lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' into FIX_replace_divbutaction_by_dolgetbuttonaction

Browse Source
This commit is contained in:
Laurent Destailleur 2022-02-25 14:20:24 +01:00 committed by GitHub
commit a0baea1e6b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
32 changed files with 421 additions and 214 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dev/examples/zapier/package.json
View File

@ -15,7 +15,7 @@
"npm": ">=5.6.0"
},
"dependencies": {
"zapier-platform-core": "11.0.1"
"zapier-platform-core": "11.3.1"
},
"devDependencies": {
"mocha": "^5.2.0",

78
htdocs/accountancy/expensereport/lines.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2013-2016 Olivier Geffroy <jeff@jeffinfo.com>
* Copyright (C) 2013-2017 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2013-2022 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2014-2015 Ari Elbaz (elarifr) <github@accedinfo.com>
* Copyright (C) 2013-2016 Florian Henry <florian.henry@open-concept.pro>
* Copyright (C) 2014 Juanjo Menent <jmenent@2byte.es>
@ -26,8 +26,8 @@
*/
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingaccount.class.php';
require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
@ -49,9 +49,14 @@ $search_desc = GETPOST('search_desc', 'alpha');
$search_amount = GETPOST('search_amount', 'alpha');
$search_account = GETPOST('search_account', 'alpha');
$search_vat = GETPOST('search_vat', 'alpha');
$search_day = GETPOST("search_day", "int");
$search_month = GETPOST("search_month", "int");
$search_year = GETPOST("search_year", "int");
$search_date_startday = GETPOST('search_date_startday', 'int');
$search_date_startmonth = GETPOST('search_date_startmonth', 'int');
$search_date_startyear = GETPOST('search_date_startyear', 'int');
$search_date_endday = GETPOST('search_date_endday', 'int');
$search_date_endmonth = GETPOST('search_date_endmonth', 'int');
$search_date_endyear = GETPOST('search_date_endyear', 'int');
$search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear); // Use tzserver
$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear);
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION);
@ -61,9 +66,9 @@ $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("pa
if (empty($page) || $page < 0) {
$page = 0;
}
$offset = $limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
$offset = $limit * $page;
if (!$sortfield) {
$sortfield = "erd.date, erd.rowid";
}
@ -101,9 +106,14 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x'
$search_amount = '';
$search_account = '';
$search_vat = '';
$search_day = '';
$search_month = '';
$search_year = '';
$search_date_startday = '';
$search_date_startmonth = '';
$search_date_startyear = '';
$search_date_endday = '';
$search_date_endmonth = '';
$search_date_endyear = '';
$search_date_start = '';
$search_date_end = '';
}
if (is_array($changeaccount) && count($changeaccount) > 0 && $user->rights->accounting->bind->write) {
@ -204,7 +214,12 @@ if (strlen(trim($search_account))) {
if (strlen(trim($search_vat))) {
$sql .= natural_search("erd.tva_tx", price2num($search_vat), 1);
}
$sql .= dolSqlDateFilter('erd.date', $search_day, $search_month, $search_year);
if ($search_date_start) {
$sql .= " AND erd.date >= '".$db->idate($search_date_start)."'";
}
if ($search_date_end) {
$sql .= " AND erd.date <= '".$db->idate($search_date_end)."'";
}
$sql .= " AND er.entity IN (".getEntity('expensereport', 0).")"; // We don't share object for accountancy
$sql .= $db->order($sortfield, $sortorder);
@ -222,9 +237,8 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) {
$sql .= $db->plimit($limit + 1, $offset);
dol_syslog('accountancy/expensereport/lines.php::list');
dol_syslog("accountancy/expensereport/lines.php", LOG_DEBUG);
$result = $db->query($sql);
if ($result) {
$num_lines = $db->num_rows($result);
$i = 0;
@ -254,14 +268,23 @@ if ($result) {
if ($search_vat) {
$param .= "&search_vat=".urlencode($search_vat);
}
if ($search_day) {
$param .= '&search_day='.urlencode($search_day);
if ($search_date_startday) {
$param .= '&search_date_startday='.urlencode($search_date_startday);
}
if ($search_month) {
$param .= '&search_month='.urlencode($search_month);
if ($search_date_startmonth) {
$param .= '&search_date_startmonth='.urlencode($search_date_startmonth);
}
if ($search_year) {
$param .= '&search_year='.urlencode($search_year);
if ($search_date_startyear) {
$param .= '&search_date_startyear='.urlencode($search_date_startyear);
}
if ($search_date_endday) {
$param .= '&search_date_endday='.urlencode($search_date_endday);
}
if ($search_date_endmonth) {
$param .= '&search_date_endmonth='.urlencode($search_date_endmonth);
}
if ($search_date_endyear) {
$param .= '&search_date_endyear='.urlencode($search_date_endyear);
}
print '<form action="'.$_SERVER["PHP_SELF"].'" method="post">'."\n";
@ -276,12 +299,11 @@ if ($result) {
print '<input type="hidden" name="page" value="'.$page.'">';
print_barre_liste($langs->trans("ExpenseReportLinesDone"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num_lines, $nbtotalofrecords, 'title_accountancy', 0, '', '', $limit);
print '<span class="opacitymedium">'.$langs->trans("DescVentilDoneExpenseReport").'</span><br>';
print '<br><div class="inline-block divButAction">'.$langs->trans("ChangeAccount").'<br>';
print '<br><div class="inline-block divButAction paddingbottom">'.$langs->trans("ChangeAccount").' ';
print $formaccounting->select_account($account_parent, 'account_parent', 2, array(), 0, 0, 'maxwidth300 maxwidthonsmartphone valignmiddle');
print '<input type="submit" class="button valignmiddle" value="'.$langs->trans("ChangeBinding").'" /></div>';
print '<input type="submit" class="button small valignmiddle" value="'.$langs->trans("ChangeBinding").'"/></div>';
$moreforfilter = '';
@ -296,11 +318,12 @@ if ($result) {
print '<td class="liste_titre"></td>';
}
print '<td class="liste_titre center">';
if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) {
print '<input class="flat valignmiddle maxwidth25" type="text" maxlength="2" name="search_day" value="'.$search_day.'">';
}
print '<input class="flat valignmiddle maxwidth25" type="text" maxlength="2" name="search_month" value="'.$search_month.'">';
$formother->select_year($search_year, 'search_year', 1, 20, 5);
print '<div class="nowrap">';
print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
print '</div>';
print '<div class="nowrap">';
print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
print '</div>';
print '</td>';
print '<td class="liste_titre"><input type="text" class="flat maxwidth50" name="search_label" value="'.dol_escape_htmltag($search_label).'"></td>';
print '<td class="liste_titre"><input type="text" class="flat maxwidth50" name="search_desc" value="'.dol_escape_htmltag($search_desc).'"></td>';
@ -394,12 +417,11 @@ if ($result) {
print '<td class="center">'.vatrate($objp->tva_tx.($objp->vat_src_code ? ' ('.$objp->vat_src_code.')' : '')).'</td>';
// Accounting account affected
print '<td>';
print '<td class="center">';
print $accountingaccountstatic->getNomUrl(0, 1, 1, '', 1);
print ' <a class="editfielda reposition marginleftonly marginrightonly" href="./card.php?id='.$objp->rowid.'&backtopage='.urlencode($_SERVER["PHP_SELF"].($param ? '?'.$param : '')).'">';
print img_edit();
print '</a></td>';
print '<td class="center"><input type="checkbox" class="checkforaction" name="changeaccount[]" value="'.$objp->rowid.'"/></td>';
print "</tr>";

142
htdocs/accountancy/expensereport/list.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2013-2014 Olivier Geffroy <jeff@jeffinfo.com>
* Copyright (C) 2013-2017 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2013-2022 Alexandre Spangaro <aspangaro@open-dsi.fr>
* Copyright (C) 2014-2015 Ari Elbaz (elarifr) <github@accedinfo.com>
* Copyright (C) 2013-2014 Florian Henry <florian.henry@open-concept.pro>
* Copyright (C) 2014 Juanjo Menent <jmenent@2byte.es>s
@ -30,9 +30,9 @@ require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingaccount.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
// Load translation files required by the page
@ -59,9 +59,14 @@ $search_desc = GETPOST('search_desc', 'alpha');
$search_amount = GETPOST('search_amount', 'alpha');
$search_account = GETPOST('search_account', 'alpha');
$search_vat = GETPOST('search_vat', 'alpha');
$search_day = GETPOST("search_day", "int");
$search_month = GETPOST("search_month", "int");
$search_year = GETPOST("search_year", "int");
$search_date_startday = GETPOST('search_date_startday', 'int');
$search_date_startmonth = GETPOST('search_date_startmonth', 'int');
$search_date_startyear = GETPOST('search_date_startyear', 'int');
$search_date_endday = GETPOST('search_date_endday', 'int');
$search_date_endmonth = GETPOST('search_date_endmonth', 'int');
$search_date_endyear = GETPOST('search_date_endyear', 'int');
$search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear); // Use tzserver
$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear);
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION);
@ -83,6 +88,9 @@ if (!$sortorder) {
}
}
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('accountancyexpensereportlist'));
$formaccounting = new FormAccounting($db);
$accounting = new AccountingAccount($db);
@ -101,7 +109,7 @@ if (empty($user->rights->accounting->mouvements->lire)) {
/*
* Action
* Actions
*/
if (GETPOST('cancel', 'alpha')) {
@ -111,30 +119,47 @@ if (!GETPOST('confirmmassaction', 'alpha') && $massaction != 'presend' && $massa
$massaction = '';
}
// Purge search criteria
if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All test are required to be compatible with all browsers
$search_login = '';
$search_expensereport = '';
$search_label = '';
$search_desc = '';
$search_amount = '';
$search_account = '';
$search_vat = '';
$search_day = '';
$search_month = '';
$search_year = '';
$parameters = array();
$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
if ($reshook < 0) {
setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
}
if (empty($reshook)) {
// Purge search criteria
if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All test are required to be compatible with all browsers
$search_login = '';
$search_expensereport = '';
$search_label = '';
$search_desc = '';
$search_amount = '';
$search_account = '';
$search_vat = '';
$search_date_startday = '';
$search_date_startmonth = '';
$search_date_startyear = '';
$search_date_endday = '';
$search_date_endmonth = '';
$search_date_endyear = '';
$search_date_start = '';
$search_date_end = '';
$search_country = '';
$search_tvaintra = '';
}
// Mass actions
$objectclass = 'ExpenseReport';
$objectlabel = 'ExpenseReport';
$permissiontoread = $user->rights->expensereport->read;
$permissiontodelete = $user->rights->expensereport->delete;
$uploaddir = $conf->expensereport->dir_output;
include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
$objectclass = 'ExpenseReport';
$objectlabel = 'ExpenseReport';
$permissiontoread = $user->rights->expensereport->read;
$permissiontodelete = $user->rights->expensereport->delete;
$uploaddir = $conf->expensereport->dir_output;
include DOL_DOCUMENT_ROOT . '/core/actions_massactions.inc.php';
}
if ($massaction == 'ventil' && $user->rights->accounting->bind->write) {
$msg = '';
//print '<div><span style="color:red">' . $langs->trans("Processing") . '...</span></div>';
if (!empty($mesCasesCochees)) {
$msg = '<div>'.$langs->trans("SelectedLines").': '.count($mesCasesCochees).'</div>';
@ -159,7 +184,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) {
$accountventilated = new AccountingAccount($db);
$accountventilated->fetch($monCompte, '', 1);
dol_syslog('accountancy/expensereport/list.php', LOG_DEBUG);
dol_syslog('accountancy/expensereport/list.php:: sql='.$sql, LOG_DEBUG);
if ($db->query($sql)) {
$msg .= '<div><span style="color:green">'.$langs->trans("LineOfExpenseReport").' '.$monId.' - '.$langs->trans("VentilatedinAccount").' : '.length_accountg($accountventilated->account_number).'</span></div>';
$ok++;
@ -201,6 +226,9 @@ $sql .= " erd.rowid, erd.fk_c_type_fees, erd.comments, erd.total_ht as price, er
$sql .= " f.id as type_fees_id, f.code as type_fees_code, f.label as type_fees_label, f.accountancy_code as code_buy,";
$sql .= " u.rowid as userid, u.login, u.lastname, u.firstname, u.email, u.gender, u.employee, u.photo, u.statut,";
$sql .= " aa.rowid as aarowid";
$parameters = array();
$reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters); // Note that $action and $object may have been modified by hook
$sql .= $hookmanager->resPrint;
$sql .= " FROM ".MAIN_DB_PREFIX."expensereport as er";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."expensereport_det as erd ON er.rowid = erd.fk_expensereport";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_fees as f ON f.id = erd.fk_c_type_fees";
@ -233,9 +261,19 @@ if (strlen(trim($search_account))) {
if (strlen(trim($search_vat))) {
$sql .= natural_search("erd.tva_tx", $search_vat, 1);
}
$sql .= dolSqlDateFilter('erd.date', $search_day, $search_month, $search_year);
if ($search_date_start) {
$sql .= " AND erd.date >= '".$db->idate($search_date_start)."'";
}
if ($search_date_end) {
$sql .= " AND erd.date <= '".$db->idate($search_date_end)."'";
}
$sql .= " AND er.entity IN (".getEntity('expensereport', 0).")"; // We don't share object for accountancy
// Add where from hooks
$parameters = array();
$reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook
$sql .= $hookmanager->resPrint;
$sql .= $db->order($sortfield, $sortorder);
// Count total nb of records
@ -251,7 +289,13 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) {
$sql .= $db->plimit($limit + 1, $offset);
dol_syslog('accountancy/expensereport/list.php');
dol_syslog("accountancy/expensereport/list.php", LOG_DEBUG);
// MAX_JOIN_SIZE can be very low (ex: 300000) on some limited configurations (ex: https://www.online.net/fr/hosting/online-perso)
// This big SELECT command may exceed the MAX_JOIN_SIZE limit => Therefore we use SQL_BIG_SELECTS=1 to disable the MAX_JOIN_SIZE security
if ($db->type == 'mysqli') {
$db->query("SET SQL_BIG_SELECTS=1");
}
$result = $db->query($sql);
if ($result) {
$num_lines = $db->num_rows($result);
@ -272,14 +316,23 @@ if ($result) {
if ($search_lineid) {
$param .= '&search_lineid='.urlencode($search_lineid);
}
if ($search_day) {
$param .= '&search_day='.urlencode($search_day);
if ($search_date_startday) {
$param .= '&search_date_startday='.urlencode($search_date_startday);
}
if ($search_month) {
$param .= '&search_month='.urlencode($search_month);
if ($search_date_startmonth) {
$param .= '&search_date_startmonth='.urlencode($search_date_startmonth);
}
if ($search_year) {
$param .= '&search_year='.urlencode($search_year);
if ($search_date_startyear) {
$param .= '&search_date_startyear='.urlencode($search_date_startyear);
}
if ($search_date_endday) {
$param .= '&search_date_endday='.urlencode($search_date_endday);
}
if ($search_date_endmonth) {
$param .= '&search_date_endmonth='.urlencode($search_date_endmonth);
}
if ($search_date_endyear) {
$param .= '&search_date_endyear='.urlencode($search_date_endyear);
}
if ($search_expensereport) {
$param .= '&search_expensereport='.urlencode($search_expensereport);
@ -302,7 +355,6 @@ if ($result) {
);
$massactionbutton = $form->selectMassAction('ventil', $arrayofmassactions, 1);
print '<form action="'.$_SERVER["PHP_SELF"].'" method="post">'."\n";
print '<input type="hidden" name="action" value="ventil">';
if ($optioncss != '') {
@ -335,20 +387,21 @@ if ($result) {
if (!empty($conf->global->ACCOUNTANCY_USE_EXPENSE_REPORT_VALIDATION_DATE)) {
print '<td class="liste_titre"></td>';
}
print '<td class="liste_titre center nowraponall minwidth100imp">';
if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) {
print '<input class="flat valignmiddle maxwidth25" type="text" maxlength="2" name="search_day" value="'.$search_day.'">';
}
print '<input class="flat valignmiddle maxwidth25" type="text" maxlength="2" name="search_month" value="'.$search_month.'">';
$formother->select_year($search_year, 'search_year', 1, 20, 5);
print '<td class="liste_titre center">';
print '<div class="nowrap">';
print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
print '</div>';
print '<div class="nowrap">';
print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
print '</div>';
print '</td>';
print '<td class="liste_titre"><input type="text" class="flat maxwidth50" name="search_label" value="'.dol_escape_htmltag($search_label).'"></td>';
print '<td class="liste_titre"><input type="text" class="flat maxwidthonsmartphone" name="search_desc" value="'.dol_escape_htmltag($search_desc).'"></td>';
print '<td class="liste_titre right"><input type="text" class="right flat maxwidth50" name="search_amount" value="'.dol_escape_htmltag($search_amount).'"></td>';
print '<td class="liste_titre right"><input type="text" class="right flat maxwidth50" name="search_vat" placeholder="%" size="1" value="'.dol_escape_htmltag($search_vat).'"></td>';
print '<td class="liste_titre right"><input type="text" class="flat maxwidth50 right" name="search_amount" value="'.dol_escape_htmltag($search_amount).'"></td>';
print '<td class="liste_titre right"><input type="text" class="flat maxwidth50 right" name="search_vat" placeholder="%" size="1" value="'.dol_escape_htmltag($search_vat).'"></td>';
print '<td class="liste_titre"></td>';
print '<td class="liste_titre"></td>';
print '<td class="center" class="liste_titre">';
print '<td class="center liste_titre">';
$searchpicto = $form->showFilterButtons();
print $searchpicto;
print '</td>';
@ -468,6 +521,9 @@ if ($result) {
} else {
print $db->error();
}
if ($db->type == 'mysqli') {
$db->query("SET SQL_BIG_SELECTS=0"); // Enable MAX_JOIN_SIZE limitation
}
// Add code to auto check the box when we select an account
print '<script type="text/javascript">

1
htdocs/admin/system/security.php
View File

@ -99,6 +99,7 @@ if (!ini_get('session.cookie_samesite') || ini_get('session.cookie_samesite') ==
}
print "<br>\n";
print "<strong>PHP open_basedir</strong> = ".(ini_get('open_basedir') ? ini_get('open_basedir') : yn(0).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("ARestrictedPath").', '.$langs->transnoentitiesnoconv("Example").': '.$_SERVER["DOCUMENT_ROOT"].','.DOL_DATA_ROOT).')</span>')."<br>\n";
print "<strong>PHP short_open_tag</strong> = ".((empty(ini_get('short_open_tag')) || ini_get('short_open_tag') == 'Off') ? yn(0) : img_warning().' '.yn(0)).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).')</span>'."<br>\n";
print "<strong>PHP allow_url_fopen</strong> = ".(ini_get('allow_url_fopen') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_fopen') : yn(0)).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).")</span><br>\n";
print "<strong>PHP allow_url_include</strong> = ".(ini_get('allow_url_include') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_include') : yn(0)).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).")</span><br>\n";
//print "<strong>PHP safe_mode</strong> = ".(ini_get('safe_mode') ? ini_get('safe_mode') : yn(0)).' &nbsp; <span class="opacitymedium">'.$langs->trans("Deprecated")." (removed in PHP 5.4)</span><br>\n";

19
htdocs/compta/bank/card.php
View File

@ -124,6 +124,7 @@ if (empty($reshook)) {
$object->bic = trim(GETPOST("bic"));
$object->iban = trim(GETPOST("iban"));
$object->domiciliation = trim(GETPOST("domiciliation", "nohtml"));
$object->pti_in_ctti = empty(GETPOST("pti_in_ctti")) ? 0 : 1;
$object->proprio = trim(GETPOST("proprio", 'alphanohtml'));
$object->owner_address = trim(GETPOST("owner_address", 'nohtml'));
@ -224,6 +225,7 @@ if (empty($reshook)) {
$object->bic = trim(GETPOST("bic"));
$object->iban = trim(GETPOST("iban"));
$object->domiciliation = trim(GETPOST("domiciliation", "nohtml"));
$object->pti_in_ctti = empty(GETPOST("pti_in_ctti")) ? 0 : 1;
$object->proprio = trim(GETPOST("proprio", 'alphanohtml'));
$object->owner_address = trim(GETPOST("owner_address", 'nohtml'));
@ -537,6 +539,13 @@ if ($action == 'create') {
print '<tr><td>'.$langs->trans($bickey).'</td>';
print '<td><input maxlength="11" type="text" class="flat minwidth150" name="bic" value="'.(GETPOST('bic') ?GETPOST('bic', 'alpha') : $object->bic).'"></td></tr>';
if ($conf->paymentbybanktransfer->enabled) {
print '<tr><td>'.$langs->trans("SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformation").'</td>';
print '<td><input type="checkbox" class="flat minwidth150" name="pti_in_ctti"'. (empty(GETPOST('pti_in_ctti')) ? '' : ' checked ') . '>&nbsp;';
print img_picto($langs->trans("SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformationHelp"), 'info');
print '</td></tr>';
}
print '<tr><td>'.$langs->trans("BankAccountDomiciliation").'</td><td>';
print '<textarea class="flat quatrevingtpercent" name="domiciliation" rows="'.ROWS_2.'">';
print (GETPOST('domiciliation') ?GETPOST('domiciliation') : $object->domiciliation);
@ -777,6 +786,11 @@ if ($action == 'create') {
print '<tr><td>'.$langs->trans("ICS").' ('.$langs->trans("BankTransfer").')</td>';
print '<td>'.$object->ics_transfer.'</td>';
print '</tr>';
print '<tr><td>'.$langs->trans("SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformation").'</td><td>';
print (empty($object->pti_in_ctti) ? $langs->trans("No") : $langs->trans("Yes")) . '&nbsp;';
print img_picto($langs->trans("SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformationHelp"), 'info');
print "</td></tr>\n";
}
print '<tr><td>'.$langs->trans("BankAccountDomiciliation").'</td><td>';
@ -1074,6 +1088,11 @@ if ($action == 'create') {
if ($conf->paymentbybanktransfer->enabled) {
print '<tr><td>'.$langs->trans("ICS").' ('.$langs->trans("BankTransfer").')</td>';
print '<td><input class="minwidth150 maxwidth200onsmartphone" maxlength="32" type="text" class="flat" name="ics_transfer" value="'.(GETPOSTISSET('ics_transfer') ? GETPOST('ics_transfer', 'alphanohtml') : $object->ics_transfer).'"></td></tr>';
print '<tr><td>'.$langs->trans("SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformation").'</td>';
print '<td><input type="checkbox" class="flat minwidth150" name="pti_in_ctti"'. ($object->pti_in_ctti ? ' checked ' : '') . '>&nbsp;';
print img_picto($langs->trans("SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformationHelp"), 'info');
print '</td></tr>';
}
print '<tr><td>'.$langs->trans("BankAccountDomiciliation").'</td><td>';

20
htdocs/compta/bank/class/account.class.php
View File

@ -145,6 +145,12 @@ class Account extends CommonObject
*/
public $iban_prefix;
/**
* XML SEPA format: place Payment Type Information (PmtTpInf) in Credit Transfer Transaction Information (CdtTrfTxInf)
* @var int
*/
public $pti_in_ctti = 0;
/**
* Name of account holder
* @var string
@ -680,6 +686,7 @@ class Account extends CommonObject
$sql .= ", bic";
$sql .= ", iban_prefix";
$sql .= ", domiciliation";
$sql .= ", pti_in_ctti";
$sql .= ", proprio";
$sql .= ", owner_address";
$sql .= ", currency_code";
@ -706,6 +713,7 @@ class Account extends CommonObject
$sql .= ", '".$this->db->escape($this->bic)."'";
$sql .= ", '".$this->db->escape($this->iban)."'";
$sql .= ", '".$this->db->escape($this->domiciliation)."'";
$sql .= ", ".((int) $this->pti_in_ctti);
$sql .= ", '".$this->db->escape($this->proprio)."'";
$sql .= ", '".$this->db->escape($this->owner_address)."'";
$sql .= ", '".$this->db->escape($this->currency_code)."'";
@ -828,6 +836,7 @@ class Account extends CommonObject
$sql .= ",bic='".$this->db->escape($this->bic)."'";
$sql .= ",iban_prefix = '".$this->db->escape($this->iban)."'";
$sql .= ",domiciliation='".$this->db->escape($this->domiciliation)."'";
$sql .= ",pti_in_ctti=".((int) $this->pti_in_ctti);
$sql .= ",proprio = '".$this->db->escape($this->proprio)."'";
$sql .= ",owner_address = '".$this->db->escape($this->owner_address)."'";
@ -949,7 +958,7 @@ class Account extends CommonObject
$sql = "SELECT ba.rowid, ba.ref, ba.label, ba.bank, ba.number, ba.courant, ba.clos, ba.rappro, ba.url,";
$sql .= " ba.code_banque, ba.code_guichet, ba.cle_rib, ba.bic, ba.iban_prefix as iban,";
$sql .= " ba.domiciliation, ba.proprio, ba.owner_address, ba.state_id, ba.fk_pays as country_id,";
$sql .= " ba.domiciliation, ba.pti_in_ctti, ba.proprio, ba.owner_address, ba.state_id, ba.fk_pays as country_id,";
$sql .= " ba.account_number, ba.fk_accountancy_journal, ba.currency_code,";
$sql .= " ba.min_allowed, ba.min_desired, ba.comment,";
$sql .= " ba.datec as date_creation, ba.tms as date_update, ba.ics, ba.ics_transfer,";
@ -992,6 +1001,7 @@ class Account extends CommonObject
$this->bic = $obj->bic;
$this->iban = $obj->iban;
$this->domiciliation = $obj->domiciliation;
$this->pti_in_ctti = $obj->pti_in_ctti;
$this->proprio = $obj->proprio;
$this->owner_address = $obj->owner_address;
@ -1188,9 +1198,11 @@ class Account extends CommonObject
* Return current sold
*
* @param int $option 1=Exclude future operation date (this is to exclude input made in advance and have real account sold)
* @return int Current sold (value date <= today)
* @param tms $date_end Date until we want to get bank account sold
* @param string $field dateo or datev
* @return int current sold (value date <= today)
*/
public function solde($option = 0)
public function solde($option = 0, $date_end = '', $field = 'dateo')
{
$solde = 0;
@ -1198,7 +1210,7 @@ class Account extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."bank";
$sql .= " WHERE fk_account = ".((int) $this->id);
if ($option == 1) {
$sql .= " AND dateo <= '".$this->db->idate(dol_now())."'";
$sql .= " AND ".$this->db->escape($field)." <= '".(!empty($date_end) ? $this->db->idate($date_end) : $this->db->idate(dol_now()))."'";
}
$resql = $this->db->query($sql);

48
htdocs/compta/prelevement/class/bonprelevement.class.php
View File

@ -64,6 +64,7 @@ class BonPrelevement extends CommonObject
public $emetteur_numero_compte;
public $emetteur_code_banque;
public $emetteur_number_key;
public $sepa_xml_pti_in_ctti;
public $emetteur_iban;
public $emetteur_bic;
@ -107,6 +108,7 @@ class BonPrelevement extends CommonObject
$this->emetteur_numero_compte = "";
$this->emetteur_code_banque = "";
$this->emetteur_number_key = "";
$this->sepa_xml_pti_in_ctti = false;
$this->emetteur_iban = "";
$this->emetteur_bic = "";
@ -1038,10 +1040,11 @@ class BonPrelevement extends CommonObject
}
$account = new Account($this->db);
if ($account->fetch($id) > 0) {
$this->emetteur_code_banque = $account->code_banque;
$this->emetteur_code_banque = $account->code_banque;
$this->emetteur_code_guichet = $account->code_guichet;
$this->emetteur_numero_compte = $account->number;
$this->emetteur_number_key = $account->cle_rib;
$this->emetteur_number_key = $account->cle_rib;
$this->sepa_xml_pti_in_ctti = (bool) $account->pti_in_ctti;
$this->emetteur_iban = $account->iban;
$this->emetteur_bic = $account->bic;
@ -1881,6 +1884,24 @@ class BonPrelevement extends CommonObject
// Add EndToEndId. Must be a unique ID for each payment (for example by including bank, buyer or seller, date, checksum)
$XML_CREDITOR .= ' <EndToEndId>'.(($conf->global->PRELEVEMENT_END_TO_END != "") ? $conf->global->PRELEVEMENT_END_TO_END : ('CT-'.dol_trunc($row_idfac.'-'.$row_ref, 20, 'right', 'UTF-8', 1)).'-'.$Rowing).'</EndToEndId>'.$CrLf; // ISO20022 states that EndToEndId has a MaxLength of 35 characters
$XML_CREDITOR .= ' </PmtId>'.$CrLf;
if ($this->sepa_xml_pti_in_ctti) {
$XML_CREDITOR .= ' <PmtTpInf>' . $CrLf;
// Can be 'NORM' for normal or 'HIGH' for high priority level
if (!empty($conf->global->PAYMENTBYBANKTRANSFER_FORCE_HIGH_PRIORITY)) {
$instrprty = 'HIGH';
} else {
$instrprty = 'NORM';
}
$XML_CREDITOR .= ' <InstrPrty>'.$instrprty.'</InstrPrty>' . $CrLf;
$XML_CREDITOR .= ' <SvcLvl>' . $CrLf;
$XML_CREDITOR .= ' <Cd>SEPA</Cd>' . $CrLf;
$XML_CREDITOR .= ' </SvcLvl>' . $CrLf;
$XML_CREDITOR .= ' <CtgyPurp>' . $CrLf;
$XML_CREDITOR .= ' <Cd>CORE</Cd>' . $CrLf;
$XML_CREDITOR .= ' </CtgyPurp>' . $CrLf;
$XML_CREDITOR .= ' </PmtTpInf>' . $CrLf;
}
$XML_CREDITOR .= ' <Amt>'.$CrLf;
$XML_CREDITOR .= ' <InstdAmt Ccy="EUR">'.round($row_somme, 2).'</InstdAmt>'.$CrLf;
$XML_CREDITOR .= ' </Amt>'.$CrLf;
@ -2031,6 +2052,7 @@ class BonPrelevement extends CommonObject
$this->emetteur_code_guichet = $account->code_guichet;
$this->emetteur_numero_compte = $account->number;
$this->emetteur_number_key = $account->cle_rib;
$this->sepa_xml_pti_in_ctti = (bool) $account->pti_in_ctti;
$this->emetteur_iban = $account->iban;
$this->emetteur_bic = $account->bic;
@ -2125,17 +2147,17 @@ class BonPrelevement extends CommonObject
//$XML_SEPA_INFO .= ' <BtchBookg>False</BtchBookg>'.$CrLf;
$XML_SEPA_INFO .= ' <NbOfTxs>'.$nombre.'</NbOfTxs>'.$CrLf;
$XML_SEPA_INFO .= ' <CtrlSum>'.$total.'</CtrlSum>'.$CrLf;
/*
$XML_SEPA_INFO .= ' <PmtTpInf>'.$CrLf;
$XML_SEPA_INFO .= ' <SvcLvl>'.$CrLf;
$XML_SEPA_INFO .= ' <Cd>SEPA</Cd>'.$CrLf;
$XML_SEPA_INFO .= ' </SvcLvl>'.$CrLf;
$XML_SEPA_INFO .= ' <LclInstrm>'.$CrLf;
$XML_SEPA_INFO .= ' <Cd>TRF</Cd>'.$CrLf;
$XML_SEPA_INFO .= ' </LclInstrm>'.$CrLf;
$XML_SEPA_INFO .= ' <CtgyPurp><Cd>SECU</Cd></CtgyPurp>'.$CrLf;
$XML_SEPA_INFO .= ' </PmtTpInf>'.$CrLf;
*/
if (!$this->sepa_xml_pti_in_ctti) {
$XML_SEPA_INFO .= ' <PmtTpInf>' . $CrLf;
$XML_SEPA_INFO .= ' <SvcLvl>' . $CrLf;
$XML_SEPA_INFO .= ' <Cd>SEPA</Cd>' . $CrLf;
$XML_SEPA_INFO .= ' </SvcLvl>' . $CrLf;
$XML_SEPA_INFO .= ' <LclInstrm>' . $CrLf;
$XML_SEPA_INFO .= ' <Cd>CORE</Cd>' . $CrLf;
$XML_SEPA_INFO .= ' </LclInstrm>' . $CrLf;
$XML_SEPA_INFO .= ' <SeqTp>' . $format . '</SeqTp>' . $CrLf;
$XML_SEPA_INFO .= ' </PmtTpInf>' . $CrLf;
}
$XML_SEPA_INFO .= ' <ReqdExctnDt>'.dol_print_date($dateTime_ETAD, 'dayrfc').'</ReqdExctnDt>'.$CrLf;
$XML_SEPA_INFO .= ' <Dbtr>'.$CrLf;
$XML_SEPA_INFO .= ' <Nm>'.dolEscapeXML(strtoupper(dol_string_unaccent($this->raison_sociale))).'</Nm>'.$CrLf;

86
htdocs/core/class/extrafields.class.php
View File

@ -66,6 +66,11 @@ class ExtraFields
*/
public $attributes;
/**
* @var array Array with boolean of status of groups
*/
public $expand_display;
/**
* @var string Error code (or message)
*/
@ -1866,55 +1871,58 @@ class ExtraFields
$colspan=0;
}
$extrafield_param = $this->attributes[$object->table_element]['param'][$key];
$extrafield_param_list = array();
if (!empty($extrafield_param) && is_array($extrafield_param)) {
$extrafield_param_list = array_keys($extrafield_param['options']);
}
$extrafield_collapse_display_value = -1;
$expand_display = false;
if (is_array($extrafield_param_list) && count($extrafield_param_list) > 0) {
$extrafield_collapse_display_value = intval($extrafield_param_list[0]);
$expand_display = ((isset($_COOKIE['DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key]) || GETPOST('ignorecollapsesetup', 'int')) ? ($_COOKIE['DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key] ? true : false) : ($extrafield_collapse_display_value == 2 ? false : true));
}
$out = '<'.$tagtype.' id="trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').'" class="trextrafieldseparator trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').'">';
$out .= '<'.$tagtype_dyn.' '.(!empty($colspan)?'colspan="' . $colspan . '"':'').'>';
// Some js code will be injected here to manage the collapsing of extrafields
$out .='<strong>';
$out .= '<span class="cursorpointer far fa-'.($expand_display ? 'minus' : 'plus').'-square"></span>&nbsp;';
$out .= '<strong>';
$out .= $langs->trans($this->attributes[$object->table_element]['label'][$key]);
$out .= '</strong>';
$out .= '</'.$tagtype_dyn.'>';
$out .= '</'.$tagtype.'>';
$extrafield_param = $this->attributes[$object->table_element]['param'][$key];
if (!empty($extrafield_param) && is_array($extrafield_param)) {
$extrafield_param_list = array_keys($extrafield_param['options']);
if ($extrafield_collapse_display_value == 1 || $extrafield_collapse_display_value == 2) {
// Set the collapse_display status to cookie in priority or if ignorecollapsesetup is 1, if cookie and ignorecollapsesetup not defined, use the setup.
$extrafields_collapse_num = $this->attributes[$object->table_element]['pos'][$key].(!empty($object->id)?'_'.$object->id:'');
$this->expand_display[$extrafields_collapse_num] = $expand_display;
if (count($extrafield_param_list) > 0) {
$extrafield_collapse_display_value = intval($extrafield_param_list[0]);
if ($extrafield_collapse_display_value == 1 || $extrafield_collapse_display_value == 2) {
// Set the collapse_display status to cookie in priority or if ignorecollapsesetup is 1, if cookie and ignorecollapsesetup not defined, use the setup.
$collapse_display = ((isset($_COOKIE['DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key]) || GETPOST('ignorecollapsesetup', 'int')) ? ($_COOKIE['DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key] ? true : false) : ($extrafield_collapse_display_value == 2 ? false : true));
$extrafields_collapse_num = $this->attributes[$object->table_element]['pos'][$key].(!empty($object->id)?'_'.$object->id:'');
if (!empty($conf->use_javascript_ajax)) {
$out .= '<!-- Add js script to manage the collapse/uncollapse of extrafields separators '.$key.' -->'."\n";
$out .= '<script type="text/javascript">'."\n";
$out .= 'jQuery(document).ready(function(){'."\n";
if ($collapse_display === false) {
$out .= ' console.log("Inject js for the collapsing of extrafield '.$key.' - hide");';
$out .= ' jQuery("#trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').' '.$tagtype_dyn.'").prepend("<span class=\"cursorpointer far fa-plus-square\"></span>&nbsp;");'."\n";
$out .= ' jQuery(".trextrafields_collapse'.$extrafields_collapse_num.'").hide();'."\n";
} else {
$out .= ' console.log("Inject js for collapsing of extrafield '.$key.' - keep visible and set cookie");';
$out .= ' jQuery("#trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').' '.$tagtype_dyn.'").prepend("<span class=\"cursorpointer far fa-minus-square\"></span>&nbsp;");'."\n";
$out .= ' document.cookie = "DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key.'=1; path='.$_SERVER["PHP_SELF"].'"'."\n";
}
$out .= ' jQuery("#trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').'").click(function(){'."\n";
$out .= ' console.log("We click on collapse/uncollapse .trextrafields_collapse'.$extrafields_collapse_num.'");'."\n";
$out .= ' jQuery(".trextrafields_collapse'.$extrafields_collapse_num.'").toggle(100, function(){'."\n";
$out .= ' if (jQuery(".trextrafields_collapse'.$extrafields_collapse_num.'").is(":hidden")) {'."\n";
$out .= ' jQuery("#trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').' '.$tagtype_dyn.' span").addClass("fa-plus-square").removeClass("fa-minus-square");'."\n";
$out .= ' document.cookie = "DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key.'=0; path='.$_SERVER["PHP_SELF"].'"'."\n";
$out .= ' } else {'."\n";
$out .= ' jQuery("#trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').' '.$tagtype_dyn.' span").addClass("fa-minus-square").removeClass("fa-plus-square");'."\n";
$out .= ' document.cookie = "DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key.'=1; path='.$_SERVER["PHP_SELF"].'"'."\n";
$out .= ' }'."\n";
$out .= ' });'."\n";
$out .= ' });'."\n";
$out .= '});'."\n";
$out .= '</script>'."\n";
}
if (!empty($conf->use_javascript_ajax)) {
$out .= '<!-- Add js script to manage the collapse/uncollapse of extrafields separators '.$key.' -->'."\n";
$out .= '<script type="text/javascript">'."\n";
$out .= 'jQuery(document).ready(function(){'."\n";
if ($expand_display === false) {
$out .= ' console.log("Inject js for the collapsing of extrafield '.$key.' - hide");'."\n";
$out .= ' jQuery(".trextrafields_collapse'.$extrafields_collapse_num.'").hide();'."\n";
} else {
$out .= ' console.log("Inject js for collapsing of extrafield '.$key.' - keep visible and set cookie");'."\n";
$out .= ' document.cookie = "DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key.'=1; path='.$_SERVER["PHP_SELF"].'"'."\n";
}
$out .= ' jQuery("#trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').'").click(function(){'."\n";
$out .= ' console.log("We click on collapse/uncollapse .trextrafields_collapse'.$extrafields_collapse_num.'");'."\n";
$out .= ' jQuery(".trextrafields_collapse'.$extrafields_collapse_num.'").toggle(100, function(){'."\n";
$out .= ' if (jQuery(".trextrafields_collapse'.$extrafields_collapse_num.'").is(":hidden")) {'."\n";
$out .= ' jQuery("#trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').' '.$tagtype_dyn.' span").addClass("fa-plus-square").removeClass("fa-minus-square");'."\n";
$out .= ' document.cookie = "DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key.'=0; path='.$_SERVER["PHP_SELF"].'"'."\n";
$out .= ' } else {'."\n";
$out .= ' jQuery("#trextrafieldseparator'.$key.(!empty($object->id)?'_'.$object->id:'').' '.$tagtype_dyn.' span").addClass("fa-minus-square").removeClass("fa-plus-square");'."\n";
$out .= ' document.cookie = "DOLCOLLAPSE_'.$object->table_element.'_extrafields_'.$key.'=1; path='.$_SERVER["PHP_SELF"].'"'."\n";
$out .= ' }'."\n";
$out .= ' });'."\n";
$out .= ' });'."\n";
$out .= '});'."\n";
$out .= '</script>'."\n";
}
}

10
htdocs/core/class/html.form.class.php
View File

@ -141,7 +141,7 @@ class Form
}
}
} else {
if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) {
if (empty($notabletag) && $perm) {
$ret .= '<table class="nobordernopadding centpercent"><tr><td class="nowrap">';
}
if ($fieldrequired) {
@ -158,10 +158,10 @@ class Form
if (!empty($notabletag)) {
$ret .= ' ';
}
if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) {
if (empty($notabletag) && $perm) {
$ret .= '</td>';
}
if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) {
if (empty($notabletag) && $perm) {
$ret .= '<td class="right">';
}
if ($htmlname && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) {
@ -173,10 +173,10 @@ class Form
if (!empty($notabletag) && $notabletag == 3) {
$ret .= ' ';
}
if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) {
if (empty($notabletag) && $perm) {
$ret .= '</td>';
}
if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) {
if (empty($notabletag) && $perm) {
$ret .= '</tr></table>';
}
}

17
htdocs/core/lib/admin.lib.php
View File

@ -320,6 +320,7 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle
// Loop on each request to execute request
$cursorinsert = 0;
$listofinsertedrowid = array();
$keyforsql = md5($sqlfile);
foreach ($arraysql as $i => $sql) {
if ($sql) {
// Replace the prefix tables
@ -335,7 +336,7 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle
// Add log of request
if (!$silent) {
print '<tr class="trforrunsql'.md5($sqlfile).'"><td class="tdtop opacitymedium"'.($colspan ? ' colspan="'.$colspan.'"' : '').'>'.$langs->trans("Request").' '.($i + 1)." sql='".dol_htmlentities($newsql, ENT_NOQUOTES)."'</td></tr>\n";
print '<tr class="trforrunsql'.$keyforsql.'"><td class="tdtop opacitymedium"'.($colspan ? ' colspan="'.$colspan.'"' : '').'>'.$langs->trans("Request").' '.($i + 1)." sql='".dol_htmlentities($newsql, ENT_NOQUOTES)."'</td></tr>\n";
}
dol_syslog('Admin.lib::run_sql Request '.($i + 1), LOG_DEBUG);
$sqlmodified = 0;
@ -454,18 +455,18 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle
//if (!empty($conf->use_javascript_ajax)) { // use_javascript_ajax is not defined
print '<script type="text/javascript">
jQuery(document).ready(function() {
function init_trrunsql'.md5($sqlfile).'()
function init_trrunsql'.$keyforsql.'()
{
console.log("toggle .trforrunsql'.md5($sqlfile).'");
jQuery(".trforrunsql'.md5($sqlfile).'").toggle();
console.log("toggle .trforrunsql'.$keyforsql.'");
jQuery(".trforrunsql'.$keyforsql.'").toggle();
}
init_trrunsql'.md5($sqlfile).'();
jQuery(".trforrunsqlshowhide'.md5($sqlfile).'").click(function() {
init_trrunsql'.md5($sqlfile).'();
init_trrunsql'.$keyforsql.'();
jQuery(".trforrunsqlshowhide'.$keyforsql.'").click(function() {
init_trrunsql'.$keyforsql.'();
});
});
</script>';
print ' - <a class="trforrunsqlshowhide'.md5($sqlfile).'" href="#">'.$langs->trans("ShowHideDetails").'</a>';
print ' - <a class="trforrunsqlshowhide'.$keyforsql.'" href="#">'.$langs->trans("ShowHideDetails").'</a>';
//}
print '</td></tr>'."\n";

6
htdocs/core/lib/files.lib.php
View File

@ -987,7 +987,7 @@ function dol_unescapefile($filename)
*/
function dolCheckVirus($src_file)
{
global $conf;
global $conf, $db;
if (!empty($conf->global->MAIN_ANTIVIRUS_COMMAND)) {
if (!class_exists('AntiVir')) {
@ -2374,6 +2374,10 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
$accessallowed = 1;
}
$original_file = $conf->user->dir_output.'/'.$original_file;
} elseif (($modulepart == 'companylogo') && !empty($conf->mycompany->dir_output)) {
// Wrapping for users logos
$accessallowed = 1;
$original_file = $conf->mycompany->dir_output.'/logos/'.$original_file;
} elseif ($modulepart == 'memberphoto' && !empty($conf->adherent->dir_output)) {
// Wrapping for members photos
$accessallowed = 0;

22
htdocs/core/lib/functions.lib.php
View File

@ -6582,16 +6582,18 @@ function dol_string_onlythesehtmlattributes($stringtoclean, $allowed_attributes
} elseif (in_array($attrs->item($ii)->name, array('style'))) {
$valuetoclean = $attrs->item($ii)->value;
do {
$oldvaluetoclean = $valuetoclean;
$valuetoclean = preg_replace('/\/\*.*\*\//m', '', $valuetoclean); // clean css comments
$valuetoclean = preg_replace('/position\s*:\s*[a-z]+/mi', '', $valuetoclean);
if ($els->item($i)->tagName == 'a') { // more paranoiac cleaning for clickable tags.
$valuetoclean = preg_replace('/display\s*://m', '', $valuetoclean);
$valuetoclean = preg_replace('/z-index\s*://m', '', $valuetoclean);
$valuetoclean = preg_replace('/\s+(top|left|right|bottom)\s*://m', '', $valuetoclean);
}
} while ($oldvaluetoclean != $valuetoclean);
if (isset($valuetoclean)) {
do {
$oldvaluetoclean = $valuetoclean;
$valuetoclean = preg_replace('/\/\*.*\*\//m', '', $valuetoclean); // clean css comments
$valuetoclean = preg_replace('/position\s*:\s*[a-z]+/mi', '', $valuetoclean);
if ($els->item($i)->tagName == 'a') { // more paranoiac cleaning for clickable tags.
$valuetoclean = preg_replace('/display\s*://m', '', $valuetoclean);
$valuetoclean = preg_replace('/z-index\s*://m', '', $valuetoclean);
$valuetoclean = preg_replace('/\s+(top|left|right|bottom)\s*://m', '', $valuetoclean);
}
} while ($oldvaluetoclean != $valuetoclean);
}
$attrs->item($ii)->value = $valuetoclean;
}

4
htdocs/core/lib/website.lib.php
View File

@ -31,6 +31,8 @@
*/
function dolStripPhpCode($str, $replacewith = '')
{
$str = str_replace('<?=', '<?php', $str);
$newstr = '';
//split on each opening tag
@ -71,6 +73,8 @@ function dolStripPhpCode($str, $replacewith = '')
*/
function dolKeepOnlyPhpCode($str)
{
$str = str_replace('<?=', '<?php', $str);
$newstr = '';
//split on each opening tag

5
htdocs/core/lib/website2.lib.php
View File

@ -647,6 +647,11 @@ function checkPHPCode($phpfullcodestringold, $phpfullcodestring)
break;
}
}
// Check dynamic functions $xxx(
if (preg_match('/\$[a-z0-9_]+\(/ims', $phpfullcodestring)) {
$error++;
setEventMessages($langs->trans("DynamicPHPCodeContainsAForbiddenInstruction", '$...('), null, 'errors');
}
if (!$error && empty($user->rights->website->writephp)) {
if ($phpfullcodestringold != $phpfullcodestring) {

9
htdocs/core/tpl/extrafields_view.tpl.php
View File

@ -125,14 +125,19 @@ if (empty($reshook) && isset($extrafields->attributes[$object->table_element]['l
$lastseparatorkeyfound = $tmpkeyextra;
} else {
print '<tr class="trextrafields_collapse'.$extrafields_collapse_num.(!empty($object->id) ? '_'.$object->id : '');
$collapse_group = $extrafields_collapse_num.(!empty($object->id) ? '_'.$object->id : '');
print '<tr class="trextrafields_collapse'.$collapse_group;
/*if ($extrafields_collapse_num && $extrafields_collapse_num_old && $extrafields_collapse_num != $extrafields_collapse_num_old) {
print ' trextrafields_collapse_new';
}*/
if ($extrafields_collapse_num && $i == count($extrafields->attributes[$object->table_element]['label'])) {
print ' trextrafields_collapse_last';
}
print '">';
print '"';
if (empty($extrafields->expand_display[$collapse_group])) {
print ' style="display: none;"';
}
print '>';
$extrafields_collapse_num_old = $extrafields_collapse_num;
print '<td class="titlefield">';
print '<table class="nobordernopadding centpercent">';

4
htdocs/fichinter/card.php
View File

@ -265,9 +265,9 @@ if (empty($reshook)) {
$error++;
$action = 'create';
}
$array_options = $extrafields->getOptionalsFromPost($object->table_element);
//$array_options = $extrafields->getOptionalsFromPost($object->table_element);
$object->array_options = $array_options;
//$object->array_options = $array_options;
$id = $object->create($user);

1
htdocs/fourn/facture/contact.php
View File

@ -46,6 +46,7 @@ if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'fournisseur', $id, 'facture_fourn', 'facture');
$hookmanager->initHooks(array('invoicesuppliercardcontact'));
$object = new FactureFournisseur($db);

1
htdocs/fourn/facture/document.php
View File

@ -51,6 +51,7 @@ if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'fournisseur', $id, 'facture_fourn', 'facture');
$hookmanager->initHooks(array('invoicesuppliercarddocument'));
// Get parameters
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;

1
htdocs/fourn/facture/info.php
View File

@ -44,6 +44,7 @@ if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'fournisseur', $id, 'facture_fourn', 'facture');
$hookmanager->initHooks(array('invoicesuppliercardinfo'));
$object = new FactureFournisseur($db);

5
htdocs/includes/tecnickcom/tcpdf/tcpdf.php
View File

@ -6881,6 +6881,11 @@ class TCPDF {
// DOL CHANGE If we keep this, the image is not visible on pages after the first one.
//var_dump($file.' '.(!@TCPDF_STATIC::file_exists($file)));
//return false;
// try to encode spaces on filename
$tfile = str_replace(' ', '%20', $file);
if (@TCPDF_STATIC::file_exists($tfile)) {
$file = $tfile;
}
}
if (($imsize = @getimagesize($file)) === FALSE) {
if (in_array($file, $this->imagekeys)) {

6
htdocs/install/mysql/migration/15.0.0-16.0.0.sql
View File

@ -245,3 +245,9 @@ create table llx_inventory_extrafields
import_key varchar(14) -- import key
) ENGINE=innodb;
ALTER TABLE llx_inventory_extrafields ADD INDEX idx_inventory_extrafields (fk_object);
ALTER TABLE llx_reception MODIFY COLUMN ref_supplier varchar(128);
ALTER TABLE llx_bank_account ADD COLUMN pti_in_ctti smallint DEFAULT 0 AFTER domiciliation;

1
htdocs/install/mysql/tables/llx_bank_account.sql
View File

@ -42,6 +42,7 @@ create table llx_bank_account
country_iban varchar(2), -- deprecated
cle_iban varchar(2),
domiciliation varchar(255),
pti_in_ctti smallint DEFAULT 0,
state_id integer DEFAULT NULL,
fk_pays integer NOT NULL,
proprio varchar(60),

8
htdocs/install/mysql/tables/llx_reception.sql
View File

@ -26,11 +26,11 @@ create table llx_reception
ref varchar(30) NOT NULL,
entity integer DEFAULT 1 NOT NULL, -- multi company id
fk_soc integer NOT NULL,
fk_projet integer DEFAULT NULL,
fk_projet integer DEFAULT NULL,
ref_ext varchar(30), -- reference into an external system (not used by dolibarr)
ref_int varchar(30), -- reference into an internal system (deprecated)
ref_supplier varchar(30), -- customer number
ref_int varchar(30), -- reference into an internal system (deprecated)
ref_supplier varchar(128), -- supplier number
date_creation datetime, -- date de creation
fk_user_author integer, -- author of creation
@ -38,7 +38,7 @@ create table llx_reception
date_valid datetime, -- date de validation
fk_user_valid integer, -- valideur
date_delivery datetime DEFAULT NULL, -- date planned of delivery
date_reception datetime,
date_reception datetime,
fk_shipping_method integer,
tracking_number varchar(50),
fk_statut smallint DEFAULT 0, -- 0 = draft, 1 = validated, 2 = billed or closed depending on WORKFLOW_BILL_ON_SHIPMENT option

2
htdocs/langs/en_US/banks.lang
View File

@ -182,3 +182,5 @@ IfYouDontReconcileDisableProperty=If you don't make the bank reconciliations on
NoBankAccountDefined=No bank account defined
NoRecordFoundIBankcAccount=No record found in bank account. Commonly, this occurs when a record has been deleted manually from the list of transaction in the bank account (for example during a reconciliation of the bank account). Another reason is that the payment was recorded when the module "%s" was disabled.
AlreadyOneBankAccount=Already one bank account defined
SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformation=SEPA transfer: 'Payment Type' at 'Credit Transfer' level
SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformationHelp=SEPA XML: PaymentTypeInformation is mandatory and can now be placed at CreditTransferTransactionInformation level (instead of Payment level). We strongly recommend to place PaymentTypeInformation at Payment level, as all banks will not necessarily accept it at CreditTransferTransactionInformation level. Contact your bank before placing PaymentTypeInformation at CreditTransferTransactionInformation level.

12
htdocs/main.inc.php
View File

@ -97,15 +97,15 @@ function testSqlAndScriptInject($val, $type)
//$val = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', 'realCharForNumericEntities', $val); // Sometimes we have entities without the ; at end so html_entity_decode does not work but entities is still interpreted by browser.
$val = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', function ($m) {
return realCharForNumericEntities($m); }, $val);
// We clean string because some hacks try to obfuscate evil strings by inserting non printable chars. Example: 'java(ascci09)scr(ascii00)ipt' is processed like 'javascript' (whatever is place of evil ascii char)
// We should use dol_string_nounprintableascii but function is not yet loaded/available
$val = preg_replace('/[\x00-\x1F\x7F]/u', '', $val); // /u operator makes UTF8 valid characters being ignored so are not included into the replace
// We clean html comments because some hacks try to obfuscate evil strings by inserting HTML comments. Example: on<!-- -->error=alert(1)
$val = preg_replace('/<!--[^>]*-->/', '', $val);
} while ($oldval != $val);
//print "after decoding $val\n";
// We clean string because some hacks try to obfuscate evil strings by inserting non printable chars. Example: 'java(ascci09)scr(ascii00)ipt' is processed like 'javascript' (whatever is place of evil ascii char)
// We should use dol_string_nounprintableascii but function is not yet loaded/available
$val = preg_replace('/[\x00-\x1F\x7F]/u', '', $val); // /u operator makes UTF8 valid characters being ignored so are not included into the replace
// We clean html comments because some hacks try to obfuscate evil strings by inserting HTML comments. Example: on<!-- -->error=alert(1)
$val = preg_replace('/<!--[^>]*-->/', '', $val);
$inj = 0;
// For SQL Injection (only GET are used to scan for such injection strings)
if ($type == 1 || $type == 3) {

10
htdocs/opensurvey/card.php
View File

@ -137,18 +137,18 @@ if (empty($reshook)) {
if (GETPOST('ajoutcomment')) {
$error = 0;
if (!GETPOST('comment')) {
if (!GETPOST('comment', "alphanohtml")) {
$error++;
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Comment")), null, 'errors');
}
if (!GETPOST('commentuser')) {
if (!GETPOST('commentuser', "alphanohtml")) {
$error++;
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("User")), null, 'errors');
}
if (!$error) {
$comment = (string) GETPOST("comment", "restricthtml");
$comment_user = (string) GETPOST('commentuser', "restricthtml");
$comment = (string) GETPOST("comment", "alphanohtml");
$comment_user = (string) GETPOST('commentuser', "alphanohtml");
$resql = $object->addComment($comment, $comment_user);
@ -422,7 +422,7 @@ print '<br>';
if ($object->allow_comments) {
print $langs->trans("AddACommentForPoll").'<br>';
print '<textarea name="comment" rows="2" class="quatrevingtpercent"></textarea><br>'."\n";
print $langs->trans("Name").': <input type="text" class="minwidth300" name="commentuser" value="'.$user->getFullName($langs).'"> '."\n";
print $langs->trans("Name").': <input type="text" class="minwidth300" name="commentuser" value="'.dol_escape_htmltag($user->getFullName($langs)).'"> '."\n";
print '<input type="submit" class="button reposition" name="ajoutcomment" value="'.dol_escape_htmltag($langs->trans("AddComment")).'"><br>'."\n";
}

8
htdocs/public/opensurvey/studs.php
View File

@ -79,8 +79,8 @@ if (GETPOST('ajoutcomment', 'alpha')) {
$error = 0;
$comment = GETPOST("comment", 'restricthtml');
$comment_user = GETPOST('commentuser', 'nohtml');
$comment = GETPOST("comment", 'alphanohtml');
$comment_user = GETPOST('commentuser', 'alphanohtml');
if (!$comment) {
$error++;
@ -780,9 +780,9 @@ if ($comments) {
if ($object->allow_comments) {
print '<br><div class="addcomment"><span class="opacitymedium">'.$langs->trans("AddACommentForPoll")."</span><br>\n";
print '<textarea name="comment" rows="'.ROWS_2.'" class="quatrevingtpercent">'.dol_escape_htmltag(GETPOST('comment', 'restricthtml'), 0, 1).'</textarea><br>'."\n";
print '<textarea name="comment" rows="'.ROWS_2.'" class="quatrevingtpercent">'.dol_escape_htmltag(GETPOST('comment', 'alphanohtml'), 0, 1).'</textarea><br>'."\n";
print $langs->trans("Name").': ';
print '<input type="text" name="commentuser" maxlength="64" value="'.GETPOST('commentuser', 'nohtml').'"> &nbsp; '."\n";
print '<input type="text" name="commentuser" maxlength="64" value="'.dol_escape_htmltag(GETPOST('commentuser', 'alphanohtml')).'"> &nbsp; '."\n";
print '<input type="submit" class="button" name="ajoutcomment" value="'.dol_escape_htmltag($langs->trans("AddComment")).'"><br>'."\n";
print '</form>'."\n";

24
htdocs/theme/eldy/global.inc.php
View File

@ -223,7 +223,7 @@ input {
padding-left: 5px;
}
select {
padding-top: 5px;
padding-top: 4px;
padding-right: 4px;
padding-bottom: 5px;
padding-left: 2px;
@ -550,6 +550,13 @@ div#moretabsList, div#moretabsListaction {
hr { border: 0; border-top: 1px solid #ccc; }
.tabBar hr { margin-top: 20px; margin-bottom: 17px; }
table.tableforfield .button:not(.bordertransp):not(.buttonpayment),
table.tableforfield .buttonDelete:not(.bordertransp):not(.buttonpayment) {
margin-bottom: 2px;
margin-top: 2px;
}
.button:not(.bordertransp):not(.buttonpayment),
.buttonDelete:not(.bordertransp):not(.buttonpayment) {
margin-bottom: 3px;
@ -3495,11 +3502,10 @@ table.border, table.bordernooddeven, table.dataTable, .table-border, .table-bord
table.borderplus {
border: 1px solid #BBB;
}
.border tbody tr, .bordernooddeven tbody tr, .border tbody tr td, .bordernooddeven tbody tr td, div.tabBar table.border tr, div.tabBar table.border tr td, div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border-col, div.tabBar div.border .table-val-border-col {
height: 22px;
}
.border tbody tr, .bordernooddeven tbody tr, .border tbody tr td, .bordernooddeven tbody tr td,
div.tabBar table.border tr, div.tabBar table.border tr td, div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border-col, div.tabBar div.border .table-val-border-col,
tr.liste_titre.box_titre td table td, .bordernooddeven tr td {
height: 22px;
height: 28px;
}
div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border-col, div.tabBar .table-val-border-col {
@ -3507,17 +3513,15 @@ div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border
}
div .tdtop {
vertical-align: top !important;
/*padding-top: 10px !important;
padding-bottom: 2px !important; */
}
table.border td, table.bordernooddeven td, div.border div div.tagtd {
padding: 5px 2px 5px 2px;
padding: 2px 2px 2px 2px;
border-collapse: collapse;
}
div.tabBar .fichecenter table.border>tbody>tr>td, div.tabBar .fichecenter div.border div div.tagtd, div.tabBar div.border div div.tagtd
{
padding-top: 5px;
padding-top: 2px;
border-bottom: 1px solid #E0E0E0;
}
@ -7409,7 +7413,7 @@ div.clipboardCPValue.hidewithsize {
}
#divbodywebsite {
word-break: break-all;
word-break: break-word;
}
.websiteselectionsection {

19
htdocs/theme/md/style.css.php
View File

@ -730,6 +730,14 @@ div#moretabsList, div#moretabsListaction {
}
hr { border: 0; border-top: 1px solid #ccc; }
.tabBar hr { margin-top: 20px; margin-bottom: 17px; }
table.tableforfield .button:not(.bordertransp):not(.buttonpayment),
table.tableforfield .buttonDelete:not(.bordertransp):not(.buttonpayment) {
margin-bottom: 2px;
margin-top: 2px;
}
.button:not(.bordertransp):not(.buttonpayment), .buttonDelete:not(.bordertransp):not(.buttonpayment) {
border-color: #c5c5c5;
@ -3564,15 +3572,14 @@ table.borderplus {
border: 1px solid #BBB;
}
.border tbody tr, .bordernooddeven tbody tr, .border tbody tr td, .bordernooddeven tbody tr td, div.tabBar table.border tr, div.tabBar table.border tr td, div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border-col, div.tabBar div.border .table-val-border-col {
height: 26px;
}
.border tbody tr, .bordernooddeven tbody tr, .border tbody tr td, .bordernooddeven tbody tr td,
div.tabBar table.border tr, div.tabBar table.border tr td, div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border-col, div.tabBar div.border .table-val-border-col,
tr.liste_titre.box_titre td table td, .bordernooddeven tr td {
height: 26px;
height: 28px;
}
table.border td, table.bordernooddeven td, div.border div div.tagtd {
padding: 4px 4px 4px 4px;
padding: 3px 4px 3px 4px;
border: 1px solid #f0f0f0;
border-collapse: collapse;
}
@ -7230,7 +7237,7 @@ div.clipboardCPValue.hidewithsize {
}
#divbodywebsite {
word-break: break-all;
word-break: break-word;
}
.websiteselectionsection {

14
htdocs/user/card.php
View File

@ -402,12 +402,14 @@ if (empty($reshook)) {
$object->civility_code = GETPOST("civility_code", 'aZ09');
$object->lastname = GETPOST("lastname", 'alphanohtml');
$object->firstname = GETPOST("firstname", 'alphanohtml');
$object->login = GETPOST("login", 'alphanohtml');
$object->gender = GETPOST("gender", 'aZ09');
$object->pass = GETPOST("password", 'none'); // We can keep 'none' for password fields
$object->api_key = (GETPOST("api_key", 'alphanohtml')) ? GETPOST("api_key", 'alphanohtml') : $object->api_key;
if (!empty($user->admin)) {
$object->admin = GETPOST("admin", "int"); // admin flag can only be set/unset by an admin user. A test is also done later when forging sql request
if (!empty($user->admin)) { // admin flag can only be set/unset by an admin user. A test is also done later when forging sql request
$object->admin = GETPOST("admin", "int");
}
if ($user->admin && !$object->ldap_sid) { // same test than on edit page
$object->login = GETPOST("login", 'alphanohtml');
}
$object->address = GETPOST('address', 'alphanohtml');
$object->zip = GETPOST('zipcode', 'alphanohtml');
@ -1883,7 +1885,7 @@ if ($action == 'create' || $action == 'adduserldap') {
print dolGetButtonAction($langs->trans('ReinitPassword'), '', 'default', $_SERVER['PHP_SELF'].'#', '', false, $params);
} elseif (($user->id != $id && $caneditpassword) && $object->login && !$object->ldap_sid &&
((empty($conf->multicompany->enabled) && $object->entity == $user->entity) || !$user->entity || ($object->entity == $conf->entity) || ($conf->global->MULTICOMPANY_TRANSVERSE_MODE && $conf->entity == 1))) {
print dolGetButtonAction($langs->trans('ReinitPassword'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&amp;action=password', '', true, $params);
print dolGetButtonAction($langs->trans('ReinitPassword'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=password&token='.newToken(), '', true, $params);
}
if ($object->statut == 0) {
@ -1892,7 +1894,7 @@ if ($action == 'create' || $action == 'adduserldap') {
} elseif (($user->id != $id && $caneditpassword) && $object->login && !$object->ldap_sid &&
((empty($conf->multicompany->enabled) && $object->entity == $user->entity) || !$user->entity || ($object->entity == $conf->entity) || ($conf->global->MULTICOMPANY_TRANSVERSE_MODE && $conf->entity == 1))) {
if ($object->email) {
print dolGetButtonAction($langs->trans('SendNewPassword'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&amp;action=passwordsend', '', true, $params);
print dolGetButtonAction($langs->trans('SendNewPassword'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=passwordsend&token='.newToken(), '', true, $params);
} else {
$params['attr']['title'] = $langs->trans('NoEMail');
print dolGetButtonAction($langs->trans('SendNewPassword'), '', 'default', $_SERVER['PHP_SELF'].'#', '', false, $params);
@ -1914,7 +1916,7 @@ if ($action == 'create' || $action == 'adduserldap') {
// Disable user
if ($user->id <> $id && $candisableuser && $object->statut == 1 &&
((empty($conf->multicompany->enabled) && $object->entity == $user->entity) || !$user->entity || ($object->entity == $conf->entity) || ($conf->global->MULTICOMPANY_TRANSVERSE_MODE && $conf->entity == 1))) {
print dolGetButtonAction($langs->trans('DisableUser'), '', 'default', $_SERVER['PHP_SELF'] . '?action=disable&id=' . $object->id . '&token='.newToken().$langs->trans("DisableUser"), '', true, $params);
print dolGetButtonAction($langs->trans('DisableUser'), '', 'default', $_SERVER['PHP_SELF'] . '?id=' . $object->id . '&action=disable&token='.newToken().$langs->trans("DisableUser"), '', true, $params);
} else {
if ($user->id == $id) {
$params['attr']['title'] = $langs->trans('CantDisableYourself');

48
htdocs/website/index.php
View File

@ -1406,9 +1406,13 @@ if ($action == 'updatecss' && $usercanedit) {
}
$dataposted = trim(GETPOST('WEBSITE_HTML_HEADER', 'none'));
$dataposted = preg_replace(array('/<html>\n*/ims', '/<\/html>\n*/ims'), array('', ''), $dataposted);
$dataposted = str_replace('<?=', '<?php', $dataposted);
// Html header file
$phpfullcodestringold = '';
$phpfullcodestring = dolKeepOnlyPhpCode(GETPOST('WEBSITE_HTML_HEADER', 'none'));
$phpfullcodestring = dolKeepOnlyPhpCode($dataposted);
// Security analysis
$errorphpcheck = checkPHPCode($phpfullcodestringold, $phpfullcodestring); // Contains the setEventMessages
@ -1426,14 +1430,12 @@ if ($action == 'updatecss' && $usercanedit) {
// $htmlheadercontent.= "header('Content-type: text/html');\n"; // Not required. htmlheader.html is never call as a standalone page
$htmlheadercontent.= "// END PHP ?>\n";*/
$htmlheadercontent .= preg_replace(array('/<html>\n*/ims', '/<\/html>\n*/ims'), array('', ''), GETPOST('WEBSITE_HTML_HEADER', 'none'));
$htmlheadercontent .= $dataposted."\n";
/*$htmlheadercontent.= "\n".'<?php // BEGIN PHP'."\n";
$htmlheadercontent.= '$tmp = ob_get_contents(); ob_end_clean(); dolWebsiteOutput($tmp);'."\n";
$htmlheadercontent.= "// END PHP ?>"."\n";*/
$htmlheadercontent = trim($htmlheadercontent)."\n";
$result = dolSaveHtmlHeader($filehtmlheader, $htmlheadercontent);
if (!$result) {
$error++;
@ -1443,10 +1445,12 @@ if ($action == 'updatecss' && $usercanedit) {
$error++;
}
$dataposted = trim(GETPOST('WEBSITE_CSS_INLINE', 'none'));
$dataposted = str_replace('<?=', '<?php', $dataposted);
// Css file
$phpfullcodestringold = '';
$phpfullcodestring = dolKeepOnlyPhpCode(GETPOST('WEBSITE_CSS_INLINE', 'none'));
$phpfullcodestring = dolKeepOnlyPhpCode($dataposted);
// Security analysis
$errorphpcheck = checkPHPCode($phpfullcodestringold, $phpfullcodestring); // Contains the setEventMessages
@ -1466,7 +1470,7 @@ if ($action == 'updatecss' && $usercanedit) {
$csscontent .= "}\n";
$csscontent .= "// END PHP ?>\n";
$csscontent .= trim(GETPOST('WEBSITE_CSS_INLINE', 'none'))."\n";
$csscontent .= $dataposted."\n";
$csscontent .= '<?php // BEGIN PHP'."\n";
$csscontent .= '$tmp = ob_get_contents(); ob_end_clean(); dolWebsiteOutput($tmp, "css");'."\n";
@ -1484,9 +1488,12 @@ if ($action == 'updatecss' && $usercanedit) {
}
$dataposted = trim(GETPOST('WEBSITE_JS_INLINE', 'none'));
$dataposted = str_replace('<?=', '<?php', $dataposted);
// Js file
$phpfullcodestringold = '';
$phpfullcodestring = dolKeepOnlyPhpCode(GETPOST('WEBSITE_JS_INLINE', 'none'));
$phpfullcodestring = dolKeepOnlyPhpCode($dataposted);
// Security analysis
$errorphpcheck = checkPHPCode($phpfullcodestringold, $phpfullcodestring); // Contains the setEventMessages
@ -1504,7 +1511,7 @@ if ($action == 'updatecss' && $usercanedit) {
$jscontent .= "header('Content-type: application/javascript');\n";
$jscontent .= "// END PHP ?>\n";
$jscontent .= trim(GETPOST('WEBSITE_JS_INLINE', 'none'))."\n";
$jscontent .= $dataposted."\n";
$jscontent .= '<?php // BEGIN PHP'."\n";
$jscontent .= '$tmp = ob_get_contents(); ob_end_clean(); dolWebsiteOutput($tmp, "js");'."\n";
@ -1519,10 +1526,12 @@ if ($action == 'updatecss' && $usercanedit) {
$error++;
}
$dataposted = trim(GETPOST('WEBSITE_ROBOT', 'restricthtml'));
$dataposted = str_replace('<?=', '<?php', $dataposted);
// Robot file
$phpfullcodestringold = '';
$phpfullcodestring = dolKeepOnlyPhpCode(GETPOST('WEBSITE_ROBOT', 'restricthtml'));
$phpfullcodestring = dolKeepOnlyPhpCode($dataposted);
// Security analysis
$errorphpcheck = checkPHPCode($phpfullcodestringold, $phpfullcodestring); // Contains the setEventMessages
@ -1540,7 +1549,7 @@ if ($action == 'updatecss' && $usercanedit) {
$robotcontent.= "header('Content-type: text/css');\n";
$robotcontent.= "// END PHP ?>\n";*/
$robotcontent .= trim(GETPOST('WEBSITE_ROBOT', 'restricthtml'))."\n";
$robotcontent .= $dataposted."\n";
/*$robotcontent.= "\n".'<?php // BEGIN PHP'."\n";
$robotcontent.= '$tmp = ob_get_contents(); ob_end_clean(); dolWebsiteOutput($tmp, "robot");'."\n";
@ -1555,17 +1564,19 @@ if ($action == 'updatecss' && $usercanedit) {
$error++;
}
$dataposted = trim(GETPOST('WEBSITE_HTACCESS', 'restricthtml'));
$dataposted = str_replace('<?=', '<?php', $dataposted);
// Htaccess file
$phpfullcodestringold = '';
$phpfullcodestring = dolKeepOnlyPhpCode(GETPOST('WEBSITE_HTACCESS', 'restricthtml'));
$phpfullcodestring = dolKeepOnlyPhpCode($dataposted);
// Security analysis
$errorphpcheck = checkPHPCode($phpfullcodestringold, $phpfullcodestring); // Contains the setEventMessages
if (!$errorphpcheck) {
$htaccesscontent = '';
$htaccesscontent .= trim(GETPOST('WEBSITE_HTACCESS', 'restricthtml'))."\n";
$htaccesscontent .= $dataposted."\n";
$result = dolSaveHtaccessFile($filehtaccess, $htaccesscontent);
if (!$result) {
@ -1577,9 +1588,12 @@ if ($action == 'updatecss' && $usercanedit) {
}
$dataposted = trim(GETPOST('WEBSITE_MANIFEST_JSON', 'none'));
$dataposted = str_replace('<?=', '<?php', $dataposted);
// Manifest.json file
$phpfullcodestringold = '';
$phpfullcodestring = dolKeepOnlyPhpCode(GETPOST('WEBSITE_MANIFEST_JSON', 'none'));
$phpfullcodestring = dolKeepOnlyPhpCode($dataposted);
// Security analysis
$errorphpcheck = checkPHPCode($phpfullcodestringold, $phpfullcodestring); // Contains the setEventMessages
@ -1597,7 +1611,7 @@ if ($action == 'updatecss' && $usercanedit) {
$manifestjsoncontent .= "header('Content-type: application/manifest+json');\n";
$manifestjsoncontent .= "// END PHP ?>\n";
$manifestjsoncontent .= trim(GETPOST('WEBSITE_MANIFEST_JSON', 'none'))."\n";
$manifestjsoncontent .= $dataposted."\n";
$manifestjsoncontent .= '<?php // BEGIN PHP'."\n";
$manifestjsoncontent .= '$tmp = ob_get_contents(); ob_end_clean(); dolWebsiteOutput($tmp, "manifest");'."\n";
@ -1612,10 +1626,12 @@ if ($action == 'updatecss' && $usercanedit) {
$error++;
}
$dataposted = trim(GETPOST('WEBSITE_README', 'restricthtml'));
$dataposted = str_replace('<?=', '<?php', $dataposted);
// README.md file
$phpfullcodestringold = '';
$phpfullcodestring = dolKeepOnlyPhpCode(GETPOST('WEBSITE_README', 'restricthtml'));
$phpfullcodestring = dolKeepOnlyPhpCode($dataposted);
// Security analysis
$errorphpcheck = checkPHPCode($phpfullcodestringold, $phpfullcodestring); // Contains the setEventMessages
@ -1633,7 +1649,7 @@ if ($action == 'updatecss' && $usercanedit) {
$readmecontent.= "header('Content-type: application/manifest+json');\n";
$readmecontent.= "// END PHP ?>\n";*/
$readmecontent .= trim(GETPOST('WEBSITE_README', 'restricthtml'))."\n";
$readmecontent .= $dataposted."\n";
/*$readmecontent.= '<?php // BEGIN PHP'."\n";
$readmecontent.= '$tmp = ob_get_contents(); ob_end_clean(); dolWebsiteOutput($tmp, "manifest");'."\n";

2
test/phpunit/CodingPhpTest.php
View File

@ -444,7 +444,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase
$matches=array();
preg_match_all('/GETPOST\s*\(([^\)]+),\s*["\']none["\']/i', $filecontent, $matches, PREG_SET_ORDER);
foreach ($matches as $key => $val) {
var_dump($val);
//var_dump($val);
if (!in_array($val[1], array(
"'replacestring'", "'htmlheader'", "'WEBSITE_HTML_HEADER'", "'WEBSITE_CSS_INLINE'", "'WEBSITE_JS_INLINE'", "'WEBSITE_MANIFEST_JSON'", "'PAGE_CONTENT'", "'WEBSITE_README'",
"'search_status'", '"mysqldump"', '"postgresqldump"', "'db_pass_root'", "'db_pass'", '"pass"', '"pass1"', '"pass2"', '"password"', "'password'", '"MAIN_MAIL_SMTPS_PW"'))) {