lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '8.0' of git@github.com:Dolibarr/dolibarr.git into 9.0

Browse Source 
Conflicts:
	htdocs/core/class/html.form.class.php
	htdocs/product/class/product.class.php
	htdocs/public/notice.php
	htdocs/user/card.php
This commit is contained in:
Laurent Destailleur 2018-12-22 19:06:58 +01:00
commit 85375495e5
13 changed files with 67 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/adherents/card.php
View File

@ -959,14 +959,14 @@ else
// Address
print '<tr><td class="tdtop">'.$langs->trans("Address").'</td><td>';
print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="2">'.(GETPOST('address','alpha')?GETPOST('address','alpha'):$object->address).'</textarea>';
print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="2">'.(GETPOST('address','alphanohtml')?GETPOST('address','alphanohtml'):$object->address).'</textarea>';
print '</td></tr>';
// Zip / Town
print '<tr><td>'.$langs->trans("Zip").' / '.$langs->trans("Town").'</td><td>';
print $formcompany->select_ziptown((GETPOST('zipcode','alpha')?GETPOST('zipcode','alpha'):$object->zip),'zipcode',array('town','selectcountry_id','state_id'),6);
print $formcompany->select_ziptown((GETPOST('zipcode','alphanohtml')?GETPOST('zipcode','alphanohtml'):$object->zip),'zipcode',array('town','selectcountry_id','state_id'),6);
print ' ';
print $formcompany->select_ziptown((GETPOST('town','alpha')?GETPOST('town','alpha'):$object->town),'town',array('zipcode','selectcountry_id','state_id'));
print $formcompany->select_ziptown((GETPOST('town','alphanohtml')?GETPOST('town','alphanohtml'):$object->town),'town',array('zipcode','selectcountry_id','state_id'));
print '</td></tr>';
// Country

6
htdocs/adherents/type.php
View File

@ -42,7 +42,7 @@ $backtopage = GETPOST('backtopage','alpha');
$search_lastname = GETPOST('search_lastname','alpha');
$search_login = GETPOST('search_login','alpha');
$search_email = GETPOST('search_email','alpha');
$type = GETPOST('type','alpha');
$type = GETPOST('type','intcomma');
$status = GETPOST('status','alpha');
$limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit;
@ -59,8 +59,8 @@ if (! $sortfield) { $sortfield="d.lastname"; }
$label=GETPOST("label","alpha");
$subscription=GETPOST("subscription","int");
$vote=GETPOST("vote","int");
$comment=GETPOST("comment");
$mail_valid=GETPOST("mail_valid");
$comment=GETPOST("comment",'alphanohtml');
$mail_valid=GETPOST("mail_valid",'none');
// Security check
$result=restrictedArea($user,'adherent',$rowid,'adherent_type');

3
htdocs/compta/tva/index.php
View File

@ -257,7 +257,8 @@ $mend = $tmp['mon'];
//var_dump($m);
$total=0; $subtotalcoll=0; $subtotalpaye=0; $subtotal=0;
$i=0; $mcursor=0;
while ((($y < $yend) || ($y == $yend && $m < $mend)) && $mcursor < 1000) // $mcursor is to avoid too large loop
while ((($y < $yend) || ($y == $yend && $m <= $mend)) && $mcursor < 1000) // $mcursor is to avoid too large loop
{
//$m = $conf->global->SOCIETE_FISCAL_MONTH_START + ($mcursor % 12);
if ($m == 13) $y++;

5
htdocs/core/class/html.form.class.php
View File

@ -1441,9 +1441,10 @@ class Form
$out .= ajax_combobox($htmlid, $events, $conf->global->CONTACT_USE_SEARCH_TO_SELECT);
}
if ($htmlname != 'none' || $options_only) $out.= '<select class="flat'.($moreclass?' '.$moreclass:'').'" id="'.$htmlid.'" name="'.$htmlname.($multiple ? '[]' : '').'" '.($multiple ? 'multiple' : '').' '.(!empty($moreparam) ? $moreparam : '').'>';
if ($htmlname != 'none' && ! $options_only) $out.= '<select class="flat'.($moreclass?' '.$moreclass:'').'" id="'.$htmlid.'" name="'.$htmlname.($multiple ? '[]' : '').'" '.($multiple ? 'multiple' : '').' '.(!empty($moreparam) ? $moreparam : '').'>';
if (($showempty == 1 || ($showempty == 3 && $num > 1)) && !$multiple) $out.= '<option value="0"'.(in_array(0,$selected)?' selected':'').'>&nbsp;</option>';
if ($showempty == 2) $out.= '<option value="0"'.(in_array(0,$selected)?' selected':'').'>'.$langs->trans("Internal").'</option>';
$num = $this->db->num_rows($resql);
$i = 0;
if ($num)
@ -1504,7 +1505,7 @@ class Form
$out.= ($socid != -1) ? ($langs->trans($socid?"NoContactDefinedForThirdParty":"NoContactDefined")) : $langs->trans('SelectAThirdPartyFirst');
$out.= '</option>';
}
if ($htmlname != 'none' || $options_only)
if ($htmlname != 'none' && ! $options_only)
{
$out.= '</select>';
}

4
htdocs/core/class/html.formcompany.class.php
View File

@ -622,8 +622,8 @@ class FormCompany
runJsCodeForEvent'.$htmlname.'(values);
}
});
/* Clean contact */
$("div#s2id_contactid>a>span").html(\'\');
$(this).trigger("blur");
});
// Function used to execute events when search_htmlname change

6
htdocs/core/class/html.formfile.class.php
View File

@ -307,8 +307,10 @@ class FormFile
return $this->getDocumentsLink($modulepart, $modulesubdir, $filedir);
}
// Add entity in $param
$param.= 'entity='.(!empty($object->entity)?$object->entity:$conf->entity);
// Add entity in $param if not already exists
if (!preg_match('/entity\=[0-9]+/', $param)) {
$param.= 'entity='.(!empty($object->entity)?$object->entity:$conf->entity);
}
$printer=0;
if (in_array($modulepart,array('facture','supplier_proposal','propal','proposal','order','commande','expedition', 'commande_fournisseur', 'expensereport','livraison'))) // The direct print feature is implemented only for such elements

7
htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php
View File

@ -446,9 +446,10 @@ class InterfaceLdapsynchro extends DolibarrTriggers
// For member type
if (! empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE) && (string) $conf->global->LDAP_MEMBER_TYPE_ACTIVE == '1')
{
$membertype=new AdherentType($this->db);
if ($object->typeid > 0)
{
require_once DOL_DOCUMENT_ROOT."/adherents/class/adherent_type.class.php";
$membertype=new AdherentType($this->db);
$membertype->fetch($object->typeid);
$membertype->listMembersForMemberType('', 1);
@ -565,6 +566,8 @@ class InterfaceLdapsynchro extends DolibarrTriggers
// For member type
if (! empty($conf->global->LDAP_MEMBER_TYPE_ACTIVE) && (string) $conf->global->LDAP_MEMBER_TYPE_ACTIVE == '1')
{
require_once DOL_DOCUMENT_ROOT."/adherents/class/adherent_type.class.php";
/*
* Change member info
*/
@ -689,6 +692,8 @@ class InterfaceLdapsynchro extends DolibarrTriggers
{
if ($object->typeid > 0)
{
require_once DOL_DOCUMENT_ROOT."/adherents/class/adherent_type.class.php";
/*
* Remove member in member type
*/

2
htdocs/main.inc.php
View File

@ -366,7 +366,7 @@ if ((! empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && ($conf->global->MAIN_V
// Creation of a token against CSRF vulnerabilities
if (! defined('NOTOKENRENEWAL'))
{
// roulement des jetons car cree a chaque appel
// Rolling token at each call ($_SESSION['token'] contains token of previous page)
if (isset($_SESSION['newtoken'])) $_SESSION['token'] = $_SESSION['newtoken'];
// Save in $_SESSION['newtoken'] what will be next token. Into forms, we will add param token = $_SESSION['newtoken']

14
htdocs/product/class/product.class.php
View File

@ -911,9 +911,9 @@ class Product extends CommonObject
$sql.= ", barcode = ". (empty($this->barcode)?"null":"'".$this->db->escape($this->barcode)."'");
$sql.= ", fk_barcode_type = ". (empty($this->barcode_type)?"null":$this->db->escape($this->barcode_type));
$sql.= ", tosell = " . $this->status;
$sql.= ", tobuy = " . $this->status_buy;
$sql.= ", tobatch = " . ((empty($this->status_batch) || $this->status_batch < 0) ? '0' : $this->status_batch);
$sql.= ", tosell = " . (int) $this->status;
$sql.= ", tobuy = " . (int) $this->status_buy;
$sql.= ", tobatch = " . ((empty($this->status_batch) || $this->status_batch < 0) ? '0' : (int) $this->status_batch);
$sql.= ", finished = " . ((! isset($this->finished) || $this->finished < 0) ? "null" : (int) $this->finished);
$sql.= ", weight = " . ($this->weight!='' ? "'".$this->db->escape($this->weight)."'" : 'null');
$sql.= ", weight_units = " . ($this->weight_units!='' ? "'".$this->db->escape($this->weight_units)."'": 'null');
@ -932,18 +932,18 @@ class Product extends CommonObject
$sql.= ", description = '" . $this->db->escape($this->description) ."'";
$sql.= ", url = " . ($this->url?"'".$this->db->escape($this->url)."'":'null');
$sql.= ", customcode = '" . $this->db->escape($this->customcode) ."'";
$sql.= ", fk_country = " . ($this->country_id > 0 ? $this->country_id : 'null');
$sql.= ", fk_country = " . ($this->country_id > 0 ? (int) $this->country_id : 'null');
$sql.= ", note = ".(isset($this->note) ? "'" .$this->db->escape($this->note)."'" : 'null');
$sql.= ", duration = '" . $this->db->escape($this->duration_value . $this->duration_unit) ."'";
$sql.= ", accountancy_code_buy = '" . $this->db->escape($this->accountancy_code_buy)."'";
$sql.= ", accountancy_code_sell= '" . $this->db->escape($this->accountancy_code_sell)."'";
$sql.= ", accountancy_code_sell_intra= '" . $this->db->escape($this->accountancy_code_sell_intra)."'";
$sql.= ", accountancy_code_sell_export= '" . $this->db->escape($this->accountancy_code_sell_export)."'";
$sql.= ", desiredstock = " . ((isset($this->desiredstock) && $this->desiredstock != '') ? $this->desiredstock : "null");
$sql.= ", desiredstock = " . ((isset($this->desiredstock) && $this->desiredstock != '') ? (int) $this->desiredstock : "null");
$sql.= ", cost_price = " . ($this->cost_price != '' ? $this->db->escape($this->cost_price) : 'null');
$sql.= ", fk_unit= " . (!$this->fk_unit ? 'NULL' : $this->fk_unit);
$sql.= ", fk_unit= " . (!$this->fk_unit ? 'NULL' : (int) $this->fk_unit);
$sql.= ", price_autogen = " . (!$this->price_autogen ? 0 : 1);
$sql.= ", fk_price_expression = ".($this->fk_price_expression != 0 ? $this->fk_price_expression : 'NULL');
$sql.= ", fk_price_expression = ".($this->fk_price_expression != 0 ? (int) $this->fk_price_expression : 'NULL');
$sql.= ", fk_user_modif = ".($user->id > 0 ? $user->id : 'NULL');
// stock field is not here because it is a denormalized value from product_stock.
$sql.= " WHERE rowid = " . $id;

2
htdocs/product/price.php
View File

@ -1443,7 +1443,7 @@ if ((empty($conf->global->PRODUIT_CUSTOMER_PRICES) || $action=='showlog_default_
// Il doit au moins y avoir la ligne de prix initial.
// On l'ajoute donc pour remettre a niveau (pb vieilles versions)
//$object->updatePrice($object->price, $object->price_base_type, $user, $newprice_min);
//$object->updatePrice($object->price, $object->price_base_type, $user, $object->tva_tx, $object->price_min);
if (! empty($conf->global->PRODUIT_MULTIPRICES)) {
$object->updatePrice($object->multiprices[1], $object->multiprices_base_type[1], $user, (empty($object->multiprices_tva_tx[1])?0:$object->multiprices_tva_tx[1]), $object->multiprices_min[1], 1);
} else {

8
htdocs/public/notice.php
View File

@ -1,5 +1,5 @@
<?php
/* Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
/* Copyright (C) 2016-2018 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -34,7 +34,7 @@ require '../main.inc.php';
* View
*/
if (! GETPOST('transkey') && ! GETPOST('transphrase'))
if (! GETPOST('transkey','alphanohtml') && ! GETPOST('transphrase','alphanohtml'))
{
print 'Sorry, it seems your internet connexion is off.<br>';
print 'You need to be connected to network to use this software.<br>';
@ -44,7 +44,7 @@ else
$langs->load("error");
$langs->load("other");
if (GETPOST('transphrase')) print GETPOST('transphrase');
if (GETPOST('transkey')) print $langs->trans(GETPOST('transkey'));
if (GETPOST('transphrase','alphanohtml')) print GETPOST('transphrase','alphanohtml');
if (GETPOST('transkey','alphanohtml')) print $langs->trans(GETPOST('transkey','alphanohtml'));
}

56
htdocs/user/card.php
View File

@ -194,32 +194,34 @@ if (empty($reshook)) {
$object->birth = $birth;
$object->admin = GETPOST("admin", 'alpha');
$object->address = GETPOST('address', 'alphanohtml');
$object->zip = GETPOST('zipcode', 'alpha');
$object->town = GETPOST('town', 'alpha');
$object->zip = GETPOST('zipcode', 'alphanohtml');
$object->town = GETPOST('town', 'alphanohtml');
$object->country_id = GETPOST('country_id', 'int');
$object->state_id = GETPOST('state_id', 'int');
$object->office_phone = GETPOST("office_phone", 'alpha');
$object->office_fax = GETPOST("office_fax", 'alpha');
$object->user_mobile = GETPOST("user_mobile");
$object->skype = GETPOST("skype", 'alpha');
$object->twitter = GETPOST("twitter", 'alpha');
$object->facebook = GETPOST("facebook", 'alpha');
$object->office_phone = GETPOST("office_phone", 'alphanohtml');
$object->office_fax = GETPOST("office_fax", 'alphanohtml');
$object->user_mobile = GETPOST("user_mobile", 'alphanohtml');
$object->skype = GETPOST("skype", 'alphanohtml');
$object->twitter = GETPOST("twitter", 'alphanohtml');
$object->facebook = GETPOST("facebook", 'alphanohtml');
$object->email = preg_replace('/\s+/', '', GETPOST("email", 'alpha'));
$object->job = GETPOST("job", 'alpha');
$object->signature = GETPOST("signature");
$object->accountancy_code = GETPOST("accountancy_code");
$object->note = GETPOST("note");
$object->ldap_sid = GETPOST("ldap_sid");
$object->fk_user = GETPOST("fk_user") > 0 ? GETPOST("fk_user") : 0;
$object->employee = GETPOST('employee');
$object->signature = GETPOST("signature", 'none');
$object->accountancy_code = GETPOST("accountancy_code", 'alphanohtml');
$object->note = GETPOST("note", 'none');
$object->ldap_sid = GETPOST("ldap_sid", 'alphanohtml');
$object->fk_user = GETPOST("fk_user", 'int') > 0 ? GETPOST("fk_user", 'int') : 0;
$object->employee = GETPOST('employee', 'alphanohtml');
$object->thm = GETPOST("thm") != '' ? GETPOST("thm") : '';
$object->tjm = GETPOST("tjm") != '' ? GETPOST("tjm") : '';
$object->salary = GETPOST("salary") != '' ? GETPOST("salary") : '';
$object->salaryextra = GETPOST("salaryextra") != '' ? GETPOST("salaryextra") : '';
$object->weeklyhours = GETPOST("weeklyhours") != '' ? GETPOST("weeklyhours") : '';
$object->thm = GETPOST("thm", 'alphanohtml') != '' ? GETPOST("thm", 'alphanohtml') : '';
$object->tjm = GETPOST("tjm", 'alphanohtml') != '' ? GETPOST("tjm", 'alphanohtml') : '';
$object->salary = GETPOST("salary", 'alphanohtml') != '' ? GETPOST("salary", 'alphanohtml') : '';
$object->salaryextra = GETPOST("salaryextra", 'alphanohtml') != '' ? GETPOST("salaryextra", 'alphanohtml') : '';
$object->weeklyhours = GETPOST("weeklyhours", 'alphanohtml') != '' ? GETPOST("weeklyhours", 'alphanohtml') : '';
$object->color = GETPOST("color") != '' ? GETPOST("color") : '';
$object->color = GETPOST("color", 'alphanohtml') != '' ? GETPOST("color", 'alphanohtml') : '';
$dateemployment = dol_mktime(0, 0, 0, GETPOST('dateemploymentmonth'), GETPOST('dateemploymentday'), GETPOST('dateemploymentyear'));
$object->dateemployment = $dateemployment;
@ -343,13 +345,13 @@ if (empty($reshook)) {
$object->api_key = (GETPOST("api_key", 'alpha')) ? GETPOST("api_key", 'alpha') : $object->api_key;
if (! empty($user->admin)) $object->admin = GETPOST("admin"); // admin flag can only be set/unset by an admin user. A test is also done later when forging sql request
$object->address = GETPOST('address', 'alphanohtml');
$object->zip = GETPOST('zipcode', 'alpha');
$object->town = GETPOST('town', 'alpha');
$object->zip = GETPOST('zipcode', 'alphanohtml');
$object->town = GETPOST('town', 'alphanohtml');
$object->country_id = GETPOST('country_id', 'int');
$object->state_id = GETPOST('state_id', 'int');
$object->office_phone = GETPOST("office_phone", 'alpha');
$object->office_fax = GETPOST("office_fax", 'alpha');
$object->user_mobile = GETPOST("user_mobile");
$object->office_phone = GETPOST("office_phone", 'alphanohtml');
$object->office_fax = GETPOST("office_fax", 'alphanohtml');
$object->user_mobile = GETPOST("user_mobile", 'alphanohtml');
$object->skype = GETPOST("skype", 'alpha');
$object->twitter = GETPOST("twitter", 'alpha');
$object->facebook = GETPOST("facebook", 'alpha');
@ -359,7 +361,7 @@ if (empty($reshook)) {
$object->accountancy_code = GETPOST("accountancy_code",'alpha');
$object->openid = GETPOST("openid",'alpha');
$object->fk_user = GETPOST("fk_user",'int') > 0 ? GETPOST("fk_user",'int') : 0;
$object->employee = GETPOST('employee');
$object->employee = GETPOST('employee','int');
$object->thm = GETPOST("thm",'alphanohtml') != '' ? GETPOST("thm",'alphanohtml') : '';
$object->tjm = GETPOST("tjm",'alphanohtml') != '' ? GETPOST("tjm",'alphanohtml') : '';
@ -1249,7 +1251,7 @@ else
$object->getrights();
if (empty($object->nb_rights) && $object->statut != 0 && empty($object->admin)) setEventMessages($langs->trans('UserHasNoPermissions'), null, 'warnings');
}
// Connexion ldap
// pour recuperer passDoNotExpire et userChangePassNextLogon
if (! empty($conf->ldap->enabled) && ! empty($object->ldap_sid))

4
htdocs/user/class/user.class.php
View File

@ -1502,12 +1502,12 @@ class User extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."user SET";
$sql.= " lastname = '".$this->db->escape($this->lastname)."'";
$sql.= ", firstname = '".$this->db->escape($this->firstname)."'";
$sql.= ", employee = ".$this->employee;
$sql.= ", employee = ".(int) $this->employee;
$sql.= ", login = '".$this->db->escape($this->login)."'";
$sql.= ", api_key = ".($this->api_key ? "'".$this->db->escape($this->api_key)."'" : "null");
$sql.= ", gender = ".($this->gender != -1 ? "'".$this->db->escape($this->gender)."'" : "null"); // 'man' or 'woman'
$sql.= ", birth=".(strval($this->birth)!='' ? "'".$this->db->idate($this->birth)."'" : 'null');
if (! empty($user->admin)) $sql.= ", admin = ".$this->admin; // admin flag can be set/unset only by an admin user
if (! empty($user->admin)) $sql.= ", admin = ".(int) $this->admin; // admin flag can be set/unset only by an admin user
$sql.= ", address = '".$this->db->escape($this->address)."'";
$sql.= ", zip = '".$this->db->escape($this->zip)."'";
$sql.= ", town = '".$this->db->escape($this->town)."'";