';
@@ -400,8 +401,10 @@ foreach ($configfileparameters as $key => $value) {
if (in_array($newkey, array('dolibarr_main_db_pass', 'dolibarr_main_auth_ldap_admin_pass'))) {
if (empty($dolibarr_main_prod)) {
print '';
+ print showValueWithClipboardCPButton(${$newkey}, 0, '********');
+ } else {
+ print '**********';
}
- print '**********';
} elseif ($newkey == 'dolibarr_main_url_root' && preg_match('/__auto__/', ${$newkey})) {
print ${$newkey}.' => '.constant('DOL_MAIN_URL_ROOT');
} elseif ($newkey == 'dolibarr_main_document_root_alt') {
@@ -420,9 +423,14 @@ foreach ($configfileparameters as $key => $value) {
}
} elseif ($newkey == 'dolibarr_main_instance_unique_id') {
//print $conf->file->instance_unique_id;
- global $dolibarr_main_cookie_cryptkey;
- $valuetoshow = ${$newkey} ? ${$newkey} : $dolibarr_main_cookie_cryptkey; // Use $dolibarr_main_instance_unique_id first then $dolibarr_main_cookie_cryptkey
- print $valuetoshow;
+ global $dolibarr_main_cookie_cryptkey, $dolibarr_main_instance_unique_id;
+ $valuetoshow = $dolibarr_main_instance_unique_id ? $dolibarr_main_instance_unique_id : $dolibarr_main_cookie_cryptkey; // Use $dolibarr_main_instance_unique_id first then $dolibarr_main_cookie_cryptkey
+ if (empty($dolibarr_main_prod)) {
+ print '';
+ print showValueWithClipboardCPButton($valuetoshow, 0, '********');
+ } else {
+ print '**********';
+ }
if (empty($valuetoshow)) {
print img_warning("EditConfigFileToAddEntry", 'dolibarr_main_instance_unique_id');
}
diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php
index 0b2f2678521..032a23a68c8 100644
--- a/htdocs/admin/system/security.php
+++ b/htdocs/admin/system/security.php
@@ -251,7 +251,7 @@ print '
';
if (empty($conf->global->SECURITY_DISABLE_TEST_ON_OBFUSCATED_CONF)) {
print '
$dolibarr_main_db_pass: ';
if (!empty($dolibarr_main_db_pass) && empty($dolibarr_main_db_encrypted_pass)) {
- print img_picto('', 'warning').' '.$langs->trans("DatabasePasswordNotObfuscated").'
('.$langs->trans("Recommanded").': '.$langs->trans("SetOptionTo", $langs->transnoentitiesnoconv("MainDbPasswordFileConfEncrypted"), yn(1)).')';
+ print img_picto('', 'warning').' '.$langs->trans("DatabasePasswordNotObfuscated").'
('.$langs->trans("Recommended").': '.$langs->trans("SetOptionTo", $langs->transnoentitiesnoconv("MainDbPasswordFileConfEncrypted"), yn(1)).')';
//print '
('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("IPsOfUsers")).')';
} else {
print img_picto('', 'tick').' '.$langs->trans("DatabasePasswordObfuscated");
@@ -267,49 +267,14 @@ if (empty($conf->global->SECURITY_DISABLE_TEST_ON_OBFUSCATED_CONF)) {
print '
';
print '
';
print '
';
-print load_fiche_titre($langs->trans("Menu").' '.$langs->trans("SecuritySetup").' + '.$langs->trans("OtherSetup"), '', 'folder');
-//print '
'.$langs->trans("PasswordEncryption").': ';
-print '
MAIN_SECURITY_HASH_ALGO = '.(empty($conf->global->MAIN_SECURITY_HASH_ALGO) ? '
'.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_HASH_ALGO)." ";
-if (empty($conf->global->MAIN_SECURITY_HASH_ALGO)) {
- print '
If unset: \'md5\'';
-}
-if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') {
- print '
MAIN_SECURITY_SALT = '.(empty($conf->global->MAIN_SECURITY_SALT) ? '
'.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_SALT).'
';
-} else {
- print '
('.$langs->trans("Recommanded").': password_hash)';
- print '
';
-}
-if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') {
- print '
The recommanded value for MAIN_SECURITY_HASH_ALGO is now \'password_hash\' but setting it now will make ALL existing passwords of all users not valid, so update is not possible.
';
- print 'If you really want to switch, you must:
';
- print '- Go on home - setup - other and add constant MAIN_SECURITY_HASH_ALGO to value \'password_hash\'
';
- print '- In same session, WITHOUT LOGGING OUT, go into your admin user record and set a new password
';
- print '- You can now logout and login with this new password. You must now reset password of all other users.
';
- print '
';
-}
+print load_fiche_titre($langs->trans("Menu").' '.$langs->trans("SecuritySetup"), '', 'folder');
+
+
+print '
'.$langs->trans("UseCaptchaCode").': ';
+print empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA) ? '' : img_picto('', 'tick').' ';
+print yn(empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA) ? 0 : 1);
print '
';
-
-
-print '
MAIN_SECURITY_ANTI_SSRF_SERVER_IP = '.(empty($conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP) ? '
'.$langs->trans("Undefined").' ('.$langs->trans("Example").': static-ips-of-server - '.$langs->trans("Note").': common loopback ip like 127.*.*.*, [::1] are already added)' : $conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP)."
";
-print '
';
-
-print '
MAIN_ALLOW_SVG_FILES_AS_IMAGES = '.(empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES) ? '0
('.$langs->trans("Recommanded").': 0)' : $conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES)."
";
-print '
';
-
-print '
MAIN_EXEC_USE_POPEN = ';
-if (empty($conf->global->MAIN_EXEC_USE_POPEN)) {
- print '
'.$langs->trans("Undefined").'';
-} else {
- print $conf->global->MAIN_EXEC_USE_POPEN;
-}
-if ($execmethod == 1) {
- print '
("exec" PHP method will be used for shell commands)';
-}
-if ($execmethod == 2) {
- print '
("popen" PHP method will be used for shell commands)';
-}
-print "
";
print '
';
@@ -354,6 +319,62 @@ if (empty($out)) {
}
print '
';
+print '
';
+print '
';
+print '
';
+
+
+print load_fiche_titre($langs->trans("OtherSetup").' ('.$langs->trans("Experimental").')', '', 'folder');
+
+
+//print '
'.$langs->trans("PasswordEncryption").': ';
+print '
MAIN_SECURITY_HASH_ALGO = '.(empty($conf->global->MAIN_SECURITY_HASH_ALGO) ? '
'.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_HASH_ALGO)." ";
+if (empty($conf->global->MAIN_SECURITY_HASH_ALGO)) {
+ print '
If unset: \'md5\'';
+}
+if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') {
+ print '
MAIN_SECURITY_SALT = '.(empty($conf->global->MAIN_SECURITY_SALT) ? '
'.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_SALT).'
';
+} else {
+ print '
('.$langs->trans("Recommanded").': password_hash)';
+ print '
';
+}
+if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') {
+ print '
The recommanded value for MAIN_SECURITY_HASH_ALGO is now \'password_hash\' but setting it now will make ALL existing passwords of all users not valid, so update is not possible.
';
+ print 'If you really want to switch, you must:
';
+ print '- Go on home - setup - other and add constant MAIN_SECURITY_HASH_ALGO to value \'password_hash\'
';
+ print '- In same session, WITHOUT LOGGING OUT, go into your admin user record and set a new password
';
+ print '- You can now logout and login with this new password. You must now reset password of all other users.
';
+ print '
';
+}
+print '
';
+
+print '
MAIN_SECURITY_ANTI_SSRF_SERVER_IP = '.(empty($conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP) ? '
'.$langs->trans("Undefined").' ('.$langs->trans("Example").': static-ips-of-server - '.$langs->trans("Note").': common loopback ip like 127.*.*.*, [::1] are already added)' : $conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP)."
";
+print '
';
+
+print '
MAIN_ALLOW_SVG_FILES_AS_IMAGES = '.(empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES) ? '0
('.$langs->trans("Recommanded").': 0)' : $conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES)."
";
+print '
';
+
+print '
MAIN_RESTRICTHTML_ONLY_VALID_HTML = '.(empty($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML) ? '
'.$langs->trans("Undefined").' ('.$langs->trans("Recommanded").': 1)' : $conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML)."
";
+print '
';
+
+print '
MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES = '.(empty($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES) ? '
'.$langs->trans("Undefined").' ('.$langs->trans("Recommanded").': 1)' : $conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES)."
";
+print '
';
+
+print '
MAIN_EXEC_USE_POPEN = ';
+if (empty($conf->global->MAIN_EXEC_USE_POPEN)) {
+ print '
'.$langs->trans("Undefined").'';
+} else {
+ print $conf->global->MAIN_EXEC_USE_POPEN;
+}
+if ($execmethod == 1) {
+ print '
("exec" PHP method will be used for shell commands)';
+}
+if ($execmethod == 2) {
+ print '
("popen" PHP method will be used for shell commands)';
+}
+print "
";
+print '
';
+
// Modules/Applications
@@ -405,7 +426,7 @@ if (empty($conf->api->enabled) && empty($conf->webservices->enabled)) {
print '
';
}
if (!empty($conf->api->enabled)) {
- print '
API_ENDPOINT_RULES = '.(empty($conf->global->API_ENDPOINT_RULES) ? '
'.$langs->trans("Undefined").'' : $conf->global->API_ENDPOINT_RULES)."
\n";
+ print '
API_ENDPOINT_RULES = '.(empty($conf->global->API_ENDPOINT_RULES) ? '
'.$langs->trans("Undefined").' ('.$langs->trans("Example").': endpoint1:1,endpoint2:1,...)' : $conf->global->API_ENDPOINT_RULES)."
\n";
print '
';
}
}
diff --git a/htdocs/bom/bom_list.php b/htdocs/bom/bom_list.php
index 6b54e8a4044..76f16c838be 100644
--- a/htdocs/bom/bom_list.php
+++ b/htdocs/bom/bom_list.php
@@ -108,7 +108,7 @@ foreach ($object->fields as $key => $val) {
'checked'=>(($visible < 0) ? 0 : 1),
'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)),
'position'=>$val['position'],
- 'help'=>$val['help']
+ 'help'=> isset($val['help']) ? $val['help'] : ''
);
}
}
@@ -321,7 +321,7 @@ if ($object->ismultientitymanaged == 1) {
foreach ($search as $key => $val) {
if (array_key_exists($key, $object->fields)) {
if ($key == 'status' && $search[$key] == -1) {
- continue;
+ continue;
}
$mode_search = (($object->isInt($object->fields[$key]) || $object->isFloat($object->fields[$key])) ? 1 : 0);
if ((strpos($object->fields[$key]['type'], 'integer:') === 0) || (strpos($object->fields[$key]['type'], 'sellist:') === 0) || !empty($object->fields[$key]['arrayofkeyval'])) {
diff --git a/htdocs/categories/card.php b/htdocs/categories/card.php
index 734f2e89506..141e061ac20 100644
--- a/htdocs/categories/card.php
+++ b/htdocs/categories/card.php
@@ -1,6 +1,6 @@
- * Copyright (C) 2006-2017 Laurent Destailleur
+ * Copyright (C) 2006-2021 Laurent Destailleur
* Copyright (C) 2005-2014 Regis Houssin
* Copyright (C) 2007 Patrick Raguin
* Copyright (C) 2013 Florian Henry
@@ -257,6 +257,7 @@ if ($user->rights->categorie->creer) {
// Parent category
print '| '.$langs->trans("AddIn").' | ';
+ print img_picto($langs->trans("ParentCategory"), 'category', 'class="pictofixedwidth"');
print $form->select_all_categories($type, $catorigin, 'parent');
print ajax_combobox('parent');
print ' |
';
diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php
index d801b4429c7..e03d13c29e8 100644
--- a/htdocs/comm/mailing/card.php
+++ b/htdocs/comm/mailing/card.php
@@ -577,7 +577,6 @@ if (empty($reshook)) {
if (!$isupload) {
$mesgs = array();
-
$object->sujet = (string) GETPOST("sujet");
$object->body = (string) GETPOST("bodyemail", 'restricthtml');
$object->bgcolor = (string) GETPOST("bgcolor");
@@ -744,7 +743,7 @@ if ($action == 'create') {
print '';
// wysiwyg editor
require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php';
- $doleditor = new DolEditor('bodyemail', GETPOST('bodyemail', 'restricthtml'), '', 600, 'dolibarr_mailings', '', true, true, $conf->global->FCKEDITOR_ENABLE_MAILING, 20, '90%');
+ $doleditor = new DolEditor('bodyemail', GETPOST('bodyemail', 'restricthtmlallowunvalid'), '', 600, 'dolibarr_mailings', '', true, true, $conf->global->FCKEDITOR_ENABLE_MAILING, 20, '90%');
$doleditor->Create();
print '
';
diff --git a/htdocs/comm/mailing/class/mailing.class.php b/htdocs/comm/mailing/class/mailing.class.php
index 04d2f7c17d8..d281fcb1a3a 100644
--- a/htdocs/comm/mailing/class/mailing.class.php
+++ b/htdocs/comm/mailing/class/mailing.class.php
@@ -208,6 +208,12 @@ class Mailing extends CommonObject
{
global $conf, $langs;
+ // Check properties
+ if ($this->body === 'InvalidHTMLString') {
+ $this->error = 'InvalidHTMLString';
+ return -1;
+ }
+
$this->db->begin();
$this->title = trim($this->title);
@@ -257,6 +263,12 @@ class Mailing extends CommonObject
*/
public function update($user)
{
+ // Check properties
+ if ($this->body === 'InvalidHTMLString') {
+ $this->error = 'InvalidHTMLString';
+ return -1;
+ }
+
$sql = "UPDATE ".MAIN_DB_PREFIX."mailing ";
$sql .= " SET titre = '".$this->db->escape($this->title)."'";
$sql .= ", sujet = '".$this->db->escape($this->sujet)."'";
diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php
index 851555ac24b..fda7b76ed91 100644
--- a/htdocs/comm/propal/list.php
+++ b/htdocs/comm/propal/list.php
@@ -226,8 +226,10 @@ if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) {
} else {
$permissiontovalidate = $user->rights->propal->creer;
$permissiontoclose = $user->rights->propal->creer;
+ $permissiontosendbymail = $user->rights->propal->creer;
}
+
/*
* Actions
*/
diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php
index 46d1bb93684..8619ff25dae 100644
--- a/htdocs/compta/bank/class/account.class.php
+++ b/htdocs/compta/bank/class/account.class.php
@@ -829,8 +829,8 @@ class Account extends CommonObject
$sql .= ",min_desired = ".($this->min_desired != '' ? price2num($this->min_desired) : "null");
$sql .= ",comment = '".$this->db->escape($this->comment)."'";
- $sql .= ",state_id = ".($this->state_id > 0 ? $this->state_id : "null");
- $sql .= ",fk_pays = ".($this->country_id > 0 ? $this->country_id : "null");
+ $sql .= ",state_id = ".($this->state_id > 0 ? ((int) $this->state_id) : "null");
+ $sql .= ",fk_pays = ".($this->country_id > 0 ? ((int) $this->country_id) : "null");
$sql .= ",ics = '".$this->db->escape($this->ics)."'";
$sql .= ",ics_transfer = '".$this->db->escape($this->ics_transfer)."'";
diff --git a/htdocs/compta/cashcontrol/cashcontrol_list.php b/htdocs/compta/cashcontrol/cashcontrol_list.php
index ec7af37940c..42e53085ea8 100644
--- a/htdocs/compta/cashcontrol/cashcontrol_list.php
+++ b/htdocs/compta/cashcontrol/cashcontrol_list.php
@@ -131,7 +131,7 @@ foreach ($object->fields as $key => $val) {
'checked'=>(($visible < 0) ? 0 : 1),
'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)),
'position'=>$val['position'],
- 'help'=>$val['help']
+ 'help'=> isset($val['help']) ? $val['help'] : ''
);
}
}
diff --git a/htdocs/compta/sociales/class/cchargesociales.class.php b/htdocs/compta/sociales/class/cchargesociales.class.php
index 8cfadd84f4f..ee9a270b283 100644
--- a/htdocs/compta/sociales/class/cchargesociales.class.php
+++ b/htdocs/compta/sociales/class/cchargesociales.class.php
@@ -260,13 +260,13 @@ class Cchargesociales
// Update request
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET';
$sql .= ' libelle = '.(isset($this->libelle) ? "'".$this->db->escape($this->libelle)."'" : "null").',';
- $sql .= ' deductible = '.(isset($this->deductible) ? $this->deductible : "null").',';
- $sql .= ' active = '.(isset($this->active) ? $this->active : "null").',';
+ $sql .= ' deductible = '.(isset($this->deductible) ? ((int) $this->deductible) : "null").',';
+ $sql .= ' active = '.(isset($this->active) ? ((int) $this->active) : "null").',';
$sql .= ' code = '.(isset($this->code) ? "'".$this->db->escape($this->code)."'" : "null").',';
- $sql .= ' fk_pays = '.(isset($this->fk_pays) ? $this->fk_pays : "null").',';
+ $sql .= ' fk_pays = '.((isset($this->fk_pays) && $this->fk_pays > 0) ? ((int) $this->fk_pays) : "null").',';
$sql .= ' module = '.(isset($this->module) ? "'".$this->db->escape($this->module)."'" : "null").',';
$sql .= ' accountancy_code = '.(isset($this->accountancy_code) ? "'".$this->db->escape($this->accountancy_code)."'" : "null");
- $sql .= ' WHERE id='.$this->id;
+ $sql .= ' WHERE id='.((int) $this->id);
$this->db->begin();
diff --git a/htdocs/core/boxes/box_graph_nb_tickets_type.php b/htdocs/core/boxes/box_graph_nb_tickets_type.php
index 86ea5e2a11c..2da54d84e7a 100644
--- a/htdocs/core/boxes/box_graph_nb_tickets_type.php
+++ b/htdocs/core/boxes/box_graph_nb_tickets_type.php
@@ -69,20 +69,11 @@ class box_graph_nb_tickets_type extends ModeleBoxes
global $theme_datacolor, $badgeStatus8;
require_once DOL_DOCUMENT_ROOT."/core/lib/functions2.lib.php";
+ require_once DOL_DOCUMENT_ROOT."/theme/".$conf->theme."/theme_vars.inc.php";
- $badgeStatus0 = '#cbd3d3'; // draft
- $badgeStatus1 = '#bc9526'; // validated
- $badgeStatus1b = '#bc9526'; // validated
- $badgeStatus2 = '#9c9c26'; // approved
- $badgeStatus3 = '#bca52b';
- $badgeStatus4 = '#25a580'; // Color ok
- $badgeStatus4b = '#25a580'; // Color ok
- $badgeStatus5 = '#cad2d2';
- $badgeStatus6 = '#cad2d2';
- $badgeStatus7 = '#baa32b';
$badgeStatus8 = '#993013';
- $badgeStatus9 = '#e7f0f0';
+
$text = $langs->trans("BoxTicketType");
$this->info_box_head = array(
'text' => $text,
diff --git a/htdocs/core/class/html.formadmin.class.php b/htdocs/core/class/html.formadmin.class.php
index d45f952d8b2..8e03f158a02 100644
--- a/htdocs/core/class/html.formadmin.class.php
+++ b/htdocs/core/class/html.formadmin.class.php
@@ -393,9 +393,10 @@ class FormAdmin
* @param string $htmlname Name of HTML select field
* @param string $filter Value to filter on code
* @param int $showempty Add empty value
+ * @param int $forcecombo Force to load all values and output a standard combobox (with no beautification)
* @return string Return HTML output
*/
- public function select_paper_format($selected = '', $htmlname = 'paperformat_id', $filter = 0, $showempty = 0)
+ public function select_paper_format($selected = '', $htmlname = 'paperformat_id', $filter = 0, $showempty = 0, $forcecombo = 0)
{
// phpcs:enable
global $langs;
@@ -444,7 +445,10 @@ class FormAdmin
}
$out .= '';
- $out .= ajax_combobox($htmlname);
+ if (!$forcecombo) {
+ include_once DOL_DOCUMENT_ROOT.'/core/lib/ajax.lib.php';
+ $out .= ajax_combobox($htmlname);
+ }
return $out;
}
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 13358074514..60ffa14b75d 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -775,22 +775,40 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options =
}
break;
case 'restricthtml': // Recommended for most html textarea
+ case 'restricthtmlallowunvalid':
do {
$oldstringtoclean = $out;
+ if (!empty($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML) && $check != 'restricthtmlallowunvalid') {
+ try {
+ $dom = new DOMDocument;
+ $dom->loadHTML($out, LIBXML_ERR_NONE|LIBXML_HTML_NOIMPLIED|LIBXML_HTML_NODEFDTD|LIBXML_NONET|LIBXML_NOWARNING|LIBXML_NOXMLDECL);
+ } catch (Exception $e) {
+ //print $e->getMessage();
+ return 'InvalidHTMLString';
+ }
+ $out = $dom->saveHTML();
+ }
+ //var_dump($oldstringtoclean);var_dump($out);
+
+ // Ckeditor use the numeric entitic for apostrophe so we force it to text entity (all other special chars are correctly
+ // encoded using text entities). This is a fix for CKeditor.
+ $out = preg_replace('/'/i', ''', $out);
+
// We replace chars from a/A to z/Z encoded with numeric HTML entities with the real char so we won't loose the chars at the next step.
// No need to use a loop here, this step is not to sanitize (this is done at next step, this is to try to save chars, even if they are
// using a non coventionnel way to be encoded, to not have them sanitized just after)
$out = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', 'realCharForNumericEntities', $out);
- // Now we remove all remaining HTML entities staring with a number. We don't want such entities.
+ // Now we remove all remaining HTML entities starting with a number. We don't want such entities.
$out = preg_replace('/&#x?[0-9]+/i', '', $out); // For example if we have javascript with an entities without the ; to hide the 'a' of 'javascript'.
$out = dol_string_onlythesehtmltags($out, 0, 1, 1);
// We should also exclude non expected attributes
if (!empty($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES)) {
- $out = dol_string_onlythesehtmlattributes($out);
+ // Warning, the function may add a LF so we are forced to trim to compare with old $out without having always a difference and an infinit loop.
+ $out = trim(dol_string_onlythesehtmlattributes($out));
}
} while ($oldstringtoclean != $out);
break;
@@ -1025,10 +1043,11 @@ function dol_size($size, $type = '')
/**
- * Clean a string to use it as a file name
+ * Clean a string to use it as a file name.
+ * Replace also '--' and ' -' strings, they are used for parameters separation.
*
* @param string $str String to clean
- * @param string $newstr String to replace bad chars with
+ * @param string $newstr String to replace bad chars with.
* @param int $unaccent 1=Remove also accent (default), 0 do not remove them
* @return string String cleaned (a-zA-Z_)
*
@@ -1040,8 +1059,11 @@ function dol_sanitizeFileName($str, $newstr = '_', $unaccent = 1)
// Char '>' '<' '|' '$' and ';' are special chars for shells.
// Char '/' and '\' are file delimiters.
// -- car can be used into filename to inject special paramaters like --use-compress-program to make command with file as parameter making remote execution of command
- $filesystem_forbidden_chars = array('<', '>', '/', '\\', '?', '*', '|', '"', ':', '°', '$', ';', '--');
- return dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars);
+ $filesystem_forbidden_chars = array('<', '>', '/', '\\', '?', '*', '|', '"', ':', '°', '$', ';');
+ $tmp = dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars);
+ $tmp = preg_replace('/\-\-+/', '_', $tmp);
+ $tmp = preg_replace('/\s+\-/', ' _', $tmp);
+ return $tmp;
}
/**
@@ -1153,21 +1175,26 @@ function dol_string_unaccent($str)
* Clean a string from all punctuation characters to use it as a ref or login.
* This is a more complete function than dol_sanitizeFileName.
*
- * @param string $str String to clean
- * @param string $newstr String to replace forbidden chars with
- * @param array $badcharstoreplace List of forbidden characters
- * @return string Cleaned string
+ * @param string $str String to clean
+ * @param string $newstr String to replace forbidden chars with
+ * @param array|string $badcharstoreplace List of forbidden characters to replace
+ * @param array|string $badcharstoremove List of forbidden characters to remove
+ * @return string Cleaned string
*
* @see dol_sanitizeFilename(), dol_string_unaccent(), dol_string_nounprintableascii()
*/
-function dol_string_nospecial($str, $newstr = '_', $badcharstoreplace = '')
+function dol_string_nospecial($str, $newstr = '_', $badcharstoreplace = '', $badcharstoremove = '')
{
$forbidden_chars_to_replace = array(" ", "'", "/", "\\", ":", "*", "?", "\"", "<", ">", "|", "[", "]", ",", ";", "=", '°'); // more complete than dol_sanitizeFileName
$forbidden_chars_to_remove = array();
+ //$forbidden_chars_to_remove=array("(",")");
+
if (is_array($badcharstoreplace)) {
$forbidden_chars_to_replace = $badcharstoreplace;
}
- //$forbidden_chars_to_remove=array("(",")");
+ if (is_array($badcharstoremove)) {
+ $forbidden_chars_to_remove = $badcharstoremove;
+ }
return str_replace($forbidden_chars_to_replace, $newstr, str_replace($forbidden_chars_to_remove, "", $str));
}
@@ -3521,8 +3548,8 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $
'github', 'jabber', 'skype', 'twitter', 'facebook', 'linkedin', 'instagram', 'snapchat', 'youtube', 'google-plus-g', 'whatsapp',
'chevron-left', 'chevron-right', 'chevron-down', 'chevron-top', 'commercial', 'companies',
'generic', 'home', 'hrm', 'members', 'products', 'invoicing',
- 'partnership', 'payment', 'pencil-ruler', 'preview', 'project', 'projectpub', 'projecttask', 'question', 'refresh', 'salary', 'shipment',
- 'state', 'supplier_invoice', 'supplier_invoicea', 'supplier_invoicer', 'supplier_invoiced',
+ 'partnership', 'payment', 'pencil-ruler', 'preview', 'project', 'projectpub', 'projecttask', 'question', 'refresh', 'region',
+ 'salary', 'shipment', 'state', 'supplier_invoice', 'supplier_invoicea', 'supplier_invoicer', 'supplier_invoiced',
'technic', 'ticket',
'error', 'warning',
'recent', 'reception', 'recruitmentcandidature', 'recruitmentjobposition', 'resource',
@@ -3571,8 +3598,8 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $
'partnership'=>'handshake', 'payment'=>'money-check-alt', 'phoning'=>'phone', 'phoning_mobile'=>'mobile-alt', 'phoning_fax'=>'fax', 'previous'=>'arrow-alt-circle-left', 'printer'=>'print', 'product'=>'cube', 'service'=>'concierge-bell',
'recent' => 'question', 'reception'=>'dolly', 'recruitmentjobposition'=>'id-card-alt', 'recruitmentcandidature'=>'id-badge',
'resize'=>'crop', 'supplier_order'=>'dol-order_supplier', 'supplier_proposal'=>'file-signature',
- 'refresh'=>'redo', 'resource'=>'laptop-house',
- 'state'=>'map-marked', 'security'=>'key', 'salary'=>'wallet', 'shipment'=>'dolly', 'stock'=>'box-open', 'stats' => 'chart-bar', 'split'=>'code-branch', 'stripe'=>'stripe-s',
+ 'refresh'=>'redo', 'region'=>'map-marked', 'resource'=>'laptop-house',
+ 'state'=>'map-marked-alt', 'security'=>'key', 'salary'=>'wallet', 'shipment'=>'dolly', 'stock'=>'box-open', 'stats' => 'chart-bar', 'split'=>'code-branch', 'stripe'=>'stripe-s',
'supplier'=>'building', 'supplier_invoice'=>'file-invoice-dollar', 'technic'=>'cogs', 'ticket'=>'ticket-alt',
'timespent'=>'clock', 'title_setup'=>'tools', 'title_accountancy'=>'money-check-alt', 'title_bank'=>'university', 'title_hrm'=>'umbrella-beach',
'title_agenda'=>'calendar-alt',
@@ -3673,7 +3700,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $
'partnership'=>'#6c6aa8', 'playdisabled'=>'#ccc', 'printer'=>'#444', 'projectpub'=>'#986c6a', 'reception'=>'#a69944', 'resize'=>'#444', 'rss'=>'#cba',
//'shipment'=>'#a69944',
'security'=>'#999', 'stats'=>'#444', 'switch_off'=>'#999', 'technic'=>'#999', 'timespent'=>'#555',
- 'uncheck'=>'#800', 'uparrow'=>'#555', 'user-cog'=>'#999', 'country'=>'#aaa', 'globe-americas'=>'#aaa', 'state'=>'#aaa',
+ 'uncheck'=>'#800', 'uparrow'=>'#555', 'user-cog'=>'#999', 'country'=>'#aaa', 'globe-americas'=>'#aaa', 'region'=>'#aaa', 'state'=>'#aaa',
'website'=>'#304', 'workstation'=>'#a69944'
);
if (isset($arrayconvpictotocolor[$pictowithouttext])) {
@@ -3956,7 +3983,7 @@ function img_edit($titlealt = 'default', $float = 0, $other = '')
* @param string $other Add more attributes on img
* @return string Return tag img
*/
-function img_view($titlealt = 'default', $float = 0, $other = '')
+function img_view($titlealt = 'default', $float = 0, $other = 'class="valignmiddle"')
{
global $langs;
@@ -5470,7 +5497,7 @@ function get_localtax($vatrate, $local, $thirdparty_buyer = "", $thirdparty_sell
} else {
$sql .= " AND t.recuperableonly = '".$db->escape($vatnpr)."'";
}
- dol_syslog("get_localtax", LOG_DEBUG);
+
$resql = $db->query($sql);
if ($resql) {
@@ -6298,7 +6325,7 @@ function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1,
$stringtoclean = preg_replace('/:|�+58|:/i', '', $stringtoclean); // refused string ':' encoded (no reason to have a : encoded like this) to disable 'javascript:...'
$stringtoclean = preg_replace('/javascript\s*:/i', '', $stringtoclean);
- $temp = strip_tags($stringtoclean, $allowed_tags_string);
+ $temp = strip_tags($stringtoclean, $allowed_tags_string); // Warning: This remove also undesired changing string obfuscated with that pass injection detection into harmfull string
if ($cleanalsosomestyles) { // Clean for remaining html tags
$temp = preg_replace('/position\s*:\s*(absolute|fixed)\s*!\s*important/i', '', $temp); // Note: If hacker try to introduce css comment into string to bypass this regex, the string must also be encoded by the dol_htmlentitiesbr during output so it become harmless
@@ -6348,8 +6375,8 @@ function dol_string_onlythesehtmlattributes($stringtoclean, $allowed_attributes
}
$return = $dom->saveHTML();
-
//$return = 'aaaabbssdd
'."\naaa
aabb
";
+
$return = preg_replace('/^/', '', $return);
$return = preg_replace('/<\/body><\/html>$/', '', $return);
return $return;
@@ -7435,7 +7462,7 @@ function print_date_range($date_start, $date_end, $format = '', $outputlangs = '
* @param int $date_end End date
* @param string $format Output format
* @param Translate $outputlangs Output language
- * @param integer $withparenthesis 1=Add parenthesis, 0=non parenthesis
+ * @param integer $withparenthesis 1=Add parenthesis, 0=no parenthesis
* @return string String
*/
function get_date_range($date_start, $date_end, $format = '', $outputlangs = '', $withparenthesis = 1)
@@ -8087,7 +8114,7 @@ function picto_from_langcode($codelang, $moreatt = '')
}
if ($codelang == 'auto') {
- return '';
+ return '';
}
$langtocountryflag = array(
diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php
index 523b8ccf2cb..4408e2ccd52 100644
--- a/htdocs/core/lib/security2.lib.php
+++ b/htdocs/core/lib/security2.lib.php
@@ -476,8 +476,8 @@ function getRandomPassword($generic = false, $replaceambiguouschars = null, $len
}
$generated_password = str_shuffle($randomCode);
- } else // Old platform, non cryptographic random
- {
+ } else {
+ // Old platform, non cryptographic random
$max = strlen($lowercase) - 1;
for ($x = 0; $x < $nbofchar; $x++) {
$tmp = mt_rand(0, $max);
diff --git a/htdocs/core/login/functions_ldap.php b/htdocs/core/login/functions_ldap.php
index 9de95be506b..0f3927709eb 100644
--- a/htdocs/core/login/functions_ldap.php
+++ b/htdocs/core/login/functions_ldap.php
@@ -29,7 +29,7 @@
*
* @param string $usertotest Login
* @param string $passwordtotest Password
- * @param int $entitytotest Number of instance (always 1 if module multicompany not enabled)
+ * @param int $entitytotest Numero of instance (always 1 if module multicompany not enabled)
* @return string Login if OK, '' if KO
*/
function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
@@ -151,10 +151,13 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
if ($result > 0) {
if ($result == 2) { // Connection is ok for user/pass into LDAP
$login = $usertotest;
- if (!empty($conf->global->LDAP_FIELD_LOGIN)) {
- $login = $ldap->login;
- }
dol_syslog("functions_ldap::check_user_password_ldap $login authentication ok");
+ // For the case, we search the user id using a search key without the login (but using other fields like id),
+ // we need to get the real login to use in the ldap answer.
+ if (!empty($conf->global->LDAP_FIELD_LOGIN) && !empty($ldap->login)) {
+ $login = $ldap->login;
+ dol_syslog("functions_ldap::check_user_password_ldap login is now $login (LDAP_FIELD_LOGIN=".$conf->global->LDAP_FIELD_LOGIN.")");
+ }
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
@@ -207,7 +210,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
}
$usertmp = new User($db);
- $resultFetchUser = $usertmp->fetch('', $login, $sid);
+ $resultFetchUser = $usertmp->fetch('', $login, $sid, 1, ($entitytotest > 0 ? $entitytotest : -1));
if ($resultFetchUser > 0) {
dol_syslog("functions_ldap::check_user_password_ldap Sync user found user id=".$usertmp->id);
// On verifie si le login a change et on met a jour les attributs dolibarr
@@ -215,7 +218,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
if ($usertmp->login != $ldap->login && $ldap->login) {
$usertmp->login = $ldap->login;
$usertmp->update($usertmp);
- // TODO Que faire si update echoue car on update avec un login deja existant.
+ // TODO Que faire si update echoue car on update avec un login deja existant pour un autre compte.
}
//$resultUpdate = $usertmp->update_ldap2dolibarr($ldap);
@@ -231,7 +234,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
$usertmp->fetch('', $login);
$ret = $mc->checkRight($usertmp->id, $entitytotest);
if ($ret < 0) {
- dol_syslog("functions_ldap::check_user_password_ldap Authentication KO entity '".$entitytotest."' not allowed for user '".$usertmp->id."'", LOG_NOTICE);
+ dol_syslog("functions_ldap::check_user_password_ldap Authentication KO entity '".$entitytotest."' not allowed for user id '".$usertmp->id."'", LOG_NOTICE);
$login = ''; // force authentication failure
}
unset($usertmp);
diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php
index 90de417c767..c192d5e6ac6 100644
--- a/htdocs/core/menus/standard/eldy.lib.php
+++ b/htdocs/core/menus/standard/eldy.lib.php
@@ -1797,11 +1797,11 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM
$newmenu->add("/holiday/card.php?mainmenu=hrm&leftmenu=holiday&action=create", $langs->trans("New"), 1, $user->rights->holiday->write);
$newmenu->add("/holiday/list.php?mainmenu=hrm&leftmenu=hrm", $langs->trans("List"), 1, $user->rights->holiday->read);
if ($usemenuhider || empty($leftmenu) || $leftmenu == "hrm") {
- $newmenu->add("/holiday/list.php?search_statut=1&mainmenu=hrm&leftmenu=hrm", $langs->trans("DraftCP"), 2, $user->rights->holiday->read);
- $newmenu->add("/holiday/list.php?search_statut=2&mainmenu=hrm&leftmenu=hrm", $langs->trans("ToReviewCP"), 2, $user->rights->holiday->read);
- $newmenu->add("/holiday/list.php?search_statut=3&mainmenu=hrm&leftmenu=hrm", $langs->trans("ApprovedCP"), 2, $user->rights->holiday->read);
- $newmenu->add("/holiday/list.php?search_statut=4&mainmenu=hrm&leftmenu=hrm", $langs->trans("CancelCP"), 2, $user->rights->holiday->read);
- $newmenu->add("/holiday/list.php?search_statut=5&mainmenu=hrm&leftmenu=hrm", $langs->trans("RefuseCP"), 2, $user->rights->holiday->read);
+ $newmenu->add("/holiday/list.php?search_status=1&mainmenu=hrm&leftmenu=hrm", $langs->trans("DraftCP"), 2, $user->rights->holiday->read);
+ $newmenu->add("/holiday/list.php?search_status=2&mainmenu=hrm&leftmenu=hrm", $langs->trans("ToReviewCP"), 2, $user->rights->holiday->read);
+ $newmenu->add("/holiday/list.php?search_status=3&mainmenu=hrm&leftmenu=hrm", $langs->trans("ApprovedCP"), 2, $user->rights->holiday->read);
+ $newmenu->add("/holiday/list.php?search_status=4&mainmenu=hrm&leftmenu=hrm", $langs->trans("CancelCP"), 2, $user->rights->holiday->read);
+ $newmenu->add("/holiday/list.php?search_status=5&mainmenu=hrm&leftmenu=hrm", $langs->trans("RefuseCP"), 2, $user->rights->holiday->read);
}
$newmenu->add("/holiday/define_holiday.php?mainmenu=hrm&action=request", $langs->trans("MenuConfCP"), 1, $user->rights->holiday->read);
$newmenu->add("/holiday/month_report.php?mainmenu=hrm&leftmenu=holiday", $langs->trans("MenuReportMonth"), 1, $user->rights->holiday->readall);
diff --git a/htdocs/core/modules/modAccounting.class.php b/htdocs/core/modules/modAccounting.class.php
index d6127f65b83..e0bf3a9bbc5 100644
--- a/htdocs/core/modules/modAccounting.class.php
+++ b/htdocs/core/modules/modAccounting.class.php
@@ -60,7 +60,7 @@ class modAccounting extends DolibarrModules
$this->dirs = array('/accounting/temp');
// Config pages
- $this->config_page_url = array('accounting.php');
+ $this->config_page_url = array('accounting.php?mainmenu=accountancy&leftmenu=accountancy_admin');
// Dependencies
$this->depends = array("modFacture", "modBanque", "modTax"); // List of modules id that must be enabled if this module is enabled
diff --git a/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php b/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php
index e091b5069e9..a358f916429 100644
--- a/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php
+++ b/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php
@@ -99,7 +99,7 @@ class modGeneratePassStandard extends ModeleGenPassword
$password = "";
// define possible characters
- $possible = "0123456789bcdfghjkmnpqrstvwxyz";
+ $possible = "0123456789qwertyuiopasdfghjklzxcvbnmASDFGHJKLZXCVBNMQWERTYUIOP";
// set up a counter
$i = 0;
@@ -107,10 +107,13 @@ class modGeneratePassStandard extends ModeleGenPassword
// add random characters to $password until $length is reached
while ($i < $this->length) {
// pick a random character from the possible ones
- $char = substr($possible, mt_rand(0, dol_strlen($possible) - 1), 1);
+ if (function_exists('random_int')) { // Cryptographic random
+ $char = substr($possible, random_int(0, dol_strlen($possible) - 1), 1);
+ } else {
+ $char = substr($possible, mt_rand(0, dol_strlen($possible) - 1), 1);
+ }
- // we don't want this character if it's already in the password
- if (!strstr($password, $char)) {
+ if (substr_count($password, $char) <= 6) { // we don't want this character if it's already 5 times in the password
$password .= $char;
$i++;
}
diff --git a/htdocs/core/tpl/commonfields_add.tpl.php b/htdocs/core/tpl/commonfields_add.tpl.php
index d1d378e7e60..cd07c0b8191 100644
--- a/htdocs/core/tpl/commonfields_add.tpl.php
+++ b/htdocs/core/tpl/commonfields_add.tpl.php
@@ -47,7 +47,7 @@ foreach ($object->fields as $key => $val) {
print '';
print 'global->MAIN_LOGIN_BACKGROUND) ? '' : ' backgroundsemitransparent'; ?>" style="max-width: 70%">
+
statut == 0 && ($object_rights->creer) && $action != 'selectlines') {
-
+if ($this->statut == 0 && !empty($object_rights->creer) && $action != 'selectlines') {
$situationinvoicelinewithparent = 0;
if ($line->fk_prev_id != null && in_array($object->element, array('facture', 'facturedet'))) {
if ($object->type == $object::TYPE_SITUATION) { // The constant TYPE_SITUATION exists only for object invoice
diff --git a/htdocs/core/tpl/passwordforgotten.tpl.php b/htdocs/core/tpl/passwordforgotten.tpl.php
index 9e0a222725b..8964145b430 100644
--- a/htdocs/core/tpl/passwordforgotten.tpl.php
+++ b/htdocs/core/tpl/passwordforgotten.tpl.php
@@ -216,7 +216,7 @@ if (!empty($morelogincontent)) {
-
+
trans('SendNewPasswordDesc'); ?>
diff --git a/htdocs/eventorganization/class/conferenceorbooth.class.php b/htdocs/eventorganization/class/conferenceorbooth.class.php
index ae35f3eb892..bb84bbe37bd 100644
--- a/htdocs/eventorganization/class/conferenceorbooth.class.php
+++ b/htdocs/eventorganization/class/conferenceorbooth.class.php
@@ -108,7 +108,7 @@ class ConferenceOrBooth extends ActionComm
'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>'1', 'position'=>30, 'notnull'=>0, 'visible'=>1, 'searchall'=>1, 'css'=>'minwidth300', 'help'=>"Help text", 'showoncombobox'=>'1',),
'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'help'=>"LinkToThirparty",),
'fk_project' => array('type'=>'integer:Project:projet/class/project.class.php:1::eventorganization', 'label'=>'Project', 'enabled'=>'1', 'position'=>52, 'notnull'=>-1, 'visible'=>-1, 'index'=>1,),
- 'note' => array('type'=>'text', 'label'=>'Description', 'enabled'=>'1', 'position'=>60, 'notnull'=>0, 'visible'=>1,),
+ 'note' => array('type'=>'text', 'label'=>'Description', 'enabled'=>'1', 'position'=>60, 'notnull'=>0, 'visible'=>1),
'fk_action' => array('type'=>'sellist:c_actioncomm:libelle:id::module LIKE (\'%@eventorganization\')', 'label'=>'Format', 'enabled'=>'1', 'position'=>60, 'notnull'=>1, 'visible'=>1,),
'datep' => array('type'=>'datetime', 'label'=>'DateStart', 'enabled'=>'1', 'position'=>70, 'notnull'=>0, 'visible'=>1, 'showoncombobox'=>'2',),
'datep2' => array('type'=>'datetime', 'label'=>'DateEnd', 'enabled'=>'1', 'position'=>71, 'notnull'=>0, 'visible'=>1, 'showoncombobox'=>'3',),
@@ -118,6 +118,7 @@ class ConferenceOrBooth extends ActionComm
'fk_user_mod' => array('type'=>'integer:User:user/class/user.class.php', 'label'=>'UserModif', 'enabled'=>'1', 'position'=>511, 'notnull'=>-1, 'visible'=>-2,),
'import_key' => array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>'1', 'position'=>1000, 'notnull'=>-1, 'visible'=>-2,),
'status' => array('type'=>'smallint', 'label'=>'Status', 'enabled'=>'1', 'position'=>1000, 'notnull'=>1, 'visible'=>1, 'default'=>'0', 'index'=>1, 'arrayofkeyval'=>array('0'=>'EvntOrgDraft', '1'=>'EvntOrgSuggested', '2'=> 'EvntOrgConfirmed', '3' =>'EvntOrgNotQualified', '4' =>'EvntOrgDone', '9'=>'EvntOrgCancelled'),),
+ 'num_vote' => array('type'=>'smallint', 'label'=>'NbVotes', 'enabled'=>'1', 'position'=>1001, 'notnull'=>-1, 'visible'=>5, 'default'=>'0', 'index'=>0),
);
public $rowid;
public $id;
diff --git a/htdocs/eventorganization/conferenceorbooth_list.php b/htdocs/eventorganization/conferenceorbooth_list.php
index d7f7cdb8bb1..0b1221006a8 100644
--- a/htdocs/eventorganization/conferenceorbooth_list.php
+++ b/htdocs/eventorganization/conferenceorbooth_list.php
@@ -119,7 +119,7 @@ foreach ($object->fields as $key => $val) {
'checked'=>(($visible < 0) ? 0 : 1),
'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)),
'position'=>$val['position'],
- 'help'=>$val['help']
+ 'help'=> isset($val['help']) ? $val['help'] : ''
);
}
}
diff --git a/htdocs/eventorganization/conferenceorboothattendee_list.php b/htdocs/eventorganization/conferenceorboothattendee_list.php
index 97748640f17..658640d5834 100644
--- a/htdocs/eventorganization/conferenceorboothattendee_list.php
+++ b/htdocs/eventorganization/conferenceorboothattendee_list.php
@@ -128,7 +128,7 @@ foreach ($object->fields as $key => $val) {
'checked'=>(($visible < 0) ? 0 : 1),
'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)),
'position'=>$val['position'],
- 'help'=>$val['help']
+ 'help'=> isset($val['help']) ? $val['help'] : ''
);
}
}
diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php
index 344c65832db..c01c720f481 100644
--- a/htdocs/expensereport/card.php
+++ b/htdocs/expensereport/card.php
@@ -1084,7 +1084,7 @@ if (empty($reshook)) {
$fk_c_exp_tax_cat = GETPOST('fk_c_exp_tax_cat', 'int');
- $qty = GETPOST('qty', 'int');
+ $qty = price2num(GETPOST('qty', 'alpha'));
if (empty($qty)) {
$qty = 1;
}
@@ -1101,21 +1101,21 @@ if (empty($reshook)) {
$action = '';
}
- // Si aucune date n'est rentrée
+ // If no date entered
if (empty($date) || $date == "--") {
$error++;
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Date")), null, 'errors');
+ } elseif ($date < $object->date_debut || $date > ($object->date_fin + (24 * 3600 - 1))) {
+ // Warning if date out of range
+ $langs->load("errors");
+ setEventMessages($langs->trans("WarningDateOfLineMustBeInExpenseReportRange"), null, 'warnings');
}
- // Si aucun prix n'est rentré
+
+ // If no price entered
if ($value_unit == 0) {
$error++;
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("PriceUTTC")), null, 'errors');
}
- // Warning if date out of range
- if ($date < $object->date_debut || $date > ($object->date_fin + (24 * 3600 - 1))) {
- $langs->load("errors");
- setEventMessages($langs->trans("WarningDateOfLineMustBeInExpenseReportRange"), null, 'warnings');
- }
if (!$error) {
$type = 0; // TODO What if service ? We should take the type product/service from the type of expense report llx_c_type_fees
@@ -1215,12 +1215,12 @@ if (empty($reshook)) {
}
}
- $rowid = $_POST['rowid'];
+ $rowid = GETPOST('rowid', 'int');
$type_fees_id = GETPOST('fk_c_type_fees', 'int');
$fk_c_exp_tax_cat = GETPOST('fk_c_exp_tax_cat', 'int');
$projet_id = $fk_project;
$comments = GETPOST('comments', 'restricthtml');
- $qty = GETPOST('qty', 'int');
+ $qty = price2num(GETPOST('qty', 'alpha'));
$vatrate = GETPOST('vatrate', 'alpha');
// if VAT is not used in Dolibarr, set VAT rate to 0 because VAT rate is necessary.
@@ -2474,32 +2474,32 @@ if ($action == 'create') {
print '
';
} // Fin si c'est payé/validé
- print '';
- print '