From 80199faf1acffa0c92e9b0bb8d01e5362bcce700 Mon Sep 17 00:00:00 2001 From: Quentin VIAL-GOUTEYRON Date: Mon, 20 Feb 2023 11:27:14 +0100 Subject: [PATCH 1/4] FIX filter sql accounting account --- .../accountancy/class/accountancycategory.class.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php index 7ae48c749c2..4d825d721c9 100644 --- a/htdocs/accountancy/class/accountancycategory.class.php +++ b/htdocs/accountancy/class/accountancycategory.class.php @@ -861,20 +861,29 @@ class AccountancyCategory // extends CommonObject exit(); } + $pcgverid = $conf->global->CHARTOFACCOUNTS; + $pcgvercode = dol_getIdFromCode($this->db, $pcgverid, 'accounting_system', 'rowid', 'pcg_version'); + if(empty($pcgvercode)) { + $pcgvercode = $pcgverid; + } + if (!empty($cat_id)) { $sql = "SELECT t.rowid, t.account_number, t.label as account_label"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as t"; $sql .= " WHERE t.fk_accounting_category = ".((int) $cat_id); $sql .= " AND t.entity = ".$conf->entity; + $sql .= " AND t.active = 1"; + $sql .= " AND t.fk_pcg_version = '".$pcgvercode."'"; $sql .= " ORDER BY t.account_number"; } else { $sql = "SELECT t.rowid, t.account_number, t.label as account_label"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as t"; $sql .= " WHERE ".$predefinedgroupwhere; $sql .= " AND t.entity = ".$conf->entity; + $sql .= ' AND t.active = 1'; + $sql .= " AND t.fk_pcg_version = '".$pcgvercode."'"; $sql .= " ORDER BY t.account_number"; } - //echo $sql; $resql = $this->db->query($sql); if ($resql) { From 66b5917013a914946be71d2708bb0a8dc9d85e26 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Mon, 20 Feb 2023 10:50:52 +0000 Subject: [PATCH 2/4] Fixing style errors. --- htdocs/accountancy/class/accountancycategory.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php index 4d825d721c9..22064092c4e 100644 --- a/htdocs/accountancy/class/accountancycategory.class.php +++ b/htdocs/accountancy/class/accountancycategory.class.php @@ -863,7 +863,7 @@ class AccountancyCategory // extends CommonObject $pcgverid = $conf->global->CHARTOFACCOUNTS; $pcgvercode = dol_getIdFromCode($this->db, $pcgverid, 'accounting_system', 'rowid', 'pcg_version'); - if(empty($pcgvercode)) { + if (empty($pcgvercode)) { $pcgvercode = $pcgverid; } From b9fc6d5a2f10369f9a051b5bb9e36481cd957320 Mon Sep 17 00:00:00 2001 From: Quentin VIAL-GOUTEYRON Date: Mon, 20 Feb 2023 12:01:42 +0100 Subject: [PATCH 3/4] fix travis --- htdocs/accountancy/class/accountancycategory.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php index 4d825d721c9..038071a21f9 100644 --- a/htdocs/accountancy/class/accountancycategory.class.php +++ b/htdocs/accountancy/class/accountancycategory.class.php @@ -873,7 +873,7 @@ class AccountancyCategory // extends CommonObject $sql .= " WHERE t.fk_accounting_category = ".((int) $cat_id); $sql .= " AND t.entity = ".$conf->entity; $sql .= " AND t.active = 1"; - $sql .= " AND t.fk_pcg_version = '".$pcgvercode."'"; + $sql .= " AND t.fk_pcg_version = '".$this->db->escape($pcgvercode)."'"; $sql .= " ORDER BY t.account_number"; } else { $sql = "SELECT t.rowid, t.account_number, t.label as account_label"; @@ -881,7 +881,7 @@ class AccountancyCategory // extends CommonObject $sql .= " WHERE ".$predefinedgroupwhere; $sql .= " AND t.entity = ".$conf->entity; $sql .= ' AND t.active = 1'; - $sql .= " AND t.fk_pcg_version = '".$pcgvercode."'"; + $sql .= " AND t.fk_pcg_version = '".$this->db->escape($pcgvercode)."'"; $sql .= " ORDER BY t.account_number"; } From 9d43d51888111d944232af3180c364eff8e82ede Mon Sep 17 00:00:00 2001 From: Guenter Lukas Date: Mon, 20 Feb 2023 12:57:14 +0100 Subject: [PATCH 4/4] FIX: #23966 Error "Param dbt_keyfield is required but not defined" --- htdocs/core/lib/security.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 798ba265643..18db40e0d87 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -682,7 +682,7 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl // Array to define rules of checks to do $check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'payment', 'payment_supplier', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'salaries', 'website', 'recruitment'); // Test on entity only (Objects with no link to company) $checksoc = array('societe'); // Test for societe object - $checkother = array('contact', 'agenda'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...). + $checkother = array('contact', 'agenda', 'contrat'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...). $checkproject = array('projet', 'project'); // Test for project object $checktask = array('projet_task'); // Test for task object $checkhierarchy = array('expensereport', 'holiday');