From 0a912f4e8ab63fbb06625a859d6e1a9f5ca25d28 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 8 Feb 2020 18:18:22 +0100 Subject: [PATCH 01/15] Fix missing class --- htdocs/projet/element.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/projet/element.php b/htdocs/projet/element.php index dd89b3ca9c4..10137156233 100644 --- a/htdocs/projet/element.php +++ b/htdocs/projet/element.php @@ -54,6 +54,7 @@ if (! empty($conf->stock->enabled)) require_once DOL_DOCUMENT_ROOT.'/product/s if (! empty($conf->tax->enabled)) require_once DOL_DOCUMENT_ROOT.'/compta/sociales/class/chargesociales.class.php'; if (! empty($conf->banque->enabled)) require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/paymentvarious.class.php'; if (! empty($conf->salaries->enabled)) require_once DOL_DOCUMENT_ROOT.'/salaries/class/paymentsalary.class.php'; +if (! empty($conf->categorie->enabled)) require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; // Load translation files required by the page $langs->loadLangs(array('projects', 'companies', 'suppliers', 'compta')); From c2830f9e7941321d4277a87990e4d610a58eae0d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 8 Feb 2020 18:18:41 +0100 Subject: [PATCH 02/15] FIX Look and feel v11 --- htdocs/fichinter/card.php | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/htdocs/fichinter/card.php b/htdocs/fichinter/card.php index c096a889ab4..5e360739ea4 100644 --- a/htdocs/fichinter/card.php +++ b/htdocs/fichinter/card.php @@ -818,10 +818,7 @@ llxHeader('', $langs->trans("Intervention")); if ($action == 'create') { - /* - * Mode creation - * Creation d'une nouvelle fiche d'intervention - */ + // Create new intervention $soc = new Societe($db); @@ -831,11 +828,12 @@ if ($action == 'create') if ($socid) $res = $soc->fetch($socid); - if (GETPOST('origin') && GETPOST('originid')) + if (GETPOST('origin', 'alphanohtml') && GETPOST('originid', 'int')) { // Parse element/subelement (ex: project_task) - $element = $subelement = GETPOST('origin'); - if (preg_match('/^([^_]+)_([^_]+)/i', GETPOST('origin'), $regs)) + $regs = array(); + $element = $subelement = GETPOST('origin', 'alphanohtml'); + if (preg_match('/^([^_]+)_([^_]+)/i', GETPOST('origin', 'alphanohtml'), $regs)) { $element = $regs[1]; $subelement = $regs[2]; @@ -843,7 +841,7 @@ if ($action == 'create') if ($element == 'project') { - $projectid = GETPOST('originid'); + $projectid = GETPOST('originid', 'int'); } else { @@ -941,7 +939,7 @@ if ($action == 'create') $numprojet = $formproject->select_projects($soc->id, $projectid, 'projectid'); if ($numprojet == 0) { - print '   '.$langs->trans("AddProject").''; + print '   '; } print ''; } @@ -954,7 +952,7 @@ if ($action == 'create') $numcontrat = $formcontract->select_contract($soc->id, GETPOST('contratid', 'int'), 'contratid', 0, 1); if ($numcontrat == 0) { - print '   '.$langs->trans("AddContract").''; + print '   '; } print ''; } From 5c000159c1ffb8cf1452840ad99aefef63046061 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 9 Feb 2020 15:51:43 +0100 Subject: [PATCH 03/15] FIX Mail smtps truncated if content has a line with single . --- htdocs/core/class/CMailFile.class.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/htdocs/core/class/CMailFile.class.php b/htdocs/core/class/CMailFile.class.php index 2318cb90e19..f794c76bcac 100644 --- a/htdocs/core/class/CMailFile.class.php +++ b/htdocs/core/class/CMailFile.class.php @@ -205,7 +205,7 @@ class CMailFile if (empty($msg)) { dol_syslog("CMailFile::CMailfile: Try to send an email with empty body"); - $msg = '.'; // Avoid empty message (with empty message conten show a multipart structure) + $msg = '.'; // Avoid empty message (with empty message content, you will see a multipart structure) } // Detect if message is HTML (use fast method) @@ -227,7 +227,7 @@ class CMailFile //$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current // Replace relative /viewimage to absolute path - $msg = preg_replace('/src="'.preg_quote(DOL_URL_ROOT, '/').'\/viewimage\.php/ims', 'src="'.$urlwithroot.'/viewimage.php', $msg, -1, $nbrep); + $msg = preg_replace('/src="'.preg_quote(DOL_URL_ROOT, '/').'\/viewimage\.php/ims', 'src="'.$urlwithroot.'/viewimage.php', $msg, -1); if (!empty($conf->global->MAIN_MAIL_FORCE_CONTENT_TYPE_TO_HTML)) $this->msgishtml = 1; // To force to send everything with content type html. @@ -349,6 +349,9 @@ class CMailFile $msg = $this->checkIfHTML($msg); } + // Replace . alone on a new line with .. to avoid to have SMTP interpret this as end of message + $msg = preg_replace('/(\r|\n)\.(\r|\n)/ims', '\1..\2', $msg); + if ($this->msgishtml) $smtps->setBodyContent($msg, 'html'); else $smtps->setBodyContent($msg, 'plain'); From c7736dde41826ac6eca3e838e57eab2f0304e256 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 9 Feb 2020 18:28:34 +0100 Subject: [PATCH 04/15] =?UTF-8?q?FIX=20CVE-2019=E2=80=9317223?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/comm/action/card.php | 2 +- htdocs/core/class/commonobject.class.php | 2 +- htdocs/core/class/html.form.class.php | 8 +++++-- htdocs/core/lib/functions.lib.php | 30 +++++++++++++++++------- htdocs/core/tpl/notes.tpl.php | 11 +++++---- htdocs/theme/eldy/global.inc.php | 4 ++++ htdocs/theme/md/style.css.php | 4 ++++ htdocs/user/group/card.php | 4 +++- htdocs/user/group/ldap.php | 4 +++- htdocs/user/group/perms.php | 4 +++- htdocs/user/note.php | 6 ++--- 11 files changed, 55 insertions(+), 24 deletions(-) diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index 118ab6ededf..5527a7dd7f3 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -1789,7 +1789,7 @@ if ($id > 0) // Description print ''.$langs->trans("Description").''; - print dol_htmlentitiesbr($object->note); + print dol_string_onlythesehtmltags(dol_htmlentitiesbr($object->note_private)); print ''; // Other attributes diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 750fbc59135..2289d280139 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -337,7 +337,7 @@ abstract class CommonObject /** * @deprecated - * @see $note_public + * @see $note_private */ public $note; diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index cba66729d8c..7188be03507 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -298,9 +298,13 @@ class Form $firstline = preg_replace('/[\n\r].*/', '', $firstline); $tmpcontent = $firstline.((strlen($firstline) != strlen($tmpcontent)) ? '...' : ''); } - $ret .= $tmpcontent; + // We dont use dol_escape_htmltag to get the html formating active, but this need we must also + // clean data from some dangerous html + $ret .= dol_string_onlythesehtmltags(dol_htmlentitiesbr($tmpcontent)); + } + else { + $ret .= dol_escape_htmltag($value); } - else $ret .= dol_escape_htmltag($value); if ($formatfunc && method_exists($object, $formatfunc)) { diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index b05cc41ea5d..681fc28f92a 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -5559,22 +5559,27 @@ function dol_string_nohtmltag($stringtoclean, $removelinefeed = 1, $pagecodeto = /** * Clean a string to keep only desirable HTML tags. * - * @param string $stringtoclean String to clean - * @return string String cleaned + * @param string $stringtoclean String to clean + * @param string $cleanalsosomestyles Clean also some tags + * @return string String cleaned * * @see dol_escape_htmltag() strip_tags() dol_string_nohtmltag() dol_string_neverthesehtmltags() */ -function dol_string_onlythesehtmltags($stringtoclean) +function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1) { $allowed_tags = array( - "html", "head", "meta", "body", "article", "a", "b", "br", "div", "em", "font", "img", "ins", "hr", "i", "li", "link", + "html", "head", "meta", "body", "article", "a", "b", "br", "div", "dl", "dd", "dt", "em", "font", "img", "ins", "hr", "i", "li", "link", "ol", "p", "s", "section", "span", "strong", "title", "table", "tr", "th", "td", "u", "ul" ); - $allowed_tags_string = join("><", $allowed_tags); $allowed_tags_string = preg_replace('/^>/', '', $allowed_tags_string); $allowed_tags_string = preg_replace('/<$/', '', $allowed_tags_string); + $allowed_tags_string = '<'.$allowed_tags_string.'>'; + + if ($cleanalsosomestyles) { + $stringtoclean = preg_replace('/position\s*:\s*(absolute|fixed)\s*!\s*important/', '', $stringtoclean); // Note: If hacker try to introduce css comment into string to avoid this, string should be encoded by the dol_htmlentitiesbr so be harmless + } $temp = strip_tags($stringtoclean, $allowed_tags_string); @@ -5583,14 +5588,16 @@ function dol_string_onlythesehtmltags($stringtoclean) /** * Clean a string from some undesirable HTML tags. + * Note. Not enough secured as dol_string_onlythesehtmltags(). * - * @param string $stringtoclean String to clean - * @param array $disallowed_tags Array of tags not allowed - * @return string String cleaned + * @param string $stringtoclean String to clean + * @param array $disallowed_tags Array of tags not allowed + * @param string $cleanalsosomestyles Clean also some tags + * @return string String cleaned * * @see dol_escape_htmltag() strip_tags() dol_string_nohtmltag() dol_string_onlythesehtmltags() */ -function dol_string_neverthesehtmltags($stringtoclean, $disallowed_tags = array('textarea')) +function dol_string_neverthesehtmltags($stringtoclean, $disallowed_tags = array('textarea'), $cleanalsosomestyles = 0) { $temp = $stringtoclean; foreach ($disallowed_tags as $tagtoremove) @@ -5598,6 +5605,11 @@ function dol_string_neverthesehtmltags($stringtoclean, $disallowed_tags = array( $temp = preg_replace('/<\/?'.$tagtoremove.'>/', '', $temp); $temp = preg_replace('/<\/?'.$tagtoremove.'\s+[^>]*>/', '', $temp); } + + if ($cleanalsosomestyles) { + $temp = preg_replace('/position\s*:\s*(absolute|fixed)\s*!\s*important/', '', $temp); // Note: If hacker try to introduce css comment into string to avoid this, string should be encoded by the dol_htmlentitiesbr so be harmless + } + return $temp; } diff --git a/htdocs/core/tpl/notes.tpl.php b/htdocs/core/tpl/notes.tpl.php index 7663af1c48e..e19d28ce793 100644 --- a/htdocs/core/tpl/notes.tpl.php +++ b/htdocs/core/tpl/notes.tpl.php @@ -1,7 +1,7 @@ * Copyright (C) 2013 Florian Henry - * Copyright (C) 2014-2017 Laurent Destailleur + * Copyright (C) 2014-2020 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -78,20 +78,21 @@ print '
'."\n if ($module != 'product') { // No public note yet on products print '
'."\n"; - print '
'."\n"; + print '
'."\n"; print $form->editfieldkey("NotePublic", $note_public, $value_public, $object, $permission, $typeofdata, $moreparam, '', 0); print '
'."\n"; - print '
'."\n"; + print '
'."\n"; print $form->editfieldval("NotePublic", $note_public, $value_public, $object, $permission, $typeofdata, '', null, null, $moreparam, 1)."\n"; print '
'."\n"; print '
'."\n"; } if (empty($user->socid)) { + // Private notes (always hidden to external users) print '
'."\n"; - print '
'."\n"; + print '
'."\n"; print $form->editfieldkey("NotePrivate", $note_private, $value_private, $object, $permission, $typeofdata, $moreparam, '', 0); print '
'."\n"; - print '
'."\n"; + print '
'."\n"; print $form->editfieldval("NotePrivate", $note_private, $value_private, $object, $permission, $typeofdata, '', null, null, $moreparam, 1); print '
'."\n"; print '
'."\n"; diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index c6386ba7ea2..670734e6706 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -23,6 +23,10 @@ body { trans("DIRECTION").";\n"; ?> } +.sensiblehtmlcontent * { + position: static !important; +} + .thumbstat { font-weight: bold !important; } th a { font-weight: !important; } a.tab { font-weight: 500 !important; } diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index 2f76ee382e9..0293513109d 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -247,6 +247,10 @@ body { trans("DIRECTION").";\n"; ?> } +.sensiblehtmlcontent * { + position: static !important; +} + .thumbstat { font-weight: bold !important; } th a { font-weight: !important; } a.tab { font-weight: 500 !important; } diff --git a/htdocs/user/group/card.php b/htdocs/user/group/card.php index cd8607a764b..19c52b6fa7f 100644 --- a/htdocs/user/group/card.php +++ b/htdocs/user/group/card.php @@ -386,7 +386,9 @@ else // Note print ''.$langs->trans("Description").''; - print ''.dol_htmlentitiesbr($object->note).' '; + print ''; + print dol_string_onlythesehtmltags(dol_htmlentitiesbr($object->note)); + print ''; print "\n"; // Other attributes diff --git a/htdocs/user/group/ldap.php b/htdocs/user/group/ldap.php index 448f38aea50..eca923f68be 100644 --- a/htdocs/user/group/ldap.php +++ b/htdocs/user/group/ldap.php @@ -126,7 +126,9 @@ if (! empty($conf->mutlicompany->enabled)) // Note print ''.$langs->trans("Description").''; -print ''.dol_htmlentitiesbr($object->note).''; +print ''; +print dol_string_onlythesehtmltags(dol_htmlentitiesbr($object->note)); +print ''; print "\n"; // LDAP DN diff --git a/htdocs/user/group/perms.php b/htdocs/user/group/perms.php index 39dc2e61f9f..576cbebff8d 100644 --- a/htdocs/user/group/perms.php +++ b/htdocs/user/group/perms.php @@ -212,7 +212,9 @@ if ($object->id > 0) // Note print ''.$langs->trans("Description").''; - print ''.dol_htmlentitiesbr($object->note).''; + print ''; + print dol_string_onlythesehtmltags(dol_htmlentitiesbr($object->note)); + print ''; print "\n"; print '
'; diff --git a/htdocs/user/note.php b/htdocs/user/note.php index cdf6f65b9a1..dc2f11b96fa 100644 --- a/htdocs/user/note.php +++ b/htdocs/user/note.php @@ -111,19 +111,19 @@ if ($id) // Note print ''.$langs->trans("Note").''; - print ''; + print ''; if ($action == 'edit' && $user->rights->user->user->creer) { print ""; print "id."\">"; // Editeur wysiwyg require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; - $doleditor=new DolEditor('note_private', $object->note, '', 280, 'dolibarr_notes', 'In', true, false, $conf->global->FCKEDITOR_ENABLE_SOCIETE, ROWS_8, '90%'); + $doleditor=new DolEditor('note_private', $object->note_private, '', 280, 'dolibarr_notes', 'In', true, false, $conf->global->FCKEDITOR_ENABLE_SOCIETE, ROWS_8, '90%'); $doleditor->Create(); } else { - print dol_htmlentitiesbr($object->note); + print dol_string_onlythesehtmltags(dol_htmlentitiesbr($object->note_private)); } print ""; From 8645fd8946eab2d2edb39ba7a3cf59282fa8b994 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 9 Feb 2020 18:28:34 +0100 Subject: [PATCH 05/15] =?UTF-8?q?FIX=20CVE-2019=E2=80=9317223=20FIX=20#130?= =?UTF-8?q?53?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/comm/action/card.php | 2 +- htdocs/core/class/commonobject.class.php | 2 +- htdocs/core/class/html.form.class.php | 8 +++++-- htdocs/core/lib/functions.lib.php | 30 +++++++++++++++++------- htdocs/core/tpl/notes.tpl.php | 11 +++++---- htdocs/theme/eldy/global.inc.php | 4 ++++ htdocs/theme/md/style.css.php | 4 ++++ htdocs/user/group/card.php | 4 +++- htdocs/user/group/ldap.php | 4 +++- htdocs/user/group/perms.php | 4 +++- htdocs/user/note.php | 6 ++--- 11 files changed, 55 insertions(+), 24 deletions(-) diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index 118ab6ededf..5527a7dd7f3 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -1789,7 +1789,7 @@ if ($id > 0) // Description print ''.$langs->trans("Description").''; - print dol_htmlentitiesbr($object->note); + print dol_string_onlythesehtmltags(dol_htmlentitiesbr($object->note_private)); print ''; // Other attributes diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 750fbc59135..2289d280139 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -337,7 +337,7 @@ abstract class CommonObject /** * @deprecated - * @see $note_public + * @see $note_private */ public $note; diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index cba66729d8c..7188be03507 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -298,9 +298,13 @@ class Form $firstline = preg_replace('/[\n\r].*/', '', $firstline); $tmpcontent = $firstline.((strlen($firstline) != strlen($tmpcontent)) ? '...' : ''); } - $ret .= $tmpcontent; + // We dont use dol_escape_htmltag to get the html formating active, but this need we must also + // clean data from some dangerous html + $ret .= dol_string_onlythesehtmltags(dol_htmlentitiesbr($tmpcontent)); + } + else { + $ret .= dol_escape_htmltag($value); } - else $ret .= dol_escape_htmltag($value); if ($formatfunc && method_exists($object, $formatfunc)) { diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index b05cc41ea5d..681fc28f92a 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -5559,22 +5559,27 @@ function dol_string_nohtmltag($stringtoclean, $removelinefeed = 1, $pagecodeto = /** * Clean a string to keep only desirable HTML tags. * - * @param string $stringtoclean String to clean - * @return string String cleaned + * @param string $stringtoclean String to clean + * @param string $cleanalsosomestyles Clean also some tags + * @return string String cleaned * * @see dol_escape_htmltag() strip_tags() dol_string_nohtmltag() dol_string_neverthesehtmltags() */ -function dol_string_onlythesehtmltags($stringtoclean) +function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1) { $allowed_tags = array( - "html", "head", "meta", "body", "article", "a", "b", "br", "div", "em", "font", "img", "ins", "hr", "i", "li", "link", + "html", "head", "meta", "body", "article", "a", "b", "br", "div", "dl", "dd", "dt", "em", "font", "img", "ins", "hr", "i", "li", "link", "ol", "p", "s", "section", "span", "strong", "title", "table", "tr", "th", "td", "u", "ul" ); - $allowed_tags_string = join("><", $allowed_tags); $allowed_tags_string = preg_replace('/^>/', '', $allowed_tags_string); $allowed_tags_string = preg_replace('/<$/', '', $allowed_tags_string); + $allowed_tags_string = '<'.$allowed_tags_string.'>'; + + if ($cleanalsosomestyles) { + $stringtoclean = preg_replace('/position\s*:\s*(absolute|fixed)\s*!\s*important/', '', $stringtoclean); // Note: If hacker try to introduce css comment into string to avoid this, string should be encoded by the dol_htmlentitiesbr so be harmless + } $temp = strip_tags($stringtoclean, $allowed_tags_string); @@ -5583,14 +5588,16 @@ function dol_string_onlythesehtmltags($stringtoclean) /** * Clean a string from some undesirable HTML tags. + * Note. Not enough secured as dol_string_onlythesehtmltags(). * - * @param string $stringtoclean String to clean - * @param array $disallowed_tags Array of tags not allowed - * @return string String cleaned + * @param string $stringtoclean String to clean + * @param array $disallowed_tags Array of tags not allowed + * @param string $cleanalsosomestyles Clean also some tags + * @return string String cleaned * * @see dol_escape_htmltag() strip_tags() dol_string_nohtmltag() dol_string_onlythesehtmltags() */ -function dol_string_neverthesehtmltags($stringtoclean, $disallowed_tags = array('textarea')) +function dol_string_neverthesehtmltags($stringtoclean, $disallowed_tags = array('textarea'), $cleanalsosomestyles = 0) { $temp = $stringtoclean; foreach ($disallowed_tags as $tagtoremove) @@ -5598,6 +5605,11 @@ function dol_string_neverthesehtmltags($stringtoclean, $disallowed_tags = array( $temp = preg_replace('/<\/?'.$tagtoremove.'>/', '', $temp); $temp = preg_replace('/<\/?'.$tagtoremove.'\s+[^>]*>/', '', $temp); } + + if ($cleanalsosomestyles) { + $temp = preg_replace('/position\s*:\s*(absolute|fixed)\s*!\s*important/', '', $temp); // Note: If hacker try to introduce css comment into string to avoid this, string should be encoded by the dol_htmlentitiesbr so be harmless + } + return $temp; } diff --git a/htdocs/core/tpl/notes.tpl.php b/htdocs/core/tpl/notes.tpl.php index 7663af1c48e..e19d28ce793 100644 --- a/htdocs/core/tpl/notes.tpl.php +++ b/htdocs/core/tpl/notes.tpl.php @@ -1,7 +1,7 @@ * Copyright (C) 2013 Florian Henry - * Copyright (C) 2014-2017 Laurent Destailleur + * Copyright (C) 2014-2020 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -78,20 +78,21 @@ print '
'."\n if ($module != 'product') { // No public note yet on products print '
'."\n"; - print '
'."\n"; + print '
'."\n"; print $form->editfieldkey("NotePublic", $note_public, $value_public, $object, $permission, $typeofdata, $moreparam, '', 0); print '
'."\n"; - print '
'."\n"; + print '
'."\n"; print $form->editfieldval("NotePublic", $note_public, $value_public, $object, $permission, $typeofdata, '', null, null, $moreparam, 1)."\n"; print '
'."\n"; print '
'."\n"; } if (empty($user->socid)) { + // Private notes (always hidden to external users) print '
'."\n"; - print '
'."\n"; + print '
'."\n"; print $form->editfieldkey("NotePrivate", $note_private, $value_private, $object, $permission, $typeofdata, $moreparam, '', 0); print '
'."\n"; - print '
'."\n"; + print '
'."\n"; print $form->editfieldval("NotePrivate", $note_private, $value_private, $object, $permission, $typeofdata, '', null, null, $moreparam, 1); print '
'."\n"; print '
'."\n"; diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index c6386ba7ea2..670734e6706 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -23,6 +23,10 @@ body { trans("DIRECTION").";\n"; ?> } +.sensiblehtmlcontent * { + position: static !important; +} + .thumbstat { font-weight: bold !important; } th a { font-weight: !important; } a.tab { font-weight: 500 !important; } diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index 2f76ee382e9..0293513109d 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -247,6 +247,10 @@ body { trans("DIRECTION").";\n"; ?> } +.sensiblehtmlcontent * { + position: static !important; +} + .thumbstat { font-weight: bold !important; } th a { font-weight: !important; } a.tab { font-weight: 500 !important; } diff --git a/htdocs/user/group/card.php b/htdocs/user/group/card.php index cd8607a764b..19c52b6fa7f 100644 --- a/htdocs/user/group/card.php +++ b/htdocs/user/group/card.php @@ -386,7 +386,9 @@ else // Note print ''.$langs->trans("Description").''; - print ''.dol_htmlentitiesbr($object->note).' '; + print ''; + print dol_string_onlythesehtmltags(dol_htmlentitiesbr($object->note)); + print ''; print "\n"; // Other attributes diff --git a/htdocs/user/group/ldap.php b/htdocs/user/group/ldap.php index 448f38aea50..eca923f68be 100644 --- a/htdocs/user/group/ldap.php +++ b/htdocs/user/group/ldap.php @@ -126,7 +126,9 @@ if (! empty($conf->mutlicompany->enabled)) // Note print ''.$langs->trans("Description").''; -print ''.dol_htmlentitiesbr($object->note).''; +print ''; +print dol_string_onlythesehtmltags(dol_htmlentitiesbr($object->note)); +print ''; print "\n"; // LDAP DN diff --git a/htdocs/user/group/perms.php b/htdocs/user/group/perms.php index 39dc2e61f9f..576cbebff8d 100644 --- a/htdocs/user/group/perms.php +++ b/htdocs/user/group/perms.php @@ -212,7 +212,9 @@ if ($object->id > 0) // Note print ''.$langs->trans("Description").''; - print ''.dol_htmlentitiesbr($object->note).''; + print ''; + print dol_string_onlythesehtmltags(dol_htmlentitiesbr($object->note)); + print ''; print "\n"; print '
'; diff --git a/htdocs/user/note.php b/htdocs/user/note.php index cdf6f65b9a1..dc2f11b96fa 100644 --- a/htdocs/user/note.php +++ b/htdocs/user/note.php @@ -111,19 +111,19 @@ if ($id) // Note print ''.$langs->trans("Note").''; - print ''; + print ''; if ($action == 'edit' && $user->rights->user->user->creer) { print ""; print "id."\">"; // Editeur wysiwyg require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; - $doleditor=new DolEditor('note_private', $object->note, '', 280, 'dolibarr_notes', 'In', true, false, $conf->global->FCKEDITOR_ENABLE_SOCIETE, ROWS_8, '90%'); + $doleditor=new DolEditor('note_private', $object->note_private, '', 280, 'dolibarr_notes', 'In', true, false, $conf->global->FCKEDITOR_ENABLE_SOCIETE, ROWS_8, '90%'); $doleditor->Create(); } else { - print dol_htmlentitiesbr($object->note); + print dol_string_onlythesehtmltags(dol_htmlentitiesbr($object->note_private)); } print ""; From 94d6fa06dc75e5f63bc20d33212a5ffed27d85e9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 9 Feb 2020 18:34:53 +0100 Subject: [PATCH 06/15] FIX #13022 --- htdocs/admin/supplier_order.php | 2 ++ htdocs/core/actions_setmoduleoptions.inc.php | 1 + 2 files changed, 3 insertions(+) diff --git a/htdocs/admin/supplier_order.php b/htdocs/admin/supplier_order.php index 55c14a22e4d..c714e469929 100644 --- a/htdocs/admin/supplier_order.php +++ b/htdocs/admin/supplier_order.php @@ -54,6 +54,8 @@ $specimenthirdparty->initAsSpecimen(); * Actions */ +include DOL_DOCUMENT_ROOT.'/core/actions_setmoduleoptions.inc.php'; + if ($action == 'updateMask') { $maskconstorder = GETPOST('maskconstorder', 'alpha'); diff --git a/htdocs/core/actions_setmoduleoptions.inc.php b/htdocs/core/actions_setmoduleoptions.inc.php index e0232ee5c87..ce4a5af49d5 100644 --- a/htdocs/core/actions_setmoduleoptions.inc.php +++ b/htdocs/core/actions_setmoduleoptions.inc.php @@ -64,6 +64,7 @@ if ($action == 'setModuleOptions') { foreach($_POST as $key => $val) { + $reg = array(); if (preg_match('/^param(\d*)$/', $key, $reg)) // Works for POST['param'], POST['param1'], POST['param2'], ... { $param=GETPOST("param".$reg[1], 'alpha'); From d49943ab37fcad2930660c8fc17a0b2d1a88fd02 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 9 Feb 2020 18:38:27 +0100 Subject: [PATCH 07/15] FIX #13019 --- htdocs/core/class/utils.class.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/core/class/utils.class.php b/htdocs/core/class/utils.class.php index 2ac64565e9c..bd0dec24495 100644 --- a/htdocs/core/class/utils.class.php +++ b/htdocs/core/class/utils.class.php @@ -388,7 +388,9 @@ class Utils if ($compression == 'none') fclose($handle); if ($compression == 'gz') gzclose($handle); if ($compression == 'bz') bzclose($handle); - if ($ok && preg_match('/^-- MySql/i', $errormsg)) $errormsg = ''; // Pas erreur + if ($ok && preg_match('/^-- (MySql|MariaDB)/i', $errormsg)) { // No error + $errormsg = ''; + } else { // Renommer fichier sortie en fichier erreur From 07fbaa02d144090c71a5f9f956e39770e1af23a5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 9 Feb 2020 19:36:12 +0100 Subject: [PATCH 08/15] FIX #13050 --- htdocs/main.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 4e1745413ce..01a999c6a8b 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -553,7 +553,7 @@ if (!defined('NOLOGIN')) // Validation of login/pass/entity // If ok, the variable login will be returned // If error, we will put error message in session under the name dol_loginmesg - if ($test && $goontestloop && GETPOST('actionlogin', 'aZ09') == 'login') + if ($test && $goontestloop && (GETPOST('actionlogin', 'aZ09') == 'login' || $dolibarr_main_authentication != 'dolibarr')) { $login = checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode); if ($login) From 5432ab3b05776eda842f3574331ec10451b5f710 Mon Sep 17 00:00:00 2001 From: AdrianDominik Date: Mon, 10 Feb 2020 11:18:59 +0100 Subject: [PATCH 09/15] FIX: #13018 Extrafields Supplier invoice --- htdocs/fourn/class/fournisseur.facture.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index b64bd1277c0..70b65d823ce 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -1953,7 +1953,7 @@ class FactureFournisseur extends CommonInvoice if (is_array($array_options) && count($array_options) > 0) { // We replace values in this->line->array_options only for entries defined into $array_options foreach($array_options as $key => $value) { - $this->line->array_options[$key] = $array_options[$key]; + $line->array_options[$key] = $array_options[$key]; } } From 918e570e7a1bceb7b19d84d035a999e4e68c159e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 10 Feb 2020 12:56:08 +0100 Subject: [PATCH 10/15] FIX Picture of contact not visible in tooltip --- htdocs/contact/class/contact.class.php | 11 +++++++++-- htdocs/contact/list.php | 6 ++++-- htdocs/societe/class/societe.class.php | 2 +- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 465dc4a1e16..9c6602f7a2e 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -1272,9 +1272,16 @@ class Contact extends CommonObject { global $conf, $langs, $hookmanager; - $result = ''; + $result = ''; $label = ''; - $label = ''.$langs->trans("ShowContact").''; + if (!empty($this->photo) && class_exists('Form')) + { + $label .= '
'; + $label .= Form::showphoto('contact', $this, 0, 40, 0, '', 'mini', 0); // Important, we must force height so image will have height tags and if image is inside a tooltip, the tooltip manager can calculate height and position correctly the tooltip. + $label .= '
'; + } + + $label .= ''.$langs->trans("ShowContact").''; $label .= '
'.$langs->trans("Name").': '.$this->getFullName($langs); //if ($this->civility_id) $label.= '
' . $langs->trans("Civility") . ': '.$this->civility_id; // TODO Translate cibilty_id code if (!empty($this->poste)) $label .= '
'.$langs->trans("Poste").': '.$this->poste; diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index 1d0c3839f4f..9903e37cd5e 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -290,7 +290,7 @@ $title = (!empty($conf->global->SOCIETE_ADDRESSES_MANAGEMENT) ? $langs->trans("C $sql = "SELECT s.rowid as socid, s.nom as name,"; $sql .= " p.rowid, p.lastname as lastname, p.statut, p.firstname, p.zip, p.town, p.poste, p.email, p.no_email,"; -$sql .= " p.socialnetworks,"; +$sql .= " p.socialnetworks, p.photo,"; $sql .= " p.phone as phone_pro, p.phone_mobile, p.phone_perso, p.fax, p.fk_pays, p.priv, p.datec as date_creation, p.tms as date_update,"; $sql .= " co.label as country, co.code as country_code"; // Add fields from extrafields @@ -786,7 +786,6 @@ while ($i < min($num, $limit)) { $obj = $db->fetch_object($result); - print ''; $arraysocialnetworks = (array) json_decode($obj->socialnetworks, true); $contactstatic->lastname = $obj->lastname; $contactstatic->firstname = ''; @@ -802,6 +801,9 @@ while ($i < min($num, $limit)) $contactstatic->socialnetworks = $arraysocialnetworks; $contactstatic->country = $obj->country; $contactstatic->country_code = $obj->country_code; + $contactstatic->photo = $obj->photo; + + print ''; // ID if (!empty($arrayfields['p.rowid']['checked'])) diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 6f9b9ad26b8..2fa87eb8086 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -2252,7 +2252,7 @@ class Societe extends CommonObject if (!empty($this->logo) && class_exists('Form')) { $label .= '
'; - $label .= Form::showphoto('societe', $this, 0, 40, 0, 'photowithmargin', 'mini', 0); // Important, we must force height so image will have height tags and if image is inside a tooltip, the tooltip manager can calculate height and position correctly the tooltip. + $label .= Form::showphoto('societe', $this, 0, 40, 0, '', 'mini', 0); // Important, we must force height so image will have height tags and if image is inside a tooltip, the tooltip manager can calculate height and position correctly the tooltip. $label .= '
'; } elseif (!empty($this->logo_squarred) && class_exists('Form')) From b9a8d82b2f15c3dfe8c3991a2fc5dc62b9ab5e71 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 10 Feb 2020 13:29:26 +0100 Subject: [PATCH 11/15] FIX Filter on list of events were lost after "Back to list" --- htdocs/comm/action/list.php | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php index 6df7aaa55ba..95a3e6dbe09 100644 --- a/htdocs/comm/action/list.php +++ b/htdocs/comm/action/list.php @@ -43,7 +43,7 @@ $action = GETPOST('action', 'alpha'); $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'actioncommlist'; // To manage different context of search $resourceid = GETPOST("search_resourceid", "int") ?GETPOST("search_resourceid", "int") : GETPOST("resourceid", "int"); $pid = GETPOST("search_projectid", 'int', 3) ?GETPOST("search_projectid", 'int', 3) : GETPOST("projectid", 'int', 3); -$status = (GETPOST("search_status", 'alpha') != '') ?GETPOST("search_status", 'alpha') : GETPOST("status", 'alpha'); +$search_status = (GETPOST("search_status", 'alpha') != '') ?GETPOST("search_status", 'alpha') : GETPOST("status", 'alpha'); $type = GETPOST('search_type', 'alphanohtml') ?GETPOST('search_type', 'alphanohtml') : GETPOST('type', 'alphanohtml'); $optioncss = GETPOST('optioncss', 'alpha'); $year = GETPOST("year", 'int'); @@ -67,8 +67,8 @@ $search_note = GETPOST('search_note', 'alpha'); $dateselect = dol_mktime(0, 0, 0, GETPOST('dateselectmonth', 'int'), GETPOST('dateselectday', 'int'), GETPOST('dateselectyear', 'int')); $datestart = dol_mktime(0, 0, 0, GETPOST('datestartmonth', 'int'), GETPOST('datestartday', 'int'), GETPOST('datestartyear', 'int')); $dateend = dol_mktime(0, 0, 0, GETPOST('dateendmonth', 'int'), GETPOST('dateendday', 'int'), GETPOST('dateendyear', 'int')); -if ($status == '' && !isset($_GET['status']) && !isset($_POST['status'])) $status = (empty($conf->global->AGENDA_DEFAULT_FILTER_STATUS) ? '' : $conf->global->AGENDA_DEFAULT_FILTER_STATUS); -if (empty($action) && !isset($_GET['action']) && !isset($_POST['action'])) $action = (empty($conf->global->AGENDA_DEFAULT_VIEW) ? 'show_month' : $conf->global->AGENDA_DEFAULT_VIEW); +if ($search_status == '' && ! GETPOSTISSET('search_status')) $search_status = (empty($conf->global->AGENDA_DEFAULT_FILTER_STATUS) ? '' : $conf->global->AGENDA_DEFAULT_FILTER_STATUS); +if (empty($action) && ! GETPOSTISSET('action')) $action = (empty($conf->global->AGENDA_DEFAULT_VIEW) ? 'show_month' : $conf->global->AGENDA_DEFAULT_VIEW); $filter = GETPOST("search_filter", 'alpha', 3) ?GETPOST("search_filter", 'alpha', 3) : GETPOST("filter", 'alpha', 3); $filtert = GETPOST("search_filtert", "int", 3) ?GETPOST("search_filtert", "int", 3) : GETPOST("filtert", "int", 3); @@ -100,12 +100,12 @@ $offset = $limit * $page; if (!$sortorder) { $sortorder = "DESC,DESC"; - if ($status == 'todo') $sortorder = "DESC,DESC"; + if ($search_status == 'todo') $sortorder = "DESC,DESC"; } if (!$sortfield) { $sortfield = "a.datep,a.id"; - if ($status == 'todo') $sortfield = "a.datep,a.id"; + if ($search_status == 'todo') $sortfield = "a.datep,a.id"; } // Security check @@ -184,7 +184,7 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x' $search_note = ''; $datestart = ''; $dateend = ''; - $status = ''; + $search_status = ''; $search_array_options = array(); } @@ -218,7 +218,7 @@ if ($actioncode != '') { } else $param .= "&search_actioncode=".urlencode($actioncode); } if ($resourceid > 0) $param .= "&search_resourceid=".urlencode($resourceid); -if ($status != '' && $status > -1) $param .= "&search_status=".urlencode($status); +if ($search_status != '' && $search_status > -1) $param .= "&search_status=".urlencode($search_status); if ($filter) $param .= "&search_filter=".urlencode($filter); if ($filtert) $param .= "&search_filtert=".urlencode($filtert); if ($socid) $param .= "&search_socid=".urlencode($socid); @@ -309,12 +309,12 @@ if ($socid > 0) $sql .= " AND s.rowid = ".$socid; // We must filter on assignement table if ($filtert > 0 || $usergroup > 0) $sql .= " AND ar.fk_actioncomm = a.id AND ar.element_type='user'"; if ($type) $sql .= " AND c.id = ".(int) $type; -if ($status == '0') { $sql .= " AND a.percent = 0"; } -if ($status == '-1') { $sql .= " AND a.percent = -1"; } // Not applicable -if ($status == '50') { $sql .= " AND (a.percent > 0 AND a.percent < 100)"; } // Running already started -if ($status == '100') { $sql .= " AND a.percent = 100"; } -if ($status == 'done') { $sql .= " AND (a.percent = 100)"; } -if ($status == 'todo') { $sql .= " AND (a.percent >= 0 AND a.percent < 100)"; } +if ($search_status == '0') { $sql .= " AND a.percent = 0"; } +if ($search_status == '-1') { $sql .= " AND a.percent = -1"; } // Not applicable +if ($search_status == '50') { $sql .= " AND (a.percent > 0 AND a.percent < 100)"; } // Running already started +if ($search_status == '100') { $sql .= " AND a.percent = 100"; } +if ($search_status == 'done') { $sql .= " AND (a.percent = 100)"; } +if ($search_status == 'todo') { $sql .= " AND (a.percent >= 0 AND a.percent < 100)"; } if ($search_id) $sql .= natural_search("a.id", $search_id, 1); if ($search_title) $sql .= natural_search("a.label", $search_title); if ($search_note) $sql .= natural_search('a.note', $search_note); @@ -397,7 +397,7 @@ if ($resql) print $nav; dol_fiche_head($head, $tabactive, $langs->trans('Agenda'), 0, 'action'); - print_actions_filter($form, $canedit, $status, $year, $month, $day, $showbirthday, 0, $filtert, 0, $pid, $socid, $action, -1, $actioncode, $usergroup, '', $resourceid); + print_actions_filter($form, $canedit, $search_status, $year, $month, $day, $showbirthday, 0, $filtert, 0, $pid, $socid, $action, -1, $actioncode, $usergroup, '', $resourceid); dol_fiche_end(); // Add link to show birthdays @@ -488,8 +488,8 @@ if ($resql) if (!empty($arrayfields['a.tms']['checked'])) print ''; if (!empty($arrayfields['a.percent']['checked'])) { print ''; - $formactions->form_select_status_action('formaction', $status, 1, 'status', 1, 2, 'minwidth100imp maxwidth125'); - print ajax_combobox('selectstatus'); + $formactions->form_select_status_action('formaction', $search_status, 1, 'search_status', 1, 2, 'minwidth100imp maxwidth125'); + print ajax_combobox('selectsearch_status'); print ''; } // Action column From 644b27bcf9386f678abed5006233d7533116cbd6 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 10 Feb 2020 13:34:09 +0100 Subject: [PATCH 12/15] Fix look and feel v11 --- htdocs/comm/action/card.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index 5527a7dd7f3..e44e5c3a973 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -1449,10 +1449,10 @@ if ($id > 0) $langs->load("projects"); print ''.$langs->trans("Project").''; - $numprojet = $formproject->select_projects(($object->socid > 0 ? $object->socid : -1), $object->fk_project, 'projectid', 0, 0, 1, 0, 0, 0, 0, '', 0); + $numprojet = $formproject->select_projects(($object->socid > 0 ? $object->socid : -1), $object->fk_project, 'projectid', 0, 0, 1, 0, 0, 0, 0, '', 0, 0, 'maxwidth500'); if ($numprojet == 0) { - print '   '.$langs->trans("AddProject").''; + print '   '; } print ''; } From ee7aa142476b7f33eb1787f9b2570e6743081a0f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 10 Feb 2020 21:28:49 +0100 Subject: [PATCH 13/15] Fix color of status --- htdocs/contrat/class/contrat.class.php | 8 ++++---- htdocs/product/stats/contrat.php | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index bb506884cab..e40eba40ee2 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -2749,8 +2749,8 @@ class ContratLigne extends CommonObjectLine /** * Return label of this contract line status * - * @param int $mode 0=libelle long, 1=libelle court, 2=Picto + Libelle court, 3=Picto, 4=Picto + Libelle long, 5=Libelle court + Picto - * @return string Libelle + * @param int $mode 0=long label, 1=short label, 2=Picto + short label, 3=Picto, 4=Picto + long label, 5=Short label + Picto, 6=Long label + Picto + * @return string Label of status */ public function getLibStatut($mode) { @@ -2762,10 +2762,10 @@ class ContratLigne extends CommonObjectLine * Return label of a contract line status * * @param int $status Id status - * @param int $mode 0=libelle long, 1=libelle court, 2=Picto + Libelle court, 3=Picto, 4=Picto + Libelle long, 5=Libelle court + Picto + * @param int $mode 0=long label, 1=short label, 2=Picto + short label, 3=Picto, 4=Picto + long label, 5=Short label + Picto, 6=Long label + Picto * @param int $expired 0=Not expired, 1=Expired, -1=Both or unknown * @param string $moreatt More attribute - * @return string Libelle + * @return string Label of status */ public static function LibStatut($status, $mode, $expired = -1, $moreatt = '') { diff --git a/htdocs/product/stats/contrat.php b/htdocs/product/stats/contrat.php index a478a542f0f..e5e37e44242 100644 --- a/htdocs/product/stats/contrat.php +++ b/htdocs/product/stats/contrat.php @@ -183,9 +183,9 @@ if ($id > 0 || !empty($ref)) print_liste_field_titre("CustomerCode", $_SERVER["PHP_SELF"], "s.code_client", "", "&id=".$product->id, '', $sortfield, $sortorder); print_liste_field_titre("Date", $_SERVER["PHP_SELF"], "c.date_contrat", "", "&id=".$product->id, 'align="center"', $sortfield, $sortorder); //print_liste_field_titre("AmountHT"),$_SERVER["PHP_SELF"],"c.amount","","&id=".$product->id,'align="right"',$sortfield,$sortorder); - print_liste_field_titre($staticcontratligne->LibStatut(0, 3), $_SERVER["PHP_SELF"], "", '', '', 'align="center" width="16"', $sortfield, $sortorder, 'maxwidthsearch '); - print_liste_field_titre($staticcontratligne->LibStatut(4, 3), $_SERVER["PHP_SELF"], "", '', '', 'align="center" width="16"', $sortfield, $sortorder, 'maxwidthsearch '); - print_liste_field_titre($staticcontratligne->LibStatut(5, 3), $_SERVER["PHP_SELF"], "", '', '', 'align="center" width="16"', $sortfield, $sortorder, 'maxwidthsearch '); + print_liste_field_titre($staticcontratligne->LibStatut($staticcontratligne::STATUS_INITIAL, 3, -1, 'class="nochangebackground"'), $_SERVER["PHP_SELF"], "", '', '', 'align="center" width="16"', $sortfield, $sortorder, 'maxwidthsearch '); + print_liste_field_titre($staticcontratligne->LibStatut($staticcontratligne::STATUS_OPEN, 3, -1, 'class="nochangebackground"'), $_SERVER["PHP_SELF"], "", '', '', 'align="center" width="16"', $sortfield, $sortorder, 'maxwidthsearch '); + print_liste_field_titre($staticcontratligne->LibStatut($staticcontratligne::STATUS_CLOSED, 3, -1, 'class="nochangebackground"'), $_SERVER["PHP_SELF"], "", '', '', 'align="center" width="16"', $sortfield, $sortorder, 'maxwidthsearch '); print "\n"; $contracttmp = new Contrat($db); From 03ee488d5f2350e4ef9e2bc358159e13936540ce Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 11 Feb 2020 10:40:14 +0100 Subject: [PATCH 14/15] Fix look and feel v11 --- htdocs/exports/export.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/exports/export.php b/htdocs/exports/export.php index 525a5b17c9e..5373ea3a3b2 100644 --- a/htdocs/exports/export.php +++ b/htdocs/exports/export.php @@ -938,7 +938,7 @@ if ($step == 4 && $datatoexport) // List of filtered fiels if (isset($objexport->array_export_TypeFields[0]) && is_array($objexport->array_export_TypeFields[0])) { - print ''.$langs->trans("FilteredFields").''; + print ''.$langs->trans("FilteredFields").''; $list = ''; if (!empty($array_filtervalue)) { @@ -952,7 +952,7 @@ if ($step == 4 && $datatoexport) } } } - print ''.(!empty($list) ? $list : $langs->trans("None")).''; + print ''.(!empty($list) ? $list : ''.$langs->trans("None").'').''; print ''; } From 3c865cbf722937d75c5e036f1fce47a8882d4ef1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 11 Feb 2020 16:51:38 +0100 Subject: [PATCH 15/15] Fix button cancel and re-open --- htdocs/mrp/mo_card.php | 2 +- htdocs/mrp/mo_production.php | 25 +++++++++++++++++++------ 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/htdocs/mrp/mo_card.php b/htdocs/mrp/mo_card.php index abaf216b7ab..ca3278c241b 100644 --- a/htdocs/mrp/mo_card.php +++ b/htdocs/mrp/mo_card.php @@ -620,7 +620,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print ''.$langs->trans("ToClone").''; } - // Cancel + // Cancel - Reopen if ($permissiontoadd) { if ($object->status == $object::STATUS_VALIDATED || $object->status == $object::STATUS_INPROGRESS) diff --git a/htdocs/mrp/mo_production.php b/htdocs/mrp/mo_production.php index 873b154ffeb..278b32043d0 100644 --- a/htdocs/mrp/mo_production.php +++ b/htdocs/mrp/mo_production.php @@ -551,12 +551,25 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print ''.$langs->trans('ConsumeAndProduceAll').''; } - // Reopen - if ($object->status == Mo::STATUS_PRODUCED) { - if ($permissiontoproduce) { - print ''.$langs->trans('ReOpen').''; - } else { - print ''.$langs->trans('ReOpen').''; + // Cancel - Reopen + if ($permissiontoadd) + { + if ($object->status == $object::STATUS_VALIDATED || $object->status == $object::STATUS_INPROGRESS) + { + print ''.$langs->trans("Cancel").''."\n"; + } + + if ($object->status == $object::STATUS_CANCELED) + { + print ''.$langs->trans("Re-Open").''."\n"; + } + + if ($object->status == $object::STATUS_PRODUCED) { + if ($permissiontoproduce) { + print ''.$langs->trans('ReOpen').''; + } else { + print ''.$langs->trans('ReOpen').''; + } } } }