From 9bc0f54ae82d37777ee48f15c4562e314572ddcb Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 15 Oct 2013 20:51:44 +0200 Subject: [PATCH 1/3] Fix: set of country --- htdocs/societe/class/societe.class.php | 2 +- htdocs/societe/soc.php | 18 +++++++++++------- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index b6bee432087..495f6ec6a5a 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -404,7 +404,7 @@ class Societe extends CommonObject $this->zip = $this->zip?trim($this->zip):trim($this->zip); $this->town = $this->town?trim($this->town):trim($this->town); $this->state_id = trim($this->state_id); - $this->country_id = ($this->country_id > 0)?$this->country_id:$this->country_id; + $this->country_id = ($this->country_id > 0)?$this->country_id:0; $this->phone = trim($this->phone?$this->phone:$this->tel); $this->phone = preg_replace("/\s/","",$this->phone); $this->phone = preg_replace("/\./","",$this->phone); diff --git a/htdocs/societe/soc.php b/htdocs/societe/soc.php index 4f0d795a941..2712c1e45cd 100644 --- a/htdocs/societe/soc.php +++ b/htdocs/societe/soc.php @@ -174,6 +174,7 @@ if (empty($reshook)) // Fill array 'array_options' with data from add form $ret = $extrafields->setOptionalsFromPost($extralabels,$object); + if (GETPOST('deletephoto')) $object->logo = ''; else if (! empty($_FILES['photo']['name'])) $object->logo = dol_sanitizeFileName($_FILES['photo']['name']); @@ -200,7 +201,7 @@ if (empty($reshook)) } // We set country_id, country_code and country for the selected country - $object->country_id=GETPOST('country_id')?GETPOST('country_id'):$mysoc->country_id; + $object->country_id=GETPOST('country_id')!=''?GETPOST('country_id'):$mysoc->country_id; if ($object->country_id) { $tmparray=getCountry($object->country_id,'all'); @@ -824,7 +825,7 @@ else // Country print ''.$langs->trans('Country').''; - print $form->select_country($object->country_id,'country_id'); + print $form->select_country((GETPOST('country_id')!=''?GETPOST('country_id'):$object->country_id),'country_id'); if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionnarySetup"),1); print ''; @@ -1205,7 +1206,7 @@ else print ''; } else - { + { print $object->code_fournisseur; print ''; } @@ -1243,7 +1244,7 @@ else // Country print ''.$langs->trans('Country').''; - print $form->select_country($object->country_id,'country_id'); + print $form->select_country((GETPOST('country_id')!=''?GETPOST('country_id'):$object->country_id),'country_id'); if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionnarySetup"),1); print ''; @@ -1548,9 +1549,12 @@ else // Country print ''.$langs->trans("Country").''; - $img=picto_from_langcode($object->country_code); - if ($object->isInEEC()) print $form->textwithpicto(($img?$img.' ':'').$object->country,$langs->trans("CountryIsInEEC"),1,0); - else print ($img?$img.' ':'').$object->country; + if ($object->country_code) + { + $img=picto_from_langcode($object->country_code); + if ($object->isInEEC()) print $form->textwithpicto(($img?$img.' ':'').$object->country,$langs->trans("CountryIsInEEC"),1,0); + else print ($img?$img.' ':'').$object->country; + } print ''; // State From d9106b6e850446e706050510fd8e442184d4e273 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 18 Oct 2013 11:19:32 +0200 Subject: [PATCH 2/3] Add debug info to find a bug --- htdocs/main.inc.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index c9c4dd9ca4c..8ccfdad0e64 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -119,13 +119,13 @@ function analyse_sql_and_script(&$var, $type) { foreach ($var as $key => $value) { - if (analyse_sql_and_script($value,$type)) + if (!analyse_sql_and_script($value,$type)) { $var[$key] = $value; } else - { - print 'Access refused by SQL/Script injection protection in main.inc.php'; + { + print 'Access refused by SQL/Script injection protection in main.inc.php (when calling page '.htmlentities($_SERVER["REQUEST_URI"]).')'; exit; } } From 5e357316938e21441c1cdb9a062036fa1f63435f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 18 Oct 2013 11:41:37 +0200 Subject: [PATCH 3/3] Add debug info to find a bug --- htdocs/main.inc.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 8ccfdad0e64..33df269c965 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -119,13 +119,13 @@ function analyse_sql_and_script(&$var, $type) { foreach ($var as $key => $value) { - if (!analyse_sql_and_script($value,$type)) + if (analyse_sql_and_script($value,$type)) { $var[$key] = $value; } else { - print 'Access refused by SQL/Script injection protection in main.inc.php (when calling page '.htmlentities($_SERVER["REQUEST_URI"]).')'; + print 'Access refused by SQL/Script injection protection in main.inc.php (type='.htmlentities($type).' key='.htmlentities($key).' value='.htmlentities($value).' page='.htmlentities($_SERVER["REQUEST_URI"]).')'; exit; } }