From 77c335c5f36a45fb6343c9b38d2cacb4ca3e6e23 Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Wed, 23 Dec 2020 09:19:56 +0100 Subject: [PATCH 1/8] fix colspan balance accountanty --- htdocs/accountancy/bookkeeping/balance.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/accountancy/bookkeeping/balance.php b/htdocs/accountancy/bookkeeping/balance.php index 29e56cd4233..94a927d676c 100644 --- a/htdocs/accountancy/bookkeeping/balance.php +++ b/htdocs/accountancy/bookkeeping/balance.php @@ -302,7 +302,7 @@ if ($action != 'export_csv') { // Display a sub-total per account if ($displayed_account != "") { - print ''.$langs->trans("SubTotal").':'.price($sous_total_opening_balance).''.price($sous_total_debit).''.price($sous_total_credit).''.price(price2num($sous_total_credit - $sous_total_debit)).''; + print ''.$langs->trans("SubTotal").':'.price($sous_total_opening_balance).''.price($sous_total_debit).''.price($sous_total_credit).''.price(price2num($sous_total_credit - $sous_total_debit)).''; print " \n"; print ''; } From 7d1d58822589fde6947531260c1e850c08c08e3f Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Wed, 23 Dec 2020 23:48:45 +0100 Subject: [PATCH 2/8] fix service right problem for mass action --- htdocs/product/list.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/htdocs/product/list.php b/htdocs/product/list.php index d2f212df8da..50001d25026 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -240,6 +240,9 @@ $parameters = array(); $reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); +$rightskey = 'produit'; +if ($type == Product::TYPE_SERVICE) $rightskey = 'service'; + if (empty($reshook)) { // Selection of new fields @@ -275,8 +278,8 @@ if (empty($reshook)) if ((string) $search_type == '1') { $objectlabel = 'Services'; } if ((string) $search_type == '0') { $objectlabel = 'Products'; } - $permissiontoread = $user->rights->produit->lire; - $permissiontodelete = $user->rights->produit->supprimer; + $permissiontoread = $user->rights->{$rightskey}->lire; + $permissiontodelete = $user->rights->{$rightskey}->supprimer; $uploaddir = $conf->product->dir_output; include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php'; } @@ -507,8 +510,6 @@ if ($resql) //'builddoc'=>$langs->trans("PDFMerge"), //'presend'=>$langs->trans("SendByMail"), ); - $rightskey = 'produit'; - if ($type == Product::TYPE_SERVICE) $rightskey = 'service'; if ($user->rights->{$rightskey}->supprimer) $arrayofmassactions['predelete'] = "".$langs->trans("Delete"); if (in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array(); $massactionbutton = $form->selectMassAction('', $arrayofmassactions); From 60d8fb47199261c92c3ab416674bd70fdcc2157d Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Thu, 24 Dec 2020 00:48:48 +0100 Subject: [PATCH 3/8] fic porject mass action right --- htdocs/projet/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index 5c36044dcd1..9bb383e9803 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -436,7 +436,7 @@ $arrayofmassactions = array( ); //if($user->rights->societe->creer) $arrayofmassactions['createbills']=$langs->trans("CreateInvoiceForThisCustomer"); if ($user->rights->projet->creer) $arrayofmassactions['close'] = $langs->trans("Close"); -if ($user->rights->societe->supprimer) $arrayofmassactions['predelete'] = ''.$langs->trans("Delete"); +if ($user->rights->projet->supprimer) $arrayofmassactions['predelete'] = ''.$langs->trans("Delete"); if (in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array(); $massactionbutton = $form->selectMassAction('', $arrayofmassactions); From 5ff53691a5028927b25829728d90d8734f5a89a2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 27 Dec 2020 19:13:09 +0100 Subject: [PATCH 4/8] Fix migration --- htdocs/install/upgrade2.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index ba24cf3a496..3a2b8889d96 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -4332,6 +4332,14 @@ function migrate_reload_modules($db, $langs, $conf, $listofmodule = array(), $fo $mod->remove('noboxes'); $mod->init($reloadmode); } + } elseif ($moduletoreload == 'MAIN_MODULE_EXTERNALSITE') { + dolibarr_install_syslog("upgrade2::migrate_reload_modules Reactivate ExternalSite module"); + $res = @include_once DOL_DOCUMENT_ROOT.'/core/modules/modExternalSite.class.php'; + if ($res) { + $mod = new modExternalSite($db); + $mod->remove('noboxes'); + $mod->init($reloadmode); + } } elseif ($moduletoreload == 'MAIN_MODULE_SOCIETE') { dolibarr_install_syslog("upgrade2::migrate_reload_modules Reactivate Societe module"); $res = @include_once DOL_DOCUMENT_ROOT.'/core/modules/modSociete.class.php'; From 4ec78d029b24655c2e9d3eab4fb484f83a1e9df6 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 27 Dec 2020 19:21:37 +0100 Subject: [PATCH 5/8] Fix warning --- htdocs/core/modules/modCommande.class.php | 1 + htdocs/core/modules/modExpedition.class.php | 2 +- htdocs/core/modules/modFacture.class.php | 4 ++-- htdocs/core/modules/modPropale.class.php | 2 +- htdocs/core/modules/modReception.class.php | 2 +- 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/htdocs/core/modules/modCommande.class.php b/htdocs/core/modules/modCommande.class.php index 84a46c49d63..ac4d26725bc 100644 --- a/htdocs/core/modules/modCommande.class.php +++ b/htdocs/core/modules/modCommande.class.php @@ -263,6 +263,7 @@ class modCommande extends DolibarrModules $this->export_sql_end[$r] .= ' WHERE c.fk_soc = s.rowid AND c.rowid = cd.fk_commande'; $this->export_sql_end[$r] .= ' AND c.entity IN ('.getEntity('commande').')'; if (empty($user->rights->societe->client->voir)) $this->export_sql_end[$r] .= ' AND sc.fk_user = '.(empty($user) ? 0 : $user->id); + // Imports //-------- $r = 0; diff --git a/htdocs/core/modules/modExpedition.class.php b/htdocs/core/modules/modExpedition.class.php index 54fecd1a5af..c42cbeb0f8c 100644 --- a/htdocs/core/modules/modExpedition.class.php +++ b/htdocs/core/modules/modExpedition.class.php @@ -306,7 +306,7 @@ class modExpedition extends DolibarrModules } $this->export_sql_end[$r] .= ' WHERE c.fk_soc = s.rowid AND c.rowid = ed.fk_expedition AND ed.fk_origin_line = cd.rowid'; $this->export_sql_end[$r] .= ' AND c.entity IN ('.getEntity('expedition').')'; - if (empty($user->rights->societe->client->voir)) $this->export_sql_end[$r] .= ' AND sc.fk_user = '.$user->id; + if (empty($user->rights->societe->client->voir)) $this->export_sql_end[$r] .= ' AND sc.fk_user = '.(empty($user) ? 0 : $user->id); } diff --git a/htdocs/core/modules/modFacture.class.php b/htdocs/core/modules/modFacture.class.php index 8f4172112b5..9212fa1f7ce 100644 --- a/htdocs/core/modules/modFacture.class.php +++ b/htdocs/core/modules/modFacture.class.php @@ -291,7 +291,7 @@ class modFacture extends DolibarrModules $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product_extrafields as extra3 on p.rowid = extra3.fk_object'; $this->export_sql_end[$r] .= ' WHERE f.fk_soc = s.rowid AND f.rowid = fd.fk_facture'; $this->export_sql_end[$r] .= ' AND f.entity IN ('.getEntity('invoice').')'; - if (isset($user) && empty($user->rights->societe->client->voir)) $this->export_sql_end[$r] .= ' AND sc.fk_user = '.$user->id; + if (empty($user->rights->societe->client->voir)) $this->export_sql_end[$r] .= ' AND sc.fk_user = '.(empty($user) ? 0 : $user->id); $r++; @@ -371,7 +371,7 @@ class modFacture extends DolibarrModules $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON ba.rowid = b.fk_account'; $this->export_sql_end[$r] .= ' WHERE f.fk_soc = s.rowid'; $this->export_sql_end[$r] .= ' AND f.entity IN ('.getEntity('invoice').')'; - if (isset($user) && empty($user->rights->societe->client->voir)) $this->export_sql_end[$r] .= ' AND sc.fk_user = '.$user->id; + if (empty($user->rights->societe->client->voir)) $this->export_sql_end[$r] .= ' AND sc.fk_user = '.(empty($user) ? 0 : $user->id); $r++; } diff --git a/htdocs/core/modules/modPropale.class.php b/htdocs/core/modules/modPropale.class.php index f1de32bd1a9..c0ffa6f0811 100644 --- a/htdocs/core/modules/modPropale.class.php +++ b/htdocs/core/modules/modPropale.class.php @@ -254,7 +254,7 @@ class modPropale extends DolibarrModules $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product_extrafields as extra3 on p.rowid = extra3.fk_object'; $this->export_sql_end[$r] .= ' WHERE c.fk_soc = s.rowid AND c.rowid = cd.fk_propal'; $this->export_sql_end[$r] .= ' AND c.entity IN ('.getEntity('propal').')'; - if (empty($user->rights->societe->client->voir)) $this->export_sql_end[$r] .= ' AND sc.fk_user = '.$user->id; + if (empty($user->rights->societe->client->voir)) $this->export_sql_end[$r] .= ' AND sc.fk_user = '.(empty($user) ? 0 : $user->id); // Imports //-------- diff --git a/htdocs/core/modules/modReception.class.php b/htdocs/core/modules/modReception.class.php index f784d88a3da..8bebf949b6f 100644 --- a/htdocs/core/modules/modReception.class.php +++ b/htdocs/core/modules/modReception.class.php @@ -231,7 +231,7 @@ class modReception extends DolibarrModules } $this->export_sql_end[$r] .= ' WHERE c.fk_soc = s.rowid AND c.rowid = ed.fk_reception AND ed.fk_commandefourndet = cd.rowid'; $this->export_sql_end[$r] .= ' AND c.entity IN ('.getEntity('reception').')'; - if (empty($user->rights->societe->client->voir)) $this->export_sql_end[$r] .= ' AND sc.fk_user = '.$user->id; + if (empty($user->rights->societe->client->voir)) $this->export_sql_end[$r] .= ' AND sc.fk_user = '.(empty($user) ? 0 : $user->id); } From 5aae018a0bfd302f87c59d3f077b9c16a6b7b3d6 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 27 Dec 2020 19:33:07 +0100 Subject: [PATCH 6/8] Fix for php8 --- dev/dolibarr_changes.txt | 7 +++++++ htdocs/includes/nusoap/lib/nusoap.php | 6 ++++-- test/phpunit/WebservicesProductsTest.php | 2 +- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/dev/dolibarr_changes.txt b/dev/dolibarr_changes.txt index 5648381ff49..f3374c43234 100644 --- a/dev/dolibarr_changes.txt +++ b/dev/dolibarr_changes.txt @@ -50,6 +50,13 @@ Replace call to serialize_val with no bugged value * In all files, replace constructor names into __construct. Replace also parent::constructor_name with parent::__construct +* Line 4222 of file nusoap.php + + $rev = array(); + preg_match('/\$Revision: ([^ ]+)/', $this->revision, $rev); + $this->outgoing_headers[] = "X-SOAP-Server: $this->title/$this->version (".(isset($rev[1]) ? $rev[1] : '').")"; + + TCPDF: diff --git a/htdocs/includes/nusoap/lib/nusoap.php b/htdocs/includes/nusoap/lib/nusoap.php index a1fbd00051d..459f4aeb7b6 100644 --- a/htdocs/includes/nusoap/lib/nusoap.php +++ b/htdocs/includes/nusoap/lib/nusoap.php @@ -4219,8 +4219,10 @@ class nusoap_server extends nusoap_base { $payload .= $this->getDebugAsXMLComment(); } $this->outgoing_headers[] = "Server: $this->title Server v$this->version"; - preg_match('/\$Revisio' . 'n: ([^ ]+)/', $this->revision, $rev); - $this->outgoing_headers[] = "X-SOAP-Server: $this->title/$this->version (".$rev[1].")"; + // @CHANGE Fix for php8 + $rev = array(); + preg_match('/\$Revision: ([^ ]+)/', $this->revision, $rev); + $this->outgoing_headers[] = "X-SOAP-Server: $this->title/$this->version (".(isset($rev[1]) ? $rev[1] : '').")"; // Let the Web server decide about this //$this->outgoing_headers[] = "Connection: Close\r\n"; $payload = $this->getHTTPBody($payload); diff --git a/test/phpunit/WebservicesProductsTest.php b/test/phpunit/WebservicesProductsTest.php index 479fe5854de..b78650cc480 100644 --- a/test/phpunit/WebservicesProductsTest.php +++ b/test/phpunit/WebservicesProductsTest.php @@ -204,7 +204,7 @@ class WebservicesProductsTest extends PHPUnit\Framework\TestCase print $soapclient->response; print "\n"; } - + print var_export($result, true); print __METHOD__." count(result)=".(is_array($result) ? count($result) : '')."\n"; $this->assertEquals('OK', $result['result']['result_code']); From e89a410e59b8378bc6b0f76fe2fc00886e1e8e41 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 27 Dec 2020 20:33:07 +0100 Subject: [PATCH 7/8] Fix warning --- htdocs/product/class/product.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index c40ffd4e0a9..1c2eb2327d2 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -2651,14 +2651,14 @@ class Product extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd"; $sql .= ", ".MAIN_DB_PREFIX."commande as c"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; - if (!$user->rights->societe->client->voir && !$socid && !$forVirtualStock) { + if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.rowid = cd.fk_commande"; $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity($forVirtualStock && !empty($conf->global->STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE) ? 'stock' : 'commande').")"; $sql .= " AND cd.fk_product = ".$this->id; - if (!$user->rights->societe->client->voir && !$socid && !$forVirtualStock) { + if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid > 0) { From d1d4914684dfc4fbd1c2677ceaca17d1ba2aed97 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 27 Dec 2020 20:49:54 +0100 Subject: [PATCH 8/8] Sanitize data --- htdocs/ecm/file_card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/ecm/file_card.php b/htdocs/ecm/file_card.php index 496afbf8568..abd6209ac7a 100644 --- a/htdocs/ecm/file_card.php +++ b/htdocs/ecm/file_card.php @@ -65,7 +65,7 @@ if (!$section) dol_print_error('', 'Error, section parameter missing'); exit; } -$urlfile = GETPOST("urlfile"); +$urlfile = (string) dol_sanitizePathName(GETPOST("urlfile")); if (!$urlfile) { dol_print_error('', "ErrorParamNotDefined");