diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 725cbefabbb..12a2ddb3d2a 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2119,6 +2119,9 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, if (empty($conf->multicompany->enabled)) $entity=1; else $entity=0; } + // Fix modulepart + if ($modulepart == 'users') $modulepart='user'; + dol_syslog('modulepart='.$modulepart.' original_file='.$original_file.' entity='.$entity); // We define $accessallowed and $sqlprotectagainstexternals $accessallowed=0; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 49a8ab4df8f..336881ce97d 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -1442,6 +1442,7 @@ function dol_banner_tab($object, $paramid, $morehtml='', $shownav=1, $fieldid='r { if (empty($conf->global->MAIN_DISABLE_PDF_THUMBS)) // If you experienc trouble with pdf thumb generation and imagick, you can disable here. { + include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $ret = dol_convert_file($file, 'png', $fileimage); if ($ret < 0) $error++; } diff --git a/htdocs/core/lib/website.lib.php b/htdocs/core/lib/website.lib.php index 70f61055689..49486870a13 100644 --- a/htdocs/core/lib/website.lib.php +++ b/htdocs/core/lib/website.lib.php @@ -212,6 +212,10 @@ function dolWebsiteOutput($content) $content=preg_replace('/(]*src=")[^\"]*viewimage\.php([^\"]*)modulepart=medias([^\"]*)file=([^\"]*)("[^>]*>)/', '\1/wrapper.php\2modulepart=medias\3file=\4\5', $content, -1, $nbrep); $content=preg_replace('/(url\(["\']?)[^\)]*viewimage\.php([^\)]*)modulepart=medias([^\)]*)file=([^\)]*)(["\']?\))/', '\1/wrapper.php\2modulepart=medias\3file=\4\5', $content, -1, $nbrep); + $content=preg_replace('/(]*href=")[^\"]*viewimage\.php([^\"]*)hashp=([^\"]*)("[^>]*>)/', '\1/wrapper.php\2hashp=\3\4', $content, -1, $nbrep); + $content=preg_replace('/(]*src=")[^\"]*viewimage\.php([^\"]*)hashp=([^\"]*)("[^>]*>)/', '\1/wrapper.php\2hashp=\3\4', $content, -1, $nbrep); + $content=preg_replace('/(url\(["\']?)[^\)]*viewimage\.php([^\)]*)hashp=([^\)]*)(["\']?\))/', '\1/wrapper.php\2hashp\3\4', $content, -1, $nbrep); + $content=preg_replace('/(]*src=")[^\"]*viewimage\.php([^\"]*)modulepart=mycompany([^\"]*)file=([^\"]*)("[^>]*>)/', '\1/wrapper.php\2modulepart=mycompany\3file=\4\5', $content, -1, $nbrep); } else @@ -222,6 +226,10 @@ function dolWebsiteOutput($content) $content=preg_replace('/(]*src=")[^\"]*viewimage\.php([^\"]*)modulepart=medias([^\"]*)file=([^\"]*)("[^>]*>)/', '\1medias/\4\5', $content, -1, $nbrep); $content=preg_replace('/(url\(["\']?)[^\)]*viewimage\.php([^\)]*)modulepart=medias([^\)]*)file=([^\)]*)(["\']?\))/', '\1medias/\4\5', $content, -1, $nbrep); + $content=preg_replace('/(]*href=")[^\"]*viewimage\.php([^\"]*)hashp=([^\"]*)("[^>]*>)/', '\1/wrapper.php\2hashp=\3\4', $content, -1, $nbrep); + $content=preg_replace('/(]*src=")[^\"]*viewimage\.php([^\"]*)hashp=([^\"]*)("[^>]*>)/', '\1/wrapper.php\2hashp=\3\4', $content, -1, $nbrep); + $content=preg_replace('/(url\(["\']?)[^\)]*viewimage\.php([^\)]*)hashp=([^\)]*)(["\']?\))/', '\1/wrapper.php\2hashp=\3\4', $content, -1, $nbrep); + $content=preg_replace('/(]*src=")[^\"]*viewimage\.php([^\"]*)modulepart=mycompany([^\"]*)file=([^\"]*)("[^>]*>)/', '\1/wrapper.php\2modulepart=mycompany\3file=\4\5', $content, -1, $nbrep); } } diff --git a/htdocs/document.php b/htdocs/document.php index 07cc7cea77b..ff6c6f6e635 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -38,7 +38,7 @@ if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1'); if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1'); // For direct external download link, we don't need to load/check we are into a login session -if (isset($_GET["hashp"])) +if (isset($_GET["hashp"]) && ! defined("NOLOGIN")) { if (! defined("NOLOGIN")) define("NOLOGIN",1); if (! defined("NOCSRFCHECK")) define("NOCSRFCHECK",1); // We accept to go on this page from external web site. @@ -107,12 +107,6 @@ if (in_array($modulepart, array('facture_paiement','unpaid'))) * View */ -// Define attachment (attachment=true to force choice popup 'open'/'save as') -$attachment = true; -if (preg_match('/\.(html|htm)$/i',$original_file)) $attachment = false; -if (isset($_GET["attachment"])) $attachment = GETPOST("attachment",'alpha')?true:false; -if (! empty($conf->global->MAIN_DISABLE_FORCE_SAVEAS)) $attachment=false; - // If we have a hash public (hashp), we guess the original_file. if (! empty($hashp)) { @@ -122,8 +116,14 @@ if (! empty($hashp)) if ($result > 0) { $tmp = explode('/', $ecmfile->filepath, 2); // $ecmfile->filepath is relative to document directory - $moduleparttocheck = $tmp[0]; - if ($modulepart) // Not required for link using public hashp + // filepath can be 'users/X' or 'X/propale/PR11111' + if (is_numeric($tmp[0])) // If first tmp is numeric, it is subdir of company for multicompany, we take next part. + { + $tmp = explode('/', $tmp[1], 2); + } + $moduleparttocheck = $tmp[0]; // moduleparttocheck is first part of path + + if ($modulepart) // Not required, so often not defined, for link using public hashp parameter. { if ($moduleparttocheck == $modulepart) { @@ -149,6 +149,12 @@ if (! empty($hashp)) } } +// Define attachment (attachment=true to force choice popup 'open'/'save as') +$attachment = true; +if (preg_match('/\.(html|htm)$/i',$original_file)) $attachment = false; +if (isset($_GET["attachment"])) $attachment = GETPOST("attachment",'alpha')?true:false; +if (! empty($conf->global->MAIN_DISABLE_FORCE_SAVEAS)) $attachment=false; + // Define mime type $type = 'application/octet-stream'; if (GETPOST('type','alpha')) $type=GETPOST('type','alpha'); diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php index 5aa5e75d3b1..4646c8779ca 100644 --- a/htdocs/expensereport/card.php +++ b/htdocs/expensereport/card.php @@ -1955,16 +1955,26 @@ else } $totalpaid = price2num($totalpaid); // Round $totalpaid to fix floating problem after addition into loop - if ($object->paid == 0) + $remaintopay = price2num($object->total_ttc - $totalpaid); + $resteapayeraffiche = $remaintopay; + + $cssforamountpaymentcomplete = 'amountpaymentcomplete'; + + if ($object->status == ExpenseReport::STATUS_REFUSED) { - print ''.$langs->trans("AlreadyPaid").':'.price($totalpaid).''; - print ''.$langs->trans("AmountExpected").':'.price($object->total_ttc).''; - - $remaintopay = price2num($object->total_ttc - $totalpaid); - - print ''.$langs->trans("RemainderToPay").':'; - print ''.price($remaintopay).''; + $cssforamountpaymentcomplete = 'amountpaymentneutral'; + $resteapayeraffiche = 0; } + elseif ($object->paid == 0) + { + $cssforamountpaymentcomplete = 'amountpaymentneutral'; + } + print ''.$langs->trans("AlreadyPaid").':'.price($totalpaid).''; + print ''.$langs->trans("AmountExpected").':'.price($object->total_ttc).''; + + print ''.$langs->trans("RemainderToPay").':'; + print ''.price($resteapayeraffiche).''; + $db->free($resql); } else diff --git a/htdocs/install/doctemplates/websites/website_template-corporate.zip b/htdocs/install/doctemplates/websites/website_template-corporate.zip index 5aca2fbc8aa..f4b25d9a69e 100644 Binary files a/htdocs/install/doctemplates/websites/website_template-corporate.zip and b/htdocs/install/doctemplates/websites/website_template-corporate.zip differ diff --git a/htdocs/langs/en_US/website.lang b/htdocs/langs/en_US/website.lang index 94922827a91..28655f0f35a 100644 --- a/htdocs/langs/en_US/website.lang +++ b/htdocs/langs/en_US/website.lang @@ -92,4 +92,5 @@ ZipOfWebsitePackageToImport=Zip file of website package ShowSubcontainers=Include dynamic content InternalURLOfPage=Internal URL of page ThisPageIsTranslationOf=This page/container is a translation of -ThisPageHasTranslationPages=This page/container has translation \ No newline at end of file +ThisPageHasTranslationPages=This page/container has translation +NoWebSiteCreateOneFirst=No website created yet. Create on first. diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index 200230e5ca7..ea29fe0d8bd 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -131,8 +131,14 @@ if (! empty($hashp)) if ($result > 0) { $tmp = explode('/', $ecmfile->filepath, 2); // $ecmfile->filepath is relative to document directory - $moduleparttocheck = $tmp[0]; - if ($modulepart) // Not required for link using public hashp + // filepath can be 'users/X' or 'X/propale/PR11111' + if (is_numeric($tmp[0])) // If first tmp is numeric, it is subdir of company for multicompany, we take next part. + { + $tmp = explode('/', $tmp[1], 2); + } + $moduleparttocheck = $tmp[0]; // moduleparttocheck is first part of path + + if ($modulepart) // Not required, so often not defined, for link using public hashp parameter. { if ($moduleparttocheck == $modulepart) { diff --git a/htdocs/website/index.php b/htdocs/website/index.php index 7ee5e2d8f6d..5913c32c71a 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -366,7 +366,7 @@ if ($action == 'addcontainer') $urltograb.='/'; } $pageurl = dol_sanitizeFileName(preg_replace('/[\/\.]/','-', preg_replace('/\/+$/', '', $urltograbwithoutdomainandparam))); - + $urltograbdirwithoutslash = dirname($urltograb.'.'); $urltograbdirrootwithoutslash = getRootURLFromURL($urltograbdirwithoutslash); // Exemple, now $urltograbdirwithoutslash is https://www.dolimed.com/screenshots @@ -869,14 +869,14 @@ if ($action == 'updatecss') $filemaster=$pathofwebsite.'/master.inc.php'; dol_syslog("Save master file ".$filemaster); - + dol_mkdir($pathofwebsite); // Now generate the master.inc.php page $result = dolSaveMasterFile($filemaster); if (! $result) setEventMessages('Failed to write file '.$filemaster, null, 'errors'); - + // Html header file $htmlheadercontent =''; @@ -1472,8 +1472,15 @@ if (($action == 'updatesource' || $action == 'updatecontent' || $action == 'conf { if (! $error) { - setEventMessages($langs->trans("NoPageYet"), null, 'warnings'); - setEventMessages($langs->trans("YouCanCreatePageOrImportTemplate"), null, 'warnings'); + if (empty($websitekey) || $websitekey == '-1') + { + setEventMessages($langs->trans("NoWebSiteCreateOneFirst"), null, 'warnings'); + } + else + { + setEventMessages($langs->trans("NoPageYet"), null, 'warnings'); + setEventMessages($langs->trans("YouCanCreatePageOrImportTemplate"), null, 'warnings'); + } } } } @@ -1666,11 +1673,10 @@ if ($action != 'preview' && $action != 'editcontent' && $action != 'editsource') if (! GETPOST('hide_websitemenu')) { -//var_dump($objectpage);exit; -print '
'; + //var_dump($objectpage);exit; + print '
'; + -if (count($object->records) > 0) // There is at least one web site -{ // ***** Part for web sites print ''; print '
'; @@ -1713,12 +1719,15 @@ if (count($object->records) > 0) // There is at least one web site if (! empty($object->virtualhost)) $virtualurl=$object->virtualhost; } - - $array=$objectpage->fetchAll($object->id, 'ASC,ASC', 'type_container,pageurl'); + $array=array(); + if ($object->id > 0) + { + $array=$objectpage->fetchAll($object->id, 'ASC,ASC', 'type_container,pageurl'); + } if (! is_array($array) && $array < 0) dol_print_error('', $objectpage->error, $objectpage->errors); $atleastonepage=(is_array($array) && count($array) > 0); - if ($websitekey && ($action == 'preview' || $action == 'createfromclone' || $action == 'createpagefromclone')) + if ($websitekey && $websitekey != '-1' && ($action == 'preview' || $action == 'createfromclone' || $action == 'createpagefromclone')) { $disabled=''; if (empty($user->rights->website->write)) $disabled=' disabled="disabled"'; @@ -1828,7 +1837,7 @@ if (count($object->records) > 0) // There is at least one web site // Toolbar for pages - if ($websitekey && ! in_array($action, array('editcss','editmenu','importsite'))) + if ($websitekey && $websitekey != '-1' && ! in_array($action, array('editcss','editmenu','importsite'))) { print '
'; // Close current websitebar to open a new one @@ -2125,17 +2134,8 @@ if (count($object->records) > 0) // There is at least one web site } } } -} -else -{ - print '
'; - $langs->load("errors"); - print $langs->trans("ErrorModuleSetupNotComplete"); - print '
'; - $action=''; -} -print '
'; // end current websitebar + print '
'; // end current websitebar } @@ -2743,7 +2743,8 @@ if ($action == 'editsource') $doleditor->Create(0, '', false); }*/ -print "
\n\n"; +print "
\n"; +print "\n"; if ($action == 'preview' || $action == 'createfromclone' || $action == 'createpagefromclone') @@ -2874,8 +2875,16 @@ if ($action == 'preview' || $action == 'createfromclone' || $action == 'createpa } else { - print '

'.$langs->trans("PreviewOfSiteNotYetAvailable", $object->ref).'


'; - print '
'; + if (empty($websitekey) || $websitekey == '-1') + { + print '

'.$langs->trans("NoWebSiteCreateOneFirst").'


'; + print '
'; + } + else + { + print '

'.$langs->trans("PreviewOfSiteNotYetAvailable", $object->ref).'


'; + print '
'; + } } }