Merge branch 'develop' of ssh://git@github.com/Dolibarr/dolibarr.git into develop

2012-01-11 20:32:14 +01:00 · 2012-01-11 20:32:14 +01:00 · b793b3887a
commit b793b3887a
parent 851abe00a9 6b727db3d0
28 changed files with 97 additions and 91 deletions
--- a/htdocs/comm/list.php
+++ b/htdocs/comm/list.php
@ -99,7 +99,7 @@ if ($search_sale || !$user->rights->societe->client->voir) $sql.= ", ".MAIN_DB_P
 if ($search_categ) $sql.= ", ".MAIN_DB_PREFIX."categorie_societe as cs";
 $sql.= " WHERE s.fk_stcomm = st.id";
 $sql.= " AND s.client IN (1, 3)";
-$sql.= ' AND s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')';
+$sql.= ' AND s.entity IN ('.getEntity('societe', 1).')';
 if (!$user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 if ($socid) $sql.= " AND s.rowid = ".$socid;
 if ($search_sale) $sql.= " AND s.rowid = sc.fk_soc";		// Join for the needed table to filter by sale
--- a/htdocs/comm/prospect/fiche.php
+++ b/htdocs/comm/prospect/fiche.php
@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2004-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -39,7 +39,7 @@ $langs->load('propal');
 // Security check
 $socid = GETPOST("socid");
 if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'societe',$socid,'');
+$result = restrictedArea($user, 'societe', $socid, '&societe');


 /*
--- a/htdocs/comm/prospect/list.php
+++ b/htdocs/comm/prospect/list.php
@ -178,7 +178,7 @@ $sql.= ", ".MAIN_DB_PREFIX."societe as s";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_departements as d on (d.rowid = s.fk_departement)";
 $sql.= " WHERE s.fk_stcomm = st.id";
 $sql.= " AND s.client IN (2, 3)";
-$sql.= ' AND s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')';
+$sql.= ' AND s.entity IN ('.getEntity('societe', 1).')';
 if ($user->societe_id) $sql.= " AND s.rowid = " .$user->societe_id;
 if ($search_sale) $sql.= " AND s.rowid = sc.fk_soc";		// Join for the needed table to filter by sale
 if ($search_categ) $sql.= " AND s.rowid = cs.fk_societe";	// Join for the needed table to filter by categ
--- a/htdocs/contact/list.php
+++ b/htdocs/contact/list.php
@ -121,7 +121,7 @@ $sql.= " FROM ".MAIN_DB_PREFIX."socpeople as p";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_pays as cp ON cp.rowid = p.fk_pays";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc";
 if (!$user->rights->societe->client->voir && !$socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
-$sql.= ' WHERE p.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')';
+$sql.= ' WHERE p.entity IN ('.getEntity('societe', 1).')';
 if (!$user->rights->societe->client->voir && !$socid) //restriction
 {
 	$sql .= " AND (sc.fk_user = " .$user->id." OR p.fk_soc IS NULL)";
--- a/htdocs/core/boxes/box_produits.php
+++ b/htdocs/core/boxes/box_produits.php
@ -73,7 +73,7 @@ class box_produits extends ModeleBoxes {
 		{
 			$sql = "SELECT p.rowid, p.label, p.price, p.price_base_type, p.price_ttc, p.fk_product_type, p.tms, p.tosell, p.tobuy";
 			$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
-			$sql.= ' WHERE p.entity IN (0,'.(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).')';
+			$sql.= ' WHERE p.entity IN (0,'.getEntity($productstatic->element, 1).')';
 			if (empty($user->rights->produit->lire)) $sql.=' AND p.fk_product_type != 0';
 			if (empty($user->rights->service->lire)) $sql.=' AND p.fk_product_type != 1';
 			$sql.= $db->order('p.datec', 'DESC');
--- a/htdocs/core/class/commonobject.class.php
+++ b/htdocs/core/class/commonobject.class.php
@ -724,7 +724,7 @@ abstract class CommonObject
        if (empty($this->isnolinkedbythird) && !$user->rights->societe->client->voir) $sql.= " AND sc.fk_user = " .$user->id;
        if (! empty($filter)) $sql.=" AND ".$filter;
        if ($this->ismultientitymanaged == 2 || ($this->element != 'societe' && empty($this->isnolinkedbythird) && !$user->rights->societe->client->voir)) $sql.= ' AND te.fk_soc = s.rowid';			// If we need to link to societe to limit select to entity
-        if ($this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN (0,'.(! empty($conf->entities[$this->element]) ? $conf->entities[$this->element] : $conf->entity).')';
+        if ($this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN ('.getEntity($this->element, 1).')';

        //print $sql."<br>";
        $result = $this->db->query($sql);
@ -745,7 +745,7 @@ abstract class CommonObject
        if (empty($this->isnolinkedbythird) && !$user->rights->societe->client->voir) $sql.= " AND sc.fk_user = " .$user->id;
        if (! empty($filter)) $sql.=" AND ".$filter;
        if ($this->ismultientitymanaged == 2 || ($this->element != 'societe' && empty($this->isnolinkedbythird) && !$user->rights->societe->client->voir)) $sql.= ' AND te.fk_soc = s.rowid';			// If we need to link to societe to limit select to entity
-        if ($this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN (0,'.(! empty($conf->entities[$this->element]) ? $conf->entities[$this->element] : $conf->entity).')';
+        if ($this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN ('.getEntity($this->element, 1).')';
        // Rem: Bug in some mysql version: SELECT MIN(rowid) FROM llx_socpeople WHERE rowid > 1 when one row in database with rowid=1, returns 1 instead of null

        //print $sql."<br>";
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@ -1165,7 +1165,7 @@ class Form
        {
            $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_lang as pl ON pl.fk_product = p.rowid AND pl.lang='". $langs->getDefaultLang() ."'";
        }
-        $sql.= ' WHERE p.entity IN (0,'.(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).')';
+        $sql.= ' WHERE p.entity IN ('.getEntity('product', 1).')';
        if ($finished == 0)
        {
            $sql.= " AND p.finished = ".$finished;
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@ -5,7 +5,7 @@
 * Copyright (C) 2004      Sebastien Di Cintio  <sdicintio@ressource-toi.org>
 * Copyright (C) 2004      Benoit Mortier       <benoit.mortier@opensides.be>
 * Copyright (C) 2004      Christophe Combelles <ccomb@free.fr>
- * Copyright (C) 2005-2010 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 * Copyright (C) 2008      Raphael Bertrand (Resultic)       <raphael.bertrand@resultic.fr>
 * Copyright (C) 2010-2011 Juanjo Menent        <jmenent@2byte.es>
 *
@ -193,6 +193,33 @@ function getDoliDBInstance($type, $host, $user, $pass, $name, $port)
    return $dolidb;
 }

+/**
+ * 	Get entity to use
+ * 
+ * 	@param	string	$element	Current element
+ * 	@param	int		$shared		1=Return shared entities
+ * 	@return	mixed				Entity id(s) to use
+ */
+function getEntity($element=false, $shared=false)
+{
+	global $conf, $mc;
+	
+	if (is_object($mc))
+	{
+		return $mc->getEntity($element, $shared);
+	}
+	else
+	{
+		$out='';
+		
+		$addzero = array('user', 'usergroup');
+		if (in_array($element, $addzero)) $out.= '0,';
+		
+		$out.= $conf->entity;
+		
+		return $out;
+	}
+}

 /**
 *  Function called at end of web php process
@ -2392,7 +2419,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
                }
                else
                {
-                	$sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
+                	$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
                }
            }
            else if (in_array($feature,$checksoc))
@ -2411,7 +2438,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
                    $sql.= " WHERE sc.fk_soc = ".$objectid;
                    $sql.= " AND sc.fk_user = ".$user->id;
                    $sql.= " AND sc.fk_soc = s.rowid";
-                    $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
+                    $sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")";
                }
                // If multicompany and internal users with all permissions, check user is in correct entity
                else if (! empty($conf->multicompany->enabled))
@ -2419,7 +2446,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
                    $sql = "SELECT s.rowid";
                    $sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
                    $sql.= " WHERE s.rowid = ".$objectid;
-                    $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
+                    $sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")";
                }
            }
            else if (in_array($feature,$checkother))
@ -2440,7 +2467,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
                    $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = '".$user->id."'";
                    $sql.= " WHERE dbt.rowid = ".$objectid;
                    $sql.= " AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)";	// Contact not linked to a company or to a company of user
-                    $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
+                    $sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
                }
                // If multicompany and internal users with all permissions, check user is in correct entity
                else if (! empty($conf->multicompany->enabled))
@ -2448,7 +2475,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
                    $sql = "SELECT dbt.rowid";
                    $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
                    $sql.= " WHERE dbt.rowid = ".$objectid;
-                    $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
+                    $sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
                }
            }
            else if (in_array($feature,$checkproject))
@ -2482,7 +2509,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
                    $sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
                    $sql.= " AND sc.fk_soc = dbt.".$dbt_keyfield;
                    $sql.= " AND dbt.".$dbt_keyfield." = s.rowid";
-                    $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
+                    $sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")";
                    $sql.= " AND sc.fk_user = ".$user->id;
                }
                // If multicompany and internal users with all permissions, check user is in correct entity
@ -2491,7 +2518,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
                    $sql = "SELECT dbt.".$dbt_select;
                    $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
                    $sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
-                    $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
+                    $sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
                }
            }

--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2008-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2008-2011 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2008-2012 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -145,7 +145,7 @@ function checkLoginPassEntity($usertotest,$passwordtotest,$entitytotest,$authmod
 function dol_loginfunction($langs,$conf,$mysoc)
 {
 	global $dolibarr_main_demo,$db;
-	global $smartphone;
+	global $smartphone,$mc;

 	$langcode=(GETPOST('lang')?((is_object($langs)&&$langs->defaultlang)?$langs->defaultlang:'auto'):GETPOST('lang'));
 	$langs->setDefaultLang($langcode);
@ -214,12 +214,12 @@ function dol_loginfunction($langs,$conf,$mysoc)
 	}

 	// Entity cookie
-	if (! empty($conf->global->MAIN_MODULE_MULTICOMPANY))
+	if (! empty($conf->multicompany->enabled))
 	{
 		$lastuser = '';
 		$lastentity = $_POST['entity'];

-		if (! empty($conf->global->MAIN_MULTICOMPANY_COOKIE))
+		if (! empty($conf->global->MULTICOMPANY_COOKIE_ENABLED))
 		{
 			$prefix=dol_getprefix();
 			$entityCookieName = 'DOLENTITYID_'.$prefix;
--- a/htdocs/langs/ca_ES/products.lang
+++ b/htdocs/langs/ca_ES/products.lang
@ -78,7 +78,7 @@ ContractNotRunning=Aquest contracte no està en servei
 ErrorProductAlreadyExists=Un producte amb la referència %s ja existeix.
 ErrorProductBadRefOrLabel=El valor de la referència o etiqueta és incorrecte
 Suppliers=Proveïdors
-SupplierRef=Ref. proveïdor
+SupplierRef=Ref. producte proveïdor
 ShowProduct=Mostrar producte
 ShowService=Mostrar servei
 ProductsAndServicesArea=Àrea productes i serveis
--- a/htdocs/langs/es_ES/products.lang
+++ b/htdocs/langs/es_ES/products.lang
@ -78,7 +78,7 @@ ContractNotRunning=Este contrato no está en servicio
 ErrorProductAlreadyExists=Un producto con la referencia %s ya existe.
 ErrorProductBadRefOrLabel=El valor de la referencia o etiqueta es incorrecto
 Suppliers=Proveedores
-SupplierRef=Ref. proveedor
+SupplierRef=Ref. producto proveedor
 ShowProduct=Mostrar producto
 ShowService=Mostrar servicio
 ProductsAndServicesArea=Área productos y servicios
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@ -4,7 +4,7 @@
 * Copyright (C) 2004-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2004      Sebastien Di Cintio  <sdicintio@ressource-toi.org>
 * Copyright (C) 2004      Benoit Mortier       <benoit.mortier@opensides.be>
- * Copyright (C) 2005-2011 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 * Copyright (C) 2011      Philippe Grand       <philippe.grand@atoo-net.com>
 * Copyright (C) 2008      Matteli
 * Copyright (C) 2011      Juanjo Menent		<jmenent@2byte.es>
@ -576,7 +576,7 @@ if (! defined('NOLOGIN'))
 			$prefix=dol_getprefix();
 			$entityCookieName = 'DOLENTITYID_'.$prefix;
 			// TTL : is defined in the config page multicompany
-			$ttl = (! empty($conf->global->MULTICOMPANY_COOKIE_TTL) ? $conf->global->MULTICOMPANY_COOKIE_TTL : time()+60*60*8 );
+			$ttl = (! empty($conf->global->MULTICOMPANY_COOKIE_TTL) ? dol_now()+$conf->global->MULTICOMPANY_COOKIE_TTL : dol_now()+60*60*8 );
 			// Cryptkey : will be created randomly in the config page multicompany
 			$cryptkey = (! empty($conf->file->cookie_cryptkey) ? $conf->file->cookie_cryptkey : '' );

--- a/htdocs/master.inc.php
+++ b/htdocs/master.inc.php
@ -4,7 +4,7 @@
 * Copyright (C) 2004-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2004      Sebastien Di Cintio  <sdicintio@ressource-toi.org>
 * Copyright (C) 2004      Benoit Mortier       <benoit.mortier@opensides.be>
- * Copyright (C) 2005-2011 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 * Copyright (C) 2005 	   Simon Tosser         <simon@kornog-computing.com>
 * Copyright (C) 2006 	   Andre Cianfarani     <andre.cianfarani@acdeveloppement.net>
 * Copyright (C) 2010      Juanjo Menent        <jmenent@2byte.es>
@ -137,20 +137,6 @@ if (! defined('NOREQUIREDB'))
 	{
 		$conf->entity = GETPOST("entity",'int');
 	}
-	else if (! empty($conf->file->cookie_cryptkey))
-	{
-		$prefix=dol_getprefix();
-	    $entityCookieName = 'DOLENTITYID_'.$prefix;
-		if (! empty($_COOKIE[$entityCookieName]))	// Just for view specific login page
-		{
-			include_once(DOL_DOCUMENT_ROOT."/core/class/cookie.class.php");
-			$lastuser = '';	$lastentity = '';
-			$entityCookie = new DolCookie($conf->file->cookie_cryptkey);
-			$cookieValue = $entityCookie->_getCookie($entityCookieName);
-			list($lastuser, $lastentity) = explode('|', $cookieValue);
-			$conf->entity = $lastentity;
-		}
-	}

 	//print "Will work with data into entity instance number '".$conf->entity."'";

--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@ -2804,7 +2804,7 @@ class Product extends CommonObject
 		$sql = "SELECT count(p.rowid) as nb";
 		$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
 		$sql.= " WHERE p.fk_product_type <> 1";
-		$sql.= ' AND p.entity IN (0,'.(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).')';
+		$sql.= ' AND p.entity IN ('.getEntity($this->element, 1).')';

 		$resql=$this->db->query($sql);
 		if ($resql)
--- a/htdocs/product/index.php
+++ b/htdocs/product/index.php
@ -105,7 +105,7 @@ $prodser[0][0]=$prodser[0][1]=$prodser[1][0]=$prodser[1][1]=0;

 $sql = "SELECT COUNT(p.rowid) as total, p.fk_product_type, p.tosell, p.tobuy";
 $sql.= " FROM ".MAIN_DB_PREFIX."product as p";
-$sql.= " WHERE p.entity IN (0,".(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).")";
+$sql.= ' WHERE p.entity IN ('.getEntity($product_static->element, 1).')';
 $sql.= " GROUP BY p.fk_product_type, p.tosell, p.tobuy";
 $result = $db->query($sql);
 while ($objp = $db->fetch_object($result))
@ -165,7 +165,7 @@ $max=15;
 $sql = "SELECT p.rowid, p.label, p.price, p.ref, p.fk_product_type, p.tosell, p.tobuy,";
 $sql.= " p.tms as datem";
 $sql.= " FROM ".MAIN_DB_PREFIX."product as p";
-$sql.= " WHERE p.entity IN (0,".(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).")";
+$sql.= " WHERE p.entity IN (".getEntity($sharedelement, 1).")";
 if ($type != '') $sql.= " AND p.fk_product_type = ".$type;
 $sql.= $db->order("p.tms","DESC");
 $sql.= $db->plimit($max,0);
--- a/htdocs/product/liste.php
+++ b/htdocs/product/liste.php
@ -136,7 +136,7 @@ else
    	//$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur as pf ON p.rowid = pf.fk_product";
    	$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON p.rowid = pfp.fk_product";
    //}
-    $sql.= ' WHERE p.entity IN ('.(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).')';
+    $sql.= ' WHERE p.entity IN ('.getEntity('product', 1).')';
    if ($search_categ) $sql.= " AND p.rowid = cp.fk_product";	// Join for the needed table to filter by categ
    if ($sall)
    {
--- a/htdocs/societe/class/client.class.php
+++ b/htdocs/societe/class/client.class.php
@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2004      Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -63,7 +63,7 @@ class Client extends Societe
        	$clause = "AND";
        }
        $sql.= " ".$clause." s.client IN (1,2,3)";
-        $sql.= ' AND s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')';
+        $sql.= ' AND s.entity IN ('.getEntity($this->element, 1).')';
        $sql.= " GROUP BY s.client";

        $resql=$this->db->query($sql);
--- a/htdocs/societe/class/societe.class.php
+++ b/htdocs/societe/class/societe.class.php
@ -4,7 +4,7 @@
 * Copyright (C) 2004      Eric Seigne          <eric.seigne@ryxeo.com>
 * Copyright (C) 2003      Brian Fraval         <brian@fraval.org>
 * Copyright (C) 2006      Andre Cianfarani     <acianfa@free.fr>
- * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 * Copyright (C) 2008      Patrick Raguin       <patrick.raguin@auguria.net>
 * Copyright (C) 2010-2011 Juanjo Menent        <jmenent@2byte.es>
 *
--- a/htdocs/societe/index.php
+++ b/htdocs/societe/index.php
@ -28,7 +28,7 @@ require_once(DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php');

 $langs->load("companies");

-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
 if ($user->societe_id) $socid=$user->societe_id;

 // Security check
@ -80,9 +80,9 @@ $total=0;

 $sql = "SELECT s.rowid, s.client, s.fournisseur";
 $sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
-if (! $user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
-$sql.= ' WHERE s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')';
-if (! $user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+$sql.= ' WHERE s.entity IN ('.getEntity('societe', 1).')';
+if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 if ($socid)	$sql.= " AND s.rowid = ".$socid;

 $result = $db->query($sql);
@ -149,9 +149,9 @@ print '</td><td valign="top" width="70%" class="notopnoleftnoright">';
 $max=15;
 $sql = "SELECT s.rowid, s.nom as name, s.client, s.fournisseur, s.canvas, s.tms as datem, s.status as status";
 $sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
-if (! $user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
-$sql.= ' WHERE s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')';
-if (! $user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+$sql.= ' WHERE s.entity IN ('.getEntity('societe', 1).')';
+if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 if ($socid)	$sql.= " AND s.rowid = ".$socid;
 $sql.= " AND (";
 if (! empty($conf->societe->enabled)) $sql.=" s.client IN (1,2,3)";
--- a/htdocs/user/fiche.php
+++ b/htdocs/user/fiche.php
@ -3,7 +3,7 @@
 * Copyright (C) 2002-2003 Jean-Louis Bergamo   <jlb@j1b.org>
 * Copyright (C) 2004-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2004      Eric Seigne          <eric.seigne@ryxeo.com>
- * Copyright (C) 2005-2011 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 * Copyright (C) 2005      Lionel Cousteix      <etm_ltd@tiscali.co.uk>
 * Copyright (C) 2011      Herve Prot           <herve.prot@symeos.com>
 *
@ -64,7 +64,7 @@ if ($id)
 }

 //Multicompany in mode transversal
-if(! empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->multicompany->transverse_mode)
+if (! empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->multicompany->transverse_mode)
 {
    accessforbidden();
 }
@ -74,7 +74,7 @@ $socid=0;
 if ($user->societe_id > 0) $socid = $user->societe_id;
 $feature2='user';
 if ($user->id == $id) { $feature2=''; $canreaduser=1; } // A user can always read its own card
-$result = restrictedArea($user, 'user', $id, '', $feature2);
+$result = restrictedArea($user, 'user', $id, '&user', $feature2);
 if ($user->id <> $id && ! $canreaduser) accessforbidden();

 $langs->load("users");
--- a/htdocs/user/group/fiche.php
+++ b/htdocs/user/group/fiche.php
@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2005      Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2005-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2011 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 * Copyright (C) 2011      Herve Prot           <herve.prot@symeos.com>
 *
 * This program is free software; you can redistribute it and/or modify
@ -49,7 +49,7 @@ $confirm=GETPOST("confirm");
 $userid=GETPOST("user","int");

 // Security check
-$result = restrictedArea($user, 'user', $_GET["id"], 'usergroup', 'user');
+$result = restrictedArea($user, 'user', $id, 'usergroup&usergroup', 'user');

 if(! empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->multicompany->transverse_mode)
 {
--- a/htdocs/user/group/ldap.php
+++ b/htdocs/user/group/ldap.php
@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2006-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2006      Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2006-2012 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -39,8 +39,7 @@ if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))
 	$canreadperms=($user->admin || $user->rights->user->group_advance->read);
 }

-// Protection quand utilisateur externe
-$contactid = isset($_GET["id"])?$_GET["id"]:'';
+$id = GETPOST('id', 'int');

 $socid=0;
 if ($user->societe_id > 0)
@ -48,8 +47,8 @@ if ($user->societe_id > 0)
    $socid = $user->societe_id;
 }

-$fgroup = new Usergroup($db, $_GET["id"]);
-$fgroup->fetch($_GET["id"]);
+$fgroup = new Usergroup($db);
+$fgroup->fetch($id);
 $fgroup->getrights();


--- a/htdocs/user/group/perms.php
+++ b/htdocs/user/group/perms.php
@ -3,7 +3,7 @@
 * Copyright (C) 2002-2003 Jean-Louis Bergamo   <jlb@j1b.org>
 * Copyright (C) 2004-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2004      Eric Seigne          <eric.seigne@ryxeo.com>
- * Copyright (C) 2005-2011 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
--- a/htdocs/user/info.php
+++ b/htdocs/user/info.php
@ -1,5 +1,6 @@
 <?php
 /* Copyright (C) 2004-2007 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -41,7 +42,7 @@ if ($user->id == $id)	// A user can always read its own card
 {
 	$feature2='';
 }
-$result = restrictedArea($user, 'user', $id, '', $feature2);
+$result = restrictedArea($user, 'user', $id, '&user', $feature2);

 // If user is not user read and no permission to read other users, we stop
 if (($fuser->id != $user->id) && (! $user->rights->user->user->lire))
--- a/htdocs/user/ldap.php
+++ b/htdocs/user/ldap.php
@ -1,6 +1,6 @@
 <?php
-/* Copyright (C) 2006 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2006 Regis Houssin        <regis@dolibarr.fr>
+/* Copyright (C) 2006-2012 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2006-2012 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -32,21 +32,17 @@ $langs->load("admin");
 $langs->load("companies");
 $langs->load("ldap");

-// Protection quand utilisateur externe
-$contactid = isset($_GET["id"])?$_GET["id"]:'';
+$id = GETPOST('id', 'int');

 // Security check
 $socid=0;
 if ($user->societe_id > 0) $socid = $user->societe_id;
 $feature2 = (($socid && $user->rights->user->self->creer)?'':'user');
-if ($user->id == $_GET["id"])	// A user can always read its own card
-{
-    $feature2='';
-}
-$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2);
+if ($user->id == $id) $feature2=''; // A user can always read its own card
+$result = restrictedArea($user, 'user', $id, '&user', $feature2);

 $fuser = new User($db);
-$fuser->fetch($_GET["id"]);
+$fuser->fetch($id);
 $fuser->getrights();


--- a/htdocs/user/note.php
+++ b/htdocs/user/note.php
@ -1,6 +1,7 @@
 <?php
 /* Copyright (C) 2004      Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2004-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -38,18 +39,14 @@ $fuser = new User($db);
 $fuser->fetch($id);

 // If user is not user read and no permission to read other users, we stop
-if (($fuser->id != $user->id) && (! $user->rights->user->user->lire))
-  accessforbidden();
+if (($fuser->id != $user->id) && (! $user->rights->user->user->lire)) accessforbidden();

 // Security check
 $socid=0;
 if ($user->societe_id > 0) $socid = $user->societe_id;
 $feature2 = (($socid && $user->rights->user->self->creer)?'':'user');
-if ($user->id == $_GET["id"])	// A user can always read its own card
-{
-	$feature2='';
-}
-$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2);
+if ($user->id == $id) $feature2=''; // A user can always read its own card
+$result = restrictedArea($user, 'user', $id, '&user', $feature2);



--- a/htdocs/user/param_ihm.php
+++ b/htdocs/user/param_ihm.php
@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2005-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2010      Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2010-2012 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -54,7 +54,7 @@ if ($user->id == $id)	// A user can always read its own card
    $feature2='';
    $canreaduser=1;
 }
-$result = restrictedArea($user, 'user', $id, '', $feature2);
+$result = restrictedArea($user, 'user', $id, '&user', $feature2);
 if ($user->id <> $id && ! $canreaduser) accessforbidden();

 $dirtop = "../core/menus/standard";
--- a/htdocs/user/perms.php
+++ b/htdocs/user/perms.php
@ -3,7 +3,7 @@
 * Copyright (C) 2002-2003 Jean-Louis Bergamo   <jlb@j1b.org>
 * Copyright (C) 2004-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2004      Eric Seigne          <eric.seigne@ryxeo.com>
- * Copyright (C) 2005-2011 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -30,10 +30,10 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/usergroups.lib.php");
 $langs->load("users");
 $langs->load("admin");

-$id=GETPOST('id','int');
-$action=GETPOST("action");
-$confirm=GETPOST("confirm");
-$module=GETPOST("module");
+$id=GETPOST('id', 'int');
+$action=GETPOST('action', 'alpha');
+$confirm=GETPOST('confirm', 'alpha');
+$module=GETPOST('module');

 if (! isset($id) || empty($id)) accessforbidden();

@ -58,7 +58,7 @@ if ($user->id == $id)	// A user can always read its own card
 	$feature2='';
 	$canreaduser=1;
 }
-$result = restrictedArea($user, 'user', $id, '', $feature2);
+$result = restrictedArea($user, 'user', $id, '&user', $feature2);
 if ($user->id <> $id && ! $canreaduser) accessforbidden();