From b8ea96ba573558d7c8ecb209579d485c69cc8a2b Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Mon, 8 Feb 2021 05:39:07 +0100 Subject: [PATCH 01/54] Fix module asset in development --- htdocs/asset/card.php | 88 +++----------- htdocs/asset/document.php | 150 +++++++++++------------- htdocs/asset/type.php | 2 +- htdocs/core/lib/asset.lib.php | 2 +- htdocs/core/menus/standard/eldy.lib.php | 2 +- htdocs/core/modules/modAsset.class.php | 2 +- htdocs/langs/en_US/assets.lang | 2 + 7 files changed, 89 insertions(+), 159 deletions(-) diff --git a/htdocs/asset/card.php b/htdocs/asset/card.php index 58307781cf2..96cb7baff73 100644 --- a/htdocs/asset/card.php +++ b/htdocs/asset/card.php @@ -125,38 +125,18 @@ if (empty($reshook)) include DOL_DOCUMENT_ROOT.'/core/actions_sendmails.inc.php'; } - - - /* * View * - * Put here all code to build page */ $form = new Form($db); $formfile = new FormFile($db); -$title = $langs->trans("Assets").' - '.$langs->trans("Card"); +$title = $langs->trans("Asset").' - '.$langs->trans("Card"); $help_url = ''; llxHeader('', $title, $help_url); -// Example : Adding jquery code -print ''; - - // Part to create if ($action == 'create') { @@ -240,14 +220,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea // Confirmation to delete if ($action == 'delete') { - $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('DeleteAssets'), $langs->trans('ConfirmDeleteAssets'), 'confirm_delete', '', 0, 1); - } - - // Confirmation of action xxxx - if ($action == 'xxx') - { - $formquestion = array(); - $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('XXX'), $text, 'confirm_xxx', $formquestion, 0, 1, 220); + $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('DeleteAssets'), $langs->trans('ConfirmDeleteAsset'), 'confirm_delete', '', 0, 1); } // Call Hook formConfirm @@ -292,28 +265,24 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print ''; print ''; - print ''; - print ''; print '
'; print dol_get_fiche_end(); - // Buttons for actions - if ($action != 'presend' && $action != 'editline') { - print '
'."\n"; + /* + * Buttons + */ + if ($user->socid == 0) + { + print '
'; + $parameters = array(); $reshook = $hookmanager->executeHooks('addMoreActionsButtons', $parameters, $object, $action); // Note that $action and $object may have been modified by hook - if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); if (empty($reshook)) { - // Send - if (empty($user->socid)) { - print ''.$langs->trans('SendMail').''."\n"; - } - if ($user->rights->asset->write) { print ''.$langs->trans("Modify").''."\n"; @@ -328,13 +297,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print ''.$langs->trans('Delete').''."\n"; } } - print '
'."\n"; - } - - - // Select mail models is same action as presend - if (GETPOST('modelselected')) { - $action = 'presend'; + print "
"; } if ($action != 'presend') @@ -343,27 +306,23 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print ''; // ancre // Documents - /*$objref = dol_sanitizeFileName($object->ref); - $relativepath = $comref . '/' . $comref . '.pdf'; - $filedir = $conf->asset->dir_output . '/' . $objref; - $urlsource = $_SERVER["PHP_SELF"] . "?id=" . $object->id; + $filename = dol_sanitizeFileName($object->ref); + $filedir = $conf->contrat->dir_output."/".dol_sanitizeFileName($object->ref); + $urlsource = $_SERVER["PHP_SELF"]."?id=".$object->id; $genallowed = $user->rights->asset->read; // If you can read, you can build the PDF to read content - $delallowed = $user->rights->asset->create; // If you can create/edit, you can remove a file on card - print $formfile->showdocuments('asset', $objref, $filedir, $urlsource, $genallowed, $delallowed, $object->model_pdf, 1, 0, 0, 28, 0, '', '', '', $soc->default_lang); - */ + $delallowed = $user->rights->asset->write; // If you can create/edit, you can remove a file on card + + print $formfile->showdocuments('asset', $filename, $filedir, $urlsource, 0, $delallowed, $object->model_pdf, 1, 0, 0, 28, 0, '', '', '', $soc->default_lang); // Show links to link elements $linktoelem = $form->showLinkToObjectBlock($object, null, array('asset')); $somethingshown = $form->showLinkedObjectBlock($object, $linktoelem); - print '
'; $MAXEVENT = 10; - $morehtmlright = ''; - $morehtmlright .= $langs->trans("SeeAll"); - $morehtmlright .= ''; + $morehtmlcenter = dolGetButtonTitle($langs->trans('SeeAll'), '', 'fa fa-list-alt imgforviewmode', DOL_URL_ROOT.'/asset/info.php?id='.$object->id); // List of actions on element include_once DOL_DOCUMENT_ROOT.'/core/class/html.formactions.class.php'; @@ -372,19 +331,6 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print '
'; } - - //Select mail models is same action as presend - if (GETPOST('modelselected')) $action = 'presend'; - - // Presend form - /* - $modelmail='asset'; - $defaulttopic='InformationMessage'; - $diroutput = $conf->asset->dir_output.'/asset'; - $trackid = 'asset'.$object->id; - - include DOL_DOCUMENT_ROOT.'/core/tpl/card_presend.tpl.php'; - */ } diff --git a/htdocs/asset/document.php b/htdocs/asset/document.php index 4c2e36aed9a..f82c8fea5f1 100644 --- a/htdocs/asset/document.php +++ b/htdocs/asset/document.php @@ -1,6 +1,6 @@ - * Copyright (C) 2018 Alexandre Spangaro + * Copyright (C) 2018-2021 Alexandre Spangaro * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,7 +19,7 @@ /** * \file htdocs/asset/document.php * \ingroup asset - * \brief Tab for documents linked to Assets + * \brief Page for attached files on assets */ require '../main.inc.php'; @@ -31,18 +31,21 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; // Load translation files required by the page -$langs->loadLangs(array("assets", "companies")); +$langs->loadLangs(array('assets', 'companies', 'other')); -$action = GETPOST('action', 'aZ09'); -$confirm = GETPOST('confirm'); -$id = (GETPOST('socid', 'int') ? GETPOST('socid', 'int') : GETPOST('id', 'int')); +$id = (GETPOST('id', 'int') ?GETPOST('id', 'int') : GETPOST('facid', 'int')); // For backward compatibility $ref = GETPOST('ref', 'alpha'); +$socid = GETPOST('socid', 'int'); +$action = GETPOST('action', 'aZ09'); +$confirm = GETPOST('confirm', 'alpha'); -// Security check - Protection if external user -//if ($user->socid > 0) accessforbidden(); -//if ($user->socid > 0) $socid = $user->socid; -//$result = restrictedArea($user, 'asset', $id); +// Security check +if ($user->socid) +{ + $socid = $user->socid; +} +$result=restrictedArea($user, 'asset', $id, ''); // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; @@ -56,100 +59,79 @@ $pagenext = $page + 1; if (!$sortorder) $sortorder = "ASC"; if (!$sortfield) $sortfield = "name"; -// Initialize technical objects $object = new Asset($db); -$extrafields = new ExtraFields($db); -$diroutputmassaction = $conf->assets->dir_output.'/temp/massgeneration/'.$user->id; -$hookmanager->initHooks(array('assetdocument')); // Note that conf->hooks_modules contains array - -// Fetch optionals attributes and labels -$extrafields->fetch_name_optionals_label($object->table_element); - -// Load object -include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals - -// Security check -if (!empty($user->socid)) $socid = $user->socid; -$result = restrictedArea($user, 'asset', $id); - -//if ($id > 0 || ! empty($ref)) $upload_dir = $conf->sellyoursaas->multidir_output[$object->entity] . "/packages/" . dol_sanitizeFileName($object->id); -if ($id > 0 || !empty($ref)) $upload_dir = $conf->sellyoursaas->multidir_output[$object->entity]."/packages/".dol_sanitizeFileName($object->ref); - +if ($object->fetch($id)) +{ + $upload_dir = $conf->asset->dir_output."/".dol_sanitizeFileName($object->ref); +} /* * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +require_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* * View */ +$title = $langs->trans('Assets')." - ".$langs->trans('Documents'); +$helpurl = ''; +llxHeader('', $title, $helpurl); + $form = new Form($db); -$title = $langs->trans("Assets").' - '.$langs->trans("Files"); -$help_url = ''; -//$help_url='EN:Module_Third_Parties|FR:Module_Tiers|ES:Empresas'; -llxHeader('', $title, $help_url); -if ($object->id) + +if ($id > 0 || !empty($ref)) { - /* - * Show tabs - */ - if (!empty($conf->notification->enabled)) $langs->load("mails"); - $head = asset_prepare_head($object); - - print dol_get_fiche_head($head, 'document', $langs->trans("Asset"), -1, 'generic'); - - - // Build file list - $filearray = dol_dir_list($upload_dir, "files", 0, '', '(\.meta|_preview.*\.png)$', $sortfield, (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC), 1); - $totalsize = 0; - foreach ($filearray as $key => $file) + if ($object->fetch($id, $ref) > 0) { - $totalsize += $file['size']; + $upload_dir = $conf->asset->multidir_output[$object->entity].'/'.dol_sanitizeFileName($object->ref); + + $head = asset_prepare_head($object); + print dol_get_fiche_head($head, 'documents', $langs->trans('Asset'), -1, 'accounting'); + + // Build file list + $filearray = dol_dir_list($upload_dir, "files", 0, '', '(\.meta|_preview.*\.png)$', $sortfield, (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC), 1); + $totalsize = 0; + foreach ($filearray as $key => $file) + { + $totalsize += $file['size']; + } + + // Asset content + + $linkback = ''.$langs->trans("BackToList").''; + + $morehtmlref = ''; + dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref, '', 0); + + print '
'; + print '
'; + + print ''; + + print ''; + print ''; + print "
'.$langs->trans("NbOfAttachedFiles").''.count($filearray).'
'.$langs->trans("TotalSizeOfAttachedFiles").''.dol_print_size($totalsize, 1, 1).'
\n"; + + print "
\n"; + + print dol_get_fiche_end(); + + $modulepart = 'asset'; + $permission = $user->rights->asset->write; + $permtoedit = $user->rights->asset->write; + $param = '&id='.$object->id; + include_once DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; + } else { + dol_print_error($db); } - - // Object card - // ------------------------------------------------------------ - $linkback = ''.$langs->trans("BackToList").''; - - dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); - - print '
'; - - print '
'; - print ''; - - // Number of files - print ''; - - // Total size - print ''; - - print '
'.$langs->trans("NbOfAttachedFiles").''.count($filearray).'
'.$langs->trans("TotalSizeOfAttachedFiles").''.$totalsize.' '.$langs->trans("bytes").'
'; - - print '
'; - - print dol_get_fiche_end(); - - $modulepart = 'asset'; - //$permission = $user->rights->asset->create; - $permission = 1; - //$permtoedit = $user->rights->asset->create; - $permtoedit = 1; - $param = '&id='.$object->id; - - //$relativepathwithnofile='asset/' . dol_sanitizeFileName($object->id).'/'; - $relativepathwithnofile = 'asset/'.dol_sanitizeFileName($object->ref).'/'; - - include_once DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; } else { - accessforbidden('', 0, 1); + print $langs->trans("ErrorUnknown"); } // End of page diff --git a/htdocs/asset/type.php b/htdocs/asset/type.php index fecebb676a8..38969d65182 100644 --- a/htdocs/asset/type.php +++ b/htdocs/asset/type.php @@ -157,7 +157,7 @@ if ($action == 'update' && $user->rights->asset->write) if ($ret >= 0 && !count($object->errors)) { - setEventMessages($langs->trans("AssetsTypeModified"), null, 'mesgs'); + setEventMessages($langs->trans("AssetTypeModified"), null, 'mesgs'); } else { setEventMessages($object->error, $object->errors, 'errors'); } diff --git a/htdocs/core/lib/asset.lib.php b/htdocs/core/lib/asset.lib.php index 5fddf4f1c46..96355704c96 100644 --- a/htdocs/core/lib/asset.lib.php +++ b/htdocs/core/lib/asset.lib.php @@ -80,7 +80,7 @@ function asset_prepare_head(Asset $object) $h = 0; $head = array(); - $head[$h][0] = DOL_URL_ROOT.'/asset/card.php'; + $head[$h][0] = DOL_URL_ROOT.'/asset/card.php?id='.$object->id; $head[$h][1] = $langs->trans("Card"); $head[$h][2] = 'card'; $h++; diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 46950bdc50c..31d4baa38f1 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -1451,7 +1451,7 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM $newmenu->add("/asset/list.php?leftmenu=asset&mainmenu=accountancy", $langs->trans("MenuListAssets"), 1, $user->rights->asset->read); $newmenu->add("/asset/type.php?leftmenu=asset_type", $langs->trans("MenuTypeAssets"), 1, $user->rights->asset->read, '', $mainmenu, 'asset_type'); if ($usemenuhider || empty($leftmenu) || preg_match('/asset_type/', $leftmenu)) { - $newmenu->add("/asset/type.php?leftmenu=asset_type&action=create", $langs->trans("MenuNewTypeAssets"), 2, (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && $user->rights->asset->setup_advance)); + $newmenu->add("/asset/type.php?leftmenu=asset_type&action=create", $langs->trans("MenuNewTypeAssets"), 2, $user->rights->asset->setup_advance); $newmenu->add("/asset/type.php?leftmenu=asset_type", $langs->trans("MenuListTypeAssets"), 2, $user->rights->asset->read); } } diff --git a/htdocs/core/modules/modAsset.class.php b/htdocs/core/modules/modAsset.class.php index 50fe71ef390..9f20ae44f86 100644 --- a/htdocs/core/modules/modAsset.class.php +++ b/htdocs/core/modules/modAsset.class.php @@ -79,7 +79,7 @@ class modAsset extends DolibarrModules // Data directories to create when module is enabled. // Example: this->dirs = array("/asset/temp","/asset/subdir"); - $this->dirs = array(); + $this->dirs = array("/asset/temp"); // Config pages. Put here list of php page, stored into asset/admin directory, to use to setup module. $this->config_page_url = array("setup.php@asset"); diff --git a/htdocs/langs/en_US/assets.lang b/htdocs/langs/en_US/assets.lang index ef04723c6c2..afafc98503f 100644 --- a/htdocs/langs/en_US/assets.lang +++ b/htdocs/langs/en_US/assets.lang @@ -61,5 +61,7 @@ MenuListTypeAssets = List # # Module # +Asset=Asset NewAssetType=New asset type NewAsset=New asset +ConfirmDeleteAsset=Are you sure you want to delete this asset ? From 17f77b8edb934d36fab2edcb707a7c8389d36259 Mon Sep 17 00:00:00 2001 From: abb Date: Tue, 9 Feb 2021 23:46:07 +0100 Subject: [PATCH 02/54] New : Hook selectForFormsListWhere --- htdocs/core/class/html.form.class.php | 51 +++++++++++++++------------ 1 file changed, 29 insertions(+), 22 deletions(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 4284b009019..4a5b7fcb443 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -6300,7 +6300,7 @@ class Form */ public function selectForFormsList($objecttmp, $htmlname, $preselectedvalue, $showempty = '', $searchkey = '', $placeholder = '', $morecss = '', $moreparams = '', $forcecombo = 0, $outputmode = 0, $disabled = 0) { - global $conf, $langs, $user; + global $conf, $langs, $user,$hookmanager; //print "$objecttmp->filter, $htmlname, $preselectedvalue, $showempty = '', $searchkey = '', $placeholder = '', $morecss = '', $moreparams = '', $forcecombo = 0, $outputmode = 0, $disabled"; @@ -6346,27 +6346,34 @@ class Form } if ($objecttmp->ismultientitymanaged == 'fk_soc@societe') if (!$user->rights->societe->client->voir && !$user->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql .= " WHERE 1=1"; - if (isset($objecttmp->ismultientitymanaged) && $objecttmp->ismultientitymanaged == 1) $sql .= " AND t.entity IN (".getEntity($objecttmp->table_element).")"; - if (isset($objecttmp->ismultientitymanaged) && !is_numeric($objecttmp->ismultientitymanaged)) { - $sql .= ' AND parenttable.entity = t.'.$tmparray[0]; - } - if ($objecttmp->ismultientitymanaged == 1 && !empty($user->socid)) { - if ($objecttmp->element == 'societe') $sql .= " AND t.rowid = ".$user->socid; - else $sql .= " AND t.fk_soc = ".$user->socid; - } - if ($searchkey != '') $sql .= natural_search(explode(',', $fieldstoshow), $searchkey); - if ($objecttmp->ismultientitymanaged == 'fk_soc@societe') { - if (!$user->rights->societe->client->voir && !$user->socid) $sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; - } - if ($objecttmp->filter) { // Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" - /*if (! DolibarrApi::_checkFilters($objecttmp->filter)) - { - throw new RestException(503, 'Error when validating parameter sqlfilters '.$objecttmp->filter); - }*/ - $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; - $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'Form::forgeCriteriaCallback', $objecttmp->filter).")"; - } + + // Add where from hooks + $parameters = array(); + $reshook = $hookmanager->executeHooks('selectForFormsListWhere', $parameters); // Note that $action and $object may have been modified by hook + if(!empty($hookmanager->resPrint)) $sql .= $hookmanager->resPrint; + else { + $sql .= " WHERE 1=1"; + if (isset($objecttmp->ismultientitymanaged) && $objecttmp->ismultientitymanaged == 1) $sql .= " AND t.entity IN (".getEntity($objecttmp->table_element).")"; + if (isset($objecttmp->ismultientitymanaged) && !is_numeric($objecttmp->ismultientitymanaged)) { + $sql .= ' AND parenttable.entity = t.'.$tmparray[0]; + } + if ($objecttmp->ismultientitymanaged == 1 && !empty($user->socid)) { + if ($objecttmp->element == 'societe') $sql .= " AND t.rowid = ".$user->socid; + else $sql .= " AND t.fk_soc = ".$user->socid; + } + if ($searchkey != '') $sql .= natural_search(explode(',', $fieldstoshow), $searchkey); + if ($objecttmp->ismultientitymanaged == 'fk_soc@societe') { + if (!$user->rights->societe->client->voir && !$user->socid) $sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + } + if ($objecttmp->filter) { // Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" + /*if (! DolibarrApi::_checkFilters($objecttmp->filter)) + { + throw new RestException(503, 'Error when validating parameter sqlfilters '.$objecttmp->filter); + }*/ + $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; + $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'Form::forgeCriteriaCallback', $objecttmp->filter).")"; + } + } $sql .= $this->db->order($fieldstoshow, "ASC"); //$sql.=$this->db->plimit($limit, 0); //print $sql; From 72bfa81082f3b539d7d85544fceed6e61eea1b12 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 10 Feb 2021 14:14:28 +0100 Subject: [PATCH 03/54] Update html.form.class.php --- htdocs/core/class/html.form.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 4a5b7fcb443..a68b67e1dde 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -6350,7 +6350,7 @@ class Form // Add where from hooks $parameters = array(); $reshook = $hookmanager->executeHooks('selectForFormsListWhere', $parameters); // Note that $action and $object may have been modified by hook - if(!empty($hookmanager->resPrint)) $sql .= $hookmanager->resPrint; + if (!empty($hookmanager->resPrint)) $sql .= $hookmanager->resPrint; else { $sql .= " WHERE 1=1"; if (isset($objecttmp->ismultientitymanaged) && $objecttmp->ismultientitymanaged == 1) $sql .= " AND t.entity IN (".getEntity($objecttmp->table_element).")"; From cb4cfbd27ddfd0fab40e937dab4070b10798b328 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Mestre?= Date: Wed, 10 Feb 2021 14:43:19 -0300 Subject: [PATCH 04/54] Fixed Bank Account filter resets on payment various Changed GET search bank account GET parameter from search_amount to search_account --- htdocs/compta/bank/various_payment/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/bank/various_payment/list.php b/htdocs/compta/bank/various_payment/list.php index 3198b34a34d..2bb31ed50b7 100644 --- a/htdocs/compta/bank/various_payment/list.php +++ b/htdocs/compta/bank/various_payment/list.php @@ -148,7 +148,7 @@ if ($result) if ($typeid > 0) $param.='&typeid='.urlencode($typeid); if ($search_amount_deb) $param.='&search_amount_deb='.urlencode($search_amount_deb); if ($search_amount_cred) $param.='&search_amount_cred='.urlencode($search_amount_cred); - if ($search_account > 0) $param.='&search_amount='.urlencode($search_account); + if ($search_account > 0) $param.='&search_account='.urlencode($search_account); //if ($search_date) $param.='&search_date='.$search_date; if ($search_accountancy_code > 0) $param.='&search_accountancy_code='.urlencode($search_accountancy_code); From e37a4be1d62b4e3e4f1592fcef4663a7283a1a52 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 11 Feb 2021 20:10:15 +0100 Subject: [PATCH 05/54] Update html.form.class.php --- htdocs/core/class/html.form.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index a68b67e1dde..f31254a4c95 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -6300,7 +6300,7 @@ class Form */ public function selectForFormsList($objecttmp, $htmlname, $preselectedvalue, $showempty = '', $searchkey = '', $placeholder = '', $morecss = '', $moreparams = '', $forcecombo = 0, $outputmode = 0, $disabled = 0) { - global $conf, $langs, $user,$hookmanager; + global $conf, $langs, $user, $hookmanager; //print "$objecttmp->filter, $htmlname, $preselectedvalue, $showempty = '', $searchkey = '', $placeholder = '', $morecss = '', $moreparams = '', $forcecombo = 0, $outputmode = 0, $disabled"; From f186e7bf4b591f5c5f1c791d974ee619b0e0735c Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Mon, 15 Feb 2021 12:18:08 +0100 Subject: [PATCH 06/54] project list and card ok --- htdocs/langs/en_US/eventorganization.lang | 4 +-- htdocs/langs/en_US/projects.lang | 1 + htdocs/projet/card.php | 32 +++++++++++++++++++---- htdocs/projet/class/project.class.php | 8 +++--- htdocs/projet/list.php | 27 ++++++++++++++++++- 5 files changed, 61 insertions(+), 11 deletions(-) diff --git a/htdocs/langs/en_US/eventorganization.lang b/htdocs/langs/en_US/eventorganization.lang index 8a0475758e5..247663135db 100644 --- a/htdocs/langs/en_US/eventorganization.lang +++ b/htdocs/langs/en_US/eventorganization.lang @@ -18,7 +18,7 @@ # ModuleEventOrganizationName = Event Organization -EventOrganizationDescription = Event Organization +EventOrganizationDescription = Event Organization through Module Project EventOrganizationDescriptionLong= Manage Event organization for conference, attendees, speaker, and attendees, with public subcription page # @@ -42,7 +42,7 @@ EVENTORGANIZATION_TEMPLATE_EMAIL_BULK_ATTENDES = Template of email of massaction # Object # EventOrganizationConfOrBooth= Conference Or Booth - +ManageOrganizeEvent = Manage event organisation # # Template Mail diff --git a/htdocs/langs/en_US/projects.lang b/htdocs/langs/en_US/projects.lang index 279bf99d162..b6d9e236c18 100644 --- a/htdocs/langs/en_US/projects.lang +++ b/htdocs/langs/en_US/projects.lang @@ -269,3 +269,4 @@ OneLinePerPeriod=One line per period RefTaskParent=Ref. Parent Task ProfitIsCalculatedWith=Profit is calculated using AddPersonToTask=Add also to tasks +UsageOrganizeEvent=Usage: Event Organization diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index 364cb30633a..0462f9d3391 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -35,7 +35,12 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; // Load translation files required by the page -$langs->loadLangs(array('projects', 'companies')); +$langsLoad=array('projects', 'companies'); +if (!empty($conf->eventorganization->enabled)) { + $langsLoad[]='eventorganization'; +} + +$langs->loadLangs($langsLoad); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); @@ -569,10 +574,14 @@ if ($action == 'create' && $user->rights->projet->creer) print ''; print '
'; } - /* - print ' '; - $htmltext = $langs->trans("OrganizeEvent"); - print $form->textwithpicto($langs->trans("OrganizeEvent"), $htmltext);*/ + + if (!empty($conf->eventorganization->enabled)) + { + print ' '; + $htmltext = $langs->trans("EventOrganizationDescriptionLong"); + print $form->textwithpicto($langs->trans("ManageOrganizeEvent"), $htmltext); + } + print ''; print ''; @@ -855,6 +864,12 @@ if ($action == 'create' && $user->rights->projet->creer) print $form->textwithpicto($langs->trans("BillTime"), $htmltext); print '
'; } + if (!empty($conf->eventorganization->enabled)) + { + print ' '; + $htmltext = $langs->trans("EventOrganizationDescriptionLong"); + print $form->textwithpicto($langs->trans("ManageOrganizeEvent"), $htmltext); + } print ''; // Thirdparty @@ -1020,6 +1035,13 @@ if ($action == 'create' && $user->rights->projet->creer) print $form->textwithpicto($langs->trans("BillTime"), $htmltext); print '
'; } + + if (!empty($conf->eventorganization->enabled)) + { + print 'usage_organize_event ? ' checked="checked"' : '')).'"> '; + $htmltext = $langs->trans("EventOrganizationDescriptionLong"); + print $form->textwithpicto($langs->trans("ManageOrganizeEvent"), $htmltext); + } print ''; // Visibility diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index 4fff4297854..589c67aee75 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -200,7 +200,7 @@ class Project extends CommonObject 'usage_bill_time' =>array('type'=>'integer', 'label'=>'UsageBillTimeShort', 'enabled'=>1, 'visible'=>-1, 'position'=>130), 'usage_opportunity' =>array('type'=>'integer', 'label'=>'UsageOpportunity', 'enabled'=>1, 'visible'=>-1, 'position'=>135), 'usage_task' =>array('type'=>'integer', 'label'=>'UsageTasks', 'enabled'=>1, 'visible'=>-1, 'position'=>140), - 'usage_organize_event' =>array('type'=>'integer', 'label'=>'Usage organize event', 'enabled'=>1, 'visible'=>-1, 'position'=>145), + 'usage_organize_event' =>array('type'=>'integer', 'label'=>'UsageOrganizeEvent', 'enabled'=>1, 'visible'=>-1, 'position'=>145), 'datec' =>array('type'=>'datetime', 'label'=>'DateCreationShort', 'enabled'=>1, 'visible'=>-2, 'position'=>200), 'tms' =>array('type'=>'timestamp', 'label'=>'DateModificationShort', 'enabled'=>1, 'visible'=>-2, 'notnull'=>1, 'position'=>205), 'fk_user_creat' =>array('type'=>'integer', 'label'=>'UserCreation', 'enabled'=>1, 'visible'=>0, 'notnull'=>1, 'position'=>210), @@ -232,6 +232,8 @@ class Project extends CommonObject */ public function __construct($db) { + global $conf; + $this->db = $db; $this->statuts_short = array(0 => 'Draft', 1 => 'Opened', 2 => 'Closed'); @@ -248,12 +250,12 @@ class Project extends CommonObject $this->fields['usage_opportunity']['enabled'] = 0; } - if (empty($conf->global->PROJECT_HIDE_TASKS)) { + if (!empty($conf->global->PROJECT_HIDE_TASKS)) { $this->fields['usage_bill_time']['visible'] = 0; $this->fields['usage_task']['visible'] = 0; } - if (empty($conf->global->PROJECT_ORGANIZE_EVENTS)) { + if (empty($conf->eventorganization->enabled)) { $this->fields['usage_organize_event']['visible'] = 0; } } diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index ad8418dfc0e..c51713d1cce 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -92,6 +92,7 @@ $search_sale = GETPOST('search_sale', 'int'); $search_usage_opportunity = GETPOST('search_usage_opportunity', 'int'); $search_usage_task = GETPOST('search_usage_task', 'int'); $search_usage_bill_time = GETPOST('search_usage_bill_time', 'int'); +$search_usage_event_organization = GETPOST('search_usage_event_organization', 'int'); $optioncss = GETPOST('optioncss', 'alpha'); $mine = $_REQUEST['mode'] == 'mine' ? 1 : 0; @@ -207,6 +208,7 @@ if (empty($reshook)) $search_usage_opportunity = ''; $search_usage_task = ''; $search_usage_bill_time = ''; + $search_usage_event_organization = ''; $toselect = ''; $search_array_options = array(); $search_category_array = array(); @@ -300,7 +302,8 @@ if (count($listofprojectcontacttype) == 0) $listofprojectcontacttype[0] = '0'; / $distinct = 'DISTINCT'; // We add distinct until we are added a protection to be sure a contact of a project and task is only once. $sql = "SELECT ".$distinct." p.rowid as id, p.ref, p.title, p.fk_statut as status, p.fk_opp_status, p.public, p.fk_user_creat"; -$sql .= ", p.datec as date_creation, p.dateo as date_start, p.datee as date_end, p.opp_amount, p.opp_percent, (p.opp_amount*p.opp_percent/100) as opp_weighted_amount, p.tms as date_update, p.budget_amount, p.usage_opportunity, p.usage_task, p.usage_bill_time"; +$sql .= ", p.datec as date_creation, p.dateo as date_start, p.datee as date_end, p.opp_amount, p.opp_percent, (p.opp_amount*p.opp_percent/100) as opp_weighted_amount, p.tms as date_update, p.budget_amount "; +$sql .= ", p.usage_opportunity, p.usage_task, p.usage_bill_time, p.usage_organize_event"; $sql .= ", s.rowid as socid, s.nom as name, s.email"; $sql .= ", cls.code as opp_status_code"; // Add fields from extrafields @@ -369,6 +372,7 @@ if ($search_budget_amount != '') $sql .= natural_search('p.budget_amount', $sear if ($search_usage_opportunity != '' && $search_usage_opportunity >= 0) $sql .= natural_search('p.usage_opportunity', $search_usage_opportunity, 2); if ($search_usage_task != '' && $search_usage_task >= 0) $sql .= natural_search('p.usage_task', $search_usage_task, 2); if ($search_usage_bill_time != '' && $search_usage_bill_time >= 0) $sql .= natural_search('p.usage_bill_time', $search_usage_bill_time, 2); +if ($search_usage_event_organization != '' && $search_usage_event_organization >= 0) $sql .= natural_search('p.usage_organize_event', $search_usage_event_organization, 2); // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; // Add where from hooks @@ -443,6 +447,9 @@ if ($search_project_user != '') $param .= '&search_project_user='.urlencode($s if ($search_sale > 0) $param .= '&search_sale='.urlencode($search_sale); if ($search_opp_amount != '') $param .= '&search_opp_amount='.urlencode($search_opp_amount); if ($search_budget_amount != '') $param .= '&search_budget_amount='.urlencode($search_budget_amount); +if ($search_usage_task != '') $param .= '&search_usage_task='.urlencode($search_usage_task); +if ($search_usage_bill_time != '') $param .= '&search_usage_opportunity='.urlencode($search_usage_bill_time); +if ($search_usage_event_organization != '') $param .= '&search_usage_event_organization='.urlencode($search_usage_event_organization); if ($optioncss != '') $param .= '&optioncss='.urlencode($optioncss); // Add $param from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php'; @@ -650,6 +657,12 @@ if (!empty($arrayfields['p.usage_bill_time']['checked'])) print $form->selectyesno('search_usage_bill_time', $search_usage_bill_time, 1, false, 1); print ''; } +if (!empty($arrayfields['p.usage_organize_event']['checked'])) +{ + print ''; + print $form->selectyesno('search_usage_event_organization', $search_usage_event_organization, 1, false, 1); + print ''; +} // Extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_input.tpl.php'; @@ -703,6 +716,7 @@ if (!empty($arrayfields['p.budget_amount']['checked'])) print_liste_field_titre( if (!empty($arrayfields['p.usage_opportunity']['checked'])) print_liste_field_titre($arrayfields['p.usage_opportunity']['label'], $_SERVER["PHP_SELF"], 'p.usage_opportunity', "", $param, '', $sortfield, $sortorder, 'right '); if (!empty($arrayfields['p.usage_task']['checked'])) print_liste_field_titre($arrayfields['p.usage_task']['label'], $_SERVER["PHP_SELF"], 'p.usage_task', "", $param, '', $sortfield, $sortorder, 'right '); if (!empty($arrayfields['p.usage_bill_time']['checked'])) print_liste_field_titre($arrayfields['p.usage_bill_time']['label'], $_SERVER["PHP_SELF"], 'p.usage_bill_time', "", $param, '', $sortfield, $sortorder, 'right '); +if (!empty($arrayfields['p.usage_organize_event']['checked'])) print_liste_field_titre($arrayfields['p.usage_organize_event']['label'], $_SERVER["PHP_SELF"], 'p.usage_organize_event', "", $param, '', $sortfield, $sortorder, 'right '); // Extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_title.tpl.php'; // Hook fields @@ -927,6 +941,17 @@ while ($i < min($num, $limit)) print ''; if (!$i) $totalarray['nbfield']++; } + // Event Organization + if (!empty($arrayfields['p.usage_organize_event']['checked'])) + { + print ''; + if ($obj->usage_event_organization) + { + print yn($obj->usage_event_organization); + } + print ''; + if (!$i) $totalarray['nbfield']++; + } // Extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_print_fields.tpl.php'; // Fields from hook From b3c9274341b100c31daae606db6ef5031bde3605 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Mon, 15 Feb 2021 11:21:54 +0000 Subject: [PATCH 07/54] Fixing style errors. --- htdocs/modulebuilder/index.php | 1 - 1 file changed, 1 deletion(-) diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index 7838581fdc4..06d7e5690f1 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -1707,7 +1707,6 @@ if (is_array($listofmodules) && count($listofmodules) > 0) { } else { if (preg_match('/^([^@]+)@([^@]+)$/i', $urlpage, $regs)) { - $urltouse = dol_buildpath('/'.$regs[2].'/admin/'.$regs[1], 1); $linktoenabledisable .= '   '.img_picto($langs->trans("Setup"), "setup", 'style="padding-right: 6px"').''; } else { From 0c73cdb129dc096e625ecfc7e75bb078b295dd8f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 16 Feb 2021 13:42:26 +0100 Subject: [PATCH 08/54] Prepare 12.0.5 --- ChangeLog | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/ChangeLog b/ChangeLog index 83db59d2e64..d055590bfaa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,61 @@ English Dolibarr ChangeLog -------------------------------------------------------------- +***** ChangeLog for 12.0.5 compared to 12.0.4 ***** +FIX: before crediting a withdrawal receipt, check whether it has been credited already +FIX: mandatory extrafields of type sellist +FIX: when a mandatory extrafield of type sellist contains '0' it should be considered empty and trigger an error message upon insertion +FIX: when a new intervention is created from an object, a new $extrafields object is instantiated but not initialized +FIX: "openall" filter on ticket list does not include read tickets +FIX: ticket - extrafields of type 'date' are not saved +FIX: ticket - the "openall" filter on the ticket list does not include tickets with status READ +FIX: #14290 #15900 +FIX: #15388 #15891 +FIX: #15465 External user sees last 5 shipments to other customers in the dashboard +FIX: #15629 +FIX: #15751 Miscellaneous payment type change to 0 after updating subledger account +FIX: #15946 +FIX: #15966 #15967 +FIX: Accountancy - Fix some problems on CEGID export +FIX: Accountancy - label_operation is used instead of label_compte +FIX: Accountancy - Retire entire opening balance feature +FIX: add autofix of count of email target when data is corrupted +FIX: add categories params on llxHeader filter +FIX: Add critical price patch from 12 to 11. +FIX: Bad cleaning of VAT rate when numbers are into code +FIX: Bad dates filtering in the ticket list causes sql error +FIX: balance starting and ending fiscal month #14197 +FIX: bom line unit display #13831 +FIX: cash fence for takepos with multientity +FIX: Check of customer/vendor code fails in some cases +FIX: create ticket : thirdparty/contact notification #15629 +FIX: Creation of thirdparty when setup is empty +FIX: Dates of sales start in TakePOS +FIX: dupliacete customer or supplier code must be error dipslayed with new code proposed +FIX: Export FEC - Force Carriage Return Line Feed +FIX: Facture Situation Out : status condition +FIX: Filter on date of next generation on template invoices +FIX: Fix detect dispatched product and set to received completely when the supplier order have services (support STOCK_SUPPORTS_SERVICES) +FIX: Invoice Situation Out : status condition +FIX: issue 15659 : Missing test if supplier conf is enabled +FIX: link to create event when task is in a project with a thirdparty +FIX: Localtax must be converted with price2num +FIX: manage price min for PRODUIT_CUSTOMER_PRICES +FIX: missing GETPOST parameters on card_presend.tpl.php +FIX: missing socid into link to create event from project agenda tab +FIX: Must delete extrafields before main table on product deletion. +FIX: (path) htdocs removed +FIX: php alert sms.php +FIX: right to show VAT rate in product list +FIX: select default mail template +FIX: Timeout during import +FIX: update order by api +FIX: useless tracking number displayed on pdf if empty issue #14501 +FIX: Visible date of payment +FIX: warning when adding a line if $remise_percent is an empty string +FIX: When creating a new POS sell, the creation date must be modified. +FIX: wrong name for search status param issue #15516 + ***** ChangeLog for 12.0.4 compared to 12.0.3 ***** FIX: make formConfirm an addreplace-type hook FIX: regex to remove 'action' parameter: taking feedback from PR#15213 into account From 9f9b7554ed47bc38571b3eea68acd41d0c4febf7 Mon Sep 17 00:00:00 2001 From: atm-lena Date: Wed, 17 Feb 2021 11:00:14 +0100 Subject: [PATCH 09/54] FIX error commit : only type user --- htdocs/compta/bank/bankentries_list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index a1cc5b5b121..99e6750101d 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -1406,7 +1406,7 @@ if ($resql) if($links[$key]['type'] == 'payment_salary') $type_link = 'payment_salary'; } - $sqlu = "SELECT url_id FROM ".MAIN_DB_PREFIX."bank_url WHERE fk_bank=".$objp->rowid." AND (type='user' OR type='salary')"; + $sqlu = "SELECT url_id FROM ".MAIN_DB_PREFIX."bank_url WHERE fk_bank=".$objp->rowid." AND type='user'"; $resqlu = $db->query($sqlu); if($resqlu) { From 7f0dc9e894cad324b0814a74f9b86d1b44e59c64 Mon Sep 17 00:00:00 2001 From: Florian Mortgat Date: Wed, 17 Feb 2021 11:58:22 +0100 Subject: [PATCH 10/54] FIX possible warning --- htdocs/projet/class/task.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index a2e670906ca..39a572e6510 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -390,7 +390,7 @@ class Task extends CommonObject } } - if (!$error && $conf->global->PROJECT_CLASSIFY_CLOSED_WHEN_ALL_TASKS_DONE) { + if (!$error && !empty($conf->global->PROJECT_CLASSIFY_CLOSED_WHEN_ALL_TASKS_DONE)) { // Close the parent project if it is open (validated) and its tasks are 100% completed $project = new Project($this->db); if ($project->fetch($this->fk_project) > 0 && $project->statut == Project::STATUS_VALIDATED) { From 060bfde08237648902000d44bc2089d68d6025e5 Mon Sep 17 00:00:00 2001 From: Anthony Berton <34568357+bb2a@users.noreply.github.com> Date: Wed, 17 Feb 2021 15:26:56 +0100 Subject: [PATCH 11/54] 20200217 --- htdocs/adherents/class/adherent.class.php | 1 + htdocs/societe/class/societe.class.php | 1 + htdocs/user/class/user.class.php | 3 +++ 3 files changed, 5 insertions(+) diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 8e5cdbe8067..bd09dd4e5a8 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -627,6 +627,7 @@ class Adherent extends CommonObject $this->address = ($this->address ? $this->address : $this->address); $this->zip = ($this->zip ? $this->zip : $this->zip); $this->town = ($this->town ? $this->town : $this->town); + $this->setUpperOrLowerCase(); $this->country_id = ($this->country_id > 0 ? $this->country_id : $this->country_id); $this->state_id = ($this->state_id > 0 ? $this->state_id : $this->state_id); $this->setUpperOrLowerCase(); diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index c4d355ab62c..f855a80ef7f 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -984,6 +984,7 @@ class Societe extends CommonObject $contact->email = $this->email; $contact->zip = $this->zip; $contact->town = $this->town; + $this->setUpperOrLowerCase(); $contact->phone_pro = $this->phone; $contactId = $contact->create($user); diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 8f8f8c67ca8..12b5c1f87ff 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -1402,6 +1402,7 @@ class User extends CommonObject $this->address = $contact->address; $this->zip = $contact->zip; $this->town = $contact->town; + $this->setUpperOrLowerCase(); $this->state_id = $contact->state_id; $this->country_id = $contact->country_id; $this->employee = 0; @@ -1480,6 +1481,7 @@ class User extends CommonObject $this->address = $member->address; $this->zip = $member->zip; $this->town = $member->town; + $this->setUpperOrLowerCase(); $this->state_id = $member->state_id; $this->country_id = $member->country_id; $this->socialnetworks = $member->socialnetworks; @@ -1637,6 +1639,7 @@ class User extends CommonObject $this->address = empty($this->address) ? '' : $this->address; $this->zip = empty($this->zip) ? '' : $this->zip; $this->town = empty($this->town) ? '' : $this->town; + $this->setUpperOrLowerCase(); $this->accountancy_code = trim($this->accountancy_code); $this->color = empty($this->color) ? '' : $this->color; $this->dateemployment = empty($this->dateemployment) ? '' : $this->dateemployment; From ae9582286d86b736e07732e27ded9c1cf4e2fff5 Mon Sep 17 00:00:00 2001 From: Anthony Berton <34568357+bb2a@users.noreply.github.com> Date: Wed, 17 Feb 2021 16:39:03 +0100 Subject: [PATCH 12/54] Update user.class.php --- htdocs/user/class/user.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 12b5c1f87ff..8712bcc4615 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -1475,7 +1475,7 @@ class User extends CommonObject $this->civility_code = $member->civility_id; $this->lastname = $member->lastname; $this->firstname = $member->firstname; - $this->gender = $member->gender; + $this->gender = $member->gender; $this->email = $member->email; $this->fk_member = $member->id; $this->address = $member->address; From fc3cc915ee179062ad1555228bec00c4a4c0a560 Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Wed, 17 Feb 2021 18:29:56 +0100 Subject: [PATCH 13/54] new_add_field_product_export --- htdocs/core/modules/modProduct.class.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/htdocs/core/modules/modProduct.class.php b/htdocs/core/modules/modProduct.class.php index 27d44160949..d4a47ca707d 100644 --- a/htdocs/core/modules/modProduct.class.php +++ b/htdocs/core/modules/modProduct.class.php @@ -192,6 +192,7 @@ class modProduct extends DolibarrModules 'p.duration'=>"Duration", 'p.finished' => 'Nature', 'p.price_base_type'=>"PriceBase", 'p.price'=>"UnitPriceHT", 'p.price_ttc'=>"UnitPriceTTC", + 'p.price_min'=>"MinPriceHT",'p.price_min_ttc'=>"MinPriceTTC", 'p.tva_tx'=>'VATRate', 'p.datec'=>'DateCreation', 'p.tms'=>'DateModification' ); @@ -216,7 +217,9 @@ class modProduct extends DolibarrModules 'p.customcode'=>'Text', 'p.duration'=>"Text", 'p.finished' => 'Numeric', - 'p.price_base_type'=>"Text", 'p.price'=>"Numeric", 'p.price_ttc'=>"Numeric", 'p.tva_tx'=>'Numeric', + 'p.price_base_type'=>"Text", 'p.price'=>"Numeric", 'p.price_ttc'=>"Numeric", + 'p.price_min'=>"Numeric", 'p.price_min_ttc'=>"Numeric", + 'p.tva_tx'=>'Numeric', 'p.datec'=>'Date', 'p.tms'=>'Date' ); if (!empty($conf->stock->enabled)) $this->export_TypeFields_array[$r] = array_merge($this->export_TypeFields_array[$r], array('e.ref'=>'Text', 'p.tobatch'=>'Numeric', 'p.stock'=>'Numeric', 'p.seuil_stock_alerte'=>'Numeric', 'p.desiredstock'=>'Numeric', 'p.pmp'=>'Numeric', 'p.cost_price'=>'Numeric')); From 8673f7625f102384db457ec7eddb821944080e94 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Wed, 17 Feb 2021 17:36:29 +0000 Subject: [PATCH 14/54] Fixing style errors. --- htdocs/core/modules/modProduct.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/modules/modProduct.class.php b/htdocs/core/modules/modProduct.class.php index d4a47ca707d..a55c824a8ee 100644 --- a/htdocs/core/modules/modProduct.class.php +++ b/htdocs/core/modules/modProduct.class.php @@ -217,7 +217,7 @@ class modProduct extends DolibarrModules 'p.customcode'=>'Text', 'p.duration'=>"Text", 'p.finished' => 'Numeric', - 'p.price_base_type'=>"Text", 'p.price'=>"Numeric", 'p.price_ttc'=>"Numeric", + 'p.price_base_type'=>"Text", 'p.price'=>"Numeric", 'p.price_ttc'=>"Numeric", 'p.price_min'=>"Numeric", 'p.price_min_ttc'=>"Numeric", 'p.tva_tx'=>'Numeric', 'p.datec'=>'Date', 'p.tms'=>'Date' From f5b162a99260ee5202a9d1f8ab8a14733fcfa53a Mon Sep 17 00:00:00 2001 From: daraelmin Date: Thu, 18 Feb 2021 08:10:14 +0100 Subject: [PATCH 15/54] FIX 16165 Create customer discount without vat --- htdocs/core/class/discount.class.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php index 9f901ed3452..af336c38745 100644 --- a/htdocs/core/class/discount.class.php +++ b/htdocs/core/class/discount.class.php @@ -222,6 +222,7 @@ class DiscountAbsolute if (empty($this->multicurrency_amount_ht)) $this->multicurrency_amount_ht = 0; if (empty($this->multicurrency_amount_tva)) $this->multicurrency_amount_tva = 0; if (empty($this->multicurrency_amount_ttc)) $this->multicurrency_amount_ttc = 0; + if (empty($this->tva_tx)) $this->tva_tx = 0; // Check parameters if (empty($this->description)) From 1795435d6bfbdc33e66758fb4521339ce17b7ed8 Mon Sep 17 00:00:00 2001 From: Anthony Berton <34568357+bb2a@users.noreply.github.com> Date: Thu, 18 Feb 2021 08:45:48 +0100 Subject: [PATCH 16/54] Change erreur --- htdocs/adherents/class/adherent.class.php | 1 - 1 file changed, 1 deletion(-) diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index bd09dd4e5a8..8e5cdbe8067 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -627,7 +627,6 @@ class Adherent extends CommonObject $this->address = ($this->address ? $this->address : $this->address); $this->zip = ($this->zip ? $this->zip : $this->zip); $this->town = ($this->town ? $this->town : $this->town); - $this->setUpperOrLowerCase(); $this->country_id = ($this->country_id > 0 ? $this->country_id : $this->country_id); $this->state_id = ($this->state_id > 0 ? $this->state_id : $this->state_id); $this->setUpperOrLowerCase(); From cc6a7d4834c5d4422dc89551158ae448f748c159 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 18 Feb 2021 09:05:44 +0100 Subject: [PATCH 17/54] fix unknown variable --- htdocs/core/class/html.formcompany.class.php | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/htdocs/core/class/html.formcompany.class.php b/htdocs/core/class/html.formcompany.class.php index d9d0442e49e..1569ee8af83 100644 --- a/htdocs/core/class/html.formcompany.class.php +++ b/htdocs/core/class/html.formcompany.class.php @@ -1022,11 +1022,10 @@ class FormCompany extends Form public function formThirdpartyType($page, $selected = '', $htmlname = 'socid', $filter = '', $nooutput = 0) { // phpcs:enable - global $langs; + global $conf, $langs; $out = ''; - if ($htmlname != "none") - { + if ($htmlname != "none") { $out .= '
'; $out .= ''; $out .= ''; @@ -1035,8 +1034,7 @@ class FormCompany extends Form $out .= ''; $out .= '
'; } else { - if ($selected) - { + if ($selected) { $arr = $this->typent_array(0); $typent = $arr[$selected]; $out .= $typent; @@ -1045,7 +1043,10 @@ class FormCompany extends Form } } - if ($nooutput) return $out; - else print $out; + if ($nooutput) { + return $out; + } else { + print $out; + } } } From 35dc1e7d4f0f96e834552e1033bb77cf0991f8e4 Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Thu, 18 Feb 2021 11:04:37 +0100 Subject: [PATCH 18/54] with new phpoffice col start at 1 not 0 --- htdocs/core/modules/import/import_xlsx.modules.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/core/modules/import/import_xlsx.modules.php b/htdocs/core/modules/import/import_xlsx.modules.php index 6c0bcc0f4b1..9d3c4e2b94e 100644 --- a/htdocs/core/modules/import/import_xlsx.modules.php +++ b/htdocs/core/modules/import/import_xlsx.modules.php @@ -173,7 +173,7 @@ class ImportXlsx extends ModeleImports $this->workbook->getActiveSheet()->getStyle('1')->getFont()->setBold(true); $this->workbook->getActiveSheet()->getStyle('1')->getAlignment()->setHorizontal(Alignment::HORIZONTAL_LEFT); - $col = 0; + $col = 1; foreach ($headerlinefields as $field) { $this->workbook->getActiveSheet()->SetCellValueByColumnAndRow($col, 1, $outputlangs->transnoentities($field)); // set autowidth @@ -195,7 +195,7 @@ class ImportXlsx extends ModeleImports public function write_record_example($outputlangs, $contentlinevalues) { // phpcs:enable - $col = 0; + $col = 1; $row = 2; foreach ($contentlinevalues as $cell) { $this->workbook->getActiveSheet()->SetCellValueByColumnAndRow($col, $row, $cell); @@ -289,7 +289,7 @@ class ImportXlsx extends ModeleImports $xlsx = new Xlsx(); $info = $xlsx->listWorksheetinfo($this->file); $countcolumns = $info[0]['totalColumns']; - for ($col = 0; $col < $countcolumns; $col++) { + for ($col = 1; $col <= $countcolumns; $col++) { $this->headers[$col] = $this->workbook->getActiveSheet()->getCellByColumnAndRow($col, 1)->getValue(); } return 0; @@ -314,7 +314,7 @@ class ImportXlsx extends ModeleImports $xlsx = new Xlsx(); $info = $xlsx->listWorksheetinfo($this->file); $countcolumns = $info[0]['totalColumns']; - for ($col = 0; $col < $countcolumns; $col++) { + for ($col = 1; $col <= $countcolumns; $col++) { $val = $this->workbook->getActiveSheet()->getCellByColumnAndRow($col, $this->record)->getValue(); $array[$col]['val'] = $val; $array[$col]['type'] = (dol_strlen($val) ? 1 : -1); // If empty we consider it null From de2d5c7188de18c458545c7edb830b418ebc4d9e Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Thu, 18 Feb 2021 12:24:24 +0100 Subject: [PATCH 19/54] fix sample xls file --- htdocs/core/modules/modProduct.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/modules/modProduct.class.php b/htdocs/core/modules/modProduct.class.php index f92d9b30890..27446890043 100644 --- a/htdocs/core/modules/modProduct.class.php +++ b/htdocs/core/modules/modProduct.class.php @@ -749,13 +749,13 @@ class modProduct extends DolibarrModules $this->import_convertvalue_array[$r] = array( 'pr.fk_product'=>array('rule'=>'fetchidfromref', 'classfile'=>'/product/class/product.class.php', 'class'=>'Product', 'method'=>'fetch', 'element'=>'Product') ); - $this->import_examplevalues_array[$r] = array('pr.fk_product'=>"PRODUCT_REF or id:123456", + $this->import_examplevalues_array[$r] = array('pr.fk_product'=>"ref:PRODUCT_REF or id:123456", 'pr.price_base_type'=>"HT (for excl tax) or TTC (for inc tax)", 'pr.price_level'=>"1", 'pr.price'=>"100", 'pr.price_ttc'=>"110", 'pr.price_min'=>"100", 'pr.price_min_ttc'=>"110", 'pr.tva_tx'=>'20', 'pr.recuperableonly'=>'0', - 'pr.date_price'=>'2013-04-10'); + 'pr.date_price'=>'2020-12-31'); } if (!empty($conf->global->MAIN_MULTILANGS)) From 58a1904c155b4892fc06bf91e403df68f8b7d593 Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Thu, 18 Feb 2021 12:48:06 +0100 Subject: [PATCH 20/54] fix column count --- .../modules/import/import_xlsx.modules.php | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/htdocs/core/modules/import/import_xlsx.modules.php b/htdocs/core/modules/import/import_xlsx.modules.php index 9d3c4e2b94e..ebe0486d97c 100644 --- a/htdocs/core/modules/import/import_xlsx.modules.php +++ b/htdocs/core/modules/import/import_xlsx.modules.php @@ -372,7 +372,7 @@ class ImportXlsx extends ModeleImports //var_dump($sort_array_match_file_to_database); - if (count($arrayrecord) == 0 || (count($arrayrecord) == 1 && empty($arrayrecord[0]['val']))) { + if (count($arrayrecord) == 0 || (count($arrayrecord) == 1 && empty($arrayrecord[1]['val']))) { //print 'W'; $this->warnings[$warning]['lib'] = $langs->trans('EmptyLine'); $this->warnings[$warning]['type'] = 'EMPTY'; @@ -401,7 +401,7 @@ class ImportXlsx extends ModeleImports else $tablewithentity_cache[$tablename] = 0; // table does not contains entity field } else dol_print_error($this->db); } else { - //dol_syslog("Table ".$tablename." check for entity into cache is ".$tablewithentity_cache[$tablename]); + dol_syslog("Table ".$tablename." check for entity into cache is ".$tablewithentity_cache[$tablename]); } // array of fields to column index @@ -420,7 +420,7 @@ class ImportXlsx extends ModeleImports if ($key <= $maxfields) { // Set $newval with value to insert and set $listvalues with sql request part for insert $newval = ''; - if ($arrayrecord[($key - 1)]['type'] > 0) $newval = $arrayrecord[($key - 1)]['val']; // If type of field into input file is not empty string (so defined into input file), we get value + if ($arrayrecord[($key)]['type'] > 0) $newval = $arrayrecord[($key)]['val']; // If type of field into input file is not empty string (so defined into input file), we get value // Make some tests on $newval @@ -572,21 +572,21 @@ class ImportXlsx extends ModeleImports $newval = $this->thirpartyobject->code_client; //print 'code_client='.$newval; } - if (empty($newval)) $arrayrecord[($key - 1)]['type'] = -1; // If we get empty value, we will use "null" + if (empty($newval)) $arrayrecord[($key)]['type'] = -1; // If we get empty value, we will use "null" } elseif ($objimport->array_import_convertvalue[0][$val]['rule'] == 'getsuppliercodeifauto') { if (strtolower($newval) == 'auto') { $newval = $this->thirpartyobject->get_codefournisseur(0, 1); $newval = $this->thirpartyobject->code_fournisseur; //print 'code_fournisseur='.$newval; } - if (empty($newval)) $arrayrecord[($key - 1)]['type'] = -1; // If we get empty value, we will use "null" + if (empty($newval)) $arrayrecord[($key)]['type'] = -1; // If we get empty value, we will use "null" } elseif ($objimport->array_import_convertvalue[0][$val]['rule'] == 'getcustomeraccountancycodeifauto') { if (strtolower($newval) == 'auto') { $this->thirpartyobject->get_codecompta('customer'); $newval = $this->thirpartyobject->code_compta; //print 'code_compta='.$newval; } - if (empty($newval)) $arrayrecord[($key - 1)]['type'] = -1; // If we get empty value, we will use "null" + if (empty($newval)) $arrayrecord[($key)]['type'] = -1; // If we get empty value, we will use "null" } elseif ($objimport->array_import_convertvalue[0][$val]['rule'] == 'getsupplieraccountancycodeifauto') { if (strtolower($newval) == 'auto') { $this->thirpartyobject->get_codecompta('supplier'); @@ -594,7 +594,7 @@ class ImportXlsx extends ModeleImports if (empty($newval)) $arrayrecord[($key - 1)]['type'] = -1; // If we get empty value, we will use "null" //print 'code_compta_fournisseur='.$newval; } - if (empty($newval)) $arrayrecord[($key - 1)]['type'] = -1; // If we get empty value, we will use "null" + if (empty($newval)) $arrayrecord[($key)]['type'] = -1; // If we get empty value, we will use "null" } elseif ($objimport->array_import_convertvalue[0][$val]['rule'] == 'getrefifauto') { $defaultref = ''; // TODO provide the $modTask (module of generation of ref) as parameter of import_insert function @@ -624,7 +624,7 @@ class ImportXlsx extends ModeleImports $errorforthistable++; $error++; } else { - $newval = $arrayrecord[($key - 1)]['val']; //We get new value computed. + $newval = $arrayrecord[($key)]['val']; //We get new value computed. } } elseif ($objimport->array_import_convertvalue[0][$val]['rule'] == 'numeric') { $newval = price2num($newval); @@ -695,8 +695,8 @@ class ImportXlsx extends ModeleImports $listfields[] = $fieldname; // Note: arrayrecord (and 'type') is filled with ->import_read_record called by import.php page before calling import_insert - if (empty($newval) && $arrayrecord[($key - 1)]['type'] < 0) $listvalues[] = ($newval == '0' ? $newval : "null"); - elseif (empty($newval) && $arrayrecord[($key - 1)]['type'] == 0) $listvalues[] = "''"; + if (empty($newval) && $arrayrecord[($key)]['type'] < 0) $listvalues[] = ($newval == '0' ? $newval : "null"); + elseif (empty($newval) && $arrayrecord[($key)]['type'] == 0) $listvalues[] = "''"; else $listvalues[] = "'" . $this->db->escape($newval) . "'"; } $i++; From 6fe9b589ed4eac1d979628ab958e7652af3de735 Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Thu, 18 Feb 2021 12:50:15 +0100 Subject: [PATCH 21/54] fix sample product import files --- htdocs/core/modules/modProduct.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/modules/modProduct.class.php b/htdocs/core/modules/modProduct.class.php index 27446890043..78f638b1821 100644 --- a/htdocs/core/modules/modProduct.class.php +++ b/htdocs/core/modules/modProduct.class.php @@ -547,7 +547,7 @@ class modProduct extends DolibarrModules // field order as per structure of table llx_product $import_sample = array( - 'p.ref' => "PREF123456", + 'p.ref' => "ref:PREF123456", 'p.datec' => dol_print_date(dol_now(), '%Y-%m-%d'), 'p.label' => "Product name in default language", 'p.description' => "Product description in default language", @@ -687,7 +687,7 @@ class modProduct extends DolibarrModules ); $this->import_examplevalues_array[$r] = array( - 'sp.fk_product' => "PRODUCT_REF or id:123456", + 'sp.fk_product' => "ref:PRODUCT_REF or id:123456", 'sp.fk_soc' => "My Supplier", 'sp.ref_fourn' => "XYZ-F123456", 'sp.quantity' => "5", From 9cdb6ce31c9002a34cf37eed8137c4a182b1462c Mon Sep 17 00:00:00 2001 From: atm-lena Date: Thu, 18 Feb 2021 17:35:09 +0100 Subject: [PATCH 22/54] WIP --- htdocs/compta/bank/bankentries_list.php | 28 +++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index 99e6750101d..2b531634d37 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -476,9 +476,7 @@ else $sql = "SELECT b.rowid, b.dateo as do, b.datev as dv, b.amount, b.label, b.rappro as conciliated, b.num_releve, b.num_chq,"; $sql .= " b.fk_account, b.fk_type,"; -$sql .= " ba.rowid as bankid, ba.ref as bankref,"; -$sql .= " bu.url_id, bu.type as type_url,"; -$sql .= " s.nom, s.name_alias, s.client, s.fournisseur, s.email, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur"; +$sql .= " ba.rowid as bankid, ba.ref as bankref"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); @@ -492,8 +490,6 @@ if ($search_bid > 0) $sql .= MAIN_DB_PREFIX."bank_class as l,"; $sql .= " ".MAIN_DB_PREFIX."bank_account as ba,"; $sql .= " ".MAIN_DB_PREFIX."bank as b"; if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$object->table_element."_extrafields as ef on (b.rowid = ef.fk_object)"; -$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_url as bu ON bu.fk_bank = b.rowid AND type = 'company'"; -$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON bu.url_id = s.rowid"; $sql .= " WHERE b.fk_account = ba.rowid"; $sql .= " AND ba.entity IN (".getEntity('bank_account').")"; if ($search_account > 0) $sql .= " AND b.fk_account = ".$search_account; @@ -507,7 +503,22 @@ if ($search_ref) $sql .= natural_search("b.rowid", $search_ref, 1); if ($search_req_nb) $sql .= natural_search("b.num_chq", $search_req_nb); if ($search_num_releve) $sql .= natural_search("b.num_releve", $search_num_releve); if ($search_conciliated != '' && $search_conciliated != '-1') $sql .= " AND b.rappro = ".$search_conciliated; -if ($search_thirdparty_user) $sql .= natural_search(array("s.nom", "u.firstname", "u.lastname"), $search_thirdparty_user); +if ($search_thirdparty_user) { + + $sql.= " AND (b.rowid IN "; + $sql.= " ( SELECT bu.fk_bank FROM ".MAIN_DB_PREFIX."bank_url AS bu"; + $sql.= " JOIN ".MAIN_DB_PREFIX."bank AS b2 ON b2.rowid = bu.fk_bank"; + $sql.= " JOIN ".MAIN_DB_PREFIX."user AS subUser ON (bu.type = 'user' AND bu.url_id = subUser.rowid)"; + $sql.= " WHERE ". natural_search(array("subUser.firstname", "subUser.lastname"), $search_thirdparty_user, '', 1)."))"; + + $sql.= " OR b.rowid IN "; + $sql.= " ( SELECT bu.fk_bank FROM ".MAIN_DB_PREFIX."bank_url AS bu"; + $sql.= " JOIN ".MAIN_DB_PREFIX."bank AS b2 ON b2.rowid = bu.fk_bank"; + $sql.= " JOIN ".MAIN_DB_PREFIX."societe AS subSoc ON (bu.type = 'company' AND bu.url_id = subSoc.rowid)"; + $sql.= " WHERE ". natural_search(array("subSoc.nom"), $search_thirdparty_user, '', 1); + $sql.= ")"; + +} if ($search_description) { $search_description_to_use = $search_description; @@ -1009,6 +1020,11 @@ if ($resql) $objp = $db->fetch_object($resql); $links = $bankaccountstatic->get_url($objp->rowid); + $sqlbu = "SELECT url_id, 'type' FROM ".MAIN_DB_PREFIX."bank_url WHERE fk_bank =".$objp->rowid; + $resqlbu = $db->query($sqlbu); + + //TODO : récupérer les informations sur la société et le url_id et url_type : apparemment c'est que pour la société alors voir dans la partie "ThirdParty" !! + // If we are in a situation where we need/can show balance, we calculate the start of balance if (!$balancecalculated && (!empty($arrayfields['balancebefore']['checked']) || !empty($arrayfields['balance']['checked'])) && $mode_balance_ok) { From b8fabd90f85f717c39b8b752a82b94a742636225 Mon Sep 17 00:00:00 2001 From: andreubisquerra Date: Thu, 18 Feb 2021 19:02:16 +0100 Subject: [PATCH 23/54] NEW Use captcha on public page to create ticket --- htdocs/core/class/html.formticket.class.php | 12 ++++++++++++ htdocs/public/ticket/create_ticket.php | 11 +++++++++++ 2 files changed, 23 insertions(+) diff --git a/htdocs/core/class/html.formticket.class.php b/htdocs/core/class/html.formticket.class.php index c310c352690..f1022d01ba2 100644 --- a/htdocs/core/class/html.formticket.class.php +++ b/htdocs/core/class/html.formticket.class.php @@ -247,6 +247,18 @@ class FormTicket $doleditor->Create(); print ''; + if ($conf->global->MAIN_SECURITY_ENABLECAPTCHA) { + require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''.img_picto($langs->trans("Refresh"), 'refresh', 'id="captcha_refresh_img"').''; + print ''; + print ''; + } // Attached files if (!empty($this->withfile)) { diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index 1c81faca1ad..06984316cef 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -142,6 +142,17 @@ if (empty($reshook) && $action == 'create_ticket' && GETPOST('add', 'alpha')) { array_push($object->errors, $langs->trans("ErrorBadEmailAddress", $langs->transnoentities("email"))); $action = ''; } + + // Check Captcha code if is enabled + if (!empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA)) { + $sessionkey = 'dol_antispam_value'; + $ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) == strtolower($_POST['code']))); + if (!$ok) { + $error++; + array_push($object->errors, $langs->trans("ErrorBadValueForCode")); + $action = ''; + } + } if (!$error) { $object->db->begin(); From 6e7fd67f379e6f7173c6b1a6f0397c01ae43e0aa Mon Sep 17 00:00:00 2001 From: andreubisquerra Date: Thu, 18 Feb 2021 19:27:50 +0100 Subject: [PATCH 24/54] Fix travis --- htdocs/public/ticket/create_ticket.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index 06984316cef..46cc1d082e8 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -142,7 +142,7 @@ if (empty($reshook) && $action == 'create_ticket' && GETPOST('add', 'alpha')) { array_push($object->errors, $langs->trans("ErrorBadEmailAddress", $langs->transnoentities("email"))); $action = ''; } - + // Check Captcha code if is enabled if (!empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA)) { $sessionkey = 'dol_antispam_value'; From cafc6a3da2c2f785351faccbe12d6f74fb2a4cd5 Mon Sep 17 00:00:00 2001 From: ptibogxiv Date: Thu, 18 Feb 2021 20:04:09 +0100 Subject: [PATCH 25/54] Fix multientity in cash fence report MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit it make no sense to merge cash fence in différent entity with same terminal number. --- htdocs/compta/cashcontrol/report.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/cashcontrol/report.php b/htdocs/compta/cashcontrol/report.php index 51438b3be6e..0946d3333ce 100644 --- a/htdocs/compta/cashcontrol/report.php +++ b/htdocs/compta/cashcontrol/report.php @@ -107,7 +107,7 @@ $sql .= " WHERE pf.fk_facture = f.rowid AND p.rowid = pf.fk_paiement AND cp.id = $sql .= " AND f.module_source = '".$db->escape($posmodule)."'"; $sql .= " AND f.pos_source = '".$db->escape($terminalid)."'"; $sql .= " AND f.paye = 1"; -$sql .= " AND p.entity IN (".getEntity('facture').")"; +$sql .= " AND p.entity = ".$conf->entity; /*if ($key == 'cash') $sql.=" AND cp.code = 'LIQ'"; elseif ($key == 'cheque') $sql.=" AND cp.code = 'CHQ'"; elseif ($key == 'card') $sql.=" AND cp.code = 'CB'"; From 57e9277376737553453653230dbd0d1753befe01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Mestre?= Date: Thu, 18 Feb 2021 16:23:18 -0300 Subject: [PATCH 26/54] Fixed Bank Account filter resets on payment various Changed GET search bank account GET parameter from search_amount to search_account --- htdocs/compta/bank/various_payment/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/bank/various_payment/list.php b/htdocs/compta/bank/various_payment/list.php index 2960a27583c..84315c35f16 100644 --- a/htdocs/compta/bank/various_payment/list.php +++ b/htdocs/compta/bank/various_payment/list.php @@ -161,7 +161,7 @@ if ($result) if ($typeid > 0) $param .= '&typeid='.urlencode($typeid); if ($search_amount_deb) $param .= '&search_amount_deb='.urlencode($search_amount_deb); if ($search_amount_cred) $param .= '&search_amount_cred='.urlencode($search_amount_cred); - if ($search_account > 0) $param .= '&search_amount='.urlencode($search_account); + if ($search_account > 0) $param .= '&search_account='.urlencode($search_account); if ($search_accountancy_account > 0) $param .= '&search_accountancy_account='.urlencode($search_accountancy_account); if ($search_accountancy_subledger > 0) $param .= '&search_accountancy_subledger='.urlencode($search_accountancy_subledger); From d709b9720726640f1bf8d7c1484cc62147f12f65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Mestre?= Date: Thu, 18 Feb 2021 16:27:38 -0300 Subject: [PATCH 27/54] Fixed Bank Account filter resets on payment various Changed GET search bank account GET parameter from search_amount to search_account --- htdocs/compta/bank/various_payment/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/bank/various_payment/list.php b/htdocs/compta/bank/various_payment/list.php index 0790f149da4..3990c968806 100644 --- a/htdocs/compta/bank/various_payment/list.php +++ b/htdocs/compta/bank/various_payment/list.php @@ -251,7 +251,7 @@ if ($result) if ($typeid > 0) $param .= '&typeid='.urlencode($typeid); if ($search_amount_deb) $param .= '&search_amount_deb='.urlencode($search_amount_deb); if ($search_amount_cred) $param .= '&search_amount_cred='.urlencode($search_amount_cred); - if ($search_bank_account > 0) $param .= '&search_amount='.urlencode($search_bank_account); + if ($search_bank_account > 0) $param .= '&search_account='.urlencode($search_bank_account); if ($search_accountancy_account > 0) $param .= '&search_accountancy_account='.urlencode($search_accountancy_account); if ($search_accountancy_subledger > 0) $param .= '&search_accountancy_subledger='.urlencode($search_accountancy_subledger); From f462455e8944a81ce60168b858c7c1543abc082c Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Thu, 18 Feb 2021 21:39:25 +0100 Subject: [PATCH 28/54] NEW: Add option CONTRACT_ALLOW_EXTERNAL_DOWNLOAD --- htdocs/contrat/card.php | 6 ++++++ htdocs/core/class/commonobject.class.php | 3 +++ htdocs/core/lib/functions.lib.php | 6 ++++++ 3 files changed, 15 insertions(+) diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index 0c4a683ae33..cd1db0bbc9a 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -2150,6 +2150,12 @@ if ($action == 'create') $linktoelem = $form->showLinkToObjectBlock($object, null, array('contrat')); $somethingshown = $form->showLinkedObjectBlock($object, $linktoelem); + // Show direct download link + if ($object->statut != Contrat::STATUS_DRAFT && !empty($conf->global->CONTRACT_ALLOW_EXTERNAL_DOWNLOAD)) + { + print '
'."\n"; + print showDirectDownloadLink($object).'
'; + } print '
'; diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 08391a4a797..0c0de66840b 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -4884,6 +4884,9 @@ abstract class CommonObject if ($this->element == 'bank_account' && !empty($conf->global->BANK_ACCOUNT_ALLOW_EXTERNAL_DOWNLOAD)) { $setsharekey = true; } + if ($this->element == 'contrat' && !empty($conf->global->CONTRACT_ALLOW_EXTERNAL_DOWNLOAD)) { + $setsharekey = true; + } if ($setsharekey) { if (empty($ecmfile->share)) // Because object not found or share not set yet diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 84a4e6ace5c..d823d685392 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -6553,6 +6553,7 @@ function getCommonSubstitutionArray($outputlangs, $onlykey = 0, $exclude = null, if (is_object($object) && $object->element == 'commande') $typeforonlinepayment = 'order'; if (is_object($object) && $object->element == 'facture') $typeforonlinepayment = 'invoice'; if (is_object($object) && $object->element == 'member') $typeforonlinepayment = 'member'; + if (is_object($object) && $object->element == 'contrat') $typeforonlinepayment = 'contract'; $url = getOnlinePaymentUrl(0, $typeforonlinepayment, $substitutionarray['__REF__']); $paymenturl = $url; } @@ -6574,10 +6575,15 @@ function getCommonSubstitutionArray($outputlangs, $onlykey = 0, $exclude = null, { $substitutionarray['__DIRECTDOWNLOAD_URL_INVOICE__'] = $object->getLastMainDocLink($object->element); } else $substitutionarray['__DIRECTDOWNLOAD_URL_INVOICE__'] = ''; + if (!empty($conf->global->CONTRACT_ALLOW_EXTERNAL_DOWNLOAD) && is_object($object) && $object->element == 'contrat') + { + $substitutionarray['__DIRECTDOWNLOAD_URL_CONTRACT__'] = $object->getLastMainDocLink($object->element); + } else $substitutionarray['__DIRECTDOWNLOAD_URL_CONTRACT__'] = ''; if (is_object($object) && $object->element == 'propal') $substitutionarray['__URL_PROPOSAL__'] = DOL_MAIN_URL_ROOT."/comm/propal/card.php?id=".$object->id; if (is_object($object) && $object->element == 'commande') $substitutionarray['__URL_ORDER__'] = DOL_MAIN_URL_ROOT."/commande/card.php?id=".$object->id; if (is_object($object) && $object->element == 'facture') $substitutionarray['__URL_INVOICE__'] = DOL_MAIN_URL_ROOT."/compta/facture/card.php?id=".$object->id; + if (is_object($object) && $object->element == 'contrat') $substitutionarray['__URL_CONTRACT__'] = DOL_MAIN_URL_ROOT."/contrat/card.php?id=".$object->id; } if (is_object($object) && $object->element == 'action') From 8696bebee19904bc6dbefa941cb29210f712a87a Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Thu, 18 Feb 2021 22:05:46 +0100 Subject: [PATCH 29/54] NEW: Update list of taxes by default for France --- .../mysql/data/llx_c_chargesociales.sql | 25 +++++++++---------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/htdocs/install/mysql/data/llx_c_chargesociales.sql b/htdocs/install/mysql/data/llx_c_chargesociales.sql index 324223b274d..7c5e325a22b 100644 --- a/htdocs/install/mysql/data/llx_c_chargesociales.sql +++ b/htdocs/install/mysql/data/llx_c_chargesociales.sql @@ -33,19 +33,18 @@ -- -- France -- -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 1, 'Allocations familiales', 1,1,'TAXFAM' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 2, 'CSG Deductible', 1,1,'TAXCSGD' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 3, 'CSG/CRDS NON Deductible',0,1,'TAXCSGND' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 10, 'Taxe apprentissage', 0,1,'TAXAPP' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 11, 'Taxe professionnelle', 0,1,'TAXPRO' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 12, 'Cotisation fonciere des entreprises', 0,1,'TAXCFE' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 13, 'Cotisation sur la valeur ajoutee des entreprises', 0,1,'TAXCVAE' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 20, 'Impots locaux/fonciers', 0,1,'TAXFON' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 25, 'Impots revenus', 0,1,'TAXREV' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 30, 'Assurance Sante', 0,1,'TAXSECU' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 40, 'Mutuelle', 0,1,'TAXMUT' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 50, 'Assurance vieillesse', 0,1,'TAXRET' ,'1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 60, 'Assurance Chomage', 0,1,'TAXCHOM' ,'1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 1, 'Securite sociale (URSSAF / MSA)', 1, 1, 'TAXSECU', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 2, 'Securite sociale des indépendants (URSSAF)', 1, 1, 'TAXSSI', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 10, 'Taxe apprentissage', 1, 1, 'TAXAPP', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 11, 'Formation professionnelle continue', 1, 1, 'TAXFPC', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 12, 'Cotisation fonciere des entreprises (CFE)', 1, 1, 'TAXCFE', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 13, 'Cotisation sur la valeur ajoutee des entreprises (CVAE)', 1, 1, 'TAXCVAE', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 20, 'Taxe fonciere', 1, 1, 'TAXFON', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 25, 'Prelevement à la source (PAS)', 0, 1, 'TAXPAS', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 30, 'Prevoyance', 1, 1,'TAXPREV', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 40, 'Mutuelle', 1, 1,'TAXMUT', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 50, 'Retraite', 1, 1,'TAXRET', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 50, 'Taxe sur vehicule societe (TVS)', 0, 1, 'TAXTVS', '1'); -- -- Belgique From 3f08a9dcde5d25b25a8c4987ab94368236471c38 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Thu, 18 Feb 2021 22:08:31 +0100 Subject: [PATCH 30/54] Add IS --- htdocs/install/mysql/data/llx_c_chargesociales.sql | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/install/mysql/data/llx_c_chargesociales.sql b/htdocs/install/mysql/data/llx_c_chargesociales.sql index 7c5e325a22b..b728d9c6414 100644 --- a/htdocs/install/mysql/data/llx_c_chargesociales.sql +++ b/htdocs/install/mysql/data/llx_c_chargesociales.sql @@ -44,7 +44,8 @@ insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 30, 'Prevoyance', 1, 1,'TAXPREV', '1'); insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 40, 'Mutuelle', 1, 1,'TAXMUT', '1'); insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 50, 'Retraite', 1, 1,'TAXRET', '1'); -insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 50, 'Taxe sur vehicule societe (TVS)', 0, 1, 'TAXTVS', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 60, 'Taxe sur vehicule societe (TVS)', 0, 1, 'TAXTVS', '1'); +insert into llx_c_chargesociales (id, libelle, deductible, active, code, fk_pays) values ( 70, 'impôts sur les sociétés (IS)', 0, 1, 'TAXIS', '1'); -- -- Belgique From 75b378edd3eda74944e3a28952b16b14b2aea608 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Thu, 18 Feb 2021 22:47:41 +0100 Subject: [PATCH 31/54] remove unused code --- htdocs/commande/contact.php | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/htdocs/commande/contact.php b/htdocs/commande/contact.php index 7df7dbea130..add4244d7dc 100644 --- a/htdocs/commande/contact.php +++ b/htdocs/commande/contact.php @@ -3,6 +3,7 @@ * Copyright (C) 2005-2011 Laurent Destailleur * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2011-2015 Philippe Grand + * Copyright (C) 2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -128,23 +129,17 @@ $userstatic = new User($db); /* */ /* *************************************************************************** */ -if ($id > 0 || !empty($ref)) -{ - $langs->trans("OrderCard"); - - if ($object->fetch($id, $ref) > 0) - { +if ($id > 0 || !empty($ref)) { + if ($object->fetch($id, $ref) > 0) { $object->fetch_thirdparty(); $head = commande_prepare_head($object); print dol_get_fiche_head($head, 'contact', $langs->trans("CustomerOrder"), -1, 'order'); - // Order card $linkback = ''.$langs->trans("BackToList").''; - $morehtmlref = '
'; // Ref customer $morehtmlref .= $form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1); From 485dd07f67d1deffe528cf08d341dd7d578029f1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 18 Feb 2021 23:13:55 +0100 Subject: [PATCH 32/54] NEW Can show the holidays on the agenda view. --- htdocs/comm/action/index.php | 261 ++++++++++--------- htdocs/core/lib/functions.lib.php | 5 +- htdocs/theme/eldy/main_menu_fa_icons.inc.php | 4 + 3 files changed, 150 insertions(+), 120 deletions(-) diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index ab712c89847..f9274189109 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -114,8 +114,7 @@ if ($status == '' && !GETPOSTISSET('search_status')) $status = (empty($conf->glo $defaultview = (empty($conf->global->AGENDA_DEFAULT_VIEW) ? 'show_month' : $conf->global->AGENDA_DEFAULT_VIEW); $defaultview = (empty($user->conf->AGENDA_DEFAULT_VIEW) ? $defaultview : $user->conf->AGENDA_DEFAULT_VIEW); if (empty($action) && !GETPOSTISSET('action')) $action = $defaultview; -if ($action == 'default') // When action is default, we want a calendar view and not the list -{ +if ($action == 'default') { // When action is default, we want a calendar view and not the list $action = (($defaultview != 'show_list') ? $defaultview : 'show_month'); } if (GETPOST('viewcal', 'restricthtml') && GETPOST('action', 'alpha') != 'show_day' && GETPOST('action', 'alpha') != 'show_week') { @@ -488,8 +487,8 @@ if (!empty($conf->use_javascript_ajax)) // If javascript on $s .= "\n".''."\n"; $s .= ''."\n"; } @@ -1964,7 +1988,6 @@ function sort_events_by_date($a, $b) { return -1; } - if ($b->type_code === 'HOLIDAY') { return 1; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 84a4e6ace5c..b22caec4633 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -3371,9 +3371,12 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ $fakey = 'fa-'.$pictowithouttext; } - if (in_array($pictowithouttext, array('dollyrevert', 'member', 'members', 'contract', 'group', 'resource', 'shipment'))) { + if (in_array($pictowithouttext, array('holiday', 'dollyrevert', 'member', 'members', 'contract', 'group', 'resource', 'shipment'))) { $morecss = 'em092'; } + if (in_array($pictowithouttext, array('holiday'))) { + $morecss = 'em088'; + } if (in_array($pictowithouttext, array('intervention', 'payment', 'loan', 'stock', 'technic'))) { $morecss = 'em080'; } diff --git a/htdocs/theme/eldy/main_menu_fa_icons.inc.php b/htdocs/theme/eldy/main_menu_fa_icons.inc.php index 53a685c096e..156da9be652 100644 --- a/htdocs/theme/eldy/main_menu_fa_icons.inc.php +++ b/htdocs/theme/eldy/main_menu_fa_icons.inc.php @@ -203,6 +203,10 @@ div.mainmenu.generic4::before { font-size: 0.92em; } +.menu_titre .em088 { + font-size: 0.88em; +} + .menu_titre .em080 { font-size: 0.80em; } From a4d9e3b9d35492336797ec03a2236edba81f0a99 Mon Sep 17 00:00:00 2001 From: atm-lena Date: Fri, 19 Feb 2021 09:33:28 +0100 Subject: [PATCH 33/54] WIP final --- htdocs/compta/bank/bankentries_list.php | 62 +++++++++---------------- 1 file changed, 21 insertions(+), 41 deletions(-) diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index 2b531634d37..92ca025a56c 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -1398,55 +1398,35 @@ if ($resql) if (!empty($arrayfields['bu.label']['checked'])) { print ''; - if ($objp->url_id) //display company - { - if($objp->type_url == 'company') { - $companystatic->id = $objp->url_id; - $companystatic->name = $objp->nom; - $companystatic->name_alias = $objp->name_alias; - $companystatic->client = $objp->client; - $companystatic->email = $objp->email; - $companystatic->fournisseur = $objp->fournisseur; - $companystatic->code_client = $objp->code_client; - $companystatic->code_fournisseur = $objp->code_fournisseur; - $companystatic->code_compta = $objp->code_compta; - $companystatic->code_compta_fournisseur = $objp->code_compta_fournisseur; - print $companystatic->getNomUrl(1); - } - } - else //display user or nothing - { + + $companylinked = 0; + $userlinked = 0; + //payment line type to define user display foreach($links as $key=>$value){ if($links[$key]['type'] == 'payment_sc') $type_link = 'payment_sc'; if($links[$key]['type'] == 'payment_salary') $type_link = 'payment_salary'; + + if($links[$key]['type'] == 'company') { + $companylinked = $links[$key]['url_id']; + } + if($links[$key]['type'] == 'user') { + $userlinked = $links[$key]['url_id']; + } } - $sqlu = "SELECT url_id FROM ".MAIN_DB_PREFIX."bank_url WHERE fk_bank=".$objp->rowid." AND type='user'"; - $resqlu = $db->query($sqlu); - - if($resqlu) { - - if($db->num_rows($resqlu) > 0 && - (($type_link == 'payment_salary' && !empty($user->rights->salaries->read)) - || ($type_link == 'payment_sc' && !empty($user->rights->tax->charges->lire)))) { - - $obj = $db->fetch_object($resqlu); - $userstatic->fetch($obj->url_id); - print $userstatic->getNomUrl(1); - - } - - else { - print ' '; - } - - } else - { - dol_print_error($db); + if($companylinked) { + $companystatic->fetch($companylinked); + print $companystatic->getNomUrl(1); + } elseif($userlinked && + (($type_link == 'payment_salary' && !empty($user->rights->salaries->read)) + || ($type_link == 'payment_sc' && !empty($user->rights->tax->charges->lire)))){ + $userstatic->fetch($userlinked); + print $userstatic->getNomUrl(1); + } else { + print ' '; } - } print ''; if (!$i) $totalarray['nbfield']++; } From d7c59edd117550c428b17c98f54aef93f9e6f532 Mon Sep 17 00:00:00 2001 From: atm-lena Date: Fri, 19 Feb 2021 09:36:15 +0100 Subject: [PATCH 34/54] Clean code --- htdocs/compta/bank/bankentries_list.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index 92ca025a56c..2cca6f3de40 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -1399,8 +1399,8 @@ if ($resql) { print ''; - $companylinked = 0; - $userlinked = 0; + $companylinked_id = 0; + $userlinked_id = 0; //payment line type to define user display foreach($links as $key=>$value){ @@ -1408,20 +1408,20 @@ if ($resql) if($links[$key]['type'] == 'payment_salary') $type_link = 'payment_salary'; if($links[$key]['type'] == 'company') { - $companylinked = $links[$key]['url_id']; + $companylinked_id = $links[$key]['url_id']; } if($links[$key]['type'] == 'user') { - $userlinked = $links[$key]['url_id']; + $userlinked_id = $links[$key]['url_id']; } } - if($companylinked) { - $companystatic->fetch($companylinked); + if($companylinked_id) { + $companystatic->fetch($companylinked_id); print $companystatic->getNomUrl(1); - } elseif($userlinked && + } elseif($userlinked_id && (($type_link == 'payment_salary' && !empty($user->rights->salaries->read)) || ($type_link == 'payment_sc' && !empty($user->rights->tax->charges->lire)))){ - $userstatic->fetch($userlinked); + $userstatic->fetch($userlinked_id); print $userstatic->getNomUrl(1); } else { print ' '; From 687d0556aa07f60a2a5beb6f351e00cd101f26cc Mon Sep 17 00:00:00 2001 From: atm-lena Date: Fri, 19 Feb 2021 09:39:06 +0100 Subject: [PATCH 35/54] Clean code --- htdocs/compta/bank/bankentries_list.php | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index 2cca6f3de40..374fbf85fcc 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -1020,11 +1020,6 @@ if ($resql) $objp = $db->fetch_object($resql); $links = $bankaccountstatic->get_url($objp->rowid); - $sqlbu = "SELECT url_id, 'type' FROM ".MAIN_DB_PREFIX."bank_url WHERE fk_bank =".$objp->rowid; - $resqlbu = $db->query($sqlbu); - - //TODO : récupérer les informations sur la société et le url_id et url_type : apparemment c'est que pour la société alors voir dans la partie "ThirdParty" !! - // If we are in a situation where we need/can show balance, we calculate the start of balance if (!$balancecalculated && (!empty($arrayfields['balancebefore']['checked']) || !empty($arrayfields['balance']['checked'])) && $mode_balance_ok) { @@ -1402,7 +1397,7 @@ if ($resql) $companylinked_id = 0; $userlinked_id = 0; - //payment line type to define user display + //payment line type to define user display and user or company linked foreach($links as $key=>$value){ if($links[$key]['type'] == 'payment_sc') $type_link = 'payment_sc'; if($links[$key]['type'] == 'payment_salary') $type_link = 'payment_salary'; From a6999a2be7565de693b971ff254c642130f6fd83 Mon Sep 17 00:00:00 2001 From: atm-lena Date: Fri, 19 Feb 2021 09:54:51 +0100 Subject: [PATCH 36/54] Clean code --- htdocs/compta/bank/bankentries_list.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index abb7a51e3a1..9041feb48aa 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -1384,9 +1384,9 @@ if ($resql) // Third party if (!empty($arrayfields['bu.label']['checked'])) { - print ''; + print ''; - $companylinked_id = 0; + $companylinked_id = 0; $userlinked_id = 0; //payment line type to define user display and user or company linked @@ -1416,7 +1416,7 @@ if ($resql) print ''; if (!$i) $totalarray['nbfield']++; - } + } // Bank account if (!empty($arrayfields['ba.ref']['checked'])) From af32ef266c6791162e5e28aa255622f0bace48d9 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Fri, 19 Feb 2021 09:05:04 +0000 Subject: [PATCH 37/54] Fixing style errors. --- htdocs/compta/bank/bankentries_list.php | 38 ++++++++++++------------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index 9041feb48aa..da9ece4c579 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -510,7 +510,6 @@ if ($search_req_nb) $sql .= natural_search("b.num_chq", $search_req_nb); if ($search_num_releve) $sql .= natural_search("b.num_releve", $search_num_releve); if ($search_conciliated != '' && $search_conciliated != '-1') $sql .= " AND b.rappro = ".urlencode($search_conciliated); if ($search_thirdparty_user) { - $sql.= " AND (b.rowid IN "; $sql.= " ( SELECT bu.fk_bank FROM ".MAIN_DB_PREFIX."bank_url AS bu"; $sql.= " JOIN ".MAIN_DB_PREFIX."bank AS b2 ON b2.rowid = bu.fk_bank"; @@ -523,7 +522,6 @@ if ($search_thirdparty_user) { $sql.= " JOIN ".MAIN_DB_PREFIX."societe AS subSoc ON (bu.type = 'company' AND bu.url_id = subSoc.rowid)"; $sql.= " WHERE ". natural_search(array("subSoc.nom"), $search_thirdparty_user, '', 1); $sql.= ")"; - } if ($search_description) { @@ -1390,29 +1388,29 @@ if ($resql) $userlinked_id = 0; //payment line type to define user display and user or company linked - foreach($links as $key=>$value){ - if($links[$key]['type'] == 'payment_sc') $type_link = 'payment_sc'; - if($links[$key]['type'] == 'payment_salary') $type_link = 'payment_salary'; + foreach ($links as $key=>$value){ + if ($links[$key]['type'] == 'payment_sc') $type_link = 'payment_sc'; + if ($links[$key]['type'] == 'payment_salary') $type_link = 'payment_salary'; - if($links[$key]['type'] == 'company') { - $companylinked_id = $links[$key]['url_id']; - } - if($links[$key]['type'] == 'user') { - $userlinked_id = $links[$key]['url_id']; - } + if ($links[$key]['type'] == 'company') { + $companylinked_id = $links[$key]['url_id']; } + if ($links[$key]['type'] == 'user') { + $userlinked_id = $links[$key]['url_id']; + } + } - if($companylinked_id) { - $companystatic->fetch($companylinked_id); - print $companystatic->getNomUrl(1); - } elseif($userlinked_id && + if ($companylinked_id) { + $companystatic->fetch($companylinked_id); + print $companystatic->getNomUrl(1); + } elseif ($userlinked_id && (($type_link == 'payment_salary' && !empty($user->rights->salaries->read)) || ($type_link == 'payment_sc' && !empty($user->rights->tax->charges->lire)))){ - $userstatic->fetch($userlinked_id); - print $userstatic->getNomUrl(1); - } else { - print ' '; - } + $userstatic->fetch($userlinked_id); + print $userstatic->getNomUrl(1); + } else { + print ' '; + } print ''; if (!$i) $totalarray['nbfield']++; From 5340c30db31b02e4cd4512ed5368dd0b85cab95a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Feb 2021 12:35:26 +0100 Subject: [PATCH 38/54] FIX missing security test on payment page FIX sql error on group by on payment list --- htdocs/compta/paiement/card.php | 21 ++++--- .../compta/paiement/class/paiement.class.php | 3 +- htdocs/compta/paiement/info.php | 19 +++++- htdocs/compta/paiement/rapport.php | 6 +- htdocs/compta/paiement/tovalidate.php | 7 +-- htdocs/core/lib/security.lib.php | 59 +++++++++---------- htdocs/fourn/paiement/card.php | 47 ++++++++++----- htdocs/fourn/paiement/info.php | 26 +++++++- htdocs/fourn/paiement/list.php | 2 +- .../modulebuilder/template/myobject_card.php | 4 +- 10 files changed, 124 insertions(+), 70 deletions(-) diff --git a/htdocs/compta/paiement/card.php b/htdocs/compta/paiement/card.php index 374ab19e358..a7fd5476d7f 100644 --- a/htdocs/compta/paiement/card.php +++ b/htdocs/compta/paiement/card.php @@ -43,12 +43,20 @@ $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); +$object = new Paiement($db); + +// Load object +include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once. + +$result = restrictedArea($user, $object->element, $object->id, 'paiement', ''); + // Security check if ($user->socid) $socid = $user->socid; -// TODO ajouter regle pour restreindre acces paiement -//$result = restrictedArea($user, 'facture', $id,''); - -$object = new Paiement($db); +// Now check also permission on thirdparty of invoices of payments. Thirdparty were loaded by the fetch_object before based on first invoice. +// It should be enough because all payments are done on invoices of the same thirdparty. +if ($socid && $socid != $object->thirdparty->id) { + accessforbidden(); +} /* @@ -59,7 +67,6 @@ if ($action == 'setnote' && $user->rights->facture->paiement) { $db->begin(); - $object->fetch($id); $result = $object->update_note(GETPOST('note', 'restricthtml')); if ($result > 0) { @@ -75,7 +82,6 @@ if ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->facture-> { $db->begin(); - $object->fetch($id); $result = $object->delete(); if ($result > 0) { @@ -100,7 +106,6 @@ if ($action == 'confirm_validate' && $confirm == 'yes' && $user->rights->facture { $db->begin(); - $object->fetch($id); if ($object->validate($user) > 0) { $db->commit(); @@ -134,7 +139,6 @@ if ($action == 'confirm_validate' && $confirm == 'yes' && $user->rights->facture if ($action == 'setnum_paiement' && !empty($_POST['num_paiement'])) { - $object->fetch($id); $res = $object->update_num($_POST['num_paiement']); if ($res === 0) { @@ -146,7 +150,6 @@ if ($action == 'setnum_paiement' && !empty($_POST['num_paiement'])) if ($action == 'setdatep' && !empty($_POST['datepday'])) { - $object->fetch($id); $datepaye = dol_mktime(GETPOST('datephour', 'int'), GETPOST('datepmin', 'int'), GETPOST('datepsec', 'int'), GETPOST('datepmonth', 'int'), GETPOST('datepday', 'int'), GETPOST('datepyear', 'int')); $res = $object->update_date($datepaye); if ($res === 0) diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index e308c61b41e..bf25485dc14 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -1293,7 +1293,8 @@ class Paiement extends CommonObject // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** - * Load the third party of object, from id into this->thirdparty + * Load the third party of object, from id into this->thirdparty. + * For payments, take the thirdparty linked to the first invoice found. This is enough because payments are done on invoices of the same thirdparty. * * @param int $force_thirdparty_id Force thirdparty id * @return int <0 if KO, >0 if OK diff --git a/htdocs/compta/paiement/info.php b/htdocs/compta/paiement/info.php index 208d74a316f..ace21e40f95 100644 --- a/htdocs/compta/paiement/info.php +++ b/htdocs/compta/paiement/info.php @@ -36,6 +36,23 @@ $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); +$object = new Paiement($db); + +// Load object +include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once. + +$result = restrictedArea($user, $object->element, $object->id, 'paiement', ''); + +// Security check +if ($user->socid) $socid = $user->socid; +// Now check also permission on thirdparty of invoices of payments. Thirdparty were loaded by the fetch_object before based on first invoice. +// It should be enough because all payments are done on invoices of the same thirdparty. +if ($socid && $socid != $object->thirdparty->id) { + accessforbidden(); +} + + + /* * Actions */ @@ -49,8 +66,6 @@ $confirm = GETPOST('confirm', 'alpha'); llxHeader('', $langs->trans("Payment")); -$object = new Paiement($db); -$object->fetch($id, $ref); $object->info($object->id); $head = payment_prepare_head($object); diff --git a/htdocs/compta/paiement/rapport.php b/htdocs/compta/paiement/rapport.php index 47bb2ad2582..0af202016df 100644 --- a/htdocs/compta/paiement/rapport.php +++ b/htdocs/compta/paiement/rapport.php @@ -30,9 +30,6 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; -// Security check -if (!$user->rights->facture->lire) accessforbidden(); - $action = GETPOST('action', 'aZ09'); $socid = 0; @@ -48,6 +45,9 @@ if (!$user->rights->societe->client->voir || $socid) $dir .= '/private/'.$user-> $year = GETPOST('year', 'int'); if (!$year) { $year = date("Y"); } +// Security check +if (empty($user->rights->facture->lire)) accessforbidden(); + /* * Actions diff --git a/htdocs/compta/paiement/tovalidate.php b/htdocs/compta/paiement/tovalidate.php index f6582a4ffb4..4cf14ad8a5c 100644 --- a/htdocs/compta/paiement/tovalidate.php +++ b/htdocs/compta/paiement/tovalidate.php @@ -27,10 +27,6 @@ require '../../main.inc.php'; // Load translation files required by the page $langs->load("bills"); -// Security check -if (!$user->rights->facture->lire) - accessforbidden(); - $socid = 0; if ($user->socid > 0) { @@ -50,6 +46,9 @@ $pagenext = $page + 1; if (!$sortorder) $sortorder = "DESC"; if (!$sortfield) $sortfield = "p.rowid"; +// Security check +if (empty($user->rights->facture->lire)) accessforbidden(); + /* * Actions diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 4602e877bd1..9d18dd1dd85 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -165,6 +165,7 @@ function dol_verifyHash($chain, $hash, $type = '0') /** * Check permissions of a user to show a page and an object. Check read permission. * If GETPOST('action','aZ09') defined, we also check write and delete permission. + * This method check permission on module then call checkUserAccessToObject() for permission on object (according to entity and socid of user). * * @param User $user User to check * @param string $features Features to check (it must be module $object->element. Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...) @@ -175,20 +176,22 @@ function dol_verifyHash($chain, $hash, $type = '0') * @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional) * @param int $isdraft 1=The object with id=$objectid is a draft * @return int Always 1, die process if not allowed - * @see dol_check_secure_access_document() + * @see dol_check_secure_access_document(), checkUserAccessToObject() */ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $isdraft = 0) { global $db, $conf; global $hookmanager; - //dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename,$feature2,$dbt_socfield,$dbt_select"); + //dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename, $feature2, $dbt_socfield, $dbt_select, $isdraft"); //print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", objectid=".$objectid; //print ", dbtablename=".$dbtablename.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select; //print ", perm: ".$features."->".$feature2."=".($user->rights->$features->$feature2->lire)."
"; $parentfortableentity = ''; + // Fix syntax of $features param + $originalfeatures = $features; if ($features == 'facturerec') $features = 'facture'; if ($features == 'mo') $features = 'mrp'; if ($features == 'member') $features = 'adherent'; @@ -198,7 +201,7 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f if ($features == 'product') $features = 'produit'; // Get more permissions checks from hooks - $parameters = array('features'=>$features, 'objectid'=>$objectid, 'idtype'=>$dbt_select); + $parameters = array('features'=>$features, 'originalfeatures'=>$originalfeatures, 'objectid'=>$objectid, 'dbt_select'=>$dbt_select, 'idtype'=>$dbt_select, 'isdraft'=>$isdraft); $reshook = $hookmanager->executeHooks('restrictedArea', $parameters); if (isset($hookmanager->resArray['result'])) { @@ -218,11 +221,6 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f // More subfeatures to check if (!empty($feature2)) $feature2 = explode("|", $feature2); - // More parameters - $params = explode('&', $tableandshare); - $dbtablename = (!empty($params[0]) ? $params[0] : ''); - $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename); - $listofmodules = explode(',', $conf->global->MAIN_MODULES_FOR_EXTERNAL); // Check read permission from module @@ -247,6 +245,10 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f if (!$user->rights->banque->cheque) { $readok = 0; $nbko++; } } elseif ($feature == 'projet') { if (!$user->rights->projet->lire && !$user->rights->projet->all->lire) { $readok = 0; $nbko++; } + } elseif ($feature == 'payment') { + if (!$user->rights->facture->lire) { $readok = 0; $nbko++; } + } elseif ($feature == 'payment_supplier') { + if (!$user->rights->fournisseur->facture->lire) { $readok = 0; $nbko++; } } elseif (!empty($feature2)) { // This is for permissions on 2 levels $tmpreadok = 1; foreach ($feature2 as $subfeature) { @@ -426,6 +428,10 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand { global $db, $conf; + //dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename, $feature2, $dbt_socfield, $dbt_select, $isdraft"); + //print "user_id=".$user->id.", features=".join(',', $featuresarray).", feature2=".$feature2.", objectid=".$objectid; + //print ", tableandshare=".$tableandshare.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select."
"; + // More parameters $params = explode('&', $tableandshare); $dbtablename = (!empty($params[0]) ? $params[0] : ''); @@ -440,13 +446,13 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand if ($feature == 'project') $feature = 'projet'; if ($feature == 'task') $feature = 'projet_task'; - $check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'website'); // Test on entity only (Objects with no link to company) + $check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'payment', 'payment_supplier', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'website'); // Test on entity only (Objects with no link to company) $checksoc = array('societe'); // Test for societe object - $checkother = array('contact', 'agenda'); // Test on entity and link to third party. Allowed if link is empty (Ex: contacts...). + $checkother = array('contact', 'agenda'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...). $checkproject = array('projet', 'project'); // Test for project object $checktask = array('projet_task'); // Test for task object $nocheck = array('barcode', 'stock'); // No test - //$checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...). + //$checkdefault = 'all other not already defined'; // Test on entity + link to third party on field $dbt_keyfield. Not allowed if link is empty (Ex: invoice, orders...). // If dbtablename not defined, we use same name for table than module name if (empty($dbtablename)) @@ -455,17 +461,14 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename); // We change dbtablename, so we set sharedelement too. } - // Check permission for object with entity + // Check permission for object on entity only if (in_array($feature, $check)) { $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; - if (($feature == 'user' || $feature == 'usergroup') && !empty($conf->multicompany->enabled)) - { - if (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) - { - if ($conf->entity == 1 && $user->admin && !$user->entity) - { + if (($feature == 'user' || $feature == 'usergroup') && !empty($conf->multicompany->enabled)) { // Special for multicompany + if (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { + if ($conf->entity == 1 && $user->admin && !$user->entity) { $sql .= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; $sql .= " AND dbt.entity IS NOT NULL"; } else { @@ -490,15 +493,12 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } } - } elseif (in_array($feature, $checksoc)) // We check feature = checksoc - { - // If external user: Check permission for external users - if ($user->socid > 0) - { + } elseif (in_array($feature, $checksoc)) { // We check feature = checksoc + if ($user->socid > 0) { + // If external user: Check permission for external users if ($user->socid <> $objectid) return false; - } // If internal user: Check permission for internal users that are restricted on their objects - elseif (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) - { + } elseif (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) { + // If internal user: Check permission for internal users that are restricted on their objects $sql = "SELECT COUNT(sc.fk_soc) as nb"; $sql .= " FROM (".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= ", ".MAIN_DB_PREFIX."societe as s)"; @@ -506,15 +506,14 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand $sql .= " AND sc.fk_user = ".$user->id; $sql .= " AND sc.fk_soc = s.rowid"; $sql .= " AND s.entity IN (".getEntity($sharedelement, 1).")"; - } // If multicompany and internal users with all permissions, check user is in correct entity - elseif (!empty($conf->multicompany->enabled)) - { + } elseif (!empty($conf->multicompany->enabled)) { + // If multicompany and internal users with all permissions, check user is in correct entity $sql = "SELECT COUNT(s.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= " WHERE s.rowid IN (".$objectid.")"; $sql .= " AND s.entity IN (".getEntity($sharedelement, 1).")"; } - } elseif (in_array($feature, $checkother)) // Test on entity and link to societe. Allowed if link is empty (Ex: contacts...). + } elseif (in_array($feature, $checkother)) // Test on entity + link to thirdparty. Allowed if link is empty (Ex: contacts...). { // If external user: Check permission for external users if ($user->socid > 0) diff --git a/htdocs/fourn/paiement/card.php b/htdocs/fourn/paiement/card.php index 355b84796f2..a69b450fa84 100644 --- a/htdocs/fourn/paiement/card.php +++ b/htdocs/fourn/paiement/card.php @@ -40,10 +40,19 @@ $confirm = GETPOST('confirm', 'alpha'); $object = new PaiementFourn($db); -// PDF -$hidedetails = (GETPOST('hidedetails', 'int') ? GETPOST('hidedetails', 'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 1 : 0)); -$hidedesc = (GETPOST('hidedesc', 'int') ? GETPOST('hidedesc', 'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 1 : 0)); -$hideref = (GETPOST('hideref', 'int') ? GETPOST('hideref', 'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 1 : 0)); +// Load object +include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once. + +$result = restrictedArea($user, $object->element, $object->id, 'paiementfourn', ''); + +// Security check +if ($user->socid) $socid = $user->socid; +// Now check also permission on thirdparty of invoices of payments. Thirdparty were loaded by the fetch_object before based on first invoice. +// It should be enough because all payments are done on invoices of the same thirdparty. +if ($socid && $socid != $object->thirdparty->id) { + accessforbidden(); +} + /* * Actions @@ -177,41 +186,46 @@ if ($result > 0) print ''; /*print ''; - print '';*/ // Date of payment - print ''; + print ''; // Payment mode $labeltype = $langs->trans("PaymentType".$object->type_code) != ("PaymentType".$object->type_code) ? $langs->trans("PaymentType".$object->type_code) : $object->type_label; - print ''; + print ''; // Payment numero /* TODO Add field num_payment into payment table and save it - print ''; + print ''; */ // Amount - print ''; + print ''; + print ''; if (!empty($conf->global->BILL_ADD_PAYMENT_VALIDATION)) { - print ''; + print ''; + print ''; } $allow_delete = 1; // Bank account if (!empty($conf->banque->enabled)) { - if ($object->bank_account) + if ($object->fk_account) { $bankline = new AccountLine($db); $bankline->fetch($object->bank_line); @@ -222,8 +236,8 @@ if ($result > 0) } print ''; - print ''; - print ''; + print ''; print ''; - print ''; - print ''; + print ''; print ''; @@ -240,7 +254,8 @@ if ($result > 0) } // Note - print ''; + print ''; diff --git a/htdocs/fourn/paiement/info.php b/htdocs/fourn/paiement/info.php index 97ac2343c23..9ff0a86931e 100644 --- a/htdocs/fourn/paiement/info.php +++ b/htdocs/fourn/paiement/info.php @@ -33,8 +33,26 @@ $langs->loadLangs(array("bills", "suppliers", "companies")); $id = GETPOST('id', 'int'); $object = new PaiementFourn($db); -$object->fetch($id); -$object->info($id); + +// Load object +include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once. + +$result = restrictedArea($user, $object->element, $object->id, 'paiementfourn', ''); + +// Security check +if ($user->socid) $socid = $user->socid; +// Now check also permission on thirdparty of invoices of payments. Thirdparty were loaded by the fetch_object before based on first invoice. +// It should be enough because all payments are done on invoices of the same thirdparty. +if ($socid && $socid != $object->thirdparty->id) { + accessforbidden(); +} + + +/* + * Actions + */ + +// None /* @@ -43,10 +61,14 @@ $object->info($id); llxHeader(); +$object->info($id); + $head = payment_supplier_prepare_head($object); print dol_get_fiche_head($head, 'info', $langs->trans("SupplierPayment"), 0, 'payment'); +$linkback = ''.$langs->trans("BackToList").''; + dol_banner_tab($object, 'id', $linkback, -1, 'rowid', 'ref'); print dol_get_fiche_end(); diff --git a/htdocs/fourn/paiement/list.php b/htdocs/fourn/paiement/list.php index 3fca286eff0..1bf8984a6ee 100644 --- a/htdocs/fourn/paiement/list.php +++ b/htdocs/fourn/paiement/list.php @@ -178,7 +178,7 @@ if ($search_all) $sql .= natural_search(array_keys($fieldstosearchall), $search_ // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; -$sql .= ' GROUP BY p.rowid, p.datep, p.amount, p.num_paiement, s.rowid, s.nom, c.code, c.libelle, ba.rowid, ba.label'; +$sql .= ' GROUP BY p.rowid, p.ref, p.datep, p.amount, p.num_paiement, s.rowid, s.nom, s.email, c.code, c.libelle, ba.rowid, ba.label'; if (!$user->rights->societe->client->voir) $sql .= ', sc.fk_soc, sc.fk_user'; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index ef7a6da8d66..78b9f5f7cb9 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -114,9 +114,9 @@ $upload_dir = $conf->mymodule->multidir_output[isset($object->entity) ? $object- //if ($user->socid > 0) accessforbidden(); //if ($user->socid > 0) $socid = $user->socid; //$isdraft = (($object->statut == $object::STATUS_DRAFT) ? 1 : 0); -//$result = restrictedArea($user, 'mymodule', $object->id, '', '', 'fk_soc', 'rowid', $isdraft); +//$result = restrictedArea($user, $object->element, $object->id, '', '', 'fk_soc', 'rowid', $isdraft); -//if (!$permissiontoread) accessforbidden(); +//if (empty($permissiontoread)) accessforbidden(); /* From 556651a3ae1e080893561cb69f4d1d61c12eb572 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Feb 2021 13:51:15 +0100 Subject: [PATCH 39/54] Update report.php --- htdocs/compta/cashcontrol/report.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/cashcontrol/report.php b/htdocs/compta/cashcontrol/report.php index 0946d3333ce..ccbed2d173c 100644 --- a/htdocs/compta/cashcontrol/report.php +++ b/htdocs/compta/cashcontrol/report.php @@ -107,7 +107,7 @@ $sql .= " WHERE pf.fk_facture = f.rowid AND p.rowid = pf.fk_paiement AND cp.id = $sql .= " AND f.module_source = '".$db->escape($posmodule)."'"; $sql .= " AND f.pos_source = '".$db->escape($terminalid)."'"; $sql .= " AND f.paye = 1"; -$sql .= " AND p.entity = ".$conf->entity; +$sql .= " AND p.entity = ".$conf->entity; // Never share entities for features related to accountancy /*if ($key == 'cash') $sql.=" AND cp.code = 'LIQ'"; elseif ($key == 'cheque') $sql.=" AND cp.code = 'CHQ'"; elseif ($key == 'card') $sql.=" AND cp.code = 'CB'"; From 8265f7a07ed03e5087ec67be2d4105dcc3b8bfe2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Feb 2021 14:05:46 +0100 Subject: [PATCH 40/54] Code comment --- htdocs/core/lib/memory.lib.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/memory.lib.php b/htdocs/core/lib/memory.lib.php index 7b863391b24..90120dc63f1 100644 --- a/htdocs/core/lib/memory.lib.php +++ b/htdocs/core/lib/memory.lib.php @@ -36,8 +36,9 @@ $shmoffset = 1000; // Max number of entries found into a language file. If too l * Save data into a memory area shared by all users, all sessions on server * * @param string $memoryid Memory id of shared area - * @param string $data Data to save + * @param mixed $data Data to save * @return int <0 if KO, Nb of bytes written if OK + * @see dol_getcache() */ function dol_setcache($memoryid, $data) { @@ -99,7 +100,8 @@ function dol_setcache($memoryid, $data) * Read a memory area shared by all users, all sessions on server * * @param string $memoryid Memory id of shared area - * @return int <0 if KO, data if OK + * @return int|mixed <0 if KO, data if OK + * @see dol_setcache() */ function dol_getcache($memoryid) { From 3ff80ac1f80c33d9465bc8504b6eed2b46cd5194 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Feb 2021 14:15:58 +0100 Subject: [PATCH 41/54] FIX #16304 --- htdocs/compta/paiement/card.php | 2 ++ htdocs/fourn/paiement/card.php | 2 ++ 2 files changed, 4 insertions(+) diff --git a/htdocs/compta/paiement/card.php b/htdocs/compta/paiement/card.php index 8926c2762b2..3cedb27f07c 100644 --- a/htdocs/compta/paiement/card.php +++ b/htdocs/compta/paiement/card.php @@ -44,6 +44,8 @@ $confirm = GETPOST('confirm', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); $object = new Paiement($db); +// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context +$hookmanager->initHooks(array('paymentcard', 'globalcard')); // Load object include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once. diff --git a/htdocs/fourn/paiement/card.php b/htdocs/fourn/paiement/card.php index a69b450fa84..5dea09eaf09 100644 --- a/htdocs/fourn/paiement/card.php +++ b/htdocs/fourn/paiement/card.php @@ -39,6 +39,8 @@ $action = GETPOST('action', 'alpha'); $confirm = GETPOST('confirm', 'alpha'); $object = new PaiementFourn($db); +// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context +$hookmanager->initHooks(array('supplierpaymentcard', 'globalcard')); // Load object include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once. From 75e9e1ff59a5921261730b0f8693b548243628f7 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Feb 2021 14:29:43 +0100 Subject: [PATCH 42/54] Add link to report vulnerabilities --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 08ca64e4a4c..f63f9c3f277 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -12,7 +12,7 @@ This file contains some policies about the security reports on Dolibarr ERP CRM ## Reporting a Vulnerability -To report a vulnerability, please use GitHub security advisory (alternatively send an email to security@dolibarr.org) +To report a vulnerability, please use GitHub security advisory at https://github.com/Dolibarr/dolibarr/security/advisories/new (or alternatively send an email to security@dolibarr.org) ## Hunting vulnerabilities on Dolibarr From 33c81f3791239279553a154da9260f4ab83cde86 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Feb 2021 14:38:43 +0100 Subject: [PATCH 43/54] Limit DOS --- htdocs/public/test/badges.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/htdocs/public/test/badges.php b/htdocs/public/test/badges.php index 60652b97dc5..8d5a382af03 100644 --- a/htdocs/public/test/badges.php +++ b/htdocs/public/test/badges.php @@ -12,6 +12,10 @@ session_cache_limiter('public'); require_once '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php'; +if ($dolibarr_main_prod) { + accessforbidden(); +} + ?> From 017b57f18c16c3182080de306646d962b9199e47 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Feb 2021 14:43:03 +0100 Subject: [PATCH 44/54] Code comment --- htdocs/public/test/badges.php | 5 +++++ htdocs/public/test/test_arrays.php | 2 ++ htdocs/public/test/test_forms.php | 2 +- htdocs/public/test/test_sessionlock.php | 14 ++++++++++---- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/htdocs/public/test/badges.php b/htdocs/public/test/badges.php index 60652b97dc5..3b35192e23e 100644 --- a/htdocs/public/test/badges.php +++ b/htdocs/public/test/badges.php @@ -6,12 +6,17 @@ if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', 1); if (!defined('NOLOGIN')) define('NOLOGIN', 1); // File must be accessed by logon page so without login if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', 1); if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); +if (!defined('NOSESSION')) define('NOSESSION', '1'); session_cache_limiter('public'); require_once '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php'; +if ($dolibarr_main_prod) { + accessforbidden(); +} + ?> diff --git a/htdocs/public/test/test_arrays.php b/htdocs/public/test/test_arrays.php index 95265831670..1258fc9d3fd 100644 --- a/htdocs/public/test/test_arrays.php +++ b/htdocs/public/test/test_arrays.php @@ -1,6 +1,8 @@ '; print session_status(); + require '../../main.inc.php'; + +/* No need for this. +if ($dolibarr_main_prod) { + accessforbidden(); +} +*/ + print session_status(); print '
'; //print 'a'.$_SESSION['disablemodules'].'b'; -print 'This page is visible. It means you are not locked.'; +print 'This page is visible. It means you are not locked by another page called in same session.'; //session_write_close(); From efb32c7d0bf7bc320c1daada5b2812cec52e85ef Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Feb 2021 15:06:36 +0100 Subject: [PATCH 45/54] Fix test pages --- htdocs/core/lib/functions.lib.php | 24 +++++++++++++----------- htdocs/core/tpl/ajaxrow.tpl.php | 2 +- htdocs/main.inc.php | 9 ++++++--- htdocs/public/test/badges.php | 1 - htdocs/public/test/test_arrays.php | 25 +++++++++++++++++-------- 5 files changed, 37 insertions(+), 24 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index b22caec4633..3a531ff24f5 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -6251,17 +6251,19 @@ function getCommonSubstitutionArray($outputlangs, $onlykey = 0, $exclude = null, ) ); - $substitutionarray = array_merge($substitutionarray, array( - '__USER_ID__' => (string) $user->id, - '__USER_LOGIN__' => (string) $user->login, - '__USER_EMAIL__' => (string) $user->email, - '__USER_LASTNAME__' => (string) $user->lastname, - '__USER_FIRSTNAME__' => (string) $user->firstname, - '__USER_FULLNAME__' => (string) $user->getFullName($outputlangs), - '__USER_SUPERVISOR_ID__' => (string) ($user->fk_user ? $user->fk_user : '0'), - '__USER_REMOTE_IP__' => (string) getUserRemoteIP() - ) + if (is_object($user)) { + $substitutionarray = array_merge($substitutionarray, array( + '__USER_ID__' => (string) $user->id, + '__USER_LOGIN__' => (string) $user->login, + '__USER_EMAIL__' => (string) $user->email, + '__USER_LASTNAME__' => (string) $user->lastname, + '__USER_FIRSTNAME__' => (string) $user->firstname, + '__USER_FULLNAME__' => (string) $user->getFullName($outputlangs), + '__USER_SUPERVISOR_ID__' => (string) ($user->fk_user ? $user->fk_user : '0'), + '__USER_REMOTE_IP__' => (string) getUserRemoteIP() + ) ); + } } if ((empty($exclude) || !in_array('mycompany', $exclude)) && is_object($mysoc)) { @@ -6275,7 +6277,7 @@ function getCommonSubstitutionArray($outputlangs, $onlykey = 0, $exclude = null, '__MYCOMPANY_PROFID5__' => $mysoc->idprof5, '__MYCOMPANY_PROFID6__' => $mysoc->idprof6, '__MYCOMPANY_CAPITAL__' => $mysoc->capital, - '__MYCOMPANY_FULLADDRESS__' => $mysoc->getFullAddress(1, ', '), + '__MYCOMPANY_FULLADDRESS__' => (method_exists($mysoc, 'getFullAddress') ? $mysoc->getFullAddress(1, ', ') : ''), // $mysoc may be stdClass '__MYCOMPANY_ADDRESS__' => $mysoc->address, '__MYCOMPANY_ZIP__' => $mysoc->zip, '__MYCOMPANY_TOWN__' => $mysoc->town, diff --git a/htdocs/core/tpl/ajaxrow.tpl.php b/htdocs/core/tpl/ajaxrow.tpl.php index 25d5f6f3526..1a797b936c3 100644 --- a/htdocs/core/tpl/ajaxrow.tpl.php +++ b/htdocs/core/tpl/ajaxrow.tpl.php @@ -28,7 +28,7 @@ // Protection to avoid direct call of template if (empty($object) || !is_object($object)) { - print "Error, template page can't be called as URL"; + print "Error, template page ".basename(__FILE__)." can't be called with no object defined."; exit; } diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index c91f4802974..2d748d4e409 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -185,9 +185,12 @@ function analyseVarsForSqlAndScriptsInjection(&$var, $type) // Check consistency of NOREQUIREXXX DEFINES -if ((defined('NOREQUIREDB') || defined('NOREQUIRETRAN')) && !defined('NOREQUIREMENU')) -{ - print 'If define NOREQUIREDB or NOREQUIRETRAN are set, you must also set NOREQUIREMENU or not set them'; +if ((defined('NOREQUIREDB') || defined('NOREQUIRETRAN')) && !defined('NOREQUIREMENU')) { + print 'If define NOREQUIREDB or NOREQUIRETRAN are set, you must also set NOREQUIREMENU or not set them.'; + exit; +} +if (defined('NOREQUIREUSER') && !defined('NOREQUIREMENU')) { + print 'If define NOREQUIREUSER is set, you must also set NOREQUIREMENU or not set it.'; exit; } diff --git a/htdocs/public/test/badges.php b/htdocs/public/test/badges.php index 3b35192e23e..194e9947624 100644 --- a/htdocs/public/test/badges.php +++ b/htdocs/public/test/badges.php @@ -1,5 +1,4 @@ initAsSpecimen(); +$object = $productspecimen; $sortfield = 'aaa'; $sortorder = 'ASC'; @@ -221,14 +230,14 @@ if (!empty($moreforfilter)) trans('title1'), 0, $_SERVER["PHP_SELF"], 'aaa', '', '', 'align="left"', $sortfield, $sortorder); ?> -trans('title2'), 0, $_SERVER["PHP_SELF"], 'bbb', '', '', 'align="right"', $sortfield, $sortorder); ?> -trans('title3'), 0, $_SERVER["PHP_SELF"], 'ccc', '', '', 'align="center"', $sortfield, $sortorder); ?> +trans('title2'), 0, $_SERVER["PHP_SELF"], 'bbb', '', '', 'align="center"', $sortfield, $sortorder); ?> +trans('title3'), 0, $_SERVER["PHP_SELF"], 'ccc', '', '', 'align="right"', $sortfield, $sortorder); ?> - - - + + +
'.$langs->trans('Ref').''; + print ''.$langs->trans('Ref').''; print $form->showrefnav($object,'id','',1,'rowid','ref'); print '
'.$form->editfieldkey("Date", 'datep', $object->date, $object, $object->statut == 0 && $user->rights->fournisseur->facture->creer).''; + print '
'.$form->editfieldkey("Date", 'datep', $object->date, $object, $object->statut == 0 && $user->rights->fournisseur->facture->creer).''; print $form->editfieldval("Date", 'datep', $object->date, $object, $object->statut == 0 && $user->rights->fournisseur->facture->creer, 'datehourpicker', '', null, $langs->trans('PaymentDateUpdateSucceeded')); print '
'.$langs->trans('PaymentMode').''.$labeltype; + print '
'.$langs->trans('PaymentMode').''.$labeltype; print $object->num_payment ? ' - '.$object->num_payment : ''; print '
'.$form->editfieldkey("Numero",'num_paiement',$object->num_paiement,$object,$object->statut == 0 && $user->rights->fournisseur->facture->creer).''; + print '
'.$form->editfieldkey("Numero",'num_paiement',$object->num_paiement,$object,$object->statut == 0 && $user->rights->fournisseur->facture->creer).''; print $form->editfieldval("Numero",'num_paiement',$object->num_paiement,$object,$object->statut == 0 && $user->rights->fournisseur->facture->creer,'string','',null,$langs->trans('PaymentNumberUpdateSucceeded')); print '
'.$langs->trans('Amount').''.price($object->amount, '', $langs, 0, 0, -1, $conf->currency).'
'.$langs->trans('Amount').''.price($object->amount, '', $langs, 0, 0, -1, $conf->currency).'
'.$langs->trans('Status').''.$object->getLibStatut(4).'
'.$langs->trans('Status').''.$object->getLibStatut(4).'
'.$langs->trans('BankAccount').''; + print ''.$langs->trans('BankAccount').''; $accountstatic = new Account($db); $accountstatic->fetch($bankline->fk_account); print $accountstatic->getNomUrl(1); @@ -231,8 +245,8 @@ if ($result > 0) print '
'.$langs->trans('BankTransactionLine').''; + print ''.$langs->trans('BankTransactionLine').''; print $bankline->getNomUrl(1, 0, 'showconciliated'); print '
'.$form->editfieldkey("Note", 'note', $object->note, $object, $user->rights->fournisseur->facture->creer).''; + print '
'.$form->editfieldkey("Comments", 'note', $object->note, $object, $user->rights->fournisseur->facture->creer).''; print $form->editfieldval("Note", 'note', $object->note, $object, $user->rights->fournisseur->facture->creer, 'textarea'); print '
getNomUrl(1); ?>b1c1
a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2b2c2
a3b3c3
getNomUrl(1); ?>b1c1
a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2 a2b2c2
a3b3c3
From e9f9c46cd62c5aa97e59bad395f4682b5cd3e1d8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Feb 2021 15:37:42 +0100 Subject: [PATCH 46/54] Clean code. Fix nojs=1 --- htdocs/core/class/conf.class.php | 2 +- htdocs/core/class/html.form.class.php | 5 ++++ htdocs/main.inc.php | 2 -- htdocs/public/test/test_arrays.php | 34 ++++++++++++--------------- 4 files changed, 21 insertions(+), 22 deletions(-) diff --git a/htdocs/core/class/conf.class.php b/htdocs/core/class/conf.class.php index 1eb3b9911ba..d8fbceeecf8 100644 --- a/htdocs/core/class/conf.class.php +++ b/htdocs/core/class/conf.class.php @@ -98,7 +98,7 @@ class Conf public $dol_hide_leftmenu; // Set if we force param dol_hide_leftmenu into login url public $dol_optimize_smallscreen; // Set if we force param dol_optimize_smallscreen into login url or if browser is smartphone public $dol_no_mouse_hover; // Set if we force param dol_no_mouse_hover into login url or if browser is smartphone - public $dol_use_jmobile; // Set if we force param dol_use_jmobile into login url + public $dol_use_jmobile; // Set if we force param dol_use_jmobile into login url. 0=default, 1=to say we use app from a webview app, 2=to say we use app from a webview app and keep ajax public $liste_limit; diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index b442345199f..cd018c3e6dc 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -6480,6 +6480,11 @@ class Form $out = ''; + if ($addjscombo < 0) { + if (empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) $addjscombo = 1; + else $addjscombo = 0; + } + // Add code for jquery to use multiselect if ($addjscombo && $jsbeautify) { // Enhance with select2 diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 2d748d4e409..7e671554d1d 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -1010,8 +1010,6 @@ if ((!empty($conf->browser->layout) && $conf->browser->layout == 'phone') { $conf->dol_optimize_smallscreen = 1; } -// If we force to use jmobile, then we reenable javascript -if (!empty($conf->dol_use_jmobile)) $conf->use_javascript_ajax = 1; // Replace themes bugged with jmobile with eldy if (!empty($conf->dol_use_jmobile) && in_array($conf->theme, array('bureau2crea', 'cameleo', 'amarok'))) { diff --git a/htdocs/public/test/test_arrays.php b/htdocs/public/test/test_arrays.php index fbd4c1843f5..879f37ed5dc 100644 --- a/htdocs/public/test/test_arrays.php +++ b/htdocs/public/test/test_arrays.php @@ -12,6 +12,7 @@ if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not check a //if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library if (!defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session) + require '../../main.inc.php'; if ($dolibarr_main_prod) { @@ -86,14 +87,14 @@ if (empty($usedolheader))

This page is a sample of page using tables. It is designed to make test with
+

+
- css (add parameter &theme=newtheme to test another theme or edit css of current theme)
-- jmobile (add parameter ">dol_use_jmobile=4&dol_optimize_smallscreen=1 and switch to small screen < 1000 to enable view with jmobile)
- jmobile (add parameter ">dol_use_jmobile=1&dol_optimize_smallscreen=1 and switch to small screen < 570 to enable with emulated jmobile)
- no javascript / usage for bind people (add parameter ">nojs=1 to force disable javascript)
- tablednd
- +
-

Example 0a : Table with div+div+div containg a select that should be overflowed and truncated => Use this to align text or form
@@ -134,7 +135,6 @@ This page is a sample of page using tables. It is designed to make test with
- @@ -187,31 +187,30 @@ $nav .= ' trans('This is a select list for a filter A').': '; +$moreforfilter .= $langs->trans('This is a select list for a filter A (no combo forced)').': '; $cate_arbo = array('field1'=>'value1a into the select list A', 'field2'=>'value2a'); -$moreforfilter .= $form->selectarray('search_aaa', $cate_arbo, '', 1); // List without js combo +$moreforfilter .= $form->selectarray('search_aaa', $cate_arbo, '', 1, 0, 0, '', 0, 0, 0, '', 'maxwidth300', 0); // List with no js combo $moreforfilter .= '
'; $moreforfilter .= '
'; -$moreforfilter .= $langs->trans('This is a select list for a filter B').': '; +$moreforfilter .= $langs->trans('This is a select list for a filter B (auto combo)').': '; $cate_arbo = array('field1'=>'value1b into the select list B', 'field2'=>'value2b'); -$moreforfilter .= $form->selectarray('search_bbb', $cate_arbo, '', 1, 0, 0, '', 0, 0, 0, 0, '', 1); // List with js combo +$moreforfilter .= $form->selectarray('search_bbb', $cate_arbo, '', 1, 0, 0, '', 0, 0, 0, '', 'maxwidth300', -1); // List with js combo auto $moreforfilter .= '
'; $moreforfilter .= '
'; -$moreforfilter .= $langs->trans('This is a select list for a filter C').': '; +$moreforfilter .= $langs->trans('This is a select list for a filter C (combo forced)').': '; $cate_arbo = array('field1'=>'value1c into the select list C', 'field2'=>'value2c'); -$moreforfilter .= $form->selectarray('search_ccc', $cate_arbo, '', 1, 0, 0, '', 0, 0, 0, 0, '', 1); // List with js combo +$moreforfilter .= $form->selectarray('search_ccc', $cate_arbo, '', 1, 0, 0, '', 0, 0, 0, '', 'maxwidth300', 1); // List with js combo forced $moreforfilter .= '
'; $moreforfilter .= '
'; -$moreforfilter .= $langs->trans('This is a select list for a filter D').': '; +$moreforfilter .= $langs->trans('This is a select list for a filter D (combo forced)').': '; $cate_arbo = array('field1'=>'value1d into the select list D', 'field2'=>'value2d'); -$moreforfilter .= $form->selectarray('search_ddd', $cate_arbo, '', 1, 0, 0, '', 0, 0, 0, 0, '', 1); // List with js combo +$moreforfilter .= $form->selectarray('search_ddd', $cate_arbo, '', 1, 0, 0, '', 0, 0, 0, '', 'maxwidth300', 1); // List with js combo forced $moreforfilter .= '
'; if (!empty($moreforfilter)) @@ -248,8 +247,6 @@ if (!empty($moreforfilter)) @@ -315,13 +311,13 @@ $(document).ready(function(){
line4
dfsdf
-
+
bbbb
line5
dfsdf
-
+
bbbb
From 0f38b189df928af2eb43ffad2cc0a6cd54b0ffa1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Feb 2021 15:46:59 +0100 Subject: [PATCH 47/54] Fix test pages --- htdocs/public/test/test_csrf.php | 10 ++++++---- htdocs/public/test/test_sessionlock.php | 15 ++++++++------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/htdocs/public/test/test_csrf.php b/htdocs/public/test/test_csrf.php index 8c242cade64..1c23dc7070a 100644 --- a/htdocs/public/test/test_csrf.php +++ b/htdocs/public/test/test_csrf.php @@ -3,14 +3,16 @@ ?> -This is a form to test a CSRF.
+This is a form to test if a CSRF exists into a Dolibarr page.

-Open this form into a Virtual server A.
-Change url to send request to into file to send request to virtual server B.
+- Change url to send request to into this file (server B, hard coded page)
+- Open this form into a virtual server A.
+- Send the request to the virtual server B by clicking submit.
+- Check that Anticsrf protection is triggered.


'; ?> diff --git a/htdocs/public/test/test_sessionlock.php b/htdocs/public/test/test_sessionlock.php index 32c75649f81..12b8a455bf6 100644 --- a/htdocs/public/test/test_sessionlock.php +++ b/htdocs/public/test/test_sessionlock.php @@ -17,13 +17,14 @@ if (!defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is publi // TODO We can close session with session_write_close() as soon as we just need read access everywhere in code. if (!defined("NOSESSION")) define("NOSESSION", '1'); - -print PHP_SESSION_DISABLED; -print PHP_SESSION_NONE; -print PHP_SESSION_ACTIVE; +print "Legend:
\n"; +print 'PHP_SESSION_DISABLED='.PHP_SESSION_DISABLED."
\n"; +print 'PHP_SESSION_NONE='.PHP_SESSION_NONE."
\n"; +print 'PHP_SESSION_ACTIVE='.PHP_SESSION_ACTIVE."
\n"; print '
'; -print session_status(); +print 'session_status='.session_status().' (before main.inc.php)'; +print '
'; require '../../main.inc.php'; @@ -33,11 +34,11 @@ if ($dolibarr_main_prod) { } */ -print session_status(); +print 'session_status='.session_status().' (after main.inc.php)'; print '
'; //print 'a'.$_SESSION['disablemodules'].'b'; -print 'This page is visible. It means you are not locked by another page called in same session.'; +print "\n
This page is visible. It means you are not locked by another page called in same session."; //session_write_close(); From c5be502fdbe1fcb23f2e2fbb09fe790236a1fad8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Feb 2021 16:04:46 +0100 Subject: [PATCH 48/54] Update document.php --- htdocs/asset/document.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/asset/document.php b/htdocs/asset/document.php index f82c8fea5f1..32a4163dd12 100644 --- a/htdocs/asset/document.php +++ b/htdocs/asset/document.php @@ -70,7 +70,7 @@ if ($object->fetch($id)) * Actions */ -require_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* From 2be6992916ae32ae4b41b076d25723087479abdf Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Feb 2021 16:10:19 +0100 Subject: [PATCH 49/54] Fix include_once into include for inc.php file. See comment in #16338 --- htdocs/adherents/document.php | 2 +- htdocs/asset/document.php | 2 +- htdocs/bom/bom_document.php | 2 +- htdocs/comm/action/document.php | 2 +- htdocs/comm/propal/document.php | 2 +- htdocs/commande/document.php | 2 +- htdocs/compta/bank/account_statement_document.php | 2 +- htdocs/compta/bank/document.php | 2 +- htdocs/compta/bank/various_payment/document.php | 2 +- htdocs/compta/deplacement/document.php | 2 +- htdocs/compta/facture/document.php | 2 +- htdocs/compta/sociales/document.php | 2 +- htdocs/compta/tva/document.php | 2 +- htdocs/contrat/document.php | 2 +- htdocs/don/document.php | 2 +- htdocs/expedition/document.php | 2 +- htdocs/fichinter/document.php | 2 +- htdocs/fourn/commande/document.php | 2 +- htdocs/fourn/facture/document.php | 2 +- htdocs/holiday/document.php | 2 +- htdocs/loan/document.php | 2 +- htdocs/modulebuilder/template/myobject_document.php | 2 +- htdocs/mrp/mo_document.php | 2 +- htdocs/product/document.php | 2 +- htdocs/product/stock/productlot_document.php | 2 +- htdocs/projet/document.php | 2 +- htdocs/projet/tasks/document.php | 2 +- htdocs/recruitment/recruitmentcandidature_document.php | 2 +- htdocs/recruitment/recruitmentjobposition_document.php | 2 +- htdocs/resource/document.php | 2 +- htdocs/salaries/document.php | 2 +- htdocs/societe/document.php | 2 +- htdocs/supplier_proposal/document.php | 2 +- htdocs/ticket/document.php | 2 +- htdocs/user/document.php | 2 +- htdocs/workstation/workstation_document.php | 2 +- htdocs/zapier/hook_document.php | 2 +- 37 files changed, 37 insertions(+), 37 deletions(-) diff --git a/htdocs/adherents/document.php b/htdocs/adherents/document.php index 969bf3a8906..35ce841ba6e 100644 --- a/htdocs/adherents/document.php +++ b/htdocs/adherents/document.php @@ -73,7 +73,7 @@ $upload_dir = $conf->adherent->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'me * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/asset/document.php b/htdocs/asset/document.php index 4c2e36aed9a..a9653624b3e 100644 --- a/htdocs/asset/document.php +++ b/htdocs/asset/document.php @@ -81,7 +81,7 @@ if ($id > 0 || !empty($ref)) $upload_dir = $conf->sellyoursaas->multidir_output[ * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/bom/bom_document.php b/htdocs/bom/bom_document.php index cf752878605..ddd9fe0eee6 100644 --- a/htdocs/bom/bom_document.php +++ b/htdocs/bom/bom_document.php @@ -76,7 +76,7 @@ if ($id > 0 || !empty($ref)) $upload_dir = $conf->bom->multidir_output[$object-> * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php index 5b4cc58bb08..2d0c1dc8133 100644 --- a/htdocs/comm/action/document.php +++ b/htdocs/comm/action/document.php @@ -80,7 +80,7 @@ $modulepart = 'actions'; /* * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php index fbe7fdbec5c..530f7392f54 100644 --- a/htdocs/comm/propal/document.php +++ b/htdocs/comm/propal/document.php @@ -80,7 +80,7 @@ if ($object->id > 0) { $object->fetch_thirdparty(); $upload_dir = $conf->propal->multidir_output[$object->entity].'/'.dol_sanitizeFileName($object->ref); - include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; + include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; } diff --git a/htdocs/commande/document.php b/htdocs/commande/document.php index f95f61b6025..f51d8635787 100644 --- a/htdocs/commande/document.php +++ b/htdocs/commande/document.php @@ -80,7 +80,7 @@ if ($object->fetch($id)) $upload_dir = $conf->commande->multidir_output[$object->entity]."/".dol_sanitizeFileName($object->ref); } -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/compta/bank/account_statement_document.php b/htdocs/compta/bank/account_statement_document.php index fd7c6b1d292..b1c5c937f76 100644 --- a/htdocs/compta/bank/account_statement_document.php +++ b/htdocs/compta/bank/account_statement_document.php @@ -133,7 +133,7 @@ if (!empty($numref)) $upload_dir = $conf->bank->dir_output."/".$id."/statement/".dol_sanitizeFileName($numref); } $backtopage = $_SERVER['PHP_SELF']."?account=".$id."&num=".$numref; -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/compta/bank/document.php b/htdocs/compta/bank/document.php index c67c0496727..cb2e4915323 100644 --- a/htdocs/compta/bank/document.php +++ b/htdocs/compta/bank/document.php @@ -77,7 +77,7 @@ if ($object->id > 0) $upload_dir = $conf->bank->dir_output."/".dol_sanitizeFileName($object->ref); } -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/compta/bank/various_payment/document.php b/htdocs/compta/bank/various_payment/document.php index 14187bf51e3..1cd8d285eeb 100644 --- a/htdocs/compta/bank/various_payment/document.php +++ b/htdocs/compta/bank/various_payment/document.php @@ -66,7 +66,7 @@ $modulepart = 'banque'; * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/compta/deplacement/document.php b/htdocs/compta/deplacement/document.php index 86d0dd383f1..c1e432f4b1a 100644 --- a/htdocs/compta/deplacement/document.php +++ b/htdocs/compta/deplacement/document.php @@ -71,7 +71,7 @@ $modulepart = 'trip'; * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php index 3922228c4fa..cbf6b045e85 100644 --- a/htdocs/compta/facture/document.php +++ b/htdocs/compta/facture/document.php @@ -79,7 +79,7 @@ if ($object->fetch($id)) * Actions */ -require_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/compta/sociales/document.php b/htdocs/compta/sociales/document.php index dbb01060a4d..d65f2cf7a3c 100644 --- a/htdocs/compta/sociales/document.php +++ b/htdocs/compta/sociales/document.php @@ -77,7 +77,7 @@ $modulepart = 'tax'; * Actions */ -require_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; if ($action == 'setlib' && $user->rights->tax->charges->creer) { diff --git a/htdocs/compta/tva/document.php b/htdocs/compta/tva/document.php index e310e61fcb8..addaf50d990 100644 --- a/htdocs/compta/tva/document.php +++ b/htdocs/compta/tva/document.php @@ -78,7 +78,7 @@ $modulepart = 'tax-vat'; * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; if ($action == 'setlib' && $user->rights->tax->charges->creer) { diff --git a/htdocs/contrat/document.php b/htdocs/contrat/document.php index ba15af0de19..dfdb0fe6d31 100644 --- a/htdocs/contrat/document.php +++ b/htdocs/contrat/document.php @@ -85,7 +85,7 @@ $hookmanager->initHooks(array('contractcard', 'globalcard')); * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/don/document.php b/htdocs/don/document.php index 9ff1fa98ea2..a211f076253 100644 --- a/htdocs/don/document.php +++ b/htdocs/don/document.php @@ -78,7 +78,7 @@ $modulepart = 'don'; * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; if ($action == 'classin' && $user->rights->don->creer) { diff --git a/htdocs/expedition/document.php b/htdocs/expedition/document.php index a9b19ede7c3..2b710e87dee 100644 --- a/htdocs/expedition/document.php +++ b/htdocs/expedition/document.php @@ -76,7 +76,7 @@ if ($object->fetch($id)) $upload_dir = $conf->expedition->dir_output."/sending/".dol_sanitizeFileName($object->ref); } -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/fichinter/document.php b/htdocs/fichinter/document.php index 1b9326468f4..aaab2072013 100644 --- a/htdocs/fichinter/document.php +++ b/htdocs/fichinter/document.php @@ -75,7 +75,7 @@ $modulepart = 'fichinter'; * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/fourn/commande/document.php b/htdocs/fourn/commande/document.php index d5a4455db06..293edb549ea 100644 --- a/htdocs/fourn/commande/document.php +++ b/htdocs/fourn/commande/document.php @@ -78,7 +78,7 @@ $object->fetch_thirdparty(); * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/fourn/facture/document.php b/htdocs/fourn/facture/document.php index 36f5a45b25e..4b2b45c7226 100644 --- a/htdocs/fourn/facture/document.php +++ b/htdocs/fourn/facture/document.php @@ -74,7 +74,7 @@ if ($object->fetch($id, $ref)) * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/holiday/document.php b/htdocs/holiday/document.php index f366bb50c85..3bb48d1de15 100644 --- a/htdocs/holiday/document.php +++ b/htdocs/holiday/document.php @@ -72,7 +72,7 @@ $modulepart = 'holiday'; * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/loan/document.php b/htdocs/loan/document.php index 91bfaf1f921..a7811dfa04a 100644 --- a/htdocs/loan/document.php +++ b/htdocs/loan/document.php @@ -68,7 +68,7 @@ $modulepart = 'loan'; * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/modulebuilder/template/myobject_document.php b/htdocs/modulebuilder/template/myobject_document.php index 1cd3de2ebd9..f1424906dd6 100644 --- a/htdocs/modulebuilder/template/myobject_document.php +++ b/htdocs/modulebuilder/template/myobject_document.php @@ -121,7 +121,7 @@ $permissiontoadd = $user->rights->mymodule->myobject->write; // Used by the incl * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/mrp/mo_document.php b/htdocs/mrp/mo_document.php index 01131b9ffa2..d3040918aae 100644 --- a/htdocs/mrp/mo_document.php +++ b/htdocs/mrp/mo_document.php @@ -80,7 +80,7 @@ $result = restrictedArea($user, 'mrp', $object->id, 'mrp_mo', '', 'fk_soc', 'row * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/product/document.php b/htdocs/product/document.php index f8f5322f2f8..1de27318f84 100644 --- a/htdocs/product/document.php +++ b/htdocs/product/document.php @@ -115,7 +115,7 @@ if (empty($reshook)) } // Action submit/delete file/link - include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; + include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; } if ($action == 'filemerge') diff --git a/htdocs/product/stock/productlot_document.php b/htdocs/product/stock/productlot_document.php index 535486f8c62..c9b98a1ffe4 100644 --- a/htdocs/product/stock/productlot_document.php +++ b/htdocs/product/stock/productlot_document.php @@ -94,7 +94,7 @@ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'e if (empty($reshook)) { // Action submit/delete file/link - include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; + include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; } $permtoedit = $user->rights->produit->creer; diff --git a/htdocs/projet/document.php b/htdocs/projet/document.php index bed7f6a43e1..5557740704d 100644 --- a/htdocs/projet/document.php +++ b/htdocs/projet/document.php @@ -76,7 +76,7 @@ if (!$sortfield) $sortfield = "name"; * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/projet/tasks/document.php b/htdocs/projet/tasks/document.php index ca273bb36ef..ef4ad0292f3 100644 --- a/htdocs/projet/tasks/document.php +++ b/htdocs/projet/tasks/document.php @@ -106,7 +106,7 @@ if ($id > 0 || !empty($ref)) } } -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/recruitment/recruitmentcandidature_document.php b/htdocs/recruitment/recruitmentcandidature_document.php index 1c801f27fd4..8c29ef9e46c 100644 --- a/htdocs/recruitment/recruitmentcandidature_document.php +++ b/htdocs/recruitment/recruitmentcandidature_document.php @@ -92,7 +92,7 @@ $permissiontoadd = $user->rights->recruitment->recruitmentjobposition->write; // * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/recruitment/recruitmentjobposition_document.php b/htdocs/recruitment/recruitmentjobposition_document.php index 3005b4cc1be..d05e9945eb5 100644 --- a/htdocs/recruitment/recruitmentjobposition_document.php +++ b/htdocs/recruitment/recruitmentjobposition_document.php @@ -92,7 +92,7 @@ $permissiontoadd = $user->rights->recruitment->recruitmentjobposition->write; // * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/resource/document.php b/htdocs/resource/document.php index 0019d6b99ed..00dc42741e1 100644 --- a/htdocs/resource/document.php +++ b/htdocs/resource/document.php @@ -72,7 +72,7 @@ $modulepart = 'resource'; * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/salaries/document.php b/htdocs/salaries/document.php index dc86a274837..777686c96db 100644 --- a/htdocs/salaries/document.php +++ b/htdocs/salaries/document.php @@ -73,7 +73,7 @@ $modulepart = 'salaries'; * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/societe/document.php b/htdocs/societe/document.php index 1d7ba3d2925..034522a3652 100644 --- a/htdocs/societe/document.php +++ b/htdocs/societe/document.php @@ -81,7 +81,7 @@ $hookmanager->initHooks(array('thirdpartydocument', 'globalcard')); * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/supplier_proposal/document.php b/htdocs/supplier_proposal/document.php index 127b45466e8..09fb48ab1fb 100644 --- a/htdocs/supplier_proposal/document.php +++ b/htdocs/supplier_proposal/document.php @@ -69,7 +69,7 @@ if ($object->id > 0) { $object->fetch_thirdparty(); $upload_dir = $conf->supplier_proposal->dir_output.'/'.dol_sanitizeFileName($object->ref); - include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; + include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; } diff --git a/htdocs/ticket/document.php b/htdocs/ticket/document.php index 45ee7aba268..c876e9d33d8 100644 --- a/htdocs/ticket/document.php +++ b/htdocs/ticket/document.php @@ -73,7 +73,7 @@ if ($result < 0) { * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; diff --git a/htdocs/user/document.php b/htdocs/user/document.php index 5440ceeb725..b9f282f17ed 100644 --- a/htdocs/user/document.php +++ b/htdocs/user/document.php @@ -106,7 +106,7 @@ $reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); if (empty($reshook)) { - include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; + include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; } diff --git a/htdocs/workstation/workstation_document.php b/htdocs/workstation/workstation_document.php index 89a34f55549..b06bf3540a4 100755 --- a/htdocs/workstation/workstation_document.php +++ b/htdocs/workstation/workstation_document.php @@ -113,7 +113,7 @@ $permissiontoadd = $user->rights->workstation->workstation->write; // Used by th * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* diff --git a/htdocs/zapier/hook_document.php b/htdocs/zapier/hook_document.php index 15ec591bea6..5b1af8080de 100644 --- a/htdocs/zapier/hook_document.php +++ b/htdocs/zapier/hook_document.php @@ -78,7 +78,7 @@ if ($id > 0 || !empty($ref)) $upload_dir = $conf->sellyoursaas->multidir_output[ * Actions */ -include_once DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; /* From 69eda9a5c334bfaba1aea394a746e4ae0ccb42f3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Feb 2021 16:16:15 +0100 Subject: [PATCH 50/54] Fix migration --- htdocs/install/mysql/migration/13.0.0-14.0.0.sql | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql index f2be5893c0a..bf3c9183b91 100644 --- a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql +++ b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql @@ -30,6 +30,9 @@ -- Missing in v13 or lower +ALTER TABLE llx_asset CHANGE COLUMN amount amount_ht double(24,8) DEFAULT NULL; +ALTER TABLE llx_asset ADD COLUMN amount_vat double(24,8) DEFAULT NULL; + ALTER TABLE llx_supplier_proposal_extrafields ADD INDEX idx_supplier_proposal_extrafields (fk_object); ALTER TABLE llx_supplier_proposaldet_extrafields ADD INDEX idx_supplier_proposaldet_extrafields (fk_object); From 0dabbcd7f55d8da83cdf60f68fad8b3f1ffe74f1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Feb 2021 17:48:15 +0100 Subject: [PATCH 51/54] Update bankentries_list.php --- htdocs/compta/bank/bankentries_list.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index da9ece4c579..3f29ab4d022 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -1401,11 +1401,13 @@ if ($resql) } if ($companylinked_id) { + // TODO Add a cache of loaded companies here $companystatic->fetch($companylinked_id); print $companystatic->getNomUrl(1); } elseif ($userlinked_id && (($type_link == 'payment_salary' && !empty($user->rights->salaries->read)) || ($type_link == 'payment_sc' && !empty($user->rights->tax->charges->lire)))){ + // TODO Add a cache of loaded users here $userstatic->fetch($userlinked_id); print $userstatic->getNomUrl(1); } else { From fd0615b3fcf5bd7dc08383510b1132d2c9571468 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Feb 2021 17:56:04 +0100 Subject: [PATCH 52/54] Too verbose --- htdocs/core/modules/import/import_xlsx.modules.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/modules/import/import_xlsx.modules.php b/htdocs/core/modules/import/import_xlsx.modules.php index ebe0486d97c..5b2e339a588 100644 --- a/htdocs/core/modules/import/import_xlsx.modules.php +++ b/htdocs/core/modules/import/import_xlsx.modules.php @@ -401,7 +401,7 @@ class ImportXlsx extends ModeleImports else $tablewithentity_cache[$tablename] = 0; // table does not contains entity field } else dol_print_error($this->db); } else { - dol_syslog("Table ".$tablename." check for entity into cache is ".$tablewithentity_cache[$tablename]); + //dol_syslog("Table ".$tablename." check for entity into cache is ".$tablewithentity_cache[$tablename]); } // array of fields to column index From 26134930b3313339364927d504549d2cacd1e0c2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Feb 2021 18:05:12 +0100 Subject: [PATCH 53/54] Update html.formticket.class.php --- htdocs/core/class/html.formticket.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.formticket.class.php b/htdocs/core/class/html.formticket.class.php index f1022d01ba2..c1837af4c56 100644 --- a/htdocs/core/class/html.formticket.class.php +++ b/htdocs/core/class/html.formticket.class.php @@ -247,7 +247,7 @@ class FormTicket $doleditor->Create(); print ''; - if ($conf->global->MAIN_SECURITY_ENABLECAPTCHA) { + if (!empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA)) { require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; print ''; print ''; From 3d1dfccc1db959a7c6776ec80acbeb6e78eb9989 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Feb 2021 18:12:15 +0100 Subject: [PATCH 54/54] More robust code --- htdocs/main.inc.php | 2 +- htdocs/public/ticket/create_ticket.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 7e671554d1d..15dfc85c8d2 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -598,7 +598,7 @@ if (!defined('NOLOGIN')) if ($test && GETPOST("username", "alpha", 2) && !empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA) && !isset($_SESSION['dol_bypass_antispam'])) { $sessionkey = 'dol_antispam_value'; - $ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) == strtolower($_POST['code']))); + $ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) === strtolower(GETPOST('code', 'none')))); // Check code if (!$ok) diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index 46cc1d082e8..6b035a46643 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -146,7 +146,7 @@ if (empty($reshook) && $action == 'create_ticket' && GETPOST('add', 'alpha')) { // Check Captcha code if is enabled if (!empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA)) { $sessionkey = 'dol_antispam_value'; - $ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) == strtolower($_POST['code']))); + $ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) === strtolower(GETPOST('code', 'none')))); if (!$ok) { $error++; array_push($object->errors, $langs->trans("ErrorBadValueForCode"));