diff --git a/ChangeLog b/ChangeLog index e09192752d6..2a4aa492055 100644 --- a/ChangeLog +++ b/ChangeLog @@ -255,6 +255,90 @@ Following changes may create regressions for some external modules, but were nec * Remove the no more used and deprecated dol_print_graph function +***** ChangeLog for 8.0.5 compared to 8.0.4 ***** +FIX: #10381 +FIX: #10460 compatibility with MariaDB 10.4 +FIX: #11025 +FIX: Accountancy - Add transaction with multicompany use all the time 1st entity +FIX: Accountancy - Format EBP import +FIX: actioncomm export: ORDER BY clause is in wrong export property + event type filter does not work +FIX: actioncomm: sort events by date after external calendars and hook +FIX: action list: add printFieldListSelect and printFieldListWhere hooks +FIX: add fk_unit on addline action +FIX: avoid php warning +FIX: bad sql request +FIX: better method +FIX: better test +FIX: better test on fetch +FIX: broken external authentication module feature and avoid warning +FIX: Can not create contract with numbering module without autogen rule +FIX: can't add lines on invoices +FIX: Can't generate invoice pdf +FIX: Can't insert if there is extrafields mandatory on another entity. +FIX: Can't insert if there is extrafields mandatory on another entity. FIX: Can't set default value of extrafield of type varchar +FIX: Check for old picture name if the new one was not found +FIX: Civility not saved when creating a member. +FIX: $conf->fournisseur->commande->enabled doesn't exist, we must use $conf->fournisseur->enabled +FIX: could not create several superadmin in transversal mode +FIX: credit note can have negative value +FIX: Default value on sales representative on third party creation +FIX: Don't show journal:getNomUrl without data +FIX: Erreur dans le Total +FIX: error messages not displayed +FIX: expedition: reset status on rollback + replace hardcoded status with const +FIX: Fix PHP warning "count(): Parameter must be an array..." +FIX: fk_default_warehouse missing in group by +FIX: function sendEmailsReminder isn't completely developed, then MAIN_FEATURES_LEVEL must be 2 to "use" it +FIX: holidays get natural_search if search params are set only +FIX: if empty error message, we just see "error" displayed +FIX: if(!method_exists(dol_loginfunction)) +FIX: If we build one invoice for several orders, we must put the ref of order on the line to not lose information. +FIX: in fact expensereport must be in $check array +FIX: Interface regression for bind people. Fix option MAIN_OPTIMIZEFORTEXTBROWSER +FIX: line edit template: keep fk_parent_line +FIX: Loan impossible to account +FIX: Mark credit note as available for credit note in other currency +FIX: missing access security checking with multicompany +FIX: missing entity filter and wrong var name +FIX: missing entity filter in function "build_filterField()" (export) +FIX: Missing field in import/export of users +FIX: missing hook completeTabsHead in margins module +FIX: missing $ismultientitymanaged for previous/next ref +FIX: Missing province in export of invoice +FIX: multicompany compatibility +FIX: must fetch member in current entity +FIX: need an order by in case we found other invoice with same number but not same date +FIX: need to round with 2 decimals to avoid movements not correctly balanced +FIX: no need to test anything to display documents tabs on expense report +FIX: positive values creating diff on addline rounding +FIX: problem with multicompany transverse mode +FIX: Product accountancey sell intra code must be visible if main feature level 1 +FIX: project_title for display of getNomUrl() +FIX: quick search for supplier orders +FIX: Remane of project +FIX: same thing here +FIX: Selection of email recipient with option MAIN_OPTIMIZEFORTEXTBROWSER +FIX: several hooks in shipping/delivery cards +FIX: shipping default warehouse if only one warehouse +FIX: SQL injection on rowid of dict.php +FIX: 'statut' is ignored when updating a user with the REST API. +FIX: supplier invoice payment total dont care about deposit or credit +FIX: supplier invoice product stats total ht is line total not invoice total +FIX: The minimum amount filter does not work in the VAT report per customer +FIX: Total per day shows 00:00 if the total time spent is equal to 12:00 +FIX: Update/delete currency on same languages +FIX: [URGENT] broken feature, "$usercancreate" is for Dolibarr 9 +FIX: useless join +FIX: we need to keep originline special_code +FIX: we want to be able to reopen fourn credit note +FIX: when 2 extra fields are mandatory in 2 different entities +FIX: when we add a payment on an invoice which already has payments with credit note or deposit amount, and then we get an excess received, discount amount must be $total_paiements + $total_creditnote_and_deposit - $object->total_ttc; +FIX: when we create deposit with multi tva, we mustn't add line if amount = 0 (example when we have a 100% reduc on one of origin invoice line) +FIX: wrong redirect link on holiday refuse +FIX: wrong test enabled +FIX: Wrong variable name +FIX: XSS + ***** ChangeLog for 8.0.4 compared to 8.0.3 ***** FIX: #10030 better german chart FIX: #10036 diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php index 056362bb2d2..57d47402049 100644 --- a/htdocs/contrat/list.php +++ b/htdocs/contrat/list.php @@ -3,7 +3,7 @@ * Copyright (C) 2004-2017 Laurent Destailleur * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2013 Cédric Salvador - * Copyright (C) 2014 Juanjo Menent + * Copyright (C) 2014-2019 Juanjo Menent * Copyright (C) 2015 Claudio Aschieri * Copyright (C) 2015 Jean-François Ferry * Copyright (C) 2016-2018 Ferran Marcet @@ -45,14 +45,14 @@ $confirm=GETPOST('confirm','alpha'); $toselect = GETPOST('toselect', 'array'); $contextpage= GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'contractlist'; // To manage different context of search -$search_name=GETPOST('search_name'); -$search_email=GETPOST('search_email'); +$search_name=GETPOST('search_name', 'alpha'); +$search_email=GETPOST('search_email', 'alpha'); $search_town=GETPOST('search_town','alpha'); $search_zip=GETPOST('search_zip','alpha'); $search_state=trim(GETPOST("search_state")); $search_country=GETPOST("search_country",'int'); $search_type_thirdparty=GETPOST("search_type_thirdparty",'int'); -$search_contract=GETPOST('search_contract'); +$search_contract=GETPOST('search_contract','alpha'); $search_ref_customer=GETPOST('search_ref_customer','alpha'); $search_ref_supplier=GETPOST('search_ref_supplier','alpha'); $sall=trim((GETPOST('search_all', 'alphanohtml')!='')?GETPOST('search_all', 'alphanohtml'):GETPOST('sall', 'alphanohtml')); diff --git a/htdocs/contrat/services_list.php b/htdocs/contrat/services_list.php index 806bff48605..e1c2c5e51d9 100644 --- a/htdocs/contrat/services_list.php +++ b/htdocs/contrat/services_list.php @@ -5,6 +5,7 @@ * Copyright (C) 2015 Jean-François Ferry * Copyright (C) 2018 Ferran Marcet * Copyright (C) 2018 Frédéric France + * Copyright (C) 2019 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -47,9 +48,9 @@ if (! $sortorder) $sortorder="ASC"; $mode = GETPOST("mode"); $filter=GETPOST("filter"); -$search_name=GETPOST("search_name"); -$search_contract=GETPOST("search_contract"); -$search_service=GETPOST("search_service"); +$search_name=GETPOST("search_name", 'alpha'); +$search_contract=GETPOST("search_contract", 'alpha'); +$search_service=GETPOST("search_service", 'alpha'); $search_status=GETPOST("search_status","alpha"); $statut=GETPOST('statut')?GETPOST('statut'):1; $search_product_category=GETPOST('search_product_category','int'); diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 5a3a3a9307c..fae8353052f 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1554,7 +1554,13 @@ function dol_add_file_process($upload_dir, $allowoverwrite=0, $donotupdatesessio $info = pathinfo($destfull); $destfull = $info['dirname'].'/'.dol_sanitizeFileName($info['filename'].($info['extension']!='' ? ('.'.strtolower($info['extension'])) : '')); $info = pathinfo($destfile); + $destfile = dol_sanitizeFileName($info['filename'].($info['extension']!='' ? ('.'.strtolower($info['extension'])) : '')); + // We apply dol_string_nohtmltag also to clean file names (this remove duplicate spaces) because + // this function is also applied when we make try to download file (by the GETPOST(filename, 'alphanohtml') call). + $destfile = dol_string_nohtmltag($destfile); + $destfull = dol_string_nohtmltag($destfull); + $resupload = dol_move_uploaded_file($TFile['tmp_name'][$i], $destfull, $allowoverwrite, 0, $TFile['error'][$i], 0, $varfiles); if (is_numeric($resupload) && $resupload > 0) // $resupload can be 'ErrorFileAlreadyExists' diff --git a/htdocs/expensereport/list.php b/htdocs/expensereport/list.php index b2b8e46d668..82a591a8acd 100644 --- a/htdocs/expensereport/list.php +++ b/htdocs/expensereport/list.php @@ -4,6 +4,7 @@ * Copyright (C) 2004 Eric Seigne * Copyright (C) 2005-2009 Regis Houssin * Copyright (C) 2015 Alexandre Spangaro + * Copyright (C) 2019 Juanjo Menent * Copyright (C) 2018 Ferran Marcet * * This program is free software; you can redistribute it and/or modify @@ -68,7 +69,7 @@ if (!$sortfield) $sortfield="d.date_debut"; $id = GETPOST('id', 'int'); $sall = trim((GETPOST('search_all', 'alphanohtml')!='')?GETPOST('search_all', 'alphanohtml'):GETPOST('sall', 'alphanohtml')); -$search_ref = GETPOST('search_ref'); +$search_ref = GETPOST('search_ref', 'alpha'); $search_user = GETPOST('search_user','int'); $search_amount_ht = GETPOST('search_amount_ht','alpha'); $search_amount_vat = GETPOST('search_amount_vat','alpha'); diff --git a/htdocs/product/list.php b/htdocs/product/list.php index a85c4686ca9..dcf43945ccb 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -50,11 +50,11 @@ $confirm=GETPOST('confirm','alpha'); $toselect = GETPOST('toselect', 'array'); $sall=trim((GETPOST('search_all', 'alphanohtml')!='')?GETPOST('search_all', 'alphanohtml'):GETPOST('sall', 'alphanohtml')); -$search_ref=GETPOST("search_ref"); -$search_barcode=GETPOST("search_barcode"); -$search_label=GETPOST("search_label"); +$search_ref=GETPOST("search_ref", 'alpha'); +$search_barcode=GETPOST("search_barcode", 'alpha'); +$search_label=GETPOST("search_label", 'alpha'); $search_type = GETPOST("search_type", 'int'); -$search_sale = GETPOST("search_sale"); +$search_sale = GETPOST("search_sale", 'int'); $search_categ = GETPOST("search_categ",'int'); $search_tosell = GETPOST("search_tosell", 'int'); $search_tobuy = GETPOST("search_tobuy", 'int'); diff --git a/htdocs/product/reassort.php b/htdocs/product/reassort.php index 71482d6c86a..0632771f529 100644 --- a/htdocs/product/reassort.php +++ b/htdocs/product/reassort.php @@ -4,6 +4,7 @@ * Copyright (C) 2005-2018 Regis Houssin * Copyright (C) 2013 Cédric Salvador * Copyright (C) 2015 Raphaël Doursenaud + * Copyright (C) 2019 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -40,11 +41,11 @@ $result=restrictedArea($user,'produit|service'); $action=GETPOST('action','alpha'); -$sref=GETPOST("sref"); -$snom=GETPOST("snom"); +$sref=GETPOST("sref", 'alpha'); +$snom=GETPOST("snom", 'alpha'); $sall=trim((GETPOST('search_all', 'alphanohtml')!='')?GETPOST('search_all', 'alphanohtml'):GETPOST('sall', 'alphanohtml')); $type=GETPOST("type","int"); -$search_barcode=GETPOST("search_barcode"); +$search_barcode=GETPOST("search_barcode", 'alpha'); $catid=GETPOST('catid','int'); $toolowstock=GETPOST('toolowstock'); $tosell = GETPOST("tosell"); diff --git a/htdocs/product/reassortlot.php b/htdocs/product/reassortlot.php index 2f1827d2647..e71662783ce 100644 --- a/htdocs/product/reassortlot.php +++ b/htdocs/product/reassortlot.php @@ -5,6 +5,7 @@ * Copyright (C) 2013 Cédric Salvador * Copyright (C) 2015 Raphaël Doursenaud * Copyright (C) 2016 Ferran Marcet + * Copyright (C) 2019 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -42,8 +43,8 @@ $result=restrictedArea($user,'produit|service'); $action=GETPOST('action','alpha'); -$sref=GETPOST("sref"); -$snom=GETPOST("snom"); +$sref=GETPOST("sref", 'alpha'); +$snom=GETPOST("snom", 'alpha'); $sall=trim((GETPOST('search_all', 'alphanohtml')!='')?GETPOST('search_all', 'alphanohtml'):GETPOST('sall', 'alphanohtml')); $type=GETPOST("type","int"); $search_barcode=GETPOST("search_barcode",'alpha'); diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index 181e3f36f88..aa03eada135 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -6,6 +6,7 @@ * Copyright (C) 2013 Cédric Salvador * Copyright (C) 2015 Claudio Aschieri * Copyright (C) 2018 Ferran Marcet + * Copyright (C) 2019 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -72,9 +73,9 @@ $pagenext = $page + 1; $search_all=GETPOST('search_all', 'alphanohtml') ? GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml'); $search_categ=GETPOST("search_categ",'alpha'); -$search_ref=GETPOST("search_ref"); -$search_label=GETPOST("search_label"); -$search_societe=GETPOST("search_societe"); +$search_ref=GETPOST("search_ref",'alpha'); +$search_label=GETPOST("search_label",'alpha'); +$search_societe=GETPOST("search_societe",'alpha'); $search_year=GETPOST("search_year"); $search_status=GETPOST("search_status",'int'); $search_opp_status=GETPOST("search_opp_status",'alpha');