diff --git a/dev/initdata/dbf/import-dbf.php b/dev/initdata/dbf/import-dbf.php deleted file mode 100644 index ba1da9722d6..00000000000 --- a/dev/initdata/dbf/import-dbf.php +++ /dev/null @@ -1,234 +0,0 @@ -#!/usr/bin/env php - - * Copyright (C) 2016 Juanjo Menent - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - * WARNING, THIS WILL LOAD MASS DATA ON YOUR INSTANCE - */ - -/** - * \file dev/initdata/import-dbf.php - * \brief Script example to create a table from a large DBF file (openoffice) - * To purge data, you can have a look at purge-data.php - */ -// Test si mode batch -$sapi_type = php_sapi_name(); -$script_file = basename(__FILE__); - -$path = dirname(__FILE__) . '/'; -if (substr($sapi_type, 0, 3) == 'cgi') { - echo "Error: You are using PHP for CGI. To execute ".$script_file." from command line, you must use PHP for CLI mode.\n"; - exit; -} - -// Recupere root dolibarr -$path = dirname($_SERVER["PHP_SELF"]); -require $path . "./../htdocs/master.inc.php"; -require $path . "/includes/dbase.class.php"; - -// Global variables -$version = DOL_VERSION; -$confirmed = 1; -$error = 0; - - -/* - * Main - */ - -@set_time_limit(0); -print "***** " . $script_file . " (" . $version . ") pid=" . dol_getmypid() . " *****\n"; -dol_syslog($script_file . " launched with arg " . implode(',', $argv)); - - -$filepath = $argv[1]; -$filepatherr = $filepath . '.err'; -$startchar = empty($argv[2]) ? 0 : (int) $argv[2]; -$deleteTable = empty($argv[3]) ? 1 : 0; -$startlinenb = empty($argv[3]) ? 1 : (int) $argv[3]; -$endlinenb = empty($argv[4]) ? 0 : (int) $argv[4]; - -if (empty($filepath)) { - print "Usage: php $script_file myfilepath.dbf [removeChatColumnName] [startlinenb] [endlinenb]\n"; - print "Example: php $script_file myfilepath.dbf 0 2 1002\n"; - print "\n"; - exit(-1); -} -if (!file_exists($filepath)) { - print "Error: File " . $filepath . " not found.\n"; - print "\n"; - exit(-1); -} - -$ret = $user->fetch('', 'admin'); -if (!$ret > 0) { - print 'A user with login "admin" and all permissions must be created to use this script.' . "\n"; - exit; -} -$user->getrights(); - -// Ask confirmation -if (!$confirmed) { - print "Hit Enter to continue or CTRL+C to stop...\n"; - $input = trim(fgets(STDIN)); -} - -// Open input and output files -$fhandle = dbase_open($filepath, 0); -if (!$fhandle) { - print 'Error: Failed to open file ' . $filepath . "\n"; - exit(1); -} -$fhandleerr = fopen($filepatherr, 'w'); -if (!$fhandleerr) { - print 'Error: Failed to open file ' . $filepatherr . "\n"; - exit(1); -} - -$langs->setDefaultLang($defaultlang); - -$record_numbers = dbase_numrecords($fhandle); -$table_name = substr(basename($filepath), 0, strpos(basename($filepath), '.')); -print 'Info: ' . $record_numbers . " lines in file \n"; -$header = dbase_get_header_info($fhandle); -if ($deleteTable) { - $db->query("DROP TABLE IF EXISTS `$table_name`"); -} -$sqlCreate = "CREATE TABLE IF NOT EXISTS `$table_name` ( `id` INT(11) NOT NULL AUTO_INCREMENT "; -$fieldArray = array("`id`"); -foreach ($header as $value) { - $fieldName = substr(str_replace('_', '', $value['name']), $startchar); - $fieldArray[] = "`$fieldName`"; - $sqlCreate .= ", `" . $fieldName . "` VARCHAR({$value['length']}) NULL DEFAULT NULL "; -} -$sqlCreate .= ", PRIMARY KEY (`id`)) ENGINE = InnoDB"; -$resql = $db->query($sqlCreate); -if ($resql !== false) { - print "Table $table_name created\n"; -} else { - var_dump($db->errno()); - print "Impossible : " . $sqlCreate . "\n"; - die(); -} - -$i = 0; -$nboflines++; - -$fields = implode(',', $fieldArray); -//var_dump($fieldArray);die(); -$maxLength = 0; -for ($i = 1; $i <= $record_numbers; $i++) { - if ($startlinenb && $i < $startlinenb) { - continue; - } - if ($endlinenb && $i > $endlinenb) { - continue; - } - $row = dbase_get_record_with_names($fhandle, $i); - if ($row === false || (isset($row["deleted"]) && $row["deleted"] == '1')) { - continue; - } - $sqlInsert = "INSERT INTO `$table_name`($fields) VALUES (null,"; - array_shift($row); // remove delete column - foreach ($row as $value) { - $sqlInsert .= "'" . $db->escape(utf8_encode($value)) . "', "; - } - replaceable_echo(implode("\t", $row)); - $sqlInsert = rtrim($sqlInsert, ', '); - $sqlInsert .= ")"; - $resql = $db->query($sqlInsert); - if ($resql === false) { - print "Impossible : " . $sqlInsert . "\n"; - var_dump($row, $db->errno()); - die(); - } - // $fields = (object) $row; - // var_dump($fields); - continue; -} -die(); - - - - - -// commit or rollback -print "Nb of lines qualified: " . $nboflines . "\n"; -print "Nb of errors: " . $error . "\n"; -if ($mode != 'confirmforced' && ($error || $mode != 'confirm')) { - print "Rollback any changes.\n"; - $db->rollback(); -} else { - print "Commit all changes.\n"; - $db->commit(); -} - -$db->close(); -fclose($fhandle); -fclose($fhandleerr); - -exit($error); - - -/** - * replaceable_echo - * - * @param string $message Message - * @param int $force_clear_lines Force clear messages - * @return void - */ -function replaceable_echo($message, $force_clear_lines = null) -{ - static $last_lines = 0; - - if (!is_null($force_clear_lines)) { - $last_lines = $force_clear_lines; - } - - $toss = array(); - $status = 0; - $term_width = exec('tput cols', $toss, $status); - if ($status) { - $term_width = 64; // Arbitrary fall-back term width. - } - - $line_count = 0; - foreach (explode("\n", $message) as $line) { - $line_count += count(str_split($line, $term_width)); - } - - // Erasure MAGIC: Clear as many lines as the last output had. - for ($i = 0; $i < $last_lines; $i++) { - // Return to the beginning of the line - echo "\r"; - // Erase to the end of the line - echo "\033[K"; - // Move cursor Up a line - echo "\033[1A"; - // Return to the beginning of the line - echo "\r"; - // Erase to the end of the line - echo "\033[K"; - // Return to the beginning of the line - echo "\r"; - // Can be consolodated into - // echo "\r\033[K\033[1A\r\033[K\r"; - } - - $last_lines = $line_count; - - echo $message . "\n"; -} diff --git a/dev/initdata/dbf/importdb-products.php b/dev/initdata/dbf/importdb-products.php deleted file mode 100644 index 6da24faee4e..00000000000 --- a/dev/initdata/dbf/importdb-products.php +++ /dev/null @@ -1,248 +0,0 @@ -#!/usr/bin/env php - - * Copyright (C) 2016 Juanjo Menent - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - * WARNING, THIS WILL LOAD MASS DATA ON YOUR INSTANCE - */ - -/** - * \file dev/initdata/import-product.php - * \brief Script example to insert products from a csv file. - * To purge data, you can have a look at purge-data.php - */ -// Test si mode batch -$sapi_type = php_sapi_name(); -$script_file = basename(__FILE__); -$path = dirname(__FILE__) . '/'; -if (substr($sapi_type, 0, 3) == 'cgi') { - echo "Error: You are using PHP for CGI. To execute ".$script_file." from command line, you must use PHP for CLI mode.\n"; - exit; -} - -// Recupere root dolibarr -$path = preg_replace('/importdb-products.php/i', '', $_SERVER["PHP_SELF"]); -require $path . "../../htdocs/master.inc.php"; -require $path . "includes/dbase.class.php"; -include_once DOL_DOCUMENT_ROOT . '/societe/class/societe.class.php'; -include_once DOL_DOCUMENT_ROOT . '/product/class/product.class.php'; - -//$delimiter = ','; -//$enclosure = '"'; -//$linelength = 10000; -//$escape = '/'; -// Global variables -$version = DOL_VERSION; -$confirmed = 1; -$error = 0; - -$tvas = [ - '1' => "20.00", - '2' => "5.50", - '3' => "0.00", - '4' => "20.60", - '5' => "19.60", -]; -$tvasD = [ - '1' => "20", - '2' => "5.5", - '3' => "0", - '4' => "20", - '5' => "20", -]; - -/* - * Main - */ - -@set_time_limit(0); -print "***** " . $script_file . " (" . $version . ") pid=" . dol_getmypid() . " *****\n"; -dol_syslog($script_file . " launched with arg " . implode(',', $argv)); - -$table = $argv[1]; - -if (empty($argv[1])) { - print "Error: Which table ?\n"; - print "\n"; - exit(-1); -} - -$ret = $user->fetch('', 'admin'); -if (!$ret > 0) { - print 'A user with login "admin" and all permissions must be created to use this script.' . "\n"; - exit; -} - -$sql = "SELECT * FROM `$table` WHERE 1"; -$resql = $db->query($sql); -if ($resql) { - while ($fields = $db->fetch_array($resql)) { - $errorrecord = 0; - if ($fields === false) { - continue; - } - $nboflines++; - - $produit = new Product($db); - $produit->type = 0; - $produit->status = 1; - $produit->ref = trim($fields['REF']); - if ($produit->ref == '') { - continue; - } - print "Process line nb " . $j . ", ref " . $produit->ref; - $produit->label = trim($fields['LIBELLE']); - if ($produit->label == '') { - $produit->label = $produit->ref; - } - if (empty($produit->label)) { - continue; - } - //$produit->description = trim($fields[4] . "\n" . ($fields[5] ? $fields[5] . ' x ' . $fields[6] . ' x ' . $fields[7] : '')); - // $produit->volume = price2num($fields[8]); - // $produit->volume_unit = 0; - $produit->weight = price2num($fields['MASSE']); - $produit->weight_units = 0; // -3 = g - //$produit->customcode = $fields[10]; - $produit->barcode = str_pad($fields['CODE'], 12, "0", STR_PAD_LEFT); - $produit->barcode_type = '2'; - $produit->import_key = $fields['CODE']; - - $produit->status = 1; - $produit->status_buy = 1; - - $produit->finished = 1; - - // $produit->multiprices[0] = price2num($fields['TARIF0']); - // $produit->multiprices[1] = price2num($fields['TARIF1']); - // $produit->multiprices[2] = price2num($fields['TARIF2']); - // $produit->multiprices[3] = price2num($fields['TARIF3']); - // $produit->multiprices[4] = price2num($fields['TARIF4']); - // $produit->multiprices[5] = price2num($fields['TARIF5']); - // $produit->multiprices[6] = price2num($fields['TARIF6']); - // $produit->multiprices[7] = price2num($fields['TARIF7']); - // $produit->multiprices[8] = price2num($fields['TARIF8']); - // $produit->multiprices[9] = price2num($fields['TARIF9']); - // $produit->price_min = null; - // $produit->price_min_ttc = null; - // $produit->price = price2num($fields[11]); - // $produit->price_ttc = price2num($fields[12]); - // $produit->price_base_type = 'TTC'; - // $produit->tva_tx = price2num($fields[13]); - $produit->tva_tx = (int) ($tvas[$fields['CODTVA']]); - $produit->tva_npr = 0; - // $produit->cost_price = price2num($fields[16]); - //compta - - $produit->accountancy_code_buy = trim($fields['COMACH']); - $produit->accountancy_code_sell = trim($fields['COMVEN']); - // $produit->accountancy_code_sell_intra=trim($fields['COMVEN']); - // $produit->accountancy_code_sell_export=trim($fields['COMVEN']); - // Extrafields - // $produit->array_options['options_ecotaxdeee'] = price2num($fields[17]); - - $produit->seuil_stock_alerte = $fields['STALERTE']; - $ret = $produit->create($user, 0); - if ($ret < 0) { - print " - Error in create result code = " . $ret . " - " . $produit->errorsToString(); - $errorrecord++; - } else { - print " - Creation OK with ref " . $produit->ref . " - id = " . $ret; - } - - dol_syslog("Add prices"); - - // If we use price level, insert price for each level - if (!$errorrecord && 1) { - //$ret1 = $produit->updatePrice($produit->price_ttc, $produit->price_base_type, $user, $produit->tva_tx, $produit->price_min, 1, $produit->tva_npr, 0, 0, array()); - $ret1 = false; - for ($i = 0; $i < 10; $i++) { - if ($fields['TARIF' . ($i)] == 0) { - continue; - } - $ret1 = $ret1 || $produit->updatePrice(price2num($fields['TARIF' . ($i)]), 'HT', $user, $produit->tva_tx, $produit->price_min, $i + 1, $produit->tva_npr, 0, 0, array()) < 0; - } - if ($ret1) { - print " - Error in updatePrice result " . $produit->errorsToString(); - $errorrecord++; - } else { - print " - updatePrice OK"; - } - } - - - // dol_syslog("Add multilangs"); - // Add alternative languages - // if (!$errorrecord && 1) { - // $produit->multilangs['fr_FR'] = array('label' => $produit->label, 'description' => $produit->description, 'note' => $produit->note_private); - // $produit->multilangs['en_US'] = array('label' => $fields[3], 'description' => $produit->description, 'note' => $produit->note_private); - // - // $ret = $produit->setMultiLangs($user); - // if ($ret < 0) { - // print " - Error in setMultiLangs result code = " . $ret . " - " . $produit->errorsToString(); - // $errorrecord++; - // } else { - // print " - setMultiLangs OK"; - // } - // } - - - dol_syslog("Add stocks"); - // stocks - if (!$errorrecord && $fields['STOCK'] != 0) { - $rets = $produit->correct_stock($user, 1, $fields['STOCK'], 0, 'Stock importé'); - if ($rets < 0) { - print " - Error in correct_stock result " . $produit->errorsToString(); - $errorrecord++; - } else { - print " - correct_stock OK"; - } - } - - //update date créa - if (!$errorrecord) { - $date = substr($fields['DATCREA'], 0, 4) . '-' . substr($fields['DATCREA'], 4, 2) . '-' . substr($fields['DATCREA'], 6, 2); - $retd = $db->query("UPDATE `llx_product` SET `datec` = '$date 00:00:00' WHERE `llx_product`.`rowid` = $produit->id"); - if ($retd < 1) { - print " - Error in update date créa result " . $produit->errorsToString(); - $errorrecord++; - } else { - print " - update date créa OK"; - } - } - print "\n"; - - if ($errorrecord) { - print( 'Error on record nb ' . $i . " - " . $produit->errorsToString() . "\n"); - var_dump($db); - die(); - $error++; // $errorrecord will be reset - } - $j++; - } -} else { - die("error : $sql"); -} - - - - -// commit or rollback -print "Nb of lines qualified: " . $nboflines . "\n"; -print "Nb of errors: " . $error . "\n"; -$db->close(); - -exit($error); diff --git a/dev/initdata/dbf/importdb-thirdparties.php b/dev/initdata/dbf/importdb-thirdparties.php deleted file mode 100644 index ecb1820fad1..00000000000 --- a/dev/initdata/dbf/importdb-thirdparties.php +++ /dev/null @@ -1,365 +0,0 @@ -#!/usr/bin/env php - - * Copyright (C) 2016 Juanjo Menent - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - * WARNING, THIS WILL LOAD MASS DATA ON YOUR INSTANCE - */ - -/** - * \file dev/initdata/import-product.php - * \brief Script example to insert products from a csv file. - * To purge data, you can have a look at purge-data.php - */ -// Test si mode batch -$sapi_type = php_sapi_name(); -$script_file = basename(__FILE__); -$path = dirname(__FILE__) . '/'; -if (substr($sapi_type, 0, 3) == 'cgi') { - echo "Error: You are using PHP for CGI. To execute ".$script_file." from command line, you must use PHP for CLI mode.\n"; - exit; -} - -// Recupere root dolibarr -$path = preg_replace('/importdb-thirdparties.php/i', '', $_SERVER["PHP_SELF"]); -require $path . "../../htdocs/master.inc.php"; -require $path . "includes/dbase.class.php"; -include_once DOL_DOCUMENT_ROOT . '/societe/class/societe.class.php'; -include_once DOL_DOCUMENT_ROOT . '/product/class/product.class.php'; - -//$delimiter = ','; -//$enclosure = '"'; -//$linelength = 10000; -//$escape = '/'; -// Global variables -$version = DOL_VERSION; -$confirmed = 1; -$error = 0; - -$civilPrivate = array("MLLE", - "MM", - "MM/MADAME", - "MME", - "MME.", - "MME²", - "MMONSIEUR", - "MMR", - "MOBNSIEUR", - "MOMSIEUR", - "MON SIEUR", - "MONDIAL", - "MONIEUR", - "MONJSIEUR", - "MONNSIEUR", - "MONRIEUR", - "MONS", - "MONSIEÕR", - "MONSIER", - "MONSIERU", - "MONSIEU", - "monsieue", - "MONSIEUR", - "Monsieur     \"", - "MONSIEUR    \"", - "MONSIEUR   E", - "MONSIEUR  DENIS", - "MONSIEUR ET MME", - "MONSIEUR!", - "MONSIEUR.", - "MONSIEUR.MADAME", - "MONSIEUR3", - "MONSIEURN", - "MONSIEURT", - "MONSIEUR£", - "MONSIEYR", - "Monsigur", - "MONSIIEUR", - "MONSIUER", - "MONSIZEUR", - "MOPNSIEUR", - "MOSIEUR", - "MR", - "Mr  Mme", - "Mr - MME", - "MR BLANC", - "MR ET MME", - "mr mm", - "MR OU MME", - "Mr.", - "MR/MME", - "MRME", - "MRR", - "Mrs", - "Mademoiselle", - "MADAOME", - "madamme", - "MADAME", - "M0NSIEUR", - "M.et Madame", - "M. ET MR", - "M.", - "M%", - "M MME", - "M ET MME", - "M", - "M CROCE", - "M DIEVART", -); - -/* - * Main - */ - -@set_time_limit(0); -print "***** " . $script_file . " (" . $version . ") pid=" . dol_getmypid() . " *****\n"; -dol_syslog($script_file . " launched with arg " . implode(',', $argv)); - -$table = $argv[1]; - -if (empty($argv[1])) { - print "Error: Quelle table ?\n"; - print "\n"; - exit(-1); -} - -$ret = $user->fetch('', 'admin'); -if (!$ret > 0) { - print 'A user with login "admin" and all permissions must be created to use this script.' . "\n"; - exit; -} - -$sql = "SELECT * FROM `$table` WHERE 1 "; //ORDER BY REMISE DESC,`LCIVIL` DESC"; -$resql = $db->query($sql); -//$db->begin(); -if ($resql) { - while ($fields = $db->fetch_array($resql)) { - $i++; - $errorrecord = 0; - - if ($startlinenb && $i < $startlinenb) { - continue; - } - if ($endlinenb && $i > $endlinenb) { - continue; - } - - $nboflines++; - - $object = new Societe($db); - $object->import_key = $fields['CODE']; - $object->state = 1; - $object->client = 3; - $object->fournisseur = 0; - - $object->name = $fields['FCIVIL'] . ' ' . $fields['FNOM']; - //$object->name_alias = $fields[0] != $fields[13] ? trim($fields[0]) : ''; - - $date = $fields['DATCREA'] ? $fields['DATCREA'] : ($fields['DATMOD'] ? $fields['DATMOD'] : '20200101'); - $object->code_client = 'CU' . substr($date, 2, 2) . substr($date, 4, 2) . '-' . str_pad(substr($fields['CODE'], 0, 5), 5, "0", STR_PAD_LEFT); - - - $object->address = trim($fields['FADR1']); - if ($fields['FADR2']) { - $object->address .= "\n" . trim($fields['FADR2']); - } - if ($fields['FADR3']) { - $object->address .= "\n" . trim($fields['FADR3']); - } - - $object->zip = trim($fields['FPOSTE']); - $object->town = trim($fields['FVILLE']); - if ($fields['FPAYS']) { - $object->country_id = dol_getIdFromCode($db, trim(ucwords(strtolower($fields['FPAYS']))), 'c_country', 'label', 'rowid'); - } else { - $object->country_id = 1; - } - $object->phone = trim($fields['FTEL']) ? trim($fields['FTEL']) : trim($fields['FCONTACT']); - $object->phone = substr($object->phone, 0, 20); - $object->fax = trim($fields['FFAX']) ? trim($fields['FFAX']) : trim($fields['FCONTACT']); - $object->fax = substr($object->fax, 0, 20); - $object->email = trim($fields['FMAIL']); - // $object->idprof2 = trim($fields[29]); - $object->tva_intra = str_replace(['.', ' '], '', $fields['TVAINTRA']); - $object->tva_intra = substr($object->tva_intra, 0, 20); - $object->default_lang = 'fr_FR'; - - $object->cond_reglement_id = dol_getIdFromCode($db, 'PT_ORDER', 'c_payment_term', 'code', 'rowid', 1); - $object->multicurrency_code = 'EUR'; - - if ($fields['REMISE'] != '0.00') { - $object->remise_percent = abs($fields['REMISE']); - } - - // $object->code_client = $fields[9]; - // $object->code_fournisseur = $fields[10]; - - - if ($fields['FCIVIL']) { - $labeltype = in_array($fields['FCIVIL'], $civilPrivate) ? 'TE_PRIVATE' : 'TE_SMALL'; - $object->typent_id = dol_getIdFromCode($db, $labeltype, 'c_typent', 'code'); - } - - // Set price level - $object->price_level = $fields['TARIF'] + 1; - // if ($labeltype == 'Revendeur') - // $object->price_level = 2; - - print "Process line nb " . $i . ", code " . $fields['CODE'] . ", name " . $object->name; - - - // Extrafields - $object->array_options['options_banque'] = $fields['BANQUE']; - $object->array_options['options_banque2'] = $fields['BANQUE2']; - $object->array_options['options_banquevalid'] = $fields['VALID']; - - if (!$errorrecord) { - $ret = $object->create($user); - if ($ret < 0) { - print " - Error in create result code = " . $ret . " - " . $object->errorsToString(); - $errorrecord++; - var_dump($object->code_client, $db); - die(); - } else { - print " - Creation OK with name " . $object->name . " - id = " . $ret; - } - } - - if (!$errorrecord) { - dol_syslog("Set price level"); - $object->set_price_level($object->price_level, $user); - } - if (!$errorrecord && @$object->remise_percent) { - dol_syslog("Set remise client"); - $object->set_remise_client($object->remise_percent, 'Importé', $user); - } - - dol_syslog("Add contact"); - // Insert an invoice contact if there is an invoice email != standard email - if (!$errorrecord && ($fields['LCIVIL'] || $fields['LNOM'])) { - $madame = array("MADAME", - "MADEMOISELLE", - "MELLE", - "MLLE", - "MM", - "Mme", - "MNE", - ); - $monsieur = array("M", - "M ET MME", - "M MME", - "M.", - "M. MME", - "M. OU Mme", - "M.ou Madame", - "MONSEUR", - "MONSIER", - "MONSIEU", - "MONSIEUR", - "monsieur:mme", - "MONSIEUR¨", - "MONSIEZUR", - "MONSIUER", - "MONSKIEUR", - "MR", - ); - $ret1 = $ret2 = 0; - - $contact = new Contact($db); - if (in_array($fields['LCIVIL'], $madame)) { - // une dame - $contact->civility_id = 'MME'; - $contact->lastname = $fields['LNOM']; - } elseif (in_array($fields['LCIVIL'], $monsieur)) { - // un monsieur - $contact->civility_id = 'MR'; - $contact->lastname = $fields['LNOM']; - } elseif (in_array($fields['LCIVIL'], ['DOCTEUR'])) { - // un monsieur - $contact->civility_id = 'DR'; - $contact->lastname = $fields['LNOM']; - } else { - // un a rattraper - $contact->lastname = $fields['LCIVIL'] . " " . $fields['LNOM']; - } - $contact->address = trim($fields['LADR1']); - if ($fields['LADR2']) { - $contact->address .= "\n" . trim($fields['LADR2']); - } - if ($fields['LADR3']) { - $contact->address .= "\n" . trim($fields['LADR3']); - } - - $contact->zip = trim($fields['LPOSTE']); - $contact->town = trim($fields['LVILLE']); - if ($fields['FPAYS']) { - $contact->country_id = dol_getIdFromCode($db, trim(ucwords(strtolower($fields['LPAYS']))), 'c_country', 'label', 'rowid'); - } else { - $contact->country_id = 1; - } - $contact->email = $fields['LMAIL']; - $contact->phone = trim($fields['LTEL']) ? trim($fields['LTEL']) : trim($fields['LCONTACT']); - $contact->fax = trim($fields['LFAX']) ? trim($fields['LFAX']) : trim($fields['LCONTACT']); - $contact->socid = $object->id; - - $ret1 = $contact->create($user); - if ($ret1 > 0) { - //$ret2=$contact->add_contact($object->id, 'BILLING'); - } - if ($ret1 < 0 || $ret2 < 0) { - print " - Error in create contact result code = " . $ret1 . " " . $ret2 . " - " . $contact->errorsToString(); - $errorrecord++; - } else { - print " - create contact OK"; - } - } - - - //update date créa - if (!$errorrecord) { - $datec = substr($date, 0, 4) . '-' . substr($date, 4, 2) . '-' . substr($date, 6, 2); - $retd = $db->query("UPDATE `llx_societe` SET `datec` = '$datec 00:00:00' WHERE `rowid` = $object->id"); - if ($retd < 1) { - print " - Error in update date créa result " . $object->errorsToString(); - $errorrecord++; - } else { - print " - update date créa OK"; - } - } - print "\n"; - - if ($errorrecord) { - print( 'Error on record nb ' . $i . " - " . $object->errorsToString() . "\n"); - var_dump($db, $object, $contact); - // $db->rollback(); - die(); - $error++; // $errorrecord will be reset - } - $j++; - } -} else { - die("error : $sql"); -} - -$db->commit(); - - - -// commit or rollback -print "Nb of lines qualified: " . $nboflines . "\n"; -print "Nb of errors: " . $error . "\n"; -$db->close(); - -exit($error); diff --git a/dev/initdata/dbf/includes/dbase.class.php b/dev/initdata/dbf/includes/dbase.class.php deleted file mode 100644 index a225d67cde9..00000000000 --- a/dev/initdata/dbf/includes/dbase.class.php +++ /dev/null @@ -1,599 +0,0 @@ -fd = $fd; - // Byte 4-7 (32-bit number): Number of records in the database file. Currently 0 - fseek($this->fd, 4, SEEK_SET); - $this->recordCount = self::getInt32($fd); - // Byte 8-9 (16-bit number): Number of bytes in the header. - fseek($this->fd, 8, SEEK_SET); - $this->headerLength = self::getInt16($fd); - // Number of fields is (headerLength - 33) / 32) - $this->fieldCount = ($this->headerLength - 33) / 32; - // Byte 10-11 (16-bit number): Number of bytes in record. - fseek($this->fd, 10, SEEK_SET); - $this->recordLength = self::getInt16($fd); - // Byte 32 - n (32 bytes each): Field descriptor array - fseek($fd, 32, SEEK_SET); - for ($i = 0; $i < $this->fieldCount; $i++) { - $data = fread($this->fd, 32); - $field = array_map('trim', unpack('a11name/a1type/c4/c1length/c1precision/s1workid/c1example/c10/c1production', $data)); - $this->fields[] = $field; - } - } - - /** - * dbase_close - * @return void - */ - public function close() - { - fclose($this->fd); - } - - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps - /** - * dbase_get_header_info - * @return array - */ - public function get_header_info() - { - // phpcs:disable - return $this->fields; - } - - /** - * dbase_numfields - * @return int - */ - public function numfields() - { - return $this->fieldCount; - } - - /** - * dbase_numrecords - * @return int - */ - public function numrecords() - { - return $this->recordCount; - } - - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps - /** - * dbase_add_record - * @param array $record record - * @return bool - */ - public function add_record($record) - { - // phpcs:enable - if (count($record) != $this->fieldCount) { - return false; - } - // Seek to end of file, minus the end of file marker - fseek($this->fd, 0, SEEK_END); - // Put the deleted flag - self::putChar8($this->fd, 0x20); - // Put the record - if (!$this->putRecord($record)) { - return false; - } - // Update the record count - fseek($this->fd, 4); - self::putInt32($this->fd, ++$this->recordCount); - return true; - } - - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps - /** - * dbase_replace_record - * @param array $record record - * @param int $record_number record number - * @return bool - */ - public function replace_record($record, $record_number) - { - // phpcs:enable - if (count($record) != $this->fieldCount) { - return false; - } - if ($record_number < 1 || $record_number > $this->recordCount) { - return false; - } - // Skip to the record location, plus the 1 byte for the deleted flag - fseek($this->fd, $this->headerLength + ($this->recordLength * ($record_number - 1)) + 1); - return $this->putRecord($record); - } - - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps - /** - * dbase_delete_record - * @param int $record_number record number - * @return bool - */ - public function delete_record($record_number) - { - // phpcs:enable - if ($record_number < 1 || $record_number > $this->recordCount) { - return false; - } - fseek($this->fd, $this->headerLength + ($this->recordLength * ($record_number - 1))); - self::putChar8($this->fd, 0x2A); - return true; - } - - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps - /** - * dbase_get_record - * @param int $record_number record number - * @return array - */ - public function get_record($record_number) - { - // phpcs:enable - if ($record_number < 1 || $record_number > $this->recordCount) { - return false; - } - fseek($this->fd, $this->headerLength + ($this->recordLength * ($record_number - 1))); - $record = array( - 'deleted' => self::getChar8($this->fd) == 0x2A ? 1 : 0 - ); - foreach ($this->fields as $i => &$field) { - $value = trim(fread($this->fd, $field['length'])); - if ($field['type'] == 'L') { - $value = strtolower($value); - if ($value == 't' || $value == 'y') { - $value = true; - } elseif ($value == 'f' || $value == 'n') { - $value = false; - } else { - $value = null; - } - } - $record[$i] = $value; - } - return $record; - } - - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps - /** - * dbase_get_record_with_names - * @param int $record_number record number - * @return array - */ - public function get_record_with_names($record_number) - { - // phpcs:enable - if ($record_number < 1 || $record_number > $this->recordCount) { - return false; - } - $record = $this->get_record($record_number); - foreach ($this->fields as $i => &$field) { - $record[$field['name']] = $record[$i]; - unset($record[$i]); - } - return $record; - } - - /** - * dbase_pack - * @return void - */ - public function pack() - { - $in_offset = $out_offset = $this->headerLength; - $new_count = 0; - $rec_count = $this->recordCount; - while ($rec_count > 0) { - fseek($this->fd, $in_offset, SEEK_SET); - $record = fread($this->fd, $this->recordLength); - $deleted = substr($record, 0, 1); - if ($deleted != '*') { - fseek($this->fd, $out_offset, SEEK_SET); - fwrite($this->fd, $record); - $out_offset += $this->recordLength; - $new_count++; - } - $in_offset += $this->recordLength; - $rec_count--; - } - ftruncate($this->fd, $out_offset); - // Update the record count - fseek($this->fd, 4); - self::putInt32($this->fd, $new_count); - } - - /* - * A few utilitiy functions - */ - - /** - * @param string $field field - * @return int - */ - private static function length($field) - { - switch ($field[1]) { - case 'D': // Date: Numbers and a character to separate month, day, and year (stored internally as 8 digits in YYYYMMDD format) - return 8; - case 'T': // DateTime (YYYYMMDDhhmmss.uuu) (FoxPro) - return 18; - case 'M': // Memo (ignored): All ASCII characters (stored internally as 10 digits representing a .dbt block number, right justified, padded with whitespaces) - case 'N': // Number: -.0123456789 (right justified, padded with whitespaces) - case 'F': // Float: -.0123456789 (right justified, padded with whitespaces) - case 'C': // String: All ASCII characters (padded with whitespaces up to the field's length) - return $field[2]; - case 'L': // Boolean: YyNnTtFf? (? when not initialized) - return 1; - } - return 0; - } - - /* - * Functions for reading and writing bytes - */ - - /** - * getChar8 - * @param mixed $fd file descriptor - * @return int - */ - private static function getChar8($fd) - { - return ord(fread($fd, 1)); - } - - /** - * putChar8 - * @param mixed $fd file descriptor - * @param mixed $value value - * @return bool - */ - private static function putChar8($fd, $value) - { - return fwrite($fd, chr($value)); - } - - /** - * getInt16 - * @param mixed $fd file descriptor - * @param int $n n - * @return bool - */ - private static function getInt16($fd, $n = 1) - { - $data = fread($fd, 2 * $n); - $i = unpack("S$n", $data); - if ($n == 1) { - return (int) $i[1]; - } else { - return array_merge($i); - } - } - - /** - * putInt16 - * @param mixed $fd file descriptor - * @param mixed $value value - * @return bool - */ - private static function putInt16($fd, $value) - { - return fwrite($fd, pack('S', $value)); - } - - /** - * getInt32 - * @param mixed $fd file descriptor - * @param int $n n - * @return bool - */ - private static function getInt32($fd, $n = 1) - { - $data = fread($fd, 4 * $n); - $i = unpack("L$n", $data); - if ($n == 1) { - return (int) $i[1]; - } else { - return array_merge($i); - } - } - - /** - * putint32 - * @param mixed $fd file descriptor - * @param mixed $value value - * @return bool - */ - private static function putInt32($fd, $value) - { - return fwrite($fd, pack('L', $value)); - } - - /** - * putString - * @param mixed $fd file descriptor - * @param mixed $value value - * @param int $length length - * @return bool - */ - private static function putString($fd, $value, $length = 254) - { - $ret = fwrite($fd, pack('A' . $length, $value)); - } - - /** - * putRecord - * @param mixed $record record - * @return bool - */ - private function putRecord($record) - { - foreach ($this->fields as $i => &$field) { - $value = $record[$i]; - // Number types are right aligned with spaces - if ($field['type'] == 'N' || $field['type'] == 'F' && strlen($value) < $field['length']) { - $value = str_repeat(' ', $field['length'] - strlen($value)) . $value; - } - self::putString($this->fd, $value, $field['length']); - } - return true; - } -} - -if (!function_exists('dbase_open')) { - /** - * dbase_open - * @param string $filename filename - * @param int $mode mode - * @return DBase - */ - function dbase_open($filename, $mode) - { - return DBase::open($filename, $mode); - } - - /** - * dbase_create - * @param string $filename filename - * @param array $fields fields - * @param int $type type - * @return DBase - */ - function dbase_create($filename, $fields, $type = DBASE_TYPE_DBASE) - { - return DBase::create($filename, $fields, $type); - } - - /** - * dbase_close - * @param Resource $dbase_identifier dbase identifier - * @return bool - */ - function dbase_close($dbase_identifier) - { - return $dbase_identifier->close(); - } - - /** - * dbase_get_header_info - * @param Resource $dbase_identifier dbase identifier - * @return string - */ - function dbase_get_header_info($dbase_identifier) - { - return $dbase_identifier->get_header_info(); - } - - /** - * dbase_numfields - * @param Resource $dbase_identifier dbase identifier - * @return int - */ - function dbase_numfields($dbase_identifier) - { - $dbase_identifier->numfields(); - } - - /** - * dbase_numrecords - * @param Resource $dbase_identifier dbase identifier - * @return int - */ - function dbase_numrecords($dbase_identifier) - { - return $dbase_identifier->numrecords(); - } - - /** - * dbase_add_record - * @param Resource $dbase_identifier dbase identifier - * @param array $record record - * @return bool - */ - function dbase_add_record($dbase_identifier, $record) - { - return $dbase_identifier->add_record($record); - } - - /** - * dbase_delete_record - * @param Resource $dbase_identifier dbase identifier - * @param int $record_number record number - * @return bool - */ - function dbase_delete_record($dbase_identifier, $record_number) - { - return $dbase_identifier->delete_record($record_number); - } - - /** - * dbase_replace_record - * @param Resource $dbase_identifier dbase identifier - * @param array $record record - * @param int $record_number record number - * @return bool - */ - function dbase_replace_record($dbase_identifier, $record, $record_number) - { - return $dbase_identifier->replace_record($record, $record_number); - } - - /** - * dbase_get_record - * @param Resource $dbase_identifier dbase identifier - * @param int $record_number record number - * @return bool - */ - function dbase_get_record($dbase_identifier, $record_number) - { - return $dbase_identifier->get_record($record_number); - } - - /** - * dbase_get_record_with_names - * @param Resource $dbase_identifier dbase identifier - * @param int $record_number record number - * @return bool - */ - function dbase_get_record_with_names($dbase_identifier, $record_number) - { - return $dbase_identifier->get_record_with_names($record_number); - } - - /** - * dbase_pack - * @param Resource $dbase_identifier dbase identifier - * @return bool - */ - function dbase_pack($dbase_identifier) - { - return $dbase_identifier->pack(); - } -} diff --git a/htdocs/accountancy/admin/card.php b/htdocs/accountancy/admin/card.php index 4c99acf4205..46d8dc0dc80 100644 --- a/htdocs/accountancy/admin/card.php +++ b/htdocs/accountancy/admin/card.php @@ -361,11 +361,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { diff --git a/htdocs/accountancy/admin/fiscalyear_card.php b/htdocs/accountancy/admin/fiscalyear_card.php index 16463ec027b..2aa33f21645 100644 --- a/htdocs/accountancy/admin/fiscalyear_card.php +++ b/htdocs/accountancy/admin/fiscalyear_card.php @@ -242,11 +242,7 @@ if ($action == 'create') { print ''; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index 0c9b4113c2a..2c715aa9fd6 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -297,7 +297,7 @@ class BookKeeping extends CommonObject $sql .= " AND fk_doc = ".((int) $this->fk_doc); if (!empty($conf->global->ACCOUNTANCY_ENABLE_FKDOCDET)) { // DO NOT USE THIS IN PRODUCTION. This will generate a lot of trouble into reports and will corrupt database (by generating duplicate entries. - $sql .= " AND fk_docdet = ".$this->fk_docdet; // This field can be 0 if record is for several lines + $sql .= " AND fk_docdet = ".((int) $this->fk_docdet); // This field can be 0 if record is for several lines } $sql .= " AND numero_compte = '".$this->db->escape($this->numero_compte)."'"; $sql .= " AND label_operation = '".$this->db->escape($this->label_operation)."'"; diff --git a/htdocs/accountancy/journal/expensereportsjournal.php b/htdocs/accountancy/journal/expensereportsjournal.php index c1a62847b32..9633157b5b7 100644 --- a/htdocs/accountancy/journal/expensereportsjournal.php +++ b/htdocs/accountancy/journal/expensereportsjournal.php @@ -3,7 +3,7 @@ * Copyright (C) 2007-2010 Jean Heimburger * Copyright (C) 2011 Juanjo Menent * Copyright (C) 2012 Regis Houssin - * Copyright (C) 2013-2018 Alexandre Spangaro + * Copyright (C) 2013-2021 Alexandre Spangaro * Copyright (C) 2013-2016 Olivier Geffroy * Copyright (C) 2013-2016 Florian Henry * Copyright (C) 2018 Frédéric France @@ -627,7 +627,7 @@ if (empty($action) || $action == 'view') { print "".$expensereportstatic->getNomUrl(1).""; // Account print ""; - $accountoshow = length_accounta($conf->global->SALARIES_ACCOUNTING_ACCOUNT_PAYMENT); + $accountoshow = length_accountg($conf->global->SALARIES_ACCOUNTING_ACCOUNT_PAYMENT); if (($accountoshow == "") || $accountoshow == 'NotDefined') { print ''.$langs->trans("MainAccountForUsersNotDefined").''; } else { diff --git a/htdocs/accountancy/journal/purchasesjournal.php b/htdocs/accountancy/journal/purchasesjournal.php index 71358770775..9a65844871d 100644 --- a/htdocs/accountancy/journal/purchasesjournal.php +++ b/htdocs/accountancy/journal/purchasesjournal.php @@ -3,7 +3,7 @@ * Copyright (C) 2007-2010 Jean Heimburger * Copyright (C) 2011 Juanjo Menent * Copyright (C) 2012 Regis Houssin - * Copyright (C) 2013-2017 Alexandre Spangaro + * Copyright (C) 2013-2021 Alexandre Spangaro * Copyright (C) 2013-2016 Olivier Geffroy * Copyright (C) 2013-2016 Florian Henry * Copyright (C) 2018 Frédéric France @@ -648,7 +648,7 @@ if ($action == 'exportcsv') { // ISO and not UTF8 ! print '"'.$val["refsologest"].'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 32)).'"'.$sep; print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; - print '"'.$conf->global->ACCOUNTING_ACCOUNT_SUPPLIER.'"'.$sep; + print '"'.length_accountg($conf->global->ACCOUNTING_ACCOUNT_SUPPLIER).'"'.$sep; print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; print '"'.$langs->trans("Thirdparty").'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 16)).' - '.$val["refsuppliersologest"].' - '.$langs->trans("Thirdparty").'"'.$sep; @@ -717,9 +717,9 @@ if ($action == 'exportcsv') { // ISO and not UTF8 ! print '"'.$date.'"'.$sep; print '"'.$val["refsologest"].'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 32)).'"'.$sep; - print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; - print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; - print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; + print '"'.length_accountg(html_entity_decode($k)).'"'.$sep; + print '"'.length_accountg(html_entity_decode($k)).'"'.$sep; + print '"'.length_accountg(html_entity_decode($k)).'"'.$sep; print '"'.$langs->trans("Thirdparty").'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 16)).' - '.$val["refsuppliersologest"].' - '.$langs->trans("VAT").' NPR"'.$sep; print '"'.($mt < 0 ? price(-$mt) : '').'"'.$sep; @@ -894,7 +894,7 @@ if (empty($action) || $action == 'view') { print "".$invoicestatic->getNomUrl(1).""; // Account print ""; - $accountoshow = length_accounta($conf->global->ACCOUNTING_ACCOUNT_SUPPLIER); + $accountoshow = length_accountg($conf->global->ACCOUNTING_ACCOUNT_SUPPLIER); if (($accountoshow == "") || $accountoshow == 'NotDefined') { print ''.$langs->trans("MainAccountForSuppliersNotDefined").''; } else { diff --git a/htdocs/accountancy/journal/sellsjournal.php b/htdocs/accountancy/journal/sellsjournal.php index 93be8e8b1b9..bd476173427 100644 --- a/htdocs/accountancy/journal/sellsjournal.php +++ b/htdocs/accountancy/journal/sellsjournal.php @@ -609,7 +609,7 @@ if ($action == 'exportcsv') { // ISO and not UTF8 ! print '"'.$val["ref"].'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 32)).'"'.$sep; print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; - print '"'.$conf->global->ACCOUNTING_ACCOUNT_CUSTOMER.'"'.$sep; + print '"'.length_accountg($conf->global->ACCOUNTING_ACCOUNT_CUSTOMER).'"'.$sep; print '"'.length_accounta(html_entity_decode($k)).'"'.$sep; print '"'.$langs->trans("Thirdparty").'"'.$sep; print '"'.utf8_decode(dol_trunc($companystatic->name, 16)).' - '.$invoicestatic->ref.' - '.$langs->trans("Thirdparty").'"'.$sep; @@ -834,7 +834,7 @@ if (empty($action) || $action == 'view') { print "".$invoicestatic->getNomUrl(1).""; // Account print ""; - $accountoshow = length_accounta($conf->global->ACCOUNTING_ACCOUNT_CUSTOMER); + $accountoshow = length_accountg($conf->global->ACCOUNTING_ACCOUNT_CUSTOMER); if (($accountoshow == "") || $accountoshow == 'NotDefined') { print ''.$langs->trans("MainAccountForCustomersNotDefined").''; } else { diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 42e0b84228f..39ed19e1a12 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -1121,15 +1121,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - if (!empty($backtopage)) { - print ''; - } else { - print ''; - } - print '
'; + print $form->buttonsSaveCancel("AddMember"); print "\n"; } @@ -1396,11 +1388,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print ''; print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; } @@ -1821,8 +1809,16 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { $company = new Societe($db); $result = $company->fetch($object->socid); print $company->getNomUrl(1); + + // Show link to invoices + $tmparray = $company->getOutstandingBills('customer'); + if (!empty($tmparray['refs'])) { + print ' - '.img_picto($langs->trans("Invoices"), 'bill', 'class="paddingright"').''.$langs->trans("Invoices").': '.count($tmparray['refs']); + // TODO Add alert if warning on at least one invoice late + print ''; + } } else { - print $langs->trans("NoThirdPartyAssociatedToMember"); + print ''.$langs->trans("NoThirdPartyAssociatedToMember").''; } } print ''; @@ -1846,7 +1842,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { } print ''; - //VCard + // VCard print ''; print $langs->trans("VCard").''; print ''; diff --git a/htdocs/adherents/class/adherentstats.class.php b/htdocs/adherents/class/adherentstats.class.php index 489ed20d6c2..e777108c491 100644 --- a/htdocs/adherents/class/adherentstats.class.php +++ b/htdocs/adherents/class/adherentstats.class.php @@ -70,7 +70,7 @@ class AdherentStats extends Stats $this->where .= " m.statut != -1"; $this->where .= " AND p.fk_adherent = m.rowid AND m.entity IN (".getEntity('adherent').")"; - //if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .((int) $user->id); if ($this->memberid) { $this->where .= " AND m.rowid = ".((int) $this->memberid); } diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index 7f8da3a33b3..3a967677e17 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -209,7 +209,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && ! // Subscription informations $datesubscription = 0; $datesubend = 0; - $paymentdate = 0; + $paymentdate = ''; // Do not use 0 here, default value is '' that means not filled where 0 means 1970-01-01 if (GETPOST("reyear", "int") && GETPOST("remonth", "int") && GETPOST("reday", "int")) { $datesubscription = dol_mktime(0, 0, 0, GETPOST("remonth", "int"), GETPOST("reday", "int"), GETPOST("reyear", "int")); } @@ -260,7 +260,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && ! } // Check if a payment is mandatory or not - if (!$error && $adht->subscription) { // Member type need subscriptions + if ($adht->subscription) { // Member type need subscriptions if (!is_numeric($amount)) { // If field is '' or not a numeric value $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("Amount")); @@ -268,28 +268,35 @@ if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && ! $error++; $action = 'addsubscription'; } else { + // If an amount has been provided, we check also fields that becomes mandatory when amount is not null. if (!empty($conf->banque->enabled) && GETPOST("paymentsave") != 'none') { if (GETPOST("subscription")) { if (!GETPOST("label")) { $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("Label")); + setEventMessages($errmsg, null, 'errors'); + $error++; + $action = 'addsubscription'; } if (GETPOST("paymentsave") != 'invoiceonly' && !GETPOST("operation")) { $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")); + setEventMessages($errmsg, null, 'errors'); + $error++; + $action = 'addsubscription'; } if (GETPOST("paymentsave") != 'invoiceonly' && !(GETPOST("accountid", 'int') > 0)) { $errmsg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("FinancialAccount")); + setEventMessages($errmsg, null, 'errors'); + $error++; + $action = 'addsubscription'; } } else { - if (GETPOST("accountid")) { + if (GETPOST("accountid", 'int')) { $errmsg = $langs->trans("ErrorDoNotProvideAccountsIfNullAmount"); + setEventMessages($errmsg, null, 'errors'); + $error++; + $action = 'addsubscription'; } } - if ($errmsg) { - $error++; - setEventMessages($errmsg, null, 'errors'); - $error++; - $action = 'addsubscription'; - } } } } @@ -601,8 +608,16 @@ if ($rowid > 0) { $company = new Societe($db); $result = $company->fetch($object->fk_soc); print $company->getNomUrl(1); + + // Show link to invoices + $tmparray = $company->getOutstandingBills('customer'); + if (!empty($tmparray['refs'])) { + print ' - '.img_picto($langs->trans("Invoices"), 'bill', 'class="paddingright"').''.$langs->trans("Invoices").': '.count($tmparray['refs']); + // TODO Add alert if warning on at least one invoice late + print ''; + } } else { - print $langs->trans("NoThirdPartyAssociatedToMember"); + print ''.$langs->trans("NoThirdPartyAssociatedToMember").''; } } print ''; @@ -628,7 +643,7 @@ if ($rowid > 0) { if ($object->user_id) { $form->form_users($_SERVER['PHP_SELF'].'?rowid='.$object->id, $object->user_id, 'none'); } else { - print $langs->trans("NoDolibarrAccess"); + print ''.$langs->trans("NoDolibarrAccess").''; } } print ''; @@ -970,17 +985,18 @@ if ($rowid > 0) { print ''.$langs->trans('MoreActions'); print ''; print ''; - print ' '.$langs->trans("None").'
'; + print ''; + print '
'; // Add entry into bank accoun if (!empty($conf->banque->enabled)) { print ' '.$langs->trans("MoreActionBankDirect").'
'; + print '>
'; } // Add invoice with no payments if (!empty($conf->societe->enabled) && !empty($conf->facture->enabled)) { print 'fk_soc)) print ' disabled'; - print '> '.$langs->trans("MoreActionInvoiceOnly"); + print '>
'; } // Add invoice with payments if (!empty($conf->banque->enabled) && !empty($conf->societe->enabled) && !empty($conf->facture->enabled)) { print 'fk_soc)) print ' disabled'; - print '> '.$langs->trans("MoreActionBankViaInvoice"); + print '>
'; } print ''; diff --git a/htdocs/adherents/subscription/card.php b/htdocs/adherents/subscription/card.php index 575d6d2301b..3f4a3872980 100644 --- a/htdocs/adherents/subscription/card.php +++ b/htdocs/adherents/subscription/card.php @@ -245,11 +245,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '       '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; print "\n"; diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index f640407c570..7ff9c3806a5 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -399,9 +399,8 @@ if ($action == 'create') { print dol_get_fiche_end(); print '
'; - print ''; - print '     '; - print ''; + print ''; + print ''; print '
'; print "\n"; @@ -830,11 +829,7 @@ if ($rowid > 0) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ""; } diff --git a/htdocs/adherents/type_translation.php b/htdocs/adherents/type_translation.php index 6c8f273ae77..63ff01584b0 100644 --- a/htdocs/adherents/type_translation.php +++ b/htdocs/adherents/type_translation.php @@ -228,13 +228,7 @@ if ($action == 'edit') { } } - print '
'; - - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } elseif ($action != 'create') { @@ -297,11 +291,7 @@ if ($action == 'create' && $user->rights->adherent->configurer) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; diff --git a/htdocs/admin/accountant.php b/htdocs/admin/accountant.php index 24df7e0cb68..c7bd40efa37 100644 --- a/htdocs/admin/accountant.php +++ b/htdocs/admin/accountant.php @@ -177,12 +177,7 @@ print ''; print ''; -print '
'; -print ''; -//print '     '; -//print ''; -print '
'; -//print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/agenda.php b/htdocs/admin/agenda.php index a3d725bee93..730983ad090 100644 --- a/htdocs/admin/agenda.php +++ b/htdocs/admin/agenda.php @@ -209,9 +209,7 @@ print ''; print dol_get_fiche_end(); -print '
'; -print ''; -print "
"; +print $form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/admin/agenda_other.php b/htdocs/admin/agenda_other.php index 54d5158b4ed..463df5475f9 100644 --- a/htdocs/admin/agenda_other.php +++ b/htdocs/admin/agenda_other.php @@ -392,7 +392,7 @@ print ''; print dol_get_fiche_end(); -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/agenda_xcal.php b/htdocs/admin/agenda_xcal.php index 59dd1bf1ac2..f854649962c 100644 --- a/htdocs/admin/agenda_xcal.php +++ b/htdocs/admin/agenda_xcal.php @@ -139,9 +139,7 @@ print ''; print dol_get_fiche_end(); -print '
'; -print ''; -print "
"; +print $form->buttonsSaveCancel("Save", ''); print "\n"; @@ -165,24 +163,27 @@ $urlvcal = ''.$langs->trans("WebCalUrlForVCalExport", 'vcal', '').''); $message .= '
'; -$message .= ''; +$message .= ''; $message .= '
'; +$message .= ajax_autoselect('onlinepaymenturl1'); $message .= '
'; $urlical = ''; $urlical .= $urlwithroot.'/public/agenda/agendaexport.php?format=ical&type=event'.$getentity.'&exportkey='.($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY ?urlencode($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) : 'KEYNOTDEFINED').''; $message .= img_picto('', 'globe').' '.str_replace('{url}', $urlical, ''.$langs->trans("WebCalUrlForVCalExport", 'ical/ics', '').''); $message .= '
'; -$message .= ''; +$message .= ''; $message .= '
'; +$message .= ajax_autoselect('onlinepaymenturl2'); $message .= '
'; $urlrss = ''; $urlrss .= $urlwithroot.'/public/agenda/agendaexport.php?format=rss'.$getentity.'&exportkey='.($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY ?urlencode($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) : 'KEYNOTDEFINED').''; $message .= img_picto('', 'globe').' '.str_replace('{url}', $urlrss, ''.$langs->trans("WebCalUrlForVCalExport", 'rss', '').''); $message .= '
'; -$message .= ''; +$message .= ''; $message .= '
'; +$message .= ajax_autoselect('onlinepaymenturl3'); $message .= '
'; print $message; diff --git a/htdocs/admin/bank.php b/htdocs/admin/bank.php index 79853c9cda9..fb937dc1dbe 100644 --- a/htdocs/admin/bank.php +++ b/htdocs/admin/bank.php @@ -499,9 +499,7 @@ print "\n"; print ''; print dol_get_fiche_end(); -print '
'; -print ''; -print '
'; +$form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/admin/barcode.php b/htdocs/admin/barcode.php index e6211f0b56f..b0eb36d81ac 100644 --- a/htdocs/admin/barcode.php +++ b/htdocs/admin/barcode.php @@ -272,8 +272,7 @@ if ($resql) { print "\n"; if (empty($conf->use_javascript_ajax)) { - print '
'; - print ''; + print $form->buttonsSaveCancel("Save", ''); } print "
"; diff --git a/htdocs/admin/boxes.php b/htdocs/admin/boxes.php index 56971457f76..c4e697bfe00 100644 --- a/htdocs/admin/boxes.php +++ b/htdocs/admin/boxes.php @@ -473,9 +473,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL == 2 || !empty($conf->global->MAIN_ACTIVA print ''; print ''; -print '
'; -print '
'; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; print "\n".''."\n"; diff --git a/htdocs/admin/company.php b/htdocs/admin/company.php index 0ca1ae7d98e..7420aa17ce9 100644 --- a/htdocs/admin/company.php +++ b/htdocs/admin/company.php @@ -824,10 +824,7 @@ if ($mysoc->useRevenueStamp()) { print ""; - -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/company_socialnetworks.php b/htdocs/admin/company_socialnetworks.php index 2d4b2e6d128..57c75b352f8 100644 --- a/htdocs/admin/company_socialnetworks.php +++ b/htdocs/admin/company_socialnetworks.php @@ -135,9 +135,7 @@ print ''; print '
'; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/contract.php b/htdocs/admin/contract.php index c10a6ed04b4..ea8a80b17d6 100644 --- a/htdocs/admin/contract.php +++ b/htdocs/admin/contract.php @@ -468,9 +468,7 @@ print ''; print ''; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/delais.php b/htdocs/admin/delais.php index 4b1e34335e8..2c6f9dc17c9 100644 --- a/htdocs/admin/delais.php +++ b/htdocs/admin/delais.php @@ -448,8 +448,8 @@ if (empty($conf->global->MAIN_DISABLE_METEO) || $conf->global->MAIN_DISABLE_METE if ($action == 'edit') { - print '
'; - print '
'; + print $form->buttonsSaveCancel("Save", ''); + print ''; } else { print '
'; print ''.$langs->trans("Modify").'
'; diff --git a/htdocs/admin/dolistore/class/dolistore.class.php b/htdocs/admin/dolistore/class/dolistore.class.php index 9e5a1e8bce1..bfcb751f9a9 100644 --- a/htdocs/admin/dolistore/class/dolistore.class.php +++ b/htdocs/admin/dolistore/class/dolistore.class.php @@ -84,7 +84,7 @@ class Dolistore try { $this->api = new PrestaShopWebservice($conf->global->MAIN_MODULE_DOLISTORE_API_SRV, $conf->global->MAIN_MODULE_DOLISTORE_API_KEY, $this->debug_api); - dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".$conf->global->MAIN_MODULE_DOLISTORE_API_SRV); + dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".getDolGlobalString('MAIN_MODULE_DOLISTORE_API_SRV')); // $conf->global->MAIN_MODULE_DOLISTORE_API_KEY is for the login of basic auth. There is no password as it is public data. // Here we set the option array for the Webservice : we want categories resources @@ -134,7 +134,7 @@ class Dolistore try { $this->api = new PrestaShopWebservice($conf->global->MAIN_MODULE_DOLISTORE_API_SRV, $conf->global->MAIN_MODULE_DOLISTORE_API_KEY, $this->debug_api); - dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".$conf->global->MAIN_MODULE_DOLISTORE_API_SRV); + dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".getDolGlobalString('MAIN_MODULE_DOLISTORE_API_SRV')); // $conf->global->MAIN_MODULE_DOLISTORE_API_KEY is for the login of basic auth. There is no password as it is public data. // Here we set the option array for the Webservice : we want products resources diff --git a/htdocs/admin/emailcollector_card.php b/htdocs/admin/emailcollector_card.php index fdc0b893087..fe1a61c686c 100644 --- a/htdocs/admin/emailcollector_card.php +++ b/htdocs/admin/emailcollector_card.php @@ -276,11 +276,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; } @@ -309,9 +305,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/admin/eventorganization.php b/htdocs/admin/eventorganization.php index d01aece1ca0..c37c5ccd41f 100644 --- a/htdocs/admin/eventorganization.php +++ b/htdocs/admin/eventorganization.php @@ -298,11 +298,7 @@ if ($action == 'edit') { } print ''; - print '
'; - print ''; - print '   '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; print '
'; diff --git a/htdocs/admin/expensereport.php b/htdocs/admin/expensereport.php index 7ff30242336..0b6beb2abc6 100644 --- a/htdocs/admin/expensereport.php +++ b/htdocs/admin/expensereport.php @@ -460,9 +460,7 @@ print ''."\n"; print ''; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/fckeditor.php b/htdocs/admin/fckeditor.php index 3388b649a67..9d3fd768647 100644 --- a/htdocs/admin/fckeditor.php +++ b/htdocs/admin/fckeditor.php @@ -215,7 +215,7 @@ if (empty($conf->use_javascript_ajax)) { print $conf->global->FCKEDITOR_TEST; print ''; } - print '
'."\n"; + print $form->buttonsSaveCancel("Save", ''); print '
'; print ''."\n"; diff --git a/htdocs/admin/holiday.php b/htdocs/admin/holiday.php index c9214742d13..9dfb15477cc 100644 --- a/htdocs/admin/holiday.php +++ b/htdocs/admin/holiday.php @@ -556,10 +556,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL >= 2) { print ''; print ''; - -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/mails.php b/htdocs/admin/mails.php index e86c78763ee..de160a1c946 100644 --- a/htdocs/admin/mails.php +++ b/htdocs/admin/mails.php @@ -536,11 +536,7 @@ if ($action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { diff --git a/htdocs/admin/mails_emailing.php b/htdocs/admin/mails_emailing.php index 511f5dde698..436ffa3d003 100644 --- a/htdocs/admin/mails_emailing.php +++ b/htdocs/admin/mails_emailing.php @@ -405,11 +405,7 @@ if ($action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { diff --git a/htdocs/admin/mails_senderprofile_list.php b/htdocs/admin/mails_senderprofile_list.php index d8c827337ad..f91b9685c88 100644 --- a/htdocs/admin/mails_senderprofile_list.php +++ b/htdocs/admin/mails_senderprofile_list.php @@ -395,12 +395,8 @@ if ($action != 'create') { print $form->selectarray('active', $object->fields['active']['arrayofkeyval'], (GETPOSTISSET('active') ? GETPOST('active', 'int') : $object->active), 0, 0, 0, '', 1); print ''; print ''; - print '
'; - print '
'; - print ''; - print '   '; - print ''; - print '
'; + + print $form->buttonsSaveCancel(); } } else { /*print '
'; @@ -428,12 +424,8 @@ if ($action != 'create') { print $form->selectarray('active', $object->fields['active']['arrayofkeyval'], GETPOST('active', 'int'), 0); print ''; print ''; - print '
'; - print '
'; - print ''; - print '   '; - print ''; - print '
'; + + print $form->buttonsSaveCancel(); //print '
'; } diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php index db3c45a0776..1ea8564808e 100644 --- a/htdocs/admin/mails_templates.php +++ b/htdocs/admin/mails_templates.php @@ -564,8 +564,8 @@ $sql = "SELECT rowid as rowid, module, label, type_template, lang, fk_user, priv $sql .= " FROM ".MAIN_DB_PREFIX."c_email_templates"; $sql .= " WHERE entity IN (".getEntity('email_template').")"; if (!$user->admin) { - $sql .= " AND (private = 0 OR (private = 1 AND fk_user = ".$user->id."))"; // Show only public and private to me - $sql .= " AND (active = 1 OR fk_user = ".$user->id.")"; // Show only active or owned by me + $sql .= " AND (private = 0 OR (private = 1 AND fk_user = ".((int) $user->id)."))"; // Show only public and private to me + $sql .= " AND (active = 1 OR fk_user = ".((int) $user->id).")"; // Show only active or owned by me } if (empty($conf->global->MAIN_MULTILANGS)) { $sql .= " AND (lang = '".$db->escape($langs->defaultlang)."' OR lang IS NULL OR lang = '')"; diff --git a/htdocs/admin/mails_ticket.php b/htdocs/admin/mails_ticket.php index 939273c1da2..667f58807dc 100644 --- a/htdocs/admin/mails_ticket.php +++ b/htdocs/admin/mails_ticket.php @@ -380,11 +380,7 @@ if ($action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php index 2e84efbfb06..aaadde965a2 100644 --- a/htdocs/admin/menus/edit.php +++ b/htdocs/admin/menus/edit.php @@ -391,11 +391,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } elseif ($action == 'edit') { @@ -516,12 +512,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - // Bouton - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; diff --git a/htdocs/admin/notification.php b/htdocs/admin/notification.php index 4c1df0fa938..8137c34e1e6 100644 --- a/htdocs/admin/notification.php +++ b/htdocs/admin/notification.php @@ -201,7 +201,7 @@ print ''; print ''; print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; @@ -280,7 +280,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL >= 2) { } print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); } else { print ''; print ''; @@ -463,7 +463,7 @@ print '
'; print '
'; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/openinghours.php b/htdocs/admin/openinghours.php index 2e262a1bb7e..e6bc6ee8f1d 100644 --- a/htdocs/admin/openinghours.php +++ b/htdocs/admin/openinghours.php @@ -131,10 +131,7 @@ if (empty($action) || $action == 'edit' || $action == 'updateedit') { print ''; - print '
'; - print ''; - print '
'; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; } diff --git a/htdocs/admin/payment.php b/htdocs/admin/payment.php index 9b380b676b4..b4b06d62e5e 100644 --- a/htdocs/admin/payment.php +++ b/htdocs/admin/payment.php @@ -273,11 +273,7 @@ print ''; print dol_get_fiche_end(); -print '
'; -print '
'; -print ''; -print '
'; -print '
'; +print $form->buttonsSaveCancel("Modify", ''); print ''; diff --git a/htdocs/admin/paymentbybanktransfer.php b/htdocs/admin/paymentbybanktransfer.php index 43ad8c15929..e130f0479c4 100644 --- a/htdocs/admin/paymentbybanktransfer.php +++ b/htdocs/admin/paymentbybanktransfer.php @@ -200,9 +200,8 @@ if (!$conf->global->PAYMENTBYBANKTRANSFER_ADDDAYS) { print ''; print ''; print ''; -print '
'; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/pdf.php b/htdocs/admin/pdf.php index 5240dea532c..daf57588446 100644 --- a/htdocs/admin/pdf.php +++ b/htdocs/admin/pdf.php @@ -467,9 +467,7 @@ print ''; print ''; print ''; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/prelevement.php b/htdocs/admin/prelevement.php index 01e3b6d4913..739709410ce 100644 --- a/htdocs/admin/prelevement.php +++ b/htdocs/admin/prelevement.php @@ -214,9 +214,8 @@ print ''; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/receiptprinter.php b/htdocs/admin/receiptprinter.php index 883a6ff6f03..988023175db 100644 --- a/htdocs/admin/receiptprinter.php +++ b/htdocs/admin/receiptprinter.php @@ -341,7 +341,7 @@ if ($mode == 'config' && $user->admin) { print ''.$printer->profileresprint.''; print ''; print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; print ''; } else { @@ -432,7 +432,7 @@ if ($mode == 'template' && $user->admin) { print ''; print ''; print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; } else { print ''.$printer->listprinterstemplates[$line]['name'].''; diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index f2df395060b..8a6d6bbb4ed 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -91,7 +91,13 @@ print '
'; print "PHP session.use_strict_mode = ".(ini_get('session.use_strict_mode') ? ini_get('session.use_strict_mode') : yn(0)).'   ('.$langs->trans("RecommendedValueIs", '1').")
\n"; print "PHP session.use_only_cookies = ".(ini_get('session.use_only_cookies') ? ini_get('session.use_only_cookies') : yn(0)).'   ('.$langs->trans("RecommendedValueIs", '1').")
\n"; print "PHP session.cookie_httponly = ".(ini_get('session.cookie_httponly') ? ini_get('session.cookie_httponly') : '').'   ('.$langs->trans("RecommendedValueIs", '1').")
\n"; -print "PHP session.cookie_samesite = ".(ini_get('session.cookie_samesite') ? ini_get('session.cookie_samesite') : 'None').'   ('.$langs->trans("RecommendedValueIs", 'Strict').")
\n"; +print "PHP session.cookie_samesite = ".(ini_get('session.cookie_samesite') ? ini_get('session.cookie_samesite') : 'None'); +if (!ini_get('session.cookie_samesite') || ini_get('session.cookie_samesite') == 'Lax') { + print '   ('.$langs->trans("RecommendedValueIs", 'Lax').")"; +} elseif (ini_get('session.cookie_samesite') == 'Strict') { + print '   '.img_warning().' '.$langs->trans("WarningPaypalPaymentNotCompatibleWithStrict").""; +} +print "
\n"; print "PHP open_basedir = ".(ini_get('open_basedir') ? ini_get('open_basedir') : yn(0).'   ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("ARestrictedPath").', '.$langs->transnoentitiesnoconv("Example").' '.$_SERVER["DOCUMENT_ROOT"]).')')."
\n"; print "PHP allow_url_fopen = ".(ini_get('allow_url_fopen') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_fopen') : yn(0)).'   ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).")
\n"; print "PHP allow_url_include = ".(ini_get('allow_url_include') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_include') : yn(0)).'   ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).")
\n"; diff --git a/htdocs/admin/ticket.php b/htdocs/admin/ticket.php index 320857de887..bfd2ae4b09b 100644 --- a/htdocs/admin/ticket.php +++ b/htdocs/admin/ticket.php @@ -580,9 +580,7 @@ print ''; print ''; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/admin/ticket_public.php b/htdocs/admin/ticket_public.php index 98ce554c363..22e4a4a1b42 100644 --- a/htdocs/admin/ticket_public.php +++ b/htdocs/admin/ticket_public.php @@ -390,7 +390,7 @@ if (!empty($conf->global->TICKET_ENABLE_PUBLIC_INTERFACE)) { print ''; print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; } diff --git a/htdocs/asset/admin/setup.php b/htdocs/asset/admin/setup.php index c6cd45a0cc5..07da0541619 100644 --- a/htdocs/asset/admin/setup.php +++ b/htdocs/asset/admin/setup.php @@ -81,9 +81,7 @@ if ($action == 'edit') { print ''; - print '
'; - print ''; - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ''; print '
'; diff --git a/htdocs/asset/card.php b/htdocs/asset/card.php index 3d722bca400..4a2e98fc666 100644 --- a/htdocs/asset/card.php +++ b/htdocs/asset/card.php @@ -169,11 +169,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -210,9 +206,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/asset/type.php b/htdocs/asset/type.php index 6103b963e21..6f743172617 100644 --- a/htdocs/asset/type.php +++ b/htdocs/asset/type.php @@ -396,11 +396,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + $form->buttonsSaveCancel("Add"); print "\n"; } @@ -600,9 +596,7 @@ if ($rowid > 0) { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ""; } diff --git a/htdocs/bom/bom_card.php b/htdocs/bom/bom_card.php index cd530994b9b..235336d4f73 100644 --- a/htdocs/bom/bom_card.php +++ b/htdocs/bom/bom_card.php @@ -267,11 +267,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; } @@ -302,9 +298,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; } diff --git a/htdocs/bookmarks/card.php b/htdocs/bookmarks/card.php index f7795a14f47..045e656de50 100644 --- a/htdocs/bookmarks/card.php +++ b/htdocs/bookmarks/card.php @@ -301,7 +301,8 @@ if ($id > 0 && !preg_match('/^add/i', $action)) { print dol_get_fiche_end(); if ($action == 'edit') { - print '
   
'; + print $form->buttonsSaveCancel(); + print ''; } diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index bb70b520fa1..5a506558187 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -547,7 +547,7 @@ class Categorie extends CommonObject $sql .= ", visible = ".(int) $this->visible; $sql .= ", fk_parent = ".(int) $this->fk_parent; $sql .= ", fk_user_modif = ".(int) $user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); if ($this->db->query($sql)) { @@ -693,7 +693,7 @@ class Categorie extends CommonObject if ($this->db->query($sql)) { if (!empty($conf->global->CATEGORIE_RECURSIV_ADD)) { $sql = 'SELECT fk_parent FROM '.MAIN_DB_PREFIX.'categorie'; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::add_type", LOG_DEBUG); $resql = $this->db->query($sql); @@ -781,7 +781,7 @@ class Categorie extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]); - $sql .= " WHERE fk_categorie = ".$this->id; + $sql .= " WHERE fk_categorie = ".((int) $this->id); $sql .= " AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $obj->id); dol_syslog(get_class($this).'::del_type', LOG_DEBUG); @@ -833,11 +833,11 @@ class Categorie extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type])." as c"; $sql .= ", ".MAIN_DB_PREFIX.(empty($this->MAP_OBJ_TABLE[$type]) ? $type : $this->MAP_OBJ_TABLE[$type])." as o"; $sql .= " WHERE o.entity IN (".getEntity($obj->element).")"; - $sql .= " AND c.fk_categorie = ".$this->id; + $sql .= " AND c.fk_categorie = ".((int) $this->id); $sql .= " AND c.fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = o.rowid"; // Protection for external users if (($type == 'customer' || $type == 'supplier') && $user->socid > 0) { - $sql .= " AND o.rowid = ".$user->socid; + $sql .= " AND o.rowid = ".((int) $user->socid); } if ($limit > 0 || $offset > 0) { $sql .= $this->db->plimit($limit + 1, $offset); @@ -877,7 +877,7 @@ class Categorie extends CommonObject public function containsObject($type, $object_id) { $sql = "SELECT COUNT(*) as nb FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]); - $sql .= " WHERE fk_categorie = ".$this->id." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id); + $sql .= " WHERE fk_categorie = ".((int) $this->id)." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id); dol_syslog(get_class($this)."::containsObject", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -1508,7 +1508,7 @@ class Categorie extends CommonObject $sql .= " WHERE ct.fk_categorie = c.rowid AND ct.fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".(int) $id; // This seems useless because the table already contains id of category of 1 unique type. So commented. // So now it works also with external added categories. - //$sql .= " AND c.type = ".$this->MAP_ID[$type]; + //$sql .= " AND c.type = ".((int) $this->MAP_ID[$type]); $sql .= " AND c.entity IN (".getEntity('category').")"; $res = $this->db->query($sql); @@ -1803,7 +1803,7 @@ class Categorie extends CommonObject foreach ($langs_available as $key => $value) { $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."categorie_lang"; - $sql .= " WHERE fk_category=".$this->id; + $sql .= " WHERE fk_category=".((int) $this->id); $sql .= " AND lang = '".$this->db->escape($key)."'"; $result = $this->db->query($sql); @@ -1813,10 +1813,10 @@ class Categorie extends CommonObject $sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang"; $sql2 .= " SET label='".$this->db->escape($this->label)."',"; $sql2 .= " description='".$this->db->escape($this->description)."'"; - $sql2 .= " WHERE fk_category=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " WHERE fk_category=".((int) $this->id)." AND lang='".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)"; - $sql2 .= " VALUES(".$this->id.",'".$key."','".$this->db->escape($this->label); + $sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->label); $sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')"; } dol_syslog(get_class($this).'::setMultiLangs', LOG_DEBUG); @@ -1829,10 +1829,10 @@ class Categorie extends CommonObject $sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang"; $sql2 .= " SET label='".$this->db->escape($this->multilangs["$key"]["label"])."',"; $sql2 .= " description='".$this->db->escape($this->multilangs["$key"]["description"])."'"; - $sql2 .= " WHERE fk_category=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " WHERE fk_category=".((int) $this->id)." AND lang='".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)"; - $sql2 .= " VALUES(".$this->id.",'".$key."','".$this->db->escape($this->multilangs["$key"]["label"]); + $sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->multilangs["$key"]["label"]); $sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')"; } @@ -1871,7 +1871,7 @@ class Categorie extends CommonObject $sql = "SELECT lang, label, description"; $sql .= " FROM ".MAIN_DB_PREFIX."categorie_lang"; - $sql .= " WHERE fk_category=".$this->id; + $sql .= " WHERE fk_category=".((int) $this->id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/categories/traduction.php b/htdocs/categories/traduction.php index cd5d7ad8214..80f64210bf5 100644 --- a/htdocs/categories/traduction.php +++ b/htdocs/categories/traduction.php @@ -274,11 +274,7 @@ if ($action == 'edit') { print '
'; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } elseif ($action != 'add') { @@ -334,11 +330,7 @@ if ($action == 'add' && ($user->rights->produit->creer || $user->rights->service print ''; print ''; - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index 97a573ce86f..a403a1cdf40 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -1317,15 +1317,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - if (empty($backtopage)) { - print ''; - } else { - print ''; - } - print '
'; + print $form->buttonsSaveCancel("Add"); print ""; } @@ -1804,11 +1796,7 @@ if ($id > 0) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } else { diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index bbf86d87c59..ce8f3f89d92 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -875,7 +875,7 @@ class ActionComm extends CommonObject $sql = 'SELECT fk_actioncomm, element_type, fk_element, answer_status, mandatory, transparency'; $sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm_resources'; - $sql .= ' WHERE fk_actioncomm = '.$this->id; + $sql .= ' WHERE fk_actioncomm = '.((int) $this->id); $sql .= " AND element_type IN ('user', 'socpeople')"; $resql = $this->db->query($sql); if ($resql) { @@ -919,7 +919,7 @@ class ActionComm extends CommonObject // phpcs:enable $sql = "SELECT fk_actioncomm, element_type, fk_element, answer_status, mandatory, transparency"; $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm_resources"; - $sql .= " WHERE element_type = 'user' AND fk_actioncomm = ".$this->id; + $sql .= " WHERE element_type = 'user' AND fk_actioncomm = ".((int) $this->id); $resql2 = $this->db->query($sql); if ($resql2) { @@ -996,7 +996,7 @@ class ActionComm extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_reminder"; - $sql .= " WHERE fk_actioncomm = ".$this->id; + $sql .= " WHERE fk_actioncomm = ".((int) $this->id); $res = $this->db->query($sql); if (!$res) { @@ -1159,7 +1159,7 @@ class ActionComm extends CommonObject // Now insert assignedusers if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".$this->id." AND element_type = 'user'"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".((int) $this->id)." AND element_type = 'user'"; $resql = $this->db->query($sql); $already_inserted = array(); @@ -1184,7 +1184,7 @@ class ActionComm extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".$this->id." AND element_type = 'socpeople'"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".((int) $this->id)." AND element_type = 'socpeople'"; $resql = $this->db->query($sql); if (!empty($this->socpeopleassigned)) { @@ -1320,7 +1320,7 @@ class ActionComm extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc"; } if (!$user->rights->agenda->allactions->read) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm AND ar.element_type ='user' AND ar.fk_element = ".$user->id; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm AND ar.element_type ='user' AND ar.fk_element = ".((int) $user->id); } $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid"; $sql .= " WHERE 1 = 1"; @@ -1329,14 +1329,14 @@ class ActionComm extends CommonObject } $sql .= " AND a.entity IN (".getEntity('agenda').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($user->socid) { - $sql .= " AND a.fk_soc = ".$user->socid; + $sql .= " AND a.fk_soc = ".((int) $user->socid); } if (!$user->rights->agenda->allactions->read) { - $sql .= " AND (a.fk_user_author = ".$user->id." OR a.fk_user_action = ".$user->id." OR a.fk_user_done = ".$user->id; - $sql .= " OR ar.fk_element = ".$user->id; // Added by PV + $sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id); + $sql .= " OR ar.fk_element = ".((int) $user->id); $sql .= ")"; } @@ -2226,7 +2226,7 @@ class ActionComm extends CommonObject //Select all action comm reminders for event $sql = "SELECT rowid as id, typeremind, dateremind, status, offsetvalue, offsetunit, fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm_reminder"; - $sql .= " WHERE fk_actioncomm = ".$this->id; + $sql .= " WHERE fk_actioncomm = ".((int) $this->id); if ($onlypast) { $sql .= " AND dateremind <= '".$this->db->idate(dol_now())."'"; } diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index cba52bf2384..c682131e442 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -692,7 +692,7 @@ if ($pid) { $sql .= " AND a.fk_project=".((int) $pid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($socid > 0) { $sql .= ' AND a.fk_soc = '.$socid; diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php index 9aebf9d3ed9..d467c10fd58 100644 --- a/htdocs/comm/action/list.php +++ b/htdocs/comm/action/list.php @@ -447,7 +447,7 @@ if ($pid) { $sql .= " AND a.fk_project=".((int) $pid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($socid > 0) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/comm/action/pertype.php b/htdocs/comm/action/pertype.php index b39d6c3141d..b1fecbf6475 100644 --- a/htdocs/comm/action/pertype.php +++ b/htdocs/comm/action/pertype.php @@ -558,7 +558,7 @@ if ($pid) { $sql .= " AND a.fk_project=".((int) $pid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($socid > 0) { $sql .= ' AND a.fk_soc = '.((int) $socid); diff --git a/htdocs/comm/action/peruser.php b/htdocs/comm/action/peruser.php index 10d9871c4c9..413de33db1f 100644 --- a/htdocs/comm/action/peruser.php +++ b/htdocs/comm/action/peruser.php @@ -579,7 +579,7 @@ if ($pid) { $sql .= " AND a.fk_project = ".((int) $pid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($socid > 0) { $sql .= ' AND a.fk_soc = '.((int) $socid); diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php index fefee1c07dd..015e06df36a 100644 --- a/htdocs/comm/card.php +++ b/htdocs/comm/card.php @@ -826,7 +826,7 @@ if ($object->id > 0) { $sql .= ", p.datep as dp, p.fin_validite as date_limit"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p, ".MAIN_DB_PREFIX."c_propalst as c"; $sql .= " WHERE p.fk_soc = s.rowid AND p.fk_statut = c.id"; - $sql .= " AND s.rowid = ".$object->id; + $sql .= " AND s.rowid = ".((int) $object->id); $sql .= " AND p.entity IN (".getEntity('propal').")"; $sql .= " ORDER BY p.datep DESC"; @@ -891,7 +891,7 @@ if ($object->id > 0) { $sql .= ", c.facture as billed"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c"; $sql .= " WHERE c.fk_soc = s.rowid "; - $sql .= " AND s.rowid = ".$object->id; + $sql .= " AND s.rowid = ".((int) $object->id); $sql .= " AND c.entity IN (".getEntity('commande').')'; $sql .= " ORDER BY c.date_commande DESC"; @@ -907,7 +907,7 @@ if ($object->id > 0) { $sql2 .= ' FROM '.MAIN_DB_PREFIX.'societe as s'; $sql2 .= ', '.MAIN_DB_PREFIX.'commande as c'; $sql2 .= ' WHERE c.fk_soc = s.rowid'; - $sql2 .= ' AND s.rowid = '.$object->id; + $sql2 .= ' AND s.rowid = '.((int) $object->id); // Show orders with status validated, shipping started and delivered (well any order we can bill) $sql2 .= " AND ((c.fk_statut IN (1,2)) OR (c.fk_statut = 3 AND c.facture = 0))"; @@ -967,7 +967,7 @@ if ($object->id > 0) { $sql .= ', s.nom'; $sql .= ', s.rowid as socid'; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."expedition as e"; - $sql .= " WHERE e.fk_soc = s.rowid AND s.rowid = ".$object->id; + $sql .= " WHERE e.fk_soc = s.rowid AND s.rowid = ".((int) $object->id); $sql .= " AND e.entity IN (".getEntity('expedition').")"; $sql .= ' GROUP BY e.rowid'; $sql .= ', e.ref'; @@ -1032,7 +1032,7 @@ if ($object->id > 0) { $sql = "SELECT s.nom, s.rowid, c.rowid as id, c.ref as ref, c.statut as contract_status, c.datec as dc, c.date_contrat as dcon, c.ref_customer as refcus, c.ref_supplier as refsup"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c"; $sql .= " WHERE c.fk_soc = s.rowid "; - $sql .= " AND s.rowid = ".$object->id; + $sql .= " AND s.rowid = ".((int) $object->id); $sql .= " AND c.entity IN (".getEntity('contract').")"; $sql .= " ORDER BY c.datec DESC"; @@ -1106,7 +1106,7 @@ if ($object->id > 0) { $sql = "SELECT s.nom, s.rowid, f.rowid as id, f.ref, f.fk_statut, f.duree as duration, f.datei as startdate"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."fichinter as f"; $sql .= " WHERE f.fk_soc = s.rowid"; - $sql .= " AND s.rowid = ".$object->id; + $sql .= " AND s.rowid = ".((int) $object->id); $sql .= " AND f.entity IN (".getEntity('intervention').")"; $sql .= " ORDER BY f.tms DESC"; @@ -1171,7 +1171,7 @@ if ($object->id > 0) { $sql .= ', f.suspended as suspended'; $sql .= ', s.nom, s.rowid as socid'; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture_rec as f"; - $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id; + $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id); $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= ' GROUP BY f.rowid, f.titre, f.total_ht, f.total_tva, f.total_ttc,'; $sql .= ' f.date_last_gen, f.datec, f.frequency, f.unit_frequency,'; @@ -1263,7 +1263,7 @@ if ($object->id > 0) { $sql .= ', SUM(pf.amount) as am'; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiement_facture as pf ON f.rowid=pf.fk_facture'; - $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id; + $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id); $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= ' GROUP BY f.rowid, f.ref, f.type, f.total_ht, f.total_tva, f.total_ttc,'; $sql .= ' f.datef, f.datec, f.paye, f.fk_statut,'; diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php index 1d74cba61cd..52f6e675c5f 100644 --- a/htdocs/comm/contact.php +++ b/htdocs/comm/contact.php @@ -90,7 +90,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc"; $sql .= " WHERE s.fk_stcomm = st.id"; $sql .= " AND p.entity IN (".getEntity('socpeople').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($type == "c") { $sql .= " AND s.client IN (1, 3)"; diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php index 48e08ce3c0d..2603b520c77 100644 --- a/htdocs/comm/index.php +++ b/htdocs/comm/index.php @@ -106,10 +106,16 @@ print load_fiche_titre($langs->trans("CommercialArea"), '', 'commercial'); print '
'; -print getCustomerProposalPieChart($socid); -print '
'; -print getCustomerOrderPieChart($socid); -print '
'; +$tmp = getCustomerProposalPieChart($socid); +if ($tmp) { + print $tmp; + print '
'; +} +$tmp = getCustomerOrderPieChart($socid); +if ($tmp) { + print $tmp; + print '
'; +} /* * Draft customer proposals @@ -130,7 +136,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = ".Propal::STATUS_DRAFT; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -227,7 +233,7 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa $sql .= " AND p.fk_statut = ".SupplierProposal::STATUS_DRAFT; $sql .= " AND p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -323,7 +329,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { $sql .= " AND c.fk_statut = ".Commande::STATUS_DRAFT; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -420,10 +426,10 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $sql .= " AND cf.fk_statut = ".CommandeFournisseur::STATUS_DRAFT; $sql .= " AND cf.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { - $sql .= " AND cf.fk_soc = ".$socid; + $sql .= " AND cf.fk_soc = ".((int) $socid); } $resql = $db->query($sql); @@ -561,7 +567,7 @@ if (!empty($conf->societe->enabled) && $user->rights->societe->lire) { $sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")"; $sql .= " AND s.client IN (".Societe::CUSTOMER.", ".Societe::PROSPECT.", ".Societe::CUSTOMER_AND_PROSPECT.")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = $socid"; @@ -657,7 +663,7 @@ if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_S $sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")"; $sql .= " AND s.fournisseur = ".Societe::SUPPLIER; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -763,7 +769,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) { // T $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.fk_product = p.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -838,7 +844,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -954,7 +960,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.fk_statut IN (".Commande::STATUS_VALIDATED.", ".Commande::STATUS_SHIPMENTONPROCESS.")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php index 3f2cfc2974c..08ab8b6c8d7 100644 --- a/htdocs/comm/mailing/cibles.php +++ b/htdocs/comm/mailing/cibles.php @@ -60,7 +60,7 @@ $search_lastname = GETPOST("search_lastname", 'alphanohtml'); $search_firstname = GETPOST("search_firstname", 'alphanohtml'); $search_email = GETPOST("search_email", 'alphanohtml'); $search_other = GETPOST("search_other", 'alphanohtml'); -$search_dest_status = GETPOST('search_dest_status', 'alphanohtml'); +$search_dest_status = GETPOST('search_dest_status', 'int'); // Search modules dirs $modulesdir = dolGetModulesDirs('/mailings'); @@ -473,7 +473,7 @@ if ($object->fetch($id) >= 0) { $asearchcriteriahasbeenset++; } if ($search_dest_status != '' && $search_dest_status >= -1) { - $sql .= " AND mc.statut=".$db->escape($search_dest_status)." "; + $sql .= " AND mc.statut = ".((int) $search_dest_status); $asearchcriteriahasbeenset++; } $sql .= $db->order($sortfield, $sortorder); @@ -539,6 +539,8 @@ if ($object->fetch($id) >= 0) { } $morehtmlcenter .= '   id.'">'.$langs->trans("Download").''; + $massactionbutton = ''; + print_barre_liste($langs->trans("MailSelectedRecipients"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $morehtmlcenter, $num, $nbtotalofrecords, 'generic', 0, '', '', $limit); print ''; diff --git a/htdocs/comm/multiprix.php b/htdocs/comm/multiprix.php index fb10c6435af..25ef23dd7de 100644 --- a/htdocs/comm/multiprix.php +++ b/htdocs/comm/multiprix.php @@ -121,7 +121,7 @@ if ($_socid > 0) { print dol_get_fiche_end(); - print '
'; + print $form->buttonsSaveCancel("Save", ''); print ""; diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index 163581221a8..3020f9af822 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -1860,11 +1860,8 @@ if ($action == 'create') { print dol_get_fiche_end(); $langs->load("bills"); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + + print $form->buttonsSaveCancel("CreateDraft"); print ""; diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 3bc30d7d729..6e3f60a7cf5 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -1879,8 +1879,8 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; $sql .= " SET ref = '".$this->db->escape($num)."',"; - $sql .= " fk_statut = ".self::STATUS_VALIDATED.", date_valid='".$this->db->idate($now)."', fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " fk_statut = ".self::STATUS_VALIDATED.", date_valid='".$this->db->idate($now)."', fk_user_valid=".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(get_class($this)."::valid", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1906,7 +1906,7 @@ class Propal extends CommonObject if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'propale/".$this->db->escape($this->newref)."'"; - $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'propale/".$this->db->escape($this->ref)."' and entity = ".$conf->entity; + $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'propale/".$this->db->escape($this->ref)."' and entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -1974,7 +1974,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET datep = '".$this->db->idate($date)."'"; - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2030,7 +2030,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET fin_validite = ".($date_fin_validite != '' ? "'".$this->db->idate($date_fin_validite)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2101,7 +2101,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal "; $sql .= " SET date_livraison = ".($delivery_date != '' ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2156,9 +2156,9 @@ class Propal extends CommonObject $this->db->begin(); - $sql = "UPDATE ".MAIN_DB_PREFIX."propal "; - $sql .= " SET fk_availability = '".$id."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; + $sql .= " SET fk_availability = ".((int) $id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__.' availability('.$id.')', LOG_DEBUG); $resql = $this->db->query($sql); @@ -2221,7 +2221,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal "; $sql .= " SET fk_input_reason = ".((int) $id); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2346,7 +2346,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET remise_percent = ".((float) $remise); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2409,7 +2409,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; $sql .= " SET remise_absolue = ".((float) $remise); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2530,7 +2530,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; $sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($newprivatenote)."', date_signature='".$this->db->idate($now)."', fk_user_signature=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -2707,7 +2707,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -2780,7 +2780,7 @@ class Propal extends CommonObject $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = c.id"; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -2789,7 +2789,7 @@ class Propal extends CommonObject $sql .= " AND p.fk_statut = ".self::STATUS_DRAFT; } if ($notcurrentuser > 0) { - $sql .= " AND p.fk_user_author <> ".$user->id; + $sql .= " AND p.fk_user_author <> ".((int) $user->id); } $sql .= $this->db->order($sortfield, $sortorder); $sql .= $this->db->plimit($limit, $offset); @@ -2934,7 +2934,7 @@ class Propal extends CommonObject if (!$error && !empty($this->table_element_line)) { $tabletodelete = $this->table_element_line; $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")"; - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id); if (!$this->db->query($sqlef) || !$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); @@ -2970,7 +2970,7 @@ class Propal extends CommonObject // Delete main record if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".((int) $this->id); $res = $this->db->query($sql); if (!$res) { $error++; @@ -3285,7 +3285,7 @@ class Propal extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."propal as p"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." p.entity IN (".getEntity('propal').")"; @@ -3296,7 +3296,7 @@ class Propal extends CommonObject $sql .= " AND p.fk_statut = ".self::STATUS_SIGNED; } if ($user->socid) { - $sql .= " AND p.fk_soc = ".$user->socid; + $sql .= " AND p.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -3462,7 +3462,7 @@ class Propal extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." p.entity IN (".getEntity('propal').")"; @@ -4156,7 +4156,7 @@ class PropaleLigne extends CommonObjectLine $error = 0; $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."propaldet WHERE rowid = ".$this->rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."propaldet WHERE rowid = ".((int) $this->rowid); dol_syslog("PropaleLigne::delete", LOG_DEBUG); if ($this->db->query($sql)) { // Remove extrafields diff --git a/htdocs/comm/propal/class/propalestats.class.php b/htdocs/comm/propal/class/propalestats.class.php index a06945a09a6..181e5b545f8 100644 --- a/htdocs/comm/propal/class/propalestats.class.php +++ b/htdocs/comm/propal/class/propalestats.class.php @@ -94,10 +94,10 @@ class PropaleStats extends Stats //$this->where.= " AND p.fk_soc = s.rowid AND p.entity = ".$conf->entity; $this->where .= ($this->where ? ' AND ' : '')."p.entity IN (".getEntity('propal').")"; if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($this->socid) { - $this->where .= " AND p.fk_soc = ".$this->socid; + $this->where .= " AND p.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { $this->where .= ' AND fk_user_author = '.((int) $this->userid); diff --git a/htdocs/comm/propal/index.php b/htdocs/comm/propal/index.php index 7ff3e405499..de2e4a1d64c 100644 --- a/htdocs/comm/propal/index.php +++ b/htdocs/comm/propal/index.php @@ -67,8 +67,11 @@ print load_fiche_titre($langs->trans("ProspectionArea"), '', 'propal'); print '
'; print '
'; -print getCustomerProposalPieChart($socid); -print '
'; +$tmp = getCustomerProposalPieChart($socid); +if ($tmp) { + print $tmp; + print '
'; +} /* * Draft proposals @@ -85,7 +88,7 @@ if (!empty($conf->propal->enabled)) { $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut =".Propal::STATUS_DRAFT; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND p.fk_soc = ".((int) $socid); @@ -163,7 +166,7 @@ if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.tms DESC"; $sql .= $db->plimit($max, 0); @@ -236,7 +239,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) { $sql .= " AND p.entity IN (".getEntity($propalstatic->element).")"; $sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -319,7 +322,7 @@ if (! empty($conf->propal->enabled)) $sql.= " AND c.entity = ".$conf->entity; $sql.= " AND c.fk_statut = 1"; if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); - if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); $sql.= " ORDER BY c.rowid DESC"; $resql=$db->query($sql); @@ -394,7 +397,7 @@ if (! empty($conf->propal->enabled)) $sql.= " AND c.entity = ".$conf->entity; $sql.= " AND c.fk_statut = 2 "; if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); - if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); $sql.= " ORDER BY c.rowid DESC"; $resql=$db->query($sql); diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index a21b4650f5b..23a16e2cfe7 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -526,7 +526,7 @@ $sql .= $hookmanager->resPrint; $sql .= ' WHERE p.fk_soc = s.rowid'; $sql .= ' AND p.entity IN ('.getEntity('propal').')'; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_town) { diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 8420a5e7f87..004b5a3c205 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -1822,12 +1822,7 @@ if ($action == 'create' && $usercancreate) { print dol_get_fiche_end(); - // Button "Create Draft" - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateDraft"); // Show origin lines if (!empty($origin) && !empty($originid) && is_object($objectsrc)) { diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index 65b446727e5..050b7251898 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -493,8 +493,8 @@ class Commande extends CommonOrder $sql .= " SET ref = '".$this->db->escape($num)."',"; $sql .= " fk_statut = ".self::STATUS_VALIDATED.","; $sql .= " date_valid='".$this->db->idate($now)."',"; - $sql .= " fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " fk_user_valid = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::valid", LOG_DEBUG); $resql = $this->db->query($sql); @@ -624,7 +624,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!$error) { @@ -807,7 +807,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET fk_statut = ".self::STATUS_CANCELED; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut = ".self::STATUS_VALIDATED; dol_syslog(get_class($this)."::cancel", LOG_DEBUG); @@ -2543,7 +2543,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET date_commande = ".($date ? "'".$this->db->idate($date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".((int) self::STATUS_DRAFT); + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".((int) self::STATUS_DRAFT); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2615,7 +2615,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET date_livraison = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2688,7 +2688,7 @@ class Commande extends CommonOrder $sql .= " WHERE c.entity IN (".getEntity('commande').")"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -2697,7 +2697,7 @@ class Commande extends CommonOrder $sql .= " AND c.fk_statut = ".self::STATUS_DRAFT; } if (is_object($excluser)) { - $sql .= " AND c.fk_user_author <> ".$excluser->id; + $sql .= " AND c.fk_user_author <> ".((int) $excluser->id); } $sql .= $this->db->order($sortfield, $sortorder); $sql .= $this->db->plimit($limit, $offset); @@ -3395,8 +3395,8 @@ class Commande extends CommonOrder // Delete extrafields of lines and lines if (!$error && !empty($this->table_element_line)) { $tabletodelete = $this->table_element_line; - $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id.")"; - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id; + $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id); if (!$this->db->query($sqlef) || !$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); @@ -3432,7 +3432,7 @@ class Commande extends CommonOrder // Delete main record if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".((int) $this->id); $res = $this->db->query($sql); if (!$res) { $error++; @@ -3507,14 +3507,14 @@ class Commande extends CommonOrder $sql .= " FROM ".MAIN_DB_PREFIX."commande as c"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." c.entity IN (".getEntity('commande').")"; //$sql.= " AND c.fk_statut IN (1,2,3) AND c.facture = 0"; $sql .= " AND ((c.fk_statut IN (".self::STATUS_VALIDATED.",".self::STATUS_SHIPMENTONPROCESS.")) OR (c.fk_statut = ".self::STATUS_CLOSED." AND c.facture = 0))"; // If status is 2 and facture=1, it must be selected if ($user->socid) { - $sql .= " AND c.fk_soc = ".$user->socid; + $sql .= " AND c.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -3917,7 +3917,7 @@ class Commande extends CommonOrder $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON co.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." co.entity IN (".getEntity('commande').")"; @@ -4649,7 +4649,7 @@ class OrderLine extends CommonOrderLine $sql .= ",total_localtax1='".price2num($this->total_localtax1)."'"; $sql .= ",total_localtax2='".price2num($this->total_localtax2)."'"; $sql .= ",total_ttc='".price2num($this->total_ttc)."'"; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog("OrderLine::update_total", LOG_DEBUG); diff --git a/htdocs/commande/class/commandestats.class.php b/htdocs/commande/class/commandestats.class.php index 6bd6067dcf7..8ac89d5a18f 100644 --- a/htdocs/commande/class/commandestats.class.php +++ b/htdocs/commande/class/commandestats.class.php @@ -94,13 +94,13 @@ class CommandeStats extends Stats $this->where .= ($this->where ? ' AND ' : '').'c.entity IN ('.getEntity('commande').')'; if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($this->socid) { - $this->where .= " AND c.fk_soc = ".$this->socid; + $this->where .= " AND c.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { - $this->where .= ' AND c.fk_user_author = '.$this->userid; + $this->where .= ' AND c.fk_user_author = '.((int) $this->userid); } if ($typentid) { diff --git a/htdocs/commande/customer.php b/htdocs/commande/customer.php index 62f8c4772f6..3ecaa0fbee1 100644 --- a/htdocs/commande/customer.php +++ b/htdocs/commande/customer.php @@ -87,7 +87,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE s.fk_stcomm = st.id AND c.fk_soc = s.rowid"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (GETPOST("search_nom")) { $sql .= natural_search("s.nom", GETPOST("search_nom")); diff --git a/htdocs/commande/index.php b/htdocs/commande/index.php index 73f40668cea..a794d79e743 100644 --- a/htdocs/commande/index.php +++ b/htdocs/commande/index.php @@ -77,8 +77,11 @@ print load_fiche_titre($langs->trans("OrdersArea"), '', 'order'); print '
'; -print getCustomerOrderPieChart($socid); -print '
'; +$tmp = getCustomerOrderPieChart($socid); +if ($tmp) { + print $tmp; + print '
'; +} /* @@ -101,7 +104,7 @@ if (!empty($conf->commande->enabled)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $db->query($sql); @@ -169,7 +172,7 @@ if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.tms DESC"; $sql .= $db->plimit($max, 0); @@ -253,7 +256,7 @@ if (!empty($conf->commande->enabled)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.rowid DESC"; @@ -342,7 +345,7 @@ if (!empty($conf->commande->enabled)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.rowid DESC"; diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php index d25af27f34c..b11d97811c8 100644 --- a/htdocs/commande/list.php +++ b/htdocs/commande/list.php @@ -486,7 +486,7 @@ if ($socid > 0) { $sql .= ' AND s.rowid = '.((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_ref) { $sql .= natural_search('c.ref', $search_ref); @@ -570,7 +570,7 @@ if ($search_sale > 0) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale); } if ($search_user > 0) { - $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".$search_user; + $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".((int) $search_user); } if ($search_total_ht != '') { $sql .= natural_search('c.total_ht', $search_total_ht, 1); diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php index d1cc0413bfd..02b967f6fdb 100644 --- a/htdocs/compta/bank/card.php +++ b/htdocs/compta/bank/card.php @@ -565,11 +565,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateAccount"); print ''; } else { @@ -1081,11 +1077,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Modify"); print ''; } diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index 03ec879c5ad..d2a9554abab 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -1998,7 +1998,7 @@ class AccountLine extends CommonObject // Protection to avoid any delete of accounted lines. Protection on by default if (empty($conf->global->BANK_ALLOW_TRANSACTION_DELETION_EVEN_IF_IN_ACCOUNTING)) { - $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".$this->id; + $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); @@ -2385,7 +2385,7 @@ class AccountLine extends CommonObject $result .= yn($this->rappro); } if ($option == 'showall' || $option == 'showconciliatedandaccounted') { - $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".$this->id; + $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php index 167c809a8b1..97184c1b8eb 100644 --- a/htdocs/compta/bank/releve.php +++ b/htdocs/compta/bank/releve.php @@ -116,7 +116,7 @@ if ($_GET["rel"] == 'prev') { $sql = "SELECT DISTINCT(b.num_releve) as num"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve < '".$db->escape($numref)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $sql .= " ORDER BY b.num_releve DESC"; dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG); @@ -134,7 +134,7 @@ if ($_GET["rel"] == 'prev') { $sql = "SELECT DISTINCT(b.num_releve) as num"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve > '".$db->escape($numref)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $sql .= " ORDER BY b.num_releve ASC"; dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG); @@ -165,7 +165,7 @@ $sql .= " WHERE b.num_releve='".$db->escape($numref)."'"; if (empty($numref)) { $sql .= " OR b.num_releve is null"; } -$sql .= " AND b.fk_account = ".$object->id; +$sql .= " AND b.fk_account = ".((int) $object->id); $sql .= " AND b.fk_account = ba.rowid"; $sql .= $db->order("b.datev, b.datec", "ASC"); // We add date of creation to have correct order when everything is done the same day @@ -340,7 +340,7 @@ if (empty($numref)) { $sql = "SELECT sum(b.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve < '".$db->escape($objp->numr)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -353,7 +353,7 @@ if (empty($numref)) { $sql = "SELECT sum(b.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve = '".$db->escape($objp->numr)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -421,7 +421,7 @@ if (empty($numref)) { $sql = "SELECT sum(b.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve < '".$db->escape($numref)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { @@ -605,7 +605,7 @@ if (empty($numref)) { $sql .= " FROM ".MAIN_DB_PREFIX."bank_categ as ct"; $sql .= ", ".MAIN_DB_PREFIX."bank_class as cl"; $sql .= " WHERE ct.rowid = cl.fk_categ"; - $sql .= " AND ct.entity = ".$conf->entity; + $sql .= " AND ct.entity = ".((int) $conf->entity); $sql .= " AND cl.lineid = ".((int) $objp->rowid); $resc = $db->query($sql); diff --git a/htdocs/compta/bank/various_payment/card.php b/htdocs/compta/bank/various_payment/card.php index 2b4a68bec90..68c6ed20458 100644 --- a/htdocs/compta/bank/various_payment/card.php +++ b/htdocs/compta/bank/various_payment/card.php @@ -512,11 +512,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '   '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/compta/cashcontrol/report.php b/htdocs/compta/cashcontrol/report.php index 0bc18e31bde..af61af5e836 100644 --- a/htdocs/compta/cashcontrol/report.php +++ b/htdocs/compta/cashcontrol/report.php @@ -115,9 +115,9 @@ elseif ($syear && $smonth && ! $sday) $sql.= " AND dateo BETWEEN '".$db->idate(d elseif ($syear && $smonth && $sday) $sql.= " AND dateo BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $smonth, $sday, $syear))."' AND '".$db->idate(dol_mktime(23, 59, 59, $smonth, $sday, $syear))."'"; else dol_print_error('', 'Year not defined'); // Define filter on bank account -$sql.=" AND (b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CASH; -$sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CB; -$sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE; +$sql.=" AND (b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CASH); +$sql.=" OR b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CB); +$sql.=" OR b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE); $sql.=")"; */ $sql = "SELECT f.rowid as facid, f.ref, f.datef as do, pf.amount as amount, b.fk_account as bankid, cp.code"; diff --git a/htdocs/compta/clients.php b/htdocs/compta/clients.php index b0a4716b7e1..504e5638abc 100644 --- a/htdocs/compta/clients.php +++ b/htdocs/compta/clients.php @@ -104,7 +104,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE s.fk_stcomm = st.id AND s.client in (1, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (dol_strlen($stcomm)) { $sql .= " AND s.fk_stcomm=".((int) $stcomm); diff --git a/htdocs/compta/deplacement/index.php b/htdocs/compta/deplacement/index.php index 547f0676b7b..12351032b53 100644 --- a/htdocs/compta/deplacement/index.php +++ b/htdocs/compta/deplacement/index.php @@ -159,7 +159,7 @@ if (empty($user->rights->deplacement->readall) && empty($user->rights->deplaceme $sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')'; } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND d.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/deplacement/list.php b/htdocs/compta/deplacement/list.php index 61d30ea1345..428eacbc93a 100644 --- a/htdocs/compta/deplacement/list.php +++ b/htdocs/compta/deplacement/list.php @@ -105,7 +105,7 @@ if (empty($user->rights->deplacement->readall) && empty($user->rights->deplaceme $sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (sc.fk_user = ".$user->id." OR d.fk_soc IS NULL) "; + $sql .= " AND (sc.fk_user = ".((int) $user->id)." OR d.fk_soc IS NULL) "; } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/compta/facture/card-rec.php b/htdocs/compta/facture/card-rec.php index affdd2e8991..0da621efd97 100644 --- a/htdocs/compta/facture/card-rec.php +++ b/htdocs/compta/facture/card-rec.php @@ -1144,10 +1144,8 @@ if ($action == 'create') { } print "\n"; - print '
'; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Create"); + print "\n"; } else { dol_print_error('', "Error, no invoice ".$object->id); diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 5d81da90088..31de2bbd4ff 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -321,8 +321,8 @@ if (empty($reshook)) { //var_dump($array_of_total_ht_per_vat_rate);exit; foreach ($array_of_total_ht_per_vat_rate as $vatrate => $tmpvalue) { - $tmp_total_ht = $array_of_total_ht_per_vat_rate[$vatrate]; - $tmp_total_ht_devise = $array_of_total_ht_devise_per_vat_rate[$vatrate]; + $tmp_total_ht = price2num($array_of_total_ht_per_vat_rate[$vatrate]); + $tmp_total_ht_devise = price2num($array_of_total_ht_devise_per_vat_rate[$vatrate]); if (($tmp_total_ht < 0 || $tmp_total_ht_devise < 0) && empty($conf->global->FACTURE_ENABLE_NEGATIVE_LINES)) { if ($object->type == $object::TYPE_DEPOSIT) { @@ -3785,11 +3785,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - // Button "Create Draft" - print '
'; - print ''; - print ''; - print '
'; + print $form->buttonsSaveCancel("CreateDraft"); // Show origin lines if (!empty($origin) && !empty($originid) && is_object($objectsrc)) { diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index eb380a4a212..67d59ceb531 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -293,7 +293,7 @@ class Facture extends CommonInvoice 'rowid' =>array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>1), 'ref' =>array('type'=>'varchar(30)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'showoncombobox'=>1, 'position'=>5), 'entity' =>array('type'=>'integer', 'label'=>'Entity', 'default'=>1, 'enabled'=>1, 'visible'=>-2, 'notnull'=>1, 'position'=>20, 'index'=>1), - 'ref_client' =>array('type'=>'varchar(255)', 'label'=>'Ref client', 'enabled'=>1, 'visible'=>-1, 'position'=>10), + 'ref_client' =>array('type'=>'varchar(255)', 'label'=>'RefCustomer', 'enabled'=>1, 'visible'=>-1, 'position'=>10), 'ref_ext' =>array('type'=>'varchar(255)', 'label'=>'Ref ext', 'enabled'=>1, 'visible'=>0, 'position'=>12), //'ref_int' =>array('type'=>'varchar(255)', 'label'=>'Ref int', 'enabled'=>1, 'visible'=>0, 'position'=>30), // deprecated 'type' =>array('type'=>'smallint(6)', 'label'=>'Type', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>15), @@ -343,8 +343,8 @@ class Facture extends CommonInvoice 'multicurrency_code' =>array('type'=>'varchar(255)', 'label'=>'Currency', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>280), 'multicurrency_tx' =>array('type'=>'double(24,8)', 'label'=>'CurrencyRate', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>285, 'isameasure'=>1), 'multicurrency_total_ht' =>array('type'=>'double(24,8)', 'label'=>'MulticurrencyAmountHT', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>290, 'isameasure'=>1), - 'multicurrency_total_tva' =>array('type'=>'double(24,8)', 'label'=>'MulticurrencyAmountVAT', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>295, 'isameasure'=>1), - 'multicurrency_total_ttc' =>array('type'=>'double(24,8)', 'label'=>'MulticurrencyAmountTTC', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>300, 'isameasure'=>1), + 'multicurrency_total_tva' =>array('type'=>'double(24,8)', 'label'=>'MulticurrencyAmountVAT', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>291, 'isameasure'=>1), + 'multicurrency_total_ttc' =>array('type'=>'double(24,8)', 'label'=>'MulticurrencyAmountTTC', 'enabled'=>'$conf->multicurrency->enabled', 'visible'=>-1, 'position'=>292, 'isameasure'=>1), 'fk_fac_rec_source' =>array('type'=>'integer', 'label'=>'RecurringInvoiceSource', 'enabled'=>1, 'visible'=>-1, 'position'=>305), 'last_main_doc' =>array('type'=>'varchar(255)', 'label'=>'LastMainDoc', 'enabled'=>1, 'visible'=>-1, 'position'=>310), 'module_source' =>array('type'=>'varchar(32)', 'label'=>'POSModule', 'enabled'=>1, 'visible'=>-1, 'position'=>315), @@ -2996,7 +2996,7 @@ class Facture extends CommonInvoice $sql = "UPDATE ".MAIN_DB_PREFIX."facture"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { @@ -4042,7 +4042,7 @@ class Facture extends CommonInvoice $sql .= " WHERE f.entity IN (".getEntity('invoice').")"; $sql .= " AND f.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -4051,7 +4051,7 @@ class Facture extends CommonInvoice $sql .= " AND f.fk_statut = ".self::STATUS_DRAFT; } if (is_object($excluser)) { - $sql .= " AND f.fk_user_author <> ".$excluser->id; + $sql .= " AND f.fk_user_author <> ".((int) $excluser->id); } $sql .= $this->db->order($sortfield, $sortorder); $sql .= $this->db->plimit($limit, $offset); @@ -4233,14 +4233,14 @@ class Facture extends CommonInvoice $sql .= " FROM ".MAIN_DB_PREFIX."facture as f"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON f.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." f.paye=0"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND f.fk_statut = ".self::STATUS_VALIDATED; if ($user->socid) { - $sql .= " AND f.fk_soc = ".$user->socid; + $sql .= " AND f.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -4480,7 +4480,7 @@ class Facture extends CommonInvoice $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON f.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." f.entity IN (".getEntity('invoice').")"; @@ -5679,7 +5679,7 @@ class FactureLigne extends CommonInvoiceLine return -1; } - $sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet WHERE rowid = ".$this->rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet WHERE rowid = ".((int) $this->rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); if ($this->db->query($sql)) { $this->db->commit(); @@ -5719,7 +5719,7 @@ class FactureLigne extends CommonInvoiceLine $sql .= ",total_localtax1=".price2num($this->total_localtax1).""; $sql .= ",total_localtax2=".price2num($this->total_localtax2).""; $sql .= ",total_ttc=".price2num($this->total_ttc).""; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog(get_class($this)."::update_total", LOG_DEBUG); diff --git a/htdocs/compta/facture/class/facturestats.class.php b/htdocs/compta/facture/class/facturestats.class.php index e6547cc9f89..96c8e88b97e 100644 --- a/htdocs/compta/facture/class/facturestats.class.php +++ b/htdocs/compta/facture/class/facturestats.class.php @@ -86,16 +86,16 @@ class FactureStats extends Stats $this->where = " f.fk_statut >= 0"; $this->where .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($mode == 'customer') { $this->where .= " AND (f.fk_statut <> 3 OR f.close_code <> 'replaced')"; // Exclude replaced invoices as they are duplicated (we count closed invoices for other reasons) } if ($this->socid) { - $this->where .= " AND f.fk_soc = ".$this->socid; + $this->where .= " AND f.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { - $this->where .= ' AND f.fk_user_author = '.$this->userid; + $this->where .= ' AND f.fk_user_author = '.((int) $this->userid); } if (!empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) { $this->where .= " AND f.type IN (0,1,2,5)"; diff --git a/htdocs/compta/facture/index.php b/htdocs/compta/facture/index.php index 66a2fccaf08..d3d3a33acb5 100644 --- a/htdocs/compta/facture/index.php +++ b/htdocs/compta/facture/index.php @@ -59,19 +59,33 @@ print load_fiche_titre($langs->trans("CustomersInvoicesArea"), '', 'bill'); print '
'; print '
'; -print getNumberInvoicesPieChart('customers'); -//print getCustomerInvoicePieChart($socid); -print '
'; -print getCustomerInvoiceDraftTable($max, $socid); +$tmp = getNumberInvoicesPieChart('customers'); +if ($tmp) { + print $tmp; + print '
'; +} +$tmp = getCustomerInvoiceDraftTable($max, $socid); +if ($tmp) { + print $tmp; + print '
'; +} print '
'; print '
'; print '
'; -print getCustomerInvoiceLatestEditTable($maxLatestEditCount, $socid); -print '
'; -print getCustomerInvoiceUnpaidOpenTable($max, $socid); +$tmp = getCustomerInvoiceLatestEditTable($maxLatestEditCount, $socid); +if ($tmp) { + print $tmp; + print '
'; +} + +$tmp = getCustomerInvoiceUnpaidOpenTable($max, $socid); +if ($tmp) { + print $tmp; + print '
'; +} print '
'; print '
'; diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 93be3ba445a..cd274c686a9 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -235,13 +235,13 @@ $arrayfields = array( 'rtp'=>array('label'=>"Rest", 'checked'=>0, 'position'=>150), // Not enabled by default because slow 'u.login'=>array('label'=>"Author", 'checked'=>1, 'position'=>165), 'sale_representative'=>array('label'=>"SaleRepresentativesOfThirdParty", 'checked'=>0, 'position'=>166), - 'f.multicurrency_code'=>array('label'=>'Currency', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>170), - 'f.multicurrency_tx'=>array('label'=>'CurrencyRate', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>171), - 'f.multicurrency_total_ht'=>array('label'=>'MulticurrencyAmountHT', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>180), - 'f.multicurrency_total_vat'=>array('label'=>'MulticurrencyAmountVAT', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>190), - 'f.multicurrency_total_ttc'=>array('label'=>'MulticurrencyAmountTTC', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>200), - 'multicurrency_dynamount_payed'=>array('label'=>'MulticurrencyAlreadyPaid', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>210), - 'multicurrency_rtp'=>array('label'=>'MulticurrencyRemainderToPay', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>220), // Not enabled by default because slow + 'f.multicurrency_code'=>array('label'=>'Currency', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>280), + 'f.multicurrency_tx'=>array('label'=>'CurrencyRate', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>285), + 'f.multicurrency_total_ht'=>array('label'=>'MulticurrencyAmountHT', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>290), + 'f.multicurrency_total_vat'=>array('label'=>'MulticurrencyAmountVAT', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>291), + 'f.multicurrency_total_ttc'=>array('label'=>'MulticurrencyAmountTTC', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>292), + 'multicurrency_dynamount_payed'=>array('label'=>'MulticurrencyAlreadyPaid', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>295), + 'multicurrency_rtp'=>array('label'=>'MulticurrencyRemainderToPay', 'checked'=>0, 'enabled'=>(empty($conf->multicurrency->enabled) ? 0 : 1), 'position'=>296), // Not enabled by default because slow 'total_pa' => array('label' => ($conf->global->MARGIN_TYPE == '1' ? 'BuyingPrice' : 'CostPrice'), 'checked' => 0, 'position' => 300, 'enabled' => (empty($conf->margin->enabled) || !$user->rights->margins->liretous ? 0 : 1)), 'total_margin' => array('label' => 'Margin', 'checked' => 0, 'position' => 301, 'enabled' => (empty($conf->margin->enabled) || !$user->rights->margins->liretous ? 0 : 1)), 'total_margin_rate' => array('label' => 'MarginRate', 'checked' => 0, 'position' => 302, 'enabled' => (empty($conf->margin->enabled) || !$user->rights->margins->liretous || empty($conf->global->DISPLAY_MARGIN_RATES) ? 0 : 1)), @@ -607,7 +607,7 @@ $sql .= $hookmanager->resPrint; $sql .= ' WHERE f.fk_soc = s.rowid'; $sql .= ' AND f.entity IN ('.getEntity('invoice').')'; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_product_category > 0) { $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); @@ -775,7 +775,7 @@ if (!$sall) { $sql .= ' f.paye, f.fk_statut, f.close_code,'; $sql .= ' f.datec, f.tms, f.date_closing,'; $sql .= ' f.retained_warranty, f.retained_warranty_date_limit, f.situation_final, f.situation_cycle_ref, f.situation_counter,'; - $sql .= ' f.fk_user_author, f.fk_multicurrency, f.multicurrency_code, f.multicurrency_tx, f.multicurrency_total_ht, f.multicurrency_total_tva,'; + $sql .= ' f.fk_user_author, f.fk_multicurrency, f.multicurrency_code, f.multicurrency_tx, f.multicurrency_total_ht,'; $sql .= ' f.multicurrency_total_tva, f.multicurrency_total_ttc,'; $sql .= ' s.rowid, s.nom, s.name_alias, s.email, s.phone, s.fax, s.address, s.town, s.zip, s.fk_pays, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur,'; $sql .= ' typent.code,'; @@ -1945,7 +1945,7 @@ if ($resql) { } // Amount VAT if (!empty($arrayfields['f.total_tva']['checked'])) { - print ''.price($obj->total_vat)."\n"; + print ''.price($obj->total_tva)."\n"; if (!$i) { $totalarray['nbfield']++; } diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php index b1ad18e6461..ca7cd08a6fe 100644 --- a/htdocs/compta/index.php +++ b/htdocs/compta/index.php @@ -135,7 +135,7 @@ if (!empty($conf->facture->enabled) && !empty($user->rights->facture->lire)) { $sql .= " WHERE s.rowid = f.fk_soc"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); @@ -280,7 +280,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $sql .= " WHERE s.rowid = ff.fk_soc"; $sql .= " AND ff.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND ff.fk_soc = ".((int) $socid); @@ -592,7 +592,7 @@ if (!empty($conf->facture->enabled) && !empty($conf->commande->enabled) && $user $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/localtax/card.php b/htdocs/compta/localtax/card.php index 451007932d7..e2a96f4fb5b 100644 --- a/htdocs/compta/localtax/card.php +++ b/htdocs/compta/localtax/card.php @@ -196,11 +196,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/compta/paiement/cheque/class/remisecheque.class.php b/htdocs/compta/paiement/cheque/class/remisecheque.class.php index 0c05a1bc03a..683b2fd0423 100644 --- a/htdocs/compta/paiement/cheque/class/remisecheque.class.php +++ b/htdocs/compta/paiement/cheque/class/remisecheque.class.php @@ -290,7 +290,7 @@ class RemiseCheque extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."bordereau_cheque"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $resql = $this->db->query($sql); @@ -344,7 +344,7 @@ class RemiseCheque extends CommonObject if ($this->errno == 0 && $numref) { $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; $sql .= " SET statut = 1, ref = '".$this->db->escape($numref)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $sql .= " AND statut = 0"; @@ -585,7 +585,7 @@ class RemiseCheque extends CommonObject $sql .= ", ".MAIN_DB_PREFIX."bordereau_cheque as bc"; $sql .= " WHERE b.fk_account = ba.rowid"; $sql .= " AND b.fk_bordereau = bc.rowid"; - $sql .= " AND bc.rowid = ".$this->id; + $sql .= " AND bc.rowid = ".((int) $this->id); $sql .= " AND bc.entity = ".$conf->entity; $sql .= " ORDER BY b.dateo ASC, b.rowid ASC"; @@ -661,7 +661,7 @@ class RemiseCheque extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; $sql .= " SET amount = ".price2num($total); $sql .= ", nbcheque = ".((int) $nb); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $resql = $this->db->query($sql); @@ -851,7 +851,7 @@ class RemiseCheque extends CommonObject if ($user->rights->banque->cheque) { $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; $sql .= " SET date_bordereau = ".($date ? "'".$this->db->idate($date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("RemiseCheque::set_date", LOG_DEBUG); $resql = $this->db->query($sql); @@ -880,8 +880,8 @@ class RemiseCheque extends CommonObject // phpcs:enable if ($user->rights->banque->cheque) { $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; - $sql .= " SET ref = '".$ref."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " SET ref = '".$this->db->escape($ref)."'"; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("RemiseCheque::set_number", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index f31d66a2f6d..971400afa5e 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -800,7 +800,7 @@ class Paiement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.'bank'; $sql .= " SET dateo = '".$this->db->idate($date)."', datev = '".$this->db->idate($date)."'"; - $sql .= " WHERE rowid IN (SELECT fk_bank FROM ".MAIN_DB_PREFIX."bank_url WHERE type = '".$this->db->escape($type)."' AND url_id = ".$this->id.")"; + $sql .= " WHERE rowid IN (SELECT fk_bank FROM ".MAIN_DB_PREFIX."bank_url WHERE type = '".$this->db->escape($type)."' AND url_id = ".((int) $this->id).")"; $sql .= " AND rappro = 0"; $result = $this->db->query($sql); diff --git a/htdocs/compta/paiement/list.php b/htdocs/compta/paiement/list.php index ee847603954..d1a94f5e690 100644 --- a/htdocs/compta/paiement/list.php +++ b/htdocs/compta/paiement/list.php @@ -209,7 +209,7 @@ if (GETPOST("orphelins", "alpha")) { } $sql .= " WHERE p.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/paymentbybanktransfer/index.php b/htdocs/compta/paymentbybanktransfer/index.php index 5d76ae4d8b4..25763dd8339 100644 --- a/htdocs/compta/paymentbybanktransfer/index.php +++ b/htdocs/compta/paymentbybanktransfer/index.php @@ -112,7 +112,7 @@ $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; $sql .= " AND pfd.fk_facture_fourn = f.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index 1b6afa3cffe..10c8f304102 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -203,7 +203,7 @@ class BonPrelevement extends CommonObject */ $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes"; - $sql .= " WHERE fk_prelevement_bons = ".$this->id; + $sql .= " WHERE fk_prelevement_bons = ".((int) $this->id); $sql .= " AND fk_soc =".((int) $client_id); $sql .= " AND code_banque = '".$this->db->escape($code_banque)."'"; $sql .= " AND code_guichet = '".$this->db->escape($code_guichet)."'"; @@ -348,8 +348,8 @@ class BonPrelevement extends CommonObject if ($this->db->begin()) { $sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_bons"; $sql .= " SET statut = ".self::STATUS_TRANSFERED; - $sql .= " WHERE rowid = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= " WHERE rowid = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); $result = $this->db->query($sql); if (!$result) { @@ -374,7 +374,7 @@ class BonPrelevement extends CommonObject if (!$error) { $sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_lignes"; $sql .= " SET statut = 2"; - $sql .= " WHERE fk_prelevement_bons = ".$this->id; + $sql .= " WHERE fk_prelevement_bons = ".((int) $this->id); if (!$this->db->query($sql)) { dol_syslog(get_class($this)."::set_credite Erreur 1"); @@ -429,7 +429,7 @@ class BonPrelevement extends CommonObject $sql .= ", statut = ".self::STATUS_CREDITED; $sql .= ", date_credit = '".$this->db->idate($date)."'"; $sql .= " WHERE rowid=".((int) $this->id); - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); $sql .= " AND statut = ".self::STATUS_TRANSFERED; $resql = $this->db->query($sql); @@ -528,7 +528,7 @@ class BonPrelevement extends CommonObject if (!$error) { $sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_lignes"; $sql .= " SET statut = 2"; - $sql .= " WHERE fk_prelevement_bons = ".$this->id; + $sql .= " WHERE fk_prelevement_bons = ".((int) $this->id); if (!$this->db->query($sql)) { dol_syslog(get_class($this)."::set_infocredit Update lines Error"); @@ -582,8 +582,8 @@ class BonPrelevement extends CommonObject $sql .= " , date_trans = '".$this->db->idate($date)."'"; $sql .= " , method_trans = ".((int) $method); $sql .= " , statut = ".self::STATUS_TRANSFERED; - $sql .= " WHERE rowid = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= " WHERE rowid = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); $sql .= " AND statut = 0"; if ($this->db->query($sql)) { @@ -646,8 +646,8 @@ class BonPrelevement extends CommonObject $sql .= " , ".MAIN_DB_PREFIX."prelevement_facture as pf"; $sql .= " WHERE pf.fk_prelevement_lignes = pl.rowid"; $sql .= " AND pl.fk_prelevement_bons = p.rowid"; - $sql .= " AND p.rowid = ".$this->id; - $sql .= " AND p.entity = ".$conf->entity; + $sql .= " AND p.rowid = ".((int) $this->id); + $sql .= " AND p.entity = ".((int) $conf->entity); if ($amounts) { if ($this->type == 'bank-transfer') { $sql .= " GROUP BY fk_facture_fourn"; @@ -989,7 +989,7 @@ class BonPrelevement extends CommonObject $sql = "SELECT substring(ref from char_length(ref) - 1)"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_bons"; $sql .= " WHERE ref LIKE '%".$this->db->escape($ref)."%'"; - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); $sql .= " ORDER BY ref DESC LIMIT 1"; dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); @@ -1076,7 +1076,7 @@ class BonPrelevement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande"; $sql .= " SET traite = 1"; $sql .= ", date_traite = '".$this->db->idate($now)."'"; - $sql .= ", fk_prelevement_bons = ".$this->id; + $sql .= ", fk_prelevement_bons = ".((int) $this->id); $sql .= " WHERE rowid = ".((int) $fac[1]); $resql = $this->db->query($sql); @@ -1141,7 +1141,7 @@ class BonPrelevement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_bons"; $sql .= " SET amount = ".price2num($this->total); $sql .= " WHERE rowid = ".((int) $this->id); - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if (!$resql) { @@ -1205,7 +1205,7 @@ class BonPrelevement extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_facture WHERE fk_prelevement_lignes IN (SELECT rowid FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".$this->id.")"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_facture WHERE fk_prelevement_lignes IN (SELECT rowid FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".((int) $this->id).")"; $resql1 = $this->db->query($sql); if (!$resql1) { dol_print_error($this->db); @@ -1213,7 +1213,7 @@ class BonPrelevement extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".((int) $this->id); $resql2 = $this->db->query($sql); if (!$resql2) { dol_print_error($this->db); @@ -1221,7 +1221,7 @@ class BonPrelevement extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_bons WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_bons WHERE rowid = ".((int) $this->id); $resql3 = $this->db->query($sql); if (!$resql3) { dol_print_error($this->db); @@ -1229,7 +1229,7 @@ class BonPrelevement extends CommonObject } if (!$error) { - $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande SET fk_prelevement_bons = NULL, traite = 0 WHERE fk_prelevement_bons = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande SET fk_prelevement_bons = NULL, traite = 0 WHERE fk_prelevement_bons = ".((int) $this->id); $resql4 = $this->db->query($sql); if (!$resql4) { dol_print_error($this->db); @@ -1491,7 +1491,7 @@ class BonPrelevement extends CommonObject $sql .= " ".MAIN_DB_PREFIX."societe as soc,"; $sql .= " ".MAIN_DB_PREFIX."c_country as c,"; $sql .= " ".MAIN_DB_PREFIX."societe_rib as rib"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id); $sql .= " AND pl.rowid = pf.fk_prelevement_lignes"; $sql .= " AND pf.fk_facture = f.rowid"; $sql .= " AND f.fk_soc = soc.rowid"; @@ -1607,7 +1607,7 @@ class BonPrelevement extends CommonObject $sql .= " ".MAIN_DB_PREFIX."societe as soc,"; $sql .= " ".MAIN_DB_PREFIX."c_country as c,"; $sql .= " ".MAIN_DB_PREFIX."societe_rib as rib"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id); $sql .= " AND pl.rowid = pf.fk_prelevement_lignes"; $sql .= " AND pf.fk_facture_fourn = f.rowid"; $sql .= " AND f.fk_soc = soc.rowid"; @@ -1697,7 +1697,7 @@ class BonPrelevement extends CommonObject $sql .= " ".MAIN_DB_PREFIX."prelevement_lignes as pl,"; $sql .= " ".MAIN_DB_PREFIX."facture as f,"; $sql .= " ".MAIN_DB_PREFIX."prelevement_facture as pf"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id); $sql .= " AND pl.rowid = pf.fk_prelevement_lignes"; $sql .= " AND pf.fk_facture = f.rowid"; @@ -1723,7 +1723,7 @@ class BonPrelevement extends CommonObject $sql .= " ".MAIN_DB_PREFIX."prelevement_lignes as pl,"; $sql .= " ".MAIN_DB_PREFIX."facture_fourn as f,"; $sql .= " ".MAIN_DB_PREFIX."prelevement_facture as pf"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id); $sql .= " AND pl.rowid = pf.fk_prelevement_lignes"; $sql .= " AND pf.fk_facture_fourn = f.rowid"; diff --git a/htdocs/compta/prelevement/demandes.php b/htdocs/compta/prelevement/demandes.php index 266097f7a2d..0230e4cb726 100644 --- a/htdocs/compta/prelevement/demandes.php +++ b/htdocs/compta/prelevement/demandes.php @@ -138,7 +138,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE s.rowid = f.fk_soc"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/prelevement/index.php b/htdocs/compta/prelevement/index.php index 11c38bbb044..c0f89a7e046 100644 --- a/htdocs/compta/prelevement/index.php +++ b/htdocs/compta/prelevement/index.php @@ -112,7 +112,7 @@ $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; $sql .= " AND pfd.fk_facture = f.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/resultat/clientfourn.php b/htdocs/compta/resultat/clientfourn.php index 5aca25466a3..f2f192271ac 100644 --- a/htdocs/compta/resultat/clientfourn.php +++ b/htdocs/compta/resultat/clientfourn.php @@ -614,9 +614,9 @@ if ($modecompta == 'BOOKKEEPING') { } } - $sql .= " AND f.entity = ".$conf->entity; + $sql .= " AND f.entity = ".((int) $conf->entity); if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " GROUP BY name, socid"; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/compta/sociales/class/chargesociales.class.php b/htdocs/compta/sociales/class/chargesociales.class.php index 1977ac9791b..14b2cf67590 100644 --- a/htdocs/compta/sociales/class/chargesociales.class.php +++ b/htdocs/compta/sociales/class/chargesociales.class.php @@ -301,7 +301,7 @@ class ChargeSociales extends CommonObject // Delete payments if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."paiementcharge WHERE fk_charge=".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."paiementcharge WHERE fk_charge=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php index 48ba4b06d30..fa95b08faca 100644 --- a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php +++ b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php @@ -777,7 +777,7 @@ class PaymentSocialContribution extends CommonObject $type = 'bank'; - $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->bank_line; + $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->bank_line); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/compta/tva/card.php b/htdocs/compta/tva/card.php index daf5afb025e..a093a086050 100755 --- a/htdocs/compta/tva/card.php +++ b/htdocs/compta/tva/card.php @@ -726,12 +726,9 @@ if ($id) { print dol_get_fiche_end(); if ($action == 'edit') { - print '
'; - print ''; - print '   '; - print ''; - print '
'; - print "\n"; + print $form->buttonsSaveCancel(); + + print ""; } /* diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php index 469869f00e9..13096ddcd40 100644 --- a/htdocs/contact/card.php +++ b/htdocs/contact/card.php @@ -883,16 +883,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print dol_get_fiche_end(); - print '
'; - print ''; - if (!empty($backtopage)) { - print '     '; - print ''; - } else { - print '     '; - print ''; - } - print '
'; + print $form->buttonsSaveCancel("Add"); print ""; } elseif ($action == 'edit' && !empty($id)) { @@ -1220,11 +1211,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ""; } diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 165a7bf7bc3..83bc4202b9d 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -385,13 +385,13 @@ class Contact extends CommonObject if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= ", ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= ' '.$clause.' sp.entity IN ('.getEntity($this->element).')'; - $sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".$user->id."))"; + $sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".((int) $user->id)."))"; if ($user->socid > 0) { - $sql .= " AND sp.fk_soc = ".$user->socid; + $sql .= " AND sp.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -1068,7 +1068,7 @@ class Contact extends CommonObject // Search Dolibarr user linked to this contact $sql = "SELECT u.rowid "; $sql .= " FROM ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE u.fk_socpeople = ".$this->id; + $sql .= " WHERE u.fk_socpeople = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -1091,7 +1091,7 @@ class Contact extends CommonObject if ($user) { $sql = "SELECT fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."user_alert"; - $sql .= " WHERE fk_user = ".$user->id." AND fk_contact = ".$this->db->escape($id); + $sql .= " WHERE fk_user = ".((int) $user->id)." AND fk_contact = ".((int) $id); $resql = $this->db->query($sql); if ($resql) { @@ -1162,7 +1162,7 @@ class Contact extends CommonObject $sql = "SELECT tc.element, count(ec.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as tc"; $sql .= " WHERE ec.fk_c_type_contact = tc.rowid"; - $sql .= " AND fk_socpeople = ".$this->id; + $sql .= " AND fk_socpeople = ".((int) $this->id); $sql .= " AND tc.source = 'external'"; $sql .= " GROUP BY tc.element"; @@ -1211,7 +1211,7 @@ class Contact extends CommonObject $sql = "SELECT ec.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."element_contact ec,"; $sql .= " ".MAIN_DB_PREFIX."c_type_contact tc"; - $sql .= " WHERE ec.fk_socpeople=".$this->id; + $sql .= " WHERE ec.fk_socpeople=".((int) $this->id); $sql .= " AND ec.fk_c_type_contact=tc.rowid"; $sql .= " AND tc.source='external'"; dol_syslog(__METHOD__, LOG_DEBUG); @@ -1242,7 +1242,7 @@ class Contact extends CommonObject if (!$error) { // Remove Roles - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1254,7 +1254,7 @@ class Contact extends CommonObject if (!$error) { // Remove Roles - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1266,7 +1266,7 @@ class Contact extends CommonObject if (!$error) { // Remove category - $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_contact WHERE fk_socpeople = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_contact WHERE fk_socpeople = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1727,7 +1727,7 @@ class Contact extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."societe_contacts as sc, ".MAIN_DB_PREFIX."c_type_contact as tc"; $sql .= " WHERE tc.rowid = sc.fk_c_type_contact"; $sql .= " AND tc.source = 'external' AND tc.active=1"; - $sql .= " AND sc.fk_socpeople = ".$this->id; + $sql .= " AND sc.fk_socpeople = ".((int) $this->id); $sql .= " AND sc.entity IN (".getEntity('societe').')'; $resql = $this->db->query($sql); @@ -2040,7 +2040,7 @@ class Contact extends CommonObject $obj = $this->db->fetch_object($resql); $noemail = $obj->nb; if (empty($noemail)) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe(email, entity, date_creat) VALUES ('".$this->db->escape($this->email)."', ".$this->db->escape(getEntity('mailing', 0)).", '".$this->db->idate(dol_now())."')"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe(email, entity, date_creat) VALUES ('".$this->db->escape($this->email)."', ".getEntity('mailing', 0).", '".$this->db->idate(dol_now())."')"; $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -2054,7 +2054,7 @@ class Contact extends CommonObject $this->errors[] = $this->error; } } else { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = '".$this->db->escape($this->email)."' AND entity = ".$this->db->escape(getEntity('mailing', 0)); + $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = '".$this->db->escape($this->email)."' AND entity IN (".getEntity('mailing', 0).")"; $resql = $this->db->query($sql); if (!$resql) { $error++; diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index e5a9ab3f0d6..a63a1bf7e49 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -389,7 +389,7 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= ' WHERE p.entity IN ('.getEntity('socpeople').')'; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND (sc.fk_user = ".$user->id." OR p.fk_soc IS NULL)"; + $sql .= " AND (sc.fk_user = ".((int) $user->id)." OR p.fk_soc IS NULL)"; } if (!empty($userid)) { // propre au commercial $sql .= " AND p.fk_user_creat=".((int) $userid); @@ -403,13 +403,13 @@ if ($search_stcomm != '' && $search_stcomm != -2) { // Filter to exclude not owned private contacts if ($search_priv != '0' && $search_priv != '1') { - $sql .= " AND (p.priv='0' OR (p.priv='1' AND p.fk_user_creat=".$user->id."))"; + $sql .= " AND (p.priv='0' OR (p.priv='1' AND p.fk_user_creat=".((int) $user->id)."))"; } else { if ($search_priv == '0') { $sql .= " AND p.priv='0'"; } if ($search_priv == '1') { - $sql .= " AND (p.priv='1' AND p.fk_user_creat=".$user->id.")"; + $sql .= " AND (p.priv='1' AND p.fk_user_creat=".((int) $user->id).")"; } } diff --git a/htdocs/contact/perso.php b/htdocs/contact/perso.php index 261ffebf29c..a5b64e37998 100644 --- a/htdocs/contact/perso.php +++ b/htdocs/contact/perso.php @@ -205,11 +205,7 @@ if ($action == 'edit') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ""; } else { diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index d5187c6a040..470895a2c22 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -1174,11 +1174,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Create"); if (is_object($objectsrc)) { print ''; diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 5436c55faeb..29d84c86c57 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -792,7 +792,7 @@ class Contrat extends CommonObject $sql .= " d.fk_unit,"; $sql .= " d.product_type as type"; $sql .= " FROM ".MAIN_DB_PREFIX."contratdet as d LEFT JOIN ".MAIN_DB_PREFIX."product as p ON d.fk_product = p.rowid"; - $sql .= " WHERE d.fk_contrat = ".$this->id; + $sql .= " WHERE d.fk_contrat = ".((int) $this->id); $sql .= " ORDER by d.rowid ASC"; dol_syslog(get_class($this)."::fetch_lines", LOG_DEBUG); @@ -1150,11 +1150,11 @@ class Contrat extends CommonObject /* $sql = "DELETE cdl"; $sql.= " FROM ".MAIN_DB_PREFIX."contratdet_log as cdl, ".MAIN_DB_PREFIX."contratdet as cd"; - $sql.= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".$this->id; + $sql.= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".((int) $this->id); */ $sql = "SELECT cdl.rowid as cdlrowid "; $sql .= " FROM ".MAIN_DB_PREFIX."contratdet_log as cdl, ".MAIN_DB_PREFIX."contratdet as cd"; - $sql .= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".$this->id; + $sql .= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".((int) $this->id); dol_syslog(get_class($this)."::delete contratdet_log", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1188,7 +1188,7 @@ class Contrat extends CommonObject // Delete contratdet extrafields $main = MAIN_DB_PREFIX.'contratdet'; $ef = $main."_extrafields"; - $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_contrat = ".$this->id.")"; + $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_contrat = ".((int) $this->id).")"; dol_syslog(get_class($this)."::delete contratdet_extrafields", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1201,7 +1201,7 @@ class Contrat extends CommonObject if (!$error) { // Delete contratdet $sql = "DELETE FROM ".MAIN_DB_PREFIX."contratdet"; - $sql .= " WHERE fk_contrat=".$this->id; + $sql .= " WHERE fk_contrat=".((int) $this->id); dol_syslog(get_class($this)."::delete contratdet", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1213,7 +1213,7 @@ class Contrat extends CommonObject // Delete llx_ecm_files if (!$error) { - $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".$this->id; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); @@ -2105,7 +2105,7 @@ class Contrat extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."contratdet as cd"; $sql .= " WHERE fk_contrat =".$this->id; if ($status >= 0) { - $sql .= " AND statut = ".$status; + $sql .= " AND statut = ".((int) $status); } dol_syslog(get_class($this)."::array_detail()", LOG_DEBUG); @@ -2205,12 +2205,12 @@ class Contrat extends CommonObject //$sql.= " AND cd.date_fin_validite < '".$this->db->idate($datetouse)."'"; } $sql .= " AND c.fk_soc = s.rowid"; - $sql .= " AND c.entity = ".$conf->entity; + $sql .= " AND c.entity = ".((int) $conf->entity); if ($user->socid) { - $sql .= " AND c.fk_soc = ".$user->socid; + $sql .= " AND c.fk_soc = ".((int) $user->socid); } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $this->db->query($sql); @@ -2279,7 +2279,7 @@ class Contrat extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." c.entity = ".$conf->entity; @@ -3120,7 +3120,7 @@ class ContratLigne extends CommonObjectLine if ($this->date_ouverture_prevue != $this->oldcopy->date_ouverture_prevue) { $sql = 'UPDATE '.MAIN_DB_PREFIX.'contratdet SET'; $sql .= " date_ouverture_prevue = ".($this->date_ouverture_prevue != '' ? "'".$this->db->idate($this->date_ouverture_prevue)."'" : "null"); - $sql .= " WHERE fk_contrat = ".$this->fk_contrat; + $sql .= " WHERE fk_contrat = ".((int) $this->fk_contrat); $resql = $this->db->query($sql); if (!$resql) { @@ -3131,7 +3131,7 @@ class ContratLigne extends CommonObjectLine if ($this->date_fin_validite != $this->oldcopy->date_fin_validite) { $sql = 'UPDATE '.MAIN_DB_PREFIX.'contratdet SET'; $sql .= " date_fin_validite = ".($this->date_fin_validite != '' ? "'".$this->db->idate($this->date_fin_validite)."'" : "null"); - $sql .= " WHERE fk_contrat = ".$this->fk_contrat; + $sql .= " WHERE fk_contrat = ".((int) $this->fk_contrat); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/contrat/index.php b/htdocs/contrat/index.php index a5e3da943b7..cc3bc87ca54 100644 --- a/htdocs/contrat/index.php +++ b/htdocs/contrat/index.php @@ -102,7 +102,7 @@ if ($user->socid) { $sql .= ' AND c.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY cd.statut"; $resql = $db->query($sql); @@ -139,7 +139,7 @@ if ($user->socid) { $sql .= ' AND c.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY cd.statut"; $resql = $db->query($sql); @@ -247,7 +247,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire) { $sql .= " AND c.entity IN (".getEntity('contract', 0).")"; $sql .= " AND c.statut = 0"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -320,7 +320,7 @@ $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('contract', 0).")"; $sql .= " AND c.statut > 0"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -395,7 +395,7 @@ $sql .= " WHERE c.entity IN (".getEntity('contract', 0).")"; $sql .= " AND cd.fk_contrat = c.rowid"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -477,7 +477,7 @@ $sql .= " AND cd.statut = 0"; $sql .= " AND cd.fk_contrat = c.rowid"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -559,7 +559,7 @@ $sql .= " AND cd.date_fin_validite < '".$db->idate($now)."'"; $sql .= " AND cd.fk_contrat = c.rowid"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php index a744b2c1bf7..9062bb9fd9c 100644 --- a/htdocs/contrat/list.php +++ b/htdocs/contrat/list.php @@ -7,7 +7,8 @@ * Copyright (C) 2015 Claudio Aschieri * Copyright (C) 2015 Jean-François Ferry * Copyright (C) 2016-2018 Ferran Marcet - * Copyright (C) 2019 Nicolas ZABOURI + * Copyright (C) 2019 Nicolas Zabouri + * Copyright (C) 2021 Alexandre Spangaro * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -66,9 +67,14 @@ $search_product_category = GETPOST('search_product_category', 'int'); $search_dfmonth = GETPOST('search_dfmonth', 'int'); $search_dfyear = GETPOST('search_dfyear', 'int'); $search_op2df = GETPOST('search_op2df', 'alpha'); -$day = GETPOST("day", "int"); -$year = GETPOST("year", "int"); -$month = GETPOST("month", "int"); +$search_date_startday = GETPOST('search_date_startday', 'int'); +$search_date_startmonth = GETPOST('search_date_startmonth', 'int'); +$search_date_startyear = GETPOST('search_date_startyear', 'int'); +$search_date_endday = GETPOST('search_date_endday', 'int'); +$search_date_endmonth = GETPOST('search_date_endmonth', 'int'); +$search_date_endyear = GETPOST('search_date_endyear', 'int'); +$search_date_start = dol_mktime(0, 0, 0, $search_date_startmonth, $search_date_startday, $search_date_startyear); // Use tzserver +$search_date_end = dol_mktime(23, 59, 59, $search_date_endmonth, $search_date_endday, $search_date_endyear); $optioncss = GETPOST('optioncss', 'alpha'); @@ -171,9 +177,6 @@ include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php'; // Purge search criteria if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All test are required to be compatible with all browsers - $day = ''; - $month = ''; - $year = ''; $search_dfmonth = ''; $search_dfyear = ''; $search_op2df = ''; @@ -190,6 +193,14 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x' $search_user = ''; $search_sale = ''; $search_product_category = ''; + $search_date_startday = ''; + $search_date_startmonth = ''; + $search_date_startyear = ''; + $search_date_endday = ''; + $search_date_endmonth = ''; + $search_date_endyear = ''; + $search_date_start = ''; + $search_date_end = ''; $sall = ""; $search_status = ""; $toselect = ''; @@ -271,9 +282,14 @@ if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); +} +if ($search_date_start) { + $sql .= " AND c.date_contrat >= '".$db->idate($search_date_start)."'"; +} +if ($search_date_end) { + $sql .= " AND c.date_contrat <= '".$db->idate($search_date_end)."'"; } -$sql .= dolSqlDateFilter('c.date_contrat', $day, $month, $year); if ($search_name) { $sql .= natural_search('s.nom', $search_name); } @@ -415,6 +431,24 @@ if ($search_ref_supplier != '') { if ($search_op2df != '') { $param .= '&search_op2df='.urlencode($search_op2df); } +if ($search_date_startday) { + $param .= '&search_date_startday='.urlencode($search_date_startday); +} +if ($search_date_startmonth) { + $param .= '&search_date_startmonth='.urlencode($search_date_startmonth); +} +if ($search_date_startyear) { + $param .= '&search_date_startyear='.urlencode($search_date_startyear); +} +if ($search_date_endday) { + $param .= '&search_date_endday='.urlencode($search_date_endday); +} +if ($search_date_endmonth) { + $param .= '&search_date_endmonth='.urlencode($search_date_endmonth); +} +if ($search_date_endyear) { + $param .= '&search_date_endyear='.urlencode($search_date_endyear); +} if ($search_dfyear != '') { $param .= '&search_dfyear='.urlencode($search_dfyear); } @@ -594,16 +628,13 @@ if (!empty($arrayfields['sale_representative']['checked'])) { print ''; } if (!empty($arrayfields['c.date_contrat']['checked'])) { - // Date contract - print ''; - //print $langs->trans('Month').': '; - if (!empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) { - print ''; - } - print ''; - //print ' '.$langs->trans('Year').': '; - $syear = $year; - print $formother->selectyear($syear, 'year', 1, 20, 5); + print ''; + print '
'; + print $form->selectDate($search_date_start ? $search_date_start : -1, 'search_date_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From')); + print '
'; + print '
'; + print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to')); + print '
'; print ''; } // Extra fields diff --git a/htdocs/contrat/services_list.php b/htdocs/contrat/services_list.php index d4ab03b9800..d98aca0927d 100644 --- a/htdocs/contrat/services_list.php +++ b/htdocs/contrat/services_list.php @@ -262,7 +262,7 @@ if ($search_product_category > 0) { } $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($mode == "0") { $sql .= " AND cd.statut = 0"; diff --git a/htdocs/core/boxes/box_actions.php b/htdocs/core/boxes/box_actions.php index 121137fd1a6..64a2314560c 100644 --- a/htdocs/core/boxes/box_actions.php +++ b/htdocs/core/boxes/box_actions.php @@ -100,13 +100,13 @@ class box_actions extends ModeleBoxes $sql .= " AND a.entity IN (".getEntity('actioncomm').")"; $sql .= " AND a.percent >= 0 AND a.percent < 100"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!$user->rights->agenda->allactions->read) { - $sql .= " AND (a.fk_user_author = ".$user->id." OR a.fk_user_action = ".$user->id." OR a.fk_user_done = ".$user->id.")"; + $sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id).")"; } $sql .= " ORDER BY a.datec DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_activity.php b/htdocs/core/boxes/box_activity.php index 18c1f28c590..a858111d76d 100644 --- a/htdocs/core/boxes/box_activity.php +++ b/htdocs/core/boxes/box_activity.php @@ -120,10 +120,10 @@ class box_activity extends ModeleBoxes $sql .= " WHERE p.entity IN (".getEntity('propal').")"; $sql .= " AND p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " AND p.datep >= '".$this->db->idate($tmpdate)."'"; $sql .= " AND p.date_cloture IS NULL"; // just unclosed @@ -210,10 +210,10 @@ class box_activity extends ModeleBoxes $sql .= " WHERE c.entity IN (".getEntity('commande').")"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " AND c.date_commande >= '".$this->db->idate($tmpdate)."'"; $sql .= " GROUP BY c.fk_statut"; @@ -297,10 +297,10 @@ class box_activity extends ModeleBoxes $sql .= ")"; $sql .= " WHERE f.entity IN (".getEntity('invoice').')'; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.datef >= '".$this->db->idate($tmpdate)."' AND f.paye=1"; diff --git a/htdocs/core/boxes/box_clients.php b/htdocs/core/boxes/box_clients.php index 3c83d7521f2..995f017f5f1 100644 --- a/htdocs/core/boxes/box_clients.php +++ b/htdocs/core/boxes/box_clients.php @@ -98,10 +98,10 @@ class box_clients extends ModeleBoxes $sql .= " WHERE s.client IN (1, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY s.tms DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_commandes.php b/htdocs/core/boxes/box_commandes.php index 6583673f8ca..4d47f703fff 100644 --- a/htdocs/core/boxes/box_commandes.php +++ b/htdocs/core/boxes/box_commandes.php @@ -110,10 +110,10 @@ class box_commandes extends ModeleBoxes $sql .= " AND c.fk_statut = 1"; } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY c.date_commande DESC, c.ref DESC "; diff --git a/htdocs/core/boxes/box_comptes.php b/htdocs/core/boxes/box_comptes.php index 7166ebb713e..f42b7a2ef7c 100644 --- a/htdocs/core/boxes/box_comptes.php +++ b/htdocs/core/boxes/box_comptes.php @@ -122,7 +122,12 @@ class box_comptes extends ModeleBoxes $account_static->accountancy_journal = $objp->accountancy_journal; $solde = $account_static->solde(0); - $solde_total[$objp->currency_code] += $solde; + if (!array_key_exists($objp->currency_code, $solde_total)) { + $solde_total[$objp->currency_code] = $solde; + } else { + $solde_total[$objp->currency_code] += $solde; + } + $this->info_box_contents[$line][] = array( 'td' => '', diff --git a/htdocs/core/boxes/box_contacts.php b/htdocs/core/boxes/box_contacts.php index fada6a93bfd..6aefc1f2d74 100644 --- a/htdocs/core/boxes/box_contacts.php +++ b/htdocs/core/boxes/box_contacts.php @@ -98,10 +98,10 @@ class box_contacts extends ModeleBoxes } $sql .= " WHERE sp.entity IN (".getEntity('socpeople').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND sp.fk_soc = ".$user->socid; + $sql .= " AND sp.fk_soc = ".((int) $user->socid); } $sql .= " ORDER BY sp.tms DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_contracts.php b/htdocs/core/boxes/box_contracts.php index 9d7b625db91..9bb794b94fa 100644 --- a/htdocs/core/boxes/box_contracts.php +++ b/htdocs/core/boxes/box_contracts.php @@ -92,10 +92,10 @@ class box_contracts extends ModeleBoxes $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (! empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY c.date_contrat DESC, c.ref DESC "; diff --git a/htdocs/core/boxes/box_customers_outstanding_bill_reached.php b/htdocs/core/boxes/box_customers_outstanding_bill_reached.php index d0117526515..b61fe66f064 100644 --- a/htdocs/core/boxes/box_customers_outstanding_bill_reached.php +++ b/htdocs/core/boxes/box_customers_outstanding_bill_reached.php @@ -99,7 +99,7 @@ class box_customers_outstanding_bill_reached extends ModeleBoxes $sql .= " WHERE s.client IN (1, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { $sql .= " AND s.rowid = $user->socid"; diff --git a/htdocs/core/boxes/box_factures.php b/htdocs/core/boxes/box_factures.php index 12382ccb583..6bdeabda212 100644 --- a/htdocs/core/boxes/box_factures.php +++ b/htdocs/core/boxes/box_factures.php @@ -107,10 +107,10 @@ class box_factures extends ModeleBoxes $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY f.datef DESC, f.ref DESC "; diff --git a/htdocs/core/boxes/box_factures_fourn.php b/htdocs/core/boxes/box_factures_fourn.php index a5d63c7b9c3..70640efeb78 100644 --- a/htdocs/core/boxes/box_factures_fourn.php +++ b/htdocs/core/boxes/box_factures_fourn.php @@ -106,10 +106,10 @@ class box_factures_fourn extends ModeleBoxes $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= " AND f.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY f.datef DESC, f.ref DESC "; diff --git a/htdocs/core/boxes/box_factures_fourn_imp.php b/htdocs/core/boxes/box_factures_fourn_imp.php index 9c35055011d..74f9a3a46aa 100644 --- a/htdocs/core/boxes/box_factures_fourn_imp.php +++ b/htdocs/core/boxes/box_factures_fourn_imp.php @@ -92,6 +92,7 @@ class box_factures_fourn_imp extends ModeleBoxes $sql .= ", f.tva as total_tva"; $sql .= ", f.total_ttc"; $sql .= ", f.paye, f.fk_statut as status, f.type"; + $sql .= ", f.tms"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ",".MAIN_DB_PREFIX."facture_fourn as f"; if (!$user->rights->societe->client->voir && !$user->socid) { @@ -102,10 +103,10 @@ class box_factures_fourn_imp extends ModeleBoxes $sql .= " AND f.paye = 0"; $sql .= " AND fk_statut = 1"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY datelimite DESC, f.ref_supplier DESC "; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_factures_imp.php b/htdocs/core/boxes/box_factures_imp.php index 400ae910749..3b6e857b058 100644 --- a/htdocs/core/boxes/box_factures_imp.php +++ b/htdocs/core/boxes/box_factures_imp.php @@ -110,10 +110,10 @@ class box_factures_imp extends ModeleBoxes $sql .= " AND f.paye = 0"; $sql .= " AND fk_statut = 1"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " GROUP BY s.rowid, s.nom, s.name_alias, s.code_client, s.code_compta, s.client, s.logo, s.email, s.entity, s.tva_intra, s.siren, s.siret, s.ape, s.idprof4, s.idprof5, s.idprof6,"; $sql .= " f.ref, f.date_lim_reglement,"; diff --git a/htdocs/core/boxes/box_ficheinter.php b/htdocs/core/boxes/box_ficheinter.php index 7179be0cfbb..3b62361343a 100644 --- a/htdocs/core/boxes/box_ficheinter.php +++ b/htdocs/core/boxes/box_ficheinter.php @@ -96,10 +96,10 @@ class box_ficheinter extends ModeleBoxes $sql .= " WHERE f.fk_soc = s.rowid "; $sql .= " AND f.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY f.tms DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_fournisseurs.php b/htdocs/core/boxes/box_fournisseurs.php index b0d5a0774fc..c0516c1cf4c 100644 --- a/htdocs/core/boxes/box_fournisseurs.php +++ b/htdocs/core/boxes/box_fournisseurs.php @@ -93,10 +93,10 @@ class box_fournisseurs extends ModeleBoxes $sql .= " WHERE s.fournisseur = 1"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY s.tms DESC "; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_last_modified_ticket.php b/htdocs/core/boxes/box_last_modified_ticket.php index 33d2bab0485..57e54594255 100644 --- a/htdocs/core/boxes/box_last_modified_ticket.php +++ b/htdocs/core/boxes/box_last_modified_ticket.php @@ -94,14 +94,14 @@ class box_last_modified_ticket extends ModeleBoxes $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid=t.fk_soc"; - $sql .= " WHERE t.entity = ".$conf->entity; + $sql .= " WHERE t.entity IN (".getEntity('ticket').')'; // $sql.= " AND e.rowid = er.fk_event"; - //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); if ($user->socid) { - $sql .= " AND t.fk_soc= ".$user->socid; + $sql .= " AND t.fk_soc = ".((int) $user->socid); } - $sql .= " ORDER BY t.tms DESC, t.rowid DESC "; + $sql .= " ORDER BY t.tms DESC, t.rowid DESC"; $sql .= $this->db->plimit($max, 0); $resql = $this->db->query($sql); diff --git a/htdocs/core/boxes/box_last_ticket.php b/htdocs/core/boxes/box_last_ticket.php index e08a54f1c87..39086464f73 100644 --- a/htdocs/core/boxes/box_last_ticket.php +++ b/htdocs/core/boxes/box_last_ticket.php @@ -93,12 +93,11 @@ class box_last_ticket extends ModeleBoxes $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_category as category ON category.code=t.category_code"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid=t.fk_soc"; - - $sql .= " WHERE t.entity = ".$conf->entity; + $sql .= " WHERE t.entity IN (".getEntity('ticket').")"; // $sql.= " AND e.rowid = er.fk_event"; - //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); if ($user->socid) { - $sql .= " AND t.fk_soc= ".$user->socid; + $sql .= " AND t.fk_soc= ".((int) $user->socid); } //$sql.= " AND t.fk_statut > 9"; diff --git a/htdocs/core/boxes/box_project.php b/htdocs/core/boxes/box_project.php index 9f1204c4dc4..f14ab699690 100644 --- a/htdocs/core/boxes/box_project.php +++ b/htdocs/core/boxes/box_project.php @@ -136,8 +136,9 @@ class box_project extends ModeleBoxes $sql = "SELECT count(*) as nb, sum(progress) as totprogress"; $sql .= " FROM ".MAIN_DB_PREFIX."projet as p LEFT JOIN ".MAIN_DB_PREFIX."projet_task as pt on pt.fk_projet = p.rowid"; - $sql .= " WHERE p.entity IN (".getEntity('project').')'; - $sql .= " AND p.rowid = ".$objp->rowid; + $sql .= " WHERE p.entity IN (".getEntity('project').')'; + $sql .= " AND p.rowid = ".((int) $objp->rowid); + $resultTask = $this->db->query($sql); if ($resultTask) { $objTask = $this->db->fetch_object($resultTask); diff --git a/htdocs/core/boxes/box_propales.php b/htdocs/core/boxes/box_propales.php index 9c6376351e7..6599116a980 100644 --- a/htdocs/core/boxes/box_propales.php +++ b/htdocs/core/boxes/box_propales.php @@ -96,10 +96,10 @@ class box_propales extends ModeleBoxes $sql .= " WHERE p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('propal').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY p.datep DESC, p.ref DESC "; diff --git a/htdocs/core/boxes/box_prospect.php b/htdocs/core/boxes/box_prospect.php index 7489cc997ea..06d42e34b18 100644 --- a/htdocs/core/boxes/box_prospect.php +++ b/htdocs/core/boxes/box_prospect.php @@ -99,10 +99,10 @@ class box_prospect extends ModeleBoxes $sql .= " WHERE s.client IN (2, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY s.tms DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_services_contracts.php b/htdocs/core/boxes/box_services_contracts.php index 98e2b82bb37..320932a0c6f 100644 --- a/htdocs/core/boxes/box_services_contracts.php +++ b/htdocs/core/boxes/box_services_contracts.php @@ -96,12 +96,12 @@ class box_services_contracts extends ModeleBoxes $sql .= " INNER JOIN ".MAIN_DB_PREFIX."contratdet as cd ON c.rowid = cd.fk_contrat"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= ")"; $sql .= " WHERE c.entity = ".$conf->entity; if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= $this->db->order("c.tms", "DESC"); $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_services_expired.php b/htdocs/core/boxes/box_services_expired.php index 75cc1cde413..95086cdf2a3 100644 --- a/htdocs/core/boxes/box_services_expired.php +++ b/htdocs/core/boxes/box_services_expired.php @@ -96,7 +96,7 @@ class box_services_expired extends ModeleBoxes $sql .= ' AND c.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY c.rowid, c.ref, c.statut, c.date_contrat, c.ref_customer, c.ref_supplier, s.nom, s.rowid"; $sql .= ", s.email, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur"; diff --git a/htdocs/core/boxes/box_shipments.php b/htdocs/core/boxes/box_shipments.php index abb639ddb94..2b6adfe3bdc 100644 --- a/htdocs/core/boxes/box_shipments.php +++ b/htdocs/core/boxes/box_shipments.php @@ -109,10 +109,10 @@ class box_shipments extends ModeleBoxes $sql .= " AND e.fk_statut = 1"; } if ($user->socid > 0) { - $sql.= " AND s.rowid = ".$user->socid; + $sql.= " AND s.rowid = ".((int) $user->socid); } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } else { $sql .= " ORDER BY e.date_delivery, e.ref DESC "; } diff --git a/htdocs/core/boxes/box_supplier_orders.php b/htdocs/core/boxes/box_supplier_orders.php index 0c2b97ce6b5..b3451d9b6c3 100644 --- a/htdocs/core/boxes/box_supplier_orders.php +++ b/htdocs/core/boxes/box_supplier_orders.php @@ -98,10 +98,10 @@ class box_supplier_orders extends ModeleBoxes $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('supplier_order').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY c.date_commande DESC, c.ref DESC "; diff --git a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php index 04dabbd0ff3..8125a848fd0 100644 --- a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php +++ b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php @@ -99,10 +99,10 @@ class box_supplier_orders_awaiting_reception extends ModeleBoxes $sql .= " AND c.entity IN (".getEntity('supplier_order').")"; $sql .= " AND c.fk_statut IN (".CommandeFournisseur::STATUS_ORDERSENT.", ".CommandeFournisseur::STATUS_RECEIVED_PARTIALLY.")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY c.date_commande DESC, c.ref DESC"; diff --git a/htdocs/core/boxes/box_validated_projects.php b/htdocs/core/boxes/box_validated_projects.php index 66a4f76f1b3..f1fb55878aa 100644 --- a/htdocs/core/boxes/box_validated_projects.php +++ b/htdocs/core/boxes/box_validated_projects.php @@ -118,7 +118,7 @@ class box_validated_projects extends ModeleBoxes if ($projectsListId) { $sql .= ' AND p.rowid IN ('.$this->db->sanitize($projectsListId).')'; // Only project we ara allowed } - $sql .= " AND t.rowid NOT IN (SELECT fk_task FROM ".MAIN_DB_PREFIX."projet_task_time WHERE fk_user =".$user->id.")"; + $sql .= " AND t.rowid NOT IN (SELECT fk_task FROM ".MAIN_DB_PREFIX."projet_task_time WHERE fk_user = ".((int) $user->id).")"; $sql .= " GROUP BY p.rowid, p.ref, p.fk_soc, p.dateo"; $sql .= " ORDER BY p.dateo ASC"; diff --git a/htdocs/core/class/commoninvoice.class.php b/htdocs/core/class/commoninvoice.class.php index 81f2b529f1d..605ffec63bd 100644 --- a/htdocs/core/class/commoninvoice.class.php +++ b/htdocs/core/class/commoninvoice.class.php @@ -462,7 +462,7 @@ abstract class CommonInvoice extends CommonObject $type = 'supplier_invoice'; } - $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->id; + $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 4d3c39027ac..a7049ea5a76 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1843,7 +1843,7 @@ abstract class CommonObject if (!empty($element)) { $sql .= " AND entity IN (".getEntity($element).")"; } else { - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); } dol_syslog(get_class($this).'::fetchObjectFrom', LOG_DEBUG); @@ -1992,7 +1992,7 @@ abstract class CommonObject /** * Load properties id_previous and id_next by comparing $fieldid with $this->ref * - * @param string $filter Optional filter. Example: " AND (t.field1 = 'aa' OR t.field2 = 'bb')" + * @param string $filter Optional filter. Example: " AND (t.field1 = 'aa' OR t.field2 = 'bb')". Do not allow user input data here. * @param string $fieldid Name of field to use for the select MAX and MIN * @param int $nodbprefix Do not include DB prefix to forge table name * @return int <0 if KO, >0 if OK @@ -2041,10 +2041,10 @@ abstract class CommonObject } $sql .= " WHERE te.".$fieldid." < '".$this->db->escape($fieldid == 'rowid' ? $this->id : $this->ref)."'"; // ->ref must always be defined (set to id if field does not exists) if ($restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } if ($restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (sc.fk_user = ".$user->id.' OR te.fk_soc IS NULL)'; + $sql .= " AND (sc.fk_user = ".((int) $user->id).' OR te.fk_soc IS NULL)'; } if (!empty($filter)) { if (!preg_match('/^\s*AND/i', $filter)) { @@ -2111,10 +2111,10 @@ abstract class CommonObject } $sql .= " WHERE te.".$fieldid." > '".$this->db->escape($fieldid == 'rowid' ? $this->id : $this->ref)."'"; // ->ref must always be defined (set to id if field does not exists) if ($restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } if ($restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (sc.fk_user = ".$user->id.' OR te.fk_soc IS NULL)'; + $sql .= " AND (sc.fk_user = ".((int) $user->id).' OR te.fk_soc IS NULL)'; } if (!empty($filter)) { if (!preg_match('/^\s*AND/i', $filter)) { @@ -3899,14 +3899,14 @@ abstract class CommonObject $sql = "UPDATE " . MAIN_DB_PREFIX . "element_element SET "; if ($updatesource) { - $sql .= "fk_source = " . $sourceid; + $sql .= "fk_source = " . ((int) $sourceid); $sql .= ", sourcetype = '" . $this->db->escape($sourcetype) . "'"; - $sql .= " WHERE fk_target = " . $this->id; + $sql .= " WHERE fk_target = " . ((int) $this->id); $sql .= " AND targettype = '" . $this->db->escape($this->element) . "'"; } elseif ($updatetarget) { - $sql .= "fk_target = " . $targetid; + $sql .= "fk_target = " . ((int) $targetid); $sql .= ", targettype = '" . $this->db->escape($targettype) . "'"; - $sql .= " WHERE fk_source = " . $this->id; + $sql .= " WHERE fk_source = " . ((int) $this->id); $sql .= " AND sourcetype = '" . $this->db->escape($this->element) . "'"; } @@ -3992,15 +3992,15 @@ abstract class CommonObject $sql .= " rowid = " . ((int) $rowid); } else { if ($deletesource) { - $sql .= " fk_source = " . $sourceid . " AND sourcetype = '" . $this->db->escape($sourcetype) . "'"; - $sql .= " AND fk_target = " . $this->id . " AND targettype = '" . $this->db->escape($this->element) . "'"; + $sql .= " fk_source = " . ((int) $sourceid) . " AND sourcetype = '" . $this->db->escape($sourcetype) . "'"; + $sql .= " AND fk_target = " . ((int) $this->id) . " AND targettype = '" . $this->db->escape($this->element) . "'"; } elseif ($deletetarget) { - $sql .= " fk_target = " . $targetid . " AND targettype = '" . $this->db->escape($targettype) . "'"; - $sql .= " AND fk_source = " . $this->id . " AND sourcetype = '" . $this->db->escape($this->element) . "'"; + $sql .= " fk_target = " . ((int) $targetid) . " AND targettype = '" . $this->db->escape($targettype) . "'"; + $sql .= " AND fk_source = " . ((int) $this->id) . " AND sourcetype = '" . $this->db->escape($this->element) . "'"; } else { - $sql .= " (fk_source = " . $this->id . " AND sourcetype = '" . $this->db->escape($this->element) . "')"; + $sql .= " (fk_source = " . ((int) $this->id) . " AND sourcetype = '" . $this->db->escape($this->element) . "')"; $sql .= " OR"; - $sql .= " (fk_target = " . $this->id . " AND targettype = '" . $this->db->escape($this->element) . "')"; + $sql .= " (fk_target = " . ((int) $this->id) . " AND targettype = '" . $this->db->escape($this->element) . "')"; } } @@ -5506,7 +5506,7 @@ abstract class CommonObject $sql = "SELECT rowid, property, lang , value"; $sql .= " FROM ".MAIN_DB_PREFIX."object_lang"; $sql .= " WHERE type_object = '".$this->db->escape($element)."'"; - $sql .= " AND fk_object = ".$this->id; + $sql .= " AND fk_object = ".((int) $this->id); //dol_syslog(get_class($this)."::fetch_optionals get extrafields data for ".$this->table_element, LOG_DEBUG); // Too verbose $resql = $this->db->query($sql); @@ -5783,7 +5783,7 @@ abstract class CommonObject dol_syslog(get_class($this)."::deleteExtraFields delete", LOG_DEBUG); - $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".$this->id; + $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".((int) $this->id); $resql = $this->db->query($sql_del); if (!$resql) { @@ -5983,7 +5983,7 @@ abstract class CommonObject dol_syslog(get_class($this)."::insertExtraFields delete then insert", LOG_DEBUG); - $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".$this->id; + $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".((int) $this->id); $this->db->query($sql_del); $sql = "INSERT INTO ".MAIN_DB_PREFIX.$table_element."_extrafields (fk_object"; @@ -9509,7 +9509,7 @@ abstract class CommonObject // Delete ecm_files extrafields $sql = "DELETE FROM ".MAIN_DB_PREFIX."ecm_files_extrafields WHERE fk_object IN ("; $sql .= " SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE filename LIKE '".$this->db->escape($this->ref)."%'"; - $sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".$conf->entity; // No need of getEntity here + $sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".((int) $conf->entity); // No need of getEntity here $sql .= ")"; if (!$this->db->query($sql)) { @@ -9521,7 +9521,7 @@ abstract class CommonObject // Delete ecm_files $sql = "DELETE FROM ".MAIN_DB_PREFIX."ecm_files"; $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%'"; - $sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".$conf->entity; // No need of getEntity here + $sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".((int) $conf->entity); // No need of getEntity here if (!$this->db->query($sql)) { $this->error = $this->db->lasterror(); @@ -9533,7 +9533,7 @@ abstract class CommonObject // Delete in database with mode 1 if ($mode == 1) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files_extrafields"; - $sql .= " WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".$this->id.")"; + $sql .= " WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id).")"; $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php index 2aa829f4090..eaf4bc511c8 100644 --- a/htdocs/core/class/discount.class.php +++ b/htdocs/core/class/discount.class.php @@ -144,7 +144,7 @@ class DiscountAbsolute $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_fourn as fsup ON sr.fk_invoice_supplier_source = fsup.rowid"; $sql .= " WHERE sr.entity IN (".getEntity('invoice').")"; if ($rowid) { - $sql .= " AND sr.rowid=".((int) $rowid); + $sql .= " AND sr.rowid = ".((int) $rowid); } if ($fk_facture_source) { $sql .= " AND sr.fk_facture_source = ".((int) $fk_facture_source); @@ -315,7 +315,7 @@ class DiscountAbsolute $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except"; $sql .= " WHERE (fk_invoice_supplier_line IS NOT NULL"; // Not used as absolute simple discount $sql .= " OR fk_invoice_supplier IS NOT NULL)"; // Not used as credit note and not used as deposit - $sql .= " AND fk_invoice_supplier_source = ".$this->fk_invoice_supplier_source; + $sql .= " AND fk_invoice_supplier_source = ".((int) $this->fk_invoice_supplier_source); //$sql.=" AND rowid != ".$this->id; dol_syslog(get_class($this)."::delete Check if we can remove discount", LOG_DEBUG); @@ -355,7 +355,7 @@ class DiscountAbsolute if ($this->fk_facture_source) { $sql = "UPDATE ".MAIN_DB_PREFIX."facture"; $sql .= " set paye=0, fk_statut=1"; - $sql .= " WHERE (type = 2 or type = 3) AND rowid=".$this->fk_facture_source; + $sql .= " WHERE (type = 2 or type = 3) AND rowid = ".((int) $this->fk_facture_source); dol_syslog(get_class($this)."::delete Update credit note or deposit invoice statut", LOG_DEBUG); $result = $this->db->query($sql); @@ -370,7 +370,7 @@ class DiscountAbsolute } elseif ($this->fk_invoice_supplier_source) { $sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn"; $sql .= " set paye=0, fk_statut=1"; - $sql .= " WHERE (type = 2 or type = 3) AND rowid=".$this->fk_invoice_supplier_source; + $sql .= " WHERE (type = 2 or type = 3) AND rowid = ".((int) $this->fk_invoice_supplier_source); dol_syslog(get_class($this)."::delete Update credit note or deposit invoice statut", LOG_DEBUG); $result = $this->db->query($sql); @@ -488,7 +488,7 @@ class DiscountAbsolute * * @param Societe $company Object third party for filter * @param User $user Filtre sur un user auteur des remises - * @param string $filter Filtre autre + * @param string $filter Filter other. Warning: Do not use a user input value here. * @param int $maxvalue Filter on max value for discount * @param int $discount_type 0 => customer discount, 1 => supplier discount * @param int $multicurrency Return multicurrency_amount instead of amount @@ -503,17 +503,17 @@ class DiscountAbsolute $sql = "SELECT SUM(rc.amount_ttc) as amount, SUM(rc.multicurrency_amount_ttc) as multicurrency_amount"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql .= " WHERE rc.entity = ".$conf->entity; - $sql .= " AND rc.discount_type=".intval($discount_type); + $sql .= " AND rc.discount_type=".((int) $discount_type); if (!empty($discount_type)) { $sql .= " AND (rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_line IS NULL)"; // Available from supplier } else { $sql .= " AND (rc.fk_facture IS NULL AND rc.fk_facture_line IS NULL)"; // Available to customer } if (is_object($company)) { - $sql .= " AND rc.fk_soc = ".$company->id; + $sql .= " AND rc.fk_soc = ".((int) $company->id); } if (is_object($user)) { - $sql .= " AND rc.fk_user = ".$user->id; + $sql .= " AND rc.fk_user = ".((int) $user->id); } if ($filter) { $sql .= ' AND ('.$filter.')'; diff --git a/htdocs/core/class/hookmanager.class.php b/htdocs/core/class/hookmanager.class.php index 45643e26e4c..345de3f5be5 100644 --- a/htdocs/core/class/hookmanager.class.php +++ b/htdocs/core/class/hookmanager.class.php @@ -160,7 +160,7 @@ class HookManager //dol_syslog(get_class($this).'::executeHooks method='.$method." action=".$action." context=".$parameters['context']); // Define type of hook ('output' or 'addreplace'). - // TODO Remove hooks with type 'output'. All hooks must be converted into 'addreplace' hooks. + // TODO Remove hooks with type 'output' (exemple getNomUrl). All hooks must be converted into 'addreplace' hooks. $hooktype = 'output'; if (in_array( $method, @@ -267,7 +267,7 @@ class HookManager $actionclassinstance->error = 0; $actionclassinstance->errors = array(); - dol_syslog(get_class($this)."::executeHooks Qualified hook found (hooktype=".$hooktype."). We call method ".get_class($actionclassinstance).'->'.$method.", context=".$context.", module=".$module.", action=".$action.((is_object($object) && property_exists($object, 'id')) ? ', objectid='.$object->id : ''), LOG_DEBUG); + dol_syslog(get_class($this)."::executeHooks Qualified hook found (hooktype=".$hooktype."). We call method ".get_class($actionclassinstance).'->'.$method.", context=".$context.", module=".$module.", action=".$action.((is_object($object) && property_exists($object, 'id')) ? ', object id='.$object->id : '').((is_object($object) && property_exists($object, 'element')) ? ', object element='.$object->element : ''), LOG_DEBUG); // Add current context to avoid method execution in bad context, you can add this test in your method : eg if($currentcontext != 'formfile') return; $parameters['currentcontext'] = $context; diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 07abdb4b465..8c1550bcb4c 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -1347,13 +1347,13 @@ class Form } $sql .= " WHERE s.entity IN (".getEntity('societe').")"; if (!empty($user->socid)) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if ($filter) { $sql .= " AND (".$filter.")"; } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (!empty($conf->global->COMPANY_HIDE_INACTIVE_IN_COMBOBOX)) { $sql .= " AND s.status <> 0"; @@ -1664,7 +1664,7 @@ class Form } $sql .= " WHERE sp.entity IN (".getEntity('socpeople').")"; if ($socid > 0 || $socid == -1) { - $sql .= " AND sp.fk_soc=".$socid; + $sql .= " AND sp.fk_soc = ".((int) $socid); } if (!empty($conf->global->CONTACT_HIDE_INACTIVE_IN_COMBOBOX)) { $sql .= " AND sp.statut <> 0"; @@ -2446,13 +2446,13 @@ class Form if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY) || !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) { $sql .= ", (SELECT pp.rowid FROM ".MAIN_DB_PREFIX."product_price as pp WHERE pp.fk_product = p.rowid"; if ($price_level >= 1 && !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) { - $sql .= " AND price_level=".$price_level; + $sql .= " AND price_level = ".((int) $price_level); } $sql .= " ORDER BY date_price"; $sql .= " DESC LIMIT 1) as price_rowid"; $sql .= ", (SELECT pp.price_by_qty FROM ".MAIN_DB_PREFIX."product_price as pp WHERE pp.fk_product = p.rowid"; // price_by_qty is 1 if some prices by qty exists in subtable if ($price_level >= 1 && !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) { - $sql .= " AND price_level=".$price_level; + $sql .= " AND price_level = ".((int) $price_level); } $sql .= " ORDER BY date_price"; $sql .= " DESC LIMIT 1) as price_by_qty"; @@ -2472,7 +2472,7 @@ class Form //Price by customer if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES) && !empty($socid)) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_customer_price as pcp ON pcp.fk_soc=".$socid." AND pcp.fk_product=p.rowid"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_customer_price as pcp ON pcp.fk_soc=".((int) $socid)." AND pcp.fk_product=p.rowid"; } // Units if (!empty($conf->global->PRODUCT_USE_UNITS)) { @@ -3462,7 +3462,7 @@ class Form $sql .= " WHERE pfp.entity IN (".getEntity('productsupplierprice').")"; $sql .= " AND p.tobuy = 1"; $sql .= " AND s.fournisseur = 1"; - $sql .= " AND p.rowid = ".$productid; + $sql .= " AND p.rowid = ".((int) $productid); $sql .= " ORDER BY s.nom, pfp.ref_fourn DESC"; dol_syslog(get_class($this)."::select_product_fourn_price", LOG_DEBUG); @@ -7013,14 +7013,14 @@ class Form } if ($objecttmp->ismultientitymanaged == 1 && !empty($user->socid)) { if ($objecttmp->element == 'societe') { - $sql .= " AND t.rowid = ".$user->socid; + $sql .= " AND t.rowid = ".((int) $user->socid); } else { - $sql .= " AND t.fk_soc = ".$user->socid; + $sql .= " AND t.fk_soc = ".((int) $user->socid); } } if ($objecttmp->ismultientitymanaged == 'fk_soc@societe') { if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } } } @@ -9049,7 +9049,7 @@ class Form $sql .= " AND f.fk_projet = p.rowid AND f.fk_statut=0"; //Brouillons seulement //if ($projectsListId) $sql.= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; //if ($socid == 0) $sql.= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)"; - //if ($socid > 0) $sql.= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)"; + //if ($socid > 0) $sql.= " AND (p.fk_soc=".((int) $socid)." OR p.fk_soc IS NULL)"; $sql .= " ORDER BY p.ref, f.ref ASC"; $resql = $this->db->query($sql); @@ -9250,4 +9250,52 @@ class Form return $retstring; } + + /** + * Output the buttons to submit a creation/edit form + * + * @param string $save_label Alternative label for save button + * @param string $cancel_label Alternative label for cancel button + * @param array $morefields Add additional buttons between save and cancel + * @param bool $withoutdiv Option to remove enclosing centered div + * @return string Html code with the buttons + */ + public function buttonsSaveCancel($save_label = 'Save', $cancel_label = 'Cancel', $morefields = array(), $withoutdiv = 0) + { + global $langs; + + $buttons = array(); + + $save = array( + 'name' => 'save', + 'label_key' => $save_label, + ); + + if ($save_label == 'Create' || $save_label == 'Add' ) { + $save['name'] = 'add'; + $save['label_key'] = $save_label; + } + + $cancel = array( + 'name' => 'cancel', + 'label_key' => 'Cancel', + ); + + !empty($save_label) ? $buttons[] = $save : ''; + + if (!empty($morefields)) { + $buttons[] = $morefields; + } + + !empty($cancel_label) ? $buttons[] = $cancel : ''; + + $retstring = $withoutdiv ? '': '
'; + + foreach ($buttons as $button) { + $retstring .= ''; + } + $retstring .= $withoutdiv ? '': '
'; + + return $retstring; + } } diff --git a/htdocs/core/class/html.formcontract.class.php b/htdocs/core/class/html.formcontract.class.php index eb0f1baaef1..5db615f4654 100644 --- a/htdocs/core/class/html.formcontract.class.php +++ b/htdocs/core/class/html.formcontract.class.php @@ -80,7 +80,7 @@ class FormContract if ($socid > 0) { // CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY is 'all' or a list of ids separated by coma. if (empty($conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY)) { - $sql .= " AND (c.fk_soc=".$socid." OR c.fk_soc IS NULL)"; + $sql .= " AND (c.fk_soc=".((int) $socid)." OR c.fk_soc IS NULL)"; } elseif ($conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY != 'all') { $sql .= " AND (c.fk_soc IN (".$this->db->sanitize($socid.", ".$conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY).") "; $sql .= " OR c.fk_soc IS NULL)"; diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php index 9da814f3369..3dc2743adf1 100644 --- a/htdocs/core/class/html.formmail.class.php +++ b/htdocs/core/class/html.formmail.class.php @@ -1276,7 +1276,7 @@ class FormMail extends Form $sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates'; $sql .= " WHERE (type_template='".$db->escape($type_template)."' OR type_template='all')"; $sql .= " AND entity IN (".getEntity('c_email_templates').")"; - $sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // Get all public or private owned + $sql .= " AND (private = 0 OR fk_user = ".((int) $user->id).")"; // Get all public or private owned if ($active >= 0) { $sql .= " AND active = ".((int) $active); } @@ -1399,7 +1399,7 @@ class FormMail extends Form $sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates'; $sql .= " WHERE type_template='".$this->db->escape($type_template)."'"; $sql .= " AND entity IN (".getEntity('c_email_templates').")"; - $sql .= " AND (fk_user is NULL or fk_user = 0 or fk_user = ".$user->id.")"; + $sql .= " AND (fk_user is NULL or fk_user = 0 or fk_user = ".((int) $user->id).")"; if (is_object($outputlangs)) { $sql .= " AND (lang = '".$this->db->escape($outputlangs->defaultlang)."' OR lang IS NULL OR lang = '')"; } @@ -1435,7 +1435,7 @@ class FormMail extends Form $sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates'; $sql .= " WHERE type_template IN ('".$this->db->escape($type_template)."', 'all')"; $sql .= " AND entity IN (".getEntity('c_email_templates').")"; - $sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // See all public templates or templates I own. + $sql .= " AND (private = 0 OR fk_user = ".((int) $user->id).")"; // See all public templates or templates I own. if ($active >= 0) { $sql .= " AND active = ".((int) $active); } diff --git a/htdocs/core/class/html.formmargin.class.php b/htdocs/core/class/html.formmargin.class.php index f951a3dc198..02972f39630 100644 --- a/htdocs/core/class/html.formmargin.class.php +++ b/htdocs/core/class/html.formmargin.class.php @@ -99,7 +99,8 @@ class FormMargin $pv = $line->total_ht; $pa_ht = ($pv < 0 ? -$line->pa_ht : $line->pa_ht); // We choosed to have line->pa_ht always positive in database, so we guess the correct sign - if ($object->element == 'facture' && $object->type == $object::TYPE_SITUATION) { + if (($object->element == 'facture' && $object->type == $object::TYPE_SITUATION) + || ($object->element == 'facture' && $object->type == $object::TYPE_CREDIT_NOTE && $conf->global->INVOICE_USE_SITUATION_CREDIT_NOTE && $object->situation_counter > 0)) { $pa = $line->qty * $pa_ht * ($line->situation_percent / 100); } else { $pa = $line->qty * $pa_ht; diff --git a/htdocs/core/class/html.formother.class.php b/htdocs/core/class/html.formother.class.php index 5f00ed6877b..f0fdfaadd02 100644 --- a/htdocs/core/class/html.formother.class.php +++ b/htdocs/core/class/html.formother.class.php @@ -497,10 +497,10 @@ class FormOther } if (empty($user->rights->user->user->lire)) { - $sql_usr .= " AND u.rowid = ".$user->id; + $sql_usr .= " AND u.rowid = ".((int) $user->id); } if (!empty($user->socid)) { - $sql_usr .= " AND u.fk_soc = ".$user->socid; + $sql_usr .= " AND u.fk_soc = ".((int) $user->socid); } //Add hook to filter on user (for exemple on usergroup define in custom modules) @@ -524,7 +524,7 @@ class FormOther $sql_usr .= " WHERE u2.entity IN (".getEntity('user').")"; } - $sql_usr .= " AND u2.rowid = sc.fk_user AND sc.fk_soc=".$user->socid; + $sql_usr .= " AND u2.rowid = sc.fk_user AND sc.fk_soc = ".((int) $user->socid); //Add hook to filter on user (for exemple on usergroup define in custom modules) if (!empty($reshook)) { diff --git a/htdocs/core/class/html.formprojet.class.php b/htdocs/core/class/html.formprojet.class.php index 4177c4237b8..9696dca7183 100644 --- a/htdocs/core/class/html.formprojet.class.php +++ b/htdocs/core/class/html.formprojet.class.php @@ -350,7 +350,7 @@ class FormProjets $sql .= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)"; } if ($socid > 0) { - $sql .= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)"; + $sql .= " AND (p.fk_soc=".((int) $socid)." OR p.fk_soc IS NULL)"; } $sql .= " ORDER BY p.ref, t.ref ASC"; diff --git a/htdocs/core/class/notify.class.php b/htdocs/core/class/notify.class.php index bb37293354e..2f160457ba1 100644 --- a/htdocs/core/class/notify.class.php +++ b/htdocs/core/class/notify.class.php @@ -398,7 +398,7 @@ class Notify $sql .= " WHERE n.fk_user = c.rowid AND a.rowid = n.fk_action"; $sql .= " AND c.statut = 1"; if (is_numeric($notifcode)) { - $sql .= " AND n.fk_action = ".$notifcode; // Old usage + $sql .= " AND n.fk_action = ".((int) $notifcode); // Old usage } else { $sql .= " AND a.code = '".$this->db->escape($notifcode)."'"; // New usage } diff --git a/htdocs/core/class/utils.class.php b/htdocs/core/class/utils.class.php index bdd6cc2b83a..5371d917022 100644 --- a/htdocs/core/class/utils.class.php +++ b/htdocs/core/class/utils.class.php @@ -593,12 +593,16 @@ class Utils /** * Execute a CLI command. * - * @param string $command Command line to execute. - * @param string $outputfile A path for an output file (used only when method is 2). For example: $conf->admin->dir_temp.'/out.tmp'; - * @param int $execmethod 0=Use default method (that is 1 by default), 1=Use the PHP 'exec', 2=Use the 'popen' method - * @return array array('result'=>...,'output'=>...,'error'=>...). result = 0 means OK. + * @param string $command Command line to execute. + * Warning: The command line is sanitize so can't contains any redirection char '>'. Use param $redirectionfile if you need it. + * @param string $outputfile A path for an output file (used only when method is 2). For example: $conf->admin->dir_temp.'/out.tmp'; + * @param int $execmethod 0=Use default method (that is 1 by default), 1=Use the PHP 'exec', 2=Use the 'popen' method + * @param string $redirectionfile If defined, a redirection of output to this files is added. + * @param int $noescapecommand 1=Do not escape command. Warning: Using this parameter need you alreay sanitized the command. if not, it will lead to security vulnerability. + * This parameter is provided for backward compatibility with external modules. Always use 0 in core. + * @return array array('result'=>...,'output'=>...,'error'=>...). result = 0 means OK. */ - public function executeCLI($command, $outputfile, $execmethod = 0) + public function executeCLI($command, $outputfile, $execmethod = 0, $redirectionfile = null, $noescapecommand = 0) { global $conf, $langs; @@ -606,7 +610,12 @@ class Utils $output = ''; $error = ''; - $command = escapeshellcmd($command); + if (empty($noescapecommand)) { + $command = escapeshellcmd($command); + } + if ($redirectionfile) { + $command .= " > ".dol_sanitizePathName($redirectionfile); + } $command .= " 2>&1"; if (!empty($conf->global->MAIN_EXEC_USE_POPEN)) { diff --git a/htdocs/core/js/lib_foot.js.php b/htdocs/core/js/lib_foot.js.php index 74a7f543bfc..1de4fef0176 100644 --- a/htdocs/core/js/lib_foot.js.php +++ b/htdocs/core/js/lib_foot.js.php @@ -232,23 +232,39 @@ print ' jQuery(\'.clipboardCPButton, .clipboardCPValueToPrint\').click(function() { /* console.log(this.parentNode); */ - console.log("We click on a clipboardCPButton or clipboardCPValueToPrint class"); - if (window.getSelection) { - selection = window.getSelection(); + console.log("We click on a clipboardCPButton or clipboardCPValueToPrint class and we want to copy content of clipboardCPValue class"); + if (window.getSelection) { range = document.createRange(); + + /* We select value to print using the parent. */ + /* We should use the class clipboardCPValue but it may have several element with copy/paste so class to select is not enough */ range.selectNodeContents(this.parentNode.firstChild); - selection.removeAllRanges(); - selection.addRange( range ); + selection = window.getSelection(); /* get the object used for selection */ + selection.removeAllRanges(); /* clear current selection */ + selection.addRange(range); /* make the new selection with the value to copy */ } - document.execCommand( \'copy\' ); + + /* copy selection into clipboard */ + var succeed; + try { + succeed = document.execCommand(\'copy\'); + } catch(e) { + succeed = false; + } + + /* Remove the selection to avoid to see the hidden field to copy selected */ window.getSelection().removeAllRanges(); /* Show message */ var lastchild = this.parentNode.lastChild; var tmp = lastchild.innerHTML - lastchild.innerHTML = \''.dol_escape_js($langs->trans('CopiedToClipboard')).'\'; + if (succeed) { + lastchild.innerHTML = \''.dol_escape_js($langs->trans('CopiedToClipboard')).'\'; + } else { + lastchild.innerHTML = \''.dol_escape_js($langs->trans('Error')).'\'; + } setTimeout(() => { lastchild.innerHTML = tmp; }, 1000); }); });'."\n"; diff --git a/htdocs/core/lib/agenda.lib.php b/htdocs/core/lib/agenda.lib.php index 9796c49cf59..048335201ee 100644 --- a/htdocs/core/lib/agenda.lib.php +++ b/htdocs/core/lib/agenda.lib.php @@ -168,7 +168,7 @@ function show_array_actions_to_do($max = 5) $sql .= " WHERE a.entity IN (".getEntity('agenda').")"; $sql .= " AND ((a.percent >= 0 AND a.percent < 100) OR (a.percent = -1 AND a.datep2 > '".$db->idate($now)."'))"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -284,7 +284,7 @@ function show_array_last_actions_done($max = 5) $sql .= " WHERE a.entity IN (".getEntity('agenda').")"; $sql .= " AND (a.percent >= 100 OR (a.percent = -1 AND a.datep2 <= '".$db->idate($now)."'))"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 7d261f2d5ab..4b536ccb2ad 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -272,6 +272,19 @@ function societe_prepare_head(Societe $object) $h++; } + if (getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR') == 'thirdparty') { + if (!empty($user->rights->partnership->read)) { + $nbPartnership = is_array($object->partnerships) ? count($object->partnerships) : 0; + $head[$h][0] = DOL_URL_ROOT.'/societe/partnership.php?socid='.$object->id; + $head[$h][1] = $langs->trans("Partnership"); + $head[$h][2] = 'partnership'; + if ($nbPartnership > 0) { + $head[$h][1] .= ''.$nbPartnership.''; + } + $h++; + } + } + // Show more tabs from modules // Entries must be declared in modules descriptor with line // $this->tabs = array('entity:+tabname:Title:@mymodule:/mymodule/mypage.php?id=__ID__'); to add new tab @@ -1072,7 +1085,7 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '') $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople_extrafields as ef on (t.rowid = ef.fk_object)"; $sql .= " WHERE t.fk_soc = ".$object->id; if ($search_status != '' && $search_status != '-1') { - $sql .= " AND t.statut = ".$db->escape($search_status); + $sql .= " AND t.statut = ".((int) $search_status); } if ($search_name) { $sql .= natural_search(array('t.lastname', 't.firstname'), $search_name); @@ -1476,46 +1489,46 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin $sql .= " WHERE a.entity IN (".getEntity('agenda').")"; if ($force_filter_contact === false) { if (is_object($filterobj) && in_array(get_class($filterobj), array('Societe', 'Client', 'Fournisseur')) && $filterobj->id) { - $sql .= " AND a.fk_soc = ".$filterobj->id; + $sql .= " AND a.fk_soc = ".((int) $filterobj->id); } elseif (is_object($filterobj) && get_class($filterobj) == 'Dolresource') { /* Nothing */ } elseif (is_object($filterobj) && get_class($filterobj) == 'Project' && $filterobj->id) { - $sql .= " AND a.fk_project = ".$filterobj->id; + $sql .= " AND a.fk_project = ".((int) $filterobj->id); } elseif (is_object($filterobj) && get_class($filterobj) == 'Adherent') { $sql .= " AND a.fk_element = m.rowid AND a.elementtype = 'member'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'CommandeFournisseur') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'order_supplier'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'Product') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'product'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'Ticket') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'ticket'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'BOM') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'bom'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'Contrat') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'contract'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && is_array($filterobj->fields) && is_array($filterobj->fields['rowid']) && is_array($filterobj->fields['ref']) && $filterobj->table_element && $filterobj->element) { // Generic case $sql .= " AND a.fk_element = o.rowid AND a.elementtype = '".$db->escape($filterobj->element).($module ? '@'.$module : '')."'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } } diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index fd830d47eb1..330e260a327 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1159,10 +1159,11 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable * @param object $object Current object in use * @param boolean $allowdotdot Allow to delete file path with .. inside. Never use this, it is reserved for migration purpose. * @param int $indexdatabase Try to remove also index entries. + * @param int $nolog Disable log file * @return boolean True if no error (file is deleted or if glob is used and there's nothing to delete), False if error * @see dol_delete_dir() */ -function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, $object = null, $allowdotdot = false, $indexdatabase = 1) +function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, $object = null, $allowdotdot = false, $indexdatabase = 1, $nolog = 0) { global $db, $conf, $user, $langs; global $hookmanager; @@ -1170,7 +1171,9 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, // Load translation files required by the page $langs->loadLangs(array('other', 'errors')); - dol_syslog("dol_delete_file file=".$file." disableglob=".$disableglob." nophperrors=".$nophperrors." nohook=".$nohook); + if (empty($nolog)) { + dol_syslog("dol_delete_file file=".$file." disableglob=".$disableglob." nophperrors=".$nophperrors." nohook=".$nohook); + } // Security: // We refuse transversal using .. and pipes into filenames. @@ -1226,7 +1229,9 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, } if ($ok) { - dol_syslog("Removed file ".$filename, LOG_DEBUG); + if (empty($nolog)) { + dol_syslog("Removed file ".$filename, LOG_DEBUG); + } // Delete entry into ecm database $rel_filetodelete = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $filename); @@ -1264,7 +1269,9 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, $ok = unlink($file_osencoded); } if ($ok) { - dol_syslog("Removed file ".$file_osencoded, LOG_DEBUG); + if (empty($nolog)) { + dol_syslog("Removed file ".$file_osencoded, LOG_DEBUG); + } } else { dol_syslog("Failed to remove file ".$file_osencoded, LOG_WARNING); } @@ -1304,11 +1311,15 @@ function dol_delete_dir($dir, $nophperrors = 0) * @param int $nophperrors Disable all PHP output errors * @param int $onlysub Delete only files and subdir, not main directory * @param int $countdeleted Counter to count nb of elements found really deleted + * @param int $indexdatabase Try to remove also index entries. + * @param int $nolog Disable log files (too verbose when making recursive directories) * @return int Number of files and directory we try to remove. NB really removed is returned into var by reference $countdeleted. */ -function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = 0, &$countdeleted = 0) +function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = 0, &$countdeleted = 0, $indexdatabase = 1, $nolog = 0) { - dol_syslog("functions.lib:dol_delete_dir_recursive ".$dir, LOG_DEBUG); + if (empty($nolog)) { + dol_syslog("functions.lib:dol_delete_dir_recursive ".$dir, LOG_DEBUG); + } if (dol_is_dir($dir)) { $dir_osencoded = dol_osencode($dir); if ($handle = opendir("$dir_osencoded")) { @@ -1319,9 +1330,9 @@ function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = if ($item != "." && $item != "..") { if (is_dir(dol_osencode("$dir/$item")) && !is_link(dol_osencode("$dir/$item"))) { - $count = dol_delete_dir_recursive("$dir/$item", $count, $nophperrors, 0, $countdeleted); + $count = dol_delete_dir_recursive("$dir/$item", $count, $nophperrors, 0, $countdeleted, $indexdatabase, $nolog); } else { - $result = dol_delete_file("$dir/$item", 1, $nophperrors); + $result = dol_delete_file("$dir/$item", 1, $nophperrors, 0, null, false, $indexdatabase, $nolog); $count++; if ($result) { $countdeleted++; @@ -1332,6 +1343,7 @@ function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = } closedir($handle); + // Delete also the main directory if (empty($onlysub)) { $result = dol_delete_dir($dir, $nophperrors); $count++; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 627318b2674..ee353269e29 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -753,9 +753,9 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = $out = dol_string_nohtmltag($out, 0); // Remove also other dangerous string sequences // '"' is dangerous because param in url can close the href= or src= and add javascript functions. - // '../' is dangerous because it allows dir transversals + // '../' or '..\' is dangerous because it allows dir transversals // Note &, '&', '&'... is a simple char like '&' alone but there is no reason to accept such way to encode input data. - $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '/', '../'), '', $out); + $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '\', '\', '/', '../', '..\\'), '', $out); } while ($oldstringtoclean != $out); // keep lines feed } @@ -768,9 +768,9 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = // Remove html tags $out = dol_html_entity_decode($out, ENT_COMPAT | ENT_HTML5, 'UTF-8'); // '"' is dangerous because param in url can close the href= or src= and add javascript functions. - // '../' is dangerous because it allows dir transversals + // '../' or '..\' is dangerous because it allows dir transversals // Note &, '&', '&'... is a simple char like '&' alone but there is no reason to accept such way to encode input data. - $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '/', '../'), '', $out); + $out = str_ireplace(array('&', '&', '&', '"', '"', '"', '"', '"', '/', '/', '\', '\', '/', '../', '..\\'), '', $out); } while ($oldstringtoclean != $out); } break; @@ -799,11 +799,11 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = } } - // Ckeditor use the numeric entitic for apostrophe so we force it to text entity (all other special chars are correctly - // encoded using text entities). This is a fix for CKeditor (CKeditor still encode in HTML4 instead of HTML5). + // Ckeditor use the numeric entitic for apostrophe so we force it to text entity (all other special chars are + // encoded using text entities) so we can then exclude all numeric entities. $out = preg_replace('/'/i', ''', $out); - // We replace chars from a/A to z/Z encoded with numeric HTML entities with the real char so we won't loose the chars at the next step. + // We replace chars from a/A to z/Z encoded with numeric HTML entities with the real char so we won't loose the chars at the next step (preg_replace). // No need to use a loop here, this step is not to sanitize (this is done at next step, this is to try to save chars, even if they are // using a non coventionnel way to be encoded, to not have them sanitized just after) $out = preg_replace_callback('/&#(x?[0-9][0-9a-f]+;?)/i', 'realCharForNumericEntities', $out); @@ -818,6 +818,9 @@ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = // Warning, the function may add a LF so we are forced to trim to compare with old $out without having always a difference and an infinit loop. $out = trim(dol_string_onlythesehtmlattributes($out)); } + + // Restore entity ' into ' (restricthtml is for html content so we can use html entity) + $out = preg_replace('/'/i', "'", $out); } while ($oldstringtoclean != $out); break; case 'custom': @@ -1066,7 +1069,7 @@ function dol_sanitizeFileName($str, $newstr = '_', $unaccent = 1) // List of special chars for filenames in windows are defined on page https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file // Char '>' '<' '|' '$' and ';' are special chars for shells. // Char '/' and '\' are file delimiters. - // -- car can be used into filename to inject special paramaters like --use-compress-program to make command with file as parameter making remote execution of command + // Chars '--' can be used into filename to inject special paramaters like --use-compress-program to make command with file as parameter making remote execution of command $filesystem_forbidden_chars = array('<', '>', '/', '\\', '?', '*', '|', '"', ':', '°', '$', ';'); $tmp = dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars); $tmp = preg_replace('/\-\-+/', '_', $tmp); @@ -1087,7 +1090,10 @@ function dol_sanitizeFileName($str, $newstr = '_', $unaccent = 1) */ function dol_sanitizePathName($str, $newstr = '_', $unaccent = 1) { - $filesystem_forbidden_chars = array('<', '>', '?', '*', '|', '"', '°'); + // List of special chars for filenames in windows are defined on page https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file + // Char '>' '<' '|' '$' and ';' are special chars for shells. + // Chars '--' can be used into filename to inject special paramaters like --use-compress-program to make command with file as parameter making remote execution of command + $filesystem_forbidden_chars = array('<', '>', '?', '*', '|', '"', '°', '$', ';'); $tmp = dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars); $tmp = preg_replace('/\-\-+/', '_', $tmp); $tmp = preg_replace('/\s+\-/', ' _', $tmp); @@ -1280,19 +1286,18 @@ function dol_escape_json($stringtoescape) * Returns text escaped for inclusion in HTML alt or title tags, or into values of HTML input fields. * * @param string $stringtoescape String to escape - * @param int $keepb 1=Keep b tags and escape them, 0=remove them + * @param int $keepb 1=Keep b tags, 0=remove them completely * @param int $keepn 1=Preserve \r\n strings (otherwise, replace them with escaped value). Set to 1 when escaping for a '; $form_close .= ''; - $form_close .= '
'; - $form_close .= ''; - $form_close .= '   '; - $form_close .= ' '; - $form_close .= '
'; + $form_close .= $form->buttonsSaveCancel();; + $form_close .= ' '; $form_close .= ''; print $form_close; diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index 6d43222bcf2..6b76cf23af6 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -1294,7 +1294,7 @@ class SupplierProposal extends CommonObject $sql .= ' d.fk_multicurrency, d.multicurrency_code, d.multicurrency_subprice, d.multicurrency_total_ht, d.multicurrency_total_tva, d.multicurrency_total_ttc, d.fk_unit'; $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposaldet as d"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON d.fk_product = p.rowid"; - $sql .= " WHERE d.fk_supplier_proposal = ".$this->id; + $sql .= " WHERE d.fk_supplier_proposal = ".((int) $this->id); $sql .= " ORDER by d.rang"; $result = $this->db->query($sql); @@ -1417,8 +1417,8 @@ class SupplierProposal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal"; $sql .= " SET ref = '".$this->db->escape($num)."',"; - $sql .= " fk_statut = 1, date_valid='".$this->db->idate($now)."', fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; + $sql .= " fk_statut = 1, date_valid='".$this->db->idate($now)."', fk_user_valid=".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = 0"; dol_syslog(get_class($this)."::valid", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1517,7 +1517,7 @@ class SupplierProposal extends CommonObject if (!empty($user->rights->supplier_proposal->creer)) { $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal "; $sql .= " SET date_livraison = ".($delivery_date != '' ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { $this->date_livraison = $delivery_date; @@ -1549,7 +1549,7 @@ class SupplierProposal extends CommonObject $remise = price2num($remise, 2); $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal SET remise_percent = ".((float) $remise); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = 0"; if ($this->db->query($sql)) { $this->remise_percent = ((float) $remise); @@ -1584,7 +1584,7 @@ class SupplierProposal extends CommonObject if (!empty($user->rights->supplier_proposal->creer)) { $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal "; $sql .= " SET remise_absolue = ".((float) $remise); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = 0"; if ($this->db->query($sql)) { $this->remise_absolue = $remise; @@ -1622,7 +1622,7 @@ class SupplierProposal extends CommonObject $sql .= " note_private = '".$this->db->escape($note)."',"; } $sql .= " date_cloture=NULL, fk_user_cloture=NULL"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -1681,7 +1681,7 @@ class SupplierProposal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal"; $sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($note)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -1881,7 +1881,7 @@ class SupplierProposal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!$error) { @@ -1946,7 +1946,7 @@ class SupplierProposal extends CommonObject $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = c.id"; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -2016,10 +2016,10 @@ class SupplierProposal extends CommonObject if (!$error) { $main = MAIN_DB_PREFIX.'supplier_proposaldet'; $ef = $main."_extrafields"; - $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_supplier_proposal = ".$this->id.")"; - $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposaldet WHERE fk_supplier_proposal = ".$this->id; + $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_supplier_proposal = ".((int) $this->id).")"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposaldet WHERE fk_supplier_proposal = ".((int) $this->id); if ($this->db->query($sql)) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposal WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposal WHERE rowid = ".((int) $this->id); if ($this->db->query($sqlef) && $this->db->query($sql)) { // Delete linked object $res = $this->deleteObjectLinked(); @@ -2220,7 +2220,7 @@ class SupplierProposal extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposal as p"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." p.entity IN (".getEntity('supplier_proposal').")"; @@ -2231,7 +2231,7 @@ class SupplierProposal extends CommonObject $sql .= " AND p.fk_statut = 2"; } if ($user->socid) { - $sql .= " AND p.fk_soc = ".$user->socid; + $sql .= " AND p.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -2377,7 +2377,7 @@ class SupplierProposal extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." p.entity IN (".getEntity('supplier_proposal').")"; @@ -3100,7 +3100,7 @@ class SupplierProposalLine extends CommonObjectLine $error = 0; $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposaldet WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposaldet WHERE rowid = ".((int) $this->id); dol_syslog("SupplierProposalLine::delete", LOG_DEBUG); if ($this->db->query($sql)) { // Remove extrafields @@ -3248,7 +3248,7 @@ class SupplierProposalLine extends CommonObjectLine $sql .= " , multicurrency_total_tva=".price2num($this->multicurrency_total_tva).""; $sql .= " , multicurrency_total_ttc=".price2num($this->multicurrency_total_ttc).""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -3296,7 +3296,7 @@ class SupplierProposalLine extends CommonObjectLine $sql .= " total_ht=".price2num($this->total_ht, 'MT'); $sql .= ",total_tva=".price2num($this->total_tva, 'MT'); $sql .= ",total_ttc=".price2num($this->total_ttc, 'MT'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("SupplierProposalLine::update_total", LOG_DEBUG); diff --git a/htdocs/supplier_proposal/index.php b/htdocs/supplier_proposal/index.php index 85f5f96c1af..45501ed9b2b 100644 --- a/htdocs/supplier_proposal/index.php +++ b/htdocs/supplier_proposal/index.php @@ -75,7 +75,7 @@ if ($user->socid) { $sql .= ' AND p.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " AND p.fk_statut IN (0,1,2,3,4)"; $sql .= " GROUP BY p.fk_statut"; @@ -176,7 +176,7 @@ if (!empty($conf->supplier_proposal->enabled)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $db->query($sql); @@ -234,7 +234,7 @@ if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.tms DESC"; $sql .= $db->plimit($max, 0); @@ -312,7 +312,7 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; $sql .= " AND p.fk_statut = 1"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php index 196f3cd629f..2529e594f2d 100644 --- a/htdocs/supplier_proposal/list.php +++ b/htdocs/supplier_proposal/list.php @@ -340,7 +340,7 @@ if ($search_user > 0) { $sql .= ' WHERE sp.fk_soc = s.rowid'; $sql .= ' AND sp.entity IN ('.getEntity('supplier_proposal').')'; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_town) { $sql .= natural_search('s.town', $search_town); diff --git a/htdocs/takepos/admin/appearance.php b/htdocs/takepos/admin/appearance.php index ef448607b10..135a3b2a9e7 100644 --- a/htdocs/takepos/admin/appearance.php +++ b/htdocs/takepos/admin/appearance.php @@ -119,9 +119,7 @@ print "\n"; print ''; -print '
'; - -print '
'; +print $form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/takepos/admin/bar.php b/htdocs/takepos/admin/bar.php index 796c98de5cb..794cb47290e 100644 --- a/htdocs/takepos/admin/bar.php +++ b/htdocs/takepos/admin/bar.php @@ -200,7 +200,7 @@ if ($conf->global->TAKEPOS_BAR_RESTAURANT) { print '
'; - print '
'; + print $form->buttonsSaveCancel("Save", ''); } if (!empty($conf->global->TAKEPOS_BAR_RESTAURANT)) { diff --git a/htdocs/takepos/admin/receipt.php b/htdocs/takepos/admin/receipt.php index 74a54400fef..ec05dd89796 100644 --- a/htdocs/takepos/admin/receipt.php +++ b/htdocs/takepos/admin/receipt.php @@ -267,7 +267,7 @@ print '
'; print '
'; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/takepos/admin/setup.php b/htdocs/takepos/admin/setup.php index 0364ff4e64f..e75321e263b 100644 --- a/htdocs/takepos/admin/setup.php +++ b/htdocs/takepos/admin/setup.php @@ -474,7 +474,7 @@ if ($conf->global->TAKEPOS_ENABLE_SUMUP) { print '
'; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/takepos/admin/terminal.php b/htdocs/takepos/admin/terminal.php index 922a5c5032c..f6562d81693 100644 --- a/htdocs/takepos/admin/terminal.php +++ b/htdocs/takepos/admin/terminal.php @@ -409,7 +409,7 @@ if ($atleastonefound == 0 && !empty($conf->banque->enabled)) { print '
'; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print "\n"; diff --git a/htdocs/takepos/css/pos.css.php b/htdocs/takepos/css/pos.css.php index 66c65edb622..5e2afdf0094 100644 --- a/htdocs/takepos/css/pos.css.php +++ b/htdocs/takepos/css/pos.css.php @@ -757,3 +757,36 @@ div#moreinfo, div#infowarehouse { text-align: center; margin: 2px; } + +.splitsale { + float: left; + width: 100%; + height: 100%; + overflow: auto; +} + +.rowsplit { + width: 100%; + height: 40%; +} + +.headersplit { + height: 10%; + width: 100%; + padding: 10px; +} + +.headercontent { + margin: auto; + width: 50%; + border: 3px solid black; + text-align: center; + font-size: 150%; + background-color: rgb(233,234,237); +} + +.row:after { + content: ""; + display: table; + clear: both; +} diff --git a/htdocs/takepos/index.php b/htdocs/takepos/index.php index d11a081280c..02f68479750 100644 --- a/htdocs/takepos/index.php +++ b/htdocs/takepos/index.php @@ -481,6 +481,12 @@ function CloseBill() { $.colorbox({href:"pay.php?place="+place+"&invoiceid="+invoiceid, width:"80%", height:"90%", transition:"none", iframe:"true", title:""}); } +function Split() { + invoiceid = $("#invoiceid").val(); + console.log("Open popup to split on invoiceid="+invoiceid); + $.colorbox({href:"split.php?place="+place+"&invoiceid="+invoiceid, width:"80%", height:"90%", transition:"none", iframe:"true", title:""}); +} + function Floors() { console.log("Open box to select floor place="+place); $.colorbox({href:"floors.php?place="+place, width:"90%", height:"90%", transition:"none", iframe:"true", title:"trans("Floors"); ?>"}); @@ -1040,6 +1046,8 @@ if (getDolGlobalString('TAKEPOS_DIRECT_PAYMENT')) { $menus[$r++] = array('title'=>'
'.$langs->trans("DirectPayment").' ('.$langs->trans("Cash").')
', 'action'=>'DirectPayment();'); } +$menus[$r++] = array('title'=>'
'.$langs->trans("SplitSale").'
', 'action'=>'Split();'); + // BAR RESTAURANT specific menu if (getDolGlobalString('TAKEPOS_BAR_RESTAURANT')) { if ($conf->global->TAKEPOS_ORDER_PRINTERS) { diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php index 5526a5607d1..95167ed3b51 100644 --- a/htdocs/takepos/invoice.php +++ b/htdocs/takepos/invoice.php @@ -1487,7 +1487,7 @@ if ($placeid > 0) { $sql .= " WHERE ps.reel != 0"; $sql .= " AND ps.fk_entrepot = ".((int) $conf->global->$constantforkey); $sql .= " AND e.entity IN (".getEntity('stock').")"; - $sql .= " AND ps.fk_product = ".$line->fk_product; + $sql .= " AND ps.fk_product = ".((int) $line->fk_product); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); diff --git a/htdocs/takepos/split.php b/htdocs/takepos/split.php new file mode 100644 index 00000000000..4de053513f5 --- /dev/null +++ b/htdocs/takepos/split.php @@ -0,0 +1,225 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/** + * \file htdocs/takepos/split.php + * \ingroup takepos + * \brief Page with the content of the popup to split sale + */ + +//if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); // Not disabled cause need to load personalized language +//if (! defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); // Not disabled cause need to load personalized language +//if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC', '1'); +//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); +if (!defined('NOCSRFCHECK')) { + define('NOCSRFCHECK', '1'); +} +if (!defined('NOTOKENRENEWAL')) { + define('NOTOKENRENEWAL', '1'); +} +if (!defined('NOREQUIREMENU')) { + define('NOREQUIREMENU', '1'); +} +if (!defined('NOREQUIREHTML')) { + define('NOREQUIREHTML', '1'); +} +if (!defined('NOREQUIREAJAX')) { + define('NOREQUIREAJAX', '1'); +} + +require '../main.inc.php'; // Load $user and permissions +require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; + +$langs->loadLangs(array("main", "bills", "cashdesk", "banks")); + +$action = GETPOST('action', 'aZ09'); +$place = (GETPOST('place', 'aZ09') ? GETPOST('place', 'aZ09') : 0); + +if (empty($user->rights->takepos->run)) { + accessforbidden(); +} + +if ($action=="split") { + $line = GETPOST('line', 'int'); + $split = GETPOST('split', 'int'); + if ($split==1) { // Split line + $invoice = new Facture($db); + $ret = $invoice->fetch('', '(PROV-POS'.$_SESSION["takeposterminal"].'-SPLIT)'); + if ($ret > 0) { + $placeid = $invoice->id; + } else { + $constforcompanyid = 'CASHDESK_ID_THIRDPARTY'.$_SESSION["takeposterminal"]; + $invoice->socid = $conf->global->$constforcompanyid; + $invoice->date = dol_now(); + $invoice->module_source = 'takepos'; + $invoice->pos_source = $_SESSION["takeposterminal"]; + $invoice->entity = !empty($_SESSION["takeposinvoiceentity"]) ? $_SESSION["takeposinvoiceentity"] : $conf->entity; + if ($invoice->socid <= 0) { + $langs->load('errors'); + dol_htmloutput_errors($langs->trans("ErrorModuleSetupNotComplete", "TakePos"), null, 1); + } else { + $placeid = $invoice->create($user); + if ($placeid < 0) { + dol_htmloutput_errors($invoice->error, $invoice->errors, 1); + } + $sql = "UPDATE ".MAIN_DB_PREFIX."facture set ref='(PROV-POS".$_SESSION["takeposterminal"]."-SPLIT)' where rowid=".$placeid; + $db->query($sql); + } + } + $sql = "UPDATE ".MAIN_DB_PREFIX."facturedet set fk_facture=".$placeid." where rowid=".$line; + $db->query($sql); + } elseif ($split==0) { // Unsplit line + $invoice = new Facture($db); + $ret = $invoice->fetch('', '(PROV-POS'.$_SESSION["takeposterminal"].'-'.$place.')'); + if ($ret > 0) { + $placeid = $invoice->id; + } else { + $constforcompanyid = 'CASHDESK_ID_THIRDPARTY'.$_SESSION["takeposterminal"]; + $invoice->socid = $conf->global->$constforcompanyid; + $invoice->date = dol_now(); + $invoice->module_source = 'takepos'; + $invoice->pos_source = $_SESSION["takeposterminal"]; + $invoice->entity = !empty($_SESSION["takeposinvoiceentity"]) ? $_SESSION["takeposinvoiceentity"] : $conf->entity; + if ($invoice->socid <= 0) { + $langs->load('errors'); + dol_htmloutput_errors($langs->trans("ErrorModuleSetupNotComplete", "TakePos"), null, 1); + } else { + $placeid = $invoice->create($user); + if ($placeid < 0) { + dol_htmloutput_errors($invoice->error, $invoice->errors, 1); + } + $sql = "UPDATE ".MAIN_DB_PREFIX."facture set ref='(PROV-POS".$_SESSION["takeposterminal"]."-".$place.")' where rowid=".$placeid; + echo $sql; + $db->query($sql); + } + } + $sql = "UPDATE ".MAIN_DB_PREFIX."facturedet set fk_facture=".$placeid." where rowid=".$line; + echo $sql; + $db->query($sql); + } + $invoice->fetch('', '(PROV-POS'.$_SESSION["takeposterminal"].'-SPLIT)'); + $invoice->update_price(); + $invoice->fetch('', '(PROV-POS'.$_SESSION["takeposterminal"].'-'.$place.')'); + $invoice->update_price(); +} + + +/* + * View + */ + +$invoice = new Facture($db); +if ($invoiceid > 0) { + $invoice->fetch($invoiceid); +} else { + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."facture where ref='(PROV-POS".$_SESSION["takeposterminal"]."-".$place.")'"; + $resql = $db->query($sql); + $obj = $db->fetch_object($resql); + if ($obj) { + $invoiceid = $obj->rowid; + } + if (!$invoiceid) { + $invoiceid = 0; // Invoice does not exist yet + } else { + $invoice->fetch($invoiceid); + } +} + +$arrayofcss = array('/takepos/css/pos.css.php', '/takepos/css/split.css.php'); +$arrayofjs = array(); + +$head = ''; +$title = ''; +$disablejs = 0; +$disablehead = 0; + +top_htmlhead($head, $title, $disablejs, $disablehead, $arrayofjs, $arrayofcss); + +// Define list of possible payments +$arrayOfValidPaymentModes = array(); +$arrayOfValidBankAccount = array(); + + +?> + +global->TAKEPOS_COLOR_THEME == 1) { + print ''; +} +?> + + + + + +
+
+
+ +
+
+
+ +
+
+
+ +
+
+
+ + + \ No newline at end of file diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index 311f6a2e584..d32fa3af9bb 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -1387,6 +1387,7 @@ table[summary="list_of_modules"] .fa-cog { .width400 { width: 400px; } .width500 { width: 500px; } .maxwidth25 { max-width: 25px; } +.maxwidth40 { max-width: 40px; } .maxwidth50 { max-width: 50px; } .maxwidth75 { max-width: 75px; } .maxwidthdate { max-width: 80px; } @@ -6814,7 +6815,7 @@ div.phpdebugbar-widgets-templates a.phpdebugbar-widgets-editor-link:before /* For copy-paste feature */ /* ============================================================================== */ -span.clipboardCPValueToPrint { +span.clipboardCPValueToPrint, div.clipboardCPValueToPrint { display: inline-block; } span.clipboardCPValue.hidewithsize { @@ -6823,6 +6824,12 @@ span.clipboardCPValue.hidewithsize { color: transparent; white-space: nowrap; } +div.clipboardCPValue.hidewithsize { + width: 0 !important; + display: none; + color: transparent; + white-space: nowrap; +} .clipboardCPShowOnHover .clipboardCPButton { display: none; diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index dfa8b00f9eb..8e9461258da 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -1427,6 +1427,7 @@ table[summary="list_of_modules"] .fa-cog { .width400 { width: 400px; } .width500 { width: 500px; } .maxwidth25 { max-width: 25px; } +.maxwidth40 { max-width: 40px; } .maxwidth50 { max-width: 50px; } .maxwidth75 { max-width: 75px; } .maxwidth100 { max-width: 100px; } @@ -6689,7 +6690,7 @@ div.phpdebugbar-widgets-templates a.phpdebugbar-widgets-editor-link:before /* For copy-paste feature */ /* ============================================================================== */ -span.clipboardCPValueToPrint { +span.clipboardCPValueToPrint, div.clipboardCPValueToPrint { display: inline-block; } span.clipboardCPValue.hidewithsize { @@ -6698,6 +6699,12 @@ span.clipboardCPValue.hidewithsize { color: transparent; white-space: nowrap; } +div.clipboardCPValue.hidewithsize { + width: 0 !important; + display: none; + color: transparent; + white-space: nowrap; +} .clipboardCPShowOnHover .clipboardCPButton { display: none; diff --git a/htdocs/ticket/card.php b/htdocs/ticket/card.php index 8a11ac23e23..a7e491bd4c6 100644 --- a/htdocs/ticket/card.php +++ b/htdocs/ticket/card.php @@ -756,11 +756,7 @@ if ($action == 'create' || $action == 'presend') { print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); print ''; */ } elseif (empty($action) || $action == 'view' || $action == 'addlink' || $action == 'dellink' || $action == 'presend' || $action == 'presend_addmessage' || $action == 'close' || $action == 'abandon' || $action == 'delete' || $action == 'editcustomer' || $action == 'progression' || $action == 'reopen' diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index e8a1b53ed82..3961fefedf2 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -729,9 +729,9 @@ class Ticket extends CommonObject } } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } elseif ($user->socid) { - $sql .= " AND t.fk_soc = ".$user->socid; + $sql .= " AND t.fk_soc = ".((int) $user->socid); } $sql .= " ORDER BY ".$sortfield.' '.$sortorder; @@ -2967,7 +2967,7 @@ class Ticket extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."ticket as p"; if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." p.entity IN (".getEntity('ticket').")"; @@ -2975,7 +2975,7 @@ class Ticket extends CommonObject $sql .= " AND p.fk_statut NOT IN (".Ticket::STATUS_CLOSED.", ".Ticket::STATUS_CANCELED.")"; } if ($user->socid) { - $sql .= " AND p.fk_soc = ".$user->socid; + $sql .= " AND p.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -3033,7 +3033,7 @@ class Ticket extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." p.entity IN (".getEntity('ticket').")"; diff --git a/htdocs/ticket/class/ticketstats.class.php b/htdocs/ticket/class/ticketstats.class.php index 2bcd0fe89fc..9f8122b0b9a 100644 --- a/htdocs/ticket/class/ticketstats.class.php +++ b/htdocs/ticket/class/ticketstats.class.php @@ -64,7 +64,7 @@ class TicketStats extends Stats $this->where = " fk_statut > 0"; $this->where .= " AND entity = ".$conf->entity; if ($this->socid > 0) { - $this->where .= " AND fk_soc = ".$this->socid; + $this->where .= " AND fk_soc = ".((int) $this->socid); } if (is_array($this->userid) && count($this->userid) > 0) { $this->where .= ' AND fk_user_create IN ('.$this->db->sanitize(join(',', $this->userid)).')'; diff --git a/htdocs/ticket/index.php b/htdocs/ticket/index.php index 756f8e10879..315e93f153f 100644 --- a/htdocs/ticket/index.php +++ b/htdocs/ticket/index.php @@ -326,7 +326,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= ' WHERE t.entity IN ('.getEntity('ticket').')'; $sql .= " AND t.fk_statut=0"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid > 0) { @@ -334,7 +334,7 @@ if ($user->socid > 0) { } else { // Restricted to assigned user only if (!empty($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY) && !$user->rights->ticket->manage) { - $sql .= " AND t.fk_user_assign=".$user->id; + $sql .= " AND t.fk_user_assign = ".((int) $user->id); } } $sql .= $db->order("t.datec", "DESC"); diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index 5a55a1ab324..c79a75e851c 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -425,9 +425,9 @@ if ($search_dateclose_end) { if (!$user->socid && ($mode == "mine" || (!$user->admin && $conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY))) { - $sql .= " AND (t.fk_user_assign = ".$user->id; + $sql .= " AND (t.fk_user_assign = ".((int) $user->id); if (empty($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY)) { - $sql .= " OR t.fk_user_create = ".$user->id; + $sql .= " OR t.fk_user_create = ".((int) $user->id); } $sql .= ")"; } diff --git a/htdocs/user/agenda_extsites.php b/htdocs/user/agenda_extsites.php index 928db5449d8..5921f7d84cd 100644 --- a/htdocs/user/agenda_extsites.php +++ b/htdocs/user/agenda_extsites.php @@ -226,10 +226,12 @@ while ($i <= $MAXAGENDA) { print ''; print '
'; - -print '
'; -print ''; -print "
"; +$addition_button = array( + 'name' => 'save', + 'label_key' => 'Save', + 'addclass' => 'hideifnotset', +); +print $form->buttonsSaveCancel("", "", $addition_button); print dol_get_fiche_end(); diff --git a/htdocs/user/bank.php b/htdocs/user/bank.php index 0eaf3d533a9..aa6f97a6c05 100644 --- a/htdocs/user/bank.php +++ b/htdocs/user/bank.php @@ -700,11 +700,7 @@ if ($id && ($action == 'edit' || $action == 'create') && $user->rights->user->us print dol_get_fiche_end(); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel("Modify"); } if ($id && $action == 'edit' && $user->rights->user->user->creer) { diff --git a/htdocs/user/card.php b/htdocs/user/card.php index cb7aa69949c..ad1007f3c52 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -1267,11 +1267,7 @@ if ($action == 'create' || $action == 'adduserldap') { print dol_get_fiche_end(); - print '
'; - print ''; - //print '     '; - //print ''; - print '
'; + print $form->buttonsSaveCancel("CreateUser"); print ""; } else { diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 816d3dc3e27..325db34141d 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -576,8 +576,8 @@ class User extends CommonObject if ($loadpersonalconf) { // Load user->conf for user $sql = "SELECT param, value FROM ".MAIN_DB_PREFIX."user_param"; - $sql .= " WHERE fk_user = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= " WHERE fk_user = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); //dol_syslog(get_class($this).'::fetch load personalized conf', LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -652,6 +652,36 @@ class User extends CommonObject return 1; } + /** + * Return if a user has a permission. + * You can use it like this: if ($user->hasRight('module', 'level11')). + * It replaces old syntax: if ($user->rights->module->level1) + * + * @param int $module Id of permission to add or 0 to add several permissions + * @param string $permlevel1 Permission level1 + * @param string $permlevel2 Permission level2 + * @return int 1 if user has permission, 0 if not. + * @see clearrights(), delrights(), getrights(), hasRight() + */ + public function hasRight($module, $permlevel1, $permlevel2 = '') + { + if (empty($module) || empty($this->rights) || empty($this->rights->$module) || empty($permlevel1)) { + return 0; + } + + if ($permlevel2) { + if (!empty($this->rights->$module->$permlevel1) && !empty($this->rights->$module->$permlevel1->$permlevel2)) { + return $this->rights->$module->$permlevel1->$permlevel2; + } + } else { + if (!empty($this->rights->$module->$permlevel1)) { + return $this->rights->$module->$permlevel1; + } + } + + return 0; + } + /** * Add a right to the user * @@ -661,7 +691,7 @@ class User extends CommonObject * @param int $entity Entity to use * @param int $notrigger 1=Does not execute triggers, 0=Execute triggers * @return int > 0 if OK, < 0 if KO - * @see clearrights(), delrights(), getrights() + * @see clearrights(), delrights(), getrights(), hasRight() */ public function addrights($rid, $allmodule = '', $allperms = '', $entity = 0, $notrigger = 0) { @@ -727,7 +757,7 @@ class User extends CommonObject //print "$module-$perms-$subperms"; $sql = "SELECT id"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql .= " WHERE entity = ".$entity; + $sql .= " WHERE entity = ".((int) $entity); if (!empty($whereforadd) && $whereforadd != 'allmodules') { $sql .= " AND ".$whereforadd; } @@ -740,11 +770,11 @@ class User extends CommonObject $obj = $this->db->fetch_object($result); $nid = $obj->id; - $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = ".$this->id." AND fk_id=".$nid." AND entity = ".$entity; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = ".((int) $this->id)." AND fk_id = ".((int) $nid)." AND entity = ".((int) $entity); if (!$this->db->query($sql)) { $error++; } - $sql = "INSERT INTO ".MAIN_DB_PREFIX."user_rights (entity, fk_user, fk_id) VALUES (".$entity.", ".$this->id.", ".$nid.")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."user_rights (entity, fk_user, fk_id) VALUES (".((int) $entity).", ".((int) $this->id).", ".((int) $nid).")"; if (!$this->db->query($sql)) { $error++; } @@ -788,7 +818,7 @@ class User extends CommonObject * @param int $entity Entity to use * @param int $notrigger 1=Does not execute triggers, 0=Execute triggers * @return int > 0 if OK, < 0 if OK - * @see clearrights(), addrights(), getrights() + * @see clearrights(), addrights(), getrights(), hasRight() */ public function delrights($rid, $allmodule = '', $allperms = '', $entity = 0, $notrigger = 0) { @@ -808,7 +838,7 @@ class User extends CommonObject $sql = "SELECT module, perms, subperms"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; $sql .= " WHERE id = '".$this->db->escape($rid)."'"; - $sql .= " AND entity = ".$entity; + $sql .= " AND entity = ".((int) $entity); $result = $this->db->query($sql); if ($result) { @@ -853,7 +883,7 @@ class User extends CommonObject //print "$module-$perms-$subperms"; $sql = "SELECT id"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql .= " WHERE entity = ".$entity; + $sql .= " WHERE entity = ".((int) $entity); if (!empty($wherefordel) && $wherefordel != 'allmodules') { $sql .= " AND ".$wherefordel; } @@ -875,8 +905,8 @@ class User extends CommonObject $nid = $obj->id; $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights"; - $sql .= " WHERE fk_user = ".$this->id." AND fk_id = ".((int) $nid); - $sql .= " AND entity = ".$entity; + $sql .= " WHERE fk_user = ".((int) $this->id)." AND fk_id = ".((int) $nid); + $sql .= " AND entity = ".((int) $entity); if (!$this->db->query($sql)) { $error++; } @@ -915,7 +945,7 @@ class User extends CommonObject * Clear all permissions array of user * * @return void - * @see getrights() + * @see getrights(), hasRight() */ public function clearrights() { @@ -933,7 +963,7 @@ class User extends CommonObject * @param string $moduletag Limit permission for a particular module ('' by default means load all permissions) * @param int $forcereload Force reload of permissions even if they were already loaded (ignore cache) * @return void - * @see clearrights(), delrights(), addrights() + * @see clearrights(), delrights(), addrights(), hasRight() */ public function getrights($moduletag = '', $forcereload = 0) { @@ -1022,15 +1052,15 @@ class User extends CommonObject if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { $sql .= " AND gu.entity IN (0,".$conf->entity.")"; } else { - $sql .= " AND r.entity = ".$conf->entity; + $sql .= " AND r.entity = ".((int) $conf->entity); } } else { - $sql .= " AND gr.entity = ".$conf->entity; - $sql .= " AND gu.entity = ".$conf->entity; - $sql .= " AND r.entity = ".$conf->entity; + $sql .= " AND gr.entity = ".((int) $conf->entity); + $sql .= " AND gu.entity = ".((int) $conf->entity); + $sql .= " AND r.entity = ".((int) $conf->entity); } $sql .= " AND gr.fk_usergroup = gu.fk_usergroup"; - $sql .= " AND gu.fk_user = ".$this->id; + $sql .= " AND gu.fk_user = ".((int) $this->id); $sql .= " AND r.perms IS NOT NULL"; if ($moduletag) { $sql .= " AND r.module = '".$this->db->escape($moduletag)."'"; @@ -1180,7 +1210,7 @@ class User extends CommonObject dol_syslog(get_class($this)."::delete", LOG_DEBUG); // Remove rights - $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = ".((int) $this->id); if (!$error && !$this->db->query($sql)) { $error++; @@ -1188,14 +1218,14 @@ class User extends CommonObject } // Remove group - $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user WHERE fk_user = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user WHERE fk_user = ".((int) $this->id); if (!$error && !$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); } // Remove params - $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_param WHERE fk_user = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_param WHERE fk_user = ".((int) $this->id); if (!$error && !$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); @@ -1221,7 +1251,7 @@ class User extends CommonObject // Remove user if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."user WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."user WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); if (!$this->db->query($sql)) { $error++; @@ -1574,7 +1604,7 @@ class User extends CommonObject $num = 0; $sql = "SELECT id FROM ".MAIN_DB_PREFIX."rights_def"; $sql .= " WHERE bydefault = 1"; - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if ($resql) { @@ -1769,7 +1799,7 @@ class User extends CommonObject $sql .= ", default_c_exp_tax_cat = ".($this->default_c_exp_tax_cat > 0 ? $this->default_c_exp_tax_cat : 'null'); $sql .= ", fk_warehouse = ".($this->fk_warehouse > 0 ? $this->fk_warehouse : "null"); $sql .= ", lang = ".($this->lang ? "'".$this->db->escape($this->lang)."'" : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1960,7 +1990,7 @@ class User extends CommonObject $sql .= " datepreviouslogin = datelastlogin,"; $sql .= " datelastlogin = '".$this->db->idate($now)."',"; $sql .= " tms = tms"; // La date de derniere modif doit changer sauf pour la mise a jour de date de derniere connexion - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_last_login_date user->id=".$this->id." ".$sql, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2021,7 +2051,7 @@ class User extends CommonObject } else { $sql .= ", pass = '".$this->db->escape($password)."'"; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setPassword", LOG_DEBUG); $result = $this->db->query($sql); @@ -2079,7 +2109,7 @@ class User extends CommonObject // After receiving confirmation link, we will erase and store it in pass_crypted $sql = "UPDATE ".MAIN_DB_PREFIX."user"; $sql .= " SET pass_temp = '".$this->db->escape($password)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setPassword", LOG_DEBUG); // No log $result = $this->db->query($sql); @@ -2225,7 +2255,7 @@ class User extends CommonObject // phpcs:enable $sql = "SELECT url, login, pass, poste "; $sql .= " FROM ".MAIN_DB_PREFIX."user_clicktodial as u"; - $sql .= " WHERE u.fk_user = ".$this->id; + $sql .= " WHERE u.fk_user = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -2260,7 +2290,7 @@ class User extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_clicktodial"; - $sql .= " WHERE fk_user = ".$this->id; + $sql .= " WHERE fk_user = ".((int) $this->id); dol_syslog(get_class($this).'::update_clicktodial', LOG_DEBUG); $result = $this->db->query($sql); @@ -2305,14 +2335,14 @@ class User extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user"; - $sql .= " WHERE fk_user = ".$this->id; + $sql .= " WHERE fk_user = ".((int) $this->id); $sql .= " AND fk_usergroup = ".((int) $group); - $sql .= " AND entity = ".$entity; + $sql .= " AND entity = ".((int) $entity); $result = $this->db->query($sql); $sql = "INSERT INTO ".MAIN_DB_PREFIX."usergroup_user (entity, fk_user, fk_usergroup)"; - $sql .= " VALUES (".$entity.",".$this->id.",".$group.")"; + $sql .= " VALUES (".((int) $entity).",".((int) $this->id).",".((int) $group).")"; $result = $this->db->query($sql); if ($result) { @@ -2362,9 +2392,9 @@ class User extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user"; - $sql .= " WHERE fk_user = ".$this->id; + $sql .= " WHERE fk_user = ".((int) $this->id); $sql .= " AND fk_usergroup = ".((int) $group); - $sql .= " AND entity = ".$entity; + $sql .= " AND entity = ".((int) $entity); $result = $this->db->query($sql); if ($result) { @@ -3093,7 +3123,7 @@ class User extends CommonObject { // phpcs:enable $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."user"; - $sql .= " WHERE fk_user = ".$this->id; + $sql .= " WHERE fk_user = ".((int) $this->id); dol_syslog(get_class($this)."::get_children sql=".$sql, LOG_DEBUG); $res = $this->db->query($sql); diff --git a/htdocs/user/class/usergroup.class.php b/htdocs/user/class/usergroup.class.php index 1f0bb2891c6..b1b3175aaa9 100644 --- a/htdocs/user/class/usergroup.class.php +++ b/htdocs/user/class/usergroup.class.php @@ -227,7 +227,7 @@ class UserGroup extends CommonObject /** * Return array of User objects for group this->id (or all if this->id not defined) * - * @param string $excludefilter Filter to exclude + * @param string $excludefilter Filter to exclude. Do not use here a string coming from user input. * @param int $mode 0=Return array of user instance, 1=Return array of users id only * @return mixed Array of users or -1 on error */ @@ -250,7 +250,7 @@ class UserGroup extends CommonObject $sql .= " AND ug.fk_user = u.rowid"; } if (!empty($this->id)) { - $sql .= " AND ug.fk_usergroup = ".$this->id; + $sql .= " AND ug.fk_usergroup = ".((int) $this->id); } if (!empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && !$user->entity) { $sql .= " AND u.entity IS NOT NULL"; @@ -372,11 +372,11 @@ class UserGroup extends CommonObject $obj = $this->db->fetch_object($result); $nid = $obj->id; - $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_rights WHERE fk_usergroup = $this->id AND fk_id=".$nid." AND entity = ".$entity; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_rights WHERE fk_usergroup = ".((int) $this->id)." AND fk_id=".((int) $nid)." AND entity = ".((int) $entity); if (!$this->db->query($sql)) { $error++; } - $sql = "INSERT INTO ".MAIN_DB_PREFIX."usergroup_rights (entity, fk_usergroup, fk_id) VALUES (".$entity.", ".$this->id.", ".$nid.")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."usergroup_rights (entity, fk_usergroup, fk_id) VALUES (".((int) $entity).", ".((int) $this->id).", ".((int) $nid).")"; if (!$this->db->query($sql)) { $error++; } @@ -486,7 +486,7 @@ class UserGroup extends CommonObject //print "$module-$perms-$subperms"; $sql = "SELECT id"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql .= " WHERE entity = ".$entity; + $sql .= " WHERE entity = ".((int) $entity); if (!empty($wherefordel) && $wherefordel != 'allmodules') { $sql .= " AND ".$wherefordel; } @@ -505,7 +505,7 @@ class UserGroup extends CommonObject $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_rights"; $sql .= " WHERE fk_usergroup = $this->id AND fk_id=".((int) $nid); - $sql .= " AND entity = ".$entity; + $sql .= " AND entity = ".((int) $entity); if (!$this->db->query($sql)) { $error++; } @@ -566,9 +566,9 @@ class UserGroup extends CommonObject $sql = "SELECT r.module, r.perms, r.subperms "; $sql .= " FROM ".MAIN_DB_PREFIX."usergroup_rights as u, ".MAIN_DB_PREFIX."rights_def as r"; $sql .= " WHERE r.id = u.fk_id"; - $sql .= " AND r.entity = ".$conf->entity; - $sql .= " AND u.entity = ".$conf->entity; - $sql .= " AND u.fk_usergroup = ".$this->id; + $sql .= " AND r.entity = ".((int) $conf->entity); + $sql .= " AND u.entity = ".((int) $conf->entity); + $sql .= " AND u.fk_usergroup = ".((int) $this->id); $sql .= " AND r.perms IS NOT NULL"; if ($moduletag) { $sql .= " AND r.module = '".$this->db->escape($moduletag)."'"; diff --git a/htdocs/user/group/card.php b/htdocs/user/group/card.php index 5c1e16e4a0c..1f20b018f2e 100644 --- a/htdocs/user/group/card.php +++ b/htdocs/user/group/card.php @@ -535,9 +535,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/user/note.php b/htdocs/user/note.php index 1ce397626e6..da8c57f918f 100644 --- a/htdocs/user/note.php +++ b/htdocs/user/note.php @@ -137,11 +137,7 @@ if ($id) { print dol_get_fiche_end(); if ($action == 'edit') { - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); } diff --git a/htdocs/user/notify/card.php b/htdocs/user/notify/card.php index 73c9d817ae8..05b45ebf829 100644 --- a/htdocs/user/notify/card.php +++ b/htdocs/user/notify/card.php @@ -232,7 +232,7 @@ if ($result > 0) { $sql .= " ".MAIN_DB_PREFIX."user c"; $sql .= " WHERE a.rowid = n.fk_action"; $sql .= " AND c.rowid = n.fk_user"; - $sql .= " AND c.rowid = ".$object->id; + $sql .= " AND c.rowid = ".((int) $object->id); $sql .= " AND c.entity IN (".getEntity('user').')'; $resql = $db->query($sql); @@ -409,7 +409,7 @@ if ($result > 0) { $sql .= " ".MAIN_DB_PREFIX."notify as n"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as c ON n.fk_user = c.rowid"; $sql .= " WHERE a.rowid = n.fk_action"; - $sql .= " AND n.fk_user = ".$object->id; + $sql .= " AND n.fk_user = ".((int) $object->id); $sql .= $db->order($sortfield, $sortorder); // Count total nb of records diff --git a/htdocs/user/param_ihm.php b/htdocs/user/param_ihm.php index 72f9b075be9..76734c26886 100644 --- a/htdocs/user/param_ihm.php +++ b/htdocs/user/param_ihm.php @@ -328,11 +328,7 @@ if ($action == 'edit') { showSkins($object, (($user->admin || empty($dolibarr_main_demo)) ? 1 : 0), true); - print '
'; - print ''; - print '     '; - print ''; - print '
'; + print $form->buttonsSaveCancel(); } else { print dol_get_fiche_head($head, 'guisetup', $title, -1, 'user'); diff --git a/htdocs/user/passwordforgotten.php b/htdocs/user/passwordforgotten.php index 32fa93cb8a6..5da92482785 100644 --- a/htdocs/user/passwordforgotten.php +++ b/htdocs/user/passwordforgotten.php @@ -97,7 +97,7 @@ if (empty($reshook)) { if ($edituser->pass_temp && dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id, $passworduidhash)) { // Clear session unset($_SESSION['dol_login']); - $_SESSION['dol_loginmesg'] = $langs->trans('NewPasswordValidated'); // Save message for the session page + $_SESSION['dol_loginmesg'] = $langs->transnoentitiesnoconv('NewPasswordValidated'); // Save message for the session page $newpassword = $edituser->setPassword($user, $edituser->pass_temp, 0); dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database"); diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index 5e96a76119c..692b3dc08af 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -217,9 +217,9 @@ $permsgroupbyentity = array(); $sql = "SELECT DISTINCT gr.fk_id, gu.entity"; $sql .= " FROM ".MAIN_DB_PREFIX."usergroup_rights as gr,"; $sql .= " ".MAIN_DB_PREFIX."usergroup_user as gu"; -$sql .= " WHERE gr.entity = ".$entity; +$sql .= " WHERE gr.entity = ".((int) $entity); $sql .= " AND gr.fk_usergroup = gu.fk_usergroup"; -$sql .= " AND gu.fk_user = ".$object->id; +$sql .= " AND gu.fk_user = ".((int) $object->id); dol_syslog("get user perms", LOG_DEBUG); $result = $db->query($sql); diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index 9c584f5b8bb..f514c7c0302 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -221,8 +221,9 @@ if (preg_match('/\.noexe$/i', $original_file)) { accessforbidden('Error: Using the image wrapper to output a file ending with .noexe is not allowed.', 0, 0, 1); } -// Security: Delete string ../ into $original_file -$original_file = str_replace("../", "/", $original_file); +// Security: Delete string ../ or ..\ into $original_file +$original_file = str_replace('../', '/', $original_file); +$original_file = str_replace('..\\', '/', $original_file); // Find the subdirectory name as the reference $refname = basename(dirname($original_file)."/"); diff --git a/htdocs/webservices/admin/index.php b/htdocs/webservices/admin/index.php index 1c78acae84d..eec667c8a74 100644 --- a/htdocs/webservices/admin/index.php +++ b/htdocs/webservices/admin/index.php @@ -91,9 +91,7 @@ print ''; print ''; -print '
'; -print ''; -print '
'; +print $form->buttonsSaveCancel("Save", ''); print ''; diff --git a/htdocs/website/websiteaccount_card.php b/htdocs/website/websiteaccount_card.php index cf4d26b2c33..398affc8cb2 100644 --- a/htdocs/website/websiteaccount_card.php +++ b/htdocs/website/websiteaccount_card.php @@ -140,11 +140,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; } @@ -172,9 +168,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/htdocs/workstation/workstation_card.php b/htdocs/workstation/workstation_card.php index 5b63ca2d481..0cf0f628492 100755 --- a/htdocs/workstation/workstation_card.php +++ b/htdocs/workstation/workstation_card.php @@ -231,11 +231,7 @@ if ($action == 'create') { print dol_get_fiche_end(); - print '
'; - print ''; - print '  '; - print ''; // Cancel for create does not post form if we don't know the backtopage - print '
'; + print $form->buttonsSaveCancel("Create"); print ''; @@ -288,9 +284,7 @@ if (($id || $ref) && $action == 'edit') { print dol_get_fiche_end(); - print '
'; - print '   '; - print '
'; + print $form->buttonsSaveCancel(); print ''; } diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index 37fc7eee703..2d9bfeac49d 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -225,7 +225,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Must must not found $db-> $ok=true; $matches=array(); - // Check string get_class... + // Check string $db-> inside a class.php file (it should be $this->db-> insto such classes) preg_match_all('/'.preg_quote('$db->', '/').'/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { $ok=false; @@ -243,7 +243,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Must must not found $this->db-> $ok=true; $matches=array(); - // Check string get_class... + // Check string $this->db-> into a non class.php file (it shoud be $db-> into such classes) preg_match_all('/'.preg_quote('$this->db->', '/').'/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { $ok=false; @@ -286,6 +286,22 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $ok=true; $matches=array(); + // Check sql string AND ... yyy = ".$xxx + // with xxx that is not 'thi' (for $this->db->sanitize) and 'db-' (for $db->sanitize). It means we forget a ' if string or an (int) if int when forging sql request. + preg_match_all('/(DELETE|OR|AND)\s.*([^\s][^\s][^\s])\s*=\s*"\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER); + foreach ($matches as $key => $val) { + if ($val[2] == 'ity' && $val[3] == 'con') { + continue; + } + var_dump($matches); + $ok=false; + break; + } + //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; + $this->assertTrue($ok, 'Found non quoted or not casted var into sql request '.$file['relativename'].' - Bad.'); + //exit; + + // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. preg_match_all('/=\s*\'"\s*\.\s*\$this->(....)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { @@ -293,16 +309,14 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $ok=false; break; } - //if ($reg[0] != 'db') $ok=false; } //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; $this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['relativename'].' - Bad.'); - //exit; - // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. - preg_match_all('/sql.+\s*\'"\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); + // Check string sql|set...'".$yyy->xxx with xxx that is not 'escape', 'idate', .... It means we forget a db->escape when forging sql request. + preg_match_all('/(sql|SET).+\s*\'"\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { - if (! in_array($val[1], array('this->db-', 'this->esc', 'db->escap', 'dbsession', 'db->idate', 'excludeGr', 'includeGr'))) { + if (! in_array($val[2], array('this->db-', 'this->esc', 'db->escap', 'dbsession', 'db->idate', 'excludeGr', 'includeGr'))) { $ok=false; break; } @@ -341,7 +355,6 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Test that output of $_SERVER\[\'QUERY_STRING\'\] is escaped. $ok=true; $matches=array(); - // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. preg_match_all('/(..............)\$_SERVER\[\'QUERY_STRING\'\]/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { if ($val[1] != 'scape_htmltag(' && $val[1] != 'ing_nohtmltag(' && $val[1] != 'dol_escape_js(') { @@ -355,7 +368,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Test that first param of print_liste_field_titre is a translation key and not the translated value $ok=true; $matches=array(); - // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. + // Check string ='print_liste_field_titre\(\$langs'. preg_match_all('/print_liste_field_titre\(\$langs/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { $ok=false; @@ -367,8 +380,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Test we don't have
$ok=true; $matches=array(); - // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. - preg_match_all('/
/', $filecontent, $matches, PREG_SET_ORDER); + preg_match_all('//', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { if ($file['name'] != 'functions.lib.php') { $ok=false; @@ -381,7 +393,6 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Test we don't have name="token" value="'.$_SESSION['newtoken'], we must use name="token" value="'.newToken() instead. $ok=true; $matches=array(); - // Check string name="token" value="'.$_SESSINON preg_match_all('/name="token" value="\'\s*\.\s*\$_SESSION/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { if ($file['name'] != 'excludefile.php') { @@ -395,7 +406,6 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Test we don't have @var array( $ok=true; $matches=array(); - // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. preg_match_all('/@var\s+array\(/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { $ok=false; diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index 44b391148f5..81eff830b49 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -349,7 +349,8 @@ class SecurityTest extends PHPUnit\Framework\TestCase $_POST["param1"]="333"; $_GET["param2"]='a/b#e(pr)qq-rr\cc'; $_GET["param3"]='"na/b#e(pr)qq-rr\cc'; // Same than param2 + " and n - $_GET["param4"]='../dir'; + $_GET["param4a"]='../../dir'; + $_GET["param4b"]='..\..\dirwindows'; $_GET["param5"]="a_1-b"; $_POST["param6"]="">assertEquals($result, 'na/b#e(pr)qq-rr\cc', 'Test on param3'); - $result=GETPOST("param4", 'alpha'); // Must return string sanitized from ../ + $result=GETPOST("param4a", 'alpha'); // Must return string sanitized from ../ print __METHOD__." result=".$result."\n"; $this->assertEquals($result, 'dir'); + $result=GETPOST("param4b", 'alpha'); // Must return string sanitized from ../ + print __METHOD__." result=".$result."\n"; + $this->assertEquals($result, 'dirwindows'); + // Test with aZ09 $result=GETPOST("param1", 'aZ09'); @@ -412,7 +417,11 @@ class SecurityTest extends PHPUnit\Framework\TestCase print __METHOD__." result=".$result."\n"; $this->assertEquals($result, ''); - $result=GETPOST("param4", 'aZ09'); // Must return '' as string contains car not in aZ09 definition + $result=GETPOST("param4a", 'aZ09'); // Must return '' as string contains car not in aZ09 definition + print __METHOD__." result=".$result."\n"; + $this->assertEquals('', $result); + + $result=GETPOST("param4b", 'aZ09'); // Must return '' as string contains car not in aZ09 definition print __METHOD__." result=".$result."\n"; $this->assertEquals('', $result); @@ -506,7 +515,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase $result=GETPOST("param14", 'restricthtml'); print __METHOD__." result=".$result."\n"; - $this->assertEquals("Text with ' encoded with the numeric html entity converted into text entity ' (like when submited by CKEditor)", $result, 'Test 14'); + $this->assertEquals("Text with ' encoded with the numeric html entity converted into text entity ' (like when submited by CKEditor)", $result, 'Test 14'); $result=GETPOST("param15", 'restricthtml'); // src=>0xbeefed print __METHOD__." result=".$result."\n";