lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' into PreselectThirpartyOnNewFromList

Browse Source
This commit is contained in:
Tobias Sekan 2020-09-23 09:09:42 +02:00 committed by GitHub
commit a72519f353
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
437 changed files with 3444 additions and 2192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
htdocs/accountancy/admin/account.php
View File

@ -54,7 +54,7 @@ if (!$user->rights->accounting->chartofaccount) accessforbidden();
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1
@ -230,8 +230,8 @@ if (strlen(trim($search_account))) {
$search_account_tmp_clean = preg_replace('/^\^/', '', $search_account_tmp);
$search_account_clean = preg_replace('/^\^/', '', $search_account);
}
$sql .= " AND (aa.account_number LIKE '".$startchar.$search_account_tmp_clean."'";
$sql .= " OR aa.account_number LIKE '".$startchar.$search_account_clean."%')";
$sql .= " AND (aa.account_number LIKE '".$db->escape($startchar.$search_account_tmp_clean)."'";
$sql .= " OR aa.account_number LIKE '".$db->escape($startchar.$search_account_clean)."%')";
} else $sql .= natural_search("aa.account_number", $search_account_tmp);
}
}
@ -264,14 +264,14 @@ if ($resql)
$num = $db->num_rows($resql);
$param = '';
if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param .= '&contextpage='.$contextpage;
if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.$limit;
if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param .= '&contextpage='.urlencode($contextpage);
if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.urlencode($limit);
if ($search_account) $param .= '&search_account='.urlencode($search_account);
if ($search_label) $param .= '&search_label='.urlencode($search_label);
if ($search_labelshort) $param .= '&search_labelshort='.urlencode($search_labelshort);
if ($search_accountparent > 0 || $search_accountparent == '0') $param .= '&search_accountparent='.urlencode($search_accountparent);
if ($search_pcgtype) $param .= '&search_pcgtype='.urlencode($search_pcgtype);
if ($optioncss != '') $param .= '&optioncss='.$optioncss;
if ($optioncss != '') $param .= '&optioncss='.urlencode($optioncss);
if (!empty($conf->use_javascript_ajax))
{

20
htdocs/accountancy/admin/accountmodel.php
View File

@ -280,7 +280,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha'))
else $sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'";
$i++;
}
$sql .= " WHERE ".$rowidcol." = '".$rowid."'";
$sql .= " WHERE ".$rowidcol." = ".((int) $rowid);
dol_syslog("actionmodify", LOG_DEBUG);
//print $sql;
@ -302,7 +302,7 @@ if ($action == 'confirm_delete' && $confirm == 'yes') // delete
{
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
$sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol."='".$rowid."'";
$sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol." = ".((int) $rowid);
dol_syslog("delete", LOG_DEBUG);
$result = $db->query($sql);
@ -323,9 +323,9 @@ if ($action == $acts[0])
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol."='".$rowid."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol." = ".((int) $rowid);
} elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code='".$code."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code='".$db->escape($code)."'";
}
$result = $db->query($sql);
@ -341,9 +341,9 @@ if ($action == $acts[1])
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol."='".$rowid."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol." = ".((int) $rowid);
} elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code='".$code."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code='".$db->escape($code)."'";
}
$result = $db->query($sql);
@ -359,9 +359,9 @@ if ($action == 'activate_favorite')
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE ".$rowidcol."='".$rowid."'";
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE ".$rowidcol." = ".((int) $rowid);
} elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE code='".$code."'";
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE code='".$db->escape($code)."'";
}
$result = $db->query($sql);
@ -377,9 +377,9 @@ if ($action == 'disable_favorite')
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE ".$rowidcol."='".$rowid."'";
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE ".$rowidcol." = ".((int) $rowid);
} elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE code='".$code."'";
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE code='".$db->escape($code)."'";
}
$result = $db->query($sql);

12
htdocs/accountancy/admin/categories_list.php
View File

@ -271,7 +271,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha'))
else $sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'";
$i++;
}
$sql .= " WHERE ".$rowidcol." = '".$rowid."'";
$sql .= " WHERE ".$rowidcol." = ".((int) $rowid);
dol_syslog("actionmodify", LOG_DEBUG);
//print $sql;
@ -293,7 +293,7 @@ if ($action == 'confirm_delete' && $confirm == 'yes') // delete
{
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
$sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol." = '".$db->escape($rowid)."'";
$sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol." = ".((int) $rowid);
dol_syslog("delete", LOG_DEBUG);
$result = $db->query($sql);
@ -314,7 +314,7 @@ if ($action == $acts[0])
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol." = '".$db->escape($rowid)."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol." = ".((int) $rowid);
} elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code = '".$db->escape($code)."'";
}
@ -332,7 +332,7 @@ if ($action == $acts[1])
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol." = '".$db->escape($rowid)."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol." = ".((int) $rowid);
} elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code = '".$db->escape($code)."'";
}
@ -350,7 +350,7 @@ if ($action == 'activate_favorite')
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE ".$rowidcol." = '".$db->escape($rowid)."'";
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE ".$rowidcol." = ".((int) $rowid);
} elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 1 WHERE code = '".$db->escape($code)."'";
}
@ -368,7 +368,7 @@ if ($action == 'disable_favorite')
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE ".$rowidcol." = '".$db->escape($rowid)."'";
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE ".$rowidcol." = ".((int) $rowid);
} elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET favorite = 0 WHERE code = '".$db->escape($code)."'";
}

2
htdocs/accountancy/admin/fiscalyear.php
View File

@ -29,7 +29,7 @@ $action = GETPOST('action', 'aZ09');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1

12
htdocs/accountancy/admin/journals_list.php
View File

@ -274,7 +274,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha'))
else $sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'";
$i++;
}
$sql .= " WHERE ".$rowidcol." = '".$rowid."'";
$sql .= " WHERE ".$rowidcol." = ".((int) $rowid);
$sql .= " AND entity = ".$conf->entity;
dol_syslog("actionmodify", LOG_DEBUG);
@ -297,7 +297,7 @@ if ($action == 'confirm_delete' && $confirm == 'yes') // delete
{
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
$sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol."='".$rowid."'";
$sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol." = ".((int) $rowid);
$sql .= " AND entity = ".$conf->entity;
dol_syslog("delete", LOG_DEBUG);
@ -319,9 +319,9 @@ if ($action == $acts[0])
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol."='".$rowid."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol." = ".((int) $rowid);
} elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code='".$code."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE code='".$db->escape($code)."'";
}
$sql .= " AND entity = ".$conf->entity;
@ -338,9 +338,9 @@ if ($action == $acts[1])
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol."='".$rowid."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol." = ".((int) $rowid);
} elseif ($code) {
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code='".$code."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE code='".$db->escape($code)."'";
}
$sql .= " AND entity = ".$conf->entity;

14
htdocs/accountancy/admin/productaccount.php
View File

@ -176,7 +176,7 @@ if ($action == 'update') {
if ($accounting_product_mode == 'ACCOUNTANCY_SELL_EXPORT') {
$sql .= " SET accountancy_code_sell_export = ".$accounting->account_number;
}
$sql .= " WHERE rowid = ".$productid;
$sql .= " WHERE rowid = ".((int) $productid);
dol_syslog("/accountancy/admin/productaccount.php sql=".$sql, LOG_DEBUG);
if ($db->query($sql))
@ -251,21 +251,21 @@ $sql .= " aa.rowid as aaid";
$sql .= " FROM ".MAIN_DB_PREFIX."product as p";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON";
if ($accounting_product_mode == 'ACCOUNTANCY_BUY') {
$sql .= " p.accountancy_code_buy = aa.account_number AND aa.fk_pcg_version = '".$pcgvercode."'";
$sql .= " p.accountancy_code_buy = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY_INTRA')
{
$sql .= " p.accountancy_code_buy_intra = aa.account_number AND aa.fk_pcg_version = '".$pcgvercode."'";
$sql .= " p.accountancy_code_buy_intra = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
} elseif ($accounting_product_mode == 'ACCOUNTANCY_BUY_EXPORT')
{
$sql .= " p.accountancy_code_buy_export = aa.account_number AND aa.fk_pcg_version = '".$pcgvercode."'";
$sql .= " p.accountancy_code_buy_export = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
} elseif ($accounting_product_mode == 'ACCOUNTANCY_SELL')
{
$sql .= " p.accountancy_code_sell = aa.account_number AND aa.fk_pcg_version = '".$pcgvercode."'";
$sql .= " p.accountancy_code_sell = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
} elseif ($accounting_product_mode == 'ACCOUNTANCY_SELL_INTRA')
{
$sql .= " p.accountancy_code_sell_intra = aa.account_number AND aa.fk_pcg_version = '".$pcgvercode."'";
$sql .= " p.accountancy_code_sell_intra = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
} else {
$sql .= " p.accountancy_code_sell_export = aa.account_number AND aa.fk_pcg_version = '".$pcgvercode."'";
$sql .= " p.accountancy_code_sell_export = aa.account_number AND aa.fk_pcg_version = '".$db->escape($pcgvercode)."'";
}
$sql .= ' WHERE p.entity IN ('.getEntity('product').')';
if ($accounting_product_mode == 'ACCOUNTANCY_BUY') {

2
htdocs/accountancy/bookkeeping/balance.php
View File

@ -46,7 +46,7 @@ $action = GETPOST('action', 'aZ09');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action

2
htdocs/accountancy/bookkeeping/list.php
View File

@ -91,7 +91,7 @@ $search_not_reconciled = GETPOST('search_reconciled_option', 'alpha');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION);
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page < 0) { $page = 0; }

2
htdocs/accountancy/bookkeeping/listbyaccount.php
View File

@ -68,7 +68,7 @@ if (GETPOST("button_delmvt_x") || GETPOST("button_delmvt.x") || GETPOST("button_
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION);
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page < 0) { $page = 0; }

2
htdocs/accountancy/bookkeeping/thirdparty_lettering_customer.php
View File

@ -147,7 +147,7 @@ $sql = "SELECT bk.rowid, bk.doc_date, bk.doc_type, bk.doc_ref, ";
$sql .= " bk.subledger_account, bk.numero_compte , bk.label_compte, bk.debit, ";
$sql .= " bk.credit, bk.montant , bk.sens , bk.code_journal , bk.piece_num, bk.lettering_code ";
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as bk";
$sql .= " WHERE (bk.subledger_account = '".$object->code_compta."' AND bk.numero_compte = '".$conf->global->ACCOUNTING_ACCOUNT_CUSTOMER."' )";
$sql .= " WHERE (bk.subledger_account = '".$db->escape($object->code_compta)."' AND bk.numero_compte = '".$db->escape($conf->global->ACCOUNTING_ACCOUNT_CUSTOMER)."' )";
/*
if (dol_strlen($search_date_start) || dol_strlen($search_date_end)) {

2
htdocs/accountancy/bookkeeping/thirdparty_lettering_supplier.php
View File

@ -146,7 +146,7 @@ $sql = "SELECT bk.rowid, bk.doc_date, bk.doc_type, bk.doc_ref, ";
$sql .= " bk.subledger_account, bk.numero_compte , bk.label_compte, bk.debit, ";
$sql .= " bk.credit, bk.montant , bk.sens , bk.code_journal , bk.piece_num, bk.lettering_code, bk.date_validated ";
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as bk";
$sql .= " WHERE (bk.subledger_account = '".$object->code_compta_fournisseur."' AND bk.numero_compte = '".$conf->global->ACCOUNTING_ACCOUNT_SUPPLIER."' )";
$sql .= " WHERE (bk.subledger_account = '".$db->escape($object->code_compta_fournisseur)."' AND bk.numero_compte = '".$db->escape($conf->global->ACCOUNTING_ACCOUNT_SUPPLIER)."' )";
if (dol_strlen($search_date_start) || dol_strlen($search_date_end)) {
$sql .= " AND (bk.doc_date BETWEEN '".$db->idate($search_date_start)."' AND '".$db->idate($search_date_end)."' )";
}

3
htdocs/accountancy/class/accountancyexport.class.php
View File

@ -1160,7 +1160,8 @@ class AccountancyExport
// TYPE C
if ($last_codeinvoice != $line->doc_ref) {
//recherche societe en fonction de son code client
$sql = "SELECT code_client, fk_forme_juridique, nom, address, zip, town, fk_pays, phone, siret FROM ".MAIN_DB_PREFIX."societe WHERE code_client = '".$line->thirdparty_code."'";
$sql = "SELECT code_client, fk_forme_juridique, nom, address, zip, town, fk_pays, phone, siret FROM ".MAIN_DB_PREFIX."societe";
$sql .= " WHERE code_client = '".$this->db->escape($line->thirdparty_code)."'";
$resql = $this->db->query($sql);
if ($resql && $this->db->num_rows($resql) > 0)

2
htdocs/accountancy/class/accountancysystem.class.php
View File

@ -101,7 +101,7 @@ class AccountancySystem
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_system as a";
$sql .= " WHERE";
if ($rowid) {
$sql .= " a.rowid = '".$rowid."'";
$sql .= " a.rowid = ".((int) $rowid);
} elseif ($ref) {
$sql .= " a.pcg_version = '".$this->db->escape($ref)."'";
}

2
htdocs/accountancy/class/accountingjournal.class.php
View File

@ -108,7 +108,7 @@ class AccountingJournal extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_journal";
$sql .= " WHERE";
if ($rowid) {
$sql .= " rowid = ".(int) $rowid;
$sql .= " rowid = ".((int) $rowid);
} elseif ($journal_code)
{
$sql .= " code = '".$this->db->escape($journal_code)."'";

16
htdocs/accountancy/class/bookkeeping.class.php
View File

@ -1755,14 +1755,14 @@ class BookKeeping extends CommonObject
$sql .= ' doc_ref, fk_doc, fk_docdet, entity, thirdparty_code, subledger_account, subledger_label,';
$sql .= ' numero_compte, label_compte, label_operation, debit, credit,';
$sql .= ' montant, sens, fk_user_author, import_key, code_journal, journal_label, '.$next_piecenum.", '".$this->db->idate($now)."'";
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.'_tmp WHERE piece_num = '.$this->db->escape($piece_num);
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.'_tmp WHERE piece_num = '.((int) $piece_num);
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
$this->errors[] = 'Error '.$this->db->lasterror();
dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR);
}
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.'_tmp WHERE piece_num = '.$this->db->escape($piece_num);
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.'_tmp WHERE piece_num = '.((int) $piece_num);
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
@ -1770,7 +1770,7 @@ class BookKeeping extends CommonObject
dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR);
}
} elseif ($direction == 1) {
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.'_tmp WHERE piece_num = '.$piece_num;
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.'_tmp WHERE piece_num = '.((int) $piece_num);
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
@ -1785,14 +1785,14 @@ class BookKeeping extends CommonObject
$sql .= ' doc_ref, fk_doc, fk_docdet, thirdparty_code, subledger_account, subledger_label,';
$sql .= ' numero_compte, label_compte, label_operation, debit, credit,';
$sql .= ' montant, sens, fk_user_author, import_key, code_journal, journal_label, piece_num';
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' WHERE piece_num = '.$piece_num;
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' WHERE piece_num = '.((int) $piece_num);
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
$this->errors[] = 'Error '.$this->db->lasterror();
dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR);
}
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.'_tmp WHERE piece_num = '.$piece_num;
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element.'_tmp WHERE piece_num = '.((int) $piece_num);
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
@ -1910,7 +1910,7 @@ class BookKeeping extends CommonObject
$sql .= " AND asy.rowid = ".$pcgver;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as parent ON aa.account_parent = parent.rowid";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as root ON parent.account_parent = root.rowid";
$sql .= " WHERE aa.account_number = '".$account."'";
$sql .= " WHERE aa.account_number = '".$this->db->escape($account)."'";
$sql .= " AND parent.active = 1";
$sql .= " AND root.active = 1";
$sql .= " AND aa.entity IN (".getEntity('accountancy').")";
@ -1948,8 +1948,8 @@ class BookKeeping extends CommonObject
$sql = "SELECT aa.account_number, aa.label, aa.rowid, aa.fk_pcg_version, cat.label as category";
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as aa ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
$sql .= " AND aa.account_number = '".$account."'";
$sql .= " AND asy.rowid = ".$pcgver;
$sql .= " AND aa.account_number = '".$this->db->escape($account)."'";
$sql .= " AND asy.rowid = ".((int) $pcgver);
$sql .= " AND aa.active = 1";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_accounting_category as cat ON aa.fk_accounting_category = cat.rowid";
$sql .= " WHERE aa.entity IN (".getEntity('accountancy').")";

34
htdocs/accountancy/class/lettering.class.php
View File

@ -68,11 +68,11 @@ class Lettering extends BookKeeping
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_url as bu ON(bk.fk_doc = bu.fk_bank AND bu.type IN ('payment', 'payment_supplier') ) ";
$sql .= " WHERE ( ";
if ($object->code_compta != "")
$sql .= " bk.subledger_account = '".$object->code_compta."' ";
$sql .= " bk.subledger_account = '".$this->db->escape($object->code_compta)."' ";
if ($object->code_compta != "" && $object->code_compta_fournisseur != "")
$sql .= " OR ";
if ($object->code_compta_fournisseur != "")
$sql .= " bk.subledger_account = '".$object->code_compta_fournisseur."' ";
$sql .= " bk.subledger_account = '".$this->db->escape($object->code_compta_fournisseur)."' ";
$sql .= " ) AND (bk.date_lettering ='' OR bk.date_lettering IS NULL) ";
$sql .= " AND (bk.lettering_code != '' OR bk.lettering_code IS NULL) ";
@ -95,19 +95,19 @@ class Lettering extends BookKeeping
$sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn facf ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."paiementfourn_facturefourn as payfacf ON payfacf.fk_facturefourn=facf.rowid";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."paiementfourn as payf ON payfacf.fk_paiementfourn=payf.rowid";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON (bk.fk_doc = payf.fk_bank AND bk.code_journal='".$obj->code_journal."')";
$sql .= " WHERE payfacf.fk_paiementfourn = '".$obj->url_id."' ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON (bk.fk_doc = payf.fk_bank AND bk.code_journal='".$this->db->escape($obj->code_journal)."')";
$sql .= " WHERE payfacf.fk_paiementfourn = '".$this->db->escape($obj->url_id)."' ";
$sql .= " AND facf.entity = ".$conf->entity;
$sql .= " AND code_journal IN (SELECT code FROM ".MAIN_DB_PREFIX."accounting_journal WHERE nature=4 AND entity=".$conf->entity.") ";
$sql .= " AND ( ";
if ($object->code_compta != "") {
$sql .= " bk.subledger_account = '".$object->code_compta."' ";
$sql .= " bk.subledger_account = '".$this->db->escape($object->code_compta)."' ";
}
if ($object->code_compta != "" && $object->code_compta_fournisseur != "") {
$sql .= " OR ";
}
if ($object->code_compta_fournisseur != "") {
$sql .= " bk.subledger_account = '".$object->code_compta_fournisseur."' ";
$sql .= " bk.subledger_account = '".$this->db->escape($object->code_compta_fournisseur)."' ";
}
$sql .= " ) ";
@ -129,13 +129,13 @@ class Lettering extends BookKeeping
$sql .= " AND facf.entity = ".$conf->entity;
$sql .= " AND ( ";
if ($object->code_compta != "") {
$sql .= " bk.subledger_account = '".$object->code_compta."' ";
$sql .= " bk.subledger_account = '".$this->db->escape($object->code_compta)."' ";
}
if ($object->code_compta != "" && $object->code_compta_fournisseur != "") {
$sql .= " OR ";
}
if ($object->code_compta_fournisseur != "") {
$sql .= " bk.subledger_account = '".$object->code_compta_fournisseur."' ";
$sql .= " bk.subledger_account = '".$this->db->escape($object->code_compta_fournisseur)."' ";
}
$sql .= ") ";
@ -154,19 +154,19 @@ class Lettering extends BookKeeping
$sql .= " FROM ".MAIN_DB_PREFIX."facture fac ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."paiement_facture as payfac ON payfac.fk_facture=fac.rowid";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."paiement as pay ON payfac.fk_paiement=pay.rowid";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON (bk.fk_doc = pay.fk_bank AND bk.code_journal='".$obj->code_journal."')";
$sql .= " WHERE payfac.fk_paiement = '".$obj->url_id."' ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON (bk.fk_doc = pay.fk_bank AND bk.code_journal='".$this->db->escape($obj->code_journal)."')";
$sql .= " WHERE payfac.fk_paiement = '".$this->db->escape($obj->url_id)."' ";
$sql .= " AND bk.code_journal IN (SELECT code FROM ".MAIN_DB_PREFIX."accounting_journal WHERE nature=4 AND entity=".$conf->entity.") ";
$sql .= " AND fac.entity IN (".getEntity('invoice', 0).")"; // We don't share object for accountancy
$sql .= " AND ( ";
if ($object->code_compta != "") {
$sql .= " bk.subledger_account = '".$object->code_compta."' ";
$sql .= " bk.subledger_account = '".$this->db->escape($object->code_compta)."' ";
}
if ($object->code_compta != "" && $object->code_compta_fournisseur != "") {
$sql .= " OR ";
}
if ($object->code_compta_fournisseur != "") {
$sql .= " bk.subledger_account = '".$object->code_compta_fournisseur."' ";
$sql .= " bk.subledger_account = '".$this->db->escape($object->code_compta_fournisseur)."' ";
}
$sql .= " )";
@ -188,13 +188,13 @@ class Lettering extends BookKeeping
$sql .= " AND fac.entity IN (".getEntity('invoice', 0).")"; // We don't share object for accountancy
$sql .= " AND ( ";
if ($object->code_compta != "") {
$sql .= " bk.subledger_account = '".$object->code_compta."' ";
$sql .= " bk.subledger_account = '".$this->db->escape($object->code_compta)."' ";
}
if ($object->code_compta != "" && $object->code_compta_fournisseur != "") {
$sql .= " OR ";
}
if ($object->code_compta_fournisseur != "") {
$sql .= " bk.subledger_account = '".$object->code_compta_fournisseur."' ";
$sql .= " bk.subledger_account = '".$this->db->escape($object->code_compta_fournisseur)."' ";
}
$sql .= " ) ";
@ -238,7 +238,7 @@ class Lettering extends BookKeeping
$lettre = 'AAA';
$sql = "SELECT DISTINCT lettering_code FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE ";
$sql .= " lettering_code != '' ORDER BY lettering_code DESC limit 1; ";
$sql .= " lettering_code != '' ORDER BY lettering_code DESC limit 1";
$result = $this->db->query($sql);
if ($result) {
@ -252,7 +252,7 @@ class Lettering extends BookKeeping
}
$sql = "SELECT SUM(ABS(debit)) as deb, SUM(ABS(credit)) as cred FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE ";
$sql .= " rowid IN (".implode(',', $ids).") AND date_validated IS NULL ";
$sql .= " rowid IN (".implode(',', $ids).") AND date_validated IS NULL";
$result = $this->db->query($sql);
if ($result) {
$obj = $this->db->fetch_object($result);
@ -272,7 +272,7 @@ class Lettering extends BookKeeping
if (!$error)
{
$sql = "UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping SET";
$sql .= " lettering_code='".$lettre."'";
$sql .= " lettering_code='".$this->db->escape($lettre)."'";
$sql .= " , date_lettering = '".$this->db->idate($now)."'"; // todo correct date it's false
$sql .= " WHERE rowid IN (".implode(',', $ids).") AND date_validated IS NULL ";
$this->db->begin();

10
htdocs/accountancy/customer/index.php
View File

@ -131,9 +131,9 @@ if ($action == 'validatehistory') {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as co ON co.rowid = s.fk_pays ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."facturedet as l ON f.rowid = l.fk_facture";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON p.accountancy_code_sell = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$chartaccountcode."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_sell_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$chartaccountcode."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$chartaccountcode."' AND aa3.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON p.accountancy_code_sell = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_sell_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
$sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
$sql .= " AND l.product_type <= 2";
@ -402,7 +402,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) // This part of code looks strange.
}
print '<td width="60" class="right"><b>'.$langs->trans("Total").'</b></td></tr>';
$sql = "SELECT '".$langs->trans("TotalVente")."' AS total,";
$sql = "SELECT '".$db->escape($langs->trans("TotalVente"))."' AS total,";
for ($i = 1; $i <= 12; $i++) {
$j = $i + ($conf->global->SOCIETE_FISCAL_MONTH_START ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1) - 1;
if ($j > 12) $j -= 12;
@ -459,7 +459,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) // This part of code looks strange.
}
print '<td width="60" class="right"><b>'.$langs->trans("Total").'</b></td></tr>';
$sql = "SELECT '".$langs->trans("Vide")."' AS marge,";
$sql = "SELECT '".$db->escape($langs->trans("Vide"))."' AS marge,";
for ($i = 1; $i <= 12; $i++) {
$j = $i + ($conf->global->SOCIETE_FISCAL_MONTH_START ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1) - 1;
if ($j > 12) $j -= 12;

2
htdocs/accountancy/customer/lines.php
View File

@ -61,7 +61,7 @@ $search_tvaintra = GETPOST('search_tvaintra', 'alpha');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION);
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page < 0) $page = 0;

12
htdocs/accountancy/customer/list.php
View File

@ -69,7 +69,7 @@ $btn_ventil = GETPOST('ventil', 'alpha');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION);
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page < 0) { $page = 0; }
@ -161,8 +161,8 @@ if ($massaction == 'ventil') {
$ko++;
} else {
$sql = " UPDATE ".MAIN_DB_PREFIX."facturedet";
$sql .= " SET fk_code_ventilation = ".$monCompte;
$sql .= " WHERE rowid = ".$monId;
$sql .= " SET fk_code_ventilation = ".((int) $monCompte);
$sql .= " WHERE rowid = ".((int) $monId);
$accountventilated = new AccountingAccount($db);
$accountventilated->fetch($monCompte, '');
@ -222,9 +222,9 @@ $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as co ON co.rowid = s.fk_pays ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."facturedet as l ON f.rowid = l.fk_facture";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON p.accountancy_code_sell = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$chartaccountcode."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_sell_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$chartaccountcode."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$chartaccountcode."' AND aa3.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON p.accountancy_code_sell = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_sell_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_sell_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
$sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
$sql .= " AND l.product_type <= 2";
// Define begin binding date

6
htdocs/accountancy/expensereport/index.php
View File

@ -161,7 +161,7 @@ for ($i = 1; $i <= 12; $i++) {
}
print '<td width="60" class="right"><b>'.$langs->trans("Total").'</b></td></tr>';
$sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number')." AS codecomptable,";
$sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number')." AS codecomptable,";
$sql .= " ".$db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label')." AS intitule,";
for ($i = 1; $i <= 12; $i++) {
$j = $i + ($conf->global->SOCIETE_FISCAL_MONTH_START ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1) - 1;
@ -234,7 +234,7 @@ for ($i = 1; $i <= 12; $i++) {
}
print '<td width="60" class="right"><b>'.$langs->trans("Total").'</b></td></tr>';
$sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number')." AS codecomptable,";
$sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number')." AS codecomptable,";
$sql .= " ".$db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label')." AS intitule,";
for ($i = 1; $i <= 12; $i++) {
$j = $i + ($conf->global->SOCIETE_FISCAL_MONTH_START ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1) - 1;
@ -309,7 +309,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) // This part of code looks strange.
}
print '<td width="60" class="right"><b>'.$langs->trans("Total").'</b></td></tr>';
$sql = "SELECT '".$langs->trans("TotalExpenseReport")."' AS label,";
$sql = "SELECT '".$db->escape($langs->trans("TotalExpenseReport"))."' AS label,";
for ($i = 1; $i <= 12; $i++) {
$j = $i + ($conf->global->SOCIETE_FISCAL_MONTH_START ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1) - 1;
if ($j > 12) $j -= 12;

2
htdocs/accountancy/expensereport/lines.php
View File

@ -55,7 +55,7 @@ $search_year = GETPOST("search_year", "int");
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION);
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page < 0) $page = 0;

4
htdocs/accountancy/expensereport/list.php
View File

@ -65,7 +65,7 @@ $search_year = GETPOST("search_year", "int");
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION);
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page < 0) { $page = 0; }
@ -196,7 +196,7 @@ $sql .= " FROM ".MAIN_DB_PREFIX."expensereport as er";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."expensereport_det as erd ON er.rowid = erd.fk_expensereport";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_fees as f ON f.id = erd.fk_c_type_fees";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid = er.fk_user_author";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON f.accountancy_code = aa.account_number AND aa.fk_pcg_version = '".$chartaccountcode."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON f.accountancy_code = aa.account_number AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " WHERE er.fk_statut IN (".ExpenseReport::STATUS_APPROVED.", ".ExpenseReport::STATUS_CLOSED.") AND erd.fk_code_ventilation <= 0";
// Define begin binding date
if (!empty($conf->global->ACCOUNTING_DATE_START_BINDING)) {

12
htdocs/accountancy/supplier/index.php
View File

@ -128,9 +128,9 @@ if ($action == 'validatehistory') {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as co ON co.rowid = s.fk_pays ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture_fourn_det as l ON f.rowid = l.fk_facture_fourn";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON p.accountancy_code_buy = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$chartaccountcode."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_buy_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$chartaccountcode."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_buy_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$chartaccountcode."' AND aa3.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON p.accountancy_code_buy = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_buy_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_buy_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
$sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
$sql .= " AND l.product_type <= 2";
@ -232,7 +232,7 @@ for ($i = 1; $i <= 12; $i++) {
}
print '<td width="60" class="right"><b>'.$langs->trans("Total").'</b></td></tr>';
$sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number')." AS codecomptable,";
$sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number')." AS codecomptable,";
$sql .= " ".$db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label')." AS intitule,";
for ($i = 1; $i <= 12; $i++) {
$j = $i + ($conf->global->SOCIETE_FISCAL_MONTH_START ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1) - 1;
@ -305,7 +305,7 @@ for ($i = 1; $i <= 12; $i++) {
}
print '<td width="60" class="right"><b>'.$langs->trans("Total").'</b></td></tr>';
$sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number')." AS codecomptable,";
$sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number')." AS codecomptable,";
$sql .= " ".$db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label')." AS intitule,";
for ($i = 1; $i <= 12; $i++) {
$j = $i + ($conf->global->SOCIETE_FISCAL_MONTH_START ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1) - 1;
@ -380,7 +380,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) // This part of code looks strange.
}
print '<td width="60" class="right"><b>'.$langs->trans("Total").'</b></td></tr>';
$sql = "SELECT '".$langs->trans("CAHTF")."' AS label,";
$sql = "SELECT '".$db->escape($langs->trans("CAHTF"))."' AS label,";
for ($i = 1; $i <= 12; $i++) {
$j = $i + ($conf->global->SOCIETE_FISCAL_MONTH_START ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1) - 1;
if ($j > 12) $j -= 12;

2
htdocs/accountancy/supplier/lines.php
View File

@ -62,7 +62,7 @@ $search_tvaintra = GETPOST('search_tvaintra', 'alpha');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION);
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page < 0) $page = 0;

8
htdocs/accountancy/supplier/list.php
View File

@ -69,7 +69,7 @@ $btn_ventil = GETPOST('ventil', 'alpha');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : (empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION) ? $conf->liste_limit : $conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION);
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page < 0) { $page = 0; }
@ -226,9 +226,9 @@ $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as co ON co.rowid = s.fk_pays ";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture_fourn_det as l ON f.rowid = l.fk_facture_fourn";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON p.accountancy_code_buy = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$chartaccountcode."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_buy_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$chartaccountcode."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_buy_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$chartaccountcode."' AND aa3.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON p.accountancy_code_buy = aa.account_number AND aa.active = 1 AND aa.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa2 ON p.accountancy_code_buy_intra = aa2.account_number AND aa2.active = 1 AND aa2.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa2.entity = ".$conf->entity;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa3 ON p.accountancy_code_buy_export = aa3.account_number AND aa3.active = 1 AND aa3.fk_pcg_version = '".$db->escape($chartaccountcode)."' AND aa3.entity = ".$conf->entity;
$sql .= " WHERE f.fk_statut > 0 AND l.fk_code_ventilation <= 0";
$sql .= " AND l.product_type <= 2";
// Define begin binding date

8
htdocs/adherents/card.php
View File

@ -152,7 +152,7 @@ if (empty($reshook)) {
if (!$error) {
if ($socid != $object->socid) { // If link differs from currently in database
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."adherent";
$sql .= " WHERE socid = '".$socid."'";
$sql .= " WHERE socid = ".((int) $socid);
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql) {
@ -1454,7 +1454,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// Login
if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED)) {
print '<tr><td class="titlefield">'.$langs->trans("Login").' / '.$langs->trans("Id").'</td><td class="valeur">'.$object->login.'&nbsp;</td></tr>';
print '<tr><td class="titlefield">'.$langs->trans("Login").' / '.$langs->trans("Id").'</td><td class="valeur">'.dol_escape_htmltag($object->login).'</td></tr>';
}
// Type
@ -1471,10 +1471,10 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
print '</td></tr>';
// Company
print '<tr><td>'.$langs->trans("Company").'</td><td class="valeur">'.$object->company.'</td></tr>';
print '<tr><td>'.$langs->trans("Company").'</td><td class="valeur">'.dol_escape_htmltag($object->company).'</td></tr>';
// Civility
print '<tr><td>'.$langs->trans("UserTitle").'</td><td class="valeur">'.$object->getCivilityLabel().'&nbsp;</td>';
print '<tr><td>'.$langs->trans("UserTitle").'</td><td class="valeur">'.$object->getCivilityLabel().'</td>';
print '</tr>';
// Password

2
htdocs/adherents/class/adherent.class.php
View File

@ -1117,7 +1117,7 @@ class Adherent extends CommonObject
// Remove link to third party onto any other members
if ($thirdpartyid > 0) {
$sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET fk_soc = null";
$sql .= " WHERE fk_soc = '".$thirdpartyid."'";
$sql .= " WHERE fk_soc = ".((int) $thirdpartyid);
$sql .= " AND entity = ".$conf->entity;
dol_syslog(get_class($this)."::setThirdPartyId", LOG_DEBUG);
$resql = $this->db->query($sql);

6
htdocs/adherents/class/adherentstats.class.php
View File

@ -92,7 +92,7 @@ class AdherentStats extends Stats
$sql = "SELECT date_format(p.dateadh,'%m') as dm, count(*)";
$sql .= " FROM ".$this->from;
//if (!$user->rights->societe->client->voir && !$user->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= " WHERE date_format(p.dateadh,'%Y') = '".$year."'";
$sql .= " WHERE date_format(p.dateadh,'%Y') = ".((int) $year);
$sql .= " AND ".$this->where;
$sql .= " GROUP BY dm";
$sql .= $this->db->order('dm', 'DESC');
@ -133,7 +133,7 @@ class AdherentStats extends Stats
$sql = "SELECT date_format(p.dateadh,'%m') as dm, sum(p.".$this->field.")";
$sql .= " FROM ".$this->from;
//if (!$user->rights->societe->client->voir && !$user->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= " WHERE date_format(p.dateadh,'%Y') = '".$year."'";
$sql .= " WHERE date_format(p.dateadh,'%Y') = ".((int) $year);
$sql .= " AND ".$this->where;
$sql .= " GROUP BY dm";
$sql .= $this->db->order('dm', 'DESC');
@ -154,7 +154,7 @@ class AdherentStats extends Stats
$sql = "SELECT date_format(p.dateadh,'%m') as dm, avg(p.".$this->field.")";
$sql .= " FROM ".$this->from;
//if (!$user->rights->societe->client->voir && !$this->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= " WHERE date_format(p.dateadh,'%Y') = '".$year."'";
$sql .= " WHERE date_format(p.dateadh,'%Y') = ".((int) $year);
$sql .= " AND ".$this->where;
$sql .= " GROUP BY dm";
$sql .= $this->db->order('dm', 'DESC');

14
htdocs/adherents/class/api_members.class.php
View File

@ -227,7 +227,7 @@ class Members extends DolibarrApi
}
// Select members of given category
if ($category > 0) {
$sql .= " AND c.fk_categorie = ".$db->escape($category);
$sql .= " AND c.fk_categorie = ".$this->db->escape($category);
$sql .= " AND c.fk_member = t.rowid ";
}
// Add sql filters
@ -239,23 +239,23 @@ class Members extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0) {
$page = 0;
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result) {
$i = 0;
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
while ($i < $min) {
$obj = $db->fetch_object($result);
$obj = $this->db->fetch_object($result);
$member = new Adherent($this->db);
if ($member->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($member);
@ -263,7 +263,7 @@ class Members extends DolibarrApi
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve member list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve member list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No member found');

12
htdocs/adherents/class/api_memberstypes.class.php
View File

@ -109,23 +109,23 @@ class MembersTypes extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0) {
$page = 0;
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result) {
$i = 0;
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
while ($i < $min) {
$obj = $db->fetch_object($result);
$obj = $this->db->fetch_object($result);
$membertype = new AdherentType($this->db);
if ($membertype->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($membertype);
@ -133,7 +133,7 @@ class MembersTypes extends DolibarrApi
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve member type list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve member type list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No member type found');

12
htdocs/adherents/class/api_subscriptions.class.php
View File

@ -107,22 +107,22 @@ class Subscriptions extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0) {
$page = 0;
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result) {
$i = 0;
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
while ($i < min($limit, $num)) {
$obj = $db->fetch_object($result);
$obj = $this->db->fetch_object($result);
$subscription = new Subscription($this->db);
if ($subscription->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($subscription);
@ -130,7 +130,7 @@ class Subscriptions extends DolibarrApi
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve subscription list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve subscription list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No Subscription found');

4
htdocs/adherents/index.php
View File

@ -282,7 +282,7 @@ print '</div><div class="fichetwothirdright"><div class="ficheaddleft">';
/*
* Latest modified members
*/
$max = 5;
$max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT;
$sql = "SELECT a.rowid, a.statut, a.lastname, a.firstname, a.societe as company, a.fk_soc,";
$sql .= " a.tms as datem, datefin as date_end_subscription,";
@ -337,7 +337,7 @@ if ($resql) {
/*
* Last modified subscriptions
*/
$max = 5;
$max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT;
$sql = "SELECT a.rowid, a.statut, a.lastname, a.firstname, a.societe as company, a.fk_soc,";
$sql .= " datefin as date_end_subscription,";

19
htdocs/adherents/list.php
View File

@ -281,7 +281,7 @@ if ($search_ref) {
if ($search_civility) $sql .= natural_search("d.civility", $search_civility);
if ($search_firstname) $sql .= natural_search("d.firstname", $search_firstname);
if ($search_lastname) $sql .= natural_search(array("d.firstname", "d.lastname", "d.societe"), $search_lastname);
if ($search_gender != '' && $search_gender != '-1') $sql .= " AND d.gender = '".$search_gender."'";
if ($search_gender != '' && $search_gender != '-1') $sql .= natural_search("d.gender", $search_gender);
if ($search_login) $sql .= natural_search("d.login", $search_login);
if ($search_company) $sql .= natural_search("s.nom", $search_company);
if ($search_email) $sql .= natural_search("d.email", $search_email);
@ -370,6 +370,7 @@ if ($search_lastname) $param .= "&search_lastname=".urlencode($search_lastname)
if ($search_gender) $param .= "&search_gender=".urlencode($search_gender);
if ($search_login) $param .= "&search_login=".urlencode($search_login);
if ($search_email) $param .= "&search_email=".urlencode($search_email);
if ($search_categ) $param .= "&search_categ=".urlencode($search_categ);
if ($search_company) $param .= "&search_company=".urlencode($search_company);
if ($search_address != '') $param .= "&search_address=".urlencode($search_address);
if ($search_town != '') $param .= "&search_town=".urlencode($search_town);
@ -502,16 +503,16 @@ if (!empty($arrayfields['t.libelle']['checked'])) {
if (!empty($arrayfields['d.address']['checked'])) {
print '<td class="liste_titre left">';
print '<input class="flat maxwidth75imp" type="text" name="search_address" value="'.$search_address.'"></td>';
print '<input class="flat maxwidth75imp" type="text" name="search_address" value="'.dol_escape_htmltag($search_address).'"></td>';
}
if (!empty($arrayfields['d.zip']['checked'])) {
print '<td class="liste_titre left">';
print '<input class="flat maxwidth50imp" type="text" name="search_zip" value="'.$search_zip.'"></td>';
print '<input class="flat maxwidth50imp" type="text" name="search_zip" value="'.dol_escape_htmltag($search_zip).'"></td>';
}
if (!empty($arrayfields['d.town']['checked'])) {
print '<td class="liste_titre left">';
print '<input class="flat maxwidth75imp" type="text" name="search_town" value="'.$search_town.'"></td>';
print '<input class="flat maxwidth75imp" type="text" name="search_town" value="'.dol_escape_htmltag($search_town).'"></td>';
}
// State
if (!empty($arrayfields['state.nom']['checked'])) {
@ -528,24 +529,24 @@ if (!empty($arrayfields['country.code_iso']['checked'])) {
// Phone pro
if (!empty($arrayfields['d.phone']['checked'])) {
print '<td class="liste_titre left">';
print '<input class="flat maxwidth75imp" type="text" name="search_phone" value="'.$search_phone.'"></td>';
print '<input class="flat maxwidth75imp" type="text" name="search_phone" value="'.dol_escape_htmltag($search_phone).'"></td>';
}
// Phone perso
if (!empty($arrayfields['d.phone_perso']['checked'])) {
print '<td class="liste_titre left">';
print '<input class="flat maxwidth50" type="text" name="search_phone_perso" value="'.$search_phone_perso.'"></td>';
print '<input class="flat maxwidth50" type="text" name="search_phone_perso" value="'.dol_escape_htmltag($search_phone_perso).'"></td>';
}
// Phone mobile
if (!empty($arrayfields['d.phone_mobile']['checked'])) {
print '<td class="liste_titre left">';
print '<input class="flat maxwidth75imp" type="text" name="search_phone_mobile" value="'.$search_phone_mobile.'"></td>';
print '<input class="flat maxwidth75imp" type="text" name="search_phone_mobile" value="'.dol_escape_htmltag($search_phone_mobile).'"></td>';
}
// Email
if (!empty($arrayfields['d.email']['checked'])) {
print '<td class="liste_titre left">';
print '<input class="flat maxwidth75imp" type="text" name="search_email" value="'.$search_email.'"></td>';
print '<input class="flat maxwidth75imp" type="text" name="search_email" value="'.dol_escape_htmltag($search_email).'"></td>';
}
// End of subscription date
if (!empty($arrayfields['d.datefin']['checked'])) {
print '<td class="liste_titre left">';
print '</td>';

5
htdocs/adherents/stats/byproperties.php
View File

@ -141,10 +141,11 @@ if (!count($data)) {
}
// Print array
print '<div class="div-table-responsive">'; // You can use div-table-responsive-no-min if you dont need reserved height for your table
print '<table class="liste centpercent">';
print '<tr class="liste_titre">';
print '<td>'.$langs->trans("MemberNature").'</td>';
print '<td class="right">'.$langs->trans("NbOfMembers").' ('.$langs->trans("AllTime").')</td>';
print '<td class="right">'.$langs->trans("NbOfMembers").' <span class="opacitymedium">('.$langs->trans("AllTime").')</span></td>';
print '<td class="right">'.$langs->trans("NbOfActiveMembers").'</td>';
print '<td class="center">'.$langs->trans("LastMemberDate").'</td>';
print '<td class="right">'.$langs->trans("NbOfSubscriptions").'</td>';
@ -170,7 +171,7 @@ foreach ($data as $val) {
}
print '</table>';
print '</div>';
dol_fiche_end();

10
htdocs/adherents/stats/geo.php
View File

@ -45,7 +45,7 @@ $startyear = $year - 2;
$endyear = $year;
// Load translation files required by the page
$langs->loadLangs(array("companies", "members"));
$langs->loadLangs(array("companies", "members", "banks"));
/*
@ -272,12 +272,13 @@ if (count($arrayjs) && $mode == 'memberbycountry') {
}
if ($mode) {
// Print array / Affiche le tableau
print '<table class="liste centpercent">';
// Print array
print '<div class="div-table-responsive">'; // You can use div-table-responsive-no-min if you dont need reserved height for your table
print '<table class="liste centpercent">';
print '<tr class="liste_titre">';
print '<td>'.$label.'</td>';
if ($label2) print '<td class="center">'.$label2.'</td>';
print '<td class="right">'.$langs->trans("NbOfMembers").' ('.$langs->trans("AllTime").')</td>';
print '<td class="right">'.$langs->trans("NbOfMembers").' <span class="opacitymedium">('.$langs->trans("AllTime").')</span></td>';
print '<td class="center">'.$langs->trans("LastMemberDate").'</td>';
print '<td class="center">'.$langs->trans("LatestSubscriptionDate").'</td>';
print '</tr>';
@ -294,6 +295,7 @@ if ($mode) {
}
print '</table>';
print '</div>';
}

2
htdocs/adherents/subscription.php
View File

@ -47,7 +47,7 @@ $typeid = GETPOST('typeid', 'int');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1

4
htdocs/adherents/subscription/list.php
View File

@ -154,8 +154,8 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON c.fk_bank=b.rowid";
$sql .= " WHERE d.entity IN (".getEntity('adherent').")";
if (isset($date_select) && $date_select != '')
{
$sql .= " AND c.dateadh >= '".$date_select."-01-01 00:00:00'";
$sql .= " AND c.dateadh < '".($date_select + 1)."-01-01 00:00:00'";
$sql .= " AND c.dateadh >= '".((int) $date_select)."-01-01 00:00:00'";
$sql .= " AND c.dateadh < '".((int) $date_select + 1)."-01-01 00:00:00'";
}
if ($search_ref) {
if (is_numeric($search_ref)) $sql .= " AND (c.rowid = ".$db->escape($search_ref).")";

2
htdocs/admin/bank.php
View File

@ -283,7 +283,7 @@ print load_fiche_titre($langs->trans("BankAccountModelModule"), '', '');
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql) {

10
htdocs/admin/barcode.php
View File

@ -58,10 +58,10 @@ if ($action == 'setbarcodeproducton')
if ($action == 'setcoder')
{
$coder = GETPOST('coder', 'alpha');
$code_id = GETPOST('code_id', 'alpha');
$code_id = GETPOST('code_id', 'int');
$sqlp = "UPDATE ".MAIN_DB_PREFIX."c_barcode_type";
$sqlp .= " SET coder = '".$coder."'";
$sqlp .= " WHERE rowid = ".$code_id;
$sqlp .= " SET coder = '".$db->escape($coder)."'";
$sqlp .= " WHERE rowid = ".((int) $code_id);
$sqlp .= " AND entity = ".$conf->entity;
$resql = $db->query($sqlp);
@ -104,8 +104,8 @@ if ($action == 'setcoder')
$code_id = $obj->rowid;
$sqlp = "UPDATE ".MAIN_DB_PREFIX."c_barcode_type";
$sqlp .= " SET coder = '".$coder."'";
$sqlp .= " WHERE rowid = ".$code_id;
$sqlp .= " SET coder = '".$db->escape($coder)."'";
$sqlp .= " WHERE rowid = ".((int) $code_id);
$sqlp .= " AND entity = ".$conf->entity;
$upsql = $db->query($sqlp);

2
htdocs/admin/bom.php
View File

@ -292,7 +292,7 @@ print load_fiche_titre($langs->trans("BOMsModelModule"), '', '');
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)

14
htdocs/admin/boxes.php
View File

@ -192,12 +192,12 @@ if ($action == 'switch')
$newsecondnum = preg_replace('/[a-zA-Z]+/', '', $newsecond);
$newsecond = sprintf("%s%02d", $newsecondchar ? $newsecondchar : 'A', $newsecondnum + 1);
}
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$newfirst."' WHERE rowid=".$objfrom->rowid;
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$db->escape($newfirst)."' WHERE rowid=".$objfrom->rowid;
dol_syslog($sql);
$resultupdatefrom = $db->query($sql);
if (!$resultupdatefrom) { dol_print_error($db); }
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$newsecond."' WHERE rowid=".$objto->rowid;
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$db->escape($newsecond)."' WHERE rowid=".$objto->rowid;
dol_syslog($sql);
$resultupdateto = $db->query($sql);
if (!$resultupdateto) { dol_print_error($db); }
@ -261,7 +261,7 @@ if ($resql)
// This occurs just after an insert.
if ($decalage)
{
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$decalage."' WHERE rowid=".$obj->rowid;
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$db->escape($decalage)."' WHERE rowid=".$obj->rowid;
$db->query($sql);
}
}
@ -286,12 +286,12 @@ if ($resql)
if (preg_match("/[13579]{1}/", substr($record['box_order'], -1)))
{
$box_order = "A0".$record['box_order'];
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$box_order."' WHERE entity = ".$conf->entity." AND box_order = '".$record['box_order']."'";
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$db->escape($box_order)."' WHERE entity = ".$conf->entity." AND box_order = '".$db->escape($record['box_order'])."'";
$resql = $db->query($sql);
} elseif (preg_match("/[02468]{1}/", substr($record['box_order'], -1)))
{
$box_order = "B0".$record['box_order'];
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$box_order."' WHERE entity = ".$conf->entity." AND box_order = '".$record['box_order']."'";
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$db->escape($box_order)."' WHERE entity = ".$conf->entity." AND box_order = '".$db->escape($record['box_order'])."'";
$resql = $db->query($sql);
}
} elseif (dol_strlen($record['box_order']) == 2)
@ -299,12 +299,12 @@ if ($resql)
if (preg_match("/[13579]{1}/", substr($record['box_order'], -1)))
{
$box_order = "A".$record['box_order'];
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$box_order."' WHERE entity = ".$conf->entity." AND box_order = '".$record['box_order']."'";
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$db->escape($box_order)."' WHERE entity = ".$conf->entity." AND box_order = '".$db->escape($record['box_order'])."'";
$resql = $db->query($sql);
} elseif (preg_match("/[02468]{1}/", substr($record['box_order'], -1)))
{
$box_order = "B".$record['box_order'];
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$box_order."' WHERE entity = ".$conf->entity." AND box_order = '".$record['box_order']."'";
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$db->escape($box_order)."' WHERE entity = ".$conf->entity." AND box_order = '".$db->escape($record['box_order'])."'";
$resql = $db->query($sql);
}
}

2
htdocs/admin/commande.php
View File

@ -357,7 +357,7 @@ print load_fiche_titre($langs->trans("OrdersModelModule"), '', '');
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)

2
htdocs/admin/const.php
View File

@ -46,7 +46,7 @@ $constnote = GETPOST('constnote', 'alpha');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action

2
htdocs/admin/contract.php
View File

@ -287,7 +287,7 @@ print load_fiche_titre($langs->trans("TemplatePDFContracts"), '', '');
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)

2
htdocs/admin/emailcollector_list.php
View File

@ -51,7 +51,7 @@ $id = GETPOST('id', 'int');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action

2
htdocs/admin/events.php
View File

@ -41,7 +41,7 @@ $optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always ''
// Load variable for pagination
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page < 0 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters

2
htdocs/admin/expedition.php
View File

@ -296,7 +296,7 @@ $def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);

2
htdocs/admin/expensereport.php
View File

@ -297,7 +297,7 @@ $type = 'expensereport';
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)

2
htdocs/admin/export.php
View File

@ -90,7 +90,7 @@ print '<tr class="oddeven">';
print '<td>'.$langs->trans("EXPORTS_SHARE_MODELS").'</td>';
print '<td class="center" width="20">&nbsp;</td>';
print '<td class="center" width="100">';
echo ajax_constantonoff('EXPORTS_SHARE_MODELS');
print ajax_constantonoff('EXPORTS_SHARE_MODELS');
print '</td></tr>';
print '<tr class="oddeven">';

4
htdocs/admin/external_rss.php
View File

@ -80,8 +80,8 @@ if ($action == 'add' || GETPOST("modify"))
{
// Supprime boite box_external_rss de definition des boites
/* $sql = "UPDATE ".MAIN_DB_PREFIX."boxes_def";
$sql.= " SET name = '".$boxlabel."'";
$sql.= " WHERE file ='box_external_rss.php' AND note like '".$_POST["norss"]." %'";
$sql.= " SET name = '".$db->escape($boxlabel)."'";
$sql.= " WHERE file ='box_external_rss.php' AND note like '".$db->escape($_POST["norss"])." %'";
$resql=$db->query($sql);
if (! $resql)

2
htdocs/admin/facture.php
View File

@ -421,7 +421,7 @@ $type = 'invoice';
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)

2
htdocs/admin/fichinter.php
View File

@ -349,7 +349,7 @@ $type = 'ficheinter';
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)

2
htdocs/admin/holiday.php
View File

@ -299,7 +299,7 @@ print load_fiche_titre($langs->trans("TemplatePDFHolidays"), '', '');
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)

2
htdocs/admin/limits.php
View File

@ -243,7 +243,7 @@ if (empty($mysoc->country_code))
$sql = "SELECT taux as vat_rate, t.code as vat_code, t.localtax1 as localtax_rate1, t.localtax2 as localtax_rate2";
$sql .= " FROM ".MAIN_DB_PREFIX."c_tva as t, ".MAIN_DB_PREFIX."c_country as c";
$sql .= " WHERE t.active=1 AND t.fk_pays = c.rowid AND c.code='".$mysoc->country_code."' AND (t.taux <> 0 OR t.localtax1 <>0 OR t.localtax2 <>0)";
$sql .= " WHERE t.active=1 AND t.fk_pays = c.rowid AND c.code='".$db->escape($mysoc->country_code)."' AND (t.taux <> 0 OR t.localtax1 <>0 OR t.localtax2 <>0)";
$sql .= " ORDER BY t.taux ASC";
$resql = $db->query($sql);
if ($resql)

2
htdocs/admin/livraison.php
View File

@ -291,7 +291,7 @@ $def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);

37
htdocs/admin/mails.php
View File

@ -77,6 +77,7 @@ if ($action == 'update' && empty($_POST["cancel"]))
dolibarr_set_const($db, "MAIN_MAIL_SMTPS_PW", GETPOST("MAIN_MAIL_SMTPS_PW", 'none'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_EMAIL_TLS", GETPOST("MAIN_MAIL_EMAIL_TLS", 'int'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_EMAIL_STARTTLS", GETPOST("MAIN_MAIL_EMAIL_STARTTLS", 'int'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED", GETPOST("MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED", 'int'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_EMAIL_DKIM_ENABLED", GETPOST("MAIN_MAIL_EMAIL_DKIM_ENABLED", 'int'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_EMAIL_DKIM_DOMAIN", GETPOST("MAIN_MAIL_EMAIL_DKIM_DOMAIN", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
@ -156,6 +157,8 @@ if ($action == 'edit')
jQuery("#MAIN_MAIL_EMAIL_TLS").prop("disabled", true);
jQuery("#MAIN_MAIL_EMAIL_STARTTLS").val(0);
jQuery("#MAIN_MAIL_EMAIL_STARTTLS").prop("disabled", true);
jQuery("#MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED").val(0);
jQuery("#MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED").prop("disabled", true);
jQuery("#MAIN_MAIL_EMAIL_DKIM_ENABLED").val(0);
jQuery("#MAIN_MAIL_EMAIL_DKIM_ENABLED").prop("disabled", true);
jQuery("#MAIN_MAIL_EMAIL_DKIM_DOMAIN").prop("disabled", true);
@ -187,6 +190,8 @@ if ($action == 'edit')
jQuery("#MAIN_MAIL_EMAIL_TLS").removeAttr("disabled");
jQuery("#MAIN_MAIL_EMAIL_STARTTLS").val('.$conf->global->MAIN_MAIL_EMAIL_STARTTLS.');
jQuery("#MAIN_MAIL_EMAIL_STARTTLS").removeAttr("disabled");
jQuery("#MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED").val('.$conf->global->MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED.');
jQuery("#MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED").removeAttr("disabled");
jQuery("#MAIN_MAIL_EMAIL_DKIM_ENABLED").val(0);
jQuery("#MAIN_MAIL_EMAIL_DKIM_ENABLED").prop("disabled", true);
jQuery("#MAIN_MAIL_EMAIL_DKIM_DOMAIN").prop("disabled", true);
@ -211,6 +216,8 @@ if ($action == 'edit')
jQuery("#MAIN_MAIL_EMAIL_TLS").removeAttr("disabled");
jQuery("#MAIN_MAIL_EMAIL_STARTTLS").val('.$conf->global->MAIN_MAIL_EMAIL_STARTTLS.');
jQuery("#MAIN_MAIL_EMAIL_STARTTLS").removeAttr("disabled");
jQuery("#MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED").val('.$conf->global->MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED.');
jQuery("#MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED").removeAttr("disabled");
jQuery("#MAIN_MAIL_EMAIL_DKIM_ENABLED").val('.$conf->global->MAIN_MAIL_EMAIL_DKIM_ENABLED.');
jQuery("#MAIN_MAIL_EMAIL_DKIM_ENABLED").removeAttr("disabled");
jQuery("#MAIN_MAIL_EMAIL_DKIM_DOMAIN").removeAttr("disabled");
@ -233,12 +240,16 @@ if ($action == 'edit')
initfields();
});
jQuery("#MAIN_MAIL_EMAIL_TLS").change(function() {
if (jQuery("#MAIN_MAIL_EMAIL_STARTTLS").val() == 1)
if (jQuery("#MAIN_MAIL_EMAIL_TLS").val() == 1)
jQuery("#MAIN_MAIL_EMAIL_STARTTLS").val(0);
else
jQuery("#MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED").val(0);
});
jQuery("#MAIN_MAIL_EMAIL_STARTTLS").change(function() {
if (jQuery("#MAIN_MAIL_EMAIL_TLS").val() == 1)
if (jQuery("#MAIN_MAIL_EMAIL_STARTTLS").val() == 1)
jQuery("#MAIN_MAIL_EMAIL_TLS").val(0);
else
jQuery("#MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED").val(0);
});
})';
print '</script>'."\n";
@ -406,6 +417,17 @@ if ($action == 'edit')
} else print yn(0).' ('.$langs->trans("NotSupported").')';
print '</td></tr>';
// SMTP_ALLOW_SELF_SIGNED
print '<tr class="oddeven"><td>'.$langs->trans("MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED").'</td><td>';
if (!empty($conf->use_javascript_ajax) || (isset($conf->global->MAIN_MAIL_SENDMODE) && in_array($conf->global->MAIN_MAIL_SENDMODE, array('smtps', 'swiftmailer'))))
{
if (function_exists('openssl_open'))
{
print $form->selectyesno('MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED', (!empty($conf->global->MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED) ? $conf->global->MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED : 0), 1);
} else print yn(0).' ('.$langs->trans("YourPHPDoesNotHaveSSLSupport").')';
} else print yn(0).' ('.$langs->trans("NotSupported").')';
print '</td></tr>';
// DKIM
print '<tr class="oddeven dkim"><td>'.$langs->trans("MAIN_MAIL_EMAIL_DKIM_ENABLED").'</td><td>';
if (!empty($conf->use_javascript_ajax) || (isset($conf->global->MAIN_MAIL_SENDMODE) && in_array($conf->global->MAIN_MAIL_SENDMODE, array('swiftmailer'))))
@ -571,6 +593,17 @@ if ($action == 'edit')
} else print '<span class="opacitymedium">'.yn(0).' ('.$langs->trans("NotSupported").')</span>';
print '</td></tr>';
// SMTP_ALLOW_SELF_SIGNED
print '<tr class="oddeven"><td>'.$langs->trans("MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED").'</td><td>';
if (isset($conf->global->MAIN_MAIL_SENDMODE) && in_array($conf->global->MAIN_MAIL_SENDMODE, array('smtps', 'swiftmailer')))
{
if (function_exists('openssl_open'))
{
print yn($conf->global->MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED);
} else print yn(0).' ('.$langs->trans("YourPHPDoesNotHaveSSLSupport").')';
} else print '<span class="opacitymedium">'.yn(0).' ('.$langs->trans("NotSupported").')</span>';
print '</td></tr>';
if ($conf->global->MAIN_MAIL_SENDMODE == 'swiftmailer')
{

40
htdocs/admin/mails_emailing.php
View File

@ -68,6 +68,7 @@ if ($action == 'update' && empty($_POST["cancel"]))
dolibarr_set_const($db, "MAIN_MAIL_SMTPS_PW_EMAILING", GETPOST("MAIN_MAIL_SMTPS_PW_EMAILING"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_EMAIL_TLS_EMAILING", GETPOST("MAIN_MAIL_EMAIL_TLS_EMAILING"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_EMAIL_STARTTLS_EMAILING", GETPOST("MAIN_MAIL_EMAIL_STARTTLS_EMAILING"), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED_EMAILING", GETPOST("MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED_EMAILING"), 'chaine', 0, '', $conf->entity);
header("Location: ".$_SERVER["PHP_SELF"]."?mainmenu=home&leftmenu=setup");
exit;
@ -147,6 +148,8 @@ if ($action == 'edit')
jQuery("#MAIN_MAIL_EMAIL_TLS_EMAILING").prop("disabled", true);
jQuery("#MAIN_MAIL_EMAIL_STARTTLS_EMAILING").val(0);
jQuery("#MAIN_MAIL_EMAIL_STARTTLS_EMAILING").prop("disabled", true);
jQuery("#MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED_EMAILING").val(0);
jQuery("#MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED_EMAILING").prop("disabled", true);
';
if ($linuxlike)
{
@ -173,6 +176,8 @@ if ($action == 'edit')
jQuery("#MAIN_MAIL_EMAIL_TLS_EMAILING").removeAttr("disabled");
jQuery("#MAIN_MAIL_EMAIL_STARTTLS_EMAILING").val('.$conf->global->MAIN_MAIL_EMAIL_STARTTLS_EMAILING.');
jQuery("#MAIN_MAIL_EMAIL_STARTTLS_EMAILING").removeAttr("disabled");
jQuery("#MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED_EMAILING").val('.$conf->global->MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED_EMAILING.');
jQuery("#MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED_EMAILING").removeAttr("disabled");
jQuery("#MAIN_MAIL_SMTP_SERVER_EMAILING").removeAttr("disabled");
jQuery("#MAIN_MAIL_SMTP_PORT_EMAILING").removeAttr("disabled");
jQuery("#MAIN_MAIL_SMTP_SERVER_EMAILING").show();
@ -187,6 +192,8 @@ if ($action == 'edit')
jQuery("#MAIN_MAIL_EMAIL_TLS_EMAILING").removeAttr("disabled");
jQuery("#MAIN_MAIL_EMAIL_STARTTLS_EMAILING").val('.$conf->global->MAIN_MAIL_EMAIL_STARTTLS_EMAILING.');
jQuery("#MAIN_MAIL_EMAIL_STARTTLS_EMAILING").removeAttr("disabled");
jQuery("#MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED_EMAILING").val('.$conf->global->MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED_EMAILING.');
jQuery("#MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED_EMAILING").removeAttr("disabled");
jQuery("#MAIN_MAIL_SMTP_SERVER_EMAILING").removeAttr("disabled");
jQuery("#MAIN_MAIL_SMTP_PORT_EMAILING").removeAttr("disabled");
jQuery("#MAIN_MAIL_SMTP_SERVER_EMAILING").show();
@ -199,13 +206,17 @@ if ($action == 'edit')
jQuery("#MAIN_MAIL_SENDMODE_EMAILING").change(function() {
initfields();
});
jQuery("#MAIN_MAIL_EMAIL_TLS").change(function() {
if (jQuery("#MAIN_MAIL_EMAIL_STARTTLS_EMAILING").val() == 1)
jQuery("#MAIN_MAIL_EMAIL_TLS_EMAILING").change(function() {
if (jQuery("#MAIN_MAIL_EMAIL_TLS_EMAILING").val() == 1)
jQuery("#MAIN_MAIL_EMAIL_STARTTLS_EMAILING").val(0);
else
jQuery("#MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED_EMAILING").val(0);
});
jQuery("#MAIN_MAIL_EMAIL_STARTTLS_EMAILING").change(function() {
if (jQuery("#MAIN_MAIL_EMAIL_TLS_EMAILING").val() == 1)
if (jQuery("#MAIN_MAIL_EMAIL_STARTTLS_EMAILING").val() == 1)
jQuery("#MAIN_MAIL_EMAIL_TLS_EMAILING").val(0);
else
jQuery("#MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED_EMAILING").val(0);
});
})';
print '</script>'."\n";
@ -359,6 +370,18 @@ if ($action == 'edit')
} else print yn(0).' ('.$langs->trans("NotSupported").')';
print '</td></tr>';
// SMTP_ALLOW_SELF_SIGNED_EMAILING
print '<tr class="oddeven hideifdefault"><td>'.$langs->trans("MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED").'</td><td>';
if (!empty($conf->use_javascript_ajax) || (isset($conf->global->MAIN_MAIL_SENDMODE_EMAILING) && in_array($conf->global->MAIN_MAIL_SENDMODE_EMAILING, array('smtps', 'swiftmailer'))))
{
if (function_exists('openssl_open'))
{
print $form->selectyesno('MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED_EMAILING', (!empty($conf->global->MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED_EMAILING) ? $conf->global->MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED_EMAILING : 0), 1);
} else print yn(0).' ('.$langs->trans("YourPHPDoesNotHaveSSLSupport").')';
} else print yn(0).' ('.$langs->trans("NotSupported").')';
print '</td></tr>';
print '</table>';
dol_fiche_end();
@ -437,6 +460,17 @@ if ($action == 'edit')
} else print yn(0).' ('.$langs->trans("YourPHPDoesNotHaveSSLSupport").')';
} else print yn(0).' ('.$langs->trans("NotSupported").')';
print '</td></tr>';
// SMTP_ALLOW_SELF_SIGNED_EMAILING
print '<tr class="oddeven hideifdefault"><td>'.$langs->trans("MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED").'</td><td>';
if (isset($conf->global->MAIN_MAIL_SENDMODE_EMAILING) && in_array($conf->global->MAIN_MAIL_SENDMODE_EMAILING, array('smtps', 'swiftmailer')))
{
if (function_exists('openssl_open'))
{
print yn($conf->global->MAIN_MAIL_EMAIL_SMTP_ALLOW_SELF_SIGNED_EMAILING);
} else print yn(0).' ('.$langs->trans("YourPHPDoesNotHaveSSLSupport").')';
} else print yn(0).' ('.$langs->trans("NotSupported").')';
print '</td></tr>';
}
print '</table>';

2
htdocs/admin/mails_senderprofile_list.php
View File

@ -47,7 +47,7 @@ $rowid = GETPOST('rowid', 'alpha');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action

10
htdocs/admin/mails_templates.php
View File

@ -341,7 +341,7 @@ if (empty($reshook))
$i++;
}
$sql .= " WHERE ".$rowidcol." = '".$rowid."'";
$sql .= " WHERE ".$rowidcol." = ".((int) $rowid);
//print $sql;exit;
dol_syslog("actionmodify", LOG_DEBUG);
//print $sql;
@ -359,7 +359,7 @@ if (empty($reshook))
{
$rowidcol = "rowid";
$sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol."='".$rowid."'";
$sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol."=".((int) $rowid);
dol_syslog("delete", LOG_DEBUG);
$result = $db->query($sql);
@ -379,7 +379,7 @@ if (empty($reshook))
{
$rowidcol = "rowid";
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol."='".$rowid."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol."=".((int) $rowid);
$result = $db->query($sql);
if (!$result)
@ -393,7 +393,7 @@ if (empty($reshook))
{
$rowidcol = "rowid";
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol."='".$rowid."'";
$sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol."=".((int) $rowid);
$result = $db->query($sql);
if (!$result)
@ -443,7 +443,7 @@ if (!$user->admin)
}
if (empty($conf->global->MAIN_MULTILANGS))
{
$sql .= " AND (lang = '".$langs->defaultlang."' OR lang IS NULL OR lang = '')";
$sql .= " AND (lang = '".$db->escape($langs->defaultlang)."' OR lang IS NULL OR lang = '')";
}
if ($search_label) $sql .= natural_search('label', $search_label);
if ($search_type_template != '' && $search_type_template != '-1') $sql .= natural_search('type_template', $search_type_template);

10
htdocs/admin/menus/edit.php
View File

@ -32,6 +32,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/menubase.class.php';
$langs->loadLangs(array("other", "admin"));
$cancel = GETPOST('cancel', 'alphanohtml'); // We click on a Cancel button
$confirm = GETPOST('confirm');
if (!$user->admin) accessforbidden();
@ -231,26 +232,27 @@ if ($action == 'add')
}
// delete
if ($action == 'confirm_delete' && $_POST["confirm"] == 'yes')
if ($action == 'confirm_delete' && $confirm == 'yes')
{
$this->db->begin();
$db->begin();
$sql = "DELETE FROM ".MAIN_DB_PREFIX."menu WHERE rowid = ".GETPOST('menuId', 'int');
$result = $db->query($sql);
if ($result == 0)
{
$this->db->commit();
$db->commit();
llxHeader();
setEventMessages($langs->trans("MenuDeleted"), null, 'mesgs');
llxFooter();
exit;
} else {
$this->db->rollback();
$db->rollback();
$reload = 0;
$_GET["action"] = '';
$action = '';
}
}

2
htdocs/admin/mrp.php
View File

@ -293,7 +293,7 @@ print load_fiche_titre($langs->trans("MOsModelModule"), '', '');
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)

2
htdocs/admin/paymentbybanktransfer.php
View File

@ -210,7 +210,7 @@ print load_fiche_titre($langs->trans("OrdersModelModule"),'','');
$def = array();
$sql = "SELECT nom";
$sql.= " FROM ".MAIN_DB_PREFIX."document_model";
$sql.= " WHERE type = '".$type."'";
$sql.= " WHERE type = '".$db->escape($type)."'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);
if ($resql)

2
htdocs/admin/prelevement.php
View File

@ -217,7 +217,7 @@ print load_fiche_titre($langs->trans("OrdersModelModule"),'','');
$def = array();
$sql = "SELECT nom";
$sql.= " FROM ".MAIN_DB_PREFIX."document_model";
$sql.= " WHERE type = '".$type."'";
$sql.= " WHERE type = '".$db->escape($type)."'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);
if ($resql)

2
htdocs/admin/propal.php
View File

@ -316,7 +316,7 @@ print load_fiche_titre($langs->trans("ProposalsPDFModules"), '', '');
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)

2
htdocs/admin/reception_setup.php
View File

@ -301,7 +301,7 @@ $def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);

72
htdocs/admin/stock.php
View File

@ -516,7 +516,7 @@ print load_fiche_titre($langs->trans("WarehouseModelModules"), '', '');
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)
@ -760,76 +760,6 @@ print '</table>';
print '</form>';
/*
print '<br>';
if ($conf->global->MAIN_FEATURES_LEVEL >= 2)
{
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
print '<td>'.$langs->trans("Inventory").'</td>'."\n";
print '<td class="right">'.$langs->trans("Status").'</td>'."\n";
print '</tr>'."\n";
// Example with a yes / no select
print '<tr class="oddeven">';
print '<td>'.$langs->trans("INVENTORY_DISABLE_VIRTUAL").'</td>';
print '<td class="center">';
if ($conf->use_javascript_ajax) {
print ajax_constantonoff('INVENTORY_DISABLE_VIRTUAL');
} else {
$arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes"));
print $form->selectarray("INVENTORY_DISABLE_VIRTUAL", $arrval, $conf->global->INVENTORY_DISABLE_VIRTUAL);
}
print '</td></tr>';
// Example with a yes / no select
print '<tr class="oddeven">';
print '<td>'.$langs->trans("INVENTORY_USE_MIN_PA_IF_NO_LAST_PA").'</td>';
print '<td class="center">';
if ($conf->use_javascript_ajax) {
print ajax_constantonoff('INVENTORY_USE_MIN_PA_IF_NO_LAST_PA');
} else {
$arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes"));
print $form->selectarray("INVENTORY_USE_MIN_PA_IF_NO_LAST_PA", $arrval, $conf->global->INVENTORY_USE_MIN_PA_IF_NO_LAST_PA);
}
print '</td></tr>';
// Example with a yes / no select
print '<tr class="oddeven">';
print '<td>'.$langs->trans("INVENTORY_USE_INVENTORY_DATE_FOR_DATE_OF_MVT").'</td>';
print '<td class="right">';
if ($conf->use_javascript_ajax) {
print ajax_constantonoff('INVENTORY_USE_INVENTORY_DATE_FOR_DATE_OF_MVT');
} else {
$arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes"));
print $form->selectarray("INVENTORY_USE_INVENTORY_DATE_FOR_DATE_OF_MVT", $arrval, $conf->global->INVENTORY_USE_INVENTORY_DATE_FOR_DATE_OF_MVT);
}
print '</td></tr>';
print '</table>';
}
*/
/* I keep the option/feature, but hidden to end users for the moment. If feature is used by module, no need to have users see it.
If not used by a module, I still need to understand in which case user may need this now we can set rule on product page.
if ($conf->global->PRODUIT_SOUSPRODUITS)
{
print '<tr class="oddeven">';
print '<td>'.$langs->trans("IndependantSubProductStock").'</td>';
print '<td class="right">';
print "<form method=\"post\" action=\"stock.php\">";
print '<input type="hidden" name="token" value="'.newToken().'">';
print "<input type=\"hidden\" name=\"action\" value=\"INDEPENDANT_SUBPRODUCT_STOCK\">";
print $form->selectyesno("INDEPENDANT_SUBPRODUCT_STOCK",$conf->global->INDEPENDANT_SUBPRODUCT_STOCK,1);
print '<input type="submit" class="button" value="'.$langs->trans("Modify").'">';
print '</form>';
print "</td>\n";
print "</tr>\n";
}
*/
// End of page
llxFooter();
$db->close();

2
htdocs/admin/supplier_payment.php
View File

@ -179,7 +179,7 @@ print load_fiche_titre($langs->trans("PaymentsNumberingModule"), '', '');
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)

2
htdocs/admin/supplier_proposal.php
View File

@ -310,7 +310,7 @@ print load_fiche_titre($langs->trans("SupplierProposalPDFModules"), '', '');
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)

6
htdocs/admin/syslog.php
View File

@ -212,6 +212,12 @@ foreach ($syslogModules as $moduleName)
print '<td width="140">';
print '<input class="oddeven" type="checkbox" name="SYSLOG_HANDLERS[]" value="'.$moduleName.'" '.(in_array($moduleName, $activeModules) ? 'checked' : '').($moduleactive <= 0 ? 'disabled' : '').'> ';
print $module->getName();
if ($moduleName == 'mod_syslog_syslog') {
if (! $module->isActive()) {
$langs->load("errors");
print $form->textwithpicto('', $langs->trans("ErrorPHPNeedModule", 'SysLog'));
}
}
print '</td>';
print '<td class="nowrap">';

27
htdocs/admin/system/dolibarr.php
View File

@ -365,7 +365,12 @@ foreach ($configfileparameters as $key => $value)
print '<td>'.$newkey.'</td>';
// Value
print "<td>";
if ($newkey == 'dolibarr_main_db_pass') print preg_replace('/./i', '*', ${$newkey});
if ($newkey == 'dolibarr_main_db_pass') {
if (empty($dolibarr_main_prod)) {
print '<!-- '.${$newkey}.' -->';
}
print '**********';
}
elseif ($newkey == 'dolibarr_main_url_root' && preg_match('/__auto__/', ${$newkey})) print ${$newkey}.' => '.constant('DOL_MAIN_URL_ROOT');
elseif ($newkey == 'dolibarr_main_document_root_alt') {
$tmparray = explode(',', ${$newkey});
@ -395,7 +400,14 @@ foreach ($configfileparameters as $key => $value)
$valuetoshow = ${$newkey};
if (empty($valuetoshow)) {
print img_warning($langs->trans('SwitchThisForABetterSecurity'));
print img_warning($langs->trans('SwitchThisForABetterSecurity', 1));
}
} elseif ($newkey == 'dolibarr_nocsrfcheck') {
print ${$newkey};
$valuetoshow = ${$newkey};
if (!empty($valuetoshow)) {
print img_warning($langs->trans('SwitchThisForABetterSecurity', 0));
}
} else {
print ${$newkey};
@ -451,7 +463,16 @@ if ($resql)
print '<tr class="oddeven">';
print '<td class="tdoverflowmax300">'.$obj->name.'</td>'."\n";
print '<td class="tdoverflowmax300">'.dol_escape_htmltag($obj->value).'</td>'."\n";
print '<td class="tdoverflowmax300">';
if (preg_match('/(_pass|password|_pw|_key|securekey|serverkey|secret\d?|p12key|exportkey|_PW_[a-z]+|token)$/i', $obj->name)) {
if (empty($dolibarr_main_prod)) {
print '<!-- '.$obj->value.' -->';
}
print '**********';
} else {
print dol_escape_htmltag($obj->value);
}
print '</td>'."\n";
if (empty($conf->multicompany->enabled) || !$user->entity) print '<td class="center" width="80px">'.$obj->entity.'</td>'."\n"; // If superadmin or multicompany disabled
print "</tr>\n";

2
htdocs/admin/tools/dolibarr_export.php
View File

@ -31,7 +31,7 @@ $langs->load("admin");
$action = GETPOST('action', 'aZ09');
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (!$sortorder) $sortorder = "DESC";

2
htdocs/admin/tools/export.php
View File

@ -37,7 +37,7 @@ $file = GETPOST('filename_template', 'alpha');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action

2
htdocs/admin/tools/export_files.php
View File

@ -39,7 +39,7 @@ $compression = GETPOST('compression');
$file = dol_sanitizeFileName($file);
$file = preg_replace('/(\.zip|\.tar|\.tgz|\.gz|\.tar\.gz|\.bz2)$/i', '', $file);
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (!$sortorder) $sortorder = "DESC";

16
htdocs/admin/tools/listevents.php
View File

@ -46,7 +46,7 @@ $langs->loadLangs(array("companies", "admin", "users", "other"));
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1
@ -235,6 +235,20 @@ if ($result)
print $form->formconfirm($_SERVER["PHP_SELF"].'?noparam=noparam', $langs->trans('PurgeAuditEvents'), $langs->trans('ConfirmPurgeAuditEvents'), 'confirm_purge', $formquestion, 'no', 1);
}
// Check some parameters
// TODO Add a tab with this and other information
/*
global $dolibarr_main_prod, $dolibarr_nocsrfcheck;
if (empty($dolibarr_main_prod)) {
print $langs->trans("Warning").' dolibarr_main_prod = '.$dolibarr_main_prod;
print ' '.img_warning($langs->trans('SwitchThisForABetterSecurity', 1)).'<br>';
}
if (!empty($dolibarr_nocsrfcheck)) {
print $langs->trans("Warning").' dolibarr_nocsrfcheck = '.$dolibarr_nocsrfcheck;
print ' '.img_warning($langs->trans('SwitchThisForABetterSecurity', 0)).'<br>';
}
*/
print '<div class="div-table-responsive">';
print '<table class="liste centpercent">';

2
htdocs/admin/user.php
View File

@ -192,7 +192,7 @@ $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']);
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)

2
htdocs/admin/usergroup.php
View File

@ -124,7 +124,7 @@ $form = new Form($db);
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$sql .= " AND entity = ".$conf->entity;
$resql = $db->query($sql);
if ($resql)

16
htdocs/admin/website.php
View File

@ -51,7 +51,7 @@ $actl[1] = img_picto($langs->trans("Activated"), 'switch_on');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1
@ -252,7 +252,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha'))
else $sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'";
$i++;
}
$sql .= " WHERE ".$rowidcol." = '".$rowid."'";
$sql .= " WHERE ".$rowidcol." = ".((int) $rowid);
dol_syslog("actionmodify", LOG_DEBUG);
//print $sql;
@ -310,16 +310,16 @@ if ($action == 'confirm_delete' && $confirm == 'yes') // delete
if ($website->id > 0)
{
$sql = "DELETE from ".MAIN_DB_PREFIX."website_account WHERE fk_website ='".$rowid."'";
$sql = "DELETE from ".MAIN_DB_PREFIX."website_account WHERE fk_website = ".((int) $rowid);
$result = $db->query($sql);
$sql = "DELETE from ".MAIN_DB_PREFIX."website_page WHERE fk_website ='".$rowid."'";
$sql = "DELETE from ".MAIN_DB_PREFIX."website_page WHERE fk_website = ".((int) $rowid);
$result = $db->query($sql);
$sql = "DELETE from ".MAIN_DB_PREFIX."website_extrafields WHERE fk_object ='".$rowid."'";
$sql = "DELETE from ".MAIN_DB_PREFIX."website_extrafields WHERE fk_object = ".((int) $rowid);
$result = $db->query($sql);
$sql = "DELETE from ".MAIN_DB_PREFIX."website WHERE rowid ='".$rowid."'";
$sql = "DELETE from ".MAIN_DB_PREFIX."website WHERE rowid = ".((int) $rowid);
$result = $db->query($sql);
if (!$result)
{
@ -346,7 +346,7 @@ if ($action == $acts[0])
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET status = 1 WHERE rowid ='".$rowid."'";
$sql = "UPDATE ".$tabname[$id]." SET status = 1 WHERE rowid = ".((int) $rowid);
}
$result = $db->query($sql);
@ -362,7 +362,7 @@ if ($action == $acts[1])
if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; }
if ($rowid) {
$sql = "UPDATE ".$tabname[$id]." SET status = 0 WHERE rowid ='".$rowid."'";
$sql = "UPDATE ".$tabname[$id]." SET status = 0 WHERE rowid = ".((int) $rowid);
}
$result = $db->query($sql);

2
htdocs/admin/website_options.php
View File

@ -46,7 +46,7 @@ $status = 1;
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1

24
htdocs/api/class/api_access.class.php
View File

@ -59,6 +59,16 @@ class DolibarrApiAccess implements iAuthenticate
*/
public static $user = '';
/**
* Constructor
*/
public function __construct()
{
global $db;
$this->db = $db;
}
// phpcs:disable PEAR.NamingConventions.ValidFunctionName
/**
* Check access
@ -107,15 +117,15 @@ class DolibarrApiAccess implements iAuthenticate
$sql = "SELECT u.login, u.datec, u.api_key, ";
$sql .= " u.tms as date_modification, u.entity";
$sql .= " FROM ".MAIN_DB_PREFIX."user as u";
$sql .= " WHERE u.api_key = '".$db->escape($api_key)."'";
$sql .= " WHERE u.api_key = '".$this->db->escape($api_key)."'";
// TODO Check if 2 users has same API key.
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
if ($db->num_rows($result))
if ($this->db->num_rows($result))
{
$obj = $db->fetch_object($result);
$obj = $this->db->fetch_object($result);
$login = $obj->login;
$stored_key = $obj->api_key;
$userentity = $obj->entity;
@ -125,11 +135,11 @@ class DolibarrApiAccess implements iAuthenticate
$conf->entity = ($obj->entity ? $obj->entity : 1);
// We must also reload global conf to get params from the entity
dol_syslog("Entity was not set on http header with HTTP_DOLAPIENTITY (recommanded for performance purpose), so we switch now on entity of user (".$conf->entity.") and we have to reload configuration.", LOG_WARNING);
$conf->setValues($db);
$conf->setValues($this->db);
}
}
} else {
throw new RestException(503, 'Error when fetching user api_key :'.$db->error_msg);
throw new RestException(503, 'Error when fetching user api_key :'.$this->db->error_msg);
}
if ($stored_key != $api_key) { // This should not happen since we did a search on api_key
@ -141,7 +151,7 @@ class DolibarrApiAccess implements iAuthenticate
{
throw new RestException(503, 'Error when searching login user from api key');
}
$fuser = new User($db);
$fuser = new User($this->db);
$result = $fuser->fetch('', $login, '', 0, (empty($userentity) ? -1 : $conf->entity)); // If user is not entity 0, we search in working entity $conf->entity (that may have been forced to a different value than user entity)
if ($result <= 0) {
throw new RestException(503, 'Error when fetching user :'.$fuser->error.' (conf->entity='.$conf->entity.')');

2
htdocs/asset/list.php
View File

@ -47,7 +47,7 @@ $id = GETPOST('id', 'int');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action

2
htdocs/blockedlog/admin/blockedlog_list.php
View File

@ -56,7 +56,7 @@ if (($search_start == -1 || empty($search_start)) && !GETPOSTISSET('search_start
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1

2
htdocs/bom/bom_list.php
View File

@ -45,7 +45,7 @@ $id = GETPOST('id', 'int');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action

14
htdocs/bom/class/api_boms.class.php
View File

@ -99,7 +99,7 @@ class Boms extends DolibarrApi
global $db, $conf;
$obj_ret = array();
$tmpobject = new BOM($db);
$tmpobject = new BOM($this->db);
$socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : '';
@ -139,7 +139,7 @@ class Boms extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -147,18 +147,18 @@ class Boms extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$i = 0;
while ($i < $num)
{
$obj = $db->fetch_object($result);
$bom_static = new BOM($db);
$obj = $this->db->fetch_object($result);
$bom_static = new BOM($this->db);
if ($bom_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($bom_static);
}

2
htdocs/bookmarks/list.php
View File

@ -42,7 +42,7 @@ $optioncss = GETPOST('optioncss', 'alpha');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action

4
htdocs/cashdesk/facturation.php
View File

@ -42,7 +42,7 @@ if (GETPOST('filtre', 'alpha')) {
$sql = "SELECT p.rowid, p.ref, p.label, p.tva_tx, p.fk_product_type";
if (!empty($conf->stock->enabled) && !empty($conf_fkentrepot)) $sql .= ", ps.reel";
$sql .= " FROM ".MAIN_DB_PREFIX."product as p";
if (!empty($conf->stock->enabled) && !empty($conf_fkentrepot)) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = '".$conf_fkentrepot."'";
if (!empty($conf->stock->enabled) && !empty($conf_fkentrepot)) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = '".$db->escape($conf_fkentrepot)."'";
$sql .= " WHERE p.entity IN (".getEntity('product').")";
$sql .= " AND p.tosell = 1";
if (!$conf->global->CASHDESK_SERVICES) $sql .= " AND p.fk_product_type = 0";
@ -92,7 +92,7 @@ if (GETPOST('filtre', 'alpha')) {
$sql = "SELECT p.rowid, ref, label, tva_tx, p.fk_product_type";
if (!empty($conf->stock->enabled) && !empty($conf_fkentrepot)) $sql .= ", ps.reel";
$sql .= " FROM ".MAIN_DB_PREFIX."product as p";
if (!empty($conf->stock->enabled) && !empty($conf_fkentrepot)) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = '".$conf_fkentrepot."'";
if (!empty($conf->stock->enabled) && !empty($conf_fkentrepot)) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = '".$db->escape($conf_fkentrepot)."'";
$sql .= " WHERE p.entity IN (".getEntity('product').")";
$sql .= " AND p.tosell = 1";
if (!$conf->global->CASHDESK_SERVICES) $sql .= " AND p.fk_product_type = 0";

2
htdocs/cashdesk/facturation_dhtml.php
View File

@ -45,7 +45,7 @@ if (dol_strlen($search) >= 0) // If search criteria is on char length at least
$sql = "SELECT p.rowid, p.ref, p.label, p.tva_tx";
if (!empty($conf->stock->enabled) && !empty($conf_fkentrepot)) $sql .= ", ps.reel";
$sql .= " FROM ".MAIN_DB_PREFIX."product as p";
if (!empty($conf->stock->enabled) && !empty($conf_fkentrepot)) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = '".$conf_fkentrepot."'";
if (!empty($conf->stock->enabled) && !empty($conf_fkentrepot)) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = '".$db->escape($conf_fkentrepot)."'";
$sql .= " WHERE p.entity IN (".getEntity('product').")";
$sql .= " AND p.tosell = 1";
$sql .= " AND p.fk_product_type = 0";

2
htdocs/cashdesk/index_verif.php
View File

@ -89,7 +89,7 @@ if ($retour >= 0)
$sql = "SELECT rowid, lastname, firstname";
$sql .= " FROM ".MAIN_DB_PREFIX."user";
$sql .= " WHERE login = '".$username."'";
$sql .= " WHERE login = '".$db->escape($username)."'";
$sql .= " AND entity IN (0,".$conf->entity.")";
$result = $db->query($sql);

14
htdocs/categories/class/api_categories.class.php
View File

@ -155,7 +155,7 @@ class Categories extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -163,19 +163,19 @@ class Categories extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$i = 0;
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
while ($i < $min)
{
$obj = $db->fetch_object($result);
$category_static = new Categorie($db);
$obj = $this->db->fetch_object($result);
$category_static = new Categorie($this->db);
if ($category_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($category_static);
}
@ -183,7 +183,7 @@ class Categories extends DolibarrApi
}
}
else {
throw new RestException(503, 'Error when retrieve category list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve category list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No category found');

2
htdocs/categories/viewcat.php
View File

@ -53,7 +53,7 @@ $optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action

8
htdocs/comm/action/class/actioncomm.class.php
View File

@ -1031,8 +1031,8 @@ class ActionComm extends CommonObject
$sql .= ", location = ".($this->location ? "'".$this->db->escape($this->location)."'" : "null");
$sql .= ", transparency = '".$this->db->escape($this->transparency)."'";
$sql .= ", fk_user_mod = ".$user->id;
$sql .= ", fk_user_action=".($userownerid > 0 ? "'".$userownerid."'" : "null");
$sql .= ", fk_user_done=".($userdoneid > 0 ? "'".$userdoneid."'" : "null");
$sql .= ", fk_user_action = ".($userownerid > 0 ? "'".$this->db->escape($userownerid)."'" : "null");
$sql .= ", fk_user_done = ".($userdoneid > 0 ? "'".$this->db->escape($userdoneid)."'" : "null");
if (!empty($this->fk_element)) $sql .= ", fk_element=".($this->fk_element ? $this->db->escape($this->fk_element) : "null");
if (!empty($this->elementtype)) $sql .= ", elementtype=".($this->elementtype ? "'".$this->db->escape($this->elementtype)."'" : "null");
$sql .= " WHERE id=".$this->id;
@ -1127,7 +1127,7 @@ class ActionComm extends CommonObject
* Load all objects with filters.
* @todo WARNING: This make a fetch on all records instead of making one request with a join.
*
* @param DoliDb $db Database handler
* @param DoliDb $db Not used
* @param int $socid Filter by thirdparty
* @param int $fk_element Id of element action is linked to
* @param string $elementtype Type of element action is linked to
@ -1160,7 +1160,7 @@ class ActionComm extends CommonObject
$sql .= " element_type = 'socpeople' AND fk_element = ".$fk_element.')';
}
else {
$sql .= " AND a.fk_element = ".(int) $fk_element." AND a.elementtype = '".$elementtype."'";
$sql .= " AND a.fk_element = ".(int) $fk_element." AND a.elementtype = '".$db->escape($elementtype)."'";
}
}
if (!empty($filter)) $sql .= $filter;

14
htdocs/comm/action/class/api_agendaevents.class.php
View File

@ -148,7 +148,7 @@ class AgendaEvents extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -156,27 +156,27 @@ class AgendaEvents extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$i = 0;
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
while ($i < $min)
{
$obj = $db->fetch_object($result);
$actioncomm_static = new ActionComm($db);
$obj = $this->db->fetch_object($result);
$actioncomm_static = new ActionComm($this->db);
if ($actioncomm_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($actioncomm_static);
}
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve Agenda Event list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve Agenda Event list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No Agenda Event found');

2
htdocs/comm/action/class/cactioncomm.class.php
View File

@ -139,7 +139,7 @@ class CActionComm
$sql .= " FROM ".MAIN_DB_PREFIX."c_actioncomm";
$sql .= " WHERE 1=1";
if ($active != '') $sql .= " AND active=".$active;
if (!empty($excludetype)) $sql .= " AND type <> '".$excludetype."'";
if (!empty($excludetype)) $sql .= " AND type <> '".$this->db->escape($excludetype)."'";
if ($morefilter) $sql .= " AND ".$morefilter;
$sql .= " ORDER BY module, position, type";

2
htdocs/comm/action/index.php
View File

@ -810,7 +810,7 @@ if ($conf->global->AGENDA_SHOW_HOLIDAYS)
if ($action == 'show_day')
{
// Request only leaves for the current selected day
$sql .= " AND '".$year."-".$month."-".$day."' BETWEEN x.date_debut AND x.date_fin";
$sql .= " AND '".$db->escape($year)."-".$db->escape($month)."-".$db->escape($day)."' BETWEEN x.date_debut AND x.date_fin";
} elseif ($action == 'show_week')
{
// TODO: Add filter to reduce database request

8
htdocs/comm/card.php
View File

@ -591,7 +591,7 @@ if ($object->id > 0)
$icon = 'bill';
if ($link) $boxstat .= '<a href="'.$link.'" class="boxstatsindicator thumbstat nobold nounderline">';
$boxstat .= '<div class="boxstats" title="'.dol_escape_htmltag($text).'">';
$boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' '.$text.'</span><br>';
$boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' <span>'.$text.'</span></span><br>';
$boxstat .= '<span class="boxstatsindicator">'.price($outstandingTotal, 1, $langs, 1, -1, -1, $conf->currency).'</span>';
$boxstat .= '</div>';
if ($link) $boxstat .= '</a>';
@ -609,7 +609,7 @@ if ($object->id > 0)
$icon = 'bill';
if ($link) $boxstat .= '<a href="'.$link.'" class="boxstatsindicator thumbstat nobold nounderline">';
$boxstat .= '<div class="boxstats" title="'.dol_escape_htmltag($text).'">';
$boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' '.$text.'</span><br>';
$boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' <span>'.$text.'</span></span><br>';
$boxstat .= '<span class="boxstatsindicator">'.price($outstandingTotal, 1, $langs, 1, -1, -1, $conf->currency).'</span>';
$boxstat .= '</div>';
if ($link) $boxstat .= '</a>';
@ -627,7 +627,7 @@ if ($object->id > 0)
$icon = 'bill';
if ($link) $boxstat .= '<a href="'.$link.'" class="boxstatsindicator thumbstat nobold nounderline">';
$boxstat .= '<div class="boxstats" title="'.dol_escape_htmltag($text).'">';
$boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' '.$text.'</span><br>';
$boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' <span>'.$text.'</span></span><br>';
$boxstat .= '<span class="boxstatsindicator">'.price($outstandingTotal, 1, $langs, 1, -1, -1, $conf->currency).'</span>';
$boxstat .= '</div>';
if ($link) $boxstat .= '</a>';
@ -643,7 +643,7 @@ if ($object->id > 0)
$icon = 'bill';
if ($link) $boxstat .= '<a href="'.$link.'" class="boxstatsindicator thumbstat nobold nounderline">';
$boxstat .= '<div class="boxstats" title="'.dol_escape_htmltag($text).'">';
$boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' '.$text.'</span><br>';
$boxstat .= '<span class="boxstatstext">'.img_object("", $icon).' <span>'.$text.'</span></span><br>';
$boxstat .= '<span class="boxstatsindicator'.($outstandingOpened > 0 ? ' amountremaintopay' : '').'">'.price($outstandingOpened, 1, $langs, 1, -1, -1, $conf->currency).$warn.'</span>';
$boxstat .= '</div>';
if ($link) $boxstat .= '</a>';

2
htdocs/comm/contact.php
View File

@ -29,7 +29,7 @@ require '../main.inc.php';
// Load translation files required by the page
$langs->load("companies");
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (!$sortorder) $sortorder = "ASC";

65
htdocs/comm/index.php
View File

@ -58,7 +58,7 @@ if (isset($user->socid) && $user->socid > 0) {
$socid = $user->socid;
}
$max = 3;
$max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT;
$now = dol_now();
/*
@ -191,6 +191,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
addSummaryTableLine(3, $num, $nbofloop, $total, "NoProposal");
finishSimpleTable(true);
$db->free($resql);
} else {
dol_print_error($db);
@ -254,6 +255,7 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa
addSummaryTableLine(3, $num, $nbofloop, $total, "NoProposal");
finishSimpleTable(true);
$db->free($resql);
} else {
dol_print_error($db);
@ -318,6 +320,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
addSummaryTableLine(3, $num, $nbofloop, $total, "NoProposal");
finishSimpleTable(true);
$db->free($resql);
} else {
dol_print_error($db);
@ -382,6 +385,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
addSummaryTableLine(3, $num, $nbofloop, $total, "NoProposal");
finishSimpleTable(true);
$db->free($resql);
} else {
dol_print_error($db);
@ -448,6 +452,7 @@ if (!empty($conf->societe->enabled) && $user->rights->societe->lire) {
addSummaryTableLine(3, $num);
finishSimpleTable(true);
$db->free($resql);
} else {
dol_print_error($db);
@ -498,6 +503,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
addSummaryTableLine(2, $num);
finishSimpleTable(true);
$db->free($resql);
} else {
dol_print_error($db);
@ -517,7 +523,7 @@ if ($user->rights->agenda->myactions->read) {
* Actions to do
*/
if ($user->rights->agenda->myactions->read) {
show_array_actions_to_do(10);
show_array_actions_to_do($max);
}
@ -539,12 +545,12 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) { // T
if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
if ($socid) $sql .= " AND s.rowid = ".$socid;
$sql .= " ORDER BY c.tms DESC";
$sql .= $db->plimit(5, 0);
$sql .= $db->plimit($max + 1, 0);
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);
startSimpleTable($langs->trans("LastContracts", 5), "", "", 2);
startSimpleTable($langs->trans("LastContracts", $max), "", "", 2);
if ($num > 0) {
$i = 0;
@ -572,6 +578,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) { // T
addSummaryTableLine(2, $num);
finishSimpleTable(true);
$db->free($resql);
} else {
dol_print_error($db);
@ -597,17 +604,26 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
$resql = $db->query($sql);
if ($resql) {
$total = 0;
$total = $total_ttc = 0;
$num = $db->num_rows($resql);
$nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD));
startSimpleTable("ProposalsOpened", "comm/propal/list.php", "search_status=1", 4, $num);
if ($num > 0) {
$i = 0;
$othernb = 0;
while ($i < $nbofloop) {
$obj = $db->fetch_object($resql);
if ($i >= $max) {
$othernb += 1;
$i++;
$total += $obj->total_ht;
$total_ttc += $obj->total_ttc;
continue;
}
$propalstatic->id = $obj->propalid;
$propalstatic->ref = $obj->ref;
$propalstatic->ref_client = $obj->ref_client;
@ -648,12 +664,22 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
print '</tr>';
$i++;
$total += (!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc);
$total += $obj->total_ht;
$total_ttc += $obj->total_ttc;
}
if ($othernb) {
print '<tr class="oddeven">';
print '<td class="nowrap" colspan="5">';
print '<span class="opacitymedium">'.$langs->trans("More").'... ('.$othernb.')</span>';
print '</td>';
print "</tr>\n";
}
}
addSummaryTableLine(5, $num, $nbofloop, $total, "NoProposal", true);
addSummaryTableLine(5, $num, $nbofloop, empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $total_ttc : $total, "NoProposal", true);
finishSimpleTable(true);
$db->free($resql);
} else {
dol_print_error($db);
@ -679,17 +705,26 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
$resql = $db->query($sql);
if ($resql) {
$total = 0;
$total = $total_ttc = 0;
$num = $db->num_rows($resql);
$nbofloop = min($num, (empty($conf->global->MAIN_MAXLIST_OVERLOAD) ? 500 : $conf->global->MAIN_MAXLIST_OVERLOAD));
startSimpleTable("OrdersOpened", "commande/list.php", "search_status=".Commande::STATUS_VALIDATED, 4, $num);
if ($num > 0) {
$i = 0;
$othernb = 0;
while ($i < $nbofloop) {
$obj = $db->fetch_object($resql);
if ($i >= $max) {
$othernb += 1;
$i++;
$total += $obj->total_ht;
$total_ttc += $obj->total_ttc;
continue;
}
$orderstatic->id = $obj->commandeid;
$orderstatic->ref = $obj->ref;
$orderstatic->ref_client = $obj->ref_client;
@ -730,12 +765,22 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
print '</tr>';
$i++;
$total +=(!empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $obj->total_ht : $obj->total_ttc);
$total += $obj->total_ht;
$total_ttc += $obj->total_ttc;
}
if ($othernb) {
print '<tr class="oddeven">';
print '<td class="nowrap" colspan="5">';
print '<span class="opacitymedium">'.$langs->trans("More").'... ('.$othernb.')</span>';
print '</td>';
print "</tr>\n";
}
}
addSummaryTableLine(5, $num, $nbofloop, $num, $total, "None", true);
addSummaryTableLine(5, $num, $nbofloop, empty($conf->global->MAIN_DASHBOARD_USE_TOTAL_HT) ? $total_ttc : $total, "None", true);
finishSimpleTable(true);
$db->free($resql);
} else {
dol_print_error($db);

2
htdocs/comm/mailing/advtargetemailing.php
View File

@ -46,7 +46,7 @@ if (!$user->rights->mailing->lire || $user->socid > 0)
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1

24
htdocs/comm/mailing/card.php
View File

@ -462,14 +462,14 @@ if (empty($reshook))
{
$mesgs = array();
$object->email_from = trim($_POST["from"]);
$object->email_replyto = trim($_POST["replyto"]);
$object->email_errorsto = trim($_POST["errorsto"]);
$object->titre = trim($_POST["titre"]);
$object->sujet = trim($_POST["sujet"]);
$object->body = trim($_POST["bodyemail"]);
$object->bgcolor = trim($_POST["bgcolor"]);
$object->bgimage = trim($_POST["bgimage"]);
$object->email_from = GETPOST("from");
$object->email_replyto = GETPOST("replyto");
$object->email_errorsto = GETPOST("errorsto");
$object->titre = GETPOST("titre");
$object->sujet = GETPOST("sujet");
$object->body = GETPOST("bodyemail", 'restricthtml');
$object->bgcolor = GETPOST("bgcolor");
$object->bgimage = GETPOST("bgimage");
if (!$object->titre) {
$mesgs[] = $langs->trans("ErrorFieldRequired", $langs->transnoentities("MailTitle"));
@ -563,10 +563,10 @@ if (empty($reshook))
{
$mesgs = array();
$object->sujet = trim($_POST["sujet"]);
$object->body = trim($_POST["bodyemail"]);
$object->bgcolor = trim($_POST["bgcolor"]);
$object->bgimage = trim($_POST["bgimage"]);
$object->sujet = GETPOST("sujet");
$object->body = GETPOST("bodyemail", 'restricthtml');
$object->bgcolor = GETPOST("bgcolor");
$object->bgimage = GETPOST("bgimage");
if (!$object->sujet) {
$mesgs[] = $langs->trans("ErrorFieldRequired", $langs->transnoentities("MailTopic"));

2
htdocs/comm/mailing/cibles.php
View File

@ -41,7 +41,7 @@ if (!$user->rights->mailing->lire || $user->socid > 0) accessforbidden();
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1

18
htdocs/comm/mailing/class/advtargetemailing.class.php
View File

@ -567,7 +567,7 @@ class AdvanceTargetingMailing extends CommonObject
if (($extrafields->attributes[$elementtype]['type'][$key] == 'varchar') ||
($extrafields->attributes[$elementtype]['type'][$key] == 'text')) {
if (!empty($arrayquery['options_'.$key])) {
$sqlwhere[] = " (te.".$key." LIKE '".$arrayquery['options_'.$key]."')";
$sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key])."')";
}
} elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'int') ||
($extrafields->attributes[$elementtype]['type'][$key] == 'double')) {
@ -587,7 +587,7 @@ class AdvanceTargetingMailing extends CommonObject
if (is_array($arrayquery['options_'.$key])) {
$sqlwhere[] = " (te.".$key." IN ('".implode("','", $arrayquery['options_'.$key])."'))";
} elseif (!empty($arrayquery['options_'.$key])) {
$sqlwhere[] = " (te.".$key." LIKE '".$arrayquery['options_'.$key]."')";
$sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key])."')";
}
}
}
@ -664,13 +664,13 @@ class AdvanceTargetingMailing extends CommonObject
$sqlwhere[] = $this->transformToSQL('t.firstname', $arrayquery['contact_firstname']);
}
if (!empty($arrayquery['contact_country']) && count($arrayquery['contact_country'])) {
$sqlwhere[] = " (t.fk_pays IN (".$this->db->escape(implode(',', $arrayquery['contact_country']))."))";
$sqlwhere[] = " (t.fk_pays IN (".$this->db->sanitize($this->db->escape(implode(',', $arrayquery['contact_country'])))."))";
}
if (!empty($arrayquery['contact_status']) && count($arrayquery['contact_status']) > 0) {
$sqlwhere[] = " (t.statut IN (".$this->db->escape(implode(',', $arrayquery['contact_status']))."))";
$sqlwhere[] = " (t.statut IN (".$this->db->sanitize($this->db->escape(implode(',', $arrayquery['contact_status'])))."))";
}
if (!empty($arrayquery['contact_civility']) && count($arrayquery['contact_civility']) > 0) {
$sqlwhere[] = " (t.civility IN ('".$this->db->escape(implode("','", $arrayquery['contact_civility']))."'))";
$sqlwhere[] = " (t.civility IN ('".$this->db->sanitize($this->db->escape(implode("','", $arrayquery['contact_civility'])))."'))";
}
if ($arrayquery['contact_no_email'] != '') {
$tmpwhere = '';
@ -708,7 +708,7 @@ class AdvanceTargetingMailing extends CommonObject
if (($extrafields->attributes[$elementtype]['type'][$key] == 'varchar') ||
($extrafields->attributes[$elementtype]['type'][$key] == 'text')) {
if (!empty($arrayquery['options_'.$key.'_cnct'])) {
$sqlwhere[] = " (te.".$key." LIKE '".$arrayquery['options_'.$key.'_cnct']."')";
$sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key.'_cnct'])."')";
}
} elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'int') ||
($extrafields->attributes[$elementtype]['type'][$key] == 'double')) {
@ -732,7 +732,7 @@ class AdvanceTargetingMailing extends CommonObject
if (is_array($arrayquery['options_'.$key.'_cnct'])) {
$sqlwhere[] = " (te.".$key." IN ('".implode("','", $arrayquery['options_'.$key.'_cnct'])."'))";
} elseif (!empty($arrayquery['options_'.$key.'_cnct'])) {
$sqlwhere[] = " (te.".$key." LIKE '".$arrayquery['options_'.$key.'_cnct']."')";
$sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key.'_cnct'])."')";
}
}
}
@ -810,7 +810,7 @@ class AdvanceTargetingMailing extends CommonObject
if (($extrafields->attributes[$elementtype]['type'][$key] == 'varchar') ||
($extrafields->attributes[$elementtype]['type'][$key] == 'text')) {
if (!empty($arrayquery['options_'.$key])) {
$sqlwhere[] = " (tse.".$key." LIKE '".$arrayquery['options_'.$key]."')";
$sqlwhere[] = " (tse.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key])."')";
}
} elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'int') ||
($extrafields->attributes[$elementtype]['type'][$key] == 'double')) {
@ -830,7 +830,7 @@ class AdvanceTargetingMailing extends CommonObject
if (is_array($arrayquery['options_'.$key])) {
$sqlwhere[] = " (tse.".$key." IN ('".implode("','", $arrayquery['options_'.$key])."'))";
} elseif (!empty($arrayquery['options_'.$key])) {
$sqlwhere[] = " (tse.".$key." LIKE '".$arrayquery['options_'.$key]."')";
$sqlwhere[] = " (tse.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key])."')";
}
}
}

Some files were not shown because too many files have changed in this diff Show More