From 523d09536c4e710db05daee7e2a8d168f6cdebbb Mon Sep 17 00:00:00 2001 From: gauthier Date: Mon, 17 Feb 2020 12:20:19 +0100 Subject: [PATCH 01/13] FIX : must be == and not = --- htdocs/product/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 565cb6f7565..ebf9c093c02 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -1174,7 +1174,7 @@ else // Accountancy_code_sell print ''.$langs->trans("ProductAccountancySellCode").''; print ''; - if($type = 0) { + if($type == 0) { $accountancy_code_sell = (GETPOST('accountancy_code_sell', 'alpha')?(GETPOST('accountancy_code_sell', 'alpha')):$conf->global->ACCOUNTING_PRODUCT_SOLD_ACCOUNT); } else { $accountancy_code_sell = (GETPOST('accountancy_code_sell', 'alpha')?(GETPOST('accountancy_code_sell', 'alpha')):$conf->global->ACCOUNTING_SERVICE_SOLD_ACCOUNT); From a5de331410edfdc3844c596ce1381f2c3041fa0e Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Mon, 17 Feb 2020 19:13:37 +0100 Subject: [PATCH 02/13] FIX Multicompany compatibility --- htdocs/fourn/commande/index.php | 34 +++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/htdocs/fourn/commande/index.php b/htdocs/fourn/commande/index.php index 6c2b66bc7f3..39855ea7500 100644 --- a/htdocs/fourn/commande/index.php +++ b/htdocs/fourn/commande/index.php @@ -157,12 +157,12 @@ else * Reason: Show all Status and give the possibility to filter only one */ -$sql = "SELECT count(cf.rowid), fk_statut"; +$sql = "SELECT count(cf.rowid), cf.fk_statut"; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql.= ", ".MAIN_DB_PREFIX."commande_fournisseur as cf"; if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE cf.fk_soc = s.rowid"; -$sql.= " AND s.entity = ".$conf->entity; +$sql.= " AND cf.entity IN (".getEntity("supplier_order").")"; // Thirdparty sharing is mandatory with supplier order sharing if ($user->societe_id) $sql.=' AND cf.fk_soc = '.$user->societe_id; if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; $sql.= " GROUP BY cf.fk_statut"; @@ -210,7 +210,7 @@ if (! empty($conf->fournisseur->enabled)) $sql.= ", ".MAIN_DB_PREFIX."societe as s"; if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE c.fk_soc = s.rowid"; - $sql.= " AND c.entity = ".$conf->entity; + $sql.= " AND c.entity IN (".getEntity("supplier_order").")"; // Thirdparty sharing is mandatory with supplier order sharing $sql.= " AND c.fk_statut = 0"; if (! empty($socid)) $sql.= " AND c.fk_soc = ".$socid; if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; @@ -245,13 +245,27 @@ if (! empty($conf->fournisseur->enabled)) /* * List of users allowed */ -$sql = "SELECT u.rowid, u.lastname, u.firstname, u.email"; -$sql.= " FROM ".MAIN_DB_PREFIX."user as u,"; -$sql.= " ".MAIN_DB_PREFIX."user_rights as ur"; -$sql.= ", ".MAIN_DB_PREFIX."rights_def as rd"; -$sql.= " WHERE u.rowid = ur.fk_user"; -$sql.= " AND (u.entity IN (0,".$conf->entity.")"; -$sql.= " AND rd.entity = ".$conf->entity.")"; +$sql = "SELECT"; +if (! empty($conf->multicompany->enabled) && ! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { + $sql .= " DISTINCT"; +} +$sql.= " u.rowid, u.lastname, u.firstname, u.email"; +$sql.= " FROM ".MAIN_DB_PREFIX."user as u"; +$sql.= ",".MAIN_DB_PREFIX."user_rights as ur"; +$sql.= ",".MAIN_DB_PREFIX."rights_def as rd"; +if (! empty($conf->multicompany->enabled) && ! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) +{ + $sql.= ",".MAIN_DB_PREFIX."usergroup_user as ug"; + $sql.= " WHERE ((ug.fk_user = u.rowid"; + $sql.= " AND ug.entity IN (".getEntity('usergroup')."))"; + $sql.= " OR u.entity = 0)"; // Show always superadmin +} +else +{ + $sql.= " WHERE (u.entity IN (".getEntity('user').")"; + $sql.= " AND ur.entity = ".$conf->entity.")"; +} +$sql.= " AND u.rowid = ur.fk_user"; $sql.= " AND ur.fk_id = rd.id"; $sql.= " AND module = 'fournisseur'"; $sql.= " AND perms = 'commande'"; From 7b4c674bdc4ee9f5e6e9ff09693e453f108242ab Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 17 Feb 2020 21:43:53 +0100 Subject: [PATCH 03/13] Fix css --- htdocs/projet/element.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/projet/element.php b/htdocs/projet/element.php index 10137156233..46cf12356c5 100644 --- a/htdocs/projet/element.php +++ b/htdocs/projet/element.php @@ -829,7 +829,7 @@ foreach ($listofreferent as $key => $value) $addform.='
'; if ($testnew) $addform.=''.($buttonnew?$langs->trans($buttonnew):$langs->trans("Create")).''; elseif (empty($conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED)) { - $addform.=''.($buttonnew?$langs->trans($buttonnew):$langs->trans("Create")).''; + $addform.=''.($buttonnew?$langs->trans($buttonnew):$langs->trans("Create")).''; } $addform.='
'; } From f6f0d9d4a214aac173d64019d556b8dd9baea5f1 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 18 Feb 2020 08:35:51 +0100 Subject: [PATCH 04/13] FIX better method to check user rights AND usergroup rights ! --- htdocs/fourn/commande/index.php | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/htdocs/fourn/commande/index.php b/htdocs/fourn/commande/index.php index 39855ea7500..1c4e0aad9e4 100644 --- a/htdocs/fourn/commande/index.php +++ b/htdocs/fourn/commande/index.php @@ -251,8 +251,6 @@ if (! empty($conf->multicompany->enabled) && ! empty($conf->global->MULTICOMPANY } $sql.= " u.rowid, u.lastname, u.firstname, u.email"; $sql.= " FROM ".MAIN_DB_PREFIX."user as u"; -$sql.= ",".MAIN_DB_PREFIX."user_rights as ur"; -$sql.= ",".MAIN_DB_PREFIX."rights_def as rd"; if (! empty($conf->multicompany->enabled) && ! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { $sql.= ",".MAIN_DB_PREFIX."usergroup_user as ug"; @@ -263,13 +261,7 @@ if (! empty($conf->multicompany->enabled) && ! empty($conf->global->MULTICOMPANY else { $sql.= " WHERE (u.entity IN (".getEntity('user').")"; - $sql.= " AND ur.entity = ".$conf->entity.")"; } -$sql.= " AND u.rowid = ur.fk_user"; -$sql.= " AND ur.fk_id = rd.id"; -$sql.= " AND module = 'fournisseur'"; -$sql.= " AND perms = 'commande'"; -$sql.= " AND subperms = 'approuver'"; $resql = $db->query($sql); if ($resql) @@ -285,15 +277,22 @@ if ($resql) { $obj = $db->fetch_object($resql); - print ''; - print ''; - $userstatic->id=$obj->rowid; - $userstatic->lastname=$obj->lastname; - $userstatic->firstname=$obj->firstname; - $userstatic->email=$obj->email; - print $userstatic->getNomUrl(1); - print ''; - print "\n"; + $userstatic = new User($db); + $userstatic->id = $obj->rowid; + $userstatic->getrights('fournisseur'); + + if (! empty($userstatic->rights->fournisseur->commande->approuver)) + { + print ''; + print ''; + $userstatic->lastname = $obj->lastname; + $userstatic->firstname = $obj->firstname; + $userstatic->email = $obj->email; + print $userstatic->getNomUrl(1); + print ''; + print "\n"; + } + $i++; } print "
"; From 4511cf1060b59d04facb934654e7394d28455ad8 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 18 Feb 2020 09:03:25 +0100 Subject: [PATCH 05/13] FIX missing "statut" for getNomUrl() function --- htdocs/fourn/commande/index.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/fourn/commande/index.php b/htdocs/fourn/commande/index.php index 1c4e0aad9e4..01af73cb76e 100644 --- a/htdocs/fourn/commande/index.php +++ b/htdocs/fourn/commande/index.php @@ -249,7 +249,7 @@ $sql = "SELECT"; if (! empty($conf->multicompany->enabled) && ! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { $sql .= " DISTINCT"; } -$sql.= " u.rowid, u.lastname, u.firstname, u.email"; +$sql.= " u.rowid, u.lastname, u.firstname, u.email, u.statut"; $sql.= " FROM ".MAIN_DB_PREFIX."user as u"; if (! empty($conf->multicompany->enabled) && ! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { @@ -288,6 +288,7 @@ if ($resql) $userstatic->lastname = $obj->lastname; $userstatic->firstname = $obj->firstname; $userstatic->email = $obj->email; + $userstatic->statut = $obj->statut; print $userstatic->getNomUrl(1); print ''; print "\n"; From 110a23623bab0f8f6c60e6614ba914e7421ee661 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 18 Feb 2020 11:04:11 +0100 Subject: [PATCH 06/13] FIX an external user can not approved --- htdocs/fourn/commande/index.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/fourn/commande/index.php b/htdocs/fourn/commande/index.php index 01af73cb76e..50a9150a9a1 100644 --- a/htdocs/fourn/commande/index.php +++ b/htdocs/fourn/commande/index.php @@ -262,6 +262,7 @@ else { $sql.= " WHERE (u.entity IN (".getEntity('user').")"; } +$sql.= " AND u.fk_soc IS NULL"; // An external user can not approved $resql = $db->query($sql); if ($resql) From 9ce0e6869e54824f4b9a93e87158a155b174f38e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 18 Feb 2020 11:55:39 +0100 Subject: [PATCH 07/13] Fix trans --- htdocs/comm/propal/list.php | 4 ++-- htdocs/langs/en_US/admin.lang | 3 ++- htdocs/langs/en_US/main.lang | 2 ++ 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index 4bb794a372a..d4d227f8b7c 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -164,8 +164,8 @@ $arrayfields = array( 'p.total_ht'=>array('label'=>"AmountHT", 'checked'=>1), 'p.total_vat'=>array('label'=>"AmountVAT", 'checked'=>0), 'p.total_ttc'=>array('label'=>"AmountTTC", 'checked'=>0), - 'p.total_ht_invoiced'=>array('label'=>$langs->trans("AmountInvoicedHT"), 'checked'=>0, 'enabled'=>$conf->global->PROPOSAL_SHOW_INVOICED_AMOUNT), - 'p.total_invoiced'=>array('label'=>$langs->trans("AmountInvoicedTTC"), 'checked'=>0, 'enabled'=>$conf->global->PROPOSAL_SHOW_INVOICED_AMOUNT), + 'p.total_ht_invoiced'=>array('label'=>"AmountInvoicedHT", 'checked'=>0, 'enabled'=>$conf->global->PROPOSAL_SHOW_INVOICED_AMOUNT), + 'p.total_invoiced'=>array('label'=>"AmountInvoicedTTC", 'checked'=>0, 'enabled'=>$conf->global->PROPOSAL_SHOW_INVOICED_AMOUNT), 'u.login'=>array('label'=>"Author", 'checked'=>1, 'position'=>10), 'sale_representative'=>array('label'=>"SaleRepresentativesOfThirdParty", 'checked'=>1), 'p.datec'=>array('label'=>"DateCreation", 'checked'=>0, 'position'=>500), diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 0bf914d0e22..3fde658960e 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -1973,4 +1973,5 @@ NotAPublicIp=Not a public IP MakeAnonymousPing=Make an anonymous Ping '+1' to the Dolibarr foundation server (done 1 time only after installation) to allow the foundation to count the number of Dolibarr installation. FeatureNotAvailableWithReceptionModule=Feature not available when module Reception is enabled EmailTemplate=Template for email -EMailsWillHaveMessageID=Emails will have a tag 'References' matching this syntax \ No newline at end of file +EMailsWillHaveMessageID=Emails will have a tag 'References' matching this syntax +FafaIconSocialNetworksDesc=Enter here the code of a FontAwesome icon. If you don't know what is FontAwesome, you can use the generic value fa-address-book. \ No newline at end of file diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang index 0409f4326f3..8f8480a03cb 100644 --- a/htdocs/langs/en_US/main.lang +++ b/htdocs/langs/en_US/main.lang @@ -352,6 +352,8 @@ PriceUTTC=U.P. (inc. tax) Amount=Amount AmountInvoice=Invoice amount AmountInvoiced=Amount invoiced +AmountInvoicedHT=Amount invoiced (incl. tax) +AmountInvoicedTTC=Amount invoiced (excl. tax) AmountPayment=Payment amount AmountHTShort=Amount (excl.) AmountTTCShort=Amount (inc. tax) From 7e814e2a08e47eeddae1ffc3bd475bf67d3193eb Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 18 Feb 2020 12:01:19 +0100 Subject: [PATCH 08/13] FIX Menu truncated. Add tooltip to have all content. --- htdocs/core/menus/standard/auguria.lib.php | 4 ++-- htdocs/core/menus/standard/eldy.lib.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/core/menus/standard/auguria.lib.php b/htdocs/core/menus/standard/auguria.lib.php index e35f45576d1..390c50aa748 100644 --- a/htdocs/core/menus/standard/auguria.lib.php +++ b/htdocs/core/menus/standard/auguria.lib.php @@ -548,7 +548,7 @@ function print_left_auguria_menu($db, $menu_array_before, $menu_array_after, &$t if ($menu_array[$i]['enabled']) // Enabled so visible { print '
'.$tabstring; - if ($shorturlwithoutparam) print ''; + if ($shorturlwithoutparam) print ''; else print ''; print ($menu_array[$i]['prefix'] ? $menu_array[$i]['prefix'] : '').$menu_array[$i]['titre']; if ($shorturlwithoutparam) print ''; @@ -580,7 +580,7 @@ function print_left_auguria_menu($db, $menu_array_before, $menu_array_after, &$t if ($menu_array[$i]['enabled'] && $lastlevel0 == 'enabled') // Enabled so visible, except if parent was not enabled. { print '
'.$tabstring; - if ($shorturlwithoutparam) print ''; + if ($shorturlwithoutparam) print ''; else print ''; print $menu_array[$i]['titre']; if ($shorturlwithoutparam) print ''; diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 0428f5e1dba..109de3a99c4 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -2027,7 +2027,7 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM if ($menu_array[$i]['enabled']) // Enabled so visible { print '
'.$tabstring; - if ($shorturlwithoutparam) print ''; + if ($shorturlwithoutparam) print ''; else print ''; print ($menu_array[$i]['prefix'] ? $menu_array[$i]['prefix'] : '').$menu_array[$i]['titre']; if ($shorturlwithoutparam) print ''; @@ -2059,7 +2059,7 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM if ($menu_array[$i]['enabled'] && $lastlevel0 == 'enabled') // Enabled so visible, except if parent was not enabled. { print '
'.$tabstring; - if ($shorturlwithoutparam) print ''; + if ($shorturlwithoutparam) print ''; else print ''; print $menu_array[$i]['titre']; if ($shorturlwithoutparam) print ''; From 67eb584a7fec71d47f9c00aa62f7fbc9a9f77110 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 18 Feb 2020 12:22:25 +0100 Subject: [PATCH 09/13] FIX Missing field "billed" in export --- htdocs/core/modules/modProjet.class.php | 10 ++++++++-- htdocs/exports/export.php | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/htdocs/core/modules/modProjet.class.php b/htdocs/core/modules/modProjet.class.php index 5489e2b92ca..05773b549ab 100644 --- a/htdocs/core/modules/modProjet.class.php +++ b/htdocs/core/modules/modProjet.class.php @@ -254,8 +254,11 @@ class modProjet extends DolibarrModules include DOL_DOCUMENT_ROOT.'/core/extrafieldsinexport.inc.php'; // End add extra fields $this->export_fields_array[$r]=array_merge($this->export_fields_array[$r], array('ptt.rowid'=>'IdTaskTime','ptt.task_date'=>'TaskTimeDate','ptt.task_duration'=>"TimesSpent",'ptt.fk_user'=>"TaskTimeUser",'ptt.note'=>"TaskTimeNote")); - $this->export_entities_array[$r]=array_merge($this->export_entities_array[$r], array('ptt.rowid'=>'task_time','ptt.task_date'=>'task_time','ptt.task_duration'=>"task_time",'ptt.fk_user'=>"task_time",'ptt.note'=>"task_time")); - + $this->export_entities_array[$r]=array_merge($this->export_entities_array[$r], array('ptt.rowid'=>'task_time','ptt.task_date'=>'task_time','ptt.task_duration'=>"task_time",'ptt.fk_user'=>"task_time",'ptt.note'=>"task_time")); + if (empty($conf->global->PROJECT_HIDE_TASKS)) { + $this->export_fields_array[$r]=array_merge($this->export_fields_array[$r], array('f.ref'=>"Billed")); + $this->export_entities_array[$r]=array_merge($this->export_entities_array[$r], array('f.ref'=>"task_time")); + } $this->export_sql_start[$r]='SELECT DISTINCT '; $this->export_sql_end[$r] =' FROM '.MAIN_DB_PREFIX.'projet as p'; $this->export_sql_end[$r] .=' LEFT JOIN '.MAIN_DB_PREFIX.'projet_extrafields as extra ON p.rowid = extra.fk_object'; @@ -264,6 +267,9 @@ class modProjet extends DolibarrModules $this->export_sql_end[$r] .=' LEFT JOIN '.MAIN_DB_PREFIX.'projet_task_extrafields as extra2 ON pt.rowid = extra2.fk_object'; $this->export_sql_end[$r] .=' LEFT JOIN '.MAIN_DB_PREFIX."projet_task_time as ptt ON pt.rowid = ptt.fk_task"; $this->export_sql_end[$r] .=' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON p.fk_soc = s.rowid'; + if (empty($conf->global->PROJECT_HIDE_TASKS)) { + $this->export_sql_end[$r] .=' LEFT JOIN '.MAIN_DB_PREFIX.'facture as f ON ptt.invoice_id = f.rowid'; + } $this->export_sql_end[$r] .=" WHERE p.entity IN (".getEntity('project').")"; diff --git a/htdocs/exports/export.php b/htdocs/exports/export.php index 5373ea3a3b2..1e5c26d5b03 100644 --- a/htdocs/exports/export.php +++ b/htdocs/exports/export.php @@ -33,7 +33,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/modules/export/modules_export.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; // Load translation files required by the page -$langs->loadlangs(array('admin', 'exports', 'other', 'users', 'companies', 'projects', 'suppliers', 'products', 'bank')); +$langs->loadlangs(array('admin', 'exports', 'other', 'users', 'companies', 'projects', 'suppliers', 'products', 'bank', 'bills')); // Everybody should be able to go on this page //if (! $user->admin) From b6be42e10376bcc55f66c1d9ed146b2de32f6c09 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 18 Feb 2020 12:40:50 +0100 Subject: [PATCH 10/13] FIX List of viewed projects too large in task widget --- htdocs/core/boxes/box_task.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/htdocs/core/boxes/box_task.php b/htdocs/core/boxes/box_task.php index 2ae0ede3c21..ed267493e97 100644 --- a/htdocs/core/boxes/box_task.php +++ b/htdocs/core/boxes/box_task.php @@ -86,6 +86,7 @@ class box_task extends ModeleBoxes $form = new Form($this->db); $cookie_name = 'boxfilter_task'; $boxcontent = ''; + $socid = $user->socid; $textHead = $langs->trans("CurentlyOpenedTasks"); @@ -97,7 +98,6 @@ class box_task extends ModeleBoxes $filterValue = $_COOKIE[$cookie_name]; } - if ($filterValue == 'im_task_contact') { $textHead .= ' : '.$langs->trans("WhichIamLinkedTo"); } @@ -143,6 +143,10 @@ class box_task extends ModeleBoxes ); + // Get list of project id allowed to user (in a string list separated by coma) + $projectsListId = ''; + if (!$user->rights->projet->all->lire) $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, $socid); + $sql = "SELECT pt.rowid, pt.ref, pt.fk_projet, pt.fk_task_parent, pt.datec, pt.dateo, pt.datee, pt.datev, pt.label, pt.description, pt.duration_effective, pt.planned_workload, pt.progress"; $sql .= ", p.rowid project_id, p.ref project_ref, p.title project_title"; @@ -163,7 +167,7 @@ class box_task extends ModeleBoxes $sql .= " AND p.fk_statut = ".Project::STATUS_VALIDATED; $sql .= " AND (pt.progress < 100 OR pt.progress IS NULL ) "; // 100% is done and not displayed $sql .= " AND p.usage_task = 1 "; - + if (!$user->rights->projet->all->lire) $sql .= " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users $sql .= " ORDER BY pt.datee ASC, pt.dateo ASC"; $sql .= $this->db->plimit($max, 0); From 24bb61b5e4a4f38cb547410acbb02ad75b29cb92 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 18 Feb 2020 12:51:53 +0100 Subject: [PATCH 11/13] FIX Usage of project not available in export. --- htdocs/core/modules/modProjet.class.php | 54 ++++++++++++++++++++----- htdocs/projet/card.php | 12 +++--- 2 files changed, 49 insertions(+), 17 deletions(-) diff --git a/htdocs/core/modules/modProjet.class.php b/htdocs/core/modules/modProjet.class.php index 05773b549ab..668bf22104e 100644 --- a/htdocs/core/modules/modProjet.class.php +++ b/htdocs/core/modules/modProjet.class.php @@ -216,18 +216,50 @@ class modProjet extends DolibarrModules $this->export_label[$r]='ProjectsAndTasksLines'; // Translation key (used only if key ExportDataset_xxx_z not found) $this->export_permission[$r]=array(array("projet","export")); $this->export_dependencies_array[$r]=array('projecttask'=>'pt.rowid', 'task_time'=>'ptt.rowid'); +/* + if (!empty($conf->global->PROJECT_USE_OPPORTUNITIES)) + { + print ' '; + $htmltext = $langs->trans("ProjectFollowOpportunity"); + print $form->textwithpicto($langs->trans("ProjectFollowOpportunity"), $htmltext); + print '
'; + } + if (empty($conf->global->PROJECT_HIDE_TASKS)) + { + print ' '; + $htmltext = $langs->trans("ProjectFollowTasks"); + print $form->textwithpicto($langs->trans("ProjectFollowTasks"), $htmltext); + print '
'; + } + if (!empty($conf->global->PROJECT_BILL_TIME_SPENT)) + { + print ' '; + $htmltext = $langs->trans("ProjectBillTimeDescription"); + print $form->textwithpicto($langs->trans("BillTime"), $htmltext); + print '
'; + } +*/ - $this->export_TypeFields_array[$r]=array('s.rowid'=>"List:societe:nom::thirdparty",'s.nom'=>'Text','s.address'=>'Text','s.zip'=>'Text','s.town'=>'Text','s.fk_pays'=>'List:c_country:label', - 's.phone'=>'Text','s.email'=>'Text','s.siren'=>'Text','s.siret'=>'Text','s.ape'=>'Text','s.idprof4'=>'Text','s.code_compta'=>'Text','s.code_compta_fournisseur'=>'Text', - 'p.rowid'=>"List:projet:ref::project",'p.ref'=>"Text",'p.title'=>"Text",'p.datec'=>"Date",'p.dateo'=>"Date",'p.datee'=>"Date",'p.fk_statut'=>'Status','cls.code'=>"Text",'p.opp_percent'=>'Numeric','p.opp_amount'=>'Numeric','p.description'=>"Text",'p.entity'=>'Numeric', - 'pt.rowid'=>'Numeric','pt.ref'=>'Text','pt.label'=>'Text','pt.dateo'=>"Date",'pt.datee'=>"Date",'pt.duration_effective'=>"Duree",'pt.planned_workload'=>"Numeric",'pt.progress'=>"Numeric",'pt.description'=>"Text", - 'ptt.rowid'=>'Numeric','ptt.task_date'=>'Date','ptt.task_duration'=>"Duree",'ptt.fk_user'=>"List:user:CONCAT(lastname,' ',firstname)",'ptt.note'=>"Text"); - $this->export_entities_array[$r]=array('s.rowid'=>"company",'s.nom'=>'company','s.address'=>'company','s.zip'=>'company','s.town'=>'company','s.fk_pays'=>'company', - 's.phone'=>'company','s.email'=>'company','s.siren'=>'company','s.siret'=>'company','s.ape'=>'company','s.idprof4'=>'company','s.code_compta'=>'company','s.code_compta_fournisseur'=>'company'); - - $this->export_fields_array[$r]=array('s.rowid'=>"IdCompany",'s.nom'=>'CompanyName','s.address'=>'Address','s.zip'=>'Zip','s.town'=>'Town','s.fk_pays'=>'Country', - 's.phone'=>'Phone','s.email'=>'Email','s.siren'=>'ProfId1','s.siret'=>'ProfId2','s.ape'=>'ProfId3','s.idprof4'=>'ProfId4','s.code_compta'=>'CustomerAccountancyCode','s.code_compta_fournisseur'=>'SupplierAccountancyCode', - 'p.rowid'=>"ProjectId",'p.ref'=>"RefProject",'p.title'=>'ProjectLabel', 'p.datec'=>"DateCreation",'p.dateo'=>"DateStart",'p.datee'=>"DateEnd",'p.fk_statut'=>'ProjectStatus','cls.code'=>'OpportunityStatus','p.opp_percent'=>'OpportunityProbability','p.opp_amount'=>'OpportunityAmount','p.description'=>"Description"); + $this->export_TypeFields_array[$r]=array( + 's.rowid'=>"List:societe:nom::thirdparty",'s.nom'=>'Text','s.address'=>'Text','s.zip'=>'Text','s.town'=>'Text','s.fk_pays'=>'List:c_country:label', + 's.phone'=>'Text','s.email'=>'Text','s.siren'=>'Text','s.siret'=>'Text','s.ape'=>'Text','s.idprof4'=>'Text','s.code_compta'=>'Text','s.code_compta_fournisseur'=>'Text', + 'p.rowid'=>"List:projet:ref::project",'p.ref'=>"Text",'p.title'=>"Text", + 'p.usage_opportunity'=>'Boolean', 'p.usage_task'=>'Boolean', 'p.usage_bill_time'=>'Boolean', + 'p.datec'=>"Date",'p.dateo'=>"Date",'p.datee'=>"Date",'p.fk_statut'=>'Status','cls.code'=>"Text",'p.opp_percent'=>'Numeric','p.opp_amount'=>'Numeric','p.description'=>"Text",'p.entity'=>'Numeric', + 'pt.rowid'=>'Numeric','pt.ref'=>'Text','pt.label'=>'Text','pt.dateo'=>"Date",'pt.datee'=>"Date",'pt.duration_effective'=>"Duree",'pt.planned_workload'=>"Numeric",'pt.progress'=>"Numeric",'pt.description'=>"Text", + 'ptt.rowid'=>'Numeric','ptt.task_date'=>'Date','ptt.task_duration'=>"Duree",'ptt.fk_user'=>"List:user:CONCAT(lastname,' ',firstname)",'ptt.note'=>"Text" + ); + $this->export_entities_array[$r]=array( + 's.rowid'=>"company",'s.nom'=>'company','s.address'=>'company','s.zip'=>'company','s.town'=>'company','s.fk_pays'=>'company', + 's.phone'=>'company','s.email'=>'company','s.siren'=>'company','s.siret'=>'company','s.ape'=>'company','s.idprof4'=>'company','s.code_compta'=>'company','s.code_compta_fournisseur'=>'company' + ); + $this->export_fields_array[$r]=array( + 's.rowid'=>"IdCompany",'s.nom'=>'CompanyName','s.address'=>'Address','s.zip'=>'Zip','s.town'=>'Town','s.fk_pays'=>'Country', + 's.phone'=>'Phone','s.email'=>'Email','s.siren'=>'ProfId1','s.siret'=>'ProfId2','s.ape'=>'ProfId3','s.idprof4'=>'ProfId4','s.code_compta'=>'CustomerAccountancyCode','s.code_compta_fournisseur'=>'SupplierAccountancyCode', + 'p.rowid'=>"ProjectId",'p.ref'=>"RefProject",'p.title'=>'ProjectLabel', + 'p.usage_opportunity'=>'ProjectFollowOpportunity', 'p.usage_task'=>'ProjectFollowTasks', 'p.usage_bill_time'=>'BillTime', + 'p.datec'=>"DateCreation",'p.dateo'=>"DateStart",'p.datee'=>"DateEnd",'p.fk_statut'=>'ProjectStatus','cls.code'=>'OpportunityStatus','p.opp_percent'=>'OpportunityProbability','p.opp_amount'=>'OpportunityAmount','p.description'=>"Description" + ); // Add multicompany field if (! empty($conf->global->MULTICOMPANY_ENTITY_IN_EXPORT_IF_SHARED)) { diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index 332049f194f..bd14d527c9f 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -262,12 +262,12 @@ if (empty($reshook)) $object->socid = GETPOST('socid', 'int'); $object->description = GETPOST('description', 'none'); // Do not use 'alpha' here, we want field as it is $object->public = GETPOST('public', 'alpha'); - $object->date_start = empty($_POST["projectstart"]) ? '' : $date_start; - $object->date_end = empty($_POST["projectend"]) ? '' : $date_end; - if (isset($_POST['opp_amount'])) $object->opp_amount = price2num(GETPOST('opp_amount', 'alpha')); - if (isset($_POST['budget_amount'])) $object->budget_amount = price2num(GETPOST('budget_amount', 'alpha')); - if (isset($_POST['opp_status'])) $object->opp_status = $opp_status; - if (isset($_POST['opp_percent'])) $object->opp_percent = $opp_percent; + $object->date_start = (! GETPOST('projectstart')) ? '' : $date_start; + $object->date_end = (! GETPOST('projectend')) ? '' : $date_end; + if (GETPOSTISSET('opp_amount')) $object->opp_amount = price2num(GETPOST('opp_amount', 'alpha')); + if (GETPOSTISSET('budget_amount')) $object->budget_amount = price2num(GETPOST('budget_amount', 'alpha')); + if (GETPOSTISSET('opp_status')) $object->opp_status = $opp_status; + if (GETPOSTISSET('opp_percent')) $object->opp_percent = $opp_percent; $object->usage_opportunity = (GETPOST('usage_opportunity', 'alpha') == 'on' ? 1 : 0); $object->usage_task = (GETPOST('usage_task', 'alpha') == 'on' ? 1 : 0); $object->usage_bill_time = (GETPOST('usage_bill_time', 'alpha') == 'on' ? 1 : 0); From bb64d2d3530bbb0aa0fa86a3896bb423d70b8451 Mon Sep 17 00:00:00 2001 From: atm-ph Date: Tue, 18 Feb 2020 16:00:12 +0100 Subject: [PATCH 12/13] Fix create supplier invoice from supplier order don't keep source object as linked obkect --- htdocs/fourn/facture/card.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index ffdfb07baa0..6ab40c3924c 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -917,6 +917,10 @@ if (empty($reshook)) } } } + elseif (!empty($object->origin) && !empty($object->origin_id)) + { + $object->linkedObjectsIds[$object->origin] = $object->origin_id; + } $id = $object->create($user); From 0dcb83e6bfc698082a40a196fd0a30b4885d01a8 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 3 Feb 2020 23:10:04 +0000 Subject: [PATCH 13/13] referer XSS patches --- htdocs/comm/action/card.php | 4 ++-- htdocs/public/error-401.php | 2 +- htdocs/public/error-404.php | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index e44e5c3a973..0199bebc01e 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -831,7 +831,7 @@ if ($action == 'create') print ''; print ''; print ''; - if ($backtopage) print ''; + if ($backtopage) print ''; if (empty($conf->global->AGENDA_USE_EVENT_TYPE)) print ''; if (GETPOST("actioncode", 'aZ09') == 'AC_RDV') print load_fiche_titre($langs->trans("AddActionRendezVous"), '', 'title_agenda'); @@ -1232,7 +1232,7 @@ if ($id > 0) print ''; print ''; print ''; - if ($backtopage) print ''; + if ($backtopage) print ''; if (empty($conf->global->AGENDA_USE_EVENT_TYPE)) print ''; dol_fiche_head($head, 'card', $langs->trans("Action"), 0, 'action'); diff --git a/htdocs/public/error-401.php b/htdocs/public/error-401.php index d6a6ed548ff..ac921fc9f78 100644 --- a/htdocs/public/error-401.php +++ b/htdocs/public/error-401.php @@ -21,7 +21,7 @@ Sorry. You are not allowed to access this resource.
- +
diff --git a/htdocs/public/error-404.php b/htdocs/public/error-404.php index 36547d26704..34a4ac03e9e 100644 --- a/htdocs/public/error-404.php +++ b/htdocs/public/error-404.php @@ -21,7 +21,7 @@ You requested a website or a page that does not exists.
- +