diff --git a/ChangeLog b/ChangeLog index 4e35ff9e6a0..b5a787a8203 100644 --- a/ChangeLog +++ b/ChangeLog @@ -253,6 +253,52 @@ Only people that installed Dolibarr using the all-in-one autoinstaller for Windo DoliWAMP remains a solution for fast test or demo purposes. +***** ChangeLog for 11.0.5 compared to 11.0.4 ***** +FIX: $arraydefaultmessage is an object, as well as in /htdocs/core/class/html.formmail.class.php +FIX: 10.0 - pagination in prelevement/bons.php +FIX: 10.0 - undefined $langs if template file copy fails during activation of modContrat +FIX: 11.0 - fatal with postgres on contact/agenda.php +FIX: 11.0 - multicurrency amount not fetched when fetching payments from llx_paiement or llx_paiementfourn +FIX: 11.0 - when using pdftk as per hidden conf USE_PDFTK_FOR_PDF_CONCAT, check that the file exists before displaying a success message +FIX: #13841 +FIX: #13877 - Can validate invoice if there is a credit note with VAT 0% on an invoice with other lines with a VAT non 0% +FIX: #13968 +FIX: #14001 +FIX: #14002 +FIX: 9.0 - delete unused mandatory argument from migrate_clean_association: argument count mismatch causes a fatal error since php7 +FIX: 9.0 - fatal during migration from 3.1 using PHP 7 +FIX: Accountancy - Binding index - Add a filter on sql request for module Subtotal & Jalon +FIX: avoid error "Call to undefined function measuringUnitString()" +FIX: BlindBoolean SQL injection reported by Christian Weiler +FIX: Can create a credit note on situation invoice if previous is also +FIX: can install module even if (x) was appended during download. +FIX: copy value date of VariousPayment onto the new AccountLine +FIX: count of open day when date and start are not open should be 0 +FIX: Default bank account was not loaded for document generation. +FIX: Do not show stats panel if the user does not have permissions +FIX: Fix link of the button to create a credit note and fix the awareness of a error that happen when wo create a credit note +FIX: force rounding 2 on export ld compta +FIX: free text on cash desk +FIX: links into emails of notifications +FIX: missing file manifest.json.php +FIX: missing GetNomURL Hook in warehouse class +FIX: missing hook init + table class + $page not set +FIX: missing rollbacks on trigger bad return +FIX: missing translation value for key "NoMorePredefinedProductToDispatch" +FIX: percent must be displayed on one line +FIX: php error if multicompany disabled +FIX: Privilege escalation reported by wizlynx WLX-2020-011 +FIX: replace filter parameter "none" by "restricthtml" +FIX: Rounding Total TVA in "crabe" model pdf +FIX: Show ref_customer, amount on contract link object +FIX: Site ec.europa.eu has moved to https:// +FIX: Tickets mail models doesn't work +FIX: vulnerability reported by wizlynx WLX-2020-012 +FIX: We must only rename current bank receipt +FIX: when creating a VariousPayment, the value date is not copied onto the AccountLine that gets created at the same time, so the bank transaction's value date will be the payment date instead of the payment's value date +FIX: wrong url param +FIX: XSS using the renaming of .noexe files - reported by Nolan. + ***** ChangeLog for 11.0.4 compared to 11.0.3 ***** FIX: #13749 FIX: #7594 Expense report multi pagebreak diff --git a/htdocs/admin/menus/index.php b/htdocs/admin/menus/index.php index b9dc6019ded..b7305679ce5 100644 --- a/htdocs/admin/menus/index.php +++ b/htdocs/admin/menus/index.php @@ -322,18 +322,18 @@ if ($conf->use_javascript_ajax) $entry = '
'; $entry .= '   '.$titre.''; $entry .= ''; - $entry .= ''.img_edit('default', 0, 'class="menuEdit" id="edit'.$menu['rowid'].'"').' '; - $entry .= ''.img_edit_add('default').' '; - $entry .= ''.img_delete('default').' '; + $entry .= ''.img_edit('default', 0, 'class="menuEdit" id="edit'.$menu['rowid'].'"').' '; + $entry .= ''.img_edit_add('default').' '; + $entry .= ''.img_delete('default').' '; $entry .= '     '; - $entry .= ''.img_picto("Up", "1uparrow").''.img_picto("Down", "1downarrow").''; + $entry .= ''.img_picto("Up", "1uparrow").''.img_picto("Down", "1downarrow").''; $entry .= '
'; $buttons = ''.img_edit('default', 0, 'class="menuEdit" id="edit'.$menu['rowid'].'"').' '; $buttons .= ''.img_edit_add('default').' '; $buttons .= ''.img_delete('default').' '; $buttons .= '     '; - $buttons .= ''.img_picto("Up", "1uparrow").''.img_picto("Down", "1downarrow").''; + $buttons .= ''.img_picto("Up", "1uparrow").''.img_picto("Down", "1downarrow").''; $data[] = array( 'rowid'=>$menu['rowid'], diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index d433a1ef042..a0ce91bec86 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -549,7 +549,8 @@ if (!$sall) $sql .= ' typent.code,'; $sql .= ' state.code_departement, state.nom,'; $sql .= ' country.code,'; - $sql .= " p.rowid, p.ref, p.title"; + $sql .= " p.rowid, p.ref, p.title,"; + $sql .= " u.login"; if ($search_categ_cus) $sql .= ", cc.fk_categorie, cc.fk_soc"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/compta/sociales/list.php b/htdocs/compta/sociales/list.php index 43823490ed9..40ebcd1cb7c 100644 --- a/htdocs/compta/sociales/list.php +++ b/htdocs/compta/sociales/list.php @@ -150,6 +150,7 @@ if ($search_typeid) { $sql .= " AND cs.fk_type=".$db->escape($search_typeid); } $sql .= " GROUP BY cs.rowid, cs.fk_type, cs.amount, cs.date_ech, cs.libelle, cs.paye, cs.periode, c.libelle"; +if (!empty($conf->projet->enabled)) $sql .= ", p.rowid, p.ref, p.title"; $sql .= $db->order($sortfield, $sortorder); $totalnboflines = 0; diff --git a/htdocs/core/class/menubase.class.php b/htdocs/core/class/menubase.class.php index 3fd2a9b2bb3..0124507b081 100644 --- a/htdocs/core/class/menubase.class.php +++ b/htdocs/core/class/menubase.class.php @@ -645,7 +645,7 @@ class Menubase // Define $right $perms = true; - if ($menu['perms']) + if (isset($menu['perms'])) { $tmpcond = $menu['perms']; if ($leftmenu == 'all') $tmpcond = preg_replace('/\$leftmenu\s*==\s*["\'a-zA-Z_]+/', '1==1', $tmpcond); // Force part of condition to true @@ -655,7 +655,7 @@ class Menubase // Define $enabled $enabled = true; - if ($menu['enabled']) + if (isset($menu['enabled'])) { $tmpcond = $menu['enabled']; if ($leftmenu == 'all') $tmpcond = preg_replace('/\$leftmenu\s*==\s*["\'a-zA-Z_]+/', '1==1', $tmpcond); // Force part of condition to true diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index f9849cded57..4e8fe71400f 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -1420,7 +1420,7 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin $sql2 .= " WHERE mc.email = '".$db->escape($objcon->email)."'"; // Search is done on email. $sql2 .= " AND mc.statut = 1"; $sql2 .= " AND u.rowid = m.fk_user_valid"; - $sql2 .= " AND mc.fk_mailing=m.rowid"; + $sql2 .= " AND mc.fk_mailing = m.rowid"; } if (!empty($sql) && !empty($sql2)) { diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 3add1971b62..ac720b667de 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -49,7 +49,6 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = $mainmenu = (empty($_SESSION["mainmenu"]) ? '' : $_SESSION["mainmenu"]); $leftmenu = (empty($_SESSION["leftmenu"]) ? '' : $_SESSION["leftmenu"]); - $id = 'mainmenu'; $listofmodulesforexternal = explode(',', $conf->global->MAIN_MODULES_FOR_EXTERNAL); @@ -455,6 +454,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = $num = count($newTabMenu); for ($i = 0; $i < $num; $i++) { + //var_dump($type_user.' '.$newTabMenu[$i]['url'].' '.$showmode.' '.$newTabMenu[$i]['perms']); $idsel = (empty($newTabMenu[$i]['mainmenu']) ? 'none' : $newTabMenu[$i]['mainmenu']); $showmode = isVisibleToUserType($type_user, $newTabMenu[$i], $listofmodulesforexternal); diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index 1be897fa411..16fffbcbea4 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -407,7 +407,8 @@ if (!$search_all) $sql .= " typent.code,"; $sql .= " state.code_departement, state.nom,"; $sql .= ' country.code,'; - $sql .= " p.rowid, p.ref, p.title"; + $sql .= " p.rowid, p.ref, p.title,"; + $sql .= " u.login"; if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { //prevent error with sql_mode=only_full_group_by diff --git a/htdocs/install/mysql/migration/11.0.0-12.0.0.sql b/htdocs/install/mysql/migration/11.0.0-12.0.0.sql index 59c5a01d406..9e09b5dcab8 100644 --- a/htdocs/install/mysql/migration/11.0.0-12.0.0.sql +++ b/htdocs/install/mysql/migration/11.0.0-12.0.0.sql @@ -80,7 +80,7 @@ ALTER TABLE llx_document_model MODIFY COLUMN type varchar(64); -- Delete an old index that is duplicated -- VMYSQL4.1 DROP INDEX ix_fk_product_stock on llx_product_batch; --- VPGSQL8.2 DROP INDEX ix_fk_product_stock +-- VPGSQL8.2 DROP INDEX ix_fk_product_stock; ALTER TABLE llx_actioncomm DROP COLUMN punctual; diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index 520519c3439..75a12d517d0 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -36,6 +36,7 @@ ErrorBadSupplierCodeSyntax=Bad syntax for vendor code ErrorSupplierCodeRequired=Vendor code required ErrorSupplierCodeAlreadyUsed=Vendor code already used ErrorBadParameters=Bad parameters +ErrorWrongParameters=Wrong or missing parameters ErrorBadValueForParameter=Wrong value '%s' for parameter '%s' ErrorBadImageFormat=Image file has not a supported format (Your PHP does not support functions to convert images of this format) ErrorBadDateFormat=Value '%s' has wrong date format diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index cfb30f066c9..08a0ed634a5 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -2073,10 +2073,11 @@ if ($module == 'initmodule') print ' '.$langs->trans("DescriptorFile").' : '.$pathtofile.''; print ' '.img_picto($langs->trans("Edit"), 'edit').''; print '
'; - print ' '.$langs->trans("LanguageFile").' : '; - if (!is_array($dicts) || empty($dicts)) print ''.$langs->trans("NoDictionaries").''; - else print ''.$dicts['langs'].''; - print '
'; + if (is_array($dicts) && !empty($dicts)) { + print ' '.$langs->trans("LanguageFile").' : '; + print ''.$dicts['langs'].''; + print '
'; + } print load_fiche_titre($langs->trans("ListOfDictionariesEntries"), '', ''); diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index 51327b8e6fe..6226cf728ed 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -4513,7 +4513,7 @@ td.cal_other_month { .treeview ul { background-color: transparent !important; margin-bottom: 4px !important; margin-top: 0 !important; padding-top: 4px !important; } .treeview li { background-color: transparent !important; padding: 0 0 0 16px !important; min-height: 26px; } .treeview .hover { color: var(--colortextlink) !important; text-decoration: underline !important; } - +.treeview .hitarea { margin-top: 3px; } /* ============================================================================== */