lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/develop' into 14b9

Browse Source
This commit is contained in:
Alexandre SPANGARO 2021-05-18 04:19:54 +02:00
commit 90d7a851b4
98 changed files with 706 additions and 436 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dev/examples/zapier/package.json
View File

@ -15,7 +15,7 @@
"npm": ">=5.6.0"
},
"dependencies": {
"zapier-platform-core": "10.1.2"
"zapier-platform-core": "11.0.0"
},
"devDependencies": {
"mocha": "^5.2.0",

5
dev/resources/iso-normes/address_format.txt
View File

@ -1 +1,4 @@
http://bitboost.com/ref/international-address-formats.html#Formats
https://bitboost.com/ref/international-address-formats.html#Formats
https://www.upu.int/en/Postal-Solutions/Programmes-Services/Addressing-Solutions

6
dev/resources/iso-normes/code_nace.txt
View File

@ -1 +1,5 @@
http://ec.europa.eu/eurostat/ramon/nomenclatures/index.cfm?TargetUrl=LST_CLS_DLD&StrNom=NACE_REV2&StrLanguageCode=FR&StrLayoutCode=#
NACE
https://ec.europa.eu/eurostat/ramon/nomenclatures/index.cfm?TargetUrl=LST_CLS_DLD&StrNom=NACE_REV2&StrLanguageCode=EN&StrLayoutCode=
https://en.wikipedia.org/wiki/Statistical_Classification_of_Economic_Activities_in_the_European_Community

11
dev/resources/iso-normes/countries_iso-3166_en.txt
View File

@ -3,11 +3,12 @@
# The list is updated whenever a change to the official code list in ISO 3166-1 is effected by the ISO 3166/MA.
# It lists 240 official short names and code elements. One line of text contains one entry.
# A country name and its code element are separated by a semicolon (;).
# http://www.iso.org/iso/fr/iso3166_en_code_lists.txt
# https://www.iso.org/iso-3166-country-codes.html
# ISO-3166: http://en.wikipedia.org/wiki/ISO_3166-1
# ISO-3166 alpha 2: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
# ISO-3166 alpha 3: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-3
# https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes
# ISO-3166: https://en.wikipedia.org/wiki/ISO_3166-1
# ISO-3166 alpha 2: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
# ISO-3166 alpha 3: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-3
AFGHANISTAN;AF
ÅLAND ISLANDS;AX
@ -254,4 +255,4 @@ WALLIS AND FUTUNA;WF
WESTERN SAHARA;EH
YEMEN;YE
ZAMBIA;ZM
ZIMBABWE;ZW
ZIMBABWE;ZW

11
dev/resources/iso-normes/countries_iso-3166_fr.txt
View File

@ -3,11 +3,12 @@
# The list is updated whenever a change to the official code list in ISO 3166-1 is effected by the ISO 3166/MA.
# It lists 240 official short names and code elements. One line of text contains one entry.
# A country name and its code element are separated by a semicolon (;).
# http://www.iso.org/iso/fr/iso3166_fr_code_lists.txt
# https://www.iso.org/fr/iso-3166-country-codes.html
# ISO-3166: http://en.wikipedia.org/wiki/ISO_3166-1
# ISO-3166 alpha 2: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
# ISO-3166 alpha 3: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-3
# https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes
# ISO-3166: https://fr.wikipedia.org/wiki/ISO_3166-1
# ISO-3166 alpha 2: https://fr.wikipedia.org/wiki/ISO_3166-1_alpha-2
# ISO-3166 alpha 3: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-3
AFGHANISTAN;AF
AFRIQUE DU SUD;ZA
@ -254,4 +255,4 @@ VIET NAM;VN
WALLIS ET FUTUNA;WF
YÉMEN;YE
ZAMBIE;ZM
ZIMBABWE;ZW
ZIMBABWE;ZW

6
dev/resources/iso-normes/locales.txt
View File

@ -1,9 +1,9 @@
For languages:
http://demo.icu-project.org/icu-bin/locexp?d_=fr
https://icu4c-demos.unicode.org/icu-bin/icudemos - Locale Explorer -> Error 404
For format number:
http://en.wikipedia.org/wiki/Decimal_mark
https://en.wikipedia.org/wiki/Decimal_mark
For date format:
http://en.wikipedia.org/wiki/Date_format_by_country
https://en.wikipedia.org/wiki/Date_format_by_country

8
dev/resources/iso-normes/vat_number_names.txt
View File

@ -1 +1,7 @@
http://en.wikipedia.org/wiki/VAT_identification_number
https://en.wikipedia.org/wiki/VAT_identification_number
terms
(en) VAT = Value Added Tax
(fr) TVA = Taxe sur la Valeur Ajouté
(es) NIF / CIF
(de) USt / MwSt

1
dev/resources/iso-normes/world_tax_rates.txt
View File

@ -1,4 +1,5 @@
http://www.taxrates.cc/index.html
https://en.wikipedia.org/wiki/List_of_countries_by_tax_rates
For India: VAT=IGST/CGST=Localtax1/SGST=Localtax2: https://cleartax.in/s/what-is-sgst-cgst-igst

4
dev/resources/sepa/text.txt
View File

@ -1,3 +1,7 @@
https://en.wikipedia.org/wiki/Single_Euro_Payments_Area
https://www.ecb.europa.eu/paym/integration/retail/sepa/html/index.en.html
https://www.europeanpaymentscouncil.eu/about-sepa
Spec for credit transfer:
https://docs.oracle.com/cd/E39124_01/doc.91/e60210/fields_sepa_pay_file_appx.htm#EOAEL00515

2
htdocs/adherents/document.php
View File

@ -93,6 +93,8 @@ if ($id) {
$caneditfieldmember = $user->rights->adherent->creer;
}
$permissiontoadd = $canaddmember;
// Security check
$result = restrictedArea($user, 'adherent', $object->id, '', '', 'socid', 'rowid', 0);

17
htdocs/admin/dict.php
View File

@ -871,8 +871,8 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) {
if ($value == 'price' || preg_match('/^amount/i', $value)) {
$_POST[$keycode] = price2num(GETPOST($keycode), 'MU');
} elseif ($value == 'taux' || $value == 'localtax1' || $value == 'localtax2') {
$_POST[$keycode] = price2num(GETPOST($keycode), 8);
} elseif ($value == 'taux' || $value == 'localtax1') {
$_POST[$keycode] = price2num(GETPOST($keycode), 8); // Note that localtax2 can be a list of rates separated by coma like X:Y:Z
} elseif ($value == 'entity') {
$_POST[$keycode] = getEntity($tabname[$id]);
}
@ -940,8 +940,8 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) {
if ($field == 'price' || preg_match('/^amount/i', $field)) {
$_POST[$keycode] = price2num(GETPOST($keycode), 'MU');
} elseif ($field == 'taux' || $field == 'localtax1' || $field == 'localtax2') {
$_POST[$keycode] = price2num(GETPOST($keycode), 8);
} elseif ($field == 'taux' || $field == 'localtax1') {
$_POST[$keycode] = price2num(GETPOST($keycode), 8); // Note that localtax2 can be a list of rates separated by coma like X:Y:Z
} elseif ($field == 'entity') {
$_POST[$keycode] = getEntity($tabname[$id]);
}
@ -1254,13 +1254,13 @@ if ($id) {
$valuetoshow = $langs->trans("UseLocalTax")." 2"; $class = "center"; $sortable = 0;
}
if ($value == 'localtax1') {
$valuetoshow = $langs->trans("Rate")." 2"; $class = "center";
$valuetoshow = $langs->trans("RateOfTaxN", '2'); $class = "center";
}
if ($value == 'localtax2_type') {
$valuetoshow = $langs->trans("UseLocalTax")." 3"; $class = "center"; $sortable = 0;
}
if ($value == 'localtax2') {
$valuetoshow = $langs->trans("Rate")." 3"; $class = "center";
$valuetoshow = $langs->trans("RateOfTaxN", '3'); $class = "center";
}
if ($value == 'organization') {
$valuetoshow = $langs->trans("Organization");
@ -1598,17 +1598,18 @@ if ($id) {
}
$cssprefix = 'center ';
}
if ($value == 'localtax1_type') {
$valuetoshow = $langs->trans("UseLocalTax")." 2"; $cssprefix = "center "; $sortable = 0;
}
if ($value == 'localtax1') {
$valuetoshow = $langs->trans("Rate")." 2"; $cssprefix = "center "; $sortable = 0;
$valuetoshow = $langs->trans("RateOfTaxN", '2'); $cssprefix = "center "; $sortable = 0;
}
if ($value == 'localtax2_type') {
$valuetoshow = $langs->trans("UseLocalTax")." 3"; $cssprefix = "center "; $sortable = 0;
}
if ($value == 'localtax2') {
$valuetoshow = $langs->trans("Rate")." 3"; $cssprefix = "center "; $sortable = 0;
$valuetoshow = $langs->trans("RateOfTaxN", '3'); $cssprefix = "center "; $sortable = 0;
}
if ($value == 'organization') {
$valuetoshow = $langs->trans("Organization");

12
htdocs/admin/mails.php
View File

@ -48,7 +48,7 @@ $substitutionarrayfortest = array(
'__DOL_MAIN_URL_ROOT__'=>DOL_MAIN_URL_ROOT,
'__ID__' => 'RecipientIdRecord',
//'__EMAIL__' => 'RecipientEMail', // Done into actions_sendmails
'__CHECK_READ__' => (is_object($object) && !empty($object->thirdparty) && is_object($object->thirdparty)) ? '<img src="'.DOL_MAIN_URL_ROOT.'/public/emailing/mailing-read.php?tag='.$object->thirdparty->tag.'&securitykey='.urlencode($conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY).'" width="1" height="1" style="width:1px;height:1px" border="0"/>' : '',
'__CHECK_READ__' => (!empty($object) && is_object($object) && is_object($object->thirdparty)) ? '<img src="'.DOL_MAIN_URL_ROOT.'/public/emailing/mailing-read.php?tag='.$object->thirdparty->tag.'&securitykey='.urlencode($conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY).'" width="1" height="1" style="width:1px;height:1px" border="0"/>' : '',
'__USER_SIGNATURE__' => (($user->signature && empty($conf->global->MAIN_MAIL_DO_NOT_USE_SIGN)) ? $usersignature : ''), // Done into actions_sendmails
'__LOGIN__' => 'RecipientLogin',
'__LASTNAME__' => 'RecipientLastname',
@ -737,14 +737,14 @@ if ($action == 'edit') {
print '<tr class="oddeven"><td>'.$langs->trans('MAIN_MAIL_DEFAULT_FROMTYPE').'</td>';
print '<td>';
if (!empty($conf->global->MAIN_MAIL_DEFAULT_FROMTYPE) && $conf->global->MAIN_MAIL_DEFAULT_FROMTYPE === 'robot') {
if (getDolGlobalString('MAIN_MAIL_DEFAULT_FROMTYPE') === 'robot') {
print $langs->trans('RobotEmail');
} elseif (!empty($conf->global->MAIN_MAIL_DEFAULT_FROMTYPE) && $conf->global->MAIN_MAIL_DEFAULT_FROMTYPE === 'user') {
} elseif (getDolGlobalString('MAIN_MAIL_DEFAULT_FROMTYPE') === 'user') {
print $langs->trans('UserEmail');
} elseif (!empty($conf->global->MAIN_MAIL_DEFAULT_FROMTYPE) && $conf->global->MAIN_MAIL_DEFAULT_FROMTYPE === 'company') {
} elseif (getDolGlobalString('MAIN_MAIL_DEFAULT_FROMTYPE') === 'company') {
print $langs->trans('CompanyEmail').' '.dol_escape_htmltag('<'.$mysoc->email.'>');
} else {
$id = preg_replace('/senderprofile_/', '', !empty($conf->global->MAIN_MAIL_DEFAULT_FROMTYPE) ? $conf->global->MAIN_MAIL_DEFAULT_FROMTYPE : '');
$id = preg_replace('/senderprofile_/', '', getDolGlobalString('MAIN_MAIL_DEFAULT_FROMTYPE'));
if ($id > 0) {
include_once DOL_DOCUMENT_ROOT.'/core/class/emailsenderprofile.class.php';
$emailsenderprofile = new EmailSenderProfile($db);
@ -756,7 +756,7 @@ if ($action == 'edit') {
// Errors To
print '<tr class="oddeven"><td>'.$langs->trans("MAIN_MAIL_ERRORS_TO").'</td>';
print '<td>'.(!empty($conf->global->MAIN_MAIL_ERRORS_TO) ? $conf->global->MAIN_MAIL_ERRORS_TO : '');
print '<td>'.(getDolGlobalString('MAIN_MAIL_ERRORS_TO'));
if (!empty($conf->global->MAIN_MAIL_ERRORS_TO) && !isValidEmail($conf->global->MAIN_MAIL_ERRORS_TO)) {
print img_warning($langs->trans("ErrorBadEMail"));
}

2
htdocs/admin/security_file.php
View File

@ -66,7 +66,7 @@ if ($action == 'updateform') {
} elseif ($action == 'delete') {
// Delete file
$langs->load("other");
$file = $conf->admin->dir_temp.'/'.GETPOST('urlfile', 'alpha'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
$file = $conf->admin->dir_temp.'/'.GETPOST('urlfile', 'alpha');
$ret = dol_delete_file($file);
if ($ret) {
setEventMessages($langs->trans("FileWasRemoved", GETPOST('urlfile', 'alpha')), null, 'mesgs');

6
htdocs/admin/system/filecheck.php
View File

@ -53,8 +53,8 @@ print '<span class="opacitymedium">'.$langs->trans("FileCheckDesc").'</span><br>
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre"><td>'.$langs->trans("Version").'</td><td>'.$langs->trans("Value").'</td></tr>'."\n";
print '<tr class="oddeven"><td width="300">'.$langs->trans("VersionLastInstall").'</td><td>'.$conf->global->MAIN_VERSION_LAST_INSTALL.'</td></tr>'."\n";
print '<tr class="oddeven"><td width="300">'.$langs->trans("VersionLastUpgrade").'</td><td>'.$conf->global->MAIN_VERSION_LAST_UPGRADE.'</td></tr>'."\n";
print '<tr class="oddeven"><td width="300">'.$langs->trans("VersionLastInstall").'</td><td>'.getDolGlobalString('MAIN_VERSION_LAST_INSTALL').'</td></tr>'."\n";
print '<tr class="oddeven"><td width="300">'.$langs->trans("VersionLastUpgrade").'</td><td>'.getDolGlobalString('MAIN_VERSION_LAST_UPGRADE').'</td></tr>'."\n";
print '<tr class="oddeven"><td width="300">'.$langs->trans("VersionProgram").'</td><td>'.DOL_VERSION;
// If current version differs from last upgrade
if (empty($conf->global->MAIN_VERSION_LAST_UPGRADE)) {
@ -171,7 +171,7 @@ if (GETPOST('target') == 'remote') {
}
if (!$error && $xml) {
if (empty($error) && !empty($xml)) {
$checksumconcat = array();
$file_list = array();
$out = '';

2
htdocs/admin/tools/dolibarr_export.php
View File

@ -157,7 +157,7 @@ $title = $langs->trans("BackupDumpWizard");
print load_fiche_titre($title);
print '<table width="100%" class="'.($useinecm ? 'nobordernopadding' : 'liste').' nohover">';
print '<table width="100%" class="'.(!empty($useinecm) ? 'nobordernopadding' : 'liste').' nohover">';
print '<tr class="liste_titre">';
print '<td class="liste_titre">';
print $langs->trans("DatabaseName").' : <b>'.$dolibarr_main_db_name.'</b><br>';

4
htdocs/admin/tools/listevents.php
View File

@ -42,7 +42,7 @@ if ($user->socid > 0) {
}
// Load translation files required by the page
$langs->loadLangs(array("companies", "admin", "users", "other"));
$langs->loadLangs(array("companies", "admin", "users", "other","withdrawals"));
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
@ -285,7 +285,7 @@ if ($result) {
$param .= "&date_endyear=".urlencode($date_endyear);
}
$langs->load('withdrawals');
$center = '';
if ($num) {
$center = '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?action=purge">'.$langs->trans("Purge").'</a>';
}

14
htdocs/asset/document.php
View File

@ -40,12 +40,6 @@ $socid = GETPOST('socid', 'int');
$action = GETPOST('action', 'aZ09');
$confirm = GETPOST('confirm', 'alpha');
// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result=restrictedArea($user, 'asset', $id, '');
// Get parameters
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
@ -69,6 +63,14 @@ if ($object->fetch($id)) {
$upload_dir = $conf->asset->dir_output."/".dol_sanitizeFileName($object->ref);
}
$permissiontoadd = $user->rights->asset->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php
// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result=restrictedArea($user, 'asset', $id, '');
/*
* Actions

2
htdocs/bom/bom_document.php
View File

@ -85,6 +85,8 @@ if ($id > 0 || !empty($ref)) {
$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
restrictedArea($user, 'bom', $object->id, 'bom_bom', '', '', 'rowid', $isdraft);
$permissiontoadd = $user->rights->bom->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php
/*
* Actions

6
htdocs/categories/viewcat.php
View File

@ -754,6 +754,7 @@ if ($type == Categorie::TYPE_CONTACT) {
$num = count($contacts);
$nbtotalofrecords = '';
$newcardbutton = '';
$objsoc = new Societe($db);
print_barre_liste($langs->trans("Contact"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'contact', 0, $newcardbutton, '', $limit);
print '<table class="noborder centpercent">'."\n";
@ -770,6 +771,11 @@ if ($type == Categorie::TYPE_CONTACT) {
print "\t".'<tr class="oddeven">'."\n";
print '<td class="nowrap" valign="top">';
print $contact->getNomUrl(1, 'category');
if ($contact->socid > 0) {
$objsoc->fetch($contact->socid);
print ' - ';
print $objsoc->getNomUrl(1, 'contact');
}
print "</td>\n";
// Link to delete from category
print '<td class="right">';

2
htdocs/comm/action/document.php
View File

@ -88,6 +88,8 @@ if ($user->socid && $socid) {
$result = restrictedArea($user, 'societe', $socid);
}
$permissiontoadd = $user->rights->agenda->myactions->read; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php
/*
* Actions

10
htdocs/comm/mailing/card.php
View File

@ -281,7 +281,13 @@ if (empty($reshook)) {
complete_substitutions_array($substitutionarray, $langs);
$newsubject = make_substitutions($subject, $substitutionarray);
$newmessage = make_substitutions($message, $substitutionarray);
$newmessage = make_substitutions($message, $substitutionarray, null, 0);
$moreinheader = '';
if (preg_match('/__UNSUBSCRIBE__/', $message)) {
$moreinheader = "List-Unsubscribe: <__UNSUBSCRIBE_URL__>\n";
$moreinheader = make_substitutions($moreinheader, $substitutionarray);
}
$arr_file = array();
$arr_mime = array();
@ -299,7 +305,7 @@ if (empty($reshook)) {
// Mail making
$trackid = 'emailing-'.$obj->fk_mailing.'-'.$obj->rowid;
$mail = new CMailFile($newsubject, $sendto, $from, $newmessage, $arr_file, $arr_mime, $arr_name, '', '', 0, $msgishtml, $errorsto, $arr_css, $trackid, '', 'emailing');
$mail = new CMailFile($newsubject, $sendto, $from, $newmessage, $arr_file, $arr_mime, $arr_name, '', '', 0, $msgishtml, $errorsto, $arr_css, $trackid, $moreinheader, 'emailing');
if ($mail->error) {
$res = 0;

6
htdocs/comm/propal/card.php
View File

@ -347,7 +347,7 @@ if (empty($reshook)) {
$duration = GETPOST('duree_validite', 'int');
if (empty($datep)) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Date")), null, 'errors');
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("DatePropal")), null, 'errors');
$action = 'create';
$error++;
}
@ -1622,7 +1622,7 @@ if ($action == 'create') {
}
// Date
print '<tr><td class="fieldrequired">'.$langs->trans('Date').'</td><td>';
print '<tr><td class="fieldrequired">'.$langs->trans('DatePropal').'</td><td>';
print $form->selectDate('', '', '', '', '', "addprop", 1, 1);
print '</td></tr>';
@ -2063,7 +2063,7 @@ if ($action == 'create') {
print '<tr>';
print '<td>';
print '<table class="nobordernopadding" width="100%"><tr><td>';
print $langs->trans('Date');
print $langs->trans('DatePropal');
print '</td>';
if ($action != 'editdate' && $object->statut == Propal::STATUS_DRAFT && $usercancreate) {
print '<td class="right"><a class="editfielda" href="'.$_SERVER["PHP_SELF"].'?action=editdate&amp;id='.$object->id.'">'.img_edit($langs->trans('SetDate'), 1).'</a></td>';

2
htdocs/comm/propal/document.php
View File

@ -80,6 +80,8 @@ if (!$sortfield) {
$object = new Propal($db);
$object->fetch($id, $ref);
$permissiontoadd = $user->rights->propale->creer;
// Security check
if (!empty($user->socid)) {
$socid = $user->socid;

67
htdocs/comm/propal/list.php
View File

@ -10,7 +10,7 @@
* Copyright (C) 2012 Christophe Battarel <christophe.battarel@altairis.fr>
* Copyright (C) 2013 Cédric Salvador <csalvador@gpcsolutions.fr>
* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
* Copyright (C) 2016-2018 Ferran Marcet <fmarcet@2byte.es>
* Copyright (C) 2016-2021 Ferran Marcet <fmarcet@2byte.es>
* Copyright (C) 2017-2018 Charlene Benke <charlie@patas-monkey.com>
* Copyright (C) 2018 Nicolas ZABOURI <info@inovea-conseil.com>
* Copyright (C) 2019 Alexandre Spangaro <aspangaro@open-dsi.fr>
@ -182,7 +182,7 @@ $arrayfields = array(
'state.nom'=>array('label'=>"StateShort", 'checked'=>0),
'country.code_iso'=>array('label'=>"Country", 'checked'=>0),
'typent.code'=>array('label'=>"ThirdPartyType", 'checked'=>$checkedtypetiers),
'p.date'=>array('label'=>"Date", 'checked'=>1),
'p.date'=>array('label'=>"DatePropal", 'checked'=>1),
'p.fin_validite'=>array('label'=>"DateEnd", 'checked'=>1),
'p.date_livraison'=>array('label'=>"DeliveryDate", 'checked'=>0),
'ava.rowid'=>array('label'=>"AvailabilityPeriod", 'checked'=>0),
@ -711,24 +711,12 @@ if ($resql) {
if ($sall) {
$param .= '&sall='.urlencode($sall);
}
if ($search_date_start) {
$param .= '&search_date_start='.urlencode($search_date_start);
}
if ($search_date_end) {
$param .= '&search_date_end='.urlencode($search_date_end);
}
if ($search_dateend_start) {
$param .= '&search_dateend_start='.urlencode($search_dateend_start);
}
if ($search_dateend_end) {
$param .= '&search_dateend_end='.urlencode($search_dateend_end);
}
if ($search_datedelivery_start) {
$param .= '&search_datedelivery_start='.urlencode($search_datedelivery_start);
}
if ($search_datedelivery_end) {
$param .= '&search_datedelivery_end='.urlencode($search_datedelivery_end);
}
if ($search_date_start) $param .= '&search_date_startday='.urlencode(dol_print_date($search_date_start, '%d')).'&search_date_startmonth='.urlencode(dol_print_date($search_date_start, '%m')).'&search_date_startyear='.urlencode(dol_print_date($search_date_start, '%Y'));
if ($search_date_end) $param .= '&search_date_endday='.urlencode(dol_print_date($search_date_end, '%d')).'&search_date_endmonth='.urlencode(dol_print_date($search_date_end, '%m')).'&search_date_endyear='.urlencode(dol_print_date($search_date_end, '%Y'));
if ($search_dateend_start) $param .= '&search_dateend_startday='.urlencode(dol_print_date($search_dateend_start, '%d')).'&search_dateend_startmonth='.urlencode(dol_print_date($search_dateend_start, '%m')).'&search_dateend_startyear='.urlencode(dol_print_date($search_dateend_start, '%Y'));
if ($search_dateend_end) $param .= '&search_dateend_endday='.urlencode(dol_print_date($search_dateend_end, '%d')).'&search_dateend_endmonth='.urlencode(dol_print_date($search_dateend_end, '%m')).'&search_dateend_endyear='.urlencode(dol_print_date($search_dateend_end, '%Y'));
if ($search_datedelivery_start) $param .= '&search_datedelivery_startday='.urlencode(dol_print_date($search_datedelivery_start, '%d')).'&search_datedelivery_startmonth='.urlencode(dol_print_date($search_datedelivery_start, '%m')).'&search_datedelivery_startyear='.urlencode(dol_print_date($search_datedelivery_start, '%Y'));
if ($search_datedelivery_end) $param .= '&search_datedelivery_endday='.urlencode(dol_print_date($search_datedelivery_end, '%d')).'&search_datedelivery_endmonth='.urlencode(dol_print_date($search_datedelivery_end, '%m')).'&search_datedelivery_endyear='.urlencode(dol_print_date($search_datedelivery_end, '%Y'));
if ($search_ref) {
$param .= '&search_ref='.urlencode($search_ref);
}
@ -787,37 +775,37 @@ if ($resql) {
$param .= '&search_categ_cus='.urlencode($search_categ_cus);
}
if ($search_product_category != '') {
$param .= '&search_product_category='.$search_product_category;
$param .= '&search_product_category='.urlencode($search_product_category);
}
if ($search_fk_cond_reglement > 0) {
$param .= '&search_fk_cond_reglement='.$search_fk_cond_reglement;
$param .= '&search_fk_cond_reglement='.urlencode($search_fk_cond_reglement);
}
if ($search_fk_shipping_method > 0) {
$param .= '&search_fk_shipping_method='.$search_fk_shipping_method;
$param .= '&search_fk_shipping_method='.urlencode($search_fk_shipping_method);
}
if ($search_fk_input_reason > 0) {
$param .= '&search_fk_input_reason='.$search_fk_input_reason;
$param .= '&search_fk_input_reason='.urlencode($search_fk_input_reason);
}
if ($search_fk_mode_reglement > 0) {
$param .= '&search_fk_mode_reglement='.$search_fk_mode_reglement;
$param .= '&search_fk_mode_reglement='.urlencode($search_fk_mode_reglement);
}
if ($search_type_thirdparty > 0) {
$param .= '&search_type_thirdparty='.$search_type_thirdparty;
$param .= '&search_type_thirdparty='.urlencode($search_type_thirdparty);
}
if ($search_town) {
$param .= '&search_town='.$search_town;
$param .= '&search_town='.urlencode($search_town);
}
if ($search_zip) {
$param .= '&search_zip='.$search_zip;
$param .= '&search_zip='.urlencode($search_zip);
}
if ($search_state) {
$param .= '&search_state='.$search_state;
$param .= '&search_state='.urlencode($search_state);
}
if ($search_town) {
$param .= '&search_town='.$search_town;
$param .= '&search_town='.urlencode($search_town);
}
if ($search_country) {
$param .= '&search_country='.$search_country;
$param .= '&search_country='.urlencode($search_country);
}
// Add $param from extra fields
@ -825,23 +813,22 @@ if ($resql) {
// List of mass actions available
$arrayofmassactions = array(
'generate_doc'=>img_picto('', 'pdf').'&ensp;'.$langs->trans("ReGeneratePDF"),
'builddoc'=>img_picto('', 'pdf').'&ensp;'.$langs->trans("PDFMerge"),
'generate_doc'=>img_picto('', 'pdf', 'class="pictofixedwidth"').$langs->trans("ReGeneratePDF"),
'builddoc'=>img_picto('', 'pdf', 'class="pictofixedwidth"').$langs->trans("PDFMerge"),
);
if ($permissiontosendbymail) {
$arrayofmassactions['presend']=img_picto('', 'email').'&ensp;'.$langs->trans("SendByMail");
$arrayofmassactions['presend']=img_picto('', 'email', 'class="pictofixedwidth"').$langs->trans("SendByMail");
}
if ($permissiontovalidate) {
$arrayofmassactions['prevalidate']=img_picto('', 'check').'&ensp;'.$langs->trans("Validate");
$arrayofmassactions['prevalidate']=img_picto('', 'check', 'class="pictofixedwidth"').$langs->trans("Validate");
}
if ($permissiontoclose) {
$arrayofmassactions['presign']=img_picto('', 'propal').'&ensp;'.$langs->trans("Sign");
$arrayofmassactions['nopresign']=img_picto('', 'propal').'&ensp;'.$langs->trans("NoSign");
$arrayofmassactions['setbilled'] =img_picto('', 'bill').'&ensp;'.$langs->trans("ClassifyBilled");
$arrayofmassactions['presign']=img_picto('', 'propal', 'class="pictofixedwidth"').$langs->trans("Sign");
$arrayofmassactions['nopresign']=img_picto('', 'propal', 'class="pictofixedwidth"').$langs->trans("NoSign");
$arrayofmassactions['setbilled'] =img_picto('', 'bill', 'class="pictofixedwidth"').$langs->trans("ClassifyBilled");
}
if ($permissiontodelete) {
$arrayofmassactions['predelete'] = img_picto('', 'delete').'&ensp;'.$langs->trans("Delete");
$arrayofmassactions['predelete'] = img_picto('', 'delete', 'class="pictofixedwidth"').$langs->trans("Delete");
}
if (in_array($massaction, array('presend', 'predelete', 'closed'))) {

14
htdocs/commande/document.php
View File

@ -44,12 +44,6 @@ $confirm = GETPOST('confirm');
$id = GETPOST('id', 'int');
$ref = GETPOST('ref');
// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'commande', $id, '');
// Get parameters
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
@ -78,6 +72,14 @@ if (!$sortfield) {
$object = new Commande($db);
$permissiontoadd = $user->rights->commande->creer;
// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'commande', $id, '');
/*
* Actions

15
htdocs/commande/list.php
View File

@ -9,7 +9,7 @@
* Copyright (C) 2015-2018 Frédéric France <frederic.france@netlogic.fr>
* Copyright (C) 2015 Marcos García <marcosgdf@gmail.com>
* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
* Copyright (C) 2016 Ferran Marcet <fmarcet@2byte.es>
* Copyright (C) 2016-2021 Ferran Marcet <fmarcet@2byte.es>
* Copyright (C) 2018 Charlene Benke <charlie@patas-monkey.com>
* Copyright (C) 2021 Anthony Berton <anthony.berton@bb2a.fr>
*
@ -706,10 +706,10 @@ if ($resql) {
$param .= '&search_status='.urlencode($search_status);
}
if ($search_datecloture_start) {
$param .= '&search_datecloture_start='.urlencode($search_datecloture_start);
$param .= '&search_datecloture_startday='.dol_print_date($search_datecloture_start, '%d').'&search_datecloture_startmonth='.dol_print_date($search_datecloture_start, '%m').'&search_datecloture_startyear='.dol_print_date($search_datecloture_start, '%Y');
}
if ($search_datecloture_end) {
$param .= '&search_datecloture_end='.urlencode($search_datecloture_end);
$param .= '&search_datecloture_endday='.dol_print_date($search_datecloture_end, '%d').'&search_datecloture_endmonth='.dol_print_date($search_datecloture_end, '%m').'&search_datecloture_endyear='.dol_print_date($search_datecloture_end, '%Y');
}
if ($search_dateorder_start) {
$param .= '&search_dateorder_start_day='.dol_print_date($search_dateorder_start, '%d').'&search_dateorder_start_month='.dol_print_date($search_dateorder_start, '%m').'&search_dateorder_start_year='.dol_print_date($search_dateorder_start, '%Y');
@ -805,16 +805,16 @@ if ($resql) {
$param .= '&search_billed='.urlencode($search_billed);
}
if ($search_fk_cond_reglement > 0) {
$param .= '&search_fk_cond_reglement='.$search_fk_cond_reglement;
$param .= '&search_fk_cond_reglement='.urlencode($search_fk_cond_reglement);
}
if ($search_fk_shipping_method > 0) {
$param .= '&search_fk_shipping_method='.$search_fk_shipping_method;
$param .= '&search_fk_shipping_method='.urlencode($search_fk_shipping_method);
}
if ($search_fk_mode_reglement > 0) {
$param .= '&search_fk_mode_reglement='.$search_fk_mode_reglement;
$param .= '&search_fk_mode_reglement='.urlencode($search_fk_mode_reglement);
}
if ($search_fk_input_reason > 0) {
$param .= '&search_fk_input_reason='.$search_fk_input_reason;
$param .= '&search_fk_input_reason='.urlencode($search_fk_input_reason);
}
// Add $param from extra fields
@ -887,7 +887,6 @@ if ($resql) {
}
if ($massaction == 'createbills') {
//var_dump($_REQUEST);
print '<input type="hidden" name="massaction" value="confirm_createbills">';
print '<table class="noborder" width="100%" >';

2
htdocs/compta/bank/card.php
View File

@ -829,7 +829,7 @@ if ($action == 'create') {
print '<form action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'" method="post" name="formsoc">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="update">';
print '<input type="hidden" name="id" value="'.$_REQUEST["id"].'">'."\n\n";
print '<input type="hidden" name="id" value="'.GETPOST("id", 'int').'">'."\n\n";
print dol_get_fiche_head(array(), 0, '', 0);

13
htdocs/compta/facture/card.php
View File

@ -1093,6 +1093,19 @@ if (empty($reshook)) {
}
}
$id = $object->create($user);
if ($id < 0) {
$error++;
} else {
// copy internal contacts
if ($object->copy_linked_contact($facture_source, 'internal') < 0) {
$error++;
} elseif ($facture_source->socid == $object->socid) {
// copy external contacts if same company
if ($object->copy_linked_contact($facture_source, 'external') < 0) {
$error++;
}
}
}
// NOTE: Pb with situation invoice
// NOTE: fields total on situation invoice are stored as cumulative values on total of lines (bad) but delta on invoice total

2
htdocs/compta/facture/document.php
View File

@ -72,6 +72,8 @@ if ($object->fetch($id, $ref)) {
$upload_dir = $conf->facture->dir_output."/".dol_sanitizeFileName($object->ref);
}
$permissiontoadd = $user->rights->facture->creer;
// Security check
if ($user->socid) {
$socid = $user->socid;

2
htdocs/compta/facture/list.php
View File

@ -10,7 +10,7 @@
* Copyright (C) 2013 Florian Henry <florian.henry@open-concept.pro>
* Copyright (C) 2013 Cédric Salvador <csalvador@gpcsolutions.fr>
* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
* Copyright (C) 2015-2016 Ferran Marcet <fmarcet@2byte.es>
* Copyright (C) 2015-2021 Ferran Marcet <fmarcet@2byte.es>
* Copyright (C) 2017 Josep Lluís Amador <joseplluis@lliuretic.cat>
* Copyright (C) 2018 Charlene Benke <charlie@patas-monkey.com>
* Copyright (C) 2019-2021 Alexandre Spangaro <aspangaro@open-dsi.fr>

12
htdocs/compta/paiement/cheque/card.php
View File

@ -126,8 +126,8 @@ if ($action == 'create' && GETPOST("accountid", "int") > 0 && $user->rights->ban
// Define output language
$outputlangs = $langs;
$newlang = '';
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && !empty($_REQUEST['lang_id'])) {
$newlang = $_REQUEST['lang_id'];
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id', 'aZ09')) {
$newlang = GETPOST('lang_id', 'aZ09');
}
//if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang;
if (!empty($newlang)) {
@ -177,8 +177,8 @@ if ($action == 'confirm_validate' && $confirm == 'yes' && $user->rights->banque-
// Define output language
$outputlangs = $langs;
$newlang = '';
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && !empty($_REQUEST['lang_id'])) {
$newlang = $_REQUEST['lang_id'];
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id', 'aZ09')) {
$newlang = GETPOST('lang_id', 'aZ09');
}
//if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang;
if (!empty($newlang)) {
@ -219,8 +219,8 @@ if ($action == 'builddoc' && $user->rights->banque->cheque) {
$outputlangs = $langs;
$newlang = '';
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && !empty($_REQUEST['lang_id'])) {
$newlang = $_REQUEST['lang_id'];
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id', 'aZ09')) {
$newlang = GETPOST('lang_id', 'aZ09');
}
//if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang;
if (!empty($newlang)) {

11
htdocs/core/actions_linkedfiles.inc.php
View File

@ -21,13 +21,14 @@
// Variable $upload_dir must be defined when entering here.
// Variable $upload_dirold may also exists.
// Variable $confirm must be defined.
// If variable $permissiontoadd is defined, we check it is true. Note: A test on permission should already have been done into the restrictedArea() method called by parent page.
//var_dump($upload_dir);
//var_dump($upload_dirold);
// Submit file/link
if (GETPOST('sendit', 'alpha') && !empty($conf->global->MAIN_UPLOAD_DOC)) {
if (GETPOST('sendit', 'alpha') && !empty($conf->global->MAIN_UPLOAD_DOC) && (!isset($permissiontoadd) || $permissiontoadd)) {
if (!empty($_FILES)) {
if (is_array($_FILES['userfile']['tmp_name'])) {
$userfiles = $_FILES['userfile']['tmp_name'];
@ -65,7 +66,7 @@ if (GETPOST('sendit', 'alpha') && !empty($conf->global->MAIN_UPLOAD_DOC)) {
}
}
}
} elseif (GETPOST('linkit', 'restricthtml') && !empty($conf->global->MAIN_UPLOAD_DOC)) {
} elseif (GETPOST('linkit', 'restricthtml') && !empty($conf->global->MAIN_UPLOAD_DOC) && (!isset($permissiontoadd) || $permissiontoadd)) {
$link = GETPOST('link', 'alpha');
if ($link) {
if (substr($link, 0, 7) != 'http://' && substr($link, 0, 8) != 'https://' && substr($link, 0, 7) != 'file://' && substr($link, 0, 7) != 'davs://') {
@ -77,7 +78,7 @@ if (GETPOST('sendit', 'alpha') && !empty($conf->global->MAIN_UPLOAD_DOC)) {
// Delete file/link
if ($action == 'confirm_deletefile' && $confirm == 'yes') {
if ($action == 'confirm_deletefile' && $confirm == 'yes' && (!isset($permissiontoadd) || $permissiontoadd)) {
$urlfile = GETPOST('urlfile', 'alpha', 0, null, null, 1); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
if (GETPOST('section', 'alpha')) {
// For a delete from the ECM module, upload_dir is ECM root dir and urlfile contains relative path from upload_dir
@ -149,7 +150,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes') {
exit;
}
}
} elseif ($action == 'confirm_updateline' && GETPOST('save', 'alpha') && GETPOST('link', 'alpha')) {
} elseif ($action == 'confirm_updateline' && GETPOST('save', 'alpha') && GETPOST('link', 'alpha') && (!isset($permissiontoadd) || $permissiontoadd)) {
require_once DOL_DOCUMENT_ROOT.'/core/class/link.class.php';
$langs->load('link');
$link = new Link($db);
@ -167,7 +168,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes') {
} else {
//error fetching
}
} elseif ($action == 'renamefile' && GETPOST('renamefilesave', 'alpha')) {
} elseif ($action == 'renamefile' && GETPOST('renamefilesave', 'alpha') && (!isset($permissiontoadd) || $permissiontoadd)) {
// For documents pages, upload_dir contains already path to file from module dir, so we clean path into urlfile.
if (!empty($upload_dir)) {
$filenamefrom = dol_sanitizeFileName(GETPOST('renamefilefrom', 'alpha'), '_', 0); // Do not remove accents

24
htdocs/core/ajax/row.php
View File

@ -49,6 +49,9 @@ if (!defined('NOREQUIRETRAN')) {
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/genericobject.class.php';
// Security check
// This is done later into view.
/*
* View
@ -59,16 +62,16 @@ top_httphead();
print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Registering the location of boxes
if (GETPOST('roworder', 'alpha', 2) && GETPOST('table_element_line', 'aZ09', 2)
&& GETPOST('fk_element', 'aZ09', 2) && GETPOST('element_id', 'int', 2)) {
$roworder = GETPOST('roworder', 'alpha', 2);
$table_element_line = GETPOST('table_element_line', 'aZ09', 2);
$fk_element = GETPOST('fk_element', 'aZ09', 2);
$element_id = GETPOST('element_id', 'int', 2);
if (GETPOST('roworder', 'alpha', 3) && GETPOST('table_element_line', 'aZ09', 3)
&& GETPOST('fk_element', 'aZ09', 3) && GETPOST('element_id', 'int', 3)) {
$roworder = GETPOST('roworder', 'alpha', 3);
$table_element_line = GETPOST('table_element_line', 'aZ09', 3);
$fk_element = GETPOST('fk_element', 'aZ09', 3);
$element_id = GETPOST('element_id', 'int', 3);
dol_syslog("AjaxRow roworder=".$roworder." table_element_line=".$table_element_line." fk_element=".$fk_element." element_id=".$element_id, LOG_DEBUG);
// Make test on pemrission
// Make test on permission
$perm = 0;
if ($table_element_line == 'propaldet' && $user->rights->propal->creer) {
$perm = 1;
@ -92,6 +95,10 @@ if (GETPOST('roworder', 'alpha', 2) && GETPOST('table_element_line', 'aZ09', 2)
$perm = 1;
} elseif ($table_element_line == 'facture_fourn_det' && $user->rights->fourn->facture->creer) {
$perm = 1;
} elseif ($table_element_line == 'ecm_files' && $fk_element == 'fk_product' && (!empty($user->rights->produit->creer) || !empty($user->rights->service->creer))) {
$perm = 1;
} elseif ($table_element_line == 'ecm_files' && $fk_element == 'fk_ticket' && !empty($user->rights->ticket->write)) {
$perm = 1;
} else {
$tmparray = explode('_', $table_element_line);
$tmpmodule = $tmparray[0]; $tmpobject = preg_replace('/line$/', '', $tmparray[1]);
@ -101,7 +108,10 @@ if (GETPOST('roworder', 'alpha', 2) && GETPOST('table_element_line', 'aZ09', 2)
}
if (! $perm) {
// We should not be here. If we are not allowed to reorder rows, feature should not be visible on script.
// If we are here, it is a hack attempt, so we report a warning.
print 'Bad permission to modify position of lines for object in table '.$table_element_line;
dol_syslog('Bad permission to modify position of lines for object in table '.$table_element_line.', fk_element '.$fk_element, LOG_WARNING);
accessforbidden('Bad permission to modify position of lines for object in table '.$table_element_line);
}

7
htdocs/core/boxes/box_dolibarr_state_board.php
View File

@ -60,13 +60,6 @@ class box_dolibarr_state_board extends ModeleBoxes
global $conf, $user;
$this->db = $db;
// disable box for such cases
if (!empty($conf->global->SOCIETE_DISABLE_CUSTOMERS)) {
$this->enabled = 0; // disabled by this option
}
$this->hidden = !(!empty($user->rights->societe->lire) && empty($user->socid));
}
/**

2
htdocs/core/class/dolgraph.class.php
View File

@ -1259,7 +1259,7 @@ class DolGraph
if ($i > 0) {
$this->stringtoshow .= ', ';
}
$this->stringtoshow .= "'" . dol_escape_js(dol_trunc($val, 22)) . "'";
$this->stringtoshow .= "'" . dol_escape_js(dol_trunc($val, 25)) . "'"; // Lower than 25 make some important label (that we can't shorten) to be truncated
$i++;
}

8
htdocs/core/class/html.form.class.php
View File

@ -7692,8 +7692,12 @@ class Form
'order'=>array('enabled'=>$conf->commande->enabled, 'perms'=>1, 'label'=>'LinkToOrder', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_client, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$this->db->sanitize($listofidcompanytoscan).') AND t.entity IN ('.getEntity('commande').')'),
'invoice'=>array('enabled'=>$conf->facture->enabled, 'perms'=>1, 'label'=>'LinkToInvoice', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_client, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$this->db->sanitize($listofidcompanytoscan).') AND t.entity IN ('.getEntity('invoice').')'),
'invoice_template'=>array('enabled'=>$conf->facture->enabled, 'perms'=>1, 'label'=>'LinkToTemplateInvoice', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.titre as ref, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture_rec as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$this->db->sanitize($listofidcompanytoscan).') AND t.entity IN ('.getEntity('invoice').')'),
'contrat'=>array('enabled'=>$conf->contrat->enabled, 'perms'=>1, 'label'=>'LinkToContract',
'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_customer as ref_client, t.ref_supplier, SUM(td.total_ht) as total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as t, ".MAIN_DB_PREFIX."contratdet as td WHERE t.fk_soc = s.rowid AND td.fk_contrat = t.rowid AND t.fk_soc IN (".$this->db->sanitize($listofidcompanytoscan).') AND t.entity IN ('.getEntity('contract').')'),
'contrat'=>array(
'enabled'=>$conf->contrat->enabled,
'perms'=>1,
'label'=>'LinkToContract',
'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_customer as ref_client, t.ref_supplier, SUM(td.total_ht) as total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as t, ".MAIN_DB_PREFIX."contratdet as td WHERE t.fk_soc = s.rowid AND td.fk_contrat = t.rowid AND t.fk_soc IN (".$this->db->sanitize($listofidcompanytoscan).') AND t.entity IN ('.getEntity('contract').') GROUP BY s.rowid, s.nom, s.client, t.rowid, t.ref, t.ref_customer, t.ref_supplier'
),
'fichinter'=>array('enabled'=>$conf->ficheinter->enabled, 'perms'=>1, 'label'=>'LinkToIntervention', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."fichinter as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$this->db->sanitize($listofidcompanytoscan).') AND t.entity IN ('.getEntity('intervention').')'),
'supplier_proposal'=>array('enabled'=>$conf->supplier_proposal->enabled, 'perms'=>1, 'label'=>'LinkToSupplierProposal', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, '' as ref_supplier, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."supplier_proposal as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$this->db->sanitize($listofidcompanytoscan).') AND t.entity IN ('.getEntity('supplier_proposal').')'),
'order_supplier'=>array('enabled'=>$conf->supplier_order->enabled, 'perms'=>1, 'label'=>'LinkToSupplierOrder', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_supplier, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande_fournisseur as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$this->db->sanitize($listofidcompanytoscan).') AND t.entity IN ('.getEntity('commande_fournisseur').')'),

4
htdocs/core/class/html.formticket.class.php
View File

@ -103,11 +103,13 @@ class FormTicket
*/
public function __construct($db)
{
global $conf;
$this->db = $db;
$this->action = 'add';
$this->withcompany = 1;
$this->withcompany = $conf->societe->enabled ? 1 : 0;
$this->withfromsocid = 0;
$this->withfromcontactid = 0;
//$this->withthreadid=0;

42
htdocs/core/class/rssparser.class.php
View File

@ -1,19 +1,19 @@
<?php
/* Copyright (C) 2011-2012 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/core/class/rssparser.class.php
@ -538,22 +538,18 @@ class RssParser
if ($el == 'channel') {
$this->inchannel = true;
} elseif ($el == 'item' or $el == 'entry') {
} elseif ($el == 'item' || $el == 'entry') {
$this->initem = true;
if (isset($attrs['rdf:about'])) {
$this->current_item['about'] = $attrs['rdf:about'];
}
} elseif ($this->_format == 'rss' and
$this->current_namespace == '' and
$el == 'textinput') {
} elseif ($this->_format == 'rss' && $this->current_namespace == '' && $el == 'textinput') {
// if we're in the default namespace of an RSS feed,
// record textinput or image fields
$this->intextinput = true;
} elseif ($this->_format == 'rss' and
$this->current_namespace == '' and
$el == 'image') {
} elseif ($this->_format == 'rss' && $this->current_namespace == '' && $el == 'image') {
$this->inimage = true;
} elseif ($this->_format == 'atom' and in_array($el, $this->_CONTENT_CONSTRUCTS)) {
} elseif ($this->_format == 'atom' && in_array($el, $this->_CONTENT_CONSTRUCTS)) {
// handle atom content constructs
// avoid clashing w/ RSS mod_content
if ($el == 'content') {
@ -561,7 +557,7 @@ class RssParser
}
$this->incontent = $el;
} elseif ($this->_format == 'atom' and $this->incontent) {
} elseif ($this->_format == 'atom' && $this->incontent) {
// if inside an Atom content construct (e.g. content or summary) field treat tags as text
// if tags are inlined, then flatten
$attrs_str = join(' ', array_map('map_attrs', array_keys($attrs), array_values($attrs)));
@ -569,7 +565,7 @@ class RssParser
$this->append_content("<$element $attrs_str>");
array_unshift($this->stack, $el);
} elseif ($this->_format == 'atom' and $el == 'link') {
} elseif ($this->_format == 'atom' && $el == 'link') {
// Atom support many links per containging element.
// Magpie treats link elements of type rel='alternate'
// as being equivalent to RSS's simple link element.

2
htdocs/core/lib/admin.lib.php
View File

@ -906,7 +906,7 @@ function listOfSessions()
if (preg_match('/dol_login/i', $sessValues) && // limit to dolibarr session
(preg_match('/dol_entity\|i:'.$conf->entity.';/i', $sessValues) || preg_match('/dol_entity\|s:([0-9]+):"'.$conf->entity.'"/i', $sessValues)) && // limit to current entity
preg_match('/dol_company\|s:([0-9]+):"('.$conf->global->MAIN_INFO_SOCIETE_NOM.')"/i', $sessValues)) { // limit to company name
preg_match('/dol_company\|s:([0-9]+):"('.getDolGlobalString('MAIN_INFO_SOCIETE_NOM').')"/i', $sessValues)) { // limit to company name
$tmp = explode('_', $file);
$idsess = $tmp[1];
$regs = array();

23
htdocs/core/lib/functions.lib.php
View File

@ -634,17 +634,17 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null
$out = checkVal($out, $check, $filter, $options);
}
// Sanitizing for special parameters. There is no reason to allow the backtopage, backtolist or backtourl parameter to contains an external URL.
// Sanitizing for special parameters.
// Note: There is no reason to allow the backtopage, backtolist or backtourl parameter to contains an external URL.
if ($paramname == 'backtopage' || $paramname == 'backtolist' || $paramname == 'backtourl') {
$out = str_replace('\\', '/', $out);
$out = str_replace(array(':', ';', '@'), '', $out);
$out = str_replace('\\', '/', $out); // Can be before the loop because only 1 char is replaced. No risk to get it after other replacements.
$out = str_replace(array(':', ';', '@'), '', $out); // Can be before the loop because only 1 char is replaced. No risk to get it after other replacements.
do {
$oldstringtoclean = $out;
$out = str_ireplace(array('javascript', 'vbscript', '&colon', '&#'), '', $out);
} while ($oldstringtoclean != $out);
$out = preg_replace(array('/^[a-z]*\/\/+/i'), '', $out);
$out = preg_replace(array('/^[a-z]*\/\/+/i'), '', $out); // We remove schema*// to remove external URL
}
// Code for search criteria persistence.
@ -684,7 +684,7 @@ function GETPOSTINT($paramname, $method = 0, $filter = null, $options = null, $n
}
/**
* Return a value after checking on a rule.
* Return a value after checking on a rule. A sanitization may also have been done.
*
* @param string $out Value to check/clear.
* @param string $check Type of check/sanitizing
@ -777,6 +777,11 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options =
case 'restricthtml': // Recommended for most html textarea
do {
$oldstringtoclean = $out;
// We replace chars encoded with numeric HTML entities with real char (to avoid to have numeric entities used for obfuscation of injections)
$out = preg_replace_callback('/&#(x?[0-9][0-9a-f]+);/i', 'realCharForNumericEntities', $out);
$out = preg_replace('/&#x?[0-9]+/i', '', $out); // For example if we have j&#x61vascript with an entities without the ; to hide the 'a' of 'javascript'.
$out = dol_string_onlythesehtmltags($out, 0, 1, 1);
// We should also exclude non expected attributes
@ -797,7 +802,6 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options =
}
if (!function_exists('dol_getprefix')) {
/**
* Return a prefix to use for this Dolibarr instance, for session/cookie names or email id.
@ -7317,7 +7321,6 @@ function make_substitutions($text, $substitutionarray, $outputlangs = null, $con
} else {
$value = dol_nl2br("$value");
}
$text = str_replace("$key", "$value", $text); // We must keep the " to work when value is 123.5 for example
}
}
@ -9739,8 +9742,8 @@ function dolGetButtonAction($label, $html = '', $actionType = 'default', $url =
/**
* Add space between dolGetButtonTitle
*
* @param string $moreClass more css class label
* @return string html of title separator
* @param string $moreClass more css class label
* @return string html of title separator
*/
function dolGetButtonTitleSeparator($moreClass = "")
{

7
htdocs/core/lib/invoice.lib.php
View File

@ -482,9 +482,9 @@ function getNumberInvoicesPieChart($mode)
$sql = "SELECT sum(".$db->ifsql("f.date_lim_reglement < '".date_format($datenowsub30, 'Y-m-d')."'", 1, 0).") as nblate30";
$sql .= ", sum(".$db->ifsql("f.date_lim_reglement < '".date_format($datenowsub15, 'Y-m-d')."'", 1, 0).") as nblate15";
$sql .= ", sum(".$db->ifsql("f.date_lim_reglement < '".date_format($now, 'Y-m-d')."'", 1, 0).") as nblatenow";
$sql .= ", sum(".$db->ifsql("f.date_lim_reglement > '".date_format($datenowadd30, 'Y-m-d')."'", 1, 0).") as nbnotlate30";
$sql .= ", sum(".$db->ifsql("f.date_lim_reglement > '".date_format($datenowadd15, 'Y-m-d')."'", 1, 0).") as nbnotlate15";
$sql .= ", sum(".$db->ifsql("f.date_lim_reglement >= '".date_format($now, 'Y-m-d')."'", 1, 0).") as nbnotlatenow";
$sql .= ", sum(".$db->ifsql("f.date_lim_reglement > '".date_format($datenowadd15, 'Y-m-d')."'", 1, 0).") as nbnotlate15";
$sql .= ", sum(".$db->ifsql("f.date_lim_reglement > '".date_format($datenowadd30, 'Y-m-d')."'", 1, 0).") as nbnotlate30";
if ($mode == 'customers') {
$sql .= " FROM ".MAIN_DB_PREFIX."facture as f";
} elseif ($mode == 'fourn') {
@ -513,7 +513,8 @@ function getNumberInvoicesPieChart($mode)
foreach ($dataseries as $key=>$value) {
$total+=$value[1];
}
$colorseries = array($badgeStatus8, $badgeStatus1, $badgeStatus3, $badgeStatus2, $badgeStatus4, $badgeStatus11);
$colorseries = array($badgeStatus8, $badgeStatus1, $badgeStatus3, $badgeStatus4, $badgeStatus11, '-'.$badgeStatus11);
if ($conf->use_javascript_ajax) {
$result = '<div class="div-table-responsive-no-min">';
$result .= '<table class="noborder nohover centpercent">';

2
htdocs/core/lib/security.lib.php
View File

@ -350,7 +350,7 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f
// Check write permission from module (we need to know write permission to create but also to delete drafts record or to upload files)
$createok = 1;
$nbko = 0;
$wemustcheckpermissionforcreate = (GETPOST('sendit', 'alpha') || GETPOST('linkit', 'alpha') || GETPOST('action', 'aZ09') == 'create' || GETPOST('action', 'aZ09') == 'update');
$wemustcheckpermissionforcreate = (GETPOST('sendit', 'alpha') || GETPOST('linkit', 'alpha') || GETPOST('action', 'aZ09') == 'create' || GETPOST('action', 'aZ09') == 'update') || GETPOST('roworder', 'alpha', 2);
$wemustcheckpermissionfordeletedraft = ((GETPOST("action", "aZ09") == 'confirm_delete' && GETPOST("confirm", "aZ09") == 'yes') || GETPOST("action", "aZ09") == 'delete');
if ($wemustcheckpermissionforcreate || $wemustcheckpermissionfordeletedraft) {

4
htdocs/core/lib/sendings.lib.php
View File

@ -316,8 +316,8 @@ function show_list_sending_receive($origin, $origin_id, $filter = '')
$outputlangs = $langs;
$newlang = '';
if (empty($newlang) && !empty($_REQUEST['lang_id'])) {
$newlang = $_REQUEST['lang_id'];
if (empty($newlang) && GETPOST('lang_id', 'aZ09')) {
$newlang = GETPOST('lang_id', 'aZ09');
}
if (empty($newlang)) {
$newlang = $object->thirdparty->default_lang;

5
htdocs/core/lib/ticket.lib.php
View File

@ -84,7 +84,7 @@ function ticket_prepare_head($object)
$head[$h][2] = 'tabTicket';
$h++;
if (empty($conf->global->MAIN_DISABLE_CONTACTS_TAB) && empty($user->socid)) {
if (empty($conf->global->MAIN_DISABLE_CONTACTS_TAB) && empty($user->socid) && $conf->societe->enabled) {
$nbContact = count($object->liste_contact(-1, 'internal')) + count($object->liste_contact(-1, 'external'));
$head[$h][0] = DOL_URL_ROOT.'/ticket/contact.php?track_id='.$object->track_id;
$head[$h][1] = $langs->trans('ContactsAddresses');
@ -157,7 +157,8 @@ function showDirectPublicLink($object)
$out = '';
if (empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) {
$out .= '<span class="opacitymedium">'.$langs->trans("PublicInterfaceNotEnabled").'</span>';
$langs->load('errors');
$out .= '<span class="opacitymedium">'.$langs->trans("ErrorPublicInterfaceNotEnabled").'</span>';
} else {
$out .= img_picto('', 'object_globe.png').' <span class="opacitymedium">'.$langs->trans("TicketPublicAccess").'</span><br>';
if ($url) {

20
htdocs/core/lib/website.lib.php
View File

@ -502,7 +502,7 @@ function includeContainer($containerref)
}
$includehtmlcontentopened++;
if ($includehtmlcontentopened > $MAXLEVEL) {
print 'ERROR: RECURSIVE CONTENT LEVEL. Depth of recursive call is more than the limit of '.$MAXLEVEL.".\n";
print 'ERROR: RECURSIVE CONTENT LEVEL. Depth of recursive call is more than the limit of '.((int) $MAXLEVEL).".\n";
return;
}
@ -549,20 +549,20 @@ function getStructuredData($type, $data = array())
"@type": "SoftwareApplication",
"name": "'.dol_escape_json($data['name']).'",
"operatingSystem": "'.dol_escape_json($data['os']).'",
"applicationCategory": "https://schema.org/'.$data['applicationCategory'].'",';
"applicationCategory": "https://schema.org/'.dol_escape_json($data['applicationCategory']).'",';
if (!empty($data['ratingcount'])) {
$ret .= '
"aggregateRating": {
"@type": "AggregateRating",
"ratingValue": "'.$data['ratingvalue'].'",
"ratingCount": "'.$data['ratingcount'].'"
"ratingValue": "'.dol_escape_json($data['ratingvalue']).'",
"ratingCount": "'.dol_escape_json($data['ratingcount']).'"
},';
}
$ret .= '
"offers": {
"@type": "Offer",
"price": "'.$data['price'].'",
"priceCurrency": "'.($data['currency'] ? $data['currency'] : $conf->currency).'"
"price": "'.dol_escape_json($data['price']).'",
"priceCurrency": "'.dol_escape_json($data['currency'] ? $data['currency'] : $conf->currency).'"
}
}'."\n";
$ret .= '</script>'."\n";
@ -618,7 +618,7 @@ function getStructuredData($type, $data = array())
$pageurl = str_replace('__WEBSITE_KEY__', $website->ref, $pageurl);
$title = str_replace('__WEBSITE_KEY__', $website->ref, $title);
$image = '/medias/'.str_replace('__WEBSITE_KEY__', $website->ref, $image);
$image = '/medias'.(preg_match('/^\//', $image) ? '' : '/').str_replace('__WEBSITE_KEY__', $website->ref, $image);
$companyname = str_replace('__WEBSITE_KEY__', $website->ref, $companyname);
$description = str_replace('__WEBSITE_KEY__', $website->ref, $description);
@ -666,6 +666,8 @@ function getStructuredData($type, $data = array())
$ret .= '"description": "'.dol_escape_json($description).'"';
$ret .= "\n".'}'."\n";
$ret .= '</script>'."\n";
} else {
$ret .= '<!-- no structured data inserted inline inside blogpost because no author_alias defined -->'."\n";
}
} elseif ($type == 'product') {
$ret = '<!-- Add structured data for product -->'."\n";
@ -691,8 +693,8 @@ function getStructuredData($type, $data = array())
"offers": {
"@type": "Offer",
"url": "https://example.com/anvil",
"priceCurrency": "'.($data['currency'] ? $data['currency'] : $conf->currency).'",
"price": "'.$data['price'].'",
"priceCurrency": "'.dol_escape_json($data['currency'] ? $data['currency'] : $conf->currency).'",
"price": "'.dol_escape_json($data['price']).'",
"itemCondition": "https://schema.org/UsedCondition",
"availability": "https://schema.org/InStock",
"seller": {

3
htdocs/core/menus/standard/eldy.lib.php
View File

@ -227,6 +227,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout =
$tmpentry = array(
'enabled'=>(!empty($conf->propal->enabled)
|| !empty($conf->commande->enabled)
|| !empty($conf->fournisseur->enabled)
|| !empty($conf->supplier_proposal->enabled)
|| !empty($conf->supplier_order->enabled)
|| !empty($conf->contrat->enabled)
@ -235,6 +236,8 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout =
'perms'=>(!empty($user->rights->propal->lire)
|| !empty($user->rights->commande->lire)
|| !empty($user->rights->supplier_proposal->lire)
|| !empty($user->rights->fournisseur->lire)
|| !empty($user->rights->fournisseur->commande->lire)
|| !empty($user->rights->supplier_order->lire)
|| !empty($user->rights->contrat->lire)
|| !empty($user->rights->ficheinter->lire)

2
htdocs/core/modules/propale/doc/pdf_azur.modules.php
View File

@ -1516,7 +1516,7 @@ class pdf_azur extends ModelePDFPropales
$posy += 4;
$pdf->SetXY($posx, $posy);
$pdf->SetTextColor(0, 0, 60);
$pdf->MultiCell(100, 3, $outputlangs->transnoentities("Date")." : ".dol_print_date($object->date, "day", false, $outputlangs, true), '', 'R');
$pdf->MultiCell(100, 3, $outputlangs->transnoentities("DatePropal")." : ".dol_print_date($object->date, "day", false, $outputlangs, true), '', 'R');
$posy += 4;
$pdf->SetXY($posx, $posy);

8
htdocs/core/tpl/admin_extrafields_view.tpl.php
View File

@ -115,12 +115,14 @@ if (isset($extrafields->attributes[$elementtype]['type']) && is_array($extrafiel
}
print '</td>';
}
print '<td class="right nowraponall"><a class="editfielda" href="'.$_SERVER["PHP_SELF"].'?action=edit&token='.newToken().'&attrname='.$key.'#formeditextrafield">'.img_edit().'</a>';
print '&nbsp; <a class="paddingleft" href="'.$_SERVER["PHP_SELF"].'?action=delete&token='.newToken().'&attrname='.$key.'">'.img_delete().'</a></td>'."\n";
print '<td class="right nowraponall">';
print '<a class="editfielda" href="'.$_SERVER["PHP_SELF"].'?action=edit&token='.newToken().'&attrname='.$key.'#formeditextrafield">'.img_edit().'</a>';
print '&nbsp; <a class="paddingleft" href="'.$_SERVER["PHP_SELF"].'?action=delete&token='.newToken().'&attrname='.$key.'">'.img_delete().'</a>';
print '</td>'."\n";
print "</tr>";
}
} else {
$colspan = 13;
$colspan = 14;
if (!empty($conf->multicompany->enabled)) {
$colspan++;
}

4
htdocs/core/tpl/card_presend.tpl.php
View File

@ -58,8 +58,8 @@ if ($action == 'presend') {
// Define output language
$outputlangs = $langs;
$newlang = '';
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && !empty($_REQUEST['lang_id'])) {
$newlang = $_REQUEST['lang_id'];
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id', 'aZ09')) {
$newlang = GETPOST('lang_id', 'aZ09');
}
if ($conf->global->MAIN_MULTILANGS && empty($newlang)) {
$newlang = $object->thirdparty->default_lang;

4
htdocs/core/tpl/extrafields_list_search_sql.tpl.php
View File

@ -26,6 +26,10 @@ if (!empty($extrafieldsobjectkey) && !empty($search_array_options) && is_array($
if ($crit != '' && in_array($typ, array('date', 'datetime', 'timestamp'))) {
if (is_numeric($crit)) {
if ($typ == 'date') {
include_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
$crit = dol_get_first_hour($crit);
}
$sql .= " AND ".$extrafieldsobjectprefix.$tmpkey." = '".$db->idate($crit)."'";
} elseif (is_array($crit)) {
if ($crit['start'] !== '' && $crit['end'] !== '') {

10
htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php
View File

@ -183,7 +183,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers
$this->error = "ErrorLDAP ".$ldap->error;
}
}
} elseif ($action == 'USER_SETINGROUP') {
/*} elseif ($action == 'USER_SETINGROUP') {
dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id);
if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && $conf->global->LDAP_SYNCHRO_ACTIVE === 'dolibarr2ldap') {
$ldap = new Ldap();
@ -217,7 +217,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers
$this->error = "ErrorLDAP ".$ldap->error;
}
}
} elseif ($action == 'USER_REMOVEFROMGROUP') {
} elseif ($action == 'USER_REMOVEFROMGROUP') {
dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id);
if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && $conf->global->LDAP_SYNCHRO_ACTIVE === 'dolibarr2ldap') {
$ldap = new Ldap();
@ -250,7 +250,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers
if ($result < 0) {
$this->error = "ErrorLDAP ".$ldap->error;
}
}
} */
} elseif ($action == 'USERGROUP_CREATE') {
// Groupes
dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id);
@ -262,8 +262,8 @@ class InterfaceLdapsynchro extends DolibarrTriggers
$info = $object->_load_ldap_info();
$dn = $object->_load_ldap_dn($info);
// Get a gid number for objectclass PosixGroup
if (in_array('posixGroup', $info['objectclass'])) {
// Get a gid number for objectclass PosixGroup if none was provided
if (empty($info[$conf->global->LDAP_GROUP_FIELD_GROUPID]) && in_array('posixGroup', $info['objectclass'])) {
$info['gidNumber'] = $ldap->getNextGroupGid('LDAP_KEY_GROUPS');
}

10
htdocs/core/triggers/interface_99_modZapier_ZapierTriggers.class.php
View File

@ -111,13 +111,9 @@ class InterfaceZapierTriggers extends DolibarrTriggers
//case 'USER_NEW_PASSWORD':
//case 'USER_ENABLEDISABLE':
//case 'USER_DELETE':
//case 'USER_SETINGROUP':
//case 'USER_REMOVEFROMGROUP':
// case 'USER_LOGIN':
// case 'USER_LOGIN_FAILED':
// case 'USER_LOGOUT':
// Warning: To increase performances, this action is triggered only if constant MAIN_ACTIVATE_UPDATESESSIONTRIGGER is set to 1.
// // case 'USER_UPDATE_SESSION':
//case 'USER_LOGIN':
//case 'USER_LOGIN_FAILED':
//case 'USER_LOGOUT':
// Actions
case 'ACTION_MODIFY':

4
htdocs/delivery/card.php
View File

@ -542,8 +542,8 @@ if ($action == 'create') { // Create. Seems to no be used
if (!empty($conf->global->MAIN_MULTILANGS) && !empty($conf->global->PRODUIT_TEXTS_IN_THIRDPARTY_LANGUAGE)) {
$outputlangs = $langs;
$newlang = '';
if (empty($newlang) && !empty($_REQUEST['lang_id'])) {
$newlang = $_REQUEST['lang_id'];
if (empty($newlang) && GETPOST('lang_id', 'aZ09')) {
$newlang = GETPOST('lang_id', 'aZ09');
}
if (empty($newlang)) {
$newlang = $object->thirdparty->default_lang;

18
htdocs/expedition/list.php
View File

@ -2,7 +2,7 @@
/* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2015 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2010 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2016-2018 Ferran Marcet <fmarcet@2byte.es>
* Copyright (C) 2016-2021 Ferran Marcet <fmarcet@2byte.es>
* Copyright (C) 2019 Nicolas ZABOURI <info@inovea-conseil.com>
* Copyright (C) 2020 Thibault FOUCART <support@ptibogxiv.net>
*
@ -434,20 +434,18 @@ if ($search_zip) {
if ($search_type_thirdparty != '' && $search_type_thirdparty > 0) {
$param .= '&search_type_thirdparty='.urlencode($search_type_thirdparty);
}
if ($search_datedelivery_start) {
$param .= '&search_datedelivery_start='.urlencode($search_datedelivery_start);
if ($search_datedelivery_start) {
$param .= '&search_datedelivery_startday='.urlencode(dol_print_date($search_datedelivery_start, '%d')).'&search_datedelivery_startmonth='.urlencode(dol_print_date($search_datedelivery_start, '%m')).'&search_datedelivery_startyear='.urlencode(dol_print_date($search_datedelivery_start, '%Y'));
}
if ($search_datedelivery_end) {
$param .= '&search_datedelivery_end='.urlencode($search_datedelivery_end);
$param .= '&search_datedelivery_endday='.urlencode(dol_print_date($search_datedelivery_end, '%d')).'&search_datedelivery_endmonth='.urlencode(dol_print_date($search_datedelivery_end, '%m')).'&search_datedelivery_endyear='.urlencode(dol_print_date($search_datedelivery_end, '%Y'));
}
if ($search_datereceipt_start) {
$param .= '&search_datereceipt_start='.urlencode($search_datereceipt_start);
$param .= '&search_datereceipt_startday='.urlencode(dol_print_date($search_datereceipt_start, '%d')).'&search_datereceipt_startmonth='.urlencode(dol_print_date($search_datereceipt_start, '%m')).'&search_datereceipt_startyear='.urlencode(dol_print_date($search_datereceipt_start, '%Y'));
}
if ($search_datereceipt_end) {
$param .= '&search_datereceipt_end='.urlencode($search_datereceipt_end);
$param .= '&search_datereceipt_endday='.urlencode(dol_print_date($search_datereceipt_end, '%d')).'&search_datereceipt_endmonth='.urlencode(dol_print_date($search_datereceipt_end, '%m')).'&search_datereceipt_endyear='.urlencode(dol_print_date($search_datereceipt_end, '%Y'));
}
if ($search_product_category != '') {
$param .= '&search_product_category='.urlencode($search_product_category);
}
@ -863,10 +861,6 @@ while ($i < min($num, $limit)) {
if (!empty($arrayfields['e.date_delivery']['checked'])) {
print '<td class="center">';
print dol_print_date($db->jdate($obj->delivery_date), "dayhour");
/*$now = time();
if ( ($now - $db->jdate($obj->date_expedition)) > $conf->warnings->lim && $obj->statutid == 1 )
{
}*/
print "</td>\n";
}
// Tracking number

4
htdocs/expedition/shipment.php
View File

@ -687,8 +687,8 @@ if ($id > 0 || !empty($ref)) {
$outputlangs = $langs;
$newlang = '';
if (empty($newlang) && !empty($_REQUEST['lang_id'])) {
$newlang = $_REQUEST['lang_id'];
if (empty($newlang) && GETPOST('lang_id', 'aZ09')) {
$newlang = GETPOST('lang_id', 'aZ09');
}
if (empty($newlang)) {
$newlang = $object->thirdparty->default_lang;

2
htdocs/expensereport/card.php
View File

@ -55,6 +55,7 @@ $action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel', 'alpha');
$confirm = GETPOST('confirm', 'alpha');
$id = GETPOST('id', 'int');
$date_start = dol_mktime(0, 0, 0, GETPOST('date_debutmonth', 'int'), GETPOST('date_debutday', 'int'), GETPOST('date_debutyear', 'int'));
$date_end = dol_mktime(0, 0, 0, GETPOST('date_finmonth', 'int'), GETPOST('date_finday', 'int'), GETPOST('date_finyear', 'int'));
$date = dol_mktime(0, 0, 0, GETPOST('datemonth', 'int'), GETPOST('dateday', 'int'), GETPOST('dateyear', 'int'));
@ -120,7 +121,6 @@ if ($object->id > 0) {
}
// Security check
$id = GETPOST("id", 'int');
if ($user->socid) {
$socid = $user->socid;
}

9
htdocs/expensereport/index.php
View File

@ -171,9 +171,6 @@ $langs->load("boxes");
$sql = "SELECT u.rowid as uid, u.lastname, u.firstname, u.login, u.statut as user_status, u.photo, u.email, u.admin,";
$sql .= " d.rowid, d.ref, d.date_debut as dated, d.date_fin as datef, d.date_create as dm, d.total_ht, d.total_ttc, d.fk_statut as status";
$sql .= " FROM ".MAIN_DB_PREFIX."expensereport as d, ".MAIN_DB_PREFIX."user as u";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE u.rowid = d.fk_user_author";
// RESTRICT RIGHTS
if (empty($user->rights->expensereport->readall) && empty($user->rights->expensereport->lire_tous)
@ -183,12 +180,6 @@ if (empty($user->rights->expensereport->readall) && empty($user->rights->expense
$sql .= " AND d.fk_user_author IN (".$db->sanitize(join(',', $childids)).")\n";
}
$sql .= ' AND d.entity IN ('.getEntity('expensereport').')';
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND d.fk_user_author = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND d.fk_user_author = ".$socid;
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $db->plimit($max, 0);

4
htdocs/expensereport/list.php
View File

@ -138,8 +138,8 @@ $search_array_options = $extrafields->getOptionalsFromPost($object->table_elemen
$fieldstosearchall = array(
'd.ref'=>'Ref',
'd.note_public'=>"NotePublic",
'u.lastname'=>'Lastname',
'u.firstname'=>"Firstname",
'u.lastname'=>'EmployeeLastname',
'u.firstname'=>"EmployeeFirstname",
'u.login'=>"Login",
);
if (empty($user->socid)) {

17
htdocs/fourn/class/fournisseur.commande.class.php
View File

@ -280,6 +280,11 @@ class CommandeFournisseur extends CommonOrder
const STATUS_REFUSED = 9;
/**
* The constant used into source field to track the order was generated by the replenishement feature
*/
const SOURCE_ID_REPLENISHMENT = 42;
/**
@ -2070,6 +2075,18 @@ class CommandeFournisseur extends CommonOrder
// End call triggers
}
// Test we can delete
$this->fetchObjectLinked(null, 'order_supplier');
if (!empty($this->linkedObjects)) {
foreach ($this->linkedObjects['reception'] as $element) {
if ($element->statut >= 0) {
$this->errors[] = $langs->trans('ReceptionExist');
$error++;
break;
}
}
}
$main = MAIN_DB_PREFIX.'commande_fournisseurdet';
$ef = $main."_extrafields";
$sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_commande = ".$this->id.")";

18
htdocs/fourn/commande/card.php
View File

@ -2325,7 +2325,7 @@ if ($action == 'create') {
print dol_get_fiche_end();
/**
* Boutons actions
* Buttons for actions
*/
if ($user->socid == 0 && $action != 'editline' && $action != 'delete') {
@ -2433,11 +2433,19 @@ if ($action == 'create') {
}
// Ship
$hasreception = 0;
if (!empty($conf->stock->enabled) && (!empty($conf->global->STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER) || !empty($conf->global->STOCK_CALCULATE_ON_RECEPTION) || !empty($conf->global->STOCK_CALCULATE_ON_RECEPTION_CLOSE))) {
$labelofbutton = $langs->trans('ReceiveProducts');
if ($conf->reception->enabled) {
$labelofbutton = $langs->trans("CreateReception");
if (!empty($object->linkedObjects)) {
foreach ($object->linkedObjects['reception'] as $element) {
if ($element->statut >= 0) {
$hasreception = 1;
break;
}
}
}
}
if (in_array($object->statut, array(3, 4, 5))) {
@ -2508,7 +2516,11 @@ if ($action == 'create') {
// Delete
if (!empty($usercandelete) || ($object->statut == CommandeFournisseur::STATUS_DRAFT && !empty($usercancreate))) {
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=delete&amp;token='.newToken().'">'.$langs->trans("Delete").'</a>';
if ($hasreception) {
print '<a class="butActionRefused classfortooltip" href="#" title="'.$langs->trans("ReceptionExist").'">'.$langs->trans("Delete").'</a>';
} else {
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=delete&amp;token='.newToken().'">'.$langs->trans("Delete").'</a>';
}
}
}

1
htdocs/fourn/commande/list.php
View File

@ -1284,6 +1284,7 @@ if ($resql) {
$objectstatic->id = $obj->rowid;
$objectstatic->ref = $obj->ref;
$objectstatic->ref_supplier = $obj->ref_supplier;
$objectstatic->socid = $obj->socid;
$objectstatic->total_ht = $obj->total_ht;
$objectstatic->total_tva = $obj->total_tva;
$objectstatic->total_ttc = $obj->total_ttc;

56
htdocs/hrm/index.php
View File

@ -40,8 +40,13 @@ if ($conf->deplacement->enabled) {
if ($conf->expensereport->enabled) {
require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
}
require_once DOL_DOCUMENT_ROOT.'/recruitment/class/recruitmentcandidature.class.php';
require_once DOL_DOCUMENT_ROOT.'/holiday/class/holiday.class.php';
if ($conf->recruitment->enabled) {
require_once DOL_DOCUMENT_ROOT.'/recruitment/class/recruitmentcandidature.class.php';
require_once DOL_DOCUMENT_ROOT.'/recruitment/class/recruitmentjobposition.class.php';
}
if ($conf->holiday->enabled) {
require_once DOL_DOCUMENT_ROOT.'/holiday/class/holiday.class.php';
}
$hookmanager = new HookManager($db);
$hookmanager->initHooks('hrmindex');
@ -60,10 +65,6 @@ if (empty($conf->global->MAIN_INFO_SOCIETE_NOM) || empty($conf->global->MAIN_INF
$setupcompanynotcomplete = 1;
}
$holiday = new Holiday($db);
$holidaystatic = new Holiday($db);
$staticrecruitmentcandidature = new RecruitmentCandidature($db);
$max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT;
@ -73,7 +74,8 @@ $max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT;
// Update sold
if (!empty($conf->holiday->enabled) && !empty($setupcompanynotcomplete)) {
$result = $holiday->updateBalance();
$holidaystatic = new Holiday($db);
$result = $holidaystatic->updateBalance();
}
@ -144,6 +146,7 @@ if (!empty($conf->global->MAIN_SEARCH_FORM_ON_HOME_AREAS)) { // This is usel
if (!empty($conf->holiday->enabled)) {
if (empty($conf->global->HOLIDAY_HIDE_BALANCE)) {
$holidaystatic = new Holiday($db);
$user_id = $user->id;
print '<div class="div-table-responsive-no-min">';
@ -154,9 +157,9 @@ if (!empty($conf->holiday->enabled)) {
$out = '';
$nb_holiday = 0;
$typeleaves = $holiday->getTypes(1, 1);
$typeleaves = $holidaystatic->getTypes(1, 1);
foreach ($typeleaves as $key => $val) {
$nb_type = $holiday->getCPforUser($user->id, $val['rowid']);
$nb_type = $holidaystatic->getCPforUser($user->id, $val['rowid']);
$nb_holiday += $nb_type;
$out .= ' - '.($langs->trans($val['code']) != $val['code'] ? $langs->trans($val['code']) : $val['label']).': <strong>'.($nb_type ? price2num($nb_type) : 0).'</strong><br>';
}
@ -179,7 +182,7 @@ print '</div><div class="fichetwothirdright"><div class="ficheaddleft">';
// Latest leave requests
if (!empty($conf->holiday->enabled) && $user->rights->holiday->read) {
$sql = "SELECT u.rowid as uid, u.lastname, u.firstname, u.login, u.email, u.photo, u.statut as user_status,";
$sql .= " x.rowid, x.rowid as ref, x.fk_type, x.date_debut as date_start, x.date_fin as date_end, x.halfday, x.tms as dm, x.statut as status";
$sql .= " x.rowid, x.ref, x.fk_type, x.date_debut as date_start, x.date_fin as date_end, x.halfday, x.tms as dm, x.statut as status";
$sql .= " FROM ".MAIN_DB_PREFIX."holiday as x, ".MAIN_DB_PREFIX."user as u";
$sql .= " WHERE u.rowid = x.fk_user";
$sql .= " AND x.entity = ".$conf->entity;
@ -330,20 +333,23 @@ if (!empty($conf->expensereport->enabled) && $user->rights->expensereport->lire)
// Last modified job position
if (!empty($conf->recruitment->enabled) && $user->rights->recruitment->recruitmentjobposition->read) {
$sql = "SELECT rc.rowid, rc.ref, rc.email, rc.lastname, rc.firstname, rc.date_creation, rc.tms, rc.status";
$staticrecruitmentcandidature = new RecruitmentCandidature($db);
$staticrecruitmentjobposition = new RecruitmentJobPosition($db);
$sql = "SELECT rc.rowid, rc.ref, rc.email, rc.lastname, rc.firstname, rc.date_creation, rc.tms, rc.status,";
$sql.= " rp.rowid as jobid, rp.ref as jobref, rp.label";
$sql .= " FROM ".MAIN_DB_PREFIX."recruitment_recruitmentcandidature as rc";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."recruitment_recruitmentjobposition as s ON rc.fk_recruitmentjobposition = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."recruitment_recruitmentjobposition as rp ON rc.fk_recruitmentjobposition = rp.rowid";
if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE rc.entity IN (".getEntity($staticrecruitmentjobposition->element).")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " WHERE rc.entity IN (".getEntity($staticrecruitmentcandidature->element).")";
if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$socid) {
$sql .= " AND rp.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.fk_soc = $socid";
$sql .= " AND rp.fk_soc = $socid";
}
$sql .= " ORDER BY rc.tms DESC";
$sql .= $db->order("rc.tms", "DESC");
$sql .= $db->plimit($max, 0);
$resql = $db->query($sql);
@ -354,8 +360,8 @@ if (!empty($conf->recruitment->enabled) && $user->rights->recruitment->recruitme
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
print '<th colspan="2">';
print $langs->trans("BoxTitleLatestModifiedCandidatures", $max);
print '<th colspan="3">';
print $langs->trans("BoxTitleLatestModifiedCandidatures", min($max, $num));
print '</th>';
print '<th class="right" colspan="2"><a href="'.DOL_URL_ROOT.'/recruitment/recruitmentcandidature_list.php?sortfield=t.tms&sortorder=DESC">'.$langs->trans("FullList").'</th>';
print '</tr>';
@ -370,11 +376,15 @@ if (!empty($conf->recruitment->enabled) && $user->rights->recruitment->recruitme
$staticrecruitmentcandidature->firstname = $objp->firstname;
$staticrecruitmentcandidature->lastname = $objp->lastname;
$staticrecruitmentjobposition->id = $objp->jobid;
$staticrecruitmentjobposition->ref = $objp->jobref;
$staticrecruitmentjobposition->label = $objp->label;
print '<tr class="oddeven">';
print '<td class="nowrap">'.$staticrecruitmentcandidature->getNomUrl(1, '').'</td>';
print '<td class="right nowrap">';
print "</td>";
print '<td class="right nowrap">'.dol_print_date($db->jdate($objp->tms), 'day')."</td>";
print '<td class="tdoverflowmax150">'.$staticrecruitmentcandidature->getFullName($langs).'</td>';
print '<td class="nowrap">'.$staticrecruitmentjobposition->getNomUrl(1).'</td>';
print '<td class="right nowrap">'.dol_print_date($db->jdate($objp->tms), 'day').'</td>';
print '<td class="right nowrap" width="16">';
print $staticrecruitmentcandidature->getLibStatut(3);
print "</td>";

14
htdocs/install/mysql/data/llx_00_c_country.sql
View File

@ -117,13 +117,13 @@ INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (86
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (87,'GQ','GNQ','Guinée Equatoriale',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (88,'ER','ERI','Erythrée',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (89,'EE','EST','Estonia',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (90,'ET','ETH','Ethiopie',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (91,'FK','FLK','Iles Falkland',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (92,'FO','FRO','Iles Féroé',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (93,'FJ','FJI','Iles Fidji',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (94,'FI','FIN','Finlande',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (95,'GF','GUF','Guyane française',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (96,'PF','PYF','Polynésie française',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (90,'ET','ETH','Ethiopia',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (91,'FK','FLK','Falkland Islands',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (92,'FO','FRO','Faroe Islands',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (93,'FJ','FJI','Fidji Islands',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (94,'FI','FIN','Finland',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (95,'GF','GUF','French Guiana',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (96,'PF','PYF','French Polynesia',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (97,'TF','ATF','Terres australes françaises',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (98,'GM','GMB','Gambie',1,0);
INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (99,'GE','GEO','Georgia',1,0);

20
htdocs/install/mysql/data/llx_20_c_departements.sql
View File

@ -765,16 +765,16 @@ INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc
-- Panama - 10 Provinces (id country=178)
INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES (17801, 'PA-1', '', 0, '', 'Bocas del Toro');
INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES (17801, 'PA-2', '', 0, '', 'Coclé');
INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES (17801, 'PA-3', '', 0, '', 'Colón');
INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES (17801, 'PA-4', '', 0, '', 'Chiriquí');
INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES (17801, 'PA-5', '', 0, '', 'Darién');
INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES (17801, 'PA-6', '', 0, '', 'Herrera');
INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES (17801, 'PA-7', '', 0, '', 'Los Santos');
INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES (17801, 'PA-8', '', 0, '', 'Panamá');
INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES (17801, 'PA-9', '', 0, '', 'Veraguas');
INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES (17801, 'PA-13', '', 0, '', 'Panamá Oeste');
INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES ('PA-1', 17801, '', 0, '', 'Bocas del Toro');
INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES ('PA-2', 17801, '', 0, '', 'Coclé');
INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES ('PA-3', 17801, '', 0, '', 'Colón');
INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES ('PA-4', 17801, '', 0, '', 'Chiriquí');
INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES ('PA-5', 17801, '', 0, '', 'Darién');
INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES ('PA-6', 17801, '', 0, '', 'Herrera');
INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES ('PA-7', 17801, '', 0, '', 'Los Santos');
INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES ('PA-8', 17801, '', 0, '', 'Panamá');
INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES ('PA-9', 17801, '', 0, '', 'Veraguas');
INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES ('PA-13', 17801, '', 0, '', 'Panamá Oeste');
-- Provinces Peru (id country=181)

6
htdocs/install/mysql/migration/13.0.0-14.0.0.sql
View File

@ -491,11 +491,15 @@ CREATE TABLE llx_knowledgemanagement_knowledgerecord(
import_key varchar(14),
model_pdf varchar(255),
question text NOT NULL,
answer text,
answer text,
fk_ticket integer,
status integer NOT NULL
-- END MODULEBUILDER FIELDS
) ENGINE=innodb;
ALTER TABLE llx_knowledgemanagement_knowledgerecord ADD COLUMN fk_ticket integer;
create table llx_knowledgemanagement_knowledgerecord_extrafields
(
rowid integer AUTO_INCREMENT PRIMARY KEY,

2
htdocs/install/mysql/tables/llx_c_ticket_category.sql
View File

@ -15,7 +15,7 @@
-- along with this program. If not, see <https://www.gnu.org/licenses/>.
--
-- Table with the categories of a ticket
-- Table with the custom category tree for the category of a ticket
--
create table llx_c_ticket_category

2
htdocs/install/mysql/tables/llx_c_ticket_type.sql
View File

@ -13,7 +13,7 @@
-- You should have received a copy of the GNU General Public License
-- along with this program. If not, see <https://www.gnu.org/licenses/>.
--
--
-- Type of ticket. For example: COM, ISSUE, REQUEST, PROJECT, OTHER, ...
create table llx_c_ticket_type
(

3
htdocs/install/mysql/tables/llx_knowledgemanagement_knowledgerecord.sql
View File

@ -27,7 +27,8 @@ CREATE TABLE llx_knowledgemanagement_knowledgerecord(
import_key varchar(14),
model_pdf varchar(255),
question text NOT NULL,
answer text,
answer text,
fk_ticket integer,
status integer NOT NULL
-- END MODULEBUILDER FIELDS
) ENGINE=innodb;

4
htdocs/knowledgemanagement/class/knowledgerecord.class.php
View File

@ -110,8 +110,8 @@ class KnowledgeRecord extends CommonObject
'fk_user_valid' => array('type'=>'integer:User:user/class/user.class.php', 'label'=>'UserValidation', 'enabled'=>'1', 'position'=>512, 'notnull'=>0, 'visible'=>-2,),
'import_key' => array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>'1', 'position'=>1000, 'notnull'=>-1, 'visible'=>-2,),
'model_pdf' => array('type'=>'varchar(255)', 'label'=>'Model pdf', 'enabled'=>'1', 'position'=>1010, 'notnull'=>-1, 'visible'=>0,),
'question' => array('type'=>'text', 'label'=>'Question', 'enabled'=>'1', 'position'=>30, 'notnull'=>1, 'visible'=>1,),
'answer' => array('type'=>'html', 'label'=>'Solution', 'enabled'=>'1', 'position'=>50, 'notnull'=>0, 'visible'=>-1,),
'question' => array('type'=>'text', 'label'=>'Question', 'enabled'=>'1', 'position'=>30, 'notnull'=>1, 'visible'=>1, 'csslist'=>'tdoverflow300'),
'answer' => array('type'=>'html', 'label'=>'Solution', 'enabled'=>'1', 'position'=>50, 'notnull'=>0, 'visible'=>3, 'csslist'=>'tdoverflow300'),
'status' => array('type'=>'integer', 'label'=>'Status', 'enabled'=>'1', 'position'=>1000, 'notnull'=>1, 'visible'=>1, 'default'=>0, 'index'=>1, 'arrayofkeyval'=>array('0'=>'Draft', '1'=>'Valid'),),
);
public $rowid;

10
htdocs/langs/en_US/compta.lang
View File

@ -286,9 +286,9 @@ ReportPurchaseTurnover=Purchase turnover invoiced
ReportPurchaseTurnoverCollected=Purchase turnover collected
IncludeVarpaysInResults = Include various payments in reports
IncludeLoansInResults = Include loans in reports
InvoiceLate30Days = Invoices late 30 days
InvoiceLate15Days = Invoices late 15 days
InvoiceLate30Days = Invoices late > 30 days
InvoiceLate15Days = Invoices late > 15 days
InvoiceLateMinus15Days = Invoices late
InvoiceNotLate = To pay < 15 days
InvoiceNotLate15Days = To pay > 15 days
InvoiceNotLate30Days = To pay in > 30 days
InvoiceNotLate = To be collected < 15 days
InvoiceNotLate15Days = To be collected in 15 days
InvoiceNotLate30Days = To be collected in 30 days

1
htdocs/langs/en_US/main.lang
View File

@ -430,6 +430,7 @@ LT1IN=CGST
LT2IN=SGST
LT1GC=Additionnal cents
VATRate=Tax Rate
RateOfTaxN=Rate of tax %s
VATCode=Tax Rate code
VATNPR=Tax Rate NPR
DefaultTaxRate=Default tax rate

2
htdocs/langs/en_US/receptions.lang
View File

@ -44,4 +44,4 @@ ValidateOrderFirstBeforeReception=You must first validate the order before being
ReceptionsNumberingModules=Numbering module for receptions
ReceptionsReceiptModel=Document templates for receptions
NoMorePredefinedProductToDispatch=No more predefined products to dispatch
ReceptionExist=A reception exists

96
htdocs/main.inc.php
View File

@ -50,9 +50,33 @@ if (!empty($_SERVER['MAIN_SHOW_TUNING_INFO'])) {
}
}
/**
* Return the real char for a numeric entities.
* This function is required by testSqlAndScriptInject().
*
* @param string $matches String of numeric entity
* @return string New value
*/
function realCharForNumericEntities($matches)
{
$newstringnumentity = $matches[1];
if (preg_match('/^x/i', $newstringnumentity)) {
$newstringnumentity = hexdec(preg_replace('/^x/i', '', $newstringnumentity));
}
// The numeric value we don't want as entities
if (($newstringnumentity >= 65 && $newstringnumentity <= 90) || ($newstringnumentity >= 97 && $newstringnumentity <= 122)) {
return chr((int) $newstringnumentity);
}
return '&#'.$matches[1];
}
/**
* Security: WAF layer for SQL Injection and XSS Injection (scripts) protection (Filters on GET, POST, PHP_SELF).
* Warning: Such a protection can't be enough. It is not reliable as it will alwyas be possible to bypass this. Good protection can
* Warning: Such a protection can't be enough. It is not reliable as it will always be possible to bypass this. Good protection can
* only be guaranted by escaping data during output.
*
* @param string $val Value brut found int $_GET, $_POST or PHP_SELF
@ -61,7 +85,7 @@ if (!empty($_SERVER['MAIN_SHOW_TUNING_INFO'])) {
*/
function testSqlAndScriptInject($val, $type)
{
// Decode string first bcause a lot of things are obfuscated by encoding or multiple encoding.
// Decode string first because a lot of things are obfuscated by encoding or multiple encoding.
// So <svg o&#110;load='console.log(&quot;123&quot;)' become <svg onload='console.log(&quot;123&quot;)'
// So "&colon;&apos;" become ":'" (due to ENT_HTML5)
// Loop to decode until no more thing to decode.
@ -69,6 +93,7 @@ function testSqlAndScriptInject($val, $type)
do {
$oldval = $val;
$val = html_entity_decode($val, ENT_QUOTES | ENT_HTML5);
$val = preg_replace_callback('/&#(x?[0-9][0-9a-f]+)/i', 'realCharForNumericEntities', $val); // Sometimes we have entities without the ; at end so html_entity_decode does not work but entities is still interpreted by browser.
} while ($oldval != $val);
//print "after decoding $val\n";
@ -2201,6 +2226,7 @@ function top_menu_quickadd()
{
global $langs, $conf, $db, $hookmanager, $user;
global $menumanager;
$html = '';
// Define $dropDownQuickAddHtml
$dropDownQuickAddHtml = '<div class="dropdown-header bookmark-header center">';
@ -2215,9 +2241,7 @@ function top_menu_quickadd()
<!-- Thirdparty link -->
<div class="quickaddblock center">
<a class="quickadddropdown-icon-link" href="'.DOL_URL_ROOT.'/societe/card.php?action=create" title="'.$langs->trans("MenuNewThirdParty").'">
<i class="fa fa-building"></i><br>
'.$langs->trans("ThirdParty").'
</a>
'. img_picto('', 'object_company') .'<br>'. $langs->trans("ThirdParty") .'</a>
</div>
';
}
@ -2228,9 +2252,7 @@ function top_menu_quickadd()
<!-- Contact link -->
<div class="quickaddblock center">
<a class="quickadddropdown-icon-link" href="'.DOL_URL_ROOT.'/contact/card.php?action=create" title="'.$langs->trans("NewContactAddress").'">
<i class="fa fa-address-book"></i><br>
'.$langs->trans("Contact").'
</a>
'. img_picto('', 'object_contact') .'<br>'. $langs->trans("Contact") .'</a>
</div>
';
}
@ -2241,9 +2263,7 @@ function top_menu_quickadd()
<!-- Propal link -->
<div class="quickaddblock center">
<a class="quickadddropdown-icon-link" href="'.DOL_URL_ROOT.'/comm/propal/card.php?action=create" title="'.$langs->trans("NewPropal").'">
<i class="fa fa-suitcase"></i><br>
'.$langs->trans("Proposal").'
</a>
'. img_picto('', 'object_propal') .'<br>'. $langs->trans("Proposal") .'</a>
</div>
';
}
@ -2254,9 +2274,7 @@ function top_menu_quickadd()
<!-- Order link -->
<div class="quickaddblock center">
<a class="quickadddropdown-icon-link" href="'.DOL_URL_ROOT.'/commande/card.php?action=create" title="'.$langs->trans("NewOrder").'">
<i class="fa fa-file-alt"></i><br>
'.$langs->trans("Order").'
</a>
'. img_picto('', 'object_order') .'<br>'. $langs->trans("Order") .'</a>
</div>
';
}
@ -2267,9 +2285,7 @@ function top_menu_quickadd()
<!-- Invoice link -->
<div class="quickaddblock center">
<a class="quickadddropdown-icon-link" href="'.DOL_URL_ROOT.'/compta/facture/card.php?action=create" title="'.$langs->trans("NewBill").'">
<i class="fa fa-coins"></i><br>
'.$langs->trans("Bill").'
</a>
'. img_picto('', 'object_bill') .'<br>'. $langs->trans("Bill") .'</a>
</div>
';
}
@ -2280,9 +2296,7 @@ function top_menu_quickadd()
<!-- Contract link -->
<div class="quickaddblock center">
<a class="quickadddropdown-icon-link" href="'.DOL_URL_ROOT.'/compta/facture/card.php?action=create" title="'.$langs->trans("NewContractSubscription").'">
<i class="fa fa-file-contract"></i><br>
'.$langs->trans("Contract").'
</a>
'. img_picto('', 'object_contract') .'<br>'. $langs->trans("Contract") .'</a>
</div>
';
}
@ -2293,9 +2307,7 @@ function top_menu_quickadd()
<!-- Supplier proposal link -->
<div class="quickaddblock center">
<a class="quickadddropdown-icon-link" href="'.DOL_URL_ROOT.'/supplier_proposal/card.php?action=create" title="'.$langs->trans("NewAskPrice").'">
<i class="fa fa-suitcase"></i><br>
'.$langs->trans("AskPrice").'
</a>
'. img_picto('', 'object_propal') .'<br>'. $langs->trans("AskPrice") .'</a>
</div>
';
}
@ -2306,9 +2318,7 @@ function top_menu_quickadd()
<!-- Supplier order link -->
<div class="quickaddblock center">
<a class="quickadddropdown-icon-link" href="'.DOL_URL_ROOT.'/fourn/commande/card.php?action=create" title="'.$langs->trans("NewOrder").'">
<i class="fa fa-file-alt"></i><br>
'.$langs->trans("SupplierOrder").'
</a>
'. img_picto('', 'object_order') .'<br>'. $langs->trans("SupplierOrder") .'</a>
</div>
';
}
@ -2319,9 +2329,7 @@ function top_menu_quickadd()
<!-- Supplier invoice link -->
<div class="quickaddblock center">
<a class="quickadddropdown-icon-link" href="'.DOL_URL_ROOT.'/fourn/facture/card.php?action=create" title="'.$langs->trans("NewBill").'">
<i class="fa fa-coins"></i><br>
'.$langs->trans("SupplierBill").'
</a>
'. img_picto('', 'object_bill') .'<br>'. $langs->trans("SupplierBill") .'</a>
</div>
';
}
@ -2332,9 +2340,7 @@ function top_menu_quickadd()
<!-- Product link -->
<div class="quickaddblock center">
<a class="quickadddropdown-icon-link" href="'.DOL_URL_ROOT.'/product/card.php?action=create&amp;type=0" title="'.$langs->trans("NewProduct").'">
<i class="fa fa-cube"></i><br>
'.$langs->trans("Product").'
</a>
'. img_picto('', 'object_product') .'<br>'. $langs->trans("Product") .'</a>
</div>
';
}
@ -2345,9 +2351,29 @@ function top_menu_quickadd()
<!-- Service link -->
<div class="quickaddblock center">
<a class="quickadddropdown-icon-link" href="'.DOL_URL_ROOT.'/product/card.php?action=create&amp;type=1" title="'.$langs->trans("NewService").'">
<i class="fa fa-concierge-bell"></i><br>
'.$langs->trans("Service").'
</a>
'. img_picto('', 'object_service') .'<br>'. $langs->trans("Service") .'</a>
</div>
';
}
if (!empty($conf->expensereport->enabled) && $user->rights->expensereport->creer) {
$langs->load("trips");
$dropDownQuickAddHtml .= '
<!-- Expense report link -->
<div class="quickaddblock center">
<a class="quickadddropdown-icon-link" href="'.DOL_URL_ROOT.'/expensereport/card.php?action=create&fk_user_author='.$user->id.'" title="'.$langs->trans("AddTrip").'">
'. img_picto('', 'object_trip') .'<br>'. $langs->trans("ExpenseReport") .'</a>
</div>
';
}
if (!empty($conf->holiday->enabled) && $user->rights->holiday->write) {
$langs->load("holiday");
$dropDownQuickAddHtml .= '
<!-- Holiday link -->
<div class="quickaddblock center">
<a class="quickadddropdown-icon-link" href="'.DOL_URL_ROOT.'/holiday/card.php?action=create&fuserid='.$user->id.'" title="'.$langs->trans("AddCP").'">
'. img_picto('', 'object_holiday') .'<br>'. $langs->trans("Holidays") .'</a>
</div>
';
}

51
htdocs/modulebuilder/template/class/actions_mymodule.class.php
View File

@ -303,5 +303,56 @@ class ActionsMyModule
return 0;
}
/**
* Execute action completeTabsHead
*
* @param array $parameters Array of parameters
* @param CommonObject $object The object to process (an invoice if you are in invoice module, a propale in propale's module, etc...)
* @param string $action 'add', 'update', 'view'
* @param Hookmanager $hookmanager hookmanager
* @return int <0 if KO,
* =0 if OK but we want to process standard actions too,
* >0 if OK and we want to replace standard actions.
*/
public function completeTabsHead(&$parameters, &$object, &$action, $hookmanager)
{
global $langs, $conf, $user;
if (!isset($parameters['object']->element)) {
return 0;
}
if ($parameters['mode'] == 'remove') {
// utilisé si on veut faire disparaitre des onglets.
return 0;
} elseif ($parameters['mode'] == 'add') {
$langs->load('mymodule@mymodule');
// utilisé si on veut ajouter des onglets.
$counter = count($parameters['head']);
$element = $parameters['object']->element;
$id = $parameters['object']->id;
// verifier le type d'onglet comme member_stats où ça ne doit pas apparaitre
// if (in_array($element, ['societe', 'member', 'contrat', 'fichinter', 'project', 'propal', 'commande', 'facture', 'order_supplier', 'invoice_supplier'])) {
if (in_array($element, ['context1', 'context2'])) {
$datacount = 0;
$parameters['head'][$counter][0] = dol_buildpath('/mymodule/mymodule_tab.php', 1) . '?id=' . $id . '&amp;module='.$element;
$parameters['head'][$counter][1] = $langs->trans('MyModuleTab');
if ($datacount > 0) {
$parameters['head'][$counter][1] .= '<span class="badge marginleftonlyshort">' . $datacount . '</span>';
}
$parameters['head'][$counter][2] = 'mymoduleemails';
$counter++;
}
if ($counter > 0 && (int) DOL_VERSION < 14) {
$this->results = $parameters['head'];
// return 1 to replace standard code
return 1;
} else {
// en V14 et + $parameters['head'] est modifiable par référence
return 0;
}
}
}
/* Add here any other hooked methods... */
}

2
htdocs/modulebuilder/template/core/triggers/interface_99_modMyModule_MyModuleTriggers.class.php
View File

@ -119,8 +119,6 @@ class InterfaceMyModuleTriggers extends DolibarrTriggers
//case 'USER_NEW_PASSWORD':
//case 'USER_ENABLEDISABLE':
//case 'USER_DELETE':
//case 'USER_SETINGROUP':
//case 'USER_REMOVEFROMGROUP':
// Actions
//case 'ACTION_MODIFY':

2
htdocs/modulebuilder/template/myobject_document.php
View File

@ -124,7 +124,7 @@ if ($id > 0 || !empty($ref)) {
$upload_dir = $conf->mymodule->multidir_output[$object->entity ? $object->entity : $conf->entity]."/myobject/".get_exdir(0, 0, 0, 1, $object);
}
$permissiontoadd = $user->rights->mymodule->myobject->write; // Used by the include of actions_addupdatedelete.inc.php
$permissiontoadd = $user->rights->mymodule->myobject->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php
// Security check (enable the most restrictive one)
//if ($user->socid > 0) accessforbidden();

14
htdocs/product/class/html.formproduct.class.php
View File

@ -66,13 +66,13 @@ class FormProduct
* 'warehouseclosed' = select products from closed warehouses,
* 'warehouseinternal' = select products from warehouses for internal correct/transfer only
* @param boolean $sumStock sum total stock of a warehouse, default true
* @param string $exclude warehouses ids to exclude
* @param array $exclude warehouses ids to exclude
* @param bool|int $stockMin [=false] Value of minimum stock to filter or false not not filter by minimum stock
* @param string $orderBy [='e.ref'] Order by
* @return int Nb of loaded lines, 0 if already loaded, <0 if KO
* @throws Exception
*/
public function loadWarehouses($fk_product = 0, $batch = '', $status = '', $sumStock = true, $exclude = '', $stockMin = false, $orderBy = 'e.ref')
public function loadWarehouses($fk_product = 0, $batch = '', $status = '', $sumStock = true, $exclude = array(), $stockMin = false, $orderBy = 'e.ref')
{
global $conf, $langs;
@ -80,10 +80,6 @@ class FormProduct
return 0; // Cache already loaded and we do not want a list with information specific to a product
}
if (is_array($exclude)) {
$excludeGroups = implode("','", $exclude);
}
$warehouseStatus = array();
if (preg_match('/warehouseclosed/', $status)) {
@ -121,7 +117,7 @@ class FormProduct
$sql .= " AND e.statut = 1";
}
if (!empty($exclude)) {
if (is_array($exclude) && !empty($exclude)) {
$sql .= ' AND e.rowid NOT IN('.$this->db->sanitize(implode(',', $exclude)).')';
}
@ -220,7 +216,7 @@ class FormProduct
* @param int $forcecombo 1=Force combo iso ajax select2
* @param array $events Events to add to select2
* @param string $morecss Add more css classes to HTML select
* @param string $exclude Warehouses ids to exclude
* @param array $exclude Warehouses ids to exclude
* @param int $showfullpath 1=Show full path of name (parent ref into label), 0=Show only ref of current warehouse
* @param bool|int $stockMin [=false] Value of minimum stock to filter or false not not filter by minimum stock
* @param string $orderBy [='e.ref'] Order by
@ -228,7 +224,7 @@ class FormProduct
*
* @throws Exception
*/
public function selectWarehouses($selected = '', $htmlname = 'idwarehouse', $filterstatus = '', $empty = 0, $disabled = 0, $fk_product = 0, $empty_label = '', $showstock = 0, $forcecombo = 0, $events = array(), $morecss = 'minwidth200', $exclude = '', $showfullpath = 1, $stockMin = false, $orderBy = 'e.ref')
public function selectWarehouses($selected = '', $htmlname = 'idwarehouse', $filterstatus = '', $empty = 0, $disabled = 0, $fk_product = 0, $empty_label = '', $showstock = 0, $forcecombo = 0, $events = array(), $morecss = 'minwidth200', $exclude = array(), $showfullpath = 1, $stockMin = false, $orderBy = 'e.ref')
{
global $conf, $langs, $user, $hookmanager;

4
htdocs/product/document.php
View File

@ -113,7 +113,7 @@ if ($reshook < 0) {
if (empty($reshook)) {
// Delete line if product propal merge is linked to a file
if (!empty($conf->global->PRODUIT_PDF_MERGE_PROPAL)) {
if ($action == 'confirm_deletefile' && $confirm == 'yes') {
if ($action == 'confirm_deletefile' && $confirm == 'yes' && $permissiontoadd) {
//extract file name
$urlfile = GETPOST('urlfile', 'alpha');
$filename = basename($urlfile);
@ -131,7 +131,7 @@ if (empty($reshook)) {
include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';
}
if ($action == 'filemerge') {
if ($action == 'filemerge' && $permissiontoadd) {
$is_refresh = GETPOST('refresh');
if (empty($is_refresh)) {
$filetomerge_file_array = GETPOST('filetoadd');

19
htdocs/product/stock/replenish.php
View File

@ -224,17 +224,24 @@ if ($action == 'order' && GETPOST('valid')) {
$suppliersid = array_keys($suppliers);
foreach ($suppliers as $supplier) {
$order = new CommandeFournisseur($db);
// Check if an order for the supplier exists
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."commande_fournisseur";
$sql .= " WHERE fk_soc = ".((int) $suppliersid[$i]);
$sql .= " AND source = 42 AND fk_statut = 0";
$sql .= " AND source = ".((int) $order::SOURCE_ID_REPLENISHMENT)." AND fk_statut = ".$order::STATUS_DRAFT;
$sql .= " AND entity IN (".getEntity('commande_fournisseur').")";
$sql .= " ORDER BY date_creation DESC";
$resql = $db->query($sql);
if ($resql && $db->num_rows($resql) > 0) {
$obj = $db->fetch_object($resql);
$order->fetch($obj->rowid);
$order->fetch_thirdparty();
foreach ($supplier['lines'] as $line) {
if (empty($line->remise_percent)) {
$line->remise_percent = $order->thirdparty->remise_supplier_percent;
}
$result = $order->addline(
$line->desc,
$line->subprice,
@ -268,13 +275,19 @@ if ($action == 'order' && GETPOST('valid')) {
} else {
$order->socid = $suppliersid[$i];
$order->fetch_thirdparty();
//trick to know which orders have been generated this way
$order->source = 42;
// Trick to know which orders have been generated using the replenishment feature
$order->source = $order::SOURCE_ID_REPLENISHMENT;
foreach ($supplier['lines'] as $line) {
if (empty($line->remise_percent)) {
$line->remise_percent = $order->thirdparty->remise_supplier_percent;
}
$order->lines[] = $line;
}
$order->cond_reglement_id = $order->thirdparty->cond_reglement_supplier_id;
$order->mode_reglement_id = $order->thirdparty->mode_reglement_supplier_id;
$id = $order->create($user);
if ($id < 0) {
$fail++;

2
htdocs/product/stock/stockatdate.php
View File

@ -363,7 +363,7 @@ print $form->select_produits($productid, 'productid', '', 0, 0, -1, 2, '', 0, ar
print ' <span class="clearbothonsmartphone marginleftonly paddingleftonly marginrightonly paddingrightonly">&nbsp;</span> ';
print img_picto('', 'stock').' ';
print $langs->trans('Warehouse').'</span> ';
print $formproduct->selectWarehouses((GETPOSTISSET('fk_warehouse') ? $fk_warehouse : 'ifone'), 'fk_warehouse', '', 1, 0, 0, '', 0, 0, null, '', '', 1, false, 'e.ref');
print $formproduct->selectWarehouses((GETPOSTISSET('fk_warehouse') ? $fk_warehouse : 'ifone'), 'fk_warehouse', '', 1, 0, 0, '', 0, 0, null, '', null, 1, false, 'e.ref');
print '</div>';
$parameters = array();

10
htdocs/projet/document.php
View File

@ -40,11 +40,6 @@ $ref = GETPOST('ref', 'alpha');
$mine = (GETPOST('mode', 'alpha') == 'mine' ? 1 : 0);
//if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
// Security check
$socid = 0;
//if ($user->socid > 0) $socid = $user->socid; // For external user, no check is done on company because readability is managed by public status of project and assignement.
$result = restrictedArea($user, 'projet', $id, 'projet&project');
$object = new Project($db);
include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once
@ -82,6 +77,11 @@ if (!$sortfield) {
$sortfield = "name";
}
// Security check
$socid = 0;
//if ($user->socid > 0) $socid = $user->socid; // For external user, no check is done on company because readability is managed by public status of project and assignement.
$result = restrictedArea($user, 'projet', $id, 'projet&project');
/*

12
htdocs/recruitment/recruitmentindex.php
View File

@ -331,18 +331,18 @@ if (!empty($conf->recruitment->enabled) && $user->rights->recruitment->recruitme
$sql = "SELECT s.rowid, s.ref, s.label, s.date_creation, s.tms, s.status, COUNT(rc.rowid) as nbapplications";
$sql .= " FROM ".MAIN_DB_PREFIX."recruitment_recruitmentjobposition as s";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."recruitment_recruitmentcandidature as rc ON rc.fk_recruitmentjobposition = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE s.entity IN (".getEntity($staticrecruitmentjobposition->element).")";
if (!$user->rights->societe->client->voir && !$socid) {
if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.fk_soc = $socid";
}
$sql .= " GROUP BY s.rowid, s.ref, s.label, s.date_creation, s.tms, s.status";
$sql .= " ORDER BY s.tms DESC";
$sql .= $db->order('s.tms', 'DESC');
$sql .= $db->plimit($max, 0);
$resql = $db->query($sql);
@ -402,17 +402,17 @@ if (!empty($conf->recruitment->enabled) && $user->rights->recruitment->recruitme
$sql = "SELECT rc.rowid, rc.ref, rc.email, rc.lastname, rc.firstname, rc.date_creation, rc.tms, rc.status";
$sql .= " FROM ".MAIN_DB_PREFIX."recruitment_recruitmentcandidature as rc";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."recruitment_recruitmentjobposition as s ON rc.fk_recruitmentjobposition = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE rc.entity IN (".getEntity($staticrecruitmentjobposition->element).")";
if (!$user->rights->societe->client->voir && !$socid) {
if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.fk_soc = $socid";
}
$sql .= " ORDER BY rc.tms DESC";
$sql .= $db->order('rc.tms', 'DESC');
$sql .= $db->plimit($max, 0);
$resql = $db->query($sql);

14
htdocs/societe/class/societe.class.php
View File

@ -2570,7 +2570,19 @@ class Societe extends CommonObject
}
}
$label .= '<br><b>'.$langs->trans('Email').':</b> '.$this->email;
if (!empty($this->country_code)) {
if (!empty($this->phone) || !empty($this->fax)) {
$phonelist = array();
if ($this->phone) {
$phonelist[] = dol_print_phone($this->phone, $this->country_code, $this->id, 0, '', '&nbsp', 'phone');
}
if ($this->fax) {
$phonelist[] = dol_print_phone($this->fax, $this->country_code, $this->id, 0, '', '&nbsp', 'fax');
}
$label .= '<br><b>'.$langs->trans('Phone').':</b> '.implode('&nbsp;', $phonelist);
}
if (!empty($this->address)) {
$label .= '<br><b>'.$langs->trans("Address").':</b> '.dol_format_address($this, 1, ' ', $langs); // Address + country
} elseif (!empty($this->country_code)) {
$label .= '<br><b>'.$langs->trans('Country').':</b> '.$this->country_code;
}
if (!empty($this->tva_intra) || (!empty($conf->global->SOCIETE_SHOW_FIELD_IN_TOOLTIP) && strpos($conf->global->SOCIETE_SHOW_FIELD_IN_TOOLTIP, 'vatnumber') !== false)) {

1
htdocs/societe/document.php
View File

@ -76,6 +76,7 @@ if ($id > 0 || !empty($ref)) {
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('thirdpartydocument', 'globalcard'));
$permissiontoadd = $user->rights->societe->creer; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
// Security check
if ($user->socid > 0) {

5
htdocs/ticket/agenda.php
View File

@ -81,12 +81,9 @@ if (!$action) {
// Security check
$id = GETPOST("id", 'int');
$socid = 0;
//if ($user->socid > 0) $socid = $user->socid; // For external user, no check is done on company because readability is managed by public status of project and assignement.
if ($user->socid > 0) $socid = $user->socid;
$result = restrictedArea($user, 'ticket', $id, '');
if (!$user->rights->ticket->read) {
accessforbidden();
}
// restrict access for externals users
if ($user->socid > 0 && ($object->fk_soc != $user->socid)) {
accessforbidden();

31
htdocs/ticket/card.php
View File

@ -112,8 +112,8 @@ if ($id || $track_id || $ref) {
$url_page_current = DOL_URL_ROOT.'/ticket/card.php';
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
$socid = 0;
if ($user->socid > 0) $socid = $user->socid;
$result = restrictedArea($user, 'ticket', $object->id);
$triggermodname = 'TICKET_MODIFY';
@ -1320,15 +1320,28 @@ if ($action == 'create' || $action == 'presend') {
// add a message
if ($action == 'presend' || $action == 'presend_addmessage') {
if ($object->fk_soc > 0) {
$object->fetch_thirdparty();
}
$outputlangs = $langs;
$newlang = '';
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id', 'aZ09')) {
$newlang = GETPOST('lang_id', 'aZ09');
}
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && is_object($object->thirdparty)) {
$newlang = $object->thirdparty->default_lang;
}
$arrayoffamiliestoexclude = array('objectamount');
$action = 'add_message'; // action to use to post the message
$modelmail = 'ticket_send';
// Substitution array
$morehtmlright = '';
$help = "";
$substitutionarray = array();
$substitutionarray = getCommonSubstitutionArray($newlang, 0, $arrayoffamiliestoexclude, $object);
if ($object->fk_soc > 0) {
$object->fetch_thirdparty();
$substitutionarray['__THIRDPARTY_NAME__'] = $object->thirdparty->name;
}
$substitutionarray['__USER_SIGNATURE__'] = $user->signature;
@ -1361,16 +1374,6 @@ if ($action == 'create' || $action == 'presend') {
print '<hr>';
// Define output language
$outputlangs = $langs;
$newlang = '';
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && !empty($_REQUEST['lang_id'])) {
$newlang = $_REQUEST['lang_id'];
}
if ($conf->global->MAIN_MULTILANGS && empty($newlang)) {
$newlang = $object->default_lang;
}
$formticket = new FormTicket($db);
$formticket->action = $action;

2
htdocs/ticket/class/ticket.class.php
View File

@ -2917,7 +2917,7 @@ class Ticket extends CommonObject
$sql = "SELECT p.rowid, p.ref, p.datec as datec";
$sql .= " FROM ".MAIN_DB_PREFIX."ticket as p";
if (!$user->rights->societe->client->voir && !$user->socid) {
if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$clause = " AND";

23
htdocs/ticket/contact.php
View File

@ -50,11 +50,6 @@ $source = GETPOST('source', 'alpha');
$ligne = GETPOST('ligne', 'int');
$lineid = GETPOST('lineid', 'int');
// Protection if external user
if ($user->socid > 0) {
$socid = $user->socid;
accessforbidden();
}
// Store current page url
$url_page_current = dol_buildpath('/ticket/contact.php', 1);
@ -62,6 +57,24 @@ $url_page_current = dol_buildpath('/ticket/contact.php', 1);
$object = new Ticket($db);
$permissiontoadd = $user->rights->ticket->write;
// Security check
$id = GETPOST("id", 'int');
$socid = 0;
if ($user->socid > 0) $socid = $user->socid;
$result = restrictedArea($user, 'ticket', $object->id, '');
// restrict access for externals users
if ($user->socid > 0 && ($object->fk_soc != $user->socid)) {
accessforbidden();
}
// or for unauthorized internals users
if (!$user->socid && (!empty($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY) && $object->fk_user_assign != $user->id) && !$user->rights->ticket->manage) {
accessforbidden();
}
/*
* Actions
*/

20
htdocs/ticket/document.php
View File

@ -43,11 +43,6 @@ $track_id = GETPOST('track_id', 'alpha');
$action = GETPOST('action', 'alpha');
$confirm = GETPOST('confirm', 'alpha');
// Security check
if (!$user->rights->ticket->read) {
accessforbidden();
}
// Get parameters
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
@ -75,6 +70,21 @@ if ($result < 0) {
$upload_dir = $conf->ticket->dir_output."/".dol_sanitizeFileName($object->ref);
}
$permissiontoadd = $user->rights->ticket->write;
// Security check - Protection if external user
$result = restrictedArea($user, 'ticket', $object->id);
// restrict access for externals users
if ($user->socid > 0 && ($object->fk_soc != $user->socid)) {
accessforbidden();
}
// or for unauthorized internals users
if (!$user->socid && ($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY && $object->fk_user_assign != $user->id) && !$user->rights->ticket->manage) {
accessforbidden();
}
/*
* Actions

9
htdocs/ticket/messaging.php
View File

@ -76,16 +76,14 @@ if (!$action) {
$action = 'view';
}
$permissiontoadd = $user->rights->ticket->write;
// Security check
$id = GETPOST("id", 'int');
$socid = 0;
//if ($user->socid > 0) $socid = $user->socid; // For external user, no check is done on company because readability is managed by public status of project and assignement.
$result = restrictedArea($user, 'ticket', $id, '');
if ($user->socid > 0) $socid = $user->socid;
$result = restrictedArea($user, 'ticket', $object->id, '');
if (!$user->rights->ticket->read) {
accessforbidden();
}
// restrict access for externals users
if ($user->socid > 0 && ($object->fk_soc != $user->socid)) {
accessforbidden();
@ -96,7 +94,6 @@ if (!$user->socid && (!empty($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY) &&
}
/*
* Actions
*/

36
htdocs/user/class/api_users.class.php
View File

@ -21,6 +21,7 @@ use Luracast\Restler\RestException;
require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
require_once DOL_DOCUMENT_ROOT.'/user/class/usergroup.class.php';
/**
* API class for users
*
@ -47,6 +48,7 @@ class Users extends DolibarrApi
public function __construct()
{
global $db, $conf;
$this->db = $db;
$this->useraccount = new User($this->db);
}
@ -62,15 +64,15 @@ class Users extends DolibarrApi
* @param int $limit Limit for list
* @param int $page Page number
* @param string $user_ids User ids filter field. Example: '1' or '1,2,3' {@pattern /^[0-9,]*$/i}
* @param int $category Use this param to filter list by category
* @param int $category Use this param to filter list by category
* @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
* @return array Array of User objects
*/
public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $user_ids = 0, $category = 0, $sqlfilters = '')
{
global $db, $conf;
global $conf;
if (!DolibarrApiAccess::$user->rights->user->user->lire) {
if (empty(DolibarrApiAccess::$user->rights->user->user->lire) && empty(DolibarrApiAccess::$user->admin)) {
throw new RestException(401, "You are not allowed to read list of users");
}
@ -149,7 +151,7 @@ class Users extends DolibarrApi
*/
public function get($id, $includepermissions = 0)
{
if (empty(DolibarrApiAccess::$user->rights->user->user->lire)) {
if (empty(DolibarrApiAccess::$user->rights->user->user->lire) && empty(DolibarrApiAccess::$user->admin)) {
throw new RestException(401, 'Not allowed');
}
@ -187,7 +189,7 @@ class Users extends DolibarrApi
*/
public function getByLogin($login, $includepermissions = 0)
{
if (empty(DolibarrApiAccess::$user->rights->user->user->lire)) {
if (empty(DolibarrApiAccess::$user->rights->user->user->lire) && empty(DolibarrApiAccess::$user->admin)) {
throw new RestException(401, 'Not allowed');
}
@ -221,7 +223,7 @@ class Users extends DolibarrApi
*/
public function getByEmail($email, $includepermissions = 0)
{
if (empty(DolibarrApiAccess::$user->rights->user->user->lire)) {
if (empty(DolibarrApiAccess::$user->rights->user->user->lire) && empty(DolibarrApiAccess::$user->admin)) {
throw new RestException(401, 'Not allowed');
}
@ -254,7 +256,7 @@ class Users extends DolibarrApi
*/
public function getInfo($includepermissions = 0)
{
if (empty(DolibarrApiAccess::$user->rights->user->user->lire)) {
if (empty(DolibarrApiAccess::$user->rights->user->user->lire) && empty(DolibarrApiAccess::$user->admin)) {
throw new RestException(401, 'Not allowed');
}
@ -295,7 +297,7 @@ class Users extends DolibarrApi
public function post($request_data = null)
{
// Check user authorization
if (empty(DolibarrApiAccess::$user->rights->user->user->creer)) {
if (empty(DolibarrApiAccess::$user->rights->user->creer) && empty(DolibarrApiAccess::$user->admin)) {
throw new RestException(401, "User creation not allowed for login ".DolibarrApiAccess::$user->login);
}
@ -345,7 +347,7 @@ class Users extends DolibarrApi
public function put($id, $request_data = null)
{
// Check user authorization
if (empty(DolibarrApiAccess::$user->rights->user->creer)) {
if (empty(DolibarrApiAccess::$user->rights->user->user->creer) && empty(DolibarrApiAccess::$user->admin)) {
throw new RestException(401, "User update not allowed");
}
@ -423,7 +425,7 @@ class Users extends DolibarrApi
*/
public function getGroups($id)
{
if (!DolibarrApiAccess::$user->rights->user->user->lire) {
if (empty(DolibarrApiAccess::$user->rights->user->user->lire) && empty(DolibarrApiAccess::$user->admin)) {
throw new RestException(403);
}
@ -463,7 +465,7 @@ class Users extends DolibarrApi
{
global $conf;
if (empty(DolibarrApiAccess::$user->rights->user->user->creer)) {
if (empty(DolibarrApiAccess::$user->rights->user->user->creer) && empty(DolibarrApiAccess::$user->admin)) {
throw new RestException(401);
}
@ -512,12 +514,12 @@ class Users extends DolibarrApi
*/
public function listGroups($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $group_ids = 0, $sqlfilters = '')
{
global $db, $conf;
global $conf;
$obj_ret = array();
if ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty(DolibarrApiAccess::$user->rights->user->user->lire)) ||
!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty(DolibarrApiAccess::$user->rights->user->group_advance->read)) {
if ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty(DolibarrApiAccess::$user->rights->user->user->lire) && empty(DolibarrApiAccess::$user->admin)) ||
!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty(DolibarrApiAccess::$user->rights->user->group_advance->read) && empty(DolibarrApiAccess::$user->admin)) {
throw new RestException(401, "You are not allowed to read groups");
}
@ -590,8 +592,8 @@ class Users extends DolibarrApi
{
global $db, $conf;
if ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty(DolibarrApiAccess::$user->rights->user->user->lire)) ||
!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty(DolibarrApiAccess::$user->rights->user->group_advance->read)) {
if ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty(DolibarrApiAccess::$user->rights->user->user->lire) && empty(DolibarrApiAccess::$user->admin)) ||
!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty(DolibarrApiAccess::$user->rights->user->group_advance->read) && empty(DolibarrApiAccess::$user->admin)) {
throw new RestException(401, "You are not allowed to read groups");
}
@ -616,7 +618,7 @@ class Users extends DolibarrApi
*/
public function delete($id)
{
if (empty(DolibarrApiAccess::$user->rights->user->user->supprimer)) {
if (empty(DolibarrApiAccess::$user->rights->user->user->supprimer) && empty(DolibarrApiAccess::$user->admin)) {
throw new RestException(401, 'Not allowed');
}
$result = $this->useraccount->fetch($id);

22
htdocs/user/class/user.class.php
View File

@ -2411,8 +2411,18 @@ class User extends CommonObject
$label .= '<br><b>'.$langs->trans("Job").':</b> '.dol_string_nohtmltag($this->job);
}
$label .= '<br><b>'.$langs->trans("Email").':</b> '.dol_string_nohtmltag($this->email);
if (!empty($this->phone)) {
$label .= '<br><b>'.$langs->trans("Phone").':</b> '.dol_string_nohtmltag($this->phone);
if (!empty($this->office_phone) || !empty($this->office_fax) || !empty($this->fax)) {
$phonelist = array();
if ($this->office_phone) {
$phonelist[] = dol_print_phone($this->office_phone, $this->country_code, $this->id, 0, '', '&nbsp', 'phone');
}
if ($this->office_fax) {
$phonelist[] = dol_print_phone($this->office_fax, $this->country_code, $this->id, 0, '', '&nbsp', 'fax');
}
if ($this->user_mobile) {
$phonelist[] = dol_print_phone($this->user_mobile, $this->country_code, $this->id, 0, '', '&nbsp', 'mobile');
}
$label .= '<br><b>'.$langs->trans('Phone').':</b> '.implode('&nbsp;', $phonelist);
}
if (!empty($this->admin)) {
$label .= '<br><b>'.$langs->trans("Administrator").'</b>: '.yn($this->admin);
@ -2795,10 +2805,10 @@ class User extends CommonObject
if (!empty($conf->global->LDAP_FIELD_USERID)) {
$info[$conf->global->LDAP_FIELD_USERID] = $this->id;
}
if (!empty($info[$conf->global->LDAP_FIELD_GROUPID])) {
if (!empty($conf->global->LDAP_FIELD_GROUPID)) {
$usergroup = new UserGroup($this->db);
$groupslist = $usergroup->listGroupsForUser($this->id);
$info[$conf->global->LDAP_FIELD_GROUPID] = '1';
$info[$conf->global->LDAP_FIELD_GROUPID] = '65534';
if (!empty($groupslist)) {
foreach ($groupslist as $groupforuser) {
$info[$conf->global->LDAP_FIELD_GROUPID] = $groupforuser->id; //Select first group in list
@ -2806,8 +2816,8 @@ class User extends CommonObject
}
}
}
if (!empty($this->firstname) && !empty($conf->global->LDAP_FIELD_HOMEDIRECTORY) && !empty($conf->global->LDAP_FIELD_HOMEDIRECTORYPREFIX)) {
$info[$conf->global->LDAP_FIELD_HOMEDIRECTORY] = "{$conf->global->LDAP_FIELD_HOMEDIRECTORYPREFIX}/$this->firstname";
if (!empty($conf->global->LDAP_FIELD_HOMEDIRECTORY) && !empty($conf->global->LDAP_FIELD_HOMEDIRECTORYPREFIX)) {
$info[$conf->global->LDAP_FIELD_HOMEDIRECTORY] = "{$conf->global->LDAP_FIELD_HOMEDIRECTORYPREFIX}/$this->login";
}
return $info;

2
htdocs/user/class/usergroup.class.php
View File

@ -856,7 +856,7 @@ class UserGroup extends CommonObject
}
$info[$conf->global->LDAP_GROUP_FIELD_GROUPMEMBERS] = (!empty($valueofldapfield) ? $valueofldapfield : '');
}
if (!empty($info[$conf->global->LDAP_GROUP_FIELD_GROUPID])) {
if (!empty($conf->global->LDAP_GROUP_FIELD_GROUPID)) {
$info[$conf->global->LDAP_GROUP_FIELD_GROUPID] = $this->id;
}
return $info;

6
htdocs/user/group/card.php
View File

@ -138,7 +138,11 @@ if (empty($reshook)) {
if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
$object->entity = 0;
} else {
$object->entity = GETPOST("entity");
if ($conf->entity == 1 && $user->admin && !$user->entity) { // Same permissions test than the one used to show the combo of entities into the form
$object->entity = GETPOSTISSET("entity") ? GETPOST("entity") : $conf->entity;
} else {
$object->entity = $conf->entity;
}
}
$db->begin();

4
htdocs/user/group/ldap.php
View File

@ -67,8 +67,8 @@ if ($action == 'dolibarr2ldap') {
if ($result > 0) {
$info = $object->_load_ldap_info();
// Get a gid number for objectclass PosixGroup
if (in_array('posixGroup', $info['objectclass'])) {
// Get a gid number for objectclass PosixGroup if none was provided
if (empty($info[$conf->global->LDAP_GROUP_FIELD_GROUPID]) && in_array('posixGroup', $info['objectclass'])) {
$info['gidNumber'] = $ldap->getNextGroupGid('LDAP_KEY_GROUPS');
}

12
htdocs/website/index.php
View File

@ -2390,6 +2390,18 @@ if ($action == 'generatesitemaps' && $usercanedit) {
}
}
// Now add sitempas extension for news
// TODO When adding and when not ?
/*<news:news>
<news:publication>
<news:name>The Example Times</news:name>
<news:language>en</news:language>
</news:publication>
<news:publication_date>2008-12-23</news:publication_date>
<news:title>Companies A, B in Merger Talks</news:title>
</news:news>
*/
$root->appendChild($url);
$i++;
}

8
scripts/emailings/mailing-send.php
View File

@ -269,6 +269,12 @@ if ($resql) {
$substitutionisok = true;
$moreinheader = '';
if (preg_match('/__UNSUBSCRIBE__/', $message)) {
$moreinheader = "List-Unsubscribe: <__UNSUBSCRIBE_URL__>\n";
$moreinheader = make_substitutions($moreinheader, $substitutionarray);
}
$arr_file = array();
$arr_mime = array();
$arr_name = array();
@ -285,7 +291,7 @@ if ($resql) {
}
// Fabrication du mail
$trackid = 'emailing-'.$obj->fk_mailing.'-'.$obj->rowid;
$mail = new CMailFile($newsubject, $sendto, $from, $newmessage, $arr_file, $arr_mime, $arr_name, '', '', 0, $msgishtml, $errorsto, $arr_css, $trackid, '', 'emailing');
$mail = new CMailFile($newsubject, $sendto, $from, $newmessage, $arr_file, $arr_mime, $arr_name, '', '', 0, $msgishtml, $errorsto, $arr_css, $trackid, $moreinheader, 'emailing');
if ($mail->error) {
$res = 0;

68
test/phpunit/SecurityTest.php
View File

@ -198,20 +198,29 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$result=testSqlAndScriptInject($test, 0);
$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject expected 0b');
// Should detect XSS
// Should detect attack
$expectedresult=1;
$_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php/<svg>';
$result=testSqlAndScriptInject($_SERVER["PHP_SELF"], 2);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject for PHP_SELF that should detect XSS');
$test = 'j&#x61;vascript:';
$result=testSqlAndScriptInject($test, 0);
$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject for javascript1. Should find an attack and did not.');
$test = 'j&#x61vascript:';
$result=testSqlAndScriptInject($test, 0);
$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject for javascript2. Should find an attack and did not.');
$test = 'javascript&colon&#x3B;alert(1)';
$result=testSqlAndScriptInject($test, 0);
$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject expected 1a');
$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject for javascript2');
$test="<img src='1.jpg' onerror =javascript:alert('XSS')>";
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa');
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa1');
$test="<img src='1.jpg' onerror =javascript:alert('XSS')>";
$result=testSqlAndScriptInject($test, 2);
@ -328,9 +337,12 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$_POST["param10"]='is_object($object) ? ($object->id < 10 ? round($object->id / 2, 2) : (2 * $user->id) * (int) substr($mysoc->zip, 1, 2)) : \'<abc>objnotdefined\'';
$_POST["param11"]=' Name <email@email.com> ';
$_POST["param12"]='<!DOCTYPE html><html>aaa</html>';
$_POST["param13"]='&#110; &#x6E; &gt; &lt; &quot; <a href=\"j&#x61;vascript:alert(document.domain)\">XSS</a>';
$_POST["param13b"]='&#110; &#x6E; &gt; &lt; &quot; <a href=\"j&#x61vascript:alert(document.domain)\">XSS</a>';
//$_POST["param13"]='javascript%26colon%26%23x3B%3Balert(1)';
//$_POST["param14"]='javascripT&javascript#x3a alert(1)';
$result=GETPOST('id', 'int'); // Must return nothing
print __METHOD__." result=".$result."\n";
$this->assertEquals($result, '');
@ -343,7 +355,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
print __METHOD__." result=".$result."\n";
$this->assertEquals($result, 333, 'Test on param1 with 3rd param = 2');
// Test alpha
// Test with alpha
$result=GETPOST("param2", 'alpha');
print __METHOD__." result=".$result."\n";
@ -357,7 +369,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
print __METHOD__." result=".$result."\n";
$this->assertEquals($result, 'dir');
// Test aZ09
// Test with aZ09
$result=GETPOST("param1", 'aZ09');
print __METHOD__." result=".$result."\n";
@ -379,25 +391,22 @@ class SecurityTest extends PHPUnit\Framework\TestCase
print __METHOD__." result=".$result."\n";
$this->assertEquals($_GET["param5"], $result);
$result=GETPOST("param6", 'alpha');
print __METHOD__." result=".$result."\n";
$this->assertEquals('>', $result);
// Test with nohtml
$result=GETPOST("param6", 'nohtml');
print __METHOD__." result=".$result."\n";
$this->assertEquals('">', $result);
$result=GETPOST("param6b");
// Test with alpha = alphanohtml. We must convert the html entities like &#110; and disable all entities
$result=GETPOST("param6", 'alphanohtml');
print __METHOD__." result=".$result."\n";
$this->assertEquals('>', $result);
$result=GETPOST("param6b", 'alphanohtml');
print __METHOD__." result=".$result."\n";
$this->assertEquals('abc', $result);
// With restricthtml we must remove html open/close tag and content but not htmlentities like &#110;
$result=GETPOST("param7", 'restricthtml');
print __METHOD__." result=".$result."\n";
$this->assertEquals('"c:\this is a path~1\aaa&#110;" abcdef', $result);
// With alphanohtml, we must convert the html entities like &#110; and disable all entities
$result=GETPOST("param8a", 'alphanohtml');
print __METHOD__." result=".$result."\n";
$this->assertEquals("Hackersvg onload='console.log(123)'", $result);
@ -434,24 +443,39 @@ class SecurityTest extends PHPUnit\Framework\TestCase
print __METHOD__." result=".$result."\n";
$this->assertEquals("Name", $result, 'Test an email string with alphanohtml');
$result=GETPOST("param13", 'alphanohtml');
print __METHOD__." result=".$result."\n";
$this->assertEquals('n n > < XSS', $result, 'Test that html entities are decoded with alpha');
// Test with alphawithlgt
$result=GETPOST("param11", 'alphawithlgt');
print __METHOD__." result=".$result."\n";
$this->assertEquals(trim($_POST["param11"]), $result, 'Test an email string with alphawithlgt');
// Test with restricthtml we must remove html open/close tag and content but not htmlentities (we can decode html entities for ascii chars like &#110;)
$result=GETPOST("param6", 'restricthtml');
print __METHOD__." result=".$result."\n";
$this->assertEquals('&quot;&gt;', $result);
$result=GETPOST("param7", 'restricthtml');
print __METHOD__." result=".$result."\n";
$this->assertEquals('"c:\this is a path~1\aaan" abcdef', $result);
$result=GETPOST("param12", 'restricthtml');
print __METHOD__." result=".$result."\n";
$this->assertEquals(trim($_POST["param12"]), $result, 'Test a string with DOCTYPE and restricthtml');
/*$result=GETPOST("param13", 'alphanohtml');
$result=GETPOST("param13", 'restricthtml');
print __METHOD__." result=".$result."\n";
$this->assertEquals(trim($_POST["param13"]), $result, 'Test a string and alphanohtml');
$this->assertEquals('n n &gt; &lt; &quot; <a href=\"alert(document.domain)\">XSS</a>', $result, 'Test that HTML entities are decoded with restricthtml, but only for common alpha chars');
$result=GETPOST("param14", 'alphanohtml');
$result=GETPOST("param13b", 'restricthtml');
print __METHOD__." result=".$result."\n";
$this->assertEquals(trim($_POST["param14"]), $result, 'Test a string and alphanohtml');
*/
$this->assertEquals('n n &gt; &lt; &quot; <a href=\"jvascript:alert(document.domain)\">XSS</a>', $result, 'Test that HTML entities are decoded with restricthtml, but only for common alpha chars');
// Special test for GETPOST of backtopage or backtolist parameter
// Special test for GETPOST of backtopage, backtolist or backtourl parameter
$_POST["backtopage"]='//www.google.com';
$result=GETPOST("backtopage");