Merge branch 'develop' of ssh://git@github.com/Dolibarr/dolibarr.git into develop

2012-05-03 22:12:13 +02:00 · 2012-05-03 22:12:13 +02:00 · 498be67ac1
commit 498be67ac1
parent a6f8fc4af4 1b350fafd1
11 changed files with 72 additions and 30 deletions
--- a/16
+++ b/16
@ -15,7 +15,7 @@ For developers:
 - Can add a link on title field of added dictionnary.


-***** ChangeLog for 3.2 compared to 3.1 *****
+***** ChangeLog for 3.2.0 compared to 3.1.2 *****
 WARNING: PHP lower than 5.x are no more supported.
 WARNING: Because of a major datastructure change onto supplier prices tables, be aware
 to make a backup of your database before making upgrade.
@ -109,6 +109,20 @@ For developers:
 WARNING: To reduce technic debt, all functions dolibarr_xxx were renamed int dol_xxx.


+
+***** ChangeLog for 3.1.2 compared to 3.1.1 *****
+
+- Fix: Can clone a proposal
+- Fix: Add member ID in substitution method
+- Fix: Duplicate end tag and missing form parts
+- Fix: Support companies with no prof id.
+- Fix: Sanitize data
+- Fix: Bug #318
+- Fix: Bug #369
+- Fix: More bugs
+
+
+
 ***** ChangeLog for 3.1.1 compared to 3.1.0 *****

 - New: Add option FACTURE_DEPOSITS_ARE_JUST_PAYMENTS. With this option added, 
--- a/htdocs/compta/facture/fiche-rec.php
+++ b/htdocs/compta/facture/fiche-rec.php
@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2002-2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2004-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2010 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -58,7 +58,7 @@ $sortfield="f.datef";


 // Create predefined invoice
-if ($_POST["action"] == 'add')
+if ($action == 'add')
 {
 	$facturerec = new FactureRec($db);
 	$facturerec->titre = $_POST["titre"];
@ -71,17 +71,16 @@ if ($_POST["action"] == 'add')
 	}
 	else
 	{
-		$_GET["action"] = "create";
-		$_GET["facid"] = $_POST["facid"];
+		$action = "create";
 		$mesg = '<div class="error">'.$facturerec->error.'</div>';
 	}
 }

 // Suppression
-if ($_REQUEST["action"] == 'delete' && $user->rights->facture->supprimer)
+if ($action == 'delete' && $user->rights->facture->supprimer)
 {
 	$facrec = new FactureRec($db);
-	$facrec->fetch(GETPOST('facid','int'));
+	$facrec->fetch($facid);
 	$facrec->delete();
 	$facid = 0 ;
 }
@ -99,7 +98,7 @@ $form = new Form($db);
 /*
 * Create mode
 */
-if ($_GET["action"] == 'create')
+if ($action == 'create')
 {
 	print_fiche_titre($langs->trans("CreateRepeatableInvoice"));

@ -108,7 +107,7 @@ if ($_GET["action"] == 'create')
 	$facture = new Facture($db);   // Source invoice
 	$product_static=new Product($db);

-	if ($facture->fetch($_GET["facid"]) > 0)
+	if ($facture->fetch($facid) > 0)
 	{
 		print '<form action="fiche-rec.php" method="post">';
 		print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
--- a/htdocs/contrat/class/contrat.class.php
+++ b/htdocs/contrat/class/contrat.class.php
@ -324,7 +324,11 @@ class Contrat extends CommonObject
 		$sql.= " fk_commercial_signature, fk_commercial_suivi,";
 		$sql.= " note as note_private, note_public, extraparams";
 		$sql.= " FROM ".MAIN_DB_PREFIX."contrat";
-		if ($ref) $sql.= " WHERE ref='".$ref."'";
+		if ($ref)
+		{
+			$sql.= " WHERE ref='".$ref."'";
+			$sql.= " AND entity IN (".getEntity('contract').")";
+		}
 		else $sql.= " WHERE rowid=".$id;

 		dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG);
@ -624,13 +628,14 @@ class Contrat extends CommonObject
 		// Insert contract
 		$sql = "INSERT INTO ".MAIN_DB_PREFIX."contrat (datec, fk_soc, fk_user_author, date_contrat,";
 		$sql.= " fk_commercial_signature, fk_commercial_suivi, fk_projet,";
-		$sql.= " ref)";
+		$sql.= " ref, entity)";
 		$sql.= " VALUES (".$this->db->idate($now).",".$this->socid.",".$user->id;
 		$sql.= ",".$this->db->idate($this->date_contrat);
 		$sql.= ",".($this->commercial_signature_id>0?$this->commercial_signature_id:"NULL");
 		$sql.= ",".($this->commercial_suivi_id>0?$this->commercial_suivi_id:"NULL");
 		$sql.= ",".($this->fk_projet>0?$this->fk_projet:"NULL");
-		$sql .= ", " . (dol_strlen($this->ref)<=0 ? "null" : "'".$this->ref."'");
+		$sql.= ", ".(dol_strlen($this->ref)<=0 ? "null" : "'".$this->ref."'");
+		$sql.= ", ".$conf->entity;
 		$sql.= ")";
 		$resql=$this->db->query($sql);
 		if ($resql)
--- a/htdocs/contrat/index.php
+++ b/htdocs/contrat/index.php
@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2001-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2004-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -38,9 +38,9 @@ $statut=isset($_GET["statut"])?$_GET["statut"]:1;

 // Security check
 $socid=0;
-$contratid = isset($_GET["id"])?$_GET["id"]:'';
+$id = GETPOST('id','int');
 if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'contrat',$contratid,'');
+$result = restrictedArea($user, 'contrat',$id,'');

 $staticcompany=new Societe($db);
 $staticcontrat=new Contrat($db);
@ -104,7 +104,7 @@ $sql.= ", ".MAIN_DB_PREFIX."contratdet as cd, ".MAIN_DB_PREFIX."contrat as c";
 if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 $sql.= " WHERE cd.fk_contrat = c.rowid AND c.fk_soc = s.rowid";
 $sql.= " AND (cd.statut != 4 OR (cd.statut = 4 AND (cd.date_fin_validite is null or cd.date_fin_validite >= '".$db->idate($now)."')))";
-$sql.= " AND c.entity = ".$conf->entity;
+$sql.= " AND c.entity IN (".getEntity('contract').")";
 if ($user->societe_id) $sql.=' AND c.fk_soc = '.$user->societe_id;
 if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 $sql.= " GROUP BY cd.statut";
@ -141,7 +141,7 @@ $sql.= ", ".MAIN_DB_PREFIX."contratdet as cd, ".MAIN_DB_PREFIX."contrat as c";
 if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 $sql.= " WHERE cd.fk_contrat = c.rowid AND c.fk_soc = s.rowid";
 $sql.= " AND (cd.statut = 4 AND cd.date_fin_validite < '".$db->idate($now)."')";
-$sql.= " AND c.entity = ".$conf->entity;
+$sql.= " AND c.entity IN (".getEntity('contract').")";
 if ($user->societe_id) $sql.=' AND c.fk_soc = '.$user->societe_id;
 if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 $sql.= " GROUP BY cd.statut";
@ -230,7 +230,7 @@ if ($conf->contrat->enabled && $user->rights->contrat->lire)
 	$sql .= " FROM ".MAIN_DB_PREFIX."contrat as c, ".MAIN_DB_PREFIX."societe as s";
 	if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 	$sql.= " WHERE s.rowid = c.fk_soc";
-	$sql.= " AND c.entity = ".$conf->entity;
+	$sql.= " AND c.entity IN (".getEntity('contract').")";
 	$sql.= " AND c.statut = 0";
 	if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 	if ($socid) $sql.= " AND s.fk_soc = ".$socid;
@ -301,7 +301,7 @@ if (!$user->rights->societe->client->voir && !$socid) $sql.= " ".MAIN_DB_PREFIX.
 $sql.= " ".MAIN_DB_PREFIX."contrat as c";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."contratdet as cd ON c.rowid = cd.fk_contrat";
 $sql.= " WHERE c.fk_soc = s.rowid";
-$sql.= " AND c.entity = ".$conf->entity;
+$sql.= " AND c.entity IN (".getEntity('contract').")";
 $sql.= " AND c.statut > 0";
 if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 if ($socid) $sql.= " AND s.rowid = ".$socid;
@ -373,7 +373,7 @@ $sql.= ", ".MAIN_DB_PREFIX."societe as s";
 if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 $sql.= ", ".MAIN_DB_PREFIX."contratdet as cd";
 $sql.= ") LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
-$sql.= " WHERE c.entity = ".$conf->entity;
+$sql.= " WHERE c.entity IN (".getEntity('contract').")";
 $sql.= " AND cd.fk_contrat = c.rowid";
 $sql.= " AND c.fk_soc = s.rowid";
 if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
@ -451,7 +451,7 @@ $sql.= ", ".MAIN_DB_PREFIX."societe as s";
 if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 $sql.= ", ".MAIN_DB_PREFIX."contratdet as cd";
 $sql.= " ) LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
-$sql.= " WHERE c.entity = ".$conf->entity;
+$sql.= " WHERE c.entity IN (".getEntity('contract').")";
 $sql.= " AND c.statut = 1";
 $sql.= " AND cd.statut = 0";
 $sql.= " AND cd.fk_contrat = c.rowid";
@ -530,7 +530,7 @@ $sql.= ", ".MAIN_DB_PREFIX."societe as s";
 if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 $sql.= ", ".MAIN_DB_PREFIX."contratdet as cd";
 $sql.= " ) LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
-$sql.= " WHERE c.entity = ".$conf->entity;
+$sql.= " WHERE c.entity IN (".getEntity('contract').")";
 $sql.= " AND c.statut = 1";
 $sql.= " AND cd.statut = 4";
 $sql.= " AND cd.date_fin_validite < '".$db->idate($now)."'";
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@ -377,6 +377,13 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature
                    $tmparray=explode(',',$tmps);
                    if (! in_array($objectid,$tmparray)) accessforbidden();
                }
+                else
+                {
+                	$sql = "SELECT dbt.".$dbt_select;
+                	$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
+                	$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
+                	$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
+                }
            }
            else if (! in_array($feature,$nocheck))	// By default we check with link to third party
            {
--- a/htdocs/langs/ca_ES/ecm.lang
+++ b/htdocs/langs/ca_ES/ecm.lang
@ -36,6 +36,7 @@ ECMSearchByEntity=Cercar per objecte
 ECMSectionOfDocuments=Carpetes de documents
 ECMTypeManual=Manual
 ECMTypeAuto=Automàtic
+ECMDocsBySocialContributions=Documents asociats a càrreges socials
 ECMDocsByThirdParties=Documents associats a tercers
 ECMDocsByProposals=Documents associats a pressupostos
 ECMDocsByOrders=Documents associats a comandes
--- a/htdocs/langs/ca_ES/orders.lang
+++ b/htdocs/langs/ca_ES/orders.lang
@ -3,6 +3,7 @@ CHARSET=UTF-8
 OrdersArea=Àrea comandes de clients
 SuppliersOrdersArea=Àrea comandes a proveïdors
 OrderCard=Fitxa comanda
+OrderId=Id comanda
 Order=Comanda
 Orders=Comandes
 OrderLine=Línia de comanda
@ -29,6 +30,7 @@ StatusOrderDraftShort=Esborrany
 StatusOrderValidatedShort=Validada
 StatusOrderOnProcessShort=Per rebre
 StatusOrderSentShort=Expedició en curs
+StatusOrderSent=Enviament en curs
 StatusOrderProcessedShort=Processada
 StatusOrderToBillShort=A facturar
 StatusOrderApprovedShort=Aprovada
@ -108,6 +110,7 @@ PaymentOrderRef=Pagament comanda %s
 CloneOrder=Clonar comanda
 ConfirmCloneOrder=Esteu segur de voler clonar aquesta comanda <b>%s</b>?
 DispatchSupplierOrder=Recepció de la comanda a proveïdor %s
+DateDeliveryPlanned=Data prevista de lliurament
 ##### Types de contacts #####
 TypeContact_commande_internal_SALESREPFOLL=Responsable seguiment comanda client
 TypeContact_commande_internal_SHIPPING=Responsable enviament comanda client
@ -119,10 +122,12 @@ TypeContact_order_supplier_internal_SHIPPING=Responsable recepció comanda a pro
 TypeContact_order_supplier_external_BILLING=Contacte proveïdor facturació comanda
 TypeContact_order_supplier_external_SHIPPING=Contacte proveïdor lliurament comanda
 TypeContact_order_supplier_external_CUSTOMER=Contacte proveïdor seguiment comanda
+
 Error_COMMANDE_SUPPLIER_ADDON_NotDefined=Constant COMMANDE_SUPPLIER_ADDON no definida
 Error_COMMANDE_ADDON_NotDefined=Constant COMMANDE_ADDON no definida
 Error_FailedToLoad_COMMANDE_SUPPLIER_ADDON_File=Error en la càrrega de l'arxiu mòdul '%s'
 Error_FailedToLoad_COMMANDE_ADDON_File=Error en la càrrega de l'arxiu mòdul '%s'
+
 # Sources
 OrderSource0=Pressupost
 OrderSource1=Internet
@ -134,12 +139,14 @@ OrderSource6=Revistes
 QtyOrdered=Qt. demanda
 AddDeliveryCostLine=Afegir una línia de despeses de ports indicant el pes de la comanda
 SetDemandReason=Indicar origen de la comanda
+
 # Document models
 PDFEinsteinDescription=Model de comanda complet (logo...)
 PDFEdisonDescription=Model de comanda simple
+
 # Orders modes
 OrderByMail=Correu
 OrderByFax=Fax
 OrderByEMail=E-Mail
 OrderByWWW=En línia
-OrderByPhone=Telèfon
+OrderByPhone=Telèfon
--- a/htdocs/langs/es_ES/ecm.lang
+++ b/htdocs/langs/es_ES/ecm.lang
@ -36,6 +36,7 @@ ECMSearchByEntity=Buscar por objeto
 ECMSectionOfDocuments=Directorios de documentos
 ECMTypeManual=Manual
 ECMTypeAuto=Automático
+ECMDocsBySocialContributions=Documentos asociados a cargas sociales
 ECMDocsByThirdParties=Documentos asociados a terceros
 ECMDocsByProposals=Documentos asociados a presupuestos
 ECMDocsByOrders=Documentos asociados a pedidos
--- a/htdocs/langs/es_ES/orders.lang
+++ b/htdocs/langs/es_ES/orders.lang
@ -3,6 +3,7 @@ CHARSET=UTF-8
 OrdersArea=Área pedidos de clientes
 SuppliersOrdersArea=Área pedidos a proveedores
 OrderCard=Ficha pedido
+OrderId=Id pedido
 Order=Pedido
 Orders=Pedidos
 OrderLine=Línea de pedido
@ -29,6 +30,7 @@ StatusOrderDraftShort=Borrador
 StatusOrderValidatedShort=Validado
 StatusOrderOnProcessShort=Pdte. Recibir
 StatusOrderSentShort=Expedición en curso
+StatusOrderSent=Envío en curso
 StatusOrderProcessedShort=Procesado
 StatusOrderToBillShort=A facturar
 StatusOrderApprovedShort=Aprobado
@ -108,6 +110,7 @@ PaymentOrderRef=Pago pedido %s
 CloneOrder=Clonar pedido
 ConfirmCloneOrder=¿Está seguro de querer clonar este pedido <b>%s</b>?
 DispatchSupplierOrder=Recepción del pedido a proveedor %s
+DateDeliveryPlanned=Fecha prevista de entrega
 ##### Types de contacts #####
 TypeContact_commande_internal_SALESREPFOLL=Responsable seguimiento pedido cliente
 TypeContact_commande_internal_SHIPPING=Responsable envío pedido cliente
@ -119,10 +122,12 @@ TypeContact_order_supplier_internal_SHIPPING=Responsable recepción pedido a pro
 TypeContact_order_supplier_external_BILLING=Contacto proveedor facturación pedido
 TypeContact_order_supplier_external_SHIPPING=Contacto proveedor entrega pedido
 TypeContact_order_supplier_external_CUSTOMER=Contacto proveedor seguimiento pedido
+
 Error_COMMANDE_SUPPLIER_ADDON_NotDefined=Constante COMMANDE_SUPPLIER_ADDON no definida
 Error_COMMANDE_ADDON_NotDefined=Constante COMMANDE_ADDON no definida
 Error_FailedToLoad_COMMANDE_SUPPLIER_ADDON_File=Error en la carga del archivo módulo '%s'
 Error_FailedToLoad_COMMANDE_ADDON_File=Error en la carga del archivo módulo '%s'
+
 # Sources
 OrderSource0=Presupuesto
 OrderSource1=Internet
@ -134,6 +139,7 @@ OrderSource6=Revistas
 QtyOrdered=Cant. pedida
 AddDeliveryCostLine=Añadir una línea de gastos de portes indicando el peso del pedido
 SetDemandReason=Indicar origen del pedido
+
 # Document models
 PDFEinsteinDescription=Modelo de pedido completo (logo...)
 PDFEdisonDescription=Modelo de pedido simple
@ -142,4 +148,4 @@ OrderByMail=Correo
 OrderByFax=Fax
 OrderByEMail=E-Mail
 OrderByWWW=En línea
-OrderByPhone=Teléfono
+OrderByPhone=Teléfono
--- a/htdocs/projet/class/project.class.php
+++ b/htdocs/projet/class/project.class.php
@ -240,8 +240,12 @@ class Project extends CommonObject
        $sql = "SELECT rowid, ref, title, description, public, datec";
        $sql.= ", tms, dateo, datee, fk_soc, fk_user_creat, fk_statut, note_private, note_public";
        $sql.= " FROM " . MAIN_DB_PREFIX . "projet";
-        if ($ref) $sql.= " WHERE ref='" . $ref . "'";
-        else $sql.= " WHERE rowid=" . $id;
+        if ($ref)
+        {
+        	$sql.= " WHERE ref='".$ref."'";
+        	$sql.= " AND entity IN (".getEntity('project').")";
+        }
+        else $sql.= " WHERE rowid=".$id;

        dol_syslog(get_class($this)."::fetch sql=" . $sql, LOG_DEBUG);
        $resql = $this->db->query($sql);
@ -813,8 +817,6 @@ class Project extends CommonObject
     */
    function getProjectsAuthorizedForUser($user, $mode=0, $list=0, $socid=0)
    {
-        global $conf;
-
        $projects = array();
        $temp = array();

@ -825,7 +827,7 @@ class Project extends CommonObject
            $sql.= ", " . MAIN_DB_PREFIX . "element_contact as ec";
            $sql.= ", " . MAIN_DB_PREFIX . "c_type_contact as ctc";
        }
-        $sql.= " WHERE p.entity = " . $conf->entity;
+        $sql.= " WHERE p.entity IN (".getEntity('project').")";
        // Internal users must see project he is contact to even if project linked to a third party he can't see.
        //if ($socid || ! $user->rights->societe->client->voir)	$sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
        if ($socid > 0) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = " . $socid . ")";
--- a/htdocs/projet/fiche.php
+++ b/htdocs/projet/fiche.php
@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2004-2012 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2011 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by