Merge branch '12.0' of git@github.com:Dolibarr/dolibarr.git into develop

ChangeLog

@@ -253,6 +253,52 @@ Only people that installed Dolibarr using the all-in-one autoinstaller for Windo
   DoliWAMP remains a solution for fast test or demo purposes.
 
 
+***** ChangeLog for 11.0.5 compared to 11.0.4 *****
+FIX: $arraydefaultmessage is an object, as well as in /htdocs/core/class/html.formmail.class.php
+FIX: 10.0 - pagination in prelevement/bons.php
+FIX: 10.0 - undefined $langs if template file copy fails during activation of modContrat
+FIX: 11.0 - fatal with postgres on contact/agenda.php
+FIX: 11.0 - multicurrency amount not fetched when fetching payments from llx_paiement or llx_paiementfourn
+FIX: 11.0 - when using pdftk as per hidden conf USE_PDFTK_FOR_PDF_CONCAT, check that the file exists before displaying a success message
+FIX: #13841
+FIX: #13877 - Can validate invoice if there is a credit note with VAT 0% on an invoice with other lines with a VAT non 0%
+FIX: #13968
+FIX: #14001
+FIX: #14002
+FIX: 9.0 - delete unused mandatory argument from migrate_clean_association: argument count mismatch causes a fatal error since php7
+FIX: 9.0 - fatal during migration from 3.1 using PHP 7
+FIX: Accountancy - Binding index - Add a filter on sql request for module Subtotal & Jalon
+FIX: avoid error "Call to undefined function measuringUnitString()"
+FIX: BlindBoolean SQL injection reported by Christian Weiler
+FIX: Can create a credit note on situation invoice if previous is also
+FIX: can install module even if (x) was appended during download.
+FIX: copy value date of VariousPayment onto the new AccountLine
+FIX: count of open day when date and start are not open should be 0
+FIX: Default bank account was not loaded for document generation.
+FIX: Do not show stats panel if the user does not have permissions
+FIX: Fix link of the button to create a credit note and fix the awareness of a error that happen when wo create a credit note
+FIX: force rounding 2 on export ld compta
+FIX: free text on cash desk
+FIX: links into emails of notifications
+FIX: missing file manifest.json.php
+FIX: missing GetNomURL Hook in warehouse class
+FIX: missing hook init + table class + $page not set
+FIX: missing rollbacks on trigger bad return
+FIX: missing translation value for key "NoMorePredefinedProductToDispatch"
+FIX: percent must be displayed on one line
+FIX: php error if multicompany disabled
+FIX: Privilege escalation reported by wizlynx WLX-2020-011
+FIX: replace filter parameter "none" by "restricthtml"
+FIX: Rounding Total TVA in "crabe" model pdf
+FIX: Show ref_customer, amount on contract link object
+FIX: Site ec.europa.eu has moved to https://
+FIX: Tickets mail models doesn't work
+FIX: vulnerability reported by wizlynx WLX-2020-012
+FIX: We must only rename current bank receipt
+FIX: when creating a VariousPayment, the value date is not copied onto the AccountLine that gets created at the same time, so the bank transaction's value date will be the payment date instead of the payment's value date
+FIX: wrong url param
+FIX: XSS using the renaming of .noexe files - reported by Nolan.
+
 ***** ChangeLog for 11.0.4 compared to 11.0.3 *****
 FIX: #13749
 FIX: #7594 Expense report multi pagebreak

htdocs/admin/menus/index.php

@@ -322,18 +322,18 @@ if ($conf->use_javascript_ajax)
 			$entry = '<table class="nobordernopadding centpercent"><tr><td>';
 			$entry .= '<strong> &nbsp; <a href="edit.php?menu_handler='.$menu_handler_to_search.'&action=edit&menuId='.$menu['rowid'].'">'.$titre.'</a></strong>';
 			$entry .= '</td><td class="right">';
-			$entry .= '<a href="edit.php?menu_handler='.$menu_handler_to_search.'&action=edit&menuId='.$menu['rowid'].'">'.img_edit('default', 0, 'class="menuEdit" id="edit'.$menu['rowid'].'"').'</a> ';
-			$entry .= '<a href="edit.php?menu_handler='.$menu_handler_to_search.'&action=create&menuId='.$menu['rowid'].'">'.img_edit_add('default').'</a> ';
-			$entry .= '<a href="index.php?menu_handler='.$menu_handler_to_search.'&action=delete&menuId='.$menu['rowid'].'">'.img_delete('default').'</a> ';
+			$entry .= '<a class="editfielda marginleftonly marginrightonly" href="edit.php?menu_handler='.$menu_handler_to_search.'&action=edit&menuId='.$menu['rowid'].'">'.img_edit('default', 0, 'class="menuEdit" id="edit'.$menu['rowid'].'"').'</a> ';
+			$entry .= '<a class="marginleftonly marginrightonly" href="edit.php?menu_handler='.$menu_handler_to_search.'&action=create&menuId='.$menu['rowid'].'">'.img_edit_add('default').'</a> ';
+			$entry .= '<a class="marginleftonly marginrightonly" href="index.php?menu_handler='.$menu_handler_to_search.'&action=delete&menuId='.$menu['rowid'].'">'.img_delete('default').'</a> ';
 			$entry .= '&nbsp; &nbsp; &nbsp;';
-			$entry .= '<a href="index.php?menu_handler='.$menu_handler_to_search.'&action=up&menuId='.$menu['rowid'].'">'.img_picto("Up", "1uparrow").'</a><a href="index.php?menu_handler='.$menu_handler_to_search.'&action=down&menuId='.$menu['rowid'].'">'.img_picto("Down", "1downarrow").'</a>';
+			$entry .= '<a class="marginleftonly marginrightonly" href="index.php?menu_handler='.$menu_handler_to_search.'&action=up&menuId='.$menu['rowid'].'">'.img_picto("Up", "1uparrow").'</a><a href="index.php?menu_handler='.$menu_handler_to_search.'&action=down&menuId='.$menu['rowid'].'">'.img_picto("Down", "1downarrow").'</a>';
 			$entry .= '</td></tr></table>';
 
 			$buttons = '<a class="editfielda marginleftonly marginrightonly" href="edit.php?menu_handler='.$menu_handler_to_search.'&action=edit&menuId='.$menu['rowid'].'">'.img_edit('default', 0, 'class="menuEdit" id="edit'.$menu['rowid'].'"').'</a> ';
 			$buttons .=	'<a class="marginleftonly marginrightonly" href="edit.php?menu_handler='.$menu_handler_to_search.'&action=create&menuId='.$menu['rowid'].'">'.img_edit_add('default').'</a> ';
 			$buttons .=	'<a class="marginleftonly marginrightonly" href="index.php?menu_handler='.$menu_handler_to_search.'&action=delete&menuId='.$menu['rowid'].'">'.img_delete('default').'</a> ';
 			$buttons .=	'&nbsp; &nbsp; &nbsp;';
-			$buttons .=	'<a href="index.php?menu_handler='.$menu_handler_to_search.'&action=up&menuId='.$menu['rowid'].'">'.img_picto("Up", "1uparrow").'</a><a href="index.php?menu_handler='.$menu_handler_to_search.'&action=down&menuId='.$menu['rowid'].'">'.img_picto("Down", "1downarrow").'</a>';
+			$buttons .=	'<a class="marginleftonly marginrightonly" href="index.php?menu_handler='.$menu_handler_to_search.'&action=up&menuId='.$menu['rowid'].'">'.img_picto("Up", "1uparrow").'</a><a href="index.php?menu_handler='.$menu_handler_to_search.'&action=down&menuId='.$menu['rowid'].'">'.img_picto("Down", "1downarrow").'</a>';
 
 			$data[] = array(
 				'rowid'=>$menu['rowid'],

htdocs/compta/facture/list.php

@@ -549,7 +549,8 @@ if (!$sall)
 	$sql .= ' typent.code,';
 	$sql .= ' state.code_departement, state.nom,';
 	$sql .= ' country.code,';
-	$sql .= " p.rowid, p.ref, p.title";
+	$sql .= " p.rowid, p.ref, p.title,";
+	$sql .= " u.login";
 	if ($search_categ_cus) $sql .= ", cc.fk_categorie, cc.fk_soc";
 	// Add fields from extrafields
 	if (!empty($extrafields->attributes[$object->table_element]['label'])) {

htdocs/compta/sociales/list.php

@@ -150,6 +150,7 @@ if ($search_typeid) {
     $sql .= " AND cs.fk_type=".$db->escape($search_typeid);
 }
 $sql .= " GROUP BY cs.rowid, cs.fk_type, cs.amount, cs.date_ech, cs.libelle, cs.paye, cs.periode, c.libelle";
+if (!empty($conf->projet->enabled)) $sql .= ", p.rowid, p.ref, p.title";
 $sql .= $db->order($sortfield, $sortorder);
 
 $totalnboflines = 0;

htdocs/core/class/menubase.class.php

@@ -645,7 +645,7 @@ class Menubase
 
                 // Define $right
                 $perms = true;
-                if ($menu['perms'])
+                if (isset($menu['perms']))
                 {
                 	$tmpcond = $menu['perms'];
                 	if ($leftmenu == 'all') $tmpcond = preg_replace('/\$leftmenu\s*==\s*["\'a-zA-Z_]+/', '1==1', $tmpcond); // Force part of condition to true
@@ -655,7 +655,7 @@ class Menubase
 
                 // Define $enabled
                 $enabled = true;
-                if ($menu['enabled'])
+                if (isset($menu['enabled']))
                 {
                 	$tmpcond = $menu['enabled'];
                 	if ($leftmenu == 'all') $tmpcond = preg_replace('/\$leftmenu\s*==\s*["\'a-zA-Z_]+/', '1==1', $tmpcond); // Force part of condition to true

htdocs/core/lib/company.lib.php

@@ -1420,7 +1420,7 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin
         $sql2 .= " WHERE mc.email = '".$db->escape($objcon->email)."'"; // Search is done on email.
         $sql2 .= " AND mc.statut = 1";
         $sql2 .= " AND u.rowid = m.fk_user_valid";
-        $sql2 .= " AND mc.fk_mailing=m.rowid";
+        $sql2 .= " AND mc.fk_mailing = m.rowid";
     }
 
     if (!empty($sql) && !empty($sql2)) {

htdocs/core/menus/standard/eldy.lib.php

@@ -49,7 +49,6 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout =
 	$mainmenu = (empty($_SESSION["mainmenu"]) ? '' : $_SESSION["mainmenu"]);
 	$leftmenu = (empty($_SESSION["leftmenu"]) ? '' : $_SESSION["leftmenu"]);
 
-
 	$id = 'mainmenu';
 	$listofmodulesforexternal = explode(',', $conf->global->MAIN_MODULES_FOR_EXTERNAL);
 
@@ -455,6 +454,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout =
 	$num = count($newTabMenu);
 	for ($i = 0; $i < $num; $i++)
 	{
+		//var_dump($type_user.' '.$newTabMenu[$i]['url'].' '.$showmode.' '.$newTabMenu[$i]['perms']);
 		$idsel = (empty($newTabMenu[$i]['mainmenu']) ? 'none' : $newTabMenu[$i]['mainmenu']);
 
 		$showmode = isVisibleToUserType($type_user, $newTabMenu[$i], $listofmodulesforexternal);

htdocs/fourn/facture/list.php

@@ -407,7 +407,8 @@ if (!$search_all)
 	$sql .= " typent.code,";
 	$sql .= " state.code_departement, state.nom,";
 	$sql .= ' country.code,';
-	$sql .= " p.rowid, p.ref, p.title";
+	$sql .= " p.rowid, p.ref, p.title,";
+	$sql .= " u.login";
 	if (!empty($extrafields->attributes[$object->table_element]['label'])) {
 		foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) {
 			//prevent error with sql_mode=only_full_group_by

htdocs/install/mysql/migration/11.0.0-12.0.0.sql

@@ -80,7 +80,7 @@ ALTER TABLE llx_document_model MODIFY COLUMN type varchar(64);
 
 -- Delete an old index that is duplicated
 -- VMYSQL4.1 DROP INDEX ix_fk_product_stock on llx_product_batch;
--- VPGSQL8.2 DROP INDEX ix_fk_product_stock
+-- VPGSQL8.2 DROP INDEX ix_fk_product_stock;
 
 ALTER TABLE llx_actioncomm DROP COLUMN punctual;
 

htdocs/langs/en_US/errors.lang

@@ -36,6 +36,7 @@ ErrorBadSupplierCodeSyntax=Bad syntax for vendor code
 ErrorSupplierCodeRequired=Vendor code required
 ErrorSupplierCodeAlreadyUsed=Vendor code already used
 ErrorBadParameters=Bad parameters
+ErrorWrongParameters=Wrong or missing parameters
 ErrorBadValueForParameter=Wrong value '%s' for parameter '%s'
 ErrorBadImageFormat=Image file has not a supported format (Your PHP does not support functions to convert images of this format)
 ErrorBadDateFormat=Value '%s' has wrong date format

htdocs/modulebuilder/index.php

@@ -2073,10 +2073,11 @@ if ($module == 'initmodule')
 				print '<span class="fa fa-file-o"></span> '.$langs->trans("DescriptorFile").' : <strong>'.$pathtofile.'</strong>';
 				print ' <a class="editfielda paddingleft paddingright" href="'.$_SERVER['PHP_SELF'].'?tab='.$tab.'&module='.$module.($forceddirread ? '@'.$dirread : '').'&action=editfile&format=php&file='.urlencode($pathtofile).'">'.img_picto($langs->trans("Edit"), 'edit').'</a>';
 				print '<br>';
-				print '<span class="fa fa-file-o"></span> '.$langs->trans("LanguageFile").' :</span> ';
-				if (!is_array($dicts) || empty($dicts)) print '<span class="opacitymedium">'.$langs->trans("NoDictionaries").'</span>';
-				else print '<strong>'.$dicts['langs'].'</strong>';
-				print '<br>';
+				if (is_array($dicts) && !empty($dicts)) {
+					print '<span class="fa fa-file-o"></span> '.$langs->trans("LanguageFile").' :</span> ';
+					print '<strong>'.$dicts['langs'].'</strong>';
+					print '<br>';
+				}
 
 				print load_fiche_titre($langs->trans("ListOfDictionariesEntries"), '', '');
 

htdocs/theme/eldy/global.inc.php

@@ -4513,7 +4513,7 @@ td.cal_other_month {
 .treeview ul { background-color: transparent !important; margin-bottom: 4px !important; margin-top: 0 !important; padding-top: 4px !important; }
 .treeview li { background-color: transparent !important; padding: 0 0 0 16px !important; min-height: 26px; }
 .treeview .hover { color: var(--colortextlink) !important; text-decoration: underline !important; }
-
+.treeview .hitarea { margin-top: 3px; }
 
 
 /* ============================================================================== */