lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/develop' into 14a28

Browse Source
This commit is contained in:
Alexandre SPANGARO 2021-03-27 04:12:15 +01:00
commit 6809dab2c0
157 changed files with 2113 additions and 812 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
SECURITY.md
View File

@ -12,7 +12,7 @@ This file contains some policies about the security reports on Dolibarr ERP CRM
## Reporting a Vulnerability
To report a vulnerability, please use GitHub security advisory at https://github.com/Dolibarr/dolibarr/security/advisories/new (or alternatively send an email to security@dolibarr.org)
To report a vulnerability, please use GitHub security advisory at https://github.com/Dolibarr/dolibarr/security/advisories/new (if you have permissions) or alternatively send an email to security@dolibarr.org (for everybody)
## Hunting vulnerabilities on Dolibarr
@ -55,7 +55,7 @@ ONLY vulnerabilities discovered, when the following setup on test platform is us
* $dolibarr_nocsrfcheck must be kept to the value 0 into conf.php (this is the default value)
* $dolibarr_main_force_https must be set to something else than 0.
* The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this protection should be set to 1 soon by default)
* The module DebugBar and ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool)
* The module DebugBar and ModuleBuilder must NOT be enabled (by default, these modules are not enabled. They are developer tools)
* ONLY security reports on modules provided by default and with the "stable" status are valid (troubles into "experimental", "developement" or external modules are not valid vulnerabilities).
* The root of web server must link to htdocs and the documents directory must be outside of the web server root (this is the default when using the default installer but may differs with external installer).
* The web server setup must be done so only the documents directory is in write mode. The root directory called htdocs must be readonly.
@ -65,12 +65,12 @@ ONLY vulnerabilities discovered, when the following setup on test platform is us
Scope is the web application (back office) and the APIs.
## Qualifying vulnerabilities for Bug bounty programs
## Qualifying vulnerabilities for reporting
* Remote code execution (RCE)
* Local files access and manipulation (LFI, RFI, XXE, SSRF, XSPA)
* Code injections (HTML, JS, SQL, PHP, ...)
* Cross-Site Scripting (XSS)
* Cross-Site Scripting (XSS), except from setup page of module "External web site" (allowing any content here, editable by admin user only, is accepted on purpose or into module "Web site" when permission to edit website content is allowed).
* Cross-Site Requests Forgery (CSRF) with real security impact (when using GET URLs, CSRF are qualified only for creating, updating or deleting data from pages restricted to admin users)
* Open redirect
* Broken authentication & session management
@ -82,7 +82,7 @@ Scope is the web application (back office) and the APIs.
* Stack traces or path disclosure (for non admin users only)
## Non-qualifying vulnerabilities for Bug bounty programs, but qualified for reporting
## Non-qualifying vulnerabilities for reporting
* "Self" XSS
* SSL/TLS best practices

4
htdocs/accountancy/admin/account.php
View File

@ -582,6 +582,10 @@ if ($resql) {
$i++;
}
if ($num == 0) {
print '<tr><td colspan="'.$totalarray['nbfield'].'"><span class="opacitymedium">'.$langs->trans("None").'</span></td></tr>';
}
print "</table>";
print "</div>";
print '</form>';

4
htdocs/accountancy/admin/accountmodel.php
View File

@ -180,10 +180,6 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
}
}
// Other checks
if ($tabname[$id] == MAIN_DB_PREFIX."c_actioncomm" && GETPOSTISSET("type") && in_array($_POST["type"], array('system', 'systemauto'))) {
$ok = 0;
setEventMessages($langs->transnoentities('ErrorReservedTypeSystemSystemAuto'), null, 'errors');
}
if (GETPOSTISSET("pcg_version")) {
if (GETPOST("pcg_version") == '0') {
$ok = 0;

2
htdocs/accountancy/admin/categories_list.php
View File

@ -185,7 +185,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
}
}
if (GETPOSTISSET("code")) {
if ($_POST["code"] == '0') {
if (GETPOST("code") == '0') {
$ok = 0;
setEventMessages($langs->transnoentities('ErrorCodeCantContainZero'), null, 'errors');
}

4
htdocs/accountancy/admin/fiscalyear_card.php
View File

@ -121,8 +121,8 @@ if ($action == 'confirm_delete' && $confirm == "yes") {
if (!GETPOST('cancel', 'alpha')) {
$result = $object->fetch($id);
$object->date_start = empty($_POST["fiscalyear"]) ? '' : $date_start;
$object->date_end = empty($_POST["fiscalyearend"]) ? '' : $date_end;
$object->date_start = GETPOST("fiscalyear") ? $date_start : '';
$object->date_end = GETPOST("fiscalyearend") ? $date_end : '';
$object->label = GETPOST('label', 'alpha');
$object->statut = GETPOST('statut', 'int');

32
htdocs/adherents/canvas/actions_adherentcard_common.class.php
View File

@ -253,23 +253,23 @@ abstract class ActionsAdherentCardCommon
// phpcs:enable
global $langs, $mysoc;
$this->object->old_name = $_POST["old_name"];
$this->object->old_firstname = $_POST["old_firstname"];
$this->object->old_name = GETPOST("old_name");
$this->object->old_firstname = GETPOST("old_firstname");
$this->object->fk_soc = $_POST["fk_soc"];
$this->object->lastname = $_POST["lastname"];
$this->object->firstname = $_POST["firstname"];
$this->object->civility_id = $_POST["civility_id"];
$this->object->address = $_POST["address"];
$this->object->zip = $_POST["zipcode"];
$this->object->town = $_POST["town"];
$this->object->country_id = $_POST["country_id"] ? $_POST["country_id"] : $mysoc->country_id;
$this->object->state_id = $_POST["state_id"];
$this->object->phone_perso = $_POST["phone_perso"];
$this->object->phone_mobile = $_POST["phone_mobile"];
$this->object->email = $_POST["email"];
$this->object->note = $_POST["note"];
$this->object->canvas = $_POST["canvas"];
$this->object->fk_soc = GETPOST("fk_soc");
$this->object->lastname = GETPOST("lastname");
$this->object->firstname = GETPOST("firstname");
$this->object->civility_id = GETPOST("civility_id");
$this->object->address = GETPOST("address");
$this->object->zip = GETPOST("zipcode");
$this->object->town = GETPOST("town");
$this->object->country_id = GETPOST("country_id", 'int') ? GETPOST("country_id", 'int') : $mysoc->country_id;
$this->object->state_id = GETPOST("state_id", 'int');
$this->object->phone_perso = GETPOST("phone_perso");
$this->object->phone_mobile = GETPOST("phone_mobile");
$this->object->email = GETPOST("email", 'alphawithlgt');
$this->object->note = GETPOST("note", 'restricthtml');
$this->object->canvas = GETPOST("canvas");
// We set country_id, and country_code label of the chosen country
if ($this->object->country_id) {

4
htdocs/adherents/class/adherent.class.php
View File

@ -1141,7 +1141,7 @@ class Adherent extends CommonObject
$this->db->begin();
// If user is linked to this member, remove old link to this member
$sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL WHERE fk_member = ".$this->id;
$sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL WHERE fk_member = ".((int) $this->id);
dol_syslog(get_class($this)."::setUserId", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1152,7 +1152,7 @@ class Adherent extends CommonObject
// Set link to user
if ($userid > 0) {
$sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".$this->id;
$sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".((int) $this->id);
$sql .= " WHERE rowid = ".$userid;
dol_syslog(get_class($this)."::setUserId", LOG_DEBUG);
$resql = $this->db->query($sql);

53
htdocs/adherents/subscription.php
View File

@ -44,6 +44,7 @@ $action = GETPOST('action', 'aZ09');
$confirm = GETPOST('confirm', 'alpha');
$rowid = GETPOST('rowid', 'int') ?GETPOST('rowid', 'int') : GETPOST('id', 'int');
$typeid = GETPOST('typeid', 'int');
$cancel = GETPOST('cancel');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
@ -148,19 +149,18 @@ if (empty($reshook) && $action == 'confirm_create_thirdparty' && $confirm == 'ye
if (empty($reshook) && $action == 'setuserid' && ($user->rights->user->self->creer || $user->rights->user->user->creer)) {
$error = 0;
if (empty($user->rights->user->user->creer)) { // If can edit only itself user, we can link to itself only
if ($_POST["userid"] != $user->id && $_POST["userid"] != $object->user_id) {
if (GETPOST("userid", 'int') != $user->id && GETPOST("userid", 'int') != $object->user_id) {
$error++;
setEventMessages($langs->trans("ErrorUserPermissionAllowsToLinksToItselfOnly"), null, 'errors');
}
}
if (!$error) {
if ($_POST["userid"] != $object->user_id) { // If link differs from currently in database
$result = $object->setUserId($_POST["userid"]);
if (GETPOST("userid", 'int') != $object->user_id) { // If link differs from currently in database
$result = $object->setUserId(GETPOST("userid", 'int'));
if ($result < 0) {
dol_print_error('', $object->error);
}
$_POST['action'] = '';
$action = '';
}
}
@ -190,14 +190,13 @@ if (empty($reshook) && $action == 'setsocid') {
if ($result < 0) {
dol_print_error('', $object->error);
}
$_POST['action'] = '';
$action = '';
}
}
}
}
if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !$_POST["cancel"]) {
if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !$cancel) {
$error = 0;
$langs->load("banks");
@ -209,25 +208,25 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
$datesubscription = 0;
$datesubend = 0;
$paymentdate = 0;
if ($_POST["reyear"] && $_POST["remonth"] && $_POST["reday"]) {
$datesubscription = dol_mktime(0, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
if (GETPOST("reyear", "int") && GETPOST("remonth", "int") && GETPOST("reday", "int")) {
$datesubscription = dol_mktime(0, 0, 0, GETPOST("remonth", "int"), GETPOST("reday", "int"), GETPOST("reyear", "int"));
}
if ($_POST["endyear"] && $_POST["endmonth"] && $_POST["endday"]) {
$datesubend = dol_mktime(0, 0, 0, $_POST["endmonth"], $_POST["endday"], $_POST["endyear"]);
if (GETPOST("endyear", 'int') && GETPOST("endmonth", 'int') && GETPOST("endday", 'int')) {
$datesubend = dol_mktime(0, 0, 0, GETPOST("endmonth", 'int'), GETPOST("endday", 'int'), GETPOST("endyear", 'int'));
}
if ($_POST["paymentyear"] && $_POST["paymentmonth"] && $_POST["paymentday"]) {
$paymentdate = dol_mktime(0, 0, 0, $_POST["paymentmonth"], $_POST["paymentday"], $_POST["paymentyear"]);
if (GETPOST("paymentyear", 'int') && GETPOST("paymentmonth", 'int') && GETPOST("paymentday", 'int')) {
$paymentdate = dol_mktime(0, 0, 0, GETPOST("paymentmonth", 'int'), GETPOST("paymentday", 'int'), GETPOST("paymentyear", 'int'));
}
$amount = price2num(GETPOST("subscription", 'alpha')); // Amount of subscription
$label = $_POST["label"];
$label = GETPOST("label");
// Payment informations
$accountid = $_POST["accountid"];
$operation = $_POST["operation"]; // Payment mode
$accountid = GETPOST("accountid", 'int');
$operation = GETPOST("operation", "alphanohtml"); // Payment mode
$num_chq = GETPOST("num_chq", "alphanohtml");
$emetteur_nom = $_POST["chqemetteur"];
$emetteur_banque = $_POST["chqbank"];
$option = $_POST["paymentsave"];
$emetteur_nom = GETPOST("chqemetteur");
$emetteur_banque = GETPOST("chqbank");
$option = GETPOST("paymentsave");
if (empty($option)) {
$option = 'none';
}
@ -267,19 +266,19 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !
$error++;
$action = 'addsubscription';
} else {
if (!empty($conf->banque->enabled) && $_POST["paymentsave"] != 'none') {
if ($_POST["subscription"]) {
if (!$_POST["label"]) {
if (!empty($conf->banque->enabled) && GETPOST("paymentsave") != 'none') {
if (GETPOST("subscription")) {
if (!GETPOST("label")) {
$errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("Label"));
}
if ($_POST["paymentsave"] != 'invoiceonly' && !$_POST["operation"]) {
if (GETPOST("paymentsave") != 'invoiceonly' && !GETPOST("operation")) {
$errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode"));
}
if ($_POST["paymentsave"] != 'invoiceonly' && !($_POST["accountid"] > 0)) {
if (GETPOST("paymentsave") != 'invoiceonly' && !(GETPOST("accountid", 'int') > 0)) {
$errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("FinancialAccount"));
}
} else {
if ($_POST["accountid"]) {
if (GETPOST("accountid")) {
$errmsg = $langs->trans("ErrorDoNotProvideAccountsIfNullAmount");
}
}
@ -453,7 +452,8 @@ if ($optioncss != '') {
if ($rowid > 0) {
$res = $object->fetch($rowid);
if ($res < 0) {
dol_print_error($db, $object->error); exit;
dol_print_error($db, $object->error);
exit;
}
$adht->fetch($object->typeid);
@ -847,7 +847,7 @@ if ($rowid > 0) {
});
';
if (GETPOST('paymentsave')) {
print '$("#'.GETPOST('paymentsave').'").prop("checked",true);';
print '$("#'.GETPOST('paymentsave', 'aZ09').'").prop("checked", true);';
}
print '});';
print '</script>'."\n";
@ -1038,6 +1038,7 @@ if ($rowid > 0) {
// Bank account
print '<tr class="bankswitchclass"><td class="fieldrequired">'.$langs->trans("FinancialAccount").'</td><td>';
print img_picto('', 'bank_account');
$form->select_comptes(GETPOST('accountid'), 'accountid', 0, '', 2);
print "</td></tr>\n";

6
htdocs/adherents/subscription/list.php
View File

@ -547,8 +547,8 @@ while ($i < min($num, $limit)) {
// Label
if (!empty($arrayfields['t.libelle']['checked'])) {
print '<td>';
print dol_trunc($obj->note, 128);
print '<td class="tdoverflowmax500" title="'.dol_escape_htmltag($obj->note).'">';
print $obj->note;
print '</td>';
if (!$i) {
$totalarray['nbfield']++;
@ -586,7 +586,7 @@ while ($i < min($num, $limit)) {
}
// Price
if (!empty($arrayfields['d.amount']['checked'])) {
print '<td class="right">'.price($obj->subscription).'</td>';
print '<td class="right amount">'.price($obj->subscription).'</td>';
if (!$i) {
$totalarray['nbfield']++;
}

4
htdocs/admin/boxes.php
View File

@ -49,8 +49,8 @@ $boxes = array();
*/
if ($action == 'addconst') {
dolibarr_set_const($db, "MAIN_BOXES_MAXLINES", $_POST["MAIN_BOXES_MAXLINES"], '', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_ACTIVATE_FILECACHE", $_POST["MAIN_ACTIVATE_FILECACHE"], 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_BOXES_MAXLINES", GETPOST("MAIN_BOXES_MAXLINES", 'int'), '', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_ACTIVATE_FILECACHE", GETPOST("MAIN_ACTIVATE_FILECACHE", 'alpha'), 'chaine', 0, '', $conf->entity);
}
if ($action == 'add') {

4
htdocs/admin/company.php
View File

@ -211,7 +211,7 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha'))
dolibarr_set_const($db, "FACTURE_LOCAL_TAX1_OPTION", $uselocaltax1, 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "FACTURE_LOCAL_TAX2_OPTION", $uselocaltax2, 'chaine', 0, '', $conf->entity);
if ($_POST["optionlocaltax1"] == "localtax1on") {
if (GETPOST("optionlocaltax1") == "localtax1on") {
if (!GETPOSTISSET('lt1')) {
dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX1", 0, 'chaine', 0, '', $conf->entity);
} else {
@ -219,7 +219,7 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha'))
}
dolibarr_set_const($db, "MAIN_INFO_LOCALTAX_CALC1", GETPOST("clt1", 'aZ09'), 'chaine', 0, '', $conf->entity);
}
if ($_POST["optionlocaltax2"] == "localtax2on") {
if (GETPOST("optionlocaltax2") == "localtax2on") {
if (!GETPOSTISSET('lt2')) {
dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX2", 0, 'chaine', 0, '', $conf->entity);
} else {

2
htdocs/admin/delais.php
View File

@ -181,7 +181,7 @@ if ($action == 'update') {
}
}
dolibarr_set_const($db, "MAIN_DISABLE_METEO", $_POST["MAIN_DISABLE_METEO"], 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_DISABLE_METEO", GETPOST("MAIN_DISABLE_METEO"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_USE_METEO_WITH_PERCENTAGE", GETPOST("MAIN_USE_METEO_WITH_PERCENTAGE"), 'chaine', 0, '', $conf->entity);
// For update value with percentage

14
htdocs/admin/dict.php
View File

@ -788,7 +788,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) {
$msg .= $langs->transnoentities('ErrorFieldFormat', $langs->transnoentities('Code')).'<br>';
}*/
}
if (GETPOSTISSET("country") && ($_POST["country"] == '0') && ($id != 2)) {
if (GETPOSTISSET("country") && (GETPOST("country") == '0') && ($id != 2)) {
if (in_array($tablib[$id], array('DictionaryCompanyType', 'DictionaryHolidayTypes'))) { // Field country is no mandatory for such dictionaries
$_POST["country"] = '';
} else {
@ -796,25 +796,25 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) {
setEventMessages($langs->transnoentities("ErrorFieldRequired", $langs->transnoentities("Country")), null, 'errors');
}
}
if (($id == 3 || $id == 42) && !is_numeric($_POST["code"])) {
if (($id == 3 || $id == 42) && !is_numeric(GETPOST("code"))) {
$ok = 0;
setEventMessages($langs->transnoentities("ErrorFieldMustBeANumeric", $langs->transnoentities("Code")), null, 'errors');
}
// Clean some parameters
if ((!empty($_POST["localtax1_type"]) || ($_POST['localtax1_type'] == '0')) && empty($_POST["localtax1"])) {
if ((GETPOST("localtax1_type") || (GETPOST('localtax1_type') == '0')) && !GETPOST("localtax1")) {
$_POST["localtax1"] = '0'; // If empty, we force to 0
}
if ((!empty($_POST["localtax2_type"]) || ($_POST['localtax2_type'] == '0')) && empty($_POST["localtax2"])) {
if ((GETPOST("localtax2_type") || (GETPOST('localtax2_type') == '0')) && !GETPOST("localtax2")) {
$_POST["localtax2"] = '0'; // If empty, we force to 0
}
if ($_POST["accountancy_code"] <= 0) {
if (GETPOST("accountancy_code") <= 0) {
$_POST["accountancy_code"] = ''; // If empty, we force to null
}
if ($_POST["accountancy_code_sell"] <= 0) {
if (GETPOST("accountancy_code_sell") <= 0) {
$_POST["accountancy_code_sell"] = ''; // If empty, we force to null
}
if ($_POST["accountancy_code_buy"] <= 0) {
if (GETPOST("accountancy_code_buy") <= 0) {
$_POST["accountancy_code_buy"] = ''; // If empty, we force to null
}
if ($id == 10 && GETPOSTISSET("code")) { // Spaces are not allowed into code for tax dictionary

1
htdocs/admin/dolistore/ajax/index.html Normal file
View File

@ -0,0 +1 @@

28
htdocs/admin/external_rss.php
View File

@ -41,7 +41,6 @@ if (!$user->admin) {
accessforbidden();
}
$def = array();
$lastexternalrss = 0;
$action = GETPOST('action', 'aZ09');
@ -56,6 +55,7 @@ $sql .= " WHERE ".$db->decrypt('name')." LIKE 'EXTERNAL_RSS_URLRSS_%'";
//print $sql;
$result = $db->query($sql); // We can't use SELECT MAX() because EXTERNAL_RSS_URLRSS_10 is lower than EXTERNAL_RSS_URLRSS_9
if ($result) {
$reg = array();
while ($obj = $db->fetch_object($result)) {
preg_match('/([0-9]+)$/i', $obj->name, $reg);
if ($reg[1] && $reg[1] > $lastexternalrss) {
@ -70,17 +70,17 @@ if ($action == 'add' || GETPOST("modify")) {
$external_rss_title = "external_rss_title_".GETPOST("norss", 'int');
$external_rss_urlrss = "external_rss_urlrss_".GETPOST("norss", 'int');
if (!empty($_POST[$external_rss_urlrss])) {
if (GETPOST($external_rss_urlrss, 'alpha')) {
$boxlabel = '(ExternalRSSInformations)';
//$external_rss_url = "external_rss_url_" . $_POST["norss"];
//$external_rss_url = "external_rss_url_" . GETPOST("norss");
$db->begin();
if ($_POST["modify"]) {
if (GETPOST("modify")) {
// Supprime boite box_external_rss de definition des boites
/* $sql = "UPDATE ".MAIN_DB_PREFIX."boxes_def";
$sql.= " SET name = '".$db->escape($boxlabel)."'";
$sql.= " WHERE file ='box_external_rss.php' AND note like '".$db->escape($_POST["norss"])." %'";
$sql.= " WHERE file ='box_external_rss.php' AND note like '".$db->escape(GETPOST("norss"))." %'";
$resql=$db->query($sql);
if (! $resql)
@ -95,13 +95,17 @@ if ($action == 'add' || GETPOST("modify")) {
$sql .= " VALUES ('box_external_rss.php','".$db->escape(GETPOST("norss", 'int').' ('.GETPOST($external_rss_title, 'alpha')).")')";
if (!$db->query($sql)) {
dol_print_error($db);
$err++;
$error++;
}
//print $sql;exit;
}
$result1 = dolibarr_set_const($db, "EXTERNAL_RSS_TITLE_".GETPOST("norss", 'int'), GETPOST($external_rss_title, 'alpha'), 'chaine', 0, '', $conf->entity);
if ($result1) {
$result2 = dolibarr_set_const($db, "EXTERNAL_RSS_URLRSS_".GETPOST("norss", 'int'), GETPOST($external_rss_urlrss, 'alpha'), 'chaine', 0, '', $conf->entity);
$consttosave = "EXTERNAL_RSS_URLRSS_".GETPOST("norss", 'int');
$urltosave = GETPOST($external_rss_urlrss, 'alpha');
$result2 = dolibarr_set_const($db, $consttosave, $urltosave, 'chaine', 0, '', $conf->entity);
//var_dump($result2);exit;
}
if ($result1 && $result2) {
@ -115,7 +119,7 @@ if ($action == 'add' || GETPOST("modify")) {
}
}
if ($_POST["delete"]) {
if (GETPOST("delete")) {
if (GETPOST("norss", 'int')) {
$db->begin();
@ -258,14 +262,14 @@ if ($resql) {
print '<tr class="oddeven">';
print "<td width=\"100px\">".$langs->trans("Title")."</td>";
print "<td><input type=\"text\" class=\"flat minwidth300\" name=\"external_rss_title_".$idrss."\" value=\"".dol_escape_htmltag($conf->global->$keyrsstitle)."\"></td>";
print '<td class="titlefield">'.$langs->trans("Title")."</td>";
print '<td><input type="text" class="flat minwidth300" name="external_rss_title_'.$idrss.'" value="'.dol_escape_htmltag($conf->global->$keyrsstitle).'"></td>';
print '</tr>'."\n";
print '<tr class="oddeven">';
print "<td>".$langs->trans("URL")."</td>";
print "<td><input type=\"text\" class=\"flat minwidth300\" name=\"external_rss_urlrss_".$idrss."\" value=\"".dol_escape_htmltag($conf->global->$keyrssurl)."\"></td>";
print '<td><input type="text" class="flat minwidth300" name="external_rss_urlrss_'.$idrss.'" value="'.dol_escape_htmltag($conf->global->$keyrssurl).'"></td>';
print '</tr>'."\n";
@ -307,7 +311,7 @@ if ($resql) {
// Active
$active = _isInBoxList($idrss, $boxlist) ? 'yes' : 'no';
print '<tr class="oddeven">';
print '<td>'.$langs->trans('WidgetEnabled').'</td>';
print '<td>'.$langs->trans('WidgetAvailable').'</td>';
print '<td>'.yn($active).'</td>';
print '</tr>'."\n";

2
htdocs/admin/ihm.php
View File

@ -96,7 +96,7 @@ if ($action == 'removebackgroundlogin' && !empty($conf->global->MAIN_LOGIN_BACKG
if ($action == 'update') {
dolibarr_set_const($db, "MAIN_LANG_DEFAULT", GETPOST("MAIN_LANG_DEFAULT", 'aZ09'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_IHM_PARAMS_REV", (int) $conf->global->MAIN_IHM_PARAMS_REV + 1, 'chaine', 0, '', $conf->entity);
//dolibarr_set_const($db, "MAIN_MULTILANGS", $_POST["MAIN_MULTILANGS"], 'chaine', 0, '', $conf->entity);
//dolibarr_set_const($db, "MAIN_MULTILANGS", GETPOST("MAIN_MULTILANGS"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_THEME", GETPOST("main_theme", 'aZ09'), 'chaine', 0, '', $conf->entity);

22
htdocs/admin/mailman.php
View File

@ -46,21 +46,27 @@ $action = GETPOST('action', 'aZ09');
$testsubscribeemail = GETPOST("testsubscribeemail");
$testunsubscribeemail = GETPOST("testunsubscribeemail");
$error = 0;
/*
* Actions
*/
// Action updated or added a constant
if ($action == 'update' || $action == 'add') {
foreach ($_POST['constname'] as $key => $val) {
$constname = $_POST["constname"][$key];
$constvalue = $_POST["constvalue"][$key];
$consttype = $_POST["consttype"][$key];
$constnote = $_POST["constnote"][$key];
$res = dolibarr_set_const($db, $constname, $constvalue, $type[$consttype], 0, $constnote, $conf->entity);
$tmparray = GETPOST('constname', 'array');
if (is_array($tmparray)) {
foreach ($tmparray as $key => $val) {
$constname = $tmparray[$key];
$constvalue = $tmparray[$key];
$consttype = $tmparray[$key];
$constnote = $tmparray[$key];
$res = dolibarr_set_const($db, $constname, $constvalue, $type[$consttype], 0, $constnote, $conf->entity);
if (!($res > 0)) {
$error++;
if (!($res > 0)) {
$error++;
}
}
}

3
htdocs/admin/mails_emailing.php
View File

@ -31,6 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$langs->loadLangs(array('companies', 'products', 'admin', 'mails', 'other', 'errors'));
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel', 'alpha');
if (!$user->admin) {
accessforbidden();
@ -59,7 +60,7 @@ complete_substitutions_array($substitutionarrayfortest, $langs);
* Actions
*/
if ($action == 'update' && empty($_POST["cancel"])) {
if ($action == 'update' && !$cancel) {
// Send mode parameters
dolibarr_set_const($db, "MAIN_MAIL_SENDMODE_EMAILING", GETPOST("MAIN_MAIL_SENDMODE_EMAILING"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_SMTP_PORT_EMAILING", GETPOST("MAIN_MAIL_SMTP_PORT_EMAILING"), 'chaine', 0, '', $conf->entity);

3
htdocs/admin/mails_ticket.php
View File

@ -31,6 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$langs->loadLangs(array('companies', 'products', 'admin', 'mails', 'other', 'errors'));
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel', 'alpha');
$usersignature = $user->signature;
// For action = test or send, we ensure that content is not html, even for signature, because this we want a test with NO html.
@ -59,7 +60,7 @@ if (!$user->admin) {
* Actions
*/
if ($action == 'update' && empty($_POST["cancel"])) {
if ($action == 'update' && !$cancel) {
// Send mode parameters
dolibarr_set_const($db, "MAIN_MAIL_SENDMODE_TICKET", GETPOST("MAIN_MAIL_SENDMODE_TICKET"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_SMTP_PORT_TICKET", GETPOST("MAIN_MAIL_SMTP_PORT_TICKET"), 'chaine', 0, '', $conf->entity);

4
htdocs/admin/menus/edit.php
View File

@ -333,8 +333,8 @@ if ($action == 'create') {
} else {
print '<select name="type" class="flat" id="topleft">';
print '<option value="">&nbsp;</option>';
print '<option value="top"'.(!empty($_POST["type"]) && $_POST["type"] == 'top' ? ' selected' : '').'>'.$langs->trans('Top').'</option>';
print '<option value="left"'.(!empty($_POST["type"]) && $_POST["type"] == 'left' ? ' selected' : '').'>'.$langs->trans('Left').'</option>';
print '<option value="top"'.(GETPOST("type") == 'top' ? ' selected' : '').'>'.$langs->trans('Top').'</option>';
print '<option value="left"'.(GETPOST("type") == 'left' ? ' selected' : '').'>'.$langs->trans('Left').'</option>';
print '</select>';
}
print '</td><td>'.$langs->trans('DetailType').'</td></tr>';

4
htdocs/admin/multicurrency.php
View File

@ -33,7 +33,7 @@ require_once DOL_DOCUMENT_ROOT.'/multicurrency/class/multicurrency.class.php';
$langs->loadLangs(array('admin', 'multicurrency'));
// Access control
if (!$user->admin) {
if (!$user->admin || empty($conf->multicurrency->enabled)) {
accessforbidden();
}
@ -45,7 +45,7 @@ $action = GETPOST('action', 'aZ09');
* Actions
*/
$reg = array();
if (preg_match('/set_([a-z0-9_\-]+)/i', $action, $reg)) {
$code = $reg[1];
$value = GETPOST($code, 'alpha');

2
htdocs/admin/sms.php
View File

@ -66,7 +66,7 @@ if ($action == 'send' && !$_POST['cancel']) {
$error = 0;
$smsfrom = '';
if (!empty($_POST["fromsms"])) {
if (GETPOST("fromsms", 'alphanohtml')) {
$smsfrom = GETPOST("fromsms", 'alphanohtml');
}
if (empty($smsfrom)) {

216
htdocs/api/admin/explorer.php
View File

@ -1,216 +0,0 @@
<?php
/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
* Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* @deprecated Old explorer. Not using Swagger. See instead explorer in htdocs/api/index.php.
*/
/**
* \defgroup api Module DolibarrApi
* \brief API loader
* Search files htdocs/<module>/class/api_<module>.class.php
* \file htdocs/api/admin/explorer.php
*/
use Luracast\Restler\Routes;
require_once '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
require_once DOL_DOCUMENT_ROOT.'/api/class/api.class.php';
require_once DOL_DOCUMENT_ROOT.'/api/class/api_access.class.php';
// Load translation files required by the page
$langs->load("admin");
/*
* View
*/
// Enable and test if module Api is enabled
if (empty($conf->global->MAIN_MODULE_API)) {
dol_syslog("Call Dolibarr API interfaces with module REST disabled");
print $langs->trans("WarningModuleNotActive", 'Api').'.<br><br>';
print $langs->trans("ToActivateModule");
exit;
}
$api = new DolibarrApi($db);
$api->r->addAPIClass('Luracast\\Restler\\Resources'); //this creates resources.json at API Root
$api->r->setSupportedFormats('JsonFormat', 'XmlFormat');
$api->r->addAuthenticationClass('DolibarrApiAccess', '');
$listofapis = array();
$modulesdir = dolGetModulesDirs();
foreach ($modulesdir as $dir) {
/*
* Search available module
*/
//dol_syslog("Scan directory ".$dir." for API modules");
$handle = @opendir(dol_osencode($dir));
if (is_resource($handle)) {
while (($file = readdir($handle)) !== false) {
if (is_readable($dir.$file) && preg_match("/^(mod.*)\.class\.php$/i", $file, $reg)) {
$modulename = $reg[1];
// Defined if module is enabled
$enabled = true;
$module = $part = $obj = strtolower(preg_replace('/^mod/i', '', $modulename));
//if ($part == 'propale') $part='propal';
if ($module == 'societe') {
$obj = 'thirdparty';
}
if ($module == 'categorie') {
$part = 'categories';
$obj = 'category';
}
if ($module == 'facture') {
$part = 'compta/facture';
$obj = 'facture';
}
if ($module == 'ficheinter') {
$obj = 'fichinter';
$part = 'fichinter';
$module = 'fichinter';
}
if (empty($conf->$module->enabled)) {
$enabled = false;
}
if ($enabled) {
/*
* If exists, load the API class for enable module
*
* Search files named api_<object>.class.php into /htdocs/<module>/class directory
*
* @todo : take care of externals module!
* @todo : use getElementProperties() function ?
*/
$dir_part = DOL_DOCUMENT_ROOT.'/'.$part.'/class/';
$handle_part = @opendir(dol_osencode($dir_part));
if (is_resource($handle_part)) {
while (($file_searched = readdir($handle_part)) !== false) {
if (is_readable($dir_part.$file_searched) && preg_match("/^api_(.*)\.class\.php$/i", $file_searched, $reg)) {
$classname = ucwords($reg[1]);
require_once $dir_part.$file_searched;
if (class_exists($classname)) {
dol_syslog("Found API classname=".$classname." into ".$dir);
$listofapis[] = $classname;
}
}
/*
if (is_readable($dir_part.$file_searched) && preg_match("/^(api_.*)\.class\.php$/i",$file_searched,$reg))
{
$classname=$reg[1];
$classname = str_replace('Api_','',ucwords($reg[1])).'Api';
//$classname = str_replace('Api_','',ucwords($reg[1]));
$classname = ucfirst($classname);
require_once $dir_part.$file_searched;
// if (class_exists($classname))
// {
// dol_syslog("Found API classname=".$classname);
// $api->r->addAPIClass($classname,'');
// require_once DOL_DOCUMENT_ROOT.'/includes/restler/framework/Luracast/Restler/Routes.php';
// $tmpclass = new ReflectionClass($classname);
// try {
// $classMetadata = CommentParser::parse($tmpclass->getDocComment());
// } catch (Exception $e) {
// throw new RestException(500, "Error while parsing comments of `$classname` class. " . $e->getMessage());
// }
// //$listofapis[]=array('classname'=>$classname, 'fullpath'=>$file_searched);
// }
}*/
}
}
}
}
}
}
}
//var_dump($listofapis);
$listofapis = Routes::toArray(); // @todo api for "status" is lost here
//var_dump($listofapis);
llxHeader();
$linkback = '<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
print load_fiche_titre($langs->trans("ApiSetup"), $linkback, 'title_setup');
// Define $urlwithroot
$urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
$urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
//$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
// Show message
print '<br>';
$message = '';
$url = '<a href="'.$urlwithroot.'/api/index.php/login?login='.urlencode($user->login).'&password=yourpassword" target="_blank">'.$urlwithroot.'/api/index.php/login?login='.urlencode($user->login).'&password=yourpassword[&reset=1]</a>';
$message .= $langs->trans("UrlToGetKeyToUseAPIs").':<br>';
$message .= img_picto('', 'globe').' '.$url;
print $message;
print '<br>';
print '<br>';
$oldclass = '';
print $langs->trans("ListOfAvailableAPIs").':<br>';
foreach ($listofapis['v1'] as $key => $val) {
if ($key == 'login') {
continue;
}
if ($key == 'index') {
continue;
}
if ($key) {
foreach ($val as $method => $val2) {
$newclass = $val2['className'];
if (preg_match('/restler/i', $newclass)) {
continue;
}
if ($oldclass != $newclass) {
print "\n<br>\n".$langs->trans("Class").': '.$newclass.'<br>'."\n";
$oldclass = $newclass;
}
//print $key.' - '.$val['classname'].' - '.$val['fullpath']." - ".DOL_MAIN_URL_ROOT.'/api/index.php/'.strtolower(preg_replace('/Api$/','',$val['classname']))."/xxx<br>\n";
$url = $urlwithroot.'/api/index.php/'.$key;
$url .= '?api_key=token';
print img_picto('', 'globe').' '.$method.' <a href="'.$url.'" target="_blank">'.$url."</a><br>\n";
}
}
}
print '<br>';
print '<br>';
print $langs->trans("OnlyActiveElementsAreExposed", DOL_URL_ROOT.'/admin/modules.php');
llxFooter();
$db->close();

87
htdocs/api/admin/explorer_withredoc.php Normal file
View File

@ -0,0 +1,87 @@
<?php
/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
* Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* @deprecated Old explorer. Not using Swagger. See instead explorer in htdocs/api/index.php.
*/
/**
* \defgroup api Module DolibarrApi
* \brief API explorer using the swagger.json file
* \file htdocs/api/admin/explorer_withredoc.php
*/
require_once '../../main.inc.php';
// Enable and test if module Api is enabled
if (empty($conf->global->MAIN_MODULE_API)) {
$langs->load("admin");
dol_syslog("Call of Dolibarr API interfaces with module API REST are disabled");
print $langs->trans("WarningModuleNotActive", 'Api').'.<br><br>';
print $langs->trans("ToActivateModule");
//session_destroy();
exit(0);
}
// Test if explorer is not disabled
if (!empty($conf->global->API_EXPLORER_DISABLED)) {
$langs->load("admin");
dol_syslog("Call Dolibarr API interfaces with module REST disabled");
print $langs->trans("WarningAPIExplorerDisabled").'.<br><br>';
//session_destroy();
exit(0);
}
// Restrict API to some IPs
if (!empty($conf->global->API_RESTRICT_ON_IP)) {
$allowedip = explode(' ', $conf->global->API_RESTRICT_ON_IP);
$ipremote = getUserRemoteIP();
if (!in_array($ipremote, $allowedip)) {
dol_syslog('Remote ip is '.$ipremote.', not into list '.$conf->global->API_RESTRICT_ON_IP);
print 'APIs are not allowed from the IP '.$ipremote;
header('HTTP/1.1 503 API not allowed from your IP '.$ipremote);
//session_destroy();
exit(0);
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>ReDoc</title>
<!-- needed for adaptive design -->
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="https://fonts.googleapis.com/css?family=Montserrat:300,400,700|Roboto:300,400,700" rel="stylesheet">
<!--
ReDoc doesn't change outer page styles
-->
<style>
body {
margin: 0;
padding: 0;
}
</style>
</head>
<body>
<redoc spec-url='<?php echo DOL_MAIN_URL_ROOT.'/api/index.php/explorer/swagger.json?DOLAPIKEY='.GETPOST('DOLAPIKEY', 'aZ09'); ?>'></redoc>
<!--<redoc spec-url='https://demo.dolibarr.org/api/index.php/explorer/swagger.json'></redoc>-->
<!--<redoc spec-url='http://petstore.swagger.io/v2/swagger.json'></redoc>-->
<script src="https://cdn.jsdelivr.net/npm/redoc/bundles/redoc.standalone.js"> </script>
</body>
</html>

8
htdocs/api/admin/index.php
View File

@ -141,7 +141,7 @@ $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domai
$message = '';
$url = $urlwithroot.'/api/index.php/login?login=<strong>auserlogin</strong>&password=<strong>thepassword</strong>[&reset=1]';
$message .= '<span class="opacitymedium">'.$langs->trans("UrlToGetKeyToUseAPIs").':</span><br>';
$message .= img_picto('', 'globe').' '.$url;
$message .= '<div class="urllink">'.img_picto('', 'globe').' '.$url.'</div>';
print $message;
print '<br>';
print '<br>';
@ -150,7 +150,11 @@ print '<br>';
print '<u>'.$langs->trans("ApiExporerIs").':</u><br>';
if (dol_is_dir(DOL_DOCUMENT_ROOT.'/includes/restler/framework/Luracast/Restler/explorer')) {
$url = DOL_MAIN_URL_ROOT.'/api/index.php/explorer';
print img_picto('', 'globe').' <a href="'.$url.'" target="_blank">'.$url."</a><br>\n";
print '<div class="urllink">'.img_picto('', 'globe').' <a href="'.$url.'" target="_blank">'.$url."</a></div><br>\n";
print '<div class="opacitymediumxxx"><br><u>'.$langs->trans("SwaggerDescriptionFile").':</u><br>';
$urlswagger = DOL_MAIN_URL_ROOT.'/api/index.php/explorer/swagger.json?DOLAPIKEY=youruserapikey';
print '<div class="urllink">'.img_picto('', 'globe').' <a href="'.$urlswagger.'" target="_blank">'.$urlswagger."</a></div><br>\n";
print '</div>';
} else {
$langs->load("errors");
print info_admin($langs->trans("ErrorNotAvailableWithThisDistribution"), 0, 0, 'error');

31
htdocs/api/index.php
View File

@ -2,6 +2,7 @@
/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
* Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2017 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2021 Alexis LAURIER <contact@alexislaurier.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -54,6 +55,12 @@ if (!empty($_SERVER['HTTP_DOLAPIENTITY'])) {
define("DOLENTITY", (int) $_SERVER['HTTP_DOLAPIENTITY']);
}
// When we request url to get the json file, we accept Cross site so we can include the descriptor into an external tool.
if (preg_match('/\/explorer\/swagger\.json/', $_SERVER["PHP_SELF"])) {
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE');
header('Access-Control-Allow-Headers: Content-Type, Authorization, api_key, DOLAPIKEY');
}
$res = 0;
if (!$res && file_exists("../main.inc.php")) {
@ -88,7 +95,7 @@ if (!empty($conf->global->MAIN_NGINX_FIX)) {
// Enable and test if module Api is enabled
if (empty($conf->global->MAIN_MODULE_API)) {
$langs->load("admin");
dol_syslog("Call Dolibarr API interfaces with module REST disabled");
dol_syslog("Call of Dolibarr API interfaces with module API REST are disabled");
print $langs->trans("WarningModuleNotActive", 'Api').'.<br><br>';
print $langs->trans("ToActivateModule");
//session_destroy();
@ -307,12 +314,28 @@ if (!empty($reg[1]) && ($reg[1] != 'explorer' || ($reg[2] != '/swagger.json' &&
//var_dump($api->r->apiVersionMap);
//exit;
// We do not want that restler output data if we use native compression (default behaviour) but we want to have it returned into a string.
Luracast\Restler\Defaults::$returnResponse = (empty($conf->global->API_DISABLE_COMPRESSION) && !empty($_SERVER['HTTP_ACCEPT_ENCODING']));
// Call API (we suppose we found it).
// The handle will use the file api/temp/routes.php to get data to run the API. If the file exists and the entry for API is not found, it will return 404.
$result = $api->r->handle();
//Luracast\Restler\Defaults::$returnResponse = true;
//print $api->r->handle();
if (Luracast\Restler\Defaults::$returnResponse) {
// We try to compress data
if (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'br') !== false && is_callable('brotli_compress')) {
header('Content-Encoding: br');
$result = brotli_compress($result, 11, BROTLI_TEXT);
} elseif (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'bz') !== false && is_callable('bzcompress')) {
header('Content-Encoding: bz');
$result = bzcompress($result, 9);
} elseif (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false && is_callable('gzencode')) {
header('Content-Encoding: gzip');
$result = gzencode($result, 9);
}
$api->r->handle();
// Restler did not output data yet, we return it now
echo $result;
}
//session_destroy();

2
htdocs/bookmarks/bookmarks.lib.php
View File

@ -53,7 +53,7 @@ function printDropdownBookmarksList()
if (is_array($_POST)) {
foreach ($_POST as $key => $val) {
if (preg_match('/^search_/', $key) && $val != '') {
$tmpurl .= ($tmpurl ? '&' : '').$key.'='.$val;
$tmpurl .= ($tmpurl ? '&' : '').http_build_query(array($key => $val));
}
}
}

5
htdocs/categories/class/categorie.class.php
View File

@ -1520,7 +1520,6 @@ class Categorie extends CommonObject
return $cats;
}
/**
* Returns categories whose id or name match
* add wildcards in the name unless $exact = true
@ -1555,7 +1554,7 @@ class Categorie extends CommonObject
$sql .= " AND entity IN (".getEntity('category').")";
if ($nom) {
if (!$exact) {
$nom = '%'.str_replace('*', '%', $nom).'%';
$nom = '%'.$this->db->escape(str_replace('*', '%', $nom)).'%';
}
if (!$case) {
$sql .= " AND label LIKE '".$this->db->escape($nom)."'";
@ -1564,7 +1563,7 @@ class Categorie extends CommonObject
}
}
if ($id) {
$sql .= " AND rowid = '".$id."'";
$sql .= " AND rowid = ".((int) $id);
}
$res = $this->db->query($sql);

1
htdocs/categories/edit.php
View File

@ -99,7 +99,6 @@ if ($action == 'update' && $user->rights->categorie->creer) {
$object->visible = $visible;
$object->fk_parent = $parent != -1 ? $parent : 0;
if (empty($object->label)) {
$error++;
$action = 'edit';

8
htdocs/categories/index.php
View File

@ -116,15 +116,15 @@ if (empty($nosearch)) {
print '<tr class="liste_titre"><td colspan="2">'.$langs->trans("FoundCats").'</td></tr>';
foreach ($cats as $cat) {
$color = $categstatic->color ? ' style="background: #'.sprintf("%06s", $categstatic->color).';"' : ' style="background: #bbb"';
print "\t".'<tr class="oddeven">'."\n";
print "\t\t<td>";
$categstatic->id = $cat->id;
$categstatic->ref = $cat->label;
$categstatic->label = $cat->label;
$categstatic->type = $cat->type;
$categstatic->color = $cat->color;
$color = $categstatic->color ? ' style="background: #'.sprintf("%06s", $categstatic->color).';"' : ' style="background: #bbb"';
print "\t".'<tr class="oddeven">'."\n";
print "\t\t<td>";
print '<span class="noborderoncategories"'.$color.'>';
print $categstatic->getNomUrl(1, '');
print '</span>';

2
htdocs/categories/photos.php
View File

@ -66,7 +66,7 @@ $upload_dir = $conf->categorie->multidir_output[$object->entity];
* Actions
*/
if (isset($_FILES['userfile']) && $_FILES['userfile']['size'] > 0 && $_POST["sendit"] && !empty($conf->global->MAIN_UPLOAD_DOC)) {
if (isset($_FILES['userfile']) && $_FILES['userfile']['size'] > 0 && GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC)) {
if ($object->id) {
$file = $_FILES['userfile'];
if (is_array($file['name']) && count($file['name']) > 0) {

2
htdocs/comm/card.php
View File

@ -162,7 +162,7 @@ if (empty($reshook)) {
// set accountancy code
if ($action == 'setcustomeraccountancycode') {
$result = $object->fetch($id);
$object->code_compta = $_POST["customeraccountancycode"];
$object->code_compta = GETPOST("customeraccountancycode");
$result = $object->update($object->id, $user, 1, 1, 0);
if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');

2
htdocs/comm/mailing/advtargetemailing.php
View File

@ -397,7 +397,7 @@ if ($action == 'delete') {
}
}
if ($_POST["button_removefilter"]) {
if (GETPOST("button_removefilter")) {
$search_nom = '';
$search_prenom = '';
$search_email = '';

11
htdocs/comm/mailing/card.php
View File

@ -46,6 +46,7 @@ if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AU
$id = (GETPOST('mailid', 'int') ? GETPOST('mailid', 'int') : GETPOST('id', 'int'));
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel');
$confirm = GETPOST('confirm', 'alpha');
$urlfrom = GETPOST('urlfrom');
@ -393,12 +394,12 @@ if (empty($reshook)) {
}
// Action send test emailing
if ($action == 'send' && empty($_POST["cancel"])) {
if ($action == 'send' && ! $cancel) {
$error = 0;
$upload_dir = $conf->mailing->dir_output."/".get_exdir($object->id, 2, 0, 1, $object, 'mailing');
$object->sendto = $_POST["sendto"];
$object->sendto = GETPOST("sendto", 'alphawithlgt');
if (!$object->sendto) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("MailTo")), null, 'errors');
$error++;
@ -537,7 +538,7 @@ if (empty($reshook)) {
}
// Action of file remove
if (!empty($_POST["removedfile"])) {
if (GETPOST("removedfile")) {
$upload_dir = $conf->mailing->dir_output."/".get_exdir($object->id, 2, 0, 1, $object, 'mailing');
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
@ -548,7 +549,7 @@ if (empty($reshook)) {
}
// Action of emailing update
if ($action == 'update' && empty($_POST["removedfile"]) && empty($_POST["cancel"])) {
if ($action == 'update' && !GETPOST("removedfile") && !$cancel) {
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$isupload = 0;
@ -643,7 +644,7 @@ if (empty($reshook)) {
}
}
if (!empty($_POST["cancel"])) {
if ($cancel) {
$action = '';
}
}

7
htdocs/comm/multiprix.php
View File

@ -30,6 +30,9 @@ require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
// Load translation files required by the page
$langs->loadLangs(array('orders', 'companies'));
$action = GETPOST('action', 'alpha');
$cancel = GETPOST('cancel', 'alpha');
$id = GETPOST('id', 'int');
$_socid = GETPOST("id", 'int');
// Security check
@ -42,10 +45,10 @@ if ($user->socid > 0) {
* Actions
*/
if ($_POST["action"] == 'setpricelevel') {
if ($action == 'setpricelevel') {
$soc = new Societe($db);
$soc->fetch($id);
$soc->set_price_level($_POST["price_level"], $user);
$soc->set_price_level(GETPOST("price_level"), $user);
header("Location: multiprix.php?id=".$id);
exit;

4
htdocs/comm/propal/card.php
View File

@ -775,9 +775,9 @@ if (empty($reshook)) {
$object->generateDocument($object->model_pdf, $outputlangs, $hidedetails, $hidedesc, $hideref);
}
} elseif ($action == "setabsolutediscount" && $usercancreate) {
if ($_POST["remise_id"]) {
if (GETPOST("remise_id", "int")) {
if ($object->id > 0) {
$result = $object->insert_discount($_POST["remise_id"]);
$result = $object->insert_discount(GETPOST("remise_id", "int"));
if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');
}

2
htdocs/compta/bank/bankentries_list.php
View File

@ -245,7 +245,7 @@ if ((GETPOST('confirm_savestatement', 'alpha') || GETPOST('confirm_reconcile', '
foreach ($rowids as $row) {
if ($row > 0) {
$result = $bankline->fetch($row);
$bankline->num_releve = $num_releve; //$_POST["num_releve"];
$bankline->num_releve = $num_releve; // GETPOST("num_releve");
$result = $bankline->update_conciliation($user, GETPOST("cat"), GETPOST('confirm_reconcile', 'alpha') ? 1 : 0); // If we confirm_reconcile, we set flag 'rappro' to 1.
if ($result < 0) {
setEventMessages($bankline->error, $bankline->errors, 'errors');

49
htdocs/compta/bank/card.php
View File

@ -87,18 +87,18 @@ if ($action == 'add') {
$object->ref = dol_string_nospecial(trim(GETPOST('ref', 'alpha')));
$object->label = trim(GETPOST("label", 'alphanohtml'));
$object->courant = $_POST["type"];
$object->clos = $_POST["clos"];
$object->courant = GETPOST("type");
$object->clos = GETPOST("clos");
$object->rappro = (GETPOST("norappro", 'alpha') ? 0 : 1);
$object->url = trim(GETPOST("url", 'alpha'));
$object->bank = trim($_POST["bank"]);
$object->code_banque = trim($_POST["code_banque"]);
$object->code_guichet = trim($_POST["code_guichet"]);
$object->number = trim($_POST["number"]);
$object->cle_rib = trim($_POST["cle_rib"]);
$object->bic = trim($_POST["bic"]);
$object->iban = trim($_POST["iban"]);
$object->bank = trim(GETPOST("bank"));
$object->code_banque = trim(GETPOST("code_banque"));
$object->code_guichet = trim(GETPOST("code_guichet"));
$object->number = trim(GETPOST("number"));
$object->cle_rib = trim(GETPOST("cle_rib"));
$object->bic = trim(GETPOST("bic"));
$object->iban = trim(GETPOST("iban"));
$object->domiciliation = trim(GETPOST("domiciliation", "nohtml"));
$object->proprio = trim(GETPOST("proprio", 'alphanohtml'));
@ -120,10 +120,10 @@ if ($action == 'add') {
$object->fk_accountancy_journal = $fk_accountancy_journal;
}
$object->solde = $_POST["solde"];
$object->solde = price2num(GETPOST("solde"));
$object->date_solde = dol_mktime(12, 0, 0, GETPOST("remonth", 'int'), GETPOST('reday', 'int'), GETPOST("reyear", 'int'));
$object->currency_code = trim($_POST["account_currency_code"]);
$object->currency_code = trim(GETPOST("account_currency_code"));
$object->state_id = GETPOST("account_state_id", 'int');
$object->country_id = GETPOST("account_country_id", 'int');
@ -187,18 +187,18 @@ if ($action == 'update') {
$object->ref = dol_string_nospecial(trim(GETPOST('ref', 'alpha')));
$object->label = trim(GETPOST("label", 'alphanohtml'));
$object->courant = $_POST["type"];
$object->clos = $_POST["clos"];
$object->courant = GETPOST("type");
$object->clos = GETPOST("clos");
$object->rappro = (GETPOST("norappro", 'alpha') ? 0 : 1);
$object->url = trim(GETPOST("url", 'alpha'));
$object->bank = trim($_POST["bank"]);
$object->code_banque = trim($_POST["code_banque"]);
$object->code_guichet = trim($_POST["code_guichet"]);
$object->number = trim($_POST["number"]);
$object->cle_rib = trim($_POST["cle_rib"]);
$object->bic = trim($_POST["bic"]);
$object->iban = trim($_POST["iban"]);
$object->bank = trim(GETPOST("bank"));
$object->code_banque = trim(GETPOST("code_banque"));
$object->code_guichet = trim(GETPOST("code_guichet"));
$object->number = trim(GETPOST("number"));
$object->cle_rib = trim(GETPOST("cle_rib"));
$object->bic = trim(GETPOST("bic"));
$object->iban = trim(GETPOST("iban"));
$object->domiciliation = trim(GETPOST("domiciliation", "nohtml"));
$object->proprio = trim(GETPOST("proprio", 'alphanohtml'));
@ -220,7 +220,7 @@ if ($action == 'update') {
$object->fk_accountancy_journal = $fk_accountancy_journal;
}
$object->currency_code = trim($_POST["account_currency_code"]);
$object->currency_code = trim(GETPOST("account_currency_code"));
$object->state_id = GETPOST("account_state_id", 'int');
$object->country_id = GETPOST("account_country_id", 'int');
@ -274,7 +274,7 @@ if ($action == 'update') {
}
}
if ($action == 'confirm_delete' && $_POST["confirm"] == "yes" && $user->rights->banque->configurer) {
if ($action == 'confirm_delete' && GETPOST("confirm") == "yes" && $user->rights->banque->configurer) {
// Delete
$object = new Account($db);
$object->fetch(GETPOST("id", "int"));
@ -462,7 +462,8 @@ if ($action == 'create') {
print '</table>';
print '<br>';
if ($_POST["type"] == Account::TYPE_SAVINGS || $_POST["type"] == Account::TYPE_CURRENT) {
$type = GETPOST('type');
if ($type == Account::TYPE_SAVINGS || $type == Account::TYPE_CURRENT) {
print '<table class="border centpercent">';
// If bank account
@ -988,7 +989,7 @@ if ($action == 'create') {
print '</table>';
if ($_POST["type"] == Account::TYPE_SAVINGS || $_POST["type"] == Account::TYPE_CURRENT) {
if (GETPOST("type") == Account::TYPE_SAVINGS || GETPOST("type") == Account::TYPE_CURRENT) {
print '<br>';
//print '<div class="underbanner clearboth"></div>';

10
htdocs/compta/bank/line.php
View File

@ -140,9 +140,9 @@ if ($user->rights->banque->modifier && $action == "update") {
if (!$error) {
$db->begin();
$amount = price2num($_POST['amount']);
$dateop = dol_mktime(12, 0, 0, $_POST["dateomonth"], $_POST["dateoday"], $_POST["dateoyear"]);
$dateval = dol_mktime(12, 0, 0, $_POST["datevmonth"], $_POST["datevday"], $_POST["datevyear"]);
$amount = price2num(GETPOST('amount'));
$dateop = dol_mktime(12, 0, 0, GETPOST("dateomonth"), GETPOST("dateoday"), GETPOST("dateoyear"));
$dateval = dol_mktime(12, 0, 0, GETPOST("datevmonth"), GETPOST("datevday"), GETPOST("datevyear"));
$sql = "UPDATE ".MAIN_DB_PREFIX."bank";
$sql .= " SET ";
// Always opened
@ -212,8 +212,8 @@ if ($user->rights->banque->modifier && $action == "update") {
// Reconcile
if ($user->rights->banque->consolidate && ($action == 'num_releve' || $action == 'setreconcile')) {
$num_rel = trim($_POST["num_rel"]);
$rappro = $_POST['reconciled'] ? 1 : 0;
$num_rel = trim(GETPOST("num_rel"));
$rappro = GETPOST('reconciled') ? 1 : 0;
// Check parameters
if ($rappro && empty($num_rel)) {

43
htdocs/compta/charges/index.php
View File

@ -30,6 +30,7 @@
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/compta/tva/class/tva.class.php';
require_once DOL_DOCUMENT_ROOT.'/compta/tva/class/paymentvat.class.php';
require_once DOL_DOCUMENT_ROOT.'/compta/sociales/class/chargesociales.class.php';
require_once DOL_DOCUMENT_ROOT.'/compta/sociales/class/paymentsocialcontribution.class.php';
require_once DOL_DOCUMENT_ROOT.'/salaries/class/salary.class.php';
@ -83,6 +84,7 @@ if (!$sortorder) {
*/
$tva_static = new Tva($db);
$ptva_static = new PaymentVat($db);
$socialcontrib = new ChargeSociales($db);
$payment_sc_static = new PaymentSocialContribution($db);
$sal_static = new Salary($db);
@ -132,7 +134,7 @@ print "<br>";
if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) {
// Social contributions only
print load_fiche_titre($langs->trans("SocialContributionsPayments").($year ? ' ('.$langs->trans("Year").' '.$year.')' : ''), '', '');
print load_fiche_titre($langs->trans("SocialContributions").($year ? ' ('.$langs->trans("Year").' '.$year.')' : ''), '', '');
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
@ -269,22 +271,23 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) {
$tva = new Tva($db);
print load_fiche_titre($langs->trans("VATPayments").($year ? ' ('.$langs->trans("Year").' '.$year.')' : ''), '', '');
print load_fiche_titre($langs->trans("VATDeclarations").($year ? ' ('.$langs->trans("Year").' '.$year.')' : ''), '', '');
$sql = "SELECT pv.rowid, pv.amount, pv.label, pv.datev as dm, pv.fk_bank,";
$sql = "SELECT ptva.rowid, pv.rowid as id_tva, pv.amount as amount_tva, ptva.amount, pv.label, pv.datev as dm, ptva.datep as date_payment, ptva.fk_bank,";
$sql .= " pct.code as payment_code,";
$sql .= " ba.rowid as bid, ba.ref as bref, ba.number as bnumber, ba.account_number, ba.fk_accountancy_journal, ba.label as blabel";
$sql .= " FROM ".MAIN_DB_PREFIX."tva as pv";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON pv.fk_bank = b.rowid";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."payment_vat as ptva ON (ptva.fk_tva = pv.rowid)";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON (ptva.fk_bank = b.rowid)";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_account as ba ON b.fk_account = ba.rowid";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pct ON pv.fk_typepayment = pct.id";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pct ON ptva.fk_typepaiement = pct.id";
$sql .= " WHERE pv.entity IN (".getEntity("tax").")";
if ($year > 0) {
// Si period renseignee on l'utilise comme critere de date, sinon on prend date echeance,
// ceci afin d'etre compatible avec les cas ou la periode n'etait pas obligatoire
$sql .= " AND pv.datev between '".$db->idate(dol_get_first_day($year, 1, false))."' AND '".$db->idate(dol_get_last_day($year, 12, false))."'";
}
if (preg_match('/^pv\./', $sortfield)) {
if (preg_match('/^pv\./', $sortfield) || preg_match('/^ptva\./', $sortfield)) {
$sql .= $db->order($sortfield, $sortorder);
}
@ -298,13 +301,13 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) {
print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "pv.datev", "", $param, 'width="140px"', $sortfield, $sortorder);
print_liste_field_titre("Label", $_SERVER["PHP_SELF"], "pv.label", "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("ExpectedToPay", $_SERVER["PHP_SELF"], "pv.amount", "", $param, 'class="right"', $sortfield, $sortorder);
print_liste_field_titre("RefPayment", $_SERVER["PHP_SELF"], "pv.rowid", "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "pv.datev", "", $param, 'align="center"', $sortfield, $sortorder);
print_liste_field_titre("RefPayment", $_SERVER["PHP_SELF"], "ptva.rowid", "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "ptva.datep", "", $param, 'align="center"', $sortfield, $sortorder);
print_liste_field_titre("Type", $_SERVER["PHP_SELF"], "pct.code", "", $param, '', $sortfield, $sortorder);
if (!empty($conf->banque->enabled)) {
print_liste_field_titre("Account", $_SERVER["PHP_SELF"], "ba.label", "", $param, "", $sortfield, $sortorder);
}
print_liste_field_titre("PayedByThisPayment", $_SERVER["PHP_SELF"], "pv.amount", "", $param, 'class="right"', $sortfield, $sortorder);
print_liste_field_titre("PayedByThisPayment", $_SERVER["PHP_SELF"], "ptva.amount", "", $param, 'class="right"', $sortfield, $sortorder);
print "</tr>\n";
$var = 1;
while ($i < $num) {
@ -316,17 +319,19 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) {
print '<tr class="oddeven">';
print '<td class="left">'.dol_print_date($db->jdate($obj->dm), 'day').'</td>'."\n";
print "<td>".$obj->label."</td>\n";
$tva_static->id = $obj->id_tva;
$tva_static->ref = $obj->label;
print "<td>".$tva_static->getNomUrl(1)."</td>\n";
print '<td class="right">'.price($obj->amount)."</td>";
print '<td class="right">'.price($obj->amount_tva)."</td>";
// Ref payment
$tva_static->id = $obj->rowid;
$tva_static->ref = $obj->rowid;
print '<td class="left">'.$tva_static->getNomUrl(1)."</td>\n";
$ptva_static->id = $obj->rowid;
$ptva_static->ref = $obj->rowid;
print '<td class="left">'.$ptva_static->getNomUrl(1)."</td>\n";
// Date
print '<td class="center">'.dol_print_date($db->jdate($obj->dm), 'day')."</td>\n";
print '<td class="center">'.dol_print_date($db->jdate($obj->date_payment), 'day')."</td>\n";
// Type payment
print '<td>';
@ -360,7 +365,7 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) {
$i++;
}
print '<tr class="liste_total"><td colspan="2">'.$langs->trans("Total").'</td>';
print '<td class="right">'.price($total).'</td>';
print '<td>&nbsp;</td>';
print '<td>&nbsp;</td>';
print '<td>&nbsp;</td>';
print '<td>&nbsp;</td>';
@ -440,9 +445,9 @@ while ($j < $numlt) {
print '<td class="right">'.price($obj->amount)."</td>";
// Ref payment
$tva_static->id = $obj->rowid;
$tva_static->ref = $obj->rowid;
print '<td class="left">'.$tva_static->getNomUrl(1)."</td>\n";
$ptva_static->id = $obj->rowid;
$ptva_static->ref = $obj->rowid;
print '<td class="left">'.$ptva_static->getNomUrl(1)."</td>\n";
print '<td class="center">'.dol_print_date($db->jdate($obj->dp), 'day')."</td>\n";
print '<td class="right">'.price($obj->amount)."</td>";

8
htdocs/compta/facture/class/facture.class.php
View File

@ -5367,9 +5367,11 @@ class FactureLigne extends CommonInvoiceLine
return -1;
}
// if buy price not defined, define buyprice as configured in margin admin
// if buy price not provided, define buyprice as configured in margin admin
if ($this->pa_ht == 0 && $pa_ht_isemptystring) {
if (($result = $this->defineBuyPrice($this->subprice, $this->remise_percent, $this->fk_product)) < 0) {
// We call defineBuyPrice only if data was not provided (if input was '0', we will not go here and value will remaine '0')
$result = $this->defineBuyPrice($this->subprice, $this->remise_percent, $this->fk_product);
if ($result < 0) {
return $result;
} else {
$this->pa_ht = $result;
@ -5410,7 +5412,7 @@ class FactureLigne extends CommonInvoiceLine
$sql .= ", total_localtax2=".price2num($this->total_localtax2);
}
$sql .= ", fk_product_fournisseur_price=".(!empty($this->fk_fournprice) ? "'".$this->db->escape($this->fk_fournprice)."'" : "null");
$sql .= ", buy_price_ht='".price2num($this->pa_ht)."'";
$sql .= ", buy_price_ht=".(($this->pa_ht || $this->pa_ht === 0 || $this->pa_ht === '0') ? price2num($this->pa_ht) : "null"); // $this->pa_ht should always be defined (set to 0 or to sell price depending on option)
$sql .= ", fk_parent_line=".($this->fk_parent_line > 0 ? $this->fk_parent_line : "null");
if (!empty($this->rang)) {
$sql .= ", rang=".$this->rang;

16
htdocs/compta/localtax/card.php
View File

@ -33,6 +33,8 @@ $langs->loadLangs(array('compta', 'banks', 'bills'));
$id = GETPOST("id", 'int');
$action = GETPOST("action", "alpha");
$cancel = GETPOST('cancel');
$refund = GETPOST("refund", "int");
if (empty($refund)) {
$refund = 0;
@ -57,18 +59,18 @@ $hookmanager->initHooks(array('localtaxvatcard', 'globalcard'));
* Actions
*/
if ($_POST["cancel"] == $langs->trans("Cancel") && !$id) {
if ($cancel && !$id) {
header("Location: list.php?localTaxType=".$lttype);
exit;
}
if ($action == 'add' && $_POST["cancel"] <> $langs->trans("Cancel")) {
if ($action == 'add' && $cancel) {
$db->begin();
$datev = dol_mktime(12, 0, 0, $_POST["datevmonth"], $_POST["datevday"], $_POST["datevyear"]);
$datep = dol_mktime(12, 0, 0, $_POST["datepmonth"], $_POST["datepday"], $_POST["datepyear"]);
$datev = dol_mktime(12, 0, 0, GETPOST("datevmonth"), GETPOST("datevday"), GETPOST("datevyear"));
$datep = dol_mktime(12, 0, 0, GETPOST("datepmonth"), GETPOST("datepday"), GETPOST("datepyear"));
$object->accountid = GETPOST("accountid");
$object->accountid = GETPOST("accountid", 'int');
$object->paymenttype = GETPOST("paiementtype");
$object->datev = $datev;
$object->datep = $datep;
@ -165,14 +167,14 @@ if ($action == 'create') {
print '</td></tr>';
// Label
print '<tr><td class="fieldrequired">'.$langs->trans("Label").'</td><td><input name="label" class="minwidth200" value="'.($_POST["label"] ?GETPOST("label", '', 2) : $langs->transcountry(($lttype == 2 ? "LT2Payment" : "LT1Payment"), $mysoc->country_code)).'"></td></tr>';
print '<tr><td class="fieldrequired">'.$langs->trans("Label").'</td><td><input name="label" class="minwidth200" value="'.(GETPOSTISSET("label") ? GETPOST("label", '', 2) : $langs->transcountry(($lttype == 2 ? "LT2Payment" : "LT1Payment"), $mysoc->country_code)).'"></td></tr>';
// Amount
print '<tr><td class="fieldrequired">'.$langs->trans("Amount").'</td><td><input name="amount" size="10" value="'.GETPOST("amount").'"></td></tr>';
if (!empty($conf->banque->enabled)) {
print '<tr><td class="fieldrequired">'.$langs->trans("Account").'</td><td>';
$form->select_comptes($_POST["accountid"], "accountid", 0, "courant=1", 2); // Affiche liste des comptes courant
$form->select_comptes(GETPOST("accountid", "int"), "accountid", 0, "courant=1", 2); // Affiche liste des comptes courant
print '</td></tr>';
print '<tr><td class="fieldrequired">'.$langs->trans("PaymentMode").'</td><td>';

8
htdocs/compta/paiement/cheque/card.php
View File

@ -117,9 +117,9 @@ if ($action == 'setref' && $user->rights->banque->cheque) {
}
}
if ($action == 'create' && $_POST["accountid"] > 0 && $user->rights->banque->cheque) {
if ($action == 'create' && GETPOST("accountid", "int") > 0 && $user->rights->banque->cheque) {
if (is_array($_POST['toRemise'])) {
$result = $object->create($user, $_POST["accountid"], 0, $_POST['toRemise']);
$result = $object->create($user, GETPOST("accountid", "int"), 0, GETPOST('toRemise'));
if ($result > 0) {
if ($object->statut == 1) { // If statut is validated, we build doc
$object->fetch($object->id); // To force to reload all properties in correct property name
@ -134,7 +134,7 @@ if ($action == 'create' && $_POST["accountid"] > 0 && $user->rights->banque->che
$outputlangs = new Translate("", $conf);
$outputlangs->setDefaultLang($newlang);
}
$result = $object->generatePdf($_POST["model"], $outputlangs);
$result = $object->generatePdf(GETPOST("model"), $outputlangs);
}
header("Location: ".$_SERVER["PHP_SELF"]."?id=".$object->id);
@ -227,7 +227,7 @@ if ($action == 'builddoc' && $user->rights->banque->cheque) {
$outputlangs = new Translate("", $conf);
$outputlangs->setDefaultLang($newlang);
}
$result = $object->generatePdf($_POST["model"], $outputlangs);
$result = $object->generatePdf(GETPOST("model"), $outputlangs);
if ($result <= 0) {
dol_print_error($db, $object->error);
exit;

4
htdocs/compta/paiement/rapport.php
View File

@ -70,14 +70,14 @@ if ($action == 'builddoc') {
// We save charset_output to restore it because write_file can change it if needed for
// output format that does not support UTF8.
$sav_charset_output = $outputlangs->charset_output;
if ($rap->write_file($dir, $_POST["remonth"], $_POST["reyear"], $outputlangs) > 0) {
if ($rap->write_file($dir, GETPOST("remonth", "int"), GETPOST("reyear", "int"), $outputlangs) > 0) {
$outputlangs->charset_output = $sav_charset_output;
} else {
$outputlangs->charset_output = $sav_charset_output;
dol_print_error($db, $obj->error);
}
$year = $_POST["reyear"];
$year = GETPOST("reyear", "int");
}

10
htdocs/compta/paiement_charge.php
View File

@ -32,6 +32,8 @@ $langs->load("bills");
$chid = GETPOST("id", 'int');
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel');
$amounts = array();
// Security check
@ -50,15 +52,15 @@ $charge = new ChargeSociales($db);
if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'yes')) {
$error = 0;
if ($_POST["cancel"]) {
if ($cancel) {
$loc = DOL_URL_ROOT.'/compta/sociales/card.php?id='.$chid;
header("Location: ".$loc);
exit;
}
$datepaye = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
$datepaye = dol_mktime(12, 0, 0, GETPOST("remonth", "int"), GETPOST("reday", "int"), GETPOST("reyear", "int"));
if (!$_POST["paiementtype"] > 0) {
if (!(GETPOST("paiementtype") > 0)) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")), null, 'errors');
$error++;
$action = 'create';
@ -68,7 +70,7 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y
$error++;
$action = 'create';
}
if (!empty($conf->banque->enabled) && !($_POST["accountid"] > 0)) {
if (!empty($conf->banque->enabled) && !(GETPOST("accountid") > 0)) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("AccountToCredit")), null, 'errors');
$error++;
$action = 'create';

32
htdocs/compta/paiement_vat.php
View File

@ -33,6 +33,8 @@ $langs->loadLangs(array("banks", "bills"));
$chid = GETPOST("id", 'int');
$action = GETPOST('action', 'alpha');
$cancel = GETPOST('cancel');
$amounts = array();
// Security check
@ -49,7 +51,7 @@ if ($user->socid > 0) {
if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'yes')) {
$error = 0;
if ($_POST["cancel"]) {
if ($cancel) {
$loc = DOL_URL_ROOT.'/compta/tva/card.php?id='.$chid;
header("Location: ".$loc);
exit;
@ -73,23 +75,23 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y
$action = 'create';
}
// Read possible payments
foreach ($_POST as $key => $value) {
if (substr($key, 0, 7) == 'amount_') {
$other_chid = substr($key, 7);
$amounts[$other_chid] = price2num(GETPOST($key));
}
}
if ($amounts[key($amounts)] <= 0) {
$error++;
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Amount")), null, 'errors');
$action = 'create';
}
if (!$error) {
$paymentid = 0;
// Read possible payments
foreach ($_POST as $key => $value) {
if (substr($key, 0, 7) == 'amount_') {
$other_chid = substr($key, 7);
$amounts[$other_chid] = price2num(GETPOST($key));
}
}
if (count($amounts) <= 0) {
$error++;
setEventMessages($langs->trans("ErrorNoPaymentDefined"), null, 'errors');
$action = 'create';
}
if (!$error) {
$db->begin();

2
htdocs/compta/sociales/card.php
View File

@ -180,7 +180,7 @@ if ($action == 'add' && $user->rights->tax->charges->creer) {
}
if ($action == 'update' && !$_POST["cancel"] && $user->rights->tax->charges->creer) {
if ($action == 'update' && !GETPOST("cancel") && $user->rights->tax->charges->creer) {
$amount = price2num(GETPOST('amount'), 'MT');
if (!$dateech) {

7
htdocs/compta/tva/card.php
View File

@ -41,6 +41,7 @@ $langs->loadLangs(array('compta', 'banks', 'bills'));
$id = GETPOST("id", 'int');
$action = GETPOST("action", "alpha");
$cancel = GETPOST('cancel');
$confirm = GETPOST('confirm');
$refund = GETPOST("refund", "int");
if (GETPOSTISSET('auto_create_paiement') || $action === 'add') {
@ -74,7 +75,7 @@ $hookmanager->initHooks(array('taxvatcard', 'globalcard'));
* Actions
*/
if ($_POST["cancel"] == $langs->trans("Cancel") && !$id) {
if ($cancel && !$id) {
header("Location: list.php");
exit;
}
@ -135,7 +136,7 @@ if ($action == 'reopen' && $user->rights->tax->charges->creer) {
}
}
if ($action == 'add' && $_POST["cancel"] <> $langs->trans("Cancel")) {
if ($action == 'add' && $cancel) {
$error = 0;
$object->fk_account = GETPOST("accountid", 'int');
@ -260,7 +261,7 @@ if ($action == 'confirm_delete' && $confirm == 'yes') {
}
}
if ($action == 'update' && !$_POST["cancel"] && $user->rights->tax->charges->creer) {
if ($action == 'update' && !GETPOST("cancel") && $user->rights->tax->charges->creer) {
$amount = price2num(GETPOST('amount'));
if (empty($amount)) {

42
htdocs/contact/canvas/actions_contactcard_common.class.php
View File

@ -283,28 +283,28 @@ abstract class ActionsContactCardCommon
// phpcs:enable
global $langs, $mysoc;
$this->object->old_name = $_POST["old_name"];
$this->object->old_firstname = $_POST["old_firstname"];
$this->object->old_name = GETPOST("old_name");
$this->object->old_firstname = GETPOST("old_firstname");
$this->object->socid = $_POST["socid"];
$this->object->lastname = $_POST["name"];
$this->object->firstname = $_POST["firstname"];
$this->object->civility_id = $_POST["civility_id"];
$this->object->poste = $_POST["poste"];
$this->object->address = $_POST["address"];
$this->object->zip = $_POST["zipcode"];
$this->object->town = $_POST["town"];
$this->object->country_id = $_POST["country_id"] ? $_POST["country_id"] : $mysoc->country_id;
$this->object->state_id = $_POST["state_id"];
$this->object->phone_pro = $_POST["phone_pro"];
$this->object->phone_perso = $_POST["phone_perso"];
$this->object->phone_mobile = $_POST["phone_mobile"];
$this->object->fax = $_POST["fax"];
$this->object->email = $_POST["email"];
$this->object->jabberid = $_POST["jabberid"];
$this->object->priv = $_POST["priv"];
$this->object->note = $_POST["note"];
$this->object->canvas = $_POST["canvas"];
$this->object->socid = GETPOST("socid");
$this->object->lastname = GETPOST("name");
$this->object->firstname = GETPOST("firstname");
$this->object->civility_id = GETPOST("civility_id");
$this->object->poste = GETPOST("poste");
$this->object->address = GETPOST("address");
$this->object->zip = GETPOST("zipcode");
$this->object->town = GETPOST("town");
$this->object->country_id = GETPOST("country_id") ? GETPOST("country_id") : $mysoc->country_id;
$this->object->state_id = GETPOST("state_id");
$this->object->phone_pro = GETPOST("phone_pro");
$this->object->phone_perso = GETPOST("phone_perso");
$this->object->phone_mobile = GETPOST("phone_mobile");
$this->object->fax = GETPOST("fax");
$this->object->email = GETPOST("email");
$this->object->jabberid = GETPOST("jabberid");
$this->object->priv = GETPOST("priv");
$this->object->note = GETPOST("note", "restricthtml");
$this->object->canvas = GETPOST("canvas");
// We set country_id, and country_code label of the chosen country
if ($this->object->country_id) {

2
htdocs/contact/card.php
View File

@ -561,7 +561,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
$object->state_id = GETPOST("state_id");
// We set country_id, country_code and label for the selected country
$object->country_id = $_POST["country_id"] ?GETPOST("country_id") : (empty($objsoc->country_id) ? $mysoc->country_id : $objsoc->country_id);
$object->country_id = GETPOST("country_id") ? GETPOST("country_id", "int") : (empty($objsoc->country_id) ? $mysoc->country_id : $objsoc->country_id);
if ($object->country_id) {
$tmparray = getCountry($object->country_id, 'all');
$object->country_code = $tmparray['code'];

6
htdocs/contact/perso.php
View File

@ -45,12 +45,12 @@ $object = new Contact($db);
* Action
*/
if ($action == 'update' && !$_POST["cancel"] && $user->rights->societe->contact->creer) {
if ($action == 'update' && !GETPOST("cancel") && $user->rights->societe->contact->creer) {
$ret = $object->fetch($id);
// Note: Correct date should be completed with location to have exact GM time of birth.
$object->birthday = dol_mktime(0, 0, 0, $_POST["birthdaymonth"], $_POST["birthdayday"], $_POST["birthdayyear"]);
$object->birthday_alert = $_POST["birthday_alert"];
$object->birthday = dol_mktime(0, 0, 0, GETPOST("birthdaymonth"), GETPOST("birthdayday"), GETPOST("birthdayyear"));
$object->birthday_alert = GETPOST("birthday_alert");
if (GETPOST('deletephoto')) {
$object->photo = '';

7
htdocs/core/class/commonobject.class.php
View File

@ -1072,9 +1072,9 @@ abstract class CommonObject
// Insert into database
$sql = "INSERT INTO ".MAIN_DB_PREFIX."element_contact";
$sql .= " (element_id, fk_socpeople, datecreate, statut, fk_c_type_contact) ";
$sql .= " VALUES (".$this->id.", ".$fk_socpeople." , ";
$sql .= " VALUES (".$this->id.", ".((int) $fk_socpeople)." , ";
$sql .= "'".$this->db->idate($datecreate)."'";
$sql .= ", 4, ".$id_type_contact;
$sql .= ", 4, ".((int) $id_type_contact);
$sql .= ")";
$resql = $this->db->query($sql);
@ -7688,7 +7688,8 @@ abstract class CommonObject
$buyPrice = 0;
if (($unitPrice > 0) && (isset($conf->global->ForceBuyingPriceIfNull) && $conf->global->ForceBuyingPriceIfNull == 1)) { // In most cases, test here is false
if (($unitPrice > 0) && (isset($conf->global->ForceBuyingPriceIfNull) && $conf->global->ForceBuyingPriceIfNull > 0)) {
// When ForceBuyingPriceIfNull is set
$buyPrice = $unitPrice * (1 - $discountPercent / 100);
} else {
// Get cost price for margin calculation

6
htdocs/core/class/discount.class.php
View File

@ -144,13 +144,13 @@ class DiscountAbsolute
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture as fsup ON sr.fk_invoice_supplier_source = fsup.rowid";
$sql .= " WHERE sr.entity IN (".getEntity('invoice').")";
if ($rowid) {
$sql .= " AND sr.rowid=".$rowid;
$sql .= " AND sr.rowid=".((int) $rowid);
}
if ($fk_facture_source) {
$sql .= " AND sr.fk_facture_source=".$fk_facture_source;
$sql .= " AND sr.fk_facture_source = ".((int) $fk_facture_source);
}
if ($fk_invoice_supplier_source) {
$sql .= " AND sr.fk_invoice_supplier_source=".$fk_invoice_supplier_source;
$sql .= " AND sr.fk_invoice_supplier_source = ".((int) $fk_invoice_supplier_source);
}
dol_syslog(get_class($this)."::fetch", LOG_DEBUG);

4
htdocs/core/class/html.form.class.php
View File

@ -2002,7 +2002,9 @@ class Form
if (!$obj->entity) {
$moreinfo .= ($moreinfo ? ' - ' : ' (').$langs->trans("AllEntities");
} else {
$moreinfo .= ($moreinfo ? ' - ' : ' (').($obj->label ? $obj->label : $langs->trans("EntityNameNotDefined"));
if ($obj->entity != $conf->entity) {
$moreinfo .= ($moreinfo ? ' - ' : ' (').($obj->label ? $obj->label : $langs->trans("EntityNameNotDefined"));
}
}
}
$moreinfo .= ($moreinfo ? ')' : '');

4
htdocs/core/class/html.formaccounting.class.php
View File

@ -364,7 +364,7 @@ class FormAccounting extends Form
$sql = "SELECT DISTINCT aa.account_number, aa.label, aa.labelshort, aa.rowid, aa.fk_pcg_version";
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as aa";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
$sql .= " AND asy.rowid = ".$conf->global->CHARTOFACCOUNTS;
$sql .= " AND asy.rowid = ".((int) $conf->global->CHARTOFACCOUNTS);
$sql .= " AND aa.active = 1";
$sql .= " AND aa.entity=".$conf->entity;
$sql .= " ORDER BY aa.account_number";
@ -380,7 +380,7 @@ class FormAccounting extends Form
$num_rows = $this->db->num_rows($resql);
if ($num_rows == 0) {
if ($num_rows == 0 && (empty($conf->global->CHARTOFACCOUNTS) || $conf->global->CHARTOFACCOUNTS < 0)) {
$langs->load("errors");
$showempty = $langs->trans("ErrorYouMustFirstSetupYourChartOfAccount");
} else {

4
htdocs/core/class/html.formmail.class.php
View File

@ -912,8 +912,8 @@ class FormMail extends Form
}
}
if (GETPOSTISSET("message") && !$_POST['modelselected']) {
$defaultmessage = $_POST["message"];
if (GETPOSTISSET("message") && !GETPOST('modelselected')) {
$defaultmessage = GETPOST("message", "restricthtml");
} else {
$defaultmessage = make_substitutions($defaultmessage, $this->substit);
// Clean first \n and br (to avoid empty line when CONTACTCIVNAME is empty)

6
htdocs/core/class/html.formmargin.class.php
View File

@ -90,8 +90,10 @@ class FormMargin
$line->pa_ht = $product->fourn_unitprice * (1 - $product->fourn_remise_percent / 100);
}
}
// si prix d'achat non renseigné et devrait l'être, alors prix achat = prix vente
if ((!isset($line->pa_ht) || $line->pa_ht == 0) && $line->subprice > 0 && (isset($conf->global->ForceBuyingPriceIfNull) && $conf->global->ForceBuyingPriceIfNull == 1)) {
// If buy price is not defined (null), we will use the sell price. If defined to 0 (it means it was forced to 0 during insert, for example for a free to get product), we must still use 0.
//if ((!isset($line->pa_ht) || $line->pa_ht == 0) && $line->subprice > 0 && (isset($conf->global->ForceBuyingPriceIfNull) && $conf->global->ForceBuyingPriceIfNull > 0)) {
if ((!isset($line->pa_ht)) && $line->subprice > 0 && (isset($conf->global->ForceBuyingPriceIfNull) && $conf->global->ForceBuyingPriceIfNull > 0)) {
$line->pa_ht = $line->subprice * (1 - ($line->remise_percent / 100));
}

142
htdocs/core/class/notify.class.php
View File

@ -3,6 +3,7 @@
* Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2014 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2018 Philippe Grand <philippe.grand@atoo-net.com>
* Copyright (C) 2021 Thibault FOUCART <support@ptibogxiv.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -25,7 +26,6 @@
*/
require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
/**
* Class to manage notifications
*/
@ -80,8 +80,8 @@ class Notify
'SHIPPING_VALIDATE',
'EXPENSE_REPORT_VALIDATE',
'EXPENSE_REPORT_APPROVE',
'HOLIDAY_VALIDATE',
'HOLIDAY_APPROVE',
'HOLIDAY_VALIDATE',
'HOLIDAY_APPROVE',
'ACTION_CREATE'
);
@ -442,49 +442,54 @@ class Notify
switch ($notifcode) {
case 'BILL_VALIDATE':
$link = '<a href="'.$urlwithroot.'/compta/facture/card.php?facid='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->facture->dir_output;
$link = '<a href="'.$urlwithroot.'/compta/facture/card.php?facid='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->facture->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'invoice');
$object_type = 'facture';
$labeltouse = $conf->global->BILL_VALIDATE_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextInvoiceValidated", $link);
break;
case 'BILL_PAYED':
$link = '<a href="'.$urlwithroot.'/compta/facture/card.php?facid='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->facture->dir_output;
$link = '<a href="'.$urlwithroot.'/compta/facture/card.php?facid='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->facture->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'invoice');
$object_type = 'facture';
$labeltouse = $conf->global->BILL_PAYED_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextInvoicePayed", $link);
break;
case 'ORDER_VALIDATE':
$link = '<a href="'.$urlwithroot.'/commande/card.php?id='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->commande->dir_output;
$link = '<a href="'.$urlwithroot.'/commande/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->commande->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'commande');
$object_type = 'order';
$labeltouse = $conf->global->ORDER_VALIDATE_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextOrderValidated", $link);
break;
case 'PROPAL_VALIDATE':
$link = '<a href="'.$urlwithroot.'/comm/propal/card.php?id='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->propal->multidir_output[$object->entity];
$link = '<a href="'.$urlwithroot.'/comm/propal/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->propal->multidir_output[$object->entity]."/".get_exdir(0, 0, 0, 1, $object, 'propal');
$object_type = 'propal';
$labeltouse = $conf->global->PROPAL_VALIDATE_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextProposalValidated", $link);
break;
case 'PROPAL_CLOSE_SIGNED':
$link = '<a href="'.$urlwithroot.'/comm/propal/card.php?id='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->propal->multidir_output[$object->entity];
$link = '<a href="'.$urlwithroot.'/comm/propal/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->propal->multidir_output[$object->entity]."/".get_exdir(0, 0, 0, 1, $object, 'propal');
$object_type = 'propal';
$labeltouse = $conf->global->PROPAL_CLOSE_SIGNED_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextProposalClosedSigned", $link);
break;
case 'FICHINTER_ADD_CONTACT':
$link = '<a href="'.$urlwithroot.'/fichinter/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fichinter/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->ficheinter->dir_output;
$object_type = 'ficheinter';
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextInterventionAddedContact", $link);
break;
case 'FICHINTER_VALIDATE':
$link = '<a href="'.$urlwithroot.'/fichinter/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fichinter/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->ficheinter->dir_output;
$object_type = 'ficheinter';
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextInterventionValidated", $link);
break;
case 'ORDER_SUPPLIER_VALIDATE':
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->fournisseur->commande->dir_output;
$object_type = 'order_supplier';
$mesg = $outputlangs->transnoentitiesnoconv("Hello").",\n\n";
@ -492,7 +497,7 @@ class Notify
$mesg .= "\n\n".$outputlangs->transnoentitiesnoconv("Sincerely").".\n\n";
break;
case 'ORDER_SUPPLIER_APPROVE':
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->fournisseur->commande->dir_output;
$object_type = 'order_supplier';
$mesg = $outputlangs->transnoentitiesnoconv("Hello").",\n\n";
@ -500,7 +505,7 @@ class Notify
$mesg .= "\n\n".$outputlangs->transnoentitiesnoconv("Sincerely").".\n\n";
break;
case 'ORDER_SUPPLIER_REFUSE':
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->fournisseur->commande->dir_output;
$object_type = 'order_supplier';
$mesg = $outputlangs->transnoentitiesnoconv("Hello").",\n\n";
@ -508,56 +513,78 @@ class Notify
$mesg .= "\n\n".$outputlangs->transnoentitiesnoconv("Sincerely").".\n\n";
break;
case 'SHIPPING_VALIDATE':
$link = '<a href="'.$urlwithroot.'/expedition/card.php?id='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->expedition->dir_output.'/sending/';
$link = '<a href="'.$urlwithroot.'/expedition/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->expedition->dir_output."/sending/".get_exdir(0, 0, 0, 1, $object, 'shipment');
$object_type = 'expedition';
$labeltouse = $conf->global->SHIPPING_VALIDATE_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextExpeditionValidated", $link);
break;
case 'EXPENSE_REPORT_VALIDATE':
$link = '<a href="'.$urlwithroot.'/expensereport/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/expensereport/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->expensereport->dir_output;
$object_type = 'expensereport';
$labeltouse = $conf->global->EXPENSE_REPORT_VALIDATE_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextExpenseReportValidated", $link);
break;
case 'EXPENSE_REPORT_APPROVE':
$link = '<a href="'.$urlwithroot.'/expensereport/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/expensereport/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->expensereport->dir_output;
$object_type = 'expensereport';
$labeltouse = $conf->global->EXPENSE_REPORT_APPROVE_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextExpenseReportApproved", $link);
break;
case 'HOLIDAY_VALIDATE':
$link = '<a href="'.$urlwithroot.'/holiday/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/holiday/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->holiday->dir_output;
$object_type = 'holiday';
$labeltouse = $conf->global->HOLIDAY_VALIDATE_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextHolidayValidated", $link);
break;
case 'HOLIDAY_APPROVE':
$link = '<a href="'.$urlwithroot.'/holiday/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/holiday/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->holiday->dir_output;
$object_type = 'holiday';
$labeltouse = $conf->global->HOLIDAY_APPROVE_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextHolidayApproved", $link);
break;
break;
case 'ACTION_CREATE':
$link = '<a href="'.$urlwithroot.'/comm/action/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/comm/action/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->agenda->dir_output;
$object_type = 'action';
$labeltouse = $conf->global->ACTION_CREATE_TEMPLATE;
$mesg = $outputlangs->transnoentitiesnoconv("EMailTextActionAdded", $link);
break;
}
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
$formmail = new FormMail($this->db);
$arraydefaultmessage = null;
if (!empty($labeltouse)) $arraydefaultmessage = $formmail->getEMailTemplate($this->db, $object_type.'_send', $user, $outputlangs, 0, 1, $labeltouse);
if (!empty($labeltouse) && is_object($arraydefaultmessage) && $arraydefaultmessage->id > 0) {
$substitutionarray = getCommonSubstitutionArray($outputlangs, 0, null, $object);
complete_substitutions_array($substitutionarray, $outputlangs, $object);
$subject = make_substitutions($arraydefaultmessage->topic, $substitutionarray, $outputlangs);
$message = make_substitutions($arraydefaultmessage->content, $substitutionarray, $outputlangs);
} else {
$message = $outputlangs->transnoentities("YouReceiveMailBecauseOfNotification", $application, $mysoc->name)."\n";
$message .= $outputlangs->transnoentities("YouReceiveMailBecauseOfNotification2", $application, $mysoc->name)."\n";
$message .= "\n";
$message .= $mesg;
}
$ref = dol_sanitizeFileName($newref);
$pdf_path = $dir_output."/".$ref."/".$ref.".pdf";
$pdf_path = $dir_output."/".$ref.".pdf";
if (!dol_is_file($pdf_path)) {
// We can't add PDF as it is not generated yet.
$filepdf = '';
} else {
$filepdf = $pdf_path;
$filename_list[] = $filepdf;
$mimetype_list[] = mime_content_type($filepdf);
$mimefilename_list[] = $ref.".pdf";
}
$message = $outputlangs->transnoentities("YouReceiveMailBecauseOfNotification", $application, $mysoc->name)."\n";
$message .= $outputlangs->transnoentities("YouReceiveMailBecauseOfNotification2", $application, $mysoc->name)."\n";
$message .= "\n";
$message .= $mesg;
$parameters = array('notifcode'=>$notifcode, 'sendto'=>$sendto, 'replyto'=>$replyto, 'file'=>$filename_list, 'mimefile'=>$mimetype_list, 'filename'=>$mimefilename_list);
if (!isset($action)) {
$action = '';
@ -653,49 +680,49 @@ class Notify
switch ($notifcode) {
case 'BILL_VALIDATE':
$link = '<a href="'.$urlwithroot.'/compta/facture/card.php?facid='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->facture->dir_output;
$link = '<a href="'.$urlwithroot.'/compta/facture/card.php?facid='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->facture->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'invoice');
$object_type = 'facture';
$mesg = $langs->transnoentitiesnoconv("EMailTextInvoiceValidated", $link);
break;
case 'BILL_PAYED':
$link = '<a href="'.$urlwithroot.'/compta/facture/card.php?facid='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->facture->dir_output;
$link = '<a href="'.$urlwithroot.'/compta/facture/card.php?facid='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $$conf->facture->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'invoice');
$object_type = 'facture';
$mesg = $langs->transnoentitiesnoconv("EMailTextInvoicePayed", $link);
break;
case 'ORDER_VALIDATE':
$link = '<a href="'.$urlwithroot.'/commande/card.php?id='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->commande->dir_output;
$link = '<a href="'.$urlwithroot.'/commande/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->commande->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'commande');
$object_type = 'order';
$mesg = $langs->transnoentitiesnoconv("EMailTextOrderValidated", $link);
break;
case 'PROPAL_VALIDATE':
$link = '<a href="'.$urlwithroot.'/comm/propal/card.php?id='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->propal->multidir_output[$object->entity];
$link = '<a href="'.$urlwithroot.'/comm/propal/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->propal->multidir_output[$object->entity]."/".get_exdir(0, 0, 0, 1, $object, 'propal');
$object_type = 'propal';
$mesg = $langs->transnoentitiesnoconv("EMailTextProposalValidated", $link);
break;
case 'PROPAL_CLOSE_SIGNED':
$link = '<a href="'.$urlwithroot.'/comm/propal/card.php?id='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->propal->multidir_output[$object->entity];
$link = '<a href="'.$urlwithroot.'/comm/propal/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->propal->multidir_output[$object->entity]."/".get_exdir(0, 0, 0, 1, $object, 'propal');
$object_type = 'propal';
$mesg = $langs->transnoentitiesnoconv("EMailTextProposalClosedSigned", $link);
break;
case 'FICHINTER_ADD_CONTACT':
$link = '<a href="'.$urlwithroot.'/fichinter/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fichinter/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->ficheinter->dir_output;
$object_type = 'ficheinter';
$mesg = $langs->transnoentitiesnoconv("EMailTextInterventionAddedContact", $link);
break;
case 'FICHINTER_VALIDATE':
$link = '<a href="'.$urlwithroot.'/fichinter/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fichinter/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->facture->dir_output;
$object_type = 'ficheinter';
$mesg = $langs->transnoentitiesnoconv("EMailTextInterventionValidated", $link);
break;
case 'ORDER_SUPPLIER_VALIDATE':
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->fournisseur->commande->dir_output;
$object_type = 'order_supplier';
$mesg = $langs->transnoentitiesnoconv("Hello").",\n\n";
@ -703,7 +730,7 @@ class Notify
$mesg .= "\n\n".$langs->transnoentitiesnoconv("Sincerely").".\n\n";
break;
case 'ORDER_SUPPLIER_APPROVE':
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->fournisseur->commande->dir_output;
$object_type = 'order_supplier';
$mesg = $langs->transnoentitiesnoconv("Hello").",\n\n";
@ -711,7 +738,7 @@ class Notify
$mesg .= "\n\n".$langs->transnoentitiesnoconv("Sincerely").".\n\n";
break;
case 'ORDER_SUPPLIER_APPROVE2':
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->fournisseur->commande->dir_output;
$object_type = 'order_supplier';
$mesg = $langs->transnoentitiesnoconv("Hello").",\n\n";
@ -719,7 +746,7 @@ class Notify
$mesg .= "\n\n".$langs->transnoentitiesnoconv("Sincerely").".\n\n";
break;
case 'ORDER_SUPPLIER_REFUSE':
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/fourn/commande/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->fournisseur->dir_output.'/commande/';
$object_type = 'order_supplier';
$mesg = $langs->transnoentitiesnoconv("Hello").",\n\n";
@ -727,37 +754,37 @@ class Notify
$mesg .= "\n\n".$langs->transnoentitiesnoconv("Sincerely").".\n\n";
break;
case 'SHIPPING_VALIDATE':
$link = '<a href="'.$urlwithroot.'/expedition/card.php?id='.$object->id.'">'.$newref.'</a>';
$dir_output = $conf->expedition->dir_output.'/sending/';
$link = '<a href="'.$urlwithroot.'/expedition/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->expedition->dir_output."/sending/".get_exdir(0, 0, 0, 1, $object, 'shipment');
$object_type = 'order_supplier';
$mesg = $langs->transnoentitiesnoconv("EMailTextExpeditionValidated", $link);
break;
case 'EXPENSE_REPORT_VALIDATE':
$link = '<a href="'.$urlwithroot.'/expensereport/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/expensereport/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->expensereport->dir_output;
$object_type = 'expensereport';
$mesg = $langs->transnoentitiesnoconv("EMailTextExpenseReportValidated", $link);
break;
case 'EXPENSE_REPORT_APPROVE':
$link = '<a href="'.$urlwithroot.'/expensereport/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/expensereport/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->expensereport->dir_output;
$object_type = 'expensereport';
$mesg = $langs->transnoentitiesnoconv("EMailTextExpenseReportApproved", $link);
break;
case 'HOLIDAY_VALIDATE':
$link = '<a href="'.$urlwithroot.'/holiday/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/holiday/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->holiday->dir_output;
$object_type = 'holiday';
$mesg = $langs->transnoentitiesnoconv("EMailTextHolidayValidated", $link);
break;
case 'HOLIDAY_APPROVE':
$link = '<a href="'.$urlwithroot.'/holiday/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/holiday/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->holiday->dir_output;
$object_type = 'holiday';
$mesg = $langs->transnoentitiesnoconv("EMailTextHolidayApproved", $link);
break;
break;
case 'ACTION_CREATE':
$link = '<a href="'.$urlwithroot.'/comm/action/card.php?id='.$object->id.'">'.$newref.'</a>';
$link = '<a href="'.$urlwithroot.'/comm/action/card.php?id='.$object->id.'&entity='.$object->entity.'">'.$newref.'</a>';
$dir_output = $conf->agenda->dir_output;
$object_type = 'action';
$mesg = $langs->transnoentitiesnoconv("EMailTextActionAdded", $link);
@ -770,6 +797,9 @@ class Notify
$filepdf = '';
} else {
$filepdf = $pdf_path;
$filename_list[] = $pdf_path;
$mimetype_list[] = mime_content_type($filepdf);
$mimefilename_list[] = $ref.".pdf";
}
$message .= $langs->transnoentities("YouReceiveMailBecauseOfNotification2", $application, $mysoc->name)."\n";

20
htdocs/core/class/rssparser.class.php
View File

@ -181,7 +181,7 @@ class RssParser
* @param string $urlRSS Url to parse
* @param int $maxNb Max nb of records to get (0 for no limit)
* @param int $cachedelay 0=No cache, nb of seconds we accept cache files (cachedir must also be defined)
* @param string $cachedir Directory where to save cache file
* @param string $cachedir Directory where to save cache file (For example $conf->externalrss->dir_temp)
* @return int <0 if KO, >0 if OK
*/
public function parser($urlRSS, $maxNb = 0, $cachedelay = 60, $cachedir = '')
@ -189,6 +189,7 @@ class RssParser
global $conf;
include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
include_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php';
$rss = '';
$str = ''; // This will contain content of feed
@ -225,21 +226,10 @@ class RssParser
$str = file_get_contents($newpathofdestfile);
} else {
try {
ini_set("user_agent", "Dolibarr ERP-CRM RSS reader");
ini_set("max_execution_time", $conf->global->MAIN_USE_RESPONSE_TIMEOUT);
ini_set("default_socket_timeout", $conf->global->MAIN_USE_RESPONSE_TIMEOUT);
$opts = array('http'=>array('method'=>"GET"));
if (!empty($conf->global->MAIN_USE_CONNECT_TIMEOUT)) {
$opts['http']['timeout'] = $conf->global->MAIN_USE_CONNECT_TIMEOUT;
$result = getURLContent($this->_urlRSS, 'GET', '', 1, array(), array('http', 'https'), 0);
if (!empty($result['content'])) {
$str = $result['content'];
}
if (!empty($conf->global->MAIN_PROXY_USE)) {
$opts['http']['proxy'] = 'tcp://'.$conf->global->MAIN_PROXY_HOST.':'.$conf->global->MAIN_PROXY_PORT;
}
//var_dump($opts);exit;
$context = stream_context_create($opts);
$str = file_get_contents($this->_urlRSS, false, $context);
} catch (Exception $e) {
print 'Error retrieving URL '.$this->_urlRSS.' - '.$e->getMessage();
}

4
htdocs/core/class/translate.class.php
View File

@ -631,7 +631,7 @@ class Translate
// We replace some HTML tags by __xx__ to avoid having them encoded by htmlentities because
// we want to keep '"' '<b>' '</b>' '<strong' '</strong>' '<a ' '</a>' '<br>' '< ' '<span' '</span>' that are reliable HTML tags inside translation strings.
$str = str_replace(
array('"', '<b>', '</b>', '<u>', '</u>', '<i>', '</i>', '<center>', '</center>', '<strong>', '</strong>', '<a ', '</a>', '<br>', '<span', '</span>', '< ', '>'), // We accept '< ' but not '<'. We can accept however '>'
array('"', '<b>', '</b>', '<u>', '</u>', '<i', '</i>', '<center>', '</center>', '<strong>', '</strong>', '<a ', '</a>', '<br>', '<span', '</span>', '< ', '>'), // We accept '< ' but not '<'. We can accept however '>'
array('__quot__', '__tagb__', '__tagbend__', '__tagu__', '__taguend__', '__tagi__', '__tagiend__', '__tagcenter__', '__tagcenterend__', '__tagb__', '__tagbend__', '__taga__', '__tagaend__', '__tagbr__', '__tagspan__', '__tagspanend__', '__ltspace__', '__gt__'),
$str
);
@ -646,7 +646,7 @@ class Translate
// Restore reliable HTML tags into original translation string
$str = str_replace(
array('__quot__', '__tagb__', '__tagbend__', '__tagu__', '__taguend__', '__tagi__', '__tagiend__', '__tagcenter__', '__tagcenterend__', '__taga__', '__tagaend__', '__tagbr__', '__tagspan__', '__tagspanend__', '__ltspace__', '__gt__'),
array('"', '<b>', '</b>', '<u>', '</u>', '<i>', '</i>', '<center>', '</center>', '<a ', '</a>', '<br>', '<span', '</span>', '< ', '>'),
array('"', '<b>', '</b>', '<u>', '</u>', '<i', '</i>', '<center>', '</center>', '<a ', '</a>', '<br>', '<span', '</span>', '< ', '>'),
$str
);

11
htdocs/core/lib/admin.lib.php
View File

@ -303,14 +303,17 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle
if ($offsetforchartofaccount > 0) {
// Replace lines
// 'INSERT INTO llx_accounting_account (entity, rowid, fk_pcg_version, pcg_type, account_number, account_parent, label, active) VALUES (__ENTITY__, 1401, 'PCG99-ABREGE', 'CAPIT', '1234', 1400, '...', 1);'
// 'INSERT INTO llx_accounting_account (entity, rowid, fk_pcg_version, pcg_type, account_number, account_parent, label, active) VALUES (__ENTITY__, 1401, 'PCG99-ABREGE', 'CAPIT', '1234', 1400,...'
// with
// 'INSERT INTO llx_accounting_account (entity, rowid, fk_pcg_version, pcg_type, account_number, account_parent, label, active) VALUES (__ENTITY__, 1401 + 200100000, 'PCG99-ABREGE','CAPIT', '1234', 1400 + 200100000, '...', 1);'
// Note: string with 1234 instead of '1234' is also supported
// 'INSERT INTO llx_accounting_account (entity, rowid, fk_pcg_version, pcg_type, account_number, account_parent, label, active) VALUES (__ENTITY__, 1401 + 200100000, 'PCG99-ABREGE','CAPIT', '1234', 1400 + 200100000,...'
// Note: string with 'PCG99-ABREGE','CAPIT', 1234 instead of 'PCG99-ABREGE','CAPIT', '1234' is also supported
$newsql = preg_replace('/VALUES\s*\(__ENTITY__, \s*(\d+)\s*,(\s*\'[^\',]*\'\s*,\s*\'[^\',]*\'\s*,\s*\'?[^\',]*\'?\s*),\s*\'?([^\',]*)\'?/ims', 'VALUES (__ENTITY__, \1 + '.$offsetforchartofaccount.', \2, \3 + '.$offsetforchartofaccount, $newsql);
$newsql = preg_replace('/([,\s])0 \+ '.$offsetforchartofaccount.'/ims', '\1 0', $newsql);
//var_dump($newsql);
$arraysql[$i] = $newsql;
// FIXME Because we force the rowid during insert, we must also update the sequence with postgresql by running
// SELECT dol_util_rebuild_sequences();
}
}
@ -568,7 +571,7 @@ function dolibarr_get_const($db, $name, $entity = 1)
* @param DoliDB $db Database handler
* @param string $name Name of constant
* @param string $value Value of constant
* @param string $type Type of constante (chaine par defaut)
* @param string $type Type of constant ('chaine by default)
* @param int $visible Is constant visible in Setup->Other page (0 by default)
* @param string $note Note on parameter
* @param int $entity Multi company id (0 means all entities)

44
htdocs/core/lib/functions.lib.php
View File

@ -355,6 +355,7 @@ function GETPOSTISSET($paramname)
* 'int'=check it's numeric (integer or float)
* 'intcomma'=check it's integer+comma ('1,2,3,4...')
* 'alpha'=Same than alphanohtml since v13
* 'alphawithlgt'=alpha with lgt
* 'alphanohtml'=check there is no html content and no " and no ../
* 'aZ'=check it's a-z only
* 'aZ09'=check it's simple alpha string (recommended for keys)
@ -745,20 +746,29 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options =
case 'alpha': // No html and no ../ and "
case 'alphanohtml': // Recommended for most scalar parameters and search parameters
if (!is_array($out)) {
$out = dol_string_nohtmltag($out, 0);
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals
$out = str_replace(array('&quot;', '"'), '', trim($out));
$out = str_replace(array('../'), '', $out);
$out = trim($out);
do {
$oldstringtoclean = $out;
// Note &#38, '&#0000038', '&#x26'... is a simple char like '&' alone but there is no reason to accept such way to encode input data.
$out = str_ireplace(array('&#38', '&#0000038', '&#x26', '&quot', '&#34', '&#0000034', '&#x22', '"', '&#47', '&#0000047', '&#x2F', '../'), '', $out);
} while ($oldstringtoclean != $out);
// keep lines feed
$out = dol_string_nohtmltag($out, 0);
}
break;
case 'alphawithlgt': // No " and no ../ but we keep balanced < > tags with no special chars inside. Can be used for email string like "Name <email>"
if (!is_array($out)) {
$out = dol_html_entity_decode($out, ENT_COMPAT | ENT_HTML5, 'UTF-8');
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals
$out = str_replace(array('&quot;', '"'), '', trim($out));
$out = str_replace(array('../'), '', $out);
$out = trim($out);
do {
$oldstringtoclean = $out;
// Note &#38, '&#0000038', '&#x26'... is a simple char like '&' alone but there is no reason to accept such way to encode input data.
$out = str_ireplace(array('&#38', '&#0000038', '&#x26', '&quot', '&#34', '&#0000034', '&#x22', '"', '&#47', '&#0000047', '&#x2F', '../'), '', $out);
} while ($oldstringtoclean != $out);
}
break;
case 'restricthtml': // Recommended for most html textarea
@ -3521,14 +3531,15 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $
'delete', 'dolly', 'dollyrevert', 'donation', 'download', 'edit', 'ellipsis-h', 'email', 'eraser', 'external-link-alt', 'external-link-square-alt',
'filter', 'file-code', 'file-export', 'file-import', 'file-upload', 'folder', 'folder-open', 'globe', 'globe-americas', 'grip', 'grip_title', 'group',
'help', 'holiday',
'info', 'intervention', 'inventory', 'label', 'language', 'link', 'list', 'listlight', 'loan', 'lot', 'long-arrow-alt-right',
'info', 'intervention', 'inventory', 'intracommreport',
'label', 'language', 'link', 'list', 'listlight', 'loan', 'lot', 'long-arrow-alt-right',
'margin', 'map-marker-alt', 'member', 'meeting', 'money-bill-alt', 'movement', 'mrp', 'note', 'next',
'object_accounting', 'object_account', 'object_accountline', 'object_action', 'object_asset', 'object_barcode', 'object_bill', 'object_billr', 'object_billa', 'object_billd', 'object_bom',
'object_category', 'conferenceorbooth', 'object_conversation', 'object_bookmark', 'object_bug', 'object_clock', 'object_dolly', 'object_dollyrevert',
'object_folder', 'object_folder-open','object_generic',
'object_list-alt', 'object_calendar', 'object_calendarweek', 'object_calendarmonth', 'object_calendarday', 'object_calendarperuser',
'object_cash-register', 'object_company', 'object_contact', 'object_contract', 'object_cron', 'object_donation', 'object_dynamicprice',
'object_globe', 'object_holiday', 'object_hrm', 'object_invoice', 'object_intervention', 'object_inventory', 'object_label',
'object_globe', 'object_holiday', 'object_hrm', 'object_invoice', 'object_intervention', 'object_inventory', 'object_intracommreport', 'object_label',
'object_margin', 'object_members', 'object_money-bill-alt', 'object_multicurrency', 'object_order', 'object_payment',
'object_lot', 'object_mrp', 'object_other',
'object_payment', 'object_pdf', 'object_product', 'object_propal',
@ -3576,7 +3587,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $
'email'=>'at',
'edit'=>'pencil-alt', 'grip_title'=>'arrows-alt', 'grip'=>'arrows-alt', 'help'=>'question-circle',
'generic'=>'file', 'holiday'=>'umbrella-beach',
'info'=>'info-circle', 'inventory'=>'boxes', 'label'=>'layer-group', 'loan'=>'money-bill-alt',
'info'=>'info-circle', 'inventory'=>'boxes', 'intracommreport'=>'globe-europe', 'label'=>'layer-group', 'loan'=>'money-bill-alt',
'member'=>'user-alt', 'meeting'=>'chalkboard-teacher', 'mrp'=>'cubes', 'next'=>'arrow-alt-circle-right',
'trip'=>'wallet', 'group'=>'users', 'movement'=>'people-carry',
'sign-out'=>'sign-out-alt',
@ -6267,16 +6278,20 @@ function dol_string_nohtmltag($stringtoclean, $removelinefeed = 1, $pagecodeto =
* @param int $cleanalsosomestyles Remove absolute/fixed positioning from inline styles
* @param int $removeclassattribute 1=Remove the class attribute from tags
* @param int $cleanalsojavascript Remove also occurence of 'javascript:'.
* @param int $allowiframe Allow iframe tags.
* @return string String cleaned
*
* @see dol_escape_htmltag() strip_tags() dol_string_nohtmltag() dol_string_neverthesehtmltags()
*/
function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1, $removeclassattribute = 1, $cleanalsojavascript = 0)
function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1, $removeclassattribute = 1, $cleanalsojavascript = 0, $allowiframe = 0)
{
$allowed_tags = array(
"html", "head", "meta", "body", "article", "a", "abbr", "b", "blockquote", "br", "cite", "div", "dl", "dd", "dt", "em", "font", "img", "ins", "hr", "i", "li", "link",
"ol", "p", "q", "s", "section", "span", "strike", "strong", "title", "table", "tr", "th", "td", "u", "ul", "sup", "sub", "blockquote", "pre", "h1", "h2", "h3", "h4", "h5", "h6"
);
if ($allowiframe) {
$allowed_tags[] = "iframe";
}
$allowed_tags_string = join("><", $allowed_tags);
$allowed_tags_string = '<'.$allowed_tags_string.'>';
@ -6322,9 +6337,11 @@ function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1,
*
* @see dol_escape_htmltag() strip_tags() dol_string_nohtmltag() dol_string_onlythesehtmltags() dol_string_neverthesehtmltags()
*/
function dol_string_onlythesehtmlattributes($stringtoclean, $allowed_attributes = array("alt", "class", "contenteditable", "data-html", "href", "id", "name", "src", "style", "target", "title"))
function dol_string_onlythesehtmlattributes($stringtoclean, $allowed_attributes = array("allow", "allowfullscreen", "alt", "class", "contenteditable", "data-html", "frameborder", "height", "href", "id", "name", "src", "style", "target", "title", "width"))
{
if (class_exists('DOMDocument') && !empty($stringtoclean)) {
$stringtoclean = '<html><body>'.$stringtoclean.'</body></html>';
$dom = new DOMDocument();
$dom->loadHTML($stringtoclean, LIBXML_ERR_NONE|LIBXML_HTML_NOIMPLIED|LIBXML_HTML_NODEFDTD|LIBXML_NONET|LIBXML_NOWARNING|LIBXML_NOXMLDECL);
if (is_object($dom)) {
@ -6338,7 +6355,12 @@ function dol_string_onlythesehtmlattributes($stringtoclean, $allowed_attributes
}
}
return $dom->saveHTML();
$return = $dom->saveHTML();
//$return = '<html><body>aaaa</p>bb<p>ssdd</p>'."\n<p>aaa</p>aa<p>bb</p>";
$return = preg_replace('/^<html><body>/', '', $return);
$return = preg_replace('/<\/body><\/html>$/', '', $return);
return $return;
} else {
return $stringtoclean;
}

5
htdocs/core/lib/product.lib.php
View File

@ -328,6 +328,11 @@ function product_lot_admin_prepare_head()
$h = 0;
$head = array();
$head[$h][0] = DOL_URL_ROOT."/product/admin/product_lot.php";
$head[$h][1] = $langs->trans('Parameters');
$head[$h][2] = 'settings';
$h++;
// Show more tabs from modules
// Entries must be declared in modules descriptor with line
// $this->tabs = array('entity:+tabname:Title:@mymodule:/mymodule/mypage.php?id=__ID__'); to add new tab

1
htdocs/core/modules/expensereport/doc/index.html Normal file
View File

@ -0,0 +1 @@

8
htdocs/core/modules/mailings/thirdparties.modules.php
View File

@ -83,13 +83,13 @@ class mailing_thirdparties extends MailingTargets
if (GETPOSTISSET("filter_client") && GETPOST("filter_client") <> '-1') {
$addFilter .= " AND s.client=".((int) GETPOST("filter_client", 'int'));
$addDescription = $langs->trans('ProspectCustomer')."=";
if ($_POST["filter_client"] == 0) {
if (GETPOST("filter_client") == 0) {
$addDescription .= $langs->trans('NorProspectNorCustomer');
} elseif ($_POST["filter_client"] == 1) {
} elseif (GETPOST("filter_client") == 1) {
$addDescription .= $langs->trans('Customer');
} elseif ($_POST["filter_client"] == 2) {
} elseif (GETPOST("filter_client") == 2) {
$addDescription .= $langs->trans('Prospect');
} elseif ($_POST["filter_client"] == 3) {
} elseif (GETPOST("filter_client") == 3) {
$addDescription .= $langs->trans('ProspectCustomer');
} else {
$addDescription .= "Unknown status ".GETPOST("filter_client");

2
htdocs/core/modules/modExternalSite.class.php
View File

@ -67,7 +67,7 @@ class modExternalSite extends DolibarrModules
$this->dirs = array();
// Config pages. Put here list of php page names stored in admmin directory used to setup module
$this->config_page_url = array("externalsite.php@externalsite");
$this->config_page_url = array("index.php@externalsite");
// Dependencies
$this->depends = array(); // List of modules id that must be enabled if this module is enabled

4
htdocs/core/modules/modIntracommreport.class.php
View File

@ -44,13 +44,13 @@ class modIntracommreport extends DolibarrModules
$this->numero = 68000;
$this->family = "financial";
$this->module_position = '100';
$this->module_position = '60';
// Module label (no space allowed), used if translation string 'ModuleXXXName' not found (where XXX is value of numeric property 'numero' of module)
$this->name = preg_replace('/^mod/i', '', get_class($this));
$this->description = "Intracomm report management (Support for French DEB/DES format)";
// Possible values for version are: 'development', 'experimental', 'dolibarr' or 'dolibarr_deprecated' or version
$this->version = 'development';
$this->version = 'experimental';
$this->const_name = 'MAIN_MODULE_'.strtoupper($this->name);
$this->picto = 'intracommreport';

20
htdocs/core/modules/modProductBatch.class.php
View File

@ -64,8 +64,8 @@ class modProductBatch extends DolibarrModules
// Data directories to create when module is enabled.
$this->dirs = array();
// Config pages. Put here list of php page, stored into /product/admin/ directory, to setup the module.
$this->config_page_url = array("product_lot_extrafields.php@product");
// Config pages. Put here list of php page, stored into productdluo/admin directory, to use to setup module.
$this->config_page_url = array("product_lot.php@product");
// Dependencies
$this->hidden = false; // A condition to hide module
@ -76,8 +76,24 @@ class modProductBatch extends DolibarrModules
$this->need_dolibarr_version = array(3, 0); // Minimum version of Dolibarr required by module
$this->langfiles = array("productbatch");
// Constants
// Constants
$this->const = array();
$r = 0;
$this->const[$r][0] = "PRODUCTBATCH_LOT_ADDON";
$this->const[$r][1] = "chaine";
$this->const[$r][2] = "mod_lot_free";
$this->const[$r][3] = 'Module to control product codes';
$this->const[$r][4] = 0;
$r++;
$this->const[$r][0] = "PRODUCTBATCH_SN_ADDON";
$this->const[$r][1] = "chaine";
$this->const[$r][2] = "mod_sn_free";
$this->const[$r][3] = 'Module to control product codes';
$this->const[$r][4] = 0;
$r++;
$this->tabs = array();

1
htdocs/core/modules/movement/doc/index.html Normal file
View File

@ -0,0 +1 @@

1
htdocs/core/modules/product/doc/index.html Normal file
View File

@ -0,0 +1 @@

145
htdocs/core/modules/product_batch/mod_lot_advanced.php Normal file
View File

@ -0,0 +1,145 @@
<?php
/* Copyright (C) 2003-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2007 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2008 Raphael Bertrand (Resultic) <raphael.bertrand@resultic.fr>
* Copyright (C) 2019 Frédéric France <frederic.france@netlogic.fr>
* Copyright (C) 2021 Christophe Battarel <christophe@altairis.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
* or see https://www.gnu.org/
*/
/**
* \file htdocs/core/modules/product_batch/mod_lot_advanced.php
* \ingroup productbatch
* \brief File containing class for numbering model of Lot advanced
*/
require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php';
/**
* Class to manage Batch numbering rules advanced
*/
class mod_lot_advanced extends ModeleNumRefBatch
{
/**
* Dolibarr version of the loaded document
* @var string
*/
public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr'
/**
* @var string Error message
*/
public $error = '';
/**
* @var string name
*/
public $name = 'lot_advanced';
/**
* Returns the description of the numbering model
*
* @return string Texte descripif
*/
public function info()
{
global $conf, $langs, $db;
$langs->load("bills");
$form = new Form($db);
$texte = $langs->trans('GenericNumRefModelDesc')."<br>\n";
$texte .= '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
$texte .= '<input type="hidden" name="token" value="'.newToken().'">';
$texte .= '<input type="hidden" name="action" value="updateMaskLot">';
$texte .= '<input type="hidden" name="maskconstLot" value="LOT_ADVANCED_MASK">';
$texte .= '<table class="nobordernopadding" width="100%">';
$tooltip = $langs->trans("GenericMaskCodes", $langs->transnoentities("Batch"), $langs->transnoentities("Batch"));
$tooltip .= $langs->trans("GenericMaskCodes2");
$tooltip .= $langs->trans("GenericMaskCodes3");
$tooltip .= $langs->trans("GenericMaskCodes4a", $langs->transnoentities("Batch"), $langs->transnoentities("Batch"));
$tooltip .= $langs->trans("GenericMaskCodes5");
// Parametrage du prefix
$texte .= '<tr><td>'.$langs->trans("Mask").':</td>';
$texte .= '<td class="right">'.$form->textwithpicto('<input type="text" class="flat" size="24" name="maskLot" value="'.$conf->global->LOT_ADVANCED_MASK.'">', $tooltip, 1, 1).'</td>';
$texte .= '<td class="left" rowspan="2">&nbsp; <input type="submit" class="button" value="'.$langs->trans("Modify").'" name="Button"></td>';
$texte .= '</tr>';
$texte .= '</table>';
$texte .= '</form>';
return $texte;
}
/**
* Return an example of numbering
*
* @return string Example
*/
public function getExample()
{
global $conf, $langs, $mysoc;
$old_code_client = $mysoc->code_client;
$old_code_type = $mysoc->typent_code;
$mysoc->code_client = 'CCCCCCCCCC';
$mysoc->typent_code = 'TTTTTTTTTT';
$numExample = $this->getNextValue($mysoc, '');
$mysoc->code_client = $old_code_client;
$mysoc->typent_code = $old_code_type;
if (!$numExample) {
$numExample = $langs->trans('NotConfigured');
}
return $numExample;
}
/**
* Return next free value
*
* @param Product $objprod Object product
* @param Object $object Object we need next value for
* @return string Value if KO, <0 if KO
*/
public function getNextValue($objprod, $object)
{
global $db, $conf;
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
// We get cursor rule
$mask = $conf->global->BATCH_ADVANCED_MASK;
if (!$mask) {
$this->error = 'NotConfigured';
return 0;
}
$date = $object->date;
$numFinal = get_next_value($db, $mask, 'product_lot', 'ref', '', null, $date);
return $numFinal;
}
}

105
htdocs/core/modules/product_batch/mod_lot_free.php Normal file
View File

@ -0,0 +1,105 @@
<?php
/* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2006-2009 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
* or see https://www.gnu.org/
*/
/**
* \file htdocs/core/modules/product/mod_lot_free.php
* \ingroup productbatch
* \brief File containing class for numbering model of Lot free
*/
require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php';
/**
* \class mod_codeproduct_leopard
* \brief Classe permettant la gestion leopard des codes produits
*/
class mod_lot_free extends ModeleNumRefBatch
{
/*
* Attention ce module est utilise par defaut si aucun module n'a
* ete definit dans la configuration
*
* Le fonctionnement de celui-ci doit donc rester le plus ouvert possible
*/
/**
* @var string model name
*/
public $name = 'lot_free';
public $code_modifiable; // Code modifiable
public $code_modifiable_invalide; // Code modifiable si il est invalide
public $code_modifiable_null; // Code modifiables si il est null
public $code_null; // Code facultatif
/**
* Dolibarr version of the loaded document
* @var string
*/
public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr'
/**
* @var int Automatic numbering
*/
public $code_auto;
/**
* Constructor
*/
public function __construct()
{
$this->code_null = 1;
$this->code_modifiable = 1;
$this->code_modifiable_invalide = 1;
$this->code_modifiable_null = 1;
$this->code_auto = 0;
}
/**
* Return description of module
*
* @return string Description of module
*/
public function info()
{
global $langs;
$langs->load("companies");
return $langs->trans("LeopardNumRefModelDesc");
}
/**
* Return an example of result returned by getNextValue
*
* @param product $objproduct Object product
* @param int $type Type of third party (1:customer, 2:supplier, -1:autodetect)
* @return string Return next value
*/
public function getNextValue($objproduct = 0, $type = -1)
{
global $langs;
return '';
}
}

145
htdocs/core/modules/product_batch/mod_lot_standard.php Normal file
View File

@ -0,0 +1,145 @@
<?php
/* Copyright (C) 2005-2010 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2021 Christophe Battarel <christophe@altairis.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
* or see https://www.gnu.org/
*/
/**
* \file htdocs/core/modules/product_batch/mod_lot_standard.php
* \ingroup productbatch
* \brief File of class to manage Lot numbering rules standard
*/
require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php';
/**
* Class to manage MO numbering rules standard
*/
class mod_lot_standard extends ModeleNumRefBatch
{
/**
* Dolibarr version of the loaded document
* @var string
*/
public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr'
public $prefix = 'LOT';
/**
* @var string Error code (or message)
*/
public $error = '';
/**
* @var string name
*/
public $name = 'lot_standard';
/**
* Return description of numbering module
*
* @return string Text with description
*/
public function info()
{
global $langs;
return $langs->trans("SimpleNumRefModelDesc", $this->prefix);
}
/**
* Return an example of numbering
*
* @return string Example
*/
public function getExample()
{
return $this->prefix."0501-0001";
}
/**
* Checks if the numbers already in the database do not
* cause conflicts that would prevent this numbering working.
*
* @return boolean false if conflict, true if ok
*/
public function canBeActivated()
{
global $conf, $langs, $db;
$coyymm = ''; $max = '';
$posindice = strlen($this->prefix) + 6;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql .= " FROM ".MAIN_DB_PREFIX."product_lot";
$sql .= " WHERE ref LIKE '".$db->escape($this->prefix)."____-%'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql) {
$row = $db->fetch_row($resql);
if ($row) { $coyymm = substr($row[0], 0, 6); $max = $row[0]; }
}
if ($coyymm && !preg_match('/'.$this->prefix.'[0-9][0-9][0-9][0-9]/i', $coyymm)) {
$langs->load("errors");
$this->error = $langs->trans('ErrorNumRefModel', $max);
return false;
}
return true;
}
/**
* Return next free value
*
* @param Product $objprod Object product
* @param Object $object Object we need next value for
* @return string Value if KO, <0 if KO
*/
public function getNextValue($objprod, $object)
{
global $db, $conf;
// First, we get the max value
$posindice = strlen($this->prefix) + 6;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql .= " FROM ".MAIN_DB_PREFIX."product_lot";
$sql .= " WHERE ref LIKE '".$db->escape($this->prefix)."____-%'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
if ($obj) $max = intval($obj->max);
else $max = 0;
} else {
dol_syslog("mod_lot_standard::getNextValue", LOG_DEBUG);
return -1;
}
//$date=time();
$date = $object->date_creation;
$yymm = strftime("%y%m", $date);
if ($max >= (pow(10, 4) - 1)) $num = $max + 1; // If counter > 9999, we do not format on 4 chars, we take number as it is
else $num = sprintf("%04s", $max + 1);
dol_syslog("mod_lot_standard::getNextValue return ".$this->prefix.$yymm."-".$num);
return $this->prefix.$yymm."-".$num;
}
}

145
htdocs/core/modules/product_batch/mod_sn_advanced.php Normal file
View File

@ -0,0 +1,145 @@
<?php
/* Copyright (C) 2003-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2007 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2008 Raphael Bertrand (Resultic) <raphael.bertrand@resultic.fr>
* Copyright (C) 2019 Frédéric France <frederic.france@netlogic.fr>
* Copyright (C) 2021 Christophe Battarel <christophe@altairis.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
* or see https://www.gnu.org/
*/
/**
* \file htdocs/core/modules/product_batch/mod_batch_advanced.php
* \ingroup productbatch
* \brief File containing class for numbering model of SN advanced
*/
require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php';
/**
* Class to manage Batch numbering rules advanced
*/
class mod_sn_advanced extends ModeleNumRefBatch
{
/**
* Dolibarr version of the loaded document
* @var string
*/
public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr'
/**
* @var string Error message
*/
public $error = '';
/**
* @var string name
*/
public $name = 'sn_advanced';
/**
* Returns the description of the numbering model
*
* @return string Texte descripif
*/
public function info()
{
global $conf, $langs, $db;
$langs->load("bills");
$form = new Form($db);
$texte = $langs->trans('GenericNumRefModelDesc')."<br>\n";
$texte .= '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
$texte .= '<input type="hidden" name="token" value="'.newToken().'">';
$texte .= '<input type="hidden" name="action" value="updateMaskSN">';
$texte .= '<input type="hidden" name="maskconstSN" value="SN_ADVANCED_MASK">';
$texte .= '<table class="nobordernopadding" width="100%">';
$tooltip = $langs->trans("GenericMaskCodes", $langs->transnoentities("Batch"), $langs->transnoentities("Batch"));
$tooltip .= $langs->trans("GenericMaskCodes2");
$tooltip .= $langs->trans("GenericMaskCodes3");
$tooltip .= $langs->trans("GenericMaskCodes4a", $langs->transnoentities("Batch"), $langs->transnoentities("Batch"));
$tooltip .= $langs->trans("GenericMaskCodes5");
// Parametrage du prefix
$texte .= '<tr><td>'.$langs->trans("Mask").':</td>';
$texte .= '<td class="right">'.$form->textwithpicto('<input type="text" class="flat" size="24" name="maskSN" value="'.$conf->global->SN_ADVANCED_MASK.'">', $tooltip, 1, 1).'</td>';
$texte .= '<td class="left" rowspan="2">&nbsp; <input type="submit" class="button" value="'.$langs->trans("Modify").'" name="Button"></td>';
$texte .= '</tr>';
$texte .= '</table>';
$texte .= '</form>';
return $texte;
}
/**
* Return an example of numbering
*
* @return string Example
*/
public function getExample()
{
global $conf, $langs, $mysoc;
$old_code_client = $mysoc->code_client;
$old_code_type = $mysoc->typent_code;
$mysoc->code_client = 'CCCCCCCCCC';
$mysoc->typent_code = 'TTTTTTTTTT';
$numExample = $this->getNextValue($mysoc, '');
$mysoc->code_client = $old_code_client;
$mysoc->typent_code = $old_code_type;
if (!$numExample) {
$numExample = $langs->trans('NotConfigured');
}
return $numExample;
}
/**
* Return next free value
*
* @param Product $objprod Object product
* @param Object $object Object we need next value for
* @return string Value if KO, <0 if KO
*/
public function getNextValue($objprod, $object)
{
global $db, $conf;
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
// We get cursor rule
$mask = $conf->global->BATCH_ADVANCED_MASK;
if (!$mask) {
$this->error = 'NotConfigured';
return 0;
}
$date = $object->date;
$numFinal = get_next_value($db, $mask, 'product_sn', 'ref', '', null, $date);
return $numFinal;
}
}

104
htdocs/core/modules/product_batch/mod_sn_free.php Normal file
View File

@ -0,0 +1,104 @@
<?php
/* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2006-2009 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
* or see https://www.gnu.org/
*/
/**
* \file htdocs/core/modules/product/mod_sn_free.php
* \ingroup productbatch
* \brief File containing class for numbering model of SN free
*/
require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php';
/**
* \class mod_codeproduct_leopard
* \brief Classe permettant la gestion leopard des codes produits
*/
class mod_sn_free extends ModeleNumRefBatch
{
/*
* Attention ce module est utilise par defaut si aucun module n'a
* ete definit dans la configuration
*
* Le fonctionnement de celui-ci doit donc rester le plus ouvert possible
*/
/**
* @var string model name
*/
public $name = 'sn_free';
public $code_modifiable; // Code modifiable
public $code_modifiable_invalide; // Code modifiable si il est invalide
public $code_modifiable_null; // Code modifiables si il est null
public $code_null; // Code facultatif
/**
* Dolibarr version of the loaded document
* @var string
*/
public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr'
/**
* @var int Automatic numbering
*/
public $code_auto;
/**
* Constructor
*/
public function __construct()
{
$this->code_null = 1;
$this->code_modifiable = 1;
$this->code_modifiable_invalide = 1;
$this->code_modifiable_null = 1;
$this->code_auto = 0;
}
/**
* Return description of module
*
* @return string Description of module
*/
public function info()
{
global $langs;
$langs->load("companies");
return $langs->trans("LeopardNumRefModelDesc");
}
/**
* Return an example of result returned by getNextValue
*
* @param product $objproduct Object product
* @param int $type Type of third party (1:customer, 2:supplier, -1:autodetect)
* @return string Return next value
*/
public function getNextValue($objproduct = 0, $type = -1)
{
global $langs;
return '';
}
}

145
htdocs/core/modules/product_batch/mod_sn_standard.php Normal file
View File

@ -0,0 +1,145 @@
<?php
/* Copyright (C) 2005-2010 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2021 Christophe Battarel <christophe@altairis.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
* or see https://www.gnu.org/
*/
/**
* \file htdocs/core/modules/product_batch/mod_sn_standard.php
* \ingroup productbatch
* \brief File of class to manage SN numbering rules standard
*/
require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php';
/**
* Class to manage MO numbering rules standard
*/
class mod_sn_standard extends ModeleNumRefBatch
{
/**
* Dolibarr version of the loaded document
* @var string
*/
public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr'
public $prefix = 'SN';
/**
* @var string Error code (or message)
*/
public $error = '';
/**
* @var string name
*/
public $name = 'sn_standard';
/**
* Return description of numbering module
*
* @return string Text with description
*/
public function info()
{
global $langs;
return $langs->trans("SimpleNumRefModelDesc", $this->prefix);
}
/**
* Return an example of numbering
*
* @return string Example
*/
public function getExample()
{
return $this->prefix."0501-0001";
}
/**
* Checks if the numbers already in the database do not
* cause conflicts that would prevent this numbering working.
*
* @return boolean false if conflict, true if ok
*/
public function canBeActivated()
{
global $conf, $langs, $db;
$coyymm = ''; $max = '';
$posindice = strlen($this->prefix) + 6;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql .= " FROM ".MAIN_DB_PREFIX."product_lot";
$sql .= " WHERE ref LIKE '".$db->escape($this->prefix)."____-%'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql) {
$row = $db->fetch_row($resql);
if ($row) { $coyymm = substr($row[0], 0, 6); $max = $row[0]; }
}
if ($coyymm && !preg_match('/'.$this->prefix.'[0-9][0-9][0-9][0-9]/i', $coyymm)) {
$langs->load("errors");
$this->error = $langs->trans('ErrorNumRefModel', $max);
return false;
}
return true;
}
/**
* Return next free value
*
* @param Product $objprod Object product
* @param Object $object Object we need next value for
* @return string Value if KO, <0 if KO
*/
public function getNextValue($objprod, $object)
{
global $db, $conf;
// First, we get the max value
$posindice = strlen($this->prefix) + 6;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql .= " FROM ".MAIN_DB_PREFIX."product_lot";
$sql .= " WHERE ref LIKE '".$db->escape($this->prefix)."____-%'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
if ($obj) $max = intval($obj->max);
else $max = 0;
} else {
dol_syslog("mod_sn_standard::getNextValue", LOG_DEBUG);
return -1;
}
//$date=time();
$date = $object->date_creation;
$yymm = strftime("%y%m", $date);
if ($max >= (pow(10, 4) - 1)) $num = $max + 1; // If counter > 9999, we do not format on 4 chars, we take number as it is
else $num = sprintf("%04s", $max + 1);
dol_syslog("mod_sn_standard::getNextValue return ".$this->prefix.$yymm."-".$num);
return $this->prefix.$yymm."-".$num;
}
}

86
htdocs/core/modules/product_batch/modules_product_batch.class.php
View File

@ -65,3 +65,89 @@ abstract class ModelePDFProductBatch extends CommonDocGenerator
return $list;
}
}
/**
* Parent class to manage numbering of batch products
*/
abstract class ModeleNumRefBatch
{
/**
* @var string Error code (or message)
*/
public $error = '';
/**
* Return if a module can be used or not
*
* @return boolean true if module can be used
*/
public function isEnabled()
{
return true;
}
/**
* Returns the default description of the numbering template
*
* @return string Texte descripif
*/
public function info()
{
global $langs;
$langs->load("productbatch");
return $langs->trans("NoDescription");
}
/**
* Returns an example of numbering
*
* @return string Example
*/
public function getExample()
{
global $langs;
$langs->load("productbatch");
return $langs->trans("NoExample");
}
/**
* Checks if the numbers already in the database do not
* cause conflicts that would prevent this numbering working.
*
* @return boolean false if conflict, true if ok
*/
public function canBeActivated()
{
return true;
}
/**
* Returns next assigned value
*
* @param Societe $objsoc Object thirdparty
* @param Object $object Object we need next value for
* @return string Valeur
*/
public function getNextValue($objsoc, $object)
{
global $langs;
return $langs->trans("NotAvailable");
}
/**
* Returns version of numbering module
*
* @return string Valeur
*/
public function getVersion()
{
global $langs;
$langs->load("admin");
if ($this->version == 'development') return $langs->trans("VersionDevelopment");
if ($this->version == 'experimental') return $langs->trans("VersionExperimental");
if ($this->version == 'dolibarr') return DOL_VERSION;
if ($this->version) return $this->version;
return $langs->trans("NotAvailable");
}
}

1
htdocs/core/modules/stock/doc/index.html Normal file
View File

@ -0,0 +1 @@

2
htdocs/core/tpl/extrafields_view.tpl.php
View File

@ -81,7 +81,7 @@ if (empty($reshook) && is_array($extrafields->attributes[$object->table_element]
if ($perms && isset($extrafields->attributes[$object->table_element]['perms'][$tmpkeyextra])) {
$perms = dol_eval($extrafields->attributes[$object->table_element]['perms'][$tmpkeyextra], 1);
}
//print $tmpkeyextra.'-'.$enabled.'-'.$perms.'-'.$tmplabelextra.$_POST["options_" . $tmpkeyextra].'<br>'."\n";
//print $tmpkeyextra.'-'.$enabled.'-'.$perms.'<br>'."\n";
if (empty($enabled)) {
continue; // 0 = Never visible field

15
htdocs/don/payment/payment.php
View File

@ -29,9 +29,10 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
$langs->load("bills");
$chid = GETPOST("rowid");
$chid = GETPOST("rowid", 'int');
$action = GETPOST('action', 'aZ09');
$amounts = array();
$cancel = GETPOST('cancel');
// Security check
$socid = 0;
@ -49,15 +50,15 @@ $object = new Don($db);
if ($action == 'add_payment') {
$error = 0;
if ($_POST["cancel"]) {
if ($cancel) {
$loc = DOL_URL_ROOT.'/don/card.php?rowid='.$chid;
header("Location: ".$loc);
exit;
}
$datepaid = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
$datepaid = dol_mktime(12, 0, 0, GETPOST("remonth"), GETPOST("reday"), GETPOST("reyear"));
if (!$_POST["paymenttype"] > 0) {
if (!(GETPOST("paymenttype") > 0)) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")), null, 'errors');
$error++;
}
@ -65,7 +66,7 @@ if ($action == 'add_payment') {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Date")), null, 'errors');
$error++;
}
if (!empty($conf->banque->enabled) && !$_POST["accountid"] > 0) {
if (!empty($conf->banque->enabled) && !(GETPOST("accountid", 'int') > 0)) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("AccountToCredit")), null, 'errors');
$error++;
}
@ -183,8 +184,8 @@ if ($action == 'create') {
print '<table class="border centpercent tableforfieldcreate">';
print '<tr><td class="fieldrequired">'.$langs->trans("Date").'</td><td colspan="2">';
$datepaid = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
$datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (empty($_POST["remonth"]) ?-1 : $datepaid) : 0;
$datepaid = dol_mktime(12, 0, 0, GETPOST("remonth"), GETPOST("reday"), GETPOST("reyear"));
$datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (GETPOST("remonth") ? $datepaid : -1) : 0;
print $form->selectDate($datepayment, '', 0, 0, 0, "add_payment", 1, 1, 0, '', '', $object->date, '', 1, $langs->trans("DonationDate"));
print "</td>";
print '</tr>';

3
htdocs/eventorganization/conferenceorbooth_card.php
View File

@ -202,9 +202,6 @@ if ($action == 'create') {
print dol_get_fiche_head(array(), '');
// Set some default values
//if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue';
print '<table class="border centpercent tableforfieldcreate">'."\n";
// Common attributes

4
htdocs/expedition/card.php
View File

@ -281,8 +281,8 @@ if (empty($reshook)) {
$totalqty += $subtotalqty;
} else {
// No detail were provided for lots
if (!empty($_POST[$qty])) {
// No detail were provided for lots, so if a qty was provided, we can show an error.
if (GETPOST($qty)) {
// We try to set an amount
// Case we dont use the list of available qty for each warehouse/lot
// GUI does not allow this yet

2
htdocs/expensereport/card.php
View File

@ -2257,7 +2257,7 @@ if ($action == 'create') {
// VAT
print '<td class="right">';
print $form->load_tva('vatrate', (isset($_POST["vatrate"]) ? $_POST["vatrate"] : $line->vatrate), $mysoc, '', 0, 0, '', false, 1);
print $form->load_tva('vatrate', (GETPOSTISSET("vatrate") ? GETPOST("vatrate") : $line->vatrate), $mysoc, '', 0, 0, '', false, 1);
print '</td>';
// Unit price

7
htdocs/expensereport/payment/payment.php
View File

@ -36,6 +36,7 @@ $ref = GETPOST('ref', 'alpha');
$action = GETPOST('action', 'aZ09');
$amounts = array();
$accountid = GETPOST('accountid', 'int');
$cancel = GETPOST('cancel');
// Security check
$socid = 0;
@ -51,7 +52,7 @@ if ($user->socid > 0) {
if ($action == 'add_payment') {
$error = 0;
if ($_POST["cancel"]) {
if ($cancel) {
$loc = DOL_URL_ROOT.'/expensereport/card.php?id='.$id;
header("Location: ".$loc);
exit;
@ -64,9 +65,9 @@ if ($action == 'add_payment') {
setEventMessages($expensereport->error, $expensereport->errors, 'errors');
}
$datepaid = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
$datepaid = dol_mktime(12, 0, 0, GETPOST("remonth", 'int'), GETPOST("reday", 'int'), GETPOST("reyear", 'int'));
if (!($_POST["fk_typepayment"] > 0)) {
if (!(GETPOST("fk_typepayment", 'int') > 0)) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")), null, 'errors');
$error++;
}

0
htdocs/externalsite/admin/index.html
View File

20
htdocs/externalsite/admin/externalsite.php → htdocs/externalsite/admin/index.php
View File

@ -21,9 +21,9 @@
*/
/**
* \file htdocs/externalsite/admin/externalsite.php
* \file htdocs/externalsite/admin/index.php
* \ingroup externalsite
* \brief Page de configuration du module externalsite
* \brief Page to setup module external site
*/
if (!defined('NOSCANPOSTFORINJECTION')) {
@ -41,18 +41,24 @@ if (!$user->admin) {
// Load translation files required by the page
$langs->loadLangs(array('admin', 'other', 'externalsite'));
$def = array();
$action = GETPOST('action', 'aZ09');
/*
* Actions
*/
// Sauvegardes parametres
if ($action == 'update') {
$i = 0;
$db->begin();
$label = GETPOST('EXTERNALSITE_LABEL', 'alpha');
$exturl = GETPOST('EXTERNALSITE_URL', 'restricthtml');
$label = GETPOST('EXTERNALSITE_LABEL', 'alphanohtml');
$exturl = GETPOST('EXTERNALSITE_URL', 'none');
$exturl = dol_string_onlythesehtmltags($exturl, 1, 1, 0, 1);
$exturl = dol_string_onlythesehtmlattributes($exturl);
$i += dolibarr_set_const($db, 'EXTERNALSITE_LABEL', trim($label), 'chaine', 0, '', $conf->entity);
$i += dolibarr_set_const($db, 'EXTERNALSITE_URL', trim($exturl), 'chaine', 0, '', $conf->entity);
@ -77,7 +83,7 @@ $linkback = '<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_valu
print load_fiche_titre($langs->trans("ExternalSiteSetup"), $linkback, 'title_setup');
print '<br>';
print $langs->trans("Module100Desc")."<br>\n";
print '<span class="opacitymedium">'.$langs->trans("Module100Desc")."</span><br>\n";
print '<br>';
print '<form name="externalsiteconfig" action="'.$_SERVER["PHP_SELF"].'" method="POST">';

4
htdocs/fichinter/card.php
View File

@ -875,9 +875,9 @@ if ($action == 'create') {
print '<tr><td>'.$langs->trans("Project").'</td><td>';
/* Fix: If a project must be linked to any companies (suppliers or not), project must be not be set as limited to customer but must be not linked to any particular thirdparty
if ($societe->fournisseur==1)
$numprojet=select_projects(-1,$_POST["projectid"],'projectid');
$numprojet=select_projects(-1, GETPOST("projectid", 'int'), 'projectid');
else
$numprojet=select_projects($societe->id,$_POST["projectid"],'projectid');
$numprojet=select_projects($societe->id, GETPOST("projectid", 'int'), 'projectid');
*/
$numprojet = $formproject->select_projects($soc->id, $projectid, 'projectid');
if ($numprojet == 0) {

2
htdocs/fourn/commande/card.php
View File

@ -1883,7 +1883,7 @@ if ($action == 'create') {
// Confirmation de l'envoi de la commande
if ($action == 'commande') {
$date_com = dol_mktime(GETPOST('rehour'), GETPOST('remin'), GETPOST('resec'), GETPOST("remonth"), GETPOST("reday"), GETPOST("reyear"));
$formconfirm = $form->formconfirm($_SERVER['PHP_SELF']."?id=".$object->id."&datecommande=".$date_com."&methode=".$_POST["methodecommande"]."&comment=".urlencode($_POST["comment"]), $langs->trans("MakeOrder"), $langs->trans("ConfirmMakeOrder", dol_print_date($date_com, 'day')), "confirm_commande", '', 0, 2);
$formconfirm = $form->formconfirm($_SERVER['PHP_SELF']."?id=".$object->id."&datecommande=".$date_com."&methode=".GETPOST("methodecommande")."&comment=".urlencode(GETPOST("comment")), $langs->trans("MakeOrder"), $langs->trans("ConfirmMakeOrder", dol_print_date($date_com, 'day')), "confirm_commande", '', 0, 2);
}
// Confirmation to delete line

2
htdocs/fourn/commande/dispatch.php
View File

@ -1046,7 +1046,7 @@ if ($id > 0 || !empty($ref)) {
if (empty($conf->reception->enabled)) {
print $langs->trans("Comment").' : ';
print '<input type="text" class="minwidth400" maxlength="128" name="comment" value="';
print $_POST["comment"] ? GETPOST("comment") : $langs->trans("DispatchSupplierOrder", $object->ref);
print GETPOSTISSET("comment") ? GETPOST("comment") : $langs->trans("DispatchSupplierOrder", $object->ref);
// print ' / '.$object->ref_supplier; // Not yet available
print '" class="flat"><br>';

18
htdocs/fourn/facture/card.php
View File

@ -417,13 +417,11 @@ if (empty($reshook)) {
dol_print_error($db, $object->error);
}
} elseif ($action == "setabsolutediscount" && $usercancreate) {
// POST[remise_id] or POST[remise_id_for_payment]
// We use the credit to reduce amount of invoice
if (!empty($_POST["remise_id"])) {
if (GETPOST("remise_id", "int")) {
$ret = $object->fetch($id);
if ($ret > 0) {
$result = $object->insert_discount($_POST["remise_id"]);
$result = $object->insert_discount(GETPOST("remise_id", "int"));
if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');
}
@ -432,10 +430,10 @@ if (empty($reshook)) {
}
}
// We use the credit to reduce remain to pay
if (!empty($_POST["remise_id_for_payment"])) {
if (GETPOST("remise_id_for_payment", "int")) {
require_once DOL_DOCUMENT_ROOT.'/core/class/discount.class.php';
$discount = new DiscountAbsolute($db);
$discount->fetch($_POST["remise_id_for_payment"]);
$discount->fetch(GETPOST("remise_id_for_payment", "int"));
//var_dump($object->getRemainToPay(0));
//var_dump($discount->amount_ttc);exit;
@ -1082,14 +1080,14 @@ if (empty($reshook)) {
$prod = new Product($db);
$prod->fetch(GETPOST('productid'));
$label = $prod->description;
if (trim($_POST['product_desc']) != trim($label)) {
$label = $_POST['product_desc'];
if (trim(GETPOST('product_desc', 'restricthtml')) != trim($label)) {
$label = GETPOST('product_desc', 'restricthtml');
}
$type = $prod->type;
} else {
$label = $_POST['product_desc'];
$type = $_POST["type"] ? $_POST["type"] : 0;
$label = GETPOST('product_desc', 'restricthtml');
$type = GETPOST("type") ? GETPOST("type") : 0;
}
$date_start = dol_mktime(GETPOST('date_starthour'), GETPOST('date_startmin'), GETPOST('date_startsec'), GETPOST('date_startmonth'), GETPOST('date_startday'), GETPOST('date_startyear'));

6
htdocs/ftp/admin/ftpclient.php
View File

@ -58,8 +58,8 @@ if ($result) {
}
if ($action == 'add' || GETPOST('modify', 'alpha')) {
$ftp_name = "FTP_NAME_".$entry; // $_POST["numero_entry"];
$ftp_server = "FTP_SERVER_".$entry; //$_POST["numero_entry"];
$ftp_name = "FTP_NAME_".$entry;
$ftp_server = "FTP_SERVER_".$entry;
$error = 0;
@ -203,7 +203,7 @@ if (!function_exists('ftp_connect')) {
print '<tr class="impair">';
print '<td>'.$langs->trans("FTPPassiveMode").'</td>';
$defaultpassive = GETPOST("FTP_PASSIVE_".($lastftpentry + 1));
if (!isset($_POST["FTP_PASSIVE_".($lastftpentry + 1)])) {
if (!GETPOSTISSET("FTP_PASSIVE_".($lastftpentry + 1))) {
$defaultpassive = empty($conf->global->FTP_SUGGEST_PASSIVE_BYDEFAULT) ? 0 : 1;
}
print '<td>'.$form->selectyesno('FTP_PASSIVE_'.($lastftpentry + 1), $defaultpassive, 2).'</td>';

6
htdocs/hrm/establishment/card.php
View File

@ -80,9 +80,9 @@ if ($action == 'confirm_delete' && $confirm == "yes") {
if (empty($error)) {
$object->address = GETPOST('address', 'alpha');
$object->zip = GETPOST('zipcode', 'alpha');
$object->town = GETPOST('town', 'alpha');
$object->country_id = $_POST["country_id"];
$object->zip = GETPOST('zipcode', 'alpha');
$object->town = GETPOST('town', 'alpha');
$object->country_id = GETPOST("country_id", 'int');
$object->status = GETPOST('status', 'int');
$object->fk_user_author = $user->id;
$object->datec = dol_now();

71
htdocs/install/mysql/data/llx_c_forme_juridique.sql
View File

@ -8,8 +8,13 @@
-- Copyright (C) 2010-2016 Juanjo Menent <jmenent@2byte.es>
-- Copyright (C) 2012 Sebastian Neuwert <sebastian.neuwert@modula71.de>
-- Copyright (C) 2012 Tommaso Basilici <t.basilici@19.coop>
-- Copyright (C) 2012 Ricardo Schluter <info@ripasch.nl>
-- Copyright (C) 2013 Cedric GROSS <c.gross@kreiz-it.fr>
-- Copyright (C) 2012 Ricardo Schluter <info@ripasch.nl>
-- Copyright (C) 2013 Cedric GROSS <c.gross@kreiz-it.fr>
-- Copyright (C) 2020-2021 Udo Tamm <dev@dolibit.de>
--
-- LICENSE ---------------------------------------------------------------
--
-- This program is free software; you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
@ -25,14 +30,24 @@
-- along with this program. If not, see <https://www.gnu.org/licenses/>.
--
-- WARNING ----------------------------------------------------------------
--
-- EN:
-- Do not put a comment at the end of the line, this file is parsed during
-- install and all '--' symbols are removed.
--
-- FR:
-- Ne pas placer de commentaire en fin de ligne, ce fichier est parsé lors
-- de l'install et tous les sigles '--' sont supprimés.
--
-- CONTENT ----------------------------------------------------------------
--
-- Formes juridiques
-- Legal Formes (en) / Formes juridiques (fr)
--
-- fk_pays = country_id
--
delete from llx_c_forme_juridique;
@ -54,6 +69,7 @@ INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (23, '
INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (23, '2312', 'Sociedad Anónima con Participación Estatal Mayoritaria', 1);
INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (23, '2313', 'Sociedad en Comandita por Acciones (arts. 315 a 324, LSC)', 1);
-- Austria
INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (41, '4100', 'GmbH - Gesellschaft mit beschränkter Haftung', 1);
INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (41, '4101', 'GesmbH - Gesellschaft mit beschränkter Haftung', 1);
@ -71,6 +87,31 @@ INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (41, '
INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (41, '4113', 'GesnbR - Gesellschaft nach bürgerlichem Recht', 1);
INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (41, '4114', 'e.U. - eingetragener Einzelunternehmer', 1);
-- Belgium
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '200', 'Indépendant');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '201', 'SRL - Société à responsabilité limitée');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '202', 'SA - Société Anonyme');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '203', 'SCRL - Société coopérative à responsabilité limitée');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '204', 'ASBL - Association sans but Lucratif');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '205', 'SCRI - Société coopérative à responsabilité illimitée');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '206', 'SCS - Société en commandite simple');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '207', 'SCA - Société en commandite par action');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '208', 'SNC - Société en nom collectif');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '209', 'GIE - Groupement d intérêt économique');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '210', 'GEIE - Groupement européen d intérêt économique');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '220', 'Eenmanszaak');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '221', 'BVBA - Besloten vennootschap met beperkte aansprakelijkheid');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '222', 'NV - Naamloze Vennootschap');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '223', 'CVBA - Coöperatieve vennootschap met beperkte aansprakelijkheid');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '224', 'VZW - Vereniging zonder winstoogmerk');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '225', 'CVOA - Coöperatieve vennootschap met onbeperkte aansprakelijkheid ');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '226', 'GCV - Gewone commanditaire vennootschap');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '227', 'Comm.VA - Commanditaire vennootschap op aandelen');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '228', 'VOF - Vennootschap onder firma');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '229', 'VS0 - Vennootschap met sociaal oogmerk');
-- France: Extrait de http://www.insee.fr/fr/nom_def_met/nomenclatures/cj/cjniveau2.htm
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (1,'11','Artisan Commerçant (EI)');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (1,'12','Commerçant (EI)');
@ -127,28 +168,6 @@ insert into llx_c_forme_juridique (fk_pays, code, libelle) values (1,'92','Assoc
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (1,'93','Fondation');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (1,'99','Personne morale de droit privé');
-- Belgium
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '200', 'Indépendant');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '201', 'SRL - Société à responsabilité limitée');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '202', 'SA - Société Anonyme');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '203', 'SCRL - Société coopérative à responsabilité limitée');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '204', 'ASBL - Association sans but Lucratif');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '205', 'SCRI - Société coopérative à responsabilité illimitée');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '206', 'SCS - Société en commandite simple');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '207', 'SCA - Société en commandite par action');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '208', 'SNC - Société en nom collectif');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '209', 'GIE - Groupement d intérêt économique');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '210', 'GEIE - Groupement européen d intérêt économique');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '220', 'Eenmanszaak');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '221', 'BVBA - Besloten vennootschap met beperkte aansprakelijkheid');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '222', 'NV - Naamloze Vennootschap');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '223', 'CVBA - Coöperatieve vennootschap met beperkte aansprakelijkheid');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '224', 'VZW - Vereniging zonder winstoogmerk');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '225', 'CVOA - Coöperatieve vennootschap met onbeperkte aansprakelijkheid ');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '226', 'GCV - Gewone commanditaire vennootschap');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '227', 'Comm.VA - Commanditaire vennootschap op aandelen');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '228', 'VOF - Vennootschap onder firma');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '229', 'VS0 - Vennootschap met sociaal oogmerk');
-- Germany
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (5, '500', 'GmbH - Gesellschaft mit beschränkter Haftung');
@ -160,6 +179,8 @@ insert into llx_c_forme_juridique (fk_pays, code, libelle) values (5, '505', 'Gb
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (5, '506', 'KG - Kommanditgesellschaft');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (5, '507', 'Ltd. - Limited Company');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (5, '508', 'OHG - Offene Handelsgesellschaft');
insert into llx_c_forme_juridique (fk_pays, code, libelle) values (5, '509', 'eG - eingetragene Genossenschaft');
-- Denmark
INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle) VALUES (80, '8001', 'Aktieselvskab A/S');

1
htdocs/install/pgsql/functions/functions.sql
View File

@ -52,6 +52,7 @@ CREATE OR REPLACE FUNCTION DAY(TIMESTAMP WITH TIME ZONE) RETURNS INTEGER AS $$ S
CREATE OR REPLACE FUNCTION DAY(DATE) RETURNS INTEGER AS $$ SELECT EXTRACT(DAY FROM $1)::INTEGER; $$ LANGUAGE SQL IMMUTABLE;
CREATE OR REPLACE FUNCTION dol_util_rebuild_sequences() RETURNS integer as $body$ DECLARE sequencedefs RECORD; c integer ; BEGIN FOR sequencedefs IN SELECT DISTINCT constraint_column_usage.table_name as tablename, constraint_column_usage.table_name as tablename, constraint_column_usage.column_name as columnname, replace(replace(columns.column_default,'''::regclass)',''),'nextval(''','') as sequencename from information_schema.constraint_column_usage, information_schema.columns, information_schema.sequences where constraint_column_usage.table_schema ='public' AND columns.table_schema = 'public' AND columns.table_name=constraint_column_usage.table_name AND constraint_column_usage.column_name IN ('rowid','id') AND constraint_column_usage.column_name = columns.column_name AND columns.column_default is not null AND replace(replace(columns.column_default,'''::regclass)',''),'nextval(''','')=sequence_name LOOP EXECUTE 'select max('||sequencedefs.columnname||') from ' || sequencedefs.tablename INTO c; IF c is null THEN c = 0; END IF; IF c is not null THEN c = c+ 1; END IF; EXECUTE 'alter sequence ' || sequencedefs.sequencename ||' restart with ' || c; END LOOP; RETURN 1; END; $body$ LANGUAGE plpgsql;
-- You can call the function with SELECT dol_util_rebuild_sequences();
CREATE OR REPLACE FUNCTION dol_util_triggerall(DoEnable boolean) RETURNS integer AS $BODY$ DECLARE mytables RECORD; BEGIN FOR mytables IN SELECT relname FROM pg_class WHERE relhastriggers IS TRUE AND relkind = 'r' AND NOT relname LIKE 'pg_%' LOOP IF DoEnable THEN EXECUTE 'ALTER TABLE ' || mytables.relname || ' ENABLE TRIGGER ALL'; ELSE EXECUTE 'ALTER TABLE ' || mytables.relname || ' DISABLE TRIGGER ALL'; END IF; END LOOP; RETURN 1; END; $BODY$ LANGUAGE plpgsql;

24
htdocs/install/repair.php
View File

@ -94,6 +94,8 @@ print 'Option repair_link_dispatch_lines_supplier_order_lines, (\'test\' or \'co
print 'Option set_empty_time_spent_amount (\'test\' or \'confirmed\') is '.(GETPOST('set_empty_time_spent_amount', 'alpha') ?GETPOST('set_empty_time_spent_amount', 'alpha') : 'undefined').'<br>'."\n";
// Structure
print 'Option force_utf8_on_tables, for mysql/mariadb only (\'test\' or \'confirmed\') is '.(GETPOST('force_utf8_on_tables', 'alpha') ?GETPOST('force_utf8_on_tables', 'alpha') : 'undefined').'<br>'."\n";
// Rebuild sequence
print 'Option rebuild_sequences, for postgresql only (\'test\' or \'confirmed\') is '.(GETPOST('rebuild_sequences', 'alpha') ?GETPOST('rebuild_sequences', 'alpha') : 'undefined').'<br>'."\n";
print '<br>';
print '<table cellspacing="0" cellpadding="1" border="0" width="100%">';
@ -172,7 +174,8 @@ $oneoptionset = 0;
$oneoptionset = (GETPOST('standard', 'alpha') || GETPOST('restore_thirdparties_logos', 'alpha') || GETPOST('clean_linked_elements', 'alpha') || GETPOST('clean_menus', 'alpha')
|| GETPOST('clean_orphelin_dir', 'alpha') || GETPOST('clean_product_stock_batch', 'alpha') || GETPOST('set_empty_time_spent_amount', 'alpha') || GETPOST('rebuild_product_thumbs', 'alpha')
|| GETPOST('clean_perm_table', 'alpha')
|| GETPOST('force_disable_of_modules_not_found', 'alpha') || GETPOST('force_utf8_on_tables', 'alpha'));
|| GETPOST('force_disable_of_modules_not_found', 'alpha') || GETPOST('force_utf8_on_tables', 'alpha')
|| GETPOST('rebuild_sequences', 'alpha'));
if ($ok && $oneoptionset) {
// Show wait message
@ -1253,6 +1256,25 @@ if ($ok && GETPOST('force_utf8_on_tables', 'alpha')) {
}
}
// rebuild sequences for pgsql
if ($ok && GETPOST('rebuild_sequences', 'alpha')) {
print '<tr><td colspan="2"><br>*** Force to rebuild sequences (for postgresql only)</td></tr>';
if ($db->type == "pgsql") {
$rebuild_sequence = GETPOST('rebuild_sequences', 'alpha');
if ($rebuild_sequence == 'confirmed') {
$sql = "SELECT dol_util_rebuild_sequences();";
print '<!-- '.$sql.' -->';
$resql = $db->query($sql);
}
} else {
print '<tr><td colspan="2">Not available with database type '.$db->type.'</td></tr>';
}
}
//
if ($ok && GETPOST('repair_link_dispatch_lines_supplier_order_lines')) {
/*

1
htdocs/install/step1.php
View File

@ -231,7 +231,6 @@ if (!$error) {
$databasefortest = 'master';
}
}
//print $_POST["db_type"].",".$_POST["db_host"].",$userroot,$passroot,$databasefortest,".$_POST["db_port"];
$db = getDoliDBInstance($db_type, $db_host, $userroot, $passroot, $databasefortest, $db_port);

2
htdocs/langs/en_US/banks.lang
View File

@ -174,7 +174,7 @@ YourSEPAMandate=Your SEPA mandate
FindYourSEPAMandate=This is your SEPA mandate to authorize our company to make direct debit order to your bank. Return it signed (scan of the signed document) or send it by mail to
AutoReportLastAccountStatement=Automatically fill the field 'number of bank statement' with last statement number when making reconciliation
CashControl=POS cash desk control
NewCashFence=New cash desk closing
NewCashFence=New cash desk opening or closing
BankColorizeMovement=Colorize movements
BankColorizeMovementDesc=If this function is enable, you can choose specific background color for debit or credit movements
BankColorizeMovementName1=Background color for debit movement

2
htdocs/langs/en_US/margins.lang
View File

@ -22,7 +22,7 @@ ProductService=Product or Service
AllProducts=All products and services
ChooseProduct/Service=Choose product or service
ForceBuyingPriceIfNull=Force buying/cost price to selling price if not defined
ForceBuyingPriceIfNullDetails=If buying/cost price not defined, and this option "ON", margin will be zero on line (buying/cost price = selling price), otherwise ("OFF"), marge will be equal to suggested default.
ForceBuyingPriceIfNullDetails=If buying/cost price not provided when we add a new line, and this option is "ON", the margin will be 0 on the new line (buying/cost price = selling price). If this option is "OFF" (recommended), margin will be equal to the value suggested by default (and may be 100% if no default value can be found).
MARGIN_METHODE_FOR_DISCOUNT=Margin method for global discounts
UseDiscountAsProduct=As a product
UseDiscountAsService=As a service

2
htdocs/langs/en_US/productbatch.lang
View File

@ -26,3 +26,5 @@ ShowLogOfMovementIfLot=Show log of movements for couple product/lot
StockDetailPerBatch=Stock detail per lot
SerialNumberAlreadyInUse=Serial number %s is already used for product %s
TooManyQtyForSerialNumber=You can only have one product %s for serial number %S
BatchLotNumberingModules=Options for automatic generation of batch products managed by lots
BatchSerialNumberingModules=Options for automatic generation of batch products managed by serial numbers

2
htdocs/langs/en_US/users.lang
View File

@ -72,7 +72,7 @@ ExportDataset_user_1=Users and their properties
DomainUser=Domain user %s
Reactivate=Reactivate
CreateInternalUserDesc=This form allows you to create an internal user in your company/organization. To create an external user (customer, vendor etc. ..), use the button 'Create Dolibarr User' from that third-party's contact card.
InternalExternalDesc=An <b>internal</b> user is a user that is part of your company/organization.<br>An <b>external</b> user is a customer, vendor or other that must view only data related to himself (Creating an external user for a third-party can be done from the contact record of the third-party).<br><br>In both cases, permissions defines rights on Dolibarr, also external user can have a different menu manager than internal user (See Home - Setup - Display)
InternalExternalDesc=An <b>internal</b> user is a user that is part of your company/organization, or is a partner user outside of your organization that may need to see more data than data related to his company (the permission system will define what he can or can't see or do).<br>An <b>external</b> user is a customer, vendor or other that must view ONLY data related to himself (Creating an external user for a third-party can be done from the contact record of the third-party).<br><br>In both cases, you must grant permissions on the features that the user need.
PermissionInheritedFromAGroup=Permission granted because inherited from one of a user's group.
Inherited=Inherited
UserWillBe=Created user will be

Some files were not shown because too many files have changed in this diff Show More