From 9b10de3a8c9847704cdeead048b31725372e4d35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sat, 31 Oct 2020 09:22:02 +0100 Subject: [PATCH 1/9] Update api_boms.class.php public function update(User $user, $notrigger = false) --- htdocs/bom/class/api_boms.class.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/htdocs/bom/class/api_boms.class.php b/htdocs/bom/class/api_boms.class.php index 3509d8195d0..d0e2e12ec0c 100644 --- a/htdocs/bom/class/api_boms.class.php +++ b/htdocs/bom/class/api_boms.class.php @@ -1,6 +1,7 @@ * Copyright (C) 2019 Maxime Kohlhaas + * Copyright (C) 2020 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -131,8 +132,7 @@ class Boms extends DolibarrApi } if ($sqlfilters) { - if (!DolibarrApi::_checkFilters($sqlfilters)) - { + if (!DolibarrApi::_checkFilters($sqlfilters)) { throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); } $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; @@ -224,8 +224,7 @@ class Boms extends DolibarrApi $this->bom->$field = $value; } - if ($this->bom->update($id, DolibarrApiAccess::$user) > 0) - { + if ($this->bom->update(DolibarrApiAccess::$user) > 0) { return $this->get($id); } else { throw new RestException(500, $this->bom->error); From f1beca047168fe748597a7a67d97780d9850fa23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sat, 31 Oct 2020 09:27:58 +0100 Subject: [PATCH 2/9] fix undefined variable --- htdocs/contrat/class/api_contracts.class.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/contrat/class/api_contracts.class.php b/htdocs/contrat/class/api_contracts.class.php index 910ca3b621f..3e9cfb908d8 100644 --- a/htdocs/contrat/class/api_contracts.class.php +++ b/htdocs/contrat/class/api_contracts.class.php @@ -1,7 +1,7 @@ - * Copyright (C) 2016 Laurent Destailleur - * Copyright (C) 2018 Frédéric France +/* Copyright (C) 2015 Jean-François Ferry + * Copyright (C) 2016 Laurent Destailleur + * Copyright (C) 2018-2020 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -416,7 +416,7 @@ class Contracts extends DolibarrApi throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login); } - $request_data = (object) $request_data; + // $request_data = (object) $request_data; $updateRes = $this->contract->close_line(DolibarrApiAccess::$user, $lineid, $datestart, $comment); From c6433ef58b225b815b10d2bf98f9a10b8033b1f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sat, 31 Oct 2020 09:32:00 +0100 Subject: [PATCH 3/9] fix undefined variable --- htdocs/expensereport/class/api_expensereports.class.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/expensereport/class/api_expensereports.class.php b/htdocs/expensereport/class/api_expensereports.class.php index f18f6614ce4..a294799a959 100644 --- a/htdocs/expensereport/class/api_expensereports.class.php +++ b/htdocs/expensereport/class/api_expensereports.class.php @@ -1,6 +1,7 @@ * Copyright (C) 2016 Laurent Destailleur + * Copyright (C) 2020 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -111,8 +112,7 @@ class ExpenseReports extends DolibarrApi // Add sql filters if ($sqlfilters) { - if (!DolibarrApi::_checkFilters($sqlfilters)) - { + if (!DolibarrApi::_checkFilters($sqlfilters)) { throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters); } $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)'; @@ -121,8 +121,7 @@ class ExpenseReports extends DolibarrApi $sql .= $this->db->order($sortfield, $sortorder); if ($limit) { - if ($page < 0) - { + if ($page < 0) { $page = 0; } $offset = $limit * $page; @@ -136,6 +135,7 @@ class ExpenseReports extends DolibarrApi { $num = $this->db->num_rows($result); $min = min($num, ($limit <= 0 ? $num : $limit)); + $i = 0; while ($i < $min) { $obj = $this->db->fetch_object($result); From 21a933f15c87112da67c81f70188001d2b7e0c63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sat, 31 Oct 2020 09:37:56 +0100 Subject: [PATCH 4/9] fix undefined variable --- htdocs/fourn/class/api_supplier_orders.class.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/fourn/class/api_supplier_orders.class.php b/htdocs/fourn/class/api_supplier_orders.class.php index f1f9563cce3..386d67ff7c7 100644 --- a/htdocs/fourn/class/api_supplier_orders.class.php +++ b/htdocs/fourn/class/api_supplier_orders.class.php @@ -108,18 +108,18 @@ class SupplierOrders extends DolibarrApi // If the internal user must only see his customers, force searching by him $search_sale = 0; - if (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) $search_sale = DolibarrApiAccess::$user->id; + if (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) $search_sale = DolibarrApiAccess::$user->id; $sql = "SELECT t.rowid"; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) + if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as t"; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale + if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale if (!empty($product_ids)) $sql .= ", ".MAIN_DB_PREFIX."commande_fournisseurdet as cd"; // We need this table joined to the select in order to filter by product $sql .= ' WHERE t.entity IN ('.getEntity('supplier_order').')'; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) $sql .= " AND t.fk_soc = sc.fk_soc"; + if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql .= " AND t.fk_soc = sc.fk_soc"; if (!empty($product_ids)) $sql .= " AND cd.fk_commande = t.rowid AND cd.fk_product IN (".$product_ids.")"; if ($socids) $sql .= " AND t.fk_soc IN (".$socids.")"; if ($search_sale > 0) $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale From a64e676dad0472f5f5eb72c702da8ef453f566e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Sat, 31 Oct 2020 09:40:15 +0100 Subject: [PATCH 5/9] fix undefined variable --- htdocs/projet/class/api_projects.class.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/htdocs/projet/class/api_projects.class.php b/htdocs/projet/class/api_projects.class.php index f060f56e615..a0875ee2001 100644 --- a/htdocs/projet/class/api_projects.class.php +++ b/htdocs/projet/class/api_projects.class.php @@ -146,8 +146,7 @@ class Projects extends DolibarrApi $sql .= $this->db->order($sortfield, $sortorder); if ($limit) { - if ($page < 0) - { + if ($page < 0) { $page = 0; } $offset = $limit * $page; @@ -162,8 +161,8 @@ class Projects extends DolibarrApi { $num = $this->db->num_rows($result); $min = min($num, ($limit <= 0 ? $num : $limit)); - while ($i < $min) - { + $i = 0; + while ($i < $min) { $obj = $this->db->fetch_object($result); $project_static = new Project($this->db); if ($project_static->fetch($obj->rowid)) { From fcb3245295d197cddae00093dd5e21522772db9b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 31 Oct 2020 12:11:41 +0100 Subject: [PATCH 6/9] Fix for #15016 --- htdocs/core/actions_linkedfiles.inc.php | 10 +++++++--- htdocs/core/lib/files.lib.php | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/htdocs/core/actions_linkedfiles.inc.php b/htdocs/core/actions_linkedfiles.inc.php index 75633c75585..3a8e37a6c2b 100644 --- a/htdocs/core/actions_linkedfiles.inc.php +++ b/htdocs/core/actions_linkedfiles.inc.php @@ -99,7 +99,8 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes') $ret = dol_delete_file($file, 0, 0, 0, (is_object($object) ? $object : null)); if (!empty($fileold)) dol_delete_file($fileold, 0, 0, 0, (is_object($object) ? $object : null)); // Delete file using old path - // Si elle existe, on efface la vignette + // If it exists, remove thumb. + $regs = array(); if (preg_match('/(\.jpg|\.jpeg|\.bmp|\.gif|\.png|\.tiff)$/i', $file, $regs)) { $photo_vignette = basename(preg_replace('/'.$regs[0].'/i', '', $file).'_small'.$regs[0]); @@ -120,8 +121,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes') } else { setEventMessages($langs->trans("ErrorFailToDeleteFile", $urlfile), null, 'errors'); } - } elseif ($linkid) // delete of external link - { + } elseif ($linkid) { // delete of external link require_once DOL_DOCUMENT_ROOT.'/core/class/link.class.php'; $link = new Link($db); $link->fetch($linkid); @@ -179,6 +179,10 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes') $filenamefrom = dol_sanitizeFileName(GETPOST('renamefilefrom', 'alpha'), '_', 0); // Do not remove accents $filenameto = dol_sanitizeFileName(GETPOST('renamefileto', 'alpha'), '_', 0); // Do not remove accents + // We apply dol_string_nohtmltag also to clean file names (this remove duplicate spaces) because + // this function is also applied when we upload and when we make try to download file (by the GETPOST(filename, 'alphanohtml') call). + $filenameto = dol_string_nohtmltag($filenameto); + if ($filenamefrom != $filenameto) { // Security: diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 1e0d298bb69..1ffb9121d8e 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1562,7 +1562,7 @@ function dol_add_file_process($upload_dir, $allowoverwrite = 0, $donotupdatesess $destfile = dol_sanitizeFileName($info['filename'].($info['extension'] != '' ? ('.'.strtolower($info['extension'])) : '')); // We apply dol_string_nohtmltag also to clean file names (this remove duplicate spaces) because - // this function is also applied when we make try to download file (by the GETPOST(filename, 'alphanohtml') call). + // this function is also applied when we rename and when we make try to download file (by the GETPOST(filename, 'alphanohtml') call). $destfile = dol_string_nohtmltag($destfile); $destfull = dol_string_nohtmltag($destfull); From df7218b6a47636b873e0ddcb33a37e66f7d5c4b3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 31 Oct 2020 12:39:14 +0100 Subject: [PATCH 7/9] Fix for multicompany --- htdocs/categories/class/categorie.class.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index 086e14b27d0..d37bdfed04d 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -1415,11 +1415,12 @@ class Categorie extends CommonObject if (is_numeric($type)) $type = Categorie::$MAP_ID_TO_CODE[$type]; - if ($type === Categorie::TYPE_BANK_LINE) { // TODO Remove this with standard category code - // Load bank groups + if ($type === Categorie::TYPE_BANK_LINE) { // TODO Remove this with standard category code after migration of llx_bank_categ into llx_categorie + // Load bank categories $sql = "SELECT c.label, c.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."bank_class as a, ".MAIN_DB_PREFIX."bank_categ as c"; $sql .= " WHERE a.lineid=".$id." AND a.fk_categ = c.rowid"; + $sql .= " AND c.entity IN (".getEntity('category').")"; $sql .= " ORDER BY c.label"; $res = $this->db->query($sql); From 8d6fa350b983436d28fdc9bbb235e32aa88185f5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 31 Oct 2020 12:41:26 +0100 Subject: [PATCH 8/9] Clean code --- htdocs/admin/fckeditor.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/admin/fckeditor.php b/htdocs/admin/fckeditor.php index 4c1e495939a..22f0be20bd5 100644 --- a/htdocs/admin/fckeditor.php +++ b/htdocs/admin/fckeditor.php @@ -216,9 +216,8 @@ if (empty($conf->use_javascript_ajax)) print ''."\n"; // Add env of ckeditor - // This is to show how CKEditor detect browser to understand why editor is disabled or not - if (1 == 2) // Change this to enable output - { + // This is to show how CKEditor detect browser to understand why editor is disabled or not. To help debug. + /* print '
'; } + */ } // End of page From cea61d3b52adfa6d47dc9b5f48673fdadec021cd Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 31 Oct 2020 12:44:14 +0100 Subject: [PATCH 9/9] Fix var --- htdocs/core/class/emailsenderprofile.class.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/htdocs/core/class/emailsenderprofile.class.php b/htdocs/core/class/emailsenderprofile.class.php index 7cf18ae4801..2eaf5f744bd 100644 --- a/htdocs/core/class/emailsenderprofile.class.php +++ b/htdocs/core/class/emailsenderprofile.class.php @@ -127,8 +127,7 @@ class EmailSenderProfile extends CommonObject public $tms; - //public $fk_user_creat; - //public $fk_user_modif; + public $private; public $signature; public $position; public $active;