Merge branch '7.0' of git@github.com:Dolibarr/dolibarr.git into 8.0
Conflicts: htdocs/core/lib/functions.lib.php
This commit is contained in:
Laurent Destailleur
commit
44626a3a48
@ -37,11 +37,11 @@ $rowid=GETPOST('rowid','int');
|
||||
$entity=GETPOST('entity','int');
|
||||
$action=GETPOST('action','alpha');
|
||||
$update=GETPOST('update','alpha');
|
||||
$delete=GETPOST('delete'); // Do not use alpha here
|
||||
$delete=GETPOST('delete','none'); // Do not use alpha here
|
||||
$debug=GETPOST('debug','int');
|
||||
$consts=GETPOST('const','array');
|
||||
$constname=GETPOST('constname','alpha');
|
||||
$constvalue=GETPOST('constvalue');
|
||||
$constvalue=GETPOST('constvalue','none'); // We shoul dbe able to send everything here
|
||||
$constnote=GETPOST('constnote','alpha');
|
||||
|
||||
|
||||
@ -248,7 +248,7 @@ if ($result)
|
||||
while ($i < $num)
|
||||
{
|
||||
$obj = $db->fetch_object($result);
|
||||
|
||||
|
||||
|
||||
print "\n";
|
||||
|
||||
|
||||
@ -34,7 +34,7 @@ if (!$user->admin) accessforbidden();
|
||||
$id=GETPOST('rowid','int');
|
||||
$action=GETPOST('action','alpha');
|
||||
|
||||
$mode = GETPOST('mode')?GETPOST('mode'):'createform'; // 'createform', 'filters', 'sortorder', 'focus'
|
||||
$mode = GETPOST('mode','aZ09')?GETPOST('mode','aZ09'):'createform'; // 'createform', 'filters', 'sortorder', 'focus'
|
||||
|
||||
$limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit;
|
||||
$sortfield = GETPOST("sortfield",'alpha');
|
||||
|
||||
@ -89,7 +89,7 @@ if ($action == 'update')
|
||||
if ($result > 0)
|
||||
{
|
||||
$menu->titre=GETPOST('titre', 'alpha');
|
||||
$menu->leftmenu=GETPOST('leftmenu', 'alpha');
|
||||
$menu->leftmenu=GETPOST('leftmenu', 'aZ09');
|
||||
$menu->url=GETPOST('url','alpha');
|
||||
$menu->langs=GETPOST('langs','alpha');
|
||||
$menu->position=GETPOST('position','int');
|
||||
|
||||
@ -157,7 +157,7 @@ $i=0;
|
||||
foreach($_SESSION as $key => $val)
|
||||
{
|
||||
if ($i > 0) print ', ';
|
||||
print $key.' => '.$val;
|
||||
print $key.' => '.dol_escape_htmltag($val);
|
||||
$i++;
|
||||
}
|
||||
print '</td></tr>'."\n";
|
||||
|
||||
@ -40,7 +40,7 @@ $transkey=GETPOST('transkey','alpha');
|
||||
$transvalue=GETPOST('transvalue','alpha');
|
||||
|
||||
|
||||
$mode = GETPOST('mode')?GETPOST('mode'):'overwrite';
|
||||
$mode = GETPOST('mode','aZ09')?GETPOST('mode','aZ09'):'overwrite';
|
||||
|
||||
$limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit;
|
||||
$sortfield = GETPOST("sortfield",'alpha');
|
||||
|
||||
@ -193,7 +193,12 @@ class Form
|
||||
$morealt=' style="width: '.$cols.'"';
|
||||
$cols='';
|
||||
}
|
||||
$ret.='<textarea id="'.$htmlname.'" name="'.$htmlname.'" wrap="soft" rows="'.($tmp[1]?$tmp[1]:'20').'"'.($cols?' cols="'.$cols.'"':'class="quatrevingtpercent"').$morealt.'">'.($editvalue?$editvalue:$value).'</textarea>';
|
||||
|
||||
$valuetoshow = ($editvalue?$editvalue:$value);
|
||||
|
||||
$ret.='<textarea id="'.$htmlname.'" name="'.$htmlname.'" wrap="soft" rows="'.($tmp[1]?$tmp[1]:'20').'"'.($cols?' cols="'.$cols.'"':'class="quatrevingtpercent"').$morealt.'">';
|
||||
$ret.=dol_string_neverthesehtmltags($valuetoshow, array('textarea'));
|
||||
$ret.='</textarea>';
|
||||
}
|
||||
else if ($typeofdata == 'day' || $typeofdata == 'datepicker')
|
||||
{
|
||||
|
||||
@ -4520,7 +4520,7 @@ function price($amount, $form=0, $outlangs='', $trunc=1, $rounding=-1, $forcerou
|
||||
* 'MT'=Round to Max for totals with Tax (MAIN_MAX_DECIMALS_TOT)
|
||||
* 'MS'=Round to Max for stock quantity (MAIN_MAX_DECIMALS_STOCK)
|
||||
* @param int $alreadysqlnb Put 1 if you know that content is already universal format number
|
||||
* @return string Amount with universal numeric format (Example: '99.99999') or unchanged text if conversion fails.
|
||||
* @return string Amount with universal numeric format (Example: '99.99999') or unchanged text if conversion fails. If amount is null or '', it returns ''.
|
||||
*
|
||||
* @see price Opposite function of price2num
|
||||
*/
|
||||
@ -5448,7 +5448,7 @@ function picto_required()
|
||||
* @param integer $strip_tags 0=Use internal strip, 1=Use strip_tags() php function (bugged when text contains a < char that is not for a html tag)
|
||||
* @return string String cleaned
|
||||
*
|
||||
* @see dol_escape_htmltag strip_tags
|
||||
* @see dol_escape_htmltag strip_tags dol_string_onlythesehtmltags dol_string_neverthesehtmltags
|
||||
*/
|
||||
function dol_string_nohtmltag($stringtoclean, $removelinefeed=1, $pagecodeto='UTF-8', $strip_tags=0)
|
||||
{
|
||||
@ -5480,6 +5480,51 @@ function dol_string_nohtmltag($stringtoclean, $removelinefeed=1, $pagecodeto='UT
|
||||
return trim($temp);
|
||||
}
|
||||
|
||||
/**
|
||||
* Clean a string to keep only desirable HTML tags.
|
||||
*
|
||||
* @param string $stringtoclean String to clean
|
||||
* @return string String cleaned
|
||||
*
|
||||
* @see dol_escape_htmltag strip_tags dol_string_nohtmltag dol_string_neverthesehtmltags
|
||||
*/
|
||||
function dol_string_onlythesehtmltags($stringtoclean)
|
||||
{
|
||||
$allowed_tags = array(
|
||||
"html", "head", "meta", "body", "b", "br", "div", "em", "font", "img", "hr", "i", "li", "link",
|
||||
"ol", "p", "s", "section", "span", "strong", "title",
|
||||
"table", "tr", "th", "td", "u", "ul"
|
||||
);
|
||||
|
||||
$allowed_tags_string = join("><", $allowed_tags);
|
||||
$allowed_tags_string = preg_replace('/^>/','',$allowed_tags_string);
|
||||
$allowed_tags_string = preg_replace('/<$/','',$allowed_tags_string);
|
||||
|
||||
$temp = strip_tags($stringtoclean, $allowed_tags_string);
|
||||
|
||||
return $temp;
|
||||
}
|
||||
|
||||
/**
|
||||
* Clean a string from some undesirable HTML tags.
|
||||
*
|
||||
* @param string $stringtoclean String to clean
|
||||
* @param array $disallowed_tags Array of tags not allowed
|
||||
* @return string String cleaned
|
||||
*
|
||||
* @see dol_escape_htmltag strip_tags dol_string_nohtmltag dol_string_onlythesehtmltags
|
||||
*/
|
||||
function dol_string_neverthesehtmltags($stringtoclean, $disallowed_tags=array('textarea'))
|
||||
{
|
||||
$temp = $stringtoclean;
|
||||
foreach($disallowed_tags as $tagtoremove)
|
||||
{
|
||||
$temp = preg_replace('/<\/?'.$tagtoremove.'>/', '', $temp);
|
||||
$temp = preg_replace('/<\/?'.$tagtoremove.'\s+[^>]*>/', '', $temp);
|
||||
}
|
||||
return $temp;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Return first line of text. Cut will depends if content is HTML or not.
|
||||
|
||||
@ -309,8 +309,7 @@ if ($search_status != '' && $search_status >= 0) $sql.=" AND d.fk_statut IN (".$
|
||||
if (empty($user->rights->expensereport->readall) && empty($user->rights->expensereport->lire_tous)
|
||||
&& (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || empty($user->rights->expensereport->writeall_advance)))
|
||||
{
|
||||
$childids = $user->getAllChildIds();
|
||||
$childids[]=$user->id;
|
||||
$childids = $user->getAllChildIds(1);
|
||||
$sql.= " AND d.fk_user_author IN (".join(',',$childids).")\n";
|
||||
}
|
||||
// Add where from extra fields
|
||||
@ -447,12 +446,15 @@ if ($resql)
|
||||
print '<a href="'.$_SERVER["PHP_SELF"].'?action=edit&id='.$user_id.'" class="butAction">'.$langs->trans("Modify").'</a>';
|
||||
}
|
||||
|
||||
$canedit=(($user->id == $user_id && $user->rights->expensereport->creer) || ($user->id != $user_id));
|
||||
$childids = $user->getAllChildIds(1);
|
||||
|
||||
$canedit=((in_array($user_id, $childids) && $user->rights->expensereport->creer)
|
||||
|| ($conf->global->MAIN_USE_ADVANCED_PERMS && $user->rights->expensereport->writeall_advance));
|
||||
|
||||
// Boutons d'actions
|
||||
if ($canedit)
|
||||
{
|
||||
print '<a href="'.DOL_URL_ROOT.'/expensereport/card.php?action=request&id='.$user_id.'" class="butAction">'.$langs->trans("AddTrip").'</a>';
|
||||
print '<a href="'.DOL_URL_ROOT.'/expensereport/card.php?action=create&fk_user_author='.$fuser->id.'" class="butAction">'.$langs->trans("AddTrip").'</a>';
|
||||
}
|
||||
|
||||
print '</div>';
|
||||
|
||||
Loading…
Reference in New Issue
Block a user