Fix: Third party emails must not be visible into notification page
This commit is contained in:
Laurent Destailleur
parent
94a8f8a5dc
commit
b48f1abe4e
@ -27,6 +27,7 @@ require_once(DOL_DOCUMENT_ROOT."/lib/admin.lib.php");
|
||||
require_once(DOL_DOCUMENT_ROOT."/includes/triggers/interface_modNotification_Notification.class.php");
|
||||
|
||||
$langs->load("admin");
|
||||
$langs->load("mails");
|
||||
|
||||
// Security check
|
||||
if (!$user->admin)
|
||||
@ -63,7 +64,7 @@ print_fiche_titre($langs->trans("NotificationSetup"),$linkback,'setup');
|
||||
|
||||
print $langs->trans("NotificationsDesc").'<br><br>';
|
||||
|
||||
if ($mesg) print $mesg.'<br>';
|
||||
dol_htmloutput_mesg($mesg);
|
||||
|
||||
print '<form method="post" action="'.$_SERVER["PHP_SELF"].'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
@ -80,6 +81,7 @@ $var=!$var;
|
||||
print '<tr '.$bc[$var].'><td>';
|
||||
print $langs->trans("NotificationEMailFrom").'</td><td>';
|
||||
print '<input size="32" type="text" name="email_from" value="'.$conf->global->NOTIFICATION_EMAIL_FROM.'">';
|
||||
if (! empty($conf->global->NOTIFICATION_EMAIL_FROM) && ! isValidEmail($conf->global->NOTIFICATION_EMAIL_FROM)) print ' '.img_warning($langs->trans("BadEMail"));
|
||||
print '</td></tr>';
|
||||
print '</table>';
|
||||
|
||||
@ -121,5 +123,4 @@ $db->close();
|
||||
|
||||
|
||||
llxFooter();
|
||||
|
||||
?>
|
||||
|
||||
@ -380,7 +380,7 @@ class FormMail
|
||||
$liste=array();
|
||||
$soc=new Societe($this->db);
|
||||
$soc->fetch($this->withtosocid);
|
||||
foreach ($soc->thirdparty_and_contact_email_array() as $key=>$value)
|
||||
foreach ($soc->thirdparty_and_contact_email_array(1) as $key=>$value)
|
||||
{
|
||||
$liste[$key]=$value;
|
||||
}
|
||||
@ -414,7 +414,7 @@ class FormMail
|
||||
$liste=array();
|
||||
$soc=new Societe($this->db);
|
||||
$soc->fetch($this->withtoccsocid);
|
||||
foreach ($soc->thirdparty_and_contact_email_array() as $key=>$value)
|
||||
foreach ($soc->thirdparty_and_contact_email_array(1) as $key=>$value)
|
||||
{
|
||||
$liste[$key]=$value;
|
||||
}
|
||||
@ -448,7 +448,7 @@ class FormMail
|
||||
$liste=array();
|
||||
$soc=new Societe($this->db);
|
||||
$soc->fetch($this->withtosocid);
|
||||
foreach ($soc->thirdparty_and_contact_email_array() as $key=>$value)
|
||||
foreach ($soc->thirdparty_and_contact_email_array(1) as $key=>$value)
|
||||
{
|
||||
$liste[$key]=$value;
|
||||
}
|
||||
|
||||
@ -1545,14 +1545,16 @@ class Societe extends CommonObject
|
||||
|
||||
/**
|
||||
* Return list of contacts emails existing for third party
|
||||
* @return array Array of contacts emails
|
||||
*
|
||||
* @param int $addthirdparty 1=Add also a record for thirdparty email
|
||||
* @return array Array of contacts emails
|
||||
*/
|
||||
function thirdparty_and_contact_email_array()
|
||||
function thirdparty_and_contact_email_array($addthirdparty=0)
|
||||
{
|
||||
global $langs;
|
||||
|
||||
$contact_emails = $this->contact_property_array('email');
|
||||
if ($this->email)
|
||||
if ($this->email && $addthirdparty)
|
||||
{
|
||||
if (empty($this->name)) $this->name=$this->nom;
|
||||
// TODO: Tester si email non deja present dans tableau contact
|
||||
@ -1563,6 +1565,7 @@ class Societe extends CommonObject
|
||||
|
||||
/**
|
||||
* Return list of contacts mobile phone existing for third party
|
||||
*
|
||||
* @return array Array of contacts emails
|
||||
*/
|
||||
function thirdparty_and_contact_phone_array()
|
||||
@ -1581,6 +1584,7 @@ class Societe extends CommonObject
|
||||
|
||||
/**
|
||||
* Return list of contacts emails or mobile existing for third party
|
||||
*
|
||||
* @param mode 'email' or 'mobile'
|
||||
* @return array Array of contacts emails or mobile
|
||||
*/
|
||||
@ -1591,6 +1595,7 @@ class Societe extends CommonObject
|
||||
$sql = "SELECT rowid, email, phone_mobile, name, firstname";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."socpeople";
|
||||
$sql.= " WHERE fk_soc = '".$this->id."'";
|
||||
|
||||
$resql=$this->db->query($sql);
|
||||
if ($resql)
|
||||
{
|
||||
@ -1617,8 +1622,9 @@ class Societe extends CommonObject
|
||||
|
||||
|
||||
/**
|
||||
* \brief Renvoie la liste des contacts de cette societe
|
||||
* \return array tableau des contacts
|
||||
* Renvoie la liste des contacts de cette societe
|
||||
*
|
||||
* @return array tableau des contacts
|
||||
*/
|
||||
function contact_array()
|
||||
{
|
||||
@ -1649,6 +1655,7 @@ class Societe extends CommonObject
|
||||
|
||||
/**
|
||||
* Return property of contact from its id
|
||||
*
|
||||
* @param rowid id of contact
|
||||
* @param mode 'email' or 'mobile'
|
||||
* @return string email of contact
|
||||
@ -1684,7 +1691,9 @@ class Societe extends CommonObject
|
||||
|
||||
|
||||
/**
|
||||
* \brief Affiche le rib
|
||||
* Return bank number property of thirdparty
|
||||
*
|
||||
* @return string Bank number
|
||||
*/
|
||||
function display_rib()
|
||||
{
|
||||
|
||||
@ -33,8 +33,12 @@ $langs->load("mails");
|
||||
$langs->load("admin");
|
||||
$langs->load("other");
|
||||
|
||||
$socid = GETPOST("socid",'int');
|
||||
$action = GETPOST('action');
|
||||
$contactid=GETPOST('contactid'); // May be an int or 'thirdparty'
|
||||
$actionid=GETPOST('actionid');
|
||||
|
||||
// Security check
|
||||
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'societe','','');
|
||||
|
||||
@ -50,11 +54,11 @@ if (! $sortfield) $sortfield="c.name";
|
||||
|
||||
|
||||
/*
|
||||
* Action
|
||||
* Actions
|
||||
*/
|
||||
|
||||
// Add a notification
|
||||
if ($_POST["action"] == 'add')
|
||||
if ($action == 'add')
|
||||
{
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def";
|
||||
$sql .= " WHERE fk_soc=".$socid." AND fk_contact=".$_POST["contactid"]." AND fk_action=".$_POST["actionid"];
|
||||
@ -79,7 +83,7 @@ if ($_POST["action"] == 'add')
|
||||
}
|
||||
|
||||
// Remove a notification
|
||||
if ($_GET["action"] == 'delete')
|
||||
if ($action == 'delete')
|
||||
{
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def where rowid=".$_GET["actid"].";";
|
||||
$db->query($sql);
|
||||
@ -96,9 +100,9 @@ $form = new Form($db);
|
||||
llxHeader();
|
||||
|
||||
$soc = new Societe($db);
|
||||
$soc->id = $socid;
|
||||
$result=$soc->fetch($socid);
|
||||
|
||||
if ( $soc->fetch($soc->id) )
|
||||
if ($result > 0)
|
||||
{
|
||||
$html = new Form($db);
|
||||
$langs->load("other");
|
||||
@ -161,11 +165,12 @@ if ( $soc->fetch($soc->id) )
|
||||
print_liste_field_titre($langs->trans("Contact"),"fiche.php","c.name",'',$param,'"width="45%"',$sortfield,$sortorder);
|
||||
print_liste_field_titre($langs->trans("Action"),"fiche.php","a.titre",'',$param,'"width="35%"',$sortfield,$sortorder);
|
||||
print_liste_field_titre($langs->trans("Type"),"fiche.php","",'',$param,'"width="10%"',$sortfield,$sortorder);
|
||||
print '<td> </td>';
|
||||
print_liste_field_titre('');
|
||||
print '</tr>';
|
||||
|
||||
$var=false;
|
||||
if (count($soc->thirdparty_and_contact_email_array()) > 0)
|
||||
$listofemails=$soc->thirdparty_and_contact_email_array();
|
||||
if (count($listofemails) > 0)
|
||||
{
|
||||
$actions=array();
|
||||
|
||||
@ -180,7 +185,7 @@ if ( $soc->fetch($soc->id) )
|
||||
}
|
||||
print '<input type="hidden" name="action" value="add">';
|
||||
print '<tr '.$bc[$var].'><td>';
|
||||
print $html->selectarray("contactid",$soc->thirdparty_and_contact_email_array());
|
||||
print $html->selectarray("contactid",$listofemails);
|
||||
print '</td>';
|
||||
print '<td>';
|
||||
print $html->selectarray("actionid",$actions,'',1);
|
||||
@ -345,6 +350,7 @@ if ( $soc->fetch($soc->id) )
|
||||
|
||||
print '</table>';
|
||||
}
|
||||
else dol_print_error('','RecordNotFound');
|
||||
|
||||
$db->close();
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user