From 783257706ca6c20776efe59ea84852a04281adbc Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Fri, 2 Jul 2021 10:53:51 +0200 Subject: [PATCH 01/51] fix: payment ok should trigger PAYMENTONLINE_PAYMENT_OK even on custom object --- htdocs/public/payment/paymentok.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/htdocs/public/payment/paymentok.php b/htdocs/public/payment/paymentok.php index 60d763593fe..fb23e57d1ed 100644 --- a/htdocs/public/payment/paymentok.php +++ b/htdocs/public/payment/paymentok.php @@ -746,6 +746,12 @@ if ($ispaymentok) $result = $object->call_trigger('PAYMENTONLINE_PAYMENT_OK', $user); if ($result < 0) $error++; // End call triggers + } elseif (get_class($object)=='stdClass') { + //In some case $object is not instanciate (for paiement on custom object) We need to deal with payment + include_once DOL_DOCUMENT_ROOT.'/compta/paiement/class/paiement.class.php'; + $paiement = new Paiement($db); + $result = $paiement->call_trigger('PAYMENTONLINE_PAYMENT_OK', $user); + if ($result < 0) $error++; } print $langs->trans("YourPaymentHasBeenRecorded")."
\n"; From 97938f489ef937662de07ddbe020c133e01eaeb4 Mon Sep 17 00:00:00 2001 From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com> Date: Fri, 2 Jul 2021 11:35:26 +0200 Subject: [PATCH 02/51] FIX: holiday: status filter parameter has been renamed but not in links it was used --- htdocs/core/menus/standard/eldy.lib.php | 10 +++++----- htdocs/holiday/class/holiday.class.php | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index ed835a3d4c0..76d51069885 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -1755,11 +1755,11 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM $newmenu->add("/holiday/card.php?mainmenu=hrm&leftmenu=holiday&action=create", $langs->trans("New"), 1, $user->rights->holiday->write); $newmenu->add("/holiday/list.php?mainmenu=hrm&leftmenu=hrm", $langs->trans("List"), 1, $user->rights->holiday->read); if ($usemenuhider || empty($leftmenu) || $leftmenu == "hrm") { - $newmenu->add("/holiday/list.php?search_statut=1&mainmenu=hrm&leftmenu=hrm", $langs->trans("DraftCP"), 2, $user->rights->holiday->read); - $newmenu->add("/holiday/list.php?search_statut=2&mainmenu=hrm&leftmenu=hrm", $langs->trans("ToReviewCP"), 2, $user->rights->holiday->read); - $newmenu->add("/holiday/list.php?search_statut=3&mainmenu=hrm&leftmenu=hrm", $langs->trans("ApprovedCP"), 2, $user->rights->holiday->read); - $newmenu->add("/holiday/list.php?search_statut=4&mainmenu=hrm&leftmenu=hrm", $langs->trans("CancelCP"), 2, $user->rights->holiday->read); - $newmenu->add("/holiday/list.php?search_statut=5&mainmenu=hrm&leftmenu=hrm", $langs->trans("RefuseCP"), 2, $user->rights->holiday->read); + $newmenu->add("/holiday/list.php?search_status=1&mainmenu=hrm&leftmenu=hrm", $langs->trans("DraftCP"), 2, $user->rights->holiday->read); + $newmenu->add("/holiday/list.php?search_status=2&mainmenu=hrm&leftmenu=hrm", $langs->trans("ToReviewCP"), 2, $user->rights->holiday->read); + $newmenu->add("/holiday/list.php?search_status=3&mainmenu=hrm&leftmenu=hrm", $langs->trans("ApprovedCP"), 2, $user->rights->holiday->read); + $newmenu->add("/holiday/list.php?search_status=4&mainmenu=hrm&leftmenu=hrm", $langs->trans("CancelCP"), 2, $user->rights->holiday->read); + $newmenu->add("/holiday/list.php?search_status=5&mainmenu=hrm&leftmenu=hrm", $langs->trans("RefuseCP"), 2, $user->rights->holiday->read); } $newmenu->add("/holiday/define_holiday.php?mainmenu=hrm&action=request", $langs->trans("MenuConfCP"), 1, $user->rights->holiday->read); $newmenu->add("/holiday/month_report.php?mainmenu=hrm&leftmenu=holiday", $langs->trans("MenuReportMonth"), 1, $user->rights->holiday->readall); diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index f61c0a66ca8..717e9a07c58 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -2248,7 +2248,7 @@ class Holiday extends CommonObject $response->warning_delay = $conf->holiday->approve->warning_delay / 60 / 60 / 24; $response->label = $langs->trans("HolidaysToApprove"); $response->labelShort = $langs->trans("ToApprove"); - $response->url = DOL_URL_ROOT.'/holiday/list.php?search_statut=2&mainmenu=hrm&leftmenu=holiday'; + $response->url = DOL_URL_ROOT.'/holiday/list.php?search_status=2&mainmenu=hrm&leftmenu=holiday'; $response->img = img_object('', "holiday"); while ($obj = $this->db->fetch_object($resql)) From 8bade0e4e7c06d163670f533dd4e7dd7f69c0628 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 2 Jul 2021 16:11:42 +0200 Subject: [PATCH 03/51] Fix add permission --- htdocs/comm/propal/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index e5700fca445..d92ec87ca29 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -112,7 +112,7 @@ if (!$sortfield) $sortfield = 'p.ref'; if (!$sortorder) $sortorder = 'DESC'; $permissiontoread = $user->rights->propal->lire; -$permissiontoadd = $user->rights->propal->write; +$permissiontoadd = $user->rights->propal->creer; $permissiontodelete = $user->rights->propal->supprimer; if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { $permissiontoclose = $user->rights->propale->propal_advance->close; From 8bde61c2c63fb917633db414c684204dfd428d6e Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Mon, 5 Jul 2021 06:58:10 +0200 Subject: [PATCH 04/51] FIX Accountancy - Link from admin --- htdocs/accountancy/admin/index.php | 2 +- htdocs/admin/accounting.php | 11 ++++++----- htdocs/core/modules/modAccounting.class.php | 2 +- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/htdocs/accountancy/admin/index.php b/htdocs/accountancy/admin/index.php index 24d31acddd6..98320613bfc 100644 --- a/htdocs/accountancy/admin/index.php +++ b/htdocs/accountancy/admin/index.php @@ -259,7 +259,7 @@ llxHeader('', $title); $linkback = ''; //$linkback = '' . $langs->trans("BackToModuleList") . ''; -print load_fiche_titre($langs->trans('ConfigAccountingExpert'), $linkback, 'accountancy'); +print load_fiche_titre($title, $linkback, 'accountancy'); print '
'; print ''; diff --git a/htdocs/admin/accounting.php b/htdocs/admin/accounting.php index e775f5bd8e3..ebe0712b03a 100644 --- a/htdocs/admin/accounting.php +++ b/htdocs/admin/accounting.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2018-2021 Alexandre Spangaro * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -18,7 +18,7 @@ /** * \file htdocs/admin/accounting.php * \ingroup accounting - * \brief Setup page to configure accountanting module + * \brief Setup page to configure accounting module */ require '../main.inc.php'; @@ -32,7 +32,7 @@ $action = GETPOST('action', 'aZ09'); $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'adminaccoutant'; // To manage different context of search // Load translation files required by the page -$langs->loadLangs(array('admin', 'companies')); +$langs->loadLangs(array('admin', 'companies', 'accountancy')); if (!$user->admin) { accessforbidden(); @@ -52,12 +52,13 @@ $error = 0; * View */ +$title = $langs->trans("ConfigAccountingExpert"); $help_url = ''; -llxHeader('', $langs->trans("ConfigAccountingExpert"), $help_url); +llxHeader('', $title, $help_url); $linkback = ''.$langs->trans("BackToModuleList").''; -print load_fiche_titre($langs->trans("ConfigAccountingExpert"), $linkback, 'title_setup'); +print load_fiche_titre($title, $linkback, 'title_setup'); print "
\n"; print ''.$langs->trans("AccountancySetupDoneFromAccountancyMenu", $langs->transnoentitiesnoconv("Accounting").' - '.$langs->transnoentitiesnoconv("Setup"))."
\n"; diff --git a/htdocs/core/modules/modAccounting.class.php b/htdocs/core/modules/modAccounting.class.php index d6127f65b83..e0bf3a9bbc5 100644 --- a/htdocs/core/modules/modAccounting.class.php +++ b/htdocs/core/modules/modAccounting.class.php @@ -60,7 +60,7 @@ class modAccounting extends DolibarrModules $this->dirs = array('/accounting/temp'); // Config pages - $this->config_page_url = array('accounting.php'); + $this->config_page_url = array('accounting.php?mainmenu=accountancy&leftmenu=accountancy_admin'); // Dependencies $this->depends = array("modFacture", "modBanque", "modTax"); // List of modules id that must be enabled if this module is enabled From dfee489e7e1650fab9c187406a40c4275a0ff731 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 11:33:32 +0200 Subject: [PATCH 05/51] Fix sanitizing entity --- htdocs/user/class/user.class.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 37ce6544cd0..ef530cbe6f5 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -442,7 +442,7 @@ class User extends CommonObject if ($entity < 0) { if ((empty($conf->multicompany->enabled) || empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) && (!empty($user->entity))) { - $sql .= " WHERE u.entity IN (0, ".$this->db->sanitize($conf->entity).")"; + $sql .= " WHERE u.entity IN (0, ".((int) $conf->entity).")"; } else { $sql .= " WHERE u.entity IS NOT NULL"; // multicompany is on in transverse mode or user making fetch is on entity 0, so user is allowed to fetch anywhere into database } @@ -451,7 +451,7 @@ class User extends CommonObject if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { $sql .= " WHERE u.entity IS NOT NULL"; // multicompany is on in transverse mode or user making fetch is on entity 0, so user is allowed to fetch anywhere into database } else { - $sql .= " WHERE u.entity IN (0, ".$this->db->sanitize(($entity != '' && $entity >= 0) ? $entity : $conf->entity).")"; // search in entity provided in parameter + $sql .= " WHERE u.entity IN (0, ".((int) (($entity != '' && $entity >= 0) ? $entity : $conf->entity)).")"; // search in entity provided in parameter } } @@ -2109,8 +2109,8 @@ class User extends CommonObject $outputlangs = new Translate("", $conf); if (isset($this->conf->MAIN_LANG_DEFAULT) - && $this->conf->MAIN_LANG_DEFAULT != 'auto') { // If user has defined its own language (rare because in most cases, auto is used) - $outputlangs->getDefaultLang($this->conf->MAIN_LANG_DEFAULT); + && $this->conf->MAIN_LANG_DEFAULT != 'auto') { // If user has defined its own language (rare because in most cases, auto is used) + $outputlangs->getDefaultLang($this->conf->MAIN_LANG_DEFAULT); } if ($this->conf->MAIN_LANG_DEFAULT) { @@ -2184,7 +2184,7 @@ class User extends CommonObject '', '', $trackid - ); + ); if ($mailfile->sendfile()) { return 1; @@ -3222,8 +3222,8 @@ class User extends CommonObject foreach ($this->users as $key => $val) { if (preg_match('/'.$keyfilter1.'/', $val['fullpath']) || preg_match('/'.$keyfilter2.'/', $val['fullpath']) || preg_match('/'.$keyfilter3.'/', $val['fullpath']) || preg_match('/'.$keyfilter4.'/', $val['fullpath'])) { - unset($this->users[$key]); - } + unset($this->users[$key]); + } } } From b7c86f3aeccf5b935de5e213608b2c5e5388a96f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 11:41:55 +0200 Subject: [PATCH 06/51] Fix ldap --- htdocs/core/login/functions_ldap.php | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/htdocs/core/login/functions_ldap.php b/htdocs/core/login/functions_ldap.php index 9de95be506b..0f3927709eb 100644 --- a/htdocs/core/login/functions_ldap.php +++ b/htdocs/core/login/functions_ldap.php @@ -29,7 +29,7 @@ * * @param string $usertotest Login * @param string $passwordtotest Password - * @param int $entitytotest Number of instance (always 1 if module multicompany not enabled) + * @param int $entitytotest Numero of instance (always 1 if module multicompany not enabled) * @return string Login if OK, '' if KO */ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest) @@ -151,10 +151,13 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest) if ($result > 0) { if ($result == 2) { // Connection is ok for user/pass into LDAP $login = $usertotest; - if (!empty($conf->global->LDAP_FIELD_LOGIN)) { - $login = $ldap->login; - } dol_syslog("functions_ldap::check_user_password_ldap $login authentication ok"); + // For the case, we search the user id using a search key without the login (but using other fields like id), + // we need to get the real login to use in the ldap answer. + if (!empty($conf->global->LDAP_FIELD_LOGIN) && !empty($ldap->login)) { + $login = $ldap->login; + dol_syslog("functions_ldap::check_user_password_ldap login is now $login (LDAP_FIELD_LOGIN=".$conf->global->LDAP_FIELD_LOGIN.")"); + } require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; @@ -207,7 +210,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest) } $usertmp = new User($db); - $resultFetchUser = $usertmp->fetch('', $login, $sid); + $resultFetchUser = $usertmp->fetch('', $login, $sid, 1, ($entitytotest > 0 ? $entitytotest : -1)); if ($resultFetchUser > 0) { dol_syslog("functions_ldap::check_user_password_ldap Sync user found user id=".$usertmp->id); // On verifie si le login a change et on met a jour les attributs dolibarr @@ -215,7 +218,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest) if ($usertmp->login != $ldap->login && $ldap->login) { $usertmp->login = $ldap->login; $usertmp->update($usertmp); - // TODO Que faire si update echoue car on update avec un login deja existant. + // TODO Que faire si update echoue car on update avec un login deja existant pour un autre compte. } //$resultUpdate = $usertmp->update_ldap2dolibarr($ldap); @@ -231,7 +234,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest) $usertmp->fetch('', $login); $ret = $mc->checkRight($usertmp->id, $entitytotest); if ($ret < 0) { - dol_syslog("functions_ldap::check_user_password_ldap Authentication KO entity '".$entitytotest."' not allowed for user '".$usertmp->id."'", LOG_NOTICE); + dol_syslog("functions_ldap::check_user_password_ldap Authentication KO entity '".$entitytotest."' not allowed for user id '".$usertmp->id."'", LOG_NOTICE); $login = ''; // force authentication failure } unset($usertmp); From 2eddc02deb6f2eb7f353606f15bb75637a127076 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 11:59:30 +0200 Subject: [PATCH 07/51] Fix selection of Autofill description --- htdocs/product/admin/product.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/product/admin/product.php b/htdocs/product/admin/product.php index b23cfbc5c4c..867876f4631 100644 --- a/htdocs/product/admin/product.php +++ b/htdocs/product/admin/product.php @@ -624,9 +624,10 @@ if (empty($conf->global->PRODUIT_USE_SEARCH_TO_SELECT)) { print ''; print ''.$langs->trans("OnProductSelectAddProductDesc").''; print ''; +print ''; print $form->selectarray( "activate_FillProductDescAuto", - array(1=>'AutoFillFormFieldBeforeSubmit', 0=>'DoNotAutofillButAutoConcat', -1=>'DoNotUseDescriptionOfProdut'), + array(0=>'DoNotAutofillButAutoConcat', 1=>'AutoFillFormFieldBeforeSubmit', 2=>'DoNotUseDescriptionOfProdut'), empty($conf->global->PRODUIT_AUTOFILL_DESC) ? 0 : $conf->global->PRODUIT_AUTOFILL_DESC, 0, 0, From d43e043b48bf531737f2d2dca7c7ed0f2669cb46 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 12:49:10 +0200 Subject: [PATCH 08/51] Fix regression when adding a product with multicompany --- htdocs/product/class/product.class.php | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index fdc50d5fe87..0ac8cba1391 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -2236,7 +2236,7 @@ class Product extends CommonObject // Check parameters if (!$id && !$ref && !$ref_ext && !$barcode) { $this->error = 'ErrorWrongParameters'; - dol_syslog(get_class($this)."::fetch ".$this->error); + dol_syslog(get_class($this)."::fetch ".$this->error, LOG_ERR); return -1; } @@ -2286,7 +2286,7 @@ class Product extends CommonObject $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_perentity as ppe ON ppe.fk_product = p.rowid AND ppe.entity = " . ((int) $conf->entity); } if ($separatedStock) { - $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_stock as sp ON sp.fk_product = p.rowid"; + $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_stock as sp ON sp.fk_product = p.rowid AND sp.fk_entrepot IN (SELECT rowid FROM ".MAIN_DB_PREFIX."entrepot WHERE entity IN (".$this->db->sanitize($visibleWarehousesEntities)."))"; } if ($id) { $sql .= " WHERE p.rowid = ".((int) $id); @@ -2300,9 +2300,6 @@ class Product extends CommonObject $sql .= " AND p.barcode = '".$this->db->escape($barcode)."'"; } } - if ($separatedStock) { - $sql .= " AND sp.fk_entrepot IN (SELECT rowid FROM ".MAIN_DB_PREFIX."entrepot WHERE entity IN (".$this->db->sanitize($visibleWarehousesEntities)."))"; - } if ($separatedStock) { $sql .= " GROUP BY p.rowid, p.ref, p.ref_ext, p.label, p.description, p.url, p.note_public, p.note, p.customcode, p.fk_country, p.fk_state, p.lifetime, p.qc_frequency, p.price, p.price_ttc,"; $sql .= " p.price_min, p.price_min_ttc, p.price_base_type, p.cost_price, p.default_vat_code, p.tva_tx, p.recuperableonly, p.localtax1_tx, p.localtax2_tx, p.localtax1_type, p.localtax2_type, p.tosell,"; From 5d824899e55ce02f54739242dec306e25c96f3f9 Mon Sep 17 00:00:00 2001 From: Francis Appels Date: Mon, 5 Jul 2021 13:44:05 +0200 Subject: [PATCH 09/51] Fix php 8 warning on home page --- htdocs/main.inc.php | 6 +++--- htdocs/projet/class/project.class.php | 2 +- htdocs/projet/class/task.class.php | 2 +- htdocs/supplier_proposal/class/supplier_proposal.class.php | 6 +++--- htdocs/user/class/user.class.php | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index bd0d77d3389..e9f5b16b6a9 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -509,7 +509,7 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->gl //print 'Unset POST by CSRF protection in main.inc.php.'; // Do not output anything because this create problems when using the BACK button on browsers. setEventMessages('SecurityTokenHasExpiredSoActionHasBeenCanceledPleaseRetry', null, 'warnings'); //if ($conf->global->MAIN_FEATURES_LEVEL >= 1) setEventMessages('Unset POST and GET params by CSRF protection in main.inc.php (Token provided was not generated by the previous page).'."
\n".'$_SERVER[REQUEST_URI] = '.$_SERVER['REQUEST_URI'].' $_SERVER[REQUEST_METHOD] = '.$_SERVER['REQUEST_METHOD'].' GETPOST(token) = '.GETPOST('token', 'alpha').' $_SESSION[token] = '.$_SESSION['token'], null, 'warnings'); - $savid = ((int) $_POST['id']); + if (isset($_POST['id'])) $savid = ((int) $_POST['id']); unset($_POST); //unset($_POST['action']); unset($_POST['massaction']); //unset($_POST['confirm']); unset($_POST['confirmmassaction']); @@ -517,7 +517,7 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->gl unset($_GET['action']); unset($_GET['confirmmassaction']); unset($_GET['massaction']); - $_POST['id'] = ((int) $savid); + if (isset($savid)) $_POST['id'] = ((int) $savid); } // Note: There is another CSRF protection into the filefunc.inc.php @@ -3146,7 +3146,7 @@ if (!function_exists("llxFooter")) { } // Wrapper to add log when clicking on download or preview - if (!empty($conf->blockedlog->enabled) && is_object($object) && $object->id > 0 && $object->statut > 0) { + if (!empty($conf->blockedlog->enabled) && is_object($object) && !empty($object->id) && $object->id > 0 && $object->statut > 0) { if (in_array($object->element, array('facture'))) { // Restrict for the moment to element 'facture' print "\n\n"; ?> diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index ce2db90fa5d..a570e8ed7bb 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -2050,7 +2050,7 @@ class Project extends CommonObject $response->nbtodo++; $project_static->statut = $obj->status; - $project_static->opp_status = $obj->opp_status; + $project_static->opp_status = $obj->fk_opp_status; $project_static->datee = $this->db->jdate($obj->datee); if ($project_static->hasDelay()) { diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index bd25398776e..5e17c92c562 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -2118,7 +2118,7 @@ class Task extends CommonObject $now = dol_now(); - $datetouse = ($this->date_end > 0) ? $this->date_end : ($this->datee > 0 ? $this->datee : 0); + $datetouse = ($this->date_end > 0) ? $this->date_end : ((isset($this->datee) && $this->datee > 0) ? $this->datee : 0); return ($datetouse > 0 && ($datetouse < ($now - $conf->projet->task->warning_delay))); } diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index eb003cdab9e..6d43222bcf2 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -2216,7 +2216,7 @@ class SupplierProposal extends CommonObject $this->nbtodo = $this->nbtodolate = 0; $clause = " WHERE"; - $sql = "SELECT p.rowid, p.ref, p.datec as datec"; + $sql = "SELECT p.rowid, p.ref, p.datec as datec, p.date_cloture as datefin"; $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposal as p"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc"; @@ -2239,13 +2239,13 @@ class SupplierProposal extends CommonObject $label = $labelShort = ''; $status = ''; if ($mode == 'opened') { - $delay_warning = $conf->supplier_proposal->cloture->warning_delay; + $delay_warning = !empty($conf->supplier_proposal->cloture->warning_delay) ? $conf->supplier_proposal->cloture->warning_delay : 0; $status = self::STATUS_VALIDATED; $label = $langs->trans("SupplierProposalsToClose"); $labelShort = $langs->trans("ToAcceptRefuse"); } if ($mode == 'signed') { - $delay_warning = $conf->supplier_proposal->facturation->warning_delay; + $delay_warning = !empty($conf->supplier_proposal->facturation->warning_delay) ? $conf->supplier_proposal->facturation->warning_delay : 0; $status = self::STATUS_SIGNED; $label = $langs->trans("SupplierProposalsToProcess"); // May be billed or ordered $labelShort = $langs->trans("ToClose"); diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 37ce6544cd0..acfe581b3c9 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -3298,7 +3298,7 @@ class User extends CommonObject $i = 0; $cursor_user = $id_user; $useridfound = array($id_user); - while (!empty($this->parentof[$cursor_user])) { + while (!empty($this->parentof[$cursor_user]) && !empty($this->users[$this->parentof[$cursor_user]])) { if (in_array($this->parentof[$cursor_user], $useridfound)) { dol_syslog("The hierarchy of user has a recursive loop", LOG_WARNING); return -1; // Should not happen. Protection against looping hierarchy From 383c6782001f79c7c6950abcbc32aee5d656de09 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 14:09:01 +0200 Subject: [PATCH 10/51] Trans --- htdocs/langs/en_US/admin.lang | 1 + htdocs/product/admin/product.php | 54 +++++++++++++++++++++----------- 2 files changed, 37 insertions(+), 18 deletions(-) diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 2a726e9eefe..0e357e27577 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -53,6 +53,7 @@ InternalUser=Internal user ExternalUser=External user InternalUsers=Internal users ExternalUsers=External users +UserInterface=User interface GUISetup=Display SetupArea=Setup UploadNewTemplate=Upload new template(s) diff --git a/htdocs/product/admin/product.php b/htdocs/product/admin/product.php index 867876f4631..5a83c685e0f 100644 --- a/htdocs/product/admin/product.php +++ b/htdocs/product/admin/product.php @@ -507,14 +507,16 @@ print "
"; print "
"; -print load_fiche_titre($langs->trans("ProductOtherConf"), '', ''); - print ''; print ''; print ''; print ''; + +print load_fiche_titre($langs->trans("ProductOtherConf"), '', ''); + + print ''; print ''; print ''."\n"; @@ -592,6 +594,38 @@ print $form->selectPriceBaseType($conf->global->PRODUCT_PRICE_BASE_TYPE, "price_ print ''; print ''; +if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD)) || !empty($conf->supplier_order->enabled) || !empty($conf->supplier_invoice->enabled)) { + print ''; + print ''; + print ''; + print ''; + + print ''; + print ''; + print ''; + print ''; +} + +print '
'.$langs->trans("Parameters").'
'.$langs->trans("UseProductFournDesc").''; + print $form->selectyesno("activate_useProdFournDesc", (!empty($conf->global->PRODUIT_FOURN_TEXTS) ? $conf->global->PRODUIT_FOURN_TEXTS : 0), 1); + print '
'.$langs->trans("UseProductSupplierPackaging").''; + print $form->selectyesno("activate_useProdSupplierPackaging", (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING) ? $conf->global->PRODUCT_USE_SUPPLIER_PACKAGING : 0), 1); + print '
'; + +print '
'; +print ''; +print '
'; + + +print load_fiche_titre($langs->trans("UserInterface"), '', ''); + + +print ''; +print ''; +print ''."\n"; +print ''."\n"; +print ''."\n"; + // Use Ajax form to select a product print ''; @@ -683,22 +717,6 @@ if (!empty($conf->global->MAIN_MULTILANGS)) { print ''; } -if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD)) || !empty($conf->supplier_order->enabled) || !empty($conf->supplier_invoice->enabled)) { - print ''; - print ''; - print ''; - print ''; - - print ''; - print ''; - print ''; - print ''; -} - if (!empty($conf->global->PRODUCT_CANVAS_ABILITY)) { // Add canvas feature From 87241c94a3e589589c7250a9701c2d2cb29744d0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 14:41:40 +0200 Subject: [PATCH 11/51] Code comment --- htdocs/install/mysql/tables/llx_actioncomm.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/install/mysql/tables/llx_actioncomm.sql b/htdocs/install/mysql/tables/llx_actioncomm.sql index 9012f6b3a66..2f3f7660698 100644 --- a/htdocs/install/mysql/tables/llx_actioncomm.sql +++ b/htdocs/install/mysql/tables/llx_actioncomm.sql @@ -55,7 +55,7 @@ create table llx_actioncomm durationp real, -- planed duration label varchar(255) NOT NULL, -- label/title of event or topic of email - note text, -- note of event or content of email + note text, -- private note of event or content of email calling_duration integer, -- when event is a phone call, duration of phone call From df5878b3d63713694e273a61a4195a07cbcb97ba Mon Sep 17 00:00:00 2001 From: Francis Appels Date: Mon, 5 Jul 2021 14:45:00 +0200 Subject: [PATCH 12/51] Fix php 8 warning in inventory module --- htdocs/product/inventory/card.php | 15 +++++++-------- htdocs/product/inventory/inventory.php | 4 ++-- htdocs/product/inventory/list.php | 13 ++++++++----- 3 files changed, 17 insertions(+), 15 deletions(-) diff --git a/htdocs/product/inventory/card.php b/htdocs/product/inventory/card.php index 5ec359e5d8a..754c2b64155 100644 --- a/htdocs/product/inventory/card.php +++ b/htdocs/product/inventory/card.php @@ -49,7 +49,10 @@ if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { // Initialize technical objects $object = new Inventory($db); $extrafields = new ExtraFields($db); -$diroutputmassaction = $conf->stock->dir_output.'/temp/massgeneration/'.$user->id; +// no inventory docs yet +$includedocgeneration = false; +$diroutputmassaction = null; +// $diroutputmassaction = $conf->stock->dir_output.'/temp/massgeneration/'.$user->id; $hookmanager->initHooks(array('inventorycard', 'globalcard')); // Note that conf->hooks_modules contains array // Fetch optionals attributes and labels @@ -180,7 +183,7 @@ if ($action == 'create') { if ($backtopage) { print ''; } - if ($backtopageforcancel) { + if (isset($backtopageforcancel)) { print ''; } @@ -261,10 +264,6 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea if ($action == 'delete') { $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('DeleteInventory'), $langs->trans('ConfirmDeleteObject'), 'confirm_delete', '', 0, 1); } - // Confirmation to delete line - if ($action == 'deleteline') { - $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id.'&lineid='.$lineid, $langs->trans('DeleteLine'), $langs->trans('ConfirmDeleteLine'), 'confirm_deleteline', '', 0, 1); - } // Clone confirmation if ($action == 'clone') { @@ -290,7 +289,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea } // Call Hook formConfirm - $parameters = array('formConfirm' => $formconfirm, 'lineid' => $lineid); + $parameters = array('formConfirm' => $formconfirm); $reshook = $hookmanager->executeHooks('formConfirm', $parameters, $object, $action); // Note that $action and $object may have been modified by hook if (empty($reshook)) { $formconfirm .= $hookmanager->resPrint; @@ -469,7 +468,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea // List of actions on element include_once DOL_DOCUMENT_ROOT.'/core/class/html.formactions.class.php'; $formactions = new FormActions($db); - $somethingshown = $formactions->showactions($object, 'inventory', $socid, 1, '', $MAXEVENT, '', $morehtmlright); + $somethingshown = $formactions->showactions($object, 'inventory', 0, 1, '', $MAXEVENT, '', $morehtmlright); print ''; } diff --git a/htdocs/product/inventory/inventory.php b/htdocs/product/inventory/inventory.php index 89394e56e29..85cd0932f46 100644 --- a/htdocs/product/inventory/inventory.php +++ b/htdocs/product/inventory/inventory.php @@ -616,7 +616,7 @@ if ($object->id > 0) { while ($i < $num) { $obj = $db->fetch_object($resql); - if (is_object($cacheOfWarehouses[$obj->fk_warehouse])) { + if (isset($cacheOfWarehouses[$obj->fk_warehouse])) { $warehouse_static = $cacheOfWarehouses[$obj->fk_warehouse]; } else { $warehouse_static = new Entrepot($db); @@ -625,7 +625,7 @@ if ($object->id > 0) { $cacheOfWarehouses[$warehouse_static->id] = $warehouse_static; } - if (is_object($cacheOfProducts[$obj->fk_product])) { + if (isset($cacheOfProducts[$obj->fk_product])) { $product_static = $cacheOfProducts[$obj->fk_product]; } else { $product_static = new Product($db); diff --git a/htdocs/product/inventory/list.php b/htdocs/product/inventory/list.php index 7d792c82ec1..e9c162a0bcf 100644 --- a/htdocs/product/inventory/list.php +++ b/htdocs/product/inventory/list.php @@ -59,7 +59,9 @@ $pagenext = $page + 1; // Initialize technical objects $object = new Inventory($db); $extrafields = new ExtraFields($db); -$diroutputmassaction = $conf->inventory->dir_output.'/temp/massgeneration/'.$user->id; +// no inventory docs yet +// $diroutputmassaction = $conf->inventory->dir_output.'/temp/massgeneration/'.$user->id; +$diroutputmassaction = null; $hookmanager->initHooks(array('inventorylist')); // Note that conf->hooks_modules contains array // Fetch optionals attributes and labels $extrafields->fetch_name_optionals_label($object->table_element); @@ -127,9 +129,9 @@ if ($user->socid > 0) { // Protection if external user accessforbidden(); } if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { - $result = restrictedArea($user, 'stock', $objectid); + $result = restrictedArea($user, 'stock'); } else { - $result = restrictedArea($user, 'stock', $objectid, '', 'inventory_advance'); + $result = restrictedArea($user, 'stock', 0, '', 'inventory_advance'); } @@ -624,7 +626,8 @@ print '
'.$langs->trans("Parameters").''.$langs->trans("Value").'
'.$langs->trans("UseProductFournDesc").''; - print $form->selectyesno("activate_useProdFournDesc", (!empty($conf->global->PRODUIT_FOURN_TEXTS) ? $conf->global->PRODUIT_FOURN_TEXTS : 0), 1); - print '
'.$langs->trans("UseProductSupplierPackaging").''; - print $form->selectyesno("activate_useProdSupplierPackaging", (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING) ? $conf->global->PRODUCT_USE_SUPPLIER_PACKAGING : 0), 1); - print '
'."\n"; print ''."\n"; print ''."\n"; - +// no inventory docs yet +/* if (in_array('builddoc', $arrayofmassactions) && ($nbtotalofrecords === '' || $nbtotalofrecords)) { $hidegeneratedfilelistifempty = 1; if ($massaction == 'builddoc' || $action == 'remove_file' || $show_files) { @@ -644,7 +647,7 @@ if (in_array('builddoc', $arrayofmassactions) && ($nbtotalofrecords === '' || $n print $formfile->showdocuments('massfilesarea_mymodule', '', $filedir, $urlsource, 0, $delallowed, '', 1, 1, 0, 48, 1, $param, $title, '', '', '', null, $hidegeneratedfilelistifempty); } - +*/ // End of page llxFooter(); $db->close(); From 1333ca366066aae4432bdbe606df4cefdca6c76e Mon Sep 17 00:00:00 2001 From: Francis Appels Date: Mon, 5 Jul 2021 14:51:34 +0200 Subject: [PATCH 13/51] Fix php 8 warning on not set field keys --- htdocs/bom/bom_list.php | 2 +- htdocs/compta/cashcontrol/cashcontrol_list.php | 2 +- htdocs/core/tpl/commonfields_add.tpl.php | 2 +- htdocs/core/tpl/commonfields_edit.tpl.php | 2 +- htdocs/eventorganization/conferenceorbooth_list.php | 2 +- htdocs/eventorganization/conferenceorboothattendee_list.php | 2 +- htdocs/knowledgemanagement/knowledgerecord_list.php | 2 +- htdocs/modulebuilder/template/myobject_list.php | 2 +- htdocs/mrp/mo_list.php | 2 +- htdocs/partnership/partnership_list.php | 2 +- htdocs/product/inventory/list.php | 2 +- htdocs/product/stock/list.php | 2 +- htdocs/projet/list.php | 2 +- htdocs/salaries/list.php | 2 +- htdocs/salaries/payments.php | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/htdocs/bom/bom_list.php b/htdocs/bom/bom_list.php index 6b54e8a4044..c51603147c8 100644 --- a/htdocs/bom/bom_list.php +++ b/htdocs/bom/bom_list.php @@ -108,7 +108,7 @@ foreach ($object->fields as $key => $val) { 'checked'=>(($visible < 0) ? 0 : 1), 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), 'position'=>$val['position'], - 'help'=>$val['help'] + 'help'=> isset($val['help']) ? $val['help'] : '' ); } } diff --git a/htdocs/compta/cashcontrol/cashcontrol_list.php b/htdocs/compta/cashcontrol/cashcontrol_list.php index ec7af37940c..42e53085ea8 100644 --- a/htdocs/compta/cashcontrol/cashcontrol_list.php +++ b/htdocs/compta/cashcontrol/cashcontrol_list.php @@ -131,7 +131,7 @@ foreach ($object->fields as $key => $val) { 'checked'=>(($visible < 0) ? 0 : 1), 'enabled'=>($visible != 3 && dol_eval($val['enabled'], 1)), 'position'=>$val['position'], - 'help'=>$val['help'] + 'help'=> isset($val['help']) ? $val['help'] : '' ); } } diff --git a/htdocs/core/tpl/commonfields_add.tpl.php b/htdocs/core/tpl/commonfields_add.tpl.php index d1d378e7e60..cd07c0b8191 100644 --- a/htdocs/core/tpl/commonfields_add.tpl.php +++ b/htdocs/core/tpl/commonfields_add.tpl.php @@ -47,7 +47,7 @@ foreach ($object->fields as $key => $val) { print ''; print ''1',), 'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'help'=>"LinkToThirparty",), 'fk_project' => array('type'=>'integer:Project:projet/class/project.class.php:1::eventorganization', 'label'=>'Project', 'enabled'=>'1', 'position'=>52, 'notnull'=>-1, 'visible'=>-1, 'index'=>1,), - 'note' => array('type'=>'text', 'label'=>'Description', 'enabled'=>'1', 'position'=>60, 'notnull'=>0, 'visible'=>1,), + 'note' => array('type'=>'text', 'label'=>'Description', 'enabled'=>'1', 'position'=>60, 'notnull'=>0, 'visible'=>1, 'csslist'=>'small'), 'fk_action' => array('type'=>'sellist:c_actioncomm:libelle:id::module LIKE (\'%@eventorganization\')', 'label'=>'Format', 'enabled'=>'1', 'position'=>60, 'notnull'=>1, 'visible'=>1,), 'datep' => array('type'=>'datetime', 'label'=>'DateStart', 'enabled'=>'1', 'position'=>70, 'notnull'=>0, 'visible'=>1, 'showoncombobox'=>'2',), 'datep2' => array('type'=>'datetime', 'label'=>'DateEnd', 'enabled'=>'1', 'position'=>71, 'notnull'=>0, 'visible'=>1, 'showoncombobox'=>'3',), @@ -118,6 +118,7 @@ class ConferenceOrBooth extends ActionComm 'fk_user_mod' => array('type'=>'integer:User:user/class/user.class.php', 'label'=>'UserModif', 'enabled'=>'1', 'position'=>511, 'notnull'=>-1, 'visible'=>-2,), 'import_key' => array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>'1', 'position'=>1000, 'notnull'=>-1, 'visible'=>-2,), 'status' => array('type'=>'smallint', 'label'=>'Status', 'enabled'=>'1', 'position'=>1000, 'notnull'=>1, 'visible'=>1, 'default'=>'0', 'index'=>1, 'arrayofkeyval'=>array('0'=>'EvntOrgDraft', '1'=>'EvntOrgSuggested', '2'=> 'EvntOrgConfirmed', '3' =>'EvntOrgNotQualified', '4' =>'EvntOrgDone', '9'=>'EvntOrgCancelled'),), + 'num_vote' => array('type'=>'smallint', 'label'=>'NbVotes', 'enabled'=>'1', 'position'=>1001, 'notnull'=>-1, 'visible'=>5, 'default'=>'0', 'index'=>0), ); public $rowid; public $id; diff --git a/htdocs/langs/en_US/eventorganization.lang b/htdocs/langs/en_US/eventorganization.lang index 335c257b224..f361e6bc192 100644 --- a/htdocs/langs/en_US/eventorganization.lang +++ b/htdocs/langs/en_US/eventorganization.lang @@ -86,6 +86,7 @@ DownloadICSLink = Download ICS link EVENTORGANIZATION_SECUREKEY = Secure Key of the public registration link to a conference SERVICE_BOOTH_LOCATION = Service used for the invoice row about a booth location SERVICE_CONFERENCE_ATTENDEE_SUBSCRIPTION = Service used for the invoice row about an attendee subscription to a conference +NbVotes=Number of votes # # Status # @@ -115,6 +116,9 @@ EvntOrgDuration = This conference starts on %s and ends on %s. ConferenceAttendeeFee = Conference attendee fee for the event : '%s' occurring from %s to %s. BoothLocationFee = Booth location for the event : '%s' occurring from %s to %s EventType = Event type +LabelOfBooth=Booth label +LabelOfconference=Conference label +ConferenceIsNotConfirmed=Subcription not available, conference is not confirmed yet # # Vote page diff --git a/htdocs/public/eventorganization/attendee_subscription.php b/htdocs/public/eventorganization/attendee_subscription.php index 19bb2007bda..afdfdb9f806 100644 --- a/htdocs/public/eventorganization/attendee_subscription.php +++ b/htdocs/public/eventorganization/attendee_subscription.php @@ -205,7 +205,7 @@ if ($reshook < 0) { } // Action called when page is submitted -if (empty($reshook) && $action == 'add') { +if (empty($reshook) && $action == 'add' && $conference->status==2) { $error = 0; $urlback = ''; @@ -473,25 +473,27 @@ print $langs->trans("EvntOrgWelcomeMessage", $conference->label); print '
'; print $langs->trans("EvntOrgDuration", dol_print_date($conference->datep), dol_print_date($conference->datef)); print ''; - dol_htmloutput_errors($errmsg); -// Print form -print '
'."\n"; -print ''; -print ''; -print ''; -print ''; -print ''; +if ($conference->status!=2) { + print $langs->trans("ConferenceIsNotConfirmed"); +} else { + // Print form + print '' . "\n"; + print ''; + print ''; + print ''; + print ''; + print ''; -print '
'; + print '
'; -print '
'.$langs->trans("FieldsWithAreMandatory", '*').'
'; -//print $langs->trans("FieldsWithIsForPublic",'**').'
'; + print '
' . $langs->trans("FieldsWithAreMandatory", '*') . '
'; + //print $langs->trans("FieldsWithIsForPublic",'**').'
'; -print dol_get_fiche_head(''); + print dol_get_fiche_head(''); -print ''; -print ''."\n"; + print '
' . "\n"; -// Email -print ''."\n"; -// Company -print ''."\n"; -// Address -print ''."\n"; -// Zip / Town -print ''; -// Country -print '' . "\n"; + // Company + print '' . "\n"; + // Address + print '' . "\n"; + // Zip / Town + print ''; + // Country + print ''; -// State -if (empty($conf->global->SOCIETE_DISABLE_STATE)) { - print ''; + // State + if (empty($conf->global->SOCIETE_DISABLE_STATE)) { + print ''; + } + + print "
'.$langs->trans("Email").'*
'.$langs->trans("Company"); -if (!empty(floatval($project->price_registration))) { - print '*'; -} -print '
'.$langs->trans("Address").''."\n"; -print '
'.$langs->trans('Zip').' / '.$langs->trans('Town').''; -print $formcompany->select_ziptown(GETPOST('zipcode'), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6, 1); -print ' / '; -print $formcompany->select_ziptown(GETPOST('town'), 'town', array('zipcode', 'selectcountry_id', 'state_id'), 0, 1); -print '
'.$langs->trans('Country').'*'; -$country_id = GETPOST('country_id'); -if (!$country_id && !empty($conf->global->MEMBER_NEWFORM_FORCECOUNTRYCODE)) { - $country_id = getCountry($conf->global->MEMBER_NEWFORM_FORCECOUNTRYCODE, 2, $db, $langs); -} -if (!$country_id && !empty($conf->geoipmaxmind->enabled)) { - $country_code = dol_user_country(); - //print $country_code; - if ($country_code) { - $new_country_id = getCountry($country_code, 3, $db, $langs); - //print 'xxx'.$country_code.' - '.$new_country_id; - if ($new_country_id) { - $country_id = $new_country_id; + // Email + print '
' . $langs->trans("Email") . '*
' . $langs->trans("Company"); + if (!empty(floatval($project->price_registration))) { + print '*'; + } + print '
' . $langs->trans("Address") . '' . "\n"; + print '
' . $langs->trans('Zip') . ' / ' . $langs->trans('Town') . ''; + print $formcompany->select_ziptown(GETPOST('zipcode'), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6, 1); + print ' / '; + print $formcompany->select_ziptown(GETPOST('town'), 'town', array('zipcode', 'selectcountry_id', 'state_id'), 0, 1); + print '
' . $langs->trans('Country') . '*'; + $country_id = GETPOST('country_id'); + if (!$country_id && !empty($conf->global->MEMBER_NEWFORM_FORCECOUNTRYCODE)) { + $country_id = getCountry($conf->global->MEMBER_NEWFORM_FORCECOUNTRYCODE, 2, $db, $langs); + } + if (!$country_id && !empty($conf->geoipmaxmind->enabled)) { + $country_code = dol_user_country(); + //print $country_code; + if ($country_code) { + $new_country_id = getCountry($country_code, 3, $db, $langs); + //print 'xxx'.$country_code.' - '.$new_country_id; + if ($new_country_id) { + $country_id = $new_country_id; + } } } -} -$country_code = getCountry($country_id, 2, $db, $langs); -print $form->select_country($country_id, 'country_id'); -print '
'.$langs->trans('State').''; - if ($country_code) { - print $formcompany->select_state(GETPOST("state_id"), $country_code); - } else { - print ''; - } + $country_code = getCountry($country_id, 2, $db, $langs); + print $form->select_country($country_id, 'country_id'); print '
' . $langs->trans('State') . ''; + if ($country_code) { + print $formcompany->select_state(GETPOST("state_id"), $country_code); + } else { + print ''; + } + print '
\n"; + + print dol_get_fiche_end(); + + // Save + print '
'; + print ''; + if (!empty($backtopage)) { + print '     '; + } + print '
'; + + + print "
\n"; + print "
"; + print ''; } -print "\n"; - -print dol_get_fiche_end(); - -// Save -print '
'; -print ''; -if (!empty($backtopage)) { - print '     '; -} -print '
'; - - -print "\n"; -print "
"; -print ''; - - llxFooterVierge(); $db->close(); diff --git a/htdocs/public/project/suggestbooth.php b/htdocs/public/project/suggestbooth.php index 6329441778f..43a4b989687 100644 --- a/htdocs/public/project/suggestbooth.php +++ b/htdocs/public/project/suggestbooth.php @@ -405,6 +405,7 @@ if (empty($reshook) && $action == 'add') { $facture->paye = 0; $facture->date = dol_now(); $facture->cond_reglement_id = $contact->cond_reglement_id; + $facture->fk_project = $project->id; if (empty($facture->cond_reglement_id)) { $paymenttermstatic = new PaymentTerm($contact->db); @@ -569,7 +570,7 @@ jQuery(document).ready(function () { print ''."\n"; // Name -print ''; +print ''; print ''; print ''; // Email @@ -577,21 +578,6 @@ print ''."\n"; -// Type of event -print ''."\n"; -print ''; -// Label -print ''."\n"; -print ''."\n"; -// Note -print ''."\n"; -print ''."\n"; -// Start Date -print ''."\n"; -print ''."\n"; -// End Date -print ''."\n"; -print ''."\n"; // Address print ''."\n"; @@ -603,9 +589,8 @@ print $formcompany->select_ziptown(GETPOST('town'), 'town', array('zipcode', 'se print ''; // Country print ''; } +// Type of event +print ''."\n"; +print ''; +// Label +print ''."\n"; +print ''."\n"; +// Note +print ''."\n"; +print ''."\n"; +// Start Date +print ''."\n"; +print ''."\n"; +// End Date +print ''."\n"; +print ''."\n"; + print "
lastname).'" autofocus="autofocus">
'.$langs->trans("Email").'*'.$langs->trans("Company").'*'; print '
'.$langs->trans("EventType").'*'.FORM::selectarray('eventtype', $arrayofeventtype, $eventtype).'
'.$langs->trans("Label").'*
'.$langs->trans("Note").'*
'.$langs->trans("DateStart").'*
'.$langs->trans("DateEnd").'*
'.$langs->trans("Address").''."\n"; print '
'.$langs->trans('Country'); -if (!empty(floatval($project->price_booth))) { - print '*'; -} +print '*'; + print ''; $country_id = GETPOST('country_id'); if (!$country_id && !empty($conf->global->MEMBER_NEWFORM_FORCECOUNTRYCODE)) { @@ -635,6 +620,22 @@ if (empty($conf->global->SOCIETE_DISABLE_STATE)) { } print '
'.$langs->trans("EventType").'*'.FORM::selectarray('eventtype', $arrayofeventtype, $eventtype).'
'.$langs->trans("LabelOfBooth").'*
'.$langs->trans("Description").'*
'.$langs->trans("DateStart").'*
'.$langs->trans("DateEnd").'*
\n"; diff --git a/htdocs/public/project/suggestconference.php b/htdocs/public/project/suggestconference.php index 00b093ba215..d63f2d2d98d 100644 --- a/htdocs/public/project/suggestconference.php +++ b/htdocs/public/project/suggestconference.php @@ -508,11 +508,11 @@ jQuery(document).ready(function () { print ''."\n"; // Last Name -print ''; +print ''; print ''; print ''; // First Name -print ''; +print ''; print ''; print ''; // Email @@ -520,21 +520,6 @@ print ''."\n"; -// Type of event -print ''."\n"; -print ''; -// Label -print ''."\n"; -print ''."\n"; -// Note -print ''."\n"; -print ''."\n"; -// Start Date -print ''."\n"; -print ''."\n"; -// End Date -print ''."\n"; -print ''."\n"; // Address print ''."\n"; @@ -574,6 +559,22 @@ if (empty($conf->global->SOCIETE_DISABLE_STATE)) { } print ''; } +// Type of event +print ''."\n"; +print ''; +// Label +print ''."\n"; +print ''."\n"; +// Note +print ''."\n"; +print ''."\n"; +// Start Date +print ''."\n"; +print ''."\n"; +// End Date +print ''."\n"; +print ''."\n"; + print "
lastname).'" autofocus="autofocus">
firstname).'" autofocus="autofocus">
'.$langs->trans("Email").'*'.$langs->trans("Company").'*'; print '
'.$langs->trans("EventType").'*'.FORM::selectarray('eventtype', $arrayofeventtype, $eventtype).'
'.$langs->trans("Label").'*
'.$langs->trans("Note").'*
'.$langs->trans("DateStart").'
'.$langs->trans("DateEnd").'
'.$langs->trans("Address").''."\n"; print '
'.$langs->trans("EventType").'*'.FORM::selectarray('eventtype', $arrayofeventtype, $eventtype).'
'.$langs->trans("LabelOfconference").'*
'.$langs->trans("Description").'*
'.$langs->trans("DateStart").'
'.$langs->trans("DateEnd").'
\n"; From ca53abcef2abe690e5dbd1463e1294f3a210ae35 Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Mon, 5 Jul 2021 15:35:05 +0200 Subject: [PATCH 15/51] fix email template type --- .../class/conferenceorbooth.class.php | 2 +- htdocs/install/mysql/data/llx_c_email_templates.sql | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/htdocs/eventorganization/class/conferenceorbooth.class.php b/htdocs/eventorganization/class/conferenceorbooth.class.php index 10ed5668c63..bb84bbe37bd 100644 --- a/htdocs/eventorganization/class/conferenceorbooth.class.php +++ b/htdocs/eventorganization/class/conferenceorbooth.class.php @@ -108,7 +108,7 @@ class ConferenceOrBooth extends ActionComm 'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>'1', 'position'=>30, 'notnull'=>0, 'visible'=>1, 'searchall'=>1, 'css'=>'minwidth300', 'help'=>"Help text", 'showoncombobox'=>'1',), 'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'help'=>"LinkToThirparty",), 'fk_project' => array('type'=>'integer:Project:projet/class/project.class.php:1::eventorganization', 'label'=>'Project', 'enabled'=>'1', 'position'=>52, 'notnull'=>-1, 'visible'=>-1, 'index'=>1,), - 'note' => array('type'=>'text', 'label'=>'Description', 'enabled'=>'1', 'position'=>60, 'notnull'=>0, 'visible'=>1, 'csslist'=>'small'), + 'note' => array('type'=>'text', 'label'=>'Description', 'enabled'=>'1', 'position'=>60, 'notnull'=>0, 'visible'=>1), 'fk_action' => array('type'=>'sellist:c_actioncomm:libelle:id::module LIKE (\'%@eventorganization\')', 'label'=>'Format', 'enabled'=>'1', 'position'=>60, 'notnull'=>1, 'visible'=>1,), 'datep' => array('type'=>'datetime', 'label'=>'DateStart', 'enabled'=>'1', 'position'=>70, 'notnull'=>0, 'visible'=>1, 'showoncombobox'=>'2',), 'datep2' => array('type'=>'datetime', 'label'=>'DateEnd', 'enabled'=>'1', 'position'=>71, 'notnull'=>0, 'visible'=>1, 'showoncombobox'=>'3',), diff --git a/htdocs/install/mysql/data/llx_c_email_templates.sql b/htdocs/install/mysql/data/llx_c_email_templates.sql index acc09bad008..e2b1cd65077 100644 --- a/htdocs/install/mysql/data/llx_c_email_templates.sql +++ b/htdocs/install/mysql/data/llx_c_email_templates.sql @@ -35,9 +35,9 @@ INSERT INTO llx_c_email_templates (entity, module, type_template, lang, private, INSERT INTO llx_c_email_templates (entity, module, type_template, lang, private, fk_user, datec, label, position, enabled, active, topic, content, content_lines, joinfiles) VALUES (0,'recruitment','recruitmentcandidature_send','',0,null,null,'(AnswerCandidature)' ,100,'$conf->recruitment->enabled',1,'[__[MAIN_INFO_SOCIETE_NOM]__] __(YourCandidature)__', '__(Hello)__ __CANDIDATE_FULLNAME__,

\n\n__(YourCandidatureAnswerMessage)__
__ONLINE_INTERVIEW_SCHEDULER_TEXT_AND_URL__\n

\n__(Sincerely)__
__USER_SIGNATURE__',null, 0); -- Event organization -INSERT INTO llx_c_email_templates (entity, module, type_template, lang, private, fk_user, datec, label, position, active, topic, content, content_lines, enabled, joinfiles) values (0, '', 'eventorganization_send', '', 0, null, null, 'EventOrganizationEmailAskConf', 10, 1, '[__[MAIN_INFO_SOCIETE_NOM]__] __(EventOrganizationEmailAskConf)__', '__(Hello)__ __THIRDPARTY_NAME__,

__(ThisIsContentOfYourOrganizationEventConfRequestWasReceived)__

__ONLINE_PAYMENT_TEXT_AND_URL__


__(Sincerely)__
__USER_SIGNATURE__', null, '1', null); -INSERT INTO llx_c_email_templates (entity, module, type_template, lang, private, fk_user, datec, label, position, active, topic, content, content_lines, enabled, joinfiles) values (0, '', 'eventorganization_send', '', 0, null, null, 'EventOrganizationEmailAskBooth', 20, 1, '[__[MAIN_INFO_SOCIETE_NOM]__] __(EventOrganizationEmailAskBooth)__', '__(Hello)__ __THIRDPARTY_NAME__,

__(ThisIsContentOfYourOrganizationEventBoothRequestWasReceived)__

__ONLINE_PAYMENT_TEXT_AND_URL__


__(Sincerely)__
__USER_SIGNATURE__', null, '1', null); -INSERT INTO llx_c_email_templates (entity, module, type_template, lang, private, fk_user, datec, label, position, active, topic, content, content_lines, enabled, joinfiles) values (0, '', 'eventorganization_send', '', 0, null, null, 'EventOrganizationEmailSubsBooth', 30, 1, '[__[MAIN_INFO_SOCIETE_NOM]__] __(EventOrganizationEmailSubsBooth)__', '__(Hello)__ __THIRDPARTY_NAME__,

__(ThisIsContentOfYourOrganizationEventBoothSubscriptionWasReceived)__

__ONLINE_PAYMENT_TEXT_AND_URL__


__(Sincerely)__
__USER_SIGNATURE__', null, '1', null); -INSERT INTO llx_c_email_templates (entity, module, type_template, lang, private, fk_user, datec, label, position, active, topic, content, content_lines, enabled, joinfiles) values (0, '', 'eventorganization_send', '', 0, null, null, 'EventOrganizationEmailSubsEvent', 40, 1, '[__[MAIN_INFO_SOCIETE_NOM]__] __(EventOrganizationEmailSubsEvent)__', '__(Hello)__ __THIRDPARTY_NAME__,

__(ThisIsContentOfYourOrganizationEventEventSubscriptionWasReceived)__

__(Sincerely)__

__MYCOMPANY_NAME__
__USER_SIGNATURE__', null, '1', null); -INSERT INTO llx_c_email_templates (entity, module, type_template, lang, private, fk_user, datec, label, position, active, topic, content, content_lines, enabled, joinfiles) values (0, '', 'eventorganization_send', '', 0, null, null, 'EventOrganizationMassEmailAttendees', 50, 1, '[__[MAIN_INFO_SOCIETE_NOM]__] __(EventOrganizationMassEmailAttendees)__', '__(Hello)__ __THIRDPARTY_NAME__,

__(ThisIsContentOfYourOrganizationEventBulkMailToAttendees)__

__(Sincerely)__
__USER_SIGNATURE__', null, '1', null); -INSERT INTO llx_c_email_templates (entity, module, type_template, lang, private, fk_user, datec, label, position, active, topic, content, content_lines, enabled, joinfiles) values (0, '', 'eventorganization_send', '', 0, null, null, 'EventOrganizationMassEmailSpeakers', 60, 1, '[__[MAIN_INFO_SOCIETE_NOM]__] __(EventOrganizationMassEmailSpeakers)__', '__(Hello)__ __THIRDPARTY_NAME__,

__(ThisIsContentOfYourOrganizationEventBulkMailToSpeakers)__

__(Sincerely)__
__USER_SIGNATURE__', null, '1', null); +INSERT INTO llx_c_email_templates (entity, module, type_template, lang, private, fk_user, datec, label, position, active, topic, content, content_lines, enabled, joinfiles) values (0, '', 'conferenceorbooth', '', 0, null, null, 'EventOrganizationEmailAskConf', 10, 1, '[__[MAIN_INFO_SOCIETE_NOM]__] __(EventOrganizationEmailAskConf)__', '__(Hello)__ __THIRDPARTY_NAME__,

__(ThisIsContentOfYourOrganizationEventConfRequestWasReceived)__

__ONLINE_PAYMENT_TEXT_AND_URL__


__(Sincerely)__
__USER_SIGNATURE__', null, '1', null); +INSERT INTO llx_c_email_templates (entity, module, type_template, lang, private, fk_user, datec, label, position, active, topic, content, content_lines, enabled, joinfiles) values (0, '', 'conferenceorbooth', '', 0, null, null, 'EventOrganizationEmailAskBooth', 20, 1, '[__[MAIN_INFO_SOCIETE_NOM]__] __(EventOrganizationEmailAskBooth)__', '__(Hello)__ __THIRDPARTY_NAME__,

__(ThisIsContentOfYourOrganizationEventBoothRequestWasReceived)__

__ONLINE_PAYMENT_TEXT_AND_URL__


__(Sincerely)__
__USER_SIGNATURE__', null, '1', null); +INSERT INTO llx_c_email_templates (entity, module, type_template, lang, private, fk_user, datec, label, position, active, topic, content, content_lines, enabled, joinfiles) values (0, '', 'conferenceorbooth', '', 0, null, null, 'EventOrganizationEmailSubsBooth', 30, 1, '[__[MAIN_INFO_SOCIETE_NOM]__] __(EventOrganizationEmailSubsBooth)__', '__(Hello)__ __THIRDPARTY_NAME__,

__(ThisIsContentOfYourOrganizationEventBoothSubscriptionWasReceived)__

__ONLINE_PAYMENT_TEXT_AND_URL__


__(Sincerely)__
__USER_SIGNATURE__', null, '1', null); +INSERT INTO llx_c_email_templates (entity, module, type_template, lang, private, fk_user, datec, label, position, active, topic, content, content_lines, enabled, joinfiles) values (0, '', 'conferenceorbooth', '', 0, null, null, 'EventOrganizationEmailSubsEvent', 40, 1, '[__[MAIN_INFO_SOCIETE_NOM]__] __(EventOrganizationEmailSubsEvent)__', '__(Hello)__ __THIRDPARTY_NAME__,

__(ThisIsContentOfYourOrganizationEventEventSubscriptionWasReceived)__

__(Sincerely)__

__MYCOMPANY_NAME__
__USER_SIGNATURE__', null, '1', null); +INSERT INTO llx_c_email_templates (entity, module, type_template, lang, private, fk_user, datec, label, position, active, topic, content, content_lines, enabled, joinfiles) values (0, '', 'conferenceorbooth', '', 0, null, null, 'EventOrganizationMassEmailAttendees', 50, 1, '[__[MAIN_INFO_SOCIETE_NOM]__] __(EventOrganizationMassEmailAttendees)__', '__(Hello)__ __THIRDPARTY_NAME__,

__(ThisIsContentOfYourOrganizationEventBulkMailToAttendees)__

__(Sincerely)__
__USER_SIGNATURE__', null, '1', null); +INSERT INTO llx_c_email_templates (entity, module, type_template, lang, private, fk_user, datec, label, position, active, topic, content, content_lines, enabled, joinfiles) values (0, '', 'conferenceorbooth', '', 0, null, null, 'EventOrganizationMassEmailSpeakers', 60, 1, '[__[MAIN_INFO_SOCIETE_NOM]__] __(EventOrganizationMassEmailSpeakers)__', '__(Hello)__ __THIRDPARTY_NAME__,

__(ThisIsContentOfYourOrganizationEventBulkMailToSpeakers)__

__(Sincerely)__
__USER_SIGNATURE__', null, '1', null); From 03f8557aaf33e842199a413811eeba2b1bf9efc9 Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Mon, 5 Jul 2021 15:36:41 +0200 Subject: [PATCH 16/51] fix template email --- htdocs/admin/eventorganization.php | 12 ++++++------ htdocs/public/project/suggestbooth.php | 2 +- htdocs/public/project/suggestconference.php | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/htdocs/admin/eventorganization.php b/htdocs/admin/eventorganization.php index a57df57d782..53d27efeba2 100644 --- a/htdocs/admin/eventorganization.php +++ b/htdocs/admin/eventorganization.php @@ -54,12 +54,12 @@ $arrayofparameters = array( 'EVENTORGANIZATION_CATEG_THIRDPARTY_BOOTH'=>array('type'=>'category:'.Categorie::TYPE_CUSTOMER, 'enabled'=>1), //'EVENTORGANIZATION_FILTERATTENDEES_CAT'=>array('type'=>'category:'.Categorie::TYPE_CUSTOMER, 'enabled'=>1), //'EVENTORGANIZATION_FILTERATTENDEES_TYPE'=>array('type'=>'thirdparty_type:', 'enabled'=>1), - 'EVENTORGANIZATION_TEMPLATE_EMAIL_ASK_CONF'=>array('type'=>'emailtemplate:eventorganization_send', 'enabled'=>1), - 'EVENTORGANIZATION_TEMPLATE_EMAIL_ASK_BOOTH'=>array('type'=>'emailtemplate:eventorganization_send', 'enabled'=>1), - 'EVENTORGANIZATION_TEMPLATE_EMAIL_AFT_SUBS_BOOTH'=>array('type'=>'emailtemplate:eventorganization_send', 'enabled'=>1), - 'EVENTORGANIZATION_TEMPLATE_EMAIL_AFT_SUBS_EVENT'=>array('type'=>'emailtemplate:eventorganization_send', 'enabled'=>1), - 'EVENTORGANIZATION_TEMPLATE_EMAIL_BULK_SPEAKER'=>array('type'=>'emailtemplate:eventorganization_send', 'enabled'=>1), - 'EVENTORGANIZATION_TEMPLATE_EMAIL_BULK_ATTENDES'=>array('type'=>'emailtemplate:eventorganization_send', 'enabled'=>1), + 'EVENTORGANIZATION_TEMPLATE_EMAIL_ASK_CONF'=>array('type'=>'emailtemplate:conferenceorbooth', 'enabled'=>1), + 'EVENTORGANIZATION_TEMPLATE_EMAIL_ASK_BOOTH'=>array('type'=>'emailtemplate:conferenceorbooth', 'enabled'=>1), + 'EVENTORGANIZATION_TEMPLATE_EMAIL_AFT_SUBS_BOOTH'=>array('type'=>'emailtemplate:conferenceorbooth', 'enabled'=>1), + 'EVENTORGANIZATION_TEMPLATE_EMAIL_AFT_SUBS_EVENT'=>array('type'=>'emailtemplate:conferenceorbooth', 'enabled'=>1), + 'EVENTORGANIZATION_TEMPLATE_EMAIL_BULK_SPEAKER'=>array('type'=>'emailtemplate:conferenceorbooth', 'enabled'=>1), + 'EVENTORGANIZATION_TEMPLATE_EMAIL_BULK_ATTENDES'=>array('type'=>'emailtemplate:conferenceorbooth', 'enabled'=>1), 'EVENTORGANIZATION_SECUREKEY'=>array('type'=>'securekey', 'enabled'=>1), 'SERVICE_BOOTH_LOCATION'=>array('type'=>'product', 'enabled'=>1), 'SERVICE_CONFERENCE_ATTENDEE_SUBSCRIPTION'=>array('type'=>'product', 'enabled'=>1), diff --git a/htdocs/public/project/suggestbooth.php b/htdocs/public/project/suggestbooth.php index 43a4b989687..3ab8e165c7e 100644 --- a/htdocs/public/project/suggestbooth.php +++ b/htdocs/public/project/suggestbooth.php @@ -470,7 +470,7 @@ if (empty($reshook) && $action == 'add') { $labeltouse = $conf->global->EVENTORGANIZATION_TEMPLATE_EMAIL_ASK_BOOTH; if (!empty($labeltouse)) { - $arraydefaultmessage = $formmail->getEMailTemplate($db, 'eventorganization_send', $user, $outputlangs, $labeltouse, 1, ''); + $arraydefaultmessage = $formmail->getEMailTemplate($db, 'conferenceorbooth', $user, $outputlangs, $labeltouse, 1, ''); } if (!empty($labeltouse) && is_object($arraydefaultmessage) && $arraydefaultmessage->id > 0) { diff --git a/htdocs/public/project/suggestconference.php b/htdocs/public/project/suggestconference.php index d63f2d2d98d..399969bc80d 100644 --- a/htdocs/public/project/suggestconference.php +++ b/htdocs/public/project/suggestconference.php @@ -409,7 +409,7 @@ if (empty($reshook) && $action == 'add') { $labeltouse = $conf->global->EVENTORGANIZATION_TEMPLATE_EMAIL_ASK_CONF; if (!empty($labeltouse)) { - $arraydefaultmessage = $formmail->getEMailTemplate($db, 'eventorganization_send', $user, $outputlangs, $labeltouse, 1, ''); + $arraydefaultmessage = $formmail->getEMailTemplate($db, 'conferenceorbooth', $user, $outputlangs, $labeltouse, 1, ''); } if (!empty($labeltouse) && is_object($arraydefaultmessage) && $arraydefaultmessage->id > 0) { From 8b07e99e05a9ed3c57bdc00c6a469fbbaa5672ef Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 16:08:47 +0200 Subject: [PATCH 17/51] Fix for ' inserted by CKEditor instead of ' --- htdocs/core/lib/functions.lib.php | 6 +++++- test/phpunit/SecurityTest.php | 9 +++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 13358074514..da93b01fc26 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -778,12 +778,16 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = do { $oldstringtoclean = $out; + // Ckeditor use the numeric entitic for apostrophe so we force it to text entity (all other special chars are correctly + // encoded using text entities). This is a fix for CKeditor. + $out = preg_replace('/'/i', ''', $out); + // We replace chars from a/A to z/Z encoded with numeric HTML entities with the real char so we won't loose the chars at the next step. // No need to use a loop here, this step is not to sanitize (this is done at next step, this is to try to save chars, even if they are // using a non coventionnel way to be encoded, to not have them sanitized just after) $out = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', 'realCharForNumericEntities', $out); - // Now we remove all remaining HTML entities staring with a number. We don't want such entities. + // Now we remove all remaining HTML entities starting with a number. We don't want such entities. $out = preg_replace('/&#x?[0-9]+/i', '', $out); // For example if we have javascript with an entities without the ; to hide the 'a' of 'javascript'. $out = dol_string_onlythesehtmltags($out, 0, 1, 1); diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index 08d4ec88703..d75ec962020 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -321,6 +321,10 @@ class SecurityTest extends PHPUnit\Framework\TestCase $test="XSS"; $result=testSqlAndScriptInject($test, 0); $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject lll'); + + $test="Text with ' encoded with the numeric html entity converted into text entity ' (like when submited by CKEditor)"; + $result=testSqlAndScriptInject($test, 0); + $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject mmm'); } /** @@ -358,6 +362,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase $_POST["param12"]='aaa'; $_POST["param13"]='n n > < " XSS'; $_POST["param13b"]='n n > < " XSS'; + $_POST["param14"]="Text with ' encoded with the numeric html entity converted into text entity ' (like when submited by CKEditor)"; //$_POST["param13"]='javascript%26colon%26%23x3B%3Balert(1)'; //$_POST["param14"]='javascripT&javascript#x3a alert(1)'; @@ -494,6 +499,10 @@ class SecurityTest extends PHPUnit\Framework\TestCase print __METHOD__." result=".$result."\n"; $this->assertEquals('n n > < " XSS', $result, 'Test 13b that HTML entities are decoded with restricthtml, but only for common alpha chars'); + $result=GETPOST("param14", 'restricthtml'); + print __METHOD__." result=".$result."\n"; + $this->assertEquals("Text with ' encoded with the numeric html entity converted into text entity ' (like when submited by CKEditor)", $result, 'Test 14'); + // Special test for GETPOST of backtopage, backtolist or backtourl parameter $_POST["backtopage"]='//www.google.com'; From eea90cef566b3cd234476f59eb8327b328d52c19 Mon Sep 17 00:00:00 2001 From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com> Date: Mon, 5 Jul 2021 16:31:33 +0200 Subject: [PATCH 18/51] FIX: holiday: balances not updated correctly with pgsql because of case sensitivity --- htdocs/holiday/class/holiday.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index 2e61c014532..b7a8d41f699 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -2112,7 +2112,7 @@ class Holiday extends CommonObject { global $mysoc; - $sql = "SELECT rowid, code, label, affect, delay, newByMonth"; + $sql = "SELECT rowid, code, label, affect, delay, newbymonth"; $sql .= " FROM ".MAIN_DB_PREFIX."c_holiday_types"; $sql .= " WHERE (fk_country IS NULL OR fk_country = ".$mysoc->country_id.')'; if ($active >= 0) $sql .= " AND active = ".((int) $active); @@ -2126,7 +2126,7 @@ class Holiday extends CommonObject { while ($obj = $this->db->fetch_object($result)) { - $types[$obj->rowid] = array('rowid'=> $obj->rowid, 'code'=> $obj->code, 'label'=>$obj->label, 'affect'=>$obj->affect, 'delay'=>$obj->delay, 'newByMonth'=>$obj->newByMonth); + $types[$obj->rowid] = array('rowid'=> $obj->rowid, 'code'=> $obj->code, 'label'=>$obj->label, 'affect'=>$obj->affect, 'delay'=>$obj->delay, 'newByMonth'=>$obj->newbymonth); } return $types; From d414bcb572f4459a863dcdf05a88f68faedc3793 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 17:08:10 +0200 Subject: [PATCH 19/51] Fix phpcs --- htdocs/core/tpl/objectline_view.tpl.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/htdocs/core/tpl/objectline_view.tpl.php b/htdocs/core/tpl/objectline_view.tpl.php index 3463de14240..444d847e25a 100644 --- a/htdocs/core/tpl/objectline_view.tpl.php +++ b/htdocs/core/tpl/objectline_view.tpl.php @@ -314,8 +314,7 @@ if ($outputalsopricetotalwithtax) { $coldisplay++; } -if ($this->statut == 0 && ($object_rights->creer) && $action != 'selectlines') { - +if ($this->statut == 0 && !empty($object_rights->creer) && $action != 'selectlines') { $situationinvoicelinewithparent = 0; if ($line->fk_prev_id != null && in_array($object->element, array('facture', 'facturedet'))) { if ($object->type == $object::TYPE_SITUATION) { // The constant TYPE_SITUATION exists only for object invoice From 87f9530272925f0d651f59337a35661faeb6f377 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 17:29:10 +0200 Subject: [PATCH 20/51] Fix report by Ahsan Aziz (can reset the password of another user that did not request password reset). --- htdocs/user/passwordforgotten.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/user/passwordforgotten.php b/htdocs/user/passwordforgotten.php index cb149f1e481..63f33b5f8ec 100644 --- a/htdocs/user/passwordforgotten.php +++ b/htdocs/user/passwordforgotten.php @@ -87,14 +87,14 @@ if (empty($reshook)) { // Validate new password if ($action == 'validatenewpassword' && $username && $passworduidhash) { $edituser = new User($db); - $result = $edituser->fetch('', $_GET["username"]); + $result = $edituser->fetch('', $username); if ($result < 0) { $message = '
'.dol_escape_htmltag($langs->trans("ErrorLoginDoesNotExists", $username)).'
'; } else { global $dolibarr_main_instance_unique_id; //print $edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id.' '.$passworduidhash; - if (dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id, $passworduidhash)) { + if ($edituser->pass_temp && dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id, $passworduidhash)) { // Clear session unset($_SESSION['dol_login']); $_SESSION['dol_loginmesg'] = $langs->trans('NewPasswordValidated'); // Save message for the session page From f648185839689cf70fd3fcb254b2ce7313ba6c87 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 17:34:25 +0200 Subject: [PATCH 21/51] Fix phpcs --- htdocs/core/lib/security2.lib.php | 4 ++-- test/phpunit/SecurityTest.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php index 523b8ccf2cb..4408e2ccd52 100644 --- a/htdocs/core/lib/security2.lib.php +++ b/htdocs/core/lib/security2.lib.php @@ -476,8 +476,8 @@ function getRandomPassword($generic = false, $replaceambiguouschars = null, $len } $generated_password = str_shuffle($randomCode); - } else // Old platform, non cryptographic random - { + } else { + // Old platform, non cryptographic random $max = strlen($lowercase) - 1; for ($x = 0; $x < $nbofchar; $x++) { $tmp = mt_rand(0, $max); diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index d75ec962020..63c52ac60c5 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -323,8 +323,8 @@ class SecurityTest extends PHPUnit\Framework\TestCase $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject lll'); $test="Text with ' encoded with the numeric html entity converted into text entity ' (like when submited by CKEditor)"; - $result=testSqlAndScriptInject($test, 0); - $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject mmm'); + $result=testSqlAndScriptInject($test, 0); // result must be 0 + $this->assertEquals(0, $result, 'Error on testSqlAndScriptInject mmm'); } /** From 65adb16191c3d1751922267f374b19ed78247a58 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 17:55:17 +0200 Subject: [PATCH 22/51] Fix increase entrophy of default password generation. --- .../generate/modGeneratePassStandard.class.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php b/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php index e091b5069e9..a358f916429 100644 --- a/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php +++ b/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php @@ -99,7 +99,7 @@ class modGeneratePassStandard extends ModeleGenPassword $password = ""; // define possible characters - $possible = "0123456789bcdfghjkmnpqrstvwxyz"; + $possible = "0123456789qwertyuiopasdfghjklzxcvbnmASDFGHJKLZXCVBNMQWERTYUIOP"; // set up a counter $i = 0; @@ -107,10 +107,13 @@ class modGeneratePassStandard extends ModeleGenPassword // add random characters to $password until $length is reached while ($i < $this->length) { // pick a random character from the possible ones - $char = substr($possible, mt_rand(0, dol_strlen($possible) - 1), 1); + if (function_exists('random_int')) { // Cryptographic random + $char = substr($possible, random_int(0, dol_strlen($possible) - 1), 1); + } else { + $char = substr($possible, mt_rand(0, dol_strlen($possible) - 1), 1); + } - // we don't want this character if it's already in the password - if (!strstr($password, $char)) { + if (substr_count($password, $char) <= 6) { // we don't want this character if it's already 5 times in the password $password .= $char; $i++; } From a14c68e996d39cf315a89a4b6ceedc70bfc0871b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 18:14:52 +0200 Subject: [PATCH 23/51] Fix Hide sensitive key on info page --- htdocs/admin/system/dolibarr.php | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/htdocs/admin/system/dolibarr.php b/htdocs/admin/system/dolibarr.php index 9af09164469..f1ba888d2ca 100644 --- a/htdocs/admin/system/dolibarr.php +++ b/htdocs/admin/system/dolibarr.php @@ -400,8 +400,10 @@ foreach ($configfileparameters as $key => $value) { if (in_array($newkey, array('dolibarr_main_db_pass', 'dolibarr_main_auth_ldap_admin_pass'))) { if (empty($dolibarr_main_prod)) { print ''; + print showValueWithClipboardCPButton(${$newkey}, 0, '********'); + } else { + print '**********'; } - print '**********'; } elseif ($newkey == 'dolibarr_main_url_root' && preg_match('/__auto__/', ${$newkey})) { print ${$newkey}.' => '.constant('DOL_MAIN_URL_ROOT'); } elseif ($newkey == 'dolibarr_main_document_root_alt') { @@ -420,9 +422,14 @@ foreach ($configfileparameters as $key => $value) { } } elseif ($newkey == 'dolibarr_main_instance_unique_id') { //print $conf->file->instance_unique_id; - global $dolibarr_main_cookie_cryptkey; - $valuetoshow = ${$newkey} ? ${$newkey} : $dolibarr_main_cookie_cryptkey; // Use $dolibarr_main_instance_unique_id first then $dolibarr_main_cookie_cryptkey - print $valuetoshow; + global $dolibarr_main_cookie_cryptkey, $dolibarr_main_instance_unique_id; + $valuetoshow = $dolibarr_main_instance_unique_id ? $dolibarr_main_instance_unique_id : $dolibarr_main_cookie_cryptkey; // Use $dolibarr_main_instance_unique_id first then $dolibarr_main_cookie_cryptkey + if (empty($dolibarr_main_prod)) { + print ''; + print showValueWithClipboardCPButton($valuetoshow, 0, '********'); + } else { + print '**********'; + } if (empty($valuetoshow)) { print img_warning("EditConfigFileToAddEntry", 'dolibarr_main_instance_unique_id'); } From 38d272e31ad77167cc4c9bbdb3280832d2e2446c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 18:16:52 +0200 Subject: [PATCH 24/51] Better position of fields --- htdocs/admin/system/dolibarr.php | 103 ++++++++++++++++--------------- 1 file changed, 52 insertions(+), 51 deletions(-) diff --git a/htdocs/admin/system/dolibarr.php b/htdocs/admin/system/dolibarr.php index f1ba888d2ca..38c6cdc446a 100644 --- a/htdocs/admin/system/dolibarr.php +++ b/htdocs/admin/system/dolibarr.php @@ -309,57 +309,58 @@ print '
'; // Parameters in conf.php file (when a parameter start with ?, it is shown only if defined) $configfileparameters = array( - 'dolibarr_main_url_root' => $langs->trans("URLRoot"), - '?dolibarr_main_url_root_alt' => $langs->trans("URLRoot").' (alt)', - 'dolibarr_main_document_root'=> $langs->trans("DocumentRootServer"), - '?dolibarr_main_document_root_alt' => $langs->trans("DocumentRootServer").' (alt)', - 'dolibarr_main_data_root' => $langs->trans("DataRootServer"), - 'dolibarr_main_instance_unique_id' => $langs->trans("InstanceUniqueID"), - 'separator1' => '', - 'dolibarr_main_db_host' => $langs->trans("DatabaseServer"), - 'dolibarr_main_db_port' => $langs->trans("DatabasePort"), - 'dolibarr_main_db_name' => $langs->trans("DatabaseName"), - 'dolibarr_main_db_type' => $langs->trans("DriverType"), - 'dolibarr_main_db_user' => $langs->trans("DatabaseUser"), - 'dolibarr_main_db_pass' => $langs->trans("DatabasePassword"), - 'dolibarr_main_db_character_set' => $langs->trans("DBStoringCharset"), - 'dolibarr_main_db_collation' => $langs->trans("DBSortingCollation"), - '?dolibarr_main_db_prefix' => $langs->trans("Prefix"), - 'separator2' => '', - 'dolibarr_main_authentication' => $langs->trans("AuthenticationMode"), - '?multicompany_transverse_mode'=> $langs->trans("MultiCompanyMode"), - 'separator'=> '', - '?dolibarr_main_auth_ldap_login_attribute' => 'dolibarr_main_auth_ldap_login_attribute', - '?dolibarr_main_auth_ldap_host' => 'dolibarr_main_auth_ldap_host', - '?dolibarr_main_auth_ldap_port' => 'dolibarr_main_auth_ldap_port', - '?dolibarr_main_auth_ldap_version' => 'dolibarr_main_auth_ldap_version', - '?dolibarr_main_auth_ldap_dn' => 'dolibarr_main_auth_ldap_dn', - '?dolibarr_main_auth_ldap_admin_login' => 'dolibarr_main_auth_ldap_admin_login', - '?dolibarr_main_auth_ldap_admin_pass' => 'dolibarr_main_auth_ldap_admin_pass', - '?dolibarr_main_auth_ldap_debug' => 'dolibarr_main_auth_ldap_debug', - 'separator3' => '', - '?dolibarr_lib_ADODB_PATH' => 'dolibarr_lib_ADODB_PATH', - '?dolibarr_lib_FPDF_PATH' => 'dolibarr_lib_FPDF_PATH', - '?dolibarr_lib_TCPDF_PATH' => 'dolibarr_lib_TCPDF_PATH', - '?dolibarr_lib_FPDI_PATH' => 'dolibarr_lib_FPDI_PATH', - '?dolibarr_lib_TCPDI_PATH' => 'dolibarr_lib_TCPDI_PATH', - '?dolibarr_lib_NUSOAP_PATH' => 'dolibarr_lib_NUSOAP_PATH', - '?dolibarr_lib_GEOIP_PATH' => 'dolibarr_lib_GEOIP_PATH', - '?dolibarr_lib_ODTPHP_PATH' => 'dolibarr_lib_ODTPHP_PATH', - '?dolibarr_lib_ODTPHP_PATHTOPCLZIP' => 'dolibarr_lib_ODTPHP_PATHTOPCLZIP', - '?dolibarr_js_CKEDITOR' => 'dolibarr_js_CKEDITOR', - '?dolibarr_js_JQUERY' => 'dolibarr_js_JQUERY', - '?dolibarr_js_JQUERY_UI' => 'dolibarr_js_JQUERY_UI', - '?dolibarr_font_DOL_DEFAULT_TTF' => 'dolibarr_font_DOL_DEFAULT_TTF', - '?dolibarr_font_DOL_DEFAULT_TTF_BOLD' => 'dolibarr_font_DOL_DEFAULT_TTF_BOLD', - 'separator4' => '', - 'dolibarr_main_prod' => 'Production mode (Hide all error messages)', - 'dolibarr_main_restrict_os_commands' => 'Restrict CLI commands for backups', - 'dolibarr_main_restrict_ip' => 'Restrict access to some IPs only', - '?dolibarr_mailing_limit_sendbyweb' => 'Limit nb of email sent by page', - '?dolibarr_mailing_limit_sendbycli' => 'Limit nb of email sent by cli', - '?dolibarr_strict_mode' => 'Strict mode is on/off', - '?dolibarr_nocsrfcheck' => 'Disable CSRF security checks' + 'dolibarr_main_prod' => 'Production mode (Hide all error messages)', + 'separator0' => '', + 'dolibarr_main_url_root' => $langs->trans("URLRoot"), + '?dolibarr_main_url_root_alt' => $langs->trans("URLRoot").' (alt)', + 'dolibarr_main_document_root'=> $langs->trans("DocumentRootServer"), + '?dolibarr_main_document_root_alt' => $langs->trans("DocumentRootServer").' (alt)', + 'dolibarr_main_data_root' => $langs->trans("DataRootServer"), + 'dolibarr_main_instance_unique_id' => $langs->trans("InstanceUniqueID"), + 'separator1' => '', + 'dolibarr_main_db_host' => $langs->trans("DatabaseServer"), + 'dolibarr_main_db_port' => $langs->trans("DatabasePort"), + 'dolibarr_main_db_name' => $langs->trans("DatabaseName"), + 'dolibarr_main_db_type' => $langs->trans("DriverType"), + 'dolibarr_main_db_user' => $langs->trans("DatabaseUser"), + 'dolibarr_main_db_pass' => $langs->trans("DatabasePassword"), + 'dolibarr_main_db_character_set' => $langs->trans("DBStoringCharset"), + 'dolibarr_main_db_collation' => $langs->trans("DBSortingCollation"), + '?dolibarr_main_db_prefix' => $langs->trans("DatabasePrefix"), + 'separator2' => '', + 'dolibarr_main_authentication' => $langs->trans("AuthenticationMode"), + '?multicompany_transverse_mode'=> $langs->trans("MultiCompanyMode"), + 'separator'=> '', + '?dolibarr_main_auth_ldap_login_attribute' => 'dolibarr_main_auth_ldap_login_attribute', + '?dolibarr_main_auth_ldap_host' => 'dolibarr_main_auth_ldap_host', + '?dolibarr_main_auth_ldap_port' => 'dolibarr_main_auth_ldap_port', + '?dolibarr_main_auth_ldap_version' => 'dolibarr_main_auth_ldap_version', + '?dolibarr_main_auth_ldap_dn' => 'dolibarr_main_auth_ldap_dn', + '?dolibarr_main_auth_ldap_admin_login' => 'dolibarr_main_auth_ldap_admin_login', + '?dolibarr_main_auth_ldap_admin_pass' => 'dolibarr_main_auth_ldap_admin_pass', + '?dolibarr_main_auth_ldap_debug' => 'dolibarr_main_auth_ldap_debug', + 'separator3' => '', + '?dolibarr_lib_ADODB_PATH' => 'dolibarr_lib_ADODB_PATH', + '?dolibarr_lib_FPDF_PATH' => 'dolibarr_lib_FPDF_PATH', + '?dolibarr_lib_TCPDF_PATH' => 'dolibarr_lib_TCPDF_PATH', + '?dolibarr_lib_FPDI_PATH' => 'dolibarr_lib_FPDI_PATH', + '?dolibarr_lib_TCPDI_PATH' => 'dolibarr_lib_TCPDI_PATH', + '?dolibarr_lib_NUSOAP_PATH' => 'dolibarr_lib_NUSOAP_PATH', + '?dolibarr_lib_GEOIP_PATH' => 'dolibarr_lib_GEOIP_PATH', + '?dolibarr_lib_ODTPHP_PATH' => 'dolibarr_lib_ODTPHP_PATH', + '?dolibarr_lib_ODTPHP_PATHTOPCLZIP' => 'dolibarr_lib_ODTPHP_PATHTOPCLZIP', + '?dolibarr_js_CKEDITOR' => 'dolibarr_js_CKEDITOR', + '?dolibarr_js_JQUERY' => 'dolibarr_js_JQUERY', + '?dolibarr_js_JQUERY_UI' => 'dolibarr_js_JQUERY_UI', + '?dolibarr_font_DOL_DEFAULT_TTF' => 'dolibarr_font_DOL_DEFAULT_TTF', + '?dolibarr_font_DOL_DEFAULT_TTF_BOLD' => 'dolibarr_font_DOL_DEFAULT_TTF_BOLD', + 'separator4' => '', + 'dolibarr_main_restrict_os_commands' => 'Restrict CLI commands for backups', + 'dolibarr_main_restrict_ip' => 'Restrict access to some IPs only', + '?dolibarr_mailing_limit_sendbyweb' => 'Limit nb of email sent by page', + '?dolibarr_mailing_limit_sendbycli' => 'Limit nb of email sent by cli', + '?dolibarr_strict_mode' => 'Strict mode is on/off', + '?dolibarr_nocsrfcheck' => 'Disable CSRF security checks' ); print '
'; From 3ac72fe73c70cd35788f8be7141021a2294403b4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 18:19:02 +0200 Subject: [PATCH 25/51] Fix --- htdocs/admin/system/dolibarr.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/system/dolibarr.php b/htdocs/admin/system/dolibarr.php index 38c6cdc446a..0271488b65a 100644 --- a/htdocs/admin/system/dolibarr.php +++ b/htdocs/admin/system/dolibarr.php @@ -310,13 +310,13 @@ print '
'; // Parameters in conf.php file (when a parameter start with ?, it is shown only if defined) $configfileparameters = array( 'dolibarr_main_prod' => 'Production mode (Hide all error messages)', + 'dolibarr_main_instance_unique_id' => $langs->trans("InstanceUniqueID"), 'separator0' => '', 'dolibarr_main_url_root' => $langs->trans("URLRoot"), '?dolibarr_main_url_root_alt' => $langs->trans("URLRoot").' (alt)', 'dolibarr_main_document_root'=> $langs->trans("DocumentRootServer"), '?dolibarr_main_document_root_alt' => $langs->trans("DocumentRootServer").' (alt)', 'dolibarr_main_data_root' => $langs->trans("DataRootServer"), - 'dolibarr_main_instance_unique_id' => $langs->trans("InstanceUniqueID"), 'separator1' => '', 'dolibarr_main_db_host' => $langs->trans("DatabaseServer"), 'dolibarr_main_db_port' => $langs->trans("DatabasePort"), From abb1ad6bf0469eccd2b58beb20bdabc18fc36e22 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 18:46:27 +0200 Subject: [PATCH 26/51] Fix sql injection --- htdocs/compta/bank/class/account.class.php | 4 ++-- htdocs/compta/sociales/class/cchargesociales.class.php | 8 ++++---- htdocs/societe/card.php | 2 +- htdocs/societe/class/societe.class.php | 8 ++++---- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index 46d1bb93684..8619ff25dae 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -829,8 +829,8 @@ class Account extends CommonObject $sql .= ",min_desired = ".($this->min_desired != '' ? price2num($this->min_desired) : "null"); $sql .= ",comment = '".$this->db->escape($this->comment)."'"; - $sql .= ",state_id = ".($this->state_id > 0 ? $this->state_id : "null"); - $sql .= ",fk_pays = ".($this->country_id > 0 ? $this->country_id : "null"); + $sql .= ",state_id = ".($this->state_id > 0 ? ((int) $this->state_id) : "null"); + $sql .= ",fk_pays = ".($this->country_id > 0 ? ((int) $this->country_id) : "null"); $sql .= ",ics = '".$this->db->escape($this->ics)."'"; $sql .= ",ics_transfer = '".$this->db->escape($this->ics_transfer)."'"; diff --git a/htdocs/compta/sociales/class/cchargesociales.class.php b/htdocs/compta/sociales/class/cchargesociales.class.php index 8cfadd84f4f..ee9a270b283 100644 --- a/htdocs/compta/sociales/class/cchargesociales.class.php +++ b/htdocs/compta/sociales/class/cchargesociales.class.php @@ -260,13 +260,13 @@ class Cchargesociales // Update request $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET'; $sql .= ' libelle = '.(isset($this->libelle) ? "'".$this->db->escape($this->libelle)."'" : "null").','; - $sql .= ' deductible = '.(isset($this->deductible) ? $this->deductible : "null").','; - $sql .= ' active = '.(isset($this->active) ? $this->active : "null").','; + $sql .= ' deductible = '.(isset($this->deductible) ? ((int) $this->deductible) : "null").','; + $sql .= ' active = '.(isset($this->active) ? ((int) $this->active) : "null").','; $sql .= ' code = '.(isset($this->code) ? "'".$this->db->escape($this->code)."'" : "null").','; - $sql .= ' fk_pays = '.(isset($this->fk_pays) ? $this->fk_pays : "null").','; + $sql .= ' fk_pays = '.((isset($this->fk_pays) && $this->fk_pays > 0) ? ((int) $this->fk_pays) : "null").','; $sql .= ' module = '.(isset($this->module) ? "'".$this->db->escape($this->module)."'" : "null").','; $sql .= ' accountancy_code = '.(isset($this->accountancy_code) ? "'".$this->db->escape($this->accountancy_code)."'" : "null"); - $sql .= ' WHERE id='.$this->id; + $sql .= ' WHERE id='.((int) $this->id); $this->db->begin(); diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index e7e8c10d20c..ba4023dbba9 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -554,7 +554,7 @@ if (empty($reshook)) { } // We set country_id, country_code and country for the selected country - $object->country_id = GETPOST('country_id') != '' ?GETPOST('country_id') : $mysoc->country_id; + $object->country_id = GETPOST('country_id', 'int') != '' ? GETPOST('country_id', 'int') : $mysoc->country_id; if ($object->country_id) { $tmparray = getCountry($object->country_id, 'all'); $object->country_code = $tmparray['code']; diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index a213cca5577..eff2ba39c21 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -894,7 +894,7 @@ class Societe extends CommonObject $sql .= ", ".(!empty($user->id) ? ((int) $user->id) : "null"); $sql .= ", ".(!empty($this->typent_id) ? ((int) $this->typent_id) : "null"); $sql .= ", ".(!empty($this->canvas) ? "'".$this->db->escape($this->canvas)."'" : "null"); - $sql .= ", ".$this->status; + $sql .= ", ".((int) $this->status); $sql .= ", ".(!empty($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : "null"); $sql .= ", 0"; $sql .= ", ".(int) $this->fk_incoterms; @@ -1369,13 +1369,13 @@ class Societe extends CommonObject $sql .= ",zip = ".(!empty($this->zip) ? "'".$this->db->escape($this->zip)."'" : "null"); $sql .= ",town = ".(!empty($this->town) ? "'".$this->db->escape($this->town)."'" : "null"); - $sql .= ",fk_departement = '".(!empty($this->state_id) ? $this->state_id : '0')."'"; - $sql .= ",fk_pays = '".(!empty($this->country_id) ? $this->country_id : '0')."'"; + $sql .= ",fk_departement = ".((!empty($this->state_id) && $this->state_id > 0) ? ((int) $this->state_id) : 'null'); + $sql .= ",fk_pays = ".((!empty($this->country_id) && $this->country_id > 0) ? ((int) $this->country_id) : 'null'); $sql .= ",phone = ".(!empty($this->phone) ? "'".$this->db->escape($this->phone)."'" : "null"); $sql .= ",fax = ".(!empty($this->fax) ? "'".$this->db->escape($this->fax)."'" : "null"); $sql .= ",email = ".(!empty($this->email) ? "'".$this->db->escape($this->email)."'" : "null"); - $sql .= ", socialnetworks = '".$this->db->escape(json_encode($this->socialnetworks))."'"; + $sql .= ",socialnetworks = '".$this->db->escape(json_encode($this->socialnetworks))."'"; $sql .= ",url = ".(!empty($this->url) ? "'".$this->db->escape($this->url)."'" : "null"); $sql .= ",parent = ".($this->parent > 0 ? $this->parent : "null"); From e2d7de31460a1c4de7aa410874910d96c47f3701 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 18:56:24 +0200 Subject: [PATCH 27/51] css --- htdocs/core/tpl/login.tpl.php | 2 +- htdocs/core/tpl/passwordforgotten.tpl.php | 2 +- htdocs/theme/eldy/global.inc.php | 7 ++++++- htdocs/theme/md/style.css.php | 7 ++++++- htdocs/user/passwordforgotten.php | 4 ++-- 5 files changed, 16 insertions(+), 6 deletions(-) diff --git a/htdocs/core/tpl/login.tpl.php b/htdocs/core/tpl/login.tpl.php index 9af5bc7d7b4..e668d1e6d58 100644 --- a/htdocs/core/tpl/login.tpl.php +++ b/htdocs/core/tpl/login.tpl.php @@ -356,7 +356,7 @@ if (!empty($conf->global->MAIN_EASTER_EGG_COMMITSTRIP)) { -