lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source
This commit is contained in:
Laurent Destailleur 2020-04-28 18:08:37 +02:00
commit 93a894df5c
2 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
htdocs/core/lib/files.lib.php
View File

@ -2419,7 +2419,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
$original_file = $conf->agenda->dir_output.'/'.$original_file;
}
// Wrapping for categories
elseif ($modulepart == 'category' && !empty($conf->categorie->dir_output))
elseif ($modulepart == 'category' && !empty($conf->categorie->multidir_output[$entity]))
{
if (empty($entity) || empty($conf->categorie->multidir_output[$entity])) return array('accessallowed'=>0, 'error'=>'Value entity must be provided');
if ($fuser->rights->categorie->{$lire}) $accessallowed = 1;
@ -2489,7 +2489,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
}
// Wrapping for third parties
elseif (($modulepart == 'company' || $modulepart == 'societe' || $modulepart == 'thirdparty') && !empty($conf->societe->dir_output))
elseif (($modulepart == 'company' || $modulepart == 'societe' || $modulepart == 'thirdparty') && !empty($conf->societe->multidir_output[$entity]))
{
if (empty($entity) || empty($conf->societe->multidir_output[$entity])) return array('accessallowed'=>0, 'error'=>'Value entity must be provided');
if ($fuser->rights->societe->{$lire} || preg_match('/^specimen/i', $original_file))
@ -2501,7 +2501,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
}
// Wrapping for contact
elseif ($modulepart == 'contact' && !empty($conf->societe->dir_output))
elseif ($modulepart == 'contact' && !empty($conf->societe->multidir_output[$entity]))
{
if (empty($entity) || empty($conf->societe->multidir_output[$entity])) return array('accessallowed'=>0, 'error'=>'Value entity must be provided');
if ($fuser->rights->societe->{$lire})
@ -2519,7 +2519,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
$accessallowed = 1;
}
$original_file = $conf->facture->multidir_output[$entity].'/'.$original_file;
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."facture WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."facture WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('invoice').")";
}
// Wrapping for mass actions
elseif ($modulepart == 'massfilesarea_proposals' && !empty($conf->propal->multidir_output[$entity]))
@ -2632,7 +2632,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
$accessallowed = 1;
}
$original_file = $conf->propal->multidir_output[$entity].'/'.$original_file;
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."propal WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."propal WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('propal').")";
}
// Wrapping pour les commandes
@ -2643,7 +2643,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
$accessallowed = 1;
}
$original_file = $conf->commande->multidir_output[$entity].'/'.$original_file;
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."commande WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."commande WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('order').")";
}
// Wrapping pour les projets

6
htdocs/projet/tasks/list.php
View File

@ -45,12 +45,14 @@ $id = GETPOST('id', 'int');
$search_all = trim((GETPOST('search_all', 'alphanohtml') != '') ?GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml'));
$search_categ = GETPOST("search_categ", 'alpha');
$search_project = GETPOST('search_project');
if (!isset($_GET['search_projectstatus']) && !isset($_POST['search_projectstatus']))
$search_projectstatus = GETPOST('search_projectstatus');
if (!isset($search_projectstatus) || $search_projectstatus === '')
{
if ($search_all != '') $search_projectstatus = -1;
else $search_projectstatus = 1;
}
else $search_projectstatus = GETPOST('search_projectstatus');
$search_project_ref = GETPOST('search_project_ref');
$search_project_title = GETPOST('search_project_title');
$search_task_ref = GETPOST('search_task_ref');