From b7c0594ab73a51a872806c33b7848fa2a87ecdcf Mon Sep 17 00:00:00 2001 From: Florian Date: Thu, 21 Oct 2021 23:28:58 +0200 Subject: [PATCH 1/9] FIX ISSUE DB_ERROR_SYNTAX-#18921 --- htdocs/ticket/list.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index 6991516ede8..0d0e97336cd 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -391,7 +391,7 @@ foreach ($search as $key => $val) { continue; } $mode_search = (($object->isInt($object->fields[$key]) || $object->isFloat($object->fields[$key])) ? 1 : 0); - if ($search[$key] != '') { + if ($search[$key] != '' && !empty($val)) { $sql .= natural_search($key, $search[$key], $mode_search); } } @@ -609,9 +609,9 @@ if ($limit > 0 && $limit != $conf->liste_limit) { $param .= '&limit='.urlencode($limit); } foreach ($search as $key => $val) { - if (is_array($search[$key]) && count($search[$key])) { - foreach ($search[$key] as $skey) { - $param .= '&search_'.$key.'[]='.urlencode($skey); + if (is_array($val) && count($val)) { + foreach ($val as $skey) { + $param .= (!empty($val)) ? '&search_'.$key.'[]='.urlencode($skey) : ""; } } else { $param .= '&search_'.$key.'='.urlencode($search[$key]); From 763cb29c0c3a845d48ec8fa3b794d5b3926f6ac6 Mon Sep 17 00:00:00 2001 From: Florian Date: Sun, 24 Oct 2021 00:26:28 +0200 Subject: [PATCH 2/9] Check that the value is not an array --- htdocs/ticket/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index 0d0e97336cd..4caffd173c3 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -391,7 +391,7 @@ foreach ($search as $key => $val) { continue; } $mode_search = (($object->isInt($object->fields[$key]) || $object->isFloat($object->fields[$key])) ? 1 : 0); - if ($search[$key] != '' && !empty($val)) { + if ($search[$key] != '' && !is_array($val)) { $sql .= natural_search($key, $search[$key], $mode_search); } } From 664860863ee4463327a146a9095f9fad5b9de5c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9=20Cendrier?= Date: Thu, 10 Feb 2022 17:59:12 +0100 Subject: [PATCH 3/9] correct warehouse document location --- htdocs/product/stock/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/stock/card.php b/htdocs/product/stock/card.php index 440e082e8ff..80be3c923ec 100644 --- a/htdocs/product/stock/card.php +++ b/htdocs/product/stock/card.php @@ -944,7 +944,7 @@ if ($action != 'create' && $action != 'edit' && $action != 'delete') { $delallowed = $usercancreate; $modulepart = 'stock'; - print $formfile->showdocuments($modulepart, $object->ref, $filedir, $urlsource, $genallowed, $delallowed, $object->model_pdf, 0, 0, 0, 28, 0, '', 0, '', $object->default_lang, '', $object); + print $formfile->showdocuments($modulepart, $objectref, $filedir, $urlsource, $genallowed, $delallowed, $object->model_pdf, 0, 0, 0, 28, 0, '', 0, '', $object->default_lang, '', $object); $somethingshown = $formfile->numoffiles; print '
'; From 0e664cc9694bd75af03641d148101e0d6ac011d0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 15 Feb 2022 11:12:08 +0100 Subject: [PATCH 4/9] Fix API call from ajax --- htdocs/api/index.php | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/htdocs/api/index.php b/htdocs/api/index.php index d19754f9c35..869dacc5cc0 100644 --- a/htdocs/api/index.php +++ b/htdocs/api/index.php @@ -55,12 +55,27 @@ if (!empty($_SERVER['HTTP_DOLAPIENTITY'])) { define("DOLENTITY", (int) $_SERVER['HTTP_DOLAPIENTITY']); } +// Response for preflight requests (used by browser when into a CORS context) +if (!empty($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'OPTIONS' && !empty($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) { + header('Access-Control-Allow-Origin: *'); + header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE'); + header('Access-Control-Allow-Headers: Content-Type, Authorization, api_key, DOLAPIKEY'); + http_response_code(204); + exit; +} + // When we request url to get the json file, we accept Cross site so we can include the descriptor into an external tool. if (preg_match('/\/explorer\/swagger\.json/', $_SERVER["PHP_SELF"])) { header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE'); header('Access-Control-Allow-Headers: Content-Type, Authorization, api_key, DOLAPIKEY'); } +// When we request url to get an API, we accept Cross site so we can make js API call inside another website +if (preg_match('/\/api\/index\.php/', $_SERVER["PHP_SELF"])) { + header('Access-Control-Allow-Origin: *'); + header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE'); + header('Access-Control-Allow-Headers: Content-Type, Authorization, api_key, DOLAPIKEY'); +} $res = 0; if (!$res && file_exists("../main.inc.php")) { @@ -304,7 +319,7 @@ if (!empty($reg[1]) && ($reg[1] != 'explorer' || ($reg[2] != '/swagger.json' && foreach ($listofendpoints as $endpointrule) { $tmparray = explode(':', $endpointrule); - if ($classfile == $tmparray[0] && $tmparray[1] == 1) { + if (($classfile == $tmparray[0] || $classfile.'api' == $tmparray[0]) && $tmparray[1] == 1) { $endpointisallowed = true; break; } From 8b0280a9d2e656549f4164d3b857b515b4956f33 Mon Sep 17 00:00:00 2001 From: Alexis LAURIER Date: Wed, 16 Feb 2022 10:26:44 +0100 Subject: [PATCH 5/9] add missing entity check on list of withdraws on index of paymentbybanktransfert --- htdocs/compta/paymentbybanktransfer/index.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/compta/paymentbybanktransfer/index.php b/htdocs/compta/paymentbybanktransfer/index.php index 78425398017..1cb47d1c1dc 100644 --- a/htdocs/compta/paymentbybanktransfer/index.php +++ b/htdocs/compta/paymentbybanktransfer/index.php @@ -182,6 +182,7 @@ $limit = 5; $sql = "SELECT p.rowid, p.ref, p.amount, p.datec, p.statut"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_bons as p"; $sql .= " WHERE p.type = 'bank-transfer'"; +$sql .= " AND p.entity IN (".getEntity('invoice').")"; $sql .= " ORDER BY datec DESC"; $sql .= $db->plimit($limit); From ff8dcdc4b7436d3ea206f471ab27aa9224462a67 Mon Sep 17 00:00:00 2001 From: Alexis LAURIER Date: Wed, 16 Feb 2022 10:52:20 +0100 Subject: [PATCH 6/9] manage details of prelevment line for bank transfer --- htdocs/compta/prelevement/line.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/prelevement/line.php b/htdocs/compta/prelevement/line.php index ccb60486c76..3e3ecb8e0ba 100644 --- a/htdocs/compta/prelevement/line.php +++ b/htdocs/compta/prelevement/line.php @@ -268,12 +268,20 @@ if ($id) $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_bons as p"; $sql .= " , ".MAIN_DB_PREFIX."prelevement_lignes as pl"; $sql .= " , ".MAIN_DB_PREFIX."prelevement_facture as pf"; - $sql .= " , ".MAIN_DB_PREFIX."facture as f"; + if ($type == 'bank-transfer') { + $sql .= " , ".MAIN_DB_PREFIX."facture_fourn as f"; + } else { + $sql .= " , ".MAIN_DB_PREFIX."facture as f"; + } $sql .= " , ".MAIN_DB_PREFIX."societe as s"; $sql .= " WHERE pf.fk_prelevement_lignes = pl.rowid"; $sql .= " AND pl.fk_prelevement_bons = p.rowid"; $sql .= " AND f.fk_soc = s.rowid"; - $sql .= " AND pf.fk_facture = f.rowid"; + if ($type == 'bank-transfer') { + $sql .= " AND pf.fk_facture_fourn = f.rowid"; + } else { + $sql .= " AND pf.fk_facture = f.rowid"; + } $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND pl.rowid=".$id; if ($socid) $sql .= " AND s.rowid = ".$socid; From 98c50f531ce0e34e3b08cd467c8a9dcbc5ad1a24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9=20Cendrier?= Date: Wed, 16 Feb 2022 15:57:39 +0100 Subject: [PATCH 7/9] translation string instead of error message text --- htdocs/langs/en_US/productbatch.lang | 2 ++ htdocs/langs/fr_FR/productbatch.lang | 1 + htdocs/product/stock/class/mouvementstock.class.php | 6 ++++-- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/htdocs/langs/en_US/productbatch.lang b/htdocs/langs/en_US/productbatch.lang index 763af20c6b4..a4215a1d7d4 100644 --- a/htdocs/langs/en_US/productbatch.lang +++ b/htdocs/langs/en_US/productbatch.lang @@ -41,3 +41,5 @@ QCFrequency=Quality control frequency (in days) #Traceability - qc status OutOfOrder=Out of order InWorkingOrder=In working order + +CantMoveNonExistantSerial=Error. You ask a move on a record for a serial that does not exists anymore. May be you take the same serial on same warehouse several times in same shipment or it was used by another shipment. Remove this shipment and prepare another one. diff --git a/htdocs/langs/fr_FR/productbatch.lang b/htdocs/langs/fr_FR/productbatch.lang index 40c8b0be477..e0a0749e927 100644 --- a/htdocs/langs/fr_FR/productbatch.lang +++ b/htdocs/langs/fr_FR/productbatch.lang @@ -42,3 +42,4 @@ HideLots=Masquer les lots #Traceability - qc status OutOfOrder=Hors d'usage InWorkingOrder=En état de marche +CantMoveNonExistantSerial=Erreur : Vous avez demandé un mouvement sur un numéro de série qui n’existe plus. Peut-être avez-vous requis le même numéro de série plusieurs fois dans une même expédition, ou il a déjà servi dans une autre expédition. Supprimez cette expédition et préparez-en une autre. diff --git a/htdocs/product/stock/class/mouvementstock.class.php b/htdocs/product/stock/class/mouvementstock.class.php index 8a66e535ca2..4976530eb5e 100644 --- a/htdocs/product/stock/class/mouvementstock.class.php +++ b/htdocs/product/stock/class/mouvementstock.class.php @@ -842,7 +842,9 @@ class MouvementStock extends CommonObject */ private function createBatch($dluo, $qty) { - global $user; + global $user, $langs; + + $langs->load('productbatch'); $pdluo = new Productbatch($this->db); @@ -853,7 +855,7 @@ class MouvementStock extends CommonObject $result = $pdluo->fetch($dluo); if (empty($pdluo->id)) { // We didn't find the line. May be it was deleted before by a previous move in same transaction. - $this->error = 'Error. You ask a move on a record for a serial that does not exists anymore. May be you take the same serial on same warehouse several times in same shipment or it was used by another shipment. Remove this shipment and prepare another one.'; + $this->error = $langs->trans('CantMoveNonExistantSerial'); $this->errors[] = $this->error; $result = -2; } From 7ed6ca6ec629cea1e545d1cffb81c119a63753a0 Mon Sep 17 00:00:00 2001 From: Florian Date: Thu, 21 Oct 2021 23:28:58 +0200 Subject: [PATCH 8/9] FIX ISSUE DB_ERROR_SYNTAX-#18921 --- htdocs/ticket/list.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index 6991516ede8..0d0e97336cd 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -391,7 +391,7 @@ foreach ($search as $key => $val) { continue; } $mode_search = (($object->isInt($object->fields[$key]) || $object->isFloat($object->fields[$key])) ? 1 : 0); - if ($search[$key] != '') { + if ($search[$key] != '' && !empty($val)) { $sql .= natural_search($key, $search[$key], $mode_search); } } @@ -609,9 +609,9 @@ if ($limit > 0 && $limit != $conf->liste_limit) { $param .= '&limit='.urlencode($limit); } foreach ($search as $key => $val) { - if (is_array($search[$key]) && count($search[$key])) { - foreach ($search[$key] as $skey) { - $param .= '&search_'.$key.'[]='.urlencode($skey); + if (is_array($val) && count($val)) { + foreach ($val as $skey) { + $param .= (!empty($val)) ? '&search_'.$key.'[]='.urlencode($skey) : ""; } } else { $param .= '&search_'.$key.'='.urlencode($search[$key]); From aa2a57ff95404990a6494ed2f185352c91140030 Mon Sep 17 00:00:00 2001 From: Florian Date: Sun, 24 Oct 2021 00:26:28 +0200 Subject: [PATCH 9/9] Check that the value is not an array --- htdocs/ticket/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index 0d0e97336cd..4caffd173c3 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -391,7 +391,7 @@ foreach ($search as $key => $val) { continue; } $mode_search = (($object->isInt($object->fields[$key]) || $object->isFloat($object->fields[$key])) ? 1 : 0); - if ($search[$key] != '' && !empty($val)) { + if ($search[$key] != '' && !is_array($val)) { $sql .= natural_search($key, $search[$key], $mode_search); } }