTING_MODE;
if (!empty($conf->accounting->enabled)) {
$modecompta = 'BOOKKEEPING';
}
if (GETPOST("modecompta", 'alpha')) {
$modecompta = GETPOST("modecompta", 'alpha');
}
// Security check
$socid = GETPOST('socid', 'int');
@ -121,15 +129,6 @@ if (!empty($conf->accounting->enabled)) {
$result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
}
// Define modecompta ('CREANCES-DETTES' or 'RECETTES-DEPENSES' or 'BOOKKEEPING')
$modecompta = $conf->global->ACCOUNTING_MODE;
if (!empty($conf->accounting->enabled)) {
$modecompta = 'BOOKKEEPING';
}
if (GETPOST("modecompta", 'alpha')) {
$modecompta = GETPOST("modecompta", 'alpha');
}
/*
* View

20
htdocs/compta/resultat/result.php
View File

@ -144,16 +144,20 @@ if (GETPOST("modecompta")) {
$modecompta = GETPOST("modecompta", 'alpha');
}
// Security check
if ($user->socid > 0) {
accessforbidden();
}
if (!$user->rights->accounting->comptarapport->lire) {
accessforbidden();
}
$AccCat = new AccountancyCategory($db);
// Security check
$socid = GETPOST('socid', 'int');
if ($user->socid > 0) {
$socid = $user->socid;
}
if (!empty($conf->comptabilite->enabled)) {
$result = restrictedArea($user, 'compta', '', '', 'resultat');
}
if (!empty($conf->accounting->enabled)) {
$result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
}
/*
* View

10
htdocs/compta/stats/byratecountry.php
View File

@ -44,16 +44,16 @@ $modecompta = (GETPOST('modecompta', 'alpha') ? GETPOST('modecompta', 'alpha') :
$year = GETPOST("year", 'int');
$month = GETPOST("month", 'int');
if (empty($year)) {
$year_current = strftime("%Y", dol_now());
$month_current = strftime("%m", dol_now());
$year_current = dol_print_date(dol_now(), '%Y');
$month_current = dol_print_date(dol_now(), '%m');
$year_start = $year_current;
} else {
$year_current = $year;
$month_current = strftime("%m", dol_now());
$month_current = dol_print_date(dol_now(), '%m');
$year_start = $year;
}
$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"));
$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"));
$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel');
$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel');
// Quarter
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
$q = GETPOST("q", "int");

14
htdocs/compta/stats/cabyprodserv.php
View File

@ -52,8 +52,8 @@ if (GETPOST("modecompta")) {
$modecompta = GETPOST("modecompta");
}
$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"];
$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"];
$sortorder = GETPOST("sortorder", 'aZ09');
$sortfield = GETPOST("sortfield", 'aZ09');
if (!$sortorder) {
$sortorder = "asc";
}
@ -89,16 +89,16 @@ $date_endyear = GETPOST("date_endyear");
$date_endmonth = GETPOST("date_endmonth");
$date_endday = GETPOST("date_endday");
if (empty($year)) {
$year_current = strftime("%Y", dol_now());
$month_current = strftime("%m", dol_now());
$year_current = dol_print_date(dol_now(), '%Y');
$month_current = dol_print_date(dol_now(), '%m');
$year_start = $year_current;
} else {
$year_current = $year;
$month_current = strftime("%m", dol_now());
$month_current = dol_print_date(dol_now(), '%m');
$year_start = $year;
}
$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"));
$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"));
$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel');
$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel');
// Quarter
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
$q = GETPOST("q", "int");

30
htdocs/compta/stats/cabyuser.php
View File

@ -51,8 +51,8 @@ if (GETPOST("modecompta")) {
$modecompta = GETPOST("modecompta");
}
$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"];
$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"];
$sortorder = GETPOST("sortorder", 'aZ09');
$sortfield = GETPOST("sortfield", 'aZ09');
if (!$sortorder) {
$sortorder = "asc";
}
@ -61,25 +61,25 @@ if (!$sortfield) {
}
// Date range
$year = GETPOST("year");
$month = GETPOST("month");
$date_startyear = GETPOST("date_startyear");
$date_startmonth = GETPOST("date_startmonth");
$date_startday = GETPOST("date_startday");
$date_endyear = GETPOST("date_endyear");
$date_endmonth = GETPOST("date_endmonth");
$date_endday = GETPOST("date_endday");
$year = GETPOST("year", 'int');
$month = GETPOST("month", 'int');
$date_startyear = GETPOST("date_startyear", 'int');
$date_startmonth = GETPOST("date_startmonth", 'int');
$date_startday = GETPOST("date_startday", 'int');
$date_endyear = GETPOST("date_endyear", 'int');
$date_endmonth = GETPOST("date_endmonth", 'int');
$date_endday = GETPOST("date_endday", 'int');
if (empty($year)) {
$year_current = strftime("%Y", dol_now());
$month_current = strftime("%m", dol_now());
$year_current = dol_print_date(dol_now(), '%Y');
$month_current = dol_print_date(dol_now(), '%m');
$year_start = $year_current;
} else {
$year_current = $year;
$month_current = strftime("%m", dol_now());
$month_current = dol_print_date(dol_now(), '%m');
$year_start = $year;
}
$date_start = dol_mktime(0, 0, 0, $_REQUEST["date_startmonth"], $_REQUEST["date_startday"], $_REQUEST["date_startyear"]);
$date_end = dol_mktime(23, 59, 59, $_REQUEST["date_endmonth"], $_REQUEST["date_endday"], $_REQUEST["date_endyear"]);
$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel');
$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel');
// Quarter
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
$q = GETPOST("q") ?GETPOST("q") : 0;

26
htdocs/compta/stats/casoc.php
View File

@ -44,8 +44,8 @@ if (GETPOST("modecompta")) {
$modecompta = GETPOST("modecompta");
}
$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"];
$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"];
$sortorder = GETPOST("sortorder", 'aZ09');
$sortfield = GETPOST("sortfield", 'aZ09');
if (!$sortorder) {
$sortorder = "asc";
}
@ -83,23 +83,23 @@ $search_societe = GETPOST("search_societe", 'alpha');
$search_zip = GETPOST("search_zip", 'alpha');
$search_town = GETPOST("search_town", 'alpha');
$search_country = GETPOST("search_country", 'alpha');
$date_startyear = GETPOST("date_startyear", 'alpha');
$date_startmonth = GETPOST("date_startmonth", 'alpha');
$date_startday = GETPOST("date_startday", 'alpha');
$date_endyear = GETPOST("date_endyear", 'alpha');
$date_endmonth = GETPOST("date_endmonth", 'alpha');
$date_endday = GETPOST("date_endday", 'alpha');
$date_startyear = GETPOST("date_startyear", 'int');
$date_startmonth = GETPOST("date_startmonth", 'int');
$date_startday = GETPOST("date_startday", 'int');
$date_endyear = GETPOST("date_endyear", 'int');
$date_endmonth = GETPOST("date_endmonth", 'int');
$date_endday = GETPOST("date_endday", 'int');
if (empty($year)) {
$year_current = strftime("%Y", dol_now());
$month_current = strftime("%m", dol_now());
$year_current = dol_print_date(dol_now(), '%Y');
$month_current = dol_print_date(dol_now(), '%m');
$year_start = $year_current;
} else {
$year_current = $year;
$month_current = strftime("%m", dol_now());
$month_current = dol_print_date(dol_now(), '%m');
$year_start = $year;
}
$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"));
$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"));
$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel');
$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel');
// Quarter
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
$q = GETPOST("q", "int") ?GETPOST("q", "int") : 0;

4
htdocs/compta/stats/index.php
View File

@ -51,8 +51,8 @@ if (empty($year)) {
$month_current = dol_print_date(dol_now(), "%m");
$year_start = $year - ($nbofyear - 1);
}
$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear);
$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear);
$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear, 'tzuserrel');
$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear, 'tzuserrel');
// We define date_start and date_end
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end

6
htdocs/compta/stats/supplier_turnover.php
View File

@ -47,8 +47,8 @@ if (empty($year)) {
$month_current = strftime("%m", dol_now());
$year_start = $year - ($nbofyear - 1);
}
$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear);
$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear);
$date_start = dol_mktime(0, 0, 0, $date_startmonth, $date_startday, $date_startyear, 'tzuserrel');
$date_end = dol_mktime(23, 59, 59, $date_endmonth, $date_endday, $date_endyear, 'tzuserrel');
// We define date_start and date_end
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
@ -120,8 +120,6 @@ if (!empty($conf->accounting->enabled)) {
}
/*
* View
*/

40
htdocs/compta/stats/supplier_turnover_by_prodserv.php
View File

@ -30,27 +30,14 @@ require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
// Load translation files required by the page
$langs->loadLangs(array("products", "categories", "errors", 'accountancy'));
// Security pack (data & check)
$socid = GETPOST('socid', 'int');
if ($user->socid > 0) {
$socid = $user->socid;
}
if (!empty($conf->comptabilite->enabled)) {
$result = restrictedArea($user, 'compta', '', '', 'resultat');
}
if (!empty($conf->accounting->enabled)) {
$result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
}
// Define modecompta ('CREANCES-DETTES' or 'RECETTES-DEPENSES')
$modecompta = $conf->global->ACCOUNTING_MODE;
if (GETPOST("modecompta")) {
$modecompta = GETPOST("modecompta");
}
$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"];
$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"];
$sortorder = GETPOST("sortorder", 'aZ09');
$sortfield = GETPOST("sortfield", 'aZ09');
if (!$sortorder) {
$sortorder = "asc";
}
@ -84,16 +71,16 @@ $date_endyear = GETPOST("date_endyear");
$date_endmonth = GETPOST("date_endmonth");
$date_endday = GETPOST("date_endday");
if (empty($year)) {
$year_current = strftime("%Y", dol_now());
$month_current = strftime("%m", dol_now());
$year_current = dol_print_date(dol_now(), '%Y');
$month_current = dol_print_date(dol_now(), '%m');
$year_start = $year_current;
} else {
$year_current = $year;
$month_current = strftime("%m", dol_now());
$month_current = dol_print_date(dol_now(), '%m');
$year_start = $year;
}
$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"));
$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"));
$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel');
$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel');
// Quarter
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
$q = GETPOST("q", "int");
@ -204,6 +191,19 @@ foreach ($allparams as $key => $value) {
$paramslink .= '&'.$key.'='.$value;
}
// Security pack (data & check)
$socid = GETPOST('socid', 'int');
if ($user->socid > 0) {
$socid = $user->socid;
}
if (!empty($conf->comptabilite->enabled)) {
$result = restrictedArea($user, 'compta', '', '', 'resultat');
}
if (!empty($conf->accounting->enabled)) {
$result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
}
/*
* View

36
htdocs/compta/stats/supplier_turnover_by_thirdparty.php
View File

@ -38,8 +38,8 @@ if (GETPOST("modecompta")) {
$modecompta = GETPOST("modecompta");
}
$sortorder = isset($_GET["sortorder"]) ? $_GET["sortorder"] : $_POST["sortorder"];
$sortfield = isset($_GET["sortfield"]) ? $_GET["sortfield"] : $_POST["sortfield"];
$sortorder = GETPOST("sortorder", 'aZ09');
$sortfield = GETPOST("sortfield", 'aZ09');
if (!$sortorder) {
$sortorder = "asc";
}
@ -59,17 +59,6 @@ if (GETPOST('subcat', 'alpha') === 'yes') {
// Hook
$hookmanager->initHooks(array('supplierturnoverbythirdpartylist'));
// Security check
if ($user->socid > 0) {
$socid = $user->socid;
}
if (!empty($conf->comptabilite->enabled)) {
$result = restrictedArea($user, 'compta', '', '', 'resultat');
}
if (!empty($conf->accounting->enabled)) {
$result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
}
// Date range
$year = GETPOST("year", 'int');
$month = GETPOST("month", 'int');
@ -84,16 +73,16 @@ $date_endyear = GETPOST("date_endyear", 'alpha');
$date_endmonth = GETPOST("date_endmonth", 'alpha');
$date_endday = GETPOST("date_endday", 'alpha');
if (empty($year)) {
$year_current = strftime("%Y", dol_now());
$month_current = strftime("%m", dol_now());
$year_current = dol_print_date(dol_now(), '%Y');
$month_current = dol_print_date(dol_now(), '%m');
$year_start = $year_current;
} else {
$year_current = $year;
$month_current = strftime("%m", dol_now());
$month_current = dol_print_date(dol_now(), '%m');
$year_start = $year;
}
$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"));
$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"));
$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzuserrel');
$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzuserrel');
// Quarter
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
$q = GETPOST("q", "int") ?GETPOST("q", "int") : 0;
@ -175,6 +164,17 @@ foreach ($allparams as $key => $value) {
$paramslink .= '&'.$key.'='.$value;
}
// Security check
if ($user->socid > 0) {
$socid = $user->socid;
}
if (!empty($conf->comptabilite->enabled)) {
$result = restrictedArea($user, 'compta', '', '', 'resultat');
}
if (!empty($conf->accounting->enabled)) {
$result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
}
/*
* View

15
htdocs/contact/card.php
View File

@ -8,7 +8,7 @@
* Copyright (C) 2013-2016 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2014 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
* Copyright (C) 2018-2020 Frédéric France <frederic.france@netlogic.fr>
* Copyright (C) 2018-2021 Frédéric France <frederic.france@netlogic.fr>
* Copyright (C) 2019 Josep Lluís Amador <joseplluis@lliuretic.cat>
* Copyright (C) 2020 Open-Dsi <support@open-dsi.fr>
*
@ -1035,7 +1035,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// Unsubscribe
if (!empty($conf->mailing->enabled)) {
if ($conf->use_javascript_ajax && $conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS==-1) {
if ($conf->use_javascript_ajax && isset($conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS) && $conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS == -1) {
print "\n".'<script type="text/javascript" language="javascript">'."\n";
print '
@ -1062,7 +1062,8 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
}
print '<tr>';
print '<td class="noemail"><label for="no_email">'.$langs->trans("No_Email").'</label></td>';
print '<td>'.$form->selectyesno('no_email', (GETPOSTISSET("no_email") ? GETPOST("no_email", 'int') : $object->no_email), 1, false, ($conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS==-1)).'</td>';
$useempty = (isset($conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS) && ($conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS == -1));
print '<td>'.$form->selectyesno('no_email', (GETPOSTISSET("no_email") ? GETPOST("no_email", 'int') : $object->no_email), 1, false, $useempty).'</td>';
print '</tr>';
}
@ -1075,7 +1076,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
if (!empty($value['icon'])) {
print '<span class="fa '.$value['icon'].'"></span>';
}
print '<input type="text" name="'.$key.'" id="'.$key.'" class="minwidth100" maxlength="80" value="'.dol_escape_htmltag(GETPOSTISSET($key) ?GETPOST($key, 'alphanohtml') : $object->socialnetworks[$key]).'">';
print '<input type="text" name="'.$key.'" id="'.$key.'" class="minwidth100" maxlength="80" value="'.dol_escape_htmltag(GETPOSTISSET($key) ?GETPOST($key, 'alphanohtml') : (empty($object->socialnetworks[$key]) ? '' : $object->socialnetworks[$key])).'">';
print '</td>';
print '</tr>';
} elseif (!empty($object->socialnetworks[$key])) {
@ -1469,11 +1470,11 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// Activer
if ($object->statut == 0 && $user->rights->societe->contact->creer) {
print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=enable">'.$langs->trans("Reactivate").'</a>';
print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=enable&token='.newToken().'">'.$langs->trans("Reactivate").'</a>';
}
// Desactiver
if ($object->statut == 1 && $user->rights->societe->contact->creer) {
print '<a class="butActionDelete" href="'.$_SERVER['PHP_SELF'].'?action=disable&id='.$object->id.'">'.$langs->trans("DisableUser").'</a>';
print '<a class="butActionDelete" href="'.$_SERVER['PHP_SELF'].'?action=disable&id='.$object->id.'&token='.newToken().'">'.$langs->trans("DisableUser").'</a>';
}
// Delete
@ -1509,7 +1510,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// Presend form
$modelmail = 'contact';
$defaulttopic = 'Information';
$diroutput = $conf->contact->dir_output;
$diroutput = $conf->societe->dir_output.'/contact/';
$trackid = 'ctc'.$object->id;
include DOL_DOCUMENT_ROOT.'/core/tpl/card_presend.tpl.php';

8
htdocs/contact/document.php
View File

@ -1,7 +1,7 @@
<?php
/* Copyright (C) 2014 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2015 Frederic France <frederic.france@free.fr>
* Copyright (C) 2017 Regis Houssin <regis.houssin@inodbox.com>
/* Copyright (C) 2014 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2015-2021 Frederic France <frederic.france@free.fr>
* Copyright (C) 2017 Regis Houssin <regis.houssin@inodbox.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -107,7 +107,7 @@ if (!empty($conf->global->MAIN_HTML_TITLE) && preg_match('/contactnameonly/', $c
$title = $object->lastname;
}
$help_url = 'EN:Module_Third_Parties|FR:Module_Tiers|ES:Empresas';
llxHeader('', $title, $helpurl);
llxHeader('', $title, $help_url);
if ($object->id) {
$head = contact_prepare_head($object);

5
htdocs/contrat/class/contrat.class.php
View File

@ -9,7 +9,7 @@
* Copyright (C) 2013 Florian Henry <florian.henry@open-concept.pro>
* Copyright (C) 2014-2015 Marcos García <marcosgdf@gmail.com>
* Copyright (C) 2018 Nicolas ZABOURI <info@inovea-conseil.com>
* Copyright (C) 2018-2020 Frédéric France <frederic.france@netlogic.fr>
* Copyright (C) 2018-2021 Frédéric France <frederic.france@netlogic.fr>
* Copyright (C) 2015-2018 Ferran Marcet <fmarcet@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
@ -2001,7 +2001,8 @@ class Contrat extends CommonObject
$label .= ' '.$this->getLibStatut(5);
}*/
$label .= '<br><b>'.$langs->trans('Ref').':</b> '.($this->ref ? $this->ref : $this->id);
$label .= '<br><b>'.$langs->trans('RefCustomer').':</b> '.($this->ref_customer ? $this->ref_customer : $this->ref_client);
$ref_customer = (!empty($this->ref_customer) ? $this->ref_customer : (empty($this->ref_client) ? '' : $this->ref_client));
$label .= '<br><b>'.$langs->trans('RefCustomer').':</b> '.$ref_customer;
$label .= '<br><b>'.$langs->trans('RefSupplier').':</b> '.$this->ref_supplier;
if (!empty($this->total_ht)) {
$label .= '<br><b>'.$langs->trans('AmountHT').':</b> '.price($this->total_ht, 0, $langs, 0, -1, -1, $conf->currency);

2
htdocs/core/ajax/ajaxdirtree.php
View File

@ -288,6 +288,7 @@ if (empty($conf->use_javascript_ajax) || !empty($conf->global->MAIN_ECM_DISABLE_
print '<td class="center">';
$userstatic->id = $val['fk_user_c'];
$userstatic->lastname = $val['login_c'];
$userstatic->statut = $val['statut_c'];
$htmltooltip = '<b>'.$langs->trans("ECMSection").'</b>: '.$val['label'].'<br>';
$htmltooltip = '<b>'.$langs->trans("Type").'</b>: '.$langs->trans("ECMSectionManual").'<br>';
$htmltooltip .= '<b>'.$langs->trans("ECMCreationUser").'</b>: '.$userstatic->getNomUrl(1, '', false, 1).'<br>';
@ -454,6 +455,7 @@ function treeOutputForAbsoluteDir($sqltree, $selecteddir, $fullpathselecteddir,
print '<td class="right" width="18">';
$userstatic->id = isset($val['fk_user_c']) ? $val['fk_user_c'] : 0;
$userstatic->lastname = isset($val['login_c']) ? $val['login_c'] : 0;
$userstatic->statut = isset($val['statut_c']) ? $val['statut_c'] : 0;
$htmltooltip = '<b>'.$langs->trans("ECMSection").'</b>: '.$val['label'].'<br>';
$htmltooltip = '<b>'.$langs->trans("Type").'</b>: '.$langs->trans("ECMSectionManual").'<br>';
$htmltooltip .= '<b>'.$langs->trans("ECMCreationUser").'</b>: '.$userstatic->getNomUrl(1, '', false, 1).'<br>';

12
htdocs/core/ajax/bankconciliate.php
View File

@ -48,10 +48,6 @@ $action = GETPOST('action', 'aZ09');
* View
*/
// Ajout directives pour resoudre bug IE
//header('Cache-Control: Public, must-revalidate');
//header('Pragma: public');
//top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header.
top_httphead();
@ -63,7 +59,7 @@ if (($user->rights->banque->modifier || $user->rights->banque->consolidate) && $
$al->datev_next(GETPOST('rowid', 'int'));
$al->fetch(GETPOST('rowid', 'int'));
print '<span>'.dol_print_date($db->jdate($al->datev), "day").'</span>';
print '<span class="spanforajaxedit" id="datevalue_'.$al->id.'">'.dol_print_date($db->jdate($al->datev), "day").'</span>';
exit;
}
@ -74,7 +70,7 @@ if (($user->rights->banque->modifier || $user->rights->banque->consolidate) && $
$al->datev_previous(GETPOST('rowid', 'int'));
$al->fetch(GETPOST('rowid', 'int'));
print '<span>'.dol_print_date($db->jdate($al->datev), "day").'</span>';
print '<span class="spanforajaxedit" id="datevalue_'.$al->id.'">'.dol_print_date($db->jdate($al->datev), "day").'</span>';
exit;
}
@ -85,7 +81,7 @@ if (($user->rights->banque->modifier || $user->rights->banque->consolidate) && $
$al->dateo_next(GETPOST('rowid', 'int'));
$al->fetch(GETPOST('rowid', 'int'));
print '<span>'.dol_print_date($db->jdate($al->dateo), "day").'</span>';
print '<span class="spanforajaxedit" id="dateoperation_'.$al->id.'">'.dol_print_date($db->jdate($al->dateo), "day").'</span>';
exit;
}
@ -96,7 +92,7 @@ if (($user->rights->banque->modifier || $user->rights->banque->consolidate) && $
$al->dateo_previous(GETPOST('rowid', 'int'));
$al->fetch(GETPOST('rowid', 'int'));
print '<span>'.dol_print_date($db->jdate($al->dateo), "day").'</span>';
print '<span class="spanforajaxedit" id="dateoperation_'.$al->id.'">'.dol_print_date($db->jdate($al->dateo), "day").'</span>';
exit;
}

4
htdocs/core/ajax/selectsearchbox.php
View File

@ -79,6 +79,10 @@ if (!empty($conf->societe->enabled) && empty($conf->global->MAIN_SEARCHFORM_CONT
if (((!empty($conf->product->enabled) && $user->rights->produit->lire) || (!empty($conf->service->enabled) && $user->rights->service->lire))
&& empty($conf->global->MAIN_SEARCHFORM_PRODUITSERVICE_DISABLED)) {
$arrayresult['searchintoproduct'] = array('position'=>30, 'shortcut'=>'P', 'img'=>'object_product', 'label'=>$langs->trans("SearchIntoProductsOrServices", $search_boxvalue), 'text'=>img_picto('', 'object_product').' '.$langs->trans("SearchIntoProductsOrServices", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/product/list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : ''));
// search on lot/serial numbers
if ( ! empty($conf->productbatch->enabled) ) {
$arrayresult['searchintobatch'] = array('position'=>32, 'shortcut'=>'B', 'img'=>'object_plot', 'label'=>$langs->trans("SearchIntoBatch", $search_boxvalue), 'text'=>img_picto('', 'object_lot').' '.$langs->trans("SearchIntoBatch", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/product/stock/productlot_list.php'.($search_boxvalue ? '?sall='.urlencode($search_boxvalue) : ''));
}
}
if (!empty($conf->mrp->enabled) && $user->rights->mrp->read && empty($conf->global->MAIN_SEARCHFORM_MRP_DISABLED)) {

2
htdocs/core/boxes/box_members_by_type.php
View File

@ -34,7 +34,7 @@ class box_members_by_type extends ModeleBoxes
{
public $boxcode = "box_members_by_type";
public $boximg = "object_user";
public $boxlabel = "BoxMembersByType";
public $boxlabel = "BoxTitleMembersByType";
public $depends = array("adherent");
/**

4
htdocs/core/boxes/box_members_subscriptions_by_year.php
View File

@ -34,7 +34,7 @@ class box_members_subscriptions_by_year extends ModeleBoxes
{
public $boxcode = "box_members_subscriptions_by_year";
public $boximg = "object_user";
public $boxlabel = "BoxMembersSubscriptionsByYear";
public $boxlabel = "BoxTitleMembersSubscriptionsByYear";
public $depends = array("adherent");
/**
@ -122,7 +122,7 @@ class box_members_subscriptions_by_year extends ModeleBoxes
$line = 0;
$this->info_box_contents[$line][] = array(
'td' => 'class="liste_titre"',
'td' => 'class=""',
'text' => $langs->trans("Year"),
);
$this->info_box_contents[$line][] = array(

2
htdocs/core/class/commonobject.class.php
View File

@ -860,7 +860,7 @@ abstract class CommonObject
if (!empty($conf->socialnetworks->enabled)) {
$outsocialnetwork = '';
if (is_array($this->socialnetworks) && count($this->socialnetworks) > 0) {
if (!empty($this->socialnetworks) && is_countable($this->socialnetworks) && count($this->socialnetworks) > 0) {
$socialnetworksdict = getArrayOfSocialNetworks();
foreach ($this->socialnetworks as $key => $value) {
if ($value) {

10
htdocs/core/class/conf.class.php
View File

@ -826,23 +826,29 @@ class Conf
unset($this->global->MAIN_NO_CONCAT_DESCRIPTION);
}
// For backward compatibility
// product is new use
if (isset($this->product)) {
// For backward compatibility
$this->produit = $this->product;
}
// invoice is new use, facture is old use still initialised
if (isset($this->facture)) {
$this->invoice = $this->facture;
}
// order is new use, commande is old use still initialised
if (isset($this->commande)) {
$this->order = $this->commande;
}
// contract is new use, contrat is old use still initialised
if (isset($this->contrat)) {
$this->contract = $this->contrat;
}
// category is new use, categorie is old use still initialised
if (isset($this->categorie)) {
$this->category = $this->categorie;
}
if (isset($this->project)) {
// project is new use, projet is old use still initialised
if (isset($this->projet) && !isset($this->project)) {
$this->project = $this->projet;
}

2
htdocs/core/class/emailsenderprofile.class.php
View File

@ -54,7 +54,7 @@ class EmailSenderProfile extends CommonObject
/**
* @var string String with name of icon for emailsenderprofile
*/
public $picto = 'emailsenderprofile@monmodule';
public $picto = 'emailsenderprofile';
const STATUS_DISABLED = 0;

2
htdocs/core/class/html.formother.class.php
View File

@ -362,7 +362,7 @@ class FormOther
if (!is_numeric($showempty)) {
$textforempty = $showempty;
}
$moreforfilter .= '<option class="optiongrey" '.($moreparamonempty ? $moreparamonempty.' ' : '').'value="'.($showempty < 0 ? $showempty : -1).'"'.($selected == $showempty ? ' selected' : '').'>'.$textforempty.'</option>'."\n";
$moreforfilter .= '<option class="optiongrey" value="'.($showempty < 0 ? $showempty : -1).'"'.($selected == $showempty ? ' selected' : '').'>'.$textforempty.'</option>'."\n";
//$moreforfilter .= '<option value="0" '.($moreparamonempty ? $moreparamonempty.' ' : '').' class="optiongrey">'.(is_numeric($showempty) ? '&nbsp;' : $showempty).'</option>'; // Should use -1 to say nothing
}

3
htdocs/core/lib/admin.lib.php
View File

@ -1886,7 +1886,8 @@ function email_admin_prepare_head()
}
}
if (!empty($user->admin) && (empty($_SESSION['leftmenu']) || $_SESSION['leftmenu'] != 'email_templates')) {
// admin and non admin can view this menu entry, but it is not shown yet when we on user menu "Email templates"
if (empty($_SESSION['leftmenu']) || $_SESSION['leftmenu'] != 'email_templates') {
$head[$h][0] = DOL_URL_ROOT."/admin/mails_senderprofile_list.php";
$head[$h][1] = $langs->trans("EmailSenderProfiles");
$head[$h][2] = 'senderprofiles';

3
htdocs/core/lib/company.lib.php
View File

@ -1190,7 +1190,7 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '')
$obj = $db->fetch_object($result);
$contactstatic->id = $obj->rowid;
$contactstatic->ref = $obj->ref;
$contactstatic->ref = $obj->rowid;
$contactstatic->statut = $obj->statut;
$contactstatic->lastname = $obj->lastname;
$contactstatic->firstname = $obj->firstname;
@ -1204,7 +1204,6 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '')
$contactstatic->phone_mobile = $obj->phone_mobile;
$contactstatic->phone_perso = $obj->phone_perso;
$contactstatic->email = $obj->email;
$contactstatic->web = $obj->web;
$contactstatic->socialnetworks = $obj->socialnetworks;
$contactstatic->photo = $obj->photo;

4
htdocs/core/lib/contact.lib.php
View File

@ -1,7 +1,7 @@
<?php
/* Copyright (C) 2006-2010 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2010-2017 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2015 Frederic France <frederic.france@free.fr>
* Copyright (C) 2015-2021 Frederic France <frederic.france@netlogic.fr>
* Copyright (C) 2015 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
*
* This program is free software; you can redistribute it and/or modify
@ -98,7 +98,7 @@ function contact_prepare_head(Contact $object)
// Agenda / Events
$head[$tab][0] = DOL_URL_ROOT.'/contact/agenda.php?id='.$object->id;
$head[$tab][1] .= $langs->trans("Events");
$head[$tab][1] = $langs->trans("Events");
if (!empty($conf->agenda->enabled) && (!empty($user->rights->agenda->myactions->read) || !empty($user->rights->agenda->allactions->read))) {
$head[$tab][1] .= '/';
$head[$tab][1] .= $langs->trans("Agenda");

20
htdocs/core/lib/functions.lib.php
View File

@ -1876,7 +1876,7 @@ function dol_banner_tab($object, $paramid, $morehtml = '', $shownav = 1, $fieldi
}
}
if (!$phototoshow) { // Show No photo link (picto of object)
if (empty($phototoshow)) { // Show No photo link (picto of object)
$morehtmlleft .= '<div class="floatleft inline-block valignmiddle divphotoref">';
if ($object->element == 'action') {
$width = 80;
@ -2069,33 +2069,33 @@ function dol_format_address($object, $withcountry = 0, $sep = "\n", $outputlangs
// See format of addresses on https://en.wikipedia.org/wiki/Address
// Address
if (empty($mode)) {
$ret .= ($extralangcode ? $object->array_languages['address'][$extralangcode] : $object->address);
$ret .= ($extralangcode ? $object->array_languages['address'][$extralangcode] : (empty($object->address) ? '' : $object->address));
}
// Zip/Town/State
if (isset($object->country_code) && in_array($object->country_code, array('AU', 'CA', 'US')) || !empty($conf->global->MAIN_FORCE_STATE_INTO_ADDRESS)) {
// US: title firstname name \n address lines \n town, state, zip \n country
$town = ($extralangcode ? $object->array_languages['town'][$extralangcode] : $object->town);
$town = ($extralangcode ? $object->array_languages['town'][$extralangcode] : (empty($object->town) ? '' : $object->town));
$ret .= ($ret ? $sep : '').$town;
if (!empty($object->state)) {
$ret .= ($ret ? ", " : '').$object->state;
}
if ($object->zip) {
if (!empty($object->zip)) {
$ret .= ($ret ? ", " : '').$object->zip;
}
} elseif (isset($object->country_code) && in_array($object->country_code, array('GB', 'UK'))) {
// UK: title firstname name \n address lines \n town state \n zip \n country
$town = ($extralangcode ? $object->array_languages['town'][$extralangcode] : $object->town);
$town = ($extralangcode ? $object->array_languages['town'][$extralangcode] : (empty($object->town) ? '' : $object->town));
$ret .= ($ret ? $sep : '').$town;
if (!empty($object->state)) {
$ret .= ($ret ? ", " : '').$object->state;
}
if ($object->zip) {
if (!empty($object->zip)) {
$ret .= ($ret ? $sep : '').$object->zip;
}
} elseif (isset($object->country_code) && in_array($object->country_code, array('ES', 'TR'))) {
// ES: title firstname name \n address lines \n zip town \n state \n country
$ret .= ($ret ? $sep : '').$object->zip;
$town = ($extralangcode ? $object->array_languages['town'][$extralangcode] : $object->town);
$town = ($extralangcode ? $object->array_languages['town'][$extralangcode] : (empty($object->town) ? '' : $object->town));
$ret .= ($town ? (($object->zip ? ' ' : '').$town) : '');
if (!empty($object->state)) {
$ret .= "\n".$object->state;
@ -2103,12 +2103,12 @@ function dol_format_address($object, $withcountry = 0, $sep = "\n", $outputlangs
} elseif (isset($object->country_code) && in_array($object->country_code, array('IT'))) {
// IT: tile firstname name\n address lines \n zip (Code Departement) \n country
$ret .= ($ret ? $sep : '').$object->zip;
$town = ($extralangcode ? $object->array_languages['town'][$extralangcode] : $object->town);
$town = ($extralangcode ? $object->array_languages['town'][$extralangcode] : (empty($object->town) ? '' : $object->town));
$ret .= ($town ? (($object->zip ? ' ' : '').$town) : '');
$ret .= (empty($object->state_code) ? '' : (' '.$object->state_code));
} else { // Other: title firstname name \n address lines \n zip town \n country
$town = ($extralangcode ? $object->array_languages['town'][$extralangcode] : $object->town);
$ret .= $object->zip ? (($ret ? $sep : '').$object->zip) : '';
$town = ($extralangcode ? $object->array_languages['town'][$extralangcode] : (empty($object->town) ? '' : $object->town));
$ret .= !empty($object->zip) ? (($ret ? $sep : '').$object->zip) : '';
$ret .= ($town ? (($object->zip ? ' ' : ($ret ? $sep : '')).$town) : '');
if (!empty($object->state) && in_array($object->country_code, $countriesusingstate)) {
$ret .= ($ret ? ", " : '').$object->state;

2
htdocs/core/lib/security.lib.php
View File

@ -621,7 +621,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand
}
} elseif (in_array($feature, $checksoc)) { // We check feature = checksoc
// If external user: Check permission for external users
if ($user->socid > 0 && empty($conf->global->MAIN_EXTERNAL_USERS_CAN_SEE_SUBSIDIARY_COMPANIES)) {
if ($user->socid > 0) {
if ($user->socid <> $objectid) {
return false;
}

4
htdocs/core/modules/modBarcode.class.php
View File

@ -79,13 +79,13 @@ class modBarcode extends DolibarrModules
$this->rights = array();
$this->rights_class = 'barcode';
$this->rights[1][0] = 300; // id de la permission
$this->rights[1][0] = 301; // id de la permission
$this->rights[1][1] = 'Read barcodes'; // libelle de la permission
$this->rights[1][2] = 'r'; // type de la permission (deprecie a ce jour)
$this->rights[1][3] = 1; // La permission est-elle une permission par defaut
$this->rights[1][4] = 'lire_advance';
$this->rights[2][0] = 301; // id de la permission
$this->rights[2][0] = 302; // id de la permission
$this->rights[2][1] = 'Create/modify barcodes'; // libelle de la permission
$this->rights[2][2] = 'w'; // type de la permission (deprecie a ce jour)
$this->rights[2][3] = 0; // La permission est-elle une permission par defaut

2
htdocs/core/modules/modBlockedLog.class.php
View File

@ -92,7 +92,7 @@ class modBlockedLog extends DolibarrModules
$this->always_enabled = (!empty($conf->blockedlog->enabled)
&& !empty($conf->global->BLOCKEDLOG_DISABLE_NOT_ALLOWED_FOR_COUNTRY)
&& in_array($mysoc->country_code, explode(',', $conf->global->BLOCKEDLOG_DISABLE_NOT_ALLOWED_FOR_COUNTRY))
&& in_array((empty($mysoc->country_code) ? '' : $mysoc->country_code), explode(',', $conf->global->BLOCKEDLOG_DISABLE_NOT_ALLOWED_FOR_COUNTRY))
&& $this->alreadyUsed());
// Constants

4
htdocs/core/tpl/admin_extrafields_add.tpl.php
View File

@ -204,8 +204,8 @@ $listofexamplesforlink = 'Societe:societe/class/societe.class.php<br>Contact:con
<!-- Totalizable -->
<tr class="extra_totalizable"><td><?php echo $langs->trans("Totalizable"); ?></td><td class="valeur"><input id="totalizable" type="checkbox" name="totalizable"<?php echo ((GETPOST('totalizable', 'alpha') || GETPOST('button', 'alpha')) ? ' checked' : ''); ?>></td></tr>
<!-- Help tooltip -->
<tr class="help"><td><?php echo $form->textwithpicto($langs->trans("HelpOnTooltip"), $langs->trans("HelpOnTooltipDesc")); ?></td><td class="valeur"><input id="help" class="quatrevingtpercent" type="text" name="help" value="<?php echo dol_escape_htmltag($help); ?>"></td></tr>
<?php if ($conf->multicompany->enabled) { ?>
<tr class="help"><td><?php echo $form->textwithpicto($langs->trans("HelpOnTooltip"), $langs->trans("HelpOnTooltipDesc")); ?></td><td class="valeur"><input id="help" class="quatrevingtpercent" type="text" name="help" value="<?php echo dol_escape_htmltag((empty($help) ? '' : $help)); ?>"></td></tr>
<?php if (empty($conf->multicompany->enabled)) { ?>
<!-- Multicompany entity -->
<tr><td><?php echo $langs->trans("AllEntities"); ?></td><td class="valeur"><input id="entitycurrentorall" type="checkbox" name="entitycurrentorall"<?php echo (GETPOST('entitycurrentorall', 'alpha') ? '' : ' checked'); ?>></td></tr>
<?php } ?>

4
htdocs/core/tpl/admin_extrafields_edit.tpl.php
View File

@ -141,7 +141,7 @@ $listofexamplesforlink = 'Societe:societe/class/societe.class.php<br>Contact:con
<input type="hidden" name="token" value="<?php echo newToken(); ?>">
<input type="hidden" name="attrname" value="<?php echo $attrname; ?>">
<input type="hidden" name="action" value="update">
<input type="hidden" name="rowid" value="<?php echo $rowid ?>">
<input type="hidden" name="rowid" value="<?php echo (empty($rowid) ? '' : $rowid) ?>">
<input type="hidden" name="enabled" value="<?php echo $extrafields->attributes[$elementtype]['enabled'][$attrname]; ?>">
<?php print dol_get_fiche_head(); ?>
@ -295,7 +295,7 @@ if (in_array($type, array_keys($typewecanchangeinto))) {
<!-- Help tooltip -->
<tr class="help"><td><?php echo $form->textwithpicto($langs->trans("HelpOnTooltip"), $langs->trans("HelpOnTooltipDesc")); ?></td><td class="valeur"><input id="help" class="quatrevingtpercent" type="text" name="help" value="<?php echo dol_escape_htmltag($help); ?>"></td></tr>
<?php if ($conf->multicompany->enabled) { ?>
<?php if (empty($conf->multicompany->enabled)) { ?>
<!-- Multicompany entity -->
<tr><td><?php echo $langs->trans("AllEntities"); ?></td><td class="valeur"><input id="entitycurrentorall" type="checkbox" name="entitycurrentorall"<?php echo (empty($entitycurrentorall) ? ' checked' : ''); ?>></td></tr>
<?php } ?>

Some files were not shown because too many files have changed in this diff Show More