From ccfe6f18fe0a06530dbe2d30e4eef6b262fb099f Mon Sep 17 00:00:00 2001 From: Florian Mortgat Date: Thu, 25 Jun 2020 16:01:27 +0200 Subject: [PATCH 1/5] FIX 10.0 - fatal with postgres backport of https://github.com/Dolibarr/dolibarr/pull/14064/files --- htdocs/core/lib/company.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 3cd302ebdbb..24dfa57f190 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -1349,7 +1349,7 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin $langs->load("mails"); $sql2 = "SELECT m.rowid as id, m.titre as label, mc.date_envoi as dp, mc.date_envoi as dp2, '100' as percent, 'mailing' as type"; - $sql2.= ", '' as fk_element, '' as elementtype, '' as contact_id"; + $sql2.= ", null as fk_element, '' as elementtype, null as contact_id"; $sql2.= ", 'AC_EMAILING' as acode, '' as alabel, '' as apicto"; $sql2.= ", u.rowid as user_id, u.login as user_login, u.photo as user_photo, u.firstname as user_firstname, u.lastname as user_lastname"; // User that valid action if (is_object($filterobj) && get_class($filterobj) == 'Societe') $sql2.= ", '' as lastname, '' as firstname"; From 858a751eef997d488bda47b4904d3735c9728cba Mon Sep 17 00:00:00 2001 From: gauthier Date: Fri, 26 Jun 2020 10:51:04 +0200 Subject: [PATCH 2/5] FIX : $_POST must be GETPOST --- htdocs/core/class/extrafields.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index 9400c64de85..48015547903 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -2103,7 +2103,7 @@ class ExtraFields if (in_array($key_type, array('date','datetime'))) { // Clean parameters - $value_key=dol_mktime($_POST[$keysuffix."options_".$key.$keyprefix."hour"], $_POST[$keysuffix."options_".$key.$keyprefix."min"], 0, $_POST[$keysuffix."options_".$key.$keyprefix."month"], $_POST[$keysuffix."options_".$key.$keyprefix."day"], $_POST[$keysuffix."options_".$key.$keyprefix."year"]); + $value_key=dol_mktime(GETPOST($keysuffix."options_".$key.$keyprefix."hour", 'int'), GETPOST($keysuffix."options_".$key.$keyprefix."min", 'int'), 0, GETPOST($keysuffix."options_".$key.$keyprefix."month", 'int'), GETPOST($keysuffix."options_".$key.$keyprefix."day", 'int'), GETPOST($keysuffix."options_".$key.$keyprefix."year", 'int')); } elseif (in_array($key_type, array('checkbox', 'chkbxlst'))) { From 8e324c36ff010fd1a94ab151c47ac0028a40f037 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Jun 2020 19:39:01 +0200 Subject: [PATCH 3/5] Prepare 11.0.5 --- htdocs/filefunc.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/filefunc.inc.php b/htdocs/filefunc.inc.php index 0352963b13e..2acaad4ec29 100644 --- a/htdocs/filefunc.inc.php +++ b/htdocs/filefunc.inc.php @@ -31,7 +31,7 @@ */ if (! defined('DOL_APPLICATION_TITLE')) define('DOL_APPLICATION_TITLE', 'Dolibarr'); -if (! defined('DOL_VERSION')) define('DOL_VERSION', '11.0.4'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c +if (! defined('DOL_VERSION')) define('DOL_VERSION', '11.0.5'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c if (! defined('EURO')) define('EURO', chr(128)); From 347667b3461f71ce86774deceaf3fabaefb41086 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Jun 2020 19:45:39 +0200 Subject: [PATCH 4/5] Prepare 11.0.5 --- ChangeLog | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/ChangeLog b/ChangeLog index 67cf9513a4a..3ea709eb7bf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,52 @@ English Dolibarr ChangeLog -------------------------------------------------------------- +***** ChangeLog for 11.0.4 compared to 11.0.3 ***** +FIX: $arraydefaultmessage is an object, as well as in /htdocs/core/class/html.formmail.class.php +FIX: 10.0 - pagination in prelevement/bons.php +FIX: 10.0 - undefined $langs if template file copy fails during activation of modContrat +FIX: 11.0 - fatal with postgres on contact/agenda.php +FIX: 11.0 - multicurrency amount not fetched when fetching payments from llx_paiement or llx_paiementfourn +FIX: 11.0 - when using pdftk as per hidden conf USE_PDFTK_FOR_PDF_CONCAT, check that the file exists before displaying a success message +FIX: #13841 +FIX: #13877 - Can validate invoice if there is a credit note with VAT 0% on an invoice with other lines with a VAT non 0% +FIX: #13968 +FIX: #14001 +FIX: #14002 +FIX: 9.0 - delete unused mandatory argument from migrate_clean_association: argument count mismatch causes a fatal error since php7 +FIX: 9.0 - fatal during migration from 3.1 using PHP 7 +FIX: Accountancy - Binding index - Add a filter on sql request for module Subtotal & Jalon +FIX: avoid error "Call to undefined function measuringUnitString()" +FIX: BlindBoolean SQL injection reported by Christian Weiler +FIX: Can create a credit note on situation invoice if previous is also +FIX: can install module even if (x) was appended during download. +FIX: copy value date of VariousPayment onto the new AccountLine +FIX: count of open day when date and start are not open should be 0 +FIX: Default bank account was not loaded for document generation. +FIX: Do not show stats panel if the user does not have permissions +FIX: Fix link of the button to create a credit note and fix the awareness of a error that happen when wo create a credit note +FIX: force rounding 2 on export ld compta +FIX: free text on cash desk +FIX: links into emails of notifications +FIX: missing file manifest.json.php +FIX: missing GetNomURL Hook in warehouse class +FIX: missing hook init + table class + $page not set +FIX: missing rollbacks on trigger bad return +FIX: missing translation value for key "NoMorePredefinedProductToDispatch" +FIX: percent must be displayed on one line +FIX: php error if multicompany disabled +FIX: Privilege escalation reported by wizlynx WLX-2020-011 +FIX: replace filter parameter "none" by "restricthtml" +FIX: Rounding Total TVA in "crabe" model pdf +FIX: Show ref_customer, amount on contract link object +FIX: Site ec.europa.eu has moved to https:// +FIX: Tickets mail models doesn't work +FIX: vulnerability reported by wizlynx WLX-2020-012 +FIX: We must only rename current bank receipt +FIX: when creating a VariousPayment, the value date is not copied onto the AccountLine that gets created at the same time, so the bank transaction's value date will be the payment date instead of the payment's value date +FIX: wrong url param +FIX: XSS using the renaming of .noexe files - reported by Nolan. + ***** ChangeLog for 11.0.4 compared to 11.0.3 ***** FIX: #13749 FIX: #7594 Expense report multi pagebreak From 0eac798674eacb44e725fa53423c35ea860acd02 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Jun 2020 19:47:03 +0200 Subject: [PATCH 5/5] Changelog --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 3ea709eb7bf..515a98f4180 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,7 +2,7 @@ English Dolibarr ChangeLog -------------------------------------------------------------- -***** ChangeLog for 11.0.4 compared to 11.0.3 ***** +***** ChangeLog for 11.0.5 compared to 11.0.4 ***** FIX: $arraydefaultmessage is an object, as well as in /htdocs/core/class/html.formmail.class.php FIX: 10.0 - pagination in prelevement/bons.php FIX: 10.0 - undefined $langs if template file copy fails during activation of modContrat