diff --git a/htdocs/compta/facture/invoicetemplate_list.php b/htdocs/compta/facture/invoicetemplate_list.php index addac069636..4209d956f22 100644 --- a/htdocs/compta/facture/invoicetemplate_list.php +++ b/htdocs/compta/facture/invoicetemplate_list.php @@ -56,7 +56,6 @@ $mode = GETPOST('mode', 'aZ'); // The output mode ('list', 'kanban', 'hier $socid = GETPOST('socid', 'int'); -// Security check $id = (GETPOST('facid', 'int') ?GETPOST('facid', 'int') : GETPOST('id', 'int')); $lineid = GETPOST('lineid', 'int'); $ref = GETPOST('ref', 'alpha'); @@ -140,7 +139,7 @@ $arrayfields = array( 'f.titre'=>array('label'=>"Ref", 'checked'=>1), 's.nom'=>array('label'=>"ThirdParty", 'checked'=>1), 'f.total_ht'=>array('label'=>"AmountHT", 'checked'=>1), - 'f.total_tva'=>array('label'=>"AmountVAT", 'checked'=>1), + 'f.total_tva'=>array('label'=>"AmountVAT", 'checked'=>-1), 'f.total_ttc'=>array('label'=>"AmountTTC", 'checked'=>1), 'f.fk_mode_reglement'=>array('label'=>"PaymentMode", 'checked'=>0), 'f.fk_cond_reglement'=>array('label'=>"PaymentTerm", 'checked'=>0), @@ -184,6 +183,7 @@ $permissionnote = $user->hasRight('facture', 'creer'); // Used by the include of $permissiondellink = $user->hasRight('facture', 'creer'); // Used by the include of actions_dellink.inc.php $permissiontoedit = $user->hasRight('facture', 'creer'); // Used by the include of actions_lineupdonw.inc.php +// Security check $result = restrictedArea($user, 'facture', $object->id, $objecttype); diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index 293efbe751c..3bbb40737e0 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -126,7 +126,7 @@ class ExtraFields * @param array|string $param Params for field (ex for select list : array('options' => array(value'=>'label of option')) ) * @param int $alwayseditable Is attribute always editable regardless of the document status * @param string $perms Permission to check - * @param string $list Visibilty ('0'=never visible, '1'=visible on list+forms, '2'=list only, '3'=form only or 'eval string') + * @param string $list Visibility ('0'=never visible, '1'=visible on list+forms, '2'=list only, '3'=form only or 'eval string') * @param string $help Text with help tooltip * @param string $computed Computed value * @param string $entity Entity of extrafields (for multicompany modules)