diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 8fe5f5b0db4..b578a6f5b8a 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2568,7 +2568,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, $accessallowed=1; } $original_file=$conf->fournisseur->facture->dir_output.'/'.$original_file; - $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."facture_fourn WHERE facnumber='".$db->escape($refname)."' AND entity=".$conf->entity; + $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."facture_fourn WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity; } // Wrapping pour les rapport de paiements elseif ($modulepart == 'supplier_payment') diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index d96ce6cbd17..bae5741d4ea 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -2536,11 +2536,11 @@ elseif (! empty($object->id)) - if ($user->rights->fournisseur->commande->commander && $object->statut == 2 && $action == 'makeorder') + if ($user->rights->fournisseur->commande->commander && $object->statut == CommandeFournisseur::STATUS_ACCEPTED && $action == 'makeorder') { // Set status to ordered (action=commande) print ''."\n"; - print '
'; + print ''; print ''; print ''; @@ -2574,9 +2574,7 @@ elseif (! empty($object->id)) { print '
'; - /* - * Documents generes - */ + // Generated documents $comfournref = dol_sanitizeFileName($object->ref); $file = $conf->fournisseur->dir_output . '/commande/' . $comfournref . '/' . $comfournref . '.pdf'; $relativepath = $comfournref.'/'.$comfournref.'.pdf'; @@ -2594,10 +2592,10 @@ elseif (! empty($object->id)) print '
'; - if ($user->rights->fournisseur->commande->receptionner && ($object->statut == 3 || $object->statut == 4)) + if ($user->rights->fournisseur->commande->receptionner && ($object->statut == CommandeFournisseur::STATUS_ORDERSENT || $object->statut == CommandeFournisseur::STATUS_RECEIVED_PARTIALLY)) { // Set status to received (action=livraison) - print ''."\n"; + print ''."\n"; print ''; print ''; print ''; @@ -2610,7 +2608,7 @@ elseif (! empty($object->id)) print $form->selectDate($datepreselected, '', 1, 1, '', "commande", 1, 1); print "\n"; - print "".$langs->trans("Delivery")."\n"; + print ''.$langs->trans("Delivery")."\n"; $liv = array(); $liv[''] = ' '; $liv['tot'] = $langs->trans("CompleteOrNoMoreReceptionExpected");