Fix #yogosha5756

2021-03-29 21:30:26 +02:00 · 2021-03-29 21:30:26 +02:00 · 1d87f060dc
commit 1d87f060dc
parent d93fbcd00b
3 changed files with 14 additions and 109 deletions
--- a/htdocs/expensereport/ajax/ajaxik.php
+++ b/htdocs/expensereport/ajax/ajaxik.php
@ -17,7 +17,7 @@
 */
 /**
- *       \file       htdocs/expensereport/ajax/ajaxprojet.php
+ *       \file       htdocs/expensereport/ajax/ajaxik.php
 *       \ingroup    expensereport
 *       \brief      File to return Ajax response on third parties request
 */
@ -49,6 +49,12 @@ require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport_ik.class.php'
 // Load translation files required by the page
 $langs->loadlangs(array('errors', 'trips'));
 $fk_expense = GETPOST('fk_expense', 'int');
 $fk_c_exp_tax_cat = GETPOST('fk_c_exp_tax_cat', 'int');
 // Security check
 $result = restrictedArea($user, 'expensereport', $fk_expense, 'expensereport');
 /*
 * View
@ -56,9 +62,6 @@ $langs->loadlangs(array('errors', 'trips'));
 top_httphead();
 $fk_expense = GETPOST('fk_expense', 'int');
 $fk_c_exp_tax_cat = GETPOST('fk_c_exp_tax_cat', 'int');
 if (empty($fk_expense) || $fk_expense < 0) {
 	echo json_encode(array('error' => $langs->transnoentitiesnoconv('ErrorBadValueForParameter', $fk_expense, 'fk_expense')));
 } elseif (empty($fk_c_exp_tax_cat) || $fk_c_exp_tax_cat < 0) {
--- a/htdocs/expensereport/ajax/ajaxprojet.php
+++ b/htdocs/expensereport/ajax/ajaxprojet.php
@ -1,95 +0,0 @@
 <?php
 /* Copyright (C) 2006      Andre Cianfarani     <acianfa@free.fr>
 * Copyright (C) 2005-2009 Regis Houssin        <regis.houssin@inodbox.com>
 * Copyright (C) 2007-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2010      Cyrille de Lambert   <info@auguria.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <https://www.gnu.org/licenses/>.
 */
 /**
 *       \file       htdocs/expensereport/ajax/ajaxprojet.php
 *       \ingroup    expensereport
 *       \brief      File to return Ajax response on third parties request
 */
 if (!defined('NOTOKENRENEWAL')) {
 	define('NOTOKENRENEWAL', 1); // Disables token renewal
 }
 if (!defined('NOREQUIREMENU')) {
 	define('NOREQUIREMENU', '1');
 }
 if (!defined('NOREQUIREHTML')) {
 	define('NOREQUIREHTML', '1');
 }
 if (!defined('NOREQUIREAJAX')) {
 	define('NOREQUIREAJAX', '1');
 }
 if (!defined('NOREQUIRESOC')) {
 	define('NOREQUIRESOC', '1');
 }
 if (!defined('NOCSRFCHECK')) {
 	define('NOCSRFCHECK', '1');
 }
 $res = 0;
 require '../../main.inc.php';
 /*
 * View
 */
 // Ajout directives pour resoudre bug IE
 //header('Cache-Control: Public, must-revalidate');
 //header('Pragma: public');
 //top_htmlhead("", "", 1);  // Replaced with top_httphead. An ajax page does not need html header.
 top_httphead();
 //print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
 dol_syslog(join(',', $_GET));
 // Generation liste des projets
 if (GETPOST('fk_projet') != '') {
 	$return_arr = array();
 	$sql = "SELECT p.rowid, p.ref, p.title, s.nom";
 	$sql .= " FROM ".MAIN_DB_PREFIX."projet as p";
 	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid";
 	if (!empty($_GET["fk_projet"])) {
 		$sql .= " WHERE p.ref LIKE '%".$db->escape($_GET["fk_projet"])."%' OR p.title LIKE '%".$db->escape($_GET["fk_projet"])."%' OR s.nom LIKE '%".$db->escape($_GET["fk_projet"])."%'"; // Add other filters
 	}
 	$sql .= " ORDER BY p.ref ASC";
 	$resql = $db->query($sql);
 	if ($resql) {
 		while ($row = $db->fetch_array($resql)) {
 			$label = $row['ref'].' - '.$row['title'];
 			$row_array['label'] = $label;
 			$row_array['value'] = $label;
 			$row_array['key'] = $row['rowid'];
 			array_push($return_arr, $row_array);
 		}
 		echo json_encode($return_arr);
 	} else {
 		echo json_encode(array('nom'=>'Error', 'label'=>'Error', 'key'=>'Error', 'value'=>'Error'));
 	}
 } else {
 	echo json_encode(array('nom'=>'ErrorBadParameter', 'label'=>'ErrorBadParameter', 'key'=>'ErrorBadParameter', 'value'=>'ErrorBadParameter'));
 }
--- a/htdocs/expensereport/card.php
+++ b/htdocs/expensereport/card.php
@ -67,14 +67,6 @@ $socid = GETPOST('socid', 'int') ?GETPOST('socid', 'int') : GETPOST('socid_id',
 $childids = $user->getAllChildIds(1);
 // Security check
 $id = GETPOST("id", 'int');
 if ($user->socid) {
 	$socid = $user->socid;
 }
 $result = restrictedArea($user, 'expensereport', $id, 'expensereport');
 // Hack to use expensereport dir
 $rootfordata = DOL_DATA_ROOT;
 $rootforuser = DOL_DATA_ROOT;
@ -111,10 +103,8 @@ $permissionnote = $user->rights->expensereport->creer; // Used by the include of
 $permissiondellink = $user->rights->expensereport->creer; // Used by the include of actions_dellink.inc.php
 $permissiontoadd = $user->rights->expensereport->creer; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
 $upload_dir = $conf->expensereport->dir_output.'/'.dol_sanitizeFileName($object->ref);
 if ($object->id > 0) {
 	// Check current user can read this expense report
 	$canread = 0;
@ -129,6 +119,13 @@ if ($object->id > 0) {
 	}
 }
 // Security check
 $id = GETPOST("id", 'int');
 if ($user->socid) {
 	$socid = $user->socid;
 }
 $result = restrictedArea($user, 'expensereport', $object->id, 'expensereport');
 /*
 * Actions