From af8661ce07c56770fba6b4c7fdbba497ed3e70e4 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Wed, 19 Oct 2005 05:30:49 +0000
Subject: [PATCH] =?UTF-8?q?Fixed:=20bug=20#14767=20overview:=20sanitize=5F?=
 =?UTF-8?q?string=20en=20trop=20sur=20les=20num=E9ros=20de=20facture=20fou?=
 =?UTF-8?q?rnisseur?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 htdocs/fourn/facture/fiche.php             |  45 +++---
 htdocs/fourn/fournisseur.facture.class.php | 168 ++++++++++-----------
 htdocs/langs/en_US/bills.lang              |   1 +
 htdocs/langs/en_US/compta.lang             |   7 +-
 htdocs/langs/fr_FR/bills.lang              |   1 +
 htdocs/langs/fr_FR/compta.lang             |   5 +-
 6 files changed, 123 insertions(+), 104 deletions(-)
diff --git a/htdocs/fourn/facture/fiche.php b/htdocs/fourn/facture/fiche.php
index b8334bc711e..8e3272f6200 100644
--- a/htdocs/fourn/facture/fiche.php
+++ b/htdocs/fourn/facture/fiche.php
@@ -247,6 +247,7 @@ if ($_GET['action'] == 'create' or $_GET['action'] == 'copy')
 
 	print '<form action="fiche.php" method="post">';
 	print '<input type="hidden" name="action" value="add">';
+
 	print '<table class="border" width="100%">';
 	print '<tr><td>'.$langs->trans('Company').'</td>';
 
@@ -287,11 +288,11 @@ if ($_GET['action'] == 'create' or $_GET['action'] == 'copy')
 	print '</select></td>';
 */
 	print '</td>';
-	print '<td>'.$langs->trans('Comments').'</td></tr>';
+	print '<td width="50%">'.$langs->trans('Comments').'</td></tr>';
 
 	print '<tr><td>'.$langs->trans('Ref').'</td><td><input name="facnumber" type="text"></td>';
 
-	print '<td rowspan="4" valign="top"><textarea name="note" wrap="soft" cols="30" rows="6"></textarea></td></tr>';
+	print '<td width="50%" rowspan="4" valign="top"><textarea name="note" wrap="soft" cols="30" rows="6"></textarea></td></tr>';
 	if ($_GET['action'] == 'copy')
 	{
 		print '<tr><td>'.$langs->trans('Label').'</td><td><input size="30" name="libelle" value="'.$fac_ori->libelle.'" type="text"></td></tr>';
@@ -342,7 +343,7 @@ if ($_GET['action'] == 'create' or $_GET['action'] == 'copy')
 	}
 
 	print '</table>';
-	print '<p align="center"><input type="submit" value="'.$langs->trans('Save').'"></p>';
+	print '<center><input type="submit" class="button" value="'.$langs->trans('Save').'"></center>';
 	print '</form>';
 }
 else
@@ -377,15 +378,15 @@ else
             print '<input type="hidden" name="action" value="update">';
 
             print '<table class="border" width="100%">';
-            print '<tr><td width="20%">'.$langs->trans("Company").'</td>';
+            print '<tr><td>'.$langs->trans("Company").'</td>';
 
-            print '<td width="20%">'.stripslashes($fac->socnom).'</td>';
-            print '<td width="60%" valign="top">'.$langs->trans("Comments").'</tr>';
+            print '<td>'.stripslashes($fac->socnom).'</td>';
+            print '<td width="50%" valign="top">'.$langs->trans("Comments").'</tr>';
 
             print '<tr><td valign="top">'.$langs->trans("Ref").'</td><td valign="top">';
             print '<input name="facnumber" type="text" value="'.$fac->ref.'"></td>';
 
-            print '<td rowspan="8" width="60%" valign="top">';
+            print '<td rowspan="8" valign="top">';
             print '<textarea name="note" wrap="soft" cols="60" rows="10">';
             print stripslashes($fac->note);
             print '</textarea></td></tr>';
@@ -396,11 +397,11 @@ else
             print '<tr><td>'.$langs->trans("AmountHT").' / '.$langs->trans("AmountTTC").'</td>';
             print '<td>'.price($fac->total_ht).' / '.price($fac->total_ttc).'</td></tr>';
 
-            print '<tr><td>'.$langs->trans("Date").'</td><td>';
+            print '<tr><td>'.$langs->trans("DateBill").'</td><td>';
             $html->select_date($fac->datep);
             print "</td></tr>";
 
-            print '<tr><td>'.$langs->trans("Date").'</td><td>';
+            print '<tr><td>'.$langs->trans("DateEcheance").'</td><td>';
             $html->select_date($fac->date_echeance,'ech');
             print "</td></tr>";
 
@@ -413,7 +414,7 @@ else
             }
             print "<tr><td>".$langs->trans("Author")."</td><td>$authorfullname</td></tr>";
             print '<tr><td>'.$langs->trans("Status").'</td><td>'.$fac->LibStatut($fac->paye,$fac->statut)."</td></tr>";
-            print "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" value=\"".$langs->trans("Save")."\"></td></tr>";
+            print "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" class=\"button\" value=\"".$langs->trans("Save")."\"></td></tr>";
             print "</table>";
             print "</form>";
 
@@ -422,6 +423,7 @@ else
             *
             */
             print '<br>';
+            $var=true;
 
             print "<form action=\"fiche.php?facid=$fac->id&amp;action=add_ligne\" method=\"post\">";
             print '<table class="noborder" width="100%">';
@@ -435,7 +437,8 @@ else
             print '<td align="right">'.$langs->trans("TotalTTC").'</td><td>&nbsp;</td></tr>';
             for ($i = 0 ; $i < sizeof($fac->lignes) ; $i++)
             {
-                print "<tr $bc[1]>".'<td>'.$fac->lignes[$i][0]."</td>";
+                $var=!$var;
+                print "<tr $bc[$var]>".'<td>'.$fac->lignes[$i][0]."</td>";
                 print '<td align="center">'.price($fac->lignes[$i][1])."</td>";
                 print '<td align="center">'.price($fac->lignes[$i][1] * (1+($fac->lignes[$i][2]/100)))."</td>";
                 print '<td align="center">'.$fac->lignes[$i][3]."</td>";
@@ -449,7 +452,8 @@ else
             }
 
             /* Nouvelle ligne */
-            print "<tr $bc[1]>";
+            $var=!$var;
+            print "<tr $bc[$var]>";
             print '<td>';
             print '<input size="30" name="label" type="text">';
             print '</td>';
@@ -467,7 +471,7 @@ else
             $html->select_tva("tauxtva");
             print '</td><td align="center" colspan="2">';
             print '&nbsp;';
-            print '</td><td align="center"><input type="submit" value="'.$langs->trans("Add").'"></td></tr>';
+            print '</td><td align="center"><input type="submit" class="button" value="'.$langs->trans("Add").'"></td></tr>';
             print "</table>";
             print "</form>";
         }
@@ -505,10 +509,16 @@ else
             *   Facture
             */
             print '<table class="border" width="100%">';
-            print "<tr><td>".$langs->trans("Company")."</td><td colspan=\"2\"><b><a href=\"../fiche.php?socid=$fac->socidp\">$fac->socnom</a></b></td>";
-            print "<td align=\"right\"><a href=\"index.php?socid=$fac->socidp\">".$langs->trans("OtherBills")."</a></td>\n";
-            print "</tr>";
+            
+            // Ref
+            print "<tr><td>".$langs->trans("Ref")."</td><td colspan=\"3\">".$fac->ref."</td>";
+            print "</tr>\n";
 
+            // Societe
+            print "<tr><td>".$langs->trans("Company")."</td><td colspan=\"2\"><a href=\"../fiche.php?socid=$fac->socidp\">".dolibarr_trunc($fac->socnom,24)."</td>";
+            print "<td align=\"right\"><a href=\"index.php?socid=$fac->socidp\">".$langs->trans("OtherBills")."</a></td>";
+            print "</tr>\n";
+            
             print '<tr><td>'.$langs->trans("Date")."</td><td colspan=\"3\">";
             print dolibarr_print_date($fac->datep,"%A %d %B %Y")."</td></tr>\n";
             print '<tr><td>'.$langs->trans("Label").'</td><td colspan="3">';
@@ -629,7 +639,8 @@ else
             * Lignes
             *
             */
-            print '<p><table class="noborder" width="100%">';
+            print '<br>';
+            print '<table class="noborder" width="100%">';
             print '<tr class="liste_titre"><td>'.$langs->trans("Label").'</td>';
             print '<td align="center">'.$langs->trans("PriceUHT").'</td>';
             print '<td align="center">'.$langs->trans("Qty").'</td>';
diff --git a/htdocs/fourn/fournisseur.facture.class.php b/htdocs/fourn/fournisseur.facture.class.php
index 47538135923..928ec2d1863 100644
--- a/htdocs/fourn/fournisseur.facture.class.php
+++ b/htdocs/fourn/fournisseur.facture.class.php
@@ -36,111 +36,109 @@
 
 class FactureFournisseur
 {
-  var $id;
-  var $db;
-  var $socid;
-  var $number;
-  var $statut;
-  var $paye;
-  var $author;
-  var $libelle;
-  var $date;
-  var $date_echeance;
-  var $ref;
-  var $amount;
-  var $remise;
-  var $tva;
-  var $total_ht;
-  var $total_tva;
-  var $total_ttc;
-  var $note;
-  var $db_table;
-  var $propalid;
-  var $lignes;
+    var $id;
+    var $db;
+    var $socid;
+    var $number;
+    var $statut;
+    var $paye;
+    var $author;
+    var $libelle;
+    var $date;
+    var $date_echeance;
+    var $ref;
+    var $amount;
+    var $remise;
+    var $tva;
+    var $total_ht;
+    var $total_tva;
+    var $total_ttc;
+    var $note;
+    var $db_table;
+    var $propalid;
+    var $lignes;
+    
+    /**
+     *    \brief  Constructeur de la classe
+     *    \param  DB          handler accès base de données
+     *    \param  soc_idp     id societe ("" par defaut)
+     *    \param  facid       id facture ("" par defaut)
+     */
+    function FactureFournisseur($DB, $soc_idp="", $facid="")
+    {
+        $this->db = $DB ;
+        $this->socidp = $soc_idp;
+        $this->products = array();
+        $this->db_table = MAIN_DB_PREFIX."facture";
+        $this->amount = 0;
+        $this->remise = 0;
+        $this->tva = 0;
+        $this->total = 0;
+        $this->propalid = 0;
+        $this->id = $facid;
+    
+        $this->lignes = array();
+    }
 
-  /**
-   *    \brief  Constructeur de la classe
-   *    \param  DB          handler accès base de données
-   *    \param  soc_idp     id societe ("" par defaut)
-   *    \param  facid       id facture ("" par defaut)
-   */
-  function FactureFournisseur($DB, $soc_idp="", $facid="")
-  {
-    $this->db = $DB ;
-    $this->socidp = $soc_idp;
-    $this->products = array();
-    $this->db_table = MAIN_DB_PREFIX."facture";
-    $this->amount = 0;
-    $this->remise = 0;
-    $this->tva = 0;
-    $this->total = 0;
-    $this->propalid = 0;
-    $this->id = $facid;
-
-    $this->lignes = array();
-  }
-
-  /**
-   *    \brief      Création de la facture en base
-   *    \param      user        object utilisateur qui crée
-   *    \return     int         id facture si ok, < 0 si erreur
-   */
+    /**
+     *    \brief      Création de la facture en base
+     *    \param      user        object utilisateur qui crée
+     *    \return     int         id facture si ok, < 0 si erreur
+     */
     function create($user)
     {
         global $langs;
     
+        // Nettoyage parametres
         $socid = $this->socidp;
-        $number = sanitize_string(strtoupper($this->number));
+        $number = strtoupper($this->number);
         $amount = $this->amount;
         $remise = $this->remise;
-        
+    
         $this->db->begin();
-        
+    
         if (! $remise) $remise = 0 ;
         $totalht = ($amount - $remise);
-// NE ME SEMBLE PLUS JUSTIFIE ICI
-//        $tva = tva($totalht);
-//        $total = $totalht + $tva;
     
         $sql = "INSERT INTO ".MAIN_DB_PREFIX."facture_fourn (facnumber, libelle, fk_soc, datec, datef, note, fk_user_author, date_lim_reglement) ";
-        $sql .= " VALUES ('".$number."','".addslashes($this->libelle)."',";
+        $sql .= " VALUES ('".addslashes($number)."','".addslashes($this->libelle)."',";
         $sql .= $this->socid.", now(),'".$this->db->idate($this->date)."','".addslashes($this->note)."', ".$user->id.",'".$this->db->idate($this->date_echeance)."');";
     
         $resql=$this->db->query($sql);
-
+    
         if ($resql)
         {
-	  $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX."facture_fourn");
-	  
-	  for ($i = 0 ; $i < sizeof($this->lignes) ; $i++)
+            $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX."facture_fourn");
+    
+            for ($i = 0 ; $i < sizeof($this->lignes) ; $i++)
             {
-	      
-	      $sql = "INSERT INTO ".MAIN_DB_PREFIX."facture_fourn_det (fk_facture_fourn)";
-	      $sql .= " VALUES ($this->id);";
-	      if ($this->db->query($sql))
+    
+                $sql = "INSERT INTO ".MAIN_DB_PREFIX."facture_fourn_det (fk_facture_fourn)";
+                $sql .= " VALUES ($this->id);";
+                if ($this->db->query($sql))
                 {
-		  $idligne = $this->db->last_insert_id(MAIN_DB_PREFIX."facture_fourn_det");
-		  
-		  $this->updateline($idligne,
-				    $this->lignes[$i][0],
-				    $this->lignes[$i][1],
-				    $this->lignes[$i][2],
-				    $this->lignes[$i][3]);
+                    $idligne = $this->db->last_insert_id(MAIN_DB_PREFIX."facture_fourn_det");
+    
+                    $this->updateline($idligne,
+                    $this->lignes[$i][0],
+                    $this->lignes[$i][1],
+                    $this->lignes[$i][2],
+                    $this->lignes[$i][3]);
                 }
             }
-	  
-	  // Mise à jour prix
-	  if ($this->updateprice($this->id) > 0)
+    
+            // Mise à jour prix
+            if ($this->updateprice($this->id) > 0)
             {
-	      $this->db->commit();
-	      return $this->id;
+                $this->db->commit();
+                return $this->id;
+            }
+            else
+            {
+                $this->error=$langs->trans("FailedToUpdatePrice");
+                $this->db->rollback();
+                return -3;
             }
-	  else
-	    {
-	      $this->error=$langs->trans("FailedToUpdatePrice");
-	      $this->db->rollback();
-	      return -3;
-	    }        
         }
         else
         {
@@ -149,14 +147,14 @@ class FactureFournisseur
                 $this->error=$langs->trans("ErrorBillRefAlreadyExists");
                 $this->db->rollback();
                 return -1;
-	      }
+            }
             else
-	      {
+            {
                 $this->error=$this->db->error();
                 $this->db->rollback();
                 return -2;
-	      }
-	  }
+            }
+        }
     }
   
   /**
diff --git a/htdocs/langs/en_US/bills.lang b/htdocs/langs/en_US/bills.lang
index 4d61412fbbb..84cb7fb26c3 100644
--- a/htdocs/langs/en_US/bills.lang
+++ b/htdocs/langs/en_US/bills.lang
@@ -97,6 +97,7 @@ RelatedCommercialProposals=Related commercial proposals
 MenuToValid=To valid
 DateClosing=Closing date
 DateEcheance=Due date limit
+DateBill=Bill date
 ClassifyBill=Classify invoice
 NoSupplierBillsUnpayed=No suppliers invoices unpayed
 SupplierBillsToPay=Suppliers invoices to pay
diff --git a/htdocs/langs/en_US/compta.lang b/htdocs/langs/en_US/compta.lang
index db75619ff4e..553688162b5 100644
--- a/htdocs/langs/en_US/compta.lang
+++ b/htdocs/langs/en_US/compta.lang
@@ -29,6 +29,7 @@ ContributionsToPay=Contributions to pay
 AccountancyTreasuryArea=Accountancy/Treasury area
 AccountancySetup=Accountancy setup
 NewPayment=New payment
+Payments=Payments
 ListPayment=List of payments
 ListOfPayments=List of payments
 RulesResultDue=- Il inclut les factures, charges et tva dues, qu'elles soient payées ou non.<br>- Il se base sur la date de validation pour les factures et tva, les dates d'échéances pour les charges.<br>
@@ -41,4 +42,8 @@ VATPayment=VAT Payment
 VATPayments=VAT Payments
 TotalToPay=Total to pay
 CustomerAccountancyCode=Customer accountancy code
-SupplierAccountancyCode=Supplier accountacy code
\ No newline at end of file
+SupplierAccountancyCode=Supplier accountacy code
+AlreadyPayed=Already payed
+AccountNumberShort=Account number
+AccountNumber=Account number
+NewAccount=New account
\ No newline at end of file
diff --git a/htdocs/langs/fr_FR/bills.lang b/htdocs/langs/fr_FR/bills.lang
index 4cc67ad7faa..0e8951bef47 100644
--- a/htdocs/langs/fr_FR/bills.lang
+++ b/htdocs/langs/fr_FR/bills.lang
@@ -97,6 +97,7 @@ RelatedCommercialProposals=Propositions commerciales associ
 MenuToValid=A valider
 DateClosing=Date limite réglement
 DateEcheance=Date échéance
+DateBill=Date facturation
 ClassifyBill=Classer la facture
 NoSupplierBillsUnpayed=Aucune facture fournisseur impayée
 SupplierBillsToPay=Factures fournisseurs à payer
diff --git a/htdocs/langs/fr_FR/compta.lang b/htdocs/langs/fr_FR/compta.lang
index b39df243632..e12a913832b 100644
--- a/htdocs/langs/fr_FR/compta.lang
+++ b/htdocs/langs/fr_FR/compta.lang
@@ -43,4 +43,7 @@ VATPayments=R
 TotalToPay=Total à payer
 CustomerAccountancyCode=Code compta client
 SupplierAccountancyCode=Code compta founisseur
-AlreadyPayed=Déjà réglé
\ No newline at end of file
+AlreadyPayed=Déjà réglé
+AccountNumberShort=N° du compte
+AccountNumber=Numéro du compte
+NewAccount=Nouveau compte
\ No newline at end of file

'.$langs->trans('Company').'	'.$langs->trans('Comments').'
'.$langs->trans('Comments').'
'.$langs->trans('Ref').'

	'.$langs->trans('Label').'
'.$langs->trans("Company").'
'.$langs->trans("Company").'	'.stripslashes($fac->socnom).'	'.$langs->trans("Comments").'
'.stripslashes($fac->socnom).'	'.$langs->trans("Comments").'
'.$langs->trans("Ref").'	'; print '	'; + print '	'; print ''; print stripslashes($fac->note); print '
'.$langs->trans("AmountHT").' / '.$langs->trans("AmountTTC").'	'.price($fac->total_ht).' / '.price($fac->total_ttc).'
'.$langs->trans("Date").'	'; + print '
'.$langs->trans("DateBill").'	'; $html->select_date($fac->datep); print "
'.$langs->trans("Date").'	'; + print '
'.$langs->trans("DateEcheance").'	'; $html->select_date($fac->date_echeance,'ech'); print "
".$langs->trans("Author")."	$authorfullname
'.$langs->trans("Status").'	'.$fac->LibStatut($fac->paye,$fac->statut)."
trans("Save")."\">
trans("Save")."\">
'.$langs->trans("TotalTTC").'
'.$fac->lignes[$i][0]."
'.$fac->lignes[$i][0]."	'.price($fac->lignes[$i][1])."	'.price($fac->lignes[$i][1] * (1+($fac->lignes[$i][2]/100)))."	'.$fac->lignes[$i][3]."
'; print ''; print '	'; print ' '; - print '