diff --git a/dev/examples/zapier/package.json b/dev/examples/zapier/package.json index a9d519dec69..8852928771f 100644 --- a/dev/examples/zapier/package.json +++ b/dev/examples/zapier/package.json @@ -15,7 +15,7 @@ "npm": ">=5.6.0" }, "dependencies": { - "zapier-platform-core": "11.0.1" + "zapier-platform-core": "11.3.1" }, "devDependencies": { "mocha": "^5.2.0", diff --git a/htdocs/accountancy/expensereport/lines.php b/htdocs/accountancy/expensereport/lines.php index fb3bf1a6e04..ff7b9295693 100644 --- a/htdocs/accountancy/expensereport/lines.php +++ b/htdocs/accountancy/expensereport/lines.php @@ -1,6 +1,6 @@ - * Copyright (C) 2013-2017 Alexandre Spangaro + * Copyright (C) 2013-2022 Alexandre Spangaro * Copyright (C) 2014-2015 Ari Elbaz (elarifr) * Copyright (C) 2013-2016 Florian Henry * Copyright (C) 2014 Juanjo Menent @@ -26,8 +26,8 @@ */ require '../../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php'; require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingaccount.class.php'; require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php'; @@ -49,9 +49,14 @@ $search_desc = GETPOST('search_desc', 'alpha'); $search_amount = GETPOST('search_amount', 'alpha'); $search_account = GETPOST('search_account', 'alpha'); $search_vat = GETPOST('search_vat', 'alpha'); -$search_day = GETPOST("search_day", "int"); -$search_month = GETPOST("search_month", "int"); -$search_year = GETPOST("search_year", "int"); +$search_date_startday = GETPOST('search_date_startday', 'int'); +$search_date_startmonth = GETPOST('search_date_startmonth', 'int'); +$search_date_startyear = GETPOST('search_date_startyear', 'int'); +$search_date_endday = GETPOST('search_date_endday', 'int'); +$search_date_endmonth = GETPOST('search_date_endmonth', 'int'); +$search_date_endyear = GETPOST('search_date_endyear', 'int'); +$search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear); // Use tzserver +$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); @@ -61,9 +66,9 @@ $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("pa if (empty($page) || $page < 0) { $page = 0; } +$offset = $limit * $page; $pageprev = $page - 1; $pagenext = $page + 1; -$offset = $limit * $page; if (!$sortfield) { $sortfield = "erd.date, erd.rowid"; } @@ -101,9 +106,14 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x' $search_amount = ''; $search_account = ''; $search_vat = ''; - $search_day = ''; - $search_month = ''; - $search_year = ''; + $search_date_startday = ''; + $search_date_startmonth = ''; + $search_date_startyear = ''; + $search_date_endday = ''; + $search_date_endmonth = ''; + $search_date_endyear = ''; + $search_date_start = ''; + $search_date_end = ''; } if (is_array($changeaccount) && count($changeaccount) > 0 && $user->rights->accounting->bind->write) { @@ -204,7 +214,12 @@ if (strlen(trim($search_account))) { if (strlen(trim($search_vat))) { $sql .= natural_search("erd.tva_tx", price2num($search_vat), 1); } -$sql .= dolSqlDateFilter('erd.date', $search_day, $search_month, $search_year); +if ($search_date_start) { + $sql .= " AND erd.date >= '".$db->idate($search_date_start)."'"; +} +if ($search_date_end) { + $sql .= " AND erd.date <= '".$db->idate($search_date_end)."'"; +} $sql .= " AND er.entity IN (".getEntity('expensereport', 0).")"; // We don't share object for accountancy $sql .= $db->order($sortfield, $sortorder); @@ -222,9 +237,8 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { $sql .= $db->plimit($limit + 1, $offset); -dol_syslog('accountancy/expensereport/lines.php::list'); +dol_syslog("accountancy/expensereport/lines.php", LOG_DEBUG); $result = $db->query($sql); - if ($result) { $num_lines = $db->num_rows($result); $i = 0; @@ -254,14 +268,23 @@ if ($result) { if ($search_vat) { $param .= "&search_vat=".urlencode($search_vat); } - if ($search_day) { - $param .= '&search_day='.urlencode($search_day); + if ($search_date_startday) { + $param .= '&search_date_startday='.urlencode($search_date_startday); } - if ($search_month) { - $param .= '&search_month='.urlencode($search_month); + if ($search_date_startmonth) { + $param .= '&search_date_startmonth='.urlencode($search_date_startmonth); } - if ($search_year) { - $param .= '&search_year='.urlencode($search_year); + if ($search_date_startyear) { + $param .= '&search_date_startyear='.urlencode($search_date_startyear); + } + if ($search_date_endday) { + $param .= '&search_date_endday='.urlencode($search_date_endday); + } + if ($search_date_endmonth) { + $param .= '&search_date_endmonth='.urlencode($search_date_endmonth); + } + if ($search_date_endyear) { + $param .= '&search_date_endyear='.urlencode($search_date_endyear); } print '
'."\n"; @@ -276,12 +299,11 @@ if ($result) { print ''; print_barre_liste($langs->trans("ExpenseReportLinesDone"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num_lines, $nbtotalofrecords, 'title_accountancy', 0, '', '', $limit); - print ''.$langs->trans("DescVentilDoneExpenseReport").'
'; - print '
'.$langs->trans("ChangeAccount").'
'; + print '
'.$langs->trans("ChangeAccount").' '; print $formaccounting->select_account($account_parent, 'account_parent', 2, array(), 0, 0, 'maxwidth300 maxwidthonsmartphone valignmiddle'); - print '
'; + print '
'; $moreforfilter = ''; @@ -296,11 +318,12 @@ if ($result) { print ''; } print ''; - if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) { - print ''; - } - print ''; - $formother->select_year($search_year, 'search_year', 1, 20, 5); + print '
'; + print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')); + print '
'; + print '
'; + print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')); + print '
'; print ''; print ''; print ''; @@ -394,12 +417,11 @@ if ($result) { print ''.vatrate($objp->tva_tx.($objp->vat_src_code ? ' ('.$objp->vat_src_code.')' : '')).''; // Accounting account affected - print ''; + print ''; print $accountingaccountstatic->getNomUrl(0, 1, 1, '', 1); print ' '; print img_edit(); print ''; - print ''; print ""; diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php index 863001c3bc0..908159cbe1c 100644 --- a/htdocs/accountancy/expensereport/list.php +++ b/htdocs/accountancy/expensereport/list.php @@ -1,6 +1,6 @@ - * Copyright (C) 2013-2017 Alexandre Spangaro + * Copyright (C) 2013-2022 Alexandre Spangaro * Copyright (C) 2014-2015 Ari Elbaz (elarifr) * Copyright (C) 2013-2014 Florian Henry * Copyright (C) 2014 Juanjo Menent s @@ -30,9 +30,9 @@ require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php'; require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingaccount.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; // Load translation files required by the page @@ -59,9 +59,14 @@ $search_desc = GETPOST('search_desc', 'alpha'); $search_amount = GETPOST('search_amount', 'alpha'); $search_account = GETPOST('search_account', 'alpha'); $search_vat = GETPOST('search_vat', 'alpha'); -$search_day = GETPOST("search_day", "int"); -$search_month = GETPOST("search_month", "int"); -$search_year = GETPOST("search_year", "int"); +$search_date_startday = GETPOST('search_date_startday', 'int'); +$search_date_startmonth = GETPOST('search_date_startmonth', 'int'); +$search_date_startyear = GETPOST('search_date_startyear', 'int'); +$search_date_endday = GETPOST('search_date_endday', 'int'); +$search_date_endmonth = GETPOST('search_date_endmonth', 'int'); +$search_date_endyear = GETPOST('search_date_endyear', 'int'); +$search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear); // Use tzserver +$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); @@ -83,6 +88,9 @@ if (!$sortorder) { } } +// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context +$hookmanager->initHooks(array('accountancyexpensereportlist')); + $formaccounting = new FormAccounting($db); $accounting = new AccountingAccount($db); @@ -101,7 +109,7 @@ if (empty($user->rights->accounting->mouvements->lire)) { /* - * Action + * Actions */ if (GETPOST('cancel', 'alpha')) { @@ -111,30 +119,47 @@ if (!GETPOST('confirmmassaction', 'alpha') && $massaction != 'presend' && $massa $massaction = ''; } -// Purge search criteria -if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All test are required to be compatible with all browsers - $search_login = ''; - $search_expensereport = ''; - $search_label = ''; - $search_desc = ''; - $search_amount = ''; - $search_account = ''; - $search_vat = ''; - $search_day = ''; - $search_month = ''; - $search_year = ''; +$parameters = array(); +$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks +if ($reshook < 0) { + setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); } +if (empty($reshook)) { + // Purge search criteria + if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All test are required to be compatible with all browsers + $search_login = ''; + $search_expensereport = ''; + $search_label = ''; + $search_desc = ''; + $search_amount = ''; + $search_account = ''; + $search_vat = ''; + $search_date_startday = ''; + $search_date_startmonth = ''; + $search_date_startyear = ''; + $search_date_endday = ''; + $search_date_endmonth = ''; + $search_date_endyear = ''; + $search_date_start = ''; + $search_date_end = ''; + $search_country = ''; + $search_tvaintra = ''; + } + // Mass actions -$objectclass = 'ExpenseReport'; -$objectlabel = 'ExpenseReport'; -$permissiontoread = $user->rights->expensereport->read; -$permissiontodelete = $user->rights->expensereport->delete; -$uploaddir = $conf->expensereport->dir_output; -include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php'; + $objectclass = 'ExpenseReport'; + $objectlabel = 'ExpenseReport'; + $permissiontoread = $user->rights->expensereport->read; + $permissiontodelete = $user->rights->expensereport->delete; + $uploaddir = $conf->expensereport->dir_output; + include DOL_DOCUMENT_ROOT . '/core/actions_massactions.inc.php'; +} + if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $msg = ''; + //print '
' . $langs->trans("Processing") . '...
'; if (!empty($mesCasesCochees)) { $msg = '
'.$langs->trans("SelectedLines").': '.count($mesCasesCochees).'
'; @@ -159,7 +184,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); - dol_syslog('accountancy/expensereport/list.php', LOG_DEBUG); + dol_syslog('accountancy/expensereport/list.php:: sql='.$sql, LOG_DEBUG); if ($db->query($sql)) { $msg .= '
'.$langs->trans("LineOfExpenseReport").' '.$monId.' - '.$langs->trans("VentilatedinAccount").' : '.length_accountg($accountventilated->account_number).'
'; $ok++; @@ -201,6 +226,9 @@ $sql .= " erd.rowid, erd.fk_c_type_fees, erd.comments, erd.total_ht as price, er $sql .= " f.id as type_fees_id, f.code as type_fees_code, f.label as type_fees_label, f.accountancy_code as code_buy,"; $sql .= " u.rowid as userid, u.login, u.lastname, u.firstname, u.email, u.gender, u.employee, u.photo, u.statut,"; $sql .= " aa.rowid as aarowid"; +$parameters = array(); +$reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters); // Note that $action and $object may have been modified by hook +$sql .= $hookmanager->resPrint; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport as er"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."expensereport_det as erd ON er.rowid = erd.fk_expensereport"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_fees as f ON f.id = erd.fk_c_type_fees"; @@ -233,9 +261,19 @@ if (strlen(trim($search_account))) { if (strlen(trim($search_vat))) { $sql .= natural_search("erd.tva_tx", $search_vat, 1); } -$sql .= dolSqlDateFilter('erd.date', $search_day, $search_month, $search_year); +if ($search_date_start) { + $sql .= " AND erd.date >= '".$db->idate($search_date_start)."'"; +} +if ($search_date_end) { + $sql .= " AND erd.date <= '".$db->idate($search_date_end)."'"; +} $sql .= " AND er.entity IN (".getEntity('expensereport', 0).")"; // We don't share object for accountancy +// Add where from hooks +$parameters = array(); +$reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook +$sql .= $hookmanager->resPrint; + $sql .= $db->order($sortfield, $sortorder); // Count total nb of records @@ -251,7 +289,13 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { $sql .= $db->plimit($limit + 1, $offset); -dol_syslog('accountancy/expensereport/list.php'); +dol_syslog("accountancy/expensereport/list.php", LOG_DEBUG); +// MAX_JOIN_SIZE can be very low (ex: 300000) on some limited configurations (ex: https://www.online.net/fr/hosting/online-perso) +// This big SELECT command may exceed the MAX_JOIN_SIZE limit => Therefore we use SQL_BIG_SELECTS=1 to disable the MAX_JOIN_SIZE security +if ($db->type == 'mysqli') { + $db->query("SET SQL_BIG_SELECTS=1"); +} + $result = $db->query($sql); if ($result) { $num_lines = $db->num_rows($result); @@ -272,14 +316,23 @@ if ($result) { if ($search_lineid) { $param .= '&search_lineid='.urlencode($search_lineid); } - if ($search_day) { - $param .= '&search_day='.urlencode($search_day); + if ($search_date_startday) { + $param .= '&search_date_startday='.urlencode($search_date_startday); } - if ($search_month) { - $param .= '&search_month='.urlencode($search_month); + if ($search_date_startmonth) { + $param .= '&search_date_startmonth='.urlencode($search_date_startmonth); } - if ($search_year) { - $param .= '&search_year='.urlencode($search_year); + if ($search_date_startyear) { + $param .= '&search_date_startyear='.urlencode($search_date_startyear); + } + if ($search_date_endday) { + $param .= '&search_date_endday='.urlencode($search_date_endday); + } + if ($search_date_endmonth) { + $param .= '&search_date_endmonth='.urlencode($search_date_endmonth); + } + if ($search_date_endyear) { + $param .= '&search_date_endyear='.urlencode($search_date_endyear); } if ($search_expensereport) { $param .= '&search_expensereport='.urlencode($search_expensereport); @@ -302,7 +355,6 @@ if ($result) { ); $massactionbutton = $form->selectMassAction('ventil', $arrayofmassactions, 1); - print ''."\n"; print ''; if ($optioncss != '') { @@ -335,20 +387,21 @@ if ($result) { if (!empty($conf->global->ACCOUNTANCY_USE_EXPENSE_REPORT_VALIDATION_DATE)) { print ''; } - print ''; - if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) { - print ''; - } - print ''; - $formother->select_year($search_year, 'search_year', 1, 20, 5); + print ''; + print '
'; + print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')); + print '
'; + print '
'; + print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')); + print '
'; print ''; print ''; print ''; - print ''; - print ''; + print ''; + print ''; print ''; print ''; - print ''; + print ''; $searchpicto = $form->showFilterButtons(); print $searchpicto; print ''; @@ -468,6 +521,9 @@ if ($result) { } else { print $db->error(); } +if ($db->type == 'mysqli') { + $db->query("SET SQL_BIG_SELECTS=0"); // Enable MAX_JOIN_SIZE limitation +} // Add code to auto check the box when we select an account print ''."\n"; - } + if (!empty($conf->use_javascript_ajax)) { + $out .= ''."\n"; + $out .= ''."\n"; } } diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 68fe5152407..6e5c0a572d2 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -141,7 +141,7 @@ class Form } } } else { - if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { + if (empty($notabletag) && $perm) { $ret .= ''; } - if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { + if (empty($notabletag) && $perm) { $ret .= ''; } - if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { + if (empty($notabletag) && $perm) { $ret .= '
'; } if ($fieldrequired) { @@ -158,10 +158,10 @@ class Form if (!empty($notabletag)) { $ret .= ' '; } - if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { + if (empty($notabletag) && $perm) { $ret .= ''; } if ($htmlname && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { @@ -173,10 +173,10 @@ class Form if (!empty($notabletag) && $notabletag == 3) { $ret .= ' '; } - if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { + if (empty($notabletag) && $perm) { $ret .= '
'; } } diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php index a068f5fb5f5..6054b05aab3 100644 --- a/htdocs/core/lib/admin.lib.php +++ b/htdocs/core/lib/admin.lib.php @@ -320,6 +320,7 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle // Loop on each request to execute request $cursorinsert = 0; $listofinsertedrowid = array(); + $keyforsql = md5($sqlfile); foreach ($arraysql as $i => $sql) { if ($sql) { // Replace the prefix tables @@ -335,7 +336,7 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle // Add log of request if (!$silent) { - print ''.$langs->trans("Request").' '.($i + 1)." sql='".dol_htmlentities($newsql, ENT_NOQUOTES)."'\n"; + print ''.$langs->trans("Request").' '.($i + 1)." sql='".dol_htmlentities($newsql, ENT_NOQUOTES)."'\n"; } dol_syslog('Admin.lib::run_sql Request '.($i + 1), LOG_DEBUG); $sqlmodified = 0; @@ -454,18 +455,18 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle //if (!empty($conf->use_javascript_ajax)) { // use_javascript_ajax is not defined print ''; - print ' - '.$langs->trans("ShowHideDetails").''; + print ' - '.$langs->trans("ShowHideDetails").''; //} print ''."\n"; diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 60382cc4906..efde963d077 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -987,7 +987,7 @@ function dol_unescapefile($filename) */ function dolCheckVirus($src_file) { - global $conf; + global $conf, $db; if (!empty($conf->global->MAIN_ANTIVIRUS_COMMAND)) { if (!class_exists('AntiVir')) { @@ -2374,6 +2374,10 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, $accessallowed = 1; } $original_file = $conf->user->dir_output.'/'.$original_file; + } elseif (($modulepart == 'companylogo') && !empty($conf->mycompany->dir_output)) { + // Wrapping for users logos + $accessallowed = 1; + $original_file = $conf->mycompany->dir_output.'/logos/'.$original_file; } elseif ($modulepart == 'memberphoto' && !empty($conf->adherent->dir_output)) { // Wrapping for members photos $accessallowed = 0; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index aea77cd018d..3b0e90c9013 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -6582,16 +6582,18 @@ function dol_string_onlythesehtmlattributes($stringtoclean, $allowed_attributes } elseif (in_array($attrs->item($ii)->name, array('style'))) { $valuetoclean = $attrs->item($ii)->value; - do { - $oldvaluetoclean = $valuetoclean; - $valuetoclean = preg_replace('/\/\*.*\*\//m', '', $valuetoclean); // clean css comments - $valuetoclean = preg_replace('/position\s*:\s*[a-z]+/mi', '', $valuetoclean); - if ($els->item($i)->tagName == 'a') { // more paranoiac cleaning for clickable tags. - $valuetoclean = preg_replace('/display\s*://m', '', $valuetoclean); - $valuetoclean = preg_replace('/z-index\s*://m', '', $valuetoclean); - $valuetoclean = preg_replace('/\s+(top|left|right|bottom)\s*://m', '', $valuetoclean); - } - } while ($oldvaluetoclean != $valuetoclean); + if (isset($valuetoclean)) { + do { + $oldvaluetoclean = $valuetoclean; + $valuetoclean = preg_replace('/\/\*.*\*\//m', '', $valuetoclean); // clean css comments + $valuetoclean = preg_replace('/position\s*:\s*[a-z]+/mi', '', $valuetoclean); + if ($els->item($i)->tagName == 'a') { // more paranoiac cleaning for clickable tags. + $valuetoclean = preg_replace('/display\s*://m', '', $valuetoclean); + $valuetoclean = preg_replace('/z-index\s*://m', '', $valuetoclean); + $valuetoclean = preg_replace('/\s+(top|left|right|bottom)\s*://m', '', $valuetoclean); + } + } while ($oldvaluetoclean != $valuetoclean); + } $attrs->item($ii)->value = $valuetoclean; } diff --git a/htdocs/core/lib/website.lib.php b/htdocs/core/lib/website.lib.php index ea40cb2dd7e..138be225166 100644 --- a/htdocs/core/lib/website.lib.php +++ b/htdocs/core/lib/website.lib.php @@ -31,6 +31,8 @@ */ function dolStripPhpCode($str, $replacewith = '') { + $str = str_replace('trans("DynamicPHPCodeContainsAForbiddenInstruction", '$...('), null, 'errors'); + } if (!$error && empty($user->rights->website->writephp)) { if ($phpfullcodestringold != $phpfullcodestring) { diff --git a/htdocs/core/tpl/extrafields_view.tpl.php b/htdocs/core/tpl/extrafields_view.tpl.php index b5656c89339..8afa9a16ff0 100644 --- a/htdocs/core/tpl/extrafields_view.tpl.php +++ b/htdocs/core/tpl/extrafields_view.tpl.php @@ -125,14 +125,19 @@ if (empty($reshook) && isset($extrafields->attributes[$object->table_element]['l $lastseparatorkeyfound = $tmpkeyextra; } else { - print 'attributes[$object->table_element]['label'])) { print ' trextrafields_collapse_last'; } - print '">'; + print '"'; + if (empty($extrafields->expand_display[$collapse_group])) { + print ' style="display: none;"'; + } + print '>'; $extrafields_collapse_num_old = $extrafields_collapse_num; print ''; print ''; diff --git a/htdocs/fichinter/card.php b/htdocs/fichinter/card.php index a58a62b5ffd..a99a858adaf 100644 --- a/htdocs/fichinter/card.php +++ b/htdocs/fichinter/card.php @@ -265,9 +265,9 @@ if (empty($reshook)) { $error++; $action = 'create'; } - $array_options = $extrafields->getOptionalsFromPost($object->table_element); + //$array_options = $extrafields->getOptionalsFromPost($object->table_element); - $object->array_options = $array_options; + //$object->array_options = $array_options; $id = $object->create($user); diff --git a/htdocs/fourn/facture/contact.php b/htdocs/fourn/facture/contact.php index 927cc5f36b9..387e3fc39b8 100644 --- a/htdocs/fourn/facture/contact.php +++ b/htdocs/fourn/facture/contact.php @@ -46,6 +46,7 @@ if ($user->socid) { $socid = $user->socid; } $result = restrictedArea($user, 'fournisseur', $id, 'facture_fourn', 'facture'); +$hookmanager->initHooks(array('invoicesuppliercardcontact')); $object = new FactureFournisseur($db); diff --git a/htdocs/fourn/facture/document.php b/htdocs/fourn/facture/document.php index 34255541c01..e08449b376b 100644 --- a/htdocs/fourn/facture/document.php +++ b/htdocs/fourn/facture/document.php @@ -51,6 +51,7 @@ if ($user->socid) { $socid = $user->socid; } $result = restrictedArea($user, 'fournisseur', $id, 'facture_fourn', 'facture'); +$hookmanager->initHooks(array('invoicesuppliercarddocument')); // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; diff --git a/htdocs/fourn/facture/info.php b/htdocs/fourn/facture/info.php index f17d3c3e127..42031bc7fd9 100644 --- a/htdocs/fourn/facture/info.php +++ b/htdocs/fourn/facture/info.php @@ -44,6 +44,7 @@ if ($user->socid) { $socid = $user->socid; } $result = restrictedArea($user, 'fournisseur', $id, 'facture_fourn', 'facture'); +$hookmanager->initHooks(array('invoicesuppliercardinfo')); $object = new FactureFournisseur($db); diff --git a/htdocs/includes/tecnickcom/tcpdf/tcpdf.php b/htdocs/includes/tecnickcom/tcpdf/tcpdf.php index 7e12c501403..2601e7daba8 100644 --- a/htdocs/includes/tecnickcom/tcpdf/tcpdf.php +++ b/htdocs/includes/tecnickcom/tcpdf/tcpdf.php @@ -6881,6 +6881,11 @@ class TCPDF { // DOL CHANGE If we keep this, the image is not visible on pages after the first one. //var_dump($file.' '.(!@TCPDF_STATIC::file_exists($file))); //return false; + // try to encode spaces on filename + $tfile = str_replace(' ', '%20', $file); + if (@TCPDF_STATIC::file_exists($tfile)) { + $file = $tfile; + } } if (($imsize = @getimagesize($file)) === FALSE) { if (in_array($file, $this->imagekeys)) { diff --git a/htdocs/install/default.css b/htdocs/install/default.css index d18e54c0c1c..e7bbe6c7771 100644 --- a/htdocs/install/default.css +++ b/htdocs/install/default.css @@ -32,6 +32,10 @@ vertical-align: middle; } +.right { + text-align: right; +} + .opacitymedium { opacity: 0.5; } diff --git a/htdocs/install/mysql/migration/15.0.0-16.0.0.sql b/htdocs/install/mysql/migration/15.0.0-16.0.0.sql index bc038f99d37..03261a5fe62 100644 --- a/htdocs/install/mysql/migration/15.0.0-16.0.0.sql +++ b/htdocs/install/mysql/migration/15.0.0-16.0.0.sql @@ -246,4 +246,8 @@ create table llx_inventory_extrafields ) ENGINE=innodb; ALTER TABLE llx_inventory_extrafields ADD INDEX idx_inventory_extrafields (fk_object); + ALTER TABLE llx_reception MODIFY COLUMN ref_supplier varchar(128); + +ALTER TABLE llx_bank_account ADD COLUMN pti_in_ctti smallint DEFAULT 0 AFTER domiciliation; + diff --git a/htdocs/install/mysql/tables/llx_bank_account.sql b/htdocs/install/mysql/tables/llx_bank_account.sql index aed803cc7ea..d9713b66d38 100644 --- a/htdocs/install/mysql/tables/llx_bank_account.sql +++ b/htdocs/install/mysql/tables/llx_bank_account.sql @@ -42,6 +42,7 @@ create table llx_bank_account country_iban varchar(2), -- deprecated cle_iban varchar(2), domiciliation varchar(255), + pti_in_ctti smallint DEFAULT 0, state_id integer DEFAULT NULL, fk_pays integer NOT NULL, proprio varchar(60), diff --git a/htdocs/install/upgrade.php b/htdocs/install/upgrade.php index e58ae528f97..25dd1ee84fd 100644 --- a/htdocs/install/upgrade.php +++ b/htdocs/install/upgrade.php @@ -235,8 +235,12 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ // Force l'affichage de la progression if ($ok) { - print ''; + print ''; + print '
'.$langs->trans("PleaseBePatient").'
'.$langs->trans("PleaseBePatient").'
'; + flush(); + + print ''; } @@ -355,7 +359,7 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ // Scan if there is migration scripts that depends of Dolibarr version - // for modules htdocs/module/sql or htdocs/custom/module/sql (files called "dolibarr_x.y.z-a.b.c.sql") + // for modules htdocs/module/sql or htdocs/custom/module/sql (files called "dolibarr_x.y.z-a.b.c.sql" or "dolibarr_always.sql") $modulesfile = array(); foreach ($conf->file->dol_document_root as $type => $dirroot) { $handlemodule = @opendir($dirroot); // $dirroot may be '..' @@ -366,6 +370,9 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ if (is_file($dirroot.'/'.$filemodule.'/sql/dolibarr_'.$file)) { $modulesfile[$dirroot.'/'.$filemodule.'/sql/dolibarr_'.$file] = '/'.$filemodule.'/sql/dolibarr_'.$file; } + if (is_file($dirroot.'/'.$filemodule.'/sql/dolibarr_allversions.sql')) { + $modulesfile[$dirroot.'/'.$filemodule.'/sql/dolibarr_allversions.sql'] = '/'.$filemodule.'/sql/dolibarr_allversions.sql'; + } } } closedir($handlemodule); @@ -398,6 +405,7 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ } } + if (empty($actiondone)) { print '
'.$langs->trans("ErrorWrongParameters").'
'; } diff --git a/htdocs/langs/en_US/banks.lang b/htdocs/langs/en_US/banks.lang index f066877f676..2fc54eeceb3 100644 --- a/htdocs/langs/en_US/banks.lang +++ b/htdocs/langs/en_US/banks.lang @@ -182,3 +182,5 @@ IfYouDontReconcileDisableProperty=If you don't make the bank reconciliations on NoBankAccountDefined=No bank account defined NoRecordFoundIBankcAccount=No record found in bank account. Commonly, this occurs when a record has been deleted manually from the list of transaction in the bank account (for example during a reconciliation of the bank account). Another reason is that the payment was recorded when the module "%s" was disabled. AlreadyOneBankAccount=Already one bank account defined +SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformation=SEPA transfer: 'Payment Type' at 'Credit Transfer' level +SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformationHelp=SEPA XML: PaymentTypeInformation is mandatory and can now be placed at CreditTransferTransactionInformation level (instead of Payment level). We strongly recommend to place PaymentTypeInformation at Payment level, as all banks will not necessarily accept it at CreditTransferTransactionInformation level. Contact your bank before placing PaymentTypeInformation at CreditTransferTransactionInformation level. \ No newline at end of file diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 624c7bd6e73..9a9da452a44 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -97,15 +97,15 @@ function testSqlAndScriptInject($val, $type) //$val = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', 'realCharForNumericEntities', $val); // Sometimes we have entities without the ; at end so html_entity_decode does not work but entities is still interpreted by browser. $val = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', function ($m) { return realCharForNumericEntities($m); }, $val); + + // We clean string because some hacks try to obfuscate evil strings by inserting non printable chars. Example: 'java(ascci09)scr(ascii00)ipt' is processed like 'javascript' (whatever is place of evil ascii char) + // We should use dol_string_nounprintableascii but function is not yet loaded/available + $val = preg_replace('/[\x00-\x1F\x7F]/u', '', $val); // /u operator makes UTF8 valid characters being ignored so are not included into the replace + // We clean html comments because some hacks try to obfuscate evil strings by inserting HTML comments. Example: onerror=alert(1) + $val = preg_replace('//', '', $val); } while ($oldval != $val); //print "after decoding $val\n"; - // We clean string because some hacks try to obfuscate evil strings by inserting non printable chars. Example: 'java(ascci09)scr(ascii00)ipt' is processed like 'javascript' (whatever is place of evil ascii char) - // We should use dol_string_nounprintableascii but function is not yet loaded/available - $val = preg_replace('/[\x00-\x1F\x7F]/u', '', $val); // /u operator makes UTF8 valid characters being ignored so are not included into the replace - // We clean html comments because some hacks try to obfuscate evil strings by inserting HTML comments. Example: onerror=alert(1) - $val = preg_replace('//', '', $val); - $inj = 0; // For SQL Injection (only GET are used to scan for such injection strings) if ($type == 1 || $type == 3) { diff --git a/htdocs/modulebuilder/template/sql/dolibarr_allversions.sql b/htdocs/modulebuilder/template/sql/dolibarr_allversions.sql new file mode 100644 index 00000000000..5026bb4f5d8 --- /dev/null +++ b/htdocs/modulebuilder/template/sql/dolibarr_allversions.sql @@ -0,0 +1,3 @@ +-- +-- Script run when an upgrade of Dolibarr is done. Whatever is the Dolibarr version. +-- diff --git a/htdocs/modulebuilder/template/sql/update_x.x.x-y.y.y.sql b/htdocs/modulebuilder/template/sql/update_x.x.x-y.y.y.sql index 4ab8b39d548..2988bd71202 100644 --- a/htdocs/modulebuilder/template/sql/update_x.x.x-y.y.y.sql +++ b/htdocs/modulebuilder/template/sql/update_x.x.x-y.y.y.sql @@ -1,14 +1,4 @@ --- Copyright (C) ---Put here your own copyright and developer email--- -- --- This program is free software: you can redistribute it and/or modify --- it under the terms of the GNU General Public License as published by --- the Free Software Foundation, either version 3 of the License, or --- (at your option) any later version. +-- Script run to make a migration of module version x.x.x to module version y.y.y -- --- This program is distributed in the hope that it will be useful, --- but WITHOUT ANY WARRANTY; without even the implied warranty of --- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --- GNU General Public License for more details. --- --- You should have received a copy of the GNU General Public License --- along with this program. If not, see https://www.gnu.org/licenses/. + \ No newline at end of file diff --git a/htdocs/opensurvey/card.php b/htdocs/opensurvey/card.php index 3f822679350..bc018a2dda1 100644 --- a/htdocs/opensurvey/card.php +++ b/htdocs/opensurvey/card.php @@ -137,18 +137,18 @@ if (empty($reshook)) { if (GETPOST('ajoutcomment')) { $error = 0; - if (!GETPOST('comment')) { + if (!GETPOST('comment', "alphanohtml")) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Comment")), null, 'errors'); } - if (!GETPOST('commentuser')) { + if (!GETPOST('commentuser', "alphanohtml")) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("User")), null, 'errors'); } if (!$error) { - $comment = (string) GETPOST("comment", "restricthtml"); - $comment_user = (string) GETPOST('commentuser', "restricthtml"); + $comment = (string) GETPOST("comment", "alphanohtml"); + $comment_user = (string) GETPOST('commentuser', "alphanohtml"); $resql = $object->addComment($comment, $comment_user); @@ -422,7 +422,7 @@ print '
'; if ($object->allow_comments) { print $langs->trans("AddACommentForPoll").'
'; print '
'."\n"; - print $langs->trans("Name").': '."\n"; + print $langs->trans("Name").': '."\n"; print '
'."\n"; } diff --git a/htdocs/public/opensurvey/studs.php b/htdocs/public/opensurvey/studs.php index c14935d6708..a1c9efed6c3 100644 --- a/htdocs/public/opensurvey/studs.php +++ b/htdocs/public/opensurvey/studs.php @@ -79,8 +79,8 @@ if (GETPOST('ajoutcomment', 'alpha')) { $error = 0; - $comment = GETPOST("comment", 'restricthtml'); - $comment_user = GETPOST('commentuser', 'nohtml'); + $comment = GETPOST("comment", 'alphanohtml'); + $comment_user = GETPOST('commentuser', 'alphanohtml'); if (!$comment) { $error++; @@ -780,9 +780,9 @@ if ($comments) { if ($object->allow_comments) { print '
'.$langs->trans("AddACommentForPoll")."
\n"; - print '
'."\n"; + print '
'."\n"; print $langs->trans("Name").': '; - print '   '."\n"; + print '   '."\n"; print '
'."\n"; print ''."\n"; diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index da056ec33da..81ceb22b9c4 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -1604,11 +1604,11 @@ while ($i < min($num, $limit)) { } // VAT if (!empty($arrayfields['s.tva_intra']['checked'])) { - print "
\n"; if (!$i) { $totalarray['nbfield']++; diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index d3bb10b4929..74807d8f216 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -223,7 +223,7 @@ input { padding-left: 5px; } select { - padding-top: 5px; + padding-top: 4px; padding-right: 4px; padding-bottom: 5px; padding-left: 2px; @@ -550,6 +550,13 @@ div#moretabsList, div#moretabsListaction { hr { border: 0; border-top: 1px solid #ccc; } .tabBar hr { margin-top: 20px; margin-bottom: 17px; } + +table.tableforfield .button:not(.bordertransp):not(.buttonpayment), +table.tableforfield .buttonDelete:not(.bordertransp):not(.buttonpayment) { + margin-bottom: 2px; + margin-top: 2px; +} + .button:not(.bordertransp):not(.buttonpayment), .buttonDelete:not(.bordertransp):not(.buttonpayment) { margin-bottom: 3px; @@ -3495,11 +3502,10 @@ table.border, table.bordernooddeven, table.dataTable, .table-border, .table-bord table.borderplus { border: 1px solid #BBB; } -.border tbody tr, .bordernooddeven tbody tr, .border tbody tr td, .bordernooddeven tbody tr td, div.tabBar table.border tr, div.tabBar table.border tr td, div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border-col, div.tabBar div.border .table-val-border-col { - height: 22px; -} +.border tbody tr, .bordernooddeven tbody tr, .border tbody tr td, .bordernooddeven tbody tr td, +div.tabBar table.border tr, div.tabBar table.border tr td, div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border-col, div.tabBar div.border .table-val-border-col, tr.liste_titre.box_titre td table td, .bordernooddeven tr td { - height: 22px; + height: 28px; } div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border-col, div.tabBar .table-val-border-col { @@ -3507,17 +3513,15 @@ div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border } div .tdtop { vertical-align: top !important; - /*padding-top: 10px !important; - padding-bottom: 2px !important; */ } table.border td, table.bordernooddeven td, div.border div div.tagtd { - padding: 5px 2px 5px 2px; + padding: 2px 2px 2px 2px; border-collapse: collapse; } div.tabBar .fichecenter table.border>tbody>tr>td, div.tabBar .fichecenter div.border div div.tagtd, div.tabBar div.border div div.tagtd { - padding-top: 5px; + padding-top: 2px; border-bottom: 1px solid #E0E0E0; } @@ -7409,7 +7413,7 @@ div.clipboardCPValue.hidewithsize { } #divbodywebsite { - word-break: break-all; + word-break: break-word; } .websiteselectionsection { diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index 9fbcb48c32f..11e15869f45 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -730,6 +730,14 @@ div#moretabsList, div#moretabsListaction { } hr { border: 0; border-top: 1px solid #ccc; } +.tabBar hr { margin-top: 20px; margin-bottom: 17px; } + + +table.tableforfield .button:not(.bordertransp):not(.buttonpayment), +table.tableforfield .buttonDelete:not(.bordertransp):not(.buttonpayment) { + margin-bottom: 2px; + margin-top: 2px; +} .button:not(.bordertransp):not(.buttonpayment), .buttonDelete:not(.bordertransp):not(.buttonpayment) { border-color: #c5c5c5; @@ -3564,15 +3572,14 @@ table.borderplus { border: 1px solid #BBB; } -.border tbody tr, .bordernooddeven tbody tr, .border tbody tr td, .bordernooddeven tbody tr td, div.tabBar table.border tr, div.tabBar table.border tr td, div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border-col, div.tabBar div.border .table-val-border-col { - height: 26px; -} +.border tbody tr, .bordernooddeven tbody tr, .border tbody tr td, .bordernooddeven tbody tr td, +div.tabBar table.border tr, div.tabBar table.border tr td, div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border-col, div.tabBar div.border .table-val-border-col, tr.liste_titre.box_titre td table td, .bordernooddeven tr td { - height: 26px; + height: 28px; } table.border td, table.bordernooddeven td, div.border div div.tagtd { - padding: 4px 4px 4px 4px; + padding: 3px 4px 3px 4px; border: 1px solid #f0f0f0; border-collapse: collapse; } @@ -7230,7 +7237,7 @@ div.clipboardCPValue.hidewithsize { } #divbodywebsite { - word-break: break-all; + word-break: break-word; } .websiteselectionsection { diff --git a/htdocs/user/card.php b/htdocs/user/card.php index f9b92d36d72..de1ca3a5d92 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -402,12 +402,14 @@ if (empty($reshook)) { $object->civility_code = GETPOST("civility_code", 'aZ09'); $object->lastname = GETPOST("lastname", 'alphanohtml'); $object->firstname = GETPOST("firstname", 'alphanohtml'); - $object->login = GETPOST("login", 'alphanohtml'); $object->gender = GETPOST("gender", 'aZ09'); $object->pass = GETPOST("password", 'none'); // We can keep 'none' for password fields $object->api_key = (GETPOST("api_key", 'alphanohtml')) ? GETPOST("api_key", 'alphanohtml') : $object->api_key; - if (!empty($user->admin)) { - $object->admin = GETPOST("admin", "int"); // admin flag can only be set/unset by an admin user. A test is also done later when forging sql request + if (!empty($user->admin)) { // admin flag can only be set/unset by an admin user. A test is also done later when forging sql request + $object->admin = GETPOST("admin", "int"); + } + if ($user->admin && !$object->ldap_sid) { // same test than on edit page + $object->login = GETPOST("login", 'alphanohtml'); } $object->address = GETPOST('address', 'alphanohtml'); $object->zip = GETPOST('zipcode', 'alphanohtml'); @@ -1856,7 +1858,7 @@ if ($action == 'create' || $action == 'adduserldap') { print '
'.$langs->trans("ReinitPassword").'
'; } elseif ($caneditpassword && $object->login && !$object->ldap_sid && ((empty($conf->multicompany->enabled) && $object->entity == $user->entity) || !$user->entity || ($object->entity == $conf->entity) || ($conf->global->MULTICOMPANY_TRANSVERSE_MODE && $conf->entity == 1))) { - print '
'.$langs->trans("ReinitPassword").'
'; + print '
'.$langs->trans("ReinitPassword").'
'; } if ($object->statut == 0) { @@ -1864,7 +1866,7 @@ if ($action == 'create' || $action == 'adduserldap') { } elseif ($caneditpassword && $object->login && !$object->ldap_sid && ((empty($conf->multicompany->enabled) && $object->entity == $user->entity) || !$user->entity || ($object->entity == $conf->entity) || ($conf->global->MULTICOMPANY_TRANSVERSE_MODE && $conf->entity == 1))) { if ($object->email) { - print '
'.$langs->trans("SendNewPassword").'
'; + print '
'.$langs->trans("SendNewPassword").'
'; } else { print '
'.$langs->trans("SendNewPassword").'
'; } @@ -1879,7 +1881,7 @@ if ($action == 'create' || $action == 'adduserldap') { // Disable user if ($user->id <> $id && $candisableuser && $object->statut == 1 && ((empty($conf->multicompany->enabled) && $object->entity == $user->entity) || !$user->entity || ($object->entity == $conf->entity) || ($conf->global->MULTICOMPANY_TRANSVERSE_MODE && $conf->entity == 1))) { - print '
'.$langs->trans("DisableUser").'
'; + print '
'.$langs->trans("DisableUser").'
'; } else { if ($user->id == $id) { print '
'.$langs->trans("DisableUser").'
'; diff --git a/htdocs/website/index.php b/htdocs/website/index.php index 9d2de205f3a..5cf5f79935a 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -1406,9 +1406,13 @@ if ($action == 'updatecss' && $usercanedit) { } + $dataposted = trim(GETPOST('WEBSITE_HTML_HEADER', 'none')); + $dataposted = preg_replace(array('/\n*/ims', '/<\/html>\n*/ims'), array('', ''), $dataposted); + $dataposted = str_replace('\n";*/ - $htmlheadercontent .= preg_replace(array('/\n*/ims', '/<\/html>\n*/ims'), array('', ''), GETPOST('WEBSITE_HTML_HEADER', 'none')); + $htmlheadercontent .= $dataposted."\n"; /*$htmlheadercontent.= "\n".'"."\n";*/ - $htmlheadercontent = trim($htmlheadercontent)."\n"; - $result = dolSaveHtmlHeader($filehtmlheader, $htmlheadercontent); if (!$result) { $error++; @@ -1443,10 +1445,12 @@ if ($action == 'updatecss' && $usercanedit) { $error++; } + $dataposted = trim(GETPOST('WEBSITE_CSS_INLINE', 'none')); + $dataposted = str_replace('\n"; - $csscontent .= trim(GETPOST('WEBSITE_CSS_INLINE', 'none'))."\n"; + $csscontent .= $dataposted."\n"; $csscontent .= '\n"; - $jscontent .= trim(GETPOST('WEBSITE_JS_INLINE', 'none'))."\n"; + $jscontent .= $dataposted."\n"; $jscontent .= '\n";*/ - $robotcontent .= trim(GETPOST('WEBSITE_ROBOT', 'restricthtml'))."\n"; + $robotcontent .= $dataposted."\n"; /*$robotcontent.= "\n".'\n"; - $manifestjsoncontent .= trim(GETPOST('WEBSITE_MANIFEST_JSON', 'none'))."\n"; + $manifestjsoncontent .= $dataposted."\n"; $manifestjsoncontent .= '\n";*/ - $readmecontent .= trim(GETPOST('WEBSITE_README', 'restricthtml'))."\n"; + $readmecontent .= $dataposted."\n"; /*$readmecontent.= ' $val) { - var_dump($val); + //var_dump($val); if (!in_array($val[1], array( "'replacestring'", "'htmlheader'", "'WEBSITE_HTML_HEADER'", "'WEBSITE_CSS_INLINE'", "'WEBSITE_JS_INLINE'", "'WEBSITE_MANIFEST_JSON'", "'PAGE_CONTENT'", "'WEBSITE_README'", "'search_status'", '"mysqldump"', '"postgresqldump"', "'db_pass_root'", "'db_pass'", '"pass"', '"pass1"', '"pass2"', '"password"', "'password'", '"MAIN_MAIL_SMTPS_PW"'))) {
"; - print $obj->tva_intra; + print ''; if ($obj->tva_intra && !isValidVATID($companystatic)) { - print img_warning("BadVATNumber", '', ''); + print img_warning("BadVATNumber", '', 'pictofixedwidth'); } + print $obj->tva_intra; print "