From 1b5cabad718bb56829f0aa50f7b4349ecd40cf58 Mon Sep 17 00:00:00 2001 From: Juanjo Menent Date: Fri, 12 Apr 2019 18:50:48 +0200 Subject: [PATCH 01/13] Fix: #10956 --- htdocs/fourn/commande/card.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index a6629b9bd25..90056ae6771 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -3,7 +3,7 @@ * Copyright (C) 2004-2015 Laurent Destailleur * Copyright (C) 2005 Eric Seigne * Copyright (C) 2005-2016 Regis Houssin - * Copyright (C) 2010-2015 Juanjo Menent + * Copyright (C) 2010-2019 Juanjo Menent * Copyright (C) 2011-2015 Philippe Grand * Copyright (C) 2012-2016 Marcos García * Copyright (C) 2013 Florian Henry @@ -400,6 +400,8 @@ if (empty($reshook)) $localtax1_tx= get_localtax($tva_tx, 1, $mysoc, $object->thirdparty, $tva_npr); $localtax2_tx= get_localtax($tva_tx, 2, $mysoc, $object->thirdparty, $tva_npr); + $remise_percent = $productsupplier->remise_percent?$productsupplier->remise_percent:$remise_percent; + $result=$object->addline( $desc, $productsupplier->fourn_pu, From f661b926fa42d1aba99f610e63e6de731feb1408 Mon Sep 17 00:00:00 2001 From: gauthier Date: Tue, 7 May 2019 14:33:17 +0200 Subject: [PATCH 02/13] FIX : use dol_sanitizeFileName() function to remove double spaces in filenames, as well as done on document.php when we want to download pdf Example : if you upload a file like "my file.pdf" (with 2 spaces), it's impossible to download it after. then we have to remove at least 1 space --- htdocs/core/lib/files.lib.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 210626f461c..8a1fecd999a 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1556,7 +1556,8 @@ function dol_add_file_process($upload_dir, $allowoverwrite=0, $donotupdatesessio $destfull = $info['dirname'].'/'.dol_sanitizeFileName($info['filename'].'.'.strtolower($info['extension'])); $info = pathinfo($destfile); $destfile = dol_sanitizeFileName($info['filename'].'.'.strtolower($info['extension'])); - + $destfile = dol_string_nohtmltag($destfile); + $destfull = dol_string_nohtmltag($destfull); $resupload = dol_move_uploaded_file($TFile['tmp_name'][$i], $destfull, $allowoverwrite, 0, $TFile['error'][$i], 0, $varfiles); if (is_numeric($resupload) && $resupload > 0) // $resupload can be 'ErrorFileAlreadyExists' From 759427f6acf9d69b1e2fb07d6957033251461a45 Mon Sep 17 00:00:00 2001 From: Juanjo Menent Date: Sat, 11 May 2019 16:36:35 +0200 Subject: [PATCH 03/13] FIX: #11025 --- htdocs/projet/list.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index 86f1c2ffcad..45ab6348aa9 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -5,6 +5,7 @@ * Copyright (C) 2005-2010 Regis Houssin * Copyright (C) 2013 Cédric Salvador * Copyright (C) 2015 Claudio Aschieri + * Copyright (C) 2019 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -69,9 +70,9 @@ $pagenext = $page + 1; $search_all=GETPOST('search_all', 'alphanohtml'); $search_categ=GETPOST("search_categ",'alpha'); -$search_ref=GETPOST("search_ref"); -$search_label=GETPOST("search_label"); -$search_societe=GETPOST("search_societe"); +$search_ref=GETPOST("search_ref",'alpha'); +$search_label=GETPOST("search_label",'alpha'); +$search_societe=GETPOST("search_societe",'alpha'); $search_year=GETPOST("search_year"); $search_status=GETPOST("search_status",'int'); $search_opp_status=GETPOST("search_opp_status",'alpha'); From 80ef97e2159cb0e804996a8ed6a9fa103480b2bd Mon Sep 17 00:00:00 2001 From: Juanjo Menent Date: Sat, 11 May 2019 16:41:01 +0200 Subject: [PATCH 04/13] FIX: #11025 --- htdocs/fourn/commande/card.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index 9c777b8c159..7b3561a0bf0 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -3,7 +3,7 @@ * Copyright (C) 2004-2015 Laurent Destailleur * Copyright (C) 2005 Eric Seigne * Copyright (C) 2005-2016 Regis Houssin - * Copyright (C) 2010-2019 Juanjo Menent + * Copyright (C) 2010-2015 Juanjo Menent * Copyright (C) 2011-2015 Philippe Grand * Copyright (C) 2012-2016 Marcos García * Copyright (C) 2013 Florian Henry @@ -400,8 +400,6 @@ if (empty($reshook)) $localtax1_tx= get_localtax($tva_tx, 1, $mysoc, $object->thirdparty, $tva_npr); $localtax2_tx= get_localtax($tva_tx, 2, $mysoc, $object->thirdparty, $tva_npr); - $remise_percent = $productsupplier->remise_percent?$productsupplier->remise_percent:$remise_percent; - $result=$object->addline( $desc, $productsupplier->fourn_pu, From dc9f8a349f837322d2bd81a03c37e9795769d53d Mon Sep 17 00:00:00 2001 From: Juanjo Menent Date: Sat, 11 May 2019 16:50:31 +0200 Subject: [PATCH 05/13] Fix: missing GETPOST params --- htdocs/product/list.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/htdocs/product/list.php b/htdocs/product/list.php index 071080edc58..da2fab61c32 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -3,7 +3,7 @@ * Copyright (C) 2004-2016 Laurent Destailleur * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2012-2016 Marcos García - * Copyright (C) 2013-2016 Juanjo Menent + * Copyright (C) 2013-2019 Juanjo Menent * Copyright (C) 2013-2015 Raphaël Doursenaud * Copyright (C) 2013 Jean Heimburger * Copyright (C) 2013 Cédric Salvador @@ -52,11 +52,11 @@ $confirm=GETPOST('confirm','alpha'); $toselect = GETPOST('toselect', 'array'); $sall=trim((GETPOST('search_all', 'alphanohtml')!='')?GETPOST('search_all', 'alphanohtml'):GETPOST('sall', 'alphanohtml')); -$search_ref=GETPOST("search_ref"); -$search_barcode=GETPOST("search_barcode"); -$search_label=GETPOST("search_label"); +$search_ref=GETPOST("search_ref",'alpha'); +$search_barcode=GETPOST("search_barcode",'alpha'); +$search_label=GETPOST("search_label", 'alpha'); $search_type = GETPOST("search_type",'int'); -$search_sale = GETPOST("search_sale"); +$search_sale = GETPOST("search_sale", 'int'); $search_categ = GETPOST("search_categ",'int'); $search_tosell = GETPOST("search_tosell", 'int'); $search_tobuy = GETPOST("search_tobuy", 'int'); From 2e6cb2afaa121fe7100dd0b39dd55554421b8f8e Mon Sep 17 00:00:00 2001 From: Juanjo Menent Date: Sat, 11 May 2019 16:53:16 +0200 Subject: [PATCH 06/13] Fix: missing GETPOST params --- htdocs/product/reassort.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/htdocs/product/reassort.php b/htdocs/product/reassort.php index a3afebbc356..769d3898c13 100644 --- a/htdocs/product/reassort.php +++ b/htdocs/product/reassort.php @@ -4,6 +4,7 @@ * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2013 Cédric Salvador * Copyright (C) 2015 Raphaël Doursenaud + * Copyright (C) 2019 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -40,11 +41,11 @@ $result=restrictedArea($user,'produit|service'); $action=GETPOST('action','alpha'); -$sref=GETPOST("sref"); -$snom=GETPOST("snom"); +$sref=GETPOST("sref", 'alpha'); +$snom=GETPOST("snom", 'alpha'); $sall=trim((GETPOST('search_all', 'alphanohtml')!='')?GETPOST('search_all', 'alphanohtml'):GETPOST('sall', 'alphanohtml')); $type=GETPOST("type","int"); -$search_barcode=GETPOST("search_barcode"); +$search_barcode=GETPOST("search_barcode", 'alpha'); $catid=GETPOST('catid','int'); $toolowstock=GETPOST('toolowstock'); $tosell = GETPOST("tosell"); From 62065194562de7b1024a6e902f0a598a128d9f6f Mon Sep 17 00:00:00 2001 From: Juanjo Menent Date: Sat, 11 May 2019 16:54:56 +0200 Subject: [PATCH 07/13] Fix: missing GETPOST params --- htdocs/product/reassortlot.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/product/reassortlot.php b/htdocs/product/reassortlot.php index 3d2b0f6f35e..cedde29d572 100644 --- a/htdocs/product/reassortlot.php +++ b/htdocs/product/reassortlot.php @@ -5,6 +5,7 @@ * Copyright (C) 2013 Cédric Salvador * Copyright (C) 2015 Raphaël Doursenaud * Copyright (C) 2016 Ferran Marcet + * Copyright (C) 2019 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -43,8 +44,8 @@ $result=restrictedArea($user,'produit|service'); $action=GETPOST('action','alpha'); -$sref=GETPOST("sref"); -$snom=GETPOST("snom"); +$sref=GETPOST("sref", 'alpha'); +$snom=GETPOST("snom", 'alpha'); $sall=trim((GETPOST('search_all', 'alphanohtml')!='')?GETPOST('search_all', 'alphanohtml'):GETPOST('sall', 'alphanohtml')); $type=GETPOST("type","int"); $search_barcode=GETPOST("search_barcode",'alpha'); From 91ae36558881afc96a464d34d039c46e4b876452 Mon Sep 17 00:00:00 2001 From: Juanjo Menent Date: Sat, 11 May 2019 16:58:00 +0200 Subject: [PATCH 08/13] Fix: missing GETPOST params --- htdocs/contrat/list.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php index cdafbd6c2fd..9dc075d7d27 100644 --- a/htdocs/contrat/list.php +++ b/htdocs/contrat/list.php @@ -3,7 +3,7 @@ * Copyright (C) 2004-2017 Laurent Destailleur * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2013 Cédric Salvador - * Copyright (C) 2014 Juanjo Menent + * Copyright (C) 2014-2019 Juanjo Menent * Copyright (C) 2015 Claudio Aschieri * Copyright (C) 2015 Jean-François Ferry * Copyright (C) 2016 Ferran Marcet @@ -46,14 +46,14 @@ $show_files=GETPOST('show_files','int'); $confirm=GETPOST('confirm','alpha'); $toselect = GETPOST('toselect', 'array'); -$search_name=GETPOST('search_name'); -$search_email=GETPOST('search_email'); +$search_name=GETPOST('search_name', 'alpha'); +$search_email=GETPOST('search_email', 'alpha'); $search_town=GETPOST('search_town','alpha'); $search_zip=GETPOST('search_zip','alpha'); $search_state=trim(GETPOST("search_state")); $search_country=GETPOST("search_country",'int'); $search_type_thirdparty=GETPOST("search_type_thirdparty",'int'); -$search_contract=GETPOST('search_contract'); +$search_contract=GETPOST('search_contract','alpha'); $search_ref_customer=GETPOST('search_ref_customer','alpha'); $search_ref_supplier=GETPOST('search_ref_supplier','alpha'); $sall=trim((GETPOST('search_all', 'alphanohtml')!='')?GETPOST('search_all', 'alphanohtml'):GETPOST('sall', 'alphanohtml')); From 3ae2d71ea697b84447c78efea737f8afe85e4cac Mon Sep 17 00:00:00 2001 From: Juanjo Menent Date: Sat, 11 May 2019 17:00:55 +0200 Subject: [PATCH 09/13] Fix: missing GETPOST params --- htdocs/contrat/services_list.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/htdocs/contrat/services_list.php b/htdocs/contrat/services_list.php index 108fb6d4403..69757e57c7a 100644 --- a/htdocs/contrat/services_list.php +++ b/htdocs/contrat/services_list.php @@ -3,6 +3,7 @@ * Copyright (C) 2004-2016 Laurent Destailleur * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2015 Jean-François Ferry + * Copyright (C) 2019 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -46,9 +47,9 @@ if (! $sortorder) $sortorder="ASC"; $mode = GETPOST("mode"); $filter=GETPOST("filter"); -$search_name=GETPOST("search_name"); -$search_contract=GETPOST("search_contract"); -$search_service=GETPOST("search_service"); +$search_name=GETPOST("search_name", 'alpha'); +$search_contract=GETPOST("search_contract", 'alpha'); +$search_service=GETPOST("search_service", 'alpha'); $search_status=GETPOST("search_status","alpha"); $statut=GETPOST('statut')?GETPOST('statut'):1; $search_product_category=GETPOST('search_product_category','int'); From 3a99ef7319e7e0588fc25973493a3e21cd4a80f4 Mon Sep 17 00:00:00 2001 From: Juanjo Menent Date: Sat, 11 May 2019 17:04:05 +0200 Subject: [PATCH 10/13] Fix: missing GETPOST params --- htdocs/expensereport/list.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/expensereport/list.php b/htdocs/expensereport/list.php index 5b633552380..873c3c97d9a 100644 --- a/htdocs/expensereport/list.php +++ b/htdocs/expensereport/list.php @@ -4,6 +4,7 @@ * Copyright (C) 2004 Eric Seigne * Copyright (C) 2005-2009 Regis Houssin * Copyright (C) 2015 Alexandre Spangaro + * Copyright (C) 2019 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -67,7 +68,7 @@ if (!$sortfield) $sortfield="d.date_debut"; $id = GETPOST('id', 'int'); $sall = trim((GETPOST('search_all', 'alphanohtml')!='')?GETPOST('search_all', 'alphanohtml'):GETPOST('sall', 'alphanohtml')); -$search_ref = GETPOST('search_ref'); +$search_ref = GETPOST('search_ref', 'alpha'); $search_user = GETPOST('search_user','int'); $search_amount_ht = GETPOST('search_amount_ht','alpha'); $search_amount_vat = GETPOST('search_amount_vat','alpha'); From 7041c3246ec1fa4c3a0e6ec59594bf692b345851 Mon Sep 17 00:00:00 2001 From: Juanjo Menent Date: Sat, 11 May 2019 22:35:56 +0200 Subject: [PATCH 11/13] Prepare 8.0.5 --- ChangeLog | 84 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/ChangeLog b/ChangeLog index 6664dbe8941..d4bcd3ea17c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,90 @@ English Dolibarr ChangeLog -------------------------------------------------------------- +***** ChangeLog for 8.0.5 compared to 8.0.4 ***** +FIX: #10381 +FIX: #10460 compatibility with MariaDB 10.4 +FIX: #11025 +FIX: Accountancy - Add transaction with multicompany use all the time 1st entity +FIX: Accountancy - Format EBP import +FIX: actioncomm export: ORDER BY clause is in wrong export property + event type filter does not work +FIX: actioncomm: sort events by date after external calendars and hook +FIX: action list: add printFieldListSelect and printFieldListWhere hooks +FIX: add fk_unit on addline action +FIX: avoid php warning +FIX: bad sql request +FIX: better method +FIX: better test +FIX: better test on fetch +FIX: broken external authentication module feature and avoid warning +FIX: Can not create contract with numbering module without autogen rule +FIX: can't add lines on invoices +FIX: Can't generate invoice pdf +FIX: Can't insert if there is extrafields mandatory on another entity. +FIX: Can't insert if there is extrafields mandatory on another entity. FIX: Can't set default value of extrafield of type varchar +FIX: Check for old picture name if the new one was not found +FIX: Civility not saved when creating a member. +FIX: $conf->fournisseur->commande->enabled doesn't exist, we must use $conf->fournisseur->enabled +FIX: could not create several superadmin in transversal mode +FIX: credit note can have negative value +FIX: Default value on sales representative on third party creation +FIX: Don't show journal:getNomUrl without data +FIX: Erreur dans le Total +FIX: error messages not displayed +FIX: expedition: reset status on rollback + replace hardcoded status with const +FIX: Fix PHP warning "count(): Parameter must be an array..." +FIX: fk_default_warehouse missing in group by +FIX: function sendEmailsReminder isn't completely developed, then MAIN_FEATURES_LEVEL must be 2 to "use" it +FIX: holidays get natural_search if search params are set only +FIX: if empty error message, we just see "error" displayed +FIX: if(!method_exists(dol_loginfunction)) +FIX: If we build one invoice for several orders, we must put the ref of order on the line to not lose information. +FIX: in fact expensereport must be in $check array +FIX: Interface regression for bind people. Fix option MAIN_OPTIMIZEFORTEXTBROWSER +FIX: line edit template: keep fk_parent_line +FIX: Loan impossible to account +FIX: Mark credit note as available for credit note in other currency +FIX: missing access security checking with multicompany +FIX: missing entity filter and wrong var name +FIX: missing entity filter in function "build_filterField()" (export) +FIX: Missing field in import/export of users +FIX: missing hook completeTabsHead in margins module +FIX: missing $ismultientitymanaged for previous/next ref +FIX: Missing province in export of invoice +FIX: multicompany compatibility +FIX: must fetch member in current entity +FIX: need an order by in case we found other invoice with same number but not same date +FIX: need to round with 2 decimals to avoid movements not correctly balanced +FIX: no need to test anything to display documents tabs on expense report +FIX: positive values creating diff on addline rounding +FIX: problem with multicompany transverse mode +FIX: Product accountancey sell intra code must be visible if main feature level 1 +FIX: project_title for display of getNomUrl() +FIX: quick search for supplier orders +FIX: Remane of project +FIX: same thing here +FIX: Selection of email recipient with option MAIN_OPTIMIZEFORTEXTBROWSER +FIX: several hooks in shipping/delivery cards +FIX: shipping default warehouse if only one warehouse +FIX: SQL injection on rowid of dict.php +FIX: 'statut' is ignored when updating a user with the REST API. +FIX: supplier invoice payment total dont care about deposit or credit +FIX: supplier invoice product stats total ht is line total not invoice total +FIX: The minimum amount filter does not work in the VAT report per customer +FIX: Total per day shows 00:00 if the total time spent is equal to 12:00 +FIX: Update/delete currency on same languages +FIX: [URGENT] broken feature, "$usercancreate" is for Dolibarr 9 +FIX: useless join +FIX: we need to keep originline special_code +FIX: we want to be able to reopen fourn credit note +FIX: when 2 extra fields are mandatory in 2 different entities +FIX: when we add a payment on an invoice which already has payments with credit note or deposit amount, and then we get an excess received, discount amount must be $total_paiements + $total_creditnote_and_deposit - $object->total_ttc; +FIX: when we create deposit with multi tva, we mustn't add line if amount = 0 (example when we have a 100% reduc on one of origin invoice line) +FIX: wrong redirect link on holiday refuse +FIX: wrong test enabled +FIX: Wrong variable name +FIX: XSS + ***** ChangeLog for 8.0.4 compared to 8.0.3 ***** FIX: #10030 better german chart FIX: #10036 From 072a455ca41f7ac32fb910e80184b64b81304d4d Mon Sep 17 00:00:00 2001 From: Juanjo Menent Date: Sat, 11 May 2019 22:55:42 +0200 Subject: [PATCH 12/13] Prepare 8.0.6 --- htdocs/filefunc.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/filefunc.inc.php b/htdocs/filefunc.inc.php index 3981de21751..fbc1f52cac7 100644 --- a/htdocs/filefunc.inc.php +++ b/htdocs/filefunc.inc.php @@ -31,7 +31,7 @@ */ if (! defined('DOL_APPLICATION_TITLE')) define('DOL_APPLICATION_TITLE','Dolibarr'); -if (! defined('DOL_VERSION')) define('DOL_VERSION','8.0.5'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c +if (! defined('DOL_VERSION')) define('DOL_VERSION','8.0.6'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c if (! defined('EURO')) define('EURO',chr(128)); From c67d79a4e2ece3a0b87b752c05577629d3aacec1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 13 May 2019 12:00:13 +0200 Subject: [PATCH 13/13] Update files.lib.php --- htdocs/core/lib/files.lib.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 8a1fecd999a..3e7e2796eca 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1556,6 +1556,8 @@ function dol_add_file_process($upload_dir, $allowoverwrite=0, $donotupdatesessio $destfull = $info['dirname'].'/'.dol_sanitizeFileName($info['filename'].'.'.strtolower($info['extension'])); $info = pathinfo($destfile); $destfile = dol_sanitizeFileName($info['filename'].'.'.strtolower($info['extension'])); + // We apply dol_string_nohtmltag also to clean file names (this remove duplicate spaces) because + // this function is also applied when we make try to download file (by the GETPOST(filename, 'alphanohtml') call). $destfile = dol_string_nohtmltag($destfile); $destfull = dol_string_nohtmltag($destfull); $resupload = dol_move_uploaded_file($TFile['tmp_name'][$i], $destfull, $allowoverwrite, 0, $TFile['error'][$i], 0, $varfiles);