From c8c77dbdcff7ae684b56d3a15c9ff5c07dda6d60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Sat, 22 Mar 2014 18:59:48 +0100 Subject: [PATCH 1/6] Fix: Agenda and Banks module were not working with multicompany module --- ChangeLog | 1 + htdocs/comm/action/index.php | 2 +- htdocs/core/lib/security.lib.php | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 7d577afa90d..7944ede2f21 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,7 @@ Fix: Warning into bank conciliation feature. Fix: Bad get of localtaxes into contracts add lines. Fix: Add a limit into list to avoid browser to hang when database is too large. Fix: [ bug #1212 ] 'jqueryFileTree.php' directory traversal vulnerability +Fix: Agenda and Banks module were not working with multicompany module ***** ChangeLog for 3.4.2 compared to 3.4.1 ***** Fix: field's problem into company's page (RIB). diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index cb683dea35e..349dc3aab14 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -311,7 +311,7 @@ $sql.= " ".MAIN_DB_PREFIX."actioncomm as a)"; if (! $user->rights->societe->client->voir && ! $socid) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc"; $sql.= ' WHERE a.fk_action = ca.id'; $sql.= ' AND a.fk_user_author = u.rowid'; -$sql.= ' AND a.entity IN ('.getEntity().')'; +$sql.= ' AND a.entity IN ('.getEntity('agenda', 1).')'; if ($actioncode) $sql.=" AND ca.code='".$db->escape($actioncode)."'"; if ($pid) $sql.=" AND a.fk_project=".$db->escape($pid); if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND (a.fk_soc IS NULL OR sc.fk_user = " .$user->id . ")"; diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index e19ed1eb7fa..b756e15288f 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -125,6 +125,7 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature $params = explode('&', $dbtablename); $dbtablename=(! empty($params[0]) ? $params[0] : ''); $sharedelement=(! empty($params[1]) ? $params[1] : ''); + $sharedelement=(! empty($params[1]) ? $params[1] : $params[0]); $listofmodules=explode(',',$conf->global->MAIN_MODULES_FOR_EXTERNAL); From e2f51d0df2a824732a980042eff4a31b678278fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Sat, 22 Mar 2014 19:00:37 +0100 Subject: [PATCH 2/6] Removed duplicate line --- htdocs/core/lib/security.lib.php | 1 - 1 file changed, 1 deletion(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index b756e15288f..08dffaef416 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -124,7 +124,6 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature // More parameters $params = explode('&', $dbtablename); $dbtablename=(! empty($params[0]) ? $params[0] : ''); - $sharedelement=(! empty($params[1]) ? $params[1] : ''); $sharedelement=(! empty($params[1]) ? $params[1] : $params[0]); $listofmodules=explode(',',$conf->global->MAIN_MODULES_FOR_EXTERNAL); From 09e02f807fe8227b87f072f8d68fc128eb6ff1f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Sat, 22 Mar 2014 19:01:19 +0100 Subject: [PATCH 3/6] Even better improvement --- htdocs/core/lib/security.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 08dffaef416..328f6d3024f 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -124,7 +124,7 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature // More parameters $params = explode('&', $dbtablename); $dbtablename=(! empty($params[0]) ? $params[0] : ''); - $sharedelement=(! empty($params[1]) ? $params[1] : $params[0]); + $sharedelement=(! empty($params[1]) ? $params[1] : $dbtablename); $listofmodules=explode(',',$conf->global->MAIN_MODULES_FOR_EXTERNAL); From e6bd3921f1cb410447515c33212d7c382a632e5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Sun, 30 Mar 2014 23:00:35 +0200 Subject: [PATCH 4/6] Fixed a problem with bank accounts sharing across entities --- htdocs/compta/bank/class/account.class.php | 2 +- htdocs/compta/bank/index.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index 0c12b5e437a..4bdbb7a0587 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -613,7 +613,7 @@ class Account extends CommonObject $sql.= " FROM ".MAIN_DB_PREFIX."bank_account as ba"; $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_pays as p ON ba.fk_pays = p.rowid'; $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_departements as d ON ba.state_id = d.rowid'; - $sql.= " WHERE entity = ".$conf->entity; + $sql.= " WHERE entity IN (".getEntity('bank_account', 1).')'; if ($id) $sql.= " AND ba.rowid = ".$id; if ($ref) $sql.= " AND ba.ref = '".$this->db->escape($ref)."'"; diff --git a/htdocs/compta/bank/index.php b/htdocs/compta/bank/index.php index 51b7a4dc818..87369430f45 100644 --- a/htdocs/compta/bank/index.php +++ b/htdocs/compta/bank/index.php @@ -59,7 +59,7 @@ $accounts = array(); $sql = "SELECT rowid, courant, rappro"; $sql.= " FROM ".MAIN_DB_PREFIX."bank_account"; -$sql.= " WHERE entity = ".$conf->entity; +$sql.= " WHERE entity IN (".getEntity('bank_account', 1).')'; if ($statut != 'all') $sql.= " AND clos = 0"; $sql.= $db->order('label', 'ASC'); From a4797a0e4a5f5b7c68359b7748944dd58f22663d Mon Sep 17 00:00:00 2001 From: Cedric Date: Tue, 1 Apr 2014 16:21:20 +0200 Subject: [PATCH 5/6] FIX : [ bug #1317 ] Removing a category does not remove all child categories --- htdocs/categories/class/categorie.class.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index 5a239f5eb21..a49ad862cac 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -290,6 +290,20 @@ class Categorie $this->db->begin(); + /* FIX #1317 : Check for child cat and move up 1 level*/ + if (! $error) + { + $sql = "UPDATE ".MAIN_DB_PREFIX."categorie"; + $sql.= " SET fk_parent = ".$this->fk_parent; + $sql.= " WHERE fk_parent = ".$this->id; + + if (!$this->db->query($sql)) + { + $this->error=$this->db->lasterror(); + dol_syslog("Error sql=".$sql." ".$this->error, LOG_ERR); + $error++; + } + } if (! $error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_societe"; From 8cb06cac089a929beb24bedf1cf9ee5df3a1950d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 2 Apr 2014 11:27:11 +0200 Subject: [PATCH 6/6] FIX : [ bug #1317 ] Removing a category does not remove all child categories --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 7944ede2f21..1e506fc42a0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,7 @@ Fix: Bad get of localtaxes into contracts add lines. Fix: Add a limit into list to avoid browser to hang when database is too large. Fix: [ bug #1212 ] 'jqueryFileTree.php' directory traversal vulnerability Fix: Agenda and Banks module were not working with multicompany module +Fix: [ bug #1317 ] Removing a category does not remove all child categories ***** ChangeLog for 3.4.2 compared to 3.4.1 ***** Fix: field's problem into company's page (RIB).