';
print $langs->trans('From').' ';
-// TODO For the moment we keep a fre input text instead of a combo. The select_auxaccount has problem because it does not
+// TODO For the moment we keep a free input text instead of a combo. The select_auxaccount has problem because it does not
// use setup of keypress to select thirdparty and this hang browser on large database.
if (! empty($conf->global->ACCOUNTANCY_COMBO_FOR_AUX))
{
- print $formaccounting->select_auxaccount($search_accountancy_aux_code_start, 'search_accountancy_aux_code_start', 1);
+ print $formaccounting->select_auxaccount($search_accountancy_aux_code_start, 'search_accountancy_aux_code_start', 1);
}
else
{
- print '';
+ print '';
}
print '
';
print '
';
print $langs->trans('to').' ';
-// TODO For the moment we keep a fre input text instead of a combo. The select_auxaccount has problem because it does not
+// TODO For the moment we keep a free input text instead of a combo. The select_auxaccount has problem because it does not
// use setup of keypress to select thirdparty and this hang browser on large database.
if (! empty($conf->global->ACCOUNTANCY_COMBO_FOR_AUX))
{
- print $formaccounting->select_auxaccount($search_accountancy_aux_code_end, 'search_accountancy_aux_code_end', 1);
+ print $formaccounting->select_auxaccount($search_accountancy_aux_code_end, 'search_accountancy_aux_code_end', 1);
}
else
{
- print '';
+ print '';
}
print '
";
diff --git a/htdocs/api/class/api_documents.class.php b/htdocs/api/class/api_documents.class.php
index d1c544d4cb8..670d47ba3ee 100644
--- a/htdocs/api/class/api_documents.class.php
+++ b/htdocs/api/class/api_documents.class.php
@@ -23,7 +23,6 @@ use Luracast\Restler\Format\UploadFormat;
require_once DOL_DOCUMENT_ROOT.'/main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
/**
* API class for receive files
@@ -50,13 +49,15 @@ class Documents extends DolibarrApi
$this->db = $db;
}
-
+
/**
- * Returns a document.
+ * Returns a document. Note that, this API is similar to using the wrapper link "documents.php" to download
+ * a file (used for internal HTML links of documents into application), but with no need to be into a logged session (no need to post the session cookie).
*
* @param string $module_part Name of module or area concerned by file download ('facture', ...)
- * @param string $ref Reference of object (This will define subdir automatically)
- * @param string $subdir NOT YET AVAILABLE : Subdirectory (Only if ref not provided)
+ * @param string $original_file Relative path with filename, relative to modulepart (for example: IN201701-999/IN201701-999.pdf)
+ * @param int $regeneratedoc If requested document is the main document of an object, setting this to 1 ask API to regenerate document before returning it (supported for some module_part only). It is no effect in other cases.
+ * Also, note that setting this to 1 nead write access on object.
* @return array List of documents
*
* @throws 500
@@ -65,70 +66,68 @@ class Documents extends DolibarrApi
* @throws 401
* @throws 200
*/
- public function index($module_part, $ref='', $subdir='') {
- global $conf;
- $this->invoice = new Facture($this->db);
+ public function index($module_part, $original_file='', $regeneratedoc=0)
+ {
+ global $conf;
- if (empty($module_part)) {
- throw new RestException(400, 'bad value for parameter modulepart');
- }
- if (empty($ref) && empty($subdir)) {
+ if (empty($module_part)) {
+ throw new RestException(400, 'bad value for parameter modulepart');
+ }
+ if (empty($original_file)) {
throw new RestException(400, 'bad value for parameter ref or subdir');
}
- if (empty($ref)) {
- throw new RestException(501, 'FeatureNotYetAvailable');
- }
- if (!DolibarrApiAccess::$user->rights->ecm->read) {
- throw new RestException(401);
- }
-
- //--- Generates the document
- $hidedetails = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 0 : 1;
- $hidedesc = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 0 : 1;
- $hideref = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 0 : 1;
- $result = $this->invoice->fetch(0, $ref);
- if( ! $result ) {
- throw new RestException(404, 'Invoice not found');
- }
- $result = $this->invoice->generateDocument($this->invoice->modelpdf, $outputlangs, $hidedetails, $hidedesc, $hideref);
- if( $result <= 0 ) {
- throw new RestException(500, 'Error generating document');
+
+ //--- Finds and returns the document
+ $entity=$conf->entity;
+
+ $check_access = dol_check_secure_access_document($module_part, $original_file, $entity, DolibarrApiAccess::$user, '', ($regeneratedoc ? 'write' : 'read'));
+ $accessallowed = $check_access['accessallowed'];
+ $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
+ $original_file = $check_access['original_file'];
+
+ if (preg_match('/\.\./',$original_file) || preg_match('/[<>|]/',$original_file))
+ {
+ throw new RestException(401);
+ }
+ if (!$accessallowed) {
+ throw new RestException(401);
+ }
+
+ // --- Generates the document
+ if ($regeneratedoc)
+ {
+ $hidedetails = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 0 : 1;
+ $hidedesc = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 0 : 1;
+ $hideref = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 0 : 1;
+
+ if ($module_part == 'facture' || $module_part == 'invoice')
+ {
+ require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
+ $this->invoice = new Facture($this->db);
+ $result = $this->invoice->fetch(0, $ref);
+ if( ! $result ) {
+ throw new RestException(404, 'Invoice not found');
+ }
+ $result = $this->invoice->generateDocument($this->invoice->modelpdf, $outputlangs, $hidedetails, $hidedesc, $hideref);
+ if( $result <= 0 ) {
+ throw new RestException(500, 'Error generating document');
+ }
+ }
}
+ $filename = basename($original_file);
+ $original_file_osencoded=dol_osencode($original_file); // New file name encoded in OS encoding charset
+ if (! file_exists($original_file_osencoded))
+ {
+ throw new RestException(404, 'File not found');
+ }
- //--- Finds and returns the document
- $original_file = str_replace("../","/", $ref.'/'.$ref.'.pdf');
- $refname=basename(dirname($original_file)."/");
- $entity=$conf->entity;
-
- $check_access = dol_check_secure_access_document($module_part,$original_file,$entity,DolibarrApiAccess::$user);
- $accessallowed = $check_access['accessallowed'];
- $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
- $original_file = $check_access['original_file'];
-
- if (preg_match('/\.\./',$original_file) || preg_match('/[<>|]/',$original_file))
- {
- throw new RestException(401);
- }
- if (!$accessallowed) {
- throw new RestException(401);
- }
-
-
- $filename = basename($original_file);
- $original_file_osencoded=dol_osencode($original_file); // New file name encoded in OS encoding charset
-
- if (! file_exists($original_file_osencoded))
- {
- throw new RestException(404, 'File not found');
- }
-
- $file_content=file_get_contents($original_file_osencoded);
+ $file_content=file_get_contents($original_file_osencoded);
return array('filename'=>$filename, 'content'=>base64_encode($file_content), 'encoding'=>'MIME base64 (base64_encode php function, http://php.net/manual/en/function.base64-encode.php)' );
}
-
-
+
+
/**
* Return a document.
*
@@ -141,10 +140,10 @@ class Documents extends DolibarrApi
public function get($id) {
return array('note'=>'xxx');
}*/
-
-
+
+
/**
- * Push a file.
+ * Push a file.
* Test sample 1: { "filename": "mynewfile.txt", "modulepart": "facture", "ref": "FA1701-001", "subdir": "", "filecontent": "content text", "fileencoding": "", "overwriteifexists": "0" }.
* Test sample 2: { "filename": "mynewfile.txt", "modulepart": "medias", "ref": "", "subdir": "mysubdir1/mysubdir2", "filecontent": "content text", "fileencoding": "", "overwriteifexists": "0" }.
*
@@ -161,12 +160,12 @@ class Documents extends DolibarrApi
public function post($filename, $modulepart, $ref='', $subdir='', $filecontent='', $fileencoding='', $overwriteifexists=0)
{
global $db, $conf;
-
+
/*var_dump($modulepart);
var_dump($filename);
var_dump($filecontent);
exit;*/
-
+
require_once DOL_DOCUMENT_ROOT . '/core/lib/files.lib.php';
if (!DolibarrApiAccess::$user->rights->ecm->upload) {
@@ -190,7 +189,7 @@ class Documents extends DolibarrApi
$object=new Facture($db);
$result = $object->fetch('', $ref);
}
-
+
if (! ($object->id > 0))
{
throw new RestException(500, 'The object '.$modulepart." with ref '".$ref."' was not found.");
@@ -198,7 +197,7 @@ class Documents extends DolibarrApi
$tmp = dol_check_secure_access_document($modulepart, $tmpreldir.$object->ref, $entity, DolibarrApiAccess::$user, $ref, 'write');
$upload_dir = $tmp['original_file'];
-
+
if (empty($upload_dir) || $upload_dir == '/')
{
throw new RestException(500, 'This value of modulepart does not support yet usage of ref. Check modulepart parameter or try to use subdir parameter instead of ref.');
@@ -207,7 +206,7 @@ class Documents extends DolibarrApi
else
{
if ($modulepart == 'invoice') $modulepart ='facture';
-
+
$tmp = dol_check_secure_access_document($modulepart, $subdir, $entity, DolibarrApiAccess::$user, '', 'write');
$upload_dir = $tmp['original_file'];
@@ -216,14 +215,14 @@ class Documents extends DolibarrApi
throw new RestException(500, 'This value of modulepart does not support yet usage of ref. Check modulepart parameter or try to use subdir parameter instead of ref.');
}
}
-
-
+
+
$upload_dir = dol_sanitizePathName($upload_dir);
-
+
$destfile = $upload_dir . '/' . $original_file;
$destfiletmp = DOL_DATA_ROOT.'/admin/temp/' . $original_file;
dol_delete_file($destfiletmp);
-
+
if (!dol_is_dir($upload_dir)) {
throw new RestException(401,'Directory not exists : '.$upload_dir);
}
@@ -232,7 +231,7 @@ class Documents extends DolibarrApi
{
throw new RestException(500, "File with name '".$original_file."' already exists.");
}
-
+
$fhandle = @fopen($destfiletmp, 'w');
if ($fhandle)
{
@@ -244,9 +243,9 @@ class Documents extends DolibarrApi
{
throw new RestException(500, "Failed to open file '".$destfiletmp."' for write");
}
-
+
$result = dol_move($destfiletmp, $destfile, 0, $overwriteifexists, 1);
-
+
return $result;
}
diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php
index 6027f76ec58..6242691d1f1 100644
--- a/htdocs/categories/class/categorie.class.php
+++ b/htdocs/categories/class/categorie.class.php
@@ -882,7 +882,7 @@ class Categorie extends CommonObject
/**
* List categories of an element id
*
- * @param int $item Id of element
+ * @param int $id Id of element
* @param string $type Type of category ('member', 'customer', 'supplier', 'product', 'contact')
* @param string $sortfield Sort field
* @param string $sortorder Sort order
diff --git a/htdocs/core/class/comment.class.php b/htdocs/core/class/comment.class.php
index 0ec77405721..870c4f4bccd 100644
--- a/htdocs/core/class/comment.class.php
+++ b/htdocs/core/class/comment.class.php
@@ -1,4 +1,4 @@
-db = $db;
}
-
+
/**
* Create into database
@@ -190,7 +190,7 @@ class Comment extends CommonObject
$sql.= " description=".(isset($this->description)?"'".$this->db->escape($this->description)."'":"null").",";
$sql.= " datec=".($this->datec!=''?"'".$this->db->idate($this->datec)."'":'null').",";
$sql.= " fk_element=".(isset($this->fk_element)?$this->fk_element:"null").",";
- $sql.= " element_type='".$this->element_type."',";
+ $sql.= " element_type='".$this->db->escape($this->element_type)."',";
$sql.= " fk_user_author=".(isset($this->fk_user_author)?$this->fk_user_author:"null").",";
$sql.= " entity=".(!empty($this->entity)?$this->entity:'1').",";
$sql.= " import_key=".(!empty($this->import_key)?"'".$this->db->escape($this->import_key)."'":"null");
@@ -280,12 +280,14 @@ class Comment extends CommonObject
return 1;
}
}
-
-
+
+
/**
* Load comments linked with current task
*
- * @return array Comment array
+ * @param string $element_type Element type
+ * @param int $fk_element Id of element
+ * @return array Comment array
*/
public static function fetchAllFor($element_type, $fk_element)
{
@@ -299,7 +301,7 @@ class Comment extends CommonObject
$sql.= " AND c.element_type = '".$element_type."'";
$sql.= " AND c.entity = ".$conf->entity;
$sql.= " ORDER BY c.tms DESC";
-
+
dol_syslog("Comment::fetchAllFor", LOG_DEBUG);
$resql=$db->query($sql);
if ($resql)
diff --git a/htdocs/core/modules/security/generate/modGeneratePassPerso.class.php b/htdocs/core/modules/security/generate/modGeneratePassPerso.class.php
index af08ae53392..96041bcac2c 100644
--- a/htdocs/core/modules/security/generate/modGeneratePassPerso.class.php
+++ b/htdocs/core/modules/security/generate/modGeneratePassPerso.class.php
@@ -1,6 +1,7 @@
- * Copyright (C) 2014 Teddy Andreotti <125155@supinfo.com>
+/* Copyright (C) 2006-2011 Laurent Destailleur
+ * Copyright (C) 2014 Teddy Andreotti <125155@supinfo.com>
+ * Copyright (C) 2017 Regis Houssin
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -98,7 +99,10 @@ class modGeneratePassPerso extends ModeleGenPassword
$this->Spe = str_replace($this->Ambi,"",$this->Spe);
}
- $this->All = str_shuffle($this->Maj. $this->Min. $this->Nb. $this->Spe);
+ $pattern = $this->Min . (! empty($this->NbMaj)?$this->Maj:'') . (! empty($this->NbNum)?$this->Nb:'') . (! empty($this->NbSpe)?$this->Spe:'');
+ $this->All = str_shuffle($pattern);
+
+ //$this->All = str_shuffle($this->Maj. $this->Min. $this->Nb. $this->Spe);
//$this->All = $this->Maj. $this->Min. $this->Nb. $this->Spe;
//$this->All = $this->Spe;
diff --git a/htdocs/document.php b/htdocs/document.php
index 0b2db2323cd..a0b764882f8 100644
--- a/htdocs/document.php
+++ b/htdocs/document.php
@@ -27,6 +27,7 @@
* \remarks Call of this wrapper is made with URL:
* document.php?modulepart=repfichierconcerne&file=relativepathoffile
* document.php?modulepart=logs&file=dolibarr.log
+ * document.php?modulepart=logs&hashp=sharekey
*/
define('NOTOKENRENEWAL',1); // Disables token renewal
diff --git a/htdocs/install/mysql/migration/6.0.0-7.0.0.sql b/htdocs/install/mysql/migration/6.0.0-7.0.0.sql
index fb9e5f8749f..5d87f42faed 100644
--- a/htdocs/install/mysql/migration/6.0.0-7.0.0.sql
+++ b/htdocs/install/mysql/migration/6.0.0-7.0.0.sql
@@ -253,7 +253,7 @@ CREATE TABLE llx_expensereport_rules (
code_expense_rules_type varchar(50) NOT NULL,
is_for_all tinyint DEFAULT '0',
entity integer DEFAULT 1
-);
+)ENGINE=innodb;
ALTER TABLE llx_expensereport_det ADD COLUMN rule_warning_message text;
ALTER TABLE llx_expensereport_det ADD COLUMN fk_c_exp_tax_cat integer;
@@ -302,8 +302,9 @@ insert into llx_c_action_trigger (code,label,description,elementtype,rang) value
insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('PROPOSAL_SUPPLIER_CLOSE_SIGNED','Price request closed signed','Executed when a customer proposal is closed signed','proposal_supplier',10);
insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('PROPOSAL_SUPPLIER_CLOSE_REFUSED','Price request closed refused','Executed when a customer proposal is closed refused','proposal_supplier',10);
-DROP TABLE `llx_projet_task_comment`;
-CREATE TABLE IF NOT EXISTS llx_comment (
+DROP TABLE llx_projet_task_comment;
+
+CREATE TABLE llx_comment (
rowid integer AUTO_INCREMENT PRIMARY KEY,
datec datetime DEFAULT NULL,
tms timestamp,
diff --git a/htdocs/langs/en_US/accountancy.lang b/htdocs/langs/en_US/accountancy.lang
index 8ab0ddc018c..eacfe4fc2aa 100644
--- a/htdocs/langs/en_US/accountancy.lang
+++ b/htdocs/langs/en_US/accountancy.lang
@@ -148,7 +148,8 @@ Doctype=Type of document
Docdate=Date
Docref=Reference
Code_tiers=Thirdparty
-Labelcompte=Label account
+LabelAccount=Label account
+LabelOperation=Label operation
Sens=Sens
Codejournal=Journal
NumPiece=Piece number
diff --git a/htdocs/langs/en_US/modulebuilder.lang b/htdocs/langs/en_US/modulebuilder.lang
index 73ff04221ef..233e4339bca 100644
--- a/htdocs/langs/en_US/modulebuilder.lang
+++ b/htdocs/langs/en_US/modulebuilder.lang
@@ -12,7 +12,7 @@ ObjectKey=Object key
ModuleInitialized=Module initialized
FilesForObjectInitialized=Files for new object '%s' initialized
FilesForObjectUpdated=Files for object '%s' updated (.sql files and .class.php file)
-ModuleBuilderDescdescription=Enter here all general information that describe your module
+ModuleBuilderDescdescription=Enter here all general information that describe your module.
ModuleBuilderDescspecifications=You can enter here a long text to describe the specifications of your module that is not already structured into other tabs. So you have within easy reach all the rules to develop. Also this text content will be included into the generated documentation (see last tab). You can use Markdown format, but it is recommanded to use Asciidoc format (Comparison between .md and .asciidoc: http://asciidoctor.org/docs/user-manual/#compared-to-markdown)
ModuleBuilderDescobjects=Define here the objects you want to manage with your module. A CRUD DAO class, SQL files, page to list record of objects, to create/edit/view a record and an API will be generated.
ModuleBuilderDescmenus=This tab is dedicated to define menu entries provided by your module.
@@ -77,7 +77,7 @@ SpecDefDesc=Enter here all documentation you want to provide with your module th
LanguageDefDesc=Enter in this files, all the key and the translation for each language file.
MenusDefDesc=Define here the menus provided by your module (once defined, they are visible into the menu editor %s)
PermissionsDefDesc=Define here the new permissions provided by your module (once defined, they are visible into the default permissions setup %s)
-HooksDefDesc=Define in the module_parts['hooks'] property in the module descriptor the context of hooks you want to manage (list of contexts can be found by a search on 'initHooks(' in core code). Edit the hook file to add code of your hooked functions (hookable functions can be found by a search on 'executeHooks' in core code).
-TriggerDefDesc=Define in the trigger file the code you want to execute for each business event executed
+HooksDefDesc=Define in the module_parts['hooks'] property, in the module descriptor, the context of hooks you want to manage (list of contexts can be found by a search on 'initHooks(' in core code). Edit the hook file to add code of your hooked functions (hookable functions can be found by a search on 'executeHooks' in core code).
+TriggerDefDesc=Define in the trigger file the code you want to execute for each business event executed.
SeeIDsInUse=See IDs in use in your installation
SeeReservedIDsRangeHere=See range of reserved IDs
\ No newline at end of file
diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php
index 1e7826ebf16..767370786c1 100644
--- a/htdocs/modulebuilder/index.php
+++ b/htdocs/modulebuilder/index.php
@@ -28,6 +28,7 @@ if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION','1');
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/class/html.formadmin.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/modulebuilder.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php';
@@ -764,6 +765,7 @@ if ($action == 'reset' && $user->admin)
*/
$form = new Form($db);
+$formadmin = new FormAdmin($db);
// Set dir where external modules are installed
if (! dol_is_dir($dirins))
@@ -1252,6 +1254,20 @@ elseif (! empty($module))
print $langs->trans("LanguageDefDesc").' ';
print ' ';
+
+ print '';
+
+ print ' ';
+ print ' ';
+
$langfiles=dol_dir_list(dol_buildpath($modulelowercase.'/langs', 0), 'files', 1, '\.lang$');
foreach ($langfiles as $langfile)