Merge remote-tracking branch 'upstream/develop' into mycompanysocialnetworks
This commit is contained in:
Frédéric FRANCE
commit
758763f489
@ -49,7 +49,7 @@ You must not leak, manipulate, or destroy any user data of third parties to find
|
||||
|
||||
## Scope for qualified vulnerabilities
|
||||
|
||||
ONLY vulnerabilities discovered, when the following setup on test platform is used, are "validated":
|
||||
ONLY vulnerabilities discovered, when the following setup on test platform is used, are "valid":
|
||||
|
||||
* $dolibarr_main_prod must be set to 1 into conf.php
|
||||
* $dolibarr_nocsrfcheck must be kept to the value 0 into conf.php (this is the default value)
|
||||
@ -57,7 +57,7 @@ ONLY vulnerabilities discovered, when the following setup on test platform is us
|
||||
* The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this protection should be set to 1 soon by default)
|
||||
* The module DebugBar must NOT be enabled (by default, this module is not enabled. This is a developer tool)
|
||||
* The module ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool)
|
||||
* ONLY security reports on modules provided by default and with the "stable" status are allowed (troubles into "experimental", "developement" or external modules are not valid vulnerabilities).
|
||||
* ONLY security reports on modules provided by default and with the "stable" status are valid (troubles into "experimental", "developement" or external modules are not valid vulnerabilities).
|
||||
* The root of web server must link to htdocs and the documents directory must be outside of the web server root (this is the default when using the default installer but may differs with external installer).
|
||||
* The web server setup must be done so only the documents directory is in write mode. The root directory called htdocs must be readonly.
|
||||
* CSRF attacks are accepted for all when using a POST URL, but when using GET URL, they are validated only for creating or updating data resctricted to the admin user.
|
||||
|
||||
@ -156,7 +156,8 @@ if ($action == 'update')
|
||||
dolibarr_set_const($db, "MAIN_SIZE_SHORTLIST_LIMIT", GETPOST("main_size_shortliste_limit", 'int'), 'chaine', 0, '', $conf->entity);
|
||||
|
||||
//dolibarr_set_const($db, "MAIN_DISABLE_JAVASCRIPT", GETPOST("MAIN_DISABLE_JAVASCRIPT", 'aZ09'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_BUTTON_HIDE_UNAUTHORIZED", GETPOST("MAIN_BUTTON_HIDE_UNAUTHORIZED", 'aZ09'), 'chaine', 0, '', $conf->entity);
|
||||
//dolibarr_set_const($db, "MAIN_BUTTON_HIDE_UNAUTHORIZED", GETPOST("MAIN_BUTTON_HIDE_UNAUTHORIZED", 'aZ09'), 'chaine', 0, '', $conf->entity);
|
||||
//dolibarr_set_const($db, "MAIN_MENU_HIDE_UNAUTHORIZED", GETPOST("MAIN_MENU_HIDE_UNAUTHORIZED", 'aZ09'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_START_WEEK", GETPOST("MAIN_START_WEEK", 'int'), 'chaine', 0, '', $conf->entity);
|
||||
|
||||
dolibarr_set_const($db, "MAIN_DEFAULT_WORKING_DAYS", GETPOST("MAIN_DEFAULT_WORKING_DAYS", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
@ -241,30 +242,33 @@ print '<input type="hidden" name="action" value="update">';
|
||||
clearstatcache();
|
||||
|
||||
print '<br>';
|
||||
print '<div class="div-table-responsive-no-min">';
|
||||
print '<table summary="edit" class="noborder centpercent editmode tableforfield">';
|
||||
print '<tr class="liste_titre"><th>'.img_picto('', 'language').' '.$langs->trans("Language").'</th><th></th>';
|
||||
print '</tr>';
|
||||
|
||||
// Default language
|
||||
print '<tr class="oddeven"><td class="titlefield">'.$langs->trans("DefaultLanguage").'</td><td>';
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("DefaultLanguage").'</td><td>';
|
||||
print $formadmin->select_language($conf->global->MAIN_LANG_DEFAULT, 'MAIN_LANG_DEFAULT', 1, null, '', 0, 0, 'minwidth300', 2);
|
||||
print '<input class="button button-save" type="submit" name="submit" value="'.$langs->trans("Save").'">';
|
||||
print '</td>';
|
||||
print '</tr>';
|
||||
|
||||
// Multilingual GUI
|
||||
print '<tr class="oddeven"><td class="titlefield">'.$langs->trans("EnableMultilangInterface").'</td><td>';
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("EnableMultilangInterface").'</td><td>';
|
||||
print ajax_constantonoff("MAIN_MULTILANGS", array(), $conf->entity, 0, 0, 1, 0);
|
||||
print '</td>';
|
||||
print '</tr>';
|
||||
|
||||
print '</table><br>'."\n";
|
||||
print '</div>';
|
||||
|
||||
// Themes and themes options
|
||||
showSkins(null, 1);
|
||||
print '<br>';
|
||||
|
||||
// Other
|
||||
print '<div class="div-table-responsive-no-min">';
|
||||
print '<table summary="otherparameters" class="noborder centpercent editmode">';
|
||||
print '<tr class="liste_titre"><th>'.$langs->trans("Miscellaneous").'</th><th></th>';
|
||||
print '<th width="20"> </tg>';
|
||||
@ -299,37 +303,46 @@ print '</tr>';
|
||||
*/
|
||||
|
||||
// First day for weeks
|
||||
print '<tr class="oddeven"><td class="titlefield">'.$langs->trans("WeekStartOnDay").'</td><td>';
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("WeekStartOnDay").'</td><td>';
|
||||
print $formother->select_dayofweek((isset($conf->global->MAIN_START_WEEK) ? $conf->global->MAIN_START_WEEK : '1'), 'MAIN_START_WEEK', 0);
|
||||
print '</td>';
|
||||
print '<td width="20"> </td>';
|
||||
print '</tr>';
|
||||
|
||||
// DefaultWorkingDays
|
||||
print '<tr class="oddeven"><td class="titlefield">'.$langs->trans("DefaultWorkingDays").'</td><td>';
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("DefaultWorkingDays").'</td><td>';
|
||||
print '<input type="text" name="MAIN_DEFAULT_WORKING_DAYS" size="5" value="'.(isset($conf->global->MAIN_DEFAULT_WORKING_DAYS) ? $conf->global->MAIN_DEFAULT_WORKING_DAYS : '1-5').'">';
|
||||
print '</td>';
|
||||
print '<td width="20"> </td>';
|
||||
print '</tr>';
|
||||
|
||||
// DefaultWorkingHours
|
||||
print '<tr class="oddeven"><td class="titlefield">'.$langs->trans("DefaultWorkingHours").'</td><td>';
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("DefaultWorkingHours").'</td><td>';
|
||||
print '<input type="text" name="MAIN_DEFAULT_WORKING_HOURS" size="5" value="'.(isset($conf->global->MAIN_DEFAULT_WORKING_HOURS) ? $conf->global->MAIN_DEFAULT_WORKING_HOURS : '9-18').'">';
|
||||
print '</td>';
|
||||
print '<td width="20"> </td>';
|
||||
print '</tr>';
|
||||
|
||||
// Firstname/Name
|
||||
print '<tr class="oddeven"><td class="titlefield">'.$langs->trans("FirstnameNamePosition").'</td><td>';
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("FirstnameNamePosition").'</td><td>';
|
||||
$array = array(0=>$langs->trans("Firstname").' '.$langs->trans("Lastname"), 1=>$langs->trans("Lastname").' '.$langs->trans("Firstname"));
|
||||
print $form->selectarray('MAIN_FIRSTNAME_NAME_POSITION', $array, (isset($conf->global->MAIN_FIRSTNAME_NAME_POSITION) ? $conf->global->MAIN_FIRSTNAME_NAME_POSITION : 0));
|
||||
print '</td>';
|
||||
print '<td width="20"> </td>';
|
||||
print '</tr>';
|
||||
|
||||
// Hide unauthorized menus
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("HideUnauthorizedMenu").'</td><td>';
|
||||
//print $form->selectyesno('MAIN_MENU_HIDE_UNAUTHORIZED', isset($conf->global->MAIN_MENU_HIDE_UNAUTHORIZED) ? $conf->global->MAIN_MENU_HIDE_UNAUTHORIZED : 0, 1);
|
||||
print ajax_constantonoff("MAIN_MENU_HIDE_UNAUTHORIZED", array(), $conf->entity, 0, 0, 1, 0);
|
||||
print '</td>';
|
||||
print '<td width="20"> </td>';
|
||||
print '</tr>';
|
||||
|
||||
// Hide unauthorized button
|
||||
print '<tr class="oddeven"><td class="titlefield">'.$langs->trans("ButtonHideUnauthorized").'</td><td>';
|
||||
print $form->selectyesno('MAIN_BUTTON_HIDE_UNAUTHORIZED', isset($conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED) ? $conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED : 0, 1);
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("ButtonHideUnauthorized").'</td><td>';
|
||||
//print $form->selectyesno('MAIN_BUTTON_HIDE_UNAUTHORIZED', isset($conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED) ? $conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED : 0, 1);
|
||||
print ajax_constantonoff("MAIN_BUTTON_HIDE_UNAUTHORIZED", array(), $conf->entity, 0, 0, 1, 0);
|
||||
print '</td>';
|
||||
print '<td width="20"> </td>';
|
||||
print '</tr>';
|
||||
@ -337,7 +350,7 @@ print '</tr>';
|
||||
// Hide version link
|
||||
/*
|
||||
|
||||
print '<tr><td class="titlefield">'.$langs->trans("HideVersionLink").'</td><td>';
|
||||
print '<tr><td>'.$langs->trans("HideVersionLink").'</td><td>';
|
||||
print $form->selectyesno('MAIN_HIDE_VERSION',$conf->global->MAIN_HIDE_VERSION,1);
|
||||
print '</td>';
|
||||
print '<td width="20"> </td>';
|
||||
@ -345,7 +358,7 @@ print '</tr>';
|
||||
*/
|
||||
|
||||
// Show bugtrack link
|
||||
print '<tr class="oddeven"><td class="titlefield">'.$langs->trans("ShowBugTrackLink", $langs->transnoentitiesnoconv("FindBug")).'</td><td>';
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("ShowBugTrackLink", $langs->transnoentitiesnoconv("FindBug")).'</td><td>';
|
||||
print ajax_constantonoff("MAIN_BUGTRACK_ENABLELINK", array(), $conf->entity, 0, 0, 1, 0);
|
||||
//print $form->selectyesno('MAIN_BUGTRACK_ENABLELINK', $conf->global->MAIN_BUGTRACK_ENABLELINK, 1);
|
||||
print '</td>';
|
||||
@ -354,7 +367,7 @@ print '</tr>';
|
||||
|
||||
// Hide wiki link on login page
|
||||
$pictohelp = '<span class="fa fa-question-circle"></span>';
|
||||
print '<tr class="oddeven"><td class="titlefield">'.$langs->trans("DisableLinkToHelp", $pictohelp).'</td><td>';
|
||||
print '<tr class="oddeven"><td>'.str_replace('{picto}', $pictohelp, $langs->trans("DisableLinkToHelp", '{picto}')).'</td><td>';
|
||||
print ajax_constantonoff("MAIN_HELP_DISABLELINK", array(), $conf->entity, 0, 0, 1, 0);
|
||||
//print $form->selectyesno('MAIN_HELP_DISABLELINK', isset($conf->global->MAIN_HELP_DISABLELINK) ? $conf->global->MAIN_HELP_DISABLELINK : 0, 1);
|
||||
print '</td>';
|
||||
@ -365,7 +378,7 @@ print '</tr>';
|
||||
$substitutionarray = getCommonSubstitutionArray($langs, 0, array('object', 'objectamount'));
|
||||
complete_substitutions_array($substitutionarray, $langs);
|
||||
|
||||
print '<tr class="oddeven"><td class="titlefield">';
|
||||
print '<tr class="oddeven"><td>';
|
||||
$texthelp = $langs->trans("FollowingConstantsWillBeSubstituted").'<br>';
|
||||
foreach ($substitutionarray as $key => $val)
|
||||
{
|
||||
@ -381,18 +394,19 @@ $doleditor->Create();
|
||||
print '</td></tr>'."\n";
|
||||
|
||||
print '</table>'."\n";
|
||||
print '</div>';
|
||||
|
||||
print '<br>';
|
||||
|
||||
// Other
|
||||
print '<div class="div-table-responsive-no-min">';
|
||||
print '<table summary="edit" class="noborder centpercent editmode">';
|
||||
print '<tr class="liste_titre"><th class="titlefield">'.$langs->trans("LoginPage").'</th><th></th>';
|
||||
print '<tr class="liste_titre"><th>'.$langs->trans("LoginPage").'</th><th></th>';
|
||||
print '<th width="20"> </th>';
|
||||
print '</tr>';
|
||||
|
||||
// Hide helpcenter link on login page
|
||||
print '<tr class="oddeven"><td class="titlefield">'.$langs->trans("DisableLinkToHelpCenter").'</td><td>';
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("DisableLinkToHelpCenter").'</td><td>';
|
||||
print ajax_constantonoff("MAIN_HELPCENTER_DISABLELINK", array(), $conf->entity, 0, 0, 0, 0);
|
||||
print '</td>';
|
||||
print '<td width="20"> </td>';
|
||||
|
||||
@ -518,7 +518,7 @@ if (!empty($conf->use_javascript_ajax)) // If javascript on
|
||||
}
|
||||
|
||||
// Birthdays
|
||||
$s .= '<div class="nowrap inline-block"><input type="checkbox" id="check_birthday" name="check_birthday" class="check_birthday"> <span class="check_birthday_text">'.$langs->trans("AgendaShowBirthdayEvents").'</span> </div>';
|
||||
$s .= '<div class="nowrap inline-block"><input type="checkbox" id="check_birthday" name="check_birthday" class="check_birthday"><label for="check_birthday"> <span class="check_birthday_text">'.$langs->trans("AgendaShowBirthdayEvents").'</span></label> </div>';
|
||||
|
||||
// Calendars from hooks
|
||||
$parameters = array(); $object = null;
|
||||
|
||||
@ -967,7 +967,7 @@ while ($i < min($num, $limit))
|
||||
if (!empty($conf->socialnetworks->enabled)) {
|
||||
foreach ($socialnetworks as $key => $value) {
|
||||
if ($value['active'] && !empty($arrayfields['p.'.$key]['checked'])) {
|
||||
print '<td>'.dol_print_socialnetworks($arraysocialnetworks[$key], $obj->rowid, $obj->socid, $key).'</td>';
|
||||
print '<td>'.dol_print_socialnetworks($arraysocialnetworks[$key], $obj->rowid, $obj->socid, $key, $socialnetworks).'</td>';
|
||||
if (!$i) $totalarray['nbfield']++;
|
||||
}
|
||||
}
|
||||
|
||||
@ -816,9 +816,10 @@ abstract class CommonObject
|
||||
$outsocialnetwork = '';
|
||||
|
||||
if (is_array($this->socialnetworks) && count($this->socialnetworks) > 0) {
|
||||
$socialnetworksdict = getArrayOfSocialNetworks();
|
||||
foreach ($this->socialnetworks as $key => $value) {
|
||||
if ($value) {
|
||||
$outsocialnetwork .= dol_print_socialnetworks($value, $this->id, $object->id, $key);
|
||||
$outsocialnetwork .= dol_print_socialnetworks($value, $this->id, $object->id, $key, $socialnetworksdict);
|
||||
}
|
||||
$outdone++;
|
||||
}
|
||||
|
||||
@ -2440,13 +2440,14 @@ function getArrayOfSocialNetworks()
|
||||
/**
|
||||
* Show social network link
|
||||
*
|
||||
* @param string $value Skype to show (only skype, without 'Name of recipient' before)
|
||||
* @param int $cid Id of contact if known
|
||||
* @param int $socid Id of third party if known
|
||||
* @param string $type 'skype','facebook',...
|
||||
* @return string HTML Link
|
||||
* @param string $value Skype to show (only skype, without 'Name of recipient' before)
|
||||
* @param int $cid Id of contact if known
|
||||
* @param int $socid Id of third party if known
|
||||
* @param string $type 'skype','facebook',...
|
||||
* @param array $dictsocialnetworks socialnetworks availables
|
||||
* @return string HTML Link
|
||||
*/
|
||||
function dol_print_socialnetworks($value, $cid, $socid, $type)
|
||||
function dol_print_socialnetworks($value, $cid, $socid, $type, $dictsocialnetworks = array())
|
||||
{
|
||||
global $conf, $user, $langs;
|
||||
|
||||
@ -2454,13 +2455,11 @@ function dol_print_socialnetworks($value, $cid, $socid, $type)
|
||||
|
||||
if (empty($value)) return ' ';
|
||||
|
||||
if (!empty($type))
|
||||
{
|
||||
if (!empty($type)) {
|
||||
$htmllink = '<div class="divsocialnetwork inline-block valignmiddle">';
|
||||
$htmllink .= img_picto($langs->trans(strtoupper($type)), $type.'.png', '', false, 0, 0, '', 'paddingright', 0);
|
||||
$htmllink .= $value;
|
||||
if ($type == 'skype')
|
||||
{
|
||||
$htmllink .= img_picto($langs->trans(dol_ucfirst($type)), $type.'.png', '', false, 0, 0, '', 'paddingright', 0);
|
||||
if ($type == 'skype') {
|
||||
$htmllink .= $value;
|
||||
$htmllink .= ' ';
|
||||
$htmllink .= '<a href="skype:';
|
||||
$htmllink .= $value;
|
||||
@ -2471,13 +2470,19 @@ function dol_print_socialnetworks($value, $cid, $socid, $type)
|
||||
$htmllink .= '?chat" alt="'.$langs->trans("Chat").' '.$value.'" title="'.$langs->trans("Chat").' '.$value.'">';
|
||||
$htmllink .= '<img class="paddingleft" src="'.DOL_URL_ROOT.'/theme/common/skype_chatbutton.png" border="0">';
|
||||
$htmllink .= '</a>';
|
||||
}
|
||||
if (($cid || $socid) && !empty($conf->agenda->enabled) && $user->rights->agenda->myactions->create && $type == 'skype')
|
||||
{
|
||||
$addlink = 'AC_SKYPE';
|
||||
$link = '';
|
||||
if (!empty($conf->global->AGENDA_ADDACTIONFORSKYPE)) $link = '<a href="'.DOL_URL_ROOT.'/comm/action/card.php?action=create&backtopage=1&actioncode='.$addlink.'&contactid='.$cid.'&socid='.$socid.'">'.img_object($langs->trans("AddAction"), "calendar").'</a>';
|
||||
$htmllink .= ($link ? ' '.$link : '');
|
||||
if (($cid || $socid) && !empty($conf->agenda->enabled) && $user->rights->agenda->myactions->create) {
|
||||
$addlink = 'AC_SKYPE';
|
||||
$link = '';
|
||||
if (!empty($conf->global->AGENDA_ADDACTIONFORSKYPE)) $link = '<a href="'.DOL_URL_ROOT.'/comm/action/card.php?action=create&backtopage=1&actioncode='.$addlink.'&contactid='.$cid.'&socid='.$socid.'">'.img_object($langs->trans("AddAction"), "calendar").'</a>';
|
||||
$htmllink .= ($link ? ' '.$link : '');
|
||||
}
|
||||
} else {
|
||||
if (!empty($dictsocialnetworks[$type]['url'])) {
|
||||
$link = str_replace('{socialid}', $value, $dictsocialnetworks[$type]['url']);
|
||||
$htmllink .= ' <a href="'.$link.'" target="_blank">'.$value.'</a>';
|
||||
} else {
|
||||
$htmllink .= $value;
|
||||
}
|
||||
}
|
||||
$htmllink .= '</div>';
|
||||
} else {
|
||||
|
||||
@ -315,6 +315,7 @@ function showSkins($fuser, $edit = 0, $foruserprofile = false)
|
||||
if ($foruserprofile) $colspan = 4;
|
||||
|
||||
$thumbsbyrow = 6;
|
||||
print '<div class="div-table-responsive-no-min">';
|
||||
print '<table class="noborder centpercent'.($edit ? ' editmode' : '').' tableforfield">';
|
||||
|
||||
// Title
|
||||
@ -911,4 +912,5 @@ function showSkins($fuser, $edit = 0, $foruserprofile = false)
|
||||
} else {
|
||||
}
|
||||
print '</table>';
|
||||
print '</div>';
|
||||
}
|
||||
|
||||
@ -149,8 +149,7 @@ if ($disablenofollow) echo '</a>';
|
||||
<div class="tagtd nowraponall center valignmiddle tdinputlogin">
|
||||
<?php if (!empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) { ?><label for="username" class="hidden"><?php echo $langs->trans("Login"); ?></label><?php } ?>
|
||||
<!-- <span class="span-icon-user">-->
|
||||
<span class="fa fa-user">
|
||||
</span>
|
||||
<span class="fa fa-user"></span>
|
||||
<input type="text" id="username" placeholder="<?php echo $langs->trans("Login"); ?>" name="username" class="flat input-icon-user minwidth150" value="<?php echo dol_escape_htmltag($login); ?>" tabindex="1" autofocus="autofocus" />
|
||||
</div>
|
||||
</div>
|
||||
@ -160,8 +159,7 @@ if ($disablenofollow) echo '</a>';
|
||||
<div class="tagtd nowraponall center valignmiddle tdinputlogin">
|
||||
<?php if (!empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) { ?><label for="password" class="hidden"><?php echo $langs->trans("Password"); ?></label><?php } ?>
|
||||
<!--<span class="span-icon-password">-->
|
||||
<span class="fa fa-key">
|
||||
</span>
|
||||
<span class="fa fa-key"></span>
|
||||
<input id="password" placeholder="<?php echo $langs->trans("Password"); ?>" name="password" class="flat input-icon-password minwidth150" type="password" value="<?php echo dol_escape_htmltag($password); ?>" tabindex="2" autocomplete="<?php echo empty($conf->global->MAIN_LOGIN_ENABLE_PASSWORD_AUTOCOMPLETE) ? 'off' : 'on'; ?>" />
|
||||
</div></div>
|
||||
|
||||
@ -190,19 +188,16 @@ if ($captcha) {
|
||||
?>
|
||||
<!-- Captcha -->
|
||||
<div class="trinputlogin">
|
||||
<div class="tagtd nowraponall none center valignmiddle tdinputlogin">
|
||||
<div class="tagtd none valignmiddle tdinputlogin">
|
||||
|
||||
<table class="login_table_securitycode centpercent">
|
||||
<tr class="valignmiddle">
|
||||
<td>
|
||||
<span class="span-icon-security">
|
||||
<input id="securitycode" placeholder="<?php echo $langs->trans("SecurityCode"); ?>" class="flat input-icon-security width100" type="text" maxlength="5" name="code" tabindex="3" />
|
||||
<span class="fa fa-unlock"></span>
|
||||
<span class="span-icon-security inline-block">
|
||||
<input id="securitycode" placeholder="<?php echo $langs->trans("SecurityCode"); ?>" class="flat input-icon-security width150" type="text" maxlength="5" name="code" tabindex="3" />
|
||||
</span>
|
||||
<span class="nowrap inline-block">
|
||||
<img class="inline-block valignmiddle" src="<?php echo DOL_URL_ROOT ?>/core/antispamimage.php" border="0" width="80" height="32" id="img_securitycode" />
|
||||
<a class="inline-block valignmiddle" href="<?php echo $php_self; ?>" tabindex="4" data-role="button"><?php echo $captcha_refresh; ?></a>
|
||||
</span>
|
||||
</td>
|
||||
<td><img src="<?php echo DOL_URL_ROOT ?>/core/antispamimage.php" border="0" width="80" height="32" id="img_securitycode" /></td>
|
||||
<td><a href="<?php echo $php_self; ?>" tabindex="4" data-role="button"><?php echo $captcha_refresh; ?></a></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
</div></div>
|
||||
<?php } ?>
|
||||
|
||||
@ -107,8 +107,7 @@ if ($disablenofollow) echo '</a>';
|
||||
<div class="trinputlogin">
|
||||
<div class="tagtd nowraponall center valignmiddle tdinputlogin">
|
||||
<!-- <span class="span-icon-user">-->
|
||||
<span class="fa fa-user">
|
||||
</span>
|
||||
<span class="fa fa-user"></span>
|
||||
<input type="text" placeholder="<?php echo $langs->trans("Login"); ?>" <?php echo $disabled; ?> id="username" name="username" class="flat input-icon-user minwidth150" value="<?php echo dol_escape_htmltag($username); ?>" tabindex="1" />
|
||||
</div>
|
||||
</div>
|
||||
@ -135,22 +134,20 @@ if (!empty($morelogincontent)) {
|
||||
$php_self = preg_replace('/[&\?]time=(\d+)/', '', $php_self); // Remove param time
|
||||
if (preg_match('/\?/', $php_self)) $php_self .= '&time='.dol_print_date(dol_now(), 'dayhourlog');
|
||||
else $php_self .= '?time='.dol_print_date(dol_now(), 'dayhourlog');
|
||||
// TODO: provide accessible captcha variants
|
||||
?>
|
||||
<!-- Captcha -->
|
||||
<div class="trinputlogin">
|
||||
<div class="tdinputlogin nowraponall none center valignmiddle tdinputlogin">
|
||||
<div class="tagtd tdinputlogin nowraponall none valignmiddle">
|
||||
|
||||
<table class="login_table_securitycode centpercent">
|
||||
<tr class="valignmiddle">
|
||||
<td>
|
||||
<!-- <span class="span-icon-security"> -->
|
||||
<span class="nofa">
|
||||
<input id="securitycode" placeholder="<?php echo $langs->trans("SecurityCode"); ?>" class="flat input-icon-security width100" type="text" maxlength="5" name="code" tabindex="3" />
|
||||
<span class="fa fa-unlock"></span>
|
||||
<span class="nofa inline-block">
|
||||
<input id="securitycode" placeholder="<?php echo $langs->trans("SecurityCode"); ?>" class="flat input-icon-security width150" type="text" maxlength="5" name="code" tabindex="3" />
|
||||
</span>
|
||||
<span class="nowrap inline-block">
|
||||
<img class="inline-block valignmiddle" src="<?php echo DOL_URL_ROOT ?>/core/antispamimage.php" border="0" width="80" height="32" id="img_securitycode" />
|
||||
<a class="inline-block valignmiddle" href="<?php echo $php_self; ?>" tabindex="4"><?php echo $captcha_refresh; ?></a>
|
||||
</span>
|
||||
</td>
|
||||
<td><img src="<?php echo DOL_URL_ROOT ?>/core/antispamimage.php" border="0" width="80" height="32" id="img_securitycode" /></td>
|
||||
<td><a href="<?php echo $php_self; ?>" tabindex="4"><?php echo $captcha_refresh; ?></a></td>
|
||||
</tr></table>
|
||||
|
||||
</div></div>
|
||||
<?php } ?>
|
||||
|
||||
@ -406,7 +406,7 @@ UrlGenerationParameters=Parameters to secure URLs
|
||||
SecurityTokenIsUnique=Use a unique securekey parameter for each URL
|
||||
EnterRefToBuildUrl=Enter reference for object %s
|
||||
GetSecuredUrl=Get calculated URL
|
||||
ButtonHideUnauthorized=Hide buttons for non-admin users for unauthorized actions instead of showing greyed disabled buttons
|
||||
ButtonHideUnauthorized=Hide unauthorized action buttons also for internal users (just greyed otherwise)
|
||||
OldVATRates=Old VAT rate
|
||||
NewVATRates=New VAT rate
|
||||
PriceBaseTypeToChange=Modify on prices with base reference value defined on
|
||||
@ -1689,7 +1689,7 @@ NotTopTreeMenuPersonalized=Personalized menus not linked to a top menu entry
|
||||
NewMenu=New menu
|
||||
MenuHandler=Menu handler
|
||||
MenuModule=Source module
|
||||
HideUnauthorizedMenu= Hide unauthorized menus (gray)
|
||||
HideUnauthorizedMenu=Hide unauthorized menus also for internal users (just greyed otherwise)
|
||||
DetailId=Id menu
|
||||
DetailMenuHandler=Menu handler where to show new menu
|
||||
DetailMenuModule=Module name if menu entry come from a module
|
||||
|
||||
@ -107,32 +107,43 @@ class Mos extends DolibarrApi
|
||||
|
||||
// If the internal user must only see his customers, force searching by him
|
||||
$search_sale = 0;
|
||||
if ($restrictonsocid && !DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) $search_sale = DolibarrApiAccess::$user->id;
|
||||
if ($restrictonsocid && !DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) {
|
||||
$search_sale = DolibarrApiAccess::$user->id;
|
||||
}
|
||||
|
||||
$sql = "SELECT t.rowid";
|
||||
if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects)
|
||||
if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) {
|
||||
$sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects)
|
||||
}
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX.$tmpobject->table_element." as t";
|
||||
|
||||
if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale
|
||||
if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) {
|
||||
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale
|
||||
}
|
||||
$sql .= " WHERE 1 = 1";
|
||||
|
||||
// Example of use $mode
|
||||
//if ($mode == 1) $sql.= " AND s.client IN (1, 3)";
|
||||
//if ($mode == 2) $sql.= " AND s.client IN (2, 3)";
|
||||
|
||||
if ($tmpobject->ismultientitymanaged) $sql .= ' AND t.entity IN ('.getEntity($tmpobject->element).')';
|
||||
if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql .= " AND t.fk_soc = sc.fk_soc";
|
||||
if ($restrictonsocid && $socid) $sql .= " AND t.fk_soc = ".$socid;
|
||||
if ($restrictonsocid && $search_sale > 0) $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
|
||||
if ($tmpobject->ismultientitymanaged) {
|
||||
$sql .= ' AND t.entity IN ('.getEntity($tmpobject->element).')';
|
||||
}
|
||||
if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) {
|
||||
$sql .= " AND t.fk_soc = sc.fk_soc";
|
||||
}
|
||||
if ($restrictonsocid && $socid) {
|
||||
$sql .= " AND t.fk_soc = ".$socid;
|
||||
}
|
||||
if ($restrictonsocid && $search_sale > 0) {
|
||||
$sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
|
||||
}
|
||||
// Insert sale filter
|
||||
if ($restrictonsocid && $search_sale > 0)
|
||||
{
|
||||
if ($restrictonsocid && $search_sale > 0) {
|
||||
$sql .= " AND sc.fk_user = ".$search_sale;
|
||||
}
|
||||
if ($sqlfilters)
|
||||
{
|
||||
if (!DolibarrApi::_checkFilters($sqlfilters))
|
||||
{
|
||||
if ($sqlfilters) {
|
||||
if (!DolibarrApi::_checkFilters($sqlfilters)) {
|
||||
throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
|
||||
}
|
||||
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
|
||||
@ -141,8 +152,7 @@ class Mos extends DolibarrApi
|
||||
|
||||
$sql .= $this->db->order($sortfield, $sortorder);
|
||||
if ($limit) {
|
||||
if ($page < 0)
|
||||
{
|
||||
if ($page < 0) {
|
||||
$page = 0;
|
||||
}
|
||||
$offset = $limit * $page;
|
||||
@ -151,12 +161,10 @@ class Mos extends DolibarrApi
|
||||
}
|
||||
|
||||
$result = $this->db->query($sql);
|
||||
if ($result)
|
||||
{
|
||||
if ($result) {
|
||||
$num = $this->db->num_rows($result);
|
||||
$i = 0;
|
||||
while ($i < $num)
|
||||
{
|
||||
while ($i < $num) {
|
||||
$obj = $this->db->fetch_object($result);
|
||||
$tmp_object = new Mo($this->db);
|
||||
if ($tmp_object->fetch($obj->rowid)) {
|
||||
@ -164,8 +172,7 @@ class Mos extends DolibarrApi
|
||||
}
|
||||
$i++;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
throw new RestException(503, 'Error when retrieve MO list');
|
||||
}
|
||||
if (!count($obj_ret)) {
|
||||
@ -221,11 +228,13 @@ class Mos extends DolibarrApi
|
||||
}
|
||||
|
||||
foreach ($request_data as $field => $value) {
|
||||
if ($field == 'id') continue;
|
||||
if ($field == 'id') {
|
||||
continue;
|
||||
}
|
||||
$this->mo->$field = $value;
|
||||
}
|
||||
|
||||
if ($this->mo->update($id, DolibarrApiAccess::$user) > 0) {
|
||||
if ($this->mo->update(DolibarrApiAccess::$user) > 0) {
|
||||
return $this->get($id);
|
||||
} else {
|
||||
throw new RestException(500, $this->mo->error);
|
||||
@ -252,8 +261,7 @@ class Mos extends DolibarrApi
|
||||
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
|
||||
}
|
||||
|
||||
if (!$this->mo->delete(DolibarrApiAccess::$user))
|
||||
{
|
||||
if (!$this->mo->delete(DolibarrApiAccess::$user)) {
|
||||
throw new RestException(500, 'Error when deleting MO : '.$this->mo->error);
|
||||
}
|
||||
|
||||
@ -317,8 +325,7 @@ class Mos extends DolibarrApi
|
||||
// If object has lines, remove $db property
|
||||
if (isset($object->lines) && is_array($object->lines) && count($object->lines) > 0) {
|
||||
$nboflines = count($object->lines);
|
||||
for ($i = 0; $i < $nboflines; $i++)
|
||||
{
|
||||
for ($i = 0; $i < $nboflines; $i++) {
|
||||
$this->_cleanObjectDatas($object->lines[$i]);
|
||||
|
||||
unset($object->lines[$i]->lines);
|
||||
@ -341,9 +348,12 @@ class Mos extends DolibarrApi
|
||||
{
|
||||
$myobject = array();
|
||||
foreach ($this->mo->fields as $field => $propfield) {
|
||||
if (in_array($field, array('rowid', 'entity', 'date_creation', 'tms', 'fk_user_creat')) || $propfield['notnull'] != 1) continue; // Not a mandatory field
|
||||
if (!isset($data[$field]))
|
||||
if (in_array($field, array('rowid', 'entity', 'date_creation', 'tms', 'fk_user_creat')) || $propfield['notnull'] != 1) {
|
||||
continue; // Not a mandatory field
|
||||
}
|
||||
if (!isset($data[$field])) {
|
||||
throw new RestException(400, "$field field missing");
|
||||
}
|
||||
$myobject[$field] = $data[$field];
|
||||
}
|
||||
return $myobject;
|
||||
|
||||
@ -1220,6 +1220,7 @@ table[summary="list_of_modules"] .fa-cog {
|
||||
.width50 { width: 50px; }
|
||||
.width75 { width: 75px; }
|
||||
.width100 { width: 100px; }
|
||||
.width125 { width: 125px; }
|
||||
.width150 { width: 150px; }
|
||||
.width200 { width: 200px; }
|
||||
.maxwidth25 { max-width: 25px; }
|
||||
|
||||
@ -1213,6 +1213,7 @@ table[summary="list_of_modules"] .fa-cog {
|
||||
.width50 { width: 50px; }
|
||||
.width75 { width: 75px; }
|
||||
.width100 { width: 100px; }
|
||||
.width125 { width: 125px; }
|
||||
.width150 { width: 150px; }
|
||||
.width200 { width: 200px; }
|
||||
.maxwidth25 { max-width: 25px; }
|
||||
|
||||
@ -62,13 +62,16 @@ if ($actionsave)
|
||||
llxHeader();
|
||||
|
||||
$linkback = '<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
|
||||
|
||||
print load_fiche_titre($langs->trans("WebServicesSetup"), $linkback, 'title_setup');
|
||||
|
||||
print '<span class="opacitymedium">'.$langs->trans("WebServicesDesc")."</span><br>\n";
|
||||
print "<br>\n";
|
||||
|
||||
print '<form name="agendasetupform" action="'.$_SERVER["PHP_SELF"].'" method="post">';
|
||||
print '<form name="agendasetupform" action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="action" value="save">';
|
||||
|
||||
print '<table class="noborder centpercent">';
|
||||
|
||||
print '<tr class="liste_titre">';
|
||||
@ -78,7 +81,7 @@ print "<td>".$langs->trans("Value")."</td>";
|
||||
print "<td> </td>";
|
||||
print "</tr>";
|
||||
|
||||
print '<tr class="impair">';
|
||||
print '<tr class="oddeven">';
|
||||
print '<td class="fieldrequired">'.$langs->trans("KeyForWebServicesAccess").'</td>';
|
||||
print '<td><input type="text" class="flat" id="WEBSERVICES_KEY" name="WEBSERVICES_KEY" value="'.(GETPOST('WEBSERVICES_KEY') ?GETPOST('WEBSERVICES_KEY') : (!empty($conf->global->WEBSERVICES_KEY) ? $conf->global->WEBSERVICES_KEY : '')).'" size="40">';
|
||||
if (!empty($conf->use_javascript_ajax))
|
||||
|
||||
Loading…
Reference in New Issue
Block a user