From 7f7676d357102c91856ebd7fdd970e4ef283f5e0 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Mon, 8 Oct 2012 20:44:12 +0200 Subject: [PATCH 01/24] Fix: uniformize variable name --- htdocs/categories/categorie.php | 6 +++--- htdocs/product/composition/fiche.php | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/htdocs/categories/categorie.php b/htdocs/categories/categorie.php index a69ded5360d..05ff763d67f 100644 --- a/htdocs/categories/categorie.php +++ b/htdocs/categories/categorie.php @@ -39,7 +39,7 @@ $type = GETPOST('type'); $mesg = GETPOST('mesg'); $removecat = GETPOST('removecat','int'); -$catMere=GETPOST('catMere','int'); +$parent=GETPOST('parent','int'); $dbtablename = ''; @@ -122,7 +122,7 @@ if ($removecat > 0) } // Add object into a category -if ($catMere > 0) +if ($parent > 0) { if ($type==0 && ($user->rights->produit->creer || $user->rights->service->creer)) { @@ -151,7 +151,7 @@ if ($catMere > 0) $elementtype = 'member'; } $cat = new Categorie($db); - $result=$cat->fetch($catMere); + $result=$cat->fetch($parent); $result=$cat->add_type($object,$elementtype); if ($result >= 0) diff --git a/htdocs/product/composition/fiche.php b/htdocs/product/composition/fiche.php index f8b90a48a00..5be28fc93ae 100644 --- a/htdocs/product/composition/fiche.php +++ b/htdocs/product/composition/fiche.php @@ -41,7 +41,7 @@ $action=GETPOST('action','alpha'); $confirm=GETPOST('confirm','alpha'); $cancel=GETPOST('cancel','alpha'); $key=GETPOST('key'); -$catMere=GETPOST('catMere'); +$parent=GETPOST('parent'); // Security check if (! empty($user->societe_id)) $socid=$user->societe_id; @@ -144,9 +144,9 @@ if ($action == 'search') $sql.= " OR p.label LIKE '%".$key."%')"; } } - if (! empty($conf->categorie->enabled) && $catMere != -1 and $catMere) + if (! empty($conf->categorie->enabled) && ! empty($parent) && $parent != -1) { - $sql.= " AND cp.fk_categorie ='".$db->escape($catMere)."'"; + $sql.= " AND cp.fk_categorie ='".$db->escape($parent)."'"; } $sql.= " ORDER BY p.ref ASC"; @@ -366,7 +366,7 @@ if ($id || $ref) if (! empty($conf->categorie->enabled)) { print ''.$langs->trans("CategoryFilter").'   '; - print ''.$form->select_all_categories(0,$catMere).''; + print ''.$form->select_all_categories(0, $parent).''; } print ''; From 478449da3719ec2bc1decb49a8657cfe98d53be4 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Mon, 8 Oct 2012 20:47:10 +0200 Subject: [PATCH 02/24] Fix: convert line delimiters --- htdocs/admin/syslog.php | 2 +- htdocs/cashdesk/index_verif.php | 6 ++-- htdocs/cashdesk/tpl/facturation1.tpl.php | 4 +-- htdocs/comm/action/class/ical.class.php | 4 +-- htdocs/comm/fiche.php | 2 +- htdocs/commande/liste.php | 10 +++--- htdocs/contact/fiche.php | 6 ++-- htdocs/core/class/CSMSFile.class.php | 4 +-- htdocs/core/lib/member.lib.php | 4 +-- htdocs/install/fileconf.php | 42 ++++++++++++------------ htdocs/product/fournisseurs.php | 6 ++-- 11 files changed, 45 insertions(+), 45 deletions(-) diff --git a/htdocs/admin/syslog.php b/htdocs/admin/syslog.php index ac09a70a988..5a2b34772a1 100644 --- a/htdocs/admin/syslog.php +++ b/htdocs/admin/syslog.php @@ -51,7 +51,7 @@ if ($action == 'set') $res = dolibarr_del_const($db,"SYSLOG_FILE_ON",0); $res = dolibarr_del_const($db,"SYSLOG_SYSLOG_ON",0); $res = dolibarr_del_const($db,"SYSLOG_FIREPHP_ON",0); - $res = dolibarr_del_const($db,"SYSLOG_CHROMEPHP_ON",0); + $res = dolibarr_del_const($db,"SYSLOG_CHROMEPHP_ON",0); $syslog_file_on=0; $syslog_syslog_on=0; diff --git a/htdocs/cashdesk/index_verif.php b/htdocs/cashdesk/index_verif.php index 98d6aa00561..5f0a2fe73d3 100644 --- a/htdocs/cashdesk/index_verif.php +++ b/htdocs/cashdesk/index_verif.php @@ -32,9 +32,9 @@ $username = GETPOST("txtUsername"); $password = GETPOST("pwdPassword"); $thirdpartyid = (GETPOST('socid','int')!='')?GETPOST('socid','int'):$conf->global->CASHDESK_ID_THIRDPARTY; $warehouseid = (GETPOST("warehouseid")!='')?GETPOST("warehouseid"):$conf->global->CASHDESK_ID_WAREHOUSE; -$bankid_cash = (GETPOST("CASHDESK_ID_BANKACCOUNT_CASH")!='')?GETPOST("CASHDESK_ID_BANKACCOUNT_CASH"):$conf->global->CASHDESK_ID_BANKACCOUNT_CASH; -$bankid_cheque = (GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE")!='')?GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE"):$conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE; -$bankid_cb = (GETPOST("CASHDESK_ID_BANKACCOUNT_CB")!='')?GETPOST("CASHDESK_ID_BANKACCOUNT_CB"):$conf->global->CASHDESK_ID_BANKACCOUNT_CB; +$bankid_cash = (GETPOST("CASHDESK_ID_BANKACCOUNT_CASH")!='')?GETPOST("CASHDESK_ID_BANKACCOUNT_CASH"):$conf->global->CASHDESK_ID_BANKACCOUNT_CASH; +$bankid_cheque = (GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE")!='')?GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE"):$conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE; +$bankid_cb = (GETPOST("CASHDESK_ID_BANKACCOUNT_CB")!='')?GETPOST("CASHDESK_ID_BANKACCOUNT_CB"):$conf->global->CASHDESK_ID_BANKACCOUNT_CB; // Check username if (empty($username)) diff --git a/htdocs/cashdesk/tpl/facturation1.tpl.php b/htdocs/cashdesk/tpl/facturation1.tpl.php index ade62360036..acb900e8905 100644 --- a/htdocs/cashdesk/tpl/facturation1.tpl.php +++ b/htdocs/cashdesk/tpl/facturation1.tpl.php @@ -195,7 +195,7 @@ $langs->load("cashdesk"); if (empty($_SESSION['CASHDESK_ID_BANKACCOUNT_CHEQUE']) || $_SESSION['CASHDESK_ID_BANKACCOUNT_CHEQUE'] < 0) { $langs->load("errors"); - print ''; + print ''; } else print ''; print ''; @@ -203,7 +203,7 @@ $langs->load("cashdesk"); if (empty($_SESSION['CASHDESK_ID_BANKACCOUNT_CB']) || $_SESSION['CASHDESK_ID_BANKACCOUNT_CB'] < 0) { $langs->load("errors"); - print ''; + print ''; } else print ''; print ''; diff --git a/htdocs/comm/action/class/ical.class.php b/htdocs/comm/action/class/ical.class.php index e5b23d8c41e..b2af65fcfb4 100644 --- a/htdocs/comm/action/class/ical.class.php +++ b/htdocs/comm/action/class/ical.class.php @@ -25,8 +25,8 @@ */ -/** - * Class to parse ICal calendars +/** + * Class to parse ICal calendars */ class ICal { diff --git a/htdocs/comm/fiche.php b/htdocs/comm/fiche.php index e760ff7c393..b17b15d3ff9 100644 --- a/htdocs/comm/fiche.php +++ b/htdocs/comm/fiche.php @@ -778,7 +778,7 @@ if ($id > 0) { $langs->load("bills"); - if($orders2invoice > 0) print ''.$langs->trans("CreateInvoiceForThisCustomer").''; + if($orders2invoice > 0) print ''.$langs->trans("CreateInvoiceForThisCustomer").''; else print ''.$langs->trans("CreateInvoiceForThisCustomer").''; if ($object->client != 0) print ''.$langs->trans("AddBill").''; diff --git a/htdocs/commande/liste.php b/htdocs/commande/liste.php index c8c6198e154..89641178ab4 100644 --- a/htdocs/commande/liste.php +++ b/htdocs/commande/liste.php @@ -221,8 +221,8 @@ if ($resql) $title.=' - '.$langs->trans('StatusOrderCanceledShort'); if ($viewstatut == -2) $title.=' - '.$langs->trans('StatusOrderToProcessShort'); - if ($viewstatut == -3) - $title.=' - '.$langs->trans('StatusOrderValidated').', '.$langs->trans("StatusOrderSent").', '.$langs->trans('StatusOrderToBill'); + if ($viewstatut == -3) + $title.=' - '.$langs->trans('StatusOrderValidated').', '.$langs->trans("StatusOrderSent").', '.$langs->trans('StatusOrderToBill'); $param='&socid='.$socid.'&viewstatut='.$viewstatut; if ($ordermonth) $param.='&ordermonth='.$ordermonth; @@ -331,9 +331,9 @@ if ($resql) print ' '; // If module invoices enabled and user with invoice creation permissions - if (! empty($conf->facture->enabled)) - { - if ($user->rights->facture->creer) + if (! empty($conf->facture->enabled)) + { + if ($user->rights->facture->creer) { if (($objp->fk_statut > 0 && $objp->fk_statut < 3) || ($objp->fk_statut == 3 && $objp->facturee == 0)) diff --git a/htdocs/contact/fiche.php b/htdocs/contact/fiche.php index 90a6fcd04bf..7beb9e56799 100644 --- a/htdocs/contact/fiche.php +++ b/htdocs/contact/fiche.php @@ -438,10 +438,10 @@ else print ''; $rowspan=3; - if (empty($conf->global->SOCIETE_DISABLE_STATE)) $rowspan++; + if (empty($conf->global->SOCIETE_DISABLE_STATE)) $rowspan++; print ''; - if ($conf->use_javascript_ajax && $socid) print ''.$langs->trans('CopyAddressFromSoc').''; + if ($conf->use_javascript_ajax && $socid) print ''.$langs->trans('CopyAddressFromSoc').''; print ''; print ''; @@ -657,7 +657,7 @@ else print ''; if ($conf->use_javascript_ajax) print ''.$langs->trans('CopyAddressFromSoc').''; - print ''; + print ''; // Zip / Town print ''.$langs->trans("Zip").' / '.$langs->trans("Town").''; diff --git a/htdocs/core/class/CSMSFile.class.php b/htdocs/core/class/CSMSFile.class.php index 3a3f628b67c..05305d582af 100755 --- a/htdocs/core/class/CSMSFile.class.php +++ b/htdocs/core/class/CSMSFile.class.php @@ -41,7 +41,7 @@ class CSMSFile var $deferred; var $priority; var $class; - var $message; + var $message; /** @@ -147,7 +147,7 @@ class CSMSFile $sms->deferred=$this->deferred; $sms->priority=$this->priority; $sms->class=$this->class; - $sms->message=$this->message; + $sms->message=$this->message; $res=$sms->SmsSend(); if ($res <= 0) diff --git a/htdocs/core/lib/member.lib.php b/htdocs/core/lib/member.lib.php index 07985bda263..a4357147732 100644 --- a/htdocs/core/lib/member.lib.php +++ b/htdocs/core/lib/member.lib.php @@ -96,8 +96,8 @@ function member_prepare_head($object) $head[$h][2] = 'info'; $h++; - - complete_head_from_modules($conf,$langs,$object,$head,$h,'member','remove'); + + complete_head_from_modules($conf,$langs,$object,$head,$h,'member','remove'); return $head; } diff --git a/htdocs/install/fileconf.php b/htdocs/install/fileconf.php index 0d1295c8629..5bff4206e02 100644 --- a/htdocs/install/fileconf.php +++ b/htdocs/install/fileconf.php @@ -38,27 +38,27 @@ $langs->load("errors"); dolibarr_install_syslog("Fileconf: Entering fileconf.php page"); -// You can force preselected values of the config step of Dolibarr by adding a file -// install.forced.php into directory htdocs/install (This is the case with some wizard -// installer like DoliWamp, DoliMamp or DoliBuntu). -// We first init "forced values" to nothing. -if (! isset($force_install_noedit)) $force_install_noedit=''; // 1=To block var specific to distrib, 2 to block all technical parameters -if (! isset($force_install_type)) $force_install_type=''; -if (! isset($force_install_dbserver)) $force_install_dbserver=''; -if (! isset($force_install_port)) $force_install_port=''; -if (! isset($force_install_database)) $force_install_database=''; -if (! isset($force_install_prefix)) $force_install_prefix=''; -if (! isset($force_install_createdatabase)) $force_install_createdatabase=''; -if (! isset($force_install_databaselogin)) $force_install_databaselogin=''; -if (! isset($force_install_databasepass)) $force_install_databasepass=''; -if (! isset($force_install_databaserootlogin)) $force_install_databaserootlogin=''; -if (! isset($force_install_databaserootpass)) $force_install_databaserootpass=''; -// Now we load forced value from install.forced.php file. -$useforcedwizard=false; -$forcedfile="./install.forced.php"; -if ($conffile == "/etc/dolibarr/conf.php") $forcedfile="/etc/dolibarr/install.forced.php"; // Must be after inc.php -if (@file_exists($forcedfile)) { - $useforcedwizard=true; include_once $forcedfile; +// You can force preselected values of the config step of Dolibarr by adding a file +// install.forced.php into directory htdocs/install (This is the case with some wizard +// installer like DoliWamp, DoliMamp or DoliBuntu). +// We first init "forced values" to nothing. +if (! isset($force_install_noedit)) $force_install_noedit=''; // 1=To block var specific to distrib, 2 to block all technical parameters +if (! isset($force_install_type)) $force_install_type=''; +if (! isset($force_install_dbserver)) $force_install_dbserver=''; +if (! isset($force_install_port)) $force_install_port=''; +if (! isset($force_install_database)) $force_install_database=''; +if (! isset($force_install_prefix)) $force_install_prefix=''; +if (! isset($force_install_createdatabase)) $force_install_createdatabase=''; +if (! isset($force_install_databaselogin)) $force_install_databaselogin=''; +if (! isset($force_install_databasepass)) $force_install_databasepass=''; +if (! isset($force_install_databaserootlogin)) $force_install_databaserootlogin=''; +if (! isset($force_install_databaserootpass)) $force_install_databaserootpass=''; +// Now we load forced value from install.forced.php file. +$useforcedwizard=false; +$forcedfile="./install.forced.php"; +if ($conffile == "/etc/dolibarr/conf.php") $forcedfile="/etc/dolibarr/install.forced.php"; // Must be after inc.php +if (@file_exists($forcedfile)) { + $useforcedwizard=true; include_once $forcedfile; } //$force_install_message='This is the message'; diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 15913ef83ee..c3813538936 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -339,9 +339,9 @@ if ($id || $ref) $default_vat=''; // We don't have supplier, so we try to guess. - // For this we build a fictive supplier with same properties than user but using vat) - $mysoc2=dol_clone($mysoc); - $mysoc2->tva_assuj=1; + // For this we build a fictive supplier with same properties than user but using vat) + $mysoc2=dol_clone($mysoc); + $mysoc2->tva_assuj=1; $default_vat=get_default_tva($mysoc2, $mysoc, 0, $product->id); print ''.$langs->trans("VATRateForSupplierProduct").''; From d343b76f912e3c81abe51c82f839f93dee8c437b Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Tue, 9 Oct 2012 00:28:52 +0200 Subject: [PATCH 03/24] Bug # 543 and # 570 : contact address is now used in recipient block and no more display bug on customer order ref until 36 digits --- .../expedition/doc/pdf_expedition_rouget.modules.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/core/modules/expedition/doc/pdf_expedition_rouget.modules.php b/htdocs/core/modules/expedition/doc/pdf_expedition_rouget.modules.php index 31fb518df1b..946bb1958bf 100644 --- a/htdocs/core/modules/expedition/doc/pdf_expedition_rouget.modules.php +++ b/htdocs/core/modules/expedition/doc/pdf_expedition_rouget.modules.php @@ -525,8 +525,8 @@ class pdf_expedition_rouget extends ModelePdfExpedition $text=$linkedobject->ref; if ($linkedobject->ref_client) $text.=' ('.$linkedobject->ref_client.')'; $Yoff = $Yoff+8; - $pdf->SetXY($this->page_largeur - $this->marge_droite - 60,$Yoff); - $pdf->MultiCell(60, 2, $outputlangs->transnoentities("RefOrder") ." : ".$outputlangs->transnoentities($text), 0, 'R'); + $pdf->SetXY($this->page_largeur - $this->marge_droite - 100,$Yoff); + $pdf->MultiCell(100, 2, $outputlangs->transnoentities("RefOrder") ." : ".$outputlangs->transnoentities($text), 0, 'R'); $Yoff = $Yoff+4; $pdf->SetXY($this->page_largeur - $this->marge_droite - 60,$Yoff); $pdf->MultiCell(60, 2, $outputlangs->transnoentities("Date")." : ".dol_print_date($object->commande->date,"daytext",false,$outputlangs,true), 0, 'R'); @@ -576,7 +576,7 @@ class pdf_expedition_rouget extends ModelePdfExpedition // If SHIPPING contact defined, we use it $usecontact=false; - $arrayidcontact=$object->getIdContact('external','SHIPPING'); + $arrayidcontact=$object->$origin->getIdContact('external','SHIPPING'); if (count($arrayidcontact) > 0) { $usecontact=true; From 229005b1a94f20976cfaf5f16908628919a0e7f0 Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Tue, 9 Oct 2012 00:54:02 +0200 Subject: [PATCH 04/24] Task # 186 : Forgot to add the new box in the mod definition... --- htdocs/core/modules/modProduct.class.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/core/modules/modProduct.class.php b/htdocs/core/modules/modProduct.class.php index a4f1e7d6978..c34d5eb907a 100644 --- a/htdocs/core/modules/modProduct.class.php +++ b/htdocs/core/modules/modProduct.class.php @@ -90,6 +90,7 @@ class modProduct extends DolibarrModules // Boxes $this->boxes = array(); $this->boxes[0][1] = "box_produits.php"; + $this->boxes[0][2] = "box_produits_alerte_stock.php"; // Permissions $this->rights = array(); From 67dbae44867d3a9f19ba32db2532aad1fe3cb487 Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Tue, 9 Oct 2012 00:58:07 +0200 Subject: [PATCH 05/24] Correction for new box inclusion --- htdocs/core/modules/modProduct.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/modules/modProduct.class.php b/htdocs/core/modules/modProduct.class.php index c34d5eb907a..72fe5a31249 100644 --- a/htdocs/core/modules/modProduct.class.php +++ b/htdocs/core/modules/modProduct.class.php @@ -90,7 +90,7 @@ class modProduct extends DolibarrModules // Boxes $this->boxes = array(); $this->boxes[0][1] = "box_produits.php"; - $this->boxes[0][2] = "box_produits_alerte_stock.php"; + $this->boxes[1][1] = "box_produits_alerte_stock.php"; // Permissions $this->rights = array(); From 089603e1c5d595d6387f543c231f3e39fcc65655 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 9 Oct 2012 08:40:32 +0200 Subject: [PATCH 06/24] Fix: add import_key field --- htdocs/categories/class/categorie.class.php | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index a2f4a7b0e50..2e62d273276 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -45,6 +45,7 @@ class Categorie var $description; var $socid; var $type; // 0=Product, 1=Supplier, 2=Customer/Prospect, 3=Member + var $import_key; var $cats=array(); // Tableau en memoire des categories @@ -114,6 +115,7 @@ class Categorie $error=0; // Clean parameters + $this->import_key = trim($this->import_key); if (empty($this->visible)) $this->visible=0; $this->fk_parent = ($this->fk_parent != "" ? intval($this->fk_parent) : 0); @@ -128,21 +130,30 @@ class Categorie $this->db->begin(); dol_syslog(get_class($this).'::create sql='.$sql); - $sql = "INSERT INTO ".MAIN_DB_PREFIX."categorie (fk_parent, label, description,"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."categorie ("; + $sql.= "fk_parent,"; + $sql.= " label,"; + $sql.= " description,"; if (! empty($conf->global->CATEGORY_ASSIGNED_TO_A_CUSTOMER)) { $sql.= "fk_soc,"; } $sql.= " visible,"; $sql.= " type,"; + $sql.= " import_key"; $sql.= " entity"; - $sql.= ")"; - $sql.= " VALUES (".$this->fk_parent.",'".$this->db->escape($this->label)."', '".$this->db->escape($this->description)."',"; + $sql.= ") VALUES ("; + $sql.= $this->fk_parent.","; + $sql.= "'".$this->db->escape($this->label)."',"; + $sql.= "'".$this->db->escape($this->description)."',"; if (! empty($conf->global->CATEGORY_ASSIGNED_TO_A_CUSTOMER)) { $sql.= ($this->socid != -1 ? $this->socid : 'null').","; } - $sql.= "'".$this->visible."',".$this->type.",".$conf->entity; + $sql.= "'".$this->visible."',"; + $sql.= $this->type.","; + $sql.= (! empty($this->import_key)?"'".$this->db->escape($this->import_key)."'":'null').","; + $sql.= $conf->entity; $sql.= ")"; dol_syslog(get_class($this).'::create sql='.$sql); From d61a8ee9474eb21f638db0c7b4549e8960d5ca59 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 9 Oct 2012 08:47:11 +0200 Subject: [PATCH 07/24] Fix: missing comma --- htdocs/categories/class/categorie.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index 2e62d273276..89a24ff2f7b 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -140,7 +140,7 @@ class Categorie } $sql.= " visible,"; $sql.= " type,"; - $sql.= " import_key"; + $sql.= " import_key,"; $sql.= " entity"; $sql.= ") VALUES ("; $sql.= $this->fk_parent.","; From 4cd702bb1a5ad973b0b7a6ca29e98b9f3f6503fd Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 9 Oct 2012 09:34:12 +0200 Subject: [PATCH 08/24] Fix: prevent XSS and SQL injection --- htdocs/admin/modules.php | 27 +++++------- htdocs/install/etape1.php | 87 +++++++++++++++++++++---------------- htdocs/user/clicktodial.php | 6 +-- htdocs/user/group/index.php | 17 ++++---- htdocs/user/index.php | 21 +++++---- 5 files changed, 85 insertions(+), 73 deletions(-) diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index 99f85b40fc9..cb1f619eedc 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -32,10 +32,11 @@ $langs->load("errors"); $langs->load("admin"); $mode=isset($_GET["mode"])?GETPOST("mode"):(isset($_SESSION['mode'])?$_SESSION['mode']:0); -$mesg=GETPOST("mesg"); -$action=GETPOST('action'); +$action=GETPOST('action','alpha'); +$value=GETPOST('value'); -if (!$user->admin) accessforbidden(); +if (! $user->admin) + accessforbidden(); $specialtostring=array(0=>'common', 1=>'interfaces', 2=>'other', 3=>'functional', 4=>'marketplace'); @@ -46,19 +47,17 @@ $specialtostring=array(0=>'common', 1=>'interfaces', 2=>'other', 3=>'functional' if ($action == 'set' && $user->admin) { - $result=activateModule($_GET["value"]); - $mesg=''; - if ($result) $mesg=$result; - header("Location: modules.php?mode=".$mode."&mesg=".urlencode($mesg)); + $result=activateModule($value); + if ($result) setEventMessage($result, 'errors'); + header("Location: modules.php?mode=".$mode); exit; } if ($action == 'reset' && $user->admin) { - $result=unActivateModule($_GET["value"]); - $mesg=''; - if ($result) $mesg=$result; - header("Location: modules.php?mode=".$mode."&mesg=".urlencode($mesg)); + $result=unActivateModule($value); + if ($result) setEventMessage($result, 'errors'); + header("Location: modules.php?mode=".$mode); exit; } @@ -129,7 +128,8 @@ foreach ($modulesdir as $dir) if (! empty($modNameLoaded[$modName])) { $mesg="Error: Module ".$modName." was found twice: Into ".$modNameLoaded[$modName]." and ".$dir.". You probably have an old file on your disk.
"; - dol_syslog($mesg, LOG_ERR); + setEventMessage($mesg, 'warnings'); + dol_syslog($mesg, LOG_ERR); continue; } @@ -269,9 +269,6 @@ $h++; dol_fiche_head($head, $mode, $langs->trans("Modules")); -dol_htmloutput_errors($mesg); - - if ($mode != 'marketplace') { print "\n"; diff --git a/htdocs/install/etape1.php b/htdocs/install/etape1.php index 8e6ca05e9d4..70c3f3e5c7f 100644 --- a/htdocs/install/etape1.php +++ b/htdocs/install/etape1.php @@ -29,8 +29,8 @@ define('DONOTLOADCONF',1); // To avoid loading conf by file inc.php include 'inc.php'; -$action=GETPOST('action'); -$setuplang=isset($_POST["selectlang"])?$_POST["selectlang"]:(isset($_GET["selectlang"])?$_GET["selectlang"]:'auto'); +$action=GETPOST('action','alpha'); +$setuplang=(GETPOST('selectlang')?GETPOST('selectlang'):'auto'); $langs->setDefaultLang($setuplang); $langs->load("admin"); @@ -38,10 +38,19 @@ $langs->load("install"); $langs->load("errors"); // Recuparation des information de connexion -$userroot=isset($_POST["db_user_root"])?$_POST["db_user_root"]:""; -$passroot=isset($_POST["db_pass_root"])?$_POST["db_pass_root"]:""; +$userroot=GETPOST('db_user_root'); +$passroot=GETPOST('db_pass_root'); // Repertoire des pages dolibarr -$main_dir=isset($_POST["main_dir"])?trim($_POST["main_dir"]):''; +$main_dir=GETPOST('main_dir'); +$main_url=GETPOST('main_url'); +// Database server +$db_type=GETPOST('db_type','alpha'); +$db_host=GETPOST('db_host','alpha'); +$db_name=GETPOST('db_name','alpha'); +$db_user=GETPOST('db_user','alpha'); +$db_pass=GETPOST('db_pass'); +$db_port=GETPOST('db_port','int'); +$db_prefix=GETPOST('db_prefix','alpha'); // Now we load forced value from install.forced.php file. $useforcedwizard=false; @@ -71,34 +80,34 @@ if (! is_writable($conffile)) // Check parameters -if (empty($_POST["db_type"])) +if (empty($db_type)) { print '
'.$langs->trans("ErrorFieldRequired",$langs->transnoentities("DatabaseType")).'
'; $error++; } -if (empty($_POST["db_host"])) +if (empty($db_host)) { print '
'.$langs->trans("ErrorFieldRequired",$langs->transnoentities("Server")).'
'; $error++; } -if (empty($_POST["db_name"])) +if (empty($db_name)) { print '
'.$langs->trans("ErrorFieldRequired",$langs->transnoentities("DatabaseName")).'
'; $error++; } -if (empty($_POST["db_user"])) +if (empty($db_user)) { print '
'.$langs->trans("ErrorFieldRequired",$langs->transnoentities("Login")).'
'; $error++; } -if (! empty($_POST["db_port"]) && ! is_numeric($_POST["db_port"])) +if (! empty($db_port) && ! is_numeric($db_port)) { - print '
'.$langs->trans("ErrorBadValueForParameter",$_POST["db_port"],$langs->transnoentities("Port")).'
'; + print '
'.$langs->trans("ErrorBadValueForParameter",$db_port,$langs->transnoentities("Port")).'
'; $error++; } -if (! empty($_POST["db_prefix"]) && ! preg_match('/^[a-z0-9]+_$/i', $_POST["db_prefix"])) +if (! empty($db_prefix) && ! preg_match('/^[a-z0-9]+_$/i', $db_prefix)) { - print '
'.$langs->trans("ErrorBadValueForParameter",$_POST["db_prefix"],$langs->transnoentities("DatabasePrefix")).'
'; + print '
'.$langs->trans("ErrorBadValueForParameter",$db_prefix,$langs->transnoentities("DatabasePrefix")).'
'; $error++; } @@ -110,9 +119,9 @@ if (substr($main_dir, dol_strlen($main_dir) -1) == "/") } // Remove last / into dans main_url -if (! empty($_POST["main_url"]) && substr($_POST["main_url"], dol_strlen($_POST["main_url"]) -1) == "/") +if (! empty($main_url) && substr($main_url, dol_strlen($main_url) -1) == "/") { - $_POST["main_url"] = substr($_POST["main_url"], 0, dol_strlen($_POST["main_url"])-1); + $main_url = substr($main_url, 0, dol_strlen($main_url)-1); } // Directory for generated documents (invoices, orders, ecm, etc...) @@ -123,13 +132,13 @@ if (! $main_data_dir) { $main_data_dir="$main_dir/documents"; } // Test database connexion if (! $error) { - $result=@include_once $main_dir."/core/db/".$_POST["db_type"].'.class.php'; + $result=@include_once $main_dir."/core/db/".$db_type.'.class.php'; if ($result) { // If we ask database or user creation we need to connect as root, so we need root login if (! empty($_POST["db_create_database"]) && ! $userroot) { - print '
'.$langs->trans("YouAskDatabaseCreationSoDolibarrNeedToConnect",$_POST["db_name"]).'
'; + print '
'.$langs->trans("YouAskDatabaseCreationSoDolibarrNeedToConnect",$db_name).'
'; print '
'; print $langs->trans("BecauseConnectionFailedParametersMayBeWrong").'

'; print $langs->trans("ErrorGoBackAndCorrectParameters"); @@ -137,7 +146,7 @@ if (! $error) } if (! empty($_POST["db_create_user"]) && ! $userroot) { - print '
'.$langs->trans("YouAskLoginCreationSoDolibarrNeedToConnect",$_POST["db_user"]).'
'; + print '
'.$langs->trans("YouAskLoginCreationSoDolibarrNeedToConnect",$db_user).'
'; print '
'; print $langs->trans("BecauseConnectionFailedParametersMayBeWrong").'

'; print $langs->trans("ErrorGoBackAndCorrectParameters"); @@ -147,14 +156,14 @@ if (! $error) // If we need root access if (! $error && (! empty($_POST["db_create_database"]) || ! empty($_POST["db_create_user"]))) { - $databasefortest=$_POST["db_name"]; + $databasefortest=$db_name; if (! empty($_POST["db_create_database"])) { - if ($_POST["db_type"] == 'mysql' || $_POST["db_type"] == 'mysqli') + if ($db_type == 'mysql' || $db_type == 'mysqli') { $databasefortest='mysql'; } - elseif ($_POST["db_type"] == 'pgsql') + elseif ($db_type == 'pgsql') { $databasefortest='postgres'; } @@ -165,14 +174,14 @@ if (! $error) } //print $_POST["db_type"].",".$_POST["db_host"].",$userroot,$passroot,$databasefortest,".$_POST["db_port"]; - $db=getDoliDBInstance($_POST["db_type"],$_POST["db_host"],$userroot,$passroot,$databasefortest,$_POST["db_port"]); + $db=getDoliDBInstance($db_type, $db_host, $userroot, $passroot, $databasefortest, $db_port); dol_syslog("databasefortest=".$databasefortest." connected=".$db->connected." database_selected=".$db->database_selected, LOG_DEBUG); //print "databasefortest=".$databasefortest." connected=".$db->connected." database_selected=".$db->database_selected; if (empty($_POST["db_create_database"]) && $db->connected && ! $db->database_selected) { - print '
'.$langs->trans("ErrorConnectedButDatabaseNotFound",$_POST["db_name"]).'
'; + print '
'.$langs->trans("ErrorConnectedButDatabaseNotFound",$db_name).'
'; print '
'; if (! $db->connected) print $langs->trans("IfDatabaseNotExistsGoBackAndUncheckCreate").'

'; print $langs->trans("ErrorGoBackAndCorrectParameters"); @@ -191,7 +200,7 @@ if (! $error) // If we need simple access if (! $error && (empty($_POST["db_create_database"]) && empty($_POST["db_create_user"]))) { - $db=getDoliDBInstance($_POST["db_type"],$_POST["db_host"],$_POST["db_user"],$_POST["db_pass"],$_POST["db_name"],$_POST["db_port"]); + $db=getDoliDBInstance($db_type, $db_host, $db_user, $db_pass, $db_name, $db_port); if ($db->error) { @@ -204,7 +213,7 @@ if (! $error) } else { - print "
\nFailed to include_once(\"".$main_dir."/core/db/".$_POST["db_type"].".class.php\")
\n"; + print "
\nFailed to include_once(\"".$main_dir."/core/db/".$db_type.".class.php\")
\n"; print '
'.$langs->trans("ErrorWrongValueForParameter",$langs->transnoentities("WebPagesDirectory")).'
'; print $langs->trans("ErrorGoBackAndCorrectParameters"); $error++; @@ -223,10 +232,10 @@ if (! $error && $db->connected) { if (! empty($_POST["db_create_database"])) { - $result=$db->select_db($_POST["db_name"]); + $result=$db->select_db($db_name); if ($result) { - print '
'.$langs->trans("ErrorDatabaseAlreadyExists",$_POST["db_name"]).'
'; + print '
'.$langs->trans("ErrorDatabaseAlreadyExists", $db_name).'
'; print $langs->trans("IfDatabaseExistsGoBackAndCheckCreate").'

'; print $langs->trans("ErrorGoBackAndCorrectParameters"); $error++; @@ -259,9 +268,10 @@ if (! $error && $db->connected) if (! $error && $db->connected && $action == "set") { umask(0); - foreach($_POST as $cle=>$valeur) + foreach($_POST as $key => $value) { - if (! preg_match('/^db_pass/i',$cle)) dolibarr_install_syslog("Choice for ".$cle." = ".$valeur); + if (! preg_match('/^db_pass/i', $key)) + dolibarr_install_syslog("Choice for ".$key." = ".$value); } // Show title of step @@ -399,7 +409,7 @@ if (! $error && $db->connected && $action == "set") } // Table prefix - $main_db_prefix = ((GETPOST("db_prefix") && GETPOST("db_prefix") != '') ? GETPOST("db_prefix") : 'llx_'); + $main_db_prefix = ((! empty($db_prefix) && $db_prefix != '') ? $db_prefix : 'llx_'); // Force https $main_force_https = ((GETPOST("main_force_https") && (GETPOST("main_force_https") == "on" || GETPOST("main_force_https") == 1)) ? '1' : '0'); @@ -766,6 +776,7 @@ function write_conf_file($conffile) global $dolibarr_main_url_root,$dolibarr_main_document_root,$dolibarr_main_data_root,$dolibarr_main_db_host; global $dolibarr_main_db_port,$dolibarr_main_db_name,$dolibarr_main_db_user,$dolibarr_main_db_pass; global $dolibarr_main_db_type,$dolibarr_main_db_character_set,$dolibarr_main_db_collation,$dolibarr_main_authentication; + global $db_host,$db_port,$db_name,$db_user,$db_pass,$db_type; global $conffile,$conffiletoshow,$conffiletoshowshort; global $force_dolibarr_lib_ADODB_PATH, $force_dolibarr_lib_NUSOAP_PATH; global $force_dolibarr_lib_TCPDF_PATH, $force_dolibarr_lib_FPDI_PATH; @@ -791,13 +802,13 @@ function write_conf_file($conffile) fputs($fp,'// and explanations for all possibles parameters.'."\n"); fputs($fp,'//'."\n"); - fputs($fp, '$dolibarr_main_url_root=\''.str_replace("'","\'",($_POST["main_url"])).'\';'); + fputs($fp, '$dolibarr_main_url_root=\''.str_replace("'","\'",($main_url)).'\';'); fputs($fp,"\n"); fputs($fp, '$dolibarr_main_document_root=\''.str_replace("'","\'",($main_dir)).'\';'); fputs($fp,"\n"); - fputs($fp, $main_use_alt_dir.'$dolibarr_main_url_root_alt=\''.str_replace("'","\'",($_POST["main_url"]."/".$main_alt_dir_name)).'\';'); + fputs($fp, $main_use_alt_dir.'$dolibarr_main_url_root_alt=\''.str_replace("'","\'",($main_url."/".$main_alt_dir_name)).'\';'); fputs($fp,"\n"); fputs($fp, $main_use_alt_dir.'$dolibarr_main_document_root_alt=\''.str_replace("'","\'",($main_dir."/".$main_alt_dir_name)).'\';'); @@ -806,24 +817,24 @@ function write_conf_file($conffile) fputs($fp, '$dolibarr_main_data_root=\''.str_replace("'","\'",($main_data_dir)).'\';'); fputs($fp,"\n"); - fputs($fp, '$dolibarr_main_db_host=\''.str_replace("'","\'",($_POST["db_host"])).'\';'); + fputs($fp, '$dolibarr_main_db_host=\''.str_replace("'","\'",($db_host)).'\';'); fputs($fp,"\n"); - fputs($fp, '$dolibarr_main_db_port=\''.str_replace("'","\'",($_POST["db_port"])).'\';'); + fputs($fp, '$dolibarr_main_db_port=\''.str_replace("'","\'",($db_port)).'\';'); fputs($fp,"\n"); - fputs($fp, '$dolibarr_main_db_name=\''.str_replace("'","\'",($_POST["db_name"])).'\';'); + fputs($fp, '$dolibarr_main_db_name=\''.str_replace("'","\'",($db_name)).'\';'); fputs($fp,"\n"); fputs($fp, '$dolibarr_main_db_prefix=\''.str_replace("'","\'",($main_db_prefix)).'\';'); fputs($fp,"\n"); - fputs($fp, '$dolibarr_main_db_user=\''.str_replace("'","\'",($_POST["db_user"])).'\';'); + fputs($fp, '$dolibarr_main_db_user=\''.str_replace("'","\'",($db_user)).'\';'); fputs($fp,"\n"); - fputs($fp, '$dolibarr_main_db_pass=\''.str_replace("'","\'",($_POST["db_pass"])).'\';'); + fputs($fp, '$dolibarr_main_db_pass=\''.str_replace("'","\'",($db_pass)).'\';'); fputs($fp,"\n"); - fputs($fp, '$dolibarr_main_db_type=\''.str_replace("'","\'",($_POST["db_type"])).'\';'); + fputs($fp, '$dolibarr_main_db_type=\''.str_replace("'","\'",($db_type)).'\';'); fputs($fp,"\n"); fputs($fp, '$dolibarr_main_db_character_set=\''.str_replace("'","\'",($_POST["dolibarr_main_db_character_set"])).'\';'); diff --git a/htdocs/user/clicktodial.php b/htdocs/user/clicktodial.php index 3b3a43729b2..476bdf1b470 100644 --- a/htdocs/user/clicktodial.php +++ b/htdocs/user/clicktodial.php @@ -69,7 +69,7 @@ $form = new Form($db); llxHeader("","ClickToDial"); -if ($id) +if ($id > 0) { $fuser = new User($db); $fuser->fetch($id); @@ -113,7 +113,7 @@ if ($id) if ($action == 'edit') { - print ''; + print ''; print ''; print ''; print '
'; @@ -192,7 +192,7 @@ if ($id) if (! empty($user->admin) && $action <> 'edit') { - print ''.$langs->trans("Modify").''; + print ''.$langs->trans("Modify").''; } print "\n"; diff --git a/htdocs/user/group/index.php b/htdocs/user/group/index.php index 002e099c397..5d45e999149 100644 --- a/htdocs/user/group/index.php +++ b/htdocs/user/group/index.php @@ -28,17 +28,18 @@ require '../../main.inc.php'; if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { - if (! $user->rights->user->group_advance->read && ! $user->admin) accessforbidden(); + if (! $user->rights->user->group_advance->read && ! $user->admin) + accessforbidden(); } $langs->load("users"); -$sall=GETPOST("sall"); -$search_group=GETPOST('search_group'); +$sall=GETPOST('sall', 'alpha'); +$search_group=GETPOST('search_group','alpha'); -$sortfield = GETPOST("sortfield",'alpha'); -$sortorder = GETPOST("sortorder",'alpha'); -$page = GETPOST("page",'int'); +$sortfield = GETPOST('sortfield','alpha'); +$sortorder = GETPOST('sortorder','alpha'); +$page = GETPOST('page','int'); if ($page == -1) { $page = 0; } $offset = $conf->liste_limit * $page; $pageprev = $page - 1; @@ -67,9 +68,9 @@ else { $sql.= " WHERE g.entity IN (0,".$conf->entity.")"; } -if ($search_group) +if (! empty($search_group)) { - $sql .= " AND (g.nom LIKE '%".$db->escape($_POST["search_group"])."%' OR g.note LIKE '%".$db->escape($_POST["search_group"])."%')"; + $sql .= " AND (g.nom LIKE '%".$db->escape($search_group)."%' OR g.note LIKE '%".$db->escape($search_group)."%')"; } if ($sall) $sql.= " AND (g.nom LIKE '%".$db->escape($sall)."%' OR g.note LIKE '%".$db->escape($sall)."%')"; $sql.= " GROUP BY g.rowid, g.nom, g.entity, g.datec"; diff --git a/htdocs/user/index.php b/htdocs/user/index.php index 72a16a54d65..b91d5d2df10 100644 --- a/htdocs/user/index.php +++ b/htdocs/user/index.php @@ -24,24 +24,27 @@ */ require '../main.inc.php'; -if(! empty($conf->multicompany->enabled)) dol_include_once('/multicompany/class/actions_multicompany.class.php'); +if (! empty($conf->multicompany->enabled)) + dol_include_once('/multicompany/class/actions_multicompany.class.php', 'Multicompany'); -if (! $user->rights->user->user->lire && ! $user->admin) accessforbidden(); +if (! $user->rights->user->user->lire && ! $user->admin) + accessforbidden(); $langs->load("users"); $langs->load("companies"); // Security check (for external users) $socid=0; -if ($user->societe_id > 0) $socid = $user->societe_id; +if ($user->societe_id > 0) + $socid = $user->societe_id; $sall=GETPOST('sall','alpha'); $search_user=GETPOST('search_user','alpha'); -$sortfield = GETPOST("sortfield",'alpha'); -$sortorder = GETPOST("sortorder",'alpha'); -$page = GETPOST("page",'int'); +$sortfield = GETPOST('sortfield','alpha'); +$sortorder = GETPOST('sortorder','alpha'); +$page = GETPOST('page','int'); if ($page == -1) { $page = 0; } $offset = $conf->liste_limit * $page; $pageprev = $page - 1; @@ -78,10 +81,10 @@ else { $sql.= " WHERE u.entity IN (0,".$conf->entity.")"; } -if (!empty($socid)) $sql.= " AND u.fk_societe = ".$socid; -if ($search_user) +if (! empty($socid)) $sql.= " AND u.fk_societe = ".$socid; +if (! empty($search_user)) { - $sql.= " AND (u.login LIKE '%".$search_user."%' OR u.name LIKE '%".$search_user."%' OR u.firstname LIKE '%".$search_user."%')"; + $sql.= " AND (u.login LIKE '%".$db->escape($search_user)."%' OR u.name LIKE '%".$db->escape($search_user)."%' OR u.firstname LIKE '%".$db->escape($search_user)."%')"; } if ($sall) $sql.= " AND (u.login LIKE '%".$db->escape($sall)."%' OR u.name LIKE '%".$db->escape($sall)."%' OR u.firstname LIKE '%".$db->escape($sall)."%' OR u.email LIKE '%".$db->escape($sall)."%' OR u.note LIKE '%".$db->escape($sall)."%')"; $sql.=$db->order($sortfield,$sortorder); From 72a1194d14a92f1850b7b4932a6fe9dd64c2a368 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 9 Oct 2012 10:54:26 +0200 Subject: [PATCH 09/24] Fix: search with case sensitive method FIXME: Mysql "LIKE" is case insensitive by default and use LIKE BINARY for case sensitive, Pgsql "LIKE" is case sensitive by default, and use ILIKE for case insensitive --- htdocs/categories/class/categorie.class.php | 14 +++++++++----- htdocs/categories/index.php | 2 +- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index 89a24ff2f7b..aa9505b635f 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -1001,10 +1001,11 @@ class Categorie * @param int $id Id * @param string $nom Name * @param string $type Type - * @param boolean $exact Ture or false + * @param boolean $exact Exact string search (true/false) + * @param boolean $case Case sensitive (true/false) * @return array Array of category id */ - function rechercher($id, $nom, $type, $exact = false) + function rechercher($id, $nom, $type, $exact = false, $case = false) { $cats = array (); @@ -1015,10 +1016,13 @@ class Categorie if ($nom) { if (! $exact) - { $nom = '%'.str_replace('*', '%', $nom).'%'; - } - $sql.= "AND label LIKE '".$nom."'"; + if (! $case) + $sql.= "AND label LIKE '".$this->db->escape($nom)."'"; + else + // FIXME Mysql "LIKE" is case insensitive by default and use LIKE BINARY for case sensitive + // Pgsql "LIKE" is case sensitive by default, and use ILIKE for case insensitive + $sql.= "AND label LIKE BINARY '".$this->db->escape($nom)."'"; } if ($id) { diff --git a/htdocs/categories/index.php b/htdocs/categories/index.php index 0f0915d7dd2..df9d0fc0eab 100644 --- a/htdocs/categories/index.php +++ b/htdocs/categories/index.php @@ -257,7 +257,7 @@ foreach($fulltree as $key => $val) $categstatic->id=$val['id']; $categstatic->ref=$val['label']; $categstatic->type=$type; - print '  '.$categstatic->getNomUrl(0,'',28); + print '  '.$categstatic->getNomUrl(0,'',60); //print '  '.dol_trunc($val['label'],28); //if ($section == $val['id']) print ''; From 1725561c34479713991b82f7c8b3e13ba69d2521 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 9 Oct 2012 11:42:38 +0200 Subject: [PATCH 10/24] Better security fix: Using GETPOST does not fix all cases, also the real bug (missing escaping information when using it) was not fixed. --- htdocs/user/group/index.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/user/group/index.php b/htdocs/user/group/index.php index 5d45e999149..87ac410f07f 100644 --- a/htdocs/user/group/index.php +++ b/htdocs/user/group/index.php @@ -34,8 +34,8 @@ if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $langs->load("users"); -$sall=GETPOST('sall', 'alpha'); -$search_group=GETPOST('search_group','alpha'); +$sall=GETPOST('sall'); +$search_group=GETPOST('search_group'); $sortfield = GETPOST('sortfield','alpha'); $sortorder = GETPOST('sortorder','alpha'); @@ -82,7 +82,7 @@ if ($resql) $num = $db->num_rows($resql); $i = 0; - $param="search_group=".$search_group."&sall=".$sall; + $param="search_group=".urlencode($search_group)."&sall=".urlencode($sall); print '
'; print ''; print_liste_field_titre($langs->trans("Group"),$_SERVER["PHP_SELF"],"g.nom",$param,"","",$sortfield,$sortorder); From 4413613d14675a7b9cf567e6cd975fb5a2be3a2b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 9 Oct 2012 11:56:39 +0200 Subject: [PATCH 11/24] Another better fix. --- htdocs/install/etape1.php | 4 ++-- htdocs/user/group/index.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/install/etape1.php b/htdocs/install/etape1.php index 70c3f3e5c7f..2e494422048 100644 --- a/htdocs/install/etape1.php +++ b/htdocs/install/etape1.php @@ -30,7 +30,7 @@ define('DONOTLOADCONF',1); // To avoid loading conf by file inc.php include 'inc.php'; $action=GETPOST('action','alpha'); -$setuplang=(GETPOST('selectlang')?GETPOST('selectlang'):'auto'); +$setuplang=(GETPOST('selectlang','',3)?GETPOST('selectlang','',3):'auto'); $langs->setDefaultLang($setuplang); $langs->load("admin"); @@ -409,7 +409,7 @@ if (! $error && $db->connected && $action == "set") } // Table prefix - $main_db_prefix = ((! empty($db_prefix) && $db_prefix != '') ? $db_prefix : 'llx_'); + $main_db_prefix = (! empty($db_prefix) ? $db_prefix : 'llx_'); // Force https $main_force_https = ((GETPOST("main_force_https") && (GETPOST("main_force_https") == "on" || GETPOST("main_force_https") == 1)) ? '1' : '0'); diff --git a/htdocs/user/group/index.php b/htdocs/user/group/index.php index 87ac410f07f..6f73f2e7c33 100644 --- a/htdocs/user/group/index.php +++ b/htdocs/user/group/index.php @@ -82,7 +82,7 @@ if ($resql) $num = $db->num_rows($resql); $i = 0; - $param="search_group=".urlencode($search_group)."&sall=".urlencode($sall); + $param="&search_group=".urlencode($search_group)."&sall=".urlencode($sall); print '
'; print ''; print_liste_field_titre($langs->trans("Group"),$_SERVER["PHP_SELF"],"g.nom",$param,"","",$sortfield,$sortorder); From 8b4886073c43371d8cd49243db0b2803153b8799 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 9 Oct 2012 12:03:39 +0200 Subject: [PATCH 12/24] Fix: Removed the FIXME. This is supported by the pgsql driver. --- htdocs/categories/class/categorie.class.php | 27 +++++++++------------ htdocs/core/db/pgsql.class.php | 3 ++- 2 files changed, 14 insertions(+), 16 deletions(-) diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index aa9505b635f..07bf4cac7b8 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -31,8 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.class.php'; /** - * \class Categorie - * \brief Class to manage categories + * Class to manage categories */ class Categorie { @@ -72,7 +71,7 @@ class Categorie $sql.= " FROM ".MAIN_DB_PREFIX."categorie"; $sql.= " WHERE rowid = ".$id; - dol_syslog("Categorie::fetch sql=".$sql); + dol_syslog(get_class($this)."::fetch sql=".$sql); $resql = $this->db->query($sql); if ($resql) { @@ -234,7 +233,7 @@ class Categorie $sql .= ", fk_parent = ".$this->fk_parent; $sql .= " WHERE rowid = ".$this->id; - dol_syslog("Categorie::update sql=".$sql); + dol_syslog(get_class($this)."::update sql=".$sql); if ($this->db->query($sql)) { $this->db->commit(); @@ -268,7 +267,7 @@ class Categorie $error=0; - dol_syslog("Categorie::remove"); + dol_syslog(get_class($this)."::remove"); $this->db->begin(); @@ -548,7 +547,7 @@ class Categorie $sql.= " WHERE c.entity IN (".getEntity('category',1).")"; $sql.= " AND c.type = ".$type; - dol_syslog("Categorie::get_full_arbo get category list sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::get_full_arbo get category list sql=".$sql, LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -570,7 +569,7 @@ class Categorie } // We add the fullpath property to each elements of first level (no parent exists) - dol_syslog("Categorie::get_full_arbo call to build_path_from_id_categ", LOG_DEBUG); + dol_syslog(get_class($this)."::get_full_arbo call to build_path_from_id_categ", LOG_DEBUG); foreach($this->cats as $key => $val) { $this->build_path_from_id_categ($key,0); // Process a branch from the root category key (this category has no parent) @@ -596,7 +595,7 @@ class Categorie } } - dol_syslog("Categorie::get_full_arbo dol_sort_array", LOG_DEBUG); + dol_syslog(get_class($this)."::get_full_arbo dol_sort_array", LOG_DEBUG); $this->cats=dol_sort_array($this->cats, 'fulllabel', 'asc', true, false); //$this->debug_cats(); @@ -613,12 +612,12 @@ class Categorie */ function build_path_from_id_categ($id_categ,$protection=0) { - dol_syslog("Categorie::build_path_from_id_categ id_categ=".$id_categ." protection=".$protection, LOG_DEBUG); + dol_syslog(get_class($this)."::build_path_from_id_categ id_categ=".$id_categ." protection=".$protection, LOG_DEBUG); //if (! empty($this->cats[$id_categ]['fullpath'])) //{ // Already defined - // dol_syslog("Categorie::build_path_from_id_categ fullpath and fulllabel already defined", LOG_WARNING); + // dol_syslog(get_class($this)."::build_path_from_id_categ fullpath and fulllabel already defined", LOG_WARNING); // return; //} @@ -648,7 +647,7 @@ class Categorie // Protection when a category has itself as a child (should not happen) if ($idchild == $id_categ) { - dol_syslog("Categorie::build_path_from_id_categ bad couple (".$idchild.",".$id_categ.") in association table: An entry should not have itself has child", LOG_WARNING); + dol_syslog(get_class($this)."::build_path_from_id_categ bad couple (".$idchild.",".$id_categ.") in association table: An entry should not have itself has child", LOG_WARNING); continue; } @@ -1003,7 +1002,7 @@ class Categorie * @param string $type Type * @param boolean $exact Exact string search (true/false) * @param boolean $case Case sensitive (true/false) - * @return array Array of category id + * @return array Array of category id */ function rechercher($id, $nom, $type, $exact = false, $case = false) { @@ -1020,8 +1019,6 @@ class Categorie if (! $case) $sql.= "AND label LIKE '".$this->db->escape($nom)."'"; else - // FIXME Mysql "LIKE" is case insensitive by default and use LIKE BINARY for case sensitive - // Pgsql "LIKE" is case sensitive by default, and use ILIKE for case insensitive $sql.= "AND label LIKE BINARY '".$this->db->escape($nom)."'"; } if ($id) @@ -1044,7 +1041,7 @@ class Categorie else { $this->error=$this->db->error().' sql='.$sql; - dol_syslog("Categorie::rechercher ".$this->error, LOG_ERR); + dol_syslog(get_class($this)."::rechercher ".$this->error, LOG_ERR); return -1; } } diff --git a/htdocs/core/db/pgsql.class.php b/htdocs/core/db/pgsql.class.php index 0992a97a68f..58a07bd1535 100644 --- a/htdocs/core/db/pgsql.class.php +++ b/htdocs/core/db/pgsql.class.php @@ -296,7 +296,8 @@ class DoliDBPgsql // To have postgresql case sensitive $line=str_replace(' LIKE \'',' ILIKE \'',$line); - + $line=str_replace(' LIKE BINARY \'',' LIKE \'',$line); + // Delete using criteria on other table must not declare twice the deleted table // DELETE FROM tabletodelete USING tabletodelete, othertable -> DELETE FROM tabletodelete USING othertable if (preg_match('/DELETE FROM ([a-z_]+) USING ([a-z_]+), ([a-z_]+)/i',$line,$reg)) From 7cde9ab6686f3ad21ade1be7d1d093971cc8a13e Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 9 Oct 2012 15:46:29 +0200 Subject: [PATCH 13/24] New: add search method with case sensibility and filters --- htdocs/societe/class/societe.class.php | 69 +++++++++++++++++++++++++- 1 file changed, 67 insertions(+), 2 deletions(-) diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 3924838e7c7..3971270c6d3 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -185,6 +185,7 @@ class Societe extends CommonObject $this->nom=$this->name; // For backward compatibility if (empty($this->client)) $this->client=0; if (empty($this->fournisseur)) $this->fournisseur=0; + $this->import_key = trim($this->import_key); dol_syslog(get_class($this)."::create ".$this->name); @@ -210,14 +211,15 @@ class Societe extends CommonObject if ($result >= 0) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."societe (nom, entity, datec, datea, fk_user_creat, canvas, status, ref_int, ref_ext, fk_stcomm)"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."societe (nom, entity, datec, datea, fk_user_creat, canvas, status, ref_int, ref_ext, fk_stcomm, import_key)"; $sql.= " VALUES ('".$this->db->escape($this->name)."', ".$conf->entity.", '".$this->db->idate($now)."', '".$this->db->idate($now)."'"; $sql.= ", ".(! empty($user->id) ? "'".$user->id."'":"null"); $sql.= ", ".(! empty($this->canvas) ? "'".$this->canvas."'":"null"); $sql.= ", ".$this->status; $sql.= ", ".(! empty($this->ref_int) ? "'".$this->ref_int."'":"null"); $sql.= ", ".(! empty($this->ref_ext) ? "'".$this->ref_ext."'":"null"); - $sql.= ", 0)"; + $sql.= ", 0"; + $sql.= ", ".(! empty($this->import_key) ? "'".$this->import_key."'":"null").")"; dol_syslog(get_class($this)."::create sql=".$sql); $result=$this->db->query($sql); @@ -832,6 +834,69 @@ class Societe extends CommonObject return $result; } + /** + * Search and fetch thirparties by name + * + * @param string $name Name + * @param int $type Type of thirdparties (0=any, 1=customer, 2=prospect, 3=supplier) + * @param array $filters Array of couple field name/value to filter the companies with the same name + * @param boolean $exact Exact string search (true/false) + * @param boolean $case Case sensitive (true/false) + * @return array Array of thirdparties object + */ + function searchByName($name, $type='0', $filters = array(), $exact = false, $case = false) + { + $thirdparties = array(); + + // Generation requete recherche + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe"; + $sql.= " WHERE entity IN (".getEntity('category',1).")"; + if (! empty($type)) + { + if ($type == 1 || $type == 2) + $sql.= " AND client = ".$type; + elseif ($type == 3) + $sql.= " AND fournisseur = 1"; + } + if (! empty($name)) + { + if (! $exact) + $name = '%'.str_replace('*', '%', $name).'%'; + if (! $case) + $sql.= " AND nom LIKE '".$this->db->escape($name)."'"; + else + $sql.= " AND nom LIKE BINARY '".$this->db->escape($name)."'"; + } + if (is_array($filters) && ! empty($filters)) + { + foreach($filters as $field => $value) + { + if (! $case) + $sql.= " AND ".$field." LIKE '".$this->db->escape($value)."'"; + else + $sql.= " AND ".$field." LIKE BINARY '".$this->db->escape($value)."'"; + } + } + + $res = $this->db->query($sql); + if ($res) + { + while ($rec = $this->db->fetch_array($res)) + { + $soc = new Societe($this->db); + $soc->fetch($rec['rowid']); + $thirdparties[] = $soc; + } + + return $thirdparties; + } + else + { + $this->error=$this->db->error().' sql='.$sql; + dol_syslog(get_class($this)."::searchByName ".$this->error, LOG_ERR); + return -1; + } + } /** * Delete a third party from database and all its dependencies (contacts, rib...) From 8486f9d85dfb7c0aaac42acf58a24cb863925d28 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 9 Oct 2012 16:33:28 +0200 Subject: [PATCH 14/24] Fix: missing spaces --- htdocs/categories/class/categorie.class.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index 07bf4cac7b8..fbc53dbdef7 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -1006,7 +1006,7 @@ class Categorie */ function rechercher($id, $nom, $type, $exact = false, $case = false) { - $cats = array (); + $cats = array(); // Generation requete recherche $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."categorie"; @@ -1017,13 +1017,13 @@ class Categorie if (! $exact) $nom = '%'.str_replace('*', '%', $nom).'%'; if (! $case) - $sql.= "AND label LIKE '".$this->db->escape($nom)."'"; + $sql.= " AND label LIKE '".$this->db->escape($nom)."'"; else - $sql.= "AND label LIKE BINARY '".$this->db->escape($nom)."'"; + $sql.= " AND label LIKE BINARY '".$this->db->escape($nom)."'"; } if ($id) { - $sql.="AND rowid = '".$id."'"; + $sql.=" AND rowid = '".$id."'"; } $res = $this->db->query($sql); From 9f43d8613c920c838d274b791219e92a4b2a9ad2 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 9 Oct 2012 16:59:19 +0200 Subject: [PATCH 15/24] Fix: missing clean parameters --- htdocs/categories/class/categorie.class.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index fbc53dbdef7..c7ffdc63753 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -114,6 +114,8 @@ class Categorie $error=0; // Clean parameters + $this->label = trim($this->label); + $this->description = trim($this->description); $this->import_key = trim($this->import_key); if (empty($this->visible)) $this->visible=0; $this->fk_parent = ($this->fk_parent != "" ? intval($this->fk_parent) : 0); From 337cb0faa50095e36fb7447424c3696948908f49 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 9 Oct 2012 17:47:58 +0200 Subject: [PATCH 16/24] Fix: add not exact method --- htdocs/societe/class/societe.class.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 3971270c6d3..14e2e8d1a3f 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -871,6 +871,8 @@ class Societe extends CommonObject { foreach($filters as $field => $value) { + if (! $exact) + $value = '%'.str_replace('*', '%', $value).'%'; if (! $case) $sql.= " AND ".$field." LIKE '".$this->db->escape($value)."'"; else From 74dd4ce2187b8aacd58646a3af69fe1b611953dc Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 9 Oct 2012 18:06:59 +0200 Subject: [PATCH 17/24] Fix: possibility to force the clause --- htdocs/societe/class/societe.class.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 14e2e8d1a3f..86754296c8b 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -842,9 +842,10 @@ class Societe extends CommonObject * @param array $filters Array of couple field name/value to filter the companies with the same name * @param boolean $exact Exact string search (true/false) * @param boolean $case Case sensitive (true/false) + * @param string $clause Clause for filters * @return array Array of thirdparties object */ - function searchByName($name, $type='0', $filters = array(), $exact = false, $case = false) + function searchByName($name, $type='0', $filters = array(), $exact = false, $case = false, $clause = 'AND') { $thirdparties = array(); @@ -858,6 +859,7 @@ class Societe extends CommonObject elseif ($type == 3) $sql.= " AND fournisseur = 1"; } + $sql.= "("; if (! empty($name)) { if (! $exact) @@ -874,11 +876,12 @@ class Societe extends CommonObject if (! $exact) $value = '%'.str_replace('*', '%', $value).'%'; if (! $case) - $sql.= " AND ".$field." LIKE '".$this->db->escape($value)."'"; + $sql.= " ".$clause." ".$field." LIKE '".$this->db->escape($value)."'"; else - $sql.= " AND ".$field." LIKE BINARY '".$this->db->escape($value)."'"; + $sql.= " ".$clause." ".$field." LIKE BINARY '".$this->db->escape($value)."'"; } } + $sql.= ")"; $res = $this->db->query($sql); if ($res) From a20f7094efbbc4a4fbdbbaa2a14d7cbde07c4b10 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 9 Oct 2012 18:11:51 +0200 Subject: [PATCH 18/24] Fix: refactore --- htdocs/societe/class/societe.class.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 86754296c8b..048d7da7d8a 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -859,15 +859,17 @@ class Societe extends CommonObject elseif ($type == 3) $sql.= " AND fournisseur = 1"; } - $sql.= "("; if (! empty($name)) { if (! $exact) $name = '%'.str_replace('*', '%', $name).'%'; + $sql.= " AND "; + if (is_array($filters) && ! empty($filters)) + $sql.= "("; if (! $case) - $sql.= " AND nom LIKE '".$this->db->escape($name)."'"; + $sql.= "nom LIKE '".$this->db->escape($name)."'"; else - $sql.= " AND nom LIKE BINARY '".$this->db->escape($name)."'"; + $sql.= "nom LIKE BINARY '".$this->db->escape($name)."'"; } if (is_array($filters) && ! empty($filters)) { @@ -880,8 +882,9 @@ class Societe extends CommonObject else $sql.= " ".$clause." ".$field." LIKE BINARY '".$this->db->escape($value)."'"; } + if (! empty($name)) + $sql.= ")"; } - $sql.= ")"; $res = $this->db->query($sql); if ($res) From 6791d23032b26d3aca1e329693f71c4927104c47 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 9 Oct 2012 18:21:12 +0200 Subject: [PATCH 19/24] Fix: use asterisk for define the percentage --- htdocs/societe/class/societe.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 048d7da7d8a..2436435d492 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -876,7 +876,7 @@ class Societe extends CommonObject foreach($filters as $field => $value) { if (! $exact) - $value = '%'.str_replace('*', '%', $value).'%'; + $value = str_replace('*', '%', $value); if (! $case) $sql.= " ".$clause." ".$field." LIKE '".$this->db->escape($value)."'"; else From 3abb1b88ff83dfe6fa7b14d01aa16b09c047203e Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 9 Oct 2012 18:33:02 +0200 Subject: [PATCH 20/24] Fix: best method --- htdocs/societe/class/societe.class.php | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 2436435d492..63c546b85b7 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -862,7 +862,16 @@ class Societe extends CommonObject if (! empty($name)) { if (! $exact) - $name = '%'.str_replace('*', '%', $name).'%'; + { + if (preg_match('/^([\*]+)[^*]+([\*]+)$/', $name)) + { + $name = str_replace('*', '%', $name); + } + else + { + $name = '%'.$name.'%'; + } + } $sql.= " AND "; if (is_array($filters) && ! empty($filters)) $sql.= "("; @@ -876,7 +885,16 @@ class Societe extends CommonObject foreach($filters as $field => $value) { if (! $exact) - $value = str_replace('*', '%', $value); + { + if (preg_match('/^([\*]+)[^*]+([\*]+)$/', $value)) + { + $value = str_replace('*', '%', $value); + } + else + { + $value = '%'.$value.'%'; + } + } if (! $case) $sql.= " ".$clause." ".$field." LIKE '".$this->db->escape($value)."'"; else From 925af263fcafab39e9f4f4cfb99443ede96169d9 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 9 Oct 2012 18:54:21 +0200 Subject: [PATCH 21/24] Fix: best test --- htdocs/societe/class/societe.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 63c546b85b7..7599ef5f18f 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -863,7 +863,7 @@ class Societe extends CommonObject { if (! $exact) { - if (preg_match('/^([\*]+)[^*]+([\*]+)$/', $name)) + if (preg_match('/^([\*])?[^*]+([\*])?$/', $name, $regs) && count($regs) > 1) { $name = str_replace('*', '%', $name); } @@ -886,7 +886,7 @@ class Societe extends CommonObject { if (! $exact) { - if (preg_match('/^([\*]+)[^*]+([\*]+)$/', $value)) + if (preg_match('/^([\*])?[^*]+([\*])?$/', $value, $regs) && count($regs) > 1) { $value = str_replace('*', '%', $value); } From edb6195cc256f5bb0012c801bd77201fab1f73f5 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 9 Oct 2012 20:08:54 +0200 Subject: [PATCH 22/24] Fix: add similitude test --- htdocs/societe/class/societe.class.php | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 7599ef5f18f..8b915e48138 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -845,7 +845,7 @@ class Societe extends CommonObject * @param string $clause Clause for filters * @return array Array of thirdparties object */ - function searchByName($name, $type='0', $filters = array(), $exact = false, $case = false, $clause = 'AND') + function searchByName($name, $type='0', $filters = array(), $exact = false, $case = false, $similar = false, $clause = 'AND') { $thirdparties = array(); @@ -875,10 +875,18 @@ class Societe extends CommonObject $sql.= " AND "; if (is_array($filters) && ! empty($filters)) $sql.= "("; - if (! $case) - $sql.= "nom LIKE '".$this->db->escape($name)."'"; + if ($similar) + { + // For test similitude + $sql.= "(LOCATE('".$name."', nom) > 0 OR LOCATE(nom, '".$name."') > 0)"; + } else - $sql.= "nom LIKE BINARY '".$this->db->escape($name)."'"; + { + if (! $case) + $sql.= "nom LIKE '".$this->db->escape($name)."'"; + else + $sql.= "nom LIKE BINARY '".$this->db->escape($name)."'"; + } } if (is_array($filters) && ! empty($filters)) { From 62f170d3d7dafed781c33e099adb3cb4bbecfb21 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 9 Oct 2012 20:23:02 +0200 Subject: [PATCH 23/24] Fix: add escape --- htdocs/societe/class/societe.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 8b915e48138..f985c1ec674 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -878,7 +878,7 @@ class Societe extends CommonObject if ($similar) { // For test similitude - $sql.= "(LOCATE('".$name."', nom) > 0 OR LOCATE(nom, '".$name."') > 0)"; + $sql.= "(LOCATE('".$this->db->escape($name)."', nom) > 0 OR LOCATE(nom, '".$this->db->escape($name)."') > 0)"; } else { From 10bd9423287a08a9ff9590ff6638b050c436ced8 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 10 Oct 2012 11:59:11 +0200 Subject: [PATCH 24/24] Fix: customer ref is very important for a best traceability --- .../core/modules/commande/doc/pdf_einstein.modules.php | 10 +++++++++- htdocs/core/modules/facture/doc/pdf_crabe.modules.php | 8 ++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php index 495e292d3f6..c28ccb38e7e 100644 --- a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php @@ -959,7 +959,15 @@ class pdf_einstein extends ModelePDFCommandes $posy+=1; $pdf->SetFont('','', $default_font_size - 1); - $posy+=5; + if ($object->ref_client) + { + $posy+=5; + $pdf->SetXY($posx,$posy); + $pdf->SetTextColor(0,0,60); + $pdf->MultiCell(100, 3, $outputlangs->transnoentities("RefCustomer")." : " . $outputlangs->convToOutputCharset($object->ref_client), '', 'R'); + } + + $posy+=4; $pdf->SetXY($posx,$posy); $pdf->SetTextColor(0,0,60); $pdf->MultiCell(100, 3, $outputlangs->transnoentities("OrderDate")." : " . dol_print_date($object->date,"%d %b %Y",false,$outputlangs,true), '', 'R'); diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php index f86af8d8c25..ec5b6330407 100755 --- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php @@ -1099,6 +1099,14 @@ class pdf_crabe extends ModelePDFFactures $posy+=1; $pdf->SetFont('','', $default_font_size - 1); + if ($object->ref_client) + { + $posy+=5; + $pdf->SetXY($posx,$posy); + $pdf->SetTextColor(0,0,60); + $pdf->MultiCell(100, 3, $outputlangs->transnoentities("RefCustomer")." : " . $outputlangs->convToOutputCharset($object->ref_client), '', 'R'); + } + $objectidnext=$object->getIdReplacingInvoice('validated'); if ($object->type == 0 && $objectidnext) {