From 08685cc6b0830e368078b6797ca0dc756032ecd3 Mon Sep 17 00:00:00 2001 From: Ferran Marcet Date: Mon, 3 Jan 2022 13:14:40 +0100 Subject: [PATCH 1/8] Fix: Correctly display product translations --- htdocs/mrp/mo_movements.php | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/htdocs/mrp/mo_movements.php b/htdocs/mrp/mo_movements.php index 87acc7a0032..73b89b5cd2e 100644 --- a/htdocs/mrp/mo_movements.php +++ b/htdocs/mrp/mo_movements.php @@ -1,5 +1,6 @@ + * Copyright (C) 2022 Ferran Marcet * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -729,6 +730,23 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea while ($i < ($limit ? min($num, $limit) : $num)) { $objp = $db->fetch_object($resql); + // Multilangs + if (!empty($conf->global->MAIN_MULTILANGS)) // If multilang is enabled + { + $sql = "SELECT label"; + $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; + $sql .= " WHERE fk_product=".$objp->rowid; + $sql .= " AND lang='".$db->escape($langs->getDefaultLang())."'"; + $sql .= " LIMIT 1"; + + $result = $db->query($sql); + if ($result) + { + $objtp = $db->fetch_object($result); + if (!empty($objtp->label)) $objp->produit = $objtp->label; + } + } + $userstatic->id = $objp->fk_user_author; $userstatic->login = $objp->login; $userstatic->lastname = $objp->lastname; From 26c6908f667a00cd00737d26345e1917b3a1e82f Mon Sep 17 00:00:00 2001 From: Ferran Marcet Date: Mon, 3 Jan 2022 13:22:07 +0100 Subject: [PATCH 2/8] Fix: Correctly display product translations --- htdocs/product/stock/movement_list.php | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/htdocs/product/stock/movement_list.php b/htdocs/product/stock/movement_list.php index 4db4451a878..4cfd169a3f8 100644 --- a/htdocs/product/stock/movement_list.php +++ b/htdocs/product/stock/movement_list.php @@ -3,7 +3,7 @@ * Copyright (C) 2004-2017 Laurent Destailleur * Copyright (C) 2005-2014 Regis Houssin * Copyright (C) 2015 Juanjo Menent - * Copyright (C) 2018 Ferran Marcet + * Copyright (C) 2018-2022 Ferran Marcet * Copyright (C) 2019 Frédéric France * * This program is free software; you can redistribute it and/or modify @@ -1001,6 +1001,23 @@ if ($resql) { $objp = $db->fetch_object($resql); + // Multilangs + if (!empty($conf->global->MAIN_MULTILANGS)) // If multilang is enabled + { + $sql = "SELECT label"; + $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; + $sql .= " WHERE fk_product=".$objp->rowid; + $sql .= " AND lang='".$db->escape($langs->getDefaultLang())."'"; + $sql .= " LIMIT 1"; + + $result = $db->query($sql); + if ($result) + { + $objtp = $db->fetch_object($result); + if (!empty($objtp->label)) $objp->produit = $objtp->label; + } + } + $userstatic->id = $objp->fk_user_author; $userstatic->login = $objp->login; $userstatic->lastname = $objp->lastname; From b719042b098ba697c5bcbed503baa2690b69652d Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Tue, 4 Jan 2022 10:47:59 +0100 Subject: [PATCH 3/8] Missing language key on error --- htdocs/langs/en_US/errors.lang | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index c51414e6833..15043ce047e 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -271,6 +271,7 @@ CheckVersionFail=Version check fail ErrorWrongFileName=Name of the file cannot have __SOMETHING__ in it ErrorNotInDictionaryPaymentConditions=Not in Payment Terms Dictionary, please modify. ErrorExecIdFailed=Can't execute command "id" +ErrorBadCharIntoLoginName=Unauthorized character in the login name # Warnings WarningParamUploadMaxFileSizeHigherThanPostMaxSize=Your PHP parameter upload_max_filesize (%s) is higher than PHP parameter post_max_size (%s). This is not a consistent setup. From 24c0f93ead6ec8f2e260fce444ab6f001444e6d4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 4 Jan 2022 13:50:38 +0100 Subject: [PATCH 4/8] Prepare 14.0.5 --- ChangeLog | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/ChangeLog b/ChangeLog index b8f5e21a782..83a19ef0f36 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,45 @@ English Dolibarr ChangeLog -------------------------------------------------------------- + +***** ChangeLog for 14.0.5 compared to 14.0.4 ***** + +FIX: 13.0: printFieldListWhere called twice on same query +FIX: 14.0.4 fatal error on cron list. +FIX: #19476 +FIX: #19564 +FIX: #19651 +FIX: Accountancy - SQL error on subledger account search in journal +FIX: apply eldy's suggestion to not overwrite existing extrafields of $line +FIX: Can't close a down payment if paid with credit notes. +FIX: compatibility with multicompany +FIX: contact card: bad colspan value for separator extrafield in creation/modification form +FIX: discounts are applied both when fetching the best supplier price and when displaying it +FIX: discounts are applied twice for displaying best supplier price +FIX: double display for contact categorie on societe create card +FIX: fatal error on cron list. +FIX: holiday list: only mass delete if leave request is not in draft, canceled or refused, like in card +FIX: holiday mass deletion: correct return of record deleted +FIX: Holiday month report +FIX: info tab on customer invoice record not found +FIX: line extrafields are inoperative in dispatch cards even when they exist +FIX: list of categories in stats of supplier invoices +FIX: missing default value for more comprehensive +FIX: multicurrency: fields in discount unitialized when creating deposit +FIX: Navigation on bank transaction list +FIX: Option MAIN_DIRECT_STATUS_UPDATE broken. Ajax on/off not saving value in DB after updating to version >=12 +FIX: postgresql compatibility, "" as is not authorized +FIX: postgresql compatibility, '' as is not authorized +FIX: printFieldListWhere called twice (at different locations) for the same SQL query, can result in syntax errors +FIX: select too large into addrights (pb of missing parenthesis) +FIX: set optional from post +FIX: set optional from post, we cant untick boolean field on product card +FIX: Take into consideration work leave over serveral months +FIX: test of method exist on wrong object +FIX: title for nature of third party in company list +FIX: Urgent onglet contact inaccessible depuis une facture +FIX: wrong syntax of sql request + ***** ChangeLog for 14.0.4 compared to 14.0.3 ***** FIX: $totalarray is overwritten, totals were lost From 12e5375bd532d418cbf97e2cdb413eeae4ed3b0f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 4 Jan 2022 13:51:43 +0100 Subject: [PATCH 5/8] Doc --- ChangeLog | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 83a19ef0f36..7596e7307e0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,7 +22,7 @@ FIX: fatal error on cron list. FIX: holiday list: only mass delete if leave request is not in draft, canceled or refused, like in card FIX: holiday mass deletion: correct return of record deleted FIX: Holiday month report -FIX: info tab on customer invoice record not found +FIX: info tab on customer invoice record not found FIX: line extrafields are inoperative in dispatch cards even when they exist FIX: list of categories in stats of supplier invoices FIX: missing default value for more comprehensive @@ -30,7 +30,6 @@ FIX: multicurrency: fields in discount unitialized when creating deposit FIX: Navigation on bank transaction list FIX: Option MAIN_DIRECT_STATUS_UPDATE broken. Ajax on/off not saving value in DB after updating to version >=12 FIX: postgresql compatibility, "" as is not authorized -FIX: postgresql compatibility, '' as is not authorized FIX: printFieldListWhere called twice (at different locations) for the same SQL query, can result in syntax errors FIX: select too large into addrights (pb of missing parenthesis) FIX: set optional from post From 04c42731f756433c086b845fa361f0e463d25f23 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 4 Jan 2022 13:52:33 +0100 Subject: [PATCH 6/8] Doc --- ChangeLog | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7596e7307e0..a0091c2c42a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,10 +13,9 @@ FIX: #19651 FIX: Accountancy - SQL error on subledger account search in journal FIX: apply eldy's suggestion to not overwrite existing extrafields of $line FIX: Can't close a down payment if paid with credit notes. -FIX: compatibility with multicompany +FIX: better compatibility with multicompany FIX: contact card: bad colspan value for separator extrafield in creation/modification form FIX: discounts are applied both when fetching the best supplier price and when displaying it -FIX: discounts are applied twice for displaying best supplier price FIX: double display for contact categorie on societe create card FIX: fatal error on cron list. FIX: holiday list: only mass delete if leave request is not in draft, canceled or refused, like in card @@ -28,14 +27,14 @@ FIX: list of categories in stats of supplier invoices FIX: missing default value for more comprehensive FIX: multicurrency: fields in discount unitialized when creating deposit FIX: Navigation on bank transaction list +FIX: Can't edit a bank transaction due to bad permission check. FIX: Option MAIN_DIRECT_STATUS_UPDATE broken. Ajax on/off not saving value in DB after updating to version >=12 FIX: postgresql compatibility, "" as is not authorized FIX: printFieldListWhere called twice (at different locations) for the same SQL query, can result in syntax errors FIX: select too large into addrights (pb of missing parenthesis) -FIX: set optional from post -FIX: set optional from post, we cant untick boolean field on product card +FIX: set optional from post, we can't untick boolean field on product card FIX: Take into consideration work leave over serveral months -FIX: test of method exist on wrong object +FIX: test if method exist on wrong object FIX: title for nature of third party in company list FIX: Urgent onglet contact inaccessible depuis une facture FIX: wrong syntax of sql request From 949c154f159013efc280e32a472c6599fd9c33de Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 5 Jan 2022 20:19:15 +0100 Subject: [PATCH 7/8] Fix missing html id --- htdocs/admin/system/filecheck.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/admin/system/filecheck.php b/htdocs/admin/system/filecheck.php index 5ca87663c7a..1f183e1b730 100644 --- a/htdocs/admin/system/filecheck.php +++ b/htdocs/admin/system/filecheck.php @@ -119,9 +119,9 @@ if (dol_is_file($xmlfile)) { print ''; print '
'; } else { - print ' '.$langs->trans("LocalSignature").' = '; + print ' '; print '
'; } print ''."\n"; @@ -129,7 +129,7 @@ if ($enableremotecheck) { print ' = '; print '
'; } else { - print ' '.$langs->trans("RemoteSignature").' = '.dol_escape_htmltag($xmlremote); + print ' '.$langs->trans("RemoteSignature").' = '.dol_escape_htmltag($xmlremote); if (!GETPOST('xmlremote')) { print ' ('.$langs->trans("FeatureAvailableOnlyOnStable").')'; } From 708f5e5cf1357b7584ad35a1e4c583fc5026c17d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 6 Jan 2022 10:54:19 +0100 Subject: [PATCH 8/8] FIX #19751 --- htdocs/compta/facture/list.php | 42 +++++++++++++------------- htdocs/societe/class/societe.class.php | 5 +-- 2 files changed, 24 insertions(+), 23 deletions(-) diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 94d3ead3998..ccf3c2f3f0c 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -1632,7 +1632,7 @@ if ($resql) { print ''; if ($contextpage == 'poslist') { - print $obj->ref; + print dol_escape_htmltag($obj->ref); } else { print $facturestatic->getNomUrl(1, '', 200, 0, '', 0, 1); } @@ -1654,7 +1654,7 @@ if ($resql) { // Customer ref if (!empty($arrayfields['f.ref_client']['checked'])) { print ''; - print $obj->ref_client; + print dol_escape_htmltag($obj->ref_client); print ''; if (!$i) { $totalarray['nbfield']++; @@ -1719,7 +1719,7 @@ if ($resql) { if (!empty($arrayfields['p.title']['checked'])) { print ''; if ($obj->project_id > 0) { - print $projectstatic->title; + print dol_escape_htmltag($projectstatic->title); } print ''; if (!$i) { @@ -1731,9 +1731,9 @@ if ($resql) { if (!empty($arrayfields['s.nom']['checked'])) { print ''; if ($contextpage == 'poslist') { - print $companystatic->name; + print dol_escape_htmltag($companystatic->name); } else { - print $companystatic->getNomUrl(1, 'customer'); + print $companystatic->getNomUrl(1, 'customer', 0, 0, -1, empty($arrayfields['s.name_alias']['checked']) ? 0 : 1); } print ''; if (!$i) { @@ -1742,8 +1742,8 @@ if ($resql) { } // Alias if (!empty($arrayfields['s.name_alias']['checked'])) { - print ''; - print $obj->name_alias; + print ''; + print dol_escape_htmltag($companystatic->name_alias); print ''; if (!$i) { $totalarray['nbfield']++; @@ -1752,7 +1752,7 @@ if ($resql) { // Town if (!empty($arrayfields['s.town']['checked'])) { print ''; - print $obj->town; + print dol_escape_htmltag($obj->town); print ''; if (!$i) { $totalarray['nbfield']++; @@ -1761,7 +1761,7 @@ if ($resql) { // Zip if (!empty($arrayfields['s.zip']['checked'])) { print ''; - print $obj->zip; + print dol_escape_htmltag($obj->zip); print ''; if (!$i) { $totalarray['nbfield']++; @@ -1799,10 +1799,10 @@ if ($resql) { // Staff if (!empty($arrayfields['staff.code']['checked'])) { print ''; - if (!is_array($staffArray) || count($staffArray) == 0) { - $staffArray = $formcompany->effectif_array(1); + if (!is_array($conf->cache['staff']) || count($conf->cache['staff']) == 0) { + $conf->cache['staff'] = $formcompany->effectif_array(1); } - print $staffArray[$obj->staff_code]; + print $conf->cache['staff'][$obj->staff_code]; print ''; if (!$i) { $totalarray['nbfield']++; @@ -1832,7 +1832,7 @@ if ($resql) { // Module Source if (!empty($arrayfields['f.module_source']['checked'])) { print ''; - print $obj->module_source; + print dol_escape_htmltag($obj->module_source); print ''; if (!$i) { $totalarray['nbfield']++; @@ -1842,7 +1842,7 @@ if ($resql) { // POS Terminal if (!empty($arrayfields['f.pos_source']['checked'])) { print ''; - print $obj->pos_source; + print dol_escape_htmltag($obj->pos_source); print ''; if (!$i) { $totalarray['nbfield']++; @@ -1851,7 +1851,7 @@ if ($resql) { // Amount HT if (!empty($arrayfields['f.total_ht']['checked'])) { - print ''.price($obj->total_ht)."\n"; + print ''.price($obj->total_ht)."\n"; if (!$i) { $totalarray['nbfield']++; } @@ -1934,11 +1934,11 @@ if ($resql) { } if (!empty($arrayfields['f.retained_warranty']['checked'])) { - print ''.(!empty($obj->retained_warranty) ?price($obj->retained_warranty).'%' : ' ').''; + print ''.(!empty($obj->retained_warranty) ? price($obj->retained_warranty).'%' : ' ').''; } if (!empty($arrayfields['dynamount_payed']['checked'])) { - print ''.(!empty($totalpay) ?price($totalpay, 0, $langs) : ' ').''; // TODO Use a denormalized field + print ''.(!empty($totalpay) ? price($totalpay, 0, $langs) : ' ').''; // TODO Use a denormalized field if (!$i) { $totalarray['nbfield']++; } @@ -1965,7 +1965,7 @@ if ($resql) { // Currency if (!empty($arrayfields['f.multicurrency_code']['checked'])) { - print ''.$obj->multicurrency_code.' - '.$langs->trans('Currency'.$obj->multicurrency_code)."\n"; + print ''.dol_escape_htmltag($obj->multicurrency_code).' - '.$langs->trans('Currency'.$obj->multicurrency_code)."\n"; if (!$i) { $totalarray['nbfield']++; } @@ -2059,7 +2059,7 @@ if ($resql) { print $hookmanager->resPrint; // Date creation if (!empty($arrayfields['f.datec']['checked'])) { - print ''; + print ''; print dol_print_date($db->jdate($obj->date_creation), 'dayhour', 'tzuser'); print ''; if (!$i) { @@ -2068,7 +2068,7 @@ if ($resql) { } // Date modification if (!empty($arrayfields['f.tms']['checked'])) { - print ''; + print ''; print dol_print_date($db->jdate($obj->date_update), 'dayhour', 'tzuser'); print ''; if (!$i) { @@ -2077,7 +2077,7 @@ if ($resql) { } // Date closing if (!empty($arrayfields['f.date_closing']['checked'])) { - print ''; + print ''; print dol_print_date($db->jdate($obj->date_closing), 'dayhour', 'tzuser'); print ''; if (!$i) { diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 818d5249a6c..c8b381280b1 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -2481,9 +2481,10 @@ class Societe extends CommonObject * @param int $maxlen Max length of name * @param int $notooltip 1=Disable tooltip * @param int $save_lastsearch_value -1=Auto, 0=No save of lastsearch_values when clicking, 1=Save lastsearch_values whenclicking + * @param int $noaliasinname 1=Do not add alias into the link ref * @return string String with URL */ - public function getNomUrl($withpicto = 0, $option = '', $maxlen = 0, $notooltip = 0, $save_lastsearch_value = -1) + public function getNomUrl($withpicto = 0, $option = '', $maxlen = 0, $notooltip = 0, $save_lastsearch_value = -1, $noaliasinname = 0) { global $conf, $langs, $hookmanager; @@ -2521,7 +2522,7 @@ class Societe extends CommonObject } } - if (!empty($this->name_alias)) { + if (!empty($this->name_alias) && empty($noaliasinname)) { $name .= ' ('.$this->name_alias.')'; }