diff --git a/COPYRIGHT b/COPYRIGHT index c38873a2f07..534770f0f75 100644 --- a/COPYRIGHT +++ b/COPYRIGHT @@ -16,6 +16,7 @@ AdoDb-Date 0.33 Modified BSD License Yes ChromePHP 4.1.0 Apache Software License 2.0 Yes Return server log to chrome browser console CKEditor 4.3.3 LGPL-2.1+ Yes Editor WYSIWYG EvalMath 1.0 BSD Yes Safe math expressions evaluation +FirePHPCore 0.4.0 MIT License Yes Send logs to Firefox Firebug console FPDI 1.5.2 Apache Software License 2.0 Yes PDF templates management GeoIP 1.4 LGPL-2.1+ Yes Sample code to make geoip convert (not into deb package) Mobiledetect 2.8.3 MIT License Yes Detect mobile devices browsers diff --git a/composer.json b/composer.json index cddc166bb42..80e55b6a221 100644 --- a/composer.json +++ b/composer.json @@ -21,7 +21,8 @@ "phpoffice/phpexcel": "1.8.0", "restler/framework": "^3.0", "tecnick.com/tcpdf": "6.2.6", - "raven/raven": "^0.12.0" + "raven/raven": "^0.12.0", + "firephp/firephp-core": "^0.4.0" }, "suggest": { "ext-mysqlnd": "To use with MySQL or MariaDB", diff --git a/composer.lock b/composer.lock index 81c767d5e9b..f178ec4f419 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "hash": "2ab34d0ff69b48500c20621330c1bfd7", + "hash": "f441e6348ae7862942693cab10810418", "packages": [ { "name": "ccampbell/chromephp", @@ -90,6 +90,42 @@ ], "time": "2014-02-26 15:34:37" }, + { + "name": "firephp/firephp-core", + "version": "v0.4.0", + "source": { + "type": "git", + "url": "https://github.com/firephp/firephp-core.git", + "reference": "fabad0f2503f9577fe8dd2cb1d1c7cd73ed2aacf" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/firephp/firephp-core/zipball/fabad0f2503f9577fe8dd2cb1d1c7cd73ed2aacf", + "reference": "fabad0f2503f9577fe8dd2cb1d1c7cd73ed2aacf", + "shasum": "" + }, + "type": "library", + "autoload": { + "classmap": [ + "lib/FirePHPCore/FirePHP.class.php", + "lib/FirePHPCore/fb.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Christoph Dorn", + "email": "christoph@christophdorn.com", + "homepage": "http://christophdorn.com" + } + ], + "description": "Traditional FirePHPCore library for sending PHP variables to the browser.", + "homepage": "https://github.com/firephp/firephp-core", + "time": "2013-04-23 15:28:20" + }, { "name": "mobiledetect/mobiledetectlib", "version": "2.8.3", diff --git a/htdocs/comm/askpricesupplier/class/askpricesupplier.class.php b/htdocs/comm/askpricesupplier/class/askpricesupplier.class.php index 2854a0a0d4b..bee62cb384d 100644 --- a/htdocs/comm/askpricesupplier/class/askpricesupplier.class.php +++ b/htdocs/comm/askpricesupplier/class/askpricesupplier.class.php @@ -757,8 +757,8 @@ class AskPriceSupplier extends CommonObject $sql.= $this->socid; $sql.= ", 0"; $sql.= ", ".$this->remise; - $sql.= ", ".($this->remise_percent?$this->remise_percent:'null'); - $sql.= ", ".($this->remise_absolue?$this->remise_absolue:'null'); + $sql.= ", ".($this->remise_percent?$this->db->escape($this->remise_percent):'null'); + $sql.= ", ".($this->remise_absolue?$this->db->escape($this->remise_absolue):'null'); $sql.= ", 0"; $sql.= ", 0"; $sql.= ", '".$this->db->idate($now)."'"; @@ -766,7 +766,7 @@ class AskPriceSupplier extends CommonObject $sql.= ", ".($user->id > 0 ? "'".$user->id."'":"null"); $sql.= ", '".$this->db->escape($this->note_private)."'"; $sql.= ", '".$this->db->escape($this->note_public)."'"; - $sql.= ", '".$this->modelpdf."'"; + $sql.= ", '".$this->db->escape($this->modelpdf)."'"; $sql.= ", ".$this->cond_reglement_id; $sql.= ", ".$this->mode_reglement_id; $sql.= ", ".($this->fk_account>0?$this->fk_account:'NULL'); diff --git a/htdocs/comm/list.php b/htdocs/comm/list.php index 126ffc5f470..9752abd31cb 100644 --- a/htdocs/comm/list.php +++ b/htdocs/comm/list.php @@ -3,7 +3,7 @@ * Copyright (C) 2004-2011 Laurent Destailleur * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2013 Cédric Salvador - * Copyright (C) 2013 Florian Henry + * Copyright (C) 2013-2015 Florian Henry * Copyright (C) 2015 Jean-François Ferry * Copyright (C) 2015 Marcos García * @@ -29,6 +29,8 @@ require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; $langs->load("companies"); $langs->load("customers"); @@ -50,12 +52,14 @@ $pagenext = $page + 1; if (! $sortorder) $sortorder="ASC"; if (! $sortfield) $sortfield="s.nom"; -$search_company=GETPOST("search_company"); -$search_zipcode=GETPOST("search_zipcode"); -$search_town=GETPOST("search_town"); -$search_code=GETPOST("search_code"); -$search_compta=GETPOST("search_compta"); -$search_status= GETPOST("search_status",'int'); +$search_company = GETPOST("search_company"); +$search_zipcode = GETPOST("search_zipcode"); +$search_town = GETPOST("search_town"); +$search_code = GETPOST("search_code"); +$search_compta = GETPOST("search_compta"); +$search_status = GETPOST("search_status",'int'); +$search_country = GETPOST("search_country",'int'); +$search_type_thirdparty = GETPOST("search_type_thirdparty",'int'); // Load sale and categ filters $search_sale = GETPOST("search_sale",'int'); @@ -89,6 +93,8 @@ if (GETPOST("button_removefilter_x") || GETPOST("button_removefilter")) // Both $search_code=''; $search_compta=''; $search_status=''; + $search_country=""; + $search_type_thirdparty=''; } if ($search_status=='') $search_status=1; // always display activ customer first @@ -101,12 +107,15 @@ if ($search_status=='') $search_status=1; // always display activ customer first $formother=new FormOther($db); $form = new Form($db); $thirdpartystatic=new Societe($db); +$formcompany=new FormCompany($db); $help_url='EN:Module_Third_Parties|FR:Module_Tiers|ES:Empresas'; llxHeader('',$langs->trans("ThirdParty"),$help_url); $sql = "SELECT s.rowid, s.nom as name, s.name_alias, s.client, s.zip, s.town, st.libelle as stcomm, s.prefix_comm, s.code_client, s.code_compta, s.status as status,"; $sql.= " s.datec, s.canvas"; +$sql.= ",s.fk_pays"; +$sql.= ",typent.code as typent_code"; if ((!$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) // Add fields for extrafields foreach ($extrafields->attribute_list as $key => $val) $sql.=",ef.".$key.' as options_'.$key; @@ -116,12 +125,14 @@ $reshook=$hookmanager->executeHooks('printFieldListSelect',$parameters); // N $sql.=$hookmanager->resPrint; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; if (! empty($search_categ) || ! empty($catid)) $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX."categorie_societe as cs ON s.rowid = cs.fk_soc"; // We need this table joined to the select in order to filter by categ -if ((!$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale +$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as country on (country.rowid = s.fk_pays) "; +$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_typent as typent on (typent.id = s.fk_typent) "; +if ((!$user->rights->societe->client->voir && !$socid) || $search_sale) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale $sql.= ", ".MAIN_DB_PREFIX."c_stcomm as st"; $sql.= " WHERE s.fk_stcomm = st.id"; $sql.= " AND s.client IN (1, 3)"; $sql.= ' AND s.entity IN ('.getEntity('societe', 1).')'; -if ((!$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc"; +if ((!$user->rights->societe->client->voir && !$socid) || $search_sale) $sql.= " AND s.rowid = sc.fk_soc"; if ($socid) $sql.= " AND s.rowid = ".$socid; if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale if ($catid > 0) $sql.= " AND cs.fk_categorie = ".$catid; @@ -134,6 +145,8 @@ if ($search_town) $sql.= natural_search('s.town', $search_town); if ($search_code) $sql.= natural_search("s.code_client", $search_code); if ($search_compta) $sql.= natural_search("s.code_compta", $search_compta); if ($search_status!='') $sql.= " AND s.status = ".$db->escape($search_status); +if ($search_country) $sql .= " AND s.fk_pays IN (".$search_country.')'; +if ($search_type_thirdparty) $sql .= " AND s.fk_typent IN (".$search_type_thirdparty.')'; if ($search_sale > 0) $sql.= " AND sc.fk_user = ".$search_sale; // Add where from hooks $parameters=array(); @@ -157,10 +170,15 @@ if ($result) { $num = $db->num_rows($result); - $param = "&search_company=".$search_company."&search_code=".$search_code."&search_zipcode=".$search_zipcode."&search_town=".$search_town; - if ($search_categ != '') $param.='&search_categ='.$search_categ; - if ($search_sale > 0) $param.='&search_sale='.$search_sale; - if ($search_status != '') $param.='&search_status='.$search_status; + $param = "&search_company=".htmlspecialchars($search_company); + $param.="&search_code=".htmlspecialchars($search_code); + $param.="&search_zipcode=".htmlspecialchars($search_zipcode); + $param.="&search_town=".htmlspecialchars($search_town); + if ($search_categ != '') $param.='&search_categ='.htmlspecialchars($search_categ); + if ($search_sale > 0) $param.='&search_sale='.htmlspecialchars($search_sale); + if ($search_status != '') $param.='&search_status='.htmlspecialchars($search_status); + if ($search_country != '') $param.='&search_country='.htmlspecialchars($search_country); + if ($search_type_thirdparty != '') $param.='&search_type_thirdparty='.htmlspecialchars($search_type_thirdparty); print_barre_liste($langs->trans("ListOfCustomers"), $page, $_SERVER["PHP_SELF"],$param,$sortfield,$sortorder,'',$num,$nbtotalofrecords,'title_companies.png'); @@ -198,6 +216,8 @@ if ($result) print_liste_field_titre($langs->trans("Company"),$_SERVER["PHP_SELF"],"s.nom","",$param,"",$sortfield,$sortorder); print_liste_field_titre($langs->trans("Zip"),$_SERVER["PHP_SELF"],"s.zip","",$param,"",$sortfield,$sortorder); print_liste_field_titre($langs->trans("Town"),$_SERVER["PHP_SELF"],"s.town","",$param,"",$sortfield,$sortorder); + print_liste_field_titre($langs->trans("Country"),$_SERVER["PHP_SELF"],"country.code_iso","",$param,'align="center"',$sortfield,$sortorder); + print_liste_field_titre($langs->trans("ThirdPartyType"),$_SERVER["PHP_SELF"],"typent.code","",$param,'align="center"',$sortfield,$sortorder); print_liste_field_titre($langs->trans("CustomerCode"),$_SERVER["PHP_SELF"],"s.code_client","",$param,"",$sortfield,$sortorder); print_liste_field_titre($langs->trans("AccountancyCode"),$_SERVER["PHP_SELF"],"s.code_compta","",$param,'align="left"',$sortfield,$sortorder); print_liste_field_titre($langs->trans("DateCreation"),$_SERVER["PHP_SELF"],"datec","",$param,'align="right"',$sortfield,$sortorder); @@ -222,6 +242,14 @@ if ($result) print ''; print ''; + print ''; + print $form->select_country($search_country,'search_country'); + print ''; + + print ''; + print $form->selectarray("search_type_thirdparty", $formcompany->typent_array(0), $search_type_thirdparty, 0, 0, 0, '', 0, 0, 0, (empty($conf->global->SOCIETE_SORT_ON_TYPEENT)?'ASC':$conf->global->SOCIETE_SORT_ON_TYPEENT)); + print ''; + print ''; print ''; print ''; @@ -270,6 +298,16 @@ if ($result) print ''; print ''.$obj->zip.''; print ''.$obj->town.''; + //Country + print ''; + $tmparray=getCountry($obj->fk_pays,'all'); + print $tmparray['label']; + print ''; + //Type ent + print ''; + if (count($typenArray)==0) $typenArray = $formcompany->typent_array(1); + print $typenArray[$obj->typent_code]; + print ''; print ''.$obj->code_client.''; print ''.$obj->code_compta.''; print ''.dol_print_date($db->jdate($obj->datec),'day').''; diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 77c4e5c6f76..421b2506e73 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -858,8 +858,8 @@ class Propal extends CommonObject $sql.= $this->socid; $sql.= ", 0"; $sql.= ", ".$this->remise; - $sql.= ", ".($this->remise_percent?$this->remise_percent:'null'); - $sql.= ", ".($this->remise_absolue?$this->remise_absolue:'null'); + $sql.= ", ".($this->remise_percent?$this->db->escape($this->remise_percent):'null'); + $sql.= ", ".($this->remise_absolue?$this->db->escape($this->remise_absolue):'null'); $sql.= ", 0"; $sql.= ", 0"; $sql.= ", '".$this->db->idate($this->date)."'"; @@ -868,7 +868,7 @@ class Propal extends CommonObject $sql.= ", ".($user->id > 0 ? "'".$user->id."'":"null"); $sql.= ", '".$this->db->escape($this->note_private)."'"; $sql.= ", '".$this->db->escape($this->note_public)."'"; - $sql.= ", '".$this->modelpdf."'"; + $sql.= ", '".$this->db->escape($this->modelpdf)."'"; $sql.= ", ".($this->fin_validite!=''?"'".$this->db->idate($this->fin_validite)."'":"null"); $sql.= ", ".$this->cond_reglement_id; $sql.= ", ".$this->mode_reglement_id; diff --git a/htdocs/comm/prospect/list.php b/htdocs/comm/prospect/list.php index 5d795775eb4..b7a48331dd9 100644 --- a/htdocs/comm/prospect/list.php +++ b/htdocs/comm/prospect/list.php @@ -3,7 +3,7 @@ * Copyright (C) 2004-2015 Laurent Destailleur * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2011 Philippe Grand - * Copyright (C) 2013 Florian Henry + * Copyright (C) 2013-2015 Florian Henry * Copyright (C) 2013 Cédric Salvador * Copyright (C) 2015 Jean-François Ferry * Copyright (C) 2015 Raphaël Doursenaud @@ -32,6 +32,8 @@ require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/societe/class/client.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; $langs->load("propal"); $langs->load("companies"); @@ -53,6 +55,8 @@ $search_datec = GETPOST("search_datec"); $search_categ = GETPOST("search_categ",'int'); $search_status = GETPOST("search_status",'int'); $catid = GETPOST("catid",'int'); +$search_country = GETPOST("search_country",'int'); +$search_type_thirdparty = GETPOST("search_type_thirdparty",'int'); $sortfield = GETPOST("sortfield",'alpha'); $sortorder = GETPOST("sortorder",'alpha'); @@ -175,6 +179,8 @@ if (GETPOST("button_removefilter_x") || GETPOST("button_removefilter")) // Both $search_datec=""; $search_categ=""; $search_status=""; + $search_country=""; + $search_type_thirdparty=""; $search_array_options=array(); } @@ -211,6 +217,7 @@ if (empty($reshook)) $formother=new FormOther($db); $form=new Form($db); +$formcompany=new FormCompany($db); $prospectstatic=new Client($db); $prospectstatic->client=2; $prospectstatic->loadCacheOfProspStatus(); @@ -219,6 +226,8 @@ $sql = "SELECT s.rowid as socid, s.nom as name, s.name_alias, s.zip, s.town, s.d $sql.= " s.prefix_comm, s.fk_prospectlevel, s.fk_stcomm as stcomm_id,"; $sql.= " st.libelle as stcomm_label,"; $sql.= " d.nom as departement"; +$sql.= " ,s.fk_pays"; +$sql.= " ,typent.code as typent_code"; if ((!$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) // Add fields for extrafields if (is_array($extrafields->attribute_list) && count($extrafields->attribute_list)) foreach ($extrafields->attribute_list as $key => $val) $sql.=",ef.".$key.' as options_'.$key; @@ -230,6 +239,8 @@ $sql .= " FROM ".MAIN_DB_PREFIX."c_stcomm as st"; $sql.= ", ".MAIN_DB_PREFIX."societe as s"; if (is_array($extrafields->attribute_list) && count($extrafields->attribute_list)) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_extrafields as ef on (s.rowid = ef.fk_object)"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_departements as d on (d.rowid = s.fk_departement)"; +$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as country on (country.rowid = s.fk_pays) "; +$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_typent as typent on (typent.id = s.fk_typent) "; if (! empty($search_categ) || ! empty($catid)) $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX."categorie_societe as cs ON s.rowid = cs.fk_soc"; // We need this table joined to the select in order to filter by categ if ((!$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale $sql.= " WHERE s.fk_stcomm = st.id"; @@ -250,6 +261,8 @@ if ($search_datec) $sql .= " AND s.datec LIKE '%".$db->escape($search_datec)." if ($search_status!='') $sql .= " AND s.status = ".$db->escape($search_status); // Insert levels filters if ($search_levels) $sql .= " AND s.fk_prospectlevel IN (".$search_levels.')'; +if ($search_country) $sql .= " AND s.fk_pays IN (".$search_country.')'; +if ($search_type_thirdparty) $sql .= " AND s.fk_typent IN (".$search_type_thirdparty.')'; // Insert sale filter if ($search_sale > 0) $sql .= " AND sc.fk_user = ".$db->escape($search_sale); if ($socname) @@ -304,7 +317,10 @@ if ($resql) llxHeader('',$langs->trans("ThirdParty"),$help_url); } - $param='&search_stcomm='.$search_stcomm.'&search_nom='.urlencode($search_nom).'&search_zipcode='.urlencode($search_zipcode).'&search_town='.urlencode($search_town); + $param='&search_stcomm='.$search_stcomm; + $param.='&search_nom='.urlencode($search_nom); + $param.='&search_zipcode='.urlencode($search_zipcode); + $param.='&search_town='.urlencode($search_town); // Store the status filter in the URL if (isSet($search_setstcomm)) { @@ -321,6 +337,8 @@ if ($resql) if ($search_categ != '') $param.='&search_categ='.urlencode($search_categ); if ($search_sale > 0) $param.='&search_sale='.$search_sale; if ($search_status != '') $param.='&search_status='.$search_status; + if ($search_country != '') $param.='&search_country='.$search_country; + if ($search_type_thirdparty != '') $param.='&search_type_thirdparty='.$search_type_thirdparty; foreach ($search_array_options as $key => $val) { $crit=$val; @@ -368,6 +386,8 @@ if ($resql) print_liste_field_titre($langs->trans("Zip"),$_SERVER["PHP_SELF"],"s.zip","",$param,"",$sortfield,$sortorder); print_liste_field_titre($langs->trans("Town"),$_SERVER["PHP_SELF"],"s.town","",$param,"",$sortfield,$sortorder); print_liste_field_titre($langs->trans("State"),$_SERVER["PHP_SELF"],"s.fk_departement","",$param,'align="center"',$sortfield,$sortorder); + print_liste_field_titre($langs->trans("Country"),$_SERVER["PHP_SELF"],"country.code_iso","",$param,'align="center"',$sortfield,$sortorder); + print_liste_field_titre($langs->trans("ThirdPartyType"),$_SERVER["PHP_SELF"],"typent.code","",$param,'align="center"',$sortfield,$sortorder); print_liste_field_titre($langs->trans("DateCreation"),$_SERVER["PHP_SELF"],"s.datec","",$param,'align="center"',$sortfield,$sortorder); print_liste_field_titre($langs->trans("ProspectLevelShort"),$_SERVER["PHP_SELF"],"s.fk_prospectlevel","",$param,'align="center"',$sortfield,$sortorder); print_liste_field_titre($langs->trans("StatusProsp"),$_SERVER["PHP_SELF"],"s.fk_stcomm","",$param,'align="center"',$sortfield,$sortorder); @@ -406,6 +426,12 @@ if ($resql) print ''; print ''; print ''; + print ''; + print $form->select_country($search_country,'search_country'); + print ''; + print ''; + print $form->selectarray("search_type_thirdparty", $formcompany->typent_array(0), $search_type_thirdparty, 0, 0, 0, '', 0, 0, 0, (empty($conf->global->SOCIETE_SORT_ON_TYPEENT)?'ASC':$conf->global->SOCIETE_SORT_ON_TYPEENT)); + print ''; print ''; print ''; print ''; @@ -502,6 +528,16 @@ if ($resql) print "".$obj->zip.""; print "".$obj->town.""; print ''.$obj->departement.''; + //Country + print ''; + $tmparray=getCountry($obj->fk_pays,'all'); + print $tmparray['label']; + print ''; + //Type ent + print ''; + if (count($typenArray)==0) $typenArray = $formcompany->typent_array(1); + print $typenArray[$obj->typent_code]; + print ''; // Creation date print ''.dol_print_date($db->jdate($obj->datec)).''; // Level diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index d6d93c17bd8..32fe2d52726 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -745,13 +745,13 @@ class Commande extends CommonOrder $sql.= " VALUES ('(PROV)',".$this->socid.", '".$this->db->idate($now)."', ".$user->id; $sql.= ", ".($this->fk_project>0?$this->fk_project:"null"); $sql.= ", '".$this->db->idate($date)."'"; - $sql.= ", ".($this->source>=0 && $this->source != '' ?$this->source:'null'); + $sql.= ", ".($this->source>=0 && $this->source != '' ?$this->db->escape($this->source):'null'); $sql.= ", '".$this->db->escape($this->note_private)."'"; $sql.= ", '".$this->db->escape($this->note_public)."'"; $sql.= ", ".($this->ref_ext?"'".$this->db->escape($this->ref_ext)."'":"null"); $sql.= ", ".($this->ref_client?"'".$this->db->escape($this->ref_client)."'":"null"); $sql.= ", ".($this->ref_int?"'".$this->db->escape($this->ref_int)."'":"null"); - $sql.= ", '".$this->modelpdf."'"; + $sql.= ", '".$this->db->escape($this->modelpdf)."'"; $sql.= ", ".($this->cond_reglement_id>0?"'".$this->cond_reglement_id."'":"null"); $sql.= ", ".($this->mode_reglement_id>0?"'".$this->mode_reglement_id."'":"null"); $sql.= ", ".($this->fk_account>0?$this->fk_account:'NULL'); @@ -760,8 +760,8 @@ class Commande extends CommonOrder $sql.= ", ".($this->date_livraison?"'".$this->db->idate($this->date_livraison)."'":"null"); $sql.= ", ".($this->fk_delivery_address>0?$this->fk_delivery_address:'NULL'); $sql.= ", ".($this->shipping_method_id>0?$this->shipping_method_id:'NULL'); - $sql.= ", ".($this->remise_absolue>0?$this->remise_absolue:'NULL'); - $sql.= ", ".($this->remise_percent>0?$this->remise_percent:0); + $sql.= ", ".($this->remise_absolue>0?$this->db->escape($this->remise_absolue):'NULL'); + $sql.= ", ".($this->remise_percent>0?$this->db->escape($this->remise_percent):0); $sql.= ", ".(int) $this->fk_incoterms; $sql.= ", '".$this->db->escape($this->location_incoterms)."'"; $sql.= ", ".$conf->entity; diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 98afb750fd6..73da2cfce2f 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -332,7 +332,7 @@ class Facture extends CommonInvoice $sql.= "'(PROV)'"; $sql.= ", ".$conf->entity; $sql.= ", ".($this->ref_ext?"'".$this->db->escape($this->ref_ext)."'":"null"); - $sql.= ", '".$this->type."'"; + $sql.= ", '".$this->db->escape($this->type)."'"; $sql.= ", '".$socid."'"; $sql.= ", '".$this->db->idate($now)."'"; $sql.= ", ".($this->remise_absolue>0?$this->remise_absolue:'NULL'); @@ -348,7 +348,7 @@ class Facture extends CommonInvoice $sql.= ", ".($this->fk_project?$this->fk_project:"null"); $sql.= ", ".$this->cond_reglement_id; $sql.= ", ".$this->mode_reglement_id; - $sql.= ", '".$this->db->idate($datelim)."', '".$this->modelpdf."'"; + $sql.= ", '".$this->db->idate($datelim)."', '".$this->db->escape($this->modelpdf)."'"; $sql.= ", ".($this->situation_cycle_ref?"'".$this->db->escape($this->situation_cycle_ref)."'":"null"); $sql.= ", ".($this->situation_counter?"'".$this->db->escape($this->situation_counter)."'":"null"); $sql.= ", ".($this->situation_final?$this->situation_final:0); diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index dc3c7fc3640..f3c0b9bd3f5 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -168,9 +168,9 @@ class Contact extends CommonObject $sql.= " ".($user->id > 0 ? "'".$user->id."'":"null").","; $sql.= " ".$this->priv.","; $sql.= " ".$this->statut.","; - $sql.= " ".(! empty($this->canvas)?"'".$this->canvas."'":"null").","; + $sql.= " ".(! empty($this->canvas)?"'".$this->db->escape($this->canvas)."'":"null").","; $sql.= " ".$conf->entity.","; - $sql.= "'".$this->db->escape($this->ref_ext)."',"; + $sql.= "'".$this->db->escape($this->ref_ext)."',"; $sql.= " ".(! empty($this->import_key)?"'".$this->import_key."'":"null"); $sql.= ")"; diff --git a/htdocs/core/modules/modSociete.class.php b/htdocs/core/modules/modSociete.class.php index eaa6010a0c5..b0fc90a2f27 100644 --- a/htdocs/core/modules/modSociete.class.php +++ b/htdocs/core/modules/modSociete.class.php @@ -467,6 +467,21 @@ class modSociete extends DolibarrModules 'sr.code_banque'=>"0000", 'sr.code_guichet'=>"1111",'sr.number'=>"3333333333", 'sr.cle_rib'=>"22",'sr.bic'=>"USHINGMMXXX",'sr.iban_prefix'=>"US00 0000 1111 22 3333 3333" ); + + // Import Company Salesman + $r++; + $this->import_code[$r]=$this->rights_class.'_'.$r; + $this->import_label[$r]="ImportDataset_company_4"; // Translation key + $this->import_icon[$r]='company'; + $this->import_entities_array[$r]=array('sr.fk_user'=>'user'); // We define here only fields that use another icon that the one defined into import_icon + $this->import_tables_array[$r]=array('sr'=>MAIN_DB_PREFIX.'societe_commerciaux'); + $this->import_fields_array[$r]=array('sr.fk_soc'=>"ThirdPartyName*",'sr.fk_user'=>"User*"); + + $this->import_convertvalue_array[$r]=array( + 'sr.fk_soc'=>array('rule'=>'fetchidfromref','classfile'=>'/societe/class/societe.class.php','class'=>'Societe','method'=>'fetch','element'=>'ThirdParty'), + 'sr.fk_user'=>array('rule'=>'fetchidfromref','classfile'=>'/user/class/user.class.php','class'=>'User','method'=>'fetch','element'=>'User') + ); + $this->import_examplevalues_array[$r]=array('sr.fk_soc'=>"MyBigCompany",'sr.fk_user'=>"login"); } diff --git a/htdocs/core/modules/syslog/mod_syslog_firephp.php b/htdocs/core/modules/syslog/mod_syslog_firephp.php index 08c0b91efc6..fa6111c80a3 100644 --- a/htdocs/core/modules/syslog/mod_syslog_firephp.php +++ b/htdocs/core/modules/syslog/mod_syslog_firephp.php @@ -1,4 +1,20 @@ + * Copyright (C) 2015 Raphaël Doursenaud + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ require_once DOL_DOCUMENT_ROOT.'/core/modules/syslog/logHandler.php'; @@ -7,7 +23,9 @@ require_once DOL_DOCUMENT_ROOT.'/core/modules/syslog/logHandler.php'; */ class mod_syslog_firephp extends LogHandler implements LogHandlerInterface { - var $code = 'firephp'; + public $code = 'firephp'; + private static $firephp_include_path = '/includes/firephp/firephp-core/lib/'; + private static $firephp_class_path = 'FirePHPCore/FirePHP.class.php'; /** * Return name of logger @@ -38,7 +56,7 @@ class mod_syslog_firephp extends LogHandler implements LogHandlerInterface { global $langs; - return $this->isActive()?'':$langs->trans('ClassNotFoundIntoPathWarning','FirePHPCore/FirePHP.class.php'); + return $this->isActive()?'':$langs->trans('ClassNotFoundIntoPathWarning', self::$firephp_class_path); } /** @@ -48,42 +66,48 @@ class mod_syslog_firephp extends LogHandler implements LogHandlerInterface */ public function isActive() { + global $conf; try { - set_include_path('/usr/share/php/'); - $res = @include_once 'FirePHPCore/FirePHP.class.php'; - restore_include_path(); - if ($res) - { - return 1; - } + if (empty($conf->global->SYSLOG_FIREPHP_INCLUDEPATH)) { + $conf->global->SYSLOG_FIREPHP_INCLUDEPATH = DOL_DOCUMENT_ROOT . self::$firephp_include_path; + } + set_include_path($conf->global->SYSLOG_FIREPHP_INCLUDEPATH); + $res = @include_once self::$firephp_class_path; + restore_include_path(); + if ($res) { + return 1; + } else { + return 0; + } } catch(Exception $e) { - print ''."\n"; + print ''."\n"; } return -1; } - ///** - // * Return array of configuration data - // * - // * @return array Return array of configuration data - // */ - // public function configure() - // { - // global $langs; + /** + * Return array of configuration data + * + * @return array Return array of configuration data + */ + public function configure() + { + global $langs; - // return array( - // array( - // 'name' => $langs->trans('IncludePath'), - // 'constant' => 'SYSLOG_FIREPHP_INCLUDEPATH', - // 'default' => '/usr/share/php', - // 'attr' => 'size="40"' - // ) - // ); - // } + return array( + array( + 'name' => $langs->trans('IncludePath', 'SYSLOG_FIREPHP_INCLUDEPATH'), + 'constant' => 'SYSLOG_FIREPHP_INCLUDEPATH', + 'default' => DOL_DOCUMENT_ROOT . self::$firephp_include_path, + 'attr' => 'size="60"', + 'example' => '/usr/share/php, ' . DOL_DOCUMENT_ROOT . self::$firephp_include_path + ) + ); + } /** * Return if configuration is valid @@ -92,20 +116,15 @@ class mod_syslog_firephp extends LogHandler implements LogHandlerInterface */ public function checkConfiguration() { - global $langs; + global $conf, $langs; $errors = array(); - $oldinclude = get_include_path(); - set_include_path('/usr/share/php/'); - - if (!file_exists('FirePHPCore/FirePHP.class.php')) + if (!file_exists($conf->global->SYSLOG_FIREPHP_INCLUDEPATH . self::$firephp_class_path)) { - $errors[] = $langs->trans("ErrorFailedToOpenFile", 'FirePhp.php'); + $errors[] = $langs->trans("ErrorFailedToOpenFile", self::$firephp_class_path); } - set_include_path($oldinclude); - return $errors; } @@ -129,8 +148,8 @@ class mod_syslog_firephp extends LogHandler implements LogHandlerInterface // Warning FirePHPCore must be into PHP include path. It is not possible to use into require_once() a constant from // database or config file because we must be able to log data before database or config file read. $oldinclude=get_include_path(); - set_include_path('/usr/share/php/'); - include_once 'FirePHPCore/FirePHP.class.php'; + set_include_path($conf->global->SYSLOG_FIREPHP_INCLUDEPATH); + include_once self::$firephp_class_path; set_include_path($oldinclude); ob_start(); // To be sure headers are not flushed until all page is completely processed $firephp = FirePHP::getInstance(true); diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index 5e88cc94243..d0bcee286d0 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -149,11 +149,11 @@ class Fichinter extends CommonObject $sql.= " VALUES ("; $sql.= $this->socid; $sql.= ", '".$this->db->idate($now)."'"; - $sql.= ", '".$this->ref."'"; + $sql.= ", '".$this->db->escape($this->ref)."'"; $sql.= ", ".$conf->entity; $sql.= ", ".$user->id; $sql.= ", ".($this->description?"'".$this->db->escape($this->description)."'":"null"); - $sql.= ", '".$this->modelpdf."'"; + $sql.= ", '".$this->db->escape($this->modelpdf)."'"; $sql.= ", ".($this->fk_project ? $this->fk_project : 0); $sql.= ", ".($this->fk_contrat ? $this->fk_contrat : 0); $sql.= ", ".$this->statut; diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 5e207f0b4b6..233c0510b3a 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -1002,7 +1002,7 @@ class CommandeFournisseur extends CommonOrder $sql.= ") "; $sql.= " VALUES ("; $sql.= "''"; - $sql.= ", '".$this->ref_supplier."'"; + $sql.= ", '".$this->db->escape($this->ref_supplier)."'"; $sql.= ", '".$this->db->escape($this->note_private)."'"; $sql.= ", '".$this->db->escape($this->note_public)."'"; $sql.= ", ".$conf->entity; @@ -1011,7 +1011,7 @@ class CommandeFournisseur extends CommonOrder $sql.= ", ".($this->date_livraison?"'".$this->db->idate($this->date_livraison)."'":"null"); $sql.= ", ".$user->id; $sql.= ", 0"; - $sql.= ", " . $this->source; + $sql.= ", ".$this->db->escape($this->source); $sql.= ", '".$conf->global->COMMANDE_SUPPLIER_ADDON_PDF."'"; $sql.= ", ".($this->mode_reglement_id > 0 ? $this->mode_reglement_id : 'null'); $sql.= ", ".($this->cond_reglement_id > 0 ? $this->cond_reglement_id : 'null'); diff --git a/htdocs/fourn/list.php b/htdocs/fourn/list.php index 3333ffefba2..d05359945d1 100644 --- a/htdocs/fourn/list.php +++ b/htdocs/fourn/list.php @@ -5,6 +5,7 @@ * Copyright (C) 2011 Philippe Grand * Copyright (C) 2013 Cédric Salvador * Copyright (C) 2015 Raphaël Doursenaud + * Copyright (C) 2015 Florian Henry * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -29,6 +30,8 @@ require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; $langs->load("suppliers"); $langs->load("orders"); @@ -44,6 +47,8 @@ $search_datec = GETPOST("search_datec"); $search_categ = GETPOST('search_categ','int'); $search_status = GETPOST("search_status",'int'); $catid = GETPOST("catid",'int'); +$search_country = GETPOST("search_country",'int'); +$search_type_thirdparty = GETPOST("search_type_thirdparty",'int'); // Security check $socid = GETPOST('socid','int'); @@ -76,6 +81,8 @@ if (GETPOST("button_removefilter_x") || GETPOST("button_removefilter")) // Both $search_categ=""; $search_status=''; $catid=""; + $search_country=""; + $search_type_thirdparty=""; } if ($search_status=='') $search_status=1; // always display activ customer first @@ -99,12 +106,15 @@ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'e $form=new Form($db); $htmlother=new FormOther($db); $thirdpartystatic=new Societe($db); +$formcompany=new FormCompany($db); $help_url='EN:Module_Third_Parties|FR:Module_Tiers|ES:Empresas'; llxHeader('',$langs->trans("ThirdParty"),$help_url); $sql = "SELECT s.rowid as socid, s.nom as name, s.name_alias, s.zip, s.town, s.datec, st.libelle as stcomm, s.prefix_comm, s.status as status, "; $sql.= "code_fournisseur, code_compta_fournisseur"; +$sql.= ",s.fk_pays"; +$sql.= ",typent.code as typent_code"; if (!$user->rights->societe->client->voir && !$socid) $sql .= ", sc.fk_soc, sc.fk_user "; // Add fields for extrafields foreach ($extrafields->attribute_list as $key => $val) $sql.=",ef.".$key.' as options_'.$key; @@ -114,6 +124,8 @@ $reshook=$hookmanager->executeHooks('printFieldListSelect',$parameters); // N $sql.=$hookmanager->resPrint; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_extrafields as ef ON ef.fk_object = s.rowid"; +$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as country on (country.rowid = s.fk_pays) "; +$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_typent as typent on (typent.id = s.fk_typent) "; if (! empty($search_categ) || ! empty($catid)) $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX."categorie_fournisseur as cf ON s.rowid = cf.fk_soc"; // We need this table joined to the select in order to filter by categ $sql.= ", ".MAIN_DB_PREFIX."c_stcomm as st"; if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; @@ -137,6 +149,8 @@ if ($catid > 0) $sql.= " AND cf.fk_categorie = ".$catid; if ($catid == -2) $sql.= " AND cf.fk_categorie IS NULL"; if ($search_categ > 0) $sql.= " AND cf.fk_categorie = ".$search_categ; if ($search_categ == -2) $sql.= " AND cf.fk_categorie IS NULL"; +if ($search_country) $sql .= " AND s.fk_pays IN (".$search_country.')'; +if ($search_type_thirdparty) $sql .= " AND s.fk_typent IN (".$search_type_thirdparty.')'; // Add where from hooks $parameters=array(); $reshook=$hookmanager->executeHooks('printFieldListWhere',$parameters); // Note that $action and $object may have been modified by hook @@ -160,9 +174,14 @@ if ($resql) $num = $db->num_rows($resql); $i = 0; - $param = "&search_name=".$search_name."&search_supplier_code=".$search_supplier_code."&search_zipcode=".$search_zipcode."&search_town=".$search_town; - if ($search_categ != '') $param.='&search_categ='.$search_categ; - if ($search_status != '') $param.='&search_status='.$search_status; + $param = "&search_name=".htmlspecialchars($search_name); + $param.="&search_supplier_code=".htmlspecialchars($search_supplier_code); + $param.="&search_zipcode=".htmlspecialchars($search_zipcode); + $param.="&search_town=".htmlspecialchars($search_town); + if ($search_categ != '') $param.='&search_categ='.htmlspecialchars($search_categ); + if ($search_status != '') $param.='&search_status='.htmlspecialchars($search_status); + if ($search_country != '') $param.='&search_country='.htmlspecialchars($search_country); + if ($search_type_thirdparty != '') $param.='&search_type_thirdparty='.htmlspecialchars($search_type_thirdparty); print_barre_liste($langs->trans("ListOfSuppliers"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num, $nbtotalofrecords, 'title_companies'); @@ -193,6 +212,8 @@ if ($resql) print_liste_field_titre($langs->trans("Company"),$_SERVER["PHP_SELF"],"s.nom","",$param,'valign="middle"',$sortfield,$sortorder); print_liste_field_titre($langs->trans("Zip"),$_SERVER["PHP_SELF"],"s.zip","",$param,'valign="middle"',$sortfield,$sortorder); print_liste_field_titre($langs->trans("Town"),$_SERVER["PHP_SELF"],"s.town","",$param,'valign="middle"',$sortfield,$sortorder); + print_liste_field_titre($langs->trans("Country"),$_SERVER["PHP_SELF"],"country.code_iso","",$param,'align="center"',$sortfield,$sortorder); + print_liste_field_titre($langs->trans("ThirdPartyType"),$_SERVER["PHP_SELF"],"typent.code","",$param,'align="center"',$sortfield,$sortorder); print_liste_field_titre($langs->trans("SupplierCode"),$_SERVER["PHP_SELF"],"s.code_fournisseur","",$param,'align="left"',$sortfield,$sortorder); print_liste_field_titre($langs->trans("AccountancyCode"),$_SERVER["PHP_SELF"],"s.code_compta_fournisseur","",$param,'align="left"',$sortfield,$sortorder); print_liste_field_titre($langs->trans("DateCreation"),$_SERVER["PHP_SELF"],"s.datec","",$param,'align="right"',$sortfield,$sortorder); @@ -213,6 +234,14 @@ if ($resql) print ''; + print ''; + print $form->select_country($search_country,'search_country'); + print ''; + + print ''; + print $form->selectarray("search_type_thirdparty", $formcompany->typent_array(0), $search_type_thirdparty, 0, 0, 0, '', 0, 0, 0, (empty($conf->global->SOCIETE_SORT_ON_TYPEENT)?'ASC':$conf->global->SOCIETE_SORT_ON_TYPEENT)); + print ''; + print ''; print ''; print ''; @@ -257,6 +286,16 @@ if ($resql) print "\n"; print ''.$obj->zip.''."\n"; print ''.$obj->town.''."\n"; + //Country + print ''; + $tmparray=getCountry($obj->fk_pays,'all'); + print $tmparray['label']; + print ''; + //Type ent + print ''; + if (count($typenArray)==0) $typenArray = $formcompany->typent_array(1); + print $typenArray[$obj->typent_code]; + print ''; print ''.$obj->code_fournisseur.' '; print ''.$obj->code_compta_fournisseur.' '; print ''.dol_print_date($db->jdate($obj->datec),'day').''; diff --git a/htdocs/install/mysql/migration/3.8.0-3.9.0.sql b/htdocs/install/mysql/migration/3.8.0-3.9.0.sql old mode 100644 new mode 100755 index bd890962288..dc778fd0eca --- a/htdocs/install/mysql/migration/3.8.0-3.9.0.sql +++ b/htdocs/install/mysql/migration/3.8.0-3.9.0.sql @@ -29,3 +29,5 @@ UPDATE llx_const SET name = __ENCRYPT('ACCOUNTING_EXPORT_PREFIX_SPEC')__ WHERE _ ALTER TABLE llx_accountingaccount RENAME TO llx_accounting_account; ALTER TABLE llx_societe ADD COLUMN model_pdf varchar(255); + +ALTER TABLE llx_societe_commerciaux ADD COLUMN import_key varchar(14) AFTER fk_user; diff --git a/htdocs/install/mysql/tables/llx_societe_commerciaux.sql b/htdocs/install/mysql/tables/llx_societe_commerciaux.sql index f9305c71a09..20083645638 100644 --- a/htdocs/install/mysql/tables/llx_societe_commerciaux.sql +++ b/htdocs/install/mysql/tables/llx_societe_commerciaux.sql @@ -21,6 +21,7 @@ create table llx_societe_commerciaux ( rowid integer AUTO_INCREMENT PRIMARY KEY, fk_soc integer, - fk_user integer + fk_user integer, + import_key varchar(14) )ENGINE=innodb; diff --git a/htdocs/langs/en_US/companies.lang b/htdocs/langs/en_US/companies.lang index 2a6391ad934..df44a12ee44 100644 --- a/htdocs/langs/en_US/companies.lang +++ b/htdocs/langs/en_US/companies.lang @@ -381,6 +381,7 @@ ExportDataset_company_2=Contacts and properties ImportDataset_company_1=Third parties (Companies/foundations/physical people) and properties ImportDataset_company_2=Contacts/Addresses (of thirdparties or not) and attributes ImportDataset_company_3=Bank details +ImportDataset_company_4=Third parties/Sales representatives (Affect sales representatives users to companies) PriceLevel=Price level DeliveriesAddress=Delivery addresses DeliveryAddress=Delivery address diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 13368f652a9..7c2d089960a 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -694,7 +694,7 @@ class Product extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."product"; $sql.= " SET label = '" . $this->db->escape($this->label) ."'"; - $sql.= ", ref = '" . $this->ref ."'"; + $sql.= ", ref = '" . $this->db->escape($this->ref) ."'"; $sql.= ", ref_ext = ".(! empty($this->ref_ext)?"'".$this->db->escape($this->ref_ext)."'":"null"); $sql.= ", tva_tx = " . $this->tva_tx; $sql.= ", recuperableonly = " . $this->tva_npr; @@ -722,9 +722,9 @@ class Product extends CommonObject $sql.= ", customcode = '" . $this->db->escape($this->customcode) ."'"; $sql.= ", fk_country = " . ($this->country_id > 0 ? $this->country_id : 'null'); $sql.= ", note = ".(isset($this->note) ? "'" .$this->db->escape($this->note)."'" : 'null'); - $sql.= ", duration = '" . $this->duration_value . $this->duration_unit ."'"; - $sql.= ", accountancy_code_buy = '" . $this->accountancy_code_buy."'"; - $sql.= ", accountancy_code_sell= '" . $this->accountancy_code_sell."'"; + $sql.= ", duration = '" . $this->db->escape($this->duration_value . $this->duration_unit) ."'"; + $sql.= ", accountancy_code_buy = '" . $this->db->escape($this->accountancy_code_buy)."'"; + $sql.= ", accountancy_code_sell= '" . $this->db->escape($this->accountancy_code_sell)."'"; $sql.= ", desiredstock = " . ((isset($this->desiredstock) && $this->desiredstock != '') ? $this->desiredstock : "null"); $sql.= ", fk_unit= " . (!$this->fk_unit ? 'NULL' : $this->fk_unit); $sql.= " WHERE rowid = " . $id; diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index c3dfeb7b226..81698196f20 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -461,14 +461,14 @@ class Societe extends CommonObject $sql = "INSERT INTO ".MAIN_DB_PREFIX."societe (nom, name_alias, entity, datec, fk_user_creat, canvas, status, ref_int, ref_ext, fk_stcomm, fk_incoterms, location_incoterms ,import_key)"; $sql.= " VALUES ('".$this->db->escape($this->name)."', '".$this->db->escape($this->name_alias)."', ".$conf->entity.", '".$this->db->idate($now)."'"; $sql.= ", ".(! empty($user->id) ? "'".$user->id."'":"null"); - $sql.= ", ".(! empty($this->canvas) ? "'".$this->canvas."'":"null"); + $sql.= ", ".(! empty($this->canvas) ? "'".$this->db->escape($this->canvas)."'":"null"); $sql.= ", ".$this->status; - $sql.= ", ".(! empty($this->ref_int) ? "'".$this->ref_int."'":"null"); - $sql.= ", ".(! empty($this->ref_ext) ? "'".$this->ref_ext."'":"null"); + $sql.= ", ".(! empty($this->ref_int) ? "'".$this->db->escape($this->ref_int)."'":"null"); + $sql.= ", ".(! empty($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'":"null"); $sql.= ", 0"; $sql.= ", ".(int) $this->fk_incoterms; $sql.= ", '".$this->db->escape($this->location_incoterms)."'"; - $sql.= ", ".(! empty($this->import_key) ? "'".$this->import_key."'":"null").")"; + $sql.= ", ".(! empty($this->import_key) ? "'".$this->db->escape($this->import_key)."'":"null").")"; dol_syslog(get_class($this)."::create", LOG_DEBUG); $result=$this->db->query($sql); @@ -789,7 +789,7 @@ class Societe extends CommonObject $sql .= ",ref_ext = " .(! empty($this->ref_ext)?"'".$this->db->escape($this->ref_ext) ."'":"null"); $sql .= ",address = '" . $this->db->escape($this->address) ."'"; - $sql .= ",zip = ".(! empty($this->zip)?"'".$this->zip."'":"null"); + $sql .= ",zip = ".(! empty($this->zip)?"'".$this->db->escape($this->zip)."'":"null"); $sql .= ",town = ".(! empty($this->town)?"'".$this->db->escape($this->town)."'":"null"); $sql .= ",fk_departement = '" . (! empty($this->state_id)?$this->state_id:'0') ."'"; @@ -841,17 +841,17 @@ class Societe extends CommonObject $sql .= ",prefix_comm = ".(! empty($this->prefix_comm)?"'".$this->db->escape($this->prefix_comm)."'":"null"); - $sql .= ",fk_effectif = ".(! empty($this->effectif_id)?"'".$this->effectif_id."'":"null"); + $sql .= ",fk_effectif = ".(! empty($this->effectif_id)?"'".$this->db->escape($this->effectif_id)."'":"null"); - $sql .= ",fk_typent = ".(! empty($this->typent_id)?"'".$this->typent_id."'":"0"); + $sql .= ",fk_typent = ".(! empty($this->typent_id)?"'".$this->db->escape($this->typent_id)."'":"0"); - $sql .= ",fk_forme_juridique = ".(! empty($this->forme_juridique_code)?"'".$this->forme_juridique_code."'":"null"); + $sql .= ",fk_forme_juridique = ".(! empty($this->forme_juridique_code)?"'".$this->db->escape($this->forme_juridique_code)."'":"null"); $sql .= ",client = " . (! empty($this->client)?$this->client:0); $sql .= ",fournisseur = " . (! empty($this->fournisseur)?$this->fournisseur:0); - $sql .= ",barcode = ".(! empty($this->barcode)?"'".$this->barcode."'":"null"); - $sql .= ",default_lang = ".(! empty($this->default_lang)?"'".$this->default_lang."'":"null"); - $sql .= ",logo = ".(! empty($this->logo)?"'".$this->logo."'":"null"); + $sql .= ",barcode = ".(! empty($this->barcode)?"'".$this->db->escape($this->barcode)."'":"null"); + $sql .= ",default_lang = ".(! empty($this->default_lang)?"'".$this->db->escape($this->default_lang)."'":"null"); + $sql .= ",logo = ".(! empty($this->logo)?"'".$this->db->escape($this->logo)."'":"null"); $sql .= ",webservices_url = ".(! empty($this->webservices_url)?"'".$this->db->escape($this->webservices_url)."'":"null"); $sql .= ",webservices_key = ".(! empty($this->webservices_key)?"'".$this->db->escape($this->webservices_key)."'":"null"); @@ -1531,7 +1531,7 @@ class Societe extends CommonObject // Positionne remise courante $sql = "UPDATE ".MAIN_DB_PREFIX."societe "; - $sql.= " SET remise_client = '".$remise."'"; + $sql.= " SET remise_client = '".$this->db->escape($remise)."'"; $sql.= " WHERE rowid = " . $this->id .";"; $resql=$this->db->query($sql); if (! $resql) @@ -1544,7 +1544,7 @@ class Societe extends CommonObject // Ecrit trace dans historique des remises $sql = "INSERT INTO ".MAIN_DB_PREFIX."societe_remise"; $sql.= " (datec, fk_soc, remise_client, note, fk_user_author)"; - $sql.= " VALUES ('".$this->db->idate($now)."', ".$this->id.", '".$remise."',"; + $sql.= " VALUES ('".$this->db->idate($now)."', ".$this->id.", '".$this->db->escape($remise)."',"; $sql.= " '".$this->db->escape($note)."',"; $sql.= " ".$user->id; $sql.= ")"; @@ -1694,7 +1694,7 @@ class Societe extends CommonObject $now=dol_now(); $sql = "UPDATE ".MAIN_DB_PREFIX."societe"; - $sql .= " SET price_level = '".$price_level."'"; + $sql .= " SET price_level = '".$this->db->escape($price_level)."'"; $sql .= " WHERE rowid = " . $this->id; if (! $this->db->query($sql)) @@ -1705,7 +1705,7 @@ class Societe extends CommonObject $sql = "INSERT INTO ".MAIN_DB_PREFIX."societe_prices"; $sql .= " (datec, fk_soc, price_level, fk_user_author)"; - $sql .= " VALUES ('".$this->db->idate($now)."',".$this->id.",'".$price_level."',".$user->id.")"; + $sql .= " VALUES ('".$this->db->idate($now)."',".$this->id.",'".$this->db->escape($price_level)."',".$user->id.")"; if (! $this->db->query($sql)) { @@ -3242,7 +3242,7 @@ class Societe extends CommonObject * @param User $user User making change * @return int <0 if KO, >0 if OK */ - function set_OutstandingBill (User $user) + function set_OutstandingBill(User $user) { if ($this->id) { diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index 281746fe824..20d4b6c477f 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -4,6 +4,7 @@ * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2012 Marcos García * Copyright (C) 2013-2015 Raphaël Doursenaud + * Copyright (C) 2015 Florian Henry * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -28,6 +29,8 @@ require_once '../main.inc.php'; include_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; $langs->load("companies"); $langs->load("customers"); @@ -55,6 +58,8 @@ $search_categ=trim(GETPOST("search_categ")); $mode=GETPOST("mode"); $modesearch=GETPOST("mode_search"); $search_type=trim(GETPOST('search_type')); +$search_country = GETPOST("search_country",'int'); +$search_type_thirdparty = GETPOST("search_type_thirdparty",'int'); $sortfield=GETPOST("sortfield",'alpha'); $sortorder=GETPOST("sortorder",'alpha'); @@ -153,6 +158,7 @@ if ($mode == 'search') $form=new Form($db); $htmlother=new FormOther($db); $companystatic=new Societe($db); +$formcompany=new FormCompany($db); $help_url='EN:Module_Third_Parties|FR:Module_Tiers|ES:Empresas'; llxHeader('',$langs->trans("ThirdParty"),$help_url); @@ -172,6 +178,8 @@ if (GETPOST("button_removefilter_x") || GETPOST("button_removefilter")) // Both $search_idprof3=''; $search_idprof4=''; $search_type=''; + $search_country=''; + $search_type_thirdparty=''; } if ($socname) @@ -195,6 +203,8 @@ $title=$langs->trans("ListOfThirdParties"); $sql = "SELECT s.rowid, s.nom as name, s.barcode, s.town, s.datec, s.code_client, s.code_fournisseur, "; $sql.= " st.libelle as stcomm, s.prefix_comm, s.client, s.fournisseur, s.canvas, s.status as status,"; $sql.= " s.siren as idprof1, s.siret as idprof2, ape as idprof3, idprof4 as idprof4"; +$sql.= ",s.fk_pays"; +$sql.= ",typent.code as typent_code"; // We'll need these fields in order to filter by sale (including the case where the user can only see his prospects) if ($search_sale) $sql .= ", sc.fk_soc, sc.fk_user"; // We'll need these fields in order to filter by categ @@ -205,8 +215,10 @@ foreach ($extrafields->attribute_list as $key => $val) $sql.=",ef.".$key.' as op $parameters=array(); $reshook=$hookmanager->executeHooks('printFieldListSelect',$parameters); // Note that $action and $object may have been modified by hook $sql.=$hookmanager->resPrint; -$sql.= " FROM ".MAIN_DB_PREFIX."societe as s,"; -$sql.= " ".MAIN_DB_PREFIX."c_stcomm as st"; +$sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; +$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as country on (country.rowid = s.fk_pays) "; +$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_typent as typent on (typent.id = s.fk_typent) "; +$sql.= " ,".MAIN_DB_PREFIX."c_stcomm as st"; // We'll need this table joined to the select in order to filter by sale if ($search_sale || (!$user->rights->societe->client->voir && !$socid)) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We'll need this table joined to the select in order to filter by categ @@ -235,6 +247,8 @@ if ($search_type > 0 && in_array($search_type,array('1,3','2,3'))) $sql .= " AND if ($search_type > 0 && in_array($search_type,array('4'))) $sql .= " AND s.fournisseur = 1"; if ($search_type == '0') $sql .= " AND s.client = 0 AND s.fournisseur = 0"; if (!empty($conf->barcode->enabled) && $sbarcode) $sql.= " AND s.barcode LIKE '%".$db->escape($sbarcode)."%'"; +if ($search_country) $sql .= " AND s.fk_pays IN (".$search_country.')'; +if ($search_type_thirdparty) $sql .= " AND s.fk_typent IN (".$search_type_thirdparty.')'; // Add where from hooks $parameters=array(); $reshook=$hookmanager->executeHooks('printFieldListWhere',$parameters); // Note that $action and $object may have been modified by hook @@ -257,14 +271,18 @@ if ($resql) $num = $db->num_rows($resql); $i = 0; - $params = "&socname=".htmlspecialchars($socname)."&search_nom=".htmlspecialchars($search_nom)."&search_town=".htmlspecialchars($search_town); - $params.= ($sbarcode?"&sbarcode=".htmlspecialchars($sbarcode):""); - $params.= '&search_idprof1='.htmlspecialchars($search_idprof1); - $params.= '&search_idprof2='.htmlspecialchars($search_idprof2); - $params.= '&search_idprof3='.htmlspecialchars($search_idprof3); - $params.= '&search_idprof4='.htmlspecialchars($search_idprof4); + $param = "&socname=".htmlspecialchars($socname); + $param.= "&search_nom=".htmlspecialchars($search_nom); + $param.= "&search_town=".htmlspecialchars($search_town); + $param.= ($sbarcode?"&sbarcode=".htmlspecialchars($sbarcode):""); + $param.= '&search_idprof1='.htmlspecialchars($search_idprof1); + $param.= '&search_idprof2='.htmlspecialchars($search_idprof2); + $param.= '&search_idprof3='.htmlspecialchars($search_idprof3); + $param.= '&search_idprof4='.htmlspecialchars($search_idprof4); + if ($search_country != '') $param.='&search_country='.htmlspecialchars($search_country); + if ($search_type_thirdparty != '') $param.='&search_type_thirdparty='.htmlspecialchars($search_type_thirdparty); - print_barre_liste($title, $page, $_SERVER["PHP_SELF"],$params,$sortfield,$sortorder,'',$num,$nbtotalofrecords,'title_companies'); + print_barre_liste($title, $page, $_SERVER["PHP_SELF"],$param,$sortfield,$sortorder,'',$num,$nbtotalofrecords,'title_companies'); // Show delete result message if (GETPOST('delsoc')) @@ -325,18 +343,20 @@ if ($resql) // Lines of titles print ''; - print_liste_field_titre($langs->trans("Company"),$_SERVER["PHP_SELF"],"s.nom","",$params,"",$sortfield,$sortorder); + print_liste_field_titre($langs->trans("Company"),$_SERVER["PHP_SELF"],"s.nom","",$param,"",$sortfield,$sortorder); if (! empty($conf->barcode->enabled)) print_liste_field_titre($langs->trans("BarCode"), $_SERVER["PHP_SELF"], "s.barcode",$param,'','',$sortfield,$sortorder); - print_liste_field_titre($langs->trans("Town"),$_SERVER["PHP_SELF"],"s.town","",$params,'',$sortfield,$sortorder); - print_liste_field_titre($form->textwithpicto($langs->trans("ProfId1Short"),$textprofid[1],1,0),$_SERVER["PHP_SELF"],"s.siren","",$params,'class="nowrap"',$sortfield,$sortorder); - print_liste_field_titre($form->textwithpicto($langs->trans("ProfId2Short"),$textprofid[2],1,0),$_SERVER["PHP_SELF"],"s.siret","",$params,'class="nowrap"',$sortfield,$sortorder); - print_liste_field_titre($form->textwithpicto($langs->trans("ProfId3Short"),$textprofid[3],1,0),$_SERVER["PHP_SELF"],"s.ape","",$params,'class="nowrap"',$sortfield,$sortorder); - print_liste_field_titre($form->textwithpicto($langs->trans("ProfId4Short"),$textprofid[4],1,0),$_SERVER["PHP_SELF"],"s.idprof4","",$params,'class="nowrap"',$sortfield,$sortorder); + print_liste_field_titre($langs->trans("Town"),$_SERVER["PHP_SELF"],"s.town","",$param,'',$sortfield,$sortorder); + print_liste_field_titre($langs->trans("Country"),$_SERVER["PHP_SELF"],"country.code_iso","",$param,'align="center"',$sortfield,$sortorder); + print_liste_field_titre($langs->trans("ThirdPartyType"),$_SERVER["PHP_SELF"],"typent.code","",$param,'align="center"',$sortfield,$sortorder); + print_liste_field_titre($form->textwithpicto($langs->trans("ProfId1Short"),$textprofid[1],1,0),$_SERVER["PHP_SELF"],"s.siren","",$param,'class="nowrap"',$sortfield,$sortorder); + print_liste_field_titre($form->textwithpicto($langs->trans("ProfId2Short"),$textprofid[2],1,0),$_SERVER["PHP_SELF"],"s.siret","",$param,'class="nowrap"',$sortfield,$sortorder); + print_liste_field_titre($form->textwithpicto($langs->trans("ProfId3Short"),$textprofid[3],1,0),$_SERVER["PHP_SELF"],"s.ape","",$param,'class="nowrap"',$sortfield,$sortorder); + print_liste_field_titre($form->textwithpicto($langs->trans("ProfId4Short"),$textprofid[4],1,0),$_SERVER["PHP_SELF"],"s.idprof4","",$param,'class="nowrap"',$sortfield,$sortorder); print_liste_field_titre(''); $parameters=array(); $reshook=$hookmanager->executeHooks('printFieldListTitle',$parameters); // Note that $action and $object may have been modified by hook print $hookmanager->resPrint; - print_liste_field_titre($langs->trans("Status"),$_SERVER["PHP_SELF"],"s.status","",$params,'align="right"',$sortfield,$sortorder); + print_liste_field_titre($langs->trans("Status"),$_SERVER["PHP_SELF"],"s.status","",$param,'align="right"',$sortfield,$sortorder); print_liste_field_titre('',$_SERVER["PHP_SELF"],"",'','','',$sortfield,$sortorder,'maxwidthsearch '); print "\n"; @@ -359,6 +379,14 @@ if ($resql) print ''; print ''; print ''; + //Country + print ''; + print $form->select_country($search_country,'search_country'); + print ''; + //Company type + print ''; + print $form->selectarray("search_type_thirdparty", $formcompany->typent_array(0), $search_type_thirdparty, 0, 0, 0, '', 0, 0, 0, (empty($conf->global->SOCIETE_SORT_ON_TYPEENT)?'ASC':$conf->global->SOCIETE_SORT_ON_TYPEENT)); + print ''; // IdProf1 print ''; print ''; @@ -424,6 +452,16 @@ if ($resql) print ''.$objp->barcode.''; } print "".$obj->town."\n"; + //Country + print ''; + $tmparray=getCountry($obj->fk_pays,'all'); + print $tmparray['label']; + print ''; + //Type ent + print ''; + if (count($typenArray)==0) $typenArray = $formcompany->typent_array(1); + print $typenArray[$obj->typent_code]; + print ''; print "".$obj->idprof1."\n"; print "".$obj->idprof2."\n"; print "".$obj->idprof3."\n";