From ffaf7068d5d452c6bf282e3f3e3c03570b244851 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Wed, 24 Jun 2020 14:03:16 +0200 Subject: [PATCH 01/14] FIX: SQL Problem in customer invoice list --- htdocs/compta/facture/list.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 6bb3e0cc5ca..128e0502344 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -558,7 +558,8 @@ if (!$sall) $sql .= ' typent.code,'; $sql .= ' state.code_departement, state.nom,'; $sql .= ' country.code,'; - $sql .= " p.rowid, p.ref, p.title"; + $sql .= " p.rowid, p.ref, p.title,"; + $sql .= " u.login"; if ($search_categ_cus) $sql .= ", cc.fk_categorie, cc.fk_soc"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { From ccfe6f18fe0a06530dbe2d30e4eef6b262fb099f Mon Sep 17 00:00:00 2001 From: Florian Mortgat Date: Thu, 25 Jun 2020 16:01:27 +0200 Subject: [PATCH 02/14] FIX 10.0 - fatal with postgres backport of https://github.com/Dolibarr/dolibarr/pull/14064/files --- htdocs/core/lib/company.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 3cd302ebdbb..24dfa57f190 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -1349,7 +1349,7 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin $langs->load("mails"); $sql2 = "SELECT m.rowid as id, m.titre as label, mc.date_envoi as dp, mc.date_envoi as dp2, '100' as percent, 'mailing' as type"; - $sql2.= ", '' as fk_element, '' as elementtype, '' as contact_id"; + $sql2.= ", null as fk_element, '' as elementtype, null as contact_id"; $sql2.= ", 'AC_EMAILING' as acode, '' as alabel, '' as apicto"; $sql2.= ", u.rowid as user_id, u.login as user_login, u.photo as user_photo, u.firstname as user_firstname, u.lastname as user_lastname"; // User that valid action if (is_object($filterobj) && get_class($filterobj) == 'Societe') $sql2.= ", '' as lastname, '' as firstname"; From 62f55b85497ec3dc0f899c644db5fddcdb4e2a57 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Thu, 25 Jun 2020 20:43:41 +0200 Subject: [PATCH 03/14] FIX: SQL Problem in supplier invoice list --- htdocs/fourn/facture/list.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index 164255d4a61..0ebfd024658 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -407,7 +407,8 @@ if (!$search_all) $sql .= " typent.code,"; $sql .= " state.code_departement, state.nom,"; $sql .= ' country.code,'; - $sql .= " p.rowid, p.ref, p.title"; + $sql .= " p.rowid, p.ref, p.title,"; + $sql .= " u.login"; if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { //prevent error with sql_mode=only_full_group_by From 0c60c9fd0d9294badb7b06e2dc17fbbe89d01fc5 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Thu, 25 Jun 2020 20:53:03 +0200 Subject: [PATCH 04/14] FIX: SQL Problem in social contribution list --- htdocs/compta/sociales/list.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/compta/sociales/list.php b/htdocs/compta/sociales/list.php index 9d210c23d85..b249ed035ed 100644 --- a/htdocs/compta/sociales/list.php +++ b/htdocs/compta/sociales/list.php @@ -152,6 +152,7 @@ if ($search_typeid) { $sql .= " AND cs.fk_type=".$db->escape($search_typeid); } $sql .= " GROUP BY cs.rowid, cs.fk_type, cs.amount, cs.date_ech, cs.libelle, cs.paye, cs.periode, c.libelle"; +if (!empty($conf->projet->enabled)) $sql .= ", p.rowid"; $sql .= $db->order($sortfield, $sortorder); $totalnboflines = 0; From 858a751eef997d488bda47b4904d3735c9728cba Mon Sep 17 00:00:00 2001 From: gauthier Date: Fri, 26 Jun 2020 10:51:04 +0200 Subject: [PATCH 05/14] FIX : $_POST must be GETPOST --- htdocs/core/class/extrafields.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index 9400c64de85..48015547903 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -2103,7 +2103,7 @@ class ExtraFields if (in_array($key_type, array('date','datetime'))) { // Clean parameters - $value_key=dol_mktime($_POST[$keysuffix."options_".$key.$keyprefix."hour"], $_POST[$keysuffix."options_".$key.$keyprefix."min"], 0, $_POST[$keysuffix."options_".$key.$keyprefix."month"], $_POST[$keysuffix."options_".$key.$keyprefix."day"], $_POST[$keysuffix."options_".$key.$keyprefix."year"]); + $value_key=dol_mktime(GETPOST($keysuffix."options_".$key.$keyprefix."hour", 'int'), GETPOST($keysuffix."options_".$key.$keyprefix."min", 'int'), 0, GETPOST($keysuffix."options_".$key.$keyprefix."month", 'int'), GETPOST($keysuffix."options_".$key.$keyprefix."day", 'int'), GETPOST($keysuffix."options_".$key.$keyprefix."year", 'int')); } elseif (in_array($key_type, array('checkbox', 'chkbxlst'))) { From f4494db73fb12fd064dd01a6b4897b1758ff532d Mon Sep 17 00:00:00 2001 From: Francis Appels Date: Fri, 26 Jun 2020 17:34:11 +0200 Subject: [PATCH 06/14] Fix missing translate key --- htdocs/langs/en_US/errors.lang | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index 520519c3439..75a12d517d0 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -36,6 +36,7 @@ ErrorBadSupplierCodeSyntax=Bad syntax for vendor code ErrorSupplierCodeRequired=Vendor code required ErrorSupplierCodeAlreadyUsed=Vendor code already used ErrorBadParameters=Bad parameters +ErrorWrongParameters=Wrong or missing parameters ErrorBadValueForParameter=Wrong value '%s' for parameter '%s' ErrorBadImageFormat=Image file has not a supported format (Your PHP does not support functions to convert images of this format) ErrorBadDateFormat=Value '%s' has wrong date format From 8e324c36ff010fd1a94ab151c47ac0028a40f037 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Jun 2020 19:39:01 +0200 Subject: [PATCH 07/14] Prepare 11.0.5 --- htdocs/filefunc.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/filefunc.inc.php b/htdocs/filefunc.inc.php index 0352963b13e..2acaad4ec29 100644 --- a/htdocs/filefunc.inc.php +++ b/htdocs/filefunc.inc.php @@ -31,7 +31,7 @@ */ if (! defined('DOL_APPLICATION_TITLE')) define('DOL_APPLICATION_TITLE', 'Dolibarr'); -if (! defined('DOL_VERSION')) define('DOL_VERSION', '11.0.4'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c +if (! defined('DOL_VERSION')) define('DOL_VERSION', '11.0.5'); // a.b.c-alpha, a.b.c-beta, a.b.c-rcX or a.b.c if (! defined('EURO')) define('EURO', chr(128)); From 347667b3461f71ce86774deceaf3fabaefb41086 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Jun 2020 19:45:39 +0200 Subject: [PATCH 08/14] Prepare 11.0.5 --- ChangeLog | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/ChangeLog b/ChangeLog index 67cf9513a4a..3ea709eb7bf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,52 @@ English Dolibarr ChangeLog -------------------------------------------------------------- +***** ChangeLog for 11.0.4 compared to 11.0.3 ***** +FIX: $arraydefaultmessage is an object, as well as in /htdocs/core/class/html.formmail.class.php +FIX: 10.0 - pagination in prelevement/bons.php +FIX: 10.0 - undefined $langs if template file copy fails during activation of modContrat +FIX: 11.0 - fatal with postgres on contact/agenda.php +FIX: 11.0 - multicurrency amount not fetched when fetching payments from llx_paiement or llx_paiementfourn +FIX: 11.0 - when using pdftk as per hidden conf USE_PDFTK_FOR_PDF_CONCAT, check that the file exists before displaying a success message +FIX: #13841 +FIX: #13877 - Can validate invoice if there is a credit note with VAT 0% on an invoice with other lines with a VAT non 0% +FIX: #13968 +FIX: #14001 +FIX: #14002 +FIX: 9.0 - delete unused mandatory argument from migrate_clean_association: argument count mismatch causes a fatal error since php7 +FIX: 9.0 - fatal during migration from 3.1 using PHP 7 +FIX: Accountancy - Binding index - Add a filter on sql request for module Subtotal & Jalon +FIX: avoid error "Call to undefined function measuringUnitString()" +FIX: BlindBoolean SQL injection reported by Christian Weiler +FIX: Can create a credit note on situation invoice if previous is also +FIX: can install module even if (x) was appended during download. +FIX: copy value date of VariousPayment onto the new AccountLine +FIX: count of open day when date and start are not open should be 0 +FIX: Default bank account was not loaded for document generation. +FIX: Do not show stats panel if the user does not have permissions +FIX: Fix link of the button to create a credit note and fix the awareness of a error that happen when wo create a credit note +FIX: force rounding 2 on export ld compta +FIX: free text on cash desk +FIX: links into emails of notifications +FIX: missing file manifest.json.php +FIX: missing GetNomURL Hook in warehouse class +FIX: missing hook init + table class + $page not set +FIX: missing rollbacks on trigger bad return +FIX: missing translation value for key "NoMorePredefinedProductToDispatch" +FIX: percent must be displayed on one line +FIX: php error if multicompany disabled +FIX: Privilege escalation reported by wizlynx WLX-2020-011 +FIX: replace filter parameter "none" by "restricthtml" +FIX: Rounding Total TVA in "crabe" model pdf +FIX: Show ref_customer, amount on contract link object +FIX: Site ec.europa.eu has moved to https:// +FIX: Tickets mail models doesn't work +FIX: vulnerability reported by wizlynx WLX-2020-012 +FIX: We must only rename current bank receipt +FIX: when creating a VariousPayment, the value date is not copied onto the AccountLine that gets created at the same time, so the bank transaction's value date will be the payment date instead of the payment's value date +FIX: wrong url param +FIX: XSS using the renaming of .noexe files - reported by Nolan. + ***** ChangeLog for 11.0.4 compared to 11.0.3 ***** FIX: #13749 FIX: #7594 Expense report multi pagebreak From 0eac798674eacb44e725fa53423c35ea860acd02 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 26 Jun 2020 19:47:03 +0200 Subject: [PATCH 09/14] Changelog --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 3ea709eb7bf..515a98f4180 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,7 +2,7 @@ English Dolibarr ChangeLog -------------------------------------------------------------- -***** ChangeLog for 11.0.4 compared to 11.0.3 ***** +***** ChangeLog for 11.0.5 compared to 11.0.4 ***** FIX: $arraydefaultmessage is an object, as well as in /htdocs/core/class/html.formmail.class.php FIX: 10.0 - pagination in prelevement/bons.php FIX: 10.0 - undefined $langs if template file copy fails during activation of modContrat From d5324ff3db3e981c856f8a606334fcfa599eafcf Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 27 Jun 2020 14:38:40 +0200 Subject: [PATCH 10/14] Fix template --- htdocs/modulebuilder/template/README.md | 2 +- .../modulebuilder/template/core/modules/modMyModule.class.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/modulebuilder/template/README.md b/htdocs/modulebuilder/template/README.md index 1472929c043..c3afa63e1b7 100644 --- a/htdocs/modulebuilder/template/README.md +++ b/htdocs/modulebuilder/template/README.md @@ -8,7 +8,7 @@ Description... ![Screenshot mymodule](img/screenshot_mymodule.png?raw=true "MyModule"){imgmd} --> -Other modules are available on [Dolistore.com](https://www.dolistore.com>). +Other modules are available on [Dolistore.com](https://www.dolistore.com). ## Translations diff --git a/htdocs/modulebuilder/template/core/modules/modMyModule.class.php b/htdocs/modulebuilder/template/core/modules/modMyModule.class.php index 10cdfa54001..a580a655d85 100644 --- a/htdocs/modulebuilder/template/core/modules/modMyModule.class.php +++ b/htdocs/modulebuilder/template/core/modules/modMyModule.class.php @@ -276,7 +276,7 @@ class modMyModule extends DolibarrModules 'langs'=>'mymodule@mymodule', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. 'position'=>1000 + $r, 'enabled'=>'$conf->mymodule->enabled', // Define condition to show or hide menu entry. Use '$conf->mymodule->enabled' if entry must be visible if module is enabled. - 'perms'=>'$user->rights->mymodule->myobject->read', // Use 'perms'=>'$user->rights->mymodule->level1->level2' if you want your menu with a permission rules + 'perms'=>'1', // Use 'perms'=>'$user->rights->mymodule->myobject->read' if you want your menu with a permission rules 'target'=>'', 'user'=>2, // 0=Menu for internal users, 1=external users, 2=both ); From 41c6155922b7e4f59ef12a3e40287e31bf42fc9f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 27 Jun 2020 14:44:38 +0200 Subject: [PATCH 11/14] Hiden useless entry --- htdocs/modulebuilder/index.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index 7e6355b2a30..118718db57e 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -2136,10 +2136,11 @@ elseif (!empty($module)) print ' '.$langs->trans("DescriptorFile").' : '.$pathtofile.''; print ' '.img_picto($langs->trans("Edit"), 'edit').''; print '
'; - print ' '.$langs->trans("LanguageFile").' : '; - if (!is_array($dicts) || empty($dicts)) print ''.$langs->trans("NoDictionaries").''; - else print ''.$dicts['langs'].''; - print '
'; + if (is_array($dicts) && !empty($dicts)) { + print ' '.$langs->trans("LanguageFile").' : '; + print ''.$dicts['langs'].''; + print '
'; + } print load_fiche_titre($langs->trans("ListOfDictionariesEntries"), '', ''); From 194b92e70f82ddc337888bd99edd03224a759770 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 27 Jun 2020 15:27:09 +0200 Subject: [PATCH 12/14] Fix load of menu when 'perm' or 'enabled' is '0'. --- htdocs/admin/menus/index.php | 16 ++++++++-------- htdocs/core/class/menubase.class.php | 4 ++-- htdocs/core/menus/standard/eldy.lib.php | 2 +- htdocs/theme/eldy/global.inc.php | 2 +- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/htdocs/admin/menus/index.php b/htdocs/admin/menus/index.php index 97f0246ac88..1dea0ca4473 100644 --- a/htdocs/admin/menus/index.php +++ b/htdocs/admin/menus/index.php @@ -328,18 +328,18 @@ if ($conf->use_javascript_ajax) $entry = '
'; $entry .= '   '.$titre.''; $entry .= ''; - $entry .= ''.img_edit('default', 0, 'class="menuEdit" id="edit'.$menu['rowid'].'"').' '; - $entry .= ''.img_edit_add('default').' '; - $entry .= ''.img_delete('default').' '; + $entry .= ''.img_edit('default', 0, 'class="menuEdit" id="edit'.$menu['rowid'].'"').' '; + $entry .= ''.img_edit_add('default').' '; + $entry .= ''.img_delete('default').' '; $entry .= '     '; - $entry .= ''.img_picto("Up", "1uparrow").''.img_picto("Down", "1downarrow").''; + $entry .= ''.img_picto("Up", "1uparrow").''.img_picto("Down", "1downarrow").''; $entry .= '
'; - $buttons = ''.img_edit('default', 0, 'class="menuEdit" id="edit'.$menu['rowid'].'"').' '; - $buttons .= ''.img_edit_add('default').' '; - $buttons .= ''.img_delete('default').' '; + $buttons = ''.img_edit('default', 0, 'class="menuEdit" id="edit'.$menu['rowid'].'"').' '; + $buttons .= ''.img_edit_add('default').' '; + $buttons .= ''.img_delete('default').' '; $buttons .= '     '; - $buttons .= ''.img_picto("Up", "1uparrow").''.img_picto("Down", "1downarrow").''; + $buttons .= ''.img_picto("Up", "1uparrow").''.img_picto("Down", "1downarrow").''; $data[] = array( 'rowid'=>$menu['rowid'], diff --git a/htdocs/core/class/menubase.class.php b/htdocs/core/class/menubase.class.php index a6d774090aa..953064e6b4c 100644 --- a/htdocs/core/class/menubase.class.php +++ b/htdocs/core/class/menubase.class.php @@ -656,7 +656,7 @@ class Menubase // Define $right $perms = true; - if ($menu['perms']) + if (isset($menu['perms'])) { $tmpcond = $menu['perms']; if ($leftmenu == 'all') $tmpcond = preg_replace('/\$leftmenu\s*==\s*["\'a-zA-Z_]+/', '1==1', $tmpcond); // Force part of condition to true @@ -666,7 +666,7 @@ class Menubase // Define $enabled $enabled = true; - if ($menu['enabled']) + if (isset($menu['enabled'])) { $tmpcond = $menu['enabled']; if ($leftmenu == 'all') $tmpcond = preg_replace('/\$leftmenu\s*==\s*["\'a-zA-Z_]+/', '1==1', $tmpcond); // Force part of condition to true diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index cc47218e2db..f6e5c2c83d6 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -49,7 +49,6 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = $mainmenu = (empty($_SESSION["mainmenu"]) ? '' : $_SESSION["mainmenu"]); $leftmenu = (empty($_SESSION["leftmenu"]) ? '' : $_SESSION["leftmenu"]); - $id = 'mainmenu'; $listofmodulesforexternal = explode(',', $conf->global->MAIN_MODULES_FOR_EXTERNAL); @@ -457,6 +456,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = $num = count($newTabMenu); for ($i = 0; $i < $num; $i++) { + //var_dump($type_user.' '.$newTabMenu[$i]['url'].' '.$showmode.' '.$newTabMenu[$i]['perms']); $idsel = (empty($newTabMenu[$i]['mainmenu']) ? 'none' : $newTabMenu[$i]['mainmenu']); $showmode = isVisibleToUserType($type_user, $newTabMenu[$i], $listofmodulesforexternal); diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index 273073d7b5d..06feb97c2dd 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -4511,7 +4511,7 @@ td.cal_other_month { .treeview ul { background-color: transparent !important; margin-top: 4px; padding-top: 4px !important; } .treeview li { background-color: transparent !important; padding: 0 0 0 16px !important; min-height: 26px; } .treeview .hover { color: var(--colortextlink) !important; text-decoration: underline !important; } - +.treeview .hitarea { margin-top: 3px; } /* ============================================================================== */ From 2de1433818a276ed50f82c1a3bb9acc098e73f53 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 28 Jun 2020 21:05:36 +0200 Subject: [PATCH 13/14] FIX #14142 --- htdocs/install/mysql/migration/11.0.0-12.0.0.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/install/mysql/migration/11.0.0-12.0.0.sql b/htdocs/install/mysql/migration/11.0.0-12.0.0.sql index 7a6f2333346..af05a55a8e7 100644 --- a/htdocs/install/mysql/migration/11.0.0-12.0.0.sql +++ b/htdocs/install/mysql/migration/11.0.0-12.0.0.sql @@ -80,7 +80,7 @@ ALTER TABLE llx_document_model MODIFY COLUMN type varchar(64); -- Delete an old index that is duplicated -- VMYSQL4.1 DROP INDEX ix_fk_product_stock on llx_product_batch; --- VPGSQL8.2 DROP INDEX ix_fk_product_stock +-- VPGSQL8.2 DROP INDEX ix_fk_product_stock; ALTER TABLE llx_actioncomm DROP COLUMN punctual; From a11f7d107000863c519b5d6a74dd844f8af341a3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 28 Jun 2020 21:11:25 +0200 Subject: [PATCH 14/14] Update list.php --- htdocs/compta/sociales/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/sociales/list.php b/htdocs/compta/sociales/list.php index b249ed035ed..8ccd8aa35aa 100644 --- a/htdocs/compta/sociales/list.php +++ b/htdocs/compta/sociales/list.php @@ -152,7 +152,7 @@ if ($search_typeid) { $sql .= " AND cs.fk_type=".$db->escape($search_typeid); } $sql .= " GROUP BY cs.rowid, cs.fk_type, cs.amount, cs.date_ech, cs.libelle, cs.paye, cs.periode, c.libelle"; -if (!empty($conf->projet->enabled)) $sql .= ", p.rowid"; +if (!empty($conf->projet->enabled)) $sql .= ", p.rowid, p.ref, p.title"; $sql .= $db->order($sortfield, $sortorder); $totalnboflines = 0;