diff --git a/COPYRIGHT b/COPYRIGHT index aedcb1be614..c43d77581a7 100644 --- a/COPYRIGHT +++ b/COPYRIGHT @@ -1,13 +1,24 @@ -License -------- +Copyright and license +---------------------- -Dolibarr is released under the terms of the GNU General Public License as -published by the Free Software Foundation; either version 3 of the License, -or (at your option) any later version (GPL-3+). -More information: https://www.gnu.org/licenses/gpl-3.0.txt +The Dolibarr software as a whole is distributed under the GNU General Public License as published by the Free Software Foundation; +either version 3 of the License, or (at your option) any later version (GPL-3+). More information: https://www.gnu.org/licenses/gpl-3.0.txt. +A copy of this license is available in the COPYING file. +Dolibarr depends on third-party components and code snippets released under their own license (obviously, all compatible with the one of Dolibarr). +These dependencies are listed in the bottom of this file. -Dolibarr uses some external libraries released under different licenses. This is compatibility summary: + +The Dolibarr images resources (available in the doc directory) is distributed under the Creative Commons Attribution 4.0 International license (CC BY 4.0). + + +The name Dolibarr is a trademark initially registered by Laurent Destailleur and ceased to the Dolibarr foundation. You can use the name Dolibarr +for your own need as long as you follow the rules defined on the page https://wiki.dolibarr.org/index.php/Rules_to_use_the_brand_name_%22Dolibarr%22 +The use of the name DoliStore is also restricted to the same rules defined on https://wiki.dolibarr.org/index.php/Rules_to_use_the_brand_name_%22Dolibarr%22 + + + +Licence of dependencies of third-party components used by Dolibarr (all compatible with the Licence of Dolibarr): Component Version License GPL Compatible Usage ------------------------------------------------------------------------------------- @@ -28,7 +39,7 @@ php-iban 1.4.7 LGPL-3+ Yes PHPoAuthLib 0.8.2 MIT License Yes Library to provide oauth1 and oauth2 to different service PHPPrintIPP 1.3 GPL-2+ Yes Library to send print IPP requests PSR/Logs 1.0 Library for logs (used by DebugBar) -PSR/simple-cache ? MIT License Yes Library for cache (used by PHPSpreadSheet) +PSR/simple-cache ? MIT License Yes Library for cache (used by PHPSpreadSheet) Restler 3.1.1 LGPL-3+ Yes Library to develop REST Web services (+ swagger-ui js lib into dir explorer) Sabre 3.2.2 BSD Yes DAV support Swift Mailer 5.4.2-DEV MIT License Yes Comprehensive mailing tools for PHP @@ -63,11 +74,10 @@ Font libraries: Fontawesome 5.13 Font Awesome Free Licence Yes -For licenses compatibility informations: -https://www.gnu.org/licenses/licenses.en.html +For more licenses compatibility informations: https://www.gnu.org/licenses/licenses.en.html -Copyright / Authors +Authors ------------------- See page https://github.com/Dolibarr/dolibarr/graphs/contributors diff --git a/ChangeLog b/ChangeLog index ec201fa378e..50a0ff10131 100644 --- a/ChangeLog +++ b/ChangeLog @@ -169,7 +169,7 @@ Following changes may create regressions for some external modules, but were nec * If your database is PostgreSql, you must use version 9.1.0 or more (Dolibarr need the SQL function CONCAT) * If your database is MySql or MariaDB, you need at least version 5.1 * Function set_price_level() has been renamed into setPriceLevel() to follow camelcase rules - +* Remove deprecated subtituion key __REFCLIENT__ (Replaced with __REF_CLIENT__) ***** ChangeLog for 13.0.3 compared to 13.0.2 ***** diff --git a/doc/images/README.md b/doc/images/README.md index 7422d246d40..e93c9f9c3d4 100644 --- a/doc/images/README.md +++ b/doc/images/README.md @@ -10,17 +10,16 @@ https://github.com/Dolibarr/foundation -* Few icons are / were from website led24.de -* Attention: This website is no longer available! +# LICENCE OF IMAGE RESOURCES +-------------------------------- -This is original README file for this source: -------------------------------------------------------- +* All image resources (except dolihelp.ico and doliadmin.ico) in this directory are distributed under licence CC BY-SA + +List of icons from http://led24.de/iconset/ are: +- doliadmin.ico +- dolihelp.ico + +This is original README file for the package with this 2 images: You can do whatever you want with these icons (use on web or in desktop applications) as long as you don’t pass them off as your own and remove this readme file. A credit statement and a link back to http://led24.de/iconset/ or http://led24.de/ would be appreciated. - -Follow us on twitter http://twitter.com/gasyoun or email leds24@gmail.com -512 icons 20/05/2009 -------------------------------------------------------- -List of icons from http://led24.de/iconset/ are: -- dolihelp.ico diff --git a/htdocs/accountancy/admin/accountmodel.php b/htdocs/accountancy/admin/accountmodel.php index f0fd9702009..0f4d538cfac 100644 --- a/htdocs/accountancy/admin/accountmodel.php +++ b/htdocs/accountancy/admin/accountmodel.php @@ -609,10 +609,12 @@ if ($id) { print ''; if ($num) { + $i = 0; // Lines with values while ($i < $num) { $obj = $db->fetch_object($resql); //print_r($obj); + print ''; if ($action == 'edit' && ($rowid == (!empty($obj->rowid) ? $obj->rowid : $obj->code))) { print '
'; @@ -708,6 +710,7 @@ if ($id) { print "\n"; } + $i++; } } diff --git a/htdocs/accountancy/bookkeeping/balance.php b/htdocs/accountancy/bookkeeping/balance.php index 75283667fcb..434754516cc 100644 --- a/htdocs/accountancy/bookkeeping/balance.php +++ b/htdocs/accountancy/bookkeeping/balance.php @@ -68,7 +68,9 @@ if ($search_accountancy_code_end == - 1) { $search_accountancy_code_end = ''; } +// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $object = new BookKeeping($db); +$hookmanager->initHooks(array('balancelist')); // Note that conf->hooks_modules contains array $formaccounting = new FormAccounting($db); $formother = new FormOther($db); @@ -155,16 +157,23 @@ if (empty($user->rights->accounting->mouvements->lire)) { * Action */ -if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All tests are required to be compatible with all browsers - $show_subgroup = ''; - $search_date_start = ''; - $search_date_end = ''; - $search_accountancy_code_start = ''; - $search_accountancy_code_end = ''; - $search_ledger_code = array(); - $filter = array(); +$parameters = array('socid'=>$socid); +$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks +if ($reshook < 0) { + setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); } +if (empty($reshook)) { + if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All tests are required to be compatible with all browsers + $show_subgroup = ''; + $search_date_start = ''; + $search_date_end = ''; + $search_accountancy_code_start = ''; + $search_accountancy_code_end = ''; + $search_ledger_code = array(); + $filter = array(); + } +} /* * View @@ -226,22 +235,28 @@ if ($action != 'export_csv') { print ''; print ''; - $button = 'global->ACCOUNTING_EXPORT_FORMAT.')" />'; + $parameters = array(); + $reshook = $hookmanager->executeHooks('addMoreActionsButtons', $parameters, $object, $action); // Note that $action and $object may have been modified by hook + if (empty($reshook)) { + $button = 'global->ACCOUNTING_EXPORT_FORMAT.')" />'; - print ''; + '; + } print_barre_liste($title_page, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $button, $result, $nbtotalofrecords, 'title_accountancy', 0, '', '', $limit); + $selectedfields = ''; + $moreforfilter = ''; $moreforfilter .= '
'; @@ -283,12 +298,18 @@ if ($action != 'export_csv') { print ' '; print $formaccounting->select_account($search_accountancy_code_end, 'search_accountancy_code_end', $langs->trans('to'), array(), 1, 1, '', 'accounts'); print ''; - print ''; + + // Fields from hook + $parameters = array('arrayfields'=>$arrayfields); + $reshook = $hookmanager->executeHooks('printFieldListOption', $parameters, $object); // Note that $action and $object may have been modified by hook + print $hookmanager->resPrint; + + // Action column + print ''; $searchpicto = $form->showFilterButtons(); print $searchpicto; print ''; - - print ''; + print ''."\n"; print ''; print_liste_field_titre("AccountAccounting", $_SERVER['PHP_SELF'], "t.numero_compte", "", $param, "", $sortfield, $sortorder); @@ -298,8 +319,14 @@ if ($action != 'export_csv') { print_liste_field_titre("Debit", $_SERVER['PHP_SELF'], "t.debit", "", $param, 'class="right"', $sortfield, $sortorder); print_liste_field_titre("Credit", $_SERVER['PHP_SELF'], "t.credit", "", $param, 'class="right"', $sortfield, $sortorder); print_liste_field_titre("Balance", $_SERVER["PHP_SELF"], "", $param, "", 'class="right"', $sortfield, $sortorder); - print_liste_field_titre('', $_SERVER["PHP_SELF"], "", $param, "", 'width="60" class="center"', $sortfield, $sortorder); - print "\n"; + + // Hook fields + $parameters = array('arrayfields'=>$arrayfields, 'param'=>$param, 'sortfield'=>$sortfield, 'sortorder'=>$sortorder); + $reshook = $hookmanager->executeHooks('printFieldListTitle', $parameters, $object); // Note that $action and $object may have been modified by hook + print $hookmanager->resPrint; + // Action column + print getTitleFieldOfList($selectedfields, 0, $_SERVER["PHP_SELF"], '', '', '', '', $sortfield, $sortorder, 'center maxwidthsearch ')."\n"; + print ''."\n"; $total_debit = 0; $total_credit = 0; diff --git a/htdocs/adherents/admin/member.php b/htdocs/adherents/admin/member.php index 925f2c9094d..621873afc94 100644 --- a/htdocs/adherents/admin/member.php +++ b/htdocs/adherents/admin/member.php @@ -197,6 +197,8 @@ print ''; print ''; print load_fiche_titre($langs->trans("MemberMainOptions"), '', ''); + +print '
'; print ''; print ''; print ''; @@ -268,6 +270,7 @@ if ($conf->facture->enabled) { } print '
'.$langs->trans("Description").'
'; +print '
'; print '
'; print ''; @@ -338,6 +341,7 @@ if ($resql) { print load_fiche_titre($langs->trans("MembersDocModules"), '', ''); +print '
'; print ''; print ''; print ''; @@ -446,6 +450,8 @@ foreach ($dirmodels as $reldir) { } print '
'.$langs->trans("Name").'
'; +print '
'; + print "
"; print dol_get_fiche_end(); diff --git a/htdocs/adherents/admin/website.php b/htdocs/adherents/admin/website.php index 06796ef193c..bb320e9f48a 100644 --- a/htdocs/adherents/admin/website.php +++ b/htdocs/adherents/admin/website.php @@ -172,6 +172,7 @@ print '
'; if (!empty($conf->global->MEMBER_ENABLE_PUBLIC)) { print '
'; + print '
'; print ''; print ''; @@ -234,6 +235,7 @@ if (!empty($conf->global->MEMBER_ENABLE_PUBLIC)) { print "\n"; print '
'; + print '
'; print '
'; print ''; @@ -262,7 +264,7 @@ if (!empty($conf->global->MEMBER_ENABLE_PUBLIC)) { //$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current print '
'; - print ''; + print ''; print ''.img_picto('', 'globe', 'class="paddingleft"').''; print '
'; print ajax_autoselect('publicurlmember'); diff --git a/htdocs/admin/reception_setup.php b/htdocs/admin/reception_setup.php index 6ea6d195040..7cc9ae3e3be 100644 --- a/htdocs/admin/reception_setup.php +++ b/htdocs/admin/reception_setup.php @@ -178,6 +178,7 @@ print dol_get_fiche_head($head, 'reception', $langs->trans("Receptions"), -1, 'r print load_fiche_titre($langs->trans("ReceptionsNumberingModules")); +print '
'; print ''; print ''; print ''; @@ -272,8 +273,10 @@ foreach ($dirmodels as $reldir) { } } -print '
'.$langs->trans("Name").'

'; +print ''; +print '
'; +print '
'; /* * Documents models for Receptions Receipt @@ -302,6 +305,7 @@ if ($resql) { dol_print_error($db); } +print '
'; print ''; print ''; print ''; @@ -417,6 +421,8 @@ foreach ($dirmodels as $reldir) { } print '
'.$langs->trans("Name").'
'; +print '
'; + print '
'; diff --git a/htdocs/admin/resource.php b/htdocs/admin/resource.php index b8bb566c79b..06ae59d64a3 100644 --- a/htdocs/admin/resource.php +++ b/htdocs/admin/resource.php @@ -74,6 +74,7 @@ print ''; print ''; print ''; +print '
'; print ''; print ''; print ''."\n"; @@ -132,6 +133,7 @@ print ''; print ''; print '
'.$langs->trans("Parameters").'
'; +print '
'; print ''; diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index cb28b20195d..087ad76631d 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -155,7 +155,7 @@ print ''.$langs->trans("PermissionsOnFilesInWebRoot").': '; $arrayoffilesinroot = dol_dir_list(DOL_DOCUMENT_ROOT, 'all', 1, '', array('\/custom'), 'name', SORT_ASC, 4, 1, '', 1); $fileswithwritepermission = array(); foreach ($arrayoffilesinroot as $fileinroot) { - // Test permission on file + // Test if there is at least one write permission file. If yes, add the entry into array $fileswithwritepermission if (isset($fileinroot['perm']) && ($fileinroot['perm'] & 0222)) { $fileswithwritepermission[] = $fileinroot['relativename']; } @@ -217,7 +217,7 @@ print '
'; print '$dolibarr_nocsrfcheck: '.$dolibarr_nocsrfcheck; if (!empty($dolibarr_nocsrfcheck)) { - print img_picto('', 'warning').'   '.$langs->trans("IfYouAreOnAProductionSetThis", 0); + print '   '.img_picto('', 'warning').' '.$langs->trans("IfYouAreOnAProductionSetThis", 0); } print '
'; @@ -234,16 +234,18 @@ print '
'; print '
'; print '
'; print '
'; -print load_fiche_titre($langs->trans("Menu").' '.$langs->trans("SecuritySetup"), '', 'folder'); +print load_fiche_titre($langs->trans("Menu").' '.$langs->trans("SecuritySetup").' + '.$langs->trans("OtherSetup"), '', 'folder'); //print ''.$langs->trans("PasswordEncryption").': '; print 'MAIN_SECURITY_HASH_ALGO = '.(empty($conf->global->MAIN_SECURITY_HASH_ALGO) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_HASH_ALGO)."   "; if (empty($conf->global->MAIN_SECURITY_HASH_ALGO)) { print '     If unset: \'md5\''; } -print '
'; if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') { - print 'MAIN_SECURITY_SALT = '.(empty($conf->global->MAIN_SECURITY_SALT) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_SALT).'
'; + print '
MAIN_SECURITY_SALT = '.(empty($conf->global->MAIN_SECURITY_SALT) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_SALT).'
'; +} else { + print '('.$langs->trans("Recommanded").': password_hash)'; + print '
'; } if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') { print '
The recommanded value for MAIN_SECURITY_HASH_ALGO is now \'password_hash\' but setting it now will make ALL existing passwords of all users not valid, so update is not possible.
'; @@ -259,18 +261,20 @@ print '
'; print 'MAIN_SECURITY_ANTI_SSRF_SERVER_IP = '.(empty($conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP)."
"; print '
'; +print 'MAIN_ALLOW_SVG_FILES_AS_IMAGES = '.(empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES) ? '0   ('.$langs->trans("Recommanded").': 0)' : $conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES)."
"; +print '
'; print 'MAIN_EXEC_USE_POPEN = '; if (empty($conf->global->MAIN_EXEC_USE_POPEN)) { - print ''.$langs->trans("Undefined").'   '; + print ''.$langs->trans("Undefined").''; } else { - print $conf->global->MAIN_EXEC_USE_POPEN.'   '; + print $conf->global->MAIN_EXEC_USE_POPEN; } if ($execmethod == 1) { - print ' --> "exec" PHP method will be used for shell commands.'; + print '   ("exec" PHP method will be used for shell commands)'; } if ($execmethod == 2) { - print ' --> "popen" PHP method will be used for shell commands.'; + print '   ("popen" PHP method will be used for shell commands)'; } print "
"; print '
'; diff --git a/htdocs/admin/translation.php b/htdocs/admin/translation.php index 2ede168b601..acb11e70332 100644 --- a/htdocs/admin/translation.php +++ b/htdocs/admin/translation.php @@ -188,7 +188,7 @@ if ($action == 'delete') { $form = new Form($db); $formadmin = new FormAdmin($db); -$wikihelp = 'EN:Setup Translation|FR:Paramétrage traduction|ES:Configuración'; +$wikihelp = 'EN:Setup_Translation|FR:Paramétrage_Traduction|ES:Configuración_Traducción'; llxHeader('', $langs->trans("Setup"), $wikihelp); $param = '&mode='.urlencode($mode); diff --git a/htdocs/admin/user.php b/htdocs/admin/user.php index 0dccf65e5e7..83649d46a28 100644 --- a/htdocs/admin/user.php +++ b/htdocs/admin/user.php @@ -126,6 +126,7 @@ $head = user_admin_prepare_head(); print dol_get_fiche_head($head, 'card', $langs->trans("MenuUsersAndGroups"), -1, 'user'); +print '
'; print ''; print ''; print ''; @@ -171,6 +172,7 @@ if ($conf->use_javascript_ajax) { print ''; print '
'.$langs->trans("Parameter").'
'; +print '
'; print '
'; @@ -197,6 +199,7 @@ if ($resql) { print load_fiche_titre($langs->trans("UsersDocModules"), '', ''); +print '
'; print ''; print ''; print ''; @@ -306,7 +309,9 @@ foreach ($dirmodels as $reldir) { } print '
'.$langs->trans("Name").'
'; -print "
"; +print '
'; + +print '
'; print dol_get_fiche_end(); diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php index 30aa32a8d58..3b658f0c793 100644 --- a/htdocs/compta/bank/card.php +++ b/htdocs/compta/bank/card.php @@ -340,7 +340,7 @@ if ($action == 'create') { print dol_get_fiche_head(''); - print ''; + print '
'; // Ref print ''; @@ -835,7 +835,7 @@ if ($action == 'create') { //print '
'; - print '
'.$langs->trans("Ref").'
'; + print '
'; // Ref print ''; @@ -925,7 +925,7 @@ if ($action == 'create') { // Tags-Categories if ($conf->categorie->enabled) { - print ''; print '\n"; if (!$i) { diff --git a/htdocs/variants/combinations.php b/htdocs/variants/combinations.php index ded3a1bb8b9..a7ad432b3ba 100644 --- a/htdocs/variants/combinations.php +++ b/htdocs/variants/combinations.php @@ -51,7 +51,6 @@ $delete_product = GETPOST('delete_product', 'alpha'); // Security check $fieldvalue = (!empty($id) ? $id : $ref); $fieldtype = (!empty($ref) ? 'ref' : 'rowid'); -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); $prodstatic = new Product($db); $prodattr = new ProductAttribute($db); @@ -64,8 +63,6 @@ if ($id > 0 || $ref) { $selectedvariant = $_SESSION['addvariant_'.$object->id]; -$permissiontoread = $user->rights->produit->lire || $user->rights->service->lire; - // Security check if (empty($conf->variants->enabled)) { accessforbidden('Module not enabled'); @@ -73,8 +70,17 @@ if (empty($conf->variants->enabled)) { if ($user->socid > 0) { // Protection if external user accessforbidden(); } -//$result = restrictedArea($user, 'variant'); -if (!$permissiontoread) accessforbidden(); + +if ($object->id > 0) { + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } +} else { + restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +} /* diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index bd4d0e9b76d..944d4f4cbe5 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -302,6 +302,10 @@ class SecurityTest extends PHPUnit\Framework\TestCase $test="rror=alert(document.location)"; $result=testSqlAndScriptInject($test, 0); $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject kkk'); + + $test="XSS"; + $result=testSqlAndScriptInject($test, 0); + $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject lll'); } /**
'.$langs->trans("Ref").'
'.$langs->trans("Categories").''; + print '
'.$langs->trans("Categories").''; $cate_arbo = $form->select_all_categories(Categorie::TYPE_ACCOUNT, '', 'parent', 64, 0, 1); $c = new Categorie($db); $cats = $c->containing($object->id, Categorie::TYPE_ACCOUNT); diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php index e44c0411bea..19a040bf091 100644 --- a/htdocs/contrat/list.php +++ b/htdocs/contrat/list.php @@ -289,6 +289,12 @@ if (!empty($search_ref_customer)) { if (!empty($search_ref_supplier)) { $sql .= natural_search(array('c.ref_supplier'), $search_ref_supplier); } +if ($search_zip) { + $sql .= natural_search(array('s.zip'), $search_zip); +} +if ($search_town) { + $sql .= natural_search(array('s.town'), $search_town); +} if ($search_sale > 0) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$search_sale; } diff --git a/htdocs/core/boxes/box_accountancy_last_manual_entries.php b/htdocs/core/boxes/box_accountancy_last_manual_entries.php index 123f9894e1e..b1e4a637046 100644 --- a/htdocs/core/boxes/box_accountancy_last_manual_entries.php +++ b/htdocs/core/boxes/box_accountancy_last_manual_entries.php @@ -116,7 +116,7 @@ class box_accountancy_last_manual_entries extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', + 'td' => 'class="center nowraponall"', 'text' => dol_print_date($date, 'day'), 'asis' => 1, ); diff --git a/htdocs/core/boxes/box_actions.php b/htdocs/core/boxes/box_actions.php index e14fdfcb457..45c9d580ad2 100644 --- a/htdocs/core/boxes/box_actions.php +++ b/htdocs/core/boxes/box_actions.php @@ -161,8 +161,8 @@ class box_actions extends ModeleBoxes ); $this->info_box_contents[$line][2] = array( - 'td' => 'class="nowrap left"', - 'text' => dol_print_date($datelimite, "dayhour"), + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($datelimite, "dayhour", 'tzuserrel'), 'asis' => 1 ); diff --git a/htdocs/core/boxes/box_birthdays.php b/htdocs/core/boxes/box_birthdays.php index d6e6296a3cc..62cfaa590ab 100644 --- a/htdocs/core/boxes/box_birthdays.php +++ b/htdocs/core/boxes/box_birthdays.php @@ -118,8 +118,8 @@ class box_birthdays extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($dateb, "day").' - '.$age.' '.$langs->trans('DurationYears') + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($dateb, "day", 'gmt').' - '.$age.' '.$langs->trans('DurationYears') ); /*$this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_birthdays_members.php b/htdocs/core/boxes/box_birthdays_members.php index 4d367a223e2..5e772ff3593 100644 --- a/htdocs/core/boxes/box_birthdays_members.php +++ b/htdocs/core/boxes/box_birthdays_members.php @@ -115,8 +115,8 @@ class box_birthdays_members extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($dateb, "day").' - '.$age.' '.$langs->trans('DurationYears') + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($dateb, "day", 'gmt').' - '.$age.' '.$langs->trans('DurationYears') ); /*$this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_boms.php b/htdocs/core/boxes/box_boms.php index d0a169321d0..ae0877c0369 100644 --- a/htdocs/core/boxes/box_boms.php +++ b/htdocs/core/boxes/box_boms.php @@ -143,7 +143,7 @@ class box_boms extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'text' => dol_print_date($datem, 'day'), + 'text' => dol_print_date($datem, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_clients.php b/htdocs/core/boxes/box_clients.php index 56b8fa089a3..df56b510823 100644 --- a/htdocs/core/boxes/box_clients.php +++ b/htdocs/core/boxes/box_clients.php @@ -134,8 +134,8 @@ class box_clients extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($datem, "day") + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($datem, "day", 'tzuserrel') ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_commandes.php b/htdocs/core/boxes/box_commandes.php index eac431918b2..6583673f8ca 100644 --- a/htdocs/core/boxes/box_commandes.php +++ b/htdocs/core/boxes/box_commandes.php @@ -180,7 +180,7 @@ class box_commandes extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'text' => dol_print_date($date, 'day'), + 'text' => dol_print_date($date, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_contacts.php b/htdocs/core/boxes/box_contacts.php index bd69ddc0108..fada6a93bfd 100644 --- a/htdocs/core/boxes/box_contacts.php +++ b/htdocs/core/boxes/box_contacts.php @@ -161,7 +161,7 @@ class box_contacts extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'text' => dol_print_date($datem, "day"), + 'text' => dol_print_date($datem, "day", 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_contracts.php b/htdocs/core/boxes/box_contracts.php index ad19184691c..9d7b625db91 100644 --- a/htdocs/core/boxes/box_contracts.php +++ b/htdocs/core/boxes/box_contracts.php @@ -156,7 +156,7 @@ class box_contracts extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'text' => dol_print_date($datec, 'day'), + 'text' => dol_print_date($datec, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_external_rss.php b/htdocs/core/boxes/box_external_rss.php index 7bf8a69ed03..aff48328edb 100644 --- a/htdocs/core/boxes/box_external_rss.php +++ b/htdocs/core/boxes/box_external_rss.php @@ -150,7 +150,7 @@ class box_external_rss extends ModeleBoxes //$item['atom_content'] } if (is_numeric($date)) { - $date = dol_print_date($date, "dayhour"); + $date = dol_print_date($date, "dayhour", 'tzuserrel'); } $isutf8 = utf8_check($title); diff --git a/htdocs/core/boxes/box_factures.php b/htdocs/core/boxes/box_factures.php index 9ef12a9b8f6..2a97d738cd8 100644 --- a/htdocs/core/boxes/box_factures.php +++ b/htdocs/core/boxes/box_factures.php @@ -163,7 +163,7 @@ class box_factures extends ModeleBoxes $late = ''; if ($facturestatic->hasDelay()) { - $late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day'))); + $late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day', 'tzuserrel'))); } $this->info_box_contents[$line][] = array( @@ -186,7 +186,7 @@ class box_factures extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'text' => dol_print_date($date, 'day'), + 'text' => dol_print_date($date, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_factures_fourn.php b/htdocs/core/boxes/box_factures_fourn.php index a2ce199faee..a5d63c7b9c3 100644 --- a/htdocs/core/boxes/box_factures_fourn.php +++ b/htdocs/core/boxes/box_factures_fourn.php @@ -159,7 +159,7 @@ class box_factures_fourn extends ModeleBoxes $late = ''; if ($facturestatic->hasDelay()) { - $late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day'))); + $late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day', 'tzuserrel'))); } $this->info_box_contents[$line][] = array( @@ -189,7 +189,7 @@ class box_factures_fourn extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'text' => dol_print_date($date, 'day'), + 'text' => dol_print_date($date, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_factures_fourn_imp.php b/htdocs/core/boxes/box_factures_fourn_imp.php index aea07802fdf..9c35055011d 100644 --- a/htdocs/core/boxes/box_factures_fourn_imp.php +++ b/htdocs/core/boxes/box_factures_fourn_imp.php @@ -150,7 +150,7 @@ class box_factures_fourn_imp extends ModeleBoxes $late = ''; if ($facturestatic->hasDelay()) { - $late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day'))); + $late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day', 'tzuserrel'))); } $tooltip = $langs->trans('SupplierInvoice').': '.($objp->ref ? $objp->ref : $objp->facid).'
'.$langs->trans('RefSupplier').': '.$objp->ref_supplier; @@ -175,7 +175,7 @@ class box_factures_fourn_imp extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'text' => dol_print_date($datelimite, 'day'), + 'text' => dol_print_date($datelimite, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_factures_imp.php b/htdocs/core/boxes/box_factures_imp.php index 1830dcd5c7a..391fc2e7cd0 100644 --- a/htdocs/core/boxes/box_factures_imp.php +++ b/htdocs/core/boxes/box_factures_imp.php @@ -165,7 +165,7 @@ class box_factures_imp extends ModeleBoxes $late = ''; if ($facturestatic->hasDelay()) { - $late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day'))); + $late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day', 'tzuserrel'))); } $this->info_box_contents[$line][] = array( @@ -188,7 +188,7 @@ class box_factures_imp extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'text' => dol_print_date($datelimite, 'day'), + 'text' => dol_print_date($datelimite, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_ficheinter.php b/htdocs/core/boxes/box_ficheinter.php index 94d081483e2..edf4daa5191 100644 --- a/htdocs/core/boxes/box_ficheinter.php +++ b/htdocs/core/boxes/box_ficheinter.php @@ -145,7 +145,7 @@ class box_ficheinter extends ModeleBoxes $this->info_box_contents[$i][] = array( 'td' => 'class="right"', - 'text' => dol_print_date($datec, 'day'), + 'text' => dol_print_date($datec, 'day', 'tzuserrel'), ); $this->info_box_contents[$i][] = array( diff --git a/htdocs/core/boxes/box_fournisseurs.php b/htdocs/core/boxes/box_fournisseurs.php index d8b7f30c103..b0d5a0774fc 100644 --- a/htdocs/core/boxes/box_fournisseurs.php +++ b/htdocs/core/boxes/box_fournisseurs.php @@ -128,8 +128,8 @@ class box_fournisseurs extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($datem, "day"), + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($datem, "day", 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_goodcustomers.php b/htdocs/core/boxes/box_goodcustomers.php index 3a4f7e63103..aef7cdc9f3d 100644 --- a/htdocs/core/boxes/box_goodcustomers.php +++ b/htdocs/core/boxes/box_goodcustomers.php @@ -126,8 +126,8 @@ class box_goodcustomers extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($datem, "day") + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($datem, "day", 'tzuserrel') ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_last_modified_ticket.php b/htdocs/core/boxes/box_last_modified_ticket.php index 320a23f745b..4d5097e23ba 100644 --- a/htdocs/core/boxes/box_last_modified_ticket.php +++ b/htdocs/core/boxes/box_last_modified_ticket.php @@ -162,7 +162,7 @@ class box_last_modified_ticket extends ModeleBoxes // Date creation $this->info_box_contents[$i][$r] = array( 'td' => 'class="right"', - 'text' => dol_print_date($datec, 'dayhour') + 'text' => dol_print_date($datec, 'dayhour', 'tzuserrel') ); $r++; diff --git a/htdocs/core/boxes/box_last_ticket.php b/htdocs/core/boxes/box_last_ticket.php index 8a0e3822448..e08a54f1c87 100644 --- a/htdocs/core/boxes/box_last_ticket.php +++ b/htdocs/core/boxes/box_last_ticket.php @@ -166,7 +166,7 @@ class box_last_ticket extends ModeleBoxes // Date creation $this->info_box_contents[$i][$r] = array( 'td' => 'class="right"', - 'text' => dol_print_date($datec, 'dayhour'), + 'text' => dol_print_date($datec, 'dayhour', 'tzuserrel'), ); $r++; diff --git a/htdocs/core/boxes/box_lastlogin.php b/htdocs/core/boxes/box_lastlogin.php index a487ec5bc72..e5e11d9ba8f 100644 --- a/htdocs/core/boxes/box_lastlogin.php +++ b/htdocs/core/boxes/box_lastlogin.php @@ -93,7 +93,7 @@ class box_lastlogin extends ModeleBoxes 'text' => $langs->trans("PreviousConnexion"), ); if ($user->datepreviouslogin) { - $tmp = dol_print_date($user->datepreviouslogin, "dayhour", 'tzuser'); + $tmp = dol_print_date($user->datepreviouslogin, "dayhour", 'tzuserrel'); } else { $tmp = $langs->trans("Unknown"); } diff --git a/htdocs/core/boxes/box_members.php b/htdocs/core/boxes/box_members.php index acd3773d2f0..5865cba2530 100644 --- a/htdocs/core/boxes/box_members.php +++ b/htdocs/core/boxes/box_members.php @@ -145,8 +145,8 @@ class box_members extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($datem, "day"), + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($datem, "day", 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_members_last_modified.php b/htdocs/core/boxes/box_members_last_modified.php index 1315ac9895b..9de6a3af12f 100644 --- a/htdocs/core/boxes/box_members_last_modified.php +++ b/htdocs/core/boxes/box_members_last_modified.php @@ -147,8 +147,8 @@ class box_members_last_modified extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($datem, "day"), + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($datem, "day", 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_members_last_subscriptions.php b/htdocs/core/boxes/box_members_last_subscriptions.php index e08bc1073b6..3cea44c2dc3 100644 --- a/htdocs/core/boxes/box_members_last_subscriptions.php +++ b/htdocs/core/boxes/box_members_last_subscriptions.php @@ -158,7 +158,7 @@ class box_members_last_subscriptions extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right tdoverflowmax150 maxwidth150onsmartphone"', - 'text' => dol_print_date($this->db->jdate($obj->datem ? $obj->datem : $obj->datec), 'dayhour'), + 'text' => dol_print_date($this->db->jdate($obj->datem ? $obj->datem : $obj->datec), 'dayhour', 'tzuserrel'), ); $line++; diff --git a/htdocs/core/boxes/box_members_subscriptions_by_year.php b/htdocs/core/boxes/box_members_subscriptions_by_year.php index b6c146312bc..be835511c6b 100644 --- a/htdocs/core/boxes/box_members_subscriptions_by_year.php +++ b/htdocs/core/boxes/box_members_subscriptions_by_year.php @@ -111,7 +111,7 @@ class box_members_subscriptions_by_year extends ModeleBoxes $i = 0; while ($i < $num) { $objp = $this->db->fetch_object($result); - $year = dol_print_date($this->db->jdate($objp->dateh), "%Y"); + $year = dol_print_date($this->db->jdate($objp->dateh), "%Y", 'gmt'); $Total[$year] = (isset($Total[$year]) ? $Total[$year] : 0) + $objp->subscription; $Number[$year] = (isset($Number[$year]) ? $Number[$year] : 0) + 1; $tot += $objp->subscription; diff --git a/htdocs/core/boxes/box_mos.php b/htdocs/core/boxes/box_mos.php index b12506147bf..43d1cd411e4 100644 --- a/htdocs/core/boxes/box_mos.php +++ b/htdocs/core/boxes/box_mos.php @@ -138,8 +138,8 @@ class box_mos extends ModeleBoxes } $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($datem, 'day'), + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($datem, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_produits.php b/htdocs/core/boxes/box_produits.php index 44333683000..dde3b685d25 100644 --- a/htdocs/core/boxes/box_produits.php +++ b/htdocs/core/boxes/box_produits.php @@ -190,8 +190,8 @@ class box_produits extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($datem, 'day'), + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($datem, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_propales.php b/htdocs/core/boxes/box_propales.php index d876dad67d0..9c6376351e7 100644 --- a/htdocs/core/boxes/box_propales.php +++ b/htdocs/core/boxes/box_propales.php @@ -165,8 +165,8 @@ class box_propales extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($date, 'day'), + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($date, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_prospect.php b/htdocs/core/boxes/box_prospect.php index ea550b9d856..a8959202082 100644 --- a/htdocs/core/boxes/box_prospect.php +++ b/htdocs/core/boxes/box_prospect.php @@ -135,8 +135,8 @@ class box_prospect extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($datem, "day"), + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($datem, "day", 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_scheduled_jobs.php b/htdocs/core/boxes/box_scheduled_jobs.php index 04ba2944c75..793b0cc8c79 100644 --- a/htdocs/core/boxes/box_scheduled_jobs.php +++ b/htdocs/core/boxes/box_scheduled_jobs.php @@ -156,7 +156,7 @@ class box_scheduled_jobs extends ModeleBoxes ); $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'textnoformat' => (empty($resultarray[$line][2]) ? '' : $form->textwithpicto(dol_print_date($resultarray[$line][2], "dayhoursec"), $langs->trans("CurrentTimeZone"))) + 'textnoformat' => (empty($resultarray[$line][2]) ? '' : $form->textwithpicto(dol_print_date($resultarray[$line][2], "dayhoursec", 'tzserver'), $langs->trans("CurrentTimeZone"))) ); $this->info_box_contents[$line][] = array( 'td' => 'class="center" ', diff --git a/htdocs/core/boxes/box_services_contracts.php b/htdocs/core/boxes/box_services_contracts.php index b6eb51826cc..98e2b82bb37 100644 --- a/htdocs/core/boxes/box_services_contracts.php +++ b/htdocs/core/boxes/box_services_contracts.php @@ -200,8 +200,8 @@ class box_services_contracts extends ModeleBoxes ); $this->info_box_contents[$i][] = array( - 'td' => '', - 'text' => dol_print_date($datem, 'day'), + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($datem, 'day', 'tzuserrel'), 'text2'=> $late, ); diff --git a/htdocs/core/boxes/box_services_expired.php b/htdocs/core/boxes/box_services_expired.php index 724eb9baebf..75cc1cde413 100644 --- a/htdocs/core/boxes/box_services_expired.php +++ b/htdocs/core/boxes/box_services_expired.php @@ -152,7 +152,7 @@ class box_services_expired extends ModeleBoxes $this->info_box_contents[$i][] = array( 'td' => 'class="center nowraponall"', - 'text' => dol_print_date($dateline, 'day'), + 'text' => dol_print_date($dateline, 'day', 'tzuserrel'), 'text2'=> $late, ); diff --git a/htdocs/core/boxes/box_supplier_orders.php b/htdocs/core/boxes/box_supplier_orders.php index 235e7a8e72a..0c2b97ce6b5 100644 --- a/htdocs/core/boxes/box_supplier_orders.php +++ b/htdocs/core/boxes/box_supplier_orders.php @@ -153,7 +153,7 @@ class box_supplier_orders extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'text' => dol_print_date($date, 'day'), + 'text' => dol_print_date($date, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php index 1a8cec07155..04dabbd0ff3 100644 --- a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php +++ b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php @@ -161,7 +161,7 @@ class box_supplier_orders_awaiting_reception extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'text' => $delayIcon.' '.dol_print_date($delivery_date, 'day').'', + 'text' => $delayIcon.' '.dol_print_date($delivery_date, 'day', 'tzuserrel').'', 'asis' => 1 ); diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 57bbbe3a029..ea9692f2864 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -8193,41 +8193,47 @@ class Form if ($modulepart == 'societe') { $dir = $conf->societe->multidir_output[$entity]; if (!empty($object->logo)) { - if ((string) $imagesize == 'mini') { - $file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.getImageFileNameForSize($object->logo, '_mini'); // getImageFileNameForSize include the thumbs - } elseif ((string) $imagesize == 'small') { - $file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.getImageFileNameForSize($object->logo, '_small'); - } else { - $file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.$object->logo; + if (dolIsAllowedForPreview($object->logo)) { + if ((string) $imagesize == 'mini') { + $file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.getImageFileNameForSize($object->logo, '_mini'); // getImageFileNameForSize include the thumbs + } elseif ((string) $imagesize == 'small') { + $file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.getImageFileNameForSize($object->logo, '_small'); + } else { + $file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.$object->logo; + } + $originalfile = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.$object->logo; } - $originalfile = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.$object->logo; } $email = $object->email; } elseif ($modulepart == 'contact') { $dir = $conf->societe->multidir_output[$entity].'/contact'; if (!empty($object->photo)) { - if ((string) $imagesize == 'mini') { - $file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.getImageFileNameForSize($object->photo, '_mini'); - } elseif ((string) $imagesize == 'small') { - $file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.getImageFileNameForSize($object->photo, '_small'); - } else { - $file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.$object->photo; + if (dolIsAllowedForPreview($object->logo)) { + if ((string) $imagesize == 'mini') { + $file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.getImageFileNameForSize($object->photo, '_mini'); + } elseif ((string) $imagesize == 'small') { + $file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.getImageFileNameForSize($object->photo, '_small'); + } else { + $file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.$object->photo; + } + $originalfile = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.$object->photo; } - $originalfile = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.$object->photo; } $email = $object->email; $capture = 'user'; } elseif ($modulepart == 'userphoto') { $dir = $conf->user->dir_output; if (!empty($object->photo)) { - if ((string) $imagesize == 'mini') { - $file = get_exdir(0, 0, 0, 0, $object, 'user').getImageFileNameForSize($object->photo, '_mini'); - } elseif ((string) $imagesize == 'small') { - $file = get_exdir(0, 0, 0, 0, $object, 'user').getImageFileNameForSize($object->photo, '_small'); - } else { - $file = get_exdir(0, 0, 0, 0, $object, 'user').$object->photo; + if (dolIsAllowedForPreview($object->logo)) { + if ((string) $imagesize == 'mini') { + $file = get_exdir(0, 0, 0, 0, $object, 'user').getImageFileNameForSize($object->photo, '_mini'); + } elseif ((string) $imagesize == 'small') { + $file = get_exdir(0, 0, 0, 0, $object, 'user').getImageFileNameForSize($object->photo, '_small'); + } else { + $file = get_exdir(0, 0, 0, 0, $object, 'user').$object->photo; + } + $originalfile = get_exdir(0, 0, 0, 0, $object, 'user').$object->photo; } - $originalfile = get_exdir(0, 0, 0, 0, $object, 'user').$object->photo; } if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) { $altfile = $object->id.".jpg"; // For backward compatibility @@ -8237,14 +8243,16 @@ class Form } elseif ($modulepart == 'memberphoto') { $dir = $conf->adherent->dir_output; if (!empty($object->photo)) { - if ((string) $imagesize == 'mini') { - $file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.getImageFileNameForSize($object->photo, '_mini'); - } elseif ((string) $imagesize == 'small') { - $file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.getImageFileNameForSize($object->photo, '_small'); - } else { - $file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.$object->photo; + if (dolIsAllowedForPreview($object->logo)) { + if ((string) $imagesize == 'mini') { + $file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.getImageFileNameForSize($object->photo, '_mini'); + } elseif ((string) $imagesize == 'small') { + $file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.getImageFileNameForSize($object->photo, '_small'); + } else { + $file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.$object->photo; + } + $originalfile = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.$object->photo; } - $originalfile = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.$object->photo; } if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) { $altfile = $object->id.".jpg"; // For backward compatibility @@ -8255,14 +8263,16 @@ class Form // Generic case to show photos $dir = $conf->$modulepart->dir_output; if (!empty($object->photo)) { - if ((string) $imagesize == 'mini') { - $file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.getImageFileNameForSize($object->photo, '_mini'); - } elseif ((string) $imagesize == 'small') { - $file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.getImageFileNameForSize($object->photo, '_small'); - } else { - $file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.$object->photo; + if (dolIsAllowedForPreview($object->logo)) { + if ((string) $imagesize == 'mini') { + $file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.getImageFileNameForSize($object->photo, '_mini'); + } elseif ((string) $imagesize == 'small') { + $file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.getImageFileNameForSize($object->photo, '_small'); + } else { + $file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.$object->photo; + } + $originalfile = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.$object->photo; } - $originalfile = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.$object->photo; } if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) { $altfile = $object->id.".jpg"; // For backward compatibility diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index 0f046a08fd3..47506d5cbfa 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -1774,11 +1774,16 @@ class FormFile continue; // We do not show orphelins files } - print ''."\n"; + print ''."\n"; print '
'; if ($found > 0 && is_object($this->cache_objects[$modulepart.'_'.$id.'_'.$ref])) { - print $this->cache_objects[$modulepart.'_'.$id.'_'.$ref]->getNomUrl(1, 'document'); + $tmpobject = $this->cache_objects[$modulepart.'_'.$id.'_'.$ref]; + //if (! in_array($tmpobject->element, array('expensereport'))) { + print $tmpobject->getNomUrl(1, 'document'); + //} else { + // print $tmpobject->getNomUrl(1); + //} } else { print $langs->trans("ObjectDeleted", ($id ? $id : $ref)); } diff --git a/htdocs/core/class/ldap.class.php b/htdocs/core/class/ldap.class.php index 0f97ed878cf..a578f08f3c1 100644 --- a/htdocs/core/class/ldap.class.php +++ b/htdocs/core/class/ldap.class.php @@ -932,7 +932,7 @@ class Ldap * Returns an array containing a details or list of LDAP record(s) * ldapsearch -LLLx -hlocalhost -Dcn=admin,dc=parinux,dc=org -w password -b "ou=adherents,ou=people,dc=parinux,dc=org" userPassword * - * @param string $search Value of fiel to search, '*' for all. Not used if $activefilter is set. + * @param string $search Value of field to search, '*' for all. Not used if $activefilter is set. * @param string $userDn DN (Ex: ou=adherents,ou=people,dc=parinux,dc=org) * @param string $useridentifier Name of key field (Ex: uid) * @param array $attributeArray Array of fields required. Note this array must also contains field $useridentifier (Ex: sn,userPassword) diff --git a/htdocs/core/class/utils.class.php b/htdocs/core/class/utils.class.php index d2987e8fc63..a4f6bb11706 100644 --- a/htdocs/core/class/utils.class.php +++ b/htdocs/core/class/utils.class.php @@ -319,9 +319,9 @@ class Utils } if ($dolibarr_main_db_character_set == 'utf8mb4') { // We save output into utf8mb4 charset - $param .= " --default-character-set=utf8mb4"; + $param .= " --default-character-set=utf8mb4 --no-tablespaces"; } else { - $param .= " --default-character-set=utf8"; // We always save output into utf8 charset + $param .= " --default-character-set=utf8 --no-tablespaces"; // We always save output into utf8 charset } $paramcrypted = $param; $paramclear = $param; diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php index 303382f285b..ae260171a0b 100644 --- a/htdocs/core/lib/admin.lib.php +++ b/htdocs/core/lib/admin.lib.php @@ -1545,6 +1545,7 @@ function form_constantes($tableau, $strictw3c = 0, $helptext = '') print ''; } + print '
'; print ''; print ''; print ''; @@ -1715,6 +1716,7 @@ function form_constantes($tableau, $strictw3c = 0, $helptext = '') } } print '
'.$langs->trans("Description").'
'; + print '
'; if (!empty($strictw3c) && $strictw3c == 1) { print '
'; diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index ce5e7129bcf..7e34eec5ecd 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2232,7 +2232,8 @@ function dol_most_recent_file($dir, $regexfilter = '', $excludefilter = array('( } /** - * Security check when accessing to a document (used by document.php, viewimage.php and webservices) + * Security check when accessing to a document (used by document.php, viewimage.php and webservices to get documents). + * TODO Replace code that set $accesallowed by a call to restrictedArea() * * @param string $modulepart Module of document ('module', 'module_user_temp', 'module_user' or 'module_temp') * @param string $original_file Relative path with filename, relative to modulepart. @@ -2446,6 +2447,16 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, // Wrapping for events if ($fuser->rights->agenda->myactions->{$read}) { $accessallowed = 1; + // If we known $id of project, call checkUserAccessToObject to check permission on the given agenda event on properties and assigned users + if ($refname && !preg_match('/^specimen/i', $original_file)) { + include_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; + $tmpobject = new ActionComm($db); + $tmpobject->fetch((int) $refname); + $accessallowed = checkUserAccessToObject($user, array('agenda'), $tmpobject->id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id', ''); + if ($user->socid && $tmpobject->socid) { + $accessallowed = checkUserAccessToObject($user, array('societe'), $tmpobject->socid); + } + } } $original_file = $conf->agenda->dir_output.'/'.$original_file; } elseif ($modulepart == 'category' && !empty($conf->categorie->multidir_output[$entity])) { @@ -2612,12 +2623,26 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, // Wrapping pour les projets if ($fuser->rights->projet->{$lire} || preg_match('/^specimen/i', $original_file)) { $accessallowed = 1; + // If we known $id of project, call checkUserAccessToObject to check permission on properties and contact of project + if ($refname && !preg_match('/^specimen/i', $original_file)) { + include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; + $tmpproject = new Project($db); + $tmpproject->fetch('', $refname); + $accessallowed = checkUserAccessToObject($user, array('projet'), $tmpproject->id, 'projet&project', '', '', 'rowid', ''); + } } $original_file = $conf->projet->dir_output.'/'.$original_file; $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."projet WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('project').")"; } elseif ($modulepart == 'project_task' && !empty($conf->projet->dir_output)) { if ($fuser->rights->projet->{$lire} || preg_match('/^specimen/i', $original_file)) { $accessallowed = 1; + // If we known $id of project, call checkUserAccessToObject to check permission on properties and contact of project + if ($refname && !preg_match('/^specimen/i', $original_file)) { + include_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php'; + $tmptask = new Task($db); + $tmptask->fetch('', $refname); + $accessallowed = checkUserAccessToObject($user, array('projet_task'), $tmptask->id, 'projet&project', '', '', 'rowid', ''); + } } $original_file = $conf->projet->dir_output.'/'.$original_file; $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."projet WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('project').")"; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 48237bbc826..45d1bdca12e 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -6879,8 +6879,6 @@ function getCommonSubstitutionArray($outputlangs, $onlykey = 0, $exclude = null, // For backward compatibility $substitutionarray['__REFCLIENT__'] = (isset($object->ref_client) ? $object->ref_client : (isset($object->ref_customer) ? $object->ref_customer : null)); $substitutionarray['__REFSUPPLIER__'] = (isset($object->ref_supplier) ? $object->ref_supplier : null); - $substitutionarray['__REFCLIENT__'] = (isset($object->ref_client) ? $object->ref_client : (isset($object->ref_customer) ? $object->ref_customer : null)); - $substitutionarray['__REFSUPPLIER__'] = (isset($object->ref_supplier) ? $object->ref_supplier : null); $substitutionarray['__SUPPLIER_ORDER_DATE_DELIVERY__'] = (isset($object->date_livraison) ? dol_print_date($object->date_livraison, 'day', 0, $outputlangs) : ''); $substitutionarray['__SUPPLIER_ORDER_DELAY_DELIVERY__'] = (isset($object->availability_code) ? ($outputlangs->transnoentities("AvailabilityType".$object->availability_code) != ('AvailabilityType'.$object->availability_code) ? $outputlangs->transnoentities("AvailabilityType".$object->availability_code) : $outputlangs->convToOutputCharset(isset($object->availability) ? $object->availability : '')) : ''); diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index de4d67b1647..598802ea574 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -173,17 +173,21 @@ function dol_verifyHash($chain, $hash, $type = '0') * This method check permission on module then call checkUserAccessToObject() for permission on object (according to entity and socid of user). * * @param User $user User to check - * @param string $features Features to check (it must be module $object->element. Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...) + * @param string $features Features to check (it must be module $object->element. Can be a 'or' check with 'levela|levelb'. + * Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...) + * This is used to check permission $user->rights->features->... * @param int $objectid Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional). * @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany module. Param not used if objectid is null (optional). * @param string $feature2 Feature to check, second level of permission (optional). Can be a 'or' check with 'sublevela|sublevelb'. + * This is used to check permission $user->rights->features->feature2... * @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional) * @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional) * @param int $isdraft 1=The object with id=$objectid is a draft - * @return int Always 1, die process if not allowed + * @param int $mode Mode (0=default, 1=return with not die) + * @return int If mode = 0 (default): Always 1, die process if not allowed. If mode = 1: Return 0 if access not allowed. * @see dol_check_secure_access_document(), checkUserAccessToObject() */ -function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $isdraft = 0) +function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $isdraft = 0, $mode = 0) { global $db, $conf; global $hookmanager; @@ -228,7 +232,11 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f if (isset($hookmanager->resArray['result'])) { if ($hookmanager->resArray['result'] == 0) { - accessforbidden(); // Module returns 0, so access forbidden + if ($mode) { + return 0; + } else { + accessforbidden(); // Module returns 0, so access forbidden + } } } if ($reshook > 0) { // No other test done. @@ -343,7 +351,11 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f } if (!$readok) { - accessforbidden(); + if ($mode) { + return 0; + } else { + accessforbidden(); + } } //print "Read access is ok"; @@ -432,7 +444,11 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f } if ($wemustcheckpermissionforcreate && !$createok) { - accessforbidden(); + if ($mode) { + return 0; + } else { + accessforbidden(); + } } //print "Write access is ok"; } @@ -445,7 +461,11 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f } if (!$createuserok) { - accessforbidden(); + if ($mode) { + return 0; + } else { + accessforbidden(); + } } //print "Create user access is ok"; } @@ -520,26 +540,34 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f } if (!$deleteok && !($isdraft && $createok)) { - accessforbidden(); + if ($mode) { + return 0; + } else { + accessforbidden(); + } } //print "Delete access is ok"; } - // If we have a particular object to check permissions on, we check this object - // is linked to a company allowed to $user. + // If we have a particular object to check permissions on, we check if $user has permission + // for this given object (link to company, is contact for project, ...) if (!empty($objectid) && $objectid > 0) { $ok = checkUserAccessToObject($user, $featuresarray, $objectid, $tableandshare, $feature2, $dbt_keyfield, $dbt_select, $parentfortableentity); $params = array('objectid' => $objectid, 'features' => join(',', $featuresarray), 'features2' => $feature2); //print 'checkUserAccessToObject ok='.$ok; - return $ok ? 1 : accessforbidden('', 1, 1, 0, $params); + if ($mode) { + return $ok ? 1 : 0; + } else { + return $ok ? 1 : accessforbidden('', 1, 1, 0, $params); + } } return 1; } /** - * Check access by user to object. - * This function is also called by restrictedArea that check before if module is enabled and permissions of user compared to $action. + * Check access by user to object is ok. + * This function is also called by restrictedArea that check before if module is enabled and if permission of user for $action is ok. * * @param User $user User to check * @param array $featuresarray Features/modules to check. Example: ('user','service','member','project','task',...) @@ -552,7 +580,7 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f * @return bool True if user has access, False otherwise * @see restrictedArea() */ -function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = '', $dbt_select = 'rowid', $parenttableforentity = '') +function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = '', $dbt_select = 'rowid', $parenttableforentity = '') { global $db, $conf; @@ -686,6 +714,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; $projectstatic = new Project($db); $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0); + $tmparray = explode(',', $tmps); if (!in_array($objectid, $tmparray)) { return false; diff --git a/htdocs/core/tpl/card_presend.tpl.php b/htdocs/core/tpl/card_presend.tpl.php index 9c1387d7d58..731cc580ea1 100644 --- a/htdocs/core/tpl/card_presend.tpl.php +++ b/htdocs/core/tpl/card_presend.tpl.php @@ -76,7 +76,7 @@ if ($action == 'presend') { if (empty($object->ref_client)) { $topicmail = $outputlangs->trans($defaulttopic, '__REF__'); } elseif (!empty($object->ref_client)) { - $topicmail = $outputlangs->trans($defaulttopic, '__REF__ (__REFCLIENT__)'); + $topicmail = $outputlangs->trans($defaulttopic, '__REF__ (__REF_CLIENT__)'); } // Build document if it not exists diff --git a/htdocs/core/tpl/massactions_pre.tpl.php b/htdocs/core/tpl/massactions_pre.tpl.php index 21150d19936..4b8680e11bb 100644 --- a/htdocs/core/tpl/massactions_pre.tpl.php +++ b/htdocs/core/tpl/massactions_pre.tpl.php @@ -149,7 +149,7 @@ if ($massaction == 'presend') { $formmail->withtofree = empty($liste) ? 1 : 0; $formmail->withtocc = 1; $formmail->withtoccc = $conf->global->MAIN_EMAIL_USECCC; - $formmail->withtopic = $langs->transnoentities($topicmail, '__REF__', '__REFCLIENT__'); + $formmail->withtopic = $langs->transnoentities($topicmail, '__REF__', '__REF_CLIENT__'); $formmail->withfile = 1; // $formmail->withfile = 2; Not yet supported in mass action $formmail->withmaindocfile = 1; // Add a checkbox "Attach also main document" diff --git a/htdocs/ecm/dir_add_card.php b/htdocs/ecm/dir_add_card.php index 4cf557acde6..1416983e3a3 100644 --- a/htdocs/ecm/dir_add_card.php +++ b/htdocs/ecm/dir_add_card.php @@ -188,7 +188,7 @@ if ($action == 'add' && $permtoadd) { exit; } } -} elseif ($action == 'confirm_deletesection' && $confirm == 'yes') { +} elseif ($action == 'confirm_deletesection' && $confirm == 'yes' && $permtoadd) { // Deleting file $result = $ecmdir->delete($user); setEventMessages($langs->trans("ECMSectionWasRemoved", $ecmdir->label), null, 'mesgs'); diff --git a/htdocs/ecm/dir_card.php b/htdocs/ecm/dir_card.php index 4c93e005266..d84a7330e69 100644 --- a/htdocs/ecm/dir_card.php +++ b/htdocs/ecm/dir_card.php @@ -88,17 +88,23 @@ if ($module == 'ecm') { } // Permissions +$permtoread = 0; $permtoadd = 0; $permtoupload = 0; if ($module == 'ecm') { + $permtoread = $user->rights->ecm->read; $permtoadd = $user->rights->ecm->setup; $permtoupload = $user->rights->ecm->upload; } if ($module == 'medias') { + $permtoread = ($user->rights->mailing->lire || $user->rights->website->read); $permtoadd = ($user->rights->mailing->creer || $user->rights->website->write); $permtoupload = ($user->rights->mailing->creer || $user->rights->website->write); } +if (!$permtoread) { + accessforbidden(); +} /* @@ -106,7 +112,7 @@ if ($module == 'medias') { */ // Upload file -if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC)) { +if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC) && $permtoupload) { if (dol_mkdir($upload_dir) >= 0) { $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir."/".dol_unescapefile($_FILES['userfile']['name']), 0, 0, $_FILES['userfile']['error']); if (is_numeric($resupload) && $resupload > 0) { @@ -131,7 +137,7 @@ if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC)) { } // Remove file -if ($action == 'confirm_deletefile' && $confirm == 'yes') { +if ($action == 'confirm_deletefile' && $confirm == 'yes' && $permtoupload) { $langs->load("other"); $file = $upload_dir."/".GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). $ret = dol_delete_file($file); @@ -145,7 +151,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes') { } // Remove dir -if ($action == 'confirm_deletedir' && $confirm == 'yes') { +if ($action == 'confirm_deletedir' && $confirm == 'yes' && $permtoupload) { $backtourl = DOL_URL_ROOT."/ecm/index.php"; if ($module == 'medias') { $backtourl = DOL_URL_ROOT."/website/index.php?file_manager=1"; @@ -181,7 +187,7 @@ if ($action == 'confirm_deletedir' && $confirm == 'yes') { } // Update dirname or description -if ($action == 'update' && !GETPOST('cancel', 'alpha')) { +if ($action == 'update' && !GETPOST('cancel', 'alpha') && $permtoadd) { $error = 0; if ($module == 'ecm') { diff --git a/htdocs/ecm/file_card.php b/htdocs/ecm/file_card.php index 93885c2843a..14bc7e377f0 100644 --- a/htdocs/ecm/file_card.php +++ b/htdocs/ecm/file_card.php @@ -36,10 +36,6 @@ $action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); -if (!$user->rights->ecm->setup) { - accessforbidden(); -} - // Get parameters $socid = GETPOST("socid", "int"); @@ -105,6 +101,14 @@ if ($result < 0) { exit; } +// Permissions +$permtoread = $user->rights->ecm->read; +$permtoadd = $user->rights->ecm->setup; +$permtoupload = $user->rights->ecm->upload; + +if (!$permtoread) { + accessforbidden(); +} /* @@ -123,7 +127,7 @@ if ($cancel) { } // Rename file -if ($action == 'update') { +if ($action == 'update' && $permtoadd) { $error = 0; $oldlabel = GETPOST('urlfile', 'alpha'); diff --git a/htdocs/ecm/file_note.php b/htdocs/ecm/file_note.php index d2f3f7b4792..505e432f982 100644 --- a/htdocs/ecm/file_note.php +++ b/htdocs/ecm/file_note.php @@ -22,7 +22,7 @@ /** * \file htdocs/ecm/file_note.php * \ingroup ecm - * \brief Fiche de notes sur une ecm file + * \brief Tab for notes on an ECM file */ require '../main.inc.php'; @@ -39,10 +39,6 @@ $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); $action = GETPOST('action', 'aZ09'); -if (!$user->rights->ecm->setup) { - accessforbidden(); -} - // Get parameters $socid = GETPOST("socid", "int"); // Security check @@ -109,6 +105,13 @@ if ($result < 0) { $permissionnote = $user->rights->ecm->setup; // Used by the include of actions_setnotes.inc.php +$permtoread = $user->rights->ecm->read; + +if (!$permtoread) { + accessforbidden(); +} + + /* * Actions */ diff --git a/htdocs/ecm/index.php b/htdocs/ecm/index.php index 26bf242b0f2..3a8d33343c7 100644 --- a/htdocs/ecm/index.php +++ b/htdocs/ecm/index.php @@ -34,12 +34,6 @@ require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php'; // Load translation files required by the page $langs->loadLangs(array("ecm", "companies", "other", "users", "orders", "propal", "bills", "contracts")); -// Security check -if ($user->socid) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'ecm', 0); - // Get parameters $socid = GETPOST('socid', 'int'); $action = GETPOST('action', 'aZ09'); @@ -81,6 +75,12 @@ $userstatic = new User($db); $error = 0; +// Security check +if ($user->socid) { + $socid = $user->socid; +} +$result = restrictedArea($user, 'ecm', 0); + /* * Actions diff --git a/htdocs/ecm/index_auto.php b/htdocs/ecm/index_auto.php index bcfff8aa2da..d54dcf14d1e 100644 --- a/htdocs/ecm/index_auto.php +++ b/htdocs/ecm/index_auto.php @@ -440,15 +440,13 @@ if (empty($action) || $action == 'file_manager' || preg_match('/refresh/i', $act continue; // If condition to show is ok } - $var = false; - print '		".dol_print_phone($obj->office_phone, $obj->country_code, 0, $obj->rowid, 'AC_TEL', ' ', 'phone')."