From f073b7023a52e6acec529466567ae593bbed7272 Mon Sep 17 00:00:00 2001 From: atm-quentin Date: Tue, 19 May 2020 09:45:02 +0200 Subject: [PATCH 001/110] FIX missing GetNomURL Hook in warehouse class --- htdocs/product/stock/class/entrepot.class.php | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php index 03ba46a4068..47606388b52 100644 --- a/htdocs/product/stock/class/entrepot.class.php +++ b/htdocs/product/stock/class/entrepot.class.php @@ -692,7 +692,7 @@ class Entrepot extends CommonObject */ public function getNomUrl($withpicto = 0, $option = '', $showfullpath = 0, $notooltip = 0) { - global $conf, $langs; + global $conf, $langs, $hookmanager; $langs->load("stocks"); if (! empty($conf->dol_no_mouse_hover)) $notooltip=1; // Force disable tooltips @@ -731,6 +731,16 @@ class Entrepot extends CommonObject if ($withpicto != 2) $result.= ($showfullpath ? $this->get_full_arbo() : (empty($this->label)?$this->libelle:$this->label)); $result .= $linkend; + global $action; + $hookmanager->initHooks(array('warehousedao')); + $parameters = array('id'=>$this->id, 'getnomurl'=>$result); + $reshook = $hookmanager->executeHooks('getNomUrl', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks + if ($reshook > 0) { + $result = $hookmanager->resPrint; + } else { + $result .= $hookmanager->resPrint; + } + return $result; } From e39774a508433ff096e33b83607e0e20de6d68ba Mon Sep 17 00:00:00 2001 From: atm-quentin Date: Tue, 19 May 2020 10:04:41 +0200 Subject: [PATCH 002/110] add more hook param --- htdocs/product/stock/class/entrepot.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php index 47606388b52..0b259018cfc 100644 --- a/htdocs/product/stock/class/entrepot.class.php +++ b/htdocs/product/stock/class/entrepot.class.php @@ -733,7 +733,7 @@ class Entrepot extends CommonObject global $action; $hookmanager->initHooks(array('warehousedao')); - $parameters = array('id'=>$this->id, 'getnomurl'=>$result); + $parameters = array('id'=>$this->id, 'getnomurl'=>$result, 'withpicto' => $withpicto, 'option' => $option, 'showfullpath' => $showfullpath, 'notooltip'=> $notooltip); $reshook = $hookmanager->executeHooks('getNomUrl', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks if ($reshook > 0) { $result = $hookmanager->resPrint; From f518bafda9e83acba2f42d61312ad234ee0afe33 Mon Sep 17 00:00:00 2001 From: atm-lena Date: Tue, 19 May 2020 15:17:06 +0200 Subject: [PATCH 003/110] 11.0 - Add Hook "SelectWarehouses" --- htdocs/product/class/html.formproduct.class.php | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/htdocs/product/class/html.formproduct.class.php b/htdocs/product/class/html.formproduct.class.php index af78ab5b59d..3f95a5fdaff 100644 --- a/htdocs/product/class/html.formproduct.class.php +++ b/htdocs/product/class/html.formproduct.class.php @@ -237,13 +237,23 @@ class FormProduct */ public function selectWarehouses($selected = '', $htmlname = 'idwarehouse', $filterstatus = '', $empty = 0, $disabled = 0, $fk_product = 0, $empty_label = '', $showstock = 0, $forcecombo = 0, $events = array(), $morecss = 'minwidth200', $exclude = '', $showfullpath = 1, $stockMin = false, $orderBy = 'e.ref') { - global $conf,$langs,$user; + global $conf,$langs,$user, $hookmanager; dol_syslog(get_class($this)."::selectWarehouses $selected, $htmlname, $filterstatus, $empty, $disabled, $fk_product, $empty_label, $showstock, $forcecombo, $morecss", LOG_DEBUG); $out=''; if (empty($conf->global->ENTREPOT_EXTRA_STATUS)) $filterstatus = ''; if (!empty($fk_product)) $this->cache_warehouses = array(); + if(empty($exclude)) $exclude = array(); + + $parameters = array( + 'exclude' =>& $exclude, + 'htmlname' =>& $htmlname + ); + + $reshook = $hookmanager->executeHooks('selectWarehouses', $parameters); + if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); + $this->loadWarehouses($fk_product, '', $filterstatus, true, $exclude, $stockMin, $orderBy); $nbofwarehouses=count($this->cache_warehouses); From 987fb806c67b3931bafcc2aefc069428cde104cb Mon Sep 17 00:00:00 2001 From: atm-lena Date: Tue, 19 May 2020 15:24:53 +0200 Subject: [PATCH 004/110] Exclude array param --- htdocs/product/class/html.formproduct.class.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/htdocs/product/class/html.formproduct.class.php b/htdocs/product/class/html.formproduct.class.php index 3f95a5fdaff..75dbf5d1176 100644 --- a/htdocs/product/class/html.formproduct.class.php +++ b/htdocs/product/class/html.formproduct.class.php @@ -235,7 +235,7 @@ class FormProduct * * @throws Exception */ - public function selectWarehouses($selected = '', $htmlname = 'idwarehouse', $filterstatus = '', $empty = 0, $disabled = 0, $fk_product = 0, $empty_label = '', $showstock = 0, $forcecombo = 0, $events = array(), $morecss = 'minwidth200', $exclude = '', $showfullpath = 1, $stockMin = false, $orderBy = 'e.ref') + public function selectWarehouses($selected = '', $htmlname = 'idwarehouse', $filterstatus = '', $empty = 0, $disabled = 0, $fk_product = 0, $empty_label = '', $showstock = 0, $forcecombo = 0, $events = array(), $morecss = 'minwidth200', $exclude = array(), $showfullpath = 1, $stockMin = false, $orderBy = 'e.ref') { global $conf,$langs,$user, $hookmanager; @@ -244,7 +244,6 @@ class FormProduct $out=''; if (empty($conf->global->ENTREPOT_EXTRA_STATUS)) $filterstatus = ''; if (!empty($fk_product)) $this->cache_warehouses = array(); - if(empty($exclude)) $exclude = array(); $parameters = array( 'exclude' =>& $exclude, From 3f28c9a4610dbfb356efd8a72af19511e05f979f Mon Sep 17 00:00:00 2001 From: atm-lena Date: Tue, 19 May 2020 15:31:37 +0200 Subject: [PATCH 005/110] Add parameters to hook --- htdocs/product/class/html.formproduct.class.php | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/htdocs/product/class/html.formproduct.class.php b/htdocs/product/class/html.formproduct.class.php index 75dbf5d1176..19abade42ae 100644 --- a/htdocs/product/class/html.formproduct.class.php +++ b/htdocs/product/class/html.formproduct.class.php @@ -246,8 +246,21 @@ class FormProduct if (!empty($fk_product)) $this->cache_warehouses = array(); $parameters = array( + 'selected' => & $selected, + 'htmlname' =>& $htmlname, + 'filterstatus' =>& $filterstatus, + 'empty' =>& $empty, + 'disabled ' =>& $disabled, + 'fk_product' =>& $fk_product, + 'empty_label' =>& $empty_label, + 'showstock' =>& $showstock, + 'forcecombo' =>& $forcecombo, + 'events' =>& $events, + 'morecss' =>& $morecss, 'exclude' =>& $exclude, - 'htmlname' =>& $htmlname + 'showfullpath' =>& $showfullpath, + 'stockMin' =>& $stockMin, + 'orderBy' =>& $orderBy ); $reshook = $hookmanager->executeHooks('selectWarehouses', $parameters); From f3582d891ae8d57d905a2ac253b21e5ad01064c7 Mon Sep 17 00:00:00 2001 From: gauthier Date: Tue, 19 May 2020 15:35:37 +0200 Subject: [PATCH 006/110] FIX : We must only rename current bank receipt --- htdocs/compta/bank/releve.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php index a16927bda0b..5ef3fbf0953 100644 --- a/htdocs/compta/bank/releve.php +++ b/htdocs/compta/bank/releve.php @@ -179,7 +179,7 @@ $sqlrequestforbankline = $sql; if ($action == 'confirm_editbankreceipt' && !empty($oldbankreceipt) && !empty($newbankreceipt)) { // TODO Add a test to check newbankreceipt does not exists yet - $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX.'bank SET num_releve = "'.$db->escape($newbankreceipt).'" WHERE num_releve = "'.$db->escape($oldbankreceipt).'"'; + $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX.'bank SET num_releve = "'.$db->escape($newbankreceipt).'" WHERE num_releve = "'.$db->escape($oldbankreceipt).'" AND fk_account = '.$id; $result = $db->query($sqlupdate); if ($result < 0) dol_print_error($db); From e042807b3245c2b1ad3331b1fe7e1122a4fb6fd9 Mon Sep 17 00:00:00 2001 From: atm-lena Date: Tue, 19 May 2020 15:58:16 +0200 Subject: [PATCH 007/110] Add $this to parameters --- htdocs/product/class/html.formproduct.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/class/html.formproduct.class.php b/htdocs/product/class/html.formproduct.class.php index 19abade42ae..8dc86f394a3 100644 --- a/htdocs/product/class/html.formproduct.class.php +++ b/htdocs/product/class/html.formproduct.class.php @@ -263,7 +263,7 @@ class FormProduct 'orderBy' =>& $orderBy ); - $reshook = $hookmanager->executeHooks('selectWarehouses', $parameters); + $reshook = $hookmanager->executeHooks('selectWarehouses', $parameters, $this); if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); $this->loadWarehouses($fk_product, '', $filterstatus, true, $exclude, $stockMin, $orderBy); From bf9756b8c4dab60d712efaf59bfb2e0694bc77e8 Mon Sep 17 00:00:00 2001 From: atm-lena Date: Tue, 19 May 2020 16:05:13 +0200 Subject: [PATCH 008/110] Add Hook "Massstockmove" --- htdocs/product/stock/massstockmove.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/product/stock/massstockmove.php b/htdocs/product/stock/massstockmove.php index 8d98f028d23..7a0472e226d 100644 --- a/htdocs/product/stock/massstockmove.php +++ b/htdocs/product/stock/massstockmove.php @@ -34,6 +34,9 @@ require_once DOL_DOCUMENT_ROOT.'/product/class/html.formproduct.class.php'; // Load translation files required by the page $langs->loadLangs(array('products', 'stocks', 'orders', 'productbatch')); +//init Hook +$hookmanager->initHooks(array('massstockmove')); + // Security check if ($user->socid) { $socid = $user->socid; From 55def0248ce74e462536cdc7ad2b798e2fb1853b Mon Sep 17 00:00:00 2001 From: altairis Date: Wed, 20 May 2020 14:37:35 +0200 Subject: [PATCH 009/110] fix missing rollbacks --- htdocs/fourn/class/fournisseur.commande.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 538af54fe23..092c3df8dc2 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -1815,7 +1815,6 @@ class CommandeFournisseur extends CommonOrder if ($result < 0) { $error++; - return -1; } // End call triggers } @@ -1923,6 +1922,7 @@ class CommandeFournisseur extends CommonOrder { $this->errors[]='ErrorWhenRunningTrigger'; dol_syslog(get_class($this)."::delete ".$this->error, LOG_ERR); + $this->db->rollback(); return -1; } // End call triggers From f89195e39fe015adc14bdcd9aa61414fd75babf4 Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Thu, 21 May 2020 23:23:59 +0200 Subject: [PATCH 010/110] Fix SQL IF for PGSQL --- htdocs/margin/tabs/productMargins.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/margin/tabs/productMargins.php b/htdocs/margin/tabs/productMargins.php index 57eef531342..4551557e95a 100644 --- a/htdocs/margin/tabs/productMargins.php +++ b/htdocs/margin/tabs/productMargins.php @@ -136,9 +136,9 @@ if ($id > 0 || ! empty($ref)) $sql.= " f.datef, f.paye, f.fk_statut as statut, f.type,"; if (!$user->rights->societe->client->voir && !$socid) $sql.= " sc.fk_soc, sc.fk_user,"; $sql.= " sum(d.total_ht) as selling_price,"; // may be negative or positive - $sql.= " IF(f.type = 2, -1, 1) * sum(d.qty) as qty,"; // not always positive in case of Credit note - $sql.= " IF(f.type = 2, -1, 1) * sum(d.qty * d.buy_price_ht) as buying_price,"; // not always positive in case of Credit note - $sql.= " IF(f.type = 2, -1, 1) * sum(abs(d.total_ht) - (d.buy_price_ht * d.qty)) as marge" ; // not always positive in case of Credit note + $sql.= " ".$db->ifsql('f.type = 2', -1, 1)." * sum(d.qty) as qty,"; // not always positive in case of Credit note + $sql.= " ".$db->ifsql('f.type = 2', -1, 1)." * sum(d.qty * d.buy_price_ht) as buying_price,"; // not always positive in case of Credit note + $sql.= " ".$db->ifsql('f.type = 2', -1, 1)." * sum(abs(d.total_ht) - (d.buy_price_ht * d.qty)) as marge" ; // not always positive in case of Credit note $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql.= ", ".MAIN_DB_PREFIX."facture as f"; $sql.= ", ".MAIN_DB_PREFIX."facturedet as d"; From 6434f255c32d444c744bb5fba96f547d85e73f0c Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Fri, 22 May 2020 00:32:55 +0200 Subject: [PATCH 011/110] Fix load_state_board doesn't take parameters --- htdocs/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/index.php b/htdocs/index.php index 5eee02efa1e..944701fe0d1 100644 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -324,7 +324,7 @@ if (empty($user->societe_id)) include_once $includes[$key]; // Loading a class cost around 1Mb $board=new $classe($db); - $board->load_state_board($user); + $board->load_state_board(); $boardloaded[$classe]=$board; } else From fb0f31c142cad7df1da3fc85190aab10c274e14d Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Fri, 22 May 2020 00:33:30 +0200 Subject: [PATCH 012/110] Fix board filters for expense report and holiday --- .../class/expensereport.class.php | 20 +++++++++++++------ htdocs/holiday/class/holiday.class.php | 18 +++++++++++++---- 2 files changed, 28 insertions(+), 10 deletions(-) diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index 2dddac4dbab..bb543642733 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -970,7 +970,7 @@ class ExpenseReport extends CommonObject { // phpcs:enable global $conf; - + $this->lines=array(); $sql = ' SELECT de.rowid, de.comments, de.qty, de.value_unit, de.date, de.rang,'; @@ -2274,7 +2274,7 @@ class ExpenseReport extends CommonObject public function load_state_board() { // phpcs:enable - global $conf; + global $conf, $user; $this->nb=array(); @@ -2282,6 +2282,12 @@ class ExpenseReport extends CommonObject $sql.= " FROM ".MAIN_DB_PREFIX."expensereport as ex"; $sql.= " WHERE ex.fk_statut > 0"; $sql.= " AND ex.entity IN (".getEntity('expensereport').")"; + if(!$user->rights->expensereport->readall) + { + $userchildids = $user->getAllChildIds(1); + $sql.= " AND (ex.fk_user_author IN (".join(',', $userchildids).")"; + $sql.= " OR ex.fk_user_validator IN (".join(',', $userchildids)."))"; + } $resql=$this->db->query($sql); if ($resql) { @@ -2316,15 +2322,17 @@ class ExpenseReport extends CommonObject $now=dol_now(); - $userchildids = $user->getAllChildIds(1); - $sql = "SELECT ex.rowid, ex.date_valid"; $sql.= " FROM ".MAIN_DB_PREFIX."expensereport as ex"; if ($option == 'toapprove') $sql.= " WHERE ex.fk_statut = 2"; else $sql.= " WHERE ex.fk_statut = 5"; $sql.= " AND ex.entity IN (".getEntity('expensereport').")"; - $sql.= " AND (ex.fk_user_author IN (".join(',', $userchildids).")"; - $sql.= " OR ex.fk_user_validator IN (".join(',', $userchildids)."))"; + if(!$user->rights->expensereport->readall) + { + $userchildids = $user->getAllChildIds(1); + $sql.= " AND (ex.fk_user_author IN (".join(',', $userchildids).")"; + $sql.= " OR ex.fk_user_validator IN (".join(',', $userchildids)."))"; + } $resql=$this->db->query($sql); if ($resql) diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index 25f1d9675bb..1d818d33c1f 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -2182,12 +2182,20 @@ class Holiday extends CommonObject public function load_state_board() { // phpcs:enable + global $user; + $this->nb=array(); $sql = "SELECT count(h.rowid) as nb"; $sql.= " FROM ".MAIN_DB_PREFIX."holiday as h"; $sql.= " WHERE h.statut > 1"; $sql.= " AND h.entity IN (".getEntity('holiday').")"; + if(!$user->rights->expensereport->read_all) + { + $userchildids = $user->getAllChildIds(1); + $sql.= " AND (h.fk_user IN (".join(',', $userchildids).")"; + $sql.= " OR h.fk_validator IN (".join(',', $userchildids)."))"; + } $resql=$this->db->query($sql); if ($resql) { @@ -2221,14 +2229,16 @@ class Holiday extends CommonObject $now=dol_now(); - $userchildids = $user->getAllChildIds(1); - $sql = "SELECT h.rowid, h.date_debut"; $sql.= " FROM ".MAIN_DB_PREFIX."holiday as h"; $sql.= " WHERE h.statut = 2"; $sql.= " AND h.entity IN (".getEntity('holiday').")"; - $sql.= " AND (h.fk_user IN (".join(',', $userchildids).")"; - $sql.= " OR h.fk_validator IN (".join(',', $userchildids)."))"; + if(!$user->rights->expensereport->read_all) + { + $userchildids = $user->getAllChildIds(1); + $sql.= " AND (h.fk_user IN (".join(',', $userchildids).")"; + $sql.= " OR h.fk_validator IN (".join(',', $userchildids)."))"; + } $resql=$this->db->query($sql); if ($resql) From 2595f571c74ef424add3c3ca687b769f90df3cb0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 25 May 2020 00:21:09 +0200 Subject: [PATCH 013/110] Fix exclude credit note when searching situation invoice to use for next --- htdocs/core/class/html.form.class.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index acbd15712e5..ec7bfeab7c4 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -3582,10 +3582,11 @@ class Form $opt = ''; $sql = 'SELECT rowid, ref, situation_cycle_ref, situation_counter, situation_final, fk_soc'; - $sql.= ' FROM ' . MAIN_DB_PREFIX . 'facture'; - $sql.= ' WHERE entity IN ('.getEntity('invoice').')'; - $sql.= ' AND situation_counter>=1'; - $sql.= ' ORDER by situation_cycle_ref, situation_counter desc'; + $sql .= ' FROM ' . MAIN_DB_PREFIX . 'facture'; + $sql .= ' WHERE entity IN ('.getEntity('invoice').')'; + $sql .= ' AND situation_counter>=1'; + $sql .= ' AND type <> 2'; + $sql .= ' ORDER by situation_cycle_ref, situation_counter desc'; $resql = $this->db->query($sql); if ($resql && $this->db->num_rows($resql) > 0) { // Last seen cycle From 7ada0de6549ff6d110c72626da33179c59742961 Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Tue, 26 May 2020 21:27:46 +0200 Subject: [PATCH 014/110] FIX : #13968 --- htdocs/societe/class/societe.class.php | 40 ++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 9cc36dbb7b4..cffae4011c0 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -105,6 +105,13 @@ class Societe extends CommonObject "actioncomm", ); + /** + * Build as [parentChildTable]=>[childTable]=>array(parentChildTable.PrimaryKey,childTable.ForeignKey,WhereClause) + * Define into Contrcutor because of MAIN_DB_PREFIX cannot be use here + * @var array List of Parent's child's child tables. To know object to delete on cascade. + */ + protected $parentchildchildtablesoncascade = array(); + /** * @var string String with name of icon for myobject. Must be the part after the 'object_' into object_myobject.png */ @@ -653,6 +660,22 @@ class Societe extends CommonObject $this->forme_juridique_code = 0; $this->tva_assuj = 1; $this->status = 1; + + $this->parentchildchildtablesoncascade = array( + 'socpeople'=> + array( + MAIN_DB_PREFIX.'socpeople_extrafields' => + array(MAIN_DB_PREFIX.'socpeople.rowid',MAIN_DB_PREFIX.'socpeople_extrafields.fk_object',''), + MAIN_DB_PREFIX.'element_contact' => + array(MAIN_DB_PREFIX.'socpeople.rowid', + MAIN_DB_PREFIX.'element_contact.fk_socpeople', + MAIN_DB_PREFIX.'element_contact.fk_c_type_contact IN (SELECT ct.rowid FROM '.MAIN_DB_PREFIX.'c_type_contact as ct WHERE ct.source=\'external\')'), + MAIN_DB_PREFIX.'societe_contacts' => + array(MAIN_DB_PREFIX.'socpeople.rowid', + MAIN_DB_PREFIX.'societe_contacts.fk_socpeople', + MAIN_DB_PREFIX.'societe_contacts.fk_c_type_contact IN (SELECT ct.rowid FROM '.MAIN_DB_PREFIX.'c_type_contact as ct WHERE ct.source=\'external\')'), + ) + ); } @@ -1673,6 +1696,22 @@ class Societe extends CommonObject foreach ($this->childtablesoncascade as $tabletodelete) { + if (!$error && array_key_exists($tabletodelete, $this->parentchildchildtablesoncascade)) + { + if (count($this->parentchildchildtablesoncascade[$tabletodelete])>0){ + foreach($this->parentchildchildtablesoncascade[$tabletodelete] as $childtabletodelete=>$dataToDelette) { + $sql = "DELETE FROM ". $childtabletodelete; + $sql .= " WHERE ".$dataToDelette[1]." IN (SELECT ".$dataToDelette[0]." FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE fk_soc = " . $id.")"; + if (!empty($dataToDelette[3])) { + $sql .= " AND ".$dataToDelette[3]; + } + if (!$this->db->query($sql)) { + $error++; + $this->errors[] = $this->db->lasterror(); + } + } + } + } if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete; @@ -1683,6 +1722,7 @@ class Societe extends CommonObject $this->errors[] = $this->db->lasterror(); } } + } // Removed extrafields From e5edc06f3d3379c90947ff2664e6d90fa5a4fc5d Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Tue, 26 May 2020 21:29:47 +0200 Subject: [PATCH 015/110] spelling --- htdocs/societe/class/societe.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index cffae4011c0..f1a32f1ff2f 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -107,7 +107,7 @@ class Societe extends CommonObject /** * Build as [parentChildTable]=>[childTable]=>array(parentChildTable.PrimaryKey,childTable.ForeignKey,WhereClause) - * Define into Contrcutor because of MAIN_DB_PREFIX cannot be use here + * Define into Contructor because of MAIN_DB_PREFIX cannot be use here * @var array List of Parent's child's child tables. To know object to delete on cascade. */ protected $parentchildchildtablesoncascade = array(); From ceb0a5b0b5910ded71384bc34663a6cc4f256980 Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Tue, 26 May 2020 21:32:18 +0200 Subject: [PATCH 016/110] space --- htdocs/societe/class/societe.class.php | 1 - 1 file changed, 1 deletion(-) diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index f1a32f1ff2f..abf818f2fe0 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -1722,7 +1722,6 @@ class Societe extends CommonObject $this->errors[] = $this->db->lasterror(); } } - } // Removed extrafields From e02aa4e41b3a5c74fc0e5d60699bae5354e51229 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 26 May 2020 23:22:14 +0200 Subject: [PATCH 017/110] FIX Default bank account was not loaded for document generation. --- htdocs/core/class/commondocgenerator.class.php | 4 ++-- htdocs/societe/class/societe.class.php | 17 +++++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/htdocs/core/class/commondocgenerator.class.php b/htdocs/core/class/commondocgenerator.class.php index 56910b43e4a..4a8e097fd6d 100644 --- a/htdocs/core/class/commondocgenerator.class.php +++ b/htdocs/core/class/commondocgenerator.class.php @@ -212,8 +212,8 @@ abstract class CommonDocGenerator 'company_idprof6'=>$object->idprof6, 'company_note_public'=>$object->note_public, 'company_note_private'=>$object->note_private, - 'company_default_bank_iban'=>$object->bank_account->iban, - 'company_default_bank_bic'=>$object->bank_account->bic + 'company_default_bank_iban'=>(is_object($object->bank_account) ? $object->bank_account->iban : ''), + 'company_default_bank_bic'=>(is_object($object->bank_account) ? $object->bank_account->bic : '') ); // Retrieve extrafields diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 9cc36dbb7b4..67bdbf5142c 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -636,6 +636,12 @@ class Societe extends CommonObject */ public $multicurrency_code; + /** + * @var Account Default BAN account + */ + public $bank_account; + + /** * Constructor * @@ -4155,6 +4161,17 @@ class Societe extends CommonObject } } + if (! isset($this->bank_account)) { + require_once DOL_DOCUMENT_ROOT.'/societe/class/companybankaccount.class.php'; + $bac = new CompanyBankAccount($this->db); + $result = $bac->fetch(0, $this->id); + if ($result > 0) { + $this->bank_account = $bac; + } else { + $this->bank_account = ''; + } + } + $modelpath = "core/modules/societe/doc/"; $result = $this->commonGenerateDocument($modelpath, $modele, $outputlangs, $hidedetails, $hidedesc, $hideref, $moreparams); From 954c29786e7102c7cf3bf771e42d00d5eb81933d Mon Sep 17 00:00:00 2001 From: Florian Mortgat Date: Wed, 27 May 2020 12:15:42 +0200 Subject: [PATCH 018/110] FIX 10.0 - pagination in prelevement/bons.php --- htdocs/compta/prelevement/bons.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/htdocs/compta/prelevement/bons.php b/htdocs/compta/prelevement/bons.php index 27654de1ad0..b5610b81f68 100644 --- a/htdocs/compta/prelevement/bons.php +++ b/htdocs/compta/prelevement/bons.php @@ -36,7 +36,10 @@ $socid = GETPOST('socid', 'int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'prelevement', '', '', 'bons'); +$urladd = ''; $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; +if ($limit != $conf->liste_limit) $urladd .= '&limit=' . $limit; + $sortfield = GETPOST('sortfield', 'alpha'); $sortorder = GETPOST('sortorder', 'alpha'); $page = GETPOST('page', 'int'); @@ -102,7 +105,7 @@ if ($result) $num = $db->num_rows($result); $i = 0; - $urladd= "&statut=".$statut; + $urladd .= "&statut=" . $statut; $selectedfields=''; From a207365bd2f3373405e04ebd292b29529d3b4217 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 27 May 2020 13:12:18 +0200 Subject: [PATCH 019/110] FIX XSS using the renaming of .noexe files - reported by Nolan. --- htdocs/core/class/html.formfile.class.php | 3 +- htdocs/core/lib/files.lib.php | 27 +++++++++-------- htdocs/core/tpl/filemanager.tpl.php | 4 +-- htdocs/ecm/class/ecmfiles.class.php | 36 ++++++++++++----------- htdocs/ecm/file_card.php | 26 ++++++++++++---- htdocs/ecm/index.php | 6 ++-- htdocs/langs/en_US/errors.lang | 1 + 7 files changed, 63 insertions(+), 40 deletions(-) diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index ec9dff5f1a3..97a4bdf1948 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -1269,7 +1269,8 @@ class FormFile } else { - print dol_trunc($file['name'], 200); + $filenametoshow = preg_replace('/\.noexe$/', '', $file['name']); + print dol_trunc($filenametoshow, 200); print ''; } // Preview link diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 41d7bf1b294..6614b22e5ed 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -870,7 +870,7 @@ function dol_move($srcfile, $destfile, $newmask = 0, $overwriteifexists = 1, $te { $rel_filetorenamebefore = preg_replace('/^[\\/]/', '', $rel_filetorenamebefore); $rel_filetorenameafter = preg_replace('/^[\\/]/', '', $rel_filetorenameafter); - //var_dump($rel_filetorenamebefore.' - '.$rel_filetorenameafter); + //var_dump($rel_filetorenamebefore.' - '.$rel_filetorenameafter);exit; dol_syslog("Try to rename also entries in database for full relative path before = ".$rel_filetorenamebefore." after = ".$rel_filetorenameafter, LOG_DEBUG); include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php'; @@ -893,6 +893,7 @@ function dol_move($srcfile, $destfile, $newmask = 0, $overwriteifexists = 1, $te $ecmfile->filepath = $rel_dir; $ecmfile->filename = $filename; + $resultecm = $ecmfile->update($user); } elseif ($resultecm == 0) // If no entry were found for src files, create/update target file @@ -995,7 +996,7 @@ function dolCheckVirus($src_file) * @param integer $uploaderrorcode Value of PHP upload error code ($_FILES['field']['error']) * @param int $nohook Disable all hooks * @param string $varfiles _FILES var name - * @return int|string >0 if OK, <0 or string if KO + * @return int|string 1 if OK, 2 if OK and .noexe appended, <0 or string if KO * @see dol_move() */ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disablevirusscan = 0, $uploaderrorcode = 0, $nohook = 0, $varfiles = 'addedfile') @@ -1005,6 +1006,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable $reshook = 0; $file_name = $dest_file; + $successcode = 1; if (empty($nohook)) { @@ -1055,6 +1057,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable if (isAFileWithExecutableContent($dest_file) && empty($conf->global->MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED)) { $file_name .= '.noexe'; + $successcode = 2; } // Security: @@ -1109,7 +1112,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable { if (!empty($conf->global->MAIN_UMASK)) @chmod($file_name_osencoded, octdec($conf->global->MAIN_UMASK)); dol_syslog("Files.lib::dol_move_uploaded_file Success to move ".$src_file." to ".$file_name." - Umask=".$conf->global->MAIN_UMASK, LOG_DEBUG); - return 1; // Success + return $successcode; // Success } else { @@ -1118,7 +1121,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable } } - return 1; // Success + return $successcode; // Success } /** @@ -1173,8 +1176,6 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, } else { - $error = 0; - //print "x".$file." ".$disableglob;exit; $file_osencoded = dol_osencode($file); // New filename encoded in OS filesystem encoding charset if (empty($disableglob) && !empty($file_osencoded)) @@ -1197,10 +1198,11 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, $rel_filetodelete = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $filename); if (!preg_match('/(\/temp\/|\/thumbs\/|\.meta$)/', $rel_filetodelete)) // If not a tmp file { - $rel_filetodelete = preg_replace('/^[\\/]/', '', $rel_filetodelete); - if (is_object($db) && $indexdatabase) // $db may not be defined when lib is in a context with define('NOREQUIREDB',1) { + $rel_filetodelete = preg_replace('/^[\\/]/', '', $rel_filetodelete); + $rel_filetodelete = preg_replace('/\.noexe$/', '', $rel_filetodelete); + dol_syslog("Try to remove also entries in database for full relative path = ".$rel_filetodelete, LOG_DEBUG); include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php'; $ecmfile = new EcmFiles($db); @@ -1564,6 +1566,7 @@ function dol_add_file_process($upload_dir, $allowoverwrite = 0, $donotupdatesess $destfile = dol_string_nohtmltag($destfile); $destfull = dol_string_nohtmltag($destfull); + // Move file from temp directory to final directory. A .noexe may also be appended on file name. $resupload = dol_move_uploaded_file($TFile['tmp_name'][$i], $destfull, $allowoverwrite, 0, $TFile['error'][$i], 0, $varfiles); if (is_numeric($resupload) && $resupload > 0) // $resupload can be 'ErrorFileAlreadyExists' @@ -1600,10 +1603,10 @@ function dol_add_file_process($upload_dir, $allowoverwrite = 0, $donotupdatesess // Update table of files if ($donotupdatesession == 1) { - $result = addFileIntoDatabaseIndex($upload_dir, basename($destfile), $TFile['name'][$i], 'uploaded', 0); + $result = addFileIntoDatabaseIndex($upload_dir, basename($destfile).($resupload == 2 ? '.noexe' : ''), $TFile['name'][$i], 'uploaded', 0); if ($result < 0) { - setEventMessages('FailedToAddFileIntoDatabaseIndex', '', 'warnings'); + setEventMessages('WarningFailedToAddFileIntoDatabaseIndex', '', 'warnings'); } } @@ -1714,7 +1717,7 @@ function dol_remove_file_process($filenb, $donotupdatesession = 0, $donotdeletef * See also commonGenerateDocument that also add/update database index when a file is generated. * * @param string $dir Directory name (full real path without ending /) - * @param string $file File name + * @param string $file File name (May end with '.noexe') * @param string $fullpathorig Full path of origin for file (can be '') * @param string $mode How file was created ('uploaded', 'generated', ...) * @param int $setsharekey Set also the share key @@ -1730,7 +1733,7 @@ function addFileIntoDatabaseIndex($dir, $file, $fullpathorig = '', $mode = 'uplo if (!preg_match('/[\\/]temp[\\/]|[\\/]thumbs|\.meta$/', $rel_dir)) // If not a tmp dir { - $filename = basename($file); + $filename = basename(preg_replace('/\.noexe$/', '', $file)); $rel_dir = preg_replace('/[\\/]$/', '', $rel_dir); $rel_dir = preg_replace('/^[\\/]/', '', $rel_dir); diff --git a/htdocs/core/tpl/filemanager.tpl.php b/htdocs/core/tpl/filemanager.tpl.php index 3a3395432de..f95286bbcfc 100644 --- a/htdocs/core/tpl/filemanager.tpl.php +++ b/htdocs/core/tpl/filemanager.tpl.php @@ -178,7 +178,7 @@ if (empty($action) || $action == 'editfile' || $action == 'file_manager' || preg print ''; } - else // Show filtree when ajax is disabled (rare) + else // Show file tree when ajax is disabled (rare) { print ''; @@ -212,7 +212,7 @@ if (empty($action) || $action == 'editfile' || $action == 'file_manager' || preg
entity = trim($this->entity); } if (isset($this->filename)) { - $this->filename = trim($this->filename); + $this->filename = preg_replace('/\.noexe$/', '', trim($this->filename)); } if (isset($this->filepath)) { $this->filepath = trim($this->filepath); @@ -346,12 +346,13 @@ class EcmFiles extends CommonObject $sql .= " t.src_object_id"; $sql .= ' FROM ' . MAIN_DB_PREFIX . $this->table_element . ' as t'; $sql.= ' WHERE 1 = 1'; - /* Fetching this table depends on filepath+filename, it must not depends on entity + /* Fetching this table depends on filepath+filename, it must not depends on entity because filesystem on disk does not know what is Dolibarr entities if (! empty($conf->multicompany->enabled)) { $sql .= " AND entity IN (" . getEntity('ecmfiles') . ")"; }*/ if ($relativepath) { - $sql .= " AND t.filepath = '" . $this->db->escape(dirname($relativepath)) . "' AND t.filename = '".$this->db->escape(basename($relativepath))."'"; + $relativepathwithnoexe = preg_replace('/\.noexe$/', '', $relativepath); // We must never have the .noexe into the database + $sql .= " AND t.filepath = '" . $this->db->escape(dirname($relativepath)) . "' AND t.filename = '".$this->db->escape(basename($relativepathwithnoexe))."'"; $sql .= " AND t.entity = ".$conf->entity; // unique key include the entity so each company has its own index } elseif (! empty($ref)) { // hash of file path @@ -552,46 +553,47 @@ class EcmFiles extends CommonObject // Clean parameters if (isset($this->ref)) { - $this->ref = trim($this->ref); + $this->ref = trim($this->ref); } if (isset($this->label)) { - $this->label = trim($this->label); + $this->label = trim($this->label); } if (isset($this->share)) { - $this->share = trim($this->share); + $this->share = trim($this->share); } if (isset($this->entity)) { - $this->entity = trim($this->entity); + $this->entity = trim($this->entity); } if (isset($this->filename)) { - $this->filename = trim($this->filename); + $this->filename = preg_replace('/\.noexe$/', '', trim($this->filename)); } if (isset($this->filepath)) { - $this->filepath = trim($this->filepath); + $this->filepath = trim($this->filepath); + $this->filepath = preg_replace('/[\\/]+$/', '', $this->filepath); // Remove last / } if (isset($this->fullpath_orig)) { - $this->fullpath_orig = trim($this->fullpath_orig); + $this->fullpath_orig = trim($this->fullpath_orig); } if (isset($this->description)) { - $this->description = trim($this->description); + $this->description = trim($this->description); } if (isset($this->keywords)) { - $this->keywords = trim($this->keywords); + $this->keywords = trim($this->keywords); } if (isset($this->cover)) { - $this->cover = trim($this->cover); + $this->cover = trim($this->cover); } if (isset($this->gen_or_uploaded)) { - $this->gen_or_uploaded = trim($this->gen_or_uploaded); + $this->gen_or_uploaded = trim($this->gen_or_uploaded); } if (isset($this->extraparams)) { - $this->extraparams = trim($this->extraparams); + $this->extraparams = trim($this->extraparams); } if (isset($this->fk_user_m)) { - $this->fk_user_m = trim($this->fk_user_m); + $this->fk_user_m = trim($this->fk_user_m); } if (isset($this->acl)) { - $this->acl = trim($this->acl); + $this->acl = trim($this->acl); } if (isset($this->src_object_type)) { $this->src_object_type = trim($this->src_object_type); diff --git a/htdocs/ecm/file_card.php b/htdocs/ecm/file_card.php index 3664a2e7f28..e1796068370 100644 --- a/htdocs/ecm/file_card.php +++ b/htdocs/ecm/file_card.php @@ -139,6 +139,12 @@ if ($action == 'update') $oldfile = $olddir.$oldlabel; $newfile = $newdir.$newlabel; + $newfileformove = $newfile; + // If old file end with .noexe, new file must also end with .noexe + if (preg_match('/\.noexe$/', $oldfile) && ! preg_match('/\.noexe$/', $newfileformove)) { + $newfileformove .= '.noexe'; + } + //var_dump($oldfile);var_dump($newfile);exit; // Now we update index of file $db->begin(); @@ -146,7 +152,7 @@ if ($action == 'update') //print $oldfile.' - '.$newfile; if ($newlabel != $oldlabel) { - $result = dol_move($oldfile, $newfile); // This include update of database + $result = dol_move($oldfile, $newfileformove); // This include update of database if (!$result) { $langs->load('errors'); @@ -190,7 +196,7 @@ if ($action == 'update') $object->entity = $conf->entity; $object->filepath = preg_replace('/[\\/]+$/', '', $newdirrelativetodocument); $object->filename = $newlabel; - $object->label = md5_file(dol_osencode($newfile)); // hash of file content + $object->label = md5_file(dol_osencode($newfileformove)); // hash of file content $object->fullpath_orig = ''; $object->gen_or_uploaded = 'unknown'; $object->description = ''; // indexed content @@ -208,6 +214,11 @@ if ($action == 'update') $db->commit(); $urlfile = $newlabel; + // If old file end with .noexe, new file must also end with .noexe + if (preg_match('/\.noexe$/', $newfileformove)) { + $urlfile .= '.noexe'; + } + header('Location: '.$_SERVER["PHP_SELF"].'?urlfile='.urlencode($urlfile).'§ion='.urlencode($section)); exit; } @@ -264,9 +275,13 @@ while ($tmpecmdir && $result > 0) $i++; } +$urlfiletoshow = preg_replace('/\.noexe$/', '', $urlfile); + $s = img_picto('', 'object_dir').' '.$langs->trans("ECMRoot").' -> '.$s.' -> '; -if ($action == 'edit') $s .= ''; -else $s .= $urlfile; +if ($action == 'edit') $s .= ''; +else $s .= $urlfiletoshow; + +$morehtml = ''; $object->ref = ''; // Force to hide ref dol_banner_tab($object, '', $morehtml, 0, '', '', $s); @@ -289,10 +304,9 @@ print dol_print_size($totalsize); print ''; */ +// Hash of file content print ''.$langs->trans("HashOfFileContent").''; $object = new EcmFiles($db); -//$filenametosearch=basename($filepath); -//$filedirtosearch=basedir($filepath); $object->fetch(0, '', $filepathtodocument); if (!empty($object->label)) { diff --git a/htdocs/ecm/index.php b/htdocs/ecm/index.php index e51efb01aaa..852d148e258 100644 --- a/htdocs/ecm/index.php +++ b/htdocs/ecm/index.php @@ -124,15 +124,17 @@ if ($action == 'confirm_deletefile') if (GETPOST('confirm') == 'yes') { // GETPOST('urlfile','alpha') is full relative URL from ecm root dir. Contains path of all sections. - //var_dump(GETPOST('urlfile'));exit; $upload_dir = $conf->ecm->dir_output.($relativepath?'/'.$relativepath:''); $file = $upload_dir . "/" . GETPOST('urlfile', 'alpha'); + //var_dump($file);exit; $ret=dol_delete_file($file); // This include also the delete from file index in database. if ($ret) { - setEventMessages($langs->trans("FileWasRemoved", GETPOST('urlfile', 'alpha')), null, 'mesgs'); + $urlfiletoshow = GETPOST('urlfile', 'alpha'); + $urlfiletoshow = preg_replace('/\.noexe$/', '', $urlfiletoshow); + setEventMessages($langs->trans("FileWasRemoved", $urlfiletoshow), null, 'mesgs'); $result=$ecmdir->changeNbOfFiles('-'); } else diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index c5b61e50ed6..d145e75bad6 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -255,3 +255,4 @@ WarningNumberOfRecipientIsRestrictedInMassAction=Warning, number of different re WarningDateOfLineMustBeInExpenseReportRange=Warning, the date of line is not in the range of the expense report WarningProjectClosed=Project is closed. You must re-open it first. WarningSomeBankTransactionByChequeWereRemovedAfter=Some bank transaction were removed after that the receipt including them were generated. So nb of cheques and total of receipt may differ from number and total in list. +WarningFailedToAddFileIntoDatabaseIndex=Warnin, failed to add file entry into ECM database index table \ No newline at end of file From d491f2cf541a375ec0077893874d9b4087fb8dfb Mon Sep 17 00:00:00 2001 From: Florian Mortgat Date: Wed, 27 May 2020 18:27:10 +0200 Subject: [PATCH 020/110] [pgsql] type of llx_adherent_type.subscription is VARCHAR(3) so quotes are mandatory --- htdocs/adherents/class/adherent.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 04c5baa642a..eeede7b3810 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -2282,7 +2282,7 @@ class Adherent extends CommonObject $sql.= " WHERE a.fk_adherent_type = t.rowid"; $sql.= " AND a.statut = 1"; $sql.= " AND a.entity IN (".getEntity('adherent').")"; - $sql.= " AND ((a.datefin IS NULL or a.datefin < '".$this->db->idate($now)."') AND t.subscription = 1)"; + $sql.= " AND ((a.datefin IS NULL or a.datefin < '".$this->db->idate($now)."') AND t.subscription = '1')"; $resql=$this->db->query($sql); if ($resql) From edc6abcea83da1430ae8031f70280bba6d9b004f Mon Sep 17 00:00:00 2001 From: atm-lena Date: Thu, 28 May 2020 15:19:37 +0200 Subject: [PATCH 021/110] FIX Rounding Total TVA in "crabe" model pdf --- htdocs/core/modules/facture/doc/pdf_crabe.modules.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php index bfa15ebd4b1..c302c2174bf 100644 --- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php @@ -1275,7 +1275,7 @@ class pdf_crabe extends ModelePDFFactures $pdf->MultiCell($col2x - $col1x, $tab2_hl, $totalvat, 0, 'L', 1); $pdf->SetXY($col2x, $tab2_top + $tab2_hl * $index); - $pdf->MultiCell($largcol2, $tab2_hl, price($tvaval, 0, $outputlangs), 0, 'R', 1); + $pdf->MultiCell($largcol2, $tab2_hl, price($tvaval, 0, $outputlangs, '', '', ($conf->global->MAIN_MAX_DECIMALS_TOT ? $conf->global->MAIN_MAX_DECIMALS_TOT : 0)), 0, 'R', 1); } } From 9915d97adf832b230b6950a65b389e1696f43624 Mon Sep 17 00:00:00 2001 From: glu000 Date: Thu, 28 May 2020 16:11:02 +0200 Subject: [PATCH 022/110] Fix #13991 --- htdocs/core/class/extrafields.class.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index ac388b1ef83..50513739ef5 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1686,8 +1686,13 @@ class ExtraFields } elseif ($type == 'select') { - if ($langfile && $param['options'][$value]) $value = $langs->trans($param['options'][$value]); - else $value = $param['options'][$value]; + $valstr = $param['options'][$value]; + if (($pos = strpos($valstr, "|")) !== false) + { + $valstr = substr ($valstr, 0, $pos); + } + if ($langfile && $valstr) $value = $langs->trans($valstr); + else $value = $valstr; } elseif ($type == 'sellist') { From 56259bae9abcac5e74b846202ff284c6a19815f0 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Thu, 28 May 2020 14:18:00 +0000 Subject: [PATCH 023/110] Fixing style errors. --- htdocs/core/class/extrafields.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index 50513739ef5..f938426d4ba 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1689,7 +1689,7 @@ class ExtraFields $valstr = $param['options'][$value]; if (($pos = strpos($valstr, "|")) !== false) { - $valstr = substr ($valstr, 0, $pos); + $valstr = substr($valstr, 0, $pos); } if ($langfile && $valstr) $value = $langs->trans($valstr); else $value = $valstr; From bdc73b5cae582ff1f3b935e8064021787ba41e0d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 28 May 2020 17:37:53 +0200 Subject: [PATCH 024/110] Update pdf_crabe.modules.php --- htdocs/core/modules/facture/doc/pdf_crabe.modules.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php index c302c2174bf..692e75db82d 100644 --- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php @@ -1275,7 +1275,7 @@ class pdf_crabe extends ModelePDFFactures $pdf->MultiCell($col2x - $col1x, $tab2_hl, $totalvat, 0, 'L', 1); $pdf->SetXY($col2x, $tab2_top + $tab2_hl * $index); - $pdf->MultiCell($largcol2, $tab2_hl, price($tvaval, 0, $outputlangs, '', '', ($conf->global->MAIN_MAX_DECIMALS_TOT ? $conf->global->MAIN_MAX_DECIMALS_TOT : 0)), 0, 'R', 1); + $pdf->MultiCell($largcol2, $tab2_hl, price(price2num($tvaval, 'MT'), 0', $outputlangs), 0, 'R', 1); } } From 8360ca4b20f43772ba9320b1e86896212028eb63 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 28 May 2020 17:38:20 +0200 Subject: [PATCH 025/110] Update pdf_crabe.modules.php --- htdocs/core/modules/facture/doc/pdf_crabe.modules.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php index 692e75db82d..a32ba1308a3 100644 --- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php @@ -1275,7 +1275,7 @@ class pdf_crabe extends ModelePDFFactures $pdf->MultiCell($col2x - $col1x, $tab2_hl, $totalvat, 0, 'L', 1); $pdf->SetXY($col2x, $tab2_top + $tab2_hl * $index); - $pdf->MultiCell($largcol2, $tab2_hl, price(price2num($tvaval, 'MT'), 0', $outputlangs), 0, 'R', 1); + $pdf->MultiCell($largcol2, $tab2_hl, price(price2num($tvaval, 'MT'), 0, $outputlangs), 0, 'R', 1); } } From 1e208e537f12cf9be59655c728a64ab38df9e39a Mon Sep 17 00:00:00 2001 From: kamel Date: Fri, 29 May 2020 16:24:07 +0200 Subject: [PATCH 026/110] FIX: Fix link of the button to create a credit note and fix the awareness of a error happen when to create a credit note --- htdocs/compta/facture/card.php | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index cb3aa9cd099..b97d22631a1 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -1106,12 +1106,12 @@ if (empty($reshook)) } // Add link between credit note and origin - if(! empty($object->fk_facture_source)) { + if(! empty($object->fk_facture_source) && $id>0) { $facture_source->fetch($object->fk_facture_source); $facture_source->fetchObjectLinked(); - if(! empty($facture_source->linkedObjectsIds)) { - foreach($facture_source->linkedObjectsIds as $sourcetype => $TIds) { + if (!empty($facture_source->linkedObjectsIds)) { + foreach ($facture_source->linkedObjectsIds as $sourcetype => $TIds) { $object->add_object_linked($sourcetype, current($TIds)); } } @@ -4835,9 +4835,8 @@ elseif ($id > 0 || ! empty($ref)) // Create a credit note if (($object->type == Facture::TYPE_STANDARD || $object->type == Facture::TYPE_DEPOSIT || $object->type == Facture::TYPE_PROFORMA) && $object->statut > 0 && $usercancreate) { - if (! $objectidnext) - { - print '
' . $langs->trans("CreateCreditNote") . '
'; + if (! $objectidnext) { + print '
' . $langs->trans("CreateCreditNote") . '
'; } } From e223189507a74d268ce4ab19e9e68855f7403765 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 30 May 2020 14:20:04 +0200 Subject: [PATCH 027/110] FIX #14002 --- htdocs/fichinter/list.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php index fd45d2daecb..ef6b9241c8d 100644 --- a/htdocs/fichinter/list.php +++ b/htdocs/fichinter/list.php @@ -75,8 +75,6 @@ $pagenext = $page + 1; if (!$sortorder) $sortorder = "DESC"; if (!$sortfield) { - //if (empty($conf->global->FICHINTER_DISABLE_DETAILS)) $sortfield="fd.date"; - //else $sortfield = "f.ref"; } @@ -203,7 +201,7 @@ foreach ($arrayfields as $tmpkey => $tmpval) $sql = "SELECT"; $sql .= " f.ref, f.rowid, f.fk_statut, f.description, f.datec as date_creation, f.tms as date_update, f.note_private,"; -if (empty($conf->global->FICHINTER_DISABLE_DETAILS) && $atleastonefieldinlines) $sql .= "fd.rowid as lineid, fd.description as descriptiondetail, fd.date as dp, fd.duree,"; +if (empty($conf->global->FICHINTER_DISABLE_DETAILS) && $atleastonefieldinlines) $sql .= " fd.rowid as lineid, fd.description as descriptiondetail, fd.date as dp, fd.duree,"; $sql .= " s.nom as name, s.rowid as socid, s.client"; if (!empty($conf->projet->enabled)) { $sql .= ", pr.rowid as projet_id, pr.ref as projet_ref, pr.title as projet_title"; @@ -245,7 +243,7 @@ if ($search_contrat_ref) { $sql .= natural_search('c.ref', $search_contrat_ref); } if ($search_desc) { - if (empty($conf->global->FICHINTER_DISABLE_DETAILS)) $sql .= natural_search(array('f.description', 'fd.description'), $search_desc); + if (empty($conf->global->FICHINTER_DISABLE_DETAILS) && $atleastonefieldinlines) $sql .= natural_search(array('f.description', 'fd.description'), $search_desc); else $sql .= natural_search(array('f.description'), $search_desc); } if ($search_status != '' && $search_status >= 0) { From 2337d75d92e60ca74f05e096bffce7295fbd9f4f Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Mon, 1 Jun 2020 10:43:57 +0200 Subject: [PATCH 028/110] better fix for #13968 --- htdocs/contact/class/contact.class.php | 63 ++++++++++++++++++-- htdocs/core/class/commonobject.class.php | 35 +++++++++--- htdocs/societe/class/societe.class.php | 73 +++++++++--------------- 3 files changed, 110 insertions(+), 61 deletions(-) diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 8a1b26e9d33..e200a309378 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -1081,7 +1081,7 @@ class Contact extends CommonObject $sql .= " WHERE ec.fk_socpeople=".$this->id; $sql .= " AND ec.fk_c_type_contact=tc.rowid"; $sql .= " AND tc.source='external'"; - dol_syslog(get_class($this)."::delete", LOG_DEBUG); + dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -1094,7 +1094,7 @@ class Contact extends CommonObject $sqldel = "DELETE FROM ".MAIN_DB_PREFIX."element_contact"; $sqldel .= " WHERE rowid = ".$obj->rowid; - dol_syslog(get_class($this)."::delete", LOG_DEBUG); + dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); $result = $this->db->query($sqldel); if (!$result) { @@ -1116,7 +1116,7 @@ class Contact extends CommonObject { // Remove Roles $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".$this->id; - dol_syslog(get_class($this)."::delete", LOG_DEBUG); + dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1130,7 +1130,7 @@ class Contact extends CommonObject { // Remove category $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_contact WHERE fk_socpeople = ".$this->id; - dol_syslog(get_class($this)."::delete", LOG_DEBUG); + dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1144,7 +1144,7 @@ class Contact extends CommonObject { $sql = "DELETE FROM ".MAIN_DB_PREFIX."socpeople"; $sql .= " WHERE rowid=".$this->id; - dol_syslog(get_class($this)."::delete", LOG_DEBUG); + dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); $result = $this->db->query($sql); if (!$result) { @@ -1731,4 +1731,57 @@ class Contact extends CommonObject return $error * -1; } } + + /** + * Delete all contact from a thirdparty + * @param int $socId Thirdparty Id + * @param int $notrigger Disable all trigger + * @return int <0 if KO, >0 if OK + * @throws Exception + */ + public function deleteBySoc($socId = 0, $notrigger = 0) + { + $error = 0; + $deleted = 0; + + if (!empty($socId)) { + $this->db->begin(); + + $sql = "SELECT rowid FROM " . MAIN_DB_PREFIX . $this->table_element; + $sql .= " WHERE fk_soc = " . $socId; + dol_syslog(__METHOD__, LOG_DEBUG); + $resql = $this->db->query($sql); + if (!$resql) { + $this->errors[] = $this->db->lasterror() . ' sql=' . $sql; + $error++; + } else { + while ($obj = $this->db->fetch_object($resql)) { + $result = $this->fetch($obj->rowid); + if ($result < 0) { + $error++; + $this->errors = $this->error; + } else { + $result = $this->delete($notrigger); + if ($result < 0) { + $error++; + $this->errors = $this->error; + } else { + $deleted++; + } + } + } + } + + if (empty($error)) { + $this->db->commit(); + return $deleted; + } else { + $this->error = implode(' ', $this->errors); + $this->db->rollback(); + return $error * -1; + } + } + + return $deleted; + } } diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 10e04896314..7fe7fc41303 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -7891,15 +7891,32 @@ abstract class CommonObject if (!empty($this->childtablesoncascade)) { foreach ($this->childtablesoncascade as $table) { - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table.' WHERE '.$this->fk_element.' = '.$this->id; - $resql = $this->db->query($sql); - if (!$resql) - { - $this->error = $this->db->lasterror(); - $this->errors[] = $this->error; - $this->db->rollback(); - return -1; - } + $deleteFromObject=explode(':', $table); + if (count($deleteFromObject)>1) { + $className=str_replace('@', '', $deleteFromObject[0]); + $filePath=$deleteFromObject[1]; + $deleteMethod=$deleteFromObject[2]; + if (dol_include_once($filePath)) { + $childObject = new $className($this->db); + $result= $childObject->{$deleteMethod}($this->id); + if ($result<0) { + $this->errors[] = $childObject->error; + return -1; + } + } else { + $this->errors[] = 'Cannot find child class file ' .$filePath; + return -1; + } + } else { + $sql = 'DELETE FROM ' . MAIN_DB_PREFIX . $table . ' WHERE ' . $this->fk_element . ' = ' . $this->id; + $resql = $this->db->query($sql); + if (!$resql) { + $this->error = $this->db->lasterror(); + $this->errors[] = $this->error; + $this->db->rollback(); + return -1; + } + } } } diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index e51f8913e48..f5caa59e1f1 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -83,7 +83,8 @@ class Societe extends CommonObject ); /** - * @var array List of child tables. To know object to delete on cascade. + * @var array List of child tables. To know object to delete on cascade. + * if name like with @ClassNAme:FilePathClass:MethodDetele' it will call method to delete object rather tahn SQL delete */ protected $childtablesoncascade = array( "societe_prices", @@ -92,7 +93,7 @@ class Societe extends CommonObject "product_fournisseur_price", "product_customer_price_log", "product_customer_price", - "socpeople", + "@Contact:/contact/class/contact.class.php:deleteBySoc", "adherent", "societe_account", "societe_rib", @@ -105,13 +106,6 @@ class Societe extends CommonObject "actioncomm", ); - /** - * Build as [parentChildTable]=>[childTable]=>array(parentChildTable.PrimaryKey,childTable.ForeignKey,WhereClause) - * Define into Contructor because of MAIN_DB_PREFIX cannot be use here - * @var array List of Parent's child's child tables. To know object to delete on cascade. - */ - protected $parentchildchildtablesoncascade = array(); - /** * @var string String with name of icon for myobject. Must be the part after the 'object_' into object_myobject.png */ @@ -666,22 +660,6 @@ class Societe extends CommonObject $this->forme_juridique_code = 0; $this->tva_assuj = 1; $this->status = 1; - - $this->parentchildchildtablesoncascade = array( - 'socpeople'=> - array( - MAIN_DB_PREFIX.'socpeople_extrafields' => - array(MAIN_DB_PREFIX.'socpeople.rowid',MAIN_DB_PREFIX.'socpeople_extrafields.fk_object',''), - MAIN_DB_PREFIX.'element_contact' => - array(MAIN_DB_PREFIX.'socpeople.rowid', - MAIN_DB_PREFIX.'element_contact.fk_socpeople', - MAIN_DB_PREFIX.'element_contact.fk_c_type_contact IN (SELECT ct.rowid FROM '.MAIN_DB_PREFIX.'c_type_contact as ct WHERE ct.source=\'external\')'), - MAIN_DB_PREFIX.'societe_contacts' => - array(MAIN_DB_PREFIX.'socpeople.rowid', - MAIN_DB_PREFIX.'societe_contacts.fk_socpeople', - MAIN_DB_PREFIX.'societe_contacts.fk_c_type_contact IN (SELECT ct.rowid FROM '.MAIN_DB_PREFIX.'c_type_contact as ct WHERE ct.source=\'external\')'), - ) - ); } @@ -1702,30 +1680,31 @@ class Societe extends CommonObject foreach ($this->childtablesoncascade as $tabletodelete) { - if (!$error && array_key_exists($tabletodelete, $this->parentchildchildtablesoncascade)) - { - if (count($this->parentchildchildtablesoncascade[$tabletodelete])>0){ - foreach($this->parentchildchildtablesoncascade[$tabletodelete] as $childtabletodelete=>$dataToDelette) { - $sql = "DELETE FROM ". $childtabletodelete; - $sql .= " WHERE ".$dataToDelette[1]." IN (SELECT ".$dataToDelette[0]." FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE fk_soc = " . $id.")"; - if (!empty($dataToDelette[3])) { - $sql .= " AND ".$dataToDelette[3]; - } - if (!$this->db->query($sql)) { - $error++; - $this->errors[] = $this->db->lasterror(); - } - } - } - } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete; - $sql .= " WHERE fk_soc = ".$id; - if (!$this->db->query($sql)) - { - $error++; - $this->errors[] = $this->db->lasterror(); + $delete_from_object=explode(':', $tabletodelete); + if (count($delete_from_object)>1) { + $class_name=str_replace('@', '', $delete_from_object[0]); + $filepath=$delete_from_object[1]; + $delete_method=$delete_from_object[2]; + if (dol_include_once($filepath)) { + $child_object = new $class_name($this->db); + $result= $child_object->{$delete_method}($id); + if ($result<0) { + $error++; + $this->errors[] = $child_object->error; + } + } else { + $error++; + $this->errors[] = 'Cannot find child class file ' .$filepath; + } + } else { + $sql = "DELETE FROM " . MAIN_DB_PREFIX . $tabletodelete; + $sql .= " WHERE fk_soc = " . $id; + if (!$this->db->query($sql)) { + $error++; + $this->errors[] = $this->db->lasterror(); + } } } } From c655720b78d9eaa5b5f4aa1c63b1f03db4215052 Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Mon, 1 Jun 2020 10:51:50 +0200 Subject: [PATCH 029/110] fix travis --- htdocs/contact/class/contact.class.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index e200a309378..71d816c166e 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -1081,7 +1081,7 @@ class Contact extends CommonObject $sql .= " WHERE ec.fk_socpeople=".$this->id; $sql .= " AND ec.fk_c_type_contact=tc.rowid"; $sql .= " AND tc.source='external'"; - dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); + dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -1094,7 +1094,7 @@ class Contact extends CommonObject $sqldel = "DELETE FROM ".MAIN_DB_PREFIX."element_contact"; $sqldel .= " WHERE rowid = ".$obj->rowid; - dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); + dol_syslog(__METHOD__, LOG_DEBUG); $result = $this->db->query($sqldel); if (!$result) { @@ -1116,7 +1116,7 @@ class Contact extends CommonObject { // Remove Roles $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".$this->id; - dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); + dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1130,7 +1130,7 @@ class Contact extends CommonObject { // Remove category $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_contact WHERE fk_socpeople = ".$this->id; - dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); + dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1144,7 +1144,7 @@ class Contact extends CommonObject { $sql = "DELETE FROM ".MAIN_DB_PREFIX."socpeople"; $sql .= " WHERE rowid=".$this->id; - dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG); + dol_syslog(__METHOD__, LOG_DEBUG); $result = $this->db->query($sql); if (!$result) { From 3213148d8717b5e8f6410b2da1225c059532927a Mon Sep 17 00:00:00 2001 From: Florian Mortgat Date: Mon, 1 Jun 2020 17:12:02 +0200 Subject: [PATCH 030/110] FIX 11.0 - when using pdftk as per hidden conf USE_PDFTK_FOR_PDF_CONCAT, check that the file exists before displaying a success message --- htdocs/core/actions_massactions.inc.php | 16 ++++++++++------ htdocs/langs/en_US/main.lang | 3 ++- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/htdocs/core/actions_massactions.inc.php b/htdocs/core/actions_massactions.inc.php index b86e7bd692c..dc5b02286eb 100644 --- a/htdocs/core/actions_massactions.inc.php +++ b/htdocs/core/actions_massactions.inc.php @@ -1030,14 +1030,18 @@ if (!$error && $massaction == "builddoc" && $permissiontoread && !GETPOST('butto $input_files .= ' '.escapeshellarg($f); } - $cmd = 'pdftk '.escapeshellarg($input_files).' cat output '.escapeshellarg($file); + $cmd = 'pdftk ' . $input_files . ' cat output '.escapeshellarg($file); exec($cmd); - if (!empty($conf->global->MAIN_UMASK)) - @chmod($file, octdec($conf->global->MAIN_UMASK)); - - $langs->load("exports"); - setEventMessages($langs->trans('FileSuccessfullyBuilt', $filename.'_'.dol_print_date($now, 'dayhourlog')), null, 'mesgs'); + // check if pdftk is installed + if (file_exists($file)) { + if (!empty($conf->global->MAIN_UMASK)) + @chmod($file, octdec($conf->global->MAIN_UMASK)); + $langs->load("exports"); + setEventMessages($langs->trans('FileSuccessfullyBuilt', $filename.'_'.dol_print_date($now, 'dayhourlog')), null, 'mesgs'); + } else { + setEventMessages($langs->trans('ErrorPDFTkOutputFileNotFound'), null, 'errors'); + } } else { diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang index 31e0d5a1c8d..051dde11ff7 100644 --- a/htdocs/langs/en_US/main.lang +++ b/htdocs/langs/en_US/main.lang @@ -837,6 +837,7 @@ Sincerely=Sincerely ConfirmDeleteObject=Are you sure you want to delete this object? DeleteLine=Delete line ConfirmDeleteLine=Are you sure you want to delete this line? +ErrorPDFTkOutputFileNotFound=Error: the file was not generated. Please check that the 'pdftk' command is installed in a directory included in the $PATH environment variable (linux/unix only) or contact your system administrator. NoPDFAvailableForDocGenAmongChecked=No PDF were available for the document generation among checked record TooManyRecordForMassAction=Too many records selected for mass action. The action is restricted to a list of %s records. NoRecordSelected=No record selected @@ -1017,4 +1018,4 @@ ContactDefault_ticket=Ticket ContactAddedAutomatically=Contact added from contact thirdparty roles More=More ShowDetails=Show details -CustomReports=Custom reports \ No newline at end of file +CustomReports=Custom reports From 99b4bfc91e1a149285b9439e63f5464399c36fd9 Mon Sep 17 00:00:00 2001 From: atm-lena Date: Tue, 2 Jun 2020 09:53:30 +0200 Subject: [PATCH 031/110] Movement of hook "selectwarehouse" --- .../product/class/html.formproduct.class.php | 42 +++++++++---------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/htdocs/product/class/html.formproduct.class.php b/htdocs/product/class/html.formproduct.class.php index 8dc86f394a3..f033e91ceff 100644 --- a/htdocs/product/class/html.formproduct.class.php +++ b/htdocs/product/class/html.formproduct.class.php @@ -245,27 +245,6 @@ class FormProduct if (empty($conf->global->ENTREPOT_EXTRA_STATUS)) $filterstatus = ''; if (!empty($fk_product)) $this->cache_warehouses = array(); - $parameters = array( - 'selected' => & $selected, - 'htmlname' =>& $htmlname, - 'filterstatus' =>& $filterstatus, - 'empty' =>& $empty, - 'disabled ' =>& $disabled, - 'fk_product' =>& $fk_product, - 'empty_label' =>& $empty_label, - 'showstock' =>& $showstock, - 'forcecombo' =>& $forcecombo, - 'events' =>& $events, - 'morecss' =>& $morecss, - 'exclude' =>& $exclude, - 'showfullpath' =>& $showfullpath, - 'stockMin' =>& $stockMin, - 'orderBy' =>& $orderBy - ); - - $reshook = $hookmanager->executeHooks('selectWarehouses', $parameters, $this); - if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); - $this->loadWarehouses($fk_product, '', $filterstatus, true, $exclude, $stockMin, $orderBy); $nbofwarehouses=count($this->cache_warehouses); @@ -304,6 +283,27 @@ class FormProduct $out.=''; if ($disabled) $out.=''; + $parameters = array( + 'selected' => $selected, + 'htmlname' => $htmlname, + 'filterstatus' => $filterstatus, + 'empty' => $empty, + 'disabled ' => $disabled, + 'fk_product' => $fk_product, + 'empty_label' => $empty_label, + 'showstock' => $showstock, + 'forcecombo' => $forcecombo, + 'events' => $events, + 'morecss' => $morecss, + 'exclude' => $exclude, + 'showfullpath' => $showfullpath, + 'stockMin' => $stockMin, + 'orderBy' => $orderBy + ); + + $reshook = $hookmanager->executeHooks('selectWarehouses', $parameters, $this); + if ($reshook > 0) $out = $hookmanager->resPrint; + return $out; } From 88a831c05abba711908df2b17e28dade35b9f1b3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 2 Jun 2020 12:12:07 +0200 Subject: [PATCH 032/110] Update html.formproduct.class.php --- htdocs/product/class/html.formproduct.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/class/html.formproduct.class.php b/htdocs/product/class/html.formproduct.class.php index f033e91ceff..56601accebe 100644 --- a/htdocs/product/class/html.formproduct.class.php +++ b/htdocs/product/class/html.formproduct.class.php @@ -235,7 +235,7 @@ class FormProduct * * @throws Exception */ - public function selectWarehouses($selected = '', $htmlname = 'idwarehouse', $filterstatus = '', $empty = 0, $disabled = 0, $fk_product = 0, $empty_label = '', $showstock = 0, $forcecombo = 0, $events = array(), $morecss = 'minwidth200', $exclude = array(), $showfullpath = 1, $stockMin = false, $orderBy = 'e.ref') + public function selectWarehouses($selected = '', $htmlname = 'idwarehouse', $filterstatus = '', $empty = 0, $disabled = 0, $fk_product = 0, $empty_label = '', $showstock = 0, $forcecombo = 0, $events = array(), $morecss = 'minwidth200', $exclude = '', $showfullpath = 1, $stockMin = false, $orderBy = 'e.ref') { global $conf,$langs,$user, $hookmanager; From 009780b895d4dfb8c7b22e76250f86df368763a2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 2 Jun 2020 12:13:55 +0200 Subject: [PATCH 033/110] Update html.formproduct.class.php --- htdocs/product/class/html.formproduct.class.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/product/class/html.formproduct.class.php b/htdocs/product/class/html.formproduct.class.php index 56601accebe..5030722bb73 100644 --- a/htdocs/product/class/html.formproduct.class.php +++ b/htdocs/product/class/html.formproduct.class.php @@ -303,6 +303,7 @@ class FormProduct $reshook = $hookmanager->executeHooks('selectWarehouses', $parameters, $this); if ($reshook > 0) $out = $hookmanager->resPrint; + elseif ($reshook == 0) $out .= $hookmanager->resPrint; return $out; } From da481049c1b93a05ff73928817206d0e3012db3c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 2 Jun 2020 15:45:40 +0200 Subject: [PATCH 034/110] Update commonobject.class.php --- htdocs/core/class/commonobject.class.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 7fe7fc41303..819b4b20839 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -7898,11 +7898,13 @@ abstract class CommonObject $deleteMethod=$deleteFromObject[2]; if (dol_include_once($filePath)) { $childObject = new $className($this->db); - $result= $childObject->{$deleteMethod}($this->id); - if ($result<0) { - $this->errors[] = $childObject->error; - return -1; - } + if (method_exists($childObject, $deleteMethod)) { + $result= $childObject->{$deleteMethod}($this->id); + if ($result<0) { + $this->errors[] = $childObject->error; + return -1; + } + } } else { $this->errors[] = 'Cannot find child class file ' .$filePath; return -1; From 68bb552dcceb7570c9c23d4208c932eb67161970 Mon Sep 17 00:00:00 2001 From: gauthier Date: Tue, 2 Jun 2020 17:06:49 +0200 Subject: [PATCH 035/110] FIX : Tickets mail models doesn't work --- htdocs/admin/mails_templates.php | 1 + htdocs/core/class/html.formticket.class.php | 4 +--- htdocs/langs/en_US/admin.lang | 3 ++- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php index b5f22376c16..85cb5971652 100644 --- a/htdocs/admin/mails_templates.php +++ b/htdocs/admin/mails_templates.php @@ -166,6 +166,7 @@ if ($conf->societe->enabled) $elementList['thirdparty']=$langs->trans( if ($conf->adherent->enabled) $elementList['member']=$langs->trans('MailToMember'); if ($conf->contrat->enabled) $elementList['contract']=$langs->trans('MailToSendContract'); if ($conf->projet->enabled) $elementList['project']=$langs->trans('MailToProject'); +if ($conf->ticket->enabled) $elementList['ticket_send']=$langs->trans('MailToTicket'); $elementList['user']=$langs->trans('MailToUser'); $parameters=array('elementList'=>$elementList); diff --git a/htdocs/core/class/html.formticket.class.php b/htdocs/core/class/html.formticket.class.php index 1e51d54f37e..72673abb323 100644 --- a/htdocs/core/class/html.formticket.class.php +++ b/htdocs/core/class/html.formticket.class.php @@ -991,9 +991,7 @@ class FormTicket // MESSAGE $defaultmessage=""; - if (is_array($arraydefaultmessage) && count($arraydefaultmessage) > 0 && $arraydefaultmessage->content) { - $defaultmessage=$arraydefaultmessage->content; - } + if ($arraydefaultmessage && $arraydefaultmessage->content) $defaultmessage = $arraydefaultmessage->content; $defaultmessage=str_replace('\n', "\n", $defaultmessage); // Deal with format differences between message and signature (text / HTML) diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 64dac1f39e5..5378ef5729d 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -1792,6 +1792,7 @@ MailToThirdparty=Third parties MailToMember=Members MailToUser=Users MailToProject=Projects page +MailToTicket=Tickets ByDefaultInList=Show by default on list view YouUseLastStableVersion=You use the latest stable version TitleExampleForMajorRelease=Example of message you can use to announce this major release (feel free to use it on your web sites) @@ -1923,4 +1924,4 @@ DeleteEmailCollector=Delete email collector ConfirmDeleteEmailCollector=Are you sure you want to delete this email collector? RecipientEmailsWillBeReplacedWithThisValue=Recipient emails will be always replaced with this value AtLeastOneDefaultBankAccountMandatory=At least 1 default bank account must be defined -FeatureNotAvailableWithReceptionModule=Feature not available when module Reception is enabled \ No newline at end of file +FeatureNotAvailableWithReceptionModule=Feature not available when module Reception is enabled From 9e5c7d0acf2c39788fdd90fd5dc8dce8d87cf12f Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Wed, 3 Jun 2020 23:00:53 +0200 Subject: [PATCH 036/110] FIX: Show ref_customer, amount on contract link object --- htdocs/core/class/html.form.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index ec7bfeab7c4..e25f3099ad1 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -6671,7 +6671,7 @@ class Form 'order'=>array('enabled'=>$conf->commande->enabled, 'perms'=>1, 'label'=>'LinkToOrder', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_client, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('commande').')'), 'invoice'=>array('enabled'=>$conf->facture->enabled, 'perms'=>1, 'label'=>'LinkToInvoice', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_client, t.total as total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('invoice').')'), 'invoice_template'=>array('enabled'=>$conf->facture->enabled, 'perms'=>1, 'label'=>'LinkToTemplateInvoice', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.titre as ref, t.total as total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture_rec as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('invoice').')'), - 'contrat'=>array('enabled'=>$conf->contrat->enabled , 'perms'=>1, 'label'=>'LinkToContract', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_supplier, '' as total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('contract').')'), + 'contrat'=>array('enabled'=>$conf->contrat->enabled , 'perms'=>1, 'label'=>'LinkToContract', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_customer as ref_client, t.ref_supplier, td.total_ht as total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as t, ".MAIN_DB_PREFIX."contratdet as td WHERE t.fk_soc = s.rowid AND td.fk_contrat = t.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('contract').')'), 'fichinter'=>array('enabled'=>$conf->ficheinter->enabled, 'perms'=>1, 'label'=>'LinkToIntervention', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."fichinter as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('intervention').')'), 'supplier_proposal'=>array('enabled'=>$conf->supplier_proposal->enabled , 'perms'=>1, 'label'=>'LinkToSupplierProposal', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, '' as ref_supplier, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."supplier_proposal as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('supplier_proposal').')'), 'order_supplier'=>array('enabled'=>$conf->supplier_order->enabled , 'perms'=>1, 'label'=>'LinkToSupplierOrder', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_supplier, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande_fournisseur as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('commande_fournisseur').')'), From e19f496d625ec917f9e7be91cce8a7af14f09c60 Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Wed, 3 Jun 2020 23:30:06 +0200 Subject: [PATCH 037/110] Fix missing test on module enabled for user validators --- htdocs/user/card.php | 114 ++++++++++++++++++++++--------------------- 1 file changed, 58 insertions(+), 56 deletions(-) diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 4bedd36fc3c..6e2d9b1cfdb 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -1631,32 +1631,36 @@ else print "\n"; // Expense report validator - print ''; - $text = $langs->trans("ForceUserExpenseValidator"); - print $form->textwithpicto($text, $langs->trans("ValidatorIsSupervisorByDefault"), 1, 'help'); - print ''; - print ''; - if (!empty($object->fk_user_expense_validator)) { - $evuser = new User($db); - $evuser->fetch($object->fk_user_expense_validator); - print $evuser->getNomUrl(1); + if (!empty($conf->expensereport->enabled)) { + print ''; + $text = $langs->trans("ForceUserExpenseValidator"); + print $form->textwithpicto($text, $langs->trans("ValidatorIsSupervisorByDefault"), 1, 'help'); + print ''; + print ''; + if (!empty($object->fk_user_expense_validator)) { + $evuser = new User($db); + $evuser->fetch($object->fk_user_expense_validator); + print $evuser->getNomUrl(1); + } + print ''; + print "\n"; } - print ''; - print "\n"; // Holiday request validator - print ''; - $text = $langs->trans("ForceUserHolidayValidator"); - print $form->textwithpicto($text, $langs->trans("ValidatorIsSupervisorByDefault"), 1, 'help'); - print ''; - print ''; - if (!empty($object->fk_user_holiday_validator)) { - $hvuser = new User($db); - $hvuser->fetch($object->fk_user_holiday_validator); - print $hvuser->getNomUrl(1); + if (!empty($conf->holiday->enabled)) { + print ''; + $text = $langs->trans("ForceUserHolidayValidator"); + print $form->textwithpicto($text, $langs->trans("ValidatorIsSupervisorByDefault"), 1, 'help'); + print ''; + print ''; + if (!empty($object->fk_user_holiday_validator)) { + $hvuser = new User($db); + $hvuser->fetch($object->fk_user_holiday_validator); + print $hvuser->getNomUrl(1); + } + print ''; + print "\n"; } - print ''; - print "\n"; // Default warehouse if (!empty($conf->stock->enabled) && !empty($conf->global->USER_DEFAULT_WAREHOUSE)) // TODO What is goal of this. How it is used ? @@ -2345,44 +2349,42 @@ else print "\n"; // Expense report validator - print ''; - $text = $langs->trans("ForceUserExpenseValidator"); - print $form->textwithpicto($text, $langs->trans("ValidatorIsSupervisorByDefault"), 1, 'help'); - print ''; - print ''; - if ($caneditfield) - { - print $form->select_dolusers($object->fk_user_expense_validator, 'fk_user_expense_validator', 1, array($object->id), 0, '', 0, $object->entity, 0, 0, '', 0, '', 'maxwidth300'); + if (!empty($conf->expensereport->enabled)) { + print ''; + $text = $langs->trans("ForceUserExpenseValidator"); + print $form->textwithpicto($text, $langs->trans("ValidatorIsSupervisorByDefault"), 1, 'help'); + print ''; + print ''; + if ($caneditfield) { + print $form->select_dolusers($object->fk_user_expense_validator, 'fk_user_expense_validator', 1, array($object->id), 0, '', 0, $object->entity, 0, 0, '', 0, '', 'maxwidth300'); + } else { + print ''; + $evuser = new User($db); + $evuser->fetch($object->fk_user_expense_validator); + print $evuser->getNomUrl(1); + } + print ''; + print "\n"; } - else - { - print ''; - $evuser = new User($db); - $evuser->fetch($object->fk_user_expense_validator); - print $evuser->getNomUrl(1); - } - print ''; - print "\n"; // Holiday request validator - print ''; - $text = $langs->trans("ForceUserHolidayValidator"); - print $form->textwithpicto($text, $langs->trans("ValidatorIsSupervisorByDefault"), 1, 'help'); - print ''; - print ''; - if ($caneditfield) - { - print $form->select_dolusers($object->fk_user_holiday_validator, 'fk_user_holiday_validator', 1, array($object->id), 0, '', 0, $object->entity, 0, 0, '', 0, '', 'maxwidth300'); + if (!empty($conf->holiday->enabled)) { + print ''; + $text = $langs->trans("ForceUserHolidayValidator"); + print $form->textwithpicto($text, $langs->trans("ValidatorIsSupervisorByDefault"), 1, 'help'); + print ''; + print ''; + if ($caneditfield) { + print $form->select_dolusers($object->fk_user_holiday_validator, 'fk_user_holiday_validator', 1, array($object->id), 0, '', 0, $object->entity, 0, 0, '', 0, '', 'maxwidth300'); + } else { + print ''; + $hvuser = new User($db); + $hvuser->fetch($object->fk_user_holiday_validator); + print $hvuser->getNomUrl(1); + } + print ''; + print "\n"; } - else - { - print ''; - $hvuser = new User($db); - $hvuser->fetch($object->fk_user_holiday_validator); - print $hvuser->getNomUrl(1); - } - print ''; - print "\n"; print '
'; From f6e0ed08e2bedf6bebdd50f83f0fa63c043a0289 Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Thu, 4 Jun 2020 00:30:17 +0200 Subject: [PATCH 038/110] Fix #14027 : emptying social network value on contact wasn't working --- htdocs/contact/card.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php index e7fb6469869..f0f65071207 100644 --- a/htdocs/contact/card.php +++ b/htdocs/contact/card.php @@ -403,6 +403,7 @@ if (empty($reshook)) //$object->twitter = GETPOST("twitter", 'alpha'); //$object->facebook = GETPOST("facebook", 'alpha'); //$object->linkedin = GETPOST("linkedin", 'alpha'); + $object->socialnetworks = array(); if (!empty($conf->socialnetworks->enabled)) { foreach ($socialnetworks as $key => $value) { if (GETPOSTISSET($key) && GETPOST($key, 'alphanohtml') != '') { From ede084a1117c0aca753db35da0ec505cc346ba25 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Thu, 4 Jun 2020 05:11:00 +0200 Subject: [PATCH 039/110] Fix stickler --- htdocs/core/class/html.form.class.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index e25f3099ad1..627e5ee8a2b 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -6671,7 +6671,8 @@ class Form 'order'=>array('enabled'=>$conf->commande->enabled, 'perms'=>1, 'label'=>'LinkToOrder', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_client, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('commande').')'), 'invoice'=>array('enabled'=>$conf->facture->enabled, 'perms'=>1, 'label'=>'LinkToInvoice', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_client, t.total as total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('invoice').')'), 'invoice_template'=>array('enabled'=>$conf->facture->enabled, 'perms'=>1, 'label'=>'LinkToTemplateInvoice', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.titre as ref, t.total as total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture_rec as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('invoice').')'), - 'contrat'=>array('enabled'=>$conf->contrat->enabled , 'perms'=>1, 'label'=>'LinkToContract', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_customer as ref_client, t.ref_supplier, td.total_ht as total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as t, ".MAIN_DB_PREFIX."contratdet as td WHERE t.fk_soc = s.rowid AND td.fk_contrat = t.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('contract').')'), + 'contrat'=>array('enabled'=>$conf->contrat->enabled , 'perms'=>1, 'label'=>'LinkToContract', + 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_customer as ref_client, t.ref_supplier, td.total_ht as total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as t, ".MAIN_DB_PREFIX."contratdet as td WHERE t.fk_soc = s.rowid AND td.fk_contrat = t.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('contract').')'), 'fichinter'=>array('enabled'=>$conf->ficheinter->enabled, 'perms'=>1, 'label'=>'LinkToIntervention', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."fichinter as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('intervention').')'), 'supplier_proposal'=>array('enabled'=>$conf->supplier_proposal->enabled , 'perms'=>1, 'label'=>'LinkToSupplierProposal', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, '' as ref_supplier, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."supplier_proposal as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('supplier_proposal').')'), 'order_supplier'=>array('enabled'=>$conf->supplier_order->enabled , 'perms'=>1, 'label'=>'LinkToSupplierOrder', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_supplier, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande_fournisseur as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('commande_fournisseur').')'), From c393f8149c27a437d7c963d9a5d140a024556a8f Mon Sep 17 00:00:00 2001 From: Florian Mortgat Date: Thu, 4 Jun 2020 11:29:51 +0200 Subject: [PATCH 040/110] FIX: when creating a VariousPayment, the value date is not copied onto the AccountLine that gets created at the same time, so the bank transaction's value date will be the payment date instead of the payment's value date --- htdocs/compta/bank/class/paymentvarious.class.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/htdocs/compta/bank/class/paymentvarious.class.php b/htdocs/compta/bank/class/paymentvarious.class.php index aea51e1a544..9a98ed3fc73 100644 --- a/htdocs/compta/bank/class/paymentvarious.class.php +++ b/htdocs/compta/bank/class/paymentvarious.class.php @@ -422,7 +422,11 @@ class PaymentVarious extends CommonObject $sign * abs($this->amount), $this->num_payment, ($this->category_transaction > 0 ? $this->category_transaction : 0), - $user + $user, + '', + '', + '', + $this->datev ); // Update fk_bank into llx_paiement. From 7115bd7033139aff8bdce5567d8c01ff4b07f933 Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Thu, 4 Jun 2020 20:14:19 +0200 Subject: [PATCH 041/110] better fix --- htdocs/contact/class/contact.class.php | 56 --------------- htdocs/core/class/commonobject.class.php | 91 +++++++++++++++++++++--- htdocs/societe/class/societe.class.php | 27 +++---- 3 files changed, 98 insertions(+), 76 deletions(-) diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 71d816c166e..dadb41179ca 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -1067,9 +1067,6 @@ class Contact extends CommonObject $error = 0; - //$this->old_lastname = $obj->lastname; - //$this->old_firstname = $obj->firstname; - $this->db->begin(); if (!$error) @@ -1731,57 +1728,4 @@ class Contact extends CommonObject return $error * -1; } } - - /** - * Delete all contact from a thirdparty - * @param int $socId Thirdparty Id - * @param int $notrigger Disable all trigger - * @return int <0 if KO, >0 if OK - * @throws Exception - */ - public function deleteBySoc($socId = 0, $notrigger = 0) - { - $error = 0; - $deleted = 0; - - if (!empty($socId)) { - $this->db->begin(); - - $sql = "SELECT rowid FROM " . MAIN_DB_PREFIX . $this->table_element; - $sql .= " WHERE fk_soc = " . $socId; - dol_syslog(__METHOD__, LOG_DEBUG); - $resql = $this->db->query($sql); - if (!$resql) { - $this->errors[] = $this->db->lasterror() . ' sql=' . $sql; - $error++; - } else { - while ($obj = $this->db->fetch_object($resql)) { - $result = $this->fetch($obj->rowid); - if ($result < 0) { - $error++; - $this->errors = $this->error; - } else { - $result = $this->delete($notrigger); - if ($result < 0) { - $error++; - $this->errors = $this->error; - } else { - $deleted++; - } - } - } - } - - if (empty($error)) { - $this->db->commit(); - return $deleted; - } else { - $this->error = implode(' ', $this->errors); - $this->db->rollback(); - return $error * -1; - } - } - - return $deleted; - } } diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 7fe7fc41303..d8ff3cde3c4 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -438,10 +438,14 @@ abstract class CommonObject public $next_prev_filter; - + /** + * @var array List of child tables. To know object to delete on cascade. + * if name like with @ClassNAme:FilePathClass;ParentFkFieldName' it will + * call method deleteByParentField(parentId,ParentFkFieldName) to fetch and delete child object + */ + protected $childtablesoncascade = array(); // No constructor as it is an abstract class - /** * Check an object id/ref exists * If you don't need/want to instantiate object and just need to know if object exists, use this method instead of fetch @@ -7892,16 +7896,18 @@ abstract class CommonObject foreach ($this->childtablesoncascade as $table) { $deleteFromObject=explode(':', $table); - if (count($deleteFromObject)>1) { + if (count($deleteFromObject)>=2) { $className=str_replace('@', '', $deleteFromObject[0]); $filePath=$deleteFromObject[1]; - $deleteMethod=$deleteFromObject[2]; + $columnName=$deleteFromObject[2]; if (dol_include_once($filePath)) { $childObject = new $className($this->db); - $result= $childObject->{$deleteMethod}($this->id); - if ($result<0) { - $this->errors[] = $childObject->error; - return -1; + if (is_callable($childObject, 'deleteByParentField')) { + $result = $childObject->deleteByParentField($this->id, $columnName); + if ($result < 0) { + $this->errors[] = $childObject->error; + return -1; + } } } else { $this->errors[] = 'Cannot find child class file ' .$filePath; @@ -7963,6 +7969,75 @@ abstract class CommonObject } } + /** + * Delete all child object + * @param int $parentId Parent Id + * @param string $parentField Name of parent FIled + * @return int <0 if KO, >0 if OK + * @throws Exception + */ + public function deleteByParentField($parentId = 0, $parentField='') + { + global $user; + + $error = 0; + $deleted = 0; + + if (!empty($parentId) && !empty($parentField)) { + $this->db->begin(); + + $sql = "SELECT rowid FROM " . MAIN_DB_PREFIX . $this->table_element; + $sql .= ' WHERE '.$parentField.' = ' . $parentId; + dol_syslog(__METHOD__, LOG_DEBUG); + $resql = $this->db->query($sql); + if (!$resql) { + $this->errors[] = $this->db->lasterror(); + $error++; + } else { + while ($obj = $this->db->fetch_object($resql)) { + $result = $this->fetch($obj->rowid); + if ($result < 0) { + $error++; + $this->errors = $this->error; + } else { + $needUserParam = false; + if (class_exists('ReflectionMethod')) { + $method = new ReflectionMethod($this, 'delete'); + $argsMethod=$method->getParameters(); + if (is_array($argsMethod) && count($argsMethod)>0) { + if ($argsMethod[0]->name == 'user') { + $needUserParam = true; + } + } + } + if ($needUserParam) { + $result = $this->delete($user); + } else { + $result = $this->delete(); + } + if ($result < 0) { + $error++; + $this->errors = $this->error; + } else { + $deleted++; + } + } + } + } + + if (empty($error)) { + $this->db->commit(); + return $deleted; + } else { + $this->error = implode(' ', $this->errors); + $this->db->rollback(); + return $error * -1; + } + } + + return $deleted; + } + /** * Delete a line of object in database * diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index f5caa59e1f1..242b3c3efd4 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -84,7 +84,7 @@ class Societe extends CommonObject /** * @var array List of child tables. To know object to delete on cascade. - * if name like with @ClassNAme:FilePathClass:MethodDetele' it will call method to delete object rather tahn SQL delete + * if name like with @ClassNAme:FilePathClass;ParentFkFieldName' it will call method deleteByParentField (with parentId as parameters) and FieldName to fetch and delete child object */ protected $childtablesoncascade = array( "societe_prices", @@ -93,7 +93,7 @@ class Societe extends CommonObject "product_fournisseur_price", "product_customer_price_log", "product_customer_price", - "@Contact:/contact/class/contact.class.php:deleteBySoc", + "@Contact:/contact/class/contact.class.php:fk_soc", "adherent", "societe_account", "societe_rib", @@ -1682,17 +1682,19 @@ class Societe extends CommonObject { if (!$error) { - $delete_from_object=explode(':', $tabletodelete); - if (count($delete_from_object)>1) { - $class_name=str_replace('@', '', $delete_from_object[0]); - $filepath=$delete_from_object[1]; - $delete_method=$delete_from_object[2]; + $deleteFromObject=explode(':', $tabletodelete); + if (count($deleteFromObject)>=2) { + $className=str_replace('@', '', $deleteFromObject[0]); + $filepath=$deleteFromObject[1]; + $columnName=$deleteFromObject[2]; if (dol_include_once($filepath)) { - $child_object = new $class_name($this->db); - $result= $child_object->{$delete_method}($id); - if ($result<0) { - $error++; - $this->errors[] = $child_object->error; + if (class_exists($className)) { + $child_object = new $className($this->db); + $result = $child_object->deleteByParentField($id, $columnName); + if ($result < 0) { + $error++; + $this->errors[] = $child_object->error; + } } } else { $error++; @@ -1706,6 +1708,7 @@ class Societe extends CommonObject $this->errors[] = $this->db->lasterror(); } } + } } From b47761e05cd71d5c1ba945f2470fb5c7adbff450 Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Thu, 4 Jun 2020 20:20:43 +0200 Subject: [PATCH 042/110] fix comment --- htdocs/core/class/commonobject.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index d8ff3cde3c4..798783c951c 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -7972,7 +7972,7 @@ abstract class CommonObject /** * Delete all child object * @param int $parentId Parent Id - * @param string $parentField Name of parent FIled + * @param string $parentField Name of Foreign key parent column * @return int <0 if KO, >0 if OK * @throws Exception */ From e9b17aac8db567d39b9bde6921f4b781f031fff7 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Thu, 4 Jun 2020 18:20:48 +0000 Subject: [PATCH 043/110] Fixing style errors. --- htdocs/core/class/commonobject.class.php | 2 +- htdocs/societe/class/societe.class.php | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index d8ff3cde3c4..190720a3f73 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -7976,7 +7976,7 @@ abstract class CommonObject * @return int <0 if KO, >0 if OK * @throws Exception */ - public function deleteByParentField($parentId = 0, $parentField='') + public function deleteByParentField($parentId = 0, $parentField = '') { global $user; diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 242b3c3efd4..12280843b2a 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -1708,7 +1708,6 @@ class Societe extends CommonObject $this->errors[] = $this->db->lasterror(); } } - } } From afafe1a7377f4e6da3ec3a5efee83716a79c9afd Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Thu, 4 Jun 2020 21:38:44 +0200 Subject: [PATCH 044/110] forget[] --- htdocs/core/class/commonobject.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 1645ca2f982..922d7d3f3af 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -8017,7 +8017,7 @@ abstract class CommonObject } if ($result < 0) { $error++; - $this->errors = $this->error; + $this->errors[] = $this->error; } else { $deleted++; } From 699557adbe40e9aa86d7904d4c841876d1a2ac2c Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Thu, 4 Jun 2020 21:39:23 +0200 Subject: [PATCH 045/110] forget[] --- htdocs/core/class/commonobject.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 922d7d3f3af..0747f1553f3 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -7998,7 +7998,7 @@ abstract class CommonObject $result = $this->fetch($obj->rowid); if ($result < 0) { $error++; - $this->errors = $this->error; + $this->errors[] = $this->error; } else { $needUserParam = false; if (class_exists('ReflectionMethod')) { From ded7b79a6f69544cbf7b1fe4ab09b83246012191 Mon Sep 17 00:00:00 2001 From: VESSILLER Date: Fri, 5 Jun 2020 12:10:03 +0200 Subject: [PATCH 046/110] FIX free text on cash desk --- htdocs/takepos/admin/setup.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/takepos/admin/setup.php b/htdocs/takepos/admin/setup.php index f331587723b..e6db38716bc 100644 --- a/htdocs/takepos/admin/setup.php +++ b/htdocs/takepos/admin/setup.php @@ -74,8 +74,8 @@ if (GETPOST('action', 'alpha') == 'set') $res = dolibarr_set_const($db, "TAKEPOS_ORDER_PRINTERS", GETPOST('TAKEPOS_ORDER_PRINTERS', 'alpha'), 'chaine', 0, '', $conf->entity); $res = dolibarr_set_const($db, "TAKEPOS_ORDER_NOTES", GETPOST('TAKEPOS_ORDER_NOTES', 'alpha'), 'chaine', 0, '', $conf->entity); $res = dolibarr_set_const($db, "TAKEPOS_AUTO_PRINT_TICKETS", GETPOST('TAKEPOS_AUTO_PRINT_TICKETS', 'int'), 'int', 0, '', $conf->entity); - $res = dolibarr_set_const($db, "TAKEPOS_HEADER", GETPOST('TAKEPOS_HEADER', 'alpha'), 'chaine', 0, '', $conf->entity); - $res = dolibarr_set_const($db, "TAKEPOS_FOOTER", GETPOST('TAKEPOS_FOOTER', 'alpha'), 'chaine', 0, '', $conf->entity); + $res = dolibarr_set_const($db, "TAKEPOS_HEADER", GETPOST('TAKEPOS_HEADER', 'none'), 'chaine', 0, '', $conf->entity); + $res = dolibarr_set_const($db, "TAKEPOS_FOOTER", GETPOST('TAKEPOS_FOOTER', 'none'), 'chaine', 0, '', $conf->entity); $res = dolibarr_set_const($db, "TAKEPOS_NUMPAD", GETPOST('TAKEPOS_NUMPAD', 'alpha'), 'chaine', 0, '', $conf->entity); $res = dolibarr_set_const($db, "TAKEPOS_NUM_TERMINALS", GETPOST('TAKEPOS_NUM_TERMINALS', 'alpha'), 'chaine', 0, '', $conf->entity); From e5f8f38fbf374085c0ac3e0582b253bc51db5fda Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Fri, 5 Jun 2020 17:24:59 +0200 Subject: [PATCH 047/110] FIX: Accountancy - Binding index - Add a filter on sql request for module Subtotal & Jalon --- htdocs/accountancy/customer/index.php | 4 ++++ htdocs/accountancy/supplier/index.php | 3 +++ 2 files changed, 7 insertions(+) diff --git a/htdocs/accountancy/customer/index.php b/htdocs/accountancy/customer/index.php index ab2c00d13b0..b38606dc787 100644 --- a/htdocs/accountancy/customer/index.php +++ b/htdocs/accountancy/customer/index.php @@ -252,6 +252,7 @@ $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa ON aa.rowid $sql .= " WHERE f.datef >= '" . $db->idate($search_date_start) . "'"; $sql .= " AND f.datef <= '" . $db->idate($search_date_end) . "'"; $sql .= " AND f.fk_statut > 0"; +$sql .= " AND fd.product_type <= 2"; $sql .= " AND f.entity IN (" . getEntity('invoice', 0) . ")"; // We don't share object for accountancy $sql .= " AND aa.account_number IS NULL"; if (! empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) { @@ -329,6 +330,7 @@ $sql .= " WHERE f.datef >= '" . $db->idate($search_date_start) . "'"; $sql .= " AND f.datef <= '" . $db->idate($search_date_end) . "'"; $sql .= " AND f.entity IN (" . getEntity('invoice', 0) . ")"; // We don't share object for accountancy $sql .= " AND f.fk_statut > 0"; +$sql .= " AND fd.product_type <= 2"; if (! empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) { $sql .= " AND f.type IN (" . Facture::TYPE_STANDARD . "," . Facture::TYPE_REPLACEMENT . "," . Facture::TYPE_CREDIT_NOTE . "," . Facture::TYPE_SITUATION . ")"; } else { @@ -406,6 +408,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) // This part of code looks strange. $sql .= " AND f.datef <= '" . $db->idate($search_date_end) . "'"; $sql .= " AND f.entity IN (" . getEntity('invoice', 0) . ")"; // We don't share object for accountancy $sql .= " AND f.fk_statut > 0"; + $sql .= " AND fd.product_type <= 2"; if (! empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) { $sql .= " AND f.type IN (" . Facture::TYPE_STANDARD . "," . Facture::TYPE_REPLACEMENT . "," . Facture::TYPE_CREDIT_NOTE . "," . Facture::TYPE_SITUATION . ")"; } else { @@ -458,6 +461,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) // This part of code looks strange. $sql .= " AND f.datef <= '" . $db->idate($search_date_end) . "'"; $sql .= " AND f.entity IN (" . getEntity('invoice', 0) . ")"; // We don't share object for accountancy $sql .= " AND f.fk_statut > 0"; + $sql .= " AND fd.product_type <= 2"; if (! empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) { $sql .= " AND f.type IN (" . Facture::TYPE_STANDARD . "," . Facture::TYPE_REPLACEMENT . "," . Facture::TYPE_CREDIT_NOTE . "," . Facture::TYPE_SITUATION . ")"; } else { diff --git a/htdocs/accountancy/supplier/index.php b/htdocs/accountancy/supplier/index.php index eb81e4909d9..9ce820deff9 100644 --- a/htdocs/accountancy/supplier/index.php +++ b/htdocs/accountancy/supplier/index.php @@ -250,6 +250,7 @@ $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa ON aa.rowid $sql .= " WHERE ff.datef >= '" . $db->idate($search_date_start) . "'"; $sql .= " AND ff.datef <= '" . $db->idate($search_date_end) . "'"; $sql .= " AND ff.fk_statut > 0"; +$sql .= " AND ffd.product_type <= 2"; $sql .= " AND ff.entity IN (" . getEntity('facture_fourn', 0) . ")"; // We don't share object for accountancy $sql .= " AND aa.account_number IS NULL"; $sql .= " GROUP BY ffd.fk_code_ventilation,aa.account_number,aa.label"; @@ -321,6 +322,7 @@ $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa ON aa.rowid $sql .= " WHERE ff.datef >= '" . $db->idate($search_date_start) . "'"; $sql .= " AND ff.datef <= '" . $db->idate($search_date_end) . "'"; $sql .= " AND ff.fk_statut > 0"; +$sql .= " AND ffd.product_type <= 2"; $sql .= " AND ff.entity IN (" . getEntity('facture_fourn', 0) . ")"; // We don't share object for accountancy $sql .= " AND aa.account_number IS NOT NULL"; $sql .= " GROUP BY ffd.fk_code_ventilation,aa.account_number,aa.label"; @@ -392,6 +394,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) // This part of code looks strange. $sql .= " WHERE ff.datef >= '" . $db->idate($search_date_start) . "'"; $sql .= " AND ff.datef <= '" . $db->idate($search_date_end) . "'"; $sql .= " AND ff.fk_statut > 0"; + $sql .= " AND ffd.product_type <= 2"; $sql .= " AND ff.entity IN (" . getEntity('facture_fourn', 0) . ")"; // We don't share object for accountancy dol_syslog('htdocs/accountancy/supplier/index.php'); From ca3f62e4ac1fc320459a416b87900ee6ae0def59 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 5 Jun 2020 17:47:52 +0200 Subject: [PATCH 048/110] Doc repair Row size too large --- htdocs/install/mysql/migration/repair.sql | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/htdocs/install/mysql/migration/repair.sql b/htdocs/install/mysql/migration/repair.sql index b21429a4d1b..7977227caf5 100644 --- a/htdocs/install/mysql/migration/repair.sql +++ b/htdocs/install/mysql/migration/repair.sql @@ -519,3 +519,7 @@ UPDATE llx_facturedet SET situation_percent = 100 WHERE situation_percent IS NUL -- update llx_societe set code_compta_fournisseur = concat('401', substr(code_fournisseur, 3, 2),substr(code_fournisseur, 8, 5)) where fournisseur in (1,2,3) and code_fournisseur is not null; +-- To fix a table with error "ERROR 1118 (42000): Row size too large. The maximum row size for the used table type, not counting BLOBs, is 8126. This includes storage overhead, check the manual. You have to change some columns to TEXT or BLOBs" +--ALTER TABLE llx_tablename ROW_FORMAT=DYNAMIC; + + From 2344435416fe44ebb59ce760a51c04d036240694 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 5 Jun 2020 23:10:55 +0200 Subject: [PATCH 049/110] Fix XSS CWE-ID CWE-79 --- htdocs/adherents/card.php | 115 +++++++++++++++++++------------------- htdocs/product/card.php | 14 ++--- htdocs/societe/card.php | 106 +++++++++++++++++------------------ htdocs/ticket/card.php | 18 +++--- 4 files changed, 125 insertions(+), 128 deletions(-) diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 7d24b330d3e..21bcc17bd42 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -243,18 +243,16 @@ if (empty($reshook)) require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $birthdate = ''; - if (isset($_POST["birthday"]) && $_POST["birthday"] - && isset($_POST["birthmonth"]) && $_POST["birthmonth"] - && isset($_POST["birthyear"]) && $_POST["birthyear"]) + if (GETPOST("birthday", 'int') && GETPOST("birthmonth", 'int') && GETPOST("birthyear", 'int')) { - $birthdate = dol_mktime(12, 0, 0, $_POST["birthmonth"], $_POST["birthday"], $_POST["birthyear"]); + $birthdate = dol_mktime(12, 0, 0, GETPOST("birthmonth", 'int'), GETPOST("birthday", 'int'), GETPOST("birthyear", 'int')); } - $lastname = $_POST["lastname"]; - $firstname = $_POST["firstname"]; - $gender = $_POST["gender"]; - $societe = $_POST["societe"]; - $morphy = $_POST["morphy"]; - $login = $_POST["login"]; + $lastname = GETPOST("lastname", 'alphanohtml'); + $firstname = GETPOST("firstname", 'alphanohtml'); + $gender = GETPOST("gender", 'alphanohtml'); + $societe = GETPOST("societe", 'alphanohtml'); + $morphy = GETPOST("morphy", 'alphanohtml'); + $login = GETPOST("login", 'alphanohtml'); if ($morphy != 'mor' && empty($lastname)) { $error++; $langs->load("errors"); @@ -284,19 +282,19 @@ if (empty($reshook)) $object->oldcopy = clone $object; // Change values - $object->civility_id = trim(GETPOST("civility_id", 'alpha')); - $object->firstname = trim(GETPOST("firstname", 'alpha')); - $object->lastname = trim(GETPOST("lastname", 'alpha')); - $object->gender = trim(GETPOST("gender", 'alpha')); + $object->civility_id = trim(GETPOST("civility_id", 'alphanohtml')); + $object->firstname = trim(GETPOST("firstname", 'alphanohtml')); + $object->lastname = trim(GETPOST("lastname", 'alphanohtml')); + $object->gender = trim(GETPOST("gender", 'alphanohtml')); $object->login = trim(GETPOST("login", 'alpha')); $object->pass = trim(GETPOST("pass", 'alpha')); - $object->societe = trim(GETPOST("societe", 'alpha')); // deprecated - $object->company = trim(GETPOST("societe", 'alpha')); + $object->societe = trim(GETPOST("societe", 'alphanohtml')); // deprecated + $object->company = trim(GETPOST("societe", 'alphanohtml')); - $object->address = trim(GETPOST("address", 'alpha')); - $object->zip = trim(GETPOST("zipcode", 'alpha')); - $object->town = trim(GETPOST("town", 'alpha')); + $object->address = trim(GETPOST("address", 'alphanohtml')); + $object->zip = trim(GETPOST("zipcode", 'alphanohtml')); + $object->town = trim(GETPOST("town", 'alphanohtml')); $object->state_id = GETPOST("state_id", 'int'); $object->country_id = GETPOST("country_id", 'int'); @@ -442,14 +440,14 @@ if (empty($reshook)) } $typeid = GETPOST("typeid", 'int'); - $civility_id = GETPOST("civility_id", 'alpha'); - $lastname = GETPOST("lastname", 'alpha'); - $firstname = GETPOST("firstname", 'alpha'); - $gender = GETPOST("gender", 'alpha'); - $societe = GETPOST("societe", 'alpha'); - $address = GETPOST("address", 'alpha'); - $zip = GETPOST("zipcode", 'alpha'); - $town = GETPOST("town", 'alpha'); + $civility_id = GETPOST("civility_id", 'alphanohtml'); + $lastname = GETPOST("lastname", 'alphanohtml'); + $firstname = GETPOST("firstname", 'alphanohtml'); + $gender = GETPOST("gender", 'alphanohtml'); + $societe = GETPOST("societe", 'alphanohtml'); + $address = GETPOST("address", 'alphanohtml'); + $zip = GETPOST("zipcode", 'alphanohtml'); + $town = GETPOST("town", 'alphanohtml'); $state_id = GETPOST("state_id", 'int'); $country_id = GETPOST("country_id", 'int'); @@ -465,9 +463,8 @@ if (empty($reshook)) $pass = GETPOST("password", 'alpha'); $photo = GETPOST("photo", 'alpha'); //$comment=GETPOST("comment",'none'); - $morphy = GETPOST("morphy", 'alpha'); - $subscription = GETPOST("subscription", 'alpha'); - $public = GETPOST("public", 'alpha'); + $morphy = GETPOST("morphy", 'alphanohtml'); + $public = GETPOST("public", 'alphanohtml'); $userid = GETPOST("userid", 'int'); $socid = GETPOST("socid", 'int'); @@ -976,7 +973,7 @@ else print "\n"; // Company - print ''; + print ''; // Civility print ''; // Lastname - print ''; + print ''; print ''; // Firstname - print ''; + print ''; print ''; // Gender print ''; print ''; // EMail - print ''; + print ''; // Address print ''; // Zip / Town print ''; // Country $object->country_id = $object->country_id ? $object->country_id : $mysoc->country_id; print ''; @@ -1026,7 +1023,7 @@ else print ''; + print ''; // Personal phone - print ''; + print ''; // Mobile phone - print ''; + print ''; if (!empty($conf->socialnetworks->enabled)) { foreach ($socialnetworks as $key => $value) { if (!$value['active']) break; - print ''; + print ''; } } @@ -1196,14 +1193,14 @@ else $morphys["phy"] = $langs->trans("Physical"); $morphys["mor"] = $langs->trans("Moral"); print '"; // Type print '"; // Company - print ''; + print ''; // Civility print ''; print ''; // Lastname - print ''; + print ''; print ''; // Firstname - print ''; + print ''; print ''; // Gender print ''; print ''; // Photo @@ -1256,14 +1253,14 @@ else // Address print ''; // Zip / Town print ''; // Country @@ -1282,18 +1279,18 @@ else } // Pro phone - print ''; + print ''; // Personal phone - print ''; + print ''; // Mobile phone - print ''; + print ''; if (!empty($conf->socialnetworks->enabled)) { foreach ($socialnetworks as $key => $value) { if (!$value['active']) break; - print ''; + print ''; } } @@ -1304,7 +1301,7 @@ else // Public profil print "\n"; // Categories diff --git a/htdocs/product/card.php b/htdocs/product/card.php index ad793f4f7d3..59f2eb13170 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -193,7 +193,7 @@ if (empty($reshook)) { $error = 0; - if (!GETPOST('label')) + if (!GETPOST('label', 'alphanohtml')) { setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentities('Label')), null, 'errors'); $action = "create"; @@ -217,8 +217,8 @@ if (empty($reshook)) $units = GETPOST('units', 'int'); $object->ref = $ref; - $object->label = GETPOST('label'); - $object->price_base_type = GETPOST('price_base_type'); + $object->label = GETPOST('label', 'alphanohtml'); + $object->price_base_type = GETPOST('price_base_type', 'aZ09'); if ($object->price_base_type == 'TTC') $object->price_ttc = GETPOST('price'); @@ -293,7 +293,7 @@ if (empty($reshook)) $object->url = GETPOST('url'); $object->note_private = dol_htmlcleanlastbr(GETPOST('note_private', 'none')); $object->note = $object->note_private; // deprecated - $object->customcode = GETPOST('customcode', 'alpha'); + $object->customcode = GETPOST('customcode', 'alphanohtml'); $object->country_id = GETPOST('country_id', 'int'); $object->duration_value = $duration_value; $object->duration_unit = $duration_unit; @@ -394,7 +394,7 @@ if (empty($reshook)) $object->oldcopy = clone $object; $object->ref = $ref; - $object->label = GETPOST('label'); + $object->label = GETPOST('label', 'alphanohtml'); $object->description = dol_htmlcleanlastbr(GETPOST('desc', 'none')); $object->url = GETPOST('url'); if (!empty($conf->global->MAIN_DISABLE_NOTES_TAB)) @@ -975,7 +975,7 @@ else print ''; $tmpcode = ''; if (!empty($modCodeProduct->code_auto)) $tmpcode = $modCodeProduct->getNextValue($object, $type); - print ''; // Label - print ''; + print ''; // On sell print ''; @@ -1651,15 +1651,15 @@ else if (GETPOSTISSET('name')) { // We overwrite with values if posted - $object->name = GETPOST('name', 'alpha'); - $object->prefix_comm = GETPOST('prefix_comm', 'alpha'); + $object->name = GETPOST('name', 'alphanohtml'); + $object->prefix_comm = GETPOST('prefix_comm', 'alphanohtml'); $object->client = GETPOST('client', 'int'); $object->code_client = GETPOST('customer_code', 'alpha'); $object->fournisseur = GETPOST('fournisseur', 'int'); $object->code_fournisseur = GETPOST('supplier_code', 'alpha'); - $object->address = GETPOST('address', 'alpha'); - $object->zip = GETPOST('zipcode', 'alpha'); - $object->town = GETPOST('town', 'alpha'); + $object->address = GETPOST('address', 'alphanohtml'); + $object->zip = GETPOST('zipcode', 'alphanohtml'); + $object->town = GETPOST('town', 'alphanohtml'); $object->country_id = GETPOST('country_id') ?GETPOST('country_id', 'int') : $mysoc->country_id; $object->state_id = GETPOST('state_id', 'int'); //$object->skype = GETPOST('skype', 'alpha'); @@ -1678,21 +1678,21 @@ else $object->fax = GETPOST('fax', 'alpha'); $object->email = GETPOST('email', 'custom', 0, FILTER_SANITIZE_EMAIL); $object->url = GETPOST('url', 'custom', 0, FILTER_SANITIZE_URL); - $object->capital = GETPOST('capital', 'alpha'); - $object->idprof1 = GETPOST('idprof1', 'alpha'); - $object->idprof2 = GETPOST('idprof2', 'alpha'); - $object->idprof3 = GETPOST('idprof3', 'alpha'); - $object->idprof4 = GETPOST('idprof4', 'alpha'); - $object->idprof5 = GETPOST('idprof5', 'alpha'); - $object->idprof6 = GETPOST('idprof6', 'alpha'); + $object->capital = GETPOST('capital', 'alphanohtml'); + $object->idprof1 = GETPOST('idprof1', 'alphanohtml'); + $object->idprof2 = GETPOST('idprof2', 'alphanohtml'); + $object->idprof3 = GETPOST('idprof3', 'alphanohtml'); + $object->idprof4 = GETPOST('idprof4', 'alphanohtml'); + $object->idprof5 = GETPOST('idprof5', 'alphanohtml'); + $object->idprof6 = GETPOST('idprof6', 'alphanohtml'); $object->typent_id = GETPOST('typent_id', 'int'); $object->effectif_id = GETPOST('effectif_id', 'int'); - $object->barcode = GETPOST('barcode', 'alpha'); + $object->barcode = GETPOST('barcode', 'alphanohtml'); $object->forme_juridique_code = GETPOST('forme_juridique_code', 'int'); $object->default_lang = GETPOST('default_lang', 'alpha'); $object->tva_assuj = GETPOST('assujtva_value', 'int'); - $object->tva_intra = GETPOST('tva_intra', 'alpha'); + $object->tva_intra = GETPOST('tva_intra', 'alphanohtml'); $object->status = GETPOST('status', 'int'); // Webservices url/key diff --git a/htdocs/ticket/card.php b/htdocs/ticket/card.php index d59581fa914..64ad5de4906 100644 --- a/htdocs/ticket/card.php +++ b/htdocs/ticket/card.php @@ -129,11 +129,11 @@ if ($cancel) if (GETPOST('add', 'alpha') && $user->rights->ticket->write) { $error = 0; - if (!GETPOST("subject", 'alpha')) { + if (!GETPOST("subject", 'alphanohtml')) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Subject")), null, 'errors'); $action = 'create'; - } elseif (!GETPOST("message", 'alpha')) { + } elseif (!GETPOST("message", 'restricthtml')) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Message")), null, 'errors'); $action = 'create'; @@ -142,10 +142,10 @@ if (GETPOST('add', 'alpha') && $user->rights->ticket->write) { if (!$error) { $db->begin(); - $object->ref = GETPOST("ref", 'alpha'); + $object->ref = GETPOST("ref", 'alphanohtml'); $object->fk_soc = GETPOST("socid", 'int') > 0 ? GETPOST("socid", 'int') : 0; - $object->subject = GETPOST("subject", 'alpha'); - $object->message = GETPOST("message", 'none'); + $object->subject = GETPOST("subject", 'alphanohtml'); + $object->message = GETPOST("message", 'restricthtml'); $object->type_code = GETPOST("type_code", 'alpha'); $object->category_code = GETPOST("category_code", 'alpha'); @@ -274,7 +274,7 @@ if (GETPOST('update', 'alpha') && GETPOST('id', 'int') && $user->rights->ticket- $error++; array_push($object->errors, $langs->trans("ErrorFieldRequired", $langs->transnoentities("Label"))); $action = 'edit'; - } elseif (!GETPOST("subject")) { + } elseif (!GETPOST("subject", 'alphanohtml')) { $error++; array_push($object->errors, $langs->trans("ErrorFieldRequired", $langs->transnoentities("Subject"))); $action = 'edit'; @@ -284,7 +284,7 @@ if (GETPOST('update', 'alpha') && GETPOST('id', 'int') && $user->rights->ticket- $db->begin(); $object->label = GETPOST("label", 'alphanohtml'); - $object->description = GETPOST("description", 'none'); + $object->description = GETPOST("description", 'restricthtml'); //... $ret = $object->update($user); @@ -459,7 +459,7 @@ if ($action == 'set_progression' && $user->rights->ticket->write) { if ($action == 'setsubject') { if ($object->fetch(GETPOST('id', 'int'))) { if ($action == 'setsubject') { - $object->subject = trim(GETPOST('subject', 'alpha')); + $object->subject = trim(GETPOST('subject', 'alphanohtml')); } if ($action == 'setsubject' && empty($object->subject)) { @@ -512,7 +512,7 @@ elseif ($action == 'setcontract' && $user->rights->ticket->write) { if (!GETPOST('cancel')) { $object->fetch('', '', GETPOST('track_id', 'alpha')); $oldvalue_message = $object->message; - $fieldtomodify = GETPOST('message_initial'); + $fieldtomodify = GETPOST('message_initial', 'restricthtml'); $object->message = $fieldtomodify; $ret = $object->update($user); From 5dd9f4e4c4e8b5a950ecd20549b0825c4421415f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 6 Jun 2020 11:36:24 +0200 Subject: [PATCH 050/110] Fix travis false positive --- htdocs/install/mysql/migration/repair.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/install/mysql/migration/repair.sql b/htdocs/install/mysql/migration/repair.sql index 7977227caf5..28fe1697449 100644 --- a/htdocs/install/mysql/migration/repair.sql +++ b/htdocs/install/mysql/migration/repair.sql @@ -519,7 +519,7 @@ UPDATE llx_facturedet SET situation_percent = 100 WHERE situation_percent IS NUL -- update llx_societe set code_compta_fournisseur = concat('401', substr(code_fournisseur, 3, 2),substr(code_fournisseur, 8, 5)) where fournisseur in (1,2,3) and code_fournisseur is not null; --- To fix a table with error "ERROR 1118 (42000): Row size too large. The maximum row size for the used table type, not counting BLOBs, is 8126. This includes storage overhead, check the manual. You have to change some columns to TEXT or BLOBs" +-- To fix a table with error 'ERROR 1118 (42000): Row size too large. The maximum row size for the used table type, not counting BLOBs, is 8126. This includes storage overhead, check the manual. You have to change some columns to TEXT or BLOBs' --ALTER TABLE llx_tablename ROW_FORMAT=DYNAMIC; From cefc8dcca2fd4e5fda774b5bf54610e3fa801a51 Mon Sep 17 00:00:00 2001 From: Marc Guenneugues Date: Sat, 6 Jun 2020 11:39:49 +0200 Subject: [PATCH 051/110] replenish : select expedition quantities only from opened orders when using virtual stocks --- htdocs/product/stock/replenish.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php index feba2dbafcb..dbf07c92d01 100644 --- a/htdocs/product/stock/replenish.php +++ b/htdocs/product/stock/replenish.php @@ -376,8 +376,11 @@ if ($usevirtualstock) $sqlExpeditionsCli = "(SELECT ".$db->ifsql("SUM(ed2.qty) IS NULL", "0", "SUM(ed2.qty)")." as qty"; // We need the ifsql because if result is 0 for product p.rowid, we must return 0 and not NULL $sqlExpeditionsCli .= " FROM ".MAIN_DB_PREFIX."expedition as e2,"; $sqlExpeditionsCli .= " ".MAIN_DB_PREFIX."expeditiondet as ed2,"; + $sqlExpeditionsCli .= " ".MAIN_DB_PREFIX."commande as c2,"; $sqlExpeditionsCli .= " ".MAIN_DB_PREFIX."commandedet as cd2"; $sqlExpeditionsCli .= " WHERE ed2.fk_expedition = e2.rowid AND cd2.rowid = ed2.fk_origin_line AND e2.entity IN (".getEntity('expedition').")"; + $sqlExpeditionsCli .= " AND cd2.fk_commande = c2.rowid"; + $sqlExpeditionsCli .= " AND c2.fk_statut IN (1,2)"; $sqlExpeditionsCli .= " AND cd2.fk_product = p.rowid"; $sqlExpeditionsCli .= " AND e2.fk_statut IN (1,2))"; } else { From 30c6ae394b9d4d1bb6ce3c1405e91d94fba77bdb Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 6 Jun 2020 21:23:35 +0200 Subject: [PATCH 052/110] Update html.formticket.class.php --- htdocs/core/class/html.formticket.class.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/core/class/html.formticket.class.php b/htdocs/core/class/html.formticket.class.php index 72673abb323..7a6b4ec38a2 100644 --- a/htdocs/core/class/html.formticket.class.php +++ b/htdocs/core/class/html.formticket.class.php @@ -991,7 +991,9 @@ class FormTicket // MESSAGE $defaultmessage=""; - if ($arraydefaultmessage && $arraydefaultmessage->content) $defaultmessage = $arraydefaultmessage->content; + if (is_array($arraydefaultmessage) && count($arraydefaultmessage) > 0 && $arraydefaultmessage->content) { + $defaultmessage=$arraydefaultmessage->content; + } $defaultmessage=str_replace('\n', "\n", $defaultmessage); // Deal with format differences between message and signature (text / HTML) From a66926cf08491f2aa7fa668477ac150cedcff376 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 6 Jun 2020 21:30:08 +0200 Subject: [PATCH 053/110] Update commonobject.class.php --- htdocs/core/class/commonobject.class.php | 23 +++++------------------ 1 file changed, 5 insertions(+), 18 deletions(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 0747f1553f3..fec5ea35485 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -7970,7 +7970,8 @@ abstract class CommonObject } /** - * Delete all child object + * Delete all child object from a parent ID + * * @param int $parentId Parent Id * @param string $parentField Name of Foreign key parent column * @return int <0 if KO, >0 if OK @@ -7988,7 +7989,7 @@ abstract class CommonObject $sql = "SELECT rowid FROM " . MAIN_DB_PREFIX . $this->table_element; $sql .= ' WHERE '.$parentField.' = ' . $parentId; - dol_syslog(__METHOD__, LOG_DEBUG); + $resql = $this->db->query($sql); if (!$resql) { $this->errors[] = $this->db->lasterror(); @@ -8000,21 +8001,7 @@ abstract class CommonObject $error++; $this->errors[] = $this->error; } else { - $needUserParam = false; - if (class_exists('ReflectionMethod')) { - $method = new ReflectionMethod($this, 'delete'); - $argsMethod=$method->getParameters(); - if (is_array($argsMethod) && count($argsMethod)>0) { - if ($argsMethod[0]->name == 'user') { - $needUserParam = true; - } - } - } - if ($needUserParam) { - $result = $this->delete($user); - } else { - $result = $this->delete(); - } + $result = $this->delete($user); if ($result < 0) { $error++; $this->errors[] = $this->error; @@ -8029,7 +8016,7 @@ abstract class CommonObject $this->db->commit(); return $deleted; } else { - $this->error = implode(' ', $this->errors); + $this->error = implode(', ', $this->errors); $this->db->rollback(); return $error * -1; } From af440b7c49cdf3a098a7dc3a2239a4dc6520e4a2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 6 Jun 2020 21:32:25 +0200 Subject: [PATCH 054/110] Update societe.class.php --- htdocs/societe/class/societe.class.php | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 12280843b2a..0ad6ab22f23 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -1688,13 +1688,11 @@ class Societe extends CommonObject $filepath=$deleteFromObject[1]; $columnName=$deleteFromObject[2]; if (dol_include_once($filepath)) { - if (class_exists($className)) { - $child_object = new $className($this->db); - $result = $child_object->deleteByParentField($id, $columnName); - if ($result < 0) { - $error++; - $this->errors[] = $child_object->error; - } + $child_object = new $className($this->db); + $result = $child_object->deleteByParentField($id, $columnName); + if ($result < 0) { + $error++; + $this->errors[] = $child_object->error; } } else { $error++; From d9ac7ab9da8ab3d2632ceb3aa3c1a46a465e3836 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 6 Jun 2020 21:37:53 +0200 Subject: [PATCH 055/110] Update commonobject.class.php --- htdocs/core/class/commonobject.class.php | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index fec5ea35485..ffd5e53dccf 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -7892,35 +7892,37 @@ abstract class CommonObject } // Delete cascade first - if (!empty($this->childtablesoncascade)) { + if (is_array($this->childtablesoncascade)) { foreach ($this->childtablesoncascade as $table) { - $deleteFromObject=explode(':', $table); + $deleteFromObject = explode(':', $table); if (count($deleteFromObject)>=2) { - $className=str_replace('@', '', $deleteFromObject[0]); - $filePath=$deleteFromObject[1]; - $columnName=$deleteFromObject[2]; + $className = str_replace('@', '', $deleteFromObject[0]); + $filePath = $deleteFromObject[1]; + $columnName = $deleteFromObject[2]; if (dol_include_once($filePath)) { $childObject = new $className($this->db); - if (is_callable($childObject, 'deleteByParentField')) { + if (method_exists($childObject, 'deleteByParentField')) { $result = $childObject->deleteByParentField($this->id, $columnName); if ($result < 0) { + $error++; $this->errors[] = $childObject->error; - return -1; + break; } } } else { - $this->errors[] = 'Cannot find child class file ' .$filePath; - return -1; + $error++; + $this->errors[] = 'Cannot include child class file ' .$filePath; + break; } } else { $sql = 'DELETE FROM ' . MAIN_DB_PREFIX . $table . ' WHERE ' . $this->fk_element . ' = ' . $this->id; $resql = $this->db->query($sql); if (!$resql) { + $error++; $this->error = $this->db->lasterror(); $this->errors[] = $this->error; - $this->db->rollback(); - return -1; + break; } } } From 87806346c7079bb703a2da1f0fb5c62876bfc7f0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 6 Jun 2020 21:40:20 +0200 Subject: [PATCH 056/110] Update commonobject.class.php --- htdocs/core/class/commonobject.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index ffd5e53dccf..6634ccd7fcd 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -7990,7 +7990,7 @@ abstract class CommonObject $this->db->begin(); $sql = "SELECT rowid FROM " . MAIN_DB_PREFIX . $this->table_element; - $sql .= ' WHERE '.$parentField.' = ' . $parentId; + $sql .= ' WHERE '.$parentField.' = ' . (int) $parentId; $resql = $this->db->query($sql); if (!$resql) { From bb192195f19cd4d20d5cd3146f5f3f45f780ba2d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 6 Jun 2020 21:41:33 +0200 Subject: [PATCH 057/110] Update commonobject.class.php --- htdocs/core/class/commonobject.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 6634ccd7fcd..9f252879fda 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -7892,7 +7892,7 @@ abstract class CommonObject } // Delete cascade first - if (is_array($this->childtablesoncascade)) { + if (is_array($this->childtablesoncascade) && !empty($this->childtablesoncascade)) { foreach ($this->childtablesoncascade as $table) { $deleteFromObject = explode(':', $table); From 38d95aa5cdecf66b4757b2fe9fd66df0e57a6932 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 6 Jun 2020 21:45:53 +0200 Subject: [PATCH 058/110] Update societe.class.php --- htdocs/societe/class/societe.class.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 0ad6ab22f23..a37830b0ed9 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -1678,9 +1678,9 @@ class Societe extends CommonObject } } - foreach ($this->childtablesoncascade as $tabletodelete) + if (!$error) { - if (!$error) + foreach ($this->childtablesoncascade as $tabletodelete) { $deleteFromObject=explode(':', $tabletodelete); if (count($deleteFromObject)>=2) { @@ -1693,10 +1693,12 @@ class Societe extends CommonObject if ($result < 0) { $error++; $this->errors[] = $child_object->error; + break; } } else { $error++; - $this->errors[] = 'Cannot find child class file ' .$filepath; + $this->errors[] = 'Cannot include child class file ' .$filepath; + break; } } else { $sql = "DELETE FROM " . MAIN_DB_PREFIX . $tabletodelete; @@ -1704,6 +1706,7 @@ class Societe extends CommonObject if (!$this->db->query($sql)) { $error++; $this->errors[] = $this->db->lasterror(); + break; } } } From 261d0772f8812a3c7883e7ebf3dd880c36b4f26e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 6 Jun 2020 21:47:27 +0200 Subject: [PATCH 059/110] Update commonobject.class.php --- htdocs/core/class/commonobject.class.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 9f252879fda..9dba821c012 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -7909,7 +7909,11 @@ abstract class CommonObject $this->errors[] = $childObject->error; break; } - } + } else { + $error++; + $this->errors[] = "You defined a cascade delete on an object $childObject but there is no method deleteByParentField for it"; + break; + } } else { $error++; $this->errors[] = 'Cannot include child class file ' .$filePath; From 4169aa716cf2186e9bebec2602a497699de0f048 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 7 Jun 2020 00:23:20 +0200 Subject: [PATCH 060/110] FIX can install module even if (x) was appended during download. --- htdocs/admin/modules.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index 72eb8240c10..b11808a2365 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -118,6 +118,7 @@ if ($action == 'install') // $original_file should match format module_modulename-x.y[.z].zip $original_file = basename($_FILES["fileinstall"]["name"]); + $original_file = preg_replace('/\(\d+\)\.zip$/i', '.zip', $original_file); $newfile = $conf->admin->dir_temp.'/'.$original_file.'/'.$original_file; if (!$original_file) From 180a0a45572b038f4234ac336752d8ffb50a8b56 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 7 Jun 2020 18:30:46 +0200 Subject: [PATCH 061/110] Info for debug --- htdocs/compta/facture/class/facture.class.php | 5 +++-- htdocs/install/mysql/migration/repair.sql | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 1558b6cbfab..12d60b067fa 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -1584,7 +1584,8 @@ class Facture extends CommonInvoice } /** - * Fetch previous and next situations invoices + * Fetch previous and next situations invoices. + * Return all previous and next invoices (both standard and credit notes). * * @return void */ @@ -1595,7 +1596,7 @@ class Facture extends CommonInvoice $this->tab_previous_situation_invoice = array(); $this->tab_next_situation_invoice = array(); - $sql = 'SELECT rowid, situation_counter FROM '.MAIN_DB_PREFIX.'facture WHERE rowid <> '.$this->id.' AND entity = '.$conf->entity.' AND situation_cycle_ref = '.(int) $this->situation_cycle_ref.' ORDER BY situation_counter ASC'; + $sql = 'SELECT rowid, type, situation_cycle_ref, situation_counter FROM '.MAIN_DB_PREFIX.'facture WHERE rowid <> '.$this->id.' AND entity = '.$conf->entity.' AND situation_cycle_ref = '.(int) $this->situation_cycle_ref.' ORDER BY situation_counter ASC'; dol_syslog(get_class($this).'::fetchPreviousNextSituationInvoice ', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/install/mysql/migration/repair.sql b/htdocs/install/mysql/migration/repair.sql index fe0eaff767a..86c37198347 100755 --- a/htdocs/install/mysql/migration/repair.sql +++ b/htdocs/install/mysql/migration/repair.sql @@ -476,7 +476,7 @@ UPDATE llx_accounting_bookkeeping set date_creation = tms where date_creation IS -- Test inconsistency of data into situation invoices: If it differs, it may be the total_ht that is wrong and situation_percent that is good. --- select f.rowid, f.type, qty, subprice, situation_percent, total_ht, total_ttc, total_tva, multicurrency_total_ht, multicurrency_total_tva, multicurrency_total_ttc, (situation_percent / 100 * subprice * qty * (1 - (fd.remise_percent / 100))) +-- select f.rowid, f.type, fd.qty, fd.subprice, fd.situation_percent, fd.total_ht, fd.total_ttc, fd.total_tva, fd.multicurrency_total_ht, fd.multicurrency_total_tva, fd.multicurrency_total_ttc, (situation_percent / 100 * subprice * qty * (1 - (fd.remise_percent / 100))) -- from llx_facturedet as fd, llx_facture as f where fd.fk_facture = f.rowid AND (total_ht - situation_percent / 100 * subprice * qty * (1 - (fd.remise_percent / 100))) > 0.01 and f.type = 5; From 4020d9736206f97ed880fb4737623da5bc87f561 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 7 Jun 2020 18:36:58 +0200 Subject: [PATCH 062/110] FIX Can create a credit note on situation invoice if previous is also credit note --- htdocs/compta/facture/card.php | 63 +++++++++++++++++++++++++++------- 1 file changed, 50 insertions(+), 13 deletions(-) diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index b97d22631a1..a134afba603 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -990,6 +990,11 @@ if (empty($reshook)) } $id = $object->create($user); + // NOTE: Pb with situation invoice + // NOTE: fields total on situation invoice are stored as cumulative values on total of lines (bad) but delta on invoice total + // NOTE: fields total on credit note are stored as delta both on total of lines and on invoice total (good) + // NOTE: fields situation_percent on situation invoice are stored as cumulative values on lines (bad) + // NOTE: fields situation_percent on credit note are stored as delta on lines (good) if (GETPOST('invoiceAvoirWithLines', 'int')==1 && $id>0) { if (!empty($facture_source->lines)) @@ -1010,36 +1015,38 @@ if (empty($reshook)) } - - - if($facture_source->type == Facture::TYPE_SITUATION) + if ($facture_source->type == Facture::TYPE_SITUATION) { $source_fk_prev_id = $line->fk_prev_id; // temporary storing situation invoice fk_prev_id - $line->fk_prev_id = $line->id; // Credit note line need to be linked to the situation invoice it is create from + $line->fk_prev_id = $line->id; // The new line of the new credit note we are creating must be linked to the situation invoice line it is created from - if(!empty($facture_source->tab_previous_situation_invoice)) + if (!empty($facture_source->tab_previous_situation_invoice)) { - // search the last invoice in cycle - $lineIndex = count($facture_source->tab_previous_situation_invoice) - 1; + // search the last standard invoice in cycle and the possible credit note between this last and facture_source + // TODO Move this out of loop of $facture_source->lines + $tab_jumped_credit_notes = array(); + $lineIndex = count($facture_source->tab_previous_situation_invoice) - 1; $searchPreviousInvoice = true; - while( $searchPreviousInvoice ) + while ($searchPreviousInvoice) { - if($facture_source->tab_previous_situation_invoice[$lineIndex]->type == Facture::TYPE_SITUATION || $lineIndex < 1) + if ($facture_source->tab_previous_situation_invoice[$lineIndex]->type == Facture::TYPE_SITUATION || $lineIndex < 1) { $searchPreviousInvoice=false; // find, exit; break; } else { + if ($facture_source->tab_previous_situation_invoice[$lineIndex]->type == Facture::TYPE_CREDIT_NOTE) { + $tab_jumped_credit_notes[$lineIndex] = $facture_source->tab_previous_situation_invoice[$lineIndex]->id; + } $lineIndex--; // go to previous invoice in cycle } } - $maxPrevSituationPercent = 0; - foreach($facture_source->tab_previous_situation_invoice[$lineIndex]->lines as $prevLine) + foreach ($facture_source->tab_previous_situation_invoice[$lineIndex]->lines as $prevLine) { - if($prevLine->id == $source_fk_prev_id) + if ($prevLine->id == $source_fk_prev_id) { $maxPrevSituationPercent = max($maxPrevSituationPercent, $prevLine->situation_percent); @@ -1059,6 +1066,36 @@ if (empty($reshook)) // prorata $line->situation_percent = $maxPrevSituationPercent - $line->situation_percent; + + //print 'New line based on invoice id '.$facture_source->tab_previous_situation_invoice[$lineIndex]->id.' fk_prev_id='.$source_fk_prev_id.' will be fk_prev_id='.$line->fk_prev_id.' '.$line->total_ht.' '.$line->situation_percent.'
'; + + // If there is some credit note between last situation invoice and invoice used for credit note generation (note: credit notes are stored as delta) + $maxPrevSituationPercent = 0; + foreach ($tab_jumped_credit_notes as $index => $creditnoteid) { + foreach ($facture_source->tab_previous_situation_invoice[$index]->lines as $prevLine) + { + if ($prevLine->fk_prev_id == $source_fk_prev_id) + { + $maxPrevSituationPercent = $prevLine->situation_percent; + + $line->total_ht -= $prevLine->total_ht; + $line->total_tva -= $prevLine->total_tva; + $line->total_ttc -= $prevLine->total_ttc; + $line->total_localtax1 -= $prevLine->total_localtax1; + $line->total_localtax2 -= $prevLine->total_localtax2; + + $line->multicurrency_subprice -= $prevLine->multicurrency_subprice; + $line->multicurrency_total_ht -= $prevLine->multicurrency_total_ht; + $line->multicurrency_total_tva -= $prevLine->multicurrency_total_tva; + $line->multicurrency_total_ttc -= $prevLine->multicurrency_total_ttc; + } + } + } + + // prorata + $line->situation_percent += $maxPrevSituationPercent; + + //print 'New line based on invoice id '.$facture_source->tab_previous_situation_invoice[$lineIndex]->id.' fk_prev_id='.$source_fk_prev_id.' will be fk_prev_id='.$line->fk_prev_id.' '.$line->total_ht.' '.$line->situation_percent.'
'; } } @@ -1078,7 +1115,7 @@ if (empty($reshook)) $line->multicurrency_total_tva = -$line->multicurrency_total_tva; $line->multicurrency_total_ttc = -$line->multicurrency_total_ttc; - $result = $line->insert(0, 1); // When creating credit note with same lines than source, we must ignore error if discount alreayd linked + $result = $line->insert(0, 1); // When creating credit note with same lines than source, we must ignore error if discount already linked $object->lines[] = $line; // insert new line in current object From 7bba9db2f0c5fc514414e269e9c48f920a0189cf Mon Sep 17 00:00:00 2001 From: VESSILLER Date: Mon, 8 Jun 2020 11:28:05 +0200 Subject: [PATCH 063/110] FIX replace filter parameter "none" by "restricthtml" --- htdocs/takepos/admin/setup.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/takepos/admin/setup.php b/htdocs/takepos/admin/setup.php index e6db38716bc..e79faf17de0 100644 --- a/htdocs/takepos/admin/setup.php +++ b/htdocs/takepos/admin/setup.php @@ -74,8 +74,8 @@ if (GETPOST('action', 'alpha') == 'set') $res = dolibarr_set_const($db, "TAKEPOS_ORDER_PRINTERS", GETPOST('TAKEPOS_ORDER_PRINTERS', 'alpha'), 'chaine', 0, '', $conf->entity); $res = dolibarr_set_const($db, "TAKEPOS_ORDER_NOTES", GETPOST('TAKEPOS_ORDER_NOTES', 'alpha'), 'chaine', 0, '', $conf->entity); $res = dolibarr_set_const($db, "TAKEPOS_AUTO_PRINT_TICKETS", GETPOST('TAKEPOS_AUTO_PRINT_TICKETS', 'int'), 'int', 0, '', $conf->entity); - $res = dolibarr_set_const($db, "TAKEPOS_HEADER", GETPOST('TAKEPOS_HEADER', 'none'), 'chaine', 0, '', $conf->entity); - $res = dolibarr_set_const($db, "TAKEPOS_FOOTER", GETPOST('TAKEPOS_FOOTER', 'none'), 'chaine', 0, '', $conf->entity); + $res = dolibarr_set_const($db, "TAKEPOS_HEADER", GETPOST('TAKEPOS_HEADER', 'restricthtml'), 'chaine', 0, '', $conf->entity); + $res = dolibarr_set_const($db, "TAKEPOS_FOOTER", GETPOST('TAKEPOS_FOOTER', 'restricthtml'), 'chaine', 0, '', $conf->entity); $res = dolibarr_set_const($db, "TAKEPOS_NUMPAD", GETPOST('TAKEPOS_NUMPAD', 'alpha'), 'chaine', 0, '', $conf->entity); $res = dolibarr_set_const($db, "TAKEPOS_NUM_TERMINALS", GETPOST('TAKEPOS_NUM_TERMINALS', 'alpha'), 'chaine', 0, '', $conf->entity); From fd8f8ff4e191178b1849387a866e12941a2f7fd9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 8 Jun 2020 15:12:07 +0200 Subject: [PATCH 064/110] Error message --- htdocs/core/class/commonobject.class.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 9dba821c012..29e0de2ba23 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -3049,7 +3049,11 @@ abstract class CommonObject //print 'Line '.$i.' rowid='.$obj->rowid.' vat_rate='.$obj->vatrate.' total_ht='.$obj->total_ht.' total_tva='.$obj->total_tva.' total_ttc='.$obj->total_ttc.' total_ht_by_vats='.$total_ht_by_vats[$obj->vatrate].' total_tva_by_vats='.$total_tva_by_vats[$obj->vatrate].' (new calculation = '.$tmpvat.') total_ttc_by_vats='.$total_ttc_by_vats[$obj->vatrate].($diff?" => DIFF":"")."
\n"; if ($diff) { - if (abs($diff) > 0.1) { dol_syslog('A rounding difference was detected into TOTAL but is too high to be corrected', LOG_WARNING); exit; } + if (abs($diff) > 0.1) { + dol_syslog('A rounding difference was detected into TOTAL but is too high to be corrected', LOG_WARNING); + dol_print_error('', 'A rounding difference was detected into TOTAL but is too high to be corrected'); + exit; + } $sqlfix = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldtva." = ".($obj->total_tva - $diff).", total_ttc = ".($obj->total_ttc - $diff)." WHERE rowid = ".$obj->rowid; dol_syslog('We found a difference of '.$diff.' for line rowid = '.$obj->rowid.". We fix the total_vat and total_ttc of line by running sqlfix = ".$sqlfix); $resqlfix = $this->db->query($sqlfix); From 366f458b39edec2949ccb68c71bc8e75e98f607d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 8 Jun 2020 15:20:01 +0200 Subject: [PATCH 065/110] Show more info to help fix corrupted data --- htdocs/core/class/commonobject.class.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 29e0de2ba23..0f055d457ed 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -3050,8 +3050,9 @@ abstract class CommonObject if ($diff) { if (abs($diff) > 0.1) { - dol_syslog('A rounding difference was detected into TOTAL but is too high to be corrected', LOG_WARNING); - dol_print_error('', 'A rounding difference was detected into TOTAL but is too high to be corrected'); + $errmsg = 'A rounding difference was detected into TOTAL but is too high to be corrected. Some data in your line may be corrupted. Try to edit each line manually.'; + dol_syslog($errmsg, LOG_WARNING); + dol_print_error('', $errmsg); exit; } $sqlfix = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldtva." = ".($obj->total_tva - $diff).", total_ttc = ".($obj->total_ttc - $diff)." WHERE rowid = ".$obj->rowid; From 0a2099e0ac22763d9f3f23dba6df03f6b50be7a5 Mon Sep 17 00:00:00 2001 From: Florian Mortgat Date: Tue, 9 Jun 2020 14:22:32 +0200 Subject: [PATCH 066/110] FIX 10.0 - undefined $langs if template file copy fails during activation of modContrat --- htdocs/core/modules/modContrat.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/modules/modContrat.class.php b/htdocs/core/modules/modContrat.class.php index b3053cceae0..e29868e6994 100644 --- a/htdocs/core/modules/modContrat.class.php +++ b/htdocs/core/modules/modContrat.class.php @@ -214,7 +214,7 @@ class modContrat extends DolibarrModules */ public function init($options = '') { - global $conf; + global $conf, $langs; // Nettoyage avant activation $this->remove($options); From 1ac341e6519555d97d0c0a2f27d303a6ef8e96b3 Mon Sep 17 00:00:00 2001 From: "DEMAREST Maxime (Indelog)" Date: Tue, 9 Jun 2020 15:33:10 +0200 Subject: [PATCH 067/110] Fix undef func measuringUnitString() in From::select_produits_fournisseurs_list --- htdocs/core/class/html.form.class.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 13db485ec70..1e1bbdf58d2 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -2802,6 +2802,7 @@ class Form if ($result) { require_once DOL_DOCUMENT_ROOT.'/product/dynamic_price/class/price_parser.class.php'; + require_once DOL_DOCUMENT_ROOT.'/core/lib/product.lib.php'; $num = $this->db->num_rows($result); From 92b89437d1e334ebdc0475b4394e099dc34f669a Mon Sep 17 00:00:00 2001 From: gauthier Date: Tue, 9 Jun 2020 16:02:41 +0200 Subject: [PATCH 068/110] FIX : percent must be displayed on one line --- htdocs/core/modules/facture/doc/pdf_crabe.modules.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php index ed99a04fcc2..d3ffe96d4f5 100644 --- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php @@ -593,7 +593,7 @@ class pdf_crabe extends ModelePDFFactures { $progress = pdf_getlineprogress($object, $i, $outputlangs, $hidedetails); $pdf->SetXY($this->posxprogress, $curY); - $pdf->MultiCell($this->postotalht-$this->posxprogress-1, 3, $progress, 0, 'R'); + $pdf->MultiCell($this->postotalht-$this->posxprogress+1, 3, $progress, 0, 'R'); } // Total HT line From d19febc2ca56836269075f95568b10ea8aa3ad2d Mon Sep 17 00:00:00 2001 From: Florian Mortgat Date: Tue, 9 Jun 2020 17:34:24 +0200 Subject: [PATCH 069/110] FIX: missing translation value for key "NoMorePredefinedProductToDispatch" --- htdocs/langs/en_US/receptions.lang | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/langs/en_US/receptions.lang b/htdocs/langs/en_US/receptions.lang index 010a7521846..760ff884fa0 100644 --- a/htdocs/langs/en_US/receptions.lang +++ b/htdocs/langs/en_US/receptions.lang @@ -43,3 +43,5 @@ ProductQtyInSuppliersReceptionAlreadyRecevied=Product quantity from open supplie ValidateOrderFirstBeforeReception=You must first validate the order before being able to make receptions. ReceptionsNumberingModules=Numbering module for receptions ReceptionsReceiptModel=Document templates for receptions +NoMorePredefinedProductToDispatch=No more predefined products to dispatch + From 5bc80f8626d06adcf6a7eb1f225b86fd32214598 Mon Sep 17 00:00:00 2001 From: Florian Mortgat Date: Wed, 10 Jun 2020 16:22:48 +0200 Subject: [PATCH 070/110] FIX 11.0 - fatal with postgres because empty string literals are assigned to fields typed as integers as per UNION syntax --- htdocs/core/lib/company.lib.php | 2 +- htdocs/core/lib/ticket.lib.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 30a1b80c232..48a641e2fdc 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -1448,7 +1448,7 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin $langs->load("mails"); $sql2 = "SELECT m.rowid as id, m.titre as label, mc.date_envoi as dp, mc.date_envoi as dp2, '100' as percent, 'mailing' as type"; - $sql2 .= ", '' as fk_element, '' as elementtype, '' as contact_id"; + $sql2 .= ", null as fk_element, '' as elementtype, null as contact_id"; $sql2 .= ", 'AC_EMAILING' as acode, '' as alabel, '' as apicto"; $sql2 .= ", u.rowid as user_id, u.login as user_login, u.photo as user_photo, u.firstname as user_firstname, u.lastname as user_lastname"; // User that valid action if (is_object($filterobj) && get_class($filterobj) == 'Societe') $sql2 .= ", '' as lastname, '' as firstname"; diff --git a/htdocs/core/lib/ticket.lib.php b/htdocs/core/lib/ticket.lib.php index fe7fb4ba5a7..48b9a7d9089 100644 --- a/htdocs/core/lib/ticket.lib.php +++ b/htdocs/core/lib/ticket.lib.php @@ -427,7 +427,7 @@ function show_ticket_messaging($conf, $langs, $db, $filterobj, $objcon = '', $no $langs->load("mails"); $sql2 = "SELECT m.rowid as id, m.titre as label, mc.date_envoi as dp, mc.date_envoi as dp2, '100' as percent, 'mailing' as type"; - $sql2 .= ", '' as fk_element, '' as elementtype, '' as contact_id"; + $sql2 .= ", null as fk_element, '' as elementtype, null as contact_id"; $sql2 .= ", 'AC_EMAILING' as acode, '' as alabel, '' as apicto"; $sql2 .= ", u.rowid as user_id, u.login as user_login, u.photo as user_photo, u.firstname as user_firstname, u.lastname as user_lastname"; // User that valid action if (is_object($filterobj) && get_class($filterobj) == 'Societe') $sql2 .= ", '' as lastname, '' as firstname"; From 58ff96af30546bf37256c5daced837e89a7decf4 Mon Sep 17 00:00:00 2001 From: gauthier Date: Wed, 10 Jun 2020 16:48:02 +0200 Subject: [PATCH 071/110] FIX : $arraydefaultmessage is an object, as well as in /htdocs/core/class/html.formmail.class.php --- htdocs/core/class/html.formticket.class.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/htdocs/core/class/html.formticket.class.php b/htdocs/core/class/html.formticket.class.php index 7a6b4ec38a2..72673abb323 100644 --- a/htdocs/core/class/html.formticket.class.php +++ b/htdocs/core/class/html.formticket.class.php @@ -991,9 +991,7 @@ class FormTicket // MESSAGE $defaultmessage=""; - if (is_array($arraydefaultmessage) && count($arraydefaultmessage) > 0 && $arraydefaultmessage->content) { - $defaultmessage=$arraydefaultmessage->content; - } + if ($arraydefaultmessage && $arraydefaultmessage->content) $defaultmessage = $arraydefaultmessage->content; $defaultmessage=str_replace('\n', "\n", $defaultmessage); // Deal with format differences between message and signature (text / HTML) From 564b9df1e7a525edd6b0d5610bd39a770ed85e01 Mon Sep 17 00:00:00 2001 From: ATM john Date: Wed, 10 Jun 2020 17:01:57 +0200 Subject: [PATCH 072/110] Fix ticket file save --- htdocs/ticket/class/ticket.class.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index f112cdc7e4e..8ba9351d053 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -2455,8 +2455,9 @@ class Ticket extends CommonObject // If destination file already exists, we add a suffix to avoid to overwrite if (is_file($destfile)) { - $now = dol_now(); - $destfile .= '.'.dol_print_date($now, 'dayhourlog'); + $pathinfo = pathinfo($filename[$i]); + $now = dol_now(); + $destfile = $destdir.'/'.$pathinfo['filename'].' - '.dol_print_date($now, 'dayhourlog').'.'.$pathinfo['extension']; } $res = dol_move($filepath[$i], $destfile, 0, 1); From 997cb214f1536fd8dba5434486a35ded2abf95fb Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Thu, 11 Jun 2020 16:52:24 +0200 Subject: [PATCH 073/110] FIX avoid error "Call to undefined function measuringUnitString()" --- htdocs/fourn/facture/card.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index 948fd389b60..984e5ec6cf4 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -44,6 +44,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; if (!empty($conf->product->enabled)) { require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; + require_once DOL_DOCUMENT_ROOT.'/core/lib/product.lib.php'; } if (!empty($conf->projet->enabled)) { require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; From b36e658b20195e8797b52f1e25b60c584eb4e587 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 11 Jun 2020 22:58:58 +0200 Subject: [PATCH 074/110] Update html.formticket.class.php --- htdocs/core/class/html.formticket.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.formticket.class.php b/htdocs/core/class/html.formticket.class.php index 72673abb323..60574d12d3c 100644 --- a/htdocs/core/class/html.formticket.class.php +++ b/htdocs/core/class/html.formticket.class.php @@ -991,7 +991,7 @@ class FormTicket // MESSAGE $defaultmessage=""; - if ($arraydefaultmessage && $arraydefaultmessage->content) $defaultmessage = $arraydefaultmessage->content; + if (is_object($arraydefaultmessage) && $arraydefaultmessage->content) $defaultmessage = $arraydefaultmessage->content; $defaultmessage=str_replace('\n', "\n", $defaultmessage); // Deal with format differences between message and signature (text / HTML) From 1ba03566dc20ed6851371db10fe8ec1dd426ca87 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 12 Jun 2020 02:15:02 +0200 Subject: [PATCH 075/110] Fix case of delete contact not correctly implemented. --- htdocs/core/class/commonobject.class.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 0f055d457ed..e104b82642d 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -8012,7 +8012,11 @@ abstract class CommonObject $error++; $this->errors[] = $this->error; } else { - $result = $this->delete($user); + if (get_class($this) == 'Contact') { // TODO special code because delete() for contact has not been standardized like other delete. + $result = $this->delete(); + } else { + $result = $this->delete($user); + } if ($result < 0) { $error++; $this->errors[] = $this->error; From 40e16672e3aa4e9208ea7a4829f30507dcdfc4ba Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 15 Jun 2020 15:08:52 +0200 Subject: [PATCH 076/110] FIX BlindBoolean SQL injection reported by Christian Weiler --- htdocs/accountancy/customer/card.php | 4 ++-- htdocs/accountancy/expensereport/card.php | 4 ++-- htdocs/accountancy/supplier/card.php | 4 ++-- htdocs/comm/mailing/info.php | 2 +- htdocs/compta/paiement/info.php | 2 +- htdocs/variants/ajax/get_attribute_values.php | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/htdocs/accountancy/customer/card.php b/htdocs/accountancy/customer/card.php index 0a39fbc8254..591606a7e26 100644 --- a/htdocs/accountancy/customer/card.php +++ b/htdocs/accountancy/customer/card.php @@ -34,8 +34,8 @@ $action = GETPOST('action', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); -$codeventil = GETPOST('codeventil'); -$id = GETPOST('id'); +$codeventil = GETPOST('codeventil', 'int'); +$id = GETPOST('id', 'int'); // Security check if ($user->socid > 0) diff --git a/htdocs/accountancy/expensereport/card.php b/htdocs/accountancy/expensereport/card.php index 36d587e0c99..9d7c504354f 100644 --- a/htdocs/accountancy/expensereport/card.php +++ b/htdocs/accountancy/expensereport/card.php @@ -38,8 +38,8 @@ $action = GETPOST('action', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); -$codeventil = GETPOST('codeventil'); -$id = GETPOST('id'); +$codeventil = GETPOST('codeventil', 'int'); +$id = GETPOST('id', 'int'); // Security check if ($user->socid > 0) diff --git a/htdocs/accountancy/supplier/card.php b/htdocs/accountancy/supplier/card.php index 6140f90fe8d..699459ad63a 100644 --- a/htdocs/accountancy/supplier/card.php +++ b/htdocs/accountancy/supplier/card.php @@ -38,8 +38,8 @@ $action = GETPOST('action', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); -$codeventil = GETPOST('codeventil'); -$id = GETPOST('id'); +$codeventil = GETPOST('codeventil', 'int'); +$id = GETPOST('id', 'int'); // Security check if ($user->socid > 0) diff --git a/htdocs/comm/mailing/info.php b/htdocs/comm/mailing/info.php index 3dfe0c4264c..070d46f6104 100644 --- a/htdocs/comm/mailing/info.php +++ b/htdocs/comm/mailing/info.php @@ -27,7 +27,7 @@ require_once DOL_DOCUMENT_ROOT.'/comm/mailing/class/mailing.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/emailing.lib.php'; -$id = GETPOST('id'); +$id = GETPOST('id', 'int'); // Load translation files required by the page $langs->load("mails"); diff --git a/htdocs/compta/paiement/info.php b/htdocs/compta/paiement/info.php index 3da6a95a1e8..00c3440b868 100644 --- a/htdocs/compta/paiement/info.php +++ b/htdocs/compta/paiement/info.php @@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php'; // Load translation files required by the page $langs->loadLangs(array('bills', 'companies')); -$id = GETPOST('id'); +$id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'alpha'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/variants/ajax/get_attribute_values.php b/htdocs/variants/ajax/get_attribute_values.php index 866bac1ef78..ee45ad18b23 100644 --- a/htdocs/variants/ajax/get_attribute_values.php +++ b/htdocs/variants/ajax/get_attribute_values.php @@ -28,7 +28,7 @@ require_once DOL_DOCUMENT_ROOT.'/variants/class/ProductAttributeValue.class.php' header('Content-Type: application/json'); -$id = GETPOST('id'); +$id = GETPOST('id', 'int'); if (!$id) { print json_encode(array( From 18d5ec77509f489d7a7a8d77ccb8f96482fd0f31 Mon Sep 17 00:00:00 2001 From: Florian Mortgat Date: Tue, 16 Jun 2020 10:56:10 +0200 Subject: [PATCH 077/110] 11.0 - FIX - missing currency columns in supplier exports (copy-pasted from modFacture.class.php) --- htdocs/core/modules/modFournisseur.class.php | 24 ++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/htdocs/core/modules/modFournisseur.class.php b/htdocs/core/modules/modFournisseur.class.php index b8539ad41c1..316000293e7 100644 --- a/htdocs/core/modules/modFournisseur.class.php +++ b/htdocs/core/modules/modFournisseur.class.php @@ -297,6 +297,14 @@ class modFournisseur extends DolibarrModules 'p.ref'=>'ProductRef','p.label'=>'ProductLabel','p.accountancy_code_buy'=>'ProductAccountancyBuyCode','project.rowid'=>'ProjectId', 'project.ref'=>'ProjectRef','project.title'=>'ProjectLabel' ); + if (! empty($conf->multicurrency->enabled)) + { + $this->export_fields_array[$r]['f.multicurrency_code'] = 'Currency'; + $this->export_fields_array[$r]['f.multicurrency_tx'] = 'CurrencyRate'; + $this->export_fields_array[$r]['f.multicurrency_total_ht'] = 'MulticurrencyAmountHT'; + $this->export_fields_array[$r]['f.multicurrency_total_tva'] = 'MulticurrencyAmountVAT'; + $this->export_fields_array[$r]['f.multicurrency_total_ttc'] = 'MulticurrencyAmountTTC'; + } //$this->export_TypeFields_array[$r]=array( // 's.rowid'=>"List:societe:CompanyName",'s.nom'=>'Text','s.address'=>'Text','s.zip'=>'Text','s.town'=>'Text','c.code'=>'Text','s.phone'=>'Text','s.siren'=>'Text','s.siret'=>'Text', // 's.ape'=>'Text','s.idprof4'=>'Text','s.tva_intra'=>'Text','f.ref'=>"Text",'f.datec'=>"Date",'f.datef'=>"Date",'f.total_ht'=>"Numeric",'f.total_ttc'=>"Numeric",'f.total_tva'=>"Numeric", @@ -423,6 +431,14 @@ class modFournisseur extends DolibarrModules 'f.fk_statut'=>'InvoiceStatus','f.note_public'=>"InvoiceNote",'p.rowid'=>'PaymentId','pf.amount'=>'AmountPayment', 'p.datep'=>'DatePayment','p.num_paiement'=>'PaymentNumber','p.fk_bank'=>'IdTransaction','project.rowid'=>'ProjectId','project.ref'=>'ProjectRef','project.title'=>'ProjectLabel' ); + if (! empty($conf->multicurrency->enabled)) + { + $this->export_fields_array[$r]['f.multicurrency_code'] = 'Currency'; + $this->export_fields_array[$r]['f.multicurrency_tx'] = 'CurrencyRate'; + $this->export_fields_array[$r]['f.multicurrency_total_ht'] = 'MulticurrencyAmountHT'; + $this->export_fields_array[$r]['f.multicurrency_total_tva'] = 'MulticurrencyAmountVAT'; + $this->export_fields_array[$r]['f.multicurrency_total_ttc'] = 'MulticurrencyAmountTTC'; + } //$this->export_TypeFields_array[$r]=array( // 's.rowid'=>"List:societe:CompanyName",'s.nom'=>'Text','s.address'=>'Text','s.zip'=>'Text','s.town'=>'Text','c.code'=>'Text','s.phone'=>'Text', // 's.siren'=>'Text','s.siret'=>'Text','s.ape'=>'Text','s.idprof4'=>'Text','s.tva_intra'=>'Text','f.ref'=>"Text",'f.datec'=>"Date",'f.datef'=>"Date", @@ -508,6 +524,14 @@ class modFournisseur extends DolibarrModules 'fd.total_tva'=>"LineTotalVAT",'fd.product_type'=>'TypeOfLineServiceOrProduct','fd.ref'=>'RefSupplier','fd.fk_product'=>'ProductId', 'p.ref'=>'ProductRef','p.label'=>'ProductLabel','project.rowid'=>'ProjectId','project.ref'=>'ProjectRef','project.title'=>'ProjectLabel' ); + if (! empty($conf->multicurrency->enabled)) + { + $this->export_fields_array[$r]['f.multicurrency_code'] = 'Currency'; + $this->export_fields_array[$r]['f.multicurrency_tx'] = 'CurrencyRate'; + $this->export_fields_array[$r]['f.multicurrency_total_ht'] = 'MulticurrencyAmountHT'; + $this->export_fields_array[$r]['f.multicurrency_total_tva'] = 'MulticurrencyAmountVAT'; + $this->export_fields_array[$r]['f.multicurrency_total_ttc'] = 'MulticurrencyAmountTTC'; + } if (empty($conf->global->SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED)) { unset($this->export_fields_array['f.date_approve2']); From e50d23932254fa1f26772a9920dd1b3c4d81186c Mon Sep 17 00:00:00 2001 From: gauthier Date: Tue, 16 Jun 2020 11:40:01 +0200 Subject: [PATCH 078/110] FIX : force rounding 2 on export ld compta --- htdocs/accountancy/class/accountancyexport.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/accountancy/class/accountancyexport.class.php b/htdocs/accountancy/class/accountancyexport.class.php index 8ecef4cde05..e7ec48944e1 100644 --- a/htdocs/accountancy/class/accountancyexport.class.php +++ b/htdocs/accountancy/class/accountancyexport.class.php @@ -985,7 +985,7 @@ class AccountancyExport print $racine_subledger_account . $separator; // deprecated CPTG & CPTA use instead // MONT - print price(abs($line->montant), 0, '', 1, 2).$separator; + print price(abs($line->montant), 0, '', 1, 2, 2).$separator; // CODC print $line->sens.$separator; // CPTG From 3d69a1dc70687da340c373d5d340fbd28fe7cbc5 Mon Sep 17 00:00:00 2001 From: Florian Mortgat Date: Wed, 17 Jun 2020 11:06:31 +0200 Subject: [PATCH 079/110] FIX 11.0 - multicurrency amount not fetched when fetching payments from llx_paiement or llx_paiementfourn --- .../compta/paiement/class/paiement.class.php | 38 ++++++++++--------- htdocs/fourn/class/paiementfourn.class.php | 37 +++++++++--------- 2 files changed, 39 insertions(+), 36 deletions(-) diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index 71c8596e00a..7294274d26b 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -68,9 +68,10 @@ class Paiement extends CommonObject */ public $montant; - public $amount; // Total amount of payment - public $amounts=array(); // Array of amounts - public $multicurrency_amounts=array(); // Array of amounts + public $amount; // Total amount of payment (in the main currency) + public $multicurrency_amount; // Total amount of payment (in the currency of the bank account) + public $amounts=array(); // array: invoice ID => amount for that invoice (in the main currency)> + public $multicurrency_amounts=array(); // array: invoice ID => amount for that invoice (in the invoice's currency)> public $author; public $paiementid; // Type of payment. Id saved into fields fk_paiement on llx_paiement public $paiementcode; // Code of payment. @@ -159,7 +160,7 @@ class Paiement extends CommonObject */ public function fetch($id, $ref = '', $fk_bank = '') { - $sql = 'SELECT p.rowid, p.ref, p.datep as dp, p.amount, p.statut, p.ext_payment_id, p.ext_payment_site, p.fk_bank,'; + $sql = 'SELECT p.rowid, p.ref, p.datep as dp, p.amount, p.statut, p.ext_payment_id, p.ext_payment_site, p.fk_bank, p.multicurrency_amount,'; $sql.= ' c.code as type_code, c.libelle as type_label,'; $sql.= ' p.num_paiement as num_payment, p.note,'; $sql.= ' b.fk_account'; @@ -179,20 +180,21 @@ class Paiement extends CommonObject if ($this->db->num_rows($resql)) { $obj = $this->db->fetch_object($resql); - $this->id = $obj->rowid; - $this->ref = $obj->ref?$obj->ref:$obj->rowid; - $this->date = $this->db->jdate($obj->dp); - $this->datepaye = $this->db->jdate($obj->dp); - $this->num_paiement = $obj->num_payment; // deprecated - $this->num_payment = $obj->num_payment; - $this->montant = $obj->amount; // deprecated - $this->amount = $obj->amount; - $this->note = $obj->note; - $this->type_label = $obj->type_label; - $this->type_code = $obj->type_code; - $this->statut = $obj->statut; - $this->ext_payment_id = $obj->ext_payment_id; - $this->ext_payment_site = $obj->ext_payment_site; + $this->id = $obj->rowid; + $this->ref = $obj->ref?$obj->ref:$obj->rowid; + $this->date = $this->db->jdate($obj->dp); + $this->datepaye = $this->db->jdate($obj->dp); + $this->num_paiement = $obj->num_payment; // deprecated + $this->num_payment = $obj->num_payment; + $this->montant = $obj->amount; // deprecated + $this->amount = $obj->amount; + $this->multicurrency_amount = $obj->multicurrency_amount; + $this->note = $obj->note; + $this->type_label = $obj->type_label; + $this->type_code = $obj->type_code; + $this->statut = $obj->statut; + $this->ext_payment_id = $obj->ext_payment_id; + $this->ext_payment_site = $obj->ext_payment_site; $this->bank_account = $obj->fk_account; // deprecated $this->fk_account = $obj->fk_account; diff --git a/htdocs/fourn/class/paiementfourn.class.php b/htdocs/fourn/class/paiementfourn.class.php index b18b054a65b..f8f1c0735b6 100644 --- a/htdocs/fourn/class/paiementfourn.class.php +++ b/htdocs/fourn/class/paiementfourn.class.php @@ -89,7 +89,7 @@ class PaiementFourn extends Paiement { $error=0; - $sql = 'SELECT p.rowid, p.ref, p.entity, p.datep as dp, p.amount, p.statut, p.fk_bank,'; + $sql = 'SELECT p.rowid, p.ref, p.entity, p.datep as dp, p.amount, p.statut, p.fk_bank, p.multicurrency_amount,'; $sql.= ' c.code as paiement_code, c.libelle as paiement_type,'; $sql.= ' p.num_paiement as num_payment, p.note, b.fk_account'; $sql.= ' FROM '.MAIN_DB_PREFIX.'paiementfourn as p'; @@ -111,23 +111,24 @@ class PaiementFourn extends Paiement if ($num > 0) { $obj = $this->db->fetch_object($resql); - $this->id = $obj->rowid; - $this->ref = $obj->ref; - $this->entity = $obj->entity; - $this->date = $this->db->jdate($obj->dp); - $this->datepaye = $this->db->jdate($obj->dp); - $this->num_paiement = $obj->num_payment; - $this->num_payment = $obj->num_payment; - $this->bank_account = $obj->fk_account; - $this->fk_account = $obj->fk_account; - $this->bank_line = $obj->fk_bank; - $this->montant = $obj->amount; - $this->amount = $obj->amount; - $this->note = $obj->note; - $this->note_private = $obj->note; - $this->type_code = $obj->paiement_code; - $this->type_label = $obj->paiement_type; - $this->statut = $obj->statut; + $this->id = $obj->rowid; + $this->ref = $obj->ref; + $this->entity = $obj->entity; + $this->date = $this->db->jdate($obj->dp); + $this->datepaye = $this->db->jdate($obj->dp); + $this->num_paiement = $obj->num_payment; + $this->num_payment = $obj->num_payment; + $this->bank_account = $obj->fk_account; + $this->fk_account = $obj->fk_account; + $this->bank_line = $obj->fk_bank; + $this->montant = $obj->amount; + $this->amount = $obj->amount; + $this->multicurrency_amount = $obj->multicurrency_amount; + $this->note = $obj->note; + $this->note_private = $obj->note; + $this->type_code = $obj->paiement_code; + $this->type_label = $obj->paiement_type; + $this->statut = $obj->statut; $error = 1; } else From 6660923e94aac1bf5be7c4341cdec9906fe281bf Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 17 Jun 2020 13:29:43 +0200 Subject: [PATCH 080/110] FIX Privilege escalation reported by wizlynx WLX-2020-011 --- htdocs/core/lib/security.lib.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 0c8f6fceca5..7c4a10f3a18 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -277,9 +277,12 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f if (!$readok) accessforbidden(); //print "Read access is ok"; - // Check write permission from module (we need to know write permission to create but also to delete drafts record) + // Check write permission from module (we need to know write permission to create but also to delete drafts record or to upload files) $createok = 1; $nbko = 0; - if (GETPOST('action', 'aZ09') == 'create' || GETPOST('action', 'aZ09') == 'update' || ((GETPOST("action", "aZ09") == 'confirm_delete' && GETPOST("confirm", "aZ09") == 'yes') || GETPOST("action", "aZ09") == 'delete')) + $wemustcheckpermissionforcreate = (GETPOST('sendit', 'alpha') || GETPOST('linkit', 'alpha') || GETPOST('action', 'aZ09') == 'create' || GETPOST('action', 'aZ09') == 'update'); + $wemustcheckpermissionfordeletedraft = ((GETPOST("action", "aZ09") == 'confirm_delete' && GETPOST("confirm", "aZ09") == 'yes') || GETPOST("action", "aZ09") == 'delete'); + + if ($wemustcheckpermissionforcreate || $wemustcheckpermissionfordeletedraft) { foreach ($featuresarray as $feature) { @@ -341,7 +344,7 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f // If a or and at least one ok if (preg_match('/\|/', $features) && $nbko < count($featuresarray)) $createok = 1; - if ((GETPOST('action', 'aZ09') == 'create' || GETPOST('action', 'aZ09') == 'update') && !$createok) accessforbidden(); + if ($wemustcheckpermissionforcreate && !$createok) accessforbidden(); //print "Write access is ok"; } From 23df5596e8ae109cec601b8641a33a1f0361db9e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 17 Jun 2020 13:42:38 +0200 Subject: [PATCH 081/110] FIX vulenrability reported by wizlynx WLX-2020-012 --- htdocs/core/lib/functions.lib.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 37dbcbf5ded..f1ff8ee121b 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -8562,15 +8562,18 @@ function dolGetButtonTitle($label, $helpText = '', $iconClass = 'fa fa-file', $u /** * Return if a file can contains executable content * - * @param string $filename File NamedRange + * @param string $filename File name to test * @return boolean True if yes, False if no */ function isAFileWithExecutableContent($filename) { - if (preg_match('/\.(htm|html|js|php|php\d+|phtml|pl|py|cgi|ksh|sh|bash|bat|cmd|wpk|exe|dmg)$/i', $filename)) + if (preg_match('/\.(htm|html|js|phar|php|php\d+|phtml|pht|pl|py|cgi|ksh|sh|shtml|bash|bat|cmd|wpk|exe|dmg)$/i', $filename)) { return true; } + if (preg_match('/^\./', $filename)) { // We consider file starting with a . as dangerous as executable files. For example .htaccess, .xxx + return true; + } return false; } From 6d6abd43203eae86ebe4ee4f3103e86d88a4bd2c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 17 Jun 2020 14:45:15 +0200 Subject: [PATCH 082/110] FIX vulenrability reported by wizlynx WLX-2020-012 --- htdocs/core/actions_linkedfiles.inc.php | 6 ++++-- htdocs/core/lib/files.lib.php | 14 ++++++++++++-- htdocs/core/lib/functions.lib.php | 4 +--- htdocs/langs/en_US/errors.lang | 1 + 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/htdocs/core/actions_linkedfiles.inc.php b/htdocs/core/actions_linkedfiles.inc.php index 90c93f6177b..f0bd9ddce4e 100644 --- a/htdocs/core/actions_linkedfiles.inc.php +++ b/htdocs/core/actions_linkedfiles.inc.php @@ -209,8 +209,10 @@ elseif ($action == 'renamefile' && GETPOST('renamefilesave', 'alpha')) if (empty($reshook)) { - if (! file_exists($destpath)) - { + if (preg_match('/^\./', $filenameto)) { + $langs->load("errors"); // key must be loaded because we can't rely on loading during output, we need var substitution to be done now. + setEventMessages($langs->trans("ErrorFilenameCantStartWithDot", $filenameto), null, 'errors'); + } elseif (! file_exists($destpath)) { $result = dol_move($srcpath, $destpath); if ($result) { diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 6614b22e5ed..23b631bae53 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -324,11 +324,13 @@ function completeFileArrayWithDatabaseInfo(&$filearray, $relativedir) // Complete filearray with properties found into $filearrayindatabase foreach ($filearray as $key => $val) { + $tmpfilename = preg_replace('/\.noexe$/', '', $filearray[$key]['name']); + $found = 0; // Search if it exists into $filearrayindatabase foreach ($filearrayindatabase as $key2 => $val2) { - if ($filearrayindatabase[$key2]['name'] == $filearray[$key]['name']) + if ($filearrayindatabase[$key2]['name'] == $tmpfilename) { $filearray[$key]['position_name'] = ($filearrayindatabase[$key2]['position'] ? $filearrayindatabase[$key2]['position'] : '0').'_'.$filearrayindatabase[$key2]['name']; $filearray[$key]['position'] = $filearrayindatabase[$key2]['position']; @@ -349,7 +351,7 @@ function completeFileArrayWithDatabaseInfo(&$filearray, $relativedir) $filearray[$key]['acl'] = ''; $rel_filename = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $filearray[$key]['fullname']); - if (!preg_match('/([\\/]temp[\\/]|[\\/]thumbs|\.meta$)/', $rel_filetorenameafter)) // If not a tmp file + if (!preg_match('/([\\/]temp[\\/]|[\\/]thumbs|\.meta$)/', $rel_filename)) // If not a tmp file { dol_syslog("list_of_documents We found a file called '".$filearray[$key]['name']."' not indexed into database. We add it"); include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php'; @@ -1529,6 +1531,7 @@ function dol_add_file_process($upload_dir, $allowoverwrite = 0, $donotupdatesess if (!empty($_FILES[$varfiles])) // For view $_FILES[$varfiles]['error'] { dol_syslog('dol_add_file_process upload_dir='.$upload_dir.' allowoverwrite='.$allowoverwrite.' donotupdatesession='.$donotupdatesession.' savingdocmask='.$savingdocmask, LOG_DEBUG); + if (dol_mkdir($upload_dir) >= 0) { $TFile = $_FILES[$varfiles]; @@ -1554,6 +1557,13 @@ function dol_add_file_process($upload_dir, $allowoverwrite = 0, $donotupdatesess $destfile=preg_replace('/__file__/', $TFile['name'][$i], $savingdocmask); } + $filenameto = basename($destfile); + if (preg_match('/^\./', $filenameto)) { + $langs->load("errors"); // key must be loaded because we can't rely on loading during output, we need var substitution to be done now. + setEventMessages($langs->trans("ErrorFilenameCantStartWithDot", $filenameto), null, 'errors'); + break; + } + // dol_sanitizeFileName the file name and lowercase extension $info = pathinfo($destfull); $destfull = $info['dirname'].'/'.dol_sanitizeFileName($info['filename'].($info['extension']!='' ? ('.'.strtolower($info['extension'])) : '')); diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index f1ff8ee121b..69a31d73d31 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -8571,9 +8571,7 @@ function isAFileWithExecutableContent($filename) { return true; } - if (preg_match('/^\./', $filename)) { // We consider file starting with a . as dangerous as executable files. For example .htaccess, .xxx - return true; - } + return false; } diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index d145e75bad6..aac47df0d81 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -182,6 +182,7 @@ ErrorBadDefinitionOfMenuArrayInModuleDescriptor=Bad Definition Of Menu Array In ErrorSavingChanges=An error has occurred when saving the changes ErrorWarehouseRequiredIntoShipmentLine=Warehouse is required on the line to ship ErrorFileMustHaveFormat=File must have format %s +ErrorFilenameCantStartWithDot=Filename can't start with a '.' ErrorSupplierCountryIsNotDefined=Country for this vendor is not defined. Correct this first. ErrorsThirdpartyMerge=Failed to merge the two records. Request canceled. ErrorStockIsNotEnoughToAddProductOnOrder=Stock is not enough for product %s to add it into a new order. From de5a2d738bc8e5a68a5fcbc0e283842005d6647c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 17 Jun 2020 18:39:25 +0200 Subject: [PATCH 083/110] FIX #14001 --- htdocs/product/composition/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/composition/card.php b/htdocs/product/composition/card.php index f67910cbef4..1fbbe2ecefa 100644 --- a/htdocs/product/composition/card.php +++ b/htdocs/product/composition/card.php @@ -70,7 +70,7 @@ if ($cancel) $action =''; if ($action == 'add_prod' && ($user->rights->produit->creer || $user->rights->service->creer)) { $error=0; - var_dump(GETPOST("max_prod", 'int')); + for ($i=0; $i < GETPOST("max_prod", 'int'); $i++) { $qty = price2num(GETPOST("prod_qty_".$i, 'alpha'), 'MS'); From 2f7bb18e2b89c0bd637f5890a2942e8646e64d98 Mon Sep 17 00:00:00 2001 From: Mistral Oz - LWEP Date: Thu, 18 Jun 2020 20:56:46 +0200 Subject: [PATCH 084/110] Fix: Bug when delete payment when already deleted in account Related to : https://github.com/Dolibarr/dolibarr/blame/11.0/htdocs/compta/bank/class/account.class.php#L1976 Mistake between id / rowid. I prefere add the fix here (but a fix in account class can be also a good fix). And best fix may use setter to do it (but to complicated : maybe latter ? i may check it in september if you want in all CommonObject properties) --- htdocs/compta/paiement/class/paiement.class.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index 7294274d26b..64111a311b3 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -532,7 +532,10 @@ class Paiement extends CommonObject $accline = new AccountLine($this->db); $result=$accline->fetch($bank_line_id); - if ($result == 0) $accline->rowid=$bank_line_id; // If not found, we set artificially rowid to allow delete of llx_bank_url + if ($result == 0) + { + $accline->id=$accline->rowid=$bank_line_id; // If not found, we set artificially rowid to allow delete of llx_bank_url + } // Delete bank account url lines linked to payment $result=$accline->delete_urls($user); From 22ca5e067189bffe8066df26df923a386f044c08 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Jun 2020 00:39:27 +0200 Subject: [PATCH 085/110] Fix XSS reported by C. Weiler in notice.php --- htdocs/public/notice.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/htdocs/public/notice.php b/htdocs/public/notice.php index 43344c376aa..9663bff3cf0 100644 --- a/htdocs/public/notice.php +++ b/htdocs/public/notice.php @@ -41,9 +41,8 @@ if (! GETPOST('transkey', 'alphanohtml') && ! GETPOST('transphrase', 'alphanohtm } else { - $langs->load("error"); - $langs->load("other"); + $langs->loadLangs(array("error", "other")); - if (GETPOST('transphrase', 'alphanohtml')) print GETPOST('transphrase', 'alphanohtml'); - if (GETPOST('transkey', 'alphanohtml')) print $langs->trans(GETPOST('transkey', 'alphanohtml')); + if (GETPOST('transphrase', 'alphanohtml')) print dol_escape_htmltag(GETPOST('transphrase', 'alphanohtml')); + elseif (GETPOST('transkey', 'alphanohtml')) print dol_escape_htmltag($langs->trans(GETPOST('transkey', 'alphanohtml'))); } From 15af3d68fccdc3ce9f6e63df84961fdda72ff22e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Jun 2020 14:50:33 +0200 Subject: [PATCH 086/110] FIX #13877 --- htdocs/compta/facture/card.php | 16 ++++++++++++---- htdocs/langs/en_US/errors.lang | 2 +- htdocs/langs/fr_FR/errors.lang | 2 +- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 41e2fcd38b8..bf7644a345c 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -319,15 +319,23 @@ if (empty($reshook)) if (($tmp_total_ht < 0 || $tmp_total_ht_devise < 0) && empty($conf->global->FACTURE_ENABLE_NEGATIVE_LINES)) { - $langs->load("errors"); if ($object->type == $object::TYPE_DEPOSIT) { + $langs->load("errors"); // Using negative lines on deposit lead to headach and blocking problems when you want to consume them. setEventMessages($langs->trans("ErrorLinesCantBeNegativeOnDeposits"), null, 'errors'); + $error++; + $action = ''; } else { - setEventMessages($langs->trans("ErrorLinesCantBeNegativeForOneVATRate"), null, 'errors'); + $tmpvatratetoshow = explode('_', $vatrate); + $tmpvatratetoshow[0] = round($tmpvatratetoshow[0], 2); + + if ($tmpvatratetoshow[0] != 0) { + $langs->load("errors"); + setEventMessages($langs->trans("ErrorLinesCantBeNegativeForOneVATRate", $tmpvatratetoshow[0]), null, 'errors'); + $error++; + $action = ''; + } } - $error++; - $action = ''; } } } diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index aac47df0d81..2055e24f556 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -118,7 +118,7 @@ ErrorLoginHasNoEmail=This user has no email address. Process aborted. ErrorBadValueForCode=Bad value for security code. Try again with new value... ErrorBothFieldCantBeNegative=Fields %s and %s can't be both negative ErrorFieldCantBeNegativeOnInvoice=Field %s cannot be negative on this type of invoice. If you need to add a discount line, just create the discount first (from field '%s' in thirdparty card) and apply it to the invoice. -ErrorLinesCantBeNegativeForOneVATRate=Total of lines can't be negative for a given VAT rate. +ErrorLinesCantBeNegativeForOneVATRate=Total of lines (net of tax) can't be negative for a given not null VAT rate (Found a negative total for VAT rate %s%%). ErrorLinesCantBeNegativeOnDeposits=Lines can't be negative in a deposit. You will face problems when you will need to consume the deposit in final invoice if you do so. ErrorQtyForCustomerInvoiceCantBeNegative=Quantity for line into customer invoices can't be negative ErrorWebServerUserHasNotPermission=User account %s used to execute web server has no permission for that diff --git a/htdocs/langs/fr_FR/errors.lang b/htdocs/langs/fr_FR/errors.lang index 6fdaed0fe48..021f08c51c4 100644 --- a/htdocs/langs/fr_FR/errors.lang +++ b/htdocs/langs/fr_FR/errors.lang @@ -119,7 +119,7 @@ ErrorLoginHasNoEmail=Cet utilisateur n'a pas d'email. Impossible de continuer. ErrorBadValueForCode=Mauvaise valeur saisie pour le code. Réessayez avec une nouvelle valeur... ErrorBothFieldCantBeNegative=Les champs %s et %s ne peuvent être tous deux négatifs ErrorFieldCantBeNegativeOnInvoice=Le champ %s ne peut pas être négatif sur ce type de facture. Si vous devez ajouter une ligne de remise, créez d'abord la remise (à partir du champ '%s' dans la fiche du tiers) et appliquez-la à la facture. -ErrorLinesCantBeNegativeForOneVATRate=Le total des lignes ne peut pas être négatif pour un taux de TVA donné. +ErrorLinesCantBeNegativeForOneVATRate=Le total des lignes (HT) ne peut pas être négatif pour un taux de TVA donné (Montant total négatif trouvé pour le taux %s%%). ErrorLinesCantBeNegativeOnDeposits=Les lignes ne peuvent pas être négatives dans un acompte. Si vous le faites, vous rencontrerez des problèmes lorsque vous devrez consommer l'acompte dans la facture finale. ErrorQtyForCustomerInvoiceCantBeNegative=La quantité d'une ligne ne peut pas être négative dans les factures clients ErrorWebServerUserHasNotPermission=Le compte d'exécution du serveur web %s n'a pas les permissions pour cela From da9c25348e01bbafd34ea70486a2e5badca78772 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 20 Jun 2020 12:15:48 +0200 Subject: [PATCH 087/110] Update paiement.class.php --- htdocs/compta/paiement/class/paiement.class.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index 64111a311b3..05d2fe0c08b 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -532,9 +532,8 @@ class Paiement extends CommonObject $accline = new AccountLine($this->db); $result=$accline->fetch($bank_line_id); - if ($result == 0) - { - $accline->id=$accline->rowid=$bank_line_id; // If not found, we set artificially rowid to allow delete of llx_bank_url + if ($result == 0) { + $accline->id = $accline->rowid = $bank_line_id; // If not found, we set artificially rowid to allow delete of llx_bank_url } // Delete bank account url lines linked to payment From 8c1af0fdb8c9216ff2dbb873830dc500a801d815 Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Wed, 24 Jun 2020 12:24:47 +0200 Subject: [PATCH 088/110] fix enbtoty on supplier order --- htdocs/fourn/class/fournisseur.commande.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 538af54fe23..4b42665199f 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -273,7 +273,7 @@ class CommandeFournisseur extends CommonOrder $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as p ON c.fk_mode_reglement = p.id"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_input_method as cm ON cm.rowid = c.fk_input_method"; $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON c.fk_incoterms = i.rowid'; - $sql.= " WHERE c.entity = ".$conf->entity; + $sql.= " WHERE c.entity IN (".getEntity('order_invoice').")"; if ($ref) $sql.= " AND c.ref='".$this->db->escape($ref)."'"; else $sql.= " AND c.rowid=".$id; From 77868ad2a366b2d46cb01ab372e89ac02df788d1 Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Wed, 24 Jun 2020 12:42:41 +0200 Subject: [PATCH 089/110] fix entity on supplier order --- htdocs/fourn/class/fournisseur.commande.class.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 2ad30a60b80..cc394804823 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -273,7 +273,7 @@ class CommandeFournisseur extends CommonOrder $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as p ON c.fk_mode_reglement = p.id"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_input_method as cm ON cm.rowid = c.fk_input_method"; $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON c.fk_incoterms = i.rowid'; - $sql.= " WHERE c.entity IN (".getEntity('order_invoice').")"; + $sql.= " WHERE c.entity IN (".getEntity('supplier_order').")"; if ($ref) $sql.= " AND c.ref='".$this->db->escape($ref)."'"; else $sql.= " AND c.rowid=".$id; @@ -528,6 +528,7 @@ class CommandeFournisseur extends CommonOrder $sql.= " fk_user_valid = ".$user->id; $sql.= " WHERE rowid = ".$this->id; $sql.= " AND fk_statut = ".self::STATUS_DRAFT; + $sql.= " AND entity IN (".getEntity('supplier_order').")"; $resql=$this->db->query($sql); if (! $resql) @@ -844,6 +845,7 @@ class CommandeFournisseur extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur SET billed = 1'; $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > '.self::STATUS_DRAFT; + $sql .= " AND entity IN (".getEntity('supplier_order').")"; if ($this->db->query($sql)) { if (! $error) From ccfe6f18fe0a06530dbe2d30e4eef6b262fb099f Mon Sep 17 00:00:00 2001 From: Florian Mortgat Date: Thu, 25 Jun 2020 16:01:27 +0200 Subject: [PATCH 090/110] FIX 10.0 - fatal with postgres backport of https://github.com/Dolibarr/dolibarr/pull/14064/files --- htdocs/core/lib/company.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 3cd302ebdbb..24dfa57f190 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -1349,7 +1349,7 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin $langs->load("mails"); $sql2 = "SELECT m.rowid as id, m.titre as label, mc.date_envoi as dp, mc.date_envoi as dp2, '100' as percent, 'mailing' as type"; - $sql2.= ", '' as fk_element, '' as elementtype, '' as contact_id"; + $sql2.= ", null as fk_element, '' as elementtype, null as contact_id"; $sql2.= ", 'AC_EMAILING' as acode, '' as alabel, '' as apicto"; $sql2.= ", u.rowid as user_id, u.login as user_login, u.photo as user_photo, u.firstname as user_firstname, u.lastname as user_lastname"; // User that valid action if (is_object($filterobj) && get_class($filterobj) == 'Societe') $sql2.= ", '' as lastname, '' as firstname"; From 858a751eef997d488bda47b4904d3735c9728cba Mon Sep 17 00:00:00 2001 From: gauthier Date: Fri, 26 Jun 2020 10:51:04 +0200 Subject: [PATCH 091/110] FIX : $_POST must be GETPOST --- htdocs/core/class/extrafields.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index 9400c64de85..48015547903 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -2103,7 +2103,7 @@ class ExtraFields if (in_array($key_type, array('date','datetime'))) { // Clean parameters - $value_key=dol_mktime($_POST[$keysuffix."options_".$key.$keyprefix."hour"], $_POST[$keysuffix."options_".$key.$keyprefix."min"], 0, $_POST[$keysuffix."options_".$key.$keyprefix."month"], $_POST[$keysuffix."options_".$key.$keyprefix."day"], $_POST[$keysuffix."options_".$key.$keyprefix."year"]); + $value_key=dol_mktime(GETPOST($keysuffix."options_".$key.$keyprefix."hour", 'int'), GETPOST($keysuffix."options_".$key.$keyprefix."min", 'int'), 0, GETPOST($keysuffix."options_".$key.$keyprefix."month", 'int'), GETPOST($keysuffix."options_".$key.$keyprefix."day", 'int'), GETPOST($keysuffix."options_".$key.$keyprefix."year", 'int')); } elseif (in_array($key_type, array('checkbox', 'chkbxlst'))) { From 8e324c36ff010fd1a94ab151c47ac0028a40f037 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Jun 2020 19:39:01 +0200 Subject: [PATCH 092/110] Prepare 11.0.5 --- htdocs/filefunc.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/filefunc.inc.php b/htdocs/filefunc.inc.php index 0352963b13e..2acaad4ec29 100644 --- a/htdocs/filefunc.inc.php +++ b/htdocs/filefunc.inc.php @@ -31,7 +31,7 @@ */ if (! defined('DOL_APPLICATION_TITLE')) define('DOL_APPLICATION_TITLE', 'Dolibarr'); -if (! defined('DOL_VERSION')) define('DOL_VERSION', '11.0.4'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c +if (! defined('DOL_VERSION')) define('DOL_VERSION', '11.0.5'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c if (! defined('EURO')) define('EURO', chr(128)); From 347667b3461f71ce86774deceaf3fabaefb41086 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Jun 2020 19:45:39 +0200 Subject: [PATCH 093/110] Prepare 11.0.5 --- ChangeLog | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/ChangeLog b/ChangeLog index 67cf9513a4a..3ea709eb7bf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,52 @@ English Dolibarr ChangeLog -------------------------------------------------------------- +***** ChangeLog for 11.0.4 compared to 11.0.3 ***** +FIX: $arraydefaultmessage is an object, as well as in /htdocs/core/class/html.formmail.class.php +FIX: 10.0 - pagination in prelevement/bons.php +FIX: 10.0 - undefined $langs if template file copy fails during activation of modContrat +FIX: 11.0 - fatal with postgres on contact/agenda.php +FIX: 11.0 - multicurrency amount not fetched when fetching payments from llx_paiement or llx_paiementfourn +FIX: 11.0 - when using pdftk as per hidden conf USE_PDFTK_FOR_PDF_CONCAT, check that the file exists before displaying a success message +FIX: #13841 +FIX: #13877 - Can validate invoice if there is a credit note with VAT 0% on an invoice with other lines with a VAT non 0% +FIX: #13968 +FIX: #14001 +FIX: #14002 +FIX: 9.0 - delete unused mandatory argument from migrate_clean_association: argument count mismatch causes a fatal error since php7 +FIX: 9.0 - fatal during migration from 3.1 using PHP 7 +FIX: Accountancy - Binding index - Add a filter on sql request for module Subtotal & Jalon +FIX: avoid error "Call to undefined function measuringUnitString()" +FIX: BlindBoolean SQL injection reported by Christian Weiler +FIX: Can create a credit note on situation invoice if previous is also +FIX: can install module even if (x) was appended during download. +FIX: copy value date of VariousPayment onto the new AccountLine +FIX: count of open day when date and start are not open should be 0 +FIX: Default bank account was not loaded for document generation. +FIX: Do not show stats panel if the user does not have permissions +FIX: Fix link of the button to create a credit note and fix the awareness of a error that happen when wo create a credit note +FIX: force rounding 2 on export ld compta +FIX: free text on cash desk +FIX: links into emails of notifications +FIX: missing file manifest.json.php +FIX: missing GetNomURL Hook in warehouse class +FIX: missing hook init + table class + $page not set +FIX: missing rollbacks on trigger bad return +FIX: missing translation value for key "NoMorePredefinedProductToDispatch" +FIX: percent must be displayed on one line +FIX: php error if multicompany disabled +FIX: Privilege escalation reported by wizlynx WLX-2020-011 +FIX: replace filter parameter "none" by "restricthtml" +FIX: Rounding Total TVA in "crabe" model pdf +FIX: Show ref_customer, amount on contract link object +FIX: Site ec.europa.eu has moved to https:// +FIX: Tickets mail models doesn't work +FIX: vulnerability reported by wizlynx WLX-2020-012 +FIX: We must only rename current bank receipt +FIX: when creating a VariousPayment, the value date is not copied onto the AccountLine that gets created at the same time, so the bank transaction's value date will be the payment date instead of the payment's value date +FIX: wrong url param +FIX: XSS using the renaming of .noexe files - reported by Nolan. + ***** ChangeLog for 11.0.4 compared to 11.0.3 ***** FIX: #13749 FIX: #7594 Expense report multi pagebreak From 0eac798674eacb44e725fa53423c35ea860acd02 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Jun 2020 19:47:03 +0200 Subject: [PATCH 094/110] Changelog --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 3ea709eb7bf..515a98f4180 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,7 +2,7 @@ English Dolibarr ChangeLog -------------------------------------------------------------- -***** ChangeLog for 11.0.4 compared to 11.0.3 ***** +***** ChangeLog for 11.0.5 compared to 11.0.4 ***** FIX: $arraydefaultmessage is an object, as well as in /htdocs/core/class/html.formmail.class.php FIX: 10.0 - pagination in prelevement/bons.php FIX: 10.0 - undefined $langs if template file copy fails during activation of modContrat From dfb7c3e194092f493d0b47d9debad29ffbfa5549 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 28 Jun 2020 21:14:49 +0200 Subject: [PATCH 095/110] Update fournisseur.commande.class.php --- htdocs/fourn/class/fournisseur.commande.class.php | 1 - 1 file changed, 1 deletion(-) diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index cc394804823..dd8cb1fe722 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -528,7 +528,6 @@ class CommandeFournisseur extends CommonOrder $sql.= " fk_user_valid = ".$user->id; $sql.= " WHERE rowid = ".$this->id; $sql.= " AND fk_statut = ".self::STATUS_DRAFT; - $sql.= " AND entity IN (".getEntity('supplier_order').")"; $resql=$this->db->query($sql); if (! $resql) From 960512acd9176be205b18dd0cbda9bd92f4caf5c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 28 Jun 2020 21:21:35 +0200 Subject: [PATCH 096/110] Update fournisseur.commande.class.php Action with filter on rowid does not need to have test on entity --- htdocs/fourn/class/fournisseur.commande.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index dd8cb1fe722..ef8d4b4d93f 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -844,7 +844,7 @@ class CommandeFournisseur extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur SET billed = 1'; $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > '.self::STATUS_DRAFT; - $sql .= " AND entity IN (".getEntity('supplier_order').")"; + if ($this->db->query($sql)) { if (! $error) From 6553c40bea8f467b58d79945e0b1b3bde74181d3 Mon Sep 17 00:00:00 2001 From: gauthier Date: Tue, 30 Jun 2020 11:23:55 +0200 Subject: [PATCH 097/110] FIX : create a deposit with amount using comma didn't work --- htdocs/compta/facture/card.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index ff7a1714757..a65d7f6ed81 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -1255,7 +1255,8 @@ if (empty($reshook)) if ($_POST['type'] == Facture::TYPE_DEPOSIT) { $typeamount = GETPOST('typedeposit', 'alpha'); - $valuedeposit = GETPOST('valuedeposit', 'int'); + $valuedeposit = GETPOST('valuedeposit'); + $valuedeposit = price2num($valuedeposit, 'MU'); $amountdeposit = array(); if (!empty($conf->global->MAIN_DEPOSIT_MULTI_TVA)) From 918e669c98755e896326380e3cfc5a3e45dbf03d Mon Sep 17 00:00:00 2001 From: lvessiller Date: Tue, 30 Jun 2020 16:33:18 +0200 Subject: [PATCH 098/110] FIX change selected fields on company card --- htdocs/societe/card.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index d277632c348..d2f27419e76 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -846,6 +846,11 @@ if (empty($reshook)) $id=$socid; $object->fetch($socid); + // Selection of new fields + if (!empty($conf->global->MAIN_DUPLICATE_CONTACTS_TAB_ON_MAIN_CARD) && (empty($conf->global->SOCIETE_DISABLE_CONTACTS) || !empty($conf->global->SOCIETE_ADDRESSES_MANAGEMENT))) { + include DOL_DOCUMENT_ROOT . '/core/actions_changeselectedfields.inc.php'; + } + // Actions to send emails $trigger_name='COMPANY_SENTBYMAIL'; $paramname='socid'; From 324c8e9b54930f2a0fc95e0cc8659a59f5fe2620 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 1 Jul 2020 17:00:52 +0200 Subject: [PATCH 099/110] FIX Use of office365 TLS with SMTPs method. Conflicts: htdocs/core/class/smtps.class.php --- htdocs/core/class/smtps.class.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/core/class/smtps.class.php b/htdocs/core/class/smtps.class.php index df7647b330c..9c071a36f23 100644 --- a/htdocs/core/class/smtps.class.php +++ b/htdocs/core/class/smtps.class.php @@ -428,7 +428,7 @@ class SMTPs $host=preg_replace('@ssl://@i', '', $host); // Remove prefix $host=preg_replace('@tls://@i', '', $host); // Remove prefix - if ($usetls) $host='tls://'.$host; + if ($usetls && ! empty($conf->global->MAIN_SMTPS_ADD_TLS_TO_HOST_FOR_HELO)) $host = 'tls://'.$host; $hosth = $host; @@ -568,6 +568,8 @@ class SMTPs $host=preg_replace('@ssl://@i', '', $host); // Remove prefix $host=preg_replace('@tls://@i', '', $host); // Remove prefix + if ($usetls && ! empty($conf->global->MAIN_SMTPS_ADD_TLS_TO_HOST_FOR_HELO)) $host = 'tls://'.$host; + $hosth = $host; if (! empty($conf->global->MAIL_SMTP_USE_FROM_FOR_HELO)) From d3c23428d5cf773172ebeb573c234c1f10a12cc1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 1 Jul 2020 17:00:52 +0200 Subject: [PATCH 100/110] FIX Use of office365 TLS with SMTPs method. Conflicts: htdocs/core/class/smtps.class.php --- htdocs/core/class/smtps.class.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/core/class/smtps.class.php b/htdocs/core/class/smtps.class.php index f978fd47fba..bce175b3872 100644 --- a/htdocs/core/class/smtps.class.php +++ b/htdocs/core/class/smtps.class.php @@ -428,7 +428,7 @@ class SMTPs $host=preg_replace('@ssl://@i', '', $host); // Remove prefix $host=preg_replace('@tls://@i', '', $host); // Remove prefix - if ($usetls) $host='tls://'.$host; + if ($usetls && ! empty($conf->global->MAIN_SMTPS_ADD_TLS_TO_HOST_FOR_HELO)) $host = 'tls://'.$host; $hosth = $host; @@ -555,6 +555,8 @@ class SMTPs $host=preg_replace('@ssl://@i', '', $host); // Remove prefix $host=preg_replace('@tls://@i', '', $host); // Remove prefix + if ($usetls && ! empty($conf->global->MAIN_SMTPS_ADD_TLS_TO_HOST_FOR_HELO)) $host = 'tls://'.$host; + $hosth = $host; if (! empty($conf->global->MAIL_SMTP_USE_FROM_FOR_HELO)) From 642e75c3dd29b03d7eaf71f21678f05d2f5521d1 Mon Sep 17 00:00:00 2001 From: quentin Date: Thu, 2 Jul 2020 11:34:59 +0200 Subject: [PATCH 101/110] FIX wrong origin --- htdocs/commande/class/commande.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index 54506a4a816..c92de067c8e 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -1014,7 +1014,7 @@ class Commande extends CommonOrder // Complete vat rate with code $vatrate = $line->tva_tx; if ($line->vat_src_code && !preg_match('/\(.*\)/', $vatrate)) $vatrate .= ' ('.$line->vat_src_code.')'; - + $origin = !empty($line->origin) ? $line->origin : $this->element; $result = $this->addline( $line->desc, $line->subprice, @@ -1039,7 +1039,7 @@ class Commande extends CommonOrder $line->label, $line->array_options, $line->fk_unit, - $this->element, + $origin, $line->id ); if ($result < 0) From 6c01cc16f8fc46667d55c5b5a7af619f48caa0a0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 3 Jul 2020 00:14:22 +0200 Subject: [PATCH 102/110] Update commande.class.php --- htdocs/commande/class/commande.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index c92de067c8e..e356a4d5936 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -1014,7 +1014,7 @@ class Commande extends CommonOrder // Complete vat rate with code $vatrate = $line->tva_tx; if ($line->vat_src_code && !preg_match('/\(.*\)/', $vatrate)) $vatrate .= ' ('.$line->vat_src_code.')'; - $origin = !empty($line->origin) ? $line->origin : $this->element; + $origin = (!empty($line->origin) ? $line->origin : $this->element); $result = $this->addline( $line->desc, $line->subprice, From 18fa4c41058a446ff57ec0c5a8cfcc10b083f1be Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 3 Jul 2020 00:38:31 +0200 Subject: [PATCH 103/110] Update card.php --- htdocs/compta/facture/card.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index a65d7f6ed81..336b39224f1 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -1255,8 +1255,7 @@ if (empty($reshook)) if ($_POST['type'] == Facture::TYPE_DEPOSIT) { $typeamount = GETPOST('typedeposit', 'alpha'); - $valuedeposit = GETPOST('valuedeposit'); - $valuedeposit = price2num($valuedeposit, 'MU'); + $valuedeposit = price2num(GETPOST('valuedeposit', 'alpha'), 'MU'); $amountdeposit = array(); if (!empty($conf->global->MAIN_DEPOSIT_MULTI_TVA)) From 466b7e84efbee9cebed5445e9aa58699bbde2a75 Mon Sep 17 00:00:00 2001 From: gauthier Date: Mon, 6 Jul 2020 09:58:44 +0200 Subject: [PATCH 104/110] FIX : soc filter doesn't work on task list --- htdocs/projet/tasks/list.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/projet/tasks/list.php b/htdocs/projet/tasks/list.php index b97710ba7b6..36c06cd97f2 100644 --- a/htdocs/projet/tasks/list.php +++ b/htdocs/projet/tasks/list.php @@ -58,6 +58,7 @@ $search_task_label=GETPOST('search_task_label'); $search_task_description=GETPOST('search_task_description'); $search_project_user=GETPOST('search_project_user'); $search_task_user=GETPOST('search_task_user'); +$search_societe=GETPOST('search_societe'); $mine = $_REQUEST['mode']=='mine' ? 1 : 0; if ($mine) { $search_task_user = $user->id; $mine = 0; } From 053a1a2230c2e90b01b58dd673fafe1a4839f865 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 6 Jul 2020 11:22:30 +0200 Subject: [PATCH 105/110] Fix duplicate code --- htdocs/compta/resultat/index.php | 67 +------------------------------- 1 file changed, 2 insertions(+), 65 deletions(-) diff --git a/htdocs/compta/resultat/index.php b/htdocs/compta/resultat/index.php index 887412bc6a4..8c223e3615a 100644 --- a/htdocs/compta/resultat/index.php +++ b/htdocs/compta/resultat/index.php @@ -499,7 +499,7 @@ elseif ($modecompta=="BOOKKEEPING") } /* - * Charges sociales non deductibles + * Social contributions */ $subtotal_ht = 0; @@ -524,7 +524,6 @@ if (! empty($conf->tax->enabled) && ($modecompta == 'CREANCES-DETTES' || $modeco $sql.= ", ".MAIN_DB_PREFIX."paiementcharge as p"; $sql.= " WHERE p.fk_charge = cs.rowid"; $sql.= " AND cs.fk_type = c.id"; - $sql.= " AND c.deductible = 0"; if (! empty($date_start) && ! empty($date_end)) $sql.= " AND p.datep >= '".$db->idate($date_start)."' AND p.datep <= '".$db->idate($date_end)."'"; } @@ -560,68 +559,6 @@ elseif ($modecompta=="BOOKKEEPING") } -/* - * Charges sociales deductibles - */ - -$subtotal_ht = 0; -$subtotal_ttc = 0; -if (! empty($conf->tax->enabled) && ($modecompta == 'CREANCES-DETTES' || $modecompta=="RECETTES-DEPENSES")) -{ - if ($modecompta == 'CREANCES-DETTES') - { - $sql = "SELECT c.libelle as nom, date_format(cs.date_ech,'%Y-%m') as dm, sum(cs.amount) as amount"; - $sql.= " FROM ".MAIN_DB_PREFIX."c_chargesociales as c"; - $sql.= ", ".MAIN_DB_PREFIX."chargesociales as cs"; - $sql.= " WHERE cs.fk_type = c.id"; - $sql.= " AND c.deductible = 1"; - if (! empty($date_start) && ! empty($date_end)) - $sql.= " AND cs.date_ech >= '".$db->idate($date_start)."' AND cs.date_ech <= '".$db->idate($date_end)."'"; - } - elseif ($modecompta=="RECETTES-DEPENSES") - { - $sql = "SELECT c.libelle as nom, date_format(p.datep,'%Y-%m') as dm, sum(p.amount) as amount"; - $sql.= " FROM ".MAIN_DB_PREFIX."c_chargesociales as c"; - $sql.= ", ".MAIN_DB_PREFIX."chargesociales as cs"; - $sql.= ", ".MAIN_DB_PREFIX."paiementcharge as p"; - $sql.= " WHERE p.fk_charge = cs.rowid"; - $sql.= " AND cs.fk_type = c.id"; - $sql.= " AND c.deductible = 1"; - if (! empty($date_start) && ! empty($date_end)) - $sql.= " AND p.datep >= '".$db->idate($date_start)."' AND p.datep <= '".$db->idate($date_end)."'"; - } - - $sql.= " AND cs.entity = ".$conf->entity; - $sql.= " GROUP BY c.libelle, dm"; - - dol_syslog("get social contributions paid deductible=1", LOG_DEBUG); - $result=$db->query($sql); - if ($result) { - $num = $db->num_rows($result); - $i = 0; - if ($num) { - while ($i < $num) { - $obj = $db->fetch_object($result); - - if (! isset($decaiss[$obj->dm])) $decaiss[$obj->dm]=0; - $decaiss[$obj->dm] += $obj->amount; - - if (! isset($decaiss_ttc[$obj->dm])) $decaiss_ttc[$obj->dm]=0; - $decaiss_ttc[$obj->dm] += $obj->amount; - - $i++; - } - } - } else { - dol_print_error($db); - } -} -elseif ($modecompta=="BOOKKEEPING") -{ - // Nothing from this table -} - - /* * Salaries */ @@ -734,7 +671,7 @@ elseif ($modecompta == 'BOOKKEEPING') { /* - * Donation get dunning paiement + * Donation get dunning payments */ if (! empty($conf->don->enabled) && ($modecompta == 'CREANCES-DETTES' || $modecompta=="RECETTES-DEPENSES")) From 2629a98851bc0405e74de669fba17bc38effcb87 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 6 Jul 2020 11:31:05 +0200 Subject: [PATCH 106/110] Fix regression --- htdocs/compta/resultat/index.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/htdocs/compta/resultat/index.php b/htdocs/compta/resultat/index.php index 8c223e3615a..48ededa29bc 100644 --- a/htdocs/compta/resultat/index.php +++ b/htdocs/compta/resultat/index.php @@ -512,7 +512,6 @@ if (! empty($conf->tax->enabled) && ($modecompta == 'CREANCES-DETTES' || $modeco $sql.= " FROM ".MAIN_DB_PREFIX."c_chargesociales as c"; $sql.= ", ".MAIN_DB_PREFIX."chargesociales as cs"; $sql.= " WHERE cs.fk_type = c.id"; - $sql.= " AND c.deductible = 0"; if (! empty($date_start) && ! empty($date_end)) $sql.= " AND cs.date_ech >= '".$db->idate($date_start)."' AND cs.date_ech <= '".$db->idate($date_end)."'"; } @@ -531,7 +530,7 @@ if (! empty($conf->tax->enabled) && ($modecompta == 'CREANCES-DETTES' || $modeco $sql.= " AND cs.entity = ".$conf->entity; $sql.= " GROUP BY c.libelle, dm"; - dol_syslog("get social contributions deductible=0 ", LOG_DEBUG); + dol_syslog("get social contributions", LOG_DEBUG); $result=$db->query($sql); if ($result) { $num = $db->num_rows($result); From 25509e74d3b443ee8751fa66606cdaff2e0f143a Mon Sep 17 00:00:00 2001 From: gauthier Date: Thu, 9 Jul 2020 17:27:14 +0200 Subject: [PATCH 107/110] FIX : order by amount ht uses wrong column --- htdocs/product/stats/facture.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/stats/facture.php b/htdocs/product/stats/facture.php index 109332a1f98..2c38f74c03c 100644 --- a/htdocs/product/stats/facture.php +++ b/htdocs/product/stats/facture.php @@ -225,7 +225,7 @@ if ($id > 0 || ! empty($ref)) print_liste_field_titre("CustomerCode", $_SERVER["PHP_SELF"], "s.code_client", "", $option, '', $sortfield, $sortorder); print_liste_field_titre("DateInvoice", $_SERVER["PHP_SELF"], "f.datef", "", $option, 'align="center"', $sortfield, $sortorder); print_liste_field_titre("Qty", $_SERVER["PHP_SELF"], "d.qty", "", $option, 'align="center"', $sortfield, $sortorder); - print_liste_field_titre("AmountHT", $_SERVER["PHP_SELF"], "f.total", "", $option, 'align="right"', $sortfield, $sortorder); + print_liste_field_titre("AmountHT", $_SERVER["PHP_SELF"], "d.total_ht", "", $option, 'align="right"', $sortfield, $sortorder); print_liste_field_titre("Status", $_SERVER["PHP_SELF"], "f.paye,f.fk_statut", "", $option, 'align="right"', $sortfield, $sortorder); print "\n"; From fd955519404f0488df23e1f28b8ce2beb28ebd20 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 29 Jun 2020 18:07:51 +0200 Subject: [PATCH 108/110] Fix upload of file in import module Conflicts: htdocs/core/lib/security.lib.php --- htdocs/core/lib/security.lib.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 7c4a10f3a18..225dab1332c 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -309,6 +309,10 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f elseif ($feature == 'cheque') { if (!$user->rights->banque->cheque) { $createok = 0; $nbko++; } + } elseif ($feature == 'import') { + if (!$user->rights->import->run) { $createok = 0; $nbko++; } + } elseif ($feature == 'ecm') { + if (!$user->rights->ecm->upload) { $createok = 0; $nbko++; } } elseif (!empty($feature2)) // This is for permissions on one level { From 79a6246666567034845ce09afb6405cb0cc0b4c7 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 10 Jul 2020 05:13:24 +0200 Subject: [PATCH 109/110] FIX Fails to retraive accounting code of social contribution sometimes Conflicts: htdocs/accountancy/journal/bankjournal.php --- htdocs/accountancy/journal/bankjournal.php | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php index d849496d965..699bbf1eebc 100644 --- a/htdocs/accountancy/journal/bankjournal.php +++ b/htdocs/accountancy/journal/bankjournal.php @@ -254,7 +254,9 @@ if ($result) { } else { $tabpay[$obj->rowid]["lib"] = dol_trunc($obj->label, 60); } - $links = $object->get_url($obj->rowid); // Get an array('url'=>, 'url_id'=>, 'label'=>, 'type'=> 'fk_bank'=> ) + + // Load of url links to the line into llx_bank + $links = $object->get_url($obj->rowid); // Get an array('url'=>, 'url_id'=>, 'label'=>, 'type'=> 'fk_bank'=> ) //var_dump($i); //var_dump($tabpay); @@ -319,7 +321,8 @@ if ($result) { $chargestatic->id = $links[$key]['url_id']; $chargestatic->ref = $links[$key]['url_id']; - $tabpay[$obj->rowid]["lib"] .= ' ' . $chargestatic->getNomUrl(2); + $tabpay[$obj->rowid]["lib"] .= ' '.$chargestatic->getNomUrl(2); + $reg = array(); if (preg_match('/^\((.*)\)$/i', $links[$key]['label'], $reg)) { if ($reg[1] == 'socialcontribution') $reg[1] = 'SocialContribution'; @@ -331,12 +334,14 @@ if ($result) { $tabpay[$obj->rowid]["soclib"] = $chargestatic->getNomUrl(1, 30); $tabpay[$obj->rowid]["paymentscid"] = $chargestatic->id; + // Retreive the accounting code of the social contribution of the payment from link of payment. + // Note: We have the social contribution id, it can be faster to get accounting code from social contribution id. $sqlmid = 'SELECT cchgsoc.accountancy_code'; - $sqlmid .= " FROM " . MAIN_DB_PREFIX . "c_chargesociales cchgsoc "; - $sqlmid .= " INNER JOIN " . MAIN_DB_PREFIX . "chargesociales as chgsoc ON chgsoc.fk_type=cchgsoc.id"; - $sqlmid .= " INNER JOIN " . MAIN_DB_PREFIX . "paiementcharge as paycharg ON paycharg.fk_charge=chgsoc.rowid"; - $sqlmid .= " INNER JOIN " . MAIN_DB_PREFIX . "bank_url as bkurl ON bkurl.url_id=paycharg.rowid"; - $sqlmid .= " WHERE bkurl.fk_bank=" . $obj->rowid; + $sqlmid .= " FROM ".MAIN_DB_PREFIX."c_chargesociales cchgsoc"; + $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."chargesociales as chgsoc ON chgsoc.fk_type=cchgsoc.id"; + $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."paiementcharge as paycharg ON paycharg.fk_charge=chgsoc.rowid"; + $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."bank_url as bkurl ON bkurl.url_id=paycharg.rowid AND bkurl.type = 'payment_sc'"; + $sqlmid .= " WHERE bkurl.fk_bank=".$obj->rowid; dol_syslog("accountancy/journal/bankjournal.php:: sqlmid=" . $sqlmid, LOG_DEBUG); $resultmid = $db->query($sqlmid); From 071b909d38a626c9e3b28cfb24473789eae6933c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 10 Jul 2020 05:13:24 +0200 Subject: [PATCH 110/110] FIX Fails to retraive accounting code of social contribution sometimes Conflicts: htdocs/accountancy/journal/bankjournal.php --- htdocs/accountancy/journal/bankjournal.php | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php index d2ad7a0503e..070e58f5c0d 100644 --- a/htdocs/accountancy/journal/bankjournal.php +++ b/htdocs/accountancy/journal/bankjournal.php @@ -255,7 +255,9 @@ if ($result) { } else { $tabpay[$obj->rowid]["lib"] = dol_trunc($obj->label, 60); } - $links = $object->get_url($obj->rowid); // Get an array('url'=>, 'url_id'=>, 'label'=>, 'type'=> 'fk_bank'=> ) + + // Load of url links to the line into llx_bank + $links = $object->get_url($obj->rowid); // Get an array('url'=>, 'url_id'=>, 'label'=>, 'type'=> 'fk_bank'=> ) //var_dump($i); //var_dump($tabpay); @@ -322,7 +324,8 @@ if ($result) { $chargestatic->id = $links[$key]['url_id']; $chargestatic->ref = $links[$key]['url_id']; - $tabpay[$obj->rowid]["lib"] .= ' ' . $chargestatic->getNomUrl(2); + $tabpay[$obj->rowid]["lib"] .= ' '.$chargestatic->getNomUrl(2); + $reg = array(); if (preg_match('/^\((.*)\)$/i', $links[$key]['label'], $reg)) { if ($reg[1] == 'socialcontribution') $reg[1] = 'SocialContribution'; @@ -334,12 +337,14 @@ if ($result) { $tabpay[$obj->rowid]["soclib"] = $chargestatic->getNomUrl(1, 30); $tabpay[$obj->rowid]["paymentscid"] = $chargestatic->id; + // Retreive the accounting code of the social contribution of the payment from link of payment. + // Note: We have the social contribution id, it can be faster to get accounting code from social contribution id. $sqlmid = 'SELECT cchgsoc.accountancy_code'; - $sqlmid .= " FROM " . MAIN_DB_PREFIX . "c_chargesociales cchgsoc "; - $sqlmid .= " INNER JOIN " . MAIN_DB_PREFIX . "chargesociales as chgsoc ON chgsoc.fk_type=cchgsoc.id"; - $sqlmid .= " INNER JOIN " . MAIN_DB_PREFIX . "paiementcharge as paycharg ON paycharg.fk_charge=chgsoc.rowid"; - $sqlmid .= " INNER JOIN " . MAIN_DB_PREFIX . "bank_url as bkurl ON bkurl.url_id=paycharg.rowid"; - $sqlmid .= " WHERE bkurl.fk_bank=" . $obj->rowid; + $sqlmid .= " FROM ".MAIN_DB_PREFIX."c_chargesociales cchgsoc"; + $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."chargesociales as chgsoc ON chgsoc.fk_type=cchgsoc.id"; + $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."paiementcharge as paycharg ON paycharg.fk_charge=chgsoc.rowid"; + $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."bank_url as bkurl ON bkurl.url_id=paycharg.rowid AND bkurl.type = 'payment_sc'"; + $sqlmid .= " WHERE bkurl.fk_bank=".$obj->rowid; dol_syslog("accountancy/journal/bankjournal.php:: sqlmid=" . $sqlmid, LOG_DEBUG); $resultmid = $db->query($sqlmid);
'.$langs->trans("Company").'
'.$langs->trans("Company").'
'.$langs->trans("UserTitle").''; @@ -984,39 +981,39 @@ else print '
'.$langs->trans("Lastname").'
'.$langs->trans("Lastname").'
'.$langs->trans("Firstname").'
'.$langs->trans("Firstname").'
'.$langs->trans("Gender").''; $arraygender = array('man'=>$langs->trans("Genderman"), 'woman'=>$langs->trans("Genderwoman")); - print $form->selectarray('gender', $arraygender, GETPOST('gender'), 1); + print $form->selectarray('gender', $arraygender, GETPOST('gender', 'alphanohtml'), 1); print '
'.img_picto('', 'object_email').' '.($conf->global->ADHERENT_MAIL_REQUIRED ? '' : '').$langs->trans("EMail").($conf->global->ADHERENT_MAIL_REQUIRED ? '' : '').'
'.img_picto('', 'object_email').' '.($conf->global->ADHERENT_MAIL_REQUIRED ? '' : '').$langs->trans("EMail").($conf->global->ADHERENT_MAIL_REQUIRED ? '' : '').'
'.$langs->trans("Address").''; - print ''; + print ''; print '
'.$langs->trans("Zip").' / '.$langs->trans("Town").''; - print $formcompany->select_ziptown((GETPOST('zipcode', 'alphanohtml') ?GETPOST('zipcode', 'alphanohtml') : $object->zip), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6); + print $formcompany->select_ziptown((GETPOSTISSET('zipcode') ? GETPOST('zipcode', 'alphanohtml') : $object->zip), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6); print ' '; - print $formcompany->select_ziptown((GETPOST('town', 'alphanohtml') ?GETPOST('town', 'alphanohtml') : $object->town), 'town', array('zipcode', 'selectcountry_id', 'state_id')); + print $formcompany->select_ziptown((GETPOSTISSET('town') ? GETPOST('town', 'alphanohtml') : $object->town), 'town', array('zipcode', 'selectcountry_id', 'state_id')); print '
'.$langs->trans('Country').''; - print $form->select_country(GETPOST('country_id', 'alpha') ?GETPOST('country_id', 'alpha') : $object->country_id, 'country_id'); + print $form->select_country(GETPOSTISSET('country_id') ? GETPOST('country_id', 'alpha') : $object->country_id, 'country_id'); if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"), 1); print '
'.$langs->trans('State').''; if ($object->country_id) { - print $formcompany->select_state(GETPOST('state_id', 'int') ?GETPOST('state_id', 'int') : $object->state_id, $object->country_code); + print $formcompany->select_state(GETPOSTISSET('state_id') ? GETPOST('state_id', 'int') : $object->state_id, $object->country_code); } else { @@ -1036,18 +1033,18 @@ else } // Pro phone - print '
'.img_picto('', 'object_phoning').' '.$langs->trans("PhonePro").'
'.img_picto('', 'object_phoning').' '.$langs->trans("PhonePro").'
'.img_picto('', 'object_phoning').' '.$langs->trans("PhonePerso").'
'.img_picto('', 'object_phoning').' '.$langs->trans("PhonePerso").'
'.img_picto('', 'object_phoning_mobile').' '.$langs->trans("PhoneMobile").'
'.img_picto('', 'object_phoning_mobile').' '.$langs->trans("PhoneMobile").'
'.$langs->trans($value['label']).'
'.$langs->trans($value['label']).'
'.$langs->trans("MemberNature").''; - print $form->selectarray("morphy", $morphys, (GETPOSTISSET("morphy") ?GETPOST("morphy", 'alpha') : $object->morphy)); + print $form->selectarray("morphy", $morphys, (GETPOSTISSET("morphy") ? GETPOST("morphy", 'alpha') : $object->morphy)); print "
'.$langs->trans("Type").''; if ($user->rights->adherent->creer) { - print $form->selectarray("typeid", $adht->liste_array(), (GETPOSTISSET("typeid") ?GETPOST("typeid", 'int') : $object->typeid)); + print $form->selectarray("typeid", $adht->liste_array(), (GETPOSTISSET("typeid") ? GETPOST("typeid", 'int') : $object->typeid)); } else { @@ -1213,27 +1210,27 @@ else print "
'.$langs->trans("Company").'company).'">
'.$langs->trans("Company").'company).'">
'.$langs->trans("UserTitle").''; - print $formcompany->select_civility(isset($_POST["civility_id"]) ? $_POST["civility_id"] : $object->civility_id)."\n"; + print $formcompany->select_civility(GETPOSTISSET("civility_id") ? GETPOST("civility_id", 'alpha') : $object->civility_id)."\n"; print '
'.$langs->trans("Lastname").'lastname).'">
'.$langs->trans("Lastname").'lastname).'">
'.$langs->trans("Firstname").'firstname).'">
'.$langs->trans("Firstname").'firstname).'">
'.$langs->trans("Gender").''; $arraygender = array('man'=>$langs->trans("Genderman"), 'woman'=>$langs->trans("Genderwoman")); - print $form->selectarray('gender', $arraygender, GETPOST('gender') ?GETPOST('gender') : $object->gender, 1); + print $form->selectarray('gender', $arraygender, GETPOSTISSET('gender') ? GETPOST('gender', 'alphanohtml') : $object->gender, 1); print '
'.$langs->trans("Address").''; - print ''; + print ''; print '
'.$langs->trans("Zip").' / '.$langs->trans("Town").''; - print $formcompany->select_ziptown((isset($_POST["zipcode"]) ?GETPOST("zipcode", '', 2) : $object->zip), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6); + print $formcompany->select_ziptown((GETPOSTISSET("zipcode") ? GETPOST("zipcode", 'alphanohtml', 2) : $object->zip), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6); print ' '; - print $formcompany->select_ziptown((isset($_POST["town"]) ?GETPOST("town", '', 2) : $object->town), 'town', array('zipcode', 'selectcountry_id', 'state_id')); + print $formcompany->select_ziptown((GETPOSTISSET("town") ? GETPOST("town", 'alphanohtml', 2) : $object->town), 'town', array('zipcode', 'selectcountry_id', 'state_id')); print '
'.img_picto('', 'object_phoning').' '.$langs->trans("PhonePro").'phone).'">
'.img_picto('', 'object_phoning').' '.$langs->trans("PhonePro").'phone).'">
'.img_picto('', 'object_phoning').' '.$langs->trans("PhonePerso").'phone_perso).'">
'.img_picto('', 'object_phoning').' '.$langs->trans("PhonePerso").'phone_perso).'">
'.img_picto('', 'object_phoning_mobile').' '.$langs->trans("PhoneMobile").'phone_mobile).'">
'.img_picto('', 'object_phoning_mobile').' '.$langs->trans("PhoneMobile").'phone_mobile).'">
'.$langs->trans($value['label']).'
'.$langs->trans($value['label']).'
".$langs->trans("Public")."\n"; - print $form->selectyesno("public", (isset($_POST["public"]) ?GETPOST("public", '', 2) : $object->public), 1); + print $form->selectyesno("public", (GETPOSTISSET("public") ? GETPOST("public", 'alphanohtml', 2) : $object->public), 1); print "
'.$langs->trans("Ref").''; + print ''.$langs->trans("Ref").''; if ($refalreadyexists) { print $langs->trans("RefAlreadyExists"); @@ -983,7 +983,7 @@ else print '
'.$langs->trans("Label").'
'.$langs->trans("Label").'
'.$langs->trans("Status").' ('.$langs->trans("Sell").')'; diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index 9cc5febc2ca..2b4f0fc57af 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -390,23 +390,23 @@ if (empty($reshook)) if (GETPOST("private", 'int') == 1) // Ask to create a contact { - $object->particulier = GETPOST("private"); + $object->particulier = GETPOST("private", 'int'); - $object->name = dolGetFirstLastname(GETPOST('firstname', 'alpha'), GETPOST('name', 'alpha')); - $object->civility_id = GETPOST('civility_id'); // Note: civility id is a code, not an int + $object->name = dolGetFirstLastname(GETPOST('firstname', 'alphanohtml'), GETPOST('name', 'alphanohtml')); + $object->civility_id = GETPOST('civility_id', 'alphanohtml'); // Note: civility id is a code, not an int // Add non official properties - $object->name_bis = GETPOST('name', 'alpha'); - $object->firstname = GETPOST('firstname', 'alpha'); + $object->name_bis = GETPOST('name', 'alphanohtml'); + $object->firstname = GETPOST('firstname', 'alphanohtml'); } else { - $object->name = GETPOST('name', 'alpha'); + $object->name = GETPOST('name', 'alphanohtml'); } - $object->entity = (GETPOSTISSET('entity') ?GETPOST('entity', 'int') : $conf->entity); - $object->name_alias = GETPOST('name_alias'); - $object->address = GETPOST('address'); - $object->zip = GETPOST('zipcode', 'alpha'); - $object->town = GETPOST('town', 'alpha'); + $object->entity = (GETPOSTISSET('entity') ? GETPOST('entity', 'int') : $conf->entity); + $object->name_alias = GETPOST('name_alias', 'alphanohtml'); + $object->address = GETPOST('address', 'alphanohtml'); + $object->zip = GETPOST('zipcode', 'alphanohtml'); + $object->town = GETPOST('town', 'alphanohtml'); $object->country_id = GETPOST('country_id', 'int'); $object->state_id = GETPOST('state_id', 'int'); //$object->skype = GETPOST('skype', 'alpha'); @@ -425,19 +425,19 @@ if (empty($reshook)) $object->fax = GETPOST('fax', 'alpha'); $object->email = trim(GETPOST('email', 'custom', 0, FILTER_SANITIZE_EMAIL)); $object->url = trim(GETPOST('url', 'custom', 0, FILTER_SANITIZE_URL)); - $object->idprof1 = trim(GETPOST('idprof1', 'alpha')); - $object->idprof2 = trim(GETPOST('idprof2', 'alpha')); - $object->idprof3 = trim(GETPOST('idprof3', 'alpha')); - $object->idprof4 = trim(GETPOST('idprof4', 'alpha')); - $object->idprof5 = trim(GETPOST('idprof5', 'alpha')); - $object->idprof6 = trim(GETPOST('idprof6', 'alpha')); - $object->prefix_comm = GETPOST('prefix_comm', 'alpha'); + $object->idprof1 = trim(GETPOST('idprof1', 'alphanohtml')); + $object->idprof2 = trim(GETPOST('idprof2', 'alphanohtml')); + $object->idprof3 = trim(GETPOST('idprof3', 'alphanohtml')); + $object->idprof4 = trim(GETPOST('idprof4', 'alphanohtml')); + $object->idprof5 = trim(GETPOST('idprof5', 'alphanohtml')); + $object->idprof6 = trim(GETPOST('idprof6', 'alphanohtml')); + $object->prefix_comm = GETPOST('prefix_comm', 'alphanohtml'); $object->code_client = GETPOSTISSET('customer_code') ?GETPOST('customer_code', 'alpha') : GETPOST('code_client', 'alpha'); $object->code_fournisseur = GETPOSTISSET('supplier_code') ?GETPOST('supplier_code', 'alpha') : GETPOST('code_fournisseur', 'alpha'); - $object->capital = GETPOST('capital', 'alpha'); - $object->barcode = GETPOST('barcode', 'alpha'); + $object->capital = GETPOST('capital', 'alphanohtml'); + $object->barcode = GETPOST('barcode', 'alphanohtml'); - $object->tva_intra = GETPOST('tva_intra', 'alpha'); + $object->tva_intra = GETPOST('tva_intra', 'alphanohtml'); $object->tva_assuj = GETPOST('assujtva_value', 'alpha'); $object->status = GETPOST('status', 'alpha'); @@ -964,16 +964,16 @@ else if (GETPOST("type") == 'p') { $object->client = 2; } if (!empty($conf->fournisseur->enabled) && (GETPOST("type") == 'f' || (GETPOST("type") == '' && !empty($conf->global->THIRDPARTY_SUPPLIER_BY_DEFAULT)))) { $object->fournisseur = 1; } - $object->name = GETPOST('name', 'alpha'); - $object->name_alias = GETPOST('name_alias', 'alpha'); - $object->firstname = GETPOST('firstname', 'alpha'); + $object->name = GETPOST('name', 'alphanohtml'); + $object->name_alias = GETPOST('name_alias', 'alphanohtml'); + $object->firstname = GETPOST('firstname', 'alphanohtml'); $object->particulier = $private; - $object->prefix_comm = GETPOST('prefix_comm', 'alpha'); + $object->prefix_comm = GETPOST('prefix_comm', 'alphanohtml'); $object->client = GETPOST('client', 'int') ?GETPOST('client', 'int') : $object->client; if (empty($duplicate_code_error)) { $object->code_client = GETPOST('customer_code', 'alpha'); - $object->fournisseur = GETPOST('fournisseur') ?GETPOST('fournisseur') : $object->fournisseur; + $object->fournisseur = GETPOST('fournisseur') ? GETPOST('fournisseur', 'int') : $object->fournisseur; $object->code_fournisseur = GETPOST('supplier_code', 'alpha'); } else { @@ -981,9 +981,9 @@ else } - $object->address = GETPOST('address', 'alpha'); - $object->zip = GETPOST('zipcode', 'alpha'); - $object->town = GETPOST('town', 'alpha'); + $object->address = GETPOST('address', 'alphanohtml'); + $object->zip = GETPOST('zipcode', 'alphanohtml'); + $object->town = GETPOST('town', 'alphanohtml'); $object->state_id = GETPOST('state_id', 'int'); //$object->skype = GETPOST('skype', 'alpha'); //$object->twitter = GETPOST('twitter', 'alpha'); @@ -1001,14 +1001,14 @@ else $object->fax = GETPOST('fax', 'alpha'); $object->email = GETPOST('email', 'custom', 0, FILTER_SANITIZE_EMAIL); $object->url = GETPOST('url', 'custom', 0, FILTER_SANITIZE_URL); - $object->capital = GETPOST('capital', 'alpha'); - $object->barcode = GETPOST('barcode', 'alpha'); - $object->idprof1 = GETPOST('idprof1', 'alpha'); - $object->idprof2 = GETPOST('idprof2', 'alpha'); - $object->idprof3 = GETPOST('idprof3', 'alpha'); - $object->idprof4 = GETPOST('idprof4', 'alpha'); - $object->idprof5 = GETPOST('idprof5', 'alpha'); - $object->idprof6 = GETPOST('idprof6', 'alpha'); + $object->capital = GETPOST('capital', 'alphanohtml'); + $object->barcode = GETPOST('barcode', 'alphanohtml'); + $object->idprof1 = GETPOST('idprof1', 'alphanohtml'); + $object->idprof2 = GETPOST('idprof2', 'alphanohtml'); + $object->idprof3 = GETPOST('idprof3', 'alphanohtml'); + $object->idprof4 = GETPOST('idprof4', 'alphanohtml'); + $object->idprof5 = GETPOST('idprof5', 'alphanohtml'); + $object->idprof6 = GETPOST('idprof6', 'alphanohtml'); $object->typent_id = GETPOST('typent_id', 'int'); $object->effectif_id = GETPOST('effectif_id', 'int'); $object->civility_id = GETPOST('civility_id', 'alpha'); @@ -1023,7 +1023,7 @@ else $object->localtax1_value = GETPOST('lt1', 'int'); $object->localtax2_value = GETPOST('lt2', 'int'); - $object->tva_intra = GETPOST('tva_intra', 'alpha'); + $object->tva_intra = GETPOST('tva_intra', 'alphanohtml'); $object->commercial_id = GETPOST('commercial_id', 'int'); $object->default_lang = GETPOST('default_lang'); @@ -1252,7 +1252,7 @@ else print ''.$form->editfieldkey('Vendor', 'fournisseur', '', $object, 0, 'string', '', 1).''; $default = -1; if (!empty($conf->global->THIRDPARTY_SUPPLIER_BY_DEFAULT)) $default = 1; - print $form->selectyesno("fournisseur", (GETPOST('fournisseur', 'int') != '' ?GETPOST('fournisseur', 'int') : (GETPOST("type", 'alpha') == '' ? $default : $object->fournisseur)), 1, 0, (GETPOST("type", 'alpha') == '' ? 1 : 0)); + print $form->selectyesno("fournisseur", (GETPOST('fournisseur', 'int') != '' ? GETPOST('fournisseur', 'int') : (GETPOST("type", 'alpha') == '' ? $default : $object->fournisseur)), 1, 0, (GETPOST("type", 'alpha') == '' ? 1 : 0)); print '