From 9339119455c373413d4f044f27a496be406d2db9 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 11 Jan 2012 21:14:14 +0800 Subject: [PATCH 1/5] New: use getEntity() instead $conf->entity --- htdocs/comm/list.php | 2 +- htdocs/comm/prospect/list.php | 2 +- htdocs/contact/list.php | 2 +- htdocs/core/boxes/box_produits.php | 2 +- htdocs/core/class/commonobject.class.php | 4 +-- htdocs/core/class/html.form.class.php | 2 +- htdocs/core/lib/functions.lib.php | 36 ++++++++++++++++++------ htdocs/product/class/product.class.php | 2 +- htdocs/product/index.php | 4 +-- htdocs/product/liste.php | 2 +- htdocs/societe/class/client.class.php | 5 ++-- htdocs/societe/class/societe.class.php | 2 +- htdocs/societe/index.php | 14 ++++----- 13 files changed, 50 insertions(+), 29 deletions(-) diff --git a/htdocs/comm/list.php b/htdocs/comm/list.php index 10bd6545bf4..0c47814e6f1 100755 --- a/htdocs/comm/list.php +++ b/htdocs/comm/list.php @@ -99,7 +99,7 @@ if ($search_sale || !$user->rights->societe->client->voir) $sql.= ", ".MAIN_DB_P if ($search_categ) $sql.= ", ".MAIN_DB_PREFIX."categorie_societe as cs"; $sql.= " WHERE s.fk_stcomm = st.id"; $sql.= " AND s.client IN (1, 3)"; -$sql.= ' AND s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')'; +$sql.= ' AND s.entity IN ('.getEntity('societe', 1).')'; if (!$user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socid) $sql.= " AND s.rowid = ".$socid; if ($search_sale) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale diff --git a/htdocs/comm/prospect/list.php b/htdocs/comm/prospect/list.php index a6529acd01f..fc1a2796fae 100755 --- a/htdocs/comm/prospect/list.php +++ b/htdocs/comm/prospect/list.php @@ -178,7 +178,7 @@ $sql.= ", ".MAIN_DB_PREFIX."societe as s"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_departements as d on (d.rowid = s.fk_departement)"; $sql.= " WHERE s.fk_stcomm = st.id"; $sql.= " AND s.client IN (2, 3)"; -$sql.= ' AND s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')'; +$sql.= ' AND s.entity IN ('.getEntity('societe', 1).')'; if ($user->societe_id) $sql.= " AND s.rowid = " .$user->societe_id; if ($search_sale) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale if ($search_categ) $sql.= " AND s.rowid = cs.fk_societe"; // Join for the needed table to filter by categ diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index 025c550ea34..a495a3e7323 100755 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -121,7 +121,7 @@ $sql.= " FROM ".MAIN_DB_PREFIX."socpeople as p"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_pays as cp ON cp.rowid = p.fk_pays"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc"; if (!$user->rights->societe->client->voir && !$socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; -$sql.= ' WHERE p.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')'; +$sql.= ' WHERE p.entity IN ('.getEntity('societe', 1).')'; if (!$user->rights->societe->client->voir && !$socid) //restriction { $sql .= " AND (sc.fk_user = " .$user->id." OR p.fk_soc IS NULL)"; diff --git a/htdocs/core/boxes/box_produits.php b/htdocs/core/boxes/box_produits.php index 5c125cf421e..6e031577cbc 100644 --- a/htdocs/core/boxes/box_produits.php +++ b/htdocs/core/boxes/box_produits.php @@ -73,7 +73,7 @@ class box_produits extends ModeleBoxes { { $sql = "SELECT p.rowid, p.label, p.price, p.price_base_type, p.price_ttc, p.fk_product_type, p.tms, p.tosell, p.tobuy"; $sql.= " FROM ".MAIN_DB_PREFIX."product as p"; - $sql.= ' WHERE p.entity IN (0,'.(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).')'; + $sql.= ' WHERE p.entity IN (0,'.getEntity($productstatic->element, 1).')'; if (empty($user->rights->produit->lire)) $sql.=' AND p.fk_product_type != 0'; if (empty($user->rights->service->lire)) $sql.=' AND p.fk_product_type != 1'; $sql.= $db->order('p.datec', 'DESC'); diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 13bc1347a1d..4168a97166f 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -724,7 +724,7 @@ abstract class CommonObject if (empty($this->isnolinkedbythird) && !$user->rights->societe->client->voir) $sql.= " AND sc.fk_user = " .$user->id; if (! empty($filter)) $sql.=" AND ".$filter; if ($this->ismultientitymanaged == 2 || ($this->element != 'societe' && empty($this->isnolinkedbythird) && !$user->rights->societe->client->voir)) $sql.= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to entity - if ($this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN (0,'.(! empty($conf->entities[$this->element]) ? $conf->entities[$this->element] : $conf->entity).')'; + if ($this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN ('.getEntity($this->element, 1).')'; //print $sql."
"; $result = $this->db->query($sql); @@ -745,7 +745,7 @@ abstract class CommonObject if (empty($this->isnolinkedbythird) && !$user->rights->societe->client->voir) $sql.= " AND sc.fk_user = " .$user->id; if (! empty($filter)) $sql.=" AND ".$filter; if ($this->ismultientitymanaged == 2 || ($this->element != 'societe' && empty($this->isnolinkedbythird) && !$user->rights->societe->client->voir)) $sql.= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to entity - if ($this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN (0,'.(! empty($conf->entities[$this->element]) ? $conf->entities[$this->element] : $conf->entity).')'; + if ($this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN ('.getEntity($this->element, 1).')'; // Rem: Bug in some mysql version: SELECT MIN(rowid) FROM llx_socpeople WHERE rowid > 1 when one row in database with rowid=1, returns 1 instead of null //print $sql."
"; diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 67c3e44fe87..f2c0f2aedc4 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -1165,7 +1165,7 @@ class Form { $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_lang as pl ON pl.fk_product = p.rowid AND pl.lang='". $langs->getDefaultLang() ."'"; } - $sql.= ' WHERE p.entity IN (0,'.(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).')'; + $sql.= ' WHERE p.entity IN ('.getEntity('product', 1).')'; if ($finished == 0) { $sql.= " AND p.finished = ".$finished; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index d80fa593d5f..8227e33f119 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -5,7 +5,7 @@ * Copyright (C) 2004 Sebastien Di Cintio * Copyright (C) 2004 Benoit Mortier * Copyright (C) 2004 Christophe Combelles - * Copyright (C) 2005-2010 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2008 Raphael Bertrand (Resultic) * Copyright (C) 2010-2011 Juanjo Menent * @@ -193,6 +193,26 @@ function getDoliDBInstance($type, $host, $user, $pass, $name, $port) return $dolidb; } +/** + * Get entity to use + * + * @param string $element Current element + * @param int $shared 1=Return shared entities + * @return mixed Entity id(s) to use + */ +function getEntity($element=false, $shared=false) +{ + global $conf, $mc; + + if (is_object($mc)) + { + return $mc->getEntity($element, $shared); + } + else + { + return $conf->entity; + } +} /** * Function called at end of web php process @@ -2392,7 +2412,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' } else { - $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")"; + $sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } } else if (in_array($feature,$checksoc)) @@ -2411,7 +2431,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' $sql.= " WHERE sc.fk_soc = ".$objectid; $sql.= " AND sc.fk_user = ".$user->id; $sql.= " AND sc.fk_soc = s.rowid"; - $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")"; + $sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")"; } // If multicompany and internal users with all permissions, check user is in correct entity else if (! empty($conf->multicompany->enabled)) @@ -2419,7 +2439,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' $sql = "SELECT s.rowid"; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql.= " WHERE s.rowid = ".$objectid; - $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")"; + $sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")"; } } else if (in_array($feature,$checkother)) @@ -2440,7 +2460,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = '".$user->id."'"; $sql.= " WHERE dbt.rowid = ".$objectid; $sql.= " AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)"; // Contact not linked to a company or to a company of user - $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")"; + $sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } // If multicompany and internal users with all permissions, check user is in correct entity else if (! empty($conf->multicompany->enabled)) @@ -2448,7 +2468,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' $sql = "SELECT dbt.rowid"; $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; $sql.= " WHERE dbt.rowid = ".$objectid; - $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")"; + $sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } } else if (in_array($feature,$checkproject)) @@ -2482,7 +2502,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' $sql.= " WHERE dbt.".$dbt_select." = ".$objectid; $sql.= " AND sc.fk_soc = dbt.".$dbt_keyfield; $sql.= " AND dbt.".$dbt_keyfield." = s.rowid"; - $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")"; + $sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")"; $sql.= " AND sc.fk_user = ".$user->id; } // If multicompany and internal users with all permissions, check user is in correct entity @@ -2491,7 +2511,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' $sql = "SELECT dbt.".$dbt_select; $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; $sql.= " WHERE dbt.".$dbt_select." = ".$objectid; - $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")"; + $sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } } diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 6d3a63efe2b..4adfc33c371 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -2804,7 +2804,7 @@ class Product extends CommonObject $sql = "SELECT count(p.rowid) as nb"; $sql.= " FROM ".MAIN_DB_PREFIX."product as p"; $sql.= " WHERE p.fk_product_type <> 1"; - $sql.= ' AND p.entity IN (0,'.(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).')'; + $sql.= ' AND p.entity IN ('.getEntity($this->element, 1).')'; $resql=$this->db->query($sql); if ($resql) diff --git a/htdocs/product/index.php b/htdocs/product/index.php index a0b1b4a6500..27a11d57ce5 100644 --- a/htdocs/product/index.php +++ b/htdocs/product/index.php @@ -105,7 +105,7 @@ $prodser[0][0]=$prodser[0][1]=$prodser[1][0]=$prodser[1][1]=0; $sql = "SELECT COUNT(p.rowid) as total, p.fk_product_type, p.tosell, p.tobuy"; $sql.= " FROM ".MAIN_DB_PREFIX."product as p"; -$sql.= " WHERE p.entity IN (0,".(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).")"; +$sql.= ' WHERE p.entity IN ('.getEntity($product_static->element, 1).')'; $sql.= " GROUP BY p.fk_product_type, p.tosell, p.tobuy"; $result = $db->query($sql); while ($objp = $db->fetch_object($result)) @@ -165,7 +165,7 @@ $max=15; $sql = "SELECT p.rowid, p.label, p.price, p.ref, p.fk_product_type, p.tosell, p.tobuy,"; $sql.= " p.tms as datem"; $sql.= " FROM ".MAIN_DB_PREFIX."product as p"; -$sql.= " WHERE p.entity IN (0,".(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).")"; +$sql.= " WHERE p.entity IN (".getEntity($sharedelement, 1).")"; if ($type != '') $sql.= " AND p.fk_product_type = ".$type; $sql.= $db->order("p.tms","DESC"); $sql.= $db->plimit($max,0); diff --git a/htdocs/product/liste.php b/htdocs/product/liste.php index ae26cb791c2..5c786e49412 100644 --- a/htdocs/product/liste.php +++ b/htdocs/product/liste.php @@ -136,7 +136,7 @@ else //$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur as pf ON p.rowid = pf.fk_product"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON p.rowid = pfp.fk_product"; //} - $sql.= ' WHERE p.entity IN ('.(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).')'; + $sql.= ' WHERE p.entity IN ('.getEntity('product', 1).')'; if ($search_categ) $sql.= " AND p.rowid = cp.fk_product"; // Join for the needed table to filter by categ if ($sall) { diff --git a/htdocs/societe/class/client.class.php b/htdocs/societe/class/client.class.php index 92bf3472ea1..44e2a99058f 100644 --- a/htdocs/societe/class/client.class.php +++ b/htdocs/societe/class/client.class.php @@ -1,6 +1,6 @@ - * Copyright (C) 2005-2009 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -50,6 +50,7 @@ class Client extends Societe function load_state_board() { global $conf, $user; + global $mc; $this->nb=array("customers" => 0,"prospects" => 0); $clause = "WHERE"; @@ -63,7 +64,7 @@ class Client extends Societe $clause = "AND"; } $sql.= " ".$clause." s.client IN (1,2,3)"; - $sql.= ' AND s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')'; + $sql.= ' AND s.entity IN ('.getEntity($this->element, 1).')'; $sql.= " GROUP BY s.client"; $resql=$this->db->query($sql); diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index a91cfcd6e76..4d1fc552726 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -4,7 +4,7 @@ * Copyright (C) 2004 Eric Seigne * Copyright (C) 2003 Brian Fraval * Copyright (C) 2006 Andre Cianfarani - * Copyright (C) 2005-2009 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2008 Patrick Raguin * Copyright (C) 2010-2011 Juanjo Menent * diff --git a/htdocs/societe/index.php b/htdocs/societe/index.php index 06eebc64ee8..c948127312d 100644 --- a/htdocs/societe/index.php +++ b/htdocs/societe/index.php @@ -28,7 +28,7 @@ require_once(DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'); $langs->load("companies"); -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; // Security check @@ -80,9 +80,9 @@ $total=0; $sql = "SELECT s.rowid, s.client, s.fournisseur"; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; -if (! $user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; -$sql.= ' WHERE s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')'; -if (! $user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; +if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +$sql.= ' WHERE s.entity IN ('.getEntity('societe', 1).')'; +if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socid) $sql.= " AND s.rowid = ".$socid; $result = $db->query($sql); @@ -149,9 +149,9 @@ print ''; $max=15; $sql = "SELECT s.rowid, s.nom as name, s.client, s.fournisseur, s.canvas, s.tms as datem, s.status as status"; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; -if (! $user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; -$sql.= ' WHERE s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')'; -if (! $user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; +if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +$sql.= ' WHERE s.entity IN ('.getEntity('societe', 1).')'; +if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socid) $sql.= " AND s.rowid = ".$socid; $sql.= " AND ("; if (! empty($conf->societe->enabled)) $sql.=" s.client IN (1,2,3)"; From 5b04d47d6c597123663bd963db51051d5e716f3c Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 11 Jan 2012 21:21:37 +0800 Subject: [PATCH 2/5] Fix: remove useless global --- htdocs/societe/class/client.class.php | 1 - 1 file changed, 1 deletion(-) diff --git a/htdocs/societe/class/client.class.php b/htdocs/societe/class/client.class.php index 44e2a99058f..f88eefcfd4a 100644 --- a/htdocs/societe/class/client.class.php +++ b/htdocs/societe/class/client.class.php @@ -50,7 +50,6 @@ class Client extends Societe function load_state_board() { global $conf, $user; - global $mc; $this->nb=array("customers" => 0,"prospects" => 0); $clause = "WHERE"; From b670de36a9f511eafb7bfd55279faa922545c2d1 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 11 Jan 2012 22:07:17 +0800 Subject: [PATCH 3/5] Fix: add entity 0 for users and groups --- htdocs/comm/prospect/fiche.php | 4 ++-- htdocs/core/lib/functions.lib.php | 9 ++++++++- htdocs/user/fiche.php | 6 +++--- htdocs/user/group/fiche.php | 4 ++-- htdocs/user/group/ldap.php | 9 ++++----- htdocs/user/group/perms.php | 2 +- htdocs/user/info.php | 3 ++- htdocs/user/ldap.php | 16 ++++++---------- htdocs/user/note.php | 11 ++++------- htdocs/user/param_ihm.php | 4 ++-- htdocs/user/perms.php | 12 ++++++------ 11 files changed, 40 insertions(+), 40 deletions(-) diff --git a/htdocs/comm/prospect/fiche.php b/htdocs/comm/prospect/fiche.php index 8759e431483..82a79a17387 100644 --- a/htdocs/comm/prospect/fiche.php +++ b/htdocs/comm/prospect/fiche.php @@ -1,7 +1,7 @@ * Copyright (C) 2004-2011 Laurent Destailleur - * Copyright (C) 2005-2009 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -39,7 +39,7 @@ $langs->load('propal'); // Security check $socid = GETPOST("socid"); if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, 'societe',$socid,''); +$result = restrictedArea($user, 'societe', $socid, '&societe'); /* diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 8227e33f119..25f78395f6d 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -210,7 +210,14 @@ function getEntity($element=false, $shared=false) } else { - return $conf->entity; + $out=''; + + $addzero = array('user', 'usergroup'); + if (in_array($element, $addzero)) $out.= '0,'; + + $out.= $conf->entity; + + return $out; } } diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php index 5cb79c1b98d..5db8e190e82 100644 --- a/htdocs/user/fiche.php +++ b/htdocs/user/fiche.php @@ -3,7 +3,7 @@ * Copyright (C) 2002-2003 Jean-Louis Bergamo * Copyright (C) 2004-2011 Laurent Destailleur * Copyright (C) 2004 Eric Seigne - * Copyright (C) 2005-2011 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2005 Lionel Cousteix * Copyright (C) 2011 Herve Prot * @@ -64,7 +64,7 @@ if ($id) } //Multicompany in mode transversal -if(! empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->multicompany->transverse_mode) +if (! empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->multicompany->transverse_mode) { accessforbidden(); } @@ -74,7 +74,7 @@ $socid=0; if ($user->societe_id > 0) $socid = $user->societe_id; $feature2='user'; if ($user->id == $id) { $feature2=''; $canreaduser=1; } // A user can always read its own card -$result = restrictedArea($user, 'user', $id, '', $feature2); +$result = restrictedArea($user, 'user', $id, '&user', $feature2); if ($user->id <> $id && ! $canreaduser) accessforbidden(); $langs->load("users"); diff --git a/htdocs/user/group/fiche.php b/htdocs/user/group/fiche.php index 105057af858..9bf6c38b66b 100644 --- a/htdocs/user/group/fiche.php +++ b/htdocs/user/group/fiche.php @@ -1,7 +1,7 @@ * Copyright (C) 2005-2011 Laurent Destailleur - * Copyright (C) 2005-2011 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2011 Herve Prot * * This program is free software; you can redistribute it and/or modify @@ -49,7 +49,7 @@ $confirm=GETPOST("confirm"); $userid=GETPOST("user","int"); // Security check -$result = restrictedArea($user, 'user', $_GET["id"], 'usergroup', 'user'); +$result = restrictedArea($user, 'user', $id, 'usergroup&usergroup', 'user'); if(! empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->multicompany->transverse_mode) { diff --git a/htdocs/user/group/ldap.php b/htdocs/user/group/ldap.php index 01be80d3564..4275fc08a79 100644 --- a/htdocs/user/group/ldap.php +++ b/htdocs/user/group/ldap.php @@ -1,6 +1,6 @@ - * Copyright (C) 2006 Regis Houssin + * Copyright (C) 2006-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -39,8 +39,7 @@ if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $canreadperms=($user->admin || $user->rights->user->group_advance->read); } -// Protection quand utilisateur externe -$contactid = isset($_GET["id"])?$_GET["id"]:''; +$id = GETPOST('id', 'int'); $socid=0; if ($user->societe_id > 0) @@ -48,8 +47,8 @@ if ($user->societe_id > 0) $socid = $user->societe_id; } -$fgroup = new Usergroup($db, $_GET["id"]); -$fgroup->fetch($_GET["id"]); +$fgroup = new Usergroup($db); +$fgroup->fetch($id); $fgroup->getrights(); diff --git a/htdocs/user/group/perms.php b/htdocs/user/group/perms.php index 20fcbf02931..9b367e7aeb4 100644 --- a/htdocs/user/group/perms.php +++ b/htdocs/user/group/perms.php @@ -3,7 +3,7 @@ * Copyright (C) 2002-2003 Jean-Louis Bergamo * Copyright (C) 2004-2010 Laurent Destailleur * Copyright (C) 2004 Eric Seigne - * Copyright (C) 2005-2011 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/htdocs/user/info.php b/htdocs/user/info.php index b003c6f59da..64ca2fb6c81 100644 --- a/htdocs/user/info.php +++ b/htdocs/user/info.php @@ -1,5 +1,6 @@ + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -41,7 +42,7 @@ if ($user->id == $id) // A user can always read its own card { $feature2=''; } -$result = restrictedArea($user, 'user', $id, '', $feature2); +$result = restrictedArea($user, 'user', $id, '&user', $feature2); // If user is not user read and no permission to read other users, we stop if (($fuser->id != $user->id) && (! $user->rights->user->user->lire)) diff --git a/htdocs/user/ldap.php b/htdocs/user/ldap.php index 131ec6de54c..47dfb03d81a 100644 --- a/htdocs/user/ldap.php +++ b/htdocs/user/ldap.php @@ -1,6 +1,6 @@ - * Copyright (C) 2006 Regis Houssin +/* Copyright (C) 2006-2012 Laurent Destailleur + * Copyright (C) 2006-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -32,21 +32,17 @@ $langs->load("admin"); $langs->load("companies"); $langs->load("ldap"); -// Protection quand utilisateur externe -$contactid = isset($_GET["id"])?$_GET["id"]:''; +$id = GETPOST('id', 'int'); // Security check $socid=0; if ($user->societe_id > 0) $socid = $user->societe_id; $feature2 = (($socid && $user->rights->user->self->creer)?'':'user'); -if ($user->id == $_GET["id"]) // A user can always read its own card -{ - $feature2=''; -} -$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2); +if ($user->id == $id) $feature2=''; // A user can always read its own card +$result = restrictedArea($user, 'user', $id, '&user', $feature2); $fuser = new User($db); -$fuser->fetch($_GET["id"]); +$fuser->fetch($id); $fuser->getrights(); diff --git a/htdocs/user/note.php b/htdocs/user/note.php index a07a02ed8ce..33ea1745b27 100644 --- a/htdocs/user/note.php +++ b/htdocs/user/note.php @@ -1,6 +1,7 @@ * Copyright (C) 2004-2011 Laurent Destailleur + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -38,18 +39,14 @@ $fuser = new User($db); $fuser->fetch($id); // If user is not user read and no permission to read other users, we stop -if (($fuser->id != $user->id) && (! $user->rights->user->user->lire)) - accessforbidden(); +if (($fuser->id != $user->id) && (! $user->rights->user->user->lire)) accessforbidden(); // Security check $socid=0; if ($user->societe_id > 0) $socid = $user->societe_id; $feature2 = (($socid && $user->rights->user->self->creer)?'':'user'); -if ($user->id == $_GET["id"]) // A user can always read its own card -{ - $feature2=''; -} -$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2); +if ($user->id == $id) $feature2=''; // A user can always read its own card +$result = restrictedArea($user, 'user', $id, '&user', $feature2); diff --git a/htdocs/user/param_ihm.php b/htdocs/user/param_ihm.php index add72a4ffb0..c58e6a7cb6a 100644 --- a/htdocs/user/param_ihm.php +++ b/htdocs/user/param_ihm.php @@ -1,6 +1,6 @@ - * Copyright (C) 2010 Regis Houssin + * Copyright (C) 2010-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -54,7 +54,7 @@ if ($user->id == $id) // A user can always read its own card $feature2=''; $canreaduser=1; } -$result = restrictedArea($user, 'user', $id, '', $feature2); +$result = restrictedArea($user, 'user', $id, '&user', $feature2); if ($user->id <> $id && ! $canreaduser) accessforbidden(); $dirtop = "../core/menus/standard"; diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index 8c3cd5de551..c9064ca263f 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -3,7 +3,7 @@ * Copyright (C) 2002-2003 Jean-Louis Bergamo * Copyright (C) 2004-2010 Laurent Destailleur * Copyright (C) 2004 Eric Seigne - * Copyright (C) 2005-2011 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,10 +30,10 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/usergroups.lib.php"); $langs->load("users"); $langs->load("admin"); -$id=GETPOST('id','int'); -$action=GETPOST("action"); -$confirm=GETPOST("confirm"); -$module=GETPOST("module"); +$id=GETPOST('id', 'int'); +$action=GETPOST('action', 'alpha'); +$confirm=GETPOST('confirm', 'alpha'); +$module=GETPOST('module'); if (! isset($id) || empty($id)) accessforbidden(); @@ -58,7 +58,7 @@ if ($user->id == $id) // A user can always read its own card $feature2=''; $canreaduser=1; } -$result = restrictedArea($user, 'user', $id, '', $feature2); +$result = restrictedArea($user, 'user', $id, '&user', $feature2); if ($user->id <> $id && ! $canreaduser) accessforbidden(); From c1ac04866e33edb29e59a8fec5a555278132ae09 Mon Sep 17 00:00:00 2001 From: simnandez Date: Wed, 11 Jan 2012 15:59:46 +0100 Subject: [PATCH 4/5] Fix: Label was not clear enough --- htdocs/langs/ca_ES/products.lang | 2 +- htdocs/langs/es_ES/products.lang | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/langs/ca_ES/products.lang b/htdocs/langs/ca_ES/products.lang index 33c0473b2aa..1c8215343a2 100644 --- a/htdocs/langs/ca_ES/products.lang +++ b/htdocs/langs/ca_ES/products.lang @@ -78,7 +78,7 @@ ContractNotRunning=Aquest contracte no està en servei ErrorProductAlreadyExists=Un producte amb la referència %s ja existeix. ErrorProductBadRefOrLabel=El valor de la referència o etiqueta és incorrecte Suppliers=Proveïdors -SupplierRef=Ref. proveïdor +SupplierRef=Ref. producte proveïdor ShowProduct=Mostrar producte ShowService=Mostrar servei ProductsAndServicesArea=Àrea productes i serveis diff --git a/htdocs/langs/es_ES/products.lang b/htdocs/langs/es_ES/products.lang index 12dce1cd5fd..1f4e5d16ad2 100644 --- a/htdocs/langs/es_ES/products.lang +++ b/htdocs/langs/es_ES/products.lang @@ -78,7 +78,7 @@ ContractNotRunning=Este contrato no está en servicio ErrorProductAlreadyExists=Un producto con la referencia %s ya existe. ErrorProductBadRefOrLabel=El valor de la referencia o etiqueta es incorrecto Suppliers=Proveedores -SupplierRef=Ref. proveedor +SupplierRef=Ref. producto proveedor ShowProduct=Mostrar producto ShowService=Mostrar servicio ProductsAndServicesArea=Área productos y servicios From 199e22fd709c6c5f1be50f0ac79a05e82d21e1f0 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 11 Jan 2012 22:59:18 +0800 Subject: [PATCH 5/5] Fix: remove useless code --- htdocs/core/lib/security.lib.php | 8 ++++---- htdocs/main.inc.php | 4 ++-- htdocs/master.inc.php | 16 +--------------- 3 files changed, 7 insertions(+), 21 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index dc3e2a0c13c..d6a8281ce72 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -1,6 +1,6 @@ - * Copyright (C) 2008-2011 Regis Houssin + * Copyright (C) 2008-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -145,7 +145,7 @@ function checkLoginPassEntity($usertotest,$passwordtotest,$entitytotest,$authmod function dol_loginfunction($langs,$conf,$mysoc) { global $dolibarr_main_demo,$db; - global $smartphone; + global $smartphone,$mc; $langcode=(GETPOST('lang')?((is_object($langs)&&$langs->defaultlang)?$langs->defaultlang:'auto'):GETPOST('lang')); $langs->setDefaultLang($langcode); @@ -214,12 +214,12 @@ function dol_loginfunction($langs,$conf,$mysoc) } // Entity cookie - if (! empty($conf->global->MAIN_MODULE_MULTICOMPANY)) + if (! empty($conf->multicompany->enabled)) { $lastuser = ''; $lastentity = $_POST['entity']; - if (! empty($conf->global->MAIN_MULTICOMPANY_COOKIE)) + if (! empty($conf->global->MULTICOMPANY_COOKIE_ENABLED)) { $prefix=dol_getprefix(); $entityCookieName = 'DOLENTITYID_'.$prefix; diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 0f28ce7722d..c92c8b2b4b9 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -4,7 +4,7 @@ * Copyright (C) 2004-2011 Laurent Destailleur * Copyright (C) 2004 Sebastien Di Cintio * Copyright (C) 2004 Benoit Mortier - * Copyright (C) 2005-2011 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2011 Philippe Grand * Copyright (C) 2008 Matteli * Copyright (C) 2011 Juanjo Menent @@ -576,7 +576,7 @@ if (! defined('NOLOGIN')) $prefix=dol_getprefix(); $entityCookieName = 'DOLENTITYID_'.$prefix; // TTL : is defined in the config page multicompany - $ttl = (! empty($conf->global->MULTICOMPANY_COOKIE_TTL) ? $conf->global->MULTICOMPANY_COOKIE_TTL : time()+60*60*8 ); + $ttl = (! empty($conf->global->MULTICOMPANY_COOKIE_TTL) ? dol_now()+$conf->global->MULTICOMPANY_COOKIE_TTL : dol_now()+60*60*8 ); // Cryptkey : will be created randomly in the config page multicompany $cryptkey = (! empty($conf->file->cookie_cryptkey) ? $conf->file->cookie_cryptkey : '' ); diff --git a/htdocs/master.inc.php b/htdocs/master.inc.php index 6d4a338cbc8..31c0b410609 100644 --- a/htdocs/master.inc.php +++ b/htdocs/master.inc.php @@ -4,7 +4,7 @@ * Copyright (C) 2004-2010 Laurent Destailleur * Copyright (C) 2004 Sebastien Di Cintio * Copyright (C) 2004 Benoit Mortier - * Copyright (C) 2005-2011 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2005 Simon Tosser * Copyright (C) 2006 Andre Cianfarani * Copyright (C) 2010 Juanjo Menent @@ -137,20 +137,6 @@ if (! defined('NOREQUIREDB')) { $conf->entity = GETPOST("entity",'int'); } - else if (! empty($conf->file->cookie_cryptkey)) - { - $prefix=dol_getprefix(); - $entityCookieName = 'DOLENTITYID_'.$prefix; - if (! empty($_COOKIE[$entityCookieName])) // Just for view specific login page - { - include_once(DOL_DOCUMENT_ROOT."/core/class/cookie.class.php"); - $lastuser = ''; $lastentity = ''; - $entityCookie = new DolCookie($conf->file->cookie_cryptkey); - $cookieValue = $entityCookie->_getCookie($entityCookieName); - list($lastuser, $lastentity) = explode('|', $cookieValue); - $conf->entity = $lastentity; - } - } //print "Will work with data into entity instance number '".$conf->entity."'";