From 25f9b473b4a9679b1cc97375123971a97e3991d7 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 19 Jul 2004 21:27:20 +0000 Subject: [PATCH] Corrections pour register_globals=off --- htdocs/compta/facture.php | 103 ++++++++++++++++++++------------------ 1 file changed, 54 insertions(+), 49 deletions(-) diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php index 69db41b07dc..a024a27b9ca 100644 --- a/htdocs/compta/facture.php +++ b/htdocs/compta/facture.php @@ -55,7 +55,7 @@ $NBLINES=4; if ($_POST["action"] == 'classin') { $facture = new Facture($db); - $facture->fetch($facid); + $facture->fetch($_POST["facid"]); $facture->classin($_POST["projetid"]); } /* @@ -214,10 +214,10 @@ if ($_GET["action"] == 'payed' && $user->rights->facture->paiement) $result = $fac->set_payed($_GET["facid"]); } -if ($action == 'canceled' && $user->rights->facture->paiement) +if ($_GET["action"] == 'canceled' && $user->rights->facture->paiement) { $fac = new Facture($db); - $result = $fac->set_canceled($facid); + $result = $fac->set_canceled($_GET["facid"]); } if ($_POST["action"] == 'setremise' && $user->rights->facture->creer) @@ -228,11 +228,10 @@ if ($_POST["action"] == 'setremise' && $user->rights->facture->creer) $fac->set_remise($user, $_POST["remise"]); } - if ($_POST["action"] == 'addligne' && $user->rights->facture->creer) { $fac = new Facture($db); - $fac->fetch($_GET["facid"]); + $fac->fetch($_POST["facid"]); $datestart=''; $dateend=''; if ($_POST["date_startyear"] && $_POST["date_startmonth"] && $_POST["date_startday"]) { @@ -241,7 +240,7 @@ if ($_POST["action"] == 'addligne' && $user->rights->facture->creer) if ($_POST["date_endyear"] && $_POST["date_endmonth"] && $_POST["date_endday"]) { $dateend=$_POST["date_endyear"].'-'.$_POST["date_endmonth"].'-'.$_POST["date_endday"]; } - $result = $fac->addline($_GET["facid"], + $result = $fac->addline($_POST["facid"], $_POST["desc"], $_POST["pu"], $_POST["qty"], @@ -251,12 +250,14 @@ if ($_POST["action"] == 'addligne' && $user->rights->facture->creer) $datestart, $dateend ); + + $_GET["facid"]=$_POST["facid"]; // Pour réaffichage de la fiche en cours d'édition } -if ($action == 'updateligne' && $user->rights->facture->creer) +if ($_POST["action"] == 'updateligne' && $user->rights->facture->creer) { - $fac = new Facture($db,"",$facid); - $fac->fetch($facid); + $fac = new Facture($db,"",$_POST["facid"]); + $fac->fetch($_POST["facid"]); $datestart=''; $dateend=''; if ($_POST["date_startyear"] && $_POST["date_startmonth"] && $_POST["date_startday"]) { @@ -266,7 +267,7 @@ if ($action == 'updateligne' && $user->rights->facture->creer) $dateend=$_POST["date_endyear"].'-'.$_POST["date_endmonth"].'-'.$_POST["date_endday"]; } - $result = $fac->updateline($rowid, + $result = $fac->updateline($_POST["rowid"], $_POST["desc"], $_POST["price"], $_POST["qty"], @@ -274,13 +275,15 @@ if ($action == 'updateligne' && $user->rights->facture->creer) $datestart, $dateend ); + + $_GET["facid"]=$_POST["facid"]; // Pour réaffichage de la fiche en cours d'édition } -if ($action == 'deleteline' && $user->rights->facture->creer) +if ($_GET["action"] == 'deleteline' && $user->rights->facture->creer) { - $fac = new Facture($db,"",$facid); - $fac->fetch($facid); - $result = $fac->deleteline($rowid); + $fac = new Facture($db,"",$_GET["facid"]); + $fac->fetch($_GET["facid"]); + $result = $fac->deleteline($_GET["rowid"]); } if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == yes) @@ -288,7 +291,7 @@ if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == yes) if ($user->rights->facture->supprimer ) { $fac = new Facture($db); - $fac->delete($_GET["facid"]); + $fac->delete($_POST["facid"]); $_GET["facid"] = 0 ; } } @@ -298,8 +301,8 @@ if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == yes) */ if ($_POST["action"] == 'send' || $_POST["action"] == 'relance') { - $fac = new Facture($db,"",$facid); - if ( $fac->fetch($facid) ) + $fac = new Facture($db,"",$_POST["facid"]); + if ( $fac->fetch($_POST["facid"]) ) { $file = FAC_OUTPUTDIR . "/" . $fac->ref . "/" . $fac->ref . ".pdf"; @@ -377,13 +380,13 @@ if ($_POST["action"] == 'send' || $_POST["action"] == 'relance') /* * Générer ou regénérer le PDF */ -if ($action == 'pdf') +if ($_GET["action"] == 'pdf') { /* * Generation de la facture * définit dans /includes/modules/facture/modules_facture.php */ - facture_pdf_create($db, $facid); + facture_pdf_create($db, $_GET["facid"]); } @@ -433,7 +436,7 @@ if ($_GET["action"] == 'create') $soc = new Societe($db); $soc->fetch($obj->idp); - print '
'; + print ''; print ''; print '' ."\n"; print ''; @@ -517,7 +520,7 @@ if ($_GET["action"] == 'create') $sql .= " ORDER BY p.nbvente DESC LIMIT ".$conf->liste_limit; if ( $db->query($sql) ) { - $opt = ""; + $opt = ""; if ($result) { $num = $db->num_rows(); $i = 0; @@ -535,7 +538,7 @@ if ($_GET["action"] == 'create') print $db->error(); } - print ''; + print '
'; print ''; if ($conf->service->enabled) { print ''; @@ -728,7 +731,7 @@ else $author->fetch(); - $head[0][0] = DOL_URL_ROOT."$PHP_SELF?facid=".$_GET["facid"]; + $head[0][0] = DOL_URL_ROOT.$_SERVER["PHP_SELF"]."?facid=".$_GET["facid"]; $head[0][1] = "Facture : $fac->ref"; $h = 1; $a = 0; @@ -746,7 +749,7 @@ else */ if ($_GET["action"] == 'delete') { - $html->form_confirm("$PHP_SELF?facid=$fac->id","Supprimer la facture","Etes-vous sûr de vouloir supprimer cette facture ?","confirm_delete"); + $html->form_confirm($_SERVER["PHP_SELF"]."?facid=$fac->id","Supprimer la facture","Etes-vous sûr de vouloir supprimer cette facture ?","confirm_delete"); } /* @@ -869,7 +872,7 @@ else { print ''; print ''; - print '
Services/Produits prédéfinisQuan.Remise     Si produit de type service à durée limitée
"; // Update ligne de facture - if ($action == 'editline' && $rowid == $objp->rowid) + if ($_GET["action"] == 'editline' && $_GET["rowid"] == $objp->rowid) { - print "id\" method=\"post\">"; + print ""; print ''; - print ''; + print ''; + print ''; print ""; print ''; print '
Remise'; + print '
Remise'; print '%'; print ''; print '
'; @@ -950,11 +953,12 @@ else print "
'; @@ -997,8 +1001,7 @@ else if ($fac->statut == 0 && $user->rights->facture->creer) { - print "id\" method=\"post\">"; - // echo ''; + print ""; print ""; print ''; print ''; @@ -1009,6 +1012,7 @@ else print ''; print ''; print "\n"; + print ''; print ''; print ''; print '
DescriptionTva  
'; @@ -1073,13 +1077,13 @@ else // Envoyer if ($fac->statut == 1 && $user->rights->facture->envoyer) { - print "id&action=presend\">Envoyer"; + print "id&action=presend\">Envoyer"; } // Envoyer une relance if ($fac->statut == 1 && price($resteapayer) > 0 && $user->rights->facture->envoyer) { - print "id&action=prerelance\">Envoyer relance"; + print "id&action=prerelance\">Envoyer relance"; } // Emettre paiement @@ -1092,13 +1096,13 @@ else if ($fac->statut == 1 && price($resteapayer) <= 0 && $fac->paye == 0 && $user->rights->facture->paiement) { - print "id&action=payed\">Classer 'Payée'"; + print "id&action=payed\">Classer 'Payée'"; } // Classer 'annulée' (possible si validée et aucun paiement n'a encore eu lieu) if ($fac->statut == 1 && $fac->paye == 0 && $totalpaye == 0 && $user->rights->facture->paiement) { - print "id&action=canceled\">Classer 'Annulée'"; + print "id&action=canceled\">Classer 'Annulée'"; } // Récurrente @@ -1188,7 +1192,8 @@ else */ if ($_GET["action"] == 'classer') { - print "

id\">\n"; + print "

id\">\n"; + print ''; print ''; print ''; print '
Projet'; @@ -1203,7 +1208,7 @@ else * * */ - if ($action == 'presend') + if ($_GET["action"] == 'presend') { $replytoname = $user->fullname; $from_name = $replytoname; @@ -1211,7 +1216,7 @@ else $replytomail = $user->email; $from_mail = $replytomail; - print "id&action=send\">\n"; + print "\n"; print ''; print ''; print ''; @@ -1219,7 +1224,7 @@ else print '
'; print_titre("Envoyer la facture par mail"); - print ""; + print "
"; print ""; print ""; print '
Expéditeur$from_name$from_mail  
Répondre à$replytoname$replytomail  
Destinataire'; @@ -1238,7 +1243,7 @@ else print "
\n"; } - if ($action == 'prerelance') + if ($_GET["action"] == 'prerelance') { $replytoname = $user->fullname; $from_name = $replytoname; @@ -1246,7 +1251,7 @@ else $replytomail = $user->email; $from_mail = $replytomail; - print "
id&action=send\">\n"; + print "\n"; print ''; print ''; print ''; @@ -1254,7 +1259,7 @@ else print '
'; print_titre("Envoyer une relance par mail"); - print ""; + print "
"; print ""; print ""; print '
Expéditeur$from_name$from_mail  
Répondre à$replytoname$replytomail  
Destinataire'; @@ -1394,25 +1399,25 @@ else if ($result) { $num = $db->num_rows(); - print_barre_liste("Factures clients",$page,$PHP_SELF,"&socidp=$socidp",$sortfield,$sortorder,'',$num); + print_barre_liste("Factures clients",$page,$_SERVER["PHP_SELF"],"&socidp=$socidp",$sortfield,$sortorder,'',$num); $i = 0; print ''; print ''; print ''; print "\n";
'; - print_liste_field_titre("Numéro",$PHP_SELF,"f.facnumber","","&socidp=$socidp"); + print_liste_field_titre("Numéro",$_SERVER["PHP_SELF"],"f.facnumber","","&socidp=$socidp"); print ''; - print_liste_field_titre("Date",$PHP_SELF,"f.datef","","&socidp=$socidp"); + print_liste_field_titre("Date",$_SERVER["PHP_SELF"],"f.datef","","&socidp=$socidp"); print ''; - print_liste_field_titre("Société",$PHP_SELF,"s.nom","","&socidp=$socidp"); + print_liste_field_titre("Société",$_SERVER["PHP_SELF"],"s.nom","","&socidp=$socidp"); print ''; - print_liste_field_titre("Montant HT",$PHP_SELF,"f.total","","&socidp=$socidp"); + print_liste_field_titre("Montant HT",$_SERVER["PHP_SELF"],"f.total","","&socidp=$socidp"); print ''; - print_liste_field_titre("Montant TTC",$PHP_SELF,"f.total_ttc","","&socidp=$socidp"); + print_liste_field_titre("Montant TTC",$_SERVER["PHP_SELF"],"f.total_ttc","","&socidp=$socidp"); print ''; - print_liste_field_titre("Reçu",$PHP_SELF,"am","","&socidp=$socidp"); + print_liste_field_titre("Reçu",$_SERVER["PHP_SELF"],"am","","&socidp=$socidp"); print ''; - print_liste_field_titre("Statut",$PHP_SELF,"fk_statut,paye","","&socidp=$socidp"); + print_liste_field_titre("Statut",$_SERVER["PHP_SELF"],"fk_statut,paye","","&socidp=$socidp"); print '