Merge remote-tracking branch 'origin/3.7' into 3.7_bug
This commit is contained in:
Regis Houssin
commit
535d3bc087
@ -1,6 +1,7 @@
|
||||
<?php
|
||||
/* Copyright (C) 2008-2011 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2011-2014 Juanjo Menent <jmenent@2byte.es>
|
||||
/* Copyright (C) 2008-2011 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2011-2014 Juanjo Menent <jmenent@2byte.es>
|
||||
* Copyright (C) 2016 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -91,7 +92,7 @@ if ($actionsave)
|
||||
// Save nb of agenda
|
||||
if (! $error)
|
||||
{
|
||||
$res=dolibarr_set_const($db,'AGENDA_EXT_NB',trim(GETPOST('AGENDA_EXT_NB','alpha')),'chaine',0,'',$conf->entity);
|
||||
$res=dolibarr_set_const($db,'AGENDA_EXT_NB',trim(GETPOST('AGENDA_EXT_NB','int')),'chaine',0,'',$conf->entity);
|
||||
if (! $res > 0) $error++;
|
||||
if (empty($conf->global->AGENDA_EXT_NB)) $conf->global->AGENDA_EXT_NB=5;
|
||||
$MAXAGENDA=empty($conf->global->AGENDA_EXT_NB)?5:$conf->global->AGENDA_EXT_NB;
|
||||
@ -205,9 +206,9 @@ while ($i <= $MAXAGENDA)
|
||||
// Nb
|
||||
print '<td width="180" class="nowrap">'.$langs->trans("AgendaExtNb",$key)."</td>";
|
||||
// Name
|
||||
print '<td><input type="text" class="flat hideifnotset" name="AGENDA_EXT_NAME'.$key.'" value="'. (GETPOST('AGENDA_EXT_NAME'.$key)?GETPOST('AGENDA_EXT_NAME'.$key):$conf->global->$name) . '" size="28"></td>';
|
||||
print '<td><input type="text" class="flat hideifnotset" name="AGENDA_EXT_NAME'.$key.'" value="'. (GETPOST('AGENDA_EXT_NAME'.$key)?GETPOST('AGENDA_EXT_NAME'.$key, 'alpha'):$conf->global->$name) . '" size="28"></td>';
|
||||
// URL
|
||||
print '<td><input type="url" class="flat hideifnotset" name="AGENDA_EXT_SRC'.$key.'" value="'. (GETPOST('AGENDA_EXT_SRC'.$key)?GETPOST('AGENDA_EXT_SRC'.$key):$conf->global->$src) . '" size="60"></td>';
|
||||
print '<td><input type="url" class="flat hideifnotset" name="AGENDA_EXT_SRC'.$key.'" value="'. (GETPOST('AGENDA_EXT_SRC'.$key)?GETPOST('AGENDA_EXT_SRC'.$key, 'alpha'):$conf->global->$src) . '" size="60"></td>';
|
||||
// Color (Possible colors are limited by Google)
|
||||
print '<td class="nowrap" align="right">';
|
||||
//print $formadmin->selectColor($conf->global->$color, "google_agenda_color".$key, $colorlist);
|
||||
|
||||
@ -9,6 +9,7 @@
|
||||
* Copyright (C) 2012-2015 Marcos García <marcosgdf@gmail.com>
|
||||
* Copyright (C) 2012 Christophe Battarel <christophe.battarel@ltairis.fr>
|
||||
* Copyright (C) 2011-2014 Alexandre Spangaro <alexandre.spangaro@gmail.com>
|
||||
* Copyright (C) 2015 Ferran Marcet <fmarcet@2byte.es>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -154,7 +155,7 @@ $tabsql[21]= "SELECT c.rowid as rowid, code, label, active FROM ".MAIN_DB_PREFIX
|
||||
$tabsql[22]= "SELECT rowid as rowid, code, label, active FROM ".MAIN_DB_PREFIX."c_input_reason";
|
||||
$tabsql[23]= "SELECT t.rowid, t.taux, c.label as country, c.code as country_code, t.fk_pays as country_id, t.note, t.active, t.accountancy_code_sell, t.accountancy_code_buy FROM ".MAIN_DB_PREFIX."c_revenuestamp as t, ".MAIN_DB_PREFIX."c_country as c WHERE t.fk_pays=c.rowid";
|
||||
$tabsql[24]= "SELECT rowid as rowid, code, label, active FROM ".MAIN_DB_PREFIX."c_type_resource";
|
||||
$tabsql[25]= "SELECT rowid as rowid, label, type_template, private, position, topic, content, active FROM ".MAIN_DB_PREFIX."c_email_templates";
|
||||
$tabsql[25]= "SELECT rowid as rowid, label, type_template, private, position, topic, content, active FROM ".MAIN_DB_PREFIX."c_email_templates WHERE entity IN (".getEntity('email_template',1).")";
|
||||
|
||||
// Criteria to sort dictionaries
|
||||
$tabsqlsort=array();
|
||||
@ -266,7 +267,7 @@ $tabfieldinsert[21]= "code,label";
|
||||
$tabfieldinsert[22]= "code,label";
|
||||
$tabfieldinsert[23]= "fk_pays,taux,accountancy_code_sell,accountancy_code_buy,note";
|
||||
$tabfieldinsert[24]= "code,label";
|
||||
$tabfieldinsert[25]= "label,type_template,private,position,topic,content";
|
||||
$tabfieldinsert[25]= "label,type_template,private,position,topic,content,entity";
|
||||
|
||||
// Nom du rowid si le champ n'est pas de type autoincrement
|
||||
// Example: "" if id field is "rowid" and has autoincrement on
|
||||
|
||||
@ -308,7 +308,13 @@ if (! empty($conf->margin->enabled))
|
||||
if (npRate == "np_marginRate")
|
||||
price = ((bpjs * (1 + ratejs / 100)) / (1 - remisejs / 100));
|
||||
else if (npRate == "np_markRate")
|
||||
price = ((bpjs / (1 - ratejs / 100)) / (1 - remisejs / 100));
|
||||
{
|
||||
if (ratejs != 100) // If markRate is 100, it means buying price is 0, so it is not possible to retreive price from it and markRate. We keep it unchange
|
||||
{
|
||||
price = ((bpjs / (1 - (ratejs / 100))) / (1 - remisejs / 100));
|
||||
}
|
||||
else price=$("input[name='price_ht']:first").val();
|
||||
}
|
||||
}
|
||||
$("input[name='price_ht']:first").val(price); // TODO Must use a function like php price to have here a formated value
|
||||
|
||||
|
||||
@ -97,7 +97,8 @@ function test_sql_and_script_inject($val, $type)
|
||||
// All examples on page: http://ha.ckers.org/xss.html#XSScalc
|
||||
$sql_inj += preg_match('/<script/i', $val);
|
||||
if (! defined('NOSTYLECHECK')) $sql_inj += preg_match('/<style/i', $val);
|
||||
$sql_inj += preg_match('/base[\s]+href/i', $val);
|
||||
$sql_inj += preg_match('/base[\s]+href/si', $val);
|
||||
$sql_inj += preg_match('/<.*onmouseover/si', $val); // onmouseover can be set on img or any html tag like <img title='>' onmouseover=alert(1)>
|
||||
if ($type == 1)
|
||||
{
|
||||
$sql_inj += preg_match('/javascript:/i', $val);
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
* Copyright (C) 2004-2014 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2005-2012 Regis Houssin <regis.houssin@capnetworks.com>
|
||||
* Copyright (C) 2014 Charles-Fr Benke <charles.fr@benke.fr>
|
||||
* Copyright (C) 2016 Ferran Marcet <fmarcet@2byte.es>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -125,9 +126,9 @@ if ($result)
|
||||
while ($objp = $db->fetch_object($result))
|
||||
{
|
||||
$found=0;
|
||||
if (! empty($conf->societe->enabled) && empty($conf->global->SOCIETE_DISABLE_CUSTOMERS_STATS) && ($objp->client == 1 || $objp->client == 3)) { $found=1; $third['customer']++; }
|
||||
if (! empty($conf->societe->enabled) && empty($conf->global->SOCIETE_DISABLE_PROSPECTS_STATS) && ($objp->client == 2 || $objp->client == 3)) { $found=1; $third['prospect']++; }
|
||||
if (! empty($conf->fournisseur->enabled) && empty($conf->global->SOCIETE_DISABLE_SUPPLIERS_STATS) && $objp->fournisseur) { $found=1; $third['supplier']++; }
|
||||
if (! empty($conf->societe->enabled) && empty($conf->global->SOCIETE_DISABLE_CUSTOMERS_STATS) && $user->rights->societe->lire && ($objp->client == 1 || $objp->client == 3)) { $found=1; $third['customer']++; }
|
||||
if (! empty($conf->societe->enabled) && empty($conf->global->SOCIETE_DISABLE_PROSPECTS_STATS) && $user->rights->societe->lire && ($objp->client == 2 || $objp->client == 3)) { $found=1; $third['prospect']++; }
|
||||
if (! empty($conf->fournisseur->enabled) && empty($conf->global->SOCIETE_DISABLE_SUPPLIERS_STATS) && $user->rights->fournisseur->lire && $objp->fournisseur) { $found=1; $third['supplier']++; }
|
||||
if (! empty($conf->societe->enabled) && $objp->client == 0 && $objp->fournisseur == 0) { $found=1; $third['other']++; }
|
||||
if ($found) $total++;
|
||||
}
|
||||
@ -140,9 +141,9 @@ if (! empty($conf->use_javascript_ajax) && ((round($third['prospect'])?1:0)+(rou
|
||||
{
|
||||
print '<tr '.$bc[0].'><td align="center" colspan="2">';
|
||||
$dataseries=array();
|
||||
if (! empty($conf->societe->enabled) && empty($conf->global->SOCIETE_DISABLE_PROSPECTS_STATS)) $dataseries[]=array('label'=>$langs->trans("Prospects"),'data'=>round($third['prospect']));
|
||||
if (! empty($conf->societe->enabled) && empty($conf->global->SOCIETE_DISABLE_CUSTOMERS_STATS)) $dataseries[]=array('label'=>$langs->trans("Customers"),'data'=>round($third['customer']));
|
||||
if (! empty($conf->fournisseur->enabled) && empty($conf->global->SOCIETE_DISABLE_SUPPLIERS_STATS)) $dataseries[]=array('label'=>$langs->trans("Suppliers"),'data'=>round($third['supplier']));
|
||||
if (! empty($conf->societe->enabled) && empty($conf->global->SOCIETE_DISABLE_PROSPECTS_STATS) && $user->rights->societe->lire) $dataseries[]=array('label'=>$langs->trans("Prospects"),'data'=>round($third['prospect']));
|
||||
if (! empty($conf->societe->enabled) && empty($conf->global->SOCIETE_DISABLE_CUSTOMERS_STATS) && $user->rights->societe->lire) $dataseries[]=array('label'=>$langs->trans("Customers"),'data'=>round($third['customer']));
|
||||
if (! empty($conf->fournisseur->enabled) && empty($conf->global->SOCIETE_DISABLE_SUPPLIERS_STATS) && $user->rights->fournisseur->lire) $dataseries[]=array('label'=>$langs->trans("Suppliers"),'data'=>round($third['supplier']));
|
||||
if (! empty($conf->societe->enabled)) $dataseries[]=array('label'=>$langs->trans("Others"),'data'=>round($third['other']));
|
||||
$data=array('series'=>$dataseries);
|
||||
dol_print_graph('stats',300,180,$data,1,'pie',0);
|
||||
@ -150,19 +151,19 @@ if (! empty($conf->use_javascript_ajax) && ((round($third['prospect'])?1:0)+(rou
|
||||
}
|
||||
else
|
||||
{
|
||||
if (! empty($conf->societe->enabled) && empty($conf->global->SOCIETE_DISABLE_PROSPECTS_STATS))
|
||||
if (! empty($conf->societe->enabled) && empty($conf->global->SOCIETE_DISABLE_PROSPECTS_STATS) && $user->rights->societe->lire)
|
||||
{
|
||||
$statstring = "<tr ".$bc[0].">";
|
||||
$statstring.= '<td><a href="'.DOL_URL_ROOT.'/comm/prospect/list.php">'.$langs->trans("Prospects").'</a></td><td align="right">'.round($third['prospect']).'</td>';
|
||||
$statstring.= "</tr>";
|
||||
}
|
||||
if (! empty($conf->societe->enabled) && empty($conf->global->SOCIETE_DISABLE_CUSTOMERS_STATS))
|
||||
if (! empty($conf->societe->enabled) && empty($conf->global->SOCIETE_DISABLE_CUSTOMERS_STATS) && $user->rights->societe->lire)
|
||||
{
|
||||
$statstring.= "<tr ".$bc[1].">";
|
||||
$statstring.= '<td><a href="'.DOL_URL_ROOT.'/comm/list.php">'.$langs->trans("Customers").'</a></td><td align="right">'.round($third['customer']).'</td>';
|
||||
$statstring.= "</tr>";
|
||||
}
|
||||
if (! empty($conf->fournisseur->enabled) && empty($conf->global->SOCIETE_DISABLE_SUPPLIERS_STATS))
|
||||
if (! empty($conf->fournisseur->enabled) && empty($conf->global->SOCIETE_DISABLE_SUPPLIERS_STATS) && $user->rights->fournisseur->lire)
|
||||
{
|
||||
$statstring2 = "<tr ".$bc[0].">";
|
||||
$statstring2.= '<td><a href="'.DOL_URL_ROOT.'/fourn/list.php">'.$langs->trans("Suppliers").'</a></td><td align="right">'.round($third['supplier']).'</td>';
|
||||
|
||||
Loading…
Reference in New Issue
Block a user