diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php index 62793e86d27..38c9c4bed4c 100644 --- a/htdocs/comm/contact.php +++ b/htdocs/comm/contact.php @@ -2,7 +2,7 @@ /* Copyright (C) 2001-2005 Rodolphe Quiedeville * Copyright (C) 2003 Eric Seigne * Copyright (C) 2004-2009 Laurent Destailleur - * Copyright (C) 2005-2011 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -28,19 +28,19 @@ require("../main.inc.php"); $langs->load("companies"); -$sortfield=isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"]; -$sortorder=isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"]; -$page=$_GET["page"]; +$sortfield=GETPOST('sortfield', 'alpha'); +$sortorder=GETPOST('sortorder', 'alpha'); +$page=GETPOST('page', 'int'); if (! $sortorder) $sortorder="ASC"; if (! $sortfield) $sortfield="p.name"; -if ($page < 0) { $page = 0 ; } +if ($page < 0) { $page = 0; } $limit = $conf->liste_limit; $offset = $limit * $page ; $type=$_GET["type"]; // Security check -$socid = isset($_GET["socid"])?$_GET["socid"]:''; +$socid = GETPOST('socid'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe',$socid,''); @@ -75,12 +75,12 @@ if ($type == "f") $sql = "SELECT s.rowid, s.nom, st.libelle as stcomm"; $sql.= ", p.rowid as cidp, p.name, p.firstname, p.email, p.phone"; $sql.= " FROM ".MAIN_DB_PREFIX."c_stcomm as st,"; -if (!$user->rights->societe->client->voir && !$socid) $sql .= " ".MAIN_DB_PREFIX."societe_commerciaux as sc,"; +if (! $user->rights->societe->client->voir && ! $socid) $sql .= " ".MAIN_DB_PREFIX."societe_commerciaux as sc,"; $sql.= " ".MAIN_DB_PREFIX."socpeople as p"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc"; $sql.= " WHERE s.fk_stcomm = st.id"; -$sql.= " AND p.entity = ".$conf->entity; -if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; +$sql.= " AND p.entity IN (".getEntity('societe', 1).")"; +if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; if ($type == "c") $sql.= " AND s.client IN (1, 3)"; if ($type == "p") $sql.= " AND s.client IN (2, 3)"; if ($type == "f") $sql.= " AND s.fournisseur = 1"; @@ -93,27 +93,27 @@ if (dol_strlen($stcomm)) if (dol_strlen($begin)) // filtre sur la premiere lettre du nom { - $sql.= " AND upper(p.name) like '$begin%'"; + $sql.= " AND upper(p.name) LIKE '".$begin."%'"; } if (trim($_GET["search_nom"])) { - $sql.= " AND p.name like '%".trim($_GET["search_nom"])."%'"; + $sql.= " AND p.name LIKE '%".trim($_GET["search_nom"])."%'"; } if (trim($_GET["search_prenom"])) { - $sql.= " AND p.firstname like '%".trim($_GET["search_prenom"])."%'"; + $sql.= " AND p.firstname LIKE '%".trim($_GET["search_prenom"])."%'"; } if (trim($_GET["search_societe"])) { - $sql.= " AND s.nom like '%".trim($_GET["search_societe"])."%'"; + $sql.= " AND s.nom LIKE '%".trim($_GET["search_societe"])."%'"; } if ($_GET["contactname"]) // acces a partir du module de recherche { - $sql.= " AND ( p.name like '%".strtolower($_GET["contactname"])."%' OR lower(p.firstname) like '%".strtolower($_GET["contactname"])."%') "; + $sql.= " AND (p.name LIKE '%".strtolower($_GET["contactname"])."%' OR lower(p.firstname) LIKE '%".strtolower($_GET["contactname"])."%') "; $sortfield = "p.name"; $sortorder = "ASC"; } @@ -178,7 +178,8 @@ else dol_print_error($db); } +llxFooter(); + $db->close(); -llxFooter(); ?> diff --git a/htdocs/comm/propal/contact.php b/htdocs/comm/propal/contact.php index 74d3de71b39..809a5e3a76a 100644 --- a/htdocs/comm/propal/contact.php +++ b/htdocs/comm/propal/contact.php @@ -1,6 +1,7 @@ * Copyright (C) 2005-2009 Destailleur Laurent + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -33,12 +34,10 @@ $langs->load("orders"); $langs->load("sendings"); $langs->load("companies"); -$id=GETPOST('id'); -$ligne=GETPOST('ligne'); -$lineid=GETPOST('lineid'); -$action=GETPOST('action'); - -$id = isset($id)?$id:''; +$id=GETPOST('id', 'int'); +$ref= GETPOST('ref', 'alpha'); +$lineid=GETPOST('lineid', 'int'); +$action=GETPOST('action', 'alpha'); // Security check if ($user->societe_id) $socid=$user->societe_id; @@ -49,7 +48,7 @@ $result = restrictedArea($user, 'propale', $id, 'propal'); * Ajout d'un nouveau contact */ -if ($_POST["action"] == 'addcontact' && $user->rights->propale->creer) +if ($action == 'addcontact' && $user->rights->propale->creer) { $result = 0; @@ -63,7 +62,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->propale->creer) if ($result >= 0) { - Header("Location: contact.php?id=".$propal->id); + Header("Location: ".$_SERVER['PHP_SELF']."?id=".$propal->id); exit; } else @@ -103,10 +102,11 @@ if ($action == 'deleteline' && $user->rights->propale->creer) if ($result >= 0) { - Header("Location: contact.php?id=".$propal->id); + Header("Location: ".$_SERVER['PHP_SELF']."?id=".$propal->id); exit; } - else { + else + { dol_print_error($db); } } @@ -131,27 +131,23 @@ $userstatic=new User($db); /* *************************************************************************** */ dol_htmloutput_mesg($mesg); -$id = $id; -$ref= GETPOST('ref'); if ($id > 0 || ! empty($ref)) { $propal = New Propal($db); - if ( $propal->fetch($id,$ref) > 0) + if ($propal->fetch($id,$ref) > 0) { $soc = new Societe($db); $soc->fetch($propal->socid); - $head = propal_prepare_head($propal); dol_fiche_head($head, 'contact', $langs->trans("Proposal"), 0, 'propal'); - /* - * Propal synthese pour rappel - */ + * Propal synthese pour rappel + */ print ''; - $linkback="".$langs->trans("BackToList").""; + $linkback=''.$langs->trans("BackToList").''; // Ref print '
'.$langs->trans('Ref').''; @@ -179,17 +175,15 @@ if ($id > 0 || ! empty($ref)) print ''; - + /* + * Lignes de contacts + */ + print '
'; /* - * Lignes de contacts - */ - echo '
'; - - /* - * Ajouter une ligne de contact - * Non affiche en mode modification de ligne - */ + * Ajouter une ligne de contact + * Non affiche en mode modification de ligne + */ if ($action != 'editline' && $user->rights->propale->creer) { print ''; @@ -351,7 +345,7 @@ if ($id > 0 || ! empty($ref)) if ($user->rights->propale->creer) { print ' '; - print ''; + print ''; print img_delete(); print ''; } @@ -370,7 +364,8 @@ if ($id > 0 || ! empty($ref)) } } +llxFooter(); + $db->close(); -llxFooter(); ?> \ No newline at end of file diff --git a/htdocs/core/class/html.formcompany.class.php b/htdocs/core/class/html.formcompany.class.php index b338e5f3192..c0adef92519 100644 --- a/htdocs/core/class/html.formcompany.class.php +++ b/htdocs/core/class/html.formcompany.class.php @@ -516,20 +516,19 @@ class FormCompany // On recherche les societes $sql = "SELECT s.rowid, s.nom FROM"; $sql.= " ".MAIN_DB_PREFIX."societe as s"; - if ($selected && $conf->use_javascript_ajax && $conf->global->COMPANY_USE_SEARCH_TO_SELECT) $sql.= " WHERE rowid = ".$selected; + $sql.= " WHERE s.entity IN (".getEntity('societe', 1).")"; + if ($selected && $conf->use_javascript_ajax && $conf->global->COMPANY_USE_SEARCH_TO_SELECT) $sql.= " AND rowid = ".$selected; else { // For ajax search we limit here. For combo list, we limit later if ($conf->use_javascript_ajax && $conf->global->COMPANY_USE_SEARCH_TO_SELECT && is_array($limitto) && count($limitto)) { - $sql.= " WHERE rowid IN (".join(',',$limitto).")"; + $sql.= " AND rowid IN (".join(',',$limitto).")"; } } - $sql.= " AND s.entity IN (".getEntity('societe', 1).")"; $sql.= " ORDER BY nom ASC"; - - //print $sql; + $resql = $this->db->query($sql); if ($resql) {