From d59ee064382ca2d4a7a89516e3bc806cc1edb0a0 Mon Sep 17 00:00:00 2001 From: Florian Mortgat Date: Thu, 25 Feb 2021 14:51:57 +0100 Subject: [PATCH 01/12] FIX 11.0 - $this->socid injected in query without checking for empty value --- htdocs/contact/class/contact.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index dadb41179ca..030d2417853 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -1686,7 +1686,7 @@ class Contact extends CommonObject $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_soc=".$this->socid." AND fk_socpeople=".$this->id; ; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_soc=".intval($this->socid)." AND fk_socpeople=".$this->id; ; dol_syslog(__METHOD__, LOG_DEBUG); $result = $this->db->query($sql); From e08bfab537ebd52bc6f3ec86350b0d9edf8f3361 Mon Sep 17 00:00:00 2001 From: Juanjo Menent Date: Thu, 25 Feb 2021 16:29:26 +0100 Subject: [PATCH 02/12] FIX: Bad project filter in ticket list --- htdocs/ticket/list.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index 0c6db4a4a2d..565d1279037 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -352,7 +352,7 @@ foreach ($search as $key => $val) if (count($newarrayofstatus)) $sql .= natural_search($key, join(',', $newarrayofstatus), 2); continue; } - if ($key == 'fk_user_assign' || $key == 'fk_user_create') + if ($key == 'fk_user_assign' || $key == 'fk_user_create' || $key = 'fk_project') { if ($search[$key] > 0) $sql .= natural_search($key, $search[$key], 2); continue; @@ -362,7 +362,7 @@ foreach ($search as $key => $val) } if ($search_all) $sql .= natural_search(array_keys($fieldstosearchall), $search_all); if ($search_societe) $sql .= natural_search('s.nom', $search_societe); -if ($search_fk_project) $sql .= natural_search('fk_project', $search_fk_project, 2); +//if ($search_fk_project) $sql .= natural_search('fk_project', $search_fk_project, 2); if ($search_date_start) $sql .= " AND t.datec >= '".$db->idate($search_date_start)."'"; if ($search_date_end) $sql .= " AND t.datec <= '".$db->idate($search_date_end)."'"; if ($search_dateread_start) $sql .= " AND t.date_read >= '".$db->idate($search_dateread_start)."'"; From 5d31a93bf0b4215e4b8009b63bf87bdf83915dbc Mon Sep 17 00:00:00 2001 From: daraelmin Date: Fri, 26 Feb 2021 08:20:51 +0100 Subject: [PATCH 03/12] Fix #16420 - undefined $model_mail_selected_id Set $model_mail_selected_id to 0 when it is undefined --- htdocs/core/class/html.formmail.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php index 2b551ed14d1..729be941d51 100644 --- a/htdocs/core/class/html.formmail.class.php +++ b/htdocs/core/class/html.formmail.class.php @@ -455,7 +455,7 @@ class FormMail extends Form // Zone to select email template if (count($modelmail_array) > 0) { - $model_mail_selected_id = GETPOSTISSET('modelmailselected') ? GETPOST('modelmailselected', 'int') : $arraydefaultmessage->id; + $model_mail_selected_id = GETPOSTISSET('modelmailselected') ? GETPOST('modelmailselected', 'int') : ( ($arraydefaultmessage->id) ? $arraydefaultmessage->id : 0 ); // If list of template is filled $out .= '
'."\n"; From 8e8efce7d173346fe52c8374500b49190a83da6c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Feb 2021 10:23:53 +0100 Subject: [PATCH 04/12] Fix sql syntax --- htdocs/contact/class/contact.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 030d2417853..e0239da6142 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -1686,7 +1686,7 @@ class Contact extends CommonObject $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_soc=".intval($this->socid)." AND fk_socpeople=".$this->id; ; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_soc=".((int) $this->socid)." AND fk_socpeople=".$this->id; dol_syslog(__METHOD__, LOG_DEBUG); $result = $this->db->query($sql); From 99a17cadb7377f82ecb409ee0304785c0fcc4675 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Feb 2021 10:25:08 +0100 Subject: [PATCH 05/12] Fix sql syntax --- htdocs/contact/class/contact.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index e0239da6142..06b436fc0c8 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -1704,7 +1704,7 @@ class Contact extends CommonObject $sql .= "fk_socpeople) "; $sql .= " VALUES (".$conf->entity.","; $sql .= "'".$this->db->idate(dol_now())."',"; - $sql .= $this->socid.", "; + $sql .= ((int) $this->socid).", "; $sql .= $valRoles." , "; $sql .= $this->id; $sql .= ")"; From 549136efebebdb1e33fbfe224c53b19a15afe6ed Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Feb 2021 10:25:30 +0100 Subject: [PATCH 06/12] Removed useless log --- htdocs/contact/class/contact.class.php | 1 - 1 file changed, 1 deletion(-) diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 06b436fc0c8..ac415afce6c 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -1708,7 +1708,6 @@ class Contact extends CommonObject $sql .= $valRoles." , "; $sql .= $this->id; $sql .= ")"; - dol_syslog(__METHOD__, LOG_DEBUG); $result = $this->db->query($sql); if (!$result) From 69c974800cf9b20e88a9ff0f175f4e52c4d9d543 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Feb 2021 10:30:30 +0100 Subject: [PATCH 07/12] Update html.formmail.class.php --- htdocs/core/class/html.formmail.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php index 729be941d51..d505bd1fada 100644 --- a/htdocs/core/class/html.formmail.class.php +++ b/htdocs/core/class/html.formmail.class.php @@ -455,7 +455,7 @@ class FormMail extends Form // Zone to select email template if (count($modelmail_array) > 0) { - $model_mail_selected_id = GETPOSTISSET('modelmailselected') ? GETPOST('modelmailselected', 'int') : ( ($arraydefaultmessage->id) ? $arraydefaultmessage->id : 0 ); + $model_mail_selected_id = GETPOSTISSET('modelmailselected') ? GETPOST('modelmailselected', 'int') : (($arraydefaultmessage->id) ? $arraydefaultmessage->id : 0); // If list of template is filled $out .= '
'."\n"; From e0785ac5ef316cf737c6d5d7fcf200059646d52c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Feb 2021 10:31:02 +0100 Subject: [PATCH 08/12] Update html.formmail.class.php --- htdocs/core/class/html.formmail.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php index d505bd1fada..46fcd5e331b 100644 --- a/htdocs/core/class/html.formmail.class.php +++ b/htdocs/core/class/html.formmail.class.php @@ -455,7 +455,7 @@ class FormMail extends Form // Zone to select email template if (count($modelmail_array) > 0) { - $model_mail_selected_id = GETPOSTISSET('modelmailselected') ? GETPOST('modelmailselected', 'int') : (($arraydefaultmessage->id) ? $arraydefaultmessage->id : 0); + $model_mail_selected_id = GETPOSTISSET('modelmailselected') ? GETPOST('modelmailselected', 'int') : ($arraydefaultmessage->id > 0 ? $arraydefaultmessage->id : 0); // If list of template is filled $out .= '
'."\n"; From adc03135437dc19f6ed3c71f3c3a059990c65ebf Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Feb 2021 11:09:15 +0100 Subject: [PATCH 09/12] Fix lang --- htdocs/core/lib/product.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/product.lib.php b/htdocs/core/lib/product.lib.php index 9ce8d84d7e3..21ed3790418 100644 --- a/htdocs/core/lib/product.lib.php +++ b/htdocs/core/lib/product.lib.php @@ -381,7 +381,7 @@ function show_stats_for_company($product, $socid) $nblines++; $ret = $product->load_stats_proposal_supplier($socid); if ($ret < 0) dol_print_error($db); - $langs->load("propal"); + $langs->load("supplier_proposal"); print ''; print ''.img_object('', 'supplier_proposal').' '.$langs->trans("SupplierProposals").''; print ''; From 0f44bdb90fabecf66220ca9c2f41d0de2396b99c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Feb 2021 11:27:03 +0100 Subject: [PATCH 10/12] Fix sql error --- htdocs/core/lib/product.lib.php | 24 ++++++++++++------------ htdocs/product/class/product.class.php | 2 +- htdocs/product/stats/bom.php | 4 ++-- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/htdocs/core/lib/product.lib.php b/htdocs/core/lib/product.lib.php index 21ed3790418..7012b6bff07 100644 --- a/htdocs/core/lib/product.lib.php +++ b/htdocs/core/lib/product.lib.php @@ -365,7 +365,7 @@ function show_stats_for_company($product, $socid) if ($ret < 0) dol_print_error($db); $langs->load("propal"); print ''; - print ''.img_object('', 'propal').' '.$langs->trans("Proposals").''; + print ''.img_object('', 'propal', 'class="paddingright"').$langs->trans("Proposals").''; print ''; print $product->stats_propale['customers']; print ''; @@ -383,7 +383,7 @@ function show_stats_for_company($product, $socid) if ($ret < 0) dol_print_error($db); $langs->load("supplier_proposal"); print ''; - print ''.img_object('', 'supplier_proposal').' '.$langs->trans("SupplierProposals").''; + print ''.img_object('', 'supplier_proposal', 'class="paddingright"').$langs->trans("SupplierProposals").''; print ''; print $product->stats_proposal_supplier['suppliers']; print ''; @@ -401,7 +401,7 @@ function show_stats_for_company($product, $socid) if ($ret < 0) dol_print_error($db); $langs->load("orders"); print ''; - print ''.img_object('', 'order').' '.$langs->trans("CustomersOrders").''; + print ''.img_object('', 'order', 'class="paddingright"').$langs->trans("CustomersOrders").''; print ''; print $product->stats_commande['customers']; print ''; @@ -419,7 +419,7 @@ function show_stats_for_company($product, $socid) if ($ret < 0) dol_print_error($db); $langs->load("orders"); print ''; - print ''.img_object('', 'supplier_order').' '.$langs->trans("SuppliersOrders").''; + print ''.img_object('', 'supplier_order', 'class="paddingright"').$langs->trans("SuppliersOrders").''; print ''; print $product->stats_commande_fournisseur['suppliers']; print ''; @@ -455,7 +455,7 @@ function show_stats_for_company($product, $socid) if ($ret < 0) dol_print_error($db); $langs->load("bills"); print ''; - print ''.img_object('', 'supplier_invoice').' '.$langs->trans("SuppliersInvoices").''; + print ''.img_object('', 'supplier_invoice', 'class="paddingright"').$langs->trans("SuppliersInvoices").''; print ''; print $product->stats_facture_fournisseur['suppliers']; print ''; @@ -474,7 +474,7 @@ function show_stats_for_company($product, $socid) if ($ret < 0) dol_print_error($db); $langs->load("contracts"); print ''; - print ''.img_object('', 'contract').' '.$langs->trans("Contracts").''; + print ''.img_object('', 'contract', 'class="paddingright"').$langs->trans("Contracts").''; print ''; print $product->stats_contrat['customers']; print ''; @@ -496,15 +496,15 @@ function show_stats_for_company($product, $socid) $langs->load("mrp"); print ''; - print ''.img_object('', 'mrp').' '.$langs->trans("BOM").''; + print ''.img_object('', 'bom', 'class="paddingright"').$langs->trans("BOM").''; print ''; print ''; - print $form->textwithpicto($product->stats_bom['nb_toproduce'], $langs->trans("QtyToProduce")); - print $form->textwithpicto($product->stats_bom['nb_toconsume'], $langs->trans("ToConsume")); + print $form->textwithpicto($product->stats_bom['nb_toconsume'], $langs->trans("RowMaterial")); + print $form->textwithpicto($product->stats_bom['nb_toproduce'], $langs->trans("Finished")); print ''; - print $form->textwithpicto($product->stats_bom['qty_toproduce'], $langs->trans("QtyToProduce")); - print $form->textwithpicto($product->stats_bom['qty_toconsume'], $langs->trans("ToConsume")); + print $form->textwithpicto($product->stats_bom['qty_toconsume'], $langs->trans("RowMaterial")); + print $form->textwithpicto($product->stats_bom['qty_toproduce'], $langs->trans("Finished")); print ''; print ''; } @@ -519,7 +519,7 @@ function show_stats_for_company($product, $socid) } $langs->load("mrp"); print ''; - print ''.img_object('', 'mrp').' '.$langs->trans("MO").''; + print ''.img_object('', 'mrp', 'class="paddingright"').$langs->trans("MO").''; print ''; print $form->textwithpicto($product->stats_mo['customers_toconsume'], $langs->trans("ToConsume")); print $form->textwithpicto($product->stats_mo['customers_consumed'], $langs->trans("QtyAlreadyConsumed")); diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index f8286216e57..3be810a2e8e 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -2464,7 +2464,7 @@ class Product extends CommonObject $this->stats_bom['qty_toconsume'] = 0; $sql = "SELECT COUNT(DISTINCT b.rowid) as nb_toproduce,"; - $sql .= " b.qty as qty_toproduce"; + $sql .= " SUM(b.qty) as qty_toproduce"; $sql .= " FROM ".MAIN_DB_PREFIX."bom_bom as b"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."bom_bomline as bl ON bl.fk_bom=b.rowid"; $sql .= " WHERE "; diff --git a/htdocs/product/stats/bom.php b/htdocs/product/stats/bom.php index 1582646cd8a..d1254a65b1e 100644 --- a/htdocs/product/stats/bom.php +++ b/htdocs/product/stats/bom.php @@ -244,8 +244,8 @@ if ($id > 0 || !empty($ref)) print ''; print_liste_field_titre("Ref", $_SERVER["PHP_SELF"], "b.rowid", "", "&id=".$product->id, '', $sortfield, $sortorder); print_liste_field_titre("Date", $_SERVER["PHP_SELF"], "b.date_valid", "", "&id=".$product->id, 'align="center"', $sortfield, $sortorder); - print_liste_field_titre("ToConsume", $_SERVER["PHP_SELF"], "", "", "&id=".$product->id, '', $sortfield, $sortorder, 'center '); - print_liste_field_titre("QtyToProduce", $_SERVER["PHP_SELF"], "", "", "&id=".$product->id, '', $sortfield, $sortorder, 'center '); + print_liste_field_titre("RowMaterial", $_SERVER["PHP_SELF"], "", "", "&id=".$product->id, '', $sortfield, $sortorder, 'center '); + print_liste_field_titre("Finished", $_SERVER["PHP_SELF"], "", "", "&id=".$product->id, '', $sortfield, $sortorder, 'center '); print_liste_field_titre("Status", $_SERVER["PHP_SELF"], "b.status", "", "&id=".$product->id, '', $sortfield, $sortorder, 'center '); print "\n"; From badd46e2897b49ac777695e3dbf43a842c964781 Mon Sep 17 00:00:00 2001 From: Juanjo Menent Date: Fri, 26 Feb 2021 11:53:23 +0100 Subject: [PATCH 11/12] FIX: Bad project filter in ticket list --- htdocs/ticket/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index 565d1279037..1a276c75f5f 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -352,7 +352,7 @@ foreach ($search as $key => $val) if (count($newarrayofstatus)) $sql .= natural_search($key, join(',', $newarrayofstatus), 2); continue; } - if ($key == 'fk_user_assign' || $key == 'fk_user_create' || $key = 'fk_project') + if ($key == 'fk_user_assign' || $key == 'fk_user_create' || $key == 'fk_project') { if ($search[$key] > 0) $sql .= natural_search($key, $search[$key], 2); continue; From 16906abc097f27e538038b97781caf7f4e351004 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Feb 2021 12:47:57 +0100 Subject: [PATCH 12/12] FIX File attachment on lots --- htdocs/core/class/conf.class.php | 4 ++-- htdocs/product/stock/productlot_card.php | 2 +- htdocs/product/stock/productlot_document.php | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/htdocs/core/class/conf.class.php b/htdocs/core/class/conf.class.php index 3191e5edd47..39600605414 100644 --- a/htdocs/core/class/conf.class.php +++ b/htdocs/core/class/conf.class.php @@ -437,8 +437,8 @@ class Conf $this->service->dir_temp = $rootfortemp."/produit/temp"; // Module productbatch - $this->productbatch->multidir_output = array($this->entity => $rootfordata."/produitlot"); - $this->productbatch->multidir_temp = array($this->entity => $rootfortemp."/produitlot/temp"); + $this->productbatch->multidir_output = array($this->entity => $rootfordata."/productlot"); + $this->productbatch->multidir_temp = array($this->entity => $rootfortemp."/productlot/temp"); // Module contrat $this->contrat->multidir_output = array($this->entity => $rootfordata."/contract"); diff --git a/htdocs/product/stock/productlot_card.php b/htdocs/product/stock/productlot_card.php index 8601ce25ebc..0968e2ea7ce 100644 --- a/htdocs/product/stock/productlot_card.php +++ b/htdocs/product/stock/productlot_card.php @@ -397,7 +397,7 @@ if (empty($action)) print ''; // ancre // Documents - $filedir = $conf->productbatch->multidir_output[$object->entity].'/'.get_exdir(0, 0, 0, 0, $object, 'product_batch').dol_sanitizeFileName($object->ref); + $filedir = $conf->productbatch->multidir_output[$object->entity].'/'.get_exdir(0, 0, 0, 0, $object, 'product_batch'); $urlsource = $_SERVER["PHP_SELF"]."?id=".$object->id; $genallowed = $usercanread; $delallowed = $usercancreate; diff --git a/htdocs/product/stock/productlot_document.php b/htdocs/product/stock/productlot_document.php index 535486f8c62..2882bbf1c9f 100644 --- a/htdocs/product/stock/productlot_document.php +++ b/htdocs/product/stock/productlot_document.php @@ -26,7 +26,7 @@ /** * \file htdocs/product/stock/productlot_document.php * \ingroup product - * \brief Page des documents joints sur les lots produits + * \brief Page of attached documents for porudct lots */ require '../../main.inc.php'; @@ -79,7 +79,7 @@ if ($id || $ref) $object->fetch($id, $productid, $batch); $object->ref = $object->batch; // For document management ( it use $object->ref) - if (!empty($conf->productbatch->enabled)) $upload_dir = $conf->productbatch->multidir_output[$object->entity].'/'.get_exdir(0, 0, 0, 0, $object, $modulepart).dol_sanitizeFileName($object->ref); + if (!empty($conf->productbatch->enabled)) $upload_dir = $conf->productbatch->multidir_output[$object->entity].'/'.get_exdir(0, 0, 0, 1, $object, $modulepart); }