diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php index 95d88c80c87..292fb55a29f 100644 --- a/htdocs/accountancy/class/accountancycategory.class.php +++ b/htdocs/accountancy/class/accountancycategory.class.php @@ -261,7 +261,7 @@ class AccountancyCategory // extends CommonObject $sql .= " t.active"; $sql .= " FROM ".MAIN_DB_PREFIX."c_accounting_category as t"; if ($id) { - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); } else { $sql .= " WHERE t.entity IN (".getEntity('c_accounting_category').")"; // Dont't use entity if you use rowid if ($code) { @@ -354,7 +354,7 @@ class AccountancyCategory // extends CommonObject $sql .= " position=".(isset($this->position) ? $this->position : "null").","; $sql .= " fk_country=".(isset($this->fk_country) ? $this->fk_country : "null").","; $sql .= " active=".(isset($this->active) ? $this->active : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -392,7 +392,7 @@ class AccountancyCategory // extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."c_accounting_category"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/accountancy/class/accountingaccount.class.php b/htdocs/accountancy/class/accountingaccount.class.php index d5fad9b8f60..a7d89c45294 100644 --- a/htdocs/accountancy/class/accountingaccount.class.php +++ b/htdocs/accountancy/class/accountingaccount.class.php @@ -414,7 +414,7 @@ class AccountingAccount extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."accounting_account"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete sql=".$sql); $resql = $this->db->query($sql); @@ -553,7 +553,7 @@ class AccountingAccount extends CommonObject { $sql = 'SELECT a.rowid, a.datec, a.fk_user_author, a.fk_user_modif, a.tms'; $sql .= ' FROM '.MAIN_DB_PREFIX.'accounting_account as a'; - $sql .= ' WHERE a.rowid = '.$id; + $sql .= ' WHERE a.rowid = '.((int) $id); dol_syslog(get_class($this).'::info sql='.$sql); $result = $this->db->query($sql); diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index 27a84270e95..7286e954d0e 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -729,7 +729,7 @@ class BookKeeping extends CommonObject if (null !== $ref) { $sql .= " AND t.ref = '".$this->db->escape($ref)."'"; } else { - $sql .= ' AND t.rowid = '.$id; + $sql .= ' AND t.rowid = '.((int) $id); } $resql = $this->db->query($sql); @@ -1262,7 +1262,7 @@ class BookKeeping extends CommonObject $sql .= ' code_journal = '.(isset($this->code_journal) ? "'".$this->db->escape($this->code_journal)."'" : "null").','; $sql .= ' journal_label = '.(isset($this->journal_label) ? "'".$this->db->escape($this->journal_label)."'" : "null").','; $sql .= ' piece_num = '.(isset($this->piece_num) ? $this->piece_num : "null"); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $this->db->begin(); @@ -1359,7 +1359,7 @@ class BookKeeping extends CommonObject if (!$error) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.$mode; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/accountancy/customer/card.php b/htdocs/accountancy/customer/card.php index 9807922c43f..1209576ddba 100644 --- a/htdocs/accountancy/customer/card.php +++ b/htdocs/accountancy/customer/card.php @@ -55,7 +55,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) { $sql = " UPDATE ".MAIN_DB_PREFIX."facturedet"; $sql .= " SET fk_code_ventilation = ".$codeventil; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); $resql = $db->query($sql); if (!$resql) { @@ -99,7 +99,7 @@ if (!empty($id)) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON l.fk_code_ventilation = aa.rowid"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture as f ON f.rowid = l.fk_facture"; - $sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".$id; + $sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".((int) $id); $sql .= " AND f.entity IN (".getEntity('invoice', 0).")"; // We don't share object for accountancy dol_syslog("/accounting/customer/card.php sql=".$sql, LOG_DEBUG); diff --git a/htdocs/accountancy/expensereport/card.php b/htdocs/accountancy/expensereport/card.php index d68326ad68e..f997f666e6e 100644 --- a/htdocs/accountancy/expensereport/card.php +++ b/htdocs/accountancy/expensereport/card.php @@ -59,7 +59,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) { $sql = " UPDATE ".MAIN_DB_PREFIX."expensereport_det"; $sql .= " SET fk_code_ventilation = ".$codeventil; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); $resql = $db->query($sql); if (!$resql) { @@ -101,7 +101,7 @@ if (!empty($id)) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_fees as f ON f.id = erd.fk_c_type_fees"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON erd.fk_code_ventilation = aa.rowid"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."expensereport as er ON er.rowid = erd.fk_expensereport"; - $sql .= " WHERE er.fk_statut > 0 AND erd.rowid = ".$id; + $sql .= " WHERE er.fk_statut > 0 AND erd.rowid = ".((int) $id); $sql .= " AND er.entity IN (".getEntity('expensereport', 0).")"; // We don't share object for accountancy dol_syslog("/accounting/expensereport/card.php sql=".$sql, LOG_DEBUG); diff --git a/htdocs/accountancy/index.php b/htdocs/accountancy/index.php index 5b2f807fcd7..242fc71d80c 100644 --- a/htdocs/accountancy/index.php +++ b/htdocs/accountancy/index.php @@ -1,7 +1,7 @@ * Copyright (C) 2016-2019 Alexandre Spangaro - * Copyright (C) 2019 Frédéric France + * Copyright (C) 2019-2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -220,7 +220,7 @@ if ($conf->accounting->enabled) { /* * Show boxes */ - $boxlist .= '
'; + $boxlist = '
'; $boxlist .= '
'; diff --git a/htdocs/accountancy/supplier/card.php b/htdocs/accountancy/supplier/card.php index 25a3fc04ca4..0d86b928a26 100644 --- a/htdocs/accountancy/supplier/card.php +++ b/htdocs/accountancy/supplier/card.php @@ -59,7 +59,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) { $sql = " UPDATE ".MAIN_DB_PREFIX."facture_fourn_det"; $sql .= " SET fk_code_ventilation = ".$codeventil; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); $resql = $db->query($sql); if (!$resql) { @@ -101,7 +101,7 @@ if (!empty($id)) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON l.fk_code_ventilation = aa.rowid"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture_fourn as f ON f.rowid = l.fk_facture_fourn "; - $sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".$id; + $sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".((int) $id); $sql .= " AND f.entity IN (".getEntity('facture_fourn', 0).")"; // We don't share object for accountancy dol_syslog("/accounting/supplier/card.php sql=".$sql, LOG_DEBUG); diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 92701b9f010..8ee02238f1e 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -2131,9 +2131,9 @@ class Adherent extends CommonObject } $label .= '
'; - $url = DOL_URL_ROOT.'/adherents/card.php?rowid='.$this->id; + $url = DOL_URL_ROOT.'/adherents/card.php?rowid='.((int) $this->id); if ($option == 'subscription') { - $url = DOL_URL_ROOT.'/adherents/subscription.php?rowid='.$this->id; + $url = DOL_URL_ROOT.'/adherents/subscription.php?rowid='.((int) $this->id); } if ($option != 'nolink') { @@ -2262,7 +2262,7 @@ class Adherent extends CommonObject $statusType = 'status1'; $labelStatus = $langs->trans("MemberStatusActive"); $labelStatusShort = $langs->trans("MemberStatusActiveShort"); - } elseif ($date_end_subscription < time()) { + } elseif ($date_end_subscription < dol_now()) { $statusType = 'status3'; $labelStatus = $langs->trans("MemberStatusActiveLate"); $labelStatusShort = $langs->trans("MemberStatusActiveLateShort"); @@ -2694,7 +2694,7 @@ class Adherent extends CommonObject $sql .= ' a.tms as datem,'; $sql .= ' a.fk_user_author, a.fk_user_valid, a.fk_user_mod'; $sql .= ' FROM '.MAIN_DB_PREFIX.'adherent as a'; - $sql .= ' WHERE a.rowid = '.$id; + $sql .= ' WHERE a.rowid = '.((int) $id); dol_syslog(get_class($this)."::info", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/adherents/class/adherent_type.class.php b/htdocs/adherents/class/adherent_type.class.php index 1513ddb01f0..787f0190e8c 100644 --- a/htdocs/adherents/class/adherent_type.class.php +++ b/htdocs/adherents/class/adherent_type.class.php @@ -626,7 +626,7 @@ class AdherentType extends CommonObject $label .= '
'.$langs->trans("SubscriptionRequired").': '.yn($this->subscription); } - $linkstart = ''; + $linkstart = ''; $linkend = ''; $result .= $linkstart; diff --git a/htdocs/adherents/class/subscription.class.php b/htdocs/adherents/class/subscription.class.php index dff127d6d2b..65b01991100 100644 --- a/htdocs/adherents/class/subscription.class.php +++ b/htdocs/adherents/class/subscription.class.php @@ -417,7 +417,7 @@ class Subscription extends CommonObject $label .= '
'.$langs->trans('DateEnd').': '.dol_print_date($this->datef, 'day'); } - $url = DOL_URL_ROOT.'/adherents/subscription/card.php?rowid='.$this->id; + $url = DOL_URL_ROOT.'/adherents/subscription/card.php?rowid='.((int) $this->id); if ($option != 'nolink') { // Add param to save lastsearch_values or not @@ -483,7 +483,7 @@ class Subscription extends CommonObject $sql = 'SELECT c.rowid, c.datec,'; $sql .= ' c.tms as datem'; $sql .= ' FROM '.MAIN_DB_PREFIX.'subscription as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/adherents/index.php b/htdocs/adherents/index.php index ed9b8fa43b7..4ec9bd6624f 100644 --- a/htdocs/adherents/index.php +++ b/htdocs/adherents/index.php @@ -79,10 +79,10 @@ $subscriptionstatic = new Subscription($db); print load_fiche_titre($langs->trans("MembersArea"), $resultboxes['selectboxlist'], 'members'); -$Adherents = array(); -$AdherentsAValider = array(); -$MemberUpToDate = array(); -$AdherentsResilies = array(); +$MembersValidated = array(); +$MembersToValidate = array(); +$MembersUpToDate = array(); +$MembersResiliated = array(); $MembersExcluded = array(); $AdherentType = array(); @@ -148,7 +148,7 @@ if ($result) { $i = 0; while ($i < $num) { $objp = $db->fetch_object($result); - $MemberUpToDate[$objp->fk_adherent_type] = $objp->somme; + $MembersUpToDate[$objp->fk_adherent_type] = $objp->somme; $i++; } $db->free(); @@ -208,14 +208,14 @@ if ($conf->use_javascript_ajax) { $dataval = array(); $i = 0; foreach ($AdherentType as $key => $adhtype) { - $dataval['draft'][] = array($i, isset($MemberToValidate[$key]) ? $MemberToValidate[$key] : 0); - $dataval['notuptodate'][] = array($i, isset($MembersValidated[$key]) ? $MembersValidated[$key] - (isset($MemberUpToDate[$key]) ? $MemberUpToDate[$key] : 0) : 0); - $dataval['uptodate'][] = array($i, isset($MemberUpToDate[$key]) ? $MemberUpToDate[$key] : 0); + $dataval['draft'][] = array($i, isset($MembersToValidate[$key]) ? $MembersToValidate[$key] : 0); + $dataval['notuptodate'][] = array($i, isset($MembersValidated[$key]) ? $MembersValidated[$key] - (isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0) : 0); + $dataval['uptodate'][] = array($i, isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0); $dataval['resiliated'][] = array($i, isset($MembersResiliated[$key]) ? $MembersResiliated[$key] : 0); $dataval['excluded'][] = array($i, isset($MembersExcluded[$key]) ? $MembersExcluded[$key] : 0); - $SommeA += isset($MemberToValidate[$key]) ? $MemberToValidate[$key] : 0; - $SommeB += isset($MembersValidated[$key]) ? $MembersValidated[$key] - (isset($MemberUpToDate[$key]) ? $MemberUpToDate[$key] : 0) : 0; - $SommeC += isset($MemberUpToDate[$key]) ? $MemberUpToDate[$key] : 0; + $SommeA += isset($MembersToValidate[$key]) ? $MembersToValidate[$key] : 0; + $SommeB += isset($MembersValidated[$key]) ? $MembersValidated[$key] - (isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0) : 0; + $SommeC += isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0; $SommeD += isset($MembersResiliated[$key]) ? $MembersResiliated[$key] : 0; $SommeE += isset($MembersExcluded[$key]) ? $MembersExcluded [$key] : 0; $i++; @@ -486,9 +486,9 @@ print "\n"; foreach ($AdherentType as $key => $adhtype) { print ''; print ''.$adhtype->getNomUrl(1, dol_size(32)).''; - print ''.(isset($MemberToValidate[$key]) && $MemberToValidate[$key] > 0 ? $MemberToValidate[$key] : '').' '.$staticmember->LibStatut(-1, $adhtype->subscription, 0, 3).''; - print ''.(isset($MembersValidated[$key]) && ($MembersValidated[$key] - (isset($MemberUpToDate[$key]) ? $MemberUpToDate[$key] : 0) > 0) ? $MembersValidated[$key] - (isset($MemberUpToDate[$key]) ? $MemberUpToDate[$key] : 0) : '').' '.$staticmember->LibStatut(1, $adhtype->subscription, 0, 3).''; - print ''.(isset($MemberUpToDate[$key]) && $MemberUpToDate[$key] > 0 ? $MemberUpToDate[$key] : '').' '.$staticmember->LibStatut(1, $adhtype->subscription, $now, 3).''; + print ''.(isset($MembersToValidate[$key]) && $MembersToValidate[$key] > 0 ? $MembersToValidate[$key] : '').' '.$staticmember->LibStatut(-1, $adhtype->subscription, 0, 3).''; + print ''.(isset($MembersValidated[$key]) && ($MembersValidated[$key] - (isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0) > 0) ? $MembersValidated[$key] - (isset($MembersUpToDate[$key]) ? $MembersUpToDate[$key] : 0) : '').' '.$staticmember->LibStatut(1, $adhtype->subscription, 0, 3).''; + print ''.(isset($MembersUpToDate[$key]) && $MembersUpToDate[$key] > 0 ? $MembersUpToDate[$key] : '').' '.$staticmember->LibStatut(1, $adhtype->subscription, $now, 3).''; print ''.(isset($MembersResiliated[$key]) && $MembersResiliated[$key] > 0 ? $MembersResiliated[$key] : '').' '.$staticmember->LibStatut(0, $adhtype->subscription, 0, 3).''; print ''.(isset($MembersExcluded[$key]) && $MembersExcluded[$key] > 0 ? $MembersExcluded[$key] : '').' '.$staticmember->LibStatut(-2, $adhtype->subscription, 0, 3).''; print "\n"; diff --git a/htdocs/admin/eventorganization_confbooth_extrafields.php b/htdocs/admin/eventorganization_confbooth_extrafields.php index 4e45b0fddc3..4b6f9bdc46a 100644 --- a/htdocs/admin/eventorganization_confbooth_extrafields.php +++ b/htdocs/admin/eventorganization_confbooth_extrafields.php @@ -60,7 +60,7 @@ require DOL_DOCUMENT_ROOT.'/core/actions_extrafields.inc.php'; */ -llxHeader('', $langs->trans("EventOrganizationSetup"), $help_url); +llxHeader('', $langs->trans("EventOrganizationSetup")); $linkback = ''.$langs->trans("BackToModuleList").''; diff --git a/htdocs/admin/index.php b/htdocs/admin/index.php index c16a01e5816..d94c8a3fffd 100644 --- a/htdocs/admin/index.php +++ b/htdocs/admin/index.php @@ -81,7 +81,7 @@ print '
'; if (empty($conf->global->MAIN_INFO_SOCIETE_NOM) || empty($conf->global->MAIN_INFO_SOCIETE_COUNTRY)) { $setupcompanynotcomplete = 1; } -print img_picto('', 'puce').' '.$langs->trans("SetupDescription3", DOL_URL_ROOT.'/admin/company.php?mainmenu=home'.(empty($setupcompanynotcomplete) ? '' : '&action=edit'), $langs->transnoentities("Setup"), $langs->transnoentities("MenuCompanySetup")); +print img_picto('', 'company', 'class="paddingright"').' '.$langs->trans("SetupDescription3", DOL_URL_ROOT.'/admin/company.php?mainmenu=home'.(empty($setupcompanynotcomplete) ? '' : '&action=edit'), $langs->transnoentities("Setup"), $langs->transnoentities("MenuCompanySetup")); if (!empty($setupcompanynotcomplete)) { $langs->load("errors"); $warnpicto = img_warning($langs->trans("WarningMandatorySetupNotComplete"), 'style="padding-right: 6px;"'); @@ -92,7 +92,7 @@ print '
'; print '
'; // Show info setup module -print img_picto('', 'puce').' '.$langs->trans("SetupDescription4", DOL_URL_ROOT.'/admin/modules.php?mainmenu=home', $langs->transnoentities("Setup"), $langs->transnoentities("Modules")); +print img_picto('', 'cog', 'class="paddingright"').' '.$langs->trans("SetupDescription4", DOL_URL_ROOT.'/admin/modules.php?mainmenu=home', $langs->transnoentities("Setup"), $langs->transnoentities("Modules")); if (count($conf->modules) <= (empty($conf->global->MAIN_MIN_NB_ENABLED_MODULE_FOR_WARNING) ? 1 : $conf->global->MAIN_MIN_NB_ENABLED_MODULE_FOR_WARNING)) { // If only user module enabled $langs->load("errors"); $warnpicto = img_warning($langs->trans("WarningEnableYourModulesApplications"), 'style="padding-right: 6px;"'); diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index a5867d63553..5cf852fdacb 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -464,7 +464,7 @@ asort($orders); $nbofactivatedmodules = count($conf->modules); $moreinfo = $langs->trans("TitleNumberOfActivatedModules"); -$moreinfo2 = ($nbofactivatedmodules - 1)." / ".count($modules); +$moreinfo2 = ''.($nbofactivatedmodules - 1).' / '.count($modules).''; if ($nbofactivatedmodules <= 1) { $moreinfo2 .= ' '.img_warning($langs->trans("YouMustEnableOneModule")); } @@ -476,16 +476,16 @@ $deschelp = ''; if ($mode == 'common' || $mode == 'commonkanban') { $desc = $langs->trans("ModulesDesc", '{picto}'); $desc = str_replace('{picto}', img_picto('', 'switch_off'), $desc); - $deschelp = ''.$desc."

\n"; + $deschelp = '
'.$desc."

\n"; } if ($mode == 'marketplace') { - $deschelp = ''.$langs->trans("ModulesMarketPlaceDesc")."

\n"; + //$deschelp = '
'.$langs->trans("ModulesMarketPlaceDesc")."

\n"; } if ($mode == 'deploy') { - $deschelp = ''.$langs->trans("ModulesDeployDesc", $langs->transnoentitiesnoconv("AvailableModules"))."

\n"; + $deschelp = '
'.$langs->trans("ModulesDeployDesc", $langs->transnoentitiesnoconv("AvailableModules"))."

\n"; } if ($mode == 'develop') { - $deschelp = ''.$langs->trans("ModulesDevelopDesc")."

\n"; + $deschelp = '
'.$langs->trans("ModulesDevelopDesc")."

\n"; } $head = modules_prepare_head(); @@ -521,11 +521,11 @@ if ($mode == 'common' || $mode == 'commonkanban') { $moreforfilter .= dolGetButtonTitle($langs->trans('ViewList'), '', 'fa fa-list-alt imgforviewmode', $_SERVER["PHP_SELF"].'?mode=common'.$param, '', 1, array('morecss'=>'reposition'.($mode == 'commonkanban' ? '' : ' btnTitleSelected'))); $moreforfilter .= '
'; - $moreforfilter .= '
'.$moreinfo.'
'.$moreinfo2.'
'; + $moreforfilter .= '
'.$moreinfo.' '.$moreinfo2.'
'; $moreforfilter .= '
'; $moreforfilter .= '
'; - $moreforfilter .= img_picto($langs->trans("Filter"), 'filter', 'class="paddingright opacitymedium"').''; + $moreforfilter .= img_picto($langs->trans("Filter"), 'filter', 'class="paddingright opacityhigh"').''; $moreforfilter .= '
'; $moreforfilter .= '
'; $moreforfilter .= $form->selectarray('search_nature', $arrayofnatures, dol_escape_htmltag($search_nature), $langs->trans('Origin'), 0, 0, '', 0, 0, 0, '', 'maxwidth200', 1); @@ -745,7 +745,7 @@ if ($mode == 'common' || $mode == 'commonkanban') { } } else { if (!empty($objMod->warnings_unactivation[$mysoc->country_code]) && method_exists($objMod, 'alreadyUsed') && $objMod->alreadyUsed()) { - $codeenabledisable .= 'warnings_unactivation[$mysoc->country_code].'&value='.$modName.'&mode='.$mode.$param.'">'; + $codeenabledisable .= 'warnings_unactivation[$mysoc->country_code]).'&value='.$modName.'&mode='.$mode.$param.'">'; $codeenabledisable .= img_picto($langs->trans("Activated"), 'switch_on'); $codeenabledisable .= ''; } else { @@ -762,13 +762,13 @@ if ($mode == 'common' || $mode == 'commonkanban') { $backtourlparam .= ($backtourlparam ? '&' : '?').'search_keyword='.$search_keyword; // No urlencode here, done later } if ($search_nature > -1) { - $backtourlparam .= ($backtourlparam ? '&' : '?').'search_nature='.$search_nature; + $backtourlparam .= ($backtourlparam ? '&' : '?').'search_nature='.$search_nature; // No urlencode here, done later } if ($search_version > -1) { - $backtourlparam .= ($backtourlparam ? '&' : '?').'search_version='.$search_version; + $backtourlparam .= ($backtourlparam ? '&' : '?').'search_version='.$search_version; // No urlencode here, done later } if ($search_status > -1) { - $backtourlparam .= ($backtourlparam ? '&' : '?').'search_status='.$search_status; + $backtourlparam .= ($backtourlparam ? '&' : '?').'search_status='.$search_status; // No urlencode here, done later } $backtourl = $_SERVER["PHP_SELF"].$backtourlparam; @@ -955,7 +955,7 @@ if ($mode == 'marketplace') { print ''."\n"; $url = 'https://www.dolistore.com'; print ''; - print ''.$langs->trans("DoliStoreDesc").''; + print ''.$langs->trans("DoliStoreDesc").''; print ''.$url.''; print ''; diff --git a/htdocs/asset/admin/index.html b/htdocs/asset/admin/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/asset/admin/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/asset/class/asset.class.php b/htdocs/asset/class/asset.class.php index 48f66ae5ccf..66cd9bcb4cf 100644 --- a/htdocs/asset/class/asset.class.php +++ b/htdocs/asset/class/asset.class.php @@ -414,7 +414,7 @@ class Asset extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/asset/class/asset_type.class.php b/htdocs/asset/class/asset_type.class.php index 7354b8dfd15..6b345aaef68 100644 --- a/htdocs/asset/class/asset_type.class.php +++ b/htdocs/asset/class/asset_type.class.php @@ -397,7 +397,7 @@ class AssetType extends CommonObject $result = ''; $label = $langs->trans("ShowTypeCard", $this->label); - $linkstart = ''; + $linkstart = ''; $linkend = ''; $result .= $linkstart; diff --git a/htdocs/asset/class/index.html b/htdocs/asset/class/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/asset/class/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/asset/index.html b/htdocs/asset/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/asset/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/blockedlog/class/authority.class.php b/htdocs/blockedlog/class/authority.class.php index 0913223da0d..9fc10fdc59e 100644 --- a/htdocs/blockedlog/class/authority.class.php +++ b/htdocs/blockedlog/class/authority.class.php @@ -161,7 +161,7 @@ class BlockedLogAuthority $sql .= " FROM ".MAIN_DB_PREFIX."blockedlog_authority as b"; if ($id) { - $sql .= " WHERE b.rowid = ".$id; + $sql .= " WHERE b.rowid = ".((int) $id); } elseif ($signature) { $sql .= " WHERE b.signature = '".$this->db->escape($signature)."'"; } @@ -259,7 +259,7 @@ class BlockedLogAuthority $sql = "UPDATE ".MAIN_DB_PREFIX."blockedlog_authority SET "; $sql .= " blockchain='".$this->db->escape($this->blockchain)."'"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $res = $this->db->query($sql); if ($res) { diff --git a/htdocs/blockedlog/class/blockedlog.class.php b/htdocs/blockedlog/class/blockedlog.class.php index 69ba6cd1308..366d7042d77 100644 --- a/htdocs/blockedlog/class/blockedlog.class.php +++ b/htdocs/blockedlog/class/blockedlog.class.php @@ -796,7 +796,7 @@ class BlockedLog public function setCertified() { - $res = $this->db->query("UPDATE ".MAIN_DB_PREFIX."blockedlog SET certified=1 WHERE rowid=".$this->id); + $res = $this->db->query("UPDATE ".MAIN_DB_PREFIX."blockedlog SET certified=1 WHERE rowid=".((int) $this->id)); if ($res === false) { return false; } diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index db1abb28c42..b3af3a43fd2 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -892,7 +892,7 @@ class BOM extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { @@ -1469,7 +1469,7 @@ class BOMLine extends CommonObjectLine $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/bom/lib/bom.lib.php b/htdocs/bom/lib/bom.lib.php index a5be872a096..8f3cadeedc2 100644 --- a/htdocs/bom/lib/bom.lib.php +++ b/htdocs/bom/lib/bom.lib.php @@ -1,6 +1,6 @@ - * Copyright (C) 2019 Frédéric France + * Copyright (C) 2019-2021 Frédéric France * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -41,17 +41,11 @@ function bomAdminPrepareHead() $head[$h][2] = 'settings'; $h++; - $head[$h][0] = dol_buildpath("/admin/bom_extrafields.php", 1); + $head[$h][0] = DOL_URL_ROOT."/admin/bom_extrafields.php"; $head[$h][1] = $langs->trans("ExtraFields"); $head[$h][2] = 'bom_extrafields'; $h++; - /*$head[$h][0] = DOL_URL_ROOT."/bom/admin/about.php"; - $head[$h][1] = $langs->trans("About"); - $head[$h][2] = 'about'; - $h++; - */ - // Show more tabs from modules // Entries must be declared in modules descriptor with line //$this->tabs = array( diff --git a/htdocs/bookmarks/class/bookmark.class.php b/htdocs/bookmarks/class/bookmark.class.php index f5bbefae3d3..4fe8c3cee83 100644 --- a/htdocs/bookmarks/class/bookmark.class.php +++ b/htdocs/bookmarks/class/bookmark.class.php @@ -117,7 +117,7 @@ class Bookmark extends CommonObject $sql = "SELECT rowid, fk_user, dateb as datec, url, target,"; $sql .= " title, position, favicon"; $sql .= " FROM ".MAIN_DB_PREFIX."bookmark"; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); $sql .= " AND entity = ".$conf->entity; dol_syslog("Bookmark::fetch", LOG_DEBUG); @@ -239,7 +239,7 @@ class Bookmark extends CommonObject public function remove($id) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."bookmark"; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog("Bookmark::remove", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index d83bc794baa..ba8ffe0e89f 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -323,8 +323,8 @@ class Categorie extends CommonObject $sql = "SELECT rowid, fk_parent, entity, label, description, color, fk_soc, visible, type, ref_ext"; $sql .= ", date_creation, tms, fk_user_creat, fk_user_modif"; $sql .= " FROM ".MAIN_DB_PREFIX."categorie"; - if ($id > 0) { - $sql .= " WHERE rowid = ".$id; + if ($id) { + $sql .= " WHERE rowid = ".((int) $id); } elseif (!empty($ref_ext)) { $sql .= " WHERE ref_ext LIKE '".$this->db->escape($ref_ext)."'"; } else { diff --git a/htdocs/categories/index.php b/htdocs/categories/index.php index aa2dc20e2b2..6ca392aef47 100644 --- a/htdocs/categories/index.php +++ b/htdocs/categories/index.php @@ -5,6 +5,7 @@ * Copyright (C) 2007 Patrick Raguin * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2015 Raphaël Doursenaud + * Copyright (C) 2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -151,7 +152,7 @@ $cate_arbo = $categstatic->get_full_arbo($typetext); $fulltree = $cate_arbo; // Load possible missing includes -if ($conf->global->CATEGORY_SHOW_COUNTS) { +if (!empty($conf->global->CATEGORY_SHOW_COUNTS)) { if ($type == Categorie::TYPE_MEMBER) { require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; } @@ -177,7 +178,7 @@ foreach ($fulltree as $key => $val) { $desc = dol_htmlcleanlastbr($val['description']); $counter = ''; - if ($conf->global->CATEGORY_SHOW_COUNTS) { + if (!empty($conf->global->CATEGORY_SHOW_COUNTS)) { // we need only a count of the elements, so it is enough to consume only the id's from the database $elements = $type == Categorie::TYPE_ACCOUNT ? $categstatic->getObjectsInCateg("account", 1) // Categorie::TYPE_ACCOUNT is "bank_account" instead of "account" diff --git a/htdocs/categories/info.php b/htdocs/categories/info.php index 5666664b848..f5b54f50de9 100644 --- a/htdocs/categories/info.php +++ b/htdocs/categories/info.php @@ -71,11 +71,11 @@ $title = Categorie::$MAP_TYPE_TITLE_AREA[$type]; $head = categories_prepare_head($object, $type); print dol_get_fiche_head($head, 'info', $langs->trans($title), -1, 'category'); -$backtolist = (GETPOST('backtolist') ? GETPOST('backtolist') : DOL_URL_ROOT.'/categories/index.php?leftmenu=cat&type='.$type); -$linkback = ''.$langs->trans("BackToList").''; +$backtolist = (GETPOST('backtolist') ? GETPOST('backtolist') : DOL_URL_ROOT.'/categories/index.php?leftmenu=cat&type='.urlencode($type)); +$linkback = ''.$langs->trans("BackToList").''; $object->next_prev_filter = ' type = '.$object->type; $object->ref = $object->label; -$morehtmlref = '
'.$langs->trans("Root").' >> '; +$morehtmlref = '
'.$langs->trans("Root").' >> '; $ways = $object->print_all_ways(" >> ", '', 1); foreach ($ways as $way) { $morehtmlref .= $way."
\n"; diff --git a/htdocs/categories/photos.php b/htdocs/categories/photos.php index cfc722df83f..c7e574939ff 100644 --- a/htdocs/categories/photos.php +++ b/htdocs/categories/photos.php @@ -108,7 +108,8 @@ if ($object->id) { $head = categories_prepare_head($object, $type); print dol_get_fiche_head($head, 'photos', $langs->trans($title), -1, 'category'); - $linkback = ''.$langs->trans("BackToList").''; + $backtolist = (GETPOST('backtolist') ? GETPOST('backtolist') : DOL_URL_ROOT.'/categories/index.php?leftmenu=cat&type='.urlencode($type)); + $linkback = ''.$langs->trans("BackToList").''; $object->next_prev_filter = ' type = '.$object->type; $object->ref = $object->label; $morehtmlref = '
'.$langs->trans("Root").' >> '; diff --git a/htdocs/categories/traduction.php b/htdocs/categories/traduction.php index 9f2ed6936ef..de59aca376d 100644 --- a/htdocs/categories/traduction.php +++ b/htdocs/categories/traduction.php @@ -184,7 +184,8 @@ if (!empty($object->multilangs)) { print dol_get_fiche_head($head, 'translation', $langs->trans($title), -1, 'category'); -$linkback = ''.$langs->trans("BackToList").''; +$backtolist = (GETPOST('backtolist') ? GETPOST('backtolist') : DOL_URL_ROOT.'/categories/index.php?leftmenu=cat&type='.urlencode($type)); +$linkback = ''.$langs->trans("BackToList").''; $object->next_prev_filter = ' type = '.$object->type; $object->ref = $object->label; $morehtmlref = '
'.$langs->trans("Root").' >> '; diff --git a/htdocs/categories/viewcat.php b/htdocs/categories/viewcat.php index 7f19194a3c3..dedb368202d 100644 --- a/htdocs/categories/viewcat.php +++ b/htdocs/categories/viewcat.php @@ -215,18 +215,18 @@ $title = Categorie::$MAP_TYPE_TITLE_AREA[$type]; $head = categories_prepare_head($object, $type); print dol_get_fiche_head($head, 'card', $langs->trans($title), -1, 'category'); -$backtolist = (GETPOST('backtolist') ? GETPOST('backtolist') : DOL_URL_ROOT.'/categories/index.php?leftmenu=cat&type='.$type); -$linkback = ''.$langs->trans("BackToList").''; +$backtolist = (GETPOST('backtolist') ? GETPOST('backtolist') : DOL_URL_ROOT.'/categories/index.php?leftmenu=cat&type='.urlencode($type)); +$linkback = ''.$langs->trans("BackToList").''; $object->next_prev_filter = ' type = '.$object->type; $object->ref = $object->label; -$morehtmlref = '
'.$langs->trans("Root").' >> '; +$morehtmlref = '
'.$langs->trans("Root").' >> '; $ways = $object->print_all_ways(" >> ", '', 1); foreach ($ways as $way) { $morehtmlref .= $way."
\n"; } $morehtmlref .= '
'; -dol_banner_tab($object, 'label', $linkback, ($user->socid ? 0 : 1), 'label', 'label', $morehtmlref, '&type='.$type, 0, '', '', 1); +dol_banner_tab($object, 'label', $linkback, ($user->socid ? 0 : 1), 'label', 'label', $morehtmlref, '&type='.urlencode($type), 0, '', '', 1); /* diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index 4470310e4d0..ab6de76f340 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -1038,7 +1038,7 @@ class ActionComm extends CommonObject * @param int $notrigger 1 = disable triggers, 0 = enable triggers * @return int <0 if KO, >0 if OK */ - public function update($user, $notrigger = 0) + public function update(User $user, $notrigger = 0) { global $langs, $conf, $hookmanager; diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index a125dc466f8..3616de126be 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -7,7 +7,7 @@ * Copyright (C) 2014 Cedric GROSS * Copyright (C) 2015 Marcos García * Copyright (C) 2017 Open-DSI - * Copyright (C) 2018 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -258,7 +258,13 @@ if (empty($conf->global->AGENDA_DISABLE_EXT)) { $buggedfile = 'AGENDA_EXT_BUGGEDFILE'.$i; if (!empty($conf->global->$source) && !empty($conf->global->$name)) { // Note: $conf->global->buggedfile can be empty or 'uselocalandtznodaylight' or 'uselocalandtzdaylight' - $listofextcals[] = array('src'=>$conf->global->$source, 'name'=>$conf->global->$name, 'offsettz'=>$conf->global->$offsettz, 'color'=>$conf->global->$color, 'buggedfile'=>(isset($conf->global->buggedfile) ? $conf->global->buggedfile : 0)); + $listofextcals[] = array( + 'src'=>$conf->global->$source, + 'name'=>$conf->global->$name, + 'offsettz' => (!empty($conf->global->$offsettz) ? $conf->global->$offsettz : 0), + 'color'=>$conf->global->$color, + 'buggedfile'=>(isset($conf->global->buggedfile) ? $conf->global->buggedfile : 0) + ); } } } @@ -275,7 +281,13 @@ if (empty($user->conf->AGENDA_DISABLE_EXT)) { $buggedfile = 'AGENDA_EXT_BUGGEDFILE_'.$user->id.'_'.$i; if (!empty($user->conf->$source) && !empty($user->conf->$name)) { // Note: $conf->global->buggedfile can be empty or 'uselocalandtznodaylight' or 'uselocalandtzdaylight' - $listofextcals[] = array('src'=>$user->conf->$source, 'name'=>$user->conf->$name, 'offsettz'=>$user->conf->$offsettz, 'color'=>$user->conf->$color, 'buggedfile'=>(isset($user->conf->buggedfile) ? $user->conf->buggedfile : 0)); + $listofextcals[] = array( + 'src'=>$user->conf->$source, + 'name'=>$user->conf->$name, + 'offsettz' => (!empty($user->conf->$offsettz) ? $user->conf->$offsettz : 0), + 'color'=>$user->conf->$color, + 'buggedfile'=>(isset($user->conf->buggedfile) ? $user->conf->buggedfile : 0) + ); } } } diff --git a/htdocs/comm/action/rapport/index.php b/htdocs/comm/action/rapport/index.php index 44bd8547e8a..908819e1d1a 100644 --- a/htdocs/comm/action/rapport/index.php +++ b/htdocs/comm/action/rapport/index.php @@ -38,6 +38,7 @@ $action = GETPOST('action', 'aZ09'); $month = GETPOST('month', 'int'); $year = GETPOST('year', 'int'); +$optioncss = GETPOST('optioncss', 'alpha'); $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); $sortorder = GETPOST("sortorder", 'alpha'); diff --git a/htdocs/comm/mailing/class/advtargetemailing.class.php b/htdocs/comm/mailing/class/advtargetemailing.class.php index 719ec5b6c49..c811b673197 100644 --- a/htdocs/comm/mailing/class/advtargetemailing.class.php +++ b/htdocs/comm/mailing/class/advtargetemailing.class.php @@ -228,7 +228,7 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " t.tms"; $sql .= " FROM ".MAIN_DB_PREFIX."advtargetemailing as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); $resql = $this->db->query($sql); @@ -419,7 +419,7 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " filtervalue=".(isset($this->filtervalue) ? "'".$this->db->escape($this->filtervalue)."'" : "null").","; $sql .= " fk_user_mod=".$user->id; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); @@ -459,7 +459,7 @@ class AdvanceTargetingMailing extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."advtargetemailing"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete sql=".$sql); $resql = $this->db->query($sql); diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index af77b56bc15..197c9c7074f 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -1644,7 +1644,7 @@ class Propal extends CommonObject $sql .= " note_public=".(isset($this->note_public) ? "'".$this->db->escape($this->note_public)."'" : "null").","; $sql .= " model_pdf=".(isset($this->model_pdf) ? "'".$this->db->escape($this->model_pdf)."'" : "null").","; $sql .= " import_key=".(isset($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -2996,7 +2996,7 @@ class Propal extends CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.'propal'; $sql .= ' SET fk_availability = '.$availability_id; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__.' availability('.$availability_id.')', LOG_DEBUG); $resql = $this->db->query($sql); @@ -3060,7 +3060,7 @@ class Propal extends CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.'propal'; $sql .= ' SET fk_input_reason = '.$demand_reason_id; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__.' demand_reason('.$demand_reason_id.')', LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index 4d5f75c7c24..cc744f9eb56 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -1060,7 +1060,7 @@ class Commande extends CommonOrder $initialref = $this->ref; } - $sql = 'UPDATE '.MAIN_DB_PREFIX."commande SET ref='".$this->db->escape($initialref)."' WHERE rowid=".$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX."commande SET ref='".$this->db->escape($initialref)."' WHERE rowid=".((int) $this->id); if ($this->db->query($sql)) { $this->ref = $initialref; @@ -2741,7 +2741,7 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; $sql .= ' SET fk_availability = '.$availability_id; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2805,7 +2805,7 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; $sql .= ' SET fk_input_reason = '.$demand_reason_id; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -3310,7 +3310,7 @@ class Commande extends CommonOrder $sql .= " model_pdf=".(isset($this->model_pdf) ? "'".$this->db->escape($this->model_pdf)."'" : "null").","; $sql .= " import_key=".(isset($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -3763,7 +3763,7 @@ class Commande extends CommonOrder $sql .= ' date_cloture as datecloture,'; $sql .= ' fk_user_author, fk_user_valid, fk_user_cloture'; $sql .= ' FROM '.MAIN_DB_PREFIX.'commande as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/compta/accounting-files.php b/htdocs/compta/accounting-files.php index 29f1fb5ca3e..596abdf0e97 100644 --- a/htdocs/compta/accounting-files.php +++ b/htdocs/compta/accounting-files.php @@ -694,7 +694,7 @@ if (!empty($date_start) && !empty($date_stop)) { } elseif ($data['item'] == 'SalaryPayment') { $salary_payment->id = $data['id']; $salary_payment->ref = $data['ref']; - print $salary_payment->getNomUrl(1, '', 0, '', 0); + print $salary_payment->getNomUrl(1); } elseif ($data['item'] == 'Donation') { $don->id = $data['id']; $don->ref = $data['ref']; diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index 7cabbc98500..16e26b9bc94 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -2271,7 +2271,7 @@ class AccountLine extends CommonObject $sql = 'SELECT b.rowid, b.datec, b.tms as datem,'; $sql .= ' b.fk_user_author, b.fk_user_rappro'; $sql .= ' FROM '.MAIN_DB_PREFIX.'bank as b'; - $sql .= ' WHERE b.rowid = '.$id; + $sql .= ' WHERE b.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { @@ -2319,7 +2319,7 @@ class AccountLine extends CommonObject $label = img_picto('', $this->picto).' '.$langs->trans("Transaction").':
'; $label .= ''.$langs->trans("Ref").': '.$this->ref; - $linkstart = ''; + $linkstart = ''; $linkend = ''; $result .= $linkstart; diff --git a/htdocs/compta/bank/class/bankcateg.class.php b/htdocs/compta/bank/class/bankcateg.class.php index be023fe630c..ccf5828d40a 100644 --- a/htdocs/compta/bank/class/bankcateg.class.php +++ b/htdocs/compta/bank/class/bankcateg.class.php @@ -126,7 +126,7 @@ class BankCateg // extends CommonObject $sql .= " t.rowid,"; $sql .= " t.label"; $sql .= " FROM ".MAIN_DB_PREFIX."bank_categ as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); $sql .= " AND t.entity = ".$conf->entity; dol_syslog(get_class($this)."::fetch", LOG_DEBUG); @@ -170,7 +170,7 @@ class BankCateg // extends CommonObject // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."bank_categ SET"; $sql .= " label=".(isset($this->label) ? "'".$this->db->escape($this->label)."'" : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $this->db->begin(); @@ -237,7 +237,7 @@ class BankCateg // extends CommonObject // Delete bank categ if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_categ"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/compta/bank/class/paymentvarious.class.php b/htdocs/compta/bank/class/paymentvarious.class.php index 8be1c392426..dccdcd5cd24 100644 --- a/htdocs/compta/bank/class/paymentvarious.class.php +++ b/htdocs/compta/bank/class/paymentvarious.class.php @@ -214,7 +214,7 @@ class PaymentVarious extends CommonObject $sql .= " fk_bank=".($this->fk_bank > 0 ? $this->fk_bank : "null").","; $sql .= " fk_user_author=".(int) $this->fk_user_author.","; $sql .= " fk_user_modif=".(int) $this->fk_user_modif; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -274,7 +274,7 @@ class PaymentVarious extends CommonObject $sql .= " b.rappro"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_various as v"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON v.fk_bank = b.rowid"; - $sql .= " WHERE v.rowid = ".$id; + $sql .= " WHERE v.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -334,7 +334,7 @@ class PaymentVarious extends CommonObject $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_various"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); @@ -742,7 +742,7 @@ class PaymentVarious extends CommonObject { $sql = 'SELECT v.rowid, v.datec, v.fk_user_author'; $sql .= ' FROM '.MAIN_DB_PREFIX.'payment_various as v'; - $sql .= ' WHERE v.rowid = '.$id; + $sql .= ' WHERE v.rowid = '.((int) $id); dol_syslog(get_class($this).'::info', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/cashcontrol/class/cashcontrol.class.php b/htdocs/compta/cashcontrol/class/cashcontrol.class.php index fd6d7d9fa25..1b9860c976a 100644 --- a/htdocs/compta/cashcontrol/class/cashcontrol.class.php +++ b/htdocs/compta/cashcontrol/class/cashcontrol.class.php @@ -244,7 +244,7 @@ class CashControl extends CommonObject $sql .= " SET status = ".self::STATUS_VALIDATED.","; $sql .= " date_valid='".$this->db->idate($now)."',"; $sql .= " fk_user_valid = ".$user->id; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/compta/deplacement/class/deplacement.class.php b/htdocs/compta/deplacement/class/deplacement.class.php index 1c7a4e75552..c34d89bfa2f 100644 --- a/htdocs/compta/deplacement/class/deplacement.class.php +++ b/htdocs/compta/deplacement/class/deplacement.class.php @@ -278,7 +278,7 @@ class Deplacement extends CommonObject if ($ref) { $sql .= " AND ref ='".$this->db->escape($ref)."'"; } else { - $sql .= " AND rowid = ".$id; + $sql .= " AND rowid = ".((int) $id); } dol_syslog(get_class($this)."::fetch", LOG_DEBUG); @@ -317,7 +317,7 @@ class Deplacement extends CommonObject { $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."deplacement WHERE rowid = ".$id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."deplacement WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $result = $this->db->query($sql); @@ -471,7 +471,7 @@ class Deplacement extends CommonObject $sql = 'SELECT c.rowid, c.datec, c.fk_user_author, c.fk_user_modif,'; $sql .= ' c.tms'; $sql .= ' FROM '.MAIN_DB_PREFIX.'deplacement as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); dol_syslog(get_class($this).'::info', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/facture/class/facture-rec.class.php b/htdocs/compta/facture/class/facture-rec.class.php index 09efdb60f29..4119846e394 100644 --- a/htdocs/compta/facture/class/facture-rec.class.php +++ b/htdocs/compta/facture/class/facture-rec.class.php @@ -1967,7 +1967,7 @@ class FactureLigneRec extends CommonInvoiceLine } if (!$error) { - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.' WHERE rowid='.$this->id; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.' WHERE rowid='.((int) $this->id); $res = $this->db->query($sql); if ($res === false) { diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index dfd50147109..69356287288 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -694,7 +694,7 @@ class Facture extends CommonInvoice // Update ref with new one $this->ref = '(PROV'.$this->id.')'; - $sql = 'UPDATE '.MAIN_DB_PREFIX."facture SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX."facture SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -1978,7 +1978,7 @@ class Facture extends CommonInvoice $sql .= " retained_warranty=".(empty($this->retained_warranty) ? "0" : $this->db->escape($this->retained_warranty)).","; $sql .= " retained_warranty_date_limit=".(strval($this->retained_warranty_date_limit) != '' ? "'".$this->db->idate($this->retained_warranty_date_limit)."'" : 'null').","; $sql .= " retained_warranty_fk_cond_reglement=".(isset($this->retained_warranty_fk_cond_reglement) ?intval($this->retained_warranty_fk_cond_reglement) : "null"); - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -2375,7 +2375,7 @@ class Facture extends CommonInvoice $now = dol_now(); - dol_syslog(get_class($this)."::set_paid rowid=".$this->id, LOG_DEBUG); + dol_syslog(get_class($this)."::set_paid rowid=".((int) $this->id), LOG_DEBUG); $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET'; $sql .= ' fk_statut='.self::STATUS_CLOSED; @@ -2513,7 +2513,7 @@ class Facture extends CommonInvoice */ public function setCanceled($user, $close_code = '', $close_note = '') { - dol_syslog(get_class($this)."::setCanceled rowid=".$this->id, LOG_DEBUG); + dol_syslog(get_class($this)."::setCanceled rowid=".((int) $this->id), LOG_DEBUG); $this->db->begin(); @@ -3955,7 +3955,7 @@ class Facture extends CommonInvoice $sql .= ' date_closing as dateclosing,'; $sql .= ' fk_user_author, fk_user_valid, fk_user_closing'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facture as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { @@ -4825,7 +4825,7 @@ class Facture extends CommonInvoice $fieldname = 'retained_warranty'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET '.$fieldname.' = '.floatval($value); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { $this->retained_warranty = floatval($value); @@ -4862,7 +4862,7 @@ class Facture extends CommonInvoice $fieldname = 'retained_warranty_date_limit'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET '.$fieldname.' = '.(strval($timestamp) != '' ? '\''.$this->db->idate($timestamp).'\'' : 'null'); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { $this->retained_warranty_date_limit = $timestamp; diff --git a/htdocs/compta/facture/class/paymentterm.class.php b/htdocs/compta/facture/class/paymentterm.class.php index d9c0fa36c9a..87cd50d27c6 100644 --- a/htdocs/compta/facture/class/paymentterm.class.php +++ b/htdocs/compta/facture/class/paymentterm.class.php @@ -192,7 +192,7 @@ class PaymentTerm // extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."c_payment_term as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php index 9e25cc3deee..542d7aeb1bd 100644 --- a/htdocs/compta/index.php +++ b/htdocs/compta/index.php @@ -9,6 +9,7 @@ * Copyright (C) 2019 Nicolas ZABOURI * Copyright (C) 2020 Tobias Sekan * Copyright (C) 2020 Josep Lluís Amador + * Copyright (C) 2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -997,6 +998,7 @@ if (!empty($conf->facture->enabled) && $user->rights->facture->lire) { $sql .= ", s.nom as name"; $sql .= ", s.rowid as socid, s.email"; $sql .= ", s.code_client, s.code_compta"; + $sql .= ", s.code_fournisseur, s.code_compta_fournisseur"; $sql .= ", cc.rowid as country_id, cc.code as country_code"; $sql .= ", sum(pf.amount) as am"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s LEFT JOIN ".MAIN_DB_PREFIX."c_country as cc ON cc.rowid = s.fk_pays,".MAIN_DB_PREFIX."facture as f"; @@ -1019,6 +1021,7 @@ if (!empty($conf->facture->enabled) && $user->rights->facture->lire) { $sql .= " GROUP BY f.rowid, f.ref, f.fk_statut, f.datef, f.type, f.total, f.tva, f.total_ttc, f.paye, f.tms, f.date_lim_reglement,"; $sql .= " s.nom, s.rowid, s.email, s.code_client, s.code_compta, cc.rowid, cc.code"; + $sql .= ", s.code_fournisseur, s.code_compta_fournisseur"; $sql .= " ORDER BY f.datef ASC, f.ref ASC"; $resql = $db->query($sql); diff --git a/htdocs/compta/localtax/class/localtax.class.php b/htdocs/compta/localtax/class/localtax.class.php index cdea12902bc..46b2b2b7805 100644 --- a/htdocs/compta/localtax/class/localtax.class.php +++ b/htdocs/compta/localtax/class/localtax.class.php @@ -180,7 +180,7 @@ class Localtax extends CommonObject $sql .= " fk_bank=".(int) $this->fk_bank.","; $sql .= " fk_user_creat=".(int) $this->fk_user_creat.","; $sql .= " fk_user_modif=".(int) $this->fk_user_modif; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -234,7 +234,7 @@ class Localtax extends CommonObject $sql .= " b.rappro"; $sql .= " FROM ".MAIN_DB_PREFIX."localtax as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON t.fk_bank = b.rowid"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -284,7 +284,7 @@ class Localtax extends CommonObject // End call triggers $sql = "DELETE FROM ".MAIN_DB_PREFIX."localtax"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/paiement/cheque/class/remisecheque.class.php b/htdocs/compta/paiement/cheque/class/remisecheque.class.php index 3d73c59d967..8af9d5a6543 100644 --- a/htdocs/compta/paiement/cheque/class/remisecheque.class.php +++ b/htdocs/compta/paiement/cheque/class/remisecheque.class.php @@ -191,7 +191,7 @@ class RemiseCheque extends CommonObject if ($this->id > 0 && $this->errno == 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; $sql .= " SET ref='(PROV".$this->id.")'"; - $sql .= " WHERE rowid=".$this->id.""; + $sql .= " WHERE rowid=".((int) $this->id).""; $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index 06d13e78023..42b05f39263 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -169,7 +169,7 @@ class Paiement extends CommonObject $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON p.fk_bank = b.rowid'; $sql .= ' WHERE p.entity IN ('.getEntity('invoice').')'; if ($id > 0) { - $sql .= ' AND p.rowid = '.$id; + $sql .= ' AND p.rowid = '.((int) $id); } elseif ($ref) { $sql .= " AND p.ref = '".$ref."'"; } elseif ($fk_bank) { @@ -899,7 +899,7 @@ class Paiement extends CommonObject { $sql = 'SELECT p.rowid, p.datec, p.fk_user_creat, p.fk_user_modif, p.tms'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement as p'; - $sql .= ' WHERE p.rowid = '.$id; + $sql .= ' WHERE p.rowid = '.((int) $id); dol_syslog(get_class($this).'::info', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index f70daf75c3a..3d04cf1f6a5 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -427,7 +427,7 @@ class BonPrelevement extends CommonObject $sql .= " SET fk_user_credit = ".$user->id; $sql .= ", statut = ".self::STATUS_CREDITED; $sql .= ", date_credit = '".$this->db->idate($date)."'"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $sql .= " AND statut = ".self::STATUS_TRANSFERED; diff --git a/htdocs/compta/prelevement/class/rejetprelevement.class.php b/htdocs/compta/prelevement/class/rejetprelevement.class.php index 70742d24685..0faea8a159c 100644 --- a/htdocs/compta/prelevement/class/rejetprelevement.class.php +++ b/htdocs/compta/prelevement/class/rejetprelevement.class.php @@ -128,7 +128,7 @@ class RejetPrelevement // Tag the line to refused $sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_lignes "; $sql .= " SET statut = 3"; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); if (!$this->db->query($sql)) { dol_syslog("RejetPrelevement::create Erreur 5"); diff --git a/htdocs/compta/sociales/class/chargesociales.class.php b/htdocs/compta/sociales/class/chargesociales.class.php index 91a0708c361..d7fcd9278a9 100644 --- a/htdocs/compta/sociales/class/chargesociales.class.php +++ b/htdocs/compta/sociales/class/chargesociales.class.php @@ -149,7 +149,7 @@ class ChargeSociales extends CommonObject if ($ref) { $sql .= " AND cs.rowid = ".$ref; } else { - $sql .= " AND cs.rowid = ".$id; + $sql .= " AND cs.rowid = ".((int) $id); } dol_syslog(get_class($this)."::fetch", LOG_DEBUG); @@ -311,7 +311,7 @@ class ChargeSociales extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."chargesociales WHERE rowid=".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."chargesociales WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -350,7 +350,7 @@ class ChargeSociales extends CommonObject $sql .= ", fk_projet=".($this->fk_project > 0 ? $this->db->escape($this->fk_project) : "NULL"); $sql .= ", fk_user=".($this->fk_user > 0 ? $this->db->escape($this->fk_user) : "NULL"); $sql .= ", fk_user_modif=".$user->id; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -672,7 +672,7 @@ class ChargeSociales extends CommonObject $sql = "SELECT e.rowid, e.tms as datem, e.date_creation as datec, e.date_valid as datev, e.import_key,"; $sql .= " e.fk_user_author, e.fk_user_modif, e.fk_user_valid"; $sql .= " FROM ".MAIN_DB_PREFIX."chargesociales as e"; - $sql .= " WHERE e.rowid = ".$id; + $sql .= " WHERE e.rowid = ".((int) $id); dol_syslog(get_class($this)."::info", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php index bb9a48b4c4c..8f7f13e6043 100644 --- a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php +++ b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php @@ -262,7 +262,7 @@ class PaymentSocialContribution extends CommonObject $sql .= ' b.fk_account'; $sql .= " FROM ".MAIN_DB_PREFIX."paiementcharge as t LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pt ON t.fk_typepaiement = pt.id"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON t.fk_bank = b.rowid'; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); // TODO link on entity of tax; dol_syslog(get_class($this)."::fetch", LOG_DEBUG); @@ -362,7 +362,7 @@ class PaymentSocialContribution extends CommonObject $sql .= " fk_user_modif=".(isset($this->fk_user_modif) ? $this->fk_user_modif : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -416,7 +416,7 @@ class PaymentSocialContribution extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."paiementcharge"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/stats/byratecountry.php b/htdocs/compta/stats/byratecountry.php index e2047d00738..79379ee0b24 100644 --- a/htdocs/compta/stats/byratecountry.php +++ b/htdocs/compta/stats/byratecountry.php @@ -1,6 +1,6 @@ - * Copyright (C) 2018 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -114,7 +114,7 @@ if (empty($min)) { // Define modetax (0 or 1) // 0=normal, 1=option vat for services is on debit, 2=option on payments for products -$modetax = $conf->global->TAX_MODE; +$modetax = empty($conf->global->TAX_MODE) ? 0 : $conf->global->TAX_MODE; if (GETPOSTISSET("modetax")) { $modetax = GETPOST("modetax", 'int'); } diff --git a/htdocs/compta/tva/class/paymentvat.class.php b/htdocs/compta/tva/class/paymentvat.class.php index 4f816164db0..9ba1bd2ed1d 100644 --- a/htdocs/compta/tva/class/paymentvat.class.php +++ b/htdocs/compta/tva/class/paymentvat.class.php @@ -261,7 +261,7 @@ class PaymentVAT extends CommonObject $sql .= ' b.fk_account'; $sql .= " FROM ".MAIN_DB_PREFIX."payment_vat as t LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pt ON t.fk_typepaiement = pt.id"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON t.fk_bank = b.rowid'; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); // TODO link on entity of tax; dol_syslog(get_class($this)."::fetch", LOG_DEBUG); @@ -365,7 +365,7 @@ class PaymentVAT extends CommonObject $sql .= " fk_user_modif=".(isset($this->fk_user_modif) ? $this->fk_user_modif : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -419,7 +419,7 @@ class PaymentVAT extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_vat"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/tva/class/tva.class.php b/htdocs/compta/tva/class/tva.class.php index f45112aedda..552195cf2d2 100644 --- a/htdocs/compta/tva/class/tva.class.php +++ b/htdocs/compta/tva/class/tva.class.php @@ -209,7 +209,7 @@ class Tva extends CommonObject $sql .= " note='".$this->db->escape($this->note)."',"; $sql .= " fk_user_creat=".$this->fk_user_creat.","; $sql .= " fk_user_modif=".($this->fk_user_modif > 0 ? $this->fk_user_modif : $user->id).""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -305,7 +305,7 @@ class Tva extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."tva as t"; //$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON t.fk_bank = b.rowid"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -360,7 +360,7 @@ class Tva extends CommonObject // End call triggers $sql = "DELETE FROM ".MAIN_DB_PREFIX."tva"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/tva/index.php b/htdocs/compta/tva/index.php index 2602d00a216..2b396fe6006 100644 --- a/htdocs/compta/tva/index.php +++ b/htdocs/compta/tva/index.php @@ -4,8 +4,9 @@ * Copyright (C) 2004-2018 Laurent Destailleur * Copyright (C) 2005-2009 Regis Houssin * Copyright (C) 2014 Ferran Marcet - * Copyright (C) 2018 Frédéric France - * Copyright (C) 2021 Gauthier VERDOL + * Copyright (C) 2018 Frédéric France + * Copyright (C) 2021 Gauthier VERDOL + * Copyright (C) 2021 Open-Dsi * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -43,61 +44,89 @@ if (empty($conf->global->SOCIETE_FISCAL_MONTH_START)) { $conf->global->SOCIETE_FISCAL_MONTH_START = 1; } -// Date range -$year = GETPOST("year", "int"); -if (empty($year)) { - $year_current = $current_date['year']; - $year_start = $year_current; -} else { - $year_current = $year; - $year_start = $year; -} -$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear")); -$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear")); -// Set default period if not defined -if (empty($date_start) || empty($date_end)) { // We define date_start and date_end - $q = GETPOST("q", "int"); - if (empty($q)) { - if (GETPOST("month", "int")) { - $date_start = dol_get_first_day($year_start, GETPOST("month", "int"), false); - $date_end = dol_get_last_day($year_start, GETPOST("month", "int"), false); +$refresh = GETPOSTISSET('submit') ? true : false; + +if ($refresh === false) { + $year_current = dol_print_date('%Y', $now); + $month_current = dol_print_date('%m', $now); + + // 1 : Monthly (by default) + // 2 : Quarterly + // 3 : Annual + if ($conf->global->MAIN_INFO_VAT_RETURN == 2) { + // quarterly + $year = $year_current; + if ($month_current >= 7 && $month_current <= 9) { + $month_start = 4; + $month_end = 6; + } elseif ($month_current >= 10 && $month_current <= 12) { + $month_start = 7; + $month_end = 9; + } elseif ($month_current >= 1 && $month_current <= 3) { + $month_start = 10; + $month_end = 12; + $year--; } else { - if (empty($conf->global->MAIN_INFO_VAT_RETURN) || $conf->global->MAIN_INFO_VAT_RETURN == 2) { // quaterly vat, we take last past complete quarter - $date_start = dol_time_plus_duree(dol_get_first_day($year_start, $current_date['mon'], false), -3 - (($current_date['mon'] - $conf->global->SOCIETE_FISCAL_MONTH_START) % 3), 'm'); - $date_end = dol_time_plus_duree($date_start, 3, 'm') - 1; - } elseif ($conf->global->MAIN_INFO_VAT_RETURN == 3) { // yearly vat - if ($current_date['mon'] < $conf->global->SOCIETE_FISCAL_MONTH_START) { - if (($conf->global->SOCIETE_FISCAL_MONTH_START - $current_date['mon']) > 6) { // If period started from less than 6 years, we show past year - $year_start--; - } - } else { - if (($current_date['mon'] - $conf->global->SOCIETE_FISCAL_MONTH_START) < 6) { // If perdio started from less than 6 years, we show past year - $year_start--; - } - } + $month_start = 1; + $month_end = 3; + } + $date_start = dol_get_first_day($year, $month_start); + $date_end = dol_get_last_day($year, $month_end); + } elseif ($conf->global->MAIN_INFO_VAT_RETURN == 3) { + // annual + $date_start = dol_get_first_day($year_current, 1); + $date_end = dol_get_last_day($year_current, 12); + } else { + // monthly by default + $year = $year_current; + $month_last = $month_current - 1; + if ($month_last <= 0) { + $month_last = $month_last + 12; + $year--; + } + $date_start = dol_get_first_day($year, $month_last); + $date_end = dol_get_last_day($year, $month_last); + } +} else { + // Date range + $year = GETPOST("year", "int"); + if (empty($year)) { + $year_current = dol_print_date(dol_now(), "%Y"); + if ($conf->global->SOCIETE_FISCAL_MONTH_START > dol_print_date(dol_now(), "%m")) $year_current--; + $year_start = $year_current; + } else { + $year_current = $year; + $year_start = $year; + } + $date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear")); + $date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear")); + if (empty($date_start) || empty($date_end)) {// We define date_start and date_end + $q = GETPOST("q", "int"); + if (empty($q)) { + if (GETPOST("month", "int")) { + $date_start = dol_get_first_day($year_start, GETPOST("month", "int"), false); + $date_end = dol_get_last_day($year_start, GETPOST("month", "int"), false); + } else { $date_start = dol_get_first_day($year_start, $conf->global->SOCIETE_FISCAL_MONTH_START, false); $date_end = dol_time_plus_duree($date_start, 1, 'y') - 1; - } elseif ($conf->global->MAIN_INFO_VAT_RETURN == 1) { // monthly vat, we take last past complete month - $date_start = dol_time_plus_duree(dol_get_first_day($year_start, $current_date['mon'], false), -1, 'm'); - $date_end = dol_time_plus_duree($date_start, 1, 'm') - 1; } - } - } else { - if ($q == 1) { - $date_start = dol_get_first_day($year_start, 1, false); - $date_end = dol_get_last_day($year_start, 3, false); - } - if ($q == 2) { - $date_start = dol_get_first_day($year_start, 4, false); - $date_end = dol_get_last_day($year_start, 6, false); - } - if ($q == 3) { - $date_start = dol_get_first_day($year_start, 7, false); - $date_end = dol_get_last_day($year_start, 9, false); - } - if ($q == 4) { - $date_start = dol_get_first_day($year_start, 10, false); - $date_end = dol_get_last_day($year_start, 12, false); + } else { + if ($q == 1) { + $date_start = dol_get_first_day($year_start, 1, false); + $date_end = dol_get_last_day($year_start, 3, false); + } + if ($q == 2) { + $date_start = dol_get_first_day($year_start, 4, false); + $date_end = dol_get_last_day($year_start, 6, false); + } + if ($q == 3) { + $date_start = dol_get_first_day($year_start, 7, false); + $date_end = dol_get_last_day($year_start, 9, false); + } + if ($q == 4) { + $date_start = dol_get_first_day($year_start, 10, false); + $date_end = dol_get_last_day($year_start, 12, false); + } } } } @@ -286,319 +315,319 @@ report_header($name, '', $period, $periodlink, $description, $builddate, $export print '
'; -print '
'; +if ($refresh === true) { + print '
'; -print load_fiche_titre($langs->trans("VATSummary"), '', ''); + print load_fiche_titre($langs->trans("VATSummary"), '', ''); -print ''; -print ''; -print ''; -print ''; -print ''; -print ''; -print ''."\n"; -print ''."\n"; + print '
'.$langs->trans("Year")." ".$y.''.$langs->trans("VATToPay").''.$langs->trans("VATToCollect").''.$langs->trans("Balance").' 
'; + print ''; + print ''; + print ''; + print ''; + print ''; + print '' . "\n"; + print '' . "\n"; -$tmp = dol_getdate($date_start); -$y = $tmp['year']; -$m = $tmp['mon']; -$tmp = dol_getdate($date_end); -$yend = $tmp['year']; -$mend = $tmp['mon']; + $tmp = dol_getdate($date_start); + $y = $tmp['year']; + $m = $tmp['mon']; + $tmp = dol_getdate($date_end); + $yend = $tmp['year']; + $mend = $tmp['mon']; //var_dump($m); -$total = 0; -$subtotalcoll = 0; -$subtotalpaye = 0; -$subtotal = 0; -$i = 0; -$mcursor = 0; + $total = 0; + $subtotalcoll = 0; + $subtotalpaye = 0; + $subtotal = 0; + $i = 0; + $mcursor = 0; -while ((($y < $yend) || ($y == $yend && $m <= $mend)) && $mcursor < 1000) { // $mcursor is to avoid too large loop - //$m = $conf->global->SOCIETE_FISCAL_MONTH_START + ($mcursor % 12); - if ($m == 13) { - $y++; - } - if ($m > 12) { - $m -= 12; - } - $mcursor++; - - $x_coll = tax_by_rate('vat', $db, $y, 0, 0, 0, $modetax, 'sell', $m); - $x_paye = tax_by_rate('vat', $db, $y, 0, 0, 0, $modetax, 'buy', $m); - - $x_both = array(); - //now, from these two arrays, get another array with one rate per line - foreach (array_keys($x_coll) as $my_coll_rate) { - $x_both[$my_coll_rate]['coll']['totalht'] = $x_coll[$my_coll_rate]['totalht']; - $x_both[$my_coll_rate]['coll']['vat'] = $x_coll[$my_coll_rate]['vat']; - $x_both[$my_coll_rate]['paye']['totalht'] = 0; - $x_both[$my_coll_rate]['paye']['vat'] = 0; - $x_both[$my_coll_rate]['coll']['links'] = ''; - $x_both[$my_coll_rate]['coll']['detail'] = array(); - foreach ($x_coll[$my_coll_rate]['facid'] as $id => $dummy) { - //$invoice_customer->id=$x_coll[$my_coll_rate]['facid'][$id]; - //$invoice_customer->ref=$x_coll[$my_coll_rate]['facnum'][$id]; - //$invoice_customer->type=$x_coll[$my_coll_rate]['type'][$id]; - //$company_static->fetch($x_coll[$my_coll_rate]['company_id'][$id]); - $x_both[$my_coll_rate]['coll']['detail'][] = array( - 'id' =>$x_coll[$my_coll_rate]['facid'][$id], - 'descr' =>$x_coll[$my_coll_rate]['descr'][$id], - 'pid' =>$x_coll[$my_coll_rate]['pid'][$id], - 'pref' =>$x_coll[$my_coll_rate]['pref'][$id], - 'ptype' =>$x_coll[$my_coll_rate]['ptype'][$id], - 'payment_id'=>$x_coll[$my_coll_rate]['payment_id'][$id], - 'payment_amount'=>$x_coll[$my_coll_rate]['payment_amount'][$id], - 'ftotal_ttc'=>$x_coll[$my_coll_rate]['ftotal_ttc'][$id], - 'dtotal_ttc'=>$x_coll[$my_coll_rate]['dtotal_ttc'][$id], - 'dtype' =>$x_coll[$my_coll_rate]['dtype'][$id], - 'datef' =>$x_coll[$my_coll_rate]['datef'][$id], - 'datep' =>$x_coll[$my_coll_rate]['datep'][$id], - //'company_link'=>$company_static->getNomUrl(1,'',20), - 'ddate_start'=>$x_coll[$my_coll_rate]['ddate_start'][$id], - 'ddate_end' =>$x_coll[$my_coll_rate]['ddate_end'][$id], - 'totalht' =>$x_coll[$my_coll_rate]['totalht_list'][$id], - 'vat' =>$x_coll[$my_coll_rate]['vat_list'][$id], - //'link' =>$invoice_customer->getNomUrl(1,'',12) - ); + while ((($y < $yend) || ($y == $yend && $m <= $mend)) && $mcursor < 1000) { // $mcursor is to avoid too large loop + //$m = $conf->global->SOCIETE_FISCAL_MONTH_START + ($mcursor % 12); + if ($m == 13) { + $y++; } - } - - // tva paid - foreach (array_keys($x_paye) as $my_paye_rate) { - $x_both[$my_paye_rate]['paye']['totalht'] = $x_paye[$my_paye_rate]['totalht']; - $x_both[$my_paye_rate]['paye']['vat'] = $x_paye[$my_paye_rate]['vat']; - if (!isset($x_both[$my_paye_rate]['coll']['totalht'])) { - $x_both[$my_paye_rate]['coll']['totalht'] = 0; - $x_both[$my_paye_rate]['coll']['vat'] = 0; + if ($m > 12) { + $m -= 12; } - $x_both[$my_paye_rate]['paye']['links'] = ''; - $x_both[$my_paye_rate]['paye']['detail'] = array(); + $mcursor++; - foreach ($x_paye[$my_paye_rate]['facid'] as $id => $dummy) { - // ExpenseReport - if ($x_paye[$my_paye_rate]['ptype'][$id] == 'ExpenseReportPayment') { - //$expensereport->id=$x_paye[$my_paye_rate]['facid'][$id]; - //$expensereport->ref=$x_paye[$my_paye_rate]['facnum'][$id]; - //$expensereport->type=$x_paye[$my_paye_rate]['type'][$id]; + $x_coll = tax_by_rate('vat', $db, $y, 0, 0, 0, $modetax, 'sell', $m); + $x_paye = tax_by_rate('vat', $db, $y, 0, 0, 0, $modetax, 'buy', $m); - $x_both[$my_paye_rate]['paye']['detail'][] = array( - 'id' =>$x_paye[$my_paye_rate]['facid'][$id], - 'descr' =>$x_paye[$my_paye_rate]['descr'][$id], - 'pid' =>$x_paye[$my_paye_rate]['pid'][$id], - 'pref' =>$x_paye[$my_paye_rate]['pref'][$id], - 'ptype' =>$x_paye[$my_paye_rate]['ptype'][$id], - 'payment_id' =>$x_paye[$my_paye_rate]['payment_id'][$id], - 'payment_amount' =>$x_paye[$my_paye_rate]['payment_amount'][$id], - 'ftotal_ttc' =>price2num($x_paye[$my_paye_rate]['ftotal_ttc'][$id]), - 'dtotal_ttc' =>price2num($x_paye[$my_paye_rate]['dtotal_ttc'][$id]), - 'dtype' =>$x_paye[$my_paye_rate]['dtype'][$id], - 'ddate_start' =>$x_paye[$my_paye_rate]['ddate_start'][$id], - 'ddate_end' =>$x_paye[$my_paye_rate]['ddate_end'][$id], - 'totalht' =>price2num($x_paye[$my_paye_rate]['totalht_list'][$id]), - 'vat' =>$x_paye[$my_paye_rate]['vat_list'][$id], - //'link' =>$expensereport->getNomUrl(1) - ); - } else { - //$invoice_supplier->id=$x_paye[$my_paye_rate]['facid'][$id]; - //$invoice_supplier->ref=$x_paye[$my_paye_rate]['facnum'][$id]; - //$invoice_supplier->type=$x_paye[$my_paye_rate]['type'][$id]; - //$company_static->fetch($x_paye[$my_paye_rate]['company_id'][$id]); - $x_both[$my_paye_rate]['paye']['detail'][] = array( - 'id' =>$x_paye[$my_paye_rate]['facid'][$id], - 'descr' =>$x_paye[$my_paye_rate]['descr'][$id], - 'pid' =>$x_paye[$my_paye_rate]['pid'][$id], - 'pref' =>$x_paye[$my_paye_rate]['pref'][$id], - 'ptype' =>$x_paye[$my_paye_rate]['ptype'][$id], - 'payment_id'=>$x_paye[$my_paye_rate]['payment_id'][$id], - 'payment_amount'=>$x_paye[$my_paye_rate]['payment_amount'][$id], - 'ftotal_ttc'=>price2num($x_paye[$my_paye_rate]['ftotal_ttc'][$id]), - 'dtotal_ttc'=>price2num($x_paye[$my_paye_rate]['dtotal_ttc'][$id]), - 'dtype' =>$x_paye[$my_paye_rate]['dtype'][$id], - 'datef' =>$x_paye[$my_paye_rate]['datef'][$id], - 'datep' =>$x_paye[$my_paye_rate]['datep'][$id], - //'company_link'=>$company_static->getNomUrl(1,'',20), - 'ddate_start'=>$x_paye[$my_paye_rate]['ddate_start'][$id], - 'ddate_end' =>$x_paye[$my_paye_rate]['ddate_end'][$id], - 'totalht' =>price2num($x_paye[$my_paye_rate]['totalht_list'][$id]), - 'vat' =>$x_paye[$my_paye_rate]['vat_list'][$id], - //'link' =>$invoice_supplier->getNomUrl(1,'',12) + $x_both = array(); + //now, from these two arrays, get another array with one rate per line + foreach (array_keys($x_coll) as $my_coll_rate) { + $x_both[$my_coll_rate]['coll']['totalht'] = $x_coll[$my_coll_rate]['totalht']; + $x_both[$my_coll_rate]['coll']['vat'] = $x_coll[$my_coll_rate]['vat']; + $x_both[$my_coll_rate]['paye']['totalht'] = 0; + $x_both[$my_coll_rate]['paye']['vat'] = 0; + $x_both[$my_coll_rate]['coll']['links'] = ''; + $x_both[$my_coll_rate]['coll']['detail'] = array(); + foreach ($x_coll[$my_coll_rate]['facid'] as $id => $dummy) { + //$invoice_customer->id=$x_coll[$my_coll_rate]['facid'][$id]; + //$invoice_customer->ref=$x_coll[$my_coll_rate]['facnum'][$id]; + //$invoice_customer->type=$x_coll[$my_coll_rate]['type'][$id]; + //$company_static->fetch($x_coll[$my_coll_rate]['company_id'][$id]); + $x_both[$my_coll_rate]['coll']['detail'][] = array( + 'id' => $x_coll[$my_coll_rate]['facid'][$id], + 'descr' => $x_coll[$my_coll_rate]['descr'][$id], + 'pid' => $x_coll[$my_coll_rate]['pid'][$id], + 'pref' => $x_coll[$my_coll_rate]['pref'][$id], + 'ptype' => $x_coll[$my_coll_rate]['ptype'][$id], + 'payment_id' => $x_coll[$my_coll_rate]['payment_id'][$id], + 'payment_amount' => $x_coll[$my_coll_rate]['payment_amount'][$id], + 'ftotal_ttc' => $x_coll[$my_coll_rate]['ftotal_ttc'][$id], + 'dtotal_ttc' => $x_coll[$my_coll_rate]['dtotal_ttc'][$id], + 'dtype' => $x_coll[$my_coll_rate]['dtype'][$id], + 'datef' => $x_coll[$my_coll_rate]['datef'][$id], + 'datep' => $x_coll[$my_coll_rate]['datep'][$id], + //'company_link'=>$company_static->getNomUrl(1,'',20), + 'ddate_start' => $x_coll[$my_coll_rate]['ddate_start'][$id], + 'ddate_end' => $x_coll[$my_coll_rate]['ddate_end'][$id], + 'totalht' => $x_coll[$my_coll_rate]['totalht_list'][$id], + 'vat' => $x_coll[$my_coll_rate]['vat_list'][$id], + //'link' =>$invoice_customer->getNomUrl(1,'',12) ); } } - } - //now we have an array (x_both) indexed by rates for coll and paye - $action = "tva"; - $object = array(&$x_coll, &$x_paye, &$x_both); - $parameters["mode"] = $modetax; - $parameters["year"] = $y; - $parameters["month"] = $m; - $parameters["type"] = 'vat'; + // tva paid + foreach (array_keys($x_paye) as $my_paye_rate) { + $x_both[$my_paye_rate]['paye']['totalht'] = $x_paye[$my_paye_rate]['totalht']; + $x_both[$my_paye_rate]['paye']['vat'] = $x_paye[$my_paye_rate]['vat']; + if (!isset($x_both[$my_paye_rate]['coll']['totalht'])) { + $x_both[$my_paye_rate]['coll']['totalht'] = 0; + $x_both[$my_paye_rate]['coll']['vat'] = 0; + } + $x_both[$my_paye_rate]['paye']['links'] = ''; + $x_both[$my_paye_rate]['paye']['detail'] = array(); - // Initialize technical object to manage hooks of expenses. Note that conf->hooks_modules contains array array - $hookmanager->initHooks(array('externalbalance')); - $reshook = $hookmanager->executeHooks('addVatLine', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks + foreach ($x_paye[$my_paye_rate]['facid'] as $id => $dummy) { + // ExpenseReport + if ($x_paye[$my_paye_rate]['ptype'][$id] == 'ExpenseReportPayment') { + //$expensereport->id=$x_paye[$my_paye_rate]['facid'][$id]; + //$expensereport->ref=$x_paye[$my_paye_rate]['facnum'][$id]; + //$expensereport->type=$x_paye[$my_paye_rate]['type'][$id]; - if (!is_array($x_coll) && $coll_listbuy == -1) { - $langs->load("errors"); - print ''; - break; - } - if (!is_array($x_paye) && $coll_listbuy == -2) { - print ''; - break; - } - - - print ''; - print ''; - - $x_coll_sum = 0; - foreach (array_keys($x_coll) as $rate) { - $subtot_coll_total_ht = 0; - $subtot_coll_vat = 0; - - foreach ($x_both[$rate]['coll']['detail'] as $index => $fields) { - // Payment - $ratiopaymentinvoice = 1; - if ($modetax != 1) { - // Define type - // We MUST use dtype (type in line). We can use something else, only if dtype is really unknown. - $type = (isset($fields['dtype']) ? $fields['dtype'] : $fields['ptype']); - // Try to enhance type detection using date_start and date_end for free lines where type - // was not saved. - if (!empty($fields['ddate_start'])) { - $type = 1; - } - if (!empty($fields['ddate_end'])) { - $type = 1; - } - - if (($type == 0 && $conf->global->TAX_MODE_SELL_PRODUCT == 'invoice') - || ($type == 1 && $conf->global->TAX_MODE_SELL_SERVICE == 'invoice')) { - //print $langs->trans("NA"); + $x_both[$my_paye_rate]['paye']['detail'][] = array( + 'id' => $x_paye[$my_paye_rate]['facid'][$id], + 'descr' => $x_paye[$my_paye_rate]['descr'][$id], + 'pid' => $x_paye[$my_paye_rate]['pid'][$id], + 'pref' => $x_paye[$my_paye_rate]['pref'][$id], + 'ptype' => $x_paye[$my_paye_rate]['ptype'][$id], + 'payment_id' => $x_paye[$my_paye_rate]['payment_id'][$id], + 'payment_amount' => $x_paye[$my_paye_rate]['payment_amount'][$id], + 'ftotal_ttc' => price2num($x_paye[$my_paye_rate]['ftotal_ttc'][$id]), + 'dtotal_ttc' => price2num($x_paye[$my_paye_rate]['dtotal_ttc'][$id]), + 'dtype' => $x_paye[$my_paye_rate]['dtype'][$id], + 'ddate_start' => $x_paye[$my_paye_rate]['ddate_start'][$id], + 'ddate_end' => $x_paye[$my_paye_rate]['ddate_end'][$id], + 'totalht' => price2num($x_paye[$my_paye_rate]['totalht_list'][$id]), + 'vat' => $x_paye[$my_paye_rate]['vat_list'][$id], + //'link' =>$expensereport->getNomUrl(1) + ); } else { - if (isset($fields['payment_amount']) && price2num($fields['ftotal_ttc'])) { - $ratiopaymentinvoice = ($fields['payment_amount'] / $fields['ftotal_ttc']); - } + //$invoice_supplier->id=$x_paye[$my_paye_rate]['facid'][$id]; + //$invoice_supplier->ref=$x_paye[$my_paye_rate]['facnum'][$id]; + //$invoice_supplier->type=$x_paye[$my_paye_rate]['type'][$id]; + //$company_static->fetch($x_paye[$my_paye_rate]['company_id'][$id]); + $x_both[$my_paye_rate]['paye']['detail'][] = array( + 'id' => $x_paye[$my_paye_rate]['facid'][$id], + 'descr' => $x_paye[$my_paye_rate]['descr'][$id], + 'pid' => $x_paye[$my_paye_rate]['pid'][$id], + 'pref' => $x_paye[$my_paye_rate]['pref'][$id], + 'ptype' => $x_paye[$my_paye_rate]['ptype'][$id], + 'payment_id' => $x_paye[$my_paye_rate]['payment_id'][$id], + 'payment_amount' => $x_paye[$my_paye_rate]['payment_amount'][$id], + 'ftotal_ttc' => price2num($x_paye[$my_paye_rate]['ftotal_ttc'][$id]), + 'dtotal_ttc' => price2num($x_paye[$my_paye_rate]['dtotal_ttc'][$id]), + 'dtype' => $x_paye[$my_paye_rate]['dtype'][$id], + 'datef' => $x_paye[$my_paye_rate]['datef'][$id], + 'datep' => $x_paye[$my_paye_rate]['datep'][$id], + //'company_link'=>$company_static->getNomUrl(1,'',20), + 'ddate_start' => $x_paye[$my_paye_rate]['ddate_start'][$id], + 'ddate_end' => $x_paye[$my_paye_rate]['ddate_end'][$id], + 'totalht' => price2num($x_paye[$my_paye_rate]['totalht_list'][$id]), + 'vat' => $x_paye[$my_paye_rate]['vat_list'][$id], + //'link' =>$invoice_supplier->getNomUrl(1,'',12) + ); } } - //var_dump('type='.$type.' '.$fields['totalht'].' '.$ratiopaymentinvoice); - $temp_ht = $fields['totalht'] * $ratiopaymentinvoice; - $temp_vat = $fields['vat'] * $ratiopaymentinvoice; - $subtot_coll_total_ht += $temp_ht; - $subtot_coll_vat += $temp_vat; - $x_coll_sum += $temp_vat; } - } - print ''; + //now we have an array (x_both) indexed by rates for coll and paye - $x_paye_sum = 0; - foreach (array_keys($x_paye) as $rate) { - $subtot_paye_total_ht = 0; - $subtot_paye_vat = 0; + $action = "tva"; + $object = array(&$x_coll, &$x_paye, &$x_both); + $parameters["mode"] = $modetax; + $parameters["year"] = $y; + $parameters["month"] = $m; + $parameters["type"] = 'vat'; - foreach ($x_both[$rate]['paye']['detail'] as $index => $fields) { - // Payment - $ratiopaymentinvoice = 1; - if ($modetax != 1) { - // Define type - // We MUST use dtype (type in line). We can use something else, only if dtype is really unknown. - $type = (isset($fields['dtype']) ? $fields['dtype'] : $fields['ptype']); - // Try to enhance type detection using date_start and date_end for free lines where type - // was not saved. - if (!empty($fields['ddate_start'])) { - $type = 1; - } - if (!empty($fields['ddate_end'])) { - $type = 1; - } + // Initialize technical object to manage hooks of expenses. Note that conf->hooks_modules contains array array + $hookmanager->initHooks(array('externalbalance')); + $reshook = $hookmanager->executeHooks('addVatLine', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks - if (($type == 0 && $conf->global->TAX_MODE_SELL_PRODUCT == 'invoice') - || ($type == 1 && $conf->global->TAX_MODE_SELL_SERVICE == 'invoice')) { - //print $langs->trans("NA"); - } else { - if (isset($fields['payment_amount']) && price2num($fields['ftotal_ttc'])) { - $ratiopaymentinvoice = ($fields['payment_amount'] / $fields['ftotal_ttc']); + if (!is_array($x_coll) && $coll_listbuy == -1) { + $langs->load("errors"); + print ''; + break; + } + if (!is_array($x_paye) && $coll_listbuy == -2) { + print ''; + break; + } + + + print ''; + print ''; + + $x_coll_sum = 0; + foreach (array_keys($x_coll) as $rate) { + $subtot_coll_total_ht = 0; + $subtot_coll_vat = 0; + + foreach ($x_both[$rate]['coll']['detail'] as $index => $fields) { + // Payment + $ratiopaymentinvoice = 1; + if ($modetax != 1) { + // Define type + // We MUST use dtype (type in line). We can use something else, only if dtype is really unknown. + $type = (isset($fields['dtype']) ? $fields['dtype'] : $fields['ptype']); + // Try to enhance type detection using date_start and date_end for free lines where type + // was not saved. + if (!empty($fields['ddate_start'])) { + $type = 1; + } + if (!empty($fields['ddate_end'])) { + $type = 1; + } + + if (($type == 0 && $conf->global->TAX_MODE_SELL_PRODUCT == 'invoice') + || ($type == 1 && $conf->global->TAX_MODE_SELL_SERVICE == 'invoice')) { + //print $langs->trans("NA"); + } else { + if (isset($fields['payment_amount']) && price2num($fields['ftotal_ttc'])) { + $ratiopaymentinvoice = ($fields['payment_amount'] / $fields['ftotal_ttc']); + } } } + //var_dump('type='.$type.' '.$fields['totalht'].' '.$ratiopaymentinvoice); + $temp_ht = $fields['totalht'] * $ratiopaymentinvoice; + $temp_vat = $fields['vat'] * $ratiopaymentinvoice; + $subtot_coll_total_ht += $temp_ht; + $subtot_coll_vat += $temp_vat; + $x_coll_sum += $temp_vat; } - //var_dump('type='.$type.' '.$fields['totalht'].' '.$ratiopaymentinvoice); - $temp_ht = $fields['totalht'] * $ratiopaymentinvoice; - $temp_vat = $fields['vat'] * $ratiopaymentinvoice; - $subtot_paye_total_ht += $temp_ht; - $subtot_paye_vat += $temp_vat; - $x_paye_sum += $temp_vat; + } + print ''; + + $x_paye_sum = 0; + foreach (array_keys($x_paye) as $rate) { + $subtot_paye_total_ht = 0; + $subtot_paye_vat = 0; + + foreach ($x_both[$rate]['paye']['detail'] as $index => $fields) { + // Payment + $ratiopaymentinvoice = 1; + if ($modetax != 1) { + // Define type + // We MUST use dtype (type in line). We can use something else, only if dtype is really unknown. + $type = (isset($fields['dtype']) ? $fields['dtype'] : $fields['ptype']); + // Try to enhance type detection using date_start and date_end for free lines where type + // was not saved. + if (!empty($fields['ddate_start'])) { + $type = 1; + } + if (!empty($fields['ddate_end'])) { + $type = 1; + } + + if (($type == 0 && $conf->global->TAX_MODE_SELL_PRODUCT == 'invoice') + || ($type == 1 && $conf->global->TAX_MODE_SELL_SERVICE == 'invoice')) { + //print $langs->trans("NA"); + } else { + if (isset($fields['payment_amount']) && price2num($fields['ftotal_ttc'])) { + $ratiopaymentinvoice = ($fields['payment_amount'] / $fields['ftotal_ttc']); + } + } + } + //var_dump('type='.$type.' '.$fields['totalht'].' '.$ratiopaymentinvoice); + $temp_ht = $fields['totalht'] * $ratiopaymentinvoice; + $temp_vat = $fields['vat'] * $ratiopaymentinvoice; + $subtot_paye_total_ht += $temp_ht; + $subtot_paye_vat += $temp_vat; + $x_paye_sum += $temp_vat; + } + } + print ''; + + $subtotalcoll = $subtotalcoll + $x_coll_sum; + $subtotalpaye = $subtotalpaye + $x_paye_sum; + + $diff = $x_coll_sum - $x_paye_sum; + $total = $total + $diff; + $subtotal = price2num($subtotal + $diff, 'MT'); + + print '' . "\n"; + print "\n"; + print "\n"; + + $i++; + $m++; + if ($i > 2) { + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + $i = 0; + $subtotalcoll = 0; + $subtotalpaye = 0; + $subtotal = 0; } } - print ''; - - $subtotalcoll = $subtotalcoll + $x_coll_sum; - $subtotalpaye = $subtotalpaye + $x_paye_sum; - - $diff = $x_coll_sum - $x_paye_sum; - $total = $total + $diff; - $subtotal = price2num($subtotal + $diff, 'MT'); - - print ''."\n"; + print ''; print "\n"; - print "\n"; + print ''; - $i++; - $m++; - if ($i > 2) { - print ''; - print ''; - print ''; - print ''; - print ''; - print ''; - $i = 0; - $subtotalcoll = 0; - $subtotalpaye = 0; - $subtotal = 0; - } + print '
' . $langs->trans("Year") . " " . $y . '' . $langs->trans("VATToPay") . '' . $langs->trans("VATToCollect") . '' . $langs->trans("Balance") . ' 
'.$langs->trans("ErrorNoAccountancyModuleLoaded").'
'.$langs->trans("FeatureNotYetAvailable").'
'.dol_print_date(dol_mktime(0, 0, 0, $m, 1, $y), "%b %Y").''.price(price2num($x_coll_sum, 'MT')).'
' . $langs->trans("ErrorNoAccountancyModuleLoaded") . '
' . $langs->trans("FeatureNotYetAvailable") . '
' . dol_print_date(dol_mktime(0, 0, 0, $m, 1, $y), "%b %Y") . '' . price(price2num($x_coll_sum, 'MT')) . '' . price(price2num($x_paye_sum, 'MT')) . '' . price(price2num($diff, 'MT')) . ' 
' . $langs->trans("SubTotal") . ':' . price(price2num($subtotalcoll, 'MT')) . '' . price(price2num($subtotalpaye, 'MT')) . '' . price(price2num($subtotal, 'MT')) . ' 
'.price(price2num($x_paye_sum, 'MT')).''.price(price2num($diff, 'MT')).'
' . $langs->trans("TotalToPay") . ':' . price(price2num($total, 'MT')) . ' 
'.$langs->trans("SubTotal").':'.price(price2num($subtotalcoll, 'MT')).''.price(price2num($subtotalpaye, 'MT')).''.price(price2num($subtotal, 'MT')).' 
'; + + + print '
'; + + + /* + * Paid + */ + print load_fiche_titre($langs->trans("VATPaid"), '', ''); + + $sql = ''; + + $sql .= "SELECT SUM(amount) as mm, date_format(tva.datev,'%Y-%m') as dm, 'claimed' as mode"; + $sql .= " FROM " . MAIN_DB_PREFIX . "tva as tva"; + $sql .= " WHERE tva.entity = " . $conf->entity; + $sql .= " AND (tva.datev >= '" . $db->idate($date_start) . "' AND tva.datev <= '" . $db->idate($date_end) . "')"; + $sql .= " GROUP BY dm"; + + $sql .= " UNION "; + + $sql .= "SELECT SUM(ptva.amount) as mm, date_format(tva.datev,'%Y-%m') as dm, 'paid' as mode"; + $sql .= " FROM " . MAIN_DB_PREFIX . "tva as tva"; + $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "payment_vat as ptva ON (tva.rowid = ptva.fk_tva)"; + $sql .= " WHERE tva.entity = " . $conf->entity; + $sql .= " AND (tva.datev >= '" . $db->idate($date_start) . "' AND tva.datev <= '" . $db->idate($date_end) . "')"; + $sql .= " GROUP BY dm"; + + $sql .= " ORDER BY dm ASC, mode ASC"; + //print $sql; + + pt($db, $sql, $langs->trans("Month")); + + print '
'; } -print ''.$langs->trans("TotalToPay").':'.price(price2num($total, 'MT')).''; -print " \n"; -print ''; - -print ''; - - -print '
'; - - - -/* - * VAT Paid - */ - -print load_fiche_titre($langs->trans("VATPaid"), '', ''); - -$sql = ''; - -$sql .= "SELECT SUM(amount) as mm, date_format(tva.datev,'%Y-%m') as dm, 'claimed' as mode"; -$sql .= " FROM ".MAIN_DB_PREFIX."tva as tva"; -$sql .= " WHERE tva.entity = ".$conf->entity; -$sql .= " AND (tva.datev >= '".$db->idate($date_start)."' AND tva.datev <= '".$db->idate($date_end)."')"; -$sql .= " GROUP BY dm"; - -$sql .= " UNION "; - -$sql .= "SELECT SUM(ptva.amount) as mm, date_format(tva.datev,'%Y-%m') as dm, 'paid' as mode"; -$sql .= " FROM ".MAIN_DB_PREFIX."tva as tva"; -$sql .= " INNER JOIN ".MAIN_DB_PREFIX."payment_vat as ptva ON (tva.rowid = ptva.fk_tva)"; -$sql .= " WHERE tva.entity = ".$conf->entity; -$sql .= " AND (tva.datev >= '".$db->idate($date_start)."' AND tva.datev <= '".$db->idate($date_end)."')"; -$sql .= " GROUP BY dm"; - -$sql .= " ORDER BY dm ASC, mode ASC"; -//print $sql; - -pt($db, $sql, $langs->trans("Month")); - -print '
'; llxFooter(); $db->close(); diff --git a/htdocs/compta/tva/quadri_detail.php b/htdocs/compta/tva/quadri_detail.php index 788067ec696..590999c7b31 100644 --- a/htdocs/compta/tva/quadri_detail.php +++ b/htdocs/compta/tva/quadri_detail.php @@ -4,8 +4,9 @@ * Copyright (C) 2004-2013 Laurent Destailleur * Copyright (C) 2006-2015 Yannick Warnier * Copyright (C) 2014 Ferran Marcet - * Copyright (C) 2018 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * Copyright (C) 2019 Eric Seigne + * Copyright (C) 2021 Open-Dsi * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -45,70 +46,68 @@ require_once DOL_DOCUMENT_ROOT.'/expensereport/class/paymentexpensereport.class. $langs->loadLangs(array("other", "compta", "banks", "bills", "companies", "product", "trips", "admin")); $now = dol_now(); -$current_date = dol_getdate($now); -if (empty($conf->global->SOCIETE_FISCAL_MONTH_START)) { - $conf->global->SOCIETE_FISCAL_MONTH_START = 1; -} - -// Date range -$year = GETPOST("year", "int"); -if (empty($year)) { - $year_current = $current_date['year']; - $year_start = $year_current; +$refresh = GETPOSTISSET('submit') ? true : false; +$invoice_type = GETPOSTISSET('invoice_type') ? GETPOST('invoice_type', 'alpha') : ''; +$vat_rate_show = GETPOSTISSET('vat_rate_show') ? GETPOST('vat_rate_show', 'int') : -1; +$year_current = GETPOSTISSET('year') ? GETPOST('year', 'int') : intval(strftime('%Y', $now)); +$year_start = $year_current; +$month_current = GETPOSTISSET('month') ? GETPOST('month', 'int') : intval(strftime('%m', $now)); +$month_start = $month_current; +if ($refresh === false) { + $date_start = dol_get_first_day($year_start, $month_start); + $date_end = dol_get_last_day($year_start, $month_start); } else { - $year_current = $year; - $year_start = $year; -} -$date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear")); -$date_end = dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear")); -// Set default period if not defined -if (empty($date_start) || empty($date_end)) { // We define date_start and date_end - $q = GETPOST("q", "int"); - if (empty($q)) { - if (GETPOST("month", "int")) { - $date_start = dol_get_first_day($year_start, GETPOST("month", "int"), false); - $date_end = dol_get_last_day($year_start, GETPOST("month", "int"), false); - } else { - if (empty($conf->global->MAIN_INFO_VAT_RETURN) || $conf->global->MAIN_INFO_VAT_RETURN == 2) { // quaterly vat, we take last past complete quarter - $date_start = dol_time_plus_duree(dol_get_first_day($year_start, $current_date['mon'], false), -3 - (($current_date['mon'] - $conf->global->SOCIETE_FISCAL_MONTH_START) % 3), 'm'); - $date_end = dol_time_plus_duree($date_start, 3, 'm') - 1; - } elseif ($conf->global->MAIN_INFO_VAT_RETURN == 3) { // yearly vat - if ($current_date['mon'] < $conf->global->SOCIETE_FISCAL_MONTH_START) { - if (($conf->global->SOCIETE_FISCAL_MONTH_START - $current_date['mon']) > 6) { // If period started from less than 6 years, we show past year - $year_start--; - } - } else { - if (($current_date['mon'] - $conf->global->SOCIETE_FISCAL_MONTH_START) < 6) { // If perdio started from less than 6 years, we show past year - $year_start--; - } + // Date range + //$year=GETPOST("year", "int"); + //if (empty($year)) + //{ + // $year_current = strftime("%Y", dol_now()); + // $year_start = $year_current; + //} else { + // $year_current = $year; + // $year_start = $year; + //} + + $date_start=dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear")); + $date_end=dol_mktime(23, 59, 59, GETPOST("date_endmonth"), GETPOST("date_endday"), GETPOST("date_endyear")); + // Quarter + if (empty($date_start) || empty($date_end)) { // We define date_start and date_end + $q=GETPOST("q", "int"); + if (empty($q)) { + if (GETPOST("month", "int")) { + $date_start=dol_get_first_day($year_start, GETPOST("month", "int"), false); + $date_end=dol_get_last_day($year_start, GETPOST("month", "int"), false); + } else { + $date_start=dol_get_first_day($year_start, empty($conf->global->SOCIETE_FISCAL_MONTH_START)?1:$conf->global->SOCIETE_FISCAL_MONTH_START, false); + if (empty($conf->global->MAIN_INFO_VAT_RETURN) || $conf->global->MAIN_INFO_VAT_RETURN == 2) { + $date_end=dol_time_plus_duree($date_start, 3, 'm') - 1; + } elseif ($conf->global->MAIN_INFO_VAT_RETURN == 3) { + $date_end = dol_time_plus_duree($date_start, 1, 'y') - 1; + } elseif ($conf->global->MAIN_INFO_VAT_RETURN == 1) { + $date_end = dol_time_plus_duree($date_start, 1, 'm') - 1; } - $date_start = dol_get_first_day($year_start, $conf->global->SOCIETE_FISCAL_MONTH_START, false); - $date_end = dol_time_plus_duree($date_start, 1, 'y') - 1; - } elseif ($conf->global->MAIN_INFO_VAT_RETURN == 1) { // monthly vat, we take last past complete month - $date_start = dol_time_plus_duree(dol_get_first_day($year_start, $current_date['mon'], false), -1, 'm'); - $date_end = dol_time_plus_duree($date_start, 1, 'm') - 1; } - } - } else { - if ($q == 1) { - $date_start = dol_get_first_day($year_start, 1, false); - $date_end = dol_get_last_day($year_start, 3, false); - } - if ($q == 2) { - $date_start = dol_get_first_day($year_start, 4, false); - $date_end = dol_get_last_day($year_start, 6, false); - } - if ($q == 3) { - $date_start = dol_get_first_day($year_start, 7, false); - $date_end = dol_get_last_day($year_start, 9, false); - } - if ($q == 4) { - $date_start = dol_get_first_day($year_start, 10, false); - $date_end = dol_get_last_day($year_start, 12, false); + } else { + if ($q == 1) { + $date_start=dol_get_first_day($year_start, 1, false); $date_end=dol_get_last_day($year_start, 3, false); + } + if ($q == 2) { + $date_start=dol_get_first_day($year_start, 4, false); $date_end=dol_get_last_day($year_start, 6, false); + } + if ($q == 3) { + $date_start=dol_get_first_day($year_start, 7, false); $date_end=dol_get_last_day($year_start, 9, false); + } + if ($q == 4) { + $date_start=dol_get_first_day($year_start, 10, false); $date_end=dol_get_last_day($year_start, 12, false); + } } } } +$month_start = strftime('%m', $date_start); +$year_start = strftime('%Y', $date_start); + + $min = price2num(GETPOST("min", "alpha")); if (empty($min)) { $min = 0; @@ -116,16 +115,16 @@ if (empty($min)) { // Define modetax (0 or 1) // 0=normal, 1=option vat for services is on debit, 2=option on payments for products -$modetax = $conf->global->TAX_MODE; +$modetax = (empty($conf->global->TAX_MODE) ? 0 : $conf->global->TAX_MODE); if (GETPOSTISSET("modetax")) { - $modetax = GETPOST("modetax", 'int'); + $modetax = GETPOSTINT("modetax"); } if (empty($modetax)) { $modetax = 0; } // Security check -$socid = GETPOST('socid', 'int'); +$socid = GETPOSTINT('socid'); if ($user->socid) { $socid = $user->socid; } @@ -242,7 +241,7 @@ if ($mysoc->tva_assuj) { $vatsup .= ' ('.$langs->trans("ToGetBack").')'; } -$optioncss = GETPOST('optioncss'); +$optioncss = GETPOST('optioncss', 'alpha'); if ($optioncss != "print") { report_header($name, '', $period, $periodlink, $description, $builddate, $exportlink, array(), $calcmode); } @@ -428,7 +427,10 @@ if (!is_array($x_coll) || !is_array($x_paye)) { if (is_array($x_both[$rate]['coll']['detail'])) { // VAT Rate print ""; - print ''.$langs->trans("Rate").': '.vatrate($rate).'%'; + print ''; + print $langs->trans('Rate') . ' : ' . vatrate($rate) . '%'; + print ' - ' . img_picto('', 'chevron-down', 'class="paddingrightonly"') . $langs->trans('VATReportShowByRateDetails') . ''; + print ''; print ''."\n"; foreach ($x_both[$rate]['coll']['detail'] as $index => $fields) { @@ -444,112 +446,149 @@ if (!is_array($x_coll) || !is_array($x_paye)) { $type = 1; } - - print ''; - - // Ref - print ''.$fields['link'].''; - - // Invoice date - print ''.dol_print_date($fields['datef'], 'day').''; - - // Payment date - if ($conf->global->TAX_MODE_SELL_PRODUCT == 'payment' || $conf->global->TAX_MODE_SELL_SERVICE == 'payment') { - print ''.dol_print_date($fields['datep'], 'day').''; - } else { - print ''; - } - - // Company name - print ''.$fields['company_link'].''; - - // Description - print ''; - if ($fields['pid']) { - $product_static->id = $fields['pid']; - $product_static->ref = $fields['pref']; - $product_static->type = $fields['dtype']; // We force with the type of line to have type how line is registered - print $product_static->getNomUrl(1); - if (dol_string_nohtmltag($fields['descr'])) { - print ' - '.dol_trunc(dol_string_nohtmltag($fields['descr']), 24); - } - } else { - if ($type) { - $text = img_object($langs->trans('Service'), 'service'); - } else { - $text = img_object($langs->trans('Product'), 'product'); - } - if (preg_match('/^\((.*)\)$/', $fields['descr'], $reg)) { - if ($reg[1] == 'DEPOSIT') { - $fields['descr'] = $langs->transnoentitiesnoconv('Deposit'); - } elseif ($reg[1] == 'CREDIT_NOTE') { - $fields['descr'] = $langs->transnoentitiesnoconv('CreditNote'); - } else { - $fields['descr'] = $langs->transnoentitiesnoconv($reg[1]); - } - } - print $text.' '.dol_trunc(dol_string_nohtmltag($fields['descr']), 24); - - // Show range - print_date_range($fields['ddate_start'], $fields['ddate_end']); - } - print ''; - - // Total HT - if ($modetax != 1) { - print ''; - print price($fields['totalht']); - if (price2num($fields['ftotal_ttc'])) { - //print $fields['dtotal_ttc']."/".$fields['ftotal_ttc']." - "; - $ratiolineinvoice = ($fields['dtotal_ttc'] / $fields['ftotal_ttc']); - //print ' ('.round($ratiolineinvoice*100,2).'%)'; - } - print ''; - } - // Payment - $ratiopaymentinvoice = 1; + $ratiopaymentinvoice=1; if ($modetax != 1) { - print ''; - //print $fields['totalht']."-".$fields['payment_amount']."-".$fields['ftotal_ttc']; - if ($fields['payment_amount'] && $fields['ftotal_ttc']) { - $payment_static->id = $fields['payment_id']; - print $payment_static->getNomUrl(2); - } if (($type == 0 && $conf->global->TAX_MODE_SELL_PRODUCT == 'invoice') || ($type == 1 && $conf->global->TAX_MODE_SELL_SERVICE == 'invoice')) { - print $langs->trans("NA"); } else { if (isset($fields['payment_amount']) && price2num($fields['ftotal_ttc'])) { - $ratiopaymentinvoice = ($fields['payment_amount'] / $fields['ftotal_ttc']); - } - print price(price2num($fields['payment_amount'], 'MT')); - if (isset($fields['payment_amount'])) { - print ' ('.round($ratiopaymentinvoice * 100, 2).'%)'; + $ratiopaymentinvoice=($fields['payment_amount']/$fields['ftotal_ttc']); } } - print ''; } // Total collected - print ''; - $temp_ht = $fields['totalht'] * $ratiopaymentinvoice; - print price(price2num($temp_ht, 'MT'), 1); - print ''; + $temp_ht=$fields['totalht']*$ratiopaymentinvoice; // VAT - print ''; - $temp_vat = $fields['vat'] * $ratiopaymentinvoice; - print price(price2num($temp_vat, 'MT'), 1); - //print price($fields['vat']); - print ''; - print ''; + $temp_vat=$fields['vat']*$ratiopaymentinvoice; $subtot_coll_total_ht += $temp_ht; $subtot_coll_vat += $temp_vat; $x_coll_sum += $temp_vat; } } + + if ($invoice_type == 'customer' && $vat_rate_show == $rate) { + if (is_array($x_both[$rate]['coll']['detail'])) { + foreach ($x_both[$rate]['coll']['detail'] as $index => $fields) { + // Define type + // We MUST use dtype (type in line). We can use something else, only if dtype is really unknown. + $type = (isset($fields['dtype']) ? $fields['dtype'] : $fields['ptype']); + // Try to enhance type detection using date_start and date_end for free lines where type + // was not saved. + if (!empty($fields['ddate_start'])) { + $type = 1; + } + if (!empty($fields['ddate_end'])) { + $type = 1; + } + + + print ''; + + // Ref + print '' . $fields['link'] . ''; + + // Invoice date + print '' . dol_print_date($fields['datef'], 'day') . ''; + + // Payment date + if ($conf->global->TAX_MODE_SELL_PRODUCT == 'payment' || $conf->global->TAX_MODE_SELL_SERVICE == 'payment') print '' . dol_print_date($fields['datep'], 'day') . ''; + else print ''; + + // Company name + print '' . $fields['company_link'] . ''; + + // Description + print ''; + if ($fields['pid']) { + $product_static->id = $fields['pid']; + $product_static->ref = $fields['pref']; + $product_static->type = $fields['dtype']; // We force with the type of line to have type how line is registered + print $product_static->getNomUrl(1); + if (dol_string_nohtmltag($fields['descr'])) { + print ' - ' . dol_trunc(dol_string_nohtmltag($fields['descr']), 24); + } + } else { + if ($type) { + $text = img_object($langs->trans('Service'), 'service'); + } else { + $text = img_object($langs->trans('Product'), 'product'); + } + if (preg_match('/^\((.*)\)$/', $fields['descr'], $reg)) { + if ($reg[1] == 'DEPOSIT') { + $fields['descr'] = $langs->transnoentitiesnoconv('Deposit'); + } elseif ($reg[1] == 'CREDIT_NOTE') { + $fields['descr'] = $langs->transnoentitiesnoconv('CreditNote'); + } else { + $fields['descr'] = $langs->transnoentitiesnoconv($reg[1]); + } + } + print $text . ' ' . dol_trunc(dol_string_nohtmltag($fields['descr']), 24); + + // Show range + print_date_range($fields['ddate_start'], $fields['ddate_end']); + } + print ''; + + // Total HT + if ($modetax != 1) { + print ''; + print price($fields['totalht']); + if (price2num($fields['ftotal_ttc'])) { + //print $fields['dtotal_ttc']."/".$fields['ftotal_ttc']." - "; + $ratiolineinvoice = ($fields['dtotal_ttc'] / $fields['ftotal_ttc']); + //print ' ('.round($ratiolineinvoice*100,2).'%)'; + } + print ''; + } + + // Payment + $ratiopaymentinvoice = 1; + if ($modetax != 1) { + print ''; + //print $fields['totalht']."-".$fields['payment_amount']."-".$fields['ftotal_ttc']; + if ($fields['payment_amount'] && $fields['ftotal_ttc']) { + $payment_static->id = $fields['payment_id']; + print $payment_static->getNomUrl(2); + } + if (($type == 0 && $conf->global->TAX_MODE_SELL_PRODUCT == 'invoice') + || ($type == 1 && $conf->global->TAX_MODE_SELL_SERVICE == 'invoice')) { + print $langs->trans("NA"); + } else { + if (isset($fields['payment_amount']) && price2num($fields['ftotal_ttc'])) { + $ratiopaymentinvoice = ($fields['payment_amount'] / $fields['ftotal_ttc']); + } + print price(price2num($fields['payment_amount'], 'MT')); + if (isset($fields['payment_amount'])) { + print ' (' . round($ratiopaymentinvoice * 100, 2) . '%)'; + } + } + print ''; + } + + // Total collected + print ''; + $temp_ht = $fields['totalht'] * $ratiopaymentinvoice; + print price(price2num($temp_ht, 'MT'), 1); + print ''; + + // VAT + print ''; + $temp_vat = $fields['vat'] * $ratiopaymentinvoice; + print price(price2num($temp_vat, 'MT'), 1); + //print price($fields['vat']); + print ''; + print ''; + + //$subtot_coll_total_ht += $temp_ht; + //$subtot_coll_vat += $temp_vat; + //$x_coll_sum += $temp_vat; + } + } + } // Total customers for this vat rate print ''; print ''; @@ -577,17 +616,14 @@ if (!is_array($x_coll) || !is_array($x_paye)) { } // Blank line - print ' '; + print ' '; // Print table headers for this quadri - expenses now print ''; print ''.$elementsup.''; print ''.$langs->trans("DateInvoice").''; - if ($conf->global->TAX_MODE_BUY_PRODUCT == 'payment' || $conf->global->TAX_MODE_BUY_SERVICE == 'payment') { - print ''.$langs->trans("DatePayment").''; - } else { - print ''; - } + if ($conf->global->TAX_MODE_BUY_PRODUCT == 'payment' || $conf->global->TAX_MODE_BUY_SERVICE == 'payment') print ''.$langs->trans("DatePayment").''; + else print ''; print ''.$namesup.''; print ''.$productsup.''; if ($modetax != 1) { @@ -604,7 +640,10 @@ if (!is_array($x_coll) || !is_array($x_paye)) { if (is_array($x_both[$rate]['paye']['detail'])) { print ""; - print ''.$langs->trans("Rate").': '.vatrate($rate).'%'; + print ''; + print $langs->trans('Rate') . ' : ' . vatrate($rate) . '%'; + print ' - ' . img_picto('', 'chevron-down', 'class="paddingrightonly"') . $langs->trans('VATReportShowByRateDetails') . ''; + print ''; print ''."\n"; foreach ($x_both[$rate]['paye']['detail'] as $index => $fields) { @@ -620,112 +659,151 @@ if (!is_array($x_coll) || !is_array($x_paye)) { $type = 1; } - - print ''; - - // Ref - print ''.$fields['link'].''; - - // Invoice date - print ''.dol_print_date($fields['datef'], 'day').''; - - // Payment date - if ($conf->global->TAX_MODE_BUY_PRODUCT == 'payment' || $conf->global->TAX_MODE_BUY_SERVICE == 'payment') { - print ''.dol_print_date($fields['datep'], 'day').''; - } else { - print ''; - } - - // Company name - print ''.$fields['company_link'].''; - - // Description - print ''; - if ($fields['pid']) { - $product_static->id = $fields['pid']; - $product_static->ref = $fields['pref']; - $product_static->type = $fields['dtype']; // We force with the type of line to have type how line is registered - print $product_static->getNomUrl(1); - if (dol_string_nohtmltag($fields['descr'])) { - print ' - '.dol_trunc(dol_string_nohtmltag($fields['descr']), 24); - } - } else { - if ($type) { - $text = img_object($langs->trans('Service'), 'service'); - } else { - $text = img_object($langs->trans('Product'), 'product'); - } - if (preg_match('/^\((.*)\)$/', $fields['descr'], $reg)) { - if ($reg[1] == 'DEPOSIT') { - $fields['descr'] = $langs->transnoentitiesnoconv('Deposit'); - } elseif ($reg[1] == 'CREDIT_NOTE') { - $fields['descr'] = $langs->transnoentitiesnoconv('CreditNote'); - } else { - $fields['descr'] = $langs->transnoentitiesnoconv($reg[1]); - } - } - print $text.' '.dol_trunc(dol_string_nohtmltag($fields['descr']), 24); - - // Show range - print_date_range($fields['ddate_start'], $fields['ddate_end']); - } - print ''; - - // Total HT - if ($modetax != 1) { - print ''; - print price($fields['totalht']); - if (price2num($fields['ftotal_ttc'])) { - //print $fields['dtotal_ttc']."/".$fields['ftotal_ttc']." - "; - $ratiolineinvoice = ($fields['dtotal_ttc'] / $fields['ftotal_ttc']); - //print ' ('.round($ratiolineinvoice*100,2).'%)'; - } - print ''; - } - // Payment $ratiopaymentinvoice = 1; if ($modetax != 1) { - print ''; - if ($fields['payment_amount'] && $fields['ftotal_ttc']) { - $paymentfourn_static->id = $fields['payment_id']; - print $paymentfourn_static->getNomUrl(2); - } - if (($type == 0 && $conf->global->TAX_MODE_BUY_PRODUCT == 'invoice') || ($type == 1 && $conf->global->TAX_MODE_BUY_SERVICE == 'invoice')) { - print $langs->trans("NA"); } else { if (isset($fields['payment_amount']) && $fields['ftotal_ttc']) { $ratiopaymentinvoice = ($fields['payment_amount'] / $fields['ftotal_ttc']); } - print price(price2num($fields['payment_amount'], 'MT')); - if (isset($fields['payment_amount'])) { - print ' ('.round($ratiopaymentinvoice * 100, 2).'%)'; - } } - print ''; } // VAT paid - print ''; $temp_ht = $fields['totalht'] * $ratiopaymentinvoice; - print price(price2num($temp_ht, 'MT'), 1); - print ''; // VAT - print ''; $temp_vat = $fields['vat'] * $ratiopaymentinvoice; - print price(price2num($temp_vat, 'MT'), 1); - //print price($fields['vat']); - print ''; - print ''; $subtot_paye_total_ht += $temp_ht; $subtot_paye_vat += $temp_vat; $x_paye_sum += $temp_vat; } + + if ($invoice_type == 'supplier' && $vat_rate_show == $rate) { + foreach ($x_both[$rate]['paye']['detail'] as $index => $fields) { + // Define type + // We MUST use dtype (type in line). We can use something else, only if dtype is really unknown. + $type = (isset($fields['dtype']) ? $fields['dtype'] : $fields['ptype']); + // Try to enhance type detection using date_start and date_end for free lines where type + // was not saved. + if (!empty($fields['ddate_start'])) { + $type = 1; + } + if (!empty($fields['ddate_end'])) { + $type = 1; + } + + + print ''; + + // Ref + print '' . $fields['link'] . ''; + + // Invoice date + print '' . dol_print_date($fields['datef'], 'day') . ''; + + // Payment date + if ($conf->global->TAX_MODE_BUY_PRODUCT == 'payment' || $conf->global->TAX_MODE_BUY_SERVICE == 'payment') { + print '' . dol_print_date($fields['datep'], 'day') . ''; + } else { + print ''; + } + + // Company name + print '' . $fields['company_link'] . ''; + + // Description + print ''; + if ($fields['pid']) { + $product_static->id = $fields['pid']; + $product_static->ref = $fields['pref']; + $product_static->type = $fields['dtype']; // We force with the type of line to have type how line is registered + print $product_static->getNomUrl(1); + if (dol_string_nohtmltag($fields['descr'])) { + print ' - ' . dol_trunc(dol_string_nohtmltag($fields['descr']), 24); + } + } else { + if ($type) { + $text = img_object($langs->trans('Service'), 'service'); + } else { + $text = img_object($langs->trans('Product'), 'product'); + } + if (preg_match('/^\((.*)\)$/', $fields['descr'], $reg)) { + if ($reg[1] == 'DEPOSIT') { + $fields['descr'] = $langs->transnoentitiesnoconv('Deposit'); + } elseif ($reg[1] == 'CREDIT_NOTE') { + $fields['descr'] = $langs->transnoentitiesnoconv('CreditNote'); + } else { + $fields['descr'] = $langs->transnoentitiesnoconv($reg[1]); + } + } + print $text . ' ' . dol_trunc(dol_string_nohtmltag($fields['descr']), 24); + + // Show range + print_date_range($fields['ddate_start'], $fields['ddate_end']); + } + print ''; + + // Total HT + if ($modetax != 1) { + print ''; + print price($fields['totalht']); + if (price2num($fields['ftotal_ttc'])) { + //print $fields['dtotal_ttc']."/".$fields['ftotal_ttc']." - "; + $ratiolineinvoice = ($fields['dtotal_ttc'] / $fields['ftotal_ttc']); + //print ' ('.round($ratiolineinvoice*100,2).'%)'; + } + print ''; + } + + // Payment + $ratiopaymentinvoice = 1; + if ($modetax != 1) { + print ''; + if ($fields['payment_amount'] && $fields['ftotal_ttc']) { + $paymentfourn_static->id = $fields['payment_id']; + print $paymentfourn_static->getNomUrl(2); + } + + if (($type == 0 && $conf->global->TAX_MODE_BUY_PRODUCT == 'invoice') + || ($type == 1 && $conf->global->TAX_MODE_BUY_SERVICE == 'invoice')) { + print $langs->trans("NA"); + } else { + if (isset($fields['payment_amount']) && $fields['ftotal_ttc']) { + $ratiopaymentinvoice = ($fields['payment_amount'] / $fields['ftotal_ttc']); + } + print price(price2num($fields['payment_amount'], 'MT')); + if (isset($fields['payment_amount'])) { + print ' (' . round($ratiopaymentinvoice * 100, 2) . '%)'; + } + } + print ''; + } + + // VAT paid + print ''; + $temp_ht = $fields['totalht'] * $ratiopaymentinvoice; + print price(price2num($temp_ht, 'MT'), 1); + print ''; + + // VAT + print ''; + $temp_vat = $fields['vat'] * $ratiopaymentinvoice; + print price(price2num($temp_vat, 'MT'), 1); + //print price($fields['vat']); + print ''; + print ''; + + //$subtot_paye_total_ht += $temp_ht; + //$subtot_paye_vat += $temp_vat; + //$x_paye_sum += $temp_vat; + } + } } + // Total suppliers for this vat rate print ''; print ''; diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index ede8e6698dd..5e0c65e1b70 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -1275,7 +1275,7 @@ class Contact extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."socpeople"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $result = $this->db->query($sql); if (!$result) { diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 94da51cca8a..36a97be3b27 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -979,7 +979,7 @@ class Contrat extends CommonObject if (!empty($modCodeContract->code_auto)) { // Force the ref to a draft value if numbering module is an automatic numbering - $sql = 'UPDATE '.MAIN_DB_PREFIX."contrat SET ref='(PROV".$this->id.")' WHERE rowid=".$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX."contrat SET ref='(PROV".$this->id.")' WHERE rowid=".((int) $this->id); if ($this->db->query($sql)) { if ($this->id) { $this->ref = "(PROV".$this->id.")"; @@ -1225,7 +1225,7 @@ class Contrat extends CommonObject // Delete contract if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."contrat"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete contrat", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1353,7 +1353,7 @@ class Contrat extends CommonObject $sql .= " note_public=".(isset($this->note_public) ? "'".$this->db->escape($this->note_public)."'" : "null").","; $sql .= " import_key=".(isset($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null").""; //$sql.= " extraparams=".(isset($this->extraparams)?"'".$this->db->escape($this->extraparams)."'":"null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -2873,7 +2873,7 @@ class ContratLigne extends CommonObjectLine $sql .= " t.fk_unit"; $sql .= " FROM ".MAIN_DB_PREFIX."contratdet as t LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = t.fk_product"; if ($id) { - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); } if ($ref) { $sql .= " WHERE t.rowid = '".$this->db->escape($ref)."'"; @@ -3098,7 +3098,7 @@ class ContratLigne extends CommonObjectLine $sql .= " fk_user_cloture=".($this->fk_user_cloture > 0 ? $this->fk_user_cloture : "NULL").","; $sql .= " commentaire='".$this->db->escape($this->commentaire)."',"; $sql .= " fk_unit=".(!$this->fk_unit ? 'NULL' : $this->fk_unit); - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/core/boxes/box_accountancy_last_manual_entries.php b/htdocs/core/boxes/box_accountancy_last_manual_entries.php index f3893692845..13b4d92a36f 100644 --- a/htdocs/core/boxes/box_accountancy_last_manual_entries.php +++ b/htdocs/core/boxes/box_accountancy_last_manual_entries.php @@ -102,9 +102,11 @@ class box_accountancy_last_manual_entries extends ModeleBoxes $date = $this->db->jdate($objp->date_movement); $journal = $objp->code_journal; $label = $objp->label_operation; - $amount = $objp->amount; + $amount = $objp->amount; - $bookkeepingstatic->id = $objp->id; + // adding id (rowid) will give two lines (debit and credit) + // so rowid isn't in sql request + // $bookkeepingstatic->id = $objp->id; $bookkeepingstatic->piece_num = $objp->piece_num; $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/class/ccountry.class.php b/htdocs/core/class/ccountry.class.php index ad088002caf..4f448845e80 100644 --- a/htdocs/core/class/ccountry.class.php +++ b/htdocs/core/class/ccountry.class.php @@ -240,7 +240,7 @@ class Ccountry // extends CommonObject $sql .= " code_iso=".(isset($this->code_iso) ? "'".$this->db->escape($this->code_iso)."'" : "null").","; $sql .= " label=".(isset($this->label) ? "'".$this->db->escape($this->label)."'" : "null").","; $sql .= " active=".(isset($this->active) ? $this->active : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -279,7 +279,7 @@ class Ccountry // extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."c_country"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/core/class/comment.class.php b/htdocs/core/class/comment.class.php index a8da44b0d79..78f168fd8f7 100644 --- a/htdocs/core/class/comment.class.php +++ b/htdocs/core/class/comment.class.php @@ -262,7 +262,7 @@ class Comment extends CommonObject $sql .= " fk_user_modif=".$user->id.","; $sql .= " entity=".(!empty($this->entity) ? $this->entity : '1').","; $sql .= " import_key=".(!empty($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null"); - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -316,7 +316,7 @@ class Comment extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index a392fd793d5..beaa51edac3 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1619,6 +1619,9 @@ abstract class CommonObject if ($idtofetch) { $thirdparty = new Societe($this->db); $result = $thirdparty->fetch($idtofetch); + if ($result<0) { + $this->errors=array_merge($this->errors, $thirdparty->errors); + } $this->thirdparty = $thirdparty; // Use first price level if level not defined for third party @@ -1847,7 +1850,7 @@ abstract class CommonObject $result = false; if (!empty($id) && !empty($field) && !empty($table)) { $sql = "SELECT ".$field." FROM ".MAIN_DB_PREFIX.$table; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(get_class($this).'::getValueFrom', LOG_DEBUG); $resql = $this->db->query($sql); @@ -2243,7 +2246,7 @@ abstract class CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET '.$fieldname.' = '.(($id > 0 || $id == '0') ? $id : 'NULL'); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { $this->mode_reglement_id = $id; @@ -2278,7 +2281,7 @@ abstract class CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET '.$fieldname." = '".$this->db->escape($code)."'"; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { $this->multicurrency_code = $code; @@ -2316,7 +2319,7 @@ abstract class CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET '.$fieldname.' = '.$rate; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { $this->multicurrency_tx = $rate; @@ -2524,7 +2527,7 @@ abstract class CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET '.$fieldname.' = '.(($id > 0 || $id == '0') ? $id : 'NULL'); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { $this->cond_reglement_id = $id; @@ -2566,7 +2569,7 @@ abstract class CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET '.$fieldname.' = '.(($id > 0 || $id == '0') ? $id : 'NULL'); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { $this->transport_mode_id = $id; @@ -2601,7 +2604,7 @@ abstract class CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql .= ' SET '.$fieldname.' = '.$id; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { $this->retained_warranty_fk_cond_reglement = $id; @@ -2679,7 +2682,7 @@ abstract class CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET fk_shipping_method = ".$shipping_method_id; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { dol_syslog(get_class($this).'::setShippingMethod Error ', LOG_DEBUG); @@ -2726,7 +2729,7 @@ abstract class CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET fk_warehouse = ".$warehouse_id; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); if ($this->db->query($sql)) { $this->warehouse_id = ($warehouse_id == 'NULL') ?null:$warehouse_id; @@ -2803,7 +2806,7 @@ abstract class CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET fk_account = ".$fk_account; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -4173,7 +4176,7 @@ abstract class CommonObject $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element; $sql .= " WHERE entity IN (".getEntity($this->element).")"; if (!empty($id)) { - $sql .= " AND rowid = ".$id; + $sql .= " AND rowid = ".((int) $id); } if (!empty($ref)) { $sql .= " AND ref = '".$this->db->escape($ref)."'"; @@ -5704,7 +5707,7 @@ abstract class CommonObject return 0; } } else { - dol_print_error($this->db); + $this->errors[]=$this->db->lasterror; return -1; } } @@ -8258,7 +8261,7 @@ abstract class CommonObject * @param string $alias String of alias of table for fields. For example 't'. * @return string list of alias fields */ - protected function getFieldList($alias = '') + public function getFieldList($alias = '') { $keys = array_keys($this->fields); if (!empty($alias)) { @@ -8480,7 +8483,7 @@ abstract class CommonObject $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; if (!empty($id)) { - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); } elseif (!empty($ref)) { $sql .= " WHERE t.ref = ".$this->quote($ref, $this->fields['ref']); } else { @@ -8622,7 +8625,7 @@ abstract class CommonObject }*/ } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET '.implode(', ', $tmp).' WHERE rowid='.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET '.implode(', ', $tmp).' WHERE rowid='.((int) $this->id); $this->db->begin(); if (!$error) { @@ -8768,7 +8771,7 @@ abstract class CommonObject } if (!$error) { - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.' WHERE rowid='.$this->id; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.' WHERE rowid='.((int) $this->id); $res = $this->db->query($sql); if ($res === false) { diff --git a/htdocs/core/class/cproductnature.class.php b/htdocs/core/class/cproductnature.class.php index c95822bf226..6c3a1f7bb9d 100644 --- a/htdocs/core/class/cproductnature.class.php +++ b/htdocs/core/class/cproductnature.class.php @@ -151,7 +151,7 @@ class CProductNature // extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as t"; $sql_where = array(); if ($id) { - $sql_where[] = " t.rowid = ".$id; + $sql_where[] = " t.rowid = ".((int) $id); } if ($code >= 0) { $sql_where[] = " t.code = ".((int) $code); diff --git a/htdocs/core/class/cstate.class.php b/htdocs/core/class/cstate.class.php index 66ee803d41a..2b9b1d6880e 100644 --- a/htdocs/core/class/cstate.class.php +++ b/htdocs/core/class/cstate.class.php @@ -163,7 +163,7 @@ class Cstate // extends CommonObject $sql .= " t.active"; $sql .= " FROM ".MAIN_DB_PREFIX."c_departements as t"; if ($id) { - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); } elseif ($code) { $sql .= " WHERE t.code_departement = '".$this->db->escape($code)."'"; } @@ -223,7 +223,7 @@ class Cstate // extends CommonObject $sql .= " code_departement=".(isset($this->code_departement) ? "'".$this->db->escape($this->code_departement)."'" : "null").","; $sql .= " nom=".(isset($this->nom) ? "'".$this->db->escape($this->nom)."'" : "null").","; $sql .= " active=".(isset($this->active) ? $this->active : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -261,7 +261,7 @@ class Cstate // extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."c_departements"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/core/class/ctyperesource.class.php b/htdocs/core/class/ctyperesource.class.php index 77d2fe507d3..6ba04c044e9 100644 --- a/htdocs/core/class/ctyperesource.class.php +++ b/htdocs/core/class/ctyperesource.class.php @@ -320,7 +320,7 @@ class Ctyperesource $sql .= ' active = '.(isset($this->active) ? $this->active : "null"); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $this->db->begin(); @@ -383,7 +383,7 @@ class Ctyperesource if (!$error) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/core/class/cunits.class.php b/htdocs/core/class/cunits.class.php index e55d227de0e..ed3981d243d 100644 --- a/htdocs/core/class/cunits.class.php +++ b/htdocs/core/class/cunits.class.php @@ -181,7 +181,7 @@ class CUnits // extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."c_units as t"; $sql_where = array(); if ($id) { - $sql_where[] = " t.rowid = ".$id; + $sql_where[] = " t.rowid = ".((int) $id); } if ($unit_type) { $sql_where[] = " t.unit_type = '".$this->db->escape($unit_type)."'"; @@ -345,7 +345,7 @@ class CUnits // extends CommonObject $sql .= " unit_type=".(isset($this->unit_type) ? "'".$this->db->escape($this->unit_type)."'" : "null").","; $sql .= " scale=".(isset($this->scale) ? "'".$this->db->escape($this->scale)."'" : "null").","; $sql .= " active=".(isset($this->active) ? $this->active : "null"); - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -384,7 +384,7 @@ class CUnits // extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."c_units"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/core/class/emailsenderprofile.class.php b/htdocs/core/class/emailsenderprofile.class.php index 39a5aec95fe..d4b9f0bd93e 100644 --- a/htdocs/core/class/emailsenderprofile.class.php +++ b/htdocs/core/class/emailsenderprofile.class.php @@ -350,7 +350,7 @@ class EmailSenderProfile extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/core/class/events.class.php b/htdocs/core/class/events.class.php index 980c8c53dde..1771f0d18f0 100644 --- a/htdocs/core/class/events.class.php +++ b/htdocs/core/class/events.class.php @@ -206,7 +206,7 @@ class Events // extends CommonObject $sql .= " type='".$this->db->escape($this->type)."',"; $sql .= " dateevent='".$this->db->idate($this->dateevent)."',"; $sql .= " description='".$this->db->escape($this->description)."'"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -238,7 +238,7 @@ class Events // extends CommonObject $sql .= " t.user_agent,"; $sql .= " t.prefix_session"; $sql .= " FROM ".MAIN_DB_PREFIX."events as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -275,7 +275,7 @@ class Events // extends CommonObject public function delete($user) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."events"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/core/class/fiscalyear.class.php b/htdocs/core/class/fiscalyear.class.php index ebcf4adc7b0..566407cffc4 100644 --- a/htdocs/core/class/fiscalyear.class.php +++ b/htdocs/core/class/fiscalyear.class.php @@ -222,7 +222,7 @@ class Fiscalyear extends CommonObject { $sql = "SELECT rowid, label, date_start, date_end, statut"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_fiscalyear"; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); @@ -253,7 +253,7 @@ class Fiscalyear extends CommonObject { $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."accounting_fiscalyear WHERE rowid = ".$id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."accounting_fiscalyear WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $result = $this->db->query($sql); @@ -417,7 +417,7 @@ class Fiscalyear extends CommonObject $sql = 'SELECT fy.rowid, fy.datec, fy.fk_user_author, fy.fk_user_modif,'; $sql .= ' fy.tms'; $sql .= ' FROM '.MAIN_DB_PREFIX.'accounting_fiscalyear as fy'; - $sql .= ' WHERE fy.rowid = '.$id; + $sql .= ' WHERE fy.rowid = '.((int) $id); dol_syslog(get_class($this)."::fetch info", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index fb618813f56..4a0114b5244 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -7,7 +7,7 @@ * Copyright (C) 2014 Marcos García * Copyright (C) 2015 Bahfir Abbes * Copyright (C) 2016-2017 Ferran Marcet - * Copyright (C) 2019 Frédéric France + * Copyright (C) 2019-2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -966,6 +966,7 @@ class FormFile // Loop on each file found $found = 0; + $i = 0; foreach ($file_list as $file) { $i++; if ($filter && !preg_match('/'.$filter.'/i', $file["name"])) { diff --git a/htdocs/core/class/menubase.class.php b/htdocs/core/class/menubase.class.php index 97c63e62d67..65fdaff9645 100644 --- a/htdocs/core/class/menubase.class.php +++ b/htdocs/core/class/menubase.class.php @@ -294,7 +294,7 @@ class Menubase $resql = $this->db->query($sql); if ($resql) { $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX."menu"); - dol_syslog(get_class($this)."::create record added has rowid=".$this->id, LOG_DEBUG); + dol_syslog(get_class($this)."::create record added has rowid=".((int) $this->id), LOG_DEBUG); return $this->id; } else { @@ -364,7 +364,7 @@ class Menubase $sql .= " perms='".$this->db->escape($this->perms)."',"; $sql .= " enabled='".$this->db->escape($this->enabled)."',"; $sql .= " usertype='".$this->db->escape($this->user)."'"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -410,7 +410,7 @@ class Menubase $sql .= " t.usertype as user,"; $sql .= " t.tms"; $sql .= " FROM ".MAIN_DB_PREFIX."menu as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -461,7 +461,7 @@ class Menubase //global $conf, $langs; $sql = "DELETE FROM ".MAIN_DB_PREFIX."menu"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/core/lib/accounting.lib.php b/htdocs/core/lib/accounting.lib.php index 6b2526477b3..36a74f8f85e 100644 --- a/htdocs/core/lib/accounting.lib.php +++ b/htdocs/core/lib/accounting.lib.php @@ -3,6 +3,7 @@ * Copyright (C) 2013-2017 Alexandre Spangaro * Copyright (C) 2014 Florian Henry * Copyright (C) 2019 Eric Seigne + * Copyright (C) 2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -274,8 +275,7 @@ function getDefaultDatesForTransfer() global $db, $conf; // Period by default on transfer (0: previous month | 1: current month | 2: fiscal year) - $periodbydefaultontransfer = $conf->global->ACCOUNTING_DEFAULT_PERIOD_ON_TRANSFER; - isset($periodbydefaultontransfer) ? $periodbydefaultontransfer : 0; + $periodbydefaultontransfer = (empty($conf->global->ACCOUNTING_DEFAULT_PERIOD_ON_TRANSFER) ? 0 : $conf->global->ACCOUNTING_DEFAULT_PERIOD_ON_TRANSFER); if ($periodbydefaultontransfer == 2) { $sql = "SELECT date_start, date_end from ".MAIN_DB_PREFIX."accounting_fiscalyear "; $sql .= " where date_start < '".$db->idate(dol_now())."' and date_end > '".$db->idate(dol_now())."'"; diff --git a/htdocs/core/lib/cron.lib.php b/htdocs/core/lib/cron.lib.php index 4207e6c3b4f..2d111e37ef8 100644 --- a/htdocs/core/lib/cron.lib.php +++ b/htdocs/core/lib/cron.lib.php @@ -34,12 +34,12 @@ function cronadmin_prepare_head() $h = 0; $head = array(); - $head[$h][0] = dol_buildpath('/cron/admin/cron.php', 1); + $head[$h][0] = DOL_URL_ROOT.'/cron/admin/cron.php'; $head[$h][1] = $langs->trans("Miscellaneous"); $head[$h][2] = 'setup'; $h++; - $head[$h][0] = dol_buildpath('/cron/list.php?mode=modulesetup', 1); + $head[$h][0] = DOL_URL_ROOT.'/cron/list.php?mode=modulesetup'; $head[$h][1] = $langs->trans("Module2300Name"); $head[$h][2] = 'jobs'; $h++; @@ -64,12 +64,12 @@ function cron_prepare_head(Cronjob $object) $h = 0; $head = array(); - $head[$h][0] = dol_buildpath('/cron/card.php', 1).'?id='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/cron/card.php?id='.$object->id; $head[$h][1] = $langs->trans("CronTask"); $head[$h][2] = 'card'; $h++; - $head[$h][0] = dol_buildpath('/cron/info.php', 1).'?id='.$object->id; + $head[$h][0] = DOL_URL_ROOT.'/cron/info.php?id='.$object->id; $head[$h][1] = $langs->trans("Info"); $head[$h][2] = 'info'; $h++; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 6df447e41cb..0d5e94a23f0 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -611,9 +611,16 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null } // Sanitizing for special parameters. There is no reason to allow the backtopage parameter to contains an external URL. - if ($paramname == 'backtopage') { + if ($paramname == 'backtopage' || $paramname == 'backtolist') { $out = str_replace('\\', '/', $out); - $out = preg_replace(array('/^\/\/+/', '/^[a-z]*:/i'), '', $out); + $out = str_replace(array(':', ';', '@'), '', $out); + + do { + $oldstringtoclean = $out; + $out = str_ireplace(array('javascript', 'vbscript', '&colon', '&#'), '', $out); + } while ($oldstringtoclean != $out); + + $out = preg_replace(array('/^[a-z]*\/\/+/i'), '', $out); } // Code for search criteria persistence. @@ -999,6 +1006,43 @@ function dol_sanitizePathName($str, $newstr = '_', $unaccent = 1) return dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars); } +/** + * Clean a string to use it as an URL (into a href or src attribute) + * + * @param string $stringtoclean String to clean + * @param int $type 0=Accept all Url, 1=Clean external Url (keep only relative Url) + * @return string Escaped string. + */ +function dol_sanitizeUrl($stringtoclean, $type = 1) +{ + // We clean string because some hacks try to obfuscate evil strings by inserting non printable chars. Example: 'java(ascci09)scr(ascii00)ipt' is processed like 'javascript' (whatever is place of evil ascii char) + // We should use dol_string_nounprintableascii but function may not be yet loaded/available + $stringtoclean = preg_replace('/[\x00-\x1F\x7F]/u', '', $stringtoclean); // /u operator makes UTF8 valid characters being ignored so are not included into the replace + // We clean html comments because some hacks try to obfuscate evil strings by inserting HTML comments. Example: onerror=alert(1) + $stringtoclean = preg_replace('//', '', $stringtoclean); + + $stringtoclean = str_replace('\\', '/', $stringtoclean); + if ($type == 1) { + // removing : should disable links to external url like http:aaa) + // removing ';' should disable "named" html entities encode into an url (we should not have this into an url) + $stringtoclean = str_replace(array(':', ';', '@'), '', $stringtoclean); + } + + do { + $oldstringtoclean = $stringtoclean; + // removing '&colon' should disable links to external url like http:aaa) + // removing '&#' should disable "numeric" html entities encode into an url (we should not have this into an url) + $stringtoclean = str_ireplace(array('javascript', 'vbscript', '&colon', '&#'), '', $stringtoclean); + } while ($oldstringtoclean != $stringtoclean); + + if ($type == 1) { + // removing '//' should disable links to external url like //aaa or http//) + $stringtoclean = preg_replace(array('/^[a-z]*\/\/+/i'), '', $stringtoclean); + } + + return $stringtoclean; +} + /** * Clean a string from all accent characters to be used as ref, login or by dol_sanitizeFileName * @@ -1097,7 +1141,6 @@ function dol_string_nounprintableascii($str, $removetabcrlf = 1) } } - /** * Returns text escaped for inclusion into javascript code * @@ -3443,7 +3486,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ '1downarrow', '1uparrow', '1leftarrow', '1rightarrow', '1uparrow_selected', '1downarrow_selected', '1leftarrow_selected', '1rightarrow_selected', 'accountancy', 'account', 'accountline', 'action', 'add', 'address', 'angle-double-down', 'angle-double-up', 'asset', 'bank_account', 'barcode', 'bank', 'bill', 'billa', 'billr', 'billd', 'bookmark', 'bom', 'building', - 'cash-register', 'category', 'chart', 'check', 'clock', 'close_title', 'cog', 'company', 'contact', 'contract', 'cron', 'cubes', + 'cash-register', 'category', 'chart', 'check', 'clock', 'close_title', 'cog', 'collab', 'company', 'contact', 'contract', 'cron', 'cubes', 'delete', 'dolly', 'dollyrevert', 'donation', 'download', 'edit', 'ellipsis-h', 'email', 'eraser', 'external-link-alt', 'external-link-square-alt', 'filter', 'file-code', 'file-export', 'file-import', 'file-upload', 'folder', 'folder-open', 'globe', 'globe-americas', 'grip', 'grip_title', 'group', 'help', 'holiday', @@ -3474,7 +3517,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ 'recruitmentcandidature', 'recruitmentjobposition', 'resource', 'shapes', 'supplier_proposal', 'supplier_order', 'supplier_invoice', 'timespent', 'title_setup', 'title_accountancy', 'title_bank', 'title_hrm', 'title_agenda', - 'user-cog', + 'user-cog', 'website', 'eventorganization', 'object_eventorganization' ))) { $pictowithouttext = str_replace('object_', '', $pictowithouttext); @@ -3494,7 +3537,8 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ 'account'=>'university', 'accountline'=>'receipt', 'accountancy'=>'search-dollar', 'action'=>'calendar-alt', 'add'=>'plus-circle', 'address'=> 'address-book', 'asset'=>'money-check-alt', 'bank_account'=>'university', 'bill'=>'file-invoice-dollar', 'billa'=>'file-excel', 'billr'=>'file-invoice-dollar', 'supplier_invoicea'=>'file-excel', 'billd'=>'file-medical', 'supplier_invoiced'=>'file-medical', 'bom'=>'shapes', - 'chart'=>'chart-line', 'company'=>'building', 'contact'=>'address-book', 'contract'=>'suitcase', 'conversation'=>'comments', 'donation'=>'file-alt', 'dynamicprice'=>'hand-holding-usd', + 'chart'=>'chart-line', 'company'=>'building', 'contact'=>'address-book', 'contract'=>'suitcase', 'collab'=>'people-arrows', 'conversation'=>'comments', + 'donation'=>'file-alt', 'dynamicprice'=>'hand-holding-usd', 'setup'=>'cog', 'companies'=>'building', 'products'=>'cube', 'commercial'=>'suitcase', 'invoicing'=>'coins', 'accounting'=>'chart-line', 'category'=>'tag', 'dollyrevert'=>'dolly', 'hrm'=>'user-tie', 'margin'=>'calculator', 'members'=>'user-friends', 'ticket'=>'ticket-alt', 'globe'=>'external-link-alt', 'lot'=>'barcode', @@ -3552,10 +3596,10 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ $fakey = 'fa-'.$pictowithouttext; } - if (in_array($pictowithouttext, array('holiday', 'dollyrevert', 'member', 'members', 'contract', 'group', 'resource', 'shipment'))) { + if (in_array($pictowithouttext, array('dollyrevert', 'member', 'members', 'contract', 'group', 'resource', 'shipment'))) { $morecss = 'em092'; } - if (in_array($pictowithouttext, array('holiday', 'project'))) { + if (in_array($pictowithouttext, array('collab', 'holiday', 'project'))) { $morecss = 'em088'; } if (in_array($pictowithouttext, array('intervention', 'info', 'payment', 'loan', 'stock', 'technic'))) { @@ -3577,7 +3621,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ 'action'=>'infobox-action', 'account'=>'infobox-bank_account', 'accountline'=>'infobox-bank_account', 'accountancy'=>'infobox-bank_account', 'asset'=>'infobox-bank_account', 'bank_account'=>'bg-infobox-bank_account', 'bill'=>'infobox-commande', 'billa'=>'infobox-commande', 'billr'=>'infobox-commande', 'billd'=>'infobox-commande', - 'cash-register'=>'infobox-bank_account', 'contract'=>'infobox-contrat', 'check'=>'font-status4', 'conversation'=>'infobox-contrat', + 'cash-register'=>'infobox-bank_account', 'contract'=>'infobox-contrat', 'check'=>'font-status4', 'collab'=>'infobox-action', 'conversation'=>'infobox-contrat', 'donation'=>'infobox-commande', 'dollyrevert'=>'flip', 'ecm'=>'infobox-action', 'hrm'=>'infobox-adherent', 'group'=>'infobox-adherent', 'intervention'=>'infobox-contrat', 'multicurrency'=>'infobox-bank_account', @@ -6153,12 +6197,13 @@ function dol_string_nohtmltag($stringtoclean, $removelinefeed = 1, $pagecodeto = if ($strip_tags) { $temp = strip_tags($temp); } else { + $temp = str_replace('<>', '', $temp); // No reason to have this into a text, except if value is to try bypass the next html cleaning $pattern = "/<[^<>]+>/"; // Example of $temp: 0000-021 $temp = preg_replace($pattern, "", $temp); // pass 1 - $temp after pass 1: 0000-021 $temp = preg_replace($pattern, "", $temp); // pass 2 - $temp after pass 2: 0000-021 - // Remove '<' into remainging, so non closing html tags like '', '__!DOCTYPE_HTML__', $stringtoclean); // Replace DOCTYPE to avoid to have it removed by the strip_tags $stringtoclean = dol_string_nounprintableascii($stringtoclean, 0); - $stringtoclean = preg_replace('/:/i', ':', $stringtoclean); $stringtoclean = preg_replace('//', '', $stringtoclean); - $stringtoclean = preg_replace('/:|:|:/i', '', $stringtoclean); // refused string ':' encoded (no reason to have it encoded) to lock 'javascript:...' + + $stringtoclean = preg_replace('/:/i', ':', $stringtoclean); + $stringtoclean = preg_replace('/:|�+58|:/i', '', $stringtoclean); // refused string ':' encoded (no reason to have a : encoded like this) to disable 'javascript:...' $stringtoclean = preg_replace('/javascript\s*:/i', '', $stringtoclean); $temp = strip_tags($stringtoclean, $allowed_tags_string); @@ -6221,7 +6267,7 @@ function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1, } // Remove 'javascript:' that we should not find into a text with - // Warning: This is not reliable to fight against obfuscated javascript, there is a lot of other solution to include js into a common html tag (only filtered by the GETPOST). + // Warning: This is not reliable to fight against obfuscated javascript, there is a lot of other solution to include js into a common html tag (only filtered by a GETPOST(.., powerfullfilter)). if ($cleanalsojavascript) { $temp = preg_replace('/javascript\s*:/i', '', $temp); } diff --git a/htdocs/core/lib/memory.lib.php b/htdocs/core/lib/memory.lib.php index ce603415009..1300c1b771f 100644 --- a/htdocs/core/lib/memory.lib.php +++ b/htdocs/core/lib/memory.lib.php @@ -93,7 +93,7 @@ function dol_setcache($memoryid, $data, $expire = 0) $dolmemcache->add($memoryid, $data, $expire); // This fails if key already exists $rescode = $dolmemcache->getResultCode(); if ($rescode == 0) { - return count($data); + return is_countable($data) ? count($data) : 0; } else { return -$rescode; } @@ -113,7 +113,7 @@ function dol_setcache($memoryid, $data, $expire = 0) //$dolmemcache->setOption(Memcached::OPT_COMPRESSION, false); $result = $dolmemcache->add($memoryid, $data, false, $expire); // This fails if key already exists if ($result) { - return count($data); + return is_countable($data) ? count($data) : 0; } else { return -1; } diff --git a/htdocs/core/lib/project.lib.php b/htdocs/core/lib/project.lib.php index c5820b42d89..f2dbacc3ab4 100644 --- a/htdocs/core/lib/project.lib.php +++ b/htdocs/core/lib/project.lib.php @@ -208,7 +208,7 @@ function project_prepare_head(Project $project) $langs->load('eventorganization'); //TODO : Count $nbConfOrBooth = 1; - $head[$h][0] = DOL_URL_ROOT . '/projet/event.php?id=' . $project->id; + $head[$h][0] = DOL_URL_ROOT . '/eventorganization/conferenceorbooth_list.php?projectid=' . $project->id; $head[$h][1] = $langs->trans("ConferenceOrBoothTab"); if ($nbContact > 0) { $head[$h][1] .= '' . $nbConfOrBooth . ''; diff --git a/htdocs/core/lib/tax.lib.php b/htdocs/core/lib/tax.lib.php index e2257369865..c66d16b6736 100644 --- a/htdocs/core/lib/tax.lib.php +++ b/htdocs/core/lib/tax.lib.php @@ -1,11 +1,12 @@ - * Copyright (C) 2006-2007 Yannick Warnier - * Copyright (C) 2011 Regis Houssin - * Copyright (C) 2012-2017 Juanjo Menent - * Copyright (C) 2012 Cédric Salvador - * Copyright (C) 2012-2014 Raphaël Doursenaud - * Copyright (C) 2015 Marcos García +/* Copyright (C) 2004-2009 Laurent Destailleur + * Copyright (C) 2006-2007 Yannick Warnier + * Copyright (C) 2011 Regis Houssin + * Copyright (C) 2012-2017 Juanjo Menent + * Copyright (C) 2012 Cédric Salvador + * Copyright (C) 2012-2014 Raphaël Doursenaud + * Copyright (C) 2015 Marcos García + * Copyright (C) 2021 Open-Dsi * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -642,9 +643,9 @@ function tax_by_rate($type, $db, $y, $q, $date_start, $date_end, $modetax, $dire $sql .= " f.".$invoicefieldref." as facnum, f.type, f.total_ttc as ftotal_ttc, f.datef, s.nom as company_name, s.rowid as company_id,"; $sql .= " p.rowid as pid, p.ref as pref, p.fk_product_type as ptype,"; $sql .= " 0 as payment_id, 0 as payment_amount"; - $sql .= " FROM ".MAIN_DB_PREFIX.$invoicetable." as f,"; - $sql .= " ".MAIN_DB_PREFIX."societe as s,"; - $sql .= " ".MAIN_DB_PREFIX.$invoicedettable." as d"; + $sql .= " FROM ".MAIN_DB_PREFIX.$invoicetable." as f"; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc"; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX.$invoicedettable." as d ON d.".$fk_facture."=f.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p on d.fk_product = p.rowid"; $sql .= " WHERE f.entity IN (".getEntity($invoicetable).")"; $sql .= " AND f.fk_statut in (1,2)"; // Validated or paid (partially or completely) @@ -653,8 +654,6 @@ function tax_by_rate($type, $db, $y, $q, $date_start, $date_end, $modetax, $dire } else { $sql .= " AND f.type IN (0,1,2,3,5)"; } - $sql .= " AND f.rowid = d.".$fk_facture; - $sql .= " AND s.rowid = f.fk_soc"; if ($y && $m) { $sql .= " AND f.datef >= '".$db->idate(dol_get_first_day($y, $m, false))."'"; $sql .= " AND f.datef <= '".$db->idate(dol_get_last_day($y, $m, false))."'"; @@ -683,11 +682,11 @@ function tax_by_rate($type, $db, $y, $q, $date_start, $date_end, $modetax, $dire $sql .= " p.rowid as pid, p.ref as pref, p.fk_product_type as ptype,"; $sql .= " pf.".$fk_payment." as payment_id, pf.amount as payment_amount,"; $sql .= " pa.datep as datep"; - $sql .= " FROM ".MAIN_DB_PREFIX.$invoicetable." as f,"; - $sql .= " ".MAIN_DB_PREFIX.$paymentfacturetable." as pf,"; - $sql .= " ".MAIN_DB_PREFIX.$paymenttable." as pa,"; - $sql .= " ".MAIN_DB_PREFIX."societe as s,"; - $sql .= " ".MAIN_DB_PREFIX.$invoicedettable." as d"; + $sql .= " FROM ".MAIN_DB_PREFIX.$invoicetable." as f"; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX.$paymentfacturetable." as pf ON pf.".$fk_facture2." = f.rowid";; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX.$paymenttable." as pa ON pa.rowid = pf.".$fk_payment; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc"; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX.$invoicedettable." as d ON d.".$fk_facture." = f.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p on d.fk_product = p.rowid"; $sql .= " WHERE f.entity IN (".getEntity($invoicetable).")"; $sql .= " AND f.fk_statut in (1,2)"; // Paid (partially or completely) @@ -696,10 +695,6 @@ function tax_by_rate($type, $db, $y, $q, $date_start, $date_end, $modetax, $dire } else { $sql .= " AND f.type IN (0,1,2,3,5)"; } - $sql .= " AND f.rowid = d.".$fk_facture; - $sql .= " AND s.rowid = f.fk_soc"; - $sql .= " AND pf.".$fk_facture2." = f.rowid"; - $sql .= " AND pa.rowid = pf.".$fk_payment; if ($y && $m) { $sql .= " AND pa.datep >= '".$db->idate(dol_get_first_day($y, $m, false))."'"; $sql .= " AND pa.datep <= '".$db->idate(dol_get_last_day($y, $m, false))."'"; @@ -805,9 +800,9 @@ function tax_by_rate($type, $db, $y, $q, $date_start, $date_end, $modetax, $dire $sql .= " f.".$invoicefieldref." as facnum, f.type, f.total_ttc as ftotal_ttc, f.datef, s.nom as company_name, s.rowid as company_id,"; $sql .= " p.rowid as pid, p.ref as pref, p.fk_product_type as ptype,"; $sql .= " 0 as payment_id, 0 as payment_amount"; - $sql .= " FROM ".MAIN_DB_PREFIX.$invoicetable." as f,"; - $sql .= " ".MAIN_DB_PREFIX."societe as s,"; - $sql .= " ".MAIN_DB_PREFIX.$invoicedettable." as d"; + $sql .= " FROM ".MAIN_DB_PREFIX.$invoicetable." as f"; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc"; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX.$invoicedettable." as d ON d.".$fk_facture." = f.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p on d.fk_product = p.rowid"; $sql .= " WHERE f.entity IN (".getEntity($invoicetable).")"; $sql .= " AND f.fk_statut in (1,2)"; // Validated or paid (partially or completely) @@ -816,8 +811,6 @@ function tax_by_rate($type, $db, $y, $q, $date_start, $date_end, $modetax, $dire } else { $sql .= " AND f.type IN (0,1,2,3,5)"; } - $sql .= " AND f.rowid = d.".$fk_facture; - $sql .= " AND s.rowid = f.fk_soc"; if ($y && $m) { $sql .= " AND f.datef >= '".$db->idate(dol_get_first_day($y, $m, false))."'"; $sql .= " AND f.datef <= '".$db->idate(dol_get_last_day($y, $m, false))."'"; @@ -846,11 +839,11 @@ function tax_by_rate($type, $db, $y, $q, $date_start, $date_end, $modetax, $dire $sql .= " p.rowid as pid, p.ref as pref, p.fk_product_type as ptype,"; $sql .= " pf.".$fk_payment." as payment_id, pf.amount as payment_amount,"; $sql .= " pa.datep as datep"; - $sql .= " FROM ".MAIN_DB_PREFIX.$invoicetable." as f,"; - $sql .= " ".MAIN_DB_PREFIX.$paymentfacturetable." as pf,"; - $sql .= " ".MAIN_DB_PREFIX.$paymenttable." as pa,"; - $sql .= " ".MAIN_DB_PREFIX."societe as s,"; - $sql .= " ".MAIN_DB_PREFIX.$invoicedettable." as d"; + $sql .= " FROM ".MAIN_DB_PREFIX.$invoicetable." as f"; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX.$paymentfacturetable." as pf ON pf.".$fk_facture2." = f.rowid"; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX.$paymenttable." as pa ON pa.rowid = pf.".$fk_payment; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc"; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX.$invoicedettable." as d ON d.".$fk_facture." = f.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p on d.fk_product = p.rowid"; $sql .= " WHERE f.entity IN (".getEntity($invoicetable).")"; $sql .= " AND f.fk_statut in (1,2)"; // Paid (partially or completely) @@ -859,10 +852,6 @@ function tax_by_rate($type, $db, $y, $q, $date_start, $date_end, $modetax, $dire } else { $sql .= " AND f.type IN (0,1,2,3,5)"; } - $sql .= " AND f.rowid = d.".$fk_facture; - $sql .= " AND s.rowid = f.fk_soc"; - $sql .= " AND pf.".$fk_facture2." = f.rowid"; - $sql .= " AND pa.rowid = pf.".$fk_payment; if ($y && $m) { $sql .= " AND pa.datep >= '".$db->idate(dol_get_first_day($y, $m, false))."'"; $sql .= " AND pa.datep <= '".$db->idate(dol_get_last_day($y, $m, false))."'"; @@ -967,9 +956,9 @@ function tax_by_rate($type, $db, $y, $q, $date_start, $date_end, $modetax, $dire $sql .= " e.date_debut as date_start, e.date_fin as date_end, e.fk_user_author,"; $sql .= " e.ref as facnum, e.total_ttc as ftotal_ttc, e.date_create, d.fk_c_type_fees as type,"; $sql .= " p.fk_bank as payment_id, p.amount as payment_amount, p.rowid as pid, e.ref as pref"; - $sql .= " FROM ".MAIN_DB_PREFIX."expensereport as e "; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."expensereport_det as d ON d.fk_expensereport = e.rowid "; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."payment_expensereport as p ON p.fk_expensereport = e.rowid "; + $sql .= " FROM ".MAIN_DB_PREFIX."expensereport as e"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."expensereport_det as d ON d.fk_expensereport = e.rowid"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."payment_expensereport as p ON p.fk_expensereport = e.rowid"; $sql .= " WHERE e.entity = ".$conf->entity; $sql .= " AND e.fk_statut in (6)"; if ($y && $m) { diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 84a69b4a276..89e63c16db4 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -76,7 +76,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = $menu_arr[] = array( 'name' => 'Home', 'link' => '/index.php?mainmenu=home&leftmenu=home', - 'title' => (!empty($conf->global->THEME_TOPMENU_DISABLE_IMAGE) ? '' : "Home"), + 'title' => "Home", 'level' => 0, 'enabled' => $showmode = 1, 'target' => $atarget, @@ -86,7 +86,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'home', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "home") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', + 'prefix' => '', 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "home") ? 0 : 1), 'loadLangs' => array(), 'submenus' => array(), @@ -111,7 +111,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'members', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "members") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', + 'prefix' => img_picto('', 'member', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "members") ? 0 : 1), 'loadLangs' => array(), 'submenus' => array(), @@ -140,7 +140,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'companies', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "companies") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', + 'prefix' => img_picto('', 'company', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "companies") ? 0 : 1), 'loadLangs' => array("companies", "suppliers"), 'submenus' => array(), @@ -167,7 +167,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'products', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "products") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', + 'prefix' => img_picto('', 'product', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "products") ? 0 : 1), 'loadLangs' => array("products"), 'submenus' => array(), @@ -192,7 +192,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'mrp', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "mrp") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', + 'prefix' => img_picto('', 'mrp', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "mrp") ? 0 : 1), 'loadLangs' => array("mrp"), 'submenus' => array(), @@ -217,7 +217,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'project', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "project") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', + 'prefix' => img_picto('', 'project', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "project") ? 0 : 1), 'loadLangs' => array("projects"), 'submenus' => array(), @@ -263,7 +263,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'commercial', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "commercial") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', + 'prefix' => img_picto('', 'contract', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "commercial") ? 0 : 1), 'loadLangs' => array("commercial"), 'submenus' => array(), @@ -297,7 +297,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'billing', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "billing") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', + 'prefix' => img_picto('', 'bill', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "billing") ? 0 : 1), 'loadLangs' => array("compta"), 'submenus' => array(), @@ -322,10 +322,8 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'bank', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "bank") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', - + 'prefix' => img_picto('', 'bank', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "bank") ? 0 : 1), - 'loadLangs' => array("compta", "banks"), 'submenus' => array(), ); @@ -349,10 +347,8 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'accountancy', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "accountancy") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', - + 'prefix' => img_picto('', 'account', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "accountancy") ? 0 : 1), - 'loadLangs' => array("compta", "accountancy", "assets", "intracommreport"), 'submenus' => array(), ); @@ -377,10 +373,8 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'hrm', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "hrm") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', - + 'prefix' => img_picto('', 'hrm', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "hrm") ? 0 : 1), - 'loadLangs' => array("holiday"), 'submenus' => array(), ); @@ -404,10 +398,8 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = 'id' => $id, 'idsel' => 'tools', 'classname' => $classname = ($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "tools") ? 'class="tmenusel"' : 'class="tmenu"', - 'prefix' => '', - + 'prefix' => img_picto('', 'tools', 'class="fa-fw paddingright"'), 'session' => (($_SESSION["mainmenu"] && $_SESSION["mainmenu"] == "tools") ? 0 : 1), - 'loadLangs' => array("other"), 'submenus' => array(), ); @@ -496,7 +488,8 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = $newTabMenu[$i]['position'], $id, $idsel, - $classname + $classname, + $newTabMenu[$i]['prefix'] ); } @@ -712,7 +705,7 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM $newmenu->add("/index.php?mainmenu=home&leftmenu=home", $langs->trans("MyDashboard"), 0, 1, '', $mainmenu, 'home', 0, '', '', '', ''); // Setup - $newmenu->add("/admin/index.php?mainmenu=home&leftmenu=setup", $langs->trans("Setup"), 0, $user->admin, '', $mainmenu, 'setup', 0, '', '', '', ''); + $newmenu->add("/admin/index.php?mainmenu=home&leftmenu=setup", $langs->trans("Setup"), 0, $user->admin, '', $mainmenu, 'setup', 0, '', '', '', ''); if ($usemenuhider || empty($leftmenu) || $leftmenu == "setup") { // Load translation files required by the page diff --git a/htdocs/core/menus/standard/eldy_menu.php b/htdocs/core/menus/standard/eldy_menu.php index a024e6743e8..f5f280b659b 100644 --- a/htdocs/core/menus/standard/eldy_menu.php +++ b/htdocs/core/menus/standard/eldy_menu.php @@ -185,8 +185,8 @@ class MenuManager print ''; // Add font-awesome - if ($val['level'] == 0 && $val['mainmenu'] == 'home') { - print ''; + if ($val['level'] == 0 && !empty($val['prefix'])) { + print $val['prefix']; } print $val['titre']; @@ -213,7 +213,7 @@ class MenuManager print str_pad('', 1).'
  • '; // ui-btn to highlight on clic print ''; if ($langs->trans(ucfirst($val['mainmenu'])."Dashboard") == ucfirst($val['mainmenu'])."Dashboard") { // No translation - if (in_array($val['mainmenu'], array('cashdesk', 'externalsite', 'website', 'collab'))) { + if (in_array($val['mainmenu'], array('cashdesk', 'externalsite', 'website', 'collab', 'takepos'))) { print $langs->trans("Access"); } else { print $langs->trans("Dashboard"); diff --git a/htdocs/core/modules/mailings/modules_mailings.php b/htdocs/core/modules/mailings/modules_mailings.php index d875c3695a3..cb7eb93b074 100644 --- a/htdocs/core/modules/mailings/modules_mailings.php +++ b/htdocs/core/modules/mailings/modules_mailings.php @@ -184,7 +184,7 @@ class MailingTargets // This can't be abstract as it is used for some method $sql .= "'".$this->db->escape($targetarray['other'])."',"; $sql .= "'".$this->db->escape($targetarray['source_url'])."',"; $sql .= (empty($targetarray['source_id']) ? 'null' : "'".$this->db->escape($targetarray['source_id'])."'").","; - $sql .= "'".$this->db->escape(dol_hash($dolibarr_main_instance_unique_id.';'.$targetarray['email'].';'.$targetarray['lastname'].';'.$mailing_id.';'.$conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY), 'md5')."',"; + $sql .= "'".$this->db->escape(dol_hash($dolibarr_main_instance_unique_id.';'.$targetarray['email'].';'.$targetarray['lastname'].';'.$mailing_id.';'.$conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY, 'md5'))."',"; $sql .= "'".$this->db->escape($targetarray['source_type'])."')"; dol_syslog(__METHOD__, LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/core/modules/modAgenda.class.php b/htdocs/core/modules/modAgenda.class.php index 91788238419..7dd7a801f9d 100644 --- a/htdocs/core/modules/modAgenda.class.php +++ b/htdocs/core/modules/modAgenda.class.php @@ -206,6 +206,7 @@ class modAgenda extends DolibarrModules 'fk_menu'=>0, 'type'=>'top', 'titre'=>'TMenuAgenda', + 'prefix' => img_picto('', $this->picto, 'class="paddingright pictofixedwidth"'), 'mainmenu'=>'agenda', 'url'=>'/comm/action/index.php', 'langs'=>'agenda', diff --git a/htdocs/core/modules/modCollab.class.php b/htdocs/core/modules/modCollab.class.php index 6f6b4730b14..be82722f331 100644 --- a/htdocs/core/modules/modCollab.class.php +++ b/htdocs/core/modules/modCollab.class.php @@ -55,7 +55,7 @@ class modCollab extends DolibarrModules // Key used in llx_const table to save module status enabled/disabled (where MYMODULE is value of property name of module in uppercase) $this->const_name = 'MAIN_MODULE_'.strtoupper($this->name); // Name of image file used for this module. - $this->picto = 'website'; + $this->picto = 'collab'; // Data directories to create when module is enabled $this->dirs = array("/collab/temp"); @@ -113,6 +113,7 @@ class modCollab extends DolibarrModules 'fk_menu'=>'0', // Use 'fk_mainmenu=xxx' or 'fk_mainmenu=xxx,fk_leftmenu=yyy' where xxx is mainmenucode and yyy is a leftmenucode 'type'=>'top', // This is a Left menu entry 'titre'=>'Collab', + 'prefix' => img_picto('', $this->picto, 'class="paddingright pictofixedwidth em092"'), 'mainmenu'=>'collab', 'url'=>'/collab/index.php', 'langs'=>'collab', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. diff --git a/htdocs/core/modules/modECM.class.php b/htdocs/core/modules/modECM.class.php index b97dce7157b..222e50c76e0 100644 --- a/htdocs/core/modules/modECM.class.php +++ b/htdocs/core/modules/modECM.class.php @@ -127,6 +127,7 @@ class modECM extends DolibarrModules 'fk_menu'=>0, 'type'=>'top', 'titre'=>'MenuECM', + 'prefix' => img_picto('', $this->picto, 'class="paddingright pictofixedwidth"'), 'mainmenu'=>'ecm', 'url'=>'/ecm/index.php', 'langs'=>'ecm', diff --git a/htdocs/core/modules/modExternalSite.class.php b/htdocs/core/modules/modExternalSite.class.php index 54c7a9d9b0b..42c60067aa8 100644 --- a/htdocs/core/modules/modExternalSite.class.php +++ b/htdocs/core/modules/modExternalSite.class.php @@ -59,7 +59,7 @@ class modExternalSite extends DolibarrModules // Key used in llx_const table to save module status enabled/disabled (XXX is id value) $this->const_name = 'MAIN_MODULE_'.strtoupper($this->name); // Name of png file (without png) used for this module - $this->picto = 'bookmark'; + $this->picto = 'website'; // Call to inside lang's file $this->langfiles = array("externalsite"); @@ -103,6 +103,7 @@ class modExternalSite extends DolibarrModules 'fk_menu'=>0, 'type'=>'top', 'titre'=>'__[EXTERNALSITE_LABEL]__', + 'prefix' => img_picto('', $this->picto, 'class="paddingright pictofixedwidth em092"'), 'mainmenu'=>'externalsite', 'url'=>'/externalsite/frames.php', 'langs'=>'other', diff --git a/htdocs/core/modules/modTicket.class.php b/htdocs/core/modules/modTicket.class.php index 2db99938778..e186f5fdc1c 100644 --- a/htdocs/core/modules/modTicket.class.php +++ b/htdocs/core/modules/modTicket.class.php @@ -198,6 +198,7 @@ class modTicket extends DolibarrModules $this->menu[$r] = array('fk_menu' => 0, // Put 0 if this is a top menu 'type' => 'top', // This is a Top menu entry 'titre' => 'Ticket', + 'prefix' => img_picto('', $this->picto, 'class="paddingright pictofixedwidth em092"'), 'mainmenu' => 'ticket', 'leftmenu' => '1', // Use 1 if you also want to add left menu entries using this descriptor. 'url' => '/ticket/index.php', diff --git a/htdocs/core/modules/modWebsite.class.php b/htdocs/core/modules/modWebsite.class.php index efb5a38f297..f16a29728be 100644 --- a/htdocs/core/modules/modWebsite.class.php +++ b/htdocs/core/modules/modWebsite.class.php @@ -114,6 +114,7 @@ class modWebsite extends DolibarrModules $this->menu[$r] = array('fk_menu'=>'0', // Use 'fk_mainmenu=xxx' or 'fk_mainmenu=xxx,fk_leftmenu=yyy' where xxx is mainmenucode and yyy is a leftmenucode 'type'=>'top', // This is a Left menu entry 'titre'=>'WebSites', + 'prefix' => img_picto('', $this->picto, 'class="paddingright pictofixedwidth em092"'), 'mainmenu'=>'website', 'url'=>'/website/index.php', 'langs'=>'website', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. diff --git a/htdocs/core/tpl/extrafields_list_array_fields.tpl.php b/htdocs/core/tpl/extrafields_list_array_fields.tpl.php index d1fe41d8c1f..ebab4e8608a 100644 --- a/htdocs/core/tpl/extrafields_list_array_fields.tpl.php +++ b/htdocs/core/tpl/extrafields_list_array_fields.tpl.php @@ -14,7 +14,7 @@ if (empty($extrafieldsobjectkey) && is_object($object)) { // Loop to show all columns of extrafields from $obj, $extrafields and $db if (!empty($extrafieldsobjectkey)) { // $extrafieldsobject is the $object->table_element like 'societe', 'socpeople', ... - if (is_array($extrafields->attributes[$extrafieldsobjectkey]['label']) && count($extrafields->attributes[$extrafieldsobjectkey]['label']) > 0) { + if (isset($extrafields->attributes[$extrafieldsobjectkey]['label']) && is_array($extrafields->attributes[$extrafieldsobjectkey]['label']) && count($extrafields->attributes[$extrafieldsobjectkey]['label']) > 0) { if (empty($extrafieldsobjectprefix)) { $extrafieldsobjectprefix = 'ef.'; } diff --git a/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php b/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php index afdfd904299..fc626adbedb 100644 --- a/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php +++ b/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php @@ -62,7 +62,7 @@ class InterfaceWorkflowManager extends DolibarrTriggers */ public function runTrigger($action, $object, User $user, Translate $langs, Conf $conf) { - if (empty($conf->workflow->enabled)) { + if (empty($conf->workflow) || empty($conf->workflow->enabled)) { return 0; // Module not active, we do nothing } diff --git a/htdocs/core/triggers/interface_50_modAgenda_ActionsAuto.class.php b/htdocs/core/triggers/interface_50_modAgenda_ActionsAuto.class.php index 6d69c2d8a31..fdd18638053 100644 --- a/htdocs/core/triggers/interface_50_modAgenda_ActionsAuto.class.php +++ b/htdocs/core/triggers/interface_50_modAgenda_ActionsAuto.class.php @@ -75,7 +75,7 @@ class InterfaceActionsAuto extends DolibarrTriggers */ public function runTrigger($action, $object, User $user, Translate $langs, Conf $conf) { - if (empty($conf->agenda->enabled)) { + if (empty($conf->agenda) || empty($conf->agenda->enabled)) { return 0; // Module not active, we do nothing } diff --git a/htdocs/core/triggers/interface_50_modBlockedlog_ActionsBlockedLog.class.php b/htdocs/core/triggers/interface_50_modBlockedlog_ActionsBlockedLog.class.php index 061af9baf2b..cab0702c5c1 100644 --- a/htdocs/core/triggers/interface_50_modBlockedlog_ActionsBlockedLog.class.php +++ b/htdocs/core/triggers/interface_50_modBlockedlog_ActionsBlockedLog.class.php @@ -59,7 +59,7 @@ class InterfaceActionsBlockedLog extends DolibarrTriggers */ public function runTrigger($action, $object, User $user, Translate $langs, Conf $conf) { - if (empty($conf->blockedlog->enabled)) { + if (empty($conf->blockedlog) || empty($conf->blockedlog->enabled)) { return 0; // Module not active, we do nothing } diff --git a/htdocs/core/triggers/interface_50_modEventOrganization_EventOrganization.class.php b/htdocs/core/triggers/interface_50_modEventOrganization_EventOrganization.class.php index c30ee8c4190..04f9aaa17cc 100644 --- a/htdocs/core/triggers/interface_50_modEventOrganization_EventOrganization.class.php +++ b/htdocs/core/triggers/interface_50_modEventOrganization_EventOrganization.class.php @@ -71,7 +71,7 @@ class InterfaceEventOrganization extends DolibarrTriggers */ public function runTrigger($action, $object, User $user, Translate $langs, Conf $conf) { - if (empty($conf->eventorganization->enabled)) { + if (empty($conf->eventorganization) || empty($conf->eventorganization->enabled)) { return 0; // Module not active, we do nothing } diff --git a/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php b/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php index c3d91fefc33..b8454b80ea1 100644 --- a/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php +++ b/htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php @@ -61,7 +61,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers */ public function runTrigger($action, $object, User $user, Translate $langs, Conf $conf) { - if (empty($conf->ldap->enabled)) { + if (empty($conf->ldap) || empty($conf->ldap->enabled)) { return 0; // Module not active, we do nothing } if (defined('DISABLE_LDAP_SYNCHRO')) { diff --git a/htdocs/core/triggers/interface_50_modMailmanspip_Mailmanspipsynchro.class.php b/htdocs/core/triggers/interface_50_modMailmanspip_Mailmanspipsynchro.class.php index 3233fb8eaaf..f8abd2e3539 100644 --- a/htdocs/core/triggers/interface_50_modMailmanspip_Mailmanspipsynchro.class.php +++ b/htdocs/core/triggers/interface_50_modMailmanspip_Mailmanspipsynchro.class.php @@ -59,7 +59,7 @@ class InterfaceMailmanSpipsynchro extends DolibarrTriggers */ public function runTrigger($action, $object, User $user, Translate $langs, Conf $conf) { - if (empty($conf->mailmanspip->enabled)) { + if (empty($conf->mailmanspip) || empty($conf->mailmanspip->enabled)) { return 0; // Module not active, we do nothing } diff --git a/htdocs/core/triggers/interface_50_modNotification_Notification.class.php b/htdocs/core/triggers/interface_50_modNotification_Notification.class.php index f3176cef0de..fc0aeb3cd5e 100644 --- a/htdocs/core/triggers/interface_50_modNotification_Notification.class.php +++ b/htdocs/core/triggers/interface_50_modNotification_Notification.class.php @@ -80,7 +80,7 @@ class InterfaceNotification extends DolibarrTriggers */ public function runTrigger($action, $object, User $user, Translate $langs, Conf $conf) { - if (empty($conf->notification->enabled)) { + if (empty($conf->notification) || empty($conf->notification->enabled)) { return 0; // Module not active, we do nothing } diff --git a/htdocs/core/triggers/interface_50_modTicket_TicketEmail.class.php b/htdocs/core/triggers/interface_50_modTicket_TicketEmail.class.php index 6f1acac7050..12b688d9b61 100644 --- a/htdocs/core/triggers/interface_50_modTicket_TicketEmail.class.php +++ b/htdocs/core/triggers/interface_50_modTicket_TicketEmail.class.php @@ -61,7 +61,7 @@ class InterfaceTicketEmail extends DolibarrTriggers { $ok = 0; - if (empty($conf->ticket->enabled)) { + if (empty($conf->ticket) || empty($conf->ticket->enabled)) { return 0; // Module not active, we do nothing } diff --git a/htdocs/core/triggers/interface_80_modStripe_Stripe.class.php b/htdocs/core/triggers/interface_80_modStripe_Stripe.class.php index a7678029fd9..64d30eeeb93 100644 --- a/htdocs/core/triggers/interface_80_modStripe_Stripe.class.php +++ b/htdocs/core/triggers/interface_80_modStripe_Stripe.class.php @@ -69,13 +69,13 @@ class InterfaceStripe extends DolibarrTriggers // Data and type of action are stored into $object and $action global $langs, $db, $conf; - require_once DOL_DOCUMENT_ROOT.'/stripe/class/stripe.class.php'; - $stripe = new Stripe($db); - - if (empty($conf->stripe->enabled)) { + if (empty($conf->stripe) || empty($conf->stripe->enabled)) { return 0; } + require_once DOL_DOCUMENT_ROOT.'/stripe/class/stripe.class.php'; + $stripe = new Stripe($db); + $ok = 1; $service = 'StripeTest'; diff --git a/htdocs/core/triggers/interface_99_modZapier_ZapierTriggers.class.php b/htdocs/core/triggers/interface_99_modZapier_ZapierTriggers.class.php index de81e54165a..f2d77553827 100644 --- a/htdocs/core/triggers/interface_99_modZapier_ZapierTriggers.class.php +++ b/htdocs/core/triggers/interface_99_modZapier_ZapierTriggers.class.php @@ -70,10 +70,11 @@ class InterfaceZapierTriggers extends DolibarrTriggers */ public function runTrigger($action, $object, User $user, Translate $langs, Conf $conf) { - if (empty($conf->zapier->enabled)) { + if (empty($conf->zapier) || empty($conf->zapier->enabled)) { // Module not active, we do nothing return 0; } + $logtriggeraction = false; $sql = ''; if ($action != '') { diff --git a/htdocs/cron/class/cronjob.class.php b/htdocs/cron/class/cronjob.class.php index daca243cb6f..0b926f6a802 100644 --- a/htdocs/cron/class/cronjob.class.php +++ b/htdocs/cron/class/cronjob.class.php @@ -435,7 +435,7 @@ class Cronjob extends CommonObject $sql .= " t.test"; $sql .= " FROM ".MAIN_DB_PREFIX."cronjob as t"; if ($id > 0) { - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); } else { $sql .= " WHERE t.entity IN(0, ".getEntity('cron').")"; $sql .= " AND t.objectname = '".$this->db->escape($objectname)."'"; @@ -786,7 +786,7 @@ class Cronjob extends CommonObject $sql .= " maxrun=".((isset($this->maxrun) && $this->maxrun > 0) ? $this->maxrun : "0").","; $sql .= " libname=".(isset($this->libname) ? "'".$this->db->escape($this->libname)."'" : "null").","; $sql .= " test=".(isset($this->test) ? "'".$this->db->escape($this->test)."'" : "null"); - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -825,7 +825,7 @@ class Cronjob extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."cronjob"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1027,7 +1027,7 @@ class Cronjob extends CommonObject $sql = "SELECT"; $sql .= " f.rowid, f.datec, f.tms, f.fk_user_mod, f.fk_user_author"; $sql .= " FROM ".MAIN_DB_PREFIX."cronjob as f"; - $sql .= " WHERE f.rowid = ".$id; + $sql .= " WHERE f.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/delivery/class/delivery.class.php b/htdocs/delivery/class/delivery.class.php index c91b9780edb..5b14b509de4 100644 --- a/htdocs/delivery/class/delivery.class.php +++ b/htdocs/delivery/class/delivery.class.php @@ -307,7 +307,7 @@ class Delivery extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."delivery as l"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."element_element as el ON el.fk_target = l.rowid AND el.targettype = '".$this->db->escape($this->element)."'"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON l.fk_incoterms = i.rowid'; - $sql .= " WHERE l.rowid = ".$id; + $sql .= " WHERE l.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/don/class/don.class.php b/htdocs/don/class/don.class.php index fdd5393d64c..a5fb676e314 100644 --- a/htdocs/don/class/don.class.php +++ b/htdocs/don/class/don.class.php @@ -565,7 +565,7 @@ class Don extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."don"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -787,7 +787,7 @@ class Don extends CommonObject public function set_cancel($id) { // phpcs:enable - $sql = "UPDATE ".MAIN_DB_PREFIX."don SET fk_statut = -1 WHERE rowid = ".$id; + $sql = "UPDATE ".MAIN_DB_PREFIX."don SET fk_statut = -1 WHERE rowid = ".((int) $id); $resql = $this->db->query($sql); if ($resql) { @@ -953,7 +953,7 @@ class Don extends CommonObject $sql = 'SELECT d.rowid, d.datec, d.fk_user_author, d.fk_user_valid,'; $sql .= ' d.tms'; $sql .= ' FROM '.MAIN_DB_PREFIX.'don as d'; - $sql .= ' WHERE d.rowid = '.$id; + $sql .= ' WHERE d.rowid = '.((int) $id); dol_syslog(get_class($this).'::info', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/don/class/paymentdonation.class.php b/htdocs/don/class/paymentdonation.class.php index 5f03215efac..7c8bd71ccd2 100644 --- a/htdocs/don/class/paymentdonation.class.php +++ b/htdocs/don/class/paymentdonation.class.php @@ -234,7 +234,7 @@ class PaymentDonation extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."payment_donation as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pt ON t.fk_typepayment = pt.id"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON t.fk_bank = b.rowid'; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -394,7 +394,7 @@ class PaymentDonation extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_donation"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/don/payment/card.php b/htdocs/don/payment/card.php index bc14780c1b2..40cf0298895 100644 --- a/htdocs/don/payment/card.php +++ b/htdocs/don/payment/card.php @@ -150,7 +150,7 @@ $sql = 'SELECT d.rowid as did, d.paid, d.amount as d_amount, pd.amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'payment_donation as pd,'.MAIN_DB_PREFIX.'don as d'; $sql .= ' WHERE pd.fk_donation = d.rowid'; $sql .= ' AND d.entity = '.$conf->entity; -$sql .= ' AND pd.rowid = '.$id; +$sql .= ' AND pd.rowid = '.((int) $id); dol_syslog("don/payment/card.php", LOG_DEBUG); $resql = $db->query($sql); diff --git a/htdocs/ecm/class/ecmdirectory.class.php b/htdocs/ecm/class/ecmdirectory.class.php index 802e3681bd7..5222fc0d21a 100644 --- a/htdocs/ecm/class/ecmdirectory.class.php +++ b/htdocs/ecm/class/ecmdirectory.class.php @@ -262,7 +262,7 @@ class EcmDirectory extends CommonObject $sql .= " label='".$this->db->escape($this->label)."',"; $sql .= " fk_parent='".$this->db->escape($this->fk_parent)."',"; $sql .= " description='".$this->db->escape($this->description)."'"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -403,7 +403,7 @@ class EcmDirectory extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."ecm_directories"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/ecm/class/ecmfiles.class.php b/htdocs/ecm/class/ecmfiles.class.php index bd550dbf751..e5e7ce8549b 100644 --- a/htdocs/ecm/class/ecmfiles.class.php +++ b/htdocs/ecm/class/ecmfiles.class.php @@ -679,7 +679,7 @@ class EcmFiles extends CommonObject $sql .= ' acl = '.(isset($this->acl) ? "'".$this->db->escape($this->acl)."'" : "null").','; $sql .= ' src_object_id = '.($this->src_object_id > 0 ? $this->src_object_id : "null").','; $sql .= ' src_object_type = '.(isset($this->src_object_type) ? "'".$this->db->escape($this->src_object_type)."'" : "null"); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $this->db->begin(); @@ -742,7 +742,7 @@ class EcmFiles extends CommonObject if (!$error) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/emailcollector/class/emailcollector.class.php b/htdocs/emailcollector/class/emailcollector.class.php index ff05dc4f4c4..9bff240c3ac 100644 --- a/htdocs/emailcollector/class/emailcollector.class.php +++ b/htdocs/emailcollector/class/emailcollector.class.php @@ -610,7 +610,7 @@ class EmailCollector extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/emailcollector/class/emailcollectoraction.class.php b/htdocs/emailcollector/class/emailcollectoraction.class.php index 0b8dfbca973..10fe00a816d 100644 --- a/htdocs/emailcollector/class/emailcollectoraction.class.php +++ b/htdocs/emailcollector/class/emailcollectoraction.class.php @@ -477,7 +477,7 @@ class EmailCollectorAction extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/emailcollector/class/emailcollectorfilter.class.php b/htdocs/emailcollector/class/emailcollectorfilter.class.php index 0e6e54529a8..736aeda47f4 100644 --- a/htdocs/emailcollector/class/emailcollectorfilter.class.php +++ b/htdocs/emailcollector/class/emailcollectorfilter.class.php @@ -451,7 +451,7 @@ class EmailCollectorFilter extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/eventorganization/class/conferenceorbooth.class.php b/htdocs/eventorganization/class/conferenceorbooth.class.php index 53f09bb4786..186bd57811b 100644 --- a/htdocs/eventorganization/class/conferenceorbooth.class.php +++ b/htdocs/eventorganization/class/conferenceorbooth.class.php @@ -208,11 +208,13 @@ class ConferenceOrBooth extends ActionComm * * @param int $id Id object * @param string $ref Ref + * @param string $ref_ext Ref ext to get + * @param string $email_msgid Email msgid * @return int <0 if KO, 0 if not found, >0 if OK */ - public function fetch($id, $ref = null) + public function fetch($id, $ref = null, $ref_ext = '', $email_msgid = '') { - $result = parent::fetch($id, $ref); + $result = parent::fetch($id, $ref, $ref_ext, $email_msgid); return $result; } @@ -238,7 +240,7 @@ class ConferenceOrBooth extends ActionComm $records = array(); $sql = 'SELECT '; - $sql .= $this->getFieldList(); + $sql .= $this->getFieldList('t'); $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; if (isset($this->ismultientitymanaged) && $this->ismultientitymanaged == 1) { $sql .= ' WHERE t.entity IN ('.getEntity($this->table_element).')'; @@ -314,11 +316,10 @@ class ConferenceOrBooth extends ActionComm /** * Delete object in database * - * @param User $user User that deletes * @param bool $notrigger false=launch triggers after, true=disable triggers * @return int <0 if KO, >0 if OK */ - public function delete(User $user, $notrigger = false) + public function delete($notrigger = false) { //TODO delete attendees and subscription return parent::delete($notrigger); @@ -496,13 +497,16 @@ class ConferenceOrBooth extends ActionComm * Return a link to the object card (with optionaly the picto) * * @param int $withpicto Include picto in link (0=No picto, 1=Include picto into link, 2=Only picto) + * @param int $maxlength Not use here just for declaration method compatibility with parent classes + * @param string $classname Not use here just for declaration method compatibility with parent classes * @param string $option On what the link point to ('nolink', ...) + * @param int $overwritepicto Not use here just for declaration method compatibility with parent classes * @param int $notooltip 1=Disable tooltip - * @param string $morecss Add more css on link * @param int $save_lastsearch_value -1=Auto, 0=No save of lastsearch_values when clicking, 1=Save lastsearch_values whenclicking + * @param string $morecss Add more css on link * @return string String with URL */ - public function getNomUrl($withpicto = 0, $option = '', $notooltip = 0, $morecss = '', $save_lastsearch_value = -1) + public function getNomUrl($withpicto = 0, $maxlength = 0, $classname = '', $option = '', $overwritepicto = 0, $notooltip = 0, $save_lastsearch_value = -1, $morecss = '') { global $conf, $langs, $hookmanager; @@ -603,11 +607,12 @@ class ConferenceOrBooth extends ActionComm * Return the label of the status * * @param int $mode 0=long label, 1=short label, 2=Picto + short label, 3=Picto, 4=Picto + long label, 5=Short label + Picto, 6=Long label + Picto + * @param int $hidenastatus Not use here just for declaration method compatibility with parent classes * @return string Label of status */ - public function getLibStatut($mode = 0) + public function getLibStatut($mode = 0, $hidenastatus = 0) { - return $this->LibStatut($this->status, $mode); + return $this->LibStatutEvent($this->status, $mode); } // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps @@ -618,7 +623,7 @@ class ConferenceOrBooth extends ActionComm * @param int $mode 0=long label, 1=short label, 2=Picto + short label, 3=Picto, 4=Picto + long label, 5=Short label + Picto, 6=Long label + Picto * @return string Label of status */ - public function LibStatut($status, $mode = 0) + public function LibStatutEvent($status, $mode = 0) { // phpcs:enable if (empty($this->labelStatus) || empty($this->labelStatusShort)) { @@ -627,13 +632,13 @@ class ConferenceOrBooth extends ActionComm $this->labelStatus[self::STATUS_DRAFT] = $langs->trans('Draft'); $this->labelStatus[self::STATUS_SUGGESTED] = $langs->trans('Suggested'); $this->labelStatus[self::STATUS_CONFIRMED] = $langs->trans('Confirmed'); - $this->labelStatus[self::STATUS_NOTSELECTED] = $langs->trans('NotSelected'); + $this->labelStatus[self::STATUS_NOT_QUALIFIED] = $langs->trans('NotSelected'); $this->labelStatus[self::STATUS_DONE] = $langs->trans('Done'); $this->labelStatus[self::STATUS_CANCELED] = $langs->trans('Canceled'); $this->labelStatusShort[self::STATUS_DRAFT] = $langs->trans('Draft'); $this->labelStatusShort[self::STATUS_SUGGESTED] = $langs->trans('Suggested'); $this->labelStatusShort[self::STATUS_CONFIRMED] = $langs->trans('Confirmed'); - $this->labelStatusShort[self::STATUS_NOTSELECTED] = $langs->trans('NotSelected'); + $this->labelStatusShort[self::STATUS_NOT_QUALIFIED] = $langs->trans('NotSelected'); $this->labelStatusShort[self::STATUS_DONE] = $langs->trans('Done'); $this->labelStatusShort[self::STATUS_CANCELED] = $langs->trans('Canceled'); } diff --git a/htdocs/eventorganization/class/index.html b/htdocs/eventorganization/class/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/eventorganization/class/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/eventorganization/conferenceorbooth_list.php b/htdocs/eventorganization/conferenceorbooth_list.php index b3c76ef2493..374ea25f68c 100644 --- a/htdocs/eventorganization/conferenceorbooth_list.php +++ b/htdocs/eventorganization/conferenceorbooth_list.php @@ -22,70 +22,22 @@ * \brief List page for conferenceorbooth */ -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Do not create database handler $db -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Do not load object $user -//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); // Do not load object $mysoc -//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); // Do not load object $langs -//if (! defined('NOSCANGETFORINJECTION')) define('NOSCANGETFORINJECTION', '1'); // Do not check injection attack on GET parameters -//if (! defined('NOSCANPOSTFORINJECTION')) define('NOSCANPOSTFORINJECTION', '1'); // Do not check injection attack on POST parameters -//if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check CSRF attack (test on referer + on token if option MAIN_SECURITY_CSRF_WITH_TOKEN is on). -//if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) -//if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data -//if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -//if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -//if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -//if (! defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session). This include the NOIPCHECK too. -//if (! defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip -//if (! defined("MAIN_LANG_DEFAULT")) define('MAIN_LANG_DEFAULT', 'auto'); // Force lang to a particular value -//if (! defined("MAIN_AUTHENTICATION_MODE")) define('MAIN_AUTHENTICATION_MODE', 'aloginmodule'); // Force authentication handler -//if (! defined("NOREDIRECTBYMAINTOLOGIN")) define('NOREDIRECTBYMAINTOLOGIN', 1); // The main.inc.php does not make a redirect if not logged, instead show simple error message -//if (! defined("FORCECSP")) define('FORCECSP', 'none'); // Disable all Content Security Policies -//if (! defined('CSRFCHECK_WITH_TOKEN')) define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET -//if (! defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1'); // Disable browser notification - -// Load Dolibarr environment -$res = 0; -// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined) -if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) { - $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php"; -} -// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME -$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1; -while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { - $i--; $j--; -} -if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) { - $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; -} -if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) { - $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; -} -// Try main.inc.php using relative path -if (!$res && file_exists("../main.inc.php")) { - $res = @include "../main.inc.php"; -} -if (!$res && file_exists("../../main.inc.php")) { - $res = @include "../../main.inc.php"; -} -if (!$res && file_exists("../../../main.inc.php")) { - $res = @include "../../../main.inc.php"; -} -if (!$res) { - die("Include of main fails"); -} - +require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; - -// load eventorganization libraries -require_once __DIR__.'/class/conferenceorbooth.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/project.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; +require_once DOL_DOCUMENT_ROOT.'/eventorganization/class/conferenceorbooth.class.php'; +if ($conf->categorie->enabled) { + require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; +} // for other modules //dol_include_once('/othermodule/class/otherobject.class.php'); // Load translation files required by the page -$langs->loadLangs(array("eventorganization@eventorganization", "other")); +$langs->loadLangs(array("eventorganization", "other")); $action = GETPOST('action', 'aZ09') ?GETPOST('action', 'aZ09') : 'view'; // The action 'add', 'create', 'edit', 'update', 'view', ... $massaction = GETPOST('massaction', 'alpha'); // The bulk action (combo box choice into lists) @@ -98,6 +50,7 @@ $backtopage = GETPOST('backtopage', 'alpha'); // Go back to a dedicated page $optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print') $id = GETPOST('id', 'int'); +$projectid = GETPOST('projectid', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; @@ -174,9 +127,9 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php'; $object->fields = dol_sort_array($object->fields, 'position'); $arrayfields = dol_sort_array($arrayfields, 'position'); -$permissiontoread = $user->rights->eventorganization->conferenceorbooth->read; -$permissiontoadd = $user->rights->eventorganization->conferenceorbooth->write; -$permissiontodelete = $user->rights->eventorganization->conferenceorbooth->delete; +$permissiontoread = $user->rights->eventorganization->read; +$permissiontoadd = $user->rights->eventorganization->write; +$permissiontodelete = $user->rights->eventorganization->delete; // Security check if (empty($conf->eventorganization->enabled)) { @@ -243,22 +196,193 @@ if (empty($reshook)) { /* * View */ - $form = new Form($db); - $now = dol_now(); //$help_url="EN:Module_ConferenceOrBooth|FR:Module_ConferenceOrBooth_FR|ES:Módulo_ConferenceOrBooth"; $help_url = ''; $title = $langs->trans('ListOf', $langs->transnoentitiesnoconv("ConferenceOrBooths")); +if ($projectid > 0) { + $project = new Project($db); + $result=$project->fetch($projectid); + if ($result < 0) { + setEventMessages(null, $project->errors, 'errors'); + } + $result=$project->fetch_thirdparty(); + if ($result < 0) { + setEventMessages(null, $project->errors, 'errors'); + } + $result = $project->fetch_optionals(); + if ($result < 0) { + setEventMessages(null, $project->errors, 'errors'); + } + + $help_url = "EN:Module_Projects|FR:Module_Projets|ES:Módulo_Proyectos"; + $title = $langs->trans("Project") . ' - ' . $langs->trans("ConferenceOrBooths") . ' - ' . $project->ref . ' ' . $project->name; + if (!empty($conf->global->MAIN_HTML_TITLE) && preg_match('/projectnameonly/', $conf->global->MAIN_HTML_TITLE) && $project->name) { + $title = $project->ref . ' ' . $project->name . ' - ' . $langs->trans("ConferenceOrBooths"); + } +} + +// Output page +// -------------------------------------------------------------------- + +llxHeader('', $title, $help_url); + +// Example : Adding jquery code +print ''; + +if ($projectid > 0) { + // To verify role of users + //$userAccess = $object->restrictedProjectArea($user,'read'); + $userWrite = $project->restrictedProjectArea($user, 'write'); + //$userDelete = $object->restrictedProjectArea($user,'delete'); + //print "userAccess=".$userAccess." userWrite=".$userWrite." userDelete=".$userDelete; + + $head = project_prepare_head($project); + print dol_get_fiche_head($head, 'eventorganisation', $langs->trans("Project"), -1, ($project->public ? 'projectpub' : 'project')); + + // Project card + $linkback = ''.$langs->trans("BackToList").''; + + $morehtmlref = '
    '; + // Title + $morehtmlref .= $project->title; + // Thirdparty + if ($project->thirdparty->id > 0) { + $morehtmlref .= '
    '.$langs->trans('ThirdParty').' : '.$project->thirdparty->getNomUrl(1, 'project'); + } + $morehtmlref .= '
    '; + + // Define a complementary filter for search of next/prev ref. + if (!$user->rights->project->all->lire) { + $objectsListId = $project->getProjectsAuthorizedForUser($user, 0, 0); + $project->next_prev_filter = " rowid in (".(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; + } + + dol_banner_tab($project, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); + + print '
    '; + print '
    '; + print '
    '; + + print ''; + + // Usage + print ''; + print ''; + + // Visibility + print ''; + + // Date start - end + print ''; + + // Budget + print ''; + + // Other attributes + $cols = 2; + $objectconf=$object; + $object = $project; + include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_view.tpl.php'; + $object = $objectconf; + + print '
    '; + print $langs->trans("Usage"); + print ''; + if (!empty($conf->global->PROJECT_USE_OPPORTUNITIES)) { + print 'usage_opportunity ? ' checked="checked"' : '').'"> '; + $htmltext = $langs->trans("ProjectFollowOpportunity"); + print $form->textwithpicto($langs->trans("ProjectFollowOpportunity"), $htmltext); + print '
    '; + } + if (empty($conf->global->PROJECT_HIDE_TASKS)) { + print 'usage_task ? ' checked="checked"' : '').'"> '; + $htmltext = $langs->trans("ProjectFollowTasks"); + print $form->textwithpicto($langs->trans("ProjectFollowTasks"), $htmltext); + print '
    '; + } + if (!empty($conf->global->PROJECT_BILL_TIME_SPENT)) { + print 'usage_bill_time ? ' checked="checked"' : '').'"> '; + $htmltext = $langs->trans("ProjectBillTimeDescription"); + print $form->textwithpicto($langs->trans("BillTime"), $htmltext); + print '
    '; + } + if (!empty($conf->eventorganization->enabled)) { + print 'usage_organize_event ? ' checked="checked"' : '')).'"> '; + $htmltext = $langs->trans("EventOrganizationDescriptionLong"); + print $form->textwithpicto($langs->trans("ManageOrganizeEvent"), $htmltext); + } + print '
    '.$langs->trans("Visibility").''; + if ($project->public) { + print $langs->trans('SharedProject'); + } else { + print $langs->trans('PrivateProject'); + } + print '
    '.$langs->trans("DateStart").' - '.$langs->trans("DateEnd").''; + $start = dol_print_date($project->date_start, 'day'); + print ($start ? $start : '?'); + $end = dol_print_date($project->date_end, 'day'); + print ' - '; + print ($end ? $end : '?'); + if ($object->hasDelay()) { + print img_warning("Late"); + } + print '
    '.$langs->trans("Budget").''; + if (strcmp($project->budget_amount, '')) { + print price($project->budget_amount, '', $langs, 1, 0, 0, $conf->currency); + } + print '
    '; + + print '
    '; + print '
    '; + print '
    '; + print '
    '; + + print ''; + + // Description + print ''; + + // Categories + if ($conf->categorie->enabled) { + print '"; + } + + print '
    '.$langs->trans("Description").''; + print nl2br($project->description); + print '
    '.$langs->trans("Categories").''; + print $form->showCategories($project->id, Categorie::TYPE_PROJECT, 1); + print "
    '; + + print '
    '; + print '
    '; + print '
    '; + + print '
    '; + + + print dol_get_fiche_end(); +} // Build and execute select // -------------------------------------------------------------------- $sql = 'SELECT '; -foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; -} +$sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { @@ -274,6 +398,7 @@ $sql .= " FROM ".MAIN_DB_PREFIX.$object->table_element." as t"; if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$object->table_element."_extrafields as ef on (t.rowid = ef.fk_object)"; } +$sql .= " INNER JOIN ".MAIN_DB_PREFIX."c_actioncomm as cact ON cact.id=t.fk_action AND cact.module LIKE '%@eventorganization'"; // Add table from hooks $parameters = array(); $reshook = $hookmanager->executeHooks('printFieldListFrom', $parameters, $object); // Note that $action and $object may have been modified by hook @@ -376,27 +501,6 @@ if ($num == 1 && !empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && $ exit; } - -// Output page -// -------------------------------------------------------------------- - -llxHeader('', $title, $help_url); - -// Example : Adding jquery code -print ''; - $arrayofselected = is_array($toselect) ? $toselect : array(); $param = ''; @@ -440,7 +544,7 @@ if (GETPOST('nomassaction', 'int') || in_array($massaction, array('presend', 'pr } $massactionbutton = $form->selectMassAction('', $arrayofmassactions); -print '
    '."\n"; +print ''."\n"; if ($optioncss != '') { print ''; } @@ -451,7 +555,7 @@ print ''; print ''; print ''; -$newcardbutton = dolGetButtonTitle($langs->trans('New'), '', 'fa fa-plus-circle', dol_buildpath('/eventorganization/conferenceorbooth_card.php', 1).'?action=create&backtopage='.urlencode($_SERVER['PHP_SELF']), '', $permissiontoadd); +$newcardbutton = dolGetButtonTitle($langs->trans('New'), '', 'fa fa-plus-circle', dol_buildpath('/eventorganization/conferenceorbooth_card.php', 1).'?action=create'.(!empty($projectid)?'&fk_project='.$projectid:'').'&backtopage='.urlencode($_SERVER['PHP_SELF']), '', $permissiontoadd); print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'object_'.$object->picto, 0, $newcardbutton, '', $limit, 0, 0, 1); diff --git a/htdocs/eventorganization/index.html b/htdocs/eventorganization/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/eventorganization/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/eventorganization/lib/index.html b/htdocs/eventorganization/lib/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/eventorganization/lib/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/expedition/class/expedition.class.php b/htdocs/expedition/class/expedition.class.php index a79ee76a2fa..c251fdaf7cd 100644 --- a/htdocs/expedition/class/expedition.class.php +++ b/htdocs/expedition/class/expedition.class.php @@ -1143,7 +1143,7 @@ class Expedition extends CommonObject $sql .= " model_pdf=".(isset($this->model_pdf) ? "'".$this->db->escape($this->model_pdf)."'" : "null").","; $sql .= " entity=".$conf->entity; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index f95302cdba2..89178693a43 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -294,7 +294,7 @@ class ExpenseReport extends CommonObject $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX.$this->table_element); $this->ref = '(PROV'.$this->id.')'; - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element." SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element." SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); @@ -548,7 +548,7 @@ class ExpenseReport extends CommonObject if ($ref) { $sql .= " WHERE d.ref = '".$this->db->escape($ref)."'"; } else { - $sql .= " WHERE d.rowid = ".$id; + $sql .= " WHERE d.rowid = ".((int) $id); } //$sql.= $restrict; @@ -751,7 +751,7 @@ class ExpenseReport extends CommonObject $sql .= " f.fk_user_valid,"; $sql .= " f.fk_user_approve"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport as f"; - $sql .= " WHERE f.rowid = ".$id; + $sql .= " WHERE f.rowid = ".((int) $id); $sql .= " AND f.entity = ".$conf->entity; $resql = $this->db->query($sql); @@ -993,7 +993,7 @@ class ExpenseReport extends CommonObject $sql .= " total_ht = ".$total_ht; $sql .= " , total_ttc = ".$total_ttc; $sql .= " , total_tva = ".$total_tva; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); $result = $this->db->query($sql); if ($result) : $this->db->free($result); diff --git a/htdocs/expensereport/class/paymentexpensereport.class.php b/htdocs/expensereport/class/paymentexpensereport.class.php index 56525e7b99c..c9cf0cdaf41 100644 --- a/htdocs/expensereport/class/paymentexpensereport.class.php +++ b/htdocs/expensereport/class/paymentexpensereport.class.php @@ -218,7 +218,7 @@ class PaymentExpenseReport extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."payment_expensereport as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pt ON t.fk_typepayment = pt.id"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON t.fk_bank = b.rowid'; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -317,7 +317,7 @@ class PaymentExpenseReport extends CommonObject $sql .= " fk_user_modif=".(isset($this->fk_user_modif) ? $this->fk_user_modif : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -370,7 +370,7 @@ class PaymentExpenseReport extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_expensereport"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); @@ -665,7 +665,7 @@ class PaymentExpenseReport extends CommonObject { $sql = 'SELECT e.rowid, e.datec, e.fk_user_creat, e.fk_user_modif, e.tms'; $sql .= ' FROM '.MAIN_DB_PREFIX.'payment_expensereport as e'; - $sql .= ' WHERE e.rowid = '.$id; + $sql .= ' WHERE e.rowid = '.((int) $id); dol_syslog(get_class($this).'::info', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/expensereport/payment/card.php b/htdocs/expensereport/payment/card.php index 608309ceee0..7b86f295b5b 100644 --- a/htdocs/expensereport/payment/card.php +++ b/htdocs/expensereport/payment/card.php @@ -162,7 +162,7 @@ $sql = 'SELECT er.rowid as eid, er.paid, er.total_ttc, per.amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'payment_expensereport as per,'.MAIN_DB_PREFIX.'expensereport as er'; $sql .= ' WHERE per.fk_expensereport = er.rowid'; $sql .= ' AND er.entity IN ('.getEntity('expensereport').')'; -$sql .= ' AND per.rowid = '.$id; +$sql .= ' AND per.rowid = '.((int) $id); dol_syslog("expensereport/payment/card.php", LOG_DEBUG); $resql = $db->query($sql); diff --git a/htdocs/exports/class/export.class.php b/htdocs/exports/class/export.class.php index 174a7271d25..8c1bf9642b1 100644 --- a/htdocs/exports/class/export.class.php +++ b/htdocs/exports/class/export.class.php @@ -798,7 +798,7 @@ class Export $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."export_model"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/fichinter/card-rec.php b/htdocs/fichinter/card-rec.php index 775f83ef500..e87d94fb506 100644 --- a/htdocs/fichinter/card-rec.php +++ b/htdocs/fichinter/card-rec.php @@ -8,7 +8,7 @@ * Copyright (C) 2012 Cedric Salvador * Copyright (C) 2015 Alexandre Spangaro * Copyright (C) 2016-2018 Charlie Benke - * Copyright (C) 2018-2019 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -68,6 +68,8 @@ if ($page == -1) { $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $offset = $limit * $page; +$sortorder = GETPOST('sortorder', 'alpha'); +$sortfield = GETPOST('sortfield', 'aZ09comma'); if ($sortorder == "") { $sortorder = "DESC"; } diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index cea1b1ca48c..f5602bc5abb 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -305,7 +305,7 @@ class Fichinter extends CommonObject if ($this->id) { $this->ref = '(PROV'.$this->id.')'; - $sql = 'UPDATE '.MAIN_DB_PREFIX."fichinter SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX."fichinter SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); @@ -896,7 +896,7 @@ class Fichinter extends CommonObject $sql .= " f.fk_user_modif as fk_user_modification,"; $sql .= " f.fk_user_valid"; $sql .= " FROM ".MAIN_DB_PREFIX."fichinter as f"; - $sql .= " WHERE f.rowid = ".$id; + $sql .= " WHERE f.rowid = ".((int) $id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index b2e06e77824..b3500a4e45d 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -1214,7 +1214,7 @@ class CommandeFournisseur extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur"; $sql .= " SET fk_statut=".self::STATUS_ORDERSENT.", fk_input_method=".$methode.", date_commande='".$this->db->idate($date)."', "; $sql .= " note_private='".$this->db->escape($newnoteprivate)."'"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::commande", LOG_DEBUG); if ($this->db->query($sql)) { @@ -1381,7 +1381,7 @@ class CommandeFournisseur extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur"; $sql .= " SET ref='(PROV".$this->id.")'"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::create", LOG_DEBUG); if ($this->db->query($sql)) { // Add link with price request and supplier order @@ -1510,7 +1510,7 @@ class CommandeFournisseur extends CommonOrder $sql .= " model_pdf=".(isset($this->model_pdf) ? "'".$this->db->escape($this->model_pdf)."'" : "null").","; $sql .= " import_key=".(isset($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -2879,7 +2879,7 @@ class CommandeFournisseur extends CommonOrder $sql = 'SELECT c.rowid, date_creation as datec, tms as datem, date_valid as date_validation, date_approve as datea, date_approve2 as datea2,'; $sql .= ' fk_user_author, fk_user_modif, fk_user_valid, fk_user_approve, fk_user_approve2'; $sql .= ' FROM '.MAIN_DB_PREFIX.'commande_fournisseur as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { @@ -3820,7 +3820,7 @@ class CommandeFournisseurLigne extends CommonOrderLine return -1; } - $sql = 'DELETE FROM '.MAIN_DB_PREFIX."commande_fournisseurdet WHERE rowid=".$this->id; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX."commande_fournisseurdet WHERE rowid=".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php index c79a53297f2..21c36ced633 100644 --- a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php +++ b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php @@ -286,7 +286,7 @@ class CommandeFournisseurDispatch extends CommonObject if ($ref) { $sql .= " WHERE t.ref = '".$ref."'"; } else { - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); } dol_syslog(get_class($this)."::fetch"); @@ -389,7 +389,7 @@ class CommandeFournisseurDispatch extends CommonObject $sql .= " sellby=".(dol_strlen($this->sellby) != 0 ? "'".$this->db->idate($this->sellby)."'" : 'null').""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -472,7 +472,7 @@ class CommandeFournisseurDispatch extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index f4b85a1b0c8..dccb3901069 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -442,7 +442,7 @@ class FactureFournisseur extends CommonInvoice // Update ref with new one $this->ref = '(PROV'.$this->id.')'; - $sql = 'UPDATE '.MAIN_DB_PREFIX."facture_fourn SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX."facture_fourn SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1007,7 +1007,7 @@ class FactureFournisseur extends CommonInvoice $sql .= " note_public=".(isset($this->note_public) ? "'".$this->db->escape($this->note_public)."'" : "null").","; $sql .= " model_pdf=".(isset($this->model_pdf) ? "'".$this->db->escape($this->model_pdf)."'" : "null").","; $sql .= " import_key=".(isset($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -2140,7 +2140,7 @@ class FactureFournisseur extends CommonInvoice $sql = 'SELECT c.rowid, datec, tms as datem, '; $sql .= ' fk_user_author, fk_user_modif, fk_user_valid'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facture_fourn as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { @@ -3166,7 +3166,7 @@ class SupplierInvoiceLine extends CommonObjectLine { global $user, $conf; - dol_syslog(get_class($this)."::deleteline rowid=".$this->id, LOG_DEBUG); + dol_syslog(get_class($this)."::deleteline rowid=".((int) $this->id), LOG_DEBUG); $error = 0; diff --git a/htdocs/fourn/class/paiementfourn.class.php b/htdocs/fourn/class/paiementfourn.class.php index ceb7bb835ef..41c780f70c8 100644 --- a/htdocs/fourn/class/paiementfourn.class.php +++ b/htdocs/fourn/class/paiementfourn.class.php @@ -99,7 +99,7 @@ class PaiementFourn extends Paiement $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON p.fk_bank = b.rowid'; $sql .= ' WHERE p.entity IN ('.getEntity('facture_fourn').')'; if ($id > 0) { - $sql .= ' AND p.rowid = '.$id; + $sql .= ' AND p.rowid = '.((int) $id); } elseif ($ref) { $sql .= ' AND p.rowid = '.$ref; } elseif ($fk_bank) { @@ -394,7 +394,7 @@ class PaiementFourn extends Paiement { $sql = 'SELECT c.rowid, datec, fk_user_author as fk_user_creat, tms'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index b28d2ef4756..7943df254c1 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -4,7 +4,7 @@ * Copyright (C) 2012-2016 Regis Houssin * Copyright (C) 2013 Florian Henry * Copyright (C) 2016 Juanjo Menent - * Copyright (C) 2018 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -306,7 +306,7 @@ class Holiday extends CommonObject $initialref = $this->ref; } - $sql = 'UPDATE '.MAIN_DB_PREFIX."holiday SET ref='".$this->db->escape($initialref)."' WHERE rowid=".$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX."holiday SET ref='".$this->db->escape($initialref)."' WHERE rowid=".((int) $this->id); if ($this->db->query($sql)) { $this->ref = $initialref; @@ -380,7 +380,7 @@ class Holiday extends CommonObject $sql .= " cp.entity"; $sql .= " FROM ".MAIN_DB_PREFIX."holiday as cp"; if ($id > 0) { - $sql .= " WHERE cp.rowid = ".$id; + $sql .= " WHERE cp.rowid = ".((int) $id); } else { $sql .= " WHERE cp.ref = '".$this->db->escape($ref)."'"; } @@ -976,7 +976,7 @@ class Holiday extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."holiday"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -1183,9 +1183,10 @@ class Holiday extends CommonObject * * @param int $withpicto 0=_No picto, 1=Includes the picto in the linkn, 2=Picto only * @param int $save_lastsearch_value -1=Auto, 0=No save of lastsearch_values when clicking, 1=Save lastsearch_values whenclicking + * @param int $notooltip 1=Disable tooltip * @return string String with URL */ - public function getNomUrl($withpicto = 0, $save_lastsearch_value = -1) + public function getNomUrl($withpicto = 0, $save_lastsearch_value = -1, $notooltip = 0) { global $langs; @@ -2116,7 +2117,7 @@ class Holiday extends CommonObject $sql .= " f.fk_validator as fk_user_approve,"; $sql .= " f.fk_user_refuse as fk_user_refuse"; $sql .= " FROM ".MAIN_DB_PREFIX."holiday as f"; - $sql .= " WHERE f.rowid = ".$id; + $sql .= " WHERE f.rowid = ".((int) $id); $sql .= " AND f.entity = ".$conf->entity; $resql = $this->db->query($sql); diff --git a/htdocs/hrm/class/establishment.class.php b/htdocs/hrm/class/establishment.class.php index 28a354c757f..bca81f2e45d 100644 --- a/htdocs/hrm/class/establishment.class.php +++ b/htdocs/hrm/class/establishment.class.php @@ -293,7 +293,7 @@ class Establishment extends CommonObject $sql .= ' c.code as country_code, c.label as country'; $sql .= " FROM ".MAIN_DB_PREFIX."establishment as e"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_country as c ON e.fk_country = c.rowid'; - $sql .= " WHERE e.rowid = ".$id; + $sql .= " WHERE e.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); @@ -330,7 +330,7 @@ class Establishment extends CommonObject { $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."establishment WHERE rowid = ".$id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."establishment WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $result = $this->db->query($sql); @@ -397,7 +397,7 @@ class Establishment extends CommonObject { $sql = 'SELECT e.rowid, e.ref, e.datec, e.fk_user_author, e.tms, e.fk_user_mod, e.entity'; $sql .= ' FROM '.MAIN_DB_PREFIX.'establishment as e'; - $sql .= ' WHERE e.rowid = '.$id; + $sql .= ' WHERE e.rowid = '.((int) $id); dol_syslog(get_class($this)."::fetch info", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/hrm/index.php b/htdocs/hrm/index.php index 94dd7f98cd1..e40ceb3f9ba 100644 --- a/htdocs/hrm/index.php +++ b/htdocs/hrm/index.php @@ -4,6 +4,7 @@ * Copyright (C) 2012-2014 Regis Houssin * Copyright (C) 2015-2016 Alexandre Spangaro * Copyright (C) 2019 Nicolas ZABOURI + * Copyright (C) 2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -150,6 +151,7 @@ if (!empty($conf->holiday->enabled)) { print ''; $out = ''; + $nb_holiday = 0; $typeleaves = $holiday->getTypes(1, 1); foreach ($typeleaves as $key => $val) { $nb_type = $holiday->getCPforUser($user->id, $val['rowid']); diff --git a/htdocs/imports/class/import.class.php b/htdocs/imports/class/import.class.php index c9bb41389c9..5372a6e16c5 100644 --- a/htdocs/imports/class/import.class.php +++ b/htdocs/imports/class/import.class.php @@ -328,7 +328,7 @@ class Import $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."import_model"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/index.php b/htdocs/index.php index 0754d297606..debdec757cb 100644 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -464,7 +464,7 @@ if (empty($conf->global->MAIN_DISABLE_GLOBAL_WORKBOARD)) { $globalStatsKey = $groupElement['globalStatsKey']; $groupElement['globalStats'] = array(); - if (is_array($keys) && in_array($globalStatsKey, $keys)) { + if (isset($keys) && is_array($keys) && in_array($globalStatsKey, $keys)) { // get key index of stats used in $includes, $classes, $keys, $icons, $titres, $links $keyIndex = array_search($globalStatsKey, $keys); diff --git a/htdocs/install/lib/repair.lib.php b/htdocs/install/lib/repair.lib.php index 97ceba0a6fa..6133f3eccc8 100644 --- a/htdocs/install/lib/repair.lib.php +++ b/htdocs/install/lib/repair.lib.php @@ -33,7 +33,7 @@ function checkElementExist($id, $table) global $db; $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE rowid = '.$id; + $sql .= ' WHERE rowid = '.((int) $id); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/langs/en_US/compta.lang b/htdocs/langs/en_US/compta.lang index 35b785c1f7c..3f892e3b29c 100644 --- a/htdocs/langs/en_US/compta.lang +++ b/htdocs/langs/en_US/compta.lang @@ -195,6 +195,7 @@ VATReportByThirdParties=Sale tax report by third parties VATReportByCustomers=Sale tax report by customer VATReportByCustomersInInputOutputMode=Report by the customer VAT collected and paid VATReportByQuartersInInputOutputMode=Report by Sale tax rate of the tax collected and paid +VATReportShowByRateDetails=Show details of this rate LT1ReportByQuarters=Report tax 2 by rate LT2ReportByQuarters=Report tax 3 by rate LT1ReportByQuartersES=Report by RE rate diff --git a/htdocs/loan/class/loan.class.php b/htdocs/loan/class/loan.class.php index c82be7848a6..b628de1b68b 100644 --- a/htdocs/loan/class/loan.class.php +++ b/htdocs/loan/class/loan.class.php @@ -131,7 +131,7 @@ class Loan extends CommonObject $sql = "SELECT l.rowid, l.label, l.capital, l.datestart, l.dateend, l.nbterm, l.rate, l.note_private, l.note_public, l.insurance_amount,"; $sql .= " l.paid, l.accountancy_account_capital, l.accountancy_account_insurance, l.accountancy_account_interest, l.fk_projet as fk_project"; $sql .= " FROM ".MAIN_DB_PREFIX."loan as l"; - $sql .= " WHERE l.rowid = ".$id; + $sql .= " WHERE l.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -317,7 +317,7 @@ class Loan extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."loan where rowid=".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."loan where rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -364,7 +364,7 @@ class Loan extends CommonObject $sql .= " fk_projet=".(empty($this->fk_project) ? 'NULL' : $this->fk_project).","; $sql .= " fk_user_modif = ".$user->id.","; $sql .= " insurance_amount = '".price2num($this->db->escape($this->insurance_amount))."'"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -681,7 +681,7 @@ class Loan extends CommonObject { $sql = 'SELECT l.rowid, l.datec, l.fk_user_author, l.fk_user_modif,'; $sql .= ' l.tms'; - $sql .= ' WHERE l.rowid = '.$id; + $sql .= ' WHERE l.rowid = '.((int) $id); dol_syslog(get_class($this).'::info', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/loan/class/loanschedule.class.php b/htdocs/loan/class/loanschedule.class.php index 4f6f1423aa7..bc819f747ca 100644 --- a/htdocs/loan/class/loanschedule.class.php +++ b/htdocs/loan/class/loanschedule.class.php @@ -236,7 +236,7 @@ class LoanSchedule extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pt ON t.fk_typepayment = pt.id"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON t.fk_bank = b.rowid'; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -339,7 +339,7 @@ class LoanSchedule extends CommonObject $sql .= " fk_user_creat=".(isset($this->fk_user_creat) ? $this->fk_user_creat : "null").","; $sql .= " fk_user_modif=".(isset($this->fk_user_modif) ? $this->fk_user_modif : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -376,7 +376,7 @@ class LoanSchedule extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/loan/class/paymentloan.class.php b/htdocs/loan/class/paymentloan.class.php index 1ca8e1c0a4d..c7f1940943b 100644 --- a/htdocs/loan/class/paymentloan.class.php +++ b/htdocs/loan/class/paymentloan.class.php @@ -239,7 +239,7 @@ class PaymentLoan extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."payment_loan as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pt ON t.fk_typepayment = pt.id"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON t.fk_bank = b.rowid'; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -348,7 +348,7 @@ class PaymentLoan extends CommonObject $sql .= " fk_user_creat=".(isset($this->fk_user_creat) ? $this->fk_user_creat : "null").","; $sql .= " fk_user_modif=".(isset($this->fk_user_modif) ? $this->fk_user_modif : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -400,7 +400,7 @@ class PaymentLoan extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_loan"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 0bf28c68d0e..31fbc0ee4b3 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -13,6 +13,7 @@ * Copyright (C) 2015 Raphaël Doursenaud * Copyright (C) 2020 Demarest Maxime * Copyright (C) 2020 Charlene Benke + * Copyright (C) 2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -59,12 +60,16 @@ if (!empty($_SERVER['MAIN_SHOW_TUNING_INFO'])) { */ function testSqlAndScriptInject($val, $type) { - // Decode string first + // Decode string first bcause a lot of things are obfuscated by encoding or multiple encoding. // So db->escape($newdefaultvatcode)."'" : "null").","; $sql .= " tva_tx='".price2num($newvat)."',"; $sql .= " recuperableonly='".$this->db->escape($newnpr)."'"; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::update_price", LOG_DEBUG); $resql = $this->db->query($sql); @@ -4223,14 +4223,15 @@ class Product extends CommonObject * Fonction recursive uniquement utilisee par get_arbo_each_prod, recompose l'arborescence des sousproduits * Define value of this->res * - * @param array $prod Products array - * @param string $compl_path Directory path of parents to add before - * @param int $multiply Because each sublevel must be multiplicated by parent nb - * @param int $level Init level - * @param int $id_parent Id parent + * @param array $prod Products array + * @param string $compl_path Directory path of parents to add before + * @param int $multiply Because each sublevel must be multiplicated by parent nb + * @param int $level Init level + * @param int $id_parent Id parent + * @param int $ignore_stock_load Ignore stock load * @return void */ - public function fetch_prod_arbo($prod, $compl_path = "", $multiply = 1, $level = 1, $id_parent = 0) + public function fetch_prod_arbo($prod, $compl_path = '', $multiply = 1, $level = 1, $id_parent = 0, $ignore_stock_load = 0) { // phpcs:enable global $conf, $langs; @@ -4243,7 +4244,7 @@ class Product extends CommonObject $nb = (!empty($desc_pere[1]) ? $desc_pere[1] : ''); $type = (!empty($desc_pere[2]) ? $desc_pere[2] : ''); $label = (!empty($desc_pere[3]) ? $desc_pere[3] : ''); - $incdec = !empty($desc_pere[4]) ? $desc_pere[4] : 0; + $incdec = (!empty($desc_pere[4]) ? $desc_pere[4] : 0); if ($multiply < 1) { $multiply = 1; @@ -4254,9 +4255,11 @@ class Product extends CommonObject $tmpproduct = new Product($this->db); // So we initialize tmpproduct only once for all loop. } $tmpproduct->fetch($id); // Load product to get ->ref - $tmpproduct->load_stock('nobatch,novirtual'); // Load stock to get true ->stock_reel - //$this->fetch($id); // Load product to get ->ref - //$this->load_stock('nobatch,novirtual'); // Load stock to get true ->stock_reel + + if (empty($ignore_stock_load) && ($tmpproduct->isProduct() || !empty($conf->global->STOCK_SUPPORTS_SERVICES))) { + $tmpproduct->load_stock('nobatch,novirtual'); // Load stock to get true ->stock_reel + } + $this->res[] = array( 'id'=>$id, // Id product 'id_parent'=>$id_parent, @@ -4277,7 +4280,7 @@ class Product extends CommonObject // Recursive call if there is childs to child if (is_array($desc_pere['childs'])) { //print 'YYY We go down for '.$desc_pere[3]." -> \n"; - $this->fetch_prod_arbo($desc_pere['childs'], $compl_path.$desc_pere[3]." -> ", $desc_pere[1] * $multiply, $level + 1, $id); + $this->fetch_prod_arbo($desc_pere['childs'], $compl_path.$desc_pere[3]." -> ", $desc_pere[1] * $multiply, $level + 1, $id, $ignore_stock_load); } } } @@ -4285,20 +4288,21 @@ class Product extends CommonObject // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** - * Build the tree of subproducts into an array - * this->sousprods is loaded by this->get_sousproduits_arbo() + * Build the tree of subproducts into an array ->res and return it. + * this->sousprods must have been loaded by this->get_sousproduits_arbo() * - * @param int $multiply Because each sublevel must be multiplicated by parent nb - * @return array $this->res + * @param int $multiply Because each sublevel must be multiplicated by parent nb + * @param int $ignore_stock_load Ignore stock load + * @return array $this->res */ - public function get_arbo_each_prod($multiply = 1) + public function get_arbo_each_prod($multiply = 1, $ignore_stock_load = 0) { // phpcs:enable $this->res = array(); if (isset($this->sousprods) && is_array($this->sousprods)) { foreach ($this->sousprods as $prod_name => $desc_product) { if (is_array($desc_product)) { - $this->fetch_prod_arbo($desc_product, "", $multiply, 1, $this->id); + $this->fetch_prod_arbo($desc_product, "", $multiply, 1, $this->id, $ignore_stock_load); } } } @@ -5706,7 +5710,7 @@ class Product extends CommonObject $sql = "SELECT p.rowid, p.ref, p.datec as date_creation, p.tms as date_modification,"; $sql .= " p.fk_user_author, p.fk_user_modif"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as p"; - $sql .= " WHERE p.rowid = ".$id; + $sql .= " WHERE p.rowid = ".((int) $id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/product/class/productbatch.class.php b/htdocs/product/class/productbatch.class.php index ac21ec166dc..10704f2f53e 100644 --- a/htdocs/product/class/productbatch.class.php +++ b/htdocs/product/class/productbatch.class.php @@ -151,7 +151,7 @@ class Productbatch extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."product_batch as t INNER JOIN ".MAIN_DB_PREFIX."product_stock w on t.fk_product_stock = w.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_lot as pl on pl.fk_product = w.fk_product and pl.batch = t.batch"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -206,7 +206,7 @@ class Productbatch extends CommonObject $sql .= " batch=".(isset($this->batch) ? "'".$this->db->escape($this->batch)."'" : "null").","; $sql .= " qty=".(isset($this->qty) ? $this->qty : "null").","; $sql .= " import_key=".(isset($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -246,7 +246,7 @@ class Productbatch extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.self::$_table_element.""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/class/productcustomerprice.class.php b/htdocs/product/class/productcustomerprice.class.php index 90c958a3e43..046aed05a10 100644 --- a/htdocs/product/class/productcustomerprice.class.php +++ b/htdocs/product/class/productcustomerprice.class.php @@ -274,8 +274,8 @@ class Productcustomerprice extends CommonObject /** * Load object in memory from the database * - * @param int $id object - * @return int <0 if KO, >0 if OK + * @param int $id ID of customer price + * @return int <0 if KO, 0 if not found, >0 if OK */ public function fetch($id) { @@ -301,9 +301,8 @@ class Productcustomerprice extends CommonObject $sql .= " t.localtax2_tx,"; $sql .= " t.fk_user,"; $sql .= " t.import_key"; - $sql .= " FROM ".MAIN_DB_PREFIX."product_customer_price as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -331,10 +330,15 @@ class Productcustomerprice extends CommonObject $this->localtax2_tx = $obj->localtax2_tx; $this->fk_user = $obj->fk_user; $this->import_key = $obj->import_key; - } - $this->db->free($resql); - return 1; + $this->db->free($resql); + + return 1; + } else { + $this->db->free($resql); + + return 0; + } } else { $this->error = "Error ".$this->db->lasterror(); return -1; @@ -451,7 +455,7 @@ class Productcustomerprice extends CommonObject $line->socname = $obj->socname; $line->prodref = $obj->prodref; - $this->lines [] = $line; + $this->lines[] = $line; } $this->db->free($resql); @@ -487,7 +491,6 @@ class Productcustomerprice extends CommonObject $sql = "SELECT"; $sql .= " t.rowid,"; - $sql .= " t.entity,"; $sql .= " t.datec,"; $sql .= " t.fk_product,"; @@ -507,27 +510,25 @@ class Productcustomerprice extends CommonObject $sql .= " t.import_key,"; $sql .= " soc.nom as socname,"; $sql .= " prod.ref as prodref"; - $sql .= " FROM ".MAIN_DB_PREFIX."product_customer_price_log as t "; - $sql .= " ,".MAIN_DB_PREFIX."product as prod "; - $sql .= " ,".MAIN_DB_PREFIX."societe as soc "; - $sql .= " WHERE soc.rowid=t.fk_soc "; + $sql .= " FROM ".MAIN_DB_PREFIX."product_customer_price_log as t"; + $sql .= " ,".MAIN_DB_PREFIX."product as prod"; + $sql .= " ,".MAIN_DB_PREFIX."societe as soc"; + $sql .= " WHERE soc.rowid=t.fk_soc"; $sql .= " AND prod.rowid=t.fk_product "; $sql .= " AND prod.entity IN (".getEntity('product').")"; $sql .= " AND t.entity IN (".getEntity('productprice').")"; - // Manage filter if (count($filter) > 0) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year $sql .= ' AND '.$key.' = \''.$value.'\''; } elseif ($key == 'soc.nom') { - $sql .= ' AND '.$key.' LIKE \'%'.$value.'%\''; + $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; } else { - $sql .= ' AND '.$key.' = '.$value; + $sql .= ' AND '.$key.' = '.((int) $value); } } } - $sql .= $this->db->order($sortfield, $sortorder); if (!empty($limit)) { $sql .= ' '.$this->db->plimit($limit + 1, $offset); @@ -754,7 +755,7 @@ class Productcustomerprice extends CommonObject $sql .= " fk_user=".$user->id.","; $sql .= " import_key=".(isset($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -897,7 +898,6 @@ class Productcustomerprice extends CommonObject */ public function delete($user, $notrigger = 0) { - global $conf, $langs; $error = 0; @@ -912,7 +912,7 @@ class Productcustomerprice extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_customer_price"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/class/propalmergepdfproduct.class.php b/htdocs/product/class/propalmergepdfproduct.class.php index dd45651b54e..f7cf48df5e0 100644 --- a/htdocs/product/class/propalmergepdfproduct.class.php +++ b/htdocs/product/class/propalmergepdfproduct.class.php @@ -181,7 +181,7 @@ class Propalmergepdfproduct extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -324,7 +324,7 @@ class Propalmergepdfproduct extends CommonObject $sql .= " fk_user_mod=".$user->id; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -365,7 +365,7 @@ class Propalmergepdfproduct extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/dynamic_price/class/price_expression.class.php b/htdocs/product/dynamic_price/class/price_expression.class.php index ce213222bb9..546c2050990 100644 --- a/htdocs/product/dynamic_price/class/price_expression.class.php +++ b/htdocs/product/dynamic_price/class/price_expression.class.php @@ -149,7 +149,7 @@ class PriceExpression $sql = "SELECT title, expression"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/product/dynamic_price/class/price_global_variable.class.php b/htdocs/product/dynamic_price/class/price_global_variable.class.php index 4e67b835b07..29505ff8573 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable.class.php @@ -143,7 +143,7 @@ class PriceGlobalVariable { $sql = "SELECT code, description, value"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php index eb72a8425f7..f43d6bc731d 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php @@ -159,7 +159,7 @@ class PriceGlobalVariableUpdater { $sql = "SELECT type, description, parameters, fk_variable, update_interval, next_update, last_status"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/product/index.php b/htdocs/product/index.php index 89054a11cc5..9cdbe85cf4b 100644 --- a/htdocs/product/index.php +++ b/htdocs/product/index.php @@ -125,7 +125,13 @@ if (!empty($conf->global->MAIN_SEARCH_FORM_ON_HOME_AREAS)) { // This is usel if ((!empty($conf->product->enabled) || !empty($conf->service->enabled)) && ($user->rights->produit->lire || $user->rights->service->lire)) { $prodser = array(); $prodser[0][0] = $prodser[0][1] = $prodser[0][2] = $prodser[0][3] = 0; + $prodser[0]['sell'] = 0; + $prodser[0]['buy'] = 0; + $prodser[0]['none'] = 0; $prodser[1][0] = $prodser[1][1] = $prodser[1][2] = $prodser[1][3] = 0; + $prodser[1]['sell'] = 0; + $prodser[1]['buy'] = 0; + $prodser[1]['none'] = 0; $sql = "SELECT COUNT(p.rowid) as total, p.fk_product_type, p.tosell, p.tobuy"; $sql .= " FROM ".MAIN_DB_PREFIX."product as p"; diff --git a/htdocs/product/inventory/class/inventory.class.php b/htdocs/product/inventory/class/inventory.class.php index 601a2f34759..ce585c51a10 100644 --- a/htdocs/product/inventory/class/inventory.class.php +++ b/htdocs/product/inventory/class/inventory.class.php @@ -584,7 +584,7 @@ class Inventory extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php index 7450b19715f..9d601dc9687 100644 --- a/htdocs/product/stock/class/entrepot.class.php +++ b/htdocs/product/stock/class/entrepot.class.php @@ -299,7 +299,7 @@ class Entrepot extends CommonObject $sql .= ", fk_pays = ".$this->country_id; $sql .= ", phone = '".$this->db->escape($this->phone)."'"; $sql .= ", fax = '".$this->db->escape($this->fax)."'"; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); $this->db->begin(); @@ -499,7 +499,7 @@ class Entrepot extends CommonObject { $sql = "SELECT e.rowid, e.datec, e.tms as datem, e.fk_user_author"; $sql .= " FROM ".MAIN_DB_PREFIX."entrepot as e"; - $sql .= " WHERE e.rowid = ".$id; + $sql .= " WHERE e.rowid = ".((int) $id); dol_syslog(get_class($this)."::info", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/product/stock/class/mouvementstock.class.php b/htdocs/product/stock/class/mouvementstock.class.php index 59bc60f342b..3c04618c900 100644 --- a/htdocs/product/stock/class/mouvementstock.class.php +++ b/htdocs/product/stock/class/mouvementstock.class.php @@ -687,7 +687,7 @@ class MouvementStock extends CommonObject //if (null !== $ref) { //$sql .= ' AND t.ref = ' . '\'' . $ref . '\''; //} else { - $sql .= ' AND t.rowid = '.$id; + $sql .= ' AND t.rowid = '.((int) $id); //} $resql = $this->db->query($sql); diff --git a/htdocs/product/stock/class/productlot.class.php b/htdocs/product/stock/class/productlot.class.php index 10294b2c585..9b6c0a38a1c 100644 --- a/htdocs/product/stock/class/productlot.class.php +++ b/htdocs/product/stock/class/productlot.class.php @@ -277,7 +277,7 @@ class Productlot extends CommonObject if ($product_id > 0 && $batch != '') { $sql .= " WHERE t.batch = '".$this->db->escape($batch)."' AND t.fk_product = ".$product_id; } else { - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); } $resql = $this->db->query($sql); @@ -376,7 +376,7 @@ class Productlot extends CommonObject $sql .= ' fk_user_creat = '.(isset($this->fk_user_creat) ? $this->fk_user_creat : "null").','; $sql .= ' fk_user_modif = '.(isset($this->fk_user_modif) ? $this->fk_user_modif : "null").','; $sql .= ' import_key = '.(isset($this->import_key) ? $this->import_key : "null"); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $this->db->begin(); @@ -446,7 +446,7 @@ class Productlot extends CommonObject if (!$error) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/product/stock/class/productstockentrepot.class.php b/htdocs/product/stock/class/productstockentrepot.class.php index 98632325ead..88fc636e07e 100644 --- a/htdocs/product/stock/class/productstockentrepot.class.php +++ b/htdocs/product/stock/class/productstockentrepot.class.php @@ -194,7 +194,7 @@ class ProductStockEntrepot extends CommonObject $sql .= " t.import_key"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; if (!empty($id)) { - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); } else { $sql .= ' WHERE t.fk_product = '.$fk_product.' AND t.fk_entrepot = '.$fk_entrepot; } @@ -365,7 +365,7 @@ class ProductStockEntrepot extends CommonObject $sql .= ' import_key = '.(isset($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null"); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $this->db->begin(); @@ -426,7 +426,7 @@ class ProductStockEntrepot extends CommonObject if (!$error) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index e83a4c86a10..af35f691cd0 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -449,7 +449,7 @@ $title = $langs->trans("Project").' - '.$object->ref.($object->thirdparty->name if (!empty($conf->global->MAIN_HTML_TITLE) && preg_match('/projectnameonly/', $conf->global->MAIN_HTML_TITLE)) { $title = $object->ref.($object->thirdparty->name ? ' - '.$object->thirdparty->name : '').($object->title ? ' - '.$object->title : ''); } -$help_url = "EN:Module_Projects|FR:Module_Projets|ES:Módulo_Proyectos"; +$help_url = "EN:Module_Projects|FR:Module_Projets|ES:Módulo_Proyectos|DE:Modul_Projekte"; llxHeader("", $title, $help_url); diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index f28eccf3982..c85ebddadc1 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -550,7 +550,7 @@ class Project extends CommonObject $sql .= " accept_conference_suggestions, accept_booth_suggestions, price_registration, price_booth"; $sql .= " FROM ".MAIN_DB_PREFIX."projet"; if (!empty($id)) { - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); } else { $sql .= " WHERE entity IN (".getEntity('project').")"; if (!empty($ref)) { @@ -621,6 +621,7 @@ class Project extends CommonObject return 0; } else { $this->error = $this->db->lasterror(); + $this->errors[] = $this->db->lasterror(); return -1; } } @@ -832,7 +833,7 @@ class Project extends CommonObject // Delete project if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."projet"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -2104,7 +2105,7 @@ class Project extends CommonObject $sql .= ' date_close as datecloture,'; $sql .= ' fk_user_creat as fk_user_author, fk_user_close as fk_use_cloture'; $sql .= ' FROM '.MAIN_DB_PREFIX.'projet as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 586839f3c69..9a72124199c 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -276,7 +276,7 @@ class Task extends CommonObject if (!empty($ref)) { $sql .= "t.ref = '".$this->db->escape($ref)."'"; } else { - $sql .= "t.rowid = ".$id; + $sql .= "t.rowid = ".((int) $id); } dol_syslog(get_class($this)."::fetch", LOG_DEBUG); @@ -381,7 +381,7 @@ class Task extends CommonObject $sql .= " datee=".($this->date_end != '' ? "'".$this->db->idate($this->date_end)."'" : 'null').","; $sql .= " progress=".(($this->progress != '' && $this->progress >= 0) ? $this->progress : 'null').","; $sql .= " rang=".((!empty($this->rang)) ? $this->rang : "0"); - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -535,7 +535,7 @@ class Task extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."projet_task"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -1369,7 +1369,7 @@ class Task extends CommonObject $sql .= " t.thm,"; $sql .= " t.note"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetchTimeSpent", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/projet/contact.php b/htdocs/projet/contact.php index fed592a808c..7f6c6c4f009 100644 --- a/htdocs/projet/contact.php +++ b/htdocs/projet/contact.php @@ -33,7 +33,12 @@ if ($conf->categorie->enabled) { } // Load translation files required by the page -$langs->loadLangs(array('projects', 'companies')); +$langsLoad=array('projects', 'companies'); +if (!empty($conf->eventorganization->enabled)) { + $langsLoad[]='eventorganization'; +} + +$langs->loadLangs($langsLoad); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); @@ -330,6 +335,11 @@ if ($id > 0 || !empty($ref)) { print $form->textwithpicto($langs->trans("BillTime"), $htmltext); print '
    '; } + if (!empty($conf->eventorganization->enabled)) { + print 'usage_organize_event ? ' checked="checked"' : '')).'"> '; + $htmltext = $langs->trans("EventOrganizationDescriptionLong"); + print $form->textwithpicto($langs->trans("ManageOrganizeEvent"), $htmltext); + } print ''; // Visibility diff --git a/htdocs/projet/element.php b/htdocs/projet/element.php index 353fff374fc..ac8ed3879cd 100644 --- a/htdocs/projet/element.php +++ b/htdocs/projet/element.php @@ -134,6 +134,9 @@ if (!empty($conf->salaries->enabled)) { if (!empty($conf->mrp->enabled)) { $langs->load("mrp"); } +if (!empty($conf->eventorganization->enabled)) { + $langs->load("eventorganization"); +} $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); @@ -254,6 +257,11 @@ if (!empty($conf->global->PROJECT_BILL_TIME_SPENT)) { print $form->textwithpicto($langs->trans("BillTime"), $htmltext); print '
    '; } +if (!empty($conf->eventorganization->enabled)) { + print 'usage_organize_event ? ' checked="checked"' : '')).'"> '; + $htmltext = $langs->trans("EventOrganizationDescriptionLong"); + print $form->textwithpicto($langs->trans("ManageOrganizeEvent"), $htmltext); +} print ''; // Visibility diff --git a/htdocs/projet/event.php b/htdocs/projet/event.php deleted file mode 100644 index b033cb95742..00000000000 --- a/htdocs/projet/event.php +++ /dev/null @@ -1,358 +0,0 @@ - - * Copyright (C) 2012 Laurent Destailleur - * Copyright (C) 2021 florian.henry@scopen.fr - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/projet/event.php - * \ingroup project - * \brief Tab event organization - */ - -require '../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/project.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; -require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; - -// Load translation files required by the page -$langs->load('projects', 'eventorganization'); - -$action = GETPOST('action', 'aZ09'); -$id = GETPOST('id', 'int'); -$ref = GETPOST('ref', 'alpha'); - -$mine = $_REQUEST['mode'] == 'mine' ? 1 : 0; -//if (! $user->rights->projet->all->lire) $mine=1; // Special for projects - -$object = new Project($db); - -include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once - -// Security check -$socid = 0; -if ($user->socid > 0) { - $socid = $user->socid; // For external user, no check is done on company because readability is managed by public status of project and assignement. -} -$result = restrictedArea($user, 'eventorganization', $id); - -$permissiontoread = $user->rights->eventorganization->read; -$permissiontoadd = $user->rights->eventorganization->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php -$permissiontodelete = $user->rights->eventorganization->delete || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT); - -/* - * Actions - */ - -if ($action == 'update' && empty(GETPOST('cancel')) && $permissiontoadd) { - $error = 0; - $object->oldcopy = clone $object; - - $object->accept_conference_suggestions=(GETPOST('accept_conference_suggestions', 'alpha') == 'on' ? 1 : 0); - $object->accept_booth_suggestions=(GETPOST('accept_booth_suggestions', 'alpha') == 'on' ? 1 : 0); - $object->price_registration=price2num(GETPOST('price_registration', 'alphanohtml'));; - $object->price_booth=price2num(GETPOST('price_booth', 'alphanohtml'));; - - $result = $object->update($user); - if ($result < 0) { - setEventMessages($object->error, $object->errors, 'errors'); - $db->rollback(); - $action = 'edit'; - } else { - $db->commit(); - if (GETPOST('socid', 'int') > 0) { - $object->fetch_thirdparty(GETPOST('socid', 'int')); - } else { - unset($object->thirdparty); - } - $action=''; - } -} - - - -/* - * View - */ - -$title = $langs->trans("Project").' - '.$langs->trans("ConferenceOrBoothTab").' - '.$object->ref.' '.$object->name; -if (!empty($conf->global->MAIN_HTML_TITLE) && preg_match('/projectnameonly/', $conf->global->MAIN_HTML_TITLE) && $object->name) { - $title = $object->ref.' '.$object->name.' - '.$langs->trans("Note"); -} -//TODO Make wiki docs -$help_url = ''; -llxHeader("", $title, $help_url); - -$form = new Form($db); -$userstatic = new User($db); - -$now = dol_now(); - -if ($id > 0 || !empty($ref)) { - $head = project_prepare_head($object); - print dol_get_fiche_head($head, 'eventorganisation', $langs->trans('ConferenceOrBoothTab'), -1); - - // Project card - - $linkback = ''.$langs->trans("BackToList").''; - - $morehtmlref = '
    '; - // Title - $morehtmlref .= $object->title; - // Thirdparty - if ($object->thirdparty->id > 0) { - $morehtmlref .= '
    '.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1, 'project'); - } - $morehtmlref .= '
    '; - - // Define a complementary filter for search of next/prev ref. - if (!$user->rights->projet->all->lire) { - $objectsListId = $object->getProjectsAuthorizedForUser($user, 0, 0); - $object->next_prev_filter = " rowid in (".(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; - } - - dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); - - - print '
    '; - print '
    '; - print '
    '; - - print ''; - - // Usage - print ''; - print ''; - - // Visibility - print ''; - - if (!empty($conf->global->PROJECT_USE_OPPORTUNITIES) && !empty($object->usage_opportunity)) { - // Opportunity status - print ''; - - // Opportunity percent - print ''; - - // Opportunity Amount - print ''; - - // Opportunity Weighted Amount - print ''; - } - - // Date start - end - print ''; - - // Budget - print ''; - - // Other attributes - $cols = 2; - include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_view.tpl.php'; - - print '
    '; - print $langs->trans("Usage"); - print ''; - if (!empty($conf->global->PROJECT_USE_OPPORTUNITIES)) { - print 'usage_opportunity ? ' checked="checked"' : '')).'"> '; - $htmltext = $langs->trans("ProjectFollowOpportunity"); - print $form->textwithpicto($langs->trans("ProjectFollowOpportunity"), $htmltext); - print '
    '; - } - if (empty($conf->global->PROJECT_HIDE_TASKS)) { - print 'usage_task ? ' checked="checked"' : '')).'"> '; - $htmltext = $langs->trans("ProjectFollowTasks"); - print $form->textwithpicto($langs->trans("ProjectFollowTasks"), $htmltext); - print '
    '; - } - if (!empty($conf->global->PROJECT_BILL_TIME_SPENT)) { - print 'usage_bill_time ? ' checked="checked"' : '')).'"> '; - $htmltext = $langs->trans("ProjectBillTimeDescription"); - print $form->textwithpicto($langs->trans("BillTime"), $htmltext); - print '
    '; - } - - if (!empty($conf->eventorganization->enabled)) { - print 'usage_organize_event ? ' checked="checked"' : '')).'"> '; - $htmltext = $langs->trans("EventOrganizationDescriptionLong"); - print $form->textwithpicto($langs->trans("ManageOrganizeEvent"), $htmltext); - } - print '
    '.$langs->trans("Visibility").''; - if ($object->public) { - print $langs->trans('SharedProject'); - } else { - print $langs->trans('PrivateProject'); - } - print '
    '.$langs->trans("OpportunityStatus").''; - $code = dol_getIdFromCode($db, $object->opp_status, 'c_lead_status', 'rowid', 'code'); - if ($code) { - print $langs->trans("OppStatus".$code); - } - print '
    '.$langs->trans("OpportunityProbability").''; - if (strcmp($object->opp_percent, '')) { - print price($object->opp_percent, 0, $langs, 1, 0).' %'; - } - print '
    '.$langs->trans("OpportunityAmount").''; - /*if ($object->opp_status) - { - print price($obj->opp_amount, 1, $langs, 1, 0, -1, $conf->currency); - }*/ - if (strcmp($object->opp_amount, '')) { - print price($object->opp_amount, 0, $langs, 1, 0, -1, $conf->currency); - } - print '
    '.$langs->trans('OpportunityWeightedAmount').''; - if (strcmp($object->opp_amount, '') && strcmp($object->opp_percent, '')) { - print price($object->opp_amount * $object->opp_percent / 100, 0, $langs, 1, 0, -1, $conf->currency); - } - print '
    '.$langs->trans("DateStart").' - '.$langs->trans("DateEnd").''; - $start = dol_print_date($object->date_start, 'day'); - print ($start ? $start : '?'); - $end = dol_print_date($object->date_end, 'day'); - print ' - '; - print ($end ? $end : '?'); - if ($object->hasDelay()) { - print img_warning("Late"); - } - print '
    '.$langs->trans("Budget").''; - if (strcmp($object->budget_amount, '')) { - print price($object->budget_amount, 0, $langs, 1, 0, 0, $conf->currency); - } - print '
    '; - - print '
    '; - print '
    '; - print '
    '; - print '
    '; - - if ($action == 'edit') { - print ''; - print ''; - print ''; - print ''; - } - - print ''; - - // Description - print ''; - - // Categories - if ($conf->categorie->enabled) { - print '"; - } - - if ($action == 'edit' && $permissiontoadd) { - //Allow unknown people to suggest conferences - print '"; - - //Allow unknown people to suggest booth - print '"; - - //Price of registration - print '"; - - //Price of registration - print '"; - } else { - //Allow unknown people to suggest conferences - print '"; - - //Allow unknown people to suggest booth - print '"; - - //Price of registration - print '"; - - //Price of registration - print '"; - } - - //ICS Link - print '"; - - print '
    '.$langs->trans("Description").''; - print dol_htmlentitiesbr($object->description); - print '
    '.$langs->trans("Categories").''; - print $form->showCategories($object->id, Categorie::TYPE_PROJECT, 1); - print "
    ' . $langs->trans("AllowUnknownPeopleSuggestConf") . $form->textwithpicto('', $langs->trans("AllowUnknownPeopleSuggestConfHelp")) . ''; - print 'accept_conference_suggestions ? ' checked="checked"' : '')) . '"> '; - print "
    ' . $langs->trans("AllowUnknownPeopleSuggestBooth") . $form->textwithpicto('', $langs->trans("AllowUnknownPeopleSuggestBoothHelp")) . ''; - print 'accept_booth_suggestions ? ' checked="checked"' : '')) . '"> '; - print "
    ' . $langs->trans("PriceOfRegistration") . ''; - print ''; - print "
    ' . $langs->trans("PriceOfBooth") . ''; - print ''; - print "
    ' . $langs->trans("AllowUnknownPeopleSuggestConf") . $form->textwithpicto('', $langs->trans("AllowUnknownPeopleSuggestConfHelp")) . ''; - print 'accept_conference_suggestions ? ' checked="checked"' : '')) . '"> '; - print "
    ' . $langs->trans("AllowUnknownPeopleSuggestBooth") . $form->textwithpicto('', $langs->trans("AllowUnknownPeopleSuggestBoothHelp")) . ''; - print 'accept_booth_suggestions ? ' checked="checked"' : '')) . '"> '; - print "
    ' . $langs->trans("PriceOfRegistration") . ''; - if (strcmp($object->price_registration, '')) { - print price($object->price_registration, 0, $langs, 1, 0, 0, $conf->currency); - } - print "
    ' . $langs->trans("PriceOfBooth") . ''; - if (strcmp($object->price_booth, '')) { - print price($object->price_booth, 0, $langs, 1, 0, 0, $conf->currency); - } - print "
    '.$langs->trans("EventOrganizationICSLink").''; - //TODO ICS Link - //print 'ICS'; - print "
    '; - - print ''; - - print '
    '; - print '
    '; - print '
    '; - - print '
    '; -} - -print dol_get_fiche_end(); - -if ($action == 'edit' && $permissiontoadd > 0) { - print '
    '; - print '     '; - print ''; - print '
    '; - - print ''; -} - - -/* - * Actions Buttons - */ -print '
    '; -$parameters = array(); -$reshook = $hookmanager->executeHooks('addMoreActionsButtons', $parameters, $object, $action); // Note that $action and $object may have been -// modified by hook -if (empty($reshook)) { - // Modify - if ($object->statut != Project::STATUS_CLOSED && $action=='') { - if ($permissiontoadd > 0) { - print ''.$langs->trans("Modify").''; - } else { - print ''.$langs->trans('Modify').''; - } - } -} - -// End of page -llxFooter(); -$db->close(); diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php index 32a12ff36fd..eb5b0ae7b0a 100644 --- a/htdocs/projet/tasks.php +++ b/htdocs/projet/tasks.php @@ -36,7 +36,12 @@ if ($conf->categorie->enabled) { } // Load translation files required by the page -$langs->loadLangs(array('projects', 'users', 'companies')); +$langsLoad=array('projects', 'users', 'companies'); +if (!empty($conf->eventorganization->enabled)) { + $langsLoad[]='eventorganization'; +} + +$langs->loadLangs($langsLoad); $action = GETPOST('action', 'aZ09'); $massaction = GETPOST('massaction', 'alpha'); @@ -351,9 +356,19 @@ llxHeader("", $title, $help_url); if ($id > 0 || !empty($ref)) { - $object->fetch($id, $ref); - $object->fetch_thirdparty(); - $res = $object->fetch_optionals(); + $result = $object->fetch($id, $ref); + if ($result < 0) { + setEventMessages(null, $object->errors, 'errors'); + } + $result = $object->fetch_thirdparty(); + if ($result < 0) { + setEventMessages(null, $object->errors, 'errors'); + } + $result = $object->fetch_optionals(); + if ($result < 0) { + setEventMessages(null, $object->errors, 'errors'); + } + // To verify role of users //$userAccess = $object->restrictedProjectArea($user,'read'); @@ -469,6 +484,11 @@ if ($id > 0 || !empty($ref)) { print $form->textwithpicto($langs->trans("BillTime"), $htmltext); print '
    '; } + if (!empty($conf->eventorganization->enabled)) { + print 'usage_organize_event ? ' checked="checked"' : '')).'"> '; + $htmltext = $langs->trans("EventOrganizationDescriptionLong"); + print $form->textwithpicto($langs->trans("ManageOrganizeEvent"), $htmltext); + } print ''; // Visibility diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index d95fba9d48f..0beacab18a0 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -37,7 +37,12 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php'; // Load translation files required by the page -$langs->loadLangs(array('projects', 'bills', 'orders')); +$langsLoad=array('projects', 'bills', 'orders'); +if (!empty($conf->eventorganization->enabled)) { + $langsLoad[]='eventorganization'; +} + +$langs->loadLangs($langsLoad); $action = GETPOST('action', 'alpha'); $massaction = GETPOST('massaction', 'alpha'); // The bulk action (combo box choice into lists) @@ -629,6 +634,11 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0) { print $form->textwithpicto($langs->trans("BillTime"), $htmltext); print '
    '; } + if (!empty($conf->eventorganization->enabled)) { + print 'usage_organize_event ? ' checked="checked"' : '')).'"> '; + $htmltext = $langs->trans("EventOrganizationDescriptionLong"); + print $form->textwithpicto($langs->trans("ManageOrganizeEvent"), $htmltext); + } print ''; // Visibility diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index 81c375671b0..5b7ba4ecf22 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -334,7 +334,9 @@ if (empty($reshook) && $action == 'create_ticket' && GETPOST('add', 'alpha')) { //setEventMessages($langs->trans('YourTicketSuccessfullySaved'), null, 'mesgs'); // Make a redirect to avoid to have ticket submitted twice if we make back - setEventMessages($langs->trans('MesgInfosPublicTicketCreatedWithTrackId', ''.$object->track_id.'', ''.$object->ref.''), null, 'warnings'); + $messagetoshow = $langs->trans('MesgInfosPublicTicketCreatedWithTrackId', '{s1}', '{s2}'); + $messagetoshow = str_replace(array('{s1}', '{s2}'), array(''.$object->track_id.'', ''.$object->ref.''), $messagetoshow); + setEventMessages($messagetoshow, null, 'warnings'); setEventMessages($langs->trans('PleaseRememberThisId'), null, 'warnings'); header("Location: index.php"); exit; diff --git a/htdocs/reception/class/reception.class.php b/htdocs/reception/class/reception.class.php index a3775498293..a8a55c7faf2 100644 --- a/htdocs/reception/class/reception.class.php +++ b/htdocs/reception/class/reception.class.php @@ -853,7 +853,7 @@ class Reception extends CommonObject $sql .= " model_pdf=".(isset($this->modelpdf) ? "'".$this->db->escape($this->modelpdf)."'" : "null").","; $sql .= " entity=".$conf->entity; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/recruitment/admin/index.html b/htdocs/recruitment/admin/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/recruitment/admin/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/recruitment/class/index.html b/htdocs/recruitment/class/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/recruitment/class/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/recruitment/class/recruitmentcandidature.class.php b/htdocs/recruitment/class/recruitmentcandidature.class.php index 3d80c9b58f5..99ac555ba8e 100644 --- a/htdocs/recruitment/class/recruitmentcandidature.class.php +++ b/htdocs/recruitment/class/recruitmentcandidature.class.php @@ -834,7 +834,7 @@ class RecruitmentCandidature extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/recruitment/class/recruitmentjobposition.class.php b/htdocs/recruitment/class/recruitmentjobposition.class.php index 3e5a926d67a..d82e2265e7e 100644 --- a/htdocs/recruitment/class/recruitmentjobposition.class.php +++ b/htdocs/recruitment/class/recruitmentjobposition.class.php @@ -928,7 +928,7 @@ class RecruitmentJobPosition extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/recruitment/core/modules/recruitment/doc/index.html b/htdocs/recruitment/core/modules/recruitment/doc/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/recruitment/core/modules/recruitment/doc/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/recruitment/core/modules/recruitment/index.html b/htdocs/recruitment/core/modules/recruitment/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/recruitment/core/modules/recruitment/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/recruitment/index.html b/htdocs/recruitment/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/recruitment/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/recruitment/lib/index.html b/htdocs/recruitment/lib/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/recruitment/lib/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/resource/class/dolresource.class.php b/htdocs/resource/class/dolresource.class.php index 0dcf23a9ffb..b3d7fab8082 100644 --- a/htdocs/resource/class/dolresource.class.php +++ b/htdocs/resource/class/dolresource.class.php @@ -275,7 +275,7 @@ class Dolresource extends CommonObject $sql .= " fk_country=".($this->country_id > 0 ? $this->country_id : "null").","; $sql .= " fk_code_type_resource=".(isset($this->fk_code_type_resource) ? "'".$this->db->escape($this->fk_code_type_resource)."'" : "null").","; $sql .= " tms=".(dol_strlen($this->tms) != 0 ? "'".$this->db->idate($this->tms)."'" : 'null').""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -779,7 +779,7 @@ class Dolresource extends CommonObject $sql .= " mandatory=".(isset($this->mandatory) ? $this->mandatory : "null").","; $sql .= " tms=".(dol_strlen($this->tms) != 0 ? "'".$this->db->idate($this->tms)."'" : 'null').""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/resource/list.php b/htdocs/resource/list.php index e5cbcc22d67..356df3a746e 100644 --- a/htdocs/resource/list.php +++ b/htdocs/resource/list.php @@ -1,7 +1,7 @@ * Copyright (C) 2018 Nicolas ZABOURI - * Copyright (C) 2018-2019 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -40,6 +40,7 @@ $resource_id = GETPOST('resource_id', 'int'); $sortorder = GETPOST('sortorder', 'alpha'); $sortfield = GETPOST('sortfield', 'aZ09comma'); +$optioncss = GETPOST('optioncss', 'alpha'); // Initialize context for list $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'resourcelist'; diff --git a/htdocs/salaries/card.php b/htdocs/salaries/card.php index 72d7d4838c0..d8e7e4d4009 100755 --- a/htdocs/salaries/card.php +++ b/htdocs/salaries/card.php @@ -3,7 +3,7 @@ * Copyright (C) 2014-2020 Laurent Destailleur * Copyright (C) 2015 Jean-François Ferry * Copyright (C) 2015 Charlie BENKE - * Copyright (C) 2018 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * Copyright (C) 2021 Gauthier VERDOL * * This program is free software; you can redistribute it and/or modify @@ -44,7 +44,7 @@ if (!empty($conf->projet->enabled)) { $langs->load("projects"); } -$id = GETPOST("id", 'int'); +$id = GETPOSTINT('id'); $action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $accountid = GETPOST('accountid', 'int') > 0 ? GETPOST('accountid', 'int') : 0; @@ -60,11 +60,11 @@ $datep = dol_mktime(12, 0, 0, GETPOST("datepmonth", 'int'), GETPOST("datepday", $datev = dol_mktime(12, 0, 0, GETPOST("datevmonth", 'int'), GETPOST("datevday", 'int'), GETPOST("datevyear", 'int')); $datesp = dol_mktime(12, 0, 0, GETPOST("datespmonth", 'int'), GETPOST("datespday", 'int'), GETPOST("datespyear", 'int')); $dateep = dol_mktime(12, 0, 0, GETPOST("dateepmonth", 'int'), GETPOST("dateepday", 'int'), GETPOST("dateepyear", 'int')); -$label = GETPOST('label'); -$fk_user = GETPOST('userid', 'int'); +$label = GETPOST('label', 'alphanohtml'); +$fk_user = GETPOSTINT('userid'); // Security check -$socid = GETPOST("socid", "int"); +$socid = GETPOSTINT('socid'); if ($user->socid) { $socid = $user->socid; } diff --git a/htdocs/salaries/class/paymentsalary.class.php b/htdocs/salaries/class/paymentsalary.class.php index 0feefbfb076..dc7e310d560 100644 --- a/htdocs/salaries/class/paymentsalary.class.php +++ b/htdocs/salaries/class/paymentsalary.class.php @@ -97,6 +97,13 @@ class PaymentSalary extends CommonObject */ public $fk_user_modif; + /** + * @var array + */ + public $fields = array( + 'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-2, 'notnull'=>1, 'index'=>1, 'position'=>1, 'comment'=>'Id'), + ); + /** * Constructor * @@ -238,7 +245,7 @@ class PaymentSalary extends CommonObject $sql .= ' b.fk_account'; $sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as t LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pt ON t.fk_typepayment = pt.id"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON t.fk_bank = b.rowid'; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); // TODO link on entity of tax; dol_syslog(get_class($this)."::fetch", LOG_DEBUG); @@ -319,7 +326,7 @@ class PaymentSalary extends CommonObject $sql .= " fk_bank=".(isset($this->fk_bank) ? $this->fk_bank : "null").","; $sql .= " fk_user_author=".(isset($this->fk_user_author) ? $this->fk_user_author : "null").","; $sql .= " fk_user_modif=".(isset($this->fk_user_modif) ? $this->fk_user_modif : "null").""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -370,7 +377,7 @@ class PaymentSalary extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_salary"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/salaries/class/salary.class.php b/htdocs/salaries/class/salary.class.php index 6990445efd0..fdd1bfd7f73 100644 --- a/htdocs/salaries/class/salary.class.php +++ b/htdocs/salaries/class/salary.class.php @@ -148,7 +148,7 @@ class Salary extends CommonObject $sql .= " fk_user_author=".((int) $this->fk_user_author).","; $sql .= " fk_user_modif=".($this->fk_user_modif > 0 ? (int) $this->fk_user_modif : 'null'); - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -218,7 +218,7 @@ class Salary extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."salary as s"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON s.fk_bank = b.rowid"; - $sql .= " WHERE s.rowid = ".$id; + $sql .= " WHERE s.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -293,7 +293,7 @@ class Salary extends CommonObject }*/ $sql = "DELETE FROM ".MAIN_DB_PREFIX."salary"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); @@ -585,7 +585,7 @@ class Salary extends CommonObject { $sql = 'SELECT ps.rowid, ps.datec, ps.fk_user_author'; $sql .= ' FROM '.MAIN_DB_PREFIX.'salary as ps'; - $sql .= ' WHERE ps.rowid = '.$id; + $sql .= ' WHERE ps.rowid = '.((int) $id); dol_syslog(get_class($this).'::info', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/salaries/index.html b/htdocs/salaries/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/salaries/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/societe/class/companybankaccount.class.php b/htdocs/societe/class/companybankaccount.class.php index ab8271d7b70..c611ccab462 100644 --- a/htdocs/societe/class/companybankaccount.class.php +++ b/htdocs/societe/class/companybankaccount.class.php @@ -214,7 +214,7 @@ class CompanyBankAccount extends Account $sql .= " owner_address, default_rib, label, datec, tms as datem, rum, frstrecur, date_rum"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_rib"; if ($id) { - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); } if ($socid) { $sql .= " WHERE fk_soc = ".$socid; diff --git a/htdocs/societe/class/companypaymentmode.class.php b/htdocs/societe/class/companypaymentmode.class.php index 39b14862f12..db19840fd8e 100644 --- a/htdocs/societe/class/companypaymentmode.class.php +++ b/htdocs/societe/class/companypaymentmode.class.php @@ -544,7 +544,7 @@ class CompanyPaymentMode extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index fa8ed580ac0..47d714e08db 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -1812,6 +1812,7 @@ class Societe extends CommonObject $this->db->free($resql); } else { $this->error = $this->db->lasterror(); + $this->errors[] = $this->db->lasterror(); $result = -3; } @@ -1937,7 +1938,7 @@ class Societe extends CommonObject // Remove third party if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe"; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); if (!$this->db->query($sql)) { $error++; $this->errors[] = $this->db->lasterror(); @@ -3632,7 +3633,7 @@ class Societe extends CommonObject $sql = "SELECT s.rowid, s.nom as name, s.datec as date_creation, tms as date_modification,"; $sql .= " fk_user_creat, fk_user_modif"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; - $sql .= " WHERE s.rowid = ".$id; + $sql .= " WHERE s.rowid = ".((int) $id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/societe/class/societeaccount.class.php b/htdocs/societe/class/societeaccount.class.php index 64a914ff549..5be05d99a56 100644 --- a/htdocs/societe/class/societeaccount.class.php +++ b/htdocs/societe/class/societeaccount.class.php @@ -514,7 +514,7 @@ class SocieteAccount extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index 7c3500f7e78..74685d37b05 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -79,7 +79,7 @@ $search_zip = trim(GETPOST("search_zip", 'alpha')); $search_state = trim(GETPOST("search_state", 'alpha')); $search_region = trim(GETPOST("search_region", 'alpha')); $search_email = trim(GETPOST('search_email', 'alpha')); -$search_phone = trim(GETPOST('search_phone', 'ahttps://wiki.dolibarr.org/index.php?title=Migrer_mon_Dolibarr_vers_une_offre_Cloudlpha')); +$search_phone = trim(GETPOST('search_phone', 'alpha')); $search_fax = trim(GETPOST('search_fax', 'alpha')); $search_url = trim(GETPOST('search_url', 'alpha')); $search_idprof1 = trim(GETPOST('search_idprof1', 'alpha')); diff --git a/htdocs/societe/price.php b/htdocs/societe/price.php index a101f74258f..d7d373f721a 100644 --- a/htdocs/societe/price.php +++ b/htdocs/societe/price.php @@ -145,7 +145,7 @@ if (empty($reshook)) { if ($action == 'delete_customer_price' && ($user->rights->produit->creer || $user->rights->service->creer)) { // Delete price by customer - $prodcustprice->id = GETPOST('lineid'); + $prodcustprice->id = GETPOST('lineid', 'int'); $result = $prodcustprice->delete($user); if ($result < 0) { @@ -368,99 +368,101 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { print load_fiche_titre($langs->trans('PriceByCustomer')); $result = $prodcustprice->fetch(GETPOST('lineid', 'int')); - if ($result < 0) { + + if ($result <= 0) { setEventMessages($prodcustprice->error, $prodcustprice->errors, 'errors'); - } - - print '
    '; - print ''; - print ''; - print ''; - print ''; - print ''; - print ''; - $staticprod = new Product($db); - $staticprod->fetch($prodcustprice->fk_product); - print ""; - print ''; - - // Ref. Customer - print ''; - print ''; - - // VAT - print ''; - - // Price base - print ''; - print ''; - print ''; - - // Price - print ''; - - // Price minimum - print ''; - - // Update all child soc - print ''; - print ''; - print ''; - - print '
    '.$langs->trans('Product').'".$staticprod->getNomUrl(1)."
    '.$langs->trans('RefCustomer').'
    '.$langs->trans("VATRate").''; - print $form->load_tva("tva_tx", $prodcustprice->tva_tx, $mysoc, '', $staticprod->id, $prodcustprice->recuperableonly); - print '
    '; - print $langs->trans('PriceBase'); - print ''; - print $form->selectPriceBaseType($prodcustprice->price_base_type, "price_base_type"); - print '
    '; - $text = $langs->trans('SellingPrice'); - print $form->textwithpicto($text, $langs->trans("PrecisionUnitIsLimitedToXDecimals", $conf->global->MAIN_MAX_DECIMALS_UNIT), 1, 1); - print ''; - if ($prodcustprice->price_base_type == 'TTC') { - print ''; } else { - print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + $staticprod = new Product($db); + $staticprod->fetch($prodcustprice->fk_product); + print ""; + print ''; + + // Ref. Customer + print ''; + print ''; + + // VAT + print ''; + + // Price base + print ''; + print ''; + print ''; + + // Price + print ''; + + // Price minimum + print ''; + + // Update all child soc + print ''; + print ''; + print ''; + + print '
    '.$langs->trans('Product').'".$staticprod->getNomUrl(1)."
    '.$langs->trans('RefCustomer').'
    '.$langs->trans("VATRate").''; + print $form->load_tva("tva_tx", $prodcustprice->tva_tx, $mysoc, '', $staticprod->id, $prodcustprice->recuperableonly); + print '
    '; + print $langs->trans('PriceBase'); + print ''; + print $form->selectPriceBaseType($prodcustprice->price_base_type, "price_base_type"); + print '
    '; + $text = $langs->trans('SellingPrice'); + print $form->textwithpicto($text, $langs->trans("PrecisionUnitIsLimitedToXDecimals", $conf->global->MAIN_MAX_DECIMALS_UNIT), 1, 1); + print ''; + if ($prodcustprice->price_base_type == 'TTC') { + print ''; + } else { + print ''; + } + print '
    '; + $text = $langs->trans('MinPrice'); + print $form->textwithpicto($text, $langs->trans("PrecisionUnitIsLimitedToXDecimals", $conf->global->MAIN_MAX_DECIMALS_UNIT), 1, 1); + print ''; + if ($prodcustprice->price_base_type == 'TTC') { + print ''; + } else { + print ''; + } + print '
    '; + print $langs->trans('ForceUpdateChildPriceSoc'); + print ''; + print ''; + print '
    '; + + print '
    '; + print ''; + print '     '; + print ''; + print '
    '; + + print '
    '; } - print '
    '; - $text = $langs->trans('MinPrice'); - print $form->textwithpicto($text, $langs->trans("PrecisionUnitIsLimitedToXDecimals", $conf->global->MAIN_MAX_DECIMALS_UNIT), 1, 1); - print ''; - if ($prodcustprice->price_base_type == 'TTC') { - print ''; - } else { - print ''; - } - print '
    '; - print $langs->trans('ForceUpdateChildPriceSoc'); - print ''; - print ''; - print '
    '; - - print '
    '; - print ''; - print '     '; - print ''; - print '
    '; - - print '
    '; } elseif ($action == 'showlog_customer_price') { print '
    '; print ''."\n"; $filter = array( - 't.fk_product' => GETPOST('prodid', 'int'), 't.fk_soc' => $socid + 't.fk_product' => GETPOST('prodid', 'int'), + 't.fk_soc' => $socid ); // Count total nb of records $nbtotalofrecords = ''; - if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { - $nbtotalofrecords = $prodcustprice->fetch_all_log($sortorder, $sortfield, $conf->liste_limit, $offset, $filter); - } - $result = $prodcustprice->fetch_all_log($sortorder, $sortfield, $conf->liste_limit, $offset, $filter); if ($result < 0) { setEventMessages($prodcustprice->error, $prodcustprice->errors, 'errors'); + } else { + if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { + $nbtotalofrecords = $result; + } } $option = '&socid='.GETPOST('socid', 'int').'&prodid='.GETPOST('prodid', 'int'); @@ -485,14 +487,18 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { print ''.$langs->trans("MinPrice").' '.$langs->trans("HT").''; print ''.$langs->trans("MinPrice").' '.$langs->trans("TTC").''; print ''.$langs->trans("ChangedBy").''; - print ' '; + print ''; print ''; foreach ($prodcustprice->lines as $line) { - print ''; $staticprod = new Product($db); $staticprod->fetch($line->fk_product); + $userstatic = new User($db); + $userstatic->fetch($line->fk_user); + + print ''; + print "".$staticprod->getNomUrl(1).""; print ''.$line->ref_customer.''; print "".dol_print_date($line->datec, "dayhour").""; @@ -505,11 +511,10 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { print ''.price($line->price_min_ttc).''; // User - $userstatic = new User($db); - $userstatic->fetch($line->fk_user); print ''; - print $userstatic->getLoginUrl(1); + print $userstatic->getNomUrl(-1); print ''; + print ''; } print ""; } else { @@ -571,17 +576,22 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { print ''.$langs->trans("MinPrice").' '.$langs->trans("HT").''; print ''.$langs->trans("MinPrice").' '.$langs->trans("TTC").''; print ''.$langs->trans("ChangedBy").''; - print ' '; + print ''; print ''; if (count($prodcustprice->lines) > 0 || $search_prod) { print ''; print ''; print ''; - print ' '; - print ''; - print ''; - print ' '; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; // Print the search button print ''; $searchpicto = $form->showFilterAndCheckAddButtons(0); @@ -592,30 +602,28 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { if (count($prodcustprice->lines) > 0) { foreach ($prodcustprice->lines as $line) { - print ''; - $staticprod = new Product($db); $staticprod->fetch($line->fk_product); + $userstatic = new User($db); + $userstatic->fetch($line->fk_user); + + print ''; + print "".$staticprod->getNomUrl(1).""; print "".$staticprod->label.""; print ''.$line->ref_customer.''; print "".dol_print_date($line->datec, "dayhour").""; - print ''.$langs->trans($line->price_base_type).""; print ''.vatrate($line->tva_tx.($line->default_vat_code ? ' ('.$line->default_vat_code.')' : ''), true, $line->recuperableonly).""; print ''.price($line->price).""; print ''.price($line->price_ttc).""; print ''.price($line->price_min).''; print ''.price($line->price_min_ttc).''; - // User - $userstatic = new User($db); - $userstatic->fetch($line->fk_user); print ''; - print $userstatic->getLoginUrl(1); + print $userstatic->getNomUrl(-1); print ''; - // Action if ($user->rights->produit->creer || $user->rights->service->creer) { print ''; diff --git a/htdocs/stripe/transaction.php b/htdocs/stripe/transaction.php index 9206507464b..cde14647061 100644 --- a/htdocs/stripe/transaction.php +++ b/htdocs/stripe/transaction.php @@ -1,6 +1,6 @@ - * Copyright (C) 2018 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -51,7 +51,7 @@ if (empty($page) || $page == -1) { $offset = $limit * $page; $pageprev = $page - 1; $pagenext = $page + 1; - +$optioncss = GETPOST('optioncss', 'alpha'); /* @@ -185,12 +185,10 @@ if (!$rowid) { //print "".$charge->customer."\n"; // Link /*print ""; - if ($societestatic->id > 0) - { + if ($societestatic->id > 0) { print $societestatic->getNomUrl(1); } - if ($memberstatic->id > 0) - { + if ($memberstatic->id > 0) { print $memberstatic->getNomUrl(1); } print "\n";*/ diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index f413dfa2f78..78b1df5f6a4 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -959,7 +959,7 @@ class SupplierProposal extends CommonObject if ($this->id) { $this->ref = '(PROV'.$this->id.')'; - $sql = 'UPDATE '.MAIN_DB_PREFIX."supplier_proposal SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX."supplier_proposal SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php index 208c8242ab4..0bb4936d460 100644 --- a/htdocs/supplier_proposal/list.php +++ b/htdocs/supplier_proposal/list.php @@ -90,6 +90,7 @@ $yearvalid = GETPOST("yearvalid"); $monthvalid = GETPOST("monthvalid"); $dayvalid = GETPOST("dayvalid"); +$optioncss = GETPOST('optioncss', 'alpha'); $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); $sortorder = GETPOST("sortorder", 'alpha'); diff --git a/htdocs/takepos/ajax/ajax.php b/htdocs/takepos/ajax/ajax.php index 9be52f21031..136841a8683 100644 --- a/htdocs/takepos/ajax/ajax.php +++ b/htdocs/takepos/ajax/ajax.php @@ -47,7 +47,7 @@ if (!defined('NOBROWSERNOTIF')) { require '../../main.inc.php'; // Load $user and permissions require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; -$category = GETPOST('category', 'alpha'); +$category = GETPOST('category', 'alphanohtml'); // Can be id of category or 'supplements' $action = GETPOST('action', 'aZ09'); $term = GETPOST('term', 'alpha'); $id = GETPOST('id', 'int'); diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php index f78d8d44811..7fd162c5fbd 100644 --- a/htdocs/takepos/invoice.php +++ b/htdocs/takepos/invoice.php @@ -850,6 +850,7 @@ if ($action == "valid" || $action == "history" || $action == 'creditnote') { } } + /* * View */ @@ -1009,7 +1010,7 @@ function DolibarrTakeposPrinting(id) { console.log("DolibarrTakeposPrinting Printing invoice ticket " + id) $.ajax({ type: "GET", - url: "" + id, + url: "" + id, }); } diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index b3d148e9d39..d3909983c52 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -2010,7 +2010,7 @@ span.widthpictotitle.pictotitle { padding-right: 1px; padding-top: 1px; padding-bottom: 1px; - width: 44px; + width: 50px; text-align:center; } div.attacharea { diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index fdf5686df1c..2209c87c22b 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -1981,7 +1981,7 @@ img.hideonsmartphone.pictoactionview { padding-right: 1px; padding-top: 1px; padding-bottom: 1px; - width: 44px; + width: 50px; text-align:center; } div.attacharea { diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index c4730008285..237edd265de 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -914,7 +914,7 @@ class Ticket extends CommonObject $sql .= " datec=".(dol_strlen($this->datec) != 0 ? "'".$this->db->idate($this->datec)."'" : 'null').","; $sql .= " date_read=".(dol_strlen($this->date_read) != 0 ? "'".$this->db->idate($this->date_read)."'" : 'null').","; $sql .= " date_close=".(dol_strlen($this->date_close) != 0 ? "'".$this->db->idate($this->date_close)."'" : 'null').""; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); @@ -1008,7 +1008,7 @@ class Ticket extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."ticket"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::delete sql=".$sql); $resql = $this->db->query($sql); @@ -2909,6 +2909,7 @@ class Ticket extends CommonObject global $conf, $user, $langs; $now = dol_now(); + $delay_warning = 0; $this->nbtodo = $this->nbtodolate = 0; $clause = " WHERE"; @@ -2951,8 +2952,8 @@ class Ticket extends CommonObject while ($obj = $this->db->fetch_object($resql)) { $response->nbtodo++; if ($mode == 'opened') { - $datelimit = $this->db->jdate($obj->datefin); - if ($datelimit < ($now - $delay_warning)) { + $datelimit = $this->db->jdate($obj->datec) + $delay_warning; + if ($datelimit < $now) { //$response->nbtodolate++; } } diff --git a/htdocs/ticket/index.php b/htdocs/ticket/index.php index 31a1efe2481..de341f2f62d 100644 --- a/htdocs/ticket/index.php +++ b/htdocs/ticket/index.php @@ -1,6 +1,7 @@ * Copyright (C) - 2019 Nicolas ZABOURI + * Copyright (C) 2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -127,11 +128,13 @@ print '
    '; $tick = array( 'unread' => 0, 'read' => 0, + 'needmoreinfo' => 0, 'answered' => 0, 'assigned' => 0, 'inprogress' => 0, 'waiting' => 0, 'closed' => 0, + 'canceled' => 0, 'deleted' => 0, ); @@ -144,7 +147,7 @@ $sql .= ' WHERE t.entity IN ('.getEntity('ticket').')'; $sql .= dolSqlDateFilter('datec', 0, 0, $endyear); if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } // External users restriction @@ -153,7 +156,7 @@ if ($user->socid > 0) { } else { // For internals users, if (!empty($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY) && !$user->rights->ticket->manage) { - $sql .= " AND t.fk_user_assign = ".$user->id; + $sql .= " AND t.fk_user_assign = ".((int) $user->id); } } $sql .= " GROUP BY t.fk_statut"; @@ -322,7 +325,7 @@ if ($user->socid > 0) { $sql .= " AND t.fk_soc= ".((int) $user->socid); } else { // Restricted to assigned user only - if ($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY && !$user->rights->ticket->manage) { + if (!empty($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY) && !$user->rights->ticket->manage) { $sql .= " AND t.fk_user_assign=".$user->id; } } diff --git a/htdocs/user/card.php b/htdocs/user/card.php index f3866e0caf5..c1abbc2e4ae 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -13,7 +13,7 @@ * Copyright (C) 2015 Ari Elbaz (elarifr) * Copyright (C) 2015-2018 Charlene Benke * Copyright (C) 2016 Raphaël Doursenaud - * Copyright (C) 2018-2020 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * Copyright (C) 2018 David Beniamine * * This program is free software; you can redistribute it and/or modify @@ -1247,9 +1247,10 @@ if ($action == 'create' || $action == 'adduserldap') { } else { // View and edit mode if ($id > 0) { - $object->fetch($id, '', '', 1); + $res = $object->fetch($id, '', '', 1); if ($res < 0) { - dol_print_error($db, $object->error); exit; + dol_print_error($db, $object->error); + exit; } $res = $object->fetch_optionals(); diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index bcf42ffe43e..b27e12e3f3e 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -457,7 +457,7 @@ class User extends CommonObject } elseif ($email) { $sql .= " AND u.email = '".$this->db->escape($email)."'"; } else { - $sql .= " AND u.rowid = ".$id; + $sql .= " AND u.rowid = ".((int) $id); } $sql .= " ORDER BY u.entity ASC"; // Avoid random result when there is 2 login in 2 different entities @@ -1503,7 +1503,7 @@ class User extends CommonObject } elseif (!empty($this->pass_crypted)) { // If a crypted password is already known, we save it directly into database because the previous create did not save it. $sql = "UPDATE ".MAIN_DB_PREFIX."user"; $sql .= " SET pass_crypted = '".$this->db->escape($this->pass_crypted)."'"; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -1514,7 +1514,7 @@ class User extends CommonObject if ($result > 0 && $member->fk_soc) { // If member is linked to a thirdparty $sql = "UPDATE ".MAIN_DB_PREFIX."user"; $sql .= " SET fk_soc=".$member->fk_soc; - $sql .= " WHERE rowid=".$this->id; + $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::create_from_member", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2866,7 +2866,7 @@ class User extends CommonObject $sql = "SELECT u.rowid, u.login as ref, u.datec,"; $sql .= " u.tms as date_modification, u.entity"; $sql .= " FROM ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE u.rowid = ".$id; + $sql .= " WHERE u.rowid = ".((int) $id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/user/class/userbankaccount.class.php b/htdocs/user/class/userbankaccount.class.php index f113fb3ea32..7323fb93ab2 100644 --- a/htdocs/user/class/userbankaccount.class.php +++ b/htdocs/user/class/userbankaccount.class.php @@ -169,7 +169,7 @@ class UserBankAccount extends Account $sql .= " owner_address, label, datec, tms as datem"; $sql .= " FROM ".MAIN_DB_PREFIX."user_rib"; if ($id) { - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); } if ($ref) { $sql .= " WHERE label = '".$this->db->escape($ref)."'"; diff --git a/htdocs/user/hierarchy.php b/htdocs/user/hierarchy.php index 10cc58d43b9..6073ca4c88f 100644 --- a/htdocs/user/hierarchy.php +++ b/htdocs/user/hierarchy.php @@ -4,7 +4,7 @@ * Copyright (C) 2006-2015 Laurent Destailleur * Copyright (C) 2007 Patrick Raguin * Copyright (C) 2005-2012 Regis Houssin - * Copyright (C) 2019 Frédéric France + * Copyright (C) 2019-2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -44,6 +44,7 @@ if ($user->socid > 0) { $sall = trim((GETPOST('search_all', 'alphanohtml') != '') ?GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml')); $search_user = GETPOST('search_user', 'alpha'); +$optioncss = GETPOST('optioncss', 'alpha'); // Load mode employee $mode = GETPOST("mode", 'alpha'); diff --git a/htdocs/website/class/website.class.php b/htdocs/website/class/website.class.php index fe2e6aab4cf..1d30b71ad0a 100644 --- a/htdocs/website/class/website.class.php +++ b/htdocs/website/class/website.class.php @@ -522,7 +522,7 @@ class Website extends CommonObject $sql .= ' fk_user_modif = '.(!isset($this->fk_user_modif) ? $user->id : $this->fk_user_modif).','; $sql .= ' date_creation = '.(!isset($this->date_creation) || dol_strlen($this->date_creation) != 0 ? "'".$this->db->idate($this->date_creation)."'" : 'null').','; $sql .= ' tms = '.(dol_strlen($this->date_modification) != 0 ? "'".$this->db->idate($this->date_modification)."'" : "'".$this->db->idate(dol_now())."'"); - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $this->db->begin(); @@ -597,7 +597,7 @@ class Website extends CommonObject if (!$error) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' WHERE rowid='.$this->id; + $sql .= ' WHERE rowid='.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/website/class/websitepage.class.php b/htdocs/website/class/websitepage.class.php index c6c4d81d04e..f59b8bbc5a5 100644 --- a/htdocs/website/class/websitepage.class.php +++ b/htdocs/website/class/websitepage.class.php @@ -284,7 +284,7 @@ class WebsitePage extends CommonObject //$sql .= ' WHERE entity IN ('.getEntity('website').')'; // entity is on website level $sql .= ' WHERE 1 = 1'; if ($id > 0) { - $sql .= ' AND t.rowid = '.$id; + $sql .= ' AND t.rowid = '.((int) $id); } else { if ($id < 0) { $sql .= ' AND t.rowid <> '.abs($id); diff --git a/htdocs/workstation/class/index.html b/htdocs/workstation/class/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/workstation/class/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/workstation/class/workstation.class.php b/htdocs/workstation/class/workstation.class.php index e96056688e4..07edb353aa4 100755 --- a/htdocs/workstation/class/workstation.class.php +++ b/htdocs/workstation/class/workstation.class.php @@ -177,8 +177,8 @@ class Workstation extends CommonObject { global $conf, $langs; - dol_include_once('/workstation/class/workstationusergroup.class.php'); - dol_include_once('/workstation/class/workstationresource.class.php'); + require_once DOL_DOCUMENT_ROOT.'/workstation/class/workstationusergroup.class.php'; + require_once DOL_DOCUMENT_ROOT.'/workstation/class/workstationresource.class.php'; $this->db = $db; @@ -872,7 +872,7 @@ class Workstation extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/workstation/index.html b/htdocs/workstation/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/workstation/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/workstation/lib/index.html b/htdocs/workstation/lib/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/workstation/lib/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/zapier/class/hook.class.php b/htdocs/zapier/class/hook.class.php index 412a9d602fa..92066e496e2 100644 --- a/htdocs/zapier/class/hook.class.php +++ b/htdocs/zapier/class/hook.class.php @@ -639,7 +639,7 @@ class Hook extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index 5e05daa5b9f..b3a95d5f816 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -192,7 +192,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase $_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices'; $result=testSqlAndScriptInject($_SERVER["PHP_SELF"], 2); - $this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject expected 0a'); + $this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject for PHP_SELF that should be ok'); $test = 'This is a < inside string with < and > also and tag like before the >'; $result=testSqlAndScriptInject($test, 0); @@ -203,7 +203,11 @@ class SecurityTest extends PHPUnit\Framework\TestCase $_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices;badaction'; $result=testSqlAndScriptInject($_SERVER["PHP_SELF"], 2); - $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject 1b'); + $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject for PHP_SELF that should detect XSS'); + + $test = 'javascript&colon;alert(1)'; + $result=testSqlAndScriptInject($test, 0); + $this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject expected 1a'); $test=""; $result=testSqlAndScriptInject($test, 0); @@ -318,10 +322,13 @@ class SecurityTest extends PHPUnit\Framework\TestCase $_POST['param8c']='< with space after is ok'; $_POST['param8d']='objnotdefined\''; $_POST["param11"]=' Name '; $_POST["param12"]='aaa'; + //$_POST["param13"]='javascript%26colon%26%23x3B%3Balert(1)'; + //$_POST["param14"]='javascripT&javascript#x3a alert(1)'; $result=GETPOST('id', 'int'); // Must return nothing print __METHOD__." result=".$result."\n"; @@ -336,6 +343,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase $this->assertEquals($result, 333, 'Test on param1 with 3rd param = 2'); // Test alpha + $result=GETPOST("param2", 'alpha'); print __METHOD__." result=".$result."\n"; $this->assertEquals($result, $_GET["param2"], 'Test on param2'); @@ -349,6 +357,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase $this->assertEquals($result, 'dir'); // Test aZ09 + $result=GETPOST("param1", 'aZ09'); print __METHOD__." result=".$result."\n"; $this->assertEquals($result, $_GET["param1"]); @@ -378,6 +387,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase $this->assertEquals('">', $result); // With restricthtml we must remove html open/close tag and content but not htmlentities like n + $result=GETPOST("param7", 'restricthtml'); print __METHOD__." result=".$result."\n"; $this->assertEquals('"c:\this is a path~1\aaan" abcdef', $result); @@ -403,6 +413,10 @@ class SecurityTest extends PHPUnit\Framework\TestCase print __METHOD__." result=".$result."\n"; $this->assertEquals($_POST['param8e'], $result, 'Test a string with non closing html tag with alphanohtml'); + $result=GETPOST("param8f", 'alphanohtml'); + print __METHOD__." result=".$result."\n"; + $this->assertEquals('abcsvg animate onbegin=alert(document.domain) a', $result, 'Test a string with html tag open with several <'); + $result=GETPOST("param9", 'alphanohtml'); print __METHOD__." result=".$result."\n"; $this->assertEquals($_POST["param9"], $result); @@ -423,6 +437,47 @@ class SecurityTest extends PHPUnit\Framework\TestCase print __METHOD__." result=".$result."\n"; $this->assertEquals(trim($_POST["param12"]), $result, 'Test a string with DOCTYPE and restricthtml'); + /*$result=GETPOST("param13", 'alphanohtml'); + print __METHOD__." result=".$result."\n"; + $this->assertEquals(trim($_POST["param13"]), $result, 'Test a string and alphanohtml'); + + $result=GETPOST("param14", 'alphanohtml'); + print __METHOD__." result=".$result."\n"; + $this->assertEquals(trim($_POST["param14"]), $result, 'Test a string and alphanohtml'); + */ + + // Special test for GETPOST of backtopage or backtolist parameter + + $_POST["backtopage"]='//www.google.com'; + $result=GETPOST("backtopage"); + print __METHOD__." result=".$result."\n"; + $this->assertEquals('www.google.com', $result, 'Test for backtopage param'); + + $_POST["backtopage"]='https:https://www.google.com'; + $result=GETPOST("backtopage"); + print __METHOD__." result=".$result."\n"; + $this->assertEquals('www.google.com', $result, 'Test for backtopage param'); + + $_POST["backtolist"]='::HTTPS://www.google.com'; + $result=GETPOST("backtolist"); + print __METHOD__." result=".$result."\n"; + $this->assertEquals('www.google.com', $result, 'Test for backtopage param'); + + $_POST["backtopage"]='http:www.google.com'; + $result=GETPOST("backtopage"); + print __METHOD__." result=".$result."\n"; + $this->assertEquals('httpwww.google.com', $result, 'Test for backtopage param'); + + $_POST["backtopage"]='/mydir/mypage.php?aa=a%10a'; + $result=GETPOST("backtopage"); + print __METHOD__." result=".$result."\n"; + $this->assertEquals('/mydir/mypage.php?aa=a%10a', $result, 'Test for backtopage param'); + + $_POST["backtopage"]='javascripT&javascript#javascriptxjavascript3a alert(1)'; + $result=GETPOST("backtopage"); + print __METHOD__." result=".$result."\n"; + $this->assertEquals('x3a alert(1)', $result, 'Test for backtopage param'); + return $result; } @@ -621,6 +676,32 @@ class SecurityTest extends PHPUnit\Framework\TestCase return 0; } + /** + * testDolSanitizeUrl + * + * @return void + */ + public function testDolSanitizeUrl() + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $test = 'javascripT&javascript#x3a alert(1)'; + $result=dol_sanitizeUrl($test); + $this->assertEquals('x3a alert(1)', $result, 'Test on dol_sanitizeUrl A'); + + $test = 'javajavascriptscript&cjavascriptolon;alert(1)'; + $result=dol_sanitizeUrl($test); + $this->assertEquals('alert(1)', $result, 'Test on dol_sanitizeUrl B'); + + $test = '/javas:cript/google.com'; + $result=dol_sanitizeUrl($test); + $this->assertEquals('google.com', $result, 'Test on dol_sanitizeUrl C'); + } + /** * testDolSanitizeFileName *