diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index 99f85b40fc9..cb1f619eedc 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -32,10 +32,11 @@ $langs->load("errors"); $langs->load("admin"); $mode=isset($_GET["mode"])?GETPOST("mode"):(isset($_SESSION['mode'])?$_SESSION['mode']:0); -$mesg=GETPOST("mesg"); -$action=GETPOST('action'); +$action=GETPOST('action','alpha'); +$value=GETPOST('value'); -if (!$user->admin) accessforbidden(); +if (! $user->admin) + accessforbidden(); $specialtostring=array(0=>'common', 1=>'interfaces', 2=>'other', 3=>'functional', 4=>'marketplace'); @@ -46,19 +47,17 @@ $specialtostring=array(0=>'common', 1=>'interfaces', 2=>'other', 3=>'functional' if ($action == 'set' && $user->admin) { - $result=activateModule($_GET["value"]); - $mesg=''; - if ($result) $mesg=$result; - header("Location: modules.php?mode=".$mode."&mesg=".urlencode($mesg)); + $result=activateModule($value); + if ($result) setEventMessage($result, 'errors'); + header("Location: modules.php?mode=".$mode); exit; } if ($action == 'reset' && $user->admin) { - $result=unActivateModule($_GET["value"]); - $mesg=''; - if ($result) $mesg=$result; - header("Location: modules.php?mode=".$mode."&mesg=".urlencode($mesg)); + $result=unActivateModule($value); + if ($result) setEventMessage($result, 'errors'); + header("Location: modules.php?mode=".$mode); exit; } @@ -129,7 +128,8 @@ foreach ($modulesdir as $dir) if (! empty($modNameLoaded[$modName])) { $mesg="Error: Module ".$modName." was found twice: Into ".$modNameLoaded[$modName]." and ".$dir.". You probably have an old file on your disk.
"; - dol_syslog($mesg, LOG_ERR); + setEventMessage($mesg, 'warnings'); + dol_syslog($mesg, LOG_ERR); continue; } @@ -269,9 +269,6 @@ $h++; dol_fiche_head($head, $mode, $langs->trans("Modules")); -dol_htmloutput_errors($mesg); - - if ($mode != 'marketplace') { print "\n"; diff --git a/htdocs/admin/syslog.php b/htdocs/admin/syslog.php index ac09a70a988..5a2b34772a1 100644 --- a/htdocs/admin/syslog.php +++ b/htdocs/admin/syslog.php @@ -51,7 +51,7 @@ if ($action == 'set') $res = dolibarr_del_const($db,"SYSLOG_FILE_ON",0); $res = dolibarr_del_const($db,"SYSLOG_SYSLOG_ON",0); $res = dolibarr_del_const($db,"SYSLOG_FIREPHP_ON",0); - $res = dolibarr_del_const($db,"SYSLOG_CHROMEPHP_ON",0); + $res = dolibarr_del_const($db,"SYSLOG_CHROMEPHP_ON",0); $syslog_file_on=0; $syslog_syslog_on=0; diff --git a/htdocs/cashdesk/index_verif.php b/htdocs/cashdesk/index_verif.php index 98d6aa00561..5f0a2fe73d3 100644 --- a/htdocs/cashdesk/index_verif.php +++ b/htdocs/cashdesk/index_verif.php @@ -32,9 +32,9 @@ $username = GETPOST("txtUsername"); $password = GETPOST("pwdPassword"); $thirdpartyid = (GETPOST('socid','int')!='')?GETPOST('socid','int'):$conf->global->CASHDESK_ID_THIRDPARTY; $warehouseid = (GETPOST("warehouseid")!='')?GETPOST("warehouseid"):$conf->global->CASHDESK_ID_WAREHOUSE; -$bankid_cash = (GETPOST("CASHDESK_ID_BANKACCOUNT_CASH")!='')?GETPOST("CASHDESK_ID_BANKACCOUNT_CASH"):$conf->global->CASHDESK_ID_BANKACCOUNT_CASH; -$bankid_cheque = (GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE")!='')?GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE"):$conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE; -$bankid_cb = (GETPOST("CASHDESK_ID_BANKACCOUNT_CB")!='')?GETPOST("CASHDESK_ID_BANKACCOUNT_CB"):$conf->global->CASHDESK_ID_BANKACCOUNT_CB; +$bankid_cash = (GETPOST("CASHDESK_ID_BANKACCOUNT_CASH")!='')?GETPOST("CASHDESK_ID_BANKACCOUNT_CASH"):$conf->global->CASHDESK_ID_BANKACCOUNT_CASH; +$bankid_cheque = (GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE")!='')?GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE"):$conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE; +$bankid_cb = (GETPOST("CASHDESK_ID_BANKACCOUNT_CB")!='')?GETPOST("CASHDESK_ID_BANKACCOUNT_CB"):$conf->global->CASHDESK_ID_BANKACCOUNT_CB; // Check username if (empty($username)) diff --git a/htdocs/cashdesk/tpl/facturation1.tpl.php b/htdocs/cashdesk/tpl/facturation1.tpl.php index ade62360036..acb900e8905 100644 --- a/htdocs/cashdesk/tpl/facturation1.tpl.php +++ b/htdocs/cashdesk/tpl/facturation1.tpl.php @@ -195,7 +195,7 @@ $langs->load("cashdesk"); if (empty($_SESSION['CASHDESK_ID_BANKACCOUNT_CHEQUE']) || $_SESSION['CASHDESK_ID_BANKACCOUNT_CHEQUE'] < 0) { $langs->load("errors"); - print ''; + print ''; } else print ''; print ''; @@ -203,7 +203,7 @@ $langs->load("cashdesk"); if (empty($_SESSION['CASHDESK_ID_BANKACCOUNT_CB']) || $_SESSION['CASHDESK_ID_BANKACCOUNT_CB'] < 0) { $langs->load("errors"); - print ''; + print ''; } else print ''; print ''; diff --git a/htdocs/categories/categorie.php b/htdocs/categories/categorie.php index a69ded5360d..05ff763d67f 100644 --- a/htdocs/categories/categorie.php +++ b/htdocs/categories/categorie.php @@ -39,7 +39,7 @@ $type = GETPOST('type'); $mesg = GETPOST('mesg'); $removecat = GETPOST('removecat','int'); -$catMere=GETPOST('catMere','int'); +$parent=GETPOST('parent','int'); $dbtablename = ''; @@ -122,7 +122,7 @@ if ($removecat > 0) } // Add object into a category -if ($catMere > 0) +if ($parent > 0) { if ($type==0 && ($user->rights->produit->creer || $user->rights->service->creer)) { @@ -151,7 +151,7 @@ if ($catMere > 0) $elementtype = 'member'; } $cat = new Categorie($db); - $result=$cat->fetch($catMere); + $result=$cat->fetch($parent); $result=$cat->add_type($object,$elementtype); if ($result >= 0) diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index a2f4a7b0e50..c7ffdc63753 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -31,8 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.class.php'; /** - * \class Categorie - * \brief Class to manage categories + * Class to manage categories */ class Categorie { @@ -45,6 +44,7 @@ class Categorie var $description; var $socid; var $type; // 0=Product, 1=Supplier, 2=Customer/Prospect, 3=Member + var $import_key; var $cats=array(); // Tableau en memoire des categories @@ -71,7 +71,7 @@ class Categorie $sql.= " FROM ".MAIN_DB_PREFIX."categorie"; $sql.= " WHERE rowid = ".$id; - dol_syslog("Categorie::fetch sql=".$sql); + dol_syslog(get_class($this)."::fetch sql=".$sql); $resql = $this->db->query($sql); if ($resql) { @@ -114,6 +114,9 @@ class Categorie $error=0; // Clean parameters + $this->label = trim($this->label); + $this->description = trim($this->description); + $this->import_key = trim($this->import_key); if (empty($this->visible)) $this->visible=0; $this->fk_parent = ($this->fk_parent != "" ? intval($this->fk_parent) : 0); @@ -128,21 +131,30 @@ class Categorie $this->db->begin(); dol_syslog(get_class($this).'::create sql='.$sql); - $sql = "INSERT INTO ".MAIN_DB_PREFIX."categorie (fk_parent, label, description,"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."categorie ("; + $sql.= "fk_parent,"; + $sql.= " label,"; + $sql.= " description,"; if (! empty($conf->global->CATEGORY_ASSIGNED_TO_A_CUSTOMER)) { $sql.= "fk_soc,"; } $sql.= " visible,"; $sql.= " type,"; + $sql.= " import_key,"; $sql.= " entity"; - $sql.= ")"; - $sql.= " VALUES (".$this->fk_parent.",'".$this->db->escape($this->label)."', '".$this->db->escape($this->description)."',"; + $sql.= ") VALUES ("; + $sql.= $this->fk_parent.","; + $sql.= "'".$this->db->escape($this->label)."',"; + $sql.= "'".$this->db->escape($this->description)."',"; if (! empty($conf->global->CATEGORY_ASSIGNED_TO_A_CUSTOMER)) { $sql.= ($this->socid != -1 ? $this->socid : 'null').","; } - $sql.= "'".$this->visible."',".$this->type.",".$conf->entity; + $sql.= "'".$this->visible."',"; + $sql.= $this->type.","; + $sql.= (! empty($this->import_key)?"'".$this->db->escape($this->import_key)."'":'null').","; + $sql.= $conf->entity; $sql.= ")"; dol_syslog(get_class($this).'::create sql='.$sql); @@ -223,7 +235,7 @@ class Categorie $sql .= ", fk_parent = ".$this->fk_parent; $sql .= " WHERE rowid = ".$this->id; - dol_syslog("Categorie::update sql=".$sql); + dol_syslog(get_class($this)."::update sql=".$sql); if ($this->db->query($sql)) { $this->db->commit(); @@ -257,7 +269,7 @@ class Categorie $error=0; - dol_syslog("Categorie::remove"); + dol_syslog(get_class($this)."::remove"); $this->db->begin(); @@ -537,7 +549,7 @@ class Categorie $sql.= " WHERE c.entity IN (".getEntity('category',1).")"; $sql.= " AND c.type = ".$type; - dol_syslog("Categorie::get_full_arbo get category list sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::get_full_arbo get category list sql=".$sql, LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -559,7 +571,7 @@ class Categorie } // We add the fullpath property to each elements of first level (no parent exists) - dol_syslog("Categorie::get_full_arbo call to build_path_from_id_categ", LOG_DEBUG); + dol_syslog(get_class($this)."::get_full_arbo call to build_path_from_id_categ", LOG_DEBUG); foreach($this->cats as $key => $val) { $this->build_path_from_id_categ($key,0); // Process a branch from the root category key (this category has no parent) @@ -585,7 +597,7 @@ class Categorie } } - dol_syslog("Categorie::get_full_arbo dol_sort_array", LOG_DEBUG); + dol_syslog(get_class($this)."::get_full_arbo dol_sort_array", LOG_DEBUG); $this->cats=dol_sort_array($this->cats, 'fulllabel', 'asc', true, false); //$this->debug_cats(); @@ -602,12 +614,12 @@ class Categorie */ function build_path_from_id_categ($id_categ,$protection=0) { - dol_syslog("Categorie::build_path_from_id_categ id_categ=".$id_categ." protection=".$protection, LOG_DEBUG); + dol_syslog(get_class($this)."::build_path_from_id_categ id_categ=".$id_categ." protection=".$protection, LOG_DEBUG); //if (! empty($this->cats[$id_categ]['fullpath'])) //{ // Already defined - // dol_syslog("Categorie::build_path_from_id_categ fullpath and fulllabel already defined", LOG_WARNING); + // dol_syslog(get_class($this)."::build_path_from_id_categ fullpath and fulllabel already defined", LOG_WARNING); // return; //} @@ -637,7 +649,7 @@ class Categorie // Protection when a category has itself as a child (should not happen) if ($idchild == $id_categ) { - dol_syslog("Categorie::build_path_from_id_categ bad couple (".$idchild.",".$id_categ.") in association table: An entry should not have itself has child", LOG_WARNING); + dol_syslog(get_class($this)."::build_path_from_id_categ bad couple (".$idchild.",".$id_categ.") in association table: An entry should not have itself has child", LOG_WARNING); continue; } @@ -990,12 +1002,13 @@ class Categorie * @param int $id Id * @param string $nom Name * @param string $type Type - * @param boolean $exact Ture or false - * @return array Array of category id + * @param boolean $exact Exact string search (true/false) + * @param boolean $case Case sensitive (true/false) + * @return array Array of category id */ - function rechercher($id, $nom, $type, $exact = false) + function rechercher($id, $nom, $type, $exact = false, $case = false) { - $cats = array (); + $cats = array(); // Generation requete recherche $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."categorie"; @@ -1004,14 +1017,15 @@ class Categorie if ($nom) { if (! $exact) - { $nom = '%'.str_replace('*', '%', $nom).'%'; - } - $sql.= "AND label LIKE '".$nom."'"; + if (! $case) + $sql.= " AND label LIKE '".$this->db->escape($nom)."'"; + else + $sql.= " AND label LIKE BINARY '".$this->db->escape($nom)."'"; } if ($id) { - $sql.="AND rowid = '".$id."'"; + $sql.=" AND rowid = '".$id."'"; } $res = $this->db->query($sql); @@ -1029,7 +1043,7 @@ class Categorie else { $this->error=$this->db->error().' sql='.$sql; - dol_syslog("Categorie::rechercher ".$this->error, LOG_ERR); + dol_syslog(get_class($this)."::rechercher ".$this->error, LOG_ERR); return -1; } } diff --git a/htdocs/categories/index.php b/htdocs/categories/index.php index 0f0915d7dd2..df9d0fc0eab 100644 --- a/htdocs/categories/index.php +++ b/htdocs/categories/index.php @@ -257,7 +257,7 @@ foreach($fulltree as $key => $val) $categstatic->id=$val['id']; $categstatic->ref=$val['label']; $categstatic->type=$type; - print '  '.$categstatic->getNomUrl(0,'',28); + print '  '.$categstatic->getNomUrl(0,'',60); //print '  '.dol_trunc($val['label'],28); //if ($section == $val['id']) print ''; diff --git a/htdocs/comm/action/class/ical.class.php b/htdocs/comm/action/class/ical.class.php index e5b23d8c41e..b2af65fcfb4 100644 --- a/htdocs/comm/action/class/ical.class.php +++ b/htdocs/comm/action/class/ical.class.php @@ -25,8 +25,8 @@ */ -/** - * Class to parse ICal calendars +/** + * Class to parse ICal calendars */ class ICal { diff --git a/htdocs/comm/fiche.php b/htdocs/comm/fiche.php index e760ff7c393..b17b15d3ff9 100644 --- a/htdocs/comm/fiche.php +++ b/htdocs/comm/fiche.php @@ -778,7 +778,7 @@ if ($id > 0) { $langs->load("bills"); - if($orders2invoice > 0) print ''.$langs->trans("CreateInvoiceForThisCustomer").''; + if($orders2invoice > 0) print ''.$langs->trans("CreateInvoiceForThisCustomer").''; else print ''.$langs->trans("CreateInvoiceForThisCustomer").''; if ($object->client != 0) print ''.$langs->trans("AddBill").''; diff --git a/htdocs/commande/liste.php b/htdocs/commande/liste.php index c8c6198e154..89641178ab4 100644 --- a/htdocs/commande/liste.php +++ b/htdocs/commande/liste.php @@ -221,8 +221,8 @@ if ($resql) $title.=' - '.$langs->trans('StatusOrderCanceledShort'); if ($viewstatut == -2) $title.=' - '.$langs->trans('StatusOrderToProcessShort'); - if ($viewstatut == -3) - $title.=' - '.$langs->trans('StatusOrderValidated').', '.$langs->trans("StatusOrderSent").', '.$langs->trans('StatusOrderToBill'); + if ($viewstatut == -3) + $title.=' - '.$langs->trans('StatusOrderValidated').', '.$langs->trans("StatusOrderSent").', '.$langs->trans('StatusOrderToBill'); $param='&socid='.$socid.'&viewstatut='.$viewstatut; if ($ordermonth) $param.='&ordermonth='.$ordermonth; @@ -331,9 +331,9 @@ if ($resql) print ' '; // If module invoices enabled and user with invoice creation permissions - if (! empty($conf->facture->enabled)) - { - if ($user->rights->facture->creer) + if (! empty($conf->facture->enabled)) + { + if ($user->rights->facture->creer) { if (($objp->fk_statut > 0 && $objp->fk_statut < 3) || ($objp->fk_statut == 3 && $objp->facturee == 0)) diff --git a/htdocs/contact/fiche.php b/htdocs/contact/fiche.php index 90a6fcd04bf..7beb9e56799 100644 --- a/htdocs/contact/fiche.php +++ b/htdocs/contact/fiche.php @@ -438,10 +438,10 @@ else print ''; $rowspan=3; - if (empty($conf->global->SOCIETE_DISABLE_STATE)) $rowspan++; + if (empty($conf->global->SOCIETE_DISABLE_STATE)) $rowspan++; print ''; print ''; @@ -657,7 +657,7 @@ else print ''; + print ''; // Zip / Town print ''; - print ''; + print ''; } print '
'; - if ($conf->use_javascript_ajax && $socid) print ''.$langs->trans('CopyAddressFromSoc').''; + if ($conf->use_javascript_ajax && $socid) print ''.$langs->trans('CopyAddressFromSoc').''; print '
'; if ($conf->use_javascript_ajax) print ''.$langs->trans('CopyAddressFromSoc').''; - print '
'.$langs->trans("Zip").' / '.$langs->trans("Town").''; diff --git a/htdocs/core/class/CSMSFile.class.php b/htdocs/core/class/CSMSFile.class.php index 3a3f628b67c..05305d582af 100755 --- a/htdocs/core/class/CSMSFile.class.php +++ b/htdocs/core/class/CSMSFile.class.php @@ -41,7 +41,7 @@ class CSMSFile var $deferred; var $priority; var $class; - var $message; + var $message; /** @@ -147,7 +147,7 @@ class CSMSFile $sms->deferred=$this->deferred; $sms->priority=$this->priority; $sms->class=$this->class; - $sms->message=$this->message; + $sms->message=$this->message; $res=$sms->SmsSend(); if ($res <= 0) diff --git a/htdocs/core/db/pgsql.class.php b/htdocs/core/db/pgsql.class.php index 0992a97a68f..58a07bd1535 100644 --- a/htdocs/core/db/pgsql.class.php +++ b/htdocs/core/db/pgsql.class.php @@ -296,7 +296,8 @@ class DoliDBPgsql // To have postgresql case sensitive $line=str_replace(' LIKE \'',' ILIKE \'',$line); - + $line=str_replace(' LIKE BINARY \'',' LIKE \'',$line); + // Delete using criteria on other table must not declare twice the deleted table // DELETE FROM tabletodelete USING tabletodelete, othertable -> DELETE FROM tabletodelete USING othertable if (preg_match('/DELETE FROM ([a-z_]+) USING ([a-z_]+), ([a-z_]+)/i',$line,$reg)) diff --git a/htdocs/core/lib/member.lib.php b/htdocs/core/lib/member.lib.php index 07985bda263..a4357147732 100644 --- a/htdocs/core/lib/member.lib.php +++ b/htdocs/core/lib/member.lib.php @@ -96,8 +96,8 @@ function member_prepare_head($object) $head[$h][2] = 'info'; $h++; - - complete_head_from_modules($conf,$langs,$object,$head,$h,'member','remove'); + + complete_head_from_modules($conf,$langs,$object,$head,$h,'member','remove'); return $head; } diff --git a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php index 495e292d3f6..c28ccb38e7e 100644 --- a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php @@ -959,7 +959,15 @@ class pdf_einstein extends ModelePDFCommandes $posy+=1; $pdf->SetFont('','', $default_font_size - 1); - $posy+=5; + if ($object->ref_client) + { + $posy+=5; + $pdf->SetXY($posx,$posy); + $pdf->SetTextColor(0,0,60); + $pdf->MultiCell(100, 3, $outputlangs->transnoentities("RefCustomer")." : " . $outputlangs->convToOutputCharset($object->ref_client), '', 'R'); + } + + $posy+=4; $pdf->SetXY($posx,$posy); $pdf->SetTextColor(0,0,60); $pdf->MultiCell(100, 3, $outputlangs->transnoentities("OrderDate")." : " . dol_print_date($object->date,"%d %b %Y",false,$outputlangs,true), '', 'R'); diff --git a/htdocs/core/modules/expedition/doc/pdf_expedition_rouget.modules.php b/htdocs/core/modules/expedition/doc/pdf_expedition_rouget.modules.php index 31fb518df1b..946bb1958bf 100644 --- a/htdocs/core/modules/expedition/doc/pdf_expedition_rouget.modules.php +++ b/htdocs/core/modules/expedition/doc/pdf_expedition_rouget.modules.php @@ -525,8 +525,8 @@ class pdf_expedition_rouget extends ModelePdfExpedition $text=$linkedobject->ref; if ($linkedobject->ref_client) $text.=' ('.$linkedobject->ref_client.')'; $Yoff = $Yoff+8; - $pdf->SetXY($this->page_largeur - $this->marge_droite - 60,$Yoff); - $pdf->MultiCell(60, 2, $outputlangs->transnoentities("RefOrder") ." : ".$outputlangs->transnoentities($text), 0, 'R'); + $pdf->SetXY($this->page_largeur - $this->marge_droite - 100,$Yoff); + $pdf->MultiCell(100, 2, $outputlangs->transnoentities("RefOrder") ." : ".$outputlangs->transnoentities($text), 0, 'R'); $Yoff = $Yoff+4; $pdf->SetXY($this->page_largeur - $this->marge_droite - 60,$Yoff); $pdf->MultiCell(60, 2, $outputlangs->transnoentities("Date")." : ".dol_print_date($object->commande->date,"daytext",false,$outputlangs,true), 0, 'R'); @@ -576,7 +576,7 @@ class pdf_expedition_rouget extends ModelePdfExpedition // If SHIPPING contact defined, we use it $usecontact=false; - $arrayidcontact=$object->getIdContact('external','SHIPPING'); + $arrayidcontact=$object->$origin->getIdContact('external','SHIPPING'); if (count($arrayidcontact) > 0) { $usecontact=true; diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php index f86af8d8c25..ec5b6330407 100755 --- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php @@ -1099,6 +1099,14 @@ class pdf_crabe extends ModelePDFFactures $posy+=1; $pdf->SetFont('','', $default_font_size - 1); + if ($object->ref_client) + { + $posy+=5; + $pdf->SetXY($posx,$posy); + $pdf->SetTextColor(0,0,60); + $pdf->MultiCell(100, 3, $outputlangs->transnoentities("RefCustomer")." : " . $outputlangs->convToOutputCharset($object->ref_client), '', 'R'); + } + $objectidnext=$object->getIdReplacingInvoice('validated'); if ($object->type == 0 && $objectidnext) { diff --git a/htdocs/core/modules/modProduct.class.php b/htdocs/core/modules/modProduct.class.php index a4f1e7d6978..72fe5a31249 100644 --- a/htdocs/core/modules/modProduct.class.php +++ b/htdocs/core/modules/modProduct.class.php @@ -90,6 +90,7 @@ class modProduct extends DolibarrModules // Boxes $this->boxes = array(); $this->boxes[0][1] = "box_produits.php"; + $this->boxes[1][1] = "box_produits_alerte_stock.php"; // Permissions $this->rights = array(); diff --git a/htdocs/install/etape1.php b/htdocs/install/etape1.php index 8e6ca05e9d4..2e494422048 100644 --- a/htdocs/install/etape1.php +++ b/htdocs/install/etape1.php @@ -29,8 +29,8 @@ define('DONOTLOADCONF',1); // To avoid loading conf by file inc.php include 'inc.php'; -$action=GETPOST('action'); -$setuplang=isset($_POST["selectlang"])?$_POST["selectlang"]:(isset($_GET["selectlang"])?$_GET["selectlang"]:'auto'); +$action=GETPOST('action','alpha'); +$setuplang=(GETPOST('selectlang','',3)?GETPOST('selectlang','',3):'auto'); $langs->setDefaultLang($setuplang); $langs->load("admin"); @@ -38,10 +38,19 @@ $langs->load("install"); $langs->load("errors"); // Recuparation des information de connexion -$userroot=isset($_POST["db_user_root"])?$_POST["db_user_root"]:""; -$passroot=isset($_POST["db_pass_root"])?$_POST["db_pass_root"]:""; +$userroot=GETPOST('db_user_root'); +$passroot=GETPOST('db_pass_root'); // Repertoire des pages dolibarr -$main_dir=isset($_POST["main_dir"])?trim($_POST["main_dir"]):''; +$main_dir=GETPOST('main_dir'); +$main_url=GETPOST('main_url'); +// Database server +$db_type=GETPOST('db_type','alpha'); +$db_host=GETPOST('db_host','alpha'); +$db_name=GETPOST('db_name','alpha'); +$db_user=GETPOST('db_user','alpha'); +$db_pass=GETPOST('db_pass'); +$db_port=GETPOST('db_port','int'); +$db_prefix=GETPOST('db_prefix','alpha'); // Now we load forced value from install.forced.php file. $useforcedwizard=false; @@ -71,34 +80,34 @@ if (! is_writable($conffile)) // Check parameters -if (empty($_POST["db_type"])) +if (empty($db_type)) { print '
'.$langs->trans("ErrorFieldRequired",$langs->transnoentities("DatabaseType")).'
'; $error++; } -if (empty($_POST["db_host"])) +if (empty($db_host)) { print '
'.$langs->trans("ErrorFieldRequired",$langs->transnoentities("Server")).'
'; $error++; } -if (empty($_POST["db_name"])) +if (empty($db_name)) { print '
'.$langs->trans("ErrorFieldRequired",$langs->transnoentities("DatabaseName")).'
'; $error++; } -if (empty($_POST["db_user"])) +if (empty($db_user)) { print '
'.$langs->trans("ErrorFieldRequired",$langs->transnoentities("Login")).'
'; $error++; } -if (! empty($_POST["db_port"]) && ! is_numeric($_POST["db_port"])) +if (! empty($db_port) && ! is_numeric($db_port)) { - print '
'.$langs->trans("ErrorBadValueForParameter",$_POST["db_port"],$langs->transnoentities("Port")).'
'; + print '
'.$langs->trans("ErrorBadValueForParameter",$db_port,$langs->transnoentities("Port")).'
'; $error++; } -if (! empty($_POST["db_prefix"]) && ! preg_match('/^[a-z0-9]+_$/i', $_POST["db_prefix"])) +if (! empty($db_prefix) && ! preg_match('/^[a-z0-9]+_$/i', $db_prefix)) { - print '
'.$langs->trans("ErrorBadValueForParameter",$_POST["db_prefix"],$langs->transnoentities("DatabasePrefix")).'
'; + print '
'.$langs->trans("ErrorBadValueForParameter",$db_prefix,$langs->transnoentities("DatabasePrefix")).'
'; $error++; } @@ -110,9 +119,9 @@ if (substr($main_dir, dol_strlen($main_dir) -1) == "/") } // Remove last / into dans main_url -if (! empty($_POST["main_url"]) && substr($_POST["main_url"], dol_strlen($_POST["main_url"]) -1) == "/") +if (! empty($main_url) && substr($main_url, dol_strlen($main_url) -1) == "/") { - $_POST["main_url"] = substr($_POST["main_url"], 0, dol_strlen($_POST["main_url"])-1); + $main_url = substr($main_url, 0, dol_strlen($main_url)-1); } // Directory for generated documents (invoices, orders, ecm, etc...) @@ -123,13 +132,13 @@ if (! $main_data_dir) { $main_data_dir="$main_dir/documents"; } // Test database connexion if (! $error) { - $result=@include_once $main_dir."/core/db/".$_POST["db_type"].'.class.php'; + $result=@include_once $main_dir."/core/db/".$db_type.'.class.php'; if ($result) { // If we ask database or user creation we need to connect as root, so we need root login if (! empty($_POST["db_create_database"]) && ! $userroot) { - print '
'.$langs->trans("YouAskDatabaseCreationSoDolibarrNeedToConnect",$_POST["db_name"]).'
'; + print '
'.$langs->trans("YouAskDatabaseCreationSoDolibarrNeedToConnect",$db_name).'
'; print '
'; print $langs->trans("BecauseConnectionFailedParametersMayBeWrong").'

'; print $langs->trans("ErrorGoBackAndCorrectParameters"); @@ -137,7 +146,7 @@ if (! $error) } if (! empty($_POST["db_create_user"]) && ! $userroot) { - print '
'.$langs->trans("YouAskLoginCreationSoDolibarrNeedToConnect",$_POST["db_user"]).'
'; + print '
'.$langs->trans("YouAskLoginCreationSoDolibarrNeedToConnect",$db_user).'
'; print '
'; print $langs->trans("BecauseConnectionFailedParametersMayBeWrong").'

'; print $langs->trans("ErrorGoBackAndCorrectParameters"); @@ -147,14 +156,14 @@ if (! $error) // If we need root access if (! $error && (! empty($_POST["db_create_database"]) || ! empty($_POST["db_create_user"]))) { - $databasefortest=$_POST["db_name"]; + $databasefortest=$db_name; if (! empty($_POST["db_create_database"])) { - if ($_POST["db_type"] == 'mysql' || $_POST["db_type"] == 'mysqli') + if ($db_type == 'mysql' || $db_type == 'mysqli') { $databasefortest='mysql'; } - elseif ($_POST["db_type"] == 'pgsql') + elseif ($db_type == 'pgsql') { $databasefortest='postgres'; } @@ -165,14 +174,14 @@ if (! $error) } //print $_POST["db_type"].",".$_POST["db_host"].",$userroot,$passroot,$databasefortest,".$_POST["db_port"]; - $db=getDoliDBInstance($_POST["db_type"],$_POST["db_host"],$userroot,$passroot,$databasefortest,$_POST["db_port"]); + $db=getDoliDBInstance($db_type, $db_host, $userroot, $passroot, $databasefortest, $db_port); dol_syslog("databasefortest=".$databasefortest." connected=".$db->connected." database_selected=".$db->database_selected, LOG_DEBUG); //print "databasefortest=".$databasefortest." connected=".$db->connected." database_selected=".$db->database_selected; if (empty($_POST["db_create_database"]) && $db->connected && ! $db->database_selected) { - print '
'.$langs->trans("ErrorConnectedButDatabaseNotFound",$_POST["db_name"]).'
'; + print '
'.$langs->trans("ErrorConnectedButDatabaseNotFound",$db_name).'
'; print '
'; if (! $db->connected) print $langs->trans("IfDatabaseNotExistsGoBackAndUncheckCreate").'

'; print $langs->trans("ErrorGoBackAndCorrectParameters"); @@ -191,7 +200,7 @@ if (! $error) // If we need simple access if (! $error && (empty($_POST["db_create_database"]) && empty($_POST["db_create_user"]))) { - $db=getDoliDBInstance($_POST["db_type"],$_POST["db_host"],$_POST["db_user"],$_POST["db_pass"],$_POST["db_name"],$_POST["db_port"]); + $db=getDoliDBInstance($db_type, $db_host, $db_user, $db_pass, $db_name, $db_port); if ($db->error) { @@ -204,7 +213,7 @@ if (! $error) } else { - print "
\nFailed to include_once(\"".$main_dir."/core/db/".$_POST["db_type"].".class.php\")
\n"; + print "
\nFailed to include_once(\"".$main_dir."/core/db/".$db_type.".class.php\")
\n"; print '
'.$langs->trans("ErrorWrongValueForParameter",$langs->transnoentities("WebPagesDirectory")).'
'; print $langs->trans("ErrorGoBackAndCorrectParameters"); $error++; @@ -223,10 +232,10 @@ if (! $error && $db->connected) { if (! empty($_POST["db_create_database"])) { - $result=$db->select_db($_POST["db_name"]); + $result=$db->select_db($db_name); if ($result) { - print '
'.$langs->trans("ErrorDatabaseAlreadyExists",$_POST["db_name"]).'
'; + print '
'.$langs->trans("ErrorDatabaseAlreadyExists", $db_name).'
'; print $langs->trans("IfDatabaseExistsGoBackAndCheckCreate").'

'; print $langs->trans("ErrorGoBackAndCorrectParameters"); $error++; @@ -259,9 +268,10 @@ if (! $error && $db->connected) if (! $error && $db->connected && $action == "set") { umask(0); - foreach($_POST as $cle=>$valeur) + foreach($_POST as $key => $value) { - if (! preg_match('/^db_pass/i',$cle)) dolibarr_install_syslog("Choice for ".$cle." = ".$valeur); + if (! preg_match('/^db_pass/i', $key)) + dolibarr_install_syslog("Choice for ".$key." = ".$value); } // Show title of step @@ -399,7 +409,7 @@ if (! $error && $db->connected && $action == "set") } // Table prefix - $main_db_prefix = ((GETPOST("db_prefix") && GETPOST("db_prefix") != '') ? GETPOST("db_prefix") : 'llx_'); + $main_db_prefix = (! empty($db_prefix) ? $db_prefix : 'llx_'); // Force https $main_force_https = ((GETPOST("main_force_https") && (GETPOST("main_force_https") == "on" || GETPOST("main_force_https") == 1)) ? '1' : '0'); @@ -766,6 +776,7 @@ function write_conf_file($conffile) global $dolibarr_main_url_root,$dolibarr_main_document_root,$dolibarr_main_data_root,$dolibarr_main_db_host; global $dolibarr_main_db_port,$dolibarr_main_db_name,$dolibarr_main_db_user,$dolibarr_main_db_pass; global $dolibarr_main_db_type,$dolibarr_main_db_character_set,$dolibarr_main_db_collation,$dolibarr_main_authentication; + global $db_host,$db_port,$db_name,$db_user,$db_pass,$db_type; global $conffile,$conffiletoshow,$conffiletoshowshort; global $force_dolibarr_lib_ADODB_PATH, $force_dolibarr_lib_NUSOAP_PATH; global $force_dolibarr_lib_TCPDF_PATH, $force_dolibarr_lib_FPDI_PATH; @@ -791,13 +802,13 @@ function write_conf_file($conffile) fputs($fp,'// and explanations for all possibles parameters.'."\n"); fputs($fp,'//'."\n"); - fputs($fp, '$dolibarr_main_url_root=\''.str_replace("'","\'",($_POST["main_url"])).'\';'); + fputs($fp, '$dolibarr_main_url_root=\''.str_replace("'","\'",($main_url)).'\';'); fputs($fp,"\n"); fputs($fp, '$dolibarr_main_document_root=\''.str_replace("'","\'",($main_dir)).'\';'); fputs($fp,"\n"); - fputs($fp, $main_use_alt_dir.'$dolibarr_main_url_root_alt=\''.str_replace("'","\'",($_POST["main_url"]."/".$main_alt_dir_name)).'\';'); + fputs($fp, $main_use_alt_dir.'$dolibarr_main_url_root_alt=\''.str_replace("'","\'",($main_url."/".$main_alt_dir_name)).'\';'); fputs($fp,"\n"); fputs($fp, $main_use_alt_dir.'$dolibarr_main_document_root_alt=\''.str_replace("'","\'",($main_dir."/".$main_alt_dir_name)).'\';'); @@ -806,24 +817,24 @@ function write_conf_file($conffile) fputs($fp, '$dolibarr_main_data_root=\''.str_replace("'","\'",($main_data_dir)).'\';'); fputs($fp,"\n"); - fputs($fp, '$dolibarr_main_db_host=\''.str_replace("'","\'",($_POST["db_host"])).'\';'); + fputs($fp, '$dolibarr_main_db_host=\''.str_replace("'","\'",($db_host)).'\';'); fputs($fp,"\n"); - fputs($fp, '$dolibarr_main_db_port=\''.str_replace("'","\'",($_POST["db_port"])).'\';'); + fputs($fp, '$dolibarr_main_db_port=\''.str_replace("'","\'",($db_port)).'\';'); fputs($fp,"\n"); - fputs($fp, '$dolibarr_main_db_name=\''.str_replace("'","\'",($_POST["db_name"])).'\';'); + fputs($fp, '$dolibarr_main_db_name=\''.str_replace("'","\'",($db_name)).'\';'); fputs($fp,"\n"); fputs($fp, '$dolibarr_main_db_prefix=\''.str_replace("'","\'",($main_db_prefix)).'\';'); fputs($fp,"\n"); - fputs($fp, '$dolibarr_main_db_user=\''.str_replace("'","\'",($_POST["db_user"])).'\';'); + fputs($fp, '$dolibarr_main_db_user=\''.str_replace("'","\'",($db_user)).'\';'); fputs($fp,"\n"); - fputs($fp, '$dolibarr_main_db_pass=\''.str_replace("'","\'",($_POST["db_pass"])).'\';'); + fputs($fp, '$dolibarr_main_db_pass=\''.str_replace("'","\'",($db_pass)).'\';'); fputs($fp,"\n"); - fputs($fp, '$dolibarr_main_db_type=\''.str_replace("'","\'",($_POST["db_type"])).'\';'); + fputs($fp, '$dolibarr_main_db_type=\''.str_replace("'","\'",($db_type)).'\';'); fputs($fp,"\n"); fputs($fp, '$dolibarr_main_db_character_set=\''.str_replace("'","\'",($_POST["dolibarr_main_db_character_set"])).'\';'); diff --git a/htdocs/install/fileconf.php b/htdocs/install/fileconf.php index 0d1295c8629..5bff4206e02 100644 --- a/htdocs/install/fileconf.php +++ b/htdocs/install/fileconf.php @@ -38,27 +38,27 @@ $langs->load("errors"); dolibarr_install_syslog("Fileconf: Entering fileconf.php page"); -// You can force preselected values of the config step of Dolibarr by adding a file -// install.forced.php into directory htdocs/install (This is the case with some wizard -// installer like DoliWamp, DoliMamp or DoliBuntu). -// We first init "forced values" to nothing. -if (! isset($force_install_noedit)) $force_install_noedit=''; // 1=To block var specific to distrib, 2 to block all technical parameters -if (! isset($force_install_type)) $force_install_type=''; -if (! isset($force_install_dbserver)) $force_install_dbserver=''; -if (! isset($force_install_port)) $force_install_port=''; -if (! isset($force_install_database)) $force_install_database=''; -if (! isset($force_install_prefix)) $force_install_prefix=''; -if (! isset($force_install_createdatabase)) $force_install_createdatabase=''; -if (! isset($force_install_databaselogin)) $force_install_databaselogin=''; -if (! isset($force_install_databasepass)) $force_install_databasepass=''; -if (! isset($force_install_databaserootlogin)) $force_install_databaserootlogin=''; -if (! isset($force_install_databaserootpass)) $force_install_databaserootpass=''; -// Now we load forced value from install.forced.php file. -$useforcedwizard=false; -$forcedfile="./install.forced.php"; -if ($conffile == "/etc/dolibarr/conf.php") $forcedfile="/etc/dolibarr/install.forced.php"; // Must be after inc.php -if (@file_exists($forcedfile)) { - $useforcedwizard=true; include_once $forcedfile; +// You can force preselected values of the config step of Dolibarr by adding a file +// install.forced.php into directory htdocs/install (This is the case with some wizard +// installer like DoliWamp, DoliMamp or DoliBuntu). +// We first init "forced values" to nothing. +if (! isset($force_install_noedit)) $force_install_noedit=''; // 1=To block var specific to distrib, 2 to block all technical parameters +if (! isset($force_install_type)) $force_install_type=''; +if (! isset($force_install_dbserver)) $force_install_dbserver=''; +if (! isset($force_install_port)) $force_install_port=''; +if (! isset($force_install_database)) $force_install_database=''; +if (! isset($force_install_prefix)) $force_install_prefix=''; +if (! isset($force_install_createdatabase)) $force_install_createdatabase=''; +if (! isset($force_install_databaselogin)) $force_install_databaselogin=''; +if (! isset($force_install_databasepass)) $force_install_databasepass=''; +if (! isset($force_install_databaserootlogin)) $force_install_databaserootlogin=''; +if (! isset($force_install_databaserootpass)) $force_install_databaserootpass=''; +// Now we load forced value from install.forced.php file. +$useforcedwizard=false; +$forcedfile="./install.forced.php"; +if ($conffile == "/etc/dolibarr/conf.php") $forcedfile="/etc/dolibarr/install.forced.php"; // Must be after inc.php +if (@file_exists($forcedfile)) { + $useforcedwizard=true; include_once $forcedfile; } //$force_install_message='This is the message'; diff --git a/htdocs/product/composition/fiche.php b/htdocs/product/composition/fiche.php index f8b90a48a00..5be28fc93ae 100644 --- a/htdocs/product/composition/fiche.php +++ b/htdocs/product/composition/fiche.php @@ -41,7 +41,7 @@ $action=GETPOST('action','alpha'); $confirm=GETPOST('confirm','alpha'); $cancel=GETPOST('cancel','alpha'); $key=GETPOST('key'); -$catMere=GETPOST('catMere'); +$parent=GETPOST('parent'); // Security check if (! empty($user->societe_id)) $socid=$user->societe_id; @@ -144,9 +144,9 @@ if ($action == 'search') $sql.= " OR p.label LIKE '%".$key."%')"; } } - if (! empty($conf->categorie->enabled) && $catMere != -1 and $catMere) + if (! empty($conf->categorie->enabled) && ! empty($parent) && $parent != -1) { - $sql.= " AND cp.fk_categorie ='".$db->escape($catMere)."'"; + $sql.= " AND cp.fk_categorie ='".$db->escape($parent)."'"; } $sql.= " ORDER BY p.ref ASC"; @@ -366,7 +366,7 @@ if ($id || $ref) if (! empty($conf->categorie->enabled)) { print '
'.$langs->trans("CategoryFilter").'   '.$form->select_all_categories(0,$catMere).'
'.$form->select_all_categories(0, $parent).'
'; diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 15913ef83ee..c3813538936 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -339,9 +339,9 @@ if ($id || $ref) $default_vat=''; // We don't have supplier, so we try to guess. - // For this we build a fictive supplier with same properties than user but using vat) - $mysoc2=dol_clone($mysoc); - $mysoc2->tva_assuj=1; + // For this we build a fictive supplier with same properties than user but using vat) + $mysoc2=dol_clone($mysoc); + $mysoc2->tva_assuj=1; $default_vat=get_default_tva($mysoc2, $mysoc, 0, $product->id); print ''.$langs->trans("VATRateForSupplierProduct").''; diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 3924838e7c7..f985c1ec674 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -185,6 +185,7 @@ class Societe extends CommonObject $this->nom=$this->name; // For backward compatibility if (empty($this->client)) $this->client=0; if (empty($this->fournisseur)) $this->fournisseur=0; + $this->import_key = trim($this->import_key); dol_syslog(get_class($this)."::create ".$this->name); @@ -210,14 +211,15 @@ class Societe extends CommonObject if ($result >= 0) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."societe (nom, entity, datec, datea, fk_user_creat, canvas, status, ref_int, ref_ext, fk_stcomm)"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."societe (nom, entity, datec, datea, fk_user_creat, canvas, status, ref_int, ref_ext, fk_stcomm, import_key)"; $sql.= " VALUES ('".$this->db->escape($this->name)."', ".$conf->entity.", '".$this->db->idate($now)."', '".$this->db->idate($now)."'"; $sql.= ", ".(! empty($user->id) ? "'".$user->id."'":"null"); $sql.= ", ".(! empty($this->canvas) ? "'".$this->canvas."'":"null"); $sql.= ", ".$this->status; $sql.= ", ".(! empty($this->ref_int) ? "'".$this->ref_int."'":"null"); $sql.= ", ".(! empty($this->ref_ext) ? "'".$this->ref_ext."'":"null"); - $sql.= ", 0)"; + $sql.= ", 0"; + $sql.= ", ".(! empty($this->import_key) ? "'".$this->import_key."'":"null").")"; dol_syslog(get_class($this)."::create sql=".$sql); $result=$this->db->query($sql); @@ -832,6 +834,103 @@ class Societe extends CommonObject return $result; } + /** + * Search and fetch thirparties by name + * + * @param string $name Name + * @param int $type Type of thirdparties (0=any, 1=customer, 2=prospect, 3=supplier) + * @param array $filters Array of couple field name/value to filter the companies with the same name + * @param boolean $exact Exact string search (true/false) + * @param boolean $case Case sensitive (true/false) + * @param string $clause Clause for filters + * @return array Array of thirdparties object + */ + function searchByName($name, $type='0', $filters = array(), $exact = false, $case = false, $similar = false, $clause = 'AND') + { + $thirdparties = array(); + + // Generation requete recherche + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe"; + $sql.= " WHERE entity IN (".getEntity('category',1).")"; + if (! empty($type)) + { + if ($type == 1 || $type == 2) + $sql.= " AND client = ".$type; + elseif ($type == 3) + $sql.= " AND fournisseur = 1"; + } + if (! empty($name)) + { + if (! $exact) + { + if (preg_match('/^([\*])?[^*]+([\*])?$/', $name, $regs) && count($regs) > 1) + { + $name = str_replace('*', '%', $name); + } + else + { + $name = '%'.$name.'%'; + } + } + $sql.= " AND "; + if (is_array($filters) && ! empty($filters)) + $sql.= "("; + if ($similar) + { + // For test similitude + $sql.= "(LOCATE('".$this->db->escape($name)."', nom) > 0 OR LOCATE(nom, '".$this->db->escape($name)."') > 0)"; + } + else + { + if (! $case) + $sql.= "nom LIKE '".$this->db->escape($name)."'"; + else + $sql.= "nom LIKE BINARY '".$this->db->escape($name)."'"; + } + } + if (is_array($filters) && ! empty($filters)) + { + foreach($filters as $field => $value) + { + if (! $exact) + { + if (preg_match('/^([\*])?[^*]+([\*])?$/', $value, $regs) && count($regs) > 1) + { + $value = str_replace('*', '%', $value); + } + else + { + $value = '%'.$value.'%'; + } + } + if (! $case) + $sql.= " ".$clause." ".$field." LIKE '".$this->db->escape($value)."'"; + else + $sql.= " ".$clause." ".$field." LIKE BINARY '".$this->db->escape($value)."'"; + } + if (! empty($name)) + $sql.= ")"; + } + + $res = $this->db->query($sql); + if ($res) + { + while ($rec = $this->db->fetch_array($res)) + { + $soc = new Societe($this->db); + $soc->fetch($rec['rowid']); + $thirdparties[] = $soc; + } + + return $thirdparties; + } + else + { + $this->error=$this->db->error().' sql='.$sql; + dol_syslog(get_class($this)."::searchByName ".$this->error, LOG_ERR); + return -1; + } + } /** * Delete a third party from database and all its dependencies (contacts, rib...) diff --git a/htdocs/user/clicktodial.php b/htdocs/user/clicktodial.php index 3b3a43729b2..476bdf1b470 100644 --- a/htdocs/user/clicktodial.php +++ b/htdocs/user/clicktodial.php @@ -69,7 +69,7 @@ $form = new Form($db); llxHeader("","ClickToDial"); -if ($id) +if ($id > 0) { $fuser = new User($db); $fuser->fetch($id); @@ -113,7 +113,7 @@ if ($id) if ($action == 'edit') { - print '
'; + print ''; print ''; print ''; print ''; @@ -192,7 +192,7 @@ if ($id) if (! empty($user->admin) && $action <> 'edit') { - print ''.$langs->trans("Modify").''; + print ''.$langs->trans("Modify").''; } print "\n"; diff --git a/htdocs/user/group/index.php b/htdocs/user/group/index.php index 002e099c397..6f73f2e7c33 100644 --- a/htdocs/user/group/index.php +++ b/htdocs/user/group/index.php @@ -28,17 +28,18 @@ require '../../main.inc.php'; if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { - if (! $user->rights->user->group_advance->read && ! $user->admin) accessforbidden(); + if (! $user->rights->user->group_advance->read && ! $user->admin) + accessforbidden(); } $langs->load("users"); -$sall=GETPOST("sall"); +$sall=GETPOST('sall'); $search_group=GETPOST('search_group'); -$sortfield = GETPOST("sortfield",'alpha'); -$sortorder = GETPOST("sortorder",'alpha'); -$page = GETPOST("page",'int'); +$sortfield = GETPOST('sortfield','alpha'); +$sortorder = GETPOST('sortorder','alpha'); +$page = GETPOST('page','int'); if ($page == -1) { $page = 0; } $offset = $conf->liste_limit * $page; $pageprev = $page - 1; @@ -67,9 +68,9 @@ else { $sql.= " WHERE g.entity IN (0,".$conf->entity.")"; } -if ($search_group) +if (! empty($search_group)) { - $sql .= " AND (g.nom LIKE '%".$db->escape($_POST["search_group"])."%' OR g.note LIKE '%".$db->escape($_POST["search_group"])."%')"; + $sql .= " AND (g.nom LIKE '%".$db->escape($search_group)."%' OR g.note LIKE '%".$db->escape($search_group)."%')"; } if ($sall) $sql.= " AND (g.nom LIKE '%".$db->escape($sall)."%' OR g.note LIKE '%".$db->escape($sall)."%')"; $sql.= " GROUP BY g.rowid, g.nom, g.entity, g.datec"; @@ -81,7 +82,7 @@ if ($resql) $num = $db->num_rows($resql); $i = 0; - $param="search_group=".$search_group."&sall=".$sall; + $param="&search_group=".urlencode($search_group)."&sall=".urlencode($sall); print '
'; print ''; print_liste_field_titre($langs->trans("Group"),$_SERVER["PHP_SELF"],"g.nom",$param,"","",$sortfield,$sortorder); diff --git a/htdocs/user/index.php b/htdocs/user/index.php index 72a16a54d65..b91d5d2df10 100644 --- a/htdocs/user/index.php +++ b/htdocs/user/index.php @@ -24,24 +24,27 @@ */ require '../main.inc.php'; -if(! empty($conf->multicompany->enabled)) dol_include_once('/multicompany/class/actions_multicompany.class.php'); +if (! empty($conf->multicompany->enabled)) + dol_include_once('/multicompany/class/actions_multicompany.class.php', 'Multicompany'); -if (! $user->rights->user->user->lire && ! $user->admin) accessforbidden(); +if (! $user->rights->user->user->lire && ! $user->admin) + accessforbidden(); $langs->load("users"); $langs->load("companies"); // Security check (for external users) $socid=0; -if ($user->societe_id > 0) $socid = $user->societe_id; +if ($user->societe_id > 0) + $socid = $user->societe_id; $sall=GETPOST('sall','alpha'); $search_user=GETPOST('search_user','alpha'); -$sortfield = GETPOST("sortfield",'alpha'); -$sortorder = GETPOST("sortorder",'alpha'); -$page = GETPOST("page",'int'); +$sortfield = GETPOST('sortfield','alpha'); +$sortorder = GETPOST('sortorder','alpha'); +$page = GETPOST('page','int'); if ($page == -1) { $page = 0; } $offset = $conf->liste_limit * $page; $pageprev = $page - 1; @@ -78,10 +81,10 @@ else { $sql.= " WHERE u.entity IN (0,".$conf->entity.")"; } -if (!empty($socid)) $sql.= " AND u.fk_societe = ".$socid; -if ($search_user) +if (! empty($socid)) $sql.= " AND u.fk_societe = ".$socid; +if (! empty($search_user)) { - $sql.= " AND (u.login LIKE '%".$search_user."%' OR u.name LIKE '%".$search_user."%' OR u.firstname LIKE '%".$search_user."%')"; + $sql.= " AND (u.login LIKE '%".$db->escape($search_user)."%' OR u.name LIKE '%".$db->escape($search_user)."%' OR u.firstname LIKE '%".$db->escape($search_user)."%')"; } if ($sall) $sql.= " AND (u.login LIKE '%".$db->escape($sall)."%' OR u.name LIKE '%".$db->escape($sall)."%' OR u.firstname LIKE '%".$db->escape($sall)."%' OR u.email LIKE '%".$db->escape($sall)."%' OR u.note LIKE '%".$db->escape($sall)."%')"; $sql.=$db->order($sortfield,$sortorder);