From aa53b7a2ba03d810b5e61daf1c9b5105911677b9 Mon Sep 17 00:00:00 2001 From: simnandez Date: Fri, 19 Oct 2012 13:00:53 +0200 Subject: [PATCH 1/9] New: More import options. Thirds Bank Accounts --- htdocs/core/modules/modSociete.class.php | 21 +++++++++++++++++++ .../install/mysql/migration/3.2.0-3.3.0.sql | 1 + .../install/mysql/tables/llx_societe_rib.sql | 4 +++- htdocs/langs/ca_ES/companies.lang | 1 + htdocs/langs/ca_ES/exports.lang | 6 +++++- htdocs/langs/en_US/companies.lang | 1 + htdocs/langs/en_US/exports.lang | 6 +++++- htdocs/langs/es_ES/companies.lang | 1 + htdocs/langs/es_ES/exports.lang | 6 +++++- htdocs/langs/fr_FR/companies.lang | 1 + htdocs/langs/fr_FR/exports.lang | 6 +++++- 11 files changed, 49 insertions(+), 5 deletions(-) diff --git a/htdocs/core/modules/modSociete.class.php b/htdocs/core/modules/modSociete.class.php index 116dbbfac6f..27657765ed8 100644 --- a/htdocs/core/modules/modSociete.class.php +++ b/htdocs/core/modules/modSociete.class.php @@ -4,6 +4,7 @@ * Copyright (C) 2004 Sebastien Di Cintio * Copyright (C) 2004 Benoit Mortier * Copyright (C) 2005-2012 Regis Houssin + * Copyright (C) 2012 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -362,6 +363,26 @@ class modSociete extends DolibarrModules //$this->import_convertvalue_array[$r]=array('s.fk_soc'=>array('rule'=>'lastrowid',table='t'); $this->import_regex_array[$r]=array('s.birthday'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$','s.datec'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$'); $this->import_examplevalues_array[$r]=array('s.fk_soc'=>'MyBigCompany','s.civilite'=>"MR",'s.name'=>"Smith",'s.firstname'=>'John','s.address'=>'61 jump street','s.cp'=>'75000','s.ville'=>'Bigtown','s.fk_pays'=>'US, FR, DE...','s.datec'=>'1972-10-10','s.poste'=>"Director",'s.phone'=>"5551122",'s.phone_perso'=>"5551133",'s.phone_mobile'=>"5551144",'s.fax'=>"5551155",'s.email'=>"johnsmith@email.com",'s.note'=>"My comments"); + + // Import Bank Accounts + $r++; + $this->import_code[$r]=$this->rights_class.'_'.$r; + $this->import_label[$r]="ImportDataset_company_3"; // Translation key + $this->import_icon[$r]='account'; + $this->import_entities_array[$r]=array(); // We define here only fields that use another icon that the one defined into import_icon + $this->import_tables_array[$r]=array('sr'=>MAIN_DB_PREFIX.'societe_rib'); + $this->import_fields_array[$r]=array('sr.fk_soc'=>"ThirdPartyName*",'sr.bank'=>"Bank", + 'sr.code_banque'=>"BankCode*",'sr.code_guichet'=>"DeskCode*",'sr.number'=>"BankAccountNumber*", + 'sr.cle_rib'=>"BankAccountNumberKey*",'sr.bic'=>"BIC",'sr.iban_prefix'=>"IBAN" + ); + + $this->import_convertvalue_array[$r]=array( + 'sr.fk_soc'=>array('rule'=>'fetchidfromref','classfile'=>'/societe/class/societe.class.php','class'=>'Societe','method'=>'fetch','element'=>'ThirdParty') + ); + $this->import_examplevalues_array[$r]=array('sr.fk_soc'=>"MyBigCompany",'sr.bank'=>"ING", + 'sr.code_banque'=>"0000", 'sr.code_guichet'=>"1111",'sr.number'=>"3333333333", + 'sr.cle_rib'=>"22",'sr.bic'=>"USHINGMMXXX",'sr.iban_prefix'=>"US00 0000 1111 22 3333 3333" + ); } diff --git a/htdocs/install/mysql/migration/3.2.0-3.3.0.sql b/htdocs/install/mysql/migration/3.2.0-3.3.0.sql index 0cedd43afcb..52f9bbaca51 100755 --- a/htdocs/install/mysql/migration/3.2.0-3.3.0.sql +++ b/htdocs/install/mysql/migration/3.2.0-3.3.0.sql @@ -765,6 +765,7 @@ ALTER TABLE llx_commande_fournisseurdet ADD COLUMN import_key varchar(14) AFTER ALTER TABLE llx_entrepot ADD COLUMN import_key varchar(14) AFTER fk_user_author; ALTER TABLE llx_product_fournisseur_price ADD COLUMN import_key varchar(14) AFTER fk_user; ALTER TABLE llx_product_stock ADD COLUMN import_key varchar(14) AFTER pmp; +ALTER TABLE llx_societe_rib ADD COLUMN import_key varchar(14) AFTER adresse_proprio; -- [ task #146 ] Remove table llx_categorie_association ALTER TABLE llx_categorie_association DROP FOREIGN KEY fk_categorie_asso_fk_categorie_mere; diff --git a/htdocs/install/mysql/tables/llx_societe_rib.sql b/htdocs/install/mysql/tables/llx_societe_rib.sql index b5856284ecc..4d3e555f565 100644 --- a/htdocs/install/mysql/tables/llx_societe_rib.sql +++ b/htdocs/install/mysql/tables/llx_societe_rib.sql @@ -1,6 +1,7 @@ -- ============================================================================= -- Copyright (C) 2000-2004 Rodolphe Quiedeville -- Copyright (C) 2005-2009 Regis Houssin +-- Copyright (C) 2012 Juanjo Menent -- -- This program is free software; you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published by @@ -33,7 +34,8 @@ create table llx_societe_rib iban_prefix varchar(34), -- 34 according to ISO 13616 domiciliation varchar(255), proprio varchar(60), - adresse_proprio varchar(255) + adresse_proprio varchar(255), + import_key varchar(14) -- import key )ENGINE=innodb; diff --git a/htdocs/langs/ca_ES/companies.lang b/htdocs/langs/ca_ES/companies.lang index cfd42da2d18..caa0cfe0174 100644 --- a/htdocs/langs/ca_ES/companies.lang +++ b/htdocs/langs/ca_ES/companies.lang @@ -342,6 +342,7 @@ ExportDataset_company_1=Tercers (empreses/institucions) i atributs ExportDataset_company_2=Contactes de tercers i atributs ImportDataset_company_1=Tercers (empreses/institucions) i atributs ImportDataset_company_2=Contactes (tercers o lliures) i atributs +ImportDataset_company_3=Comptes bancaris PriceLevel=Nivell de preus DeliveriesAddress=Adreça(es) d'enviament DeliveryAddress=Adreça d'enviament diff --git a/htdocs/langs/ca_ES/exports.lang b/htdocs/langs/ca_ES/exports.lang index be2f30d45c8..77d8e30c30b 100644 --- a/htdocs/langs/ca_ES/exports.lang +++ b/htdocs/langs/ca_ES/exports.lang @@ -119,4 +119,8 @@ ExportFieldAutomaticallyAdded=S'ha afegit automàticament el camp %s, ja CsvOptions=Opcions de l'arxiu CSV Separator=Separador Enclosure=Delimitador de camps -SuppliersProducts=Productes de proveïdors \ No newline at end of file +SuppliersProducts=Productes de proveïdors +BankCode=Codi banc +DeskCode=Codi oficina +BankAccountNumber=Número compte +BankAccountNumberKey=Dígit Control \ No newline at end of file diff --git a/htdocs/langs/en_US/companies.lang b/htdocs/langs/en_US/companies.lang index 60276959b8e..241dcd9f9d5 100644 --- a/htdocs/langs/en_US/companies.lang +++ b/htdocs/langs/en_US/companies.lang @@ -359,6 +359,7 @@ ExportDataset_company_1=Third parties (Companies/foundations) and properties ExportDataset_company_2=Contacts and properties ImportDataset_company_1=Third parties (Companies/foundations) and properties ImportDataset_company_2=Contacts (of thirdparties or not) and attributes +ImportDataset_company_3=Bank details PriceLevel=Price level DeliveriesAddress=Delivery addresses DeliveryAddress=Delivery address diff --git a/htdocs/langs/en_US/exports.lang b/htdocs/langs/en_US/exports.lang index 2d332ff25ca..0031c86240e 100644 --- a/htdocs/langs/en_US/exports.lang +++ b/htdocs/langs/en_US/exports.lang @@ -119,4 +119,8 @@ ExportFieldAutomaticallyAdded=Field %s was automatically added. It will a CsvOptions=Csv Options Separator=Separator Enclosure=Enclosure -SuppliersProducts=Suppliers Products \ No newline at end of file +SuppliersProducts=Suppliers Products +BankCode=Bank code +DeskCode=Desk code +BankAccountNumber=Account number +BankAccountNumberKey=Key \ No newline at end of file diff --git a/htdocs/langs/es_ES/companies.lang b/htdocs/langs/es_ES/companies.lang index 90f1529acd7..9313df97434 100644 --- a/htdocs/langs/es_ES/companies.lang +++ b/htdocs/langs/es_ES/companies.lang @@ -343,6 +343,7 @@ ExportDataset_company_1=Terceros (empresas/instituciones) y atributos ExportDataset_company_2=Contactos de terceros y atributos ImportDataset_company_1=Terceros (empresas/instituciones) y atributos ImportDataset_company_2=Contactos (terceros o libres) y atributos +ImportDataset_company_3=Cuentas bancarias PriceLevel=Nivel de precios DeliveriesAddress=Dirección(es) de envío DeliveryAddress=Dirección de envío diff --git a/htdocs/langs/es_ES/exports.lang b/htdocs/langs/es_ES/exports.lang index 0889e50e1f9..667c2a645e1 100644 --- a/htdocs/langs/es_ES/exports.lang +++ b/htdocs/langs/es_ES/exports.lang @@ -119,4 +119,8 @@ ExportFieldAutomaticallyAdded=Se ha añadido automáticamente el campo %s CsvOptions=Opciones del archivo CSV Separator=Separador Enclosure=Delimitador de campos -SuppliersProducts=Productos de proveedores \ No newline at end of file +SuppliersProducts=Productos de proveedores +BankCode=Código banco +DeskCode=Código oficina +BankAccountNumber=Número cuenta +BankAccountNumberKey=Dígito Control \ No newline at end of file diff --git a/htdocs/langs/fr_FR/companies.lang b/htdocs/langs/fr_FR/companies.lang index 60c5f8be6aa..f00b80e6aa6 100644 --- a/htdocs/langs/fr_FR/companies.lang +++ b/htdocs/langs/fr_FR/companies.lang @@ -360,6 +360,7 @@ ExportDataset_company_1=Tiers (sociétés/institutions) et attributs ExportDataset_company_2=Contacts (de tiers) et attributs ImportDataset_company_1=Tiers (sociétés/institutions) et attributs ImportDataset_company_2=Contacts (de tiers ou libre) et attributs +ImportDataset_company_3=Coordonnées bancaires PriceLevel=Niveau de prix DeliveriesAddress=Adresse(s) de livraison DeliveryAddress=Adresse de livraison diff --git a/htdocs/langs/fr_FR/exports.lang b/htdocs/langs/fr_FR/exports.lang index ca317e2dcbc..4665da31baf 100644 --- a/htdocs/langs/fr_FR/exports.lang +++ b/htdocs/langs/fr_FR/exports.lang @@ -119,4 +119,8 @@ ExportFieldAutomaticallyAdded=Le champ %s a été ajouté automatiquement CsvOptions=Options du fichier Csv Separator=Séparateur de champs Enclosure=Encadrement des chaines de textes -SuppliersProducts=Produits Fournisseurs \ No newline at end of file +SuppliersProducts=Produits Fournisseurs +BankCode=Code banque +DeskCode=Code guichet +BankAccountNumber=Numéro compte +BankAccountNumberKey=Clé RIB \ No newline at end of file From 4a10874f54a00157110259e33d698b3c7fb7361c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Oct 2012 13:01:29 +0200 Subject: [PATCH 2/9] New: add waring message when date is too low. --- htdocs/fourn/facture/fiche.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/htdocs/fourn/facture/fiche.php b/htdocs/fourn/facture/fiche.php index 82839fc40e3..9aca380a9fa 100644 --- a/htdocs/fourn/facture/fiche.php +++ b/htdocs/fourn/facture/fiche.php @@ -188,7 +188,11 @@ elseif ($action == 'setdate_lim_reglement' && $user->rights->fournisseur->factur { $object->fetch($id); $object->date_echeance=dol_mktime(12,0,0,$_POST['date_lim_reglementmonth'],$_POST['date_lim_reglementday'],$_POST['date_lim_reglementyear']); - if ($object->date_echeance < $object->date) $object->date_echeance=$object->date; + if ($object->date_echeance < $object->date) + { + $object->date_echeance=$object->date; + setEventMessage($langs->trans("DatePaymentTermCantBeLowerThanObjectDate"),'warnings'); + } $result=$object->update($user); if ($result < 0) dol_print_error($db,$object->error); } From 40a1ba3b963eb71c61b028c259084b90e278f804 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Oct 2012 14:23:21 +0200 Subject: [PATCH 3/9] Fix: Removed deprecated translation --- htdocs/langs/nl_BE/bills.lang | 34 ---------------------------------- 1 file changed, 34 deletions(-) diff --git a/htdocs/langs/nl_BE/bills.lang b/htdocs/langs/nl_BE/bills.lang index 27d70def657..27a550c6b08 100644 --- a/htdocs/langs/nl_BE/bills.lang +++ b/htdocs/langs/nl_BE/bills.lang @@ -279,37 +279,3 @@ PDFOursinDescription=Factuurmodel oursin # tourteau PDF Model PDFTourteauDescription=Factuurmodel Tourteau - - - - -# NumRef Modules - -# deneb -DenebNumRefModelDesc1=Geeft het nummer in de vorm, PREF-31-12-2004-01, waar pref het voorvoegsel is , gevolgd door de datum (31 december 2004) en een teller. -DenebNumRefModelDesc2=Indien de constante FACTURE_DENEB_DELTA is gedefiniëerd, een compensatie wordt toegepast op de meter - -# mars -MarsNumRefModelDesc1=Numéro de facture sous la forme, PREF-10-2004-005, qui correspond à la 5ème facture d'octobre 2004 et où PREF est le préfix de la société. -MarsNumRefModelDesc2=Le nombre final est formaté sur 3 chiffres ou plus. -MarsNumRefModelDesc3=Si la constante FACTURE_MARS_DELTA est définie, un offset est appliqué sur le compteur - -# neptune -NeptuneNumRefModelDesc1=Renvoie le numéro de facture sous une forme du préfix FA suivi de l'année sur 2 chiffres et d'un compteur simple sur 4 chiffres. -NeptuneNumRefModelDesc2=Si la constante FACTURE_NEPTUNE_DELTA est définie, un offset est appliqué sur le compteur - -# orion -OrionNumRefModelDesc1=Return the number under the format FAYYNNNNN where YY is the year and NNNNN the increment number starting at 1. -OrionNumRefModelDesc2=The year is increased by 1 WITHOUT an initialisation to zero at the start of the fiscal year. -OrionNumRefModelDesc3=Define the variable SOCIETE_FISCAL_MONTH_START with the month at the start of the fiscal year, example: 9 for September. -OrionNumRefModelDesc4=In this example, we shall have on the 1st of September 2006 an invoice named FA700354. - -# terre -TerreNumRefModelDesc1=Renvoie le numéro sous la forme %syymm-nnnn où yy est l'année, mm le mois et nnnn un compteur séquentiel sans rupture et sans remise à 0 -TerreNumRefModelError=Une facture commençant par $fayymm existe en base et est incompatible avec cette numérotation. Supprimer la ou renommer la pour activer ce module. - -# titan -TitanNumRefModelDesc1=Return the number with format FAYYNNNNN where YY is the year and NNNNN is the increment number starting from 1. -TitanNumRefModelDesc2=The year is incremented by 1 and the increment number is initialized to zero at the start of the fiscal year. -TitanNumRefModelDesc3=Define the variable SOCIETE_FISCAL_MONTH_START with the month at the start of the fiscal year, example: 9 for September. -TitanNumRefModelDesc4=In this example, we shall have on the 1st September 2006 an invoice named FA0700001 From ffa1b10061669b9ef7bec9e0a4c67bd7baa71c6c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Oct 2012 14:45:00 +0200 Subject: [PATCH 4/9] doxygen --- htdocs/core/class/translate.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/translate.class.php b/htdocs/core/class/translate.class.php index 3dda7538e01..ae9366b8995 100644 --- a/htdocs/core/class/translate.class.php +++ b/htdocs/core/class/translate.class.php @@ -249,7 +249,7 @@ class Translate $tab=explode('=',$line,2); $key=trim($tab[0]); //print "Domain=$domain, found a string for $tab[0] with value $tab[1]
"; - if ((! empty($conf->global->MAIN_USE_CUSTOM_TRANSLATION) || empty($this->tab_translate[$key])) && isset($tab[1])) // If data was already found, we must not enter here, even if MAIN_FORCELANGDIR is set (MAIN_FORCELANGDIR is to replace lang dir, not to overwrite) + if ((! empty($conf->global->MAIN_USE_CUSTOM_TRANSLATION) || empty($this->tab_translate[$key])) && isset($tab[1])) // If translation was already found, we must not continue, even if MAIN_FORCELANGDIR is set (MAIN_FORCELANGDIR is to replace lang dir, not to overwrite entries) { $value=trim(preg_replace('/\\n/',"\n",$tab[1])); From 5a3be48d09b14f52db9eedcd254a3d8dd9c2b1cd Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 19 Oct 2012 17:28:18 +0200 Subject: [PATCH 5/9] New: Can edit bookmark from list --- htdocs/bookmarks/fiche.php | 59 ++++++++++++++++++++------------------ htdocs/bookmarks/liste.php | 8 ++++-- 2 files changed, 37 insertions(+), 30 deletions(-) diff --git a/htdocs/bookmarks/fiche.php b/htdocs/bookmarks/fiche.php index 17263261056..5cbf34fd13c 100644 --- a/htdocs/bookmarks/fiche.php +++ b/htdocs/bookmarks/fiche.php @@ -28,12 +28,14 @@ require_once DOL_DOCUMENT_ROOT.'/bookmarks/class/bookmark.class.php'; $langs->load("other"); -$action=GETPOST("action"); -$title=GETPOST("title"); -$url=GETPOST("url"); -$target=GETPOST("target"); -$userid=GETPOST("userid"); -$position=GETPOST("position"); +$id=GETPOST("id"); +$action=GETPOST("action","alpha"); +$title=GETPOST("title","alpha"); +$url=GETPOST("url","alpha"); +$target=GETPOST("target","alpha"); +$userid=GETPOST("userid","int"); +$position=GETPOST("position","int"); +$backtopage=GETPOST('backtopage','alpha'); /* @@ -42,10 +44,10 @@ $position=GETPOST("position"); if ($action == 'add' || $action == 'addproduct' || $action == 'update') { - if ($_POST["cancel"]) + if (GETPOST("cancel")) { - $urlsource=(! empty($_REQUEST["urlsource"]))?$_REQUEST["urlsource"]:((! empty($url))?$url:DOL_URL_ROOT.'/bookmarks/liste.php'); - header("Location: ".$urlsource); + if (empty($backtopage)) $backtopage=(GETPOST("urlsource")?GETPOST("urlsource"):((! empty($url))?$url:DOL_URL_ROOT.'/bookmarks/liste.php')); + header("Location: ".$backtopage); exit; } @@ -71,8 +73,8 @@ if ($action == 'add' || $action == 'addproduct' || $action == 'update') if ($res > 0) { - $urlsource=! empty($_REQUEST["urlsource"])?urldecode($_REQUEST["urlsource"]):DOL_URL_ROOT.'/bookmarks/liste.php'; - header("Location: ".$urlsource); + if (empty($backtopage)) $backtopage=(GETPOST("urlsource")?GETPOST("urlsource"):DOL_URL_ROOT.'/bookmarks/liste.php'); + header("Location: ".$backtopage); exit; } else @@ -96,7 +98,7 @@ if ($action == 'add' || $action == 'addproduct' || $action == 'update') } } -if ($_GET["action"] == 'delete') +if ($action == 'delete') { $bookmark=new Bookmark($db); $bookmark->id=$_GET["bid"]; @@ -133,10 +135,10 @@ if ($action == 'create') * Fact bookmark creation mode */ - print '
'."\n"; + print ''."\n"; print ''; print ''; - + print_fiche_titre($langs->trans("NewBookmark")); dol_fiche_head($head, $hselected, $langs->trans("Bookmark"),0,'bookmark'); @@ -176,24 +178,25 @@ if ($action == 'create') } -if ($_GET["id"] > 0 && ! preg_match('/^add/i',$_GET["action"])) +if ($id > 0 && ! preg_match('/^add/i',$action)) { /* * Fact bookmark mode or visually edition */ $bookmark=new Bookmark($db); - $bookmark->fetch($_GET["id"]); + $bookmark->fetch($id); dol_fiche_head($head, $hselected, $langs->trans("Bookmark"),0,'bookmark'); - if ($_GET["action"] == 'edit') + if ($action == 'edit') { print ''; print ''; print ''; print ''; print ''; + print ''; } print ''; @@ -201,17 +204,17 @@ if ($_GET["id"] > 0 && ! preg_match('/^add/i',$_GET["action"])) print ''; print ''; print ''; print ''; print ''; @@ -254,9 +257,9 @@ if ($_GET["id"] > 0 && ! preg_match('/^add/i',$_GET["action"])) print '
'.$langs->trans("Ref").''.$bookmark->ref.'
'.$langs->trans("BookmarkTitle").''; - if ($_GET["action"] == 'edit') print 'title).'">'; + if ($action == 'edit') print 'title).'">'; else print $bookmark->title; print '
'.$langs->trans("UrlOrLink").''; - if ($_GET["action"] == 'edit') print 'url).'">'; + if ($action == 'edit') print 'url).'">'; else print 'target?' target="_blank"':'').'>'.$bookmark->url.''; print '
'.$langs->trans("BehaviourOnClick").''; - if ($_GET["action"] == 'edit') + if ($action == 'edit') { $liste=array(1=>$langs->trans("OpenANewWindow"),0=>$langs->trans("ReplaceWindow")); print $form->selectarray('target',$liste,isset($_POST["target"])?$_POST["target"]:$bookmark->target); @@ -224,7 +227,7 @@ if ($_GET["id"] > 0 && ! preg_match('/^add/i',$_GET["action"])) print '
'.$langs->trans("Owner").''; - if ($_GET["action"] == 'edit' && $user->admin) + if ($action == 'edit' && $user->admin) { $form->select_users(isset($_POST['userid'])?$_POST['userid']:($bookmark->fk_user?$bookmark->fk_user:''),'userid',1); } @@ -245,7 +248,7 @@ if ($_GET["id"] > 0 && ! preg_match('/^add/i',$_GET["action"])) // Position print '
'.$langs->trans("Position").''; - if ($_GET["action"] == 'edit') print 'position).'">'; + if ($action == 'edit') print 'position).'">'; else print $bookmark->position; print '
'; - if ($_GET["action"] == 'edit') print '
   
'; + if ($action == 'edit') print '
   
'; - if ($_GET["action"] == 'edit') print '
'; + if ($action == 'edit') print ''; dol_fiche_end(); @@ -264,13 +267,13 @@ if ($_GET["id"] > 0 && ! preg_match('/^add/i',$_GET["action"])) print "
\n"; // Edit - if ($user->rights->bookmark->creer && $_GET["action"] != 'edit') + if ($user->rights->bookmark->creer && $action != 'edit') { print " id."&action=edit\">".$langs->trans("Edit")."\n"; } // Remove - if ($user->rights->bookmark->supprimer && $_GET["action"] != 'edit') + if ($user->rights->bookmark->supprimer && $action != 'edit') { print " id."&action=delete\">".$langs->trans("Delete")."\n"; } @@ -279,8 +282,8 @@ if ($_GET["id"] > 0 && ! preg_match('/^add/i',$_GET["action"])) } -$db->close(); - llxFooter(); + +$db->close(); ?> diff --git a/htdocs/bookmarks/liste.php b/htdocs/bookmarks/liste.php index 8e3d0ea9e92..c9a6dff9ca2 100644 --- a/htdocs/bookmarks/liste.php +++ b/htdocs/bookmarks/liste.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2005-2012 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -170,7 +170,11 @@ if ($resql) print ''.$obj->position.""; // Actions - print ''; + print ''; + if ($user->rights->bookmark->creer) + { + print "bid."&backtopage=".urlencode($_SERVER["PHP_SELF"])."\">".img_edit()." "; + } if ($user->rights->bookmark->supprimer) { print "bid\">".img_delete().""; From 99fa385602fca1bc420560b5610e00e59831f05c Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Sat, 20 Oct 2012 09:33:39 +0200 Subject: [PATCH 6/9] Fix: minor vulnerabilities --- htdocs/admin/modules.php | 4 ++-- htdocs/externalsite/frames.php | 10 +++++----- htdocs/index.php | 2 +- htdocs/user/class/user.class.php | 24 ++++++++++++------------ htdocs/user/group/perms.php | 11 ++++++----- htdocs/user/perms.php | 4 ++-- 6 files changed, 28 insertions(+), 27 deletions(-) diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index cb1f619eedc..917c6cebbef 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -31,9 +31,9 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; $langs->load("errors"); $langs->load("admin"); -$mode=isset($_GET["mode"])?GETPOST("mode"):(isset($_SESSION['mode'])?$_SESSION['mode']:0); +$mode=GETPOST('mode', 'alpha')?GETPOST('mode', 'alpha'):(isset($_SESSION['mode'])?$_SESSION['mode']:0); $action=GETPOST('action','alpha'); -$value=GETPOST('value'); +$value=GETPOST('value', 'alpha'); if (! $user->admin) accessforbidden(); diff --git a/htdocs/externalsite/frames.php b/htdocs/externalsite/frames.php index 734096506f5..ac7a0caa1d8 100644 --- a/htdocs/externalsite/frames.php +++ b/htdocs/externalsite/frames.php @@ -34,11 +34,11 @@ if (empty($conf->global->EXTERNALSITE_URL)) llxFooter(); } -$mainmenu=GETPOST('mainmenu'); -$leftmenu=GETPOST('leftmenu'); -$idmenu=GETPOST('idmenu'); -$theme=GETPOST('theme'); -$codelang=GETPOST('lang'); +$mainmenu=GETPOST('mainmenu', 'alpha'); +$leftmenu=GETPOST('leftmenu', 'alpha'); +$idmenu=GETPOST('idmenu', 'int'); +$theme=GETPOST('theme', 'alpha'); +$codelang=GETPOST('lang', 'alpha'); print " diff --git a/htdocs/index.php b/htdocs/index.php index e8779f827d1..ebc2b3a1c6a 100644 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -30,7 +30,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; // If not defined, we select menu "home" -if (! isset($_GET["mainmenu"])) $_GET["mainmenu"]="home"; +$_GET['mainmenu']=GETPOST('mainmenu', 'alpha')?GETPOST('mainmenu', 'alpha'):'home'; $action=GETPOST('action'); diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index ce7c2953e19..28a2a3cb036 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -303,7 +303,7 @@ class User extends CommonObject // les caracteristiques (module, perms et subperms) de ce droit. $sql = "SELECT module, perms, subperms"; $sql.= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql.= " WHERE id = '".$rid."'"; + $sql.= " WHERE id = '".$this->escape($rid)."'"; $sql.= " AND entity = ".$entity; $result=$this->db->query($sql); @@ -319,21 +319,21 @@ class User extends CommonObject } // Where pour la liste des droits a ajouter - $whereforadd="id=".$rid; + $whereforadd="id=".$this->escape($rid); // Ajout des droits induits - if ($subperms) $whereforadd.=" OR (module='$module' AND perms='$perms' AND (subperms='lire' OR subperms='read'))"; - else if ($perms) $whereforadd.=" OR (module='$module' AND (perms='lire' OR perms='read') AND subperms IS NULL)"; + if (! empty($subperms)) $whereforadd.=" OR (module='$module' AND perms='$perms' AND (subperms='lire' OR subperms='read'))"; + else if (! empty($perms)) $whereforadd.=" OR (module='$module' AND (perms='lire' OR perms='read') AND subperms IS NULL)"; } else { // On a pas demande un droit en particulier mais une liste de droits // sur la base d'un nom de module de de perms // Where pour la liste des droits a ajouter - if ($allmodule) $whereforadd="module='$allmodule'"; - if ($allperms) $whereforadd=" AND perms='$allperms'"; + if (! empty($allmodule)) $whereforadd="module='".$this->escape($allmodule)."'"; + if (! empty($allperms)) $whereforadd=" AND perms='".$this->escape($allperms)."'"; } // Ajout des droits trouves grace au critere whereforadd - if ($whereforadd) + if (! empty($whereforadd)) { //print "$module-$perms-$subperms"; $sql = "SELECT id"; @@ -403,7 +403,7 @@ class User extends CommonObject // les caracteristiques module, perms et subperms de ce droit. $sql = "SELECT module, perms, subperms"; $sql.= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql.= " WHERE id = '".$rid."'"; + $sql.= " WHERE id = '".$this->escape($rid)."'"; $sql.= " AND entity = ".$entity; $result=$this->db->query($sql); @@ -419,7 +419,7 @@ class User extends CommonObject } // Where pour la liste des droits a supprimer - $wherefordel="id=".$rid; + $wherefordel="id=".$this->escape($rid); // Suppression des droits induits if ($subperms=='lire' || $subperms=='read') $wherefordel.=" OR (module='$module' AND perms='$perms' AND subperms IS NOT NULL)"; if ($perms=='lire' || $perms=='read') $wherefordel.=" OR (module='$module')"; @@ -427,12 +427,12 @@ class User extends CommonObject else { // On a demande suppression d'un droit sur la base d'un nom de module ou perms // Where pour la liste des droits a supprimer - if ($allmodule) $wherefordel="module='$allmodule'"; - if ($allperms) $wherefordel=" AND perms='$allperms'"; + if (! empty($allmodule)) $wherefordel="module='".$this->escape($allmodule)."'"; + if (! empty($allperms)) $wherefordel=" AND perms='".$this->escape($allperms)."'"; } // Suppression des droits selon critere defini dans wherefordel - if ($wherefordel) + if (! empty($wherefordel)) { //print "$module-$perms-$subperms"; $sql = "SELECT id"; diff --git a/htdocs/user/group/perms.php b/htdocs/user/group/perms.php index 6caf070d675..7f28a91747b 100644 --- a/htdocs/user/group/perms.php +++ b/htdocs/user/group/perms.php @@ -33,9 +33,10 @@ $langs->load("users"); $langs->load("admin"); $id=GETPOST('id','int'); -$action=GETPOST("action"); -$confirm=GETPOST("confirm"); -$module=GETPOST("module"); +$action=GETPOST('action', 'alpha'); +$confirm=GETPOST('confirm', 'alpha'); +$module=GETPOST('module', 'alpha'); +$rights=GETPOST('rights', 'int'); // Defini si peux lire les permissions $canreadperms=($user->admin || $user->rights->user->user->lire); @@ -60,14 +61,14 @@ if ($action == 'addrights' && $caneditperms) { $editgroup = new Usergroup($db); $result=$editgroup->fetch($id); - if ($result > 0) $editgroup->addrights($_GET["rights"],$module); + if ($result > 0) $editgroup->addrights($rights, $module); } if ($action == 'delrights' && $caneditperms) { $editgroup = new Usergroup($db); $result=$editgroup->fetch($id); - if ($result > 0) $editgroup->delrights($_GET["rights"],$module); + if ($result > 0) $editgroup->delrights($rights, $module); } diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index 0a1ecd72b56..681a50fd5a1 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -35,8 +35,8 @@ $langs->load("admin"); $id=GETPOST('id', 'int'); $action=GETPOST('action', 'alpha'); $confirm=GETPOST('confirm', 'alpha'); -$rights=GETPOST('rights','int'); -$module=GETPOST('module'); +$module=GETPOST('module', 'alpha'); +$rights=GETPOST('rights', 'int'); $entity=(GETPOST('entity','int')?GETPOST('entity','int'):$conf->entity); if (! isset($id) || empty($id)) accessforbidden(); From ac9dea1c19694327b07ff9b3eaa4f9b80c7aaae4 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Sat, 20 Oct 2012 09:40:50 +0200 Subject: [PATCH 7/9] Fix: security --- htdocs/user/class/usergroup.class.php | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/htdocs/user/class/usergroup.class.php b/htdocs/user/class/usergroup.class.php index bef8f6e5577..0b5ff72d039 100644 --- a/htdocs/user/class/usergroup.class.php +++ b/htdocs/user/class/usergroup.class.php @@ -239,13 +239,13 @@ class UserGroup extends CommonObject $this->db->begin(); - if ($rid) + if (! empty($rid)) { // Si on a demande ajout d'un droit en particulier, on recupere // les caracteristiques (module, perms et subperms) de ce droit. $sql = "SELECT module, perms, subperms"; $sql.= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql.= " WHERE id = '".$rid."'"; + $sql.= " WHERE id = '".$this->escape($rid)."'"; $sql.= " AND entity = ".$conf->entity; $result=$this->db->query($sql); @@ -261,7 +261,7 @@ class UserGroup extends CommonObject } // Where pour la liste des droits a ajouter - $whereforadd="id=".$rid; + $whereforadd="id=".$this->escape($rid); // Ajout des droits induits if ($subperms) $whereforadd.=" OR (module='$module' AND perms='$perms' AND (subperms='lire' OR subperms='read'))"; else if ($perms) $whereforadd.=" OR (module='$module' AND (perms='lire' OR perms='read') AND subperms IS NULL)"; @@ -272,12 +272,12 @@ class UserGroup extends CommonObject } else { // Where pour la liste des droits a ajouter - if ($allmodule) $whereforadd="module='$allmodule'"; - if ($allperms) $whereforadd=" AND perms='$allperms'"; + if (! empty($allmodule)) $whereforadd="module='".$this->escape($allmodule)."'"; + if (! empty($allperms)) $whereforadd=" AND perms='".$this->escape($allperms)."'"; } // Ajout des droits de la liste whereforadd - if ($whereforadd) + if (! empty($whereforadd)) { //print "$module-$perms-$subperms"; $sql = "SELECT id"; @@ -339,13 +339,13 @@ class UserGroup extends CommonObject $this->db->begin(); - if ($rid) + if (! empty($rid)) { // Si on a demande supression d'un droit en particulier, on recupere // les caracteristiques module, perms et subperms de ce droit. $sql = "SELECT module, perms, subperms"; $sql.= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql.= " WHERE id = '".$rid."'"; + $sql.= " WHERE id = '".$this->escape($rid)."'"; $sql.= " AND entity = ".$conf->entity; $result=$this->db->query($sql); @@ -361,7 +361,7 @@ class UserGroup extends CommonObject } // Where pour la liste des droits a supprimer - $wherefordel="id=".$rid; + $wherefordel="id=".$this->escape($rid); // Suppression des droits induits if ($subperms=='lire' || $subperms=='read') $wherefordel.=" OR (module='$module' AND perms='$perms' AND subperms IS NOT NULL)"; if ($perms=='lire' || $perms=='read') $wherefordel.=" OR (module='$module')"; @@ -372,12 +372,12 @@ class UserGroup extends CommonObject } else { // Where pour la liste des droits a supprimer - if ($allmodule) $wherefordel="module='$allmodule'"; - if ($allperms) $wherefordel=" AND perms='$allperms'"; + if (! empty($allmodule)) $wherefordel="module='".$this->escape($allmodule)."'"; + if (! empty($allperms)) $wherefordel=" AND perms='".$this->escape($allperms)."'"; } // Suppression des droits de la liste wherefordel - if ($wherefordel) + if (! empty($wherefordel)) { //print "$module-$perms-$subperms"; $sql = "SELECT id"; From 033e9066fb81babf39daffe20529455780c327c1 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Sat, 20 Oct 2012 10:04:49 +0200 Subject: [PATCH 8/9] New: try to use hookmanager for customizing list --- htdocs/comm/list.php | 38 ++++++++++++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 8 deletions(-) diff --git a/htdocs/comm/list.php b/htdocs/comm/list.php index da457735f9a..eebb066beed 100755 --- a/htdocs/comm/list.php +++ b/htdocs/comm/list.php @@ -56,10 +56,19 @@ $search_sale = GETPOST("search_sale"); $search_categ = GETPOST("search_categ",'int'); $catid = GETPOST("catid",'int'); +// Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array +include_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php'; +$hookmanager=new HookManager($db); +$hookmanager->initHooks(array('customerlist')); + + /* * Actions */ +$parameters=array(); +$reshook=$hookmanager->executeHooks('doActions',$parameters); // Note that $action and $object may have been modified by some hooks + // Do we click on purge search criteria ? if (GETPOST("button_removefilter_x")) { @@ -140,8 +149,7 @@ if ($result) $i = 0; - print '
'."\n"; - print ''."\n"; + print ''."\n"; // Filter on categories $moreforfilter=''; @@ -159,12 +167,13 @@ if ($result) } if ($moreforfilter) { - print ''; - print ''; + print ''; } + print '
'; + print '
'; print $moreforfilter; - print '
'."\n"; + print ''; print_liste_field_titre($langs->trans("Company"),$_SERVER["PHP_SELF"],"s.nom","",$param,"",$sortfield,$sortorder); print_liste_field_titre($langs->trans("Town"),$_SERVER["PHP_SELF"],"s.ville","",$param,"",$sortfield,$sortorder); @@ -172,7 +181,11 @@ if ($result) print_liste_field_titre($langs->trans("AccountancyCode"),$_SERVER["PHP_SELF"],"s.code_compta","",$param,'align="left"',$sortfield,$sortorder); print_liste_field_titre($langs->trans("DateCreation"),$_SERVER["PHP_SELF"],"datec","",$param,'align="right"',$sortfield,$sortorder); print_liste_field_titre($langs->trans("Status"),$_SERVER["PHP_SELF"],"s.status","",$param,'align="right"',$sortfield,$sortorder); - print "\n"; + + $parameters=array(); + $formconfirm=$hookmanager->executeHooks('printFieldListTitle',$parameters); // Note that $action and $object may have been modified by hook + + print "\n"; print ''; @@ -199,6 +212,9 @@ if ($result) print ''; print ''; + $parameters=array(); + $formconfirm=$hookmanager->executeHooks('printFieldListOption',$parameters); // Note that $action and $object may have been modified by hook + print "\n"; $var=True; @@ -224,6 +240,10 @@ if ($result) print ''; print ''; + + $parameters=array('obj' => $obj); + $formconfirm=$hookmanager->executeHooks('printFieldListValue',$parameters); // Note that $action and $object may have been modified by hook + print "\n"; $i++; } @@ -231,13 +251,15 @@ if ($result) print "
'.dol_print_date($db->jdate($obj->datec),'day').''.$thirdpartystatic->getLibStatut(3); print '
\n"; print "
\n"; $db->free($result); + + $parameters=array('sql' => $sql); + $formconfirm=$hookmanager->executeHooks('printFieldListFooter',$parameters); // Note that $action and $object may have been modified by hook } else { dol_print_error($db); } -$db->close(); - llxFooter(); +$db->close(); ?> From 97245d36aa3c5f40bf45812ca664b0b01c6292d7 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Sat, 20 Oct 2012 11:10:36 +0200 Subject: [PATCH 9/9] Fix: wrong method --- htdocs/user/class/user.class.php | 16 ++++++++-------- htdocs/user/class/usergroup.class.php | 16 ++++++++-------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 28a2a3cb036..27d03b7be7a 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -303,7 +303,7 @@ class User extends CommonObject // les caracteristiques (module, perms et subperms) de ce droit. $sql = "SELECT module, perms, subperms"; $sql.= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql.= " WHERE id = '".$this->escape($rid)."'"; + $sql.= " WHERE id = '".$this->db->escape($rid)."'"; $sql.= " AND entity = ".$entity; $result=$this->db->query($sql); @@ -319,7 +319,7 @@ class User extends CommonObject } // Where pour la liste des droits a ajouter - $whereforadd="id=".$this->escape($rid); + $whereforadd="id=".$this->db->escape($rid); // Ajout des droits induits if (! empty($subperms)) $whereforadd.=" OR (module='$module' AND perms='$perms' AND (subperms='lire' OR subperms='read'))"; else if (! empty($perms)) $whereforadd.=" OR (module='$module' AND (perms='lire' OR perms='read') AND subperms IS NULL)"; @@ -328,8 +328,8 @@ class User extends CommonObject // On a pas demande un droit en particulier mais une liste de droits // sur la base d'un nom de module de de perms // Where pour la liste des droits a ajouter - if (! empty($allmodule)) $whereforadd="module='".$this->escape($allmodule)."'"; - if (! empty($allperms)) $whereforadd=" AND perms='".$this->escape($allperms)."'"; + if (! empty($allmodule)) $whereforadd="module='".$this->db->escape($allmodule)."'"; + if (! empty($allperms)) $whereforadd=" AND perms='".$this->db->escape($allperms)."'"; } // Ajout des droits trouves grace au critere whereforadd @@ -403,7 +403,7 @@ class User extends CommonObject // les caracteristiques module, perms et subperms de ce droit. $sql = "SELECT module, perms, subperms"; $sql.= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql.= " WHERE id = '".$this->escape($rid)."'"; + $sql.= " WHERE id = '".$this->db->escape($rid)."'"; $sql.= " AND entity = ".$entity; $result=$this->db->query($sql); @@ -419,7 +419,7 @@ class User extends CommonObject } // Where pour la liste des droits a supprimer - $wherefordel="id=".$this->escape($rid); + $wherefordel="id=".$this->db->escape($rid); // Suppression des droits induits if ($subperms=='lire' || $subperms=='read') $wherefordel.=" OR (module='$module' AND perms='$perms' AND subperms IS NOT NULL)"; if ($perms=='lire' || $perms=='read') $wherefordel.=" OR (module='$module')"; @@ -427,8 +427,8 @@ class User extends CommonObject else { // On a demande suppression d'un droit sur la base d'un nom de module ou perms // Where pour la liste des droits a supprimer - if (! empty($allmodule)) $wherefordel="module='".$this->escape($allmodule)."'"; - if (! empty($allperms)) $wherefordel=" AND perms='".$this->escape($allperms)."'"; + if (! empty($allmodule)) $wherefordel="module='".$this->db->escape($allmodule)."'"; + if (! empty($allperms)) $wherefordel=" AND perms='".$this->db->escape($allperms)."'"; } // Suppression des droits selon critere defini dans wherefordel diff --git a/htdocs/user/class/usergroup.class.php b/htdocs/user/class/usergroup.class.php index 0b5ff72d039..21ea7606e29 100644 --- a/htdocs/user/class/usergroup.class.php +++ b/htdocs/user/class/usergroup.class.php @@ -245,7 +245,7 @@ class UserGroup extends CommonObject // les caracteristiques (module, perms et subperms) de ce droit. $sql = "SELECT module, perms, subperms"; $sql.= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql.= " WHERE id = '".$this->escape($rid)."'"; + $sql.= " WHERE id = '".$this->db->escape($rid)."'"; $sql.= " AND entity = ".$conf->entity; $result=$this->db->query($sql); @@ -261,7 +261,7 @@ class UserGroup extends CommonObject } // Where pour la liste des droits a ajouter - $whereforadd="id=".$this->escape($rid); + $whereforadd="id=".$this->db->escape($rid); // Ajout des droits induits if ($subperms) $whereforadd.=" OR (module='$module' AND perms='$perms' AND (subperms='lire' OR subperms='read'))"; else if ($perms) $whereforadd.=" OR (module='$module' AND (perms='lire' OR perms='read') AND subperms IS NULL)"; @@ -272,8 +272,8 @@ class UserGroup extends CommonObject } else { // Where pour la liste des droits a ajouter - if (! empty($allmodule)) $whereforadd="module='".$this->escape($allmodule)."'"; - if (! empty($allperms)) $whereforadd=" AND perms='".$this->escape($allperms)."'"; + if (! empty($allmodule)) $whereforadd="module='".$this->db->escape($allmodule)."'"; + if (! empty($allperms)) $whereforadd=" AND perms='".$this->db->escape($allperms)."'"; } // Ajout des droits de la liste whereforadd @@ -345,7 +345,7 @@ class UserGroup extends CommonObject // les caracteristiques module, perms et subperms de ce droit. $sql = "SELECT module, perms, subperms"; $sql.= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql.= " WHERE id = '".$this->escape($rid)."'"; + $sql.= " WHERE id = '".$this->db->escape($rid)."'"; $sql.= " AND entity = ".$conf->entity; $result=$this->db->query($sql); @@ -361,7 +361,7 @@ class UserGroup extends CommonObject } // Where pour la liste des droits a supprimer - $wherefordel="id=".$this->escape($rid); + $wherefordel="id=".$this->db->escape($rid); // Suppression des droits induits if ($subperms=='lire' || $subperms=='read') $wherefordel.=" OR (module='$module' AND perms='$perms' AND subperms IS NOT NULL)"; if ($perms=='lire' || $perms=='read') $wherefordel.=" OR (module='$module')"; @@ -372,8 +372,8 @@ class UserGroup extends CommonObject } else { // Where pour la liste des droits a supprimer - if (! empty($allmodule)) $wherefordel="module='".$this->escape($allmodule)."'"; - if (! empty($allperms)) $wherefordel=" AND perms='".$this->escape($allperms)."'"; + if (! empty($allmodule)) $wherefordel="module='".$this->db->escape($allmodule)."'"; + if (! empty($allperms)) $wherefordel=" AND perms='".$this->db->escape($allperms)."'"; } // Suppression des droits de la liste wherefordel