From c1f3f4c2b5f29ee1a9413540374f6ac79180d616 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 30 Jan 2019 20:01:55 +0100 Subject: [PATCH 1/8] Fix: text for empty line not visible in select --- htdocs/core/class/html.form.class.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 4c4e51c4b13..ee0c35ac3a9 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -1982,7 +1982,7 @@ class Form } else { - print $this->select_produits_list($selected,$htmlname,$filtertype,$limit,$price_level,'',$status,$finished,0,$socid,$showempty,$forcecombo,$morecss,$hidepriceinlabel, $warehouseStatus); + print $this->select_produits_list($selected, $htmlname, $filtertype, $limit, $price_level, '', $status, $finished, 0, $socid, $showempty, $forcecombo, $morecss, $hidepriceinlabel, $warehouseStatus); } } @@ -2175,6 +2175,10 @@ class Form if ($showempty && ! is_numeric($showempty)) $textifempty=$langs->trans($showempty); else $textifempty.=$langs->trans("All"); } + else + { + if ($showempty && ! is_numeric($showempty)) $textifempty=$langs->trans($showempty); + } if ($showempty) $out.=''; $i = 0; From 01f1f6162f35dbaffc9dda096a6aec2b3b3af323 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 30 Jan 2019 20:06:05 +0100 Subject: [PATCH 2/8] Fix phpcs --- .../sociales/class/chargesociales.class.php | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/htdocs/compta/sociales/class/chargesociales.class.php b/htdocs/compta/sociales/class/chargesociales.class.php index 2912c75b201..c898a512911 100644 --- a/htdocs/compta/sociales/class/chargesociales.class.php +++ b/htdocs/compta/sociales/class/chargesociales.class.php @@ -303,13 +303,13 @@ class ChargeSociales extends CommonObject /** - * Met a jour une charge sociale + * Update social or fiscal contribution * - * @param User $user Utilisateur qui modifie + * @param User $user User that modify * @param int $notrigger 0=launch triggers after, 1=disable triggers - * @return int <0 si erreur, >0 si ok + * @return int <0 if KO, >0 if OK */ - function update($user,$notrigger=0) + function update($user, $notrigger=0) { $error=0; $this->db->begin(); @@ -325,11 +325,11 @@ class ChargeSociales extends CommonObject dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql=$this->db->query($sql); - + if (! $resql) { $error++; $this->errors[]="Error ".$this->db->lasterror(); } - + if (! $error) { if (! $notrigger) @@ -340,7 +340,7 @@ class ChargeSociales extends CommonObject // End call triggers } } - + // Commit or rollback if ($error) { @@ -357,8 +357,6 @@ class ChargeSociales extends CommonObject $this->db->commit(); return 1; } - - } /** From 045b8b13ed68721d5b6c961b16c2708a8f1ca7a5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 30 Jan 2019 23:20:57 +0100 Subject: [PATCH 3/8] css --- htdocs/expedition/card.php | 2 +- htdocs/livraison/card.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index f92660a0110..6d5d8b17ffa 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -1752,7 +1752,7 @@ else if ($id || $ref) print '
'; print '
'; - print ''; + print '
'; // Linked documents if ($typeobject == 'commande' && $object->$typeobject->id && ! empty($conf->commande->enabled)) diff --git a/htdocs/livraison/card.php b/htdocs/livraison/card.php index 260c333f362..36847d9c670 100644 --- a/htdocs/livraison/card.php +++ b/htdocs/livraison/card.php @@ -346,7 +346,7 @@ else print ''; print ''; - dol_fiche_head($head, 'delivery', $langs->trans("Shipment"), 0, 'sending'); + dol_fiche_head($head, 'delivery', $langs->trans("Shipment"), -1, 'sending'); /* * Confirmation de la suppression @@ -434,7 +434,7 @@ else print '
'; print '
'; - print '
'; + print '
'; // Shipment /* From 6121771c5fa26ecde705c091424f20aae44cb2b8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 31 Jan 2019 10:16:49 +0100 Subject: [PATCH 4/8] FIX XSS --- htdocs/document.php | 2 +- htdocs/viewimage.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/document.php b/htdocs/document.php index ff6c6f6e635..1df59c07a16 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -74,7 +74,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $encoding = ''; $action=GETPOST('action','alpha'); -$original_file=GETPOST('file','alpha'); // Do not use urldecode here ($_GET are already decoded by PHP). +$original_file=GETPOST('file','alphanohtml'); // Do not use urldecode here ($_GET are already decoded by PHP). $hashp=GETPOST('hashp','aZ09'); $modulepart=GETPOST('modulepart','alpha'); $urlsource=GETPOST('urlsource','alpha'); diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index ea29fe0d8bd..2385a558307 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -84,7 +84,7 @@ require 'main.inc.php'; // Load $user and permissions require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $action=GETPOST('action','alpha'); -$original_file=GETPOST('file','alpha'); // Do not use urldecode here ($_GET are already decoded by PHP). +$original_file=GETPOST('file','alphanohtml'); // Do not use urldecode here ($_GET are already decoded by PHP). $hashp=GETPOST('hashp','aZ09'); $modulepart=GETPOST('modulepart','alpha'); $urlsource=GETPOST('urlsource','alpha'); From 21c089fee93126419d716091fdd1c71037a01954 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 31 Jan 2019 10:16:49 +0100 Subject: [PATCH 5/8] FIX XSS --- htdocs/document.php | 2 +- htdocs/viewimage.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/document.php b/htdocs/document.php index ff6c6f6e635..1df59c07a16 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -74,7 +74,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $encoding = ''; $action=GETPOST('action','alpha'); -$original_file=GETPOST('file','alpha'); // Do not use urldecode here ($_GET are already decoded by PHP). +$original_file=GETPOST('file','alphanohtml'); // Do not use urldecode here ($_GET are already decoded by PHP). $hashp=GETPOST('hashp','aZ09'); $modulepart=GETPOST('modulepart','alpha'); $urlsource=GETPOST('urlsource','alpha'); diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index ea29fe0d8bd..2385a558307 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -84,7 +84,7 @@ require 'main.inc.php'; // Load $user and permissions require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $action=GETPOST('action','alpha'); -$original_file=GETPOST('file','alpha'); // Do not use urldecode here ($_GET are already decoded by PHP). +$original_file=GETPOST('file','alphanohtml'); // Do not use urldecode here ($_GET are already decoded by PHP). $hashp=GETPOST('hashp','aZ09'); $modulepart=GETPOST('modulepart','alpha'); $urlsource=GETPOST('urlsource','alpha'); From 5e46a359e073a4eca38753579f3fd924723ede35 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 31 Jan 2019 10:16:49 +0100 Subject: [PATCH 6/8] FIX XSS --- htdocs/document.php | 2 +- htdocs/viewimage.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/document.php b/htdocs/document.php index 725d079a9f6..d912c9a2d55 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -77,7 +77,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $encoding = ''; $action=GETPOST('action','alpha'); -$original_file=GETPOST('file','alpha'); // Do not use urldecode here ($_GET are already decoded by PHP). +$original_file=GETPOST('file','alphanohtml'); // Do not use urldecode here ($_GET are already decoded by PHP). $hashp=GETPOST('hashp','aZ09'); $modulepart=GETPOST('modulepart','alpha'); $urlsource=GETPOST('urlsource','alpha'); diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index ae2a538ca04..17d5026c0bf 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -79,7 +79,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $action=GETPOST('action','alpha'); -$original_file=GETPOST('file','alpha'); // Do not use urldecode here ($_GET are already decoded by PHP). +$original_file=GETPOST('file','alphanohtml'); // Do not use urldecode here ($_GET are already decoded by PHP). $hashp=GETPOST('hashp','aZ09'); $modulepart=GETPOST('modulepart','alpha'); $urlsource=GETPOST('urlsource','alpha'); From 484b4371c137bb57303451a44de2aa61a6a50cfe Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 31 Jan 2019 10:16:49 +0100 Subject: [PATCH 7/8] FIX XSS Conflicts: htdocs/viewimage.php --- htdocs/document.php | 2 +- htdocs/viewimage.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/document.php b/htdocs/document.php index 1c722e4cb55..ee8b9e9c096 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -81,7 +81,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $encoding = ''; $action=GETPOST('action','alpha'); -$original_file=GETPOST('file','alpha'); // Do not use urldecode here ($_GET are already decoded by PHP). +$original_file=GETPOST('file','alphanohtml'); // Do not use urldecode here ($_GET are already decoded by PHP). $hashp=GETPOST('hashp','aZ09'); $modulepart=GETPOST('modulepart','alpha'); $urlsource=GETPOST('urlsource','alpha'); diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index 7493ef6bee9..1053cc530c9 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -62,7 +62,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $action=GETPOST('action','alpha'); -$original_file=GETPOST("file",'alpha'); +$original_file=GETPOST('file','alphanohtml'); // Do not use urldecode here ($_GET are already decoded by PHP). $modulepart=GETPOST('modulepart','alpha'); $urlsource=GETPOST("urlsource",'alpha'); $entity=GETPOST('entity','int')?GETPOST('entity','int'):$conf->entity; From 4c31749f4b384ded577d96ed09ad124f7a141ec9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 31 Jan 2019 11:11:56 +0100 Subject: [PATCH 8/8] Add tooltip on setup --- htdocs/admin/agenda_other.php | 5 +++-- htdocs/langs/en_US/admin.lang | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/htdocs/admin/agenda_other.php b/htdocs/admin/agenda_other.php index f16226c812b..639671b4647 100644 --- a/htdocs/admin/agenda_other.php +++ b/htdocs/admin/agenda_other.php @@ -35,7 +35,7 @@ if (!$user->admin) accessforbidden(); // Load translation files required by the page -$langs->loadLangs(array('admin', 'other', 'agenda')); +$langs->loadLangs(array('admin', 'other', 'agenda', 'users')); $action = GETPOST('action','alpha'); $value = GETPOST('value','alpha'); @@ -353,7 +353,8 @@ print ''."\n"; // AGENDA_DEFAULT_VIEW print ''."\n"; -print ''."\n"; +$htmltext=$langs->trans("ThisValueCanOverwrittenOnUserLevel", $langs->transnoentitiesnoconv("UserGUISetup")); +print ''."\n"; print ''."\n"; print '
'.$langs->trans("AGENDA_DEFAULT_VIEW").''.$form->textwithpicto($langs->trans("AGENDA_DEFAULT_VIEW"), $htmltext).' '."\n"; $tmplist=array(''=>' ', 'show_list'=>$langs->trans("ViewList"), 'show_month'=>$langs->trans("ViewCal"), 'show_week'=>$langs->trans("ViewWeek"), 'show_day'=>$langs->trans("ViewDay"), 'show_peruser'=>$langs->trans("ViewPerUser")); diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 77b5894b709..d92a0b47bcc 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -1853,4 +1853,5 @@ ConfirmUnactivation=Confirm module reset OnMobileOnly=On small screen (smartphone) only DisableProspectCustomerType=Disable the "Prospect + Customer" third party type (so third party must be Prospect or Customer but can't be both) MAIN_OPTIMIZEFORTEXTBROWSER=Simplify interface for blind person -MAIN_OPTIMIZEFORTEXTBROWSERDesc=Enable this option if you are a blind person, or if you use the application from a text browser like Lynx or Links. \ No newline at end of file +MAIN_OPTIMIZEFORTEXTBROWSERDesc=Enable this option if you are a blind person, or if you use the application from a text browser like Lynx or Links. +ThisValueCanOverwrittenOnUserLevel=This value can be overwritten by each user from its user page - tab '%s' \ No newline at end of file