lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/develop' into zapier

Browse Source
This commit is contained in:
Frédéric FRANCE 2019-09-25 08:06:44 +02:00
commit 41cb628d05
No known key found for this signature in database
GPG Key ID: 06809324E4B2ABC1
63 changed files with 1880 additions and 2789 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/admin/emailcollector_card.php
View File

@ -116,7 +116,7 @@ if (empty($reshook))
if (GETPOST('addfilter', 'alpha'))
{
$emailcollectorfilter = new EmailCollectorFilter($db);
$emailcollectorfilter->type = GETPOST('filtertype', 'az09');
$emailcollectorfilter->type = GETPOST('filtertype', 'aZ09');
$emailcollectorfilter->rulevalue = GETPOST('rulevalue', 'alpha');
$emailcollectorfilter->fk_emailcollector = $object->id;
$emailcollectorfilter->status = 1;
@ -150,7 +150,7 @@ if ($action == 'deletefilter')
if (GETPOST('addoperation', 'alpha'))
{
$emailcollectoroperation = new EmailCollectorAction($db);
$emailcollectoroperation->type = GETPOST('operationtype', 'az09');
$emailcollectoroperation->type = GETPOST('operationtype', 'aZ09');
$emailcollectoroperation->actionparam = GETPOST('operationparam', 'none');
$emailcollectoroperation->fk_emailcollector = $object->id;
$emailcollectoroperation->status = 1;

2
htdocs/admin/expensereport_extrafields.php
View File

@ -63,8 +63,6 @@ require DOL_DOCUMENT_ROOT.'/core/actions_extrafields.inc.php';
* View
*/
$textobject=$langs->transnoentitiesnoconv("expensereports");
llxHeader('', $langs->trans("ExpenseReportsSetup"));
$linkback='<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';

118
htdocs/admin/holiday_extrafields.php Normal file
View File

@ -0,0 +1,118 @@
<?php
/* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2003 Jean-Louis Bergamo <jlb@j1b.org>
* Copyright (C) 2004-2013 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2012 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2012 Florian Henry <florian.henry@open-concept.pro>
* Copyright (C) 2013 Philippe Grand <philippe.grand@atoo-net.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/admin/holiday_extrafields.php
* \ingroup holiday
* \brief Page to setup extra fields of holiday
*/
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/holiday.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php';
if (!$user->admin)
accessforbidden();
// Load translation files required by the page
$langs->loadLangs(array('admin', 'errors', 'holiday', 'other'));
$extrafields = new ExtraFields($db);
$form = new Form($db);
// List of supported format
$tmptype2label=ExtraFields::$type2label;
$type2label=array('');
foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val);
$action=GETPOST('action', 'alpha');
$attrname=GETPOST('attrname', 'alpha');
$elementtype='holiday'; //Must be the $table_element of the class that manage extrafield
if (!$user->admin) accessforbidden();
/*
* Actions
*/
require DOL_DOCUMENT_ROOT.'/core/actions_extrafields.inc.php';
/*
* View
*/
llxHeader('', $langs->trans("HolidaySetup"));
$linkback='<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
print load_fiche_titre($langs->trans("HolidaySetup"), $linkback, 'title_setup');
$head = holiday_admin_prepare_head();
dol_fiche_head($head, 'attributes', $langs->trans("Holidays"), -1, 'holiday');
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_view.tpl.php';
dol_fiche_end();
// Buttons
if ($action != 'create' && $action != 'edit')
{
print '<div class="tabsAction">';
print "<a class=\"butAction\" href=\"".$_SERVER["PHP_SELF"]."?action=create#newattrib\">".$langs->trans("NewAttribute")."</a>";
print "</div>";
}
/* ************************************************************************** */
/* */
/* Creation of an optional field */
/* */
/* ************************************************************************** */
if ($action == 'create')
{
print '<br><div id="newattrib"></div>';
print load_fiche_titre($langs->trans('NewAttribute'));
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_add.tpl.php';
}
/* ************************************************************************** */
/* */
/* Edition of an optional field */
/* */
/* ************************************************************************** */
if ($action == 'edit' && ! empty($attrname))
{
print "<br>";
print load_fiche_titre($langs->trans("FieldEdition", $attrname));
require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_edit.tpl.php';
}
// End of page
llxFooter();
$db->close();

11
htdocs/admin/mails_templates.php
View File

@ -50,7 +50,7 @@ $confirm = GETPOST('confirm', 'alpha'); // Result of a confirmatio
$id = GETPOST('id', 'int');
$rowid = GETPOST('rowid', 'alpha');
$search_label=GETPOST('search_label', 'alpha');
$search_label=GETPOST('search_label', 'alphanohtml'); // Must allow value like 'Abc Def' or '(MyTemplateName)'
$search_type_template=GETPOST('search_type_template', 'alpha');
$search_lang=GETPOST('search_lang', 'alpha');
$search_fk_user=GETPOST('search_fk_user', 'intcomma');
@ -263,6 +263,7 @@ if (empty($reshook))
{
//var_dump($i.' - '.$listfieldvalue[$i].' - '.$_POST[$listfieldvalue[$i]].' - '.$value);
$keycode=$listfieldvalue[$i];
if ($value == 'label') $_POST[$keycode] = dol_escape_htmltag($_POST[$keycode]);
if ($value == 'lang') $keycode='langcode';
if ($value == 'entity') $_POST[$keycode] = $conf->entity;
if ($i) $sql.=",";
@ -667,8 +668,6 @@ if ($resql)
print '<tr class="liste_titre">';
foreach ($fieldlist as $field => $value)
{
// Determine le nom du champ par rapport aux noms possibles
// dans les dictionnaires de donnees
$showfield=1; // By defaut
$align="left";
$sortable=1;
@ -695,7 +694,7 @@ if ($resql)
if ($fieldlist[$field]=='content') { $valuetoshow=$langs->trans("Content"); $showfield=0;}
if ($fieldlist[$field]=='content_lines') { $valuetoshow=$langs->trans("ContentLines"); $showfield=0; }
// Affiche nom du champ
// Show fields
if ($showfield)
{
if (! empty($tabhelp[$id][$value]))
@ -813,6 +812,10 @@ if ($resql)
$showfield=1;
$align="left";
$valuetoshow=$obj->{$fieldlist[$field]};
if ($value == 'label' || $value == 'topic')
{
$valuetoshow = dol_escape_htmltag($valuetoshow);
}
if ($value == 'type_template')
{
$valuetoshow = isset($elementList[$valuetoshow])?$elementList[$valuetoshow]:$valuetoshow;

2
htdocs/categories/viewcat.php
View File

@ -36,7 +36,7 @@ $langs->load("categories");
$id = GETPOST('id', 'int');
$label = GETPOST('label', 'alpha');
$type = GETPOST('type', 'az09');
$type = GETPOST('type', 'aZ09');
$removeelem = GETPOST('removeelem', 'int');
$elemid = GETPOST('elemid', 'int');

2
htdocs/comm/action/class/actioncomm.class.php
View File

@ -657,7 +657,7 @@ class ActionComm extends CommonObject
$this->socid = $obj->fk_soc; // To have fetch_thirdparty method working
$this->contactid = $obj->fk_contact; // To have fetch_contact method working
$this->fk_project = $obj->fk_project; // To have fetch_project method working
$this->fk_project = $obj->fk_project; // To have fetch_projet method working
//$this->societe->id = $obj->fk_soc; // deprecated
//$this->contact->id = $obj->fk_contact; // deprecated

2
htdocs/comm/action/index.php
View File

@ -87,7 +87,7 @@ $week=GETPOST("week", "int")?GETPOST("week", "int"):date("W");
$day=GETPOST("day", "int")?GETPOST("day", "int"):date("d");
$pid=GETPOST("search_projectid", "int", 3)?GETPOST("search_projectid", "int", 3):GETPOST("projectid", "int", 3);
$status=GETPOST("search_status", 'aZ09')?GETPOST("search_status", 'aZ09'):GETPOST("status", 'aZ09'); // status may be 0, 50, 100, 'todo'
$type=GETPOST("search_type", 'az09')?GETPOST("search_type", 'az09'):GETPOST("type", 'az09');
$type=GETPOST("search_type", 'aZ09')?GETPOST("search_type", 'aZ09'):GETPOST("type", 'aZ09');
$maxprint=(isset($_GET["maxprint"])?GETPOST("maxprint"):$conf->global->AGENDA_MAX_EVENTS_DAY_VIEW);
// Set actioncode (this code must be same for setting actioncode into peruser, listacton and index)
if (GETPOST('search_actioncode', 'array'))

4
htdocs/core/actions_massactions.inc.php
View File

@ -384,6 +384,10 @@ if (! $error && $massaction == 'confirm_presend')
foreach ($looparray as $objectid => $objecttmp) // $objecttmp is a real object or an empty object if we choose to send one email per thirdparty instead of one per object
{
// Make substitution in email content
if (! empty($conf->projet->enabled) && method_exists($objecttmp, 'fetch_projet') && is_null($objecttmp->project))
{
$objecttmp->fetch_projet();
}
$substitutionarray=getCommonSubstitutionArray($langs, 0, null, $objecttmp);
$substitutionarray['__ID__'] = ($oneemailperrecipient ? join(', ', array_keys($listofqualifiedobj)) : $objecttmp->id);
$substitutionarray['__REF__'] = ($oneemailperrecipient ? join(', ', $listofqualifiedref) : $objecttmp->ref);

54
htdocs/core/actions_sendmails.inc.php
View File

@ -113,8 +113,8 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
{
$result=$object->fetch($id);
$sendtosocid=0; // Thirdparty on object
if (method_exists($object, "fetch_thirdparty") && ! in_array($object->element, array('societe','member','user','expensereport', 'contact')))
$sendtosocid=0; // Id of related thirdparty
if (method_exists($object, "fetch_thirdparty") && ! in_array($object->element, array('societe', 'member', 'user', 'expensereport', 'contact')))
{
$result=$object->fetch_thirdparty();
if ($object->element == 'user' && $result == 0) $result=1; // Even if not found, we consider ok
@ -124,7 +124,14 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
elseif ($object->element == 'member' || $object->element == 'user')
{
$thirdparty=$object;
if ($thirdparty->id > 0) $sendtosocid=$thirdparty->id;
if ($object->socid > 0) $sendtosocid=$object->socid;
}
elseif ($object->element == 'expensereport')
{
$tmpuser=new User($db);
$tmpuser->fetch($object->fk_user_author);
$thirdparty=$tmpuser;
if ($object->socid > 0) $sendtosocid=$object->socid;
}
elseif ($object->element == 'societe')
{
@ -136,7 +143,7 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
$contact=$object;
if ($contact->id > 0) $sendtosocid=$contact->fetch_thirdparty()->id;
}
else dol_print_error('', 'Use actions_sendmails.in.php for an element/object that is not supported');
else dol_print_error('', "Use actions_sendmails.in.php for an element/object '".$object->element."' that is not supported");
if (is_object($hookmanager))
{
@ -162,6 +169,7 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
if ($receiver == '-1') $receiver=array();
else $receiver=array($receiver);
}
$tmparray=array();
if (trim($_POST['sendto']))
{
@ -173,22 +181,23 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
foreach($receiver as $key=>$val)
{
// Recipient was provided from combo list
if ($val == 'thirdparty') // Id of third party
if ($val == 'thirdparty') // Key selected means currentthird party (may be usd for current member or current user too)
{
$tmparray[] = dol_string_nospecial($thirdparty->name, ' ', array(",")).' <'.$thirdparty->email.'>';
$tmparray[] = dol_string_nospecial($thirdparty->getFullName($langs), ' ', array(",")).' <'.$thirdparty->email.'>';
}
// Recipient was provided from combo list
elseif ($val == 'contact') // Id of contact
elseif ($val == 'contact') // Key selected means current contact
{
$tmparray[] = dol_string_nospecial($contact->name, ' ', array(",")).' <'.$contact->email.'>';
$tmparray[] = dol_string_nospecial($contact->getFullName($langs), ' ', array(",")).' <'.$contact->email.'>';
}
elseif ($val) // Id du contact
elseif ($val) // $val is the Id of a contact
{
$tmparray[] = $thirdparty->contact_get_property((int) $val, 'email');
$sendtoid[] = $val;
}
}
}
if (!empty($conf->global->MAIN_MAIL_ENABLED_USER_DEST_SELECT))
{
$receiveruser=$_POST['receiveruser'];
@ -222,16 +231,16 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
foreach($receivercc as $key=>$val)
{
// Recipient was provided from combo list
if ($val == 'thirdparty') // Id of third party
if ($val == 'thirdparty') // Key selected means currentthird party (may be usd for current member or current user too)
{
$tmparray[] = dol_string_nospecial($thirdparty->name, ' ', array(",")).' <'.$thirdparty->email.'>';
}
// Recipient was provided from combo list
elseif ($val == 'contact') // Id of contact
elseif ($val == 'contact') // Key selected means current contact
{
$tmparray[] = dol_string_nospecial($contact->name, ' ', array(",")).' <'.$contact->email.'>';
}
elseif ($val) // Id du contact
elseif ($val) // $val is the Id of a contact
{
$tmparray[] = $thirdparty->contact_get_property((int) $val, 'email');
//$sendtoid[] = $val; TODO Add also id of contact in CC ?
@ -414,27 +423,6 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
$result=$mailfile->sendfile();
if ($result)
{
// Two hooks are available into method $mailfile->sendfile, so dedicated code is no more required
/*
if (! empty($conf->dolimail->enabled))
{
$mid = (GETPOST('mid','int') ? GETPOST('mid','int') : 0); // Original mail id is set ?
if ($mid)
{
// set imap flag answered if it is an answered mail
$dolimail=new DoliMail($db);
$dolimail->id = $mid;
$res=$dolimail->set_prop($user, 'answered',1);
}
if ($imap==1)
{
// write mail to IMAP Server
$movemail = $mailboxconfig->putMail($subject,$sendto,$from,$message,$filepath,$mimetype,$filename,$sendtocc,$folder,$deliveryreceipt,$mailfile);
if ($movemail) setEventMessages($langs->trans("MailMovedToImapFolder",$folder), null, 'mesgs');
else setEventMessages($langs->trans("MailMovedToImapFolder_Warning",$folder), null, 'warnings');
}
}*/
// Initialisation of datas of object to call trigger
if (is_object($object))
{

24
htdocs/core/class/events.class.php
View File

@ -87,33 +87,9 @@ class Events // extends CommonObject
array('id'=>'USER_NEW_PASSWORD', 'test'=>1),
array('id'=>'USER_ENABLEDISABLE', 'test'=>1),
array('id'=>'USER_DELETE', 'test'=>1),
/* array('id'=>'USER_SETINGROUP', 'test'=>1), deprecated. Replace with USER_MODIFY
array('id'=>'USER_REMOVEFROMGROUP', 'test'=>1), deprecated. Replace with USER_MODIFY */
array('id'=>'GROUP_CREATE', 'test'=>1),
array('id'=>'GROUP_MODIFY', 'test'=>1),
array('id'=>'GROUP_DELETE', 'test'=>1),
/* array('id'=>'ACTION_CREATE', 'test'=>$conf->societe->enabled),
array('id'=>'COMPANY_CREATE', 'test'=>$conf->societe->enabled),
array('id'=>'CONTRACT_VALIDATE', 'test'=>$conf->contrat->enabled),
array('id'=>'PROPAL_VALIDATE', 'test'=>$conf->propal->enabled),
array('id'=>'PROPAL_CLOSE_SIGNED', 'test'=>$conf->propal->enabled),
array('id'=>'PROPAL_CLOSE_REFUSED', 'test'=>$conf->propal->enabled),
array('id'=>'PROPAL_SENTBYMAIL', 'test'=>$conf->propal->enabled),
array('id'=>'ORDER_VALIDATE', 'test'=>$conf->commande->enabled),
array('id'=>'ORDER_SENTBYMAIL', 'test'=>$conf->commande->enabled),
array('id'=>'BILL_VALIDATE', 'test'=>$conf->facture->enabled),
array('id'=>'BILL_PAYED', 'test'=>$conf->facture->enabled),
array('id'=>'BILL_CANCEL', 'test'=>$conf->facture->enabled),
array('id'=>'BILL_SENTBYMAIL', 'test'=>$conf->facture->enabled),
array('id'=>'PAYMENT_CUSTOMER_CREATE','test'=>$conf->facture->enabled),
array('id'=>'PAYMENT_SUPPLIER_CREATE','test'=>$conf->fournisseur->enabled),
array('id'=>'MEMBER_CREATE', 'test'=>$conf->adherent->enabled),
array('id'=>'MEMBER_VALIDATE', 'test'=>$conf->adherent->enabled),
array('id'=>'MEMBER_SUBSCRIPTION', 'test'=>$conf->adherent->enabled),
array('id'=>'MEMBER_MODIFY', 'test'=>$conf->adherent->enabled),
array('id'=>'MEMBER_RESILIATE', 'test'=>$conf->adherent->enabled),
array('id'=>'MEMBER_DELETE', 'test'=>$conf->adherent->enabled),
*/
);

22
htdocs/core/class/extrafields.class.php
View File

@ -959,9 +959,10 @@ class ExtraFields
* @param string $morecss More css (to defined size of field. Old behaviour: may also be a numeric)
* @param int $objectid Current object id
* @param string $extrafieldsobjectkey If defined (for example $object->table_element), use the new method to get extrafields data
* @param string $mode 1=Used for search filters
* @return string
*/
public function showInputField($key, $value, $moreparam = '', $keysuffix = '', $keyprefix = '', $morecss = '', $objectid = 0, $extrafieldsobjectkey = '')
public function showInputField($key, $value, $moreparam = '', $keysuffix = '', $keyprefix = '', $morecss = '', $objectid = 0, $extrafieldsobjectkey = '', $mode = 0)
{
global $conf,$langs,$form;
@ -1116,13 +1117,20 @@ class ExtraFields
}
elseif ($type == 'boolean')
{
$checked='';
if (!empty($value)) {
$checked=' checked value="1" ';
} else {
$checked=' value="1" ';
if (empty($mode))
{
$checked='';
if (!empty($value)) {
$checked=' checked value="1" ';
} else {
$checked=' value="1" ';
}
$out='<input type="checkbox" class="flat '.$morecss.' maxwidthonsmartphone" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" '.$checked.' '.($moreparam?$moreparam:'').'>';
}
else
{
$out.=$form->selectyesno($keyprefix.$key.$keysuffix, $value, 1, false, 1);
}
$out='<input type="checkbox" class="flat '.$morecss.' maxwidthonsmartphone" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" '.$checked.' '.($moreparam?$moreparam:'').'>';
}
elseif ($type == 'price')
{

5
htdocs/core/class/translate.class.php
View File

@ -88,11 +88,12 @@ class Translate
if (empty($srclang) || $srclang == 'auto')
{
// $_SERVER['HTTP_ACCEPT_LANGUAGE'] can be 'fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7,it;q=0.6' but can contains also malicious content
$langpref=empty($_SERVER['HTTP_ACCEPT_LANGUAGE'])?'':$_SERVER['HTTP_ACCEPT_LANGUAGE'];
$langpref=preg_replace("/;([^,]*)/i", "", $langpref);
$langpref=preg_replace("/;([^,]*)/i", "", $langpref); // Remove the 'q=x.y,' part
$langpref=str_replace("-", "_", $langpref);
$langlist=preg_split("/[;,]/", $langpref);
$codetouse=$langlist[0];
$codetouse=preg_replace('/[^_a-zA-Z]/', '', $langlist[0]);
}
else $codetouse=$srclang;

46
htdocs/core/lib/functions.lib.php
View File

@ -4473,7 +4473,9 @@ function price($amount, $form = 0, $outlangs = '', $trunc = 1, $rounding = -1, $
* 'MS'=Round to Max for stock quantity (MAIN_MAX_DECIMALS_STOCK)
* Numeric = Nb of digits for rounding
* @param int $alreadysqlnb Put 1 if you know that content is already universal format number
* @return string Amount with universal numeric format (Example: '99.99999') or unchanged text if conversion fails. If amount is null or '', it returns ''.
* @return string Amount with universal numeric format (Example: '99.99999').
* If conversion fails, it return text unchanged if $rounding = '' or '0' if $rounding is defined.
* If amount is null or '', it returns '' if $rounding = '' or '0' if $rounding is defined..
*
* @see price() Opposite function of price2num
*/
@ -5895,11 +5897,13 @@ $substitutionarray=array_merge($substitutionarray, array(
$substitutionarray['__REF_SUPPLIER__'] = '__REF_SUPPLIER__';
$substitutionarray['__EXTRAFIELD_XXX__'] = '__EXTRAFIELD_XXX__';
$substitutionarray['__THIRDPARTY_ID__'] = '__THIRDPARTY_ID__';
$substitutionarray['__THIRDPARTY_NAME__'] = '__THIRDPARTY_NAME__';
$substitutionarray['__THIRDPARTY_NAME_ALIAS__'] = '__THIRDPARTY_NAME_ALIAS__';
$substitutionarray['__THIRDPARTY_EMAIL__'] = '__THIRDPARTY_EMAIL__';
if (! empty($conf->societe->enabled))
{
$substitutionarray['__THIRDPARTY_ID__'] = '__THIRDPARTY_ID__';
$substitutionarray['__THIRDPARTY_NAME__'] = '__THIRDPARTY_NAME__';
$substitutionarray['__THIRDPARTY_NAME_ALIAS__'] = '__THIRDPARTY_NAME_ALIAS__';
$substitutionarray['__THIRDPARTY_EMAIL__'] = '__THIRDPARTY_EMAIL__';
}
if (! empty($conf->adherent->enabled))
{
$substitutionarray['__MEMBER_ID__'] = '__MEMBER_ID__';
@ -5907,15 +5911,19 @@ $substitutionarray=array_merge($substitutionarray, array(
$substitutionarray['__MEMBER_FIRSTNAME__'] = '__MEMBER_FIRSTNAME__';
$substitutionarray['__MEMBER_LASTNAME__'] = '__MEMBER_LASTNAME__';
}
$substitutionarray['__PROJECT_ID__'] = '__PROJECT_ID__';
$substitutionarray['__PROJECT_REF__'] = '__PROJECT_REF__';
$substitutionarray['__PROJECT_NAME__'] = '__PROJECT_NAME__';
$substitutionarray['__CONTRACT_HIGHEST_PLANNED_START_DATE__'] = 'Highest date planned for a service start';
$substitutionarray['__CONTRACT_HIGHEST_PLANNED_START_DATETIME__'] = 'Highest date and hour planned for service start';
$substitutionarray['__CONTRACT_LOWEST_EXPIRATION_DATE__'] = 'Lowest data for planned expiration of service';
$substitutionarray['__CONTRACT_LOWEST_EXPIRATION_DATETIME__'] = 'Lowest date and hour for planned expiration of service';
if (! empty($conf->projet->enabled))
{
$substitutionarray['__PROJECT_ID__'] = '__PROJECT_ID__';
$substitutionarray['__PROJECT_REF__'] = '__PROJECT_REF__';
$substitutionarray['__PROJECT_NAME__'] = '__PROJECT_NAME__';
}
if (! empty($conf->contrat->enabled))
{
$substitutionarray['__CONTRACT_HIGHEST_PLANNED_START_DATE__'] = 'Highest date planned for a service start';
$substitutionarray['__CONTRACT_HIGHEST_PLANNED_START_DATETIME__'] = 'Highest date and hour planned for service start';
$substitutionarray['__CONTRACT_LOWEST_EXPIRATION_DATE__'] = 'Lowest data for planned expiration of service';
$substitutionarray['__CONTRACT_LOWEST_EXPIRATION_DATETIME__'] = 'Lowest date and hour for planned expiration of service';
}
$substitutionarray['__ONLINE_PAYMENT_URL__'] = 'UrlToPayOnlineIfApplicable';
$substitutionarray['__ONLINE_PAYMENT_TEXT_AND_URL__'] = 'TextAndUrlToPayOnlineIfApplicable';
$substitutionarray['__SECUREKEYPAYMENT__'] = 'Security key (if key is not unique per record)';
@ -5993,7 +6001,13 @@ $substitutionarray=array_merge($substitutionarray, array(
$substitutionarray['__THIRDPARTY_EMAIL__'] = (is_object($object->thirdparty)?$object->thirdparty->email:'');
}
if (is_object($object->projet) && $object->projet->id > 0)
if (is_object($object->project) && $object->project->id > 0)
{
$substitutionarray['__PROJECT_ID__'] = (is_object($object->project)?$object->project->id:'');
$substitutionarray['__PROJECT_REF__'] = (is_object($object->project)?$object->project->ref:'');
$substitutionarray['__PROJECT_NAME__'] = (is_object($object->project)?$object->project->title:'');
}
if (is_object($object->projet) && $object->projet->id > 0) // Deprecated, for backward compatibility
{
$substitutionarray['__PROJECT_ID__'] = (is_object($object->projet)?$object->projet->id:'');
$substitutionarray['__PROJECT_REF__'] = (is_object($object->projet)?$object->projet->ref:'');

5
htdocs/core/lib/holiday.lib.php
View File

@ -86,6 +86,11 @@ function holiday_admin_prepare_head()
// $this->tabs = array('entity:-tabname); to remove a tab
complete_head_from_modules($conf, $langs, null, $head, $h, 'holiday_admin');
$head[$h][0] = DOL_URL_ROOT.'/admin/holiday_extrafields.php';
$head[$h][1] = $langs->trans("ExtraFields");
$head[$h][2] = 'attributes';
$h++;
complete_head_from_modules($conf, $langs, null, $head, $h, 'holiday_admin', 'remove');
return $head;

11
htdocs/core/menus/standard/auguria.lib.php
View File

@ -271,14 +271,19 @@ function print_left_auguria_menu($db, $menu_array_before, $menu_array_after, &$t
// Show logo company
if (empty($noout) && ! empty($conf->global->MAIN_SHOW_LOGO) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER))
{
$mysoc->logo_mini=$conf->global->MAIN_INFO_SOCIETE_LOGO_MINI;
if (! empty($mysoc->logo_mini) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_mini))
$mysoc->logo_mini=(empty($conf->global->MAIN_INFO_SOCIETE_LOGO_MINI)?'':$conf->global->MAIN_INFO_SOCIETE_LOGO_MINI);
$mysoc->logo_squarred_mini=(empty($conf->global->MAIN_INFO_SOCIETE_LOGO_SQUARRED_MINI)?'':$conf->global->MAIN_INFO_SOCIETE_LOGO_SQUARRED_MINI);
if (! empty($mysoc->logo_squarred_mini) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_squarred_mini))
{
$urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=mycompany&amp;file='.urlencode('logos/thumbs/'.$mysoc->logo_squarred_mini);
}
elseif (! empty($mysoc->logo_mini) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_mini))
{
$urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=mycompany&amp;file='.urlencode('logos/thumbs/'.$mysoc->logo_mini);
}
else
{
$urllogo=DOL_URL_ROOT.'/theme/dolibarr_logo.png';
$urllogo=DOL_URL_ROOT.'/theme/dolibarr_logo_squarred.png';
}
$title=$langs->trans("GoIntoSetupToChangeLogo");
print "\n".'<!-- Show logo on menu -->'."\n";

7
htdocs/core/menus/standard/eldy.lib.php
View File

@ -43,7 +43,8 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/menubase.class.php';
*/
function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 0, $mode = '')
{
global $user,$conf,$langs,$dolibarr_main_db_name;
global $user,$conf,$langs,$mysoc;
global $dolibarr_main_db_name;
$mainmenu=(empty($_SESSION["mainmenu"])?'':$_SESSION["mainmenu"]);
$leftmenu=(empty($_SESSION["leftmenu"])?'':$_SESSION["leftmenu"]);
@ -477,8 +478,8 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout =
// Show logo company
if (empty($conf->global->MAIN_MENU_INVERT) && empty($noout) && ! empty($conf->global->MAIN_SHOW_LOGO) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER))
{
$mysoc->logo_mini=$conf->global->MAIN_INFO_SOCIETE_LOGO_MINI;
$mysoc->logo_squarred_mini=$conf->global->MAIN_INFO_SOCIETE_LOGO_SQUARRED_MINI;
$mysoc->logo_mini=(empty($conf->global->MAIN_INFO_SOCIETE_LOGO_MINI)?'':$conf->global->MAIN_INFO_SOCIETE_LOGO_MINI);
$mysoc->logo_squarred_mini=(empty($conf->global->MAIN_INFO_SOCIETE_LOGO_SQUARRED_MINI)?'':$conf->global->MAIN_INFO_SOCIETE_LOGO_SQUARRED_MINI);
if (! empty($mysoc->logo_squarred_mini) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$mysoc->logo_squarred_mini))
{
$urllogo=DOL_URL_ROOT.'/viewimage.php?cache=1&amp;modulepart=mycompany&amp;file='.urlencode('logos/thumbs/'.$mysoc->logo_squarred_mini);

5
htdocs/core/modules/modHoliday.class.php
View File

@ -202,13 +202,13 @@ class modHoliday extends DolibarrModules
$this->export_permission[$r]=array(array("holiday","read_all"));
$this->export_fields_array[$r]=array(
'd.rowid'=>"LeaveId",'d.fk_type'=>'TypeOfLeaveId','t.code'=>'TypeOfLeaveCode','t.label'=>'TypeOfLeaveLabel','d.fk_user'=>'UserID',
'u.lastname'=>'Lastname','u.firstname'=>'Firstname','u.login'=>"Login",'d.date_debut'=>'DateStart','d.date_fin'=>'DateEnd','d.halfday'=>'HalfDay',
'u.lastname'=>'Lastname','u.firstname'=>'Firstname','u.login'=>"Login",'d.date_debut'=>'DateStart','d.date_fin'=>'DateEnd','d.halfday'=>'HalfDay','none.num_open_days'=>'NbUseDaysCP',
'd.date_valid'=>'DateApprove','d.fk_validator'=>"UserForApprovalID",'ua.lastname'=>"UserForApprovalLastname",'ua.firstname'=>"UserForApprovalFirstname",
'ua.login'=>"UserForApprovalLogin",'d.description'=>'Description','d.statut'=>'Status'
);
$this->export_TypeFields_array[$r]=array(
'd.rowid'=>"Numeric",'t.code'=>'Text', 't.label'=>'Text','d.fk_user'=>'Numeric',
'u.lastname'=>'Text','u.firstname'=>'Text','u.login'=>"Text",'d.date_debut'=>'Date','d.date_fin'=>'Date',
'u.lastname'=>'Text','u.firstname'=>'Text','u.login'=>"Text",'d.date_debut'=>'Date','d.date_fin'=>'Date','none.num_open_days'=>'NumericCompute',
'd.date_valid'=>'Date','d.fk_validator'=>"Numeric",'ua.lastname'=>"Text",'ua.firstname'=>"Text",
'ua.login'=>"Text",'d.description'=>'Text','d.statut'=>'Numeric'
);
@ -216,6 +216,7 @@ class modHoliday extends DolibarrModules
'u.lastname'=>'user','u.firstname'=>'user','u.login'=>'user','ua.lastname'=>'user','ua.firstname'=>'user','ua.login'=>'user'
);
$this->export_alias_array[$r]=array('d.rowid'=>"idholiday");
$this->export_special_array[$r] = array('none.num_open_days'=>'getNumOpenDays');
$this->export_dependencies_array[$r]=array(); // To add unique key if we ask a field of a child to avoid the DISTINCT to discard them
$this->export_sql_start[$r]='SELECT DISTINCT ';

16
htdocs/core/tpl/extrafields_list_search_input.tpl.php
View File

@ -22,28 +22,28 @@ if (! empty($extrafieldsobjectkey)) // $extrafieldsobject is the $object->table_
if (! empty($arrayfields[$extrafieldsobjectprefix.$key]['checked'])) {
$align=$extrafields->getAlignFlag($key);
$typeofextrafield=$extrafields->attributes[$extrafieldsobjectkey]['type'][$key];
print '<td class="liste_titre'.($align?' '.$align:'').'">';
$tmpkey=preg_replace('/'.$search_options_pattern.'/', '', $key);
if (in_array($typeofextrafield, array('varchar', 'int', 'double', 'select')) && empty($extrafields->attributes[$extrafieldsobjectkey]['computed'][$key]))
{
$crit=$val;
$searchclass='';
if (in_array($typeofextrafield, array('varchar', 'select'))) $searchclass='searchstring';
if (in_array($typeofextrafield, array('int', 'double'))) $searchclass='searchnum';
print '<input class="flat'.($searchclass?' '.$searchclass:'').'" size="4" type="text" name="'.$search_options_pattern.$tmpkey.'" value="'.dol_escape_htmltag($search_array_options[$search_options_pattern.$tmpkey]).'">';
}
elseif (! in_array($typeofextrafield, array('datetime','timestamp')))
{
// for the type as 'checkbox', 'chkbxlst', 'sellist' we should use code instead of id (example: I declare a 'chkbxlst' to have a link with dictionnairy, I have to extend it with the 'code' instead 'rowid')
$morecss='';
if ($typeofextrafield == 'sellist') $morecss='maxwidth200';
echo $extrafields->showInputField($key, $search_array_options[$search_options_pattern.$tmpkey], '', '', $search_options_pattern, $morecss);
}
elseif (in_array($typeofextrafield, array('datetime','timestamp')))
{
// TODO
// Use showInputField in a particular manner to have input with a comparison operator, not input for a specific value date-hour-minutes
}
else
{
// for the type as 'checkbox', 'chkbxlst', 'sellist' we should use code instead of id (example: I declare a 'chkbxlst' to have a link with dictionnairy, I have to extend it with the 'code' instead 'rowid')
$morecss='';
if ($typeofextrafield == 'sellist') $morecss='maxwidth200';
echo $extrafields->showInputField($key, $search_array_options[$search_options_pattern.$tmpkey], '', '', $search_options_pattern, $morecss, 0, $extrafieldsobjectkey, 1);
}
print '</td>';
}
}

10
htdocs/core/tpl/extrafields_list_search_sql.tpl.php
View File

@ -25,10 +25,18 @@ if (! empty($extrafieldsobjectkey) && ! empty($search_array_options) && is_array
{
$sql .= " AND ".$extrafieldsobjectprefix.$tmpkey." = '".$db->idate($crit)."'";
}
elseif (in_array($typ, array('boolean')))
{
if ($crit !== '-1' && $crit !== '') {
$sql .= " AND (".$extrafieldsobjectprefix.$tmpkey." = '".$db->escape($crit)."'";
if ($crit == '0') $sql.=" OR ".$extrafieldsobjectprefix.$tmpkey." IS NULL";
$sql.= ")";
}
}
elseif ($crit != '' && (! in_array($typ, array('select','sellist')) || $crit != '0') && (! in_array($typ, array('link')) || $crit != '-1'))
{
$mode_search=0;
if (in_array($typ, array('int','double','real'))) $mode_search=1; // Search on a numeric
if (in_array($typ, array('int','double','real'))) $mode_search=1; // Search on a numeric
if (in_array($typ, array('sellist','link')) && $crit != '0' && $crit != '-1') $mode_search=2; // Search on a foreign key int
if (in_array($typ, array('chkbxlst','checkbox'))) $mode_search=4; // Search on a multiselect field with sql type = text
if (is_array($crit)) $crit = implode(' ', $crit); // natural_search() expects a string

5
htdocs/document.php
View File

@ -161,6 +161,8 @@ if (! empty($conf->global->MAIN_DISABLE_FORCE_SAVEAS)) $attachment=false;
$type = 'application/octet-stream';
if (GETPOST('type', 'alpha')) $type=GETPOST('type', 'alpha');
else $type=dol_mimetype($original_file);
// Security: Force to octet-stream if file is a dangerous file
if (preg_match('/\.noexe$/i', $original_file)) $type = 'application/octet-stream';
// Security: Delete string ../ into $original_file
$original_file = str_replace("../", "/", $original_file);
@ -217,7 +219,7 @@ if (! $accessallowed)
}
// Security:
// On interdit les remontees de repertoire ainsi que les pipe dans les noms de fichiers.
// We refuse directory transversal change and pipes in file names
if (preg_match('/\.\./', $fullpath_original_file) || preg_match('/[<>|]/', $fullpath_original_file))
{
dol_syslog("Refused to deliver file ".$fullpath_original_file);
@ -229,6 +231,7 @@ if (preg_match('/\.\./', $fullpath_original_file) || preg_match('/[<>|]/', $full
clearstatcache();
$filename = basename($fullpath_original_file);
$filename = preg_replace('/\.noexe$/i', '', $filename);
// Output file on browser
dol_syslog("document.php download $fullpath_original_file filename=$filename content-type=$type");

67
htdocs/expensereport/list.php
View File

@ -40,12 +40,13 @@ require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport_ik.class.php'
// Load translation files required by the page
$langs->loadLangs(array('companies', 'users', 'trips'));
$action=GETPOST('action', 'aZ09');
$massaction=GETPOST('massaction', 'alpha');
$show_files=GETPOST('show_files', 'int');
$confirm=GETPOST('confirm', 'alpha');
$toselect = GETPOST('toselect', 'array');
$contextpage=GETPOST('contextpage', 'aZ')?GETPOST('contextpage', 'aZ'):'expensereportlist';
$action = GETPOST('action', 'aZ09');
$massaction = GETPOST('massaction', 'alpha');
$show_files = GETPOST('show_files', 'int');
$confirm = GETPOST('confirm', 'alpha');
$cancel = GETPOST('cancel', 'alpha'); // We click on a Cancel button
$toselect = GETPOST('toselect', 'array');
$contextpage = GETPOST('contextpage', 'aZ')?GETPOST('contextpage', 'aZ'):'expensereportlist';
$childids = $user->getAllChildIds(1);
@ -136,17 +137,17 @@ $arrayfields=array(
'd.fk_statut'=>array('label'=>$langs->trans("Status"), 'checked'=>1, 'position'=>1000),
);
// Extra fields
if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label))
if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label']) > 0)
{
foreach($extrafields->attribute_label as $key => $val)
{
if (! empty($extrafields->attribute_list[$key])) $arrayfields["ef.".$key]=array('label'=>$extrafields->attribute_label[$key], 'checked'=>(($extrafields->attribute_list[$key]<0)?0:1), 'position'=>$extrafields->attribute_pos[$key], 'enabled'=>(abs($extrafields->attribute_list[$key])!=3 && $extrafields->attribute_perms[$key]));
}
foreach($extrafields->attributes[$object->table_element]['label'] as $key => $val)
{
if (! empty($extrafields->attributes[$object->table_element]['list'][$key]))
$arrayfields["ef.".$key]=array('label'=>$extrafields->attributes[$object->table_element]['label'][$key], 'checked'=>(($extrafields->attributes[$object->table_element]['list'][$key]<0)?0:1), 'position'=>$extrafields->attributes[$object->table_element]['pos'][$key], 'enabled'=>(abs($extrafields->attributes[$object->table_element]['list'][$key])!=3 && $extrafields->attributes[$object->table_element]['perms'][$key]));
}
}
$canedituser=(! empty($user->admin) || $user->rights->user->user->creer);
$object = new ExpenseReport($db);
$objectuser = new User($db);
@ -161,12 +162,13 @@ $parameters=array('socid'=>$socid);
$reshook=$hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php';
if (empty($reshook))
{
// Selection of new fields
include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php';
// Purge search criteria
if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) // Both test must be present to be compatible with all browsers
if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) // All tests are required to be compatible with all browsers
{
$search_ref="";
$search_user="";
@ -176,7 +178,6 @@ if (empty($reshook))
$search_status="";
$month_start="";
$year_start="";
$day ="";
$month_end="";
$year_end="";
$day_end = "";
@ -258,9 +259,9 @@ $title = $langs->trans("ListOfTrips");
llxHeader('', $title);
$max_year = 5;
$min_year = 5;
$min_year = 10;
// Récupération de l'ID de l'utilisateur
// Get current user id
$user_id = $user->id;
if ($id > 0)
@ -340,15 +341,15 @@ if ($resql)
$arrayofselected=is_array($toselect)?$toselect:array();
$param='';
if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.$contextpage;
if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.$limit;
if ($sall) $param.="&sall=".$sall;
if ($search_ref) $param.="&search_ref=".$search_ref;
if ($search_user) $param.="&search_user=".$search_user;
if ($search_amount_ht) $param.="&search_amount_ht=".$search_amount_ht;
if ($search_amount_ttc) $param.="&search_amount_ttc=".$search_amount_ttc;
if ($search_status >= 0) $param.="&search_status=".$search_status;
if ($optioncss != '') $param.='&optioncss='.$optioncss;
if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.urlencode($contextpage);
if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.urlencode($limit);
if ($sall) $param.="&sall=".urlencode($sall);
if ($search_ref) $param.="&search_ref=".urlencode($search_ref);
if ($search_user) $param.="&search_user=".urlencode($search_user);
if ($search_amount_ht) $param.="&search_amount_ht=".urlencode($search_amount_ht);
if ($search_amount_ttc) $param.="&search_amount_ttc=".urlencode($search_amount_ttc);
if ($search_status >= 0) $param.="&search_status=".urlencode($search_status);
if ($optioncss != '') $param.='&optioncss='.urlencode($optioncss);
// Add $param from extra fields
include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php';
@ -503,7 +504,7 @@ if ($resql)
$varpage=empty($contextpage)?$_SERVER["PHP_SELF"]:$contextpage;
$selectedfields=$form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage); // This also change content of $arrayfields
if ($massactionbutton) $selectedfields.=$form->showCheckAddButtons('checkforselect', 1);
$selectedfields.=(count($arrayofmassactions) ? $form->showCheckAddButtons('checkforselect', 1) : '');
print '<div class="div-table-responsive">';
print '<table class="tagtable liste'.($moreforfilter?" listwithfilterbefore":"").'">'."\n";
@ -606,7 +607,7 @@ if ($resql)
print '</td>';
}
// Action column
print '<td class="liste_titre middle">';
print '<td class="liste_titre maxwidthsearch">';
$searchpicto=$form->showFilterButtons();
print $searchpicto;
print '</td>';
@ -757,6 +758,7 @@ if ($resql)
$parameters=array('arrayfields'=>$arrayfields, 'obj'=>$obj);
$reshook=$hookmanager->executeHooks('printFieldListValue', $parameters); // Note that $action and $object may have been modified by hook
print $hookmanager->resPrint;
// Date creation
if (! empty($arrayfields['d.date_create']['checked']))
{
@ -801,10 +803,9 @@ if ($resql)
}
else
{
$colspan=1;
foreach($arrayfields as $key => $val) { if (! empty($val['checked'])) $colspan++; }
print '<tr>'.'<td colspan="'.$colspan.'" class="opacitymedium">'.$langs->trans("NoRecordFound").'</td></tr>';
$colspan=1;
foreach($arrayfields as $key => $val) { if (! empty($val['checked'])) $colspan++; }
print '<tr><td colspan="'.$colspan.'" class="opacitymedium">'.$langs->trans("NoRecordFound").'</td></tr>';
}
// Show total line

10
htdocs/exports/class/export.class.php
View File

@ -540,7 +540,7 @@ class Export
public function build_file($user, $model, $datatoexport, $array_selected, $array_filterValue, $sqlquery = '')
{
// phpcs:enable
global $conf,$langs;
global $conf,$langs,$mysoc;
$indice=0;
asort($array_selected);
@ -634,6 +634,14 @@ class Export
$alias=str_replace(array('.', '-','(',')'), '_', $key);
if ($obj->$alias < 0) $obj->$alias='0';
}
// Operation GETNUMOPENDAYS (for Holiday module)
elseif ($this->array_export_special[$indice][$key]=='getNumOpenDays')
{
include_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
//$alias=$this->array_export_alias[$indice][$key];
$alias=str_replace(array('.', '-','(',')'), '_', $key);
$obj->$alias=num_open_day(dol_stringtotime($obj->d_date_debut, 1), dol_stringtotime($obj->d_date_fin, 1), 0, 1, $obj->d_halfday, $mysoc->country_code);
}
// Operation INVOICEREMAINTOPAY
elseif ($this->array_export_special[$indice][$key]=='getRemainToPay')
{

17
htdocs/fourn/class/fournisseur.product.class.php
View File

@ -207,7 +207,7 @@ class ProductFournisseur extends Product
/**
* Modify the purchase price for a supplier
*
* @param int $qty Min quantity for which price is valid
* @param float $qty Min quantity for which price is valid
* @param float $buyprice Purchase price for the quantity min
* @param User $user Object user user made changes
* @param string $price_base_type HT or TTC
@ -230,7 +230,7 @@ class ProductFournisseur extends Product
* @param string $desc_fourn Custom description for product_fourn_price
* @param string $barcode Barcode
* @param int $fk_barcode_type Barcode type
* @return int <0 if KO, >=0 if OK
* @return int <0 if KO, >=0 if OK
*/
public function update_buyprice($qty, $buyprice, $user, $price_base_type, $fourn, $availability, $ref_fourn, $tva_tx, $charges = 0, $remise_percent = 0, $remise = 0, $newnpr = 0, $delivery_time_days = 0, $supplier_reputation = '', $localtaxes_array = array(), $newdefaultvatcode = '', $multicurrency_buyprice = 0, $multicurrency_price_base_type = 'HT', $multicurrency_tx = 1, $multicurrency_code = '', $desc_fourn = '', $barcode = '', $fk_barcode_type = '')
{
@ -272,11 +272,10 @@ class ProductFournisseur extends Product
$buyprice=price2num($buyprice, 'MU');
$charges=price2num($charges, 'MU');
$qty=price2num($qty);
$error=0;
$qty=price2num($qty, 'MS');
$unitBuyPrice = price2num($buyprice/$qty, 'MU');
$error=0;
$now=dol_now();
$newvat = $tva_tx;
@ -298,6 +297,12 @@ class ProductFournisseur extends Product
if (empty($localtax1)) $localtax1=0; // If = '' then = 0
if (empty($localtax2)) $localtax2=0; // If = '' then = 0
// Check parameters
if ($buyprice != '' && ! is_numeric($buyprice))
{
}
$this->db->begin();
if ($this->product_fourn_price_id > 0)
@ -331,7 +336,7 @@ class ProductFournisseur extends Product
$sql.= " SET fk_user = " . $user->id." ,";
$sql.= " ref_fourn = '" . $this->db->escape($ref_fourn) . "',";
$sql.= " desc_fourn = '" . $this->db->escape($desc_fourn) . "',";
$sql.= " price = ".price2num($buyprice).",";
$sql.= " price = ".$buyprice.",";
$sql.= " quantity = ".$qty.",";
$sql.= " remise_percent = ".$remise_percent.",";
$sql.= " remise = ".$remise.",";

1473
htdocs/holiday/card.php
View File

File diff suppressed because it is too large Load Diff

4
htdocs/holiday/class/holiday.class.php
View File

@ -402,6 +402,8 @@ class Holiday extends CommonObject
}
$this->db->free($resql);
$this->fetch_optionals();
return 1;
}
else
@ -558,6 +560,7 @@ class Holiday extends CommonObject
$sql.= " cp.fk_user,";
$sql.= " cp.fk_type,";
$sql.= " cp.date_create,";
$sql.= " cp.tms as date_update,";
$sql.= " cp.description,";
$sql.= " cp.date_debut,";
$sql.= " cp.date_fin,";
@ -623,6 +626,7 @@ class Holiday extends CommonObject
$tab_result[$i]['fk_user'] = $obj->fk_user;
$tab_result[$i]['fk_type'] = $obj->fk_type;
$tab_result[$i]['date_create'] = $this->db->jdate($obj->date_create);
$tab_result[$i]['date_update'] = $this->db->jdate($obj->date_update);
$tab_result[$i]['description'] = $obj->description;
$tab_result[$i]['date_debut'] = $this->db->jdate($obj->date_debut);
$tab_result[$i]['date_fin'] = $this->db->jdate($obj->date_fin);

2
htdocs/holiday/document.php
View File

@ -251,7 +251,7 @@ if ($object->id)
}
print '<tr>';
print '<td>'.$langs->trans('DateCreateCP').'</td>';
print '<td>'.$langs->trans('DateCreation').'</td>';
print '<td>'.dol_print_date($object->date_create,'dayhour').'</td>';
print '</tr>';
if ($object->statut == 3) {

949
htdocs/holiday/list.php
View File

File diff suppressed because it is too large Load Diff

2
htdocs/install/check.php
View File

@ -35,7 +35,7 @@ $allowinstall = 0;
$allowupgrade = false;
$checksok = 1;
$setuplang=GETPOST("selectlang", 'az09', 3)?GETPOST("selectlang", 'az09', 3):$langs->getDefaultLang();
$setuplang=GETPOST("selectlang", 'aZ09', 3)?GETPOST("selectlang", 'aZ09', 3):$langs->getDefaultLang();
$langs->setDefaultLang($setuplang);
$langs->load("install");

3
htdocs/install/mysql/data/llx_c_action_trigger.sql
View File

@ -113,12 +113,13 @@ insert into llx_c_action_trigger (code,label,description,elementtype,rang) value
insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('TICKET_CLOSE','Ticket closed','Executed when a ticket is closed','ticket',165);
insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('TICKET_SENTBYMAIL','Ticket message sent by email','Executed when a message is sent from the ticket record','ticket',166);
insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('TICKET_DELETE','Ticket deleted','Executed when a ticket is deleted','ticket',167);
-- actions not enabled by default (no constant created for that) when we enable module agenda
insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('USER_SENTBYMAIL','Email sent','Executed when an email is sent from user card','user',300);
insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('PRODUCT_MODIFY','Product or service modified','Executed when a product or sevice is modified','product',41);
insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('MEMBER_MODIFY','Member modified','Executed when a member is modified','member',23);
insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('FICHINTER_MODIFY','Intervention modified','Executed when a intervention is modified','ficheinter',19);
insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('PROJECT_CREATE','Project creation','Executed when a project is created','project',140);
insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('PROJECT_MODIFY','Project modified','Executed when a project is modified','project',142);
-- actions not enabled by default : they are excluded when we enable the module Agenda (except TASK_...)
insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('TASK_CREATE','Task created','Executed when a project task is created','project',150);
insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('TASK_MODIFY','Task modified','Executed when a project task is modified','project',151);
insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('TASK_DELETE','Task deleted','Executed when a project task is deleted','project',152);

17
htdocs/install/mysql/migration/10.0.0-11.0.0.sql
View File

@ -33,6 +33,23 @@ ALTER TABLE llx_account_bookkeeping ADD COLUMN date_export datetime DEFAULT NULL
ALTER TABLE llx_expensereport ADD COLUMN paid smallint default 0 NOT NULL;
UPDATE llx_expensereport set paid = 1 WHERE fk_statut = 6 and paid = 0;
-- For v11
create table llx_holiday_extrafields
(
rowid integer AUTO_INCREMENT PRIMARY KEY,
tms timestamp,
fk_object integer NOT NULL,
import_key varchar(14) -- import key
) ENGINE=innodb;
ALTER TABLE llx_holiday_extrafields ADD INDEX idx_holiday_extrafields (fk_object);
ALTER TABLE llx_societe_rib MODIFY label varchar(200);
insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('USER_SENTBYMAIL','Email sent','Executed when an email is sent from user card','user',300);
create table llx_entrepot_extrafields
(
rowid integer AUTO_INCREMENT PRIMARY KEY,

21
htdocs/install/mysql/tables/llx_holiday_extrafields.key.sql Normal file
View File

@ -0,0 +1,21 @@
-- ===================================================================
-- Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
--
-- This program is free software; you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation; either version 3 of the License, or
-- (at your option) any later version.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program. If not, see <http://www.gnu.org/licenses/>.
--
-- ===================================================================
ALTER TABLE llx_holiday_extrafields ADD INDEX idx_holiday_extrafields (fk_object);

26
htdocs/install/mysql/tables/llx_holiday_extrafields.sql Normal file
View File

@ -0,0 +1,26 @@
-- ========================================================================
-- Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
--
-- This program is free software; you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation; either version 3 of the License, or
-- (at your option) any later version.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program. If not, see <http://www.gnu.org/licenses/>.
--
-- ========================================================================
create table llx_holiday_extrafields
(
rowid integer AUTO_INCREMENT PRIMARY KEY,
tms timestamp,
fk_object integer NOT NULL,
import_key varchar(14) -- import key
) ENGINE=innodb;

2
htdocs/install/mysql/tables/llx_societe_rib.sql
View File

@ -24,7 +24,7 @@ create table llx_societe_rib
(
rowid integer AUTO_INCREMENT PRIMARY KEY,
type varchar(32) DEFAULT 'ban' NOT NULL, -- 'ban' or 'paypal' or 'card' or 'stripe'
label varchar(30),
label varchar(200),
fk_soc integer NOT NULL,
datec datetime,
tms timestamp,

2
htdocs/install/repair.php
View File

@ -42,7 +42,7 @@ error_reporting(0);
@set_time_limit(120);
error_reporting($err);
$setuplang=GETPOST("selectlang", 'az09', 3)?GETPOST("selectlang", 'az09', 3):'auto';
$setuplang=GETPOST("selectlang", 'aZ09', 3)?GETPOST("selectlang", 'aZ09', 3):'auto';
$langs->setDefaultLang($setuplang);
$langs->loadLangs(array("admin","install","other"));

1
htdocs/langs/en_US/holiday.lang
View File

@ -8,7 +8,6 @@ NotActiveModCP=You must enable the module Leave to view this page.
AddCP=Make a leave request
DateDebCP=Start date
DateFinCP=End date
DateCreateCP=Creation date
DraftCP=Draft
ToReviewCP=Awaiting approval
ApprovedCP=Approved

6
htdocs/langs/fr_NC/admin.lang
View File

@ -1,4 +1,4 @@
# Dolibarr language file - Source file is en_US - admin
VATManagement=Gestion TSS
VATIsUsedDesc=Le taux de TSS proposé par défaut lors de la création de proposition commerciale, facture, commande, etc... répond à la règle standard suivante :<br>Si vendeur non assujetti à TSS, TSS par défaut=0. Fin de règle.<br>Si le (pays vendeur= pays acheteur) alors TSS par défaut=TSS du produit vendu. Fin de règle.<br>Si vendeur et acheteur dans Communauté européenne et bien vendu= moyen de transport neuf (auto, bateau, avion), TSS par défaut=0 (La TSS doit être payée par acheteur au centre d'impôts de son pays et non au vendeur). Fin de règle.<br>Si vendeur et acheteur dans Communauté européenne et acheteur= particulier alors TSS par défaut=TSS du produit vendu. Fin de règle.<br>Si vendeur et acheteur dans Communauté européenne et acheteur= entreprise alors TSS par défaut=0. Fin de règle.<br>Sinon TSS proposée par défaut=0. Fin de règle.<br>
VATIsNotUsedDesc=Le taux de TSS proposé par défaut est 0. C'est le cas d'associations, particuliers ou certaines petites sociétés.
VATManagement=Gestion TGC
VATIsUsedDesc=Le taux de TGC proposé par défaut lors de la création de proposition commerciale, facture, commande, etc... répond à la règle standard suivante :<br>Si vendeur non assujetti à TGC, TGC par défaut=0. Fin de règle.<br>Si le (pays vendeur= pays acheteur) alors TGC par défaut=TGC du produit vendu. Fin de règle.<br>Si vendeur et acheteur dans Communauté européenne et bien vendu= moyen de transport neuf (auto, bateau, avion), TGC par défaut=0 (La TGC doit être payée par acheteur au centre d'impôts de son pays et non au vendeur). Fin de règle.<br>Si vendeur et acheteur dans Communauté européenne et acheteur= particulier alors TGC par défaut=TGC du produit vendu. Fin de règle.<br>Si vendeur et acheteur dans Communauté européenne et acheteur= entreprise alors TGC par défaut=0. Fin de règle.<br>Sinon TGC proposée par défaut=0. Fin de règle.<br>
VATIsNotUsedDesc=Le taux de TGC proposé par défaut est 0. C'est le cas d'associations, particuliers ou certaines petites sociétés.

4
htdocs/langs/fr_NC/companies.lang
View File

@ -1,3 +1,3 @@
# Dolibarr language file - Source file is en_US - companies
VATIsUsed=Assujetti à la TSS
VATIsNotUsed=Non assujetti à la TSS
VATIsUsed=Assujetti à la TGC
VATIsNotUsed=Non assujetti à la TGC

40
htdocs/langs/fr_NC/compta.lang
View File

@ -1,21 +1,21 @@
# Dolibarr language file - Source file is en_US - compta
VATToPay=TSS ventes
VATReceived=TSS collectée
VATToCollect=TSS achats
VATSummary=Balance de TSS
VATPaid=TSS payée
VATCollected=TSS récupérée
PaymentVat=Règlement TSS
VATPayment=Règlement TSS
VATPayments=Règlements TSS
ShowVatPayment=Affiche paiement TSS
RulesResultInOut=- Il inclut les règlements effectivement réalisés pour les factures, les charges et la TSS.<br>- Il se base sur la date de règlement de ces factures, charges et TSS.
VATReportByCustomersInInputOutputMode=Rapport par client des TSS collectées et payées (TSS sur encaissement)
VATReportByQuartersInInputOutputMode=Rapport par taux des TSS collectées et payées (TSS sur encaissement)
SeeVATReportInInputOutputMode=Voir le rapport <b>%sTSS encaissement%s</b> pour mode de calcul standard
SeeVATReportInDueDebtMode=Voir le rapport <b>%sTSS sur débit%s</b> pour mode de calcul avec option sur les débits
RulesVATInServices=- Pour les services, le rapport inclut les TSS des règlements effectivement reçus ou émis en se basant sur la date du règlement.
RulesVATInProducts=- Pour les biens matériels, il inclut les TSS des factures en se basant sur la date de facture.
RulesVATDueServices=- Pour les services, le rapport inclut les TSS des factures dues, payées ou non en se basant sur la date de facture.
RulesVATDueProducts=- Pour les biens matériels, il inclut les TSS des factures en se basant sur la date de facture.
CalculationRuleDesc=Pour calculer le total de TSS, il existe 2 modes:<br>Le mode 1 consiste à arrondir la TSS de chaque ligne et à sommer cet arrondi.<br>Le mode 2 consiste à sommer la tva de chaque ligne puis à l'arrondir.<br>Les résultats peuvent différer de quelques centimes. Le mode par défaut est le mode <b>%s</b>.
VATToPay=TGC ventes
VATReceived=TGC collectée
VATToCollect=TGC achats
VATSummary=Balance de TGC
VATPaid=TGC payée
VATCollected=TGC récupérée
PaymentVat=Règlement TGC
VATPayment=Règlement TGC
VATPayments=Règlements TGC
ShowVatPayment=Affiche paiement TGC
RulesResultInOut=- Il inclut les règlements effectivement réalisés pour les factures, les charges et la TGC.<br>- Il se base sur la date de règlement de ces factures, charges et TGC.
VATReportByCustomersInInputOutputMode=Rapport par client des TGC collectées et payées (TGC sur encaissement)
VATReportByQuartersInInputOutputMode=Rapport par taux des TGC collectées et payées (TGC sur encaissement)
SeeVATReportInInputOutputMode=Voir le rapport <b>%sTGC encaissement%s</b> pour mode de calcul standard
SeeVATReportInDueDebtMode=Voir le rapport <b>%sTGC sur débit%s</b> pour mode de calcul avec option sur les débits
RulesVATInServices=- Pour les services, le rapport inclut les TGC des règlements effectivement reçus ou émis en se basant sur la date du règlement.
RulesVATInProducts=- Pour les biens matériels, il inclut les TGC des factures en se basant sur la date de facture.
RulesVATDueServices=- Pour les services, le rapport inclut les TGC des factures dues, payées ou non en se basant sur la date de facture.
RulesVATDueProducts=- Pour les biens matériels, il inclut les TGC des factures en se basant sur la date de facture.
CalculationRuleDesc=Pour calculer le total de TGC, il existe 2 modes:<br>Le mode 1 consiste à arrondir la TGC de chaque ligne et à sommer cet arrondi.<br>Le mode 2 consiste à sommer la tva de chaque ligne puis à l'arrondir.<br>Les résultats peuvent différer de quelques centimes. Le mode par défaut est le mode <b>%s</b>.

10
htdocs/langs/fr_NC/main.lang
View File

@ -3,7 +3,7 @@ DIRECTION=ltr
FONTFORPDF=helvetica
FONTSIZEFORPDF=10
SeparatorDecimal=,
SeparatorThousand=None
SeparatorThousand=Space
FormatDateShort=%d/%m/%Y
FormatDateShortInput=%d/%m/%Y
FormatDateShortJava=dd/MM/yyyy
@ -20,7 +20,7 @@ FormatDateHourSecShort=%d/%m/%Y %H:%M:%S
FormatDateHourTextShort=%d %b %Y %H:%M
FormatDateHourText=%d %B %Y %H:%M
ErrorNoVATRateDefinedForSellerCountry=Erreur, aucun taux de taxe défini pour le pays '%s'.
AmountVAT=Montant TSS
TotalVAT=Total TSS
VAT=TSS
VATRate=Taux TSS
AmountVAT=Montant TGC
TotalVAT=Total TGC
VAT=TGC
VATRate=Taux TGC

4
htdocs/main.inc.php
View File

@ -79,6 +79,8 @@ function testSqlAndScriptInject($val, $type)
$inj += preg_match('/union.+select/i', $val);
$inj += preg_match('/(\.\.%2f)+/i', $val);
}
// For XSS Injection done by closing textarea to exucute content into a textarea field
$inj += preg_match('/<\/textarea/i', $val);
// For XSS Injection done by adding javascript with script
// This is all cases a browser consider text is javascript:
// When it found '<script', 'javascript:', '<style', 'onload\s=' on body tag, '="&' on a tag size with old browsers
@ -965,7 +967,7 @@ if (! defined('NOLOGIN'))
}
dol_syslog("--- Access to ".$_SERVER["PHP_SELF"].' - action='.GETPOST('action', 'az09').', massaction='.GETPOST('massaction', 'az09'));
dol_syslog("--- Access to ".$_SERVER["PHP_SELF"].' - action='.GETPOST('action', 'aZ09').', massaction='.GETPOST('massaction', 'aZ09'));
//Another call for easy debugg
//dol_syslog("Access to ".$_SERVER["PHP_SELF"].' GET='.join(',',array_keys($_GET)).'->'.join(',',$_GET).' POST:'.join(',',array_keys($_POST)).'->'.join(',',$_POST));

7
htdocs/product/class/product.class.php
View File

@ -3487,7 +3487,7 @@ class Product extends CommonObject
* @param int $id_fourn Supplier id
* @param string $ref_fourn Supplier ref
* @param float $quantity Quantity minimum for price
* @return int < 0 if KO, 0 if link already exists for this product, > 0 if OK
* @return int < 0 if KO, 0 if link already exists for this product, > 0 if OK
*/
public function add_fournisseur($user, $id_fourn, $ref_fourn, $quantity)
{
@ -3498,6 +3498,9 @@ class Product extends CommonObject
dol_syslog(get_class($this)."::add_fournisseur id_fourn = ".$id_fourn." ref_fourn=".$ref_fourn." quantity=".$quantity, LOG_DEBUG);
// Clean parameters
$quantity = price2num($quantity, 'MS');
if ($ref_fourn) {
$sql = "SELECT rowid, fk_product";
$sql.= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price";
@ -3524,7 +3527,7 @@ class Product extends CommonObject
if ($ref_fourn) { $sql.= " AND ref_fourn = '".$this->db->escape($ref_fourn)."'";
} else { $sql.= " AND (ref_fourn = '' OR ref_fourn IS NULL)";
}
$sql.= " AND quantity = '".$quantity."'";
$sql.= " AND quantity = ".$quantity;
$sql.= " AND fk_product = ".$this->id;
$sql.= " AND entity IN (".getEntity('productsupplierprice').")";

4
htdocs/product/fournisseurs.php
View File

@ -154,7 +154,7 @@ if (empty($reshook))
if (empty($ref_fourn)) $ref_fourn=GETPOST("search_ref_fourn");
$ref_fourn_old=GETPOST("ref_fourn_old");
if (empty($ref_fourn_old)) $ref_fourn_old = $ref_fourn;
$quantity=GETPOST("qty");
$quantity=price2num(GETPOST("qty", 'nohtml'), 'MS');
$remise_percent=price2num(GETPOST('remise_percent', 'alpha'));
$npr = preg_match('/\*/', $_POST['tva_tx']) ? 1 : 0 ;
$tva_tx = str_replace('*', '', GETPOST('tva_tx', 'alpha'));
@ -481,7 +481,7 @@ if ($id > 0 || $ref)
print '<tr>';
print '<td class="fieldrequired">'.$langs->trans("QtyMin").'</td>';
print '<td>';
$quantity = GETPOST('qty') ? GETPOST('qty') : "1";
$quantity = GETPOSTISSET('qty') ? price2num(GETPOST('qty', 'nohtml'), 'MS') : "1";
if ($rowid)
{
print '<input type="hidden" name="qty" value="'.$object->fourn_qty.'">';

27
htdocs/public/paybox/index.php
View File

@ -1,27 +0,0 @@
<?php
/* Copyright (C) 2009 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/public/paybox/index.php
* \ingroup core
* \brief A redirect page to an error
* \author Laurent Destailleur
*/
require '../../master.inc.php';
header("Location: ".DOL_URL_ROOT.'/public/error-404.php');

49
htdocs/public/paybox/newpayment.php
View File

@ -1,49 +0,0 @@
<?php
/* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2006-2012 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2009 Regis Houssin <regis.houssin@inodbox.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/public/paybox/newpayment.php
* \ingroup paybox
* \brief File to offer a way to make a payment for a particular Dolibarr entity
* \author Laurent Destailleur
*/
define("NOLOGIN", 1); // This means this output page does not require to be logged.
define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
// For MultiCompany module.
// Do not use GETPOST here, function is not defined and define must be done before including main.inc.php
// TODO This should be useless. Because entity must be retreive from object ref and not from url.
$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
if (is_numeric($entity)) define("DOLENTITY", $entity);
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/paybox/lib/paybox.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
// Security check
if (empty($conf->paybox->enabled)) accessforbidden('', 0, 0, 1);
$newurl = $_SERVER['REQUEST_URI'];
$newurl = preg_replace('/\/paybox\/newpayment/', '/payment/newpayment', $newurl);
header("Location: ".$newurl.(preg_match('/\?/', $newurl)?'&':'?').'paymentmethod=paybox');
exit;

162
htdocs/public/paybox/paymentko.php
View File

@ -1,162 +0,0 @@
<?php
/* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2006-2013 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/public/paybox/paymentko.php
* \ingroup paybox
* \brief File to show page after a failed payment
*/
define("NOLOGIN", 1); // This means this output page does not require to be logged.
define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
// For MultiCompany module.
// Do not use GETPOST here, function is not defined and define must be done before including main.inc.php
// TODO This should be useless. Because entity must be retreive from object ref and not from url.
$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
if (is_numeric($entity)) define("DOLENTITY", $entity);
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/paybox/lib/paybox.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
// Security check
if (empty($conf->paybox->enabled)) accessforbidden('', 0, 0, 1);
$langs->loadLangs(array("main", "other", "dict", "bills", "companies", "paybox", "paypal", "stripe"));
$object = new stdClass(); // For triggers
$paymentmethod='paybox';
/*
* Actions
*/
/*
* View
*/
dol_syslog("Callback url when a PayBox payment was canceled. query_string=".(dol_escape_htmltag($_SERVER["QUERY_STRING"])?dol_escape_htmltag($_SERVER["QUERY_STRING"]):'')." script_uri=".(dol_escape_htmltag($_SERVER["SCRIPT_URI"])?dol_escape_htmltag($_SERVER["SCRIPT_URI"]):''), LOG_DEBUG, 0, '_paybox');
$tracepost = "";
foreach($_POST as $k => $v) $tracepost .= "{$k} - {$v}\n";
dol_syslog("POST=".$tracepost, LOG_DEBUG, 0, '_paybox');
if (! empty($_SESSION['ipaddress'])) // To avoid to make action twice
{
// Get on url call
$fulltag = $FULLTAG;
$onlinetoken = empty($PAYPALTOKEN)?$_SESSION['onlinetoken']:$PAYPALTOKEN;
$payerID = empty($PAYPALPAYERID)?$_SESSION['payerID']:$PAYPALPAYERID;
// Set by newpayment.php
$paymentType = $_SESSION['PaymentType'];
$currencyCodeType = $_SESSION['currencyCodeType'];
$FinalPaymentAmt = $_SESSION["FinalPaymentAmt"];
// From env
$ipaddress = $_SESSION['ipaddress'];
// Appel des triggers
include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
$interface=new Interfaces($db);
$result=$interface->run_triggers('PAYBOX_PAYMENT_OK', $object, $user, $langs, $conf);
if ($result < 0) { $error++; $errors=$interface->errors; }
// Fin appel triggers
// Send an email
$sendemail = '';
if (! empty($conf->global->ONLINE_PAYMENT_SENDEMAIL)) $sendemail=$conf->global->ONLINE_PAYMENT_SENDEMAIL;
if ($sendemail)
{
$sendto=$sendemail;
$from=$conf->global->MAILING_EMAIL_FROM;
// Define link to login card
$appli=constant('DOL_APPLICATION_TITLE');
if (! empty($conf->global->MAIN_APPLICATION_TITLE))
{
$appli=$conf->global->MAIN_APPLICATION_TITLE;
if (preg_match('/\d\.\d/', $appli))
{
if (! preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) $appli.=" (".DOL_VERSION.")"; // If new title contains a version that is different than core
}
else $appli.=" ".DOL_VERSION;
}
else $appli.=" ".DOL_VERSION;
$urlback=$_SERVER["REQUEST_URI"];
$topic='['.$appli.'] '.$langs->transnoentitiesnoconv("NewOnlinePaymentFailed");
$content="";
$content.=$langs->transnoentitiesnoconv("ValidationOfOnlinePaymentFailed")."\n";
$content.="\n";
$content.=$langs->transnoentitiesnoconv("TechnicalInformation").":\n";
$content.=$langs->transnoentitiesnoconv("OnlinePaymentSystem").': '.$paymentmethod."<br>\n";
$content.=$langs->transnoentitiesnoconv("ReturnURLAfterPayment").': '.$urlback."\n";
$content.="tag=".$fulltag."\npaymentType=".$paymentType." currencycodeType=".$currencyCodeType." payerId=".$payerID." ipaddress=".$ipaddress." FinalPaymentAmt=".$FinalPaymentAmt;
require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
$mailfile = new CMailFile($topic, $sendto, $from, $content);
$result=$mailfile->sendfile();
if ($result)
{
dol_syslog("EMail sent to ".$sendto, LOG_DEBUG, 0, '_paybox');
}
else
{
dol_syslog("Failed to send EMail to ".$sendto, LOG_ERR, 0, '_paybox');
}
}
unset($_SESSION['ipaddress']);
}
$head='';
if (! empty($conf->global->ONLINE_PAYMENT_CSS_URL)) $head='<link rel="stylesheet" type="text/css" href="'.$conf->global->ONLINE_PAYMENT_CSS_URL.'?lang='.$langs->defaultlang.'">'."\n";
$conf->dol_hide_topmenu=1;
$conf->dol_hide_leftmenu=1;
llxHeader($head, $langs->trans("PaymentForm"), '', '', 0, 0, '', '', '', 'onlinepaymentbody');
// Show message
print '<span id="dolpaymentspan"></span>'."\n";
print '<div id="dolpaymentdiv" align="center">'."\n";
print $langs->trans("YourPaymentHasNotBeenRecorded")."<br><br>\n";
$key='ONLINE_PAYMENT_MESSAGE_KO';
if (! empty($conf->global->$key)) print $conf->global->$key;
print "\n</div>\n";
htmlPrintOnlinePaymentFooter($mysoc, $langs, 0, $suffix);
llxFooter('', 'public');
$db->close();

194
htdocs/public/paybox/paymentok.php
View File

@ -1,194 +0,0 @@
<?php
/* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2006-2013 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/public/paybox/paymentok.php
* \ingroup paybox
* \brief File to show page after a successful payment
*/
define("NOLOGIN", 1); // This means this output page does not require to be logged.
define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
// For MultiCompany module.
// Do not use GETPOST here, function is not defined and define must be done before including main.inc.php
// TODO This should be useless. Because entity must be retreive from object ref and not from url.
$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
if (is_numeric($entity)) define("DOLENTITY", $entity);
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/paybox/lib/paybox.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
// Security check
if (empty($conf->paybox->enabled)) accessforbidden('', 0, 0, 1);
$langs->loadLangs(array("main", "other", "dict", "bills", "companies", "paybox", "paypal", "stripe"));
/*$source=GETPOST('source');
$ref=GETPOST('ref');
$PAYBOXTOKEN=GETPOST('TOKEN');
if (empty($PAYBOXTOKEN)) $PAYBOXTOKEN=GETPOST('token');
$PAYBOXPAYERID=GETPOST('PAYERID');
if (empty($PAYBOXPAYERID)) $PAYBOXPAYERID=GETPOST('PayerID');
*/
$FULLTAG=GETPOST('FULLTAG');
if (empty($FULLTAG)) $FULLTAG=GETPOST('fulltag');
$object = new stdClass(); // For triggers
$paymentmethod='paybox';
/*
* Actions
*/
/*
* View
*/
dol_syslog("Callback url when a PayBox payment was done. query_string=".(dol_escape_htmltag($_SERVER["QUERY_STRING"])?dol_escape_htmltag($_SERVER["QUERY_STRING"]):'')." script_uri=".(dol_escape_htmltag($_SERVER["SCRIPT_URI"])?dol_escape_htmltag($_SERVER["SCRIPT_URI"]):''), LOG_DEBUG, 0, '_paybox');
$tracepost = "";
foreach($_POST as $k => $v) $tracepost .= "{$k} - {$v}\n";
dol_syslog("POST=".$tracepost, LOG_DEBUG, 0, '_paybox');
$head='';
if (! empty($conf->global->ONLINE_PAYMENT_CSS_URL)) $head='<link rel="stylesheet" type="text/css" href="'.$conf->global->ONLINE_PAYMENT_CSS_URL.'?lang='.$langs->defaultlang.'">'."\n";
$conf->dol_hide_topmenu=1;
$conf->dol_hide_leftmenu=1;
llxHeader($head, $langs->trans("PaymentForm"), '', '', 0, 0, '', '', '', 'onlinepaymentbody');
// Show message
print '<span id="dolpaymentspan"></span>'."\n";
print '<div id="dolpaymentdiv" align="center">'."\n";
// Get on url call
/*
$onlinetoken = $PAYBOXTOKEN;
*/
$fulltag = $FULLTAG;
/*$payerID = $PAYBOXPAYERID;
// Set by newpayment.php
$paymentType = $_SESSION['PaymentType'];
$currencyCodeType = $_SESSION['currencyCodeType'];
$FinalPaymentAmt = $_SESSION["FinalPaymentAmt"];
// From env
$ipaddress = $_SESSION['ipaddress'];
dol_syslog("Call newpaymentok with token=".$onlinetoken." paymentType=".$paymentType." currencyCodeType=".$currencyCodeType." payerID=".$payerID." ipaddress=".$ipaddress." FinalPaymentAmt=".$FinalPaymentAmt." fulltag=".$fulltag);
*/
print $langs->trans("YourPaymentHasBeenRecorded")."<br><br>\n";
$key='ONLINE_PAYMENT_MESSAGE_OK';
if (! empty($conf->global->$key)) print $conf->global->$key;
// Appel des triggers
include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
$interface=new Interfaces($db);
$result=$interface->run_triggers('PAYBOX_PAYMENT_OK', $object, $user, $langs, $conf);
if ($result < 0) { $error++; $errors=$interface->errors; }
// Fin appel triggers
$tmptag=dolExplodeIntoArray($fulltag, '.', '=');
// Send an email
if (! empty($conf->global->ONLINE_PAYMENT_SENDEMAIL))
{
$sendto=$conf->global->ONLINE_PAYMENT_SENDEMAIL;
$from=$conf->global->MAILING_EMAIL_FROM;
// Define $urlwithroot
$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
//$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
// Define link to login card
$appli=constant('DOL_APPLICATION_TITLE');
if (! empty($conf->global->MAIN_APPLICATION_TITLE))
{
$appli=$conf->global->MAIN_APPLICATION_TITLE;
if (preg_match('/\d\.\d/', $appli))
{
if (! preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) $appli.=" (".DOL_VERSION.")"; // If new title contains a version that is different than core
}
else $appli.=" ".DOL_VERSION;
}
else $appli.=" ".DOL_VERSION;
$urlback=$_SERVER["REQUEST_URI"];
$topic='['.$appli.'] '.$langs->transnoentitiesnoconv("NewOnlinePaymentReceived");
$content="";
if (! empty($tmptag['MEM']))
{
$langs->load("members");
$url=$urlwithroot."/adherents/subscription.php?rowid=".$tmptag['MEM'];
$content.=$langs->trans("PaymentSubscription")."<br>\n";
$content.=$langs->trans("MemberId").': '.$tmptag['MEM']."<br>\n";
$content.=$langs->trans("Link").': <a href="'.$url.'">'.$url.'</a>'."<br>\n";
}
else
{
$content.=$langs->transnoentitiesnoconv("NewOnlinePaymentReceived")."<br>\n";
}
$content.="<br>\n";
$content.=$langs->transnoentitiesnoconv("TechnicalInformation").":<br>\n";
$content.=$langs->transnoentitiesnoconv("OnlinePaymentSystem").': '.$paymentmethod."<br>\n";
$content.=$langs->transnoentitiesnoconv("ReturnURLAfterPayment").': '.$urlback."<br>\n";
$content.="tag=".$fulltag."<br>\n";
$ishtml=dol_textishtml($content); // May contain urls
require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
$mailfile = new CMailFile($topic, $sendto, $from, $content, array(), array(), array(), '', '', 0, $ishtml);
// Send an email
$result=$mailfile->sendfile();
if ($result)
{
dol_syslog("EMail sent to ".$sendto, LOG_DEBUG, 0, '_paybox');
}
else
{
dol_syslog("Failed to send EMail to ".$sendto, LOG_ERR, 0, '_paybox');
}
}
print "\n</div>\n";
htmlPrintOnlinePaymentFooter($mysoc, $langs, 0, $suffix);
llxFooter('', 'public');
$db->close();

27
htdocs/public/paypal/index.php
View File

@ -1,27 +0,0 @@
<?php
/* Copyright (C) 2009 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/public/paypal/index.php
* \ingroup core
* \brief A redirect page to an error
* \author Laurent Destailleur
*/
require '../../master.inc.php';
header("Location: ".DOL_URL_ROOT.'/public/error-404.php');

52
htdocs/public/paypal/newpayment.php
View File

@ -1,52 +0,0 @@
<?php
/* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2006-2017 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2009-2012 Regis Houssin <regis.houssin@inodbox.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For paypal test: https://developer.paypal.com/
* For paybox test: ???
*/
/**
* \file htdocs/public/paypal/newpayment.php
* \ingroup paypal
* \brief File to offer a way to make a payment for a particular Dolibarr entity
*/
define("NOLOGIN", 1); // This means this output page does not require to be logged.
define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
// For MultiCompany module.
// Do not use GETPOST here, function is not defined and define must be done before including main.inc.php
// TODO This should be useless. Because entity must be retreive from object ref and not from url.
$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
if (is_numeric($entity)) define("DOLENTITY", $entity);
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypal.lib.php';
require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypalfunctions.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
// Security check
if (empty($conf->paypal->enabled)) accessforbidden('', 0, 0, 1);
$newurl = $_SERVER['REQUEST_URI'];
$newurl = preg_replace('/\/paypal\/newpayment/', '/payment/newpayment', $newurl);
header("Location: ".$newurl.(preg_match('/\?/', $newurl)?'&':'?').'paymentmethod=paypal');
exit;

173
htdocs/public/paypal/paymentko.php
View File

@ -1,173 +0,0 @@
<?php
/* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2006-2013 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2012 Regis Houssin <regis.houssin@inodbox.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/public/paypal/paymentko.php
* \ingroup paypal
* \brief File to show page after a failed payment.
* This page is called by paypal with url provided to payal competed with parameter TOKEN=xxx
* This token can be used to get more informations.
*/
define("NOLOGIN", 1); // This means this output page does not require to be logged.
define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
// For MultiCompany module.
// Do not use GETPOST here, function is not defined and define must be done before including main.inc.php
// TODO This should be useless. Because entity must be retreive from object ref and not from url.
$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
if (is_numeric($entity)) define("DOLENTITY", $entity);
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypal.lib.php';
require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypalfunctions.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
// Security check
if (empty($conf->paypal->enabled)) accessforbidden('', 0, 0, 1);
$langs->loadLangs(array("main", "other", "dict", "bills", "companies", "paybox", "paypal", "stripe"));
$PAYPALTOKEN=GETPOST('TOKEN');
if (empty($PAYPALTOKEN)) $PAYPALTOKEN=GETPOST('token');
$PAYPALPAYERID=GETPOST('PAYERID');
if (empty($PAYPALPAYERID)) $PAYPALPAYERID=GETPOST('PayerID');
$FULLTAG=GETPOST('FULLTAG');
if (empty($FULLTAG)) $FULLTAG=GETPOST('fulltag');
$object = new stdClass(); // For triggers
$paymentmethod='paypal';
/*
* Actions
*/
/*
* View
*/
dol_syslog("Callback url when a PayPal payment was canceled. query_string=".(dol_escape_htmltag($_SERVER["QUERY_STRING"])?dol_escape_htmltag($_SERVER["QUERY_STRING"]):'')." script_uri=".(dol_escape_htmltag($_SERVER["SCRIPT_URI"])?dol_escape_htmltag($_SERVER["SCRIPT_URI"]):''), LOG_DEBUG, 0, '_paypal');
$tracepost = "";
foreach($_POST as $k => $v) $tracepost .= "{$k} - {$v}\n";
dol_syslog("POST=".$tracepost, LOG_DEBUG, 0, '_paypal');
if (! empty($_SESSION['ipaddress'])) // To avoid to make action twice
{
// Get on url call
$fulltag = $FULLTAG;
$onlinetoken = empty($PAYPALTOKEN)?$_SESSION['onlinetoken']:$PAYPALTOKEN;
$payerID = empty($PAYPALPAYERID)?$_SESSION['payerID']:$PAYPALPAYERID;
// Set by newpayment.php
$paymentType = $_SESSION['PaymentType'];
$currencyCodeType = $_SESSION['currencyCodeType'];
$FinalPaymentAmt = $_SESSION["FinalPaymentAmt"];
// From env
$ipaddress = $_SESSION['ipaddress'];
// Appel des triggers
include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
$interface=new Interfaces($db);
$result=$interface->run_triggers('PAYPAL_PAYMENT_KO', $object, $user, $langs, $conf);
if ($result < 0) { $error++; $errors=$interface->errors; }
// Fin appel triggers
// Send an email
$sendemail = '';
if (! empty($conf->global->ONLINE_PAYMENT_SENDEMAIL)) $sendemail=$conf->global->ONLINE_PAYMENT_SENDEMAIL;
if ($sendemail)
{
$sendto=$sendemail;
$from=$conf->global->MAILING_EMAIL_FROM;
// Define link to login card
$appli=constant('DOL_APPLICATION_TITLE');
if (! empty($conf->global->MAIN_APPLICATION_TITLE))
{
$appli=$conf->global->MAIN_APPLICATION_TITLE;
if (preg_match('/\d\.\d/', $appli))
{
if (! preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) $appli.=" (".DOL_VERSION.")"; // If new title contains a version that is different than core
}
else $appli.=" ".DOL_VERSION;
}
else $appli.=" ".DOL_VERSION;
$urlback=$_SERVER["REQUEST_URI"];
$topic='['.$appli.'] '.$langs->transnoentitiesnoconv("NewOnlinePaymentFailed");
$content="";
$content.=$langs->transnoentitiesnoconv("ValidationOfOnlinePaymentFailed")."\n";
$content.="\n";
$content.=$langs->transnoentitiesnoconv("TechnicalInformation").":\n";
$content.=$langs->transnoentitiesnoconv("OnlinePaymentSystem").': '.$paymentmethod."<br>\n";
$content.=$langs->transnoentitiesnoconv("ReturnURLAfterPayment").': '.$urlback."\n";
$content.="tag=".$fulltag."\ntoken=".$onlinetoken." paymentType=".$paymentType." currencycodeType=".$currencyCodeType." payerId=".$payerID." ipaddress=".$ipaddress." FinalPaymentAmt=".$FinalPaymentAmt;
require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
$mailfile = new CMailFile($topic, $sendto, $from, $content);
$result=$mailfile->sendfile();
if ($result)
{
dol_syslog("EMail sent to ".$sendto, LOG_DEBUG, 0, '_paypal');
}
else
{
dol_syslog("Failed to send EMail to ".$sendto, LOG_ERR, 0, '_paypal');
}
}
unset($_SESSION['ipaddress']);
}
$head='';
if (! empty($conf->global->ONLINE_PAYMENT_CSS_URL)) $head='<link rel="stylesheet" type="text/css" href="'.$conf->global->ONLINE_PAYMENT_CSS_URL.'?lang='.$langs->defaultlang.'">'."\n";
$conf->dol_hide_topmenu=1;
$conf->dol_hide_leftmenu=1;
llxHeader($head, $langs->trans("PaymentForm"), '', '', 0, 0, '', '', '', 'onlinepaymentbody');
// Show ko message
print '<span id="dolpaymentspan"></span>'."\n";
print '<div id="dolpaymentdiv" align="center">'."\n";
print $langs->trans("YourPaymentHasNotBeenRecorded")."<br><br>";
$key='ONLINE_PAYMENT_MESSAGE_KO';
if (! empty($conf->global->$key)) print $conf->global->$key;
print "\n</div>\n";
htmlPrintOnlinePaymentFooter($mysoc, $langs, 0, $suffix);
llxFooter('', 'public');
$db->close();

332
htdocs/public/paypal/paymentok.php
View File

@ -1,332 +0,0 @@
<?php
/* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2006-2013 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2012 Regis Houssin <regis.houssin@inodbox.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/public/paypal/paymentok.php
* \ingroup paypal
* \brief File to show page after a successful payment
* This page is called by paypal with url provided to payal completed with parameter TOKEN=xxx
* This token can be used to get more informations.
*/
define("NOLOGIN", 1); // This means this output page does not require to be logged.
define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
// For MultiCompany module.
// Do not use GETPOST here, function is not defined and define must be done before including main.inc.php
// TODO This should be useless. Because entity must be retreive from object ref and not from url.
$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
if (is_numeric($entity)) define("DOLENTITY", $entity);
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypal.lib.php';
require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypalfunctions.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
// Security check
if (empty($conf->paypal->enabled)) accessforbidden('', 0, 0, 1);
$langs->loadLangs(array("main","other","dict","bills","companies","paybox","paypal","stripe"));
// Clean parameters
$PAYPAL_API_USER="";
if (! empty($conf->global->PAYPAL_API_USER)) $PAYPAL_API_USER=$conf->global->PAYPAL_API_USER;
$PAYPAL_API_PASSWORD="";
if (! empty($conf->global->PAYPAL_API_PASSWORD)) $PAYPAL_API_PASSWORD=$conf->global->PAYPAL_API_PASSWORD;
$PAYPAL_API_SIGNATURE="";
if (! empty($conf->global->PAYPAL_API_SIGNATURE)) $PAYPAL_API_SIGNATURE=$conf->global->PAYPAL_API_SIGNATURE;
$PAYPAL_API_SANDBOX="";
if (! empty($conf->global->PAYPAL_API_SANDBOX)) $PAYPAL_API_SANDBOX=$conf->global->PAYPAL_API_SANDBOX;
$PAYPAL_API_OK="";
if ($urlok) $PAYPAL_API_OK=$urlok;
$PAYPAL_API_KO="";
if ($urlko) $PAYPAL_API_KO=$urlko;
if (empty($PAYPAL_API_USER))
{
dol_print_error('', "Paypal setup param PAYPAL_API_USER not defined");
return -1;
}
if (empty($PAYPAL_API_PASSWORD))
{
dol_print_error('', "Paypal setup param PAYPAL_API_PASSWORD not defined");
return -1;
}
if (empty($PAYPAL_API_SIGNATURE))
{
dol_print_error('', "Paypal setup param PAYPAL_API_SIGNATURE not defined");
return -1;
}
$source=GETPOST('source');
$ref=GETPOST('ref');
$PAYPALTOKEN=GETPOST('TOKEN');
if (empty($PAYPALTOKEN)) $PAYPALTOKEN=GETPOST('token');
$PAYPALPAYERID=GETPOST('PAYERID');
if (empty($PAYPALPAYERID)) $PAYPALPAYERID=GETPOST('PayerID');
$FULLTAG=GETPOST('FULLTAG');
if (empty($FULLTAG)) $FULLTAG=GETPOST('fulltag');
$object = new stdClass(); // For triggers
$paymentmethod='paypal';
/*
* Actions
*/
/*
* View
*/
dol_syslog("Callback url when a PayPal payment was done. query_string=".(dol_escape_htmltag($_SERVER["QUERY_STRING"])?dol_escape_htmltag($_SERVER["QUERY_STRING"]):'')." script_uri=".(dol_escape_htmltag($_SERVER["SCRIPT_URI"])?dol_escape_htmltag($_SERVER["SCRIPT_URI"]):''), LOG_DEBUG, 0, '_paypal');
$tracepost = "";
foreach($_POST as $k => $v) $tracepost .= "{$k} - {$v}\n";
dol_syslog("POST=".$tracepost, LOG_DEBUG, 0, '_paypal');
$head='';
if (! empty($conf->global->ONLINE_PAYMENT_CSS_URL)) $head='<link rel="stylesheet" type="text/css" href="'.$conf->global->ONLINE_PAYMENT_CSS_URL.'?lang='.$langs->defaultlang.'">'."\n";
$conf->dol_hide_topmenu=1;
$conf->dol_hide_leftmenu=1;
llxHeader($head, $langs->trans("PaymentForm"), '', '', 0, 0, '', '', '', 'onlinepaymentbody');
// Show message
print '<span id="dolpaymentspan"></span>'."\n";
print '<div id="dolpaymentdiv" align="center">'."\n";
if ($PAYPALTOKEN)
{
// Get on url call
$onlinetoken = $PAYPALTOKEN;
$fulltag = $FULLTAG;
$payerID = $PAYPALPAYERID;
// Set by newpayment.php
$paymentType = $_SESSION['PaymentType'];
$currencyCodeType = $_SESSION['currencyCodeType'];
$FinalPaymentAmt = $_SESSION["FinalPaymentAmt"];
// From env
$ipaddress = $_SESSION['ipaddress'];
dol_syslog("Call paymentok with token=".$onlinetoken." paymentType=".$paymentType." currencyCodeType=".$currencyCodeType." payerID=".$payerID." ipaddress=".$ipaddress." FinalPaymentAmt=".$FinalPaymentAmt." fulltag=".$fulltag, LOG_DEBUG, 0, '_paypal');
// Validate record
if (! empty($paymentType))
{
dol_syslog("We call GetExpressCheckoutDetails", LOG_DEBUG, 0, '_paypal');
$resArray=getDetails($onlinetoken);
//var_dump($resarray);
dol_syslog("We call DoExpressCheckoutPayment token=".$onlinetoken." paymentType=".$paymentType." currencyCodeType=".$currencyCodeType." payerID=".$payerID." ipaddress=".$ipaddress." FinalPaymentAmt=".$FinalPaymentAmt." fulltag=".$fulltag, LOG_DEBUG, 0, '_paypal');
$resArray=confirmPayment($onlinetoken, $paymentType, $currencyCodeType, $payerID, $ipaddress, $FinalPaymentAmt, $fulltag);
$ack = strtoupper($resArray["ACK"]);
if($ack=="SUCCESS" || $ack=="SUCCESSWITHWARNING")
{
$object->source = $source;
$object->ref = $ref;
$object->payerID = $payerID;
$object->fulltag = $fulltag;
$object->resArray = $resArray;
// resArray was built from a string like that
// TOKEN=EC%2d1NJ057703V9359028&TIMESTAMP=2010%2d11%2d01T11%3a40%3a13Z&CORRELATIONID=1efa8c6a36bd8&ACK=Success&VERSION=56&BUILD=1553277&TRANSACTIONID=9B994597K9921420R&TRANSACTIONTYPE=expresscheckout&PAYMENTTYPE=instant&ORDERTIME=2010%2d11%2d01T11%3a40%3a12Z&AMT=155%2e57&FEEAMT=5%2e54&TAXAMT=0%2e00&CURRENCYCODE=EUR&PAYMENTSTATUS=Completed&PENDINGREASON=None&REASONCODE=None
$PAYMENTSTATUS=urldecode($resArray["PAYMENTSTATUS"]); // Should contains 'Completed'
$TRANSACTIONID=urldecode($resArray["TRANSACTIONID"]);
$TAXAMT=urldecode($resArray["TAXAMT"]);
$NOTE=urldecode($resArray["NOTE"]);
print $langs->trans("YourPaymentHasBeenRecorded")."<br>\n";
print $langs->trans("ThisIsTransactionId", $TRANSACTIONID)."<br><br>\n";
$key='ONLINE_PAYMENT_MESSAGE_OK';
if (! empty($conf->global->$key)) print $conf->global->$key;
// Appel des triggers
include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
$interface=new Interfaces($db);
$result=$interface->run_triggers('PAYPAL_PAYMENT_OK', $object, $user, $langs, $conf);
if ($result < 0) { $error++; $errors=$interface->errors; }
// Fin appel triggers
$tmptag=dolExplodeIntoArray($fulltag, '.', '=');
// Send an email
if (! empty($conf->global->ONLINE_PAYMENT_SENDEMAIL))
{
$sendto=$conf->global->ONLINE_PAYMENT_SENDEMAIL;
$from=$conf->global->MAILING_EMAIL_FROM;
// Define $urlwithroot
$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
//$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
// Define link to login card
$appli=constant('DOL_APPLICATION_TITLE');
if (! empty($conf->global->MAIN_APPLICATION_TITLE))
{
$appli=$conf->global->MAIN_APPLICATION_TITLE;
if (preg_match('/\d\.\d/', $appli))
{
if (! preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) $appli.=" (".DOL_VERSION.")"; // If new title contains a version that is different than core
}
else $appli.=" ".DOL_VERSION;
}
else $appli.=" ".DOL_VERSION;
$urlback=$_SERVER["REQUEST_URI"];
$topic='['.$appli.'] '.$langs->transnoentitiesnoconv("NewOnlinePaymentReceived");
$content="";
if (! empty($tmptag['MEM']))
{
$langs->load("members");
$url=$urlwithroot."/adherents/subscription.php?rowid=".$tmptag['MEM'];
$content.=$langs->trans("PaymentSubscription")."<br>\n";
$content.=$langs->trans("MemberId").': '.$tmptag['MEM']."<br>\n";
$content.=$langs->trans("Link").': <a href="'.$url.'">'.$url.'</a>'."<br>\n";
}
else
{
$content.=$langs->transnoentitiesnoconv("NewOnlinePaymentReceived")."<br>\n";
}
$content.="<br>\n";
$content.=$langs->transnoentitiesnoconv("TechnicalInformation").":<br>\n";
$content.=$langs->transnoentitiesnoconv("OnlinePaymentSystem").': '.$paymentmethod."<br>\n";
$content.=$langs->transnoentitiesnoconv("ReturnURLAfterPayment").': '.$urlback."<br>\n";
$content.="tag=".$fulltag."\ntoken=".$onlinetoken." paymentType=".$paymentType." currencycodeType=".$currencyCodeType." payerId=".$payerID." ipaddress=".$ipaddress." FinalPaymentAmt=".$FinalPaymentAmt;
$ishtml=dol_textishtml($content); // May contain urls
require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
$mailfile = new CMailFile($topic, $sendto, $from, $content, array(), array(), array(), '', '', 0, $ishtml);
$result=$mailfile->sendfile();
if ($result)
{
dol_syslog("EMail sent to ".$sendto, LOG_DEBUG, 0, '_paypal');
}
else
{
dol_syslog("Failed to send EMail to ".$sendto, LOG_ERR, 0, '_paypal');
}
}
}
else
{
// Appel des triggers
include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
$interface=new Interfaces($db);
$result=$interface->run_triggers('PAYPAL_PAYMENT_KO', $object, $user, $langs, $conf);
if ($result < 0) { $error++; $errors=$interface->errors; }
// Fin appel triggers
//Display a user friendly Error on the page using any of the following error information returned by PayPal
$ErrorCode = urldecode($resArray["L_ERRORCODE0"]);
$ErrorShortMsg = urldecode($resArray["L_SHORTMESSAGE0"]);
$ErrorLongMsg = urldecode($resArray["L_LONGMESSAGE0"]);
$ErrorSeverityCode = urldecode($resArray["L_SEVERITYCODE0"]);
echo $langs->trans('DoExpressCheckoutPaymentAPICallFailed') . "<br>\n";
echo $langs->trans('DetailedErrorMessage') . ": " . $ErrorLongMsg."<br>\n";
echo $langs->trans('ShortErrorMessage') . ": " . $ErrorShortMsg."<br>\n";
echo $langs->trans('ErrorCode') . ": " . $ErrorCode."<br>\n";
echo $langs->trans('ErrorSeverityCode') . ": " . $ErrorSeverityCode."<br>\n";
if ($mysoc->email) echo "\nPlease, send a screenshot of this page to ".$mysoc->email."<br>\n";
$tmptag=dolExplodeIntoArray($fulltag, '.', '=');
// Send an email
if (! empty($conf->global->ONLINE_PAYMENT_SENDEMAIL))
{
$sendto=$conf->global->ONLINE_PAYMENT_SENDEMAIL;
$from=$conf->global->MAILING_EMAIL_FROM;
// Define $urlwithroot
$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
//$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
// Define link to login card
$appli=constant('DOL_APPLICATION_TITLE');
if (! empty($conf->global->MAIN_APPLICATION_TITLE))
{
$appli=$conf->global->MAIN_APPLICATION_TITLE;
if (preg_match('/\d\.\d/', $appli))
{
if (! preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) $appli.=" (".DOL_VERSION.")"; // If new title contains a version that is different than core
}
else $appli.=" ".DOL_VERSION;
}
else $appli.=" ".DOL_VERSION;
$urlback=$_SERVER["REQUEST_URI"];
$topic='['.$appli.'] '.$langs->transnoentitiesnoconv("ValidationOfPaymentFailed");
$content="";
$content.=$langs->transnoentitiesnoconv("PaymentSystemConfirmPaymentPageWasCalledButFailed")."\n";
$content.="\n";
$content.=$langs->transnoentitiesnoconv("TechnicalInformation").":\n";
$content.=$langs->transnoentitiesnoconv("OnlinePaymentSystem").': '.$paymentmethod."\n";
$content.=$langs->transnoentitiesnoconv("ReturnURLAfterPayment").': '.$urlback."\n";
$content.="tag=".$fulltag."\ntoken=".$onlinetoken." paymentType=".$paymentType." currencycodeType=".$currencyCodeType." payerId=".$payerID." ipaddress=".$ipaddress." FinalPaymentAmt=".$FinalPaymentAmt;
$ishtml=dol_textishtml($content); // May contain urls
require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
$mailfile = new CMailFile($topic, $sendto, $from, $content, array(), array(), array(), '', '', 0, $ishtml);
$result=$mailfile->sendfile();
if ($result)
{
dol_syslog("EMail sent to ".$sendto, LOG_DEBUG, 0, '_paypal');
}
else
{
dol_syslog("Failed to send EMail to ".$sendto, LOG_ERR, 0, '_paypal');
}
}
}
}
else
{
dol_print_error('', 'Session expired');
}
}
else
{
// No TOKEN parameter in URL
dol_print_error('', 'No TOKEN parameter in URL');
}
print "\n</div>\n";
htmlPrintOnlinePaymentFooter($mysoc, $langs, 0, $suffix);
llxFooter('', 'public');
$db->close();

15
htdocs/public/stripe/ipn.php
View File

@ -146,7 +146,7 @@ $societeName = $conf->global->MAIN_INFO_SOCIETE_NOM;
if (! empty($conf->global->MAIN_APPLICATION_TITLE)) $societeName = $conf->global->MAIN_APPLICATION_TITLE;
dol_syslog("Stripe IPN was called with event->type = ".$event->type);
dol_syslog("***** Stripe IPN was called with event->type = ".$event->type);
if ($event->type == 'payout.created') {
@ -404,18 +404,7 @@ elseif ($event->type == 'charge.failed') {
// TODO: Redirect to paymentko.php
}
elseif (($event->type == 'source.chargeable') && ($event->data->object->type == 'three_d_secure') && ($event->data->object->three_d_secure->authenticated==true)) {
$fulltag=$event->data->object->metadata->FULLTAG;
dol_syslog("fulltag=".$fulltag);
// Save into $tmptag all metadata
$tmptag=dolExplodeIntoArray($fulltag, '.', '=');
$stripe=new Stripe($db);
/*
$stripeacc = $stripe->getStripeAccount($service); // Stripe OAuth connect account of dolibarr user (no network access here)
$stripecu = $stripe->getStripeCustomerAccount($tmptag['CUS'], $servicestatus); // Get thirdparty cu_...
$charge=$stripe->createPaymentStripe($event->data->object->amount/100, $event->data->object->currency, $origin, $item, $event->data->object->id, $stripecu, $stripeacc, $servicestatus);
*/
// This event is deprecated.
}
http_response_code(200); // PHP 5.4 or greater

51
htdocs/public/stripe/newpayment.php
View File

@ -1,51 +0,0 @@
<?php
/* Copyright (C) 2017 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2017 Saasprov <saasprov@gmail.com>
* Copyright (C) 2017 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2017 Ferran Marcet <fmarcet@2byte.es>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Page is called with payment parameters then called with action='dopayment', then called with action='charge' then redirect is done on urlok/jo
*/
/**
* \file htdocs/public/stripe/newpayment.php
* \ingroup Stripe
* \brief Page to do payment with Stripe
*/
define("NOLOGIN", 1); // This means this output page does not require to be logged.
define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
// For MultiCompany module.
// Do not use GETPOST here, function is not defined and define must be done before including main.inc.php
// TODO This should be useless. Because entity must be retreive from object ref and not from url.
$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
if (is_numeric($entity)) define("DOLENTITY", $entity);
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/stripe/config.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
// Security check
if (empty($conf->stripe->enabled)) accessforbidden('', 0, 0, 1);
$newurl = $_SERVER['REQUEST_URI'];
$newurl = preg_replace('/\/stripe\/newpayment/', '/stripe/newpayment', $newurl);
header("Location: ".$newurl.(preg_match('/\?/', $newurl)?'&':'?').'paymentmethod=stripe');
exit;

160
htdocs/public/stripe/paymentko.php
View File

@ -1,160 +0,0 @@
<?php
/* Copyright (C) 2017 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/public/stripe/paymentko.php
* \ingroup core
* \brief File to show page after a failed payment.
* This page is called by payment system with url provided to it competed with parameter FULLTAG=xxx
* More data like token are saved into session. This token can be used to get more informations.
*/
define("NOLOGIN", 1); // This means this output page does not require to be logged.
define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
// For MultiCompany module.
// Do not use GETPOST here, function is not defined and define must be done before including main.inc.php
// TODO This should be useless. Because entity must be retreive from object ref and not from url.
$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
if (is_numeric($entity)) define("DOLENTITY", $entity);
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
$langs->loadLangs(array("main", "other", "dict", "bills", "companies", "paybox", "paypal", "stripe"));
$FULLTAG=GETPOST('FULLTAG');
if (empty($FULLTAG)) $FULLTAG=GETPOST('fulltag');
// Security check
if (empty($conf->stripe->enabled)) accessforbidden('', 0, 0, 1);
$object = new stdClass(); // For triggers
$paymentmethod='stripe';
/*
* Actions
*/
/*
* View
*/
dol_syslog("Callback url when a PayPal payment was canceled. query_string=".(empty($_SERVER["QUERY_STRING"])?'':$_SERVER["QUERY_STRING"])." script_uri=".(empty($_SERVER["SCRIPT_URI"])?'':$_SERVER["SCRIPT_URI"]), LOG_DEBUG, 0, '_stripe');
$tracepost = "";
foreach($_POST as $k => $v) $tracepost .= "{$k} - {$v}\n";
dol_syslog("POST=".$tracepost, LOG_DEBUG, 0, '_stripe');
if (! empty($_SESSION['ipaddress'])) // To avoid to make action twice
{
$fulltag = $FULLTAG;
$onlinetoken = empty($PAYPALTOKEN)?$_SESSION['onlinetoken']:$PAYPALTOKEN;
$payerID = empty($PAYPALPAYERID)?$_SESSION['payerID']:$PAYPALPAYERID;
$currencyCodeType = $_SESSION['currencyCodeType'];
$paymentType = $_SESSION['paymentType'];
$FinalPaymentAmt = $_SESSION['FinalPaymentAmt'];
$ipaddress = $_SESSION['ipaddress'];
// Appel des triggers
include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
$interface=new Interfaces($db);
$result=$interface->run_triggers('STRIPE_PAYMENT_KO', $object, $user, $langs, $conf);
if ($result < 0) { $error++; $errors=$interface->errors; }
// Fin appel triggers
// Send an email
$sendemail = '';
if (! empty($conf->global->ONLINE_PAYMENT_SENDEMAIL)) $sendemail=$conf->global->ONLINE_PAYMENT_SENDEMAIL;
if ($sendemail)
{
// Get on url call
$sendto=$sendemail;
$from=$conf->global->MAILING_EMAIL_FROM;
// Define link to login card
$appli=constant('DOL_APPLICATION_TITLE');
if (! empty($conf->global->MAIN_APPLICATION_TITLE))
{
$appli=$conf->global->MAIN_APPLICATION_TITLE;
if (preg_match('/\d\.\d/', $appli))
{
if (! preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) $appli.=" (".DOL_VERSION.")"; // If new title contains a version that is different than core
}
else $appli.=" ".DOL_VERSION;
}
else $appli.=" ".DOL_VERSION;
$urlback=$_SERVER["REQUEST_URI"];
$topic='['.$appli.'] '.$langs->transnoentitiesnoconv("NewOnlinePaymentFailed");
$content="";
$content.=$langs->transnoentitiesnoconv("ValidationOfOnlinePaymentFailed")."\n";
$content.="\n";
$content.=$langs->transnoentitiesnoconv("TechnicalInformation").":\n";
$content.=$langs->transnoentitiesnoconv("OnlinePaymentSystem").': '.$paymentmethod."\n";
$content.=$langs->transnoentitiesnoconv("ReturnURLAfterPayment").': '.$urlback."\n";
$content.="tag=".$fulltag."\ntoken=".$onlinetoken." paymentType=".$paymentType." currencycodeType=".$currencyCodeType." payerId=".$payerID." ipaddress=".$ipaddress." FinalPaymentAmt=".$FinalPaymentAmt;
require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
$mailfile = new CMailFile($topic, $sendto, $from, $content);
$result=$mailfile->sendfile();
if ($result)
{
dol_syslog("EMail sent to ".$sendto, LOG_DEBUG, 0, '_stripe');
}
else
{
dol_syslog("Failed to send EMail to ".$sendto, LOG_ERR, 0, '_stripe');
}
}
unset($_SESSION['ipaddress']);
}
$head='';
if (! empty($conf->global->ONLINE_PAYMENT_CSS_URL)) $head='<link rel="stylesheet" type="text/css" href="'.$conf->global->ONLINE_PAYMENT_CSS_URL.'?lang='.$langs->defaultlang.'">'."\n";
$conf->dol_hide_topmenu=1;
$conf->dol_hide_leftmenu=1;
llxHeader($head, $langs->trans("PaymentForm"), '', '', 0, 0, '', '', '', 'onlinepaymentbody');
// Show ko message
print '<span id="dolpaymentspan"></span>'."\n";
print '<div id="dolpaymentdiv" align="center">'."\n";
print $langs->trans("YourPaymentHasNotBeenRecorded")."<br><br>";
$key='ONLINE_PAYMENT_MESSAGE_KO';
if (! empty($conf->global->$key)) print $conf->global->$key;
print "\n</div>\n";
htmlPrintOnlinePaymentFooter($mysoc, $langs, 0, $suffix);
llxFooter('', 'public');
$db->close();

196
htdocs/public/stripe/paymentok.php
View File

@ -1,196 +0,0 @@
<?php
/* Copyright (C) 2017 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/public/stripe/paymentok.php
* \ingroup core
* \brief File to show page after a successful payment
* This page is called by payment system with url provided to it completed with parameter FULLTAG=xxx
* More data like token are saved into session. This token can be used to get more informations.
*/
define("NOLOGIN", 1); // This means this output page does not require to be logged.
define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
// For MultiCompany module.
// Do not use GETPOST here, function is not defined and define must be done before including main.inc.php
// TODO This should be useless. Because entity must be retreive from object ref and not from url.
$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
if (is_numeric($entity)) define("DOLENTITY", $entity);
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
$langs->loadLangs(array("main", "other", "dict", "bills", "companies", "paybox", "paypal"));
$FULLTAG=GETPOST('FULLTAG');
if (empty($FULLTAG)) $FULLTAG=GETPOST('fulltag');
$source=GETPOST('source');
$ref=GETPOST('ref');
// Security check
if (empty($conf->stripe->enabled)) accessforbidden('', 0, 0, 1);
$ispaymentok = false;
// If payment is ok
$PAYMENTSTATUS=$TRANSACTIONID=$TAXAMT=$NOTE='';
// If payment is ko
$ErrorCode=$ErrorShortMsg=$ErrorLongMsg=$ErrorSeverityCode='';
$object = new stdClass(); // For triggers
$paymentmethod='stripe';
/*
* Actions
*/
/*
* View
*/
dol_syslog("Callback url when a payment was done. query_string=".(empty($_SERVER["QUERY_STRING"])?'':$_SERVER["QUERY_STRING"])." script_uri=".(empty($_SERVER["SCRIPT_URI"])?'':$_SERVER["SCRIPT_URI"]), LOG_DEBUG, 0, '_stripe');
$tracepost = "";
foreach($_POST as $k => $v) $tracepost .= "{$k} - {$v}\n";
dol_syslog("POST=".$tracepost, LOG_DEBUG, 0, '_stripe');
$head='';
if (! empty($conf->global->ONLINE_PAYMENT_CSS_URL)) $head='<link rel="stylesheet" type="text/css" href="'.$conf->global->ONLINE_PAYMENT_CSS_URL.'?lang='.$langs->defaultlang.'">'."\n";
$conf->dol_hide_topmenu=1;
$conf->dol_hide_leftmenu=1;
llxHeader($head, $langs->trans("PaymentForm"), '', '', 0, 0, '', '', '', 'onlinepaymentbody');
// Show message
print '<span id="dolpaymentspan"></span>'."\n";
print '<div id="dolpaymentdiv" align="center">'."\n";
$ispaymentok = true; // We call this page if payment is ok
if ($ispaymentok)
{
// Get on url call
$fulltag = $FULLTAG;
$onlinetoken = empty($PAYPALTOKEN)?$_SESSION['onlinetoken']:$PAYPALTOKEN;
$payerID = empty($PAYPALPAYERID)?$_SESSION['payerID']:$PAYPALPAYERID;
// Set by newpayment.php
$paymentType = $_SESSION['PaymentType'];
$currencyCodeType = $_SESSION['currencyCodeType'];
$FinalPaymentAmt = $_SESSION["FinalPaymentAmt"];
// From env
$ipaddress = $_SESSION['ipaddress'];
$TRANSACTIONID = $_SESSION['TRANSACTIONID'];
// Appel des triggers
include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
$interface=new Interfaces($db);
$result=$interface->run_triggers('STRIPE_PAYMENT_OK', $object, $user, $langs, $conf);
if ($result < 0) { $error++; $errors=$interface->errors; }
// Fin appel triggers
print $langs->trans("YourPaymentHasBeenRecorded")."<br>\n";
print $langs->trans("ThisIsTransactionId", $TRANSACTIONID)."<br><br>\n";
$key='ONLINE_PAYMENT_MESSAGE_OK';
if (! empty($conf->global->$key)) print $conf->global->$key;
$sendemail = '';
if (! empty($conf->global->ONLINE_PAYMENT_SENDEMAIL)) $sendemail=$conf->global->ONLINE_PAYMENT_SENDEMAIL;
$tmptag=dolExplodeIntoArray($fulltag, '.', '=');
// Send an email
if ($sendemail)
{
$sendto=$sendemail;
$from=$conf->global->MAILING_EMAIL_FROM;
// Define $urlwithroot
$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
//$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
// Define link to login card
$appli=constant('DOL_APPLICATION_TITLE');
if (! empty($conf->global->MAIN_APPLICATION_TITLE))
{
$appli=$conf->global->MAIN_APPLICATION_TITLE;
if (preg_match('/\d\.\d/', $appli))
{
if (! preg_match('/'.preg_quote(DOL_VERSION).'/', $appli)) $appli.=" (".DOL_VERSION.")"; // If new title contains a version that is different than core
}
else $appli.=" ".DOL_VERSION;
}
else $appli.=" ".DOL_VERSION;
$urlback=$_SERVER["REQUEST_URI"];
$topic='['.$appli.'] '.$langs->transnoentitiesnoconv("NewOnlinePaymentReceived");
$content="";
if (! empty($tmptag['MEM']))
{
$langs->load("members");
$url=$urlwithroot."/adherents/subscription.php?rowid=".$tmptag['MEM'];
$content.=$langs->trans("PaymentSubscription")."<br>\n";
$content.=$langs->trans("MemberId").': '.$tmptag['MEM']."<br>\n";
$content.=$langs->trans("Link").': <a href="'.$url.'">'.$url.'</a>'."<br>\n";
}
else
{
$content.=$langs->transnoentitiesnoconv("NewOnlinePaymentReceived")."<br>\n";
}
$content.="<br>\n";
$content.=$langs->transnoentitiesnoconv("TechnicalInformation").":<br>\n";
$content.=$langs->transnoentitiesnoconv("OnlinePaymentSystem").': '.$paymentmethod."<br>\n";
$content.=$langs->transnoentitiesnoconv("ReturnURLAfterPayment").': '.$urlback."<br>\n";
$content.="tag=".$fulltag."\ntoken=".$onlinetoken." paymentType=".$paymentType." currencycodeType=".$currencyCodeType." payerId=".$payerID." ipaddress=".$ipaddress." FinalPaymentAmt=".$FinalPaymentAmt;
$ishtml=dol_textishtml($content); // May contain urls
require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
$mailfile = new CMailFile($topic, $sendto, $from, $content, array(), array(), array(), '', '', 0, $ishtml);
$result=$mailfile->sendfile();
if ($result)
{
dol_syslog("EMail sent to ".$sendto, LOG_DEBUG, 0, '_stripe');
}
else
{
dol_syslog("Failed to send EMail to ".$sendto, LOG_ERR, 0, '_stripe');
}
}
}
print "\n</div>\n";
htmlPrintOnlinePaymentFooter($mysoc, $langs, 0, $suffix);
llxFooter('', 'public');
$db->close();

6
htdocs/public/ticket/create_ticket.php
View File

@ -138,9 +138,9 @@ if ($action == 'create_ticket' && GETPOST('add', 'alpha')) {
$object->message = GETPOST("message", "none");
$object->origin_email = $origin_email;
$object->type_code = GETPOST("type_code", 'az09');
$object->category_code = GETPOST("category_code", 'az09');
$object->severity_code = GETPOST("severity_code", 'az09');
$object->type_code = GETPOST("type_code", 'aZ09');
$object->category_code = GETPOST("category_code", 'aZ09');
$object->severity_code = GETPOST("severity_code", 'aZ09');
if (is_array($searched_companies)) {
$object->fk_soc = $searched_companies[0]->id;
}

39
htdocs/stripe/class/stripe.class.php
View File

@ -60,6 +60,7 @@ class Stripe extends CommonObject
public $type;
public $code;
public $declinecode;
public $message;
@ -305,16 +306,18 @@ class Stripe extends CommonObject
* @param string $currency_code Currency code
* @param string $tag Tag
* @param string $description Description
* @param Societe $object Object to pay with Stripe
* @param mixed $object Object to pay with Stripe
* @param string $customer Stripe customer ref 'cus_xxxxxxxxxxxxx' via customerStripe()
* @param string $key ''=Use common API. If not '', it is the Stripe connect account 'acc_....' to use Stripe connect
* @param int $status Status (0=test, 1=live)
* @param int $usethirdpartyemailforreceiptemail 1=use thirdparty email for receipt
* @param int $mode automatic=automatic confirmation/payment when conditions are ok, manual=need to call confirm() on intent
* @param boolean $confirmnow false=default, true=try to confirm immediatly after create (if conditions are ok)
* @param string $payment_method 'pm_....' (if known)
* @param string $off_session If we use an already known payment method to pay off line.
* @return \Stripe\PaymentIntent|null Stripe PaymentIntent or null if not found and failed to create
*/
public function getPaymentIntent($amount, $currency_code, $tag, $description = '', $object = null, $customer = null, $key = null, $status = 0, $usethirdpartyemailforreceiptemail = 0, $mode = 'automatic', $confirmnow = false)
public function getPaymentIntent($amount, $currency_code, $tag, $description = '', $object = null, $customer = null, $key = null, $status = 0, $usethirdpartyemailforreceiptemail = 0, $mode = 'automatic', $confirmnow = false, $payment_method = null, $off_session = 0)
{
global $conf;
@ -335,7 +338,7 @@ class Stripe extends CommonObject
} elseif ($fee < $conf->global->STRIPE_APPLICATION_FEE_MINIMAL) {
$fee = $conf->global->STRIPE_APPLICATION_FEE_MINIMAL;
}
if (! in_array($currency, $arrayzerounitcurrency)) $stripefee = round($fee * 100);
if (! in_array($currency_code, $arrayzerounitcurrency)) $stripefee = round($fee * 100);
else $stripefee = round($fee);
$paymentintent = null;
@ -411,6 +414,16 @@ class Stripe extends CommonObject
// payment_method =
// payment_method_types = array('card')
//var_dump($dataforintent);
if ($off_session)
{
unset($dataforintent['setup_future_usage']);
$dataforintent["off_session"] = true;
}
if (! is_null($payment_method))
{
$dataforintent["payment_method"] = $payment_method;
$description.=' - '.$payment_method;
}
if ($conf->entity!=$conf->global->STRIPECONNECT_PRINCIPAL && $stripefee > 0)
{
@ -434,7 +447,6 @@ class Stripe extends CommonObject
$paymentintent = \Stripe\PaymentIntent::create($dataforintent, array("idempotency_key" => "$description", "stripe_account" => $key));
//$paymentintent = \Stripe\PaymentIntent::create($dataforintent, array("stripe_account" => $key));
}
//var_dump($paymentintent->id);
// Store the payment intent
if (is_object($object))
@ -479,19 +491,29 @@ class Stripe extends CommonObject
$_SESSION["stripe_payment_intent"] = $paymentintent;
}
}
catch(Stripe\Error\Card $e)
{
$error++;
$this->error = $e->getMessage();
$this->code = $e->getStripeCode();
$this->declinecode = $e->getDeclineCode();
}
catch(Exception $e)
{
/*var_dump($dataforintent);
var_dump($description);
var_dump($key);
var_dump($paymentintent);
var_dump($e->getMessage());*/
$error++;
var_dump($e->getMessage());
var_dump($e);*/
$error++;
$this->error = $e->getMessage();
$this->code = '';
$this->declinecode = '';
}
}
dol_syslog("getPaymentIntent return error=".$error, LOG_INFO, -1);
dol_syslog("getPaymentIntent return error=".$error." this->error=".$this->error, LOG_INFO, -1);
if (! $error)
{
@ -782,13 +804,12 @@ class Stripe extends CommonObject
/**
* Create charge with public/payment/newpayment.php, stripe/card.php, cronjobs or REST API
* This is using old Stripe API charge.
*
* @param int $amount Amount to pay
* @param string $currency EUR, GPB...
* @param string $origin Object type to pay (order, invoice, contract...)
* @param int $item Object id to pay
* @param string $source src_xxxxx or card_xxxxx
* @param string $source src_xxxxx or card_xxxxx or pm_xxxxx
* @param string $customer Stripe customer ref 'cus_xxxxxxxxxxxxx' via customerStripe()
* @param string $account Stripe account ref 'acc_xxxxxxxxxxxxx' via getStripeAccount()
* @param int $status Status (0=test, 1=live)

11
htdocs/stripe/payment.php
View File

@ -28,7 +28,7 @@
/**
* \file htdocs/stripe/payment.php
* \ingroup stripe
* \brief Payment page for customers invoices
* \brief Payment page for customers invoices. TODO Seems deprecated and bugged !
*/
// Load Dolibarr environment
@ -71,6 +71,7 @@ if ($user->societe_id > 0)
}
$object=new Facture($db);
$stripe=new Stripe($db);
// Load object
if ($facid > 0)
@ -78,9 +79,9 @@ if ($facid > 0)
$ret=$object->fetch($facid);
}
if (! empty($conf->stripe->enabled))
if (empty($conf->stripe->enabled))
{
access_forbidden();
accessforbidden();
}
if (empty($conf->global->STRIPE_LIVE) || GETPOST('forcesandbox', 'alpha'))
@ -306,7 +307,7 @@ if (empty($reshook))
elseif (preg_match('/src_/i', $source))
{
$customer2 = $customerstripe=$stripe->customerStripe($facture->thirdparty, $stripeacc, $servicestatus);
$customer2 = $customerstripe=$stripe->customerStripe($facture->thirdparty, $stripeacc, $servicestatus);
$src = $customer2->sources->retrieve("$source");
if ($src->type=='card')
{
@ -1082,7 +1083,7 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
if (! GETPOST('action'))
{
if ($page == -1) $page = 0 ;
if ($page == -1 || empty($page)) $page = 0 ;
$limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit;
$offset = $limit * $page ;

48
htdocs/takepos/invoice.php
View File

@ -137,6 +137,7 @@ if ($action == 'valid' && $user->rights->facture->creer)
$bankaccount=$conf->global->$accountname;
}
$now=dol_now();
$res = 0;
$invoice = new Facture($db);
$invoice->fetch($placeid);
@ -179,41 +180,42 @@ if ($action == 'valid' && $user->rights->facture->creer)
$constantforkey = 'CASHDESK_ID_WAREHOUSE'.$_SESSION["takeposterminal"];
dol_syslog("Validate invoice with stock change into warehouse defined into constant ".$constantforkey." = ".$conf->global->$constantforkey);
$invoice->validate($user, '', $conf->global->$constantforkey);
$res = $invoice->validate($user, '', $conf->global->$constantforkey);
$conf->global->STOCK_CALCULATE_ON_BILL = $savconst;
}
else
{
$invoice->validate($user);
$res = $invoice->validate($user);
}
// Add the payment
$payment=new Paiement($db);
$payment->datepaye = $now;
$payment->fk_account = $bankaccount;
$payment->amounts[$invoice->id] = $amountofpayment;
if ($res > 0) {
$payment = new Paiement($db);
$payment->datepaye = $now;
$payment->fk_account = $bankaccount;
$payment->amounts[$invoice->id] = $amountofpayment;
// If user has not used change control, add total invoice payment
if ($amountofpayment == 0) $payment->amounts[$invoice->id] = $invoice->total_ttc;
// If user has not used change control, add total invoice payment
if ($amountofpayment == 0) $payment->amounts[$invoice->id] = $invoice->total_ttc;
$payment->paiementid=$paiementid;
$payment->num_payment=$invoice->ref;
$payment->paiementid=$paiementid;
$payment->num_payment=$invoice->ref;
$payment->create($user);
$payment->addPaymentToBank($user, 'payment', '(CustomerInvoicePayment)', $bankaccount, '', '');
$payment->create($user);
$payment->addPaymentToBank($user, 'payment', '(CustomerInvoicePayment)', $bankaccount, '', '');
$remaintopay = $invoice->getRemainToPay();
if ($remaintopay == 0)
{
dol_syslog("Invoice is paid, so we set it to pay");
$result = $invoice->set_paid($user);
if ($result > 0) $invoice->paye = 1;
}
else
{
dol_syslog("Invoice is not paid, remain to pay = ".$remaintopay);
}
$remaintopay = $invoice->getRemainToPay();
if ($remaintopay == 0) {
dol_syslog("Invoice is paid, so we set it to pay");
$result = $invoice->set_paid($user);
if ($result > 0) $invoice->paye = 1;
} else {
dol_syslog("Invoice is not paid, remain to pay = " . $remaintopay);
}
} else {
dol_htmloutput_errors($invoice->error, $invoice->errors, 1);
}
}
if ($action == 'history')

10
htdocs/takepos/pay.php
View File

@ -190,7 +190,7 @@ else print "var received=0;";
</div>
<?php } ?>
<div style="width:40%; background-color:#333333; border-radius:8px; margin-bottom: 4px;">
<center><span style='font-family: verdana,arial,helvetica; font-size: 200%;'><font color="white"><?php echo $langs->trans("Received"); ?>: </font><span class="change1 colorred"><?php echo price(0) ?></span><input type="hidden" id="change1" class="change1" value="0"></font></center>
<center><span style='font-family: verdana,arial,helvetica; font-size: 200%;'><font color="white"><?php echo $langs->trans("Received"); ?>: </font><span class="change1 colorred"><?php echo price(0) ?></span><input type="hidden" id="change1" class="change1" value="0"></font></span></center>
</div>
<div style="width:40%; background-color:#333333; border-radius:8px; margin-bottom: 4px;">
<center><span style='font-family: verdana,arial,helvetica; font-size: 200%;'><font color="white"><?php echo $langs->trans("Change"); ?>: </font><span class="change2 colorwhite"><?php echo price(0) ?></span><input type="hidden" id="change2" class="change2" value="0"></font></span></center>
@ -225,7 +225,7 @@ $numpad=$conf->global->TAKEPOS_NUMPAD;
if ($paycode == 'CB') $paycode = 'card';
if ($paycode == 'CHQ') $paycode = 'cheque';
?>
<button type="button" class="calcbutton2" onclick="Validate('<?php echo $langs->trans($paycode); ?>');"><?php echo $langs->trans($paiements[0]->label); ?></button>
<button type="button" class="calcbutton2" onclick="Validate('<?php echo $langs->trans($paycode); ?>');"><?php echo $langs->trans("PaymentTypeShort".$paiements[0]->code); ?></button>
<?php } else { ?>
<button type="button" class="calcbutton2"><?php echo $langs->trans("NoPaimementModesDefined");?></button>
<?php } ?>
@ -238,7 +238,7 @@ $numpad=$conf->global->TAKEPOS_NUMPAD;
if ($paycode == 'CB') $paycode = 'card';
if ($paycode == 'CHQ') $paycode = 'cheque';
?>
<button type="button" class="calcbutton2" onclick="Validate('<?php echo $langs->trans($paycode); ?>');"><?php echo $langs->trans($paiements[1]->label); ?></button>
<button type="button" class="calcbutton2" onclick="Validate('<?php echo $langs->trans($paycode); ?>');"><?php echo $langs->trans("PaymentTypeShort".$paiements[1]->code); ?></button>
<?php } else {
$button = array_pop($action_buttons);
?>
@ -253,7 +253,7 @@ $button = array_pop($action_buttons);
if ($paycode == 'CB') $paycode = 'card';
if ($paycode == 'CHQ') $paycode = 'cheque';
?>
<button type="button" class="calcbutton2" onclick="Validate('<?php echo $langs->trans($paycode); ?>');"><?php echo $langs->trans($paiements[2]->label); ?></button>
<button type="button" class="calcbutton2" onclick="Validate('<?php echo $langs->trans($paycode); ?>');"><?php echo $langs->trans("PaymentTypeShort".$paiements[2]->code); ?></button>
<?php } else { ?>
<?php
$button = array_pop($action_buttons);
@ -267,7 +267,7 @@ $button = array_pop($action_buttons);
$i=3;
while($i < count($paiements)){
?>
<button type="button" class="calcbutton2" onclick="Validate('<?php echo $langs->trans($paiements[$i]->code); ?>');"><?php echo $langs->trans($paiements[$i]->label); ?></button>
<button type="button" class="calcbutton2" onclick="Validate('<?php echo $langs->trans($paiements[$i]->code); ?>');"><?php echo $langs->trans("PaymentTypeShort".$paiements[$i]->code); ?></button>
<?php
$i=$i+1;
}

6
htdocs/ticket/card.php
View File

@ -570,9 +570,9 @@ if ($action == "change_property" && GETPOST('btn_update_ticket_prop', 'alpha') &
{
$object->fetch(GETPOST('id', 'int'), '', GETPOST('track_id', 'alpha'));
$object->type_code = GETPOST('update_value_type', 'az09');
$object->severity_code = GETPOST('update_value_severity', 'az09');
$object->category_code = GETPOST('update_value_category', 'az09');
$object->type_code = GETPOST('update_value_type', 'aZ09');
$object->severity_code = GETPOST('update_value_severity', 'aZ09');
$object->category_code = GETPOST('update_value_category', 'aZ09');
$ret = $object->update($user);
if ($ret > 0) {

59
htdocs/user/card.php
View File

@ -54,7 +54,6 @@ $id = GETPOST('id', 'int');
$action = GETPOST('action', 'aZ09');
$mode = GETPOST('mode', 'alpha');
$confirm = GETPOST('confirm', 'alpha');
$subaction = GETPOST('subaction', 'alpha');
$group = GETPOST("group", "int", 3);
$cancel = GETPOST('cancel', 'alpha');
$contextpage= GETPOST('contextpage', 'aZ')?GETPOST('contextpage', 'aZ'):'useracard'; // To manage different context of search
@ -195,14 +194,14 @@ if (empty($reshook)) {
}
if (!$error) {
$object->lastname = GETPOST("lastname", 'alpha');
$object->firstname = GETPOST("firstname", 'alpha');
$object->login = GETPOST("login", 'alpha');
$object->api_key = GETPOST("api_key", 'alpha');
$object->gender = GETPOST("gender", 'alpha');
$birth = dol_mktime(0, 0, 0, GETPOST('birthmonth'), GETPOST('birthday'), GETPOST('birthyear'));
$object->lastname = GETPOST("lastname", 'alphanohtml');
$object->firstname = GETPOST("firstname", 'alphanohtml');
$object->login = GETPOST("login", 'alphanohtml');
$object->api_key = GETPOST("api_key", 'alphanohtml');
$object->gender = GETPOST("gender", 'aZ09');
$birth = dol_mktime(0, 0, 0, GETPOST('birthmonth', 'int'), GETPOST('birthday', 'int'), GETPOST('birthyear', 'int'));
$object->birth = $birth;
$object->admin = GETPOST("admin", 'alpha');
$object->admin = GETPOST("admin", 'int');
$object->address = GETPOST('address', 'alphanohtml');
$object->zip = GETPOST('zipcode', 'alphanohtml');
$object->town = GETPOST('town', 'alphanohtml');
@ -217,8 +216,8 @@ if (empty($reshook)) {
$object->facebook = GETPOST("facebook", 'alphanohtml');
$object->linkedin = GETPOST("linkedin", 'alphanohtml');
$object->email = preg_replace('/\s+/', '', GETPOST("email", 'alpha'));
$object->job = GETPOST("job", 'alpha');
$object->email = preg_replace('/\s+/', '', GETPOST("email", 'alphanohtml'));
$object->job = GETPOST("job", 'nohtml');
$object->signature = GETPOST("signature", 'none');
$object->accountancy_code = GETPOST("accountancy_code", 'alphanohtml');
$object->note = GETPOST("note", 'none');
@ -233,10 +232,10 @@ if (empty($reshook)) {
$object->weeklyhours = GETPOST("weeklyhours", 'alphanohtml') != '' ? GETPOST("weeklyhours", 'alphanohtml') : '';
$object->color = GETPOST("color", 'alphanohtml') != '' ? GETPOST("color", 'alphanohtml') : '';
$dateemployment = dol_mktime(0, 0, 0, GETPOST('dateemploymentmonth'), GETPOST('dateemploymentday'), GETPOST('dateemploymentyear'));
$dateemployment = dol_mktime(0, 0, 0, GETPOST('dateemploymentmonth', 'int'), GETPOST('dateemploymentday', 'int'), GETPOST('dateemploymentyear', 'int'));
$object->dateemployment = $dateemployment;
$dateemploymentend = dol_mktime(0, 0, 0, GETPOST('dateemploymentendmonth'), GETPOST('dateemploymentendday'), GETPOST('dateemploymentendyear'));
$dateemploymentend = dol_mktime(0, 0, 0, GETPOST('dateemploymentendmonth', 'int'), GETPOST('dateemploymentendday', 'int'), GETPOST('dateemploymentendyear', 'int'));
$object->dateemploymentend = $dateemploymentend;
$object->fk_warehouse = GETPOST('fk_warehouse', 'int');
@ -348,15 +347,15 @@ if (empty($reshook)) {
$db->begin();
$object->lastname = GETPOST("lastname", 'alpha');
$object->firstname = GETPOST("firstname", 'alpha');
$object->login = GETPOST("login", 'alpha');
$object->gender = GETPOST("gender", 'alpha');
$birth = dol_mktime(0, 0, 0, GETPOST('birthmonth'), GETPOST('birthday'), GETPOST('birthyear'));
$object->lastname = GETPOST("lastname", 'alphanohtml');
$object->firstname = GETPOST("firstname", 'alphanohtml');
$object->login = GETPOST("login", 'alphanohtml');
$object->gender = GETPOST("gender", 'aZ09');
$birth = dol_mktime(0, 0, 0, GETPOST('birthmonth', 'int'), GETPOST('birthday', 'int'), GETPOST('birthyear', 'int'));
$object->birth = $birth;
$object->pass = GETPOST("password", 'none');
$object->api_key = (GETPOST("api_key", 'alpha')) ? GETPOST("api_key", 'alpha') : $object->api_key;
if (! empty($user->admin)) $object->admin = GETPOST("admin"); // admin flag can only be set/unset by an admin user. A test is also done later when forging sql request
$object->api_key = (GETPOST("api_key", 'alphanohtml')) ? GETPOST("api_key", 'alphanohtml') : $object->api_key;
if (! empty($user->admin)) $object->admin = GETPOST("admin", "int"); // admin flag can only be set/unset by an admin user. A test is also done later when forging sql request
$object->address = GETPOST('address', 'alphanohtml');
$object->zip = GETPOST('zipcode', 'alphanohtml');
$object->town = GETPOST('town', 'alphanohtml');
@ -365,15 +364,17 @@ if (empty($reshook)) {
$object->office_phone = GETPOST("office_phone", 'alphanohtml');
$object->office_fax = GETPOST("office_fax", 'alphanohtml');
$object->user_mobile = GETPOST("user_mobile", 'alphanohtml');
$object->skype = GETPOST("skype", 'alpha');
$object->twitter = GETPOST("twitter", 'alpha');
$object->facebook = GETPOST("facebook", 'alpha');
$object->linkedin = GETPOST("linkedin", 'alpha');
$object->email = preg_replace('/\s+/', '', GETPOST("email", 'alpha'));
$object->job = GETPOST("job", 'alpha');
$object->skype = GETPOST("skype", 'alphanohtml');
$object->twitter = GETPOST("twitter", 'alphanohtml');
$object->facebook = GETPOST("facebook", 'alphanohtml');
$object->linkedin = GETPOST("linkedin", 'alphanohtml');
$object->email = preg_replace('/\s+/', '', GETPOST("email", 'alphanohtml'));
$object->job = GETPOST("job", 'nohtml');
$object->signature = GETPOST("signature", 'none');
$object->accountancy_code = GETPOST("accountancy_code", 'alpha');
$object->openid = GETPOST("openid", 'alpha');
$object->accountancy_code = GETPOST("accountancy_code", 'alphanohtml');
$object->openid = GETPOST("openid", 'alphanohtml');
$object->fk_user = GETPOST("fk_user", 'int') > 0 ? GETPOST("fk_user", 'int') : 0;
$object->employee = GETPOST('employee', 'int');
@ -383,7 +384,7 @@ if (empty($reshook)) {
$object->salaryextra = GETPOST("salaryextra", 'alphanohtml') != '' ? GETPOST("salaryextra", 'alphanohtml') : '';
$object->weeklyhours = GETPOST("weeklyhours", 'alphanohtml') != '' ? GETPOST("weeklyhours", 'alphanohtml') : '';
$object->color = GETPOST("color", 'alpha') != '' ? GETPOST("color", 'alpha') : '';
$object->color = GETPOST("color", 'alphanohtml') != '' ? GETPOST("color", 'alphanohtml') : '';
$dateemployment = dol_mktime(0, 0, 0, GETPOST('dateemploymentmonth', 'int'), GETPOST('dateemploymentday', 'int'), GETPOST('dateemploymentyear', 'int'));
$object->dateemployment = $dateemployment;
$dateemploymentend = dol_mktime(0, 0, 0, GETPOST('dateemploymentendmonth', 'int'), GETPOST('dateemploymentendday', 'int'), GETPOST('dateemploymentendyear', 'int'));
@ -1203,7 +1204,7 @@ if ($action == 'create' || $action == 'adduserldap')
// Position/Job
print '<tr><td class="titlefieldcreate">'.$langs->trans("PostOrFunction").'</td>';
print '<td>';
print '<input class="maxwidth200" type="text" name="job" value="'.GETPOST('job').'">';
print '<input class="maxwidth200" type="text" name="job" value="'.GETPOST('job', 'nohtml').'">';
print '</td></tr>';
// Default warehouse

8
htdocs/website/index.php
View File

@ -2237,7 +2237,7 @@ if (! GETPOST('hide_websitemenu'))
$formquestion = array(
array('type' => 'checkbox', 'name' => 'delete_also_js', 'label' => $langs->trans("DeleteAlsoJs"), 'value' => 0),
array('type' => 'checkbox', 'name' => 'delete_also_medias', 'label' => $langs->trans("DeleteAlsoMedias"), 'value' => 0),
//array('type' => 'other','name' => 'newlang','label' => $langs->trans("Language"), 'value' => $formadmin->select_language(GETPOST('newlang', 'az09')?GETPOST('newlang', 'az09'):$langs->defaultlang, 'newlang', 0, null, '', 0, 0, 'minwidth200')),
//array('type' => 'other','name' => 'newlang','label' => $langs->trans("Language"), 'value' => $formadmin->select_language(GETPOST('newlang', 'aZ09')?GETPOST('newlang', 'aZ09'):$langs->defaultlang, 'newlang', 0, null, '', 0, 0, 'minwidth200')),
//array('type' => 'other','name' => 'newwebsite','label' => $langs->trans("WebSite"), 'value' => $formwebsite->selectWebsite($object->id, 'newwebsite', 0))
);
@ -2252,7 +2252,7 @@ if (! GETPOST('hide_websitemenu'))
$formquestion = array(
array('type' => 'text', 'name' => 'siteref', 'label'=> $langs->trans("WebSite") ,'value'=> 'copy_of_'.$object->ref),
//array('type' => 'checkbox', 'name' => 'is_a_translation', 'label' => $langs->trans("SiteIsANewTranslation"), 'value' => 0),
//array('type' => 'other','name' => 'newlang','label' => $langs->trans("Language"), 'value' => $formadmin->select_language(GETPOST('newlang', 'az09')?GETPOST('newlang', 'az09'):$langs->defaultlang, 'newlang', 0, null, '', 0, 0, 'minwidth200')),
//array('type' => 'other','name' => 'newlang','label' => $langs->trans("Language"), 'value' => $formadmin->select_language(GETPOST('newlang', 'aZ09')?GETPOST('newlang', 'aZ09'):$langs->defaultlang, 'newlang', 0, null, '', 0, 0, 'minwidth200')),
//array('type' => 'other','name' => 'newwebsite','label' => $langs->trans("WebSite"), 'value' => $formwebsite->selectWebsite($object->id, 'newwebsite', 0))
);
@ -2266,7 +2266,7 @@ if (! GETPOST('hide_websitemenu'))
// Confirmation to clone
if ($action == 'createpagefromclone') {
// Create an array for form
$preselectedlanguage = GETPOST('newlang', 'az09') ? GETPOST('newlang', 'az09') : ($objectpage->lang ? $objectpage->lang : $langs->defaultlang);
$preselectedlanguage = GETPOST('newlang', 'aZ09') ? GETPOST('newlang', 'aZ09') : ($objectpage->lang ? $objectpage->lang : $langs->defaultlang);
$formquestion = array(
array('type' => 'hidden', 'name' => 'sourcepageurl', 'value'=> $objectpage->pageurl),
array('type' => 'checkbox', 'tdclass'=>'maxwidth200', 'name' => 'is_a_translation', 'label' => $langs->trans("PageIsANewTranslation"), 'value' => 0),
@ -3319,7 +3319,7 @@ if ($action == 'replacesite' || $action == 'replacesiteconfirm')
print '<tr>';
print '<td>'.$answerrecord['type'].'</td>';
print '<td>';
$backtopageurl = $_SERVER["PHP_SELF"].'?action=replacesiteconfirm&searchstring='.urlencode($searchkey).'&optioncontent='.GETPOST('optioncontent', 'az09').'&optionmeta='.GETPOST('optionmeta', 'az09').'&optionsitefiles='.GETPOST('optionsitefiles', 'az09');
$backtopageurl = $_SERVER["PHP_SELF"].'?action=replacesiteconfirm&searchstring='.urlencode($searchkey).'&optioncontent='.GETPOST('optioncontent', 'aZ09').'&optionmeta='.GETPOST('optionmeta', 'aZ09').'&optionsitefiles='.GETPOST('optionsitefiles', 'aZ09');
print '<a href="'.$_SERVER["PHP_SELF"].'?action=editcss&website='.$website->ref.'&backtopage='.urlencode($backtopageurl).'">'.$langs->trans("EditCss").'</a>';
print '</td>';
print '<td class="tdoverflow100">';

18
test/phpunit/SecurityTest.php
View File

@ -130,6 +130,24 @@ class SecurityTest extends PHPUnit\Framework\TestCase
print __METHOD__."\n";
}
/**
* testSetLang
*
* @return string
*/
public function testSetLang()
{
global $conf;
$conf=$this->savconf;
$tmplangs = new Translate('', $conf);
$_SERVER['HTTP_ACCEPT_LANGUAGE'] = "' malicious text with quote";
$tmplangs->setDefaultLang('auto');
print __METHOD__.' $tmplangs->defaultlang='.$tmplangs->defaultlang."\n";
$this->assertEquals($tmplangs->defaultlang, 'malicioustextwithquote_MALICIOUSTEXTWITHQUOTE');
}
/**
* testGETPOST
*