lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source
This commit is contained in:
Laurent Destailleur 2012-10-13 13:03:57 +02:00
commit 2a8095f3de
13 changed files with 140 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/boutique/client/fiche.php
View File

@ -28,6 +28,8 @@ require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/boutique/osc_master.inc.php';
include_once DOL_DOCUMENT_ROOT.'/boutique/client/class/boutiqueclient.class.php';
$id=GETPOST('id', 'int');
/*
* Actions
@ -43,10 +45,10 @@ include_once DOL_DOCUMENT_ROOT.'/boutique/client/class/boutiqueclient.class.php'
llxHeader();
if ($_GET['id'])
if ($id > 0)
{
$client = new BoutiqueClient($dbosc);
$result = $client->fetch($_GET['id']);
$result = $client->fetch($id);
if ( $result )
{
print '<div class="titre">'.$langs->trans("CustomerCard").': '.$client->name.'</div><br>';
@ -62,7 +64,7 @@ if ($_GET['id'])
*/
$sql = "SELECT o.orders_id, o.customers_id, date_purchased, t.value as total";
$sql .= " FROM ".$conf->global->OSC_DB_NAME.".".$conf->global->OSC_DB_TABLE_PREFIX."orders as o, ".$conf->global->OSC_DB_NAME.".".$conf->global->OSC_DB_TABLE_PREFIX."orders_total as t";
$sql .= " WHERE o.customers_id = " . $_GET['id'];
$sql .= " WHERE o.customers_id = " . $client->id;
$sql .= " AND o.orders_id = t.orders_id AND t.class = 'ot_total'";
//echo $sql;
$resql=$dbosc->query($sql);

10
htdocs/boutique/commande/fiche.php
View File

@ -30,7 +30,7 @@ include_once DOL_DOCUMENT_ROOT.'/boutique/commande/class/boutiquecommande.class.
$langs->load("products");
$id=GETPOST('id', 'int');
/*
* View
@ -39,11 +39,11 @@ $langs->load("products");
llxHeader();
if ($_GET['id'])
if ($id > 0)
{
$commande = new BoutiqueCommande($db);
$result = $commande->fetch($_GET['id']);
if ( $result )
$result = $commande->fetch($id);
if ($result)
{
print '<div class="titre">'.$langs->trans("OrderCard").': '.$commande->id.'</div><br>';
@ -69,7 +69,7 @@ if ($_GET['id'])
*/
$sql = "SELECT orders_id, products_id, products_model, products_name, products_price, final_price, products_quantity";
$sql .= " FROM ".$conf->global->OSC_DB_NAME.".".$conf->global->OSC_DB_TABLE_PREFIX."orders_products";
$sql .= " WHERE orders_id = " . $_GET['id'];
$sql .= " WHERE orders_id = " . $commande->id;
//$commande->id;
// echo $sql;
$resql=$dbosc->query($sql);

31
htdocs/comm/contact.php
View File

@ -37,7 +37,11 @@ if ($page < 0) { $page = 0; }
$limit = $conf->liste_limit;
$offset = $limit * $page ;
$type=$_GET["type"];
$type=GETPOST('type', 'alpha');
$search_lastname=GETPOST('search_nom')?GETPOST('search_nom'):GETPOST('search_lastname'); // For backward compatibility
$search_firstname=GETPOST('search_prenom')?GETPOST('search_prenom'):GETPOST('search_firstname'); // For backward compatibility
$search_company=GETPOST('search_societe')?GETPOST('search_societe'):GETPOST('search_company'); // For backward compatibility
$contactname=GETPOST('contactname');
// Security check
$socid = GETPOST('socid','int');
@ -91,29 +95,30 @@ if (dol_strlen($stcomm))
$sql.= " AND s.fk_stcomm=$stcomm";
}
// FIXME $begin not exist
if (dol_strlen($begin)) // filtre sur la premiere lettre du nom
{
$sql.= " AND upper(p.name) LIKE '".$begin."%'";
}
if (trim($_GET["search_nom"]))
if (! empty($search_lastname))
{
$sql.= " AND p.name LIKE '%".trim($_GET["search_nom"])."%'";
$sql.= " AND p.name LIKE '%".$db->escape($search_lastname)."%'";
}
if (trim($_GET["search_prenom"]))
if (! empty($search_firstname))
{
$sql.= " AND p.firstname LIKE '%".trim($_GET["search_prenom"])."%'";
$sql.= " AND p.firstname LIKE '%".$db->escape($search_firstname)."%'";
}
if (trim($_GET["search_societe"]))
if (! empty($search_company))
{
$sql.= " AND s.nom LIKE '%".trim($_GET["search_societe"])."%'";
$sql.= " AND s.nom LIKE '%".$db->escape($search_company)."%'";
}
if ($_GET["contactname"]) // acces a partir du module de recherche
if (! empty($contactname)) // acces a partir du module de recherche
{
$sql.= " AND (p.name LIKE '%".strtolower($_GET["contactname"])."%' OR lower(p.firstname) LIKE '%".strtolower($_GET["contactname"])."%') ";
$sql.= " AND (p.name LIKE '%".$db->escape(strtolower($contactname))."%' OR lower(p.firstname) LIKE '%".$db->escape(strtolower($contactname))."%') ";
$sortfield = "p.name";
$sortorder = "ASC";
}
@ -125,7 +130,7 @@ $resql = $db->query($sql);
if ($resql)
{
$num = $db->num_rows($resql);
$title = (! empty($conf->global->SOCIETE_ADDRESSES_MANAGEMENT) ? $langs->trans("ListOfContacts") : $langs->trans("ListOfContactsAddresses"));
print_barre_liste($title.($label?" (".$label.")":""),$page, $_SERVER["PHP_SELF"], "&amp;type=$type",$sortfield,$sortorder,"",$num);
@ -140,9 +145,9 @@ if ($resql)
print '<form action="'.$_SERVER["PHP_SELF"].'?type='.$_GET["type"].'" method="GET">';
print '<tr class="liste_titre">';
print '<td class="liste_titre"><input class="flat" name="search_nom" size="12" value="'.$_GET["search_nom"].'"></td>';
print '<td class="liste_titre"><input class="flat" name="search_prenom" size="12" value="'.$_GET["search_prenom"].'"></td>';
print '<td class="liste_titre"><input class="flat" name="search_societe" size="12" value="'.$_GET["search_societe"].'"></td>';
print '<td class="liste_titre"><input class="flat" name="search_lastname" size="12" value="'.$search_lastname.'"></td>';
print '<td class="liste_titre"><input class="flat" name="search_firstname" size="12" value="'.$search_firstname.'"></td>';
print '<td class="liste_titre"><input class="flat" name="search_company" size="12" value="'.$search_company.'"></td>';
print '<td class="liste_titre">&nbsp;</td>';
print '<td class="liste_titre" align="right"><input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'"></td>';
print "</tr>\n";

13
htdocs/comm/index.php
View File

@ -35,6 +35,9 @@ if (! $user->rights->societe->lire) accessforbidden();
$langs->load("commercial");
$action=GETPOST('action', 'alpha');
$bid=GETPOST('bid', 'int');
// Securite acces client
$socid=GETPOST('socid','int');
if (isset($user->societe_id) && $user->societe_id > 0)
@ -50,23 +53,23 @@ $now=dol_now();
* Actions
*/
if (isset($_GET["action"]) && $_GET["action"] == 'add_bookmark')
if ($action == 'add_bookmark' && ! empty($socid))
{
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bookmark WHERE fk_soc = ".$_GET["socid"]." AND fk_user=".$user->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bookmark WHERE fk_soc = ".$db->escape($socid)." AND fk_user=".$user->id;
if (! $db->query($sql) )
{
dol_print_error($db);
}
$sql = "INSERT INTO ".MAIN_DB_PREFIX."bookmark (fk_soc, dateb, fk_user) VALUES (".$_GET["socid"].", ".$db->idate($now).",".$user->id.");";
$sql = "INSERT INTO ".MAIN_DB_PREFIX."bookmark (fk_soc, dateb, fk_user) VALUES (".$db->escape($socid).", ".$db->idate($now).",".$user->id.");";
if (! $db->query($sql) )
{
dol_print_error($db);
}
}
if (isset($_GET["action"]) && $_GET["action"] == 'del_bookmark')
if ($action == 'del_bookmark' && ! empty($bid))
{
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bookmark WHERE rowid=".$_GET["bid"];
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bookmark WHERE rowid=".$db->escape($bid);
$result = $db->query($sql);
}

54
htdocs/compta/bank/annuel.php
View File

@ -1,7 +1,7 @@
<?php
/* Copyright (C) 2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2010 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -27,16 +27,16 @@ require 'pre.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/bank.lib.php';
require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
// Security check
if (isset($_GET["account"]) || isset($_GET["ref"]))
{
$id = isset($_GET["account"])?$_GET["account"]:(isset($_GET["ref"])?$_GET["ref"]:'');
}
$fieldid = isset($_GET["ref"])?'ref':'rowid';
if ($user->societe_id) $socid=$user->societe_id;
$result=restrictedArea($user,'banque',$id,'bank_account','','',$fieldid);
$id=GETPOST('account');
$ref=GETPOST('ref');
$year_start=isset($_GET["year_start"])?$_GET["year_start"]:$_POST["year_start"];
// Security check
$fieldid = (! empty($ref)?$ref:$id);
$fieldname = isset($ref)?'ref':'rowid';
if ($user->societe_id) $socid=$user->societe_id;
$result=restrictedArea($user,'banque',$fieldid,'bank_account','','',$fieldname);
$year_start=GETPOST('year_start');
$year_current = strftime("%Y",time());
if (! $year_start)
{
@ -55,14 +55,15 @@ $form = new Form($db);
// Get account informations
$acct = new Account($db);
if ($_GET["account"] && ! preg_match('/,/',$_GET["account"])) // if for a particular account and not a list
if ($id > 0 && ! preg_match('/,/', $id)) // if for a particular account and not a list
{
$result=$acct->fetch($_GET["account"]);
$result=$acct->fetch($id);
$id=$acct->id;
}
if ($_GET["ref"])
if (! empty($ref))
{
$result=$acct->fetch(0,$_GET["ref"]);
$_GET["account"]=$acct->id;
$result=$acct->fetch(0, $ref);
$id=$acct->id;
}
@ -76,7 +77,8 @@ $sql.= ", ".MAIN_DB_PREFIX."bank_account as ba";
$sql.= " WHERE b.fk_account = ba.rowid";
$sql.= " AND ba.entity = ".$conf->entity;
$sql.= " AND b.amount >= 0";
if ($_GET["account"]) $sql .= " AND b.fk_account IN (".$_GET["account"].")";
if (! empty($id))
$sql .= " AND b.fk_account IN (".$db->escape($id).")";
$sql.= " GROUP BY dm";
$resql=$db->query($sql);
@ -103,7 +105,8 @@ $sql.= ", ".MAIN_DB_PREFIX."bank_account as ba";
$sql.= " WHERE b.fk_account = ba.rowid";
$sql.= " AND ba.entity = ".$conf->entity;
$sql.= " AND b.amount <= 0";
if ($_GET["account"]) $sql.= " AND b.fk_account IN (".$_GET["account"].")";
if (! empty($id))
$sql .= " AND b.fk_account IN (".$db->escape($id).")";
$sql.= " GROUP BY dm";
$resql=$db->query($sql);
@ -140,17 +143,17 @@ print '<tr><td valign="top" width="25%">'.$langs->trans("Ref").'</td>';
print '<td colspan="3">';
if ($_GET["account"])
{
if (! preg_match('/,/',$_GET["account"]))
if (! preg_match('/,/', $id))
{
print $form->showrefnav($acct, 'ref', $linkback, 1, 'ref');
}
else
{
$bankaccount=new Account($db);
$listid=explode(',',$_GET["account"]);
foreach($listid as $key => $id)
$listid=explode(',', $id);
foreach($listid as $key => $aId)
{
$bankaccount->fetch($id);
$bankaccount->fetch($aId);
$bankaccount->label=$bankaccount->ref;
print $bankaccount->getNomUrl(1);
if ($key < (count($listid)-1)) print ', ';
@ -166,7 +169,7 @@ print '</td></tr>';
// Label
print '<tr><td valign="top">'.$langs->trans("Label").'</td>';
print '<td colspan="3">';
if ($_GET["account"])
if (! empty($id))
{
print $acct->label;
}
@ -254,7 +257,8 @@ $sql.= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql.= ", ".MAIN_DB_PREFIX."bank_account as ba";
$sql.= " WHERE b.fk_account = ba.rowid";
$sql.= " AND ba.entity = ".$conf->entity;
if ($_GET["account"]) $sql.= " AND b.fk_account IN (".$_GET["account"].")";
if (! empty($id))
$sql.= " AND b.fk_account IN (".$db->escape($id).")";
$resql=$db->query($sql);
if ($resql)
@ -273,8 +277,6 @@ print "</table>";
print "\n</div>\n";
$db->close();
llxFooter();
$db->close();
?>

4
htdocs/compta/bank/index.php
View File

@ -1,7 +1,7 @@
<?php
/* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copytight (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
* Copytight (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -35,7 +35,7 @@ $langs->load("categories");
if ($user->societe_id) $socid=$user->societe_id;
$result=restrictedArea($user,'banque');
$statut=isset($_GET["statut"])?$_GET["statut"]:'';
$statut=GETPOST('statut');

27
htdocs/compta/bank/rappro.php
View File

@ -37,14 +37,15 @@ $langs->load("bills");
if (! $user->rights->banque->consolidate) accessforbidden();
$action=GETPOST('action', 'alpha');
$id=GETPOST('account', 'int');
/*
* Actions
*/
// Conciliation
if ($user->rights->banque->consolidate && $_POST["action"] == 'rappro')
if ($action == 'rappro' && $user->rights->banque->consolidate)
{
// Definition, nettoyage parametres
$num_releve=trim($_POST["num_releve"]);
@ -77,7 +78,7 @@ if ($user->rights->banque->consolidate && $_POST["action"] == 'rappro')
/*
* Action suppression ecriture
*/
if ($_GET["action"] == 'del')
if ($action == 'del')
{
$accline=new AccountLine($db);
$accline->fetch($_GET["rowid"]);
@ -127,13 +128,13 @@ $paymentsupplierstatic=new PaiementFourn($db);
$paymentvatstatic=new TVA($db);
$acct = new Account($db);
$acct->fetch($_GET["account"]);
$acct->fetch($id);
$now=dol_now();
$sql = "SELECT b.rowid, b.dateo as do, b.datev as dv, b.amount, b.label, b.rappro, b.num_releve, b.num_chq, b.fk_type as type";
$sql.= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql.= " WHERE rappro=0 AND fk_account=".$_GET["account"];
$sql.= " WHERE rappro=0 AND fk_account=".$acct->id;
$sql.= " ORDER BY dateo ASC";
$sql.= " LIMIT 1000"; // Limit to avoid page overload
@ -163,7 +164,7 @@ if ($resql)
$var=True;
$num = $db->num_rows($resql);
print_fiche_titre($langs->trans("Reconciliation").': <a href="account.php?account='.$_GET["account"].'">'.$acct->label.'</a>');
print_fiche_titre($langs->trans("Reconciliation").': <a href="account.php?account='.$acct->id.'">'.$acct->label.'</a>');
print '<br>';
dol_htmloutput_mesg($mesg);
@ -172,7 +173,7 @@ if ($resql)
$nbmax=5;
$liste="";
$sql = "SELECT DISTINCT num_releve FROM ".MAIN_DB_PREFIX."bank";
$sql.= " WHERE fk_account=".$_GET["account"]." AND num_releve IS NOT NULL";
$sql.= " WHERE fk_account=".$acct->id." AND num_releve IS NOT NULL";
$sql.= $db->order("num_releve","DESC");
$sql.= $db->plimit($nbmax+1);
print $langs->trans("LastAccountStatements").' : ';
@ -186,7 +187,7 @@ if ($resql)
$objr = $db->fetch_object($resqlr);
$last_releve = $objr->num_releve;
$i++;
$liste='<a href="'.DOL_URL_ROOT.'/compta/bank/releve.php?account='.$_GET["account"].'&amp;num='.$objr->num_releve.'">'.$objr->num_releve.'</a> &nbsp; '.$liste;
$liste='<a href="'.DOL_URL_ROOT.'/compta/bank/releve.php?account='.$acct->id.'&amp;num='.$objr->num_releve.'">'.$objr->num_releve.'</a> &nbsp; '.$liste;
}
if ($numr >= $nbmax) $liste="... &nbsp; ".$liste;
print $liste;
@ -199,10 +200,10 @@ if ($resql)
}
print '<form method="post" action="rappro.php?account='.$_GET["account"].'">';
print '<form method="post" action="rappro.php?account='.$acct->id.'">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print "<input type=\"hidden\" name=\"action\" value=\"rappro\">";
print "<input type=\"hidden\" name=\"account\" value=\"".$_GET["account"]."\">";
print "<input type=\"hidden\" name=\"account\" value=\"".$acct->id."\">";
print $langs->trans("InputReceiptNumber").': ';
print '<input class="flat" name="num_releve" type="text" value="'.(GETPOST('num_releve')?GETPOST('num_releve'):$objp->num_releve).'" size="10">';
@ -251,9 +252,9 @@ if ($resql)
print '<td align="center" nowrap="nowrap">';
print '<span id="datevalue_'.$objp->rowid.'">'.dol_print_date($db->jdate($objp->dv),"day")."</span>";
print ' <span>&nbsp; ';
print '<a class="ajax" href="'.$_SERVER['PHP_SELF'].'?action=dvprev&amp;account='.$_GET["account"].'&amp;rowid='.$objp->rowid.'">';
print '<a class="ajax" href="'.$_SERVER['PHP_SELF'].'?action=dvprev&amp;account='.$acct->id.'&amp;rowid='.$objp->rowid.'">';
print img_edit_remove() . "</a> ";
print '<a class="ajax" href="'.$_SERVER['PHP_SELF'].'?action=dvnext&amp;account='.$_GET["account"].'&amp;rowid='.$objp->rowid.'">';
print '<a class="ajax" href="'.$_SERVER['PHP_SELF'].'?action=dvnext&amp;account='.$acct->id.'&amp;rowid='.$objp->rowid.'">';
print img_edit_add() ."</a></span>";
print '</td>';
}
@ -380,7 +381,7 @@ if ($resql)
print '<a href="'.DOL_URL_ROOT.'/compta/bank/ligne.php?rowid='.$objp->rowid.'&amp;account='.$acct->id.'&amp;orig_account='.$acct->id.'">';
print img_edit();
print '</a>&nbsp; ';
$now=dol_now();
if ($db->jdate($objp->do) <= $now) {
print '<a href="'.DOL_URL_ROOT.'/compta/bank/rappro.php?action=del&amp;rowid='.$objp->rowid.'&amp;account='.$acct->id.'">';

67
htdocs/compta/bank/releve.php
View File

@ -1,7 +1,7 @@
<?php
/* Copyright (C) 2001-2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2009 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -26,37 +26,39 @@
require 'pre.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/bank.lib.php';
$action=GETPOST('action');
$action=GETPOST('action', 'alpha');
$langs->load("companies");
$langs->load("banks");
$langs->load("bills");
$id=GETPOST('account');
$ref=GETPOST('ref');
$dvid=GETPOST('dvid');
$num=GETPOST('num');
// Security check
if (isset($_GET["account"]) || isset($_GET["ref"]))
{
$id = isset($_GET["account"])?$_GET["account"]:(isset($_GET["ref"])?$_GET["ref"]:'');
}
$fieldid = isset($_GET["ref"])?'ref':'rowid';
$fieldid = (! empty($ref)?$ref:$id);
$fieldname = isset($ref)?'ref':'rowid';
if ($user->societe_id) $socid=$user->societe_id;
$result=restrictedArea($user,'banque',$id,'bank_account','','',$fieldid);
$result=restrictedArea($user,'banque',$fieldid,'bank_account','','',$fieldname);
if ($user->rights->banque->consolidate && $action == 'dvnext')
if ($user->rights->banque->consolidate && $action == 'dvnext' && ! empty($dvid))
{
$al = new AccountLine($db);
$al->datev_next($_GET["dvid"]);
$al->datev_next($dvid);
}
if ($user->rights->banque->consolidate && $action == 'dvprev')
if ($user->rights->banque->consolidate && $action == 'dvprev' && ! empty($dvid))
{
$al = new AccountLine($db);
$al->datev_previous($_GET["dvid"]);
$al->datev_previous($dvid);
}
$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"];
$page=isset($_GET["page"])?$_GET["page"]:$_POST["page"];
$sortfield = GETPOST('sortfield', 'alpha');
$sortorder = GETPOST('sortorder', 'alpha');
$page = GETPOST('page', 'int');
if ($page == -1) { $page = 0; }
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="s.nom";
@ -77,24 +79,19 @@ $form = new Form($db);
// Load account
$acct = new Account($db);
if ($_GET["account"])
if ($id > 0 || ! empty($ref))
{
$acct->fetch($_GET["account"]);
}
if ($_GET["ref"])
{
$acct->fetch(0,$_GET["ref"]);
$_GET["account"]=$acct->id;
$acct->fetch($id, $ref);
}
if (! isset($_GET["num"]))
if (! isset($num))
{
/*
* Vue liste tous releves confondus
*/
$sql = "SELECT DISTINCT(b.num_releve) as numr";
$sql.= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql.= " WHERE b.fk_account = ".$_GET["account"];
$sql.= " WHERE b.fk_account = ".$acct->id;
$sql.= " ORDER BY numr DESC";
$sql.= $db->plimit($conf->liste_limit+1,$offset);
@ -130,7 +127,7 @@ if (! isset($_GET["num"]))
print_barre_liste('', $page, $_SERVER["PHP_SELF"], "&amp;account=".$_GET["account"], $sortfield, $sortorder,'',$numrows);
print_barre_liste('', $page, $_SERVER["PHP_SELF"], "&amp;account=".$acct->id, $sortfield, $sortorder,'',$numrows);
print '<table class="noborder" width="100%">';
print "<tr class=\"liste_titre\">";
@ -147,7 +144,7 @@ if (! isset($_GET["num"]))
}
else
{
print "<tr $bc[$var]><td><a href=\"releve.php?num=$objp->numr&amp;account=".$_GET["account"]."\">$objp->numr</a></td></tr>\n";
print "<tr $bc[$var]><td><a href=\"releve.php?num=$objp->numr&amp;account=".$acct->id."\">$objp->numr</a></td></tr>\n";
}
$i++;
}
@ -173,8 +170,8 @@ else
// Recherche valeur pour num = numero releve precedent
$sql = "SELECT DISTINCT(b.num_releve) as num";
$sql.= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql.= " WHERE b.num_releve < '".$_GET["num"]."'";
$sql.= " AND b.fk_account = ".$_GET["account"];
$sql.= " WHERE b.num_releve < '".$db->escape($num)."'";
$sql.= " AND b.fk_account = ".$acct->id;
$sql.= " ORDER BY b.num_releve DESC";
dol_syslog("htdocs/compta/bank/releve.php sql=".$sql);
@ -195,8 +192,8 @@ else
// Recherche valeur pour num = numero releve precedent
$sql = "SELECT DISTINCT(b.num_releve) as num";
$sql.= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql.= " WHERE b.num_releve > '".$_GET["num"]."'";
$sql.= " AND b.fk_account = ".$_GET["account"];
$sql.= " WHERE b.num_releve > '".$db->escape($num)."'";
$sql.= " AND b.fk_account = ".$acct->id;
$sql.= " ORDER BY b.num_releve ASC";
dol_syslog("htdocs/compta/bank/releve.php sql=".$sql);
@ -214,10 +211,8 @@ else
}
else {
// On veut le releve num
$num=$_GET["num"];
$found=true;
}
if (! $found) $num=$_GET["num"];
$mesprevnext ="<a href=\"releve.php?rel=prev&amp;num=$num&amp;ve=$ve&amp;account=$acct->id\">".img_previous()."</a> &nbsp;";
$mesprevnext.= $langs->trans("AccountStatement")." $num";
@ -244,7 +239,7 @@ else
// Calcul du solde de depart du releve
$sql = "SELECT sum(b.amount) as amount";
$sql.= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql.= " WHERE b.num_releve < '".$num."'";
$sql.= " WHERE b.num_releve < '".$db->escape($num)."'";
$sql.= " AND b.fk_account = ".$acct->id;
$resql=$db->query($sql);
@ -259,7 +254,7 @@ else
$sql = "SELECT b.rowid, b.dateo as do, b.datev as dv";
$sql.= ", b.amount, b.label, b.rappro, b.num_releve, b.num_chq, b.fk_type";
$sql.= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql.= " WHERE b.num_releve='".$num."'";
$sql.= " WHERE b.num_releve='".$db->escape($num)."'";
if (!isset($num)) $sql.= " OR b.num_releve is null";
$sql.= " AND b.fk_account = ".$acct->id;
$sql.= " ORDER BY b.datev ASC";
@ -289,10 +284,10 @@ else
// Date de valeur
print '<td align="center" valign="center" nowrap="nowrap">';
print '<a href="releve.php?action=dvprev&amp;num='.$num.'&amp;account='.$_GET["account"].'&amp;dvid='.$objp->rowid.'">';
print '<a href="releve.php?action=dvprev&amp;num='.$num.'&amp;account='.$acct->id.'&amp;dvid='.$objp->rowid.'">';
print img_previous().'</a> ';
print dol_print_date($db->jdate($objp->dv),"day") .' ';
print '<a href="releve.php?action=dvnext&amp;num='.$num.'&amp;account='.$_GET["account"].'&amp;dvid='.$objp->rowid.'">';
print '<a href="releve.php?action=dvnext&amp;num='.$num.'&amp;account='.$acct->id.'&amp;dvid='.$objp->rowid.'">';
print img_next().'</a>';
print "</td>\n";

6
htdocs/compta/facture.php
View File

@ -994,9 +994,9 @@ else if (($action == 'addline' || $action == 'addline_predef') && $user->rights-
$date_end=dol_mktime(GETPOST('date_end'.$predef.'hour'), GETPOST('date_end'.$predef.'min'), GETPOST('date_end'.$predef.'sec'), GETPOST('date_end'.$predef.'month'), GETPOST('date_end'.$predef.'day'), GETPOST('date_end'.$predef.'year'));
$price_base_type = (GETPOST('price_base_type', 'alpha')?GETPOST('price_base_type', 'alpha'):'HT');
// Define special_code for special lines
$special_code=0;
//if (empty($_POST['qty'])) $special_code=3; // Options should not exists on invoices
// Define special_code for special lines
$special_code=0;
//if (empty($_POST['qty'])) $special_code=3; // Options should not exists on invoices
// Ecrase $pu par celui du produit
// Ecrase $desc par celui du produit

23
htdocs/compta/index.php
View File

@ -1,7 +1,7 @@
<?php
/* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -27,9 +27,12 @@ require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php';
if (! empty($conf->commande->enabled)) require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
if (! empty($conf->commande->enabled)) require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php';
if (! empty($conf->tax->enabled)) require_once DOL_DOCUMENT_ROOT.'/compta/sociales/class/chargesociales.class.php';
if (! empty($conf->commande->enabled))
require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
if (! empty($conf->commande->enabled))
require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php';
if (! empty($conf->tax->enabled))
require_once DOL_DOCUMENT_ROOT.'/compta/sociales/class/chargesociales.class.php';
// L'espace compta/treso doit toujours etre actif car c'est un espace partage
// par de nombreux modules (banque, facture, commande a facturer, etc...) independamment
@ -40,7 +43,11 @@ if (! empty($conf->tax->enabled)) require_once DOL_DOCUMENT_ROOT.'/compta/social
$langs->load("compta");
$langs->load("bills");
if (! empty($conf->commande->enabled)) $langs->load("orders");
if (! empty($conf->commande->enabled))
$langs->load("orders");
$action=GETPOST('action', 'alpha');
$bid=GETPOST('bid', 'int');
// Security check
$socid='';
@ -55,7 +62,7 @@ if ($user->societe_id > 0)
* Actions
*/
if (isset($_GET["action"]) && $_GET["action"] == 'add_bookmark')
if ($action == 'add_bookmark')
{
$now=dol_now();
@ -71,9 +78,9 @@ if (isset($_GET["action"]) && $_GET["action"] == 'add_bookmark')
}
}
if (isset($_GET["action"]) && $_GET["action"] == 'del_bookmark')
if ($action == 'del_bookmark' && ! empty($bid))
{
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bookmark WHERE rowid=".$_GET["bid"];
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bookmark WHERE rowid=".$db->escape($bid);
$result = $db->query($sql);
}

12
htdocs/contact/list.php
View File

@ -51,10 +51,10 @@ $type=GETPOST("type");
$view=GETPOST("view");
$sall=GETPOST("contactname");
$sortfield = GETPOST("sortfield");
$sortorder = GETPOST("sortorder");
$page = GETPOST("page");
$userid=GETPOST('userid');
$sortfield = GETPOST('sortfield', 'alpha');
$sortorder = GETPOST('sortorder', 'alpha');
$page = GETPOST('page', 'int');
$userid=GETPOST('userid','int');
$begin=GETPOST('begin');
if (! $sortorder) $sortorder="ASC";
@ -131,9 +131,9 @@ if (!$user->rights->societe->client->voir && !$socid) //restriction
{
$sql .= " AND (sc.fk_user = " .$user->id." OR p.fk_soc IS NULL)";
}
if ($userid) // propre au commercial
if (! empty($userid)) // propre au commercial
{
$sql .= " AND p.fk_user_creat=".$userid;
$sql .= " AND p.fk_user_creat=".$db->escape($userid);
}
// Filter to exclude not owned private contacts

2
htdocs/core/db/pgsql.class.php
View File

@ -296,7 +296,7 @@ class DoliDBPgsql
// To have postgresql case sensitive
$line=str_replace(' LIKE \'',' ILIKE \'',$line);
$line=str_replace(' LIKE BINARY \'',' LIKE \'',$line);
$line=str_replace(' LIKE BINARY \'',' LIKE \'',$line);
// Delete using criteria on other table must not declare twice the deleted table
// DELETE FROM tabletodelete USING tabletodelete, othertable -> DELETE FROM tabletodelete USING othertable

6
htdocs/societe/ajaxcountries.php
View File

@ -30,6 +30,8 @@ if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1');
require '../main.inc.php';
$country=GETPOST('pays', 'alpha');
/*
* View
@ -49,14 +51,14 @@ print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY
dol_syslog(join(',',$_POST));
// Generation liste des pays
if(isset($_POST['pays']) && !empty($_POST['pays']))
if (! empty($country))
{
global $langs;
$langs->load("dict");
$sql = "SELECT rowid, code, libelle, active";
$sql.= " FROM ".MAIN_DB_PREFIX."c_pays";
$sql.= " WHERE active = 1 AND libelle LIKE '%" . utf8_decode($_POST['pays']) . "%'";
$sql.= " WHERE active = 1 AND libelle LIKE '%" . $db->escape(utf8_decode($country)) . "%'";
$sql.= " ORDER BY libelle ASC";
$resql=$db->query($sql);