lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' into dev_1

Browse Source
This commit is contained in:
Laurent Destailleur 2021-05-25 19:55:31 +02:00 committed by GitHub
commit 673eb73d0a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
108 changed files with 699 additions and 379 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
COPYRIGHT
View File

@ -1,13 +1,24 @@
License
-------
Copyright and license
----------------------
Dolibarr is released under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 3 of the License,
or (at your option) any later version (GPL-3+).
More information: https://www.gnu.org/licenses/gpl-3.0.txt
The Dolibarr software as a whole is distributed under the GNU General Public License as published by the Free Software Foundation;
either version 3 of the License, or (at your option) any later version (GPL-3+). More information: https://www.gnu.org/licenses/gpl-3.0.txt.
A copy of this license is available in the COPYING file.
Dolibarr depends on third-party components and code snippets released under their own license (obviously, all compatible with the one of Dolibarr).
These dependencies are listed in the bottom of this file.
Dolibarr uses some external libraries released under different licenses. This is compatibility summary:
The Dolibarr images resources (available in the doc directory) is distributed under the Creative Commons Attribution 4.0 International license (CC BY 4.0).
The name Dolibarr is a trademark initially registered by Laurent Destailleur and ceased to the Dolibarr foundation. You can use the name Dolibarr
for your own need as long as you follow the rules defined on the page https://wiki.dolibarr.org/index.php/Rules_to_use_the_brand_name_%22Dolibarr%22
The use of the name DoliStore is also restricted to the same rules defined on https://wiki.dolibarr.org/index.php/Rules_to_use_the_brand_name_%22Dolibarr%22
Licence of dependencies of third-party components used by Dolibarr (all compatible with the Licence of Dolibarr):
Component Version License GPL Compatible Usage
-------------------------------------------------------------------------------------
@ -28,7 +39,7 @@ php-iban 1.4.7 LGPL-3+ Yes
PHPoAuthLib 0.8.2 MIT License Yes Library to provide oauth1 and oauth2 to different service
PHPPrintIPP 1.3 GPL-2+ Yes Library to send print IPP requests
PSR/Logs 1.0 Library for logs (used by DebugBar)
PSR/simple-cache ? MIT License Yes Library for cache (used by PHPSpreadSheet)
PSR/simple-cache ? MIT License Yes Library for cache (used by PHPSpreadSheet)
Restler 3.1.1 LGPL-3+ Yes Library to develop REST Web services (+ swagger-ui js lib into dir explorer)
Sabre 3.2.2 BSD Yes DAV support
Swift Mailer 5.4.2-DEV MIT License Yes Comprehensive mailing tools for PHP
@ -63,11 +74,10 @@ Font libraries:
Fontawesome 5.13 Font Awesome Free Licence Yes
For licenses compatibility informations:
https://www.gnu.org/licenses/licenses.en.html
For more licenses compatibility informations: https://www.gnu.org/licenses/licenses.en.html
Copyright / Authors
Authors
-------------------
See page https://github.com/Dolibarr/dolibarr/graphs/contributors

2
ChangeLog
View File

@ -169,7 +169,7 @@ Following changes may create regressions for some external modules, but were nec
* If your database is PostgreSql, you must use version 9.1.0 or more (Dolibarr need the SQL function CONCAT)
* If your database is MySql or MariaDB, you need at least version 5.1
* Function set_price_level() has been renamed into setPriceLevel() to follow camelcase rules
* Remove deprecated subtituion key __REFCLIENT__ (Replaced with __REF_CLIENT__)
***** ChangeLog for 13.0.3 compared to 13.0.2 *****

19
doc/images/README.md
View File

@ -10,17 +10,16 @@
https://github.com/Dolibarr/foundation
* Few icons are / were from website led24.de
* Attention: This website is no longer available!
# LICENCE OF IMAGE RESOURCES
--------------------------------
This is original README file for this source:
-------------------------------------------------------
* All image resources (except dolihelp.ico and doliadmin.ico) in this directory are distributed under licence CC BY-SA
List of icons from http://led24.de/iconset/ are:
- doliadmin.ico
- dolihelp.ico
This is original README file for the package with this 2 images:
You can do whatever you want with these icons (use on web or in desktop applications) as long as you dont pass them off as your own and remove this readme file. A credit statement and a link back to
http://led24.de/iconset/ or http://led24.de/ would be appreciated.
Follow us on twitter http://twitter.com/gasyoun or email leds24@gmail.com
512 icons 20/05/2009
-------------------------------------------------------
List of icons from http://led24.de/iconset/ are:
- dolihelp.ico

3
htdocs/accountancy/admin/accountmodel.php
View File

@ -609,10 +609,12 @@ if ($id) {
print '</tr>';
if ($num) {
$i = 0;
// Lines with values
while ($i < $num) {
$obj = $db->fetch_object($resql);
//print_r($obj);
print '<tr class="oddeven" id="rowid-'.$obj->rowid.'">';
if ($action == 'edit' && ($rowid == (!empty($obj->rowid) ? $obj->rowid : $obj->code))) {
print '<form action="'.$_SERVER['PHP_SELF'].'?id='.$id.'" method="POST">';
@ -708,6 +710,7 @@ if ($id) {
print "</tr>\n";
}
$i++;
}
}

75
htdocs/accountancy/bookkeeping/balance.php
View File

@ -68,7 +68,9 @@ if ($search_accountancy_code_end == - 1) {
$search_accountancy_code_end = '';
}
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$object = new BookKeeping($db);
$hookmanager->initHooks(array('balancelist')); // Note that conf->hooks_modules contains array
$formaccounting = new FormAccounting($db);
$formother = new FormOther($db);
@ -155,16 +157,23 @@ if (empty($user->rights->accounting->mouvements->lire)) {
* Action
*/
if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All tests are required to be compatible with all browsers
$show_subgroup = '';
$search_date_start = '';
$search_date_end = '';
$search_accountancy_code_start = '';
$search_accountancy_code_end = '';
$search_ledger_code = array();
$filter = array();
$parameters = array('socid'=>$socid);
$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
if ($reshook < 0) {
setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
}
if (empty($reshook)) {
if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All tests are required to be compatible with all browsers
$show_subgroup = '';
$search_date_start = '';
$search_date_end = '';
$search_accountancy_code_start = '';
$search_accountancy_code_end = '';
$search_ledger_code = array();
$filter = array();
}
}
/*
* View
@ -226,22 +235,28 @@ if ($action != 'export_csv') {
print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
print '<input type="hidden" name="page" value="'.$page.'">';
$button = '<input type="button" id="exportcsvbutton" name="exportcsvbutton" class="butAction" value="'.$langs->trans("Export").' ('.$conf->global->ACCOUNTING_EXPORT_FORMAT.')" />';
$parameters = array();
$reshook = $hookmanager->executeHooks('addMoreActionsButtons', $parameters, $object, $action); // Note that $action and $object may have been modified by hook
if (empty($reshook)) {
$button = '<input type="button" id="exportcsvbutton" name="exportcsvbutton" class="butAction" value="'.$langs->trans("Export").' ('.$conf->global->ACCOUNTING_EXPORT_FORMAT.')" />';
print '<script type="text/javascript" language="javascript">
jQuery(document).ready(function() {
jQuery("#exportcsvbutton").click(function() {
event.preventDefault();
console.log("Set action to export_csv");
jQuery("#action").val("export_csv");
jQuery("#searchFormList").submit();
jQuery("#action").val("list");
print '<script type="text/javascript" language="javascript">
jQuery(document).ready(function() {
jQuery("#exportcsvbutton").click(function() {
event.preventDefault();
console.log("Set action to export_csv");
jQuery("#action").val("export_csv");
jQuery("#searchFormList").submit();
jQuery("#action").val("list");
});
});
});
</script>';
</script>';
}
print_barre_liste($title_page, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $button, $result, $nbtotalofrecords, 'title_accountancy', 0, '', '', $limit);
$selectedfields = '';
$moreforfilter = '';
$moreforfilter .= '<div class="divsearchfield">';
@ -283,12 +298,18 @@ if ($action != 'export_csv') {
print ' ';
print $formaccounting->select_account($search_accountancy_code_end, 'search_accountancy_code_end', $langs->trans('to'), array(), 1, 1, '', 'accounts');
print '</td>';
print '<td class="liste_titre center">';
// Fields from hook
$parameters = array('arrayfields'=>$arrayfields);
$reshook = $hookmanager->executeHooks('printFieldListOption', $parameters, $object); // Note that $action and $object may have been modified by hook
print $hookmanager->resPrint;
// Action column
print '<td class="liste_titre maxwidthsearch">';
$searchpicto = $form->showFilterButtons();
print $searchpicto;
print '</td>';
print '</tr>';
print '</tr>'."\n";
print '<tr class="liste_titre">';
print_liste_field_titre("AccountAccounting", $_SERVER['PHP_SELF'], "t.numero_compte", "", $param, "", $sortfield, $sortorder);
@ -298,8 +319,14 @@ if ($action != 'export_csv') {
print_liste_field_titre("Debit", $_SERVER['PHP_SELF'], "t.debit", "", $param, 'class="right"', $sortfield, $sortorder);
print_liste_field_titre("Credit", $_SERVER['PHP_SELF'], "t.credit", "", $param, 'class="right"', $sortfield, $sortorder);
print_liste_field_titre("Balance", $_SERVER["PHP_SELF"], "", $param, "", 'class="right"', $sortfield, $sortorder);
print_liste_field_titre('', $_SERVER["PHP_SELF"], "", $param, "", 'width="60" class="center"', $sortfield, $sortorder);
print "</tr>\n";
// Hook fields
$parameters = array('arrayfields'=>$arrayfields, 'param'=>$param, 'sortfield'=>$sortfield, 'sortorder'=>$sortorder);
$reshook = $hookmanager->executeHooks('printFieldListTitle', $parameters, $object); // Note that $action and $object may have been modified by hook
print $hookmanager->resPrint;
// Action column
print getTitleFieldOfList($selectedfields, 0, $_SERVER["PHP_SELF"], '', '', '', '', $sortfield, $sortorder, 'center maxwidthsearch ')."\n";
print '</tr>'."\n";
$total_debit = 0;
$total_credit = 0;

6
htdocs/adherents/admin/member.php
View File

@ -197,6 +197,8 @@ print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="updateall">';
print load_fiche_titre($langs->trans("MemberMainOptions"), '', '');
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
print '<td>'.$langs->trans("Description").'</td>';
@ -268,6 +270,7 @@ if ($conf->facture->enabled) {
}
print '</table>';
print '</div>';
print '<div class="center">';
print '<input type="submit" class="button" value="'.$langs->trans("Update").'" name="Button">';
@ -338,6 +341,7 @@ if ($resql) {
print load_fiche_titre($langs->trans("MembersDocModules"), '', '');
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
print '<td>'.$langs->trans("Name").'</td>';
@ -446,6 +450,8 @@ foreach ($dirmodels as $reldir) {
}
print '</table>';
print '</div>';
print "<br>";
print dol_get_fiche_end();

4
htdocs/adherents/admin/website.php
View File

@ -172,6 +172,7 @@ print '<br>';
if (!empty($conf->global->MEMBER_ENABLE_PUBLIC)) {
print '<br>';
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
@ -234,6 +235,7 @@ if (!empty($conf->global->MEMBER_ENABLE_PUBLIC)) {
print "</td></tr>\n";
print '</table>';
print '</div>';
print '<div class="center">';
print '<input type="submit" class="button" value="'.$langs->trans("Modify").'">';
@ -262,7 +264,7 @@ if (!empty($conf->global->MEMBER_ENABLE_PUBLIC)) {
//$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
print '<div class="urllink">';
print '<input type="text" id="publicurlmember" class="quatrevingtpercent" value="'.$urlwithroot.'/public/members/new.php'.$entity_qr.'">';
print '<input type="text" id="publicurlmember" class="quatrevingtpercentminusx" value="'.$urlwithroot.'/public/members/new.php'.$entity_qr.'">';
print '<a target="_blank" href="'.$urlwithroot.'/public/members/new.php'.$entity_qr.'">'.img_picto('', 'globe', 'class="paddingleft"').'</a>';
print '</div>';
print ajax_autoselect('publicurlmember');

8
htdocs/admin/reception_setup.php
View File

@ -178,6 +178,7 @@ print dol_get_fiche_head($head, 'reception', $langs->trans("Receptions"), -1, 'r
print load_fiche_titre($langs->trans("ReceptionsNumberingModules"));
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
print '<td width="100">'.$langs->trans("Name").'</td>';
@ -272,8 +273,10 @@ foreach ($dirmodels as $reldir) {
}
}
print '</table><br>';
print '</table>';
print '</div>';
print '<br>';
/*
* Documents models for Receptions Receipt
@ -302,6 +305,7 @@ if ($resql) {
dol_print_error($db);
}
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
print '<td width="140">'.$langs->trans("Name").'</td>';
@ -417,6 +421,8 @@ foreach ($dirmodels as $reldir) {
}
print '</table>';
print '</div>';
print '<br>';

2
htdocs/admin/resource.php
View File

@ -74,6 +74,7 @@ print '<form method="POST" action="'.$_SERVER['PHP_SELF'].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="updateoptions">';
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
print '<td>'.$langs->trans("Parameters").'</td>'."\n";
@ -132,6 +133,7 @@ print '<td></td>';
print '</tr>';
print '</table>';
print '</div>';
print '</form>';

22
htdocs/admin/system/security.php
View File

@ -155,7 +155,7 @@ print '<strong>'.$langs->trans("PermissionsOnFilesInWebRoot").'</strong>: ';
$arrayoffilesinroot = dol_dir_list(DOL_DOCUMENT_ROOT, 'all', 1, '', array('\/custom'), 'name', SORT_ASC, 4, 1, '', 1);
$fileswithwritepermission = array();
foreach ($arrayoffilesinroot as $fileinroot) {
// Test permission on file
// Test if there is at least one write permission file. If yes, add the entry into array $fileswithwritepermission
if (isset($fileinroot['perm']) && ($fileinroot['perm'] & 0222)) {
$fileswithwritepermission[] = $fileinroot['relativename'];
}
@ -217,7 +217,7 @@ print '<br>';
print '<strong>$dolibarr_nocsrfcheck</strong>: '.$dolibarr_nocsrfcheck;
if (!empty($dolibarr_nocsrfcheck)) {
print img_picto('', 'warning').' &nbsp; '.$langs->trans("IfYouAreOnAProductionSetThis", 0);
print ' &nbsp; '.img_picto('', 'warning').' '.$langs->trans("IfYouAreOnAProductionSetThis", 0);
}
print '<br>';
@ -234,16 +234,18 @@ print '<br>';
print '<br>';
print '<br>';
print '<br>';
print load_fiche_titre($langs->trans("Menu").' '.$langs->trans("SecuritySetup"), '', 'folder');
print load_fiche_titre($langs->trans("Menu").' '.$langs->trans("SecuritySetup").' + '.$langs->trans("OtherSetup"), '', 'folder');
//print '<strong>'.$langs->trans("PasswordEncryption").'</strong>: ';
print '<strong>MAIN_SECURITY_HASH_ALGO</strong> = '.(empty($conf->global->MAIN_SECURITY_HASH_ALGO) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->MAIN_SECURITY_HASH_ALGO)." &nbsp; ";
if (empty($conf->global->MAIN_SECURITY_HASH_ALGO)) {
print '<span class="opacitymedium"> &nbsp; &nbsp; If unset: \'md5\'</span>';
}
print '<br>';
if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') {
print '<strong>MAIN_SECURITY_SALT</strong> = '.(empty($conf->global->MAIN_SECURITY_SALT) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->MAIN_SECURITY_SALT).'<br>';
print '<br><strong>MAIN_SECURITY_SALT</strong> = '.(empty($conf->global->MAIN_SECURITY_SALT) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->MAIN_SECURITY_SALT).'<br>';
} else {
print '<span class="opacitymedium">('.$langs->trans("Recommanded").': password_hash)</span>';
print '<br>';
}
if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') {
print '<div class="info">The recommanded value for MAIN_SECURITY_HASH_ALGO is now \'password_hash\' but setting it now will make ALL existing passwords of all users not valid, so update is not possible.<br>';
@ -259,18 +261,20 @@ print '<br>';
print '<strong>MAIN_SECURITY_ANTI_SSRF_SERVER_IP</strong> = '.(empty($conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP)."<br>";
print '<br>';
print '<strong>MAIN_ALLOW_SVG_FILES_AS_IMAGES</strong> = '.(empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES) ? '0 &nbsp; <span class="opacitymedium">('.$langs->trans("Recommanded").': 0)</span>' : $conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES)."<br>";
print '<br>';
print '<strong>MAIN_EXEC_USE_POPEN</strong> = ';
if (empty($conf->global->MAIN_EXEC_USE_POPEN)) {
print '<span class="opacitymedium">'.$langs->trans("Undefined").'</span> &nbsp; ';
print '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>';
} else {
print $conf->global->MAIN_EXEC_USE_POPEN.' &nbsp; ';
print $conf->global->MAIN_EXEC_USE_POPEN;
}
if ($execmethod == 1) {
print ' --> "exec" PHP method will be used for shell commands.';
print ' &nbsp; <span class="opacitymedium">("exec" PHP method will be used for shell commands)</span>';
}
if ($execmethod == 2) {
print ' --> "popen" PHP method will be used for shell commands.';
print ' &nbsp; <span class="opacitymedium">("popen" PHP method will be used for shell commands)</span>';
}
print "<br>";
print '<br>';

2
htdocs/admin/translation.php
View File

@ -188,7 +188,7 @@ if ($action == 'delete') {
$form = new Form($db);
$formadmin = new FormAdmin($db);
$wikihelp = 'EN:Setup Translation|FR:Paramétrage traduction|ES:Configuración';
$wikihelp = 'EN:Setup_Translation|FR:Paramétrage_Traduction|ES:Configuración_Traducción';
llxHeader('', $langs->trans("Setup"), $wikihelp);
$param = '&mode='.urlencode($mode);

7
htdocs/admin/user.php
View File

@ -126,6 +126,7 @@ $head = user_admin_prepare_head();
print dol_get_fiche_head($head, 'card', $langs->trans("MenuUsersAndGroups"), -1, 'user');
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
print '<td>'.$langs->trans("Parameter").'</td>';
@ -171,6 +172,7 @@ if ($conf->use_javascript_ajax) {
print '</td></tr>';
print '</table>';
print '</div>';
print '<br>';
@ -197,6 +199,7 @@ if ($resql) {
print load_fiche_titre($langs->trans("UsersDocModules"), '', '');
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
print '<td>'.$langs->trans("Name").'</td>';
@ -306,7 +309,9 @@ foreach ($dirmodels as $reldir) {
}
print '</table>';
print "<br>";
print '</div>';
print '<br>';
print dol_get_fiche_end();

6
htdocs/compta/bank/card.php
View File

@ -340,7 +340,7 @@ if ($action == 'create') {
print dol_get_fiche_head('');
print '<table class="border centpercent">';
print '<table class="border centpercent tableforfieldcreate">';
// Ref
print '<tr><td class="fieldrequired titlefieldcreate">'.$langs->trans("Ref").'</td>';
@ -835,7 +835,7 @@ if ($action == 'create') {
//print '<div class="underbanner clearboth"></div>';
print '<table class="border centpercent">';
print '<table class="border centpercent tableforfieldcreate">';
// Ref
print '<tr><td class="fieldrequired titlefieldcreate">'.$langs->trans("Ref").'</td>';
@ -925,7 +925,7 @@ if ($action == 'create') {
// Tags-Categories
if ($conf->categorie->enabled) {
print '<tr><td class="tdtop">'.$langs->trans("Categories").'</td><td>';
print '<tr><td>'.$langs->trans("Categories").'</td><td>';
$cate_arbo = $form->select_all_categories(Categorie::TYPE_ACCOUNT, '', 'parent', 64, 0, 1);
$c = new Categorie($db);
$cats = $c->containing($object->id, Categorie::TYPE_ACCOUNT);

6
htdocs/contrat/list.php
View File

@ -289,6 +289,12 @@ if (!empty($search_ref_customer)) {
if (!empty($search_ref_supplier)) {
$sql .= natural_search(array('c.ref_supplier'), $search_ref_supplier);
}
if ($search_zip) {
$sql .= natural_search(array('s.zip'), $search_zip);
}
if ($search_town) {
$sql .= natural_search(array('s.town'), $search_town);
}
if ($search_sale > 0) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$search_sale;
}

2
htdocs/core/boxes/box_accountancy_last_manual_entries.php
View File

@ -116,7 +116,7 @@ class box_accountancy_last_manual_entries extends ModeleBoxes
);
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'td' => 'class="center nowraponall"',
'text' => dol_print_date($date, 'day'),
'asis' => 1,
);

4
htdocs/core/boxes/box_actions.php
View File

@ -161,8 +161,8 @@ class box_actions extends ModeleBoxes
);
$this->info_box_contents[$line][2] = array(
'td' => 'class="nowrap left"',
'text' => dol_print_date($datelimite, "dayhour"),
'td' => 'class="center nowraponall"',
'text' => dol_print_date($datelimite, "dayhour", 'tzuserrel'),
'asis' => 1
);

4
htdocs/core/boxes/box_birthdays.php
View File

@ -118,8 +118,8 @@ class box_birthdays extends ModeleBoxes
);
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'text' => dol_print_date($dateb, "day").' - '.$age.' '.$langs->trans('DurationYears')
'td' => 'class="center nowraponall"',
'text' => dol_print_date($dateb, "day", 'gmt').' - '.$age.' '.$langs->trans('DurationYears')
);
/*$this->info_box_contents[$line][] = array(

4
htdocs/core/boxes/box_birthdays_members.php
View File

@ -115,8 +115,8 @@ class box_birthdays_members extends ModeleBoxes
);
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'text' => dol_print_date($dateb, "day").' - '.$age.' '.$langs->trans('DurationYears')
'td' => 'class="center nowraponall"',
'text' => dol_print_date($dateb, "day", 'gmt').' - '.$age.' '.$langs->trans('DurationYears')
);
/*$this->info_box_contents[$line][] = array(

2
htdocs/core/boxes/box_boms.php
View File

@ -143,7 +143,7 @@ class box_boms extends ModeleBoxes
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'text' => dol_print_date($datem, 'day'),
'text' => dol_print_date($datem, 'day', 'tzuserrel'),
);
$this->info_box_contents[$line][] = array(

4
htdocs/core/boxes/box_clients.php
View File

@ -134,8 +134,8 @@ class box_clients extends ModeleBoxes
);
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'text' => dol_print_date($datem, "day")
'td' => 'class="center nowraponall"',
'text' => dol_print_date($datem, "day", 'tzuserrel')
);
$this->info_box_contents[$line][] = array(

2
htdocs/core/boxes/box_commandes.php
View File

@ -180,7 +180,7 @@ class box_commandes extends ModeleBoxes
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'text' => dol_print_date($date, 'day'),
'text' => dol_print_date($date, 'day', 'tzuserrel'),
);
$this->info_box_contents[$line][] = array(

2
htdocs/core/boxes/box_contacts.php
View File

@ -161,7 +161,7 @@ class box_contacts extends ModeleBoxes
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'text' => dol_print_date($datem, "day"),
'text' => dol_print_date($datem, "day", 'tzuserrel'),
);
$this->info_box_contents[$line][] = array(

2
htdocs/core/boxes/box_contracts.php
View File

@ -156,7 +156,7 @@ class box_contracts extends ModeleBoxes
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'text' => dol_print_date($datec, 'day'),
'text' => dol_print_date($datec, 'day', 'tzuserrel'),
);
$this->info_box_contents[$line][] = array(

2
htdocs/core/boxes/box_external_rss.php
View File

@ -150,7 +150,7 @@ class box_external_rss extends ModeleBoxes
//$item['atom_content']
}
if (is_numeric($date)) {
$date = dol_print_date($date, "dayhour");
$date = dol_print_date($date, "dayhour", 'tzuserrel');
}
$isutf8 = utf8_check($title);

4
htdocs/core/boxes/box_factures.php
View File

@ -163,7 +163,7 @@ class box_factures extends ModeleBoxes
$late = '';
if ($facturestatic->hasDelay()) {
$late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day')));
$late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day', 'tzuserrel')));
}
$this->info_box_contents[$line][] = array(
@ -186,7 +186,7 @@ class box_factures extends ModeleBoxes
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'text' => dol_print_date($date, 'day'),
'text' => dol_print_date($date, 'day', 'tzuserrel'),
);
$this->info_box_contents[$line][] = array(

4
htdocs/core/boxes/box_factures_fourn.php
View File

@ -159,7 +159,7 @@ class box_factures_fourn extends ModeleBoxes
$late = '';
if ($facturestatic->hasDelay()) {
$late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day')));
$late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day', 'tzuserrel')));
}
$this->info_box_contents[$line][] = array(
@ -189,7 +189,7 @@ class box_factures_fourn extends ModeleBoxes
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'text' => dol_print_date($date, 'day'),
'text' => dol_print_date($date, 'day', 'tzuserrel'),
);
$this->info_box_contents[$line][] = array(

4
htdocs/core/boxes/box_factures_fourn_imp.php
View File

@ -150,7 +150,7 @@ class box_factures_fourn_imp extends ModeleBoxes
$late = '';
if ($facturestatic->hasDelay()) {
$late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day')));
$late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day', 'tzuserrel')));
}
$tooltip = $langs->trans('SupplierInvoice').': '.($objp->ref ? $objp->ref : $objp->facid).'<br>'.$langs->trans('RefSupplier').': '.$objp->ref_supplier;
@ -175,7 +175,7 @@ class box_factures_fourn_imp extends ModeleBoxes
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'text' => dol_print_date($datelimite, 'day'),
'text' => dol_print_date($datelimite, 'day', 'tzuserrel'),
);
$this->info_box_contents[$line][] = array(

4
htdocs/core/boxes/box_factures_imp.php
View File

@ -165,7 +165,7 @@ class box_factures_imp extends ModeleBoxes
$late = '';
if ($facturestatic->hasDelay()) {
$late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day')));
$late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day', 'tzuserrel')));
}
$this->info_box_contents[$line][] = array(
@ -188,7 +188,7 @@ class box_factures_imp extends ModeleBoxes
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'text' => dol_print_date($datelimite, 'day'),
'text' => dol_print_date($datelimite, 'day', 'tzuserrel'),
);
$this->info_box_contents[$line][] = array(

2
htdocs/core/boxes/box_ficheinter.php
View File

@ -145,7 +145,7 @@ class box_ficheinter extends ModeleBoxes
$this->info_box_contents[$i][] = array(
'td' => 'class="right"',
'text' => dol_print_date($datec, 'day'),
'text' => dol_print_date($datec, 'day', 'tzuserrel'),
);
$this->info_box_contents[$i][] = array(

4
htdocs/core/boxes/box_fournisseurs.php
View File

@ -128,8 +128,8 @@ class box_fournisseurs extends ModeleBoxes
);
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'text' => dol_print_date($datem, "day"),
'td' => 'class="center nowraponall"',
'text' => dol_print_date($datem, "day", 'tzuserrel'),
);
$this->info_box_contents[$line][] = array(

4
htdocs/core/boxes/box_goodcustomers.php
View File

@ -126,8 +126,8 @@ class box_goodcustomers extends ModeleBoxes
);
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'text' => dol_print_date($datem, "day")
'td' => 'class="center nowraponall"',
'text' => dol_print_date($datem, "day", 'tzuserrel')
);
$this->info_box_contents[$line][] = array(

2
htdocs/core/boxes/box_last_modified_ticket.php
View File

@ -162,7 +162,7 @@ class box_last_modified_ticket extends ModeleBoxes
// Date creation
$this->info_box_contents[$i][$r] = array(
'td' => 'class="right"',
'text' => dol_print_date($datec, 'dayhour')
'text' => dol_print_date($datec, 'dayhour', 'tzuserrel')
);
$r++;

2
htdocs/core/boxes/box_last_ticket.php
View File

@ -166,7 +166,7 @@ class box_last_ticket extends ModeleBoxes
// Date creation
$this->info_box_contents[$i][$r] = array(
'td' => 'class="right"',
'text' => dol_print_date($datec, 'dayhour'),
'text' => dol_print_date($datec, 'dayhour', 'tzuserrel'),
);
$r++;

2
htdocs/core/boxes/box_lastlogin.php
View File

@ -93,7 +93,7 @@ class box_lastlogin extends ModeleBoxes
'text' => $langs->trans("PreviousConnexion"),
);
if ($user->datepreviouslogin) {
$tmp = dol_print_date($user->datepreviouslogin, "dayhour", 'tzuser');
$tmp = dol_print_date($user->datepreviouslogin, "dayhour", 'tzuserrel');
} else {
$tmp = $langs->trans("Unknown");
}

4
htdocs/core/boxes/box_members.php
View File

@ -145,8 +145,8 @@ class box_members extends ModeleBoxes
);
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'text' => dol_print_date($datem, "day"),
'td' => 'class="center nowraponall"',
'text' => dol_print_date($datem, "day", 'tzuserrel'),
);
$this->info_box_contents[$line][] = array(

4
htdocs/core/boxes/box_members_last_modified.php
View File

@ -147,8 +147,8 @@ class box_members_last_modified extends ModeleBoxes
);
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'text' => dol_print_date($datem, "day"),
'td' => 'class="center nowraponall"',
'text' => dol_print_date($datem, "day", 'tzuserrel'),
);
$this->info_box_contents[$line][] = array(

2
htdocs/core/boxes/box_members_last_subscriptions.php
View File

@ -158,7 +158,7 @@ class box_members_last_subscriptions extends ModeleBoxes
$this->info_box_contents[$line][] = array(
'td' => 'class="right tdoverflowmax150 maxwidth150onsmartphone"',
'text' => dol_print_date($this->db->jdate($obj->datem ? $obj->datem : $obj->datec), 'dayhour'),
'text' => dol_print_date($this->db->jdate($obj->datem ? $obj->datem : $obj->datec), 'dayhour', 'tzuserrel'),
);
$line++;

2
htdocs/core/boxes/box_members_subscriptions_by_year.php
View File

@ -111,7 +111,7 @@ class box_members_subscriptions_by_year extends ModeleBoxes
$i = 0;
while ($i < $num) {
$objp = $this->db->fetch_object($result);
$year = dol_print_date($this->db->jdate($objp->dateh), "%Y");
$year = dol_print_date($this->db->jdate($objp->dateh), "%Y", 'gmt');
$Total[$year] = (isset($Total[$year]) ? $Total[$year] : 0) + $objp->subscription;
$Number[$year] = (isset($Number[$year]) ? $Number[$year] : 0) + 1;
$tot += $objp->subscription;

4
htdocs/core/boxes/box_mos.php
View File

@ -138,8 +138,8 @@ class box_mos extends ModeleBoxes
}
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'text' => dol_print_date($datem, 'day'),
'td' => 'class="center nowraponall"',
'text' => dol_print_date($datem, 'day', 'tzuserrel'),
);
$this->info_box_contents[$line][] = array(

4
htdocs/core/boxes/box_produits.php
View File

@ -190,8 +190,8 @@ class box_produits extends ModeleBoxes
);
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'text' => dol_print_date($datem, 'day'),
'td' => 'class="center nowraponall"',
'text' => dol_print_date($datem, 'day', 'tzuserrel'),
);
$this->info_box_contents[$line][] = array(

4
htdocs/core/boxes/box_propales.php
View File

@ -165,8 +165,8 @@ class box_propales extends ModeleBoxes
);
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'text' => dol_print_date($date, 'day'),
'td' => 'class="center nowraponall"',
'text' => dol_print_date($date, 'day', 'tzuserrel'),
);
$this->info_box_contents[$line][] = array(

4
htdocs/core/boxes/box_prospect.php
View File

@ -135,8 +135,8 @@ class box_prospect extends ModeleBoxes
);
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'text' => dol_print_date($datem, "day"),
'td' => 'class="center nowraponall"',
'text' => dol_print_date($datem, "day", 'tzuserrel'),
);
$this->info_box_contents[$line][] = array(

2
htdocs/core/boxes/box_scheduled_jobs.php
View File

@ -156,7 +156,7 @@ class box_scheduled_jobs extends ModeleBoxes
);
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'textnoformat' => (empty($resultarray[$line][2]) ? '' : $form->textwithpicto(dol_print_date($resultarray[$line][2], "dayhoursec"), $langs->trans("CurrentTimeZone")))
'textnoformat' => (empty($resultarray[$line][2]) ? '' : $form->textwithpicto(dol_print_date($resultarray[$line][2], "dayhoursec", 'tzserver'), $langs->trans("CurrentTimeZone")))
);
$this->info_box_contents[$line][] = array(
'td' => 'class="center" ',

4
htdocs/core/boxes/box_services_contracts.php
View File

@ -200,8 +200,8 @@ class box_services_contracts extends ModeleBoxes
);
$this->info_box_contents[$i][] = array(
'td' => '',
'text' => dol_print_date($datem, 'day'),
'td' => 'class="center nowraponall"',
'text' => dol_print_date($datem, 'day', 'tzuserrel'),
'text2'=> $late,
);

2
htdocs/core/boxes/box_services_expired.php
View File

@ -152,7 +152,7 @@ class box_services_expired extends ModeleBoxes
$this->info_box_contents[$i][] = array(
'td' => 'class="center nowraponall"',
'text' => dol_print_date($dateline, 'day'),
'text' => dol_print_date($dateline, 'day', 'tzuserrel'),
'text2'=> $late,
);

2
htdocs/core/boxes/box_supplier_orders.php
View File

@ -153,7 +153,7 @@ class box_supplier_orders extends ModeleBoxes
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'text' => dol_print_date($date, 'day'),
'text' => dol_print_date($date, 'day', 'tzuserrel'),
);
$this->info_box_contents[$line][] = array(

2
htdocs/core/boxes/box_supplier_orders_awaiting_reception.php
View File

@ -161,7 +161,7 @@ class box_supplier_orders_awaiting_reception extends ModeleBoxes
$this->info_box_contents[$line][] = array(
'td' => 'class="right"',
'text' => $delayIcon.'<span class="classfortooltip" title="'.$langs->trans('DateDeliveryPlanned').'"><i class="fa fa-dolly" ></i> '.dol_print_date($delivery_date, 'day').'</span>',
'text' => $delayIcon.'<span class="classfortooltip" title="'.$langs->trans('DateDeliveryPlanned').'"><i class="fa fa-dolly" ></i> '.dol_print_date($delivery_date, 'day', 'tzuserrel').'</span>',
'asis' => 1
);

80
htdocs/core/class/html.form.class.php
View File

@ -8193,41 +8193,47 @@ class Form
if ($modulepart == 'societe') {
$dir = $conf->societe->multidir_output[$entity];
if (!empty($object->logo)) {
if ((string) $imagesize == 'mini') {
$file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.getImageFileNameForSize($object->logo, '_mini'); // getImageFileNameForSize include the thumbs
} elseif ((string) $imagesize == 'small') {
$file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.getImageFileNameForSize($object->logo, '_small');
} else {
$file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.$object->logo;
if (dolIsAllowedForPreview($object->logo)) {
if ((string) $imagesize == 'mini') {
$file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.getImageFileNameForSize($object->logo, '_mini'); // getImageFileNameForSize include the thumbs
} elseif ((string) $imagesize == 'small') {
$file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.getImageFileNameForSize($object->logo, '_small');
} else {
$file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.$object->logo;
}
$originalfile = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.$object->logo;
}
$originalfile = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.$object->logo;
}
$email = $object->email;
} elseif ($modulepart == 'contact') {
$dir = $conf->societe->multidir_output[$entity].'/contact';
if (!empty($object->photo)) {
if ((string) $imagesize == 'mini') {
$file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.getImageFileNameForSize($object->photo, '_mini');
} elseif ((string) $imagesize == 'small') {
$file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.getImageFileNameForSize($object->photo, '_small');
} else {
$file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.$object->photo;
if (dolIsAllowedForPreview($object->logo)) {
if ((string) $imagesize == 'mini') {
$file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.getImageFileNameForSize($object->photo, '_mini');
} elseif ((string) $imagesize == 'small') {
$file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.getImageFileNameForSize($object->photo, '_small');
} else {
$file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.$object->photo;
}
$originalfile = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.$object->photo;
}
$originalfile = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.$object->photo;
}
$email = $object->email;
$capture = 'user';
} elseif ($modulepart == 'userphoto') {
$dir = $conf->user->dir_output;
if (!empty($object->photo)) {
if ((string) $imagesize == 'mini') {
$file = get_exdir(0, 0, 0, 0, $object, 'user').getImageFileNameForSize($object->photo, '_mini');
} elseif ((string) $imagesize == 'small') {
$file = get_exdir(0, 0, 0, 0, $object, 'user').getImageFileNameForSize($object->photo, '_small');
} else {
$file = get_exdir(0, 0, 0, 0, $object, 'user').$object->photo;
if (dolIsAllowedForPreview($object->logo)) {
if ((string) $imagesize == 'mini') {
$file = get_exdir(0, 0, 0, 0, $object, 'user').getImageFileNameForSize($object->photo, '_mini');
} elseif ((string) $imagesize == 'small') {
$file = get_exdir(0, 0, 0, 0, $object, 'user').getImageFileNameForSize($object->photo, '_small');
} else {
$file = get_exdir(0, 0, 0, 0, $object, 'user').$object->photo;
}
$originalfile = get_exdir(0, 0, 0, 0, $object, 'user').$object->photo;
}
$originalfile = get_exdir(0, 0, 0, 0, $object, 'user').$object->photo;
}
if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) {
$altfile = $object->id.".jpg"; // For backward compatibility
@ -8237,14 +8243,16 @@ class Form
} elseif ($modulepart == 'memberphoto') {
$dir = $conf->adherent->dir_output;
if (!empty($object->photo)) {
if ((string) $imagesize == 'mini') {
$file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.getImageFileNameForSize($object->photo, '_mini');
} elseif ((string) $imagesize == 'small') {
$file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.getImageFileNameForSize($object->photo, '_small');
} else {
$file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.$object->photo;
if (dolIsAllowedForPreview($object->logo)) {
if ((string) $imagesize == 'mini') {
$file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.getImageFileNameForSize($object->photo, '_mini');
} elseif ((string) $imagesize == 'small') {
$file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.getImageFileNameForSize($object->photo, '_small');
} else {
$file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.$object->photo;
}
$originalfile = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.$object->photo;
}
$originalfile = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.$object->photo;
}
if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) {
$altfile = $object->id.".jpg"; // For backward compatibility
@ -8255,14 +8263,16 @@ class Form
// Generic case to show photos
$dir = $conf->$modulepart->dir_output;
if (!empty($object->photo)) {
if ((string) $imagesize == 'mini') {
$file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.getImageFileNameForSize($object->photo, '_mini');
} elseif ((string) $imagesize == 'small') {
$file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.getImageFileNameForSize($object->photo, '_small');
} else {
$file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.$object->photo;
if (dolIsAllowedForPreview($object->logo)) {
if ((string) $imagesize == 'mini') {
$file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.getImageFileNameForSize($object->photo, '_mini');
} elseif ((string) $imagesize == 'small') {
$file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.getImageFileNameForSize($object->photo, '_small');
} else {
$file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.$object->photo;
}
$originalfile = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.$object->photo;
}
$originalfile = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.$object->photo;
}
if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) {
$altfile = $object->id.".jpg"; // For backward compatibility

9
htdocs/core/class/html.formfile.class.php
View File

@ -1774,11 +1774,16 @@ class FormFile
continue; // We do not show orphelins files
}
print '<!-- Line list_of_autoecmfiles '.$key.' -->'."\n";
print '<!-- Line list_of_autoecmfiles key='.$key.' -->'."\n";
print '<tr class="oddeven">';
print '<td>';
if ($found > 0 && is_object($this->cache_objects[$modulepart.'_'.$id.'_'.$ref])) {
print $this->cache_objects[$modulepart.'_'.$id.'_'.$ref]->getNomUrl(1, 'document');
$tmpobject = $this->cache_objects[$modulepart.'_'.$id.'_'.$ref];
//if (! in_array($tmpobject->element, array('expensereport'))) {
print $tmpobject->getNomUrl(1, 'document');
//} else {
// print $tmpobject->getNomUrl(1);
//}
} else {
print $langs->trans("ObjectDeleted", ($id ? $id : $ref));
}

2
htdocs/core/class/ldap.class.php
View File

@ -932,7 +932,7 @@ class Ldap
* Returns an array containing a details or list of LDAP record(s)
* ldapsearch -LLLx -hlocalhost -Dcn=admin,dc=parinux,dc=org -w password -b "ou=adherents,ou=people,dc=parinux,dc=org" userPassword
*
* @param string $search Value of fiel to search, '*' for all. Not used if $activefilter is set.
* @param string $search Value of field to search, '*' for all. Not used if $activefilter is set.
* @param string $userDn DN (Ex: ou=adherents,ou=people,dc=parinux,dc=org)
* @param string $useridentifier Name of key field (Ex: uid)
* @param array $attributeArray Array of fields required. Note this array must also contains field $useridentifier (Ex: sn,userPassword)

4
htdocs/core/class/utils.class.php
View File

@ -319,9 +319,9 @@ class Utils
}
if ($dolibarr_main_db_character_set == 'utf8mb4') {
// We save output into utf8mb4 charset
$param .= " --default-character-set=utf8mb4";
$param .= " --default-character-set=utf8mb4 --no-tablespaces";
} else {
$param .= " --default-character-set=utf8"; // We always save output into utf8 charset
$param .= " --default-character-set=utf8 --no-tablespaces"; // We always save output into utf8 charset
}
$paramcrypted = $param;
$paramclear = $param;

2
htdocs/core/lib/admin.lib.php
View File

@ -1545,6 +1545,7 @@ function form_constantes($tableau, $strictw3c = 0, $helptext = '')
print '<input type="hidden" name="action" value="updateall">';
}
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
print '<td class="">'.$langs->trans("Description").'</td>';
@ -1715,6 +1716,7 @@ function form_constantes($tableau, $strictw3c = 0, $helptext = '')
}
}
print '</table>';
print '</div>';
if (!empty($strictw3c) && $strictw3c == 1) {
print '<div align="center"><input type="submit" class="button" value="'.$langs->trans("Update").'" name="update"></div>';

27
htdocs/core/lib/files.lib.php
View File

@ -2232,7 +2232,8 @@ function dol_most_recent_file($dir, $regexfilter = '', $excludefilter = array('(
}
/**
* Security check when accessing to a document (used by document.php, viewimage.php and webservices)
* Security check when accessing to a document (used by document.php, viewimage.php and webservices to get documents).
* TODO Replace code that set $accesallowed by a call to restrictedArea()
*
* @param string $modulepart Module of document ('module', 'module_user_temp', 'module_user' or 'module_temp')
* @param string $original_file Relative path with filename, relative to modulepart.
@ -2446,6 +2447,16 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
// Wrapping for events
if ($fuser->rights->agenda->myactions->{$read}) {
$accessallowed = 1;
// If we known $id of project, call checkUserAccessToObject to check permission on the given agenda event on properties and assigned users
if ($refname && !preg_match('/^specimen/i', $original_file)) {
include_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';
$tmpobject = new ActionComm($db);
$tmpobject->fetch((int) $refname);
$accessallowed = checkUserAccessToObject($user, array('agenda'), $tmpobject->id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id', '');
if ($user->socid && $tmpobject->socid) {
$accessallowed = checkUserAccessToObject($user, array('societe'), $tmpobject->socid);
}
}
}
$original_file = $conf->agenda->dir_output.'/'.$original_file;
} elseif ($modulepart == 'category' && !empty($conf->categorie->multidir_output[$entity])) {
@ -2612,12 +2623,26 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
// Wrapping pour les projets
if ($fuser->rights->projet->{$lire} || preg_match('/^specimen/i', $original_file)) {
$accessallowed = 1;
// If we known $id of project, call checkUserAccessToObject to check permission on properties and contact of project
if ($refname && !preg_match('/^specimen/i', $original_file)) {
include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
$tmpproject = new Project($db);
$tmpproject->fetch('', $refname);
$accessallowed = checkUserAccessToObject($user, array('projet'), $tmpproject->id, 'projet&project', '', '', 'rowid', '');
}
}
$original_file = $conf->projet->dir_output.'/'.$original_file;
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."projet WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('project').")";
} elseif ($modulepart == 'project_task' && !empty($conf->projet->dir_output)) {
if ($fuser->rights->projet->{$lire} || preg_match('/^specimen/i', $original_file)) {
$accessallowed = 1;
// If we known $id of project, call checkUserAccessToObject to check permission on properties and contact of project
if ($refname && !preg_match('/^specimen/i', $original_file)) {
include_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php';
$tmptask = new Task($db);
$tmptask->fetch('', $refname);
$accessallowed = checkUserAccessToObject($user, array('projet_task'), $tmptask->id, 'projet&project', '', '', 'rowid', '');
}
}
$original_file = $conf->projet->dir_output.'/'.$original_file;
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."projet WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('project').")";

2
htdocs/core/lib/functions.lib.php
View File

@ -6879,8 +6879,6 @@ function getCommonSubstitutionArray($outputlangs, $onlykey = 0, $exclude = null,
// For backward compatibility
$substitutionarray['__REFCLIENT__'] = (isset($object->ref_client) ? $object->ref_client : (isset($object->ref_customer) ? $object->ref_customer : null));
$substitutionarray['__REFSUPPLIER__'] = (isset($object->ref_supplier) ? $object->ref_supplier : null);
$substitutionarray['__REFCLIENT__'] = (isset($object->ref_client) ? $object->ref_client : (isset($object->ref_customer) ? $object->ref_customer : null));
$substitutionarray['__REFSUPPLIER__'] = (isset($object->ref_supplier) ? $object->ref_supplier : null);
$substitutionarray['__SUPPLIER_ORDER_DATE_DELIVERY__'] = (isset($object->date_livraison) ? dol_print_date($object->date_livraison, 'day', 0, $outputlangs) : '');
$substitutionarray['__SUPPLIER_ORDER_DELAY_DELIVERY__'] = (isset($object->availability_code) ? ($outputlangs->transnoentities("AvailabilityType".$object->availability_code) != ('AvailabilityType'.$object->availability_code) ? $outputlangs->transnoentities("AvailabilityType".$object->availability_code) : $outputlangs->convToOutputCharset(isset($object->availability) ? $object->availability : '')) : '');

57
htdocs/core/lib/security.lib.php
View File

@ -173,17 +173,21 @@ function dol_verifyHash($chain, $hash, $type = '0')
* This method check permission on module then call checkUserAccessToObject() for permission on object (according to entity and socid of user).
*
* @param User $user User to check
* @param string $features Features to check (it must be module $object->element. Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...)
* @param string $features Features to check (it must be module $object->element. Can be a 'or' check with 'levela|levelb'.
* Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...)
* This is used to check permission $user->rights->features->...
* @param int $objectid Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
* @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany module. Param not used if objectid is null (optional).
* @param string $feature2 Feature to check, second level of permission (optional). Can be a 'or' check with 'sublevela|sublevelb'.
* This is used to check permission $user->rights->features->feature2...
* @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional)
* @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional)
* @param int $isdraft 1=The object with id=$objectid is a draft
* @return int Always 1, die process if not allowed
* @param int $mode Mode (0=default, 1=return with not die)
* @return int If mode = 0 (default): Always 1, die process if not allowed. If mode = 1: Return 0 if access not allowed.
* @see dol_check_secure_access_document(), checkUserAccessToObject()
*/
function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $isdraft = 0)
function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $isdraft = 0, $mode = 0)
{
global $db, $conf;
global $hookmanager;
@ -228,7 +232,11 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f
if (isset($hookmanager->resArray['result'])) {
if ($hookmanager->resArray['result'] == 0) {
accessforbidden(); // Module returns 0, so access forbidden
if ($mode) {
return 0;
} else {
accessforbidden(); // Module returns 0, so access forbidden
}
}
}
if ($reshook > 0) { // No other test done.
@ -343,7 +351,11 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f
}
if (!$readok) {
accessforbidden();
if ($mode) {
return 0;
} else {
accessforbidden();
}
}
//print "Read access is ok";
@ -432,7 +444,11 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f
}
if ($wemustcheckpermissionforcreate && !$createok) {
accessforbidden();
if ($mode) {
return 0;
} else {
accessforbidden();
}
}
//print "Write access is ok";
}
@ -445,7 +461,11 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f
}
if (!$createuserok) {
accessforbidden();
if ($mode) {
return 0;
} else {
accessforbidden();
}
}
//print "Create user access is ok";
}
@ -520,26 +540,34 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f
}
if (!$deleteok && !($isdraft && $createok)) {
accessforbidden();
if ($mode) {
return 0;
} else {
accessforbidden();
}
}
//print "Delete access is ok";
}
// If we have a particular object to check permissions on, we check this object
// is linked to a company allowed to $user.
// If we have a particular object to check permissions on, we check if $user has permission
// for this given object (link to company, is contact for project, ...)
if (!empty($objectid) && $objectid > 0) {
$ok = checkUserAccessToObject($user, $featuresarray, $objectid, $tableandshare, $feature2, $dbt_keyfield, $dbt_select, $parentfortableentity);
$params = array('objectid' => $objectid, 'features' => join(',', $featuresarray), 'features2' => $feature2);
//print 'checkUserAccessToObject ok='.$ok;
return $ok ? 1 : accessforbidden('', 1, 1, 0, $params);
if ($mode) {
return $ok ? 1 : 0;
} else {
return $ok ? 1 : accessforbidden('', 1, 1, 0, $params);
}
}
return 1;
}
/**
* Check access by user to object.
* This function is also called by restrictedArea that check before if module is enabled and permissions of user compared to $action.
* Check access by user to object is ok.
* This function is also called by restrictedArea that check before if module is enabled and if permission of user for $action is ok.
*
* @param User $user User to check
* @param array $featuresarray Features/modules to check. Example: ('user','service','member','project','task',...)
@ -552,7 +580,7 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f
* @return bool True if user has access, False otherwise
* @see restrictedArea()
*/
function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = '', $dbt_select = 'rowid', $parenttableforentity = '')
function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = '', $dbt_select = 'rowid', $parenttableforentity = '')
{
global $db, $conf;
@ -686,6 +714,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand
include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
$projectstatic = new Project($db);
$tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
$tmparray = explode(',', $tmps);
if (!in_array($objectid, $tmparray)) {
return false;

2
htdocs/core/tpl/card_presend.tpl.php
View File

@ -76,7 +76,7 @@ if ($action == 'presend') {
if (empty($object->ref_client)) {
$topicmail = $outputlangs->trans($defaulttopic, '__REF__');
} elseif (!empty($object->ref_client)) {
$topicmail = $outputlangs->trans($defaulttopic, '__REF__ (__REFCLIENT__)');
$topicmail = $outputlangs->trans($defaulttopic, '__REF__ (__REF_CLIENT__)');
}
// Build document if it not exists

2
htdocs/core/tpl/massactions_pre.tpl.php
View File

@ -149,7 +149,7 @@ if ($massaction == 'presend') {
$formmail->withtofree = empty($liste) ? 1 : 0;
$formmail->withtocc = 1;
$formmail->withtoccc = $conf->global->MAIN_EMAIL_USECCC;
$formmail->withtopic = $langs->transnoentities($topicmail, '__REF__', '__REFCLIENT__');
$formmail->withtopic = $langs->transnoentities($topicmail, '__REF__', '__REF_CLIENT__');
$formmail->withfile = 1;
// $formmail->withfile = 2; Not yet supported in mass action
$formmail->withmaindocfile = 1; // Add a checkbox "Attach also main document"

2
htdocs/ecm/dir_add_card.php
View File

@ -188,7 +188,7 @@ if ($action == 'add' && $permtoadd) {
exit;
}
}
} elseif ($action == 'confirm_deletesection' && $confirm == 'yes') {
} elseif ($action == 'confirm_deletesection' && $confirm == 'yes' && $permtoadd) {
// Deleting file
$result = $ecmdir->delete($user);
setEventMessages($langs->trans("ECMSectionWasRemoved", $ecmdir->label), null, 'mesgs');

14
htdocs/ecm/dir_card.php
View File

@ -88,17 +88,23 @@ if ($module == 'ecm') {
}
// Permissions
$permtoread = 0;
$permtoadd = 0;
$permtoupload = 0;
if ($module == 'ecm') {
$permtoread = $user->rights->ecm->read;
$permtoadd = $user->rights->ecm->setup;
$permtoupload = $user->rights->ecm->upload;
}
if ($module == 'medias') {
$permtoread = ($user->rights->mailing->lire || $user->rights->website->read);
$permtoadd = ($user->rights->mailing->creer || $user->rights->website->write);
$permtoupload = ($user->rights->mailing->creer || $user->rights->website->write);
}
if (!$permtoread) {
accessforbidden();
}
/*
@ -106,7 +112,7 @@ if ($module == 'medias') {
*/
// Upload file
if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC)) {
if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC) && $permtoupload) {
if (dol_mkdir($upload_dir) >= 0) {
$resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir."/".dol_unescapefile($_FILES['userfile']['name']), 0, 0, $_FILES['userfile']['error']);
if (is_numeric($resupload) && $resupload > 0) {
@ -131,7 +137,7 @@ if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC)) {
}
// Remove file
if ($action == 'confirm_deletefile' && $confirm == 'yes') {
if ($action == 'confirm_deletefile' && $confirm == 'yes' && $permtoupload) {
$langs->load("other");
$file = $upload_dir."/".GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
$ret = dol_delete_file($file);
@ -145,7 +151,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes') {
}
// Remove dir
if ($action == 'confirm_deletedir' && $confirm == 'yes') {
if ($action == 'confirm_deletedir' && $confirm == 'yes' && $permtoupload) {
$backtourl = DOL_URL_ROOT."/ecm/index.php";
if ($module == 'medias') {
$backtourl = DOL_URL_ROOT."/website/index.php?file_manager=1";
@ -181,7 +187,7 @@ if ($action == 'confirm_deletedir' && $confirm == 'yes') {
}
// Update dirname or description
if ($action == 'update' && !GETPOST('cancel', 'alpha')) {
if ($action == 'update' && !GETPOST('cancel', 'alpha') && $permtoadd) {
$error = 0;
if ($module == 'ecm') {

14
htdocs/ecm/file_card.php
View File

@ -36,10 +36,6 @@ $action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel', 'alpha');
$backtopage = GETPOST('backtopage', 'alpha');
if (!$user->rights->ecm->setup) {
accessforbidden();
}
// Get parameters
$socid = GETPOST("socid", "int");
@ -105,6 +101,14 @@ if ($result < 0) {
exit;
}
// Permissions
$permtoread = $user->rights->ecm->read;
$permtoadd = $user->rights->ecm->setup;
$permtoupload = $user->rights->ecm->upload;
if (!$permtoread) {
accessforbidden();
}
/*
@ -123,7 +127,7 @@ if ($cancel) {
}
// Rename file
if ($action == 'update') {
if ($action == 'update' && $permtoadd) {
$error = 0;
$oldlabel = GETPOST('urlfile', 'alpha');

13
htdocs/ecm/file_note.php
View File

@ -22,7 +22,7 @@
/**
* \file htdocs/ecm/file_note.php
* \ingroup ecm
* \brief Fiche de notes sur une ecm file
* \brief Tab for notes on an ECM file
*/
require '../main.inc.php';
@ -39,10 +39,6 @@ $ref = GETPOST('ref', 'alpha');
$socid = GETPOST('socid', 'int');
$action = GETPOST('action', 'aZ09');
if (!$user->rights->ecm->setup) {
accessforbidden();
}
// Get parameters
$socid = GETPOST("socid", "int");
// Security check
@ -109,6 +105,13 @@ if ($result < 0) {
$permissionnote = $user->rights->ecm->setup; // Used by the include of actions_setnotes.inc.php
$permtoread = $user->rights->ecm->read;
if (!$permtoread) {
accessforbidden();
}
/*
* Actions
*/

12
htdocs/ecm/index.php
View File

@ -34,12 +34,6 @@ require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php';
// Load translation files required by the page
$langs->loadLangs(array("ecm", "companies", "other", "users", "orders", "propal", "bills", "contracts"));
// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'ecm', 0);
// Get parameters
$socid = GETPOST('socid', 'int');
$action = GETPOST('action', 'aZ09');
@ -81,6 +75,12 @@ $userstatic = new User($db);
$error = 0;
// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'ecm', 0);
/*
* Actions

8
htdocs/ecm/index_auto.php
View File

@ -440,15 +440,13 @@ if (empty($action) || $action == 'file_manager' || preg_match('/refresh/i', $act
continue; // If condition to show is ok
}
$var = false;
print '<li class="directory collapsed">';
if (!empty($conf->use_javascript_ajax) && empty($conf->global->MAIN_ECM_DISABLE_JS)) {
print '<a class="fmdirlia jqft ecmjqft" href="'.$_SERVER["PHP_SELF"].'?module='.$val['module'].'">';
print '<a class="fmdirlia jqft ecmjqft" href="'.$_SERVER["PHP_SELF"].'?module='.urlencode($val['module']).'">';
print $val['label'];
print '</a>';
} else {
print '<a class="fmdirlia jqft ecmjqft" href="'.$_SERVER["PHP_SELF"].'?module='.$val['module'].'">';
print '<a class="fmdirlia jqft ecmjqft" href="'.$_SERVER["PHP_SELF"].'?module='.urlencode($val['module']).'">';
print $val['label'];
print '</a>';
}
@ -456,7 +454,7 @@ if (empty($action) || $action == 'file_manager' || preg_match('/refresh/i', $act
print '<div class="ecmjqft">';
// Info
$htmltooltip = '<b>'.$langs->trans("ECMSection").'</b>: '.$val['label'].'<br>';
$htmltooltip = '<b>'.$langs->trans("Type").'</b>: '.$langs->trans("ECMSectionAuto").'<br>';
$htmltooltip .= '<b>'.$langs->trans("Type").'</b>: '.$langs->trans("ECMSectionAuto").'<br>';
$htmltooltip .= '<b>'.$langs->trans("ECMCreationUser").'</b>: '.$langs->trans("ECMTypeAuto").'<br>';
$htmltooltip .= '<b>'.$langs->trans("Description").'</b>: '.$val['desc'];
print $form->textwithpicto('', $htmltooltip, 1, 'info');

6
htdocs/ecm/search.php
View File

@ -84,6 +84,12 @@ if (!empty($section)) {
}
}
$permtoread = $user->rights->ecm->read;
if (!$permtoread) {
accessforbidden();
}
/*
* Actions

22
htdocs/expensereport/class/expensereport.class.php
View File

@ -1645,6 +1645,7 @@ class ExpenseReport extends CommonObject
* Return clicable name (with picto eventually)
*
* @param int $withpicto 0=No picto, 1=Include picto into link, 2=Only picto
* @param string $option Where point the link ('', 'document', ..)
* @param int $max Max length of shown ref
* @param int $short 1=Return just URL
* @param string $moretitle Add more text to title tooltip
@ -1652,7 +1653,7 @@ class ExpenseReport extends CommonObject
* @param int $save_lastsearch_value -1=Auto, 0=No save of lastsearch_values when clicking, 1=Save lastsearch_values whenclicking
* @return string String with URL
*/
public function getNomUrl($withpicto = 0, $max = 0, $short = 0, $moretitle = '', $notooltip = 0, $save_lastsearch_value = -1)
public function getNomUrl($withpicto = 0, $option = '', $max = 0, $short = 0, $moretitle = '', $notooltip = 0, $save_lastsearch_value = -1)
{
global $langs, $conf;
@ -1684,17 +1685,16 @@ class ExpenseReport extends CommonObject
$label .= ' - '.$moretitle;
}
//if ($option != 'nolink')
//{
// Add param to save lastsearch_values or not
if ($option != 'nolink') {
// Add param to save lastsearch_values or not
$add_save_lastsearch_values = ($save_lastsearch_value == 1 ? 1 : 0);
if ($save_lastsearch_value == -1 && preg_match('/list\.php/', $_SERVER["PHP_SELF"])) {
$add_save_lastsearch_values = 1;
if ($save_lastsearch_value == -1 && preg_match('/list\.php/', $_SERVER["PHP_SELF"])) {
$add_save_lastsearch_values = 1;
}
if ($add_save_lastsearch_values) {
$url .= '&save_lastsearch_values=1';
}
}
if ($add_save_lastsearch_values) {
$url .= '&save_lastsearch_values=1';
}
//}
$ref = $this->ref;
if (empty($ref)) {
@ -1720,7 +1720,7 @@ class ExpenseReport extends CommonObject
$result .= img_object(($notooltip ? '' : $label), $this->picto, ($notooltip ? (($withpicto != 2) ? 'class="paddingright"' : '') : 'class="'.(($withpicto != 2) ? 'paddingright ' : '').'classfortooltip"'), 0, 0, $notooltip ? 0 : 1);
}
if ($withpicto != 2) {
$result .= ($max ?dol_trunc($ref, $max) : $ref);
$result .= ($max ? dol_trunc($ref, $max) : $ref);
}
$result .= $linkend;

9
htdocs/fourn/class/fournisseur.facture.class.php
View File

@ -1361,7 +1361,7 @@ class FactureFournisseur extends CommonInvoice
}
$sql .= ', fk_user_closing = '.$user->id;
$sql .= ", date_closing = '".$this->db->idate($now)."'";
$sql .= ' WHERE rowid = '.$this->id;
$sql .= ' WHERE rowid = '.((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
@ -1417,18 +1417,17 @@ class FactureFournisseur extends CommonInvoice
*/
public function setUnpaid($user)
{
global $conf, $langs;
$error = 0;
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'facture_fourn';
$sql .= ' SET paye=0, fk_statut='.self::STATUS_VALIDATED.', close_code=null, close_note=null';
$sql .= ' SET paye=0, fk_statut='.self::STATUS_VALIDATED.', close_code=null, close_note=null,';
$sql .= ' date_closing=null,';
$sql .= ' fk_user_closing=null';
$sql .= ' WHERE rowid = '.$this->id;
$sql .= ' WHERE rowid = '.((int) $this->id);
dol_syslog("FactureFournisseur::set_unpaid", LOG_DEBUG);
dol_syslog(get_class($this)."::set_unpaid", LOG_DEBUG);
$resql = $this->db->query($sql);
if ($resql) {
// Call trigger

2
htdocs/fourn/commande/card.php
View File

@ -1256,6 +1256,8 @@ if (empty($reshook)) {
$tva_tx = get_default_tva($soc, $mysoc, $lines[$i]->fk_product, $product_fourn_price_id);
}
$object->special_code = $lines[$i]->special_code;
$result = $object->addline(
$desc,
$lines[$i]->subprice,

22
htdocs/install/mysql/data/llx_00_c_country.sql
View File

@ -194,27 +194,27 @@ INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (40
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (300,'CW','CUW','Curaçao',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (301,'SX','SXM','Sint Maarten',1,0);
--End of antilles nederland
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (165,'NC','NCL','Nouvelle-Calédonie',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (166,'NZ','NZL','Nouvelle-Zélande',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (165,'NC','NCL','New Caledonia',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (166,'NZ','NZL','New Zealand',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (167,'NI','NIC','Nicaragua',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (168,'NE','NER','Niger',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (169,'NG','NGA','Nigeria',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (170,'NU','NIU','Nioué',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (171,'NF','NFK','Ile Norfolk',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (172,'MP','MNP','Mariannes du Nord',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (173,'NO','NOR','Norvège',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (170,'NU','NIU','Niue',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (171,'NF','NFK','Norfolk Island',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (172,'MP','MNP','Northern Mariana Islands',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (173,'NO','NOR','Norway',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (174,'OM','OMN','Oman',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (175,'PK','PAK','Pakistan',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (176,'PW','PLW','Palaos',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (177,'PS','PSE','Territoire Palestinien Occupé',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (176,'PW','PLW','Palau',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (177,'PS','PSE','Palestinian territories',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (178,'PA','PAN','Panama',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (179,'PG','PNG','Papouasie-Nouvelle-Guinée',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (179,'PG','PNG','Papua New Guinea',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (180,'PY','PRY','Paraguay',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (181,'PE','PER','Peru',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (182,'PH','PHL','Philippines',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (183,'PN','PCN','Iles Pitcairn',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (183,'PN','PCN','Pitcairn Islands',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (184,'PL','POL','Pologne',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (185,'PR','PRI','Porto Rico',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (185,'PR','PRI','Puerto Rico',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (186,'QA','QAT','Qatar',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (188,'RO','ROU','Roumanie',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (189,'RW','RWA','Rwanda',1,0);

6
htdocs/install/mysql/data/llx_accounting_abc.sql
View File

@ -174,10 +174,10 @@ INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUE
INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 15,'SYSCOHADA-TG', 'Plan comptable Ouest-Africain', 1);
-- Description of chart of account USA US-BASE
INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 11, 'US-BASE', 'USA basic chart of accounts', 1);
INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 11, 'US-BASE', 'USA basic chart of accounts', 1);
-- Description of chart of account Canada CA-ENG-BASE
INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 14, 'CA-ENG-BASE', 'Canadian basic chart of accounts - English', 1);
INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 14, 'CA-ENG-BASE', 'Canadian basic chart of accounts - English', 1);
-- Description of chart of account Mexico SAT/24-2019
INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 154, 'SAT/24-2019', 'Catalogo y codigo agrupador fiscal del 2019', 1);
INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 154, 'SAT/24-2019', 'Catalogo y codigo agrupador fiscal del 2019', 1);

5
htdocs/install/mysql/migration/13.0.0-14.0.0.sql
View File

@ -62,6 +62,11 @@ UPDATE llx_c_country SET eec = 1 WHERE code IN ('AT','BE','BG','CY','CZ','DE','D
ALTER TABLE llx_export_model MODIFY COLUMN type varchar(64);
INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 11, 'US-BASE', 'USA basic chart of accounts', 1);
INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 14, 'CA-ENG-BASE', 'Canadian basic chart of accounts - English', 1);
INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 154, 'SAT/24-2019', 'Catalogo y codigo agrupador fiscal del 2019', 1);
-- For v14
ALTER TABLE llx_product_lot ADD COLUMN eol_date datetime NULL;

32
htdocs/main.inc.php
View File

@ -142,27 +142,23 @@ function testSqlAndScriptInject($val, $type)
}
$inj += preg_match('/base\s+href/si', $val);
$inj += preg_match('/=data:/si', $val);
// List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp
$inj += preg_match('/onmouse([a-z]*)\s*=/i', $val); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
$inj += preg_match('/ondrag([a-z]*)\s*=/i', $val); //
$inj += preg_match('/ontouch([a-z]*)\s*=/i', $val); //
$inj += preg_match('/on(abort|afterprint|beforeprint|beforeunload|blur|canplay|canplaythrough|change|click|contextmenu|copy|cut)\s*=/i', $val);
$inj += preg_match('/on(dblclick|drop|durationchange|ended|error|focus|focusin|focusout|hashchange|input|invalid)\s*=/i', $val);
$inj += preg_match('/on(keydown|keypress|keyup|load|loadeddata|loadedmetadata|loadstart|loadend|offline|online|pagehide|pageshow)\s*=/i', $val);
$inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|resize|reset|scroll|search|seeking|select|show|stalled|start|submit|suspend)\s*=/i', $val);
$inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting)\s*=/i', $val);
// List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp and https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers
$inj += preg_match('/on(mouse|drag|key|load|touch|pointer|select|transition)([a-z]*)\s*=/i', $val); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
$inj += preg_match('/on(abort|afterprint|animation|auxclick|beforeprint|beforeunload|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|copy|cut)\s*=/i', $val);
$inj += preg_match('/on(dblclick|drop|durationchange|emptied|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)\s*=/i', $val);
$inj += preg_match('/on(lostpointercapture|offline|online|pagehide|pageshow)\s*=/i', $val);
$inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeked|seeking|show|stalled|start|submit|suspend)\s*=/i', $val);
$inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting|wheel)\s*=/i', $val);
// We refuse html into html because some hacks try to obfuscate evil strings by inserting HTML into HTML. Example: <img on<a>error=alert(1) to bypass test on onerror
$tmpval = preg_replace('/<[^<]+>/', '', $val);
// List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp
$inj += preg_match('/onmouse([a-z]*)\s*=/i', $tmpval); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
$inj += preg_match('/ondrag([a-z]*)\s*=/i', $tmpval); //
$inj += preg_match('/ontouch([a-z]*)\s*=/i', $tmpval); //
$inj += preg_match('/on(abort|afterprint|beforeprint|beforeunload|blur|canplay|canplaythrough|change|click|contextmenu|copy|cut)\s*=/i', $tmpval);
$inj += preg_match('/on(dblclick|drop|durationchange|ended|error|focus|focusin|focusout|hashchange|input|invalid)\s*=/i', $tmpval);
$inj += preg_match('/on(keydown|keypress|keyup|load|loadeddata|loadedmetadata|loadstart|loadend|offline|online|pagehide|pageshow)\s*=/i', $tmpval);
$inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|resize|reset|scroll|search|seeking|select|show|stalled|start|submit|suspend)\s*=/i', $tmpval);
$inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting)\s*=/i', $tmpval);
// List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp and https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers
$inj += preg_match('/on(mouse|drag|key|load|touch|pointer|select|transition)([a-z]*)\s*=/i', $val); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
$inj += preg_match('/on(abort|afterprint|animation|auxclick|beforeprint|beforeunload|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|copy|cut)\s*=/i', $tmpval);
$inj += preg_match('/on(dblclick|drop|durationchange|emptied|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)\s*=/i', $tmpval);
$inj += preg_match('/on(lostpointercapture|offline|online|pagehide|pageshow)\s*=/i', $tmpval);
$inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeked|seeking|show|stalled|start|submit|suspend)\s*=/i', $tmpval);
$inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting|wheel)\s*=/i', $tmpval);
//$inj += preg_match('/on[A-Z][a-z]+\*=/', $val); // To lock event handlers onAbort(), ...
$inj += preg_match('/&#58;|&#0000058|&#x3A/i', $val); // refused string ':' encoded (no reason to have it encoded) to lock 'javascript:...'

10
htdocs/margin/tabs/productMargins.php
View File

@ -39,10 +39,6 @@ $fieldtype = (!empty($ref) ? 'ref' : 'rowid');
if (!empty($user->socid)) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
if (empty($user->rights->margins->liretous)) {
accessforbidden();
}
$object = new Product($db);
@ -63,6 +59,12 @@ if (!$sortfield) {
$sortfield = "f.datef";
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
if (empty($user->rights->margins->liretous)) {
accessforbidden();
}
/*
* View

8
htdocs/margin/tabs/thirdpartyMargins.php
View File

@ -33,8 +33,6 @@ $socid = GETPOST('socid', 'int');
if (!empty($user->socid)) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'societe', '', '');
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
@ -61,6 +59,12 @@ if ($socid > 0) {
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('thirdpartymargins', 'globalcard'));
$result = restrictedArea($user, 'societe', $object->id, '');
if (empty($user->rights->margins->liretous)) {
accessforbidden();
}
/*
* Actions

2
htdocs/master.inc.php
View File

@ -230,7 +230,7 @@ if (!defined('NOREQUIREDB') && !defined('NOREQUIRESOC')) {
// Set default language (must be after the setValues setting global $conf->global->MAIN_LANG_DEFAULT. Page main.inc.php will overwrite langs->defaultlang with user value later)
if (!defined('NOREQUIRETRAN')) {
$langcode = (GETPOST('lang', 'aZ09') ? GETPOST('lang', 'aZ09', 1) : (empty($conf->global->MAIN_LANG_DEFAULT) ? 'auto' : $conf->global->MAIN_LANG_DEFAULT));
if (defined('MAIN_LANG_DEFAULT')) {
if (defined('MAIN_LANG_DEFAULT')) { // So a page can force the language whatever is setup and parameters in URL
$langcode = constant('MAIN_LANG_DEFAULT');
}
$langs->setDefaultLang($langcode);

35
htdocs/opensurvey/results.php
View File

@ -251,7 +251,40 @@ if (GETPOSTISSET("ajoutercolonne") && $object->format == "D") {
header('Location: results.php?id='.$object->id_sondage);
}
}
if ($cleinsertion >= 0) {
$sql = 'SELECT s.reponses';
$sql .= " FROM ".MAIN_DB_PREFIX."opensurvey_user_studs as s";
$sql .= " WHERE id_sondage = '".$db->escape($numsondage)."'";
$resql = $db->query($sql);
if (!$resql) {
dol_print_error($db);
} else {
$num = $db->num_rows($resql);
$compteur = 0;
while ($compteur < $num) {
$obj = $db->fetch_object($resql);
$sql = 'UPDATE '.MAIN_DB_PREFIX."opensurvey_user_studs";
if ($cleinsertion == 0) {
$sql .= " SET reponses = '0".$db->escape($obj->reponses)."'";
} else {
$reponsesadd = str_split($obj->reponses);
$lengthresponses = count($reponsesadd);
for ($cpt = $lengthresponses; $cpt > $cleinsertion; $cpt--) {
$reponsesadd[$cpt] = $reponsesadd[$cpt-1];
}
$reponsesadd[$cleinsertion] = '0';
$reponsesadd = implode($reponsesadd);
$sql .= " SET reponses = '".$db->escape($reponsesadd)."'";
}
$sql .= " WHERE id_sondage = '".$db->escape($numsondage)."'";
$resql = $db->query($sql);
if (!$resql) {
dol_print_error($db);
}
$compteur++;
}
}
}
$adresseadmin = $object->mail_admin;
} else {
$erreur_ajout_date = "yes";

16
htdocs/product/agenda.php
View File

@ -73,7 +73,21 @@ if (!$sortorder) {
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('agendathirdparty'));
$result = restrictedArea($user, 'produit|service', $id, 'product&product');
$object = new Product($db);
if ($id > 0 || !empty($ref)) {
$object->fetch($id, $ref);
}
if ($object->id > 0) {
if ($object->type == $object::TYPE_PRODUCT) {
restrictedArea($user, 'produit', $object->id, 'product&product', '', '');
}
if ($object->type == $object::TYPE_SERVICE) {
restrictedArea($user, 'service', $object->id, 'product&product', '', '');
}
} else {
restrictedArea($user, 'produit|service', 0, 'product&product', '', '');
}
/*

12
htdocs/product/card.php
View File

@ -152,7 +152,17 @@ if (!empty($canvas)) {
// Security check
$fieldvalue = (!empty($id) ? $id : (!empty($ref) ? $ref : ''));
$fieldtype = (!empty($id) ? 'rowid' : 'ref');
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
if ($object->id > 0) {
if ($object->type == $object::TYPE_PRODUCT) {
restrictedArea($user, 'produit', $object->id, 'product&product', '', '');
}
if ($object->type == $object::TYPE_SERVICE) {
restrictedArea($user, 'service', $object->id, 'product&product', '', '');
}
} else {
restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
}
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('productcard', 'globalcard'));

2
htdocs/product/class/product.class.php
View File

@ -1645,7 +1645,7 @@ class Product extends CommonObject
$testExit = array('multiprices','multiprices_ttc','multiprices_base_type','multiprices_min','multiprices_min_ttc','multiprices_tva_tx','multiprices_recuperableonly');
foreach ($testExit as $field){
foreach ($testExit as $field) {
if (!isset($this->$field[$level])) {
return array();
}

14
htdocs/product/composition/card.php
View File

@ -50,7 +50,6 @@ if (!empty($user->socid)) {
}
$fieldvalue = (!empty($id) ? $id : (!empty($ref) ? $ref : ''));
$fieldtype = (!empty($ref) ? 'ref' : 'rowid');
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
$object = new Product($db);
$objectid = 0;
@ -60,6 +59,19 @@ if ($id > 0 || !empty($ref)) {
$id = $object->id;
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
if ($object->id > 0) {
if ($object->type == $object::TYPE_PRODUCT) {
restrictedArea($user, 'produit', $object->id, 'product&product', '', '');
}
if ($object->type == $object::TYPE_SERVICE) {
restrictedArea($user, 'service', $object->id, 'product&product', '', '');
}
} else {
restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
}
/*
* Actions

12
htdocs/product/document.php
View File

@ -95,9 +95,19 @@ if ($id > 0 || !empty($ref)) {
}
$modulepart = 'produit';
$permissiontoadd = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->creer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->creer));
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
if ($object->id > 0) {
if ($object->type == $object::TYPE_PRODUCT) {
restrictedArea($user, 'produit', $object->id, 'product&product', '', '');
}
if ($object->type == $object::TYPE_SERVICE) {
restrictedArea($user, 'service', $object->id, 'product&product', '', '');
}
} else {
restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
}
/*

19
htdocs/product/fournisseurs.php
View File

@ -103,17 +103,16 @@ if ($id > 0 || $ref) {
$object->fetch($id, $ref);
}
$sortfield = GETPOST("sortfield", 'alpha');
$sortorder = GETPOST("sortorder", 'alpha');
if (!$sortfield) {
$sortfield = "s.nom";
if ($object->id > 0) {
if ($object->type == $object::TYPE_PRODUCT) {
restrictedArea($user, 'produit', $object->id, 'product&product', '', '');
}
if ($object->type == $object::TYPE_SERVICE) {
restrictedArea($user, 'service', $object->id, 'product&product', '', '');
}
} else {
restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
}
if (!$sortorder) {
$sortorder = "ASC";
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
/*

11
htdocs/product/note.php
View File

@ -51,7 +51,16 @@ if ($id > 0 || !empty($ref)) {
$permissionnote = $user->rights->produit->creer; // Used by the include of actions_setnotes.inc.php
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
if ($object->id > 0) {
if ($object->type == $object::TYPE_PRODUCT) {
restrictedArea($user, 'produit', $object->id, 'product&product', '', '');
}
if ($object->type == $object::TYPE_SERVICE) {
restrictedArea($user, 'service', $object->id, 'product&product', '', '');
}
} else {
restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
}
/*

4
htdocs/product/popuprop.php
View File

@ -60,9 +60,7 @@ $offset = $limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
$staticproduct = new Product($db);
$result = restrictedArea($user, 'produit|service', 0, 'product&product');
restrictedArea($user, 'produit|service', 0, 'product&product', '', '');
/*

11
htdocs/product/price.php
View File

@ -82,7 +82,16 @@ if ((!empty($conf->global->PRODUIT_MULTIPRICES) || !empty($conf->global->PRODUIT
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('productpricecard', 'globalcard'));
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
if ($object->id > 0) {
if ($object->type == $object::TYPE_PRODUCT) {
restrictedArea($user, 'produit', $object->id, 'product&product', '', '');
}
if ($object->type == $object::TYPE_SERVICE) {
restrictedArea($user, 'service', $object->id, 'product&product', '', '');
}
} else {
restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
}
/*

3
htdocs/product/stats/bom.php
View File

@ -41,7 +41,6 @@ $fieldtype = (!empty($ref) ? 'ref' : 'rowid');
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('productstatscontract'));
@ -67,6 +66,8 @@ if (!$sortfield) {
$sortfield = "b.date_valid";
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
/*
* View

3
htdocs/product/stats/card.php
View File

@ -58,7 +58,6 @@ if (!empty($user->socid)) {
// Security check
$fieldvalue = (!empty($id) ? $id : $ref);
$fieldtype = (!empty($ref) ? 'ref' : 'rowid');
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
$tmp = dol_getdate(dol_now());
$currentyear = $tmp['year'];
@ -66,6 +65,8 @@ if (empty($search_year)) {
$search_year = $currentyear;
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
/*
* Actions

6
htdocs/product/stats/commande.php
View File

@ -43,13 +43,10 @@ $socid = '';
if (!empty($user->socid)) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('productstatsorder'));
$mesg = '';
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
@ -75,6 +72,9 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter',
$search_year = '';
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
/*
* View
*/

3
htdocs/product/stats/commande_fournisseur.php
View File

@ -42,7 +42,6 @@ $socid = '';
if (!empty($user->socid)) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('productstatssupplyorder'));
@ -74,6 +73,8 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter',
$search_year = '';
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
/*
* View

5
htdocs/product/stats/contrat.php
View File

@ -40,13 +40,10 @@ $fieldtype = (!empty($ref) ? 'ref' : 'rowid');
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('productstatscontract'));
$mesg = '';
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
@ -65,6 +62,8 @@ if (!$sortfield) {
$sortfield = "c.date_contrat";
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
/*
* View

2
htdocs/product/stats/facture.php
View File

@ -44,7 +44,6 @@ $socid = '';
if (!empty($user->socid)) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('productstatsinvoice'));
@ -77,6 +76,7 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter',
$search_year = '';
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
/*

6
htdocs/product/stats/facture_fournisseur.php
View File

@ -44,13 +44,10 @@ $socid = '';
if (!empty($user->socid)) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('productstatssupplyinvoice'));
$mesg = '';
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
@ -76,6 +73,9 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter',
$search_year = '';
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
/*
* View
*/

5
htdocs/product/stats/mo.php
View File

@ -40,13 +40,10 @@ $fieldtype = (!empty($ref) ? 'ref' : 'rowid');
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('productstatscontract'));
$mesg = '';
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
@ -65,6 +62,8 @@ if (!$sortfield) {
$sortfield = "c.date_valid";
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
/*
* View

5
htdocs/product/stats/propal.php
View File

@ -48,8 +48,6 @@ $result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('productstatspropal'));
$mesg = '';
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'aZ09comma');
@ -76,6 +74,9 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter',
$search_year = '';
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
/*
* View
*/

6
htdocs/product/stats/supplier_proposal.php
View File

@ -43,13 +43,10 @@ $socid = '';
if (!empty($user->socid)) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('productstatspropal'));
$mesg = '';
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'aZ09comma');
@ -76,6 +73,9 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter',
$search_year = '';
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
/*
* View
*/

13
htdocs/product/stock/product.php
View File

@ -81,8 +81,6 @@ if (!empty($batchnumber)) {
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'produit&stock', $id, 'product&product', '', '', $fieldid);
$object = new Product($db);
$extrafields = new ExtraFields($db);
@ -114,6 +112,17 @@ $hookmanager->initHooks(array('stockproductcard', 'globalcard'));
$error = 0;
if ($object->id > 0) {
if ($object->type == $object::TYPE_PRODUCT) {
restrictedArea($user, 'produit', $object->id, 'product&product', '', '');
}
if ($object->type == $object::TYPE_SERVICE) {
restrictedArea($user, 'service', $object->id, 'product&product', '', '');
}
} else {
restrictedArea($user, 'produit|service', $id, 'product&product', '', '', $fieldid);
}
/*
* Actions

17
htdocs/product/traduction.php
View File

@ -45,7 +45,22 @@ $fieldtype = (!empty($ref) ? 'ref' : 'rowid');
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
if ($id > 0 || !empty($ref)) {
$object = new Product($db);
$object->fetch($id, $ref);
}
if ($object->id > 0) {
if ($object->type == $object::TYPE_PRODUCT) {
restrictedArea($user, 'produit', $object->id, 'product&product', '', '');
}
if ($object->type == $object::TYPE_SERVICE) {
restrictedArea($user, 'service', $object->id, 'product&product', '', '');
}
} else {
restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
}
/*

3
htdocs/projet/class/task.class.php
View File

@ -274,7 +274,8 @@ class Task extends CommonObject
}
$sql .= " WHERE ";
if (!empty($ref)) {
$sql .= "t.ref = '".$this->db->escape($ref)."'";
$sql .= "entity IN (".getEntity('project').")";
$sql .= " AND t.ref = '".$this->db->escape($ref)."'";
} else {
$sql .= "t.rowid = ".((int) $id);
}

24
htdocs/public/agenda/agendaexport.php
View File

@ -96,9 +96,9 @@ if (!isset($conf->global->MAIN_AGENDA_EXPORT_PAST_DELAY)) {
$format = 'ical';
$type = 'event';
if (GETPOST("format", 'alpha')) {
$format = GETPOST("format", 'apha');
$format = GETPOST("format", 'alpha');
}
if (GETPOST("type", 'apha')) {
if (GETPOST("type", 'alpha')) {
$type = GETPOST("type", 'alpha');
}
@ -115,20 +115,20 @@ if (GETPOST("idfrom", 'int')) {
if (GETPOST("idto", 'int')) {
$filters['idto'] = GETPOST("idto", 'int');
}
if (GETPOST("project", 'apha')) {
$filters['project'] = GETPOST("project", 'apha');
if (GETPOST("project", 'alpha')) {
$filters['project'] = GETPOST("project", 'alpha');
}
if (GETPOST("logina", 'apha')) {
$filters['logina'] = GETPOST("logina", 'apha');
if (GETPOST("logina", 'alpha')) {
$filters['logina'] = GETPOST("logina", 'alpha');
}
if (GETPOST("logint", 'apha')) {
$filters['logint'] = GETPOST("logint", 'apha');
if (GETPOST("logint", 'alpha')) {
$filters['logint'] = GETPOST("logint", 'alpha');
}
if (GETPOST("notactiontype", 'apha')) {
$filters['notactiontype'] = GETPOST("notactiontype", 'apha');
if (GETPOST("notactiontype", 'alpha')) {
$filters['notactiontype'] = GETPOST("notactiontype", 'alpha');
}
if (GETPOST("actiontype", 'apha')) {
$filters['actiontype'] = GETPOST("actiontype", 'apha');
if (GETPOST("actiontype", 'alpha')) {
$filters['actiontype'] = GETPOST("actiontype", 'alpha');
}
if (GETPOST("notolderthan", 'int')) {
$filters['notolderthan'] = GETPOST("notolderthan", "int");

2
htdocs/societe/card.php
View File

@ -852,7 +852,7 @@ if (empty($reshook)) {
// Set parent company
if ($action == 'set_thirdparty' && $user->rights->societe->creer) {
$object->fetch($socid);
$result = $object->set_parent(GETPOST('parent_id', 'int'));
$result = $object->setParent(GETPOST('parent_id', 'int'));
}
// Set sales representatives

45
htdocs/societe/class/societe.class.php
View File

@ -3321,34 +3321,37 @@ class Societe extends CommonObject
}
}
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
/**
* Define parent commany of current company
*
* @param int $id Id of thirdparty to set or '' to remove
* @return int <0 if KO, >0 if OK
*/
public function set_parent($id)
public function setParent($id)
{
// phpcs:enable
dol_syslog(get_class($this).'::setParent', LOG_DEBUG);
if ($this->id) {
// Check if the id we want to add as parent has not already one parent that is the current id we try to update
$sameparent = $this->validateFamilyTree($id, $this->id, 0);
if ($sameparent < 0) {
return -1;
} elseif ($sameparent == 1) {
setEventMessages('ParentCompanyToAddIsAlreadyAChildOfModifiedCompany', null, 'warnings');
return -1;
} else {
$sql = 'UPDATE '.MAIN_DB_PREFIX.'societe SET parent = '.($id > 0 ? $id : 'null').' WHERE rowid = '.((int) $this->id);
dol_syslog(get_class($this).'::set_parent', LOG_DEBUG);
$resql = $this->db->query($sql);
if ($resql) {
$this->parent = $id;
return 1;
} else {
if ($id > 0) {
$sameparent = $this->validateFamilyTree($id, $this->id, 0);
if ($sameparent < 0) {
return -1;
}
if ($sameparent == 1) {
setEventMessages('ParentCompanyToAddIsAlreadyAChildOfModifiedCompany', null, 'warnings');
return -1;
}
}
$sql = 'UPDATE '.MAIN_DB_PREFIX.'societe SET parent = '.($id > 0 ? $id : 'null').' WHERE rowid = '.((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
$this->parent = $id;
return 1;
} else {
return -1;
}
} else {
return -1;
@ -3363,15 +3366,15 @@ class Societe extends CommonObject
* @param int $counter Counter to protect against infinite loops
* @return int <0 if KO, 0 if OK or 1 if at some level a parent company was the child to compare to
*/
public function validateFamilyTree($idparent, $idchild, $counter = 0)
public function validateFamilyTree($idparent, $idchild, $counter = 0)
{
if ($counter > 100) {
dol_syslog("Too high level of parent - child for company. May be an infinite loop ?", LOG_WARNING);
}
$sql = 'SELECT s.parent';
$sql .= ' FROM '.MAIN_DB_PREFIX.'societe as s';
$sql .= ' WHERE rowid = '.$idparent;
$sql = 'SELECT s.parent';
$sql .= ' FROM '.MAIN_DB_PREFIX.'societe as s';
$sql .= ' WHERE rowid = '.$idparent;
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);

Some files were not shown because too many files have changed in this diff Show More