From 97ccdc92072b83291048882c60185bc418872c33 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 9 Dec 2022 19:43:09 +0100
Subject: [PATCH] Debug v17

---
 htdocs/ecm/dir_add_card.php                   | 18 +++++-----
 htdocs/ecm/dir_card.php                       | 34 +++++++++----------
 htdocs/ecm/file_card.php                      | 10 +++---
 htdocs/ecm/file_note.php                      |  4 +--
 htdocs/ecm/index_medias.php                   |  6 ++--
 htdocs/ecm/search.php                         |  4 +--
 .../core/actions_massactions_mail.inc.php     | 12 -------
 htdocs/intracommreport/list.php               | 15 ++++++--
 htdocs/multicurrency/multicurrency_rate.php   |  4 +--
 9 files changed, 52 insertions(+), 55 deletions(-)

diff --git a/htdocs/ecm/dir_add_card.php b/htdocs/ecm/dir_add_card.php
index 3f20188db56..acdc6c2990a 100644
--- a/htdocs/ecm/dir_add_card.php
+++ b/htdocs/ecm/dir_add_card.php
@@ -93,18 +93,18 @@ if (!empty($section)) {
 }
 
 // Permissions
-$permtoadd = 0;
-$permtoupload = 0;
+$permissiontoadd = 0;
+$permissiontoupload = 0;
 if ($module == 'ecm') {
-	$permtoadd = $user->rights->ecm->setup;
-	$permtoupload = $user->rights->ecm->upload;
+	$permissiontoadd = $user->rights->ecm->setup;
+	$permissiontoupload = $user->rights->ecm->upload;
 }
 if ($module == 'medias') {
-	$permtoadd = ($user->rights->mailing->creer || $user->rights->website->write);
-	$permtoupload = ($user->rights->mailing->creer || $user->rights->website->write);
+	$permissiontoadd = ($user->rights->mailing->creer || $user->rights->website->write);
+	$permissiontoupload = ($user->rights->mailing->creer || $user->rights->website->write);
 }
 
-if (!$permtoadd) {
+if (!$permissiontoadd) {
 	accessforbidden();
 }
 
@@ -115,7 +115,7 @@ if (!$permtoadd) {
  */
 
 // Action ajout d'un produit ou service
-if ($action == 'add' && $permtoadd) {
+if ($action == 'add' && $permissiontoadd) {
 	if ($cancel) {
 		if (!empty($backtopage)) {
 			header("Location: ".$backtopage);
@@ -189,7 +189,7 @@ if ($action == 'add' && $permtoadd) {
 			exit;
 		}
 	}
-} elseif ($action == 'confirm_deletesection' && $confirm == 'yes' && $permtoadd) {
+} elseif ($action == 'confirm_deletesection' && $confirm == 'yes' && $permissiontoadd) {
 	// Deleting file
 	$result = $ecmdir->delete($user);
 	setEventMessages($langs->trans("ECMSectionWasRemoved", $ecmdir->label), null, 'mesgs');
diff --git a/htdocs/ecm/dir_card.php b/htdocs/ecm/dir_card.php
index adfd405790f..8be2511a0d7 100644
--- a/htdocs/ecm/dir_card.php
+++ b/htdocs/ecm/dir_card.php
@@ -90,21 +90,21 @@ if ($module == 'ecm') {
 }
 
 // Permissions
-$permtoread = 0;
-$permtoadd = 0;
-$permtoupload = 0;
+$permissiontoread = 0;
+$permissiontoadd = 0;
+$permissiontoupload = 0;
 if ($module == 'ecm') {
-	$permtoread = $user->rights->ecm->read;
-	$permtoadd = $user->rights->ecm->setup;
-	$permtoupload = $user->rights->ecm->upload;
+	$permissiontoread = $user->rights->ecm->read;
+	$permissiontoadd = $user->rights->ecm->setup;
+	$permissiontoupload = $user->rights->ecm->upload;
 }
 if ($module == 'medias') {
-	$permtoread = ($user->rights->mailing->lire || $user->rights->website->read);
-	$permtoadd = ($user->rights->mailing->creer || $user->rights->website->write);
-	$permtoupload = ($user->rights->mailing->creer || $user->rights->website->write);
+	$permissiontoread = ($user->rights->mailing->lire || $user->rights->website->read);
+	$permissiontoadd = ($user->rights->mailing->creer || $user->rights->website->write);
+	$permissiontoupload = ($user->rights->mailing->creer || $user->rights->website->write);
 }
 
-if (!$permtoread) {
+if (!$permissiontoread) {
 	accessforbidden();
 }
 
@@ -114,7 +114,7 @@ if (!$permtoread) {
  */
 
 // Upload file
-if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC) && $permtoupload) {
+if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC) && $permissiontoupload) {
 	if (dol_mkdir($upload_dir) >= 0) {
 		$resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir."/".dol_unescapefile($_FILES['userfile']['name']), 0, 0, $_FILES['userfile']['error']);
 		if (is_numeric($resupload) && $resupload > 0) {
@@ -139,7 +139,7 @@ if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC) && $permtoupload
 }
 
 // Remove file
-if ($action == 'confirm_deletefile' && $confirm == 'yes' && $permtoupload) {
+if ($action == 'confirm_deletefile' && $confirm == 'yes' && $permissiontoupload) {
 	$langs->load("other");
 	$file = $upload_dir."/".GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
 	$ret = dol_delete_file($file);
@@ -153,7 +153,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes' && $permtoupload) {
 }
 
 // Remove dir
-if ($action == 'confirm_deletedir' && $confirm == 'yes' && $permtoupload) {
+if ($action == 'confirm_deletedir' && $confirm == 'yes' && $permissiontoupload) {
 	$backtourl = DOL_URL_ROOT."/ecm/index.php";
 	if ($module == 'medias') {
 		$backtourl = DOL_URL_ROOT."/website/index.php?file_manager=1";
@@ -189,7 +189,7 @@ if ($action == 'confirm_deletedir' && $confirm == 'yes' && $permtoupload) {
 }
 
 // Update dirname or description
-if ($action == 'update' && !GETPOST('cancel', 'alpha') && $permtoadd) {
+if ($action == 'update' && !GETPOST('cancel', 'alpha') && $permissiontoadd) {
 	$error = 0;
 
 	if ($module == 'ecm') {
@@ -454,17 +454,17 @@ print dol_get_fiche_end();
 if ($action != 'edit' && $action != 'delete' && $action != 'deletefile') {
 	print '<div class="tabsAction">';
 
-	if ($permtoadd) {
+	if ($permissiontoadd) {
 		print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?action=edit&token='.newToken().($module ? '&module='.$module : '').'&section='.$section.'">'.$langs->trans('Edit').'</a>';
 	}
 
-	if ($permtoadd) {
+	if ($permissiontoadd) {
 		print '<a class="butAction" href="'.DOL_URL_ROOT.'/ecm/dir_add_card.php?action=create&token='.newToken().($module ? '&module='.$module : '').'&catParent='.$section.'">'.$langs->trans('ECMAddSection').'</a>';
 	} else {
 		print '<a class="butActionRefused classfortooltip" href="#" title="'.$langs->trans("NotAllowed").'">'.$langs->trans('ECMAddSection').'</a>';
 	}
 
-	print dolGetButtonAction($langs->trans('Delete'), '', 'delete', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delete&token='.newToken().($module ? '&module='.urlencode($module) : '').'&section='.urlencode($section).($backtopage ? '&backtopage='.urlencode($backtopage) : ''), '', $permtoadd);
+	print dolGetButtonAction($langs->trans('Delete'), '', 'delete', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delete&token='.newToken().($module ? '&module='.urlencode($module) : '').'&section='.urlencode($section).($backtopage ? '&backtopage='.urlencode($backtopage) : ''), '', $permissiontoadd);
 
 	print '</div>';
 }
diff --git a/htdocs/ecm/file_card.php b/htdocs/ecm/file_card.php
index 8202335fbc3..e1443974bf7 100644
--- a/htdocs/ecm/file_card.php
+++ b/htdocs/ecm/file_card.php
@@ -103,11 +103,11 @@ if ($result < 0) {
 }
 
 // Permissions
-$permtoread = $user->rights->ecm->read;
-$permtoadd = $user->rights->ecm->setup;
-$permtoupload = $user->rights->ecm->upload;
+$permissiontoread = $user->rights->ecm->read;
+$permissiontoadd = $user->rights->ecm->setup;
+$permissiontoupload = $user->rights->ecm->upload;
 
-if (!$permtoread) {
+if (!$permissiontoread) {
 	accessforbidden();
 }
 
@@ -128,7 +128,7 @@ if ($cancel) {
 }
 
 // Rename file
-if ($action == 'update' && $permtoadd) {
+if ($action == 'update' && $permissiontoadd) {
 	$error = 0;
 
 	$oldlabel = GETPOST('urlfile', 'alpha');
diff --git a/htdocs/ecm/file_note.php b/htdocs/ecm/file_note.php
index 07534dc5ae8..6804714757c 100644
--- a/htdocs/ecm/file_note.php
+++ b/htdocs/ecm/file_note.php
@@ -108,9 +108,9 @@ if ($result < 0) {
 
 $permissionnote = $user->rights->ecm->setup; // Used by the include of actions_setnotes.inc.php
 
-$permtoread = $user->rights->ecm->read;
+$permissiontoread = $user->rights->ecm->read;
 
-if (!$permtoread) {
+if (!$permissiontoread) {
 	accessforbidden();
 }
 
diff --git a/htdocs/ecm/index_medias.php b/htdocs/ecm/index_medias.php
index f5ad347bccf..99a0ac4bc09 100644
--- a/htdocs/ecm/index_medias.php
+++ b/htdocs/ecm/index_medias.php
@@ -90,7 +90,7 @@ if ($user->socid) {
 }
 $result = restrictedArea($user, 'ecm', 0);
 
-$permtouploadfile = ($user->hasRight('ecm', 'setup') || $user->hasRight('mailing', 'creer') || $user->hasRight('website', 'write'));
+$permissiontouploadfile = ($user->hasRight('ecm', 'setup') || $user->hasRight('mailing', 'creer') || $user->hasRight('website', 'write'));
 $diroutput = $conf->medias->multidir_output[$conf->entity];
 
 $relativepath = $section_dir;
@@ -98,7 +98,7 @@ $upload_dir = preg_replace('/\/$/', '', $diroutput).'/'.preg_replace('/^\//', ''
 
 $websitekey = '';
 
-$permissiontoadd = $permtouploadfile;	// Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles
+$permissiontoadd = $permissiontouploadfile;	// Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles
 
 
 /*
@@ -123,7 +123,7 @@ if ($action == 'renamefile') {	// Must be after include DOL_DOCUMENT_ROOT.'/core
 
 
 // Add directory
-if ($action == 'add' && $permtouploadfile) {
+if ($action == 'add' && $permissiontouploadfile) {
 	$ecmdir->ref                = 'NOTUSEDYET';
 	$ecmdir->label              = GETPOST("label");
 	$ecmdir->description        = GETPOST("desc");
diff --git a/htdocs/ecm/search.php b/htdocs/ecm/search.php
index 4c45ec06403..e37a1ce88f3 100644
--- a/htdocs/ecm/search.php
+++ b/htdocs/ecm/search.php
@@ -85,9 +85,9 @@ if (!empty($section)) {
 	}
 }
 
-$permtoread = $user->rights->ecm->read;
+$permissiontoread = $user->rights->ecm->read;
 
-if (!$permtoread) {
+if (!$permissiontoread) {
 	accessforbidden();
 }
 
diff --git a/htdocs/eventorganization/core/actions_massactions_mail.inc.php b/htdocs/eventorganization/core/actions_massactions_mail.inc.php
index a446c04ca9a..5398291e69f 100644
--- a/htdocs/eventorganization/core/actions_massactions_mail.inc.php
+++ b/htdocs/eventorganization/core/actions_massactions_mail.inc.php
@@ -42,18 +42,6 @@ if (empty($objectclass) || empty($uploaddir)) {
 	exit;
 }
 
-// For backward compatibility
-if (!empty($permtoread) && empty($permissiontoread)) {
-	$permissiontoread = $permtoread;
-}
-if (!empty($permtocreate) && empty($permissiontoadd)) {
-	$permissiontoadd = $permtocreate;
-}
-if (!empty($permtodelete) && empty($permissiontodelete)) {
-	$permissiontodelete = $permtodelete;
-}
-
-
 // Mass actions. Controls on number of lines checked.
 $maxformassaction = (empty($conf->global->MAIN_LIMIT_FOR_MASS_ACTIONS) ? 1000 : $conf->global->MAIN_LIMIT_FOR_MASS_ACTIONS);
 if (!empty($massaction) && is_array($toselect) && count($toselect) < 1) {
diff --git a/htdocs/intracommreport/list.php b/htdocs/intracommreport/list.php
index 721ad15a2ce..7f0e896a447 100644
--- a/htdocs/intracommreport/list.php
+++ b/htdocs/intracommreport/list.php
@@ -144,19 +144,30 @@ $arrayfields = dol_sort_array($arrayfields, 'position');
 // Security check
 if ($search_type == '0') {
 	$result = restrictedArea($user, 'produit', '', '', '', '', '', 0);
+
+	$permissiontoread = $user->rights->produit->lire;
+	$permissiontodelete = $user->rights->produit->supprimer;
 } elseif ($search_type == '1') {
 	$result = restrictedArea($user, 'service', '', '', '', '', '', 0);
+
+	$permissiontoread = $user->rights->service->lire;
+	$permissiontodelete = $user->rights->service->supprimer;
 } else {
 	$result = restrictedArea($user, 'produit|service', '', '', '', '', '', 0);
+
+	$permissiontoread = $user->rights->produit->lire;
+	$permissiontodelete = $user->rights->produit->supprimer;
 }
 
 
+
 /*
  * Actions
  */
 
 if (GETPOST('cancel', 'alpha')) {
-	$action = 'list'; $massaction = '';
+	$action = 'list';
+	$massaction = '';
 }
 if (!GETPOST('confirmmassaction', 'alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') {
 	$massaction = '';
@@ -192,8 +203,6 @@ if (empty($reshook)) {
 		$objectlabel = 'Products';
 	}
 
-	$permtoread = $user->rights->produit->lire;
-	$permtodelete = $user->rights->produit->supprimer;
 	$uploaddir = $conf->product->dir_output;
 	include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
 }
diff --git a/htdocs/multicurrency/multicurrency_rate.php b/htdocs/multicurrency/multicurrency_rate.php
index 7e9000909f1..03e5e09334a 100644
--- a/htdocs/multicurrency/multicurrency_rate.php
+++ b/htdocs/multicurrency/multicurrency_rate.php
@@ -235,8 +235,8 @@ if (empty($reshook)) {
 	// Mass actions
 	$objectclass = "CurrencyRate";
 	$uploaddir = $conf->multicurrency->multidir_output; // define only because core/actions_massactions.inc.php want it
-	$permtoread = $user->admin;
-	$permtodelete = $user->admin;
+	$permissiontoread = $user->admin;
+	$permissiontodelete = $user->admin;
 	include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
 }