diff --git a/htdocs/accountancy/tpl/export_journal.tpl.php b/htdocs/accountancy/tpl/export_journal.tpl.php index b5b6920e853..d9d158607b6 100644 --- a/htdocs/accountancy/tpl/export_journal.tpl.php +++ b/htdocs/accountancy/tpl/export_journal.tpl.php @@ -15,6 +15,15 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + $prefix = $conf->global->ACCOUNTING_EXPORT_PREFIX_SPEC; $format = $conf->global->ACCOUNTING_EXPORT_FORMAT; $nodateexport = $conf->global->ACCOUNTING_EXPORT_NO_DATE_IN_FILENAME; diff --git a/htdocs/adherents/canvas/default/tpl/adherentcard_create.tpl.php b/htdocs/adherents/canvas/default/tpl/adherentcard_create.tpl.php index f0a50e2e9ba..81f34706966 100644 --- a/htdocs/adherents/canvas/default/tpl/adherentcard_create.tpl.php +++ b/htdocs/adherents/canvas/default/tpl/adherentcard_create.tpl.php @@ -14,8 +14,15 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> diff --git a/htdocs/adherents/canvas/default/tpl/adherentcard_edit.tpl.php b/htdocs/adherents/canvas/default/tpl/adherentcard_edit.tpl.php index 8f3af3fe8df..4a699b75a22 100644 --- a/htdocs/adherents/canvas/default/tpl/adherentcard_edit.tpl.php +++ b/htdocs/adherents/canvas/default/tpl/adherentcard_edit.tpl.php @@ -14,9 +14,16 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + $contact = $GLOBALS['objcanvas']->control->object; ?> diff --git a/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php b/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php index e426429ae05..f19ba96c167 100644 --- a/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php +++ b/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php @@ -14,10 +14,18 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + $contact = $GLOBALS['objcanvas']->control->object; + ?> diff --git a/htdocs/adherents/subscription/info.php b/htdocs/adherents/subscription/info.php index c83771d22ff..05856c35f75 100644 --- a/htdocs/adherents/subscription/info.php +++ b/htdocs/adherents/subscription/info.php @@ -36,7 +36,7 @@ $langs->load("users"); if (!$user->rights->adherent->lire) accessforbidden(); -$rowid=isset($_GET["rowid"])?$_GET["rowid"]:$_POST["rowid"]; +$rowid=GETPOST("rowid",'int'); @@ -44,10 +44,10 @@ $rowid=isset($_GET["rowid"])?$_GET["rowid"]:$_POST["rowid"]; * View */ -llxHeader(); - $form = new Form($db); +llxHeader(); + $object = new Subscription($db); $result = $object->fetch($rowid); diff --git a/htdocs/adherents/tpl/linkedobjectblock.tpl.php b/htdocs/adherents/tpl/linkedobjectblock.tpl.php index 19324812beb..118f51a1a89 100644 --- a/htdocs/adherents/tpl/linkedobjectblock.tpl.php +++ b/htdocs/adherents/tpl/linkedobjectblock.tpl.php @@ -15,8 +15,15 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> @@ -33,7 +40,7 @@ $var=true; $total=0; foreach($linkedObjectBlock as $key => $objectlink) { - + ?> > trans("Subscription"); ?> diff --git a/htdocs/cashdesk/tpl/facturation1.tpl.php b/htdocs/cashdesk/tpl/facturation1.tpl.php index 580012847f5..4372f422518 100644 --- a/htdocs/cashdesk/tpl/facturation1.tpl.php +++ b/htdocs/cashdesk/tpl/facturation1.tpl.php @@ -19,6 +19,14 @@ * */ +// Protection to avoid direct call of template +if (empty($langs) || ! is_object($langs)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + $langs->load("main"); $langs->load("bills"); $langs->load("cashdesk"); diff --git a/htdocs/cashdesk/tpl/liste_articles.tpl.php b/htdocs/cashdesk/tpl/liste_articles.tpl.php index e4b6bc14436..65f48b0603c 100644 --- a/htdocs/cashdesk/tpl/liste_articles.tpl.php +++ b/htdocs/cashdesk/tpl/liste_articles.tpl.php @@ -17,6 +17,14 @@ * */ +// Protection to avoid direct call of template +if (empty($langs) || ! is_object($langs)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; diff --git a/htdocs/cashdesk/tpl/menu.tpl.php b/htdocs/cashdesk/tpl/menu.tpl.php index fd9bcbca77c..4197db6b1b0 100644 --- a/htdocs/cashdesk/tpl/menu.tpl.php +++ b/htdocs/cashdesk/tpl/menu.tpl.php @@ -19,6 +19,14 @@ * along with this program. If not, see . */ +// Protection to avoid direct call of template +if (empty($langs) || ! is_object($langs)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + include_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; include_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; include_once DOL_DOCUMENT_ROOT.'/product/stock/class/entrepot.class.php'; diff --git a/htdocs/cashdesk/tpl/ticket.tpl.php b/htdocs/cashdesk/tpl/ticket.tpl.php index 82b84ba3b56..3937c9dbde3 100644 --- a/htdocs/cashdesk/tpl/ticket.tpl.php +++ b/htdocs/cashdesk/tpl/ticket.tpl.php @@ -16,6 +16,15 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ + +// Protection to avoid direct call of template +if (empty($langs) || ! is_object($langs)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + include_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; $langs->load("main"); diff --git a/htdocs/cashdesk/tpl/validation1.tpl.php b/htdocs/cashdesk/tpl/validation1.tpl.php index bb3d63a9e58..2a390b99c65 100644 --- a/htdocs/cashdesk/tpl/validation1.tpl.php +++ b/htdocs/cashdesk/tpl/validation1.tpl.php @@ -16,6 +16,14 @@ * along with this program. If not, see . */ +// Protection to avoid direct call of template +if (empty($langs) || ! is_object($langs)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + $langs->load("main"); $langs->load("bills"); $langs->load("banks"); diff --git a/htdocs/cashdesk/tpl/validation2.tpl.php b/htdocs/cashdesk/tpl/validation2.tpl.php index a6e2fe2a3f3..a9889451bda 100644 --- a/htdocs/cashdesk/tpl/validation2.tpl.php +++ b/htdocs/cashdesk/tpl/validation2.tpl.php @@ -17,6 +17,14 @@ * */ +// Protection to avoid direct call of template +if (empty($langs) || ! is_object($langs)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + $langs->load("main"); $langs->load("bills"); diff --git a/htdocs/comm/multiprix.php b/htdocs/comm/multiprix.php index 80c6305fcec..dd4e6cef1fa 100644 --- a/htdocs/comm/multiprix.php +++ b/htdocs/comm/multiprix.php @@ -30,7 +30,8 @@ require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; $langs->load("orders"); $langs->load("companies"); -$_socid = $_GET["id"]; +$id = GETPOST('id','int'); +$_socid = GETPOST("id",'int'); // Security check if ($user->societe_id > 0) { @@ -45,10 +46,10 @@ if ($user->societe_id > 0) if ($_POST["action"] == 'setpricelevel') { $soc = New Societe($db); - $soc->fetch($_GET["id"]); + $soc->fetch($id); $soc->set_price_level($_POST["price_level"],$user); - header("Location: multiprix.php?id=".$_GET["id"]); + header("Location: multiprix.php?id=".$id); exit; } @@ -87,7 +88,7 @@ if ($_socid > 0) print '
'; print ''; print ''; - + dol_fiche_head($head, $tabchoice, $langs->trans("ThirdParty"), 0, 'company'); print ''; @@ -122,12 +123,12 @@ if ($_socid > 0) print "
"; dol_fiche_end(); - + print '
'; print "
"; - + print '

'; diff --git a/htdocs/comm/propal/tpl/linkedobjectblock.tpl.php b/htdocs/comm/propal/tpl/linkedobjectblock.tpl.php index f797025a5de..cc8c6fe0547 100644 --- a/htdocs/comm/propal/tpl/linkedobjectblock.tpl.php +++ b/htdocs/comm/propal/tpl/linkedobjectblock.tpl.php @@ -22,6 +22,14 @@ * \ingroup propal * \brief Template to show objects linked to proposals */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> @@ -40,7 +48,7 @@ $var=true; foreach($linkedObjectBlock as $key => $objectlink) { $ilink++; - + $trclass=($var?'pair':'impair'); if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total'; ?> @@ -71,7 +79,7 @@ if (count($linkedObjectBlock) > 1) - diff --git a/htdocs/commande/tpl/linkedobjectblock.tpl.php b/htdocs/commande/tpl/linkedobjectblock.tpl.php index 629cd3c0fb0..39479ba220b 100644 --- a/htdocs/commande/tpl/linkedobjectblock.tpl.php +++ b/htdocs/commande/tpl/linkedobjectblock.tpl.php @@ -15,8 +15,15 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> @@ -36,7 +43,7 @@ $var=true; foreach($linkedObjectBlock as $key => $objectlink) { $ilink++; - + $trclass=($var?'pair':'impair'); if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total'; ?> @@ -76,7 +83,7 @@ if (count($linkedObjectBlock) > 1) - diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index fd9386672e2..e6c30abda2d 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -2538,7 +2538,7 @@ if ($action == 'create') print '    0 ? 'checked':'').' /> "; print '
    0 ? 'checked':'').' /> "; print ''; - + print ''; } } diff --git a/htdocs/compta/facture/tpl/linkedobjectblock.tpl.php b/htdocs/compta/facture/tpl/linkedobjectblock.tpl.php index 63c16afae15..ca3ec7c89c0 100644 --- a/htdocs/compta/facture/tpl/linkedobjectblock.tpl.php +++ b/htdocs/compta/facture/tpl/linkedobjectblock.tpl.php @@ -15,8 +15,15 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> @@ -36,7 +43,7 @@ $var=true; foreach($linkedObjectBlock as $key => $objectlink) { $ilink++; - + $trclass=($var?'pair':'impair'); if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total'; ?> @@ -54,7 +61,7 @@ foreach($linkedObjectBlock as $key => $objectlink) $total = $total + $sign * $objectlink->total_ht; echo price($objectlink->total_ht); } - else + else { echo ''.price($objectlink->total_ht).''; } @@ -76,7 +83,7 @@ if (count($linkedObjectBlock) > 1) - diff --git a/htdocs/compta/facture/tpl/linkedobjectblockForRec.tpl.php b/htdocs/compta/facture/tpl/linkedobjectblockForRec.tpl.php index 2e7858fdb08..288e852de71 100644 --- a/htdocs/compta/facture/tpl/linkedobjectblockForRec.tpl.php +++ b/htdocs/compta/facture/tpl/linkedobjectblockForRec.tpl.php @@ -15,8 +15,15 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> @@ -36,7 +43,7 @@ $var=true; foreach($linkedObjectBlock as $key => $objectlink) { $ilink++; - + $trclass=($var?'pair':'impair'); if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total'; ?> diff --git a/htdocs/contact/canvas/default/tpl/contactcard_create.tpl.php b/htdocs/contact/canvas/default/tpl/contactcard_create.tpl.php index fbd1d1909a8..1561f046845 100644 --- a/htdocs/contact/canvas/default/tpl/contactcard_create.tpl.php +++ b/htdocs/contact/canvas/default/tpl/contactcard_create.tpl.php @@ -13,8 +13,15 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> diff --git a/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php b/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php index 56e91894cdd..1eaccff5a1f 100644 --- a/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php +++ b/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php @@ -13,9 +13,16 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + $contact = $GLOBALS['objcanvas']->control->object; ?> diff --git a/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php b/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php index 5dc1c12808f..6041e7c3e2c 100644 --- a/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php +++ b/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php @@ -13,9 +13,16 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + $contact = $GLOBALS['objcanvas']->control->object; ?> diff --git a/htdocs/contrat/tpl/linkedobjectblock.tpl.php b/htdocs/contrat/tpl/linkedobjectblock.tpl.php index a2da6cef24e..eae46dad772 100644 --- a/htdocs/contrat/tpl/linkedobjectblock.tpl.php +++ b/htdocs/contrat/tpl/linkedobjectblock.tpl.php @@ -14,6 +14,14 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> @@ -33,7 +41,7 @@ $var=true; foreach($linkedObjectBlock as $key => $objectlink) { $ilink++; - + $trclass=($var?'pair':'impair'); if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total'; ?> diff --git a/htdocs/core/actions_builddoc.inc.php b/htdocs/core/actions_builddoc.inc.php index 70876d4bf9a..420715e3d97 100644 --- a/htdocs/core/actions_builddoc.inc.php +++ b/htdocs/core/actions_builddoc.inc.php @@ -33,7 +33,7 @@ // Build doc if ($action == 'builddoc' && $permissioncreate) { - + if (is_numeric(GETPOST('model'))) { $error=$langs->trans("ErrorFieldRequired",$langs->transnoentities("Model")); @@ -48,13 +48,13 @@ if ($action == 'builddoc' && $permissioncreate) dol_print_error('Object must have been loaded by a fetch'); exit; }*/ - + // Save last template used to generate document if (GETPOST('model')) { $object->setDocModel($user, GETPOST('model','alpha')); } - + // Special case to force bank account //if (property_exists($object, 'fk_bank')) //{ @@ -76,13 +76,13 @@ if ($action == 'builddoc' && $permissioncreate) $outputlangs = new Translate("",$conf); $outputlangs->setDefaultLang($newlang); } - + // To be sure vars is defined if (empty($hidedetails)) $hidedetails=0; if (empty($hidedesc)) $hidedesc=0; if (empty($hideref)) $hideref=0; if (empty($moreparams)) $moreparams=null; - + $result= $object->generateDocument($object->modelpdf, $outputlangs, $hidedetails, $hidedesc, $hideref, $moreparams); if ($result <= 0) { @@ -91,11 +91,15 @@ if ($action == 'builddoc' && $permissioncreate) } else { - if (empty($donotredirect)) // This is se when include is done by bulk action "Bill Orders" + if (empty($donotredirect)) // This is set when include is done by bulk action "Bill Orders" { setEventMessages($langs->trans("FileGenerated"), null); - header('Location: '.$_SERVER['REQUEST_URI'].'#builddoc'); + $urltoredirect = $_SERVER['REQUEST_URI']; + $urltoredirect = preg_replace('/#builddoc$/', '', $urltoredirect); + $urltoredirect = preg_replace('/action=builddoc&?/', '', $urltoredirect); // To avoid infinite loop + + header('Location: '.$urltoredirect.'#builddoc'); exit; } } diff --git a/htdocs/core/tpl/admin_extrafields_add.tpl.php b/htdocs/core/tpl/admin_extrafields_add.tpl.php index 62821372e56..d9ba847925d 100644 --- a/htdocs/core/tpl/admin_extrafields_add.tpl.php +++ b/htdocs/core/tpl/admin_extrafields_add.tpl.php @@ -26,6 +26,13 @@ * $elementtype */ +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> @@ -56,11 +63,11 @@ // Case of computed field console.log(type); - if (type == '' || type == 'varchar' || type == 'int' || type == 'double' || type == 'price') { - jQuery("tr.extra_computed_value").show(); + if (type == '' || type == 'varchar' || type == 'int' || type == 'double' || type == 'price') { + jQuery("tr.extra_computed_value").show(); } else { computed_value.val(''); jQuery("tr.extra_computed_value").hide(); - } + } if (computed_value.val()) { console.log("We enter a computed formula"); @@ -75,7 +82,7 @@ jQuery("#default_value, #unique, #required, #alwayseditable, #ishidden, #list").attr('disabled', false); jQuery("tr.extra_default_value, tr.extra_unique, tr.extra_required, tr.extra_alwayseditable, tr.extra_ishidden, tr.extra_list").show(); } - + if (type == 'date') { size.val('').prop('disabled', true); unique.removeAttr('disabled'); jQuery("#value_choice").hide();jQuery("#helpchkbxlst").hide(); } else if (type == 'datetime') { size.val('').prop('disabled', true); unique.removeAttr('disabled'); jQuery("#value_choice").hide(); jQuery("#helpchkbxlst").hide();} else if (type == 'double') { size.val('24,8').removeAttr('disabled'); unique.removeAttr('disabled'); jQuery("#value_choice").hide(); jQuery("#helpchkbxlst").hide();} @@ -90,8 +97,8 @@ else if (type == 'checkbox') { size.val('').prop('disabled', true); unique.removeAttr('checked').prop('disabled', true); jQuery("#value_choice").show();jQuery("#helpselect").show();jQuery("#helpsellist").hide();jQuery("#helpchkbxlst").hide();jQuery("#helplink").hide();} else if (type == 'chkbxlst') { size.val('').prop('disabled', true); unique.removeAttr('checked').prop('disabled', true); jQuery("#value_choice").show();jQuery("#helpselect").hide();jQuery("#helpsellist").hide();jQuery("#helpchkbxlst").show();jQuery("#helplink").hide();} else if (type == 'link') { size.val('').prop('disabled', true); unique.removeAttr('disabled'); jQuery("#value_choice").show();jQuery("#helpselect").hide();jQuery("#helpsellist").hide();jQuery("#helpchkbxlst").hide();jQuery("#helplink").show();} - else if (type == 'separate') { - size.val('').prop('disabled', true); unique.removeAttr('checked').prop('disabled', true); required.val('').prop('disabled', true); + else if (type == 'separate') { + size.val('').prop('disabled', true); unique.removeAttr('checked').prop('disabled', true); required.val('').prop('disabled', true); jQuery("#value_choice").hide();jQuery("#helpselect").hide();jQuery("#helpsellist").hide();jQuery("#helpchkbxlst").hide();jQuery("#helplink").hide(); } else { // type = string @@ -102,12 +109,12 @@ if (type == 'separate') { required.removeAttr('checked').prop('disabled', true); alwayseditable.removeAttr('checked').prop('disabled', true); list.val('').prop('disabled', true); - jQuery('#size, #default_value').val('').prop('disabled', true); + jQuery('#size, #default_value').val('').prop('disabled', true); } else { default_value.removeAttr('disabled'); - required.removeAttr('disabled'); alwayseditable.removeAttr('disabled'); list.val('').removeAttr('disabled'); + required.removeAttr('disabled'); alwayseditable.removeAttr('disabled'); list.val('').removeAttr('disabled'); } } init_typeoffields(''); diff --git a/htdocs/core/tpl/admin_extrafields_edit.tpl.php b/htdocs/core/tpl/admin_extrafields_edit.tpl.php index 6f049c506a3..b8d3cba1d59 100644 --- a/htdocs/core/tpl/admin_extrafields_edit.tpl.php +++ b/htdocs/core/tpl/admin_extrafields_edit.tpl.php @@ -25,6 +25,13 @@ * $elementtype */ +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> @@ -54,11 +61,11 @@ ?> // Case of computed field - if (type == 'varchar' || type == 'int' || type == 'double' || type == 'price') { - jQuery("tr.extra_computed_value").show(); + if (type == 'varchar' || type == 'int' || type == 'double' || type == 'price') { + jQuery("tr.extra_computed_value").show(); } else { computed_value.val(''); jQuery("tr.extra_computed_value").hide(); - } + } if (computed_value.val()) { console.log("We enter a computed formula"); @@ -73,7 +80,7 @@ jQuery("#default_value, #unique, #required, #alwayseditable, #ishidden, #list").attr('disabled', false); jQuery("tr.extra_default_value, tr.extra_unique, tr.extra_required, tr.extra_alwayseditable, tr.extra_ishidden, tr.extra_list").show(); } - + if (type == 'date') { size.val('').prop('disabled', true); unique.removeAttr('disabled'); jQuery("#value_choice").hide();jQuery("#helpchkbxlst").hide(); } else if (type == 'datetime') { size.val('').prop('disabled', true); unique.removeAttr('disabled'); jQuery("#value_choice").hide(); jQuery("#helpchkbxlst").hide();} else if (type == 'double') { size.removeAttr('disabled'); unique.removeAttr('disabled'); jQuery("#value_choice").hide(); jQuery("#helpchkbxlst").hide();} @@ -91,19 +98,19 @@ else if (type == 'separate') { size.val('').prop('disabled', true); unique.removeAttr('checked').prop('disabled', true); required.val('').prop('disabled', true); default_value.val('').prop('disabled', true); jQuery("#value_choice").hide();jQuery("#helpselect").hide();jQuery("#helpsellist").hide();jQuery("#helpchkbxlst").hide();jQuery("#helplink").hide();} else { // type = string size.val('').prop('disabled', true); - unique.removeAttr('disabled'); + unique.removeAttr('disabled'); } if (type == 'separate') { - required.removeAttr('checked').prop('disabled', true); alwayseditable.removeAttr('checked').prop('disabled', true); list.val('').prop('disabled', true); - jQuery('#size, #default_value').val('').prop('disabled', true); + required.removeAttr('checked').prop('disabled', true); alwayseditable.removeAttr('checked').prop('disabled', true); list.val('').prop('disabled', true); + jQuery('#size, #default_value').val('').prop('disabled', true); } else { default_value.removeAttr('disabled'); - required.removeAttr('disabled'); alwayseditable.removeAttr('disabled'); list.val('').removeAttr('disabled'); - } + required.removeAttr('disabled'); alwayseditable.removeAttr('disabled'); list.val('').removeAttr('disabled'); + } } init_typeoffields(jQuery("#type").val()); jQuery("#type").change(function() { @@ -113,7 +120,7 @@ // If we enter a formula, we disable other fields jQuery("#computed_value").keyup(function() { init_typeoffields(jQuery('#type').val()); - }); + }); }); diff --git a/htdocs/core/tpl/admin_extrafields_view.tpl.php b/htdocs/core/tpl/admin_extrafields_view.tpl.php index a6d7e735735..6d3bb43f3b2 100644 --- a/htdocs/core/tpl/admin_extrafields_view.tpl.php +++ b/htdocs/core/tpl/admin_extrafields_view.tpl.php @@ -22,6 +22,14 @@ * $extrafield * $elementtype */ + +// Protection to avoid direct call of template +if (empty($langs) || ! is_object($langs)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> @@ -56,7 +64,7 @@ if (count($extrafields->attribute_type)) { foreach($extrafields->attribute_type as $key => $value) { - + print ''; print "".$extrafields->attribute_pos[$key]."\n"; print "".$extrafields->attribute_label[$key]."\n"; @@ -77,7 +85,7 @@ else { $colspan=9; if (! empty($conf->global->MAIN_CAN_HIDE_EXTRAFIELDS)) $colspan++; - + print ''; print ''; print $langs->trans("None"); diff --git a/htdocs/core/tpl/ajax/fileupload_main.tpl.php b/htdocs/core/tpl/ajax/fileupload_main.tpl.php index 034e9ebc3fc..93f0826e160 100644 --- a/htdocs/core/tpl/ajax/fileupload_main.tpl.php +++ b/htdocs/core/tpl/ajax/fileupload_main.tpl.php @@ -13,8 +13,15 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> diff --git a/htdocs/core/tpl/ajax/fileupload_view.tpl.php b/htdocs/core/tpl/ajax/fileupload_view.tpl.php index 0c048933473..482a3aef8e4 100644 --- a/htdocs/core/tpl/ajax/fileupload_view.tpl.php +++ b/htdocs/core/tpl/ajax/fileupload_view.tpl.php @@ -13,8 +13,15 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> diff --git a/htdocs/core/tpl/ajaxrow.tpl.php b/htdocs/core/tpl/ajaxrow.tpl.php index a5d8ab039b8..af300528111 100644 --- a/htdocs/core/tpl/ajaxrow.tpl.php +++ b/htdocs/core/tpl/ajaxrow.tpl.php @@ -19,6 +19,14 @@ * You can use this if you want to be abale to drag and drop rows of a table. * You must add id="tablelines" on table level tag and have ($nboflines or count($object->lines) or count($taskarray) > 0) */ + +// Protection to avoid direct call of template +if (empty($object) || ! is_object($object)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> diff --git a/htdocs/core/tpl/bloc_showhide.tpl.php b/htdocs/core/tpl/bloc_showhide.tpl.php index 2c5d71c79d5..c572012ca60 100644 --- a/htdocs/core/tpl/bloc_showhide.tpl.php +++ b/htdocs/core/tpl/bloc_showhide.tpl.php @@ -16,6 +16,13 @@ * along with this program. If not, see . */ +// Protection to avoid direct call of template +if (empty($blocname)) +{ + print "Error, template page can't be called as URL"; + exit; +} + $hide = true; // Hide by default if (isset($parameters['showblocbydefault'])) $hide=(empty($parameters['showblocbydefault']) ? true : false); if (isset($object->extraparams[$blocname]['showhide'])) $hide = (empty($object->extraparams[$blocname]['showhide']) ? true : false); diff --git a/htdocs/core/tpl/contacts.tpl.php b/htdocs/core/tpl/contacts.tpl.php index c7b3ea7342f..27d57d3e48a 100644 --- a/htdocs/core/tpl/contacts.tpl.php +++ b/htdocs/core/tpl/contacts.tpl.php @@ -21,6 +21,14 @@ * $withproject (if we are on task contact) */ +// Protection to avoid direct call of template +if (empty($object) || ! is_object($object)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; diff --git a/htdocs/core/tpl/document_actions_post_headers.tpl.php b/htdocs/core/tpl/document_actions_post_headers.tpl.php index e613c479ee0..63046fefa3f 100644 --- a/htdocs/core/tpl/document_actions_post_headers.tpl.php +++ b/htdocs/core/tpl/document_actions_post_headers.tpl.php @@ -24,6 +24,14 @@ // $modulepart = for download // $param = param to add to download links +// Protection to avoid direct call of template +if (empty($langs) || ! is_object($langs)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + $langs->load("link"); if (empty($relativepathwithnofile)) $relativepathwithnofile=''; if (empty($permtoedit)) $permtoedit=-1; diff --git a/htdocs/core/tpl/extrafields_view.tpl.php b/htdocs/core/tpl/extrafields_view.tpl.php index 0f1d581c99f..433e8d07094 100644 --- a/htdocs/core/tpl/extrafields_view.tpl.php +++ b/htdocs/core/tpl/extrafields_view.tpl.php @@ -24,6 +24,14 @@ * $parameters * $cols */ + +// Protection to avoid direct call of template +if (empty($object) || ! is_object($object)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> array('js'=>..., 'table'=>...); +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + header('Cache-Control: Public, must-revalidate'); header("Content-type: text/html; charset=".$conf->file->character_set_client); @@ -54,7 +62,7 @@ print top_htmlhead('', $titleofloginpage, 0, 0, $arrayofjs, array(), 0, $disable dol_use_jmobile)) { ?> diff --git a/htdocs/core/tpl/notes.tpl.php b/htdocs/core/tpl/notes.tpl.php index 2538e052ae4..da3ad8fb234 100644 --- a/htdocs/core/tpl/notes.tpl.php +++ b/htdocs/core/tpl/notes.tpl.php @@ -17,6 +17,14 @@ * along with this program. If not, see . */ +// Protection to avoid direct call of template +if (empty($object) || ! is_object($object)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + // $cssclass must be defined by caller. For example cssclass='fieldtitle" $module = $object->element; $note_public = 'note_public'; diff --git a/htdocs/core/tpl/objectline_create.tpl.php b/htdocs/core/tpl/objectline_create.tpl.php index b123a6e91c2..d44008704be 100644 --- a/htdocs/core/tpl/objectline_create.tpl.php +++ b/htdocs/core/tpl/objectline_create.tpl.php @@ -30,6 +30,13 @@ * $inputalsopricewithtax (0 by default, 1 to also show column with unit price including tax) */ +// Protection to avoid direct call of template +if (empty($object) || ! is_object($object)) +{ + print "Error, template page can't be called as URL"; + exit; +} + $usemargins=0; if (! empty($conf->margin->enabled) && ! empty($object->element) && in_array($object->element,array('facture','propal','commande'))) diff --git a/htdocs/core/tpl/objectline_edit.tpl.php b/htdocs/core/tpl/objectline_edit.tpl.php index 2f839e06281..3b62c0e7814 100644 --- a/htdocs/core/tpl/objectline_edit.tpl.php +++ b/htdocs/core/tpl/objectline_edit.tpl.php @@ -30,6 +30,13 @@ * $inputalsopricewithtax (0 by default, 1 to also show column with unit price including tax) */ +// Protection to avoid direct call of template +if (empty($object) || ! is_object($object)) +{ + print "Error, template page can't be called as URL"; + exit; +} + $usemargins=0; if (! empty($conf->margin->enabled) && ! empty($object->element) && in_array($object->element,array('facture','propal','commande'))) $usemargins=1; @@ -266,21 +273,21 @@ jQuery(document).ready(function() if (event.which != 9 && (event.which < 37 ||event.which > 40) && jQuery("#price_ht").val() != '') { jQuery("#price_ttc").val(''); jQuery("#multicurrency_subprice").val(''); - } + } }); jQuery("#price_ttc").keyup(function(event) { // console.log(event.which); // discard event tag and arrows if (event.which != 9 && (event.which < 37 || event.which > 40) && jQuery("#price_ttc").val() != '') { jQuery("#price_ht").val(''); jQuery("#multicurrency_subprice").val(''); - } + } }); jQuery("#multicurrency_subprice").keyup(function(event) { // console.log(event.which); // discard event tag and arrows if (event.which != 9 && (event.which < 37 || event.which > 40) && jQuery("#price_ttc").val() != '') { jQuery("#price_ht").val(''); jQuery("#price_ttc").val(''); - } + } }); . - * */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> diff --git a/htdocs/core/tpl/passwordforgotten.tpl.php b/htdocs/core/tpl/passwordforgotten.tpl.php index 9e155be88c9..30bc70b72cc 100644 --- a/htdocs/core/tpl/passwordforgotten.tpl.php +++ b/htdocs/core/tpl/passwordforgotten.tpl.php @@ -16,6 +16,14 @@ * along with this program. If not, see . */ +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + header('Cache-Control: Public, must-revalidate'); header("Content-type: text/html; charset=".$conf->file->character_set_client); @@ -40,7 +48,7 @@ print top_htmlhead('',$langs->trans('SendNewPassword')); dol_use_jmobile)) { ?> diff --git a/htdocs/core/tpl/resource_add.tpl.php b/htdocs/core/tpl/resource_add.tpl.php index 28c42c85b71..af1d25aaee1 100644 --- a/htdocs/core/tpl/resource_add.tpl.php +++ b/htdocs/core/tpl/resource_add.tpl.php @@ -1,6 +1,14 @@ 0) foreach ($linked_resources as $linked_resource) { - + $object_resource = fetchObjectByElement($linked_resource['resource_id'],$linked_resource['resource_type']); - + //$element_id = $linked_resource['rowid']; - + if ($mode == 'edit' && $linked_resource['rowid'] == GETPOST('lineid')) { diff --git a/htdocs/ecm/tpl/enablefiletreeajax.tpl.php b/htdocs/ecm/tpl/enablefiletreeajax.tpl.php index bbcbb7090a4..d002281ae34 100644 --- a/htdocs/ecm/tpl/enablefiletreeajax.tpl.php +++ b/htdocs/ecm/tpl/enablefiletreeajax.tpl.php @@ -16,6 +16,14 @@ * * Output javascript for interactions code of ecm module */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> diff --git a/htdocs/expedition/tpl/linkedobjectblock.tpl.php b/htdocs/expedition/tpl/linkedobjectblock.tpl.php index b55654f4786..88811da2eab 100644 --- a/htdocs/expedition/tpl/linkedobjectblock.tpl.php +++ b/htdocs/expedition/tpl/linkedobjectblock.tpl.php @@ -14,8 +14,15 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> @@ -34,7 +41,7 @@ $var=true; foreach($linkedObjectBlock as $key => $objectlink) { $ilink++; - + $trclass=($var?'pair':'impair'); if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total'; ?> @@ -73,7 +80,7 @@ if (count($linkedObjectBlock) > 1) - diff --git a/htdocs/expensereport/tpl/linkedobjectblock.tpl.php b/htdocs/expensereport/tpl/linkedobjectblock.tpl.php index 7fec53bf3d8..95894a8987e 100644 --- a/htdocs/expensereport/tpl/linkedobjectblock.tpl.php +++ b/htdocs/expensereport/tpl/linkedobjectblock.tpl.php @@ -15,8 +15,15 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> @@ -32,7 +39,7 @@ $var=true; $total=0; foreach($linkedObjectBlock as $key => $objectlink) { - + ?> > trans("ExpenseReport"); ?> diff --git a/htdocs/fichinter/tpl/linkedobjectblock.tpl.php b/htdocs/fichinter/tpl/linkedobjectblock.tpl.php index 455f383fd4a..5d180f0aa82 100644 --- a/htdocs/fichinter/tpl/linkedobjectblock.tpl.php +++ b/htdocs/fichinter/tpl/linkedobjectblock.tpl.php @@ -13,8 +13,15 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> @@ -33,7 +40,7 @@ $var=true; foreach($linkedObjectBlock as $key => $objectlink) { $ilink++; - + $trclass=($var?'pair':'impair'); if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total'; ?> diff --git a/htdocs/fourn/commande/tpl/linkedobjectblock.tpl.php b/htdocs/fourn/commande/tpl/linkedobjectblock.tpl.php index 232d12fad3d..113115f9ff8 100644 --- a/htdocs/fourn/commande/tpl/linkedobjectblock.tpl.php +++ b/htdocs/fourn/commande/tpl/linkedobjectblock.tpl.php @@ -14,8 +14,15 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> @@ -35,7 +42,7 @@ $var=true; foreach($linkedObjectBlock as $key => $objectlink) { $ilink++; - + $trclass=($var?'pair':'impair'); if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total'; ?> @@ -66,7 +73,7 @@ if (count($linkedObjectBlock) > 1) - diff --git a/htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php b/htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php index e8154cd8259..ce72f5be42e 100644 --- a/htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php +++ b/htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php @@ -17,6 +17,14 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> @@ -36,7 +44,7 @@ $var=true; foreach($linkedObjectBlock as $key => $objectlink) { $ilink++; - + $trclass=($var?'pair':'impair'); if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total'; ?> @@ -54,7 +62,7 @@ foreach($linkedObjectBlock as $key => $objectlink) $total = $total + $sign * $objectlink->total_ht; echo price($objectlink->total_ht); } - else + else { echo ''.price($objectlink->total_ht).''; } @@ -62,7 +70,7 @@ foreach($linkedObjectBlock as $key => $objectlink) getLibStatut(3); ?> ">transnoentitiesnoconv("RemoveLink")); ?> - 1) { @@ -76,7 +84,7 @@ if (count($linkedObjectBlock) > 1) - diff --git a/htdocs/fourn/index.php b/htdocs/fourn/index.php index 690835a5e99..8f34077ab34 100644 --- a/htdocs/fourn/index.php +++ b/htdocs/fourn/index.php @@ -33,7 +33,7 @@ $langs->load("orders"); $langs->load("companies"); // Security check -$socid = isset($_GET["socid"])?$_GET["socid"]:''; +$socid = GETPOST("socid", 'int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe',$socid,''); @@ -81,7 +81,7 @@ if ($resql) while ($i < $num) { $row = $db->fetch_row($resql); - + print ''; print ''.$langs->trans($commande->statuts[$row[1]]).''; @@ -132,7 +132,7 @@ if (! empty($conf->fournisseur->enabled)) $var = true; while ($i < $num) { - + $obj = $db->fetch_object($resql); print ''; $commandestatic->id=$obj->rowid; @@ -151,7 +151,7 @@ if (! empty($conf->fournisseur->enabled)) } if ($total>0) { - + print ''.$langs->trans("Total").''.price($total).""; } print ""; @@ -190,7 +190,7 @@ if (! empty($conf->fournisseur->enabled) && $user->rights->fournisseur->facture- while ($i < $num && $i < 20) { $obj = $db->fetch_object($resql); - + print ''; $facturestatic->ref=$obj->ref; $facturestatic->id=$obj->rowid; @@ -263,7 +263,7 @@ if ($resql) while ($obj = $db->fetch_object($resql) ) { - + print ''; print ''.img_object($langs->trans("ShowSupplier"),"company").''; @@ -300,7 +300,7 @@ if (count($companystatic->SupplierCategories)) foreach ($companystatic->SupplierCategories as $rowid => $label) { - + print "\n"; print ''; $categstatic->id=$rowid; diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 4febe121156..2b4ad4de3c5 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -81,7 +81,8 @@ function test_sql_and_script_inject($val, $type) // For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests) if ($type != 2) { - $inj += preg_match('/delete\s+from/i', $val); + $inj += preg_match('/updatexml\(/i', $val); + $inj += preg_match('/delete\s+from/i', $val); $inj += preg_match('/create\s+table/i', $val); $inj += preg_match('/update.+set.+=/i', $val); $inj += preg_match('/insert\s+into/i', $val); diff --git a/htdocs/modulebuilder/template/core/tpl/mytemplate.tpl.php b/htdocs/modulebuilder/template/core/tpl/mytemplate.tpl.php index 9d399c44e85..3684ded0092 100644 --- a/htdocs/modulebuilder/template/core/tpl/mytemplate.tpl.php +++ b/htdocs/modulebuilder/template/core/tpl/mytemplate.tpl.php @@ -23,5 +23,13 @@ * Put detailed description here. */ +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + /** Your code here. */ echo "Hello world!"; diff --git a/htdocs/product/canvas/product/tpl/card_create.tpl.php b/htdocs/product/canvas/product/tpl/card_create.tpl.php index 514c5d213d5..e763605f701 100644 --- a/htdocs/product/canvas/product/tpl/card_create.tpl.php +++ b/htdocs/product/canvas/product/tpl/card_create.tpl.php @@ -15,6 +15,14 @@ * along with this program. If not, see . */ +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + $object=$GLOBALS['object']; $statutarray=array('1' => $langs->trans("OnSell"), '0' => $langs->trans("NotOnSell")); diff --git a/htdocs/product/canvas/product/tpl/card_edit.tpl.php b/htdocs/product/canvas/product/tpl/card_edit.tpl.php index 686ad7217b7..c64c5dbe1e4 100644 --- a/htdocs/product/canvas/product/tpl/card_edit.tpl.php +++ b/htdocs/product/canvas/product/tpl/card_edit.tpl.php @@ -15,6 +15,14 @@ * along with this program. If not, see . */ +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + $object=$GLOBALS['object']; $statutarray=array('1' => $langs->trans("OnSell"), '0' => $langs->trans("NotOnSell")); diff --git a/htdocs/product/canvas/product/tpl/card_view.tpl.php b/htdocs/product/canvas/product/tpl/card_view.tpl.php index 771005781cd..44b1f96203b 100644 --- a/htdocs/product/canvas/product/tpl/card_view.tpl.php +++ b/htdocs/product/canvas/product/tpl/card_view.tpl.php @@ -15,6 +15,14 @@ * along with this program. If not, see . */ +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + $object=$GLOBALS['object']; ?> diff --git a/htdocs/product/canvas/product/tpl/list.tpl.php b/htdocs/product/canvas/product/tpl/list.tpl.php index db7cac7e51c..e5c315e8148 100644 --- a/htdocs/product/canvas/product/tpl/list.tpl.php +++ b/htdocs/product/canvas/product/tpl/list.tpl.php @@ -13,8 +13,15 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> @@ -69,7 +76,7 @@ if ($searchfield['enabled']) { if ($searchfield['search']) { ?> - '; $searchpicto=$form->showFilterAndCheckAddButtons(0); print $searchpicto; diff --git a/htdocs/product/canvas/service/tpl/card_create.tpl.php b/htdocs/product/canvas/service/tpl/card_create.tpl.php index e25f69d8848..46db54d63b8 100644 --- a/htdocs/product/canvas/service/tpl/card_create.tpl.php +++ b/htdocs/product/canvas/service/tpl/card_create.tpl.php @@ -13,9 +13,16 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + $object=$GLOBALS['object']; $statutarray=array('1' => $langs->trans("OnSell"), '0' => $langs->trans("NotOnSell")); diff --git a/htdocs/product/canvas/service/tpl/card_edit.tpl.php b/htdocs/product/canvas/service/tpl/card_edit.tpl.php index 27348b7820d..06d1b3ff612 100644 --- a/htdocs/product/canvas/service/tpl/card_edit.tpl.php +++ b/htdocs/product/canvas/service/tpl/card_edit.tpl.php @@ -15,6 +15,14 @@ * along with this program. If not, see . */ +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + $object=$GLOBALS['object']; $statutarray=array('1' => $langs->trans("OnSell"), '0' => $langs->trans("NotOnSell")); diff --git a/htdocs/product/canvas/service/tpl/card_view.tpl.php b/htdocs/product/canvas/service/tpl/card_view.tpl.php index fd5d9ad73bf..fc129132dee 100644 --- a/htdocs/product/canvas/service/tpl/card_view.tpl.php +++ b/htdocs/product/canvas/service/tpl/card_view.tpl.php @@ -15,6 +15,14 @@ * along with this program. If not, see . */ +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + $object=$GLOBALS['object']; ?> diff --git a/htdocs/product/canvas/service/tpl/list.tpl.php b/htdocs/product/canvas/service/tpl/list.tpl.php index ee2a894de98..9951c71fcc3 100644 --- a/htdocs/product/canvas/service/tpl/list.tpl.php +++ b/htdocs/product/canvas/service/tpl/list.tpl.php @@ -13,8 +13,15 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> @@ -69,7 +76,7 @@ if ($searchfield['enabled']) { if ($searchfield['search']) { ?> - '; $searchpicto=$form->showFilterAndCheckAddButtons(0); print $searchpicto; diff --git a/htdocs/product/inventory/tpl/inventory.tpl.php b/htdocs/product/inventory/tpl/inventory.tpl.php index 05de0f4c002..cf74aa21bdc 100644 --- a/htdocs/product/inventory/tpl/inventory.tpl.php +++ b/htdocs/product/inventory/tpl/inventory.tpl.php @@ -1,12 +1,22 @@ + @@ -76,37 +86,37 @@
- + - +

- +
Cet inventaire est validé
- + - + $row) { - + + foreach ($lines as $k=>$row) { + $total_pmp+=$row['pmp_stock']; $total_pa+=$row['pa_stock']; $total_pmp_actual+=$row['pmp_actual']; $total_pa_actual+=$row['pa_actual']; - + if($i%20 === 0) { _headerList($view); @@ -126,18 +136,18 @@ if(!empty($conf->global->INVENTORY_USE_MIN_PA_IF_NO_LAST_PA)){ echo ''; $total_current_pa+=$row['current_pa_stock']; - } - + } + ?> rights->stock->changePMP)) { - echo ''; + echo ''; } ?> @@ -145,8 +155,8 @@ if(!empty($conf->global->INVENTORY_USE_MIN_PA_IF_NO_LAST_PA)){ echo ''; $total_current_pa_actual+=$row['current_pa_actual']; - } - + } + ?> @@ -154,25 +164,25 @@ -
'.price($row['current_pa_stock']).'    - + '.$row['pmp_new'].''.$row['pmp_new'].''.price($row['current_pa_actual']).'
- + status != 1) { ?>
trans('Modify') ?> - rights->stock->changePMP)) { echo ''.$langs->trans('ApplyPMP').''; } - + if ($can_validate == 1) { ?> trans('RegulateStock') ?> @@ -193,13 +203,13 @@ trans('Delete') ?> - +

Date de création : getDate('datec') ?>
Dernière mise à jour : getDate('tms') ?>

- - + + diff --git a/htdocs/product/stock/tpl/stockcorrection.tpl.php b/htdocs/product/stock/tpl/stockcorrection.tpl.php index 4242121177c..732fa8c889d 100644 --- a/htdocs/product/stock/tpl/stockcorrection.tpl.php +++ b/htdocs/product/stock/tpl/stockcorrection.tpl.php @@ -17,6 +17,14 @@ * $object must be defined * $backtopage */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> diff --git a/htdocs/product/stock/tpl/stocktransfer.tpl.php b/htdocs/product/stock/tpl/stocktransfer.tpl.php index 6d028da5663..18f6b831cf2 100644 --- a/htdocs/product/stock/tpl/stocktransfer.tpl.php +++ b/htdocs/product/stock/tpl/stocktransfer.tpl.php @@ -17,6 +17,14 @@ * $object must be defined * $backtopage */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> diff --git a/htdocs/societe/canvas/company/tpl/card_create.tpl.php b/htdocs/societe/canvas/company/tpl/card_create.tpl.php index d542f0553ba..80740381e05 100644 --- a/htdocs/societe/canvas/company/tpl/card_create.tpl.php +++ b/htdocs/societe/canvas/company/tpl/card_create.tpl.php @@ -14,8 +14,15 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> diff --git a/htdocs/societe/canvas/company/tpl/card_edit.tpl.php b/htdocs/societe/canvas/company/tpl/card_edit.tpl.php index 1f6201ec829..82474ae405f 100644 --- a/htdocs/societe/canvas/company/tpl/card_edit.tpl.php +++ b/htdocs/societe/canvas/company/tpl/card_edit.tpl.php @@ -14,9 +14,16 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + $contact = $GLOBALS['objcanvas']->control->object; ?> diff --git a/htdocs/societe/canvas/company/tpl/card_view.tpl.php b/htdocs/societe/canvas/company/tpl/card_view.tpl.php index 21645f14d00..3865e9b95a0 100644 --- a/htdocs/societe/canvas/company/tpl/card_view.tpl.php +++ b/htdocs/societe/canvas/company/tpl/card_view.tpl.php @@ -13,9 +13,16 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + $soc = $GLOBALS['objcanvas']->control->object; ?> diff --git a/htdocs/societe/canvas/individual/tpl/card_create.tpl.php b/htdocs/societe/canvas/individual/tpl/card_create.tpl.php index 1be20214c35..ba5aaf68e44 100644 --- a/htdocs/societe/canvas/individual/tpl/card_create.tpl.php +++ b/htdocs/societe/canvas/individual/tpl/card_create.tpl.php @@ -14,8 +14,15 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> diff --git a/htdocs/societe/canvas/individual/tpl/card_edit.tpl.php b/htdocs/societe/canvas/individual/tpl/card_edit.tpl.php index 90543958902..76db85282db 100644 --- a/htdocs/societe/canvas/individual/tpl/card_edit.tpl.php +++ b/htdocs/societe/canvas/individual/tpl/card_edit.tpl.php @@ -14,8 +14,15 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ + +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> diff --git a/htdocs/societe/canvas/individual/tpl/card_view.tpl.php b/htdocs/societe/canvas/individual/tpl/card_view.tpl.php index 10136048ae6..359f4ec7b44 100644 --- a/htdocs/societe/canvas/individual/tpl/card_view.tpl.php +++ b/htdocs/societe/canvas/individual/tpl/card_view.tpl.php @@ -13,9 +13,16 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . - * */ +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + + $object = $GLOBALS['objcanvas']->control->object; ?> diff --git a/htdocs/societe/tpl/linesalesrepresentative.tpl.php b/htdocs/societe/tpl/linesalesrepresentative.tpl.php index 3ec07697ec7..dc6d6ec4d08 100644 --- a/htdocs/societe/tpl/linesalesrepresentative.tpl.php +++ b/htdocs/societe/tpl/linesalesrepresentative.tpl.php @@ -1,5 +1,12 @@ '; print ' -
'; print $langs->trans('SalesRepresentatives'); diff --git a/htdocs/supplier_proposal/tpl/linkedobjectblock.tpl.php b/htdocs/supplier_proposal/tpl/linkedobjectblock.tpl.php index d313eca10bd..8c49e42f557 100644 --- a/htdocs/supplier_proposal/tpl/linkedobjectblock.tpl.php +++ b/htdocs/supplier_proposal/tpl/linkedobjectblock.tpl.php @@ -17,6 +17,13 @@ * along with this program. If not, see . */ +// Protection to avoid direct call of template +if (empty($conf) || ! is_object($conf)) +{ + print "Error, template page can't be called as URL"; + exit; +} + ?> @@ -33,7 +40,7 @@ $var=true; foreach($linkedObjectBlock as $key => $objectlink) { $ilink++; - + $trclass=($var?'pair':'impair'); if ($ilink == count($linkedObjectBlock) && empty($noMoreLinkedObjectBlockAfter) && count($linkedObjectBlock) <= 1) $trclass.=' liste_sub_total'; ?> @@ -64,7 +71,7 @@ if (count($linkedObjectBlock) > 1)