lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' of github.com:Dolibarr/dolibarr into NEW_task_discussion

Browse Source
This commit is contained in:
arnaud 2017-09-07 16:24:34 +02:00
commit 82440fd399
33 changed files with 1082 additions and 945 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
htdocs/accountancy/admin/account.php
View File

@ -190,13 +190,14 @@ if ($resql)
{
$num = $db->num_rows($resql);
$params='';
$param='';
if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.$contextpage;
if ($search_account) $params.= '&search_account='.urlencode($search_account);
if ($search_label) $params.= '&search_label='.urlencode($search_label);
if ($search_accountparent) $params.= '&search_accountparent='.urlencode($search_accountparent);
if ($search_pcgtype) $params.= '&search_pcgtype='.urlencode($search_pcgtype);
if ($search_pcgsubtype) $params.= '&search_pcgsubtype='.urlencode($search_pcgsubtype);
if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.$limit;
if ($search_account) $param.= '&search_account='.urlencode($search_account);
if ($search_label) $param.= '&search_label='.urlencode($search_label);
if ($search_accountparent) $param.= '&search_accountparent='.urlencode($search_accountparent);
if ($search_pcgtype) $param.= '&search_pcgtype='.urlencode($search_pcgtype);
if ($search_pcgsubtype) $param.= '&search_pcgsubtype='.urlencode($search_pcgsubtype);
if ($optioncss != '') $param.='&optioncss='.$optioncss;
@ -212,7 +213,7 @@ if ($resql)
$htmlbuttonadd = '<a class="butAction" href="./card.php?action=create">' . $langs->trans("Addanaccount") . '</a>';
print_barre_liste($langs->trans('ListAccounts'), $page, $_SERVER["PHP_SELF"], $params, $sortfield, $sortorder, '', $num, $nbtotalofrecords, 'title_accountancy', 0, $htmlbuttonadd);
print_barre_liste($langs->trans('ListAccounts'), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num, $nbtotalofrecords, 'title_accountancy', 0, $htmlbuttonadd, '', $limit);
// Box to select active chart of account
print $langs->trans("Selectchartofaccounts") . " : ";

12
htdocs/accountancy/admin/card.php
View File

@ -63,7 +63,7 @@ if ($action == 'add' && $user->rights->accounting->chartofaccount)
{
if (! $cancel) {
$sql = 'SELECT pcg_version FROM ' . MAIN_DB_PREFIX . 'accounting_system WHERE rowid=' . $conf->global->CHARTOFACCOUNTS;
dol_syslog('accountancy/admin/card.php:: $sql=' . $sql);
$result = $db->query($sql);
$obj = $db->fetch_object($result);
@ -172,16 +172,16 @@ if ($action == 'add' && $user->rights->accounting->chartofaccount)
}
} else if ($action == 'delete' && $user->rights->accounting->chartofaccount) {
$result = $object->fetch($id);
if (! empty($object->id)) {
$result = $object->delete($user);
if ($result > 0) {
header("Location: account.php");
exit;
}
}
if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');
}
@ -270,7 +270,7 @@ if ($action == 'create') {
$head = accounting_prepare_head($object);
// Edit mode
if ($action == 'update')
if ($action == 'update')
{
dol_fiche_head($head, 'card', $langs->trans('AccountAccounting'), 0, 'billr');
@ -327,7 +327,7 @@ if ($action == 'create') {
print '</form>';
} else {
// View mode
$linkback = '<a href="../admin/account.php">' . $langs->trans("BackToChartofaccounts") . '</a>';
$linkback = '<a href="'.DOL_URL_ROOT.'/accountancy/admin/account.php">' . $langs->trans("BackToList") . '</a>';
dol_fiche_head($head, 'card', $langs->trans('AccountAccounting'), 0, 'billr');

18
htdocs/accountancy/admin/categories.php
View File

@ -98,7 +98,7 @@ dol_fiche_head();
print '<table class="border" width="100%">';
// Category
print '<tr><td>' . $langs->trans("AccountingCategory") . '</td>';
print '<tr><td class="titlefield">' . $langs->trans("AccountingCategory") . '</td>';
print '<td>';
$formaccounting->select_accounting_category($cat_id, 'account_category', 1, 0, 0, 1);
print '<input class="button" type="submit" value="' . $langs->trans("Select") . '">';
@ -110,14 +110,26 @@ if (! empty($cat_id))
if ($return < 0) {
setEventMessages(null, $accountingcategory->errors, 'errors');
}
print '<tr><td>' . $langs->trans("AddAccountFromBookKeepingWithNoCategories") . '</td>';
print '<tr><td class="tdtop">' . $langs->trans("AddAccountFromBookKeepingWithNoCategories") . '</td>';
print '<td>';
$arraykeyvalue=array();
foreach($accountingcategory->lines_cptbk as $key => $val)
{
$arraykeyvalue[length_accountg($val->numero_compte)] = length_accountg($val->numero_compte) . ' (' . $val->label_compte . ($val->doc_ref?' '.$val->doc_ref:'').')';
}
if (is_array($accountingcategory->lines_cptbk) && count($accountingcategory->lines_cptbk) > 0) {
print '<select class="flat minwidth200" size="' . count($obj) . '" name="cpt_bk[]" multiple>';
print $form->multiselectarray('cpt_bk', $arraykeyvalue, GETPOST('cpt_bk', 'array'), null, null, null, null, "90%");
print '<br>';
/*print '<select class="flat minwidth200" size="8" name="cpt_bk[]" multiple>';
foreach ( $accountingcategory->lines_cptbk as $cpt ) {
print '<option value="' . length_accountg($cpt->numero_compte) . '">' . length_accountg($cpt->numero_compte) . ' (' . $cpt->label_compte . ' ' . $cpt->doc_ref . ')</option>';
}
print '</select><br>';
print ajax_combobox('cpt_bk');
*/
print '<input class="button" type="submit" id="" class="action-delete" value="' . $langs->trans("Add") . '"> ';
}
print '</td></tr>';

18
htdocs/accountancy/admin/categories_list.php
View File

@ -158,6 +158,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify'))
foreach ($listfield as $f => $value)
{
if ($value == 'formula' && empty($_POST['formula'])) continue;
if ($value == 'range_account' && empty($_POST['range_account'])) continue;
if ($value == 'country') continue; // country_id required but not country
if (! isset($_POST[$value]) || $_POST[$value]=='')
{
@ -285,7 +286,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify'))
}
if ($i) $sql.=",";
$sql.= $field."=";
if ($_POST[$listfieldvalue[$i]] == '' && ! ($listfieldvalue[$i] == 'code' && $id == 10)) $sql.="null"; // For vat, we want/accept code = ''
if ($_POST[$listfieldvalue[$i]] == '' && ! $listfieldvalue[$i] == 'range_account') $sql.="null"; // For range_account, we want/accept code = ''
else $sql.="'".$db->escape($_POST[$listfieldvalue[$i]])."'";
$i++;
}
@ -433,7 +434,7 @@ if ($id == 32)
// Confirmation de la suppression de la ligne
if ($action == 'delete')
{
print $form->formconfirm($_SERVER["PHP_SELF"].'?'.($page?'page='.$page.'&':'').'sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.$rowid.'&code='.$code.'&id='.$id, $langs->trans('DeleteLine'), $langs->trans('ConfirmDeleteLine'), 'confirm_delete','',0,1);
print $form->formconfirm($_SERVER["PHP_SELF"].'?'.($page?'page='.$page.'&':'').'sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.$rowid.'&code='.$code.'&id='.$id.($search_country_id>0?'&search_country_id='.$search_country_id:''), $langs->trans('DeleteLine'), $langs->trans('ConfirmDeleteLine'), 'confirm_delete','',0,1);
}
//var_dump($elementList);
@ -586,8 +587,7 @@ if ($id)
$paramwithsearch = $param;
if ($sortorder) $paramwithsearch.= '&sortorder='.$sortorder;
if ($sortfield) $paramwithsearch.= '&sortfield='.$sortfield;
if (GETPOST('from')) $paramwithsearch.= '&from='.GETPOST('from','alpha');
if (GETPOST('from','alpha')) $paramwithsearch.= '&from='.GETPOST('from','alpha');
// There is several pages
if ($num > $listlimit)
{
@ -774,14 +774,9 @@ if ($id)
if (isset($obj->code))
{
if (($obj->code == '0' || $obj->code == '' || preg_match('/unknown/i',$obj->code))) { $iserasable = 0; $canbedisabled = 0; }
else if ($obj->code == 'RECEP') { $iserasable = 0; $canbedisabled = 0; }
else if ($obj->code == 'EF0') { $iserasable = 0; $canbedisabled = 0; }
}
if (isset($obj->type) && in_array($obj->type, array('system', 'systemauto'))) { $iserasable=0; }
if (in_array($obj->code, array('AC_OTH','AC_OTH_AUTO')) || in_array($obj->type, array('systemauto'))) { $canbedisabled=0; $canbedisabled = 0; }
$canbemodified=$iserasable;
if ($obj->code == 'RECEP') $canbemodified=1;
$url = $_SERVER["PHP_SELF"].'?'.($page?'page='.$page.'&':'').'sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.(! empty($obj->rowid)?$obj->rowid:(! empty($obj->code)?$obj->code:'')).'&code='.(! empty($obj->code)?urlencode($obj->code):'');
if ($param) $url .= '&'.$param;
@ -792,10 +787,7 @@ if ($id)
if ($canbedisabled) print '<a href="'.$url.'action='.$acts[$obj->active].'">'.$actl[$obj->active].'</a>';
else
{
if (in_array($obj->code, array('AC_OTH','AC_OTH_AUTO'))) print $langs->trans("AlwaysActive");
else if (isset($obj->type) && in_array($obj->type, array('systemauto')) && empty($obj->active)) print $langs->trans("Deprecated");
else if (isset($obj->type) && in_array($obj->type, array('system')) && ! empty($obj->active) && $obj->code != 'AC_OTH') print $langs->trans("UsedOnlyWithTypeOption");
else print $langs->trans("AlwaysActive");
print $langs->trans("AlwaysActive");
}
print "</td>";

216
htdocs/admin/company.php
View File

@ -49,7 +49,7 @@ $error=0;
* Actions
*/
if ( ($action == 'update' && empty($_POST["cancel"]))
if ( ($action == 'update' && ! GETPOST("cancel",'alpha'))
|| ($action == 'updateedit') )
{
$tmparray=getCountry(GETPOST('country_id','int'),'all',$db,$langs,0);
@ -63,19 +63,19 @@ if ( ($action == 'update' && empty($_POST["cancel"]))
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_COUNTRY", $s,'chaine',0,'',$conf->entity);
}
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOM",$_POST["nom"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ADDRESS",$_POST["address"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TOWN",$_POST["town"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ZIP",$_POST["zipcode"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_STATE",$_POST["state_id"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_MONNAIE",$_POST["currency"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TEL",$_POST["tel"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FAX",$_POST["fax"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MAIL",$_POST["mail"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_WEB",$_POST["web"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOTE",$_POST["note"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_GENCOD",$_POST["barcode"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOM", GETPOST("nom",'nohtml'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ADDRESS", GETPOST("address",'nohtml'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TOWN", GETPOST("town",'nohtml'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ZIP", GETPOST("zipcode",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_STATE", GETPOST("state_id",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_MONNAIE", GETPOST("currency",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TEL", GETPOST("tel",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FAX", GETPOST("fax",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MAIL", GETPOST("mail",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_WEB", GETPOST("web",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOTE", GETPOST("note",'none'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_GENCOD", GETPOST("barcode",'alpha'),'chaine',0,'',$conf->entity);
$varforimage='logo'; $dirforimage=$conf->mycompany->dir_output.'/logos/';
if ($_FILES[$varforimage]["tmp_name"])
{
@ -100,8 +100,8 @@ if ( ($action == 'update' && empty($_POST["cancel"]))
if ($isimage > 0)
{
// Create thumbs
//$object->addThumbs($newfile); // We can't use addThumbs here yet because we need name of generated thumbs to add them into constants. TODO Check if need such constants. We should be able to retreive value with get...
//$object->addThumbs($newfile); // We can't use addThumbs here yet because we need name of generated thumbs to add them into constants. TODO Check if need such constants. We should be able to retreive value with get...
// Create small thumb, Used on logon for example
$imgThumbSmall = vignette($dirforimage.$original_file, $maxwidthsmall, $maxheightsmall, '_small', $quality);
if (image_format_supported($imgThumbSmall) >= 0 && preg_match('/([^\\/:]+)$/i',$imgThumbSmall,$reg))
@ -143,27 +143,27 @@ if ( ($action == 'update' && empty($_POST["cancel"]))
}
}
}
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MANAGERS",$_POST["MAIN_INFO_SOCIETE_MANAGERS"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_CAPITAL",$_POST["capital"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FORME_JURIDIQUE",$_POST["forme_juridique_code"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SIREN",$_POST["siren"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SIRET",$_POST["siret"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_APE",$_POST["ape"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_RCS",$_POST["rcs"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_PROFID5",$_POST["MAIN_INFO_PROFID5"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_PROFID6",$_POST["MAIN_INFO_PROFID6"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_TVAINTRA",$_POST["tva"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_OBJECT",$_POST["object"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MANAGERS", GETPOST("MAIN_INFO_SOCIETE_MANAGERS",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_CAPITAL", GETPOST("capital",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FORME_JURIDIQUE", GETPOST("forme_juridique_code",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SIREN", GETPOST("siren",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SIRET", GETPOST("siret",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_APE", GETPOST("ape",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_RCS", GETPOST("rcs",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_PROFID5", GETPOST("MAIN_INFO_PROFID5",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_PROFID6", GETPOST("MAIN_INFO_PROFID6",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "SOCIETE_FISCAL_MONTH_START",$_POST["fiscalmonthstart"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_TVAINTRA", GETPOST("tva",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_OBJECT", GETPOST("object",'nohtml'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "FACTURE_TVAOPTION",$_POST["optiontva"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "SOCIETE_FISCAL_MONTH_START", GETPOST("fiscalmonthstart",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "FACTURE_TVAOPTION", GETPOST("optiontva",'alpha'),'chaine',0,'',$conf->entity);
// Local taxes
dolibarr_set_const($db, "FACTURE_LOCAL_TAX1_OPTION",$_POST["optionlocaltax1"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "FACTURE_LOCAL_TAX2_OPTION",$_POST["optionlocaltax2"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "FACTURE_LOCAL_TAX1_OPTION", GETPOST("optionlocaltax1",'alpha'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "FACTURE_LOCAL_TAX2_OPTION", GETPOST("optionlocaltax2",'alpha'),'chaine',0,'',$conf->entity);
if($_POST["optionlocaltax1"]=="localtax1on")
{
@ -173,9 +173,9 @@ if ( ($action == 'update' && empty($_POST["cancel"]))
}
else
{
dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX1", GETPOST('lt1'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX1", GETPOST('lt1','alpha'),'chaine',0,'',$conf->entity);
}
dolibarr_set_const($db,"MAIN_INFO_LOCALTAX_CALC1", $_POST["clt1"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db,"MAIN_INFO_LOCALTAX_CALC1", GETPOST("clt1",'alpha'),'chaine',0,'',$conf->entity);
}
if($_POST["optionlocaltax2"]=="localtax2on")
{
@ -185,9 +185,9 @@ if ( ($action == 'update' && empty($_POST["cancel"]))
}
else
{
dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX2", GETPOST('lt2'),'chaine',0,'',$conf->entity);
dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX2", GETPOST('lt2','alpha'),'chaine',0,'',$conf->entity);
}
dolibarr_set_const($db,"MAIN_INFO_LOCALTAX_CALC2", $_POST["clt2"],'chaine',0,'',$conf->entity);
dolibarr_set_const($db,"MAIN_INFO_LOCALTAX_CALC2", GETPOST("clt2",'alpha'),'chaine',0,'',$conf->entity);
}
if ($action != 'updateedit' && ! $error)
@ -207,7 +207,7 @@ if ($action == 'addthumb') // Regenerate thumbs
if ($isimage > 0)
{
// Create thumbs
//$object->addThumbs($newfile); // We can't use addThumbs here yet because we need name of generated thumbs to add them into constants. TODO Check if need such constants. We should be able to retreive value with get...
//$object->addThumbs($newfile); // We can't use addThumbs here yet because we need name of generated thumbs to add them into constants. TODO Check if need such constants. We should be able to retreive value with get...
// Create small thumb. Used on logon for example
$imgThumbSmall = vignette($conf->mycompany->dir_output.'/logos/'.$_GET["file"], $maxwidthsmall, $maxheightsmall, '_small',$quality);
@ -309,72 +309,72 @@ if ($action == 'edit' || $action == 'updateedit')
print '<tr class="liste_titre"><th class="titlefield">'.$langs->trans("CompanyInfo").'</th><th>'.$langs->trans("Value").'</th></tr>'."\n";
// Name
print '<tr class="oddeven"><td class="fieldrequired"><label for="name">'.$langs->trans("CompanyName").'</label></td><td>';
print '<input name="nom" id="name" class="minwidth200" value="'. ($conf->global->MAIN_INFO_SOCIETE_NOM?$conf->global->MAIN_INFO_SOCIETE_NOM:$_POST["nom"]) . '" autofocus="autofocus"></td></tr>'."\n";
print '<input name="nom" id="name" class="minwidth200" value="'. ($conf->global->MAIN_INFO_SOCIETE_NOM?$conf->global->MAIN_INFO_SOCIETE_NOM: GETPOST("nom",'nohtml')) . '" autofocus="autofocus"></td></tr>'."\n";
// Addresse
print '<tr class="oddeven"><td><label for="address">'.$langs->trans("CompanyAddress").'</label></td><td>';
print '<textarea name="address" id="address" class="quatrevingtpercent" rows="'.ROWS_3.'">'. ($conf->global->MAIN_INFO_SOCIETE_ADDRESS?$conf->global->MAIN_INFO_SOCIETE_ADDRESS:$_POST["address"]) . '</textarea></td></tr>'."\n";
print '<textarea name="address" id="address" class="quatrevingtpercent" rows="'.ROWS_3.'">'. ($conf->global->MAIN_INFO_SOCIETE_ADDRESS?$conf->global->MAIN_INFO_SOCIETE_ADDRESS: GETPOST("address",'nohtml')) . '</textarea></td></tr>'."\n";
print '<tr class="oddeven"><td><label for="zipcode">'.$langs->trans("CompanyZip").'</label></td><td>';
print '<input class="minwidth100" name="zipcode" id="zipcode" value="'. ($conf->global->MAIN_INFO_SOCIETE_ZIP?$conf->global->MAIN_INFO_SOCIETE_ZIP:$_POST["zipcode"]) . '"></td></tr>'."\n";
print '<input class="minwidth100" name="zipcode" id="zipcode" value="'. ($conf->global->MAIN_INFO_SOCIETE_ZIP?$conf->global->MAIN_INFO_SOCIETE_ZIP: GETPOST("zipcode",'alpha')) . '"></td></tr>'."\n";
print '<tr class="oddeven"><td><label for="town">'.$langs->trans("CompanyTown").'</label></td><td>';
print '<input name="town" class="minwidth100" id="town" value="'. ($conf->global->MAIN_INFO_SOCIETE_TOWN?$conf->global->MAIN_INFO_SOCIETE_TOWN:$_POST["town"]) . '"></td></tr>'."\n";
print '<input name="town" class="minwidth100" id="town" value="'. ($conf->global->MAIN_INFO_SOCIETE_TOWN?$conf->global->MAIN_INFO_SOCIETE_TOWN: GETPOST("town",'nohtml')) . '"></td></tr>'."\n";
// Country
print '<tr class="oddeven"><td class="fieldrequired"><label for="selectcountry_id">'.$langs->trans("Country").'</label></td><td class="maxwidthonsmartphone">';
//if (empty($country_selected)) $country_selected=substr($langs->defaultlang,-2); // By default, country of localization
print $form->select_country($mysoc->country_id,'country_id');
if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"),1);
print '</td></tr>'."\n";
print '<tr class="oddeven"><td><label for="state_id">'.$langs->trans("State").'</label></td><td class="maxwidthonsmartphone">';
$formcompany->select_departement($conf->global->MAIN_INFO_SOCIETE_STATE,$mysoc->country_code,'state_id');
print '</td></tr>'."\n";
print '<tr class="oddeven"><td><label for="currency">'.$langs->trans("CompanyCurrency").'</label></td><td>';
print $form->selectCurrency($conf->currency,"currency");
print '</td></tr>'."\n";
print '<tr class="oddeven"><td><label for="phone">'.$langs->trans("Phone").'</label></td><td>';
print '<input name="tel" id="phone" value="'. $conf->global->MAIN_INFO_SOCIETE_TEL . '"></td></tr>';
print '</td></tr>'."\n";
print '<tr class="oddeven"><td><label for="fax">'.$langs->trans("Fax").'</label></td><td>';
print '<input name="fax" id="fax" value="'. $conf->global->MAIN_INFO_SOCIETE_FAX . '"></td></tr>';
print '</td></tr>'."\n";
print '<tr class="oddeven"><td><label for="email">'.$langs->trans("EMail").'</label></td><td>';
print '<input name="mail" id="email" class="minwidth200" value="'. $conf->global->MAIN_INFO_SOCIETE_MAIL . '"></td></tr>';
print '</td></tr>'."\n";
// Web
print '<tr class="oddeven"><td><label for="web">'.$langs->trans("Web").'</label></td><td>';
print '<input name="web" id="web" class="minwidth300" value="'. $conf->global->MAIN_INFO_SOCIETE_WEB . '"></td></tr>';
print '</td></tr>'."\n";
// Barcode
if (! empty($conf->barcode->enabled)) {
print '<tr class="oddeven"><td><label for="barcode">'.$langs->trans("Gencod").'</label></td><td>';
print '<input name="barcode" id="barcode" class="minwidth150" value="'. $conf->global->MAIN_INFO_SOCIETE_GENCOD . '"></td></tr>';
print '</td></tr>';
}
// Logo
print '<tr'.dol_bc($var,'hideonsmartphone').'><td><label for="logo">'.$langs->trans("Logo").' (png,jpg)</label></td><td>';
print '<table width="100%" class="nobordernopadding"><tr class="nocellnopadd"><td valign="middle" class="nocellnopadd">';
print '<input type="file" class="flat class=minwidth200" name="logo" id="logo">';
@ -392,9 +392,9 @@ if ($action == 'edit' || $action == 'updateedit')
print '</td></tr>';
// Note
print '<tr class="oddeven"><td class="tdtop"><label for="note">'.$langs->trans("Note").'</label></td><td>';
print '<textarea class="flat quatrevingtpercent" name="note" id="note" rows="'.ROWS_5.'">'.(! empty($conf->global->MAIN_INFO_SOCIETE_NOTE) ? $conf->global->MAIN_INFO_SOCIETE_NOTE : '').'</textarea></td></tr>';
print '<textarea class="flat quatrevingtpercent" name="note" id="note" rows="'.ROWS_5.'">'.(GETPOST('note','none') ? GETPOST('note','none') : $conf->global->MAIN_INFO_SOCIETE_NOTE).'</textarea></td></tr>';
print '</td></tr>';
print '</table>';
@ -409,17 +409,17 @@ if ($action == 'edit' || $action == 'updateedit')
$langs->load("companies");
// Managing Director(s)
print '<tr class="oddeven"><td><label for="director">'.$langs->trans("ManagingDirectors").'</label></td><td>';
print '<input name="MAIN_INFO_SOCIETE_MANAGERS" id="director" class="minwidth200" value="' . $conf->global->MAIN_INFO_SOCIETE_MANAGERS . '"></td></tr>';
// Capital
print '<tr class="oddeven"><td><label for="capital">'.$langs->trans("Capital").'</label></td><td>';
print '<input name="capital" id="capital" class="minwidth100" value="' . $conf->global->MAIN_INFO_CAPITAL . '"></td></tr>';
// Juridical Status
print '<tr class="oddeven"><td><label for="forme_juridique_code">'.$langs->trans("JuridicalStatus").'</label></td><td>';
if ($mysoc->country_code) {
print $formcompany->select_juridicalstatus($conf->global->MAIN_INFO_SOCIETE_FORME_JURIDIQUE, $mysoc->country_code, '', 'forme_juridique_code');
@ -431,7 +431,7 @@ if ($action == 'edit' || $action == 'updateedit')
// ProfID1
if ($langs->transcountry("ProfId1",$mysoc->country_code) != '-')
{
print '<tr class="oddeven"><td><label for="profid1">'.$langs->transcountry("ProfId1",$mysoc->country_code).'</label></td><td>';
if (! empty($mysoc->country_code))
{
@ -447,7 +447,7 @@ if ($action == 'edit' || $action == 'updateedit')
// ProfId2
if ($langs->transcountry("ProfId2",$mysoc->country_code) != '-')
{
print '<tr class="oddeven"><td><label for="profid2">'.$langs->transcountry("ProfId2",$mysoc->country_code).'</label></td><td>';
if (! empty($mysoc->country_code))
{
@ -463,7 +463,7 @@ if ($action == 'edit' || $action == 'updateedit')
// ProfId3
if ($langs->transcountry("ProfId3",$mysoc->country_code) != '-')
{
print '<tr class="oddeven"><td><label for="profid3">'.$langs->transcountry("ProfId3",$mysoc->country_code).'</label></td><td>';
if (! empty($mysoc->country_code))
{
@ -479,7 +479,7 @@ if ($action == 'edit' || $action == 'updateedit')
// ProfId4
if ($langs->transcountry("ProfId4",$mysoc->country_code) != '-')
{
print '<tr class="oddeven"><td><label for="profid4">'.$langs->transcountry("ProfId4",$mysoc->country_code).'</label></td><td>';
if (! empty($mysoc->country_code))
{
@ -495,7 +495,7 @@ if ($action == 'edit' || $action == 'updateedit')
// ProfId5
if ($langs->transcountry("ProfId5",$mysoc->country_code) != '-')
{
print '<tr class="oddeven"><td><label for="profid5">'.$langs->transcountry("ProfId5",$mysoc->country_code).'</label></td><td>';
if (! empty($mysoc->country_code))
{
@ -511,7 +511,7 @@ if ($action == 'edit' || $action == 'updateedit')
// ProfId6
if ($langs->transcountry("ProfId6",$mysoc->country_code) != '-')
{
print '<tr class="oddeven"><td><label for="profid6">'.$langs->transcountry("ProfId6",$mysoc->country_code).'</label></td><td>';
if (! empty($mysoc->country_code))
{
@ -525,13 +525,13 @@ if ($action == 'edit' || $action == 'updateedit')
}
// TVA Intra
print '<tr class="oddeven"><td><label for="intra_vat">'.$langs->trans("VATIntra").'</label></td><td>';
print '<input name="tva" id="intra_vat" class="minwidth200" value="' . (! empty($conf->global->MAIN_INFO_TVAINTRA) ? $conf->global->MAIN_INFO_TVAINTRA : '') . '">';
print '</td></tr>';
// Object of the company
print '<tr class="oddeven"><td><label for="object">'.$langs->trans("CompanyObject").'</label></td><td>';
print '<textarea class="flat quatrevingtpercent" name="object" id="object" rows="'.ROWS_5.'">'.(! empty($conf->global->MAIN_INFO_SOCIETE_OBJECT) ? $conf->global->MAIN_INFO_SOCIETE_OBJECT : '').'</textarea></td></tr>';
print '</td></tr>';
@ -546,7 +546,7 @@ if ($action == 'edit' || $action == 'updateedit')
print '<td class="titlefield">'.$langs->trans("FiscalYearInformation").'</td><td>'.$langs->trans("Value").'</td>';
print "</tr>\n";
print '<tr class="oddeven"><td><label for="fiscalmonthstart">'.$langs->trans("FiscalMonthStart").'</label></td><td>';
print $formother->select_month($conf->global->SOCIETE_FISCAL_MONTH_START,'fiscalmonthstart',0,1) . '</td></tr>';
@ -561,7 +561,7 @@ if ($action == 'edit' || $action == 'updateedit')
print '<td align="right">&nbsp;</td>';
print "</tr>\n";
print "<tr class=\"oddeven\"><td width=\"140\"><label><input type=\"radio\" name=\"optiontva\" id=\"use_vat\" value=\"1\"".(empty($conf->global->FACTURE_TVAOPTION)?"":" checked")."> ".$langs->trans("VATIsUsed")."</label></td>";
print '<td colspan="2">';
print "<table>";
@ -570,7 +570,7 @@ if ($action == 'edit' || $action == 'updateedit')
print "</table>";
print "</td></tr>\n";
print "<tr class=\"oddeven\"><td width=\"140\"><label><input type=\"radio\" name=\"optiontva\" id=\"no_vat\" value=\"0\"".(empty($conf->global->FACTURE_TVAOPTION)?" checked":"")."> ".$langs->trans("VATIsNotUsed")."</label></td>";
print '<td colspan="2">';
print "<table>";
@ -593,7 +593,7 @@ if ($action == 'edit' || $action == 'updateedit')
print '<td>'.$langs->transcountry("LocalTax1Management",$mysoc->country_code).'</td><td>'.$langs->trans("Description").'</td>';
print '<td align="right">&nbsp;</td>';
print "</tr>\n";
// Note: When option is not set, it must not appears as set on on, because there is no default value for this option
print "<tr class=\"oddeven\"><td width=\"140\"><input type=\"radio\" name=\"optionlocaltax1\" id=\"lt1\" value=\"localtax1on\"".(($conf->global->FACTURE_LOCAL_TAX1_OPTION == '1' || $conf->global->FACTURE_LOCAL_TAX1_OPTION == "localtax1on")?" checked":"")."> ".$langs->transcountry("LocalTax1IsUsed",$mysoc->country_code)."</td>";
print '<td colspan="2">';
@ -616,7 +616,7 @@ if ($action == 'edit' || $action == 'updateedit')
print "</table>";
print "</td></tr>\n";
print "<tr class=\"oddeven\"><td width=\"140\"><input type=\"radio\" name=\"optionlocaltax1\" id=\"nolt1\" value=\"localtax1off\"".((empty($conf->global->FACTURE_LOCAL_TAX1_OPTION) || $conf->global->FACTURE_LOCAL_TAX1_OPTION == "localtax1off")?" checked":"")."> ".$langs->transcountry("LocalTax1IsNotUsed",$mysoc->country_code)."</td>";
print '<td colspan="2">';
print "<table>";
@ -637,7 +637,7 @@ if ($action == 'edit' || $action == 'updateedit')
print '<td align="right">&nbsp;</td>';
print "</tr>\n";
// Note: When option is not set, it must not appears as set on on, because there is no default value for this option
print "<tr class=\"oddeven\"><td width=\"140\"><input type=\"radio\" name=\"optionlocaltax2\" id=\"lt2\" value=\"localtax2on\"".(($conf->global->FACTURE_LOCAL_TAX2_OPTION == '1' || $conf->global->FACTURE_LOCAL_TAX2_OPTION == "localtax2on")?" checked":"")."> ".$langs->transcountry("LocalTax2IsUsed",$mysoc->country_code)."</td>";
print '<td colspan="2">';
@ -657,7 +657,7 @@ if ($action == 'edit' || $action == 'updateedit')
print "</table>";
print "</td></tr>\n";
print "<tr class=\"oddeven\"><td width=\"140\"><input type=\"radio\" name=\"optionlocaltax2\" id=\"nolt2\" value=\"localtax2off\"".((empty($conf->global->FACTURE_LOCAL_TAX2_OPTION) || $conf->global->FACTURE_LOCAL_TAX2_OPTION == "localtax2off")?" checked":"")."> ".$langs->transcountry("LocalTax2IsNotUsed",$mysoc->country_code)."</td>";
print '<td colspan="2">';
print "<table>";
@ -693,22 +693,22 @@ else
print '<table class="noborder" width="100%">';
print '<tr class="liste_titre"><td>'.$langs->trans("CompanyInfo").'</td><td>'.$langs->trans("Value").'</td></tr>';
print '<tr class="oddeven"><td class="titlefield">'.$langs->trans("CompanyName").'</td><td>';
if (! empty($conf->global->MAIN_INFO_SOCIETE_NOM)) print $conf->global->MAIN_INFO_SOCIETE_NOM;
else print img_warning().' <font class="error">'.$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("CompanyName")).'</font>';
print '</td></tr>';
print '<tr class="oddeven"><td>'.$langs->trans("CompanyAddress").'</td><td>' . nl2br(empty($conf->global->MAIN_INFO_SOCIETE_ADDRESS)?'':$conf->global->MAIN_INFO_SOCIETE_ADDRESS) . '</td></tr>';
print '<tr class="oddeven"><td>'.$langs->trans("CompanyZip").'</td><td>' . (empty($conf->global->MAIN_INFO_SOCIETE_ZIP)?'':$conf->global->MAIN_INFO_SOCIETE_ZIP) . '</td></tr>';
print '<tr class="oddeven"><td>'.$langs->trans("CompanyTown").'</td><td>' . (empty($conf->global->MAIN_INFO_SOCIETE_TOWN)?'':$conf->global->MAIN_INFO_SOCIETE_TOWN) . '</td></tr>';
print '<tr class="oddeven"><td>'.$langs->trans("CompanyCountry").'</td><td>';
if ($mysoc->country_code)
{
@ -719,13 +719,13 @@ else
else print img_warning().' <font class="error">'.$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("CompanyCountry")).'</font>';
print '</td></tr>';
print '<tr class="oddeven"><td>'.$langs->trans("State").'</td><td>';
if (! empty($conf->global->MAIN_INFO_SOCIETE_STATE)) print getState($conf->global->MAIN_INFO_SOCIETE_STATE);
else print '&nbsp;';
print '</td></tr>';
print '<tr class="oddeven"><td>'.$langs->trans("CompanyCurrency").'</td><td>';
print currency_name($conf->currency,1);
print ' ('.$conf->currency;
@ -733,28 +733,28 @@ else
print ')';
print '</td></tr>';
print '<tr class="oddeven"><td>'.$langs->trans("Phone").'</td><td>' . dol_print_phone($conf->global->MAIN_INFO_SOCIETE_TEL,$mysoc->country_code) . '</td></tr>';
print '<tr class="oddeven"><td>'.$langs->trans("Fax").'</td><td>' . dol_print_phone($conf->global->MAIN_INFO_SOCIETE_FAX,$mysoc->country_code) . '</td></tr>';
print '<tr class="oddeven"><td>'.$langs->trans("Mail").'</td><td>' . dol_print_email($conf->global->MAIN_INFO_SOCIETE_MAIL,0,0,0,80) . '</td></tr>';
// Web
print '<tr class="oddeven"><td>'.$langs->trans("Web").'</td><td>' . dol_print_url($conf->global->MAIN_INFO_SOCIETE_WEB,'_blank',80) . '</td></tr>';
// Barcode
if (! empty($conf->barcode->enabled))
{
print '<tr class="oddeven"><td>'.$langs->trans("Gencod").'</td><td>' . $conf->global->MAIN_INFO_SOCIETE_GENCOD . '</td></tr>';
}
// Logo
print '<tr class="oddeven"><td>'.$langs->trans("Logo").'</td><td>';
$tagtd='tagtd ';
@ -780,7 +780,7 @@ else
print '</td></tr>';
print '<tr class="oddeven"><td class="tdtop">'.$langs->trans("Note").'</td><td>' . (! empty($conf->global->MAIN_INFO_SOCIETE_NOTE) ? nl2br($conf->global->MAIN_INFO_SOCIETE_NOTE) : '') . '</td></tr>';
print '</table>';
@ -796,17 +796,17 @@ else
print '<tr class="liste_titre"><td class="titlefield">'.$langs->trans("CompanyIds").'</td><td>'.$langs->trans("Value").'</td></tr>';
// Managing Director(s)
print '<tr class="oddeven"><td>'.$langs->trans("ManagingDirectors").'</td><td>';
print $conf->global->MAIN_INFO_SOCIETE_MANAGERS . '</td></tr>';
// Capital
print '<tr class="oddeven"><td>'.$langs->trans("Capital").'</td><td>';
print $conf->global->MAIN_INFO_CAPITAL . '</td></tr>';
// Juridical Status
print '<tr class="oddeven"><td>'.$langs->trans("JuridicalStatus").'</td><td>';
print getFormeJuridiqueLabel($conf->global->MAIN_INFO_SOCIETE_FORME_JURIDIQUE);
print '</td></tr>';
@ -814,7 +814,7 @@ else
// ProfId1
if ($langs->transcountry("ProfId1",$mysoc->country_code) != '-')
{
print '<tr class="oddeven"><td>'.$langs->transcountry("ProfId1",$mysoc->country_code).'</td><td>';
if (! empty($conf->global->MAIN_INFO_SIREN))
{
@ -830,7 +830,7 @@ else
// ProfId2
if ($langs->transcountry("ProfId2",$mysoc->country_code) != '-')
{
print '<tr class="oddeven"><td>'.$langs->transcountry("ProfId2",$mysoc->country_code).'</td><td>';
if (! empty($conf->global->MAIN_INFO_SIRET))
{
@ -846,7 +846,7 @@ else
// ProfId3
if ($langs->transcountry("ProfId3",$mysoc->country_code) != '-')
{
print '<tr class="oddeven"><td>'.$langs->transcountry("ProfId3",$mysoc->country_code).'</td><td>';
if (! empty($conf->global->MAIN_INFO_APE))
{
@ -862,7 +862,7 @@ else
// ProfId4
if ($langs->transcountry("ProfId4",$mysoc->country_code) != '-')
{
print '<tr class="oddeven"><td>'.$langs->transcountry("ProfId4",$mysoc->country_code).'</td><td>';
if (! empty($conf->global->MAIN_INFO_RCS))
{
@ -878,7 +878,7 @@ else
// ProfId5
if ($langs->transcountry("ProfId5",$mysoc->country_code) != '-')
{
print '<tr class="oddeven"><td>'.$langs->transcountry("ProfId5",$mysoc->country_code).'</td><td>';
if (! empty($conf->global->MAIN_INFO_PROFID5))
{
@ -894,7 +894,7 @@ else
// ProfId6
if ($langs->transcountry("ProfId6",$mysoc->country_code) != '-')
{
print '<tr class="oddeven"><td>'.$langs->transcountry("ProfId6",$mysoc->country_code).'</td><td>';
if (! empty($conf->global->MAIN_INFO_PROFID6))
{
@ -908,7 +908,7 @@ else
}
// VAT
print '<tr class="oddeven"><td>'.$langs->trans("VATIntra").'</td>';
print '<td>';
if (! empty($conf->global->MAIN_INFO_TVAINTRA))
@ -944,8 +944,8 @@ else
}
print '</td>';
print '</tr>';
print '<tr class="oddeven"><td class="tdtop">'.$langs->trans("CompanyObject").'</td><td>' . (! empty($conf->global->MAIN_INFO_SOCIETE_OBJECT) ? nl2br($conf->global->MAIN_INFO_SOCIETE_OBJECT) : '') . '</td></tr>';
print '</table>';
@ -960,7 +960,7 @@ else
print '<td class="titlefield">'.$langs->trans("FiscalYearInformation").'</td><td>'.$langs->trans("Value").'</td>';
print "</tr>\n";
print '<tr class="oddeven"><td>'.$langs->trans("FiscalMonthStart").'</td><td>';
$monthstart=(! empty($conf->global->SOCIETE_FISCAL_MONTH_START)) ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1;
print dol_print_date(dol_mktime(12,0,0,$monthstart,1,2000,1),'%B','gm') . '</td></tr>';
@ -977,7 +977,7 @@ else
print '<td align="right">&nbsp;</td>';
print "</tr>\n";
print "<tr class=\"oddeven\"><td width=\"160\"><input class=\"oddeven\" type=\"radio\" name=\"optiontva\" id=\"use_vat\" disabled value=\"1\"".(empty($conf->global->FACTURE_TVAOPTION)?"":" checked")."> ".$langs->trans("VATIsUsed")."</td>";
print '<td colspan="2">';
print "<table>";
@ -986,7 +986,7 @@ else
print "</table>";
print "</td></tr>\n";
print "<tr class=\"oddeven\"><td width=\"160\"><input class=\"oddeven\" type=\"radio\" name=\"optiontva\" id=\"no_vat\" disabled value=\"0\"".(empty($conf->global->FACTURE_TVAOPTION)?" checked":"")."> ".$langs->trans("VATIsNotUsed")."</td>";
print '<td colspan="2">';
print "<table>";
@ -1011,7 +1011,7 @@ else
print '<td align="right">&nbsp;</td>';
print "</tr>\n";
print "<tr class=\"oddeven\"><td width=\"160\"><input class=\"oddeven\" type=\"radio\" name=\"optionlocaltax1\" id=\"lt1\" disabled value=\"localtax1on\"".(($conf->global->FACTURE_LOCAL_TAX1_OPTION == '1' || $conf->global->FACTURE_LOCAL_TAX1_OPTION == "localtax1on")?" checked":"")."> ".$langs->transcountry("LocalTax1IsUsed",$mysoc->country_code)."</td>";
print '<td colspan="2">';
print "<table>";
@ -1039,7 +1039,7 @@ else
print "</table>";
print "</td></tr>\n";
print "<tr class=\"oddeven\"><td width=\"160\"><input class=\"oddeven\" type=\"radio\" name=\"optionlocaltax1\" id=\"nolt1\" disabled value=\"localtax1off\"".((empty($conf->global->FACTURE_LOCAL_TAX1_OPTION) || $conf->global->FACTURE_LOCAL_TAX1_OPTION == "localtax1off")?" checked":"")."> ".$langs->transcountry("LocalTax1IsNotUsed",$mysoc->country_code)."</td>";
print '<td colspan="2">';
print "<table>";
@ -1061,7 +1061,7 @@ else
print '<td align="right">&nbsp;</td>';
print "</tr>\n";
print "<tr class=\"oddeven\"><td width=\"160\"><input class=\"oddeven\" type=\"radio\" name=\"optionlocaltax2\" id=\"lt2\" disabled value=\"localtax2on\"".(($conf->global->FACTURE_LOCAL_TAX2_OPTION == '1' || $conf->global->FACTURE_LOCAL_TAX2_OPTION == "localtax2on")?" checked":"")."> ".$langs->transcountry("LocalTax2IsUsed",$mysoc->country_code)."</td>";
print '<td colspan="2">';
print "<table>";
@ -1090,7 +1090,7 @@ else
print "</table>";
print "</td></tr>\n";
print "<tr class=\"oddeven\"><td width=\"160\"><input class=\"oddeven\" type=\"radio\" name=\"optionlocaltax2\" id=\"nolt2\" disabled value=\"localtax2off\"".((empty($conf->global->FACTURE_LOCAL_TAX2_OPTION) || $conf->global->FACTURE_LOCAL_TAX2_OPTION == "localtax2off")?" checked":"")."> ".$langs->transcountry("LocalTax2IsNotUsed",$mysoc->country_code)."</td>";
print '<td colspan="2">';
print "<table>";

103
htdocs/admin/menus/edit.php
View File

@ -83,27 +83,27 @@ if ($action == 'update')
}
}
}
$menu = new Menubase($db);
$result=$menu->fetch($_POST['menuId']);
$result=$menu->fetch(GETPOST('menuId', 'int'));
if ($result > 0)
{
$menu->titre=$_POST['titre'];
$menu->leftmenu=$_POST['leftmenu'];
$menu->url=$_POST['url'];
$menu->langs=$_POST['langs'];
$menu->position=$_POST['position'];
$menu->enabled=$_POST['enabled'];
$menu->perms=$_POST['perms'];
$menu->target=$_POST['target'];
$menu->user=$_POST['user'];
if (is_numeric($_POST['menuIdParent']))
$menu->titre=GETPOST('titre', 'alpha');
$menu->leftmenu=GETPOST('leftmenu', 'alpha');
$menu->url=GETPOST('url','alpha');
$menu->langs=GETPOST('langs','alpha');
$menu->position=GETPOST('position','int');
$menu->enabled=GETPOST('enabled','alpha');
$menu->perms=GETPOST('perms','alpha');
$menu->target=GETPOST('target','alpha');
$menu->user=GETPOST('user','alpha');
if (is_numeric(GETPOST('menuIdParent','alpha')))
{
$menu->fk_menu=$_POST['menuIdParent'];
$menu->fk_menu=GETPOST('menuIdParent','alpha');
}
else
{
if ($_POST['type'] == 'top') $menu->fk_menu=0;
if (GETPOST('type','alpha') == 'top') $menu->fk_menu=0;
else $menu->fk_menu=-1;
$menu->fk_mainmenu=$mainmenu;
$menu->fk_leftmenu=$leftmenu;
@ -123,7 +123,6 @@ if ($action == 'update')
{
setEventMessages($menu->error, $menu->errors, 'errors');
}
$_GET["menuId"] = $_POST['menuId'];
$action = "edit";
}
else
@ -148,9 +147,9 @@ if ($action == 'add')
}
$leftmenu=''; $mainmenu='';
if (! empty($_POST['menuId']) && ! is_numeric($_POST['menuId']))
if (GETPOST('menuId','int') && ! is_numeric(GETPOST('menuId','int')))
{
$tmp=explode('&',$_POST['menuId']);
$tmp=explode('&',GETPOST('menuId','int'));
foreach($tmp as $s)
{
if (preg_match('/fk_mainmenu=/',$s))
@ -197,7 +196,7 @@ if ($action == 'add')
$action = 'create';
$error++;
}
if (! $error && empty($_POST['menuId']) && $_POST['type'] == 'left')
if (! $error && ! $_POST['menuId'] && $_POST['type'] == 'left')
{
setEventMessages($langs->trans("ErrorLeftMenuMustHaveAParentId"), null, 'errors');
$action = 'create';
@ -207,23 +206,23 @@ if ($action == 'add')
if (! $error)
{
$menu = new Menubase($db);
$menu->menu_handler=preg_replace('/_menu$/','',$_POST['menu_handler']);
$menu->type=$_POST['type'];
$menu->titre=$_POST['titre'];
$menu->url=$_POST['url'];
$menu->langs=$_POST['langs'];
$menu->position=$_POST['position'];
$menu->enabled=$_POST['enabled'];
$menu->perms=$_POST['perms'];
$menu->target=$_POST['target'];
$menu->user=$_POST['user'];
if (is_numeric($_POST['menuId']))
$menu->menu_handler=preg_replace('/_menu$/','',GETPOST('menu_handler','aZ09'));
$menu->type=GETPOST('type','alpha');
$menu->titre=GETPOST('titre','alpha');
$menu->url=GETPOST('url','alpha');
$menu->langs=GETPOST('langs','alpha');
$menu->position=GETPOST('position','int');
$menu->enabled=GETPOST('enabled','alpha');
$menu->perms=GETPOST('perms','alpha');
$menu->target=GETPOST('target','alpha');
$menu->user=GETPOST('user','alpha');
if (is_numeric(GETPOST('menuId','int')))
{
$menu->fk_menu=$_POST['menuId'];
$menu->fk_menu=GETPOST('menuId','int');
}
else
{
if ($_POST['type'] == 'top') $menu->fk_menu=0;
if (GETPOST('type','alpha') == 'top') $menu->fk_menu=0;
else $menu->fk_menu=-1;
$menu->fk_mainmenu=$mainmenu;
$menu->fk_leftmenu=$leftmenu;
@ -232,7 +231,7 @@ if ($action == 'add')
$result=$menu->create($user);
if ($result > 0)
{
header("Location: ".DOL_URL_ROOT."/admin/menus/index.php?menu_handler=".$_POST['menu_handler']);
header("Location: ".DOL_URL_ROOT."/admin/menus/index.php?menu_handler=".GETPOST('menu_handler','aZ09'));
exit;
}
else
@ -305,17 +304,17 @@ if ($action == 'create')
</script>';
print load_fiche_titre($langs->trans("NewMenu"),'','title_setup');
print '<form action="./edit.php?action=add&menuId='.$_GET['menuId'].'" method="post" name="formmenucreate">';
print '<form action="./edit.php?action=add&menuId='.GETPOST('menuId', 'int').'" method="post" name="formmenucreate">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
dol_fiche_head();
print '<table class="border" width="100%">';
// Id
$parent_rowid = $_GET['menuId'];
if ($_GET['menuId'])
$parent_rowid = GETPOST('menuId', 'int');
if (GETPOST('menuId', 'int'))
{
$sql = "SELECT m.rowid, m.mainmenu, m.leftmenu, m.level, m.langs FROM ".MAIN_DB_PREFIX."menu as m WHERE m.rowid = ".GETPOST('menuId', 'int');
$res = $db->query($sql);
@ -375,40 +374,40 @@ if ($action == 'create')
}
else
{
print '<td><input type="text" size="48" id="menuId" name="menuId" value="'.($_POST["menuId"]?$_POST["menuId"]:'').'"></td>';
print '<td><input type="text" size="48" id="menuId" name="menuId" value="'.(GETPOST("menuId", 'int')?GETPOST("menuId", 'int'):'').'"></td>';
}
print '<td>'.$langs->trans('DetailMenuIdParent');
print ', '.$langs->trans("Example").': fk_mainmenu=abc&fk_leftmenu=def';
print '</td></tr>';
// Title
print '<tr><td class="fieldrequired">'.$langs->trans('Title').'</td><td><input type="text" size="30" name="titre" value="'.$_POST["titre"].'"></td><td>'.$langs->trans('DetailTitre').'</td></tr>';
print '<tr><td class="fieldrequired">'.$langs->trans('Title').'</td><td><input type="text" size="30" name="titre" value="'.dol_escape_htmltag(GETPOST("titre",'alpha')).'"></td><td>'.$langs->trans('DetailTitre').'</td></tr>';
// URL
print '<tr><td class="fieldrequired">'.$langs->trans('URL').'</td><td><input type="text" size="60" name="url" value="'.$_POST["url"].'"></td><td>'.$langs->trans('DetailUrl').'</td></tr>';
print '<tr><td class="fieldrequired">'.$langs->trans('URL').'</td><td><input type="text" size="60" name="url" value="'.GETPOST("url",'alpha').'"></td><td>'.$langs->trans('DetailUrl').'</td></tr>';
// Langs
print '<tr><td>'.$langs->trans('LangFile').'</td><td><input type="text" size="30" name="langs" value="'.$parent_langs.'"></td><td>'.$langs->trans('DetailLangs').'</td></tr>';
// Position
print '<tr><td>'.$langs->trans('Position').'</td><td><input type="text" size="5" name="position" value="'.(isset($_POST["position"])?$_POST["position"]:100).'"></td><td>'.$langs->trans('DetailPosition').'</td></tr>';
print '<tr><td>'.$langs->trans('Position').'</td><td><input type="text" size="5" name="position" value="'.dol_escape_htmltag(isset($_POST["position"])?$_POST["position"]:100).'"></td><td>'.$langs->trans('DetailPosition').'</td></tr>';
// Target
print '<tr><td>'.$langs->trans('Target').'</td><td><select class="flat" name="target">';
print '<option value=""'.($menu->target==""?' selected':'').'>'.$langs->trans('').'</option>';
print '<option value=""'.($menu->target==""?' selected':'').'>&nbsp;</option>';
print '<option value="_blank"'.($menu->target=="_blank"?' selected':'').'>'.$langs->trans('_blank').'</option>';
print '</select></td></td><td>'.$langs->trans('DetailTarget').'</td></tr>';
// Enabled
print '<tr><td>'.$langs->trans('Enabled').'</td><td><input type="text" size="60" name="enabled" value="'.$_POST["enabled"].'"></td><td>'.$langs->trans('DetailEnabled').'</td></tr>';
print '<tr><td>'.$langs->trans('Enabled').'</td><td><input type="text" size="60" name="enabled" value="'.GETPOST("enabled",'alpha').'"></td><td>'.$langs->trans('DetailEnabled').'</td></tr>';
// Perms
print '<tr><td>'.$langs->trans('Rights').'</td><td><input type="text" size="60" name="perms" value="'.$_POST["perms"].'"></td><td>'.$langs->trans('DetailRight').'</td></tr>';
print '<tr><td>'.$langs->trans('Rights').'</td><td><input type="text" size="60" name="perms" value="'.GETPOST('perms','alpha').'"></td><td>'.$langs->trans('DetailRight').'</td></tr>';
print '</table>';
dol_fiche_end();
// Boutons
print '<div class="center">';
print '<input type="submit" class="button" name="save" value="'.$langs->trans("Save").'">';
@ -426,14 +425,14 @@ elseif ($action == 'edit')
print '<form action="./edit.php?action=update" method="POST" name="formmenuedit">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="handler_origine" value="'.$menu_handler.'">';
print '<input type="hidden" name="menuId" value="'.$_GET['menuId'].'">';
print '<input type="hidden" name="menuId" value="'.GETPOST('menuId', 'int').'">';
dol_fiche_head();
print '<table class="border" width="100%">';
$menu = new Menubase($db);
$result=$menu->fetch($_GET['menuId']);
$result=$menu->fetch(GETPOST('menuId', 'int'));
//var_dump($menu);
// Id
@ -472,20 +471,20 @@ elseif ($action == 'edit')
//print '<tr><td>'.$langs->trans('Level').'</td><td>'.$menu->level.'</td><td>'.$langs->trans('DetailLevel').'</td></tr>';
// Title
print '<tr><td class="fieldrequired">'.$langs->trans('Title').'</td><td><input type="text" size="30" name="titre" value="'.$menu->titre.'"></td><td>'.$langs->trans('DetailTitre').'</td></tr>';
print '<tr><td class="fieldrequired">'.$langs->trans('Title').'</td><td><input type="text" size="30" name="titre" value="'.dol_escape_htmltag($menu->titre).'"></td><td>'.$langs->trans('DetailTitre').'</td></tr>';
// Url
print '<tr><td class="fieldrequired">'.$langs->trans('URL').'</td><td><input type="text" class="quatrevingtpercent" name="url" value="'.$menu->url.'"></td><td>'.$langs->trans('DetailUrl').'</td></tr>';
// Langs
print '<tr><td>'.$langs->trans('LangFile').'</td><td><input type="text" size="30" name="langs" value="'.$menu->langs.'"></td><td>'.$langs->trans('DetailLangs').'</td></tr>';
print '<tr><td>'.$langs->trans('LangFile').'</td><td><input type="text" size="30" name="langs" value="'.dol_escape_htmltag($menu->langs).'"></td><td>'.$langs->trans('DetailLangs').'</td></tr>';
// Position
print '<tr><td>'.$langs->trans('Position').'</td><td><input type="text" size="5" name="position" value="'.$menu->position.'"></td><td>'.$langs->trans('DetailPosition').'</td></tr>';
// Target
print '<tr><td>'.$langs->trans('Target').'</td><td><select class="flat" name="target">';
print '<option value=""'.($menu->target==""?' selected':'').'>'.$langs->trans('').'</option>';
print '<option value=""'.($menu->target==""?' selected':'').'>&nbsp;</option>';
print '<option value="_blank"'.($menu->target=="_blank"?' selected':'').'>'.$langs->trans('_blank').'</option>';
print '</select></td><td>'.$langs->trans('DetailTarget').'</td></tr>';
@ -502,7 +501,7 @@ elseif ($action == 'edit')
print '</table>';
dol_fiche_end();
// Bouton
print '<div class="center">';
print '<input type="submit" class="button" name="save" value="'.$langs->trans("Save").'">';

6
htdocs/compta/resultat/clientfourn.php
View File

@ -238,9 +238,11 @@ print "</tr>\n";
if ($modecompta == 'BOOKKEEPING')
{
$predefinedgroupwhere = "(";
$predefinedgroupwhere.= " (pcg_type = 'EXPENSE' and pcg_subtype in ('PRODUCT','SERVICE'))";
//$predefinedgroupwhere.= " (pcg_type = 'EXPENSE' and pcg_subtype in ('PRODUCT','SERVICE'))";
$predefinedgroupwhere.= " (pcg_type = 'EXPENSE')";
$predefinedgroupwhere.= " OR ";
$predefinedgroupwhere.= " (pcg_type = 'INCOME' and pcg_subtype in ('PRODUCT','SERVICE'))";
//$predefinedgroupwhere.= " (pcg_type = 'INCOME' and pcg_subtype in ('PRODUCT','SERVICE'))";
$predefinedgroupwhere.= " (pcg_type = 'INCOME')";
$predefinedgroupwhere.= ")";
$charofaccountstring = $conf->global->CHARTOFACCOUNTS;

6
htdocs/compta/resultat/index.php
View File

@ -818,9 +818,11 @@ if (! empty($conf->accounting->enabled) && ($modecompta == 'BOOKKEEPING'))
$sql.= " WHERE b.numero_compte = aa.account_number AND b.entity = ".$conf->entity;
//$sql.= " AND fk_statut in (1,2)";
$sql.= " AND (";
$sql.= " (pcg_type = 'EXPENSE' and pcg_subtype in ('PRODUCT','SERVICE'))";
//$sql.= " (pcg_type = 'EXPENSE' and pcg_subtype in ('PRODUCT','SERVICE'))";
$sql.= " (pcg_type = 'EXPENSE')";
$sql.= " OR ";
$sql.= " (pcg_type = 'INCOME' and pcg_subtype in ('PRODUCT','SERVICE'))";
//$sql.= " (pcg_type = 'INCOME' and pcg_subtype in ('PRODUCT','SERVICE'))";
$sql.= " (pcg_type = 'INCOME')";
$sql.= ")";
//$sql.= " AND code_journal in ('VT', 'AC')";
if (! empty($date_start) && ! empty($date_end))

9
htdocs/core/lib/accounting.lib.php
View File

@ -201,9 +201,10 @@ function journalHead($nom,$variante,$period,$periodlink,$description,$builddate,
$head[$h][1] = $langs->trans("Journalization");
$head[$h][2] = 'journal';
print '<form method="POST" action="'.$_SERVER["PHP_SELF"].$varlink.'">';
dol_fiche_head($head, 'journal');
print '<form method="POST" action="'.$_SERVER["PHP_SELF"].$varlink.'">';
foreach($moreparam as $key => $value)
{
print '<input type="hidden" name="'.$key.'" value="'.$value.'">';
@ -251,12 +252,12 @@ function journalHead($nom,$variante,$period,$periodlink,$description,$builddate,
print '</table>';
print '<br><div class="center"><input type="submit" class="button" name="submit" value="'.$langs->trans("Refresh").'"></div>';
dol_fiche_end();
print '<div class="center"><input type="submit" class="button" name="submit" value="'.$langs->trans("Refresh").'"></div>';
print '</form>';
dol_fiche_end();
print "\n<!-- fin cartouche journal -->\n\n";
}

11
htdocs/core/lib/functions.lib.php
View File

@ -3263,7 +3263,12 @@ function dol_print_error($db='',$error='',$errors=null)
}
if (empty($dolibarr_main_prod)) print $out;
else define("MAIN_CORE_ERROR", 1);
else
{
print $langs->trans("DolibarrHasDetectedError").'. ';
print $langs->trans("YouCanSetOptionDolibarrMainProdToZero");
define("MAIN_CORE_ERROR", 1);
}
//else print 'Sorry, an error occured but the parameter $dolibarr_main_prod is defined in conf file so no message is reported to your browser. Please read the log file for error message.';
dol_syslog("Error ".$syslog, LOG_ERR);
}
@ -3590,7 +3595,9 @@ function print_barre_liste($titre, $page, $file, $options='', $sortfield='', $so
$pagelist.= '<li'.(($conf->dol_use_jmobile != 4)?' class="pagination"':'').'><span '.(($conf->dol_use_jmobile != 4)?'class="active"':'').'>'.($page+1)."</li>";
}
}
print_fleche_navigation($page, $file, $options, $nextpage, $pagelist, $morehtml, $savlimit, $totalnboflines, $hideselectlimit); // output the div and ul for previous/last completed with page numbers into $pagelist
print '</td>';
print '</tr></table>'."\n";
@ -6209,6 +6216,8 @@ function natural_search($fields, $value, $mode=0, $nofirstand=0)
{
global $db,$langs;
$value=trim($value);
if ($mode == 0)
{
$value=preg_replace('/\*/','%',$value); // Replace * with %

7
htdocs/core/modules/commande/mod_commande_saphir.php
View File

@ -88,9 +88,12 @@ class mod_commande_saphir extends ModeleNumRefCommandes
global $conf,$langs,$mysoc;
$old_code_client=$mysoc->code_client;
$old_code_type=$mysoc->typent_code;
$mysoc->code_client='CCCCCCCCCC';
$mysoc->typent_code='TTTTTTTTTT';
$numExample = $this->getNextValue($mysoc,'');
$mysoc->code_client=$old_code_client;
$mysoc->typent_code=$old_code_type;
if (! $numExample)
{
@ -121,7 +124,9 @@ class mod_commande_saphir extends ModeleNumRefCommandes
return 0;
}
$numFinal=get_next_value($db,$mask,'commande','ref','',$objsoc,$object->date);
$date = ($object->date_commande ? $object->date_commande : $object->date);
$numFinal=get_next_value($db,$mask,'commande','ref','',$objsoc,$date);
return $numFinal;
}

7
htdocs/core/modules/expedition/mod_expedition_ribera.php
View File

@ -79,9 +79,12 @@ class mod_expedition_ribera extends ModelNumRefExpedition
global $conf,$langs,$mysoc;
$old_code_client=$mysoc->code_client;
$old_code_type=$mysoc->typent_code;
$mysoc->code_client='CCCCCCCCCC';
$mysoc->typent_code='TTTTTTTTTT';
$numExample = $this->getNextValue($mysoc,'');
$mysoc->code_client=$old_code_client;
$mysoc->typent_code=$old_code_type;
if (! $numExample)
{
@ -111,7 +114,9 @@ class mod_expedition_ribera extends ModelNumRefExpedition
return 0;
}
$numFinal=get_next_value($db,$mask,'expedition','ref','',$objsoc->code_client,$shipment->date_expedition);
$date = $shipment->date_expedition;
$numFinal=get_next_value($db,$mask,'expedition','ref','',$objsoc,$date);
return $numFinal;
}

7
htdocs/core/modules/propale/mod_propale_saphir.php
View File

@ -88,9 +88,12 @@ class mod_propale_saphir extends ModeleNumRefPropales
global $conf,$langs,$mysoc;
$old_code_client=$mysoc->code_client;
$old_code_type=$mysoc->typent_code;
$mysoc->code_client='CCCCCCCCCC';
$mysoc->typent_code='TTTTTTTTTT';
$numExample = $this->getNextValue($mysoc,'');
$mysoc->code_client=$old_code_client;
$mysoc->typent_code=$old_code_type;
if (! $numExample)
{
@ -121,8 +124,8 @@ class mod_propale_saphir extends ModeleNumRefPropales
return 0;
}
$date=$propal->datep;
$customercode=$objsoc->code_client;
$date = $propal->date;
$numFinal=get_next_value($db,$mask,'propal','ref','',$objsoc,$date);
return $numFinal;

29
htdocs/document.php
View File

@ -110,7 +110,7 @@ if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart');
$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $refname);
$accessallowed = $check_access['accessallowed'];
$sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
$original_file = $check_access['original_file']; // original_file is now a full path name
$fullpath_original_file = $check_access['original_file']; // $fullpath_original_file is now a full path name
// Basic protection (against external users only)
if ($user->societe_id > 0)
@ -137,36 +137,35 @@ if ($user->societe_id > 0)
}
// Security:
// Limite acces si droits non corrects
// Limit access if permissions are wrong
if (! $accessallowed)
{
accessforbidden();
}
// Security:
// On interdit les remontees de repertoire ainsi que les pipe dans
// les noms de fichiers.
if (preg_match('/\.\./',$original_file) || preg_match('/[<>|]/',$original_file))
// On interdit les remontees de repertoire ainsi que les pipe dans les noms de fichiers.
if (preg_match('/\.\./',$fullpath_original_file) || preg_match('/[<>|]/',$fullpath_original_file))
{
dol_syslog("Refused to deliver file ".$original_file);
$file=basename($original_file); // Do no show plain path of original_file in shown error message
dol_print_error(0,$langs->trans("ErrorFileNameInvalid",$file));
dol_syslog("Refused to deliver file ".$fullpath_original_file);
print "ErrorFileNameInvalid: ".$original_file;
exit;
}
clearstatcache();
$filename = basename($original_file);
$filename = basename($fullpath_original_file);
// Output file on browser
dol_syslog("document.php download $original_file $filename content-type=$type");
$original_file_osencoded=dol_osencode($original_file); // New file name encoded in OS encoding charset
dol_syslog("document.php download $fullpath_original_file filename=$filename content-type=$type");
$fullpath_original_file_osencoded=dol_osencode($fullpath_original_file); // New file name encoded in OS encoding charset
// This test if file exists should be useless. We keep it to find bug more easily
if (! file_exists($original_file_osencoded))
if (! file_exists($fullpath_original_file_osencoded))
{
dol_print_error(0,$langs->trans("ErrorFileDoesNotExists",$original_file));
dol_syslog("ErrorFileDoesNotExists: ".$fullpath_original_file);
print "ErrorFileDoesNotExists: ".$original_file;
exit;
}
@ -177,7 +176,7 @@ if ($encoding) header('Content-Encoding: '.$encoding);
// Add MIME Content-Disposition from RFC 2183 (inline=automatically displayed, atachment=need user action to open)
if ($attachment) header('Content-Disposition: attachment; filename="'.$filename.'"');
else header('Content-Disposition: inline; filename="'.$filename.'"');
header('Content-Length: ' . dol_filesize($original_file));
header('Content-Length: ' . dol_filesize($fullpath_original_file));
// Ajout directives pour resoudre bug IE
header('Cache-Control: Public, must-revalidate');
header('Pragma: public');
@ -185,6 +184,6 @@ header('Pragma: public');
//ob_clean();
//flush();
readfile($original_file_osencoded);
readfile($fullpath_original_file_osencoded);
if (is_object($db)) $db->close();

6
htdocs/don/card.php
View File

@ -345,7 +345,7 @@ if ($action == 'create')
// Public note
print '<tr>';
print '<td class="border" valign="top">' . $langs->trans('NotePublic') . '</td>';
print '<td class="tdtop">' . $langs->trans('NotePublic') . '</td>';
print '<td>';
$doleditor = new DolEditor('note_public', $note_public, '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
@ -355,7 +355,7 @@ if ($action == 'create')
// Private note
if (empty($user->societe_id)) {
print '<tr>';
print '<td class="border" valign="top">' . $langs->trans('NotePrivate') . '</td>';
print '<td class="tdtop">' . $langs->trans('NotePrivate') . '</td>';
print '<td>';
$doleditor = new DolEditor('note_private', $note_private, '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
@ -542,7 +542,7 @@ if (! empty($id) && $action != 'edit')
$hselected='card';
$head = donation_prepare_head($object);
dol_fiche_head($head, $hselected, $langs->trans("Donation"), 0, 'generic');
dol_fiche_head($head, $hselected, $langs->trans("Donation"), -1, 'generic');
// Print form confirm
print $formconfirm;

18
htdocs/don/document.php
View File

@ -104,7 +104,7 @@ if ($object->id)
$head=donation_prepare_head($object);
dol_fiche_head($head, 'documents', $langs->trans("Donation"), 0, 'generic');
dol_fiche_head($head, 'documents', $langs->trans("Donation"), -1, 'generic');
// Construit liste des fichiers
@ -116,7 +116,7 @@ if ($object->id)
}
$linkback = '<a href="'.DOL_URL_ROOT.'/don/list.php'.(! empty($socid)?'?socid='.$socid:'').'">'.$langs->trans("BackToList").'</a>';
$morehtmlref='<div class="refidno">';
// Project
if (! empty($conf->projet->enabled))
@ -151,13 +151,13 @@ if ($object->id)
}
}
$morehtmlref.='</div>';
dol_banner_tab($object, 'rowid', $linkback, 1, 'rowid', 'ref', $morehtmlref);
print '<div class="fichecenter">';
print '<div class="underbanner clearboth"></div>';
print '<table class="border" width="100%">';
// Ref
@ -166,7 +166,7 @@ if ($object->id)
print $form->showrefnav($object, 'id', $linkback, 1, 'rowid', 'ref', '');
print '</td></tr>';
*/
// Societe
//print "<tr><td>".$langs->trans("Company")."</td><td>".$object->client->getNomUrl(1)."</td></tr>";
@ -175,9 +175,9 @@ if ($object->id)
print '</table>';
print '</div>';
print '<div class="clearboth"></div>';
dol_fiche_end();
$modulepart = 'don';

4
htdocs/don/info.php
View File

@ -67,7 +67,7 @@ $object->info($id);
$head = donation_prepare_head($object);
dol_fiche_head($head, 'info', $langs->trans("Donation"), 0, 'generic');
dol_fiche_head($head, 'info', $langs->trans("Donation"), -1, 'generic');
$linkback = '<a href="'.DOL_URL_ROOT.'/don/list.php'.(! empty($socid)?'?socid='.$socid:'').'">'.$langs->trans("BackToList").'</a>';
@ -116,7 +116,7 @@ print '<br>';
print '<table width="100%"><tr><td>';
dol_print_object_info($object);
print '</td></tr></table>';
print '</div>';
dol_fiche_end();

22
htdocs/don/list.php
View File

@ -42,7 +42,7 @@ $pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="d.datedon";
$statut=isset($_GET["statut"])?$_GET["statut"]:"-1";
$statut=(GETPOST("statut",'intcomma')!='')?GETPOST("statut",'intcomma'):"-1";
$search_all=GETPOST('sall', 'alphanohtml');
$search_ref=GETPOST('search_ref','alpha');
$search_company=GETPOST('search_company','alpha');
@ -90,13 +90,13 @@ $sql.= " d.amount, d.fk_statut as statut, ";
$sql.= " p.rowid as pid, p.ref, p.title, p.public";
$sql.= " FROM ".MAIN_DB_PREFIX."don as d LEFT JOIN ".MAIN_DB_PREFIX."projet AS p";
$sql.= " ON p.rowid = d.fk_projet WHERE 1 = 1";
if ($statut >= 0)
if ($statut != '' && $statut != '-1')
{
$sql .= " AND d.fk_statut = ".$statut;
$sql .= " AND d.fk_statut IN (".$statut.")";
}
if (trim($search_ref) != '')
{
$sql.= ' AND d.rowid LIKE \'%'.$db->escape(trim($search_ref)) . '%\'';
$sql.= natural_search('d.ref',$search_ref);
}
if (trim($search_all) != '')
{
@ -110,7 +110,7 @@ if (trim($search_name) != '')
{
$sql .= natural_search(array('d.lastname', 'd.firstname'), $search_name);
}
if ($search_amount) $sql.= natural_search(array('d.amount'), price2num(trim($search_amount)), 1);
if ($search_amount) $sql.= natural_search('d.amount', $search_amount, 1);
$sql.= $db->order($sortfield,$sortorder);
$nbtotalofrecords = '';
@ -131,17 +131,7 @@ if ($resql)
//if ($page > 0) $param.= '&page='.$page;
if ($optioncss != '') $param.='&optioncss='.$optioncss;
if ($statut >= 0)
{
$donationstatic->statut=$statut;
$label=$donationstatic->getLibStatut(0);
print_barre_liste($langs->trans("Donations"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num,$nbtotalofrecords);
}
else
{
print_barre_liste($langs->trans("Donations"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num,$nbtotalofrecords);
}
print_barre_liste($langs->trans("Donations"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num,$nbtotalofrecords);
print '<form method="get" action="'.$_SERVER["PHP_SELF"].'">'."\n";
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';

2
htdocs/don/note.php
View File

@ -84,7 +84,7 @@ if ($id > 0 || ! empty($ref))
$head = donation_prepare_head($object);
dol_fiche_head($head, 'note', $langs->trans("Donation"), 0, 'generic');
dol_fiche_head($head, 'note', $langs->trans("Donation"), -1, 'generic');
$linkback = '<a href="'.DOL_URL_ROOT.'/don/list.php'.(! empty($socid)?'?socid='.$socid:'').'">'.$langs->trans("BackToList").'</a>';

1190
htdocs/install/mysql/data/llx_accounting.sql
View File

File diff suppressed because it is too large Load Diff

9
htdocs/install/mysql/data/llx_accounting_category.sql
View File

@ -17,7 +17,8 @@
--
-- Group of accounting account for French result
INSERT INTO llx_c_accounting_category (rowid, code, label, range_account, sens, category_type, formula, position, fk_country, active) VALUES ( 1, 'VTE', 'Income of products', '707xxx', 0, 0, '', '10', 1, 1);
INSERT INTO llx_c_accounting_category (rowid, code, label, range_account, sens, category_type, formula, position, fk_country, active) VALUES ( 2, 'MAR', 'Expenses of products', '603xxx - 607xxx - 609xxx', 0, 0, '', '20', 1, 1);
INSERT INTO llx_c_accounting_category (rowid, code, label, range_account, sens, category_type, formula, position, fk_country, active) VALUES ( 3, 'MARGE', 'Commercial margin', '', 0, 1, 'VTE+MAR', '30', 1, 1);
-- Group of accounting account for French result. This is a minimal default setup.
INSERT INTO llx_c_accounting_category (rowid, code, label, range_account, sens, category_type, formula, position, fk_country, active) VALUES ( 1, 'VENTES', 'Income of products/services', 'Exemple: 7xxxxx', 0, 0, '', '10', 1, 1);
INSERT INTO llx_c_accounting_category (rowid, code, label, range_account, sens, category_type, formula, position, fk_country, active) VALUES ( 2, 'DEPENSES', 'Expenses of products/services', 'Exemple: 6xxxxx', 0, 0, '', '20', 1, 1);
INSERT INTO llx_c_accounting_category (rowid, code, label, range_account, sens, category_type, formula, position, fk_country, active) VALUES ( 3, 'PROFIT', 'Balance', '', 0, 1, 'VENTES+DEPENSES', '30', 1, 1);

5
htdocs/install/mysql/migration/5.0.0-6.0.0.sql
View File

@ -24,6 +24,8 @@
-- -- VPGSQL8.2 DELETE FROM llx_usergroup_user WHERE fk_user NOT IN (SELECT rowid from llx_user);
-- -- VMYSQL4.1 DELETE FROM llx_usergroup_user WHERE fk_usergroup NOT IN (SELECT rowid from llx_usergroup);
ALTER TABLE llx_holiday_config MODIFY COLUMN name varchar(128);
ALTER TABLE llx_supplier_proposaldet CHANGE COLUMN fk_askpricesupplier fk_supplier_proposal integer NOT NULL;
@ -326,7 +328,8 @@ ALTER TABLE llx_expensereport_det ADD COLUMN vat_src_code varchar(10) DEFAULT '
DELETE FROM llx_const WHERE name = __ENCRYPT('ADHERENT_BANK_USE_AUTO')__;
UPDATE llx_const SET value = __ENCRYPT('moono-lisa')__ WHERE value = __ENCRYPT('moono')__ AND name = __ENCRYPT('FCKEDITOR_SKIN')__;
UPDATE llx_const SET value = __ENCRYPT('moono-lisa')__ WHERE value = __ENCRYPT('moono')__ AND name = __ENCRYPT('FCKEDITOR_SKIN')__;
DELETE FROM llx_document_model where nom = 'fsfe.fr.php' and type='donation';
ALTER TABLE llx_product_price ADD COLUMN default_vat_code varchar(10) AFTER tva_tx;
ALTER TABLE llx_product_fournisseur_price ADD COLUMN default_vat_code varchar(10) AFTER tva_tx;

24
htdocs/install/mysql/migration/6.0.0-7.0.0.sql
View File

@ -25,11 +25,25 @@
-- -- VMYSQL4.1 DELETE FROM llx_usergroup_user WHERE fk_usergroup NOT IN (SELECT rowid from llx_usergroup);
INSERT INTO llx_c_accounting_category (rowid, code, label, range_account, sens, category_type, formula, position, fk_country, active) VALUES ( 1, 'VTE', 'Income of products', '707xxx', 0, 0, '', '10', 1, 1);
INSERT INTO llx_c_accounting_category (rowid, code, label, range_account, sens, category_type, formula, position, fk_country, active) VALUES ( 2, 'MAR', 'Expenses of products', '603xxx - 607xxx - 609xxx', 0, 0, '', '20', 1, 1);
INSERT INTO llx_c_accounting_category (rowid, code, label, range_account, sens, category_type, formula, position, fk_country, active) VALUES ( 3, 'MARGE', 'Commercial margin', '', 0, 1, 'VTE+MAR', '30', 1, 1);
-- Missing in 6.0 ?
ALTER TABLE llx_product_price ADD COLUMN fk_multicurrency integer;
ALTER TABLE llx_product_price ADD COLUMN multicurrency_code varchar(255);
ALTER TABLE llx_product_price ADD COLUMN multicurrency_tx double(24,8) DEFAULT 1;
ALTER TABLE llx_product_price ADD COLUMN multicurrency_price double(24,8) DEFAULT NULL;
ALTER TABLE llx_product_price ADD COLUMN multicurrency_price_ttc double(24,8) DEFAULT NULL;
UPDATE llx_c_accounting_category set formula = 'VTE+MAR' where code = 'MARGE';
ALTER TABLE llx_website_page ADD COLUMN fk_user_create integer;
ALTER TABLE llx_website_page ADD COLUMN fk_user_modif integer;
INSERT INTO llx_c_accounting_category (rowid, code, label, range_account, sens, category_type, formula, position, fk_country, active) VALUES ( 1, 'VENTES', 'Income of products/services', 'Exemple: 7xxxxx', 0, 0, '', '10', 1, 1);
INSERT INTO llx_c_accounting_category (rowid, code, label, range_account, sens, category_type, formula, position, fk_country, active) VALUES ( 2, 'DEPENSES', 'Expenses of products/services', 'Exemple: 6xxxxx', 0, 0, '', '20', 1, 1);
INSERT INTO llx_c_accounting_category (rowid, code, label, range_account, sens, category_type, formula, position, fk_country, active) VALUES ( 3, 'PROFIT', 'Balance', '', 0, 1, 'VENTES+DEPENSES', '30', 1, 1);
UPDATE llx_c_accounting_category set code = 'VENTES', range_account='7xxxxx' where code = 'VTE';
UPDATE llx_c_accounting_category set code = 'DEPENSES', range_account='6xxxxx' where code = 'MAR';
UPDATE llx_c_accounting_category set code = 'PROFIT', range_account='Balance', formula = 'VENTES+DEPENSES' where code = 'MARGE';
ALTER TABLE llx_menu MODIFY COLUMN perms text;
@ -41,7 +55,9 @@ ALTER TABLE llx_mailing MODIFY COLUMN langs varchar(64);
ALTER TABLE llx_facture_fourn ADD COLUMN date_pointoftax date DEFAULT NULL;
ALTER TABLE llx_facture_fourn ADD COLUMN date_valid date;
ALTER TABLE llx_website MODIFY COLUMN ref varchar(128);
ALTER TABLE llx_website_page MODIFY COLUMN pageurl varchar(255);
ALTER TABLE llx_website_page ADD COLUMN lang varchar(6);
ALTER TABLE llx_website_page ADD COLUMN fk_page integer;

2
htdocs/install/mysql/migration/repair.sql
View File

@ -41,6 +41,8 @@
-- VMYSQLUTF8UNICODECI ALTER TABLE llx_product MODIFY accountancy_code_sell VARCHAR(32) COLLATE utf8_unicode_ci;
-- VMYSQLUTF8UNICODECI ALTER TABLE llx_product MODIFY accountancy_code_buy VARCHAR(32) CHARACTER SET utf8;
-- VMYSQLUTF8UNICODECI ALTER TABLE llx_product MODIFY accountancy_code_buy VARCHAR(32) COLLATE utf8_unicode_ci;
-- VMYSQLUTF8UNICODECI ALTER TABLE llx_c_type_fees MODIFY accountancy_code VARCHAR(32) CHARACTER SET utf8;
-- VMYSQLUTF8UNICODECI ALTER TABLE llx_c_type_fees MODIFY accountancy_code VARCHAR(32) COLLATE utf8_unicode_ci;
-- VMYSQL4.1 SET sql_mode = 'ALLOW_INVALID_DATES';

4
htdocs/langs/en_US/accountancy.lang
View File

@ -187,7 +187,7 @@ UnknownAccountForThirdpartyBlocking=Unknown third party account. Blocking error
Pcgtype=Group of account
Pcgsubtype=Subgroup of account
PcgtypeDesc=Group and subgroup of account are used as predefined 'filter' and 'grouping' criterias for some accounting reports. For example, 'INCOME' or 'EXPENSE' are used as group for accounting account products to build the expense/income report.
PcgtypeDesc=Group and subgroup of account are used as predefined 'filter' and 'grouping' criterias for some accounting reports. For example, 'INCOME' or 'EXPENSE' are used as groups for accounting accounts of products to build the expense/income report.
TotalVente=Total turnover before tax
TotalMarge=Total sales margin
@ -219,7 +219,7 @@ ChangeBinding=Change the binding
## Admin
ApplyMassCategories=Apply mass categories
AddAccountFromBookKeepingWithNoCategories=Add acccount already used with no categories
AddAccountFromBookKeepingWithNoCategories=Available acccount not yet in a personalized group
CategoryDeleted=Category for the accounting account has been removed
AccountingJournals=Accounting journals
AccountingJournal=Accounting journal

4
htdocs/langs/en_US/compta.lang
View File

@ -154,8 +154,8 @@ RulesResultDue=- It includes outstanding invoices, expenses, VAT, donations whet
RulesResultInOut=- It includes the real payments made on invoices, expenses, VAT and salaries. <br>- It is based on the payment dates of the invoices, expenses, VAT and salaries. The donation date for donation.
RulesCADue=- It includes the client's due invoices whether they are paid or not. <br>- It is based on the validation date of these invoices.<br>
RulesCAIn=- It includes all the effective payments of invoices received from clients.<br>- It is based on the payment date of these invoices<br>
RulesAmountOnInOutBookkeepingRecord=It includes record in your Ledger with accounting accounts that has the group "EXPENSE/PRODUCT|SERVICE" or "INCOME/PRODUCT|SERVICE"
RulesResultBookkeepingPredefined=It includes record in your Ledger with accounting accounts that has the group "EXPENSE/PRODUCT|SERVICE" or "INCOME/PRODUCT|SERVICE"
RulesAmountOnInOutBookkeepingRecord=It includes record in your Ledger with accounting accounts that has the group "EXPENSE" or "INCOME"
RulesResultBookkeepingPredefined=It includes record in your Ledger with accounting accounts that has the group "EXPENSE" or "INCOME"
RulesResultBookkeepingPersonalized=It show record in your Ledger with accounting accounts <b>grouped by personalized groups</b>
SeePageForSetup=See menu <a href="%s">%s</a> for setup
DepositsAreNotIncluded=- Down payment invoices are nor included

3
htdocs/langs/en_US/main.lang
View File

@ -103,7 +103,8 @@ RequestLastAccessInError=Latest database access request error
ReturnCodeLastAccessInError=Return code for latest database access request error
InformationLastAccessInError=Information for latest database access request error
DolibarrHasDetectedError=Dolibarr has detected a technical error
InformationToHelpDiagnose=This information can be useful for diagnostic purposes
YouCanSetOptionDolibarrMainProdToZero=You can read log file or set option $dolibarr_main_prod to '0' in your config file to get more information.
InformationToHelpDiagnose=This information can be useful for diagnostic purposes (you can set option $dolibarr_main_prod to '1' to remove such notices)
MoreInformation=More information
TechnicalInformation=Technical information
TechnicalID=Technical ID

52
htdocs/main.inc.php
View File

@ -77,38 +77,44 @@ if (function_exists('get_magic_quotes_gpc')) // magic_quotes_* deprecated in PHP
*/
function test_sql_and_script_inject($val, $type)
{
$sql_inj = 0;
$inj = 0;
// For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
if ($type != 2)
{
$sql_inj += preg_match('/delete\s+from/i', $val);
$sql_inj += preg_match('/create\s+table/i', $val);
$sql_inj += preg_match('/update.+set.+=/i', $val);
$sql_inj += preg_match('/insert\s+into/i', $val);
$sql_inj += preg_match('/select.+from/i', $val);
$sql_inj += preg_match('/union.+select/i', $val);
$sql_inj += preg_match('/into\s+(outfile|dumpfile)/i', $val);
$sql_inj += preg_match('/(\.\.%2f)+/i', $val);
$inj += preg_match('/delete\s+from/i', $val);
$inj += preg_match('/create\s+table/i', $val);
$inj += preg_match('/update.+set.+=/i', $val);
$inj += preg_match('/insert\s+into/i', $val);
$inj += preg_match('/select.+from/i', $val);
$inj += preg_match('/union.+select/i', $val);
$inj += preg_match('/into\s+(outfile|dumpfile)/i', $val);
$inj += preg_match('/(\.\.%2f)+/i', $val);
}
// For XSS Injection done by adding javascript with script
// This is all cases a browser consider text is javascript:
// When it found '<script', 'javascript:', '<style', 'onload\s=' on body tag, '="&' on a tag size with old browsers
// All examples on page: http://ha.ckers.org/xss.html#XSScalc
$sql_inj += preg_match('/<script/i', $val);
if (! defined('NOSTYLECHECK')) $sql_inj += preg_match('/<style/i', $val);
$sql_inj += preg_match('/base[\s]+href/si', $val);
$sql_inj += preg_match('/<.*onmouse/si', $val); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
$sql_inj += preg_match('/onerror\s*=/i', $val); // onerror can be set on img or any html tag like <img title='...' onerror = alert(1)>
$sql_inj += preg_match('/onfocus\s*=/i', $val); // onfocus can be set on input text html tag like <input type='text' value='...' onfocus = alert(1)>
if ($type == 1)
{
$sql_inj += preg_match('/javascript:/i', $val);
$sql_inj += preg_match('/vbscript:/i', $val);
}
// More on https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
$inj += preg_match('/<script/i', $val);
$inj += preg_match('/<iframe/i', $val);
$inj += preg_match('/Set\.constructor/i', $val); // ECMA script 6
if (! defined('NOSTYLECHECK')) $inj += preg_match('/<style/i', $val);
$inj += preg_match('/base[\s]+href/si', $val);
$inj += preg_match('/<.*onmouse/si', $val); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
$inj += preg_match('/onerror\s*=/i', $val); // onerror can be set on img or any html tag like <img title='...' onerror = alert(1)>
$inj += preg_match('/onfocus\s*=/i', $val); // onfocus can be set on input text html tag like <input type='text' value='...' onfocus = alert(1)>
$inj += preg_match('/onload\s*=/i', $val); // onload can be set on svg tag <svg/onload=alert(1)> or other tag like body <body onload=alert(1)>
//$inj += preg_match('/on[A-Z][a-z]+\*=/', $val); // To lock event handlers onAbort(), ...
$inj += preg_match('/&#58;|&#0000058|&#x3A/i', $val); // refused string ':' encoded (no reason to have it encoded) to lock 'javascript:...'
//if ($type == 1)
//{
$inj += preg_match('/javascript:/i', $val);
$inj += preg_match('/vbscript:/i', $val);
//}
// For XSS Injection done by adding javascript closing html tags like with onmousemove, etc... (closing a src or href tag with not cleaned param)
if ($type == 1) $sql_inj += preg_match('/"/i', $val); // We refused " in GET parameters value
if ($type == 2) $sql_inj += preg_match('/[;"]/', $val); // PHP_SELF is a file system path. It can contains spaces.
return $sql_inj;
if ($type == 1) $inj += preg_match('/"/i', $val); // We refused " in GET parameters value
if ($type == 2) $inj += preg_match('/[;"]/', $val); // PHP_SELF is a file system path. It can contains spaces.
return $inj;
}
/**

3
htdocs/projet/activity/perday.php
View File

@ -341,6 +341,9 @@ $param='';
$param.=($mode?'&mode='.$mode:'');
$param.=($search_project_ref?'&search_project_ref='.$search_project_ref:'');
$param.=($search_userassignedid > 0?'&search_userassignedid='.$search_usertoprocessid:'');
$param.=($search_thirdparty?'&search_thirdparty='.$search_thirdparty:'');
$param.=($search_task_ref?'&search_task_ref='.$search_task_ref:'');
$param.=($search_task_label?'&search_task_label='.$search_task_label:'');
// Show navigation bar
$nav ='<a class="inline-block valignmiddle" href="?year='.$prev_year."&amp;month=".$prev_month."&amp;day=".$prev_day.$param.'">'.img_previous($langs->trans("Previous"))."</a>\n";

3
htdocs/projet/activity/perweek.php
View File

@ -337,6 +337,9 @@ $param='';
$param.=($mode?'&mode='.$mode:'');
$param.=($search_project_ref?'&search_project_ref='.$search_project_ref:'');
$param.=($search_usertoprocessid > 0?'&search_usertoprocessid='.$search_usertoprocessid:'');
$param.=($search_thirdparty?'&search_thirdparty='.$search_thirdparty:'');
$param.=($search_task_ref?'&search_task_ref='.$search_task_ref:'');
$param.=($search_task_label?'&search_task_label='.$search_task_label:'');
// Show navigation bar
$nav ='<a class="inline-block valignmiddle" href="?year='.$prev_year."&month=".$prev_month."&day=".$prev_day.$param.'">'.img_previous($langs->trans("Previous"))."</a>\n";

3
htdocs/user/logout.php
View File

@ -35,7 +35,8 @@ require_once '../main.inc.php';
// This can happen only with a bookmark or forged url call.
if (!empty($_SESSION["dol_authmode"]) && ($_SESSION["dol_authmode"] == 'forceuser' || $_SESSION["dol_authmode"] == 'http'))
{
die("Disconnection does not work when connection was made in mode ".$_SESSION["dol_authmode"]);
unset($_SESSION["dol_login"]);
die("Applicative disconnection should be useless when connection was made in mode ".$_SESSION["dol_authmode"]);
}
global $conf, $langs, $user;

27
htdocs/viewimage.php
View File

@ -113,7 +113,7 @@ if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart');
$check_access = dol_check_secure_access_document($modulepart,$original_file,$entity,$refname);
$accessallowed = $check_access['accessallowed'];
$sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
$original_file = $check_access['original_file'];
$fullpath_original_file = $check_access['original_file'];
// Security:
// Limit access if permissions are wrong
@ -124,11 +124,10 @@ if (! $accessallowed)
// Security:
// On interdit les remontees de repertoire ainsi que les pipe dans les noms de fichiers.
if (preg_match('/\.\./',$original_file) || preg_match('/[<>|]/',$original_file))
if (preg_match('/\.\./',$fullpath_original_file) || preg_match('/[<>|]/',$fullpath_original_file))
{
dol_syslog("Refused to deliver file ".$original_file, LOG_WARNING);
// Do no show plain path in shown error message
dol_print_error(0,'Error: File '.$_GET["file"].' does not exists');
dol_syslog("Refused to deliver file ".$fullpath_original_file);
print "ErrorFileNameInvalid: ".$original_file;
exit;
}
@ -143,7 +142,7 @@ if ($modulepart == 'barcode')
if (empty($generator) || empty($encoding))
{
dol_print_error(0,'Error, parameter "generator" or "encoding" not defined');
print 'Error: Parameter "generator" or "encoding" not defined';
exit;
}
@ -176,14 +175,13 @@ else // Open and return file
clearstatcache();
// Output files on browser
dol_syslog("viewimage.php return file $original_file content-type=$type");
dol_syslog("viewimage.php return file $fullpath_original_file content-type=$type");
// This test is to avoid error images when image is not available (for example thumbs).
if (! dol_is_file($original_file) && empty($_GET["noalt"]))
if (! dol_is_file($fullpath_original_file) && empty($_GET["noalt"]))
{
$original_file=DOL_DOCUMENT_ROOT.'/public/theme/common/nophoto.png';
$fullpath_original_file=DOL_DOCUMENT_ROOT.'/public/theme/common/nophoto.png';
/*$error='Error: File '.$_GET["file"].' does not exists or filesystems permissions are not allowed';
dol_print_error(0,$error);
print $error;
exit;*/
}
@ -192,16 +190,17 @@ else // Open and return file
if ($type)
{
top_httphead($type);
header('Content-Disposition: inline; filename="'.basename($original_file).'"');
header('Content-Disposition: inline; filename="'.basename($fullpath_original_file).'"');
}
else
{
top_httphead('image/png');
header('Content-Disposition: inline; filename="'.basename($original_file).'"');
header('Content-Disposition: inline; filename="'.basename($fullpath_original_file).'"');
}
$original_file_osencoded=dol_osencode($original_file);
readfile($original_file_osencoded);
$fullpath_original_file_osencoded=dol_osencode($fullpath_original_file);
readfile($fullpath_original_file_osencoded);
}

182
test/phpunit/CoreTest.php
View File

@ -137,7 +137,7 @@ class CoreTest extends PHPUnit_Framework_TestCase
global $dolibarr_main_db_type;
global $dolibarr_main_db_prefix;
$testtodo=3;
$testtodo=0;
// Case 1:
// Test for subdir dolibarrnew (that point to htdocs) in root directory /var/www
@ -217,9 +217,12 @@ class CoreTest extends PHPUnit_Framework_TestCase
// Force to rerun filefunc.inc.php
include dirname(__FILE__).'/../../htdocs/filefunc.inc.php';
print __METHOD__." DOL_MAIN_URL_ROOT=".DOL_MAIN_URL_ROOT."\n";
print __METHOD__." DOL_URL_ROOT=".DOL_URL_ROOT."\n";
$this->assertEquals($expectedresult, DOL_URL_ROOT);
if ($testtodo != 0)
{
print __METHOD__." DOL_MAIN_URL_ROOT=".DOL_MAIN_URL_ROOT."\n";
print __METHOD__." DOL_URL_ROOT=".DOL_URL_ROOT."\n";
$this->assertEquals($expectedresult, DOL_URL_ROOT);
}
return true;
}
@ -256,59 +259,138 @@ class CoreTest extends PHPUnit_Framework_TestCase
*/
function test_sql_and_script_inject($val, $type)
{
$sql_inj = 0;
// For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
if ($type != 2)
{
$sql_inj += preg_match('/delete\s+from/i', $val);
$sql_inj += preg_match('/create\s+table/i', $val);
$sql_inj += preg_match('/update.+set.+=/i', $val);
$sql_inj += preg_match('/insert\s+into/i', $val);
$sql_inj += preg_match('/select.+from/i', $val);
$sql_inj += preg_match('/union.+select/i', $val);
$sql_inj += preg_match('/into\s+(outfile|dumpfile)/i', $val);
$sql_inj += preg_match('/(\.\.%2f)+/i', $val);
}
// For XSS Injection done by adding javascript with script
// This is all cases a browser consider text is javascript:
// When it found '<script', 'javascript:', '<style', 'onload\s=' on body tag, '="&' on a tag size with old browsers
// All examples on page: http://ha.ckers.org/xss.html#XSScalc
$sql_inj += preg_match('/<script/i', $val);
if (! defined('NOSTYLECHECK')) $sql_inj += preg_match('/<style/i', $val);
$sql_inj += preg_match('/base[\s]+href/si', $val);
$sql_inj += preg_match('/<.*onmouse/si', $val); // onmousexxx can be set on img or any html tag like <img title='>' onmouseover=alert(1)>
$sql_inj += preg_match('/onerror\s*=/i', $val); // onerror can be set on img or any html tag like <img title='>' onerror = alert(1)>
if ($type == 1)
{
$sql_inj += preg_match('/javascript:/i', $val);
$sql_inj += preg_match('/vbscript:/i', $val);
}
// For XSS Injection done by adding javascript closing html tags like with onmousemove, etc... (closing a src or href tag with not cleaned param)
if ($type == 1) $sql_inj += preg_match('/"/i', $val); // We refused " in GET parameters value
if ($type == 2) $sql_inj += preg_match('/[;"]/', $val); // PHP_SELF is a file system path. It can contains spaces.
return $sql_inj;
$inj = 0;
// For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
if ($type != 2)
{
$inj += preg_match('/delete\s+from/i', $val);
$inj += preg_match('/create\s+table/i', $val);
$inj += preg_match('/update.+set.+=/i', $val);
$inj += preg_match('/insert\s+into/i', $val);
$inj += preg_match('/select.+from/i', $val);
$inj += preg_match('/union.+select/i', $val);
$inj += preg_match('/into\s+(outfile|dumpfile)/i', $val);
$inj += preg_match('/(\.\.%2f)+/i', $val);
}
// For XSS Injection done by adding javascript with script
// This is all cases a browser consider text is javascript:
// When it found '<script', 'javascript:', '<style', 'onload\s=' on body tag, '="&' on a tag size with old browsers
// All examples on page: http://ha.ckers.org/xss.html#XSScalc
// More on https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
$inj += preg_match('/<script/i', $val);
$inj += preg_match('/<iframe/i', $val);
$inj += preg_match('/Set\.constructor/i', $val); // ECMA script 6
if (! defined('NOSTYLECHECK')) $inj += preg_match('/<style/i', $val);
$inj += preg_match('/base[\s]+href/si', $val);
$inj += preg_match('/<.*onmouse/si', $val); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
$inj += preg_match('/onerror\s*=/i', $val); // onerror can be set on img or any html tag like <img title='...' onerror = alert(1)>
$inj += preg_match('/onfocus\s*=/i', $val); // onfocus can be set on input text html tag like <input type='text' value='...' onfocus = alert(1)>
$inj += preg_match('/onload\s*=/i', $val); // onload can be set on svg tag <svg/onload=alert(1)> or other tag like body <body onload=alert(1)>
//$inj += preg_match('/on[A-Z][a-z]+\*=/', $val); // To lock event handlers onAbort(), ...
$inj += preg_match('/&#58;|&#0000058|&#x3A/i', $val); // refused string ':' encoded (no reason to have it encoded) to lock 'javascript:...'
//if ($type == 1)
//{
$inj += preg_match('/javascript:/i', $val);
$inj += preg_match('/vbscript:/i', $val);
//}
// For XSS Injection done by adding javascript closing html tags like with onmousemove, etc... (closing a src or href tag with not cleaned param)
if ($type == 1) $inj += preg_match('/"/i', $val); // We refused " in GET parameters value
if ($type == 2) $inj += preg_match('/[;"]/', $val); // PHP_SELF is a file system path. It can contains spaces.
return $inj;
}
// Run tests
// More on https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
// Should be OK
$expectedresult=0;
$_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices';
$result=test_sql_and_script_inject($_SERVER["PHP_SELF"], 2);
$expectedresult=0;
$this->assertEquals($expectedresult, $result, 'Error on test_sql_and_script_inject 1a');
// Should detect XSS
$expectedresult=1;
$_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices;badaction';
$result=test_sql_and_script_inject($_SERVER["PHP_SELF"], 2);
$expectedresult=1;
$this->assertEquals($expectedresult, $result, 'Error on test_sql_and_script_inject 1b');
$_GET['aaa']="<img src='1.jpg' onerror =javascript:alert('XSS')>";
$result=test_sql_and_script_inject($_GET['aaa'], 0);
$expectedresult=1;
$this->assertEquals($expectedresult, $result, 'Error on test_sql_and_script_inject 2');
$_POST['bbb']="<img src='1.jpg' onerror =javascript:alert('XSS')>";
$result=test_sql_and_script_inject($_POST['bbb'], 2);
$expectedresult=1;
$this->assertEquals($expectedresult, $result, 'Error on test_sql_and_script_inject 3');
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject 1b');
$test="<img src='1.jpg' onerror =javascript:alert('XSS')>";
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa');
$test="<img src='1.jpg' onerror =javascript:alert('XSS')>";
$result=test_sql_and_script_inject($test, 2);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa2');
$test='<IMG SRC=# onmouseover="alert(1)">';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa3');
$test='<IMG SRC onmouseover="alert(1)">';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa4');
$test='<IMG onmouseover="alert(1)">';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa5');
$test='<IMG SRC=/ onerror="alert(1)">';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa6');
$test='<IMG SRC=" &#14; javascript:alert(1);">';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa7');
$test='<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject bbb');
$test='<SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject ccc');
$test='<IMG SRC="javascript:alert(\'XSS\');">';
$result=test_sql_and_script_inject($test, 1);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject ddd');
$test='<IMG """><SCRIPT>alert("XSS")</SCRIPT>">';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject eee');
$test='<!-- Google analytics -->
<script>
(function(i,s,o,g,r,a,m){i[\'GoogleAnalyticsObject\']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,\'script\',\'https://www.google-analytics.com/analytics.js\',\'ga\');
ga(\'create\',\'UA-99999999-9\', \'auto\');
ga(\'send\', \'pageview\');
</script>';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject eee');
$test="<IMG SRC=\"jav\tascript:alert('XSS');\">"; // Is locked by some brwoser like chrome because the default directive no-referrer-when-downgrade is sent when requesting the SRC and then refused because of browser protection on img src load without referrer.
$test="<IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">"; // Same
$test='<SCRIPT/XSS SRC="http://xss.rocks/xss.js"></SCRIPT>';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject fff1');
$test='<SCRIPT/SRC="http://xss.rocks/xss.js"></SCRIPT>';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject fff2');
// This case seems to be filtered by browsers now.
$test='<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(1)>';
//$result=test_sql_and_script_inject($test, 0);
//$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject ggg');
$test='<iframe src=http://xss.rocks/scriptlet.html <';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject hhh');
$test='Set.constructor`alert\x281\x29```';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject iii');
}
}