lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'Dolibarr/develop' into develop

Browse Source
This commit is contained in:
Francis Appels 2020-09-24 21:00:40 +02:00
commit ad77569a15
98 changed files with 1215 additions and 831 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
ChangeLog
View File

@ -2,6 +2,7 @@
English Dolibarr ChangeLog
--------------------------------------------------------------
***** ChangeLog for 13.0.0 compared to 12.0.0 *****
For users:
NEW: Add module Credit transfer SEPA to manage payment of supplier using bank credit transfer SEPA files
@ -22,6 +23,52 @@ Following changes may create regressions for some external modules, but were nec
you must now also include declaration of the Trait CommonIncoterm in your class. All incoterm functions were moved into this Trait.
* The GETPOST(..., 'alpha') has now the same behaviour than GETPOST(..., 'alpahnohtml');
***** ChangeLog for 12.0.3 compared to 12.0.2 *****
FIX: 10.0 - when the mime file name is different from the filesystem name, the attachment name should be the mime filename
FIX: 11.0 - expenses lines overlapping the total amounts frame
FIX: 12.0 - round value of virtual stock on product stock reassort list
FIX: #14469
FIX: #14474 Error when deleting
FIX: #14530
FIX: #14703
FIX: - Accountancy balance Error SQL on entity
FIX: Bad number of subscription (forgotten when member was resiliated)
FIX: bad route url to delete subproduct with API
FIX: Category for suplements not saved
FIX: Compatibility with modules without document generation
FIX: Cron load lang
FIX: CSS
FIX: Error management. Do no try to approve PO if validation fails.
FIX: expenses lines overlapping the frame for total amounts.
FIX: Filter in "billed" of orders was not saved
FIX: infinite fetch object linked loop
FIX: Intervention lose html tags when updating
FIX: JS CRASH - bad usage of moreparam
FIX: lang fr retained warranty
FIX: Look and feel v12: First tab must be name of object
FIX: missing entity check
FIX: missing param for hook
FIX: Missing transaction on PO actions
FIX: MySql Strict mode
FIX: param entity in html form file
FIX: Problems on FEC format
FIX: round stock value on product list
FIX: - Send mail from contact : select mail model
FIX: set sales representatives on create company card
FIX: Setup of stock increase/decrease
FIX: sign of amount with credit note and multicurrencies
FIX: Static property called as non static
FIX: task leftmenu
FIX: title button attribute id empty
FIX: unit price divided by quantity when accepting supplier price proposal
FIX: Update extrafields on line only if it is supported
FIX: Update line of BOM
FIX: using decimal on stock correction
FIX: Visualization rights correction on last modified contacts box
FIX: Wrong redirection
FIX: Yogosha report 4425 (backport)
***** ChangeLog for 12.0.2 compared to 12.0.1 *****
FIX: computation of the bottom margin of <body> returns NaN because body is not loaded yet
FIX: DebugBar hides content at page bottom

8
SECURITY.md
View File

@ -97,19 +97,19 @@ Scope is the web application (back office) and the APIs.
## Non-qualifying vulnerabilities for Bug bounty programs, but qualified for reporting
* "Self" XSS
* Missing cookie flags
* SSL/TLS best practices
* Denial of Service attacks
* Clickjacking/UI redressing
* Physical or social engineering attempts
* Physical or social engineering attempts or issues that require physical access to a victims computer/device
* Presence of autocomplete attribute on web forms
* Vulnerabilities affecting outdated browsers or platforms
* Issues that require physical access to a victims computer/device
* Logout and other instances of low-severity Cross-Site Request Forgery
* Missing cookie flags
* Missing security-related HTTP headers which do not lead directly to a vulnerability
* Reports from automated web vulnerability scanners (Acunetix, Vega, etc.) that have not been validated
* Invalid or missing SPF (Sender Policy Framework) records (Incomplete or missing SPF/DKIM/DMARC)
* Reports on features flagged as "experimental" or "development"
* Software version disclosure when logged user is admin
* Software version or private IP disclosure when logged user is admin
* Stack traces or path disclosure when logged user is admin
* Any vulnerabilities due to a configuration different than the one defined into chapter "Scope for qualified vulnerabilities".

4
htdocs/accountancy/bookkeeping/list.php
View File

@ -640,7 +640,9 @@ $newcardbutton .= dolGetButtonTitle($buttonLabel, $langs->trans("ExportFilteredL
$newcardbutton .= dolGetButtonTitle($langs->trans('GroupByAccountAccounting'), '', 'fa fa-stream paddingleft', DOL_URL_ROOT.'/accountancy/bookkeeping/listbyaccount.php?'.$param);
$newcardbutton .= dolGetButtonTitle($langs->trans('NewAccountingMvt'), '', 'fa fa-plus-circle paddingleft', './card.php?action=create', '', $user->rights->accounting->mouvements->creer);
$url = './card.php?action=create';
if (!empty($socid)) $url .= '&socid='.$socid;
$newcardbutton .= dolGetButtonTitle($langs->trans('NewAccountingMvt'), '', 'fa fa-plus-circle paddingleft', $url, '', $user->rights->accounting->mouvements->creer);
print_barre_liste($title_page, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num, $nbtotalofrecords, 'title_accountancy', 0, $newcardbutton, '', $limit);

2
htdocs/accountancy/index.php
View File

@ -38,6 +38,7 @@ if ($user->socid > 0)
// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array of hooks
$hookmanager->initHooks(array('accountancyindex'));
/*
* Actions
*/
@ -54,6 +55,7 @@ if (GETPOST('addbox')) // Add box (when submit is done from a form when ajax dis
if ($result > 0) setEventMessages($langs->trans("BoxAdded"), null);
}
/*
* View
*/

72
htdocs/admin/stock.php
View File

@ -23,7 +23,7 @@
/**
* \file htdocs/admin/stock.php
* \ingroup stock
* \brief Page d'administration/configuration du module gestion de stock
* \brief Page to setup module stock
*/
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
@ -760,76 +760,6 @@ print '</table>';
print '</form>';
/*
print '<br>';
if ($conf->global->MAIN_FEATURES_LEVEL >= 2)
{
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
print '<td>'.$langs->trans("Inventory").'</td>'."\n";
print '<td class="right">'.$langs->trans("Status").'</td>'."\n";
print '</tr>'."\n";
// Example with a yes / no select
print '<tr class="oddeven">';
print '<td>'.$langs->trans("INVENTORY_DISABLE_VIRTUAL").'</td>';
print '<td class="center">';
if ($conf->use_javascript_ajax) {
print ajax_constantonoff('INVENTORY_DISABLE_VIRTUAL');
} else {
$arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes"));
print $form->selectarray("INVENTORY_DISABLE_VIRTUAL", $arrval, $conf->global->INVENTORY_DISABLE_VIRTUAL);
}
print '</td></tr>';
// Example with a yes / no select
print '<tr class="oddeven">';
print '<td>'.$langs->trans("INVENTORY_USE_MIN_PA_IF_NO_LAST_PA").'</td>';
print '<td class="center">';
if ($conf->use_javascript_ajax) {
print ajax_constantonoff('INVENTORY_USE_MIN_PA_IF_NO_LAST_PA');
} else {
$arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes"));
print $form->selectarray("INVENTORY_USE_MIN_PA_IF_NO_LAST_PA", $arrval, $conf->global->INVENTORY_USE_MIN_PA_IF_NO_LAST_PA);
}
print '</td></tr>';
// Example with a yes / no select
print '<tr class="oddeven">';
print '<td>'.$langs->trans("INVENTORY_USE_INVENTORY_DATE_FOR_DATE_OF_MVT").'</td>';
print '<td class="right">';
if ($conf->use_javascript_ajax) {
print ajax_constantonoff('INVENTORY_USE_INVENTORY_DATE_FOR_DATE_OF_MVT');
} else {
$arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes"));
print $form->selectarray("INVENTORY_USE_INVENTORY_DATE_FOR_DATE_OF_MVT", $arrval, $conf->global->INVENTORY_USE_INVENTORY_DATE_FOR_DATE_OF_MVT);
}
print '</td></tr>';
print '</table>';
}
*/
/* I keep the option/feature, but hidden to end users for the moment. If feature is used by module, no need to have users see it.
If not used by a module, I still need to understand in which case user may need this now we can set rule on product page.
if ($conf->global->PRODUIT_SOUSPRODUITS)
{
print '<tr class="oddeven">';
print '<td>'.$langs->trans("IndependantSubProductStock").'</td>';
print '<td class="right">';
print "<form method=\"post\" action=\"stock.php\">";
print '<input type="hidden" name="token" value="'.newToken().'">';
print "<input type=\"hidden\" name=\"action\" value=\"INDEPENDANT_SUBPRODUCT_STOCK\">";
print $form->selectyesno("INDEPENDANT_SUBPRODUCT_STOCK",$conf->global->INDEPENDANT_SUBPRODUCT_STOCK,1);
print '<input type="submit" class="button" value="'.$langs->trans("Modify").'">';
print '</form>';
print "</td>\n";
print "</tr>\n";
}
*/
// End of page
llxFooter();
$db->close();

6
htdocs/admin/syslog.php
View File

@ -212,6 +212,12 @@ foreach ($syslogModules as $moduleName)
print '<td width="140">';
print '<input class="oddeven" type="checkbox" name="SYSLOG_HANDLERS[]" value="'.$moduleName.'" '.(in_array($moduleName, $activeModules) ? 'checked' : '').($moduleactive <= 0 ? 'disabled' : '').'> ';
print $module->getName();
if ($moduleName == 'mod_syslog_syslog') {
if (! $module->isActive()) {
$langs->load("errors");
print $form->textwithpicto('', $langs->trans("ErrorPHPNeedModule", 'SysLog'));
}
}
print '</td>';
print '<td class="nowrap">';

1
htdocs/admin/system/filecheck.php
View File

@ -91,6 +91,7 @@ if (preg_match('/beta|alpha|rc/i', DOL_VERSION) || !empty($conf->global->MAIN_AL
$enableremotecheck = true;
print '<form name="check" action="'.$_SERVER["PHP_SELF"].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print $langs->trans("MakeIntegrityAnalysisFrom").':<br>';
print '<!-- for a local check target=local&xmlshortfile=... -->'."\n";
if (dol_is_file($xmlfile))

1
htdocs/admin/tools/listevents.php
View File

@ -226,6 +226,7 @@ if ($result)
}
print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print_barre_liste($langs->trans("ListOfSecurityEvents"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $center, $num, $nbtotalofrecords, 'setup', 0, '', '', $limit);

2
htdocs/admin/website.php
View File

@ -411,7 +411,7 @@ print "<br>\n";
// Confirmation de la suppression de la ligne
if ($action == 'delete')
{
print $form->formconfirm($_SERVER["PHP_SELF"].'?'.($page ? 'page='.$page.'&' : '').'sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.$rowid, $langs->trans('DeleteWebsite'), $langs->trans('ConfirmDeleteWebsite'), 'confirm_delete', '', 0, 1);
print $form->formconfirm($_SERVER["PHP_SELF"].'?'.($page ? 'page='.$page.'&' : '').'sortfield='.$sortfield.'&sortorder='.$sortorder.'&rowid='.$rowid, $langs->trans('DeleteWebsite'), $langs->trans('ConfirmDeleteWebsite'), 'confirm_delete', '', 0, 1, 220);
}
//var_dump($elementList);

3
htdocs/asset/card.php
View File

@ -65,6 +65,9 @@ if (empty($action) && empty($id) && empty($ref)) $action = 'view';
// Load object
include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once.
// Security check
if (!empty($user->socid)) $socid = $user->socid;
$result = restrictedArea($user, 'asset', $id);
$permissiontoread = $user->rights->asset->read;
$permissiontoadd = $user->rights->asset->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php

39
htdocs/asset/class/asset.class.php
View File

@ -55,6 +55,10 @@ class Asset extends CommonObject
public $picto = 'asset';
const STATUS_DRAFT = 0;
const STATUS_VALIDATED = 1;
/**
* 'type' if the field format.
* 'label' the translation key.
@ -390,31 +394,16 @@ class Asset extends CommonObject
// phpcs:enable
global $langs;
if ($mode == 0 || $mode == 1)
{
if ($status == 1) return $langs->trans('Enabled');
elseif ($status == 0) return $langs->trans('Disabled');
} elseif ($mode == 2)
{
if ($status == 1) return img_picto($langs->trans('Enabled'), 'statut4').' '.$langs->trans('Enabled');
elseif ($status == 0) return img_picto($langs->trans('Disabled'), 'statut5').' '.$langs->trans('Disabled');
} elseif ($mode == 3)
{
if ($status == 1) return img_picto($langs->trans('Enabled'), 'statut4');
elseif ($status == 0) return img_picto($langs->trans('Disabled'), 'statut5');
} elseif ($mode == 4)
{
if ($status == 1) return img_picto($langs->trans('Enabled'), 'statut4').' '.$langs->trans('Enabled');
elseif ($status == 0) return img_picto($langs->trans('Disabled'), 'statut5').' '.$langs->trans('Disabled');
} elseif ($mode == 5)
{
if ($status == 1) return $langs->trans('Enabled').' '.img_picto($langs->trans('Enabled'), 'statut4');
elseif ($status == 0) return $langs->trans('Disabled').' '.img_picto($langs->trans('Disabled'), 'statut5');
} elseif ($mode == 6)
{
if ($status == 1) return $langs->trans('Enabled').' '.img_picto($langs->trans('Enabled'), 'statut4');
elseif ($status == 0) return $langs->trans('Disabled').' '.img_picto($langs->trans('Disabled'), 'statut5');
}
$langs->load("contracts");
$labelStatus[self::STATUS_DRAFT] = $langs->trans('Disabled');
$labelStatus[self::STATUS_VALIDATED] = $langs->trans('Enabled');
$labelStatusShort[self::STATUS_DRAFT] = $langs->trans('Disabled');
$labelStatusShort[self::STATUS_VALIDATED] = $langs->trans('Enabled');
$statusType = 'status0';
if ($status == self::STATUS_VALIDATED) $statusType = 'status4';
return dolGetStatus($labelStatus[$status], $labelStatusShort[$status], '', $statusType, $mode);
}
/**

4
htdocs/asset/document.php
View File

@ -68,6 +68,10 @@ $extrafields->fetch_name_optionals_label($object->table_element);
// Load object
include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals
// Security check
if (!empty($user->socid)) $socid = $user->socid;
$result = restrictedArea($user, 'asset', $id);
//if ($id > 0 || ! empty($ref)) $upload_dir = $conf->sellyoursaas->multidir_output[$object->entity] . "/packages/" . dol_sanitizeFileName($object->id);
if ($id > 0 || !empty($ref)) $upload_dir = $conf->sellyoursaas->multidir_output[$object->entity]."/packages/".dol_sanitizeFileName($object->ref);

4
htdocs/asset/info.php
View File

@ -35,15 +35,17 @@ $action = GETPOST('action', 'aZ09');
// Security check
if ($user->socid) $socid = $user->socid;
$result = restrictedArea($user, 'asset', $id, '');
$result = restrictedArea($user, 'asset', $id);
$object = new Asset($db);
$object->fetch($id);
/*
* Actions
*/
// None
/*

5
htdocs/asset/list.php
View File

@ -73,12 +73,15 @@ if (!$sortorder) $sortorder = "ASC";
// Security check
$socid = 0;
if ($user->socid) $socid = $user->socid;
if ($user->socid > 0) // Protection if external user
{
//$socid = $user->socid;
accessforbidden();
}
//$result = restrictedArea($user, 'asset', $id,'');
// Security check
$result = restrictedArea($user, 'asset', $id);
// Initialize array of search criterias
$search_all = GETPOST("search_all", 'alpha');

4
htdocs/asset/note.php
View File

@ -54,6 +54,10 @@ $extrafields->fetch_name_optionals_label($object->table_element);
include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals
if ($id > 0 || !empty($ref)) $upload_dir = $conf->asset->multidir_output[$object->entity]."/".$object->id;
// Security check
if (!empty($user->socid)) $socid = $user->socid;
$result = restrictedArea($user, 'asset', $id);
$permissionnote = 1;
//$permissionnote=$user->rights->asset->creer; // Used by the include of actions_setnotes.inc.php

1
htdocs/blockedlog/admin/blockedlog_list.php
View File

@ -311,6 +311,7 @@ if (GETPOST('withtab', 'alpha')) $param .= '&withtab='.urlencode(GETPOST('withta
//include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php';
print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<div class="right">';
print $langs->trans("RestrictYearToExport").': ';

8
htdocs/categories/card.php
View File

@ -88,6 +88,10 @@ if ($action == 'add' && $user->rights->categorie->creer)
{
header("Location: ".$urlfrom);
exit;
} elseif ($backtopage)
{
header("Location: ".$backtopage);
exit;
} elseif ($idProdOrigin)
{
header("Location: ".DOL_URL_ROOT.'/categories/viewcat.php?id='.$idProdOrigin.'&type='.$type);
@ -235,13 +239,13 @@ if ($user->rights->categorie->creer)
// Ref
print '<tr>';
print '<td class="titlefieldcreate fieldrequired">'.$langs->trans("Ref").'</td><td><input id="label" class="minwidth100" name="label" value="'.$label.'">';
print '<td class="titlefieldcreate fieldrequired">'.$langs->trans("Ref").'</td><td><input id="label" class="minwidth100" name="label" value="'.dol_escape_htmltag($label).'">';
print'</td></tr>';
// Description
print '<tr><td class="tdtop">'.$langs->trans("Description").'</td><td>';
require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php';
$doleditor = new DolEditor('description', $description, '', 200, 'dolibarr_notes', '', false, true, $conf->global->FCKEDITOR_ENABLE_PRODUCTDESC, ROWS_6, '90%');
$doleditor = new DolEditor('description', $description, '', 160, 'dolibarr_notes', '', false, true, $conf->global->FCKEDITOR_ENABLE_PRODUCTDESC, ROWS_5, '90%');
$doleditor->Create();
print '</td></tr>';

5
htdocs/categories/class/categorie.class.php
View File

@ -1616,9 +1616,10 @@ class Categorie extends CommonObject
* @param int $withpicto 0=No picto, 1=Include picto into link, 2=Only picto
* @param string $option Sur quoi pointe le lien ('', 'xyz')
* @param int $maxlength Max length of text
* @param string $moreparam More param on URL link
* @return string Chaine avec URL
*/
public function getNomUrl($withpicto = 0, $option = '', $maxlength = 0)
public function getNomUrl($withpicto = 0, $option = '', $maxlength = 0, $moreparam = '')
{
global $langs;
@ -1632,7 +1633,7 @@ class Categorie extends CommonObject
if (colorIsLight($this->color)) $forced_color = 'categtextblack';
}
$link = '<a href="'.DOL_URL_ROOT.'/categories/viewcat.php?id='.$this->id.'&type='.$this->type.'&backtopage='.urlencode($_SERVER['PHP_SELF']).'" title="'.dol_escape_htmltag($label, 1).'" class="classfortooltip '.$forced_color.'">';
$link = '<a href="'.DOL_URL_ROOT.'/categories/viewcat.php?id='.$this->id.'&type='.$this->type.$moreparam.'&backtopage='.urlencode($_SERVER['PHP_SELF'].($moreparam?'?'.$moreparam:'')).'" title="'.dol_escape_htmltag($label, 1).'" class="classfortooltip '.$forced_color.'">';
$linkend = '</a>';
$picto = 'category';

100
htdocs/categories/index.php
View File

@ -39,6 +39,7 @@ if (!$user->rights->categorie->lire) accessforbidden();
$id = GETPOST('id', 'int');
$type = (GETPOST('type', 'aZ09') ? GETPOST('type', 'aZ09') : Categorie::TYPE_PRODUCT);
$catname = GETPOST('catname', 'alpha');
$nosearch = GETPOST('nosearch', 'int');
$categstatic = new Categorie($db);
if (is_numeric($type)) $type = Categorie::$MAP_ID_TO_CODE[$type]; // For backward compatibility
@ -50,6 +51,8 @@ if (is_numeric($type)) $type = Categorie::$MAP_ID_TO_CODE[$type]; // For backwar
$form = new Form($db);
$moreparam = ($nosearch ? '&nosearch=1' : '');
$typetext = $type;
if ($type == Categorie::TYPE_ACCOUNT) $title = $langs->trans('AccountsCategoriesArea');
elseif ($type == Categorie::TYPE_WAREHOUSE) $title = $langs->trans('StocksCategoriesArea');
@ -64,70 +67,69 @@ $arrayofcss = array('/includes/jquery/plugins/jquerytreeview/jquery.treeview.css
llxHeader('', $title, '', '', 0, 0, $arrayofjs, $arrayofcss);
$newcardbutton = '';
if (!empty($user->rights->categorie->creer)) {
$newcardbutton .= dolGetButtonTitle($langs->trans('NewCategory'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/categories/card.php?action=create&type='.$type.'&backtopage='.urlencode($_SERVER["PHP_SELF"].'?type='.$type));
$newcardbutton .= dolGetButtonTitle($langs->trans('NewCategory'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/categories/card.php?action=create&type='.$type.'&backtopage='.urlencode($_SERVER["PHP_SELF"].'?type='.$type.$moreparam).$moreparam);
}
print load_fiche_titre($title, $newcardbutton, 'object_category');
print '<div class="fichecenter"><div class="fichethirdleft">';
// Search categories
if (empty($nosearch)) {
print '<div class="fichecenter"><div class="fichehalfleft">';
/*
* Zone recherche produit/service
*/
print '<form method="post" action="index.php?type='.$type.'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="type" value="'.$type.'">';
print '<form method="post" action="index.php?type='.$type.'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="type" value="'.$type.'">';
print '<input type="hidden" name="nosearch" value="'.$nosearch.'">';
print '<table class="noborder nohover centpercent">';
print '<tr class="liste_titre">';
print '<td colspan="3">'.$langs->trans("Search").'</td>';
print '</tr>';
print '<tr class="oddeven nohover"><td>';
print $langs->trans("Name").':</td><td><input class="flat inputsearch" type="text" name="catname" value="'.$catname.'"/></td><td><input type="submit" class="button" value="'.$langs->trans("Search").'"></td></tr>';
print '</table></form>';
print '<table class="noborder nohover centpercent">';
print '<tr class="liste_titre">';
print '<td colspan="3">'.$langs->trans("Search").'</td>';
print '</tr>';
print '<tr class="oddeven nohover"><td>';
print $langs->trans("Name").':</td><td><input class="flat inputsearch" type="text" name="catname" value="'.$catname.'"/></td><td><input type="submit" class="button" value="'.$langs->trans("Search").'"></td></tr>';
print '</table></form>';
print '</div><div class="fichetwothirdright"><div class="ficheaddleft">';
print '</div><div class="fichehalfright">';
/*
* Categories found
*/
if ($catname || $id > 0)
{
$cats = $categstatic->rechercher($id, $catname, $typetext);
print '<table class="noborder centpercent">';
print '<tr class="liste_titre"><td colspan="2">'.$langs->trans("FoundCats").'</td></tr>';
foreach ($cats as $cat)
/*
* Categories found
*/
if ($catname || $id > 0)
{
print "\t".'<tr class="oddeven">'."\n";
print "\t\t<td>";
$categstatic->id = $cat->id;
$categstatic->ref = $cat->label;
$categstatic->label = $cat->label;
$categstatic->type = $cat->type;
$categstatic->color = $cat->color;
print '<span class="noborderoncategories" '.($categstatic->color ? ' style="background: #'.$categstatic->color.';"' : ' style="background: #aaa"').'>';
print $categstatic->getNomUrl(1, '');
print '</span>';
print "</td>\n";
print "\t\t<td>";
print dolGetFirstLineOfText($cat->description);
print "</td>\n";
print "\t</tr>\n";
}
print "</table>";
} else print '&nbsp;';
$cats = $categstatic->rechercher($id, $catname, $typetext);
print '<table class="noborder centpercent">';
print '<tr class="liste_titre"><td colspan="2">'.$langs->trans("FoundCats").'</td></tr>';
print '</div></div></div>';
foreach ($cats as $cat)
{
print "\t".'<tr class="oddeven">'."\n";
print "\t\t<td>";
$categstatic->id = $cat->id;
$categstatic->ref = $cat->label;
$categstatic->label = $cat->label;
$categstatic->type = $cat->type;
$categstatic->color = $cat->color;
print '<span class="noborderoncategories" '.($categstatic->color ? ' style="background: #'.$categstatic->color.';"' : ' style="background: #aaa"').'>';
print $categstatic->getNomUrl(1, '');
print '</span>';
print "</td>\n";
print "\t\t<td>";
print dolGetFirstLineOfText($cat->description);
print "</td>\n";
print "\t</tr>\n";
}
print "</table>";
} else print '&nbsp;';
print '</div></div>';
}
print '<div class="fichecenter"><br>';
@ -156,7 +158,7 @@ foreach ($fulltree as $key => $val)
$categstatic->ref = $val['label'];
$categstatic->color = $val['color'];
$categstatic->type = $type;
$li = $categstatic->getNomUrl(1, '', 60);
$li = $categstatic->getNomUrl(1, '', 60, $moreparam.'&backtolist='.urlencode($_SERVER["PHP_SELF"].'?type='.$type.$moreparam));
$desc = dol_htmlcleanlastbr($val['description']);
$counter = '';
@ -172,7 +174,7 @@ foreach ($fulltree as $key => $val)
'rowid'=>$val['rowid'],
'fk_menu'=>$val['fk_parent'],
'entry'=>'<table class="nobordernopadding centpercent"><tr><td><span class="noborderoncategories" '.($categstatic->color ? ' style="background: #'.$categstatic->color.';"' : ' style="background: #aaa"').'>'.$li.'</span></td>'.$counter.
'<td class="right" width="20px;"><a href="'.DOL_URL_ROOT.'/categories/viewcat.php?id='.$val['id'].'&type='.$type.'">'.img_view().'</a></td></tr></table>'
'<td class="right" width="20px;"><a href="'.DOL_URL_ROOT.'/categories/viewcat.php?id='.$val['id'].'&type='.$type.$moreparam.'&backtolist='.urlencode($_SERVER["PHP_SELF"].'?type='.$type.$moreparam).'">'.img_view().'</a></td></tr></table>'
);
}

1
htdocs/categories/viewcat.php
View File

@ -51,6 +51,7 @@ $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'myo
$backtopage = GETPOST('backtopage', 'alpha'); // Go back to a dedicated page
$optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print')
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'aZ09comma');

21
htdocs/comm/action/list.php
View File

@ -519,20 +519,21 @@ if ($resql)
$viewmode .= '<span class="marginrightonly"></span>';
$newcardbutton = '';
if ($user->rights->agenda->myactions->create || $user->rights->agenda->allactions->create)
{
$tmpforcreatebutton = dol_getdate(dol_now(), true);
$tmpforcreatebutton = dol_getdate(dol_now(), true);
$newparam .= '&month='.str_pad($month, 2, "0", STR_PAD_LEFT).'&year='.$tmpforcreatebutton['year'];
$newparam .= '&month='.str_pad($month, 2, "0", STR_PAD_LEFT).'&year='.$tmpforcreatebutton['year'];
//$param='month='.$monthshown.'&year='.$year;
$hourminsec = '100000';
$url = DOL_URL_ROOT.'/comm/action/card.php?action=create';
$url .= '&datep='.sprintf("%04d%02d%02d", $tmpforcreatebutton['year'], $tmpforcreatebutton['mon'], $tmpforcreatebutton['mday']).$hourminsec;
$url .= '&backtopage='.urlencode($_SERVER["PHP_SELF"].($newparam ? '?'.$newparam : ''));
$newcardbutton = dolGetButtonTitle($langs->trans('AddAction'), '', 'fa fa-plus-circle', $url, '', $user->rights->agenda->myactions->create || $user->rights->agenda->allactions->create);
//$param='month='.$monthshown.'&year='.$year;
$hourminsec = '100000';
$newcardbutton .= dolGetButtonTitle($langs->trans('AddAction'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/comm/action/card.php?action=create&datep='.sprintf("%04d%02d%02d", $tmpforcreatebutton['year'], $tmpforcreatebutton['mon'], $tmpforcreatebutton['mday']).$hourminsec.'&backtopage='.urlencode($_SERVER["PHP_SELF"].($newparam ? '?'.$newparam : '')));
}
$param .= '&action='.$action;
print_barre_liste($langs->trans("Agenda"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, -1 * $nbtotalofrecords, 'object_action', 0, $nav.$newcardbutton, '', $limit, 0, 0, 1, $viewmode);
print $s;

26
htdocs/comm/propal/list.php
View File

@ -480,11 +480,9 @@ if ($resql)
if (in_array($massaction, array('presend', 'predelete', 'closed'))) $arrayofmassactions = array();
$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
$newcardbutton = '';
if ($user->rights->propal->creer)
{
$newcardbutton .= dolGetButtonTitle($langs->trans('NewPropal'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/comm/propal/card.php?action=create');
}
$url = DOL_URL_ROOT.'/comm/propal/card.php?action=create';
if (!empty($socid)) $url .= '&socid='.$socid;
$newcardbutton = dolGetButtonTitle($langs->trans('NewPropal'), '', 'fa fa-plus-circle', $url, '', $user->rights->propal->creer);
// Fields title search
print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
@ -638,12 +636,10 @@ if ($resql)
{
print '<td class="liste_titre center">';
print '<div class="nowrap">';
print $langs->trans('From').' ';
print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1);
print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
print '</div>';
print '<div class="nowrap">';
print $langs->trans('to').' ';
print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1);
print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
print '</div>';
print '</td>';
}
@ -652,12 +648,10 @@ if ($resql)
{
print '<td class="liste_titre center">';
print '<div class="nowrap">';
print $langs->trans('From').' ';
print $form->selectDate($search_dateend_start ? $search_dateend_start : -1, 'search_dateend_start', 0, 0, 1);
print $form->selectDate($search_dateend_start ? $search_dateend_start : -1, 'search_dateend_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
print '</div>';
print '<div class="nowrap">';
print $langs->trans('to').' ';
print $form->selectDate($search_dateend_end ? $search_dateend_end : -1, 'search_dateend_end', 0, 0, 1);
print $form->selectDate($search_dateend_end ? $search_dateend_end : -1, 'search_dateend_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
print '</div>';
print '</td>';
}
@ -666,12 +660,10 @@ if ($resql)
{
print '<td class="liste_titre center">';
print '<div class="nowrap">';
print $langs->trans('From').' ';
print $form->selectDate($search_datedelivery_start ? $search_datedelivery_start : -1, 'search_datedelivery_start', 0, 0, 1);
print $form->selectDate($search_datedelivery_start ? $search_datedelivery_start : -1, 'search_datedelivery_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
print '</div>';
print '<div class="nowrap">';
print $langs->trans('to').' ';
print $form->selectDate($search_datedelivery_end ? $search_datedelivery_end : -1, 'search_datedelivery_end', 0, 0, 1);
print $form->selectDate($search_datedelivery_end ? $search_datedelivery_end : -1, 'search_datedelivery_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
print '</div>';
print '</td>';
}

34
htdocs/commande/list.php
View File

@ -483,11 +483,9 @@ if ($resql)
if (in_array($massaction, array('presend', 'predelete', 'createbills'))) $arrayofmassactions = array();
$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
$newcardbutton = '';
if ($contextpage == 'orderlist' && $user->rights->commande->creer)
{
$newcardbutton .= dolGetButtonTitle($langs->trans('NewOrder'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/commande/card.php?action=create');
}
$url = DOL_URL_ROOT.'/commande/card.php?action=create';
if (!empty($socid)) $url .= '&socid='.$socid;
$newcardbutton = dolGetButtonTitle($langs->trans('NewOrder'), '', 'fa fa-plus-circle', $url, '', $contextpage == 'orderlist' && $user->rights->commande->creer);
// Lines of title fields
print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
@ -632,31 +630,31 @@ if ($resql)
if (!empty($arrayfields['c.ref']['checked']))
{
print '<td class="liste_titre">';
print '<input class="flat" size="6" type="text" name="search_ref" value="'.$search_ref.'">';
print '<input class="flat" size="6" type="text" name="search_ref" value="'.dol_escape_htmltag($search_ref).'">';
print '</td>';
}
// Ref customer
if (!empty($arrayfields['c.ref_client']['checked']))
{
print '<td class="liste_titre" align="left">';
print '<input class="flat" type="text" size="6" name="search_ref_customer" value="'.$search_ref_customer.'">';
print '<input class="flat" type="text" size="6" name="search_ref_customer" value="'.dol_escape_htmltag($search_ref_customer).'">';
print '</td>';
}
// Project ref
if (!empty($arrayfields['p.ref']['checked']))
{
print '<td class="liste_titre"><input type="text" class="flat" size="6" name="search_project_ref" value="'.$search_project_ref.'"></td>';
print '<td class="liste_titre"><input type="text" class="flat" size="6" name="search_project_ref" value="'.dol_escape_htmltag($search_project_ref).'"></td>';
}
// Project title
if (!empty($arrayfields['p.title']['checked']))
{
print '<td class="liste_titre"><input type="text" class="flat" size="6" name="search_project" value="'.$search_project.'"></td>';
print '<td class="liste_titre"><input type="text" class="flat" size="6" name="search_project" value="'.dol_escape_htmltag($search_project).'"></td>';
}
// Thirpdarty
if (!empty($arrayfields['s.nom']['checked']))
{
print '<td class="liste_titre" align="left">';
print '<input class="flat" type="text" name="search_company" value="'.$search_company.'">';
print '<input class="flat" type="text" name="search_company" value="'.dol_escape_htmltag($search_company).'">';
print '</td>';
}
// Town
@ -689,12 +687,10 @@ if ($resql)
{
print '<td class="liste_titre center">';
print '<div class="nowrap">';
print $langs->trans('From').' ';
print $form->selectDate($search_dateorder_start ? $search_dateorder_start : -1, 'search_dateorder_start', 0, 0, 1);
print $form->selectDate($search_dateorder_start ? $search_dateorder_start : -1, 'search_dateorder_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
print '</div>';
print '<div class="nowrap">';
print $langs->trans('to').' ';
print $form->selectDate($search_dateorder_end ? $search_dateorder_end : -1, 'search_dateorder_end', 0, 0, 1);
print $form->selectDate($search_dateorder_end ? $search_dateorder_end : -1, 'search_dateorder_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
print '</div>';
print '</td>';
}
@ -702,12 +698,10 @@ if ($resql)
{
print '<td class="liste_titre center">';
print '<div class="nowrap">';
print $langs->trans('From').' ';
print $form->selectDate($search_datedelivery_start ? $search_datedelivery_start : -1, 'search_datedelivery_start', 0, 0, 1);
print $form->selectDate($search_datedelivery_start ? $search_datedelivery_start : -1, 'search_datedelivery_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
print '</div>';
print '<div class="nowrap">';
print $langs->trans('to').' ';
print $form->selectDate($search_datedelivery_end ? $search_datedelivery_end : -1, 'search_datedelivery_end', 0, 0, 1);
print $form->selectDate($search_datedelivery_end ? $search_datedelivery_end : -1, 'search_datedelivery_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
print '</div>';
print '</td>';
}
@ -715,14 +709,14 @@ if ($resql)
{
// Amount
print '<td class="liste_titre right">';
print '<input class="flat" type="text" size="4" name="search_total_ht" value="'.$search_total_ht.'">';
print '<input class="flat" type="text" size="4" name="search_total_ht" value="'.dol_escape_htmltag($search_total_ht).'">';
print '</td>';
}
if (!empty($arrayfields['c.total_vat']['checked']))
{
// Amount
print '<td class="liste_titre right">';
print '<input class="flat" type="text" size="4" name="search_total_vat" value="'.$search_total_vat.'">';
print '<input class="flat" type="text" size="4" name="search_total_vat" value="'.dol_escape_htmltag($search_total_vat).'">';
print '</td>';
}
if (!empty($arrayfields['c.total_ttc']['checked']))

12
htdocs/compta/bank/bankentries_list.php
View File

@ -811,19 +811,19 @@ if ($resql)
$moreforfilter .= '<div class="divsearchfield">';
$moreforfilter .= $langs->trans('DateOperationShort').' :';
$moreforfilter .= ($conf->browser->layout == 'phone' ? '<br>' : ' ');
$moreforfilter .= '<div class="nowrap inline-block">'.$langs->trans('From').' ';
$moreforfilter .= $form->selectDate($search_dt_start, 'search_start_dt', 0, 0, 1, "search_form", 1, 0).'</div>';
$moreforfilter .= '<div class="nowrap inline-block">';
$moreforfilter .= $form->selectDate($search_dt_start, 'search_start_dt', 0, 0, 1, "search_form", 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')).'</div>';
//$moreforfilter .= ' - ';
$moreforfilter .= '<div class="nowrap inline-block">'.$langs->trans('to').' '.$form->selectDate($search_dt_end, 'search_end_dt', 0, 0, 1, "search_form", 1, 0).'</div>';
$moreforfilter .= '<div class="nowrap inline-block">'.$form->selectDate($search_dt_end, 'search_end_dt', 0, 0, 1, "search_form", 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')).'</div>';
$moreforfilter .= '</div>';
$moreforfilter .= '<div class="divsearchfield">';
$moreforfilter .= $langs->trans('DateValueShort').' : ';
$moreforfilter .= ($conf->browser->layout == 'phone' ? '<br>' : ' ');
$moreforfilter .= '<div class="nowrap inline-block">'.$langs->trans('From').' ';
$moreforfilter .= $form->selectDate($search_dv_start, 'search_start_dv', 0, 0, 1, "search_form", 1, 0).'</div>';
$moreforfilter .= '<div class="nowrap inline-block">';
$moreforfilter .= $form->selectDate($search_dv_start, 'search_start_dv', 0, 0, 1, "search_form", 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')).'</div>';
//$moreforfilter .= ' - ';
$moreforfilter .= '<div class="nowrap inline-block">'.$langs->trans('to').' '.$form->selectDate($search_dv_end, 'search_end_dv', 0, 0, 1, "search_form", 1, 0).'</div>';
$moreforfilter .= '<div class="nowrap inline-block">'.$form->selectDate($search_dv_end, 'search_end_dv', 0, 0, 1, "search_form", 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')).'</div>';
$moreforfilter .= '</div>';
if (!empty($conf->categorie->enabled))

7
htdocs/compta/bank/list.php
View File

@ -247,12 +247,7 @@ if ($user->rights->banque->supprimer) $arrayofmassactions['predelete'] = '<span
if (in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array();
$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
$newcardbutton = '';
if ($user->rights->banque->configurer)
{
$newcardbutton .= dolGetButtonTitle($langs->trans('NewFinancialAccount'), '', 'fa fa-plus-circle', 'card.php?action=create');
}
$newcardbutton = dolGetButtonTitle($langs->trans('NewFinancialAccount'), '', 'fa fa-plus-circle', 'card.php?action=create', '', $user->rights->banque->configurer);
// Lines of title fields
print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';

40
htdocs/compta/bank/various_payment/list.php
View File

@ -240,8 +240,10 @@ if ($result)
if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.urlencode($limit);
if ($search_ref) $param .= '&search_ref='.urlencode($search_ref);
if ($search_label) $param .= '&search_label='.urlencode($search_label);
if ($search_date_start) $param .= '&search_date_start='.urlencode($search_date_start);
if ($search_date_end) $param .= '&search_date_end='.urlencode($search_date_end);
if ($search_datep_start) $param .= '&search_datep_start='.urlencode($search_datep_start);
if ($search_datep_end) $param .= '&search_datep_end='.urlencode($search_datep_end);
if ($search_datev_start) $param .= '&search_datev_start='.urlencode($search_datev_start);
if ($search_datev_end) $param .= '&search_datev_end='.urlencode($search_datev_end);
if ($typeid > 0) $param .= '&typeid='.urlencode($typeid);
if ($search_amount_deb) $param .= '&search_amount_deb='.urlencode($search_amount_deb);
if ($search_amount_cred) $param .= '&search_amount_cred='.urlencode($search_amount_cred);
@ -251,11 +253,9 @@ if ($result)
if ($optioncss != '') $param .= '&amp;optioncss='.urlencode($optioncss);
$newcardbutton = '';
if ($user->rights->banque->modifier)
{
$newcardbutton .= dolGetButtonTitle($langs->trans('MenuNewVariousPayment'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/bank/various_payment/card.php?action=create');
}
$url = DOL_URL_ROOT.'/compta/bank/various_payment/card.php?action=create';
if (!empty($socid)) $url .= '&socid='.$socid;
$newcardbutton = dolGetButtonTitle($langs->trans('MenuNewVariousPayment'), '', 'fa fa-plus-circle', $url, '', $user->rights->banque->modifier);
print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
@ -306,12 +306,10 @@ if ($result)
if ($arrayfields['datep']['checked']) {
print '<td class="liste_titre center">';
print '<div class="nowrap">';
print $langs->trans('From').' ';
print $form->selectDate($search_datep_start ? $search_datep_start : -1, 'search_date_start', 0, 0, 1);
print $form->selectDate($search_datep_start ? $search_datep_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
print '</div>';
print '<div class="nowrap">';
print $langs->trans('to').' ';
print $form->selectDate($search_datep_end ? $search_datep_end : -1, 'search_date_end', 0, 0, 1);
print $form->selectDate($search_datep_end ? $search_datep_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
print '</div>';
print '</td>';
}
@ -320,12 +318,10 @@ if ($result)
if ($arrayfields['datev']['checked']) {
print '<td class="liste_titre center">';
print '<div class="nowrap">';
print $langs->trans('From').' ';
print $form->selectDate($search_datev_start ? $search_datev_start : -1, 'search_date_value_start', 0, 0, 1);
print $form->selectDate($search_datev_start ? $search_datev_start : -1, 'search_date_value_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
print '</div>';
print '<div class="nowrap">';
print $langs->trans('to').' ';
print $form->selectDate($search_datev_end ? $search_datev_end : -1, 'search_date_value_end', 0, 0, 1);
print $form->selectDate($search_datev_end ? $search_datev_end : -1, 'search_date_value_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
print '</div>';
print '</td>';
}
@ -333,7 +329,7 @@ if ($result)
// Payment type
if ($arrayfields['type']['checked']) {
print '<td class="liste_titre left">';
$form->select_types_paiements($typeid, 'typeid', '', 0, 1, 1, 16);
$form->select_types_paiements($typeid, 'typeid', '', 0, 1, 1, 16, 1, 'maxwidth100');
print '</td>';
}
@ -347,14 +343,14 @@ if ($result)
// Bank account
if ($arrayfields['bank']['checked']) {
print '<td class="liste_titre">';
$form->select_comptes($search_bank_account, 'search_account', 0, '', 1);
$form->select_comptes($search_bank_account, 'search_account', 0, '', 1, '', 0, 'maxwidth100');
print '</td>';
}
// Bank entry
if ($arrayfields['entry']['checked']) {
print '<td class="liste_titre right">';
print '<input name="search_bank_entry" class="flat" type="text" size="8" value="'.$search_bank_entry.'">';
print '<td class="liste_titre left">';
print '<input name="search_bank_entry" class="flat maxwidth50" type="text" value="'.dol_escape_htmltag($search_bank_entry).'">';
print '</td>';
}
@ -379,14 +375,14 @@ if ($result)
// Debit
if ($arrayfields['debit']['checked']) {
print '<td class="liste_titre right">';
print '<input name="search_amount_deb" class="flat" type="text" size="8" value="'.$search_amount_deb.'">';
print '<input name="search_amount_deb" class="flat maxwidth50" type="text" value="'.dol_escape_htmltag($search_amount_deb).'">';
print '</td>';
}
// Credit
if ($arrayfields['credit']['checked']) {
print '<td class="liste_titre right">';
print '<input name="search_amount_cred" class="flat" type="text" size="8" value="'.$search_amount_cred.'">';
print '<input name="search_amount_cred" class="flat maxwidth50" type="text" size="8" value="'.dol_escape_htmltag($search_amount_cred).'">';
print '</td>';
}
@ -471,7 +467,7 @@ if ($result)
// Project
if ($arrayfields['project']['checked']) {
$proj->fetch($obj->fk_project);
print '<td>'.$proj->getNomUrl(1).'</td>';
print '<td class="nowraponall">'.$proj->getNomUrl(1).'</td>';
if (!$i) $totalarray['nbfield']++;
}

5
htdocs/compta/facture/card-rec.php
View File

@ -1617,13 +1617,12 @@ if ($action == 'create')
// Show object lines
if (!empty($object->lines))
{
//$disableedit=1;
//$disablemove=1;
$canchangeproduct = 1;
$ret = $object->printObjectLines($action, $mysoc, $object->thirdparty, $lineid, 0); // No date selector for template invoice
}
// Form to add new line
if ($object->statut == 0 && $user->rights->facture->creer && $action != 'valid' && $action != 'editline')
if ($object->statut == $object::STATUS_DRAFT && $user->rights->facture->creer && $action != 'valid' && $action != 'editline')
{
if ($action != 'editline')
{

24
htdocs/compta/facture/list.php
View File

@ -674,10 +674,12 @@ if ($resql)
if (in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array();
$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
$newcardbutton = '';
if ($user->rights->facture->creer && $contextpage != 'poslist')
// Show the new button only when this page is not opend from the Extended POS
if ($contextpage != 'poslist')
{
$newcardbutton .= dolGetButtonTitle($langs->trans('NewBill'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/facture/card.php?action=create');
$url = DOL_URL_ROOT.'/compta/facture/card.php?action=create';
if (!empty($socid)) $url .= '&socid='.$socid;
$newcardbutton = dolGetButtonTitle($langs->trans('NewBill'), '', 'fa fa-plus-circle', $url, '', $user->rights->facture->creer);
}
$i = 0;
@ -756,6 +758,7 @@ if ($resql)
$varpage = empty($contextpage) ? $_SERVER["PHP_SELF"] : $contextpage;
$selectedfields = $form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage); // This also change content of $arrayfields
// Show the massaction checkboxes only when this page is not opend from the Extended POS
if ($massactionbutton && $contextpage != 'poslist') $selectedfields .= $form->showCheckAddButtons('checkforselect', 1);
print '<div class="div-table-responsive">';
@ -804,12 +807,10 @@ if ($resql)
{
print '<td class="liste_titre center">';
print '<div class="nowrap">';
print $langs->trans('From').' ';
print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1);
print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
print '</div>';
print '<div class="nowrap">';
print $langs->trans('to').' ';
print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1);
print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
print '</div>';
print '</td>';
}
@ -818,12 +819,10 @@ if ($resql)
{
print '<td class="liste_titre center">';
print '<div class="nowrap">';
print $langs->trans('From').' ';
print $form->selectDate($search_date_valid_start ? $search_date_valid_start : -1, 'search_date_valid_start', 0, 0, 1);
print $form->selectDate($search_date_valid_start ? $search_date_valid_start : -1, 'search_date_valid_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
print '</div>';
print '<div class="nowrap">';
print $langs->trans('to').' ';
print $form->selectDate($search_date_valid_end ? $search_date_valid_end : -1, 'search_date_valid_end', 0, 0, 1);
print $form->selectDate($search_date_valid_end ? $search_date_valid_end : -1, 'search_date_valid_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
print '</div>';
print '</td>';
}
@ -1566,7 +1565,7 @@ if ($resql)
if (!$i) $totalarray['nbfield']++;
}
// Action column
// Action column (Show the massaction button only when this page is not opend from the Extended POS)
print '<td class="nowrap" align="center">';
if (($massactionbutton || $massaction) && $contextpage != 'poslist') // If we are in select mode (massactionbutton defined) or if we have already selected and sent an action ($massaction) defined
{
@ -1597,6 +1596,7 @@ if ($resql)
print "</form>\n";
// Show the file area only when this page is not opend from the Extended POS
if ($contextpage != 'poslist') {
$hidegeneratedfilelistifempty = 1;
if ($massaction == 'builddoc' || $action == 'remove_file' || $show_files) $hidegeneratedfilelistifempty = 0;

12
htdocs/compta/localtax/list.php
View File

@ -31,7 +31,7 @@ $langs->load("compta");
$socid = GETPOST('socid', 'int');
if ($user->socid) $socid = $user->socid;
$result = restrictedArea($user, 'tax', '', '', 'charges');
$ltt = GETPOST("localTaxType");
$ltt = GETPOST("localTaxType", 'int');
/*
@ -42,17 +42,15 @@ llxHeader();
$localtax_static = new Localtax($db);
$newcardbutton = '';
if ($user->rights->tax->charges->creer)
{
$newcardbutton .= dolGetButtonTitle($langs->trans('NewLocalTaxPayment', ($ltt + 1)), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/localtax/card.php?action=create&localTaxType='.$ltt);
}
$url = DOL_URL_ROOT.'/compta/localtax/card.php?action=create&localTaxType='.$ltt;
if (!empty($socid)) $url .= '&socid='.$socid;
$newcardbutton = dolGetButtonTitle($langs->trans('NewLocalTaxPayment', ($ltt + 1)), '', 'fa fa-plus-circle', $url, '', $user->rights->tax->charges->creer);
print load_fiche_titre($langs->transcountry($ltt == 2 ? "LT2Payments" : "LT1Payments", $mysoc->country_code), $newcardbutton, 'title_accountancy');
$sql = "SELECT rowid, amount, label, f.datev, f.datep";
$sql .= " FROM ".MAIN_DB_PREFIX."localtax as f ";
$sql .= " WHERE f.entity = ".$conf->entity." AND localtaxtype=".$db->escape($ltt);
$sql .= " WHERE f.entity = ".$conf->entity." AND localtaxtype = ".$db->escape($ltt);
$sql .= " ORDER BY datev DESC";
$result = $db->query($sql);

8
htdocs/compta/paiement/cheque/list.php
View File

@ -124,11 +124,9 @@ if ($resql)
if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param .= '&contextpage='.$contextpage;
if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.$limit;
$newcardbutton = '';
if ($user->rights->banque->cheque)
{
$newcardbutton .= dolGetButtonTitle($langs->trans('NewCheckDeposit'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/paiement/cheque/card.php?action=new');
}
$url = DOL_URL_ROOT.'/compta/paiement/cheque/card.php?action=new';
if (!empty($socid)) $url .= '&socid='.$socid;
$newcardbutton = dolGetButtonTitle($langs->trans('NewCheckDeposit'), '', 'fa fa-plus-circle', $url, '', $user->rights->banque->cheque);
print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';

20
htdocs/compta/tva/list.php
View File

@ -146,11 +146,9 @@ if ($result)
if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.$limit;
if ($typeid) $param .= '&amp;typeid='.$typeid;
$newcardbutton = '';
if ($user->rights->tax->charges->creer)
{
$newcardbutton .= dolGetButtonTitle($langs->trans('NewVATPayment', ($ltt + 1)), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/tva/card.php?action=create');
}
$url = DOL_URL_ROOT.'/compta/tva/card.php?action=create';
if (!empty($socid)) $url .= '&socid='.$socid;
$newcardbutton = dolGetButtonTitle($langs->trans('NewVATPayment', ($ltt + 1)), '', 'fa fa-plus-circle', $url, '', $user->rights->tax->charges->creer);
print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
@ -172,22 +170,18 @@ if ($result)
// Date end period
print '<td class="liste_titre center">';
print '<div class="nowrap">';
print $langs->trans('From').' ';
print $form->selectDate($search_dateend_start ? $search_dateend_start : -1, 'search_dateend_start', 0, 0, 1);
print $form->selectDate($search_dateend_start ? $search_dateend_start : -1, 'search_dateend_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
print '</div>';
print '<div class="nowrap">';
print $langs->trans('to').' ';
print $form->selectDate($search_dateend_end ? $search_dateend_end : -1, 'search_dateend_end', 0, 0, 1);
print $form->selectDate($search_dateend_end ? $search_dateend_end : -1, 'search_dateend_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
print '</div>';
// Date payment
print '<td class="liste_titre center">';
print '<div class="nowrap">';
print $langs->trans('From').' ';
print $form->selectDate($search_datepayment_start ? $search_datepayment_start : -1, 'search_datepayment_start', 0, 0, 1);
print $form->selectDate($search_datepayment_start ? $search_datepayment_start : -1, 'search_datepayment_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
print '</div>';
print '<div class="nowrap">';
print $langs->trans('to').' ';
print $form->selectDate($search_datepayment_end ? $search_datepayment_end : -1, 'search_datepayment_end', 0, 0, 1);
print $form->selectDate($search_datepayment_end ? $search_datepayment_end : -1, 'search_datepayment_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
print '</div>';
// Type
print '<td class="liste_titre left">';

6
htdocs/contact/list.php
View File

@ -538,11 +538,7 @@ if ($user->rights->societe->supprimer) $arrayofmassactions['predelete'] = '<span
if (in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array();
$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
$newcardbutton = '';
if ($user->rights->societe->contact->creer)
{
$newcardbutton .= dolGetButtonTitle($langs->trans('NewContactAddress'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/contact/card.php?action=create');
}
$newcardbutton = dolGetButtonTitle($langs->trans('NewContactAddress'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/contact/card.php?action=create', '', $user->rights->societe->contact->creer);
print '<form method="post" action="'.$_SERVER["PHP_SELF"].'" name="formfilter">';
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';

30
htdocs/contrat/card.php
View File

@ -665,6 +665,7 @@ if (empty($reshook))
$fk_unit = GETPOST('unit', 'alpha');
$objectline->fk_product = GETPOST('idprod', 'int');
$objectline->description = GETPOST('product_desc', 'restricthtml');
$objectline->price_ht = GETPOST('elprice');
$objectline->subprice = GETPOST('elprice');
@ -1436,8 +1437,6 @@ if ($action == 'create')
$usemargins = 0;
if (!empty($conf->margin->enabled) && !empty($object->element) && in_array($object->element, array('facture', 'propal', 'commande'))) $usemargins = 1;
$var = false;
// Title line for service
$cursorline = 1;
print '<div id="contrat-lines-container" data-contractid="'.$object->id.'" data-element="'.$object->element.'" >';
@ -1448,7 +1447,6 @@ if ($action == 'create')
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="updateline">';
print '<input type="hidden" name="elrowid" value="'.$object->lines[$cursorline - 1]->id.'">';
print '<input type="hidden" name="idprod" value="'.(!empty($object->lines[$cursorline - 1]->fk_product) ? $object->lines[$cursorline - 1]->fk_product : 0).'">';
print '<input type="hidden" name="fournprice" value="'.(!empty($object->lines[$cursorline - 1]->fk_fournprice) ? $object->lines[$cursorline - 1]->fk_fournprice : 0).'">';
// Area with common detail of line
@ -1632,17 +1630,29 @@ if ($action == 'create')
// Ligne carac
print '<tr class="oddeven">';
print '<td>';
if ($objp->fk_product)
if ($objp->fk_product > 0)
{
$productstatic->id = $objp->fk_product;
$productstatic->type = $objp->ptype;
$productstatic->ref = $objp->pref;
$productstatic->entity = $objp->pentity;
print $productstatic->getNomUrl(1, '', 32);
print $objp->label ? ' - '.dol_trunc($objp->label, 32) : '';
$canchangeproduct = 1;
if (empty($canchangeproduct)) {
$productstatic->id = $objp->fk_product;
$productstatic->type = $objp->ptype;
$productstatic->ref = $objp->pref;
$productstatic->entity = $objp->pentity;
print $productstatic->getNomUrl(1, '', 32);
print $objp->label ? ' - '.dol_trunc($objp->label, 32) : '';
print '<input type="hidden" name="idprod" value="'.(!empty($object->lines[$cursorline - 1]->fk_product) ? $object->lines[$cursorline - 1]->fk_product : 0).'">';
} else {
$senderissupplier = 0;
if (empty($senderissupplier)) {
print $form->select_produits((!empty($object->lines[$cursorline - 1]->fk_product) ? $object->lines[$cursorline - 1]->fk_product : 0), 'idprod');
} else {
print $form->select_produits_fournisseurs((!empty($object->lines[$cursorline - 1]->fk_product) ? $object->lines[$cursorline - 1]->fk_product : 0), 'idprod');
}
}
print '<br>';
} else {
print $objp->label ? $objp->label.'<br>' : '';
print '<input type="hidden" name="idprod" value="'.(!empty($object->lines[$cursorline - 1]->fk_product) ? $object->lines[$cursorline - 1]->fk_product : 0).'">';
}
// editeur wysiwyg

1
htdocs/contrat/class/contrat.class.php
View File

@ -1911,7 +1911,6 @@ class Contrat extends CommonObject
}
$statusType = 'status'.$status;
if ($status == self::STATUS_VALIDATED) $statusType = 'status4';
if ($status == self::STATUS_VALIDATED) $statusType = 'status6';
if ($mode == 4 || $mode == 6 || $mode == 7)

8
htdocs/contrat/list.php
View File

@ -369,11 +369,9 @@ if ($user->rights->contrat->supprimer) $arrayofmassactions['predelete'] = '<span
if (in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array();
$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
$newcardbutton = '';
if ($user->rights->contrat->creer)
{
$newcardbutton .= dolGetButtonTitle($langs->trans('NewContractSubscription'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/contrat/card.php?action=create');
}
$url = DOL_URL_ROOT.'/contrat/card.php?action=create';
if (!empty($socid)) $url .= '&socid='.$socid;
$newcardbutton = dolGetButtonTitle($langs->trans('NewContractSubscription'), '', 'fa fa-plus-circle', $url, '', $user->rights->contrat->creer);
print '<form method="POST" action="'.$_SERVER['PHP_SELF'].'">';
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';

2
htdocs/core/class/commondocgenerator.class.php
View File

@ -397,6 +397,8 @@ abstract class CommonDocGenerator
$array_key.'_payment_term_code'=>$object->cond_reglement_code,
$array_key.'_payment_term'=>($outputlangs->transnoentitiesnoconv('PaymentCondition'.$object->cond_reglement_code) != 'PaymentCondition'.$object->cond_reglement_code ? $outputlangs->transnoentitiesnoconv('PaymentCondition'.$object->cond_reglement_code) : ($object->cond_reglement_doc ? $object->cond_reglement_doc : $object->cond_reglement)),
$array_key.'_incoterms'=>(method_exists($object, 'display_incoterms') ? $object->display_incoterms() : ''),
$array_key.'_bank_iban'=>$bank_account->iban,
$array_key.'_bank_bic'=>$bank_account->bic,

14
htdocs/core/class/commonobject.class.php
View File

@ -5741,11 +5741,9 @@ abstract class CommonObject
}
// Set value of $morecss. For this, we use in priority showsize from parameters, then $val['css'] then autodefine
if (empty($morecss) && !empty($val['css']))
{
if (empty($morecss) && !empty($val['css'])) {
$morecss = $val['css'];
} elseif (empty($morecss))
{
} elseif (empty($morecss)) {
if ($type == 'date')
{
$morecss = 'minwidth100imp';
@ -5792,16 +5790,16 @@ abstract class CommonObject
{
$tmp = explode(',', $size);
$newsize = $tmp[0];
$out = '<input type="text" class="flat '.$morecss.' maxwidthonsmartphone" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" maxlength="'.$newsize.'" value="'.dol_escape_htmltag($value).'"'.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
$out = '<input type="text" class="flat '.$morecss.'" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" maxlength="'.$newsize.'" value="'.dol_escape_htmltag($value).'"'.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
} elseif (in_array($type, array('real')))
{
$out = '<input type="text" class="flat '.$morecss.' maxwidthonsmartphone" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" value="'.dol_escape_htmltag($value).'"'.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
$out = '<input type="text" class="flat '.$morecss.'" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" value="'.dol_escape_htmltag($value).'"'.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
} elseif (preg_match('/varchar/', $type))
{
$out = '<input type="text" class="flat '.$morecss.' maxwidthonsmartphone" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" maxlength="'.$size.'" value="'.dol_escape_htmltag($value).'"'.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
$out = '<input type="text" class="flat '.$morecss.'" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" maxlength="'.$size.'" value="'.dol_escape_htmltag($value).'"'.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
} elseif (in_array($type, array('mail', 'phone', 'url')))
{
$out = '<input type="text" class="flat '.$morecss.' maxwidthonsmartphone" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" value="'.dol_escape_htmltag($value).'" '.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
$out = '<input type="text" class="flat '.$morecss.'" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" value="'.dol_escape_htmltag($value).'" '.($moreparam ? $moreparam : '').($autofocusoncreate ? ' autofocus' : '').'>';
} elseif ($type == 'text')
{
if (!preg_match('/search_/', $keyprefix)) // If keyprefix is search_ or search_options_, we must just use a simple text field

8
htdocs/core/class/html.form.class.php
View File

@ -4038,7 +4038,7 @@ class Form
* type can be 'hidden', 'text', 'password', 'checkbox', 'radio', 'date', 'morecss', ...
* @param string $selectedchoice '' or 'no', or 'yes' or '1' or '0'
* @param int|string $useajax 0=No, 1=Yes, 2=Yes but submit page with &confirm=no if choice is No, 'xxx'=Yes and preoutput confirm box with div id=dialog-confirm-xxx
* @param int $height Force height of box (0 = auto)
* @param int|string $height Force height of box (0 = auto)
* @param int $width Force width of box ('999' or '90%'). Ignored and forced to 90% on smartphones.
* @param int $disableformtag 1=Disable form tag. Can be used if we are already inside a <form> section.
* @return string HTML ajax code if a confirm ajax popup is required, Pure HTML code if it's an html form
@ -4058,7 +4058,7 @@ class Form
// Set height automatically if not defined
if (empty($height)) {
$height = 210;
$height = 220;
if (is_array($formquestion) && count($formquestion) > 2) {
$height += ((count($formquestion) - 2) * 24);
}
@ -5280,10 +5280,11 @@ class Form
* @param string $openinghours Specify hour start and hour end for the select ex 8,20
* @param int $stepminutes Specify step for minutes between 1 and 30
* @param string $labeladddateof Label to use for the $adddateof parameter.
* @param string $placeholder Placeholder
* @return string Html for selectDate
* @see form_date(), select_month(), select_year(), select_dayofweek()
*/
public function selectDate($set_time = '', $prefix = 're', $h = 0, $m = 0, $empty = 0, $form_name = "", $d = 1, $addnowlink = 0, $disabled = 0, $fullday = '', $addplusone = '', $adddateof = '', $openinghours = '', $stepminutes = 1, $labeladddateof = '')
public function selectDate($set_time = '', $prefix = 're', $h = 0, $m = 0, $empty = 0, $form_name = "", $d = 1, $addnowlink = 0, $disabled = 0, $fullday = '', $addplusone = '', $adddateof = '', $openinghours = '', $stepminutes = 1, $labeladddateof = '', $placeholder = '')
{
global $conf, $langs;
@ -5420,6 +5421,7 @@ class Form
$retstring .= '<div class="nowrap inline-block">';
$retstring .= '<input id="'.$prefix.'" name="'.$prefix.'" type="text" class="maxwidthdate" maxlength="11" value="'.$formated_date.'"';
$retstring .= ($disabled ? ' disabled' : '');
$retstring .= ($placeholder ? ' placeholder="'.$placeholder.'"' : '');
$retstring .= ' onChange="dpChangeDay(\''.$prefix.'\',\''.$langs->trans("FormatDateShortJavaInput").'\'); "'; // FormatDateShortInput for dol_print_date / FormatDateShortJavaInput that is same for javascript
$retstring .= '>';

2
htdocs/core/class/html.formfile.class.php
View File

@ -1252,7 +1252,7 @@ class FormFile
} else {
print '<a href="'.$urlforhref['url'].'" class="'.$urlforhref['css'].'" target="'.$urlforhref['target'].'" mime="'.$urlforhref['mime'].'">';
}
print '<img class="photo maxwidth200" height="'.(($useinecm == 4 || $useinecm == 5 || $useinecm == 6) ? '12' : $maxheightmini).'" src="'.DOL_URL_ROOT.'/viewimage.php?modulepart='.$modulepart.'&entity='.(!empty($object->entity) ? $object->entity : $conf->entity).'&file='.urlencode($relativepath.$smallfile).'" title="">';
print '<img class="photo maxwidth200 shadow" height="'.(($useinecm == 4 || $useinecm == 5 || $useinecm == 6) ? '12' : $maxheightmini).'" src="'.DOL_URL_ROOT.'/viewimage.php?modulepart='.$modulepart.'&entity='.(!empty($object->entity) ? $object->entity : $conf->entity).'&file='.urlencode($relativepath.$smallfile).'" title="">';
print '</a>';
} else print '&nbsp;';
print '</td>';

1
htdocs/core/class/html.formother.class.php
View File

@ -1048,6 +1048,7 @@ class FormOther
// Class Form must have been already loaded
$selectboxlist .= '<!-- Form with select box list -->'."\n";
$selectboxlist .= '<form id="addbox" name="addbox" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
$selectboxlist .= '<input type="hidden" name="token" value="'.newToken().'">';
$selectboxlist .= '<input type="hidden" name="addbox" value="addbox">';
$selectboxlist .= '<input type="hidden" name="userid" value="'.$user->id.'">';
$selectboxlist .= '<input type="hidden" name="areacode" value="'.$areacode.'">';

11
htdocs/core/js/lib_head.js.php
View File

@ -1130,4 +1130,15 @@ $(document).ready(function() {
});
<?php } ?>
// Force to hide menus when page is inside an iFrame
$(document).ready(function() {
if (window.location !== window.parent.location ) {
console.log("Page is detected to be into an iframe, we hide by CSS the menus");
// The page is in an iframe
jQuery(".side-nav-vert, .side-nav").hide();
jQuery(".id-container").css('width', '100%');
}
});
// End of lib_head.js.php

26
htdocs/core/lib/date.lib.php
View File

@ -466,8 +466,8 @@ function dol_get_next_week($day, $week, $month, $year)
* @param int $year Year
* @param int $month Month
* @param mixed $gm False or 0 or 'server' = Return date to compare with server TZ, True or 1 to compare with GM date.
* Exemple: dol_get_first_day(1970,1,false) will return -3600 with TZ+1, after a dol_print_date will return 1970-01-01 00:00:00
* Exemple: dol_get_first_day(1970,1,true) will return 0 whatever is TZ, after a dol_print_date will return 1970-01-01 00:00:00
* Exemple: dol_get_first_day(1970,1,false) will return -3600 with TZ+1, a dol_print_date on it will return 1970-01-01 00:00:00
* Exemple: dol_get_first_day(1970,1,true) will return 0 whatever is TZ, a dol_print_date on it will return 1970-01-01 00:00:00
* @return int Date for first day, '' if error
*/
function dol_get_first_day($year, $month = 1, $gm = false)
@ -502,6 +502,28 @@ function dol_get_last_day($year, $month = 12, $gm = false)
return $datelim;
}
/** Return GMT time for last hour of a given GMT date (it removes hours, min and second part)
*
* @param int $date Date
* @return int Date for last hour of a given date
*/
function dol_get_last_hour($date)
{
$tmparray = dol_getdate($date);
return dol_mktime(23, 59, 59, $tmparray['mon'], $tmparray['mday'], $tmparray['year'], false);
}
/** Return GMT time for first hour of a given GMT date (it removes hours, min and second part)
*
* @param int $date Date
* @return int Date for last hour of a given date
*/
function dol_get_first_hour($date)
{
$tmparray = dol_getdate($date);
return dol_mktime(0, 0, 0, $tmparray['mon'], $tmparray['mday'], $tmparray['year'], false);
}
/** Return first day of week for a date. First day of week may be monday if option MAIN_START_WEEK is 1.
*
* @param int $day Day

15
htdocs/core/lib/functions.lib.php
View File

@ -3859,7 +3859,7 @@ function info_admin($text, $infoonimgalt = 0, $nodiv = 0, $admin = '1', $morecss
$result = ($nodiv ? '' : '<div class="'.$class.' hideonsmartphone'.($morecss ? ' '.$morecss : '').($textfordropdown ? ' hidden' : '').'">').'<span class="fa fa-info-circle" title="'.dol_escape_htmltag($admin ? $langs->trans('InfoAdmin') : $langs->trans('Note')).'"></span> '.$text.($nodiv ? '' : '</div>');
if ($textfordropdown) {
$tmpresult .= '<span class="'.$class.'text opacitymedium">'.$langs->trans($textfordropdown).' '.img_picto($langs->trans($textfordropdown), '1downarrow').'</span>';
$tmpresult .= '<span class="'.$class.'text opacitymedium cursorpointer">'.$langs->trans($textfordropdown).' '.img_picto($langs->trans($textfordropdown), '1downarrow').'</span>';
$tmpresult .= '<script type="text/javascript" language="javascript">
jQuery(document).ready(function() {
jQuery(".'.$class.'text").click(function() {
@ -4104,15 +4104,14 @@ function getTitleFieldOfList($name, $thead = 0, $file = "", $field = "", $begin
//var_dump('field='.$field.' field1='.$field1.' sortfield='.$sortfield.' sortfield1='.$sortfield1);
// If field is used as sort criteria we use a specific css class liste_titre_sel
// Example if (sortfield,field)=("nom","xxx.nom") or (sortfield,field)=("nom","nom")
$liste_titre = 'liste_titre';
if ($field1 && ($sortfield1 == $field1 || $sortfield1 == preg_replace("/^[^\.]+\./", "", $field1))) {
$out .= '<'.$tag.' class="'.$prefix.'liste_titre_sel" '.$moreattrib;
$out .= (($field && empty($conf->global->MAIN_DISABLE_WRAPPING_ON_COLUMN_TITLE) && preg_match('/^[a-zA-Z_0-9\s\.\-:&;]*$/', $name)) ? ' title="'.dol_escape_htmltag($langs->trans($name)).'"' : '');
$out .= '>';
} else {
$out .= '<'.$tag.' class="'.$prefix.'liste_titre" '.$moreattrib;
$out .= (($field && empty($conf->global->MAIN_DISABLE_WRAPPING_ON_COLUMN_TITLE) && preg_match('/^[a-zA-Z_0-9\s\.\-:&;]*$/', $name)) ? ' title="'.dol_escape_htmltag($langs->trans($name)).'"' : '');
$out .= '>';
$liste_titre = 'liste_titre_sel';
}
$out .= '<'.$tag.' class="'.$prefix.$liste_titre.'" '.$moreattrib;
//$out .= (($field && empty($conf->global->MAIN_DISABLE_WRAPPING_ON_COLUMN_TITLE) && preg_match('/^[a-zA-Z_0-9\s\.\-:&;]*$/', $name)) ? ' title="'.dol_escape_htmltag($langs->trans($name)).'"' : '');
$out .= (($field && empty($conf->global->MAIN_DISABLE_WRAPPING_ON_COLUMN_TITLE)) ? ' title="'.dol_escape_htmltag($langs->trans($name)).'"' : '');
$out .= '>';
if (empty($thead) && $field && empty($disablesortlink)) // If this is a sort field
{

2
htdocs/core/lib/security2.lib.php
View File

@ -92,7 +92,7 @@ function checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $auth
// Call function to check user/password
$function = 'check_user_password_'.$mode;
$login = call_user_func($function, $usertotest, $passwordtotest, $entitytotest, $context);
if ($login) // Login is successfull
if ($login && $login != '--bad-login-validity--') // Login is successfull
{
$test = false; // To stop once at first login success
$conf->authmode = $mode; // This properties is defined only when logged to say what mode was successfully used

15
htdocs/core/lib/treeview.lib.php
View File

@ -103,15 +103,16 @@ function tree_showpad(&$fulltree, $key, $silent = 0)
* $arrayofcss=array('/includes/jquery/plugins/jquerytreeview/jquery.treeview.css');
* TODO Replace with jstree plugin instead of treeview plugin.
*
* @param array $tab Array of all elements
* @param array $pere Array with parent ids ('rowid'=>,'mainmenu'=>,'leftmenu'=>,'fk_mainmenu=>,'fk_leftmenu=>)
* @param int $rang Level of element
* @param string $iddivjstree Id to use for parent ul element
* @param array $tab Array of all elements
* @param array $pere Array with parent ids ('rowid'=>,'mainmenu'=>,'leftmenu'=>,'fk_mainmenu=>,'fk_leftmenu=>)
* @param int $rang Level of element
* @param string $iddivjstree Id to use for parent ul element
* @param int $donoresetalreadyloaded Do not reset global array $donoresetalreadyloaded used to avoid to go down on an aleady processed record
* @param int $showfk 1=show fk_links to parent into label (used by menu editor only)
* @param int $showfk 1=show fk_links to parent into label (used by menu editor only)
* @param string $moreparam Add more param on url of elements
* @return void
*/
function tree_recur($tab, $pere, $rang, $iddivjstree = 'iddivjstree', $donoresetalreadyloaded = 0, $showfk = 0)
function tree_recur($tab, $pere, $rang, $iddivjstree = 'iddivjstree', $donoresetalreadyloaded = 0, $showfk = 0, $moreparam = '')
{
global $tree_recur_alreadyadded, $menu_handler_to_search;
@ -197,7 +198,7 @@ function tree_recur($tab, $pere, $rang, $iddivjstree = 'iddivjstree', $donoreset
if ($showfk)
{
print '<table class="nobordernopadding centpercent"><tr><td>';
print '<strong> &nbsp; <a href="edit.php?menu_handler='.$menu_handler_to_search.'&action=edit&menuId='.$tab[$x]['rowid'].'">';
print '<strong> &nbsp; <a href="edit.php?menu_handler='.$menu_handler_to_search.'&action=edit&menuId='.$tab[$x]['rowid'].$moreparam.'">';
print $tab[$x]['title'];
print '</a></strong>';
print '&nbsp; (mainmenu='.$tab[$x]['mainmenu'].' leftmenu='.$tab[$x]['leftmenu'].' - fk_mainmenu='.$tab[$x]['fk_mainmenu'].' fk_leftmenu='.$tab[$x]['fk_leftmenu'].')';

32
htdocs/core/login/functions_dolibarr.php
View File

@ -45,6 +45,7 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
if (!empty($usertotest))
{
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
dol_syslog("functions_dolibarr::check_user_password_dolibarr usertotest=".$usertotest." passwordtotest=".preg_replace('/./', '*', $passwordtotest)." entitytotest=".$entitytotest);
// If test username/password asked, we define $test=false if ko and $login var to login if ok, set also $_SESSION["dol_loginmesg"] if ko
@ -53,14 +54,15 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
$usernamecol2 = 'email';
$entitycol = 'entity';
$sql = 'SELECT rowid, login, entity, pass, pass_crypted';
$sql = 'SELECT rowid, login, entity, pass, pass_crypted, datestartvalidity, dateendvalidity';
$sql .= ' FROM '.$table;
$sql .= ' WHERE ('.$usernamecol1." = '".$db->escape($usertotest)."'";
if (preg_match('/@/', $usertotest)) $sql .= ' OR '.$usernamecol2." = '".$db->escape($usertotest)."'";
$sql .= ') AND '.$entitycol." IN (0,".($entity ? $entity : 1).")";
$sql .= ' AND statut = 1';
// Required to first found the user into entity, then the superadmin.
// For the case (TODO and that we must avoid) a user has renamed its login with same value than a user in entity 0.
// Note: Test on validity is done later
// Required to firstly found the user into entity, then the superadmin.
// For the case (TODO we must avoid that) a user has renamed its login with same value than a user in entity 0.
$sql .= ' ORDER BY entity DESC';
$resql = $db->query($sql);
@ -69,6 +71,20 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
$obj = $db->fetch_object($resql);
if ($obj)
{
$now = dol_now();
if ($obj->datestartvalidity && $db->jdate($obj->datestartvalidity) > $now) {
// Load translation files required by the page
$langs->loadLangs(array('main', 'errors'));
$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
return '--bad-login-validity--';
}
if ($obj->dateendvalidity && $db->jdate($obj->dateendvalidity) < dol_get_first_hour($now)) {
// Load translation files required by the page
$langs->loadLangs(array('main', 'errors'));
$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
return '--bad-login-validity--';
}
$passclear = $obj->pass;
$passcrypted = $obj->pass_crypted;
$passtyped = $passwordtotest;
@ -79,19 +95,19 @@ function check_user_password_dolibarr($usertotest, $passwordtotest, $entitytotes
$cryptType = '';
if (!empty($conf->global->DATABASE_PWD_ENCRYPTED)) $cryptType = $conf->global->DATABASE_PWD_ENCRYPTED;
// By default, we used MD5
if (!in_array($cryptType, array('md5'))) $cryptType = 'md5';
// By default, we use default setup for encryption rule
if (!in_array($cryptType, array('auto'))) $cryptType = 'auto';
// Check crypted password according to crypt algorithm
if ($cryptType == 'md5')
if ($cryptType == 'auto')
{
if (dol_verifyHash($passtyped, $passcrypted))
if (dol_verifyHash($passtyped, $passcrypted, '0'))
{
$passok = true;
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - ".$cryptType." of pass is ok");
}
}
// For compatibility with old versions
// For compatibility with very old versions
if (!$passok)
{
if ((!$passcrypted || $passtyped)

21
htdocs/core/login/functions_http.php
View File

@ -33,12 +33,33 @@
*/
function check_user_password_http($usertotest, $passwordtotest, $entitytotest)
{
global $db, $langs;
dol_syslog("functions_http::check_user_password_http _SERVER[REMOTE_USER]=".(empty($_SERVER["REMOTE_USER"]) ? '' : $_SERVER["REMOTE_USER"]));
$login = '';
if (!empty($_SERVER["REMOTE_USER"]))
{
$login = $_SERVER["REMOTE_USER"];
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
$tmpuser = new User($db);
$tmpuser->fetch('', $login, '', 1, ($entitytotest > 0 ? $entitytotest : -1));
$now = dol_now();
if ($tmpuser->datestartvalidity && $db->jdate($tmpuser->datestartvalidity) >= $now) {
// Load translation files required by the page
$langs->loadLangs(array('main', 'errors'));
$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
return '--bad-login-validity--';
}
if ($tmpuser->dateendvalidity && $db->jdate($tmpuser->dateendvalidity) <= dol_get_first_hour($now)) {
// Load translation files required by the page
$langs->loadLangs(array('main', 'errors'));
$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
return '--bad-login-validity--';
}
}
return $login;

22
htdocs/core/login/functions_ldap.php
View File

@ -151,6 +151,27 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
dol_syslog("functions_ldap::check_user_password_ldap Authentification ok");
$login = $usertotest;
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
$tmpuser = new User($db);
$tmpuser->fetch('', $login, '', 1, ($entitytotest > 0 ? $entitytotest : -1));
$now = dol_now();
if ($tmpuser->datestartvalidity && $db->jdate($tmpuser->datestartvalidity) >= $now) {
$ldap->close();
// Load translation files required by the page
$langs->loadLangs(array('main', 'errors'));
$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
return '--bad-login-validity--';
}
if ($tmpuser->dateendvalidity && $db->jdate($tmpuser->dateendvalidity) <= dol_get_first_hour($now)) {
$ldap->close();
// Load translation files required by the page
$langs->loadLangs(array('main', 'errors'));
$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
return '--bad-login-validity--';
}
// ldap2dolibarr synchronisation
if ($login && !empty($conf->ldap->enabled) && $conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr') // ldap2dolibarr synchronisation
{
@ -188,6 +209,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
//$resultUpdate = $usertmp->update_ldap2dolibarr($ldap);
}
unset($usertmp);
}

22
htdocs/core/login/functions_openid.php
View File

@ -36,7 +36,7 @@ include_once DOL_DOCUMENT_ROOT.'/core/class/openid.class.php';
*/
function check_user_password_openid($usertotest, $passwordtotest, $entitytotest)
{
global $_POST, $db, $conf, $langs;
global $db, $conf, $langs;
dol_syslog("functions_openid::check_user_password_openid usertotest=".$usertotest);
@ -57,7 +57,7 @@ function check_user_password_openid($usertotest, $passwordtotest, $entitytotest)
$openid->SetApprovedURL($protocol.$_SERVER["HTTP_HOST"].$_SERVER["SCRIPT_NAME"]); // Send Response from OpenID server to this script
$openid->Redirect(); // This will redirect user to OpenID Server
} else {
$error = $openid->GetError();
$_SESSION["dol_loginmesg"] = $openid->GetError();
return false;
}
return false;
@ -72,7 +72,7 @@ function check_user_password_openid($usertotest, $passwordtotest, $entitytotest)
{
// OK HERE KEY IS VALID
$sql = "SELECT login";
$sql = "SELECT login, entity, datestartvalidity, dateendvalidity";
$sql .= " FROM ".MAIN_DB_PREFIX."user";
$sql .= " WHERE openid = '".$db->escape($_GET['openid_identity'])."'";
$sql .= " AND entity IN (0,".($_SESSION["dol_entity"] ? $_SESSION["dol_entity"] : 1).")";
@ -84,13 +84,27 @@ function check_user_password_openid($usertotest, $passwordtotest, $entitytotest)
$obj = $db->fetch_object($resql);
if ($obj)
{
$now = dol_now();
if ($obj->datestartvalidity && $db->jdate($obj->datestartvalidity) > $now) {
// Load translation files required by the page
$langs->loadLangs(array('main', 'errors'));
$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
return '--bad-login-validity--';
}
if ($obj->dateendvalidity && $db->jdate($obj->dateendvalidity) < dol_get_first_hour($now)) {
// Load translation files required by the page
$langs->loadLangs(array('main', 'errors'));
$_SESSION["dol_loginmesg"] = $langs->trans("ErrorLoginDateValidity");
return '--bad-login-validity--';
}
$login = $obj->login;
}
}
} elseif ($openid->IsError() === true)
{
// ON THE WAY, WE GOT SOME ERROR
$error = $openid->GetError();
$_SESSION["dol_loginmesg"] = $openid->GetError();
return false;
} else {
// Signature Verification Failed

2
htdocs/core/modules/syslog/mod_syslog_syslog.php
View File

@ -16,7 +16,7 @@ class mod_syslog_syslog extends LogHandler implements LogHandlerInterface
*/
public function getName()
{
return 'Syslog';
return 'Syslogd';
}
/**

6
htdocs/core/tpl/commonfields_view.tpl.php
View File

@ -59,6 +59,7 @@ foreach ($object->fields as $key => $val)
print '</td>';
print '<td class="valuefield fieldname_'.$key;
if ($val['type'] == 'text') print ' wordbreak';
if ($val['cssview']) print ' '.$val['cssview'];
print '">';
if (in_array($val['type'], array('text', 'html'))) print '<div class="longmessagecut">';
print $object->showOutputField($val, $key, $value, '', '', '', 0);
@ -105,7 +106,10 @@ foreach ($object->fields as $key => $val)
if (!empty($val['help'])) print $form->textwithpicto($langs->trans($val['label']), $langs->trans($val['help']));
else print $langs->trans($val['label']);
print '</td>';
print '<td>';
print '<td class="valuefield fieldname_'.$key;
if ($val['type'] == 'text') print ' wordbreak';
if ($val['cssview']) print ' '.$val['cssview'];
print '">';
if (in_array($val['type'], array('text', 'html'))) print '<div class="longmessagecut">';
print $object->showOutputField($val, $key, $value, '', '', '', 0);
//print dol_escape_htmltag($object->$key, 1, 1);

41
htdocs/core/tpl/objectline_edit.tpl.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2010-2012 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2010-2012 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2010-2020 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2012 Christophe Battarel <christophe.battarel@altairis.fr>
* Copyright (C) 2012 Cédric Salvador <csalvador@gpcsolutions.fr>
* Copyright (C) 2012-2014 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
@ -29,6 +29,7 @@
* $forceall (0 by default, 1 for supplier invoices/orders)
* $senderissupplier (0 by default, 1 for supplier invoices/orders)
* $inputalsopricewithtax (0 by default, 1 to also show column with unit price including tax)
* $canchangeproduct (0 by default, 1 to allow to change the product if it is a predefined product)
*/
// Protection to avoid direct call of template
@ -42,12 +43,12 @@ if (empty($object) || !is_object($object))
$usemargins = 0;
if (!empty($conf->margin->enabled) && !empty($object->element) && in_array($object->element, array('facture', 'facturerec', 'propal', 'commande'))) $usemargins = 1;
global $forceall, $senderissupplier, $inputalsopricewithtax;
global $forceall, $senderissupplier, $inputalsopricewithtax, $canchangeproduct;
if (empty($dateSelector)) $dateSelector = 0;
if (empty($forceall)) $forceall = 0;
if (empty($senderissupplier)) $senderissupplier = 0;
if (empty($inputalsopricewithtax)) $inputalsopricewithtax = 0;
if (empty($canchangeproduct)) $canchangeproduct = 0;
// Define colspan for the button 'Add'
$colspan = 3; // Col total ht + col edit + col delete
@ -71,27 +72,33 @@ $coldisplay++;
<input type="hidden" name="lineid" value="<?php echo $line->id; ?>">
<input type="hidden" id="product_type" name="type" value="<?php echo $line->product_type; ?>">
<input type="hidden" id="product_id" name="productid" value="<?php echo (!empty($line->fk_product) ? $line->fk_product : 0); ?>" />
<input type="hidden" id="special_code" name="special_code" value="<?php echo $line->special_code; ?>">
<input type="hidden" id="fk_parent_line" name="fk_parent_line" value="<?php echo $line->fk_parent_line; ?>">
<?php if ($line->fk_product > 0) { ?>
<?php
if ($line->fk_parent_line > 0) echo img_picto('', 'rightarrow');
if (empty($canchangeproduct)) {
if ($line->fk_parent_line > 0) echo img_picto('', 'rightarrow');
?>
<a href="<?php echo DOL_URL_ROOT.'/product/card.php?id='.$line->fk_product; ?>">
<?php
if ($line->product_type == 1) echo img_object($langs->trans('ShowService'), 'service');
else print img_object($langs->trans('ShowProduct'), 'product');
echo ' '.$line->ref;
?>
</a>
<?php
echo ' - '.nl2br($line->product_label);
print '<input type="hidden" id="product_id" name="productid" value="'.(!empty($line->fk_product) ? $line->fk_product : 0).'">';
} else {
if ($senderissupplier) {
print $form->select_produits_fournisseurs(!empty($line->fk_product) ? $line->fk_product : 0, 'productid');
} else {
print $form->select_produits(!empty($line->fk_product) ? $line->fk_product : 0, 'productid');
}
}
?>
<a href="<?php echo DOL_URL_ROOT.'/product/card.php?id='.$line->fk_product; ?>">
<?php
if ($line->product_type == 1) echo img_object($langs->trans('ShowService'), 'service');
else print img_object($langs->trans('ShowProduct'), 'product');
echo ' '.$line->ref;
?>
</a>
<?php
echo ' - '.nl2br($line->product_label);
?>
<br><br>
<?php } ?>
<?php

9
htdocs/cron/admin/cron.php
View File

@ -61,7 +61,8 @@ if (!empty($actionsave))
* View
*/
llxHeader();
$help_url = '';
llxHeader('', '', $help_url);
$linkback = '<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
print load_fiche_titre($langs->trans("CronSetup"), $linkback, 'title_setup');
@ -81,17 +82,17 @@ print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
print "<td>".$langs->trans("Parameter")."</td>";
print "<td>".$langs->trans("Value")."</td>";
print "<td>&nbsp;</td>";
print "<td></td>";
print "</tr>";
print '<tr class="impair">';
print '<tr class="oddeven">';
print '<td class="fieldrequired">'.$langs->trans("KeyForCronAccess").'</td>';
$disabled = '';
if (!empty($conf->global->CRON_DISABLE_KEY_CHANGE)) $disabled = ' disabled="disabled"';
print '<td>';
if (empty($conf->global->CRON_DISABLE_KEY_CHANGE))
{
print '<input type="text" class="flat minwidth200"'.$disabled.' id="CRON_KEY" name="CRON_KEY" value="'.(GETPOST('CRON_KEY') ?GETPOST('CRON_KEY') : (!empty($conf->global->CRON_KEY) ? $conf->global->CRON_KEY : '')).'">';
print '<input type="text" class="flat minwidth300"'.$disabled.' id="CRON_KEY" name="CRON_KEY" value="'.(GETPOST('CRON_KEY') ?GETPOST('CRON_KEY') : (!empty($conf->global->CRON_KEY) ? $conf->global->CRON_KEY : '')).'">';
if (!empty($conf->use_javascript_ajax))
print '&nbsp;'.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_token" class="linkobject"');
} else {

10
htdocs/expedition/list.php
View File

@ -359,11 +359,11 @@ if ($resql)
if (in_array($massaction, array('presend'))) $arrayofmassactions = array();
$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
$newcardbutton = '';
if ($user->rights->expedition->creer)
{
$newcardbutton .= dolGetButtonTitle($langs->trans('NewSending'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/expedition/card.php?action=create2');
}
// Currently: a sending can't create from sending list
// $url = DOL_URL_ROOT.'/expedition/card.php?action=create';
// if (!empty($socid)) $url .= '&socid='.$socid;
// $newcardbutton = dolGetButtonTitle($langs->trans('NewSending'), '', 'fa fa-plus-circle', $url, '', $user->rights->expedition->creer);
$newcardbutton = dolGetButtonTitle($langs->trans('NewSending'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/expedition/card.php?action=create2', '', $user->rights->expedition->creer);
$i = 0;
print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">'."\n";

105
htdocs/expensereport/list.php
View File

@ -200,48 +200,6 @@ if (empty($reshook))
$permissiontodelete = $user->rights->expensereport->supprimer;
$uploaddir = $conf->expensereport->dir_output;
include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
if ($action == 'update' && !$cancel)
{
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
if ($canedituser) // Case we can edit all field
{
$error = 0;
if (!$error)
{
$objectuser->fetch($id);
$objectuser->oldcopy = clone $objectuser;
$db->begin();
$objectuser->default_range = GETPOST('default_range');
$objectuser->default_c_exp_tax_cat = GETPOST('default_c_exp_tax_cat');
if (!$error) {
$ret = $objectuser->update($user);
if ($ret < 0) {
$error++;
if ($db->errno() == 'DB_ERROR_RECORD_ALREADY_EXISTS') {
$langs->load("errors");
setEventMessages($langs->trans("ErrorLoginAlreadyExists", $objectuser->login), null, 'errors');
} else {
setEventMessages($objectuser->error, $objectuser->errors, 'errors');
}
}
}
if (!$error && !count($objectuser->errors)) {
setEventMessages($langs->trans("UserModified"), null, 'mesgs');
$db->commit();
} else {
$db->rollback();
}
}
}
}
}
@ -387,71 +345,22 @@ if ($resql)
dol_banner_tab($fuser, 'id', $linkback, $user->rights->user->user->lire || $user->admin);
print '<div class="fichecenter">';
print '<div class="underbanner clearboth"></div>';
if (!empty($conf->global->MAIN_USE_EXPENSE_IK))
{
print '<table class="border centpercent">';
if ($action == 'edit')
{
print '<tr><td class="titlefield">'.$langs->trans("DefaultCategoryCar").'</td>';
print '<td>';
print $form->selectExpenseCategories($fuser->default_c_exp_tax_cat, 'default_c_exp_tax_cat', 1);
print '</td></tr>';
print '<tr><td>'.$langs->trans("DefaultRangeNumber").'</td>';
print '<td>';
$maxRangeNum = ExpenseReportIk::getMaxRangeNumber($fuser->default_c_exp_tax_cat);
print $form->selectarray('default_range', range(0, $maxRangeNum), $fuser->default_range);
print '</td></tr>';
} else {
print '<tr><td class="titlefield">'.$langs->trans("DefaultCategoryCar").'</td>';
print '<td class="fk_c_exp_tax_cat">';
print dol_getIdFromCode($db, $fuser->default_c_exp_tax_cat, 'c_exp_tax_cat', 'rowid', 'label');
print '</td></tr>';
print '<tr><td>'.$langs->trans("DefaultRangeNumber").'</td>';
print '<td>';
print $fuser->default_range;
print '</td></tr>';
}
print '</table>';
}
print '</div>';
/*if (empty($conf->global->HOLIDAY_HIDE_BALANCE))
{
print '<div class="underbanner clearboth"></div>';
print '<br>';
showMyBalance($holiday, $user_id);
}*/
dol_fiche_end();
if ($action != 'edit')
{
print '<div class="tabsAction">';
if (!empty($conf->global->MAIN_USE_EXPENSE_IK))
{
print '<a href="'.$_SERVER["PHP_SELF"].'?action=edit&id='.$user_id.'" class="butAction">'.$langs->trans("Modify").'</a>';
}
$childids = $user->getAllChildIds(1);
$canedit = ((in_array($user_id, $childids) && $user->rights->expensereport->creer)
|| ($conf->global->MAIN_USE_ADVANCED_PERMS && $user->rights->expensereport->writeall_advance));
// Buttons for actions
if ($canedit)
{
if ($canedit) {
print '<a href="'.DOL_URL_ROOT.'/expensereport/card.php?action=create&fk_user_author='.$fuser->id.'" class="butAction">'.$langs->trans("AddTrip").'</a>';
} else {
print '<a href="#" class="butActionRefused" title="'.$langs->trans("NotEnoughPermission").'">'.$langs->trans("AddTrip").'</a>';
}
print '</div>';
@ -463,11 +372,9 @@ if ($resql)
} else {
$title = $langs->trans("ListTripsAndExpenses");
$newcardbutton = '';
if ($user->rights->expensereport->creer)
{
$newcardbutton .= dolGetButtonTitle($langs->trans('NewTrip'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/expensereport/card.php?action=create');
}
$url = DOL_URL_ROOT.'/expensereport/card.php?action=create';
if (!empty($socid)) $url .= '&socid='.$socid;
$newcardbutton = dolGetButtonTitle($langs->trans('NewTrip'), '', 'fa fa-plus-circle', $url, '', $user->rights->expensereport->creer);
print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'trip', 0, $newcardbutton, '', $limit, 0, 0, 1);
}

8
htdocs/fichinter/list.php
View File

@ -95,9 +95,10 @@ $fieldstosearchall = array(
's.nom'=>"ThirdParty",
'f.description'=>'Description',
'f.note_public'=>'NotePublic',
'fd.description'=>'DescriptionOfLine',
);
if (empty($user->socid)) $fieldstosearchall["f.note_private"] = "NotePrivate";
if (!empty($conf->global->FICHINTER_DISABLE_DETAILS)) unset($fieldstosearchall['f.description']);
if (!empty($conf->global->FICHINTER_DISABLE_DETAILS)) unset($fieldstosearchall['fd.description']);
// Definition of fields for list
$arrayfields = array(
@ -319,7 +320,10 @@ if ($resql)
$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
$newcardbutton = '';
$morehtmlcenter .= dolGetButtonTitle($langs->trans('NewIntervention'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/fichinter/card.php?action=create', '', $user->rights->ficheinter->creer);
$url = DOL_URL_ROOT.'/fichinter/card.php?action=create';
if (!empty($socid)) $url .= '&socid='.$socid;
$newcardbutton = dolGetButtonTitle($langs->trans('NewIntervention'), '', 'fa fa-plus-circle', $url, '', $user->rights->ficheinter->creer);
// Lines of title fields
print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">'."\n";

8
htdocs/fourn/commande/list.php
View File

@ -649,11 +649,9 @@ if ($resql)
if (in_array($massaction, array('presend', 'predelete', 'createbills'))) $arrayofmassactions = array();
$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
$newcardbutton = '';
if ($user->rights->fournisseur->commande->creer)
{
$newcardbutton .= dolGetButtonTitle($langs->trans('NewOrder'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/fourn/commande/card.php?action=create');
}
$url = DOL_URL_ROOT.'/fourn/commande/card.php?action=create';
if (!empty($socid)) $url .= '&socid='.$socid;
$newcardbutton = dolGetButtonTitle($langs->trans('NewOrder'), '', 'fa fa-plus-circle', $url, '', $user->rights->fournisseur->commande->creer);
// Fields title search
print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';

8
htdocs/fourn/facture/list.php
View File

@ -508,11 +508,9 @@ if ($resql)
if (in_array($massaction, array('presend', 'predelete', 'createbills'))) $arrayofmassactions = array();
$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
$newcardbutton = '';
if ($user->rights->fournisseur->facture->creer)
{
$newcardbutton .= dolGetButtonTitle($langs->trans('NewBill'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/fourn/facture/card.php?action=create');
}
$url = DOL_URL_ROOT.'/fourn/facture/card.php?action=create';
if (!empty($socid)) $url .= '&socid='.$socid;
$newcardbutton = dolGetButtonTitle($langs->trans('NewBill'), '', 'fa fa-plus-circle', $url, '', $user->rights->fournisseur->facture->creer);
$i = 0;
print '<form method="POST" name="searchFormList" action="'.$_SERVER["PHP_SELF"].'">'."\n";

6
htdocs/holiday/list.php
View File

@ -432,11 +432,7 @@ if ($resql)
} else {
$title = $langs->trans("ListeCP");
$newcardbutton = '';
if ($user->rights->holiday->write)
{
$newcardbutton .= dolGetButtonTitle($langs->trans('MenuAddCP'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/holiday/card.php?action=create');
}
$newcardbutton = dolGetButtonTitle($langs->trans('MenuAddCP'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/holiday/card.php?action=create', '', $user->rights->holiday->write);
print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'title_hrm', 0, $newcardbutton, '', $limit, 0, 0, 1);
}

3
htdocs/install/mysql/migration/12.0.0-13.0.0.sql
View File

@ -325,3 +325,6 @@ ALTER TABLE llx_expensereport_ik ADD COLUMN ikoffset double DEFAULT 0 NOT NULL;
ALTER TABLE llx_paiement ADD COLUMN ref_ext varchar(255) AFTER ref;
ALTER TABLE llx_bank ADD COLUMN origin_id integer;
ALTER TABLE llx_bank ADD COLUMN origin_type varchar(64) NULL;
ALTER TABLE llx_bank ADD COLUMN import_key varchar(14);

11
htdocs/install/mysql/tables/llx_bank.sql
View File

@ -32,11 +32,14 @@ create table llx_bank
fk_type varchar(6), -- TIP,VIR,PRE,CB,CHQ,... (Code in llx_c_paiement)
num_releve varchar(50),
num_chq varchar(50),
numero_compte varchar(32) NULL, -- FEC:CompteNum | account number
numero_compte varchar(32) NULL, -- FEC:CompteNum | account number
rappro tinyint default 0,
note text,
fk_bordereau integer DEFAULT 0,
banque varchar(255), -- banque pour les cheques
emetteur varchar(255), -- emetteur du cheque
author varchar(40) -- a supprimer apres migration
banque varchar(255), -- banque pour les cheques
emetteur varchar(255), -- emetteur du cheque
author varchar(40), -- a supprimer apres migration
origin_id integer,
origin_type varchar(64) NULL,
import_key varchar(14)
)ENGINE=innodb;

3
htdocs/langs/en_US/admin.lang
View File

@ -1075,6 +1075,7 @@ LabelUsedByDefault=Label used by default if no translation can be found for code
LabelOnDocuments=Label on documents
LabelOrTranslationKey=Label or translation key
ValueOfConstantKey=Value of a configuration constant
ConstantIsOn=Option %s is on
NbOfDays=No. of days
AtEndOfMonth=At end of month
CurrentNext=Current/Next
@ -1599,7 +1600,7 @@ SyslogLevel=Level
SyslogFilename=File name and path
YouCanUseDOL_DATA_ROOT=You can use DOL_DATA_ROOT/dolibarr.log for a log file in Dolibarr "documents" directory. You can set a different path to store this file.
ErrorUnknownSyslogConstant=Constant %s is not a known Syslog constant
OnlyWindowsLOG_USER=Windows only supports LOG_USER
OnlyWindowsLOG_USER=On Windows, only the LOG_USER facility will be supported
CompressSyslogs=Compression and backup of debug log files (generated by module Log for debug)
SyslogFileNumberOfSaves=Number of backup logs to keep
ConfigureCleaningCronjobToSetFrequencyOfSaves=Configure cleaning scheduled job to set log backup frequency

6
htdocs/langs/en_US/categories.lang
View File

@ -84,7 +84,7 @@ AddProductServiceIntoCategory=Add the following product/service
ShowCategory=Show tag/category
ByDefaultInList=By default in list
ChooseCategory=Choose category
StocksCategoriesArea=Warehouses Categories Area
ActionCommCategoriesArea=Events Categories Area
WebsitePagesCategoriesArea=Page-Container Categories Area
StocksCategoriesArea=Warehouses Categories
ActionCommCategoriesArea=Events Categories
WebsitePagesCategoriesArea=Page-Container Categories
UseOrOperatorForCategories=Use or operator for categories

3
htdocs/langs/en_US/errors.lang
View File

@ -216,7 +216,7 @@ ErrorChooseBetweenFreeEntryOrPredefinedProduct=You must choose if article is a p
ErrorDiscountLargerThanRemainToPaySplitItBefore=The discount you try to apply is larger than remain to pay. Split the discount in 2 smaller discounts before.
ErrorFileNotFoundWithSharedLink=File was not found. May be the share key was modified or file was removed recently.
ErrorProductBarCodeAlreadyExists=The product barcode %s already exists on another product reference.
ErrorNoteAlsoThatSubProductCantBeFollowedByLot=Note also that using virtual product to have auto increase/decrease of subproducts is not possible when at least one subproduct (or subproduct of subproducts) needs a serial/lot number.
ErrorNoteAlsoThatSubProductCantBeFollowedByLot=Note also that using kits to have auto increase/decrease of subproducts is not possible when at least one subproduct (or subproduct of subproducts) needs a serial/lot number.
ErrorDescRequiredForFreeProductLines=Description is mandatory for lines with free product
ErrorAPageWithThisNameOrAliasAlreadyExists=The page/container <strong>%s</strong> has the same name or alternative alias that the one your try to use
ErrorDuringChartLoad=Error when loading chart of accounts. If few accounts were not loaded, you can still enter them manually.
@ -244,6 +244,7 @@ ErrorProductNeedBatchNumber=Error, product '<b>%s</b>' need a lot/serial number
ErrorProductDoesNotNeedBatchNumber=Error, product '<b>%s</b>' does not accept a lot/serial number
ErrorFailedToReadObject=Error, failed to read object of type <b>%s</b>
ErrorParameterMustBeEnabledToAllwoThisFeature=Error, parameter <b>%s</b> must be enabled into <b>conf/conf.php<b> to allow use of Command Line Interface by the internal job scheduler
ErrorLoginDateValidity=Error, this login is outside the validity date range
# Warnings
WarningParamUploadMaxFileSizeHigherThanPostMaxSize=Your PHP parameter upload_max_filesize (%s) is higher than PHP parameter post_max_size (%s). This is not a consistent setup.
WarningPasswordSetWithNoAccount=A password was set for this member. However, no user account was created. So this password is stored but can't be used to login to Dolibarr. It may be used by an external module/interface but if you don't need to define any login nor password for a member, you can disable option "Manage a login for each member" from Member module setup. If you need to manage a login but don't need any password, you can keep this field empty to avoid this warning. Note: Email can also be used as a login if the member is linked to a user.

2
htdocs/langs/en_US/modulebuilder.lang
View File

@ -77,7 +77,7 @@ IsAMeasure=Is a measure
DirScanned=Directory scanned
NoTrigger=No trigger
NoWidget=No widget
GoToApiExplorer=Go to API explorer
GoToApiExplorer=API explorer
ListOfMenusEntries=List of menu entries
ListOfDictionariesEntries=List of dictionaries entries
ListOfPermissionsDefined=List of defined permissions

14
htdocs/langs/en_US/products.lang
View File

@ -108,20 +108,20 @@ FillWithLastServiceDates=Fill with last service line dates
MultiPricesAbility=Multiple price segments per product/service (each customer is in one price segment)
MultiPricesNumPrices=Number of prices
DefaultPriceType=Base of prices per default (with versus without tax) when adding new sale prices
AssociatedProductsAbility=Activate virtual products (kits)
AssociatedProducts=Virtual products
AssociatedProductsNumber=Number of products composing this virtual product
AssociatedProductsAbility=Activate kits (virtual products)
AssociatedProducts=Kits
AssociatedProductsNumber=Number of products composing this kit
ParentProductsNumber=Number of parent packaging product
ParentProducts=Parent products
IfZeroItIsNotAVirtualProduct=If 0, this product is not a virtual product
IfZeroItIsNotUsedByVirtualProduct=If 0, this product is not used by any virtual product
IfZeroItIsNotAVirtualProduct=If 0, this product is not a kit
IfZeroItIsNotUsedByVirtualProduct=If 0, this product is not used by any kit
KeywordFilter=Keyword filter
CategoryFilter=Category filter
ProductToAddSearch=Search product to add
NoMatchFound=No match found
ListOfProductsServices=List of products/services
ProductAssociationList=List of products/services that are component(s) of this virtual product/kit
ProductParentList=List of virtual products/services with this product as a component
ProductAssociationList=List of products/services that are component(s) of this kit
ProductParentList=List of kits with this product as a component
ErrorAssociationIsFatherOfThis=One of selected product is parent with current product
DeleteProduct=Delete a product/service
ConfirmDeleteProduct=Are you sure you want to delete this product/service?

2
htdocs/langs/en_US/stocks.lang
View File

@ -198,8 +198,6 @@ inventoryWarningProductAlreadyExists=This product is already into list
SelectCategory=Category filter
SelectFournisseur=Vendor filter
inventoryOnDate=Inventory
INVENTORY_DISABLE_VIRTUAL=Virtual product (kit): do not decrement stock of a child product
INVENTORY_USE_MIN_PA_IF_NO_LAST_PA=Use the buy price if no last buy price can be found
INVENTORY_USE_INVENTORY_DATE_FOR_DATE_OF_MVT=Stock movements will have the date of inventory (instead of the date of inventory validation)
inventoryChangePMPPermission=Allow to change PMP value for a product
ColumnNewPMP=New unit PMP

4
htdocs/langs/en_US/users.lang
View File

@ -111,8 +111,10 @@ UserAccountancyCode=User accounting code
UserLogoff=User logout
UserLogged=User logged
DateOfEmployment=Employment date
DateEmployment=Employment Start Date
DateEmployment=Employment
DateEmploymentstart=Employment Start Date
DateEmploymentEnd=Employment End Date
RangeOfLoginValidity=Date range of login validity
CantDisableYourself=You can't disable your own user record
ForceUserExpenseValidator=Force expense report validator
ForceUserHolidayValidator=Force leave request validator

5
htdocs/langs/en_US/website.lang
View File

@ -31,7 +31,7 @@ AddWebsite=Add website
Webpage=Web page/container
AddPage=Add page/container
HomePage=Home Page
PageContainer=Page/container
PageContainer=Page
PreviewOfSiteNotYetAvailable=Preview of your website <strong>%s</strong> not yet available. You must first '<strong>Import a full website template</strong>' or just '<strong>Add a page/container</strong>'.
RequestedPageHasNoContentYet=Requested page with id %s has no content yet, or cache file .tpl.php was removed. Edit content of the page to solve this.
SiteDeleted=Web site '%s' deleted
@ -134,4 +134,5 @@ AvailableLanguagesAreDefinedIntoWebsiteProperties=Available languages are define
ReplacementDoneInXPages=Replacement done in %s pages or containers
RSSFeed=RSS Feed
RSSFeedDesc=You can get a RSS feed of latest articles with type 'blogpost' using this URL
PagesRegenerated=%s page(s)/container(s) regenerated
PagesRegenerated=%s page(s)/container(s) regenerated
RegenerateWebsiteContent=Regenerate web site cache files

8
htdocs/loan/list.php
View File

@ -150,11 +150,9 @@ if ($resql)
if ($search_amount) $param .= "&search_amount=".urlencode($search_amount);
if ($optioncss != '') $param .= '&optioncss='.urlencode($optioncss);
$newcardbutton = '';
if ($user->rights->loan->write)
{
$newcardbutton .= dolGetButtonTitle($langs->trans('NewLoan'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/loan/card.php?action=create');
}
$url = DOL_URL_ROOT.'/loan/card.php?action=create';
if (!empty($socid)) $url .= '&socid='.$socid;
$newcardbutton = dolGetButtonTitle($langs->trans('NewLoan'), '', 'fa fa-plus-circle', $url, '', $user->rights->loan->write);
print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">'."\n";
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';

21
htdocs/main.inc.php
View File

@ -144,7 +144,9 @@ function analyseVarsForSqlAndScriptsInjection(&$var, $type)
$errormessage = 'Access refused to '.$ip.' by SQL or Script injection protection in main.inc.php (type='.htmlentities($type).' key='.htmlentities($key).' value='.htmlentities($value).' page='.htmlentities($_SERVER["REQUEST_URI"]).')';
print $errormessage;
// Add entry into error log
error_log($errormessage);
if (function_exists('error_log')) {
error_log($errormessage);
}
// TODO Add entry into security audit table
exit;
}
@ -380,9 +382,13 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->gl
//print 'Unset POST by CSRF protection in main.inc.php.'; // Do not output anything because this create problems when using the BACK button on browsers.
setEventMessages('SecurityTokenHasExpiredSoActionHasBeenCanceledPleaseRetry', null, 'warnings');
//if ($conf->global->MAIN_FEATURES_LEVEL >= 1) setEventMessages('Unset POST and GET params by CSRF protection in main.inc.php (Token provided was not generated by the previous page).'."<br>\n".'$_SERVER[REQUEST_URI] = '.$_SERVER['REQUEST_URI'].' $_SERVER[REQUEST_METHOD] = '.$_SERVER['REQUEST_METHOD'].' GETPOST(token) = '.GETPOST('token', 'alpha').' $_SESSION[token] = '.$_SESSION['token'], null, 'warnings');
$savid = ((int) $_POST['id']);
unset($_POST);
//unset($_POST['action']);
//unset($_POST['confirm']);
unset($_GET['confirm']);
unset($_GET['action']);
$_POST['id'] = ((int) $savid);
}
}
@ -557,6 +563,10 @@ if (!defined('NOLOGIN'))
if ($test && $goontestloop && (GETPOST('actionlogin', 'aZ09') == 'login' || $dolibarr_main_authentication != 'dolibarr'))
{
$login = checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode);
if ($login === '--bad-login-validity--') {
$login = '';
}
if ($login)
{
$dol_authmode = $conf->authmode; // This properties is defined only when logged, to say what mode was successfully used
@ -613,11 +623,16 @@ if (!defined('NOLOGIN'))
// No data to test login, so we show the login page.
dol_syslog("--- Access to ".$_SERVER["PHP_SELF"]." - action=".GETPOST('action', 'aZ09')." - actionlogin=".GETPOST('actionlogin', 'aZ09')." - showing the login form and exit");
if (defined('NOREDIRECTBYMAINTOLOGIN')) return 'ERROR_NOT_LOGGED';
else dol_loginfunction($langs, $conf, (!empty($mysoc) ? $mysoc : ''));
else {
if ($_SERVER["HTTP_USER_AGENT"] == 'securitytest') {
http_response_code(401); // It makes easier to understand if session was broken during security tests
}
dol_loginfunction($langs, $conf, (!empty($mysoc) ? $mysoc : ''));
}
exit;
}
$resultFetchUser = $user->fetch('', $login, '', 1, ($entitytotest > 0 ? $entitytotest : -1));
$resultFetchUser = $user->fetch('', $login, '', 1, ($entitytotest > 0 ? $entitytotest : -1)); // login was retreived previously when checking password.
if ($resultFetchUser <= 0)
{
dol_syslog('User not found, connexion refused');

57
htdocs/modulebuilder/index.php
View File

@ -94,6 +94,7 @@ $result = restrictedArea($user, 'modulebuilder', null);
$error = 0;
$form = new Form($db);
// Define $listofmodules
$dirsrootforscan = array($dirread);
@ -101,7 +102,7 @@ $dirsrootforscan = array($dirread);
if ($dirread != DOL_DOCUMENT_ROOT && ($conf->global->MAIN_FEATURES_LEVEL >= 2 || !empty($conf->global->MODULEBUILDER_ADD_DOCUMENT_ROOT))) { $dirsrootforscan[] = DOL_DOCUMENT_ROOT; }
// Search modules to edit
$textforlistofdirs = '<!-- Scanned dir -->'."\n";
$textforlistofdirs = '<!-- Directory scanned -->'."\n";
$listofmodules = array();
$i = 0;
foreach ($dirsrootforscan as $dirread)
@ -170,6 +171,10 @@ foreach ($dirsrootforscan as $dirread)
if (empty($i)) $textforlistofdirs .= $langs->trans("DirScanned").' : ';
else $textforlistofdirs .= ', ';
$textforlistofdirs .= '<strong class="wordbreakimp">'.$dirread.'</strong>';
if ($dirread == DOL_DOCUMENT_ROOT) {
if ($conf->global->MAIN_FEATURES_LEVEL >= 2) $textforlistofdirs .= $form->textwithpicto('', $langs->trans("ConstantIsOn", "MAIN_FEATURES_LEVEL"));
if (! empty($conf->global->MODULEBUILDER_ADD_DOCUMENT_ROOT)) $textforlistofdirs .= $form->textwithpicto('', $langs->trans("ConstantIsOn", "MODULEBUILDER_ADD_DOCUMENT_ROOT"));
}
$i++;
}
@ -1562,7 +1567,7 @@ llxHeader('', $langs->trans("ModuleBuilder"), '', '', 0, 0,
'/includes/ace/src/ext-statusbar.js',
'/includes/ace/src/ext-language_tools.js',
//'/includes/ace/src/ext-chromevox.js'
), array());
), array(), '', 'classforhorizontalscrolloftabs');
$text = $langs->trans("ModuleBuilder");
@ -2558,6 +2563,7 @@ if ($module == 'initmodule')
print '<th class="center">'.$form->textwithpicto($langs->trans("SearchAll"), $langs->trans("SearchAllDesc")).'</th>';
print '<th class="center">'.$form->textwithpicto($langs->trans("IsAMeasure"), $langs->trans("IsAMeasureDesc")).'</th>';
print '<th class="center">'.$langs->trans("CSSClass").'</th>';
print '<th class="center">'.$langs->trans("CSSViewClass").'</th>';
print '<th class="center">'.$langs->trans("KeyForTooltip").'</th>';
print '<th class="center">'.$langs->trans("ShowOnCombobox").'</th>';
//print '<th class="center">'.$langs->trans("Disabled").'</th>';
@ -2589,6 +2595,7 @@ if ($module == 'initmodule')
print '<td class="center"><input class="text" size="2" name="propsearchall" value="'.dol_escape_htmltag(GETPOST('propsearchall', 'alpha')).'"></td>';
print '<td class="center"><input class="text" size="2" name="propisameasure" value="'.dol_escape_htmltag(GETPOST('propisameasure', 'alpha')).'"></td>';
print '<td class="center"><input class="text" size="2" name="propcss" value="'.dol_escape_htmltag(GETPOST('propcss', 'alpha')).'"></td>';
print '<td class="center"><input class="text" size="2" name="propcssview" value="'.dol_escape_htmltag(GETPOST('propcssview', 'alpha')).'"></td>';
print '<td class="center"><input class="text" size="2" name="prophelp" value="'.dol_escape_htmltag(GETPOST('prophelp', 'alpha')).'"></td>';
print '<td class="center"><input class="text" size="2" name="propshowoncombobox" value="'.dol_escape_htmltag(GETPOST('propshowoncombobox', 'alpha')).'"></td>';
//print '<td class="center"><input class="text" size="2" name="propdisabled" value="'.dol_escape_htmltag(GETPOST('propdisabled', 'alpha')).'"></td>';
@ -2629,6 +2636,7 @@ if ($module == 'initmodule')
$propsearchall = $propval['searchall'];
$propisameasure = $propval['isameasure'];
$propcss = $propval['css'];
$propcssview = $propval['cssview'];
$prophelp = $propval['help'];
$propshowoncombobox = $propval['showoncombobox'];
//$propdisabled=$propval['disabled'];
@ -2637,63 +2645,70 @@ if ($module == 'initmodule')
print '<tr class="oddeven">';
print '<td>';
print $propname;
print dol_escape_htmltag($propname);
print '</td>';
print '<td>';
print $proplabel;
print dol_escape_htmltag($proplabel);
print '</td>';
print '<td class="wordbreak">';
print $proptype;
print '<td class="tdoverflowmax200">';
print '<span title="'.dol_escape_htmltag($proptype).'">'.dol_escape_htmltag($proptype).'</span>';
print '</td>';
print '<td class="wordbreak">';
print '<td class="tdoverflowmax200">';
if ($proparrayofkeyval) {
print json_encode($proparrayofkeyval);
print '<span title="'.dol_escape_htmltag(json_encode($proparrayofkeyval)).'">';
print dol_escape_htmltag(json_encode($proparrayofkeyval));
print '</span>';
}
print '</td>';
print '<td class="center">';
print $propnotnull;
print dol_escape_htmltag($propnotnull);
print '</td>';
print '<td>';
print $propdefault;
print dol_escape_htmltag($propdefault);
print '</td>';
print '<td class="center">';
print $propindex ? '1' : '';
print '</td>';
print '<td class="center">';
print $propforeignkey ? $propforeignkey : '';
print $propforeignkey ? dol_escape_htmltag($propforeignkey) : '';
print '</td>';
print '<td class="right">';
print $propposition;
print dol_escape_htmltag($propposition);
print '</td>';
print '<td class="center">';
print $propenabled ? $propenabled : '';
print $propenabled ? dol_escape_htmltag($propenabled) : '';
print '</td>';
print '<td class="center">';
print $propvisible ? $propvisible : '0';
print $propvisible ? dol_escape_htmltag($propvisible) : '0';
print '</td>';
print '<td class="center">';
print $propnoteditable ? $propnoteditable : '';
print $propnoteditable ? dol_escape_htmltag($propnoteditable) : '';
print '</td>';
print '<td class="center">';
print $propsearchall ? '1' : '';
print '</td>';
print '<td class="center">';
print $propisameasure ? $propisameasure : '';
print $propisameasure ? dol_escape_htmltag($propisameasure) : '';
print '</td>';
print '<td class="center">';
print $propcss ? $propcss : '';
print $propcss ? dol_escape_htmltag($propcss) : '';
print '</td>';
print '<td class="center">';
print $prophelp ? $prophelp : '';
print $propcssview ? dol_escape_htmltag($propcssview) : '';
print '</td>';
print '<td class="tdoverflowmax200">';
print $prophelp ? dol_escape_htmltag($prophelp) : '';
print '</td>';
print '<td class="center">';
print $propshowoncombobox ? $propshowoncombobox : '';
print $propshowoncombobox ? dol_escape_htmltag($propshowoncombobox) : '';
print '</td>';
/*print '<td class="center">';
print $propdisabled?$propdisabled:'';
print '</td>';*/
print '<td>';
print $propcomment;
print '<td class="tdoverflowmax200">';
print '<span title="'.dol_escape_htmltag($propcomment).'">';
print dol_escape_htmltag($propcomment);
print '</span>';
print '</td>';
print '<td class="center">';
if ($propname != 'rowid')

4
htdocs/modulebuilder/template/class/myobject.class.php
View File

@ -83,7 +83,7 @@ class MyObject extends CommonObject
* 'foreignkey'=>'tablename.field' if the field is a foreign key (it is recommanded to name the field fk_...).
* 'searchall' is 1 if we want to search in this field when making a search from the quick search button.
* 'isameasure' must be set to 1 if you want to have a total on list for this field. Field type must be summable like integer or double(24,8).
* 'css' is the CSS style to use on field. For example: 'maxwidth200'
* 'css' and 'cssview' is the CSS style to use on field. 'css' is used in creation and update. 'cssview' is used in view mode. For example: 'maxwidth200', 'wordbreak'
* 'help' is a string visible as a tooltip on field
* 'showoncombobox' if value of the field must be visible into the label of the combobox that list record
* 'disabled' is 1 if we want to have the field locked by a 'disabled' attribute. In most cases, this is never set into the definition of $fields into class, but is set dynamically by some part of code.
@ -102,7 +102,7 @@ class MyObject extends CommonObject
'rowid' => array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-2, 'noteditable'=>1, 'notnull'=> 1, 'index'=>1, 'position'=>1, 'comment'=>'Id', 'css'=>'left'),
'ref' => array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>1, 'noteditable'=>0, 'default'=>'', 'notnull'=> 1, 'showoncombobox'=>1, 'index'=>1, 'position'=>10, 'searchall'=>1, 'comment'=>'Reference of object'),
'entity' => array('type'=>'integer', 'label'=>'Entity', 'enabled'=>1, 'visible'=>0, 'notnull'=> 1, 'default'=>1, 'index'=>1, 'position'=>20),
'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>1, 'visible'=>1, 'position'=>30, 'searchall'=>1, 'css'=>'minwidth200', 'help'=>'Help text', 'showoncombobox'=>1),
'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'enabled'=>1, 'visible'=>1, 'position'=>30, 'searchall'=>1, 'css'=>'minwidth300', 'cssview'=>'wordbreak', 'help'=>'Help text', 'showoncombobox'=>1),
'amount' => array('type'=>'price', 'label'=>'Amount', 'enabled'=>1, 'visible'=>1, 'default'=>'null', 'position'=>40, 'searchall'=>0, 'isameasure'=>1, 'help'=>'Help text for amount'),
'qty' => array('type'=>'real', 'label'=>'Qty', 'enabled'=>1, 'visible'=>1, 'default'=>'0', 'position'=>45, 'searchall'=>0, 'isameasure'=>1, 'help'=>'Help text for quantity', 'css'=>'maxwidth75imp'),
'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'visible'=> 1, 'enabled'=>1, 'position'=>50, 'notnull'=>-1, 'index'=>1, 'help'=>'LinkToThirparty'),

27
htdocs/product/list.php
View File

@ -313,8 +313,6 @@ if (empty($reshook))
* View
*/
$htmlother = new FormOther($db);
$title = $langs->trans("ProductsAndServices");
if ($search_type != '' && $search_type != '-1')
@ -543,21 +541,18 @@ if ($resql)
if ($type === "") $perm = ($user->rights->produit->creer || $user->rights->service->creer);
elseif ($type == Product::TYPE_SERVICE) $perm = $user->rights->service->creer;
elseif ($type == Product::TYPE_PRODUCT) $perm = $user->rights->produit->creer;
if ($perm)
{
$oldtype = $type;
$params = array();
if ($type === "") $params['forcenohideoftext'] = 1;
if ($type === "") {
$newcardbutton .= dolGetButtonTitle($langs->trans('NewProduct'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/product/card.php?action=create&type=0', '', 1, $params);
$type = Product::TYPE_SERVICE;
}
$label = 'NewProduct';
if ($type == Product::TYPE_SERVICE) $label = 'NewService';
$newcardbutton .= dolGetButtonTitle($langs->trans($label), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/product/card.php?action=create&type='.$type, '', 1, $params);
$type = $oldtype;
$oldtype = $type;
$params = array();
if ($type === "") $params['forcenohideoftext'] = 1;
if ($type === "") {
$newcardbutton .= dolGetButtonTitle($langs->trans('NewProduct'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/product/card.php?action=create&type=0', '', $perm, $params);
$type = Product::TYPE_SERVICE;
}
$label = 'NewProduct';
if ($type == Product::TYPE_SERVICE) $label = 'NewService';
$newcardbutton .= dolGetButtonTitle($langs->trans($label), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/product/card.php?action=create&type='.$type, '', $perm, $params);
$type = $oldtype;
print '<form action="'.$_SERVER["PHP_SELF"].'" method="post" name="formulaire">';
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';

2
htdocs/product/stock/card.php
View File

@ -258,7 +258,7 @@ if ($action == 'create')
// Parent entrepot
print '<tr><td>'.$langs->trans("AddIn").'</td><td>';
print $formproduct->selectWarehouses('', 'fk_parent', '', 1);
print $formproduct->selectWarehouses('ifone', 'fk_parent', '', 1);
print '</td></tr>';
// Description

1
htdocs/product/stock/class/mouvementstock.class.php
View File

@ -211,6 +211,7 @@ class MouvementStock extends CommonObject
{
if (empty($batch))
{
$langs->load("errors");
$this->errors[] = $langs->transnoentitiesnoconv("ErrorTryToMakeMoveOnProductRequiringBatchData", $product->ref);
dol_syslog("Try to make a movement of a product with status_batch on without any batch data");

2
htdocs/product/stock/product.php
View File

@ -195,7 +195,7 @@ if ($action == 'setdesiredstock' && !empty($user->rights->produit->creer))
// Correct stock
if ($action == "correct_stock" && !$cancel)
{
if (!(GETPOST("id_entrepot") > 0))
if (!(GETPOST("id_entrepot", 'int') > 0))
{
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Warehouse")), null, 'errors');
$error++;

142
htdocs/product/stock/replenish.php
View File

@ -312,6 +312,9 @@ if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entre
$sql .= ' '.$sqldesiredtock.' as desiredstockcombined, '.$sqlalertstock.' as seuil_stock_alertecombined,';
$sql .= ' s.fk_product,';
$sql .= ' SUM('.$db->ifsql("s.reel IS NULL", "0", "s.reel").') as stock_physique';
if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entrepot > 0) {
$sql .= ', SUM('.$db->ifsql("s.reel IS NULL OR s.fk_entrepot <> ".$fk_entrepot, "0", "s.reel").') as stock_real_warehouse';
}
// Add fields from hooks
$parameters = array();
@ -530,18 +533,20 @@ if (empty($fk_warhouse) && !empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_
if ($usevirtualstock == 1)
{
print $langs->trans("CurentSelectionMode").': ';
print $langs->trans("CurentlyUsingVirtualStock").' - ';
print '<a href="'.$_SERVER["PHP_SELF"].'?mode=physical&fk_supplier='.$fk_supplier.'&fk_entrepot='.$fk_entrepot.'">'.$langs->trans("UsePhysicalStock").'</a><br>';
print $langs->trans("CurentlyUsingVirtualStock");
print ' (<a href="'.$_SERVER["PHP_SELF"].'?mode=physical&fk_supplier='.$fk_supplier.'&fk_entrepot='.$fk_entrepot.'">'.$langs->trans("UsePhysicalStock").'</a>)';
print '<br>';
}
if ($usevirtualstock == 0)
{
print $langs->trans("CurentSelectionMode").': ';
print $langs->trans("CurentlyUsingPhysicalStock").' - ';
print '<a href="'.$_SERVER["PHP_SELF"].'?mode=virtual&fk_supplier='.$fk_supplier.'&fk_entrepot='.$fk_entrepot.'">'.$langs->trans("UseVirtualStock").'</a><br>';
print $langs->trans("CurentlyUsingPhysicalStock");
print ' (<a href="'.$_SERVER["PHP_SELF"].'?mode=virtual&fk_supplier='.$fk_supplier.'&fk_entrepot='.$fk_entrepot.'">'.$langs->trans("UseVirtualStock").'</a>)';
print '<br>';
}
print '<br>'."\n";
print '<form name="formFilterWarehouse" method="POST" action="">';
print '<form name="formFilterWarehouse" method="POST" action="'.$_SERVER["PHP_SELF"].'">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="filter">';
print '<input type="hidden" name="search_ref" value="'.$search_ref.'">';
@ -636,11 +641,13 @@ $param .= '&fk_supplier='.$fk_supplier;
$param .= '&fk_entrepot='.$fk_entrepot;
$stocklabel = $langs->trans('Stock');
$stocklabelbis = $langs->trans('Stock');
if ($usevirtualstock == 1) $stocklabel = $langs->trans('VirtualStock');
if ($usevirtualstock == 0) $stocklabel = $langs->trans('PhysicalStock');
if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entrepot > 0)
{
$stocklabel .= ' ('.$langs->trans("AllWarehouses").')';
$stocklabelbis = $stocklabel.' (Selected warehouse)';
$stocklabel .= ' ('.$langs->trans("AllWarehouses").')';
}
$texte = $langs->trans('Replenishment');
@ -689,6 +696,10 @@ if (!empty($conf->service->enabled) && $type == 1) print '<td class="liste_titre
print '<td class="liste_titre right">'.$form->textwithpicto($langs->trans('IncludeEmptyDesiredStock'), $langs->trans('IncludeProductWithUndefinedAlerts')).'&nbsp;<input type="checkbox" id="includeproductswithoutdesiredqty" name="includeproductswithoutdesiredqty" '.(!empty($includeproductswithoutdesiredqtychecked) ? $includeproductswithoutdesiredqtychecked : '').'></td>';
print '<td class="liste_titre right"></td>';
print '<td class="liste_titre right">'.$langs->trans('AlertOnly').'&nbsp;<input type="checkbox" id="salert" name="salert" '.(!empty($alertchecked) ? $alertchecked : '').'></td>';
if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entrepot > 0)
{
print '<td class="liste_titre">&nbsp;</td>';
}
print '<td class="liste_titre right">';
if (! empty($conf->global->STOCK_REPLENISH_ADD_CHECKBOX_INCLUDE_DRAFT_ORDER)) {
print $langs->trans('IncludeAlsoDraftOrders').'&nbsp;<input type="checkbox" id="draftorder" name="draftorder" '.(!empty($draftchecked) ? $draftchecked : '').'>';
@ -715,6 +726,10 @@ if (!empty($conf->service->enabled) && $type == 1) print_liste_field_titre('Dura
print_liste_field_titre('DesiredStock', $_SERVER["PHP_SELF"], 'p.desiredstock', $param, '', '', $sortfield, $sortorder, 'right ');
print_liste_field_titre('StockLimitShort', $_SERVER["PHP_SELF"], 'p.seuil_stock_alerte', $param, '', '', $sortfield, $sortorder, 'right ');
print_liste_field_titre($stocklabel, $_SERVER["PHP_SELF"], 'stock_physique', $param, '', '', $sortfield, $sortorder, 'right ');
if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entrepot > 0)
{
print_liste_field_titre($stocklabelbis, $_SERVER["PHP_SELF"], 'stock_real_warehouse', $param, '', '', $sortfield, $sortorder, 'right ');
}
print_liste_field_titre('Ordered', $_SERVER["PHP_SELF"], '', $param, '', '', $sortfield, $sortorder, 'right ');
print_liste_field_titre('StockToBuy', $_SERVER["PHP_SELF"], '', $param, '', '', $sortfield, $sortorder, 'right ');
print_liste_field_titre('SupplierRef', $_SERVER["PHP_SELF"], '', $param, '', '', $sortfield, $sortorder, 'right ');
@ -757,8 +772,10 @@ while ($i < ($limit ? min($num, $limit) : $num))
{
// If option to increase/decrease is not on an object validation, virtual stock may differs from physical stock.
$stock = $prod->stock_theorique;
//TODO $stockwarehouse = $prod->stock_warehouse[$fk_entrepot]->;
} else {
$stock = $prod->stock_reel;
$stockwarehouse = $prod->stock_warehouse[$fk_entrepot]->real;
}
// Force call prod->load_stats_xxx to choose status to count (otherwise it is loaded by load_stock function)
@ -774,20 +791,29 @@ while ($i < ($limit ? min($num, $limit) : $num))
//print $prod->stats_reception['qty'];
$ordered = $prod->stats_commande_fournisseur['qty'] - $prod->stats_reception['qty'];
$desiredstock = ($objp->desiredstockpse ? $objp->desiredstockpse : $objp->desiredstock);
$alertstock = ($objp->seuil_stock_alertepse ? $objp->seuil_stock_alertepse : $objp->seuil_stock_alerte);
$desiredstock = $objp->desiredstock;
$alertstock = $objp->seuil_stock_alerte;
$desiredstockwarehouse = ($objp->desiredstockpse ? $objp->desiredstockpse : '');
$alertstockwarehouse = ($objp->seuil_stock_alertepse ? $objp->seuil_stock_alertepse : '');
$warning = '';
if ($alertstock && ($stock < $alertstock))
{
$warning = img_warning($langs->trans('StockTooLow')).' ';
}
$warningwarehouse = '';
if ($alertstockwarehouse && ($stockwarehouse < $alertstockwarehouse))
{
$warningwarehouse = img_warning($langs->trans('StockTooLow')).' ';
}
//depending on conf, use either physical stock or
//virtual stock to compute the stock to buy value
if (empty($usevirtualstock)) $stocktobuy = max(max($desiredstock, $alertstock) - $stock - $ordered, 0);
else $stocktobuy = max(max($desiredstock, $alertstock) - $stock, 0); //ordered is already in $stock in virtual mode
if (empty($usevirtualstock)) $stocktobuywarehouse = max(max($desiredstockwarehouse, $alertstockwarehouse) - $stockwarehouse - $ordered, 0);
else $stocktobuywarehouse = max(max($desiredstockwarehouse, $alertstockwarehouse) - $stockwarehouse, 0); //ordered is already in $stock in virtual mode
$picto = '';
if ($ordered > 0)
@ -803,57 +829,67 @@ while ($i < ($limit ? min($num, $limit) : $num))
$picto = img_picto($langs->trans("NoPendingReceptionOnSupplierOrder"), 'help');
}
print '<tr class="oddeven">';
$variants = $prod->hasVariants();
if (!$variants || !empty($conf->global->VARIANT_ALLOW_STOCK_MOVEMENT_ON_VARIANT_PARENT)) {
print '<tr class="oddeven">';
// Select field
print '<td><input type="checkbox" class="check" name="choose'.$i.'"></td>';
// Select field
print '<td><input type="checkbox" class="check" name="choose'.$i.'"></td>';
print '<td class="nowrap">'.$prod->getNomUrl(1, '').'</td>';
print '<td class="nowrap">'.$prod->getNomUrl(1, 'stock').'</td>';
print '<td>'.$objp->label;
print '<input type="hidden" name="desc'.$i.'" value="'.dol_escape_htmltag($objp->description).'">'; // TODO Remove this and make a fetch to get description when creating order instead of a GETPOST
print '</td>';
print '<td>'.$objp->label;
print '<input type="hidden" name="desc'.$i.'" value="'.dol_escape_htmltag($objp->description).'">'; // TODO Remove this and make a fetch to get description when creating order instead of a GETPOST
print '</td>';
if (!empty($conf->service->enabled) && $type == 1)
{
if (preg_match('/([0-9]+)y/i', $objp->duration, $regs)) {
$duration = $regs[1].' '.$langs->trans('DurationYear');
} elseif (preg_match('/([0-9]+)m/i', $objp->duration, $regs)) {
$duration = $regs[1].' '.$langs->trans('DurationMonth');
} elseif (preg_match('/([0-9]+)d/i', $objp->duration, $regs)) {
$duration = $regs[1].' '.$langs->trans('DurationDay');
} else {
$duration = $objp->duration;
if (!empty($conf->service->enabled) && $type == 1)
{
$regs = array();
if (preg_match('/([0-9]+)y/i', $objp->duration, $regs)) {
$duration = $regs[1].' '.$langs->trans('DurationYear');
} elseif (preg_match('/([0-9]+)m/i', $objp->duration, $regs)) {
$duration = $regs[1].' '.$langs->trans('DurationMonth');
} elseif (preg_match('/([0-9]+)d/i', $objp->duration, $regs)) {
$duration = $regs[1].' '.$langs->trans('DurationDay');
} else {
$duration = $objp->duration;
}
print '<td class="center">'.$duration.'</td>';
}
print '<td class="center">'.$duration.'</td>';
// Desired stock
print '<td class="right">'.($fk_entrepot > 0 ? $desiredstockwarehouse : $desiredstock).'</td>';
// Limit stock for alert
print '<td class="right">'.($fk_entrepot > 0 ? $alertstockwarehouse : $alertstock).'</td>';
// Current stock (all warehouses)
print '<td class="right">'.$warning.$stock.'</td>';
// Current stock (warehouse selected only)
if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entrepot > 0)
{
print '<td class="right">'.$warningwarehouse.$stockwarehouse.'</td>';
}
// Already ordered
print '<td class="right"><a href="replenishorders.php?search_product='.$prod->id.'">'.$ordered.'</a> '.$picto.'</td>';
// To order
print '<td class="right"><input type="text" size="4" name="tobuy'.$i.'" value="'.($fk_entrepot > 0 ? $stocktobuywarehouse : $stocktobuy).'"></td>';
// Supplier
print '<td class="right">';
print $form->select_product_fourn_price($prod->id, 'fourn'.$i, $fk_supplier);
print '</td>';
// Fields from hook
$parameters = array('objp'=>$objp);
$reshook = $hookmanager->executeHooks('printFieldListValue', $parameters); // Note that $action and $object may have been modified by hook
print $hookmanager->resPrint;
print '</tr>';
}
// Desired stock
print '<td class="right">'.$desiredstock.'</td>';
// Limit stock for alert
print '<td class="right">'.$alertstock.'</td>';
// Current stock (all warehouses)
print '<td class="right">'.$warning.$stock.'</td>';
// Already ordered
print '<td class="right"><a href="replenishorders.php?search_product='.$prod->id.'">'.$ordered.'</a> '.$picto.'</td>';
// To order
print '<td class="right"><input type="text" size="4" name="tobuy'.$i.'" value="'.$stocktobuy.'"></td>';
// Supplier
print '<td class="right">';
print $form->select_product_fourn_price($prod->id, 'fourn'.$i, $fk_supplier);
print '</td>';
// Fields from hook
$parameters = array('objp'=>$objp);
$reshook = $hookmanager->executeHooks('printFieldListValue', $parameters); // Note that $action and $object may have been modified by hook
print $hookmanager->resPrint;
print '</tr>';
}
$i++;
}

9
htdocs/projet/list.php
View File

@ -448,11 +448,9 @@ if (in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions =
$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
$newcardbutton = '';
if ($user->rights->projet->creer)
{
$newcardbutton .= dolGetButtonTitle($langs->trans('NewProject'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/projet/card.php?action=create');
}
$url = DOL_URL_ROOT.'/projet/card.php?action=create';
if (!empty($socid)) $url .= '&socid='.$socid;
$newcardbutton = dolGetButtonTitle($langs->trans('NewProject'), '', 'fa fa-plus-circle', $url, '', $user->rights->projet->creer);
print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
@ -461,7 +459,6 @@ print '<input type="hidden" name="formfilteraction" id="formfilteraction" value=
print '<input type="hidden" name="action" value="list">';
print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
print '<input type="hidden" name="type" value="'.$type.'">';
print '<input type="hidden" name="contextpage" value="'.$contextpage.'">';
// Show description of content

6
htdocs/projet/tasks/list.php
View File

@ -421,11 +421,7 @@ if ($user->rights->societe->supprimer) $arrayofmassactions['predelete'] = '<span
if (in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array();
$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
$newcardbutton = '';
if ($user->rights->projet->creer)
{
$newcardbutton .= dolGetButtonTitle($langs->trans('NewTask'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/projet/tasks.php?action=create');
}
$newcardbutton = dolGetButtonTitle($langs->trans('NewTask'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/projet/tasks.php?action=create', '', $user->rights->projet->creer);
print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';

38
htdocs/public/payment/newpayment.php
View File

@ -68,8 +68,8 @@ $action = GETPOST('action', 'aZ09');
$suffix = GETPOST("suffix", 'aZ09');
$amount = price2num(GETPOST("amount", 'alpha'));
if (!GETPOST("currency", 'alpha')) $currency = $conf->currency;
else $currency = GETPOST("currency", 'alpha');
$source = GETPOST("s", 'alpha') ?GETPOST("s", 'alpha') : GETPOST("source", 'alpha');
else $currency = GETPOST("currency", 'aZ09');
$source = GETPOST("s", 'aZ09') ?GETPOST("s", 'aZ09') : GETPOST("source", 'aZ09');
$download = GETPOST('d', 'int') ?GETPOST('d', 'int') : GETPOST('download', 'int');
if (!$action)
@ -964,8 +964,8 @@ if ($source == 'order')
// Tag
print '<tr class="CTableRow'.($var ? '1' : '2').'"><td class="CTableRow'.($var ? '1' : '2').'">'.$langs->trans("PaymentCode");
print '</td><td class="CTableRow'.($var ? '1' : '2').'"><b style="word-break: break-all;">'.$fulltag.'</b>';
print '<input type="hidden" name="tag" value="'.$tag.'">';
print '<input type="hidden" name="fulltag" value="'.$fulltag.'">';
print '<input type="hidden" name="tag" value="'.dol_escape_htmltag($tag).'">';
print '<input type="hidden" name="fulltag" value="'.dol_escape_htmltag($fulltag).'">';
print '</td></tr>'."\n";
// Shipping address
@ -979,20 +979,20 @@ if ($source == 'order')
$phoneNum = $order->thirdparty->phone;
if ($shipToName && $shipToStreet && $shipToCity && $shipToCountryCode && $shipToZip)
{
print '<input type="hidden" name="shipToName" value="'.$shipToName.'">'."\n";
print '<input type="hidden" name="shipToStreet" value="'.$shipToStreet.'">'."\n";
print '<input type="hidden" name="shipToCity" value="'.$shipToCity.'">'."\n";
print '<input type="hidden" name="shipToState" value="'.$shipToState.'">'."\n";
print '<input type="hidden" name="shipToCountryCode" value="'.$shipToCountryCode.'">'."\n";
print '<input type="hidden" name="shipToZip" value="'.$shipToZip.'">'."\n";
print '<input type="hidden" name="shipToStreet2" value="'.$shipToStreet2.'">'."\n";
print '<input type="hidden" name="phoneNum" value="'.$phoneNum.'">'."\n";
print '<input type="hidden" name="shipToName" value="'.dol_escape_htmltag($shipToName).'">'."\n";
print '<input type="hidden" name="shipToStreet" value="'.dol_escape_htmltag($shipToStreet).'">'."\n";
print '<input type="hidden" name="shipToCity" value="'.dol_escape_htmltag($shipToCity).'">'."\n";
print '<input type="hidden" name="shipToState" value="'.dol_escape_htmltag($shipToState).'">'."\n";
print '<input type="hidden" name="shipToCountryCode" value="'.dol_escape_htmltag($shipToCountryCode).'">'."\n";
print '<input type="hidden" name="shipToZip" value="'.dol_escape_htmltag($shipToZip).'">'."\n";
print '<input type="hidden" name="shipToStreet2" value="'.dol_escape_htmltag($shipToStreet2).'">'."\n";
print '<input type="hidden" name="phoneNum" value="'.dol_escape_htmltag($phoneNum).'">'."\n";
} else {
print '<!-- Shipping address not complete, so we don t use it -->'."\n";
}
if (is_object($order->thirdparty)) print '<input type="hidden" name="thirdparty_id" value="'.$order->thirdparty->id.'">'."\n";
print '<input type="hidden" name="email" value="'.$order->thirdparty->email.'">'."\n";
print '<input type="hidden" name="vatnumber" value="'.$order->thirdparty->tva_intra.'">'."\n";
print '<input type="hidden" name="vatnumber" value="'.dol_escape_htmltag($order->thirdparty->tva_intra).'">'."\n";
$labeldesc = $langs->trans("Order").' '.$order->ref;
if (GETPOST('desc', 'alpha')) $labeldesc = GETPOST('desc', 'alpha');
print '<input type="hidden" name="desc" value="'.dol_escape_htmltag($labeldesc).'">'."\n";
@ -1065,8 +1065,9 @@ if ($source == 'invoice')
print '<tr class="CTableRow'.($var ? '1' : '2').'"><td class="CTableRow'.($var ? '1' : '2').'">'.$langs->trans("PaymentAmount");
if (empty($amount) && empty($object->paye)) print ' ('.$langs->trans("ToComplete").')';
print '</td><td class="CTableRow'.($var ? '1' : '2').'">';
if (empty($object->paye))
{
if ($object->type == $object::TYPE_CREDIT_NOTE) {
print '<b>'.$langs->trans("CreditNote").'</b>';
} elseif (empty($object->paye)) {
if (empty($amount) || !is_numeric($amount))
{
print '<input type="hidden" name="amount" value="'.GETPOST("amount", 'int').'">';
@ -1076,12 +1077,13 @@ if ($source == 'invoice')
print '<input type="hidden" name="amount" value="'.$amount.'">';
print '<input type="hidden" name="newamount" value="'.$amount.'">';
}
print ' <b>'.$langs->trans("Currency".$currency).'</b>';
print '<input type="hidden" name="currency" value="'.$currency.'">';
} else {
print '<b>'.price($object->total_ttc, 1, $langs).'</b>';
print ' <b>'.$langs->trans("Currency".$currency).'</b>';
print '<input type="hidden" name="currency" value="'.$currency.'">';
}
// Currency
print ' <b>'.$langs->trans("Currency".$currency).'</b>';
print '<input type="hidden" name="currency" value="'.$currency.'">';
print '</td></tr>'."\n";
// Tag

14
htdocs/salaries/list.php
View File

@ -153,11 +153,9 @@ if ($result)
if ($typeid) $param .= '&amp;typeid='.$typeid;
if ($optioncss != '') $param .= '&amp;optioncss='.$optioncss;
$newcardbutton = '';
if (!empty($user->rights->salaries->write))
{
$newcardbutton .= dolGetButtonTitle($langs->trans('NewSalaryPayment'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/salaries/card.php?action=create');
}
$url = DOL_URL_ROOT.'/salaries/card.php?action=create';
if (!empty($socid)) $url .= '&socid='.$socid;
$newcardbutton = dolGetButtonTitle($langs->trans('NewSalaryPayment'), '', 'fa fa-plus-circle', $url, '', $user->rights->salaries->write);
print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
@ -186,12 +184,10 @@ if ($result)
// Date
print '<td class="liste_titre center">';
print '<div class="nowrap">';
print $langs->trans('From').' ';
print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1);
print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
print '</div>';
print '<div class="nowrap">';
print $langs->trans('to').' ';
print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1);
print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
print '</div>';
print '</td>';
// Type

39
htdocs/societe/list.php
View File

@ -598,26 +598,28 @@ if ($user->rights->societe->supprimer) $arrayofmassactions['predelete'] = '<span
if (GETPOST('nomassaction', 'int') || in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array();
$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
$newcardbutton = '';
if ($user->rights->societe->creer && $contextpage != 'poslist')
{
$typefilter = '';
$label = 'MenuNewThirdParty';
$typefilter = '';
$label = 'MenuNewThirdParty';
if (!empty($type))
{
$typefilter = '&amp;type='.$type;
if ($type == 'p') $label = 'MenuNewProspect';
if ($type == 'c') $label = 'MenuNewCustomer';
if ($type == 'f') $label = 'NewSupplier';
}
$newcardbutton .= dolGetButtonTitle($langs->trans($label), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/societe/card.php?action=create'.$typefilter);
} elseif ($user->rights->societe->creer && $contextpage == 'poslist')
if (!empty($type))
{
$typefilter = '&amp;type='.$type;
if ($type == 'p') $label = 'MenuNewProspect';
if ($type == 'c') $label = 'MenuNewCustomer';
if ($type == 'f') $label = 'NewSupplier';
}
// Show the new button only when this page is not opend from the Extended POS (pop-up window)
// but allow it too, when a user has the rights to create a new customer
if ($contextpage != 'poslist')
{
$url = DOL_URL_ROOT.'/societe/card.php?action=create'.$typefilter;
if (!empty($socid)) $url .= '&socid='.$socid;
$newcardbutton = dolGetButtonTitle($langs->trans($label), '', 'fa fa-plus-circle', $url, '', $user->rights->societe->creer);
} elseif ($user->rights->societe->creer) {
$url = DOL_URL_ROOT.'/societe/card.php?action=create&type=c&contextpage=poslist&optioncss=print&backtopage='.$_SERVER["PHP_SELF"].'?contextpage=poslist&nomassaction=1&optioncss=print&place='.urlencode($place);
$label = 'MenuNewCustomer';
$newcardbutton .= dolGetButtonTitle($langs->trans($label), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/societe/card.php?action=create&type=c&contextpage=poslist&optioncss=print&backtopage='.$_SERVER["PHP_SELF"].'?contextpage=poslist&nomassaction=1&optioncss=print&place='.urlencode($place));
$newcardbutton .= dolGetButtonTitle($langs->trans($label), '', 'fa fa-plus-circle', $url);
}
print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'" name="formfilter" autocomplete="off">';
@ -701,6 +703,7 @@ if ($moreforfilter)
$varpage = empty($contextpage) ? $_SERVER["PHP_SELF"] : $contextpage;
$selectedfields = $form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage); // This also change content of $arrayfields
// Show the massaction checkboxes only when this page is not opend from the Extended POS
if ($massactionbutton && $contextpage != 'poslist') $selectedfields .= $form->showCheckAddButtons('checkforselect', 1);
if (empty($arrayfields['customerorsupplier']['checked'])) print '<input type="hidden" name="type" value="'.$type.'">';
@ -1308,7 +1311,7 @@ while ($i < min($num, $limit))
if (!$i) $totalarray['nbfield']++;
}
// Action column
// Action column (Show the massaction button only when this page is not opend from the Extended POS)
print '<td class="nowrap center">';
if (($massactionbutton || $massaction) && $contextpage != 'poslist') // If we are in select mode (massactionbutton defined) or if we have already selected and sent an action ($massaction) defined
{

8
htdocs/supplier_proposal/list.php
View File

@ -414,11 +414,9 @@ if ($resql)
if (in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array();
$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
$newcardbutton = '';
if ($user->rights->supplier_proposal->creer)
{
$newcardbutton .= dolGetButtonTitle($langs->trans('NewAskPrice'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/supplier_proposal/card.php?action=create');
}
$url = DOL_URL_ROOT.'/supplier_proposal/card.php?action=create';
if (!empty($socid)) $url .= '&socid='.$socid;
$newcardbutton = dolGetButtonTitle($langs->trans('NewAskPrice'), '', 'fa fa-plus-circle', $url, '', $user->rights->supplier_proposal->creer);
// Fields title search
print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';

6
htdocs/takepos/admin/terminal.php
View File

@ -202,11 +202,11 @@ if (!empty($conf->stock->enabled))
print '<tr class="oddeven"><td>'.$langs->trans("CashDeskIdWareHouse").'</td>'; // Force warehouse (this is not a default value)
print '<td>';
print '<td class="minwidth300">';
if (!$disabled)
{
print $formproduct->selectWarehouses($conf->global->{'CASHDESK_ID_WAREHOUSE'.$terminal}, 'CASHDESK_ID_WAREHOUSE'.$terminal, '', 1, $disabled);
print ' <a href="'.DOL_URL_ROOT.'/product/stock/card.php?action=create&backtopage='.urlencode($_SERVER["PHP_SELF"]).'"><span class="fa fa-plus-circle valignmiddle"></span></a>';
print $formproduct->selectWarehouses($conf->global->{'CASHDESK_ID_WAREHOUSE'.$terminal}, 'CASHDESK_ID_WAREHOUSE'.$terminal, '', 1, $disabled, 0, '', 0, 0, array(), 'maxwidth250');
print ' <a href="'.DOL_URL_ROOT.'/product/stock/card.php?action=create&backtopage='.urlencode($_SERVER["PHP_SELF"].'?&terminal='.$terminal).'"><span class="fa fa-plus-circle valignmiddle"></span></a>';
} else {
print '<span class="opacitymedium">'.$langs->trans("StockDecreaseForPointOfSaleDisabled").'</span>';
}

2
htdocs/takepos/index.php
View File

@ -836,7 +836,7 @@ if (empty($conf->global->TAKEPOS_HIDE_HEAD_BAR)) {
<div class="login_block_other">
<input type="text" id="search" name="search" onkeyup="Search2(<?php echo $keyCodeForEnter; ?>);" placeholder="<?php echo $langs->trans("Search"); ?>" autofocus>
<a onclick="ClearSearch();"><span class="fa fa-backspace"></span></a>
<a onclick="window.location.href='<?php echo DOL_URL_ROOT; ?>';"><span class="fas fa-home"></span></a>
<a onclick="window.location.href='<?php echo DOL_URL_ROOT.'/'; ?>';"><span class="fas fa-home"></span></a>
<?php if (empty($conf->dol_use_jmobile)) { ?>
<a onclick="FullScreen();"><span class="fa fa-expand-arrows-alt"></span></a>
<?php } ?>

25
htdocs/takepos/invoice.php
View File

@ -1065,7 +1065,30 @@ if ($placeid > 0)
$htmlforlines .= '</td>';
$htmlforlines .= '<td class="right">'.vatrate($line->remise_percent, true).'</td>';
$htmlforlines .= '<td class="right">'.$line->qty.'</td>';
$htmlforlines .= '<td class="right">';
if (!empty($conf->stock->enabled))
{
$constantforkey = 'CASHDESK_ID_WAREHOUSE'.$_SESSION["takeposterminal"];
$sql = "SELECT e.rowid, e.ref, e.lieu, e.fk_parent, e.statut, ps.reel, ps.rowid as product_stock_id, p.pmp";
$sql .= " FROM ".MAIN_DB_PREFIX."entrepot as e,";
$sql .= " ".MAIN_DB_PREFIX."product_stock as ps";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = ps.fk_product";
$sql .= " WHERE ps.reel != 0";
$sql .= " AND ps.fk_entrepot = ".$conf->global->$constantforkey;
$sql .= " AND e.entity IN (".getEntity('stock').")";
$sql .= " AND ps.fk_product = ".$line->fk_product;
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
$stock_real = price2num($obj->reel, 'MS');
$htmlforlines .= $line->qty;
if ($line->qty && $line->qty > $stock_real) $htmlforlines .= '<span style="color: var(--amountremaintopaycolor)">';
$htmlforlines .= ' <span class="posstocktoolow">('.$langs->trans("Stock").' '.$stock_real.')</span>';
if ($line->qty && $line->qty > $stock_real) $htmlforlines .= "</span>";
}
}
else $htmlforlines .= $line->qty;
$htmlforlines .= '</td>';
$htmlforlines .= '<td class="right classfortooltip" title="'.$moreinfo.'">'.price($line->total_ttc).'</td>';
}
$htmlforlines .= '</tr>'."\n";

35
htdocs/theme/eldy/global.inc.php
View File

@ -118,7 +118,7 @@ body {
th a { font-weight: <?php echo ($useboldtitle ? 'bold' : 'normal'); ?> !important; }
a.tab { font-weight: 500 !important; }
a:link, a:visited, a:hover, a:active { color: var(--colortextlink); text-decoration: none; }
a:link, a:visited, a:hover, a:active, .classlink { color: var(--colortextlink); text-decoration: none; }
a:hover { text-decoration: underline; color: var(--colortextlink); }
a.commonlink { color: var(--colortextlink) !important; text-decoration: none; }
th.liste_titre a div div:hover, th.liste_titre_sel a div div:hover { text-decoration: underline; }
@ -191,10 +191,6 @@ input, select {
#mainbody input.button:not(.buttongen):not(.bordertransp) {
background: var(--butactionbg);
color: #FFF !important;
/* -webkit-box-shadow: 0px 0px 1px 1px rgba(0, 0, 0, 0.2), 0px 0px 0px rgba(60,60,60,0.1);
box-shadow: 0px 0px 1px 1px rgba(0, 0, 0, 0.2), 0px 0px 0px rgba(60,60,60,0.1); */
border-radius: 3px;
border-collapse: collapse;
border: none;
@ -220,7 +216,6 @@ input:invalid, select:invalid {
/* Focus definitions must be after standard definition */
textarea:focus {
/* v6 box-shadow: 0 0 4px #8091BF; */
border: 1px solid #aaa !important;
}
input:focus, select:focus {
@ -571,6 +566,9 @@ th .button {
.centpercent {
width: 100%;
}
.centpercentwithoutmenu {
width: calc(100% - 200px);
}
.quatrevingtpercent, .inputsearch {
width: 80%;
}
@ -1211,6 +1209,7 @@ table[summary="list_of_modules"] .fa-cog {
.maxwidth125 { max-width: 125px; }
.maxwidth150 { max-width: 150px; }
.maxwidth200 { max-width: 200px; }
.maxwidth250 { max-width: 250px; }
.maxwidth300 { max-width: 300px; }
.maxwidth400 { max-width: 400px; }
.maxwidth500 { max-width: 500px; }
@ -1272,6 +1271,11 @@ table[summary="list_of_modules"] .fa-cog {
.minwidth500imp { min-width: 250px !important; }
}
.widthcentpercentminusx {
width: calc(100% - 50px) !important;
display: inline-block;
}
/* Force values for small screen 767 */
@media only screen and (max-width: 767px)
{
@ -1294,7 +1298,7 @@ table[summary="list_of_modules"] .fa-cog {
margin-bottom: 15px !important;
}
select.minwidth100imp, select.minwidth100, select.minwidth200, select.minwidth300, .widthcentpercentminusx {
select.minwidth100imp, select.minwidth100, select.minwidth200, select.minwidth300 {
width: calc(100% - 50px) !important;
display: inline-block;
}
@ -1495,20 +1499,20 @@ td.showDragHandle {
padding-bottom: 20px;
}
/* For having horizontal scroll into array (like with smartphone) */
/*
#id-container {
/* DOL_XXX For having horizontal scroll into array (like with smartphone) */
.classforhorizontalscrolloftabs #id-container {
width: 100%;
}
.side-nav {
.classforhorizontalscrolloftabs .side-nav {
display: block;
float: left;
}
#id-right {
.classforhorizontalscrolloftabs #id-right {
width:calc(100% - 210px);
display: inline-block;
}
*/
<?php if (empty($conf->global->THEME_DISABLE_STICKY_TOPMENU)) { ?>
@ -1868,7 +1872,7 @@ div.attacharea {
}
div.attachareaformuserfileecm {
padding-top: 0;
padding-bottom: 0;
padding-bottom: 6px;
}
div.arearef {
@ -3207,6 +3211,7 @@ div.refid {
font-weight: bold;
color: var(--colortexttitlenotab);
font-size: 1.2em;
word-break: break-word;
}
div.refidno {
padding-top: 3px;
@ -4419,7 +4424,7 @@ span[phptag] {
border-bottom: 1px solid #ccc;
background: #e6e6e6;
display: inline-block;
padding: 4px 0 4px 0;
padding: 5px 0 5px 0;
z-index: 1000;
}
.websitebar .buttonDelete, .websitebar .button {

2
htdocs/theme/eldy/manifest.json.php
View File

@ -41,6 +41,8 @@ require_once __DIR__.'/../../main.inc.php';
$appli = constant('DOL_APPLICATION_TITLE');
if (!empty($conf->global->MAIN_APPLICATION_TITLE)) $appli = $conf->global->MAIN_APPLICATION_TITLE;
top_httphead('text/json');
?>
{
"name": "<?php echo $appli; ?>",

2
htdocs/theme/md/manifest.json.php
View File

@ -41,6 +41,8 @@ require_once __DIR__.'/../../main.inc.php';
$appli=constant('DOL_APPLICATION_TITLE');
if (!empty($conf->global->MAIN_APPLICATION_TITLE)) $appli=$conf->global->MAIN_APPLICATION_TITLE;
top_httphead('text/json');
?>
{
"name": "<?php echo $appli; ?>",

24
htdocs/theme/md/style.css.php
View File

@ -1205,6 +1205,7 @@ table[summary="list_of_modules"] .fa-cog {
.maxwidth125 { max-width: 125px; }
.maxwidth150 { max-width: 150px; }
.maxwidth200 { max-width: 200px; }
.maxwidth250 { max-width: 250px; }
.maxwidth300 { max-width: 300px; }
.maxwidth400 { max-width: 400px; }
.maxwidth500 { max-width: 500px; }
@ -1461,6 +1462,22 @@ td.showDragHandle {
<?php } ?>
}
/* DOL_XXX For having horizontal scroll into array (like with smartphone) */
.classforhorizontalscrolloftabs #id-container {
width: 100%;
}
.classforhorizontalscrolloftabs .side-nav {
display: block;
float: left;
}
.classforhorizontalscrolloftabs #id-right {
width:calc(100% - 210px);
display: inline-block;
}
.side-nav {
<?php if (GETPOST('optioncss', 'aZ09') == 'print') { ?>
display: none;
@ -1513,9 +1530,10 @@ td.showDragHandle {
?>
}
/*
* Slide animation
*/
/**
* Slide animation
*/
.side-nav-vert, #id-right {
transition: padding-left 0.5s ease, margin-left 0.5s ease;
}

5
htdocs/ticket/list.php
View File

@ -568,8 +568,9 @@ print '<input type="hidden" name="mode" value="'.$mode.'" >';
if ($socid) print '<input type="hidden" name="socid" value="'.$socid.'" >';
if ($projectid) print '<input type="hidden" name="projectid" value="'.$projectid.'" >';
$newcardbutton = '';
$newcardbutton .= dolGetButtonTitle($langs->trans('NewTicket'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/ticket/card.php?action=create'.($socid ? '&socid='.$socid : '').($projectid ? '&origin=projet_project&originid='.$projectid : ''), '', !empty($user->rights->ticket->write));
$url = DOL_URL_ROOT.'/ticket/card.php?action=create'.($socid ? '&socid='.$socid : '').($projectid ? '&origin=projet_project&originid='.$projectid : '');
if (!empty($socid)) $url .= '&socid='.$socid;
$newcardbutton = dolGetButtonTitle($langs->trans('NewTicket'), '', 'fa fa-plus-circle', $url, '', $user->rights->ticket->write);
$picto = 'ticket';
if ($socid > 0) $picto = '';

105
htdocs/user/bank.php
View File

@ -114,6 +114,49 @@ if ($action == 'update' && !$cancel)
{
$account->userid = $object->id;
/*
if ($action == 'update' && !$cancel)
{
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
if ($canedituser) // Case we can edit all field
{
$error = 0;
if (!$error)
{
$objectuser->fetch($id);
$objectuser->oldcopy = clone $objectuser;
$db->begin();
$objectuser->default_range = GETPOST('default_range');
$objectuser->default_c_exp_tax_cat = GETPOST('default_c_exp_tax_cat');
if (!$error) {
$ret = $objectuser->update($user);
if ($ret < 0) {
$error++;
if ($db->errno() == 'DB_ERROR_RECORD_ALREADY_EXISTS') {
$langs->load("errors");
setEventMessages($langs->trans("ErrorLoginAlreadyExists", $objectuser->login), null, 'errors');
} else {
setEventMessages($objectuser->error, $objectuser->errors, 'errors');
}
}
}
if (!$error && !count($objectuser->errors)) {
setEventMessages($langs->trans("UserModified"), null, 'mesgs');
$db->commit();
} else {
$db->rollback();
}
}
}
}*/
$account->bank = GETPOST('bank', 'alpha');
$account->label = GETPOST('label', 'alpha');
$account->courant = GETPOST('courant', 'alpha');
@ -155,6 +198,23 @@ if ($action == 'setpersonal_mobile')
if ($result < 0) setEventMessages($object->error, $object->errors, 'errors');
}
// update default_c_exp_tax_cat
if ($action == 'setdefault_c_exp_tax_cat')
{
$object->default_c_exp_tax_cat = GETPOST('default_c_exp_tax_cat', 'int');
$result = $object->update($user);
if ($result < 0) setEventMessages($object->error, $object->errors, 'errors');
}
// update default range
if ($action == 'setdefault_range')
{
$object->default_range = GETPOST('default_range', 'int');
$result = $object->update($user);
if ($result < 0) setEventMessages($object->error, $object->errors, 'errors');
}
/*
* View
@ -223,6 +283,51 @@ if ($action != 'edit' && $action != 'create') // If not bank account yet, $acco
print '</td>';
print '</tr>';
if (!empty($conf->global->MAIN_USE_EXPENSE_IK))
{
print '<tr class="nowrap">';
print '<td>';
print $form->editfieldkey("DefaultCategoryCar", 'default_c_exp_tax_cat', $object->default_c_exp_tax_cat, $object, $user->rights->user->user->creer);
print '</td><td>';
if ($action == 'editdefault_c_exp_tax_cat') {
$ret = '<form method="post" action="'.$_SERVER["PHP_SELF"].($moreparam ? '?'.$moreparam : '').'">';
$ret .= '<input type="hidden" name="action" value="setdefault_c_exp_tax_cat">';
$ret .= '<input type="hidden" name="token" value="'.newToken().'">';
$ret .= '<input type="hidden" name="id" value="'.$object->id.'">';
$ret .= $form->selectExpenseCategories($object->default_c_exp_tax_cat, 'default_c_exp_tax_cat', 1);
$ret .= '<input type="submit" class="button" name="modify" value="'.$langs->trans("Modify").'"> ';
$ret .= '<input type="submit" class="button" name="cancel" value="'.$langs->trans("Cancel").'">';
$ret .= '</form>';
print $ret;
} else {
print dol_getIdFromCode($db, $object->default_c_exp_tax_cat, 'c_exp_tax_cat', 'rowid', 'label');
//print $form->editfieldval("DefaultCategoryCar", 'default_c_exp_tax_cat', $object->default_c_exp_tax_cat, $object, $user->rights->user->user->creer, 'string', ($object->default_c_exp_tax_cat != '' ? $object->default_c_exp_tax_cat : ''));
}
print '</td>';
print '</tr>';
print '<tr class="nowrap">';
print '<td>';
print $form->editfieldkey("DefaultRangeNumber", 'default_range', $object->default_range, $object, $user->rights->user->user->creer);
print '</td><td>';
if ($action == 'editdefault_range') {
$ret = '<form method="post" action="'.$_SERVER["PHP_SELF"].($moreparam ? '?'.$moreparam : '').'">';
$ret .= '<input type="hidden" name="action" value="setdefault_range">';
$ret .= '<input type="hidden" name="token" value="'.newToken().'">';
$ret .= '<input type="hidden" name="id" value="'.$object->id.'">';
$maxRangeNum = ExpenseReportIk::getMaxRangeNumber($object->default_c_exp_tax_cat);
$ret .= $form->selectarray('default_range', range(0, $maxRangeNum), $object->default_range);
$ret .= '<input type="submit" class="button" name="modify" value="'.$langs->trans("Modify").'"> ';
$ret .= '<input type="submit" class="button" name="cancel" value="'.$langs->trans("Cancel").'">';
$ret .= '</form>';
print $ret;
} else {
print $object->default_range;
}
print '</td>';
print '</tr>';
}
print '</table>';
print '</div><div class="fichehalfright"><div class="ficheaddleft">';

106
htdocs/user/card.php
View File

@ -61,6 +61,12 @@ $group = GETPOST("group", "int", 3);
$cancel = GETPOST('cancel', 'alpha');
$contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'useracard'; // To manage different context of search
$dateemployment = dol_mktime(0, 0, 0, GETPOST('dateemploymentmonth', 'int'), GETPOST('dateemploymentday', 'int'), GETPOST('dateemploymentyear', 'int'));
$dateemploymentend = dol_mktime(0, 0, 0, GETPOST('dateemploymentendmonth', 'int'), GETPOST('dateemploymentendday', 'int'), GETPOST('dateemploymentendyear', 'int'));
$datestartvalidity = dol_mktime(0, 0, 0, GETPOST('datestartvaliditymonth', 'int'), GETPOST('datestartvalidityday', 'int'), GETPOST('datestartvalidityyear', 'int'));
$dateendvalidity = dol_mktime(0, 0, 0, GETPOST('dateendvaliditymonth', 'int'), GETPOST('dateendvalidityday', 'int'), GETPOST('dateendvalidityyear', 'int'));
$dateofbirth = dol_mktime(0, 0, 0, GETPOST('dateofbirthmonth', 'int'), GETPOST('dateofbirthday', 'int'), GETPOST('dateofbirthyear', 'int'));
// Define value to know what current user can do on users
$canadduser = (!empty($user->admin) || $user->rights->user->user->creer);
$canreaduser = (!empty($user->admin) || $user->rights->user->user->lire);
@ -202,8 +208,6 @@ if (empty($reshook)) {
$object->login = GETPOST("login", 'alphanohtml');
$object->api_key = GETPOST("api_key", 'alphanohtml');
$object->gender = GETPOST("gender", 'aZ09');
$birth = dol_mktime(0, 0, 0, GETPOST('birthmonth', 'int'), GETPOST('birthday', 'int'), GETPOST('birthyear', 'int'));
$object->birth = $birth;
$object->admin = GETPOST("admin", 'int');
$object->address = GETPOST('address', 'alphanohtml');
$object->zip = GETPOST('zipcode', 'alphanohtml');
@ -247,11 +251,12 @@ if (empty($reshook)) {
$object->weeklyhours = GETPOST("weeklyhours", 'alphanohtml') != '' ? GETPOST("weeklyhours", 'alphanohtml') : '';
$object->color = GETPOST("color", 'alphanohtml') != '' ? GETPOST("color", 'alphanohtml') : '';
$dateemployment = dol_mktime(0, 0, 0, GETPOST('dateemploymentmonth', 'int'), GETPOST('dateemploymentday', 'int'), GETPOST('dateemploymentyear', 'int'));
$object->dateemployment = $dateemployment;
$dateemploymentend = dol_mktime(0, 0, 0, GETPOST('dateemploymentendmonth', 'int'), GETPOST('dateemploymentendday', 'int'), GETPOST('dateemploymentendyear', 'int'));
$object->dateemployment = $dateemployment;
$object->dateemploymentend = $dateemploymentend;
$object->datestartvalidity = $datestartvalidity;
$object->dateendvalidity = $dateendvalidity;
$object->birth = $dateofbirth;
$object->fk_warehouse = GETPOST('fk_warehouse', 'int');
@ -364,8 +369,6 @@ if (empty($reshook)) {
$object->firstname = GETPOST("firstname", 'alphanohtml');
$object->login = GETPOST("login", 'alphanohtml');
$object->gender = GETPOST("gender", 'aZ09');
$birth = dol_mktime(0, 0, 0, GETPOST('birthmonth', 'int'), GETPOST('birthday', 'int'), GETPOST('birthyear', 'int'));
$object->birth = $birth;
$object->pass = GETPOST("password", 'none');
$object->api_key = (GETPOST("api_key", 'alphanohtml')) ? GETPOST("api_key", 'alphanohtml') : $object->api_key;
if (!empty($user->admin)) $object->admin = GETPOST("admin", "int"); // admin flag can only be set/unset by an admin user. A test is also done later when forging sql request
@ -409,10 +412,11 @@ if (empty($reshook)) {
$object->weeklyhours = price2num($object->weeklyhours);
$object->color = GETPOST("color", 'alphanohtml') != '' ? GETPOST("color", 'alphanohtml') : '';
$dateemployment = dol_mktime(0, 0, 0, GETPOST('dateemploymentmonth', 'int'), GETPOST('dateemploymentday', 'int'), GETPOST('dateemploymentyear', 'int'));
$object->dateemployment = $dateemployment;
$dateemploymentend = dol_mktime(0, 0, 0, GETPOST('dateemploymentendmonth', 'int'), GETPOST('dateemploymentendday', 'int'), GETPOST('dateemploymentendyear', 'int'));
$object->dateemploymentend = $dateemploymentend;
$object->datestartvalidity = $datestartvalidity;
$object->dateendvalidity = $dateendvalidity;
$object->birth = $dateofbirth;
if (!empty($conf->stock->enabled))
{
@ -1229,21 +1233,29 @@ if ($action == 'create' || $action == 'adduserldap')
// Date employment
print '<tr><td>'.$langs->trans("DateEmployment").'</td>';
print '<td>';
print $form->selectDate(GETPOST('dateemployment'), 'dateemployment', 0, 0, 1, 'formdateemployment', 1, 0);
print $form->selectDate($dateemployment, 'dateemployment', 0, 0, 1, 'formdateemployment', 1, 1);
print ' - ';
print $form->selectDate($dateemploymentend, 'dateemploymentend', 0, 0, 1, 'formdateemploymentend', 1, 0);
print '</td>';
print "</tr>\n";
// Date employment END
print '<tr><td>'.$langs->trans("DateEmploymentEnd").'</td>';
// Date validity
print '<tr><td>'.$langs->trans("RangeOfLoginValidity").'</td>';
print '<td>';
print $form->selectDate(GETPOST('dateemploymentend'), 'dateemploymentend', 0, 0, 1, 'formdateemploymentend', 1, 0);
print $form->selectDate($datestartvalidity, 'datestartvalidity', 0, 0, 1, 'formdatestartvalidity', 1, 1);
print ' - ';
print $form->selectDate($dateendvalidity, 'dateendvalidity', 0, 0, 1, 'formdateendvalidity', 1, 0);
print '</td>';
print "</tr>\n";
// Date birth
print '<tr><td>'.$langs->trans("DateToBirth").'</td>';
print '<tr><td>'.$langs->trans("DateOfBirth").'</td>';
print '<td>';
print $form->selectDate(GETPOST('birth'), 'birth', 0, 0, 1, 'createuser', 1, 0);
print $form->selectDate($dateofbirth, 'dateofbirth', 0, 0, 1, 'createuser', 1, 0);
print '</td>';
print "</tr>\n";
@ -1621,24 +1633,32 @@ if ($action == 'create' || $action == 'adduserldap')
print '<tr><td>'.$langs->trans("DateOfEmployment").'</td>';
print '<td>';
if ($object->dateemployment) {
print '<span class="opacitymedium">'.$langs->trans("FromDate ").'</span>';
print '<span class="opacitymedium">'.$langs->trans("FromDate").'</span> ';
print dol_print_date($object->dateemployment, 'day');
}
//print '</td>';
//print "</tr>\n";
// Date employment
//print '<tr><td>'.$langs->trans("DateEmploymentEnd").'</td>';
//print '<td>';
if ($object->dateemploymentend) {
print '<span class="opacitymedium"> - '.$langs->trans("To ").'</span>';
print '<span class="opacitymedium"> - '.$langs->trans("To").'</span> ';
print dol_print_date($object->dateemploymentend, 'day');
}
print '</td>';
print "</tr>\n";
// Date login validity
print '<tr><td>'.$langs->trans("RangeOfLoginValidity").'</td>';
print '<td>';
if ($object->datestartvalidity) {
print '<span class="opacitymedium">'.$langs->trans("FromDate").'</span> ';
print dol_print_date($object->datestartvalidity, 'day');
}
if ($object->dateendvalidity) {
print '<span class="opacitymedium"> - '.$langs->trans("To").'</span> ';
print dol_print_date($object->dateendvalidity, 'day');
}
print '</td>';
print "</tr>\n";
// Date of birth
print '<tr><td>'.$langs->trans("DateToBirth").'</td>';
print '<tr><td>'.$langs->trans("DateOfBirth").'</td>';
print '<td>';
print dol_print_date($object->birth, 'day');
print '</td>';
@ -2672,19 +2692,16 @@ if ($action == 'create' || $action == 'adduserldap')
print '<td>';
if ($caneditfield)
{
print $form->selectDate(GETPOST('dateemployment') ?GETPOST('dateemployment') : $object->dateemployment, 'dateemployment', 0, 0, 1, 'formdateemployment', 1, 0);
print $form->selectDate($dateemployment ? $dateemployment : $object->dateemployment, 'dateemployment', 0, 0, 1, 'formdateemployment', 1, 1);
} else {
print dol_print_date($object->dateemployment, 'day');
}
print '</td>';
print "</tr>\n";
// Date employmentEnd
print '<tr><td>'.$langs->trans("DateEmploymentEnd").'</td>';
print '<td>';
if ($dateemployment && $dateemploymentend) print ' - ';
if ($caneditfield)
{
print $form->selectDate(GETPOST('dateemploymentend') ?GETPOST('dateemploymentend') : $object->dateemploymentend, 'dateemploymentend', 0, 0, 1, 'formdateemploymentend', 1, 0);
print $form->selectDate($dateemploymentend ? $dateemploymentend : $object->dateemploymentend, 'dateemploymentend', 0, 0, 1, 'formdateemploymentend', 1, 0);
} else {
print dol_print_date($object->dateemploymentend, 'day');
}
@ -2692,12 +2709,33 @@ if ($action == 'create' || $action == 'adduserldap')
print "</tr>\n";
// Date birth
print '<tr><td>'.$langs->trans("DateToBirth").'</td>';
// Date login validity
print '<tr><td>'.$langs->trans("RangeOfLoginValidity").'</td>';
print '<td>';
if ($caneditfield)
{
echo $form->selectDate(GETPOST('birth') ?GETPOST('birth') : $object->birth, 'birth', 0, 0, 1, 'updateuser', 1, 0);
print $form->selectDate($datestartvalidity ? $datestartvalidity : $object->datestartvalidity, 'datestartvalidity', 0, 0, 1, 'formdatestartvalidity', 1, 1);
} else {
print dol_print_date($object->datestartvalidity, 'day');
}
if ($datestartvalidity && $dateendvalidity) print ' - ';
if ($caneditfield)
{
print $form->selectDate($dateendvalidity ? $datendevalidity : $object->dateendvalidity, 'dateendvalidity', 0, 0, 1, 'formdateendvalidity', 1, 0);
} else {
print dol_print_date($object->dateendvalidity, 'day');
}
print '</td>';
print "</tr>\n";
// Date birth
print '<tr><td>'.$langs->trans("DateOfBirth").'</td>';
print '<td>';
if ($caneditfield) {
echo $form->selectDate($dateofbirth ? $dateofbirth : $object->birth, 'dateofbirth', 0, 0, 1, 'updateuser', 1, 0);
} else {
print dol_print_date($object->birth, 'day');
}

11
htdocs/user/class/user.class.php
View File

@ -154,7 +154,7 @@ class User extends CommonObject
public $datelastlogin;
public $datepreviouslogin;
public $datestartvalidity;
public $dateedvalidity;
public $dateendvalidity;
public $photo;
public $lang;
@ -1467,7 +1467,6 @@ class User extends CommonObject
$this->employee = $this->employee ? $this->employee : 0;
$this->login = trim($this->login);
$this->gender = trim($this->gender);
$this->birth = trim($this->birth);
$this->pass = trim($this->pass);
$this->api_key = trim($this->api_key);
$this->address = $this->address ?trim($this->address) : trim($this->address);
@ -1495,6 +1494,9 @@ class User extends CommonObject
$this->color = empty($this->color) ? '' : $this->color;
$this->dateemployment = empty($this->dateemployment) ? '' : $this->dateemployment;
$this->dateemploymentend = empty($this->dateemploymentend) ? '' : $this->dateemploymentend;
$this->datestartvalidity = empty($this->datestartvalidity) ? '' : $this->datestartvalidity;
$this->dateendvalidity = empty($this->dateendvalidity) ? '' : $this->dateendvalidity;
$this->birth = trim($this->birth);
$this->fk_warehouse = trim(empty($this->fk_warehouse) ? '' : $this->fk_warehouse);
// Check parameters
@ -1507,7 +1509,7 @@ class User extends CommonObject
if (empty($this->login))
{
$langs->load("errors");
$this->error = $langs->trans("ErrorFieldRequired", $this->login);
$this->error = $langs->trans("ErrorFieldRequired", 'Login');
return -1;
}
@ -1541,6 +1543,8 @@ class User extends CommonObject
$sql .= ", color = '".$this->db->escape($this->color)."'";
$sql .= ", dateemployment=".(strval($this->dateemployment) != '' ? "'".$this->db->idate($this->dateemployment)."'" : 'null');
$sql .= ", dateemploymentend=".(strval($this->dateemploymentend) != '' ? "'".$this->db->idate($this->dateemploymentend)."'" : 'null');
$sql .= ", datestartvalidity=".(strval($this->datestartvalidity) != '' ? "'".$this->db->idate($this->datestartvalidity)."'" : 'null');
$sql .= ", dateendvalidity=".(strval($this->dateendvalidity) != '' ? "'".$this->db->idate($this->dateendvalidity)."'" : 'null');
$sql .= ", note = '".$this->db->escape($this->note_private)."'";
$sql .= ", note_public = '".$this->db->escape($this->note_public)."'";
$sql .= ", photo = ".($this->photo ? "'".$this->db->escape($this->photo)."'" : "null");
@ -1558,7 +1562,6 @@ class User extends CommonObject
$sql .= ", default_c_exp_tax_cat = ".($this->default_c_exp_tax_cat > 0 ? $this->default_c_exp_tax_cat : 'null');
$sql .= ", fk_warehouse = ".($this->fk_warehouse ? "'".$this->db->escape($this->fk_warehouse)."'" : "null");
$sql .= ", lang = ".($this->lang ? "'".$this->db->escape($this->lang)."'" : "null");
$sql .= " WHERE rowid = ".$this->id;
dol_syslog(get_class($this)."::update", LOG_DEBUG);

8
htdocs/user/list.php
View File

@ -301,11 +301,9 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php';
$text = $langs->trans("ListOfUsers");
$newcardbutton = '';
if ($canadduser)
{
$newcardbutton .= dolGetButtonTitle($langs->trans('NewUser'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/user/card.php?action=create'.($mode == 'employee' ? '&employee=1' : '').'&leftmenu=');
}
$url = DOL_URL_ROOT.'/user/card.php?action=create'.($mode == 'employee' ? '&employee=1' : '').'&leftmenu=';
if (!empty($socid)) $url .= '&socid='.$socid;
$newcardbutton = dolGetButtonTitle($langs->trans('NewUser'), '', 'fa fa-plus-circle', $url, '', $canadduser);
print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">'."\n";
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';

245
htdocs/website/index.php
View File

@ -108,7 +108,7 @@ $objectpage = new WebsitePage($db);
$object->fetchAll('ASC', 'position'); // Init $object->records with list of websites
// If website not defined, we take first found
if (!($websiteid > 0) && empty($websitekey))
if (!($websiteid > 0) && empty($websitekey) && $action != 'createsite')
{
foreach ($object->records as $key => $valwebsite)
{
@ -2182,7 +2182,7 @@ $formadmin = new FormAdmin($db);
$formwebsite = new FormWebsite($db);
$formother = new FormOther($db);
$help_url = '';
$helpurl = 'EN:Module_Website|FR:Module_Website_FR|ES:M&oacute;dulo_Website';
$arrayofjs = array(
'/includes/ace/src/ace.js',
@ -2204,7 +2204,7 @@ $moreheadjs .= '<script type="text/javascript">'."\n";
$moreheadjs .= 'var indicatorBlockUI = \''.DOL_URL_ROOT."/theme/".$conf->theme."/img/working.gif".'\';'."\n";
$moreheadjs .= '</script>'."\n";
llxHeader($moreheadcss.$moreheadjs, $langs->trans("WebsiteSetup"), $help_url, '', 0, 0, $arrayofjs, $arrayofcss, '', '', '<!-- Begin div class="fiche" -->'."\n".'<div class="fichebutwithotherclass">');
llxHeader($moreheadcss.$moreheadjs, $langs->trans("WebsiteSetup"), $helpurl, '', 0, 0, $arrayofjs, $arrayofcss, '', '', '<!-- Begin div class="fiche" -->'."\n".'<div class="fichebutwithotherclass">');
print "\n";
print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST" enctype="multipart/form-data">';
@ -2276,45 +2276,6 @@ if (!GETPOST('hide_websitemenu'))
$disabled = '';
if (empty($user->rights->website->write)) $disabled = ' disabled="disabled"';
//var_dump($objectpage);exit;
print '<div class="centpercent websitebar">';
// ***** Part for web sites
print '<!-- Bar for website -->';
print '<span class="websiteselection hideonsmartphoneimp minwidth100 tdoverflowmax100">';
print $langs->trans("Website").' : ';
print '</span>';
print '<span class="websiteselection hideonsmartphoneimp">';
print '<a href="'.$_SERVER["PHP_SEFL"].'?action=createsite&website='.$website->ref.'" class="button bordertransp"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("AddWebsite")).'"><span class="fa fa-plus-circle valignmiddle btnTitle-icon"><span></a>';
print '</span>';
// List of website
print '<span class="websiteselection">';
$out = '';
$out .= '<select name="website" class="minwidth100 maxwidth300 maxwidth150onsmartphone" id="website">';
if (empty($object->records)) $out .= '<option value="-1">&nbsp;</option>';
// Loop on each sites
$i = 0;
foreach ($object->records as $key => $valwebsite)
{
if (empty($websitekey)) $websitekey = $valwebsite->ref;
$out .= '<option value="'.$valwebsite->ref.'"';
if ($websitekey == $valwebsite->ref) $out .= ' selected'; // To preselect a value
$out .= '>';
$out .= $valwebsite->ref;
$out .= '</option>';
$i++;
}
$out .= '</select>';
$out .= ajax_combobox('website');
print $out;
//print '<input type="submit" class="button" name="refreshsite" value="'.$langs->trans("Load").'">';
print '<input type="image" class="valignmiddle" src="'.img_picto('', 'refresh', '', 0, 1).'" name="refreshsite" value="'.$langs->trans("Load").'">';
if ($websitekey)
{
$virtualurl = '';
@ -2331,70 +2292,146 @@ if (!GETPOST('hide_websitemenu'))
if (!is_array($array) && $array < 0) dol_print_error('', $objectpage->error, $objectpage->errors);
$atleastonepage = (is_array($array) && count($array) > 0);
if ($websitekey && $websitekey != '-1' && ($action == 'preview' || $action == 'createfromclone' || $action == 'createpagefromclone' || $action == 'deletesite'))
{
print ' &nbsp; ';
print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($langs->trans("EditCss")).'" name="editcss">';
//var_dump($objectpage);exit;
print '<div class="centpercent websitebar">';
$importlabel = $langs->trans("ImportSite");
$exportlabel = $langs->trans("ExportSite");
if (! empty($conf->dol_optimize_smallscreen)) {
$importlabel = $langs->trans("Import");
$exportlabel = $langs->trans("Export");
//
// Toolbar for websites
//
print '<!-- Bar for website -->';
if ($action != 'file_manager') {
print '<span class="websiteselection hideonsmartphoneimp minwidth100 tdoverflowmax100">';
print $langs->trans("Website").' : ';
print '</span>';
$urltocreatenewwebsite = $_SERVER["PHP_SEFL"].'?action=createsite';
if (empty($conf->use_javascript_ajax)) {
print '<span class="websiteselection hideonsmartphoneimp">';
print '<a href="'.$urltocreatenewwebsite.'" class="button bordertransp"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("AddWebsite")).'"><span class="fa fa-plus-circle valignmiddle btnTitle-icon"><span></a>';
print '</span>';
}
if ($atleastonepage)
// List of website
print '<span class="websiteselection">';
$out = '';
$out .= '<select name="website" class="minwidth100 width200 maxwidth150onsmartphone" id="website">';
if (empty($object->records)) $out .= '<option value="-1">&nbsp;</option>';
if (! empty($conf->use_javascript_ajax)) {
$valueoption = '<span class="classlink">'.img_picto('', 'add', 'class="paddingrightonly"').$langs->trans("AddWebsite").'</span>';
$out .= '<option value="-2" data-html="'.dol_escape_htmltag($valueoption).'">'.$valueoption.'</option>';
}
// Loop on each sites
$i = 0;
foreach ($object->records as $key => $valwebsite)
{
print '<input type="submit" class="button bordertransp" disabled="disabled" value="'.dol_escape_htmltag($importlabel).'" name="importsite">';
if (empty($websitekey)) {
if ($action != 'createsite') $websitekey = $valwebsite->ref;
}
$out .= '<option value="'.$valwebsite->ref.'"';
if ($websitekey == $valwebsite->ref) $out .= ' selected'; // To preselect a value
//$outoption = $valwebsite->getLibStatut(3).' '.$valwebsite->ref.' ';
$outoption = (($valwebsite->status == $valwebsite::STATUS_DRAFT)?'<span class="opacitymedium">':'').$valwebsite->ref.(($valwebsite->status == $valwebsite::STATUS_DRAFT)?'</span>':'');
$out .= ' data-html="'.dol_escape_htmltag($outoption).'"';
$out .= '>';
$out .= $valwebsite->ref;
$out .= '</option>';
$i++;
}
else {
print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($importlabel).'" name="importsite">';
$out .= '</select>';
$out .= ajax_combobox('website');
if (!empty($conf->use_javascript_ajax)) {
$out .= '<script language="javascript">';
$out .= 'jQuery(document).ready(function () {';
$out .= ' jQuery("#website").change(function () {';
$out .= ' console.log("We select "+jQuery("#website option:selected").val());';
$out .= ' if (jQuery("#website option:selected").val() == \'-2\') {';
$out .= ' window.location.href = "'.$urltocreatenewwebsite.'";';
$out .= ' } else {';
$out .= ' window.location.href = "'.$_SERVER["PHP_SEFL"].'?website="+jQuery("#website option:selected").val();';
$out .= ' }';
$out .= ' });';
$out .= '});';
$out .= '</script>';
}
print $out;
if (empty($conf->use_javascript_ajax)) {
print '<input type="image" class="valignmiddle" src="'.img_picto('', 'refresh', '', 0, 1).'" name="refreshsite" value="'.$langs->trans("Load").'">';
}
//print '<input type="submit" class="button"'.$disabled.' value="'.dol_escape_htmltag($langs->trans("EditMenu")).'" name="editmenu">';
print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($exportlabel).'" name="exportsite">';
print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($langs->trans("CloneSite")).'" name="createfromclone">';
if ($websitekey && $websitekey != '-1' && ($action == 'preview' || $action == 'createfromclone' || $action == 'createpagefromclone' || $action == 'deletesite'))
{
print ' &nbsp; ';
print '<input type="submit" class="buttonDelete bordertransp" name="deletesite" value="'.$langs->trans("Delete").'"'.($atleastonepage ? ' disabled="disabled"' : '').'>';
print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($langs->trans("EditCss")).'" name="editcss">';
print ' &nbsp; ';
$importlabel = $langs->trans("ImportSite");
$exportlabel = $langs->trans("ExportSite");
if (! empty($conf->dol_optimize_smallscreen)) {
$importlabel = $langs->trans("Import");
$exportlabel = $langs->trans("Export");
}
print '<a href="'.$_SERVER["PHP_SEFL"].'?action=file_manager&website='.$website->ref.'" class="button bordertransp"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("MediaFiles")).'"><span class="fa fa-image"><span></a>';
//print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($langs->trans("MediaFiles")).'" name="file_manager">';
/*print '<a class="button button_file_manager"'.$disabled.'>'.dol_escape_htmltag($langs->trans("MediaFiles")).'</a>';
print '<script language="javascript">
jQuery(document).ready(function () {
jQuery(".button_file_manager").click(function () {
var $dialog = $(\'<div></div>\').html(\'<iframe style="border: 0px;" src="'.DOL_URL_ROOT.'/website/index.php?hide_websitemenu=1&dol_hide_topmenu=1&dol_hide_leftmenu=1&file_manager=1&website='.$websitekey.'&pageid='.$pageid.'" width="100%" height="100%"></iframe>\')
.dialog({
autoOpen: false,
modal: true,
height: 500,
width: \'80%\',
title: "'.dol_escape_js($langs->trans("FileManager")).'"
});
$dialog.dialog(\'open\');
});
});
</script>';
*/
if ($atleastonepage)
{
print '<input type="submit" class="button bordertransp" disabled="disabled" value="'.dol_escape_htmltag($importlabel).'" name="importsite">';
}
else {
print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($importlabel).'" name="importsite">';
}
print '<a href="'.$_SERVER["PHP_SEFL"].'?action=replacesite&website='.$website->ref.'" class="button bordertransp"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("ReplaceWebsiteContent")).'"><span class="fa fa-search"><span></a>';
//print '<input type="submit" class="button"'.$disabled.' value="'.dol_escape_htmltag($langs->trans("EditMenu")).'" name="editmenu">';
print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($exportlabel).'" name="exportsite">';
print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($langs->trans("CloneSite")).'" name="createfromclone">';
if (! empty($conf->categorie->enabled)) {
print '<a href="'.DOL_URL_ROOT.'/categories/index.php?leftmenu=website&type=website_page&website='.$website->ref.'" class="button bordertransp"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("Categories")).'"><span class="fa fa-tags"><span></a>';
}
print '<input type="submit" class="buttonDelete bordertransp" name="deletesite" value="'.$langs->trans("Delete").'"'.($atleastonepage ? ' disabled="disabled"' : '').'>';
print ' &nbsp; ';
print '<a href="'.$_SERVER["PHP_SEFL"].'?action=replacesite&website='.$website->ref.'" class="button bordertransp"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("ReplaceWebsiteContent")).'"><span class="fa fa-search"><span></a>';
if (! empty($conf->global->WEBSITE_ADD_REGENERATE_BUTTON)) {
print '<a href="'.$_SERVER["PHP_SEFL"].'?action=regeneratesite&website='.$website->ref.'" class="button bordertransp"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("RegenerateWebsiteContent")).'"><span class="fa fa-cogs"><span></a>';
}
print '</span>';
if ($websitekey && $websitekey != '-1' && ($action == 'preview' || $action == 'createfromclone' || $action == 'createpagefromclone' || $action == 'deletesite'))
{
print '<span class="websiteselection">';
print '<a href="'.$_SERVER["PHP_SEFL"].'?action=file_manager&website='.$website->ref.'" class="button bordertransp"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("MediaFiles")).'"><span class="fa fa-image"><span></a>';
if (! empty($conf->categorie->enabled)) {
//print '<a href="'.DOL_URL_ROOT.'/categories/index.php?leftmenu=website&dol_hide_leftmenu=1&nosearch=1&type=website_page&website='.$website->ref.'" class="button bordertransp"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("Categories")).'"><span class="fa fa-tags"><span></a>';
//print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($langs->trans("MediaFiles")).'" name="file_manager">';
print '<a class="button bordertransp button_categories"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("Categories")).'"><span class="fa fa-tags"><span></a>';
print '<script language="javascript">
jQuery(document).ready(function () {
jQuery(".button_categories").click(function () {
var $dialog = $(\'<div></div>\').html(\'<iframe class="iframedialog" style="border: 0px;" src="'.DOL_URL_ROOT.'/categories/index.php?leftmenu=website&nosearch=1&type=website_page&website='.$website->ref.'" width="100%" height="98%"></iframe>\')
.dialog({
autoOpen: false,
modal: true,
height: (window.innerHeight - 150),
width: \'80%\',
title: "'.dol_escape_js($langs->transnoentitiesnoconv("Categories")).'"
});
$dialog.dialog(\'open\');
});
});
</script>';
}
print '</span>';
}
} else {
print '<input type="hidden" name="website" id="website" value='.$websitekey.'">';
}
print '</span>';
// Toolbar for websites
print '<span class="websitetools websiteselection">';
@ -2405,7 +2442,7 @@ if (!GETPOST('hide_websitemenu'))
print '<span class="websiteinputurl valignmiddle" id="websiteinputurl">';
$linktotestonwebserver = '<a href="'.($virtualurl ? $virtualurl : '#').'" class="valignmiddle">';
$linktotestonwebserver .= '<span class="hideonsmartphone">'.$langs->trans("TestDeployOnWeb", $virtualurl).' </span>'.img_picto('', 'globe');
$linktotestonwebserver .= '<span class="hideonsmartphone paddingrightonly">'.$langs->trans("TestDeployOnWeb", $virtualurl).'</span>'.img_picto('', 'globe');
$linktotestonwebserver .= '</a>';
$htmltext = '';
if (empty($object->fk_default_home))
@ -2469,8 +2506,10 @@ if (!GETPOST('hide_websitemenu'))
print '</span>';
//
// Toolbar for pages
//
if ($websitekey && $websitekey != '-1' && !in_array($action, array('editcss', 'editmenu', 'importsite', 'file_manager', 'replacesite', 'replacesiteconfirm')) && !$file_manager)
{
print '</div>'; // Close current websitebar to open a new one
@ -2483,7 +2522,6 @@ if (!GETPOST('hide_websitemenu'))
print '</span>';
print '<span class="websiteselection hideonsmartphoneimp">';
//print '<input type="submit"'.$disabled.' class="button" value="'.dol_escape_htmltag($langs->trans("Add")).'" name="createcontainer">';
print '<a href="'.$_SERVER["PHP_SEFL"].'?action=createcontainer&website='.$website->ref.'" class="button bordertransp"'.$disabled.' title="'.dol_escape_htmltag($langs->trans("AddPage")).'"><span class="fa fa-plus-circle valignmiddle btnTitle-icon"><span></a>';
print '</span>';
@ -2491,7 +2529,28 @@ if (!GETPOST('hide_websitemenu'))
if ($action != 'addcontainer')
{
print '<span class="websiteselection">'.$formwebsite->selectContainer($website, 'pageid', $pageid, 0, $action, 'maxwidth200onsmartphone').'</span>';
print '<span class="websiteselection">';
print $formwebsite->selectContainer($website, 'pageid', $pageid, 0, $action, 'maxwidth200onsmartphone');
print '</span>';
$urltocreatenewpage = $_SERVER["PHP_SEFL"].'?action=createcontainer&website='.$website->ref;
$out = '';
if (!empty($conf->use_javascript_ajax)) {
$out .= '<script language="javascript">';
$out .= 'jQuery(document).ready(function () {';
$out .= ' jQuery("#pageid").change(function () {';
$out .= ' console.log("We select "+jQuery("#pageid option:selected").val());';
$out .= ' if (jQuery("#pgeid option:selected").val() == \'-2\') {';
$out .= ' window.location.href = "'.$urltocreatenewpage.'";';
$out .= ' } else {';
$out .= ' window.location.href = "'.$_SERVER["PHP_SEFL"].'?website='.$website->ref.'&pageid="+jQuery("#pageid option:selected").val();';
$out .= ' }';
$out .= ' });';
$out .= '});';
$out .= '</script>';
}
print $out;
}
else {
print $langs->trans("New");
@ -3142,7 +3201,7 @@ if ($action == 'createsite')
if (GETPOST('WEBSITE_OTHERLANG')) $siteotherlang = GETPOST('WEBSITE_OTHERLANG', 'aZ09comma');
print '<tr><td class="titlefieldcreate fieldrequired">';
print $langs->trans('Ref');
print $form->textwithpicto($langs->trans('WebSite'), $langs->trans("Example").': www.mywebsite.com, myportal, ...');
print '</td><td>';
print '<input type="text" class="flat maxwidth300" name="WEBSITE_REF" value="'.dol_escape_htmltag($siteref).'" autofocus>';
print '</td></tr>';

72
test/sqlmap/README Normal file
View File

@ -0,0 +1,72 @@
To test there is no SQL injection, we can use:
-- Installation of sqlmap
-------------------------
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap
cd sqlmap
./sqlmap.py --update
./sqlmap.py --purge
Add, into file ~/git/sqlmap/data/xml/payloads/boolean_blind.xml, the custom rule:
<!-- Boolean-based blind tests - WHERE/HAVING clause -->
<test>
<title>Our_ORDERBY_Payload</title>
<stype>1</stype>
<level>1</level>
<risk>1</risk>
<clause>1</clause>
<where>1</where>
<vector>,(select * from(select (CASE WHEN ([INFERENCE]) THEN 1 ELSE exp(710) END))a)</vector>
<request>
<payload>,(select * from(select (CASE WHEN (1=1) THEN 1 ELSE exp(710) END))a)</payload>
</request>
<response>
<comparison>,(select * from(select (CASE WHEN (1=2) THEN 1 ELSE exp(710) END))a)</comparison>
</response>
<details>
<dbms>mysql</dbms>
<os>linux</os>
</details>
</test>
-- Launch sqlmap on a given url/parameter
-----------------------------------------
Introduce a vulnerability by changing the GETPOST on parameter search_status into GETPOST('search_status', 'none') and removing $db->sanitize when parameter is used;
./sqlmap.py --fresh-queries -u "http://localhostdev/comm/propal/list.php?search_status=*"
./sqlmap.py -A "securitytest" --threads=4 -u "http://localhostdev/comm/propal/list.php?search_status=*" --dbms=mysql --os=linux --technique=B --batch --skip-waf \
--cookie="DOLSESSID_xxxxxx=yyyyyyyy;" --prefix='1' -v 4 > sqlmap.txt
Check vulnerability is found into sqlmap.txt. Scanner is working.
-- Launch sqlmap on all the application
---------------------------------------
Set $dolibarr_nocsrfcheck='1' into conf.php file to make access easier.
With prefix (required to have some rules working)
./sqlmap.py -A "securitytest" --threads=4 -u "http://localhostdev/" --crawl=2 --crawl-exclude="logout|user\/card|custom\/" \
--skip=sortorder --skip=sortfield --dbms=mysql --os=linux --technique=B --batch --skip-waf \
--cookie="DOLSESSID_xxxxxxxxx=yyyyyyyyyyyyyyyy;" --prefix='1' -v
Without prefix
./sqlmap.py -A "securitytest" --threads=4 -u "http://localhostdev/" --crawl=2 --crawl-exclude="logout|user\/card|custom\/" \
--skip=sortorder --skip=sortfield --dbms=mysql --os=linux --technique=B --batch --skip-waf \
--cookie="DOLSESSID_xxxxxxxxx=yyyyyyyyyyyyyyyy;" -v