diff --git a/htdocs/accountancy/bookkeeping/card.php b/htdocs/accountancy/bookkeeping/card.php
index f0042f962bb..e9f50e77715 100644
--- a/htdocs/accountancy/bookkeeping/card.php
+++ b/htdocs/accountancy/bookkeeping/card.php
@@ -153,13 +153,13 @@ else if ($action == "add") {
$book->label_operation= $label_operation;
$book->debit = $debit;
$book->credit = $credit;
- $book->doc_date = GETPOST('doc_date');
- $book->doc_type = GETPOST('doc_type');
+ $book->doc_date = GETPOST('doc_date','alpha');
+ $book->doc_type = GETPOST('doc_type','alpha');
$book->piece_num = $piece_num;
- $book->doc_ref = GETPOST('doc_ref');
- $book->code_journal = GETPOST('code_journal');
- $book->fk_doc = GETPOST('fk_doc');
- $book->fk_docdet = GETPOST('fk_docdet');
+ $book->doc_ref = GETPOST('doc_ref','alpha');
+ $book->code_journal = GETPOST('code_journal','alpha');
+ $book->fk_doc = GETPOST('fk_doc','alpha');
+ $book->fk_docdet = GETPOST('fk_docdet','alpha');
if (floatval($debit) != 0.0) {
$book->montant = $debit;
@@ -210,7 +210,7 @@ else if ($action == "confirm_create") {
$book = new BookKeeping($db);
- if (! GETPOST('code_journal') || GETPOST('code_journal') == '-1') {
+ if (! GETPOST('code_journal','alpha') || GETPOST('code_journal','alpha') == '-1') {
setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentitiesnoconv("Journal")), null, 'errors');
$action='create';
$error++;
@@ -226,11 +226,11 @@ else if ($action == "confirm_create") {
$book->label_compte = '';
$book->debit = 0;
$book->credit = 0;
- $book->doc_date = $date_start = dol_mktime(0, 0, 0, GETPOST('doc_datemonth'), GETPOST('doc_dateday'), GETPOST('doc_dateyear'));
- $book->doc_type = GETPOST('doc_type');
- $book->piece_num = GETPOST('next_num_mvt');
- $book->doc_ref = GETPOST('doc_ref');
- $book->code_journal = GETPOST('code_journal');
+ $book->doc_date = $date_start = dol_mktime(0, 0, 0, GETPOST('doc_datemonth','int'), GETPOST('doc_dateday','int'), GETPOST('doc_dateyear','int'));
+ $book->doc_type = GETPOST('doc_type','alpha');
+ $book->piece_num = GETPOST('next_num_mvt','alpha');
+ $book->doc_ref = GETPOST('doc_ref','alpha');
+ $book->code_journal = GETPOST('code_journal','alpha');
$book->fk_doc = 0;
$book->fk_docdet = 0;
$book->montant = 0;
@@ -265,8 +265,8 @@ if ($action == 'setdate') {
}
if ($action == 'setjournal') {
- $journaldoc = trim(GETPOST('code_journal'));
- $result = $object->updateByMvt($piece_num,'code_journal',$journaldoc,$mode);
+ $journaldoc = trim(GETPOST('code_journal','alpha'));
+ $result = $object->updateByMvt($piece_num, 'code_journal', $journaldoc, $mode);
if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');
} else {
@@ -279,7 +279,7 @@ if ($action == 'setjournal') {
}
if ($action == 'setdocref') {
- $refdoc = trim(GETPOST('doc_ref'));
+ $refdoc = trim(GETPOST('doc_ref','alpha'));
$result = $object->updateByMvt($piece_num,'doc_ref',$refdoc,$mode);
if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');
@@ -476,11 +476,11 @@ if ($action == 'create')
print '';
print '';
print '';
- print '';
+ print '';
print '';
print '';
} else {
- print $book->doc_ref ;
+ print $book->doc_ref ;
}
print '';
print '';
diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php
index d95f3b5b6b7..13b25599280 100644
--- a/htdocs/accountancy/class/bookkeeping.class.php
+++ b/htdocs/accountancy/class/bookkeeping.class.php
@@ -501,7 +501,7 @@ class BookKeeping extends CommonObject
}
if (! $error) {
- $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX . $this->table_element);
+ $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX . $this->table_element . $mode);
if (! $notrigger) {
// Uncomment this and change MYOBJECT to your own tag if you
@@ -1254,7 +1254,7 @@ class BookKeeping extends CommonObject
// first check if line not yet in bookkeeping
$sql = "DELETE";
$sql .= " FROM " . MAIN_DB_PREFIX . $this->table_element;
- $sql .= " WHERE piece_num = " . $piecenum;
+ $sql .= " WHERE piece_num = " . (int) $piecenum;
$sql .= " AND entity IN (" . getEntity('accountancy') . ")";
$resql = $this->db->query($sql);
diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php
index 4f060d280e9..81757aab9e0 100644
--- a/htdocs/adherents/card.php
+++ b/htdocs/adherents/card.php
@@ -298,33 +298,33 @@ if (empty($reshook))
$object->oldcopy = clone $object;
// Change values
- $object->civility_id = trim($_POST["civility_id"]);
- $object->firstname = trim($_POST["firstname"]);
- $object->lastname = trim($_POST["lastname"]);
- $object->login = trim($_POST["login"]);
- $object->pass = trim($_POST["pass"]);
+ $object->civility_id = trim(GETPOST("civility_id",'alpha'));
+ $object->firstname = trim(GETPOST("firstname",'alpha'));
+ $object->lastname = trim(GETPOST("lastname",'alpha'));
+ $object->login = trim(GETPOST("login",'alpha'));
+ $object->pass = trim(GETPOST("pass",'alpha'));
- $object->societe = trim($_POST["societe"]);
- $object->company = trim($_POST["societe"]);
+ $object->societe = trim(GETPOST("societe",'alpha'));
+ $object->company = trim(GETPOST("societe",'alpha'));
- $object->address = trim($_POST["address"]);
- $object->zip = trim($_POST["zipcode"]);
- $object->town = trim($_POST["town"]);
- $object->state_id = $_POST["state_id"];
- $object->country_id = $_POST["country_id"];
+ $object->address = trim(GETPOST("address",'alpha'));
+ $object->zip = trim(GETPOST("zipcode",'alpha'));
+ $object->town = trim(GETPOST("town",'alpha'));
+ $object->state_id = GETPOST("state_id",'int');
+ $object->country_id = GETPOST("country_id",'int');
- $object->phone = trim($_POST["phone"]);
- $object->phone_perso = trim($_POST["phone_perso"]);
- $object->phone_mobile= trim($_POST["phone_mobile"]);
- $object->email = trim($_POST["member_email"]);
- $object->skype = trim($_POST["skype"]);
+ $object->phone = trim(GETPOST("phone",'alpha'));
+ $object->phone_perso = trim(GETPOST("phone_perso",'alpha'));
+ $object->phone_mobile= trim(GETPOST("phone_mobile",'alpha'));
+ $object->email = trim(GETPOST("member_email",'alpha'));
+ $object->skype = trim(GETPOST("skype",'alpha'));
$object->birth = $birthdate;
$object->typeid = GETPOST("typeid",'int');
- //$object->note = trim($_POST["comment"]);
+ //$object->note = trim(GETPOST("comment","alpha"));
$object->morphy = GETPOST("morphy",'alpha');
- if (GETPOST('deletephoto')) $object->photo='';
+ if (GETPOST('deletephoto','alpha')) $object->photo='';
elseif (! empty($_FILES['photo']['name'])) $object->photo = dol_sanitizeFileName($_FILES['photo']['name']);
// Get status and public property
@@ -469,8 +469,8 @@ if (empty($reshook))
$subscription=GETPOST("subscription",'alpha');
$public=GETPOST("public",'alpha');
- $userid=$_POST["userid"];
- $socid=$_POST["socid"];
+ $userid=GETPOST("userid",'int');
+ $socid=GETPOST("socid",'int');
$object->civility_id = $civility_id;
$object->firstname = $firstname;
diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php
index 3247fdf31e4..913853f430f 100644
--- a/htdocs/adherents/class/adherent.class.php
+++ b/htdocs/adherents/class/adherent.class.php
@@ -439,8 +439,8 @@ class Adherent extends CommonObject
$sql.= ", note_public = ".($this->note_public?"'".$this->db->escape($this->note_public)."'":"null");
$sql.= ", photo = ".($this->photo?"'".$this->db->escape($this->photo)."'":"null");
$sql.= ", public = '".$this->db->escape($this->public)."'";
- $sql.= ", statut = ".$this->statut;
- $sql.= ", fk_adherent_type = ".$this->typeid;
+ $sql.= ", statut = ".$this->db->escape($this->statut);
+ $sql.= ", fk_adherent_type = ".$this->db->escape($this->typeid);
$sql.= ", morphy = '".$this->db->escape($this->morphy)."'";
$sql.= ", birth = ".($this->birth?"'".$this->db->idate($this->birth)."'":"null");
if ($this->datefin) $sql.= ", datefin = '".$this->db->idate($this->datefin)."'"; // Must be modified only when deleting a subscription
diff --git a/htdocs/admin/company.php b/htdocs/admin/company.php
index 9d7d02882d3..64e515ac76f 100644
--- a/htdocs/admin/company.php
+++ b/htdocs/admin/company.php
@@ -341,18 +341,18 @@ if ($action == 'edit' || $action == 'updateedit')
print ' | ';
//if (empty($country_selected)) $country_selected=substr($langs->defaultlang,-2); // By default, country of localization
- print $form->select_country($mysoc->country_id,'country_id');
+ print $form->select_country($mysoc->country_id, 'country_id');
if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"),1);
print ' |
'."\n";
print ' | ';
- $formcompany->select_departement($conf->global->MAIN_INFO_SOCIETE_STATE,$mysoc->country_code,'state_id');
+ $formcompany->select_departement($conf->global->MAIN_INFO_SOCIETE_STATE, $mysoc->country_code, 'state_id');
print ' |
'."\n";
print ' | ';
- print $form->selectCurrency($conf->currency,"currency");
+ print $form->selectCurrency($conf->currency, "currency");
print ' |
'."\n";
diff --git a/htdocs/bookmarks/card.php b/htdocs/bookmarks/card.php
index dcc6d8cdeab..54512a8049e 100644
--- a/htdocs/bookmarks/card.php
+++ b/htdocs/bookmarks/card.php
@@ -35,7 +35,7 @@ if (! $user->rights->bookmark->lire) {
restrictedArea($user, 'bookmarks');
}
-$id=GETPOST("id");
+$id=GETPOST("id",'int');
$action=GETPOST("action","alpha");
$title=GETPOST("title","alpha");
$url=GETPOST("url","alpha");
diff --git a/htdocs/compta/stats/casoc.php b/htdocs/compta/stats/casoc.php
index f59b6fc454f..b7b37d0837c 100644
--- a/htdocs/compta/stats/casoc.php
+++ b/htdocs/compta/stats/casoc.php
@@ -63,18 +63,18 @@ if (! empty($conf->comptabilite->enabled)) $result=restrictedArea($user,'compta'
if (! empty($conf->accounting->enabled)) $result=restrictedArea($user,'accounting','','','comptarapport');
// Date range
-$year=GETPOST("year");
-$month=GETPOST("month");
-$search_societe = GETPOST("search_societe");
-$search_zip = GETPOST("search_zip");
-$search_town = GETPOST("search_town");
-$search_country = GETPOST("search_country");
-$date_startyear = GETPOST("date_startyear");
-$date_startmonth = GETPOST("date_startmonth");
-$date_startday = GETPOST("date_startday");
-$date_endyear = GETPOST("date_endyear");
-$date_endmonth = GETPOST("date_endmonth");
-$date_endday = GETPOST("date_endday");
+$year=GETPOST("year",'int');
+$month=GETPOST("month",'int');
+$search_societe = GETPOST("search_societe",'alpha');
+$search_zip = GETPOST("search_zip",'alpha');
+$search_town = GETPOST("search_town",'alpha');
+$search_country = GETPOST("search_country",'alpha');
+$date_startyear = GETPOST("date_startyear",'alpha');
+$date_startmonth = GETPOST("date_startmonth",'alpha');
+$date_startday = GETPOST("date_startday",'alpha');
+$date_endyear = GETPOST("date_endyear",'alpha');
+$date_endmonth = GETPOST("date_endmonth",'alpha');
+$date_endday = GETPOST("date_endday",'alpha');
if (empty($year))
{
$year_current = strftime("%Y",dol_now());
@@ -85,8 +85,8 @@ if (empty($year))
$month_current = strftime("%m",dol_now());
$year_start = $year;
}
-$date_start=dol_mktime(0,0,0,$_REQUEST["date_startmonth"],$_REQUEST["date_startday"],$_REQUEST["date_startyear"]);
-$date_end=dol_mktime(23,59,59,$_REQUEST["date_endmonth"],$_REQUEST["date_endday"],$_REQUEST["date_endyear"]);
+$date_start=dol_mktime(0,0,0,GETPOST("date_startmonth"),GETPOST("date_startday"),GETPOST("date_startyear"));
+$date_end=dol_mktime(23,59,59,GETPOST("date_endmonth"),GETPOST("date_endday"),GETPOST("date_endyear"));
// Quarter
if (empty($date_start) || empty($date_end)) // We define date_start and date_end
{
diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php
index 8034b8594d5..de69513e62a 100644
--- a/htdocs/contrat/card.php
+++ b/htdocs/contrat/card.php
@@ -6,7 +6,7 @@
* Copyright (C) 2010-2017 Juanjo Menent
* Copyright (C) 2013 Christophe Battarel
* Copyright (C) 2013-2014 Florian Henry
- * Copyright (C) 2014-2016 Ferran Marcet
+ * Copyright (C) 2014-2018 Ferran Marcet
* Copyright (C) 2014-2016 Marcos García
* Copyright (C) 2015 Jean-François Ferry
*
@@ -2143,7 +2143,7 @@ else
print '';
}
- if ($object->nbofservicesclosed > 0)
+ if ($object->nbofservicesclosed > 0 || $object->nbofserviceswait > 0)
{
print '';
}
diff --git a/htdocs/langs/en_US/categories.lang b/htdocs/langs/en_US/categories.lang
index 41e5f4e4c13..8b38b2f1f42 100644
--- a/htdocs/langs/en_US/categories.lang
+++ b/htdocs/langs/en_US/categories.lang
@@ -16,7 +16,7 @@ MembersCategoriesArea=Members tags/categories area
ContactsCategoriesArea=Contacts tags/categories area
AccountsCategoriesArea=Accounts tags/categories area
ProjectsCategoriesArea=Projects tags/categories area
-SubCats=Subcategories
+SubCats=Sub-categories
CatList=List of tags/categories
NewCategory=New tag/category
ModifCat=Modify tag/category
diff --git a/htdocs/projet/admin/project.php b/htdocs/projet/admin/project.php
index 1eddf00eb46..b1cf4d9773b 100644
--- a/htdocs/projet/admin/project.php
+++ b/htdocs/projet/admin/project.php
@@ -1,11 +1,11 @@
* Copyright (C) 2011-2016 Laurent Destailleur
- * Copyright (C) 2011-2012 Juanjo Menent
+ * Copyright (C) 2011-2015 Juanjo Menent
* Copyright (C) 2011-2015 Philippe Grand
* Copyright (C) 2013 Florian Henry
- * Copyright (C) 2015 Juanjo Menent
* Copyright (C) 2015 Marcos García
+ * Copyright (C) 2018 Ferran Marcet
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -59,7 +59,7 @@ if ($action == 'setmainoptions')
else dolibarr_del_const($db, "PROJECT_USE_OPPORTUNITIES", $conf->entity);
// Warning, the constant saved and used in code is PROJECT_HIDE_TASKS
- if (GETPOST('PROJECT_USE_TASKS')) dolibarr_del_const($db, "PROJECT_USE_TASKS", $conf->entity);
+ if (GETPOST('PROJECT_USE_TASKS')) dolibarr_del_const($db, "PROJECT_HIDE_TASKS", $conf->entity);
else dolibarr_set_const($db, "PROJECT_HIDE_TASKS",1,'chaine',0,'',$conf->entity);
}
diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php
index a99fc26a574..1346ac64819 100644
--- a/htdocs/societe/card.php
+++ b/htdocs/societe/card.php
@@ -11,6 +11,7 @@
* Copyright (C) 2015 Marcos García
* Copyright (C) 2015 Raphaël Doursenaud
* Copyright (C) 2018 Nicolas ZABOURI
+ * Copyright (C) 2018 Ferran Marcet
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -180,9 +181,15 @@ if (empty($reshook))
// Merge categories
$static_cat = new Categorie($db);
- $custcats = $static_cat->containing($soc_origin->id, 'customer', 'id');
+
+ $custcats_ori = $static_cat->containing($soc_origin->id, 'customer', 'id');
+ $custcats = $static_cat->containing($object->id, 'customer', 'id');
+ $custcats = array_merge($custcats,$custcats_ori);
$object->setCategories($custcats, 'customer');
- $suppcats = $static_cat->containing($soc_origin->id, 'supplier', 'id');
+
+ $suppcats_ori = $static_cat->containing($soc_origin->id, 'supplier', 'id');
+ $suppcats = $static_cat->containing($object->id, 'supplier', 'id');
+ $suppcats = array_merge($suppcats,$suppcats_ori);
$object->setCategories($suppcats, 'supplier');
// If thirdparty has a new code that is same than origin, we clean origin code to avoid duplicate key from database unique keys.
@@ -210,7 +217,7 @@ if (empty($reshook))
$objects = array(
'Adherent' => '/adherents/class/adherent.class.php',
'Societe' => '/societe/class/societe.class.php',
- 'Categorie' => '/categories/class/categorie.class.php',
+ //'Categorie' => '/categories/class/categorie.class.php',
'ActionComm' => '/comm/action/class/actioncomm.class.php',
'Propal' => '/comm/propal/class/propal.class.php',
'Commande' => '/commande/class/commande.class.php',