lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX #15558

Browse Source
This commit is contained in:
Laurent Destailleur 2020-11-29 19:41:11 +01:00
parent c963624f25
commit 66381a4f4d
2 changed files with 52 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
htdocs/core/actions_extrafields.inc.php
View File

@ -40,7 +40,7 @@ if ($type == 'select') $extrasize = '';
// Add attribute
if ($action == 'add')
{
if ($_POST["button"] != $langs->trans("Cancel"))
if (GETPOST("button") != $langs->trans("Cancel"))
{
// Check values
if (!$type)
@ -132,10 +132,28 @@ if ($action == 'add')
}
}
if (!$error)
{
if (!$error) {
if (strlen(GETPOST('attrname', 'aZ09')) < 3) {
$error++;
$langs->load("errors");
$mesg[] = $langs->trans("ErrorValueLength", $langs->transnoentitiesnoconv("AttributeCode"), 3);
$action = 'create';
}
}
// Check reserved keyword with more than 3 characters
if (!$error) {
if (in_array(GETPOST('attrname', 'aZ09'), array('and', 'keyword', 'table', 'index', 'integer', 'float', 'double', 'position'))) {
$error++;
$langs->load("errors");
$mesg[] = $langs->trans("ErrorReservedKeyword", GETPOST('attrname', 'aZ09'));
$action = 'create';
}
}
if (!$error) {
// attrname must be alphabetical and lower case only
if (isset($_POST["attrname"]) && preg_match("/^[a-z0-9-_]+$/", $_POST['attrname']) && !is_numeric($_POST["attrname"]))
if (GETPOSISSET("attrname") && preg_match("/^[a-z0-9-_]+$/", GETPOST('attrname', 'aZ09')) && !is_numeric(GETPOST('attrname', 'aZ09')))
{
// Construct array for parameter (value of select list)
$default_value = GETPOST('default_value', 'alpha');
@ -161,7 +179,7 @@ if ($action == 'add')
if ($type == 'separate') $visibility = 3;
$result = $extrafields->addExtraField(
GETPOST('attrname', 'alpha'),
GETPOST('attrname', 'aZ09'),
GETPOST('label', 'alpha'),
$type,
GETPOST('pos', 'int'),
@ -208,7 +226,7 @@ if ($action == 'add')
// Rename field
if ($action == 'update')
{
if ($_POST["button"] != $langs->trans("Cancel"))
if (GETPOST("button") != $langs->trans("Cancel"))
{
// Check values
if (!$type)
@ -293,9 +311,28 @@ if ($action == 'update')
}
}
if (!$error) {
if (strlen(GETPOST('attrname', 'aZ09')) < 3 && empty($conf->global->MAIN_DISABLE_EXTRAFIELDS_CHECK_FOR_UPDATE)) {
$error++;
$langs->load("errors");
$mesg[] = $langs->trans("ErrorValueLength", $langs->transnoentitiesnoconv("AttributeCode"), 3);
$action = 'edit';
}
}
// Check reserved keyword with more than 3 characters
if (!$error) {
if (in_array(GETPOST('attrname', 'aZ09'), array('and', 'keyword', 'table', 'index', 'integer', 'float', 'double', 'position')) && empty($conf->global->MAIN_DISABLE_EXTRAFIELDS_CHECK_FOR_UPDATE)) {
$error++;
$langs->load("errors");
$mesg[] = $langs->trans("ErrorReservedKeyword", GETPOST('attrname', 'aZ09'));
$action = 'edit';
}
}
if (!$error)
{
if (isset($_POST["attrname"]) && preg_match("/^\w[a-zA-Z0-9-_]*$/", $_POST['attrname']))
if (GETPOSTISSET("attrname") && preg_match("/^\w[a-zA-Z0-9-_]*$/", GETPOST('attrname', 'aZ09')) && !is_numeric(GETPOST('attrname', 'aZ09')))
{
$pos = GETPOST('pos', 'int');
// Construct array for parameter (value of select list)
@ -321,7 +358,7 @@ if ($action == 'update')
if ($type == 'separate') $visibility = 3;
$result = $extrafields->update(
GETPOST('attrname', 'alpha'),
GETPOST('attrname', 'aZ09'),
GETPOST('label', 'alpha'),
$type,
$extrasize,
@ -342,8 +379,7 @@ if ($action == 'update')
(GETPOST('totalizable', 'alpha') ? 1 : 0),
GETPOST('printable', 'alpha')
);
if ($result > 0)
{
if ($result > 0) {
setEventMessages($langs->trans('SetupSaved'), null, 'mesgs');
header("Location: ".$_SERVER["PHP_SELF"]);
exit;
@ -365,13 +401,10 @@ if ($action == 'update')
}
// Delete attribute
if ($action == 'delete')
{
if (isset($_GET["attrname"]) && preg_match("/^\w[a-zA-Z0-9-_]*$/", $_GET["attrname"]))
{
$result = $extrafields->delete($_GET["attrname"], $elementtype);
if ($result >= 0)
{
if ($action == 'delete') {
if (GETPOSTISSET("attrname") && preg_match("/^\w[a-zA-Z0-9-_]*$/", GETPOST("attrname", 'aZ09'))) {
$result = $extrafields->delete(GETPOST("attrname", 'aZ09'), $elementtype);
if ($result >= 0) {
header("Location: ".$_SERVER["PHP_SELF"]);
exit;
} else $mesg = $extrafields->error;

2
htdocs/langs/en_US/errors.lang
View File

@ -246,6 +246,8 @@ ErrorProductDoesNotNeedBatchNumber=Error, product '<b>%s</b>' does not accept a
ErrorFailedToReadObject=Error, failed to read object of type <b>%s</b>
ErrorParameterMustBeEnabledToAllwoThisFeature=Error, parameter <b>%s</b> must be enabled into <b>conf/conf.php<b> to allow use of Command Line Interface by the internal job scheduler
ErrorLoginDateValidity=Error, this login is outside the validity date range
ErrorValueLength=Length of field '<b>%s</b>' must be higher than '<b>%s</b>'
ErrorReservedKeyword=The word '<b>%s</b>' is a reserved keyword
# Warnings
WarningParamUploadMaxFileSizeHigherThanPostMaxSize=Your PHP parameter upload_max_filesize (%s) is higher than PHP parameter post_max_size (%s). This is not a consistent setup.
WarningPasswordSetWithNoAccount=A password was set for this member. However, no user account was created. So this password is stored but can't be used to login to Dolibarr. It may be used by an external module/interface but if you don't need to define any login nor password for a member, you can disable option "Manage a login for each member" from Member module setup. If you need to manage a login but don't need any password, you can keep this field empty to avoid this warning. Note: Email can also be used as a login if the member is linked to a user.