From 2c46410675cfa62b3e6516e1ab9c93e97a3c5255 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 1 Sep 2022 11:18:46 +0200 Subject: [PATCH 1/4] FIX list of email in public ticket interface --- .../modulebuilder/template/myobject_list.php | 2 +- htdocs/public/ticket/list.php | 30 ++++++++++--------- htdocs/ticket/list.php | 11 ++++--- 3 files changed, 24 insertions(+), 19 deletions(-) diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index 6f9b266a8c1..5d4ae896134 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -434,7 +434,7 @@ if ($limit > 0 && $limit != $conf->liste_limit) { $param .= '&limit='.urlencode($limit); } foreach ($search as $key => $val) { - if (is_array($search[$key]) && count($search[$key])) { + if (is_array($search[$key])) { foreach ($search[$key] as $skey) { if ($skey != '') { $param .= '&search_'.$key.'[]='.urlencode($skey); diff --git a/htdocs/public/ticket/list.php b/htdocs/public/ticket/list.php index 8a353eea881..c43ae59abb4 100644 --- a/htdocs/public/ticket/list.php +++ b/htdocs/public/ticket/list.php @@ -345,25 +345,25 @@ if ($action == "view_ticketlist") { } } $sql .= " FROM ".MAIN_DB_PREFIX."ticket as t"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_type as type ON type.code=t.type_code"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_category as category ON category.code=t.category_code"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid=t.fk_soc"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as uc ON uc.rowid=t.fk_user_create"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as ua ON ua.rowid=t.fk_user_assign"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."element_contact as ec ON ec.element_id=t.rowid"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_contact as tc ON ec.fk_c_type_contact=tc.rowid"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople sp ON ec.fk_socpeople=sp.rowid"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_type as type ON type.code = t.type_code"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_category as category ON category.code = t.category_code"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code = t.severity_code"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = t.fk_soc"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as uc ON uc.rowid = t.fk_user_create"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as ua ON ua.rowid = t.fk_user_assign"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."element_contact as ec ON ec.element_id = t.rowid"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_contact as tc ON ec.fk_c_type_contact = tc.rowid"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople sp ON ec.fk_socpeople = sp.rowid"; if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."ticket_extrafields as ef on (t.rowid = ef.fk_object)"; } $sql .= " WHERE t.entity IN (".getEntity('ticket').")"; $sql .= " AND ((tc.source = 'external'"; - $sql .= " AND tc.element='".$db->escape($object->dao->element)."'"; - $sql .= " AND tc.active=1)"; - $sql .= " OR (sp.email='".$db->escape($_SESSION['email_customer'])."'"; - $sql .= " OR s.email='".$db->escape($_SESSION['email_customer'])."'"; - $sql .= " OR t.origin_email='".$db->escape($_SESSION['email_customer'])."'))"; + $sql .= " AND tc.element='".$db->escape($object->element)."'"; + $sql .= " AND tc.active=1"; + $sql .= " AND sp.email='".$db->escape($_SESSION['email_customer'])."')"; // email found into an external contact + $sql .= " OR s.email='".$db->escape($_SESSION['email_customer'])."'"; // or email of the linked company + $sql .= " OR t.origin_email='".$db->escape($_SESSION['email_customer'])."')"; // or email of the requester // Manage filter if (!empty($filter)) { foreach ($filter as $key => $value) { @@ -696,6 +696,8 @@ if ($action == "view_ticketlist") { } '; } + } else { + dol_print_error($db); } } else { print '
Not Allowed
'.$langs->trans('Back').'
'; diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index f489c9218fc..d80d44813e0 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -140,7 +140,7 @@ foreach ($object->fields as $key => $val) { $arrayfields['t.'.$key] = array( 'label'=>$val['label'], 'checked'=>(($visible < 0) ? 0 : 1), - 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1, 1, '1')), + 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), 'position'=>$val['position'], 'help'=> isset($val['help']) ? $val['help'] : '' ); @@ -621,8 +621,8 @@ if ($limit > 0 && $limit != $conf->liste_limit) { $param .= '&limit='.urlencode($limit); } foreach ($search as $key => $val) { - if (is_array($val) && count($val)) { - foreach ($val as $skey) { + if (is_array($search[$key])) { + foreach ($search[$key] as $skey) { if ($skey != '') { $param .= (!empty($val)) ? '&search_'.$key.'[]='.urlencode($skey) : ""; } @@ -746,10 +746,13 @@ $trackid = 'tic'.$object->id; include DOL_DOCUMENT_ROOT.'/core/tpl/massactions_pre.tpl.php'; if ($search_all) { + $setupstring = ''; foreach ($fieldstosearchall as $key => $val) { $fieldstosearchall[$key] = $langs->trans($val); + $setupstring .= $key."=".$val.";"; } - print '
'.$langs->trans("FilterOnInto", $search_all).join(', ', $fieldstosearchall).'
'; + print ''."\n"; + print '
'.$langs->trans("FilterOnInto", $search_all).join(', ', $fieldstosearchall).'
'."\n"; } $moreforfilter = ''; From 831420b8e1bf7ab5445adf76837511110788c364 Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Fri, 2 Sep 2022 10:42:27 +0200 Subject: [PATCH 2/4] FIX: bad bookmark save --- htdocs/bookmarks/bookmarks.lib.php | 45 +++++++++++++++++++----------- 1 file changed, 28 insertions(+), 17 deletions(-) diff --git a/htdocs/bookmarks/bookmarks.lib.php b/htdocs/bookmarks/bookmarks.lib.php index f8daff1cd14..ca0f1486db1 100644 --- a/htdocs/bookmarks/bookmarks.lib.php +++ b/htdocs/bookmarks/bookmarks.lib.php @@ -36,28 +36,39 @@ function printDropdownBookmarksList() $langs->load("bookmarks"); + $authorized_var=array('page','limit','optioncss','contextpage'); $url = $_SERVER["PHP_SELF"]; - + $url_param=array(); if (!empty($_SERVER["QUERY_STRING"])) { - $url .= (dol_escape_htmltag($_SERVER["QUERY_STRING"]) ? '?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]) : ''); - } else { - global $sortfield, $sortorder; - $tmpurl = ''; - // No urlencode, all param $url will be urlencoded later - if ($sortfield) { - $tmpurl .= ($tmpurl ? '&' : '').'sortfield='.urlencode($sortfield); - } - if ($sortorder) { - $tmpurl .= ($tmpurl ? '&' : '').'sortorder='.urlencode($sortorder); - } - if (is_array($_POST)) { - foreach ($_POST as $key => $val) { - if (preg_match('/^search_/', $key) && $val != '') { - $tmpurl .= ($tmpurl ? '&' : '').http_build_query(array($key => $val)); + if (is_array($_GET)) { + foreach ($_GET as $key => $val) { + if ($val != '') { + $url_param[$key]=http_build_query(array($key => $val)); } } } - $url .= ($tmpurl ? '?'.$tmpurl : ''); + } + global $sortfield, $sortorder; + $tmpurl = ''; + // No urlencode, all param $url will be urlencoded later + if ($sortfield) { + $tmpurl .= ($tmpurl ? '&' : '').'sortfield='.urlencode($sortfield); + } + if ($sortorder) { + $tmpurl .= ($tmpurl ? '&' : '').'sortorder='.urlencode($sortorder); + } + if (is_array($_POST)) { + foreach ($_POST as $key => $val) { + if ((preg_match('/^search_/', $key) || in_array($key, $authorized_var)) + && $val != '' + && !array_key_exists($key, $url_param)) { + $url_param[$key]=http_build_query(array($key => $val)); + } + } + } + $url .= ($tmpurl ? '?'.$tmpurl : ''); + if (!empty($url_param)) { + $url .= '&'.implode('&', $url_param); } $searchForm = ''."\n"; From 8a44b1ab2bfd964e2e2e6b00558b4bc394d0ee05 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 2 Sep 2022 10:55:15 +0200 Subject: [PATCH 3/4] Update bookmarks.lib.php --- htdocs/bookmarks/bookmarks.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/bookmarks/bookmarks.lib.php b/htdocs/bookmarks/bookmarks.lib.php index ca0f1486db1..72fc0a9b51e 100644 --- a/htdocs/bookmarks/bookmarks.lib.php +++ b/htdocs/bookmarks/bookmarks.lib.php @@ -36,7 +36,7 @@ function printDropdownBookmarksList() $langs->load("bookmarks"); - $authorized_var=array('page','limit','optioncss','contextpage'); + $authorized_var=array('limit','optioncss','contextpage'); $url = $_SERVER["PHP_SELF"]; $url_param=array(); if (!empty($_SERVER["QUERY_STRING"])) { From 9d85eb1b7f828e682de7fe100ba7135d53a32500 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 2 Sep 2022 10:57:47 +0200 Subject: [PATCH 4/4] Update bookmarks.lib.php --- htdocs/bookmarks/bookmarks.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/bookmarks/bookmarks.lib.php b/htdocs/bookmarks/bookmarks.lib.php index 72fc0a9b51e..8eef3396eaa 100644 --- a/htdocs/bookmarks/bookmarks.lib.php +++ b/htdocs/bookmarks/bookmarks.lib.php @@ -43,7 +43,7 @@ function printDropdownBookmarksList() if (is_array($_GET)) { foreach ($_GET as $key => $val) { if ($val != '') { - $url_param[$key]=http_build_query(array($key => $val)); + $url_param[$key]=http_build_query(array(dol_escape_htmltag($key) => dol_escape_htmltag($val))); } } } @@ -62,7 +62,7 @@ function printDropdownBookmarksList() if ((preg_match('/^search_/', $key) || in_array($key, $authorized_var)) && $val != '' && !array_key_exists($key, $url_param)) { - $url_param[$key]=http_build_query(array($key => $val)); + $url_param[$key]=http_build_query(array(dol_escape_htmltag($key) => dol_escape_htmltag($val))); } } }