diff --git a/dev/examples/zapier/package.json b/dev/examples/zapier/package.json index a9d519dec69..8852928771f 100644 --- a/dev/examples/zapier/package.json +++ b/dev/examples/zapier/package.json @@ -15,7 +15,7 @@ "npm": ">=5.6.0" }, "dependencies": { - "zapier-platform-core": "11.0.1" + "zapier-platform-core": "11.3.1" }, "devDependencies": { "mocha": "^5.2.0", diff --git a/htdocs/accountancy/expensereport/lines.php b/htdocs/accountancy/expensereport/lines.php index fb3bf1a6e04..ff7b9295693 100644 --- a/htdocs/accountancy/expensereport/lines.php +++ b/htdocs/accountancy/expensereport/lines.php @@ -1,6 +1,6 @@ - * Copyright (C) 2013-2017 Alexandre Spangaro + * Copyright (C) 2013-2022 Alexandre Spangaro * Copyright (C) 2014-2015 Ari Elbaz (elarifr) * Copyright (C) 2013-2016 Florian Henry * Copyright (C) 2014 Juanjo Menent @@ -26,8 +26,8 @@ */ require '../../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php'; require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingaccount.class.php'; require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php'; @@ -49,9 +49,14 @@ $search_desc = GETPOST('search_desc', 'alpha'); $search_amount = GETPOST('search_amount', 'alpha'); $search_account = GETPOST('search_account', 'alpha'); $search_vat = GETPOST('search_vat', 'alpha'); -$search_day = GETPOST("search_day", "int"); -$search_month = GETPOST("search_month", "int"); -$search_year = GETPOST("search_year", "int"); +$search_date_startday = GETPOST('search_date_startday', 'int'); +$search_date_startmonth = GETPOST('search_date_startmonth', 'int'); +$search_date_startyear = GETPOST('search_date_startyear', 'int'); +$search_date_endday = GETPOST('search_date_endday', 'int'); +$search_date_endmonth = GETPOST('search_date_endmonth', 'int'); +$search_date_endyear = GETPOST('search_date_endyear', 'int'); +$search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear); // Use tzserver +$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); @@ -61,9 +66,9 @@ $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("pa if (empty($page) || $page < 0) { $page = 0; } +$offset = $limit * $page; $pageprev = $page - 1; $pagenext = $page + 1; -$offset = $limit * $page; if (!$sortfield) { $sortfield = "erd.date, erd.rowid"; } @@ -101,9 +106,14 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x' $search_amount = ''; $search_account = ''; $search_vat = ''; - $search_day = ''; - $search_month = ''; - $search_year = ''; + $search_date_startday = ''; + $search_date_startmonth = ''; + $search_date_startyear = ''; + $search_date_endday = ''; + $search_date_endmonth = ''; + $search_date_endyear = ''; + $search_date_start = ''; + $search_date_end = ''; } if (is_array($changeaccount) && count($changeaccount) > 0 && $user->rights->accounting->bind->write) { @@ -204,7 +214,12 @@ if (strlen(trim($search_account))) { if (strlen(trim($search_vat))) { $sql .= natural_search("erd.tva_tx", price2num($search_vat), 1); } -$sql .= dolSqlDateFilter('erd.date', $search_day, $search_month, $search_year); +if ($search_date_start) { + $sql .= " AND erd.date >= '".$db->idate($search_date_start)."'"; +} +if ($search_date_end) { + $sql .= " AND erd.date <= '".$db->idate($search_date_end)."'"; +} $sql .= " AND er.entity IN (".getEntity('expensereport', 0).")"; // We don't share object for accountancy $sql .= $db->order($sortfield, $sortorder); @@ -222,9 +237,8 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { $sql .= $db->plimit($limit + 1, $offset); -dol_syslog('accountancy/expensereport/lines.php::list'); +dol_syslog("accountancy/expensereport/lines.php", LOG_DEBUG); $result = $db->query($sql); - if ($result) { $num_lines = $db->num_rows($result); $i = 0; @@ -254,14 +268,23 @@ if ($result) { if ($search_vat) { $param .= "&search_vat=".urlencode($search_vat); } - if ($search_day) { - $param .= '&search_day='.urlencode($search_day); + if ($search_date_startday) { + $param .= '&search_date_startday='.urlencode($search_date_startday); } - if ($search_month) { - $param .= '&search_month='.urlencode($search_month); + if ($search_date_startmonth) { + $param .= '&search_date_startmonth='.urlencode($search_date_startmonth); } - if ($search_year) { - $param .= '&search_year='.urlencode($search_year); + if ($search_date_startyear) { + $param .= '&search_date_startyear='.urlencode($search_date_startyear); + } + if ($search_date_endday) { + $param .= '&search_date_endday='.urlencode($search_date_endday); + } + if ($search_date_endmonth) { + $param .= '&search_date_endmonth='.urlencode($search_date_endmonth); + } + if ($search_date_endyear) { + $param .= '&search_date_endyear='.urlencode($search_date_endyear); } print '
'."\n"; @@ -276,12 +299,11 @@ if ($result) { print ''; print_barre_liste($langs->trans("ExpenseReportLinesDone"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num_lines, $nbtotalofrecords, 'title_accountancy', 0, '', '', $limit); - print ''.$langs->trans("DescVentilDoneExpenseReport").'
'; - print '
'.$langs->trans("ChangeAccount").'
'; + print '
'.$langs->trans("ChangeAccount").' '; print $formaccounting->select_account($account_parent, 'account_parent', 2, array(), 0, 0, 'maxwidth300 maxwidthonsmartphone valignmiddle'); - print '
'; + print '
'; $moreforfilter = ''; @@ -296,11 +318,12 @@ if ($result) { print ''; } print ''; - if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) { - print ''; - } - print ''; - $formother->select_year($search_year, 'search_year', 1, 20, 5); + print '
'; + print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')); + print '
'; + print '
'; + print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')); + print '
'; print ''; print ''; print ''; @@ -394,12 +417,11 @@ if ($result) { print ''.vatrate($objp->tva_tx.($objp->vat_src_code ? ' ('.$objp->vat_src_code.')' : '')).''; // Accounting account affected - print ''; + print ''; print $accountingaccountstatic->getNomUrl(0, 1, 1, '', 1); print ' '; print img_edit(); print ''; - print ''; print ""; diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php index 863001c3bc0..908159cbe1c 100644 --- a/htdocs/accountancy/expensereport/list.php +++ b/htdocs/accountancy/expensereport/list.php @@ -1,6 +1,6 @@ - * Copyright (C) 2013-2017 Alexandre Spangaro + * Copyright (C) 2013-2022 Alexandre Spangaro * Copyright (C) 2014-2015 Ari Elbaz (elarifr) * Copyright (C) 2013-2014 Florian Henry * Copyright (C) 2014 Juanjo Menent s @@ -30,9 +30,9 @@ require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php'; require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php'; +require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingaccount.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; // Load translation files required by the page @@ -59,9 +59,14 @@ $search_desc = GETPOST('search_desc', 'alpha'); $search_amount = GETPOST('search_amount', 'alpha'); $search_account = GETPOST('search_account', 'alpha'); $search_vat = GETPOST('search_vat', 'alpha'); -$search_day = GETPOST("search_day", "int"); -$search_month = GETPOST("search_month", "int"); -$search_year = GETPOST("search_year", "int"); +$search_date_startday = GETPOST('search_date_startday', 'int'); +$search_date_startmonth = GETPOST('search_date_startmonth', 'int'); +$search_date_startyear = GETPOST('search_date_startyear', 'int'); +$search_date_endday = GETPOST('search_date_endday', 'int'); +$search_date_endmonth = GETPOST('search_date_endmonth', 'int'); +$search_date_endyear = GETPOST('search_date_endyear', 'int'); +$search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear); // Use tzserver +$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); @@ -83,6 +88,9 @@ if (!$sortorder) { } } +// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context +$hookmanager->initHooks(array('accountancyexpensereportlist')); + $formaccounting = new FormAccounting($db); $accounting = new AccountingAccount($db); @@ -101,7 +109,7 @@ if (empty($user->rights->accounting->mouvements->lire)) { /* - * Action + * Actions */ if (GETPOST('cancel', 'alpha')) { @@ -111,30 +119,47 @@ if (!GETPOST('confirmmassaction', 'alpha') && $massaction != 'presend' && $massa $massaction = ''; } -// Purge search criteria -if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All test are required to be compatible with all browsers - $search_login = ''; - $search_expensereport = ''; - $search_label = ''; - $search_desc = ''; - $search_amount = ''; - $search_account = ''; - $search_vat = ''; - $search_day = ''; - $search_month = ''; - $search_year = ''; +$parameters = array(); +$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks +if ($reshook < 0) { + setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); } +if (empty($reshook)) { + // Purge search criteria + if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All test are required to be compatible with all browsers + $search_login = ''; + $search_expensereport = ''; + $search_label = ''; + $search_desc = ''; + $search_amount = ''; + $search_account = ''; + $search_vat = ''; + $search_date_startday = ''; + $search_date_startmonth = ''; + $search_date_startyear = ''; + $search_date_endday = ''; + $search_date_endmonth = ''; + $search_date_endyear = ''; + $search_date_start = ''; + $search_date_end = ''; + $search_country = ''; + $search_tvaintra = ''; + } + // Mass actions -$objectclass = 'ExpenseReport'; -$objectlabel = 'ExpenseReport'; -$permissiontoread = $user->rights->expensereport->read; -$permissiontodelete = $user->rights->expensereport->delete; -$uploaddir = $conf->expensereport->dir_output; -include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php'; + $objectclass = 'ExpenseReport'; + $objectlabel = 'ExpenseReport'; + $permissiontoread = $user->rights->expensereport->read; + $permissiontodelete = $user->rights->expensereport->delete; + $uploaddir = $conf->expensereport->dir_output; + include DOL_DOCUMENT_ROOT . '/core/actions_massactions.inc.php'; +} + if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $msg = ''; + //print '
' . $langs->trans("Processing") . '...
'; if (!empty($mesCasesCochees)) { $msg = '
'.$langs->trans("SelectedLines").': '.count($mesCasesCochees).'
'; @@ -159,7 +184,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); - dol_syslog('accountancy/expensereport/list.php', LOG_DEBUG); + dol_syslog('accountancy/expensereport/list.php:: sql='.$sql, LOG_DEBUG); if ($db->query($sql)) { $msg .= '
'.$langs->trans("LineOfExpenseReport").' '.$monId.' - '.$langs->trans("VentilatedinAccount").' : '.length_accountg($accountventilated->account_number).'
'; $ok++; @@ -201,6 +226,9 @@ $sql .= " erd.rowid, erd.fk_c_type_fees, erd.comments, erd.total_ht as price, er $sql .= " f.id as type_fees_id, f.code as type_fees_code, f.label as type_fees_label, f.accountancy_code as code_buy,"; $sql .= " u.rowid as userid, u.login, u.lastname, u.firstname, u.email, u.gender, u.employee, u.photo, u.statut,"; $sql .= " aa.rowid as aarowid"; +$parameters = array(); +$reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters); // Note that $action and $object may have been modified by hook +$sql .= $hookmanager->resPrint; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport as er"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."expensereport_det as erd ON er.rowid = erd.fk_expensereport"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_fees as f ON f.id = erd.fk_c_type_fees"; @@ -233,9 +261,19 @@ if (strlen(trim($search_account))) { if (strlen(trim($search_vat))) { $sql .= natural_search("erd.tva_tx", $search_vat, 1); } -$sql .= dolSqlDateFilter('erd.date', $search_day, $search_month, $search_year); +if ($search_date_start) { + $sql .= " AND erd.date >= '".$db->idate($search_date_start)."'"; +} +if ($search_date_end) { + $sql .= " AND erd.date <= '".$db->idate($search_date_end)."'"; +} $sql .= " AND er.entity IN (".getEntity('expensereport', 0).")"; // We don't share object for accountancy +// Add where from hooks +$parameters = array(); +$reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook +$sql .= $hookmanager->resPrint; + $sql .= $db->order($sortfield, $sortorder); // Count total nb of records @@ -251,7 +289,13 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { $sql .= $db->plimit($limit + 1, $offset); -dol_syslog('accountancy/expensereport/list.php'); +dol_syslog("accountancy/expensereport/list.php", LOG_DEBUG); +// MAX_JOIN_SIZE can be very low (ex: 300000) on some limited configurations (ex: https://www.online.net/fr/hosting/online-perso) +// This big SELECT command may exceed the MAX_JOIN_SIZE limit => Therefore we use SQL_BIG_SELECTS=1 to disable the MAX_JOIN_SIZE security +if ($db->type == 'mysqli') { + $db->query("SET SQL_BIG_SELECTS=1"); +} + $result = $db->query($sql); if ($result) { $num_lines = $db->num_rows($result); @@ -272,14 +316,23 @@ if ($result) { if ($search_lineid) { $param .= '&search_lineid='.urlencode($search_lineid); } - if ($search_day) { - $param .= '&search_day='.urlencode($search_day); + if ($search_date_startday) { + $param .= '&search_date_startday='.urlencode($search_date_startday); } - if ($search_month) { - $param .= '&search_month='.urlencode($search_month); + if ($search_date_startmonth) { + $param .= '&search_date_startmonth='.urlencode($search_date_startmonth); } - if ($search_year) { - $param .= '&search_year='.urlencode($search_year); + if ($search_date_startyear) { + $param .= '&search_date_startyear='.urlencode($search_date_startyear); + } + if ($search_date_endday) { + $param .= '&search_date_endday='.urlencode($search_date_endday); + } + if ($search_date_endmonth) { + $param .= '&search_date_endmonth='.urlencode($search_date_endmonth); + } + if ($search_date_endyear) { + $param .= '&search_date_endyear='.urlencode($search_date_endyear); } if ($search_expensereport) { $param .= '&search_expensereport='.urlencode($search_expensereport); @@ -302,7 +355,6 @@ if ($result) { ); $massactionbutton = $form->selectMassAction('ventil', $arrayofmassactions, 1); - print ''."\n"; print ''; if ($optioncss != '') { @@ -335,20 +387,21 @@ if ($result) { if (!empty($conf->global->ACCOUNTANCY_USE_EXPENSE_REPORT_VALIDATION_DATE)) { print ''; } - print ''; - if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) { - print ''; - } - print ''; - $formother->select_year($search_year, 'search_year', 1, 20, 5); + print ''; + print '
'; + print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')); + print '
'; + print '
'; + print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')); + print '
'; print ''; print ''; print ''; - print ''; - print ''; + print ''; + print ''; print ''; print ''; - print ''; + print ''; $searchpicto = $form->showFilterButtons(); print $searchpicto; print ''; @@ -468,6 +521,9 @@ if ($result) { } else { print $db->error(); } +if ($db->type == 'mysqli') { + $db->query("SET SQL_BIG_SELECTS=0"); // Enable MAX_JOIN_SIZE limitation +} // Add code to auto check the box when we select an account print ''."\n"; - } + if (!empty($conf->use_javascript_ajax)) { + $out .= ''."\n"; + $out .= ''."\n"; } } diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 68fe5152407..6e5c0a572d2 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -141,7 +141,7 @@ class Form } } } else { - if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { + if (empty($notabletag) && $perm) { $ret .= ''; } - if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { + if (empty($notabletag) && $perm) { $ret .= ''; } - if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { + if (empty($notabletag) && $perm) { $ret .= '
'; } if ($fieldrequired) { @@ -158,10 +158,10 @@ class Form if (!empty($notabletag)) { $ret .= ' '; } - if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { + if (empty($notabletag) && $perm) { $ret .= ''; } if ($htmlname && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { @@ -173,10 +173,10 @@ class Form if (!empty($notabletag) && $notabletag == 3) { $ret .= ' '; } - if (empty($notabletag) && GETPOST('action', 'aZ09') != 'edit'.$htmlname && $perm) { + if (empty($notabletag) && $perm) { $ret .= '
'; } } diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php index 45caefa61c1..6054b05aab3 100644 --- a/htdocs/core/lib/admin.lib.php +++ b/htdocs/core/lib/admin.lib.php @@ -320,6 +320,7 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle // Loop on each request to execute request $cursorinsert = 0; $listofinsertedrowid = array(); + $keyforsql = md5($sqlfile); foreach ($arraysql as $i => $sql) { if ($sql) { // Replace the prefix tables @@ -335,7 +336,7 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle // Add log of request if (!$silent) { - print ''.$langs->trans("Request").' '.($i + 1)." sql='".dol_htmlentities($newsql, ENT_NOQUOTES)."'\n"; + print ''.$langs->trans("Request").' '.($i + 1)." sql='".dol_htmlentities($newsql, ENT_NOQUOTES)."'\n"; } dol_syslog('Admin.lib::run_sql Request '.($i + 1), LOG_DEBUG); $sqlmodified = 0; @@ -454,18 +455,18 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle //if (!empty($conf->use_javascript_ajax)) { // use_javascript_ajax is not defined print ''; - print ' - '.$langs->trans("ShowHideDetails").''; + print ' - '.$langs->trans("ShowHideDetails").''; //} print ''."\n"; diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 60382cc4906..efde963d077 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -987,7 +987,7 @@ function dol_unescapefile($filename) */ function dolCheckVirus($src_file) { - global $conf; + global $conf, $db; if (!empty($conf->global->MAIN_ANTIVIRUS_COMMAND)) { if (!class_exists('AntiVir')) { @@ -2374,6 +2374,10 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, $accessallowed = 1; } $original_file = $conf->user->dir_output.'/'.$original_file; + } elseif (($modulepart == 'companylogo') && !empty($conf->mycompany->dir_output)) { + // Wrapping for users logos + $accessallowed = 1; + $original_file = $conf->mycompany->dir_output.'/logos/'.$original_file; } elseif ($modulepart == 'memberphoto' && !empty($conf->adherent->dir_output)) { // Wrapping for members photos $accessallowed = 0; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index aea77cd018d..3b0e90c9013 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -6582,16 +6582,18 @@ function dol_string_onlythesehtmlattributes($stringtoclean, $allowed_attributes } elseif (in_array($attrs->item($ii)->name, array('style'))) { $valuetoclean = $attrs->item($ii)->value; - do { - $oldvaluetoclean = $valuetoclean; - $valuetoclean = preg_replace('/\/\*.*\*\//m', '', $valuetoclean); // clean css comments - $valuetoclean = preg_replace('/position\s*:\s*[a-z]+/mi', '', $valuetoclean); - if ($els->item($i)->tagName == 'a') { // more paranoiac cleaning for clickable tags. - $valuetoclean = preg_replace('/display\s*://m', '', $valuetoclean); - $valuetoclean = preg_replace('/z-index\s*://m', '', $valuetoclean); - $valuetoclean = preg_replace('/\s+(top|left|right|bottom)\s*://m', '', $valuetoclean); - } - } while ($oldvaluetoclean != $valuetoclean); + if (isset($valuetoclean)) { + do { + $oldvaluetoclean = $valuetoclean; + $valuetoclean = preg_replace('/\/\*.*\*\//m', '', $valuetoclean); // clean css comments + $valuetoclean = preg_replace('/position\s*:\s*[a-z]+/mi', '', $valuetoclean); + if ($els->item($i)->tagName == 'a') { // more paranoiac cleaning for clickable tags. + $valuetoclean = preg_replace('/display\s*://m', '', $valuetoclean); + $valuetoclean = preg_replace('/z-index\s*://m', '', $valuetoclean); + $valuetoclean = preg_replace('/\s+(top|left|right|bottom)\s*://m', '', $valuetoclean); + } + } while ($oldvaluetoclean != $valuetoclean); + } $attrs->item($ii)->value = $valuetoclean; } diff --git a/htdocs/core/lib/website.lib.php b/htdocs/core/lib/website.lib.php index ea40cb2dd7e..138be225166 100644 --- a/htdocs/core/lib/website.lib.php +++ b/htdocs/core/lib/website.lib.php @@ -31,6 +31,8 @@ */ function dolStripPhpCode($str, $replacewith = '') { + $str = str_replace('trans("DynamicPHPCodeContainsAForbiddenInstruction", '$...('), null, 'errors'); + } if (!$error && empty($user->rights->website->writephp)) { if ($phpfullcodestringold != $phpfullcodestring) { diff --git a/htdocs/core/tpl/extrafields_view.tpl.php b/htdocs/core/tpl/extrafields_view.tpl.php index b5656c89339..8afa9a16ff0 100644 --- a/htdocs/core/tpl/extrafields_view.tpl.php +++ b/htdocs/core/tpl/extrafields_view.tpl.php @@ -125,14 +125,19 @@ if (empty($reshook) && isset($extrafields->attributes[$object->table_element]['l $lastseparatorkeyfound = $tmpkeyextra; } else { - print 'attributes[$object->table_element]['label'])) { print ' trextrafields_collapse_last'; } - print '">'; + print '"'; + if (empty($extrafields->expand_display[$collapse_group])) { + print ' style="display: none;"'; + } + print '>'; $extrafields_collapse_num_old = $extrafields_collapse_num; print ''; print ''; diff --git a/htdocs/fichinter/card.php b/htdocs/fichinter/card.php index a58a62b5ffd..a99a858adaf 100644 --- a/htdocs/fichinter/card.php +++ b/htdocs/fichinter/card.php @@ -265,9 +265,9 @@ if (empty($reshook)) { $error++; $action = 'create'; } - $array_options = $extrafields->getOptionalsFromPost($object->table_element); + //$array_options = $extrafields->getOptionalsFromPost($object->table_element); - $object->array_options = $array_options; + //$object->array_options = $array_options; $id = $object->create($user); diff --git a/htdocs/fourn/facture/contact.php b/htdocs/fourn/facture/contact.php index 927cc5f36b9..387e3fc39b8 100644 --- a/htdocs/fourn/facture/contact.php +++ b/htdocs/fourn/facture/contact.php @@ -46,6 +46,7 @@ if ($user->socid) { $socid = $user->socid; } $result = restrictedArea($user, 'fournisseur', $id, 'facture_fourn', 'facture'); +$hookmanager->initHooks(array('invoicesuppliercardcontact')); $object = new FactureFournisseur($db); diff --git a/htdocs/fourn/facture/document.php b/htdocs/fourn/facture/document.php index 34255541c01..e08449b376b 100644 --- a/htdocs/fourn/facture/document.php +++ b/htdocs/fourn/facture/document.php @@ -51,6 +51,7 @@ if ($user->socid) { $socid = $user->socid; } $result = restrictedArea($user, 'fournisseur', $id, 'facture_fourn', 'facture'); +$hookmanager->initHooks(array('invoicesuppliercarddocument')); // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; diff --git a/htdocs/fourn/facture/info.php b/htdocs/fourn/facture/info.php index f17d3c3e127..42031bc7fd9 100644 --- a/htdocs/fourn/facture/info.php +++ b/htdocs/fourn/facture/info.php @@ -44,6 +44,7 @@ if ($user->socid) { $socid = $user->socid; } $result = restrictedArea($user, 'fournisseur', $id, 'facture_fourn', 'facture'); +$hookmanager->initHooks(array('invoicesuppliercardinfo')); $object = new FactureFournisseur($db); diff --git a/htdocs/includes/tecnickcom/tcpdf/tcpdf.php b/htdocs/includes/tecnickcom/tcpdf/tcpdf.php index 7e12c501403..2601e7daba8 100644 --- a/htdocs/includes/tecnickcom/tcpdf/tcpdf.php +++ b/htdocs/includes/tecnickcom/tcpdf/tcpdf.php @@ -6881,6 +6881,11 @@ class TCPDF { // DOL CHANGE If we keep this, the image is not visible on pages after the first one. //var_dump($file.' '.(!@TCPDF_STATIC::file_exists($file))); //return false; + // try to encode spaces on filename + $tfile = str_replace(' ', '%20', $file); + if (@TCPDF_STATIC::file_exists($tfile)) { + $file = $tfile; + } } if (($imsize = @getimagesize($file)) === FALSE) { if (in_array($file, $this->imagekeys)) { diff --git a/htdocs/install/mysql/migration/15.0.0-16.0.0.sql b/htdocs/install/mysql/migration/15.0.0-16.0.0.sql index cbf3c8fadc5..03261a5fe62 100644 --- a/htdocs/install/mysql/migration/15.0.0-16.0.0.sql +++ b/htdocs/install/mysql/migration/15.0.0-16.0.0.sql @@ -245,3 +245,9 @@ create table llx_inventory_extrafields import_key varchar(14) -- import key ) ENGINE=innodb; ALTER TABLE llx_inventory_extrafields ADD INDEX idx_inventory_extrafields (fk_object); + + +ALTER TABLE llx_reception MODIFY COLUMN ref_supplier varchar(128); + +ALTER TABLE llx_bank_account ADD COLUMN pti_in_ctti smallint DEFAULT 0 AFTER domiciliation; + diff --git a/htdocs/install/mysql/tables/llx_bank_account.sql b/htdocs/install/mysql/tables/llx_bank_account.sql index aed803cc7ea..d9713b66d38 100644 --- a/htdocs/install/mysql/tables/llx_bank_account.sql +++ b/htdocs/install/mysql/tables/llx_bank_account.sql @@ -42,6 +42,7 @@ create table llx_bank_account country_iban varchar(2), -- deprecated cle_iban varchar(2), domiciliation varchar(255), + pti_in_ctti smallint DEFAULT 0, state_id integer DEFAULT NULL, fk_pays integer NOT NULL, proprio varchar(60), diff --git a/htdocs/install/mysql/tables/llx_reception.sql b/htdocs/install/mysql/tables/llx_reception.sql index 7989f80cf58..8de59edcb77 100644 --- a/htdocs/install/mysql/tables/llx_reception.sql +++ b/htdocs/install/mysql/tables/llx_reception.sql @@ -26,11 +26,11 @@ create table llx_reception ref varchar(30) NOT NULL, entity integer DEFAULT 1 NOT NULL, -- multi company id fk_soc integer NOT NULL, - fk_projet integer DEFAULT NULL, + fk_projet integer DEFAULT NULL, ref_ext varchar(30), -- reference into an external system (not used by dolibarr) - ref_int varchar(30), -- reference into an internal system (deprecated) - ref_supplier varchar(30), -- customer number + ref_int varchar(30), -- reference into an internal system (deprecated) + ref_supplier varchar(128), -- supplier number date_creation datetime, -- date de creation fk_user_author integer, -- author of creation @@ -38,7 +38,7 @@ create table llx_reception date_valid datetime, -- date de validation fk_user_valid integer, -- valideur date_delivery datetime DEFAULT NULL, -- date planned of delivery - date_reception datetime, + date_reception datetime, fk_shipping_method integer, tracking_number varchar(50), fk_statut smallint DEFAULT 0, -- 0 = draft, 1 = validated, 2 = billed or closed depending on WORKFLOW_BILL_ON_SHIPMENT option diff --git a/htdocs/langs/en_US/banks.lang b/htdocs/langs/en_US/banks.lang index f066877f676..2fc54eeceb3 100644 --- a/htdocs/langs/en_US/banks.lang +++ b/htdocs/langs/en_US/banks.lang @@ -182,3 +182,5 @@ IfYouDontReconcileDisableProperty=If you don't make the bank reconciliations on NoBankAccountDefined=No bank account defined NoRecordFoundIBankcAccount=No record found in bank account. Commonly, this occurs when a record has been deleted manually from the list of transaction in the bank account (for example during a reconciliation of the bank account). Another reason is that the payment was recorded when the module "%s" was disabled. AlreadyOneBankAccount=Already one bank account defined +SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformation=SEPA transfer: 'Payment Type' at 'Credit Transfer' level +SEPAXMLPlacePaymentTypeInformationInCreditTransfertransactionInformationHelp=SEPA XML: PaymentTypeInformation is mandatory and can now be placed at CreditTransferTransactionInformation level (instead of Payment level). We strongly recommend to place PaymentTypeInformation at Payment level, as all banks will not necessarily accept it at CreditTransferTransactionInformation level. Contact your bank before placing PaymentTypeInformation at CreditTransferTransactionInformation level. \ No newline at end of file diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 624c7bd6e73..9a9da452a44 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -97,15 +97,15 @@ function testSqlAndScriptInject($val, $type) //$val = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', 'realCharForNumericEntities', $val); // Sometimes we have entities without the ; at end so html_entity_decode does not work but entities is still interpreted by browser. $val = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', function ($m) { return realCharForNumericEntities($m); }, $val); + + // We clean string because some hacks try to obfuscate evil strings by inserting non printable chars. Example: 'java(ascci09)scr(ascii00)ipt' is processed like 'javascript' (whatever is place of evil ascii char) + // We should use dol_string_nounprintableascii but function is not yet loaded/available + $val = preg_replace('/[\x00-\x1F\x7F]/u', '', $val); // /u operator makes UTF8 valid characters being ignored so are not included into the replace + // We clean html comments because some hacks try to obfuscate evil strings by inserting HTML comments. Example: onerror=alert(1) + $val = preg_replace('//', '', $val); } while ($oldval != $val); //print "after decoding $val\n"; - // We clean string because some hacks try to obfuscate evil strings by inserting non printable chars. Example: 'java(ascci09)scr(ascii00)ipt' is processed like 'javascript' (whatever is place of evil ascii char) - // We should use dol_string_nounprintableascii but function is not yet loaded/available - $val = preg_replace('/[\x00-\x1F\x7F]/u', '', $val); // /u operator makes UTF8 valid characters being ignored so are not included into the replace - // We clean html comments because some hacks try to obfuscate evil strings by inserting HTML comments. Example: onerror=alert(1) - $val = preg_replace('//', '', $val); - $inj = 0; // For SQL Injection (only GET are used to scan for such injection strings) if ($type == 1 || $type == 3) { diff --git a/htdocs/opensurvey/card.php b/htdocs/opensurvey/card.php index 3f822679350..bc018a2dda1 100644 --- a/htdocs/opensurvey/card.php +++ b/htdocs/opensurvey/card.php @@ -137,18 +137,18 @@ if (empty($reshook)) { if (GETPOST('ajoutcomment')) { $error = 0; - if (!GETPOST('comment')) { + if (!GETPOST('comment', "alphanohtml")) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Comment")), null, 'errors'); } - if (!GETPOST('commentuser')) { + if (!GETPOST('commentuser', "alphanohtml")) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("User")), null, 'errors'); } if (!$error) { - $comment = (string) GETPOST("comment", "restricthtml"); - $comment_user = (string) GETPOST('commentuser', "restricthtml"); + $comment = (string) GETPOST("comment", "alphanohtml"); + $comment_user = (string) GETPOST('commentuser', "alphanohtml"); $resql = $object->addComment($comment, $comment_user); @@ -422,7 +422,7 @@ print '
'; if ($object->allow_comments) { print $langs->trans("AddACommentForPoll").'
'; print '
'."\n"; - print $langs->trans("Name").': '."\n"; + print $langs->trans("Name").': '."\n"; print '
'."\n"; } diff --git a/htdocs/public/opensurvey/studs.php b/htdocs/public/opensurvey/studs.php index c14935d6708..a1c9efed6c3 100644 --- a/htdocs/public/opensurvey/studs.php +++ b/htdocs/public/opensurvey/studs.php @@ -79,8 +79,8 @@ if (GETPOST('ajoutcomment', 'alpha')) { $error = 0; - $comment = GETPOST("comment", 'restricthtml'); - $comment_user = GETPOST('commentuser', 'nohtml'); + $comment = GETPOST("comment", 'alphanohtml'); + $comment_user = GETPOST('commentuser', 'alphanohtml'); if (!$comment) { $error++; @@ -780,9 +780,9 @@ if ($comments) { if ($object->allow_comments) { print '
'.$langs->trans("AddACommentForPoll")."
\n"; - print '
'."\n"; + print '
'."\n"; print $langs->trans("Name").': '; - print '   '."\n"; + print '   '."\n"; print '
'."\n"; print ''."\n"; diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index d3bb10b4929..74807d8f216 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -223,7 +223,7 @@ input { padding-left: 5px; } select { - padding-top: 5px; + padding-top: 4px; padding-right: 4px; padding-bottom: 5px; padding-left: 2px; @@ -550,6 +550,13 @@ div#moretabsList, div#moretabsListaction { hr { border: 0; border-top: 1px solid #ccc; } .tabBar hr { margin-top: 20px; margin-bottom: 17px; } + +table.tableforfield .button:not(.bordertransp):not(.buttonpayment), +table.tableforfield .buttonDelete:not(.bordertransp):not(.buttonpayment) { + margin-bottom: 2px; + margin-top: 2px; +} + .button:not(.bordertransp):not(.buttonpayment), .buttonDelete:not(.bordertransp):not(.buttonpayment) { margin-bottom: 3px; @@ -3495,11 +3502,10 @@ table.border, table.bordernooddeven, table.dataTable, .table-border, .table-bord table.borderplus { border: 1px solid #BBB; } -.border tbody tr, .bordernooddeven tbody tr, .border tbody tr td, .bordernooddeven tbody tr td, div.tabBar table.border tr, div.tabBar table.border tr td, div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border-col, div.tabBar div.border .table-val-border-col { - height: 22px; -} +.border tbody tr, .bordernooddeven tbody tr, .border tbody tr td, .bordernooddeven tbody tr td, +div.tabBar table.border tr, div.tabBar table.border tr td, div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border-col, div.tabBar div.border .table-val-border-col, tr.liste_titre.box_titre td table td, .bordernooddeven tr td { - height: 22px; + height: 28px; } div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border-col, div.tabBar .table-val-border-col { @@ -3507,17 +3513,15 @@ div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border } div .tdtop { vertical-align: top !important; - /*padding-top: 10px !important; - padding-bottom: 2px !important; */ } table.border td, table.bordernooddeven td, div.border div div.tagtd { - padding: 5px 2px 5px 2px; + padding: 2px 2px 2px 2px; border-collapse: collapse; } div.tabBar .fichecenter table.border>tbody>tr>td, div.tabBar .fichecenter div.border div div.tagtd, div.tabBar div.border div div.tagtd { - padding-top: 5px; + padding-top: 2px; border-bottom: 1px solid #E0E0E0; } @@ -7409,7 +7413,7 @@ div.clipboardCPValue.hidewithsize { } #divbodywebsite { - word-break: break-all; + word-break: break-word; } .websiteselectionsection { diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index 9fbcb48c32f..11e15869f45 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -730,6 +730,14 @@ div#moretabsList, div#moretabsListaction { } hr { border: 0; border-top: 1px solid #ccc; } +.tabBar hr { margin-top: 20px; margin-bottom: 17px; } + + +table.tableforfield .button:not(.bordertransp):not(.buttonpayment), +table.tableforfield .buttonDelete:not(.bordertransp):not(.buttonpayment) { + margin-bottom: 2px; + margin-top: 2px; +} .button:not(.bordertransp):not(.buttonpayment), .buttonDelete:not(.bordertransp):not(.buttonpayment) { border-color: #c5c5c5; @@ -3564,15 +3572,14 @@ table.borderplus { border: 1px solid #BBB; } -.border tbody tr, .bordernooddeven tbody tr, .border tbody tr td, .bordernooddeven tbody tr td, div.tabBar table.border tr, div.tabBar table.border tr td, div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border-col, div.tabBar div.border .table-val-border-col { - height: 26px; -} +.border tbody tr, .bordernooddeven tbody tr, .border tbody tr td, .bordernooddeven tbody tr td, +div.tabBar table.border tr, div.tabBar table.border tr td, div.tabBar div.border .table-border-row, div.tabBar div.border .table-key-border-col, div.tabBar div.border .table-val-border-col, tr.liste_titre.box_titre td table td, .bordernooddeven tr td { - height: 26px; + height: 28px; } table.border td, table.bordernooddeven td, div.border div div.tagtd { - padding: 4px 4px 4px 4px; + padding: 3px 4px 3px 4px; border: 1px solid #f0f0f0; border-collapse: collapse; } @@ -7230,7 +7237,7 @@ div.clipboardCPValue.hidewithsize { } #divbodywebsite { - word-break: break-all; + word-break: break-word; } .websiteselectionsection { diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 762da1f83cc..2ce84a00d05 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -402,12 +402,14 @@ if (empty($reshook)) { $object->civility_code = GETPOST("civility_code", 'aZ09'); $object->lastname = GETPOST("lastname", 'alphanohtml'); $object->firstname = GETPOST("firstname", 'alphanohtml'); - $object->login = GETPOST("login", 'alphanohtml'); $object->gender = GETPOST("gender", 'aZ09'); $object->pass = GETPOST("password", 'none'); // We can keep 'none' for password fields $object->api_key = (GETPOST("api_key", 'alphanohtml')) ? GETPOST("api_key", 'alphanohtml') : $object->api_key; - if (!empty($user->admin)) { - $object->admin = GETPOST("admin", "int"); // admin flag can only be set/unset by an admin user. A test is also done later when forging sql request + if (!empty($user->admin)) { // admin flag can only be set/unset by an admin user. A test is also done later when forging sql request + $object->admin = GETPOST("admin", "int"); + } + if ($user->admin && !$object->ldap_sid) { // same test than on edit page + $object->login = GETPOST("login", 'alphanohtml'); } $object->address = GETPOST('address', 'alphanohtml'); $object->zip = GETPOST('zipcode', 'alphanohtml'); @@ -1883,7 +1885,7 @@ if ($action == 'create' || $action == 'adduserldap') { print dolGetButtonAction($langs->trans('ReinitPassword'), '', 'default', $_SERVER['PHP_SELF'].'#', '', false, $params); } elseif (($user->id != $id && $caneditpassword) && $object->login && !$object->ldap_sid && ((empty($conf->multicompany->enabled) && $object->entity == $user->entity) || !$user->entity || ($object->entity == $conf->entity) || ($conf->global->MULTICOMPANY_TRANSVERSE_MODE && $conf->entity == 1))) { - print dolGetButtonAction($langs->trans('ReinitPassword'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=password', '', true, $params); + print dolGetButtonAction($langs->trans('ReinitPassword'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=password&token='.newToken(), '', true, $params); } if ($object->statut == 0) { @@ -1892,7 +1894,7 @@ if ($action == 'create' || $action == 'adduserldap') { } elseif (($user->id != $id && $caneditpassword) && $object->login && !$object->ldap_sid && ((empty($conf->multicompany->enabled) && $object->entity == $user->entity) || !$user->entity || ($object->entity == $conf->entity) || ($conf->global->MULTICOMPANY_TRANSVERSE_MODE && $conf->entity == 1))) { if ($object->email) { - print dolGetButtonAction($langs->trans('SendNewPassword'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=passwordsend', '', true, $params); + print dolGetButtonAction($langs->trans('SendNewPassword'), '', 'default', $_SERVER['PHP_SELF'].'?id='.$object->id.'&action=passwordsend&token='.newToken(), '', true, $params); } else { $params['attr']['title'] = $langs->trans('NoEMail'); print dolGetButtonAction($langs->trans('SendNewPassword'), '', 'default', $_SERVER['PHP_SELF'].'#', '', false, $params); @@ -1914,7 +1916,7 @@ if ($action == 'create' || $action == 'adduserldap') { // Disable user if ($user->id <> $id && $candisableuser && $object->statut == 1 && ((empty($conf->multicompany->enabled) && $object->entity == $user->entity) || !$user->entity || ($object->entity == $conf->entity) || ($conf->global->MULTICOMPANY_TRANSVERSE_MODE && $conf->entity == 1))) { - print dolGetButtonAction($langs->trans('DisableUser'), '', 'default', $_SERVER['PHP_SELF'] . '?action=disable&id=' . $object->id . '&token='.newToken().$langs->trans("DisableUser"), '', true, $params); + print dolGetButtonAction($langs->trans('DisableUser'), '', 'default', $_SERVER['PHP_SELF'] . '?id=' . $object->id . '&action=disable&token='.newToken().$langs->trans("DisableUser"), '', true, $params); } else { if ($user->id == $id) { $params['attr']['title'] = $langs->trans('CantDisableYourself'); diff --git a/htdocs/website/index.php b/htdocs/website/index.php index 9d2de205f3a..5cf5f79935a 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -1406,9 +1406,13 @@ if ($action == 'updatecss' && $usercanedit) { } + $dataposted = trim(GETPOST('WEBSITE_HTML_HEADER', 'none')); + $dataposted = preg_replace(array('/\n*/ims', '/<\/html>\n*/ims'), array('', ''), $dataposted); + $dataposted = str_replace('\n";*/ - $htmlheadercontent .= preg_replace(array('/\n*/ims', '/<\/html>\n*/ims'), array('', ''), GETPOST('WEBSITE_HTML_HEADER', 'none')); + $htmlheadercontent .= $dataposted."\n"; /*$htmlheadercontent.= "\n".'"."\n";*/ - $htmlheadercontent = trim($htmlheadercontent)."\n"; - $result = dolSaveHtmlHeader($filehtmlheader, $htmlheadercontent); if (!$result) { $error++; @@ -1443,10 +1445,12 @@ if ($action == 'updatecss' && $usercanedit) { $error++; } + $dataposted = trim(GETPOST('WEBSITE_CSS_INLINE', 'none')); + $dataposted = str_replace('\n"; - $csscontent .= trim(GETPOST('WEBSITE_CSS_INLINE', 'none'))."\n"; + $csscontent .= $dataposted."\n"; $csscontent .= '\n"; - $jscontent .= trim(GETPOST('WEBSITE_JS_INLINE', 'none'))."\n"; + $jscontent .= $dataposted."\n"; $jscontent .= '\n";*/ - $robotcontent .= trim(GETPOST('WEBSITE_ROBOT', 'restricthtml'))."\n"; + $robotcontent .= $dataposted."\n"; /*$robotcontent.= "\n".'\n"; - $manifestjsoncontent .= trim(GETPOST('WEBSITE_MANIFEST_JSON', 'none'))."\n"; + $manifestjsoncontent .= $dataposted."\n"; $manifestjsoncontent .= '\n";*/ - $readmecontent .= trim(GETPOST('WEBSITE_README', 'restricthtml'))."\n"; + $readmecontent .= $dataposted."\n"; /*$readmecontent.= ' $val) { - var_dump($val); + //var_dump($val); if (!in_array($val[1], array( "'replacestring'", "'htmlheader'", "'WEBSITE_HTML_HEADER'", "'WEBSITE_CSS_INLINE'", "'WEBSITE_JS_INLINE'", "'WEBSITE_MANIFEST_JSON'", "'PAGE_CONTENT'", "'WEBSITE_README'", "'search_status'", '"mysqldump"', '"postgresqldump"', "'db_pass_root'", "'db_pass'", '"pass"', '"pass1"', '"pass2"', '"password"', "'password'", '"MAIN_MAIL_SMTPS_PW"'))) {