diff --git a/ChangeLog b/ChangeLog index 5b73c4b2212..67021ea4d09 100644 --- a/ChangeLog +++ b/ChangeLog @@ -325,6 +325,63 @@ Following changes may create regressions for some external modules, but were nec * Dolibarr v13 is still compatible with any PHP version between 5.6.0 and 7.4.*; Unit tests are OK with PHP 8.0 but some warnings or troubles may appears with PHP 8.0. * All your Ajax services must contains such a line at begin of file: if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Disables token renewal + + +***** ChangeLog for 12.0.5 compared to 12.0.4 ***** +FIX: before crediting a withdrawal receipt, check whether it has been credited already +FIX: mandatory extrafields of type sellist +FIX: when a mandatory extrafield of type sellist contains '0' it should be considered empty and trigger an error message upon insertion +FIX: when a new intervention is created from an object, a new $extrafields object is instantiated but not initialized +FIX: "openall" filter on ticket list does not include read tickets +FIX: ticket - extrafields of type 'date' are not saved +FIX: ticket - the "openall" filter on the ticket list does not include tickets with status READ +FIX: #14290 #15900 +FIX: #15388 #15891 +FIX: #15465 External user sees last 5 shipments to other customers in the dashboard +FIX: #15629 +FIX: #15751 Miscellaneous payment type change to 0 after updating subledger account +FIX: #15946 +FIX: #15966 #15967 +FIX: Accountancy - Fix some problems on CEGID export +FIX: Accountancy - label_operation is used instead of label_compte +FIX: Accountancy - Retire entire opening balance feature +FIX: add autofix of count of email target when data is corrupted +FIX: add categories params on llxHeader filter +FIX: Add critical price patch from 12 to 11. +FIX: Bad cleaning of VAT rate when numbers are into code +FIX: Bad dates filtering in the ticket list causes sql error +FIX: balance starting and ending fiscal month #14197 +FIX: bom line unit display #13831 +FIX: cash fence for takepos with multientity +FIX: Check of customer/vendor code fails in some cases +FIX: create ticket : thirdparty/contact notification #15629 +FIX: Creation of thirdparty when setup is empty +FIX: Dates of sales start in TakePOS +FIX: dupliacete customer or supplier code must be error dipslayed with new code proposed +FIX: Export FEC - Force Carriage Return Line Feed +FIX: Facture Situation Out : status condition +FIX: Filter on date of next generation on template invoices +FIX: Fix detect dispatched product and set to received completely when the supplier order have services (support STOCK_SUPPORTS_SERVICES) +FIX: Invoice Situation Out : status condition +FIX: issue 15659 : Missing test if supplier conf is enabled +FIX: link to create event when task is in a project with a thirdparty +FIX: Localtax must be converted with price2num +FIX: manage price min for PRODUIT_CUSTOMER_PRICES +FIX: missing GETPOST parameters on card_presend.tpl.php +FIX: missing socid into link to create event from project agenda tab +FIX: Must delete extrafields before main table on product deletion. +FIX: (path) htdocs removed +FIX: php alert sms.php +FIX: right to show VAT rate in product list +FIX: select default mail template +FIX: Timeout during import +FIX: update order by api +FIX: useless tracking number displayed on pdf if empty issue #14501 +FIX: Visible date of payment +FIX: warning when adding a line if $remise_percent is an empty string +FIX: When creating a new POS sell, the creation date must be modified. +FIX: wrong name for search status param issue #15516 + ***** ChangeLog for 12.0.4 compared to 12.0.3 ***** FIX: make formConfirm an addreplace-type hook FIX: regex to remove 'action' parameter: taking feedback from PR#15213 into account diff --git a/SECURITY.md b/SECURITY.md index 08ca64e4a4c..f63f9c3f277 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -12,7 +12,7 @@ This file contains some policies about the security reports on Dolibarr ERP CRM ## Reporting a Vulnerability -To report a vulnerability, please use GitHub security advisory (alternatively send an email to security@dolibarr.org) +To report a vulnerability, please use GitHub security advisory at https://github.com/Dolibarr/dolibarr/security/advisories/new (or alternatively send an email to security@dolibarr.org) ## Hunting vulnerabilities on Dolibarr diff --git a/htdocs/adherents/document.php b/htdocs/adherents/document.php index 969bf3a8906..35ce841ba6e 100644 --- a/htdocs/adherents/document.php +++ b/htdocs/adherents/document.php @@ -73,7 +73,7 @@ $upload_dir = $conf->adherent->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'me * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/asset/card.php b/htdocs/asset/card.php index 58307781cf2..96cb7baff73 100644 --- a/htdocs/asset/card.php +++ b/htdocs/asset/card.php @@ -125,38 +125,18 @@ if (empty($reshook)) include DOL_DOCUMENT_ROOT.'/core/actions_sendmails.inc.php'; } - - - /* * View * - * Put here all code to build page */ $form = new Form($db); $formfile = new FormFile($db); -$title = $langs->trans("Assets").' - '.$langs->trans("Card"); +$title = $langs->trans("Asset").' - '.$langs->trans("Card"); $help_url = ''; llxHeader('', $title, $help_url); -// Example : Adding jquery code -print ''; - - // Part to create if ($action == 'create') { @@ -240,14 +220,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea // Confirmation to delete if ($action == 'delete') { - $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('DeleteAssets'), $langs->trans('ConfirmDeleteAssets'), 'confirm_delete', '', 0, 1); - } - - // Confirmation of action xxxx - if ($action == 'xxx') - { - $formquestion = array(); - $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('XXX'), $text, 'confirm_xxx', $formquestion, 0, 1, 220); + $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('DeleteAssets'), $langs->trans('ConfirmDeleteAsset'), 'confirm_delete', '', 0, 1); } // Call Hook formConfirm @@ -292,28 +265,24 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print ''; print ''; - print ''; - print ''; print '
'; print dol_get_fiche_end(); - // Buttons for actions - if ($action != 'presend' && $action != 'editline') { - print '
'."\n"; + /* + * Buttons + */ + if ($user->socid == 0) + { + print '
'; + $parameters = array(); $reshook = $hookmanager->executeHooks('addMoreActionsButtons', $parameters, $object, $action); // Note that $action and $object may have been modified by hook - if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); if (empty($reshook)) { - // Send - if (empty($user->socid)) { - print ''.$langs->trans('SendMail').''."\n"; - } - if ($user->rights->asset->write) { print ''.$langs->trans("Modify").''."\n"; @@ -328,13 +297,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print ''.$langs->trans('Delete').''."\n"; } } - print '
'."\n"; - } - - - // Select mail models is same action as presend - if (GETPOST('modelselected')) { - $action = 'presend'; + print "
"; } if ($action != 'presend') @@ -343,27 +306,23 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print ''; // ancre // Documents - /*$objref = dol_sanitizeFileName($object->ref); - $relativepath = $comref . '/' . $comref . '.pdf'; - $filedir = $conf->asset->dir_output . '/' . $objref; - $urlsource = $_SERVER["PHP_SELF"] . "?id=" . $object->id; + $filename = dol_sanitizeFileName($object->ref); + $filedir = $conf->contrat->dir_output."/".dol_sanitizeFileName($object->ref); + $urlsource = $_SERVER["PHP_SELF"]."?id=".$object->id; $genallowed = $user->rights->asset->read; // If you can read, you can build the PDF to read content - $delallowed = $user->rights->asset->create; // If you can create/edit, you can remove a file on card - print $formfile->showdocuments('asset', $objref, $filedir, $urlsource, $genallowed, $delallowed, $object->model_pdf, 1, 0, 0, 28, 0, '', '', '', $soc->default_lang); - */ + $delallowed = $user->rights->asset->write; // If you can create/edit, you can remove a file on card + + print $formfile->showdocuments('asset', $filename, $filedir, $urlsource, 0, $delallowed, $object->model_pdf, 1, 0, 0, 28, 0, '', '', '', $soc->default_lang); // Show links to link elements $linktoelem = $form->showLinkToObjectBlock($object, null, array('asset')); $somethingshown = $form->showLinkedObjectBlock($object, $linktoelem); - print '
'; $MAXEVENT = 10; - $morehtmlright = ''; - $morehtmlright .= $langs->trans("SeeAll"); - $morehtmlright .= ''; + $morehtmlcenter = dolGetButtonTitle($langs->trans('SeeAll'), '', 'fa fa-list-alt imgforviewmode', DOL_URL_ROOT.'/asset/info.php?id='.$object->id); // List of actions on element include_once DOL_DOCUMENT_ROOT.'/core/class/html.formactions.class.php'; @@ -372,19 +331,6 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print '
'; } - - //Select mail models is same action as presend - if (GETPOST('modelselected')) $action = 'presend'; - - // Presend form - /* - $modelmail='asset'; - $defaulttopic='InformationMessage'; - $diroutput = $conf->asset->dir_output.'/asset'; - $trackid = 'asset'.$object->id; - - include DOL_DOCUMENT_ROOT.'/core/tpl/card_presend.tpl.php'; - */ } diff --git a/htdocs/asset/document.php b/htdocs/asset/document.php index 4c2e36aed9a..32a4163dd12 100644 --- a/htdocs/asset/document.php +++ b/htdocs/asset/document.php @@ -1,6 +1,6 @@ - * Copyright (C) 2018 Alexandre Spangaro + * Copyright (C) 2018-2021 Alexandre Spangaro * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,7 +19,7 @@ /** * \file htdocs/asset/document.php * \ingroup asset - * \brief Tab for documents linked to Assets + * \brief Page for attached files on assets */ require '../main.inc.php'; @@ -31,18 +31,21 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; // Load translation files required by the page -$langs->loadLangs(array("assets", "companies")); +$langs->loadLangs(array('assets', 'companies', 'other')); -$action = GETPOST('action', 'aZ09'); -$confirm = GETPOST('confirm'); -$id = (GETPOST('socid', 'int') ? GETPOST('socid', 'int') : GETPOST('id', 'int')); +$id = (GETPOST('id', 'int') ?GETPOST('id', 'int') : GETPOST('facid', 'int')); // For backward compatibility $ref = GETPOST('ref', 'alpha'); +$socid = GETPOST('socid', 'int'); +$action = GETPOST('action', 'aZ09'); +$confirm = GETPOST('confirm', 'alpha'); -// Security check - Protection if external user -//if ($user->socid > 0) accessforbidden(); -//if ($user->socid > 0) $socid = $user->socid; -//$result = restrictedArea($user, 'asset', $id); +// Security check +if ($user->socid) +{ + $socid = $user->socid; +} +$result=restrictedArea($user, 'asset', $id, ''); // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; @@ -56,100 +59,79 @@ $pagenext = $page + 1; if (!$sortorder) $sortorder = "ASC"; if (!$sortfield) $sortfield = "name"; -// Initialize technical objects $object = new Asset($db); -$extrafields = new ExtraFields($db); -$diroutputmassaction = $conf->assets->dir_output.'/temp/massgeneration/'.$user->id; -$hookmanager->initHooks(array('assetdocument')); // Note that conf->hooks_modules contains array - -// Fetch optionals attributes and labels -$extrafields->fetch_name_optionals_label($object->table_element); - -// Load object -include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals - -// Security check -if (!empty($user->socid)) $socid = $user->socid; -$result = restrictedArea($user, 'asset', $id); - -//if ($id > 0 || ! empty($ref)) $upload_dir = $conf->sellyoursaas->multidir_output[$object->entity] . "/packages/" . dol_sanitizeFileName($object->id); -if ($id > 0 || !empty($ref)) $upload_dir = $conf->sellyoursaas->multidir_output[$object->entity]."/packages/".dol_sanitizeFileName($object->ref); - +if ($object->fetch($id)) +{ + $upload_dir = $conf->asset->dir_output."/".dol_sanitizeFileName($object->ref); +} /* * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* * View */ +$title = $langs->trans('Assets')." - ".$langs->trans('Documents'); +$helpurl = ''; +llxHeader('', $title, $helpurl); + $form = new Form($db); -$title = $langs->trans("Assets").' - '.$langs->trans("Files"); -$help_url = ''; -//$help_url='EN:Module_Third_Parties|FR:Module_Tiers|ES:Empresas'; -llxHeader('', $title, $help_url); -if ($object->id) + +if ($id > 0 || !empty($ref)) { - /* - * Show tabs - */ - if (!empty($conf->notification->enabled)) $langs->load("mails"); - $head = asset_prepare_head($object); - - print dol_get_fiche_head($head, 'document', $langs->trans("Asset"), -1, 'generic'); - - - // Build file list - $filearray = dol_dir_list($upload_dir, "files", 0, '', '(\.meta|_preview.*\.png)$', $sortfield, (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC), 1); - $totalsize = 0; - foreach ($filearray as $key => $file) + if ($object->fetch($id, $ref) > 0) { - $totalsize += $file['size']; + $upload_dir = $conf->asset->multidir_output[$object->entity].'/'.dol_sanitizeFileName($object->ref); + + $head = asset_prepare_head($object); + print dol_get_fiche_head($head, 'documents', $langs->trans('Asset'), -1, 'accounting'); + + // Build file list + $filearray = dol_dir_list($upload_dir, "files", 0, '', '(\.meta|_preview.*\.png)$', $sortfield, (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC), 1); + $totalsize = 0; + foreach ($filearray as $key => $file) + { + $totalsize += $file['size']; + } + + // Asset content + + $linkback = ''.$langs->trans("BackToList").''; + + $morehtmlref = ''; + dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref, '', 0); + + print '
'; + print '
'; + + print ''; + + print ''; + print ''; + print "
'.$langs->trans("NbOfAttachedFiles").''.count($filearray).'
'.$langs->trans("TotalSizeOfAttachedFiles").''.dol_print_size($totalsize, 1, 1).'
\n"; + + print "
\n"; + + print dol_get_fiche_end(); + + $modulepart = 'asset'; + $permission = $user->rights->asset->write; + $permtoedit = $user->rights->asset->write; + $param = '&id='.$object->id; + include_once DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; + } else { + dol_print_error($db); } - - // Object card - // ------------------------------------------------------------ - $linkback = ''.$langs->trans("BackToList").''; - - dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); - - print '
'; - - print '
'; - print ''; - - // Number of files - print ''; - - // Total size - print ''; - - print '
'.$langs->trans("NbOfAttachedFiles").''.count($filearray).'
'.$langs->trans("TotalSizeOfAttachedFiles").''.$totalsize.' '.$langs->trans("bytes").'
'; - - print '
'; - - print dol_get_fiche_end(); - - $modulepart = 'asset'; - //$permission = $user->rights->asset->create; - $permission = 1; - //$permtoedit = $user->rights->asset->create; - $permtoedit = 1; - $param = '&id='.$object->id; - - //$relativepathwithnofile='asset/' . dol_sanitizeFileName($object->id).'/'; - $relativepathwithnofile = 'asset/'.dol_sanitizeFileName($object->ref).'/'; - - include_once DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; } else { - accessforbidden('', 0, 1); + print $langs->trans("ErrorUnknown"); } // End of page diff --git a/htdocs/asset/type.php b/htdocs/asset/type.php index fecebb676a8..38969d65182 100644 --- a/htdocs/asset/type.php +++ b/htdocs/asset/type.php @@ -157,7 +157,7 @@ if ($action == 'update' && $user->rights->asset->write) if ($ret >= 0 && !count($object->errors)) { - setEventMessages($langs->trans("AssetsTypeModified"), null, 'mesgs'); + setEventMessages($langs->trans("AssetTypeModified"), null, 'mesgs'); } else { setEventMessages($object->error, $object->errors, 'errors'); } diff --git a/htdocs/bom/bom_document.php b/htdocs/bom/bom_document.php index cf752878605..ddd9fe0eee6 100644 --- a/htdocs/bom/bom_document.php +++ b/htdocs/bom/bom_document.php @@ -76,7 +76,7 @@ if ($id > 0 || !empty($ref)) $upload_dir = $conf->bom->multidir_output[$object-> * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php index 5b4cc58bb08..2d0c1dc8133 100644 --- a/htdocs/comm/action/document.php +++ b/htdocs/comm/action/document.php @@ -80,7 +80,7 @@ $modulepart = 'actions'; /* * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php index fbe7fdbec5c..530f7392f54 100644 --- a/htdocs/comm/propal/document.php +++ b/htdocs/comm/propal/document.php @@ -80,7 +80,7 @@ if ($object->id > 0) { $object->fetch_thirdparty(); $upload_dir = $conf->propal->multidir_output[$object->entity].'/'.dol_sanitizeFileName($object->ref); - include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; + include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; } diff --git a/htdocs/commande/contact.php b/htdocs/commande/contact.php index 7df7dbea130..add4244d7dc 100644 --- a/htdocs/commande/contact.php +++ b/htdocs/commande/contact.php @@ -3,6 +3,7 @@ * Copyright (C) 2005-2011 Laurent Destailleur * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2011-2015 Philippe Grand + * Copyright (C) 2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -128,23 +129,17 @@ $userstatic = new User($db); /* */ /* *************************************************************************** */ -if ($id > 0 || !empty($ref)) -{ - $langs->trans("OrderCard"); - - if ($object->fetch($id, $ref) > 0) - { +if ($id > 0 || !empty($ref)) { + if ($object->fetch($id, $ref) > 0) { $object->fetch_thirdparty(); $head = commande_prepare_head($object); print dol_get_fiche_head($head, 'contact', $langs->trans("CustomerOrder"), -1, 'order'); - // Order card $linkback = ''.$langs->trans("BackToList").''; - $morehtmlref = '
'; // Ref customer $morehtmlref .= $form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1); diff --git a/htdocs/commande/document.php b/htdocs/commande/document.php index f95f61b6025..f51d8635787 100644 --- a/htdocs/commande/document.php +++ b/htdocs/commande/document.php @@ -80,7 +80,7 @@ if ($object->fetch($id)) $upload_dir = $conf->commande->multidir_output[$object->entity]."/".dol_sanitizeFileName($object->ref); } -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/compta/bank/account_statement_document.php b/htdocs/compta/bank/account_statement_document.php index fd7c6b1d292..b1c5c937f76 100644 --- a/htdocs/compta/bank/account_statement_document.php +++ b/htdocs/compta/bank/account_statement_document.php @@ -133,7 +133,7 @@ if (!empty($numref)) $upload_dir = $conf->bank->dir_output."/".$id."/statement/".dol_sanitizeFileName($numref); } $backtopage = $_SERVER['PHP_SELF']."?account=".$id."&num=".$numref; -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index 5bfbb2ed266..3f29ab4d022 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -482,9 +482,7 @@ if ($id > 0 || !empty($ref)) $sql = "SELECT b.rowid, b.dateo as do, b.datev as dv, b.amount, b.label, b.rappro as conciliated, b.num_releve, b.num_chq,"; $sql .= " b.fk_account, b.fk_type,"; -$sql .= " ba.rowid as bankid, ba.ref as bankref,"; -$sql .= " bu.url_id, bu.type as type_url,"; -$sql .= " s.nom, s.name_alias, s.client, s.fournisseur, s.email, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur"; +$sql .= " ba.rowid as bankid, ba.ref as bankref"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); @@ -498,8 +496,6 @@ if ($search_bid > 0) $sql .= MAIN_DB_PREFIX."bank_class as l,"; $sql .= " ".MAIN_DB_PREFIX."bank_account as ba,"; $sql .= " ".MAIN_DB_PREFIX."bank as b"; if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$object->table_element."_extrafields as ef on (b.rowid = ef.fk_object)"; -$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_url as bu ON bu.fk_bank = b.rowid AND type = 'company'"; -$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON bu.url_id = s.rowid"; $sql .= " WHERE b.fk_account = ba.rowid"; $sql .= " AND ba.entity IN (".getEntity('bank_account').")"; if ($search_account > 0) $sql .= " AND b.fk_account = ".$search_account; @@ -513,7 +509,20 @@ if ($search_ref) $sql .= natural_search("b.rowid", $search_ref, 1); if ($search_req_nb) $sql .= natural_search("b.num_chq", $search_req_nb); if ($search_num_releve) $sql .= natural_search("b.num_releve", $search_num_releve); if ($search_conciliated != '' && $search_conciliated != '-1') $sql .= " AND b.rappro = ".urlencode($search_conciliated); -if ($search_thirdparty_user) $sql .= natural_search(array("s.nom", "u.firstname", "u.lastname"), $search_thirdparty_user); +if ($search_thirdparty_user) { + $sql.= " AND (b.rowid IN "; + $sql.= " ( SELECT bu.fk_bank FROM ".MAIN_DB_PREFIX."bank_url AS bu"; + $sql.= " JOIN ".MAIN_DB_PREFIX."bank AS b2 ON b2.rowid = bu.fk_bank"; + $sql.= " JOIN ".MAIN_DB_PREFIX."user AS subUser ON (bu.type = 'user' AND bu.url_id = subUser.rowid)"; + $sql.= " WHERE ". natural_search(array("subUser.firstname", "subUser.lastname"), $search_thirdparty_user, '', 1)."))"; + + $sql.= " OR b.rowid IN "; + $sql.= " ( SELECT bu.fk_bank FROM ".MAIN_DB_PREFIX."bank_url AS bu"; + $sql.= " JOIN ".MAIN_DB_PREFIX."bank AS b2 ON b2.rowid = bu.fk_bank"; + $sql.= " JOIN ".MAIN_DB_PREFIX."societe AS subSoc ON (bu.type = 'company' AND bu.url_id = subSoc.rowid)"; + $sql.= " WHERE ". natural_search(array("subSoc.nom"), $search_thirdparty_user, '', 1); + $sql.= ")"; +} if ($search_description) { $search_description_to_use = $search_description; @@ -1373,52 +1382,40 @@ if ($resql) // Third party if (!empty($arrayfields['bu.label']['checked'])) { - print ''; - if ($objp->url_id) - { - if ($objp->type_url == 'company') { - $companystatic->id = $objp->url_id; - $companystatic->name = $objp->nom; - $companystatic->name_alias = $objp->name_alias; - $companystatic->client = $objp->client; - $companystatic->email = $objp->email; - $companystatic->fournisseur = $objp->fournisseur; - $companystatic->code_client = $objp->code_client; - $companystatic->code_fournisseur = $objp->code_fournisseur; - $companystatic->code_compta = $objp->code_compta; - $companystatic->code_compta_fournisseur = $objp->code_compta_fournisseur; - print $companystatic->getNomUrl(1); + print ''; + + $companylinked_id = 0; + $userlinked_id = 0; + + //payment line type to define user display and user or company linked + foreach ($links as $key=>$value){ + if ($links[$key]['type'] == 'payment_sc') $type_link = 'payment_sc'; + if ($links[$key]['type'] == 'payment_salary') $type_link = 'payment_salary'; + + if ($links[$key]['type'] == 'company') { + $companylinked_id = $links[$key]['url_id']; + } + if ($links[$key]['type'] == 'user') { + $userlinked_id = $links[$key]['url_id']; } } - else //display user or nothing - { - //payment line type to define user display - foreach ($links as $key=>$value){ - if ($links[$key]['type'] == 'payment_sc') $type_link = 'payment_sc'; - if ($links[$key]['type'] == 'payment_salary') $type_link = 'payment_salary'; - } - $sqlu = "SELECT url_id FROM ".MAIN_DB_PREFIX."bank_url WHERE fk_bank=".$objp->rowid." AND (type='user' OR type='salary')"; - $resqlu = $db->query($sqlu); - - if ($resqlu) { - if ($db->num_rows($resqlu) > 0 && - (($type_link == 'payment_salary' && !empty($user->rights->salaries->read)) - || ($type_link == 'payment_sc' && !empty($user->rights->tax->charges->lire)))) { - $obj = $db->fetch_object($resqlu); - $userstatic->fetch($obj->url_id); - print $userstatic->getNomUrl(1); - } - - else { - print ' '; - } - } else { - dol_print_error($db); - } + if ($companylinked_id) { + // TODO Add a cache of loaded companies here + $companystatic->fetch($companylinked_id); + print $companystatic->getNomUrl(1); + } elseif ($userlinked_id && + (($type_link == 'payment_salary' && !empty($user->rights->salaries->read)) + || ($type_link == 'payment_sc' && !empty($user->rights->tax->charges->lire)))){ + // TODO Add a cache of loaded users here + $userstatic->fetch($userlinked_id); + print $userstatic->getNomUrl(1); + } else { + print ' '; } + print ''; - if (!$i) $totalarray['nbfield']++; + if (!$i) $totalarray['nbfield']++; } // Bank account diff --git a/htdocs/compta/bank/document.php b/htdocs/compta/bank/document.php index c67c0496727..cb2e4915323 100644 --- a/htdocs/compta/bank/document.php +++ b/htdocs/compta/bank/document.php @@ -77,7 +77,7 @@ if ($object->id > 0) $upload_dir = $conf->bank->dir_output."/".dol_sanitizeFileName($object->ref); } -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/compta/bank/various_payment/document.php b/htdocs/compta/bank/various_payment/document.php index 14187bf51e3..1cd8d285eeb 100644 --- a/htdocs/compta/bank/various_payment/document.php +++ b/htdocs/compta/bank/various_payment/document.php @@ -66,7 +66,7 @@ $modulepart = 'banque'; * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/compta/bank/various_payment/list.php b/htdocs/compta/bank/various_payment/list.php index 0790f149da4..3990c968806 100644 --- a/htdocs/compta/bank/various_payment/list.php +++ b/htdocs/compta/bank/various_payment/list.php @@ -251,7 +251,7 @@ if ($result) if ($typeid > 0) $param .= '&typeid='.urlencode($typeid); if ($search_amount_deb) $param .= '&search_amount_deb='.urlencode($search_amount_deb); if ($search_amount_cred) $param .= '&search_amount_cred='.urlencode($search_amount_cred); - if ($search_bank_account > 0) $param .= '&search_amount='.urlencode($search_bank_account); + if ($search_bank_account > 0) $param .= '&search_account='.urlencode($search_bank_account); if ($search_accountancy_account > 0) $param .= '&search_accountancy_account='.urlencode($search_accountancy_account); if ($search_accountancy_subledger > 0) $param .= '&search_accountancy_subledger='.urlencode($search_accountancy_subledger); diff --git a/htdocs/compta/cashcontrol/report.php b/htdocs/compta/cashcontrol/report.php index 3dcbfc6519f..32a7e9bede5 100644 --- a/htdocs/compta/cashcontrol/report.php +++ b/htdocs/compta/cashcontrol/report.php @@ -111,7 +111,7 @@ $sql .= " WHERE pf.fk_facture = f.rowid AND p.rowid = pf.fk_paiement AND cp.id = $sql .= " AND f.module_source = '".$db->escape($posmodule)."'"; $sql .= " AND f.pos_source = '".$db->escape($terminalid)."'"; $sql .= " AND f.paye = 1"; -$sql .= " AND p.entity IN (".getEntity('facture').")"; +$sql .= " AND p.entity = ".$conf->entity; // Never share entities for features related to accountancy /*if ($key == 'cash') $sql.=" AND cp.code = 'LIQ'"; elseif ($key == 'cheque') $sql.=" AND cp.code = 'CHQ'"; elseif ($key == 'card') $sql.=" AND cp.code = 'CB'"; diff --git a/htdocs/compta/deplacement/document.php b/htdocs/compta/deplacement/document.php index 86d0dd383f1..c1e432f4b1a 100644 --- a/htdocs/compta/deplacement/document.php +++ b/htdocs/compta/deplacement/document.php @@ -71,7 +71,7 @@ $modulepart = 'trip'; * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php index 3922228c4fa..cbf6b045e85 100644 --- a/htdocs/compta/facture/document.php +++ b/htdocs/compta/facture/document.php @@ -79,7 +79,7 @@ if ($object->fetch($id)) * Actions */ -require_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/compta/paiement/card.php b/htdocs/compta/paiement/card.php index b7f8d3c9a3d..3cedb27f07c 100644 --- a/htdocs/compta/paiement/card.php +++ b/htdocs/compta/paiement/card.php @@ -43,12 +43,22 @@ $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); +$object = new Paiement($db); +// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context +$hookmanager->initHooks(array('paymentcard', 'globalcard')); + +// Load object +include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once. + +$result = restrictedArea($user, $object->element, $object->id, 'paiement', ''); + // Security check if ($user->socid) $socid = $user->socid; -// TODO ajouter regle pour restreindre acces paiement -//$result = restrictedArea($user, 'facture', $id,''); - -$object = new Paiement($db); +// Now check also permission on thirdparty of invoices of payments. Thirdparty were loaded by the fetch_object before based on first invoice. +// It should be enough because all payments are done on invoices of the same thirdparty. +if ($socid && $socid != $object->thirdparty->id) { + accessforbidden(); +} /* @@ -59,7 +69,6 @@ if ($action == 'setnote' && $user->rights->facture->paiement) { $db->begin(); - $object->fetch($id); $result = $object->update_note(GETPOST('note', 'restricthtml')); if ($result > 0) { @@ -75,7 +84,6 @@ if ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->facture-> { $db->begin(); - $object->fetch($id); $result = $object->delete(); if ($result > 0) { @@ -100,7 +108,6 @@ if ($action == 'confirm_validate' && $confirm == 'yes' && $user->rights->facture { $db->begin(); - $object->fetch($id); if ($object->validate($user) > 0) { $db->commit(); @@ -134,7 +141,6 @@ if ($action == 'confirm_validate' && $confirm == 'yes' && $user->rights->facture if ($action == 'setnum_paiement' && !empty($_POST['num_paiement'])) { - $object->fetch($id); $res = $object->update_num($_POST['num_paiement']); if ($res === 0) { @@ -146,7 +152,6 @@ if ($action == 'setnum_paiement' && !empty($_POST['num_paiement'])) if ($action == 'setdatep' && !empty($_POST['datepday'])) { - $object->fetch($id); $datepaye = dol_mktime(GETPOST('datephour', 'int'), GETPOST('datepmin', 'int'), GETPOST('datepsec', 'int'), GETPOST('datepmonth', 'int'), GETPOST('datepday', 'int'), GETPOST('datepyear', 'int')); $res = $object->update_date($datepaye); if ($res === 0) diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index 76b1dab5d83..842cb24a024 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -1294,7 +1294,8 @@ class Paiement extends CommonObject // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** - * Load the third party of object, from id into this->thirdparty + * Load the third party of object, from id into this->thirdparty. + * For payments, take the thirdparty linked to the first invoice found. This is enough because payments are done on invoices of the same thirdparty. * * @param int $force_thirdparty_id Force thirdparty id * @return int <0 if KO, >0 if OK diff --git a/htdocs/compta/paiement/info.php b/htdocs/compta/paiement/info.php index 208d74a316f..ace21e40f95 100644 --- a/htdocs/compta/paiement/info.php +++ b/htdocs/compta/paiement/info.php @@ -36,6 +36,23 @@ $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); +$object = new Paiement($db); + +// Load object +include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once. + +$result = restrictedArea($user, $object->element, $object->id, 'paiement', ''); + +// Security check +if ($user->socid) $socid = $user->socid; +// Now check also permission on thirdparty of invoices of payments. Thirdparty were loaded by the fetch_object before based on first invoice. +// It should be enough because all payments are done on invoices of the same thirdparty. +if ($socid && $socid != $object->thirdparty->id) { + accessforbidden(); +} + + + /* * Actions */ @@ -49,8 +66,6 @@ $confirm = GETPOST('confirm', 'alpha'); llxHeader('', $langs->trans("Payment")); -$object = new Paiement($db); -$object->fetch($id, $ref); $object->info($object->id); $head = payment_prepare_head($object); diff --git a/htdocs/compta/paiement/rapport.php b/htdocs/compta/paiement/rapport.php index 47bb2ad2582..0af202016df 100644 --- a/htdocs/compta/paiement/rapport.php +++ b/htdocs/compta/paiement/rapport.php @@ -30,9 +30,6 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; -// Security check -if (!$user->rights->facture->lire) accessforbidden(); - $action = GETPOST('action', 'aZ09'); $socid = 0; @@ -48,6 +45,9 @@ if (!$user->rights->societe->client->voir || $socid) $dir .= '/private/'.$user-> $year = GETPOST('year', 'int'); if (!$year) { $year = date("Y"); } +// Security check +if (empty($user->rights->facture->lire)) accessforbidden(); + /* * Actions diff --git a/htdocs/compta/paiement/tovalidate.php b/htdocs/compta/paiement/tovalidate.php index f6582a4ffb4..4cf14ad8a5c 100644 --- a/htdocs/compta/paiement/tovalidate.php +++ b/htdocs/compta/paiement/tovalidate.php @@ -27,10 +27,6 @@ require '../../main.inc.php'; // Load translation files required by the page $langs->load("bills"); -// Security check -if (!$user->rights->facture->lire) - accessforbidden(); - $socid = 0; if ($user->socid > 0) { @@ -50,6 +46,9 @@ $pagenext = $page + 1; if (!$sortorder) $sortorder = "DESC"; if (!$sortfield) $sortfield = "p.rowid"; +// Security check +if (empty($user->rights->facture->lire)) accessforbidden(); + /* * Actions diff --git a/htdocs/compta/sociales/document.php b/htdocs/compta/sociales/document.php index dbb01060a4d..d65f2cf7a3c 100644 --- a/htdocs/compta/sociales/document.php +++ b/htdocs/compta/sociales/document.php @@ -77,7 +77,7 @@ $modulepart = 'tax'; * Actions */ -require_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; if ($action == 'setlib' && $user->rights->tax->charges->creer) { diff --git a/htdocs/compta/tva/document.php b/htdocs/compta/tva/document.php index e310e61fcb8..addaf50d990 100644 --- a/htdocs/compta/tva/document.php +++ b/htdocs/compta/tva/document.php @@ -78,7 +78,7 @@ $modulepart = 'tax-vat'; * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; if ($action == 'setlib' && $user->rights->tax->charges->creer) { diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index 0c4a683ae33..cd1db0bbc9a 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -2150,6 +2150,12 @@ if ($action == 'create') $linktoelem = $form->showLinkToObjectBlock($object, null, array('contrat')); $somethingshown = $form->showLinkedObjectBlock($object, $linktoelem); + // Show direct download link + if ($object->statut != Contrat::STATUS_DRAFT && !empty($conf->global->CONTRACT_ALLOW_EXTERNAL_DOWNLOAD)) + { + print '
'."\n"; + print showDirectDownloadLink($object).'
'; + } print '
'; diff --git a/htdocs/contrat/document.php b/htdocs/contrat/document.php index ba15af0de19..dfdb0fe6d31 100644 --- a/htdocs/contrat/document.php +++ b/htdocs/contrat/document.php @@ -85,7 +85,7 @@ $hookmanager->initHooks(array('contractcard', 'globalcard')); * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 08391a4a797..0c0de66840b 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -4884,6 +4884,9 @@ abstract class CommonObject if ($this->element == 'bank_account' && !empty($conf->global->BANK_ACCOUNT_ALLOW_EXTERNAL_DOWNLOAD)) { $setsharekey = true; } + if ($this->element == 'contrat' && !empty($conf->global->CONTRACT_ALLOW_EXTERNAL_DOWNLOAD)) { + $setsharekey = true; + } if ($setsharekey) { if (empty($ecmfile->share)) // Because object not found or share not set yet diff --git a/htdocs/core/class/conf.class.php b/htdocs/core/class/conf.class.php index 1eb3b9911ba..d8fbceeecf8 100644 --- a/htdocs/core/class/conf.class.php +++ b/htdocs/core/class/conf.class.php @@ -98,7 +98,7 @@ class Conf public $dol_hide_leftmenu; // Set if we force param dol_hide_leftmenu into login url public $dol_optimize_smallscreen; // Set if we force param dol_optimize_smallscreen into login url or if browser is smartphone public $dol_no_mouse_hover; // Set if we force param dol_no_mouse_hover into login url or if browser is smartphone - public $dol_use_jmobile; // Set if we force param dol_use_jmobile into login url + public $dol_use_jmobile; // Set if we force param dol_use_jmobile into login url. 0=default, 1=to say we use app from a webview app, 2=to say we use app from a webview app and keep ajax public $liste_limit; diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php index 9f901ed3452..af336c38745 100644 --- a/htdocs/core/class/discount.class.php +++ b/htdocs/core/class/discount.class.php @@ -222,6 +222,7 @@ class DiscountAbsolute if (empty($this->multicurrency_amount_ht)) $this->multicurrency_amount_ht = 0; if (empty($this->multicurrency_amount_tva)) $this->multicurrency_amount_tva = 0; if (empty($this->multicurrency_amount_ttc)) $this->multicurrency_amount_ttc = 0; + if (empty($this->tva_tx)) $this->tva_tx = 0; // Check parameters if (empty($this->description)) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 3e7890a2d51..cd018c3e6dc 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -6301,7 +6301,7 @@ class Form */ public function selectForFormsList($objecttmp, $htmlname, $preselectedvalue, $showempty = '', $searchkey = '', $placeholder = '', $morecss = '', $moreparams = '', $forcecombo = 0, $outputmode = 0, $disabled = 0) { - global $conf, $langs, $user; + global $conf, $langs, $user, $hookmanager; //print "$objecttmp->filter, $htmlname, $preselectedvalue, $showempty = '', $searchkey = '', $placeholder = '', $morecss = '', $moreparams = '', $forcecombo = 0, $outputmode = 0, $disabled"; @@ -6347,27 +6347,34 @@ class Form } if ($objecttmp->ismultientitymanaged == 'fk_soc@societe') if (!$user->rights->societe->client->voir && !$user->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql .= " WHERE 1=1"; - if (isset($objecttmp->ismultientitymanaged) && $objecttmp->ismultientitymanaged == 1) $sql .= " AND t.entity IN (".getEntity($objecttmp->table_element).")"; - if (isset($objecttmp->ismultientitymanaged) && !is_numeric($objecttmp->ismultientitymanaged)) { - $sql .= ' AND parenttable.entity = t.'.$tmparray[0]; - } - if ($objecttmp->ismultientitymanaged == 1 && !empty($user->socid)) { - if ($objecttmp->element == 'societe') $sql .= " AND t.rowid = ".$user->socid; - else $sql .= " AND t.fk_soc = ".$user->socid; - } - if ($searchkey != '') $sql .= natural_search(explode(',', $fieldstoshow), $searchkey); - if ($objecttmp->ismultientitymanaged == 'fk_soc@societe') { - if (!$user->rights->societe->client->voir && !$user->socid) $sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; - } - if ($objecttmp->filter) { // Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" - /*if (! DolibarrApi::_checkFilters($objecttmp->filter)) - { - throw new RestException(503, 'Error when validating parameter sqlfilters '.$objecttmp->filter); - }*/ - $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; - $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'Form::forgeCriteriaCallback', $objecttmp->filter).")"; - } + + // Add where from hooks + $parameters = array(); + $reshook = $hookmanager->executeHooks('selectForFormsListWhere', $parameters); // Note that $action and $object may have been modified by hook + if (!empty($hookmanager->resPrint)) $sql .= $hookmanager->resPrint; + else { + $sql .= " WHERE 1=1"; + if (isset($objecttmp->ismultientitymanaged) && $objecttmp->ismultientitymanaged == 1) $sql .= " AND t.entity IN (".getEntity($objecttmp->table_element).")"; + if (isset($objecttmp->ismultientitymanaged) && !is_numeric($objecttmp->ismultientitymanaged)) { + $sql .= ' AND parenttable.entity = t.'.$tmparray[0]; + } + if ($objecttmp->ismultientitymanaged == 1 && !empty($user->socid)) { + if ($objecttmp->element == 'societe') $sql .= " AND t.rowid = ".$user->socid; + else $sql .= " AND t.fk_soc = ".$user->socid; + } + if ($searchkey != '') $sql .= natural_search(explode(',', $fieldstoshow), $searchkey); + if ($objecttmp->ismultientitymanaged == 'fk_soc@societe') { + if (!$user->rights->societe->client->voir && !$user->socid) $sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + } + if ($objecttmp->filter) { // Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" + /*if (! DolibarrApi::_checkFilters($objecttmp->filter)) + { + throw new RestException(503, 'Error when validating parameter sqlfilters '.$objecttmp->filter); + }*/ + $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'Form::forgeCriteriaCallback', $objecttmp->filter).")"; + } + } $sql .= $this->db->order($fieldstoshow, "ASC"); //$sql.=$this->db->plimit($limit, 0); //print $sql; @@ -6473,6 +6480,11 @@ class Form $out = ''; + if ($addjscombo < 0) { + if (empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) $addjscombo = 1; + else $addjscombo = 0; + } + // Add code for jquery to use multiselect if ($addjscombo && $jsbeautify) { // Enhance with select2 diff --git a/htdocs/core/class/html.formcompany.class.php b/htdocs/core/class/html.formcompany.class.php index e84a6716134..8cff096e56a 100644 --- a/htdocs/core/class/html.formcompany.class.php +++ b/htdocs/core/class/html.formcompany.class.php @@ -1029,11 +1029,10 @@ class FormCompany extends Form public function formThirdpartyType($page, $selected = '', $htmlname = 'socid', $filter = '', $nooutput = 0) { // phpcs:enable - global $langs; + global $conf, $langs; $out = ''; - if ($htmlname != "none") - { + if ($htmlname != "none") { $out .= '
'; $out .= ''; $out .= ''; @@ -1042,8 +1041,7 @@ class FormCompany extends Form $out .= ''; $out .= '
'; } else { - if ($selected) - { + if ($selected) { $arr = $this->typent_array(0); $typent = $arr[$selected]; $out .= $typent; @@ -1052,7 +1050,10 @@ class FormCompany extends Form } } - if ($nooutput) return $out; - else print $out; + if ($nooutput) { + return $out; + } else { + print $out; + } } } diff --git a/htdocs/core/class/html.formticket.class.php b/htdocs/core/class/html.formticket.class.php index c310c352690..c1837af4c56 100644 --- a/htdocs/core/class/html.formticket.class.php +++ b/htdocs/core/class/html.formticket.class.php @@ -247,6 +247,18 @@ class FormTicket $doleditor->Create(); print ''; + if (!empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA)) { + require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''.img_picto($langs->trans("Refresh"), 'refresh', 'id="captcha_refresh_img"').''; + print ''; + print ''; + } // Attached files if (!empty($this->withfile)) { diff --git a/htdocs/core/lib/asset.lib.php b/htdocs/core/lib/asset.lib.php index 5fddf4f1c46..96355704c96 100644 --- a/htdocs/core/lib/asset.lib.php +++ b/htdocs/core/lib/asset.lib.php @@ -80,7 +80,7 @@ function asset_prepare_head(Asset $object) $h = 0; $head = array(); - $head[$h][0] = DOL_URL_ROOT.'/asset/card.php'; + $head[$h][0] = DOL_URL_ROOT.'/asset/card.php?id='.$object->id; $head[$h][1] = $langs->trans("Card"); $head[$h][2] = 'card'; $h++; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 84a4e6ace5c..b93aa90bb8c 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -3371,9 +3371,12 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ $fakey = 'fa-'.$pictowithouttext; } - if (in_array($pictowithouttext, array('dollyrevert', 'member', 'members', 'contract', 'group', 'resource', 'shipment'))) { + if (in_array($pictowithouttext, array('holiday', 'dollyrevert', 'member', 'members', 'contract', 'group', 'resource', 'shipment'))) { $morecss = 'em092'; } + if (in_array($pictowithouttext, array('holiday'))) { + $morecss = 'em088'; + } if (in_array($pictowithouttext, array('intervention', 'payment', 'loan', 'stock', 'technic'))) { $morecss = 'em080'; } @@ -6248,17 +6251,19 @@ function getCommonSubstitutionArray($outputlangs, $onlykey = 0, $exclude = null, ) ); - $substitutionarray = array_merge($substitutionarray, array( - '__USER_ID__' => (string) $user->id, - '__USER_LOGIN__' => (string) $user->login, - '__USER_EMAIL__' => (string) $user->email, - '__USER_LASTNAME__' => (string) $user->lastname, - '__USER_FIRSTNAME__' => (string) $user->firstname, - '__USER_FULLNAME__' => (string) $user->getFullName($outputlangs), - '__USER_SUPERVISOR_ID__' => (string) ($user->fk_user ? $user->fk_user : '0'), - '__USER_REMOTE_IP__' => (string) getUserRemoteIP() - ) + if (is_object($user)) { + $substitutionarray = array_merge($substitutionarray, array( + '__USER_ID__' => (string) $user->id, + '__USER_LOGIN__' => (string) $user->login, + '__USER_EMAIL__' => (string) $user->email, + '__USER_LASTNAME__' => (string) $user->lastname, + '__USER_FIRSTNAME__' => (string) $user->firstname, + '__USER_FULLNAME__' => (string) $user->getFullName($outputlangs), + '__USER_SUPERVISOR_ID__' => (string) ($user->fk_user ? $user->fk_user : '0'), + '__USER_REMOTE_IP__' => (string) getUserRemoteIP() + ) ); + } } if ((empty($exclude) || !in_array('mycompany', $exclude)) && is_object($mysoc)) { @@ -6272,7 +6277,7 @@ function getCommonSubstitutionArray($outputlangs, $onlykey = 0, $exclude = null, '__MYCOMPANY_PROFID5__' => $mysoc->idprof5, '__MYCOMPANY_PROFID6__' => $mysoc->idprof6, '__MYCOMPANY_CAPITAL__' => $mysoc->capital, - '__MYCOMPANY_FULLADDRESS__' => $mysoc->getFullAddress(1, ', '), + '__MYCOMPANY_FULLADDRESS__' => (method_exists($mysoc, 'getFullAddress') ? $mysoc->getFullAddress(1, ', ') : ''), // $mysoc may be stdClass '__MYCOMPANY_ADDRESS__' => $mysoc->address, '__MYCOMPANY_ZIP__' => $mysoc->zip, '__MYCOMPANY_TOWN__' => $mysoc->town, @@ -6553,6 +6558,7 @@ function getCommonSubstitutionArray($outputlangs, $onlykey = 0, $exclude = null, if (is_object($object) && $object->element == 'commande') $typeforonlinepayment = 'order'; if (is_object($object) && $object->element == 'facture') $typeforonlinepayment = 'invoice'; if (is_object($object) && $object->element == 'member') $typeforonlinepayment = 'member'; + if (is_object($object) && $object->element == 'contrat') $typeforonlinepayment = 'contract'; $url = getOnlinePaymentUrl(0, $typeforonlinepayment, $substitutionarray['__REF__']); $paymenturl = $url; } @@ -6574,10 +6580,15 @@ function getCommonSubstitutionArray($outputlangs, $onlykey = 0, $exclude = null, { $substitutionarray['__DIRECTDOWNLOAD_URL_INVOICE__'] = $object->getLastMainDocLink($object->element); } else $substitutionarray['__DIRECTDOWNLOAD_URL_INVOICE__'] = ''; + if (!empty($conf->global->CONTRACT_ALLOW_EXTERNAL_DOWNLOAD) && is_object($object) && $object->element == 'contrat') + { + $substitutionarray['__DIRECTDOWNLOAD_URL_CONTRACT__'] = $object->getLastMainDocLink($object->element); + } else $substitutionarray['__DIRECTDOWNLOAD_URL_CONTRACT__'] = ''; if (is_object($object) && $object->element == 'propal') $substitutionarray['__URL_PROPOSAL__'] = DOL_MAIN_URL_ROOT."/comm/propal/card.php?id=".$object->id; if (is_object($object) && $object->element == 'commande') $substitutionarray['__URL_ORDER__'] = DOL_MAIN_URL_ROOT."/commande/card.php?id=".$object->id; if (is_object($object) && $object->element == 'facture') $substitutionarray['__URL_INVOICE__'] = DOL_MAIN_URL_ROOT."/compta/facture/card.php?id=".$object->id; + if (is_object($object) && $object->element == 'contrat') $substitutionarray['__URL_CONTRACT__'] = DOL_MAIN_URL_ROOT."/contrat/card.php?id=".$object->id; } if (is_object($object) && $object->element == 'action') diff --git a/htdocs/core/lib/memory.lib.php b/htdocs/core/lib/memory.lib.php index ccf2ce7ce12..65a0b488744 100644 --- a/htdocs/core/lib/memory.lib.php +++ b/htdocs/core/lib/memory.lib.php @@ -60,8 +60,9 @@ $shmoffset = 1000; // Max number of entries found into a language file. If too l * Save data into a memory area shared by all users, all sessions on server * * @param string $memoryid Memory id of shared area - * @param string $data Data to save + * @param mixed $data Data to save * @return int <0 if KO, Nb of bytes written if OK + * @see dol_getcache() */ function dol_setcache($memoryid, $data) { @@ -117,7 +118,8 @@ function dol_setcache($memoryid, $data) * Read a memory area shared by all users, all sessions on server * * @param string $memoryid Memory id of shared area - * @return int <0 if KO, data if OK + * @return int|mixed <0 if KO, data if OK + * @see dol_setcache() */ function dol_getcache($memoryid) { diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 4602e877bd1..9d18dd1dd85 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -165,6 +165,7 @@ function dol_verifyHash($chain, $hash, $type = '0') /** * Check permissions of a user to show a page and an object. Check read permission. * If GETPOST('action','aZ09') defined, we also check write and delete permission. + * This method check permission on module then call checkUserAccessToObject() for permission on object (according to entity and socid of user). * * @param User $user User to check * @param string $features Features to check (it must be module $object->element. Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...) @@ -175,20 +176,22 @@ function dol_verifyHash($chain, $hash, $type = '0') * @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional) * @param int $isdraft 1=The object with id=$objectid is a draft * @return int Always 1, die process if not allowed - * @see dol_check_secure_access_document() + * @see dol_check_secure_access_document(), checkUserAccessToObject() */ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $isdraft = 0) { global $db, $conf; global $hookmanager; - //dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename,$feature2,$dbt_socfield,$dbt_select"); + //dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename, $feature2, $dbt_socfield, $dbt_select, $isdraft"); //print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", objectid=".$objectid; //print ", dbtablename=".$dbtablename.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select; //print ", perm: ".$features."->".$feature2."=".($user->rights->$features->$feature2->lire)."
"; $parentfortableentity = ''; + // Fix syntax of $features param + $originalfeatures = $features; if ($features == 'facturerec') $features = 'facture'; if ($features == 'mo') $features = 'mrp'; if ($features == 'member') $features = 'adherent'; @@ -198,7 +201,7 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f if ($features == 'product') $features = 'produit'; // Get more permissions checks from hooks - $parameters = array('features'=>$features, 'objectid'=>$objectid, 'idtype'=>$dbt_select); + $parameters = array('features'=>$features, 'originalfeatures'=>$originalfeatures, 'objectid'=>$objectid, 'dbt_select'=>$dbt_select, 'idtype'=>$dbt_select, 'isdraft'=>$isdraft); $reshook = $hookmanager->executeHooks('restrictedArea', $parameters); if (isset($hookmanager->resArray['result'])) { @@ -218,11 +221,6 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f // More subfeatures to check if (!empty($feature2)) $feature2 = explode("|", $feature2); - // More parameters - $params = explode('&', $tableandshare); - $dbtablename = (!empty($params[0]) ? $params[0] : ''); - $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename); - $listofmodules = explode(',', $conf->global->MAIN_MODULES_FOR_EXTERNAL); // Check read permission from module @@ -247,6 +245,10 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f if (!$user->rights->banque->cheque) { $readok = 0; $nbko++; } } elseif ($feature == 'projet') { if (!$user->rights->projet->lire && !$user->rights->projet->all->lire) { $readok = 0; $nbko++; } + } elseif ($feature == 'payment') { + if (!$user->rights->facture->lire) { $readok = 0; $nbko++; } + } elseif ($feature == 'payment_supplier') { + if (!$user->rights->fournisseur->facture->lire) { $readok = 0; $nbko++; } } elseif (!empty($feature2)) { // This is for permissions on 2 levels $tmpreadok = 1; foreach ($feature2 as $subfeature) { @@ -426,6 +428,10 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand { global $db, $conf; + //dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename, $feature2, $dbt_socfield, $dbt_select, $isdraft"); + //print "user_id=".$user->id.", features=".join(',', $featuresarray).", feature2=".$feature2.", objectid=".$objectid; + //print ", tableandshare=".$tableandshare.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select."
"; + // More parameters $params = explode('&', $tableandshare); $dbtablename = (!empty($params[0]) ? $params[0] : ''); @@ -440,13 +446,13 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand if ($feature == 'project') $feature = 'projet'; if ($feature == 'task') $feature = 'projet_task'; - $check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'website'); // Test on entity only (Objects with no link to company) + $check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'payment', 'payment_supplier', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'website'); // Test on entity only (Objects with no link to company) $checksoc = array('societe'); // Test for societe object - $checkother = array('contact', 'agenda'); // Test on entity and link to third party. Allowed if link is empty (Ex: contacts...). + $checkother = array('contact', 'agenda'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...). $checkproject = array('projet', 'project'); // Test for project object $checktask = array('projet_task'); // Test for task object $nocheck = array('barcode', 'stock'); // No test - //$checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...). + //$checkdefault = 'all other not already defined'; // Test on entity + link to third party on field $dbt_keyfield. Not allowed if link is empty (Ex: invoice, orders...). // If dbtablename not defined, we use same name for table than module name if (empty($dbtablename)) @@ -455,17 +461,14 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename); // We change dbtablename, so we set sharedelement too. } - // Check permission for object with entity + // Check permission for object on entity only if (in_array($feature, $check)) { $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; - if (($feature == 'user' || $feature == 'usergroup') && !empty($conf->multicompany->enabled)) - { - if (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) - { - if ($conf->entity == 1 && $user->admin && !$user->entity) - { + if (($feature == 'user' || $feature == 'usergroup') && !empty($conf->multicompany->enabled)) { // Special for multicompany + if (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { + if ($conf->entity == 1 && $user->admin && !$user->entity) { $sql .= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; $sql .= " AND dbt.entity IS NOT NULL"; } else { @@ -490,15 +493,12 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } } - } elseif (in_array($feature, $checksoc)) // We check feature = checksoc - { - // If external user: Check permission for external users - if ($user->socid > 0) - { + } elseif (in_array($feature, $checksoc)) { // We check feature = checksoc + if ($user->socid > 0) { + // If external user: Check permission for external users if ($user->socid <> $objectid) return false; - } // If internal user: Check permission for internal users that are restricted on their objects - elseif (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) - { + } elseif (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) { + // If internal user: Check permission for internal users that are restricted on their objects $sql = "SELECT COUNT(sc.fk_soc) as nb"; $sql .= " FROM (".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= ", ".MAIN_DB_PREFIX."societe as s)"; @@ -506,15 +506,14 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand $sql .= " AND sc.fk_user = ".$user->id; $sql .= " AND sc.fk_soc = s.rowid"; $sql .= " AND s.entity IN (".getEntity($sharedelement, 1).")"; - } // If multicompany and internal users with all permissions, check user is in correct entity - elseif (!empty($conf->multicompany->enabled)) - { + } elseif (!empty($conf->multicompany->enabled)) { + // If multicompany and internal users with all permissions, check user is in correct entity $sql = "SELECT COUNT(s.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= " WHERE s.rowid IN (".$objectid.")"; $sql .= " AND s.entity IN (".getEntity($sharedelement, 1).")"; } - } elseif (in_array($feature, $checkother)) // Test on entity and link to societe. Allowed if link is empty (Ex: contacts...). + } elseif (in_array($feature, $checkother)) // Test on entity + link to thirdparty. Allowed if link is empty (Ex: contacts...). { // If external user: Check permission for external users if ($user->socid > 0) diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 4135c26c7c0..42304cc7be2 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -1452,7 +1452,7 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM $newmenu->add("/asset/list.php?leftmenu=asset&mainmenu=accountancy", $langs->trans("MenuListAssets"), 1, $user->rights->asset->read); $newmenu->add("/asset/type.php?leftmenu=asset_type", $langs->trans("MenuTypeAssets"), 1, $user->rights->asset->read, '', $mainmenu, 'asset_type'); if ($usemenuhider || empty($leftmenu) || preg_match('/asset_type/', $leftmenu)) { - $newmenu->add("/asset/type.php?leftmenu=asset_type&action=create", $langs->trans("MenuNewTypeAssets"), 2, (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && $user->rights->asset->setup_advance)); + $newmenu->add("/asset/type.php?leftmenu=asset_type&action=create", $langs->trans("MenuNewTypeAssets"), 2, $user->rights->asset->setup_advance); $newmenu->add("/asset/type.php?leftmenu=asset_type", $langs->trans("MenuListTypeAssets"), 2, $user->rights->asset->read); } } diff --git a/htdocs/core/modules/import/import_xlsx.modules.php b/htdocs/core/modules/import/import_xlsx.modules.php index 6c0bcc0f4b1..5b2e339a588 100644 --- a/htdocs/core/modules/import/import_xlsx.modules.php +++ b/htdocs/core/modules/import/import_xlsx.modules.php @@ -173,7 +173,7 @@ class ImportXlsx extends ModeleImports $this->workbook->getActiveSheet()->getStyle('1')->getFont()->setBold(true); $this->workbook->getActiveSheet()->getStyle('1')->getAlignment()->setHorizontal(Alignment::HORIZONTAL_LEFT); - $col = 0; + $col = 1; foreach ($headerlinefields as $field) { $this->workbook->getActiveSheet()->SetCellValueByColumnAndRow($col, 1, $outputlangs->transnoentities($field)); // set autowidth @@ -195,7 +195,7 @@ class ImportXlsx extends ModeleImports public function write_record_example($outputlangs, $contentlinevalues) { // phpcs:enable - $col = 0; + $col = 1; $row = 2; foreach ($contentlinevalues as $cell) { $this->workbook->getActiveSheet()->SetCellValueByColumnAndRow($col, $row, $cell); @@ -289,7 +289,7 @@ class ImportXlsx extends ModeleImports $xlsx = new Xlsx(); $info = $xlsx->listWorksheetinfo($this->file); $countcolumns = $info[0]['totalColumns']; - for ($col = 0; $col < $countcolumns; $col++) { + for ($col = 1; $col <= $countcolumns; $col++) { $this->headers[$col] = $this->workbook->getActiveSheet()->getCellByColumnAndRow($col, 1)->getValue(); } return 0; @@ -314,7 +314,7 @@ class ImportXlsx extends ModeleImports $xlsx = new Xlsx(); $info = $xlsx->listWorksheetinfo($this->file); $countcolumns = $info[0]['totalColumns']; - for ($col = 0; $col < $countcolumns; $col++) { + for ($col = 1; $col <= $countcolumns; $col++) { $val = $this->workbook->getActiveSheet()->getCellByColumnAndRow($col, $this->record)->getValue(); $array[$col]['val'] = $val; $array[$col]['type'] = (dol_strlen($val) ? 1 : -1); // If empty we consider it null @@ -372,7 +372,7 @@ class ImportXlsx extends ModeleImports //var_dump($sort_array_match_file_to_database); - if (count($arrayrecord) == 0 || (count($arrayrecord) == 1 && empty($arrayrecord[0]['val']))) { + if (count($arrayrecord) == 0 || (count($arrayrecord) == 1 && empty($arrayrecord[1]['val']))) { //print 'W'; $this->warnings[$warning]['lib'] = $langs->trans('EmptyLine'); $this->warnings[$warning]['type'] = 'EMPTY'; @@ -420,7 +420,7 @@ class ImportXlsx extends ModeleImports if ($key <= $maxfields) { // Set $newval with value to insert and set $listvalues with sql request part for insert $newval = ''; - if ($arrayrecord[($key - 1)]['type'] > 0) $newval = $arrayrecord[($key - 1)]['val']; // If type of field into input file is not empty string (so defined into input file), we get value + if ($arrayrecord[($key)]['type'] > 0) $newval = $arrayrecord[($key)]['val']; // If type of field into input file is not empty string (so defined into input file), we get value // Make some tests on $newval @@ -572,21 +572,21 @@ class ImportXlsx extends ModeleImports $newval = $this->thirpartyobject->code_client; //print 'code_client='.$newval; } - if (empty($newval)) $arrayrecord[($key - 1)]['type'] = -1; // If we get empty value, we will use "null" + if (empty($newval)) $arrayrecord[($key)]['type'] = -1; // If we get empty value, we will use "null" } elseif ($objimport->array_import_convertvalue[0][$val]['rule'] == 'getsuppliercodeifauto') { if (strtolower($newval) == 'auto') { $newval = $this->thirpartyobject->get_codefournisseur(0, 1); $newval = $this->thirpartyobject->code_fournisseur; //print 'code_fournisseur='.$newval; } - if (empty($newval)) $arrayrecord[($key - 1)]['type'] = -1; // If we get empty value, we will use "null" + if (empty($newval)) $arrayrecord[($key)]['type'] = -1; // If we get empty value, we will use "null" } elseif ($objimport->array_import_convertvalue[0][$val]['rule'] == 'getcustomeraccountancycodeifauto') { if (strtolower($newval) == 'auto') { $this->thirpartyobject->get_codecompta('customer'); $newval = $this->thirpartyobject->code_compta; //print 'code_compta='.$newval; } - if (empty($newval)) $arrayrecord[($key - 1)]['type'] = -1; // If we get empty value, we will use "null" + if (empty($newval)) $arrayrecord[($key)]['type'] = -1; // If we get empty value, we will use "null" } elseif ($objimport->array_import_convertvalue[0][$val]['rule'] == 'getsupplieraccountancycodeifauto') { if (strtolower($newval) == 'auto') { $this->thirpartyobject->get_codecompta('supplier'); @@ -594,7 +594,7 @@ class ImportXlsx extends ModeleImports if (empty($newval)) $arrayrecord[($key - 1)]['type'] = -1; // If we get empty value, we will use "null" //print 'code_compta_fournisseur='.$newval; } - if (empty($newval)) $arrayrecord[($key - 1)]['type'] = -1; // If we get empty value, we will use "null" + if (empty($newval)) $arrayrecord[($key)]['type'] = -1; // If we get empty value, we will use "null" } elseif ($objimport->array_import_convertvalue[0][$val]['rule'] == 'getrefifauto') { $defaultref = ''; // TODO provide the $modTask (module of generation of ref) as parameter of import_insert function @@ -624,7 +624,7 @@ class ImportXlsx extends ModeleImports $errorforthistable++; $error++; } else { - $newval = $arrayrecord[($key - 1)]['val']; //We get new value computed. + $newval = $arrayrecord[($key)]['val']; //We get new value computed. } } elseif ($objimport->array_import_convertvalue[0][$val]['rule'] == 'numeric') { $newval = price2num($newval); @@ -695,8 +695,8 @@ class ImportXlsx extends ModeleImports $listfields[] = $fieldname; // Note: arrayrecord (and 'type') is filled with ->import_read_record called by import.php page before calling import_insert - if (empty($newval) && $arrayrecord[($key - 1)]['type'] < 0) $listvalues[] = ($newval == '0' ? $newval : "null"); - elseif (empty($newval) && $arrayrecord[($key - 1)]['type'] == 0) $listvalues[] = "''"; + if (empty($newval) && $arrayrecord[($key)]['type'] < 0) $listvalues[] = ($newval == '0' ? $newval : "null"); + elseif (empty($newval) && $arrayrecord[($key)]['type'] == 0) $listvalues[] = "''"; else $listvalues[] = "'" . $this->db->escape($newval) . "'"; } $i++; diff --git a/htdocs/core/modules/modAsset.class.php b/htdocs/core/modules/modAsset.class.php index 505ed444f55..6ee48388234 100644 --- a/htdocs/core/modules/modAsset.class.php +++ b/htdocs/core/modules/modAsset.class.php @@ -79,7 +79,7 @@ class modAsset extends DolibarrModules // Data directories to create when module is enabled. // Example: this->dirs = array("/asset/temp","/asset/subdir"); - $this->dirs = array(); + $this->dirs = array("/asset/temp"); // Config pages. Put here list of php page, stored into asset/admin directory, to use to setup module. $this->config_page_url = array("setup.php@asset"); diff --git a/htdocs/core/modules/modProduct.class.php b/htdocs/core/modules/modProduct.class.php index 27d44160949..b4c1dd13e7d 100644 --- a/htdocs/core/modules/modProduct.class.php +++ b/htdocs/core/modules/modProduct.class.php @@ -192,6 +192,7 @@ class modProduct extends DolibarrModules 'p.duration'=>"Duration", 'p.finished' => 'Nature', 'p.price_base_type'=>"PriceBase", 'p.price'=>"UnitPriceHT", 'p.price_ttc'=>"UnitPriceTTC", + 'p.price_min'=>"MinPriceHT",'p.price_min_ttc'=>"MinPriceTTC", 'p.tva_tx'=>'VATRate', 'p.datec'=>'DateCreation', 'p.tms'=>'DateModification' ); @@ -216,7 +217,9 @@ class modProduct extends DolibarrModules 'p.customcode'=>'Text', 'p.duration'=>"Text", 'p.finished' => 'Numeric', - 'p.price_base_type'=>"Text", 'p.price'=>"Numeric", 'p.price_ttc'=>"Numeric", 'p.tva_tx'=>'Numeric', + 'p.price_base_type'=>"Text", 'p.price'=>"Numeric", 'p.price_ttc'=>"Numeric", + 'p.price_min'=>"Numeric", 'p.price_min_ttc'=>"Numeric", + 'p.tva_tx'=>'Numeric', 'p.datec'=>'Date', 'p.tms'=>'Date' ); if (!empty($conf->stock->enabled)) $this->export_TypeFields_array[$r] = array_merge($this->export_TypeFields_array[$r], array('e.ref'=>'Text', 'p.tobatch'=>'Numeric', 'p.stock'=>'Numeric', 'p.seuil_stock_alerte'=>'Numeric', 'p.desiredstock'=>'Numeric', 'p.pmp'=>'Numeric', 'p.cost_price'=>'Numeric')); @@ -547,7 +550,7 @@ class modProduct extends DolibarrModules // field order as per structure of table llx_product $import_sample = array( - 'p.ref' => "PREF123456", + 'p.ref' => "ref:PREF123456", 'p.datec' => dol_print_date(dol_now(), '%Y-%m-%d'), 'p.label' => "Product name in default language", 'p.description' => "Product description in default language", @@ -687,7 +690,7 @@ class modProduct extends DolibarrModules ); $this->import_examplevalues_array[$r] = array( - 'sp.fk_product' => "PRODUCT_REF or id:123456", + 'sp.fk_product' => "ref:PRODUCT_REF or id:123456", 'sp.fk_soc' => "My Supplier", 'sp.ref_fourn' => "XYZ-F123456", 'sp.quantity' => "5", @@ -749,13 +752,13 @@ class modProduct extends DolibarrModules $this->import_convertvalue_array[$r] = array( 'pr.fk_product'=>array('rule'=>'fetchidfromref', 'classfile'=>'/product/class/product.class.php', 'class'=>'Product', 'method'=>'fetch', 'element'=>'Product') ); - $this->import_examplevalues_array[$r] = array('pr.fk_product'=>"PRODUCT_REF or id:123456", + $this->import_examplevalues_array[$r] = array('pr.fk_product'=>"ref:PRODUCT_REF or id:123456", 'pr.price_base_type'=>"HT (for excl tax) or TTC (for inc tax)", 'pr.price_level'=>"1", 'pr.price'=>"100", 'pr.price_ttc'=>"110", 'pr.price_min'=>"100", 'pr.price_min_ttc'=>"110", 'pr.tva_tx'=>'20', 'pr.recuperableonly'=>'0', - 'pr.date_price'=>'2013-04-10'); + 'pr.date_price'=>'2020-12-31'); } if (!empty($conf->global->MAIN_MULTILANGS)) diff --git a/htdocs/core/tpl/ajaxrow.tpl.php b/htdocs/core/tpl/ajaxrow.tpl.php index 25d5f6f3526..1a797b936c3 100644 --- a/htdocs/core/tpl/ajaxrow.tpl.php +++ b/htdocs/core/tpl/ajaxrow.tpl.php @@ -28,7 +28,7 @@ // Protection to avoid direct call of template if (empty($object) || !is_object($object)) { - print "Error, template page can't be called as URL"; + print "Error, template page ".basename(__FILE__)." can't be called with no object defined."; exit; } diff --git a/htdocs/don/document.php b/htdocs/don/document.php index 9ff1fa98ea2..a211f076253 100644 --- a/htdocs/don/document.php +++ b/htdocs/don/document.php @@ -78,7 +78,7 @@ $modulepart = 'don'; * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; if ($action == 'classin' && $user->rights->don->creer) { diff --git a/htdocs/expedition/document.php b/htdocs/expedition/document.php index a9b19ede7c3..2b710e87dee 100644 --- a/htdocs/expedition/document.php +++ b/htdocs/expedition/document.php @@ -76,7 +76,7 @@ if ($object->fetch($id)) $upload_dir = $conf->expedition->dir_output."/sending/".dol_sanitizeFileName($object->ref); } -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/fichinter/document.php b/htdocs/fichinter/document.php index 1b9326468f4..aaab2072013 100644 --- a/htdocs/fichinter/document.php +++ b/htdocs/fichinter/document.php @@ -75,7 +75,7 @@ $modulepart = 'fichinter'; * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/fourn/commande/document.php b/htdocs/fourn/commande/document.php index d5a4455db06..293edb549ea 100644 --- a/htdocs/fourn/commande/document.php +++ b/htdocs/fourn/commande/document.php @@ -78,7 +78,7 @@ $object->fetch_thirdparty(); * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/fourn/facture/document.php b/htdocs/fourn/facture/document.php index 36f5a45b25e..4b2b45c7226 100644 --- a/htdocs/fourn/facture/document.php +++ b/htdocs/fourn/facture/document.php @@ -74,7 +74,7 @@ if ($object->fetch($id, $ref)) * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/fourn/paiement/card.php b/htdocs/fourn/paiement/card.php index 355b84796f2..5dea09eaf09 100644 --- a/htdocs/fourn/paiement/card.php +++ b/htdocs/fourn/paiement/card.php @@ -39,11 +39,22 @@ $action = GETPOST('action', 'alpha'); $confirm = GETPOST('confirm', 'alpha'); $object = new PaiementFourn($db); +// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context +$hookmanager->initHooks(array('supplierpaymentcard', 'globalcard')); + +// Load object +include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once. + +$result = restrictedArea($user, $object->element, $object->id, 'paiementfourn', ''); + +// Security check +if ($user->socid) $socid = $user->socid; +// Now check also permission on thirdparty of invoices of payments. Thirdparty were loaded by the fetch_object before based on first invoice. +// It should be enough because all payments are done on invoices of the same thirdparty. +if ($socid && $socid != $object->thirdparty->id) { + accessforbidden(); +} -// PDF -$hidedetails = (GETPOST('hidedetails', 'int') ? GETPOST('hidedetails', 'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 1 : 0)); -$hidedesc = (GETPOST('hidedesc', 'int') ? GETPOST('hidedesc', 'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 1 : 0)); -$hideref = (GETPOST('hideref', 'int') ? GETPOST('hideref', 'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 1 : 0)); /* * Actions @@ -177,41 +188,46 @@ if ($result > 0) print ''; /*print ''; - print '';*/ // Date of payment - print ''; + print ''; // Payment mode $labeltype = $langs->trans("PaymentType".$object->type_code) != ("PaymentType".$object->type_code) ? $langs->trans("PaymentType".$object->type_code) : $object->type_label; - print ''; + print ''; // Payment numero /* TODO Add field num_payment into payment table and save it - print ''; + print ''; */ // Amount - print ''; + print ''; + print ''; if (!empty($conf->global->BILL_ADD_PAYMENT_VALIDATION)) { - print ''; + print ''; + print ''; } $allow_delete = 1; // Bank account if (!empty($conf->banque->enabled)) { - if ($object->bank_account) + if ($object->fk_account) { $bankline = new AccountLine($db); $bankline->fetch($object->bank_line); @@ -222,8 +238,8 @@ if ($result > 0) } print ''; - print ''; - print ''; + print ''; print ''; - print ''; - print ''; + print ''; print ''; @@ -240,7 +256,8 @@ if ($result > 0) } // Note - print ''; + print ''; diff --git a/htdocs/fourn/paiement/info.php b/htdocs/fourn/paiement/info.php index 97ac2343c23..9ff0a86931e 100644 --- a/htdocs/fourn/paiement/info.php +++ b/htdocs/fourn/paiement/info.php @@ -33,8 +33,26 @@ $langs->loadLangs(array("bills", "suppliers", "companies")); $id = GETPOST('id', 'int'); $object = new PaiementFourn($db); -$object->fetch($id); -$object->info($id); + +// Load object +include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once. + +$result = restrictedArea($user, $object->element, $object->id, 'paiementfourn', ''); + +// Security check +if ($user->socid) $socid = $user->socid; +// Now check also permission on thirdparty of invoices of payments. Thirdparty were loaded by the fetch_object before based on first invoice. +// It should be enough because all payments are done on invoices of the same thirdparty. +if ($socid && $socid != $object->thirdparty->id) { + accessforbidden(); +} + + +/* + * Actions + */ + +// None /* @@ -43,10 +61,14 @@ $object->info($id); llxHeader(); +$object->info($id); + $head = payment_supplier_prepare_head($object); print dol_get_fiche_head($head, 'info', $langs->trans("SupplierPayment"), 0, 'payment'); +$linkback = ''.$langs->trans("BackToList").''; + dol_banner_tab($object, 'id', $linkback, -1, 'rowid', 'ref'); print dol_get_fiche_end(); diff --git a/htdocs/fourn/paiement/list.php b/htdocs/fourn/paiement/list.php index 3fca286eff0..1bf8984a6ee 100644 --- a/htdocs/fourn/paiement/list.php +++ b/htdocs/fourn/paiement/list.php @@ -178,7 +178,7 @@ if ($search_all) $sql .= natural_search(array_keys($fieldstosearchall), $search_ // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; -$sql .= ' GROUP BY p.rowid, p.datep, p.amount, p.num_paiement, s.rowid, s.nom, c.code, c.libelle, ba.rowid, ba.label'; +$sql .= ' GROUP BY p.rowid, p.ref, p.datep, p.amount, p.num_paiement, s.rowid, s.nom, s.email, c.code, c.libelle, ba.rowid, ba.label'; if (!$user->rights->societe->client->voir) $sql .= ', sc.fk_soc, sc.fk_user'; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/holiday/document.php b/htdocs/holiday/document.php index f366bb50c85..3bb48d1de15 100644 --- a/htdocs/holiday/document.php +++ b/htdocs/holiday/document.php @@ -72,7 +72,7 @@ $modulepart = 'holiday'; * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/install/mysql/data/llx_c_chargesociales.sql b/htdocs/install/mysql/data/llx_c_chargesociales.sql index 324223b274d..b728d9c6414 100644 --- a/htdocs/install/mysql/data/llx_c_chargesociales.sql +++ b/htdocs/install/mysql/data/llx_c_chargesociales.sql @@ -33,19 +33,19 @@ -- -- France -- -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 1, 'Allocations familiales', 1,1,'TAXFAM' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 2, 'CSG Deductible', 1,1,'TAXCSGD' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 3, 'CSG/CRDS NON Deductible',0,1,'TAXCSGND' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 10, 'Taxe apprentissage', 0,1,'TAXAPP' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 11, 'Taxe professionnelle', 0,1,'TAXPRO' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 12, 'Cotisation fonciere des entreprises', 0,1,'TAXCFE' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 13, 'Cotisation sur la valeur ajoutee des entreprises', 0,1,'TAXCVAE' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 20, 'Impots locaux/fonciers', 0,1,'TAXFON' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 25, 'Impots revenus', 0,1,'TAXREV' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 30, 'Assurance Sante', 0,1,'TAXSECU' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 40, 'Mutuelle', 0,1,'TAXMUT' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 50, 'Assurance vieillesse', 0,1,'TAXRET' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 60, 'Assurance Chomage', 0,1,'TAXCHOM' ,'1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 1, 'Securite sociale (URSSAF / MSA)', 1, 1, 'TAXSECU', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 2, 'Securite sociale des indépendants (URSSAF)', 1, 1, 'TAXSSI', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 10, 'Taxe apprentissage', 1, 1, 'TAXAPP', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 11, 'Formation professionnelle continue', 1, 1, 'TAXFPC', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 12, 'Cotisation fonciere des entreprises (CFE)', 1, 1, 'TAXCFE', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 13, 'Cotisation sur la valeur ajoutee des entreprises (CVAE)', 1, 1, 'TAXCVAE', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 20, 'Taxe fonciere', 1, 1, 'TAXFON', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 25, 'Prelevement à la source (PAS)', 0, 1, 'TAXPAS', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 30, 'Prevoyance', 1, 1,'TAXPREV', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 40, 'Mutuelle', 1, 1,'TAXMUT', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 50, 'Retraite', 1, 1,'TAXRET', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 60, 'Taxe sur vehicule societe (TVS)', 0, 1, 'TAXTVS', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 70, 'impôts sur les sociétés (IS)', 0, 1, 'TAXIS', '1'); -- -- Belgique diff --git a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql index f2be5893c0a..bf3c9183b91 100644 --- a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql +++ b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql @@ -30,6 +30,9 @@ -- Missing in v13 or lower +ALTER TABLE llx_asset CHANGE COLUMN amount amount_ht double(24,8) DEFAULT NULL; +ALTER TABLE llx_asset ADD COLUMN amount_vat double(24,8) DEFAULT NULL; + ALTER TABLE llx_supplier_proposal_extrafields ADD INDEX idx_supplier_proposal_extrafields (fk_object); ALTER TABLE llx_supplier_proposaldet_extrafields ADD INDEX idx_supplier_proposaldet_extrafields (fk_object); diff --git a/htdocs/langs/en_US/assets.lang b/htdocs/langs/en_US/assets.lang index ef04723c6c2..afafc98503f 100644 --- a/htdocs/langs/en_US/assets.lang +++ b/htdocs/langs/en_US/assets.lang @@ -61,5 +61,7 @@ MenuListTypeAssets = List # # Module # +Asset=Asset NewAssetType=New asset type NewAsset=New asset +ConfirmDeleteAsset=Are you sure you want to delete this asset ? diff --git a/htdocs/langs/en_US/eventorganization.lang b/htdocs/langs/en_US/eventorganization.lang index 8a0475758e5..247663135db 100644 --- a/htdocs/langs/en_US/eventorganization.lang +++ b/htdocs/langs/en_US/eventorganization.lang @@ -18,7 +18,7 @@ # ModuleEventOrganizationName = Event Organization -EventOrganizationDescription = Event Organization +EventOrganizationDescription = Event Organization through Module Project EventOrganizationDescriptionLong= Manage Event organization for conference, attendees, speaker, and attendees, with public subcription page # @@ -42,7 +42,7 @@ EVENTORGANIZATION_TEMPLATE_EMAIL_BULK_ATTENDES = Template of email of massaction # Object # EventOrganizationConfOrBooth= Conference Or Booth - +ManageOrganizeEvent = Manage event organisation # # Template Mail diff --git a/htdocs/langs/en_US/projects.lang b/htdocs/langs/en_US/projects.lang index 3fbcbb0dca7..33a0fafb5dc 100644 --- a/htdocs/langs/en_US/projects.lang +++ b/htdocs/langs/en_US/projects.lang @@ -269,5 +269,6 @@ OneLinePerPeriod=One line per period RefTaskParent=Ref. Parent Task ProfitIsCalculatedWith=Profit is calculated using AddPersonToTask=Add also to tasks +UsageOrganizeEvent=Usage: Event Organization PROJECT_CLASSIFY_CLOSED_WHEN_ALL_TASKS_DONE=Classify project as closed when all its tasks are completed (100%% progress) PROJECT_CLASSIFY_CLOSED_WHEN_ALL_TASKS_DONE_help=Note: existing projects with all tasks at 100 %% progress won't be affected: you will have to close them manually. This option only affects open projects. diff --git a/htdocs/loan/document.php b/htdocs/loan/document.php index 91bfaf1f921..a7811dfa04a 100644 --- a/htdocs/loan/document.php +++ b/htdocs/loan/document.php @@ -68,7 +68,7 @@ $modulepart = 'loan'; * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index c91f4802974..15dfc85c8d2 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -185,9 +185,12 @@ function analyseVarsForSqlAndScriptsInjection(&$var, $type) // Check consistency of NOREQUIREXXX DEFINES -if ((defined('NOREQUIREDB') || defined('NOREQUIRETRAN')) && !defined('NOREQUIREMENU')) -{ - print 'If define NOREQUIREDB or NOREQUIRETRAN are set, you must also set NOREQUIREMENU or not set them'; +if ((defined('NOREQUIREDB') || defined('NOREQUIRETRAN')) && !defined('NOREQUIREMENU')) { + print 'If define NOREQUIREDB or NOREQUIRETRAN are set, you must also set NOREQUIREMENU or not set them.'; + exit; +} +if (defined('NOREQUIREUSER') && !defined('NOREQUIREMENU')) { + print 'If define NOREQUIREUSER is set, you must also set NOREQUIREMENU or not set it.'; exit; } @@ -595,7 +598,7 @@ if (!defined('NOLOGIN')) if ($test && GETPOST("username", "alpha", 2) && !empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA) && !isset($_SESSION['dol_bypass_antispam'])) { $sessionkey = 'dol_antispam_value'; - $ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) == strtolower($_POST['code']))); + $ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) === strtolower(GETPOST('code', 'none')))); // Check code if (!$ok) @@ -1007,8 +1010,6 @@ if ((!empty($conf->browser->layout) && $conf->browser->layout == 'phone') { $conf->dol_optimize_smallscreen = 1; } -// If we force to use jmobile, then we reenable javascript -if (!empty($conf->dol_use_jmobile)) $conf->use_javascript_ajax = 1; // Replace themes bugged with jmobile with eldy if (!empty($conf->dol_use_jmobile) && in_array($conf->theme, array('bureau2crea', 'cameleo', 'amarok'))) { diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index dc4426f7df9..0a5e23cb07a 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -117,9 +117,9 @@ $upload_dir = $conf->mymodule->multidir_output[isset($object->entity) ? $object- //if ($user->socid > 0) accessforbidden(); //if ($user->socid > 0) $socid = $user->socid; //$isdraft = (($object->statut == $object::STATUS_DRAFT) ? 1 : 0); -//$result = restrictedArea($user, 'mymodule', $object->id, '', '', 'fk_soc', 'rowid', $isdraft); +//$result = restrictedArea($user, $object->element, $object->id, '', '', 'fk_soc', 'rowid', $isdraft); -//if (!$permissiontoread) accessforbidden(); +//if (empty($permissiontoread)) accessforbidden(); /* diff --git a/htdocs/modulebuilder/template/myobject_document.php b/htdocs/modulebuilder/template/myobject_document.php index 1cd3de2ebd9..f1424906dd6 100644 --- a/htdocs/modulebuilder/template/myobject_document.php +++ b/htdocs/modulebuilder/template/myobject_document.php @@ -121,7 +121,7 @@ $permissiontoadd = $user->rights->mymodule->myobject->write; // Used by the incl * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/mrp/mo_document.php b/htdocs/mrp/mo_document.php index 01131b9ffa2..d3040918aae 100644 --- a/htdocs/mrp/mo_document.php +++ b/htdocs/mrp/mo_document.php @@ -80,7 +80,7 @@ $result = restrictedArea($user, 'mrp', $object->id, 'mrp_mo', '', 'fk_soc', 'row * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/product/document.php b/htdocs/product/document.php index f8f5322f2f8..1de27318f84 100644 --- a/htdocs/product/document.php +++ b/htdocs/product/document.php @@ -115,7 +115,7 @@ if (empty($reshook)) } // Action submit/delete file/link - include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; + include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; } if ($action == 'filemerge') diff --git a/htdocs/product/stock/productlot_document.php b/htdocs/product/stock/productlot_document.php index 535486f8c62..c9b98a1ffe4 100644 --- a/htdocs/product/stock/productlot_document.php +++ b/htdocs/product/stock/productlot_document.php @@ -94,7 +94,7 @@ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'e if (empty($reshook)) { // Action submit/delete file/link - include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; + include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; } $permtoedit = $user->rights->produit->creer; diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index 364cb30633a..0462f9d3391 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -35,7 +35,12 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; // Load translation files required by the page -$langs->loadLangs(array('projects', 'companies')); +$langsLoad=array('projects', 'companies'); +if (!empty($conf->eventorganization->enabled)) { + $langsLoad[]='eventorganization'; +} + +$langs->loadLangs($langsLoad); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); @@ -569,10 +574,14 @@ if ($action == 'create' && $user->rights->projet->creer) print ''; print '
'; } - /* - print ' '; - $htmltext = $langs->trans("OrganizeEvent"); - print $form->textwithpicto($langs->trans("OrganizeEvent"), $htmltext);*/ + + if (!empty($conf->eventorganization->enabled)) + { + print ' '; + $htmltext = $langs->trans("EventOrganizationDescriptionLong"); + print $form->textwithpicto($langs->trans("ManageOrganizeEvent"), $htmltext); + } + print ''; print ''; @@ -855,6 +864,12 @@ if ($action == 'create' && $user->rights->projet->creer) print $form->textwithpicto($langs->trans("BillTime"), $htmltext); print '
'; } + if (!empty($conf->eventorganization->enabled)) + { + print ' '; + $htmltext = $langs->trans("EventOrganizationDescriptionLong"); + print $form->textwithpicto($langs->trans("ManageOrganizeEvent"), $htmltext); + } print ''; // Thirdparty @@ -1020,6 +1035,13 @@ if ($action == 'create' && $user->rights->projet->creer) print $form->textwithpicto($langs->trans("BillTime"), $htmltext); print '
'; } + + if (!empty($conf->eventorganization->enabled)) + { + print 'usage_organize_event ? ' checked="checked"' : '')).'"> '; + $htmltext = $langs->trans("EventOrganizationDescriptionLong"); + print $form->textwithpicto($langs->trans("ManageOrganizeEvent"), $htmltext); + } print ''; // Visibility diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index c942b68cfe2..ff4be5e8d77 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -200,7 +200,7 @@ class Project extends CommonObject 'usage_bill_time' =>array('type'=>'integer', 'label'=>'UsageBillTimeShort', 'enabled'=>1, 'visible'=>-1, 'position'=>130), 'usage_opportunity' =>array('type'=>'integer', 'label'=>'UsageOpportunity', 'enabled'=>1, 'visible'=>-1, 'position'=>135), 'usage_task' =>array('type'=>'integer', 'label'=>'UsageTasks', 'enabled'=>1, 'visible'=>-1, 'position'=>140), - 'usage_organize_event' =>array('type'=>'integer', 'label'=>'Usage organize event', 'enabled'=>1, 'visible'=>-1, 'position'=>145), + 'usage_organize_event' =>array('type'=>'integer', 'label'=>'UsageOrganizeEvent', 'enabled'=>1, 'visible'=>-1, 'position'=>145), 'datec' =>array('type'=>'datetime', 'label'=>'DateCreationShort', 'enabled'=>1, 'visible'=>-2, 'position'=>200), 'tms' =>array('type'=>'timestamp', 'label'=>'DateModificationShort', 'enabled'=>1, 'visible'=>-2, 'notnull'=>1, 'position'=>205), 'fk_user_creat' =>array('type'=>'integer', 'label'=>'UserCreation', 'enabled'=>1, 'visible'=>0, 'notnull'=>1, 'position'=>210), @@ -232,6 +232,8 @@ class Project extends CommonObject */ public function __construct($db) { + global $conf; + $this->db = $db; $this->statuts_short = array(0 => 'Draft', 1 => 'Opened', 2 => 'Closed'); @@ -248,12 +250,12 @@ class Project extends CommonObject $this->fields['usage_opportunity']['enabled'] = 0; } - if (empty($conf->global->PROJECT_HIDE_TASKS)) { + if (!empty($conf->global->PROJECT_HIDE_TASKS)) { $this->fields['usage_bill_time']['visible'] = 0; $this->fields['usage_task']['visible'] = 0; } - if (empty($conf->global->PROJECT_ORGANIZE_EVENTS)) { + if (empty($conf->eventorganization->enabled)) { $this->fields['usage_organize_event']['visible'] = 0; } } diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index a2e670906ca..39a572e6510 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -390,7 +390,7 @@ class Task extends CommonObject } } - if (!$error && $conf->global->PROJECT_CLASSIFY_CLOSED_WHEN_ALL_TASKS_DONE) { + if (!$error && !empty($conf->global->PROJECT_CLASSIFY_CLOSED_WHEN_ALL_TASKS_DONE)) { // Close the parent project if it is open (validated) and its tasks are 100% completed $project = new Project($this->db); if ($project->fetch($this->fk_project) > 0 && $project->statut == Project::STATUS_VALIDATED) { diff --git a/htdocs/projet/document.php b/htdocs/projet/document.php index bed7f6a43e1..5557740704d 100644 --- a/htdocs/projet/document.php +++ b/htdocs/projet/document.php @@ -76,7 +76,7 @@ if (!$sortfield) $sortfield = "name"; * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index ad8418dfc0e..c51713d1cce 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -92,6 +92,7 @@ $search_sale = GETPOST('search_sale', 'int'); $search_usage_opportunity = GETPOST('search_usage_opportunity', 'int'); $search_usage_task = GETPOST('search_usage_task', 'int'); $search_usage_bill_time = GETPOST('search_usage_bill_time', 'int'); +$search_usage_event_organization = GETPOST('search_usage_event_organization', 'int'); $optioncss = GETPOST('optioncss', 'alpha'); $mine = $_REQUEST['mode'] == 'mine' ? 1 : 0; @@ -207,6 +208,7 @@ if (empty($reshook)) $search_usage_opportunity = ''; $search_usage_task = ''; $search_usage_bill_time = ''; + $search_usage_event_organization = ''; $toselect = ''; $search_array_options = array(); $search_category_array = array(); @@ -300,7 +302,8 @@ if (count($listofprojectcontacttype) == 0) $listofprojectcontacttype[0] = '0'; / $distinct = 'DISTINCT'; // We add distinct until we are added a protection to be sure a contact of a project and task is only once. $sql = "SELECT ".$distinct." p.rowid as id, p.ref, p.title, p.fk_statut as status, p.fk_opp_status, p.public, p.fk_user_creat"; -$sql .= ", p.datec as date_creation, p.dateo as date_start, p.datee as date_end, p.opp_amount, p.opp_percent, (p.opp_amount*p.opp_percent/100) as opp_weighted_amount, p.tms as date_update, p.budget_amount, p.usage_opportunity, p.usage_task, p.usage_bill_time"; +$sql .= ", p.datec as date_creation, p.dateo as date_start, p.datee as date_end, p.opp_amount, p.opp_percent, (p.opp_amount*p.opp_percent/100) as opp_weighted_amount, p.tms as date_update, p.budget_amount "; +$sql .= ", p.usage_opportunity, p.usage_task, p.usage_bill_time, p.usage_organize_event"; $sql .= ", s.rowid as socid, s.nom as name, s.email"; $sql .= ", cls.code as opp_status_code"; // Add fields from extrafields @@ -369,6 +372,7 @@ if ($search_budget_amount != '') $sql .= natural_search('p.budget_amount', $sear if ($search_usage_opportunity != '' && $search_usage_opportunity >= 0) $sql .= natural_search('p.usage_opportunity', $search_usage_opportunity, 2); if ($search_usage_task != '' && $search_usage_task >= 0) $sql .= natural_search('p.usage_task', $search_usage_task, 2); if ($search_usage_bill_time != '' && $search_usage_bill_time >= 0) $sql .= natural_search('p.usage_bill_time', $search_usage_bill_time, 2); +if ($search_usage_event_organization != '' && $search_usage_event_organization >= 0) $sql .= natural_search('p.usage_organize_event', $search_usage_event_organization, 2); // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; // Add where from hooks @@ -443,6 +447,9 @@ if ($search_project_user != '') $param .= '&search_project_user='.urlencode($s if ($search_sale > 0) $param .= '&search_sale='.urlencode($search_sale); if ($search_opp_amount != '') $param .= '&search_opp_amount='.urlencode($search_opp_amount); if ($search_budget_amount != '') $param .= '&search_budget_amount='.urlencode($search_budget_amount); +if ($search_usage_task != '') $param .= '&search_usage_task='.urlencode($search_usage_task); +if ($search_usage_bill_time != '') $param .= '&search_usage_opportunity='.urlencode($search_usage_bill_time); +if ($search_usage_event_organization != '') $param .= '&search_usage_event_organization='.urlencode($search_usage_event_organization); if ($optioncss != '') $param .= '&optioncss='.urlencode($optioncss); // Add $param from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php'; @@ -650,6 +657,12 @@ if (!empty($arrayfields['p.usage_bill_time']['checked'])) print $form->selectyesno('search_usage_bill_time', $search_usage_bill_time, 1, false, 1); print ''; } +if (!empty($arrayfields['p.usage_organize_event']['checked'])) +{ + print ''; +} // Extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_input.tpl.php'; @@ -703,6 +716,7 @@ if (!empty($arrayfields['p.budget_amount']['checked'])) print_liste_field_titre( if (!empty($arrayfields['p.usage_opportunity']['checked'])) print_liste_field_titre($arrayfields['p.usage_opportunity']['label'], $_SERVER["PHP_SELF"], 'p.usage_opportunity', "", $param, '', $sortfield, $sortorder, 'right '); if (!empty($arrayfields['p.usage_task']['checked'])) print_liste_field_titre($arrayfields['p.usage_task']['label'], $_SERVER["PHP_SELF"], 'p.usage_task', "", $param, '', $sortfield, $sortorder, 'right '); if (!empty($arrayfields['p.usage_bill_time']['checked'])) print_liste_field_titre($arrayfields['p.usage_bill_time']['label'], $_SERVER["PHP_SELF"], 'p.usage_bill_time', "", $param, '', $sortfield, $sortorder, 'right '); +if (!empty($arrayfields['p.usage_organize_event']['checked'])) print_liste_field_titre($arrayfields['p.usage_organize_event']['label'], $_SERVER["PHP_SELF"], 'p.usage_organize_event', "", $param, '', $sortfield, $sortorder, 'right '); // Extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_title.tpl.php'; // Hook fields @@ -927,6 +941,17 @@ while ($i < min($num, $limit)) print ''; if (!$i) $totalarray['nbfield']++; } + // Event Organization + if (!empty($arrayfields['p.usage_organize_event']['checked'])) + { + print ''; + if (!$i) $totalarray['nbfield']++; + } // Extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_print_fields.tpl.php'; // Fields from hook diff --git a/htdocs/projet/tasks/document.php b/htdocs/projet/tasks/document.php index ca273bb36ef..ef4ad0292f3 100644 --- a/htdocs/projet/tasks/document.php +++ b/htdocs/projet/tasks/document.php @@ -106,7 +106,7 @@ if ($id > 0 || !empty($ref)) } } -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/public/test/badges.php b/htdocs/public/test/badges.php index 60652b97dc5..194e9947624 100644 --- a/htdocs/public/test/badges.php +++ b/htdocs/public/test/badges.php @@ -1,17 +1,21 @@ diff --git a/htdocs/public/test/test_arrays.php b/htdocs/public/test/test_arrays.php index 95265831670..879f37ed5dc 100644 --- a/htdocs/public/test/test_arrays.php +++ b/htdocs/public/test/test_arrays.php @@ -1,6 +1,17 @@ This page is a sample of page using tables. It is designed to make test with
+ +
- css (add parameter &theme=newtheme to test another theme or edit css of current theme)
-- jmobile (add parameter ">dol_use_jmobile=4&dol_optimize_smallscreen=1 and switch to small screen < 1000 to enable view with jmobile)
- jmobile (add parameter ">dol_use_jmobile=1&dol_optimize_smallscreen=1 and switch to small screen < 570 to enable with emulated jmobile)
- no javascript / usage for bind people (add parameter ">nojs=1 to force disable javascript)
- tablednd
- +
-

Example 0a : Table with div+div+div containg a select that should be overflowed and truncated => Use this to align text or form
@@ -124,7 +135,6 @@ This page is a sample of page using tables. It is designed to make test with
'.$langs->trans('Ref').''; + print ''.$langs->trans('Ref').''; print $form->showrefnav($object,'id','',1,'rowid','ref'); print '
'.$form->editfieldkey("Date", 'datep', $object->date, $object, $object->statut == 0 && $user->rights->fournisseur->facture->creer).''; + print '
'.$form->editfieldkey("Date", 'datep', $object->date, $object, $object->statut == 0 && $user->rights->fournisseur->facture->creer).''; print $form->editfieldval("Date", 'datep', $object->date, $object, $object->statut == 0 && $user->rights->fournisseur->facture->creer, 'datehourpicker', '', null, $langs->trans('PaymentDateUpdateSucceeded')); print '
'.$langs->trans('PaymentMode').''.$labeltype; + print '
'.$langs->trans('PaymentMode').''.$labeltype; print $object->num_payment ? ' - '.$object->num_payment : ''; print '
'.$form->editfieldkey("Numero",'num_paiement',$object->num_paiement,$object,$object->statut == 0 && $user->rights->fournisseur->facture->creer).''; + print '
'.$form->editfieldkey("Numero",'num_paiement',$object->num_paiement,$object,$object->statut == 0 && $user->rights->fournisseur->facture->creer).''; print $form->editfieldval("Numero",'num_paiement',$object->num_paiement,$object,$object->statut == 0 && $user->rights->fournisseur->facture->creer,'string','',null,$langs->trans('PaymentNumberUpdateSucceeded')); print '
'.$langs->trans('Amount').''.price($object->amount, '', $langs, 0, 0, -1, $conf->currency).'
'.$langs->trans('Amount').''.price($object->amount, '', $langs, 0, 0, -1, $conf->currency).'
'.$langs->trans('Status').''.$object->getLibStatut(4).'
'.$langs->trans('Status').''.$object->getLibStatut(4).'
'.$langs->trans('BankAccount').''; + print ''.$langs->trans('BankAccount').''; $accountstatic = new Account($db); $accountstatic->fetch($bankline->fk_account); print $accountstatic->getNomUrl(1); @@ -231,8 +247,8 @@ if ($result > 0) print '
'.$langs->trans('BankTransactionLine').''; + print ''.$langs->trans('BankTransactionLine').''; print $bankline->getNomUrl(1, 0, 'showconciliated'); print '
'.$form->editfieldkey("Note", 'note', $object->note, $object, $user->rights->fournisseur->facture->creer).''; + print '
'.$form->editfieldkey("Comments", 'note', $object->note, $object, $user->rights->fournisseur->facture->creer).''; print $form->editfieldval("Note", 'note', $object->note, $object, $user->rights->fournisseur->facture->creer, 'textarea'); print '
'; + print $form->selectyesno('search_usage_event_organization', $search_usage_event_organization, 1, false, 1); + print ''; + if ($obj->usage_event_organization) + { + print yn($obj->usage_event_organization); + } + print '
- @@ -153,6 +163,7 @@ $(document).ready(function() { include_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; $productspecimen = new Product($db); $productspecimen->initAsSpecimen(); +$object = $productspecimen; $sortfield = 'aaa'; $sortorder = 'ASC'; @@ -176,31 +187,30 @@ $nav .= ' trans('This is a select list for a filter A').': '; +$moreforfilter .= $langs->trans('This is a select list for a filter A (no combo forced)').': '; $cate_arbo = array('field1'=>'value1a into the select list A', 'field2'=>'value2a'); -$moreforfilter .= $form->selectarray('search_aaa', $cate_arbo, '', 1); // List without js combo +$moreforfilter .= $form->selectarray('search_aaa', $cate_arbo, '', 1, 0, 0, '', 0, 0, 0, '', 'maxwidth300', 0); // List with no js combo $moreforfilter .= '
'; $moreforfilter .= '
'; -$moreforfilter .= $langs->trans('This is a select list for a filter B').': '; +$moreforfilter .= $langs->trans('This is a select list for a filter B (auto combo)').': '; $cate_arbo = array('field1'=>'value1b into the select list B', 'field2'=>'value2b'); -$moreforfilter .= $form->selectarray('search_bbb', $cate_arbo, '', 1, 0, 0, '', 0, 0, 0, 0, '', 1); // List with js combo +$moreforfilter .= $form->selectarray('search_bbb', $cate_arbo, '', 1, 0, 0, '', 0, 0, 0, '', 'maxwidth300', -1); // List with js combo auto $moreforfilter .= '
'; $moreforfilter .= '
'; -$moreforfilter .= $langs->trans('This is a select list for a filter C').': '; +$moreforfilter .= $langs->trans('This is a select list for a filter C (combo forced)').': '; $cate_arbo = array('field1'=>'value1c into the select list C', 'field2'=>'value2c'); -$moreforfilter .= $form->selectarray('search_ccc', $cate_arbo, '', 1, 0, 0, '', 0, 0, 0, 0, '', 1); // List with js combo +$moreforfilter .= $form->selectarray('search_ccc', $cate_arbo, '', 1, 0, 0, '', 0, 0, 0, '', 'maxwidth300', 1); // List with js combo forced $moreforfilter .= '
'; $moreforfilter .= '
'; -$moreforfilter .= $langs->trans('This is a select list for a filter D').': '; +$moreforfilter .= $langs->trans('This is a select list for a filter D (combo forced)').': '; $cate_arbo = array('field1'=>'value1d into the select list D', 'field2'=>'value2d'); -$moreforfilter .= $form->selectarray('search_ddd', $cate_arbo, '', 1, 0, 0, '', 0, 0, 0, 0, '', 1); // List with js combo +$moreforfilter .= $form->selectarray('search_ddd', $cate_arbo, '', 1, 0, 0, '', 0, 0, 0, '', 'maxwidth300', 1); // List with js combo forced $moreforfilter .= '
'; if (!empty($moreforfilter)) @@ -219,14 +229,14 @@ if (!empty($moreforfilter)) trans('title1'), 0, $_SERVER["PHP_SELF"], 'aaa', '', '', 'align="left"', $sortfield, $sortorder); ?> -trans('title2'), 0, $_SERVER["PHP_SELF"], 'bbb', '', '', 'align="right"', $sortfield, $sortorder); ?> -trans('title3'), 0, $_SERVER["PHP_SELF"], 'ccc', '', '', 'align="center"', $sortfield, $sortorder); ?> +trans('title2'), 0, $_SERVER["PHP_SELF"], 'bbb', '', '', 'align="center"', $sortfield, $sortorder); ?> +trans('title3'), 0, $_SERVER["PHP_SELF"], 'ccc', '', '', 'align="right"', $sortfield, $sortorder); ?> -getNomUrl(1); ?>b1c1 -a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2b2c2 -a3b3c3 +getNomUrl(1); ?>b1c1 +a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2b2c2 +a3b3c3 @@ -237,8 +247,6 @@ if (!empty($moreforfilter)) @@ -304,13 +311,13 @@ $(document).ready(function(){
line4
dfsdf
-
+
bbbb
line5
dfsdf
-
+
bbbb
diff --git a/htdocs/public/test/test_csrf.php b/htdocs/public/test/test_csrf.php index 8c242cade64..1c23dc7070a 100644 --- a/htdocs/public/test/test_csrf.php +++ b/htdocs/public/test/test_csrf.php @@ -3,14 +3,16 @@ ?> -This is a form to test a CSRF.
+This is a form to test if a CSRF exists into a Dolibarr page.

-Open this form into a Virtual server A.
-Change url to send request to into file to send request to virtual server B.
+- Change url to send request to into this file (server B, hard coded page)
+- Open this form into a virtual server A.
+- Send the request to the virtual server B by clicking submit.
+- Check that Anticsrf protection is triggered.


'; ?> diff --git a/htdocs/public/test/test_forms.php b/htdocs/public/test/test_forms.php index bd74ecb0f13..646eeb2abc1 100644 --- a/htdocs/public/test/test_forms.php +++ b/htdocs/public/test/test_forms.php @@ -1,7 +1,7 @@ \n"; +print 'PHP_SESSION_DISABLED='.PHP_SESSION_DISABLED."
\n"; +print 'PHP_SESSION_NONE='.PHP_SESSION_NONE."
\n"; +print 'PHP_SESSION_ACTIVE='.PHP_SESSION_ACTIVE."
\n"; +print '
'; + +print 'session_status='.session_status().' (before main.inc.php)'; print '
'; -print session_status(); require '../../main.inc.php'; -print session_status(); + +/* No need for this. +if ($dolibarr_main_prod) { + accessforbidden(); +} +*/ + +print 'session_status='.session_status().' (after main.inc.php)'; print '
'; //print 'a'.$_SESSION['disablemodules'].'b'; -print 'This page is visible. It means you are not locked.'; +print "\n
This page is visible. It means you are not locked by another page called in same session."; //session_write_close(); diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index 1c81faca1ad..6b035a46643 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -143,6 +143,17 @@ if (empty($reshook) && $action == 'create_ticket' && GETPOST('add', 'alpha')) { $action = ''; } + // Check Captcha code if is enabled + if (!empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA)) { + $sessionkey = 'dol_antispam_value'; + $ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) === strtolower(GETPOST('code', 'none')))); + if (!$ok) { + $error++; + array_push($object->errors, $langs->trans("ErrorBadValueForCode")); + $action = ''; + } + } + if (!$error) { $object->db->begin(); diff --git a/htdocs/recruitment/recruitmentcandidature_document.php b/htdocs/recruitment/recruitmentcandidature_document.php index 1c801f27fd4..8c29ef9e46c 100644 --- a/htdocs/recruitment/recruitmentcandidature_document.php +++ b/htdocs/recruitment/recruitmentcandidature_document.php @@ -92,7 +92,7 @@ $permissiontoadd = $user->rights->recruitment->recruitmentjobposition->write; // * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/recruitment/recruitmentjobposition_document.php b/htdocs/recruitment/recruitmentjobposition_document.php index 3005b4cc1be..d05e9945eb5 100644 --- a/htdocs/recruitment/recruitmentjobposition_document.php +++ b/htdocs/recruitment/recruitmentjobposition_document.php @@ -92,7 +92,7 @@ $permissiontoadd = $user->rights->recruitment->recruitmentjobposition->write; // * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/resource/document.php b/htdocs/resource/document.php index 0019d6b99ed..00dc42741e1 100644 --- a/htdocs/resource/document.php +++ b/htdocs/resource/document.php @@ -72,7 +72,7 @@ $modulepart = 'resource'; * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/salaries/document.php b/htdocs/salaries/document.php index dc86a274837..777686c96db 100644 --- a/htdocs/salaries/document.php +++ b/htdocs/salaries/document.php @@ -73,7 +73,7 @@ $modulepart = 'salaries'; * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index c4d355ab62c..f855a80ef7f 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -984,6 +984,7 @@ class Societe extends CommonObject $contact->email = $this->email; $contact->zip = $this->zip; $contact->town = $this->town; + $this->setUpperOrLowerCase(); $contact->phone_pro = $this->phone; $contactId = $contact->create($user); diff --git a/htdocs/societe/document.php b/htdocs/societe/document.php index 1d7ba3d2925..034522a3652 100644 --- a/htdocs/societe/document.php +++ b/htdocs/societe/document.php @@ -81,7 +81,7 @@ $hookmanager->initHooks(array('thirdpartydocument', 'globalcard')); * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/supplier_proposal/document.php b/htdocs/supplier_proposal/document.php index 127b45466e8..09fb48ab1fb 100644 --- a/htdocs/supplier_proposal/document.php +++ b/htdocs/supplier_proposal/document.php @@ -69,7 +69,7 @@ if ($object->id > 0) { $object->fetch_thirdparty(); $upload_dir = $conf->supplier_proposal->dir_output.'/'.dol_sanitizeFileName($object->ref); - include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; + include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; } diff --git a/htdocs/theme/eldy/main_menu_fa_icons.inc.php b/htdocs/theme/eldy/main_menu_fa_icons.inc.php index 53a685c096e..156da9be652 100644 --- a/htdocs/theme/eldy/main_menu_fa_icons.inc.php +++ b/htdocs/theme/eldy/main_menu_fa_icons.inc.php @@ -203,6 +203,10 @@ div.mainmenu.generic4::before { font-size: 0.92em; } +.menu_titre .em088 { + font-size: 0.88em; +} + .menu_titre .em080 { font-size: 0.80em; } diff --git a/htdocs/ticket/document.php b/htdocs/ticket/document.php index 45ee7aba268..c876e9d33d8 100644 --- a/htdocs/ticket/document.php +++ b/htdocs/ticket/document.php @@ -73,7 +73,7 @@ if ($result < 0) { * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 8f8f8c67ca8..8712bcc4615 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -1402,6 +1402,7 @@ class User extends CommonObject $this->address = $contact->address; $this->zip = $contact->zip; $this->town = $contact->town; + $this->setUpperOrLowerCase(); $this->state_id = $contact->state_id; $this->country_id = $contact->country_id; $this->employee = 0; @@ -1474,12 +1475,13 @@ class User extends CommonObject $this->civility_code = $member->civility_id; $this->lastname = $member->lastname; $this->firstname = $member->firstname; - $this->gender = $member->gender; + $this->gender = $member->gender; $this->email = $member->email; $this->fk_member = $member->id; $this->address = $member->address; $this->zip = $member->zip; $this->town = $member->town; + $this->setUpperOrLowerCase(); $this->state_id = $member->state_id; $this->country_id = $member->country_id; $this->socialnetworks = $member->socialnetworks; @@ -1637,6 +1639,7 @@ class User extends CommonObject $this->address = empty($this->address) ? '' : $this->address; $this->zip = empty($this->zip) ? '' : $this->zip; $this->town = empty($this->town) ? '' : $this->town; + $this->setUpperOrLowerCase(); $this->accountancy_code = trim($this->accountancy_code); $this->color = empty($this->color) ? '' : $this->color; $this->dateemployment = empty($this->dateemployment) ? '' : $this->dateemployment; diff --git a/htdocs/user/document.php b/htdocs/user/document.php index 5440ceeb725..b9f282f17ed 100644 --- a/htdocs/user/document.php +++ b/htdocs/user/document.php @@ -106,7 +106,7 @@ $reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); if (empty($reshook)) { - include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; + include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; } diff --git a/htdocs/workstation/workstation_document.php b/htdocs/workstation/workstation_document.php index 89a34f55549..b06bf3540a4 100755 --- a/htdocs/workstation/workstation_document.php +++ b/htdocs/workstation/workstation_document.php @@ -113,7 +113,7 @@ $permissiontoadd = $user->rights->workstation->workstation->write; // Used by th * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/zapier/hook_document.php b/htdocs/zapier/hook_document.php index 15ec591bea6..5b1af8080de 100644 --- a/htdocs/zapier/hook_document.php +++ b/htdocs/zapier/hook_document.php @@ -78,7 +78,7 @@ if ($id > 0 || !empty($ref)) $upload_dir = $conf->sellyoursaas->multidir_output[ * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /*