From a2c820854106c2cb4e644b64ef393e0566a56a9b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 27 Dec 2015 19:17:05 +0100 Subject: [PATCH 01/20] Prepare 3.6.5 --- ChangeLog | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/ChangeLog b/ChangeLog index bd64723725a..fe638ab3902 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,17 @@ English Dolibarr ChangeLog -------------------------------------------------------------- +***** ChangeLog for 3.6.6 compared to 3.6.5 ***** +FIX: #3734 Do not show empty links of deleted source objects in stock movement list +FIX: #4081 Added missing translation +FIX: #4097 Public holiday calculation +FIX: #4242 Allow disabling dashes in documents +FIX: #4243 sql injection +FIX: Add a protection to not make release if ChangeLog was not generated. Prepare package 3.6.5 +FIX: export with category contact extrafields +FIX: Not delete a product when have customer price +FIX: Not deleting contrats on element_element table + ***** ChangeLog for 3.6.5 compared to 3.6.4 ***** FIX: #2957 : missing $langs object for trigger FIX: #2983 Load gravatar avatar images securely over HTTPS From f13df0f952c286fbf3c9a5164930c9397acde26d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 27 Dec 2015 20:17:46 +0100 Subject: [PATCH 02/20] Prepare 3.7.3 --- ChangeLog | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/ChangeLog b/ChangeLog index 20bdb77b390..a05b04de265 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,25 @@ Upgrading to any other version or database system is abolutely required BEFORE t make a Dolibarr upgrade. +***** ChangeLog for 3.7.3 compared to 3.7.2 ***** +FIX: #3734 Do not show empty links of deleted source objects in stock movement list +FIX: #3890 Expected transactions bank account page, shows negative numbers +FIX: #3928 Creating a Customer order and a Customer invoice from a project, does not inherit payment conditions and method of payment of customer card +FIX: #3980 Search field in "product by supplier" list sends empty result 3.8 and 3.7 +FIX: #4081 Added missing translation +FIX: #4097 Public holiday calculation +FIX: #4242 Allow disabling dashes in documents +FIX: #4243 sql injection +FIX: Can use formated float number on old expense report module. +FIX: Change object statut when closing shipment and remove erratic db commit +FIX: Export with category contact extrafields +FIX: NB task and percent progress in box project +FIX: Not delete a product when have customer price +FIX: Not deleting contrats on element_element table +FIX: Not use localtaxes when invoice some orders +FIX: Product link in project box +FIX: Use "WHERE true" instead of "WHERE 1" #4132 + ***** ChangeLog for 3.7.2 compared to 3.7.1 ***** FIX: #2957 : missing $langs object for trigger FIX: #2983 Load gravatar avatar images securely over HTTPS From 5773171efc459e7ece3faa7eb7cc9fd03f1ec8f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Mon, 28 Dec 2015 14:04:22 +0100 Subject: [PATCH 03/20] FIX #4155 Search Categories error --- htdocs/categories/class/categorie.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index f632492a59d..18f13a44813 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -1294,7 +1294,7 @@ class Categorie extends CommonObject if (is_numeric( $type )) { // We want to reverse lookup $map_type = array_flip( $this->MAP_ID ); - $type = $map_type; + $type = $map_type[$type]; dol_syslog( get_class( $this ) . "::rechercher(): numeric types are deprecated, please use string instead", LOG_WARNING ); } From bec00e37e04ddeedd49d9c00df35c2a39a9adeaa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Mon, 28 Dec 2015 15:04:24 +0100 Subject: [PATCH 04/20] FIX #4272 Error when trying to print the page "Linked objects" of a Thirdparty --- htdocs/societe/consumption.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/htdocs/societe/consumption.php b/htdocs/societe/consumption.php index 2282b42cf0f..2ac01c84bc9 100644 --- a/htdocs/societe/consumption.php +++ b/htdocs/societe/consumption.php @@ -177,10 +177,8 @@ dol_fiche_end(); print '
'; -print '
'; +print ''; print ''; -print ''."\n"; - $sql_select=''; /*if ($type_element == 'action') From 039039bb0078007af2495f1655956afb51a4ac05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Mon, 28 Dec 2015 15:17:53 +0100 Subject: [PATCH 05/20] FIX #3798 #2519 Cron jobs would never be executed --- htdocs/public/cron/cron_run_jobs.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/public/cron/cron_run_jobs.php b/htdocs/public/cron/cron_run_jobs.php index 022a7641cab..8da60838468 100644 --- a/htdocs/public/cron/cron_run_jobs.php +++ b/htdocs/public/cron/cron_run_jobs.php @@ -133,7 +133,7 @@ if (is_array($object->lines) && (count($object->lines)>0)) dol_syslog("cron_run_jobs.php fetch cronjobid: ".$line->id, LOG_WARNING); //If date_next_jobs is less of current dat, execute the program, and store the execution time of the next execution in database - if ((($line->datenextrun <= $now) && $line->dateend < $now) + if ((($line->datenextrun <= $now) && $line->dateend >= $now) || ((empty($line->datenextrun)) && (empty($line->dateend)))) { From c004342976ae1cf5fe9d3c994b6a7637ae603d81 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 31 Dec 2015 14:55:10 +0100 Subject: [PATCH 06/20] FIX #3694 --- htdocs/core/lib/company.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 380ecd80943..a527200e203 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -938,9 +938,9 @@ function show_actions_todo($conf,$langs,$db,$object,$objcon='',$noprint=0) if (get_class($object) == 'Adherent') $sql.= ", m.lastname, m.firstname"; if (get_class($object) == 'Societe') $sql.= ", sp.lastname, sp.firstname"; $sql.= " FROM ".MAIN_DB_PREFIX."user as u, ".MAIN_DB_PREFIX."actioncomm as a"; + $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_actioncomm as c ON a.fk_action = c.id"; if (get_class($object) == 'Adherent') $sql.= ", ".MAIN_DB_PREFIX."adherent as m"; if (get_class($object) == 'Societe') $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople as sp ON a.fk_contact = sp.rowid"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_actioncomm as c ON a.fk_action = c.id "; $sql.= " WHERE u.rowid = a.fk_user_author"; $sql.= " AND a.entity IN (".getEntity('agenda', 1).")"; if (get_class($object) == 'Adherent') { From a234482d085dfde843851941a7c8d27fa57d34e6 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 31 Dec 2015 14:55:53 +0100 Subject: [PATCH 07/20] FIX #3694 --- htdocs/core/lib/company.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index a527200e203..7a7cd386f4f 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -939,8 +939,8 @@ function show_actions_todo($conf,$langs,$db,$object,$objcon='',$noprint=0) if (get_class($object) == 'Societe') $sql.= ", sp.lastname, sp.firstname"; $sql.= " FROM ".MAIN_DB_PREFIX."user as u, ".MAIN_DB_PREFIX."actioncomm as a"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_actioncomm as c ON a.fk_action = c.id"; - if (get_class($object) == 'Adherent') $sql.= ", ".MAIN_DB_PREFIX."adherent as m"; if (get_class($object) == 'Societe') $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople as sp ON a.fk_contact = sp.rowid"; + if (get_class($object) == 'Adherent') $sql.= ", ".MAIN_DB_PREFIX."adherent as m"; $sql.= " WHERE u.rowid = a.fk_user_author"; $sql.= " AND a.entity IN (".getEntity('agenda', 1).")"; if (get_class($object) == 'Adherent') { From fffc8a430dfebd51720143738d74ece8715a3f9a Mon Sep 17 00:00:00 2001 From: phf Date: Thu, 31 Dec 2015 15:48:16 +0100 Subject: [PATCH 08/20] FIX call trigger LINEBILL_SUPPLIER_CREATE --- htdocs/fourn/facture/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index 21aab088fd0..32a608b39bd 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -447,7 +447,7 @@ if (empty($reshook)) 'HT', $product_type, $lines[$i]->rang, - 1, + 0, $lines[$i]->array_options, $lines[$i]->fk_unit ); From 35ce670bf260f63ab8b3df391d7857f8144cb026 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 2 Jan 2016 12:18:12 +0100 Subject: [PATCH 09/20] Fix to allow phpunit of migration process for 3.4 to 3.5 --- htdocs/install/upgrade.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/install/upgrade.php b/htdocs/install/upgrade.php index 05defaed9eb..699d4a64a99 100644 --- a/htdocs/install/upgrade.php +++ b/htdocs/install/upgrade.php @@ -19,7 +19,7 @@ * Upgrade scripts can be ran from command line with syntax: * * cd htdocs/install - * php upgrade.php 3.4.0 3.5.0 + * php upgrade.php 3.4.0 3.5.0 [dirmodule|ignoredbversion] * php upgrade2.php 3.4.0 3.5.0 * * Return code is 0 if OK, >0 if error @@ -54,7 +54,8 @@ $setuplang=GETPOST("selectlang",'',3)?GETPOST("selectlang",'',3):'auto'; $langs->setDefaultLang($setuplang); $versionfrom=GETPOST("versionfrom",'',3)?GETPOST("versionfrom",'',3):(empty($argv[1])?'':$argv[1]); $versionto=GETPOST("versionto",'',3)?GETPOST("versionto",'',3):(empty($argv[2])?'':$argv[2]); -$versionmodule=GETPOST("versionmodule",'',3)?GETPOST("versionmodule",'',3):(empty($argv[3])?'':$argv[3]); +$versionmodule=(GETPOST("versionmodule",'',3) && GETPOST("versionmodule",'',3) != 'ignoredbversion')?GETPOST("versionmodule",'',3):((empty($argv[3]) || $argv[3] == 'ignoredbversion')?'':$argv[3]); +$ignoredbversion=(GETPOST('ignoredbversion','',3)=='ignoredbversion')?GETPOST('ignoredbversion','',3):((empty($argv[3]) || $argv[3] != 'ignoredbversion')?'':$argv[3]); $langs->load("admin"); $langs->load("install"); From b46aec8e7e9eca19cb1739f94fe99267298b4a26 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 2 Jan 2016 12:18:26 +0100 Subject: [PATCH 10/20] Fix to allow phpunit of migration process for 3.5 to 3.6 --- htdocs/install/upgrade.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/install/upgrade.php b/htdocs/install/upgrade.php index 9b15d36ffe9..c8190ec611b 100644 --- a/htdocs/install/upgrade.php +++ b/htdocs/install/upgrade.php @@ -55,6 +55,9 @@ $langs->setDefaultLang($setuplang); $versionfrom=GETPOST("versionfrom",'',3)?GETPOST("versionfrom",'',3):(empty($argv[1])?'':$argv[1]); $versionto=GETPOST("versionto",'',3)?GETPOST("versionto",'',3):(empty($argv[2])?'':$argv[2]); $versionmodule=GETPOST("versionmodule",'',3)?GETPOST("versionmodule",'',3):(empty($argv[3])?'':$argv[3]); +$versionmodule=(GETPOST("versionmodule",'',3) && GETPOST("versionmodule",'',3) != 'ignoredbversion')?GETPOST("versionmodule",'',3):((empty($argv[3]) || $argv[3] == 'ignoredbversion')?'':$argv[3]); +$ignoredbversion=(GETPOST('ignoredbversion','',3)=='ignoredbversion')?GETPOST('ignoredbversion','',3):((empty($argv[3]) || $argv[3] != 'ignoredbversion')?'':$argv[3]); + $langs->load("admin"); $langs->load("install"); From ae2295d0192009a16b36da2fea847a20ecc34f69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Sun, 3 Jan 2016 15:10:22 +0100 Subject: [PATCH 11/20] Improvement suggested by @eldy --- htdocs/public/cron/cron_run_jobs.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/htdocs/public/cron/cron_run_jobs.php b/htdocs/public/cron/cron_run_jobs.php index 8da60838468..5fd0ff949b4 100644 --- a/htdocs/public/cron/cron_run_jobs.php +++ b/htdocs/public/cron/cron_run_jobs.php @@ -133,8 +133,7 @@ if (is_array($object->lines) && (count($object->lines)>0)) dol_syslog("cron_run_jobs.php fetch cronjobid: ".$line->id, LOG_WARNING); //If date_next_jobs is less of current dat, execute the program, and store the execution time of the next execution in database - if ((($line->datenextrun <= $now) && $line->dateend >= $now) - || ((empty($line->datenextrun)) && (empty($line->dateend)))) + if (($line->datenextrun < $now) && (empty($line->datestart) || $line->datestart <= $now) && (empty($line->dateend) || $line->dateend >= $now)) { dol_syslog("cron_run_jobs.php:: torun line->datenextrun:".dol_print_date($line->datenextrun,'dayhourtext')." line->dateend:".dol_print_date($line->dateend,'dayhourtext')." now:".dol_print_date($now,'dayhourtext')); From ffd7f4ea30fd2e09a05675a48c3445eb3f6e513e Mon Sep 17 00:00:00 2001 From: Sergio Sanchis Climent Date: Tue, 5 Jan 2016 09:47:14 +0100 Subject: [PATCH 12/20] Fix userlocaltax Is posible userlocaltax1_rate or userlocaltax2_rate have value 0.0000 and no enter in if, now check if diferent 0 and now enter --- htdocs/core/lib/price.lib.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/core/lib/price.lib.php b/htdocs/core/lib/price.lib.php index 528abfcd6a5..be392fcad91 100644 --- a/htdocs/core/lib/price.lib.php +++ b/htdocs/core/lib/price.lib.php @@ -170,7 +170,7 @@ function calcul_price_total($qty, $pu, $remise_percent_ligne, $txtva, $uselocalt if ($type == 1) $apply_tax = true; break; } - if ($uselocaltax1_rate && $apply_tax) { + if ($uselocaltax1_rate!=0 && $apply_tax) { $result[14] = price2num(($tot_sans_remise_wt * (1 + ( $localtax1_rate / 100))) - $tot_sans_remise_wt, 'MT'); $localtaxes[0] += $result[14]; @@ -193,7 +193,7 @@ function calcul_price_total($qty, $pu, $remise_percent_ligne, $txtva, $uselocalt if ($type == 1) $apply_tax = true; break; } - if ($uselocaltax2_rate && $apply_tax) { + if ($uselocaltax2_rate!=0 && $apply_tax) { $result[15] = price2num(($tot_sans_remise_wt * (1 + ( $localtax2_rate / 100))) - $tot_sans_remise_wt, 'MT'); $localtaxes[0] += $result[15]; @@ -264,7 +264,7 @@ function calcul_price_total($qty, $pu, $remise_percent_ligne, $txtva, $uselocalt if ($type == 1) $apply_tax = true; break; } - if ($uselocaltax1_rate && $apply_tax) { + if ($uselocaltax1_rate!=0 && $apply_tax) { $result[14] = price2num(($tot_sans_remise * (1 + ( $localtax1_rate / 100))) - $tot_sans_remise, 'MT'); // amount tax1 for total_ht_without_discount $result[8] += $result[14]; // total_ttc_without_discount + tax1 @@ -287,7 +287,7 @@ function calcul_price_total($qty, $pu, $remise_percent_ligne, $txtva, $uselocalt if ($type == 1) $apply_tax = true; break; } - if ($uselocaltax2_rate && $apply_tax) { + if ($uselocaltax2_rate!=0 && $apply_tax) { $result[15] = price2num(($tot_sans_remise * (1 + ( $localtax2_rate / 100))) - $tot_sans_remise, 'MT'); // amount tax2 for total_ht_without_discount $result[8] += $result[15]; // total_ttc_without_discount + tax2 From a0b3cdbd217051fde27d945d35fa761584cb9a9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Tue, 5 Jan 2016 17:33:54 +0100 Subject: [PATCH 13/20] Update list.php --- htdocs/holiday/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/holiday/list.php b/htdocs/holiday/list.php index b329cffda35..751b24a9d1b 100644 --- a/htdocs/holiday/list.php +++ b/htdocs/holiday/list.php @@ -251,7 +251,7 @@ $out=''; $typeleaves=$holiday->getTypes(1,1); foreach($typeleaves as $key => $val) { - $nb_type = $holiday->getCPforUser($user->id, $val['rowid']); + $nb_type = $holiday->getCPforUser($user_id, $val['rowid']); $nb_holiday += $nb_type; $out .= ' - '.$val['label'].': '.($nb_type?price2num($nb_type):0).'
'; } From 4dacf462db00df247665ee06a6bd52cf144fbd14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Tue, 5 Jan 2016 17:36:48 +0100 Subject: [PATCH 14/20] Update card.php --- htdocs/holiday/card.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php index ca0b1d04d7a..87c8dc07f91 100644 --- a/htdocs/holiday/card.php +++ b/htdocs/holiday/card.php @@ -580,10 +580,10 @@ if ($action == 'confirm_cancel' && GETPOST('confirm') == 'yes') $newSolde = $soldeActuel + ($nbopenedday * $cp->getConfCP('nbHolidayDeducted')); // On ajoute la modification dans le LOG - $result1=$cp->addLogCP($user->id, $cp->fk_user, $langs->transnoentitiesnoconv("HolidaysCancelation"), $newSolde); + $result1=$cp->addLogCP($user->id, $cp->fk_user, $langs->transnoentitiesnoconv("HolidaysCancelation"), $newSolde, $cp->fk_type); // Mise à jour du solde - $result2=$cp->updateSoldeCP($cp->fk_user, $newSolde); + $result2=$cp->updateSoldeCP($cp->fk_user, $newSolde, $cp->fk_type); if ($result1 < 0 || $result2 < 0) { From 3ae5da1cd639fff8647a5cf338905cb6dcf4739d Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 6 Jan 2016 16:18:52 +0100 Subject: [PATCH 15/20] Fix: disable main.inc.php hooks --- htdocs/viewimage.php | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index f9f2b54b292..a2713908b31 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -1,7 +1,7 @@ * Copyright (C) 2005-2012 Laurent Destailleur - * Copyright (C) 2005-2012 Regis Houssin + * Copyright (C) 2005-2016 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -24,15 +24,16 @@ * \remarks Call to wrapper is '' */ -//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1'); // Not disabled cause need to load personalized language -//if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1'); // Not disabled cause need to load personalized language -if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); -if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); -if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1'); -if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); -if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); -if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1'); -if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1'); +//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1'); // Not disabled cause need to load personalized language +//if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1'); // Not disabled cause need to load personalized language +if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); +if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); +if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1'); +if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); +if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); +if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1'); +if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1'); +if (! defined('NOREQUIREHOOK')) define('NOREQUIREHOOK','1'); // Disable "main.inc.php" hooks // Pour autre que companylogo, on charge environnement + info issus de logon comme le user if ((isset($_GET["modulepart"]) && $_GET["modulepart"] == 'companylogo') && ! defined("NOLOGIN")) define("NOLOGIN",'1'); From dfdf58051e2c58a8a25e28886112384dca7e2111 Mon Sep 17 00:00:00 2001 From: Sergio Sanchis Climent Date: Thu, 7 Jan 2016 09:37:04 +0100 Subject: [PATCH 16/20] Edited correctly for check values --- htdocs/core/lib/price.lib.php | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/htdocs/core/lib/price.lib.php b/htdocs/core/lib/price.lib.php index be392fcad91..03eb651e4db 100644 --- a/htdocs/core/lib/price.lib.php +++ b/htdocs/core/lib/price.lib.php @@ -93,10 +93,14 @@ function calcul_price_total($qty, $pu, $remise_percent_ligne, $txtva, $uselocalt //dol_syslog("Price.lib::calcul_price_total qty=".$qty." pu=".$pu." remiserpercent_ligne=".$remise_percent_ligne." txtva=".$txtva." uselocaltax1_rate=".$uselocaltax1_rate." uselocaltax2_rate=".$uselocaltax2_rate.' remise_percent_global='.$remise_percent_global.' price_base_type='.$ice_base_type.' type='.$type.' progress='.$progress); $countryid=$seller->country_id; + + if (is_numeric($uselocaltax1_rate)) $uselocaltax1_rate=(float) $uselocaltax1_rate; + if (is_numeric($uselocaltax2_rate)) $uselocaltax2_rate=(float) $uselocaltax2_rate; + if ($uselocaltax1_rate < 0) $uselocaltax1_rate=$seller->localtax1_assuj; if ($uselocaltax2_rate < 0) $uselocaltax2_rate=$seller->localtax2_assuj; - dol_syslog('Price.lib::calcul_price_total qty='.$qty.' pu='.$pu.' remise_percent_ligne='.$remise_percent_ligne.' txtva='.$txtva.' uselocaltax1_rate='.$uselocaltax1_rate.' uselocaltax2_rate='.$uselocaltax2_rate.' remise_percent_global='.$remise_percent_global.' price_base_type='.$ice_base_type.' type='.$type.' progress='.$progress); + dol_syslog('Price.lib::calcul_price_total qty='.$qty.' pu='.$pu.' remise_percent_ligne='.$remise_percent_ligne.' txtva='.$txtva.' uselocaltax1_rate='.$uselocaltax1_rate.' uselocaltax2_rate='.$uselocaltax2_rate.' remise_percent_global='.$remise_percent_global.' price_base_type='.$price_base_type.' type='.$type.' progress='.$progress); // Now we search localtaxes information ourself (rates and types). $localtax1_type=0; @@ -170,7 +174,7 @@ function calcul_price_total($qty, $pu, $remise_percent_ligne, $txtva, $uselocalt if ($type == 1) $apply_tax = true; break; } - if ($uselocaltax1_rate!=0 && $apply_tax) { + if ($uselocaltax1_rate && $apply_tax) { $result[14] = price2num(($tot_sans_remise_wt * (1 + ( $localtax1_rate / 100))) - $tot_sans_remise_wt, 'MT'); $localtaxes[0] += $result[14]; @@ -193,7 +197,7 @@ function calcul_price_total($qty, $pu, $remise_percent_ligne, $txtva, $uselocalt if ($type == 1) $apply_tax = true; break; } - if ($uselocaltax2_rate!=0 && $apply_tax) { + if ($uselocaltax2_rate && $apply_tax) { $result[15] = price2num(($tot_sans_remise_wt * (1 + ( $localtax2_rate / 100))) - $tot_sans_remise_wt, 'MT'); $localtaxes[0] += $result[15]; @@ -264,7 +268,7 @@ function calcul_price_total($qty, $pu, $remise_percent_ligne, $txtva, $uselocalt if ($type == 1) $apply_tax = true; break; } - if ($uselocaltax1_rate!=0 && $apply_tax) { + if ($uselocaltax1_rate && $apply_tax) { $result[14] = price2num(($tot_sans_remise * (1 + ( $localtax1_rate / 100))) - $tot_sans_remise, 'MT'); // amount tax1 for total_ht_without_discount $result[8] += $result[14]; // total_ttc_without_discount + tax1 @@ -287,7 +291,7 @@ function calcul_price_total($qty, $pu, $remise_percent_ligne, $txtva, $uselocalt if ($type == 1) $apply_tax = true; break; } - if ($uselocaltax2_rate!=0 && $apply_tax) { + if ($uselocaltax2_rate && $apply_tax) { $result[15] = price2num(($tot_sans_remise * (1 + ( $localtax2_rate / 100))) - $tot_sans_remise, 'MT'); // amount tax2 for total_ht_without_discount $result[8] += $result[15]; // total_ttc_without_discount + tax2 From f2178f0369981dce326e4d67e44ae7493539d550 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Doursenaud?= Date: Fri, 8 Jan 2016 06:42:28 +0100 Subject: [PATCH 17/20] FIX #4291 Correctly filter external calendar GETPOSTs --- htdocs/admin/agenda_extsites.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/htdocs/admin/agenda_extsites.php b/htdocs/admin/agenda_extsites.php index 371854410b0..375d0af3adf 100644 --- a/htdocs/admin/agenda_extsites.php +++ b/htdocs/admin/agenda_extsites.php @@ -1,6 +1,7 @@ - * Copyright (C) 2011-2014 Juanjo Menent +/* Copyright (C) 2008-2011 Laurent Destailleur + * Copyright (C) 2011-2014 Juanjo Menent + * Copyright (C) 2016 Raphaël Doursenaud * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -88,7 +89,7 @@ if ($actionsave) // Save nb of agenda if (! $error) { - $res=dolibarr_set_const($db,'AGENDA_EXT_NB',trim(GETPOST('AGENDA_EXT_NB','alpha')),'chaine',0,'',$conf->entity); + $res=dolibarr_set_const($db,'AGENDA_EXT_NB',trim(GETPOST('AGENDA_EXT_NB','int')),'chaine',0,'',$conf->entity); if (! $res > 0) $error++; if (empty($conf->global->AGENDA_EXT_NB)) $conf->global->AGENDA_EXT_NB=5; $MAXAGENDA=empty($conf->global->AGENDA_EXT_NB)?5:$conf->global->AGENDA_EXT_NB; @@ -201,9 +202,9 @@ while ($i <= $MAXAGENDA) // Nb print ''.$langs->trans("AgendaExtNb",$key).""; // Name - print ''; + print ''; // URL - print ''; + print ''; // Color (Possible colors are limited by Google) print ''; //print $formadmin->selectColor($conf->global->$color, "google_agenda_color".$key, $colorlist); From 36dc8b1ce79c972c867b804778c5b780caea8a56 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 8 Jan 2016 13:57:53 +0100 Subject: [PATCH 18/20] FIX #4341 --- htdocs/main.inc.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index b45d672b385..b3040cbf03b 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -96,6 +96,7 @@ function test_sql_and_script_inject($val, $type) $sql_inj += preg_match('/