diff --git a/ChangeLog b/ChangeLog
index 3aa4f789f3f..b14ce527677 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,105 @@
English Dolibarr ChangeLog
--------------------------------------------------------------
+***** ChangeLog for 10.0.2 compared to 10.0.1 *****
+
+FIX: #10460 compatibility with MariaDB 10.4
+FIX: #11401 Adherent unknown language key
+FIX: #11422 Can't edit his own events with standard rights
+FIX: #11427 require product class (fixes POST /supplierinvoices REST API endpoint)
+FIX: #11570
+FIX: #11591 FIX: #11592
+FIX: #11671 CVE-2019-15062
+FIX: #11672
+FIX: #11685
+FIX: #11702
+FIX: #11711
+FIX: #11720
+FIX: #11746 Unable to modify amount of insurance of a loan
+FIX: #11752
+FIX: #11789 FIX: #11790
+FIX: #11804 list of tickets from a customer card display ALL tickets
+FIX: #11834
+FIX: Add char $ and ; in sanitizing of filenames.
+FIX: Add comment before protected functions
+FIX: Add log and type of content in dolWebsiteOutput and
+FIX: Add repair.php option 'restore' to restore user picture after v10
+FIX: amount opened on thirdparty card dont care of credit note not converted
+FIX: Api of documents work with value 'thirdparty'
+FIX: author in message / ticket API
+FIX: avoid sql error if fk_project is empty during update
+FIX: avoid Warning: A non-numeric value encountered
+FIX: bad consistency in list of invoice for direct debit order.
+FIX: Bad error management in zip compress and web site export
+FIX: bad substitution for extrafields type checkbox
+FIX: better help message with multicompany
+FIX: calculation of $products_dispatched
+FIX: Can't add a new chart of account
+FIX: Can't delete a draft leave even if it should
+FIX: Can't save setup of mailman module
+FIX: column jabberid missing
+FIX: Confirmation of deletion
+FIX: Consistency in direct debit order lists.
+FIX: Content send before header warning
+FIX: credit note can be split
+FIX: credit note used on list
+FIX: Css was saved on wrong website.
+FIX: delivery extrafields
+FIX: Disabling a website does not put it offline
+FIX: display only stripe sources for customer
+FIX: display payment intent in stripe's charge list
+FIX: document list for products in API
+FIX: dol_thirdparty_id for stripe PI
+FIX: Do not show tooltip if tooltip is empty
+FIX: duplicate css tag, decrease padding-bottom for boxes in eldy theme
+FIX: duration when creating service
+FIX: EDB-ID:47370
+FIX: Enable web site
+FIX: error management when adding a property with type real
+FIX: Fatal situation if payment removed on expense report. Action
+FIX: filepath of generated documents doesn't handle products with special characters
+FIX: for MAIN_MAXTABS_IN_CARD = $i card
+FIX: gzip and bzip2 must use option -f
+FIX: It was possible to create cashfence without entering data.
+FIX: javascript error when using dol_use_jmobile=1
+FIX: logout redirect to takepos.php
+FIX: Look and feel v10
+FIX: Make protected all pfd models functions
+FIX: management of extrafields in modulebuilder
+FIX: Missing div for buttons in tax, loan, various payment modules
+FIX: missing include (dol_convert_file not found)
+FIX: Missing some replacements in website module
+FIX: missing test on permission on button to delete ledger record
+FIX: Missing the filter fields in export of expense report and leaves
+FIX: Missing ticket icon on md theme
+FIX: Missing transaction
+FIX: Mode smartphone was not triggered when there is too loo menu
+FIX: Must escape shell
+FIX: Must exclude logs and some dirs for compressed backup
+FIX: name and position of hook FIX: #11710
+FIX: Not showing MAIN_INVERT_SENDER_RECIPIENT when edit field
+FIX: Nowrap missing on amount in boxes
+FIX: Option to use ZipArchive instead of PclZip bugged with large files.
+FIX: order or proposals billed if both workflow conf activated
+FIX: permission check on API intervention
+FIX: phpcs
+FIX: placement function
+FIX: qty in invoice list on product's stats
+FIX: remove disabled product type from product list
+FIX: Return code of pdf_einstein.modules.php and proformat
+FIX: round for application fee in stripe
+FIX: Sens of the balance (Debit - Credit in accountancy not contrary)
+FIX: Several pb in export of documents
+FIX: SQL syntax error and CSRF check on vat reports
+FIX: takepos layout clear or focus search
+FIX: too many record in sql request. Whena criteria is a filter, we must
+FIX: Translation of month
+FIX: USEDOLIBARREDITOR not always set
+FIX: VAT number for Monaco (it uses FR)
+FIX: vulenrability in uploading file found by 美创科技安全实验室
+FIX: wrong display (and hidden input) for already dispatched quantity
+FIX: wrong parameters (same error in branch 9, 10, develop)
+FIX: Wrong variable. Must be PROJECT_HIDE_UNSELECTABLES
***** ChangeLog for 11.0.0 compared to 10.0.0 *****
For Users:
diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php
index a9dd837fc8c..003203940a8 100644
--- a/htdocs/comm/action/card.php
+++ b/htdocs/comm/action/card.php
@@ -221,7 +221,7 @@ if ($action == 'add')
}
// Initialisation objet cactioncomm
- if (! GETPOST('actioncode') > 0) // actioncode is id
+ if (GETPOSTISSET('actioncode') && ! GETPOST('actioncode', 'aZ09')) // actioncode is '0'
{
$error++; $donotclearsession=1;
$action = 'create';
@@ -229,7 +229,7 @@ if ($action == 'add')
}
else
{
- $object->type_code = GETPOST('actioncode');
+ $object->type_code = GETPOST('actioncode', 'aZ09');
}
if (! $error)
@@ -243,7 +243,7 @@ if ($action == 'add')
$object->elementtype = GETPOST("elementtype", 'alpha');
if (! GETPOST('label'))
{
- if (GETPOST('actioncode') == 'AC_RDV' && $contact->getFullName($langs))
+ if (GETPOST('actioncode', 'aZ09') == 'AC_RDV' && $contact->getFullName($langs))
{
$object->label = $langs->transnoentitiesnoconv("TaskRDVWith", $contact->getFullName($langs));
}
@@ -426,15 +426,15 @@ if ($action == 'update')
$datep=dol_mktime($fulldayevent?'00':$aphour, $fulldayevent?'00':$apmin, 0, $_POST["apmonth"], $_POST["apday"], $_POST["apyear"]);
$datef=dol_mktime($fulldayevent?'23':$p2hour, $fulldayevent?'59':$p2min, $fulldayevent?'59':'0', $_POST["p2month"], $_POST["p2day"], $_POST["p2year"]);
- $object->type_id = dol_getIdFromCode($db, GETPOST("actioncode"), 'c_actioncomm');
- $object->label = GETPOST("label");
+ $object->type_id = dol_getIdFromCode($db, GETPOST("actioncode", 'aZ09'), 'c_actioncomm');
+ $object->label = GETPOST("label", "alphanohtml");
$object->datep = $datep;
$object->datef = $datef;
$object->percentage = $percentage;
- $object->priority = GETPOST("priority");
+ $object->priority = GETPOST("priority", "alphanohtml");
$object->fulldayevent= GETPOST("fullday")?1:0;
- $object->location = GETPOST('location');
- $object->socid = GETPOST("socid");
+ $object->location = GETPOST('location', "alphanohtml");
+ $object->socid = GETPOST("socid", "int");
$socpeopleassigned = GETPOST("socpeopleassigned", 'array');
$object->socpeopleassigned = array();
foreach ($socpeopleassigned as $cid) $object->socpeopleassigned[$cid] = array('id' => $cid);
@@ -446,8 +446,8 @@ if ($action == 'update')
$object->fk_project = GETPOST("projectid", 'int');
$object->note = GETPOST("note", "none"); // deprecated
$object->note_private= GETPOST("note", "none");
- $object->fk_element = GETPOST("fk_element");
- $object->elementtype = GETPOST("elementtype");
+ $object->fk_element = GETPOST("fk_element", "int");
+ $object->elementtype = GETPOST("elementtype", "alphanohtml");
if (! $datef && $percentage == 100)
{
@@ -491,7 +491,7 @@ if ($action == 'update')
}
// Check parameters
- if (! GETPOST('actioncode') > 0)
+ if (GETPOSTISSET('actioncode') && ! GETPOST('actioncode', 'aZ09')) // actioncode is '0'
{
$error++; $donotclearsession=1;
$action = 'edit';
@@ -499,7 +499,7 @@ if ($action == 'update')
}
else
{
- $result=$cactioncomm->fetch(GETPOST('actioncode'));
+ $result=$cactioncomm->fetch(GETPOST('actioncode', 'aZ09'));
}
if (empty($object->userownerid))
{
@@ -689,7 +689,7 @@ if ($action == 'create')
if ($backtopage) print '';
if (empty($conf->global->AGENDA_USE_EVENT_TYPE)) print '';
- if (GETPOST("actioncode") == 'AC_RDV') print load_fiche_titre($langs->trans("AddActionRendezVous"), '', 'title_agenda');
+ if (GETPOST("actioncode", 'aZ09') == 'AC_RDV') print load_fiche_titre($langs->trans("AddActionRendezVous"), '', 'title_agenda');
else print load_fiche_titre($langs->trans("AddAnAction"), '', 'title_agenda');
dol_fiche_head();
@@ -701,7 +701,7 @@ if ($action == 'create')
{
print '
';
- //}
}
diff --git a/htdocs/langs/en_US/companies.lang b/htdocs/langs/en_US/companies.lang
index dccd53c597a..532fbf14cb7 100644
--- a/htdocs/langs/en_US/companies.lang
+++ b/htdocs/langs/en_US/companies.lang
@@ -96,8 +96,6 @@ LocalTax1IsNotUsedES= RE is not used
LocalTax2IsUsed=Use third tax
LocalTax2IsUsedES= IRPF is used
LocalTax2IsNotUsedES= IRPF is not used
-LocalTax1ES=RE
-LocalTax2ES=IRPF
WrongCustomerCode=Customer code invalid
WrongSupplierCode=Vendor code invalid
CustomerCodeModel=Customer code model