From 026195689b8f820ec0880bf6e230b9d4ffe7fcff Mon Sep 17 00:00:00 2001 From: Grand Philippe Date: Wed, 24 Apr 2013 15:22:37 +0200 Subject: [PATCH 01/14] fix undefined offset --- htdocs/includes/nusoap/lib/nusoap.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/includes/nusoap/lib/nusoap.php b/htdocs/includes/nusoap/lib/nusoap.php index 501e5669ce9..403d74b13e9 100644 --- a/htdocs/includes/nusoap/lib/nusoap.php +++ b/htdocs/includes/nusoap/lib/nusoap.php @@ -2217,7 +2217,7 @@ class soap_transport_http extends nusoap_base { } $this->use_curl = $use_curl; preg_match('/\$Revisio' . 'n: ([^ ]+)/', $this->revision, $rev); - $this->setHeader('User-Agent', $this->title.'/'.$this->version.' ('.$rev[1].')'); + if (isset($rev[1])) $this->setHeader('User-Agent', $this->title.'/'.$this->version.' ('.$rev[1].')'); } /** From 436b6259c05e2fd56610365ad1470e712126ad7d Mon Sep 17 00:00:00 2001 From: simnandez Date: Wed, 24 Apr 2013 16:57:46 +0200 Subject: [PATCH 02/14] Fix: finish merge --- htdocs/core/modules/syslog/mod_syslog_file.php | 5 ----- 1 file changed, 5 deletions(-) diff --git a/htdocs/core/modules/syslog/mod_syslog_file.php b/htdocs/core/modules/syslog/mod_syslog_file.php index 4d482f017cf..1df48c997dc 100644 --- a/htdocs/core/modules/syslog/mod_syslog_file.php +++ b/htdocs/core/modules/syslog/mod_syslog_file.php @@ -96,12 +96,7 @@ class mod_syslog_file extends LogHandler implements LogHandlerInterface /** * Return the parsed logfile path * -<<<<<<< OURS * @return string -======= - * @param string $suffixinfilename When output is a file, append this suffix into default log filename. - * @return string ->>>>>>> THEIRS */ private function getFilename() { From cd7f94d515ffa724cc6acb1bbab3360e6320a6f0 Mon Sep 17 00:00:00 2001 From: fhenry Date: Wed, 24 Apr 2013 23:19:01 +0200 Subject: [PATCH 03/14] [ bug #849 ] BUG PGSQL --- htdocs/compta/facture/impayees.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/facture/impayees.php b/htdocs/compta/facture/impayees.php index 5737c9bb99a..1a8ddd3b6a6 100644 --- a/htdocs/compta/facture/impayees.php +++ b/htdocs/compta/facture/impayees.php @@ -227,7 +227,7 @@ if ($search_societe) $sql .= " AND s.nom LIKE '%".$search_societe."%'"; if ($search_montant_ht) $sql .= " AND f.total = '".$search_montant_ht."'"; if ($search_montant_ttc) $sql .= " AND f.total_ttc = '".$search_montant_ttc."'"; if (GETPOST('sf_ref')) $sql .= " AND f.facnumber LIKE '%".GETPOST('sf_ref') . "%'"; -$sql.= " GROUP BY f.facnumber,f.increment,f.total,f.total_ttc,f.datef, f.date_lim_reglement,f.paye, f.rowid, f.fk_statut, f.type,s.nom, s.rowid"; +$sql.= " GROUP BY s.nom,s.rowid,f.facnumber, f.increment, f.total, f.tva, f.total_ttc,f.datef, f.date_lim_reglement, f.rowid,f.fk_statut,f.type "; if (! $user->rights->societe->client->voir && ! $socid) $sql .= ", sc.fk_soc, sc.fk_user "; $sql.= " ORDER BY "; $listfield=explode(',',$sortfield); From bc7015a431465522d83ef3b65240915f845bb49b Mon Sep 17 00:00:00 2001 From: fhenry Date: Thu, 25 Apr 2013 12:55:40 +0200 Subject: [PATCH 04/14] fix [ bug #850 ] Dolibarr PGSQL --- htdocs/compta/index.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php index 281c315eec4..15d2e33885c 100644 --- a/htdocs/compta/index.php +++ b/htdocs/compta/index.php @@ -941,7 +941,8 @@ if (! empty($conf->fournisseur->enabled) && $user->rights->fournisseur->facture- $sql.= " AND ff.fk_statut = 1"; if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; if ($socid) $sql.= " AND ff.fk_soc = ".$socid; - $sql.= " GROUP BY ff.rowid, ff.facnumber, ff.fk_statut, ff.libelle, ff.total_ht, ff.total_ttc, s.nom, s.rowid"; + $sql.= " GROUP BY ff.rowid, ff.facnumber, ff.fk_statut, ff.libelle, ff.total_ht, ff.total_ttc, ff.paye,"; + $sql.= " s.nom, s.rowid"; $resql=$db->query($sql); if ($resql) From 2f72bbca5ab19a6e39700207f18f50a7b2efda60 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Thu, 25 Apr 2013 15:47:41 +0200 Subject: [PATCH 05/14] Fix: broken features with multicompany --- htdocs/master.inc.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/htdocs/master.inc.php b/htdocs/master.inc.php index 0dc12c468c8..01e112652b8 100644 --- a/htdocs/master.inc.php +++ b/htdocs/master.inc.php @@ -141,6 +141,10 @@ if (! defined('NOREQUIREDB')) { $conf->entity = DOLENTITY; } + else if (!empty($_COOKIE['DOLENTITY'])) // For other application with MultiCompany module + { + $conf->entity = $_COOKIE['DOLENTITY']; + } else if (! empty($conf->multicompany->force_entity) && is_int($conf->multicompany->force_entity)) // To force entity in login page { $conf->entity = $conf->multicompany->force_entity; From d162a61d41118af12f30df6d80402a52a3d1d65a Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Thu, 25 Apr 2013 15:52:33 +0200 Subject: [PATCH 06/14] Fix: use $conf->entity if defined --- htdocs/main.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 39acc88fd5c..f51cf7b6bd3 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -374,7 +374,7 @@ if (! defined('NOLOGIN')) $usertotest = (! empty($_COOKIE['login_dolibarr']) ? $_COOKIE['login_dolibarr'] : GETPOST("username","alpha",2)); $passwordtotest = (! empty($_COOKIE['password_dolibarr']) ? $_COOKIE['password_dolibarr'] : GETPOST('password')); - $entitytotest = (GETPOST('entity','int') ? GETPOST('entity','int') : 1); + $entitytotest = (GETPOST('entity','int') ? GETPOST('entity','int') : (!empty($conf->entity) ? $conf->entity : 1)); // Validation of login/pass/entity // If ok, the variable login will be returned From 016b4a2baaa24381e437ad9637a3d6619818eae7 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Fri, 26 Apr 2013 12:35:31 +0200 Subject: [PATCH 07/14] Fix: security problem with multicompany --- htdocs/contact/class/contact.class.php | 3 ++- htdocs/contact/exportimport.php | 14 ++++++++------ htdocs/contact/fiche.php | 2 +- htdocs/contact/ldap.php | 12 +++++++----- htdocs/contact/perso.php | 6 ++++-- htdocs/contact/vcard.php | 7 ++++++- 6 files changed, 28 insertions(+), 16 deletions(-) diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 8afb74a029f..e8208fd6df6 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -35,6 +35,7 @@ class Contact extends CommonObject { public $element='contact'; public $table_element='socpeople'; + protected $ismultientitymanaged = 1; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe var $id; var $civilite_id; // In fact we stor civility_code @@ -745,7 +746,7 @@ class Contact extends CommonObject $this->error=$this->db->error().' sql='.$sql; } } - + // Removed extrafields if ((! $error) && (empty($conf->global->MAIN_EXTRAFIELDS_DISABLED))) { // For avoid conflicts if trigger used $result=$this->deleteExtraFields($this); diff --git a/htdocs/contact/exportimport.php b/htdocs/contact/exportimport.php index d1cb013c85f..faed409e96f 100644 --- a/htdocs/contact/exportimport.php +++ b/htdocs/contact/exportimport.php @@ -29,26 +29,28 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/contact.lib.php'; $langs->load("companies"); // Security check -$contactid = isset($_GET["id"])?$_GET["id"]:''; +$id = GETPOST('id', 'int'); if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, 'contact', $contactid, 'socpeople&societe'); +$result = restrictedArea($user, 'contact', $id, 'socpeople&societe'); /* * View */ -llxHeader('',$langs->trans("ContactsAddresses"),'EN:Module_Third_Parties|FR:Module_Tiers|ES:Módulo_Empresas'); +$title = (! empty($conf->global->SOCIETE_ADDRESSES_MANAGEMENT) ? $langs->trans("Contacts") : $langs->trans("ContactsAddresses")); + +llxHeader('',$title,'EN:Module_Third_Parties|FR:Module_Tiers|ES:Módulo_Empresas'); $form = new Form($db); $contact = new Contact($db); -$contact->fetch($_GET["id"], $user); +$contact->fetch($id, $user); $head = contact_prepare_head($contact); -dol_fiche_head($head, 'exportimport', $langs->trans("ContactsAddresses"), 0, 'contact'); +dol_fiche_head($head, 'exportimport', $title, 0, 'contact'); /* @@ -97,7 +99,7 @@ print ''; print '
'; print $langs->trans("ExportCardToFormat").': '; -print ''; +print ''; print img_picto($langs->trans("VCard"),'vcard.png').' '; print $langs->trans("VCard"); print ''; diff --git a/htdocs/contact/fiche.php b/htdocs/contact/fiche.php index 0233c367b07..4392bbbe374 100644 --- a/htdocs/contact/fiche.php +++ b/htdocs/contact/fiche.php @@ -62,7 +62,7 @@ if (! empty($canvas)) } // Security check -$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', '', $objcanvas); // If we create a contact with no company (shared contacts), no check on write permission +$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', $objcanvas); // If we create a contact with no company (shared contacts), no check on write permission // Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array include_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php'; diff --git a/htdocs/contact/ldap.php b/htdocs/contact/ldap.php index 927d8c1c922..a6f913f0743 100644 --- a/htdocs/contact/ldap.php +++ b/htdocs/contact/ldap.php @@ -35,12 +35,12 @@ $langs->load("admin"); $action=GETPOST('action'); // Security check -$contactid = isset($_GET["id"])?$_GET["id"]:''; +$id = GETPOST('id', 'int'); if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, 'contact', $contactid, 'socpeople&societe'); +$result = restrictedArea($user, 'contact', $id, 'socpeople&societe'); $contact = new Contact($db); -$contact->fetch($_GET["id"], $user); +$contact->fetch($id, $user); /* @@ -79,13 +79,15 @@ if ($action == 'dolibarr2ldap') * View */ -llxHeader('',$langs->trans("ContactsAddresses"),'EN:Module_Third_Parties|FR:Module_Tiers|ES:Módulo_Empresas'); +$title = (! empty($conf->global->SOCIETE_ADDRESSES_MANAGEMENT) ? $langs->trans("Contacts") : $langs->trans("ContactsAddresses")); + +llxHeader('',$title,'EN:Module_Third_Parties|FR:Module_Tiers|ES:Módulo_Empresas'); $form = new Form($db); $head = contact_prepare_head($contact); -dol_fiche_head($head, 'ldap', $langs->trans("ContactsAddresses"), 0, 'contact'); +dol_fiche_head($head, 'ldap', $title, 0, 'contact'); print ''; diff --git a/htdocs/contact/perso.php b/htdocs/contact/perso.php index d321e07a258..86462d05fae 100644 --- a/htdocs/contact/perso.php +++ b/htdocs/contact/perso.php @@ -69,7 +69,9 @@ if ($action == 'update' && ! $_POST["cancel"] && $user->rights->societe->contact $now=dol_now(); -llxHeader('',$langs->trans("ContactsAddresses"),'EN:Module_Third_Parties|FR:Module_Tiers|ES:Módulo_Empresas'); +$title = (! empty($conf->global->SOCIETE_ADDRESSES_MANAGEMENT) ? $langs->trans("Contacts") : $langs->trans("ContactsAddresses")); + +llxHeader('',$title,'EN:Module_Third_Parties|FR:Module_Tiers|ES:Módulo_Empresas'); $form = new Form($db); @@ -77,7 +79,7 @@ $object->fetch($id, $user); $head = contact_prepare_head($object); -dol_fiche_head($head, 'perso', $langs->trans("ContactsAddresses"), 0, 'contact'); +dol_fiche_head($head, 'perso', $title, 0, 'contact'); if ($action == 'edit') { diff --git a/htdocs/contact/vcard.php b/htdocs/contact/vcard.php index 0448bb519e0..16c2e1abc22 100644 --- a/htdocs/contact/vcard.php +++ b/htdocs/contact/vcard.php @@ -29,8 +29,13 @@ require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/vcard.class.php'; +$id = GETPOST('id', 'int'); + +// Security check +$result = restrictedArea($user, 'contact', $id, 'socpeople&societe'); + $contact = new Contact($db); -$result=$contact->fetch($_GET["id"]); +$result=$contact->fetch($id); $physicalperson=1; From 9e1487fc6126237b300a6990f5c20c3522c7e270 Mon Sep 17 00:00:00 2001 From: fhenry Date: Fri, 26 Apr 2013 12:44:21 +0200 Subject: [PATCH 08/14] Fix bug Pgsql --- htdocs/fourn/facture/impayees.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/htdocs/fourn/facture/impayees.php b/htdocs/fourn/facture/impayees.php index 467d02e8726..50b6637291c 100644 --- a/htdocs/fourn/facture/impayees.php +++ b/htdocs/fourn/facture/impayees.php @@ -143,8 +143,7 @@ if ($user->rights->fournisseur->facture->lire) { $sql .= " AND f.facnumber LIKE '%".GETPOST('sf_re')."%'"; } - $sql.= " GROUP BY f.facnumber, f.rowid, f.total_ht, f.total_ttc, f.datef, f.date_lim_reglement, f.paye, f.fk_statut, s.rowid, s.nom"; - + $sql.= " GROUP BY s.rowid, s.nom, f.rowid, f.facnumber, f.total_ht, f.total_ttc, f.datef, f.date_lim_reglement,f.paye, f.rowid, f.fk_statut"; $sql.= " ORDER BY "; $listfield=explode(',',$sortfield); foreach ($listfield as $key => $value) $sql.=$listfield[$key]." ".$sortorder.","; From 4ff5922a55dc987f9ab8a5ea7c16be664ec165bf Mon Sep 17 00:00:00 2001 From: fhenry Date: Fri, 26 Apr 2013 12:53:13 +0200 Subject: [PATCH 09/14] Fix pgSQL bug --- htdocs/fourn/facture/impayees.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/fourn/facture/impayees.php b/htdocs/fourn/facture/impayees.php index 50b6637291c..c515307663d 100644 --- a/htdocs/fourn/facture/impayees.php +++ b/htdocs/fourn/facture/impayees.php @@ -144,6 +144,7 @@ if ($user->rights->fournisseur->facture->lire) $sql .= " AND f.facnumber LIKE '%".GETPOST('sf_re')."%'"; } $sql.= " GROUP BY s.rowid, s.nom, f.rowid, f.facnumber, f.total_ht, f.total_ttc, f.datef, f.date_lim_reglement,f.paye, f.rowid, f.fk_statut"; + if (! $user->rights->societe->client->voir && ! $socid) $sql .= ", sc.fk_soc, sc.fk_user "; $sql.= " ORDER BY "; $listfield=explode(',',$sortfield); foreach ($listfield as $key => $value) $sql.=$listfield[$key]." ".$sortorder.","; From b67faf1eb14560da9f66736048d70affcc2f7eae Mon Sep 17 00:00:00 2001 From: fhenry Date: Fri, 26 Apr 2013 13:01:42 +0200 Subject: [PATCH 10/14] Fix PgSQL --- htdocs/compta/facture/impayees.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/facture/impayees.php b/htdocs/compta/facture/impayees.php index 1a8ddd3b6a6..48c0f5c1e9e 100644 --- a/htdocs/compta/facture/impayees.php +++ b/htdocs/compta/facture/impayees.php @@ -227,7 +227,7 @@ if ($search_societe) $sql .= " AND s.nom LIKE '%".$search_societe."%'"; if ($search_montant_ht) $sql .= " AND f.total = '".$search_montant_ht."'"; if ($search_montant_ttc) $sql .= " AND f.total_ttc = '".$search_montant_ttc."'"; if (GETPOST('sf_ref')) $sql .= " AND f.facnumber LIKE '%".GETPOST('sf_ref') . "%'"; -$sql.= " GROUP BY s.nom,s.rowid,f.facnumber, f.increment, f.total, f.tva, f.total_ttc,f.datef, f.date_lim_reglement, f.rowid,f.fk_statut,f.type "; +$sql.= " GROUP BY s.nom, s.rowid, f.facnumber, f.increment, f.total, f.tva, f.total_ttc, f.datef, f.date_lim_reglement, f.paye, f.rowid, f.fk_statut, f.type "; if (! $user->rights->societe->client->voir && ! $socid) $sql .= ", sc.fk_soc, sc.fk_user "; $sql.= " ORDER BY "; $listfield=explode(',',$sortfield); From 36e6269b24b846efdf50c1736260709c16a31187 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Fri, 26 Apr 2013 16:07:35 +0200 Subject: [PATCH 11/14] Fix: big security problem with multicompany --- htdocs/comm/action/class/actioncomm.class.php | 2 +- htdocs/comm/action/document.php | 2 ++ htdocs/comm/action/fiche.php | 2 +- htdocs/comm/action/info.php | 7 +++-- htdocs/core/lib/security.lib.php | 26 ++++++++++++++----- 5 files changed, 28 insertions(+), 11 deletions(-) diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index e39221921b0..dc78424568c 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -35,7 +35,7 @@ class ActionComm extends CommonObject public $element='action'; public $table_element = 'actioncomm'; public $table_rowid = 'id'; - protected $ismultientitymanaged = 2; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe + protected $ismultientitymanaged = 1; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe var $id; var $type_id; diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php index 6a576c580ca..7ad74302655 100755 --- a/htdocs/comm/action/document.php +++ b/htdocs/comm/action/document.php @@ -51,6 +51,8 @@ if ($user->societe_id > 0) $socid = $user->societe_id; } +$result = restrictedArea($user, 'agenda', $objectid, 'actioncomm&societe', 'myactions&allactions', '', 'id'); + $act = new ActionComm($db); if ($objectid > 0) diff --git a/htdocs/comm/action/fiche.php b/htdocs/comm/action/fiche.php index aa2e9a695db..dd52d5d92a2 100644 --- a/htdocs/comm/action/fiche.php +++ b/htdocs/comm/action/fiche.php @@ -53,7 +53,7 @@ $contactid=GETPOST('contactid','int'); $socid = GETPOST('socid','int'); $id = GETPOST('id','int'); if ($user->societe_id) $socid=$user->societe_id; -//$result = restrictedArea($user, 'agenda', $id, 'actioncomm', 'actions', '', 'id'); +$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions&allactions', '', 'id'); $error=GETPOST("error"); $mesg=''; diff --git a/htdocs/comm/action/info.php b/htdocs/comm/action/info.php index 7c775bf78ac..66dc178d4b8 100644 --- a/htdocs/comm/action/info.php +++ b/htdocs/comm/action/info.php @@ -31,6 +31,8 @@ require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; $langs->load("commercial"); +$id = GETPOST('id','int'); + // Security check if ($user->societe_id > 0) { @@ -38,6 +40,7 @@ if ($user->societe_id > 0) $socid = $user->societe_id; } +$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions&allactions', '', 'id'); /* @@ -48,8 +51,8 @@ $help_url='EN:Module_Agenda_En|FR:Module_Agenda|ES:M&omodulodulo_Agenda'; llxHeader('',$langs->trans("Agenda"),$help_url); $act = new ActionComm($db); -$act->fetch($_GET["id"]); -$act->info($_GET["id"]); +$act->fetch($id); +$act->info($act->id); $head=actions_prepare_head($act); dol_fiche_head($head, 'info', $langs->trans("Action"),0,'action'); diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 896291fddef..0c7fdce0c99 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -112,11 +112,14 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature if (method_exists($objcanvas->control,'restrictedArea')) return $objcanvas->control->restrictedArea($user,$features,$objectid,$dbtablename,$feature2,$dbt_keyfield,$dbt_select); } - if ($dbt_select != 'rowid') $objectid = "'".$objectid."'"; + if ($dbt_select != 'rowid' && $dbt_select != 'id') $objectid = "'".$objectid."'"; // More features to check $features = explode("&", $features); + // More subfeatures to check + $feature2 = explode("&", $feature2); + // More parameters $params = explode('&', $dbtablename); $dbtablename=(! empty($params[0]) ? $params[0] : ''); @@ -164,8 +167,11 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature } else if (! empty($feature2)) // This should be used for future changes { - if (empty($user->rights->$feature->$feature2->lire) - && empty($user->rights->$feature->$feature2->read)) $readok=0; + foreach($feature2 as $subfeature) + { + if (empty($user->rights->$feature->$subfeature->lire) && empty($user->rights->$feature->$subfeature->read)) $readok=0; + else $readok=1; + } } else if (! empty($feature) && ($feature!='user' && $feature!='usergroup')) // This is for old permissions { @@ -210,8 +216,11 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature } else if (! empty($feature2)) // This should be used for future changes { - if (empty($user->rights->$feature->$feature2->creer) - && empty($user->rights->$feature->$feature2->write)) $createok=0; + foreach($feature2 as $subfeature) + { + if (empty($user->rights->$feature->$subfeature->creer) && empty($user->rights->$feature->$subfeature->write)) $createok=0; + else $createok=1; + } } else if (! empty($feature)) // This is for old permissions { @@ -271,8 +280,11 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature } else if (! empty($feature2)) // This should be used for future changes { - if (empty($user->rights->$feature->$feature2->supprimer) - && empty($user->rights->$feature->$feature2->delete)) $deleteok=0; + foreach($feature2 as $subfeature) + { + if (empty($user->rights->$feature->$subfeature->supprimer) && empty($user->rights->$feature->$subfeature->delete)) $deleteok=0; + else $deleteok=1; + } } else if (! empty($feature)) // This is for old permissions { From c969d17e48af89e58850e1abc954153525bec5b9 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Fri, 26 Apr 2013 16:21:48 +0200 Subject: [PATCH 12/14] Fix: avoid error --- htdocs/core/lib/security.lib.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 0c7fdce0c99..8998886aa98 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -118,7 +118,8 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature $features = explode("&", $features); // More subfeatures to check - $feature2 = explode("&", $feature2); + if (!empty($feature2)) + $feature2 = explode("&", $feature2); // More parameters $params = explode('&', $dbtablename); From c0a3271d7618463a69af7f1adccbefabf7f35039 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Fri, 26 Apr 2013 16:28:54 +0200 Subject: [PATCH 13/14] Fix: bypass the second test if the first is ok --- htdocs/core/lib/security.lib.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 8998886aa98..b4ddaf160e4 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -171,7 +171,7 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature foreach($feature2 as $subfeature) { if (empty($user->rights->$feature->$subfeature->lire) && empty($user->rights->$feature->$subfeature->read)) $readok=0; - else $readok=1; + else { $readok=1; break; } // For bypass the second test if the first is ok } } else if (! empty($feature) && ($feature!='user' && $feature!='usergroup')) // This is for old permissions @@ -220,7 +220,7 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature foreach($feature2 as $subfeature) { if (empty($user->rights->$feature->$subfeature->creer) && empty($user->rights->$feature->$subfeature->write)) $createok=0; - else $createok=1; + else { $createok=1; break; } // For bypass the second test if the first is ok } } else if (! empty($feature)) // This is for old permissions @@ -284,7 +284,7 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature foreach($feature2 as $subfeature) { if (empty($user->rights->$feature->$subfeature->supprimer) && empty($user->rights->$feature->$subfeature->delete)) $deleteok=0; - else $deleteok=1; + else { $deleteok=1; break; } // For bypass the second test if the first is ok } } else if (! empty($feature)) // This is for old permissions From 652e0c1b5f5c921909b396605f7c45cce9d1b586 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a?= Date: Fri, 26 Apr 2013 17:19:14 +0200 Subject: [PATCH 14/14] Corrected translation key --- htdocs/holiday/class/holiday.class.php | 128 ++++++++++++------------- 1 file changed, 64 insertions(+), 64 deletions(-) diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index 924d6eb1c4e..b5e3fc4f393 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -38,7 +38,7 @@ class Holiday extends CommonObject var $errors=array(); var $rowid; - var $ref; + var $ref; var $fk_user; var $date_create=''; @@ -82,12 +82,12 @@ class Holiday extends CommonObject */ function updateSold() { - // Mets à jour les congés payés en début de mois - $this->updateSoldeCP(); - - // Vérifie le nombre d'utilisateur et mets à jour si besoin - $this->verifNbUsers($this->countActiveUsers(),$this->getConfCP('nbUser')); - return 1; + // Mets à jour les congés payés en début de mois + $this->updateSoldeCP(); + + // Vérifie le nombre d'utilisateur et mets à jour si besoin + $this->verifNbUsers($this->countActiveUsers(),$this->getConfCP('nbUser')); + return 1; } /** @@ -364,11 +364,11 @@ class Holiday extends CommonObject $sql.= " cp.fk_user_cancel,"; $sql.= " cp.detail_refuse,"; - $sql.= " uu.name as user_lastname,"; - $sql.= " uu.firstname as user_firstname,"; + $sql.= " uu.name as user_lastname,"; + $sql.= " uu.firstname as user_firstname,"; - $sql.= " ua.name as validator_lastname,"; - $sql.= " ua.firstname as validator_firstname"; + $sql.= " ua.name as validator_lastname,"; + $sql.= " ua.firstname as validator_firstname"; $sql.= " FROM ".MAIN_DB_PREFIX."holiday as cp, ".MAIN_DB_PREFIX."user as uu, ".MAIN_DB_PREFIX."user as ua"; $sql.= " WHERE cp.fk_user = uu.rowid AND cp.fk_validator = ua.rowid "; // Hack pour la recherche sur le tableau @@ -469,7 +469,7 @@ class Holiday extends CommonObject } else { $error++; } - $sql.= " halfday = ".$this->halfday.","; + $sql.= " halfday = ".$this->halfday.","; if(!empty($this->statut) && is_numeric($this->statut)) { $sql.= " statut = '".$this->statut."',"; } else { @@ -611,8 +611,8 @@ class Holiday extends CommonObject foreach($this->holiday as $infos_CP) { - if ($infos_CP['statut'] == 4) continue; // ignore not validated holidays - if ($infos_CP['statut'] == 5) continue; // ignore not validated holidays + if ($infos_CP['statut'] == 4) continue; // ignore not validated holidays + if ($infos_CP['statut'] == 5) continue; // ignore not validated holidays // TODO Also use halfday for the check if ($dateDebut >= $infos_CP['date_debut'] && $dateDebut <= $infos_CP['date_fin'] || $dateFin <= $infos_CP['date_fin'] && $dateFin >= $infos_CP['date_debut']) @@ -626,42 +626,42 @@ class Holiday extends CommonObject } - /** - * Return clicable name (with picto eventually) - * - * @param int $withpicto 0=_No picto, 1=Includes the picto in the linkn, 2=Picto only - * @return string String with URL - */ - function getNomUrl($withpicto=0) - { - global $langs; - - $result=''; - - $lien = ''; - $lienfin=''; - - $picto='holiday'; - - $label=$langs->trans("Show").': '.$this->ref; - - if ($withpicto) $result.=($lien.img_object($label,$picto).$lienfin); - if ($withpicto && $withpicto != 2) $result.=' '; - if ($withpicto != 2) $result.=$lien.$this->ref.$lienfin; - return $result; + /** + * Return clicable name (with picto eventually) + * + * @param int $withpicto 0=_No picto, 1=Includes the picto in the linkn, 2=Picto only + * @return string String with URL + */ + function getNomUrl($withpicto=0) + { + global $langs; + + $result=''; + + $lien = ''; + $lienfin=''; + + $picto='holiday'; + + $label=$langs->trans("Show").': '.$this->ref; + + if ($withpicto) $result.=($lien.img_object($label,$picto).$lienfin); + if ($withpicto && $withpicto != 2) $result.=' '; + if ($withpicto != 2) $result.=$lien.$this->ref.$lienfin; + return $result; } - /** - * Returns the label status - * - * @param int $mode 0=long label, 1=short label, 2=Picto + short label, 3=Picto, 4=Picto + long label, 5=Short label + Picto - * @return string Label - */ - function getLibStatut($mode=0) - { - return $this->LibStatut($this->statut, $mode, $this->date_debut); - } + /** + * Returns the label status + * + * @param int $mode 0=long label, 1=short label, 2=Picto + short label, 3=Picto, 4=Picto + long label, 5=Short label + Picto + * @return string Label + */ + function getLibStatut($mode=0) + { + return $this->LibStatut($this->statut, $mode, $this->date_debut); + } /** * Returns the label of a statut @@ -683,26 +683,26 @@ class Holiday extends CommonObject if ($statut == 4) return $langs->trans('CancelCP'); if ($statut == 5) return $langs->trans('RefuseCP'); } - if ($mode == 2) - { + if ($mode == 2) + { $pictoapproved='statut6'; if (! empty($startdate) && $startdate > dol_now()) $pictoapproved='statut4'; - if ($statut == 1) return img_picto($langs->trans('DraftCP'),'statut0').' '.$langs->trans('DraftCP'); // Draft - if ($statut == 2) return img_picto($langs->trans('ToValidateCP'),'statut1').' '.$langs->trans('ToValidateCP'); // Waiting approval - if ($statut == 3) return img_picto($langs->trans('ValidateCP'),$pictoapproved).' '.$langs->trans('ValidateCP'); - if ($statut == 4) return img_picto($langs->trans('CancelCP'),'statut5').' '.$langs->trans('CancelCP'); - if ($statut == 5) return img_picto($langs->trans('RefuseCP'),'statut5').' '.$langs->trans('RefuseCP'); - } - if ($mode == 5) + if ($statut == 1) return img_picto($langs->trans('DraftCP'),'statut0').' '.$langs->trans('DraftCP'); // Draft + if ($statut == 2) return img_picto($langs->trans('ToValidateCP'),'statut1').' '.$langs->trans('ToValidateCP'); // Waiting approval + if ($statut == 3) return img_picto($langs->trans('ValidateCP'),$pictoapproved).' '.$langs->trans('ValidateCP'); + if ($statut == 4) return img_picto($langs->trans('CancelCP'),'statut5').' '.$langs->trans('CancelCP'); + if ($statut == 5) return img_picto($langs->trans('RefuseCP'),'statut5').' '.$langs->trans('RefuseCP'); + } + if ($mode == 5) { - $pictoapproved='statut6'; + $pictoapproved='statut6'; if (! empty($startdate) && $startdate > dol_now()) $pictoapproved='statut4'; - if ($statut == 1) return $langs->trans('DraftCP').' '.img_picto($langs->trans('DraftCP'),'statut0'); // Draft - if ($statut == 2) return $langs->trans('ToValidateCP').' '.img_picto($langs->trans('ToValidateCP'),'statut1'); // Waiting approval - if ($statut == 3) return $langs->trans('ValidateCP').' '.img_picto($langs->trans('ValidateCP'),$pictoapproved); - if ($statut == 4) return $langs->trans('CancelCP').' '.img_picto($langs->trans('CancelCP'),'statut5'); - if ($statut == 5) return $langs->trans('RefuseCP').' '.img_picto($langs->trans('RefuseCP'),'statut5'); - } + if ($statut == 1) return $langs->trans('DraftCP').' '.img_picto($langs->trans('DraftCP'),'statut0'); // Draft + if ($statut == 2) return $langs->trans('ToValidateCP').' '.img_picto($langs->trans('ToValidateCP'),'statut1'); // Waiting approval + if ($statut == 3) return $langs->trans('ValidateCP').' '.img_picto($langs->trans('ValidateCP'),$pictoapproved); + if ($statut == 4) return $langs->trans('CancelCP').' '.img_picto($langs->trans('CancelCP'),'statut5'); + if ($statut == 5) return $langs->trans('RefuseCP').' '.img_picto($langs->trans('RefuseCP'),'statut5'); + } return $statut; } @@ -897,7 +897,7 @@ class Holiday extends CommonObject $new_solde = $now_holiday + $this->getConfCP('nbHolidayEveryMonth'); // On ajoute la modification dans le LOG - $this->addLogCP($user->id,$users[$i]['rowid'], $langs->trans('Event').': '.$langs->trans('HolidaysMonthlyAssignment'),$new_solde); + $this->addLogCP($user->id,$users[$i]['rowid'], $langs->trans('Event').': '.$langs->trans('HolidaysMonthlyUpdate'),$new_solde); $i++; }