From 77ff8498923bdbec933ac9d4619ae39c36f320ec Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 28 Feb 2023 22:44:22 +0100 Subject: [PATCH 1/9] css --- htdocs/core/class/html.formcompany.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.formcompany.class.php b/htdocs/core/class/html.formcompany.class.php index 5f27cbf3477..d411354d440 100644 --- a/htdocs/core/class/html.formcompany.class.php +++ b/htdocs/core/class/html.formcompany.class.php @@ -908,7 +908,7 @@ class FormCompany extends Form * @param string $morecss More css * @return string HTML string with prof id */ - public function get_input_id_prof($idprof, $htmlname, $preselected, $country_code, $morecss = 'maxwidth100onsmartphone quatrevingtpercent') + public function get_input_id_prof($idprof, $htmlname, $preselected, $country_code, $morecss = 'maxwidth200') { // phpcs:enable global $conf, $langs, $hookmanager; From e9ad7984319c5e7f210f9f1d1745d2cc24c918bd Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 1 Mar 2023 10:55:22 +0100 Subject: [PATCH 2/9] Fix missing url --- htdocs/public/partnership/new.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/htdocs/public/partnership/new.php b/htdocs/public/partnership/new.php index dea912e0653..30cf17ab718 100644 --- a/htdocs/public/partnership/new.php +++ b/htdocs/public/partnership/new.php @@ -264,6 +264,7 @@ if (empty($reshook) && $action == 'add') { $company->zip = GETPOST('zipcode'); $company->town = GETPOST('town'); $company->email = GETPOST('email'); + $company->url = GETPOST('url'); $company->country_id = GETPOST('country_id', 'int'); $company->state_id = GETPOST('state_id', 'int'); $company->name_alias = dolGetFirstLastname(GETPOST('firstname'), GETPOST('lastname')); @@ -297,12 +298,16 @@ if (empty($reshook) && $action == 'add') { if (empty($company->email)) { $company->email = GETPOST('email'); } + if (empty($company->url)) { + $company->url = GETPOST('url'); + } if (empty($company->state_id)) { $company->state_id = GETPOST('state_id', 'int'); } if (empty($company->name_alias)) { $company->name_alias = dolGetFirstLastname(GETPOST('firstname'), GETPOST('lastname')); } + $company->update(0); } @@ -610,6 +615,9 @@ print ''.$langs->trans("Firstname").' *< print ''.$langs->trans("Email").' *'; //print img_picto('', 'email', 'class="pictofixedwidth"'); print ''."\n"; +// Url +print ''.$langs->trans("Url").' *'; +print ''."\n"; // Address print ''.$langs->trans("Address").''."\n"; print ''."\n"; From 93953cd24ca86096b80b570d8a298ccdb573adf0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 1 Mar 2023 11:08:38 +0100 Subject: [PATCH 3/9] Fix option PARTNERSHIP_BACKLINKS_TO_CHECK --- htdocs/langs/en_US/partnership.lang | 1 + htdocs/public/partnership/new.php | 13 ++++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/htdocs/langs/en_US/partnership.lang b/htdocs/langs/en_US/partnership.lang index f4ea73a1a8f..105456dc719 100644 --- a/htdocs/langs/en_US/partnership.lang +++ b/htdocs/langs/en_US/partnership.lang @@ -93,4 +93,5 @@ ReasonDeclineOrCancel=Reason for declining or canceling NewPartnershipRequest=New partnership request NewPartnershipRequestDesc=This form allows you to request to be part of one of our partnership program. If you need help to fill this form, please contact by email %s. +ThisUrlMustContainsAtLeastOneLinkToWebsite=This page must contains at least one link to one of the following domain: %s diff --git a/htdocs/public/partnership/new.php b/htdocs/public/partnership/new.php index 30cf17ab718..0e43174b893 100644 --- a/htdocs/public/partnership/new.php +++ b/htdocs/public/partnership/new.php @@ -617,7 +617,18 @@ print ''.$langs->trans("Email").' * print ''."\n"; // Url print ''.$langs->trans("Url").' *'; -print ''."\n"; +print ''; +if (getDolGlobalString('PARTNERSHIP_BACKLINKS_TO_CHECK')) { + $listofkeytocheck = explode('|', getDolGlobalString('PARTNERSHIP_BACKLINKS_TO_CHECK')); + $i = 0; + $s = ''; + foreach ($listofkeytocheck as $val) { + $i++; + $s .= ($s ? ($i == count($listofkeytocheck) ? ' '.$langs->trans("or").' ' : ', ') : '').$val; + } + print '
'.$langs->trans("ThisUrlMustContainsAtLeastOneLinkToWebsite", $s).''; +} +print ''."\n"; // Address print ''.$langs->trans("Address").''."\n"; print ''."\n"; From f740a039f77bd41922a1b4089346093ffd84ec51 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 1 Mar 2023 12:34:01 +0100 Subject: [PATCH 4/9] Debug v17 --- htdocs/install/mysql/migration/16.0.0-17.0.0.sql | 1 + htdocs/partnership/class/partnership.class.php | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql index 9d0a5a776d6..4ec2e7228b2 100644 --- a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql +++ b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql @@ -64,6 +64,7 @@ ALTER TABLE llx_actioncomm ADD INDEX idx_actioncomm_percent (percent); UPDATE llx_c_paiement SET code = 'BANCON' WHERE code = 'BAN' AND libelle = 'Bancontact'; +ALTER TABLE llx_partnership DROP FOREIGN KEY llx_partnership_fk_user_creat; -- VMYSQL4.3 ALTER TABLE llx_partnership MODIFY COLUMN fk_user_creat integer NULL; -- VPGSQL8.2 ALTER TABLE llx_partnership ALTER COLUMN fk_user_creat DROP NOT NULL; diff --git a/htdocs/partnership/class/partnership.class.php b/htdocs/partnership/class/partnership.class.php index 013323f3193..130d24eb032 100644 --- a/htdocs/partnership/class/partnership.class.php +++ b/htdocs/partnership/class/partnership.class.php @@ -550,10 +550,15 @@ class Partnership extends CommonObject */ public function update(User $user, $notrigger = false) { + global $user; + if ($this->fk_soc <= 0 && $this->fk_member <= 0) { $this->error[] = "ErrorThirpdartyOrMemberidIsMandatory"; return -1; } + if (empty($this->fk_user_creat)) { // Fot the case the object was created with empty user. + $this->fk_user_creat = $user->id; + } return $this->updateCommon($user, $notrigger); } From e26e8ac85b42192a9124bb0ce282b90459f74e6e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 1 Mar 2023 12:35:33 +0100 Subject: [PATCH 5/9] Debug v17 --- htdocs/partnership/class/partnership.class.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/htdocs/partnership/class/partnership.class.php b/htdocs/partnership/class/partnership.class.php index 130d24eb032..d61b43c2513 100644 --- a/htdocs/partnership/class/partnership.class.php +++ b/htdocs/partnership/class/partnership.class.php @@ -550,13 +550,11 @@ class Partnership extends CommonObject */ public function update(User $user, $notrigger = false) { - global $user; - if ($this->fk_soc <= 0 && $this->fk_member <= 0) { $this->error[] = "ErrorThirpdartyOrMemberidIsMandatory"; return -1; } - if (empty($this->fk_user_creat)) { // Fot the case the object was created with empty user. + if (empty($this->fk_user_creat)) { // For the case the object was created with empty user (from public page). $this->fk_user_creat = $user->id; } From 921cd13f266b42a234940b4b3b3fa55ecb7f7920 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 1 Mar 2023 17:38:38 +0100 Subject: [PATCH 6/9] FIX avoid php8 warnings --- htdocs/core/class/html.formticket.class.php | 8 ++++---- htdocs/ticket/agenda.php | 3 +++ htdocs/ticket/contact.php | 2 +- htdocs/ticket/document.php | 3 +++ htdocs/ticket/messaging.php | 3 +++ 5 files changed, 14 insertions(+), 5 deletions(-) diff --git a/htdocs/core/class/html.formticket.class.php b/htdocs/core/class/html.formticket.class.php index 4f3ae4bc5e6..0baa4dd5f8a 100644 --- a/htdocs/core/class/html.formticket.class.php +++ b/htdocs/core/class/html.formticket.class.php @@ -1423,7 +1423,7 @@ class FormTicket $res = $ticketstat->fetch('', '', $this->track_id); print ''; - $checkbox_selected = (GETPOST('send_email') == "1" ? ' checked' : ($conf->global->TICKETS_MESSAGE_FORCE_MAIL?'checked':'')); + $checkbox_selected = (GETPOST('send_email') == "1" ? ' checked' : (getDolGlobalInt('TICKETS_MESSAGE_FORCE_MAIL')?'checked':'')); print ' '; print ''; $texttooltip = $langs->trans("TicketMessageSendEmailHelp", '{s1}'); @@ -1455,7 +1455,7 @@ class FormTicket // Subject print ''.$langs->trans('Subject').''; - print 'ref.'] '.$langs->trans('TicketNewMessage').'" />'; + print 'ref.'] '.$langs->trans('TicketNewMessage').'" />'; print ''; // Recipients / adressed-to @@ -1489,8 +1489,8 @@ class FormTicket } } - if ($conf->global->TICKET_NOTIFICATION_ALSO_MAIN_ADDRESS) { - $sendto[] = $conf->global->TICKET_NOTIFICATION_EMAIL_TO.' (generic email)'; + if (getDolGlobalInt('TICKET_NOTIFICATION_ALSO_MAIN_ADDRESS')) { + $sendto[] = getDolGlobalString('TICKET_NOTIFICATION_EMAIL_TO').' (generic email)'; } // Print recipient list diff --git a/htdocs/ticket/agenda.php b/htdocs/ticket/agenda.php index a78a610ed1c..ce872c7ac38 100644 --- a/htdocs/ticket/agenda.php +++ b/htdocs/ticket/agenda.php @@ -46,6 +46,9 @@ $track_id = GETPOST('track_id', 'alpha', 3); $socid = GETPOST('socid', 'int'); $action = GETPOST('action', 'aZ09'); +// Store current page url +$url_page_current = DOL_URL_ROOT.'/ticket/agenda.php'; + $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); $sortorder = GETPOST('sortorder', 'aZ09comma'); diff --git a/htdocs/ticket/contact.php b/htdocs/ticket/contact.php index b5453ed638b..38d00de71fa 100644 --- a/htdocs/ticket/contact.php +++ b/htdocs/ticket/contact.php @@ -252,7 +252,7 @@ if ($id > 0 || !empty($track_id) || !empty($ref)) { $linkback = ''.$langs->trans("BackToList").' '; - dol_banner_tab($object, 'ref', $linkback, ($user->socid ? 0 : 1), 'ref', 'ref', $morehtmlref, $param, 0, '', '', 1, ''); + dol_banner_tab($object, 'ref', $linkback, (!empty($user->socid) ? 0 : 1), 'ref', 'ref', $morehtmlref, '', 0, '', '', 1, ''); print dol_get_fiche_end(); diff --git a/htdocs/ticket/document.php b/htdocs/ticket/document.php index 1c7a25323e2..9c2208e9864 100644 --- a/htdocs/ticket/document.php +++ b/htdocs/ticket/document.php @@ -49,6 +49,9 @@ $track_id = GETPOST('track_id', 'alpha'); $action = GETPOST('action', 'alpha'); $confirm = GETPOST('confirm', 'alpha'); +// Store current page url +$url_page_current = DOL_URL_ROOT.'/ticket/document.php'; + // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); diff --git a/htdocs/ticket/messaging.php b/htdocs/ticket/messaging.php index 1ad01a7ae67..b42cff070f2 100644 --- a/htdocs/ticket/messaging.php +++ b/htdocs/ticket/messaging.php @@ -46,6 +46,9 @@ $track_id = GETPOST('track_id', 'alpha', 3); $socid = GETPOST('socid', 'int'); $action = GETPOST('action', 'aZ09'); +// Store current page url +$url_page_current = DOL_URL_ROOT.'/ticket/messaging.php'; + $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", "aZ09comma"); $sortorder = GETPOST("sortorder", 'aZ09comma'); From f6271d83dbebb2bb2ea90791c32a62e722cf16bf Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 1 Mar 2023 19:28:32 +0100 Subject: [PATCH 7/9] Debug v17 --- htdocs/admin/agenda.php | 4 + htdocs/core/modules/modPartnership.class.php | 30 +++--- ...terface_50_modAgenda_ActionsAuto.class.php | 4 +- .../mysql/data/llx_c_action_trigger.sql | 9 ++ .../modulebuilder/template/myobject_card.php | 2 +- htdocs/partnership/admin/about.php | 74 ------------- htdocs/partnership/partnership_card.php | 100 ++++++++++-------- 7 files changed, 85 insertions(+), 138 deletions(-) delete mode 100644 htdocs/partnership/admin/about.php diff --git a/htdocs/admin/agenda.php b/htdocs/admin/agenda.php index 0969dc9c66b..7a29c881f77 100644 --- a/htdocs/admin/agenda.php +++ b/htdocs/admin/agenda.php @@ -194,6 +194,10 @@ if (!empty($triggers)) { if ($trigger['code'] == 'FICHINTER_CLASSIFY_UNBILLED' && empty($conf->global->FICHINTER_CLASSIFY_BILLED)) { continue; } + if ($trigger['code'] == 'ACTION_CREATE') { + // This is the trigger to add an event, enabling it will create infinite loop + continue; + } if ($search_event === '' || preg_match('/'.preg_quote($search_event, '/').'/i', $trigger['code'])) { print ''; diff --git a/htdocs/core/modules/modPartnership.class.php b/htdocs/core/modules/modPartnership.class.php index 8e8421540c7..44ef6b527db 100644 --- a/htdocs/core/modules/modPartnership.class.php +++ b/htdocs/core/modules/modPartnership.class.php @@ -212,7 +212,7 @@ class modPartnership extends DolibarrModules // Dictionaries $this->dictionaries=array( - 'langs'=>'partnership@partnership', + 'langs'=>'partnership', // List of tables we want to see into dictonnary editor 'tabname'=>array("c_partnership_type"), // Label of tables @@ -291,7 +291,7 @@ class modPartnership extends DolibarrModules // 'leftmenu'=>'partnership', // 'url'=>'/partnership/partnership_list.php', // // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. - // 'langs'=>'partnership@partnership', + // 'langs'=>'partnership', // 'position'=>1100+$r, // // Define condition to show or hide menu entry. Use '$conf->partnership->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected. // 'enabled'=>'$conf->partnership->enabled', @@ -349,18 +349,18 @@ class modPartnership extends DolibarrModules $r = 1; /* BEGIN MODULEBUILDER EXPORT PARTNERSHIP */ /* - $langs->load("partnership@partnership"); + $langs->load("partnership"); $this->export_code[$r]=$this->rights_class.'_'.$r; $this->export_label[$r]='PartnershipLines'; // Translation key (used only if key ExportDataset_xxx_z not found) - $this->export_icon[$r]='partnership@partnership'; + $this->export_icon[$r]='partnership'; // Define $this->export_fields_array, $this->export_TypeFields_array and $this->export_entities_array - $keyforclass = 'Partnership'; $keyforclassfile='/partnership/class/partnership.class.php'; $keyforelement='partnership@partnership'; + $keyforclass = 'Partnership'; $keyforclassfile='/partnership/class/partnership.class.php'; $keyforelement='partnership'; include DOL_DOCUMENT_ROOT.'/core/commonfieldsinexport.inc.php'; //$this->export_fields_array[$r]['t.fieldtoadd']='FieldToAdd'; $this->export_TypeFields_array[$r]['t.fieldtoadd']='Text'; //unset($this->export_fields_array[$r]['t.fieldtoremove']); //$keyforclass = 'PartnershipLine'; $keyforclassfile='/partnership/class/partnership.class.php'; $keyforelement='partnershipline@partnership'; $keyforalias='tl'; //include DOL_DOCUMENT_ROOT.'/core/commonfieldsinexport.inc.php'; - $keyforselect='partnership'; $keyforaliasextra='extra'; $keyforelement='partnership@partnership'; + $keyforselect='partnership'; $keyforaliasextra='extra'; $keyforelement='partnership'; include DOL_DOCUMENT_ROOT.'/core/extrafieldsinexport.inc.php'; //$keyforselect='partnershipline'; $keyforaliasextra='extraline'; $keyforelement='partnershipline@partnership'; //include DOL_DOCUMENT_ROOT.'/core/extrafieldsinexport.inc.php'; @@ -380,13 +380,13 @@ class modPartnership extends DolibarrModules $r = 1; /* BEGIN MODULEBUILDER IMPORT PARTNERSHIP */ /* - $langs->load("partnership@partnership"); + $langs->load("partnership"); $this->export_code[$r]=$this->rights_class.'_'.$r; $this->export_label[$r]='PartnershipLines'; // Translation key (used only if key ExportDataset_xxx_z not found) - $this->export_icon[$r]='partnership@partnership'; - $keyforclass = 'Partnership'; $keyforclassfile='/partnership/class/partnership.class.php'; $keyforelement='partnership@partnership'; + $this->export_icon[$r]='partnership'; + $keyforclass = 'Partnership'; $keyforclassfile='/partnership/class/partnership.class.php'; $keyforelement='partnership'; include DOL_DOCUMENT_ROOT.'/core/commonfieldsinexport.inc.php'; - $keyforselect='partnership'; $keyforaliasextra='extra'; $keyforelement='partnership@partnership'; + $keyforselect='partnership'; $keyforaliasextra='extra'; $keyforelement='partnership'; include DOL_DOCUMENT_ROOT.'/core/extrafieldsinexport.inc.php'; //$this->export_dependencies_array[$r]=array('mysubobject'=>'ts.rowid', 't.myfield'=>array('t.myfield2','t.myfield3')); // To force to activate one or several fields if we select some fields that need same (like to select a unique key if we ask a field of a child to avoid the DISTINCT to discard them, or for computed field than need several other fields) $this->export_sql_start[$r]='SELECT DISTINCT '; @@ -417,11 +417,11 @@ class modPartnership extends DolibarrModules // Create extrafields during init //include_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; //$extrafields = new ExtraFields($this->db); - //$result1=$extrafields->addExtraField('partnership_myattr1', "New Attr 1 label", 'boolean', 1, 3, 'thirdparty', 0, 0, '', '', 1, '', 0, 0, '', '', 'partnership@partnership', '$conf->partnership->enabled'); - //$result2=$extrafields->addExtraField('partnership_myattr2', "New Attr 2 label", 'varchar', 1, 10, 'project', 0, 0, '', '', 1, '', 0, 0, '', '', 'partnership@partnership', '$conf->partnership->enabled'); - //$result3=$extrafields->addExtraField('partnership_myattr3', "New Attr 3 label", 'varchar', 1, 10, 'bank_account', 0, 0, '', '', 1, '', 0, 0, '', '', 'partnership@partnership', '$conf->partnership->enabled'); - //$result4=$extrafields->addExtraField('partnership_myattr4', "New Attr 4 label", 'select', 1, 3, 'thirdparty', 0, 1, '', array('options'=>array('code1'=>'Val1','code2'=>'Val2','code3'=>'Val3')), 1,'', 0, 0, '', '', 'partnership@partnership', '$conf->partnership->enabled'); - //$result5=$extrafields->addExtraField('partnership_myattr5', "New Attr 5 label", 'text', 1, 10, 'user', 0, 0, '', '', 1, '', 0, 0, '', '', 'partnership@partnership', '$conf->partnership->enabled'); + //$result1=$extrafields->addExtraField('partnership_myattr1', "New Attr 1 label", 'boolean', 1, 3, 'thirdparty', 0, 0, '', '', 1, '', 0, 0, '', '', 'partnership', '$conf->partnership->enabled'); + //$result2=$extrafields->addExtraField('partnership_myattr2', "New Attr 2 label", 'varchar', 1, 10, 'project', 0, 0, '', '', 1, '', 0, 0, '', '', 'partnership', '$conf->partnership->enabled'); + //$result3=$extrafields->addExtraField('partnership_myattr3', "New Attr 3 label", 'varchar', 1, 10, 'bank_account', 0, 0, '', '', 1, '', 0, 0, '', '', 'partnership', '$conf->partnership->enabled'); + //$result4=$extrafields->addExtraField('partnership_myattr4', "New Attr 4 label", 'select', 1, 3, 'thirdparty', 0, 1, '', array('options'=>array('code1'=>'Val1','code2'=>'Val2','code3'=>'Val3')), 1,'', 0, 0, '', '', 'partnership', '$conf->partnership->enabled'); + //$result5=$extrafields->addExtraField('partnership_myattr5', "New Attr 5 label", 'text', 1, 10, 'user', 0, 0, '', '', 1, '', 0, 0, '', '', 'partnership', '$conf->partnership->enabled'); // Permissions $this->remove($options); diff --git a/htdocs/core/triggers/interface_50_modAgenda_ActionsAuto.class.php b/htdocs/core/triggers/interface_50_modAgenda_ActionsAuto.class.php index d8b57918d83..f4c515c1f24 100644 --- a/htdocs/core/triggers/interface_50_modAgenda_ActionsAuto.class.php +++ b/htdocs/core/triggers/interface_50_modAgenda_ActionsAuto.class.php @@ -981,6 +981,8 @@ class InterfaceActionsAuto extends DolibarrTriggers $object->trackid = 'sub'.$object->id; } elseif (preg_match('/^MEMBER_/', $action)) { $object->trackid = 'mem'.$object->id; + } elseif (preg_match('/^PARTNERSHIP_/', $action)) { + $object->trackid = 'pship'.$object->id; } elseif (preg_match('/^PROJECT_/', $action)) { $object->trackid = 'proj'.$object->id; } elseif (preg_match('/^TASK_/', $action)) { @@ -1079,7 +1081,7 @@ class InterfaceActionsAuto extends DolibarrTriggers $actioncomm->errors_to = empty($object->errors_to) ? null : $object->errors_to; } - // Object linked (if link is for thirdparty, contact, project it is a recording error. We should not have links in link table + // Object linked (if link is for thirdparty, contact or project, it is a recording error. We should not have links in link table // for such objects because there is already a dedicated field into table llx_actioncomm or llx_actioncomm_resources. if (!in_array($elementtype, array('societe', 'contact', 'project'))) { $actioncomm->fk_element = $elementid; diff --git a/htdocs/install/mysql/data/llx_c_action_trigger.sql b/htdocs/install/mysql/data/llx_c_action_trigger.sql index 9aa28c116c8..ad33a4e4f6a 100644 --- a/htdocs/install/mysql/data/llx_c_action_trigger.sql +++ b/htdocs/install/mysql/data/llx_c_action_trigger.sql @@ -150,6 +150,8 @@ insert into llx_c_action_trigger (code,label,description,elementtype,rang) value insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('CONTACT_MODIFY','Contact address update','Executed when a contact is updated','contact',51); insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('CONTACT_SENTBYMAIL','Mails sent from third party card','Executed when you send email from contact address record','contact',52); insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('CONTACT_DELETE','Contact address deleted','Executed when a contact is deleted','contact',53); + +-- recruitment module insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('RECRUITMENTJOBPOSITION_CREATE','Job created','Executed when a job is created','recruitment',7500); insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('RECRUITMENTJOBPOSITION_MODIFY','Job modified','Executed when a job is modified','recruitment',7502); insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('RECRUITMENTJOBPOSITION_SENTBYMAIL','Mails sent from job record','Executed when you send email from job record','recruitment',7504); @@ -178,3 +180,10 @@ insert into llx_c_action_trigger (code,label,description,elementtype,rang) value insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('BILLREC_MODIFY','Template invoices update','Executed when a Template invoices is updated','facturerec',901); insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('BILLREC_DELETE','Template invoices deleted','Executed when a Template invoices is deleted','facturerec',902); insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('BILLREC_AUTOCREATEBILL','Template invoices use to create invoices with auto batch','Executed when a Template invoices is use to create invoice with auto batch','facturerec',903); + +-- partnership module +insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('PARTNERSHIP_CREATE','Partnership created','Executed when a partnership is created','partnership',58000); +insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('PARTNERSHIP_MODIFY','Partnership modified','Executed when a partnership is modified','partnership',58002); +insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('PARTNERSHIP_SENTBYMAIL','Mails sent from partnership file','Executed when you send email from partnership file','partnership',58004); +insert into llx_c_action_trigger (code,label,description,elementtype,rang) values ('PARTNERSHIP_DELETE','Partnership deleted','Executed when a partnership is deleted','partnership',58006); + diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index 6bb89d1aaf7..dc8dafd433e 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -511,7 +511,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea if (empty($reshook)) { // Send if (empty($user->socid)) { - print dolGetButtonAction('', $langs->trans('SendMail'), 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&mode=init&token='.newToken().'#formmailbeforetitle'); + print dolGetButtonAction('', $langs->trans('SendMail'), 'default', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&token='.newToken().'&mode=init#formmailbeforetitle'); } // Back to draft diff --git a/htdocs/partnership/admin/about.php b/htdocs/partnership/admin/about.php deleted file mode 100644 index 47423bf4709..00000000000 --- a/htdocs/partnership/admin/about.php +++ /dev/null @@ -1,74 +0,0 @@ - - * Copyright (C) 2021 Dorian Laurent - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file partnership/admin/about.php - * \ingroup partnership - * \brief About page of module Partnership. - */ - -// Load Dolibarr environment -require '../../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; -require_once '../lib/partnership.lib.php'; - -// Translations -$langs->loadLangs(array("errors", "admin", "partnership@partnership")); - -// Access control -if (!$user->admin) { - accessforbidden(); -} - -// Parameters -$action = GETPOST('action', 'aZ09'); -$backtopage = GETPOST('backtopage', 'alpha'); - - -/* - * Actions - */ - - -/* - * View - */ - -$form = new Form($db); - -$page_name = "PartnershipAbout"; -llxHeader('', $langs->trans($page_name)); - -// Subheader -$linkback = ''.$langs->trans("BackToModuleList").''; - -print load_fiche_titre($langs->trans($page_name), $linkback, 'title_setup'); - -// Configuration header -$head = partnershipAdminPrepareHead(); -print dol_get_fiche_head($head, 'about', '', 0, 'partnership@partnership'); - -require_once DOL_DOCUMENT_ROOT.'/core/modules/modPartnership.class.php'; -$tmpmodule = new modPartnership($db); -print $tmpmodule->getDescLong(); - -// Page end -print dol_get_fiche_end(); -llxFooter(); -$db->close(); diff --git a/htdocs/partnership/partnership_card.php b/htdocs/partnership/partnership_card.php index b544ad94fc7..7679b63da09 100644 --- a/htdocs/partnership/partnership_card.php +++ b/htdocs/partnership/partnership_card.php @@ -39,10 +39,11 @@ $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $cancel = GETPOST('cancel', 'aZ09'); -$contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'partnershipcard'; // To manage different context of search +$contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : str_replace('_', '', basename(dirname(__FILE__)).basename(__FILE__, '.php')); // To manage different context of search $backtopage = GETPOST('backtopage', 'alpha'); $backtopageforcancel = GETPOST('backtopageforcancel', 'alpha'); $lineid = GETPOST('lineid', 'int'); +$dol_openinpopup = GETPOST('dol_openinpopup', 'aZ09'); // Initialize technical objects $object = new Partnership($db); @@ -73,20 +74,25 @@ if (empty($action) && empty($id) && empty($ref)) { include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once. -$permissiontoread = $user->rights->partnership->read; -$permissiontoadd = $user->rights->partnership->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php -$permissiontodelete = $user->rights->partnership->delete || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT); -$permissionnote = $user->rights->partnership->write; // Used by the include of actions_setnotes.inc.php -$permissiondellink = $user->rights->partnership->write; // Used by the include of actions_dellink.inc.php +$permissiontoread = $user->hasRight('partnership', 'read'); +$permissiontoadd = $user->hasRight('partnership', 'write'); // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php +$permissiontodelete = $user->hasRight('partnership', 'delete') || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT); +$permissionnote = $user->hasRight('partnership', 'write'); // Used by the include of actions_setnotes.inc.php +$permissiondellink = $user->hasRight('partnership', 'write'); // Used by the include of actions_dellink.inc.php $upload_dir = $conf->partnership->multidir_output[isset($object->entity) ? $object->entity : 1]; $managedfor = getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR', 'thirdparty'); -// Security check - Protection if external user +// Security check (enable the most restrictive one) //if ($user->socid > 0) accessforbidden(); //if ($user->socid > 0) $socid = $user->socid; -//$result = restrictedArea($user, 'partnership', $object->id); -if (empty($conf->partnership->enabled)) accessforbidden(); -if (empty($permissiontoread)) accessforbidden(); +//$isdraft = (isset($object->status) && ($object->status == $object::STATUS_DRAFT) ? 1 : 0); +//restrictedArea($user, $object->module, $object->id, $object->table_element, $object->element, 'fk_soc', 'rowid', $isdraft); +if (!isModEnabled('partnership')) { + accessforbidden(); +} +if (!$permissiontoread) { + accessforbidden(); +} if ($object->id > 0 && !($object->fk_member > 0) && $managedfor == 'member') accessforbidden(); if ($object->id > 0 && !($object->fk_soc > 0) && $managedfor == 'thirdparty') accessforbidden(); @@ -119,11 +125,11 @@ if (empty($reshook)) { $fk_partner = ($managedfor == 'member') ? GETPOST('fk_member', 'int') : GETPOST('fk_soc', 'int'); $obj_partner = ($managedfor == 'member') ? $object->fk_member : $object->fk_soc; + $triggermodname = 'PARTNERSHIP_MODIFY'; // Name of trigger action code to execute when we modify record + // Actions cancel, add, update, update_extras, confirm_validate, confirm_delete, confirm_deleteline, confirm_clone, confirm_close, confirm_setdraft, confirm_reopen include DOL_DOCUMENT_ROOT.'/core/actions_addupdatedelete.inc.php'; - $triggermodname = 'PARTNERSHIP_MODIFY'; // Name of trigger action code to execute when we modify record - // Action accept object if ($action == 'confirm_validate' && $confirm == 'yes' && $permissiontoadd) { $result = $object->validate($user); @@ -264,6 +270,10 @@ llxHeader('', $title, $help_url); // Part to create if ($action == 'create') { + if (empty($permissiontoadd)) { + accessforbidden('NotEnoughPermissions', 0, 1); + } + print load_fiche_titre($langs->trans("NewPartnership"), '', 'object_'.$object->picto); print '
'; @@ -333,9 +343,8 @@ if (($id || $ref) && $action == 'edit') { // Part to show record if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'create'))) { - $res = $object->fetch_optionals(); - $head = partnershipPrepareHead($object); + print dol_get_fiche_head($head, 'card', $langs->trans("Partnership"), -1, $object->picto); $formconfirm = ''; @@ -405,38 +414,35 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea $morehtmlref = '
'; /* // Ref customer - $morehtmlref.=$form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1); - $morehtmlref.=$form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', null, null, '', 1); + $morehtmlref .= $form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1); + $morehtmlref .= $form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', null, null, '', 1); // Thirdparty - $morehtmlref.='
'.$langs->trans('ThirdParty') . ' : ' . (is_object($object->thirdparty) ? $object->thirdparty->getNomUrl(1) : ''); + $morehtmlref .= '
'.$object->thirdparty->getNomUrl(1, 'customer'); + if (empty($conf->global->MAIN_DISABLE_OTHER_LINK) && $object->thirdparty->id > 0) { + $morehtmlref .= ' ('.$langs->trans("OtherOrders").')'; + } // Project - if (!empty($conf->project->enabled)) { - $langs->load("projects"); - $morehtmlref .= '
'.$langs->trans('Project') . ' '; - if ($permissiontoadd) { - //if ($action != 'classify') $morehtmlref.='' . img_edit($langs->transnoentitiesnoconv('SetProject')) . ' '; - $morehtmlref .= ' : '; - if ($action == 'classify') { - //$morehtmlref .= $form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'projectid', 0, 0, 0, 1, '', 'maxwidth300'); - $morehtmlref .= ''; - $morehtmlref .= ''; - $morehtmlref .= ''; - $morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref .= ''; - $morehtmlref .= ''; - } else { - $morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1, '', 'maxwidth300'); - } - } else { - if (!empty($object->fk_project)) { - $proj = new Project($db); - $proj->fetch($object->fk_project); - $morehtmlref .= ': '.$proj->getNomUrl(); - } else { - $morehtmlref .= ''; - } - } - }*/ + if (isModEnabled('project')) { + $langs->load("projects"); + $morehtmlref .= '
'; + if ($permissiontoadd) { + $morehtmlref .= img_picto($langs->trans("Project"), 'project', 'class="pictofixedwidth"'); + if ($action != 'classify') { + $morehtmlref .= ''.img_edit($langs->transnoentitiesnoconv('SetProject')).' '; + } + $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, ($action == 'classify' ? 'projectid' : 'none'), 0, 0, 0, 1, '', 'maxwidth300'); + } else { + if (!empty($object->fk_project)) { + $proj = new Project($db); + $proj->fetch($object->fk_project); + $morehtmlref .= $proj->getNomUrl(1); + if ($proj->title) { + $morehtmlref .= ' - '.dol_escape_htmltag($proj->title).''; + } + } + } + } + */ $morehtmlref .= '
'; if (!isset($npfilter)) { $npfilter = ""; @@ -632,8 +638,8 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea $relativepath = $objref.'/'.$objref.'.pdf'; $filedir = $conf->partnership->dir_output.'/'.$object->element.'/'.$objref; $urlsource = $_SERVER["PHP_SELF"]."?id=".$object->id; - $genallowed = $user->rights->partnership->read; // If you can read, you can build the PDF to read content - $delallowed = $user->rights->partnership->write; // If you can create/edit, you can remove a file on card + $genallowed = $permissiontoread; // If you can read, you can build the PDF to read content + $delallowed = $permissiontoadd; // If you can create/edit, you can remove a file on card print $formfile->showdocuments('partnership:Partnership', $object->element.'/'.$objref, $filedir, $urlsource, $genallowed, $delallowed, $object->model_pdf, 1, 0, 0, 28, 0, '', '', '', $langs->defaultlang); } @@ -651,7 +657,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea // List of actions on element include_once DOL_DOCUMENT_ROOT.'/core/class/html.formactions.class.php'; $formactions = new FormActions($db); - $somethingshown = $formactions->showactions($object, $object->element, (is_object($object->thirdparty) ? $object->thirdparty->id : 0), 1, '', $MAXEVENT, '', $morehtmlcenter); + $somethingshown = $formactions->showactions($object, $object->element.'@'.$object->module, (is_object($object->thirdparty) ? $object->thirdparty->id : 0), 1, '', $MAXEVENT, '', $morehtmlcenter); print ''; } From a62d029d7d7ee744d40e57704f7c99f193f0718d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 1 Mar 2023 21:37:18 +0100 Subject: [PATCH 8/9] Disable non secured feature --- htdocs/core/ajax/fileupload.php | 6 +++- htdocs/core/class/fileupload.class.php | 38 ++++++++++++++++++++++++-- 2 files changed, 41 insertions(+), 3 deletions(-) diff --git a/htdocs/core/ajax/fileupload.php b/htdocs/core/ajax/fileupload.php index 67f95700976..379a2e689a3 100644 --- a/htdocs/core/ajax/fileupload.php +++ b/htdocs/core/ajax/fileupload.php @@ -45,9 +45,13 @@ error_reporting(E_ALL | E_STRICT); $fk_element = GETPOST('fk_element', 'int'); $element = GETPOST('element', 'alpha'); - $upload_handler = new FileUpload(null, $fk_element, $element); +// Feature not enabled. Warning feature not used and not secured so disabled. +if (!getDolGlobalInt('MAIN_USE_JQUERY_FILEUPLOAD')) { + return; +} + /* * View diff --git a/htdocs/core/class/fileupload.class.php b/htdocs/core/class/fileupload.class.php index ccea7de2d84..5a8e75b1e69 100644 --- a/htdocs/core/class/fileupload.class.php +++ b/htdocs/core/class/fileupload.class.php @@ -46,6 +46,12 @@ class FileUpload global $db, $conf; global $object; global $hookmanager; + + // Feature not enabled. Warning feature not used and not secured so disabled. + if (!getDolGlobalInt('MAIN_USE_JQUERY_FILEUPLOAD')) { + return; + } + $hookmanager->initHooks(array('fileupload')); $this->fk_element = $fk_element; @@ -238,6 +244,10 @@ class FileUpload */ protected function getFileObject($file_name) { + if (!getDolGlobalInt('MAIN_USE_JQUERY_FILEUPLOAD')) { + return; + } + $file_path = $this->options['upload_dir'].$file_name; if (is_file($file_path) && $file_name[0] !== '.') { $file = new stdClass(); @@ -278,6 +288,10 @@ class FileUpload { global $maxwidthmini, $maxheightmini; + if (!getDolGlobalInt('MAIN_USE_JQUERY_FILEUPLOAD')) { + return; + } + $file_path = $this->options['upload_dir'].$file_name; $new_file_path = $options['upload_dir'].$file_name; @@ -309,6 +323,10 @@ class FileUpload */ protected function validate($uploaded_file, $file, $error, $index) { + if (!getDolGlobalInt('MAIN_USE_JQUERY_FILEUPLOAD')) { + return; + } + if ($error) { $file->error = $error; return false; @@ -399,8 +417,8 @@ class FileUpload // Also remove control characters and spaces (\x00..\x20) around the filename: $file_name = trim(basename(stripslashes($name)), ".\x00..\x20"); // Add missing file extension for known image types: - if (strpos($file_name, '.') === false && - preg_match('/^image\/(gif|jpe?g|png)/', $type, $matches)) { + $matches = array(); + if (strpos($file_name, '.') === false && preg_match('/^image\/(gif|jpe?g|png)/', $type, $matches)) { $file_name .= '.'.$matches[1]; } if ($this->options['discard_aborted_uploads']) { @@ -424,6 +442,10 @@ class FileUpload */ protected function handleFileUpload($uploaded_file, $name, $size, $type, $error, $index) { + if (!getDolGlobalInt('MAIN_USE_JQUERY_FILEUPLOAD')) { + return; + } + $file = new stdClass(); $file->name = $this->trimFileName($name, $type, $index); $file->mime = dol_mimetype($file->name, '', 2); @@ -470,6 +492,10 @@ class FileUpload */ public function get() { + if (!getDolGlobalInt('MAIN_USE_JQUERY_FILEUPLOAD')) { + return; + } + $file_name = isset($_REQUEST['file']) ? basename(stripslashes($_REQUEST['file'])) : null; if ($file_name) { @@ -488,6 +514,10 @@ class FileUpload */ public function post() { + if (!getDolGlobalInt('MAIN_USE_JQUERY_FILEUPLOAD')) { + return; + } + if (isset($_REQUEST['_method']) && $_REQUEST['_method'] === 'DELETE') { return $this->delete(); } @@ -543,6 +573,10 @@ class FileUpload */ public function delete() { + if (!getDolGlobalInt('MAIN_USE_JQUERY_FILEUPLOAD')) { + return; + } + $file_name = isset($_REQUEST['file']) ? basename(stripslashes($_REQUEST['file'])) : null; $file_path = $this->options['upload_dir'].$file_name; From 14a59483f58e99cc95af9c6fdc43274432ff25b1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 1 Mar 2023 23:50:02 +0100 Subject: [PATCH 9/9] Debug v17 --- htdocs/admin/pdf.php | 10 ++++++++ htdocs/admin/system/security.php | 4 ++-- htdocs/core/ajax/onlineSign.php | 23 +++++++++++++------ ...e_20_modWorkflow_WorkflowManager.class.php | 5 +++- htdocs/core/website.inc.php | 8 +++---- htdocs/includes/tcpdi/tcpdi.php | 2 +- htdocs/main.inc.php | 8 +++---- 7 files changed, 41 insertions(+), 19 deletions(-) diff --git a/htdocs/admin/pdf.php b/htdocs/admin/pdf.php index d8cc8d554a2..a015e2319b0 100644 --- a/htdocs/admin/pdf.php +++ b/htdocs/admin/pdf.php @@ -271,9 +271,19 @@ print ''; clearstatcache(); +if (getDolGlobalString('PDF_SECURITY_ENCRYPTION')) { + print '
'; + print 'The not supported and hidden option PDF_SECURITY_ENCRYPTION has been enabled. This means a lof of feature related to PDF will be broken, like mass PDF generation or online signature of PDF.'."\n"; + print 'You should disable this option.'; + print '
'; +} + + + // Misc options print load_fiche_titre($langs->trans("DictionaryPaperFormat"), '', ''); + print '
'; print ''; print ''; diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index c185878e658..03aa1b19d76 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -574,11 +574,11 @@ print '
'; print 'MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL = '.(empty($conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL) ? ''.$langs->trans("Undefined").'   ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 0)' : $conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL)."
"; print '
'; -$examplecsprule = "frame-ancestors 'self'; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com;"; +$examplecsprule = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;"; print 'MAIN_SECURITY_FORCECSPRO = '.(empty($conf->global->MAIN_SECURITY_FORCECSPRO) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_FORCECSPRO).'   ('.$langs->trans("Example").': "'.$examplecsprule.'")
'; print '
'; -$examplecsprule = "frame-ancestors 'self'; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com;"; +$examplecsprule = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;"; print 'MAIN_SECURITY_FORCECSP = '.(empty($conf->global->MAIN_SECURITY_FORCECSP) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_FORCECSP).'   ('.$langs->trans("Example").': "'.$examplecsprule.'")
'; print '
'; diff --git a/htdocs/core/ajax/onlineSign.php b/htdocs/core/ajax/onlineSign.php index c2823407ac6..89aa597661c 100644 --- a/htdocs/core/ajax/onlineSign.php +++ b/htdocs/core/ajax/onlineSign.php @@ -90,7 +90,8 @@ if (empty($SECUREKEY) || !dol_verifyHash($securekeyseed.$type.$ref.(!isModEnable top_httphead(); if ($action == "importSignature") { - if (!empty($signature) && $signature[0] == "image/png;base64") { + $issignatureok = (!empty($signature) && $signature[0] == "image/png;base64"); + if ($issignatureok) { $signature = $signature[1]; $data = base64_decode($signature); @@ -143,7 +144,6 @@ if ($action == "importSignature") { $pdf->SetCompression(false); } - //$pdf->Open(); $pagecount = $pdf->setSourceFile($sourcefile); // original PDF @@ -155,7 +155,7 @@ if ($action == "importSignature") { $pdf->AddPage($s['h'] > $s['w'] ? 'P' : 'L'); $pdf->useTemplate($tppl); } catch (Exception $e) { - dol_syslog("Error when manipulating some PDF by onlineSign: ".$e->getMessage(), LOG_ERR); + dol_syslog("Error when manipulating the PDF ".$sourcefile." by onlineSign: ".$e->getMessage(), LOG_ERR); $response = $e->getMessage(); $error++; } @@ -207,9 +207,6 @@ if ($action == "importSignature") { } if (!$error) { - $db->commit(); - $response = "success"; - setEventMessages("PropalSigned", null, 'warnings'); if (method_exists($object, 'call_trigger')) { //customer is not a user !?! so could we use same user as validation ? $user = new User($db); @@ -218,13 +215,25 @@ if ($action == "importSignature") { $result = $object->call_trigger('PROPAL_CLOSE_SIGNED', $user); if ($result < 0) { $error++; + $response = "error in trigger ".$object->error; + } else { + $response = "success"; } + } else { + $response = "success"; } } else { - $db->rollback(); $error++; $response = "error sql"; } + + if (!$error) { + $db->commit(); + $response = "success"; + setEventMessages("PropalSigned", null, 'warnings'); + } else { + $db->rollback(); + } } } elseif ($mode == 'contract') { require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php'; diff --git a/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php b/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php index b6bd9bb73a8..f85a26697b7 100644 --- a/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php +++ b/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php @@ -75,7 +75,10 @@ class InterfaceWorkflowManager extends DolibarrTriggers if (isModEnabled('commande') && !empty($conf->global->WORKFLOW_PROPAL_AUTOCREATE_ORDER)) { $object->fetchObjectLinked(); if (!empty($object->linkedObjectsIds['commande'])) { - setEventMessages($langs->trans("OrderExists"), null, 'warnings'); + if (empty($object->context['closedfromonlinesignature'])) { + $langs->load("orders"); + setEventMessages($langs->trans("OrderExists"), null, 'warnings'); + } return $ret; } else { include_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php'; diff --git a/htdocs/core/website.inc.php b/htdocs/core/website.inc.php index b934f333b1a..d9fe10c8868 100644 --- a/htdocs/core/website.inc.php +++ b/htdocs/core/website.inc.php @@ -117,8 +117,8 @@ if (!defined('USEDOLIBARRSERVER') && !defined('USEDOLIBARREDITOR')) { // Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins: // default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none' // - // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com;"; - // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';"; + // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;"; + // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';"; $contentsecuritypolicy = getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCECSPRO'); if (!is_object($hookmanager)) { @@ -149,8 +149,8 @@ if (!defined('USEDOLIBARRSERVER') && !defined('USEDOLIBARREDITOR')) { // Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins: // default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none' // - // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com;"; - // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';"; + // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;"; + // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';"; $contentsecuritypolicy = getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCECSP'); if (!is_object($hookmanager)) { diff --git a/htdocs/includes/tcpdi/tcpdi.php b/htdocs/includes/tcpdi/tcpdi.php index aaa1d70c095..9e87ac2f221 100644 --- a/htdocs/includes/tcpdi/tcpdi.php +++ b/htdocs/includes/tcpdi/tcpdi.php @@ -333,7 +333,7 @@ class TCPDI extends FPDF_TPL { break; } } - } elseif ($tpl['x'] != 0 || $tpl['y'] != 0) { + } elseif (!empty($tpl['x']) || !empty($tpl['y'])) { $tx = -$tpl['x'] * 2; $ty = $tpl['y'] * 2; } diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 20b73126656..b9469cf55ea 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -1474,8 +1474,8 @@ function top_httphead($contenttype = 'text/html', $forcenocache = 0) // Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins: // default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none' // - // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com;"; - // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';"; + // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;"; + // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';"; $contentsecuritypolicy = getDolGlobalString('MAIN_SECURITY_FORCECSPRO'); if (!is_object($hookmanager)) { @@ -1511,8 +1511,8 @@ function top_httphead($contenttype = 'text/html', $forcenocache = 0) // Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins: // default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none' // - // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com;"; - // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googlapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';"; + // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;"; + // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';"; $contentsecuritypolicy = getDolGlobalString('MAIN_SECURITY_FORCECSP'); if (!is_object($hookmanager)) {
'.$langs->trans("Parameter").''.$langs->trans("Value").'