From d89955047b9e257dcb154fcd7baa376b41e77c2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Doursenaud?= Date: Thu, 11 Jun 2015 10:37:30 +0200 Subject: [PATCH 01/10] FIX #3009: Better filtering to prevent SQL injection --- htdocs/product/liste.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/product/liste.php b/htdocs/product/liste.php index 69453cb2a50..99b80644310 100644 --- a/htdocs/product/liste.php +++ b/htdocs/product/liste.php @@ -49,8 +49,8 @@ $sall=GETPOST("sall"); $type=GETPOST("type","int"); $search_sale = GETPOST("search_sale"); $search_categ = GETPOST("search_categ",'int'); -$tosell = GETPOST("tosell"); -$tobuy = GETPOST("tobuy"); +$tosell = GETPOST("tosell", 'int'); +$tobuy = GETPOST("tobuy", 'int'); $fourn_id = GETPOST("fourn_id",'int'); $catid = GETPOST('catid','int'); From 87a00d6924ff34014eb74acf6373410f6d1db6af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Fri, 12 Jun 2015 15:02:05 +0200 Subject: [PATCH 02/10] FIX Close bug #2976: "Report" tab is the current tab but it is not marked as selected by the UI --- ChangeLog | 1 + htdocs/core/lib/report.lib.php | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 06e76dbfacc..0ab6cf0563d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,7 @@ Fix: [ bug #2577 ] Incorrect invoice status in "Linked objects" page of a projec Fix: [ bug #2576 ] Unable to edit a dictionary entry that has # in its ref Fix: [ bug #2758 ] Product::update sets product note to "null" when $prod->note is null Fix: [ bug #2757 ] Deleting product category photo gives "Forbidden access" error +Fix: [ bug #2976 ] "Report" tab is the current tab but it is not marked as selected by the UI ***** ChangeLog for 3.5.6 compared to 3.5.5 ***** Fix: Avoid missing class error for fetch_thirdparty method #1973 diff --git a/htdocs/core/lib/report.lib.php b/htdocs/core/lib/report.lib.php index 13c30976a98..5cc810cc83f 100644 --- a/htdocs/core/lib/report.lib.php +++ b/htdocs/core/lib/report.lib.php @@ -39,7 +39,7 @@ */ function report_header($nom,$variante,$period,$periodlink,$description,$builddate,$exportlink='',$moreparam=array(),$calcmode='') { - global $langs, $hselected; + global $langs; print "\n\n\n"; @@ -48,7 +48,7 @@ function report_header($nom,$variante,$period,$periodlink,$description,$builddat $head[$h][1] = $langs->trans("Report"); $head[$h][2] = 'report'; - dol_fiche_head($head, $hselected); + dol_fiche_head($head, 'report'); print '
'; foreach($moreparam as $key => $value) From 300cfd22931b0569668a096a912c9b9839ca1ef0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Fri, 12 Jun 2015 16:10:23 +0200 Subject: [PATCH 03/10] FIX Close bug #2891 Category hooks do not work --- ChangeLog | 1 + htdocs/categories/edit.php | 3 +++ htdocs/categories/fiche.php | 3 +++ htdocs/categories/viewcat.php | 3 +++ 4 files changed, 10 insertions(+) diff --git a/ChangeLog b/ChangeLog index 3aae68b567a..c2dc484202a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -37,6 +37,7 @@ English Dolibarr ChangeLog - Fix: [ bug #2545 ] Missing object_margin.png in Amarok theme - Fix: [ bug #2542 ] Contracts store localtax preferences - Fix: Bad permission assignments for stock movements actions +- Fix: [ bug #2891 ] Category hooks do not work ***** ChangeLog for 3.6.2 compared to 3.6.1 ***** - Fix: fix ErrorBadValueForParamNotAString error message in price customer multiprice. diff --git a/htdocs/categories/edit.php b/htdocs/categories/edit.php index 0c61ab8cca6..cdca440da13 100644 --- a/htdocs/categories/edit.php +++ b/htdocs/categories/edit.php @@ -56,6 +56,9 @@ $object = new Categorie($db); $extrafields = new ExtraFields($db); $extralabels=$extrafields->fetch_name_optionals_label($object->table_element); +// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array array +$hookmanager->initHooks(array('categorycard')); + /* * Actions */ diff --git a/htdocs/categories/fiche.php b/htdocs/categories/fiche.php index 208cbb38331..566249748de 100644 --- a/htdocs/categories/fiche.php +++ b/htdocs/categories/fiche.php @@ -64,6 +64,9 @@ $object = new Categorie($db); $extrafields = new ExtraFields($db); $extralabels=$extrafields->fetch_name_optionals_label($object->table_element); +// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array array +$hookmanager->initHooks(array('categorycard')); + /* * Actions */ diff --git a/htdocs/categories/viewcat.php b/htdocs/categories/viewcat.php index 010306d1e00..f9df0aff71e 100644 --- a/htdocs/categories/viewcat.php +++ b/htdocs/categories/viewcat.php @@ -63,6 +63,9 @@ $type=$object->type; $extrafields = new ExtraFields($db); $extralabels = $extrafields->fetch_name_optionals_label($object->table_element); +// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array array +$hookmanager->initHooks(array('categorycard')); + /* * Actions */ From 03358925215f3b512fcee4d18e4e1402b1188482 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Fri, 12 Jun 2015 18:31:49 +0200 Subject: [PATCH 04/10] FIX Close bug #2861 Undefined variable $res when migrating from 3.6.2 to 3.7.0 --- htdocs/install/upgrade2.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index 2bcb244690e..59f1864837c 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -3661,8 +3661,8 @@ function migrate_reload_modules($db,$langs,$conf) if (! empty($conf->global->MAIN_MODULE_SERVICE)) // Permission has changed into 2.7 { dolibarr_install_syslog("upgrade2::migrate_reload_modules Reactivate module Service"); - if ($res) { - $res=@include_once DOL_DOCUMENT_ROOT.'/core/modules/modService.class.php'; + $res=@include_once DOL_DOCUMENT_ROOT.'/core/modules/modService.class.php'; + if ($res) { $mod=new modService($db); //$mod->remove('noboxes'); $mod->init('newboxdefonly'); @@ -3671,8 +3671,8 @@ function migrate_reload_modules($db,$langs,$conf) if (! empty($conf->global->MAIN_MODULE_COMMANDE)) // Permission has changed into 2.9 { dolibarr_install_syslog("upgrade2::migrate_reload_modules Reactivate module Commande"); - if ($res) { - $res=@include_once DOL_DOCUMENT_ROOT.'/core/modules/modCommande.class.php'; + $res=@include_once DOL_DOCUMENT_ROOT.'/core/modules/modCommande.class.php'; + if ($res) { $mod=new modCommande($db); //$mod->remove('noboxes'); $mod->init('newboxdefonly'); @@ -3681,8 +3681,8 @@ function migrate_reload_modules($db,$langs,$conf) if (! empty($conf->global->MAIN_MODULE_FACTURE)) // Permission has changed into 2.9 { dolibarr_install_syslog("upgrade2::migrate_reload_modules Reactivate module Facture"); - if ($res) { - $res=@include_once DOL_DOCUMENT_ROOT.'/core/modules/modFacture.class.php'; + $res=@include_once DOL_DOCUMENT_ROOT.'/core/modules/modFacture.class.php'; + if ($res) { $mod=new modFacture($db); //$mod->remove('noboxes'); $mod->init('newboxdefonly'); @@ -3732,8 +3732,8 @@ function migrate_reload_modules($db,$langs,$conf) if (! empty($conf->global->MAIN_MODULE_ECM)) // Permission has changed into 3.0 and 3.1 { dolibarr_install_syslog("upgrade2::migrate_reload_modules Reactivate module ECM"); - if ($res) { - $res=@include_once DOL_DOCUMENT_ROOT.'/core/modules/modECM.class.php'; + $res=@include_once DOL_DOCUMENT_ROOT.'/core/modules/modECM.class.php'; + if ($res) { $mod=new modECM($db); $mod->remove('noboxes'); // We need to remove because a permission id has been removed $mod->init('newboxdefonly'); From e3aa63f3c3bc319672008e430ddb72398d9ce79a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Fri, 12 Jun 2015 18:33:37 +0200 Subject: [PATCH 05/10] Added log --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 06e76dbfacc..cf279e5160c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,7 @@ Fix: [ bug #2577 ] Incorrect invoice status in "Linked objects" page of a projec Fix: [ bug #2576 ] Unable to edit a dictionary entry that has # in its ref Fix: [ bug #2758 ] Product::update sets product note to "null" when $prod->note is null Fix: [ bug #2757 ] Deleting product category photo gives "Forbidden access" error +Fix: [ bug #2861 ] Undefined variable $res when migrating ***** ChangeLog for 3.5.6 compared to 3.5.5 ***** Fix: Avoid missing class error for fetch_thirdparty method #1973 From 2051a66cd736ddf8cb671a5084d8b9e29bc037b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Fri, 12 Jun 2015 18:46:05 +0200 Subject: [PATCH 06/10] FIX Close #2837 Product list table column header does not match column body --- ChangeLog | 1 + htdocs/product/liste.php | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 06e76dbfacc..4a3a3ced9fd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,7 @@ Fix: [ bug #2577 ] Incorrect invoice status in "Linked objects" page of a projec Fix: [ bug #2576 ] Unable to edit a dictionary entry that has # in its ref Fix: [ bug #2758 ] Product::update sets product note to "null" when $prod->note is null Fix: [ bug #2757 ] Deleting product category photo gives "Forbidden access" error +Fix: [ bug #2837 ] Product list table column header does not match column body ***** ChangeLog for 3.5.6 compared to 3.5.5 ***** Fix: Avoid missing class error for fetch_thirdparty method #1973 diff --git a/htdocs/product/liste.php b/htdocs/product/liste.php index 28563edc5eb..c25ff6bbf7f 100644 --- a/htdocs/product/liste.php +++ b/htdocs/product/liste.php @@ -459,7 +459,7 @@ else } // Better buy price - if ($user->rights->produit->creer) { + if ($user->rights->fournisseur->lire) { print ''; if ($objp->minsellprice != '') { From f9574fa4588fb94491ec2b8c65dc2450000c3747 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Fri, 12 Jun 2015 19:03:34 +0200 Subject: [PATCH 07/10] FIX Close #2835 Customer prices of a product shows incorrect history order --- ChangeLog | 1 + htdocs/product/price.php | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 06e76dbfacc..690d4a1abdd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,7 @@ Fix: [ bug #2577 ] Incorrect invoice status in "Linked objects" page of a projec Fix: [ bug #2576 ] Unable to edit a dictionary entry that has # in its ref Fix: [ bug #2758 ] Product::update sets product note to "null" when $prod->note is null Fix: [ bug #2757 ] Deleting product category photo gives "Forbidden access" error +Fix: [ bug #2835 ] Customer prices of a product shows incorrect history order ***** ChangeLog for 3.5.6 compared to 3.5.5 ***** Fix: Avoid missing class error for fetch_thirdparty method #1973 diff --git a/htdocs/product/price.php b/htdocs/product/price.php index 0a245093057..f53833b45d7 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -670,7 +670,7 @@ $sql.= " WHERE fk_product = ".$object->id; $sql.= " AND p.entity IN (".getEntity('productprice', 1).")"; $sql.= " AND p.fk_user_author = u.rowid"; if (! empty($socid) && ! empty($conf->global->PRODUIT_MULTIPRICES)) $sql.= " AND p.price_level = ".$soc->price_level; -$sql.= " ORDER BY p.date_price DESC, p.price_level ASC"; +$sql.= " ORDER BY p.date_price DESC, p.price_level ASC, p.rowid DESC"; dol_syslog("sql=".$sql); $result = $db->query($sql); From ea625628cea6930d785267f34f7424306863ba6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Sat, 13 Jun 2015 03:39:06 +0200 Subject: [PATCH 08/10] Fix Close bug #2786 Objectline_add template shows "0" for non-vat suppliers --- htdocs/core/tpl/objectline_create.tpl.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/tpl/objectline_create.tpl.php b/htdocs/core/tpl/objectline_create.tpl.php index 7262a3b3bd9..a8c9434acec 100644 --- a/htdocs/core/tpl/objectline_create.tpl.php +++ b/htdocs/core/tpl/objectline_create.tpl.php @@ -184,7 +184,7 @@ else { tva_assuj == "0") echo '0'; + if ($seller->tva_assuj == "0") echo ' '.vatrate(0, true); else echo $form->load_tva('tva_tx', (isset($_POST["tva_tx"])?$_POST["tva_tx"]:-1), $seller, $buyer); } ?> From b96ed082605596c03b8befdc9246926918aa97a9 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Sun, 14 Jun 2015 12:29:47 +0200 Subject: [PATCH 09/10] Fix: select date problem with mobile device (#3039) --- htdocs/compta/bank/virement.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/bank/virement.php b/htdocs/compta/bank/virement.php index 07541732bb0..a38e5a3e8a7 100644 --- a/htdocs/compta/bank/virement.php +++ b/htdocs/compta/bank/virement.php @@ -1,7 +1,7 @@ * Copyright (C) 2004-2008 Laurent Destailleur - * Copytight (C) 2005-2009 Regis Houssin + * Copytight (C) 2005-2015 Regis Houssin * Copytight (C) 2012 Juanjo Menent * Copyright (C) 2015 Marcos GarcĂ­a * @@ -180,7 +180,7 @@ print $form->select_comptes($account_to,'account_to',0,'',1); print "\n"; print ""; -$form->select_date($dateo,'','','','','add'); +$form->select_date((! empty($dateo)?$dateo:''),'','','','','add'); print "\n"; print ''; print ''; From 14a8a2269ba4e8ac452c9b50bc46676de646b173 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 14 Jun 2015 16:59:35 +0200 Subject: [PATCH 10/10] FIX End log must use same level then start log. --- htdocs/core/lib/functions.lib.php | 2 +- htdocs/main.inc.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 7a07125f811..c530f612d29 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -165,7 +165,7 @@ function dol_shutdown() global $conf,$user,$langs,$db; $disconnectdone=false; $depth=0; if (is_object($db) && ! empty($db->connected)) { $depth=$db->transaction_opened; $disconnectdone=$db->close(); } - dol_syslog("--- End access to ".$_SERVER["PHP_SELF"].(($disconnectdone && $depth)?' (Warn: db disconnection forced, transaction depth was '.$depth.')':''), (($disconnectdone && $depth)?LOG_WARNING:LOG_DEBUG)); + dol_syslog("--- End access to ".$_SERVER["PHP_SELF"].(($disconnectdone && $depth)?' (Warn: db disconnection forced, transaction depth was '.$depth.')':''), (($disconnectdone && $depth)?LOG_WARNING:LOG_INFO)); } diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index da407b29ccc..b45d672b385 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -531,7 +531,7 @@ if (! defined('NOLOGIN')) { // We are already into an authenticated session $login=$_SESSION["dol_login"]; - dol_syslog("This is an already logged session. _SESSION['dol_login']=".$login); + dol_syslog("This is an already logged session. _SESSION['dol_login']=".$login, LOG_DEBUG); $resultFetchUser=$user->fetch('',$login); if ($resultFetchUser <= 0)