From 3438a4a9f695b9526604f3a0da5857858fe33f31 Mon Sep 17 00:00:00 2001 From: Benjamin Chantalat <74144396+PyroShape@users.noreply.github.com> Date: Thu, 14 Oct 2021 09:33:26 +0200 Subject: [PATCH 01/10] Add the module reception to the calcul of virtual stock --- htdocs/product/class/product.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index acb66eb1ebb..c7a48479f60 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -5281,7 +5281,7 @@ class Product extends CommonObject } $stock_commande_fournisseur = $this->stats_commande_fournisseur['qty']; } - if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD)) || !empty($conf->supplier_order->enabled) || !empty($conf->supplier_invoice->enabled)) && empty($conf->reception->enabled)) { + if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD)) || !empty($conf->supplier_order->enabled) || !empty($conf->supplier_invoice->enabled)) || !empty($conf->reception->enabled)) { $filterStatus = '4'; if (isset($includedraftpoforvirtual)) { $filterStatus = '0,'.$filterStatus; From 5d22eeeff2b946573481983953b446326f89539a Mon Sep 17 00:00:00 2001 From: lvessiller Date: Thu, 14 Oct 2021 16:06:22 +0200 Subject: [PATCH 02/10] FIX user date timezone offset --- htdocs/core/lib/functions.lib.php | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index e0dcc51917b..3ef328924f5 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -2284,8 +2284,17 @@ function dol_print_date($time, $format = '', $tzoutput = 'auto', $outputlangs = } elseif ($tzoutput == 'tzuser' || $tzoutput == 'tzuserrel') { $to_gmt = true; $offsettzstring = (empty($_SESSION['dol_tz_string']) ? 'UTC' : $_SESSION['dol_tz_string']); // Example 'Europe/Berlin' or 'Indian/Reunion' - $offsettz = (empty($_SESSION['dol_tz']) ? 0 : $_SESSION['dol_tz']) * 60 * 60; // Will not be used anymore - $offsetdst = (empty($_SESSION['dol_dst']) ? 0 : $_SESSION['dol_dst']) * 60 * 60; // Will not be used anymore + + if (class_exists('DateTimeZone')) { + $user_date_tz = new DateTimeZone($offsettzstring); + $user_dt = new DateTime(); + $user_dt->setTimezone($user_date_tz); + $user_dt->setTimestamp($time); + $offsettz = $user_dt->getOffset(); + } else { + $offsettz = (empty($_SESSION['dol_tz']) ? 0 : $_SESSION['dol_tz']) * 60 * 60; // Will not be used anymore + $offsetdst = (empty($_SESSION['dol_dst']) ? 0 : $_SESSION['dol_dst']) * 60 * 60; // Will not be used anymore + } } } } From 3d62ee22d323f821b81e725e60c32bfdc1585ef1 Mon Sep 17 00:00:00 2001 From: Henry Date: Fri, 15 Oct 2021 11:13:40 +0800 Subject: [PATCH 03/10] Supplier Invoice Payment List fix the missing multicurrency payments and remainders --- htdocs/fourn/facture/paiement.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/htdocs/fourn/facture/paiement.php b/htdocs/fourn/facture/paiement.php index f0967453701..1dd6f0a0f12 100644 --- a/htdocs/fourn/facture/paiement.php +++ b/htdocs/fourn/facture/paiement.php @@ -642,13 +642,19 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie print ''; if ($objp->multicurrency_code && $objp->multicurrency_code != $conf->currency) { - print price($objp->multicurrency_am); + print price($sign * $multicurrency_payment); + if ($multicurrency_creditnotes) { + print '+'.price($multicurrency_creditnotes); + } + if ($multicurrency_deposits) { + print '+'.price($multicurrency_deposits); + } } print ''; print ''; if ($objp->multicurrency_code && $objp->multicurrency_code != $conf->currency) { - print price($objp->multicurrency_total_ttc - $objp->multicurrency_am); + print price($sign * $multicurrency_remaintopay); } print ''; } From f2757a63a11bdc8b0d645c08c2d252aac42368dc Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 16 Oct 2021 20:06:58 +0200 Subject: [PATCH 04/10] Clean code --- htdocs/comm/action/card.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index 53b6e329c90..00e6b025b44 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -75,8 +75,13 @@ if ($complete == 'na' || $complete == -2) { $complete = -1; } -$datep = dol_mktime($fulldayevent ? '00' : $aphour, $fulldayevent ? '00' : $apmin, 0, GETPOST("apmonth", 'int'), GETPOST("apday", 'int'), GETPOST("apyear", 'int')); -$datef = dol_mktime($fulldayevent ? '23' : $p2hour, $fulldayevent ? '59' : $p2min, $fulldayevent ? '59' : '0', GETPOST("p2month", 'int'), GETPOST("p2day", 'int'), GETPOST("p2year", 'int')); +if ($fulldayevent) { + $datep = dol_mktime('00', '00', 0, GETPOST("apmonth", 'int'), GETPOST("apday", 'int'), GETPOST("apyear", 'int')); + $datef = dol_mktime('23', '59', '59', GETPOST("p2month", 'int'), GETPOST("p2day", 'int'), GETPOST("p2year", 'int')); +} else { + $datep = dol_mktime($aphour, $apmin, 0, GETPOST("apmonth", 'int'), GETPOST("apday", 'int'), GETPOST("apyear", 'int')); + $datef = dol_mktime($p2hour, $p2min, '59', GETPOST("p2month", 'int'), GETPOST("p2day", 'int'), GETPOST("p2year", 'int')); +} // Security check $socid = GETPOST('socid', 'int'); From 830e067eff21993cbfb0fa844a77ca787546d509 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 16 Oct 2021 21:03:47 +0200 Subject: [PATCH 05/10] Fix for tzuser --- htdocs/core/lib/functions.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 3ef328924f5..f70b91283ff 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -2289,9 +2289,9 @@ function dol_print_date($time, $format = '', $tzoutput = 'auto', $outputlangs = $user_date_tz = new DateTimeZone($offsettzstring); $user_dt = new DateTime(); $user_dt->setTimezone($user_date_tz); - $user_dt->setTimestamp($time); + $user_dt->setTimestamp($tzoutput == 'tzuser' ? dol_now() : $time); $offsettz = $user_dt->getOffset(); - } else { + } else { // old method (The 'tzuser' was processed like the 'tzuserrel') $offsettz = (empty($_SESSION['dol_tz']) ? 0 : $_SESSION['dol_tz']) * 60 * 60; // Will not be used anymore $offsetdst = (empty($_SESSION['dol_dst']) ? 0 : $_SESSION['dol_dst']) * 60 * 60; // Will not be used anymore } From 1c07385aba3ad0c7d186ae9ea0475aaab858fae8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 16 Oct 2021 21:22:53 +0200 Subject: [PATCH 06/10] Update product.class.php --- htdocs/product/class/product.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index c7a48479f60..55c48be5088 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -5281,7 +5281,7 @@ class Product extends CommonObject } $stock_commande_fournisseur = $this->stats_commande_fournisseur['qty']; } - if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD)) || !empty($conf->supplier_order->enabled) || !empty($conf->supplier_invoice->enabled)) || !empty($conf->reception->enabled)) { + if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD)) || !empty($conf->supplier_order->enabled) || !empty($conf->supplier_invoice->enabled)) && !empty($conf->reception->enabled)) { $filterStatus = '4'; if (isset($includedraftpoforvirtual)) { $filterStatus = '0,'.$filterStatus; From ee6780c46ead89afae3bf11203eb3020f3b8ed99 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 16 Oct 2021 21:37:12 +0200 Subject: [PATCH 07/10] FIX #18968 --- htdocs/filefunc.inc.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/filefunc.inc.php b/htdocs/filefunc.inc.php index 23852ae4918..1ac8978bbb8 100644 --- a/htdocs/filefunc.inc.php +++ b/htdocs/filefunc.inc.php @@ -176,6 +176,8 @@ if (empty($dolibarr_strict_mode)) { $dolibarr_strict_mode = 0; // For debug in php strict mode } +define('DOL_DOCUMENT_ROOT', $dolibarr_main_document_root); // Filesystem core php (htdocs) + // Security: CSRF protection // This test check if referrer ($_SERVER['HTTP_REFERER']) is same web site than Dolibarr ($_SERVER['HTTP_HOST']) // when we post forms (we allow GET and HEAD to accept direct link from a particular page). @@ -196,6 +198,7 @@ if (!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck)) { if ($csrfattack) { //print 'NOCSRFCHECK='.defined('NOCSRFCHECK').' REQUEST_METHOD='.$_SERVER['REQUEST_METHOD'].' HTTP_HOST='.$_SERVER['HTTP_HOST'].' HTTP_REFERER='.$_SERVER['HTTP_REFERER']; // Note: We can't use dol_escape_htmltag here to escape output because lib functions.lib.ph is not yet loaded. + include_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php'; dol_syslog("--- Access to ".(empty($_SERVER["REQUEST_METHOD"])?'':$_SERVER["REQUEST_METHOD"].' ').$_SERVER["PHP_SELF"]." refused by CSRF protection (Bad referer).", LOG_WARNING); print "Access refused by CSRF protection in main.inc.php. Referer of form (".htmlentities($_SERVER['HTTP_REFERER'], ENT_COMPAT, 'UTF-8').") is outside the server that serve this page (with method = ".htmlentities($_SERVER['REQUEST_METHOD'], ENT_COMPAT, 'UTF-8').").\n"; print "If you access your server behind a proxy using url rewriting, you might check that all HTTP headers are propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file to remove this security check).\n"; @@ -228,7 +231,6 @@ if (empty($dolibarr_main_data_root)) { // Define some constants define('DOL_CLASS_PATH', 'class/'); // Filesystem path to class dir (defined only for some code that want to be compatible with old versions without this parameter) define('DOL_DATA_ROOT', $dolibarr_main_data_root); // Filesystem data (documents) -define('DOL_DOCUMENT_ROOT', $dolibarr_main_document_root); // Filesystem core php (htdocs) // Try to autodetect DOL_MAIN_URL_ROOT and DOL_URL_ROOT. // Note: autodetect works only in case 1, 2, 3 and 4 of phpunit test CoreTest.php. For case 5, 6, only setting value into conf.php will works. $tmp = ''; From 8bdece71019f1e2153ea92c7a1f8b6726d9f9fd9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 16 Oct 2021 21:43:48 +0200 Subject: [PATCH 08/10] CSS --- htdocs/comm/action/index.php | 2 +- htdocs/comm/action/list.php | 2 +- htdocs/comm/action/pertype.php | 2 +- htdocs/comm/action/peruser.php | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index 9b9525925c5..722423c0cd9 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -484,7 +484,7 @@ print ''; $viewmode = ''; $viewmode .= ''; //$viewmode .= ''; -$viewmode .= img_picto($langs->trans("List"), 'object_list', 'class="pictoactionview block"'); +$viewmode .= img_picto($langs->trans("List"), 'object_list', 'class="imgforviewmode pictoactionview block"'); //$viewmode .= ''; $viewmode .= ''.$langs->trans("ViewList").''; diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php index 8dd8c1b9f58..e7a862434de 100644 --- a/htdocs/comm/action/list.php +++ b/htdocs/comm/action/list.php @@ -608,7 +608,7 @@ if ($resql) { $viewmode = ''; $viewmode .= ''; //$viewmode .= ''; - $viewmode .= img_picto($langs->trans("List"), 'object_list', 'class="pictoactionview block"'); + $viewmode .= img_picto($langs->trans("List"), 'object_list', 'class="imgforviewmode pictoactionview block"'); //$viewmode .= ''; $viewmode .= ''.$langs->trans("ViewList").''; diff --git a/htdocs/comm/action/pertype.php b/htdocs/comm/action/pertype.php index b1fecbf6475..08cef7dd80a 100644 --- a/htdocs/comm/action/pertype.php +++ b/htdocs/comm/action/pertype.php @@ -416,7 +416,7 @@ $massactionbutton = ''; $viewmode = ''; $viewmode .= ''; //$viewmode .= ''; -$viewmode .= img_picto($langs->trans("List"), 'object_list', 'class="pictoactionview block"'); +$viewmode .= img_picto($langs->trans("List"), 'object_list', 'class="imgforviewmode pictoactionview block"'); //$viewmode .= ''; $viewmode .= ''.$langs->trans("ViewList").''; diff --git a/htdocs/comm/action/peruser.php b/htdocs/comm/action/peruser.php index 14d052d0257..0d1567ee274 100644 --- a/htdocs/comm/action/peruser.php +++ b/htdocs/comm/action/peruser.php @@ -426,7 +426,7 @@ $massactionbutton = ''; $viewmode = ''; $viewmode .= ''; //$viewmode .= ''; -$viewmode .= img_picto($langs->trans("List"), 'object_list', 'class="pictoactionview block"'); +$viewmode .= img_picto($langs->trans("List"), 'object_list', 'class="imgforviewmode pictoactionview block"'); //$viewmode .= ''; $viewmode .= ''.$langs->trans("ViewList").''; From b30d7371a4e407a0ff069fd28aecfedb063968a9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 17 Oct 2021 12:21:22 +0200 Subject: [PATCH 09/10] Fix allow ' - ' into file name --- htdocs/core/lib/functions.lib.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index f70b91283ff..14685783564 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -1055,7 +1055,7 @@ function dol_size($size, $type = '') /** * Clean a string to use it as a file name. - * Replace also '--' and ' -' strings, they are used for parameters separation. + * Replace also '--' and ' -' strings, they are used for parameters separation (Note: ' - ' is allowed). * * @param string $str String to clean * @param string $newstr String to replace bad chars with. @@ -1073,13 +1073,13 @@ function dol_sanitizeFileName($str, $newstr = '_', $unaccent = 1) $filesystem_forbidden_chars = array('<', '>', '/', '\\', '?', '*', '|', '"', ':', '°', '$', ';'); $tmp = dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars); $tmp = preg_replace('/\-\-+/', '_', $tmp); - $tmp = preg_replace('/\s+\-/', ' _', $tmp); + $tmp = preg_replace('/\s+\-([^\s])/', ' _$1', $tmp); return $tmp; } /** * Clean a string to use it as a path name. - * Replace also '--' and ' -' strings, they are used for parameters separation. + * Replace also '--' and ' -' strings, they are used for parameters separation (Note: ' - ' is allowed). * * @param string $str String to clean * @param string $newstr String to replace bad chars with @@ -1093,7 +1093,7 @@ function dol_sanitizePathName($str, $newstr = '_', $unaccent = 1) $filesystem_forbidden_chars = array('<', '>', '?', '*', '|', '"', '°'); $tmp = dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars); $tmp = preg_replace('/\-\-+/', '_', $tmp); - $tmp = preg_replace('/\s+\-/', ' _', $tmp); + $tmp = preg_replace('/\s+\-([^\s])/', ' _$1', $tmp); return $tmp; } From ccf78a1af49896c972ffd448f403f78163aee960 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 17 Oct 2021 12:30:08 +0200 Subject: [PATCH 10/10] FIX Use of accent into filename of GED --- htdocs/ecm/file_card.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/ecm/file_card.php b/htdocs/ecm/file_card.php index 5ca1667ac9f..209b3dceff2 100644 --- a/htdocs/ecm/file_card.php +++ b/htdocs/ecm/file_card.php @@ -67,7 +67,7 @@ if (!$section) { dol_print_error('', 'Error, section parameter missing'); exit; } -$urlfile = (string) dol_sanitizePathName(GETPOST("urlfile")); +$urlfile = (string) dol_sanitizePathName(GETPOST("urlfile"), '_', 0); if (!$urlfile) { dol_print_error('', "ErrorParamNotDefined"); exit; @@ -131,7 +131,7 @@ if ($action == 'update' && $permtoadd) { $error = 0; $oldlabel = GETPOST('urlfile', 'alpha'); - $newlabel = dol_sanitizeFileName(GETPOST('label', 'alpha')); + $newlabel = dol_sanitizeFileName(GETPOST('label', 'alpha'), '_', 0); $shareenabled = GETPOST('shareenabled', 'alpha'); //$db->begin();