lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/develop' into 14a28

Browse Source
This commit is contained in:
Alexandre SPANGARO 2021-03-24 14:09:46 +01:00
commit 34abb53c25
298 changed files with 1545 additions and 1643 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/accountancy/class/accountancycategory.class.php
View File

@ -743,7 +743,7 @@ class AccountancyCategory // extends CommonObject
}
$listofaccount .= "'".$cptcursor."'";
}
$sql .= " AND t.numero_compte IN (".$listofaccount.")";
$sql .= " AND t.numero_compte IN (".$this->db->sanitize($listofaccount).")";
} else {
$sql .= " AND t.numero_compte = '".$this->db->escape($cpt)."'";
}

8
htdocs/accountancy/class/lettering.class.php
View File

@ -126,7 +126,7 @@ class Lettering extends BookKeeping
if (count($ids_fact)) {
$sql = 'SELECT bk.rowid, facf.ref, facf.ref_supplier ';
$sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn facf ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON( bk.fk_doc = facf.rowid AND facf.rowid IN (".implode(',', $ids_fact)."))";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON( bk.fk_doc = facf.rowid AND facf.rowid IN (".$this->db->sanitize(implode(',', $ids_fact))."))";
$sql .= " WHERE bk.code_journal IN (SELECT code FROM ".MAIN_DB_PREFIX."accounting_journal WHERE nature=3 AND entity=".$conf->entity.") ";
$sql .= " AND facf.entity = ".$conf->entity;
$sql .= " AND ( ";
@ -185,7 +185,7 @@ class Lettering extends BookKeeping
if (count($ids_fact)) {
$sql = 'SELECT bk.rowid, fac.ref, fac.ref_supplier ';
$sql .= " FROM ".MAIN_DB_PREFIX."facture fac ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON( bk.fk_doc = fac.rowid AND fac.rowid IN (".implode(',', $ids_fact)."))";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON( bk.fk_doc = fac.rowid AND fac.rowid IN (".$this->db->sanitize(implode(',', $ids_fact))."))";
$sql .= " WHERE code_journal IN (SELECT code FROM ".MAIN_DB_PREFIX."accounting_journal WHERE nature=2 AND entity=".$conf->entity.") ";
$sql .= " AND fac.entity IN (".getEntity('invoice', 0).")"; // We don't share object for accountancy
$sql .= " AND ( ";
@ -255,7 +255,7 @@ class Lettering extends BookKeeping
}
$sql = "SELECT SUM(ABS(debit)) as deb, SUM(ABS(credit)) as cred FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE ";
$sql .= " rowid IN (".implode(',', $ids).") AND date_validated IS NULL";
$sql .= " rowid IN (".$this->db->sanitize(implode(',', $ids)).") AND date_validated IS NULL";
$result = $this->db->query($sql);
if ($result) {
$obj = $this->db->fetch_object($result);
@ -276,7 +276,7 @@ class Lettering extends BookKeeping
$sql = "UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping SET";
$sql .= " lettering_code='".$this->db->escape($lettre)."'";
$sql .= " , date_lettering = '".$this->db->idate($now)."'"; // todo correct date it's false
$sql .= " WHERE rowid IN (".implode(',', $ids).") AND date_validated IS NULL ";
$sql .= " WHERE rowid IN (".$this->db->sanitize(implode(',', $ids)).") AND date_validated IS NULL ";
$this->db->begin();
dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG);

8
htdocs/accountancy/customer/lines.php
View File

@ -129,7 +129,7 @@ if (is_array($changeaccount) && count($changeaccount) > 0 && $user->rights->acco
$sql1 = "UPDATE ".MAIN_DB_PREFIX."facturedet as l";
$sql1 .= " SET l.fk_code_ventilation=".(GETPOST('account_parent', 'int') > 0 ? GETPOST('account_parent', 'int') : '0');
$sql1 .= ' WHERE l.rowid IN ('.implode(',', $changeaccount).')';
$sql1 .= ' WHERE l.rowid IN ('.$db->sanitize(implode(',', $changeaccount)).')';
dol_syslog('accountancy/customer/lines.php::changeaccount sql= '.$sql1);
$resql1 = $db->query($sql1);
@ -246,11 +246,11 @@ if (strlen(trim($search_country))) {
if ($search_country == 'special_allnotme') {
$sql .= " AND co.code <> '".$db->escape($mysoc->country_code)."'";
} elseif ($search_country == 'special_eec') {
$sql .= " AND co.code IN (".$country_code_in_EEC.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC, 1).")";
} elseif ($search_country == 'special_eecnotme') {
$sql .= " AND co.code IN (".$country_code_in_EEC_without_me.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC_without_me, 1).")";
} elseif ($search_country == 'special_noteec') {
$sql .= " AND co.code NOT IN (".$country_code_in_EEC.")";
$sql .= " AND co.code NOT IN (".$db->sanitize($country_code_in_EEC, 1).")";
} else {
$sql .= natural_search("co.code", $search_country);
}

6
htdocs/accountancy/customer/list.php
View File

@ -283,11 +283,11 @@ if (strlen(trim($search_country))) {
if ($search_country == 'special_allnotme') {
$sql .= " AND co.code <> '".$db->escape($mysoc->country_code)."'";
} elseif ($search_country == 'special_eec') {
$sql .= " AND co.code IN (".$country_code_in_EEC.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC, 1).")";
} elseif ($search_country == 'special_eecnotme') {
$sql .= " AND co.code IN (".$country_code_in_EEC_without_me.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC_without_me, 1).")";
} elseif ($search_country == 'special_noteec') {
$sql .= " AND co.code NOT IN (".$country_code_in_EEC.")";
$sql .= " AND co.code NOT IN (".$db->sanitize($country_code_in_EEC, 1).")";
} else {
$sql .= natural_search("co.code", $search_country);
}

2
htdocs/accountancy/expensereport/lines.php
View File

@ -119,7 +119,7 @@ if (is_array($changeaccount) && count($changeaccount) > 0 && $user->rights->acco
$sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det as erd";
$sql1 .= " SET erd.fk_code_ventilation=".(GETPOST('account_parent', 'int') > 0 ? GETPOST('account_parent', 'int') : '0');
$sql1 .= ' WHERE erd.rowid IN ('.implode(',', $changeaccount).')';
$sql1 .= ' WHERE erd.rowid IN ('.$db->sanitize(implode(',', $changeaccount)).')';
dol_syslog('accountancy/expensereport/lines.php::changeaccount sql= '.$sql1);
$resql1 = $db->query($sql1);

8
htdocs/accountancy/supplier/lines.php
View File

@ -130,7 +130,7 @@ if (is_array($changeaccount) && count($changeaccount) > 0) {
$sql1 = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det as l";
$sql1 .= " SET l.fk_code_ventilation=".(GETPOST('account_parent', 'int') > 0 ? GETPOST('account_parent', 'int') : '0');
$sql1 .= ' WHERE l.rowid IN ('.implode(',', $changeaccount).')';
$sql1 .= ' WHERE l.rowid IN ('.$db->sanitize(implode(',', $changeaccount)).')';
dol_syslog('accountancy/supplier/lines.php::changeaccount sql= '.$sql1);
$resql1 = $db->query($sql1);
@ -238,11 +238,11 @@ if (strlen(trim($search_country))) {
if ($search_country == 'special_allnotme') {
$sql .= " AND co.code <> '".$db->escape($mysoc->country_code)."'";
} elseif ($search_country == 'special_eec') {
$sql .= " AND co.code IN (".$country_code_in_EEC.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC, 1).")";
} elseif ($search_country == 'special_eecnotme') {
$sql .= " AND co.code IN (".$country_code_in_EEC_without_me.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC_without_me, 1).")";
} elseif ($search_country == 'special_noteec') {
$sql .= " AND co.code NOT IN (".$country_code_in_EEC.")";
$sql .= " AND co.code NOT IN (".$db->sanitize($country_code_in_EEC, 1).")";
} else {
$sql .= natural_search("co.code", $search_country);
}

6
htdocs/accountancy/supplier/list.php
View File

@ -288,11 +288,11 @@ if (strlen(trim($search_country))) {
if ($search_country == 'special_allnotme') {
$sql .= " AND co.code <> '".$db->escape($mysoc->country_code)."'";
} elseif ($search_country == 'special_eec') {
$sql .= " AND co.code IN (".$country_code_in_EEC.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC, 1).")";
} elseif ($search_country == 'special_eecnotme') {
$sql .= " AND co.code IN (".$country_code_in_EEC_without_me.")";
$sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC_without_me, 1).")";
} elseif ($search_country == 'special_noteec') {
$sql .= " AND co.code NOT IN (".$country_code_in_EEC.")";
$sql .= " AND co.code NOT IN (".$db->sanitize($country_code_in_EEC, 1).")";
} else {
$sql .= natural_search("co.code", $search_country);
}

36
htdocs/adherents/card.php
View File

@ -1830,7 +1830,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// Send
if (empty($user->socid)) {
if ($object->statut == 1) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&mode=init#formmailbeforetitle">'.$langs->trans('SendMail').'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&mode=init#formmailbeforetitle">'.$langs->trans('SendMail').'</a></div>'."\n";
}
}
@ -1856,17 +1856,17 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// Modify
if ($user->rights->adherent->creer) {
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=edit">'.$langs->trans("Modify")."</a></div>";
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=edit">'.$langs->trans("Modify").'</a></div>'."\n";
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Modify").'</font></div>';
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Modify").'</font></div>'."\n";
}
// Validate
if ($object->statut == -1) {
if ($user->rights->adherent->creer) {
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=valid">'.$langs->trans("Validate")."</a></div>\n";
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=valid">'.$langs->trans("Validate").'</a></div>'."\n";
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Validate").'</font></div>';
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Validate").'</font></div>'."\n";
}
}
@ -1875,7 +1875,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
if ($user->rights->adherent->creer) {
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=valid">'.$langs->trans("Reenable")."</a></div>\n";
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Reenable")."</font></div>";
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Reenable").'</font></div>'."\n";
}
}
@ -1884,7 +1884,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
if ($user->rights->adherent->supprimer) {
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=resiliate">'.$langs->trans("Resiliate")."</a></div>\n";
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Resiliate")."</font></div>";
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Resiliate").'</font></div>'."\n";
}
}
@ -1893,7 +1893,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
if ($user->rights->adherent->supprimer) {
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$id.'&action=exclude">'.$langs->trans("Exclude")."</a></div>\n";
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Exclude")."</font></div>";
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Exclude").'</font></div>'."\n";
}
}
@ -1901,12 +1901,12 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
if (!empty($conf->societe->enabled) && !$object->socid) {
if ($user->rights->societe->creer) {
if ($object->statut != -1) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?rowid='.$object->id.'&amp;action=create_thirdparty">'.$langs->trans("CreateDolibarrThirdParty").'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?rowid='.$object->id.'&amp;action=create_thirdparty">'.$langs->trans("CreateDolibarrThirdParty").'</a></div>'."\n";;
} else {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("ValidateBefore")).'">'.$langs->trans("CreateDolibarrThirdParty").'</a></div>';
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("ValidateBefore")).'">'.$langs->trans("CreateDolibarrThirdParty").'</a></div>'."\n";
}
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("CreateDolibarrThirdParty")."</font></div>";
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("CreateDolibarrThirdParty").'</font></div>'."\n";
}
}
@ -1914,12 +1914,12 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
if (!$user->socid && !$object->user_id) {
if ($user->rights->user->user->creer) {
if ($object->statut != -1) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?rowid='.$object->id.'&amp;action=create_user">'.$langs->trans("CreateDolibarrLogin").'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?rowid='.$object->id.'&amp;action=create_user">'.$langs->trans("CreateDolibarrLogin").'</a></div>'."\n";
} else {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("ValidateBefore")).'">'.$langs->trans("CreateDolibarrLogin").'</a></div>';
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("ValidateBefore")).'">'.$langs->trans("CreateDolibarrLogin").'</a></div>'."\n";
}
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("CreateDolibarrLogin")."</font></div>";
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("CreateDolibarrLogin").'</font></div>'."\n";
}
}
@ -1928,18 +1928,18 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
$isinspip = $mailmanspip->is_in_spip($object);
if ($isinspip == 1) {
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$object->id.'&action=del_spip">'.$langs->trans("DeleteIntoSpip")."</a></div>\n";
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$object->id.'&action=del_spip">'.$langs->trans("DeleteIntoSpip").'</a></div>'."\n";
}
if ($isinspip == 0) {
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$object->id.'&action=add_spip">'.$langs->trans("AddIntoSpip")."</a></div>\n";
print '<div class="inline-block divButAction"><a class="butAction" href="card.php?rowid='.$object->id.'&action=add_spip">'.$langs->trans("AddIntoSpip").'</a></div>'."\n";
}
}
// Delete
if ($user->rights->adherent->supprimer) {
print '<div class="inline-block divButAction"><a class="butActionDelete" href="card.php?rowid='.$object->id.'&action=delete&token='.newToken().'">'.$langs->trans("Delete")."</a></div>\n";
print '<div class="inline-block divButAction"><a class="butActionDelete" href="card.php?rowid='.$object->id.'&action=delete&token='.newToken().'">'.$langs->trans("Delete").'</a></div>'."\n";
} else {
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Delete")."</font></div>";
print '<div class="inline-block divButAction"><font class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Delete").'</font></div>'."\n";
}
}
}

2
htdocs/adherents/class/adherent.class.php
View File

@ -2279,7 +2279,7 @@ class Adherent extends CommonObject
$labelStatus = $langs->trans("MemberStatusResiliated");
$labelStatusShort = $langs->trans("MemberStatusResiliatedShort");
} elseif ($status == -2) {
$statusType = 'status8';
$statusType = 'status10';
$labelStatus = $langs->trans("MemberStatusExcluded");
$labelStatusShort = $langs->trans("MemberStatusExcludedShort");
}

6
htdocs/adherents/class/adherent_type.class.php
View File

@ -176,7 +176,7 @@ class AdherentType extends CommonObject
$sql = "SELECT rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent_type_lang";
$sql .= " WHERE fk_type=".$this->id;
$sql .= " AND lang='".$key."'";
$sql .= " AND lang = '".$this->db->escape($key)."'";
$result = $this->db->query($sql);
@ -202,7 +202,7 @@ class AdherentType extends CommonObject
$sql = "SELECT rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent_type_lang";
$sql .= " WHERE fk_type=".$this->id;
$sql .= " AND lang='".$key."'";
$sql .= " AND lang = '".$this->db->escape($key)."'";
$result = $this->db->query($sql);
@ -552,7 +552,7 @@ class AdherentType extends CommonObject
$sql = "SELECT a.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent as a";
$sql .= " WHERE a.entity IN (".getEntity('member').")";
$sql .= " AND a.fk_adherent_type = ".$this->id;
$sql .= " AND a.fk_adherent_type = ".((int) $this->id);
if (!empty($excludefilter)) {
$sql .= ' AND ('.$excludefilter.')';
}

2
htdocs/adherents/index.php
View File

@ -233,7 +233,7 @@ if ($conf->use_javascript_ajax) {
include_once DOL_DOCUMENT_ROOT.'/core/class/dolgraph.class.php';
$dolgraph = new DolGraph();
$dolgraph->SetData($dataseries);
$dolgraph->SetDataColor(array($badgeStatus1, $badgeStatus4, $badgeStatus8, $badgeStatus6, '-'.$badgeStatus0));
$dolgraph->SetDataColor(array($badgeStatus1, $badgeStatus4, '-'.$badgeStatus8, $badgeStatus6, '-'.$badgeStatus0));
$dolgraph->setShowLegend(2);
$dolgraph->setShowPercent(1);
$dolgraph->SetType(array('pie'));

6
htdocs/adherents/list.php
View File

@ -302,13 +302,13 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on (s.rowid = d.fk_soc)";
$sql .= ", ".MAIN_DB_PREFIX."adherent_type as t";
$sql .= " WHERE d.fk_adherent_type = t.rowid ";
if ($catid > 0) {
$sql .= " AND cm.fk_categorie = ".$db->escape($catid);
$sql .= " AND cm.fk_categorie = ".((int) $catid);
}
if ($catid == -2) {
$sql .= " AND cm.fk_categorie IS NULL";
}
if ($search_categ > 0) {
$sql .= " AND cm.fk_categorie = ".$db->escape($search_categ);
$sql .= " AND cm.fk_categorie = ".((int) $search_categ);
}
if ($search_categ == -2) {
$sql .= " AND cm.fk_categorie IS NULL";
@ -379,7 +379,7 @@ if ($search_phone_mobile) {
$sql .= natural_search("d.phone_mobile", $search_phone_mobile);
}
if ($search_country) {
$sql .= " AND d.country IN (".$search_country.')';
$sql .= " AND d.country IN (".$db->sanitize($search_country).')';
}
// Add where from extra fields

2
htdocs/adherents/subscription/list.php
View File

@ -191,7 +191,7 @@ if ($search_note) {
$sql .= natural_search('c.note', $search_note);
}
if ($search_account > 0) {
$sql .= " AND b.fk_account = ".urldecode($search_account);
$sql .= " AND b.fk_account = ".((int) $search_account);
}
if ($search_amount) {
$sql .= natural_search('c.subscription', $search_amount, 1);

2
htdocs/admin/const.php
View File

@ -237,7 +237,7 @@ $sql .= ", note";
$sql .= ", tms";
$sql .= ", entity";
$sql .= " FROM ".MAIN_DB_PREFIX."const";
$sql .= " WHERE entity IN (".$user->entity.",".$conf->entity.")";
$sql .= " WHERE entity IN (".$db->sanitize($user->entity.",".$conf->entity).")";
if ((empty($user->entity) || $user->admin) && $debug) {
} elseif (!GETPOST('visible') || GETPOST('visible') != 'all') {
// to force for superadmin to debug

16
htdocs/admin/dict.php
View File

@ -44,7 +44,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php';
// Load translation files required by the page
$langs->loadLangs(array("errors", "admin", "main", "companies", "resource", "holiday", "accountancy", "hrm", "orders", "contracts", "projects", "propal", "bills", "interventions"));
$langs->loadLangs(array("errors", "admin", "main", "companies", "resource", "holiday", "accountancy", "hrm", "orders", "contracts", "projects", "propal", "bills", "interventions", "ticket"));
$action = GETPOST('action', 'alpha') ?GETPOST('action', 'alpha') : 'view';
$confirm = GETPOST('confirm', 'alpha');
@ -1139,6 +1139,7 @@ if ($action == 'delete') {
}
//var_dump($elementList);
/*
* Show a dictionary
*/
@ -1397,6 +1398,9 @@ if ($id) {
if ($fieldlist[$field] == 'unit_type') {
$valuetoshow = $langs->trans('TypeOfUnit');
}
if ($fieldlist[$field] == 'public' && $tablib[$id] == 'TicketDictCategory') {
$valuetoshow = $langs->trans('TicketGroupIsPublic'); $class = 'center';
}
if ($id == 2) { // Special case for state page
if ($fieldlist[$field] == 'region_id') {
@ -1738,6 +1742,9 @@ if ($id) {
if ($fieldlist[$field] == 'unit_type') {
$valuetoshow = $langs->trans('TypeOfUnit');
}
if ($fieldlist[$field] == 'public' && $tablib[$id] == 'TicketDictCategory') {
$valuetoshow = $langs->trans('TicketGroupIsPublic'); $cssprefix = 'center ';
}
if ($fieldlist[$field] == 'region_id' || $fieldlist[$field] == 'country_id') {
$showfield = 0;
@ -1984,6 +1991,9 @@ if ($id) {
if ($fieldlist[$field] == 'use_default') {
$class .= ' center';
}
if ($fieldlist[$field] == 'public') {
$class .= ' center';
}
// Show value for field
if ($showfield) {
print '<!-- '.$fieldlist[$field].' --><td class="'.$class.'">'.$valuetoshow.'</td>';
@ -2343,10 +2353,10 @@ function fieldList($fieldlist, $obj = '', $tabname = '', $context = '')
if ($fieldlist[$field] == 'code') {
$class = 'maxwidth100';
}
if (in_array($fieldlist[$field], array('dayrule', 'day', 'month', 'year', 'pos', 'use_default', 'affect', 'delay', 'position', 'sortorder', 'sens', 'category_type'))) {
if (in_array($fieldlist[$field], array('dayrule', 'day', 'month', 'year', 'pos', 'use_default', 'affect', 'delay', 'position', 'public', 'sortorder', 'sens', 'category_type'))) {
$class = 'maxwidth50 center';
}
if (in_array($fieldlist[$field], array('use_default'))) {
if (in_array($fieldlist[$field], array('use_default', 'public'))) {
$classtd = 'center';
}
if (in_array($fieldlist[$field], array('libelle', 'label', 'tracking'))) {

4
htdocs/admin/eventorganization.php
View File

@ -201,7 +201,7 @@ if ($action == 'edit') {
print '<input type="hidden" name="action" value="update">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre"><td class="titlefield">'.$langs->trans("Parameter").'</td><td>'.$langs->trans("Value").'</td></tr>';
print '<tr class="liste_titre"><td class="titlefieldcreate">'.$langs->trans("Parameter").'</td><td>'.$langs->trans("Value").'</td></tr>';
foreach ($arrayofparameters as $constname => $val) {
if ($val['enabled']==1) {
@ -266,7 +266,7 @@ if ($action == 'edit') {
} else {
if (!empty($arrayofparameters)) {
print '<table class="noborder centpercent">';
print '<tr class="liste_titre"><td class="titlefield">'.$langs->trans("Parameter").'</td><td>'.$langs->trans("Value").'</td></tr>';
print '<tr class="liste_titre"><td class="titlefieldcreate">'.$langs->trans("Parameter").'</td><td>'.$langs->trans("Value").'</td></tr>';
foreach ($arrayofparameters as $constname => $val) {
if ($val['enabled']==1) {

2
htdocs/admin/perms.php
View File

@ -132,7 +132,7 @@ print '</tr>'."\n";
$sql = "SELECT r.id, r.libelle as label, r.module, r.module_position, r.perms, r.subperms, r.bydefault";
$sql .= " FROM ".MAIN_DB_PREFIX."rights_def as r";
$sql .= " WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous"
$sql .= " AND r.entity = ".$entity;
$sql .= " AND r.entity = ".((int) $entity);
if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) {
$sql .= " AND r.perms NOT LIKE '%_advance'"; // Hide advanced perms if option is not enabled
}

2
htdocs/admin/system/constall.php
View File

@ -223,7 +223,7 @@ if (empty($conf->multicompany->enabled)) {
} else {
// If multicompany mode, superadmin (user->entity=0) can see everything, admin are limited to their entities.
if ($user->entity) {
$sql .= " WHERE entity IN (".$user->entity.",".$conf->entity.")";
$sql .= " WHERE entity IN (".$db->sanitize($user->entity.",".$conf->entity).")";
}
}
$sql .= " ORDER BY entity, name ASC";

2
htdocs/admin/system/dolibarr.php
View File

@ -484,7 +484,7 @@ if (empty($conf->multicompany->enabled)) {
} else {
// If multicompany mode, superadmin (user->entity=0) can see everything, admin are limited to their entities.
if ($user->entity) {
$sql .= " WHERE entity IN (".$user->entity.",".$conf->entity.")";
$sql .= " WHERE entity IN (".$db->sanitize($user->entity.",".$conf->entity).")";
}
}
$sql .= " ORDER BY entity, name ASC";

100
htdocs/admin/ticket_public.php
View File

@ -59,6 +59,38 @@ if ($action == 'setTICKET_ENABLE_PUBLIC_INTERFACE') {
if ($action == 'setvar') {
include_once DOL_DOCUMENT_ROOT."/core/lib/files.lib.php";
if (GETPOSTISSET('TICKET_ENABLE_PUBLIC_INTERFACE')) { // only for no js case
$param_enable_public_interface = GETPOST('TICKET_ENABLE_PUBLIC_INTERFACE', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_ENABLE_PUBLIC_INTERFACE', $param_enable_public_interface, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
}
if (GETPOSTISSET('TICKET_EMAIL_MUST_EXISTS')) { // only for no js case
$param_must_exists = GETPOST('TICKET_EMAIL_MUST_EXISTS', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_EMAIL_MUST_EXISTS', $param_must_exists, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
}
if (GETPOSTISSET('TICKET_DISABLE_CUSTOMER_MAILS')) { // only for no js case
$param_disable_email = GETPOST('TICKET_DISABLE_CUSTOMER_MAILS', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_DISABLE_CUSTOMER_MAILS', $param_disable_email, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
}
if (GETPOSTISSET('TICKET_SHOW_COMPANY_LOGO')) { // only for no js case
$param_show_module_logo = GETPOST('TICKET_SHOW_COMPANY_LOGO', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_SHOW_COMPANY_LOGO', $param_show_module_logo, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
}
$topic_interface = GETPOST('TICKET_PUBLIC_INTERFACE_TOPIC', 'nohtml');
if (!empty($topic_interface)) {
$res = dolibarr_set_const($db, 'TICKET_PUBLIC_INTERFACE_TOPIC', $topic_interface, 'chaine', 0, '', $conf->entity);
@ -114,32 +146,6 @@ if ($action == 'setvar') {
if (!($res > 0)) {
$error++;
}
}
if ($action == 'setvarother') {
$param_enable_public_interface = GETPOST('TICKET_ENABLE_PUBLIC_INTERFACE', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_ENABLE_PUBLIC_INTERFACE', $param_enable_public_interface, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
$param_must_exists = GETPOST('TICKET_EMAIL_MUST_EXISTS', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_EMAIL_MUST_EXISTS', $param_must_exists, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
$param_disable_email = GETPOST('TICKET_DISABLE_CUSTOMER_MAILS', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_DISABLE_CUSTOMER_MAILS', $param_disable_email, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
$param_show_module_logo = GETPOST('TICKET_SHOW_COMPANY_LOGO', 'alpha');
$res = dolibarr_set_const($db, 'TICKET_SHOW_COMPANY_LOGO', $param_show_module_logo, 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {
$error++;
}
if ($conf->global->MAIN_FEATURES_LEVEL >= 2) {
$param_notification_also_main_addressemail = GETPOST('TICKET_NOTIFICATION_ALSO_MAIN_ADDRESS', 'alpha');
@ -197,18 +203,16 @@ print '<input type="hidden" id="TICKET_ENABLE_PUBLIC_INTERFACE" name="TICKET_ENA
print '<br><br>';
if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) {
if (empty($conf->use_javascript_ajax)) {
print '<form method="post" action="'.$_SERVER['PHP_SELF'].'" enctype="multipart/form-data" >';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="setvarother">';
}
print '<form method="post" action="'.$_SERVER['PHP_SELF'].'" enctype="multipart/form-data" >';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="setvar">';
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre"><td>'.$langs->trans("Parameters").'</td>';
print '<td class="left">';
print '</td>';
print '<td class="center">';
print '<td class="center width75">';
print '</td>';
print '</tr>';
@ -222,7 +226,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) {
print $form->selectarray("TICKET_EMAIL_MUST_EXISTS", $arrval, $conf->global->TICKET_EMAIL_MUST_EXISTS);
}
print '</td>';
print '<td class="center">';
print '<td class="center width75">';
print $form->textwithpicto('', $langs->trans("TicketsEmailMustExistHelp"), 1, 'help');
print '</td>';
print '</tr>';
@ -255,7 +259,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) {
print $form->selectarray("TICKET_SHOW_COMPANY_LOGO", $arrval, $conf->global->TICKET_SHOW_COMPANY_LOGO);
}
print '</td>';
print '<td class="center">';
print '<td class="center width75">';
print $form->textwithpicto('', $langs->trans("TicketsShowCompanyLogoHelp"), 1, 'help');
print '</td>';
print '</tr>';
@ -271,8 +275,8 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) {
print $form->selectarray("TICKET_NOTIFICATION_ALSO_MAIN_ADDRESS", $arrval, $conf->global->TICKET_NOTIFICATION_ALSO_MAIN_ADDRESS);
}
print '</td>';
print '<td class="center">';
print $form->textwithpicto('', $langs->trans("TicketsEmailAlsoSendToMainAddressHelp"), 1, 'help');
print '<td class="center width75">';
print $form->textwithpicto('', $langs->trans("TicketsEmailAlsoSendToMainAddressHelp", $langs->transnoentitiesnoconv("TicketEmailNotificationTo").' ('.$langs->transnoentitiesnoconv("Creation").')', $langs->trans("Settings")), 1, 'help');
print '</td>';
print '</tr>';
}
@ -282,28 +286,6 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) {
print '</tr>';
}
print '</table>';
print '</div>';
print '<br>';
if (!$conf->use_javascript_ajax) {
print '</form>';
}
// Admin var of module
print load_fiche_titre($langs->trans("TicketParamMail"));
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<form method="post" action="'.$_SERVER['PHP_SELF'].'" enctype="multipart/form-data" >';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="setvar">';
print '<tr class="liste_titre">';
print '<td colspan="3">'.$langs->trans("Parameter").'</td>';
print "</tr>\n";
if (empty($conf->global->FCKEDITOR_ENABLE_MAIL)) {
print '<tr>';
print '<td colspan="3"><div class="info">'.$langs->trans("TicketCkEditorEmailNotActivated").'</div></td>';
@ -316,7 +298,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) {
print '</td><td>';
print '<input type="text" name="TICKET_PUBLIC_INTERFACE_TOPIC" value="'.$conf->global->TICKET_PUBLIC_INTERFACE_TOPIC.'" size="40" ></td>';
print '</td>';
print '<td class="center">';
print '<td class="center width75">';
print $form->textwithpicto('', $langs->trans("TicketPublicInterfaceTopicHelp"), 1, 'help');
print '</td></tr>';

2
htdocs/asset/class/asset_type.class.php
View File

@ -332,7 +332,7 @@ class AssetType extends CommonObject
/**
* Return array of Asset objects for asset type this->id (or all if this->id not defined)
*
* @param string $excludefilter Filter to exclude
* @param string $excludefilter Filter to exclude. This parameter must not be provided by input of users
* @param int $mode 0=Return array of asset instance
* 1=Return array of asset instance without extra data
* 2=Return array of asset id only

2
htdocs/bom/bom_agenda.php
View File

@ -86,7 +86,7 @@ if ($id > 0 || !empty($ref)) {
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
restrictedArea($user, 'bom', $object->id, 'bom_bom', '', '', 'rowid', $isdraft);
/*

2
htdocs/bom/bom_card.php
View File

@ -76,7 +76,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be includ
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
$result = restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
$result = restrictedArea($user, 'bom', $object->id, 'bom_bom', '', '', 'rowid', $isdraft);
$permissionnote = $user->rights->bom->write; // Used by the include of actions_setnotes.inc.php
$permissiondellink = $user->rights->bom->write; // Used by the include of actions_dellink.inc.php

2
htdocs/bom/bom_document.php
View File

@ -83,7 +83,7 @@ if ($id > 0 || !empty($ref)) {
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
restrictedArea($user, 'bom', $object->id, 'bom_bom', '', '', 'rowid', $isdraft);
/*

2
htdocs/bom/bom_note.php
View File

@ -63,7 +63,7 @@ $permissionnote = $user->rights->bom->write; // Used by the include of actions_s
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
restrictedArea($user, 'bom', $object->id, 'bom_bom', '', '', 'rowid', $isdraft);
/*

4
htdocs/bom/class/api_boms.class.php
View File

@ -134,14 +134,14 @@ class Boms extends DolibarrApi
$sql .= " AND t.fk_soc = sc.fk_soc";
}
if ($restrictonsocid && $socid) {
$sql .= " AND t.fk_soc = ".$socid;
$sql .= " AND t.fk_soc = ".((int) $socid);
}
if ($restrictonsocid && $search_sale > 0) {
$sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
}
// Insert sale filter
if ($restrictonsocid && $search_sale > 0) {
$sql .= " AND sc.fk_user = ".$search_sale;
$sql .= " AND sc.fk_user = ".((int) $search_sale);
}
if ($sqlfilters) {
if (!DolibarrApi::_checkFilters($sqlfilters)) {

1
htdocs/cashdesk/admin/cashdesk.php
View File

@ -45,6 +45,7 @@ $langs->loadLangs(array("admin", "cashdesk"));
/*
* Actions
*/
if (GETPOST('action', 'alpha') == 'set') {
$db->begin();

10
htdocs/cashdesk/affContenu.php
View File

@ -22,6 +22,7 @@
* \ingroup cashdesk
* \brief Include to show main page for cashdesk module
*/
require_once 'class/Facturation.class.php';
// Si nouvelle vente, reinitialisation des donnees (destruction de l'objet et vidage de la table contenant la liste des articles)
@ -39,6 +40,15 @@ if (isset($_SESSION['serObjFacturation'])) {
$obj_facturation = new Facturation();
}
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
/*
* View
*/
// $obj_facturation contains data for all invoice total + selection of current product
$obj_facturation->calculTotaux(); // Redefine prix_total_ttc, prix_total_ht et montant_tva from $_SESSION['poscart']

4
htdocs/cashdesk/affIndex.php
View File

@ -38,6 +38,10 @@ if ($_SESSION['uid'] <= 0) {
// Load translation files required by the page
$langs->loadLangs(array("companies", "compta", "cashdesk"));
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
/*
* View

4
htdocs/cashdesk/affPied.php
View File

@ -21,6 +21,10 @@
* \brief Bottom of main page of point of sale module
*/
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
?>
<!-- affPied.php -->
<div class="pied">

4
htdocs/cashdesk/deconnexion.php
View File

@ -40,5 +40,9 @@ require_once '../main.inc.php';
// This destroy tag that say "Point of Sale session is on".
unset($_SESSION['uid']);
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
header('Location: '.DOL_URL_ROOT.'/cashdesk/index.php');
exit;

3
htdocs/cashdesk/facturation.php
View File

@ -26,6 +26,9 @@
*/
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
/*

9
htdocs/cashdesk/facturation_dhtml.php
View File

@ -47,6 +47,15 @@ if (!defined('NOREQUIREAJAX')) {
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/cashdesk/include/environnement.php';
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
/*
* View
*/
top_httphead('text/html');
$search = GETPOST("code", "alpha");

8
htdocs/cashdesk/facturation_verif.php
View File

@ -34,6 +34,14 @@ $action = GETPOST('action', 'aZ09');
$obj_facturation = unserialize($_SESSION['serObjFacturation']);
unset($_SESSION['serObjFacturation']);
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
/*
* View
*/
switch ($action) {
default:

5
htdocs/cashdesk/index.php
View File

@ -43,6 +43,11 @@ $err = GETPOST("err");
// Instantiate hooks of thirdparty module only if not already define
$hookmanager->initHooks(array('cashdeskloginpage'));
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
/*
* View
*/

6
htdocs/cashdesk/index_verif.php
View File

@ -41,6 +41,12 @@ $bankid_cash = (GETPOST("CASHDESK_ID_BANKACCOUNT_CASH") > 0) ?GETPOST("CASHDESK_
$bankid_cheque = (GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE") > 0) ?GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE", 'int') : $conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE;
$bankid_cb = (GETPOST("CASHDESK_ID_BANKACCOUNT_CB") > 0) ?GETPOST("CASHDESK_ID_BANKACCOUNT_CB", 'int') : $conf->global->CASHDESK_ID_BANKACCOUNT_CB;
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
// Check username
if (empty($username)) {
$retour = $langs->trans("ErrorFieldRequired", $langs->transnoentities("Login"));

9
htdocs/cashdesk/validation_ticket.php
View File

@ -26,6 +26,15 @@ require_once DOL_DOCUMENT_ROOT.'/cashdesk/include/environnement.php';
require_once DOL_DOCUMENT_ROOT.'/cashdesk/class/Facturation.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php';
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
/*
* Actions
*/
$obj_facturation = unserialize($_SESSION['serObjFacturation']);
unset($_SESSION['serObjFacturation']);

9
htdocs/cashdesk/validation_verif.php
View File

@ -36,6 +36,15 @@ $obj_facturation = unserialize($_SESSION['serObjFacturation']);
$action = GETPOST('action', 'aZ09');
$bankaccountid = GETPOST('cashdeskbank');
if (empty($user->rights->cashdesk->run)) {
accessforbidden();
}
/*
* Actions
*/
switch ($action) {
default:
$redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=validation';

4
htdocs/categories/class/categorie.class.php
View File

@ -1300,7 +1300,7 @@ class Categorie extends CommonObject
$sql = "SELECT c.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."categorie as c ";
$sql .= " WHERE c.entity IN (".getEntity('category').")";
$sql .= " AND c.type = ".$type;
$sql .= " AND c.type = ".((int) $type);
$sql .= " AND c.fk_parent = ".$this->fk_parent;
$sql .= " AND c.label = '".$this->db->escape($this->label)."'";
@ -1792,7 +1792,7 @@ class Categorie extends CommonObject
$sql = "SELECT rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."categorie_lang";
$sql .= " WHERE fk_category=".$this->id;
$sql .= " AND lang='".$key."'";
$sql .= " AND lang = '".$this->db->escape($key)."'";
$result = $this->db->query($sql);

3
htdocs/comm/action/card.php
View File

@ -1896,7 +1896,8 @@ if ($id > 0) {
if (!empty($conf->global->AGENDA_USE_EVENT_TYPE)) {
print '<tr><td class="titlefield">'.$langs->trans("Type").'</td><td>';
print $object->getTypePicto();
print $langs->trans($object->type).'</td></tr>';
print $langs->trans("Action".$object->type_code);
print '</td></tr>';
}
// Full day event

8
htdocs/comm/action/class/actioncomm.class.php
View File

@ -1227,17 +1227,17 @@ class ActionComm extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."actioncomm as a";
$sql .= " WHERE a.entity IN (".getEntity('agenda').")";
if (!empty($socid)) {
$sql .= " AND a.fk_soc = ".$socid;
$sql .= " AND a.fk_soc = ".((int) $socid);
}
if (!empty($elementtype)) {
if ($elementtype == 'project') {
$sql .= ' AND a.fk_project = '.$fk_element;
$sql .= ' AND a.fk_project = '.((int) $fk_element);
} elseif ($elementtype == 'contact') {
$sql .= ' AND a.id IN';
$sql .= " (SELECT fk_actioncomm FROM ".MAIN_DB_PREFIX."actioncomm_resources WHERE";
$sql .= " element_type = 'socpeople' AND fk_element = ".$fk_element.')';
$sql .= " element_type = 'socpeople' AND fk_element = ".((int) $fk_element).')';
} else {
$sql .= " AND a.fk_element = ".(int) $fk_element." AND a.elementtype = '".$db->escape($elementtype)."'";
$sql .= " AND a.fk_element = ".((int) $fk_element)." AND a.elementtype = '".$db->escape($elementtype)."'";
}
}
if (!empty($filter)) {

6
htdocs/comm/action/class/api_agendaevents.class.php
View File

@ -147,14 +147,14 @@ class AgendaEvents extends DolibarrApi
}
}
if ($user_ids) {
$sql .= " AND t.fk_user_action IN (".$user_ids.")";
$sql .= " AND t.fk_user_action IN (".$this->db->sanitize($user_ids).")";
}
if ($socid > 0) {
$sql .= " AND t.fk_soc = ".$socid;
$sql .= " AND t.fk_soc = ".((int) $socid);
}
// Insert sale filter
if ($search_sale > 0) {
$sql .= " AND sc.fk_user = ".$search_sale;
$sql .= " AND sc.fk_user = ".((int) $search_sale);
}
// Add sql filters
if ($sqlfilters) {

12
htdocs/comm/action/index.php
View File

@ -115,8 +115,8 @@ if ($dateselect > 0) {
}
// Set actioncode (this code must be same for setting actioncode into peruser, listacton and index)
if (GETPOST('search_actioncode', 'array')) {
$actioncode = GETPOST('search_actioncode', 'array', 3);
if (GETPOST('search_actioncode', 'array:aZ09')) {
$actioncode = GETPOST('search_actioncode', 'array:aZ09', 3);
if (!count($actioncode)) {
$actioncode = '0';
}
@ -669,18 +669,18 @@ if (!empty($actioncode)) {
$sql .= " AND ca.type = 'systemauto'";
} else {
if (is_array($actioncode)) {
$sql .= " AND ca.code IN ('".implode("','", $actioncode)."')";
$sql .= " AND ca.code IN (".$db->sanitize("'".implode("','", $actioncode)."'", 1).")";
} else {
$sql .= " AND ca.code IN ('".implode("','", explode(',', $actioncode))."')";
$sql .= " AND ca.code IN (".$db->sanitize("'".implode("','", explode(',', $actioncode))."'", 1).")";
}
}
}
}
if ($resourceid > 0) {
$sql .= " AND r.element_type = 'action' AND r.element_id = a.id AND r.resource_id = ".$db->escape($resourceid);
$sql .= " AND r.element_type = 'action' AND r.element_id = a.id AND r.resource_id = ".((int) $resourceid);
}
if ($pid) {
$sql .= " AND a.fk_project=".$db->escape($pid);
$sql .= " AND a.fk_project=".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";

16
htdocs/comm/action/list.php
View File

@ -429,31 +429,31 @@ if (!empty($actioncode)) {
$sql .= " AND c.type = 'systemauto'";
} else {
if (is_array($actioncode)) {
$sql .= " AND c.code IN ('".implode("','", $actioncode)."')";
$sql .= " AND c.code IN (".$db->sanitize("'".implode("','", $actioncode)."'", 1).")";
} else {
$sql .= " AND c.code IN ('".implode("','", explode(',', $actioncode))."')";
$sql .= " AND c.code IN (".$db->sanitize("'".implode("','", explode(',', $actioncode))."'", 1).")";
}
}
}
}
if ($resourceid > 0) {
$sql .= " AND r.element_type = 'action' AND r.element_id = a.id AND r.resource_id = ".$db->escape($resourceid);
$sql .= " AND r.element_type = 'action' AND r.element_id = a.id AND r.resource_id = ".((int) $resourceid);
}
if ($pid) {
$sql .= " AND a.fk_project=".$db->escape($pid);
$sql .= " AND a.fk_project=".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
}
if ($socid > 0) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
// We must filter on assignement table
if ($filtert > 0 || $usergroup > 0) {
$sql .= " AND ar.fk_actioncomm = a.id AND ar.element_type='user'";
}
if ($type) {
$sql .= " AND c.id = ".(int) $type;
$sql .= " AND c.id = ".((int) $type);
}
if ($search_status == '0') {
$sql .= " AND a.percent = 0";
@ -486,10 +486,10 @@ if ($search_note) {
if ($filtert > 0 || $usergroup > 0) {
$sql .= " AND (";
if ($filtert > 0) {
$sql .= "(ar.fk_element = ".$filtert." OR (ar.fk_element IS NULL AND a.fk_user_action=".$filtert."))"; // The OR is for backward compatibility
$sql .= "(ar.fk_element = ".((int) $filtert)." OR (ar.fk_element IS NULL AND a.fk_user_action = ".((int) $filtert)."))"; // The OR is for backward compatibility
}
if ($usergroup > 0) {
$sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".$usergroup;
$sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".((int) $usergroup);
}
$sql .= ")";
}

10
htdocs/comm/action/pertype.php
View File

@ -540,24 +540,24 @@ if (!empty($actioncode)) {
$sql .= " AND ca.type = 'systemauto'";
} else {
if (is_array($actioncode)) {
$sql .= " AND ca.code IN ('".implode("','", $actioncode)."')";
$sql .= " AND ca.code IN (".$db->sanitize("'".implode("','", $actioncode)."'", 1).")";
} else {
$sql .= " AND ca.code IN ('".implode("','", explode(',', $actioncode))."')";
$sql .= " AND ca.code IN (".$db->sanitize("'".implode("','", explode(',', $actioncode))."'", 1).")";
}
}
}
}
if ($resourceid > 0) {
$sql .= " AND r.element_type = 'action' AND r.element_id = a.id AND r.resource_id = ".$db->escape($resourceid);
$sql .= " AND r.element_type = 'action' AND r.element_id = a.id AND r.resource_id = ".((int) $resourceid);
}
if ($pid) {
$sql .= " AND a.fk_project=".$db->escape($pid);
$sql .= " AND a.fk_project=".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
}
if ($socid > 0) {
$sql .= ' AND a.fk_soc = '.$socid;
$sql .= ' AND a.fk_soc = '.((int) $socid);
}
// We must filter on assignement table
if ($filtert > 0 || $usergroup > 0) {

14
htdocs/comm/action/peruser.php
View File

@ -105,8 +105,8 @@ $type = GETPOST("search_type", 'alpha') ?GETPOST("search_type", 'alpha') : GETPO
$maxprint = ((GETPOST("maxprint", 'int') != '') ?GETPOST("maxprint", 'int') : $conf->global->AGENDA_MAX_EVENTS_DAY_VIEW);
$optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print')
// Set actioncode (this code must be same for setting actioncode into peruser, listacton and index)
if (GETPOST('search_actioncode', 'array')) {
$actioncode = GETPOST('search_actioncode', 'array', 3);
if (GETPOST('search_actioncode', 'array:aZ09')) {
$actioncode = GETPOST('search_actioncode', 'array:aZ09', 3);
if (!count($actioncode)) {
$actioncode = '0';
}
@ -562,24 +562,24 @@ if (!empty($actioncode)) {
$sql .= " AND ca.type = 'systemauto'";
} else {
if (is_array($actioncode)) {
$sql .= " AND ca.code IN ('".implode("','", $actioncode)."')";
$sql .= " AND ca.code IN (".$db->sanitize("'".implode("','", $actioncode)."'", 1).")";
} else {
$sql .= " AND ca.code IN ('".implode("','", explode(',', $actioncode))."')";
$sql .= " AND ca.code IN (".$db->sanitize("'".implode("','", explode(',', $actioncode))."'", 1).")";
}
}
}
}
if ($resourceid > 0) {
$sql .= " AND r.element_type = 'action' AND r.element_id = a.id AND r.resource_id = ".$db->escape($resourceid);
$sql .= " AND r.element_type = 'action' AND r.element_id = a.id AND r.resource_id = ".((int) $resourceid);
}
if ($pid) {
$sql .= " AND a.fk_project=".$db->escape($pid);
$sql .= " AND a.fk_project = ".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
}
if ($socid > 0) {
$sql .= ' AND a.fk_soc = '.$socid;
$sql .= ' AND a.fk_soc = '.((int) $socid);
}
// We must filter on assignement table
if ($filtert > 0 || $usergroup > 0) {

2
htdocs/comm/contact.php
View File

@ -101,7 +101,7 @@ if ($type == "f") {
$sql .= " AND s.fournisseur = 1";
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
if (dol_strlen($stcomm)) {

2
htdocs/comm/index.php
View File

@ -169,7 +169,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$resql = $db->query($sql);

48
htdocs/comm/mailing/class/advtargetemailing.class.php
View File

@ -559,34 +559,34 @@ class AdvanceTargetingMailing extends CommonObject
$sqlwhere[] = " (t.parent IN (SELECT rowid FROM ".MAIN_DB_PREFIX."societe WHERE (".$str.")))";
}
if (!empty($arrayquery['cust_status']) && count($arrayquery['cust_status']) > 0) {
$sqlwhere[] = " (t.status IN (".implode(',', $arrayquery['cust_status'])."))";
$sqlwhere[] = " (t.status IN (".$this->db->sanitize(implode(',', $arrayquery['cust_status']))."))";
}
if (!empty($arrayquery['cust_typecust']) && count($arrayquery['cust_typecust']) > 0) {
$sqlwhere[] = " (t.client IN (".implode(',', $arrayquery['cust_typecust'])."))";
$sqlwhere[] = " (t.client IN (".$this->db->sanitize(implode(',', $arrayquery['cust_typecust']))."))";
}
if (!empty($arrayquery['cust_comm_status']) && count($arrayquery['cust_comm_status'] > 0)) {
$sqlwhere[] = " (t.fk_stcomm IN (".implode(',', $arrayquery['cust_comm_status'])."))";
$sqlwhere[] = " (t.fk_stcomm IN (".$this->db->sanitize(implode(',', $arrayquery['cust_comm_status']))."))";
}
if (!empty($arrayquery['cust_prospect_status']) && count($arrayquery['cust_prospect_status']) > 0) {
$sqlwhere[] = " (t.fk_prospectlevel IN ('".implode("','", $arrayquery['cust_prospect_status'])."'))";
$sqlwhere[] = " (t.fk_prospectlevel IN (".$this->db->sanitize("'".implode("','", $arrayquery['cust_prospect_status'])."'", 1)."))";
}
if (!empty($arrayquery['cust_typeent']) && count($arrayquery['cust_typeent']) > 0) {
$sqlwhere[] = " (t.fk_typent IN (".implode(',', $arrayquery['cust_typeent'])."))";
$sqlwhere[] = " (t.fk_typent IN (".$this->db->sanitize(implode(',', $arrayquery['cust_typeent']))."))";
}
if (!empty($arrayquery['cust_saleman']) && count($arrayquery['cust_saleman']) > 0) {
$sqlwhere[] = " (saleman.fk_user IN (".implode(',', $arrayquery['cust_saleman'])."))";
$sqlwhere[] = " (saleman.fk_user IN (".$this->db->sanitize(implode(',', $arrayquery['cust_saleman']))."))";
}
if (!empty($arrayquery['cust_country']) && count($arrayquery['cust_country']) > 0) {
$sqlwhere[] = " (t.fk_pays IN (".implode(',', $arrayquery['cust_country'])."))";
$sqlwhere[] = " (t.fk_pays IN (".$this->db->sanitize(implode(',', $arrayquery['cust_country']))."))";
}
if (!empty($arrayquery['cust_effectif_id']) && count($arrayquery['cust_effectif_id']) > 0) {
$sqlwhere[] = " (t.fk_effectif IN (".implode(',', $arrayquery['cust_effectif_id'])."))";
$sqlwhere[] = " (t.fk_effectif IN (".$this->db->sanitize(implode(',', $arrayquery['cust_effectif_id']))."))";
}
if (!empty($arrayquery['cust_categ']) && count($arrayquery['cust_categ']) > 0) {
$sqlwhere[] = " (custcateg.fk_categorie IN (".implode(',', $arrayquery['cust_categ'])."))";
$sqlwhere[] = " (custcateg.fk_categorie IN (".$this->db->sanitize(implode(',', $arrayquery['cust_categ']))."))";
}
if (!empty($arrayquery['cust_language']) && count($arrayquery['cust_language']) > 0) {
$sqlwhere[] = " (t.default_lang IN ('".implode("','", $arrayquery['cust_language'])."'))";
$sqlwhere[] = " (t.default_lang IN (".$this->db->sanitize("'".implode("','", $arrayquery['cust_language'])."'", 1)."))";
}
//Standard Extrafield feature
@ -618,7 +618,7 @@ class AdvanceTargetingMailing extends CommonObject
}
} else {
if (is_array($arrayquery['options_'.$key])) {
$sqlwhere[] = " (te.".$key." IN ('".implode("','", $arrayquery['options_'.$key])."'))";
$sqlwhere[] = " (te.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery['options_'.$key])."'", 1)."))";
} elseif (!empty($arrayquery['options_'.$key])) {
$sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key])."')";
}
@ -703,7 +703,7 @@ class AdvanceTargetingMailing extends CommonObject
$sqlwhere[] = " (t.statut IN (".$this->db->sanitize($this->db->escape(implode(',', $arrayquery['contact_status'])))."))";
}
if (!empty($arrayquery['contact_civility']) && count($arrayquery['contact_civility']) > 0) {
$sqlwhere[] = " (t.civility IN ('".$this->db->sanitize($this->db->escape(implode("','", $arrayquery['contact_civility'])))."'))";
$sqlwhere[] = " (t.civility IN (".$this->db->sanitize("'".implode("','", $arrayquery['contact_civility'])."'", 1)."))";
}
if ($arrayquery['contact_no_email'] != '') {
$tmpwhere = '';
@ -762,7 +762,7 @@ class AdvanceTargetingMailing extends CommonObject
}
} else {
if (is_array($arrayquery['options_'.$key.'_cnct'])) {
$sqlwhere[] = " (te.".$key." IN ('".implode("','", $arrayquery['options_'.$key.'_cnct'])."'))";
$sqlwhere[] = " (te.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery['options_'.$key.'_cnct'])."'", 1)."))";
} elseif (!empty($arrayquery['options_'.$key.'_cnct'])) {
$sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key.'_cnct'])."')";
}
@ -797,34 +797,34 @@ class AdvanceTargetingMailing extends CommonObject
$sqlwhere[] = " (ts.parent IN (SELECT rowid FROM ".MAIN_DB_PREFIX."societe WHERE (".$str.")))";
}
if (!empty($arrayquery['cust_status']) && count($arrayquery['cust_status']) > 0) {
$sqlwhere[] = " (ts.status IN (".implode(',', $arrayquery['cust_status'])."))";
$sqlwhere[] = " (ts.status IN (".$this->db->sanitize(implode(',', $arrayquery['cust_status']))."))";
}
if (!empty($arrayquery['cust_typecust']) && count($arrayquery['cust_typecust']) > 0) {
$sqlwhere[] = " (ts.client IN (".implode(',', $arrayquery['cust_typecust'])."))";
$sqlwhere[] = " (ts.client IN (".$this->db->sanitize(implode(',', $arrayquery['cust_typecust']))."))";
}
if (!empty($arrayquery['cust_comm_status']) && count($arrayquery['cust_comm_status'] > 0)) {
$sqlwhere[] = " (ts.fk_stcomm IN (".implode(',', $arrayquery['cust_comm_status'])."))";
$sqlwhere[] = " (ts.fk_stcomm IN (".$this->db->sanitize(implode(',', $arrayquery['cust_comm_status']))."))";
}
if (!empty($arrayquery['cust_prospect_status']) && count($arrayquery['cust_prospect_status']) > 0) {
$sqlwhere[] = " (ts.fk_prospectlevel IN ('".implode("','", $arrayquery['cust_prospect_status'])."'))";
$sqlwhere[] = " (ts.fk_prospectlevel IN ('".$this->db->sanitize(implode("','", $arrayquery['cust_prospect_status']))."'))";
}
if (!empty($arrayquery['cust_typeent']) && count($arrayquery['cust_typeent']) > 0) {
$sqlwhere[] = " (ts.fk_typent IN (".implode(',', $arrayquery['cust_typeent'])."))";
$sqlwhere[] = " (ts.fk_typent IN (".$this->db->sanitize(implode(',', $arrayquery['cust_typeent']))."))";
}
if (!empty($arrayquery['cust_saleman']) && count($arrayquery['cust_saleman']) > 0) {
$sqlwhere[] = " (saleman.fk_user IN (".implode(',', $arrayquery['cust_saleman'])."))";
$sqlwhere[] = " (saleman.fk_user IN (".$this->db->sanitize(implode(',', $arrayquery['cust_saleman']))."))";
}
if (!empty($arrayquery['cust_country']) && count($arrayquery['cust_country']) > 0) {
$sqlwhere[] = " (ts.fk_pays IN (".implode(',', $arrayquery['cust_country'])."))";
$sqlwhere[] = " (ts.fk_pays IN (".$this->db->sanitize(implode(',', $arrayquery['cust_country']))."))";
}
if (!empty($arrayquery['cust_effectif_id']) && count($arrayquery['cust_effectif_id']) > 0) {
$sqlwhere[] = " (ts.fk_effectif IN (".implode(',', $arrayquery['cust_effectif_id'])."))";
$sqlwhere[] = " (ts.fk_effectif IN (".$this->db->sanitize(implode(',', $arrayquery['cust_effectif_id']))."))";
}
if (!empty($arrayquery['cust_categ']) && count($arrayquery['cust_categ']) > 0) {
$sqlwhere[] = " (custcateg.fk_categorie IN (".implode(',', $arrayquery['cust_categ'])."))";
$sqlwhere[] = " (custcateg.fk_categorie IN (".$this->db->sanitize(implode(',', $arrayquery['cust_categ']))."))";
}
if (!empty($arrayquery['cust_language']) && count($arrayquery['cust_language']) > 0) {
$sqlwhere[] = " (ts.default_lang IN ('".implode("','", $arrayquery['cust_language'])."'))";
$sqlwhere[] = " (ts.default_lang IN ('".$this->db->sanitize(implode("','", $arrayquery['cust_language']))."'))";
}
//Standard Extrafield feature
@ -860,7 +860,7 @@ class AdvanceTargetingMailing extends CommonObject
}
} else {
if (is_array($arrayquery['options_'.$key])) {
$sqlwhere[] = " (tse.".$key." IN ('".implode("','", $arrayquery['options_'.$key])."'))";
$sqlwhere[] = " (tse.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery['options_'.$key])."'", 1)."))";
} elseif (!empty($arrayquery['options_'.$key])) {
$sqlwhere[] = " (tse.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key])."')";
}

4
htdocs/comm/propal/class/api_proposals.class.php
View File

@ -181,14 +181,14 @@ class Proposals extends DolibarrApi
$sql .= " AND t.fk_soc = sc.fk_soc";
}
if ($socids) {
$sql .= " AND t.fk_soc IN (".$socids.")";
$sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")";
}
if ($search_sale > 0) {
$sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
}
// Insert sale filter
if ($search_sale > 0) {
$sql .= " AND sc.fk_user = ".$search_sale;
$sql .= " AND sc.fk_user = ".((int) $search_sale);
}
// Add sql filters
if ($sqlfilters) {

4
htdocs/comm/propal/class/propal.class.php
View File

@ -2734,7 +2734,7 @@ class Propal extends CommonObject
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
if ($draft) {
$sql .= " AND p.fk_statut = ".self::STATUS_DRAFT;
@ -2821,7 +2821,7 @@ class Propal extends CommonObject
if (count($linkedInvoices) > 0) {
$sql = "SELECT rowid as facid, ref, total, datef as df, fk_user_author, fk_statut, paye";
$sql .= " FROM ".MAIN_DB_PREFIX."facture";
$sql .= " WHERE rowid IN (".implode(',', $linkedInvoices).")";
$sql .= " WHERE rowid IN (".$this->db->sanitize(implode(',', $linkedInvoices)).")";
dol_syslog(get_class($this)."::InvoiceArrayList", LOG_DEBUG);
$resql = $this->db->query($sql);

4
htdocs/comm/propal/index.php
View File

@ -106,7 +106,7 @@ if ($user->socid) {
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
$sql .= " AND p.fk_statut IN (".implode(" ,", $listofstatus).")";
$sql .= " AND p.fk_statut IN (".$db->sanitize(implode(" ,", $listofstatus)).")";
$sql .= " GROUP BY p.fk_statut";
$resql = $db->query($sql);
if ($resql) {
@ -372,7 +372,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY p.rowid DESC";

2
htdocs/comm/propal/list.php
View File

@ -565,7 +565,7 @@ if ($socid > 0) {
$sql .= ' AND s.rowid = '.$socid;
}
if ($search_status != '' && $search_status != '-1') {
$sql .= ' AND p.fk_statut IN ('.$db->sanitize($db->escape($search_status)).')';
$sql .= ' AND p.fk_statut IN ('.$db->sanitize($search_status).')';
}
if ($search_date_start) {
$sql .= " AND p.datep >= '".$db->idate($search_date_start)."'";

2
htdocs/comm/propal/stats/index.php
View File

@ -103,7 +103,7 @@ dol_mkdir($dir);
$stats = new PropaleStats($db, $socid, ($userid > 0 ? $userid : 0), $mode, ($typent_id > 0 ? $typent_id : 0), ($categ_id > 0 ? $categ_id : 0));
if ($object_status != '' && $object_status >= 0) {
$stats->where .= ' AND p.fk_statut IN ('.$db->sanitize($db->escape($object_status)).')';
$stats->where .= ' AND p.fk_statut IN ('.$db->sanitize($object_status).')';
}
// Build graphic number of object

4
htdocs/commande/class/api_orders.class.php
View File

@ -184,14 +184,14 @@ class Orders extends DolibarrApi
$sql .= " AND t.fk_soc = sc.fk_soc";
}
if ($socids) {
$sql .= " AND t.fk_soc IN (".$socids.")";
$sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")";
}
if ($search_sale > 0) {
$sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
}
// Insert sale filter
if ($search_sale > 0) {
$sql .= " AND sc.fk_user = ".$search_sale;
$sql .= " AND sc.fk_user = ".((int) $search_sale);
}
// Add sql filters
if ($sqlfilters) {

4
htdocs/commande/class/commande.class.php
View File

@ -2300,8 +2300,8 @@ class Commande extends CommonOrder
if (count($array_of_product)) {
$sql = "SELECT fk_product, sum(ps.reel) as total";
$sql .= " FROM ".MAIN_DB_PREFIX."product_stock as ps";
$sql .= " WHERE ps.fk_product IN (".join(',', $array_of_product).")";
$sql .= ' GROUP BY fk_product ';
$sql .= " WHERE ps.fk_product IN (".$this->db->sanitize(join(',', $array_of_product)).")";
$sql .= ' GROUP BY fk_product';
$resql = $this->db->query($sql);
if ($resql) {
$num = $this->db->num_rows($resql);

2
htdocs/commande/index.php
View File

@ -209,7 +209,7 @@ if (!empty($conf->commande->enabled)) {
$sql .= " AND c.entity IN (".getEntity('commande').")";
$sql .= " AND c.fk_statut = 0";
if ($socid) {
$sql .= " AND c.fk_soc = ".$socid;
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;

4
htdocs/commande/list.php
View File

@ -426,10 +426,10 @@ if ($search_state) {
$sql .= natural_search("state.nom", $search_state);
}
if ($search_country) {
$sql .= " AND s.fk_pays IN (".$search_country.')';
$sql .= " AND s.fk_pays IN (".$db->sanitize($search_country).')';
}
if ($search_type_thirdparty) {
$sql .= " AND s.fk_typent IN (".$search_type_thirdparty.')';
$sql .= " AND s.fk_typent IN (".$db->sanitize($search_type_thirdparty).')';
}
if ($search_company) {
$sql .= natural_search('s.nom', $search_company);

4
htdocs/commande/stats/index.php
View File

@ -96,12 +96,12 @@ dol_mkdir($dir);
$stats = new CommandeStats($db, $socid, $mode, ($userid > 0 ? $userid : 0), ($typent_id > 0 ? $typent_id : 0), ($categ_id > 0 ? $categ_id : 0));
if ($mode == 'customer') {
if ($object_status != '' && $object_status >= -1) {
$stats->where .= ' AND c.fk_statut IN ('.$db->sanitize($db->escape($object_status)).')';
$stats->where .= ' AND c.fk_statut IN ('.$db->sanitize($object_status).')';
}
}
if ($mode == 'supplier') {
if ($object_status != '' && $object_status >= 0) {
$stats->where .= ' AND c.fk_statut IN ('.$db->sanitize($db->escape($object_status)).')';
$stats->where .= ' AND c.fk_statut IN ('.$db->sanitize($object_status).')';
}
}

16
htdocs/compta/accounting-files.php
View File

@ -173,7 +173,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= "SELECT t.rowid as id, t.entity, t.ref, t.paye as paid, t.total as total_ht, t.total_ttc, t.tva as total_vat, t.multicurrency_code as currency, t.fk_soc, t.datef as date, t.date_lim_reglement as date_due, 'Invoice' as item, s.nom as thirdparty_name, s.code_client as thirdparty_code, c.code as country_code, s.tva_intra as vatnum, ".PAY_CREDIT." as sens";
$sql .= " FROM ".MAIN_DB_PREFIX."facture as t LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = t.fk_soc LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = s.fk_pays";
$sql .= " WHERE datef between ".$wheretail;
$sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.fk_statut <> ".Facture::STATUS_DRAFT;
}
// Vendor invoices
@ -184,7 +184,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " SELECT t.rowid as id, t.entity, t.ref, t.paye as paid, t.total_ht, t.total_ttc, t.total_tva as total_vat, t.multicurrency_code as currency, t.fk_soc, t.datef as date, t.date_lim_reglement as date_due, 'SupplierInvoice' as item, s.nom as thirdparty_name, s.code_fournisseur as thirdparty_code, c.code as country_code, s.tva_intra as vatnum, ".PAY_DEBIT." as sens";
$sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn as t LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = t.fk_soc LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = s.fk_pays";
$sql .= " WHERE datef between ".$wheretail;
$sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.fk_statut <> ".FactureFournisseur::STATUS_DRAFT;
}
// Expense reports
@ -195,7 +195,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " SELECT t.rowid as id, t.entity, t.ref, t.paid, t.total_ht, t.total_ttc, t.total_tva as total_vat, t.multicurrency_code as currency, t.fk_user_author as fk_soc, t.date_fin as date, t.date_fin as date_due, 'ExpenseReport' as item, CONCAT(CONCAT(u.lastname, ' '), u.firstname) as thirdparty_name, '' as thirdparty_code, c.code as country_code, '' as vatnum, ".PAY_DEBIT." as sens";
$sql .= " FROM ".MAIN_DB_PREFIX."expensereport as t LEFT JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid = t.fk_user_author LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = u.fk_country";
$sql .= " WHERE date_fin between ".$wheretail;
$sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.fk_statut <> ".ExpenseReport::STATUS_DRAFT;
}
// Donations
@ -206,7 +206,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " SELECT t.rowid as id, t.entity, t.ref, paid, amount as total_ht, amount as total_ttc, 0 as total_vat, '".$db->escape($conf->currency)."' as currency, 0 as fk_soc, t.datedon as date, t.datedon as date_due, 'Donation' as item, t.societe as thirdparty_name, '' as thirdparty_code, c.code as country_code, '' as vatnum, ".PAY_CREDIT." as sens";
$sql .= " FROM ".MAIN_DB_PREFIX."don as t LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = t.fk_country";
$sql .= " WHERE datedon between ".$wheretail;
$sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.fk_statut <> ".Don::STATUS_DRAFT;
}
// Payments of salaries
@ -217,7 +217,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " SELECT t.rowid as id, t.entity, t.label as ref, 1 as paid, amount as total_ht, amount as total_ttc, 0 as total_vat, '".$db->escape($conf->currency)."' as currency, t.fk_user as fk_soc, t.datep as date, t.dateep as date_due, 'SalaryPayment' as item, CONCAT(CONCAT(u.lastname, ' '), u.firstname) as thirdparty_name, '' as thirdparty_code, c.code as country_code, '' as vatnum, ".PAY_DEBIT." as sens";
$sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as t LEFT JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid = t.fk_user LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = u.fk_country";
$sql .= " WHERE datep between ".$wheretail;
$sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
//$sql.=" AND fk_statut <> ".PaymentSalary::STATUS_DRAFT;
}
// Social contributions
@ -228,7 +228,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " SELECT t.rowid as id, t.entity, t.libelle as ref, t.paye as paid, t.amount as total_ht, t.amount as total_ttc, 0 as total_vat, '".$db->escape($conf->currency)."' as currency, 0 as fk_soc, t.date_ech as date, t.periode as date_due, 'SocialContributions' as item, '' as thirdparty_name, '' as thirdparty_code, '' as country_code, '' as vatnum, ".PAY_DEBIT." as sens";
$sql .= " FROM ".MAIN_DB_PREFIX."chargesociales as t";
$sql .= " WHERE t.date_ech between ".$wheretail;
$sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
//$sql.=" AND fk_statut <> ".ChargeSociales::STATUS_DRAFT;
}
// Various payments
@ -239,7 +239,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " SELECT t.rowid as id, t.entity, t.ref, 1 as paid, t.amount as total_ht, t.amount as total_ttc, 0 as total_vat, '".$db->escape($conf->currency)."' as currency, 0 as fk_soc, t.datep as date, t.datep as date_due, 'VariousPayment' as item, '' as thirdparty_name, '' as thirdparty_code, '' as country_code, '' as vatnum, sens";
$sql .= " FROM ".MAIN_DB_PREFIX."payment_various as t";
$sql .= " WHERE datep between ".$wheretail;
$sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
}
// Loan payments
if (GETPOST('selectloanspayment') && !empty($listofchoices['selectloanspayment']['perms'])) {
@ -249,7 +249,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " SELECT t.rowid as id, l.entity, l.label as ref, 1 as paid, (t.amount_capital+t.amount_insurance+t.amount_interest) as total_ht, (t.amount_capital+t.amount_insurance+t.amount_interest) as total_ttc, 0 as total_vat, '".$db->escape($conf->currency)."' as currency, 0 as fk_soc, t.datep as date, t.datep as date_due, 'LoanPayment' as item, '' as thirdparty_name, '' as thirdparty_code, '' as country_code, '' as vatnum, ".PAY_DEBIT." as sens";
$sql .= " FROM ".MAIN_DB_PREFIX."payment_loan as t LEFT JOIN ".MAIN_DB_PREFIX."loan as l ON l.rowid = t.fk_loan";
$sql .= " WHERE datep between ".$wheretail;
$sql .= " AND l.entity IN (".($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND l.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
}
if ($sql) {

8
htdocs/compta/bank/account_statement_document.php
View File

@ -79,12 +79,12 @@ $result = restrictedArea($user, 'banque', $object->id, 'bank_account', '', '');
// Define number of receipt to show (current, previous or next one ?)
$found = false;
if ($_GET["rel"] == 'prev') {
if (GETPOST("rel") == 'prev') {
// Recherche valeur pour num = numero releve precedent
$sql = "SELECT DISTINCT(b.num_releve) as num";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve < '".$db->escape($numref)."'";
$sql .= " AND b.fk_account = ".$id;
$sql .= " AND b.fk_account = ".((int) $id);
$sql .= " ORDER BY b.num_releve DESC";
dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG);
@ -97,12 +97,12 @@ if ($_GET["rel"] == 'prev') {
$found = true;
}
}
} elseif ($_GET["rel"] == 'next') {
} elseif (GETPOST("rel") == 'next') {
// Recherche valeur pour num = numero releve precedent
$sql = "SELECT DISTINCT(b.num_releve) as num";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve > '".$db->escape($numref)."'";
$sql .= " AND b.fk_account = ".$id;
$sql .= " AND b.fk_account = ".((int) $id);
$sql .= " ORDER BY b.num_releve ASC";
dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG);

6
htdocs/compta/bank/annuel.php
View File

@ -267,7 +267,7 @@ if ($result < 0) {
$sql .= " WHERE b.fk_account = ba.rowid";
$sql .= " AND ba.entity IN (".getEntity('bank_account').")";
if ($id && $_GET["option"] != 'all') {
$sql .= " AND b.fk_account IN (".$id.")";
$sql .= " AND b.fk_account IN (".$db->sanitize($id).")";
}
$resql = $db->query($sql);
@ -299,7 +299,7 @@ if ($result < 0) {
$sql .= " AND b.datev <= '".($year - $annee)."-12-31 23:59:59'";
$sql .= " AND b.amount > 0";
if ($id && $_GET["option"] != 'all') {
$sql .= " AND b.fk_account IN (".$id.")";
$sql .= " AND b.fk_account IN (".$db->sanitize($id).")";
}
$sql .= " GROUP BY date_format(b.datev,'%m');";
@ -381,7 +381,7 @@ if ($result < 0) {
$sql .= " AND b.datev <= '".($year - $annee)."-12-31 23:59:59'";
$sql .= " AND b.amount < 0";
if ($id && $_GET["option"] != 'all') {
$sql .= " AND b.fk_account IN (".$id.")";
$sql .= " AND b.fk_account IN (".$db->sanitize($id).")";
}
$sql .= " GROUP BY date_format(b.datev,'%m');";

4
htdocs/compta/bank/bankentries_list.php
View File

@ -581,7 +581,7 @@ if (is_array($extrafields->attributes[$object->table_element]['label']) && count
$sql .= " WHERE b.fk_account = ba.rowid";
$sql .= " AND ba.entity IN (".getEntity('bank_account').")";
if ($search_account > 0) {
$sql .= " AND b.fk_account = ".$search_account;
$sql .= " AND b.fk_account = ".((int) $search_account);
}
// Search period criteria
if (dol_strlen($search_dt_start) > 0) {
@ -607,7 +607,7 @@ if ($search_num_releve) {
$sql .= natural_search("b.num_releve", $search_num_releve);
}
if ($search_conciliated != '' && $search_conciliated != '-1') {
$sql .= " AND b.rappro = ".urlencode($search_conciliated);
$sql .= " AND b.rappro = ".((int) $search_conciliated);
}
if ($search_thirdparty_user) {
$sql.= " AND (b.rowid IN ";

2
htdocs/compta/bank/class/account.class.php
View File

@ -943,7 +943,7 @@ class Account extends CommonObject
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'accounting_journal as aj ON aj.rowid=ba.fk_accountancy_journal';
$sql .= " WHERE ba.entity IN (".getEntity($this->element).")";
if ($id) {
$sql .= " AND ba.rowid = ".$id;
$sql .= " AND ba.rowid = ".((int) $id);
}
if ($ref) {
$sql .= " AND ba.ref = '".$this->db->escape($ref)."'";

40
htdocs/compta/bank/graph.php
View File

@ -35,10 +35,10 @@ $WIDTH = DolGraph::getDefaultGraphSizeForStats('width', 768);
$HEIGHT = DolGraph::getDefaultGraphSizeForStats('height', 200);
// Security check
if (isset($_GET["account"]) || isset($_GET["ref"])) {
$id = isset($_GET["account"]) ? $_GET["account"] : (isset($_GET["ref"]) ? $_GET["ref"] : '');
if (GETPOST('account') || GETPOST('ref')) {
$id = GETPOST('account') ? GETPOST('account') : GETPOST('ref');
}
$fieldid = isset($_GET["ref"]) ? 'ref' : 'rowid';
$fieldid = GETPOST('ref') ? 'ref' : 'rowid';
if ($user->socid) {
$socid = $user->socid;
}
@ -66,19 +66,19 @@ $datetime = dol_now();
$year = dol_print_date($datetime, "%Y");
$month = dol_print_date($datetime, "%m");
$day = dol_print_date($datetime, "%d");
if (GETPOST("year")) {
$year = sprintf("%04d", GETPOST("year"));
if (GETPOST("year", 'int')) {
$year = sprintf("%04d", GETPOST("year", 'int'));
}
if (GETPOST("month")) {
$month = sprintf("%02d", GETPOST("month"));
if (GETPOST("month", 'int')) {
$month = sprintf("%02d", GETPOST("month", 'int'));
}
$object = new Account($db);
if ($_GET["account"] && !preg_match('/,/', $_GET["account"])) { // if for a particular account and not a list
$result = $object->fetch(GETPOST("account", "int"));
if (GETPOST('account') && !preg_match('/,/', GETPOST('account'))) { // if for a particular account and not a list
$result = $object->fetch(GETPOST('account', 'int'));
}
if ($_GET["ref"]) {
if (GETPOST("ref")) {
$result = $object->fetch(0, GETPOST("ref"));
$account = $object->id;
}
@ -96,7 +96,7 @@ if ($result < 0) {
$sql .= " WHERE b.fk_account = ba.rowid";
$sql .= " AND ba.entity IN (".getEntity('bank_account').")";
if ($account && $_GET["option"] != 'all') {
$sql .= " AND b.fk_account IN (".$account.")";
$sql .= " AND b.fk_account IN (".$db->sanitize($account).")";
}
$resql = $db->query($sql);
@ -138,7 +138,7 @@ if ($result < 0) {
$sql .= " AND b.datev >= '".$db->escape($year)."-".$db->escape($month)."-01 00:00:00'";
$sql .= " AND b.datev < '".$db->escape($yearnext)."-".$db->escape($monthnext)."-01 00:00:00'";
if ($account && $_GET["option"] != 'all') {
$sql .= " AND b.fk_account IN (".$account.")";
$sql .= " AND b.fk_account IN (".$db->sanitize($account).")";
}
$sql .= " GROUP BY date_format(b.datev,'%Y%m%d')";
@ -166,7 +166,7 @@ if ($result < 0) {
$sql .= " AND ba.entity IN (".getEntity('bank_account').")";
$sql .= " AND b.datev < '".$db->escape($year)."-".sprintf("%02s", $month)."-01'";
if ($account && $_GET["option"] != 'all') {
$sql .= " AND b.fk_account IN (".$account.")";
$sql .= " AND b.fk_account IN (".$db->sanitize($account).")";
}
$resql = $db->query($sql);
@ -280,7 +280,7 @@ if ($result < 0) {
$sql .= " AND b.datev >= '".$db->escape($year)."-01-01 00:00:00'";
$sql .= " AND b.datev <= '".$db->escape($year)."-12-31 23:59:59'";
if ($account && $_GET["option"] != 'all') {
$sql .= " AND b.fk_account IN (".$account.")";
$sql .= " AND b.fk_account IN (".$db->sanitize($account).")";
}
$sql .= " GROUP BY date_format(b.datev,'%Y%m%d')";
@ -308,7 +308,7 @@ if ($result < 0) {
$sql .= " AND ba.entity IN (".getEntity('bank_account').")";
$sql .= " AND b.datev < '".$db->escape($year)."-01-01'";
if ($account && $_GET["option"] != 'all') {
$sql .= " AND b.fk_account IN (".$account.")";
$sql .= " AND b.fk_account IN (".$db->sanitize($account).")";
}
$resql = $db->query($sql);
@ -416,7 +416,7 @@ if ($result < 0) {
$sql .= " WHERE b.fk_account = ba.rowid";
$sql .= " AND ba.entity IN (".getEntity('bank_account').")";
if ($account && $_GET["option"] != 'all') {
$sql .= " AND b.fk_account IN (".$account.")";
$sql .= " AND b.fk_account IN (".$db->sanitize($account).")";
}
$sql .= " GROUP BY date_format(b.datev,'%Y%m%d')";
@ -541,7 +541,7 @@ if ($result < 0) {
$sql .= " AND b.datev < '".$db->escape($yearnext)."-".$db->escape($monthnext)."-01 00:00:00'";
$sql .= " AND b.amount > 0";
if ($account && $_GET["option"] != 'all') {
$sql .= " AND b.fk_account IN (".$account.")";
$sql .= " AND b.fk_account IN (".$db->sanitize($account).")";
}
$sql .= " GROUP BY date_format(b.datev,'%d')";
@ -576,7 +576,7 @@ if ($result < 0) {
$sql .= " AND b.datev < '".$db->escape($yearnext)."-".$db->escape($monthnext)."-01 00:00:00'";
$sql .= " AND b.amount < 0";
if ($account && $_GET["option"] != 'all') {
$sql .= " AND b.fk_account IN (".$account.")";
$sql .= " AND b.fk_account IN (".$db->sanitize($account).")";
}
$sql .= " GROUP BY date_format(b.datev,'%d')";
@ -650,7 +650,7 @@ if ($result < 0) {
$sql .= " AND b.datev <= '".$db->escape($year)."-12-31 23:59:59'";
$sql .= " AND b.amount > 0";
if ($account && $_GET["option"] != 'all') {
$sql .= " AND b.fk_account IN (".$account.")";
$sql .= " AND b.fk_account IN (".$db->sanitize($account).")";
}
$sql .= " GROUP BY date_format(b.datev,'%m');";
@ -677,7 +677,7 @@ if ($result < 0) {
$sql .= " AND b.datev <= '".$db->escape($year)."-12-31 23:59:59'";
$sql .= " AND b.amount < 0";
if ($account && $_GET["option"] != 'all') {
$sql .= " AND b.fk_account IN (".$account.")";
$sql .= " AND b.fk_account IN (".$db->sanitize($account).")";
}
$sql .= " GROUP BY date_format(b.datev,'%m')";

4
htdocs/compta/bank/various_payment/list.php
View File

@ -264,10 +264,6 @@ if ($search_accountancy_subledger > 0) {
if ($typeid > 0) {
$sql .= " AND v.fk_typepayment=".$typeid;
}
if ($filtre) {
$filtre = str_replace(":", "=", $filtre);
$sql .= " AND ".$filtre;
}
if ($search_all) {
$sql .= natural_search(array_keys($fieldstosearchall), $search_all);
}

8
htdocs/compta/deplacement/class/deplacementstats.class.php
View File

@ -64,13 +64,13 @@ class DeplacementStats extends Stats
$this->where = " fk_statut > 0";
$this->where .= " AND entity = ".$conf->entity;
if ($this->socid) {
$this->where .= " AND fk_soc = ".$this->socid;
if ($this->socid > 0) {
$this->where .= " AND fk_soc = ".((int) $this->socid);
}
if (is_array($this->userid) && count($this->userid) > 0) {
$this->where .= ' AND fk_user IN ('.join(',', $this->userid).')';
$this->where .= ' AND fk_user IN ('.$this->db->sanitize(join(',', $this->userid)).')';
} elseif ($this->userid > 0) {
$this->where .= ' AND fk_user = '.$this->userid;
$this->where .= ' AND fk_user = '.((int) $this->userid);
}
}

6
htdocs/compta/deplacement/index.php
View File

@ -76,7 +76,7 @@ $sql = "SELECT count(d.rowid) as nb, sum(d.km) as km, d.type";
$sql .= " FROM ".MAIN_DB_PREFIX."deplacement as d";
$sql .= " WHERE d.entity = ".$conf->entity;
if (empty($user->rights->deplacement->readall) && empty($user->rights->deplacement->lire_tous)) {
$sql .= ' AND d.fk_user IN ('.join(',', $childids).')';
$sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')';
}
$sql .= " GROUP BY d.type";
$sql .= " ORDER BY d.type";
@ -156,13 +156,13 @@ if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " WHERE u.rowid = d.fk_user";
$sql .= " AND d.entity = ".$conf->entity;
if (empty($user->rights->deplacement->readall) && empty($user->rights->deplacement->lire_tous)) {
$sql .= ' AND d.fk_user IN ('.join(',', $childids).')';
$sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')';
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND d.fk_soc = ".$socid;
$sql .= " AND d.fk_soc = ".((int) $socid);
}
$sql .= $db->order("d.tms", "DESC");
$sql .= $db->plimit($max, 0);

6
htdocs/compta/deplacement/list.php
View File

@ -102,17 +102,17 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " WHERE d.fk_user = u.rowid";
$sql .= " AND d.entity = ".$conf->entity;
if (empty($user->rights->deplacement->readall) && empty($user->rights->deplacement->lire_tous)) {
$sql .= ' AND d.fk_user IN ('.join(',', $childids).')';
$sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')';
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (sc.fk_user = ".$user->id." OR d.fk_soc IS NULL) ";
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
if ($search_ref) {
$sql .= " AND d.rowid=".$search_ref;
$sql .= " AND d.rowid = ".((int) $search_ref);
}
if ($search_name) {
$sql .= natural_search('u.lastname', $search_name);

2
htdocs/compta/facture/card.php
View File

@ -2571,7 +2571,7 @@ if (empty($reshook)) {
$sql .= ' SET situation_cycle_ref='.$newCycle;
$sql .= ' , situation_final=0';
$sql .= ' , situation_counter='.$object->situation_counter;
$sql .= ' WHERE rowid IN ('.implode(',', $linkedCreditNotesList).')';
$sql .= ' WHERE rowid IN ('.$db->sanitize(implode(',', $linkedCreditNotesList)).')';
$resql = $db->query($sql);
if (!$resql) {

2
htdocs/compta/facture/class/api_invoices.class.php
View File

@ -191,7 +191,7 @@ class Invoices extends DolibarrApi
$sql .= " AND t.fk_soc = sc.fk_soc";
}
if ($socids) {
$sql .= " AND t.fk_soc IN (".$socids.")";
$sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")";
}
if ($search_sale > 0) {

8
htdocs/compta/facture/class/facture.class.php
View File

@ -2248,7 +2248,7 @@ class Facture extends CommonInvoice
if (count($list_rowid_det)) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except';
$sql .= ' SET fk_facture = NULL, fk_facture_line = NULL';
$sql .= ' WHERE fk_facture_line IN ('.join(',', $list_rowid_det).')';
$sql .= ' WHERE fk_facture_line IN ('.$this->db->sanitize(join(',', $list_rowid_det)).')';
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
if (!$this->db->query($sql)) {
@ -4033,7 +4033,7 @@ class Facture extends CommonInvoice
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
if ($draft) {
$sql .= " AND f.fk_statut = ".self::STATUS_DRAFT;
@ -4158,13 +4158,13 @@ class Facture extends CommonInvoice
$sqlSit .= " AND fs.fk_statut in (".self::STATUS_VALIDATED.",".self::STATUS_CLOSED.")";
$sqlSit .= " GROUP BY fs.situation_cycle_ref";
$sqlSit .= " ORDER BY fs.situation_counter";
$sql .= " AND ( f.type != ".self::TYPE_SITUATION." OR f.rowid IN (".$sqlSit.") )"; // Type non 5 si facture non avoir
$sql .= " AND ( f.type != ".self::TYPE_SITUATION." OR f.rowid IN (".$this->db->sanitize($sqlSit).") )"; // Type non 5 si facture non avoir
} else {
$sql .= " AND f.type != ".self::TYPE_SITUATION; // Type non 5 si facture non avoir
}
if ($socid > 0) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
$sql .= " ORDER BY f.ref";

6
htdocs/compta/facture/index.php
View File

@ -232,7 +232,7 @@ function getDraftTable($maxCount = 500, $socid = 0)
$sql .= " AND f.entity IN (".getEntity('facture').")";
$sql .= " AND f.fk_statut = ".Facture::STATUS_DRAFT;
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
@ -329,7 +329,7 @@ function getLatestEditTable($maxCount = 5, $socid = 0)
$sql .= " WHERE f.fk_soc = s.rowid";
$sql .= " AND f.entity IN (".getEntity('facture').")";
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
@ -432,7 +432,7 @@ function getOpenTable($maxCount = 500, $socid = 0)
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY f.rowid DESC";
$sql .= $db->plimit($maxCount, 0);

9
htdocs/compta/facture/list.php
View File

@ -513,14 +513,7 @@ if ($userid) {
if ($userid == -1) {
$sql .= ' AND f.fk_user_author IS NULL';
} else {
$sql .= ' AND f.fk_user_author = '.$userid;
}
}
if ($filtre) {
$aFilter = explode(',', $filtre);
foreach ($aFilter as $filter) {
$filt = explode(':', $filter);
$sql .= ' AND '.$db->escape(trim($filt[0])).' = '.$db->escape(trim($filt[1]));
$sql .= ' AND f.fk_user_author = '.((int) $userid);
}
}
if ($search_ref) {

6
htdocs/compta/facture/stats/index.php
View File

@ -103,16 +103,16 @@ dol_mkdir($dir);
$stats = new FactureStats($db, $socid, $mode, ($userid > 0 ? $userid : 0), ($typent_id > 0 ? $typent_id : 0), ($categ_id > 0 ? $categ_id : 0));
if ($mode == 'customer') {
if ($object_status != '' && $object_status >= 0) {
$stats->where .= ' AND f.fk_statut IN ('.$db->sanitize($db->escape($object_status)).')';
$stats->where .= ' AND f.fk_statut IN ('.$db->sanitize($object_status).')';
}
if (is_array($custcats) && !empty($custcats)) {
$stats->from .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cat ON (f.fk_soc = cat.fk_soc)';
$stats->where .= ' AND cat.fk_categorie IN ('.implode(',', $custcats).')';
$stats->where .= ' AND cat.fk_categorie IN ('.$db->sanitize(implode(',', $custcats)).')';
}
}
if ($mode == 'supplier') {
if ($object_status != '' && $object_status >= 0) {
$stats->where .= ' AND f.fk_statut IN ('.$db->sanitize($db->escape($object_status)).')';
$stats->where .= ' AND f.fk_statut IN ('.$db->sanitize($object_status).')';
}
}

2
htdocs/compta/index.php
View File

@ -1208,8 +1208,6 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
print '<th colspan="2">';
print $langs->trans("BillsSuppliersUnpaid", $num).' ';
print '<a href="'.DOL_URL_ROOT.'/fourn/facture/list.php?search_status='.FactureFournisseur::STATUS_VALIDATED.'">';
// TODO: "impayees.php" looks very outdatetd and should be set to deprecated or directly remove in the next version
// <a href="'.DOL_URL_ROOT.'/fourn/facture/impayees.php">
print '<span class="badge">'.$num.'</span>';
print '</a>';
print '</th>';

9
htdocs/compta/paiement/class/paiement.class.php
View File

@ -171,9 +171,9 @@ class Paiement extends CommonObject
if ($id > 0) {
$sql .= ' AND p.rowid = '.((int) $id);
} elseif ($ref) {
$sql .= " AND p.ref = '".$ref."'";
$sql .= " AND p.ref = '".$this->db->escape($ref)."'";
} elseif ($fk_bank) {
$sql .= ' AND p.fk_bank = '.$fk_bank;
$sql .= ' AND p.fk_bank = '.((int) $fk_bank);
}
$resql = $this->db->query($sql);
@ -1127,9 +1127,10 @@ class Paiement extends CommonObject
* @param string $option Sur quoi pointe le lien
* @param string $mode 'withlistofinvoices'=Include list of invoices into tooltip
* @param int $notooltip 1=Disable tooltip
* @param string $morecss Add more CSS
* @return string Chaine avec URL
*/
public function getNomUrl($withpicto = 0, $option = '', $mode = 'withlistofinvoices', $notooltip = 0)
public function getNomUrl($withpicto = 0, $option = '', $mode = 'withlistofinvoices', $notooltip = 0, $morecss = '')
{
global $conf, $langs;
@ -1166,7 +1167,7 @@ class Paiement extends CommonObject
$linkclose = '';
if (empty($notooltip)) {
if (!empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) {
$label = $langs->trans("ShowMyObject");
$label = $langs->trans("Payment");
$linkclose .= ' alt="'.dol_escape_htmltag($label, 1).'"';
}
$linkclose .= ' title="'.dol_escape_htmltag($label, 1).'"';

6
htdocs/compta/paiement/list.php
View File

@ -200,13 +200,13 @@ if (GETPOST("orphelins", "alpha")) {
$sql .= " AND sc.fk_user = ".$user->id;
}
if ($socid > 0) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
if ($userid) {
if ($userid == -1) {
$sql .= " AND f.fk_user_author IS NULL";
} else {
$sql .= " AND f.fk_user_author = ".$userid;
$sql .= " AND f.fk_user_author = ".((int) $userid);
}
}
@ -216,7 +216,7 @@ if (GETPOST("orphelins", "alpha")) {
$sql .= natural_search('p.ref', $search_ref);
}
if ($search_account > 0) {
$sql .= " AND b.fk_account=".$search_account;
$sql .= " AND b.fk_account=".((int) $search_account);
}
if ($search_paymenttype != '') {
$sql .= " AND c.code='".$db->escape($search_paymenttype)."'";

2
htdocs/compta/paymentbybanktransfer/index.php
View File

@ -115,7 +115,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
$resql = $db->query($sql);

4
htdocs/compta/prelevement/card.php
View File

@ -351,12 +351,12 @@ if ($id > 0 || $ref) {
$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes as pl";
$sql .= ", ".MAIN_DB_PREFIX."prelevement_bons as pb";
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
$sql .= " WHERE pl.fk_prelevement_bons = ".$id;
$sql .= " WHERE pl.fk_prelevement_bons = ".((int) $id);
$sql .= " AND pl.fk_prelevement_bons = pb.rowid";
$sql .= " AND pb.entity = ".$conf->entity;
$sql .= " AND pl.fk_soc = s.rowid";
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= $db->order($sortfield, $sortorder);

2
htdocs/compta/prelevement/create.php
View File

@ -319,7 +319,7 @@ if ($type == 'bank-transfer') {
$sql .= " AND pfd.fk_facture = f.rowid";
}
if ($socid > 0) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
$nbtotalofrecords = '';

4
htdocs/compta/prelevement/demandes.php
View File

@ -141,14 +141,14 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$status) {
$sql .= " AND pfd.traite = 0";
}
$sql .= " AND pfd.ext_payment_id IS NULL";
if ($status) {
$sql .= " AND pfd.traite = ".$status;
$sql .= " AND pfd.traite = ".((int) $status);
}
$sql .= " AND f.total_ttc > 0";
if (empty($conf->global->WITHDRAWAL_ALLOW_ANY_INVOICE_STATUS)) {

4
htdocs/compta/prelevement/factures.php
View File

@ -195,10 +195,10 @@ if ($object->type != 'bank-transfer') {
$sql .= " AND f.entity IN (".getEntity('supplier_invoice').")";
}
if ($object->id > 0) {
$sql .= " AND p.rowid=".$object->id;
$sql .= " AND p.rowid = ".((int) $object->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= $db->order($sortfield, $sortorder);

2
htdocs/compta/prelevement/fiche-rejet.php
View File

@ -177,7 +177,7 @@ $sql .= " AND pl.fk_soc = s.rowid";
$sql .= " AND pl.statut = 3 ";
$sql .= " AND pr.fk_prelevement_lignes = pl.rowid";
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY pl.amount DESC";

2
htdocs/compta/prelevement/index.php
View File

@ -115,7 +115,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
$resql = $db->query($sql);

4
htdocs/compta/prelevement/line.php
View File

@ -262,9 +262,9 @@ if ($id) {
$sql .= " AND f.fk_soc = s.rowid";
$sql .= " AND pf.fk_facture = f.rowid";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= " AND pl.rowid=".$id;
$sql .= " AND pl.rowid = ".((int) $id);
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY $sortfield $sortorder ";
$sql .= $db->plimit($conf->liste_limit + 1, $offset);

2
htdocs/compta/resultat/index.php
View File

@ -347,7 +347,7 @@ if (!empty($conf->facture->enabled) && ($modecompta == 'CREANCES-DETTES' || $mod
$sql .= " AND f.entity = ".$conf->entity;
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
$sql .= " GROUP BY dm";

2
htdocs/compta/resultat/result.php
View File

@ -281,7 +281,7 @@ if ($modecompta == 'CREANCES-DETTES') {
if (! empty($date_start) && ! empty($date_end))
$sql.= " AND t.doc_date >= '".$db->idate($date_start)."' AND t.doc_date <= '".$db->idate($date_end)."'";
if (! empty($month)) {
$sql .= " AND MONTH(t.doc_date) = " . $month;
$sql .= " AND MONTH(t.doc_date) = " . ((int) $month);
}
$resql = $db->query($sql);
if ($resql)

4
htdocs/compta/sociales/list.php
View File

@ -209,10 +209,6 @@ if ($year > 0) {
$sql .= "OR (cs.periode IS NULL AND date_format(cs.date_ech, '%Y') = '".$db->escape($year)."')";
$sql .= ")";
}
if ($filtre) {
$filtre = str_replace(":", "=", $filtre);
$sql .= " AND ".$filtre;
}
if ($search_typeid) {
$sql .= " AND cs.fk_type=".$db->escape($search_typeid);
}

4
htdocs/compta/stats/cabyprodserv.php
View File

@ -323,9 +323,9 @@ if ($modecompta == 'CREANCES-DETTES') {
$sql .= " AND (p.rowid IN ";
$sql .= " (SELECT fk_product FROM ".MAIN_DB_PREFIX."categorie_product cp WHERE ";
if ($subcat) {
$sql .= "cp.fk_categorie IN (".$listofcatsql.")";
$sql .= "cp.fk_categorie IN (".$db->sanitize($listofcatsql).")";
} else {
$sql .= "cp.fk_categorie = ".$selected_cat;
$sql .= "cp.fk_categorie = ".((int) $selected_cat);
}
$sql .= "))";
}

8
htdocs/compta/tva/card.php
View File

@ -461,16 +461,14 @@ if ($action == 'create') {
$reshook = $hookmanager->executeHooks('formObjectOptions', $parameters, $object, $action); // Note that $action and $object may have been modified by hook
print $hookmanager->resPrint;
// Bouton Save payment
print '<tr class="hide_if_no_auto_create_payment"><td>';
print $langs->trans("ClosePaidVATAutomatically");
print '</td><td><input type="checkbox" checked value="1" name="closepaidtva"></td></tr>';
print '</table>';
print dol_get_fiche_end();
print '<div class="center">';
print '<span class="hide_if_no_auto_create_payment">';
print '<input type="checkbox" checked value="1" name="closepaidtva"> <span class="">'.$langs->trans("ClosePaidVATAutomatically").'</span>';
print '</span><br>';
print '<input type="submit" class="button button-save" value="'.$langs->trans("Save").'">';
print '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;';
print '<input type="submit" class="button button-cancel" name="cancel" value="'.$langs->trans("Cancel").'">';

151
htdocs/compta/tva/clients.php
View File

@ -43,71 +43,7 @@ require_once DOL_DOCUMENT_ROOT.'/expensereport/class/paymentexpensereport.class.
// Load translation files required by the page
$langs->loadLangs(array("other", "compta", "banks", "bills", "companies", "product", "trips", "admin"));
$now = dol_now();
$current_date = dol_getdate($now);
if (empty($conf->global->SOCIETE_FISCAL_MONTH_START)) {
$conf->global->SOCIETE_FISCAL_MONTH_START = 1;
}
// Date range
$year = GETPOST("year", "int");
if (empty($year)) {
$year_current = $current_date['year'];
$year_start = $year_current;
} else {
$year_current = $year;
$year_start = $year;
}
$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"));
$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"));
// Set default period if not defined
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
$q = GETPOST("q", "int");
if (empty($q)) {
if (GETPOST("month", 'int')) {
$date_start = dol_get_first_day($year_start, GETPOST("month", 'int'), false);
$date_end = dol_get_last_day($year_start, GETPOST("month", 'int'), false);
} else {
if (empty($conf->global->MAIN_INFO_VAT_RETURN) || $conf->global->MAIN_INFO_VAT_RETURN == 2) { // quaterly vat, we take last past complete quarter
$date_start = dol_time_plus_duree(dol_get_first_day($year_start, $current_date['mon'], false), -3 - (($current_date['mon'] - $conf->global->SOCIETE_FISCAL_MONTH_START) % 3), 'm');
$date_end = dol_time_plus_duree($date_start, 3, 'm') - 1;
} elseif ($conf->global->MAIN_INFO_VAT_RETURN == 3) { // yearly vat
if ($current_date['mon'] < $conf->global->SOCIETE_FISCAL_MONTH_START) {
if (($conf->global->SOCIETE_FISCAL_MONTH_START - $current_date['mon']) > 6) { // If period started from less than 6 years, we show past year
$year_start--;
}
} else {
if (($current_date['mon'] - $conf->global->SOCIETE_FISCAL_MONTH_START) < 6) { // If perdio started from less than 6 years, we show past year
$year_start--;
}
}
$date_start = dol_get_first_day($year_start, $conf->global->SOCIETE_FISCAL_MONTH_START, false);
$date_end = dol_time_plus_duree($date_start, 1, 'y') - 1;
} elseif ($conf->global->MAIN_INFO_VAT_RETURN == 1) { // monthly vat, we take last past complete month
$date_start = dol_time_plus_duree(dol_get_first_day($year_start, $current_date['mon'], false), -1, 'm');
$date_end = dol_time_plus_duree($date_start, 1, 'm') - 1;
}
}
} else {
if ($q == 1) {
$date_start = dol_get_first_day($year_start, 1, false);
$date_end = dol_get_last_day($year_start, 3, false);
}
if ($q == 2) {
$date_start = dol_get_first_day($year_start, 4, false);
$date_end = dol_get_last_day($year_start, 6, false);
}
if ($q == 3) {
$date_start = dol_get_first_day($year_start, 7, false);
$date_end = dol_get_last_day($year_start, 9, false);
}
if ($q == 4) {
$date_start = dol_get_first_day($year_start, 10, false);
$date_end = dol_get_last_day($year_start, 12, false);
}
}
}
include DOL_DOCUMENT_ROOT.'/compta/tva/initdatesforvat.inc.php';
$min = price2num(GETPOST("min", "alpha"));
if (empty($min)) {
@ -116,16 +52,16 @@ if (empty($min)) {
// Define modetax (0 or 1)
// 0=normal, 1=option vat for services is on debit, 2=option on payments for products
$modetax = $conf->global->TAX_MODE;
$modetax = (empty($conf->global->TAX_MODE) ? 0 : $conf->global->TAX_MODE);
if (GETPOSTISSET("modetax")) {
$modetax = GETPOST("modetax", 'int');
$modetax = GETPOSTINT("modetax");
}
if (empty($modetax)) {
$modetax = 0;
}
// Security check
$socid = GETPOST('socid', 'int');
$socid = GETPOSTINT('socid');
if ($user->socid) {
$socid = $user->socid;
}
@ -184,7 +120,7 @@ if ($modetax == 2) {
$calcmode .= ' <span class="opacitymedium">('.$langs->trans("TaxModuleSetupToModifyRules", DOL_URL_ROOT.'/admin/taxes.php').')</span>';
// Set period
$period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0).' - '.$form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0);
$prevyear = $year_start;
$prevyear = $date_start_year;
$prevquarter = $q;
if ($prevquarter > 1) {
$prevquarter--;
@ -192,7 +128,7 @@ if ($prevquarter > 1) {
$prevquarter = 4;
$prevyear--;
}
$nextyear = $year_start;
$nextyear = $date_start_year;
$nextquarter = $q;
if ($nextquarter < 4) {
$nextquarter++;
@ -262,6 +198,10 @@ $y = $year_current;
$total = 0;
$i = 0;
$columns = 5;
$span = $columns;
if ($modetax != 1) {
$span += 2;
}
// Load arrays of datas
$x_coll = tax_by_thirdparty('vat', $db, 0, $date_start, $date_end, $modetax, 'sell');
@ -290,14 +230,33 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
$invoice_customer->id = $x_coll[$my_coll_thirdpartyid]['facid'][$id];
$invoice_customer->ref = $x_coll[$my_coll_thirdpartyid]['facnum'][$id];
$invoice_customer->type = $x_coll[$my_coll_thirdpartyid]['type'][$id];
$company_static->fetch($x_coll[$my_coll_thirdpartyid]['company_id'][$id]);
//$company_static->fetch($x_coll[$my_coll_thirdpartyid]['company_id'][$id]);
$company_static->id = $x_coll[$my_coll_thirdpartyid]['company_id'][$id];
$company_static->name = $x_coll[$my_coll_thirdpartyid]['company_name'][$id];
$company_static->name_alias = $x_coll[$my_coll_thirdpartyid]['company_alias'][$id];
$company_static->email = $x_coll[$my_coll_thirdpartyid]['company_email'][$id];
$company_static->tva_intra = $x_coll[$my_coll_thirdpartyid]['tva_intra'][$id];
$company_static->client = $x_coll[$my_coll_thirdpartyid]['company_client'][$id];
$company_static->fournisseur = $x_coll[$my_coll_thirdpartyid]['company_fournisseur'][$id];
$company_static->status = $x_coll[$my_coll_thirdpartyid]['company_status'][$id];
$company_static->code_client = $x_coll[$my_coll_thirdpartyid]['company_customer_code'][$id];
$company_static->code_compta_client = $x_coll[$my_coll_thirdpartyid]['company_customer_accounting_code'][$id];
$company_static->code_fournisseur = $x_coll[$my_coll_thirdpartyid]['company_supplier_code'][$id];
$company_static->code_compta_fournisseur = $x_coll[$my_coll_thirdpartyid]['company_supplier_accounting_code'][$id];
$x_both[$my_coll_thirdpartyid]['coll']['detail'][] = array(
'id' =>$x_coll[$my_coll_thirdpartyid]['facid'][$id],
'descr' =>$x_coll[$my_coll_thirdpartyid]['descr'][$id],
'pid' =>$x_coll[$my_coll_thirdpartyid]['pid'][$id],
'pref' =>$x_coll[$my_coll_thirdpartyid]['pref'][$id],
'ptype' =>$x_coll[$my_coll_thirdpartyid]['ptype'][$id],
'pstatus' =>$x_paye[$my_coll_thirdpartyid]['pstatus'][$id],
'pstatusbuy'=>$x_paye[$my_coll_thirdpartyid]['pstatusbuy'][$id],
'payment_id'=>$x_coll[$my_coll_thirdpartyid]['payment_id'][$id],
'payment_ref'=>$x_coll[$my_coll_thirdpartyid]['payment_ref'][$id],
'payment_amount'=>$x_coll[$my_coll_thirdpartyid]['payment_amount'][$id],
'ftotal_ttc'=>$x_coll[$my_coll_thirdpartyid]['ftotal_ttc'][$id],
'dtotal_ttc'=>$x_coll[$my_coll_thirdpartyid]['dtotal_ttc'][$id],
@ -305,7 +264,9 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
'drate' =>$x_coll[$my_coll_thirdpartyid]['drate'][$id],
'datef' =>$x_coll[$my_coll_thirdpartyid]['datef'][$id],
'datep' =>$x_coll[$my_coll_thirdpartyid]['datep'][$id],
'company_link'=>$company_static->getNomUrl(1, '', 20),
'ddate_start'=>$x_coll[$my_coll_thirdpartyid]['ddate_start'][$id],
'ddate_end' =>$x_coll[$my_coll_thirdpartyid]['ddate_end'][$id],
'totalht' =>$x_coll[$my_coll_thirdpartyid]['totalht_list'][$id],
@ -335,10 +296,15 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
$x_both[$my_paye_thirdpartyid]['paye']['detail'][] = array(
'id' =>$x_paye[$my_paye_thirdpartyid]['facid'][$id],
'descr' =>$x_paye[$my_paye_thirdpartyid]['descr'][$id],
'pid' =>$x_paye[$my_paye_thirdpartyid]['pid'][$id],
'pref' =>$x_paye[$my_paye_thirdpartyid]['pref'][$id],
'ptype' =>$x_paye[$my_paye_thirdpartyid]['ptype'][$id],
'pstatus' =>$x_paye[$my_paye_thirdpartyid]['pstatus'][$id],
'pstatusbuy' =>$x_paye[$my_paye_thirdpartyid]['pstatusbuy'][$id],
'payment_id' =>$x_paye[$my_paye_thirdpartyid]['payment_id'][$id],
'payment_ref' =>$x_paye[$my_paye_thirdpartyid]['payment_ref'][$id],
'payment_amount' =>$x_paye[$my_paye_thirdpartyid]['payment_amount'][$id],
'ftotal_ttc' =>price2num($x_paye[$my_paye_thirdpartyid]['ftotal_ttc'][$id]),
'dtotal_ttc' =>price2num($x_paye[$my_paye_thirdpartyid]['dtotal_ttc'][$id]),
@ -354,14 +320,33 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
$invoice_supplier->id = $x_paye[$my_paye_thirdpartyid]['facid'][$id];
$invoice_supplier->ref = $x_paye[$my_paye_thirdpartyid]['facnum'][$id];
$invoice_supplier->type = $x_paye[$my_paye_thirdpartyid]['type'][$id];
$company_static->fetch($x_paye[$my_paye_thirdpartyid]['company_id'][$id]);
//$company_static->fetch($x_paye[$my_paye_thirdpartyid]['company_id'][$id]);
$company_static->id = $x_paye[$my_paye_thirdpartyid]['company_id'][$id];
$company_static->name = $x_paye[$my_paye_thirdpartyid]['company_name'][$id];
$company_static->name_alias = $x_paye[$my_paye_thirdpartyid]['company_alias'][$id];
$company_static->email = $x_paye[$my_paye_thirdpartyid]['company_email'][$id];
$company_static->tva_intra = $x_paye[$my_paye_thirdpartyid]['tva_intra'][$id];
$company_static->client = $x_paye[$my_paye_thirdpartyid]['company_client'][$id];
$company_static->fournisseur = $x_paye[$my_paye_thirdpartyid]['company_fournisseur'][$id];
$company_static->status = $x_paye[$my_paye_thirdpartyid]['company_status'][$id];
$company_static->code_client = $x_paye[$my_paye_thirdpartyid]['company_customer_code'][$id];
$company_static->code_compta_client = $x_paye[$my_paye_thirdpartyid]['company_customer_accounting_code'][$id];
$company_static->code_fournisseur = $x_paye[$my_paye_thirdpartyid]['company_supplier_code'][$id];
$company_static->code_compta_fournisseur = $x_paye[$my_paye_thirdpartyid]['company_supplier_accounting_code'][$id];
$x_both[$my_paye_thirdpartyid]['paye']['detail'][] = array(
'id' =>$x_paye[$my_paye_thirdpartyid]['facid'][$id],
'descr' =>$x_paye[$my_paye_thirdpartyid]['descr'][$id],
'pid' =>$x_paye[$my_paye_thirdpartyid]['pid'][$id],
'pref' =>$x_paye[$my_paye_thirdpartyid]['pref'][$id],
'ptype' =>$x_paye[$my_paye_thirdpartyid]['ptype'][$id],
'pstatus' =>$x_paye[$my_paye_thirdpartyid]['pstatus'][$id],
'pstatusbuy'=>$x_paye[$my_paye_thirdpartyid]['pstatusbuy'][$id],
'payment_id'=>$x_paye[$my_paye_thirdpartyid]['payment_id'][$id],
'payment_ref'=>$x_paye[$my_paye_thirdpartyid]['payment_ref'][$id],
'payment_amount'=>$x_paye[$my_paye_thirdpartyid]['payment_amount'][$id],
'ftotal_ttc'=>price2num($x_paye[$my_paye_thirdpartyid]['ftotal_ttc'][$id]),
'dtotal_ttc'=>price2num($x_paye[$my_paye_thirdpartyid]['dtotal_ttc'][$id]),
@ -369,7 +354,9 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
'drate' =>$x_paye[$my_coll_thirdpartyid]['drate'][$id],
'datef' =>$x_paye[$my_paye_thirdpartyid]['datef'][$id],
'datep' =>$x_paye[$my_paye_thirdpartyid]['datep'][$id],
'company_link'=>$company_static->getNomUrl(1, '', 20),
'ddate_start'=>$x_paye[$my_paye_thirdpartyid]['ddate_start'][$id],
'ddate_end' =>$x_paye[$my_paye_thirdpartyid]['ddate_end'][$id],
'totalht' =>price2num($x_paye[$my_paye_thirdpartyid]['totalht_list'][$id]),
@ -389,11 +376,6 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
$x_paye_sum = 0;
$x_paye_ht = 0;
$span = $columns;
if ($modetax != 1) {
$span += 2;
}
//print '<tr><td colspan="'.($span+1).'">'..')</td></tr>';
// Customers invoices
@ -483,6 +465,9 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
$product_static->id = $fields['pid'];
$product_static->ref = $fields['pref'];
$product_static->type = $fields['dtype']; // We force with the type of line to have type how line is registered
$product_static->status = $fields['pstatus'];
$product_static->status_buy = $fields['pstatusbuy'];
print $product_static->getNomUrl(1);
if (dol_string_nohtmltag($fields['descr'])) {
print ' - '.dol_trunc(dol_string_nohtmltag($fields['descr']), 24);
@ -528,7 +513,8 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
//print $fields['totalht']."-".$fields['payment_amount']."-".$fields['ftotal_ttc'];
if ($fields['payment_amount'] && $fields['ftotal_ttc']) {
$payment_static->id = $fields['payment_id'];
print $payment_static->getNomUrl(2);
$payment_static->ref = $fields['payment_ref'];
print $payment_static->getNomUrl(2, '', '', 0).' ';
}
if (($type == 0 && $conf->global->TAX_MODE_SELL_PRODUCT == 'invoice')
|| ($type == 1 && $conf->global->TAX_MODE_SELL_SERVICE == 'invoice')) {
@ -578,7 +564,7 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
}
}
if (count($x_coll) == 0) { // Show a total ine if nothing shown
if (count($x_coll) == 0) { // Show a total line if nothing shown
print '<tr class="liste_total">';
print '<td colspan="4"></td>';
print '<td class="right">'.$langs->trans("Total").':</td>';
@ -662,7 +648,9 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
}
// Company name
print '<td class="left">'.$fields['company_link'].'</td>';
print '<td class="tdmaxoverflow150">';
print $fields['company_link'];
print '</td>';
// Description
print '<td class="left">';
@ -714,7 +702,8 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
print '<td class="nowrap right">';
if ($fields['payment_amount'] && $fields['ftotal_ttc']) {
$paymentfourn_static->id = $fields['payment_id'];
print $paymentfourn_static->getNomUrl(2);
$paymentfourn_static->ref = $fields['payment_ref'];
print $paymentfourn_static->getNomUrl(2, '', '', 0);
}
if (($type == 0 && $conf->global->TAX_MODE_BUY_PRODUCT == 'invoice')

97
htdocs/compta/tva/index.php
View File

@ -37,99 +37,15 @@ require_once DOL_DOCUMENT_ROOT.'/compta/localtax/class/localtax.class.php';
// Load translation files required by the page
$langs->loadLangs(array("other", "compta", "banks", "bills", "companies", "product", "trips", "admin"));
$form = new Form($db);
$now = dol_now();
$current_date = dol_getdate($now);
if (empty($conf->global->SOCIETE_FISCAL_MONTH_START)) {
$conf->global->SOCIETE_FISCAL_MONTH_START = 1;
}
$refresh = GETPOSTISSET('submit') ? true : false;
$year_current = GETPOSTISSET('year') ? GETPOST('year', 'int') : dol_print_date($now, '%Y', 'tzserver');
$year_start = $year_current;
$month_current = GETPOSTISSET('month') ? GETPOST('month', 'int') : dol_print_date($now, '%m', 'tzserver');
$month_start = $month_current;
if ($refresh === false) {
$year_current = dol_print_date('%Y', $now);
$month_current = dol_print_date('%m', $now);
$refresh = true;
// 1 : Monthly (by default)
// 2 : Quarterly
// 3 : Annual
if ($conf->global->MAIN_INFO_VAT_RETURN == 2) {
// quarterly
$year = $year_current;
if ($month_current >= 7 && $month_current <= 9) {
$month_start = 4;
$month_end = 6;
} elseif ($month_current >= 10 && $month_current <= 12) {
$month_start = 7;
$month_end = 9;
} elseif ($month_current >= 1 && $month_current <= 3) {
$month_start = 10;
$month_end = 12;
$year--;
} else {
$month_start = 1;
$month_end = 3;
}
$date_start = dol_get_first_day($year, $month_start);
$date_end = dol_get_last_day($year, $month_end);
} elseif ($conf->global->MAIN_INFO_VAT_RETURN == 3) {
// annual
$date_start = dol_get_first_day($year_current, 1);
$date_end = dol_get_last_day($year_current, 12);
} else {
// monthly by default
$year = $year_current;
$month_last = $month_current - 1;
if ($month_last <= 0) {
$month_last = $month_last + 12;
$year--;
}
$date_start = dol_get_first_day($year, $month_last);
$date_end = dol_get_last_day($year, $month_last);
}
} else {
// Date range
$year = GETPOST("year", "int");
if (empty($year)) {
$year_current = dol_print_date(dol_now(), "%Y");
if ($conf->global->SOCIETE_FISCAL_MONTH_START > dol_print_date(dol_now(), "%m")) $year_current--;
$year_start = $year_current;
} else {
$year_current = $year;
$year_start = $year;
}
$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"));
$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"));
if (empty($date_start) || empty($date_end)) {// We define date_start and date_end
$q = GETPOST("q", "int");
if (empty($q)) {
if (GETPOST("month", "int")) {
$date_start = dol_get_first_day($year_start, GETPOST("month", "int"), false);
$date_end = dol_get_last_day($year_start, GETPOST("month", "int"), false);
} else {
$date_start = dol_get_first_day($year_start, $conf->global->SOCIETE_FISCAL_MONTH_START, false);
$date_end = dol_time_plus_duree($date_start, 1, 'y') - 1;
}
} else {
if ($q == 1) {
$date_start = dol_get_first_day($year_start, 1, false);
$date_end = dol_get_last_day($year_start, 3, false);
}
if ($q == 2) {
$date_start = dol_get_first_day($year_start, 4, false);
$date_end = dol_get_last_day($year_start, 6, false);
}
if ($q == 3) {
$date_start = dol_get_first_day($year_start, 7, false);
$date_end = dol_get_last_day($year_start, 9, false);
}
if ($q == 4) {
$date_start = dol_get_first_day($year_start, 10, false);
$date_end = dol_get_last_day($year_start, 12, false);
}
}
}
}
include DOL_DOCUMENT_ROOT.'/compta/tva/initdatesforvat.inc.php';
// Define modetax (0 or 1)
// 0=normal, 1=option vat for services is on debit, 2=option on payments for products
@ -255,6 +171,7 @@ function pt($db, $sql, $date)
* View
*/
$form = new Form($db);
$company_static = new Societe($db);
$tva = new Tva($db);

98
htdocs/compta/tva/initdatesforvat.inc.php Normal file
View File

@ -0,0 +1,98 @@
<?php
/* Copyright (C) 2021 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
* or see https://www.gnu.org/
*/
/**
* \file htdocs/compta/tva/initdatesforvat.inc.php
* \brief Set value for date_start and date_end
*/
$now = dol_now();
$current_date = dol_getdate($now);
if (empty($conf->global->SOCIETE_FISCAL_MONTH_START)) {
$conf->global->SOCIETE_FISCAL_MONTH_START = 1;
}
// Date range
$year = GETPOST("year", "int");
if (empty($year)) {
$year_current = $current_date['year'];
$year_start = $year_current;
} else {
$year_current = $year;
$year_start = $year;
}
$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"), 'tzserver');
$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"), 'tzserver');
// Set default period if not defined
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
$q = GETPOST("q", "int");
if (empty($q)) {
if (GETPOST("month", 'int')) {
$date_start = dol_get_first_day($year_start, GETPOST("month", 'int'), 'tzserver');
$date_end = dol_get_last_day($year_start, GETPOST("month", 'int'), 'tzserver');
} else {
if (empty($conf->global->MAIN_INFO_VAT_RETURN) || $conf->global->MAIN_INFO_VAT_RETURN == 2) { // quaterly vat, we take last past complete quarter
$date_start = dol_time_plus_duree(dol_get_first_day($year_start, $current_date['mon'], false), -3 - (($current_date['mon'] - $conf->global->SOCIETE_FISCAL_MONTH_START) % 3), 'm');
$date_end = dol_time_plus_duree($date_start, 3, 'm') - 1;
} elseif ($conf->global->MAIN_INFO_VAT_RETURN == 3) { // yearly vat
if ($current_date['mon'] < $conf->global->SOCIETE_FISCAL_MONTH_START) {
if (($conf->global->SOCIETE_FISCAL_MONTH_START - $current_date['mon']) > 6) { // If period started from less than 6 years, we show past year
$year_start--;
}
} else {
if (($current_date['mon'] - $conf->global->SOCIETE_FISCAL_MONTH_START) < 6) { // If perdio started from less than 6 years, we show past year
$year_start--;
}
}
$date_start = dol_get_first_day($year_start, $conf->global->SOCIETE_FISCAL_MONTH_START, 'tzserver');
$date_end = dol_time_plus_duree($date_start, 1, 'y') - 1;
} elseif ($conf->global->MAIN_INFO_VAT_RETURN == 1) { // monthly vat, we take last past complete month
$date_start = dol_time_plus_duree(dol_get_first_day($year_start, $current_date['mon'], false), -1, 'm');
$date_end = dol_time_plus_duree($date_start, 1, 'm') - 1;
}
}
} else {
if ($q == 1) {
$date_start = dol_get_first_day($year_start, 1, 'tzserver');
$date_end = dol_get_last_day($year_start, 3, 'tzserver');
}
if ($q == 2) {
$date_start = dol_get_first_day($year_start, 4, 'tzserver');
$date_end = dol_get_last_day($year_start, 6, 'tzserver');
}
if ($q == 3) {
$date_start = dol_get_first_day($year_start, 7, 'tzserver');
$date_end = dol_get_last_day($year_start, 9, 'tzserver');
}
if ($q == 4) {
$date_start = dol_get_first_day($year_start, 10, 'tzserver');
$date_end = dol_get_last_day($year_start, 12, 'tzserver');
}
}
}
//print dol_print_date($date_start, 'day').' '.dol_print_date($date_end, 'day');
$tmp = dol_getdate($date_start);
$date_start_day = $tmp['mday'];
$date_start_month = $tmp['mon'];
$date_start_year = $tmp['year'];
$tmp = dol_getdate($date_end);
$date_end_day = $tmp['mday'];
$date_end_month = $tmp['mon'];
$date_end_year = $tmp['year'];

2
htdocs/compta/tva/payments.php
View File

@ -122,7 +122,7 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) {
print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "ptva.datep", "", $param, 'align="center"', $sortfield, $sortorder);
print_liste_field_titre("Type", $_SERVER["PHP_SELF"], "pct.code", "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("BankAccount", $_SERVER["PHP_SELF"], "bank.ref", "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("LabelContrib", $_SERVER["PHP_SELF"], "tva.label", "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("VATDeclaration", $_SERVER["PHP_SELF"], "tva.label", "", $param, '', $sortfield, $sortorder);
//print_liste_field_titre("TypeContrib", $_SERVER["PHP_SELF"], "tva.fk_type", "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "tva.datev", "", $param, 'width="140px"', $sortfield, $sortorder);
print_liste_field_titre("ExpectedToPay", $_SERVER["PHP_SELF"], "tva.amount", "", $param, 'class="right"', $sortfield, $sortorder);

179
htdocs/compta/tva/quadri_detail.php
View File

@ -45,68 +45,11 @@ require_once DOL_DOCUMENT_ROOT.'/expensereport/class/paymentexpensereport.class.
// Load translation files required by the page
$langs->loadLangs(array("other", "compta", "banks", "bills", "companies", "product", "trips", "admin"));
$now = dol_now();
$refresh = GETPOSTISSET('submit') ? true : false;
$refresh = (GETPOSTISSET('submit') || GETPOSTISSET('vat_rate_show') || GETPOSTISSET('invoice_type')) ? true : false;
$invoice_type = GETPOSTISSET('invoice_type') ? GETPOST('invoice_type', 'alpha') : '';
$vat_rate_show = GETPOSTISSET('vat_rate_show') ? GETPOST('vat_rate_show', 'int') : -1;
$year_current = GETPOSTISSET('year') ? GETPOST('year', 'int') : intval(strftime('%Y', $now));
$year_start = $year_current;
$month_current = GETPOSTISSET('month') ? GETPOST('month', 'int') : intval(strftime('%m', $now));
$month_start = $month_current;
if ($refresh === false) {
$date_start = dol_get_first_day($year_start, $month_start);
$date_end = dol_get_last_day($year_start, $month_start);
} else {
// Date range
//$year=GETPOST("year", "int");
//if (empty($year))
//{
// $year_current = strftime("%Y", dol_now());
// $year_start = $year_current;
//} else {
// $year_current = $year;
// $year_start = $year;
//}
$date_start=dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"));
$date_end=dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear"));
// Quarter
if (empty($date_start) || empty($date_end)) { // We define date_start and date_end
$q=GETPOST("q", "int");
if (empty($q)) {
if (GETPOST("month", "int")) {
$date_start=dol_get_first_day($year_start, GETPOST("month", "int"), false);
$date_end=dol_get_last_day($year_start, GETPOST("month", "int"), false);
} else {
$date_start=dol_get_first_day($year_start, empty($conf->global->SOCIETE_FISCAL_MONTH_START)?1:$conf->global->SOCIETE_FISCAL_MONTH_START, false);
if (empty($conf->global->MAIN_INFO_VAT_RETURN) || $conf->global->MAIN_INFO_VAT_RETURN == 2) {
$date_end=dol_time_plus_duree($date_start, 3, 'm') - 1;
} elseif ($conf->global->MAIN_INFO_VAT_RETURN == 3) {
$date_end = dol_time_plus_duree($date_start, 1, 'y') - 1;
} elseif ($conf->global->MAIN_INFO_VAT_RETURN == 1) {
$date_end = dol_time_plus_duree($date_start, 1, 'm') - 1;
}
}
} else {
if ($q == 1) {
$date_start=dol_get_first_day($year_start, 1, false); $date_end=dol_get_last_day($year_start, 3, false);
}
if ($q == 2) {
$date_start=dol_get_first_day($year_start, 4, false); $date_end=dol_get_last_day($year_start, 6, false);
}
if ($q == 3) {
$date_start=dol_get_first_day($year_start, 7, false); $date_end=dol_get_last_day($year_start, 9, false);
}
if ($q == 4) {
$date_start=dol_get_first_day($year_start, 10, false); $date_end=dol_get_last_day($year_start, 12, false);
}
}
}
}
$month_start = strftime('%m', $date_start);
$year_start = strftime('%Y', $date_start);
include DOL_DOCUMENT_ROOT.'/compta/tva/initdatesforvat.inc.php';
$min = price2num(GETPOST("min", "alpha"));
if (empty($min)) {
@ -131,7 +74,6 @@ if ($user->socid) {
$result = restrictedArea($user, 'tax', '', '', 'charges');
/*
* View
*/
@ -154,7 +96,7 @@ foreach ($listofparams as $param) {
}
}
$title = $langs->trans("VATReport")." ".dol_print_date($date_start)." -> ".dol_print_date($date_end);
$title = $langs->trans("VATReport")." ".dol_print_date($date_start, '', 'tzserver')." -> ".dol_print_date($date_end, '', 'tzserver');
llxHeader('', $title, '', '', 0, 0, '', '', $morequerystring);
@ -182,8 +124,10 @@ if ($modetax == 2) {
}
$calcmode .= ' <span class="opacitymedium">('.$langs->trans("TaxModuleSetupToModifyRules", DOL_URL_ROOT.'/admin/taxes.php').')</span>';
// Set period
$period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0).' - '.$form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0);
$prevyear = $year_start;
$period = $form->selectDate($date_start, 'date_start', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver');
$period .= ' - ';
$period .= $form->selectDate($date_end, 'date_end', 0, 0, 0, '', 1, 0, 0, '', '', '', '', 1, '', '', 'tzserver');
$prevyear = $date_start_year;
$prevquarter = $q;
if ($prevquarter > 1) {
$prevquarter--;
@ -191,7 +135,7 @@ if ($prevquarter > 1) {
$prevquarter = 4;
$prevyear--;
}
$nextyear = $year_start;
$nextyear = $date_start_year;
$nextquarter = $q;
if ($nextquarter < 4) {
$nextquarter++;
@ -256,9 +200,13 @@ print '<div class="div-table-responsive">';
print '<table class="noborder centpercent">';
$y = $year_current;
$total = 0;
$i = 0;
$columns = 5;
$columns = 7;
$span = $columns;
if ($modetax != 1) {
$span += 2;
}
// Load arrays of datas
$x_coll = tax_by_rate('vat', $db, 0, 0, $date_start, $date_end, $modetax, 'sell');
@ -287,7 +235,21 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
$invoice_customer->id = $x_coll[$my_coll_rate]['facid'][$id];
$invoice_customer->ref = $x_coll[$my_coll_rate]['facnum'][$id];
$invoice_customer->type = $x_coll[$my_coll_rate]['type'][$id];
$company_static->fetch($x_coll[$my_coll_rate]['company_id'][$id]);
//$company_static->fetch($x_coll[$my_coll_rate]['company_id'][$id]);
$company_static->id = $x_coll[$my_coll_rate]['company_id'][$id];
$company_static->name = $x_coll[$my_coll_rate]['company_name'][$id];
$company_static->name_alias = $x_coll[$my_coll_rate]['company_alias'][$id];
$company_static->email = $x_coll[$my_coll_rate]['company_email'][$id];
$company_static->tva_intra = $x_coll[$my_coll_rate]['tva_intra'][$id];
$company_static->client = $x_coll[$my_coll_rate]['company_client'][$id];
$company_static->fournisseur = $x_coll[$my_coll_rate]['company_fournisseur'][$id];
$company_static->status = $x_coll[$my_coll_rate]['company_status'][$id];
$company_static->code_client = $x_coll[$my_coll_rate]['company_customer_code'][$id];
$company_static->code_compta_client = $x_coll[$my_coll_rate]['company_customer_accounting_code'][$id];
$company_static->code_fournisseur = $x_coll[$my_coll_rate]['company_supplier_code'][$id];
$company_static->code_compta_fournisseur = $x_coll[$my_coll_rate]['company_supplier_accounting_code'][$id];
$x_both[$my_coll_rate]['coll']['detail'][] = array(
'id' =>$x_coll[$my_coll_rate]['facid'][$id],
'descr' =>$x_coll[$my_coll_rate]['descr'][$id],
@ -295,13 +257,16 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
'pref' =>$x_coll[$my_coll_rate]['pref'][$id],
'ptype' =>$x_coll[$my_coll_rate]['ptype'][$id],
'payment_id'=>$x_coll[$my_coll_rate]['payment_id'][$id],
'payment_ref'=>$x_coll[$my_coll_rate]['payment_ref'][$id],
'payment_amount'=>$x_coll[$my_coll_rate]['payment_amount'][$id],
'ftotal_ttc'=>$x_coll[$my_coll_rate]['ftotal_ttc'][$id],
'dtotal_ttc'=>$x_coll[$my_coll_rate]['dtotal_ttc'][$id],
'dtype' =>$x_coll[$my_coll_rate]['dtype'][$id],
'datef' =>$x_coll[$my_coll_rate]['datef'][$id],
'datep' =>$x_coll[$my_coll_rate]['datep'][$id],
'company_link'=>$company_static->getNomUrl(1, '', 20),
'ddate_start'=>$x_coll[$my_coll_rate]['ddate_start'][$id],
'ddate_end' =>$x_coll[$my_coll_rate]['ddate_end'][$id],
'totalht' =>$x_coll[$my_coll_rate]['totalht_list'][$id],
@ -335,6 +300,7 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
'pref' =>$x_paye[$my_paye_rate]['pref'][$id],
'ptype' =>$x_paye[$my_paye_rate]['ptype'][$id],
'payment_id' =>$x_paye[$my_paye_rate]['payment_id'][$id],
'payment_ref' =>$x_paye[$my_paye_rate]['payment_ref'][$id],
'payment_amount' =>$x_paye[$my_paye_rate]['payment_amount'][$id],
'ftotal_ttc' =>price2num($x_paye[$my_paye_rate]['ftotal_ttc'][$id]),
'dtotal_ttc' =>price2num($x_paye[$my_paye_rate]['dtotal_ttc'][$id]),
@ -349,7 +315,20 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
$invoice_supplier->id = $x_paye[$my_paye_rate]['facid'][$id];
$invoice_supplier->ref = $x_paye[$my_paye_rate]['facnum'][$id];
$invoice_supplier->type = $x_paye[$my_paye_rate]['type'][$id];
$company_static->fetch($x_paye[$my_paye_rate]['company_id'][$id]);
$company_static->id = $x_paye[$my_paye_rate]['company_id'][$id];
$company_static->name = $x_paye[$my_paye_rate]['company_name'][$id];
$company_static->name_alias = $x_paye[$my_paye_rate]['company_alias'][$id];
$company_static->email = $x_paye[$my_paye_rate]['company_email'][$id];
$company_static->tva_intra = $x_paye[$my_paye_rate]['tva_intra'][$id];
$company_static->client = $x_paye[$my_paye_rate]['company_client'][$id];
$company_static->fournisseur = $x_paye[$my_paye_rate]['company_fournisseur'][$id];
$company_static->status = $x_paye[$my_paye_rate]['company_status'][$id];
$company_static->code_client = $x_paye[$my_paye_rate]['company_customer_code'][$id];
$company_static->code_compta_client = $x_paye[$my_paye_rate]['company_customer_accounting_code'][$id];
$company_static->code_fournisseur = $x_paye[$my_paye_rate]['company_supplier_code'][$id];
$company_static->code_compta_fournisseur = $x_paye[$my_paye_rate]['company_supplier_accounting_code'][$id];
$x_both[$my_paye_rate]['paye']['detail'][] = array(
'id' =>$x_paye[$my_paye_rate]['facid'][$id],
'descr' =>$x_paye[$my_paye_rate]['descr'][$id],
@ -357,13 +336,16 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
'pref' =>$x_paye[$my_paye_rate]['pref'][$id],
'ptype' =>$x_paye[$my_paye_rate]['ptype'][$id],
'payment_id'=>$x_paye[$my_paye_rate]['payment_id'][$id],
'payment_ref'=>$x_paye[$my_paye_rate]['payment_ref'][$id],
'payment_amount'=>$x_paye[$my_paye_rate]['payment_amount'][$id],
'ftotal_ttc'=>price2num($x_paye[$my_paye_rate]['ftotal_ttc'][$id]),
'dtotal_ttc'=>price2num($x_paye[$my_paye_rate]['dtotal_ttc'][$id]),
'dtype' =>$x_paye[$my_paye_rate]['dtype'][$id],
'datef' =>$x_paye[$my_paye_rate]['datef'][$id],
'datep' =>$x_paye[$my_paye_rate]['datep'][$id],
'company_link'=>$company_static->getNomUrl(1, '', 20),
'ddate_start'=>$x_paye[$my_paye_rate]['ddate_start'][$id],
'ddate_end' =>$x_paye[$my_paye_rate]['ddate_end'][$id],
'totalht' =>price2num($x_paye[$my_paye_rate]['totalht_list'][$id]),
@ -383,11 +365,6 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
$x_paye_sum = 0;
$x_paye_ht = 0;
$span = $columns;
if ($modetax != 1) {
$span += 2;
}
//print '<tr><td colspan="'.($span+1).'">'..')</td></tr>';
// Customers invoices
@ -429,7 +406,11 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
print "<tr>";
print '<td class="tax_rate" colspan="' . ($span+1) . '">';
print $langs->trans('Rate') . ' : ' . vatrate($rate) . '%';
print ' - <a href="' . DOL_URL_ROOT . '/compta/tva/quadri_detail.php?invoice_type=customer&amp;vat_rate_show=' . urlencode($rate) . '&amp;year=' . urlencode($year_start) . '&amp;month=' . urlencode($month_start) . '">' . img_picto('', 'chevron-down', 'class="paddingrightonly"') . $langs->trans('VATReportShowByRateDetails') . '</a>';
print ' - <a href="'.DOL_URL_ROOT.'/compta/tva/quadri_detail.php?invoice_type=customer';
if (!GETPOSTISSET('vat_rate_show') || GETPOST('vat_rate_show') != $rate) {
print '&amp;vat_rate_show='.urlencode($rate);
}
print '&amp;date_startyear='.urlencode($date_start_year).'&amp;date_startmonth='.urlencode($date_start_month).'&amp;date_startday='.urlencode($date_start_day).'&amp;date_endyear='.urlencode($date_end_year).'&amp;date_endmonth='.urlencode($date_end_month).'&amp;date_endday='.urlencode($date_end_day).'">' . img_picto('', 'chevron-down', 'class="paddingrightonly"') . $langs->trans('VATReportShowByRateDetails') . '</a>';
print '</td>';
print '</tr>'."\n";
@ -473,6 +454,19 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
if ($invoice_type == 'customer' && $vat_rate_show == $rate) {
if (is_array($x_both[$rate]['coll']['detail'])) {
foreach ($x_both[$rate]['coll']['detail'] as $index => $fields) {
/*$company_static->id = $fields['company_id'];
$company_static->name = $fields['company_name'];
$company_static->name_alias = $fields['company_alias'];
$company_static->email = $fields['company_email'];
$company_static->tva_intra = $fields['tva_intra'];
$company_static->client = $fields['company_client'];
$company_static->fournisseur = $fields['company_fournisseur'];
$company_static->status = $fields['company_status'];
$company_static->code_client = $fields['company_client'];
$company_static->code_compta_client = $fields['company_customer_code'];
$company_static->code_fournisseur = $fields['company_customer_accounting_code'];
$company_static->code_compta_fournisseur = $fields['company_supplier_accounting_code'];*/
// Define type
// We MUST use dtype (type in line). We can use something else, only if dtype is really unknown.
$type = (isset($fields['dtype']) ? $fields['dtype'] : $fields['ptype']);
@ -499,7 +493,10 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
else print '<td></td>';
// Company name
print '<td class="left">' . $fields['company_link'] . '</td>';
print '<td class="tdmaxoverflow150">';
//print $company_static->getNomUrl(1);
print $fields['company_link'];
print '</td>';
// Description
print '<td class="left">';
@ -552,7 +549,8 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
//print $fields['totalht']."-".$fields['payment_amount']."-".$fields['ftotal_ttc'];
if ($fields['payment_amount'] && $fields['ftotal_ttc']) {
$payment_static->id = $fields['payment_id'];
print $payment_static->getNomUrl(2);
$payment_static->ref = $fields['payment_ref'];
print $payment_static->getNomUrl(2, '', '', 0).' ';
}
if (($type == 0 && $conf->global->TAX_MODE_SELL_PRODUCT == 'invoice')
|| ($type == 1 && $conf->global->TAX_MODE_SELL_SERVICE == 'invoice')) {
@ -618,7 +616,7 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
// Blank line
print '<tr><td colspan="'.($span+2).'">&nbsp;</td></tr>';
// Print table headers for this quadri - expenses now
// Print table headers for this quadri - expenses
print '<tr class="liste_titre liste_titre_topborder">';
print '<td class="left">'.$elementsup.'</td>';
print '<td class="left">'.$langs->trans("DateInvoice").'</td>';
@ -642,7 +640,11 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
print "<tr>";
print '<td class="tax_rate" colspan="' . ($span+1) . '">';
print $langs->trans('Rate') . ' : ' . vatrate($rate) . '%';
print ' - <a href="' . dol_buildpath('/compta/tva/quadri_detail.php', 1) . '?invoice_type=supplier&amp;vat_rate_show=' . $rate . '&amp;year=' . $year_start . '&amp;month=' . $month_start . '">' . img_picto('', 'chevron-down', 'class="paddingrightonly"') . $langs->trans('VATReportShowByRateDetails') . '</a>';
print ' - <a href="'.DOL_URL_ROOT.'/compta/tva/quadri_detail.php?invoice_type=supplier';
if (!GETPOSTISSET('vat_rate_show') || GETPOST('vat_rate_show') != $rate) {
print '&amp;vat_rate_show='.urlencode($rate);
}
print '&amp;date_startyear='.urlencode($date_start_year).'&amp;date_startmonth='.urlencode($date_start_month).'&amp;date_startday='.urlencode($date_start_day).'&amp;date_endyear='.urlencode($date_end_year).'&amp;date_endmonth='.urlencode($date_end_month).'&amp;date_endday='.urlencode($date_end_day).'">' . img_picto('', 'chevron-down', 'class="paddingrightonly"') . $langs->trans('VATReportShowByRateDetails') . '</a>';
print '</td>';
print '</tr>'."\n";
@ -684,6 +686,19 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
if ($invoice_type == 'supplier' && $vat_rate_show == $rate) {
foreach ($x_both[$rate]['paye']['detail'] as $index => $fields) {
/*$company_static->id = $fields['company_id'];
$company_static->name = $fields['company_name'];
$company_static->name_alias = $fields['company_alias'];
$company_static->email = $fields['company_email'];
$company_static->tva_intra = $fields['tva_intra'];
$company_static->client = $fields['company_client'];
$company_static->fournisseur = $fields['company_fournisseur'];
$company_static->status = $fields['company_status'];
$company_static->code_client = $fields['company_client'];
$company_static->code_compta_client = $fields['company_customer_code'];
$company_static->code_fournisseur = $fields['company_customer_accounting_code'];
$company_static->code_compta_fournisseur = $fields['company_supplier_accounting_code'];*/
// Define type
// We MUST use dtype (type in line). We can use something else, only if dtype is really unknown.
$type = (isset($fields['dtype']) ? $fields['dtype'] : $fields['ptype']);
@ -713,7 +728,10 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
}
// Company name
print '<td class="left">' . $fields['company_link'] . '</td>';
print '<td class="tdmaxoverflow150">';
//print $company_static->getNomUrl(1);
print $fields['company_link'];
print '</td>';
// Description
print '<td class="left">';
@ -765,7 +783,8 @@ if (!is_array($x_coll) || !is_array($x_paye)) {
print '<td class="nowrap right">';
if ($fields['payment_amount'] && $fields['ftotal_ttc']) {
$paymentfourn_static->id = $fields['payment_id'];
print $paymentfourn_static->getNomUrl(2);
$paymentfourn_static->ref = $fields['payment_ref'];
print $paymentfourn_static->getNomUrl(2, '', '', 0).' ';
}
if (($type == 0 && $conf->global->TAX_MODE_BUY_PRODUCT == 'invoice')

5
htdocs/contact/list.php
View File

@ -458,7 +458,7 @@ if ($search_societe) {
$sql .= natural_search(empty($conf->global->SOCIETE_DISABLE_CONTACTS) ? 's.nom' : 'p.fk_soc', $search_societe);
}
if ($search_country) {
$sql .= " AND p.fk_pays IN (".$search_country.')';
$sql .= " AND p.fk_pays IN (".$db->sanitize($search_country).')';
}
if (strlen($search_poste)) {
$sql .= natural_search('p.poste', $search_poste);
@ -492,9 +492,8 @@ if (strlen($search_town)) {
$sql .= natural_search("p.town", $search_town);
}
if (count($search_roles) > 0) {
$sql .= " AND p.rowid IN (SELECT sc.fk_socpeople FROM ".MAIN_DB_PREFIX."societe_contacts as sc WHERE sc.fk_c_type_contact IN (".implode(',', $search_roles)."))";
$sql .= " AND p.rowid IN (SELECT sc.fk_socpeople FROM ".MAIN_DB_PREFIX."societe_contacts as sc WHERE sc.fk_c_type_contact IN (".$db->sanitize(implode(',', $search_roles))."))";
}
if ($search_no_email != '' && $search_no_email >= 0) {
$sql .= " AND p.no_email = ".$db->escape($search_no_email);
}

12
htdocs/contrat/card.php
View File

@ -2008,7 +2008,7 @@ if ($action == 'create') {
if (empty($user->socid)) {
if ($object->statut == 1) {
if ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights->contrat->creer)) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&mode=init#formmailbeforetitle">'.$langs->trans('SendMail').'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&token='.newToken().'&mode=init#formmailbeforetitle">'.$langs->trans('SendMail').'</a></div>';
} else {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#">'.$langs->trans('SendMail').'</a></div>';
}
@ -2017,14 +2017,14 @@ if ($action == 'create') {
if ($object->statut == 0 && $nbofservices) {
if ($user->rights->contrat->creer) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=valid">'.$langs->trans("Validate").'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=valid&amp;token='.newToken().'">'.$langs->trans("Validate").'</a></div>';
} else {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.$langs->trans("NotEnoughPermissions").'">'.$langs->trans("Validate").'</a></div>';
}
}
if ($object->statut == 1) {
if ($user->rights->contrat->creer) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=reopen">'.$langs->trans("Modify").'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=reopen&amp;token='.newToken().'">'.$langs->trans("Modify").'</a></div>';
} else {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.$langs->trans("NotEnoughPermissions").'">'.$langs->trans("Modify").'</a></div>';
}
@ -2050,14 +2050,14 @@ if ($action == 'create') {
if ($object->nbofservicesclosed > 0 || $object->nbofserviceswait > 0) {
if ($user->rights->contrat->activer) {
print '<div class="inline-block divButAction"><a class="butAction" id="btnactivateall" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=activate">'.$langs->trans("ActivateAllContracts").'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" id="btnactivateall" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=activate&amp;token='.newToken().'">'.$langs->trans("ActivateAllContracts").'</a></div>';
} else {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" id="btnactivateall" href="#">'.$langs->trans("ActivateAllContracts").'</a></div>';
}
}
if ($object->nbofservicesclosed < $nbofservices) {
if ($user->rights->contrat->desactiver) {
print '<div class="inline-block divButAction"><a class="butAction" id="btncloseall" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=close">'.$langs->trans("CloseAllContracts").'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" id="btncloseall" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=close&amp;token='.newToken().'">'.$langs->trans("CloseAllContracts").'</a></div>';
} else {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" id="btncloseall" href="#">'.$langs->trans("CloseAllContracts").'</a></div>';
}
@ -2081,7 +2081,7 @@ if ($action == 'create') {
// Clone
if ($user->rights->contrat->creer) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&amp;socid='.$object->socid.'&amp;action=clone&amp;object='.$object->element.'">'.$langs->trans("ToClone").'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&amp;socid='.$object->socid.'&amp;action=clone&amp;token='.newToken().'&amp;object='.$object->element.'">'.$langs->trans("ToClone").'</a></div>';
}
// On peut supprimer entite si

4
htdocs/contrat/class/api_contracts.class.php
View File

@ -132,14 +132,14 @@ class Contracts extends DolibarrApi
$sql .= " AND t.fk_soc = sc.fk_soc";
}
if ($socids) {
$sql .= " AND t.fk_soc IN (".$socids.")";
$sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")";
}
if ($search_sale > 0) {
$sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
}
// Insert sale filter
if ($search_sale > 0) {
$sql .= " AND sc.fk_user = ".$search_sale;
$sql .= " AND sc.fk_user = ".((int) $search_sale);
}
// Add sql filters
if ($sqlfilters) {

2
htdocs/contrat/class/contrat.class.php
View File

@ -1172,7 +1172,7 @@ class Contrat extends CommonObject
$this->db->free($resql);
$sql = "DELETE FROM ".MAIN_DB_PREFIX."contratdet_log ";
$sql .= " WHERE ".MAIN_DB_PREFIX."contratdet_log.rowid IN (".implode(",", $tab_resql).")";
$sql .= " WHERE ".MAIN_DB_PREFIX."contratdet_log.rowid IN (".$this->db->sanitize(implode(",", $tab_resql)).")";
dol_syslog(get_class($this)."::delete contratdet_log", LOG_DEBUG);
$resql = $this->db->query($sql);

Some files were not shown because too many files have changed in this diff Show More