From 283c83cae0dfd20de06a97e22ccafa5a4027b64b Mon Sep 17 00:00:00 2001 From: Mickael Desgranges Date: Mon, 30 Nov 2020 09:04:13 +0100 Subject: [PATCH 1/6] FIX: undefined measuring_units_squared() on update On update product, by a third party module, measuring_units_squared() and measuring_units_cubed() was undefined --- htdocs/product/class/product.class.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 03d81d4fd64..3c76d25df8b 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -35,6 +35,7 @@ * \ingroup produit * \brief File of class to manage predefined products or services */ +require_once DOL_DOCUMENT_ROOT.'/core/lib/product.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/commonobject.class.php'; require_once DOL_DOCUMENT_ROOT.'/product/class/productbatch.class.php'; require_once DOL_DOCUMENT_ROOT.'/product/stock/class/entrepot.class.php'; From 16b69a069e64efb66d952f55ffa9b0f8db85f54d Mon Sep 17 00:00:00 2001 From: Tim Otte Date: Mon, 30 Nov 2020 10:21:10 +0100 Subject: [PATCH 2/6] Fixed sql error where column names were used instead of sql column names --- htdocs/core/class/commondocgenerator.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/class/commondocgenerator.class.php b/htdocs/core/class/commondocgenerator.class.php index f610e6bb952..78eef83b073 100644 --- a/htdocs/core/class/commondocgenerator.class.php +++ b/htdocs/core/class/commondocgenerator.class.php @@ -596,7 +596,7 @@ abstract class CommonDocGenerator { $columns = ""; - foreach ($extralabels as $key) + foreach ($extralabels as $key => $label) { $columns .= "$key, "; } @@ -610,7 +610,7 @@ abstract class CommonDocGenerator { $resql = $this->db->fetch_object($resql); - foreach ($extralabels as $key) + foreach ($extralabels as $key => $label) { $resarray['line_product_supplier_'.$key] = $resql->{$key}; } From c0c8aef7aa0e366a4d0665dbc10a41961e4cccff Mon Sep 17 00:00:00 2001 From: Stephane Lesage Date: Sun, 29 Nov 2020 23:16:58 +0100 Subject: [PATCH 3/6] fix Users list filter by gender --- htdocs/user/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/user/list.php b/htdocs/user/list.php index 257bcd4c6be..dce6fcb800a 100644 --- a/htdocs/user/list.php +++ b/htdocs/user/list.php @@ -343,7 +343,7 @@ if ($search_thirdparty != '') $sql .= natural_search(array('s.nom'), $search_thi if ($search_login != '') $sql .= natural_search("u.login", $search_login); if ($search_lastname != '') $sql .= natural_search("u.lastname", $search_lastname); if ($search_firstname != '') $sql .= natural_search("u.firstname", $search_firstname); -if ($search_gender != '' && $search_gender != '-1') $sql .= natural_search("u.gender", $search_gender); +if ($search_gender != '' && $search_gender != '-1') $sql .= " AND u.gender = '".$search_gender."'"; // Cannot use natural_search as looking for %man% also includes woman if (is_numeric($search_employee) && $search_employee >= 0) { $sql .= ' AND u.employee = '.(int) $search_employee; } From 7fbf5482fc4e666d7b653d3fcb86d44e71b8b5ee Mon Sep 17 00:00:00 2001 From: Stephane Lesage Date: Sun, 29 Nov 2020 23:36:06 +0100 Subject: [PATCH 4/6] missing db->escape --- htdocs/user/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/user/list.php b/htdocs/user/list.php index dce6fcb800a..d17507b3b33 100644 --- a/htdocs/user/list.php +++ b/htdocs/user/list.php @@ -343,7 +343,7 @@ if ($search_thirdparty != '') $sql .= natural_search(array('s.nom'), $search_thi if ($search_login != '') $sql .= natural_search("u.login", $search_login); if ($search_lastname != '') $sql .= natural_search("u.lastname", $search_lastname); if ($search_firstname != '') $sql .= natural_search("u.firstname", $search_firstname); -if ($search_gender != '' && $search_gender != '-1') $sql .= " AND u.gender = '".$search_gender."'"; // Cannot use natural_search as looking for %man% also includes woman +if ($search_gender != '' && $search_gender != '-1') $sql .= " AND u.gender = '".$db->escape($search_gender)."'"; // Cannot use natural_search as looking for %man% also includes woman if (is_numeric($search_employee) && $search_employee >= 0) { $sql .= ' AND u.employee = '.(int) $search_employee; } From ffcce1a4b492e6435dd16b6e9727e7c357c388ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Mon, 30 Nov 2020 13:02:05 +0100 Subject: [PATCH 5/6] remove syntax error --- htdocs/core/actions_extrafields.inc.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/htdocs/core/actions_extrafields.inc.php b/htdocs/core/actions_extrafields.inc.php index 1557d156f03..3181ea882da 100644 --- a/htdocs/core/actions_extrafields.inc.php +++ b/htdocs/core/actions_extrafields.inc.php @@ -153,8 +153,7 @@ if ($action == 'add') if (!$error) { // attrname must be alphabetical and lower case only - if (GETPOSISSET("attrname") && preg_match("/^[a-z0-9-_]+$/", GETPOST('attrname', 'aZ09')) && !is_numeric(GETPOST('attrname', 'aZ09'))) - { + if (GETPOSTISSET("attrname") && preg_match("/^[a-z0-9-_]+$/", GETPOST('attrname', 'aZ09')) && !is_numeric(GETPOST('attrname', 'aZ09'))) { // Construct array for parameter (value of select list) $default_value = GETPOST('default_value', 'alpha'); $parameters = $param; @@ -166,7 +165,7 @@ if ($action == 'add') $params['options'] = array($parameters=>null); } } else { - //Esle it's separated key/value and coma list + // Else it's separated key/value and coma list foreach ($parameters_array as $param_ligne) { list($key, $value) = explode(',', $param_ligne); From 765df4191840b58a7776fb030793315a48ef85ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Mon, 30 Nov 2020 15:44:29 +0100 Subject: [PATCH 6/6] introduce GETPOSTINT --- htdocs/core/lib/functions.lib.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 61360d66f51..f594cdd052c 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -604,6 +604,22 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null return $out; } +/** + * Return value of a param into GET or POST supervariable. + * Use the property $user->default_values[path]['creatform'] and/or $user->default_values[path]['filters'] and/or $user->default_values[path]['sortorder'] + * Note: The property $user->default_values is loaded by main.php when loading the user. + * + * @param string $paramname Name of parameter to found + * @param int $method Type of method (0 = get then post, 1 = only get, 2 = only post, 3 = post then get) + * @param int $filter Filter to apply when $check is set to 'custom'. (See http://php.net/manual/en/filter.filters.php for détails) + * @param mixed $options Options to pass to filter_var when $check is set to 'custom' + * @param string $noreplace Force disable of replacement of __xxx__ strings. + * @return int Value found (int) + */ +function GETPOSTINT($paramname, $method = 0, $filter = null, $options = null, $noreplace = 0) +{ + return (int) GETPOST($paramname, 'int', $method, $filter, $options, $noreplace); +} /** * Return a value after checking on a rule.