FIX SQL syntax error and CSRF check on vat reports
This commit is contained in:
Laurent Destailleur
parent
0e62d315f2
commit
3f3282400a
@ -156,8 +156,6 @@ $title=$langs->trans("LT".$object->ltt) . " - " . $langs->trans("Card");
|
||||
$help_url='';
|
||||
llxHeader("", $title, $helpurl);
|
||||
|
||||
|
||||
|
||||
if ($action == 'create')
|
||||
{
|
||||
print load_fiche_titre($langs->transcountry($lttype==2?"newLT2Payment":"newLT1Payment", $mysoc->country_code));
|
||||
|
||||
@ -85,6 +85,12 @@ $socid = GETPOST('socid', 'int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'tax', '', '', 'charges');
|
||||
|
||||
if (empty($local))
|
||||
{
|
||||
accessforbidden('Parameter localTaxType is missing');
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/*
|
||||
@ -106,11 +112,12 @@ llxHeader('', '', '', '', 0, 0, '', '', $morequerystring);
|
||||
|
||||
$name=$langs->transcountry($local==1?"LT1ReportByCustomers":"LT2ReportByCustomers", $mysoc->country_code);
|
||||
|
||||
$fsearch.='<br>';
|
||||
$fsearch.=' <input type="hidden" name="year" value="'.$year.'">';
|
||||
$fsearch.=' <input type="hidden" name="modetax" value="'.$modetax.'">';
|
||||
$fsearch.=' '.$langs->trans("SalesTurnoverMinimum").': ';
|
||||
$fsearch.=' <input type="text" name="min" id="min" value="'.$min.'" size="6">';
|
||||
$fsearch ='<!-- hidden fields for form -->';
|
||||
$fsearch.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$fsearch.='<input type="hidden" name="modetax" value="'.$modetax.'">';
|
||||
$fsearch.='<input type="hidden" name="localTaxType" value="'.$local.'">';
|
||||
$fsearch.=$langs->trans("SalesTurnoverMinimum").': ';
|
||||
$fsearch.='<input type="text" name="min" id="min" value="'.$min.'" size="6">';
|
||||
|
||||
$calc=$conf->global->MAIN_INFO_LOCALTAX_CALC.$local;
|
||||
// Affiche en-tete du rapport
|
||||
|
||||
@ -188,6 +188,19 @@ function pt($db, $sql, $date)
|
||||
}
|
||||
}
|
||||
|
||||
if (empty($localTaxType))
|
||||
{
|
||||
accessforbidden('Parameter localTaxType is missing');
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
*/
|
||||
|
||||
// None
|
||||
|
||||
|
||||
/*
|
||||
* View
|
||||
@ -213,7 +226,11 @@ if($localTaxType==1) {
|
||||
$CalcLT= $conf->global->MAIN_INFO_LOCALTAX_CALC2;
|
||||
}
|
||||
|
||||
$fsearch.=' <input type="hidden" name="localTaxType" value="'.$localTaxType.'">';
|
||||
$fsearch = '<!-- hidden fields for form -->';
|
||||
$fsearch.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$fsearch.= '<input type="hidden" name="localTaxType" value="'.$localTaxType.'">';
|
||||
$fsearch.= '<input type="hidden" name="modetax" value="'.$modetax.'">';
|
||||
|
||||
$description = $fsearch;
|
||||
|
||||
// Show report header
|
||||
@ -528,7 +545,7 @@ while ((($y < $yend) || ($y == $yend && $m <= $mend)) && $mcursor < 1000) // $mc
|
||||
$total = $total + $diff;
|
||||
$subtotal = price2num($subtotal + $diff, 'MT');
|
||||
|
||||
print '<td class="nowrap right">'.price(price2num($diff, 'MT')).'</td>\n';
|
||||
print '<td class="nowrap right">'.price(price2num($diff, 'MT')).'</td>'."\n";
|
||||
print "<td> </td>\n";
|
||||
print "</tr>\n";
|
||||
|
||||
|
||||
@ -97,6 +97,12 @@ $socid = GETPOST('socid', 'int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'tax', '', '', 'charges');
|
||||
|
||||
if (empty($local))
|
||||
{
|
||||
accessforbidden('Parameter localTaxType is missing');
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/*
|
||||
@ -122,9 +128,10 @@ foreach ($listofparams as $param)
|
||||
|
||||
llxHeader('', $langs->trans("LocalTaxReport"), '', '', 0, 0, '', '', $morequerystring);
|
||||
|
||||
$fsearch.=' <input type="hidden" name="year" value="'.$year.'">';
|
||||
$fsearch.=' <input type="hidden" name="modetax" value="'.$modetax.'">';
|
||||
$fsearch.=' <input type="hidden" name="localTaxType" value="'.$local.'">';
|
||||
$fsearch = '<!-- hidden fields for form -->';
|
||||
$fsearch.= '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$fsearch.= '<input type="hidden" name="modetax" value="'.$modetax.'">';
|
||||
$fsearch.= '<input type="hidden" name="localTaxType" value="'.$local.'">';
|
||||
|
||||
$name=$langs->transcountry($local==1?"LT1ReportByQuarters":"LT2ReportByQuarters", $mysoc->country_code);
|
||||
$calcmode='';
|
||||
@ -161,7 +168,7 @@ if (! empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) {
|
||||
$description.='<br>'.$langs->trans("DepositsAreNotIncluded");
|
||||
}
|
||||
*/
|
||||
if (! empty($conf->global->MAIN_MODULE_ACCOUNTING)) $description.='<br>'.$langs->trans("ThisIsAnEstimatedValue");
|
||||
if (! empty($conf->global->MAIN_MODULE_ACCOUNTING)) $description.=$langs->trans("ThisIsAnEstimatedValue");
|
||||
|
||||
// Customers invoices
|
||||
$elementcust=$langs->trans("CustomersInvoices");
|
||||
@ -186,15 +193,14 @@ if ($mysoc->tva_assuj) {
|
||||
|
||||
report_header($name, '', $period, $periodlink, $description, $builddate, $exportlink, array(), $calcmode);
|
||||
|
||||
|
||||
if($local==1){
|
||||
$vatcust=$langs->transcountry("LocalTax1", $mysoc->country_code);
|
||||
$vatsup=$langs->transcountry("LocalTax1", $mysoc->country_code);
|
||||
$vatexpensereport=$langs->transcountry("LocalTax1", $mysoc->country_code);
|
||||
$vatcust=$langs->transcountry("LT1", $mysoc->country_code);
|
||||
$vatsup=$langs->transcountry("LT1", $mysoc->country_code);
|
||||
$vatexpensereport=$langs->transcountry("LT1", $mysoc->country_code);
|
||||
}else{
|
||||
$vatcust=$langs->transcountry("LocalTax2", $mysoc->country_code);
|
||||
$vatsup=$langs->transcountry("LocalTax2", $mysoc->country_code);
|
||||
$vatexpensereport=$langs->transcountry("LocalTax2", $mysoc->country_code);
|
||||
$vatcust=$langs->transcountry("LT2", $mysoc->country_code);
|
||||
$vatsup=$langs->transcountry("LT2", $mysoc->country_code);
|
||||
$vatexpensereport=$langs->transcountry("LT2", $mysoc->country_code);
|
||||
}
|
||||
|
||||
// VAT Received and paid
|
||||
|
||||
@ -123,11 +123,11 @@ if (isset($_REQUEST['extra_report']) && $_REQUEST['extra_report'] == 1) {
|
||||
|
||||
llxHeader('', $langs->trans("VATReport"), '', '', 0, 0, '', '', $morequerystring);
|
||||
|
||||
$fsearch.='<br>';
|
||||
$fsearch.=' <input type="hidden" name="year" value="'.$year.'">';
|
||||
$fsearch.=' <input type="hidden" name="modetax" value="'.$modetax.'">';
|
||||
$fsearch.=' '.$langs->trans("SalesTurnoverMinimum").': ';
|
||||
$fsearch.=' <input type="text" name="min" id="min" value="'.$min.'" size="6">';
|
||||
$fsearch ='<!-- hidden fields for form -->';
|
||||
$fsearch.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$fsearch.='<input type="hidden" name="modetax" value="'.$modetax.'">';
|
||||
$fsearch.=$langs->trans("SalesTurnoverMinimum").': ';
|
||||
$fsearch.='<input type="text" name="min" id="min" value="'.$min.'" size="6">';
|
||||
|
||||
// Show report header
|
||||
$name=$langs->trans("VATReportByThirdParties");
|
||||
|
||||
@ -198,7 +198,11 @@ $form=new Form($db);
|
||||
$company_static=new Societe($db);
|
||||
$tva = new Tva($db);
|
||||
|
||||
$description = '';
|
||||
$fsearch ='<!-- hidden fields for form -->';
|
||||
$fsearch.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$fsearch.='<input type="hidden" name="modetax" value="'.$modetax.'">';
|
||||
|
||||
$description = $fsearch;
|
||||
|
||||
// Show report header
|
||||
$name = $langs->trans("ReportByMonth");
|
||||
@ -208,7 +212,7 @@ if ($modetax == 1) $calcmode=$langs->trans('OptionVATDebitOption');
|
||||
if ($modetax == 2) $calcmode=$langs->trans('OptionPaymentForProductAndServices');
|
||||
$calcmode.='<br>('.$langs->trans("TaxModuleSetupToModifyRules", DOL_URL_ROOT.'/admin/taxes.php').')';
|
||||
|
||||
$description = $langs->trans("VATSummary").'<br>';
|
||||
$description .= $langs->trans("VATSummary").'<br>';
|
||||
if ($conf->global->TAX_MODE_SELL_PRODUCT == 'invoice') $description.=$langs->trans("RulesVATDueProducts");
|
||||
if ($conf->global->TAX_MODE_SELL_PRODUCT == 'payment') $description.=$langs->trans("RulesVATInProducts");
|
||||
if ($conf->global->TAX_MODE_SELL_SERVICE == 'invoice') $description.='<br>'.$langs->trans("RulesVATDueServices");
|
||||
|
||||
@ -122,8 +122,9 @@ llxHeader('', $langs->trans("VATReport"), '', '', 0, 0, '', '', $morequerystring
|
||||
//print load_fiche_titre($langs->trans("VAT"),"");
|
||||
|
||||
//$fsearch.='<br>';
|
||||
$fsearch.=' <input type="hidden" name="year" value="'.$year.'">';
|
||||
$fsearch.=' <input type="hidden" name="modetax" value="'.$modetax.'">';
|
||||
$fsearch ='<!-- hidden fields for form -->';
|
||||
$fsearch.='<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
$fsearch.='<input type="hidden" name="modetax" value="'.$modetax.'">';
|
||||
//$fsearch.=' '.$langs->trans("SalesTurnoverMinimum").': ';
|
||||
//$fsearch.=' <input type="text" name="min" value="'.$min.'">';
|
||||
|
||||
|
||||
@ -124,7 +124,7 @@ function tax_by_thirdparty($type, $db, $y, $date_start, $date_end, $modetax, $di
|
||||
$invoicefieldref='ref';
|
||||
}
|
||||
|
||||
if ( strpos($type, 'localtax') === 0 ) {
|
||||
if (strpos($type, 'localtax') === 0) {
|
||||
$f_rate = $type . '_tx';
|
||||
} else {
|
||||
$f_rate = 'tva_tx';
|
||||
|
||||
@ -96,8 +96,6 @@ LocalTax1IsNotUsedES= RE is not used
|
||||
LocalTax2IsUsed=Use third tax
|
||||
LocalTax2IsUsedES= IRPF is used
|
||||
LocalTax2IsNotUsedES= IRPF is not used
|
||||
LocalTax1ES=RE
|
||||
LocalTax2ES=IRPF
|
||||
WrongCustomerCode=Customer code invalid
|
||||
WrongSupplierCode=Vendor code invalid
|
||||
CustomerCodeModel=Customer code model
|
||||
|
||||
Loading…
Reference in New Issue
Block a user