lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'uptream/develop' into 6.0-fec3

Browse Source
This commit is contained in:
Alexandre SPANGARO 2017-06-18 22:15:36 +02:00
commit a4de12dd8d
104 changed files with 952 additions and 519 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
ChangeLog
View File

@ -31,6 +31,23 @@ Following changes may create regression for some external modules, but were nece
content by doing a print into function, sometimes by returning content into "resprint". This has been fixed to follow
hook specifications so you must return output into "resprint".
***** ChangeLog for 5.0.4 compared to 5.0.3 *****
FIX: #6880
FIX: #6925
FIX: #6926
FIX: Can set supplier invoice to billed.
FIX: Can't create invoice if PO disapproved
FIX: contratligne update
FIX: CVE-2017-7886
FIX: default param
FIX: Line of invoices not inserted when using POS module and VAT NPR.
FIX: origin & originid on supplierproposal
FIX: Redirect to payment page from member subscription page failed if a unique security key was defined.
FIX: REST api to get project when user has permission to read all.
FIX: situation_progress param default value must be 100 and not 0
FIX: SQL injection on user/index.php parameter search_statut.
FIX: Warnings
***** ChangeLog for 5.0.3 compared to 5.0.2 *****
FIX: #6677 Expired contracts dashboard box does not show the name of the thirdparty
FIX: #6813

37
htdocs/accountancy/admin/accountmodel.php
View File

@ -54,6 +54,7 @@ $action=GETPOST('action','alpha')?GETPOST('action','alpha'):'view';
$confirm=GETPOST('confirm','alpha');
$id=GETPOST('id','int');
$rowid=GETPOST('rowid','alpha');
$code=GETPOST('code','alpha');
$acts[0] = "activate";
$acts[1] = "disable";
@ -225,7 +226,7 @@ if ($id == 25)
if (GETPOST('button_removefilter') || GETPOST('button_removefilter.x') || GETPOST('button_removefilter_x'))
{
$search_country_id = '';
$search_country_id = '';
}
// Actions add or modify an entry into a dictionary
@ -459,8 +460,8 @@ if ($action == $acts[0])
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol."='".$rowid."'";
}
elseif ($_GET["code"]) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code='".$_GET["code"]."'";
elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code='".$code."'";
}
$result = $db->query($sql);
@ -479,8 +480,8 @@ if ($action == $acts[1])
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol."='".$rowid."'";
}
elseif ($_GET["code"]) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code='".$_GET["code"]."'";
elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code='".$code."'";
}
$result = $db->query($sql);
@ -499,8 +500,8 @@ if ($action == 'activate_favorite')
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE ".$rowidcol."='".$rowid."'";
}
elseif ($_GET["code"]) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE code='".$_GET["code"]."'";
elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE code='".$code."'";
}
$result = $db->query($sql);
@ -519,8 +520,8 @@ if ($action == 'disable_favorite')
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE ".$rowidcol."='".$rowid."'";
}
elseif ($_GET["code"]) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE code='".$_GET["code"]."'";
elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE code='".$code."'";
}
$result = $db->query($sql);
@ -556,7 +557,7 @@ print "<br>\n";
// Confirmation de la suppression de la ligne
if ($action == 'delete')
{
print $form->formconfirm($_SERVER["PHP_SELF"].'?'.($page?'page='.$page.'&':'').'sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.$rowid.'&code='.$_GET["code"].'&id='.$id, $langs->trans('DeleteLine'), $langs->trans('ConfirmDeleteLine'), 'confirm_delete','',0,1);
print $form->formconfirm($_SERVER["PHP_SELF"].'?'.($page?'page='.$page.'&':'').'sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.$rowid.'&code='.$code.'&id='.$id, $langs->trans('DeleteLine'), $langs->trans('ConfirmDeleteLine'), 'confirm_delete','',0,1);
}
//var_dump($elementList);
@ -574,7 +575,7 @@ if ($id)
else $sql.=" WHERE ";
$sql.= " c.rowid = ".$search_country_id;
}
if ($sortfield)
{
// If sort order is "country", we use country_code instead
@ -600,7 +601,7 @@ if ($id)
print '<form action="'.$_SERVER['PHP_SELF'].'?id='.$id.'" method="POST">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<table class="noborder" width="100%">';
// Form to add a new line
@ -773,7 +774,7 @@ if ($id)
$paramwithsearch = $param;
if ($sortorder) $paramwithsearch.= '&sortorder='.$sortorder;
if ($sortfield) $paramwithsearch.= '&sortfield='.$sortfield;
// There is several pages
if ($num > $listlimit)
{
@ -865,9 +866,9 @@ if ($id)
foreach ($fieldlist as $field => $value)
{
$showfield=1; // By defaut
if ($fieldlist[$field]=='region_id' || $fieldlist[$field]=='country_id') { $showfield=0; }
if ($showfield)
{
if ($value == 'country')
@ -889,7 +890,7 @@ if ($id)
print $searchpicto;
print '</td>';
print '</tr>';
if ($num)
{
// Lines with values
@ -927,7 +928,7 @@ if ($id)
{
foreach ($fieldlist as $field => $value)
{
$showfield=1;
$align="left";
$valuetoshow=$obj->{$fieldlist[$field]};
@ -1169,7 +1170,7 @@ else
$showemptyline=0;
}
$value=$tabname[$i];
print '<tr class="oddeven"><td width="50%">';
if (! empty($tabcond[$i]))

19
htdocs/accountancy/admin/categories_list.php
View File

@ -54,6 +54,7 @@ $action=GETPOST('action','alpha')?GETPOST('action','alpha'):'view';
$confirm=GETPOST('confirm','alpha');
$id=GETPOST('id','int');
$rowid=GETPOST('rowid','alpha');
$code=GETPOST('code','alpha');
// Security access
if (! empty($user->rights->accountancy->chartofaccount))
@ -370,8 +371,8 @@ if ($action == $acts[0])
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol."='".$rowid."'";
}
elseif ($_GET["code"]) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code='".$_GET["code"]."'";
elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code='".$code."'";
}
$result = $db->query($sql);
@ -390,8 +391,8 @@ if ($action == $acts[1])
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol."='".$rowid."'";
}
elseif ($_GET["code"]) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code='".$_GET["code"]."'";
elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code='".$code."'";
}
$result = $db->query($sql);
@ -410,8 +411,8 @@ if ($action == 'activate_favorite')
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE ".$rowidcol."='".$rowid."'";
}
elseif ($_GET["code"]) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE code='".$_GET["code"]."'";
elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE code='".$code."'";
}
$result = $db->query($sql);
@ -430,8 +431,8 @@ if ($action == 'disable_favorite')
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE ".$rowidcol."='".$rowid."'";
}
elseif ($_GET["code"]) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE code='".$_GET["code"]."'";
elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE code='".$code."'";
}
$result = $db->query($sql);
@ -461,7 +462,7 @@ print load_fiche_titre($titre,$linkback,$titlepicto);
// Confirmation de la suppression de la ligne
if ($action == 'delete')
{
print $form->formconfirm($_SERVER["PHP_SELF"].'?'.($page?'page='.$page.'&':'').'sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.$rowid.'&code='.$_GET["code"].'&id='.$id, $langs->trans('DeleteLine'), $langs->trans('ConfirmDeleteLine'), 'confirm_delete','',0,1);
print $form->formconfirm($_SERVER["PHP_SELF"].'?'.($page?'page='.$page.'&':'').'sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.$rowid.'&code='.$code.'&id='.$id, $langs->trans('DeleteLine'), $langs->trans('ConfirmDeleteLine'), 'confirm_delete','',0,1);
}
//var_dump($elementList);

11
htdocs/accountancy/admin/journals_list.php
View File

@ -38,6 +38,7 @@ $action=GETPOST('action','alpha')?GETPOST('action','alpha'):'view';
$confirm=GETPOST('confirm','alpha');
$id=GETPOST('id','int');
$rowid=GETPOST('rowid','alpha');
$code=GETPOST('code','alpha');
// Security access
if (! empty($user->rights->accountancy->chartofaccount))
@ -321,8 +322,8 @@ if ($action == $acts[0])
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol."='".$rowid."'";
}
elseif ($_GET["code"]) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code='".$_GET["code"]."'";
elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code='".$code."'";
}
$result = $db->query($sql);
@ -341,8 +342,8 @@ if ($action == $acts[1])
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol."='".$rowid."'";
}
elseif ($_GET["code"]) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code='".$_GET["code"]."'";
elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code='".$code."'";
}
$result = $db->query($sql);
@ -375,7 +376,7 @@ print load_fiche_titre($titre,$linkback,$titlepicto);
// Confirmation de la suppression de la ligne
if ($action == 'delete')
{
print $form->formconfirm($_SERVER["PHP_SELF"].'?'.($page?'page='.$page.'&':'').'sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.$rowid.'&code='.$_GET["code"].'&id='.$id, $langs->trans('DeleteLine'), $langs->trans('ConfirmDeleteLine'), 'confirm_delete','',0,1);
print $form->formconfirm($_SERVER["PHP_SELF"].'?'.($page?'page='.$page.'&':'').'sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.$rowid.'&code='.$code.'&id='.$id, $langs->trans('DeleteLine'), $langs->trans('ConfirmDeleteLine'), 'confirm_delete','',0,1);
}
//var_dump($elementList);

6
htdocs/admin/defaultvalues.php
View File

@ -1,5 +1,6 @@
<?php
/* Copyright (C) 2017 Laurent Destailleur <eldy@users.sourceforge.net>
/* Copyright (C) 2017 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2017 Regis Houssin <regis.houssin@capnetworks.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -60,6 +61,9 @@ $urlpage = GETPOST('urlpage');
$key = GETPOST('key');
$value = GETPOST('value');
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('admindefaultvalues','globaladmin'));
/*
* Actions

19
htdocs/admin/dict.php
View File

@ -54,6 +54,7 @@ $action=GETPOST('action','alpha')?GETPOST('action','alpha'):'view';
$confirm=GETPOST('confirm','alpha');
$id=GETPOST('id','int');
$rowid=GETPOST('rowid','alpha');
$code=GETPOST('code','alpha');
$allowed=$user->admin;
if ($id == 7 && ! empty($user->rights->accounting->chartofaccount)) $allowed=1; // Tax page allowed to manager of chart account
@ -816,8 +817,8 @@ if ($action == $acts[0])
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol."='".$rowid."'";
}
elseif ($_GET["code"]) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code='".dol_escape_htmltag($_GET["code"])."'";
elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code='".dol_escape_htmltag($code)."'";
}
$result = $db->query($sql);
@ -836,8 +837,8 @@ if ($action == $acts[1])
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol."='".$rowid."'";
}
elseif ($_GET["code"]) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code='".dol_escape_htmltag($_GET["code"])."'";
elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code='".dol_escape_htmltag($code)."'";
}
$result = $db->query($sql);
@ -856,8 +857,8 @@ if ($action == 'activate_favorite')
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE ".$rowidcol."='".$rowid."'";
}
elseif ($_GET["code"]) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE code='".dol_escape_htmltag($_GET["code"])."'";
elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE code='".dol_escape_htmltag($code)."'";
}
$result = $db->query($sql);
@ -876,8 +877,8 @@ if ($action == 'disable_favorite')
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE ".$rowidcol."='".$rowid."'";
}
elseif ($_GET["code"]) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE code='".dol_escape_htmltag($_GET["code"])."'";
elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE code='".dol_escape_htmltag($code)."'";
}
$result = $db->query($sql);
@ -938,7 +939,7 @@ if (GETPOST('from')) $paramwithsearch.= '&from='.GETPOST('from','alpha');
// Confirmation de la suppression de la ligne
if ($action == 'delete')
{
print $form->formconfirm($_SERVER["PHP_SELF"].'?'.($page?'page='.$page.'&':'').'rowid='.$rowid.'&code='.urlencode($_GET["code"]).$paramwithsearch, $langs->trans('DeleteLine'), $langs->trans('ConfirmDeleteLine'), 'confirm_delete','',0,1);
print $form->formconfirm($_SERVER["PHP_SELF"].'?'.($page?'page='.$page.'&':'').'rowid='.$rowid.'&code='.urlencode($code).$paramwithsearch, $langs->trans('DeleteLine'), $langs->trans('ConfirmDeleteLine'), 'confirm_delete','',0,1);
}
//var_dump($elementList);

6
htdocs/admin/index.php
View File

@ -70,13 +70,13 @@ if (! empty($conf->global->MAIN_MOTD_SETUPPAGE))
print $langs->trans("SetupDescription1").' ';
print $langs->trans("AreaForAdminOnly").' ';
print $langs->trans("SetupDescription2")."<br><br>";
print $langs->trans("SetupDescription2", $langs->trans("MenuCompanySetup"), $langs->trans("Modules"))."<br><br>";
print '<br>';
// Show info setup company
if (empty($conf->global->MAIN_INFO_SOCIETE_NOM) || empty($conf->global->MAIN_INFO_SOCIETE_COUNTRY)) $setupcompanynotcomplete=1;
print img_picto('','puce').' '.$langs->trans("SetupDescription3",DOL_URL_ROOT.'/admin/company.php?mainmenu=home'.(empty($setupcompanynotcomplete)?'':'&action=edit'));
print img_picto('','puce').' '.$langs->trans("SetupDescription3", DOL_URL_ROOT.'/admin/company.php?mainmenu=home'.(empty($setupcompanynotcomplete)?'':'&action=edit'), $langs->trans("Setup"), $langs->trans("MenuCompanySetup"));
if (! empty($setupcompanynotcomplete))
{
$langs->load("errors");
@ -88,7 +88,7 @@ print '<br>';
print '<br>';
// Show info setup module
print img_picto('','puce').' '.$langs->trans("SetupDescription4",DOL_URL_ROOT.'/admin/modules.php?mainmenu=home');
print img_picto('','puce').' '.$langs->trans("SetupDescription4", DOL_URL_ROOT.'/admin/modules.php?mainmenu=home', $langs->trans("Setup"), $langs->trans("Modules"));
if (count($conf->modules) <= (empty($conf->global->MAIN_MIN_NB_ENABLED_MODULE_FOR_WARNING)?1:$conf->global->MAIN_MIN_NB_ENABLED_MODULE_FOR_WARNING)) // If only user module enabled
{
$langs->load("errors");

10
htdocs/admin/mails_templates.php
View File

@ -346,8 +346,8 @@ if ($action == $acts[0])
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol."='".$rowid."'";
}
elseif ($_GET["code"]) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code='".$_GET["code"]."'";
elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code='".$code."'";
}
$result = $db->query($sql);
@ -366,8 +366,8 @@ if ($action == $acts[1])
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol."='".$rowid."'";
}
elseif ($_GET["code"]) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code='".$_GET["code"]."'";
elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code='".$code."'";
}
$result = $db->query($sql);
@ -412,7 +412,7 @@ dol_fiche_head($head, 'templates', '', -1);
// Confirmation de la suppression de la ligne
if ($action == 'delete')
{
print $form->formconfirm($_SERVER["PHP_SELF"].'?'.($page?'page='.$page.'&':'').'sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.$rowid.'&code='.$_GET["code"].'&id='.$id, $langs->trans('DeleteLine'), $langs->trans('ConfirmDeleteLine'), 'confirm_delete','',0,1);
print $form->formconfirm($_SERVER["PHP_SELF"].'?'.($page?'page='.$page.'&':'').'sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.$rowid.'&code='.$code.'&id='.$id, $langs->trans('DeleteLine'), $langs->trans('ConfirmDeleteLine'), 'confirm_delete','',0,1);
}
//var_dump($elementList);

44
htdocs/admin/modules.php
View File

@ -1,12 +1,12 @@
<?php
/* Copyright (C) 2003-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2003 Jean-Louis Bergamo <jlb@j1b.org>
* Copyright (C) 2004-2017 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004 Eric Seigne <eric.seigne@ryxeo.com>
* Copyright (C) 2005-2012 Regis Houssin <regis.houssin@capnetworks.com>
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
* Copyright (C) 2015 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
/* Copyright (C) 2003-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2003 Jean-Louis Bergamo <jlb@j1b.org>
* Copyright (C) 2004-2017 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004 Eric Seigne <eric.seigne@ryxeo.com>
* Copyright (C) 2005-2017 Regis Houssin <regis.houssin@capnetworks.com>
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
* Copyright (C) 2015 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -75,12 +75,19 @@ if ($search_version) $param.='&search_version='.urlencode($search_version);
$dirins=DOL_DOCUMENT_ROOT.'/custom';
$urldolibarrmodules='https://www.dolistore.com/';
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('adminmodules','globaladmin'));
/*
* Actions
*/
if (GETPOST('buttonreset'))
$parameters=array();
$reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks
if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
if (GETPOST('buttonreset','alpha'))
{
$search_keyword='';
$search_status='';
@ -204,7 +211,7 @@ if ($action == 'set' && $user->admin)
setEventMessages($msg, null, 'warnings');
}
}
header("Location: modules.php?mode=".$mode.$param.($page_y?'&page_y='.$page_y:''));
header("Location: ".$_SERVER["PHP_SELF"]."?mode=".$mode.$param.($page_y?'&page_y='.$page_y:''));
exit;
}
@ -212,7 +219,7 @@ if ($action == 'reset' && $user->admin)
{
$result=unActivateModule($value);
if ($result) setEventMessages($result, null, 'errors');
header("Location: modules.php?mode=".$mode.$param.($page_y?'&page_y='.$page_y:''));
header("Location: ".$_SERVER["PHP_SELF"]."?mode=".$mode.$param.($page_y?'&page_y='.$page_y:''));
exit;
}
@ -476,10 +483,13 @@ if ($mode == 'common')
print $hookmanager->resPrint;
}
$moreforfilter='';
print '<div class="clearboth"></div><br>';
$moreforfilter='';
$parameters=array();
$reshook=$hookmanager->executeHooks('insertExtraHeader',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks
if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
// Show list of modules
@ -659,7 +669,7 @@ if ($mode == 'common')
}
else
{
print '<a class="reposition" href="modules.php?id='.$objMod->numero.'&amp;module_position='.$module_position.'&amp;action=reset&amp;value=' . $modName . '&amp;mode=' . $mode . $param . '">';
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$objMod->numero.'&amp;module_position='.$module_position.'&amp;action=reset&amp;value=' . $modName . '&amp;mode=' . $mode . $param . '">';
print img_picto($langs->trans("Activated"),'switch_on');
print '</a>';
}
@ -738,20 +748,24 @@ if ($mode == 'common')
print '<!-- This module is an external module and it may have a warning to show (note: your country is '.$mysoc->country_code.') -->'."\n";
foreach ($arrayofwarningsext as $keymodule => $arrayofwarningsextbycountry)
{
if (! empty($modules[$keymodule]->const_name)) // If module that request warning is on
$keymodulelowercase=strtolower(preg_replace('/^mod/','',$keymodule));
if (in_array($keymodulelowercase, $conf->modules)) // If module that request warning is on
{
foreach ($arrayofwarningsextbycountry as $keycountry => $cursorwarningmessage)
{
if ($keycountry == 'always' || $keycountry == $mysoc->country_code)
{
$warningmessage .= ($warningmessage?"\n":"").$langs->trans($cursorwarningmessage, $objMod->getName(), $mysoc->country_code, $modules[$keymodule]->getName());
$warningmessage .= ($warningmessage?"\n":"").($warningmessage?"\n":"").$langs->trans("Module").' : '.$objMod->getName();
if (! empty($objMod->editor_name)) $warningmessage .= ($warningmessage?"\n":"").$langs->trans("Publisher").' : '.$objMod->editor_name;
if (! empty($objMod->editor_name)) $warningmessage .= ($warningmessage?"\n":"").$langs->trans("ModuleTriggeringThisWarning").' : '.$modules[$keymodule]->getName();
}
}
}
}
}
print '<!-- Message to show: '.$warningmessage.' -->'."\n";
print '<a class="reposition" href="modules.php?id='.$objMod->numero.'&amp;module_position='.$module_position.'&amp;action=set&amp;value=' . $modName . '&amp;mode=' . $mode . $param . '"';
print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$objMod->numero.'&amp;module_position='.$module_position.'&amp;action=set&amp;value=' . $modName . '&amp;mode=' . $mode . $param . '"';
if ($warningmessage) print ' onclick="return confirm(\''.dol_escape_js($warningmessage).'\');"';
print '>';
print img_picto($langs->trans("Disabled"),'switch_off');

2
htdocs/admin/tools/index.php
View File

@ -38,7 +38,7 @@ if (! $user->admin)
$form = new Form($db);
$title=$langs->trans("AdminTools");
//if (GETPOST('leftmenu') == 'admintools') $title=$langs->trans("ModulesSystemTools");
//if (GETPOST('leftmenu',"aZ09") == 'admintools') $title=$langs->trans("ModulesSystemTools");
llxHeader('', $title);

7
htdocs/admin/translation.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2007-2016 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2009 Regis Houssin <regis.houssin@capnetworks.com>
/* Copyright (C) 2007-2016 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2009-2017 Regis Houssin <regis.houssin@capnetworks.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -56,6 +56,9 @@ $pagenext = $page + 1;
if (! $sortfield) $sortfield='lang,transkey';
if (! $sortorder) $sortorder='ASC';
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('admintranslation','globaladmin'));
/*
* Actions

18
htdocs/bookmarks/bookmarks.lib.php
View File

@ -40,10 +40,10 @@ function printBookmarksList($aDb, $aLangs)
$langs->load("bookmarks");
$url= $_SERVER["PHP_SELF"].(! empty($_SERVER["QUERY_STRING"])?'?'.$_SERVER["QUERY_STRING"]:'');
$url= $_SERVER["PHP_SELF"].(dol_escape_htmltag($_SERVER["QUERY_STRING"])?'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]):'');
$ret = '';
// Menu bookmark
$ret.= '<div class="menu_top"></div>'."\n";
@ -83,12 +83,12 @@ function printBookmarksList($aDb, $aLangs)
dol_print_error($db);
}
}
$ret.= '</select>';
$ret.= '</form>';
$ret.=ajax_combobox('boxbookmark');
$ret.='<script type="text/javascript">
$(document).ready(function () {';
$ret.=' jQuery("#boxbookmark").change(function() {
@ -97,9 +97,9 @@ function printBookmarksList($aDb, $aLangs)
if (! urltarget) { urltarget=""; }
jQuery("form#actionbookmark").attr("target",urltarget);
jQuery("form#actionbookmark").attr("action",urlselected);
console.log("We change select bookmark. We choose urlselected="+urlselected+" with target="+urltarget);
// Method is POST for internal link, GET for external
if (urlselected.startsWith(\'http\'))
{
@ -107,7 +107,7 @@ function printBookmarksList($aDb, $aLangs)
jQuery("form#actionbookmark").attr("method",newmethod);
console.log("We change method to newmethod="+newmethod);
}
jQuery("#actionbookmark").submit();
});';
$ret.='})</script>';

34
htdocs/comm/action/index.php
View File

@ -423,8 +423,8 @@ else // If javascript off
$newparam=$param; // newparam is for birthday links
$newparam=preg_replace('/showbirthday=[0-1]/i','showbirthday='.(empty($showbirthday)?1:0),$newparam);
if (! preg_match('/showbirthday=/i',$newparam)) $newparam.='&showbirthday=1';
$link='<a href="'.$_SERVER['PHP_SELF'];
$link.='?'.$newparam;
$link='<a href="'.dol_escape_htmltag($_SERVER['PHP_SELF']);
$link.='?'.dol_escape_htmltag($newparam);
$link.='">';
if (empty($showbirthday)) $link.=$langs->trans("AgendaShowBirthdayEvents");
else $link.=$langs->trans("AgendaHideBirthdayEvents");
@ -1070,7 +1070,7 @@ if (empty($action) || $action == 'show_month') // View by month
}
echo "</table>\n";
echo '<form id="move_event" action="" method="POST"><input type="hidden" name="action" value="mupdate">';
echo '<input type="hidden" name="backtopage" value="'.$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'">';
echo '<input type="hidden" name="backtopage" value="'.dol_escape_htmltag($_SERVER['PHP_SELF']).'?'.dol_escape_htmltag($_SERVER['QUERY_STRING']).'">';
echo '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
echo '<input type="hidden" name="newdate" id="newdate">' ;
echo '</form>';
@ -1124,7 +1124,7 @@ elseif ($action == 'show_week') // View by week
echo "</table>\n";
echo '<form id="move_event" action="" method="POST"><input type="hidden" name="action" value="mupdate">';
echo '<input type="hidden" name="backtopage" value="'.$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'">';
echo '<input type="hidden" name="backtopage" value="'.dol_escape_htmltag($_SERVER['PHP_SELF']).'?'.dol_escape_htmltag($_SERVER['QUERY_STRING']).'">';
echo '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
echo '<input type="hidden" name="newdate" id="newdate">' ;
echo '</form>';
@ -1188,7 +1188,7 @@ function show_day_events($db, $day, $month, $year, $monthshown, $style, &$eventa
global $cachethirdparties, $cachecontacts, $cacheusers, $colorindexused;
$dateint = sprintf("%04d",$year).sprintf("%02d",$month).sprintf("%02d",$day);
print "\n";
// Line with title of day
@ -1247,7 +1247,7 @@ function show_day_events($db, $day, $month, $year, $monthshown, $style, &$eventa
if (in_array($user->id, $keysofuserassigned))
{
$nummytasks++; $cssclass='family_mytasks';
if (empty($cacheusers[$event->userownerid]))
{
$newuser=new User($db);
@ -1255,7 +1255,7 @@ function show_day_events($db, $day, $month, $year, $monthshown, $style, &$eventa
$cacheusers[$event->userownerid]=$newuser;
}
//var_dump($cacheusers[$event->userownerid]->color);
// We decide to choose color of owner of event (event->userownerid is user id of owner, event->userassigned contains all users assigned to event)
if (! empty($cacheusers[$event->userownerid]->color)) $color=$cacheusers[$event->userownerid]->color;
}
@ -1277,10 +1277,10 @@ function show_day_events($db, $day, $month, $year, $monthshown, $style, &$eventa
}
else
{
$numother++;
$numother++;
$color=($event->icalcolor?$event->icalcolor:-1);
$cssclass=(! empty($event->icalname)?'family_ext'.md5($event->icalname):'family_other');
if (empty($cacheusers[$event->userownerid]))
{
$newuser=new User($db);
@ -1288,7 +1288,7 @@ function show_day_events($db, $day, $month, $year, $monthshown, $style, &$eventa
$cacheusers[$event->userownerid]=$newuser;
}
//var_dump($cacheusers[$event->userownerid]->color);
// We decide to choose color of owner of event (event->userownerid is user id of owner, event->userassigned contains all users assigned to event)
if (! empty($cacheusers[$event->userownerid]->color)) $color=$cacheusers[$event->userownerid]->color;
}
@ -1364,9 +1364,9 @@ function show_day_events($db, $day, $month, $year, $monthshown, $style, &$eventa
print '">';
print '<tr>';
print '<td class="tdoverflow nobottom centpercent '.($nowrapontd?'nowrap ':'').'cal_event'.($event->type_code == 'BIRTHDAY'?' cal_event_birthday':'').'">';
$daterange='';
if ($event->type_code == 'BIRTHDAY') // It's a birthday
{
print $event->getNomUrl(1,$maxnbofchar,'cal_event','birthday','contact');
@ -1426,9 +1426,9 @@ function show_day_events($db, $day, $month, $year, $monthshown, $style, &$eventa
// Show title
$titletoshow = $daterange;
$titletoshow.=($titletoshow?' ':'').$event->libelle;
if ($event->type_code == 'ICALEVENT') print $titletoshow;
else
else
{
$savlabel=$event->libelle;
$event->libelle=$titletoshow;
@ -1449,11 +1449,11 @@ function show_day_events($db, $day, $month, $year, $monthshown, $style, &$eventa
$newuser->fetch($tmpid);
$cacheusers[$tmpid]=$newuser;
}
$listofusertoshow.=$cacheusers[$tmpid]->getNomUrl(-3, '', 0, 0, 0, 0, '', 'valigntextbottom');
}
print $listofusertoshow;
if ($event->type_code == 'ICALEVENT') print '<br>('.dol_trunc($event->icalname,$maxnbofchar).')';
// If action related to company / contact
@ -1506,7 +1506,7 @@ function show_day_events($db, $day, $month, $year, $monthshown, $style, &$eventa
if ($event->type_code != 'BIRTHDAY' && $event->type_code != 'ICALEVENT')
{
$withstatus=1;
if ($event->percentage >= 0) $withstatus=2;
if ($event->percentage >= 0) $withstatus=2;
}
print '<td class="nobottom right nowrap cal_event_right'.($withstatus >= 2 ?' cal_event_right_status':'').'">';
if ($withstatus) print $event->getLibStatut(3,1);

2
htdocs/comm/action/pertype.php
View File

@ -572,7 +572,7 @@ $newparam=preg_replace('/showbirthday_=/i','showbirthday=',$newparam); // Restor
$newparam.='&viewweek=1';
echo '<form id="move_event" action="" method="POST"><input type="hidden" name="action" value="mupdate">';
echo '<input type="hidden" name="backtopage" value="'.$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'">';
echo '<input type="hidden" name="backtopage" value="'.dol_escape_htmltag($_SERVER['PHP_SELF']).'?'.dol_escape_htmltag($_SERVER['QUERY_STRING']).'">';
echo '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
echo '<input type="hidden" name="newdate" id="newdate">' ;
echo '</form>';

6
htdocs/comm/action/peruser.php
View File

@ -86,12 +86,12 @@ $status=GETPOST("status");
$type=GETPOST("type");
$maxprint=(isset($_GET["maxprint"])?GETPOST("maxprint"):$conf->global->AGENDA_MAX_EVENTS_DAY_VIEW);
// Set actioncode (this code must be same for setting actioncode into peruser, listacton and index)
if (GETPOST('actioncode','array'))
if (GETPOST('actioncode','array'))
{
$actioncode=GETPOST('actioncode','array',3);
if (! count($actioncode)) $actioncode='0';
}
else
else
{
$actioncode=GETPOST("actioncode","alpha",3)?GETPOST("actioncode","alpha",3):(GETPOST("actioncode")=='0'?'0':(empty($conf->global->AGENDA_DEFAULT_FILTER_TYPE)?'':$conf->global->AGENDA_DEFAULT_FILTER_TYPE));
}
@ -579,7 +579,7 @@ $newparam=preg_replace('/showbirthday_=/i','showbirthday=',$newparam); // Restor
$newparam.='&viewweek=1';
echo '<form id="move_event" action="" method="POST"><input type="hidden" name="action" value="mupdate">';
echo '<input type="hidden" name="backtopage" value="'.$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'">';
echo '<input type="hidden" name="backtopage" value="'.dol_escape_htmltag($_SERVER['PHP_SELF']).'?'.dol_escape_htmltag($_SERVER['QUERY_STRING']).'">';
echo '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
echo '<input type="hidden" name="newdate" id="newdate">' ;
echo '</form>';

25
htdocs/commande/card.php
View File

@ -2621,6 +2621,19 @@ if ($action == 'create' && $user->rights->commande->creer)
$outputlangs->load('commercial');
}
// Show email form
// By default if $action=='presend'
$titreform='SendOrderByMail';
$topicmail='';
if (empty($object->ref_client)) {
$topicmail = $outputlangs->trans('SendOrderRef', '__ORDERREF__');
} else if (! empty($object->ref_client)) {
$topicmail = $outputlangs->trans('SendOrderRef', '__ORDERREF__ (__REFCLIENT__)');
}
$action='send';
$modelmail='order_send';
// Build document if it not exists
if (! $file || ! is_readable($file)) {
$result = $object->generateDocument(GETPOST('model') ? GETPOST('model') : $object->modelpdf, $outputlangs, $hidedetails, $hidedesc, $hideref);
@ -2635,7 +2648,7 @@ if ($action == 'create' && $user->rights->commande->creer)
print '<div id="formmailbeforetitle" name="formmailbeforetitle"></div>';
print '<div class="clearboth"></div>';
print '<br>';
print load_fiche_titre($langs->trans('SendOrderByMail'));
print load_fiche_titre($langs->trans($titreform));
dol_fiche_head('');
@ -2662,11 +2675,7 @@ if ($action == 'create' && $user->rights->commande->creer)
$formmail->withto = GETPOST('sendto') ? GETPOST('sendto') : $liste;
$formmail->withtocc = $liste;
$formmail->withtoccc = $conf->global->MAIN_EMAIL_USECCC;
if (empty($object->ref_client)) {
$formmail->withtopic = $outputlangs->trans('SendOrderRef', '__ORDERREF__');
} else if (! empty($object->ref_client)) {
$formmail->withtopic = $outputlangs->trans('SendOrderRef', '__ORDERREF__ (__REFCLIENT__)');
}
$formmail->withtopic = $topicmail;
$formmail->withfile = 2;
$formmail->withbody = 1;
$formmail->withdeliveryreceipt = 1;
@ -2696,8 +2705,8 @@ if ($action == 'create' && $user->rights->commande->creer)
}
// Tableau des parametres complementaires
$formmail->param['action'] = 'send';
$formmail->param['models'] = 'order_send';
$formmail->param['action'] = $action;
$formmail->param['models'] = $modelmail;
$formmail->param['models_id']=GETPOST('modelmailselected','int');
$formmail->param['orderid'] = $object->id;
$formmail->param['returnurl'] = $_SERVER["PHP_SELF"] . '?id=' . $object->id;

12
htdocs/compta/facture/card.php
View File

@ -3587,15 +3587,14 @@ else if ($id > 0 || ! empty($ref))
if ($object->type == Facture::TYPE_SITUATION && ! empty($conf->global->INVOICE_USE_SITUATION))
{
if (count($object->tab_previous_situation_invoice) > 0 || count($object->tab_next_situation_invoice) > 0)
print '<table class="nobordernopadding paymenttable" width="100%">';
print '<table class="noborder situationstable" width="100%">';
if (count($object->tab_previous_situation_invoice) > 0) {
// List of previous invoices
print '<tr class="liste_titre">';
print '<td>' . $langs->trans('ListOfPreviousSituationInvoices') . '</td>';
print '<td></td>';
if (! empty($conf->banque->enabled))
print '<td align="right"></td>';
if (! empty($conf->banque->enabled)) print '<td align="right"></td>';
print '<td align="right">' . $langs->trans('AmountHT') . '</td>';
print '<td align="right">' . $langs->trans('AmountTTC') . '</td>';
print '<td width="18">&nbsp;</td>';
@ -3609,8 +3608,7 @@ else if ($id > 0 || ! empty($ref))
print '<tr class="oddeven">';
print '<td>' . $prev_invoice->getNomUrl(1) . '</td>';
print '<td></td>';
if (! empty($conf->banque->enabled))
print '<td align="right"></td>';
if (! empty($conf->banque->enabled)) print '<td align="right"></td>';
print '<td align="right">' . price($prev_invoice->total_ht) . '</td>';
print '<td align="right">' . price($prev_invoice->total_ttc) . '</td>';
print '<td align="right">' . $prev_invoice->getLibStatut(3, $totalpaye) . '</td>';
@ -3619,7 +3617,9 @@ else if ($id > 0 || ! empty($ref))
}
print '<tr class="oddeven">';
print '<td colspan="2" align="right"></td>';
print '<td></td>';
print '<td></td>';
if (! empty($conf->banque->enabled)) print '<td></td>';
print '<td align="right"><b>' . price($total_prev_ht) . '</b></td>';
print '<td align="right"><b>' . price($total_prev_ttc) . '</b></td>';
print '<td width="18">&nbsp;</td>';

31
htdocs/core/actions_sendmails.inc.php
View File

@ -31,7 +31,7 @@
/*
* Add file in email form
*/
*/
if (GETPOST('addfile'))
{
$trackid = GETPOST('trackid','aZ09');
@ -137,7 +137,7 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
{
$sendtosocid=$possibleaccounts[1]['id'];
$result=$object->fetch($sendtosocid);
setEventMessages($langs->trans('ErrorFoundMoreThanOneRecordWithEmail',$_POST['sendto'],$object->name), null, 'mesgs');
}
else
@ -229,7 +229,12 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
if (dol_strlen($sendto))
{
require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
// Define $urlwithroot
$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root));
$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
//$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
$langs->load("commercial");
@ -254,11 +259,17 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
$replyto = $_POST['replytoname']. ' <' . $_POST['replytomail'].'>';
$message = $_POST['message'];
// Make a change into HTML code to allow to include images from medias directory with an external reabable URL.
// <img alt="" src="/dolibarr_dev/htdocs/viewimage.php?modulepart=medias&amp;entity=1&amp;file=image/ldestailleur_166x166.jpg" style="height:166px; width:166px" />
// become
// <img alt="" src="'.$urlwithroot.'viewimage.php?modulepart=medias&amp;entity=1&amp;file=image/ldestailleur_166x166.jpg" style="height:166px; width:166px" />
$message=preg_replace('/(<img.*src=")[^\"]*viewimage\.php([^\"]*)modulepart=medias([^\"]*)file=([^\"]*)("[^\/]*\/>)/', '\1'.$urlwithroot.'/viewimage.php\2modulepart=medias\3file=\4\5', $message);
$sendtobcc= GETPOST('sendtoccc');
if ($mode == 'emailfromproposal') $sendtobcc .= (empty($conf->global->MAIN_MAIL_AUTOCOPY_PROPOSAL_TO) ? '' : (($sendtobcc?", ":"").$conf->global->MAIN_MAIL_AUTOCOPY_PROPOSAL_TO));
if ($mode == 'emailfromorder') $sendtobcc .= (empty($conf->global->MAIN_MAIL_AUTOCOPY_ORDER_TO) ? '' : (($sendtobcc?", ":"").$conf->global->MAIN_MAIL_AUTOCOPY_ORDER_TO));
if ($mode == 'emailfrominvoice') $sendtobcc .= (empty($conf->global->MAIN_MAIL_AUTOCOPY_INVOICE_TO) ? '' : (($sendtobcc?", ":"").$conf->global->MAIN_MAIL_AUTOCOPY_INVOICE_TO));
if ($mode == 'emailfromproposal') $sendtobcc .= (empty($conf->global->MAIN_MAIL_AUTOCOPY_PROPOSAL_TO) ? '' : (($sendtobcc?", ":"").$conf->global->MAIN_MAIL_AUTOCOPY_PROPOSAL_TO));
if ($mode == 'emailfromorder') $sendtobcc .= (empty($conf->global->MAIN_MAIL_AUTOCOPY_ORDER_TO) ? '' : (($sendtobcc?", ":"").$conf->global->MAIN_MAIL_AUTOCOPY_ORDER_TO));
if ($mode == 'emailfrominvoice') $sendtobcc .= (empty($conf->global->MAIN_MAIL_AUTOCOPY_INVOICE_TO) ? '' : (($sendtobcc?", ":"").$conf->global->MAIN_MAIL_AUTOCOPY_INVOICE_TO));
if ($mode == 'emailfromsupplierproposal') $sendtobcc .= (empty($conf->global->MAIN_MAIL_AUTOCOPY_SUPPLIER_PROPOSAL_TO) ? '' : (($sendtobcc?", ":"").$conf->global->MAIN_MAIL_AUTOCOPY_SUPPLIER_PROPOSAL_TO));
if ($mode == 'emailfromsupplierorder') $sendtobcc .= (empty($conf->global->MAIN_MAIL_AUTOCOPY_SUPPLIER_ORDER_TO) ? '' : (($sendtobcc?", ":"").$conf->global->MAIN_MAIL_AUTOCOPY_SUPPLIER_ORDER_TO));
if ($mode == 'emailfromsupplierinvoice') $sendtobcc .= (empty($conf->global->MAIN_MAIL_AUTOCOPY_SUPPLIER_INVOICE_TO) ? '' : (($sendtobcc?", ":"").$conf->global->MAIN_MAIL_AUTOCOPY_SUPPLIER_INVOICE_TO));
@ -371,7 +382,7 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
if (is_object($object))
{
if (empty($actiontypecode)) $actiontypecode='AC_OTH_AUTO'; // Event insert into agenda automatically
$object->socid = $sendtosocid; // To link to a company
$object->sendtoid = $sendtoid; // To link to contacts/addresses. This is an array.
$object->actiontypecode = $actiontypecode; // Type of event ('AC_OTH', 'AC_OTH_AUTO', 'AC_XXX'...)
@ -392,7 +403,7 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
}
}
}
if ($error)
{
dol_print_error($db);
@ -403,7 +414,7 @@ if (($action == 'send' || $action == 'relance') && ! $_POST['addfile'] && ! $_PO
// This avoid sending mail twice if going out and then back to page
$mesg=$langs->trans('MailSuccessfulySent',$mailfile->getValidAddress($from,2),$mailfile->getValidAddress($sendto,2));
setEventMessages($mesg, null, 'mesgs');
if ($conf->dolimail->enabled)
if ($conf->dolimail->enabled)
{
header('Location: '.$_SERVER["PHP_SELF"].'?'.($paramname?$paramname:'id').'='.(is_object($object)?$object->id:'').'&'.($paramname2?$paramname2:'mid').'='.$parm2val);
exit;

2
htdocs/core/ajax/ajaxdirpreview.php
View File

@ -139,7 +139,7 @@ if (! dol_is_dir($upload_dir))
}
print '<!-- ajaxdirpreview type='.$type.' -->'."\n";
print '<!-- Page called with mode='.(isset($mode)?$mode:'').' type='.$type.' module='.$module.' url='.$url.' '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Page called with mode='.dol_escape_htmltag(isset($mode)?$mode:'').' type='.dol_escape_htmltag($type).' module='.dol_escape_htmltag($module).' url='.dol_escape_htmltag($url).' '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
$param=($sortfield?'&sortfield='.$sortfield:'').($sortorder?'&sortorder='.$sortorder:'');

2
htdocs/core/ajax/bankconciliate.php
View File

@ -45,7 +45,7 @@ $action=GETPOST('action','aZ09');
//top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header.
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
if (($user->rights->banque->modifier || $user->rights->banque->consolidate) && $action == 'dvnext')
{

2
htdocs/core/ajax/box.php
View File

@ -50,7 +50,7 @@ $userid=GETPOST('userid','int');
//top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header.
top_httphead();
print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Add a box
if ($boxid > 0 && $zone !='' && $userid > 0)

2
htdocs/core/ajax/constantonoff.php
View File

@ -45,7 +45,7 @@ $name=GETPOST('name','alpha');
//top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header.
top_httphead();
print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Registering the location of boxes
if (! empty($action) && ! empty($name))

8
htdocs/core/ajax/contacts.php
View File

@ -41,20 +41,20 @@ $showempty = GETPOST('showempty','int');
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Load original field value
if (! empty($id) && ! empty($action) && ! empty($htmlname))
{
$form = new Form($db);
$return=array();
if (empty($showempty)) $showempty=0;
$return['value'] = $form->selectcontacts($id,'',$htmlname,$showempty,'','',0,'',true);
$return['num'] = $form->num;
$return['error'] = $form->error;
echo json_encode($return);
}

18
htdocs/core/ajax/extraparams.php
View File

@ -40,17 +40,17 @@ $type = GETPOST('type', 'alpha');
top_httphead();
print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
if(! empty($id) && ! empty($element) && ! empty($htmlelement) && ! empty($type))
{
$value = GETPOST('value','alpha');
$params=array();
dol_syslog("AjaxSetExtraParameters id=".$id." element=".$element." htmlelement=".$htmlelement." type=".$type." value=".$value, LOG_DEBUG);
$classpath = $subelement = $element;
// For compatibility
if ($element == 'order' || $element == 'commande') { $classpath = $subelement = 'commande'; }
else if ($element == 'propal') { $classpath = 'comm/propal'; $subelement = 'propal'; }
@ -60,19 +60,19 @@ if(! empty($id) && ! empty($element) && ! empty($htmlelement) && ! empty($type))
else if ($element == 'deplacement') { $classpath = 'compta/deplacement'; $subelement = 'deplacement'; }
else if ($element == 'order_supplier') { $classpath = 'fourn'; $subelement = 'fournisseur.commande'; }
else if ($element == 'invoice_supplier') { $classpath = 'fourn'; $subelement = 'fournisseur.facture'; }
dol_include_once('/'.$classpath.'/class/'.$subelement.'.class.php');
if ($element == 'order_supplier') { $classname = 'CommandeFournisseur'; }
else if ($element == 'invoice_supplier') { $classname = 'FactureFournisseur'; }
else $classname = ucfirst($subelement);
$object = new $classname($db);
$object->fetch($id);
$params[$htmlelement] = array($type => $value);
$object->extraparams = array_merge($object->extraparams, $params);
$result=$object->setExtraParameters();
}

2
htdocs/core/ajax/loadinplace.php
View File

@ -41,7 +41,7 @@ $fk_element = GETPOST('fk_element','alpha');
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Load original field value
if (! empty($field) && ! empty($element) && ! empty($table_element) && ! empty($fk_element))

2
htdocs/core/ajax/objectonoff.php
View File

@ -42,7 +42,7 @@ $object = new GenericObject($db);
top_httphead();
print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Registering new values
if (($action == 'set') && ! empty($id))

2
htdocs/core/ajax/price.php
View File

@ -39,7 +39,7 @@ $tva_tx = str_replace('*','',GETPOST('tva_tx','alpha'));
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Load original field value
if (! empty($output) && isset($amount) && isset($tva_tx))

6
htdocs/core/ajax/row.php
View File

@ -18,8 +18,8 @@
/**
* \file htdocs/core/ajax/row.php
* \brief File to return Ajax response on Row move.
* This ajax page is called when doing an up or down drag and drop.
* \brief File to return Ajax response on Row move.
* This ajax page is called when doing an up or down drag and drop.
*/
if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Disable token renewal
@ -40,7 +40,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/genericobject.class.php';
top_httphead();
print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Registering the location of boxes
if ((isset($_POST['roworder']) && ! empty($_POST['roworder'])) && (isset($_POST['table_element_line']) && ! empty($_POST['table_element_line']))

2
htdocs/core/ajax/saveinplace.php
View File

@ -54,7 +54,7 @@ savemethodname:
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
//print_r($_POST);
// Load original field value

6
htdocs/core/ajax/security.php
View File

@ -17,8 +17,8 @@
/**
* \file htdocs/core/ajax/security.php
* \brief This ajax component is used to generated has keys for security purposes
* like key to use into URL to protect them.
* \brief This ajax component is used to generated has keys for security purposes
* like key to use into URL to protect them.
*/
if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Disables token renewal
@ -38,7 +38,7 @@ require '../../main.inc.php';
//top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header.
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Registering the location of boxes
if (isset($_GET['action']) && ! empty($_GET['action']))

2
htdocs/core/ajax/vatrates.php
View File

@ -41,7 +41,7 @@ $productid = (GETPOST('productid','int')?GETPOST('productid','int'):0);
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Load original field value
if (! empty($id) && ! empty($action) && ! empty($htmlname))

2
htdocs/core/ajax/ziptown.php
View File

@ -45,7 +45,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
//top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header.
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
dol_syslog("GET is ".join(',',$_GET).', MAIN_USE_ZIPTOWN_DICTIONNARY='.(empty($conf->global->MAIN_USE_ZIPTOWN_DICTIONNARY)?'':$conf->global->MAIN_USE_ZIPTOWN_DICTIONNARY));
//var_dump($_GET);

15
htdocs/core/class/commonobject.class.php
View File

@ -3097,9 +3097,18 @@ abstract class CommonObject
$trueWeightUnit=pow(10, $weightUnit);
$totalWeight += $weight * $qty * $trueWeightUnit;
}
else
{
$totalWeight += $weight * $qty; // This may be wrong if we mix different units
else {
if ($weight_units == 99) {
// conversion 1 Pound = 0.45359237 KG
$trueWeightUnit = 0.45359237;
$totalWeight += $weight * $qty * $trueWeightUnit;
} elseif ($weight_units == 98) {
// conversion 1 Ounce = 0.0283495 KG
$trueWeightUnit = 0.0283495;
$totalWeight += $weight * $qty * $trueWeightUnit;
}
else
$totalWeight += $weight * $qty; // This may be wrong if we mix different units
}
if ($volume_units < 50) // >50 means a standard unit (power of 10 of official unit), > 50 means an exotic unit (like inch)
{

6
htdocs/core/class/html.formmail.class.php
View File

@ -288,14 +288,15 @@ class FormMail extends Form
$outputlangs->load('other');
}
// Get message template
// Get message template for $this->param["models"] into c_email_templates
$model_id=0;
if (array_key_exists('models_id',$this->param))
{
$model_id=$this->param["models_id"];
}
$arraydefaultmessage=$this->getEMailTemplate($this->db, $this->param["models"], $user, $outputlangs, $model_id);
//var_dump($arraydefaultmessage);
//var_dump($this->param["models"]);
//var_dump($arraydefaultmessage);
$out.= "\n".'<!-- Begin form mail --><div id="mailformdiv"></div>'."\n";
if ($this->withform == 1)
@ -876,6 +877,7 @@ class FormMail extends Form
elseif ($type_template=='shipping_send') { $defaultmessage=$outputlangs->transnoentities("PredefinedMailContentSendShipping"); }
elseif ($type_template=='fichinter_send') { $defaultmessage=$outputlangs->transnoentities("PredefinedMailContentSendFichInter"); }
elseif ($type_template=='thirdparty') { $defaultmessage=$outputlangs->transnoentities("PredefinedMailContentThirdparty"); }
elseif ($type_template=='user') { $defaultmessage=$outputlangs->transnoentities("PredefinedMailContentUser"); }
$ret['label']='default';
$ret['topic']='';

4
htdocs/core/class/html.formother.class.php
View File

@ -1062,7 +1062,7 @@ class FormOther
async: false
});
// We force reload to be sure to get all boxes into list
window.location.search=\'mainmenu='.GETPOST("mainmenu").'&leftmenu='.GETPOST('leftmenu').'&action=delbox\';
window.location.search=\'mainmenu='.GETPOST("mainmenu","aZ09").'&leftmenu='.GETPOST('leftmenu',"aZ09").'&action=delbox\';
}
else
{
@ -1084,7 +1084,7 @@ class FormOther
url: \''.DOL_URL_ROOT.'/core/ajax/box.php?boxorder=\'+boxorder+\'&boxid=\'+boxid+\'&zone='.$areacode.'&userid='.$user->id.'\',
async: false
});
window.location.search=\'mainmenu='.GETPOST("mainmenu").'&leftmenu='.GETPOST('leftmenu').'&action=addbox&boxid=\'+boxid;
window.location.search=\'mainmenu='.GETPOST("mainmenu","aZ09").'&leftmenu='.GETPOST('leftmenu',"aZ09").'&action=addbox&boxid=\'+boxid;
}
});';
if (! count($arrayboxtoactivatelabel)) $selectboxlist.='jQuery("#boxcombo").hide();';

20
htdocs/core/lib/admin.lib.php
View File

@ -756,7 +756,7 @@ function purgeSessions($mysessionid)
*/
function activateModule($value,$withdeps=1)
{
global $db, $modules, $langs, $conf;
global $db, $modules, $langs, $conf, $mysoc;
// Check parameters
if (empty($value)) {
@ -813,7 +813,7 @@ function activateModule($value,$withdeps=1)
}
$result=$objMod->init(); // Enable module
if ($result <= 0)
if ($result <= 0)
{
$ret['errors'][]=$objMod->error;
}
@ -848,19 +848,19 @@ function activateModule($value,$withdeps=1)
break;
}
}
if ($activate)
{
$ret['nbmodules']+=$resarray['nbmodules'];
$ret['nbperms']+=$resarray['nbperms'];
}
else
else
{
$ret['errors'][] = $langs->trans('activateModuleDependNotSatisfied', $objMod->name, $modulestring);
}
}
}
if (isset($objMod->conflictwith) && is_array($objMod->conflictwith) && ! empty($objMod->conflictwith))
{
// Desactivation des modules qui entrent en conflit
@ -879,12 +879,12 @@ function activateModule($value,$withdeps=1)
}
}
if (! count($ret['errors']))
if (! count($ret['errors']))
{
$ret['nbmodules']++;
$ret['nbperms']+=count($objMod->rights);
}
return $ret;
}
@ -1221,7 +1221,7 @@ function form_constantes($tableau, $strictw3c=0, $helptext='')
if ($result)
{
$obj = $db->fetch_object($result); // Take first result of select
// For avoid warning in strict mode
if (empty($obj)) {
@ -1360,7 +1360,7 @@ function showModulesExludedForExternal($modules)
//if (empty($conf->global->$moduleconst)) continue;
if (! in_array($modulename,$listofmodules)) continue;
//var_dump($modulename.'eee'.$langs->trans('Module'.$module->numero.'Name'));
if ($i > 0) $text.=', ';
else $text.=' ';
$i++;
@ -1391,7 +1391,7 @@ function addDocumentModel($name, $type, $label='', $description='')
$sql.= ($label?"'".$db->escape($label)."'":'null').", ";
$sql.= (! empty($description)?"'".$db->escape($description)."'":"null");
$sql.= ")";
dol_syslog("admin.lib::addDocumentModel", LOG_DEBUG);
$resql=$db->query($sql);
if ($resql)

7
htdocs/core/lib/functions.lib.php
View File

@ -411,9 +411,6 @@ function GETPOST($paramname, $check='', $method=0, $filter=NULL, $options=NULL)
case 'intcomma':
if (preg_match('/[^0-9,]+/i',$out)) $out='';
break;
case 'intcomma':
if (preg_match('/[^0-9,]+/i',$out)) $out='';
break;
case 'alpha':
$out=trim($out);
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
@ -3168,8 +3165,8 @@ function dol_print_error($db='',$error='',$errors=null)
$out.="<b>".$langs->trans("Referer").":</b> ".(isset($_SERVER["HTTP_REFERER"])?dol_htmlentities($_SERVER["HTTP_REFERER"],ENT_COMPAT,'UTF-8'):'')."<br>\n";
$out.="<b>".$langs->trans("MenuManager").":</b> ".(isset($conf->standard_menu)?$conf->standard_menu:'')."<br>\n";
$out.="<br>\n";
$syslog.="url=".$_SERVER["REQUEST_URI"];
$syslog.=", query_string=".$_SERVER["QUERY_STRING"];
$syslog.="url=".dol_escape_htmltag($_SERVER["REQUEST_URI"]);
$syslog.=", query_string=".dol_escape_htmltag($_SERVER["QUERY_STRING"]);
}
else // Mode CLI
{

2
htdocs/core/lib/pdf.lib.php
View File

@ -865,7 +865,7 @@ function pdf_pagefoot(&$pdf,$outputlangs,$paramfreetext,$fromcompany,$marge_bass
// Make a change into HTML code to allow to include images from medias directory.
// <img alt="" src="/dolibarr_dev/htdocs/viewimage.php?modulepart=medias&amp;entity=1&amp;file=image/ldestailleur_166x166.jpg" style="height:166px; width:166px" />
// become
// <img src="'.DOL_DATA_ROOT.'/media/image/ldestailleur_166x166.jpg" style="height:166px; width:166px" />
// <img alt="" src="'.DOL_DATA_ROOT.'/media/image/ldestailleur_166x166.jpg" style="height:166px; width:166px" />
$newfreetext=preg_replace('/(<img.*src=")[^\"]*viewimage\.php[^\"]*modulepart=medias[^\"]*file=([^\"]*)("[^\/]*\/>)/', '\1'.DOL_DATA_ROOT.'/medias/\2\3', $newfreetext);
$line.=$outputlangs->convToOutputCharset($newfreetext);

3
htdocs/core/lib/product.lib.php
View File

@ -441,7 +441,8 @@ function measuring_units_string($unit,$measuring_style='')
$measuring_units[0] = $langs->transnoentitiesnoconv("WeightUnitkg");
$measuring_units[-3] = $langs->transnoentitiesnoconv("WeightUnitg");
$measuring_units[-6] = $langs->transnoentitiesnoconv("WeightUnitmg");
$measuring_units[99] = $langs->transnoentitiesnoconv("WeightUnitpound");
$measuring_units[98] = $langs->transnoentitiesnoconv("WeightUnitounce");
$measuring_units[99] = $langs->transnoentitiesnoconv("WeightUnitpound");
}
else if ($measuring_style == 'size')
{

4
htdocs/core/lib/security2.lib.php
View File

@ -144,10 +144,6 @@ function dol_loginfunction($langs,$conf,$mysoc)
$dol_url_root = DOL_URL_ROOT;
$php_self = $_SERVER['PHP_SELF'];
$php_self.= $_SERVER["QUERY_STRING"]?'?'.$_SERVER["QUERY_STRING"]:'';
if (! preg_match('/mainmenu=/',$php_self)) $php_self.=(preg_match('/\?/',$php_self)?'&':'?').'mainmenu=home';
// Title
$appli=constant('DOL_APPLICATION_TITLE');
$title=$appli.' '.constant('DOL_VERSION');

6
htdocs/core/modules/modBlockedLog.class.php
View File

@ -65,9 +65,9 @@ class modBlockedLog extends DolibarrModules
// Dependancies
//-------------
$this->hidden = false; // A condition to disable module
$this->depends = array('modFacture'); // List of modules id that must be enabled if this module is enabled
$this->requiredby = array(); // List of modules id to disable if this one is disabled
$this->conflictwith = array(); // List of modules id this module is in conflict with
$this->depends = array('always'=>'modFacture'); // List of modules id that must be enabled if this module is enabled
$this->requiredby = array(); // List of modules id to disable if this one is disabled
$this->conflictwith = array(); // List of modules id this module is in conflict with
$this->langfiles = array();
// Constants

6
htdocs/core/modules/modCashDesk.class.php
View File

@ -65,11 +65,13 @@ class modCashDesk extends DolibarrModules
$this->config_page_url = array("cashdesk.php@cashdesk");
// Dependencies
$this->depends = array("modBanque","modFacture","modProduct"); // List of modules id that must be enabled if this module is enabled
$this->requiredby = array(); // List of modules id to disable if this one is disabled
$this->depends = array('always'=>"modBanque", 'always'=>"modFacture", 'always'=>"modProduct", 'FR'=>'modBlockedLog'); // List of modules id that must be enabled if this module is enabled
$this->requiredby = array(); // List of modules id to disable if this one is disabled
$this->phpmin = array(4,1); // Minimum version of PHP required by module
$this->need_dolibarr_version = array(2,4); // Minimum version of Dolibarr required by module
$this->langfiles = array("cashdesk");
$this->warnings_activation = array('FR'=>'WarningNoteModulePOSForFrenchLaw'); // Warning to show when we activate module. array('always'='text') or array('FR'='text')
$this->warnings_activation_ext = array('FR'=>'WarningInstallationMayBecomeNotCompliantWithLaw'); // Warning to show when we activate an external module. array('always'='text') or array('FR'='text')
// Constants
$this->const = array();

31
htdocs/core/modules/modFacture.class.php
View File

@ -64,14 +64,13 @@ class modFacture extends DolibarrModules
$this->dirs = array("/facture/temp");
// Dependencies
$this->depends = array('always'=>"modSociete", 'FR'=>'modBlockedLog');
$this->depends = array('always'=>"modSociete");
$this->requiredby = array("modComptabilite","modAccounting");
$this->conflictwith = array();
$this->langfiles = array("bills","companies","compta","products");
$this->warnings_activation = array('FR'=>'WarningNoteModuleInvoiceForFrenchLaw'); // Warning to show when we activate module. array('always'='text') or array('FR'='text')
$this->warnings_activation = array();
$this->warnings_activation_ext = array('FR'=>'WarningInstallationMayBecomeNotCompliantWithLaw'); // Warning to show when we activate an external module. array('always'='text') or array('FR'='text')
$this->warnings_activation = array(); // Warning to show when we activate module. array('always'='text') or array('FR'='text')
$this->warnings_activation_ext = array(); // Warning to show when we activate an external module. array('always'='text') or array('FR'='text')
// Config pages
$this->config_page_url = array("facture.php");
@ -99,7 +98,7 @@ class modFacture extends DolibarrModules
$this->const[$r][3] = "";
$this->const[$r][4] = 0;
$r++;
/*$this->const[$r][0] = "FACTURE_DRAFT_WATERMARK";
$this->const[$r][1] = "chaine";
$this->const[$r][2] = "__(Draft)__";
@ -107,7 +106,7 @@ class modFacture extends DolibarrModules
$this->const[$r][4] = 0;
$r++;*/
// Boxes
//$this->boxes = array(0=>array(1=>'box_factures_imp.php'),1=>array(1=>'box_factures.php'));
$this->boxes = array(
@ -116,16 +115,16 @@ class modFacture extends DolibarrModules
2=>array('file'=>'box_graph_invoices_permonth.php','enabledbydefaulton'=>'Home')
);
// Cronjobs
// Cronjobs
$this->cronjobs = array(
0=>array('label'=>'RecurringInvoices', 'jobtype'=>'method', 'class'=>'compta/facture/class/facture-rec.class.php', 'objectname'=>'FactureRec', 'method'=>'createRecurringInvoices', 'parameters'=>'', 'comment'=>'Generate recurring invoices', 'frequency'=>1, 'unitfrequency'=>3600*24),
0=>array('label'=>'RecurringInvoices', 'jobtype'=>'method', 'class'=>'compta/facture/class/facture-rec.class.php', 'objectname'=>'FactureRec', 'method'=>'createRecurringInvoices', 'parameters'=>'', 'comment'=>'Generate recurring invoices', 'frequency'=>1, 'unitfrequency'=>3600*24),
// 1=>array('label'=>'My label', 'jobtype'=>'command', 'command'=>'', 'parameters'=>'', 'comment'=>'Comment', 'frequency'=>3600, 'unitfrequency'=>3600)
);
// List of cron jobs entries to add
// Example:
);
// List of cron jobs entries to add
// Example:
// $this->cronjobs=array(
// 0=>array('label'=>'My label', 'jobtype'=>'method', 'class'=>'MyClass', 'method'=>'myMethod', 'parameters'=>'', 'comment'=>'Comment', 'frequency'=>1, 'unitfrequency'=>3600),
// 1=>array('label'=>'My label', 'jobtype'=>'command', 'command'=>'', 'parameters'=>'', 'comment'=>'Comment', 'frequency'=>1, 'unitfrequency'=>3600)
// 0=>array('label'=>'My label', 'jobtype'=>'method', 'class'=>'MyClass', 'method'=>'myMethod', 'parameters'=>'', 'comment'=>'Comment', 'frequency'=>1, 'unitfrequency'=>3600),
// 1=>array('label'=>'My label', 'jobtype'=>'command', 'command'=>'', 'parameters'=>'', 'comment'=>'Comment', 'frequency'=>1, 'unitfrequency'=>3600)
// );
// Permissions
@ -206,8 +205,8 @@ class modFacture extends DolibarrModules
// Menus
//-------
$this->menu = 1; // This module add menu entries. They are coded into menu manager.
// Exports
//--------
$r=1;

2
htdocs/core/tpl/ajax/fileupload_main.tpl.php
View File

@ -45,7 +45,7 @@ $(function () {
// Events
$('#fileupload').fileupload({
stop: function (e, data) {
location.href='<?php echo $_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"]; ?>';
location.href='<?php echo dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]); ?>';
},
destroy: function (e, data) {
var that = $(this).data('fileupload');

2
htdocs/core/tpl/ajaxrow.tpl.php
View File

@ -63,7 +63,7 @@ $(document).ready(function(){
function() {
console.log("tableDND end of ajax call");
if (reloadpage == 1) {
location.href = '<?php echo $_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING']; ?>';
location.href = '<?php echo dol_escape_htmltag($_SERVER['PHP_SELF']).'?'.dol_escape_htmltag($_SERVER['QUERY_STRING']); ?>';
} else {
$("#<?php echo $tagidfortablednd; ?> .drag").each(
function( intIndex ) {

6
htdocs/core/tpl/login.tpl.php
View File

@ -31,6 +31,10 @@ if (GETPOST('dol_use_jmobile')) $conf->dol_use_jmobile=1;
// If we force to use jmobile, then we reenable javascript
if (! empty($conf->dol_use_jmobile)) $conf->use_javascript_ajax=1;
$php_self = dol_escape_htmltag($_SERVER['PHP_SELF']);
$php_self.= dol_escape_htmltag($_SERVER["QUERY_STRING"])?'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]):'';
if (! preg_match('/mainmenu=/',$php_self)) $php_self.=(preg_match('/\?/',$php_self)?'&':'?').'mainmenu=home';
// Javascript code on logon page only to detect user tz, dst_observed, dst_first, dst_second
$arrayofjs=array(
'/includes/jstz/jstz.min.js'.(empty($conf->dol_use_jmobile)?'':'?version='.urlencode(DOL_VERSION)),
@ -82,7 +86,7 @@ $(document).ready(function () {
<div class="login_table_title center" title="<?php echo dol_escape_htmltag($title); ?>">
<?php
if ($disablenofollow) echo '<a class="login_table_title" href="https://www.dolibarr.org" target="_blank">';
echo dol_escape_htmltag($title);
echo dol_escape_htmltag($title);
if ($disablenofollow) echo '</a>';
?>
</div>

7
htdocs/core/tpl/passwordforgotten.tpl.php
View File

@ -28,6 +28,9 @@ if (GETPOST('dol_use_jmobile')) $conf->dol_use_jmobile=1;
// If we force to use jmobile, then we reenable javascript
if (! empty($conf->dol_use_jmobile)) $conf->use_javascript_ajax=1;
$php_self = $_SERVER['PHP_SELF'];
$php_self.= dol_escape_htmltag($_SERVER["QUERY_STRING"])?'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]):'';
print top_htmlhead('',$langs->trans('SendNewPassword'));
?>
<!-- BEGIN PHP TEMPLATE PASSWORDFORGOTTEN.TPL.PHP -->
@ -56,7 +59,7 @@ $(document).ready(function () {
<div class="login_table_title center" title="<?php echo dol_escape_htmltag($title); ?>">
<?php
if ($disablenofollow) echo '<a class="login_table_title" href="https://www.dolibarr.org" target="_blank">';
echo dol_escape_htmltag($title);
echo dol_escape_htmltag($title);
if ($disablenofollow) echo '</a>';
?>
</div>
@ -96,7 +99,7 @@ if (! empty($hookmanager->resArray['options'])) {
}
?>
<?php if ($captcha) {
<?php if ($captcha) {
// Add a variable param to force not using cache (jmobile)
$php_self = preg_replace('/[&\?]time=(\d+)/','',$php_self); // Remove param time
if (preg_match('/\?/',$php_self)) $php_self.='&time='.dol_print_date(dol_now(),'dayhourlog');

2
htdocs/ecm/ajax/ecmdatabase.php
View File

@ -39,7 +39,7 @@ $element = GETPOST('element', 'alpha');
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Load original field value
if (isset($action) && ! empty($action))

2
htdocs/expensereport/ajax/ajaxprojet.php
View File

@ -46,7 +46,7 @@ require '../../main.inc.php';
//top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header.
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
dol_syslog(join(',',$_GET));

4
htdocs/externalsite/frames.php
View File

@ -34,8 +34,8 @@ if (empty($conf->global->EXTERNALSITE_URL))
llxFooter();
}
$mainmenu=GETPOST('mainmenu', 'alpha');
$leftmenu=GETPOST('leftmenu', 'alpha');
$mainmenu=GETPOST('mainmenu', "aZ09");
$leftmenu=GETPOST('leftmenu', "aZ09");
$idmenu=GETPOST('idmenu', 'int');
$theme=GETPOST('theme', 'alpha');
$codelang=GETPOST('lang', 'aZ09');

18
htdocs/fourn/ajax/getSupplierPrices.php
View File

@ -46,7 +46,7 @@ $langs->load('margins');
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
if ($idprod > 0)
{
@ -55,7 +55,7 @@ if ($idprod > 0)
$sorttouse = 's.nom, pfp.quantity, pfp.price';
if (GETPOST('bestpricefirst')) $sorttouse = 'pfp.unitprice, s.nom, pfp.quantity, pfp.price';
$productSupplierArray = $producttmp->list_product_fournisseur_price($idprod, $sorttouse); // We list all price per supplier, and then firstly with the lower quantity. So we can choose first one with enough quantity into list.
if ( is_array($productSupplierArray))
{
@ -63,34 +63,34 @@ if ($idprod > 0)
{
$price = $productSupplier->fourn_price * (1 - $productSupplier->fourn_remise_percent / 100);
$unitprice = $productSupplier->fourn_unitprice * (1 - $productSupplier->fourn_remise_percent / 100);
$title = $productSupplier->fourn_name.' - '.$productSupplier->fourn_ref.' - ';
if ($productSupplier->fourn_qty == 1)
{
$title.= price($price,0,$langs,0,0,-1,$conf->currency)."/";
}
$title.= $productSupplier->fourn_qty.' '.($productSupplier->fourn_qty == 1 ? $langs->trans("Unit") : $langs->trans("Units"));
if ($productSupplier->fourn_qty > 1)
{
$title.=" - ";
$title.= price($unitprice,0,$langs,0,0,-1,$conf->currency)."/".$langs->trans("Unit");
$price = $unitprice;
}
$label = price($price,0,$langs,0,0,-1,$conf->currency)."/".$langs->trans("Unit");
if ($productSupplier->fourn_ref) $label.=' ('.$productSupplier->fourn_ref.')';
$prices[] = array("id" => $productSupplier->product_fourn_price_id, "price" => price2num($price,0,'',0), "label" => $label, "title" => $title); // For price field, we must use price2num(), for label or title, price()
}
}
// Add price for costprice
$price=$producttmp->cost_price;
$prices[] = array("id" => 'costprice', "price" => price2num($price), "label" => $langs->trans("CostPrice").': '.price($price,0,$langs,0,0,-1,$conf->currency), "title" => $langs->trans("PMPValueShort").': '.price($price,0,$langs,0,0,-1,$conf->currency)); // For price field, we must use price2num(), for label or title, price()
if(!empty($conf->stock->enabled))
if(!empty($conf->stock->enabled))
{
// Add price for pmp
$price=$producttmp->pmp;

4
htdocs/holiday/list.php
View File

@ -168,7 +168,7 @@ if($year_create > 0) {
}
} else {
if($month_create > 0) {
$filter.= " AND date_format(cp.date_create, '%m') = '$month_create'";
$filter.= " AND date_format(cp.date_create, '%m') = '".$db->escape($month_create)."'";
}
}
@ -302,7 +302,7 @@ print '</td>';
// DATE CREATE
print '<td class="liste_titre" align="center">';
print '<input class="flat" type="text" size="1" maxlength="2" name="month_create" value="'.$month_create.'">';
print '<input class="flat" type="text" size="1" maxlength="2" name="month_create" value="'.dol_escape_htmltag($month_create).'">';
$formother->select_year($year_create,'year_create',1, $min_year, 0);
print '</td>';

6
htdocs/install/inc.php
View File

@ -385,12 +385,12 @@ function pHeader($subtitle,$next,$action='set',$param='',$forcejqueryurl='',$css
// We force the content charset
header("Content-type: text/html; charset=".$conf->file->character_set_client);
header("X-Content-Type-Options: nosniff");
print '<!DOCTYPE HTML>'."\n";
print '<html>'."\n";
print '<head>'."\n";
print '<meta charset='.$conf->file->character_set_client.'">'."\n";
print '<meta name="viewport" content="width=device-width, initial-scale=1.0">'."\n";
print '<meta name="viewport" content="width=device-width, initial-scale=1.0">'."\n";
print '<link rel="stylesheet" type="text/css" href="default.css">'."\n";
print '<!-- Includes CSS for JQuery -->'."\n";
@ -453,7 +453,7 @@ function pFooter($nonext=0,$setuplang='',$jscheckfunction='', $withpleasewait=0)
print '<div class="nextbutton" id="nextbutton">';
if ($nonext == '2')
{
print $langs->trans("ErrorFoundDuringMigration", $_SERVER["REQUEST_URI"].'&ignoreerrors=1').'<br><br>';
print $langs->trans("ErrorFoundDuringMigration", isset($_SERVER["REQUEST_URI"])?$_SERVER["REQUEST_URI"].'&ignoreerrors=1':'').'<br><br>';
}
print '<input type="submit" '.($nonext == '2' ? 'disabled="disabled" ':'').'value="'.$langs->trans("NextStep").' ->"';

64
htdocs/install/mysql/migration/6.0.0-7.0.0.sql
View File

@ -1,64 +0,0 @@
--
-- Be carefull to requests order.
-- This file must be loaded by calling /install/index.php page
-- when current version is 6.0.0 or higher.
--
-- To rename a table: ALTER TABLE llx_table RENAME TO llx_table_new;
-- To add a column: ALTER TABLE llx_table ADD COLUMN newcol varchar(60) NOT NULL DEFAULT '0' AFTER existingcol;
-- To rename a column: ALTER TABLE llx_table CHANGE COLUMN oldname newname varchar(60);
-- To drop a column: ALTER TABLE llx_table DROP COLUMN oldname;
-- To change type of field: ALTER TABLE llx_table MODIFY COLUMN name varchar(60);
-- To drop a foreign key: ALTER TABLE llx_table DROP FOREIGN KEY fk_name;
-- To drop an index: -- VMYSQL4.0 DROP INDEX nomindex on llx_table
-- To drop an index: -- VPGSQL8.0 DROP INDEX nomindex
-- To restrict request to Mysql version x.y minimum use -- VMYSQLx.y
-- To restrict request to Pgsql version x.y minimum use -- VPGSQLx.y
-- To make pk to be auto increment (mysql): -- VMYSQL4.3 ALTER TABLE llx_c_shipment_mode CHANGE COLUMN rowid rowid INTEGER NOT NULL AUTO_INCREMENT;
-- To make pk to be auto increment (postgres): -- VPGSQL8.2 NOT POSSIBLE. MUST DELETE/CREATE TABLE
-- To set a field as NULL: -- VMYSQL4.3 ALTER TABLE llx_table MODIFY COLUMN name varchar(60) NULL;
-- To set a field as NULL: -- VPGSQL8.2 ALTER TABLE llx_table ALTER COLUMN name DROP NOT NULL;
-- To set a field as NOT NULL: -- VMYSQL4.3 ALTER TABLE llx_table MODIFY COLUMN name varchar(60) NOT NULL;
-- To set a field as NOT NULL: -- VPGSQL8.2 ALTER TABLE llx_table ALTER COLUMN name SET NOT NULL;
-- To set a field as default NULL: -- VPGSQL8.2 ALTER TABLE llx_table ALTER COLUMN name SET DEFAULT NULL;
-- Note: fields with type BLOB/TEXT can't have default value.
-- -- VPGSQL8.2 DELETE FROM llx_usergroup_user WHERE fk_user NOT IN (SELECT rowid from llx_user);
-- -- VMYSQL4.1 DELETE FROM llx_usergroup_user WHERE fk_usergroup NOT IN (SELECT rowid from llx_usergroup);
-- Clean corrupted values for tms
-- VMYSQL4.1 SET sql_mode = 'ALLOW_INVALID_DATES';
-- VMYSQL4.1 update llx_opensurvey_sondage set tms = date_fin where DATE(STR_TO_DATE(tms, '%Y-%m-%d')) IS NULL;
-- VMYSQL4.1 SET sql_mode = 'NO_ZERO_DATE';
-- VMYSQL4.1 update llx_opensurvey_sondage set tms = date_fin where DATE(STR_TO_DATE(tms, '%Y-%m-%d')) IS NULL;
-- Remove default not null on date_fin
-- VMYSQL4.3 ALTER TABLE llx_opensurvey_sondage MODIFY COLUMN date_fin DATETIME NULL DEFAULT NULL;
-- VPGSQL8.2 ALTER TABLE llx_opensurvey_sondage ALTER COLUMN date_fin DROP NOT NULL;
-- Move real to numeric for more precision for storing monetary amounts (no rouding)
-- https://wiki.dolibarr.org/index.php/Langages_et_normes#Structure_des_tables_et_champs
ALTER TABLE llx_accounting_bookkeeping MODIFY COLUMN debit numeric(24,8);
ALTER TABLE llx_accounting_bookkeeping MODIFY COLUMN credit numeric(24,8);
ALTER TABLE llx_accounting_bookkeeping MODIFY COLUMN montant numeric(24,8);
ALTER TABLE llx_accounting_bookkeeping MODIFY COLUMN multicurrency_amount numeric(24,8);
ALTER TABLE llx_blockedlog MODIFY COLUMN amounts numeric(24,8);
ALTER TABLE llx_chargessociales MODIFY COLUMN amount numeric(24,8);
ALTER TABLE llx_commande MODIFY COLUMN amount_ht numeric(24,8);
ALTER TABLE llx_commande_fournisseur MODIFY COLUMN amount_ht numeric(24,8);
ALTER TABLE llx_don MODIFY COLUMN amount numeric(24,8);
ALTER TABLE llx_loan_schedule MODIFY COLUMN amount_capital numeric(24,8);
ALTER TABLE llx_loan_schedule MODIFY COLUMN amount_insurance numeric(24,8);
ALTER TABLE llx_loan_schedule MODIFY COLUMN amount_interest numeric(24,8);
ALTER TABLE llx_paiementcharge MODIFY COLUMN amount numeric(24,8);
ALTER TABLE llx_paiementfourn MODIFY COLUMN amount numeric(24,8);
ALTER TABLE llx_payment_donation MODIFY COLUMN amount numeric(24,8);
ALTER TABLE llx_payment_expensereport MODIFY COLUMN amount numeric(24,8);
ALTER TABLE llx_payment_loan MODIFY COLUMN amount_capital numeric(24,8);
ALTER TABLE llx_payment_loan MODIFY COLUMN amount_insurance numeric(24,8);
ALTER TABLE llx_payment_loan MODIFY COLUMN amount_interest numeric(24,8);
ALTER TABLE llx_payment_salary MODIFY COLUMN salary numeric(24,8);
ALTER TABLE llx_payment_salary MODIFY COLUMN amount numeric(24,8);
ALTER TABLE llx_prelevement_bons MODIFY COLUMN amount numeric(24,8);
ALTER TABLE llx_prelevement_facture_demande MODIFY COLUMN amount numeric(24,8);
ALTER TABLE llx_prelevement_lignes MODIFY COLUMN amount numeric(24,8);
ALTER TABLE llx_societe MODIFY COLUMN capital numeric(24,8);
ALTER TABLE llx_tva MODIFY COLUMN amount numeric(24,8);

10
htdocs/install/mysql/tables/llx_accounting_bookkeeping.sql
View File

@ -26,17 +26,17 @@ CREATE TABLE llx_accounting_bookkeeping
doc_ref varchar(300) NOT NULL, -- | facture_client/reglement_client/... reference number
fk_doc integer NOT NULL, -- | facture_client/reglement_client/... rowid
fk_docdet integer NOT NULL, -- | facture_client/reglement_client/... line rowid
thirdparty_code varchar(32), -- Third party code (customer or supplier) when record is saved (may help debug)
thirdparty_code varchar(32), -- Third party code (customer or supplier) when record is saved (may help debug)
subledger_account varchar(32), -- FEC:CompAuxNum | account number of subledger account
subledger_label varchar(255), -- FEC:CompAuxLib | label of subledger account
numero_compte varchar(32) NOT NULL, -- FEC:CompteNum | account number
label_compte varchar(255) NOT NULL, -- FEC:CompteLib | label of account
label_operation varchar(255), -- FEC:EcritureLib | label of the operation
debit numeric(24,8) NOT NULL, -- FEC:Debit
credit numeric(24,8) NOT NULL, -- FEC:Credit
montant numeric(24,8) NOT NULL, -- FEC:Montant (Not necessary)
debit double NOT NULL, -- FEC:Debit
credit double NOT NULL, -- FEC:Credit
montant double NOT NULL, -- FEC:Montant (Not necessary)
sens varchar(1) DEFAULT NULL, -- FEC:Sens (Not necessary)
multicurrency_amount numeric(24,8), -- FEC:Montantdevise
multicurrency_amount double, -- FEC:Montantdevise
multicurrency_code varchar(255), -- FEC:Idevise
lettering_code varchar(255), -- FEC:EcritureLet
date_lettering datetime, -- FEC:DateLet

2
htdocs/install/mysql/tables/llx_blockedlog.sql
View File

@ -4,7 +4,7 @@ CREATE TABLE llx_blockedlog
rowid integer AUTO_INCREMENT PRIMARY KEY,
tms timestamp DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
action varchar(50),
amounts numeric(24,8) NOT NULL,
amounts real NOT NULL,
signature varchar(100) NOT NULL,
signature_line varchar(100) NOT NULL,
element varchar(50),

2
htdocs/install/mysql/tables/llx_chargesociales.sql
View File

@ -34,7 +34,7 @@ create table llx_chargesociales
fk_type integer NOT NULL,
fk_account integer, -- bank account
fk_mode_reglement integer, -- mode de reglement
amount numeric(24,8) default 0 NOT NULL,
amount real default 0 NOT NULL,
paye smallint default 0 NOT NULL,
periode date,
fk_projet integer DEFAULT NULL,

2
htdocs/install/mysql/tables/llx_commande.sql
View File

@ -42,7 +42,7 @@ create table llx_commande
fk_user_cloture integer, -- user closing
source smallint, -- not used, except by setting this to 42 for orders coming for replenishment and 0 in other case ?
fk_statut smallint default 0,
amount_ht numeric(24,8) default 0,
amount_ht real default 0,
remise_percent real default 0,
remise_absolue real default 0,
remise real default 0,

2
htdocs/install/mysql/tables/llx_commande_fournisseur.sql
View File

@ -46,7 +46,7 @@ create table llx_commande_fournisseur
source smallint NOT NULL, -- not used, except by setting this to 42 for orders coming for replenishment and 0 in other case ?
fk_statut smallint default 0,
billed smallint default 0,
amount_ht numeric(24,8) default 0,
amount_ht real default 0,
remise_percent real default 0,
remise real default 0,
tva double(24,8) default 0,

2
htdocs/install/mysql/tables/llx_don.sql
View File

@ -28,7 +28,7 @@ create table llx_don
tms timestamp,
fk_statut smallint NOT NULL DEFAULT 0, -- Status of donation promise or validate
datedon datetime, -- Date of the donation/promise
amount numeric(24,8) DEFAULT 0,
amount real DEFAULT 0,
fk_payment integer,
paid smallint default 0 NOT NULL,
firstname varchar(50),

6
htdocs/install/mysql/tables/llx_loan_schedule.sql
View File

@ -24,9 +24,9 @@ create table llx_loan_schedule
datec datetime, -- creation date
tms timestamp,
datep datetime, -- payment date
amount_capital numeric(24,8) DEFAULT 0,
amount_insurance numeric(24,8) DEFAULT 0,
amount_interest numeric(24,8) DEFAULT 0,
amount_capital real DEFAULT 0,
amount_insurance real DEFAULT 0,
amount_interest real DEFAULT 0,
fk_typepayment integer NOT NULL,
num_payment varchar(50),
note_private text,

2
htdocs/install/mysql/tables/llx_paiementcharge.sql
View File

@ -23,7 +23,7 @@ create table llx_paiementcharge
datec datetime, -- date de creation
tms timestamp,
datep datetime, -- payment date
amount numeric(24,8) DEFAULT 0,
amount real DEFAULT 0,
fk_typepaiement integer NOT NULL,
num_paiement varchar(50),
note text,

2
htdocs/install/mysql/tables/llx_paiementfourn.sql
View File

@ -25,7 +25,7 @@ create table llx_paiementfourn
tms timestamp,
datec datetime, -- date de creation de l'enregistrement
datep datetime, -- date de paiement
amount numeric(24,8) DEFAULT 0, -- montant
amount real DEFAULT 0, -- montant
multicurrency_amount double(24,8) DEFAULT 0, -- multicurrency amount
fk_user_author integer, -- auteur
fk_paiement integer NOT NULL, -- moyen de paiement

2
htdocs/install/mysql/tables/llx_payment_donation.sql
View File

@ -23,7 +23,7 @@ create table llx_payment_donation
datec datetime, -- date de creation
tms timestamp,
datep datetime, -- payment date
amount numeric(24,8) DEFAULT 0,
amount real DEFAULT 0,
fk_typepayment integer NOT NULL,
num_payment varchar(50),
note text,

2
htdocs/install/mysql/tables/llx_payment_expensereport.sql
View File

@ -23,7 +23,7 @@ create table llx_payment_expensereport
datec datetime, -- date de creation
tms timestamp,
datep datetime, -- payment date
amount numeric(24,8) DEFAULT 0,
amount real DEFAULT 0,
fk_typepayment integer NOT NULL,
num_payment varchar(50),
note text,

6
htdocs/install/mysql/tables/llx_payment_loan.sql
View File

@ -24,9 +24,9 @@ create table llx_payment_loan
datec datetime, -- creation date
tms timestamp,
datep datetime, -- payment date
amount_capital numeric(24,8) DEFAULT 0,
amount_insurance numeric(24,8) DEFAULT 0,
amount_interest numeric(24,8) DEFAULT 0,
amount_capital real DEFAULT 0,
amount_insurance real DEFAULT 0,
amount_interest real DEFAULT 0,
fk_typepayment integer NOT NULL,
num_payment varchar(50),
note_private text,

4
htdocs/install/mysql/tables/llx_payment_salary.sql
View File

@ -24,8 +24,8 @@ create table llx_payment_salary
fk_user integer NOT NULL,
datep date, -- date de paiement
datev date, -- date de valeur (this field should not be here, only into bank tables)
salary numeric(24,8), -- salary of user when payment was done
amount numeric(24,8) NOT NULL DEFAULT 0,
salary real, -- salary of user when payment was done
amount real NOT NULL DEFAULT 0,
fk_typepayment integer NOT NULL,
num_payment varchar(50), -- ref
label varchar(255),

2
htdocs/install/mysql/tables/llx_prelevement_bons.sql
View File

@ -29,7 +29,7 @@ create table llx_prelevement_bons
ref varchar(12), -- reference
entity integer DEFAULT 1 NOT NULL, -- multi company id
datec datetime, -- date de creation
amount numeric(24,8) DEFAULT 0, -- montant total du prelevement
amount real DEFAULT 0, -- montant total du prelevement
statut smallint DEFAULT 0, -- statut
credite smallint DEFAULT 0, -- indique si le prelevement a ete credite
note text,

2
htdocs/install/mysql/tables/llx_prelevement_facture_demande.sql
View File

@ -21,7 +21,7 @@ create table llx_prelevement_facture_demande
(
rowid integer AUTO_INCREMENT PRIMARY KEY,
fk_facture integer NOT NULL,
amount numeric(24,8) NOT NULL,
amount real NOT NULL,
date_demande datetime NOT NULL,
traite smallint DEFAULT 0,
date_traite datetime,

2
htdocs/install/mysql/tables/llx_prelevement_lignes.sql
View File

@ -24,7 +24,7 @@ create table llx_prelevement_lignes
statut smallint DEFAULT 0,
client_nom varchar(255),
amount numeric(24,8) DEFAULT 0,
amount real DEFAULT 0,
code_banque varchar(128),
code_guichet varchar(6),
number varchar(255),

2
htdocs/install/mysql/tables/llx_societe.sql
View File

@ -64,7 +64,7 @@ create table llx_societe
idprof5 varchar(128), -- IDProf5: nu for france
idprof6 varchar(128), -- IDProf6: nu for france
tva_intra varchar(20), -- tva
capital numeric(24,8), -- capital de la societe
capital real, -- capital de la societe
fk_stcomm integer DEFAULT 0 NOT NULL, -- commercial statut
note_private text, --
note_public text, --

4
htdocs/install/mysql/tables/llx_tva.sql
View File

@ -24,11 +24,11 @@ create table llx_tva
datec datetime, -- Create date
datep date, -- date de paiement
datev date, -- date de valeur
amount numeric(24,8) NOT NULL DEFAULT 0,
amount real NOT NULL DEFAULT 0,
fk_typepayment integer NULL,
num_payment varchar(50),
label varchar(255),
entity integer DEFAULT 1 NOT NULL, -- multi company id
entity integer DEFAULT 1 NOT NULL, -- multi company id
note text,
fk_bank integer,
fk_user_creat integer, -- utilisateur who create record

22
htdocs/langs/en_US/admin.lang
View File

@ -104,7 +104,7 @@ MenuIdParent=Parent menu ID
DetailMenuIdParent=ID of parent menu (empty for a top menu)
DetailPosition=Sort number to define menu position
AllMenus=All
NotConfigured=Module not configured
NotConfigured=Module/Application not configured
Active=Active
SetupShort=Setup
OtherOptions=Other options
@ -114,7 +114,6 @@ CurrentValueSeparatorThousand=Thousand separator
Destination=Destination
IdModule=Module ID
IdPermissions=Permissions ID
Modules=Modules
LanguageBrowserParameter=Parameter %s
LocalisationDolibarrParameters=Localisation parameters
ClientTZ=Client Time Zone (user)
@ -191,7 +190,7 @@ FeatureAvailableOnlyOnStable=Feature only available on official stable versions
Rights=Permissions
BoxesDesc=Widgets are components showing some information that you can add to personalize some pages. You can choose between showing the widget or not by selecting target page and clicking 'Activate', or by clicking the dustbin to disable it.
OnlyActiveElementsAreShown=Only elements from <a href="%s">enabled modules</a> are shown.
ModulesDesc=Dolibarr modules define which application/feature is enabled in software. Some application/modules require permissions you must grant to users, after enabling module. Click on button on/off to enable an application/module.
ModulesDesc=Dolibarr modules define which application/feature is enabled in software. Some application/modules require permissions you must grant to users, after activating it. Click on button on/off to enable a module/application.
ModulesMarketPlaceDesc=You can find more modules to download on external websites on the Internet...
ModulesDeployDesc=If permissions on your file system allows it, you can use this tool to deploy an external module. The module wil then be visible on the tab <strong>%s</strong>.
ModulesMarketPlaces=Find external modules...
@ -271,7 +270,7 @@ FeatureNotAvailableOnLinux=Feature not available on Unix like systems. Test your
SubmitTranslation=If translation for this language is not complete or you find errors, you can correct this by editing files into directory <b>langs/%s</b> and submit your change to www.transifex.com/dolibarr-association/dolibarr/
SubmitTranslationENUS=If translation for this language is not complete or you find errors, you can correct this by editing files into directory <b>langs/%s</b> and submit modified files on dolibarr.org/forum or for developers on github.com/Dolibarr/dolibarr.
ModuleSetup=Module setup
ModulesSetup=Modules setup
ModulesSetup=Modules/Application setup
ModuleFamilyBase=System
ModuleFamilyCrm=Customer Relation Management (CRM)
ModuleFamilySrm=Supplier Relation Management (SRM)
@ -467,7 +466,7 @@ Module30Desc=Invoice and credit note management for customers. Invoice managemen
Module40Name=Suppliers
Module40Desc=Supplier management and buying (orders and invoices)
Module42Name=Logs
Module42Desc=Logging facilities (file, syslog, ...). Such logs are for technical/debug purposes. For legal purpose, see instead module 'Non Reversible Logs'.
Module42Desc=Logging facilities (file, syslog, ...). Such logs are for technical/debug purposes.
Module49Name=Editors
Module49Desc=Editor management
Module50Name=Products
@ -566,7 +565,7 @@ Module2900Desc=GeoIP Maxmind conversions capabilities
Module3100Name=Skype
Module3100Desc=Add a Skype button into users / third parties / contacts / members cards
Module3200Name=Non Reversible Logs
Module3200Desc=Activate log of some business events into a non reversible log. Events are archived in real-time. The log is a table that can be then exported. This module may be mandatory for some countries.
Module3200Desc=Activate log of some business events into a non reversible log. Events are archived in real-time. The log is a table of chained event that can be then read and exported. This module may be mandatory for some countries.
Module4000Name=HRM
Module4000Desc=Human resources management (mangement of department, employee contracts and feelings)
Module5000Name=Multi-company
@ -998,9 +997,9 @@ Delays_MAIN_DELAY_MEMBERS=Tolerance delay (in days) before alert on delayed memb
Delays_MAIN_DELAY_CHEQUES_TO_DEPOSIT=Tolerance delay (in days) before alert for cheques deposit to do
Delays_MAIN_DELAY_EXPENSEREPORTS=Tolerance delay (in days) before alert for expense reports to approve
SetupDescription1=The setup area is for initial setup parameters before starting to use Dolibarr.
SetupDescription2=The two most important setup steps are the first two in the setup menu on the left: Company/Organisation setup page and Modules setup page:
SetupDescription3=Parameters in menu <a href="%s">Setup -> Company/Organisation</a> are required because submitted data are used on Dolibarr displays and to customize the default behaviour of the software (for country-related features for example).
SetupDescription4=Parameters in menu <a href="%s">Setup -> Modules</a> are required because Dolibarr is not a monolithic ERP/CRM but a collection of several modules, all more or less independent. New features will be added to menus for every module you'll enable.
SetupDescription2=The two mandatory setup steps are the first two in the setup menu on the left: %s setup page and %s setup page :
SetupDescription3=Parameters in menu <a href="%s">%s -> %s</a> are required because defined data are used on Dolibarr screens and to customize the default behavior of the software (for country-related features for example).
SetupDescription4=Parameters in menu <a href="%s">%s -> %s</a> are required because Dolibarr ERP/CRM is a collection of several modules/applications, all more or less independent. New features will be added to menus for every module you will activate.
SetupDescription5=Other menu entries manage optional parameters.
LogEvents=Security audit events
Audit=Audit
@ -1016,7 +1015,7 @@ BrowserOS=Browser OS
ListOfSecurityEvents=List of Dolibarr security events
SecurityEventsPurged=Security events purged
LogEventDesc=You can enable here the logging for Dolibarr security events. Administrators can then see its content via menu <b>System tools - Audit</b>. Warning, this feature can consume a large amount of data in database.
AreaForAdminOnly=Those features can be used by <b>administrator users</b> only.
AreaForAdminOnly=Setup parameters can be set by <b>administrator users</b> only.
SystemInfoDesc=System information is miscellaneous technical information you get in read only mode and visible for administrators only.
SystemAreaForAdminOnly=This area is available for administrator users only. None of the Dolibarr permissions can reduce this limit.
CompanyFundationDesc=Edit on this page all known information of the company or foundation you need to manage (For this, click on "Modify" or "Save" button at bottom of page)
@ -1700,7 +1699,8 @@ UserHasNoPermissions=This user has no permission defined
TypeCdr=Use "None" if the date of payment term is date of invoice plus a delta in days (delta is field "Nb of days")<br>Use "At end of month", if, after delta, the date must be increased to reach the end of month (+ an optional "Offset" in days)<br>Use "Current/Next" to have payment term date being the first Nth of the month (N is stored into field "Nb of days")
BaseCurrency=Reference currency of the company (go into setup of company to change this)
WarningNoteModuleInvoiceForFrenchLaw=This module %s is compliant with french laws (Loi Finance 2016).
WarningInstallationMayBecomeNotCompliantWithLaw=You try to install the module %s that is an external module. Activating an external module means you trust the editor of the module and you are sure that this module does not alterate negatively the behavior of your application and is compliant with laws of your country (%s). If the module bring a non legal feature, you become responsible for the use of a non legal software.
WarningNoteModulePOSForFrenchLaw=This module %s is compliant with french laws (Loi Finance 2016) because module Non Reversible Logs is automatically activated.
WarningInstallationMayBecomeNotCompliantWithLaw=You try to install the module %s that is an external module. Activating an external module means you trust the publisher of the module and you are sure that this module does not alterate negatively the behavior of your application and is compliant with laws of your country (%s). If the module bring a non legal feature, you become responsible for the use of a non legal software.
##### Resource ####
ResourceSetup=Configuration du module Resource
UseSearchToSelectResource=Use a search form to choose a resource (rather than a drop-down list).

1
htdocs/langs/en_US/errors.lang
View File

@ -44,6 +44,7 @@ ErrorFailedToWriteInDir=Failed to write in directory %s
ErrorFoundBadEmailInFile=Found incorrect email syntax for %s lines in file (example line %s with email=%s)
ErrorUserCannotBeDelete=User cannot be deleted. May be it is associated to Dolibarr entities.
ErrorFieldsRequired=Some required fields were not filled.
ErrorSubjectIsRequired=The email topic is required
ErrorFailedToCreateDir=Failed to create a directory. Check that Web server user has permissions to write into Dolibarr documents directory. If parameter <b>safe_mode</b> is enabled on this PHP, check that Dolibarr php files owns to web server user (or group).
ErrorNoMailDefinedForThisUser=No mail defined for this user
ErrorFeatureNeedJavascript=This feature need javascript to be activated to work. Change this in setup - display.

3
htdocs/langs/en_US/main.lang
View File

@ -366,7 +366,8 @@ VATRate=Tax Rate
Average=Average
Sum=Sum
Delta=Delta
Module=Module
Module=Module/Application
Modules=Modules/Applications
Option=Option
List=List
FullList=Full list

26
htdocs/langs/en_US/modulebuilder.lang
View File

@ -1,24 +1,36 @@
# Dolibarr language file - Source file is en_US - loan
ModuleBuilderDesc=This tools give you utilites to build or edit your own module.
EnterNameOfModuleDesc=Enter name of the module to create with no spaces. Use uppercase to separate words (For example: MyModule, EcommerceForShop, SyncWithMySystem...)
ModuleBuilderDesc=This tools give you utilites to build or edit your own module (<a href="%s" target="_blank">More information here</a>).
EnterNameOfModuleDesc=Enter name of the module/application to create with no spaces. Use uppercase to separate words (For example: MyModule, EcommerceForShop, SyncWithMySystem...)
EnterNameOfObjectDesc=Enter name of the object to create with no spaces. Use uppercase to separate words (For example: MyObject, Student, Teacher...)
ModuleBuilderDesc2=Path were modules are generated/edited (first alternative directory defined into %s): <strong>%s</strong>
ModuleBuilderDesc3=Generated/editable modules found: <strong>%s</strong> (they are detected as editable when the file <strong>%s</strong> exists in root of module directory).
NewModule=New module
ModuleKey=Key for new module
NewObject=New object
ModuleKey=Module key
ObjectKey=Object key
ModuleInitialized=Module initialized
FilesForObjectInitialized=Files for new object initialized
ModuleBuilderDescdescription=Enter here all general information that describe your module
ModuleBuilderDescobjects=Define here the new objects you want to manage with your module. A page to list them and a page to create/edit/view a card will be generated.
ModuleBuilderDescobjects=Define here the objects you want to manage with your module. A sql file, a page to list them, to create/edit/view a card and an API will be generated.
ModuleBuilderDescmenus=This tab is dedicated to define menu entries provided by your module.
ModuleBuilderDescpermissions=This tab is dedicated to define the new permissions you want to provide with your module.
ModuleBuilderDesctriggers=This is the view of triggers provided by your module. To include code executed when a triggered business event is launched, just edit this file with your IDE.
ModuleBuilderDeschooks=This tab is dedicated to hooks.
ModuleBuilderDescwidgets=This tab is dedicated to manage/build widgets.
ModuleBuilderDescbuildpackage=You can generate here a "ready to distribute" package file (a normalized .zip file) of your module. Just click on button to get your module package file.
ModuleBuilderDescdangerzone=You can delete your module. WARNING: All files of module will be definetly lost !
ModuleBuilderDescbuildpackage=You can generate here a "ready to distribute" package file (a normalized .zip file) of your module. Just click on button to build the module package file.
EnterNameOfModuleToDeleteDesc=You can delete your module. WARNING: All files of module will be definitly lost !
EnterNameOfObjectToDeleteDesc=You can delete an object. WARNING: All files related to object will be definitly lost !
DangerZone=Danger zone
BuildPackage=Build package
ModuleIsNotActive=This module was not activated yet (go into Home-Setup-Module to make it live)
ModuleIsLive=This module has been activated. Any change on it may break a current active feature.
DescriptionLong=Long description
EditorName=Name of editor
EditorUrl=URL of editor
EditorUrl=URL of editor
DescriptorFile=Descriptor file of module
ClassFile=File for PHP class
ApiClassFile=File for PHP API class
PageForList=PHP page for list of record
PageForCreateEditView=PHP page to create/edit/view a record
PathToModulePackage=Path to zip of module/application package
SpaceOrSpecialCharAreNotAllowed=Spaces or special characters are not allowed.

2
htdocs/langs/en_US/other.lang
View File

@ -81,6 +81,7 @@ PredefinedMailContentSendSupplierInvoice=__CONTACTCIVNAME__\n\nYou will find her
PredefinedMailContentSendShipping=__CONTACTCIVNAME__\n\nYou will find here the shipping __SHIPPINGREF__\n\n__PERSONALIZED__Sincerely\n\n__SIGNATURE__
PredefinedMailContentSendFichInter=__CONTACTCIVNAME__\n\nYou will find here the intervention __FICHINTERREF__\n\n__PERSONALIZED__Sincerely\n\n__SIGNATURE__
PredefinedMailContentThirdparty=__CONTACTCIVNAME__\n\n__PERSONALIZED__\n\n__SIGNATURE__
PredefinedMailContentUser=aa__PERSONALIZED__\n\n__SIGNATURE__
DemoDesc=Dolibarr is a compact ERP/CRM supporting several business modules. A demo showcasing all modules makes no sense as this scenario never occurs (several hundred available). So, several demo profiles are available.
ChooseYourDemoProfil=Choose the demo profile that best suits your needs...
ChooseYourDemoProfilMore=...or build your own profile<br>(manual module selection)
@ -123,6 +124,7 @@ WeightUnitkg=kg
WeightUnitg=g
WeightUnitmg=mg
WeightUnitpound=pound
WeightUnitounce=ounce
Length=Length
LengthUnitm=m
LengthUnitdm=dm

11
htdocs/main.inc.php
View File

@ -97,8 +97,9 @@ function test_sql_and_script_inject($val, $type)
$sql_inj += preg_match('/<script/i', $val);
if (! defined('NOSTYLECHECK')) $sql_inj += preg_match('/<style/i', $val);
$sql_inj += preg_match('/base[\s]+href/si', $val);
$sql_inj += preg_match('/<.*onmouse/si', $val); // onmousexxx can be set on img or any html tag like <img title='>' onmouseover=alert(1)>
$sql_inj += preg_match('/onerror\s*=/i', $val); // onerror can be set on img or any html tag like <img title='>' onerror = alert(1)>
$sql_inj += preg_match('/<.*onmouse/si', $val); // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
$sql_inj += preg_match('/onerror\s*=/i', $val); // onerror can be set on img or any html tag like <img title='...' onerror = alert(1)>
$sql_inj += preg_match('/onfocus\s*=/i', $val); // onfocus can be set on input text html tag like <input type='text' value='...' onfocus = alert(1)>
if ($type == 1)
{
$sql_inj += preg_match('/javascript:/i', $val);
@ -1486,14 +1487,14 @@ function top_menu($head, $title='', $target='', $disablejs=0, $disablehead=0, $a
// Link to print main content area
if (empty($conf->global->MAIN_PRINT_DISABLELINK) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER) && empty($conf->browser->phone))
{
$qs=$_SERVER["QUERY_STRING"];
$qs=dol_escape_htmltag($_SERVER["QUERY_STRING"]);
foreach($_POST as $key=>$value) {
if($key!=='action' && !is_array($value))$qs.='&'.$key.'='.urlencode($value);
if ($key!=='action' && !is_array($value)) $qs.='&'.$key.'='.urlencode($value);
}
$qs.=(($qs && $morequerystring)?'&':'').$morequerystring;
$text ='<a href="'.$_SERVER["PHP_SELF"].'?'.$qs.($qs?'&':'').'optioncss=print" target="_blank">';
$text ='<a href="'.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.$qs.($qs?'&':'').'optioncss=print" target="_blank">';
//$text.= img_picto(":".$langs->trans("PrintContentArea"), 'printer_top.png', 'class="printer"');
$text.='<span class="fa fa-print atoplogin"></span>';
$text.='</a>';

489
htdocs/modulebuilder/index.php
View File

@ -33,11 +33,13 @@ $action=GETPOST('action','aZ09');
$confirm=GETPOST('confirm','alpha');
$module=GETPOST('module','alpha');
$tab=GETPOST('tab','aZ09');
$tabobj=GETPOST('tabobj','alpha');
if (empty($module)) $module='initmodule';
if (empty($tab)) $tab='description';
if (empty($tabobj)) $tabobj='newobject';
$modulename=dol_sanitizeFileName(GETPOST('modulename','alpha'));
$objectname=dol_sanitizeFileName(GETPOST('objectname','alpha'));
// Security check
if (! $user->admin && empty($conf->global->MODULEBUILDER_FOREVERYONE)) accessforbidden('ModuleBuilderNotAllowed');
@ -56,28 +58,49 @@ $FILEFLAG='modulebuilder.txt';
if ($dirins && $action == 'initmodule' && $modulename)
{
$srcdir = DOL_DOCUMENT_ROOT.'/modulebuilder/template';
$destdir = $dirins.'/'.strtolower($modulename);
$arrayreplacement=array(
'mymodule'=>strtolower($modulename),
'MyModule'=>$modulename
);
$result = dolCopyDir($srcdir, $destdir, 0, 0, $arrayreplacement);
//dol_mkdir($destfile);
if ($result <= 0)
if (preg_match('/\s/', $modulename))
{
if ($result < 0)
{
$error++;
$langs->load("errors");
setEventMessages($langs->trans("ErrorFailToCopyDir", $srcdir, $destdir), null, 'errors');
}
else // $result == 0
{
setEventMessages($langs->trans("AllFilesDidAlreadyExist", $srcdir, $destdir), null, 'warnings');
}
$error++;
setEventMessages($langs->trans("SpaceOrSpecialCharAreNotAllowed"), null, 'errors');
}
if (! $error)
{
$srcdir = DOL_DOCUMENT_ROOT.'/modulebuilder/template';
$destdir = $dirins.'/'.strtolower($modulename);
$arrayreplacement=array(
'mymodule'=>strtolower($modulename),
'MyModule'=>$modulename
);
$result = dolCopyDir($srcdir, $destdir, 0, 0, $arrayreplacement);
//dol_mkdir($destfile);
if ($result <= 0)
{
if ($result < 0)
{
$error++;
$langs->load("errors");
setEventMessages($langs->trans("ErrorFailToCopyDir", $srcdir, $destdir), null, 'errors');
}
else // $result == 0
{
setEventMessages($langs->trans("AllFilesDidAlreadyExist", $srcdir, $destdir), null, 'warnings');
}
}
// Delete some files
dol_delete_file($destdir.'/myobject_card.php');
dol_delete_file($destdir.'/myobject_list.php');
dol_delete_file($destdir.'/test/phpunit/MyObjectTest.php');
dol_delete_file($destdir.'/sql/llx_myobject.key.sql');
dol_delete_file($destdir.'/sql/llx_myobject.sql');
dol_delete_file($destdir.'/scripts/myobject.php');
dol_delete_file($destdir.'/img/object_myobject.png');
dol_delete_file($destdir.'/class/myobject.class.php');
dol_delete_file($destdir.'/class/api_myobject.class.php');
dol_delete_file($destdir.'/class/MyObject.txt');
}
// Edit PHP files
@ -113,17 +136,181 @@ if ($dirins && $action == 'initmodule' && $modulename)
}
}
if ($dirins && $action == 'initobject' && $module && $objectname)
{
if (preg_match('/\s/', $objectname))
{
$error++;
setEventMessages($langs->trans("SpaceOrSpecialCharAreNotAllowed"), null, 'errors');
}
if (! $error)
{
$srcdir = DOL_DOCUMENT_ROOT.'/modulebuilder/template';
$destdir = $dirins.'/'.strtolower($module);
$arrayreplacement=array(
'mymodule'=>strtolower($module),
'MyModule'=>$module,
'myobject'=>strtolower($objectname),
'MyObject'=>$objectname
);
// Delete some files
$filetogenerate = array(
'myobject_card.php'=>strtolower($objectname).'_card.php',
'myobject_list.php'=>strtolower($objectname).'_list.php',
'test/phpunit/MyObjectTest.php'=>'test/phpunit/'.$objectname.'Test.php',
'sql/llx_myobject.key.sql'=>'sql/llx_'.strtolower($objectname).'.key.sql',
'sql/llx_myobject.sql'=>'sql/llx_'.strtolower($objectname).'.sql',
'scripts/myobject.php'=>'scripts/'.strtolower($objectname).'.php',
'img/object_myobject.png'=>'img/object_'.strtolower($objectname).'.png',
'class/myobject.class.php'=>'class/'.strtolower($objectname).'.class.php',
'class/api_myobject.class.php'=>'class/api_'.strtolower($objectname).'.class.php',
'class/MyObject.txt'=>'class/'.$objectname.'.txt'
);
foreach($filetogenerate as $srcfile => $destfile)
{
$result = dol_copy($srcdir.'/'.$srcfile, $destdir.'/'.$destfile);
if ($result <= 0)
{
if ($result < 0)
{
$error++;
$langs->load("errors");
setEventMessages($langs->trans("ErrorFailToCopyFile", $srcdir.'/'.$srcfile, $destdir.'/'.$destfile), null, 'errors');
}
else // $result == 0
{
setEventMessages($langs->trans("FileAlreadyExists", $srcdir.'/'.$srcfile, $destdir.'/'.$destfile), null, 'warnings');
}
}
else
{
// Copy is ok
}
}
}
if (! $error)
{
// Edit PHP files
foreach($filetogenerate as $destfile)
{
$phpfileval['fullname'] = $destdir.'/'.$destfile;
//var_dump($phpfileval['fullname']);
$arrayreplacement=array(
'mymodule'=>strtolower($modulename),
'MyModule'=>$modulename,
'MYMODULE'=>strtoupper($modulename),
'My module'=>$modulename,
'htdocs/modulebuilder/template/'=>'',
'myobject'=>strtolower($objectname),
'MyObject'=>$objectname
);
$result=dolReplaceInFile($phpfileval['fullname'], $arrayreplacement);
//var_dump($result);
if ($result < 0)
{
setEventMessages($langs->trans("ErrorFailToMakeReplacementInto", $phpfileval['fullname']), null, 'errors');
}
}
}
if (! $error)
{
setEventMessages('FilesForObjectInitialized', null);
}
}
if ($dirins && $action == 'confirm_delete')
{
$modulelowercase=strtolower($module);
if (preg_match('/\s/', $module))
{
$error++;
setEventMessages($langs->trans("SpaceOrSpecialCharAreNotAllowed"), null, 'errors');
}
// Dir for module
$dir = $dirins.'/'.$modulelowercase;
if (! $error)
{
$modulelowercase=strtolower($module);
dol_delete_dir_recursive($dir);
// Dir for module
$dir = $dirins.'/'.$modulelowercase;
header("Location: ".DOL_URL_ROOT.'/modulebuilder/index.php?module=initmodule');
exit;
$result = dol_delete_dir_recursive($dir);
if ($result > 0)
{
setEventMessages($langs->trans("DirDeleted"), null);
}
else
{
setEventMessages($langs->trans("NothingDeleted"), null, 'warnings');
}
}
//header("Location: ".DOL_URL_ROOT.'/modulebuilder/index.php?module=initmodule');
//exit;
$action = '';
$module = 'deletemodule';
}
if ($dirins && $action == 'confirm_deleteobject' && $objectname)
{
if (preg_match('/\s/', $objectname))
{
$error++;
setEventMessages($langs->trans("SpaceOrSpecialCharAreNotAllowed"), null, 'errors');
}
if (! $error)
{
$modulelowercase=strtolower($module);
$objectlowercase=strtolower($objectname);
// Dir for module
$dir = $dirins.'/'.$modulelowercase;
// Delete some files
$filetogenerate = array(
'myobject_card.php'=>strtolower($objectname).'_card.php',
'myobject_list.php'=>strtolower($objectname).'_list.php',
'test/phpunit/MyObjectTest.php'=>'test/phpunit/'.$objectname.'Test.php',
'sql/llx_myobject.key.sql'=>'sql/llx_'.strtolower($objectname).'.key.sql',
'sql/llx_myobject.sql'=>'sql/llx_'.strtolower($objectname).'.sql',
'scripts/myobject.php'=>'scripts/'.strtolower($objectname).'.php',
'img/object_myobject.png'=>'img/object_'.strtolower($objectname).'.png',
'class/myobject.class.php'=>'class/'.strtolower($objectname).'.class.php',
'class/api_myobject.class.php'=>'class/api_'.strtolower($objectname).'.class.php',
'class/MyObject.txt'=>'class/'.$objectname.'.txt'
);
$resultko = 0;
foreach($filetogenerate as $filetodelete)
{
$resulttmp = dol_delete_file($dir.'/'.$filetodelete, 0, 0, 1);
if (! $resulttmp) $resultko++;
}
if ($resultko == 0)
{
setEventMessages($langs->trans("FilesDeleted"), null);
}
else
{
setEventMessages($langs->trans("ErrorSomeFilesCouldNotBeDeleted"), null, 'warnings');
}
}
//header("Location: ".DOL_URL_ROOT.'/modulebuilder/index.php?module=initmodule');
//exit;
$action = '';
$tabobj = 'deleteobject';
}
if ($dirins && $action == 'generatepackage')
@ -247,7 +434,7 @@ if (!empty($conf->modulebuilder->enabled) && $mainmenu == 'modulebuilder') // En
// Show description of content
$newdircustom=$dirins;
if (empty($newdircustom)) $newdircustom=img_warning();
print $langs->trans("ModuleBuilderDesc").'<br>';
print $langs->trans("ModuleBuilderDesc", 'https://wiki.dolibarr.org/index.php/Module_development#Create_your_module').'<br>';
print $langs->trans("ModuleBuilderDesc2", 'conf/conf.php', $newdircustom).'<br>';
$message='';
@ -287,7 +474,7 @@ print $langs->trans("ModuleBuilderDesc3", count($listofmodules), $FILEFLAG).'<br
$error=0;
$moduleobj = null;
if (! empty($module) && $module != 'initmodule')
if (! empty($module) && $module != 'initmodule' && $module != 'deletemodule')
{
$modulelowercase=strtolower($module);
@ -334,6 +521,10 @@ foreach($listofmodules as $tmpmodule => $tmpmodulewithcase)
$h++;
}
$head[$h][0] = $_SERVER["PHP_SELF"].'?module=deletemodule';
$head[$h][1] = $langs->trans("DangerZone");
$head[$h][2] = 'deletemodule';
$h++;
dol_fiche_head($head, $module, $langs->trans("Modules"), -1, 'generic');
@ -352,6 +543,19 @@ if ($module == 'initmodule')
print '<input type="submit" class="button" name="create" value="'.dol_escape_htmltag($langs->trans("Create")).'"'.($dirins?'':' disabled="disabled"').'>';
print '</form>';
}
elseif ($module == 'deletemodule')
{
print '<form name="delete">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="confirm_delete">';
print '<input type="hidden" name="module" value="deletemodule">';
print $langs->trans("EnterNameOfModuleToDeleteDesc").'<br><br>';
print '<input type="text" name="module" placeholder="'.dol_escape_htmltag($langs->trans("ModuleKey")).'" value="">';
print '<input type="submit" class="buttonDelete" value="'.$langs->trans("Delete").'"'.($dirins?'':' disabled="disabled"').'>';
print '</form>';
}
elseif (! empty($module))
{
// Tabs for module
@ -360,7 +564,9 @@ elseif (! empty($module))
$head2 = array();
$h=0;
$modulestatusinfo=img_info('').' '.$langs->trans("ModuleIsNotActive");
$modulelowercase=strtolower($module);
$modulestatusinfo=img_info('').' '.$langs->trans("ModuleIsNotActive");
if (! empty($conf->$module->enabled))
{
$modulestatusinfo=img_warning().' '.$langs->trans("ModuleIsLive");
@ -406,11 +612,6 @@ elseif (! empty($module))
$head2[$h][2] = 'buildpackage';
$h++;
$head2[$h][0] = $_SERVER["PHP_SELF"].'?tab=dangerzone&module='.$module;
$head2[$h][1] = $langs->trans("DangerZone");
$head2[$h][2] = 'dangerzone';
$h++;
print $modulestatusinfo.'<br><br>';
dol_fiche_head($head2, $tab, '', -1, '');
@ -419,7 +620,12 @@ elseif (! empty($module))
if ($tab == 'description')
{
print '<div class="underbanner clearboth"></div>';
$pathtofile = $modulelowercase.'/core/modules/mod'.$module.'.class.php';
print '<span class="fa fa-file"></span> '.$langs->trans("DescriptorFile").' : <strong>'.$pathtofile.'</strong><br>';
print '<br>';
print '<div class="underbanner clearboth"></div>';
print '<div class="fichecenter">';
print '<table class="border centpercent">';
@ -431,6 +637,7 @@ elseif (! empty($module))
print '<tr><td>';
print $langs->trans("Numero");
print ' (<a href="https://wiki.dolibarr.org/index.php/List_of_modules_id" target="_blank">'.$langs->trans("SeeHere").'</a>)';
print '</td><td>';
print $moduleobj->numero;
print '</td></tr>';
@ -485,9 +692,155 @@ elseif (! empty($module))
if ($tab == 'objects')
{
print $langs->trans("FeatureNotYetAvailable");
$head3 = array();
$h=0;
// Dir for module
$dir = $dirins.'/'.$modulelowercase.'/class';
$head3[$h][0] = $_SERVER["PHP_SELF"].'?tab=objects&module='.$module.'&tabobj=newobject';
$head3[$h][1] = $langs->trans("NewObject");
$head3[$h][2] = 'newobject';
$h++;
$listofobject = dol_dir_list($dir , 'files', 0, '\.txt$');
foreach($listofobject as $fileobj)
{
$objectname = preg_replace('/\.txt$/', '', $fileobj['name']);
$head3[$h][0] = $_SERVER["PHP_SELF"].'?tab=objects&module='.$module.'&tabobj='.$objectname;
$head3[$h][1] = $objectname;
$head3[$h][2] = $objectname;
$h++;
}
$head3[$h][0] = $_SERVER["PHP_SELF"].'?tab=objects&module='.$module.'&tabobj=deleteobject';
$head3[$h][1] = $langs->trans("DangerZone");
$head3[$h][2] = 'deleteobject';
$h++;
dol_fiche_head($head3, $tabobj, '', -1, '');
if ($tabobj == 'newobject')
{
// New module
print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="initobject">';
print '<input type="hidden" name="tab" value="objects">';
print '<input type="hidden" name="module" value="'.dol_escape_htmltag($module).'">';
print $langs->trans("EnterNameOfObjectDesc").'<br><br>';
print '<input type="text" name="objectname" value="'.dol_escape_htmltag($modulename).'" placeholder="'.dol_escape_htmltag($langs->trans("ObjectKey")).'">';
print '<input type="submit" class="button" name="create" value="'.dol_escape_htmltag($langs->trans("Create")).'"'.($dirins?'':' disabled="disabled"').'>';
print '</form>';
}
elseif ($tabobj == 'deleteobject')
{
// New module
print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="confirm_deleteobject">';
print '<input type="hidden" name="tab" value="objects">';
print '<input type="hidden" name="module" value="'.dol_escape_htmltag($module).'">';
print $langs->trans("EnterNameOfObjectToDeleteDesc").'<br><br>';
print '<input type="text" name="objectname" value="'.dol_escape_htmltag($modulename).'" placeholder="'.dol_escape_htmltag($langs->trans("ObjectKey")).'">';
print '<input type="submit" class="buttonDelete" name="delete" value="'.dol_escape_htmltag($langs->trans("Delete")).'"'.($dirins?'':' disabled="disabled"').'>';
print '</form>';
}
else
{
try {
$pathtoclass = strtolower($module).'/class/'.strtolower($tabobj).'.class.php';
$pathtoapi = strtolower($module).'/class/api_'.strtolower($tabobj).'.class.php';
$pathtolist = strtolower($module).'/'.strtolower($tabobj).'_list.class.php';
$pathtocard = strtolower($module).'/'.strtolower($tabobj).'_card.class.php';
print '<span class="fa fa-file"></span> '.$langs->trans("ClassFile").' : <strong>'.$pathtoclass.'</strong><br>';
print '<span class="fa fa-file"></span> '.$langs->trans("ApiClassFile").' : <strong>'.$pathtoapi.'</strong><br>';
print '<span class="fa fa-file"></span> '.$langs->trans("PageForList").' : <strong>'.$pathtolist.'</strong><br>';
print '<span class="fa fa-file"></span> '.$langs->trans("PageForCreateEditView").' : <strong>'.$pathtocard.'</strong><br>';
$result = dol_include_once($pathtoclass);
$tmpobjet = new $tabobj($db);
$reflector = new ReflectionClass($tabobj);
$properties = $reflector->getProperties(); // Can also use get_object_vars
$propdefault = $reflector->getDefaultProperties(); // Can also use get_object_vars
//$propstat = $reflector->getStaticProperties();
print load_fiche_titre($langs->trans("Properties"), '', '');
print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="initobject">';
print '<input type="hidden" name="tab" value="objects">';
print '<input type="hidden" name="module" value="'.dol_escape_htmltag($module).'">';
print '<input type="hidden" name="tabobj" value="'.dol_escape_htmltag($tabobj).'">';
print '<table class="noborder">';
print '<tr class="liste_titre">';
print '<td>'.$langs->trans("Property");
print ' (<a href="https://wiki.dolibarr.org/index.php/Language_and_development_rules#Table_and_fields_structures" target="_blank">'.$langs->trans("Example").'</a>)';
print '</td>';
print '<td>'.$langs->trans("Comment").'</td>';
print '<td>'.$langs->trans("Type").'</td>';
print '<td>'.$langs->trans("DefaultValue").'</td>';
print '<td></td>';
print '</tr>';
print '<tr>';
print '<td><input class="text" name="propname" value=""></td>';
print '<td><input class="text" name="propname" value=""></td>';
print '<td><input class="text" name="propname" value=""></td>';
print '<td><input class="text" name="propname" value=""></td>';
print '<td align="center">';
print '<input class="button" type="submit" name="add" value="'.$langs->trans("Add").'">';
print '</td></tr>';
foreach($properties as $propkey => $propval)
{
if ($propval->class == $tabobj)
{
$propname=$propval->getName();
// Discard generic properties
if (in_array($propname, array('element', 'childtables', 'table_element', 'table_element_line', 'class_element_line', 'isnolinkedbythird', 'ismultientitymanaged'))) continue;
// Keep or not lines
if (in_array($propname, array('fk_element', 'lines'))) continue;
print '<tr class="oddeven"><td>';
print $propname;
print '</td>';
print '<td>';
print $propval->getDocComment();
print '</td>';
print '<td>';
print gettype($tmpobjet->$propname);
print '</td>';
print '<td>';
print $propdefault[$propname];
print '</td>';
print '<td>';
print '</td>';
print '</tr>';
}
}
print '</table>';
print '</form>';
}
catch(Exception $e)
{
print $e->getMessage();
}
}
}
if ($tab == 'menus')
@ -528,10 +881,9 @@ elseif (! empty($module))
$var=True;
foreach ($triggers as $trigger)
{
print '<tr class="oddeven">';
print '<td valign="top" width="14" align="center">'.$trigger['picto'].'</td>';
print '<td class="tdtop">'.$trigger['file'].'</td>';
print '<td class="tdtop">'.$trigger['relpath'].'</td>';
print '<td valign="top" align="center">'.$trigger['status'].'</td>';
print '<td class="tdtop">';
$text=$trigger['info'];
@ -560,24 +912,59 @@ elseif (! empty($module))
print '<br>';
}
$modulelowercase=strtolower($module);
// Zip file to build
$FILENAMEZIP='';
// Load module
dol_include_once($modulelowercase.'/core/modules/mod'.$module.'.class.php');
$class='mod'.$module;
if (class_exists($class))
{
try {
$moduleobj = new $class($db);
}
catch(Exception $e)
{
$error++;
dol_print_error($e->getMessage());
}
}
else
{
$error++;
$langs->load("errors");
dol_print_error($langs->trans("ErrorFailedToLoadModuleDescriptorForXXX", $module));
exit;
}
$arrayversion=explode('.',$moduleobj->version,3);
if (count($arrayversion))
{
$FILENAMEZIP="module_".$modulelowercase.'-'.$arrayversion[0].'.'.$arrayversion[1].($arrayversion[2]?".".$arrayversion[2]:"").".zip";
$outputfile = $conf->admin->dir_temp.'/'.$FILENAMEZIP;
}
print '<span class="fa fa-file"></span> '. $langs->trans("PathToModulePackage") . ' : ';
if (! dol_is_file($outputfile)) print '<strong>'.$langs->trans("PackageFileNotYetGenerated").'</strong>';
else {
print '<strong>'.$outputfile.'</strong>';
print ' ('.$langs->trans("GeneratedOn").' '.dol_print_date(dol_filemtime($outputfile), 'dayhour').')';
}
print '</strong><br>';
print '<br><br>';
print '<form name="generatepackage">';
print '<input type="hidden" name="action" value="generatepackage">';
print '<input type="hidden" name="tab" value="'.dol_escape_htmltag($tab).'">';
print '<input type="hidden" name="module" value="'.dol_escape_htmltag($module).'">';
print '<input type="submit" class="button" value="'.$langs->trans("Generate").'">';
print '<input type="submit" class="button" value="'.$langs->trans("BuildPackage").'">';
print '</form>';
}
if ($tab == 'dangerzone')
{
print '<form name="delete">';
print '<input type="hidden" name="action" value="confirm_delete">';
print '<input type="hidden" name="tab" value="'.dol_escape_htmltag($tab).'">';
print '<input type="hidden" name="module" value="'.dol_escape_htmltag($module).'">';
print '<input type="submit" class="buttonDelete" value="'.$langs->trans("Delete").'"'.($dirins?'':' disabled="disabled"').'>';
print '</form>';
}
dol_fiche_end();
}
}

2
htdocs/modulebuilder/template/class/MyObject.txt Normal file
View File

@ -0,0 +1,2 @@
# DO NOT DELETE THIS FILE MANUALLY
# If this file exists, it means the class and file for object MyOjbect was generated by ModuleBuilder. Use ModuleBuilder if you want to delete object.

0
htdocs/modulebuilder/template/class/myobject_api_class.class.php → htdocs/modulebuilder/template/class/api_myobject.class.php
View File

78
htdocs/modulebuilder/template/class/myobject.class.php
View File

@ -21,8 +21,8 @@
/**
* \file htdocs/modulebuilder/template/class/myobject.class.php
* \ingroup mymodule othermodule1 othermodule2
* \brief This file is an example for a CRUD class file (Create/Read/Update/Delete)
* \ingroup mymodule
* \brief This file is a CRUD class file for MyObject (Create/Read/Update/Delete)
*/
// Put here all includes required by your class file
@ -31,50 +31,68 @@ require_once DOL_DOCUMENT_ROOT . '/core/class/commonobject.class.php';
//require_once DOL_DOCUMENT_ROOT . '/product/class/product.class.php';
/**
* Class MyModuleObject
*
* Put here description of your class.
* Class for MyObject
*/
class MyModuleObject extends CommonObject
class MyObject extends CommonObject
{
/**
* @var string Id to identify managed object
* @var string ID to identify managed object
*/
public $element = 'mymoduleobject';
public $element = 'myobject';
/**
* @var string Name of table without prefix where object is stored
*/
public $table_element = 'mymoduleobject';
/**
* @var array Array with all fields and their property
public $table_element = 'myobject';
/**
* @var array Does this field is linked to a thirdparty ?
*/
protected $isnolinkedbythird=1;
/**
* @var array Does myobject support multicompany module ? 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
*/
protected $ismultientitymanaged = 1;
/**
* @var string String with name of icon for myobject
*/
public $picto = 'generic';
/**
* @var array Array with all fields and their property
public $picto = 'myobject';
/**
* @var int Entity Id
*/
public $entity;
/**
* @var array Array with all fields and their property
*/
public $fields;
// If this object has a subtable with lines
/**
* @var mixed Sample property 1
* @var int Name of subtable line
*/
public $prop1;
//public $table_element_line = 'myobjectdet';
/**
* @var mixed Sample property 2
* @var int Field with ID of parent key if this field has a parent
*/
public $prop2;
//...
protected $ismultientitymanaged = 1; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
public $table_element_line = 'mymoduleobjectdet';
public $class_element_line = 'MyModuleObjectline';
public $fk_element = 'fk_mymoduleobject';
/**
* @var MyModuleObjectLine[] Lines
//public $fk_element = 'fk_myobject';
/**
* @var int Name of subtable class that manage subtable lines
*/
public $lines = array();
//public $class_element_line = 'MyObjectline';
/**
* @var array Array of child tables (child tables to delete before deleting a record)
*/
//protected $childtables=array('myobjectdet');
/**
* @var MyObjectLine[] Array of subtable lines
*/
//public $lines = array();

2
htdocs/modulebuilder/template/core/modules/modMyModule.class.php
View File

@ -114,6 +114,8 @@ class modMyModule extends DolibarrModules
$this->phpmin = array(5,0); // Minimum version of PHP required by module
$this->need_dolibarr_version = array(3,0); // Minimum version of Dolibarr required by module
$this->langfiles = array("mymodule@mymodule");
$this->warnings_activation = array(); // Warning to show when we activate module. array('always'='text') or array('FR'='textfr','ES'='textes'...)
$this->warnings_activation_ext = array(); // Warning to show when we activate an external module. array('always'='text') or array('FR'='textfr','ES'='textes'...)
// Constants
// List of particular constants to add when module is enabled (key, 'chaine', value, desc, visible, 'current' or 'allentities', deleteonunactive)

0
htdocs/modulebuilder/template/img/myobject_mymodule.png → htdocs/modulebuilder/template/img/object_myobject.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 360 B

After

Width:  |  Height:  |  Size: 360 B

5
htdocs/modulebuilder/template/modulebuilder.txt
View File

@ -1,2 +1,3 @@
File to flag module built using official module template.
When this file is present into a module directory, you can edit it with the module builder tool.
# DO NOT DELETE THIS FILE MANUALLY
# File to flag module built using official module template.
# When this file is present into a module directory, you can edit it with the module builder tool. Use ModuleBuilder if you want to delete module.

42
htdocs/opensurvey/card.php
View File

@ -67,48 +67,48 @@ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'e
if (empty($reshook))
{
if ($cancel) $action='';
// Delete
if ($action == 'delete_confirm')
{
// Security check
if (!$user->rights->opensurvey->write) accessforbidden();
$result=$object->delete($user,'',$numsondage);
header('Location: '.dol_buildpath('/opensurvey/list.php',1));
exit();
}
// Close
if ($action == 'close')
{
$object->status = Opensurveysondage::STATUS_CLOSED;
$object->update($user);
}
// Reopend
if ($action == 'reopen')
{
$object->status = Opensurveysondage::STATUS_VALIDATED;
$object->update($user);
}
// Update
if ($action == 'update')
{
// Security check
if (!$user->rights->opensurvey->write) accessforbidden();
$error=0;
if (! GETPOST('nouveautitre'))
{
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Title")), null, 'errors');
$error++;
$action = 'edit';
}
if (! $error)
{
$object->titre = GETPOST('nouveautitre');
@ -118,7 +118,7 @@ if (empty($reshook))
$object->allow_comments = GETPOST('cancomment') == 'on' ? true : false;
$object->allow_spy = GETPOST('canseeothersvote') == 'on' ? true : false;
$object->mailsonde = GETPOST('mailsonde') == 'on' ? true : false;
$res=$object->update($user);
if ($res < 0)
{
@ -132,7 +132,7 @@ if (empty($reshook))
if (GETPOST('ajoutcomment'))
{
$error=0;
if (! GETPOST('comment'))
{
$error++;
@ -143,33 +143,33 @@ if (empty($reshook))
$error++;
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("User")), null, 'errors');
}
if (! $error)
{
$comment = GETPOST("comment");
$comment_user = GETPOST('commentuser');
$resql = $object->addComment($comment, $comment_user);
if (! $resql)
{
setEventMessages($langs->trans('ErrorInsertingComment'), null, 'errors');
}
}
}
// Delete comment
$idcomment=GETPOST('deletecomment','int');
if ($idcomment)
{
// Security check
if (!$user->rights->opensurvey->write) accessforbidden();
$resql = $object->deleteComment($idcomment);
}
if ($action == 'edit') {
// Security check
if (!$user->rights->opensurvey->write) accessforbidden();
}
@ -307,7 +307,7 @@ print '</td></tr>';
// Expire date
print '<tr><td>'.$langs->trans('ExpireDate').'</td><td colspan="2">';
if ($action == 'edit') print $form->select_date($expiredate?$expiredate:$object->date_fin,'expire',0,0,0,'',1,0,1);
else
else
{
print dol_print_date($object->date_fin,'day');
if ($object->date_fin && $object->date_fin < dol_now()) print img_warning($langs->trans("Expired"));
@ -377,7 +377,7 @@ if ($action != 'edit' && $user->rights->opensurvey->write) {
//Opened button
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?action=reopen&id=' . $numsondage . '">'.$langs->trans("ReOpen") . '</a>';
}
//Delete button
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?suppressionsondage=1&id='.$numsondage.'&amp;action=delete">'.$langs->trans('Delete').'</a>';
}
@ -420,7 +420,7 @@ print '<br>';
// Add comment
if ($object->allow_comments) {
print $langs->trans("AddACommentForPoll") . '<br>';
print '<textarea name="comment" rows="2" cols="80"></textarea><br>'."\n";
print '<textarea name="comment" rows="2" class="quatrevingtpercent"></textarea><br>'."\n";
print $langs->trans("Name") .': <input type="text" size="50" name="commentuser" value="'.$user->getFullName($langs).'"><br>'."\n";
print '<input type="submit" class="button" name="ajoutcomment" value="'.dol_escape_htmltag($langs->trans("AddComment")).'"><br>'."\n";
if (isset($erreur_commentaire_vide) && $erreur_commentaire_vide=="yes") {

2
htdocs/product/ajax/products.php
View File

@ -57,7 +57,7 @@ $warehouseStatus = GETPOST('warehousestatus', 'alpha');
* View
*/
// print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
// print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
dol_syslog(join(',', $_GET));
// print_r($_GET);

2
htdocs/product/class/html.formproduct.class.php
View File

@ -307,7 +307,7 @@ class FormProduct
$return='';
$measuring_units=array();
if ($measuring_style == 'weight') $measuring_units=array(-6=>1,-3=>1,0=>1,3=>1,99=>1);
if ($measuring_style == 'weight') $measuring_units=array(-6=>1,-3=>1,0=>1,3=>1,98=>1,99=>1);
else if ($measuring_style == 'size') $measuring_units=array(-3=>1,-2=>1,-1=>1,0=>1,98=>1,99=>1);
else if ($measuring_style == 'surface') $measuring_units=array(-6=>1,-4=>1,-2=>1,0=>1,98=>1,99=>1);
else if ($measuring_style == 'volume') $measuring_units=array(-9=>1,-6=>1,-3=>1,0=>1,88=>1,89=>1,97=>1,99=>1,/* 98=>1 */); // Liter is not used as already available with dm3

2
htdocs/public/demo/index.php
View File

@ -291,7 +291,7 @@ print '</div>';
print '<div class="demobantext" style="max-width: 1024px;">';
print '<div style="font-size: 20px; padding: 40px;">';
print '<div style="text-align: justify;">'.$langs->trans("DemoDesc").'</div><br>';
print '<font color="#555577"><b>'.$langs->trans("ChooseYourDemoProfil").'</b></font>';
print '<div class="titre"><font style="font-size: 20px">'.$langs->trans("ChooseYourDemoProfil").'</font></div>';
print '</div>';
print '</div>';

6
htdocs/public/opensurvey/studs.php
View File

@ -113,14 +113,14 @@ if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) // bout
}
$nom=substr(GETPOST("nom"),0,64);
// Check if vote already exists
$sql = 'SELECT id_users, nom as name';
$sql.= ' FROM '.MAIN_DB_PREFIX.'opensurvey_user_studs';
$sql.= " WHERE id_sondage='".$db->escape($numsondage)."' AND nom = '".$db->escape($nom)."' ORDER BY id_users";
$resql = $db->query($sql);
if (! $resql) dol_print_error($db);
$num_rows = $db->num_rows($resql);
if ($num_rows > 0)
{
@ -739,7 +739,7 @@ if ($comments)
if ($object->allow_comments) {
print '<div class="addcomment">' .$langs->trans("AddACommentForPoll") . "<br>\n";
print '<textarea name="comment" rows="2" cols="60"></textarea><br>'."\n";
print '<textarea name="comment" rows="'.ROWS_2.'" class="quatrevingtpercent"></textarea><br>'."\n";
print $langs->trans("Name") .': ';
print '<input type="text" name="commentuser" maxlength="64" /> &nbsp; '."\n";
print '<input type="submit" class="button" name="ajoutcomment" value="'.dol_escape_htmltag($langs->trans("AddComment")).'"><br>'."\n";

2
htdocs/public/paybox/paymentko.php
View File

@ -66,7 +66,7 @@ $paymentmethod='paybox';
* View
*/
dol_syslog("Callback url when a PayBox payment was canceled. query_string=".(empty($_SERVER["QUERY_STRING"])?'':$_SERVER["QUERY_STRING"])." script_uri=".(empty($_SERVER["SCRIPT_URI"])?'':$_SERVER["SCRIPT_URI"]), LOG_DEBUG, 0, '_paybox');
dol_syslog("Callback url when a PayBox payment was canceled. query_string=".(dol_escape_htmltag($_SERVER["QUERY_STRING"])?dol_escape_htmltag($_SERVER["QUERY_STRING"]):'')." script_uri=".(dol_escape_htmltag($_SERVER["SCRIPT_URI"])?dol_escape_htmltag($_SERVER["SCRIPT_URI"]):''), LOG_DEBUG, 0, '_paybox');
$tracepost = "";
foreach($_POST as $k => $v) $tracepost .= "{$k} - {$v}\n";

2
htdocs/public/paybox/paymentok.php
View File

@ -76,7 +76,7 @@ $paymentmethod='paybox';
* View
*/
dol_syslog("Callback url when a PayBox payment was done. query_string=".(empty($_SERVER["QUERY_STRING"])?'':$_SERVER["QUERY_STRING"])." script_uri=".(empty($_SERVER["SCRIPT_URI"])?'':$_SERVER["SCRIPT_URI"]), LOG_DEBUG, 0, '_paybox');
dol_syslog("Callback url when a PayBox payment was done. query_string=".(dol_escape_htmltag($_SERVER["QUERY_STRING"])?dol_escape_htmltag($_SERVER["QUERY_STRING"]):'')." script_uri=".(dol_escape_htmltag($_SERVER["SCRIPT_URI"])?dol_escape_htmltag($_SERVER["SCRIPT_URI"]):''), LOG_DEBUG, 0, '_paybox');
$tracepost = "";
foreach($_POST as $k => $v) $tracepost .= "{$k} - {$v}\n";

18
htdocs/public/paypal/paymentko.php
View File

@ -76,7 +76,7 @@ $paymentmethod='paypal';
* View
*/
dol_syslog("Callback url when a PayPal payment was canceled. query_string=".(empty($_SERVER["QUERY_STRING"])?'':$_SERVER["QUERY_STRING"])." script_uri=".(empty($_SERVER["SCRIPT_URI"])?'':$_SERVER["SCRIPT_URI"]), LOG_DEBUG, 0, '_paypal');
dol_syslog("Callback url when a PayPal payment was canceled. query_string=".(dol_escape_htmltag($_SERVER["QUERY_STRING"])?dol_escape_htmltag($_SERVER["QUERY_STRING"]):'')." script_uri=".(dol_escape_htmltag($_SERVER["SCRIPT_URI"])?dol_escape_htmltag($_SERVER["SCRIPT_URI"]):''), LOG_DEBUG, 0, '_paypal');
$tracepost = "";
foreach($_POST as $k => $v) $tracepost .= "{$k} - {$v}\n";
@ -94,23 +94,23 @@ if (! empty($_SESSION['ipaddress'])) // To avoid to make action twice
$FinalPaymentAmt = $_SESSION["Payment_Amount"];
// From env
$ipaddress = $_SESSION['ipaddress'];
// Appel des triggers
include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
$interface=new Interfaces($db);
$result=$interface->run_triggers('PAYPAL_PAYMENT_KO',$object,$user,$langs,$conf);
if ($result < 0) { $error++; $errors=$interface->errors; }
// Fin appel triggers
// Send an email
$sendemail = '';
if (! empty($conf->global->PAYPAL_PAYONLINE_SENDEMAIL)) $sendemail=$conf->global->PAYPAL_PAYONLINE_SENDEMAIL;
if ($sendemail)
{
$sendto=$sendemail;
$from=$conf->global->MAILING_EMAIL_FROM;
// Define link to login card
$appli=constant('DOL_APPLICATION_TITLE');
if (! empty($conf->global->MAIN_APPLICATION_TITLE))
@ -123,7 +123,7 @@ if (! empty($_SESSION['ipaddress'])) // To avoid to make action twice
else $appli.=" ".DOL_VERSION;
}
else $appli.=" ".DOL_VERSION;
$urlback=$_SERVER["REQUEST_URI"];
$topic='['.$appli.'] '.$langs->transnoentitiesnoconv("NewOnlinePaymentFailed");
$content="";
@ -133,10 +133,10 @@ if (! empty($_SESSION['ipaddress'])) // To avoid to make action twice
$content.=$langs->transnoentitiesnoconv("OnlinePaymentSystem").': '.$paymentmethod."<br>\n";
$content.=$langs->transnoentitiesnoconv("ReturnURLAfterPayment").': '.$urlback."\n";
$content.="tag=".$fulltag."\ntoken=".$onlinetoken." paymentType=".$paymentType." currencycodeType=".$currencyCodeType." payerId=".$payerID." ipaddress=".$ipaddress." FinalPaymentAmt=".$FinalPaymentAmt;
require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
$mailfile = new CMailFile($topic, $sendto, $from, $content);
$result=$mailfile->sendfile();
if ($result)
{
@ -147,7 +147,7 @@ if (! empty($_SESSION['ipaddress'])) // To avoid to make action twice
dol_syslog("Failed to send EMail to ".$sendto, LOG_ERR, 0, '_paypal');
}
}
unset($_SESSION['ipaddress']);
}

2
htdocs/public/paypal/paymentok.php
View File

@ -106,7 +106,7 @@ $paymentmethod='paypal';
* View
*/
dol_syslog("Callback url when a PayPal payment was done. query_string=".(empty($_SERVER["QUERY_STRING"])?'':$_SERVER["QUERY_STRING"])." script_uri=".(empty($_SERVER["SCRIPT_URI"])?'':$_SERVER["SCRIPT_URI"]), LOG_DEBUG, 0, '_paypal');
dol_syslog("Callback url when a PayPal payment was done. query_string=".(dol_escape_htmltag($_SERVER["QUERY_STRING"])?dol_escape_htmltag($_SERVER["QUERY_STRING"]):'')." script_uri=".(dol_escape_htmltag($_SERVER["SCRIPT_URI"])?dol_escape_htmltag($_SERVER["SCRIPT_URI"]):''), LOG_DEBUG, 0, '_paypal');
$tracepost = "";
foreach($_POST as $k => $v) $tracepost .= "{$k} - {$v}\n";

4
htdocs/societe/ajax/company.php
View File

@ -43,7 +43,7 @@ $id=GETPOST('id', 'int');
* View
*/
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
dol_syslog(join(',', $_GET));
//print_r($_GET);
@ -62,7 +62,7 @@ if (! empty($action) && $action == 'fetch' && ! empty($id))
$outlabel = '';
$outdesc = '';
$outtype = $object->type;
$outjson = array('ref' => $outref,'name' => $outname,'desc' => $outdesc,'type' => $outtype);
}

2
htdocs/societe/ajaxcompanies.php
View File

@ -44,7 +44,7 @@ require '../main.inc.php';
//top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header.
top_httphead();
//print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
dol_syslog(join(',',$_GET));

2
htdocs/societe/ajaxcountries.php
View File

@ -45,7 +45,7 @@ $country=GETPOST('country', 'alpha');
//top_htmlhead("", "", 1); // Replaced with top_httphead. An ajax page does not need html header.
top_httphead();
print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
dol_syslog(join(',',$_POST));

1
htdocs/theme/md/style.css.php
View File

@ -2528,7 +2528,6 @@ div.pagination li.noborder a:hover {
div.pagination li a,
div.pagination li span {
background-color: #fff;
border: 1px solid #ddd;
}
div.pagination li:first-child a,
div.pagination li:first-child span {

43
htdocs/user/card.php
View File

@ -1659,13 +1659,11 @@ else
}
if ($action == 'presend')
{
/*
* Affiche formulaire mail
*/
// Show email form
// By default if $action=='presend'
$titreform='SendMail';
$topicmail='';
$topicmail=1;
$action='send';
$modelmail='user';
@ -1680,9 +1678,8 @@ else
$newlang = '';
if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id']))
$newlang = $_REQUEST['lang_id'];
if ($conf->global->MAIN_MULTILANGS && empty($newlang))
$newlang = $object->default_lang;
//if ($conf->global->MAIN_MULTILANGS && empty($newlang))
// $newlang = $object->thirdparty->default_lang;
// Cree l'objet formulaire mail
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
@ -1701,7 +1698,7 @@ else
$formmail->frommail=dolAddEmailTrackId($formmail->frommail, 'thi'.$object->id);
}
$formmail->withfrom=1;
$formmail->withtopic=1;
$formmail->withtopic=$topicmail;
$formmail->withto=GETPOST('sendto')?GETPOST('sendto'):$object->email;
$formmail->withtofree=1;
$formmail->withtocc=1;
@ -1711,37 +1708,9 @@ else
$formmail->withdeliveryreceipt=1;
$formmail->withcancel=1;
// Tableau des substitutions
//$formmail->setSubstitFromObject($object);
$formmail->setSubstitFromObject($object);
$formmail->substit['__LASTNAME__']=$object->lastname;
$formmail->substit['__FIRSTNAME__']=$object->firstname;
$formmail->substit['__SIGNATURE__']=$user->signature;
$formmail->substit['__PERSONALIZED__']='';
//Find the good contact adress
/*
$custcontact='';
$contactarr=array();
$contactarr=$object->liste_contact(-1,'external');
if (is_array($contactarr) && count($contactarr)>0)
{
foreach($contactarr as $contact)
{
if ($contact['libelle']==$langs->trans('TypeContact_facture_external_BILLING')) {
require_once DOL_DOCUMENT_ROOT . '/contact/class/contact.class.php';
$contactstatic=new Contact($db);
$contactstatic->fetch($contact['id']);
$custcontact=$contactstatic->getFullName($langs,1);
}
}
if (!empty($custcontact)) {
$formmail->substit['__CONTACTCIVNAME__']=$custcontact;
}
}*/
// Tableau des parametres complementaires du post
$formmail->param['action']=$action;

2
htdocs/user/group/index.php
View File

@ -203,7 +203,7 @@ if ($resql)
print '</div>';
print "</form>\n";
$db->free();
$db->free($resql);
}
else
{

Some files were not shown because too many files have changed in this diff Show More