From e83559afb0ab7963a0187dbdcb4f8d5ea89f72fa Mon Sep 17 00:00:00 2001 From: Quentin VIAL-GOUTEYRON Date: Thu, 9 Feb 2023 15:20:07 +0100 Subject: [PATCH 1/6] FIX strato pdf --- htdocs/core/modules/contract/doc/pdf_strato.modules.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/htdocs/core/modules/contract/doc/pdf_strato.modules.php b/htdocs/core/modules/contract/doc/pdf_strato.modules.php index 1875cfb833c..e9c53f4b354 100644 --- a/htdocs/core/modules/contract/doc/pdf_strato.modules.php +++ b/htdocs/core/modules/contract/doc/pdf_strato.modules.php @@ -230,7 +230,7 @@ class pdf_strato extends ModelePDFContract $default_font_size = pdf_getPDFFontSize($outputlangs); // Must be after pdf_getInstance $heightforinfotot = 50; // Height reserved to output the info and total part $heightforfreetext = (isset($conf->global->MAIN_PDF_FREETEXT_HEIGHT) ? $conf->global->MAIN_PDF_FREETEXT_HEIGHT : 5); // Height reserved to output the free text on last page - $heightforfooter = $this->marge_basse + 8; // Height reserved to output the footer (value include bottom margin) + $heightforfooter = $this->marge_basse + 9; // Height reserved to output the footer (value include bottom margin) if (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS)) { $heightforfooter += 6; } @@ -383,7 +383,6 @@ class pdf_strato extends ModelePDFContract $pdf->writeHTMLCell(0, 0, $curX, $curY, dol_concatdesc($txtpredefinedservice, dol_concatdesc($txt, $desc)), 0, 1, 0); $pageposafter = $pdf->getPage(); $posyafter = $pdf->GetY(); - if ($posyafter > ($this->page_hauteur - ($heightforfooter + $heightforfreetext + $heightforinfotot))) { // There is no space left for total+free text if ($i == ($nblines - 1)) { // No more lines, and no space left to show total, so we create a new page $pdf->AddPage('', '', true); @@ -437,6 +436,9 @@ class pdf_strato extends ModelePDFContract $pagenb++; $pdf->setPage($pagenb); $pdf->setPageOrientation('', 1, 0); // The only function to edit the bottom margin of current page to set it. + if(empty($conf->global->MAIN_PDF_DONOTREPEAT_HEAD)) { + $this->_pagehead($pdf, $object, 0, $outputlangs); + } if (!empty($tplidx)) { $pdf->useTemplate($tplidx); } @@ -459,6 +461,7 @@ class pdf_strato extends ModelePDFContract } } + // Show square if ($pagenb == 1) { $this->_tableau($pdf, $tab_top, $this->page_hauteur - $tab_top - $heightforinfotot - $heightforfreetext - $heightforfooter, 0, $outputlangs, 0, 0); From 78e1fad6bdf26548511a671f0c9a1b7830817939 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Thu, 9 Feb 2023 14:27:50 +0000 Subject: [PATCH 2/6] Fixing style errors. --- htdocs/core/modules/contract/doc/pdf_strato.modules.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/modules/contract/doc/pdf_strato.modules.php b/htdocs/core/modules/contract/doc/pdf_strato.modules.php index e9c53f4b354..05e409ac9ed 100644 --- a/htdocs/core/modules/contract/doc/pdf_strato.modules.php +++ b/htdocs/core/modules/contract/doc/pdf_strato.modules.php @@ -436,7 +436,7 @@ class pdf_strato extends ModelePDFContract $pagenb++; $pdf->setPage($pagenb); $pdf->setPageOrientation('', 1, 0); // The only function to edit the bottom margin of current page to set it. - if(empty($conf->global->MAIN_PDF_DONOTREPEAT_HEAD)) { + if (empty($conf->global->MAIN_PDF_DONOTREPEAT_HEAD)) { $this->_pagehead($pdf, $object, 0, $outputlangs); } if (!empty($tplidx)) { From 69b690c45e01ec898a3402fed24d282b15f5929a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 9 Feb 2023 15:29:07 +0100 Subject: [PATCH 3/6] Merge pull request #23817 from elcf/develop Added key name to unique constraint --- htdocs/install/mysql/migration/15.0.0-16.0.0.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/install/mysql/migration/15.0.0-16.0.0.sql b/htdocs/install/mysql/migration/15.0.0-16.0.0.sql index 7c38fb59b6d..bee0477665f 100644 --- a/htdocs/install/mysql/migration/15.0.0-16.0.0.sql +++ b/htdocs/install/mysql/migration/15.0.0-16.0.0.sql @@ -688,7 +688,7 @@ ALTER TABLE llx_actioncomm MODIFY COLUMN note mediumtext; DELETE FROM llx_boxes WHERE box_id IN (select rowid FROM llx_boxes_def WHERE file IN ('box_bom.php@bom', 'box_bom.php', 'box_members.php', 'box_last_modified_ticket', 'box_members_last_subscriptions', 'box_members_last_modified', 'box_members_subscriptions_by_year')); DELETE FROM llx_boxes_def WHERE file IN ('box_bom.php@bom', 'box_bom.php', 'box_members.php', 'box_last_modified_ticket', 'box_members_last_subscriptions', 'box_members_last_modified', 'box_members_subscriptions_by_year'); -ALTER TABLE llx_takepos_floor_tables ADD UNIQUE(entity,label); +ALTER TABLE llx_takepos_floor_tables ADD UNIQUE uk_takepos_floor_tables (entity,label); ALTER TABLE llx_partnership ADD COLUMN url_to_check varchar(255); ALTER TABLE llx_c_partnership_type ADD COLUMN keyword varchar(128); From 73b894dca3bee2895c4dd4ab5039dff2f202e029 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 9 Feb 2023 23:19:58 +0100 Subject: [PATCH 4/6] Fix the qty in stock when product has no lot --- htdocs/product/reassortlot.php | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/htdocs/product/reassortlot.php b/htdocs/product/reassortlot.php index 690d3f3f261..6da51124919 100644 --- a/htdocs/product/reassortlot.php +++ b/htdocs/product/reassortlot.php @@ -214,7 +214,7 @@ $morecss = array(); $sql = 'SELECT p.rowid, p.ref, p.label, p.barcode, p.price, p.price_ttc, p.price_base_type, p.entity,'; $sql .= ' p.fk_product_type, p.tms as datem,'; $sql .= ' p.duration, p.tosell as statut, p.tobuy, p.seuil_stock_alerte, p.desiredstock, p.stock, p.tosell, p.tobuy, p.tobatch,'; -$sql .= ' ps.fk_entrepot,'; +$sql .= ' ps.fk_entrepot, ps.reel,'; $sql .= ' e.ref as warehouse_ref, e.lieu as warehouse_lieu, e.fk_parent as warehouse_parent,'; $sql .= ' pb.batch, pb.eatby as oldeatby, pb.sellby as oldsellby,'; $sql .= ' pl.rowid as lotid, pl.eatby, pl.sellby,'; @@ -313,7 +313,7 @@ foreach ($search as $key => $val) { $sql .= " GROUP BY p.rowid, p.ref, p.label, p.barcode, p.price, p.price_ttc, p.price_base_type, p.entity,"; $sql .= " p.fk_product_type, p.tms,"; $sql .= " p.duration, p.tosell, p.tobuy, p.seuil_stock_alerte, p.desiredstock, p.stock, p.tosell, p.tobuy, p.tobatch,"; -$sql .= " ps.fk_entrepot,"; +$sql .= " ps.fk_entrepot, ps.reel,"; $sql .= " e.ref, e.lieu, e.fk_parent,"; $sql .= " pb.batch, pb.eatby, pb.sellby,"; $sql .= " pl.rowid, pl.eatby, pl.sellby"; @@ -322,7 +322,7 @@ if ($toolowstock) { $sql_having .= " HAVING SUM(".$db->ifsql('ps.reel IS NULL', '0', 'ps.reel').") < p.seuil_stock_alerte"; // Not used yet } if ($search_stock_physique != '') { - $natural_search_physique = natural_search('SUM(' . $db->ifsql('pb.qty IS NULL', '0', 'pb.qty') . ')', $search_stock_physique, 1, 1); + $natural_search_physique = natural_search('SUM(' . $db->ifsql('pb.qty IS NULL', $db->ifsql('ps.reel IS NULL', '0', 'ps.reel'), 'pb.qty') . ')', $search_stock_physique, 1, 1); $natural_search_physique = " " . substr($natural_search_physique, 1, -1); // remove first "(" and last ")" characters if (!empty($sql_having)) { $sql_having .= " AND"; @@ -689,7 +689,15 @@ while ($i < $imaxinloop) { print ''; //if ($objp->seuil_stock_alerte && ($objp->stock_physique < $objp->seuil_stock_alerte)) print img_warning($langs->trans("StockTooLow")).' '; - print $objp->stock_physique; + if (is_null($objp->stock_physique)) { + if (!empty($objp->reel)) { + print price2num($objp->reel, 'MS'); + } + } else { + if (!empty($objp->stock_physique)) { + print price2num($objp->stock_physique, 'MS'); + } + } print ''; print ''; From 23b4e999fbeabad0eba22b782cf497e6a2aacbfa Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 10 Feb 2023 19:44:34 +0100 Subject: [PATCH 5/6] Better sql for unique index --- htdocs/install/mysql/migration/15.0.0-16.0.0.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/install/mysql/migration/15.0.0-16.0.0.sql b/htdocs/install/mysql/migration/15.0.0-16.0.0.sql index bee0477665f..f4b7689d6df 100644 --- a/htdocs/install/mysql/migration/15.0.0-16.0.0.sql +++ b/htdocs/install/mysql/migration/15.0.0-16.0.0.sql @@ -688,7 +688,7 @@ ALTER TABLE llx_actioncomm MODIFY COLUMN note mediumtext; DELETE FROM llx_boxes WHERE box_id IN (select rowid FROM llx_boxes_def WHERE file IN ('box_bom.php@bom', 'box_bom.php', 'box_members.php', 'box_last_modified_ticket', 'box_members_last_subscriptions', 'box_members_last_modified', 'box_members_subscriptions_by_year')); DELETE FROM llx_boxes_def WHERE file IN ('box_bom.php@bom', 'box_bom.php', 'box_members.php', 'box_last_modified_ticket', 'box_members_last_subscriptions', 'box_members_last_modified', 'box_members_subscriptions_by_year'); -ALTER TABLE llx_takepos_floor_tables ADD UNIQUE uk_takepos_floor_tables (entity,label); +ALTER TABLE llx_takepos_floor_tables ADD UNIQUE INDEX uk_takepos_floor_tables (entity,label); ALTER TABLE llx_partnership ADD COLUMN url_to_check varchar(255); ALTER TABLE llx_c_partnership_type ADD COLUMN keyword varchar(128); From f569048eb2bd823525bce4ef52316e7a83e3345c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 11 Feb 2023 13:50:40 +0100 Subject: [PATCH 6/6] Fix #hunter7a048bb7-bfdd-4299-931e-9bc283e92bc8 --- htdocs/main.inc.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 98de8c12e5c..44ee262b700 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -167,16 +167,20 @@ function testSqlAndScriptInject($val, $type) $inj += preg_match('/on(lostpointercapture|offline|online|pagehide|pageshow)\s*=/i', $val); $inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeked|seeking|show|stalled|start|submit|suspend)\s*=/i', $val); $inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting|wheel)\s*=/i', $val); + // More not into the previous list + $inj += preg_match('/on(repeat|begin|finish|beforeinput)\s*=/i', $val); // We refuse html into html because some hacks try to obfuscate evil strings by inserting HTML into HTML. Example: error=alert(1) to bypass test on onerror $tmpval = preg_replace('/<[^<]+>/', '', $val); // List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp and https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers - $inj += preg_match('/on(mouse|drag|key|load|touch|pointer|select|transition)([a-z]*)\s*=/i', $val); // onmousexxx can be set on img or any html tag like + $inj += preg_match('/on(mouse|drag|key|load|touch|pointer|select|transition)([a-z]*)\s*=/i', $tmpval); // onmousexxx can be set on img or any html tag like $inj += preg_match('/on(abort|afterprint|animation|auxclick|beforecopy|beforecut|beforeprint|beforeunload|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|copy|cut)\s*=/i', $tmpval); $inj += preg_match('/on(dblclick|drop|durationchange|emptied|end|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)\s*=/i', $tmpval); $inj += preg_match('/on(lostpointercapture|offline|online|pagehide|pageshow)\s*=/i', $tmpval); $inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeked|seeking|show|stalled|start|submit|suspend)\s*=/i', $tmpval); $inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting|wheel)\s*=/i', $tmpval); + // More not into the previous list + $inj += preg_match('/on(repeat|begin|finish|beforeinput)\s*=/i', $tmpval); //$inj += preg_match('/on[A-Z][a-z]+\*=/', $val); // To lock event handlers onAbort(), ... $inj += preg_match('/:|:|:/i', $val); // refused string ':' encoded (no reason to have it encoded) to lock 'javascript:...'