lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'Dolibarr/14.0' into 14

Browse Source
This commit is contained in:
Francis Appels 2021-08-24 10:37:19 +02:00
commit 3a6188d42f
217 changed files with 1199 additions and 2386 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
ChangeLog
View File

@ -2,6 +2,45 @@
English Dolibarr ChangeLog
--------------------------------------------------------------
***** ChangeLog for 14.0.1 compared to 14.0.0 *****
FIX: $conf->task used but it does not exist, use $conf->projet instead
FIX: #18181
FIX: #18212 : Add url field
FIX: #18267
FIX: #18289 #18294
FIX: #18341 lang not loaded
FIX: #18389 Accountancy - Bug on LDcompta10 export for supplier invoice
FIX: #18399 Fix shipment validation email template override.
FIX: Accountancy - Debug Export Sage50 / CIEL Compta / CIEL Compta Evo (Format XIMPORT)
FIX: Accountancy - Rules to delete & modify transaction not applied in ledger & subledger
FIX: Accountancy - Search date on journal
FIX: Accountancy - SQL error on select journal on journal
FIX: Accountancy - SQL error when insert a manuel transaction
FIX: add include missing file '/core/actions_dellink.inc.php' in project card
FIX: avoid to have link to create bookmark on page to create bookmark
FIX: bad approver shown on holiday once approved
FIX: bad closing div on error message
FIX: cannot add time spentd when column ref is not displayed
FIX: Can't remove a permission of a group
FIX: Can't set cost price when product is not on purchase
FIX: compatibility postgresql
FIX: filter on status Draft in modulebuilder
FIX: holiday card: hooks uninitialized
FIX: Invoice - Missing button to reopen an abandoned situation invoice
FIX: Link of download main doc on vat list
FIX: look and field v14
FIX: Missing column Date validation in ledger & subledger
FIX: on admin/pdf.php (with javascript enabled) if you set some boolean confs then click on "save", all boolean values are reset
FIX: on supplier order, JOIN with product fourn price table must be done with fk_soc too to avoid display several times a same line (because of same supplier product ref)
FIX: postgresql filter select search extrafield
FIX: shipping validation workflow: 'ORDER_NEW' trigger called from wrong object
FIX: show info of company into user dropdown
FIX: totalDayAll hours in tasks
FIX: update product lot
FIX: using Tulip, deposit mask was not saved
FIX: #yogosha6907
***** ChangeLog for 14.0.0 compared to 13.0.0 *****

19
build/generate_filelist_xml.php
View File

@ -48,17 +48,16 @@ $includecustom=0;
$includeconstants=array();
if (empty($argv[1])) {
print "Usage: ".$script_file." release=autostable|auto[-mybuild]|x.y.z[-mybuild] [includecustom=1] [includeconstant=CC:MY_CONF_NAME:value]\n";
print "Usage: ".$script_file." release=autostable|auto[-mybuild]|x.y.z[-mybuild] [includecustom=1] [includeconstant=CC:MY_CONF_NAME:value] [buildzip=1]\n";
print "Example: ".$script_file." release=6.0.0 includecustom=1 includeconstant=FR:INVOICE_CAN_ALWAYS_BE_REMOVED:0 includeconstant=all:MAILING_NO_USING_PHPMAIL:1\n";
exit -1;
}
parse_str($argv[1]);
$i=0;
while ($i < $argc) {
if (! empty($argv[$i])) {
parse_str($argv[$i]);
parse_str($argv[$i]); // set all params $release, $includecustom, $includeconstant, $buildzip ...
}
if (preg_match('/includeconstant=/', $argv[$i])) {
$tmp=explode(':', $includeconstant, 3); // $includeconstant has been set with previous parse_str()
@ -125,8 +124,8 @@ print "\n";
//$outputfile=dirname(__FILE__).'/../htdocs/install/filelist-'.$release.'.xml';
$outputdir=dirname(dirname(__FILE__)).'/htdocs/install';
print 'Delete current files '.$outputdir.'/filelist*.xml'."\n";
dol_delete_file($outputdir.'/filelist*.xml', 0, 1, 1);
print 'Delete current files '.$outputdir.'/filelist*.xml*'."\n";
dol_delete_file($outputdir.'/filelist*.xml*', 0, 1, 1);
$checksumconcat=array();
@ -237,6 +236,14 @@ fputs($fp, '</dolibarr_script_dir_checksum>'."\n");
fputs($fp, '</checksum_list>'."\n");
fclose($fp);
print "File ".$outputfile." generated\n";
if (empty($buildzip)) {
print "File ".$outputfile." generated\n";
} else {
$result = dol_compress_file($outputfile, $outputfile.'.zip');
if ($result > 0) {
dol_delete_file($outputfile);
print "File ".$outputfile.".zip generated\n";
}
}
exit(0);

234
dev/initdata/dbf/import-dbf.php
View File

@ -1,234 +0,0 @@
#!/usr/bin/env php
<?php
/* Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2016 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* WARNING, THIS WILL LOAD MASS DATA ON YOUR INSTANCE
*/
/**
* \file dev/initdata/import-dbf.php
* \brief Script example to create a table from a large DBF file (openoffice)
* To purge data, you can have a look at purge-data.php
*/
// Test si mode batch
$sapi_type = php_sapi_name();
$script_file = basename(__FILE__);
$path = dirname(__FILE__) . '/';
if (substr($sapi_type, 0, 3) == 'cgi') {
echo "Error: You are using PHP for CGI. To execute ".$script_file." from command line, you must use PHP for CLI mode.\n";
exit;
}
// Recupere root dolibarr
$path = dirname($_SERVER["PHP_SELF"]);
require $path . "./../htdocs/master.inc.php";
require $path . "/includes/dbase.class.php";
// Global variables
$version = DOL_VERSION;
$confirmed = 1;
$error = 0;
/*
* Main
*/
@set_time_limit(0);
print "***** " . $script_file . " (" . $version . ") pid=" . dol_getmypid() . " *****\n";
dol_syslog($script_file . " launched with arg " . implode(',', $argv));
$filepath = $argv[1];
$filepatherr = $filepath . '.err';
$startchar = empty($argv[2]) ? 0 : (int) $argv[2];
$deleteTable = empty($argv[3]) ? 1 : 0;
$startlinenb = empty($argv[3]) ? 1 : (int) $argv[3];
$endlinenb = empty($argv[4]) ? 0 : (int) $argv[4];
if (empty($filepath)) {
print "Usage: php $script_file myfilepath.dbf [removeChatColumnName] [startlinenb] [endlinenb]\n";
print "Example: php $script_file myfilepath.dbf 0 2 1002\n";
print "\n";
exit(-1);
}
if (!file_exists($filepath)) {
print "Error: File " . $filepath . " not found.\n";
print "\n";
exit(-1);
}
$ret = $user->fetch('', 'admin');
if (!$ret > 0) {
print 'A user with login "admin" and all permissions must be created to use this script.' . "\n";
exit;
}
$user->getrights();
// Ask confirmation
if (!$confirmed) {
print "Hit Enter to continue or CTRL+C to stop...\n";
$input = trim(fgets(STDIN));
}
// Open input and output files
$fhandle = dbase_open($filepath, 0);
if (!$fhandle) {
print 'Error: Failed to open file ' . $filepath . "\n";
exit(1);
}
$fhandleerr = fopen($filepatherr, 'w');
if (!$fhandleerr) {
print 'Error: Failed to open file ' . $filepatherr . "\n";
exit(1);
}
$langs->setDefaultLang($defaultlang);
$record_numbers = dbase_numrecords($fhandle);
$table_name = substr(basename($filepath), 0, strpos(basename($filepath), '.'));
print 'Info: ' . $record_numbers . " lines in file \n";
$header = dbase_get_header_info($fhandle);
if ($deleteTable) {
$db->query("DROP TABLE IF EXISTS `$table_name`");
}
$sqlCreate = "CREATE TABLE IF NOT EXISTS `$table_name` ( `id` INT(11) NOT NULL AUTO_INCREMENT ";
$fieldArray = array("`id`");
foreach ($header as $value) {
$fieldName = substr(str_replace('_', '', $value['name']), $startchar);
$fieldArray[] = "`$fieldName`";
$sqlCreate .= ", `" . $fieldName . "` VARCHAR({$value['length']}) NULL DEFAULT NULL ";
}
$sqlCreate .= ", PRIMARY KEY (`id`)) ENGINE = InnoDB";
$resql = $db->query($sqlCreate);
if ($resql !== false) {
print "Table $table_name created\n";
} else {
var_dump($db->errno());
print "Impossible : " . $sqlCreate . "\n";
die();
}
$i = 0;
$nboflines++;
$fields = implode(',', $fieldArray);
//var_dump($fieldArray);die();
$maxLength = 0;
for ($i = 1; $i <= $record_numbers; $i++) {
if ($startlinenb && $i < $startlinenb) {
continue;
}
if ($endlinenb && $i > $endlinenb) {
continue;
}
$row = dbase_get_record_with_names($fhandle, $i);
if ($row === false || (isset($row["deleted"]) && $row["deleted"] == '1')) {
continue;
}
$sqlInsert = "INSERT INTO `$table_name`($fields) VALUES (null,";
array_shift($row); // remove delete column
foreach ($row as $value) {
$sqlInsert .= "'" . $db->escape(utf8_encode($value)) . "', ";
}
replaceable_echo(implode("\t", $row));
$sqlInsert = rtrim($sqlInsert, ', ');
$sqlInsert .= ")";
$resql = $db->query($sqlInsert);
if ($resql === false) {
print "Impossible : " . $sqlInsert . "\n";
var_dump($row, $db->errno());
die();
}
// $fields = (object) $row;
// var_dump($fields);
continue;
}
die();
// commit or rollback
print "Nb of lines qualified: " . $nboflines . "\n";
print "Nb of errors: " . $error . "\n";
if ($mode != 'confirmforced' && ($error || $mode != 'confirm')) {
print "Rollback any changes.\n";
$db->rollback();
} else {
print "Commit all changes.\n";
$db->commit();
}
$db->close();
fclose($fhandle);
fclose($fhandleerr);
exit($error);
/**
* replaceable_echo
*
* @param string $message Message
* @param int $force_clear_lines Force clear messages
* @return void
*/
function replaceable_echo($message, $force_clear_lines = null)
{
static $last_lines = 0;
if (!is_null($force_clear_lines)) {
$last_lines = $force_clear_lines;
}
$toss = array();
$status = 0;
$term_width = exec('tput cols', $toss, $status);
if ($status) {
$term_width = 64; // Arbitrary fall-back term width.
}
$line_count = 0;
foreach (explode("\n", $message) as $line) {
$line_count += count(str_split($line, $term_width));
}
// Erasure MAGIC: Clear as many lines as the last output had.
for ($i = 0; $i < $last_lines; $i++) {
// Return to the beginning of the line
echo "\r";
// Erase to the end of the line
echo "\033[K";
// Move cursor Up a line
echo "\033[1A";
// Return to the beginning of the line
echo "\r";
// Erase to the end of the line
echo "\033[K";
// Return to the beginning of the line
echo "\r";
// Can be consolodated into
// echo "\r\033[K\033[1A\r\033[K\r";
}
$last_lines = $line_count;
echo $message . "\n";
}

248
dev/initdata/dbf/importdb-products.php
View File

@ -1,248 +0,0 @@
#!/usr/bin/env php
<?php
/* Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2016 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* WARNING, THIS WILL LOAD MASS DATA ON YOUR INSTANCE
*/
/**
* \file dev/initdata/import-product.php
* \brief Script example to insert products from a csv file.
* To purge data, you can have a look at purge-data.php
*/
// Test si mode batch
$sapi_type = php_sapi_name();
$script_file = basename(__FILE__);
$path = dirname(__FILE__) . '/';
if (substr($sapi_type, 0, 3) == 'cgi') {
echo "Error: You are using PHP for CGI. To execute ".$script_file." from command line, you must use PHP for CLI mode.\n";
exit;
}
// Recupere root dolibarr
$path = preg_replace('/importdb-products.php/i', '', $_SERVER["PHP_SELF"]);
require $path . "../../htdocs/master.inc.php";
require $path . "includes/dbase.class.php";
include_once DOL_DOCUMENT_ROOT . '/societe/class/societe.class.php';
include_once DOL_DOCUMENT_ROOT . '/product/class/product.class.php';
//$delimiter = ',';
//$enclosure = '"';
//$linelength = 10000;
//$escape = '/';
// Global variables
$version = DOL_VERSION;
$confirmed = 1;
$error = 0;
$tvas = [
'1' => "20.00",
'2' => "5.50",
'3' => "0.00",
'4' => "20.60",
'5' => "19.60",
];
$tvasD = [
'1' => "20",
'2' => "5.5",
'3' => "0",
'4' => "20",
'5' => "20",
];
/*
* Main
*/
@set_time_limit(0);
print "***** " . $script_file . " (" . $version . ") pid=" . dol_getmypid() . " *****\n";
dol_syslog($script_file . " launched with arg " . implode(',', $argv));
$table = $argv[1];
if (empty($argv[1])) {
print "Error: Which table ?\n";
print "\n";
exit(-1);
}
$ret = $user->fetch('', 'admin');
if (!$ret > 0) {
print 'A user with login "admin" and all permissions must be created to use this script.' . "\n";
exit;
}
$sql = "SELECT * FROM `$table` WHERE 1";
$resql = $db->query($sql);
if ($resql) {
while ($fields = $db->fetch_array($resql)) {
$errorrecord = 0;
if ($fields === false) {
continue;
}
$nboflines++;
$produit = new Product($db);
$produit->type = 0;
$produit->status = 1;
$produit->ref = trim($fields['REF']);
if ($produit->ref == '') {
continue;
}
print "Process line nb " . $j . ", ref " . $produit->ref;
$produit->label = trim($fields['LIBELLE']);
if ($produit->label == '') {
$produit->label = $produit->ref;
}
if (empty($produit->label)) {
continue;
}
//$produit->description = trim($fields[4] . "\n" . ($fields[5] ? $fields[5] . ' x ' . $fields[6] . ' x ' . $fields[7] : ''));
// $produit->volume = price2num($fields[8]);
// $produit->volume_unit = 0;
$produit->weight = price2num($fields['MASSE']);
$produit->weight_units = 0; // -3 = g
//$produit->customcode = $fields[10];
$produit->barcode = str_pad($fields['CODE'], 12, "0", STR_PAD_LEFT);
$produit->barcode_type = '2';
$produit->import_key = $fields['CODE'];
$produit->status = 1;
$produit->status_buy = 1;
$produit->finished = 1;
// $produit->multiprices[0] = price2num($fields['TARIF0']);
// $produit->multiprices[1] = price2num($fields['TARIF1']);
// $produit->multiprices[2] = price2num($fields['TARIF2']);
// $produit->multiprices[3] = price2num($fields['TARIF3']);
// $produit->multiprices[4] = price2num($fields['TARIF4']);
// $produit->multiprices[5] = price2num($fields['TARIF5']);
// $produit->multiprices[6] = price2num($fields['TARIF6']);
// $produit->multiprices[7] = price2num($fields['TARIF7']);
// $produit->multiprices[8] = price2num($fields['TARIF8']);
// $produit->multiprices[9] = price2num($fields['TARIF9']);
// $produit->price_min = null;
// $produit->price_min_ttc = null;
// $produit->price = price2num($fields[11]);
// $produit->price_ttc = price2num($fields[12]);
// $produit->price_base_type = 'TTC';
// $produit->tva_tx = price2num($fields[13]);
$produit->tva_tx = (int) ($tvas[$fields['CODTVA']]);
$produit->tva_npr = 0;
// $produit->cost_price = price2num($fields[16]);
//compta
$produit->accountancy_code_buy = trim($fields['COMACH']);
$produit->accountancy_code_sell = trim($fields['COMVEN']);
// $produit->accountancy_code_sell_intra=trim($fields['COMVEN']);
// $produit->accountancy_code_sell_export=trim($fields['COMVEN']);
// Extrafields
// $produit->array_options['options_ecotaxdeee'] = price2num($fields[17]);
$produit->seuil_stock_alerte = $fields['STALERTE'];
$ret = $produit->create($user, 0);
if ($ret < 0) {
print " - Error in create result code = " . $ret . " - " . $produit->errorsToString();
$errorrecord++;
} else {
print " - Creation OK with ref " . $produit->ref . " - id = " . $ret;
}
dol_syslog("Add prices");
// If we use price level, insert price for each level
if (!$errorrecord && 1) {
//$ret1 = $produit->updatePrice($produit->price_ttc, $produit->price_base_type, $user, $produit->tva_tx, $produit->price_min, 1, $produit->tva_npr, 0, 0, array());
$ret1 = false;
for ($i = 0; $i < 10; $i++) {
if ($fields['TARIF' . ($i)] == 0) {
continue;
}
$ret1 = $ret1 || $produit->updatePrice(price2num($fields['TARIF' . ($i)]), 'HT', $user, $produit->tva_tx, $produit->price_min, $i + 1, $produit->tva_npr, 0, 0, array()) < 0;
}
if ($ret1) {
print " - Error in updatePrice result " . $produit->errorsToString();
$errorrecord++;
} else {
print " - updatePrice OK";
}
}
// dol_syslog("Add multilangs");
// Add alternative languages
// if (!$errorrecord && 1) {
// $produit->multilangs['fr_FR'] = array('label' => $produit->label, 'description' => $produit->description, 'note' => $produit->note_private);
// $produit->multilangs['en_US'] = array('label' => $fields[3], 'description' => $produit->description, 'note' => $produit->note_private);
//
// $ret = $produit->setMultiLangs($user);
// if ($ret < 0) {
// print " - Error in setMultiLangs result code = " . $ret . " - " . $produit->errorsToString();
// $errorrecord++;
// } else {
// print " - setMultiLangs OK";
// }
// }
dol_syslog("Add stocks");
// stocks
if (!$errorrecord && $fields['STOCK'] != 0) {
$rets = $produit->correct_stock($user, 1, $fields['STOCK'], 0, 'Stock importé');
if ($rets < 0) {
print " - Error in correct_stock result " . $produit->errorsToString();
$errorrecord++;
} else {
print " - correct_stock OK";
}
}
//update date créa
if (!$errorrecord) {
$date = substr($fields['DATCREA'], 0, 4) . '-' . substr($fields['DATCREA'], 4, 2) . '-' . substr($fields['DATCREA'], 6, 2);
$retd = $db->query("UPDATE `llx_product` SET `datec` = '$date 00:00:00' WHERE `llx_product`.`rowid` = $produit->id");
if ($retd < 1) {
print " - Error in update date créa result " . $produit->errorsToString();
$errorrecord++;
} else {
print " - update date créa OK";
}
}
print "\n";
if ($errorrecord) {
print( 'Error on record nb ' . $i . " - " . $produit->errorsToString() . "\n");
var_dump($db);
die();
$error++; // $errorrecord will be reset
}
$j++;
}
} else {
die("error : $sql");
}
// commit or rollback
print "Nb of lines qualified: " . $nboflines . "\n";
print "Nb of errors: " . $error . "\n";
$db->close();
exit($error);

365
dev/initdata/dbf/importdb-thirdparties.php
View File

@ -1,365 +0,0 @@
#!/usr/bin/env php
<?php
/* Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2016 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* WARNING, THIS WILL LOAD MASS DATA ON YOUR INSTANCE
*/
/**
* \file dev/initdata/import-product.php
* \brief Script example to insert products from a csv file.
* To purge data, you can have a look at purge-data.php
*/
// Test si mode batch
$sapi_type = php_sapi_name();
$script_file = basename(__FILE__);
$path = dirname(__FILE__) . '/';
if (substr($sapi_type, 0, 3) == 'cgi') {
echo "Error: You are using PHP for CGI. To execute ".$script_file." from command line, you must use PHP for CLI mode.\n";
exit;
}
// Recupere root dolibarr
$path = preg_replace('/importdb-thirdparties.php/i', '', $_SERVER["PHP_SELF"]);
require $path . "../../htdocs/master.inc.php";
require $path . "includes/dbase.class.php";
include_once DOL_DOCUMENT_ROOT . '/societe/class/societe.class.php';
include_once DOL_DOCUMENT_ROOT . '/product/class/product.class.php';
//$delimiter = ',';
//$enclosure = '"';
//$linelength = 10000;
//$escape = '/';
// Global variables
$version = DOL_VERSION;
$confirmed = 1;
$error = 0;
$civilPrivate = array("MLLE",
"MM",
"MM/MADAME",
"MME",
"MME.",
"MME²",
"MMONSIEUR",
"MMR",
"MOBNSIEUR",
"MOMSIEUR",
"MON SIEUR",
"MONDIAL",
"MONIEUR",
"MONJSIEUR",
"MONNSIEUR",
"MONRIEUR",
"MONS",
"MONSIEÕR",
"MONSIER",
"MONSIERU",
"MONSIEU",
"monsieue",
"MONSIEUR",
"Monsieur     \"",
"MONSIEUR    \"",
"MONSIEUR   E",
"MONSIEUR  DENIS",
"MONSIEUR ET MME",
"MONSIEUR!",
"MONSIEUR.",
"MONSIEUR.MADAME",
"MONSIEUR3",
"MONSIEURN",
"MONSIEURT",
"MONSIEUR£",
"MONSIEYR",
"Monsigur",
"MONSIIEUR",
"MONSIUER",
"MONSIZEUR",
"MOPNSIEUR",
"MOSIEUR",
"MR",
"Mr  Mme",
"Mr - MME",
"MR BLANC",
"MR ET MME",
"mr mm",
"MR OU MME",
"Mr.",
"MR/MME",
"MRME",
"MRR",
"Mrs",
"Mademoiselle",
"MADAOME",
"madamme",
"MADAME",
"M0NSIEUR",
"M.et Madame",
"M. ET MR",
"M.",
"M%",
"M MME",
"M ET MME",
"M",
"M CROCE",
"M DIEVART",
);
/*
* Main
*/
@set_time_limit(0);
print "***** " . $script_file . " (" . $version . ") pid=" . dol_getmypid() . " *****\n";
dol_syslog($script_file . " launched with arg " . implode(',', $argv));
$table = $argv[1];
if (empty($argv[1])) {
print "Error: Quelle table ?\n";
print "\n";
exit(-1);
}
$ret = $user->fetch('', 'admin');
if (!$ret > 0) {
print 'A user with login "admin" and all permissions must be created to use this script.' . "\n";
exit;
}
$sql = "SELECT * FROM `$table` WHERE 1 "; //ORDER BY REMISE DESC,`LCIVIL` DESC";
$resql = $db->query($sql);
//$db->begin();
if ($resql) {
while ($fields = $db->fetch_array($resql)) {
$i++;
$errorrecord = 0;
if ($startlinenb && $i < $startlinenb) {
continue;
}
if ($endlinenb && $i > $endlinenb) {
continue;
}
$nboflines++;
$object = new Societe($db);
$object->import_key = $fields['CODE'];
$object->state = 1;
$object->client = 3;
$object->fournisseur = 0;
$object->name = $fields['FCIVIL'] . ' ' . $fields['FNOM'];
//$object->name_alias = $fields[0] != $fields[13] ? trim($fields[0]) : '';
$date = $fields['DATCREA'] ? $fields['DATCREA'] : ($fields['DATMOD'] ? $fields['DATMOD'] : '20200101');
$object->code_client = 'CU' . substr($date, 2, 2) . substr($date, 4, 2) . '-' . str_pad(substr($fields['CODE'], 0, 5), 5, "0", STR_PAD_LEFT);
$object->address = trim($fields['FADR1']);
if ($fields['FADR2']) {
$object->address .= "\n" . trim($fields['FADR2']);
}
if ($fields['FADR3']) {
$object->address .= "\n" . trim($fields['FADR3']);
}
$object->zip = trim($fields['FPOSTE']);
$object->town = trim($fields['FVILLE']);
if ($fields['FPAYS']) {
$object->country_id = dol_getIdFromCode($db, trim(ucwords(strtolower($fields['FPAYS']))), 'c_country', 'label', 'rowid');
} else {
$object->country_id = 1;
}
$object->phone = trim($fields['FTEL']) ? trim($fields['FTEL']) : trim($fields['FCONTACT']);
$object->phone = substr($object->phone, 0, 20);
$object->fax = trim($fields['FFAX']) ? trim($fields['FFAX']) : trim($fields['FCONTACT']);
$object->fax = substr($object->fax, 0, 20);
$object->email = trim($fields['FMAIL']);
// $object->idprof2 = trim($fields[29]);
$object->tva_intra = str_replace(['.', ' '], '', $fields['TVAINTRA']);
$object->tva_intra = substr($object->tva_intra, 0, 20);
$object->default_lang = 'fr_FR';
$object->cond_reglement_id = dol_getIdFromCode($db, 'PT_ORDER', 'c_payment_term', 'code', 'rowid', 1);
$object->multicurrency_code = 'EUR';
if ($fields['REMISE'] != '0.00') {
$object->remise_percent = abs($fields['REMISE']);
}
// $object->code_client = $fields[9];
// $object->code_fournisseur = $fields[10];
if ($fields['FCIVIL']) {
$labeltype = in_array($fields['FCIVIL'], $civilPrivate) ? 'TE_PRIVATE' : 'TE_SMALL';
$object->typent_id = dol_getIdFromCode($db, $labeltype, 'c_typent', 'code');
}
// Set price level
$object->price_level = $fields['TARIF'] + 1;
// if ($labeltype == 'Revendeur')
// $object->price_level = 2;
print "Process line nb " . $i . ", code " . $fields['CODE'] . ", name " . $object->name;
// Extrafields
$object->array_options['options_banque'] = $fields['BANQUE'];
$object->array_options['options_banque2'] = $fields['BANQUE2'];
$object->array_options['options_banquevalid'] = $fields['VALID'];
if (!$errorrecord) {
$ret = $object->create($user);
if ($ret < 0) {
print " - Error in create result code = " . $ret . " - " . $object->errorsToString();
$errorrecord++;
var_dump($object->code_client, $db);
die();
} else {
print " - Creation OK with name " . $object->name . " - id = " . $ret;
}
}
if (!$errorrecord) {
dol_syslog("Set price level");
$object->set_price_level($object->price_level, $user);
}
if (!$errorrecord && @$object->remise_percent) {
dol_syslog("Set remise client");
$object->set_remise_client($object->remise_percent, 'Importé', $user);
}
dol_syslog("Add contact");
// Insert an invoice contact if there is an invoice email != standard email
if (!$errorrecord && ($fields['LCIVIL'] || $fields['LNOM'])) {
$madame = array("MADAME",
"MADEMOISELLE",
"MELLE",
"MLLE",
"MM",
"Mme",
"MNE",
);
$monsieur = array("M",
"M ET MME",
"M MME",
"M.",
"M. MME",
"M. OU Mme",
"M.ou Madame",
"MONSEUR",
"MONSIER",
"MONSIEU",
"MONSIEUR",
"monsieur:mme",
"MONSIEUR¨",
"MONSIEZUR",
"MONSIUER",
"MONSKIEUR",
"MR",
);
$ret1 = $ret2 = 0;
$contact = new Contact($db);
if (in_array($fields['LCIVIL'], $madame)) {
// une dame
$contact->civility_id = 'MME';
$contact->lastname = $fields['LNOM'];
} elseif (in_array($fields['LCIVIL'], $monsieur)) {
// un monsieur
$contact->civility_id = 'MR';
$contact->lastname = $fields['LNOM'];
} elseif (in_array($fields['LCIVIL'], ['DOCTEUR'])) {
// un monsieur
$contact->civility_id = 'DR';
$contact->lastname = $fields['LNOM'];
} else {
// un a rattraper
$contact->lastname = $fields['LCIVIL'] . " " . $fields['LNOM'];
}
$contact->address = trim($fields['LADR1']);
if ($fields['LADR2']) {
$contact->address .= "\n" . trim($fields['LADR2']);
}
if ($fields['LADR3']) {
$contact->address .= "\n" . trim($fields['LADR3']);
}
$contact->zip = trim($fields['LPOSTE']);
$contact->town = trim($fields['LVILLE']);
if ($fields['FPAYS']) {
$contact->country_id = dol_getIdFromCode($db, trim(ucwords(strtolower($fields['LPAYS']))), 'c_country', 'label', 'rowid');
} else {
$contact->country_id = 1;
}
$contact->email = $fields['LMAIL'];
$contact->phone = trim($fields['LTEL']) ? trim($fields['LTEL']) : trim($fields['LCONTACT']);
$contact->fax = trim($fields['LFAX']) ? trim($fields['LFAX']) : trim($fields['LCONTACT']);
$contact->socid = $object->id;
$ret1 = $contact->create($user);
if ($ret1 > 0) {
//$ret2=$contact->add_contact($object->id, 'BILLING');
}
if ($ret1 < 0 || $ret2 < 0) {
print " - Error in create contact result code = " . $ret1 . " " . $ret2 . " - " . $contact->errorsToString();
$errorrecord++;
} else {
print " - create contact OK";
}
}
//update date créa
if (!$errorrecord) {
$datec = substr($date, 0, 4) . '-' . substr($date, 4, 2) . '-' . substr($date, 6, 2);
$retd = $db->query("UPDATE `llx_societe` SET `datec` = '$datec 00:00:00' WHERE `rowid` = $object->id");
if ($retd < 1) {
print " - Error in update date créa result " . $object->errorsToString();
$errorrecord++;
} else {
print " - update date créa OK";
}
}
print "\n";
if ($errorrecord) {
print( 'Error on record nb ' . $i . " - " . $object->errorsToString() . "\n");
var_dump($db, $object, $contact);
// $db->rollback();
die();
$error++; // $errorrecord will be reset
}
$j++;
}
} else {
die("error : $sql");
}
$db->commit();
// commit or rollback
print "Nb of lines qualified: " . $nboflines . "\n";
print "Nb of errors: " . $error . "\n";
$db->close();
exit($error);

599
dev/initdata/dbf/includes/dbase.class.php
View File

@ -1,599 +0,0 @@
<?php
/**
* \file dev/initdata/dbf/includes/dbase.class.php
* \ingroup dev
* \brief Class to manage DBF databases
*/
// source : https://github.com/donfbecker/php-dbase
define('DBASE_RDONLY', 0);
define('DBASE_WRONLY', 1);
define('DBASE_RDWR', 2);
define('DBASE_TYPE_DBASE', 0);
define('DBASE_TYPE_FOXPRO', 1);
/**
* Class for DBase
*/
class DBase
{
private $fd;
private $headerLength = 0;
private $fields = array();
private $fieldCount = 0;
private $recordLength = 0;
private $recordCount = 0;
/**
* resource dbase_open
* @param string $filename filename
* @param int $mode mode
* @return DBase
*/
public static function open($filename, $mode)
{
if (!file_exists($filename)) {
return false;
}
$modes = array('r', 'w', 'r+');
$mode = $modes[$mode];
$fd = fopen($filename, $mode);
if (!$fd) {
return false;
}
return new DBase($fd);
}
/**
* resource dbase_create
* @param string $filename filename
* @param array $fields fields
* @param int $type DBASE_TYPE_DBASE
* @return DBase
*/
public static function create($filename, $fields, $type = DBASE_TYPE_DBASE)
{
if (file_exists($filename)) {
return false;
}
$fd = fopen($filename, 'c+');
if (!$fd) {
return false;
}
// Byte 0 (1 byte): Valid dBASE for DOS file; bits 0-2 indicate version number, bit 3
// indicates the presence of a dBASE for DOS memo file, bits 4-6 indicate the
// presence of a SQL table, bit 7 indicates the presence of any memo file
// (either dBASE m PLUS or dBASE for DOS)
self::putChar8($fd, 5);
// Byte 1-3 (3 bytes): Date of last update; formatted as YYMMDD
self::putChar8($fd, date('Y') - 1900);
self::putChar8($fd, date('m'));
self::putChar8($fd, date('d'));
// Byte 4-7 (32-bit number): Number of records in the database file. Currently 0
self::putInt32($fd, 0);
// Byte 8-9 (16-bit number): Number of bytes in the header.
self::putInt16($fd, 32 + (32 * count($fields)) + 1);
// Byte 10-11 (16-bit number): Number of bytes in record.
// Make sure the include the byte for deleted flag
$len = 1;
foreach ($fields as &$field) {
$len += self::length($field);
}
self::putInt16($fd, $len);
// Byte 12-13 (2 bytes): Reserved, 0 filled.
self::putInt16($fd, 0);
// Byte 14 (1 byte): Flag indicating incomplete transaction
// The ISMARKEDO function checks this flag. BEGIN TRANSACTION sets it to 1, END TRANSACTION and ROLLBACK reset it to 0.
self::putChar8($fd, 0);
// Byte 15 (1 byte): Encryption flag. If this flag is set to 1, the message Database encrypted appears. Changing this flag to 0 removes the message, but does not decrypt the file.
self::putChar8($fd, 0);
// Byte 16-27 (12 bytes): Reserved for dBASE for DOS in a multi-user environment
self::putInt32($fd, 0);
self::putInt32($fd, 0);
self::putInt32($fd, 0);
// Byte 28 (1 byte): Production .mdx file flag; 0x01 if there is a production .mdx file, 0x00 if not
self::putChar8($fd, 0);
// Byte 29 (1 byte): Language driver ID
// (no clue what this is)
self::putChar8($fd, 0);
// Byte 30-31 (2 bytes): Reserved, 0 filled.
self::putInt16($fd, 0);
// Byte 32 - n (32 bytes each): Field descriptor array
foreach ($fields as &$field) {
self::putString($fd, $field[0], 11); // Byte 0 - 10 (11 bytes): Field name in ASCII (zero-filled)
self::putString($fd, $field[1], 1); // Byte 11 (1 byte): Field type in ASCII (C, D, F, L, M, or N)
self::putInt32($fd, 0); // Byte 12 - 15 (4 bytes): Reserved
self::putChar8($fd, self::length($field)); // Byte 16 (1 byte): Field length in binary. The maximum length of a field is 254 (0xFE).
self::putChar8($fd, $field[3]); // Byte 17 (1 byte): Field decimal count in binary
self::putInt16($fd, 0); // Byte 18 - 19 (2 bytes): Work area ID
self::putChar8($fd, 0); // Byte 20 (1 byte): Example (??)
self::putInt32($fd, 0); // Byte 21 - 30 (10 bytes): Reserved
self::putInt32($fd, 0);
self::putInt16($fd, 0);
self::putChar8($fd, 0); // Byte 31 (1 byte): Production MDX field flag; 1 if field has an index tag in the production MDX file, 0 if not
}
// Byte n + 1 (1 byte): 0x0D as the field descriptor array terminator
self::putChar8($fd, 0x0D);
return new DBase($fd);
}
/**
* Create DBase instance
* @param mixed $fd file descriptor
* @return void
*/
private function __construct($fd)
{
$this->fd = $fd;
// Byte 4-7 (32-bit number): Number of records in the database file. Currently 0
fseek($this->fd, 4, SEEK_SET);
$this->recordCount = self::getInt32($fd);
// Byte 8-9 (16-bit number): Number of bytes in the header.
fseek($this->fd, 8, SEEK_SET);
$this->headerLength = self::getInt16($fd);
// Number of fields is (headerLength - 33) / 32)
$this->fieldCount = ($this->headerLength - 33) / 32;
// Byte 10-11 (16-bit number): Number of bytes in record.
fseek($this->fd, 10, SEEK_SET);
$this->recordLength = self::getInt16($fd);
// Byte 32 - n (32 bytes each): Field descriptor array
fseek($fd, 32, SEEK_SET);
for ($i = 0; $i < $this->fieldCount; $i++) {
$data = fread($this->fd, 32);
$field = array_map('trim', unpack('a11name/a1type/c4/c1length/c1precision/s1workid/c1example/c10/c1production', $data));
$this->fields[] = $field;
}
}
/**
* dbase_close
* @return void
*/
public function close()
{
fclose($this->fd);
}
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
/**
* dbase_get_header_info
* @return array
*/
public function get_header_info()
{
// phpcs:disable
return $this->fields;
}
/**
* dbase_numfields
* @return int
*/
public function numfields()
{
return $this->fieldCount;
}
/**
* dbase_numrecords
* @return int
*/
public function numrecords()
{
return $this->recordCount;
}
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
/**
* dbase_add_record
* @param array $record record
* @return bool
*/
public function add_record($record)
{
// phpcs:enable
if (count($record) != $this->fieldCount) {
return false;
}
// Seek to end of file, minus the end of file marker
fseek($this->fd, 0, SEEK_END);
// Put the deleted flag
self::putChar8($this->fd, 0x20);
// Put the record
if (!$this->putRecord($record)) {
return false;
}
// Update the record count
fseek($this->fd, 4);
self::putInt32($this->fd, ++$this->recordCount);
return true;
}
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
/**
* dbase_replace_record
* @param array $record record
* @param int $record_number record number
* @return bool
*/
public function replace_record($record, $record_number)
{
// phpcs:enable
if (count($record) != $this->fieldCount) {
return false;
}
if ($record_number < 1 || $record_number > $this->recordCount) {
return false;
}
// Skip to the record location, plus the 1 byte for the deleted flag
fseek($this->fd, $this->headerLength + ($this->recordLength * ($record_number - 1)) + 1);
return $this->putRecord($record);
}
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
/**
* dbase_delete_record
* @param int $record_number record number
* @return bool
*/
public function delete_record($record_number)
{
// phpcs:enable
if ($record_number < 1 || $record_number > $this->recordCount) {
return false;
}
fseek($this->fd, $this->headerLength + ($this->recordLength * ($record_number - 1)));
self::putChar8($this->fd, 0x2A);
return true;
}
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
/**
* dbase_get_record
* @param int $record_number record number
* @return array
*/
public function get_record($record_number)
{
// phpcs:enable
if ($record_number < 1 || $record_number > $this->recordCount) {
return false;
}
fseek($this->fd, $this->headerLength + ($this->recordLength * ($record_number - 1)));
$record = array(
'deleted' => self::getChar8($this->fd) == 0x2A ? 1 : 0
);
foreach ($this->fields as $i => &$field) {
$value = trim(fread($this->fd, $field['length']));
if ($field['type'] == 'L') {
$value = strtolower($value);
if ($value == 't' || $value == 'y') {
$value = true;
} elseif ($value == 'f' || $value == 'n') {
$value = false;
} else {
$value = null;
}
}
$record[$i] = $value;
}
return $record;
}
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
/**
* dbase_get_record_with_names
* @param int $record_number record number
* @return array
*/
public function get_record_with_names($record_number)
{
// phpcs:enable
if ($record_number < 1 || $record_number > $this->recordCount) {
return false;
}
$record = $this->get_record($record_number);
foreach ($this->fields as $i => &$field) {
$record[$field['name']] = $record[$i];
unset($record[$i]);
}
return $record;
}
/**
* dbase_pack
* @return void
*/
public function pack()
{
$in_offset = $out_offset = $this->headerLength;
$new_count = 0;
$rec_count = $this->recordCount;
while ($rec_count > 0) {
fseek($this->fd, $in_offset, SEEK_SET);
$record = fread($this->fd, $this->recordLength);
$deleted = substr($record, 0, 1);
if ($deleted != '*') {
fseek($this->fd, $out_offset, SEEK_SET);
fwrite($this->fd, $record);
$out_offset += $this->recordLength;
$new_count++;
}
$in_offset += $this->recordLength;
$rec_count--;
}
ftruncate($this->fd, $out_offset);
// Update the record count
fseek($this->fd, 4);
self::putInt32($this->fd, $new_count);
}
/*
* A few utilitiy functions
*/
/**
* @param string $field field
* @return int
*/
private static function length($field)
{
switch ($field[1]) {
case 'D': // Date: Numbers and a character to separate month, day, and year (stored internally as 8 digits in YYYYMMDD format)
return 8;
case 'T': // DateTime (YYYYMMDDhhmmss.uuu) (FoxPro)
return 18;
case 'M': // Memo (ignored): All ASCII characters (stored internally as 10 digits representing a .dbt block number, right justified, padded with whitespaces)
case 'N': // Number: -.0123456789 (right justified, padded with whitespaces)
case 'F': // Float: -.0123456789 (right justified, padded with whitespaces)
case 'C': // String: All ASCII characters (padded with whitespaces up to the field's length)
return $field[2];
case 'L': // Boolean: YyNnTtFf? (? when not initialized)
return 1;
}
return 0;
}
/*
* Functions for reading and writing bytes
*/
/**
* getChar8
* @param mixed $fd file descriptor
* @return int
*/
private static function getChar8($fd)
{
return ord(fread($fd, 1));
}
/**
* putChar8
* @param mixed $fd file descriptor
* @param mixed $value value
* @return bool
*/
private static function putChar8($fd, $value)
{
return fwrite($fd, chr($value));
}
/**
* getInt16
* @param mixed $fd file descriptor
* @param int $n n
* @return bool
*/
private static function getInt16($fd, $n = 1)
{
$data = fread($fd, 2 * $n);
$i = unpack("S$n", $data);
if ($n == 1) {
return (int) $i[1];
} else {
return array_merge($i);
}
}
/**
* putInt16
* @param mixed $fd file descriptor
* @param mixed $value value
* @return bool
*/
private static function putInt16($fd, $value)
{
return fwrite($fd, pack('S', $value));
}
/**
* getInt32
* @param mixed $fd file descriptor
* @param int $n n
* @return bool
*/
private static function getInt32($fd, $n = 1)
{
$data = fread($fd, 4 * $n);
$i = unpack("L$n", $data);
if ($n == 1) {
return (int) $i[1];
} else {
return array_merge($i);
}
}
/**
* putint32
* @param mixed $fd file descriptor
* @param mixed $value value
* @return bool
*/
private static function putInt32($fd, $value)
{
return fwrite($fd, pack('L', $value));
}
/**
* putString
* @param mixed $fd file descriptor
* @param mixed $value value
* @param int $length length
* @return bool
*/
private static function putString($fd, $value, $length = 254)
{
$ret = fwrite($fd, pack('A' . $length, $value));
}
/**
* putRecord
* @param mixed $record record
* @return bool
*/
private function putRecord($record)
{
foreach ($this->fields as $i => &$field) {
$value = $record[$i];
// Number types are right aligned with spaces
if ($field['type'] == 'N' || $field['type'] == 'F' && strlen($value) < $field['length']) {
$value = str_repeat(' ', $field['length'] - strlen($value)) . $value;
}
self::putString($this->fd, $value, $field['length']);
}
return true;
}
}
if (!function_exists('dbase_open')) {
/**
* dbase_open
* @param string $filename filename
* @param int $mode mode
* @return DBase
*/
function dbase_open($filename, $mode)
{
return DBase::open($filename, $mode);
}
/**
* dbase_create
* @param string $filename filename
* @param array $fields fields
* @param int $type type
* @return DBase
*/
function dbase_create($filename, $fields, $type = DBASE_TYPE_DBASE)
{
return DBase::create($filename, $fields, $type);
}
/**
* dbase_close
* @param Resource $dbase_identifier dbase identifier
* @return bool
*/
function dbase_close($dbase_identifier)
{
return $dbase_identifier->close();
}
/**
* dbase_get_header_info
* @param Resource $dbase_identifier dbase identifier
* @return string
*/
function dbase_get_header_info($dbase_identifier)
{
return $dbase_identifier->get_header_info();
}
/**
* dbase_numfields
* @param Resource $dbase_identifier dbase identifier
* @return int
*/
function dbase_numfields($dbase_identifier)
{
$dbase_identifier->numfields();
}
/**
* dbase_numrecords
* @param Resource $dbase_identifier dbase identifier
* @return int
*/
function dbase_numrecords($dbase_identifier)
{
return $dbase_identifier->numrecords();
}
/**
* dbase_add_record
* @param Resource $dbase_identifier dbase identifier
* @param array $record record
* @return bool
*/
function dbase_add_record($dbase_identifier, $record)
{
return $dbase_identifier->add_record($record);
}
/**
* dbase_delete_record
* @param Resource $dbase_identifier dbase identifier
* @param int $record_number record number
* @return bool
*/
function dbase_delete_record($dbase_identifier, $record_number)
{
return $dbase_identifier->delete_record($record_number);
}
/**
* dbase_replace_record
* @param Resource $dbase_identifier dbase identifier
* @param array $record record
* @param int $record_number record number
* @return bool
*/
function dbase_replace_record($dbase_identifier, $record, $record_number)
{
return $dbase_identifier->replace_record($record, $record_number);
}
/**
* dbase_get_record
* @param Resource $dbase_identifier dbase identifier
* @param int $record_number record number
* @return bool
*/
function dbase_get_record($dbase_identifier, $record_number)
{
return $dbase_identifier->get_record($record_number);
}
/**
* dbase_get_record_with_names
* @param Resource $dbase_identifier dbase identifier
* @param int $record_number record number
* @return bool
*/
function dbase_get_record_with_names($dbase_identifier, $record_number)
{
return $dbase_identifier->get_record_with_names($record_number);
}
/**
* dbase_pack
* @param Resource $dbase_identifier dbase identifier
* @return bool
*/
function dbase_pack($dbase_identifier)
{
return $dbase_identifier->pack();
}
}

2
htdocs/accountancy/class/bookkeeping.class.php
View File

@ -297,7 +297,7 @@ class BookKeeping extends CommonObject
$sql .= " AND fk_doc = ".((int) $this->fk_doc);
if (!empty($conf->global->ACCOUNTANCY_ENABLE_FKDOCDET)) {
// DO NOT USE THIS IN PRODUCTION. This will generate a lot of trouble into reports and will corrupt database (by generating duplicate entries.
$sql .= " AND fk_docdet = ".$this->fk_docdet; // This field can be 0 if record is for several lines
$sql .= " AND fk_docdet = ".((int) $this->fk_docdet); // This field can be 0 if record is for several lines
}
$sql .= " AND numero_compte = '".$this->db->escape($this->numero_compte)."'";
$sql .= " AND label_operation = '".$this->db->escape($this->label_operation)."'";

12
htdocs/adherents/card.php
View File

@ -1821,8 +1821,16 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
$company = new Societe($db);
$result = $company->fetch($object->socid);
print $company->getNomUrl(1);
// Show link to invoices
$tmparray = $company->getOutstandingBills('customer');
if (!empty($tmparray['refs'])) {
print ' - '.img_picto($langs->trans("Invoices"), 'bill', 'class="paddingright"').'<a href="'.DOL_URL_ROOT.'/compta/facture/list.php?socid='.$object->socid.'">'.$langs->trans("Invoices").': '.count($tmparray['refs']);
// TODO Add alert if warning on at least one invoice late
print '</a>';
}
} else {
print $langs->trans("NoThirdPartyAssociatedToMember");
print '<span class="opacitymedium">'.$langs->trans("NoThirdPartyAssociatedToMember").'</span>';
}
}
print '</td></tr>';
@ -1846,7 +1854,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
}
print '</td></tr>';
//VCard
// VCard
print '<tr><td>';
print $langs->trans("VCard").'</td><td colspan="3">';
print '<a href="'.DOL_URL_ROOT.'/adherents/vcard.php?id='.$object->id.'">';

2
htdocs/adherents/class/adherentstats.class.php
View File

@ -70,7 +70,7 @@ class AdherentStats extends Stats
$this->where .= " m.statut != -1";
$this->where .= " AND p.fk_adherent = m.rowid AND m.entity IN (".getEntity('adherent').")";
//if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
//if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
if ($this->memberid) {
$this->where .= " AND m.rowid = ".((int) $this->memberid);
}

50
htdocs/adherents/subscription.php
View File

@ -209,7 +209,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
// Subscription informations
$datesubscription = 0;
$datesubend = 0;
$paymentdate = 0;
$paymentdate = ''; // Do not use 0 here, default value is '' that means not filled where 0 means 1970-01-01
if (GETPOST("reyear", "int") && GETPOST("remonth", "int") && GETPOST("reday", "int")) {
$datesubscription = dol_mktime(0, 0, 0, GETPOST("remonth", "int"), GETPOST("reday", "int"), GETPOST("reyear", "int"));
}
@ -260,7 +260,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
}
// Check if a payment is mandatory or not
if (!$error && $adht->subscription) { // Member type need subscriptions
if ($adht->subscription) { // Member type need subscriptions
if (!is_numeric($amount)) {
// If field is '' or not a numeric value
$errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("Amount"));
@ -268,28 +268,35 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
$error++;
$action = 'addsubscription';
} else {
// If an amount has been provided, we check also fields that becomes mandatory when amount is not null.
if (!empty($conf->banque->enabled) && GETPOST("paymentsave") != 'none') {
if (GETPOST("subscription")) {
if (!GETPOST("label")) {
$errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("Label"));
setEventMessages($errmsg, null, 'errors');
$error++;
$action = 'addsubscription';
}
if (GETPOST("paymentsave") != 'invoiceonly' && !GETPOST("operation")) {
$errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode"));
setEventMessages($errmsg, null, 'errors');
$error++;
$action = 'addsubscription';
}
if (GETPOST("paymentsave") != 'invoiceonly' && !(GETPOST("accountid", 'int') > 0)) {
$errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("FinancialAccount"));
setEventMessages($errmsg, null, 'errors');
$error++;
$action = 'addsubscription';
}
} else {
if (GETPOST("accountid")) {
if (GETPOST("accountid", 'int')) {
$errmsg = $langs->trans("ErrorDoNotProvideAccountsIfNullAmount");
setEventMessages($errmsg, null, 'errors');
$error++;
$action = 'addsubscription';
}
}
if ($errmsg) {
$error++;
setEventMessages($errmsg, null, 'errors');
$error++;
$action = 'addsubscription';
}
}
}
}
@ -601,8 +608,16 @@ if ($rowid > 0) {
$company = new Societe($db);
$result = $company->fetch($object->fk_soc);
print $company->getNomUrl(1);
// Show link to invoices
$tmparray = $company->getOutstandingBills('customer');
if (!empty($tmparray['refs'])) {
print ' - '.img_picto($langs->trans("Invoices"), 'bill', 'class="paddingright"').'<a href="'.DOL_URL_ROOT.'/compta/facture/list.php?socid='.$object->socid.'">'.$langs->trans("Invoices").': '.count($tmparray['refs']);
// TODO Add alert if warning on at least one invoice late
print '</a>';
}
} else {
print $langs->trans("NoThirdPartyAssociatedToMember");
print '<span class="opacitymedium">'.$langs->trans("NoThirdPartyAssociatedToMember").'</span>';
}
}
print '</td></tr>';
@ -628,7 +643,7 @@ if ($rowid > 0) {
if ($object->user_id) {
$form->form_users($_SERVER['PHP_SELF'].'?rowid='.$object->id, $object->user_id, 'none');
} else {
print $langs->trans("NoDolibarrAccess");
print '<span class="opacitymedium">'.$langs->trans("NoDolibarrAccess").'</span>';
}
}
print '</td></tr>';
@ -970,17 +985,18 @@ if ($rowid > 0) {
print '<tr><td class="tdtop fieldrequired">'.$langs->trans('MoreActions');
print '</td>';
print '<td>';
print '<input type="radio" class="moreaction" id="none" name="paymentsave" value="none"'.(empty($bankdirect) && empty($invoiceonly) && empty($bankviainvoice) ? ' checked' : '').'> '.$langs->trans("None").'<br>';
print '<input type="radio" class="moreaction" id="none" name="paymentsave" value="none"'.(empty($bankdirect) && empty($invoiceonly) && empty($bankviainvoice) ? ' checked' : '').'>';
print '<label for="none"> '.$langs->trans("None").'</label><br>';
// Add entry into bank accoun
if (!empty($conf->banque->enabled)) {
print '<input type="radio" class="moreaction" id="bankdirect" name="paymentsave" value="bankdirect"'.(!empty($bankdirect) ? ' checked' : '');
print '> '.$langs->trans("MoreActionBankDirect").'<br>';
print '><label for="bankdirect"> '.$langs->trans("MoreActionBankDirect").'</label><br>';
}
// Add invoice with no payments
if (!empty($conf->societe->enabled) && !empty($conf->facture->enabled)) {
print '<input type="radio" class="moreaction" id="invoiceonly" name="paymentsave" value="invoiceonly"'.(!empty($invoiceonly) ? ' checked' : '');
//if (empty($object->fk_soc)) print ' disabled';
print '> '.$langs->trans("MoreActionInvoiceOnly");
print '><label for="invoiceonly"> '.$langs->trans("MoreActionInvoiceOnly");
if ($object->fk_soc) {
print ' ('.$langs->trans("ThirdParty").': '.$company->getNomUrl(1).')';
} else {
@ -1004,13 +1020,13 @@ if ($rowid > 0) {
}
print '. '.$langs->transnoentitiesnoconv("ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS", $prodtmp->getNomUrl(1)); // must use noentitiesnoconv to avoid to encode html into getNomUrl of product
}
print '<br>';
print '</label><br>';
}
// Add invoice with payments
if (!empty($conf->banque->enabled) && !empty($conf->societe->enabled) && !empty($conf->facture->enabled)) {
print '<input type="radio" class="moreaction" id="bankviainvoice" name="paymentsave" value="bankviainvoice"'.(!empty($bankviainvoice) ? ' checked' : '');
//if (empty($object->fk_soc)) print ' disabled';
print '> '.$langs->trans("MoreActionBankViaInvoice");
print '><label for="bankviainvoice"> '.$langs->trans("MoreActionBankViaInvoice");
if ($object->fk_soc) {
print ' ('.$langs->trans("ThirdParty").': '.$company->getNomUrl(1).')';
} else {
@ -1034,7 +1050,7 @@ if ($rowid > 0) {
}
print '. '.$langs->transnoentitiesnoconv("ADHERENT_PRODUCT_ID_FOR_SUBSCRIPTIONS", $prodtmp->getNomUrl(1)); // must use noentitiesnoconv to avoid to encode html into getNomUrl of product
}
print '<br>';
print '</label><br>';
}
print '</td></tr>';

9
htdocs/admin/agenda_xcal.php
View File

@ -165,24 +165,27 @@ $urlvcal = '<a href="'.$urlwithroot.'/public/agenda/agendaexport.php?format=vcal
$urlvcal .= $urlwithroot.'/public/agenda/agendaexport.php?format=vcal'.$getentity.'&exportkey='.($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY ?urlencode($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) : 'KEYNOTDEFINED').'</a>';
$message .= img_picto('', 'globe').' '.str_replace('{url}', $urlvcal, '<span class="opacitymedium">'.$langs->trans("WebCalUrlForVCalExport", 'vcal', '').'</span>');
$message .= '<div class="urllink">';
$message .= '<input type="text" id="onlinepaymenturl" class="quatrevingtpercent" value="'.$urlwithroot.'/public/agenda/agendaexport.php?format=vcal'.$getentity.'&exportkey='.($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY ?urlencode($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) : '...').'">';
$message .= '<input type="text" id="onlinepaymenturl1" class="quatrevingtpercent" value="'.$urlwithroot.'/public/agenda/agendaexport.php?format=vcal'.$getentity.'&exportkey='.($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY ?urlencode($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) : '...').'">';
$message .= '</div>';
$message .= ajax_autoselect('onlinepaymenturl1');
$message .= '<br>';
$urlical = '<a href="'.$urlwithroot.'/public/agenda/agendaexport.php?format=ical&type=event'.$getentity.'&exportkey='.($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY ?urlencode($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) : '...').'" target="_blank">';
$urlical .= $urlwithroot.'/public/agenda/agendaexport.php?format=ical&type=event'.$getentity.'&exportkey='.($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY ?urlencode($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) : 'KEYNOTDEFINED').'</a>';
$message .= img_picto('', 'globe').' '.str_replace('{url}', $urlical, '<span class="opacitymedium">'.$langs->trans("WebCalUrlForVCalExport", 'ical/ics', '').'</span>');
$message .= '<div class="urllink">';
$message .= '<input type="text" id="onlinepaymenturl" class="quatrevingtpercent" value="'.$urlwithroot.'/public/agenda/agendaexport.php?format=ical'.$getentity.'&exportkey='.($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY ?urlencode($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) : '...').'">';
$message .= '<input type="text" id="onlinepaymenturl2" class="quatrevingtpercent" value="'.$urlwithroot.'/public/agenda/agendaexport.php?format=ical'.$getentity.'&exportkey='.($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY ?urlencode($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) : '...').'">';
$message .= '</div>';
$message .= ajax_autoselect('onlinepaymenturl2');
$message .= '<br>';
$urlrss = '<a href="'.$urlwithroot.'/public/agenda/agendaexport.php?format=rss'.$getentity.'&exportkey='.($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY ?urlencode($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) : '...').'" target="_blank">';
$urlrss .= $urlwithroot.'/public/agenda/agendaexport.php?format=rss'.$getentity.'&exportkey='.($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY ?urlencode($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) : 'KEYNOTDEFINED').'</a>';
$message .= img_picto('', 'globe').' '.str_replace('{url}', $urlrss, '<span class="opacitymedium">'.$langs->trans("WebCalUrlForVCalExport", 'rss', '').'</span>');
$message .= '<div class="urllink">';
$message .= '<input type="text" id="onlinepaymenturl" class="quatrevingtpercent" value="'.$urlwithroot.'/public/agenda/agendaexport.php?format=rss'.$getentity.'&exportkey='.($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY ?urlencode($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) : '...').'">';
$message .= '<input type="text" id="onlinepaymenturl3" class="quatrevingtpercent" value="'.$urlwithroot.'/public/agenda/agendaexport.php?format=rss'.$getentity.'&exportkey='.($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY ?urlencode($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) : '...').'">';
$message .= '</div>';
$message .= ajax_autoselect('onlinepaymenturl3');
$message .= '<br>';
print $message;

4
htdocs/admin/dolistore/class/dolistore.class.php
View File

@ -84,7 +84,7 @@ class Dolistore
try {
$this->api = new PrestaShopWebservice($conf->global->MAIN_MODULE_DOLISTORE_API_SRV, $conf->global->MAIN_MODULE_DOLISTORE_API_KEY, $this->debug_api);
dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".$conf->global->MAIN_MODULE_DOLISTORE_API_SRV);
dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".getDolGlobalString('MAIN_MODULE_DOLISTORE_API_SRV'));
// $conf->global->MAIN_MODULE_DOLISTORE_API_KEY is for the login of basic auth. There is no password as it is public data.
// Here we set the option array for the Webservice : we want categories resources
@ -134,7 +134,7 @@ class Dolistore
try {
$this->api = new PrestaShopWebservice($conf->global->MAIN_MODULE_DOLISTORE_API_SRV, $conf->global->MAIN_MODULE_DOLISTORE_API_KEY, $this->debug_api);
dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".$conf->global->MAIN_MODULE_DOLISTORE_API_SRV);
dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".getDolGlobalString('MAIN_MODULE_DOLISTORE_API_SRV'));
// $conf->global->MAIN_MODULE_DOLISTORE_API_KEY is for the login of basic auth. There is no password as it is public data.
// Here we set the option array for the Webservice : we want products resources

4
htdocs/admin/mails_templates.php
View File

@ -564,8 +564,8 @@ $sql = "SELECT rowid as rowid, module, label, type_template, lang, fk_user, priv
$sql .= " FROM ".MAIN_DB_PREFIX."c_email_templates";
$sql .= " WHERE entity IN (".getEntity('email_template').")";
if (!$user->admin) {
$sql .= " AND (private = 0 OR (private = 1 AND fk_user = ".$user->id."))"; // Show only public and private to me
$sql .= " AND (active = 1 OR fk_user = ".$user->id.")"; // Show only active or owned by me
$sql .= " AND (private = 0 OR (private = 1 AND fk_user = ".((int) $user->id)."))"; // Show only public and private to me
$sql .= " AND (active = 1 OR fk_user = ".((int) $user->id).")"; // Show only active or owned by me
}
if (empty($conf->global->MAIN_MULTILANGS)) {
$sql .= " AND (lang = '".$db->escape($langs->defaultlang)."' OR lang IS NULL OR lang = '')";

8
htdocs/admin/system/security.php
View File

@ -91,7 +91,13 @@ print '<br>';
print "<strong>PHP session.use_strict_mode</strong> = ".(ini_get('session.use_strict_mode') ? ini_get('session.use_strict_mode') : yn(0)).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", '1').")</span><br>\n";
print "<strong>PHP session.use_only_cookies</strong> = ".(ini_get('session.use_only_cookies') ? ini_get('session.use_only_cookies') : yn(0)).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", '1').")</span><br>\n";
print "<strong>PHP session.cookie_httponly</strong> = ".(ini_get('session.cookie_httponly') ? ini_get('session.cookie_httponly') : '').' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", '1').")</span><br>\n";
print "<strong>PHP session.cookie_samesite</strong> = ".(ini_get('session.cookie_samesite') ? ini_get('session.cookie_samesite') : 'None').' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", 'Strict').")</span><br>\n";
print "<strong>PHP session.cookie_samesite</strong> = ".(ini_get('session.cookie_samesite') ? ini_get('session.cookie_samesite') : 'None');
if (!ini_get('session.cookie_samesite') || ini_get('session.cookie_samesite') == 'Lax') {
print ' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", 'Lax').")</span>";
} elseif (ini_get('session.cookie_samesite') == 'Strict') {
print ' &nbsp; '.img_warning().' <span class="opacitymedium">'.$langs->trans("WarningPaypalPaymentNotCompatibleWithStrict")."</span>";
}
print "<br>\n";
print "<strong>PHP open_basedir</strong> = ".(ini_get('open_basedir') ? ini_get('open_basedir') : yn(0).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("ARestrictedPath").', '.$langs->transnoentitiesnoconv("Example").' '.$_SERVER["DOCUMENT_ROOT"]).')</span>')."<br>\n";
print "<strong>PHP allow_url_fopen</strong> = ".(ini_get('allow_url_fopen') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_fopen') : yn(0)).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).")</span><br>\n";
print "<strong>PHP allow_url_include</strong> = ".(ini_get('allow_url_include') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_include') : yn(0)).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).")</span><br>\n";

19
htdocs/blockedlog/ajax/check_signature.php
View File

@ -17,9 +17,9 @@
*/
/**
* \file htdocs/blockedlog/ajax/block-info.php
* \file htdocs/blockedlog/ajax/check_signature.php
* \ingroup blockedlog
* \brief block-info
* \brief This page is not used yet.
*/
@ -38,13 +38,15 @@ if (!defined('NOREQUIREHTML')) {
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php';
require_once DOL_DOCUMENT_ROOT.'/blockedlog/class/blockedlog.class.php';
require_once DOL_DOCUMENT_ROOT.'/blockedlog/class/authority.class.php';
if (empty($conf->global->BLOCKEDLOG_AUTHORITY_URL)) {
exit('BLOCKEDLOG_AUTHORITY_URL not set');
}
require_once DOL_DOCUMENT_ROOT.'/blockedlog/class/blockedlog.class.php';
require_once DOL_DOCUMENT_ROOT.'/blockedlog/class/authority.class.php';
$auth = new BlockedLogAuthority($db);
$auth->syncSignatureWithAuthority();
@ -63,8 +65,11 @@ if (is_array($bocks)) {
$hash = $auth->getBlockchainHash();
$url = $conf->global->BLOCKEDLOG_AUTHORITY_URL.'/blockedlog/ajax/authority.php?s='.$auth->signature.'&h='.$hash;
// Call external authority
$url = $conf->global->BLOCKEDLOG_AUTHORITY_URL.'/blockedlog/ajax/authority.php?s='.urlencode($auth->signature).'&h='.urlencode($hash);
$resarray = getURLContent($url, 'GET', '', 1, array(), array(), 2);
$res = $resarray['content'];
$res = file_get_contents($url);
//echo $url;
echo $res;
echo dol_escape_htmltag($res);

26
htdocs/categories/class/categorie.class.php
View File

@ -540,7 +540,7 @@ class Categorie extends CommonObject
$sql .= ", visible = ".(int) $this->visible;
$sql .= ", fk_parent = ".(int) $this->fk_parent;
$sql .= ", fk_user_modif = ".(int) $user->id;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::update", LOG_DEBUG);
if ($this->db->query($sql)) {
@ -686,7 +686,7 @@ class Categorie extends CommonObject
if ($this->db->query($sql)) {
if (!empty($conf->global->CATEGORIE_RECURSIV_ADD)) {
$sql = 'SELECT fk_parent FROM '.MAIN_DB_PREFIX.'categorie';
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::add_type", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -774,7 +774,7 @@ class Categorie extends CommonObject
$this->db->begin();
$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]);
$sql .= " WHERE fk_categorie = ".$this->id;
$sql .= " WHERE fk_categorie = ".((int) $this->id);
$sql .= " AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $obj->id);
dol_syslog(get_class($this).'::del_type', LOG_DEBUG);
@ -826,11 +826,11 @@ class Categorie extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type])." as c";
$sql .= ", ".MAIN_DB_PREFIX.(empty($this->MAP_OBJ_TABLE[$type]) ? $type : $this->MAP_OBJ_TABLE[$type])." as o";
$sql .= " WHERE o.entity IN (".getEntity($obj->element).")";
$sql .= " AND c.fk_categorie = ".$this->id;
$sql .= " AND c.fk_categorie = ".((int) $this->id);
$sql .= " AND c.fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = o.rowid";
// Protection for external users
if (($type == 'customer' || $type == 'supplier') && $user->socid > 0) {
$sql .= " AND o.rowid = ".$user->socid;
$sql .= " AND o.rowid = ".((int) $user->socid);
}
if ($limit > 0 || $offset > 0) {
$sql .= $this->db->plimit($limit + 1, $offset);
@ -870,7 +870,7 @@ class Categorie extends CommonObject
public function containsObject($type, $object_id)
{
$sql = "SELECT COUNT(*) as nb FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]);
$sql .= " WHERE fk_categorie = ".$this->id." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id);
$sql .= " WHERE fk_categorie = ".((int) $this->id)." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id);
dol_syslog(get_class($this)."::containsObject", LOG_DEBUG);
$resql = $this->db->query($sql);
if ($resql) {
@ -1501,7 +1501,7 @@ class Categorie extends CommonObject
$sql .= " WHERE ct.fk_categorie = c.rowid AND ct.fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".(int) $id;
// This seems useless because the table already contains id of category of 1 unique type. So commented.
// So now it works also with external added categories.
//$sql .= " AND c.type = ".$this->MAP_ID[$type];
//$sql .= " AND c.type = ".((int) $this->MAP_ID[$type]);
$sql .= " AND c.entity IN (".getEntity('category').")";
$res = $this->db->query($sql);
@ -1796,7 +1796,7 @@ class Categorie extends CommonObject
foreach ($langs_available as $key => $value) {
$sql = "SELECT rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."categorie_lang";
$sql .= " WHERE fk_category=".$this->id;
$sql .= " WHERE fk_category=".((int) $this->id);
$sql .= " AND lang = '".$this->db->escape($key)."'";
$result = $this->db->query($sql);
@ -1806,10 +1806,10 @@ class Categorie extends CommonObject
$sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang";
$sql2 .= " SET label='".$this->db->escape($this->label)."',";
$sql2 .= " description='".$this->db->escape($this->description)."'";
$sql2 .= " WHERE fk_category=".$this->id." AND lang='".$this->db->escape($key)."'";
$sql2 .= " WHERE fk_category=".((int) $this->id)." AND lang='".$this->db->escape($key)."'";
} else {
$sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)";
$sql2 .= " VALUES(".$this->id.",'".$key."','".$this->db->escape($this->label);
$sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->label);
$sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')";
}
dol_syslog(get_class($this).'::setMultiLangs', LOG_DEBUG);
@ -1822,10 +1822,10 @@ class Categorie extends CommonObject
$sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang";
$sql2 .= " SET label='".$this->db->escape($this->multilangs["$key"]["label"])."',";
$sql2 .= " description='".$this->db->escape($this->multilangs["$key"]["description"])."'";
$sql2 .= " WHERE fk_category=".$this->id." AND lang='".$this->db->escape($key)."'";
$sql2 .= " WHERE fk_category=".((int) $this->id)." AND lang='".$this->db->escape($key)."'";
} else {
$sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)";
$sql2 .= " VALUES(".$this->id.",'".$key."','".$this->db->escape($this->multilangs["$key"]["label"]);
$sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->multilangs["$key"]["label"]);
$sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')";
}
@ -1864,7 +1864,7 @@ class Categorie extends CommonObject
$sql = "SELECT lang, label, description";
$sql .= " FROM ".MAIN_DB_PREFIX."categorie_lang";
$sql .= " WHERE fk_category=".$this->id;
$sql .= " WHERE fk_category=".((int) $this->id);
$result = $this->db->query($sql);
if ($result) {

22
htdocs/comm/action/class/actioncomm.class.php
View File

@ -875,7 +875,7 @@ class ActionComm extends CommonObject
$sql = 'SELECT fk_actioncomm, element_type, fk_element, answer_status, mandatory, transparency';
$sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm_resources';
$sql .= ' WHERE fk_actioncomm = '.$this->id;
$sql .= ' WHERE fk_actioncomm = '.((int) $this->id);
$sql .= " AND element_type IN ('user', 'socpeople')";
$resql = $this->db->query($sql);
if ($resql) {
@ -919,7 +919,7 @@ class ActionComm extends CommonObject
// phpcs:enable
$sql = "SELECT fk_actioncomm, element_type, fk_element, answer_status, mandatory, transparency";
$sql .= " FROM ".MAIN_DB_PREFIX."actioncomm_resources";
$sql .= " WHERE element_type = 'user' AND fk_actioncomm = ".$this->id;
$sql .= " WHERE element_type = 'user' AND fk_actioncomm = ".((int) $this->id);
$resql2 = $this->db->query($sql);
if ($resql2) {
@ -996,7 +996,7 @@ class ActionComm extends CommonObject
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_reminder";
$sql .= " WHERE fk_actioncomm = ".$this->id;
$sql .= " WHERE fk_actioncomm = ".((int) $this->id);
$res = $this->db->query($sql);
if (!$res) {
@ -1159,7 +1159,7 @@ class ActionComm extends CommonObject
// Now insert assignedusers
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".$this->id." AND element_type = 'user'";
$sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".((int) $this->id)." AND element_type = 'user'";
$resql = $this->db->query($sql);
$already_inserted = array();
@ -1184,7 +1184,7 @@ class ActionComm extends CommonObject
}
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".$this->id." AND element_type = 'socpeople'";
$sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".((int) $this->id)." AND element_type = 'socpeople'";
$resql = $this->db->query($sql);
if (!empty($this->socpeopleassigned)) {
@ -1320,7 +1320,7 @@ class ActionComm extends CommonObject
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc";
}
if (!$user->rights->agenda->allactions->read) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm AND ar.element_type ='user' AND ar.fk_element = ".$user->id;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm AND ar.element_type ='user' AND ar.fk_element = ".((int) $user->id);
}
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
$sql .= " WHERE 1 = 1";
@ -1329,14 +1329,14 @@ class ActionComm extends CommonObject
}
$sql .= " AND a.entity IN (".getEntity('agenda').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($user->socid) {
$sql .= " AND a.fk_soc = ".$user->socid;
$sql .= " AND a.fk_soc = ".((int) $user->socid);
}
if (!$user->rights->agenda->allactions->read) {
$sql .= " AND (a.fk_user_author = ".$user->id." OR a.fk_user_action = ".$user->id." OR a.fk_user_done = ".$user->id;
$sql .= " OR ar.fk_element = ".$user->id; // Added by PV
$sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id);
$sql .= " OR ar.fk_element = ".((int) $user->id);
$sql .= ")";
}
@ -2226,7 +2226,7 @@ class ActionComm extends CommonObject
//Select all action comm reminders for event
$sql = "SELECT rowid as id, typeremind, dateremind, status, offsetvalue, offsetunit, fk_user";
$sql .= " FROM ".MAIN_DB_PREFIX."actioncomm_reminder";
$sql .= " WHERE fk_actioncomm = ".$this->id;
$sql .= " WHERE fk_actioncomm = ".((int) $this->id);
if ($onlypast) {
$sql .= " AND dateremind <= '".$this->db->idate(dol_now())."'";
}

2
htdocs/comm/action/index.php
View File

@ -689,7 +689,7 @@ if ($pid) {
$sql .= " AND a.fk_project=".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($socid > 0) {
$sql .= ' AND a.fk_soc = '.$socid;

2
htdocs/comm/action/list.php
View File

@ -447,7 +447,7 @@ if ($pid) {
$sql .= " AND a.fk_project=".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($socid > 0) {
$sql .= " AND s.rowid = ".((int) $socid);

2
htdocs/comm/action/pertype.php
View File

@ -558,7 +558,7 @@ if ($pid) {
$sql .= " AND a.fk_project=".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($socid > 0) {
$sql .= ' AND a.fk_soc = '.((int) $socid);

2
htdocs/comm/action/peruser.php
View File

@ -579,7 +579,7 @@ if ($pid) {
$sql .= " AND a.fk_project = ".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($socid > 0) {
$sql .= ' AND a.fk_soc = '.((int) $socid);

16
htdocs/comm/card.php
View File

@ -826,7 +826,7 @@ if ($object->id > 0) {
$sql .= ", p.datep as dp, p.fin_validite as date_limit";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p, ".MAIN_DB_PREFIX."c_propalst as c";
$sql .= " WHERE p.fk_soc = s.rowid AND p.fk_statut = c.id";
$sql .= " AND s.rowid = ".$object->id;
$sql .= " AND s.rowid = ".((int) $object->id);
$sql .= " AND p.entity IN (".getEntity('propal').")";
$sql .= " ORDER BY p.datep DESC";
@ -891,7 +891,7 @@ if ($object->id > 0) {
$sql .= ", c.facture as billed";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c";
$sql .= " WHERE c.fk_soc = s.rowid ";
$sql .= " AND s.rowid = ".$object->id;
$sql .= " AND s.rowid = ".((int) $object->id);
$sql .= " AND c.entity IN (".getEntity('commande').')';
$sql .= " ORDER BY c.date_commande DESC";
@ -907,7 +907,7 @@ if ($object->id > 0) {
$sql2 .= ' FROM '.MAIN_DB_PREFIX.'societe as s';
$sql2 .= ', '.MAIN_DB_PREFIX.'commande as c';
$sql2 .= ' WHERE c.fk_soc = s.rowid';
$sql2 .= ' AND s.rowid = '.$object->id;
$sql2 .= ' AND s.rowid = '.((int) $object->id);
// Show orders with status validated, shipping started and delivered (well any order we can bill)
$sql2 .= " AND ((c.fk_statut IN (1,2)) OR (c.fk_statut = 3 AND c.facture = 0))";
@ -967,7 +967,7 @@ if ($object->id > 0) {
$sql .= ', s.nom';
$sql .= ', s.rowid as socid';
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."expedition as e";
$sql .= " WHERE e.fk_soc = s.rowid AND s.rowid = ".$object->id;
$sql .= " WHERE e.fk_soc = s.rowid AND s.rowid = ".((int) $object->id);
$sql .= " AND e.entity IN (".getEntity('expedition').")";
$sql .= ' GROUP BY e.rowid';
$sql .= ', e.ref';
@ -1032,7 +1032,7 @@ if ($object->id > 0) {
$sql = "SELECT s.nom, s.rowid, c.rowid as id, c.ref as ref, c.statut as contract_status, c.datec as dc, c.date_contrat as dcon, c.ref_customer as refcus, c.ref_supplier as refsup";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c";
$sql .= " WHERE c.fk_soc = s.rowid ";
$sql .= " AND s.rowid = ".$object->id;
$sql .= " AND s.rowid = ".((int) $object->id);
$sql .= " AND c.entity IN (".getEntity('contract').")";
$sql .= " ORDER BY c.datec DESC";
@ -1106,7 +1106,7 @@ if ($object->id > 0) {
$sql = "SELECT s.nom, s.rowid, f.rowid as id, f.ref, f.fk_statut, f.duree as duration, f.datei as startdate";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."fichinter as f";
$sql .= " WHERE f.fk_soc = s.rowid";
$sql .= " AND s.rowid = ".$object->id;
$sql .= " AND s.rowid = ".((int) $object->id);
$sql .= " AND f.entity IN (".getEntity('intervention').")";
$sql .= " ORDER BY f.tms DESC";
@ -1171,7 +1171,7 @@ if ($object->id > 0) {
$sql .= ', f.suspended as suspended';
$sql .= ', s.nom, s.rowid as socid';
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture_rec as f";
$sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id;
$sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id);
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= ' GROUP BY f.rowid, f.titre, f.total_ht, f.total_tva, f.total_ttc,';
$sql .= ' f.date_last_gen, f.datec, f.frequency, f.unit_frequency,';
@ -1263,7 +1263,7 @@ if ($object->id > 0) {
$sql .= ', SUM(pf.amount) as am';
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f";
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiement_facture as pf ON f.rowid=pf.fk_facture';
$sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id;
$sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id);
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= ' GROUP BY f.rowid, f.ref, f.type, f.total_ht, f.total_tva, f.total_ttc,';
$sql .= ' f.datef, f.datec, f.paye, f.fk_statut,';

2
htdocs/comm/contact.php
View File

@ -90,7 +90,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc";
$sql .= " WHERE s.fk_stcomm = st.id";
$sql .= " AND p.entity IN (".getEntity('socpeople').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($type == "c") {
$sql .= " AND s.client IN (1, 3)";

34
htdocs/comm/index.php
View File

@ -106,10 +106,16 @@ print load_fiche_titre($langs->trans("CommercialArea"), '', 'commercial');
print '<div class="fichecenter"><div class="fichethirdleft">';
print getCustomerProposalPieChart($socid);
print '<br>';
print getCustomerOrderPieChart($socid);
print '<br>';
$tmp = getCustomerProposalPieChart($socid);
if ($tmp) {
print $tmp;
print '<br>';
}
$tmp = getCustomerOrderPieChart($socid);
if ($tmp) {
print $tmp;
print '<br>';
}
/*
* Draft customer proposals
@ -130,7 +136,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.fk_statut = ".Propal::STATUS_DRAFT;
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -227,7 +233,7 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa
$sql .= " AND p.fk_statut = ".SupplierProposal::STATUS_DRAFT;
$sql .= " AND p.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -323,7 +329,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
$sql .= " AND c.fk_statut = ".Commande::STATUS_DRAFT;
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
@ -420,10 +426,10 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
$sql .= " AND cf.fk_statut = ".CommandeFournisseur::STATUS_DRAFT;
$sql .= " AND cf.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND cf.fk_soc = ".$socid;
$sql .= " AND cf.fk_soc = ".((int) $socid);
}
$resql = $db->query($sql);
@ -517,7 +523,7 @@ if (!empty($conf->societe->enabled) && $user->rights->societe->lire) {
$sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")";
$sql .= " AND s.client IN (".Societe::CUSTOMER.", ".Societe::PROSPECT.", ".Societe::CUSTOMER_AND_PROSPECT.")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = $socid";
@ -613,7 +619,7 @@ if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_S
$sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")";
$sql .= " AND s.fournisseur = ".Societe::SUPPLIER;
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -719,7 +725,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) { // T
$sql .= " AND c.fk_soc = s.rowid";
$sql .= " AND c.fk_product = p.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -794,7 +800,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED;
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -910,7 +916,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
$sql .= " AND c.fk_soc = s.rowid";
$sql .= " AND c.fk_statut IN (".Commande::STATUS_VALIDATED.", ".Commande::STATUS_SHIPMENTONPROCESS.")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);

6
htdocs/comm/mailing/cibles.php
View File

@ -60,7 +60,7 @@ $search_lastname = GETPOST("search_lastname", 'alphanohtml');
$search_firstname = GETPOST("search_firstname", 'alphanohtml');
$search_email = GETPOST("search_email", 'alphanohtml');
$search_other = GETPOST("search_other", 'alphanohtml');
$search_dest_status = GETPOST('search_dest_status', 'alphanohtml');
$search_dest_status = GETPOST('search_dest_status', 'int');
// Search modules dirs
$modulesdir = dolGetModulesDirs('/mailings');
@ -473,7 +473,7 @@ if ($object->fetch($id) >= 0) {
$asearchcriteriahasbeenset++;
}
if ($search_dest_status != '' && $search_dest_status >= -1) {
$sql .= " AND mc.statut=".$db->escape($search_dest_status)." ";
$sql .= " AND mc.statut = ".((int) $search_dest_status);
$asearchcriteriahasbeenset++;
}
$sql .= $db->order($sortfield, $sortorder);
@ -539,6 +539,8 @@ if ($object->fetch($id) >= 0) {
}
$morehtmlcenter .= ' &nbsp; <a class="reposition" href="'.$_SERVER["PHP_SELF"].'?exportcsv=1&id='.$object->id.'">'.$langs->trans("Download").'</a>';
$massactionbutton = '';
print_barre_liste($langs->trans("MailSelectedRecipients"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $morehtmlcenter, $num, $nbtotalofrecords, 'generic', 0, '', '', $limit);
print '</form>';

44
htdocs/comm/propal/class/propal.class.php
View File

@ -1879,8 +1879,8 @@ class Propal extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET ref = '".$this->db->escape($num)."',";
$sql .= " fk_statut = ".self::STATUS_VALIDATED.", date_valid='".$this->db->idate($now)."', fk_user_valid=".$user->id;
$sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
$sql .= " fk_statut = ".self::STATUS_VALIDATED.", date_valid='".$this->db->idate($now)."', fk_user_valid=".((int) $user->id);
$sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT;
dol_syslog(get_class($this)."::valid", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -1906,7 +1906,7 @@ class Propal extends CommonObject
if (preg_match('/^[\(]?PROV/i', $this->ref)) {
// Now we rename also files into index
$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'propale/".$this->db->escape($this->newref)."'";
$sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'propale/".$this->db->escape($this->ref)."' and entity = ".$conf->entity;
$sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'propale/".$this->db->escape($this->ref)."' and entity = ".((int) $conf->entity);
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
@ -1974,7 +1974,7 @@ class Propal extends CommonObject
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."propal SET datep = '".$this->db->idate($date)."'";
$sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
$sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2030,7 +2030,7 @@ class Propal extends CommonObject
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."propal SET fin_validite = ".($date_fin_validite != '' ? "'".$this->db->idate($date_fin_validite)."'" : 'null');
$sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
$sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2101,7 +2101,7 @@ class Propal extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."propal ";
$sql .= " SET date_livraison = ".($delivery_date != '' ? "'".$this->db->idate($delivery_date)."'" : 'null');
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2156,9 +2156,9 @@ class Propal extends CommonObject
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."propal ";
$sql .= " SET fk_availability = '".$id."'";
$sql .= " WHERE rowid = ".$this->id;
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET fk_availability = ".((int) $id);
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(__METHOD__.' availability('.$id.')', LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2221,7 +2221,7 @@ class Propal extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."propal ";
$sql .= " SET fk_input_reason = ".((int) $id);
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2346,7 +2346,7 @@ class Propal extends CommonObject
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."propal SET remise_percent = ".((float) $remise);
$sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
$sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2409,7 +2409,7 @@ class Propal extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET remise_absolue = ".((float) $remise);
$sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
$sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2530,7 +2530,7 @@ class Propal extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($newprivatenote)."', date_signature='".$this->db->idate($now)."', fk_user_signature=".$user->id;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
@ -2707,7 +2707,7 @@ class Propal extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET fk_statut = ".self::STATUS_DRAFT;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
@ -2780,7 +2780,7 @@ class Propal extends CommonObject
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.fk_statut = c.id";
if (!$user->rights->societe->client->voir && !$socid) { //restriction
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -2789,7 +2789,7 @@ class Propal extends CommonObject
$sql .= " AND p.fk_statut = ".self::STATUS_DRAFT;
}
if ($notcurrentuser > 0) {
$sql .= " AND p.fk_user_author <> ".$user->id;
$sql .= " AND p.fk_user_author <> ".((int) $user->id);
}
$sql .= $this->db->order($sortfield, $sortorder);
$sql .= $this->db->plimit($limit, $offset);
@ -2934,7 +2934,7 @@ class Propal extends CommonObject
if (!$error && !empty($this->table_element_line)) {
$tabletodelete = $this->table_element_line;
$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")";
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id);
if (!$this->db->query($sqlef) || !$this->db->query($sql)) {
$error++;
$this->error = $this->db->lasterror();
@ -2970,7 +2970,7 @@ class Propal extends CommonObject
// Delete main record
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".((int) $this->id);
$res = $this->db->query($sql);
if (!$res) {
$error++;
@ -3285,7 +3285,7 @@ class Propal extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."propal as p";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = " AND";
}
$sql .= $clause." p.entity IN (".getEntity('propal').")";
@ -3296,7 +3296,7 @@ class Propal extends CommonObject
$sql .= " AND p.fk_statut = ".self::STATUS_SIGNED;
}
if ($user->socid) {
$sql .= " AND p.fk_soc = ".$user->socid;
$sql .= " AND p.fk_soc = ".((int) $user->socid);
}
$resql = $this->db->query($sql);
@ -3462,7 +3462,7 @@ class Propal extends CommonObject
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." p.entity IN (".getEntity('propal').")";
@ -4156,7 +4156,7 @@ class PropaleLigne extends CommonObjectLine
$error = 0;
$this->db->begin();
$sql = "DELETE FROM ".MAIN_DB_PREFIX."propaldet WHERE rowid = ".$this->rowid;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."propaldet WHERE rowid = ".((int) $this->rowid);
dol_syslog("PropaleLigne::delete", LOG_DEBUG);
if ($this->db->query($sql)) {
// Remove extrafields

4
htdocs/comm/propal/class/propalestats.class.php
View File

@ -94,10 +94,10 @@ class PropaleStats extends Stats
//$this->where.= " AND p.fk_soc = s.rowid AND p.entity = ".$conf->entity;
$this->where .= ($this->where ? ' AND ' : '')."p.entity IN (".getEntity('propal').")";
if (!$user->rights->societe->client->voir && !$this->socid) {
$this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
$this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($this->socid) {
$this->where .= " AND p.fk_soc = ".$this->socid;
$this->where .= " AND p.fk_soc = ".((int) $this->socid);
}
if ($this->userid > 0) {
$this->where .= ' AND fk_user_author = '.((int) $this->userid);

17
htdocs/comm/propal/index.php
View File

@ -67,8 +67,11 @@ print load_fiche_titre($langs->trans("ProspectionArea"), '', 'propal');
print '<div class="fichecenter">';
print '<div class="fichethirdleft">';
print getCustomerProposalPieChart($socid);
print '<br>';
$tmp = getCustomerProposalPieChart($socid);
if ($tmp) {
print $tmp;
print '<br>';
}
/*
* Draft proposals
@ -85,7 +88,7 @@ if (!empty($conf->propal->enabled)) {
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.fk_statut =".Propal::STATUS_DRAFT;
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND p.fk_soc = ".((int) $socid);
@ -163,7 +166,7 @@ if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.tms DESC";
$sql .= $db->plimit($max, 0);
@ -236,7 +239,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) {
$sql .= " AND p.entity IN (".getEntity($propalstatic->element).")";
$sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED;
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -319,7 +322,7 @@ if (! empty($conf->propal->enabled))
$sql.= " AND c.entity = ".$conf->entity;
$sql.= " AND c.fk_statut = 1";
if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid);
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
$sql.= " ORDER BY c.rowid DESC";
$resql=$db->query($sql);
@ -394,7 +397,7 @@ if (! empty($conf->propal->enabled))
$sql.= " AND c.entity = ".$conf->entity;
$sql.= " AND c.fk_statut = 2 ";
if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid);
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
$sql.= " ORDER BY c.rowid DESC";
$resql=$db->query($sql);

2
htdocs/comm/propal/list.php
View File

@ -520,7 +520,7 @@ if ($search_user > 0) {
$sql .= ' WHERE p.fk_soc = s.rowid';
$sql .= ' AND p.entity IN ('.getEntity('propal').')';
if (!$user->rights->societe->client->voir && !$socid) { //restriction
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($search_town) {

30
htdocs/commande/class/commande.class.php
View File

@ -493,8 +493,8 @@ class Commande extends CommonOrder
$sql .= " SET ref = '".$this->db->escape($num)."',";
$sql .= " fk_statut = ".self::STATUS_VALIDATED.",";
$sql .= " date_valid='".$this->db->idate($now)."',";
$sql .= " fk_user_valid = ".$user->id;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " fk_user_valid = ".((int) $user->id);
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::valid", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -624,7 +624,7 @@ class Commande extends CommonOrder
$sql = "UPDATE ".MAIN_DB_PREFIX."commande";
$sql .= " SET fk_statut = ".self::STATUS_DRAFT;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
if ($this->db->query($sql)) {
if (!$error) {
@ -807,7 +807,7 @@ class Commande extends CommonOrder
$sql = "UPDATE ".MAIN_DB_PREFIX."commande";
$sql .= " SET fk_statut = ".self::STATUS_CANCELED;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND fk_statut = ".self::STATUS_VALIDATED;
dol_syslog(get_class($this)."::cancel", LOG_DEBUG);
@ -2543,7 +2543,7 @@ class Commande extends CommonOrder
$sql = "UPDATE ".MAIN_DB_PREFIX."commande";
$sql .= " SET date_commande = ".($date ? "'".$this->db->idate($date)."'" : 'null');
$sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".((int) self::STATUS_DRAFT);
$sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".((int) self::STATUS_DRAFT);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2615,7 +2615,7 @@ class Commande extends CommonOrder
$sql = "UPDATE ".MAIN_DB_PREFIX."commande";
$sql .= " SET date_livraison = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null');
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2688,7 +2688,7 @@ class Commande extends CommonOrder
$sql .= " WHERE c.entity IN (".getEntity('commande').")";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) { //restriction
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -2697,7 +2697,7 @@ class Commande extends CommonOrder
$sql .= " AND c.fk_statut = ".self::STATUS_DRAFT;
}
if (is_object($excluser)) {
$sql .= " AND c.fk_user_author <> ".$excluser->id;
$sql .= " AND c.fk_user_author <> ".((int) $excluser->id);
}
$sql .= $this->db->order($sortfield, $sortorder);
$sql .= $this->db->plimit($limit, $offset);
@ -3395,8 +3395,8 @@ class Commande extends CommonOrder
// Delete extrafields of lines and lines
if (!$error && !empty($this->table_element_line)) {
$tabletodelete = $this->table_element_line;
$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id.")";
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id;
$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")";
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id);
if (!$this->db->query($sqlef) || !$this->db->query($sql)) {
$error++;
$this->error = $this->db->lasterror();
@ -3432,7 +3432,7 @@ class Commande extends CommonOrder
// Delete main record
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".((int) $this->id);
$res = $this->db->query($sql);
if (!$res) {
$error++;
@ -3507,14 +3507,14 @@ class Commande extends CommonOrder
$sql .= " FROM ".MAIN_DB_PREFIX."commande as c";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = " AND";
}
$sql .= $clause." c.entity IN (".getEntity('commande').")";
//$sql.= " AND c.fk_statut IN (1,2,3) AND c.facture = 0";
$sql .= " AND ((c.fk_statut IN (".self::STATUS_VALIDATED.",".self::STATUS_SHIPMENTONPROCESS.")) OR (c.fk_statut = ".self::STATUS_CLOSED." AND c.facture = 0))"; // If status is 2 and facture=1, it must be selected
if ($user->socid) {
$sql .= " AND c.fk_soc = ".$user->socid;
$sql .= " AND c.fk_soc = ".((int) $user->socid);
}
$resql = $this->db->query($sql);
@ -3917,7 +3917,7 @@ class Commande extends CommonOrder
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON co.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." co.entity IN (".getEntity('commande').")";
@ -4649,7 +4649,7 @@ class OrderLine extends CommonOrderLine
$sql .= ",total_localtax1='".price2num($this->total_localtax1)."'";
$sql .= ",total_localtax2='".price2num($this->total_localtax2)."'";
$sql .= ",total_ttc='".price2num($this->total_ttc)."'";
$sql .= " WHERE rowid = ".$this->rowid;
$sql .= " WHERE rowid = ".((int) $this->rowid);
dol_syslog("OrderLine::update_total", LOG_DEBUG);

6
htdocs/commande/class/commandestats.class.php
View File

@ -94,13 +94,13 @@ class CommandeStats extends Stats
$this->where .= ($this->where ? ' AND ' : '').'c.entity IN ('.getEntity('commande').')';
if (!$user->rights->societe->client->voir && !$this->socid) {
$this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
$this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($this->socid) {
$this->where .= " AND c.fk_soc = ".$this->socid;
$this->where .= " AND c.fk_soc = ".((int) $this->socid);
}
if ($this->userid > 0) {
$this->where .= ' AND c.fk_user_author = '.$this->userid;
$this->where .= ' AND c.fk_user_author = '.((int) $this->userid);
}
if ($typentid) {

2
htdocs/commande/customer.php
View File

@ -87,7 +87,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " WHERE s.fk_stcomm = st.id AND c.fk_soc = s.rowid";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (GETPOST("search_nom")) {
$sql .= natural_search("s.nom", GETPOST("search_nom"));

15
htdocs/commande/index.php
View File

@ -77,8 +77,11 @@ print load_fiche_titre($langs->trans("OrdersArea"), '', 'order');
print '<div class="fichecenter"><div class="fichethirdleft">';
print getCustomerOrderPieChart($socid);
print '<br>';
$tmp = getCustomerOrderPieChart($socid);
if ($tmp) {
print $tmp;
print '<br>';
}
/*
@ -101,7 +104,7 @@ if (!empty($conf->commande->enabled)) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$resql = $db->query($sql);
@ -169,7 +172,7 @@ if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.tms DESC";
$sql .= $db->plimit($max, 0);
@ -253,7 +256,7 @@ if (!empty($conf->commande->enabled)) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.rowid DESC";
@ -342,7 +345,7 @@ if (!empty($conf->commande->enabled)) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.rowid DESC";

4
htdocs/commande/list.php
View File

@ -479,7 +479,7 @@ if ($socid > 0) {
$sql .= ' AND s.rowid = '.((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($search_ref) {
$sql .= natural_search('c.ref', $search_ref);
@ -558,7 +558,7 @@ if ($search_sale > 0) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale);
}
if ($search_user > 0) {
$sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".$search_user;
$sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".((int) $search_user);
}
if ($search_total_ht != '') {
$sql .= natural_search('c.total_ht', $search_total_ht, 1);

4
htdocs/compta/bank/class/account.class.php
View File

@ -1992,7 +1992,7 @@ class AccountLine extends CommonObject
// Protection to avoid any delete of accounted lines. Protection on by default
if (empty($conf->global->BANK_ALLOW_TRANSACTION_DELETION_EVEN_IF_IN_ACCOUNTING)) {
$sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".$this->id;
$sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);
@ -2379,7 +2379,7 @@ class AccountLine extends CommonObject
$result .= yn($this->rappro);
}
if ($option == 'showall' || $option == 'showconciliatedandaccounted') {
$sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".$this->id;
$sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);

14
htdocs/compta/bank/releve.php
View File

@ -116,7 +116,7 @@ if ($_GET["rel"] == 'prev') {
$sql = "SELECT DISTINCT(b.num_releve) as num";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve < '".$db->escape($numref)."'";
$sql .= " AND b.fk_account = ".$object->id;
$sql .= " AND b.fk_account = ".((int) $object->id);
$sql .= " ORDER BY b.num_releve DESC";
dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG);
@ -134,7 +134,7 @@ if ($_GET["rel"] == 'prev') {
$sql = "SELECT DISTINCT(b.num_releve) as num";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve > '".$db->escape($numref)."'";
$sql .= " AND b.fk_account = ".$object->id;
$sql .= " AND b.fk_account = ".((int) $object->id);
$sql .= " ORDER BY b.num_releve ASC";
dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG);
@ -165,7 +165,7 @@ $sql .= " WHERE b.num_releve='".$db->escape($numref)."'";
if (empty($numref)) {
$sql .= " OR b.num_releve is null";
}
$sql .= " AND b.fk_account = ".$object->id;
$sql .= " AND b.fk_account = ".((int) $object->id);
$sql .= " AND b.fk_account = ba.rowid";
$sql .= $db->order("b.datev, b.datec", "ASC"); // We add date of creation to have correct order when everything is done the same day
@ -340,7 +340,7 @@ if (empty($numref)) {
$sql = "SELECT sum(b.amount) as amount";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve < '".$db->escape($objp->numr)."'";
$sql .= " AND b.fk_account = ".$object->id;
$sql .= " AND b.fk_account = ".((int) $object->id);
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
@ -353,7 +353,7 @@ if (empty($numref)) {
$sql = "SELECT sum(b.amount) as amount";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve = '".$db->escape($objp->numr)."'";
$sql .= " AND b.fk_account = ".$object->id;
$sql .= " AND b.fk_account = ".((int) $object->id);
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
@ -421,7 +421,7 @@ if (empty($numref)) {
$sql = "SELECT sum(b.amount) as amount";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve < '".$db->escape($numref)."'";
$sql .= " AND b.fk_account = ".$object->id;
$sql .= " AND b.fk_account = ".((int) $object->id);
$resql = $db->query($sql);
if ($resql) {
@ -605,7 +605,7 @@ if (empty($numref)) {
$sql .= " FROM ".MAIN_DB_PREFIX."bank_categ as ct";
$sql .= ", ".MAIN_DB_PREFIX."bank_class as cl";
$sql .= " WHERE ct.rowid = cl.fk_categ";
$sql .= " AND ct.entity = ".$conf->entity;
$sql .= " AND ct.entity = ".((int) $conf->entity);
$sql .= " AND cl.lineid = ".((int) $objp->rowid);
$resc = $db->query($sql);

6
htdocs/compta/cashcontrol/report.php
View File

@ -115,9 +115,9 @@ elseif ($syear && $smonth && ! $sday) $sql.= " AND dateo BETWEEN '".$db->idate(d
elseif ($syear && $smonth && $sday) $sql.= " AND dateo BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $smonth, $sday, $syear))."' AND '".$db->idate(dol_mktime(23, 59, 59, $smonth, $sday, $syear))."'";
else dol_print_error('', 'Year not defined');
// Define filter on bank account
$sql.=" AND (b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CASH;
$sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CB;
$sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE;
$sql.=" AND (b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CASH);
$sql.=" OR b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CB);
$sql.=" OR b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE);
$sql.=")";
*/
$sql = "SELECT f.rowid as facid, f.ref, f.datef as do, pf.amount as amount, b.fk_account as bankid, cp.code";

2
htdocs/compta/clients.php
View File

@ -104,7 +104,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " WHERE s.fk_stcomm = st.id AND s.client in (1, 3)";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (dol_strlen($stcomm)) {
$sql .= " AND s.fk_stcomm=".((int) $stcomm);

2
htdocs/compta/deplacement/index.php
View File

@ -159,7 +159,7 @@ if (empty($user->rights->deplacement->readall) && empty($user->rights->deplaceme
$sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')';
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND d.fk_soc = ".((int) $socid);

2
htdocs/compta/deplacement/list.php
View File

@ -105,7 +105,7 @@ if (empty($user->rights->deplacement->readall) && empty($user->rights->deplaceme
$sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')';
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (sc.fk_user = ".$user->id." OR d.fk_soc IS NULL) ";
$sql .= " AND (sc.fk_user = ".((int) $user->id)." OR d.fk_soc IS NULL) ";
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);

16
htdocs/compta/facture/class/facture.class.php
View File

@ -2996,7 +2996,7 @@ class Facture extends CommonInvoice
$sql = "UPDATE ".MAIN_DB_PREFIX."facture";
$sql .= " SET fk_statut = ".self::STATUS_DRAFT;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$result = $this->db->query($sql);
if ($result) {
@ -4042,7 +4042,7 @@ class Facture extends CommonInvoice
$sql .= " WHERE f.entity IN (".getEntity('invoice').")";
$sql .= " AND f.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) { //restriction
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -4051,7 +4051,7 @@ class Facture extends CommonInvoice
$sql .= " AND f.fk_statut = ".self::STATUS_DRAFT;
}
if (is_object($excluser)) {
$sql .= " AND f.fk_user_author <> ".$excluser->id;
$sql .= " AND f.fk_user_author <> ".((int) $excluser->id);
}
$sql .= $this->db->order($sortfield, $sortorder);
$sql .= $this->db->plimit($limit, $offset);
@ -4233,14 +4233,14 @@ class Facture extends CommonInvoice
$sql .= " FROM ".MAIN_DB_PREFIX."facture as f";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON f.fk_soc = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = " AND";
}
$sql .= $clause." f.paye=0";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= " AND f.fk_statut = ".self::STATUS_VALIDATED;
if ($user->socid) {
$sql .= " AND f.fk_soc = ".$user->socid;
$sql .= " AND f.fk_soc = ".((int) $user->socid);
}
$resql = $this->db->query($sql);
@ -4480,7 +4480,7 @@ class Facture extends CommonInvoice
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON f.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." f.entity IN (".getEntity('invoice').")";
@ -5679,7 +5679,7 @@ class FactureLigne extends CommonInvoiceLine
return -1;
}
$sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet WHERE rowid = ".$this->rowid;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet WHERE rowid = ".((int) $this->rowid);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
if ($this->db->query($sql)) {
$this->db->commit();
@ -5719,7 +5719,7 @@ class FactureLigne extends CommonInvoiceLine
$sql .= ",total_localtax1=".price2num($this->total_localtax1)."";
$sql .= ",total_localtax2=".price2num($this->total_localtax2)."";
$sql .= ",total_ttc=".price2num($this->total_ttc)."";
$sql .= " WHERE rowid = ".$this->rowid;
$sql .= " WHERE rowid = ".((int) $this->rowid);
dol_syslog(get_class($this)."::update_total", LOG_DEBUG);

6
htdocs/compta/facture/class/facturestats.class.php
View File

@ -86,16 +86,16 @@ class FactureStats extends Stats
$this->where = " f.fk_statut >= 0";
$this->where .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$this->socid) {
$this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
$this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($mode == 'customer') {
$this->where .= " AND (f.fk_statut <> 3 OR f.close_code <> 'replaced')"; // Exclude replaced invoices as they are duplicated (we count closed invoices for other reasons)
}
if ($this->socid) {
$this->where .= " AND f.fk_soc = ".$this->socid;
$this->where .= " AND f.fk_soc = ".((int) $this->socid);
}
if ($this->userid > 0) {
$this->where .= ' AND f.fk_user_author = '.$this->userid;
$this->where .= ' AND f.fk_user_author = '.((int) $this->userid);
}
if (!empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) {
$this->where .= " AND f.type IN (0,1,2,5)";

28
htdocs/compta/facture/index.php
View File

@ -59,19 +59,33 @@ print load_fiche_titre($langs->trans("CustomersInvoicesArea"), '', 'bill');
print '<div class="fichecenter">';
print '<div class="fichethirdleft">';
print getNumberInvoicesPieChart('customers');
//print getCustomerInvoicePieChart($socid);
print '<br>';
print getCustomerInvoiceDraftTable($max, $socid);
$tmp = getNumberInvoicesPieChart('customers');
if ($tmp) {
print $tmp;
print '<br>';
}
$tmp = getCustomerInvoiceDraftTable($max, $socid);
if ($tmp) {
print $tmp;
print '<br>';
}
print '</div>';
print '<div class="fichetwothirdright">';
print '<div class="ficheaddleft">';
print getCustomerInvoiceLatestEditTable($maxLatestEditCount, $socid);
print '<br>';
print getCustomerInvoiceUnpaidOpenTable($max, $socid);
$tmp = getCustomerInvoiceLatestEditTable($maxLatestEditCount, $socid);
if ($tmp) {
print $tmp;
print '<br>';
}
$tmp = getCustomerInvoiceUnpaidOpenTable($max, $socid);
if ($tmp) {
print $tmp;
print '<br>';
}
print '</div>';
print '</div>';

2
htdocs/compta/facture/list.php
View File

@ -555,7 +555,7 @@ $sql .= $hookmanager->resPrint;
$sql .= ' WHERE f.fk_soc = s.rowid';
$sql .= ' AND f.entity IN ('.getEntity('invoice').')';
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($search_product_category > 0) {
$sql .= " AND cp.fk_categorie = ".((int) $search_product_category);

6
htdocs/compta/index.php
View File

@ -135,7 +135,7 @@ if (!empty($conf->facture->enabled) && !empty($user->rights->facture->lire)) {
$sql .= " WHERE s.rowid = f.fk_soc";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);
@ -280,7 +280,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
$sql .= " WHERE s.rowid = ff.fk_soc";
$sql .= " AND ff.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND ff.fk_soc = ".((int) $socid);
@ -592,7 +592,7 @@ if (!empty($conf->facture->enabled) && !empty($conf->commande->enabled) && $user
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);

14
htdocs/compta/paiement/cheque/class/remisecheque.class.php
View File

@ -290,7 +290,7 @@ class RemiseCheque extends CommonObject
$this->db->begin();
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bordereau_cheque";
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND entity = ".$conf->entity;
$resql = $this->db->query($sql);
@ -344,7 +344,7 @@ class RemiseCheque extends CommonObject
if ($this->errno == 0 && $numref) {
$sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque";
$sql .= " SET statut = 1, ref = '".$this->db->escape($numref)."'";
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND entity = ".$conf->entity;
$sql .= " AND statut = 0";
@ -585,7 +585,7 @@ class RemiseCheque extends CommonObject
$sql .= ", ".MAIN_DB_PREFIX."bordereau_cheque as bc";
$sql .= " WHERE b.fk_account = ba.rowid";
$sql .= " AND b.fk_bordereau = bc.rowid";
$sql .= " AND bc.rowid = ".$this->id;
$sql .= " AND bc.rowid = ".((int) $this->id);
$sql .= " AND bc.entity = ".$conf->entity;
$sql .= " ORDER BY b.dateo ASC, b.rowid ASC";
@ -661,7 +661,7 @@ class RemiseCheque extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque";
$sql .= " SET amount = ".price2num($total);
$sql .= ", nbcheque = ".((int) $nb);
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND entity = ".$conf->entity;
$resql = $this->db->query($sql);
@ -851,7 +851,7 @@ class RemiseCheque extends CommonObject
if ($user->rights->banque->cheque) {
$sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque";
$sql .= " SET date_bordereau = ".($date ? "'".$this->db->idate($date)."'" : 'null');
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog("RemiseCheque::set_date", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -880,8 +880,8 @@ class RemiseCheque extends CommonObject
// phpcs:enable
if ($user->rights->banque->cheque) {
$sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque";
$sql .= " SET ref = '".$ref."'";
$sql .= " WHERE rowid = ".$this->id;
$sql .= " SET ref = '".$this->db->escape($ref)."'";
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog("RemiseCheque::set_number", LOG_DEBUG);
$resql = $this->db->query($sql);

2
htdocs/compta/paiement/class/paiement.class.php
View File

@ -800,7 +800,7 @@ class Paiement extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX.'bank';
$sql .= " SET dateo = '".$this->db->idate($date)."', datev = '".$this->db->idate($date)."'";
$sql .= " WHERE rowid IN (SELECT fk_bank FROM ".MAIN_DB_PREFIX."bank_url WHERE type = '".$this->db->escape($type)."' AND url_id = ".$this->id.")";
$sql .= " WHERE rowid IN (SELECT fk_bank FROM ".MAIN_DB_PREFIX."bank_url WHERE type = '".$this->db->escape($type)."' AND url_id = ".((int) $this->id).")";
$sql .= " AND rappro = 0";
$result = $this->db->query($sql);

2
htdocs/compta/paiement/list.php
View File

@ -197,7 +197,7 @@ if (GETPOST("orphelins", "alpha")) {
}
$sql .= " WHERE p.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND sc.fk_user = ".$user->id;
$sql .= " AND sc.fk_user = ".((int) $user->id);
}
if ($socid > 0) {
$sql .= " AND f.fk_soc = ".((int) $socid);

2
htdocs/compta/paymentbybanktransfer/index.php
View File

@ -112,7 +112,7 @@ $sql .= " AND pfd.traite = 0";
$sql .= " AND pfd.ext_payment_id IS NULL";
$sql .= " AND pfd.fk_facture_fourn = f.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);

42
htdocs/compta/prelevement/class/bonprelevement.class.php
View File

@ -203,7 +203,7 @@ class BonPrelevement extends CommonObject
*/
$sql = "SELECT rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes";
$sql .= " WHERE fk_prelevement_bons = ".$this->id;
$sql .= " WHERE fk_prelevement_bons = ".((int) $this->id);
$sql .= " AND fk_soc =".((int) $client_id);
$sql .= " AND code_banque = '".$this->db->escape($code_banque)."'";
$sql .= " AND code_guichet = '".$this->db->escape($code_guichet)."'";
@ -348,8 +348,8 @@ class BonPrelevement extends CommonObject
if ($this->db->begin()) {
$sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_bons";
$sql .= " SET statut = ".self::STATUS_TRANSFERED;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " AND entity = ".$conf->entity;
$sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND entity = ".((int) $conf->entity);
$result = $this->db->query($sql);
if (!$result) {
@ -374,7 +374,7 @@ class BonPrelevement extends CommonObject
if (!$error) {
$sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_lignes";
$sql .= " SET statut = 2";
$sql .= " WHERE fk_prelevement_bons = ".$this->id;
$sql .= " WHERE fk_prelevement_bons = ".((int) $this->id);
if (!$this->db->query($sql)) {
dol_syslog(get_class($this)."::set_credite Erreur 1");
@ -429,7 +429,7 @@ class BonPrelevement extends CommonObject
$sql .= ", statut = ".self::STATUS_CREDITED;
$sql .= ", date_credit = '".$this->db->idate($date)."'";
$sql .= " WHERE rowid=".((int) $this->id);
$sql .= " AND entity = ".$conf->entity;
$sql .= " AND entity = ".((int) $conf->entity);
$sql .= " AND statut = ".self::STATUS_TRANSFERED;
$resql = $this->db->query($sql);
@ -528,7 +528,7 @@ class BonPrelevement extends CommonObject
if (!$error) {
$sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_lignes";
$sql .= " SET statut = 2";
$sql .= " WHERE fk_prelevement_bons = ".$this->id;
$sql .= " WHERE fk_prelevement_bons = ".((int) $this->id);
if (!$this->db->query($sql)) {
dol_syslog(get_class($this)."::set_infocredit Update lines Error");
@ -582,8 +582,8 @@ class BonPrelevement extends CommonObject
$sql .= " , date_trans = '".$this->db->idate($date)."'";
$sql .= " , method_trans = ".((int) $method);
$sql .= " , statut = ".self::STATUS_TRANSFERED;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " AND entity = ".$conf->entity;
$sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND entity = ".((int) $conf->entity);
$sql .= " AND statut = 0";
if ($this->db->query($sql)) {
@ -646,8 +646,8 @@ class BonPrelevement extends CommonObject
$sql .= " , ".MAIN_DB_PREFIX."prelevement_facture as pf";
$sql .= " WHERE pf.fk_prelevement_lignes = pl.rowid";
$sql .= " AND pl.fk_prelevement_bons = p.rowid";
$sql .= " AND p.rowid = ".$this->id;
$sql .= " AND p.entity = ".$conf->entity;
$sql .= " AND p.rowid = ".((int) $this->id);
$sql .= " AND p.entity = ".((int) $conf->entity);
if ($amounts) {
if ($this->type == 'bank-transfer') {
$sql .= " GROUP BY fk_facture_fourn";
@ -989,7 +989,7 @@ class BonPrelevement extends CommonObject
$sql = "SELECT substring(ref from char_length(ref) - 1)";
$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_bons";
$sql .= " WHERE ref LIKE '%".$this->db->escape($ref)."%'";
$sql .= " AND entity = ".$conf->entity;
$sql .= " AND entity = ".((int) $conf->entity);
$sql .= " ORDER BY ref DESC LIMIT 1";
dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG);
@ -1076,7 +1076,7 @@ class BonPrelevement extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande";
$sql .= " SET traite = 1";
$sql .= ", date_traite = '".$this->db->idate($now)."'";
$sql .= ", fk_prelevement_bons = ".$this->id;
$sql .= ", fk_prelevement_bons = ".((int) $this->id);
$sql .= " WHERE rowid = ".((int) $fac[1]);
$resql = $this->db->query($sql);
@ -1141,7 +1141,7 @@ class BonPrelevement extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_bons";
$sql .= " SET amount = ".price2num($this->total);
$sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND entity = ".$conf->entity;
$sql .= " AND entity = ".((int) $conf->entity);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1205,7 +1205,7 @@ class BonPrelevement extends CommonObject
}
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_facture WHERE fk_prelevement_lignes IN (SELECT rowid FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".$this->id.")";
$sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_facture WHERE fk_prelevement_lignes IN (SELECT rowid FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".((int) $this->id).")";
$resql1 = $this->db->query($sql);
if (!$resql1) {
dol_print_error($this->db);
@ -1213,7 +1213,7 @@ class BonPrelevement extends CommonObject
}
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".((int) $this->id);
$resql2 = $this->db->query($sql);
if (!$resql2) {
dol_print_error($this->db);
@ -1221,7 +1221,7 @@ class BonPrelevement extends CommonObject
}
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_bons WHERE rowid = ".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_bons WHERE rowid = ".((int) $this->id);
$resql3 = $this->db->query($sql);
if (!$resql3) {
dol_print_error($this->db);
@ -1229,7 +1229,7 @@ class BonPrelevement extends CommonObject
}
if (!$error) {
$sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande SET fk_prelevement_bons = NULL, traite = 0 WHERE fk_prelevement_bons = ".$this->id;
$sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande SET fk_prelevement_bons = NULL, traite = 0 WHERE fk_prelevement_bons = ".((int) $this->id);
$resql4 = $this->db->query($sql);
if (!$resql4) {
dol_print_error($this->db);
@ -1491,7 +1491,7 @@ class BonPrelevement extends CommonObject
$sql .= " ".MAIN_DB_PREFIX."societe as soc,";
$sql .= " ".MAIN_DB_PREFIX."c_country as c,";
$sql .= " ".MAIN_DB_PREFIX."societe_rib as rib";
$sql .= " WHERE pl.fk_prelevement_bons = ".$this->id;
$sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id);
$sql .= " AND pl.rowid = pf.fk_prelevement_lignes";
$sql .= " AND pf.fk_facture = f.rowid";
$sql .= " AND f.fk_soc = soc.rowid";
@ -1607,7 +1607,7 @@ class BonPrelevement extends CommonObject
$sql .= " ".MAIN_DB_PREFIX."societe as soc,";
$sql .= " ".MAIN_DB_PREFIX."c_country as c,";
$sql .= " ".MAIN_DB_PREFIX."societe_rib as rib";
$sql .= " WHERE pl.fk_prelevement_bons = ".$this->id;
$sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id);
$sql .= " AND pl.rowid = pf.fk_prelevement_lignes";
$sql .= " AND pf.fk_facture_fourn = f.rowid";
$sql .= " AND f.fk_soc = soc.rowid";
@ -1697,7 +1697,7 @@ class BonPrelevement extends CommonObject
$sql .= " ".MAIN_DB_PREFIX."prelevement_lignes as pl,";
$sql .= " ".MAIN_DB_PREFIX."facture as f,";
$sql .= " ".MAIN_DB_PREFIX."prelevement_facture as pf";
$sql .= " WHERE pl.fk_prelevement_bons = ".$this->id;
$sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id);
$sql .= " AND pl.rowid = pf.fk_prelevement_lignes";
$sql .= " AND pf.fk_facture = f.rowid";
@ -1723,7 +1723,7 @@ class BonPrelevement extends CommonObject
$sql .= " ".MAIN_DB_PREFIX."prelevement_lignes as pl,";
$sql .= " ".MAIN_DB_PREFIX."facture_fourn as f,";
$sql .= " ".MAIN_DB_PREFIX."prelevement_facture as pf";
$sql .= " WHERE pl.fk_prelevement_bons = ".$this->id;
$sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id);
$sql .= " AND pl.rowid = pf.fk_prelevement_lignes";
$sql .= " AND pf.fk_facture_fourn = f.rowid";

2
htdocs/compta/prelevement/demandes.php
View File

@ -138,7 +138,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " WHERE s.rowid = f.fk_soc";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);

2
htdocs/compta/prelevement/index.php
View File

@ -112,7 +112,7 @@ $sql .= " AND pfd.traite = 0";
$sql .= " AND pfd.ext_payment_id IS NULL";
$sql .= " AND pfd.fk_facture = f.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);

4
htdocs/compta/resultat/clientfourn.php
View File

@ -614,9 +614,9 @@ if ($modecompta == 'BOOKKEEPING') {
}
}
$sql .= " AND f.entity = ".$conf->entity;
$sql .= " AND f.entity = ".((int) $conf->entity);
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
$sql .= " GROUP BY name, socid";
$sql .= $db->order($sortfield, $sortorder);

2
htdocs/compta/sociales/class/chargesociales.class.php
View File

@ -301,7 +301,7 @@ class ChargeSociales extends CommonObject
// Delete payments
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."paiementcharge WHERE fk_charge=".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."paiementcharge WHERE fk_charge=".((int) $this->id);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {

2
htdocs/compta/sociales/class/paymentsocialcontribution.class.php
View File

@ -777,7 +777,7 @@ class PaymentSocialContribution extends CommonObject
$type = 'bank';
$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->bank_line;
$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->bank_line);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);

26
htdocs/contact/class/contact.class.php
View File

@ -385,13 +385,13 @@ class Contact extends CommonObject
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= ' '.$clause.' sp.entity IN ('.getEntity($this->element).')';
$sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".$user->id."))";
$sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".((int) $user->id)."))";
if ($user->socid > 0) {
$sql .= " AND sp.fk_soc = ".$user->socid;
$sql .= " AND sp.fk_soc = ".((int) $user->socid);
}
$resql = $this->db->query($sql);
@ -1068,7 +1068,7 @@ class Contact extends CommonObject
// Search Dolibarr user linked to this contact
$sql = "SELECT u.rowid ";
$sql .= " FROM ".MAIN_DB_PREFIX."user as u";
$sql .= " WHERE u.fk_socpeople = ".$this->id;
$sql .= " WHERE u.fk_socpeople = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
@ -1091,7 +1091,7 @@ class Contact extends CommonObject
if ($user) {
$sql = "SELECT fk_user";
$sql .= " FROM ".MAIN_DB_PREFIX."user_alert";
$sql .= " WHERE fk_user = ".$user->id." AND fk_contact = ".$this->db->escape($id);
$sql .= " WHERE fk_user = ".((int) $user->id)." AND fk_contact = ".((int) $id);
$resql = $this->db->query($sql);
if ($resql) {
@ -1162,7 +1162,7 @@ class Contact extends CommonObject
$sql = "SELECT tc.element, count(ec.rowid) as nb";
$sql .= " FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as tc";
$sql .= " WHERE ec.fk_c_type_contact = tc.rowid";
$sql .= " AND fk_socpeople = ".$this->id;
$sql .= " AND fk_socpeople = ".((int) $this->id);
$sql .= " AND tc.source = 'external'";
$sql .= " GROUP BY tc.element";
@ -1211,7 +1211,7 @@ class Contact extends CommonObject
$sql = "SELECT ec.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."element_contact ec,";
$sql .= " ".MAIN_DB_PREFIX."c_type_contact tc";
$sql .= " WHERE ec.fk_socpeople=".$this->id;
$sql .= " WHERE ec.fk_socpeople=".((int) $this->id);
$sql .= " AND ec.fk_c_type_contact=tc.rowid";
$sql .= " AND tc.source='external'";
dol_syslog(__METHOD__, LOG_DEBUG);
@ -1242,7 +1242,7 @@ class Contact extends CommonObject
if (!$error) {
// Remove Roles
$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1254,7 +1254,7 @@ class Contact extends CommonObject
if (!$error) {
// Remove Roles
$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1266,7 +1266,7 @@ class Contact extends CommonObject
if (!$error) {
// Remove category
$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_contact WHERE fk_socpeople = ".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_contact WHERE fk_socpeople = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1727,7 +1727,7 @@ class Contact extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."societe_contacts as sc, ".MAIN_DB_PREFIX."c_type_contact as tc";
$sql .= " WHERE tc.rowid = sc.fk_c_type_contact";
$sql .= " AND tc.source = 'external' AND tc.active=1";
$sql .= " AND sc.fk_socpeople = ".$this->id;
$sql .= " AND sc.fk_socpeople = ".((int) $this->id);
$sql .= " AND sc.entity IN (".getEntity('societe').')';
$resql = $this->db->query($sql);
@ -2040,7 +2040,7 @@ class Contact extends CommonObject
$obj = $this->db->fetch_object($resql);
$noemail = $obj->nb;
if (empty($noemail)) {
$sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe(email, entity, date_creat) VALUES ('".$this->db->escape($this->email)."', ".$this->db->escape(getEntity('mailing', 0)).", '".$this->db->idate(dol_now())."')";
$sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe(email, entity, date_creat) VALUES ('".$this->db->escape($this->email)."', ".getEntity('mailing', 0).", '".$this->db->idate(dol_now())."')";
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
@ -2054,7 +2054,7 @@ class Contact extends CommonObject
$this->errors[] = $this->error;
}
} else {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = '".$this->db->escape($this->email)."' AND entity = ".$this->db->escape(getEntity('mailing', 0));
$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = '".$this->db->escape($this->email)."' AND entity IN (".getEntity('mailing', 0).")";
$resql = $this->db->query($sql);
if (!$resql) {
$error++;

6
htdocs/contact/list.php
View File

@ -389,7 +389,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
}
$sql .= ' WHERE p.entity IN ('.getEntity('socpeople').')';
if (!$user->rights->societe->client->voir && !$socid) { //restriction
$sql .= " AND (sc.fk_user = ".$user->id." OR p.fk_soc IS NULL)";
$sql .= " AND (sc.fk_user = ".((int) $user->id)." OR p.fk_soc IS NULL)";
}
if (!empty($userid)) { // propre au commercial
$sql .= " AND p.fk_user_creat=".((int) $userid);
@ -403,13 +403,13 @@ if ($search_stcomm != '' && $search_stcomm != -2) {
// Filter to exclude not owned private contacts
if ($search_priv != '0' && $search_priv != '1') {
$sql .= " AND (p.priv='0' OR (p.priv='1' AND p.fk_user_creat=".$user->id."))";
$sql .= " AND (p.priv='0' OR (p.priv='1' AND p.fk_user_creat=".((int) $user->id)."))";
} else {
if ($search_priv == '0') {
$sql .= " AND p.priv='0'";
}
if ($search_priv == '1') {
$sql .= " AND (p.priv='1' AND p.fk_user_creat=".$user->id.")";
$sql .= " AND (p.priv='1' AND p.fk_user_creat=".((int) $user->id).")";
}
}

26
htdocs/contrat/class/contrat.class.php
View File

@ -792,7 +792,7 @@ class Contrat extends CommonObject
$sql .= " d.fk_unit,";
$sql .= " d.product_type as type";
$sql .= " FROM ".MAIN_DB_PREFIX."contratdet as d LEFT JOIN ".MAIN_DB_PREFIX."product as p ON d.fk_product = p.rowid";
$sql .= " WHERE d.fk_contrat = ".$this->id;
$sql .= " WHERE d.fk_contrat = ".((int) $this->id);
$sql .= " ORDER by d.rowid ASC";
dol_syslog(get_class($this)."::fetch_lines", LOG_DEBUG);
@ -1150,11 +1150,11 @@ class Contrat extends CommonObject
/*
$sql = "DELETE cdl";
$sql.= " FROM ".MAIN_DB_PREFIX."contratdet_log as cdl, ".MAIN_DB_PREFIX."contratdet as cd";
$sql.= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".$this->id;
$sql.= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".((int) $this->id);
*/
$sql = "SELECT cdl.rowid as cdlrowid ";
$sql .= " FROM ".MAIN_DB_PREFIX."contratdet_log as cdl, ".MAIN_DB_PREFIX."contratdet as cd";
$sql .= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".$this->id;
$sql .= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".((int) $this->id);
dol_syslog(get_class($this)."::delete contratdet_log", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -1188,7 +1188,7 @@ class Contrat extends CommonObject
// Delete contratdet extrafields
$main = MAIN_DB_PREFIX.'contratdet';
$ef = $main."_extrafields";
$sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_contrat = ".$this->id.")";
$sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_contrat = ".((int) $this->id).")";
dol_syslog(get_class($this)."::delete contratdet_extrafields", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -1201,7 +1201,7 @@ class Contrat extends CommonObject
if (!$error) {
// Delete contratdet
$sql = "DELETE FROM ".MAIN_DB_PREFIX."contratdet";
$sql .= " WHERE fk_contrat=".$this->id;
$sql .= " WHERE fk_contrat=".((int) $this->id);
dol_syslog(get_class($this)."::delete contratdet", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -1213,7 +1213,7 @@ class Contrat extends CommonObject
// Delete llx_ecm_files
if (!$error) {
$sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".$this->id;
$sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
$this->error = $this->db->lasterror();
@ -2105,7 +2105,7 @@ class Contrat extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."contratdet as cd";
$sql .= " WHERE fk_contrat =".$this->id;
if ($status >= 0) {
$sql .= " AND statut = ".$status;
$sql .= " AND statut = ".((int) $status);
}
dol_syslog(get_class($this)."::array_detail()", LOG_DEBUG);
@ -2205,12 +2205,12 @@ class Contrat extends CommonObject
//$sql.= " AND cd.date_fin_validite < '".$this->db->idate($datetouse)."'";
}
$sql .= " AND c.fk_soc = s.rowid";
$sql .= " AND c.entity = ".$conf->entity;
$sql .= " AND c.entity = ".((int) $conf->entity);
if ($user->socid) {
$sql .= " AND c.fk_soc = ".$user->socid;
$sql .= " AND c.fk_soc = ".((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$resql = $this->db->query($sql);
@ -2279,7 +2279,7 @@ class Contrat extends CommonObject
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." c.entity = ".$conf->entity;
@ -3120,7 +3120,7 @@ class ContratLigne extends CommonObjectLine
if ($this->date_ouverture_prevue != $this->oldcopy->date_ouverture_prevue) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.'contratdet SET';
$sql .= " date_ouverture_prevue = ".($this->date_ouverture_prevue != '' ? "'".$this->db->idate($this->date_ouverture_prevue)."'" : "null");
$sql .= " WHERE fk_contrat = ".$this->fk_contrat;
$sql .= " WHERE fk_contrat = ".((int) $this->fk_contrat);
$resql = $this->db->query($sql);
if (!$resql) {
@ -3131,7 +3131,7 @@ class ContratLigne extends CommonObjectLine
if ($this->date_fin_validite != $this->oldcopy->date_fin_validite) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.'contratdet SET';
$sql .= " date_fin_validite = ".($this->date_fin_validite != '' ? "'".$this->db->idate($this->date_fin_validite)."'" : "null");
$sql .= " WHERE fk_contrat = ".$this->fk_contrat;
$sql .= " WHERE fk_contrat = ".((int) $this->fk_contrat);
$resql = $this->db->query($sql);
if (!$resql) {

14
htdocs/contrat/index.php
View File

@ -102,7 +102,7 @@ if ($user->socid) {
$sql .= ' AND c.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY cd.statut";
$resql = $db->query($sql);
@ -139,7 +139,7 @@ if ($user->socid) {
$sql .= ' AND c.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY cd.statut";
$resql = $db->query($sql);
@ -247,7 +247,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire) {
$sql .= " AND c.entity IN (".getEntity('contract', 0).")";
$sql .= " AND c.statut = 0";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
@ -320,7 +320,7 @@ $sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('contract', 0).")";
$sql .= " AND c.statut > 0";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -395,7 +395,7 @@ $sql .= " WHERE c.entity IN (".getEntity('contract', 0).")";
$sql .= " AND cd.fk_contrat = c.rowid";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -477,7 +477,7 @@ $sql .= " AND cd.statut = 0";
$sql .= " AND cd.fk_contrat = c.rowid";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -559,7 +559,7 @@ $sql .= " AND cd.date_fin_validite < '".$db->idate($now)."'";
$sql .= " AND cd.fk_contrat = c.rowid";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);

2
htdocs/contrat/list.php
View File

@ -271,7 +271,7 @@ if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= dolSqlDateFilter('c.date_contrat', $day, $month, $year);
if ($search_name) {

2
htdocs/contrat/services_list.php
View File

@ -262,7 +262,7 @@ if ($search_product_category > 0) {
}
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($mode == "0") {
$sql .= " AND cd.statut = 0";

6
htdocs/core/boxes/box_actions.php
View File

@ -100,13 +100,13 @@ class box_actions extends ModeleBoxes
$sql .= " AND a.entity IN (".getEntity('actioncomm').")";
$sql .= " AND a.percent >= 0 AND a.percent < 100";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!$user->rights->agenda->allactions->read) {
$sql .= " AND (a.fk_user_author = ".$user->id." OR a.fk_user_action = ".$user->id." OR a.fk_user_done = ".$user->id.")";
$sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id).")";
}
$sql .= " ORDER BY a.datec DESC";
$sql .= $this->db->plimit($max, 0);

12
htdocs/core/boxes/box_activity.php
View File

@ -120,10 +120,10 @@ class box_activity extends ModeleBoxes
$sql .= " WHERE p.entity IN (".getEntity('propal').")";
$sql .= " AND p.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " AND p.datep >= '".$this->db->idate($tmpdate)."'";
$sql .= " AND p.date_cloture IS NULL"; // just unclosed
@ -210,10 +210,10 @@ class box_activity extends ModeleBoxes
$sql .= " WHERE c.entity IN (".getEntity('commande').")";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " AND c.date_commande >= '".$this->db->idate($tmpdate)."'";
$sql .= " GROUP BY c.fk_statut";
@ -297,10 +297,10 @@ class box_activity extends ModeleBoxes
$sql .= ")";
$sql .= " WHERE f.entity IN (".getEntity('invoice').')';
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " AND f.fk_soc = s.rowid";
$sql .= " AND f.datef >= '".$this->db->idate($tmpdate)."' AND f.paye=1";

4
htdocs/core/boxes/box_clients.php
View File

@ -98,10 +98,10 @@ class box_clients extends ModeleBoxes
$sql .= " WHERE s.client IN (1, 3)";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " ORDER BY s.tms DESC";
$sql .= $this->db->plimit($max, 0);

4
htdocs/core/boxes/box_commandes.php
View File

@ -110,10 +110,10 @@ class box_commandes extends ModeleBoxes
$sql .= " AND c.fk_statut = 1";
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY c.date_commande DESC, c.ref DESC ";

4
htdocs/core/boxes/box_contacts.php
View File

@ -98,10 +98,10 @@ class box_contacts extends ModeleBoxes
}
$sql .= " WHERE sp.entity IN (".getEntity('socpeople').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND sp.fk_soc = ".$user->socid;
$sql .= " AND sp.fk_soc = ".((int) $user->socid);
}
$sql .= " ORDER BY sp.tms DESC";
$sql .= $this->db->plimit($max, 0);

4
htdocs/core/boxes/box_contracts.php
View File

@ -92,10 +92,10 @@ class box_contracts extends ModeleBoxes
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (! empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY c.date_contrat DESC, c.ref DESC ";

2
htdocs/core/boxes/box_customers_outstanding_bill_reached.php
View File

@ -99,7 +99,7 @@ class box_customers_outstanding_bill_reached extends ModeleBoxes
$sql .= " WHERE s.client IN (1, 3)";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = $user->socid";

4
htdocs/core/boxes/box_factures.php
View File

@ -107,10 +107,10 @@ class box_factures extends ModeleBoxes
$sql .= " WHERE f.fk_soc = s.rowid";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY f.datef DESC, f.ref DESC ";

4
htdocs/core/boxes/box_factures_fourn.php
View File

@ -106,10 +106,10 @@ class box_factures_fourn extends ModeleBoxes
$sql .= " WHERE f.fk_soc = s.rowid";
$sql .= " AND f.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY f.datef DESC, f.ref DESC ";

4
htdocs/core/boxes/box_factures_fourn_imp.php
View File

@ -102,10 +102,10 @@ class box_factures_fourn_imp extends ModeleBoxes
$sql .= " AND f.paye = 0";
$sql .= " AND fk_statut = 1";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " ORDER BY datelimite DESC, f.ref_supplier DESC ";
$sql .= $this->db->plimit($max, 0);

4
htdocs/core/boxes/box_factures_imp.php
View File

@ -110,10 +110,10 @@ class box_factures_imp extends ModeleBoxes
$sql .= " AND f.paye = 0";
$sql .= " AND fk_statut = 1";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " GROUP BY s.rowid, s.nom, s.name_alias, s.code_client, s.code_compta, s.client, s.logo, s.email, s.entity, s.tva_intra, s.siren, s.siret, s.ape, s.idprof4, s.idprof5, s.idprof6,";
$sql .= " f.ref, f.date_lim_reglement,";

4
htdocs/core/boxes/box_ficheinter.php
View File

@ -96,10 +96,10 @@ class box_ficheinter extends ModeleBoxes
$sql .= " WHERE f.fk_soc = s.rowid ";
$sql .= " AND f.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " ORDER BY f.tms DESC";
$sql .= $this->db->plimit($max, 0);

4
htdocs/core/boxes/box_fournisseurs.php
View File

@ -93,10 +93,10 @@ class box_fournisseurs extends ModeleBoxes
$sql .= " WHERE s.fournisseur = 1";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " ORDER BY s.tms DESC ";
$sql .= $this->db->plimit($max, 0);

8
htdocs/core/boxes/box_last_modified_ticket.php
View File

@ -94,14 +94,14 @@ class box_last_modified_ticket extends ModeleBoxes
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid=t.fk_soc";
$sql .= " WHERE t.entity = ".$conf->entity;
$sql .= " WHERE t.entity IN (".getEntity('ticket').')';
// $sql.= " AND e.rowid = er.fk_event";
//if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
//if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
if ($user->socid) {
$sql .= " AND t.fk_soc= ".$user->socid;
$sql .= " AND t.fk_soc = ".((int) $user->socid);
}
$sql .= " ORDER BY t.tms DESC, t.rowid DESC ";
$sql .= " ORDER BY t.tms DESC, t.rowid DESC";
$sql .= $this->db->plimit($max, 0);
$resql = $this->db->query($sql);

7
htdocs/core/boxes/box_last_ticket.php
View File

@ -93,12 +93,11 @@ class box_last_ticket extends ModeleBoxes
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_category as category ON category.code=t.category_code";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid=t.fk_soc";
$sql .= " WHERE t.entity = ".$conf->entity;
$sql .= " WHERE t.entity IN (".getEntity('ticket').")";
// $sql.= " AND e.rowid = er.fk_event";
//if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
//if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
if ($user->socid) {
$sql .= " AND t.fk_soc= ".$user->socid;
$sql .= " AND t.fk_soc= ".((int) $user->socid);
}
//$sql.= " AND t.fk_statut > 9";

5
htdocs/core/boxes/box_project.php
View File

@ -136,8 +136,9 @@ class box_project extends ModeleBoxes
$sql = "SELECT count(*) as nb, sum(progress) as totprogress";
$sql .= " FROM ".MAIN_DB_PREFIX."projet as p LEFT JOIN ".MAIN_DB_PREFIX."projet_task as pt on pt.fk_projet = p.rowid";
$sql .= " WHERE p.entity IN (".getEntity('project').')';
$sql .= " AND p.rowid = ".$objp->rowid;
$sql .= " WHERE p.entity IN (".getEntity('project').')';
$sql .= " AND p.rowid = ".((int) $objp->rowid);
$resultTask = $this->db->query($sql);
if ($resultTask) {
$objTask = $this->db->fetch_object($resultTask);

4
htdocs/core/boxes/box_propales.php
View File

@ -96,10 +96,10 @@ class box_propales extends ModeleBoxes
$sql .= " WHERE p.fk_soc = s.rowid";
$sql .= " AND p.entity IN (".getEntity('propal').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY p.datep DESC, p.ref DESC ";

4
htdocs/core/boxes/box_prospect.php
View File

@ -99,10 +99,10 @@ class box_prospect extends ModeleBoxes
$sql .= " WHERE s.client IN (2, 3)";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " ORDER BY s.tms DESC";
$sql .= $this->db->plimit($max, 0);

4
htdocs/core/boxes/box_services_contracts.php
View File

@ -96,12 +96,12 @@ class box_services_contracts extends ModeleBoxes
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."contratdet as cd ON c.rowid = cd.fk_contrat";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= ")";
$sql .= " WHERE c.entity = ".$conf->entity;
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= $this->db->order("c.tms", "DESC");
$sql .= $this->db->plimit($max, 0);

2
htdocs/core/boxes/box_services_expired.php
View File

@ -96,7 +96,7 @@ class box_services_expired extends ModeleBoxes
$sql .= ' AND c.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY c.rowid, c.ref, c.statut, c.date_contrat, c.ref_customer, c.ref_supplier, s.nom, s.rowid";
$sql .= ", s.email, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur";

4
htdocs/core/boxes/box_shipments.php
View File

@ -109,10 +109,10 @@ class box_shipments extends ModeleBoxes
$sql .= " AND e.fk_statut = 1";
}
if ($user->socid > 0) {
$sql.= " AND s.rowid = ".$user->socid;
$sql.= " AND s.rowid = ".((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND sc.fk_user = ".$user->id;
$sql .= " AND sc.fk_user = ".((int) $user->id);
} else {
$sql .= " ORDER BY e.date_delivery, e.ref DESC ";
}

4
htdocs/core/boxes/box_supplier_orders.php
View File

@ -98,10 +98,10 @@ class box_supplier_orders extends ModeleBoxes
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('supplier_order').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY c.date_commande DESC, c.ref DESC ";

4
htdocs/core/boxes/box_supplier_orders_awaiting_reception.php
View File

@ -99,10 +99,10 @@ class box_supplier_orders_awaiting_reception extends ModeleBoxes
$sql .= " AND c.entity IN (".getEntity('supplier_order').")";
$sql .= " AND c.fk_statut IN (".CommandeFournisseur::STATUS_ORDERSENT.", ".CommandeFournisseur::STATUS_RECEIVED_PARTIALLY.")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY c.date_commande DESC, c.ref DESC";

2
htdocs/core/boxes/box_validated_projects.php
View File

@ -118,7 +118,7 @@ class box_validated_projects extends ModeleBoxes
if ($projectsListId) {
$sql .= ' AND p.rowid IN ('.$this->db->sanitize($projectsListId).')'; // Only project we ara allowed
}
$sql .= " AND t.rowid NOT IN (SELECT fk_task FROM ".MAIN_DB_PREFIX."projet_task_time WHERE fk_user =".$user->id.")";
$sql .= " AND t.rowid NOT IN (SELECT fk_task FROM ".MAIN_DB_PREFIX."projet_task_time WHERE fk_user = ".((int) $user->id).")";
$sql .= " GROUP BY p.rowid, p.ref, p.fk_soc, p.dateo";
$sql .= " ORDER BY p.dateo ASC";

2
htdocs/core/class/commoninvoice.class.php
View File

@ -462,7 +462,7 @@ abstract class CommonInvoice extends CommonObject
$type = 'supplier_invoice';
}
$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->id;
$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);

44
htdocs/core/class/commonobject.class.php
View File

@ -1834,7 +1834,7 @@ abstract class CommonObject
if (!empty($element)) {
$sql .= " AND entity IN (".getEntity($element).")";
} else {
$sql .= " AND entity = ".$conf->entity;
$sql .= " AND entity = ".((int) $conf->entity);
}
dol_syslog(get_class($this).'::fetchObjectFrom', LOG_DEBUG);
@ -1983,7 +1983,7 @@ abstract class CommonObject
/**
* Load properties id_previous and id_next by comparing $fieldid with $this->ref
*
* @param string $filter Optional filter. Example: " AND (t.field1 = 'aa' OR t.field2 = 'bb')"
* @param string $filter Optional filter. Example: " AND (t.field1 = 'aa' OR t.field2 = 'bb')". Do not allow user input data here.
* @param string $fieldid Name of field to use for the select MAX and MIN
* @param int $nodbprefix Do not include DB prefix to forge table name
* @return int <0 if KO, >0 if OK
@ -2032,10 +2032,10 @@ abstract class CommonObject
}
$sql .= " WHERE te.".$fieldid." < '".$this->db->escape($fieldid == 'rowid' ? $this->id : $this->ref)."'"; // ->ref must always be defined (set to id if field does not exists)
if ($restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) {
$sql .= " AND sc.fk_user = ".$user->id;
$sql .= " AND sc.fk_user = ".((int) $user->id);
}
if ($restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (sc.fk_user = ".$user->id.' OR te.fk_soc IS NULL)';
$sql .= " AND (sc.fk_user = ".((int) $user->id).' OR te.fk_soc IS NULL)';
}
if (!empty($filter)) {
if (!preg_match('/^\s*AND/i', $filter)) {
@ -2102,10 +2102,10 @@ abstract class CommonObject
}
$sql .= " WHERE te.".$fieldid." > '".$this->db->escape($fieldid == 'rowid' ? $this->id : $this->ref)."'"; // ->ref must always be defined (set to id if field does not exists)
if ($restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) {
$sql .= " AND sc.fk_user = ".$user->id;
$sql .= " AND sc.fk_user = ".((int) $user->id);
}
if ($restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (sc.fk_user = ".$user->id.' OR te.fk_soc IS NULL)';
$sql .= " AND (sc.fk_user = ".((int) $user->id).' OR te.fk_soc IS NULL)';
}
if (!empty($filter)) {
if (!preg_match('/^\s*AND/i', $filter)) {
@ -3886,14 +3886,14 @@ abstract class CommonObject
$sql = "UPDATE " . MAIN_DB_PREFIX . "element_element SET ";
if ($updatesource) {
$sql .= "fk_source = " . $sourceid;
$sql .= "fk_source = " . ((int) $sourceid);
$sql .= ", sourcetype = '" . $this->db->escape($sourcetype) . "'";
$sql .= " WHERE fk_target = " . $this->id;
$sql .= " WHERE fk_target = " . ((int) $this->id);
$sql .= " AND targettype = '" . $this->db->escape($this->element) . "'";
} elseif ($updatetarget) {
$sql .= "fk_target = " . $targetid;
$sql .= "fk_target = " . ((int) $targetid);
$sql .= ", targettype = '" . $this->db->escape($targettype) . "'";
$sql .= " WHERE fk_source = " . $this->id;
$sql .= " WHERE fk_source = " . ((int) $this->id);
$sql .= " AND sourcetype = '" . $this->db->escape($this->element) . "'";
}
@ -3979,15 +3979,15 @@ abstract class CommonObject
$sql .= " rowid = " . ((int) $rowid);
} else {
if ($deletesource) {
$sql .= " fk_source = " . $sourceid . " AND sourcetype = '" . $this->db->escape($sourcetype) . "'";
$sql .= " AND fk_target = " . $this->id . " AND targettype = '" . $this->db->escape($this->element) . "'";
$sql .= " fk_source = " . ((int) $sourceid) . " AND sourcetype = '" . $this->db->escape($sourcetype) . "'";
$sql .= " AND fk_target = " . ((int) $this->id) . " AND targettype = '" . $this->db->escape($this->element) . "'";
} elseif ($deletetarget) {
$sql .= " fk_target = " . $targetid . " AND targettype = '" . $this->db->escape($targettype) . "'";
$sql .= " AND fk_source = " . $this->id . " AND sourcetype = '" . $this->db->escape($this->element) . "'";
$sql .= " fk_target = " . ((int) $targetid) . " AND targettype = '" . $this->db->escape($targettype) . "'";
$sql .= " AND fk_source = " . ((int) $this->id) . " AND sourcetype = '" . $this->db->escape($this->element) . "'";
} else {
$sql .= " (fk_source = " . $this->id . " AND sourcetype = '" . $this->db->escape($this->element) . "')";
$sql .= " (fk_source = " . ((int) $this->id) . " AND sourcetype = '" . $this->db->escape($this->element) . "')";
$sql .= " OR";
$sql .= " (fk_target = " . $this->id . " AND targettype = '" . $this->db->escape($this->element) . "')";
$sql .= " (fk_target = " . ((int) $this->id) . " AND targettype = '" . $this->db->escape($this->element) . "')";
}
}
@ -5488,7 +5488,7 @@ abstract class CommonObject
$sql = "SELECT rowid, property, lang , value";
$sql .= " FROM ".MAIN_DB_PREFIX."object_lang";
$sql .= " WHERE type_object = '".$this->db->escape($element)."'";
$sql .= " AND fk_object = ".$this->id;
$sql .= " AND fk_object = ".((int) $this->id);
//dol_syslog(get_class($this)."::fetch_optionals get extrafields data for ".$this->table_element, LOG_DEBUG); // Too verbose
$resql = $this->db->query($sql);
@ -5765,7 +5765,7 @@ abstract class CommonObject
dol_syslog(get_class($this)."::deleteExtraFields delete", LOG_DEBUG);
$sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".$this->id;
$sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".((int) $this->id);
$resql = $this->db->query($sql_del);
if (!$resql) {
@ -5965,7 +5965,7 @@ abstract class CommonObject
dol_syslog(get_class($this)."::insertExtraFields delete then insert", LOG_DEBUG);
$sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".$this->id;
$sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".((int) $this->id);
$this->db->query($sql_del);
$sql = "INSERT INTO ".MAIN_DB_PREFIX.$table_element."_extrafields (fk_object";
@ -9248,7 +9248,7 @@ abstract class CommonObject
// Delete ecm_files extrafields
$sql = "DELETE FROM ".MAIN_DB_PREFIX."ecm_files_extrafields WHERE fk_object IN (";
$sql .= " SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE filename LIKE '".$this->db->escape($this->ref)."%'";
$sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".$conf->entity; // No need of getEntity here
$sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".((int) $conf->entity); // No need of getEntity here
$sql .= ")";
if (!$this->db->query($sql)) {
@ -9260,7 +9260,7 @@ abstract class CommonObject
// Delete ecm_files
$sql = "DELETE FROM ".MAIN_DB_PREFIX."ecm_files";
$sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%'";
$sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".$conf->entity; // No need of getEntity here
$sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".((int) $conf->entity); // No need of getEntity here
if (!$this->db->query($sql)) {
$this->error = $this->db->lasterror();
@ -9272,7 +9272,7 @@ abstract class CommonObject
// Delete in database with mode 1
if ($mode == 1) {
$sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files_extrafields";
$sql .= " WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".$this->id.")";
$sql .= " WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id).")";
$resql = $this->db->query($sql);
if (!$resql) {
$this->error = $this->db->lasterror();

16
htdocs/core/class/discount.class.php
View File

@ -144,7 +144,7 @@ class DiscountAbsolute
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_fourn as fsup ON sr.fk_invoice_supplier_source = fsup.rowid";
$sql .= " WHERE sr.entity IN (".getEntity('invoice').")";
if ($rowid) {
$sql .= " AND sr.rowid=".((int) $rowid);
$sql .= " AND sr.rowid = ".((int) $rowid);
}
if ($fk_facture_source) {
$sql .= " AND sr.fk_facture_source = ".((int) $fk_facture_source);
@ -315,7 +315,7 @@ class DiscountAbsolute
$sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except";
$sql .= " WHERE (fk_invoice_supplier_line IS NOT NULL"; // Not used as absolute simple discount
$sql .= " OR fk_invoice_supplier IS NOT NULL)"; // Not used as credit note and not used as deposit
$sql .= " AND fk_invoice_supplier_source = ".$this->fk_invoice_supplier_source;
$sql .= " AND fk_invoice_supplier_source = ".((int) $this->fk_invoice_supplier_source);
//$sql.=" AND rowid != ".$this->id;
dol_syslog(get_class($this)."::delete Check if we can remove discount", LOG_DEBUG);
@ -355,7 +355,7 @@ class DiscountAbsolute
if ($this->fk_facture_source) {
$sql = "UPDATE ".MAIN_DB_PREFIX."facture";
$sql .= " set paye=0, fk_statut=1";
$sql .= " WHERE (type = 2 or type = 3) AND rowid=".$this->fk_facture_source;
$sql .= " WHERE (type = 2 or type = 3) AND rowid = ".((int) $this->fk_facture_source);
dol_syslog(get_class($this)."::delete Update credit note or deposit invoice statut", LOG_DEBUG);
$result = $this->db->query($sql);
@ -370,7 +370,7 @@ class DiscountAbsolute
} elseif ($this->fk_invoice_supplier_source) {
$sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn";
$sql .= " set paye=0, fk_statut=1";
$sql .= " WHERE (type = 2 or type = 3) AND rowid=".$this->fk_invoice_supplier_source;
$sql .= " WHERE (type = 2 or type = 3) AND rowid = ".((int) $this->fk_invoice_supplier_source);
dol_syslog(get_class($this)."::delete Update credit note or deposit invoice statut", LOG_DEBUG);
$result = $this->db->query($sql);
@ -488,7 +488,7 @@ class DiscountAbsolute
*
* @param Societe $company Object third party for filter
* @param User $user Filtre sur un user auteur des remises
* @param string $filter Filtre autre
* @param string $filter Filter other. Warning: Do not use a user input value here.
* @param int $maxvalue Filter on max value for discount
* @param int $discount_type 0 => customer discount, 1 => supplier discount
* @param int $multicurrency Return multicurrency_amount instead of amount
@ -503,17 +503,17 @@ class DiscountAbsolute
$sql = "SELECT SUM(rc.amount_ttc) as amount, SUM(rc.multicurrency_amount_ttc) as multicurrency_amount";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as rc";
$sql .= " WHERE rc.entity = ".$conf->entity;
$sql .= " AND rc.discount_type=".intval($discount_type);
$sql .= " AND rc.discount_type=".((int) $discount_type);
if (!empty($discount_type)) {
$sql .= " AND (rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_line IS NULL)"; // Available from supplier
} else {
$sql .= " AND (rc.fk_facture IS NULL AND rc.fk_facture_line IS NULL)"; // Available to customer
}
if (is_object($company)) {
$sql .= " AND rc.fk_soc = ".$company->id;
$sql .= " AND rc.fk_soc = ".((int) $company->id);
}
if (is_object($user)) {
$sql .= " AND rc.fk_user = ".$user->id;
$sql .= " AND rc.fk_user = ".((int) $user->id);
}
if ($filter) {
$sql .= ' AND ('.$filter.')';

6
htdocs/core/class/google.class.php
View File

@ -66,10 +66,12 @@ class GoogleAPI
$i = 0;
// Desired address
$urladdress = "https://maps.google.com/maps/geo?q=".urlencode($address)."&output=xml&key=".$this->key;
$urladdress = "https://maps.google.com/maps/geo?q=".urlencode($address)."&output=xml&key=".urlencode($this->key);
// Retrieve the URL contents
$page = file_get_contents($urladdress);
require_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php';
$pagearray = getURLContent($urladdress, 'GET');
$page = $pagearray['content'];
$code = strstr($page, '<coordinates>');
$code = strstr($code, '>');

22
htdocs/core/class/html.form.class.php
View File

@ -1347,13 +1347,13 @@ class Form
}
$sql .= " WHERE s.entity IN (".getEntity('societe').")";
if (!empty($user->socid)) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if ($filter) {
$sql .= " AND (".$filter.")";
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (!empty($conf->global->COMPANY_HIDE_INACTIVE_IN_COMBOBOX)) {
$sql .= " AND s.status <> 0";
@ -1663,7 +1663,7 @@ class Form
}
$sql .= " WHERE sp.entity IN (".getEntity('socpeople').")";
if ($socid > 0 || $socid == -1) {
$sql .= " AND sp.fk_soc=".$socid;
$sql .= " AND sp.fk_soc = ".((int) $socid);
}
if (!empty($conf->global->CONTACT_HIDE_INACTIVE_IN_COMBOBOX)) {
$sql .= " AND sp.statut <> 0";
@ -2445,13 +2445,13 @@ class Form
if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY) || !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) {
$sql .= ", (SELECT pp.rowid FROM ".MAIN_DB_PREFIX."product_price as pp WHERE pp.fk_product = p.rowid";
if ($price_level >= 1 && !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) {
$sql .= " AND price_level=".$price_level;
$sql .= " AND price_level = ".((int) $price_level);
}
$sql .= " ORDER BY date_price";
$sql .= " DESC LIMIT 1) as price_rowid";
$sql .= ", (SELECT pp.price_by_qty FROM ".MAIN_DB_PREFIX."product_price as pp WHERE pp.fk_product = p.rowid"; // price_by_qty is 1 if some prices by qty exists in subtable
if ($price_level >= 1 && !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) {
$sql .= " AND price_level=".$price_level;
$sql .= " AND price_level = ".((int) $price_level);
}
$sql .= " ORDER BY date_price";
$sql .= " DESC LIMIT 1) as price_by_qty";
@ -2471,7 +2471,7 @@ class Form
//Price by customer
if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES) && !empty($socid)) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_customer_price as pcp ON pcp.fk_soc=".$socid." AND pcp.fk_product=p.rowid";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_customer_price as pcp ON pcp.fk_soc=".((int) $socid)." AND pcp.fk_product=p.rowid";
}
// Units
if (!empty($conf->global->PRODUCT_USE_UNITS)) {
@ -3461,7 +3461,7 @@ class Form
$sql .= " WHERE pfp.entity IN (".getEntity('productsupplierprice').")";
$sql .= " AND p.tobuy = 1";
$sql .= " AND s.fournisseur = 1";
$sql .= " AND p.rowid = ".$productid;
$sql .= " AND p.rowid = ".((int) $productid);
$sql .= " ORDER BY s.nom, pfp.ref_fourn DESC";
dol_syslog(get_class($this)."::select_product_fourn_price", LOG_DEBUG);
@ -6794,9 +6794,9 @@ class Form
}
if ($objecttmp->ismultientitymanaged == 1 && !empty($user->socid)) {
if ($objecttmp->element == 'societe') {
$sql .= " AND t.rowid = ".$user->socid;
$sql .= " AND t.rowid = ".((int) $user->socid);
} else {
$sql .= " AND t.fk_soc = ".$user->socid;
$sql .= " AND t.fk_soc = ".((int) $user->socid);
}
}
if ($searchkey != '') {
@ -6804,7 +6804,7 @@ class Form
}
if ($objecttmp->ismultientitymanaged == 'fk_soc@societe') {
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
}
if ($objecttmp->filter) { // Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
@ -8814,7 +8814,7 @@ class Form
$sql .= " AND f.fk_projet = p.rowid AND f.fk_statut=0"; //Brouillons seulement
//if ($projectsListId) $sql.= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")";
//if ($socid == 0) $sql.= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)";
//if ($socid > 0) $sql.= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)";
//if ($socid > 0) $sql.= " AND (p.fk_soc=".((int) $socid)." OR p.fk_soc IS NULL)";
$sql .= " ORDER BY p.ref, f.ref ASC";
$resql = $this->db->query($sql);

2
htdocs/core/class/html.formcontract.class.php
View File

@ -80,7 +80,7 @@ class FormContract
if ($socid > 0) {
// CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY is 'all' or a list of ids separated by coma.
if (empty($conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY)) {
$sql .= " AND (c.fk_soc=".$socid." OR c.fk_soc IS NULL)";
$sql .= " AND (c.fk_soc=".((int) $socid)." OR c.fk_soc IS NULL)";
} elseif ($conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY != 'all') {
$sql .= " AND (c.fk_soc IN (".$this->db->sanitize($socid.", ".$conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY).") ";
$sql .= " OR c.fk_soc IS NULL)";

6
htdocs/core/class/html.formmail.class.php
View File

@ -1276,7 +1276,7 @@ class FormMail extends Form
$sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates';
$sql .= " WHERE (type_template='".$db->escape($type_template)."' OR type_template='all')";
$sql .= " AND entity IN (".getEntity('c_email_templates').")";
$sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // Get all public or private owned
$sql .= " AND (private = 0 OR fk_user = ".((int) $user->id).")"; // Get all public or private owned
if ($active >= 0) {
$sql .= " AND active = ".((int) $active);
}
@ -1399,7 +1399,7 @@ class FormMail extends Form
$sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates';
$sql .= " WHERE type_template='".$this->db->escape($type_template)."'";
$sql .= " AND entity IN (".getEntity('c_email_templates').")";
$sql .= " AND (fk_user is NULL or fk_user = 0 or fk_user = ".$user->id.")";
$sql .= " AND (fk_user is NULL or fk_user = 0 or fk_user = ".((int) $user->id).")";
if (is_object($outputlangs)) {
$sql .= " AND (lang = '".$this->db->escape($outputlangs->defaultlang)."' OR lang IS NULL OR lang = '')";
}
@ -1435,7 +1435,7 @@ class FormMail extends Form
$sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates';
$sql .= " WHERE type_template IN ('".$this->db->escape($type_template)."', 'all')";
$sql .= " AND entity IN (".getEntity('c_email_templates').")";
$sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // See all public templates or templates I own.
$sql .= " AND (private = 0 OR fk_user = ".((int) $user->id).")"; // See all public templates or templates I own.
if ($active >= 0) {
$sql .= " AND active = ".((int) $active);
}

6
htdocs/core/class/html.formother.class.php
View File

@ -494,10 +494,10 @@ class FormOther
}
if (empty($user->rights->user->user->lire)) {
$sql_usr .= " AND u.rowid = ".$user->id;
$sql_usr .= " AND u.rowid = ".((int) $user->id);
}
if (!empty($user->socid)) {
$sql_usr .= " AND u.fk_soc = ".$user->socid;
$sql_usr .= " AND u.fk_soc = ".((int) $user->socid);
}
//Add hook to filter on user (for exemple on usergroup define in custom modules)
@ -521,7 +521,7 @@ class FormOther
$sql_usr .= " WHERE u2.entity IN (".getEntity('user').")";
}
$sql_usr .= " AND u2.rowid = sc.fk_user AND sc.fk_soc=".$user->socid;
$sql_usr .= " AND u2.rowid = sc.fk_user AND sc.fk_soc = ".((int) $user->socid);
//Add hook to filter on user (for exemple on usergroup define in custom modules)
if (!empty($reshook)) {

2
htdocs/core/class/html.formprojet.class.php
View File

@ -350,7 +350,7 @@ class FormProjets
$sql .= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)";
}
if ($socid > 0) {
$sql .= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)";
$sql .= " AND (p.fk_soc=".((int) $socid)." OR p.fk_soc IS NULL)";
}
$sql .= " ORDER BY p.ref, t.ref ASC";

2
htdocs/core/class/notify.class.php
View File

@ -398,7 +398,7 @@ class Notify
$sql .= " WHERE n.fk_user = c.rowid AND a.rowid = n.fk_action";
$sql .= " AND c.statut = 1";
if (is_numeric($notifcode)) {
$sql .= " AND n.fk_action = ".$notifcode; // Old usage
$sql .= " AND n.fk_action = ".((int) $notifcode); // Old usage
} else {
$sql .= " AND a.code = '".$this->db->escape($notifcode)."'"; // New usage
}

21
htdocs/core/class/utils.class.php
View File

@ -593,12 +593,16 @@ class Utils
/**
* Execute a CLI command.
*
* @param string $command Command line to execute.
* @param string $outputfile A path for an output file (used only when method is 2). For example: $conf->admin->dir_temp.'/out.tmp';
* @param int $execmethod 0=Use default method (that is 1 by default), 1=Use the PHP 'exec', 2=Use the 'popen' method
* @return array array('result'=>...,'output'=>...,'error'=>...). result = 0 means OK.
* @param string $command Command line to execute.
* Warning: The command line is sanitize so can't contains any redirection char '>'. Use param $redirectionfile if you need it.
* @param string $outputfile A path for an output file (used only when method is 2). For example: $conf->admin->dir_temp.'/out.tmp';
* @param int $execmethod 0=Use default method (that is 1 by default), 1=Use the PHP 'exec', 2=Use the 'popen' method
* @param string $redirectionfile If defined, a redirection of output to this files is added.
* @param int $noescapecommand 1=Do not escape command. Warning: Using this parameter need you alreay sanitized the command. if not, it will lead to security vulnerability.
* This parameter is provided for backward compatibility with external modules. Always use 0 in core.
* @return array array('result'=>...,'output'=>...,'error'=>...). result = 0 means OK.
*/
public function executeCLI($command, $outputfile, $execmethod = 0)
public function executeCLI($command, $outputfile, $execmethod = 0, $redirectionfile = null, $noescapecommand = 0)
{
global $conf, $langs;
@ -606,7 +610,12 @@ class Utils
$output = '';
$error = '';
$command = escapeshellcmd($command);
if (empty($noescapecommand)) {
$command = escapeshellcmd($command);
}
if ($redirectionfile) {
$command .= " > ".dol_sanitizePathName($redirectionfile);
}
$command .= " 2>&1";
if (!empty($conf->global->MAIN_EXEC_USE_POPEN)) {

4
htdocs/core/lib/agenda.lib.php
View File

@ -168,7 +168,7 @@ function show_array_actions_to_do($max = 5)
$sql .= " WHERE a.entity IN (".getEntity('agenda').")";
$sql .= " AND ((a.percent >= 0 AND a.percent < 100) OR (a.percent = -1 AND a.datep2 > '".$db->idate($now)."'))";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -284,7 +284,7 @@ function show_array_last_actions_done($max = 5)
$sql .= " WHERE a.entity IN (".getEntity('agenda').")";
$sql .= " AND (a.percent >= 100 OR (a.percent = -1 AND a.datep2 <= '".$db->idate($now)."'))";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);

33
htdocs/core/lib/company.lib.php
View File

@ -272,6 +272,19 @@ function societe_prepare_head(Societe $object)
$h++;
}
if (getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR') == 'thirdparty') {
if (!empty($user->rights->partnership->read)) {
$nbPartnership = is_array($object->partnerships) ? count($object->partnerships) : 0;
$head[$h][0] = DOL_URL_ROOT.'/societe/partnership.php?socid='.$object->id;
$head[$h][1] = $langs->trans("Partnership");
$head[$h][2] = 'partnership';
if ($nbPartnership > 0) {
$head[$h][1] .= '<span class="badge marginleftonlyshort">'.$nbPartnership.'</span>';
}
$h++;
}
}
// Show more tabs from modules
// Entries must be declared in modules descriptor with line
// $this->tabs = array('entity:+tabname:Title:@mymodule:/mymodule/mypage.php?id=__ID__'); to add new tab
@ -1072,7 +1085,7 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '')
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople_extrafields as ef on (t.rowid = ef.fk_object)";
$sql .= " WHERE t.fk_soc = ".$object->id;
if ($search_status != '' && $search_status != '-1') {
$sql .= " AND t.statut = ".$db->escape($search_status);
$sql .= " AND t.statut = ".((int) $search_status);
}
if ($search_name) {
$sql .= natural_search(array('t.lastname', 't.firstname'), $search_name);
@ -1476,46 +1489,46 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin
$sql .= " WHERE a.entity IN (".getEntity('agenda').")";
if ($force_filter_contact === false) {
if (is_object($filterobj) && in_array(get_class($filterobj), array('Societe', 'Client', 'Fournisseur')) && $filterobj->id) {
$sql .= " AND a.fk_soc = ".$filterobj->id;
$sql .= " AND a.fk_soc = ".((int) $filterobj->id);
} elseif (is_object($filterobj) && get_class($filterobj) == 'Dolresource') {
/* Nothing */
} elseif (is_object($filterobj) && get_class($filterobj) == 'Project' && $filterobj->id) {
$sql .= " AND a.fk_project = ".$filterobj->id;
$sql .= " AND a.fk_project = ".((int) $filterobj->id);
} elseif (is_object($filterobj) && get_class($filterobj) == 'Adherent') {
$sql .= " AND a.fk_element = m.rowid AND a.elementtype = 'member'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'CommandeFournisseur') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'order_supplier'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'Product') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'product'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'Ticket') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'ticket'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'BOM') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'bom'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'Contrat') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'contract'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && is_array($filterobj->fields) && is_array($filterobj->fields['rowid']) && is_array($filterobj->fields['ref']) && $filterobj->table_element && $filterobj->element) {
// Generic case
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = '".$db->escape($filterobj->element).($module ? '@'.$module : '')."'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
}
}

28
htdocs/core/lib/files.lib.php
View File

@ -1159,10 +1159,11 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable
* @param object $object Current object in use
* @param boolean $allowdotdot Allow to delete file path with .. inside. Never use this, it is reserved for migration purpose.
* @param int $indexdatabase Try to remove also index entries.
* @param int $nolog Disable log file
* @return boolean True if no error (file is deleted or if glob is used and there's nothing to delete), False if error
* @see dol_delete_dir()
*/
function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, $object = null, $allowdotdot = false, $indexdatabase = 1)
function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, $object = null, $allowdotdot = false, $indexdatabase = 1, $nolog = 0)
{
global $db, $conf, $user, $langs;
global $hookmanager;
@ -1170,7 +1171,9 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0,
// Load translation files required by the page
$langs->loadLangs(array('other', 'errors'));
dol_syslog("dol_delete_file file=".$file." disableglob=".$disableglob." nophperrors=".$nophperrors." nohook=".$nohook);
if (empty($nolog)) {
dol_syslog("dol_delete_file file=".$file." disableglob=".$disableglob." nophperrors=".$nophperrors." nohook=".$nohook);
}
// Security:
// We refuse transversal using .. and pipes into filenames.
@ -1226,7 +1229,9 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0,
}
if ($ok) {
dol_syslog("Removed file ".$filename, LOG_DEBUG);
if (empty($nolog)) {
dol_syslog("Removed file ".$filename, LOG_DEBUG);
}
// Delete entry into ecm database
$rel_filetodelete = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $filename);
@ -1264,7 +1269,9 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0,
$ok = unlink($file_osencoded);
}
if ($ok) {
dol_syslog("Removed file ".$file_osencoded, LOG_DEBUG);
if (empty($nolog)) {
dol_syslog("Removed file ".$file_osencoded, LOG_DEBUG);
}
} else {
dol_syslog("Failed to remove file ".$file_osencoded, LOG_WARNING);
}
@ -1304,11 +1311,15 @@ function dol_delete_dir($dir, $nophperrors = 0)
* @param int $nophperrors Disable all PHP output errors
* @param int $onlysub Delete only files and subdir, not main directory
* @param int $countdeleted Counter to count nb of elements found really deleted
* @param int $indexdatabase Try to remove also index entries.
* @param int $nolog Disable log files (too verbose when making recursive directories)
* @return int Number of files and directory we try to remove. NB really removed is returned into var by reference $countdeleted.
*/
function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = 0, &$countdeleted = 0)
function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = 0, &$countdeleted = 0, $indexdatabase = 1, $nolog = 0)
{
dol_syslog("functions.lib:dol_delete_dir_recursive ".$dir, LOG_DEBUG);
if (empty($nolog)) {
dol_syslog("functions.lib:dol_delete_dir_recursive ".$dir, LOG_DEBUG);
}
if (dol_is_dir($dir)) {
$dir_osencoded = dol_osencode($dir);
if ($handle = opendir("$dir_osencoded")) {
@ -1319,9 +1330,9 @@ function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub =
if ($item != "." && $item != "..") {
if (is_dir(dol_osencode("$dir/$item")) && !is_link(dol_osencode("$dir/$item"))) {
$count = dol_delete_dir_recursive("$dir/$item", $count, $nophperrors, 0, $countdeleted);
$count = dol_delete_dir_recursive("$dir/$item", $count, $nophperrors, 0, $countdeleted, $indexdatabase, $nolog);
} else {
$result = dol_delete_file("$dir/$item", 1, $nophperrors);
$result = dol_delete_file("$dir/$item", 1, $nophperrors, 0, null, false, $indexdatabase, $nolog);
$count++;
if ($result) {
$countdeleted++;
@ -1332,6 +1343,7 @@ function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub =
}
closedir($handle);
// Delete also the main directory
if (empty($onlysub)) {
$result = dol_delete_dir($dir, $nophperrors);
$count++;

53
htdocs/core/lib/functions.lib.php
View File

@ -753,9 +753,9 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options =
$out = dol_string_nohtmltag($out, 0);
// Remove also other dangerous string sequences
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals
// '../' or '..\' is dangerous because it allows dir transversals
// Note &#38, '&#0000038', '&#x26'... is a simple char like '&' alone but there is no reason to accept such way to encode input data.
$out = str_ireplace(array('&#38', '&#0000038', '&#x26', '&quot', '&#34', '&#0000034', '&#x22', '"', '&#47', '&#0000047', '&#x2F', '../'), '', $out);
$out = str_ireplace(array('&#38', '&#0000038', '&#x26', '&quot', '&#34', '&#0000034', '&#x22', '"', '&#47', '&#0000047', '&#92', '&#0000092', '&#x2F', '../', '..\\'), '', $out);
} while ($oldstringtoclean != $out);
// keep lines feed
}
@ -768,9 +768,9 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options =
// Remove html tags
$out = dol_html_entity_decode($out, ENT_COMPAT | ENT_HTML5, 'UTF-8');
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals
// '../' or '..\' is dangerous because it allows dir transversals
// Note &#38, '&#0000038', '&#x26'... is a simple char like '&' alone but there is no reason to accept such way to encode input data.
$out = str_ireplace(array('&#38', '&#0000038', '&#x26', '&quot', '&#34', '&#0000034', '&#x22', '"', '&#47', '&#0000047', '&#x2F', '../'), '', $out);
$out = str_ireplace(array('&#38', '&#0000038', '&#x26', '&quot', '&#34', '&#0000034', '&#x22', '"', '&#47', '&#0000047', '&#92', '&#0000092', '&#x2F', '../', '..\\'), '', $out);
} while ($oldstringtoclean != $out);
}
break;
@ -799,11 +799,11 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options =
}
}
// Ckeditor use the numeric entitic for apostrophe so we force it to text entity (all other special chars are correctly
// encoded using text entities). This is a fix for CKeditor.
// Ckeditor use the numeric entitic for apostrophe so we force it to text entity (all other special chars are
// encoded using text entities) so we can then exclude all numeric entities.
$out = preg_replace('/&#39;/i', '&apos;', $out);
// We replace chars from a/A to z/Z encoded with numeric HTML entities with the real char so we won't loose the chars at the next step.
// We replace chars from a/A to z/Z encoded with numeric HTML entities with the real char so we won't loose the chars at the next step (preg_replace).
// No need to use a loop here, this step is not to sanitize (this is done at next step, this is to try to save chars, even if they are
// using a non coventionnel way to be encoded, to not have them sanitized just after)
$out = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', 'realCharForNumericEntities', $out);
@ -818,6 +818,9 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options =
// Warning, the function may add a LF so we are forced to trim to compare with old $out without having always a difference and an infinit loop.
$out = trim(dol_string_onlythesehtmlattributes($out));
}
// Restore entity &apos; into &#39; (restricthtml is for html content so we can use html entity)
$out = preg_replace('/&apos;/i', "&#39;", $out);
} while ($oldstringtoclean != $out);
break;
case 'custom':
@ -1280,19 +1283,18 @@ function dol_escape_json($stringtoescape)
* Returns text escaped for inclusion in HTML alt or title tags, or into values of HTML input fields.
*
* @param string $stringtoescape String to escape
* @param int $keepb 1=Keep b tags and escape them, 0=remove them
* @param int $keepb 1=Keep b tags, 0=remove them completeley
* @param int $keepn 1=Preserve \r\n strings (otherwise, replace them with escaped value). Set to 1 when escaping for a <textarea>.
* @param string $keepmoretags '' or 'common' or list of tags
* @param string $noescapetags '' or 'common' or list of tags to not escape
* @param int $escapeonlyhtmltags 1=Escape only html tags, not the special chars like accents.
* @return string Escaped string
* @see dol_string_nohtmltag(), dol_string_nospecial(), dol_string_unaccent()
*/
function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $keepmoretags = '', $escapeonlyhtmltags = 0)
function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $noescapetags = '', $escapeonlyhtmltags = 0)
{
if ($keepmoretags == 'common') {
$keepmoretags = 'html,body,a,b,em,i,u,ul,li,br,div,img,font,p,span,strong,table,tr,td,th,tbody';
if ($noescapetags == 'common') {
$noescapetags = 'html,body,a,b,em,i,u,ul,li,br,div,img,font,p,span,strong,table,tr,td,th,tbody';
}
// TODO Implement $keepmoretags
// escape quotes and backslashes, newlines, etc.
if ($escapeonlyhtmltags) {
@ -1306,10 +1308,33 @@ function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $keepmoreta
if (!$keepn) {
$tmp = strtr($tmp, array("\r"=>'\\r', "\n"=>'\\n'));
}
if ($escapeonlyhtmltags) {
return htmlspecialchars($tmp, ENT_COMPAT, 'UTF-8');
} else {
return htmlentities($tmp, ENT_COMPAT, 'UTF-8');
// Escape tags to keep
$tmparrayoftags = array();
if ($noescapetags) {
$tmparrayoftags = explode(',', $noescapetags);
}
if (count($tmparrayoftags)) {
foreach ($tmparrayoftags as $tagtoreplace) {
$tmp = str_ireplace('<'.$tagtoreplace.'>', '__BEGINTAGTOREPLACE'.$tagtoreplace.'__', $tmp);
$tmp = str_ireplace('</'.$tagtoreplace.'>', '__ENDTAGTOREPLACE'.$tagtoreplace.'__', $tmp);
}
}
$result = htmlentities($tmp, ENT_COMPAT, 'UTF-8');
if (count($tmparrayoftags)) {
foreach ($tmparrayoftags as $tagtoreplace) {
$result = str_ireplace('__BEGINTAGTOREPLACE'.$tagtoreplace.'__', '<'.$tagtoreplace.'>', $result);
$result = str_ireplace('__ENDTAGTOREPLACE'.$tagtoreplace.'__', '</'.$tagtoreplace.'>', $result);
}
}
return $result;
}
}

Some files were not shown because too many files have changed in this diff Show More