From 461d748f97517945ec3638d06695c97d7d4d6775 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 18 Mar 2021 20:27:36 +0100
Subject: [PATCH] Fix #yogosha235

---
 htdocs/compta/facture/card-rec.php            |  3 ++-
 htdocs/compta/facture/card.php                | 14 +++++-----
 htdocs/compta/facture/class/facture.class.php |  2 +-
 htdocs/compta/facture/contact.php             | 16 +++++-------
 htdocs/compta/facture/document.php            | 14 +++++-----
 htdocs/compta/facture/info.php                | 26 ++++++++++++++++---
 .../compta/facture/invoicetemplate_list.php   |  5 ++++
 htdocs/compta/facture/note.php                | 13 ++++++----
 8 files changed, 59 insertions(+), 34 deletions(-)

diff --git a/htdocs/compta/facture/card-rec.php b/htdocs/compta/facture/card-rec.php
index c1c0f83cecb..167e9e4a577 100644
--- a/htdocs/compta/facture/card-rec.php
+++ b/htdocs/compta/facture/card-rec.php
@@ -65,7 +65,6 @@ $objecttype = 'facture_rec';
 if ($action == "create" || $action == "add") {
 	$objecttype = '';
 }
-$result = restrictedArea($user, 'facture', $id, $objecttype);
 $projectid = GETPOST('projectid', 'int');
 
 $year_date_when = GETPOST('year_date_when');
@@ -127,6 +126,8 @@ $now = dol_now();
 
 $error = 0;
 
+$result = restrictedArea($user, 'facture', $object->id, $objecttype);
+
 
 /*
  * Actions
diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php
index 0433d9eb746..cd1905f528f 100644
--- a/htdocs/compta/facture/card.php
+++ b/htdocs/compta/facture/card.php
@@ -138,19 +138,19 @@ $permissiondellink = $usercancreate; // Used by the include of actions_dellink.i
 $permissiontoedit = $usercancreate; // Used by the include of actions_lineupdonw.inc.php
 $permissiontoadd = $usercancreate; // Used by the include of actions_addupdatedelete.inc.php
 
+// retained warranty invoice available type
+$retainedWarrantyInvoiceAvailableType = array();
+if (!empty($conf->global->INVOICE_USE_RETAINED_WARRANTY)) {
+	$retainedWarrantyInvoiceAvailableType = explode('+', $conf->global->INVOICE_USE_RETAINED_WARRANTY);
+}
+
 // Security check
 $fieldid = (!empty($ref) ? 'ref' : 'rowid');
 if ($user->socid) {
 	$socid = $user->socid;
 }
 $isdraft = (($object->statut == Facture::STATUS_DRAFT) ? 1 : 0);
-$result = restrictedArea($user, 'facture', $id, '', '', 'fk_soc', $fieldid, $isdraft);
-
-// retained warranty invoice available type
-$retainedWarrantyInvoiceAvailableType = array();
-if (!empty($conf->global->INVOICE_USE_RETAINED_WARRANTY)) {
-	$retainedWarrantyInvoiceAvailableType = explode('+', $conf->global->INVOICE_USE_RETAINED_WARRANTY);
-}
+$result = restrictedArea($user, 'facture', $object->id, '', '', 'fk_soc', $fieldid, $isdraft);
 
 
 /*
diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php
index 69356287288..a51ad8f65fa 100644
--- a/htdocs/compta/facture/class/facture.class.php
+++ b/htdocs/compta/facture/class/facture.class.php
@@ -1553,7 +1553,7 @@ class Facture extends CommonInvoice
 	 * 	@param		string	$ref				Reference of invoice
 	 * 	@param		string	$ref_ext			External reference of invoice
 	 * 	@param		int		$notused			Not used
-	 *  @param		bool	$fetch_situation	Fetch the previous and next situation in $tab_previous_situation_invoice and $tab_next_situation_invoice
+	 *  @param		bool	$fetch_situation	Load also the previous and next situation invoice into $tab_previous_situation_invoice and $tab_next_situation_invoice
 	 *	@return     int         				>0 if OK, <0 if KO, 0 if not found
 	 */
 	public function fetch($rowid, $ref = '', $ref_ext = '', $notused = '', $fetch_situation = false)
diff --git a/htdocs/compta/facture/contact.php b/htdocs/compta/facture/contact.php
index dc1fe1e7c45..19e76b15c5c 100644
--- a/htdocs/compta/facture/contact.php
+++ b/htdocs/compta/facture/contact.php
@@ -48,9 +48,14 @@ $action = GETPOST('action', 'aZ09');
 if ($user->socid) {
 	$socid = $user->socid;
 }
-$result = restrictedArea($user, 'facture', $id);
 
 $object = new Facture($db);
+// Load object
+if ($id > 0 || !empty($ref)) {
+	$ret = $object->fetch($id, $ref, '', '', $conf->global->INVOICE_USE_SITUATION);
+}
+
+$result = restrictedArea($user, 'facture', $object->id);
 
 
 /*
@@ -58,8 +63,6 @@ $object = new Facture($db);
  */
 
 if ($action == 'addcontact' && $user->rights->facture->creer) {
-	$result = $object->fetch($id);
-
 	if ($result > 0 && $id > 0) {
 		$contactid = (GETPOST('userid') ? GETPOST('userid', 'int') : GETPOST('contactid', 'int'));
 		$typeid = (GETPOST('typecontact') ? GETPOST('typecontact') : GETPOST('type'));
@@ -79,14 +82,9 @@ if ($action == 'addcontact' && $user->rights->facture->creer) {
 	}
 } elseif ($action == 'swapstatut' && $user->rights->facture->creer) {
 	// Toggle the status of a contact
-	if ($object->fetch($id)) {
-		$result = $object->swapContactStatus(GETPOST('ligne'));
-	} else {
-		dol_print_error($db);
-	}
+	$result = $object->swapContactStatus(GETPOST('ligne'));
 } elseif ($action == 'deletecontact' && $user->rights->facture->creer) {
 	// Deletes a contact
-	$object->fetch($id);
 	$result = $object->delete_contact($lineid);
 
 	if ($result >= 0) {
diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php
index c44aeae67ca..4c0544e3810 100644
--- a/htdocs/compta/facture/document.php
+++ b/htdocs/compta/facture/document.php
@@ -48,12 +48,6 @@ $socid = GETPOST('socid', 'int');
 $action = GETPOST('action', 'aZ09');
 $confirm = GETPOST('confirm', 'alpha');
 
-// Security check
-if ($user->socid) {
-	$socid = $user->socid;
-}
-$result = restrictedArea($user, 'facture', $id, '');
-
 // Get parameters
 $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
 $sortfield = GETPOST("sortfield", 'alpha');
@@ -73,11 +67,17 @@ if (!$sortfield) {
 }
 
 $object = new Facture($db);
-if ($object->fetch($id)) {
+if ($object->fetch($id, $ref)) {
 	$object->fetch_thirdparty();
 	$upload_dir = $conf->facture->dir_output."/".dol_sanitizeFileName($object->ref);
 }
 
+// Security check
+if ($user->socid) {
+	$socid = $user->socid;
+}
+$result = restrictedArea($user, 'facture', $object->id, '');
+
 
 /*
  * Actions
diff --git a/htdocs/compta/facture/info.php b/htdocs/compta/facture/info.php
index 97646d56103..5b9b7fc4316 100644
--- a/htdocs/compta/facture/info.php
+++ b/htdocs/compta/facture/info.php
@@ -38,6 +38,25 @@ $langs->loadLangs(array('companies', 'bills'));
 $id = GETPOST("facid", "int");
 $ref = GETPOST("ref", 'alpha');
 
+$object = new Facture($db);
+$extrafields = new ExtraFields($db);
+
+// Fetch optionals attributes and labels
+$extrafields->fetch_name_optionals_label($object->table_element);
+
+// Load object
+if ($id > 0 || !empty($ref)) {
+	$ret = $object->fetch($id, $ref, '', '', $conf->global->INVOICE_USE_SITUATION);
+}
+
+// Security check
+$fieldid = (!empty($ref) ? 'ref' : 'rowid');
+if ($user->socid) {
+	$socid = $user->socid;
+}
+$isdraft = (($object->statut == Facture::STATUS_DRAFT) ? 1 : 0);
+$result = restrictedArea($user, 'facture', $object->id, '', '', 'fk_soc', $fieldid, $isdraft);
+
 
 /*
  * View
@@ -46,11 +65,10 @@ $ref = GETPOST("ref", 'alpha');
 $form = new Form($db);
 
 $title = $langs->trans('InvoiceCustomer')." - ".$langs->trans('Info');
-$helpurl = "EN:Customers_Invoices|FR:Factures_Clients|ES:Facturas_a_clientes";
-llxHeader('', $title, $helpurl);
+$help_url = "EN:Customers_Invoices|FR:Factures_Clients|ES:Facturas_a_clientes";
+
+llxHeader('', $title, $help_url);
 
-$object = new Facture($db);
-$object->fetch($id, $ref);
 $object->fetch_thirdparty();
 
 $object->info($object->id);
diff --git a/htdocs/compta/facture/invoicetemplate_list.php b/htdocs/compta/facture/invoicetemplate_list.php
index e419ed9260b..5d511aa6cd6 100644
--- a/htdocs/compta/facture/invoicetemplate_list.php
+++ b/htdocs/compta/facture/invoicetemplate_list.php
@@ -165,6 +165,11 @@ if ($socid > 0) {
 	}
 }
 
+$objecttype = 'facture_rec';
+
+$result = restrictedArea($user, 'facture', $object->id, $objecttype);
+
+
 /*
  * Actions
  */
diff --git a/htdocs/compta/facture/note.php b/htdocs/compta/facture/note.php
index 23d4afb0417..f019d822529 100644
--- a/htdocs/compta/facture/note.php
+++ b/htdocs/compta/facture/note.php
@@ -41,6 +41,14 @@ $ref = GETPOST('ref', 'alpha');
 $socid = GETPOST('socid', 'int');
 $action = GETPOST('action', 'aZ09');
 
+$object = new Facture($db);
+// Load object
+if ($id > 0 || !empty($ref)) {
+	$object->fetch($id, $ref, '', '', $conf->global->INVOICE_USE_SITUATION);
+}
+
+$permissionnote = $user->rights->facture->creer; // Used by the include of actions_setnotes.inc.php
+
 // Security check
 $socid = 0;
 if ($user->socid) {
@@ -48,11 +56,6 @@ if ($user->socid) {
 }
 $result = restrictedArea($user, 'facture', $id, '');
 
-$object = new Facture($db);
-$object->fetch($id);
-
-$permissionnote = $user->rights->facture->creer; // Used by the include of actions_setnotes.inc.php
-
 
 /*
  * Actions