diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php index 4c4d44c3a6e..855571e834b 100644 --- a/htdocs/comm/action/document.php +++ b/htdocs/comm/action/document.php @@ -201,9 +201,9 @@ if ($object->id > 0) { // Date start print ''.$langs->trans("DateActionStart").''; if (!$object->fulldayevent) { - print dol_print_date($object->datep, 'dayhour'); + print dol_print_date($object->datep, 'dayhour', 'tzuser'); } else { - print dol_print_date($object->datep, 'day'); + print dol_print_date($object->datep, 'day', 'tzuser'); } if ($object->percentage == 0 && $object->datep && $object->datep < ($now - $delay_warning)) { print img_warning($langs->trans("Late")); @@ -214,9 +214,9 @@ if ($object->id > 0) { // Date end print ''.$langs->trans("DateActionEnd").''; if (!$object->fulldayevent) { - print dol_print_date($object->datef, 'dayhour'); + print dol_print_date($object->datef, 'dayhour', 'tzuser'); } else { - print dol_print_date($object->datef, 'day'); + print dol_print_date($object->datef, 'day', 'tzuser'); } if ($object->percentage > 0 && $object->percentage < 100 && $object->datef && $object->datef < ($now - $delay_warning)) { print img_warning($langs->trans("Late")); diff --git a/htdocs/compta/bank/account_statement_document.php b/htdocs/compta/bank/account_statement_document.php index 03209ad7673..0a979e01d39 100644 --- a/htdocs/compta/bank/account_statement_document.php +++ b/htdocs/compta/bank/account_statement_document.php @@ -120,6 +120,8 @@ if (GETPOST("rel") == 'prev') { $found = true; } +$permissiontoadd = $user->rights->banque->modifier; // Used by the include of actions_dellink.inc.php + /* * Actions diff --git a/htdocs/compta/bank/document.php b/htdocs/compta/bank/document.php index ec46002b031..7dce00005f3 100644 --- a/htdocs/compta/bank/document.php +++ b/htdocs/compta/bank/document.php @@ -74,6 +74,8 @@ if ($id > 0 || !empty($ref)) { $result = restrictedArea($user, 'banque', $object->id, 'bank_account', '', ''); +$permissiontoadd = $user->rights->banque->modifier; // Used by the include of actions_dellink.inc.php + /* * Actions diff --git a/htdocs/compta/bank/various_payment/document.php b/htdocs/compta/bank/various_payment/document.php index 5f55f4c2559..ad199caaf5a 100644 --- a/htdocs/compta/bank/various_payment/document.php +++ b/htdocs/compta/bank/various_payment/document.php @@ -69,6 +69,9 @@ $object->fetch($id, $ref); $upload_dir = $conf->bank->dir_output.'/'.dol_sanitizeFileName($object->id); $modulepart = 'banque'; +$permissiontoadd = $user->rights->banque->modifier; // Used by the include of actions_dellink.inc.php + + /* * Actions diff --git a/htdocs/compta/deplacement/document.php b/htdocs/compta/deplacement/document.php index cdb4b5f0f0f..2a16d6e4f49 100644 --- a/htdocs/compta/deplacement/document.php +++ b/htdocs/compta/deplacement/document.php @@ -42,12 +42,6 @@ $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); -// Security check -if ($user->socid) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'deplacement', $id, ''); - // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; @@ -74,6 +68,14 @@ $object->fetch($id, $ref); $upload_dir = $conf->deplacement->dir_output.'/'.dol_sanitizeFileName($object->ref); $modulepart = 'trip'; +// Security check +if ($user->socid) { + $socid = $user->socid; +} +$result = restrictedArea($user, 'deplacement', $id, ''); + +$permissiontoadd = $user->rights->deplacement->creer; // Used by the include of actions_dellink.inc.php + /* * Actions diff --git a/htdocs/compta/sociales/document.php b/htdocs/compta/sociales/document.php index 1fbfdfa296a..d0cf3a1f34c 100644 --- a/htdocs/compta/sociales/document.php +++ b/htdocs/compta/sociales/document.php @@ -78,6 +78,8 @@ if ($user->socid) { } $result = restrictedArea($user, 'tax', $object->id, 'chargesociales', 'charges'); +$permissiontoadd = $user->rights->tax->charges->creer; // Used by the include of actions_dellink.inc.php + /* * Actions diff --git a/htdocs/compta/tva/document.php b/htdocs/compta/tva/document.php index e2f0dcec96d..67de87d0c21 100644 --- a/htdocs/compta/tva/document.php +++ b/htdocs/compta/tva/document.php @@ -79,6 +79,8 @@ if ($user->socid) { } $result = restrictedArea($user, 'tax', '', 'tva', 'charges'); +$permissiontoadd = $user->rights->tax->charges->creer; // Used by the include of actions_dellink.inc.php + /* * Actions @@ -86,7 +88,7 @@ $result = restrictedArea($user, 'tax', '', 'tva', 'charges'); include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; -if ($action == 'setlib' && $user->rights->tax->charges->creer) { +if ($action == 'setlib' && $permissiontoadd) { $object->fetch($id); $result = $object->setValueFrom('label', GETPOST('lib', 'alpha'), '', '', 'text', '', $user, 'TAX_MODIFY'); if ($result < 0) { diff --git a/htdocs/contact/document.php b/htdocs/contact/document.php index 3005c6b7827..1870e7b8d9c 100644 --- a/htdocs/contact/document.php +++ b/htdocs/contact/document.php @@ -49,12 +49,6 @@ if (!empty($canvas)) { $objcanvas->getCanvas('contact', 'contactcard', $canvas); } -// Security check -if ($user->socid) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', 0); // If we create a contact with no company (shared contacts), no check on write permission - // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); @@ -91,6 +85,15 @@ $modulepart = 'contact'; // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('contactdocument')); +// Security check +if ($user->socid) { + $socid = $user->socid; +} +$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', 0); // If we create a contact with no company (shared contacts), no check on write permission + +$permissiontoadd = $user->rights->societe->contact->creer; // Used by the include of actions_dellink.inc.php + + /* * Actions */ diff --git a/htdocs/contrat/document.php b/htdocs/contrat/document.php index 690b5432a1b..c54823ee142 100644 --- a/htdocs/contrat/document.php +++ b/htdocs/contrat/document.php @@ -84,6 +84,8 @@ $modulepart = 'contract'; // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('contractcard', 'globalcard')); +$permissiontoadd = $user->rights->contrat->creer; // Used by the include of actions_dellink.inc.php + /* * Actions diff --git a/htdocs/core/actions_linkedfiles.inc.php b/htdocs/core/actions_linkedfiles.inc.php index ad9ca441e8a..86d4e923131 100644 --- a/htdocs/core/actions_linkedfiles.inc.php +++ b/htdocs/core/actions_linkedfiles.inc.php @@ -36,8 +36,19 @@ if (GETPOST('uploadform', 'int') && empty($_POST) && empty($_FILES)) { die; } +if ((GETPOST('sendit', 'alpha') + || GETPOST('linkit', 'restricthtml') + || ($action == 'confirm_deletefile' && $confirm == 'yes') + || ($action == 'confirm_updateline' && GETPOST('save', 'alpha') && GETPOST('link', 'alpha')) + || ($action == 'renamefile' && GETPOST('renamefilesave', 'alpha'))) && empty($permissiontoadd)) { + dol_syslog('The file actions_linkedfiles.inc.php was included but paramater $permissiontoadd as not set before.'); + print 'The file actions_linkedfiles.inc.php was included but paramater $permissiontoadd as not set before.'; + die; +} + + // Submit file/link -if (GETPOST('sendit', 'alpha') && !empty($conf->global->MAIN_UPLOAD_DOC) && (!isset($permissiontoadd) || $permissiontoadd)) { +if (GETPOST('sendit', 'alpha') && !empty($conf->global->MAIN_UPLOAD_DOC) && !empty($permissiontoadd)) { if (!empty($_FILES)) { if (is_array($_FILES['userfile']['tmp_name'])) { $userfiles = $_FILES['userfile']['tmp_name']; @@ -75,7 +86,7 @@ if (GETPOST('sendit', 'alpha') && !empty($conf->global->MAIN_UPLOAD_DOC) && (!is } } } -} elseif (GETPOST('linkit', 'restricthtml') && !empty($conf->global->MAIN_UPLOAD_DOC) && (!isset($permissiontoadd) || $permissiontoadd)) { +} elseif (GETPOST('linkit', 'restricthtml') && !empty($conf->global->MAIN_UPLOAD_DOC) && !empty($permissiontoadd)) { $link = GETPOST('link', 'alpha'); if ($link) { if (substr($link, 0, 7) != 'http://' && substr($link, 0, 8) != 'https://' && substr($link, 0, 7) != 'file://' && substr($link, 0, 7) != 'davs://') { @@ -87,7 +98,7 @@ if (GETPOST('sendit', 'alpha') && !empty($conf->global->MAIN_UPLOAD_DOC) && (!is // Delete file/link -if ($action == 'confirm_deletefile' && $confirm == 'yes' && (!isset($permissiontoadd) || $permissiontoadd)) { +if ($action == 'confirm_deletefile' && $confirm == 'yes' && !empty($permissiontoadd)) { $urlfile = GETPOST('urlfile', 'alpha', 0, null, null, 1); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). if (GETPOST('section', 'alpha')) { // For a delete from the ECM module, upload_dir is ECM root dir and urlfile contains relative path from upload_dir @@ -158,7 +169,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes' && (!isset($permissiont exit; } } -} elseif ($action == 'confirm_updateline' && GETPOST('save', 'alpha') && GETPOST('link', 'alpha') && (!isset($permissiontoadd) || $permissiontoadd)) { +} elseif ($action == 'confirm_updateline' && GETPOST('save', 'alpha') && GETPOST('link', 'alpha') && !empty($permissiontoadd)) { require_once DOL_DOCUMENT_ROOT.'/core/class/link.class.php'; $langs->load('link'); $link = new Link($db); @@ -176,7 +187,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes' && (!isset($permissiont } else { //error fetching } -} elseif ($action == 'renamefile' && GETPOST('renamefilesave', 'alpha') && (!isset($permissiontoadd) || $permissiontoadd)) { +} elseif ($action == 'renamefile' && GETPOST('renamefilesave', 'alpha') && !empty($permissiontoadd)) { // For documents pages, upload_dir contains already path to file from module dir, so we clean path into urlfile. if (!empty($upload_dir)) { $filenamefrom = dol_sanitizeFileName(GETPOST('renamefilefrom', 'alpha'), '_', 0); // Do not remove accents diff --git a/htdocs/core/ajax/ajaxdirpreview.php b/htdocs/core/ajax/ajaxdirpreview.php index 2a42d4a3d00..f46c1051c53 100644 --- a/htdocs/core/ajax/ajaxdirpreview.php +++ b/htdocs/core/ajax/ajaxdirpreview.php @@ -205,12 +205,14 @@ if ($type == 'directory') { 'product', 'tax', 'project', + 'project_task', 'fichinter', 'user', 'expensereport', 'holiday', 'recruitment-recruitmentcandidature', 'banque', + 'chequereceipt', 'mrp-mo' ); @@ -243,6 +245,8 @@ if ($type == 'directory') { $upload_dir = $conf->tax->dir_output; } elseif ($module == 'project') { $upload_dir = $conf->projet->dir_output; + } elseif ($module == 'project_task') { + $upload_dir = $conf->projet->dir_output; } elseif ($module == 'fichinter') { $upload_dir = $conf->ficheinter->dir_output; } elseif ($module == 'user') { @@ -255,8 +259,10 @@ if ($type == 'directory') { $upload_dir = $conf->recruitment->dir_output.'/recruitmentcandidature'; } elseif ($module == 'banque') { $upload_dir = $conf->bank->dir_output; + } elseif ($module == 'chequereceipt') { + $upload_dir = $conf->bank->dir_output.'/checkdeposits'; } elseif ($module == 'mrp-mo') { - $upload_dir = $conf->mrp->dir_output.'/mo'; + $upload_dir = $conf->mrp->dir_output; } else { $parameters = array('modulepart'=>$module); $reshook = $hookmanager->executeHooks('addSectionECMAuto', $parameters); diff --git a/htdocs/core/bookmarks_page.php b/htdocs/core/bookmarks_page.php new file mode 100644 index 00000000000..05ae866463f --- /dev/null +++ b/htdocs/core/bookmarks_page.php @@ -0,0 +1,126 @@ + + * + * This file is a modified version of datepicker.php from phpBSM to fix some + * bugs, to add new features and to dramatically increase speed. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/** + * \file htdocs/core/bookmarks_page.php + * \brief File to return a page with the complete list of bookmarks (all search input fields) + */ + +//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1'); // Not disabled cause need to load personalized language +//if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1'); // Not disabled cause need to load personalized language +//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); +//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); // Not disabled cause need to do translations +if (!defined('NOCSRFCHECK')) { + define('NOCSRFCHECK', 1); +} +if (!defined('NOTOKENRENEWAL')) { + define('NOTOKENRENEWAL', 1); +} +//if (! defined('NOLOGIN')) define('NOLOGIN',1); // Not disabled cause need to load personalized language +if (!defined('NOREQUIREMENU')) { + define('NOREQUIREMENU', 1); +} +//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML',1); + +require_once '../main.inc.php'; + +if (GETPOST('lang', 'aZ09')) { + $langs->setDefaultLang(GETPOST('lang', 'aZ09')); // If language was forced on URL by the main.inc.php +} + +$langs->load("main"); + +$right = ($langs->trans("DIRECTION") == 'rtl' ? 'left' : 'right'); +$left = ($langs->trans("DIRECTION") == 'rtl' ? 'right' : 'left'); + + +/* + * View + */ + +$title = $langs->trans("Bookmarks"); + +// URL http://mydolibarr/core/search_page?dol_use_jmobile=1 can be used for tests +$head = ''."\n"; +$arrayofjs = array(); +$arrayofcss = array(); +top_htmlhead($head, $title, 0, 0, $arrayofjs, $arrayofcss); + + + +print ''."\n"; +print '
'; +//print '
'; + +$nbofsearch = 0; + +// Instantiate hooks of thirdparty module +$hookmanager->initHooks(array('bookmarks')); + +// Define $bookmarks +$bookmarks = ''; + + +$arrayresult = array(); +//include DOL_DOCUMENT_ROOT.'/core/ajax/selectsearchbox.php'; + +$i = 0; +$accesskeyalreadyassigned = array(); +foreach ($arrayresult as $key => $val) { + $tmp = explode('?', $val['url']); + $urlaction = $tmp[0]; + $keysearch = 'search_all'; + + $accesskey = ''; + if (!$accesskeyalreadyassigned[$val['label'][0]]) { + $accesskey = $val['label'][0]; + $accesskeyalreadyassigned[$accesskey] = $accesskey; + } + + //$bookmarks .= printSearchForm($urlaction, $urlaction, $val['label'], 'minwidth200', $keysearch, $accesskey, $key, $val['img'], $showtitlebefore, ($i > 0 ? 0 : 1)); + + $i++; +} + + +// Execute hook printSearchForm +$parameters = array('bookmarks'=>$bookmarks); +$reshook = $hookmanager->executeHooks('printBookmarks', $parameters); // Note that $action and $object may have been modified by some hooks +if (empty($reshook)) { + $bookmarks .= $hookmanager->resPrint; +} else { + $bookmarks = $hookmanager->resPrint; +} + + +print "\n"; +print "\n"; +print '
'; +print ''; +print '
'."\n"; +print $bookmarks; +print '
'."\n"; +print '
'; +print "\n\n"; + +print '
'; +print ''."\n"; + +$db->close(); diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index 1bd622d173f..d313d91f505 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -1678,6 +1678,9 @@ class FormFile } elseif ($modulepart == 'project') { include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; $object_instance = new Project($this->db); + } elseif ($modulepart == 'project_task') { + include_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php'; + $object_instance = new Task($this->db); } elseif ($modulepart == 'fichinter') { include_once DOL_DOCUMENT_ROOT.'/fichinter/class/fichinter.class.php'; $object_instance = new Fichinter($this->db); @@ -1696,6 +1699,9 @@ class FormFile } elseif ($modulepart == 'banque') { include_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; $object_instance = new Account($this->db); + } elseif ($modulepart == 'chequereceipt') { + include_once DOL_DOCUMENT_ROOT.'/compta/paiement/cheque/class/remisecheque.class.php'; + $object_instance = new RemiseCheque($this->db); } elseif ($modulepart == 'mrp-mo') { include_once DOL_DOCUMENT_ROOT.'/mrp/class/mo.class.php'; $object_instance = new Mo($this->db); @@ -1750,14 +1756,19 @@ class FormFile $id = (isset($reg[1]) ? $reg[1] : ''); } elseif ($modulepart == 'invoice_supplier') { preg_match('/([^\/]+)\/[^\/]+$/', $relativefile, $reg); - $ref = (isset($reg[1]) ? $reg[1] : ''); if (is_numeric($ref)) { + $ref = (isset($reg[1]) ? $reg[1] : ''); + if (is_numeric($ref)) { $id = $ref; $ref = ''; } - } elseif ($modulepart == 'user' || $modulepart == 'holiday') { + } elseif ($modulepart == 'user') { // $ref may be also id with old supplier invoices preg_match('/(.*)\/[^\/]+$/', $relativefile, $reg); $id = (isset($reg[1]) ? $reg[1] : ''); + } elseif ($modulepart == 'project_task') { + // $ref of task is the sub-directory of the project + $reg = explode("/", $relativefile); + $ref = (isset($reg[1]) ? $reg[1] : ''); } elseif (in_array($modulepart, array( 'invoice', 'propal', @@ -1767,11 +1778,14 @@ class FormFile 'contract', 'product', 'project', + 'project_task', 'fichinter', 'expensereport', 'recruitment-recruitmentcandidature', 'mrp-mo', - 'banque'))) { + 'banque', + 'chequereceipt', + 'holiday'))) { preg_match('/(.*)\/[^\/]+$/', $relativefile, $reg); $ref = (isset($reg[1]) ? $reg[1] : ''); } else { diff --git a/htdocs/core/js/lib_foot.js.php b/htdocs/core/js/lib_foot.js.php index 1de4fef0176..997132ca132 100644 --- a/htdocs/core/js/lib_foot.js.php +++ b/htdocs/core/js/lib_foot.js.php @@ -258,12 +258,12 @@ print ' window.getSelection().removeAllRanges(); /* Show message */ - var lastchild = this.parentNode.lastChild; + var lastchild = this.parentNode.lastChild; /* .parentNode is clipboardCP and last child is clipboardCPText */ var tmp = lastchild.innerHTML if (succeed) { - lastchild.innerHTML = \''.dol_escape_js($langs->trans('CopiedToClipboard')).'\'; + lastchild.innerHTML = \'
'.dol_escape_js($langs->trans('CopiedToClipboard')).'
\'; } else { - lastchild.innerHTML = \''.dol_escape_js($langs->trans('Error')).'\'; + lastchild.innerHTML = \'
'.dol_escape_js($langs->trans('Error')).'
\'; } setTimeout(() => { lastchild.innerHTML = tmp; }, 1000); }); diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 46d225e43f5..5f014ce3d48 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -10522,9 +10522,9 @@ function showValueWithClipboardCPButton($valuetocopy, $showonlyonhover = 1, $tex $tag = 'span'; // Using div does not work when using the js copy code. if ($texttoshow) { - $result = '<'.$tag.' class="clipboardCPValue hidewithsize">'.dol_escape_htmltag($valuetocopy, 1, 1).''.dol_escape_htmltag($texttoshow, 1, 1).''; + $result = '<'.$tag.' class="clipboardCPValue hidewithsize">'.dol_escape_htmltag($valuetocopy, 1, 1).''.dol_escape_htmltag($texttoshow, 1, 1).''; } else { - $result = '<'.$tag.' class="clipboardCPValue">'.dol_escape_htmltag($valuetocopy, 1, 1).''; + $result = '<'.$tag.' class="clipboardCPValue">'.dol_escape_htmltag($valuetocopy, 1, 1).''; } return $result; diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index e6d2d2aa74f..6cc4650bea4 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -364,7 +364,7 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f // Check write permission from module (we need to know write permission to create but also to delete drafts record or to upload files) $createok = 1; $nbko = 0; - $wemustcheckpermissionforcreate = (GETPOST('sendit', 'alpha') || GETPOST('linkit', 'alpha') || GETPOST('action', 'aZ09') == 'create' || GETPOST('action', 'aZ09') == 'update') || GETPOST('roworder', 'alpha', 2); + $wemustcheckpermissionforcreate = (GETPOST('sendit', 'alpha') || GETPOST('linkit', 'alpha') || in_array(GETPOST('action', 'aZ09'), array('create', 'update', 'add_element_resource', 'confirm_delete_linked_resource')) || GETPOST('roworder', 'alpha', 2)); $wemustcheckpermissionfordeletedraft = ((GETPOST("action", "aZ09") == 'confirm_delete' && GETPOST("confirm", "aZ09") == 'yes') || GETPOST("action", "aZ09") == 'delete'); if ($wemustcheckpermissionforcreate || $wemustcheckpermissionfordeletedraft) { diff --git a/htdocs/core/modules/modPropale.class.php b/htdocs/core/modules/modPropale.class.php index b46671eae01..1374e70d6d4 100644 --- a/htdocs/core/modules/modPropale.class.php +++ b/htdocs/core/modules/modPropale.class.php @@ -23,7 +23,7 @@ /** * \defgroup propale Module commercial proposals - * \brief Module pour gerer la tenue de propositions commerciales + * \brief Module to manage commercial proposals * \file htdocs/core/modules/modPropale.class.php * \ingroup propale * \brief Description and activation file for the module customer proposal @@ -36,7 +36,6 @@ include_once DOL_DOCUMENT_ROOT.'/core/modules/DolibarrModules.class.php'; */ class modPropale extends DolibarrModules { - /** * Constructor. Define names, constants, directories, boxes, permissions * diff --git a/htdocs/core/tpl/admin_extrafields_view.tpl.php b/htdocs/core/tpl/admin_extrafields_view.tpl.php index 6750cc0b1a5..0c1d34efa08 100644 --- a/htdocs/core/tpl/admin_extrafields_view.tpl.php +++ b/htdocs/core/tpl/admin_extrafields_view.tpl.php @@ -93,7 +93,10 @@ if (isset($extrafields->attributes[$elementtype]['type']) && is_array($extrafiel // Key print "".dol_escape_htmltag($key)."\n"; // Type - print "".dol_escape_htmltag($type2label[$extrafields->attributes[$elementtype]['type'][$key]])."\n"; + $typetoshow = $type2label[$extrafields->attributes[$elementtype]['type'][$key]]; + print ''; + print dol_escape_htmltag($typetoshow); + print "\n"; // Size print ''.dol_escape_htmltag($extrafields->attributes[$elementtype]['size'][$key])."\n"; // Computed field diff --git a/htdocs/core/tpl/extrafields_list_print_fields.tpl.php b/htdocs/core/tpl/extrafields_list_print_fields.tpl.php index 1ee212ec68d..80d6cd7da56 100644 --- a/htdocs/core/tpl/extrafields_list_print_fields.tpl.php +++ b/htdocs/core/tpl/extrafields_list_print_fields.tpl.php @@ -19,13 +19,8 @@ if (!empty($extrafieldsobjectkey) && !empty($extrafields->attributes[$extrafield foreach ($extrafields->attributes[$extrafieldsobjectkey]['label'] as $key => $val) { if (!empty($arrayfields[$extrafieldsobjectprefix.$key]['checked'])) { - $align = $extrafields->getAlignFlag($key, $extrafieldsobjectkey); - print ''; + $cssclass = $extrafields->getAlignFlag($key, $extrafieldsobjectkey); + $tmpkey = 'options_'.$key; if (in_array($extrafields->attributes[$extrafieldsobjectkey]['type'][$key], array('date', 'datetime', 'timestamp')) && !is_numeric($obj->$tmpkey)) { @@ -47,8 +42,16 @@ if (!empty($extrafieldsobjectkey) && !empty($extrafields->attributes[$extrafield //var_dump($value); } - print $extrafields->showOutputField($key, $value, '', $extrafieldsobjectkey); + $valuetoshow = $extrafields->showOutputField($key, $value, '', $extrafieldsobjectkey); + $title = dol_string_nohtmltag($valuetoshow); + + print ''; + print $valuetoshow; print ''; + if (!$i) { if (empty($totalarray)) { $totalarray['nbfield'] = 0; diff --git a/htdocs/delivery/class/delivery.class.php b/htdocs/delivery/class/delivery.class.php index 8183523b2c1..8937de62fdf 100644 --- a/htdocs/delivery/class/delivery.class.php +++ b/htdocs/delivery/class/delivery.class.php @@ -262,10 +262,10 @@ class Delivery extends CommonObject * @param string $qty Quantity * @param string $fk_product Id of predefined product * @param string $description Description - * @param int $array_options Array options + * @param array $array_options Array options * @return int <0 if KO, >0 if OK */ - public function create_line($origin_id, $qty, $fk_product, $description, $array_options = 0) + public function create_line($origin_id, $qty, $fk_product, $description, $array_options = null) { // phpcs:enable $error = 0; @@ -601,12 +601,12 @@ class Delivery extends CommonObject /** * Add line * - * @param int $origin_id Origin id - * @param int $qty Qty - * @param int $array_options Array options + * @param int $origin_id Origin id + * @param int $qty Qty + * @param array $array_options Array options * @return void */ - public function addline($origin_id, $qty, $array_options = 0) + public function addline($origin_id, $qty, $array_options = null) { global $conf; diff --git a/htdocs/don/document.php b/htdocs/don/document.php index 52e33a26cb4..51227a07ef4 100644 --- a/htdocs/don/document.php +++ b/htdocs/don/document.php @@ -80,6 +80,8 @@ $object->fetch($id, $ref); $upload_dir = $conf->don->dir_output.'/'.get_exdir($filename, 0, 0, 0, $object, 'donation').'/'.dol_sanitizeFileName($object->ref); $modulepart = 'don'; +$permissiontoadd = $user->rights->don->creer; // Used by the include of actions_dellink.inc.php + /* * Actions diff --git a/htdocs/ecm/index_auto.php b/htdocs/ecm/index_auto.php index e737d1b62a2..1310936ca83 100644 --- a/htdocs/ecm/index_auto.php +++ b/htdocs/ecm/index_auto.php @@ -341,6 +341,7 @@ if (!empty($conf->global->ECM_AUTO_TREE_ENABLED)) { } if (!empty($conf->projet->enabled)) { $rowspan++; $sectionauto[] = array('level'=>1, 'module'=>'project', 'test'=>$conf->projet->enabled, 'label'=>$langs->trans("Projects"), 'desc'=>$langs->trans("ECMDocsBy", $langs->transnoentitiesnoconv("Projects"))); + $rowspan++; $sectionauto[] = array('level'=>1, 'module'=>'project_task', 'test'=>$conf->projet->enabled, 'label'=>$langs->trans("Tasks"), 'desc'=>$langs->trans("ECMDocsBy", $langs->transnoentitiesnoconv("Tasks"))); } if (!empty($conf->ficheinter->enabled)) { $langs->load("interventions"); $rowspan++; $sectionauto[] = array('level'=>1, 'module'=>'fichinter', 'test'=>$conf->ficheinter->enabled, 'label'=>$langs->trans("Interventions"), 'desc'=>$langs->trans("ECMDocsBy", $langs->transnoentitiesnoconv("Interventions"))); @@ -353,6 +354,7 @@ if (!empty($conf->global->ECM_AUTO_TREE_ENABLED)) { } if (!empty($conf->banque->enabled)) { $langs->load("banks"); $rowspan++; $sectionauto[] = array('level'=>1, 'module'=>'banque', 'test'=>$conf->banque->enabled, 'label'=>$langs->trans("BankAccount"), 'desc'=>$langs->trans("ECMDocsBy", $langs->transnoentitiesnoconv("BankAccount"))); + $rowspan++; $sectionauto[] = array('level'=>1, 'module'=>'chequereceipt', 'test'=>$conf->banque->enabled, 'label'=>$langs->trans("CheckReceipt"), 'desc'=>$langs->trans("ECMDocsBy", $langs->transnoentitiesnoconv("CheckReceipt"))); } if (!empty($conf->mrp->enabled)) { $langs->load("mrp"); $rowspan++; $sectionauto[] = array('level'=>1, 'module'=>'mrp-mo', 'test'=>$conf->mrp->enabled, 'label'=>$langs->trans("MOs"), 'desc'=>$langs->trans("ECMDocsBy", $langs->transnoentitiesnoconv("ManufacturingOrders"))); diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index ba8547726b8..03938003dfb 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -122,7 +122,7 @@ if ($user->socid) { $result = restrictedArea($user, 'expedition', $object->id, ''); $permissiondellink = $user->rights->expedition->delivery->creer; // Used by the include of actions_dellink.inc.php -//var_dump($object->lines[0]->detail_batch); +$permissiontoadd = $user->rights->expedition->creer; /* @@ -152,7 +152,6 @@ if (empty($reshook)) { // Actions to build doc $upload_dir = $conf->expedition->dir_output.'/sending'; - $permissiontoadd = $user->rights->expedition->creer; include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; // Reopen diff --git a/htdocs/expedition/class/expedition.class.php b/htdocs/expedition/class/expedition.class.php index 14b09651756..50360f4365f 100644 --- a/htdocs/expedition/class/expedition.class.php +++ b/htdocs/expedition/class/expedition.class.php @@ -443,7 +443,7 @@ class Expedition extends CommonObject * @param array $array_options extrafields array * @return int <0 if KO, line_id if OK */ - public function create_line($entrepot_id, $origin_line_id, $qty, $rang = 0, $array_options = 0) + public function create_line($entrepot_id, $origin_line_id, $qty, $rang = 0, $array_options = null) { //phpcs:enable global $user; diff --git a/htdocs/expedition/document.php b/htdocs/expedition/document.php index ee0014a2f8d..df88cbe7a3f 100644 --- a/htdocs/expedition/document.php +++ b/htdocs/expedition/document.php @@ -76,6 +76,8 @@ if ($user->socid) { } $result = restrictedArea($user, 'expedition', $object->id, ''); +$permissiontoadd = $user->rights->expedition->creer; // Used by the include of actions_dellink.inc.php + /* * Actions diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php index fca9d9b9681..92c12f74e6d 100644 --- a/htdocs/expensereport/card.php +++ b/htdocs/expensereport/card.php @@ -139,6 +139,8 @@ if ($user->socid) { } $result = restrictedArea($user, 'expensereport', $object->id, 'expensereport'); +$permissiontoadd = $user->rights->expensereport->creer; // Used by the include of actions_dellink.inc.php + /* * Actions @@ -1339,7 +1341,6 @@ if (empty($reshook)) { // Actions to build doc $upload_dir = $conf->expensereport->dir_output; - $permissiontoadd = $user->rights->expensereport->creer; include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; } diff --git a/htdocs/expensereport/document.php b/htdocs/expensereport/document.php index d7ecea8fcc9..8c3b5f56549 100644 --- a/htdocs/expensereport/document.php +++ b/htdocs/expensereport/document.php @@ -44,13 +44,6 @@ $confirm = GETPOST('confirm', 'alpha'); $childids = $user->getAllChildIds(1); -// Security check -if ($user->socid) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'expensereport', $id, 'expensereport'); - - // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); @@ -81,6 +74,12 @@ $modulepart = 'trip'; // Load object //include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals +// Security check +if ($user->socid) { + $socid = $user->socid; +} +$result = restrictedArea($user, 'expensereport', $id, 'expensereport'); + if ($object->id > 0) { // Check current user can read this expense report $canread = 0; @@ -95,6 +94,8 @@ if ($object->id > 0) { } } +$permissiontoadd = $user->rights->expensereport->creer; // Used by the include of actions_dellink.inc.php + /* * Actions diff --git a/htdocs/fichinter/card.php b/htdocs/fichinter/card.php index a9b85840bca..32147367d4e 100644 --- a/htdocs/fichinter/card.php +++ b/htdocs/fichinter/card.php @@ -66,17 +66,13 @@ $originid = (GETPOST('originid', 'int') ?GETPOST('originid', 'int') : GETPOST('o $note_public = GETPOST('note_public', 'restricthtml'); $lineid = GETPOST('line_id', 'int'); +$error = 0; + //PDF $hidedetails = (GETPOST('hidedetails', 'int') ? GETPOST('hidedetails', 'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 1 : 0)); $hidedesc = (GETPOST('hidedesc', 'int') ? GETPOST('hidedesc', 'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 1 : 0)); $hideref = (GETPOST('hideref', 'int') ? GETPOST('hideref', 'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 1 : 0)); -// Security check -if ($user->socid) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'ficheinter', $id, 'fichinter'); - // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('interventioncard', 'globalcard')); @@ -96,11 +92,15 @@ if ($id > 0 || !empty($ref)) { } } +// Security check +if ($user->socid) { + $socid = $user->socid; +} +$result = restrictedArea($user, 'ficheinter', $id, 'fichinter'); + $permissionnote = $user->rights->ficheinter->creer; // Used by the include of actions_setnotes.inc.php $permissiondellink = $user->rights->ficheinter->creer; // Used by the include of actions_dellink.inc.php -$error = 0; - /* * Actions diff --git a/htdocs/fichinter/document.php b/htdocs/fichinter/document.php index 74ef0c57804..f3dae0d8318 100644 --- a/htdocs/fichinter/document.php +++ b/htdocs/fichinter/document.php @@ -78,6 +78,8 @@ $object->fetch($id, $ref); $upload_dir = $conf->ficheinter->dir_output.'/'.dol_sanitizeFileName($object->ref); $modulepart = 'fichinter'; +$permissiontoadd = $user->rights->ficheinter->creer; // Used by the include of actions_setnotes.inc.php + /* * Actions diff --git a/htdocs/fourn/commande/document.php b/htdocs/fourn/commande/document.php index aea8abed665..993830eb539 100644 --- a/htdocs/fourn/commande/document.php +++ b/htdocs/fourn/commande/document.php @@ -46,12 +46,6 @@ $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); -// Security check -if ($user->socid) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande'); - // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); @@ -81,6 +75,15 @@ if ($object->fetch($id, $ref) < 0) { $upload_dir = $conf->fournisseur->commande->dir_output.'/'.dol_sanitizeFileName($object->ref); $object->fetch_thirdparty(); +// Security check +$socid = 0; +if ($user->socid) { + $socid = $user->socid; +} +$result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande'); + +$permissiontoadd = ($user->rights->fournisseur->commande->creer || $user->rights->supplier_order->creer); // Used by the include of actions_setnotes.inc.php + /* * Actions diff --git a/htdocs/fourn/facture/document.php b/htdocs/fourn/facture/document.php index f6954635db1..4c4e92315f4 100644 --- a/htdocs/fourn/facture/document.php +++ b/htdocs/fourn/facture/document.php @@ -77,6 +77,8 @@ if ($object->fetch($id, $ref)) { $upload_dir = $conf->fournisseur->facture->dir_output.'/'.get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier').$ref; } +$permissiontoadd = ($user->rights->fournisseur->facture->creer || $user->rights->supplier_invoice->creer); // Used by the include of actions_setnotes.inc.php + /* * Actions diff --git a/htdocs/fourn/paiement/document.php b/htdocs/fourn/paiement/document.php index 05a13d901da..a29e9b0713c 100644 --- a/htdocs/fourn/paiement/document.php +++ b/htdocs/fourn/paiement/document.php @@ -79,6 +79,9 @@ if ($object->fetch($id, $ref)) { $upload_dir = $conf->fournisseur->payment->dir_output.'/'.dol_sanitizeFileName($object->ref); } +$permissiontoadd = ($user->rights->fournisseur->facture->creer || $user->rights->supplier_invoice->creer); // Used by the include of actions_setnotes.inc.php + + /* * Actions */ diff --git a/htdocs/holiday/document.php b/htdocs/holiday/document.php index 959543f436b..7dc086a113f 100644 --- a/htdocs/holiday/document.php +++ b/htdocs/holiday/document.php @@ -120,6 +120,7 @@ if ($user->socid) { } $result = restrictedArea($user, 'holiday', $object->id, 'holiday'); +$permissiontoadd = $user->rights->holiday->write; // Used by the include of actions_setnotes.inc.php /* diff --git a/htdocs/install/mysql/tables/llx_c_socialnetworks.key.sql b/htdocs/install/mysql/tables/llx_c_socialnetworks.key.sql index ee48185e187..3d3afb94d8a 100644 --- a/htdocs/install/mysql/tables/llx_c_socialnetworks.key.sql +++ b/htdocs/install/mysql/tables/llx_c_socialnetworks.key.sql @@ -16,4 +16,4 @@ -- ======================================================================== -ALTER TABLE llx_c_socialnetworks ADD UNIQUE INDEX idx_c_socialnetworks_code_entity (code, entity); +ALTER TABLE llx_c_socialnetworks ADD UNIQUE INDEX idx_c_socialnetworks_code_entity (entity, code); diff --git a/htdocs/install/step2.php b/htdocs/install/step2.php index 1835c87f759..30bee881584 100644 --- a/htdocs/install/step2.php +++ b/htdocs/install/step2.php @@ -570,19 +570,27 @@ dolibarr_install_syslog("Exit ".$ret); dolibarr_install_syslog("- step2: end"); +// Force here a value we need after because master.inc.php is not loaded into step2. +// This code must be similar with the one into main.inc.php +$conf->file->instance_unique_id = (empty($dolibarr_main_instance_unique_id) ? (empty($dolibarr_main_cookie_cryptkey) ? '' : $dolibarr_main_cookie_cryptkey) : $dolibarr_main_instance_unique_id); // Unique id of instance -$out = ' '; +$hash_unique_id = md5('dolibarr'.$conf->file->instance_unique_id); + +$out = 'global->MAIN_FIRST_PING_OK_ID) && $conf->global->MAIN_FIRST_PING_OK_ID == 'disabled') ? '' : ' value="checked" checked="true"').'> '; $out .= ''; $out .= ''; $out .= ''; diff --git a/htdocs/knowledgemanagement/knowledgerecord_document.php b/htdocs/knowledgemanagement/knowledgerecord_document.php index f3d23fba4bd..90bb9f736cc 100644 --- a/htdocs/knowledgemanagement/knowledgerecord_document.php +++ b/htdocs/knowledgemanagement/knowledgerecord_document.php @@ -80,7 +80,7 @@ if ($id > 0 || !empty($ref)) { //if ($user->socid > 0) $socid = $user->socid; //$result = restrictedArea($user, 'knowledgemanagement', $object->id); -$permissiontoadd = $user->rights->knowledgemanagement->knowledgerecord->write; // Used by the include of actions_addupdatedelete.inc.php +$permissiontoadd = $user->rights->knowledgemanagement->knowledgerecord->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php diff --git a/htdocs/loan/document.php b/htdocs/loan/document.php index 2d6bfef3079..a151615bd35 100644 --- a/htdocs/loan/document.php +++ b/htdocs/loan/document.php @@ -71,6 +71,8 @@ if ($id > 0) { $upload_dir = $conf->loan->dir_output.'/'.dol_sanitizeFileName($object->ref); $modulepart = 'loan'; +$permissiontoadd = $user->rights->loan->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php + /* * Actions diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 4d233b9a290..c1f3231c737 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -1795,7 +1795,6 @@ function top_menu($head, $title = '', $target = '', $disablejs = 0, $disablehead global $hookmanager, $menumanager; $searchform = ''; - $bookmarks = ''; // Instantiate hooks for external modules $hookmanager->initHooks(array('toprightmenu')); @@ -1825,7 +1824,7 @@ function top_menu($head, $title = '', $target = '', $disablejs = 0, $disablehead // Show menu entries print '
'."\n"; $menumanager->atarget = $target; - $menumanager->showmenu('top', array('searchform'=>$searchform, 'bookmarks'=>$bookmarks)); // This contains a \n + $menumanager->showmenu('top', array('searchform'=>$searchform)); // This contains a \n print "
\n"; // Define link to login card @@ -1890,7 +1889,7 @@ function top_menu($head, $title = '', $target = '', $disablejs = 0, $disablehead } // Link to print main content area - if (empty($conf->global->MAIN_PRINT_DISABLELINK) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER) && $conf->browser->layout != 'phone') { + if (empty($conf->global->MAIN_PRINT_DISABLELINK) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) { $qs = dol_escape_htmltag($_SERVER["QUERY_STRING"]); if (isset($_POST) && is_array($_POST)) { @@ -2712,7 +2711,6 @@ function left_menu($menu_array_before, $helppagename = '', $notused = '', $menu_ global $hookmanager, $menumanager; $searchform = ''; - $bookmarks = ''; if (!empty($menu_array_before)) { dol_syslog("Deprecated parameter menu_array_before was used when calling main::left_menu function. Menu entries of module should now be defined into module descriptor and not provided when calling left_menu.", LOG_WARNING); @@ -2783,7 +2781,7 @@ function left_menu($menu_array_before, $helppagename = '', $notused = '', $menu_ // Show left menu with other forms $menumanager->menu_array = $menu_array_before; $menumanager->menu_array_after = $menu_array_after; - $menumanager->showmenu('left', array('searchform'=>$searchform, 'bookmarks'=>$bookmarks)); // output menu_array and menu found in database + $menumanager->showmenu('left', array('searchform'=>$searchform)); // output menu_array and menu found in database // Dolibarr version + help + bug report link print "\n"; @@ -3225,6 +3223,7 @@ if (!function_exists("llxFooter")) { if (($_SERVER["PHP_SELF"] == DOL_URL_ROOT.'/index.php') || $forceping) { //print ''; $hash_unique_id = md5('dolibarr'.$conf->file->instance_unique_id); + if (empty($conf->global->MAIN_FIRST_PING_OK_DATE) || (!empty($conf->file->instance_unique_id) && ($hash_unique_id != $conf->global->MAIN_FIRST_PING_OK_ID) && ($conf->global->MAIN_FIRST_PING_OK_ID != 'disabled')) || $forceping) { @@ -3233,7 +3232,7 @@ if (!function_exists("llxFooter")) { print "\n\n"; } elseif (empty($_COOKIE['DOLINSTALLNOPING_'.$hash_unique_id]) || $forceping) { // Cookie is set when we uncheck the checkbox in the installation wizard. // MAIN_LAST_PING_KO_DATE - // Disable ping if MAIN_LAST_PING_KO_DATE is set and is recent + // Disable ping if MAIN_LAST_PING_KO_DATE is set and is recent (this month) if (!empty($conf->global->MAIN_LAST_PING_KO_DATE) && substr($conf->global->MAIN_LAST_PING_KO_DATE, 0, 6) == dol_print_date(dol_now(), '%Y%m') && !$forceping) { print "\n\n"; } else { diff --git a/htdocs/mrp/mo_document.php b/htdocs/mrp/mo_document.php index 7e297206b3d..c81ed1f995e 100644 --- a/htdocs/mrp/mo_document.php +++ b/htdocs/mrp/mo_document.php @@ -83,12 +83,14 @@ if ($id > 0 || !empty($ref)) { $isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); $result = restrictedArea($user, 'mrp', $object->id, 'mrp_mo', '', 'fk_soc', 'rowid', $isdraft); +$permissiontoadd = $user->rights->mrp->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php + /* * Actions */ -include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; +include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php /* diff --git a/htdocs/multicurrency/class/multicurrency.class.php b/htdocs/multicurrency/class/multicurrency.class.php index 73eab7773bd..0dc9f7ce63a 100644 --- a/htdocs/multicurrency/class/multicurrency.class.php +++ b/htdocs/multicurrency/class/multicurrency.class.php @@ -643,13 +643,12 @@ class MultiCurrency extends CommonObject include_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php'; - $urlendpoint = 'http://apilayer.net/api/live?access_key='.$key; - //$urlendpoint.='&format=1'; - $urlendpoint .= (empty($conf->global->MULTICURRENCY_APP_SOURCE) ? '' : '&source='.$conf->global->MULTICURRENCY_APP_SOURCE); + $urlendpoint = 'http://api.currencylayer.com/live?access_key='.$key; + $urlendpoint .= '&source=' . (empty($conf->global->MULTICURRENCY_APP_SOURCE) ? 'USD' : $conf->global->MULTICURRENCY_APP_SOURCE); dol_syslog("Call url endpoint ".$urlendpoint); - $resget = getURLContent($urlendpoint, 'GET', '', 1, array(), array('http', 'https'), 1); + $resget = getURLContent($urlendpoint); if ($resget['content']) { $response = $resget['content']; diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 995694f3989..79418b83c43 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -179,6 +179,9 @@ if ($object->id > 0) { // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productcard', 'globalcard')); +$usercanread = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->lire) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->lire)); +$usercancreate = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->creer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->creer)); +$usercandelete = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->supprimer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->supprimer)); /* @@ -189,9 +192,6 @@ if ($cancel) { $action = ''; } -$usercanread = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->lire) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->lire)); -$usercancreate = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->creer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->creer)); -$usercandelete = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->supprimer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->supprimer)); $createbarcode = empty($conf->barcode->enabled) ? 0 : 1; if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->barcode->creer_advance)) { $createbarcode = 0; diff --git a/htdocs/product/document.php b/htdocs/product/document.php index 0b15ad7a85c..230f8375538 100644 --- a/htdocs/product/document.php +++ b/htdocs/product/document.php @@ -96,8 +96,6 @@ if ($id > 0 || !empty($ref)) { $modulepart = 'produit'; -$permissiontoadd = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->creer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->creer)); - if ($object->id > 0) { if ($object->type == $object::TYPE_PRODUCT) { restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); @@ -109,6 +107,8 @@ if ($object->id > 0) { restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); } +$permissiontoadd = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->creer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->creer)); + /* * Actions diff --git a/htdocs/product/stock/card.php b/htdocs/product/stock/card.php index 7b81b147b1d..e485ea3d543 100644 --- a/htdocs/product/stock/card.php +++ b/htdocs/product/stock/card.php @@ -87,6 +87,10 @@ if ($id > 0 || !empty($ref)) { } } +$usercanread = (($user->rights->stock->lire)); +$usercancreate = (($user->rights->stock->creer)); +$usercandelete = (($user->rights->stock->supprimer)); + /* * Actions @@ -94,10 +98,6 @@ if ($id > 0 || !empty($ref)) { $error = 0; -$usercanread = (($user->rights->stock->lire)); -$usercancreate = (($user->rights->stock->creer)); -$usercandelete = (($user->rights->stock->supprimer)); - $parameters = array('id'=>$id, 'ref'=>$ref); $reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { diff --git a/htdocs/product/stock/massstockmove.php b/htdocs/product/stock/massstockmove.php index af6d6c08740..d7bd8bee9b4 100644 --- a/htdocs/product/stock/massstockmove.php +++ b/htdocs/product/stock/massstockmove.php @@ -443,6 +443,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes') { */ $now = dol_now(); +$error = 0; $form = new Form($db); $formproduct = new FormProduct($db); diff --git a/htdocs/product/stock/productlot_document.php b/htdocs/product/stock/productlot_document.php index 08b565c90a0..c6e72c6f0da 100644 --- a/htdocs/product/stock/productlot_document.php +++ b/htdocs/product/stock/productlot_document.php @@ -100,6 +100,7 @@ if (empty($upload_dir)) { $permissiontoread = $usercanread; $permissiontoadd = $usercancreate; +$permtoedit = $user->rights->produit->creer; //$permissiontodelete = $usercandelete; // Security check @@ -130,8 +131,6 @@ if (empty($reshook)) { include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; } -$permtoedit = $user->rights->produit->creer; - /* * View diff --git a/htdocs/projet/document.php b/htdocs/projet/document.php index db1f63fe8de..1bfbb9aa4a6 100644 --- a/htdocs/projet/document.php +++ b/htdocs/projet/document.php @@ -82,6 +82,7 @@ $socid = 0; //if ($user->socid > 0) $socid = $user->socid; // For external user, no check is done on company because readability is managed by public status of project and assignement. $result = restrictedArea($user, 'projet', $id, 'projet&project'); +$permissiontoadd = $user->rights->projet->creer; /* diff --git a/htdocs/projet/tasks/document.php b/htdocs/projet/tasks/document.php index a1e708b6a46..c60e3324741 100644 --- a/htdocs/projet/tasks/document.php +++ b/htdocs/projet/tasks/document.php @@ -74,6 +74,7 @@ $socid = 0; restrictedArea($user, 'projet', $object->fk_project, 'projet&project'); +$permissiontoadd = $$user->rights->mrp->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php /* diff --git a/htdocs/resource/agenda.php b/htdocs/resource/agenda.php index 6f9cfa8ce34..bf300141bc4 100644 --- a/htdocs/resource/agenda.php +++ b/htdocs/resource/agenda.php @@ -71,14 +71,18 @@ if (!$sortorder) { $sortorder = 'DESC,DESC'; } -$object = new DolResource($db); -$object->fetch($id, $ref); - // Initialize technical objects //$object=new MyObject($db); $extrafields = new ExtraFields($db); $hookmanager->initHooks(array('agendaresource')); +$object = new DolResource($db); + +// Load object +include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once. + +$result = restrictedArea($user, 'resource', $object->id, 'resource'); + // Security check if (!$user->rights->resource->read) { accessforbidden(); diff --git a/htdocs/resource/card.php b/htdocs/resource/card.php index 989aa4ccf91..f89e16da3f9 100644 --- a/htdocs/resource/card.php +++ b/htdocs/resource/card.php @@ -48,10 +48,6 @@ if ($user->socid > 0) { accessforbidden(); } -if (!$user->rights->resource->read) { - accessforbidden(); -} - $object = new Dolresource($db); $extrafields = new ExtraFields($db); @@ -59,6 +55,14 @@ $extrafields = new ExtraFields($db); // fetch optionals attributes and labels $extrafields->fetch_name_optionals_label($object->table_element); +// Load object +include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once. + + +$result = restrictedArea($user, 'resource', $object->id, 'resource'); + +$permissiontoadd = $user->rights->resource->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php + /* diff --git a/htdocs/resource/contact.php b/htdocs/resource/contact.php index 811bb476430..aca47d49743 100644 --- a/htdocs/resource/contact.php +++ b/htdocs/resource/contact.php @@ -38,14 +38,21 @@ $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); +$object = new DolResource($db); + +// Load object +include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once. + // Security check if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'resource', $id, 'resource'); +$result = restrictedArea($user, 'resource', $object->id, 'resource'); -$object = new DolResource($db); -$result = $object->fetch($id, $ref); +// Security check +if (!$user->rights->resource->read) { + accessforbidden(); +} /* diff --git a/htdocs/resource/document.php b/htdocs/resource/document.php index fec869d5620..001598d2023 100644 --- a/htdocs/resource/document.php +++ b/htdocs/resource/document.php @@ -70,11 +70,17 @@ if (!$sortfield) { $object = new DolResource($db); -$object->fetch($id, $ref); + +// Load object +include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once. $upload_dir = $conf->resource->dir_output.'/'.dol_sanitizeFileName($object->ref); $modulepart = 'resource'; +$result = restrictedArea($user, 'resource', $object->id, 'resource'); + +$permissiontoadd = $user->rights->resource->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles + /* * Actions diff --git a/htdocs/resource/element_resource.php b/htdocs/resource/element_resource.php index 4a51f1dfbb3..e6a8a02d59a 100644 --- a/htdocs/resource/element_resource.php +++ b/htdocs/resource/element_resource.php @@ -76,6 +76,19 @@ if ($socid > 0) { // Special for thirdparty $element = 'societe'; } +// Permission is not permission on resources. We just make link here on objects. +if ($element == 'action') { + $result = restrictedArea($user, 'agenda', $element_id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id'); +} +if ($element == 'fichinter') { + $result = restrictedArea($user, 'ficheinter', $element_id, 'fichinter'); +} +if ($element == 'product' || $element == 'service') { // When RESOURCE_ON_PRODUCTS or RESOURCE_ON_SERVICES is set + $tmpobject = new Product($db); + $tmpobject->fetch($element_id); + $fieldtype = $tmpobject->type; + $result = restrictedArea($user, 'produit|service', $element_id, 'product&product', '', '', $fieldtype); +} /* @@ -370,9 +383,9 @@ if (!$ret) { // Date start print ''.$langs->trans("DateActionStart").''; if (!$act->fulldayevent) { - print dol_print_date($act->datep, 'dayhour'); + print dol_print_date($act->datep, 'dayhour', 'tzuser'); } else { - print dol_print_date($act->datep, 'day'); + print dol_print_date($act->datep, 'day', 'tzuser'); } if ($act->percentage == 0 && $act->datep && $act->datep < ($now - $delay_warning)) { print img_warning($langs->trans("Late")); @@ -383,9 +396,9 @@ if (!$ret) { // Date end print ''.$langs->trans("DateActionEnd").''; if (!$act->fulldayevent) { - print dol_print_date($act->datef, 'dayhour'); + print dol_print_date($act->datef, 'dayhour', 'tzuser'); } else { - print dol_print_date($act->datef, 'day'); + print dol_print_date($act->datef, 'day', 'tzuser'); } if ($act->percentage > 0 && $act->percentage < 100 && $act->datef && $act->datef < ($now - $delay_warning)) { print img_warning($langs->trans("Late")); diff --git a/htdocs/resource/list.php b/htdocs/resource/list.php index 356df3a746e..4e7a5c57ae7 100644 --- a/htdocs/resource/list.php +++ b/htdocs/resource/list.php @@ -66,10 +66,10 @@ $filter = array(); $param = ''; if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) { - $param .= '&contextpage='.urlencode($contextpage); + $param .= '&contextpage='.urlencode($contextpage); } if ($limit > 0 && $limit != $conf->liste_limit) { - $param .= '&limit='.urlencode($limit); + $param .= '&limit='.urlencode($limit); } if ($search_ref != '') { @@ -126,9 +126,6 @@ $offset = $limit * $page; $pageprev = $page - 1; $pagenext = $page + 1; -if (!$user->rights->resource->read) { - accessforbidden(); -} $arrayfields = array( 't.ref' => array( 'label' => $langs->trans("Ref"), @@ -156,6 +153,10 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x' $filter = array(); } +if (empty($user->rights->resource->read)) { + accessforbidden(); +} + /* * Action diff --git a/htdocs/resource/note.php b/htdocs/resource/note.php index b43c9f8cb37..98efb72d55b 100644 --- a/htdocs/resource/note.php +++ b/htdocs/resource/note.php @@ -43,10 +43,12 @@ if ($user->socid) { // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('resourcenote')); -$result = restrictedArea($user, 'resource', $id, 'resource'); - $object = new DolResource($db); -$object->fetch($id, $ref); + +// Load object +include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once. + +$result = restrictedArea($user, 'resource', $object->id, 'resource'); $permissionnote = $user->rights->resource->write; // Used by the include of actions_setnotes.inc.php diff --git a/htdocs/salaries/document.php b/htdocs/salaries/document.php index 4f49858eb7a..47d03e62380 100644 --- a/htdocs/salaries/document.php +++ b/htdocs/salaries/document.php @@ -104,6 +104,8 @@ if ($user->socid) { } restrictedArea($user, 'salaries', $object->id, 'salary', ''); +$permissiontoadd = $user->rights->salaries->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles + /* * Actions diff --git a/htdocs/societe/document.php b/htdocs/societe/document.php index 23720ebd54c..9ce01c64638 100644 --- a/htdocs/societe/document.php +++ b/htdocs/societe/document.php @@ -85,6 +85,8 @@ if ($user->socid > 0) { } $result = restrictedArea($user, 'societe', $object->id, '&societe'); +$permissiontoadd = $user->rights->societe->creer; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles + /* * Actions diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index 8aaa12c6562..d071e8f9921 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -1094,7 +1094,7 @@ if (!empty($arrayfields['country.code_iso']['checked'])) { if (!empty($arrayfields['typent.code']['checked'])) { print ''; // We use showempty=0 here because there is already an unknown value into dictionary. - print $form->selectarray("search_type_thirdparty", $formcompany->typent_array(0), $search_type_thirdparty, 1, 0, 0, '', 0, 0, 0, (empty($conf->global->SOCIETE_SORT_ON_TYPEENT) ? 'ASC' : $conf->global->SOCIETE_SORT_ON_TYPEENT), 'minwidth50 maxwidth100', 1); + print $form->selectarray("search_type_thirdparty", $formcompany->typent_array(0), $search_type_thirdparty, 1, 0, 0, '', 0, 0, 0, (empty($conf->global->SOCIETE_SORT_ON_TYPEENT) ? 'ASC' : $conf->global->SOCIETE_SORT_ON_TYPEENT), 'minwidth50 maxwidth125', 1); print ''; } // Multiprice level @@ -1508,11 +1508,13 @@ while ($i < min($num, $limit)) { } // Type ent if (!empty($arrayfields['typent.code']['checked'])) { - print ''; if (!isset($typenArray) || !is_array($typenArray) || count($typenArray) == 0) { $typenArray = $formcompany->typent_array(1); } - print empty($typenArray[$obj->typent_code]) ? '' : $typenArray[$obj->typent_code]; + $labeltypeofcompany= empty($typenArray[$obj->typent_code]) ? '' : $typenArray[$obj->typent_code]; + + print ''; + print dol_escape_htmltag($labeltypeofcompany); print ''; if (!$i) { $totalarray['nbfield']++; diff --git a/htdocs/supplier_proposal/document.php b/htdocs/supplier_proposal/document.php index 2795c006723..3d5ce3fbb47 100644 --- a/htdocs/supplier_proposal/document.php +++ b/htdocs/supplier_proposal/document.php @@ -73,6 +73,15 @@ $object->fetch($id, $ref); if ($object->id > 0) { $object->fetch_thirdparty(); $upload_dir = $conf->supplier_proposal->dir_output.'/'.dol_sanitizeFileName($object->ref); +} + + + +/* + * Actions + */ + +if ($object->id > 0) { include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; } @@ -80,6 +89,7 @@ if ($object->id > 0) { /* * View */ + $title = $langs->trans('CommRequest')." - ".$langs->trans('Documents'); $help_url = 'EN:Ask_Price_Supplier|FR:Demande_de_prix_fournisseur'; llxHeader('', $title, $help_url); diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index 81f99ba381a..b3c13594939 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -6870,6 +6870,29 @@ div.clipboardCPValue.hidewithsize { display: none; } +/* To make a div popup, we must use a position aboluste inside a position relative */ +.clipboardCPText { + position: relative; +} +.clipboardCPTextDivInside { + position: absolute; + background: #f8f8fa; + color: #888; + border: 1px solid #E0E0E0; + opacity: 1; + z-index: 20; + padding: 2px; + padding-left: 5px; + padding-right: 5px; + top: -5px; + left: 0px; + border-radius: 5px; + white-space: nowrap; + font-size: 0.9em; + box-shadow: 1px 1px 6px #ddd; +} + + /* ============================================================================== */ /* CSS style used for small screen */ @@ -7027,7 +7050,7 @@ div.clipboardCPValue.hidewithsize { padding-left: 20px; padding-right: 20px; padding-bottom: 16px; - top: inherit !important; + top: auto; left: 0 !important; text-align: center; vertical-align: middle; diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index c38eb032e0a..bd4ebed0b49 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -1869,11 +1869,6 @@ body.sidebar-collapse .side-nav, body.sidebar-collapse .login_block .side-nav-vert { margin-left: 0; } -div.login_block { - /* border-right: none ! important; */ - top: inherit !important; - border-right: 1px solid rgba(0,0,0,0.3); -} .side-nav { : 0; - top: 0px; browser->layout, array('phone', 'tablet')) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) { ?> position: absolute; @@ -6708,6 +6698,30 @@ div.clipboardCPValue.hidewithsize { display: none; } +/* To make a div popup, we must use a position aboluste inside a position relative */ + +.clipboardCPText { + position: relative; +} +.clipboardCPTextDivInside { + position: absolute; + background: #EEE; + color: 888; + border: 1px solid #DDD; + opacity: 1; + z-index: 20; + padding: 2px; + padding-left: 4px; + padding-right: 4px; + top: -5px; + left: 0px; + border-radius: 5px; + white-space: nowrap; + font-size: 0.95em; + box-shadow: 1px 1px 6px #ddd; +} + + /* ============================================================================== */ /* CSS style used for small screen */ @@ -6810,6 +6824,11 @@ div.clipboardCPValue.hidewithsize { /* rule to reduce top menu - 3rd reduction */ @media only screen and (max-width: 570px) { + div.login_block { + border-right: 1px solid rgba(0,0,0,0.3); + top: auto; + } + div#tmenu_tooltip { display:none; @@ -6821,6 +6840,10 @@ div.clipboardCPValue.hidewithsize { min-width: 30px; } + div.login_block { + border-right: 1px solid rgba(0,0,0,0.3); + } + div.tmenucenter { text-overflow: clip; } diff --git a/htdocs/ticket/document.php b/htdocs/ticket/document.php index aa83b7c1038..e9f9dbbb145 100644 --- a/htdocs/ticket/document.php +++ b/htdocs/ticket/document.php @@ -70,7 +70,7 @@ if ($result < 0) { $upload_dir = $conf->ticket->dir_output."/".dol_sanitizeFileName($object->ref); } -$permissiontoadd = $user->rights->ticket->write; +$permissiontoadd = $user->rights->ticket->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles // Security check - Protection if external user $result = restrictedArea($user, 'ticket', $object->id); diff --git a/htdocs/user/document.php b/htdocs/user/document.php index a5d88d04c5d..9bd109ec5fb 100644 --- a/htdocs/user/document.php +++ b/htdocs/user/document.php @@ -60,7 +60,7 @@ if ($id) { || (($user->id != $id) && $user->rights->user->user->password)); } -$permissiontoadd = $caneditfield; +$permissiontoadd = $caneditfield; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles $permtoedit = $caneditfield; // Security check @@ -107,6 +107,7 @@ if ($id > 0 || !empty($ref)) { $hookmanager->initHooks(array('usercard', 'userdoc', 'globalcard')); + /* * Actions */ @@ -139,8 +140,6 @@ if ($object->id) { } $head = user_prepare_head($object); - $form = new Form($db); - print dol_get_fiche_head($head, 'document', $langs->trans("User"), -1, 'user'); $linkback = ''; diff --git a/htdocs/website/index.php b/htdocs/website/index.php index 78f3e3de232..7a6c24c58f7 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -339,6 +339,7 @@ if ($action == 'replacesiteconfirm') { } $usercanedit = $user->rights->website->write; +$permissiontoadd = $user->rights->website->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles $permissiontodelete = $user->rights->website->delete; diff --git a/htdocs/workstation/workstation_document.php b/htdocs/workstation/workstation_document.php index 7c5d654a7d9..22157106154 100755 --- a/htdocs/workstation/workstation_document.php +++ b/htdocs/workstation/workstation_document.php @@ -74,12 +74,12 @@ if ($id > 0 || !empty($ref)) { $upload_dir = $conf->workstation->multidir_output[$object->entity ? $object->entity : $conf->entity]."/workstation/".get_exdir(0, 0, 0, 1, $object); } -$permissiontoadd = $user->rights->workstation->workstation->write; // Used by the include of actions_addupdatedelete.inc.php - // Security check $isdraft = 0; restrictedArea($user, $object->element, $object->id, $object->table_element, 'workstation', 'fk_soc', 'rowid', $isdraft); +$permissiontoadd = $user->rights->workstation->workstation->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles + /* * Actions