diff --git a/ChangeLog b/ChangeLog index 375e298a72e..8c52db8af69 100644 --- a/ChangeLog +++ b/ChangeLog @@ -135,7 +135,7 @@ NEW: we need to be able to put more filters on deleteByParentField() function NEW: make it easier to set the `keyword`, `keywords` and `description` attributes of an ecm file object NEW: Experimental feature to manage user sessions in database NEW: Hidden option API_DISABLE_COMPRESSION is now visible in API setup page. - +NEW: Add hook printUnderHeaderPDFline on invoice PDF templates (can be used for example to add a barcode or more information on header of invoices). Following changes may create regressions for some external modules, but were necessary to make Dolibarr better: * Update hook 'printOriginObjectLine', removed check on product type and special code. Need now reshook. @@ -152,6 +152,41 @@ Following changes may create regressions for some external modules, but were nec you can use hook 'setLinkedObjectSourceTargetType' to set your usual targettype +***** ChangeLog for 14.0.5 compared to 14.0.4 ***** + +FIX: 13.0: printFieldListWhere called twice on same query +FIX: 14.0.4 fatal error on cron list. +FIX: #19476 +FIX: #19564 +FIX: #19651 +FIX: Accountancy - SQL error on subledger account search in journal +FIX: apply eldy's suggestion to not overwrite existing extrafields of $line +FIX: Can't close a down payment if paid with credit notes. +FIX: better compatibility with multicompany +FIX: contact card: bad colspan value for separator extrafield in creation/modification form +FIX: discounts are applied both when fetching the best supplier price and when displaying it +FIX: double display for contact categorie on societe create card +FIX: fatal error on cron list. +FIX: holiday list: only mass delete if leave request is not in draft, canceled or refused, like in card +FIX: holiday mass deletion: correct return of record deleted +FIX: Holiday month report +FIX: info tab on customer invoice record not found +FIX: line extrafields are inoperative in dispatch cards even when they exist +FIX: list of categories in stats of supplier invoices +FIX: missing default value for more comprehensive +FIX: multicurrency: fields in discount unitialized when creating deposit +FIX: Navigation on bank transaction list +FIX: Can't edit a bank transaction due to bad permission check. +FIX: Option MAIN_DIRECT_STATUS_UPDATE broken. Ajax on/off not saving value in DB after updating to version >=12 +FIX: postgresql compatibility, "" as is not authorized +FIX: printFieldListWhere called twice (at different locations) for the same SQL query, can result in syntax errors +FIX: select too large into addrights (pb of missing parenthesis) +FIX: set optional from post, we can't untick boolean field on product card +FIX: Take into consideration work leave over serveral months +FIX: test if method exist on wrong object +FIX: title for nature of third party in company list +FIX: Urgent onglet contact inaccessible depuis une facture +FIX: wrong syntax of sql request ***** ChangeLog for 14.0.4 compared to 14.0.3 ***** diff --git a/htdocs/admin/system/filecheck.php b/htdocs/admin/system/filecheck.php index 5ca87663c7a..1f183e1b730 100644 --- a/htdocs/admin/system/filecheck.php +++ b/htdocs/admin/system/filecheck.php @@ -119,9 +119,9 @@ if (dol_is_file($xmlfile)) { print ''; print '
'; } else { - print ' '.$langs->trans("LocalSignature").' = '; + print ' '; print '
'; } print ''."\n"; @@ -129,7 +129,7 @@ if ($enableremotecheck) { print ' = '; print '
'; } else { - print ' '.$langs->trans("RemoteSignature").' = '.dol_escape_htmltag($xmlremote); + print ' '.$langs->trans("RemoteSignature").' = '.dol_escape_htmltag($xmlremote); if (!GETPOST('xmlremote')) { print ' ('.$langs->trans("FeatureAvailableOnlyOnStable").')'; } diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 7456a13146d..5a0adb02d4a 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -1736,7 +1736,7 @@ if ($resql) { print ''; if ($contextpage == 'poslist') { - print $obj->ref; + print dol_escape_htmltag($obj->ref); } else { print $facturestatic->getNomUrl(1, '', 200, 0, '', 0, 1); } @@ -1758,7 +1758,7 @@ if ($resql) { // Customer ref if (!empty($arrayfields['f.ref_client']['checked'])) { print ''; - print $obj->ref_client; + print dol_escape_htmltag($obj->ref_client); print ''; if (!$i) { $totalarray['nbfield']++; @@ -1823,7 +1823,7 @@ if ($resql) { if (!empty($arrayfields['p.title']['checked'])) { print ''; if ($obj->project_id > 0) { - print $projectstatic->title; + print dol_escape_htmltag($projectstatic->title); } print ''; if (!$i) { @@ -1835,9 +1835,9 @@ if ($resql) { if (!empty($arrayfields['s.nom']['checked'])) { print ''; if ($contextpage == 'poslist') { - print $companystatic->name; + print dol_escape_htmltag($companystatic->name); } else { - print $companystatic->getNomUrl(1, 'customer'); + print $companystatic->getNomUrl(1, 'customer', 0, 0, -1, empty($arrayfields['s.name_alias']['checked']) ? 0 : 1); } print ''; if (!$i) { @@ -1846,8 +1846,8 @@ if ($resql) { } // Alias if (!empty($arrayfields['s.name_alias']['checked'])) { - print ''; - print dol_escape_htmltag((!empty($obj->name_alias) ? $obj->name_alias : '')); + print ''; + print dol_escape_htmltag($companystatic->name_alias); print ''; if (!$i) { $totalarray['nbfield']++; @@ -1903,10 +1903,10 @@ if ($resql) { // Staff if (!empty($arrayfields['staff.code']['checked'])) { print ''; - if (!is_array($staffArray) || count($staffArray) == 0) { - $staffArray = $formcompany->effectif_array(1); + if (!is_array($conf->cache['staff']) || count($conf->cache['staff']) == 0) { + $conf->cache['staff'] = $formcompany->effectif_array(1); } - print $staffArray[$obj->staff_code]; + print $conf->cache['staff'][$obj->staff_code]; print ''; if (!$i) { $totalarray['nbfield']++; @@ -1955,7 +1955,7 @@ if ($resql) { // Amount HT if (!empty($arrayfields['f.total_ht']['checked'])) { - print ''.price($obj->total_ht)."\n"; + print ''.price($obj->total_ht)."\n"; if (!$i) { $totalarray['nbfield']++; } @@ -2085,11 +2085,11 @@ if ($resql) { } if (!empty($arrayfields['f.retained_warranty']['checked'])) { - print ''.(!empty($obj->retained_warranty) ?price($obj->retained_warranty).'%' : ' ').''; + print ''.(!empty($obj->retained_warranty) ? price($obj->retained_warranty).'%' : ' ').''; } if (!empty($arrayfields['dynamount_payed']['checked'])) { - print ''.(!empty($totalpay) ?price($totalpay, 0, $langs) : ' ').''; // TODO Use a denormalized field + print ''.(!empty($totalpay) ? price($totalpay, 0, $langs) : ' ').''; // TODO Use a denormalized field if (!$i) { $totalarray['nbfield']++; } @@ -2116,7 +2116,7 @@ if ($resql) { // Currency if (!empty($arrayfields['f.multicurrency_code']['checked'])) { - print ''.$obj->multicurrency_code.' - '.$langs->trans('Currency'.$obj->multicurrency_code)."\n"; + print ''.dol_escape_htmltag($obj->multicurrency_code).' - '.$langs->trans('Currency'.$obj->multicurrency_code)."\n"; if (!$i) { $totalarray['nbfield']++; } @@ -2210,7 +2210,7 @@ if ($resql) { print $hookmanager->resPrint; // Date creation if (!empty($arrayfields['f.datec']['checked'])) { - print ''; + print ''; print dol_print_date($db->jdate($obj->date_creation), 'dayhour', 'tzuser'); print ''; if (!$i) { @@ -2219,7 +2219,7 @@ if ($resql) { } // Date modification if (!empty($arrayfields['f.tms']['checked'])) { - print ''; + print ''; print dol_print_date($db->jdate($obj->date_update), 'dayhour', 'tzuser'); print ''; if (!$i) { @@ -2228,7 +2228,7 @@ if ($resql) { } // Date closing if (!empty($arrayfields['f.date_closing']['checked'])) { - print ''; + print ''; print dol_print_date($db->jdate($obj->date_closing), 'dayhour', 'tzuser'); print ''; if (!$i) { diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index cb0d4f1def0..7f4ca7b074f 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -273,6 +273,7 @@ ErrorWrongFileName=Name of the file cannot have __SOMETHING__ in it ErrorNotInDictionaryPaymentConditions=Not in Payment Terms Dictionary, please modify. ErrorIsNotADraft=%s is not a draft ErrorExecIdFailed=Can't execute command "id" +ErrorBadCharIntoLoginName=Unauthorized character in the login name # Warnings WarningParamUploadMaxFileSizeHigherThanPostMaxSize=Your PHP parameter upload_max_filesize (%s) is higher than PHP parameter post_max_size (%s). This is not a consistent setup. diff --git a/htdocs/mrp/mo_movements.php b/htdocs/mrp/mo_movements.php index f7c25a1ec83..8ee47ea0bf9 100644 --- a/htdocs/mrp/mo_movements.php +++ b/htdocs/mrp/mo_movements.php @@ -1,5 +1,6 @@ + * Copyright (C) 2022 Ferran Marcet * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -155,6 +156,9 @@ if ($permissiontoupdatecost) { $arrayfields['m.price']['enabled'] = 1; } +$arrayofselected = array(); + + /* * Actions */ @@ -798,10 +802,29 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea } $num = $db->num_rows($resql); + $totalarray = array(); $i = 0; while ($i < ($limit ? min($num, $limit) : $num)) { $objp = $db->fetch_object($resql); + // Multilangs + if (!empty($conf->global->MAIN_MULTILANGS)) { // If multilang is enabled + // TODO Use a cache here + $sql = "SELECT label"; + $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; + $sql .= " WHERE fk_product=".$objp->rowid; + $sql .= " AND lang='".$db->escape($langs->getDefaultLang())."'"; + $sql .= " LIMIT 1"; + + $result = $db->query($sql); + if ($result) { + $objtp = $db->fetch_object($result); + if (!empty($objtp->label)) { + $objp->produit = $objtp->label; + } + } + } + $userstatic->id = $objp->fk_user_author; $userstatic->login = $objp->login; $userstatic->lastname = $objp->lastname; @@ -835,7 +858,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea // Id movement if (!empty($arrayfields['m.rowid']['checked'])) { // This is primary not movement id - print ''.$objp->mid.''; + print ''.dol_escape_htmltag($objp->mid).''; } if (!empty($arrayfields['m.datem']['checked'])) { // Date @@ -858,7 +881,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea if ($productlot->id > 0) { print $productlot->getNomUrl(1); } else { - print $productlot->batch; // the id may not be defined if movement was entered when lot was not saved or if lot was removed after movement. + print dol_escape_htmltag($productlot->batch); // the id may not be defined if movement was entered when lot was not saved or if lot was removed after movement. } print ''; } @@ -884,13 +907,13 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea // Inventory code print ''; //print ''; - print $objp->inventorycode; + print dol_escape_htmltag($objp->inventorycode); //print ''; print ''; } if (!empty($arrayfields['m.label']['checked'])) { // Label of movement - print ''.$objp->label.''; + print ''.dol_escape_htmltag($objp->label).''; } if (!empty($arrayfields['m.type_mouvement']['checked'])) { // Type of movement @@ -911,7 +934,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea } if (!empty($arrayfields['origin']['checked'])) { // Origin of movement - print ''.$origin.''; + print ''.dol_escape_htmltag($origin).''; } if (!empty($arrayfields['m.fk_projet']['checked'])) { // fk_project diff --git a/htdocs/product/stock/movement_list.php b/htdocs/product/stock/movement_list.php index e1418bed4c4..1c5bc703ca7 100644 --- a/htdocs/product/stock/movement_list.php +++ b/htdocs/product/stock/movement_list.php @@ -3,7 +3,7 @@ * Copyright (C) 2004-2017 Laurent Destailleur * Copyright (C) 2005-2014 Regis Houssin * Copyright (C) 2015 Juanjo Menent - * Copyright (C) 2018 Ferran Marcet + * Copyright (C) 2018-2022 Ferran Marcet * Copyright (C) 2019 Frédéric France * * This program is free software; you can redistribute it and/or modify @@ -1155,6 +1155,24 @@ while ($i < min($num, $limit)) { $userstatic->email = $objp->user_email; $userstatic->statut = $objp->user_status; + // Multilangs + if (!empty($conf->global->MAIN_MULTILANGS)) { // If multilang is enabled + // TODO Use a cache + $sql = "SELECT label"; + $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; + $sql .= " WHERE fk_product=".$objp->rowid; + $sql .= " AND lang='".$db->escape($langs->getDefaultLang())."'"; + $sql .= " LIMIT 1"; + + $result = $db->query($sql); + if ($result) { + $objtp = $db->fetch_object($result); + if (!empty($objtp->label)) { + $objp->produit = $objtp->label; + } + } + } + $productstatic->id = $objp->rowid; $productstatic->ref = $objp->product_ref; $productstatic->label = $objp->produit; diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 6f05462a2c8..1850f9d0095 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -2518,9 +2518,10 @@ class Societe extends CommonObject * @param int $maxlen Max length of name * @param int $notooltip 1=Disable tooltip * @param int $save_lastsearch_value -1=Auto, 0=No save of lastsearch_values when clicking, 1=Save lastsearch_values whenclicking + * @param int $noaliasinname 1=Do not add alias into the link ref * @return string String with URL */ - public function getNomUrl($withpicto = 0, $option = '', $maxlen = 0, $notooltip = 0, $save_lastsearch_value = -1) + public function getNomUrl($withpicto = 0, $option = '', $maxlen = 0, $notooltip = 0, $save_lastsearch_value = -1, $noaliasinname = 0) { global $conf, $langs, $hookmanager; @@ -2558,7 +2559,7 @@ class Societe extends CommonObject } } - if (!empty($this->name_alias)) { + if (!empty($this->name_alias) && empty($noaliasinname)) { $name .= ' ('.$this->name_alias.')'; }