lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: strict mode street

Browse Source
This commit is contained in:
Regis Houssin 2012-07-13 10:15:47 +02:00
parent 94b7aed116
commit 77b9718473
15 changed files with 99 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/comm/propal/list.php
View File

@ -247,14 +247,14 @@ if ($result)
$moreforfilter='';
// If the user can view prospects other than his'
if ($user->rights->societe->client->voir || $socid) // TODO same of the second !!
if ($user->rights->societe->client->voir || $socid)
{
$moreforfilter.=$langs->trans('ThirdPartiesOfSaleRepresentative'). ': ';
$moreforfilter.=$formother->select_salesrepresentatives($search_sale,'search_sale',$user);
$moreforfilter.='       ';
}
// If the user can view prospects other than his'
if ($user->rights->societe->client->voir || $socid) // TODO same of the first !!
if ($user->rights->societe->client->voir || $socid)
{
$moreforfilter.=$langs->trans('LinkedToSpecificUsers'). ': ';
$moreforfilter.=$form->select_dolusers($search_user,'search_user',1);

6
htdocs/comm/propal/stats/index.php
View File

@ -206,7 +206,9 @@ if (! $mesg)
$data = $stats->getAllByYear();
$arrayyears=array();
foreach($data as $val) {
$arrayyears[$val['year']]=$val['year'];
if (! empty($val['year'])) {
$arrayyears[$val['year']]=$val['year'];
}
}
if (! count($arrayyears)) $arrayyears[$nowyear]=$nowyear;
@ -265,7 +267,7 @@ foreach ($data as $val)
{
$year = $val['year'];
//print $avg; // TODO $avg not defined ?
while ($oldyear > $year+1)
while (! empty($year) && $oldyear > $year+1)
{ // If we have empty year
$oldyear--;
print '<tr height="24">';

2
htdocs/commande/class/commandestats.class.php
View File

@ -1,7 +1,7 @@
<?php
/* Copyright (C) 2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (c) 2005 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

3
htdocs/commande/index.php
View File

@ -106,7 +106,8 @@ if ($resql)
{
//if ($row[1]!=-1 && ($row[1]!=3 || $row[2]!=1))
{
$bool=$row[2]?true:false;
$bool=(! empty($row[2])?true:false);
if (! isset($vals[$row[1].$bool])) $vals[$row[1].$bool]=0;
$vals[$row[1].$bool]+=$row[0];
$totalinprocess+=$row[0];
}

25
htdocs/commande/liste.php
View File

@ -79,8 +79,10 @@ if (GETPOST("button_removefilter_x"))
$search_refcustomer='';
$search_societe='';
$search_montant_ht='';
$year='';
$month='';
$orderyear='';
$ordermonth='';
$deliverymonth='';
$deliveryyear='';
}
@ -214,8 +216,10 @@ if ($resql)
$title.=' - '.$langs->trans('StatusOrderToProcessShort');
$param='&socid='.$socid.'&viewstatut='.$viewstatut;
if ($month) $param.='&month='.$month;
if ($year) $param.='&year='.$year;
if ($ordermonth) $param.='&ordermonth='.$ordermonth;
if ($orderyear) $param.='&orderyear='.$orderyear;
if ($deliverymonth) $param.='&deliverymonth='.$deliverymonth;
if ($deliveryyear) $param.='&deliveryyear='.$deliveryyear;
if ($sref) $param.='&sref='.$sref;
if ($snom) $param.='&snom='.$snom;
if ($sref_client) $param.='&sref_client='.$sref_client;
@ -231,6 +235,8 @@ if ($resql)
print '<table class="noborder" width="100%">';
$moreforfilter='';
// If the user can view prospects other than his'
if ($user->rights->societe->client->voir || $socid)
{
@ -244,7 +250,7 @@ if ($resql)
$moreforfilter.=$langs->trans('LinkedToSpecificUsers'). ': ';
$moreforfilter.=$form->select_dolusers($search_user,'search_user',1);
}
if ($moreforfilter)
if (! empty($moreforfilter))
{
print '<tr class="liste_titre">';
print '<td class="liste_titre" colspan="9">';
@ -273,7 +279,10 @@ if ($resql)
print '<input type="image" class="liste_titre" name="button_search" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
print '</td></tr>';
$var=True;
$var=true;
$total=0;
$subtotal=0;
$generic_commande = new Commande($db);
while ($i < min($num,$limit))
{
@ -340,8 +349,8 @@ if ($resql)
print '</tr>';
$total = $total + $objp->price;
$subtotal = $subtotal + $objp->price;
$total+=$objp->total_ht;
$subtotal+=$objp->total_ht;
$i++;
}
print '</table>';

47
htdocs/commande/stats/index.php
View File

@ -1,6 +1,7 @@
<?php
/* Copyright (C) 2001-2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (c) 2004-2012 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -71,7 +72,7 @@ if ($mode == 'supplier')
$dir=$conf->fournisseur->dir_output.'/commande/temp';
}
print_fiche_titre($title, $mesg);
print_fiche_titre($title);
dol_mkdir($dir);
@ -221,11 +222,12 @@ if (! $mesg)
$data = $stats->getAllByYear();
$arrayyears=array();
foreach($data as $val) {
$arrayyears[$val['year']]=$val['year'];
if (! empty($val['year'])) {
$arrayyears[$val['year']]=$val['year'];
}
}
if (! count($arrayyears)) $arrayyears[$nowyear]=$nowyear;
$h=0;
$head = array();
$head[$h][0] = DOL_URL_ROOT . '/commande/stats/index.php?mode='.$mode;
@ -236,6 +238,7 @@ $h++;
if ($mode == 'customer') $type='order_stats';
if ($mode == 'supplier') $type='supplier_order_stats';
$object=(object) array(); // TODO $object not defined ?
complete_head_from_modules($conf,$langs,$object,$head,$h,$type);
dol_fiche_head($head,'byyear',$langs->trans("Statistics"));
@ -280,24 +283,26 @@ print '</tr>';
$oldyear=0;
foreach ($data as $val)
{
$year = $val['year'];
while ($year && $oldyear > $year+1)
{ // If we have empty year
$oldyear--;
print '<tr height="24">';
print '<td align="center"><a href="'.$_SERVER["PHP_SELF"].'?year='.$oldyear.'&amp;mode='.$mode.'">'.$oldyear.'</a></td>';
print '<td align="right">0</td>';
print '<td align="right">0</td>';
print '<td align="right">0</td>';
print '</tr>';
}
print '<tr height="24">';
print '<td align="center"><a href="'.$_SERVER["PHP_SELF"].'?year='.$year.'&amp;mode='.$mode.'">'.$year.'</a></td>';
print '<td align="right">'.$val['nb'].'</td>';
print '<td align="right">'.price(price2num($val['total'],'MT'),1).'</td>';
print '<td align="right">'.price(price2num($val['avg'],'MT'),1).'</td>';
print '</tr>';
$oldyear=$year;
$year = $val['year'];
while (! empty($year) && $oldyear > $year+1)
{ // If we have empty year
$oldyear--;
print '<tr height="24">';
print '<td align="center"><a href="'.$_SERVER["PHP_SELF"].'?year='.$oldyear.'&amp;mode='.$mode.'">'.$oldyear.'</a></td>';
print '<td align="right">0</td>';
print '<td align="right">0</td>';
print '<td align="right">0</td>';
print '</tr>';
}
print '<tr height="24">';
print '<td align="center"><a href="'.$_SERVER["PHP_SELF"].'?year='.$year.'&amp;mode='.$mode.'">'.$year.'</a></td>';
print '<td align="right">'.$val['nb'].'</td>';
print '<td align="right">'.price(price2num($val['total'],'MT'),1).'</td>';
print '<td align="right">'.price(price2num($val['avg'],'MT'),1).'</td>';
print '</tr>';
$oldyear=$year;
}
print '</table>';

2
htdocs/core/class/html.formmail.class.php
View File

@ -61,6 +61,7 @@ class FormMail
var $withfilereadonly;
var $withdeliveryreceipt;
var $withcancel;
var $withfckeditor;
var $substit=array();
var $param=array();
@ -98,6 +99,7 @@ class FormMail
$this->withfilereadonly=0;
$this->withbodyreadonly=0;
$this->withdeliveryreceiptreadonly=0;
$this->withfckeditor=0;
return 1;
}

2
htdocs/core/lib/files.lib.php
View File

@ -51,7 +51,7 @@ function dol_basename($pathfile)
*/
function dol_dir_list($path, $types="all", $recursive=0, $filter="", $excludefilter="", $sortcriteria="name", $sortorder=SORT_ASC, $mode=0)
{
dol_syslog("files.lib.php::dol_dir_list path=".$path." types=".$types." recursive=".$recursive." filter=".$filter." excludefilter=".$excludefilter);
dol_syslog("files.lib.php::dol_dir_list path=".$path." types=".$types." recursive=".$recursive." filter=".$filter." excludefilter=".json_encode($excludefilter));
$loaddate=($mode==1||$mode==2)?true:false;
$loadsize=($mode==1||$mode==3)?true:false;

14
htdocs/core/lib/security2.lib.php
View File

@ -94,10 +94,10 @@ function checkLoginPassEntity($usertotest,$passwordtotest,$entitytotest,$authmod
{
$test=false; // To stop once at first login success
$conf->authmode=$mode; // This properties is defined only when logged to say what mode was successfully used
$dol_tz=$_POST["tz"];
$dol_dst=$_POST["dst"];
$dol_screenwidth=$_POST["screenwidth"];
$dol_screenheight=$_POST["screenheight"];
$dol_tz=GETPOST('tz');
$dol_dst=GETPOST('dst');
$dol_screenwidth=GETPOST('screenwidth');
$dol_screenheight=GETPOST('screenheight');
}
}
else
@ -206,7 +206,7 @@ function dol_loginfunction($langs,$conf,$mysoc)
// Execute hook getLoginPageOptions
// Should be an array with differents options in $hookmanager->resArray
$parameters=array('entity' => $_POST['entity']);
$parameters=array('entity' => GETPOST('entity','int'));
$hookmanager->executeHooks('getLoginPageOptions',$parameters); // Note that $action and $object may have been modified by some hooks
// Login
@ -276,10 +276,10 @@ function dol_loginfunction($langs,$conf,$mysoc)
// Google AD
$main_google_ad_client = ((! empty($conf->global->MAIN_GOOGLE_AD_CLIENT) && ! empty($conf->global->MAIN_GOOGLE_AD_SLOT))?1:0);
$dol_loginmesg = $_SESSION["dol_loginmesg"];
$dol_loginmesg = (! empty($_SESSION["dol_loginmesg"])?$_SESSION["dol_loginmesg"]:'');
$favicon=DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/favicon.ico';
$jquerytheme = 'smoothness';
if (!empty($conf->global->MAIN_USE_JQUERY_THEME)) $jquerytheme = $conf->global->MAIN_USE_JQUERY_THEME;
if (! empty($conf->global->MAIN_USE_JQUERY_THEME)) $jquerytheme = $conf->global->MAIN_USE_JQUERY_THEME;
include($template_dir.'login.tpl.php'); // To use native PHP

9
htdocs/fourn/commande/document.php
View File

@ -2,7 +2,7 @@
/* Copyright (C) 2003-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2009 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005 Marc Barilley / Ocebo <marc@ocebo.com>
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -47,6 +47,7 @@ $action = GETPOST('action','alpha');
$confirm = GETPOST('confirm','alpha');
$mesg='';
$mesgs=array();
if (isset($_SESSION['DolMessage']))
{
$mesg=$_SESSION['DolMessage'];
@ -84,7 +85,7 @@ $object->fetch_thirdparty();
*/
// Envoi fichier
if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
if (GETPOST('sendit') && ! empty($conf->global->MAIN_UPLOAD_DOC))
{
if (dol_mkdir($upload_dir) >= 0)
{
@ -210,9 +211,9 @@ if ($object->id > 0)
print "</table>\n";
print "</div>\n";
dol_htmloutput_mesg($mesg,$mesgs);
/*
* Confirmation suppression fichier
*/

4
htdocs/fourn/commande/fiche.php
View File

@ -693,7 +693,7 @@ if (GETPOST('removedfile'))
/*
* Send mail
*/
if ($action == 'send' && ! $_POST['addfile'] && ! $_POST['removedfile'] && ! $_POST['cancel'])
if ($action == 'send' && ! GETPOST('addfile') && ! GETPOST('removedfile') && ! GETPOST('cancel'))
{
$langs->load('mails');
@ -1747,7 +1747,7 @@ if ($id > 0 || ! empty($ref))
$formmail->withtosocid=$soc->id;
$formmail->withtocc=1;
$formmail->withtoccsocid=0;
$formmail->withtoccc=$conf->global->MAIN_EMAIL_USECCC;
$formmail->withtoccc=(! empty($conf->global->MAIN_EMAIL_USECCC)?$conf->global->MAIN_EMAIL_USECCC:false);
$formmail->withtocccsocid=0;
$formmail->withtopic=$langs->trans('SendOrderRef','__ORDERREF__');
$formmail->withfile=2;

15
htdocs/fourn/commande/history.php
View File

@ -1,7 +1,7 @@
<?php
/* Copyright (C) 2003-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2009 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -32,9 +32,12 @@ $langs->load("suppliers");
$langs->load("companies");
$langs->load('stocks');
$id=GETPOST('id','int');
$ref=GETPOST('ref','alpha');
// Security check
$id = isset($_GET["id"])?$_GET["id"]:'';
if ($user->societe_id) $socid=$user->societe_id;
$socid='';
if (! empty($user->societe_id)) $socid=$user->societe_id;
$result = restrictedArea($user, 'commande_fournisseur', $id,'');
@ -46,14 +49,12 @@ $form = new Form($db);
$now=dol_now();
$ref= $_GET['ref'];
if ($id > 0 || ! empty($ref))
{
$soc = new Societe($db);
$commande = new CommandeFournisseur($db);
$result=$commande->fetch($_GET["id"],$_GET['ref']);
$result=$commande->fetch($id,$ref);
if ($result >= 0)
{
$soc->fetch($commande->socid);
@ -184,7 +185,7 @@ if ($id > 0 || ! empty($ref))
}
}
$db->close();
llxFooter();
$db->close();
?>

28
htdocs/fourn/commande/liste.php
View File

@ -1,7 +1,7 @@
<?PHP
/* Copyright (C) 2001-2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2010 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -29,19 +29,19 @@ require_once(DOL_DOCUMENT_ROOT."/fourn/class/fournisseur.commande.class.php");
$langs->load("orders");
$sref=isset($_GET['search_ref'])?$_GET['search_ref']:$_POST['search_ref'];
$snom=isset($_GET['search_nom'])?$_GET['search_nom']:$_POST['search_nom'];
$suser=isset($_GET['search_user'])?$_GET['search_user']:$_POST['search_user'];
$sttc=isset($_GET['search_ttc'])?$_GET['search_ttc']:$_POST['search_ttc'];
$sall=isset($_GET['search_all'])?$_GET['search_all']:$_POST['search_all'];
$sref=GETPOST('search_ref');
$snom=GETPOST('search_nom');
$suser=GETPOST('search_user');
$sttc=GETPOST('search_ttc');
$sall=GETPOST('search_all');
$page = (is_numeric($_GET["page"]) ? $_GET["page"] : 0);
$socid = (is_numeric($_GET["socid"]) ? $_GET["socid"] : 0);
$sortorder = $_GET["sortorder"];
$sortfield = $_GET["sortfield"];
$page = GETPOST('page','int');
$socid = GETPOST('socid','int');
$sortorder = GETPOST('sortorder');
$sortfield = GETPOST('sortfield');
// Security check
$orderid = isset($_GET["orderid"])?$_GET["orderid"]:'';
$orderid = GETPOST('orderid');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'commande_fournisseur', $orderid,'');
@ -105,9 +105,9 @@ if ($sall)
}
if ($socid) $sql.= " AND s.rowid = ".$socid;
if (dol_strlen($_GET["statut"]))
if (GETPOST('statut'))
{
$sql .= " AND fk_statut =".$_GET["statut"];
$sql .= " AND fk_statut =".GETPOST('statut');
}
$sql .= " ORDER BY $sortfield $sortorder " . $db->plimit($conf->liste_limit+1, $offset);
@ -200,7 +200,7 @@ else
dol_print_error($db);
}
$db->close();
llxFooter();
$db->close();
?>

10
htdocs/main.inc.php
View File

@ -274,7 +274,7 @@ if (! empty($conf->global->MAIN_SECURITY_CSRF)) // Check validity of token, only
{
if (($_POST['token'] != $_SESSION['token']))
{
dol_syslog("Invalid token in ".$_SERVER['HTTP_REFERER'].", action=".$_POST['action'].", _POST['token']=".$_POST['token'].", _SESSION['token']=".$_SESSION['token'],LOG_WARNING);
dol_syslog("Invalid token in ".$_SERVER['HTTP_REFERER'].", action=".GETPOST('action').", _POST['token']=".GETPOST('token').", _SESSION['token']=".$_SESSION['token'],LOG_WARNING);
//print 'Unset POST by CSRF protection in main.inc.php.'; // Do not output anything because this create problems when using the BACK button on browsers.
unset($_POST);
}
@ -328,7 +328,7 @@ if (! defined('NOLOGIN'))
include_once(DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php');
// If in demo mode, we check we go to home page through the public/demo/index.php page
if ($dolibarr_main_demo && $_SERVER['PHP_SELF'] == DOL_URL_ROOT.'/index.php') // We ask index page
if (! empty($dolibarr_main_demo) && $_SERVER['PHP_SELF'] == DOL_URL_ROOT.'/index.php') // We ask index page
{
if (! preg_match('/public/',$_SERVER['HTTP_REFERER']))
{
@ -367,8 +367,8 @@ if (! defined('NOLOGIN'))
}
$usertotest = (! empty($_COOKIE['login_dolibarr']) ? $_COOKIE['login_dolibarr'] : GETPOST("username","alpha",2));
$passwordtotest = (! empty($_COOKIE['password_dolibarr']) ? $_COOKIE['password_dolibarr'] : $_POST["password"]);
$entitytotest = (! empty($_POST["entity"]) ? $_POST["entity"] : 1);
$passwordtotest = (! empty($_COOKIE['password_dolibarr']) ? $_COOKIE['password_dolibarr'] : GETPOST('password'));
$entitytotest = (GETPOST('entity','int') ? GETPOST('entity','int') : 1);
// Validation of login/pass/entity
// If ok, the variable login will be returned
@ -556,7 +556,7 @@ if (! defined('NOLOGIN'))
// Call triggers
include_once(DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php");
$interface=new Interfaces($db);
$result=$interface->run_triggers('USER_LOGIN',$user,$user,$langs,$conf,$_POST["entity"]);
$result=$interface->run_triggers('USER_LOGIN',$user,$user,$langs,$conf,GETPOST('entity','int'));
if ($result < 0) {
$error++;
}

5
htdocs/user/logout.php
View File

@ -2,7 +2,7 @@
/* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2003 Xavier Dutoit <doli@sydesy.com>
* Copyright (C) 2004-2009 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -50,7 +50,8 @@ if ($result < 0) { $error++; }
$urlfrom=empty($_SESSION["urlfrom"])?'':$_SESSION["urlfrom"];
// Destroy some cookies
if ($conf->phenix->enabled && $conf->phenix->cookie)
// TODO external module
if (! empty($conf->phenix->enabled) && ! empty($conf->phenix->cookie))
{
// Destroy cookie
setcookie($conf->phenix->cookie, '', 1, "/");