diff --git a/SECURITY.md b/SECURITY.md index 566db1cd3c8..7d65b7e98e4 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -55,7 +55,7 @@ ONLY vulnerabilities discovered, when the following setup on test platform is us * $dolibarr_nocsrfcheck must be kept to the value 0 into conf.php (this is the default value) * $dolibarr_main_force_https must be set to something else than 0. * The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this protection should be set to 1 soon by default) -* The module DebugBar and ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool) +* The module DebugBar and ModuleBuilder must NOT be enabled (by default, these modules are not enabled. They are developer tools) * ONLY security reports on modules provided by default and with the "stable" status are valid (troubles into "experimental", "developement" or external modules are not valid vulnerabilities). * The root of web server must link to htdocs and the documents directory must be outside of the web server root (this is the default when using the default installer but may differs with external installer). * The web server setup must be done so only the documents directory is in write mode. The root directory called htdocs must be readonly. @@ -70,7 +70,7 @@ Scope is the web application (back office) and the APIs. * Remote code execution (RCE) * Local files access and manipulation (LFI, RFI, XXE, SSRF, XSPA) * Code injections (HTML, JS, SQL, PHP, ...) -* Cross-Site Scripting (XSS) +* Cross-Site Scripting (XSS), except from setup page of module "External web site" (allowing any content here, editable by admin user only, is accepted on purpose or into module "Web site" when permission to edit website content is allowed). * Cross-Site Requests Forgery (CSRF) with real security impact (when using GET URLs, CSRF are qualified only for creating, updating or deleting data from pages restricted to admin users) * Open redirect * Broken authentication & session management diff --git a/htdocs/accountancy/admin/accountmodel.php b/htdocs/accountancy/admin/accountmodel.php index 8f7d869479d..0ebba6c18a4 100644 --- a/htdocs/accountancy/admin/accountmodel.php +++ b/htdocs/accountancy/admin/accountmodel.php @@ -180,10 +180,6 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { } } // Other checks - if ($tabname[$id] == MAIN_DB_PREFIX."c_actioncomm" && GETPOSTISSET("type") && in_array($_POST["type"], array('system', 'systemauto'))) { - $ok = 0; - setEventMessages($langs->transnoentities('ErrorReservedTypeSystemSystemAuto'), null, 'errors'); - } if (GETPOSTISSET("pcg_version")) { if (GETPOST("pcg_version") == '0') { $ok = 0; diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index 89c8a2b3b71..deae39aef54 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -185,7 +185,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { } } if (GETPOSTISSET("code")) { - if ($_POST["code"] == '0') { + if (GETPOST("code") == '0') { $ok = 0; setEventMessages($langs->transnoentities('ErrorCodeCantContainZero'), null, 'errors'); } diff --git a/htdocs/accountancy/admin/fiscalyear_card.php b/htdocs/accountancy/admin/fiscalyear_card.php index 410807144f5..16463ec027b 100644 --- a/htdocs/accountancy/admin/fiscalyear_card.php +++ b/htdocs/accountancy/admin/fiscalyear_card.php @@ -121,8 +121,8 @@ if ($action == 'confirm_delete' && $confirm == "yes") { if (!GETPOST('cancel', 'alpha')) { $result = $object->fetch($id); - $object->date_start = empty($_POST["fiscalyear"]) ? '' : $date_start; - $object->date_end = empty($_POST["fiscalyearend"]) ? '' : $date_end; + $object->date_start = GETPOST("fiscalyear") ? $date_start : ''; + $object->date_end = GETPOST("fiscalyearend") ? $date_end : ''; $object->label = GETPOST('label', 'alpha'); $object->statut = GETPOST('statut', 'int'); diff --git a/htdocs/adherents/canvas/actions_adherentcard_common.class.php b/htdocs/adherents/canvas/actions_adherentcard_common.class.php index 970609fce65..3c6e72cc783 100644 --- a/htdocs/adherents/canvas/actions_adherentcard_common.class.php +++ b/htdocs/adherents/canvas/actions_adherentcard_common.class.php @@ -253,23 +253,23 @@ abstract class ActionsAdherentCardCommon // phpcs:enable global $langs, $mysoc; - $this->object->old_name = $_POST["old_name"]; - $this->object->old_firstname = $_POST["old_firstname"]; + $this->object->old_name = GETPOST("old_name"); + $this->object->old_firstname = GETPOST("old_firstname"); - $this->object->fk_soc = $_POST["fk_soc"]; - $this->object->lastname = $_POST["lastname"]; - $this->object->firstname = $_POST["firstname"]; - $this->object->civility_id = $_POST["civility_id"]; - $this->object->address = $_POST["address"]; - $this->object->zip = $_POST["zipcode"]; - $this->object->town = $_POST["town"]; - $this->object->country_id = $_POST["country_id"] ? $_POST["country_id"] : $mysoc->country_id; - $this->object->state_id = $_POST["state_id"]; - $this->object->phone_perso = $_POST["phone_perso"]; - $this->object->phone_mobile = $_POST["phone_mobile"]; - $this->object->email = $_POST["email"]; - $this->object->note = $_POST["note"]; - $this->object->canvas = $_POST["canvas"]; + $this->object->fk_soc = GETPOST("fk_soc"); + $this->object->lastname = GETPOST("lastname"); + $this->object->firstname = GETPOST("firstname"); + $this->object->civility_id = GETPOST("civility_id"); + $this->object->address = GETPOST("address"); + $this->object->zip = GETPOST("zipcode"); + $this->object->town = GETPOST("town"); + $this->object->country_id = GETPOST("country_id", 'int') ? GETPOST("country_id", 'int') : $mysoc->country_id; + $this->object->state_id = GETPOST("state_id", 'int'); + $this->object->phone_perso = GETPOST("phone_perso"); + $this->object->phone_mobile = GETPOST("phone_mobile"); + $this->object->email = GETPOST("email", 'alphawithlgt'); + $this->object->note = GETPOST("note", 'restricthtml'); + $this->object->canvas = GETPOST("canvas"); // We set country_id, and country_code label of the chosen country if ($this->object->country_id) { diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 8803ce032fa..cf6f9d54649 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -1141,7 +1141,7 @@ class Adherent extends CommonObject $this->db->begin(); // If user is linked to this member, remove old link to this member - $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL WHERE fk_member = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL WHERE fk_member = ".((int) $this->id); dol_syslog(get_class($this)."::setUserId", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1152,7 +1152,7 @@ class Adherent extends CommonObject // Set link to user if ($userid > 0) { - $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".((int) $this->id); $sql .= " WHERE rowid = ".$userid; dol_syslog(get_class($this)."::setUserId", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index 8e1b9093e77..ecc0e1cfe47 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -44,6 +44,7 @@ $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $rowid = GETPOST('rowid', 'int') ?GETPOST('rowid', 'int') : GETPOST('id', 'int'); $typeid = GETPOST('typeid', 'int'); +$cancel = GETPOST('cancel'); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; @@ -148,19 +149,18 @@ if (empty($reshook) && $action == 'confirm_create_thirdparty' && $confirm == 'ye if (empty($reshook) && $action == 'setuserid' && ($user->rights->user->self->creer || $user->rights->user->user->creer)) { $error = 0; if (empty($user->rights->user->user->creer)) { // If can edit only itself user, we can link to itself only - if ($_POST["userid"] != $user->id && $_POST["userid"] != $object->user_id) { + if (GETPOST("userid", 'int') != $user->id && GETPOST("userid", 'int') != $object->user_id) { $error++; setEventMessages($langs->trans("ErrorUserPermissionAllowsToLinksToItselfOnly"), null, 'errors'); } } if (!$error) { - if ($_POST["userid"] != $object->user_id) { // If link differs from currently in database - $result = $object->setUserId($_POST["userid"]); + if (GETPOST("userid", 'int') != $object->user_id) { // If link differs from currently in database + $result = $object->setUserId(GETPOST("userid", 'int')); if ($result < 0) { dol_print_error('', $object->error); } - $_POST['action'] = ''; $action = ''; } } @@ -190,14 +190,13 @@ if (empty($reshook) && $action == 'setsocid') { if ($result < 0) { dol_print_error('', $object->error); } - $_POST['action'] = ''; $action = ''; } } } } -if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !$_POST["cancel"]) { +if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !$cancel) { $error = 0; $langs->load("banks"); @@ -209,25 +208,25 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && ! $datesubscription = 0; $datesubend = 0; $paymentdate = 0; - if ($_POST["reyear"] && $_POST["remonth"] && $_POST["reday"]) { - $datesubscription = dol_mktime(0, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]); + if (GETPOST("reyear", "int") && GETPOST("remonth", "int") && GETPOST("reday", "int")) { + $datesubscription = dol_mktime(0, 0, 0, GETPOST("remonth", "int"), GETPOST("reday", "int"), GETPOST("reyear", "int")); } - if ($_POST["endyear"] && $_POST["endmonth"] && $_POST["endday"]) { - $datesubend = dol_mktime(0, 0, 0, $_POST["endmonth"], $_POST["endday"], $_POST["endyear"]); + if (GETPOST("endyear", 'int') && GETPOST("endmonth", 'int') && GETPOST("endday", 'int')) { + $datesubend = dol_mktime(0, 0, 0, GETPOST("endmonth", 'int'), GETPOST("endday", 'int'), GETPOST("endyear", 'int')); } - if ($_POST["paymentyear"] && $_POST["paymentmonth"] && $_POST["paymentday"]) { - $paymentdate = dol_mktime(0, 0, 0, $_POST["paymentmonth"], $_POST["paymentday"], $_POST["paymentyear"]); + if (GETPOST("paymentyear", 'int') && GETPOST("paymentmonth", 'int') && GETPOST("paymentday", 'int')) { + $paymentdate = dol_mktime(0, 0, 0, GETPOST("paymentmonth", 'int'), GETPOST("paymentday", 'int'), GETPOST("paymentyear", 'int')); } $amount = price2num(GETPOST("subscription", 'alpha')); // Amount of subscription - $label = $_POST["label"]; + $label = GETPOST("label"); // Payment informations - $accountid = $_POST["accountid"]; - $operation = $_POST["operation"]; // Payment mode + $accountid = GETPOST("accountid", 'int'); + $operation = GETPOST("operation", "alphanohtml"); // Payment mode $num_chq = GETPOST("num_chq", "alphanohtml"); - $emetteur_nom = $_POST["chqemetteur"]; - $emetteur_banque = $_POST["chqbank"]; - $option = $_POST["paymentsave"]; + $emetteur_nom = GETPOST("chqemetteur"); + $emetteur_banque = GETPOST("chqbank"); + $option = GETPOST("paymentsave"); if (empty($option)) { $option = 'none'; } @@ -267,19 +266,19 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && ! $error++; $action = 'addsubscription'; } else { - if (!empty($conf->banque->enabled) && $_POST["paymentsave"] != 'none') { - if ($_POST["subscription"]) { - if (!$_POST["label"]) { + if (!empty($conf->banque->enabled) && GETPOST("paymentsave") != 'none') { + if (GETPOST("subscription")) { + if (!GETPOST("label")) { $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("Label")); } - if ($_POST["paymentsave"] != 'invoiceonly' && !$_POST["operation"]) { + if (GETPOST("paymentsave") != 'invoiceonly' && !GETPOST("operation")) { $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")); } - if ($_POST["paymentsave"] != 'invoiceonly' && !($_POST["accountid"] > 0)) { + if (GETPOST("paymentsave") != 'invoiceonly' && !(GETPOST("accountid", 'int') > 0)) { $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("FinancialAccount")); } } else { - if ($_POST["accountid"]) { + if (GETPOST("accountid")) { $errmsg = $langs->trans("ErrorDoNotProvideAccountsIfNullAmount"); } } @@ -453,7 +452,8 @@ if ($optioncss != '') { if ($rowid > 0) { $res = $object->fetch($rowid); if ($res < 0) { - dol_print_error($db, $object->error); exit; + dol_print_error($db, $object->error); + exit; } $adht->fetch($object->typeid); @@ -847,7 +847,7 @@ if ($rowid > 0) { }); '; if (GETPOST('paymentsave')) { - print '$("#'.GETPOST('paymentsave').'").prop("checked",true);'; + print '$("#'.GETPOST('paymentsave', 'aZ09').'").prop("checked", true);'; } print '});'; print ''."\n"; @@ -1038,6 +1038,7 @@ if ($rowid > 0) { // Bank account print ''.$langs->trans("FinancialAccount").''; + print img_picto('', 'bank_account'); $form->select_comptes(GETPOST('accountid'), 'accountid', 0, '', 2); print "\n"; diff --git a/htdocs/adherents/subscription/list.php b/htdocs/adherents/subscription/list.php index 27c3dd247c7..bf18a851efb 100644 --- a/htdocs/adherents/subscription/list.php +++ b/htdocs/adherents/subscription/list.php @@ -547,8 +547,8 @@ while ($i < min($num, $limit)) { // Label if (!empty($arrayfields['t.libelle']['checked'])) { - print ''; - print dol_trunc($obj->note, 128); + print ''; + print $obj->note; print ''; if (!$i) { $totalarray['nbfield']++; @@ -586,7 +586,7 @@ while ($i < min($num, $limit)) { } // Price if (!empty($arrayfields['d.amount']['checked'])) { - print ''.price($obj->subscription).''; + print ''.price($obj->subscription).''; if (!$i) { $totalarray['nbfield']++; } diff --git a/htdocs/bookmarks/bookmarks.lib.php b/htdocs/bookmarks/bookmarks.lib.php index ffd1673ac63..950cce19420 100644 --- a/htdocs/bookmarks/bookmarks.lib.php +++ b/htdocs/bookmarks/bookmarks.lib.php @@ -53,7 +53,7 @@ function printDropdownBookmarksList() if (is_array($_POST)) { foreach ($_POST as $key => $val) { if (preg_match('/^search_/', $key) && $val != '') { - $tmpurl .= ($tmpurl ? '&' : '').$key.'='.$val; + $tmpurl .= ($tmpurl ? '&' : '').http_build_query(array($key => $val)); } } } diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index 880b0cc69df..94a1b89de8f 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -1520,7 +1520,6 @@ class Categorie extends CommonObject return $cats; } - /** * Returns categories whose id or name match * add wildcards in the name unless $exact = true @@ -1555,7 +1554,7 @@ class Categorie extends CommonObject $sql .= " AND entity IN (".getEntity('category').")"; if ($nom) { if (!$exact) { - $nom = '%'.str_replace('*', '%', $nom).'%'; + $nom = '%'.$this->db->escape(str_replace('*', '%', $nom)).'%'; } if (!$case) { $sql .= " AND label LIKE '".$this->db->escape($nom)."'"; @@ -1564,7 +1563,7 @@ class Categorie extends CommonObject } } if ($id) { - $sql .= " AND rowid = '".$id."'"; + $sql .= " AND rowid = ".((int) $id); } $res = $this->db->query($sql); diff --git a/htdocs/categories/edit.php b/htdocs/categories/edit.php index 176b39ca008..91d32736cbc 100644 --- a/htdocs/categories/edit.php +++ b/htdocs/categories/edit.php @@ -99,7 +99,6 @@ if ($action == 'update' && $user->rights->categorie->creer) { $object->visible = $visible; $object->fk_parent = $parent != -1 ? $parent : 0; - if (empty($object->label)) { $error++; $action = 'edit'; diff --git a/htdocs/categories/index.php b/htdocs/categories/index.php index 6ca392aef47..a23dee4fbb9 100644 --- a/htdocs/categories/index.php +++ b/htdocs/categories/index.php @@ -116,15 +116,15 @@ if (empty($nosearch)) { print ''.$langs->trans("FoundCats").''; foreach ($cats as $cat) { - $color = $categstatic->color ? ' style="background: #'.sprintf("%06s", $categstatic->color).';"' : ' style="background: #bbb"'; - - print "\t".''."\n"; - print "\t\t"; $categstatic->id = $cat->id; $categstatic->ref = $cat->label; $categstatic->label = $cat->label; $categstatic->type = $cat->type; $categstatic->color = $cat->color; + $color = $categstatic->color ? ' style="background: #'.sprintf("%06s", $categstatic->color).';"' : ' style="background: #bbb"'; + + print "\t".''."\n"; + print "\t\t"; print ''; print $categstatic->getNomUrl(1, ''); print ''; diff --git a/htdocs/compta/charges/index.php b/htdocs/compta/charges/index.php index 3c5e2280dde..62f4dbe04e9 100644 --- a/htdocs/compta/charges/index.php +++ b/htdocs/compta/charges/index.php @@ -134,7 +134,7 @@ print "
"; if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) { // Social contributions only - print load_fiche_titre($langs->trans("SocialContributionsPayments").($year ? ' ('.$langs->trans("Year").' '.$year.')' : ''), '', ''); + print load_fiche_titre($langs->trans("SocialContributions").($year ? ' ('.$langs->trans("Year").' '.$year.')' : ''), '', ''); print ''; print ''; @@ -271,7 +271,7 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) { $tva = new Tva($db); - print load_fiche_titre($langs->trans("VATPayments").($year ? ' ('.$langs->trans("Year").' '.$year.')' : ''), '', ''); + print load_fiche_titre($langs->trans("VATDeclarations").($year ? ' ('.$langs->trans("Year").' '.$year.')' : ''), '', ''); $sql = "SELECT ptva.rowid, pv.rowid as id_tva, pv.amount as amount_tva, ptva.amount, pv.label, pv.datev as dm, ptva.datep as date_payment, ptva.fk_bank,"; $sql .= " pct.code as payment_code,"; diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 1afa9347f67..c3544ba214e 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -5367,9 +5367,11 @@ class FactureLigne extends CommonInvoiceLine return -1; } - // if buy price not defined, define buyprice as configured in margin admin + // if buy price not provided, define buyprice as configured in margin admin if ($this->pa_ht == 0 && $pa_ht_isemptystring) { - if (($result = $this->defineBuyPrice($this->subprice, $this->remise_percent, $this->fk_product)) < 0) { + // We call defineBuyPrice only if data was not provided (if input was '0', we will not go here and value will remaine '0') + $result = $this->defineBuyPrice($this->subprice, $this->remise_percent, $this->fk_product); + if ($result < 0) { return $result; } else { $this->pa_ht = $result; @@ -5410,7 +5412,7 @@ class FactureLigne extends CommonInvoiceLine $sql .= ", total_localtax2=".price2num($this->total_localtax2); } $sql .= ", fk_product_fournisseur_price=".(!empty($this->fk_fournprice) ? "'".$this->db->escape($this->fk_fournprice)."'" : "null"); - $sql .= ", buy_price_ht='".price2num($this->pa_ht)."'"; + $sql .= ", buy_price_ht=".(($this->pa_ht || $this->pa_ht === 0 || $this->pa_ht === '0') ? price2num($this->pa_ht) : "null"); // $this->pa_ht should always be defined (set to 0 or to sell price depending on option) $sql .= ", fk_parent_line=".($this->fk_parent_line > 0 ? $this->fk_parent_line : "null"); if (!empty($this->rang)) { $sql .= ", rang=".$this->rang; diff --git a/htdocs/compta/sociales/card.php b/htdocs/compta/sociales/card.php index 83a6a8f3b3a..c26c62fb7ed 100644 --- a/htdocs/compta/sociales/card.php +++ b/htdocs/compta/sociales/card.php @@ -180,7 +180,7 @@ if ($action == 'add' && $user->rights->tax->charges->creer) { } -if ($action == 'update' && !$_POST["cancel"] && $user->rights->tax->charges->creer) { +if ($action == 'update' && !GETPOST("cancel") && $user->rights->tax->charges->creer) { $amount = price2num(GETPOST('amount'), 'MT'); if (!$dateech) { diff --git a/htdocs/compta/tva/card.php b/htdocs/compta/tva/card.php index c4daeb801c6..5470685e8e0 100755 --- a/htdocs/compta/tva/card.php +++ b/htdocs/compta/tva/card.php @@ -260,7 +260,7 @@ if ($action == 'confirm_delete' && $confirm == 'yes') { } } -if ($action == 'update' && !$_POST["cancel"] && $user->rights->tax->charges->creer) { +if ($action == 'update' && !GETPOST("cancel") && $user->rights->tax->charges->creer) { $amount = price2num(GETPOST('amount')); if (empty($amount)) { diff --git a/htdocs/contact/perso.php b/htdocs/contact/perso.php index 8d2969a1370..807d54c4651 100644 --- a/htdocs/contact/perso.php +++ b/htdocs/contact/perso.php @@ -45,7 +45,7 @@ $object = new Contact($db); * Action */ -if ($action == 'update' && !$_POST["cancel"] && $user->rights->societe->contact->creer) { +if ($action == 'update' && !GETPOST("cancel") && $user->rights->societe->contact->creer) { $ret = $object->fetch($id); // Note: Correct date should be completed with location to have exact GM time of birth. diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index e36e96f0833..8fa0ad9c8a5 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1072,9 +1072,9 @@ abstract class CommonObject // Insert into database $sql = "INSERT INTO ".MAIN_DB_PREFIX."element_contact"; $sql .= " (element_id, fk_socpeople, datecreate, statut, fk_c_type_contact) "; - $sql .= " VALUES (".$this->id.", ".$fk_socpeople." , "; + $sql .= " VALUES (".$this->id.", ".((int) $fk_socpeople)." , "; $sql .= "'".$this->db->idate($datecreate)."'"; - $sql .= ", 4, ".$id_type_contact; + $sql .= ", 4, ".((int) $id_type_contact); $sql .= ")"; $resql = $this->db->query($sql); @@ -7688,7 +7688,8 @@ abstract class CommonObject $buyPrice = 0; - if (($unitPrice > 0) && (isset($conf->global->ForceBuyingPriceIfNull) && $conf->global->ForceBuyingPriceIfNull == 1)) { // In most cases, test here is false + if (($unitPrice > 0) && (isset($conf->global->ForceBuyingPriceIfNull) && $conf->global->ForceBuyingPriceIfNull > 0)) { + // When ForceBuyingPriceIfNull is set $buyPrice = $unitPrice * (1 - $discountPercent / 100); } else { // Get cost price for margin calculation diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php index 061332c2e8b..4afcf295d40 100644 --- a/htdocs/core/class/discount.class.php +++ b/htdocs/core/class/discount.class.php @@ -144,13 +144,13 @@ class DiscountAbsolute $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture as fsup ON sr.fk_invoice_supplier_source = fsup.rowid"; $sql .= " WHERE sr.entity IN (".getEntity('invoice').")"; if ($rowid) { - $sql .= " AND sr.rowid=".$rowid; + $sql .= " AND sr.rowid=".((int) $rowid); } if ($fk_facture_source) { - $sql .= " AND sr.fk_facture_source=".$fk_facture_source; + $sql .= " AND sr.fk_facture_source = ".((int) $fk_facture_source); } if ($fk_invoice_supplier_source) { - $sql .= " AND sr.fk_invoice_supplier_source=".$fk_invoice_supplier_source; + $sql .= " AND sr.fk_invoice_supplier_source = ".((int) $fk_invoice_supplier_source); } dol_syslog(get_class($this)."::fetch", LOG_DEBUG); diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 0f8e724692f..36e7eca84b6 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -2002,7 +2002,9 @@ class Form if (!$obj->entity) { $moreinfo .= ($moreinfo ? ' - ' : ' (').$langs->trans("AllEntities"); } else { - $moreinfo .= ($moreinfo ? ' - ' : ' (').($obj->label ? $obj->label : $langs->trans("EntityNameNotDefined")); + if ($obj->entity != $conf->entity) { + $moreinfo .= ($moreinfo ? ' - ' : ' (').($obj->label ? $obj->label : $langs->trans("EntityNameNotDefined")); + } } } $moreinfo .= ($moreinfo ? ')' : ''); diff --git a/htdocs/core/class/html.formmargin.class.php b/htdocs/core/class/html.formmargin.class.php index c58b0a4036a..f951a3dc198 100644 --- a/htdocs/core/class/html.formmargin.class.php +++ b/htdocs/core/class/html.formmargin.class.php @@ -90,8 +90,10 @@ class FormMargin $line->pa_ht = $product->fourn_unitprice * (1 - $product->fourn_remise_percent / 100); } } - // si prix d'achat non renseigné et devrait l'être, alors prix achat = prix vente - if ((!isset($line->pa_ht) || $line->pa_ht == 0) && $line->subprice > 0 && (isset($conf->global->ForceBuyingPriceIfNull) && $conf->global->ForceBuyingPriceIfNull == 1)) { + + // If buy price is not defined (null), we will use the sell price. If defined to 0 (it means it was forced to 0 during insert, for example for a free to get product), we must still use 0. + //if ((!isset($line->pa_ht) || $line->pa_ht == 0) && $line->subprice > 0 && (isset($conf->global->ForceBuyingPriceIfNull) && $conf->global->ForceBuyingPriceIfNull > 0)) { + if ((!isset($line->pa_ht)) && $line->subprice > 0 && (isset($conf->global->ForceBuyingPriceIfNull) && $conf->global->ForceBuyingPriceIfNull > 0)) { $line->pa_ht = $line->subprice * (1 - ($line->remise_percent / 100)); } diff --git a/htdocs/core/class/notify.class.php b/htdocs/core/class/notify.class.php index add5ccda7b3..345ec5b38e3 100644 --- a/htdocs/core/class/notify.class.php +++ b/htdocs/core/class/notify.class.php @@ -3,6 +3,7 @@ * Copyright (C) 2004-2011 Laurent Destailleur * Copyright (C) 2014 Juanjo Menent * Copyright (C) 2018 Philippe Grand + * Copyright (C) 2021 Thibault FOUCART * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -25,7 +26,6 @@ */ require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php'; - /** * Class to manage notifications */ @@ -80,8 +80,8 @@ class Notify 'SHIPPING_VALIDATE', 'EXPENSE_REPORT_VALIDATE', 'EXPENSE_REPORT_APPROVE', - 'HOLIDAY_VALIDATE', - 'HOLIDAY_APPROVE', + 'HOLIDAY_VALIDATE', + 'HOLIDAY_APPROVE', 'ACTION_CREATE' ); @@ -442,49 +442,54 @@ class Notify switch ($notifcode) { case 'BILL_VALIDATE': - $link = ''.$newref.''; - $dir_output = $conf->facture->dir_output; + $link = ''.$newref.''; + $dir_output = $conf->facture->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'invoice'); $object_type = 'facture'; + $labeltouse = $conf->global->BILL_VALIDATE_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextInvoiceValidated", $link); break; case 'BILL_PAYED': - $link = ''.$newref.''; - $dir_output = $conf->facture->dir_output; + $link = ''.$newref.''; + $dir_output = $conf->facture->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'invoice'); $object_type = 'facture'; + $labeltouse = $conf->global->BILL_PAYED_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextInvoicePayed", $link); break; case 'ORDER_VALIDATE': - $link = ''.$newref.''; - $dir_output = $conf->commande->dir_output; + $link = ''.$newref.''; + $dir_output = $conf->commande->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'commande'); $object_type = 'order'; + $labeltouse = $conf->global->ORDER_VALIDATE_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextOrderValidated", $link); break; case 'PROPAL_VALIDATE': - $link = ''.$newref.''; - $dir_output = $conf->propal->multidir_output[$object->entity]; + $link = ''.$newref.''; + $dir_output = $conf->propal->multidir_output[$object->entity]."/".get_exdir(0, 0, 0, 1, $object, 'propal'); $object_type = 'propal'; + $labeltouse = $conf->global->PROPAL_VALIDATE_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextProposalValidated", $link); break; case 'PROPAL_CLOSE_SIGNED': - $link = ''.$newref.''; - $dir_output = $conf->propal->multidir_output[$object->entity]; + $link = ''.$newref.''; + $dir_output = $conf->propal->multidir_output[$object->entity]."/".get_exdir(0, 0, 0, 1, $object, 'propal'); $object_type = 'propal'; + $labeltouse = $conf->global->PROPAL_CLOSE_SIGNED_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextProposalClosedSigned", $link); break; case 'FICHINTER_ADD_CONTACT': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->ficheinter->dir_output; $object_type = 'ficheinter'; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextInterventionAddedContact", $link); break; case 'FICHINTER_VALIDATE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->ficheinter->dir_output; $object_type = 'ficheinter'; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextInterventionValidated", $link); break; case 'ORDER_SUPPLIER_VALIDATE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->fournisseur->commande->dir_output; $object_type = 'order_supplier'; $mesg = $outputlangs->transnoentitiesnoconv("Hello").",\n\n"; @@ -492,7 +497,7 @@ class Notify $mesg .= "\n\n".$outputlangs->transnoentitiesnoconv("Sincerely").".\n\n"; break; case 'ORDER_SUPPLIER_APPROVE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->fournisseur->commande->dir_output; $object_type = 'order_supplier'; $mesg = $outputlangs->transnoentitiesnoconv("Hello").",\n\n"; @@ -500,7 +505,7 @@ class Notify $mesg .= "\n\n".$outputlangs->transnoentitiesnoconv("Sincerely").".\n\n"; break; case 'ORDER_SUPPLIER_REFUSE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->fournisseur->commande->dir_output; $object_type = 'order_supplier'; $mesg = $outputlangs->transnoentitiesnoconv("Hello").",\n\n"; @@ -508,56 +513,78 @@ class Notify $mesg .= "\n\n".$outputlangs->transnoentitiesnoconv("Sincerely").".\n\n"; break; case 'SHIPPING_VALIDATE': - $link = ''.$newref.''; - $dir_output = $conf->expedition->dir_output.'/sending/'; + $link = ''.$newref.''; + $dir_output = $conf->expedition->dir_output."/sending/".get_exdir(0, 0, 0, 1, $object, 'shipment'); $object_type = 'expedition'; + $labeltouse = $conf->global->SHIPPING_VALIDATE_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextExpeditionValidated", $link); break; case 'EXPENSE_REPORT_VALIDATE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->expensereport->dir_output; $object_type = 'expensereport'; + $labeltouse = $conf->global->EXPENSE_REPORT_VALIDATE_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextExpenseReportValidated", $link); break; case 'EXPENSE_REPORT_APPROVE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->expensereport->dir_output; $object_type = 'expensereport'; + $labeltouse = $conf->global->EXPENSE_REPORT_APPROVE_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextExpenseReportApproved", $link); break; case 'HOLIDAY_VALIDATE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->holiday->dir_output; $object_type = 'holiday'; + $labeltouse = $conf->global->HOLIDAY_VALIDATE_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextHolidayValidated", $link); break; case 'HOLIDAY_APPROVE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->holiday->dir_output; $object_type = 'holiday'; + $labeltouse = $conf->global->HOLIDAY_APPROVE_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextHolidayApproved", $link); - break; + break; case 'ACTION_CREATE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->agenda->dir_output; $object_type = 'action'; + $labeltouse = $conf->global->ACTION_CREATE_TEMPLATE; $mesg = $outputlangs->transnoentitiesnoconv("EMailTextActionAdded", $link); break; } + + include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php'; + $formmail = new FormMail($this->db); + $arraydefaultmessage = null; + + if (!empty($labeltouse)) $arraydefaultmessage = $formmail->getEMailTemplate($this->db, $object_type.'_send', $user, $outputlangs, 0, 1, $labeltouse); + if (!empty($labeltouse) && is_object($arraydefaultmessage) && $arraydefaultmessage->id > 0) { + $substitutionarray = getCommonSubstitutionArray($outputlangs, 0, null, $object); + complete_substitutions_array($substitutionarray, $outputlangs, $object); + $subject = make_substitutions($arraydefaultmessage->topic, $substitutionarray, $outputlangs); + $message = make_substitutions($arraydefaultmessage->content, $substitutionarray, $outputlangs); + } else { + $message = $outputlangs->transnoentities("YouReceiveMailBecauseOfNotification", $application, $mysoc->name)."\n"; + $message .= $outputlangs->transnoentities("YouReceiveMailBecauseOfNotification2", $application, $mysoc->name)."\n"; + $message .= "\n"; + $message .= $mesg; + } + $ref = dol_sanitizeFileName($newref); - $pdf_path = $dir_output."/".$ref."/".$ref.".pdf"; + $pdf_path = $dir_output."/".$ref.".pdf"; if (!dol_is_file($pdf_path)) { // We can't add PDF as it is not generated yet. $filepdf = ''; } else { $filepdf = $pdf_path; + $filename_list[] = $filepdf; + $mimetype_list[] = mime_content_type($filepdf); + $mimefilename_list[] = $ref.".pdf"; } - $message = $outputlangs->transnoentities("YouReceiveMailBecauseOfNotification", $application, $mysoc->name)."\n"; - $message .= $outputlangs->transnoentities("YouReceiveMailBecauseOfNotification2", $application, $mysoc->name)."\n"; - $message .= "\n"; - $message .= $mesg; - $parameters = array('notifcode'=>$notifcode, 'sendto'=>$sendto, 'replyto'=>$replyto, 'file'=>$filename_list, 'mimefile'=>$mimetype_list, 'filename'=>$mimefilename_list); if (!isset($action)) { $action = ''; @@ -653,49 +680,49 @@ class Notify switch ($notifcode) { case 'BILL_VALIDATE': - $link = ''.$newref.''; - $dir_output = $conf->facture->dir_output; + $link = ''.$newref.''; + $dir_output = $conf->facture->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'invoice'); $object_type = 'facture'; $mesg = $langs->transnoentitiesnoconv("EMailTextInvoiceValidated", $link); break; case 'BILL_PAYED': - $link = ''.$newref.''; - $dir_output = $conf->facture->dir_output; + $link = ''.$newref.''; + $dir_output = $$conf->facture->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'invoice'); $object_type = 'facture'; $mesg = $langs->transnoentitiesnoconv("EMailTextInvoicePayed", $link); break; case 'ORDER_VALIDATE': - $link = ''.$newref.''; - $dir_output = $conf->commande->dir_output; + $link = ''.$newref.''; + $dir_output = $conf->commande->dir_output."/".get_exdir(0, 0, 0, 1, $object, 'commande'); $object_type = 'order'; $mesg = $langs->transnoentitiesnoconv("EMailTextOrderValidated", $link); break; case 'PROPAL_VALIDATE': - $link = ''.$newref.''; - $dir_output = $conf->propal->multidir_output[$object->entity]; + $link = ''.$newref.''; + $dir_output = $conf->propal->multidir_output[$object->entity]."/".get_exdir(0, 0, 0, 1, $object, 'propal'); $object_type = 'propal'; $mesg = $langs->transnoentitiesnoconv("EMailTextProposalValidated", $link); break; case 'PROPAL_CLOSE_SIGNED': - $link = ''.$newref.''; - $dir_output = $conf->propal->multidir_output[$object->entity]; + $link = ''.$newref.''; + $dir_output = $conf->propal->multidir_output[$object->entity]."/".get_exdir(0, 0, 0, 1, $object, 'propal'); $object_type = 'propal'; $mesg = $langs->transnoentitiesnoconv("EMailTextProposalClosedSigned", $link); break; case 'FICHINTER_ADD_CONTACT': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->ficheinter->dir_output; $object_type = 'ficheinter'; $mesg = $langs->transnoentitiesnoconv("EMailTextInterventionAddedContact", $link); break; case 'FICHINTER_VALIDATE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->facture->dir_output; $object_type = 'ficheinter'; $mesg = $langs->transnoentitiesnoconv("EMailTextInterventionValidated", $link); break; case 'ORDER_SUPPLIER_VALIDATE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->fournisseur->commande->dir_output; $object_type = 'order_supplier'; $mesg = $langs->transnoentitiesnoconv("Hello").",\n\n"; @@ -703,7 +730,7 @@ class Notify $mesg .= "\n\n".$langs->transnoentitiesnoconv("Sincerely").".\n\n"; break; case 'ORDER_SUPPLIER_APPROVE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->fournisseur->commande->dir_output; $object_type = 'order_supplier'; $mesg = $langs->transnoentitiesnoconv("Hello").",\n\n"; @@ -711,7 +738,7 @@ class Notify $mesg .= "\n\n".$langs->transnoentitiesnoconv("Sincerely").".\n\n"; break; case 'ORDER_SUPPLIER_APPROVE2': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->fournisseur->commande->dir_output; $object_type = 'order_supplier'; $mesg = $langs->transnoentitiesnoconv("Hello").",\n\n"; @@ -719,7 +746,7 @@ class Notify $mesg .= "\n\n".$langs->transnoentitiesnoconv("Sincerely").".\n\n"; break; case 'ORDER_SUPPLIER_REFUSE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->fournisseur->dir_output.'/commande/'; $object_type = 'order_supplier'; $mesg = $langs->transnoentitiesnoconv("Hello").",\n\n"; @@ -727,37 +754,37 @@ class Notify $mesg .= "\n\n".$langs->transnoentitiesnoconv("Sincerely").".\n\n"; break; case 'SHIPPING_VALIDATE': - $link = ''.$newref.''; - $dir_output = $conf->expedition->dir_output.'/sending/'; + $link = ''.$newref.''; + $dir_output = $conf->expedition->dir_output."/sending/".get_exdir(0, 0, 0, 1, $object, 'shipment'); $object_type = 'order_supplier'; $mesg = $langs->transnoentitiesnoconv("EMailTextExpeditionValidated", $link); break; case 'EXPENSE_REPORT_VALIDATE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->expensereport->dir_output; $object_type = 'expensereport'; $mesg = $langs->transnoentitiesnoconv("EMailTextExpenseReportValidated", $link); break; case 'EXPENSE_REPORT_APPROVE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->expensereport->dir_output; $object_type = 'expensereport'; $mesg = $langs->transnoentitiesnoconv("EMailTextExpenseReportApproved", $link); break; case 'HOLIDAY_VALIDATE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->holiday->dir_output; $object_type = 'holiday'; $mesg = $langs->transnoentitiesnoconv("EMailTextHolidayValidated", $link); break; case 'HOLIDAY_APPROVE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->holiday->dir_output; $object_type = 'holiday'; $mesg = $langs->transnoentitiesnoconv("EMailTextHolidayApproved", $link); - break; + break; case 'ACTION_CREATE': - $link = ''.$newref.''; + $link = ''.$newref.''; $dir_output = $conf->agenda->dir_output; $object_type = 'action'; $mesg = $langs->transnoentitiesnoconv("EMailTextActionAdded", $link); @@ -770,6 +797,9 @@ class Notify $filepdf = ''; } else { $filepdf = $pdf_path; + $filename_list[] = $pdf_path; + $mimetype_list[] = mime_content_type($filepdf); + $mimefilename_list[] = $ref.".pdf"; } $message .= $langs->transnoentities("YouReceiveMailBecauseOfNotification2", $application, $mysoc->name)."\n"; diff --git a/htdocs/core/class/translate.class.php b/htdocs/core/class/translate.class.php index f391f2f6f50..f06bb32b62b 100644 --- a/htdocs/core/class/translate.class.php +++ b/htdocs/core/class/translate.class.php @@ -631,7 +631,7 @@ class Translate // We replace some HTML tags by __xx__ to avoid having them encoded by htmlentities because // we want to keep '"' '' '' '' '' '
' '< ' '' that are reliable HTML tags inside translation strings. $str = str_replace( - array('"', '', '', '', '', '', '', '
', '
', '', '', '', '
', '', '< ', '>'), // We accept '< ' but not '<'. We can accept however '>' + array('"', '', '', '', '', '', '
', '
', '', '', '', '
', '', '< ', '>'), // We accept '< ' but not '<'. We can accept however '>' array('__quot__', '__tagb__', '__tagbend__', '__tagu__', '__taguend__', '__tagi__', '__tagiend__', '__tagcenter__', '__tagcenterend__', '__tagb__', '__tagbend__', '__taga__', '__tagaend__', '__tagbr__', '__tagspan__', '__tagspanend__', '__ltspace__', '__gt__'), $str ); @@ -646,7 +646,7 @@ class Translate // Restore reliable HTML tags into original translation string $str = str_replace( array('__quot__', '__tagb__', '__tagbend__', '__tagu__', '__taguend__', '__tagi__', '__tagiend__', '__tagcenter__', '__tagcenterend__', '__taga__', '__tagaend__', '__tagbr__', '__tagspan__', '__tagspanend__', '__ltspace__', '__gt__'), - array('"', '', '', '', '', '', '', '
', '
', '', '
', '', '< ', '>'), + array('"', '', '', '', '', '', '
', '
', '', '
', '', '< ', '>'), $str ); diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index a352b5a9d13..c6d4960ca3a 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -355,6 +355,7 @@ function GETPOSTISSET($paramname) * 'int'=check it's numeric (integer or float) * 'intcomma'=check it's integer+comma ('1,2,3,4...') * 'alpha'=Same than alphanohtml since v13 + * 'alphawithlgt'=alpha with lgt * 'alphanohtml'=check there is no html content and no " and no ../ * 'aZ'=check it's a-z only * 'aZ09'=check it's simple alpha string (recommended for keys) @@ -745,20 +746,29 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = case 'alpha': // No html and no ../ and " case 'alphanohtml': // Recommended for most scalar parameters and search parameters if (!is_array($out)) { + $out = dol_string_nohtmltag($out, 0); // '"' is dangerous because param in url can close the href= or src= and add javascript functions. // '../' is dangerous because it allows dir transversals - $out = str_replace(array('"', '"'), '', trim($out)); - $out = str_replace(array('../'), '', $out); + $out = trim($out); + do { + $oldstringtoclean = $out; + // Note &, '&', '&'... is a simple char like '&' alone but there is no reason to accept such way to encode input data. + $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '/', '../'), '', $out); + } while ($oldstringtoclean != $out); // keep lines feed - $out = dol_string_nohtmltag($out, 0); } break; case 'alphawithlgt': // No " and no ../ but we keep balanced < > tags with no special chars inside. Can be used for email string like "Name " if (!is_array($out)) { + $out = dol_html_entity_decode($out, ENT_COMPAT | ENT_HTML5, 'UTF-8'); // '"' is dangerous because param in url can close the href= or src= and add javascript functions. // '../' is dangerous because it allows dir transversals - $out = str_replace(array('"', '"'), '', trim($out)); - $out = str_replace(array('../'), '', $out); + $out = trim($out); + do { + $oldstringtoclean = $out; + // Note &, '&', '&'... is a simple char like '&' alone but there is no reason to accept such way to encode input data. + $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '/', '../'), '', $out); + } while ($oldstringtoclean != $out); } break; case 'restricthtml': // Recommended for most html textarea @@ -6267,16 +6277,20 @@ function dol_string_nohtmltag($stringtoclean, $removelinefeed = 1, $pagecodeto = * @param int $cleanalsosomestyles Remove absolute/fixed positioning from inline styles * @param int $removeclassattribute 1=Remove the class attribute from tags * @param int $cleanalsojavascript Remove also occurence of 'javascript:'. + * @param int $allowiframe Allow iframe tags. * @return string String cleaned * * @see dol_escape_htmltag() strip_tags() dol_string_nohtmltag() dol_string_neverthesehtmltags() */ -function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1, $removeclassattribute = 1, $cleanalsojavascript = 0) +function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1, $removeclassattribute = 1, $cleanalsojavascript = 0, $allowiframe = 0) { $allowed_tags = array( "html", "head", "meta", "body", "article", "a", "abbr", "b", "blockquote", "br", "cite", "div", "dl", "dd", "dt", "em", "font", "img", "ins", "hr", "i", "li", "link", "ol", "p", "q", "s", "section", "span", "strike", "strong", "title", "table", "tr", "th", "td", "u", "ul", "sup", "sub", "blockquote", "pre", "h1", "h2", "h3", "h4", "h5", "h6" ); + if ($allowiframe) { + $allowed_tags[] = "iframe"; + } $allowed_tags_string = join("><", $allowed_tags); $allowed_tags_string = '<'.$allowed_tags_string.'>'; @@ -6322,9 +6336,11 @@ function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1, * * @see dol_escape_htmltag() strip_tags() dol_string_nohtmltag() dol_string_onlythesehtmltags() dol_string_neverthesehtmltags() */ -function dol_string_onlythesehtmlattributes($stringtoclean, $allowed_attributes = array("alt", "class", "contenteditable", "data-html", "href", "id", "name", "src", "style", "target", "title")) +function dol_string_onlythesehtmlattributes($stringtoclean, $allowed_attributes = array("allow", "allowfullscreen", "alt", "class", "contenteditable", "data-html", "frameborder", "height", "href", "id", "name", "src", "style", "target", "title", "width")) { if (class_exists('DOMDocument') && !empty($stringtoclean)) { + $stringtoclean = ''.$stringtoclean.''; + $dom = new DOMDocument(); $dom->loadHTML($stringtoclean, LIBXML_ERR_NONE|LIBXML_HTML_NOIMPLIED|LIBXML_HTML_NODEFDTD|LIBXML_NONET|LIBXML_NOWARNING|LIBXML_NOXMLDECL); if (is_object($dom)) { @@ -6338,7 +6354,12 @@ function dol_string_onlythesehtmlattributes($stringtoclean, $allowed_attributes } } - return $dom->saveHTML(); + $return = $dom->saveHTML(); + + //$return = 'aaaa

bb

ssdd

'."\n

aaa

aa

bb

"; + $return = preg_replace('/^/', '', $return); + $return = preg_replace('/<\/body><\/html>$/', '', $return); + return $return; } else { return $stringtoclean; } diff --git a/htdocs/core/lib/product.lib.php b/htdocs/core/lib/product.lib.php index d5d52761140..e8ce515317f 100644 --- a/htdocs/core/lib/product.lib.php +++ b/htdocs/core/lib/product.lib.php @@ -328,6 +328,11 @@ function product_lot_admin_prepare_head() $h = 0; $head = array(); + $head[$h][0] = DOL_URL_ROOT."/product/admin/product_lot.php"; + $head[$h][1] = $langs->trans('Parameters'); + $head[$h][2] = 'settings'; + $h++; + // Show more tabs from modules // Entries must be declared in modules descriptor with line // $this->tabs = array('entity:+tabname:Title:@mymodule:/mymodule/mypage.php?id=__ID__'); to add new tab diff --git a/htdocs/core/modules/expensereport/doc/index.html b/htdocs/core/modules/expensereport/doc/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/core/modules/expensereport/doc/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/core/modules/mailings/thirdparties.modules.php b/htdocs/core/modules/mailings/thirdparties.modules.php index 8b8a57f6628..b3b88224df6 100644 --- a/htdocs/core/modules/mailings/thirdparties.modules.php +++ b/htdocs/core/modules/mailings/thirdparties.modules.php @@ -83,13 +83,13 @@ class mailing_thirdparties extends MailingTargets if (GETPOSTISSET("filter_client") && GETPOST("filter_client") <> '-1') { $addFilter .= " AND s.client=".((int) GETPOST("filter_client", 'int')); $addDescription = $langs->trans('ProspectCustomer')."="; - if ($_POST["filter_client"] == 0) { + if (GETPOST("filter_client") == 0) { $addDescription .= $langs->trans('NorProspectNorCustomer'); - } elseif ($_POST["filter_client"] == 1) { + } elseif (GETPOST("filter_client") == 1) { $addDescription .= $langs->trans('Customer'); - } elseif ($_POST["filter_client"] == 2) { + } elseif (GETPOST("filter_client") == 2) { $addDescription .= $langs->trans('Prospect'); - } elseif ($_POST["filter_client"] == 3) { + } elseif (GETPOST("filter_client") == 3) { $addDescription .= $langs->trans('ProspectCustomer'); } else { $addDescription .= "Unknown status ".GETPOST("filter_client"); diff --git a/htdocs/core/modules/modExternalSite.class.php b/htdocs/core/modules/modExternalSite.class.php index a996a55ddaa..71c3387ff5e 100644 --- a/htdocs/core/modules/modExternalSite.class.php +++ b/htdocs/core/modules/modExternalSite.class.php @@ -67,7 +67,7 @@ class modExternalSite extends DolibarrModules $this->dirs = array(); // Config pages. Put here list of php page names stored in admmin directory used to setup module - $this->config_page_url = array("externalsite.php@externalsite"); + $this->config_page_url = array("index.php@externalsite"); // Dependencies $this->depends = array(); // List of modules id that must be enabled if this module is enabled diff --git a/htdocs/core/modules/modProductBatch.class.php b/htdocs/core/modules/modProductBatch.class.php index 166b8f6e637..3d8359ebc3a 100644 --- a/htdocs/core/modules/modProductBatch.class.php +++ b/htdocs/core/modules/modProductBatch.class.php @@ -64,8 +64,8 @@ class modProductBatch extends DolibarrModules // Data directories to create when module is enabled. $this->dirs = array(); - // Config pages. Put here list of php page, stored into /product/admin/ directory, to setup the module. - $this->config_page_url = array("product_lot_extrafields.php@product"); + // Config pages. Put here list of php page, stored into productdluo/admin directory, to use to setup module. + $this->config_page_url = array("product_lot.php@product"); // Dependencies $this->hidden = false; // A condition to hide module diff --git a/htdocs/core/modules/movement/doc/index.html b/htdocs/core/modules/movement/doc/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/core/modules/movement/doc/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/core/modules/product/doc/index.html b/htdocs/core/modules/product/doc/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/core/modules/product/doc/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/core/modules/product_batch/mod_lot_advanced.php b/htdocs/core/modules/product_batch/mod_lot_advanced.php new file mode 100644 index 00000000000..d8629b92dd6 --- /dev/null +++ b/htdocs/core/modules/product_batch/mod_lot_advanced.php @@ -0,0 +1,145 @@ + + * Copyright (C) 2004-2007 Laurent Destailleur + * Copyright (C) 2005-2009 Regis Houssin + * Copyright (C) 2008 Raphael Bertrand (Resultic) + * Copyright (C) 2019 Frédéric France + * Copyright (C) 2021 Christophe Battarel + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * or see https://www.gnu.org/ + */ + +/** + * \file htdocs/core/modules/product_batch/mod_lot_advanced.php + * \ingroup productbatch + * \brief File containing class for numbering model of Lot advanced + */ + +require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php'; + + +/** + * Class to manage Batch numbering rules advanced + */ +class mod_lot_advanced extends ModeleNumRefBatch +{ + /** + * Dolibarr version of the loaded document + * @var string + */ + public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr' + + /** + * @var string Error message + */ + public $error = ''; + + /** + * @var string name + */ + public $name = 'lot_advanced'; + + + /** + * Returns the description of the numbering model + * + * @return string Texte descripif + */ + public function info() + { + global $conf, $langs, $db; + + $langs->load("bills"); + + $form = new Form($db); + + $texte = $langs->trans('GenericNumRefModelDesc')."
\n"; + $texte .= '
'; + $texte .= ''; + $texte .= ''; + $texte .= ''; + $texte .= '
'; + + $tooltip = $langs->trans("GenericMaskCodes", $langs->transnoentities("Batch"), $langs->transnoentities("Batch")); + $tooltip .= $langs->trans("GenericMaskCodes2"); + $tooltip .= $langs->trans("GenericMaskCodes3"); + $tooltip .= $langs->trans("GenericMaskCodes4a", $langs->transnoentities("Batch"), $langs->transnoentities("Batch")); + $tooltip .= $langs->trans("GenericMaskCodes5"); + + // Parametrage du prefix + $texte .= ''; + $texte .= ''; + + $texte .= ''; + + $texte .= ''; + + $texte .= '
'.$langs->trans("Mask").':'.$form->textwithpicto('', $tooltip, 1, 1).' 
'; + $texte .= ''; + + return $texte; + } + + /** + * Return an example of numbering + * + * @return string Example + */ + public function getExample() + { + global $conf, $langs, $mysoc; + + $old_code_client = $mysoc->code_client; + $old_code_type = $mysoc->typent_code; + $mysoc->code_client = 'CCCCCCCCCC'; + $mysoc->typent_code = 'TTTTTTTTTT'; + $numExample = $this->getNextValue($mysoc, ''); + $mysoc->code_client = $old_code_client; + $mysoc->typent_code = $old_code_type; + + if (!$numExample) { + $numExample = $langs->trans('NotConfigured'); + } + return $numExample; + } + + /** + * Return next free value + * + * @param Product $objprod Object product + * @param Object $object Object we need next value for + * @return string Value if KO, <0 if KO + */ + public function getNextValue($objprod, $object) + { + global $db, $conf; + + require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; + + // We get cursor rule + $mask = $conf->global->BATCH_ADVANCED_MASK; + + if (!$mask) { + $this->error = 'NotConfigured'; + return 0; + } + + $date = $object->date; + + $numFinal = get_next_value($db, $mask, 'product_lot', 'ref', '', null, $date); + + return $numFinal; + } +} diff --git a/htdocs/core/modules/product_batch/mod_lot_free.php b/htdocs/core/modules/product_batch/mod_lot_free.php new file mode 100644 index 00000000000..0f069143ab1 --- /dev/null +++ b/htdocs/core/modules/product_batch/mod_lot_free.php @@ -0,0 +1,105 @@ + + * Copyright (C) 2006-2009 Laurent Destailleur + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * or see https://www.gnu.org/ + */ + +/** + * \file htdocs/core/modules/product/mod_lot_free.php + * \ingroup productbatch + * \brief File containing class for numbering model of Lot free + */ + +require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php'; + +/** + * \class mod_codeproduct_leopard + * \brief Classe permettant la gestion leopard des codes produits + */ +class mod_lot_free extends ModeleNumRefBatch +{ + /* + * Attention ce module est utilise par defaut si aucun module n'a + * ete definit dans la configuration + * + * Le fonctionnement de celui-ci doit donc rester le plus ouvert possible + */ + + + /** + * @var string model name + */ + public $name = 'lot_free'; + + public $code_modifiable; // Code modifiable + + public $code_modifiable_invalide; // Code modifiable si il est invalide + + public $code_modifiable_null; // Code modifiables si il est null + + public $code_null; // Code facultatif + + /** + * Dolibarr version of the loaded document + * @var string + */ + public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr' + + /** + * @var int Automatic numbering + */ + public $code_auto; + + + /** + * Constructor + */ + public function __construct() + { + $this->code_null = 1; + $this->code_modifiable = 1; + $this->code_modifiable_invalide = 1; + $this->code_modifiable_null = 1; + $this->code_auto = 0; + } + + + /** + * Return description of module + * + * @return string Description of module + */ + public function info() + { + global $langs; + $langs->load("companies"); + return $langs->trans("LeopardNumRefModelDesc"); + } + + + /** + * Return an example of result returned by getNextValue + * + * @param product $objproduct Object product + * @param int $type Type of third party (1:customer, 2:supplier, -1:autodetect) + * @return string Return next value + */ + public function getNextValue($objproduct = 0, $type = -1) + { + global $langs; + return ''; + } +} diff --git a/htdocs/core/modules/product_batch/mod_lot_standard.php b/htdocs/core/modules/product_batch/mod_lot_standard.php new file mode 100644 index 00000000000..0d2b5a55139 --- /dev/null +++ b/htdocs/core/modules/product_batch/mod_lot_standard.php @@ -0,0 +1,145 @@ + + * Copyright (C) 2005-2009 Regis Houssin + * Copyright (C) 2021 Christophe Battarel + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * or see https://www.gnu.org/ + */ + +/** + * \file htdocs/core/modules/product_batch/mod_lot_standard.php + * \ingroup productbatch + * \brief File of class to manage Lot numbering rules standard + */ +require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php'; + +/** + * Class to manage MO numbering rules standard + */ +class mod_lot_standard extends ModeleNumRefBatch +{ + /** + * Dolibarr version of the loaded document + * @var string + */ + public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr' + + public $prefix = 'LOT'; + + /** + * @var string Error code (or message) + */ + public $error = ''; + + /** + * @var string name + */ + public $name = 'lot_standard'; + + + /** + * Return description of numbering module + * + * @return string Text with description + */ + public function info() + { + global $langs; + return $langs->trans("SimpleNumRefModelDesc", $this->prefix); + } + + + /** + * Return an example of numbering + * + * @return string Example + */ + public function getExample() + { + return $this->prefix."0501-0001"; + } + + + /** + * Checks if the numbers already in the database do not + * cause conflicts that would prevent this numbering working. + * + * @return boolean false if conflict, true if ok + */ + public function canBeActivated() + { + global $conf, $langs, $db; + + $coyymm = ''; $max = ''; + + $posindice = strlen($this->prefix) + 6; + $sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max"; + $sql .= " FROM ".MAIN_DB_PREFIX."product_lot"; + $sql .= " WHERE ref LIKE '".$db->escape($this->prefix)."____-%'"; + $sql .= " AND entity = ".$conf->entity; + + $resql = $db->query($sql); + if ($resql) { + $row = $db->fetch_row($resql); + if ($row) { $coyymm = substr($row[0], 0, 6); $max = $row[0]; } + } + if ($coyymm && !preg_match('/'.$this->prefix.'[0-9][0-9][0-9][0-9]/i', $coyymm)) { + $langs->load("errors"); + $this->error = $langs->trans('ErrorNumRefModel', $max); + return false; + } + + return true; + } + + /** + * Return next free value + * + * @param Product $objprod Object product + * @param Object $object Object we need next value for + * @return string Value if KO, <0 if KO + */ + public function getNextValue($objprod, $object) + { + global $db, $conf; + + // First, we get the max value + $posindice = strlen($this->prefix) + 6; + $sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max"; + $sql .= " FROM ".MAIN_DB_PREFIX."product_lot"; + $sql .= " WHERE ref LIKE '".$db->escape($this->prefix)."____-%'"; + $sql .= " AND entity = ".$conf->entity; + + $resql = $db->query($sql); + if ($resql) { + $obj = $db->fetch_object($resql); + if ($obj) $max = intval($obj->max); + else $max = 0; + } else { + dol_syslog("mod_lot_standard::getNextValue", LOG_DEBUG); + return -1; + } + + //$date=time(); + $date = $object->date_creation; + $yymm = strftime("%y%m", $date); + + if ($max >= (pow(10, 4) - 1)) $num = $max + 1; // If counter > 9999, we do not format on 4 chars, we take number as it is + else $num = sprintf("%04s", $max + 1); + + dol_syslog("mod_lot_standard::getNextValue return ".$this->prefix.$yymm."-".$num); + return $this->prefix.$yymm."-".$num; + } +} diff --git a/htdocs/core/modules/product_batch/mod_sn_advanced.php b/htdocs/core/modules/product_batch/mod_sn_advanced.php new file mode 100644 index 00000000000..89d70a8239d --- /dev/null +++ b/htdocs/core/modules/product_batch/mod_sn_advanced.php @@ -0,0 +1,145 @@ + + * Copyright (C) 2004-2007 Laurent Destailleur + * Copyright (C) 2005-2009 Regis Houssin + * Copyright (C) 2008 Raphael Bertrand (Resultic) + * Copyright (C) 2019 Frédéric France + * Copyright (C) 2021 Christophe Battarel + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * or see https://www.gnu.org/ + */ + +/** + * \file htdocs/core/modules/product_batch/mod_batch_advanced.php + * \ingroup productbatch + * \brief File containing class for numbering model of SN advanced + */ + +require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php'; + + +/** + * Class to manage Batch numbering rules advanced + */ +class mod_sn_advanced extends ModeleNumRefBatch +{ + /** + * Dolibarr version of the loaded document + * @var string + */ + public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr' + + /** + * @var string Error message + */ + public $error = ''; + + /** + * @var string name + */ + public $name = 'sn_advanced'; + + + /** + * Returns the description of the numbering model + * + * @return string Texte descripif + */ + public function info() + { + global $conf, $langs, $db; + + $langs->load("bills"); + + $form = new Form($db); + + $texte = $langs->trans('GenericNumRefModelDesc')."
\n"; + $texte .= '
'; + $texte .= ''; + $texte .= ''; + $texte .= ''; + $texte .= ''; + + $tooltip = $langs->trans("GenericMaskCodes", $langs->transnoentities("Batch"), $langs->transnoentities("Batch")); + $tooltip .= $langs->trans("GenericMaskCodes2"); + $tooltip .= $langs->trans("GenericMaskCodes3"); + $tooltip .= $langs->trans("GenericMaskCodes4a", $langs->transnoentities("Batch"), $langs->transnoentities("Batch")); + $tooltip .= $langs->trans("GenericMaskCodes5"); + + // Parametrage du prefix + $texte .= ''; + $texte .= ''; + + $texte .= ''; + + $texte .= ''; + + $texte .= '
'.$langs->trans("Mask").':'.$form->textwithpicto('', $tooltip, 1, 1).' 
'; + $texte .= '
'; + + return $texte; + } + + /** + * Return an example of numbering + * + * @return string Example + */ + public function getExample() + { + global $conf, $langs, $mysoc; + + $old_code_client = $mysoc->code_client; + $old_code_type = $mysoc->typent_code; + $mysoc->code_client = 'CCCCCCCCCC'; + $mysoc->typent_code = 'TTTTTTTTTT'; + $numExample = $this->getNextValue($mysoc, ''); + $mysoc->code_client = $old_code_client; + $mysoc->typent_code = $old_code_type; + + if (!$numExample) { + $numExample = $langs->trans('NotConfigured'); + } + return $numExample; + } + + /** + * Return next free value + * + * @param Product $objprod Object product + * @param Object $object Object we need next value for + * @return string Value if KO, <0 if KO + */ + public function getNextValue($objprod, $object) + { + global $db, $conf; + + require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; + + // We get cursor rule + $mask = $conf->global->BATCH_ADVANCED_MASK; + + if (!$mask) { + $this->error = 'NotConfigured'; + return 0; + } + + $date = $object->date; + + $numFinal = get_next_value($db, $mask, 'product_sn', 'ref', '', null, $date); + + return $numFinal; + } +} diff --git a/htdocs/core/modules/product_batch/mod_sn_free.php b/htdocs/core/modules/product_batch/mod_sn_free.php new file mode 100644 index 00000000000..95e1bd20359 --- /dev/null +++ b/htdocs/core/modules/product_batch/mod_sn_free.php @@ -0,0 +1,104 @@ + + * Copyright (C) 2006-2009 Laurent Destailleur + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * or see https://www.gnu.org/ + */ + +/** + * \file htdocs/core/modules/product/mod_sn_free.php + * \ingroup productbatch + * \brief File containing class for numbering model of SN free + */ + +require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php'; + +/** + * \class mod_codeproduct_leopard + * \brief Classe permettant la gestion leopard des codes produits + */ +class mod_sn_free extends ModeleNumRefBatch +{ + /* + * Attention ce module est utilise par defaut si aucun module n'a + * ete definit dans la configuration + * + * Le fonctionnement de celui-ci doit donc rester le plus ouvert possible + */ + + /** + * @var string model name + */ + public $name = 'sn_free'; + + public $code_modifiable; // Code modifiable + + public $code_modifiable_invalide; // Code modifiable si il est invalide + + public $code_modifiable_null; // Code modifiables si il est null + + public $code_null; // Code facultatif + + /** + * Dolibarr version of the loaded document + * @var string + */ + public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr' + + /** + * @var int Automatic numbering + */ + public $code_auto; + + + /** + * Constructor + */ + public function __construct() + { + $this->code_null = 1; + $this->code_modifiable = 1; + $this->code_modifiable_invalide = 1; + $this->code_modifiable_null = 1; + $this->code_auto = 0; + } + + + /** + * Return description of module + * + * @return string Description of module + */ + public function info() + { + global $langs; + $langs->load("companies"); + return $langs->trans("LeopardNumRefModelDesc"); + } + + + /** + * Return an example of result returned by getNextValue + * + * @param product $objproduct Object product + * @param int $type Type of third party (1:customer, 2:supplier, -1:autodetect) + * @return string Return next value + */ + public function getNextValue($objproduct = 0, $type = -1) + { + global $langs; + return ''; + } +} diff --git a/htdocs/core/modules/product_batch/mod_sn_standard.php b/htdocs/core/modules/product_batch/mod_sn_standard.php new file mode 100644 index 00000000000..bef5efcd9f8 --- /dev/null +++ b/htdocs/core/modules/product_batch/mod_sn_standard.php @@ -0,0 +1,145 @@ + + * Copyright (C) 2005-2009 Regis Houssin + * Copyright (C) 2021 Christophe Battarel + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * or see https://www.gnu.org/ + */ + +/** + * \file htdocs/core/modules/product_batch/mod_sn_standard.php + * \ingroup productbatch + * \brief File of class to manage SN numbering rules standard + */ +require_once DOL_DOCUMENT_ROOT.'/core/modules/product_batch/modules_product_batch.class.php'; + +/** + * Class to manage MO numbering rules standard + */ +class mod_sn_standard extends ModeleNumRefBatch +{ + /** + * Dolibarr version of the loaded document + * @var string + */ + public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr' + + public $prefix = 'SN'; + + /** + * @var string Error code (or message) + */ + public $error = ''; + + /** + * @var string name + */ + public $name = 'sn_standard'; + + + /** + * Return description of numbering module + * + * @return string Text with description + */ + public function info() + { + global $langs; + return $langs->trans("SimpleNumRefModelDesc", $this->prefix); + } + + + /** + * Return an example of numbering + * + * @return string Example + */ + public function getExample() + { + return $this->prefix."0501-0001"; + } + + + /** + * Checks if the numbers already in the database do not + * cause conflicts that would prevent this numbering working. + * + * @return boolean false if conflict, true if ok + */ + public function canBeActivated() + { + global $conf, $langs, $db; + + $coyymm = ''; $max = ''; + + $posindice = strlen($this->prefix) + 6; + $sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max"; + $sql .= " FROM ".MAIN_DB_PREFIX."product_lot"; + $sql .= " WHERE ref LIKE '".$db->escape($this->prefix)."____-%'"; + $sql .= " AND entity = ".$conf->entity; + + $resql = $db->query($sql); + if ($resql) { + $row = $db->fetch_row($resql); + if ($row) { $coyymm = substr($row[0], 0, 6); $max = $row[0]; } + } + if ($coyymm && !preg_match('/'.$this->prefix.'[0-9][0-9][0-9][0-9]/i', $coyymm)) { + $langs->load("errors"); + $this->error = $langs->trans('ErrorNumRefModel', $max); + return false; + } + + return true; + } + + /** + * Return next free value + * + * @param Product $objprod Object product + * @param Object $object Object we need next value for + * @return string Value if KO, <0 if KO + */ + public function getNextValue($objprod, $object) + { + global $db, $conf; + + // First, we get the max value + $posindice = strlen($this->prefix) + 6; + $sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max"; + $sql .= " FROM ".MAIN_DB_PREFIX."product_lot"; + $sql .= " WHERE ref LIKE '".$db->escape($this->prefix)."____-%'"; + $sql .= " AND entity = ".$conf->entity; + + $resql = $db->query($sql); + if ($resql) { + $obj = $db->fetch_object($resql); + if ($obj) $max = intval($obj->max); + else $max = 0; + } else { + dol_syslog("mod_sn_standard::getNextValue", LOG_DEBUG); + return -1; + } + + //$date=time(); + $date = $object->date_creation; + $yymm = strftime("%y%m", $date); + + if ($max >= (pow(10, 4) - 1)) $num = $max + 1; // If counter > 9999, we do not format on 4 chars, we take number as it is + else $num = sprintf("%04s", $max + 1); + + dol_syslog("mod_sn_standard::getNextValue return ".$this->prefix.$yymm."-".$num); + return $this->prefix.$yymm."-".$num; + } +} diff --git a/htdocs/core/modules/product_batch/modules_product_batch.class.php b/htdocs/core/modules/product_batch/modules_product_batch.class.php index f5ef6ac3dda..42d4d052bfe 100644 --- a/htdocs/core/modules/product_batch/modules_product_batch.class.php +++ b/htdocs/core/modules/product_batch/modules_product_batch.class.php @@ -65,3 +65,89 @@ abstract class ModelePDFProductBatch extends CommonDocGenerator return $list; } } + +/** + * Parent class to manage numbering of batch products + */ +abstract class ModeleNumRefBatch +{ + /** + * @var string Error code (or message) + */ + public $error = ''; + + /** + * Return if a module can be used or not + * + * @return boolean true if module can be used + */ + public function isEnabled() + { + return true; + } + + /** + * Returns the default description of the numbering template + * + * @return string Texte descripif + */ + public function info() + { + global $langs; + $langs->load("productbatch"); + return $langs->trans("NoDescription"); + } + + /** + * Returns an example of numbering + * + * @return string Example + */ + public function getExample() + { + global $langs; + $langs->load("productbatch"); + return $langs->trans("NoExample"); + } + + /** + * Checks if the numbers already in the database do not + * cause conflicts that would prevent this numbering working. + * + * @return boolean false if conflict, true if ok + */ + public function canBeActivated() + { + return true; + } + + /** + * Returns next assigned value + * + * @param Societe $objsoc Object thirdparty + * @param Object $object Object we need next value for + * @return string Valeur + */ + public function getNextValue($objsoc, $object) + { + global $langs; + return $langs->trans("NotAvailable"); + } + + /** + * Returns version of numbering module + * + * @return string Valeur + */ + public function getVersion() + { + global $langs; + $langs->load("admin"); + + if ($this->version == 'development') return $langs->trans("VersionDevelopment"); + if ($this->version == 'experimental') return $langs->trans("VersionExperimental"); + if ($this->version == 'dolibarr') return DOL_VERSION; + if ($this->version) return $this->version; + return $langs->trans("NotAvailable"); + } +} diff --git a/htdocs/core/modules/stock/doc/index.html b/htdocs/core/modules/stock/doc/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/core/modules/stock/doc/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/core/tpl/extrafields_view.tpl.php b/htdocs/core/tpl/extrafields_view.tpl.php index 3940f0c38e5..9f77eaca415 100644 --- a/htdocs/core/tpl/extrafields_view.tpl.php +++ b/htdocs/core/tpl/extrafields_view.tpl.php @@ -81,7 +81,7 @@ if (empty($reshook) && is_array($extrafields->attributes[$object->table_element] if ($perms && isset($extrafields->attributes[$object->table_element]['perms'][$tmpkeyextra])) { $perms = dol_eval($extrafields->attributes[$object->table_element]['perms'][$tmpkeyextra], 1); } - //print $tmpkeyextra.'-'.$enabled.'-'.$perms.'-'.$tmplabelextra.$_POST["options_" . $tmpkeyextra].'
'."\n"; + //print $tmpkeyextra.'-'.$enabled.'-'.$perms.'
'."\n"; if (empty($enabled)) { continue; // 0 = Never visible field diff --git a/htdocs/don/payment/payment.php b/htdocs/don/payment/payment.php index ca33d6ffc23..d571940cc9b 100644 --- a/htdocs/don/payment/payment.php +++ b/htdocs/don/payment/payment.php @@ -29,9 +29,10 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; $langs->load("bills"); -$chid = GETPOST("rowid"); +$chid = GETPOST("rowid", 'int'); $action = GETPOST('action', 'aZ09'); $amounts = array(); +$cancel = GETPOST('cancel'); // Security check $socid = 0; @@ -49,15 +50,15 @@ $object = new Don($db); if ($action == 'add_payment') { $error = 0; - if ($_POST["cancel"]) { + if ($cancel) { $loc = DOL_URL_ROOT.'/don/card.php?rowid='.$chid; header("Location: ".$loc); exit; } - $datepaid = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]); + $datepaid = dol_mktime(12, 0, 0, GETPOST("remonth"), GETPOST("reday"), GETPOST("reyear")); - if (!$_POST["paymenttype"] > 0) { + if (!(GETPOST("paymenttype") > 0)) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")), null, 'errors'); $error++; } @@ -65,7 +66,7 @@ if ($action == 'add_payment') { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Date")), null, 'errors'); $error++; } - if (!empty($conf->banque->enabled) && !$_POST["accountid"] > 0) { + if (!empty($conf->banque->enabled) && !(GETPOST("accountid", 'int') > 0)) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("AccountToCredit")), null, 'errors'); $error++; } @@ -183,8 +184,8 @@ if ($action == 'create') { print ''; print '"; print ''; diff --git a/htdocs/eventorganization/conferenceorbooth_card.php b/htdocs/eventorganization/conferenceorbooth_card.php index 495d0334a10..29bbd0f19bd 100644 --- a/htdocs/eventorganization/conferenceorbooth_card.php +++ b/htdocs/eventorganization/conferenceorbooth_card.php @@ -202,9 +202,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print '
'.$langs->trans("Date").''; - $datepaid = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]); - $datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (empty($_POST["remonth"]) ?-1 : $datepaid) : 0; + $datepaid = dol_mktime(12, 0, 0, GETPOST("remonth"), GETPOST("reday"), GETPOST("reyear")); + $datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (GETPOST("remonth") ? $datepaid : -1) : 0; print $form->selectDate($datepayment, '', 0, 0, 0, "add_payment", 1, 1, 0, '', '', $object->date, '', 1, $langs->trans("DonationDate")); print "
'."\n"; // Common attributes diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index 7e10b5b5f1f..c543ef40880 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -281,8 +281,8 @@ if (empty($reshook)) { $totalqty += $subtotalqty; } else { - // No detail were provided for lots - if (!empty($_POST[$qty])) { + // No detail were provided for lots, so if a qty was provided, we can show an error. + if (GETPOST($qty)) { // We try to set an amount // Case we dont use the list of available qty for each warehouse/lot // GUI does not allow this yet diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php index 020c34dc0c6..1c3e8594c41 100644 --- a/htdocs/expensereport/card.php +++ b/htdocs/expensereport/card.php @@ -2257,7 +2257,7 @@ if ($action == 'create') { // VAT print ''; // Unit price diff --git a/htdocs/expensereport/payment/payment.php b/htdocs/expensereport/payment/payment.php index 926559769b4..d50f6336669 100644 --- a/htdocs/expensereport/payment/payment.php +++ b/htdocs/expensereport/payment/payment.php @@ -36,6 +36,7 @@ $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); $amounts = array(); $accountid = GETPOST('accountid', 'int'); +$cancel = GETPOST('cancel'); // Security check $socid = 0; @@ -51,7 +52,7 @@ if ($user->socid > 0) { if ($action == 'add_payment') { $error = 0; - if ($_POST["cancel"]) { + if ($cancel) { $loc = DOL_URL_ROOT.'/expensereport/card.php?id='.$id; header("Location: ".$loc); exit; @@ -64,9 +65,9 @@ if ($action == 'add_payment') { setEventMessages($expensereport->error, $expensereport->errors, 'errors'); } - $datepaid = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]); + $datepaid = dol_mktime(12, 0, 0, GETPOST("remonth", 'int'), GETPOST("reday", 'int'), GETPOST("reyear", 'int')); - if (!($_POST["fk_typepayment"] > 0)) { + if (!(GETPOST("fk_typepayment", 'int') > 0)) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")), null, 'errors'); $error++; } diff --git a/htdocs/externalsite/admin/index.html b/htdocs/externalsite/admin/index.html deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/htdocs/externalsite/admin/externalsite.php b/htdocs/externalsite/admin/index.php similarity index 90% rename from htdocs/externalsite/admin/externalsite.php rename to htdocs/externalsite/admin/index.php index 47f0a3d57be..1710a570c45 100644 --- a/htdocs/externalsite/admin/externalsite.php +++ b/htdocs/externalsite/admin/index.php @@ -21,9 +21,9 @@ */ /** - * \file htdocs/externalsite/admin/externalsite.php + * \file htdocs/externalsite/admin/index.php * \ingroup externalsite - * \brief Page de configuration du module externalsite + * \brief Page to setup module external site */ if (!defined('NOSCANPOSTFORINJECTION')) { @@ -41,18 +41,24 @@ if (!$user->admin) { // Load translation files required by the page $langs->loadLangs(array('admin', 'other', 'externalsite')); -$def = array(); - $action = GETPOST('action', 'aZ09'); + +/* + * Actions + */ + // Sauvegardes parametres if ($action == 'update') { $i = 0; $db->begin(); - $label = GETPOST('EXTERNALSITE_LABEL', 'alpha'); - $exturl = GETPOST('EXTERNALSITE_URL', 'restricthtml'); + $label = GETPOST('EXTERNALSITE_LABEL', 'alphanohtml'); + + $exturl = GETPOST('EXTERNALSITE_URL', 'none'); + $exturl = dol_string_onlythesehtmltags($exturl, 1, 1, 0, 1); + $exturl = dol_string_onlythesehtmlattributes($exturl); $i += dolibarr_set_const($db, 'EXTERNALSITE_LABEL', trim($label), 'chaine', 0, '', $conf->entity); $i += dolibarr_set_const($db, 'EXTERNALSITE_URL', trim($exturl), 'chaine', 0, '', $conf->entity); @@ -77,7 +83,7 @@ $linkback = ''; -print $langs->trans("Module100Desc")."
\n"; +print ''.$langs->trans("Module100Desc")."
\n"; print '
'; print '
'; diff --git a/htdocs/fichinter/card.php b/htdocs/fichinter/card.php index ebc884eb033..88c5a1cefc0 100644 --- a/htdocs/fichinter/card.php +++ b/htdocs/fichinter/card.php @@ -875,9 +875,9 @@ if ($action == 'create') { print ''; print ''; $defaultpassive = GETPOST("FTP_PASSIVE_".($lastftpentry + 1)); - if (!isset($_POST["FTP_PASSIVE_".($lastftpentry + 1)])) { + if (!GETPOSTISSET("FTP_PASSIVE_".($lastftpentry + 1))) { $defaultpassive = empty($conf->global->FTP_SUGGEST_PASSIVE_BYDEFAULT) ? 0 : 1; } print ''; diff --git a/htdocs/hrm/establishment/card.php b/htdocs/hrm/establishment/card.php index a46ebfa28f3..96874db6504 100644 --- a/htdocs/hrm/establishment/card.php +++ b/htdocs/hrm/establishment/card.php @@ -80,9 +80,9 @@ if ($action == 'confirm_delete' && $confirm == "yes") { if (empty($error)) { $object->address = GETPOST('address', 'alpha'); - $object->zip = GETPOST('zipcode', 'alpha'); - $object->town = GETPOST('town', 'alpha'); - $object->country_id = $_POST["country_id"]; + $object->zip = GETPOST('zipcode', 'alpha'); + $object->town = GETPOST('town', 'alpha'); + $object->country_id = GETPOST("country_id", 'int'); $object->status = GETPOST('status', 'int'); $object->fk_user_author = $user->id; $object->datec = dol_now(); diff --git a/htdocs/install/mysql/data/llx_c_forme_juridique.sql b/htdocs/install/mysql/data/llx_c_forme_juridique.sql index 7b02ee60ffa..b3182846723 100644 --- a/htdocs/install/mysql/data/llx_c_forme_juridique.sql +++ b/htdocs/install/mysql/data/llx_c_forme_juridique.sql @@ -8,8 +8,13 @@ -- Copyright (C) 2010-2016 Juanjo Menent -- Copyright (C) 2012 Sebastian Neuwert -- Copyright (C) 2012 Tommaso Basilici --- Copyright (C) 2012 Ricardo Schluter --- Copyright (C) 2013 Cedric GROSS +-- Copyright (C) 2012 Ricardo Schluter +-- Copyright (C) 2013 Cedric GROSS +-- Copyright (C) 2020-2021 Udo Tamm +-- + + +-- LICENSE --------------------------------------------------------------- -- -- This program is free software; you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published by @@ -25,14 +30,24 @@ -- along with this program. If not, see . -- +-- WARNING ---------------------------------------------------------------- -- +-- EN: +-- Do not put a comment at the end of the line, this file is parsed during +-- install and all '--' symbols are removed. +-- +-- FR: -- Ne pas placer de commentaire en fin de ligne, ce fichier est parsé lors -- de l'install et tous les sigles '--' sont supprimés. -- +-- CONTENT ---------------------------------------------------------------- -- --- Formes juridiques +-- Legal Formes (en) / Formes juridiques (fr) -- +-- fk_pays = country_id +-- + delete from llx_c_forme_juridique; @@ -54,6 +69,7 @@ INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (23, ' INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (23, '2312', 'Sociedad Anónima con Participación Estatal Mayoritaria', 1); INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (23, '2313', 'Sociedad en Comandita por Acciones (arts. 315 a 324, LSC)', 1); + -- Austria INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (41, '4100', 'GmbH - Gesellschaft mit beschränkter Haftung', 1); INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (41, '4101', 'GesmbH - Gesellschaft mit beschränkter Haftung', 1); @@ -71,6 +87,31 @@ INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (41, ' INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (41, '4113', 'GesnbR - Gesellschaft nach bürgerlichem Recht', 1); INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle, active) VALUES (41, '4114', 'e.U. - eingetragener Einzelunternehmer', 1); + +-- Belgium +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '200', 'Indépendant'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '201', 'SRL - Société à responsabilité limitée'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '202', 'SA - Société Anonyme'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '203', 'SCRL - Société coopérative à responsabilité limitée'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '204', 'ASBL - Association sans but Lucratif'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '205', 'SCRI - Société coopérative à responsabilité illimitée'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '206', 'SCS - Société en commandite simple'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '207', 'SCA - Société en commandite par action'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '208', 'SNC - Société en nom collectif'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '209', 'GIE - Groupement d intérêt économique'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '210', 'GEIE - Groupement européen d intérêt économique'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '220', 'Eenmanszaak'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '221', 'BVBA - Besloten vennootschap met beperkte aansprakelijkheid'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '222', 'NV - Naamloze Vennootschap'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '223', 'CVBA - Coöperatieve vennootschap met beperkte aansprakelijkheid'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '224', 'VZW - Vereniging zonder winstoogmerk'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '225', 'CVOA - Coöperatieve vennootschap met onbeperkte aansprakelijkheid '); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '226', 'GCV - Gewone commanditaire vennootschap'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '227', 'Comm.VA - Commanditaire vennootschap op aandelen'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '228', 'VOF - Vennootschap onder firma'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '229', 'VS0 - Vennootschap met sociaal oogmerk'); + + -- France: Extrait de http://www.insee.fr/fr/nom_def_met/nomenclatures/cj/cjniveau2.htm insert into llx_c_forme_juridique (fk_pays, code, libelle) values (1,'11','Artisan Commerçant (EI)'); insert into llx_c_forme_juridique (fk_pays, code, libelle) values (1,'12','Commerçant (EI)'); @@ -127,28 +168,6 @@ insert into llx_c_forme_juridique (fk_pays, code, libelle) values (1,'92','Assoc insert into llx_c_forme_juridique (fk_pays, code, libelle) values (1,'93','Fondation'); insert into llx_c_forme_juridique (fk_pays, code, libelle) values (1,'99','Personne morale de droit privé'); --- Belgium -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '200', 'Indépendant'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '201', 'SRL - Société à responsabilité limitée'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '202', 'SA - Société Anonyme'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '203', 'SCRL - Société coopérative à responsabilité limitée'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '204', 'ASBL - Association sans but Lucratif'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '205', 'SCRI - Société coopérative à responsabilité illimitée'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '206', 'SCS - Société en commandite simple'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '207', 'SCA - Société en commandite par action'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '208', 'SNC - Société en nom collectif'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '209', 'GIE - Groupement d intérêt économique'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '210', 'GEIE - Groupement européen d intérêt économique'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '220', 'Eenmanszaak'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '221', 'BVBA - Besloten vennootschap met beperkte aansprakelijkheid'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '222', 'NV - Naamloze Vennootschap'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '223', 'CVBA - Coöperatieve vennootschap met beperkte aansprakelijkheid'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '224', 'VZW - Vereniging zonder winstoogmerk'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '225', 'CVOA - Coöperatieve vennootschap met onbeperkte aansprakelijkheid '); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '226', 'GCV - Gewone commanditaire vennootschap'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '227', 'Comm.VA - Commanditaire vennootschap op aandelen'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '228', 'VOF - Vennootschap onder firma'); -insert into llx_c_forme_juridique (fk_pays, code, libelle) values (2, '229', 'VS0 - Vennootschap met sociaal oogmerk'); -- Germany insert into llx_c_forme_juridique (fk_pays, code, libelle) values (5, '500', 'GmbH - Gesellschaft mit beschränkter Haftung'); @@ -160,6 +179,8 @@ insert into llx_c_forme_juridique (fk_pays, code, libelle) values (5, '505', 'Gb insert into llx_c_forme_juridique (fk_pays, code, libelle) values (5, '506', 'KG - Kommanditgesellschaft'); insert into llx_c_forme_juridique (fk_pays, code, libelle) values (5, '507', 'Ltd. - Limited Company'); insert into llx_c_forme_juridique (fk_pays, code, libelle) values (5, '508', 'OHG - Offene Handelsgesellschaft'); +insert into llx_c_forme_juridique (fk_pays, code, libelle) values (5, '509', 'eG - eingetragene Genossenschaft'); + -- Denmark INSERT INTO llx_c_forme_juridique (fk_pays, code, libelle) VALUES (80, '8001', 'Aktieselvskab A/S'); diff --git a/htdocs/install/step1.php b/htdocs/install/step1.php index e841a352b40..86e970f8194 100644 --- a/htdocs/install/step1.php +++ b/htdocs/install/step1.php @@ -231,7 +231,6 @@ if (!$error) { $databasefortest = 'master'; } } - //print $_POST["db_type"].",".$_POST["db_host"].",$userroot,$passroot,$databasefortest,".$_POST["db_port"]; $db = getDoliDBInstance($db_type, $db_host, $userroot, $passroot, $databasefortest, $db_port); diff --git a/htdocs/langs/en_US/banks.lang b/htdocs/langs/en_US/banks.lang index f0f5dfd0a8e..8e2d828c12a 100644 --- a/htdocs/langs/en_US/banks.lang +++ b/htdocs/langs/en_US/banks.lang @@ -174,7 +174,7 @@ YourSEPAMandate=Your SEPA mandate FindYourSEPAMandate=This is your SEPA mandate to authorize our company to make direct debit order to your bank. Return it signed (scan of the signed document) or send it by mail to AutoReportLastAccountStatement=Automatically fill the field 'number of bank statement' with last statement number when making reconciliation CashControl=POS cash desk control -NewCashFence=New cash desk closing +NewCashFence=New cash desk opening or closing BankColorizeMovement=Colorize movements BankColorizeMovementDesc=If this function is enable, you can choose specific background color for debit or credit movements BankColorizeMovementName1=Background color for debit movement diff --git a/htdocs/langs/en_US/margins.lang b/htdocs/langs/en_US/margins.lang index 76ea8ad5c4d..ad5406409b4 100644 --- a/htdocs/langs/en_US/margins.lang +++ b/htdocs/langs/en_US/margins.lang @@ -22,7 +22,7 @@ ProductService=Product or Service AllProducts=All products and services ChooseProduct/Service=Choose product or service ForceBuyingPriceIfNull=Force buying/cost price to selling price if not defined -ForceBuyingPriceIfNullDetails=If buying/cost price not defined, and this option "ON", margin will be zero on line (buying/cost price = selling price), otherwise ("OFF"), marge will be equal to suggested default. +ForceBuyingPriceIfNullDetails=If buying/cost price not provided when we add a new line, and this option is "ON", the margin will be 0 on the new line (buying/cost price = selling price). If this option is "OFF" (recommended), margin will be equal to the value suggested by default (and may be 100% if no default value can be found). MARGIN_METHODE_FOR_DISCOUNT=Margin method for global discounts UseDiscountAsProduct=As a product UseDiscountAsService=As a service diff --git a/htdocs/langs/en_US/productbatch.lang b/htdocs/langs/en_US/productbatch.lang index 36adfd571fb..9e299baf8f3 100644 --- a/htdocs/langs/en_US/productbatch.lang +++ b/htdocs/langs/en_US/productbatch.lang @@ -26,3 +26,5 @@ ShowLogOfMovementIfLot=Show log of movements for couple product/lot StockDetailPerBatch=Stock detail per lot SerialNumberAlreadyInUse=Serial number %s is already used for product %s TooManyQtyForSerialNumber=You can only have one product %s for serial number %S +BatchLotNumberingModules=Options for automatic generation of batch products managed by lots +BatchSerialNumberingModules=Options for automatic generation of batch products managed by serial numbers \ No newline at end of file diff --git a/htdocs/langs/en_US/users.lang b/htdocs/langs/en_US/users.lang index d4326fc08c9..727773a9606 100644 --- a/htdocs/langs/en_US/users.lang +++ b/htdocs/langs/en_US/users.lang @@ -72,7 +72,7 @@ ExportDataset_user_1=Users and their properties DomainUser=Domain user %s Reactivate=Reactivate CreateInternalUserDesc=This form allows you to create an internal user in your company/organization. To create an external user (customer, vendor etc. ..), use the button 'Create Dolibarr User' from that third-party's contact card. -InternalExternalDesc=An internal user is a user that is part of your company/organization.
An external user is a customer, vendor or other that must view only data related to himself (Creating an external user for a third-party can be done from the contact record of the third-party).

In both cases, permissions defines rights on Dolibarr, also external user can have a different menu manager than internal user (See Home - Setup - Display) +InternalExternalDesc=An internal user is a user that is part of your company/organization, or is a partner user outside of your organization that may need to see more data than data related to his company (the permission system will define what he can or can't see or do).
An external user is a customer, vendor or other that must view ONLY data related to himself (Creating an external user for a third-party can be done from the contact record of the third-party).

In both cases, you must grant permissions on the features that the user need. PermissionInheritedFromAGroup=Permission granted because inherited from one of a user's group. Inherited=Inherited UserWillBe=Created user will be diff --git a/htdocs/langs/fr_FR/productbatch.lang b/htdocs/langs/fr_FR/productbatch.lang index 94ceb434bfd..eed5a063318 100644 --- a/htdocs/langs/fr_FR/productbatch.lang +++ b/htdocs/langs/fr_FR/productbatch.lang @@ -26,3 +26,5 @@ ShowLogOfMovementIfLot=Afficher l'historique des mouvements de couple produit / StockDetailPerBatch=Stock détaillé par lot SerialNumberAlreadyInUse=Le numéro de série %s est déjà utilisé pour le produit %s TooManyQtyForSerialNumber=Vous ne pouvez avoir qu'un produit %s avec le numéro de série %s +BatchLotNumberingModules=Modèle de génération et contrôle des numéros de lot +BatchSerialNumberingModules=Modèle de génération et contrôle des numéros de série \ No newline at end of file diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index e617d0fe0e6..436870a20c3 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -2073,8 +2073,7 @@ function top_menu_user($hideloginname = 0, $urllogout = '') $btnUser = '
'; - print $form->load_tva('vatrate', (isset($_POST["vatrate"]) ? $_POST["vatrate"] : $line->vatrate), $mysoc, '', 0, 0, '', false, 1); + print $form->load_tva('vatrate', (GETPOSTISSET("vatrate") ? GETPOST("vatrate") : $line->vatrate), $mysoc, '', 0, 0, '', false, 1); print '
'.$langs->trans("Project").''; /* Fix: If a project must be linked to any companies (suppliers or not), project must be not be set as limited to customer but must be not linked to any particular thirdparty if ($societe->fournisseur==1) - $numprojet=select_projects(-1,$_POST["projectid"],'projectid'); + $numprojet=select_projects(-1, GETPOST("projectid", 'int'), 'projectid'); else - $numprojet=select_projects($societe->id,$_POST["projectid"],'projectid'); + $numprojet=select_projects($societe->id, GETPOST("projectid", 'int'), 'projectid'); */ $numprojet = $formproject->select_projects($soc->id, $projectid, 'projectid'); if ($numprojet == 0) { diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index fe854c72d48..6def24cf64b 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -1883,7 +1883,7 @@ if ($action == 'create') { // Confirmation de l'envoi de la commande if ($action == 'commande') { $date_com = dol_mktime(GETPOST('rehour'), GETPOST('remin'), GETPOST('resec'), GETPOST("remonth"), GETPOST("reday"), GETPOST("reyear")); - $formconfirm = $form->formconfirm($_SERVER['PHP_SELF']."?id=".$object->id."&datecommande=".$date_com."&methode=".$_POST["methodecommande"]."&comment=".urlencode($_POST["comment"]), $langs->trans("MakeOrder"), $langs->trans("ConfirmMakeOrder", dol_print_date($date_com, 'day')), "confirm_commande", '', 0, 2); + $formconfirm = $form->formconfirm($_SERVER['PHP_SELF']."?id=".$object->id."&datecommande=".$date_com."&methode=".GETPOST("methodecommande")."&comment=".urlencode(GETPOST("comment")), $langs->trans("MakeOrder"), $langs->trans("ConfirmMakeOrder", dol_print_date($date_com, 'day')), "confirm_commande", '', 0, 2); } // Confirmation to delete line diff --git a/htdocs/fourn/commande/dispatch.php b/htdocs/fourn/commande/dispatch.php index 0d48c7d30dd..0402fa7a99b 100644 --- a/htdocs/fourn/commande/dispatch.php +++ b/htdocs/fourn/commande/dispatch.php @@ -1046,7 +1046,7 @@ if ($id > 0 || !empty($ref)) { if (empty($conf->reception->enabled)) { print $langs->trans("Comment").' : '; print 'trans("DispatchSupplierOrder", $object->ref); + print GETPOSTISSET("comment") ? GETPOST("comment") : $langs->trans("DispatchSupplierOrder", $object->ref); // print ' / '.$object->ref_supplier; // Not yet available print '" class="flat">
'; diff --git a/htdocs/ftp/admin/ftpclient.php b/htdocs/ftp/admin/ftpclient.php index ab673e45447..5094f178cea 100644 --- a/htdocs/ftp/admin/ftpclient.php +++ b/htdocs/ftp/admin/ftpclient.php @@ -58,8 +58,8 @@ if ($result) { } if ($action == 'add' || GETPOST('modify', 'alpha')) { - $ftp_name = "FTP_NAME_".$entry; // $_POST["numero_entry"]; - $ftp_server = "FTP_SERVER_".$entry; //$_POST["numero_entry"]; + $ftp_name = "FTP_NAME_".$entry; + $ftp_server = "FTP_SERVER_".$entry; $error = 0; @@ -203,7 +203,7 @@ if (!function_exists('ftp_connect')) { print '
'.$langs->trans("FTPPassiveMode").''.$form->selectyesno('FTP_PASSIVE_'.($lastftpentry + 1), $defaultpassive, 2).'
'; +print ''; +print ''; +print ''; +print ''; +print ''; +print ''; +print ''."\n"; + +clearstatcache(); + +foreach ($dirmodels as $reldir) { + $dir = dol_buildpath($reldir."core/modules/product_batch/"); + + if (is_dir($dir)) { + $handle = opendir($dir); + if (is_resource($handle)) { + while (($file = readdir($handle)) !== false) { + if (substr($file, 0, 8) == 'mod_lot_' && substr($file, dol_strlen($file) - 3, 3) == 'php') { + $file = substr($file, 0, dol_strlen($file) - 4); + + require_once $dir.$file.'.php'; + + $module = new $file($db); + + // Show modules according to features level + if ($module->version == 'development' && $conf->global->MAIN_FEATURES_LEVEL < 2) continue; + if ($module->version == 'experimental' && $conf->global->MAIN_FEATURES_LEVEL < 1) continue; + + if ($module->isEnabled()) { + print ''; + + // Show example of numbering model + print ''."\n"; + + print ''; + + $batch = new Productlot($db); + $batch->initAsSpecimen(); + + // Info + $htmltooltip = ''; + $htmltooltip .= ''.$langs->trans("Version").': '.$module->getVersion().'
'; + $nextval = $module->getNextValue($mysoc, $batch); + if ("$nextval" != $langs->trans("NotAvailable")) { // Keep " on nextval + $htmltooltip .= ''.$langs->trans("NextValue").': '; + if ($nextval) { + if (preg_match('/^Error/', $nextval) || $nextval == 'NotConfigured') + $nextval = $langs->trans($nextval); + $htmltooltip .= $nextval.'
'; + } else { + $htmltooltip .= $langs->trans($module->error).'
'; + } + } + + print ''; + + print "\n"; + } + } + } + closedir($handle); + } + } +} + +print "
'.$langs->trans("Name").''.$langs->trans("Description").''.$langs->trans("Example").''.$langs->trans("Status").''.$langs->trans("ShortInfo").'
'.$module->name."\n"; + print $module->info(); + print ''; + $tmp = $module->getExample(); + if (preg_match('/^Error/', $tmp)) print '
'.$langs->trans($tmp).'
'; + elseif ($tmp == 'NotConfigured') print $langs->trans($tmp); + else print $tmp; + print '		'; + if ($conf->global->LOT_ADDON == $file) { + print img_picto($langs->trans("Activated"), 'switch_on'); + } else { + print ''; + print img_picto($langs->trans("Disabled"), 'switch_off'); + print ''; + } + print ''; + print $form->textwithpicto('', $htmltooltip, 1, 0); + print '

\n"; + + +/* + * Serials Numbering models + */ + +print load_fiche_titre($langs->trans("BatchSerialNumberingModules"), '', ''); + +print ''; +print ''; +print ''; +print ''; +print ''; +print ''; +print ''; +print ''."\n"; + +clearstatcache(); + +foreach ($dirmodels as $reldir) { + $dir = dol_buildpath($reldir."core/modules/product_batch/"); + + if (is_dir($dir)) { + $handle = opendir($dir); + if (is_resource($handle)) { + while (($file = readdir($handle)) !== false) { + if (substr($file, 0, 7) == 'mod_sn_' && substr($file, dol_strlen($file) - 3, 3) == 'php') { + $file = substr($file, 0, dol_strlen($file) - 4); + + require_once $dir.$file.'.php'; + + $module = new $file($db); + + // Show modules according to features level + if ($module->version == 'development' && $conf->global->MAIN_FEATURES_LEVEL < 2) continue; + if ($module->version == 'experimental' && $conf->global->MAIN_FEATURES_LEVEL < 1) continue; + + if ($module->isEnabled()) { + print ''; + + // Show example of numbering model + print ''."\n"; + + print ''; + + $batch = new Productlot($db); + $batch->initAsSpecimen(); + + // Info + $htmltooltip = ''; + $htmltooltip .= ''.$langs->trans("Version").': '.$module->getVersion().'
'; + $nextval = $module->getNextValue($mysoc, $batch); + if ("$nextval" != $langs->trans("NotAvailable")) { // Keep " on nextval + $htmltooltip .= ''.$langs->trans("NextValue").': '; + if ($nextval) { + if (preg_match('/^Error/', $nextval) || $nextval == 'NotConfigured') + $nextval = $langs->trans($nextval); + $htmltooltip .= $nextval.'
'; + } else { + $htmltooltip .= $langs->trans($module->error).'
'; + } + } + + print ''; + + print "\n"; + } + } + } + closedir($handle); + } + } +} + +print "
'.$langs->trans("Name").''.$langs->trans("Description").''.$langs->trans("Example").''.$langs->trans("Status").''.$langs->trans("ShortInfo").'
'.$module->name."\n"; + print $module->info(); + print ''; + $tmp = $module->getExample(); + if (preg_match('/^Error/', $tmp)) print '
'.$langs->trans($tmp).'
'; + elseif ($tmp == 'NotConfigured') print $langs->trans($tmp); + else print $tmp; + print '		'; + if ($conf->global->SN_ADDON == $file) { + print img_picto($langs->trans("Activated"), 'switch_on'); + } else { + print ''; + print img_picto($langs->trans("Disabled"), 'switch_off'); + print ''; + } + print ''; + print $form->textwithpicto('', $htmltooltip, 1, 0); + print '

\n"; + +// End of page +llxFooter(); +$db->close(); diff --git a/htdocs/projet/activity/perday.php b/htdocs/projet/activity/perday.php index 1309ae4455e..5b30d77ca21 100644 --- a/htdocs/projet/activity/perday.php +++ b/htdocs/projet/activity/perday.php @@ -601,8 +601,10 @@ if (!empty($arrayfields['t.progress']['checked'])) { if ($usertoprocess->id == $user->id) print ''.$langs->trans("TimeSpentByYou").''; else print ''.$langs->trans("TimeSpentByUser").'';*/ print ''.$langs->trans("TimeSpent").'
'; +print ''; print 'Photo'; print ''.$langs->trans("Everybody").''; +print ''; print ''; print ''.$langs->trans("TimeSpent").($usertoprocess->firstname ? '
'.$usertoprocess->getNomUrl(-2).''.dol_trunc($usertoprocess->firstname, 10).'' : '').''; print ''.$langs->trans("HourStart").''; diff --git a/htdocs/projet/activity/permonth.php b/htdocs/projet/activity/permonth.php index d023dcc69d3..7f40ab1c9a1 100644 --- a/htdocs/projet/activity/permonth.php +++ b/htdocs/projet/activity/permonth.php @@ -491,9 +491,11 @@ print ''.$langs->trans("ProgressDeclared"). /*print ''.$langs->trans("TimeSpent").''; if ($usertoprocess->id == $user->id) print ''.$langs->trans("TimeSpentByYou").''; else print ''.$langs->trans("TimeSpentByUser").'';*/ -print ''.$langs->trans("TimeSpent").'
'; +print ''.$langs->trans("TimeSpent").'
'; +print ''; print 'Photo'; print ''.$langs->trans("Everybody").''; +print ''; print ''; print ''.$langs->trans("TimeSpent").($usertoprocess->firstname ? '
'.$usertoprocess->getNomUrl(-2).''.dol_trunc($usertoprocess->firstname, 10).'' : '').''; diff --git a/htdocs/projet/activity/perweek.php b/htdocs/projet/activity/perweek.php index 028bb97726c..b6cd2c04f10 100644 --- a/htdocs/projet/activity/perweek.php +++ b/htdocs/projet/activity/perweek.php @@ -657,9 +657,11 @@ if (!empty($arrayfields['t.progress']['checked'])) { /*print ''.$langs->trans("TimeSpent").''; if ($usertoprocess->id == $user->id) print ''.$langs->trans("TimeSpentByYou").''; else print ''.$langs->trans("TimeSpentByUser").'';*/ -print ''.$langs->trans("TimeSpent").'
'; +print ''.$langs->trans("TimeSpent").'
'; +print ''; print 'Photo'; print ''.$langs->trans("Everybody").''; +print ''; print ''; print ''.$langs->trans("TimeSpent").($usertoprocess->firstname ? '
'.$usertoprocess->getNomUrl(-2).''.dol_trunc($usertoprocess->firstname, 10).'' : '').''; diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index 3999e448730..916f23eb056 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -52,7 +52,7 @@ $status = GETPOST('status', 'int'); $opp_status = GETPOST('opp_status', 'int'); $opp_percent = price2num(GETPOST('opp_percent', 'alpha')); -if ($id == '' && $ref == '' && ($action != "create" && $action != "add" && $action != "update" && !$_POST["cancel"])) { +if ($id == '' && $ref == '' && ($action != "create" && $action != "add" && $action != "update" && !GETPOST("cancel"))) { accessforbidden(); } @@ -224,12 +224,10 @@ if (empty($reshook)) { if (empty($ref)) { $error++; - //$_GET["id"]=$_POST["id"]; // We return on the project card setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Ref")), null, 'errors'); } - if (empty($_POST["title"])) { + if (!GETPOST("title")) { $error++; - //$_GET["id"]=$_POST["id"]; // We return on the project card setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("ProjectLabel")), null, 'errors'); } @@ -512,7 +510,7 @@ if ($action == 'create' && $user->rights->projet->creer) { } // Ref - $suggestedref = ($_POST["ref"] ? $_POST["ref"] : $defaultref); + $suggestedref = (GETPOST("ref") ? GETPOST("ref") : $defaultref); print ''.$langs->trans("Ref").''; print ' '.$form->textwithpicto('', $langs->trans("YouCanCompleteRef", $suggestedref)); print ''; diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php index cb2f92c34a4..df4a94b6dfd 100644 --- a/htdocs/projet/tasks.php +++ b/htdocs/projet/tasks.php @@ -297,7 +297,7 @@ if ($action == 'createtask' && $user->rights->projet->creer) { $taskid = $task->create($user); if ($taskid > 0) { - $result = $task->add_contact($_POST["userid"], 'TASKEXECUTIVE', 'internal'); + $result = $task->add_contact(GETPOST("userid", 'int'), 'TASKEXECUTIVE', 'internal'); } else { if ($db->lasterrno() == 'DB_ERROR_RECORD_ALREADY_EXISTS') { $langs->load("projects"); diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php index 6ec9f7d3126..0f6b67a0482 100644 --- a/htdocs/projet/tasks/task.php +++ b/htdocs/projet/tasks/task.php @@ -73,14 +73,14 @@ if ($reshook < 0) { * Actions */ -if ($action == 'update' && !$_POST["cancel"] && $user->rights->projet->creer) { +if ($action == 'update' && !GETPOST("cancel") && $user->rights->projet->creer) { $error = 0; if (empty($taskref)) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Ref")), null, 'errors'); } - if (empty($_POST["label"])) { + if (!GETPOST("label")) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Label")), null, 'errors'); } diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index 883fe737e56..2fb226b5eb2 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -158,7 +158,7 @@ if ($action == 'addtimespent' && $user->rights->projet->lire) { setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentitiesnoconv("Duration")), null, 'errors'); $error++; } - if (empty($_POST["userid"])) { + if (!GETPOST("userid", 'int')) { $langs->load("errors"); setEventMessages($langs->trans('ErrorUserNotAssignedToTask'), null, 'errors'); $error++; @@ -185,19 +185,19 @@ if ($action == 'addtimespent' && $user->rights->projet->lire) { $action = 'createtime'; $error++; } else { - $object->timespent_note = $_POST["timespent_note"]; + $object->timespent_note = GETPOST("timespent_note"); if (GETPOST('progress', 'int') > 0) { $object->progress = GETPOST('progress', 'int'); // If progress is -1 (not defined), we do not change value } - $object->timespent_duration = $_POST["timespent_durationhour"] * 60 * 60; // We store duration in seconds - $object->timespent_duration += ($_POST["timespent_durationmin"] ? $_POST["timespent_durationmin"] : 0) * 60; // We store duration in seconds + $object->timespent_duration = GETPOST("timespent_durationhour") * 60 * 60; // We store duration in seconds + $object->timespent_duration += (GETPOST("timespent_durationmin") ? GETPOST("timespent_durationmin") : 0) * 60; // We store duration in seconds if (GETPOST("timehour") != '' && GETPOST("timehour") >= 0) { // If hour was entered $object->timespent_date = dol_mktime(GETPOST("timehour"), GETPOST("timemin"), 0, GETPOST("timemonth"), GETPOST("timeday"), GETPOST("timeyear")); $object->timespent_withhour = 1; } else { $object->timespent_date = dol_mktime(12, 0, 0, GETPOST("timemonth"), GETPOST("timeday"), GETPOST("timeyear")); } - $object->timespent_fk_user = $_POST["userid"]; + $object->timespent_fk_user = GETPOST("userid", 'int'); $result = $object->addTimeSpent($user); if ($result >= 0) { setEventMessages($langs->trans("RecordSaved"), null, 'mesgs'); @@ -233,17 +233,17 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us $result = $object->delTimeSpent($user); $object->fetch($id, $ref); - $object->timespent_note = $_POST["timespent_note_line"]; - $object->timespent_old_duration = $_POST["old_duration"]; - $object->timespent_duration = $_POST["new_durationhour"] * 60 * 60; // We store duration in seconds - $object->timespent_duration += ($_POST["new_durationmin"] ? $_POST["new_durationmin"] : 0) * 60; // We store duration in seconds + $object->timespent_note = GETPOST("timespent_note_line"); + $object->timespent_old_duration = GETPOST("old_duration"); + $object->timespent_duration = GETPOST("new_durationhour") * 60 * 60; // We store duration in seconds + $object->timespent_duration += (GETPOST("new_durationmin") ? GETPOST("new_durationmin") : 0) * 60; // We store duration in seconds if (GETPOST("timelinehour") != '' && GETPOST("timelinehour") >= 0) { // If hour was entered $object->timespent_date = dol_mktime(GETPOST("timelinehour"), GETPOST("timelinemin"), 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear")); $object->timespent_withhour = 1; } else { $object->timespent_date = dol_mktime(12, 0, 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear")); } - $object->timespent_fk_user = $_POST["userid_line"]; + $object->timespent_fk_user = GETPOST("userid_line", 'int'); $result = $object->addTimeSpent($user); if ($result >= 0) { setEventMessages($langs->trans("RecordSaved"), null, 'mesgs'); @@ -255,18 +255,18 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us $object->fetch($id, $ref); // TODO Check that ($task_time->fk_user == $user->id || in_array($task_time->fk_user, $childids)) - $object->timespent_id = $_POST["lineid"]; - $object->timespent_note = $_POST["timespent_note_line"]; - $object->timespent_old_duration = $_POST["old_duration"]; - $object->timespent_duration = $_POST["new_durationhour"] * 60 * 60; // We store duration in seconds - $object->timespent_duration += ($_POST["new_durationmin"] ? $_POST["new_durationmin"] : 0) * 60; // We store duration in seconds + $object->timespent_id = GETPOST("lineid", 'int'); + $object->timespent_note = GETPOST("timespent_note_line"); + $object->timespent_old_duration = GETPOST("old_duration"); + $object->timespent_duration = GETPOST("new_durationhour") * 60 * 60; // We store duration in seconds + $object->timespent_duration += (GETPOST("new_durationmin") ? GETPOST("new_durationmin") : 0) * 60; // We store duration in seconds if (GETPOST("timelinehour") != '' && GETPOST("timelinehour") >= 0) { // If hour was entered $object->timespent_date = dol_mktime(GETPOST("timelinehour"), GETPOST("timelinemin"), 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear")); $object->timespent_withhour = 1; } else { $object->timespent_date = dol_mktime(12, 0, 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear")); } - $object->timespent_fk_user = $_POST["userid_line"]; + $object->timespent_fk_user = GETPOST("userid_line", 'int'); $result = $object->updateTimeSpent($user); if ($result >= 0) { @@ -1141,7 +1141,6 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0) { // Date print ''; - //$newdate=dol_mktime(12,0,0,$_POST["timemonth"],$_POST["timeday"],$_POST["timeyear"]); $newdate = ''; print $form->selectDate($newdate, 'time', ($conf->browser->layout == 'phone' ? 2 : 1), 1, 2, "timespent_date", 1, 0); print ''; diff --git a/htdocs/public/opensurvey/studs.php b/htdocs/public/opensurvey/studs.php index 90dab0379ff..5f5446ae3f1 100644 --- a/htdocs/public/opensurvey/studs.php +++ b/htdocs/public/opensurvey/studs.php @@ -203,7 +203,6 @@ if ($testmodifier) { //var_dump($_POST);exit; $nouveauchoix = ''; for ($i = 0; $i < $nbcolonnes; $i++) { - //var_dump($_POST["choix$i"]); if (GETPOSTISSET("choix".$i) && GETPOST("choix".$i) == '1') { $nouveauchoix .= "1"; } elseif (GETPOSTISSET("choix".$i) && GETPOST("choix".$i) == '2') { @@ -217,7 +216,7 @@ if ($testmodifier) { accessforbidden('', 0, 0, 1); } - $idtomodify = $_POST["idtomodify".$modifier]; + $idtomodify = GETPOST("idtomodify".$modifier); $sql = 'UPDATE '.MAIN_DB_PREFIX."opensurvey_user_studs"; $sql .= " SET reponses = '".$db->escape($nouveauchoix)."'"; $sql .= " WHERE id_users = '".$db->escape($idtomodify)."'"; diff --git a/htdocs/public/project/new.php b/htdocs/public/project/new.php index f25843f69e4..048df9c41b3 100644 --- a/htdocs/public/project/new.php +++ b/htdocs/public/project/new.php @@ -223,11 +223,11 @@ if (empty($reshook) && $action == 'add') { $error++; $errmsg .= $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv('Nature'))."
\n"; } - if (empty($_POST["lastname"])) { + if (!GETPOST("lastname")) { $error++; $errmsg .= $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Lastname"))."
\n"; } - if (empty($_POST["firstname"])) { + if (!GETPOST("firstname")) { $error++; $errmsg .= $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Firstname"))."
\n"; } diff --git a/htdocs/reception/card.php b/htdocs/reception/card.php index 83701e59e40..bbfccb3b945 100644 --- a/htdocs/reception/card.php +++ b/htdocs/reception/card.php @@ -317,11 +317,16 @@ if (empty($reshook)) { //var_dump($_POST);exit; for ($i = 1; $i <= $num; $i++) { $lineToTest = ''; + $lineId = GETPOST($idl, 'int'); foreach ($objectsrc->lines as $linesrc) { - if ($linesrc->id == GETPOST($idl, 'int')) { + if ($linesrc->id == $lineId) { $lineToTest = $linesrc; + break; } } + if (empty($lineToTest)) { + continue; + } $qty = "qtyl".$i; $comment = "comment".$i; $eatby = "dlc".$i; @@ -340,7 +345,7 @@ if (empty($reshook)) { if ($entrepot_id < 0) { $entrepot_id = ''; } - if (!($linesrc->fk_product > 0) && empty($conf->global->STOCK_SUPPORTS_SERVICES)) { + if (!($lineToTest->fk_product > 0) && empty($conf->global->STOCK_SUPPORTS_SERVICES)) { $entrepot_id = 0; } $eatby = GETPOST($eatby, 'alpha'); diff --git a/htdocs/salaries/card.php b/htdocs/salaries/card.php index 775221caeb2..e1225f15258 100755 --- a/htdocs/salaries/card.php +++ b/htdocs/salaries/card.php @@ -282,7 +282,7 @@ if ($action == 'confirm_delete') { } -if ($action == 'update' && !$_POST["cancel"] && $user->rights->salaries->write) { +if ($action == 'update' && !GETPOST("cancel") && $user->rights->salaries->write) { $amount = price2num(GETPOST('amount'), 'MT', 2); if (empty($amount)) { diff --git a/htdocs/salaries/paiement_salary.php b/htdocs/salaries/paiement_salary.php index ac70d5c4a8c..3b0eda077a2 100644 --- a/htdocs/salaries/paiement_salary.php +++ b/htdocs/salaries/paiement_salary.php @@ -33,6 +33,7 @@ $langs->load("bills"); $chid = GETPOST("id", 'int'); $action = GETPOST('action', 'alpha'); +$cancel = GETPOST('cancel', 'alpha'); $amounts = array(); // Security check @@ -49,7 +50,7 @@ if ($user->socid > 0) { if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'yes')) { $error = 0; - if ($_POST["cancel"]) { + if ($cancel) { $loc = DOL_URL_ROOT.'/salaries/card.php?id='.$chid; header("Location: ".$loc); exit; @@ -174,7 +175,7 @@ if ($action == 'create') { print ''; print ''; - print dol_get_fiche_end(); + print dol_get_fiche_head(); print ''; @@ -198,21 +199,21 @@ if ($action == 'create') { print '';*/ print '"; print ''; print '\n"; print ''; print ''; print ''; print ''; // Number diff --git a/htdocs/societe/canvas/actions_card_common.class.php b/htdocs/societe/canvas/actions_card_common.class.php index da7e68d4849..53748c1465a 100644 --- a/htdocs/societe/canvas/actions_card_common.class.php +++ b/htdocs/societe/canvas/actions_card_common.class.php @@ -387,40 +387,40 @@ abstract class ActionsCardCommon // phpcs:enable global $langs, $mysoc; - $this->object->id = $_POST["socid"]; - $this->object->name = $_POST["nom"]; - $this->object->prefix_comm = $_POST["prefix_comm"]; - $this->object->client = $_POST["client"]; - $this->object->code_client = $_POST["code_client"]; - $this->object->fournisseur = $_POST["fournisseur"]; - $this->object->code_fournisseur = $_POST["code_fournisseur"]; - $this->object->address = $_POST["adresse"]; - $this->object->zip = $_POST["zipcode"]; - $this->object->town = $_POST["town"]; - $this->object->country_id = $_POST["country_id"] ? $_POST["country_id"] : $mysoc->country_id; - $this->object->state_id = $_POST["state_id"]; - $this->object->phone = $_POST["tel"]; - $this->object->fax = $_POST["fax"]; - $this->object->email = $_POST["email"]; - $this->object->url = $_POST["url"]; - $this->object->capital = $_POST["capital"]; - $this->object->idprof1 = $_POST["idprof1"]; - $this->object->idprof2 = $_POST["idprof2"]; - $this->object->idprof3 = $_POST["idprof3"]; - $this->object->idprof4 = $_POST["idprof4"]; - $this->object->typent_id = $_POST["typent_id"]; - $this->object->effectif_id = $_POST["effectif_id"]; - $this->object->barcode = $_POST["barcode"]; - $this->object->forme_juridique_code = $_POST["forme_juridique_code"]; - $this->object->default_lang = $_POST["default_lang"]; - $this->object->commercial_id = $_POST["commercial_id"]; + $this->object->id = GETPOST("socid"); + $this->object->name = GETPOST("nom"); + $this->object->prefix_comm = GETPOST("prefix_comm"); + $this->object->client = GETPOST("client"); + $this->object->code_client = GETPOST("code_client"); + $this->object->fournisseur = GETPOST("fournisseur"); + $this->object->code_fournisseur = GETPOST("code_fournisseur"); + $this->object->address = GETPOST("adresse"); + $this->object->zip = GETPOST("zipcode"); + $this->object->town = GETPOST("town"); + $this->object->country_id = GETPOST("country_id") ? GETPOST("country_id") : $mysoc->country_id; + $this->object->state_id = GETPOST("state_id"); + $this->object->phone = GETPOST("tel"); + $this->object->fax = GETPOST("fax"); + $this->object->email = GETPOST("email", 'alphawithlgt'); + $this->object->url = GETPOST("url"); + $this->object->capital = GETPOST("capital"); + $this->object->idprof1 = GETPOST("idprof1"); + $this->object->idprof2 = GETPOST("idprof2"); + $this->object->idprof3 = GETPOST("idprof3"); + $this->object->idprof4 = GETPOST("idprof4"); + $this->object->typent_id = GETPOST("typent_id"); + $this->object->effectif_id = GETPOST("effectif_id"); + $this->object->barcode = GETPOST("barcode"); + $this->object->forme_juridique_code = GETPOST("forme_juridique_code"); + $this->object->default_lang = GETPOST("default_lang"); + $this->object->commercial_id = GETPOST("commercial_id"); - $this->object->tva_assuj = $_POST["assujtva_value"] ? $_POST["assujtva_value"] : 1; - $this->object->tva_intra = $_POST["tva_intra"]; + $this->object->tva_assuj = GETPOST("assujtva_value") ? GETPOST("assujtva_value") : 1; + $this->object->tva_intra = GETPOST("tva_intra"); //Local Taxes - $this->object->localtax1_assuj = $_POST["localtax1assuj_value"]; - $this->object->localtax2_assuj = $_POST["localtax2assuj_value"]; + $this->object->localtax1_assuj = GETPOST("localtax1assuj_value"); + $this->object->localtax2_assuj = GETPOST("localtax2assuj_value"); // We set country_id, and country_code label of the chosen country if ($this->object->country_id) { diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index d42ed635e82..fd4fde95243 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -2067,8 +2067,8 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print ''; // EMail / Web - print ''; - print ''; + print ''; + print ''; print ''; print ''; diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index 8ff860a33bc..47ef99490cb 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -1525,13 +1525,13 @@ while ($i < min($num, $limit)) { } } if (!empty($arrayfields['s.phone']['checked'])) { - print "\n"; + print '\n"; if (!$i) { $totalarray['nbfield']++; } } if (!empty($arrayfields['s.fax']['checked'])) { - print "\n"; + print '\n"; if (!$i) { $totalarray['nbfield']++; } diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index 21bb18dda93..92b43902405 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -505,9 +505,9 @@ if (empty($reshook)) { $object->generateDocument($object->model_pdf, $outputlangs, $hidedetails, $hidedesc, $hideref); } } elseif ($action == "setabsolutediscount" && $usercancreate) { - if ($_POST["remise_id"]) { + if (GETPOST("remise_id", 'int')) { if ($object->id > 0) { - $result = $object->insert_discount($_POST["remise_id"]); + $result = $object->insert_discount(GETPOST("remise_id", 'int')); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); } diff --git a/htdocs/supplier_proposal/contact.php b/htdocs/supplier_proposal/contact.php index 527ba87cb3e..d106ce0506f 100644 --- a/htdocs/supplier_proposal/contact.php +++ b/htdocs/supplier_proposal/contact.php @@ -58,7 +58,7 @@ if ($action == 'addcontact' && $permissiontoedit) { if ($result > 0 && $id > 0) { $contactid = (GETPOST('userid') ? GETPOST('userid') : GETPOST('contactid')); - $result = $object->add_contact($contactid, $_POST["type"], $_POST["source"]); + $result = $object->add_contact($contactid, GETPOST("type"), GETPOST("source")); } if ($result >= 0) { diff --git a/htdocs/takepos/admin/other.php b/htdocs/takepos/admin/other.php index 7d0ce8897e3..f933472a443 100644 --- a/htdocs/takepos/admin/other.php +++ b/htdocs/takepos/admin/other.php @@ -63,9 +63,6 @@ if ($resql) { if (GETPOST('action', 'alpha') == 'set') { $db->begin(); - if (GETPOST('socid', 'int') < 0) { - $_POST["socid"] = ''; - } $res = dolibarr_set_const($db, "CASHDESK_SERVICES", GETPOST('CASHDESK_SERVICES', 'alpha'), 'chaine', 0, '', $conf->entity); $res = dolibarr_set_const($db, "TAKEPOS_ROOT_CATEGORY_ID", GETPOST('TAKEPOS_ROOT_CATEGORY_ID', 'alpha'), 'chaine', 0, '', $conf->entity); diff --git a/htdocs/takepos/admin/setup.php b/htdocs/takepos/admin/setup.php index 67bc8edcdf3..0364ff4e64f 100644 --- a/htdocs/takepos/admin/setup.php +++ b/htdocs/takepos/admin/setup.php @@ -70,9 +70,6 @@ $error = 0; if ($action == 'set') { $db->begin(); - if (GETPOST('socid', 'int') < 0) { - $_POST["socid"] = ''; - } $res = dolibarr_set_const($db, "TAKEPOS_ROOT_CATEGORY_ID", GETPOST('TAKEPOS_ROOT_CATEGORY_ID', 'alpha'), 'chaine', 0, '', $conf->entity); $res = dolibarr_set_const($db, "TAKEPOS_SUPPLEMENTS_CATEGORY", GETPOST('TAKEPOS_SUPPLEMENTS_CATEGORY', 'alpha'), 'chaine', 0, '', $conf->entity); diff --git a/htdocs/takepos/admin/terminal.php b/htdocs/takepos/admin/terminal.php index 3e5bb4ccc46..52f451ae163 100644 --- a/htdocs/takepos/admin/terminal.php +++ b/htdocs/takepos/admin/terminal.php @@ -67,9 +67,6 @@ $terminaltouse = $terminal; if (GETPOST('action', 'alpha') == 'set') { $db->begin(); - if (GETPOST('socid', 'int') < 0) { - $_POST["socid"] = ''; - } $res = dolibarr_set_const($db, "CASHDESK_ID_THIRDPARTY".$terminaltouse, (GETPOST('socid', 'int') > 0 ? GETPOST('socid', 'int') : ''), 'chaine', 0, '', $conf->entity); diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index fee496c4fab..f14c7bba87f 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -364,6 +364,9 @@ td.rightborder { border-right: 1px solid #ccc; } +td.amount { + color: #006666; +} td.actionbuttons a { padding-left: 6px; } @@ -1088,6 +1091,18 @@ select.flat.selectlimit { text-overflow: ellipsis; white-space: nowrap; } +.tdoverflowmax400 { /* For tdoverflow, the max-midth become a minimum ! */ + max-width: 400px; + overflow: hidden; + text-overflow: ellipsis; + white-space: nowrap; +} +.tdoverflowmax500 { /* For tdoverflow, the max-midth become a minimum ! */ + max-width: 500px; + overflow: hidden; + text-overflow: ellipsis; + white-space: nowrap; +} .tdoverflowauto { max-width: 0; overflow: auto; diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index ab4f29eb945..40e2dd38df0 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -555,6 +555,9 @@ td.rightborder { border-right: 1px solid #ccc; } +td.amount { + color: #006666; +} td.actionbuttons a { padding-left: 6px; } @@ -1159,6 +1162,18 @@ select.flat.selectlimit { text-overflow: ellipsis; white-space: nowrap; } +.tdoverflowmax400 { /* For tdoverflow, the max-midth become a minimum ! */ + max-width: 400px; + overflow: hidden; + text-overflow: ellipsis; + white-space: nowrap; +} +.tdoverflowmax500 { /* For tdoverflow, the max-midth become a minimum ! */ + max-width: 500px; + overflow: hidden; + text-overflow: ellipsis; + white-space: nowrap; +} .tdoverflowauto { max-width: 0; overflow: auto; @@ -2437,6 +2452,7 @@ div.mainmenu.website { // End of part to add more div class css } // End test if $dol_hide_topmenu ?> + .tmenuimage { padding:0 0 0 0 !important; margin:0 0px 0 0 !important; @@ -2449,6 +2465,9 @@ div.mainmenu.website { display: none; } +a.tmenuimage:hover { + text-decoration: none; +} a.tmenuimage { display: block; } diff --git a/htdocs/ticket/card.php b/htdocs/ticket/card.php index 8741fdc6b66..98bcccd4ca1 100644 --- a/htdocs/ticket/card.php +++ b/htdocs/ticket/card.php @@ -692,7 +692,7 @@ if ($action == 'create' || $action == 'presend') { $formticket->param = array('origin' => GETPOST('origin'), 'originid' => GETPOST('originid')); $formticket->showForm(1, 'create', 0); -} elseif ($action == 'edit' && $user->rights->ticket->write && $object->fk_statut < Ticket::STATUS_CLOSED) { + /*} elseif ($action == 'edit' && $user->rights->ticket->write && $object->fk_statut < Ticket::STATUS_CLOSED) { $formticket = new FormTicket($db); $head = ticket_prepare_head($object); @@ -709,22 +709,22 @@ if ($action == 'create' || $action == 'presend') { // Type print ''; // Severity print ''; // Group print ''; // Subject print ''; // Other attributes @@ -746,7 +746,7 @@ if ($action == 'create' || $action == 'presend') { print ''; print ''; - print ''; + print ''; */ } elseif (empty($action) || $action == 'view' || $action == 'addlink' || $action == 'dellink' || $action == 'presend' || $action == 'presend_addmessage' || $action == 'close' || $action == 'delete' || $action == 'editcustomer' || $action == 'progression' || $action == 'reopen' || $action == 'editsubject' || $action == 'edit_extras' || $action == 'update_extras' || $action == 'edit_extrafields' || $action == 'set_extrafields' || $action == 'classify' || $action == 'sel_contract' || $action == 'edit_message_init' || $action == 'set_status' || $action == 'dellink') { if ($res > 0) { @@ -1282,9 +1282,11 @@ if ($action == 'create' || $action == 'presend') { print '
'.$langs->trans('TicketAddIntervention').'
'; } + /* This is useless. We can already modify each field individually if ($user->rights->ticket->write && $object->fk_statut < Ticket::STATUS_CLOSED) { print '
'.$langs->trans('Modify').'
'; } + */ // Close ticket if statut is read if ($object->fk_statut > 0 && $object->fk_statut < Ticket::STATUS_CLOSED && $user->rights->ticket->write) { diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index 4137680b0f7..0c726db3f62 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -608,30 +608,50 @@ if ($optioncss != '') { } // Add $param from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php'; -if ($socid) { +if ($socid > 0) { $param .= '&socid='.urlencode($socid); } -if ($projectid) { +if ($search_societe) { + $param .= '&search_societe='.urlencode($search_societe); +} +if ($projectid > 0) { $param .= '&projectid='.urlencode($projectid); } - if ($search_date_start) { - $param .= '&search_date_start='.urlencode($search_date_start); + $tmparray = dol_getdate($search_date_start); + $param .= '&search_date_startday='.urlencode($tmparray['mday']); + $param .= '&search_date_startmonth='.urlencode($tmparray['mon']); + $param .= '&search_date_startyear='.urlencode($tmparray['year']); } if ($search_date_end) { - $param .= '&search_date_end='.urlencode($search_date_end); + $tmparray = dol_getdate($search_date_end); + $param .= '&search_date_endday='.urlencode($tmparray['mday']); + $param .= '&search_date_endmonth='.urlencode($tmparray['mon']); + $param .= '&search_date_endyear='.urlencode($tmparray['year']); } if ($search_dateread_start) { - $param .= '&search_dateread_start='.urlencode($search_dateread_start); + $tmparray = dol_getdate($search_dateread_start); + $param .= '&search_dateread_startday='.urlencode($tmparray['mday']); + $param .= '&search_dateread_startmonth='.urlencode($tmparray['mon']); + $param .= '&search_dateread_startyear='.urlencode($tmparray['year']); } if ($search_dateread_end) { - $param .= '&search_dateread_end='.urlencode($search_dateread_end); + $tmparray = dol_getdate($search_dateread_end); + $param .= '&search_dateread_endday='.urlencode($tmparray['mday']); + $param .= '&search_dateread_endmonth='.urlencode($tmparray['mon']); + $param .= '&search_dateread_endyear='.urlencode($tmparray['year']); } if ($search_dateclose_start) { - $param .= '&search_dateclose_start='.urlencode($search_dateclose_start); + $tmparray = dol_getdate($search_dateclose_start); + $param .= '&search_dateclose_startday='.urlencode($tmparray['mday']); + $param .= '&search_dateclose_startmonth='.urlencode($tmparray['mon']); + $param .= '&search_dateclose_startyear='.urlencode($tmparray['year']); } if ($search_dateclose_end) { - $param .= '&search_dateclose_end='.urlencode($search_dateclose_end); + $tmparray = dol_getdate($search_dateclose_end); + $param .= '&search_date_endday='.urlencode($tmparray['mday']); + $param .= '&search_date_endmonth='.urlencode($tmparray['mon']); + $param .= '&search_date_endyear='.urlencode($tmparray['year']); } // List of mass actions available diff --git a/htdocs/user/card.php b/htdocs/user/card.php index cfc63a01411..f530fbc24dc 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -199,12 +199,12 @@ if (empty($reshook)) { if ($action == 'add' && $canadduser) { $error = 0; - if (!$_POST["lastname"]) { + if (!GETPOST("lastname")) { $error++; setEventMessages($langs->trans("NameNotDefined"), null, 'errors'); $action = "create"; // Go back to create page } - if (!$_POST["login"]) { + if (!GETPOST("login")) { $error++; setEventMessages($langs->trans("LoginNotDefined"), null, 'errors'); $action = "create"; // Go back to create page @@ -441,7 +441,7 @@ if (empty($reshook)) { $object->lang = GETPOST('default_lang', 'aZ09'); if (!empty($conf->multicompany->enabled)) { - if (!empty($_POST["superadmin"])) { + if (GETPOST("superadmin")) { $object->entity = 0; } elseif (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { $object->entity = 1; // all users in master entity @@ -1963,7 +1963,7 @@ if ($action == 'create' || $action == 'adduserldap') { // Ref/ID if (!empty($conf->global->MAIN_SHOW_TECHNICAL_ID)) { - print ''; + print ''; print ''; @@ -1971,13 +1971,13 @@ if ($action == 'create' || $action == 'adduserldap') { } // Civility - print ''; // Lastname print ""; - print ''; + print ''; print '
'.$langs->trans("RemainderToPay").''.price($total-$sumpaid,0,$outputlangs,1,-1,-1,$conf->currency).'
'.$langs->trans("Date").''; - $datepaye = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]); - $datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (empty($_POST["remonth"]) ?-1 : $datepaye) : ''; + $datepaye = dol_mktime(12, 0, 0, GETPOST("remonth", 'int'), GETPOST("reday", 'int'), GETPOST("reyear", 'int')); + $datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (GETPOST("remonth") ? $datepaye : -1) : ''; print $form->selectDate($datepayment, '', '', '', '', "add_payment", 1, 1); print "
'.$langs->trans("PaymentMode").''; - $form->select_types_paiements(isset($_POST["paiementtype"]) ? $_POST["paiementtype"] : $salary->type_payment, "paiementtype"); + $form->select_types_paiements(GETPOSTISSET("paiementtype") ? GETPOST("paiementtype") : $salary->type_payment, "paiementtype"); print "
'.$langs->trans('AccountToDebit').''; - $form->select_comptes(isset($_POST["accountid"]) ? $_POST["accountid"] : $salary->accountid, "accountid", 0, '', 1); // Show opend bank account list + $form->select_comptes(GETPOSTISSET("accountid") ? GETPOST("accountid", 'int') : $salary->accountid, "accountid", 0, '', 1); // Show opend bank account list print '
'.img_picto('', 'object_phoning_fax').'
'.$form->editfieldkey('EMail', 'email', GETPOST('email', 'alpha'), $object, 0, 'string', '', (!empty($conf->global->SOCIETE_EMAIL_MANDATORY))).''.img_picto('', 'object_email').'
'.$form->editfieldkey('EMail', 'email', GETPOST('email', 'custom', 0, FILTER_SANITIZE_EMAIL), $object, 0, 'string', '', (!empty($conf->global->SOCIETE_EMAIL_MANDATORY))).''.img_picto('', 'object_email').'
'.$form->editfieldkey('Web', 'url', GETPOST('url', 'alpha'), $object, 0).''.img_picto('', 'globe').'
".dol_print_phone($obj->phone, $obj->country_code, 0, $obj->rowid, 'AC_TEL', ' ', 'phone')."'.dol_print_phone($obj->phone, $obj->country_code, 0, $obj->rowid, 'AC_TEL', ' ', 'phone')."".dol_print_phone($obj->fax, $obj->country_code, 0, $obj->rowid, 'AC_TEL', ' ', 'fax')."'.dol_print_phone($obj->fax, $obj->country_code, 0, $obj->rowid, 'AC_TEL', ' ', 'fax')."
'; - $formticket->selectTypesTickets((GETPOST('type_code') ? GETPOST('type_code') : $object->type_code), 'type_code', '', '2'); + $formticket->selectTypesTickets((GETPOSTISSET('type_code') ? GETPOST('type_code') : $object->type_code), 'type_code', '', '2'); print '
'; - $formticket->selectSeveritiesTickets((GETPOST('severity_code') ? GETPOST('severity_code') : $object->severity_code), 'severity_code', '', '2'); + $formticket->selectSeveritiesTickets((GETPOSTISSET('severity_code') ? GETPOST('severity_code') : $object->severity_code), 'severity_code', '', '2'); print '
'; - $formticket->selectGroupTickets((GETPOST('category_code') ? GETPOST('category_code') : $object->category_code), 'category_code', '', '2'); + $formticket->selectGroupTickets((GETPOSTISSET('category_code') ? GETPOST('category_code') : $object->category_code), 'category_code', '', '2'); print '
'; - print ''; + print ''; print '
'.$langs->trans("Ref").'
'.$langs->trans("Ref").''; print $object->id; print '
'; + print '
'; print $formcompany->select_civility(GETPOSTISSET("civility_code") ? GETPOST("civility_code", 'aZ09') : $object->civility_code, 'civility_code'); print '
'.$langs->trans("Lastname").''.$langs->trans("Lastname").''; if ($caneditfield && !$object->ldap_sid) { print ''; diff --git a/htdocs/user/group/card.php b/htdocs/user/group/card.php index 0d6d413ba0f..33921544b45 100644 --- a/htdocs/user/group/card.php +++ b/htdocs/user/group/card.php @@ -138,7 +138,7 @@ if (empty($reshook)) { if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { $object->entity = 0; } else { - $object->entity = $_POST["entity"]; + $object->entity = GETPOST("entity"); } $db->begin(); @@ -214,7 +214,7 @@ if (empty($reshook)) { if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { $object->entity = 0; } else { - $object->entity = $_POST["entity"]; + $object->entity = GETPOST("entity"); } $ret = $object->update(); diff --git a/htdocs/user/note.php b/htdocs/user/note.php index e0c23842347..1a375343e05 100644 --- a/htdocs/user/note.php +++ b/htdocs/user/note.php @@ -67,7 +67,7 @@ if ($reshook < 0) { } if (empty($reshook)) { - if ($action == 'update' && $user->rights->user->user->creer && !$_POST["cancel"]) { + if ($action == 'update' && $user->rights->user->user->creer && !GETPOST("cancel")) { $db->begin(); $res = $object->update_note(dol_html_entity_decode(GETPOST('note_private', 'restricthtml'), ENT_QUOTES | ENT_HTML5)); diff --git a/htdocs/user/param_ihm.php b/htdocs/user/param_ihm.php index 228066b7051..2856f787b52 100644 --- a/htdocs/user/param_ihm.php +++ b/htdocs/user/param_ihm.php @@ -90,7 +90,7 @@ if ($reshook < 0) { if (empty($reshook)) { if ($action == 'update' && ($caneditfield || !empty($user->admin))) { - if (!$_POST["cancel"]) { + if (!GETPOST("cancel")) { $tabparam = array(); if (GETPOST("check_MAIN_LANDING_PAGE") == "on") { diff --git a/htdocs/workstation/workstation_card.php b/htdocs/workstation/workstation_card.php index 61686423d4c..b64f15e1f76 100755 --- a/htdocs/workstation/workstation_card.php +++ b/htdocs/workstation/workstation_card.php @@ -208,9 +208,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print ''."\n"; // Common attributes diff --git a/htdocs/zapier/admin/index.html b/htdocs/zapier/admin/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/zapier/admin/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/zapier/class/index.html b/htdocs/zapier/class/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/zapier/class/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/zapier/index.html b/htdocs/zapier/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/zapier/index.html @@ -0,0 +1 @@ + diff --git a/htdocs/zapier/lib/index.html b/htdocs/zapier/lib/index.html new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/htdocs/zapier/lib/index.html @@ -0,0 +1 @@ +