From 894eb1e5a418f9e0c2d7c60490a8dfc1083bee17 Mon Sep 17 00:00:00 2001 From: Gauthier PC portable 024 Date: Mon, 19 Apr 2021 14:34:11 +0200 Subject: [PATCH 001/149] NEW : "+" and "-" to show / hide batch details on product "stock" tab --- htdocs/admin/stock.php | 15 +++++++++ htdocs/langs/en_US/stocks.lang | 3 +- htdocs/langs/fr_FR/stocks.lang | 1 + htdocs/product/stock/product.php | 56 ++++++++++++++++++++++++++++++-- 4 files changed, 71 insertions(+), 4 deletions(-) diff --git a/htdocs/admin/stock.php b/htdocs/admin/stock.php index 39a9e5ae601..c2d64d977c3 100644 --- a/htdocs/admin/stock.php +++ b/htdocs/admin/stock.php @@ -758,6 +758,21 @@ if ($conf->use_javascript_ajax) { } print "\n"; print "\n"; + +if (!empty($conf->productbatch->enabled)) { + print ''; + print '' . $langs->trans("ShowAllBatchByDefault") . ''; + print ''; + if ($conf->use_javascript_ajax) { + print ajax_constantonoff('STOCK_SHOW_ALL_BATCH_BY_DEFAULT'); + } else { + $arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes")); + print $form->selectarray("STOCK_SHOW_ALL_BATCH_BY_DEFAULT", $arrval, $conf->global->STOCK_SHOW_ALL_BATCH_BY_DEFAULT); + } + print "\n"; + print "\n"; +} + print ''; print ''; diff --git a/htdocs/langs/en_US/stocks.lang b/htdocs/langs/en_US/stocks.lang index 1b54e53d6de..376b86fcef7 100644 --- a/htdocs/langs/en_US/stocks.lang +++ b/htdocs/langs/en_US/stocks.lang @@ -240,4 +240,5 @@ InventoryRealQtyHelp=Set value to 0 to reset qty
Keep field empty, or remove UpdateByScaning=Update by scaning UpdateByScaningProductBarcode=Update by scan (product barcode) UpdateByScaningLot=Update by scan (lot|serial barcode) -DisableStockChangeOfSubProduct=Deactivate the stock change for all the subproducts of this Kit during this movement. \ No newline at end of file +DisableStockChangeOfSubProduct=Deactivate the stock change for all the subproducts of this Kit during this movement. +ShowAllBatchByDefault=By default, show batch details on product "stock" tab diff --git a/htdocs/langs/fr_FR/stocks.lang b/htdocs/langs/fr_FR/stocks.lang index 444c546b853..cf178141f74 100644 --- a/htdocs/langs/fr_FR/stocks.lang +++ b/htdocs/langs/fr_FR/stocks.lang @@ -242,3 +242,4 @@ UpdateByScaning=Mise à jour par scan UpdateByScaningProductBarcode=Mettre à jour par scan (code-barres produit) UpdateByScaningLot=Mise à jour par scan (code barres lot/série) DisableStockChangeOfSubProduct=Désactiver les mouvements de stock des composants pour tout mouvement de stock de ce kit +ShowAllBatchByDefault=Dérouler par défaut le détail des lots dans l'onglet "stock" diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php index d1c1ea99ff7..1b72404011b 100644 --- a/htdocs/product/stock/product.php +++ b/htdocs/product/stock/product.php @@ -9,6 +9,7 @@ * Copyright (C) 2014-2015 Cédric Gross * Copyright (C) 2015 Marcos García * Copyright (C) 2018-2019 Frédéric France + * Copyright (C) 2021 Gauthier VERDOL * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -522,6 +523,48 @@ if ($id > 0 || $ref) llxHeader('', $title, $helpurl); + ?> + + + + 0) { $head = product_prepare_head($object); @@ -828,7 +871,10 @@ if (!$variants) { print ''; if ((!empty($conf->productbatch->enabled)) && $object->hasbatch()) { $colspan = 3; - print ''; + print ''; + print ''.img_picto('', 'folder', 'class="paddingright"').$langs->trans("UndoExpandAll").''; + print ''.img_picto('', 'folder-open', 'class="paddingright"').$langs->trans("ExpandAll").''; + print ''; print ''.$langs->trans("batch_number").''; if (empty($conf->global->PRODUCT_DISABLE_EATBY)) { $colspan--; @@ -880,7 +926,11 @@ if (!$variants) { $stock_real = price2num($obj->reel, 'MS'); print ''; - print ''.$entrepotstatic->getNomUrl(1).''; + print ''; + if(!empty($conf->productbatch->enabled)) { + print '' . (empty($conf->global->STOCK_SHOW_ALL_BATCH_BY_DEFAULT) ? '(+)' : '(-)') . ' '; + } + print $entrepotstatic->getNomUrl(1).''; print ''.$stock_real.($stock_real < 0 ? ' '.img_warning() : '').''; // PMP print ''.(price2num($object->pmp) ? price2num($object->pmp, 'MU') : '').''; @@ -934,7 +984,7 @@ if (!$variants) { print ''; print ''; } else { - print "\n".''; + print "\n".''; print img_picto($langs->trans("Tranfer"), 'uparrow', 'class="hideonsmartphone"').' '; print 'id.'">'.$langs->trans("TransferStock").''; // Disabled, because edition of stock content must use the "Correct stock menu". From a79823742f464f0bbbe5ca217debf0c37c13d37e Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Mon, 19 Apr 2021 12:41:17 +0000 Subject: [PATCH 002/149] Fixing style errors. --- htdocs/product/stock/product.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php index 1b72404011b..17b209b845a 100644 --- a/htdocs/product/stock/product.php +++ b/htdocs/product/stock/product.php @@ -927,7 +927,7 @@ if (!$variants) { $stock_real = price2num($obj->reel, 'MS'); print ''; print ''; - if(!empty($conf->productbatch->enabled)) { + if (!empty($conf->productbatch->enabled)) { print '' . (empty($conf->global->STOCK_SHOW_ALL_BATCH_BY_DEFAULT) ? '(+)' : '(-)') . ' '; } print $entrepotstatic->getNomUrl(1).''; From 2236d1b07fa6c5967d8ab46049608dc0790e188d Mon Sep 17 00:00:00 2001 From: Gauthier PC portable 024 Date: Mon, 19 Apr 2021 14:46:28 +0200 Subject: [PATCH 003/149] FIX : Hide all and check all links always available --- htdocs/product/stock/product.php | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php index 1b72404011b..8e17eb0c885 100644 --- a/htdocs/product/stock/product.php +++ b/htdocs/product/stock/product.php @@ -545,8 +545,6 @@ if ($id > 0 || $ref) }); $("#show_all").click(function() { - $(this).hide(); - $("#hide_all").show(); $("[class^=batch_warehouse]").show(); $("[class^=collapse_batch]").html('(-) '); return false; @@ -554,8 +552,6 @@ if ($id > 0 || $ref) $("#hide_all").click(function() { $("[class^=batch_warehouse]").hide(); - $(this).hide(); - $("#show_all").show(); $("[class^=collapse_batch]").html('(+) '); return false; }); @@ -872,8 +868,8 @@ if (!$variants) { if ((!empty($conf->productbatch->enabled)) && $object->hasbatch()) { $colspan = 3; print ''; - print ''.img_picto('', 'folder', 'class="paddingright"').$langs->trans("UndoExpandAll").''; - print ''.img_picto('', 'folder-open', 'class="paddingright"').$langs->trans("ExpandAll").''; + print ''.img_picto('', 'folder-open', 'class="paddingright"').$langs->trans("ExpandAll").'
'; + print ''.img_picto('', 'folder', 'class="paddingright"').$langs->trans("UndoExpandAll").''; print ''; print ''.$langs->trans("batch_number").''; if (empty($conf->global->PRODUCT_DISABLE_EATBY)) { From 72ea2a56ea216e803d789719d88ddfc4416b64a2 Mon Sep 17 00:00:00 2001 From: Gauthier PC portable 024 Date: Tue, 20 Apr 2021 10:02:53 +0200 Subject: [PATCH 004/149] NEW : help text --- htdocs/langs/en_US/stocks.lang | 1 + htdocs/langs/fr_FR/stocks.lang | 1 + htdocs/product/stock/product.php | 3 ++- 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/htdocs/langs/en_US/stocks.lang b/htdocs/langs/en_US/stocks.lang index 376b86fcef7..fa686b7baa3 100644 --- a/htdocs/langs/en_US/stocks.lang +++ b/htdocs/langs/en_US/stocks.lang @@ -242,3 +242,4 @@ UpdateByScaningProductBarcode=Update by scan (product barcode) UpdateByScaningLot=Update by scan (lot|serial barcode) DisableStockChangeOfSubProduct=Deactivate the stock change for all the subproducts of this Kit during this movement. ShowAllBatchByDefault=By default, show batch details on product "stock" tab +CollapseBatchDetailHelp=You can set batch detail default display in stocks module configuration diff --git a/htdocs/langs/fr_FR/stocks.lang b/htdocs/langs/fr_FR/stocks.lang index cf178141f74..53118bc6b36 100644 --- a/htdocs/langs/fr_FR/stocks.lang +++ b/htdocs/langs/fr_FR/stocks.lang @@ -243,3 +243,4 @@ UpdateByScaningProductBarcode=Mettre à jour par scan (code-barres produit) UpdateByScaningLot=Mise à jour par scan (code barres lot/série) DisableStockChangeOfSubProduct=Désactiver les mouvements de stock des composants pour tout mouvement de stock de ce kit ShowAllBatchByDefault=Dérouler par défaut le détail des lots dans l'onglet "stock" +CollapseBatchDetailHelp=Vous pouvez définir l'affichage par défaut du détail des lots dans la configuration du module stocks diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php index 97ccccb1cbc..b97903f0e84 100644 --- a/htdocs/product/stock/product.php +++ b/htdocs/product/stock/product.php @@ -869,7 +869,8 @@ if (!$variants) { $colspan = 3; print ''; print ''.img_picto('', 'folder-open', 'class="paddingright"').$langs->trans("ExpandAll").'
'; - print ''.img_picto('', 'folder', 'class="paddingright"').$langs->trans("UndoExpandAll").''; + print ''.img_picto('', 'folder', 'class="paddingright"').$langs->trans("UndoExpandAll").' '; + print $form->textwithpicto('', $langs->trans('CollapseBatchDetailHelp'), 1, 'help', ''); print ''; print ''.$langs->trans("batch_number").''; if (empty($conf->global->PRODUCT_DISABLE_EATBY)) { From 56d78cf12a4e57ab23868ce7caf9eda017727fa0 Mon Sep 17 00:00:00 2001 From: Quentin VIAL-GOUTEYRON Date: Wed, 12 May 2021 11:02:27 +0200 Subject: [PATCH 005/149] FIX missing town and zip filter in contract list sql request --- htdocs/contrat/list.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php index a7b5114501f..96754e639fd 100644 --- a/htdocs/contrat/list.php +++ b/htdocs/contrat/list.php @@ -256,6 +256,8 @@ if ($search_email) $sql .= natural_search('s.email', $search_email); if ($search_contract) $sql .= natural_search(array('c.rowid', 'c.ref'), $search_contract); if (!empty($search_ref_customer)) $sql .= natural_search(array('c.ref_customer'), $search_ref_customer); if (!empty($search_ref_supplier)) $sql .= natural_search(array('c.ref_supplier'), $search_ref_supplier); +if ($search_zip) $sql .= natural_search(array('s.zip'), $search_zip); +if ($search_town) $sql .= natural_search(array('s.town'), $search_town); if ($search_sale > 0) { $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$search_sale; From 6bbd6db84bc1ec551632a6e2334bc61080a37a17 Mon Sep 17 00:00:00 2001 From: Givriz Date: Mon, 17 May 2021 18:39:08 +0200 Subject: [PATCH 006/149] Compatibility phpv8 --- htdocs/admin/system/modules.php | 2 +- htdocs/admin/tools/listevents.php | 2 +- htdocs/main.inc.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/admin/system/modules.php b/htdocs/admin/system/modules.php index f3892e105bb..4a77d2452c4 100644 --- a/htdocs/admin/system/modules.php +++ b/htdocs/admin/system/modules.php @@ -277,7 +277,7 @@ if ($arrayfields['module_position']['checked']) { } // Fields from hook -$parameters = array('arrayfields'=>$arrayfields, 'param'=>$param, 'sortfield'=>$sortfield, 'sortorder'=>$sortorder); +$parameters = array('arrayfields'=>$arrayfields, 'param'=>empty($param) ? '' : $param, 'sortfield'=>$sortfield, 'sortorder'=>$sortorder); $reshook = $hookmanager->executeHooks('printFieldListOption', $parameters); // Note that $action and $object may have been modified by hook print $hookmanager->resPrint; diff --git a/htdocs/admin/tools/listevents.php b/htdocs/admin/tools/listevents.php index fbc2412a9df..b894920d34e 100644 --- a/htdocs/admin/tools/listevents.php +++ b/htdocs/admin/tools/listevents.php @@ -245,7 +245,7 @@ if ($result) { if ($limit > 0 && $limit != $conf->liste_limit) { $param .= '&limit='.urlencode($limit); } - if ($optioncss != '') { + if (!empty($optioncss)) { $param .= '&optioncss='.urlencode($optioncss); } if ($search_code) { diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index c9a7dd21ccc..1929dcbdb37 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -928,7 +928,7 @@ if (!defined('NOLOGIN')) { $_SESSION["dol_dst_second"] = isset($dol_dst_second) ? $dol_dst_second : ''; $_SESSION["dol_screenwidth"] = isset($dol_screenwidth) ? $dol_screenwidth : ''; $_SESSION["dol_screenheight"] = isset($dol_screenheight) ? $dol_screenheight : ''; - $_SESSION["dol_company"] = $conf->global->MAIN_INFO_SOCIETE_NOM; + $_SESSION["dol_company"] = getDolGlobalString("MAIN_INFO_SOCIETE_NOM"); $_SESSION["dol_entity"] = $conf->entity; // Store value into session (values stored only if defined) if (!empty($dol_hide_topmenu)) { From 078fc892a2b07a871a33c4bd01cc31f07027ca79 Mon Sep 17 00:00:00 2001 From: Gauthier PC portable 024 Date: Tue, 18 May 2021 09:01:55 +0200 Subject: [PATCH 007/149] FIX : cast int --- htdocs/fichinter/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php index 19dd7b59b3b..31fd0ea3152 100644 --- a/htdocs/fichinter/list.php +++ b/htdocs/fichinter/list.php @@ -288,7 +288,7 @@ if (!$user->rights->societe->client->voir && empty($socid)) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND s.rowid = ".$socid; + $sql .= " AND s.rowid = ".((int) $socid); } if ($sall) { $sql .= natural_search(array_keys($fieldstosearchall), $sall); From 90d159fbc3b9755201fde87ee19beb257b462b34 Mon Sep 17 00:00:00 2001 From: Adrien Raze Date: Tue, 18 May 2021 14:58:46 +0200 Subject: [PATCH 008/149] FIX : Missing hook in cibles.php (for mailing) --- htdocs/comm/mailing/cibles.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php index 8bfa82260b9..bf4b2e3d39c 100644 --- a/htdocs/comm/mailing/cibles.php +++ b/htdocs/comm/mailing/cibles.php @@ -66,6 +66,8 @@ $modulesdir = dolGetModulesDirs('/mailings'); $object = new Mailing($db); $result = $object->fetch($id); +// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context +$hookmanager->initHooks(array('ciblescard', 'globalcard')); /* * Actions @@ -471,6 +473,10 @@ if ($object->fetch($id) >= 0) } } // End foreach dir + $parameters = array(); + $reshook = $hookmanager->executeHooks('formObjectOptions', $parameters, $object, $action); // Note that $action and $object may have been modified by hook + print $hookmanager->resPrint; + print ''; print '

'; From e7ac39fe35e84585564d57170c869a62d0525b03 Mon Sep 17 00:00:00 2001 From: Damien BENOIT <48482664+Givriz@users.noreply.github.com> Date: Tue, 18 May 2021 15:23:29 +0200 Subject: [PATCH 009/149] Update modules.php Added $param --- htdocs/admin/system/modules.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/admin/system/modules.php b/htdocs/admin/system/modules.php index 4a77d2452c4..150ca10a359 100644 --- a/htdocs/admin/system/modules.php +++ b/htdocs/admin/system/modules.php @@ -65,6 +65,7 @@ $arrayfields = array( ); $arrayfields = dol_sort_array($arrayfields, 'position'); +$param = ''; /* @@ -277,7 +278,7 @@ if ($arrayfields['module_position']['checked']) { } // Fields from hook -$parameters = array('arrayfields'=>$arrayfields, 'param'=>empty($param) ? '' : $param, 'sortfield'=>$sortfield, 'sortorder'=>$sortorder); +$parameters = array('arrayfields'=>$arrayfields, 'param'=>$param, 'sortfield'=>$sortfield, 'sortorder'=>$sortorder); $reshook = $hookmanager->executeHooks('printFieldListOption', $parameters); // Note that $action and $object may have been modified by hook print $hookmanager->resPrint; From 38a5dfb26343258ae2a4fed72e69377483417783 Mon Sep 17 00:00:00 2001 From: Damien BENOIT <48482664+Givriz@users.noreply.github.com> Date: Tue, 18 May 2021 15:26:55 +0200 Subject: [PATCH 010/149] Update listevents.php Added $optioncss --- htdocs/admin/tools/listevents.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/admin/tools/listevents.php b/htdocs/admin/tools/listevents.php index b894920d34e..31287cbbb8a 100644 --- a/htdocs/admin/tools/listevents.php +++ b/htdocs/admin/tools/listevents.php @@ -68,6 +68,7 @@ $search_user = GETPOST("search_user", "alpha"); $search_desc = GETPOST("search_desc", "alpha"); $search_ua = GETPOST("search_ua", "restricthtml"); $search_prefix_session = GETPOST("search_prefix_session", "restricthtml"); +$optioncss = GETPOST("optioncss", "aZ"); // Option for the css output (always '' except when 'print') $now = dol_now(); $nowarray = dol_getdate($now); @@ -245,7 +246,7 @@ if ($result) { if ($limit > 0 && $limit != $conf->liste_limit) { $param .= '&limit='.urlencode($limit); } - if (!empty($optioncss)) { + if ($optioncss != '') { $param .= '&optioncss='.urlencode($optioncss); } if ($search_code) { From 6cccd77508d2c41c5860bfa9098a1e7bd4b090da Mon Sep 17 00:00:00 2001 From: Florian Mortgat Date: Tue, 18 May 2021 17:57:23 +0200 Subject: [PATCH 011/149] FIX 13.0 - error message says MAIN_DISABLE_ALL_MAILS is set when it isn't + unhandled swiftmailer error (failed recipients due to RFC 2822 non-compliance) --- htdocs/core/actions_massactions.inc.php | 4 +++- htdocs/core/class/CMailFile.class.php | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/htdocs/core/actions_massactions.inc.php b/htdocs/core/actions_massactions.inc.php index 6b6d5854a1d..99f1271ff0b 100644 --- a/htdocs/core/actions_massactions.inc.php +++ b/htdocs/core/actions_massactions.inc.php @@ -559,8 +559,10 @@ if (!$error && $massaction == 'confirm_presend') { $resaction .= $langs->trans('ErrorFailedToSendMail', $from, $sendto); $resaction .= '
'.$mailfile->error.'
'; - } else { + } elseif (!empty($conf->global->MAIN_DISABLE_ALL_MAILS)) { $resaction .= '
No mail sent. Feature is disabled by option MAIN_DISABLE_ALL_MAILS
'; + } else { + $resaction .= $langs->trans('ErrorFailedToSendMail', $from, $sendto) . '
(unhandled error)
'; } } } diff --git a/htdocs/core/class/CMailFile.class.php b/htdocs/core/class/CMailFile.class.php index c942127aab3..67c3387fbc8 100644 --- a/htdocs/core/class/CMailFile.class.php +++ b/htdocs/core/class/CMailFile.class.php @@ -894,7 +894,7 @@ class CMailFile } // send mail try { - $result = $this->mailer->send($this->message); + $result = $this->mailer->send($this->message, $failedRecipients); } catch (Exception $e) { $this->error = $e->getMessage(); } @@ -902,6 +902,9 @@ class CMailFile $res = true; if (!empty($this->error) || !$result) { + if (!empty($failedRecipients)) { + $this->error = 'Transport failed for the following addresses: "' . join('", "', $failedRecipients) . '".'; + } dol_syslog("CMailFile::sendfile: mail end error=".$this->error, LOG_ERR); $res = false; } else { From 57732d4265f36bfb1c80c50c8ad9c39b3819a1f1 Mon Sep 17 00:00:00 2001 From: gmilad <61253440+gmilad@users.noreply.github.com> Date: Tue, 18 May 2021 19:45:15 +0200 Subject: [PATCH 012/149] Fix issue #17608 for branch 10 Fix issue #17608 for branch 10 --- htdocs/admin/translation.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/translation.php b/htdocs/admin/translation.php index 2a9983d95b1..1a3fa4d4122 100644 --- a/htdocs/admin/translation.php +++ b/htdocs/admin/translation.php @@ -200,7 +200,7 @@ if ($action == 'delete') $form = new Form($db); $formadmin = new FormAdmin($db); -$wikihelp='EN:Setup|FR:Paramétrage|ES:Configuración'; +$wikihelp = 'EN:Setup_Translation|FR:Paramétrage_Traduction|ES:Configuración_Traducción'; llxHeader('', $langs->trans("Setup"), $wikihelp); $param='&mode='.$mode; From 4bb18db90516bd71c43685c71131b3a1742af23d Mon Sep 17 00:00:00 2001 From: gmilad <61253440+gmilad@users.noreply.github.com> Date: Tue, 18 May 2021 19:53:35 +0200 Subject: [PATCH 013/149] Fix issue #17608 for branch 11 Fix issue #17608 for branch 11 --- htdocs/admin/translation.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/translation.php b/htdocs/admin/translation.php index c641be11a59..23c2a69c127 100644 --- a/htdocs/admin/translation.php +++ b/htdocs/admin/translation.php @@ -197,7 +197,7 @@ if ($action == 'delete') $form = new Form($db); $formadmin = new FormAdmin($db); -$wikihelp = 'EN:Setup|FR:Paramétrage|ES:Configuración'; +$wikihelp = 'EN:Setup_Translation|FR:Paramétrage_Traduction|ES:Configuración_Traducción'; llxHeader('', $langs->trans("Setup"), $wikihelp); $param = '&mode='.$mode; From 1cf7d0cee79e344ef26ab07dc2c9c1b92c3ac0c1 Mon Sep 17 00:00:00 2001 From: Givriz Date: Tue, 18 May 2021 20:13:26 +0200 Subject: [PATCH 014/149] Compatibility phpv8 --- htdocs/core/class/commonobject.class.php | 2 +- htdocs/core/tpl/extrafields_add.tpl.php | 2 +- .../tpl/extrafields_list_print_fields.tpl.php | 2 +- htdocs/societe/card.php | 10 +++++----- htdocs/user/card.php | 4 ++-- htdocs/user/list.php | 17 ++++++++++------- 6 files changed, 20 insertions(+), 17 deletions(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 4b55b52dba0..3f4b2dd9ee6 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -7312,7 +7312,7 @@ abstract class CommonObject $parameters = array(); $reshook = $hookmanager->executeHooks('showOptionals', $parameters, $this, $action); // Note that $action and $object may have been modified by hook if (empty($reshook)) { - if (is_array($extrafields->attributes[$this->table_element]['label']) && count($extrafields->attributes[$this->table_element]['label']) > 0) { + if (key_exists('label', $extrafields->attributes[$this->table_element]) && is_array($extrafields->attributes[$this->table_element]['label']) && count($extrafields->attributes[$this->table_element]['label']) > 0) { $out .= "\n"; $out .= ' '; $out .= "\n"; diff --git a/htdocs/core/tpl/extrafields_add.tpl.php b/htdocs/core/tpl/extrafields_add.tpl.php index f194a177178..2f44bbe9c48 100644 --- a/htdocs/core/tpl/extrafields_add.tpl.php +++ b/htdocs/core/tpl/extrafields_add.tpl.php @@ -47,7 +47,7 @@ if (empty($reshook)) { if (isset($tpl_context)) { $params['tpl_context'] = $tpl_context; } - $params['cols'] = $parameters['colspanvalue']; + $params['cols'] = key_exists('colspanvalue', $parameters) ? $parameters['colspanvalue'] : ''; print $object->showOptionals($extrafields, 'create', $params); } diff --git a/htdocs/core/tpl/extrafields_list_print_fields.tpl.php b/htdocs/core/tpl/extrafields_list_print_fields.tpl.php index 4c56b0223cd..021ff42a9d3 100644 --- a/htdocs/core/tpl/extrafields_list_print_fields.tpl.php +++ b/htdocs/core/tpl/extrafields_list_print_fields.tpl.php @@ -12,7 +12,7 @@ if (empty($extrafieldsobjectkey) && is_object($object)) { // Loop to show all columns of extrafields from $obj, $extrafields and $db if (!empty($extrafieldsobjectkey)) { // $extrafieldsobject is the $object->table_element like 'societe', 'socpeople', ... - if (is_array($extrafields->attributes[$extrafieldsobjectkey]['label']) && count($extrafields->attributes[$extrafieldsobjectkey]['label'])) { + if (key_exists('label', $extrafields->attributes[$extrafieldsobjectkey]) && is_array($extrafields->attributes[$extrafieldsobjectkey]['label']) && count($extrafields->attributes[$extrafieldsobjectkey]['label'])) { if (empty($extrafieldsobjectprefix)) { $extrafieldsobjectprefix = 'ef.'; } diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index 4973a328023..3d03a97a59f 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -48,13 +48,13 @@ require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; if (!empty($conf->adherent->enabled)) { require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; } -if (! empty($conf->accounting->enabled)) { +if (!empty($conf->accounting->enabled)) { require_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php'; } -if (! empty($conf->accounting->enabled)) { +if (!empty($conf->accounting->enabled)) { require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php'; } -if (! empty($conf->accounting->enabled)) { +if (!empty($conf->accounting->enabled)) { require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingaccount.class.php'; } @@ -610,7 +610,7 @@ if (empty($reshook)) { } // Logo/Photo save - $dir = $conf->societe->multidir_output[$conf->entity]."/".$object->id."/logos/"; + $dir = $conf->societe->multidir_output[$conf->entity]."/".$object->id."/logos/"; $file_OK = is_uploaded_file($_FILES['photo']['tmp_name']); if ($file_OK) { if (image_format_supported($_FILES['photo']['name'])) { @@ -892,7 +892,7 @@ $form = new Form($db); $formfile = new FormFile($db); $formadmin = new FormAdmin($db); $formcompany = new FormCompany($db); -if (! empty($conf->accounting->enabled)) { +if (!empty($conf->accounting->enabled)) { $formaccounting = new FormAccounting($db); } diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 332c98f56da..595dd8154d6 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -1110,7 +1110,7 @@ if ($action == 'create' || $action == 'adduserldap') { } // Accountancy code - if ($conf->accounting->enabled) { + if (!empty($conf->accounting->enabled)) { print ''.$langs->trans("AccountancyCode").''; print ''; print ''; @@ -1163,7 +1163,7 @@ if ($action == 'create' || $action == 'adduserldap') { print $langs->trans("Note"); print ''; require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; - $doleditor = new DolEditor('note', GETPOSTISSET('note') ? GETPOST('note', 'restricthtml') : '', '', 120, 'dolibarr_notes', '', false, true, $conf->global->FCKEDITOR_ENABLE_SOCIETE, ROWS_3, '90%'); + $doleditor = new DolEditor('note', GETPOSTISSET('note') ? GETPOST('note', 'restricthtml') : '', '', 120, 'dolibarr_notes', '', false, true, getDolGlobalString('FCKEDITOR_ENABLE_SOCIETE'), ROWS_3, '90%'); $doleditor->Create(); print "\n"; diff --git a/htdocs/user/list.php b/htdocs/user/list.php index a697fdf96c0..596670e6ce2 100644 --- a/htdocs/user/list.php +++ b/htdocs/user/list.php @@ -68,7 +68,7 @@ $pagenext = $page + 1; // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $object = new User($db); $extrafields = new ExtraFields($db); -$diroutputmassaction = $conf->mymodule->dir_output.'/temp/massgeneration/'.$user->id; +$diroutputmassaction = empty($conf->mymodule->dir_output) ? '' : $conf->mymodule->dir_output.'/temp/massgeneration/'.$user->id; $hookmanager->initHooks(array('userlist')); // Fetch optionals attributes and labels @@ -124,9 +124,9 @@ $arrayfields = array( 'u.office_phone'=>array('label'=>"PhonePro", 'checked'=>1, 'position'=>31), 'u.user_mobile'=>array('label'=>"PhoneMobile", 'checked'=>1, 'position'=>32), 'u.email'=>array('label'=>"EMail", 'checked'=>1, 'position'=>35), - 'u.api_key'=>array('label'=>"ApiKey", 'checked'=>0, 'position'=>40, "enabled"=>($conf->api->enabled && $user->admin)), + 'u.api_key'=>array('label'=>"ApiKey", 'checked'=>0, 'position'=>40, "enabled"=>(!empty($conf->api->enabled) && $user->admin)), 'u.fk_soc'=>array('label'=>"Company", 'checked'=>($contextpage == 'employeelist' ? 0 : 1), 'position'=>45), - 'u.salary'=>array('label'=>"Salary", 'checked'=>1, 'position'=>80, 'enabled'=>($conf->salaries->enabled && !empty($user->rights->salaries->readall))), + 'u.salary'=>array('label'=>"Salary", 'checked'=>1, 'position'=>80, 'enabled'=>(!empty($conf->salaries->enabled) && !empty($user->rights->salaries->readall))), 'u.datelastlogin'=>array('label'=>"LastConnexion", 'checked'=>1, 'position'=>100), 'u.datepreviouslogin'=>array('label'=>"PreviousConnexion", 'checked'=>0, 'position'=>110), 'u.datec'=>array('label'=>"DateCreation", 'checked'=>0, 'position'=>500), @@ -345,7 +345,7 @@ $reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters); // N $sql .= preg_replace('/^,/', '', $hookmanager->resPrint); $sql = preg_replace('/,\s*$/', '', $sql); $sql .= " FROM ".MAIN_DB_PREFIX."user as u"; -if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) { +if (key_exists('label', $extrafields->attributes[$object->table_element]) && is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$object->table_element."_extrafields as ef on (u.rowid = ef.fk_object)"; } $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON u.fk_soc = s.rowid"; @@ -577,7 +577,7 @@ if (!empty($socid)) { $newcardbutton = dolGetButtonTitle($langs->trans('NewUser'), '', 'fa fa-plus-circle', $url, '', $permissiontoadd); $moreparam = array('morecss'=>'btnTitleSelected'); -$morehtmlright .= dolGetButtonTitle($langs->trans("List"), '', 'fa fa-list paddingleft imgforviewmode', DOL_URL_ROOT.'/user/list.php'.(($search_statut != '' && $search_statut >= 0) ? '?search_statut='.$search_statut : ''), '', 1, $moreparam); +$morehtmlright = dolGetButtonTitle($langs->trans("List"), '', 'fa fa-list paddingleft imgforviewmode', DOL_URL_ROOT.'/user/list.php'.(($search_statut != '' && $search_statut >= 0) ? '?search_statut='.$search_statut : ''), '', 1, $moreparam); $moreparam = array('morecss'=>'marginleftonly'); $morehtmlright .= dolGetButtonTitle($langs->trans("HierarchicView"), '', 'fa fa-stream paddingleft imgforviewmode', DOL_URL_ROOT.'/user/hierarchy.php'.(($search_statut != '' && $search_statut >= 0) ? '?search_statut='.$search_statut : ''), '', 1, $moreparam); @@ -808,7 +808,7 @@ print ''."\n"; // Detect if we need a fetch on each output line $needToFetchEachLine = 0; -if (is_array($extrafields->attributes[$object->table_element]['computed']) && count($extrafields->attributes[$object->table_element]['computed']) > 0) { +if (key_exists('computed', $extrafields->attributes[$object->table_element]) && is_array($extrafields->attributes[$object->table_element]['computed']) && count($extrafields->attributes[$object->table_element]['computed']) > 0) { foreach ($extrafields->attributes[$object->table_element]['computed'] as $key => $val) { if (preg_match('/\$object/', $val)) { $needToFetchEachLine++; // There is at least one compute field that use $object @@ -821,6 +821,7 @@ if (is_array($extrafields->attributes[$object->table_element]['computed']) && co // -------------------------------------------------------------------- $i = 0; $totalarray = array(); +$totalarray['nbfield'] = 0; $arrayofselected = is_array($toselect) ? $toselect : array(); while ($i < ($limit ? min($num, $limit) : $num)) { $obj = $db->fetch_object($resql); @@ -833,7 +834,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) { $userstatic->id = $obj->rowid; $userstatic->admin = $obj->admin; - $userstatic->ref = $obj->label; + $userstatic->ref = empty($obj->label) ? '' : $obj->label; $userstatic->login = $obj->login; $userstatic->statut = $obj->statut; $userstatic->office_phone = $obj->office_phone; @@ -928,6 +929,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) { $totalarray['nbfield']++; } } + if (empty($obj->country_code)) $obj->country_code = ''; if (!empty($arrayfields['u.office_phone']['checked'])) { print "".dol_print_phone($obj->office_phone, $obj->country_code, 0, $obj->rowid, 'AC_TEL', ' ', 'phone')."\n"; if (!$i) { @@ -940,6 +942,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) { $totalarray['nbfield']++; } } + if (empty($obj->socid)) $obj->socid = 0; if (!empty($arrayfields['u.email']['checked'])) { print ''.dol_print_email($obj->email, $obj->rowid, $obj->socid, 'AC_EMAIL', 0, 0, 1)."\n"; if (!$i) { From dffb244776029295a1b947c4824fc71edb970b2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Tue, 18 May 2021 21:04:43 +0200 Subject: [PATCH 015/149] Update AutoLoader.php --- .../includes/restler/framework/Luracast/Restler/AutoLoader.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/includes/restler/framework/Luracast/Restler/AutoLoader.php b/htdocs/includes/restler/framework/Luracast/Restler/AutoLoader.php index 5ed160a070a..b11506ea86c 100644 --- a/htdocs/includes/restler/framework/Luracast/Restler/AutoLoader.php +++ b/htdocs/includes/restler/framework/Luracast/Restler/AutoLoader.php @@ -263,7 +263,7 @@ class AutoLoader * @return bool false unless className now exists */ private function loadLastResort($className, $loader = null) { - $loaders = array_unique(static::$rogueLoaders); + $loaders = array_unique(static::$rogueLoaders, SORT_REGULAR); if (isset($loader)) { if (false === array_search($loader, $loaders)) static::$rogueLoaders[] = $loader; From f86e10b453c06e023db5581ec749c013902ea392 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Wed, 19 May 2021 06:37:02 +0200 Subject: [PATCH 016/149] FIX wrong variable fk_code_ventilation register for addline --- htdocs/fourn/class/fournisseur.facture.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index f1f5c8fb969..62a734174b3 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -1830,7 +1830,7 @@ class FactureFournisseur extends CommonInvoice $this->line->remise_percent = $remise_percent; $this->line->date_start = $date_start; $this->line->date_end = $date_end; - $this->line->ventil = $ventil; + $this->line->fk_code_ventilation = $ventil; $this->line->rang = $rang; $this->line->info_bits = $info_bits; From 5fd02992c0b636cbc55e2daee9f67a8a846f516e Mon Sep 17 00:00:00 2001 From: ATM john Date: Wed, 19 May 2021 10:26:04 +0200 Subject: [PATCH 017/149] Remove forgotten echo --- htdocs/product/price.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/price.php b/htdocs/product/price.php index b783ad5c002..7a758137133 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -1477,7 +1477,7 @@ if ((empty($conf->global->PRODUIT_CUSTOMER_PRICES) || $action == 'showlog_defaul } print ''.$langs->trans("PriceBase").''; - print $conf->global->PRODUIT_MULTIPRICES_USE_VAT_PER_LEVEL; + if (empty($conf->global->PRODUIT_MULTIPRICES) && empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) print ''.$langs->trans("DefaultTaxRate").''; print ''.$langs->trans("HT").''; print ''.$langs->trans("TTC").''; From 78cf2b59c80142b2df015861fd4b1542fb622ea4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 19 May 2021 11:47:58 +0200 Subject: [PATCH 018/149] Debug feature copy-paste on smarpthone --- htdocs/core/js/lib_foot.js.php | 8 ++++---- htdocs/core/lib/functions.lib.php | 9 ++++++++- htdocs/theme/eldy/btn.inc.php | 7 ++++++- htdocs/theme/eldy/global.inc.php | 4 ++++ htdocs/theme/md/style.css.php | 4 ++++ 5 files changed, 26 insertions(+), 6 deletions(-) diff --git a/htdocs/core/js/lib_foot.js.php b/htdocs/core/js/lib_foot.js.php index c0a8844b572..20debf50f12 100644 --- a/htdocs/core/js/lib_foot.js.php +++ b/htdocs/core/js/lib_foot.js.php @@ -214,17 +214,17 @@ print ' print "\n/* JS CODE TO ENABLE ClipBoard copy paste*/\n"; print 'jQuery(\'.clipboardCPShowOnHover\').hover( function() { - console.log("We hover a value with a copy paste feature"); + console.log("We hover a value with a copy paste feature"); $(this).children(".clipboardCPButton, .clipboardCPText").show(); }, function() { - console.log("We hover out the value with a copy paste feature"); + console.log("We hover out the value with a copy paste feature"); $(this).children(".clipboardCPButton, .clipboardCPText").hide(); } );'; -print 'jQuery(\'.clipboardCPButton\').click(function() { +print 'jQuery(\'.clipboardCPButton, .clipboardCPValueToPrint\').click(function() { /* console.log(this.parentNode); */ - console.log("We click on a clipboardCPButton tag"); + console.log("We click on a clipboardCPButton or clipboardCPValueToPrint class"); if (window.getSelection) { selection = window.getSelection(); diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 8d171a048b0..abf9c587b68 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -10236,7 +10236,8 @@ function readfileLowMemory($fullpath_original_file_osencoded, $method = -1) } /** - * Create a button to copy $valuetocopy in the clipboard + * Create a button to copy $valuetocopy in the clipboard. + * Code that handle the click is inside lib_foot.jsp.php * * @param string $valuetocopy The value to print * @param int $showonlyonhover Show the copy-paste button only on hover @@ -10245,6 +10246,12 @@ function readfileLowMemory($fullpath_original_file_osencoded, $method = -1) */ function showValueWithClipboardCPButton($valuetocopy, $showonlyonhover = 1, $texttoshow = '') { + global $conf; + + /*if (!empty($conf->dol_no_mouse_hover)) { + $showonlyonhover = 0; + }*/ + if ($texttoshow) { $result = ''.$valuetocopy.''.$texttoshow.''; } else { diff --git a/htdocs/theme/eldy/btn.inc.php b/htdocs/theme/eldy/btn.inc.php index d874266f81d..a05a8dc7952 100644 --- a/htdocs/theme/eldy/btn.inc.php +++ b/htdocs/theme/eldy/btn.inc.php @@ -51,7 +51,12 @@ if (!empty($conf->global->THEME_DARKMODEENABLED)) { }*/ div.tabsAction > a.butAction, div.tabsAction > a.butActionRefused, div.tabsAction > a.butActionDelete, div.tabsAction > span.butAction, div.tabsAction > span.butActionRefused, div.tabsAction > span.butActionDelete, -div.tabsAction > div.divButAction > span.butAction { +div.tabsAction > div.divButAction > span.butAction, +div.tabsAction > div.divButAction > span.butActionDelete, +div.tabsAction > div.divButAction > span.butActionRefused, +div.tabsAction > div.divButAction > a.butAction, +div.tabsAction > div.divButAction > a.butActionDelete, +div.tabsAction > div.divButAction > a.butActionRefused { margin-bottom: 1.4em !important; margin-right: 0px !important; } diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index e451a2af30b..8a1cc74de8c 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -6770,10 +6770,14 @@ div.phpdebugbar-widgets-templates a.phpdebugbar-widgets-editor-link:before /* For copy-paste feature */ /* ============================================================================== */ +span.clipboardCPValueToPrint { + display: inline-block; +} span.clipboardCPValue.hidewithsize { width: 0 !important; display: inline-block; color: transparent; + white-space: nowrap; } .clipboardCPShowOnHover .clipboardCPButton { diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index 1ebe047ead7..1ade055a9ef 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -6634,10 +6634,14 @@ div.phpdebugbar-widgets-templates a.phpdebugbar-widgets-editor-link:before /* For copy-paste feature */ /* ============================================================================== */ +span.clipboardCPValueToPrint { + display: inline-block; +} span.clipboardCPValue.hidewithsize { width: 0 !important; display: inline-block; color: transparent; + white-space: nowrap; } .clipboardCPShowOnHover .clipboardCPButton { From 9219dcfecb048e9778cf4815297f792af5fed601 Mon Sep 17 00:00:00 2001 From: ATM john Date: Wed, 19 May 2021 11:52:34 +0200 Subject: [PATCH 019/149] Fix price log spam --- htdocs/product/class/product.class.php | 40 +++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 188bcbfd355..124990d09e1 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -1534,6 +1534,38 @@ class Product extends CommonObject } } + // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps + /** + * check if price have really change to avoid log pollution + * + * @param int $level price level to change + * @return int <0 if KO, >0 if OK + */ + private function getArrayForPriceCompare($level = 0) + { + // phpcs:enable + + $testExit = array('multiprices','multiprices_ttc','multiprices_base_type','multiprices_min','multiprices_min_ttc','multiprices_tva_tx','multiprices_recuperableonly'); + + foreach ($testExit as $field){ + if (!isset($this->$field[$level])) { + return array(); + } + } + + $lastPrice = array( + 'level' => $level ? $level : 1, + 'multiprices' => doubleval($this->multiprices[$level]), + 'multiprices_ttc' => doubleval($this->multiprices_ttc[$level]), + 'multiprices_base_type' => $this->multiprices_base_type[$level], + 'multiprices_min' => doubleval($this->multiprices_min[$level]), + 'multiprices_min_ttc' => doubleval($this->multiprices_min_ttc[$level]), + 'multiprices_tva_tx' => doubleval($this->multiprices_tva_tx[$level]), + 'multiprices_recuperableonly' => doubleval($this->multiprices_recuperableonly[$level]), + ); + + return $lastPrice; + } // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps @@ -1862,6 +1894,8 @@ class Product extends CommonObject { global $conf, $langs; + $lastPriceData = $this->getArrayForPriceCompare($level); // temporary store current price before update + $id = $this->id; dol_syslog(get_class($this)."::update_price id=".$id." newprice=".$newprice." newpricebase=".$newpricebase." newminprice=".$newminprice." level=".$level." npr=".$newnpr." newdefaultvatcode=".$newdefaultvatcode); @@ -1994,7 +2028,11 @@ class Product extends CommonObject // Price by quantity $this->price_by_qty = $newpbq; - $this->_log_price($user, $level); // Save price for level into table product_price + // check if price have really change before log + $newPriceData = $this->getArrayForPriceCompare($level); + if (!empty(array_diff_assoc($newPriceData, $lastPriceData)) || empty($conf->global->PRODUIT_MULTIPRICES)) { + $this->_log_price($user, $level); // Save price for level into table product_price + } $this->level = $level; // Store level of price edited for trigger From 7b4ed859eb9f5c89466662c61b104fbc28f15090 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 19 May 2021 11:57:12 +0200 Subject: [PATCH 020/149] css --- htdocs/theme/eldy/global.inc.php | 4 ++-- htdocs/theme/md/style.css.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index 8a1cc74de8c..988ac6b3ae3 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -902,8 +902,8 @@ span.fa.fa-plus-circle.paddingleft { height: 28px; vertical-align: middle; } -.divsocialnetwork:not(:first-child) { - padding-left: 20px; +.divsocialnetwork:not(:last-child) { + padding-: 20px; } div.divsearchfield { float: ; diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index 1ade055a9ef..e292b3850d1 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -1002,8 +1002,8 @@ body[class*="colorblind-"] .text-success{ height: 28px; vertical-align: middle; } -.divsocialnetwork:not(:first-child) { - padding-left: 20px; +.divsocialnetwork:not(:last-child) { + padding-: 20px; } div.divsearchfield { float: ; From 1512abf96ab4412717c53f4877df56279a9b6921 Mon Sep 17 00:00:00 2001 From: ATM john Date: Wed, 19 May 2021 12:00:27 +0200 Subject: [PATCH 021/149] Remove hpcs:disable --- htdocs/product/class/product.class.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 124990d09e1..87fb839b5c9 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -1534,7 +1534,6 @@ class Product extends CommonObject } } - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** * check if price have really change to avoid log pollution * @@ -1543,7 +1542,6 @@ class Product extends CommonObject */ private function getArrayForPriceCompare($level = 0) { - // phpcs:enable $testExit = array('multiprices','multiprices_ttc','multiprices_base_type','multiprices_min','multiprices_min_ttc','multiprices_tva_tx','multiprices_recuperableonly'); From 3bf71d456ddc80564e29631ba714fe8d6368e096 Mon Sep 17 00:00:00 2001 From: ATM john Date: Wed, 19 May 2021 12:01:47 +0200 Subject: [PATCH 022/149] fix doc --- htdocs/product/class/product.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 87fb839b5c9..685180e4659 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -1535,10 +1535,10 @@ class Product extends CommonObject } /** - * check if price have really change to avoid log pollution + * used to check if price have really change to avoid log pollution * * @param int $level price level to change - * @return int <0 if KO, >0 if OK + * @return array */ private function getArrayForPriceCompare($level = 0) { From 90835eaab4a740fac3ad46207e54fec7dcdbae43 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 19 May 2021 12:08:17 +0200 Subject: [PATCH 023/149] css --- htdocs/theme/eldy/btn.inc.php | 17 +++++++++++++++++ htdocs/theme/md/btn.inc.php | 17 +++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/htdocs/theme/eldy/btn.inc.php b/htdocs/theme/eldy/btn.inc.php index a05a8dc7952..7122c252cbe 100644 --- a/htdocs/theme/eldy/btn.inc.php +++ b/htdocs/theme/eldy/btn.inc.php @@ -308,6 +308,23 @@ div.pagination li:first-child a.btnTitle{ } } +/* rule to reduce top menu - 3rd reduction: The menu for user is on left */ +@media only screen and (max-width: global->THEME_ELDY_WITDHOFFSET_FOR_REDUC3) ? round($nbtopmenuentries * 47, 0) + 130 : $conf->global->THEME_ELDY_WITDHOFFSET_FOR_REDUC3; ?>px) /* reduction 3 */ +{ + .butAction, .butActionRefused, .butActionDelete { + font-size: 0.9em; + } +} + +/* smartphone */ +@media only screen and (max-width: 767px) +{ + .butAction, .butActionRefused, .butActionDelete { + font-size: 0.85em; + } +} + + global->MAIN_BUTTON_HIDE_UNAUTHORIZED) && (!$user->admin)) { ?> .butActionRefused, .butActionNewRefused, .btnTitle.refused { display: none !important; diff --git a/htdocs/theme/md/btn.inc.php b/htdocs/theme/md/btn.inc.php index c0d6e2c9cd7..2517415a96f 100644 --- a/htdocs/theme/md/btn.inc.php +++ b/htdocs/theme/md/btn.inc.php @@ -379,6 +379,23 @@ div.pagination .btnTitle:hover .btnTitle-label{ } } +/* rule to reduce top menu - 3rd reduction: The menu for user is on left */ +@media only screen and (max-width: global->THEME_ELDY_WITDHOFFSET_FOR_REDUC3) ? round($nbtopmenuentries * 47, 0) + 130 : $conf->global->THEME_ELDY_WITDHOFFSET_FOR_REDUC3; ?>px) /* reduction 3 */ +{ + .butAction, .butActionRefused, .butActionDelete { + font-size: 0.9em; + } +} + +/* smartphone */ +@media only screen and (max-width: 767px) +{ + .butAction, .butActionRefused, .butActionDelete { + font-size: 0.85em; + } +} + + global->MAIN_BUTTON_HIDE_UNAUTHORIZED) && (!$user->admin)) { ?> .butActionRefused, .butActionNewRefused, .btnTitle.refused { display: none !important; From 75f7ab41f036e123eb1f961d8e8be3f041b68df2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 19 May 2021 12:13:21 +0200 Subject: [PATCH 024/149] css --- htdocs/core/class/html.formfile.class.php | 2 +- htdocs/user/card.php | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index 7cf9978d32b..45429512046 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -851,7 +851,7 @@ class FormFile // Show file size $size = (!empty($file['size']) ? $file['size'] : dol_filesize($filedir."/".$file["name"])); - $out .= ''.dol_print_size($size, 1, 1).''; + $out .= ''.dol_print_size($size, 1, 1).''; // Show file date $date = (!empty($file['date']) ? $file['date'] : dol_filemtime($filedir."/".$file["name"])); diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 332c98f56da..cd891126ba6 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -2718,9 +2718,8 @@ if ($action == 'create' || $action == 'adduserldap') { if ($action != 'edit' && $action != 'presend') { print '
'; - /* - * Generated documents - */ + + // Generated documents $filename = dol_sanitizeFileName($object->ref); $filedir = $conf->user->dir_output."/".dol_sanitizeFileName($object->ref); $urlsource = $_SERVER["PHP_SELF"]."?id=".$object->id; @@ -2741,7 +2740,6 @@ if ($action == 'create' || $action == 'adduserldap') { $formactions = new FormActions($db); $somethingshown = $formactions->showactions($object, 'user', $socid, 1); - print '
'; } From 059c2862624efde96cc36b8aca7d26250fcbb332 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 19 May 2021 12:19:18 +0200 Subject: [PATCH 025/149] css --- htdocs/user/perms.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index e80cb6c8462..1d521c62b34 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -425,9 +425,9 @@ if ($result) { print ' '; } - // Label of permission + // Descrption of permission $permlabel = (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && ($langs->trans("PermissionAdvanced".$obj->id) != ("PermissionAdvanced".$obj->id)) ? $langs->trans("PermissionAdvanced".$obj->id) : (($langs->trans("Permission".$obj->id) != ("Permission".$obj->id)) ? $langs->trans("Permission".$obj->id) : $langs->trans($obj->label))); - print ''; + print ''; print $permlabel; if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { if (preg_match('/_advance$/', $obj->perms)) { From e472d2d5d17dd9d768e1fd8b5128a12ca515754e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 19 May 2021 12:44:26 +0200 Subject: [PATCH 026/149] Fix bad permission position for external modules --- htdocs/admin/modules.php | 3 ++- htdocs/user/perms.php | 25 ++++++++++++++++++------- 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index 142d5accb0f..1a6d99261bd 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -386,7 +386,8 @@ foreach ($modulesdir as $dir) { } $moduleposition = ($objMod->module_position ? $objMod->module_position : '50'); - if ($moduleposition == '50' && ($objMod->isCoreOrExternalModule() == 'external')) { + if ($objMod->isCoreOrExternalModule() == 'external' && $moduleposition < 100000) { + // an external module should never return a value lower than '80'. $moduleposition = '80'; // External modules at end by default } diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index 1d521c62b34..cb0a093867d 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -311,21 +311,33 @@ if ($result) { while ($i < $num) { $obj = $db->fetch_object($result); - // If line is for a module that doe snot existe anymore (absent of includes/module), we ignore it + // If line is for a module that does not exist anymore (absent of includes/module), we ignore it if (empty($modules[$obj->module])) { $i++; continue; } - // Save field module_position in database if value is still zero - if (empty($obj->module_position)) { + $objMod = $modules[$obj->module]; + + // Save field module_position in database if value is wrong + if (empty($obj->module_position) || (is_object($objMod) && $objMod->isCoreOrExternalModule() == 'external' && $obj->module_position < 100000)) { if (is_object($modules[$obj->module]) && ($modules[$obj->module]->module_position > 0)) { // TODO Define familyposition - $family = $modules[$obj->module]->family_position; + //$familyposition = $modules[$obj->module]->family_position; $familyposition = 0; - $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX."rights_def SET module_position = ".((int) $modules[$obj->module]->module_position).","; + + $newmoduleposition = $modules[$obj->module]->module_position; + + // Correct $newmoduleposition position for external modules + $objMod = $modules[$obj->module]; + if (is_object($objMod) && $objMod->isCoreOrExternalModule() == 'external' && $newmoduleposition < 100000) { + $newmoduleposition += 100000; + } + + $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX."rights_def SET module_position = ".((int) $newmoduleposition).","; $sqlupdate .= " family_position = ".((int) $familyposition); - $sqlupdate .= " WHERE module_position = 0 AND module = '".$db->escape($obj->module)."'"; + $sqlupdate .= " WHERE module_position = ".((int) $obj->module_position)." AND module = '".$db->escape($obj->module)."'"; + $db->query($sqlupdate); } } @@ -334,7 +346,6 @@ if ($result) { $oldmod = $obj->module; // Break detected, we get objMod - $objMod = $modules[$obj->module]; $picto = ($objMod->picto ? $objMod->picto : 'generic'); // Show break line From 58ffee193f8c1ac7c54ec470191bfe7b980878c1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 19 May 2021 13:07:25 +0200 Subject: [PATCH 027/149] Debug v14 --- htdocs/admin/tools/listevents.php | 2 +- htdocs/core/lib/usergroups.lib.php | 2 +- htdocs/langs/en_US/other.lang | 2 +- htdocs/user/param_ihm.php | 36 ++++++++++++------------------ 4 files changed, 17 insertions(+), 25 deletions(-) diff --git a/htdocs/admin/tools/listevents.php b/htdocs/admin/tools/listevents.php index fbc2412a9df..b76836a8dde 100644 --- a/htdocs/admin/tools/listevents.php +++ b/htdocs/admin/tools/listevents.php @@ -372,7 +372,7 @@ if ($result) { print_liste_field_titre("UserAgent", $_SERVER["PHP_SELF"], "e.user_agent", "", $param, '', $sortfield, $sortorder); } if (!empty($arrayfields['e.prefix_session']['checked'])) { - print_liste_field_titre("PrefixSession", $_SERVER["PHP_SELF"], "e.prefix_session", "", $param, '', $sortfield, $sortorder); + print_liste_field_titre("SuffixSessionName", $_SERVER["PHP_SELF"], "e.prefix_session", "", $param, '', $sortfield, $sortorder); } print_liste_field_titre(''); print "\n"; diff --git a/htdocs/core/lib/usergroups.lib.php b/htdocs/core/lib/usergroups.lib.php index 700c9c5ed86..6d01fcfee0a 100644 --- a/htdocs/core/lib/usergroups.lib.php +++ b/htdocs/core/lib/usergroups.lib.php @@ -339,7 +339,7 @@ function showSkins($fuser, $edit = 0, $foruserprofile = false) $thumbsbyrow = 6; print '
'; - print ''; + print '
'; // Title if ($foruserprofile) { diff --git a/htdocs/langs/en_US/other.lang b/htdocs/langs/en_US/other.lang index 95297a98859..6fc8b351b77 100644 --- a/htdocs/langs/en_US/other.lang +++ b/htdocs/langs/en_US/other.lang @@ -263,7 +263,7 @@ ContactCreatedByEmailCollector=Contact/address created by email collector from e ProjectCreatedByEmailCollector=Project created by email collector from email MSGID %s TicketCreatedByEmailCollector=Ticket created by email collector from email MSGID %s OpeningHoursFormatDesc=Use a - to separate opening and closing hours.
Use a space to enter different ranges.
Example: 8-12 14-18 -PrefixSession=Prefix for session ID +SuffixSessionName=Suffix for session name ##### Export ##### ExportsArea=Exports area diff --git a/htdocs/user/param_ihm.php b/htdocs/user/param_ihm.php index 2856f787b52..b492e31177f 100644 --- a/htdocs/user/param_ihm.php +++ b/htdocs/user/param_ihm.php @@ -231,19 +231,9 @@ if ($action == 'edit') { dol_banner_tab($object, 'id', $linkback, $user->rights->user->user->lire || $user->admin); - if (!empty($conf->use_javascript_ajax)) {/* - print '';*/ - } + print dol_get_fiche_end(); + + if (!empty($conf->use_javascript_ajax)) { print ''; $out .= $this->select_dolusers('', $htmlname, $show_empty, $exclude, $disabled, $include, $enableonly, $force_entity, $maxlength, $showstatus, $morefilter); - $out .= ' '; + $out .= ' '; $out .= '
'; } diff --git a/htdocs/core/lib/ajax.lib.php b/htdocs/core/lib/ajax.lib.php index 8874b96eda5..bd69b812200 100644 --- a/htdocs/core/lib/ajax.lib.php +++ b/htdocs/core/lib/ajax.lib.php @@ -454,7 +454,7 @@ function ajax_combobox($htmlname, $events = array(), $minLengthToAutocomplete = templateResult: function (data, container) { /* Format visible output into combo list */ /* Code to add class of origin OPTION propagated to the new select2
  • tag */ if (data.element) { $(container).addClass($(data.element).attr("class")); } - console.log($(data.element).attr("data-html")); + //console.log($(data.element).attr("data-html")); if (data.id == -1 && $(data.element).attr("data-html") == undefined) { return \' \'; } diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 98fb4132bb8..c92f847a1e9 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -1181,7 +1181,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if ($type != 1 && !empty($conf->stock->enabled)) { // Default warehouse print '
    • '; if ($num) { + $i = 0; // Lines with values while ($i < $num) { $obj = $db->fetch_object($resql); //print_r($obj); + print ''; if ($action == 'edit' && ($rowid == (!empty($obj->rowid) ? $obj->rowid : $obj->code))) { print ''; @@ -708,6 +710,7 @@ if ($id) { print "\n"; } + $i++; } } From b9de8561a9732773a4ea27f7fec888683db02ee8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 25 May 2021 15:59:36 +0200 Subject: [PATCH 103/149] Fix regression --- htdocs/core/lib/functions.lib.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index eab810692c6..45d1bdca12e 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -6877,6 +6877,8 @@ function getCommonSubstitutionArray($outputlangs, $onlykey = 0, $exclude = null, $substitutionarray['__DATE_DELIVERY_SS__'] = (isset($object->date_livraison) ? dol_print_date($object->date_livraison, "%S") : ''); // For backward compatibility + $substitutionarray['__REFCLIENT__'] = (isset($object->ref_client) ? $object->ref_client : (isset($object->ref_customer) ? $object->ref_customer : null)); + $substitutionarray['__REFSUPPLIER__'] = (isset($object->ref_supplier) ? $object->ref_supplier : null); $substitutionarray['__SUPPLIER_ORDER_DATE_DELIVERY__'] = (isset($object->date_livraison) ? dol_print_date($object->date_livraison, 'day', 0, $outputlangs) : ''); $substitutionarray['__SUPPLIER_ORDER_DELAY_DELIVERY__'] = (isset($object->availability_code) ? ($outputlangs->transnoentities("AvailabilityType".$object->availability_code) != ('AvailabilityType'.$object->availability_code) ? $outputlangs->transnoentities("AvailabilityType".$object->availability_code) : $outputlangs->convToOutputCharset(isset($object->availability) ? $object->availability : '')) : ''); From 263f1c8101df8279bb50e7e4be03150edd169143 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Tue, 25 May 2021 17:26:56 +0200 Subject: [PATCH 104/149] Fix #11882 : fix of module opensurvey for datesurvey --- htdocs/opensurvey/results.php | 35 ++++++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/htdocs/opensurvey/results.php b/htdocs/opensurvey/results.php index 6d12259a39f..1c7a98739d7 100644 --- a/htdocs/opensurvey/results.php +++ b/htdocs/opensurvey/results.php @@ -251,7 +251,40 @@ if (GETPOSTISSET("ajoutercolonne") && $object->format == "D") { header('Location: results.php?id='.$object->id_sondage); } } - + if ($cleinsertion >= 0) { + $sql = 'SELECT s.reponses'; + $sql .= " FROM ".MAIN_DB_PREFIX."opensurvey_user_studs as s"; + $sql .= " WHERE id_sondage = '".$db->escape($numsondage)."'"; + $resql = $db->query($sql); + if (!$resql) { + dol_print_error($db); + } else { + $num = $db->num_rows($resql); + $compteur = 0; + while ($compteur < $num) { + $obj = $db->fetch_object($resql); + $sql = 'UPDATE '.MAIN_DB_PREFIX."opensurvey_user_studs"; + if ($cleinsertion == 0) { + $sql .= " SET reponses = '0".$db->escape($obj->reponses)."'"; + } else { + $reponsesadd = str_split($obj->reponses); + $lengthresponses = count($reponsesadd); + for ($cpt = $lengthresponses; $cpt > $cleinsertion; $cpt--) { + $reponsesadd[$cpt] = $reponsesadd[$cpt-1]; + } + $reponsesadd[$cleinsertion] = '0'; + $reponsesadd = implode($reponsesadd); + $sql .= " SET reponses = '".$db->escape($reponsesadd)."'"; + } + $sql .= " WHERE id_sondage = '".$db->escape($numsondage)."'"; + $resql = $db->query($sql); + if (!$resql) { + dol_print_error($db); + } + $compteur++; + } + } + } $adresseadmin = $object->mail_admin; } else { $erreur_ajout_date = "yes"; From daababb97f3ae56e255e82cf6dd6f83e47b69e21 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 25 May 2021 19:39:06 +0200 Subject: [PATCH 105/149] Update index.php --- htdocs/takepos/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/takepos/index.php b/htdocs/takepos/index.php index 26a62e36d6e..d51fd21279e 100644 --- a/htdocs/takepos/index.php +++ b/htdocs/takepos/index.php @@ -566,7 +566,7 @@ function Search2(keyCodeForEnter) { $("#prodesc" + i).text(data[i]['label']); $("#prodivdesc" + i).show(); $("#probutton" + i).text(data[i]['label']); - $("#probutton" + i).show();; + $("#probutton" + i).show(); if (data[i]['price_formated']) { $("#proprice" + i).attr("class", "productprice"); $("#proprice" + i).html(data[i]['price_formated']); From 708deaac00673e7302f489d5c704d5ea96e784e3 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Tue, 25 May 2021 17:47:28 +0000 Subject: [PATCH 106/149] Fixing style errors. --- htdocs/contrat/list.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php index 918bd4c256a..19a040bf091 100644 --- a/htdocs/contrat/list.php +++ b/htdocs/contrat/list.php @@ -290,10 +290,10 @@ if (!empty($search_ref_supplier)) { $sql .= natural_search(array('c.ref_supplier'), $search_ref_supplier); } if ($search_zip) { - $sql .= natural_search(array('s.zip'), $search_zip); + $sql .= natural_search(array('s.zip'), $search_zip); } if ($search_town) { - $sql .= natural_search(array('s.town'), $search_town); + $sql .= natural_search(array('s.town'), $search_town); } if ($search_sale > 0) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$search_sale; From 9d6e93fd0132c31241daab8557f47247ce80d50e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 25 May 2021 19:50:53 +0200 Subject: [PATCH 107/149] Update security.php --- htdocs/admin/system/security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index 89d3a3fe251..cb28b20195d 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -278,7 +278,7 @@ print '
    '; print ''.$langs->trans("AntivirusEnabledOnUpload").': '; print empty($conf->global->MAIN_ANTIVIRUS_COMMAND) ? '' : img_picto('', 'tick').' '; -print yn(!empty($conf->global->MAIN_ANTIVIRUS_COMMAND) ? 1 : 0); +print yn(empty($conf->global->MAIN_ANTIVIRUS_COMMAND) ? 0 : 1); if (!empty($conf->global->MAIN_ANTIVIRUS_COMMAND)) { print '   - '.$conf->global->MAIN_ANTIVIRUS_COMMAND; if (defined('MAIN_ANTIVIRUS_COMMAND')) { From 3dfb22b05e3605f7a4a728711e1247524f32ee9f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 25 May 2021 19:54:09 +0200 Subject: [PATCH 108/149] Update task.class.php --- htdocs/projet/class/task.class.php | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 97586a41f41..80333f3d9fb 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -1986,7 +1986,8 @@ class Task extends CommonObject global $conf, $langs; // For external user, no check is done on company because readability is managed by public status of project and assignement. - $socid = $user->socid; + //$socid = $user->socid; + $socid = 0; $projectstatic = new Project($this->db); $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, $socid); @@ -2007,10 +2008,7 @@ class Task extends CommonObject $sql .= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; } // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser - //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; - if ($socid) { - $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; - } + //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser // if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; From 0d31db0ba5bb88d6d47f6e4c5719f4a06414b02f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 25 May 2021 20:11:46 +0200 Subject: [PATCH 109/149] Update don.class.php --- htdocs/don/class/don.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/don/class/don.class.php b/htdocs/don/class/don.class.php index 9396f3a718a..3e0e300930d 100644 --- a/htdocs/don/class/don.class.php +++ b/htdocs/don/class/don.class.php @@ -390,7 +390,7 @@ class Don extends CommonObject $sql .= ", phone"; $sql .= ", phone_mobile"; $sql .= ") VALUES ("; - $sql .= "'".$this->db->idate($this->date)."'"; + $sql .= "'".$this->db->idate($this->date ? $this->date : $now)."'"; $sql .= ", ".$conf->entity; $sql .= ", ".price2num($this->amount); $sql .= ", ".($this->modepaymentid ? $this->modepaymentid : "null"); From 4b47611e23e43dddd0612486ce42181eafaf9668 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 25 May 2021 21:21:09 +0200 Subject: [PATCH 110/149] Debug v14 --- htdocs/compta/facture/class/facture.class.php | 2 +- htdocs/compta/facture/list.php | 11 +- htdocs/fourn/facture/list.php | 105 ++---------------- 3 files changed, 15 insertions(+), 103 deletions(-) diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index bb25da4e604..6dd67d4d931 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -352,7 +352,7 @@ class Facture extends CommonInvoice 'datec' =>array('type'=>'datetime', 'label'=>'DateCreation', 'enabled'=>1, 'visible'=>-1, 'position'=>500), 'tms' =>array('type'=>'timestamp', 'label'=>'DateModificationShort', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>500), 'import_key' =>array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>1, 'visible'=>-2, 'position'=>900), - 'fk_statut' =>array('type'=>'smallint(6)', 'label'=>'Status', 'enabled'=>1, 'visible'=>-1, 'notnull'=>1, 'position'=>1000, 'arrayofkeyval'=>array(0=>'Draft', 1=>'Validated', 2=>'Paid', 3=>'Abandonned')), + 'fk_statut' =>array('type'=>'smallint(6)', 'label'=>'Status', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'position'=>1000, 'arrayofkeyval'=>array(0=>'Draft', 1=>'Validated', 2=>'Paid', 3=>'Abandonned')), ); // END MODULEBUILDER PROPERTIES diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 42e10477a3a..fb4089fabec 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -390,17 +390,16 @@ if ($massaction == 'makepayment_confirm') { $totalcreditnotes = $objecttmp->getSumCreditNotesUsed(); $totaldeposits = $objecttmp->getSumDepositsUsed(); $objecttmp->resteapayer = price2num($objecttmp->total_ttc - $totalpaye - $totalcreditnotes - $totaldeposits, 'MT'); - if ($objecttmp->paye || $objecttmp->resteapayer == 0) { + if ($objecttmp->statut == Facture::STATUS_DRAFT) { + $error++; + setEventMessages($objecttmp->ref.' '.$langs->trans("Draft"), $objecttmp->errors, 'errors'); + } elseif ($objecttmp->paye || $objecttmp->resteapayer == 0) { $error++; setEventMessages($objecttmp->ref.' '.$langs->trans("AlreadyPaid"), $objecttmp->errors, 'errors'); } elseif ($objecttmp->resteapayer < 0) { $error++; setEventMessages($objecttmp->ref.' '.$langs->trans("AmountMustBePositive"), $objecttmp->errors, 'errors'); } - if (!($objecttmp->statut > Facture::STATUS_DRAFT)) { - $error++; - setEventMessages($objecttmp->ref.' '.$langs->trans("Draft"), $objecttmp->errors, 'errors'); - } $rsql = "SELECT pfd.rowid, pfd.traite, pfd.date_demande as date_demande"; $rsql .= " , pfd.date_traite as date_traite"; @@ -952,7 +951,7 @@ if ($resql) { ); if ($conf->prelevement->enabled && !empty($user->rights->prelevement->bons->creer)) { $langs->load("withdrawals"); - $arrayofmassactions['withdrawrequest'] = $langs->trans("MakeWithdrawRequest"); + $arrayofmassactions['withdrawrequest'] = img_picto('', 'payment', 'class="pictofixedwidth"').$langs->trans("MakeWithdrawRequest"); } if ($user->rights->facture->supprimer) { if (!empty($conf->global->INVOICE_CAN_REMOVE_DRAFT_ONLY)) { diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index 4fd45d6cff0..0c4f21ae4be 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -300,17 +300,16 @@ if (empty($reshook)) { $totalcreditnotes = $objecttmp->getSumCreditNotesUsed(); $totaldeposits = $objecttmp->getSumDepositsUsed(); $objecttmp->resteapayer = price2num($objecttmp->total_ttc - $totalpaye - $totalcreditnotes - $totaldeposits, 'MT'); - if ($objecttmp->paye || $objecttmp->resteapayer == 0) { + if ($objecttmp->statut == FactureFournisseur::STATUS_DRAFT) { + $error++; + setEventMessages($objecttmp->ref.' '.$langs->trans("Draft"), $objecttmp->errors, 'errors'); + } elseif ($objecttmp->paye || $objecttmp->resteapayer == 0) { $error++; setEventMessages($objecttmp->ref.' '.$langs->trans("AlreadyPaid"), $objecttmp->errors, 'errors'); } elseif ($objecttmp->resteapayer < 0) { $error++; setEventMessages($objecttmp->ref.' '.$langs->trans("AmountMustBePositive"), $objecttmp->errors, 'errors'); } - if (!($objecttmp->statut > FactureFournisseur::STATUS_DRAFT)) { - $error++; - setEventMessages($objecttmp->ref.' '.$langs->trans("Draft"), $objecttmp->errors, 'errors'); - } $rsql = "SELECT pfd.rowid, pfd.traite, pfd.date_demande as date_demande"; $rsql .= " , pfd.date_traite as date_traite"; @@ -340,7 +339,7 @@ if (empty($reshook)) { } } - //Massive withdraw request for request with no errors + // Massive withdraw request for request with no errors if (!empty($listofbills)) { $nbwithdrawrequestok = 0; foreach ($listofbills as $aBill) { @@ -363,88 +362,6 @@ if (empty($reshook)) { } -if ($massaction == 'transfer_request') { - $langs->load("withdrawals"); - - if (!$user->rights->paymentbybanktransfer->create) { - $error++; - setEventMessages($langs->trans("NotEnoughPermissions"), null, 'errors'); - } else { - //Checking error - $error = 0; - - $arrayofselected = is_array($toselect) ? $toselect : array(); - $listofbills = array(); - foreach ($arrayofselected as $toselectid) { - $objecttmp = new FactureFournisseur($db); - $result = $objecttmp->fetch($toselectid); - if ($result > 0) { - $totalpaye = $objecttmp->getSommePaiement(); - $totalcreditnotes = $objecttmp->getSumCreditNotesUsed(); - $totaldeposits = $objecttmp->getSumDepositsUsed(); - $objecttmp->resteapayer = price2num($objecttmp->total_ttc - $totalpaye - $totalcreditnotes - $totaldeposits, 'MT'); - if ($objecttmp->paye || $objecttmp->resteapayer == 0) { - $error++; - setEventMessages($objecttmp->ref.' '.$langs->trans("AlreadyPaid"), $objecttmp->errors, 'errors'); - } elseif ($objecttmp->resteapayer < 0) { - $error++; - setEventMessages($objecttmp->ref.' '.$langs->trans("AmountMustBePositive"), $objecttmp->errors, 'errors'); - } - if (!($objecttmp->statut > FactureFournisseur::STATUS_DRAFT)) { - $error++; - setEventMessages($objecttmp->ref.' '.$langs->trans("Draft"), $objecttmp->errors, 'errors'); - } - - $rsql = "SELECT pfd.rowid, pfd.traite, pfd.date_demande as date_demande"; - $rsql .= " , pfd.date_traite as date_traite"; - $rsql .= " , pfd.amount"; - $rsql .= " , u.rowid as user_id, u.lastname, u.firstname, u.login"; - $rsql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; - $rsql .= " , ".MAIN_DB_PREFIX."user as u"; - $rsql .= " WHERE fk_facture_fourn = ".$objecttmp->id; - $rsql .= " AND pfd.fk_user_demande = u.rowid"; - $rsql .= " AND pfd.traite = 0"; - $rsql .= " ORDER BY pfd.date_demande DESC"; - - $result_sql = $db->query($rsql); - if ($result_sql) { - $numprlv = $db->num_rows($result_sql); - } - - if ($numprlv > 0) { - $error++; - setEventMessages($objecttmp->ref.' '.$langs->trans("RequestAlreadyDone"), $objecttmp->errors, 'warnings'); - } elseif (!empty($objecttmp->mode_reglement_code) && $objecttmp->mode_reglement_code != 'VIR') { - $error++; - setEventMessages($objecttmp->ref.' '.$langs->trans("BadPaymentMethod"), $objecttmp->errors, 'errors'); - } else { - $listofbills[] = $objecttmp; // $listofbills will only contains invoices with good payment method and no request already done - } - } - } - - //Massive withdraw request for request with no errors - if (!empty($listofbills)) { - $nbwithdrawrequestok = 0; - foreach ($listofbills as $aBill) { - $db->begin(); - $result = $aBill->demande_prelevement($user, $aBill->resteapayer, 'bank-transfer', 'supplier_invoice'); - if ($result > 0) { - $db->commit(); - $nbwithdrawrequestok++; - } else { - $db->rollback(); - setEventMessages($aBill->error, $aBill->errors, 'errors'); - } - } - if ($nbwithdrawrequestok > 0) { - setEventMessages($langs->trans("BankTransferRequestsDone", $nbwithdrawrequestok), null, 'mesgs'); - } - } - } -} - - /* * View */ @@ -623,7 +540,7 @@ if ($search_login) { $sql .= natural_search('u.login', $search_login); } if ($search_status != '' && $search_status >= 0) { - $sql .= " AND f.fk_statut = ".$db->escape($search_status); + $sql .= " AND f.fk_statut = ".((int) $search_status); } if ($search_paymentmode > 0) { $sql .= " AND f.fk_mode_reglement = ".((int) $search_paymentmode); @@ -646,7 +563,7 @@ if ($search_categ_sup == -2) { $sql .= " AND cs.fk_categorie IS NULL"; } if ($search_status != '' && $search_status >= 0) { - $sql .= " AND f.fk_statut = ".$search_status; + $sql .= " AND f.fk_statut = ".((int) $search_status); } if ($filter && $filter != -1) { $aFilter = explode(',', $filter); @@ -857,14 +774,10 @@ if ($resql) { //'builddoc'=>img_picto('', 'pdf', 'class="pictofixedwidth"').$langs->trans("PDFMerge"), //'presend'=>img_picto('', 'email', 'class="pictofixedwidth"').$langs->trans("SendByMail"), ); - if ($conf->paymentbybanktransfer->enabled) { - $langs->load("withdrawals"); - $arrayofmassactions['transfer_request'] = $langs->trans("MakeBankTransferOrder"); - } //if($user->rights->fournisseur->facture->creer) $arrayofmassactions['createbills']=$langs->trans("CreateInvoiceForThisCustomer"); if (!empty($conf->paymentbybanktransfer->enabled) && !empty($user->rights->paymentbybanktransfer->create)) { $langs->load('withdrawals'); - $arrayofmassactions['banktransfertrequest'] = $langs->trans("MakeBankTransferOrder"); + $arrayofmassactions['banktransfertrequest'] = img_picto('', 'payment', 'class="pictofixedwidth"').$langs->trans("MakeBankTransferOrder"); } if ($user->rights->fournisseur->facture->supprimer) { $arrayofmassactions['predelete'] = img_picto('', 'delete', 'class="pictofixedwidth"').$langs->trans("Delete"); @@ -876,7 +789,7 @@ if ($resql) { $url = DOL_URL_ROOT.'/fourn/facture/card.php?action=create'; if (!empty($socid)) { - $url .= '&socid='.$socid; + $url .= '&socid='.urlencode($socid); } $newcardbutton = dolGetButtonTitle($langs->trans('NewBill'), '', 'fa fa-plus-circle', $url, '', ($user->rights->fournisseur->facture->creer || $user->rights->supplier_invoice->creer)); From 9aee8a2a0b94194f25295e4778a7e89e84d16177 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 25 May 2021 21:53:44 +0200 Subject: [PATCH 111/149] FIX #17406 --- htdocs/product/class/product.class.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 511331e6008..2ccc5e63c8f 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -5184,7 +5184,7 @@ class Product extends CommonObject * Load value ->stock_theorique of a product. Property this->id must be defined. * This function need a lot of load. If you use it on list, use a cache to execute it one for each product id. * - * @param int $includedraftpoforvirtual Include draft status of PO for virtual stock calculation + * @param int $includedraftpoforvirtual Include draft status and not yet approved Purchase Orders for virtual stock calculation * @return int < 0 if KO, > 0 if OK * @see load_stock(), loadBatchInfo() */ @@ -5223,9 +5223,9 @@ class Product extends CommonObject $stock_sending_client = $this->stats_expedition['qty']; } if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD)) || !empty($conf->supplier_order->enabled)) { - $filterStatus = '1,2,3,4'; + $filterStatus = empty($conf->global->SUPPLIER_ORDER_STATUS_FOR_VIRTUAL_STOCK) ? '2,3,4' : $conf->global->SUPPLIER_ORDER_STATUS_FOR_VIRTUAL_STOCK; if (isset($includedraftpoforvirtual)) { - $filterStatus = '0,'.$filterStatus; + $filterStatus = '0,1,2,'.$filterStatus; // 1,2 may have already been inside $filterStatus but it is better to have twice than missing $filterStatus does not include them } $result = $this->load_stats_commande_fournisseur(0, $filterStatus, 1); if ($result < 0) { From c76cf60e1562d1abb1e1eff67fb6eb849ba53b00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Tue, 25 May 2021 22:09:58 +0200 Subject: [PATCH 112/149] Update html.form.class.php --- htdocs/core/class/html.form.class.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 43eb8f208db..3bd39359f33 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -6,7 +6,7 @@ * Copyright (C) 2004 Eric Seigne * Copyright (C) 2005-2017 Regis Houssin * Copyright (C) 2006 Andre Cianfarani - * Copyright (C) 2006 Marc Barilley/Ocebo + * Copyright (C) 2006 Marc Barilley/Ocebo logo * Copyright (C) 2007 Franky Van Liedekerke * Copyright (C) 2007 Patrick Raguin * Copyright (C) 2010 Juanjo Menent @@ -8208,7 +8208,7 @@ class Form } elseif ($modulepart == 'contact') { $dir = $conf->societe->multidir_output[$entity].'/contact'; if (!empty($object->photo)) { - if (dolIsAllowedForPreview($object->logo)) { + if (dolIsAllowedForPreview($object->photo)) { if ((string) $imagesize == 'mini') { $file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.getImageFileNameForSize($object->photo, '_mini'); } elseif ((string) $imagesize == 'small') { @@ -8224,7 +8224,7 @@ class Form } elseif ($modulepart == 'userphoto') { $dir = $conf->user->dir_output; if (!empty($object->photo)) { - if (dolIsAllowedForPreview($object->logo)) { + if (dolIsAllowedForPreview($object->photo)) { if ((string) $imagesize == 'mini') { $file = get_exdir(0, 0, 0, 0, $object, 'user').getImageFileNameForSize($object->photo, '_mini'); } elseif ((string) $imagesize == 'small') { @@ -8243,7 +8243,7 @@ class Form } elseif ($modulepart == 'memberphoto') { $dir = $conf->adherent->dir_output; if (!empty($object->photo)) { - if (dolIsAllowedForPreview($object->logo)) { + if (dolIsAllowedForPreview($object->photo)) { if ((string) $imagesize == 'mini') { $file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.getImageFileNameForSize($object->photo, '_mini'); } elseif ((string) $imagesize == 'small') { @@ -8263,7 +8263,7 @@ class Form // Generic case to show photos $dir = $conf->$modulepart->dir_output; if (!empty($object->photo)) { - if (dolIsAllowedForPreview($object->logo)) { + if (dolIsAllowedForPreview($object->photo)) { if ((string) $imagesize == 'mini') { $file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.getImageFileNameForSize($object->photo, '_mini'); } elseif ((string) $imagesize == 'small') { From 4c698ce7989a955cdd5ab98667633e9b1fa69989 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Tue, 25 May 2021 22:11:30 +0200 Subject: [PATCH 113/149] Update html.form.class.php --- htdocs/core/class/html.form.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 3bd39359f33..0f4bff6b2ba 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -6,7 +6,7 @@ * Copyright (C) 2004 Eric Seigne * Copyright (C) 2005-2017 Regis Houssin * Copyright (C) 2006 Andre Cianfarani - * Copyright (C) 2006 Marc Barilley/Ocebo logo + * Copyright (C) 2006 Marc Barilley/Ocebo * Copyright (C) 2007 Franky Van Liedekerke * Copyright (C) 2007 Patrick Raguin * Copyright (C) 2010 Juanjo Menent From 332d8c91051453f1d122359409b24115f0d306cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Tue, 25 May 2021 22:24:46 +0200 Subject: [PATCH 114/149] fix warnings --- htdocs/comm/action/card.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index 793518ed150..245f90edf72 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -1986,7 +1986,7 @@ if ($id > 0) { print ' '; // Done by - if ($conf->global->AGENDA_ENABLE_DONEBY) { + if (!empty($conf->global->AGENDA_ENABLE_DONEBY)) { print '    '; } @@ -792,8 +792,8 @@ if (!empty($arrayfields['d.statut']['checked'])) { $liststatus = array( '-1'=>$langs->trans("Draft"), '1'=>$langs->trans("Validated"), - '0'=>$langs->trans("Resiliated"), - '-2'=>$langs->trans("Excluded") + '0'=>$langs->trans("MemberStatusResiliatedShort"), + '-2'=>$langs->trans("MemberStatusExcludedShort") ); print $form->selectarray('search_status', $liststatus, $search_status, -3); print ''; diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 43eb8f208db..fec54c8d688 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -6924,7 +6924,7 @@ class Form if ($addjscombo && $jsbeautify) { // Enhance with select2 include_once DOL_DOCUMENT_ROOT.'/core/lib/ajax.lib.php'; - $out .= ajax_combobox($htmlname); + $out .= ajax_combobox($htmlname, array(), 0, 0, 'resolve', $show_empty < 0 ? (string) $show_empty : '-1'); } $out .= ''; } // Action column From 1662d4a82997f35fd841d7d69312f05bcbfdc2c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Tue, 25 May 2021 23:14:36 +0200 Subject: [PATCH 117/149] fix warnings --- htdocs/fourn/commande/list.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index aba5b8060f9..e7f19d0671a 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -6,7 +6,7 @@ * Copyright (C) 2014 Marcos García * Copyright (C) 2014 Juanjo Menent * Copyright (C) 2016 Ferran Marcet - * Copyright (C) 2018 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * Copyright (C) 2018-2020 Charlene Benke * Copyright (C) 2019 Nicolas ZABOURI * @@ -1272,6 +1272,10 @@ if ($resql) { $i = 0; $totalarray = array(); + $totalarray['nbfield'] = 0; + $totalarray['val'] = array(); + $totalarray['val']['cf.total_ht'] = 0; + $totalarray['val']['cf.total_ttc'] = 0; while ($i < min($num, $limit)) { $obj = $db->fetch_object($resql); From 4067ac19dcf2048e251a7676b701beb34a0858c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Tue, 25 May 2021 23:17:34 +0200 Subject: [PATCH 118/149] fix warning --- htdocs/fichinter/list.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php index 31fd0ea3152..f96b9e62f88 100644 --- a/htdocs/fichinter/list.php +++ b/htdocs/fichinter/list.php @@ -572,6 +572,7 @@ if ($resql) { $total = 0; $i = 0; $totalarray = array(); + $totalarray['nbfield'] = 0; while ($i < min($num, $limit)) { $obj = $db->fetch_object($resql); From e316437a0e824985c13f157881b2f603c39b0cae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Tue, 25 May 2021 23:20:55 +0200 Subject: [PATCH 119/149] fix warning --- htdocs/adherents/subscription/list.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/adherents/subscription/list.php b/htdocs/adherents/subscription/list.php index 55cafade309..06cd77f61c4 100644 --- a/htdocs/adherents/subscription/list.php +++ b/htdocs/adherents/subscription/list.php @@ -477,6 +477,7 @@ print "\n"; $totalarray = array(); +$totalarray['nbfield'] = 0; while ($i < min($num, $limit)) { $obj = $db->fetch_object($result); From 8221011d7de3e244d613191bf2cea5ec045433c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Tue, 25 May 2021 23:22:43 +0200 Subject: [PATCH 120/149] Update list.php --- htdocs/adherents/list.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index b6fe79b8d68..dde013e60c4 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -891,6 +891,7 @@ print "\n"; $i = 0; $totalarray = array(); +$totalarray['nbfield'] = 0; while ($i < min($num, $limit)) { $obj = $db->fetch_object($resql); From f9d6438baeff07e9692c5f43d61b68deb93420db Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 25 May 2021 23:26:03 +0200 Subject: [PATCH 121/149] Debug v14 --- htdocs/admin/stock.php | 2 ++ htdocs/core/class/conf.class.php | 4 ++++ htdocs/langs/en_US/mrp.lang | 2 +- htdocs/product/stock/product.php | 34 ++++++++++++++++++-------------- 4 files changed, 26 insertions(+), 16 deletions(-) diff --git a/htdocs/admin/stock.php b/htdocs/admin/stock.php index c5e98935ebb..a4a9e91e3ff 100644 --- a/htdocs/admin/stock.php +++ b/htdocs/admin/stock.php @@ -744,6 +744,7 @@ if ($conf->use_javascript_ajax) { print "\n"; print "\n"; +/* Disabled. Would be better to be managed with a user cookie if (!empty($conf->productbatch->enabled)) { print ''; print ''; @@ -757,6 +758,7 @@ if (!empty($conf->productbatch->enabled)) { print "\n"; print "\n"; } +*/ print '
    '.$langs->trans("DefaultWarehouse").''; - print img_picto($langs->trans("DefaultWarehouse"), 'stock', 'pictofixedwidth'); + print img_picto($langs->trans("DefaultWarehouse"), 'stock', 'class="pictofixedwidth"'); print $formproduct->selectWarehouses(GETPOST('fk_default_warehouse'), 'fk_default_warehouse', 'warehouseopen', 1); print ' '; print ''; diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index 988ac6b3ae3..6c705c62489 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -1027,6 +1027,7 @@ ul.attendees li { list-style-type: none; padding-top:1px; padding-bottom:1px; + line-height: 1.6em; } .googlerefreshcal { padding-top: 4px; @@ -1472,6 +1473,10 @@ select.widthcentpercentminusxx, span.widthcentpercentminusxx:not(.select2-select width: calc(100% - 40px) !important; display: inline-block; } + select.widthcentpercentminusxx, span.widthcentpercentminusxx:not(.select2-selection), input.widthcentpercentminusxx { + width: calc(100% - 70px) !important; + display: inline-block; + } .logopublicpayment #dolpaymentlogo { max-width: 260px; diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index e292b3850d1..407a38ea320 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -1496,6 +1496,18 @@ table[summary="list_of_modules"] .fa-cog { padding-right: 10px !important; } + .hideonsmartphone { display: none; } + .hideonsmartphoneimp { display: none !important; } + + select.minwidth100imp, select.minwidth100, select.minwidth200, select.minwidth200imp, select.minwidth300 { + width: calc(100% - 40px) !important; + display: inline-block; + } + select.widthcentpercentminusxx, span.widthcentpercentminusxx:not(.select2-selection), input.widthcentpercentminusxx { + width: calc(100% - 70px) !important; + display: inline-block; + } + .poweredbyimg { width: 48px; } @@ -1580,8 +1592,6 @@ table[summary="list_of_modules"] .fa-cog { line-height: 1.4em; } - .hideonsmartphone { display: none; } - .hideonsmartphoneimp { display: none !important; } .noenlargeonsmartphone { width : 50px !important; display: inline !important; } .maxwidthonsmartphone, #search_newcompany.ui-autocomplete-input { max-width: 100px; } .maxwidth50onsmartphone { max-width: 40px; } From f9fb296ea6cae998a0108014b22b156ac5d45e31 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Wed, 19 May 2021 13:59:36 +0200 Subject: [PATCH 031/149] Update llx_00_c_country.sql MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit République Tchèque -> Czech Republic Danemark -> Denmark Djibouti = Djibouti Dominique -> Dominica République Dominicaine -> Dominican Republic Equateur -> Republic of Ecuador Egypte -> Egypt Salvador -> El Salvador Guinée Equatoriale -> Equatorial Guinea Erythrée -> Eritrea --- htdocs/install/mysql/data/llx_00_c_country.sql | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/htdocs/install/mysql/data/llx_00_c_country.sql b/htdocs/install/mysql/data/llx_00_c_country.sql index 296b6d0e412..bc09a7fd1f6 100644 --- a/htdocs/install/mysql/data/llx_00_c_country.sql +++ b/htdocs/install/mysql/data/llx_00_c_country.sql @@ -106,16 +106,16 @@ INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (75 INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (76,'HR','HRV','Croatie',1,0); INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (77,'CU','CUB','Cuba',1,0); INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (78,'CY','CYP','Cyprus',1,0); -INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (79,'CZ','CZE','République Tchèque',1,0); -INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (80,'DK','DNK','Danemark',1,0); +INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (79,'CZ','CZE','Czech Republic',1,0); +INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (80,'DK','DNK','Denmark',1,0); INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (81,'DJ','DJI','Djibouti',1,0); -INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (82,'DM','DMA','Dominique',1,0); -INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (83,'DO','DOM','République Dominicaine',1,0); -INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (84,'EC','ECU','Equateur',1,0); -INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (85,'EG','EGY','Egypte',1,0); -INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (86,'SV','SLV','Salvador',1,0); -INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (87,'GQ','GNQ','Guinée Equatoriale',1,0); -INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (88,'ER','ERI','Erythrée',1,0); +INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (82,'DM','DMA','Dominica',1,0); +INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (83,'DO','DOM','Dominican Republic',1,0); +INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (84,'EC','ECU','Republic of Ecuador',1,0); +INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (85,'EG','EGY','Egypt',1,0); +INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (86,'SV','SLV','El Salvador',1,0); +INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (87,'GQ','GNQ','Equatorial Guinea',1,0); +INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (88,'ER','ERI','Eritrea',1,0); INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (89,'EE','EST','Estonia',1,0); INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (90,'ET','ETH','Ethiopia',1,0); INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (91,'FK','FLK','Falkland Islands',1,0); From 173ef6e877a542db618db669d1793e13510b316e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 19 May 2021 14:04:01 +0200 Subject: [PATCH 032/149] Look and feel v14 --- htdocs/core/class/html.form.class.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 1366b8d5078..7fcad5b8fb4 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -4946,16 +4946,16 @@ class Form $formconfirm .= ''."\n"; // Line title - $formconfirm .= ''."\n"; + $formconfirm .= ''."\n"; // Line text if (is_array($formquestion) && !empty($formquestion['text'])) { - $formconfirm .= ''."\n"; + $formconfirm .= ''."\n"; } // Line form fields if ($more) { - $formconfirm .= ''."\n"; } @@ -4963,10 +4963,10 @@ class Form // Line with question $formconfirm .= ''; $formconfirm .= ''; - $formconfirm .= ''; - $formconfirm .= ''; $formconfirm .= ''."\n"; $formconfirm .= '
    '.img_picto('', 'recent').' '.$title.'
    '.img_picto('', 'recent').' '.$title.'
    '.$formquestion['text'].'
    '.$formquestion['text'].'
    '."\n"; + $formconfirm .= '
    '."\n"; $formconfirm .= $more; $formconfirm .= '
    '.$question.''; + $formconfirm .= ''; $formconfirm .= $this->selectyesno("confirm", $newselectedchoice); + $formconfirm .= ''; $formconfirm .= '
    '."\n"; From 8f5c898daef6034358bb3ee4380cbbb55ebdfb04 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 19 May 2021 14:13:42 +0200 Subject: [PATCH 033/149] CSS --- htdocs/core/class/html.form.class.php | 11 +++++++---- htdocs/core/lib/functions.lib.php | 4 ++-- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 7fcad5b8fb4..47764d448f1 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -4946,7 +4946,9 @@ class Form $formconfirm .= ''."\n"; // Line title - $formconfirm .= ''."\n"; + $formconfirm .= ''."\n"; // Line text if (is_array($formquestion) && !empty($formquestion['text'])) { @@ -4964,7 +4966,7 @@ class Form $formconfirm .= ''; $formconfirm .= ''; $formconfirm .= ''; $formconfirm .= ''."\n"; @@ -7837,9 +7839,10 @@ class Form * @param bool $disabled true or false * @param int $useempty 1=Add empty line * @param int $addjscombo 1=Add js beautifier on combo box + * @param string $morecss More CSS * @return string See option */ - public function selectyesno($htmlname, $value = '', $option = 0, $disabled = false, $useempty = 0, $addjscombo = 0) + public function selectyesno($htmlname, $value = '', $option = 0, $disabled = false, $useempty = 0, $addjscombo = 0, $morecss = '') { global $langs; @@ -7852,7 +7855,7 @@ class Form $disabled = ($disabled ? ' disabled' : ''); - $resultyesno = ''."\n"; if ($useempty) { $resultyesno .= ''."\n"; } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index abf9c587b68..9afa45aff26 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -3516,7 +3516,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ 'generic', 'home', 'hrm', 'members', 'products', 'invoicing', 'partnership', 'payment', 'pencil-ruler', 'preview', 'project', 'projectpub', 'projecttask', 'refresh', 'salary', 'shipment', 'supplier_invoice', 'technic', 'ticket', 'error', 'warning', - 'reception', 'recruitmentcandidature', 'recruitmentjobposition', 'resource', + 'recent', 'reception', 'recruitmentcandidature', 'recruitmentjobposition', 'resource', 'shapes', 'supplier', 'supplier_proposal', 'supplier_order', 'supplier_invoice', 'timespent', 'title_setup', 'title_accountancy', 'title_bank', 'title_hrm', 'title_agenda', 'uncheck', 'user-cog', 'website', 'workstation', @@ -3558,7 +3558,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ 'other'=>'square', 'playdisabled'=>'play', 'pdf'=>'file-pdf', 'poll'=>'check-double', 'pos'=>'cash-register', 'preview'=>'binoculars', 'project'=>'project-diagram', 'projectpub'=>'project-diagram', 'projecttask'=>'tasks', 'propal'=>'file-signature', 'partnership'=>'handshake', 'payment'=>'money-check-alt', 'phoning'=>'phone', 'phoning_mobile'=>'mobile-alt', 'phoning_fax'=>'fax', 'previous'=>'arrow-alt-circle-left', 'printer'=>'print', 'product'=>'cube', 'service'=>'concierge-bell', - 'reception'=>'dolly', 'recruitmentjobposition'=>'id-card-alt', 'recruitmentcandidature'=>'id-badge', + 'recent' => 'question', 'reception'=>'dolly', 'recruitmentjobposition'=>'id-card-alt', 'recruitmentcandidature'=>'id-badge', 'resize'=>'crop', 'supplier_order'=>'dol-order_supplier', 'supplier_proposal'=>'file-signature', 'refresh'=>'redo', 'resource'=>'laptop-house', 'security'=>'key', 'salary'=>'wallet', 'shipment'=>'dolly', 'stock'=>'box-open', 'stats' => 'chart-bar', 'split'=>'code-branch', 'stripe'=>'stripe-s', From e2e6d4ba14434f52b8385bbbca5580250c6e3cc9 Mon Sep 17 00:00:00 2001 From: lvessiller Date: Wed, 19 May 2021 14:29:46 +0200 Subject: [PATCH 034/149] FIX keep special code on supplier order lines for external modules --- htdocs/fourn/commande/card.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index 0b7eb338b69..ef127e84811 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -1239,6 +1239,8 @@ if (empty($reshook)) $tva_tx = get_default_tva($soc, $mysoc, $lines[$i]->fk_product, $product_fourn_price_id); } + $object->special_code = $lines[$i]->special_code; + $result = $object->addline( $desc, $lines[$i]->subprice, From 92ccf5982a8e600cee4134ac0d8c7b12f40874a9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 19 May 2021 14:38:39 +0200 Subject: [PATCH 035/149] Fix responsive --- htdocs/comm/propal/card.php | 25 +++++++++++----------- htdocs/core/class/html.form.class.php | 30 ++++++++++++++------------- htdocs/core/lib/functions.lib.php | 2 +- 3 files changed, 29 insertions(+), 28 deletions(-) diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index 984d77e7263..5d9ae8d75a6 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -1436,11 +1436,9 @@ if (empty($reshook)) { */ $form = new Form($db); -$formother = new FormOther($db); $formfile = new FormFile($db); $formpropal = new FormPropal($db); $formmargin = new FormMargin($db); -$companystatic = new Societe($db); if (!empty($conf->projet->enabled)) { $formproject = new FormProjets($db); } @@ -1582,7 +1580,7 @@ if ($action == 'create') { //$warehouse_id = $soc->warehouse_id; } else { print ''; - print ''; - - print ''; + print ''."\n"; print ''; print_liste_field_titre("AccountAccounting", $_SERVER['PHP_SELF'], "t.numero_compte", "", $param, "", $sortfield, $sortorder); @@ -298,8 +319,14 @@ if ($action != 'export_csv') { print_liste_field_titre("Debit", $_SERVER['PHP_SELF'], "t.debit", "", $param, 'class="right"', $sortfield, $sortorder); print_liste_field_titre("Credit", $_SERVER['PHP_SELF'], "t.credit", "", $param, 'class="right"', $sortfield, $sortorder); print_liste_field_titre("Balance", $_SERVER["PHP_SELF"], "", $param, "", 'class="right"', $sortfield, $sortorder); - print_liste_field_titre('', $_SERVER["PHP_SELF"], "", $param, "", 'width="60" class="center"', $sortfield, $sortorder); - print "\n"; + + // Hook fields + $parameters = array('arrayfields'=>$arrayfields, 'param'=>$param, 'sortfield'=>$sortfield, 'sortorder'=>$sortorder); + $reshook = $hookmanager->executeHooks('printFieldListTitle', $parameters, $object); // Note that $action and $object may have been modified by hook + print $hookmanager->resPrint; + // Action column + print getTitleFieldOfList($selectedfields, 0, $_SERVER["PHP_SELF"], '', '', '', '', $sortfield, $sortorder, 'center maxwidthsearch ')."\n"; + print ''."\n"; $total_debit = 0; $total_credit = 0; From fbe491c4da728ed5ac85fa0eb4bf9f63d707fff8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 21 May 2021 12:17:56 +0200 Subject: [PATCH 076/149] FIX CWE-79 huntr --- htdocs/main.inc.php | 32 ++++++++++++++------------------ test/phpunit/SecurityTest.php | 4 ++++ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 7b40647ebcb..40bb38a54f7 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -142,27 +142,23 @@ function testSqlAndScriptInject($val, $type) } $inj += preg_match('/base\s+href/si', $val); $inj += preg_match('/=data:/si', $val); - // List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp - $inj += preg_match('/onmouse([a-z]*)\s*=/i', $val); // onmousexxx can be set on img or any html tag like - $inj += preg_match('/ondrag([a-z]*)\s*=/i', $val); // - $inj += preg_match('/ontouch([a-z]*)\s*=/i', $val); // - $inj += preg_match('/on(abort|afterprint|beforeprint|beforeunload|blur|canplay|canplaythrough|change|click|contextmenu|copy|cut)\s*=/i', $val); - $inj += preg_match('/on(dblclick|drop|durationchange|ended|error|focus|focusin|focusout|hashchange|input|invalid)\s*=/i', $val); - $inj += preg_match('/on(keydown|keypress|keyup|load|loadeddata|loadedmetadata|loadstart|loadend|offline|online|pagehide|pageshow)\s*=/i', $val); - $inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|resize|reset|scroll|search|seeking|select|show|stalled|start|submit|suspend)\s*=/i', $val); - $inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting)\s*=/i', $val); + // List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp and https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers + $inj += preg_match('/on(mouse|drag|key|load|touch|pointer|select|transition)([a-z]*)\s*=/i', $val); // onmousexxx can be set on img or any html tag like + $inj += preg_match('/on(abort|afterprint|animation|auxclick|beforeprint|beforeunload|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|copy|cut)\s*=/i', $val); + $inj += preg_match('/on(lostpointercapture|dblclick|drop|durationchange|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)\s*=/i', $val); + $inj += preg_match('/on(offline|online|pagehide|pageshow)\s*=/i', $val); + $inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeking|show|stalled|start|submit|suspend)\s*=/i', $val); + $inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting|wheel)\s*=/i', $val); // We refuse html into html because some hacks try to obfuscate evil strings by inserting HTML into HTML. Example: error=alert(1) to bypass test on onerror $tmpval = preg_replace('/<[^<]+>/', '', $val); - // List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp - $inj += preg_match('/onmouse([a-z]*)\s*=/i', $tmpval); // onmousexxx can be set on img or any html tag like - $inj += preg_match('/ondrag([a-z]*)\s*=/i', $tmpval); // - $inj += preg_match('/ontouch([a-z]*)\s*=/i', $tmpval); // - $inj += preg_match('/on(abort|afterprint|beforeprint|beforeunload|blur|canplay|canplaythrough|change|click|contextmenu|copy|cut)\s*=/i', $tmpval); - $inj += preg_match('/on(dblclick|drop|durationchange|ended|error|focus|focusin|focusout|hashchange|input|invalid)\s*=/i', $tmpval); - $inj += preg_match('/on(keydown|keypress|keyup|load|loadeddata|loadedmetadata|loadstart|loadend|offline|online|pagehide|pageshow)\s*=/i', $tmpval); - $inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|resize|reset|scroll|search|seeking|select|show|stalled|start|submit|suspend)\s*=/i', $tmpval); - $inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting)\s*=/i', $tmpval); + // List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp and https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers + $inj += preg_match('/on(mouse|drag|key|load|touch|pointer|select|transition)([a-z]*)\s*=/i', $val); // onmousexxx can be set on img or any html tag like + $inj += preg_match('/on(abort|afterprint|animation|auxclick|beforeprint|beforeunload|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|copy|cut)\s*=/i', $tmpval); + $inj += preg_match('/on(dblclick|drop|durationchange|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)\s*=/i', $tmpval); + $inj += preg_match('/on(lostpointercapture|offline|online|pagehide|pageshow)\s*=/i', $tmpval); + $inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeking|show|stalled|start|submit|suspend)\s*=/i', $tmpval); + $inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting|wheel)\s*=/i', $tmpval); //$inj += preg_match('/on[A-Z][a-z]+\*=/', $val); // To lock event handlers onAbort(), ... $inj += preg_match('/:|:|:/i', $val); // refused string ':' encoded (no reason to have it encoded) to lock 'javascript:...' diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index bd4d0e9b76d..944d4f4cbe5 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -302,6 +302,10 @@ class SecurityTest extends PHPUnit\Framework\TestCase $test="rror=alert(document.location)"; $result=testSqlAndScriptInject($test, 0); $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject kkk'); + + $test="XSS"; + $result=testSqlAndScriptInject($test, 0); + $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject lll'); } /** From a5001899ebe2f34526fa44bcacca557d5f245058 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Fri, 21 May 2021 13:32:09 +0200 Subject: [PATCH 077/149] Update llx_00_c_country.sql MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Nouvelle-Calédonie -> New Caledonia Nouvelle-Zélande -> New Zealand Nicaragua = Nicaragua Niger = Niger Nigeria = Nigeria Nioué -> Niue Ile Norfolk -> Norfolk Island Mariannes du Nord -> Northern Mariana Islands Norvège -> Norway Oman = Oman Pakistan = Pakistan Palaos -> Palau Territoire Palestinien Occupé -> Palestinian territories Panama = Panama Papouasie-Nouvelle-Guinée -> Papua New Guinea Paraguay = Paraguay Peru = Peru Philippines = Philippines Iles Pitcairn -> Pitcairn Islands Pologne -> Poland Porto Rico -> Puerto Rico Qatar = Qatar --- .../install/mysql/data/llx_00_c_country.sql | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/htdocs/install/mysql/data/llx_00_c_country.sql b/htdocs/install/mysql/data/llx_00_c_country.sql index bc09a7fd1f6..677447f1af2 100644 --- a/htdocs/install/mysql/data/llx_00_c_country.sql +++ b/htdocs/install/mysql/data/llx_00_c_country.sql @@ -194,27 +194,27 @@ INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (40 INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (300,'CW','CUW','Curaçao',1,0); INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (301,'SX','SXM','Sint Maarten',1,0); --End of antilles nederland -INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (165,'NC','NCL','Nouvelle-Calédonie',1,0); -INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (166,'NZ','NZL','Nouvelle-Zélande',1,0); +INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (165,'NC','NCL','New Caledonia',1,0); +INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (166,'NZ','NZL','New Zealand',1,0); INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (167,'NI','NIC','Nicaragua',1,0); INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (168,'NE','NER','Niger',1,0); INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (169,'NG','NGA','Nigeria',1,0); -INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (170,'NU','NIU','Nioué',1,0); -INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (171,'NF','NFK','Ile Norfolk',1,0); -INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (172,'MP','MNP','Mariannes du Nord',1,0); -INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (173,'NO','NOR','Norvège',1,0); +INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (170,'NU','NIU','Niue',1,0); +INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (171,'NF','NFK','Norfolk Island',1,0); +INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (172,'MP','MNP','Northern Mariana Islands',1,0); +INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (173,'NO','NOR','Norway',1,0); INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (174,'OM','OMN','Oman',1,0); INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (175,'PK','PAK','Pakistan',1,0); -INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (176,'PW','PLW','Palaos',1,0); -INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (177,'PS','PSE','Territoire Palestinien Occupé',1,0); +INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (176,'PW','PLW','Palau',1,0); +INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (177,'PS','PSE','Palestinian territories',1,0); INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (178,'PA','PAN','Panama',1,0); -INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (179,'PG','PNG','Papouasie-Nouvelle-Guinée',1,0); +INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (179,'PG','PNG','Papua New Guinea',1,0); INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (180,'PY','PRY','Paraguay',1,0); INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (181,'PE','PER','Peru',1,0); INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (182,'PH','PHL','Philippines',1,0); -INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (183,'PN','PCN','Iles Pitcairn',1,0); +INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (183,'PN','PCN','Pitcairn Islands',1,0); INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (184,'PL','POL','Pologne',1,0); -INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (185,'PR','PRI','Porto Rico',1,0); +INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (185,'PR','PRI','Puerto Rico',1,0); INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (186,'QA','QAT','Qatar',1,0); INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (188,'RO','ROU','Roumanie',1,0); INSERT INTO llx_c_country (rowid,code,code_iso,label,active,favorite) VALUES (189,'RW','RWA','Rwanda',1,0); From b5af3b17d53f41bc03ca784ccf94f1acc55d1a82 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 21 May 2021 14:03:52 +0200 Subject: [PATCH 078/149] Update doc --- doc/images/README.md | 19 +++++++++---------- htdocs/main.inc.php | 10 +++++----- 2 files changed, 14 insertions(+), 15 deletions(-) diff --git a/doc/images/README.md b/doc/images/README.md index 7422d246d40..e93c9f9c3d4 100644 --- a/doc/images/README.md +++ b/doc/images/README.md @@ -10,17 +10,16 @@ https://github.com/Dolibarr/foundation -* Few icons are / were from website led24.de -* Attention: This website is no longer available! +# LICENCE OF IMAGE RESOURCES +-------------------------------- -This is original README file for this source: -------------------------------------------------------- +* All image resources (except dolihelp.ico and doliadmin.ico) in this directory are distributed under licence CC BY-SA + +List of icons from http://led24.de/iconset/ are: +- doliadmin.ico +- dolihelp.ico + +This is original README file for the package with this 2 images: You can do whatever you want with these icons (use on web or in desktop applications) as long as you don’t pass them off as your own and remove this readme file. A credit statement and a link back to http://led24.de/iconset/ or http://led24.de/ would be appreciated. - -Follow us on twitter http://twitter.com/gasyoun or email leds24@gmail.com -512 icons 20/05/2009 -------------------------------------------------------- -List of icons from http://led24.de/iconset/ are: -- dolihelp.ico diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 40bb38a54f7..a42c3c39cd3 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -145,9 +145,9 @@ function testSqlAndScriptInject($val, $type) // List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp and https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers $inj += preg_match('/on(mouse|drag|key|load|touch|pointer|select|transition)([a-z]*)\s*=/i', $val); // onmousexxx can be set on img or any html tag like $inj += preg_match('/on(abort|afterprint|animation|auxclick|beforeprint|beforeunload|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|copy|cut)\s*=/i', $val); - $inj += preg_match('/on(lostpointercapture|dblclick|drop|durationchange|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)\s*=/i', $val); - $inj += preg_match('/on(offline|online|pagehide|pageshow)\s*=/i', $val); - $inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeking|show|stalled|start|submit|suspend)\s*=/i', $val); + $inj += preg_match('/on(dblclick|drop|durationchange|emptied|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)\s*=/i', $val); + $inj += preg_match('/on(lostpointercapture|offline|online|pagehide|pageshow)\s*=/i', $val); + $inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeked|seeking|show|stalled|start|submit|suspend)\s*=/i', $val); $inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting|wheel)\s*=/i', $val); // We refuse html into html because some hacks try to obfuscate evil strings by inserting HTML into HTML. Example: error=alert(1) to bypass test on onerror @@ -155,9 +155,9 @@ function testSqlAndScriptInject($val, $type) // List of dom events is on https://www.w3schools.com/jsref/dom_obj_event.asp and https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers $inj += preg_match('/on(mouse|drag|key|load|touch|pointer|select|transition)([a-z]*)\s*=/i', $val); // onmousexxx can be set on img or any html tag like $inj += preg_match('/on(abort|afterprint|animation|auxclick|beforeprint|beforeunload|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|copy|cut)\s*=/i', $tmpval); - $inj += preg_match('/on(dblclick|drop|durationchange|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)\s*=/i', $tmpval); + $inj += preg_match('/on(dblclick|drop|durationchange|emptied|ended|error|focus|focusin|focusout|formdata|gotpointercapture|hashchange|input|invalid)\s*=/i', $tmpval); $inj += preg_match('/on(lostpointercapture|offline|online|pagehide|pageshow)\s*=/i', $tmpval); - $inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeking|show|stalled|start|submit|suspend)\s*=/i', $tmpval); + $inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|reset|resize|scroll|search|seeked|seeking|show|stalled|start|submit|suspend)\s*=/i', $tmpval); $inj += preg_match('/on(timeupdate|toggle|unload|volumechange|waiting|wheel)\s*=/i', $tmpval); //$inj += preg_match('/on[A-Z][a-z]+\*=/', $val); // To lock event handlers onAbort(), ... From c1c2f44e384d092e9f5d1e6836223887f39e72e7 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 21 May 2021 14:16:49 +0200 Subject: [PATCH 079/149] Update file COPYRIGHT --- COPYRIGHT | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/COPYRIGHT b/COPYRIGHT index aedcb1be614..c43d77581a7 100644 --- a/COPYRIGHT +++ b/COPYRIGHT @@ -1,13 +1,24 @@ -License -------- +Copyright and license +---------------------- -Dolibarr is released under the terms of the GNU General Public License as -published by the Free Software Foundation; either version 3 of the License, -or (at your option) any later version (GPL-3+). -More information: https://www.gnu.org/licenses/gpl-3.0.txt +The Dolibarr software as a whole is distributed under the GNU General Public License as published by the Free Software Foundation; +either version 3 of the License, or (at your option) any later version (GPL-3+). More information: https://www.gnu.org/licenses/gpl-3.0.txt. +A copy of this license is available in the COPYING file. +Dolibarr depends on third-party components and code snippets released under their own license (obviously, all compatible with the one of Dolibarr). +These dependencies are listed in the bottom of this file. -Dolibarr uses some external libraries released under different licenses. This is compatibility summary: + +The Dolibarr images resources (available in the doc directory) is distributed under the Creative Commons Attribution 4.0 International license (CC BY 4.0). + + +The name Dolibarr is a trademark initially registered by Laurent Destailleur and ceased to the Dolibarr foundation. You can use the name Dolibarr +for your own need as long as you follow the rules defined on the page https://wiki.dolibarr.org/index.php/Rules_to_use_the_brand_name_%22Dolibarr%22 +The use of the name DoliStore is also restricted to the same rules defined on https://wiki.dolibarr.org/index.php/Rules_to_use_the_brand_name_%22Dolibarr%22 + + + +Licence of dependencies of third-party components used by Dolibarr (all compatible with the Licence of Dolibarr): Component Version License GPL Compatible Usage ------------------------------------------------------------------------------------- @@ -28,7 +39,7 @@ php-iban 1.4.7 LGPL-3+ Yes PHPoAuthLib 0.8.2 MIT License Yes Library to provide oauth1 and oauth2 to different service PHPPrintIPP 1.3 GPL-2+ Yes Library to send print IPP requests PSR/Logs 1.0 Library for logs (used by DebugBar) -PSR/simple-cache ? MIT License Yes Library for cache (used by PHPSpreadSheet) +PSR/simple-cache ? MIT License Yes Library for cache (used by PHPSpreadSheet) Restler 3.1.1 LGPL-3+ Yes Library to develop REST Web services (+ swagger-ui js lib into dir explorer) Sabre 3.2.2 BSD Yes DAV support Swift Mailer 5.4.2-DEV MIT License Yes Comprehensive mailing tools for PHP @@ -63,11 +74,10 @@ Font libraries: Fontawesome 5.13 Font Awesome Free Licence Yes -For licenses compatibility informations: -https://www.gnu.org/licenses/licenses.en.html +For more licenses compatibility informations: https://www.gnu.org/licenses/licenses.en.html -Copyright / Authors +Authors ------------------- See page https://github.com/Dolibarr/dolibarr/graphs/contributors From 38bd595ebdfca44db2bff4b2d315d81bd13046cb Mon Sep 17 00:00:00 2001 From: lvessiller Date: Fri, 21 May 2021 14:18:46 +0200 Subject: [PATCH 080/149] NEW translate supplier order menus and button --- htdocs/core/menus/init_menu_auguria.sql | 2 +- htdocs/core/menus/standard/eldy.lib.php | 2 +- htdocs/fourn/card.php | 4 ++-- htdocs/fourn/commande/list.php | 2 +- htdocs/langs/en_US/orders.lang | 2 ++ htdocs/langs/fr_FR/orders.lang | 2 ++ htdocs/main.inc.php | 2 +- htdocs/supplier_proposal/card.php | 2 +- 8 files changed, 11 insertions(+), 7 deletions(-) diff --git a/htdocs/core/menus/init_menu_auguria.sql b/htdocs/core/menus/init_menu_auguria.sql index d9c2cad7c9f..9eb6a43f9b0 100644 --- a/htdocs/core/menus/init_menu_auguria.sql +++ b/htdocs/core/menus/init_menu_auguria.sql @@ -167,7 +167,7 @@ insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, left insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->supplier_proposal->enabled', __HANDLER__, 'left', 1653__+MAX_llx_menu__, 'commercial', '', 1650__+MAX_llx_menu__, '/comm/propal/stats/index.php?leftmenu=supplier_proposals&mode=supplier', 'Statistics', 1, 'supplier_proposal', '$user->rights->supplier_proposal->lire', '', 2, 2, __ENTITY__); -- Commercial - Supplier's orders insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->supplier_order->enabled', __HANDLER__, 'left', 5100__+MAX_llx_menu__, 'commercial', 'orders_suppliers', 5__+MAX_llx_menu__, '/fourn/commande/index.php?mainmenu=commercial&leftmenu=orders_suppliers', 'SuppliersOrders', 0, 'orders', '($user->rights->fournisseur->commande->lire || $user->rights->supplier_order->lire)', '', 2, 6, __ENTITY__); -insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->supplier_order->enabled', __HANDLER__, 'left', 5101__+MAX_llx_menu__, 'commercial', '', 5100__+MAX_llx_menu__, '/fourn/commande/card.php?mainmenu=commercial&action=create&leftmenu=orders_suppliers', 'NewOrder', 1, 'orders', '($user->rights->fournisseur->commande->creer || $user->rights->supplier_order->creer)', '', 2, 0, __ENTITY__); +insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->supplier_order->enabled', __HANDLER__, 'left', 5101__+MAX_llx_menu__, 'commercial', '', 5100__+MAX_llx_menu__, '/fourn/commande/card.php?mainmenu=commercial&action=create&leftmenu=orders_suppliers', 'NewSupplierOrderShort', 1, 'orders', '($user->rights->fournisseur->commande->creer || $user->rights->supplier_order->creer)', '', 2, 0, __ENTITY__); insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->supplier_order->enabled', __HANDLER__, 'left', 5102__+MAX_llx_menu__, 'commercial', '', 5100__+MAX_llx_menu__, '/fourn/commande/list.php?mainmenu=commercial&leftmenu=orders_suppliers', 'List', 1, 'orders', '($user->rights->fournisseur->commande->lire || $user->rights->supplier_order->lire)', '', 2, 1, __ENTITY__); insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->supplier_order->enabled && $leftmenu=="orders_suppliers"', __HANDLER__, 'left', 5103__+MAX_llx_menu__, 'commercial', '', 5102__+MAX_llx_menu__, '/fourn/commande/list.php?mainmenu=commercial&leftmenu=orders_suppliers&statut=0', 'StatusOrderDraftShort', 1, 'orders', '($user->rights->fournisseur->commande->lire || $user->rights->supplier_order->lire)', '', 2, 2, __ENTITY__); insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->supplier_order->enabled && $leftmenu=="orders_suppliers"', __HANDLER__, 'left', 5104__+MAX_llx_menu__, 'commercial', '', 5102__+MAX_llx_menu__, '/fourn/commande/list.php?mainmenu=commercial&leftmenu=orders_suppliers&statut=1', 'StatusOrderValidated', 1, 'orders', '($user->rights->fournisseur->commande->lire || $user->rights->supplier_order->lire)', '', 2, 3, __ENTITY__); diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 74c66e899f4..2232b3333dd 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -959,7 +959,7 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM if (!empty($conf->supplier_order->enabled)) { $langs->load("orders"); $newmenu->add("/fourn/commande/index.php?leftmenu=orders_suppliers", $langs->trans("SuppliersOrders"), 0, $user->rights->fournisseur->commande->lire, '', $mainmenu, 'orders_suppliers', 400, '', '', '', img_picto('', 'supplier_order', 'class="paddingright pictofixedwidth"')); - $newmenu->add("/fourn/commande/card.php?action=create&leftmenu=orders_suppliers", $langs->trans("NewOrder"), 1, $user->rights->fournisseur->commande->creer); + $newmenu->add("/fourn/commande/card.php?action=create&leftmenu=orders_suppliers", $langs->trans("NewSupplierOrderShort"), 1, $user->rights->fournisseur->commande->creer); $newmenu->add("/fourn/commande/list.php?leftmenu=orders_suppliers", $langs->trans("List"), 1, $user->rights->fournisseur->commande->lire); if ($usemenuhider || empty($leftmenu) || $leftmenu == "orders_suppliers") { diff --git a/htdocs/fourn/card.php b/htdocs/fourn/card.php index 90934062910..e9b61e53406 100644 --- a/htdocs/fourn/card.php +++ b/htdocs/fourn/card.php @@ -842,9 +842,9 @@ if ($object->id > 0) { if ($user->rights->fournisseur->commande->creer || $user->rights->supplier_order->creer) { $langs->load("orders"); if ($object->status == 1) { - print ''.$langs->trans("AddOrder").''; + print ''.$langs->trans("AddSupplierOrderShort").''; } else { - print ''.$langs->trans("AddOrder").''; + print ''.$langs->trans("AddSupplierOrderShort").''; } } diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index fb1891051e6..aba5b8060f9 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -895,7 +895,7 @@ if ($resql) { if (!empty($socid)) { $url .= '&socid='.$socid; } - $newcardbutton = dolGetButtonTitle($langs->trans('NewOrder'), '', 'fa fa-plus-circle', $url, '', ($user->rights->fournisseur->commande->creer || $user->rights->supplier_order->creer)); + $newcardbutton = dolGetButtonTitle($langs->trans('NewSupplierOrderShort'), '', 'fa fa-plus-circle', $url, '', ($user->rights->fournisseur->commande->creer || $user->rights->supplier_order->creer)); // Lines of title fields print '
    '; diff --git a/htdocs/langs/en_US/orders.lang b/htdocs/langs/en_US/orders.lang index 87d196eb22f..5dab5b99bf1 100644 --- a/htdocs/langs/en_US/orders.lang +++ b/htdocs/langs/en_US/orders.lang @@ -11,6 +11,7 @@ OrderDate=Order date OrderDateShort=Order date OrderToProcess=Order to process NewOrder=New order +NewSupplierOrderShort=New order NewOrderSupplier=New Purchase Order ToOrder=Make order MakeOrder=Make order @@ -73,6 +74,7 @@ DeleteOrder=Delete order CancelOrder=Cancel order OrderReopened= Order %s re-open AddOrder=Create order +AddSupplierOrderShort=Create order AddPurchaseOrder=Create purchase order AddToDraftOrders=Add to draft order ShowOrder=Show order diff --git a/htdocs/langs/fr_FR/orders.lang b/htdocs/langs/fr_FR/orders.lang index 0732013a49b..9bbc7154567 100644 --- a/htdocs/langs/fr_FR/orders.lang +++ b/htdocs/langs/fr_FR/orders.lang @@ -11,6 +11,7 @@ OrderDate=Date de commande OrderDateShort=Date de commande OrderToProcess=Commande à traiter NewOrder=Nouvelle commande +NewSupplierOrderShort=Nouvelle commande NewOrderSupplier=Nouvelle Commande d'Achat ToOrder=Passer commande MakeOrder=Passer commande @@ -73,6 +74,7 @@ DeleteOrder=Supprimer la commande CancelOrder=Annuler la commande OrderReopened= Commande %s réouverte AddOrder=Créer commande +AddSupplierOrderShort=Créer commande AddPurchaseOrder=Créer commande d'achat AddToDraftOrders=Ajouter à commande brouillon ShowOrder=Afficher commande diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 7b40647ebcb..8d97a56b2f3 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -2317,7 +2317,7 @@ function top_menu_quickadd() $dropDownQuickAddHtml .= '
    - + '. img_picto('', 'object_order') .'
    '. $langs->trans("SupplierOrder") .'
    '; diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index cad41f905ef..633f0785fe1 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -1862,7 +1862,7 @@ if ($action == 'create') { // Create an order if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD)) || !empty($conf->supplier_order->enabled)) && $object->statut == SupplierProposal::STATUS_SIGNED) { if ($usercancreateorder) { - print '
    '.$langs->trans("AddOrder").'
    '; + print '
    '.$langs->trans("AddSupplierOrderShort").'
    '; } } From 609d405685cffd0188bea6ffe5f6fec520f0bd29 Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Fri, 21 May 2021 15:38:03 +0200 Subject: [PATCH 081/149] fix: formconfim if type radio must be :checked to get correct value --- htdocs/core/class/html.form.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 945897856f2..82c00e4e4f7 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -4433,7 +4433,7 @@ class Form var more = ""; var inputvalue; if ($("input[name=\'" + inputname + "\']").attr("type") == "radio") { - inputvalue = $("input[name=\'" + inputname + "\']").val(); + inputvalue = $("input[name=\'" + inputname + "\']:checked").val(); } else { if ($("#" + inputname).attr("type") == "checkbox") { more = ":checked"; } inputvalue = $("#" + inputname + more).val(); From 11fa523070a805a1608ebcf0031cce66beaa34c4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 21 May 2021 15:54:11 +0200 Subject: [PATCH 082/149] FIX CWE-269 --- htdocs/core/lib/security.lib.php | 5 ++++- htdocs/margin/tabs/productMargins.php | 10 ++++++---- htdocs/margin/tabs/thirdpartyMargins.php | 8 ++++++-- htdocs/product/agenda.php | 16 +++++++++++++++- htdocs/product/card.php | 12 +++++++++++- htdocs/product/composition/card.php | 14 +++++++++++++- htdocs/product/document.php | 12 +++++++++++- htdocs/product/fournisseurs.php | 19 +++++++++---------- htdocs/product/note.php | 11 ++++++++++- htdocs/product/popuprop.php | 4 +--- htdocs/product/price.php | 11 ++++++++++- htdocs/product/stats/bom.php | 3 ++- htdocs/product/stats/card.php | 3 ++- htdocs/product/stats/commande.php | 6 +++--- htdocs/product/stats/commande_fournisseur.php | 3 ++- htdocs/product/stats/contrat.php | 5 ++--- htdocs/product/stats/facture.php | 2 +- htdocs/product/stats/facture_fournisseur.php | 6 +++--- htdocs/product/stats/mo.php | 5 ++--- htdocs/product/stats/propal.php | 5 +++-- htdocs/product/stats/supplier_proposal.php | 6 +++--- htdocs/product/stock/product.php | 13 +++++++++++-- htdocs/product/traduction.php | 17 ++++++++++++++++- htdocs/variants/combinations.php | 16 +++++++++++----- 24 files changed, 157 insertions(+), 55 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index de4d67b1647..06baefed88e 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -173,10 +173,13 @@ function dol_verifyHash($chain, $hash, $type = '0') * This method check permission on module then call checkUserAccessToObject() for permission on object (according to entity and socid of user). * * @param User $user User to check - * @param string $features Features to check (it must be module $object->element. Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...) + * @param string $features Features to check (it must be module $object->element. Can be a 'or' check with 'levela|levelb'. + * Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...) + * This is used to check permission $user->rights->features->... * @param int $objectid Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional). * @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany module. Param not used if objectid is null (optional). * @param string $feature2 Feature to check, second level of permission (optional). Can be a 'or' check with 'sublevela|sublevelb'. + * This is used to check permission $user->rights->features->feature2... * @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional) * @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional) * @param int $isdraft 1=The object with id=$objectid is a draft diff --git a/htdocs/margin/tabs/productMargins.php b/htdocs/margin/tabs/productMargins.php index 4c34e04c54c..6f2337d1baf 100644 --- a/htdocs/margin/tabs/productMargins.php +++ b/htdocs/margin/tabs/productMargins.php @@ -39,10 +39,6 @@ $fieldtype = (!empty($ref) ? 'ref' : 'rowid'); if (!empty($user->socid)) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); -if (empty($user->rights->margins->liretous)) { - accessforbidden(); -} $object = new Product($db); @@ -63,6 +59,12 @@ if (!$sortfield) { $sortfield = "f.datef"; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + +if (empty($user->rights->margins->liretous)) { + accessforbidden(); +} + /* * View diff --git a/htdocs/margin/tabs/thirdpartyMargins.php b/htdocs/margin/tabs/thirdpartyMargins.php index b1c569c0912..505ff9f9f31 100644 --- a/htdocs/margin/tabs/thirdpartyMargins.php +++ b/htdocs/margin/tabs/thirdpartyMargins.php @@ -33,8 +33,6 @@ $socid = GETPOST('socid', 'int'); if (!empty($user->socid)) { $socid = $user->socid; } -$result = restrictedArea($user, 'societe', '', ''); - $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); @@ -61,6 +59,12 @@ if ($socid > 0) { // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('thirdpartymargins', 'globalcard')); +$result = restrictedArea($user, 'societe', $object->id, ''); + +if (empty($user->rights->margins->liretous)) { + accessforbidden(); +} + /* * Actions diff --git a/htdocs/product/agenda.php b/htdocs/product/agenda.php index ea32e47c8a5..815014e259f 100644 --- a/htdocs/product/agenda.php +++ b/htdocs/product/agenda.php @@ -73,7 +73,21 @@ if (!$sortorder) { // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('agendathirdparty')); -$result = restrictedArea($user, 'produit|service', $id, 'product&product'); +$object = new Product($db); +if ($id > 0 || !empty($ref)) { + $object->fetch($id, $ref); +} + +if ($object->id > 0) { + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } +} else { + restrictedArea($user, 'produit|service', 0, 'product&product', '', ''); +} /* diff --git a/htdocs/product/card.php b/htdocs/product/card.php index c92f847a1e9..61568a5510a 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -152,7 +152,17 @@ if (!empty($canvas)) { // Security check $fieldvalue = (!empty($id) ? $id : (!empty($ref) ? $ref : '')); $fieldtype = (!empty($id) ? 'rowid' : 'ref'); -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + +if ($object->id > 0) { + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } +} else { + restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +} // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productcard', 'globalcard')); diff --git a/htdocs/product/composition/card.php b/htdocs/product/composition/card.php index 442232686d3..c9499bf415b 100644 --- a/htdocs/product/composition/card.php +++ b/htdocs/product/composition/card.php @@ -50,7 +50,6 @@ if (!empty($user->socid)) { } $fieldvalue = (!empty($id) ? $id : (!empty($ref) ? $ref : '')); $fieldtype = (!empty($ref) ? 'ref' : 'rowid'); -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); $object = new Product($db); $objectid = 0; @@ -60,6 +59,19 @@ if ($id > 0 || !empty($ref)) { $id = $object->id; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + +if ($object->id > 0) { + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } +} else { + restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +} + /* * Actions diff --git a/htdocs/product/document.php b/htdocs/product/document.php index 372e3c19bdc..0b15ad7a85c 100644 --- a/htdocs/product/document.php +++ b/htdocs/product/document.php @@ -95,9 +95,19 @@ if ($id > 0 || !empty($ref)) { } $modulepart = 'produit'; + $permissiontoadd = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->creer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->creer)); -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +if ($object->id > 0) { + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } +} else { + restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +} /* diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 0d5ea9647f5..8b2a792b872 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -103,17 +103,16 @@ if ($id > 0 || $ref) { $object->fetch($id, $ref); } -$sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); - -if (!$sortfield) { - $sortfield = "s.nom"; +if ($object->id > 0) { + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } +} else { + restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); } -if (!$sortorder) { - $sortorder = "ASC"; -} - -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); /* diff --git a/htdocs/product/note.php b/htdocs/product/note.php index add915181a2..fad4df3500b 100644 --- a/htdocs/product/note.php +++ b/htdocs/product/note.php @@ -51,7 +51,16 @@ if ($id > 0 || !empty($ref)) { $permissionnote = $user->rights->produit->creer; // Used by the include of actions_setnotes.inc.php -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +if ($object->id > 0) { + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } +} else { + restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +} /* diff --git a/htdocs/product/popuprop.php b/htdocs/product/popuprop.php index f23b6eae92d..5aa54b0963c 100644 --- a/htdocs/product/popuprop.php +++ b/htdocs/product/popuprop.php @@ -60,9 +60,7 @@ $offset = $limit * $page; $pageprev = $page - 1; $pagenext = $page + 1; -$staticproduct = new Product($db); - -$result = restrictedArea($user, 'produit|service', 0, 'product&product'); +restrictedArea($user, 'produit|service', 0, 'product&product', '', ''); /* diff --git a/htdocs/product/price.php b/htdocs/product/price.php index 9548643166a..295a999a778 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -82,7 +82,16 @@ if ((!empty($conf->global->PRODUIT_MULTIPRICES) || !empty($conf->global->PRODUIT // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productpricecard', 'globalcard')); -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +if ($object->id > 0) { + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } +} else { + restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +} /* diff --git a/htdocs/product/stats/bom.php b/htdocs/product/stats/bom.php index 053d9d6b1a8..505bc8ed060 100644 --- a/htdocs/product/stats/bom.php +++ b/htdocs/product/stats/bom.php @@ -41,7 +41,6 @@ $fieldtype = (!empty($ref) ? 'ref' : 'rowid'); if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productstatscontract')); @@ -67,6 +66,8 @@ if (!$sortfield) { $sortfield = "b.date_valid"; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + /* * View diff --git a/htdocs/product/stats/card.php b/htdocs/product/stats/card.php index 2dae292884e..d791100ae4a 100644 --- a/htdocs/product/stats/card.php +++ b/htdocs/product/stats/card.php @@ -58,7 +58,6 @@ if (!empty($user->socid)) { // Security check $fieldvalue = (!empty($id) ? $id : $ref); $fieldtype = (!empty($ref) ? 'ref' : 'rowid'); -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); $tmp = dol_getdate(dol_now()); $currentyear = $tmp['year']; @@ -66,6 +65,8 @@ if (empty($search_year)) { $search_year = $currentyear; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + /* * Actions diff --git a/htdocs/product/stats/commande.php b/htdocs/product/stats/commande.php index fe8016f362a..9ba4dee7081 100644 --- a/htdocs/product/stats/commande.php +++ b/htdocs/product/stats/commande.php @@ -43,13 +43,10 @@ $socid = ''; if (!empty($user->socid)) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productstatsorder')); -$mesg = ''; - // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); @@ -75,6 +72,9 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter', $search_year = ''; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + + /* * View */ diff --git a/htdocs/product/stats/commande_fournisseur.php b/htdocs/product/stats/commande_fournisseur.php index bc8346e39b1..6037f608b58 100644 --- a/htdocs/product/stats/commande_fournisseur.php +++ b/htdocs/product/stats/commande_fournisseur.php @@ -42,7 +42,6 @@ $socid = ''; if (!empty($user->socid)) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productstatssupplyorder')); @@ -74,6 +73,8 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter', $search_year = ''; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + /* * View diff --git a/htdocs/product/stats/contrat.php b/htdocs/product/stats/contrat.php index e419593208c..f91e74edf50 100644 --- a/htdocs/product/stats/contrat.php +++ b/htdocs/product/stats/contrat.php @@ -40,13 +40,10 @@ $fieldtype = (!empty($ref) ? 'ref' : 'rowid'); if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productstatscontract')); -$mesg = ''; - // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); @@ -65,6 +62,8 @@ if (!$sortfield) { $sortfield = "c.date_contrat"; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + /* * View diff --git a/htdocs/product/stats/facture.php b/htdocs/product/stats/facture.php index fa7d4fae24f..0681aa9b5ca 100644 --- a/htdocs/product/stats/facture.php +++ b/htdocs/product/stats/facture.php @@ -44,7 +44,6 @@ $socid = ''; if (!empty($user->socid)) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productstatsinvoice')); @@ -77,6 +76,7 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter', $search_year = ''; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); /* diff --git a/htdocs/product/stats/facture_fournisseur.php b/htdocs/product/stats/facture_fournisseur.php index 018f1c28f02..69ef83ae5a7 100644 --- a/htdocs/product/stats/facture_fournisseur.php +++ b/htdocs/product/stats/facture_fournisseur.php @@ -44,13 +44,10 @@ $socid = ''; if (!empty($user->socid)) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productstatssupplyinvoice')); -$mesg = ''; - // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); @@ -76,6 +73,9 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter', $search_year = ''; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + + /* * View */ diff --git a/htdocs/product/stats/mo.php b/htdocs/product/stats/mo.php index 1cabfd9ef85..fefb89592e7 100644 --- a/htdocs/product/stats/mo.php +++ b/htdocs/product/stats/mo.php @@ -40,13 +40,10 @@ $fieldtype = (!empty($ref) ? 'ref' : 'rowid'); if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productstatscontract')); -$mesg = ''; - // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); @@ -65,6 +62,8 @@ if (!$sortfield) { $sortfield = "c.date_valid"; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + /* * View diff --git a/htdocs/product/stats/propal.php b/htdocs/product/stats/propal.php index 7dfc8b6d1db..96303ac598d 100644 --- a/htdocs/product/stats/propal.php +++ b/htdocs/product/stats/propal.php @@ -48,8 +48,6 @@ $result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productstatspropal')); -$mesg = ''; - // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); @@ -76,6 +74,9 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter', $search_year = ''; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + + /* * View */ diff --git a/htdocs/product/stats/supplier_proposal.php b/htdocs/product/stats/supplier_proposal.php index 86689786b2d..1b236ed3999 100644 --- a/htdocs/product/stats/supplier_proposal.php +++ b/htdocs/product/stats/supplier_proposal.php @@ -43,13 +43,10 @@ $socid = ''; if (!empty($user->socid)) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('productstatspropal')); -$mesg = ''; - // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); @@ -76,6 +73,9 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter', $search_year = ''; } +$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + + /* * View */ diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php index b97e9b6c2d2..883fff49123 100644 --- a/htdocs/product/stock/product.php +++ b/htdocs/product/stock/product.php @@ -81,8 +81,6 @@ if (!empty($batchnumber)) { if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit&stock', $id, 'product&product', '', '', $fieldid); - $object = new Product($db); $extrafields = new ExtraFields($db); @@ -114,6 +112,17 @@ $hookmanager->initHooks(array('stockproductcard', 'globalcard')); $error = 0; +if ($object->id > 0) { + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } +} else { + restrictedArea($user, 'produit|service', $id, 'product&product', '', '', $fieldid); +} + /* * Actions diff --git a/htdocs/product/traduction.php b/htdocs/product/traduction.php index 45b45136410..b2c3b0d0b2f 100644 --- a/htdocs/product/traduction.php +++ b/htdocs/product/traduction.php @@ -45,7 +45,22 @@ $fieldtype = (!empty($ref) ? 'ref' : 'rowid'); if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + +if ($id > 0 || !empty($ref)) { + $object = new Product($db); + $object->fetch($id, $ref); +} + +if ($object->id > 0) { + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } +} else { + restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +} /* diff --git a/htdocs/variants/combinations.php b/htdocs/variants/combinations.php index ded3a1bb8b9..a7ad432b3ba 100644 --- a/htdocs/variants/combinations.php +++ b/htdocs/variants/combinations.php @@ -51,7 +51,6 @@ $delete_product = GETPOST('delete_product', 'alpha'); // Security check $fieldvalue = (!empty($id) ? $id : $ref); $fieldtype = (!empty($ref) ? 'ref' : 'rowid'); -$result = restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); $prodstatic = new Product($db); $prodattr = new ProductAttribute($db); @@ -64,8 +63,6 @@ if ($id > 0 || $ref) { $selectedvariant = $_SESSION['addvariant_'.$object->id]; -$permissiontoread = $user->rights->produit->lire || $user->rights->service->lire; - // Security check if (empty($conf->variants->enabled)) { accessforbidden('Module not enabled'); @@ -73,8 +70,17 @@ if (empty($conf->variants->enabled)) { if ($user->socid > 0) { // Protection if external user accessforbidden(); } -//$result = restrictedArea($user, 'variant'); -if (!$permissiontoread) accessforbidden(); + +if ($object->id > 0) { + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } +} else { + restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +} /* From 67cab8c1f2538ef7cc6af384dbedb374cbfb64d5 Mon Sep 17 00:00:00 2001 From: r3dge Date: Fri, 21 May 2021 16:01:04 +0200 Subject: [PATCH 083/149] bug fix : replacing orders by donations and setting required field to allow post action in rest API for url donations. See issue #17700 --- htdocs/don/class/api_donations.class.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/don/class/api_donations.class.php b/htdocs/don/class/api_donations.class.php index 18a8563fd89..5f70ee82a2e 100644 --- a/htdocs/don/class/api_donations.class.php +++ b/htdocs/don/class/api_donations.class.php @@ -33,7 +33,7 @@ class Donations extends DolibarrApi * @var array $FIELDS Mandatory fields, checked when create and update object */ static $FIELDS = array( - 'socid' + 'amount' ); /** @@ -193,7 +193,7 @@ class Donations extends DolibarrApi }*/ if ($this->don->create(DolibarrApiAccess::$user) < 0) { - throw new RestException(500, "Error creating order", array_merge(array($this->don->error), $this->don->errors)); + throw new RestException(500, "Error creating donation", array_merge(array($this->don->error), $this->don->errors)); } return $this->don->id; @@ -355,7 +355,7 @@ class Donations extends DolibarrApi private function _validate($data) { $don = array(); - foreach (Orders::$FIELDS as $field) { + foreach (Donations::$FIELDS as $field) { if (!isset($data[$field])) throw new RestException(400, $field." field missing"); $don[$field] = $data[$field]; From 4df70dc3f49e3fa3e952d35501090687e8039043 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 21 May 2021 16:22:45 +0200 Subject: [PATCH 084/149] Fix CWE-269 huntr --- htdocs/ecm/dir_add_card.php | 2 +- htdocs/ecm/dir_card.php | 14 ++++++++++---- htdocs/ecm/file_card.php | 14 +++++++++----- htdocs/ecm/file_note.php | 13 ++++++++----- htdocs/ecm/index.php | 12 ++++++------ htdocs/ecm/search.php | 6 ++++++ 6 files changed, 40 insertions(+), 21 deletions(-) diff --git a/htdocs/ecm/dir_add_card.php b/htdocs/ecm/dir_add_card.php index 4cf557acde6..1416983e3a3 100644 --- a/htdocs/ecm/dir_add_card.php +++ b/htdocs/ecm/dir_add_card.php @@ -188,7 +188,7 @@ if ($action == 'add' && $permtoadd) { exit; } } -} elseif ($action == 'confirm_deletesection' && $confirm == 'yes') { +} elseif ($action == 'confirm_deletesection' && $confirm == 'yes' && $permtoadd) { // Deleting file $result = $ecmdir->delete($user); setEventMessages($langs->trans("ECMSectionWasRemoved", $ecmdir->label), null, 'mesgs'); diff --git a/htdocs/ecm/dir_card.php b/htdocs/ecm/dir_card.php index 4c93e005266..d84a7330e69 100644 --- a/htdocs/ecm/dir_card.php +++ b/htdocs/ecm/dir_card.php @@ -88,17 +88,23 @@ if ($module == 'ecm') { } // Permissions +$permtoread = 0; $permtoadd = 0; $permtoupload = 0; if ($module == 'ecm') { + $permtoread = $user->rights->ecm->read; $permtoadd = $user->rights->ecm->setup; $permtoupload = $user->rights->ecm->upload; } if ($module == 'medias') { + $permtoread = ($user->rights->mailing->lire || $user->rights->website->read); $permtoadd = ($user->rights->mailing->creer || $user->rights->website->write); $permtoupload = ($user->rights->mailing->creer || $user->rights->website->write); } +if (!$permtoread) { + accessforbidden(); +} /* @@ -106,7 +112,7 @@ if ($module == 'medias') { */ // Upload file -if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC)) { +if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC) && $permtoupload) { if (dol_mkdir($upload_dir) >= 0) { $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir."/".dol_unescapefile($_FILES['userfile']['name']), 0, 0, $_FILES['userfile']['error']); if (is_numeric($resupload) && $resupload > 0) { @@ -131,7 +137,7 @@ if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC)) { } // Remove file -if ($action == 'confirm_deletefile' && $confirm == 'yes') { +if ($action == 'confirm_deletefile' && $confirm == 'yes' && $permtoupload) { $langs->load("other"); $file = $upload_dir."/".GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). $ret = dol_delete_file($file); @@ -145,7 +151,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes') { } // Remove dir -if ($action == 'confirm_deletedir' && $confirm == 'yes') { +if ($action == 'confirm_deletedir' && $confirm == 'yes' && $permtoupload) { $backtourl = DOL_URL_ROOT."/ecm/index.php"; if ($module == 'medias') { $backtourl = DOL_URL_ROOT."/website/index.php?file_manager=1"; @@ -181,7 +187,7 @@ if ($action == 'confirm_deletedir' && $confirm == 'yes') { } // Update dirname or description -if ($action == 'update' && !GETPOST('cancel', 'alpha')) { +if ($action == 'update' && !GETPOST('cancel', 'alpha') && $permtoadd) { $error = 0; if ($module == 'ecm') { diff --git a/htdocs/ecm/file_card.php b/htdocs/ecm/file_card.php index 93885c2843a..14bc7e377f0 100644 --- a/htdocs/ecm/file_card.php +++ b/htdocs/ecm/file_card.php @@ -36,10 +36,6 @@ $action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); -if (!$user->rights->ecm->setup) { - accessforbidden(); -} - // Get parameters $socid = GETPOST("socid", "int"); @@ -105,6 +101,14 @@ if ($result < 0) { exit; } +// Permissions +$permtoread = $user->rights->ecm->read; +$permtoadd = $user->rights->ecm->setup; +$permtoupload = $user->rights->ecm->upload; + +if (!$permtoread) { + accessforbidden(); +} /* @@ -123,7 +127,7 @@ if ($cancel) { } // Rename file -if ($action == 'update') { +if ($action == 'update' && $permtoadd) { $error = 0; $oldlabel = GETPOST('urlfile', 'alpha'); diff --git a/htdocs/ecm/file_note.php b/htdocs/ecm/file_note.php index d2f3f7b4792..505e432f982 100644 --- a/htdocs/ecm/file_note.php +++ b/htdocs/ecm/file_note.php @@ -22,7 +22,7 @@ /** * \file htdocs/ecm/file_note.php * \ingroup ecm - * \brief Fiche de notes sur une ecm file + * \brief Tab for notes on an ECM file */ require '../main.inc.php'; @@ -39,10 +39,6 @@ $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); $action = GETPOST('action', 'aZ09'); -if (!$user->rights->ecm->setup) { - accessforbidden(); -} - // Get parameters $socid = GETPOST("socid", "int"); // Security check @@ -109,6 +105,13 @@ if ($result < 0) { $permissionnote = $user->rights->ecm->setup; // Used by the include of actions_setnotes.inc.php +$permtoread = $user->rights->ecm->read; + +if (!$permtoread) { + accessforbidden(); +} + + /* * Actions */ diff --git a/htdocs/ecm/index.php b/htdocs/ecm/index.php index 26bf242b0f2..3a8d33343c7 100644 --- a/htdocs/ecm/index.php +++ b/htdocs/ecm/index.php @@ -34,12 +34,6 @@ require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php'; // Load translation files required by the page $langs->loadLangs(array("ecm", "companies", "other", "users", "orders", "propal", "bills", "contracts")); -// Security check -if ($user->socid) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'ecm', 0); - // Get parameters $socid = GETPOST('socid', 'int'); $action = GETPOST('action', 'aZ09'); @@ -81,6 +75,12 @@ $userstatic = new User($db); $error = 0; +// Security check +if ($user->socid) { + $socid = $user->socid; +} +$result = restrictedArea($user, 'ecm', 0); + /* * Actions diff --git a/htdocs/ecm/search.php b/htdocs/ecm/search.php index 979e1d3a417..aa792e0c9d7 100644 --- a/htdocs/ecm/search.php +++ b/htdocs/ecm/search.php @@ -84,6 +84,12 @@ if (!empty($section)) { } } +$permtoread = $user->rights->ecm->read; + +if (!$permtoread) { + accessforbidden(); +} + /* * Actions From a0418fc17d0c3a131096fe8f6c3767165c2f92de Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 21 May 2021 18:53:09 +0200 Subject: [PATCH 085/149] FIX CWE-269 huntr - download of files of project --- htdocs/core/class/html.formfile.class.php | 9 +++- htdocs/core/lib/files.lib.php | 17 +++++- htdocs/core/lib/security.lib.php | 52 ++++++++++++++----- htdocs/ecm/index_auto.php | 8 ++- .../class/expensereport.class.php | 22 ++++---- htdocs/projet/class/task.class.php | 3 +- 6 files changed, 78 insertions(+), 33 deletions(-) diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index 45429512046..573381b8b0c 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -1774,11 +1774,16 @@ class FormFile continue; // We do not show orphelins files } - print ''."\n"; + print ''."\n"; print '    '; print '
    '.img_picto('', 'recent').' '.$title.'
    '; + $formconfirm .= img_picto('', 'recent').' '.$title; + $formconfirm .= '
    '.$question.''; - $formconfirm .= $this->selectyesno("confirm", $newselectedchoice); + $formconfirm .= $this->selectyesno("confirm", $newselectedchoice, 0, false, 0, 0, 'marginleftonly marginrightonly'); $formconfirm .= ''; $formconfirm .= '
    '; - print img_picto('', 'company').$form->select_company('', 'socid', '(s.client = 1 OR s.client = 2 OR s.client = 3) AND status=1', 'SelectThirdParty', 0, 0, null, 0, 'minwidth300 maxwidth500'); + print img_picto('', 'company').$form->select_company('', 'socid', '(s.client = 1 OR s.client = 2 OR s.client = 3) AND status=1', 'SelectThirdParty', 0, 0, null, 0, 'minwidth300 maxwidth500 widthcentpercentminusxx'); // reload page to retrieve customer informations if (empty($conf->global->RELOAD_PAGE_ON_CUSTOMER_CHANGE_DISABLED)) { print ''; + '; + } print_barre_liste($title_page, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $button, $result, $nbtotalofrecords, 'title_accountancy', 0, '', '', $limit); + $selectedfields = ''; + $moreforfilter = ''; $moreforfilter .= '
    '; @@ -283,12 +298,18 @@ if ($action != 'export_csv') { print ' '; print $formaccounting->select_account($search_accountancy_code_end, 'search_accountancy_code_end', $langs->trans('to'), array(), 1, 1, '', 'accounts'); print '
    		'; + + // Fields from hook + $parameters = array('arrayfields'=>$arrayfields); + $reshook = $hookmanager->executeHooks('printFieldListOption', $parameters, $object); // Note that $action and $object may have been modified by hook + print $hookmanager->resPrint; + + // Action column + print ''; $searchpicto = $form->showFilterButtons(); print $searchpicto; print '
    '; if ($found > 0 && is_object($this->cache_objects[$modulepart.'_'.$id.'_'.$ref])) { - print $this->cache_objects[$modulepart.'_'.$id.'_'.$ref]->getNomUrl(1, 'document'); + $tmpobject = $this->cache_objects[$modulepart.'_'.$id.'_'.$ref]; + //if (! in_array($tmpobject->element, array('expensereport'))) { + print $tmpobject->getNomUrl(1, 'document'); + //} else { + // print $tmpobject->getNomUrl(1); + //} } else { print $langs->trans("ObjectDeleted", ($id ? $id : $ref)); } diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index ce5e7129bcf..90796f402d4 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2232,7 +2232,8 @@ function dol_most_recent_file($dir, $regexfilter = '', $excludefilter = array('( } /** - * Security check when accessing to a document (used by document.php, viewimage.php and webservices) + * Security check when accessing to a document (used by document.php, viewimage.php and webservices to get documents). + * TODO Replace code that set $accesallowed by a call to restrictedArea() * * @param string $modulepart Module of document ('module', 'module_user_temp', 'module_user' or 'module_temp') * @param string $original_file Relative path with filename, relative to modulepart. @@ -2612,12 +2613,26 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, // Wrapping pour les projets if ($fuser->rights->projet->{$lire} || preg_match('/^specimen/i', $original_file)) { $accessallowed = 1; + // If we known $id of project, call checkUserAccessToObject to check permission on properties and contact of project + if ($refname && !preg_match('/^specimen/i', $original_file)) { + include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; + $tmpproject = new Project($db); + $tmpproject->fetch('', $refname); + $accessallowed = checkUserAccessToObject($user, array('projet'), $tmpproject->id, 'projet&project', '', '', 'rowid', ''); + } } $original_file = $conf->projet->dir_output.'/'.$original_file; $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."projet WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('project').")"; } elseif ($modulepart == 'project_task' && !empty($conf->projet->dir_output)) { if ($fuser->rights->projet->{$lire} || preg_match('/^specimen/i', $original_file)) { $accessallowed = 1; + // If we known $id of project, call checkUserAccessToObject to check permission on properties and contact of project + if ($refname && !preg_match('/^specimen/i', $original_file)) { + include_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php'; + $tmptask = new Task($db); + $tmptask->fetch('', $refname); + $accessallowed = checkUserAccessToObject($user, array('projet_task'), $tmptask->id, 'projet&project', '', '', 'rowid', ''); + } } $original_file = $conf->projet->dir_output.'/'.$original_file; $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."projet WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('project').")"; diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 06baefed88e..598802ea574 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -183,10 +183,11 @@ function dol_verifyHash($chain, $hash, $type = '0') * @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional) * @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional) * @param int $isdraft 1=The object with id=$objectid is a draft - * @return int Always 1, die process if not allowed + * @param int $mode Mode (0=default, 1=return with not die) + * @return int If mode = 0 (default): Always 1, die process if not allowed. If mode = 1: Return 0 if access not allowed. * @see dol_check_secure_access_document(), checkUserAccessToObject() */ -function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $isdraft = 0) +function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $isdraft = 0, $mode = 0) { global $db, $conf; global $hookmanager; @@ -231,7 +232,11 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f if (isset($hookmanager->resArray['result'])) { if ($hookmanager->resArray['result'] == 0) { - accessforbidden(); // Module returns 0, so access forbidden + if ($mode) { + return 0; + } else { + accessforbidden(); // Module returns 0, so access forbidden + } } } if ($reshook > 0) { // No other test done. @@ -346,7 +351,11 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f } if (!$readok) { - accessforbidden(); + if ($mode) { + return 0; + } else { + accessforbidden(); + } } //print "Read access is ok"; @@ -435,7 +444,11 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f } if ($wemustcheckpermissionforcreate && !$createok) { - accessforbidden(); + if ($mode) { + return 0; + } else { + accessforbidden(); + } } //print "Write access is ok"; } @@ -448,7 +461,11 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f } if (!$createuserok) { - accessforbidden(); + if ($mode) { + return 0; + } else { + accessforbidden(); + } } //print "Create user access is ok"; } @@ -523,26 +540,34 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f } if (!$deleteok && !($isdraft && $createok)) { - accessforbidden(); + if ($mode) { + return 0; + } else { + accessforbidden(); + } } //print "Delete access is ok"; } - // If we have a particular object to check permissions on, we check this object - // is linked to a company allowed to $user. + // If we have a particular object to check permissions on, we check if $user has permission + // for this given object (link to company, is contact for project, ...) if (!empty($objectid) && $objectid > 0) { $ok = checkUserAccessToObject($user, $featuresarray, $objectid, $tableandshare, $feature2, $dbt_keyfield, $dbt_select, $parentfortableentity); $params = array('objectid' => $objectid, 'features' => join(',', $featuresarray), 'features2' => $feature2); //print 'checkUserAccessToObject ok='.$ok; - return $ok ? 1 : accessforbidden('', 1, 1, 0, $params); + if ($mode) { + return $ok ? 1 : 0; + } else { + return $ok ? 1 : accessforbidden('', 1, 1, 0, $params); + } } return 1; } /** - * Check access by user to object. - * This function is also called by restrictedArea that check before if module is enabled and permissions of user compared to $action. + * Check access by user to object is ok. + * This function is also called by restrictedArea that check before if module is enabled and if permission of user for $action is ok. * * @param User $user User to check * @param array $featuresarray Features/modules to check. Example: ('user','service','member','project','task',...) @@ -555,7 +580,7 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f * @return bool True if user has access, False otherwise * @see restrictedArea() */ -function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = '', $dbt_select = 'rowid', $parenttableforentity = '') +function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = '', $dbt_select = 'rowid', $parenttableforentity = '') { global $db, $conf; @@ -689,6 +714,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; $projectstatic = new Project($db); $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0); + $tmparray = explode(',', $tmps); if (!in_array($objectid, $tmparray)) { return false; diff --git a/htdocs/ecm/index_auto.php b/htdocs/ecm/index_auto.php index bcfff8aa2da..d54dcf14d1e 100644 --- a/htdocs/ecm/index_auto.php +++ b/htdocs/ecm/index_auto.php @@ -440,15 +440,13 @@ if (empty($action) || $action == 'file_manager' || preg_match('/refresh/i', $act continue; // If condition to show is ok } - $var = false; - print '
    '; +print ''; +print '
    '; /* * Documents models for Receptions Receipt @@ -302,6 +305,7 @@ if ($resql) { dol_print_error($db); } +print '
    '; print ''; print ''; print ''; @@ -417,6 +421,8 @@ foreach ($dirmodels as $reldir) { } print '
    '.$langs->trans("Name").'
    '; +print '
    '; + print '
    '; diff --git a/htdocs/admin/resource.php b/htdocs/admin/resource.php index b8bb566c79b..06ae59d64a3 100644 --- a/htdocs/admin/resource.php +++ b/htdocs/admin/resource.php @@ -74,6 +74,7 @@ print ''; print ''; print ''; +print '
    '; print ''; print ''; print ''."\n"; @@ -132,6 +133,7 @@ print ''; print ''; print '
    '.$langs->trans("Parameters").'
    '; +print '
    '; print ''; diff --git a/htdocs/admin/user.php b/htdocs/admin/user.php index 0dccf65e5e7..83649d46a28 100644 --- a/htdocs/admin/user.php +++ b/htdocs/admin/user.php @@ -126,6 +126,7 @@ $head = user_admin_prepare_head(); print dol_get_fiche_head($head, 'card', $langs->trans("MenuUsersAndGroups"), -1, 'user'); +print '
    '; print ''; print ''; print ''; @@ -171,6 +172,7 @@ if ($conf->use_javascript_ajax) { print ''; print '
    '.$langs->trans("Parameter").'
    '; +print '
    '; print '
    '; @@ -197,6 +199,7 @@ if ($resql) { print load_fiche_titre($langs->trans("UsersDocModules"), '', ''); +print '
    '; print ''; print ''; print ''; @@ -306,7 +309,9 @@ foreach ($dirmodels as $reldir) { } print '
    '.$langs->trans("Name").'
    '; -print "
    "; +print '
    '; + +print '
    '; print dol_get_fiche_end(); diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php index 303382f285b..ae260171a0b 100644 --- a/htdocs/core/lib/admin.lib.php +++ b/htdocs/core/lib/admin.lib.php @@ -1545,6 +1545,7 @@ function form_constantes($tableau, $strictw3c = 0, $helptext = '') print ''; } + print '
    '; print ''; print ''; print ''; @@ -1715,6 +1716,7 @@ function form_constantes($tableau, $strictw3c = 0, $helptext = '') } } print '
    '.$langs->trans("Description").'
    '; + print '
    '; if (!empty($strictw3c) && $strictw3c == 1) { print '
    '; diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index 6c705c62489..4468c36a7da 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -633,6 +633,9 @@ th .button { .quatrevingtquinzepercent { width: 95%; } +.quatrevingtpercentminusx { + width: calc(80% - 52px); +} textarea.centpercent { width: 96%; } diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index 407a38ea320..f1fb649f4af 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -780,6 +780,9 @@ th .button { textarea.centpercent { width: 96%; } +.quatrevingtpercentminusx { + width: calc(80% - 52px); +} .small, small { font-size: 85%; } diff --git a/htdocs/user/list.php b/htdocs/user/list.php index d5df7ced259..693590ff7d2 100644 --- a/htdocs/user/list.php +++ b/htdocs/user/list.php @@ -188,7 +188,7 @@ if ($mode == 'employee') { accessforbidden(); } } else { - if (!$user->rights->user->user->lire && !$user->admin) { + if (empty($user->rights->user->user->lire) && empty($user->admin)) { accessforbidden(); } } From d4310f49c4237fb7453b97473f01a59147bfa310 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 24 May 2021 19:46:19 +0200 Subject: [PATCH 092/149] FIX CWE-79 - huntr - Fix option MAIN_ALLOW_SVG_FILES_AS_IMAGES --- htdocs/admin/system/security.php | 20 ++++--- htdocs/core/class/html.form.class.php | 80 +++++++++++++++------------ 2 files changed, 57 insertions(+), 43 deletions(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index a4060634ff9..7f258f8f30e 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -217,7 +217,7 @@ print '
    '; print '$dolibarr_nocsrfcheck: '.$dolibarr_nocsrfcheck; if (!empty($dolibarr_nocsrfcheck)) { - print img_picto('', 'warning').'   '.$langs->trans("IfYouAreOnAProductionSetThis", 0); + print '   '.img_picto('', 'warning').' '.$langs->trans("IfYouAreOnAProductionSetThis", 0); } print '
    '; @@ -234,16 +234,18 @@ print '
    '; print '
    '; print '
    '; print '
    '; -print load_fiche_titre($langs->trans("Menu").' '.$langs->trans("SecuritySetup"), '', 'folder'); +print load_fiche_titre($langs->trans("Menu").' '.$langs->trans("SecuritySetup").' + '.$langs->trans("OtherSetup"), '', 'folder'); //print ''.$langs->trans("PasswordEncryption").': '; print 'MAIN_SECURITY_HASH_ALGO = '.(empty($conf->global->MAIN_SECURITY_HASH_ALGO) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_HASH_ALGO)."   "; if (empty($conf->global->MAIN_SECURITY_HASH_ALGO)) { print '     If unset: \'md5\''; } -print '
    '; if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') { - print 'MAIN_SECURITY_SALT = '.(empty($conf->global->MAIN_SECURITY_SALT) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_SALT).'
    '; + print '
    MAIN_SECURITY_SALT = '.(empty($conf->global->MAIN_SECURITY_SALT) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_SALT).'
    '; +} else { + print '('.$langs->trans("Recommanded").': password_hash)'; + print '
    '; } if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') { print '
    The recommanded value for MAIN_SECURITY_HASH_ALGO is now \'password_hash\' but setting it now will make ALL existing passwords of all users not valid, so update is not possible.
    '; @@ -259,18 +261,20 @@ print '
    '; print 'MAIN_SECURITY_ANTI_SSRF_SERVER_IP = '.(empty($conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP)."
    "; print '
    '; +print 'MAIN_ALLOW_SVG_FILES_AS_IMAGES = '.(empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES) ? '0   ('.$langs->trans("Recommanded").': 0)' : $conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES)."
    "; +print '
    '; print 'MAIN_EXEC_USE_POPEN = '; if (empty($conf->global->MAIN_EXEC_USE_POPEN)) { - print ''.$langs->trans("Undefined").'   '; + print ''.$langs->trans("Undefined").''; } else { - print $conf->global->MAIN_EXEC_USE_POPEN.'   '; + print $conf->global->MAIN_EXEC_USE_POPEN; } if ($execmethod == 1) { - print ' --> "exec" PHP method will be used for shell commands.'; + print '   ("exec" PHP method will be used for shell commands)'; } if ($execmethod == 2) { - print ' --> "popen" PHP method will be used for shell commands.'; + print '   ("popen" PHP method will be used for shell commands)'; } print "
    "; print '
    '; diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 57bbbe3a029..ea9692f2864 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -8193,41 +8193,47 @@ class Form if ($modulepart == 'societe') { $dir = $conf->societe->multidir_output[$entity]; if (!empty($object->logo)) { - if ((string) $imagesize == 'mini') { - $file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.getImageFileNameForSize($object->logo, '_mini'); // getImageFileNameForSize include the thumbs - } elseif ((string) $imagesize == 'small') { - $file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.getImageFileNameForSize($object->logo, '_small'); - } else { - $file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.$object->logo; + if (dolIsAllowedForPreview($object->logo)) { + if ((string) $imagesize == 'mini') { + $file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.getImageFileNameForSize($object->logo, '_mini'); // getImageFileNameForSize include the thumbs + } elseif ((string) $imagesize == 'small') { + $file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.getImageFileNameForSize($object->logo, '_small'); + } else { + $file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.$object->logo; + } + $originalfile = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.$object->logo; } - $originalfile = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.$object->logo; } $email = $object->email; } elseif ($modulepart == 'contact') { $dir = $conf->societe->multidir_output[$entity].'/contact'; if (!empty($object->photo)) { - if ((string) $imagesize == 'mini') { - $file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.getImageFileNameForSize($object->photo, '_mini'); - } elseif ((string) $imagesize == 'small') { - $file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.getImageFileNameForSize($object->photo, '_small'); - } else { - $file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.$object->photo; + if (dolIsAllowedForPreview($object->logo)) { + if ((string) $imagesize == 'mini') { + $file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.getImageFileNameForSize($object->photo, '_mini'); + } elseif ((string) $imagesize == 'small') { + $file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.getImageFileNameForSize($object->photo, '_small'); + } else { + $file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.$object->photo; + } + $originalfile = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.$object->photo; } - $originalfile = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.$object->photo; } $email = $object->email; $capture = 'user'; } elseif ($modulepart == 'userphoto') { $dir = $conf->user->dir_output; if (!empty($object->photo)) { - if ((string) $imagesize == 'mini') { - $file = get_exdir(0, 0, 0, 0, $object, 'user').getImageFileNameForSize($object->photo, '_mini'); - } elseif ((string) $imagesize == 'small') { - $file = get_exdir(0, 0, 0, 0, $object, 'user').getImageFileNameForSize($object->photo, '_small'); - } else { - $file = get_exdir(0, 0, 0, 0, $object, 'user').$object->photo; + if (dolIsAllowedForPreview($object->logo)) { + if ((string) $imagesize == 'mini') { + $file = get_exdir(0, 0, 0, 0, $object, 'user').getImageFileNameForSize($object->photo, '_mini'); + } elseif ((string) $imagesize == 'small') { + $file = get_exdir(0, 0, 0, 0, $object, 'user').getImageFileNameForSize($object->photo, '_small'); + } else { + $file = get_exdir(0, 0, 0, 0, $object, 'user').$object->photo; + } + $originalfile = get_exdir(0, 0, 0, 0, $object, 'user').$object->photo; } - $originalfile = get_exdir(0, 0, 0, 0, $object, 'user').$object->photo; } if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) { $altfile = $object->id.".jpg"; // For backward compatibility @@ -8237,14 +8243,16 @@ class Form } elseif ($modulepart == 'memberphoto') { $dir = $conf->adherent->dir_output; if (!empty($object->photo)) { - if ((string) $imagesize == 'mini') { - $file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.getImageFileNameForSize($object->photo, '_mini'); - } elseif ((string) $imagesize == 'small') { - $file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.getImageFileNameForSize($object->photo, '_small'); - } else { - $file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.$object->photo; + if (dolIsAllowedForPreview($object->logo)) { + if ((string) $imagesize == 'mini') { + $file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.getImageFileNameForSize($object->photo, '_mini'); + } elseif ((string) $imagesize == 'small') { + $file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.getImageFileNameForSize($object->photo, '_small'); + } else { + $file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.$object->photo; + } + $originalfile = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.$object->photo; } - $originalfile = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.$object->photo; } if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) { $altfile = $object->id.".jpg"; // For backward compatibility @@ -8255,14 +8263,16 @@ class Form // Generic case to show photos $dir = $conf->$modulepart->dir_output; if (!empty($object->photo)) { - if ((string) $imagesize == 'mini') { - $file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.getImageFileNameForSize($object->photo, '_mini'); - } elseif ((string) $imagesize == 'small') { - $file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.getImageFileNameForSize($object->photo, '_small'); - } else { - $file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.$object->photo; + if (dolIsAllowedForPreview($object->logo)) { + if ((string) $imagesize == 'mini') { + $file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.getImageFileNameForSize($object->photo, '_mini'); + } elseif ((string) $imagesize == 'small') { + $file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.getImageFileNameForSize($object->photo, '_small'); + } else { + $file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.$object->photo; + } + $originalfile = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.$object->photo; } - $originalfile = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.$object->photo; } if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) { $altfile = $object->id.".jpg"; // For backward compatibility From 31af74f852f4db4fcc3e6cf46ebb346ea3e2979a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 24 May 2021 20:04:23 +0200 Subject: [PATCH 093/149] FIX CWE-269 - huntr - Can download files of an agenda event --- htdocs/core/lib/files.lib.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 90796f402d4..7e34eec5ecd 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2447,6 +2447,16 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, // Wrapping for events if ($fuser->rights->agenda->myactions->{$read}) { $accessallowed = 1; + // If we known $id of project, call checkUserAccessToObject to check permission on the given agenda event on properties and assigned users + if ($refname && !preg_match('/^specimen/i', $original_file)) { + include_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; + $tmpobject = new ActionComm($db); + $tmpobject->fetch((int) $refname); + $accessallowed = checkUserAccessToObject($user, array('agenda'), $tmpobject->id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id', ''); + if ($user->socid && $tmpobject->socid) { + $accessallowed = checkUserAccessToObject($user, array('societe'), $tmpobject->socid); + } + } } $original_file = $conf->agenda->dir_output.'/'.$original_file; } elseif ($modulepart == 'category' && !empty($conf->categorie->multidir_output[$entity])) { From bb64a25638cdba35bba39b8cf44677529ca403b1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 24 May 2021 22:11:24 +0200 Subject: [PATCH 094/149] Fix CWE-269 - huntr - Fix set of email without edit user permission --- htdocs/core/class/ldap.class.php | 2 +- htdocs/user/bank.php | 82 +++++++++++++++++--------------- htdocs/user/card.php | 4 +- 3 files changed, 47 insertions(+), 41 deletions(-) diff --git a/htdocs/core/class/ldap.class.php b/htdocs/core/class/ldap.class.php index 0f97ed878cf..a578f08f3c1 100644 --- a/htdocs/core/class/ldap.class.php +++ b/htdocs/core/class/ldap.class.php @@ -932,7 +932,7 @@ class Ldap * Returns an array containing a details or list of LDAP record(s) * ldapsearch -LLLx -hlocalhost -Dcn=admin,dc=parinux,dc=org -w password -b "ou=adherents,ou=people,dc=parinux,dc=org" userPassword * - * @param string $search Value of fiel to search, '*' for all. Not used if $activefilter is set. + * @param string $search Value of field to search, '*' for all. Not used if $activefilter is set. * @param string $userDn DN (Ex: ou=adherents,ou=people,dc=parinux,dc=org) * @param string $useridentifier Name of key field (Ex: uid) * @param array $attributeArray Array of fields required. Note this array must also contains field $useridentifier (Ex: sn,userPassword) diff --git a/htdocs/user/bank.php b/htdocs/user/bank.php index 356e23a5de0..0b179653487 100644 --- a/htdocs/user/bank.php +++ b/htdocs/user/bank.php @@ -59,6 +59,29 @@ if ($user->socid > 0) { $socid = $user->socid; } $feature2 = (($socid && $user->rights->user->self->creer) ? '' : 'user'); + +$object = new User($db); +if ($id > 0 || !empty($ref)) { + $result = $object->fetch($id, $ref, '', 1); + $object->getrights(); +} + +$account = new UserBankAccount($db); +if (!$bankid) { + $account->fetch(0, '', $id); +} else { + $account->fetch($bankid); +} +if (empty($account->userid)) { + $account->userid = $object->id; +} + + +// Define value to know what current user can do on users +$canadduser = (!empty($user->admin) || $user->rights->user->user->creer); +$canreaduser = (!empty($user->admin) || $user->rights->user->user->lire); +$permissiontoaddbankaccount = (!empty($user->rights->salaries->write) || !empty($user->rights->hrm->employee->write) || !empty($user->rights->user->creer)); + // Ok if user->rights->salaries->read or user->rights->hrm->read //$result = restrictedArea($user, 'salaries|hrm', $id, 'user&user', $feature2); $ok = false; @@ -78,30 +101,12 @@ if (!$ok) { accessforbidden(); } -$object = new User($db); -if ($id > 0 || !empty($ref)) { - $result = $object->fetch($id, $ref, '', 1); - $object->getrights(); -} - -$account = new UserBankAccount($db); -if (!$bankid) { - $account->fetch(0, '', $id); -} else { - $account->fetch($bankid); -} -if (empty($account->userid)) { - $account->userid = $object->id; -} - -$permissiontoaddbankaccount = (!empty($user->rights->salaries->write) || !empty($user->rights->hrm->employee->write) || !empty($user->rights->user->creer)); - /* * Actions */ -if ($action == 'add' && !$cancel) { +if ($action == 'add' && !$cancel && $permissiontoaddbankaccount) { $account->userid = $object->id; $account->bank = GETPOST('bank', 'alpha'); @@ -128,7 +133,7 @@ if ($action == 'add' && !$cancel) { } } -if ($action == 'update' && !$cancel) { +if ($action == 'update' && !$cancel && $permissiontoaddbankaccount) { $account->userid = $object->id; /* @@ -199,7 +204,7 @@ if ($action == 'update' && !$cancel) { } // update personal email -if ($action == 'setpersonal_email') { +if ($action == 'setpersonal_email' && $canadduser) { $object->personal_email = (string) GETPOST('personal_email', 'alphanohtml'); $result = $object->update($user); if ($result < 0) { @@ -208,7 +213,7 @@ if ($action == 'setpersonal_email') { } // update personal mobile -if ($action == 'setpersonal_mobile') { +if ($action == 'setpersonal_mobile' && $canadduser) { $object->personal_mobile = (string) GETPOST('personal_mobile', 'alphanohtml'); $result = $object->update($user); if ($result < 0) { @@ -216,25 +221,26 @@ if ($action == 'setpersonal_mobile') { } } -// update default_c_exp_tax_cat -if ($action == 'setdefault_c_exp_tax_cat') { - $object->default_c_exp_tax_cat = GETPOST('default_c_exp_tax_cat', 'int'); - $result = $object->update($user); - if ($result < 0) { - setEventMessages($object->error, $object->errors, 'errors'); +if (!empty($conf->global->MAIN_USE_EXPENSE_IK)) { + // update default_c_exp_tax_cat + if ($action == 'setdefault_c_exp_tax_cat' && $canadduser) { + $object->default_c_exp_tax_cat = GETPOST('default_c_exp_tax_cat', 'int'); + $result = $object->update($user); + if ($result < 0) { + setEventMessages($object->error, $object->errors, 'errors'); + } + } + + // update default range + if ($action == 'setdefault_range' && $canadduser) { + $object->default_range = GETPOST('default_range', 'int'); + $result = $object->update($user); + if ($result < 0) { + setEventMessages($object->error, $object->errors, 'errors'); + } } } -// update default range -if ($action == 'setdefault_range') { - $object->default_range = GETPOST('default_range', 'int'); - $result = $object->update($user); - if ($result < 0) { - setEventMessages($object->error, $object->errors, 'errors'); - } -} - - /* * View diff --git a/htdocs/user/card.php b/htdocs/user/card.php index cb4e7350e0e..0dd7506a784 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -615,8 +615,8 @@ if (empty($reshook)) { } // Action initialisation donnees depuis record LDAP - if ($action == 'adduserldap') { - $selecteduser = $_POST['users']; + if ($action == 'adduserldap' && $canadduser) { + $selecteduser = GETPOST('users'); $required_fields = array( $conf->global->LDAP_KEY_USERS, From dd48c3ee9d334bbd83e8cf430ce3343d93fac591 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 25 May 2021 00:07:38 +0200 Subject: [PATCH 095/149] Remove deprecated __REFCLIENT__ (Replaced with __REF_CLIENT__) --- ChangeLog | 2 +- htdocs/core/lib/functions.lib.php | 4 ---- htdocs/core/tpl/card_presend.tpl.php | 2 +- htdocs/core/tpl/massactions_pre.tpl.php | 2 +- 4 files changed, 3 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index ec201fa378e..50a0ff10131 100644 --- a/ChangeLog +++ b/ChangeLog @@ -169,7 +169,7 @@ Following changes may create regressions for some external modules, but were nec * If your database is PostgreSql, you must use version 9.1.0 or more (Dolibarr need the SQL function CONCAT) * If your database is MySql or MariaDB, you need at least version 5.1 * Function set_price_level() has been renamed into setPriceLevel() to follow camelcase rules - +* Remove deprecated subtituion key __REFCLIENT__ (Replaced with __REF_CLIENT__) ***** ChangeLog for 13.0.3 compared to 13.0.2 ***** diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 48237bbc826..eab810692c6 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -6877,10 +6877,6 @@ function getCommonSubstitutionArray($outputlangs, $onlykey = 0, $exclude = null, $substitutionarray['__DATE_DELIVERY_SS__'] = (isset($object->date_livraison) ? dol_print_date($object->date_livraison, "%S") : ''); // For backward compatibility - $substitutionarray['__REFCLIENT__'] = (isset($object->ref_client) ? $object->ref_client : (isset($object->ref_customer) ? $object->ref_customer : null)); - $substitutionarray['__REFSUPPLIER__'] = (isset($object->ref_supplier) ? $object->ref_supplier : null); - $substitutionarray['__REFCLIENT__'] = (isset($object->ref_client) ? $object->ref_client : (isset($object->ref_customer) ? $object->ref_customer : null)); - $substitutionarray['__REFSUPPLIER__'] = (isset($object->ref_supplier) ? $object->ref_supplier : null); $substitutionarray['__SUPPLIER_ORDER_DATE_DELIVERY__'] = (isset($object->date_livraison) ? dol_print_date($object->date_livraison, 'day', 0, $outputlangs) : ''); $substitutionarray['__SUPPLIER_ORDER_DELAY_DELIVERY__'] = (isset($object->availability_code) ? ($outputlangs->transnoentities("AvailabilityType".$object->availability_code) != ('AvailabilityType'.$object->availability_code) ? $outputlangs->transnoentities("AvailabilityType".$object->availability_code) : $outputlangs->convToOutputCharset(isset($object->availability) ? $object->availability : '')) : ''); diff --git a/htdocs/core/tpl/card_presend.tpl.php b/htdocs/core/tpl/card_presend.tpl.php index 9c1387d7d58..731cc580ea1 100644 --- a/htdocs/core/tpl/card_presend.tpl.php +++ b/htdocs/core/tpl/card_presend.tpl.php @@ -76,7 +76,7 @@ if ($action == 'presend') { if (empty($object->ref_client)) { $topicmail = $outputlangs->trans($defaulttopic, '__REF__'); } elseif (!empty($object->ref_client)) { - $topicmail = $outputlangs->trans($defaulttopic, '__REF__ (__REFCLIENT__)'); + $topicmail = $outputlangs->trans($defaulttopic, '__REF__ (__REF_CLIENT__)'); } // Build document if it not exists diff --git a/htdocs/core/tpl/massactions_pre.tpl.php b/htdocs/core/tpl/massactions_pre.tpl.php index 21150d19936..4b8680e11bb 100644 --- a/htdocs/core/tpl/massactions_pre.tpl.php +++ b/htdocs/core/tpl/massactions_pre.tpl.php @@ -149,7 +149,7 @@ if ($massaction == 'presend') { $formmail->withtofree = empty($liste) ? 1 : 0; $formmail->withtocc = 1; $formmail->withtoccc = $conf->global->MAIN_EMAIL_USECCC; - $formmail->withtopic = $langs->transnoentities($topicmail, '__REF__', '__REFCLIENT__'); + $formmail->withtopic = $langs->transnoentities($topicmail, '__REF__', '__REF_CLIENT__'); $formmail->withfile = 1; // $formmail->withfile = 2; Not yet supported in mass action $formmail->withmaindocfile = 1; // Add a checkbox "Attach also main document" From 97154f8267dd28dac5402b3f1ea498a6f7ab3154 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 25 May 2021 00:29:32 +0200 Subject: [PATCH 096/149] Fix timezone into widgets --- htdocs/core/boxes/box_accountancy_last_manual_entries.php | 2 +- htdocs/core/boxes/box_actions.php | 4 ++-- htdocs/core/boxes/box_birthdays.php | 4 ++-- htdocs/core/boxes/box_birthdays_members.php | 4 ++-- htdocs/core/boxes/box_boms.php | 2 +- htdocs/core/boxes/box_clients.php | 4 ++-- htdocs/core/boxes/box_commandes.php | 2 +- htdocs/core/boxes/box_contacts.php | 2 +- htdocs/core/boxes/box_contracts.php | 2 +- htdocs/core/boxes/box_external_rss.php | 2 +- htdocs/core/boxes/box_factures.php | 4 ++-- htdocs/core/boxes/box_factures_fourn.php | 4 ++-- htdocs/core/boxes/box_factures_fourn_imp.php | 4 ++-- htdocs/core/boxes/box_factures_imp.php | 4 ++-- htdocs/core/boxes/box_ficheinter.php | 2 +- htdocs/core/boxes/box_fournisseurs.php | 4 ++-- htdocs/core/boxes/box_goodcustomers.php | 4 ++-- htdocs/core/boxes/box_last_modified_ticket.php | 2 +- htdocs/core/boxes/box_last_ticket.php | 2 +- htdocs/core/boxes/box_lastlogin.php | 2 +- htdocs/core/boxes/box_members.php | 4 ++-- htdocs/core/boxes/box_members_last_modified.php | 4 ++-- htdocs/core/boxes/box_members_last_subscriptions.php | 2 +- htdocs/core/boxes/box_members_subscriptions_by_year.php | 2 +- htdocs/core/boxes/box_mos.php | 4 ++-- htdocs/core/boxes/box_produits.php | 4 ++-- htdocs/core/boxes/box_propales.php | 4 ++-- htdocs/core/boxes/box_prospect.php | 4 ++-- htdocs/core/boxes/box_scheduled_jobs.php | 2 +- htdocs/core/boxes/box_services_contracts.php | 4 ++-- htdocs/core/boxes/box_services_expired.php | 2 +- htdocs/core/boxes/box_supplier_orders.php | 2 +- htdocs/core/boxes/box_supplier_orders_awaiting_reception.php | 2 +- 33 files changed, 50 insertions(+), 50 deletions(-) diff --git a/htdocs/core/boxes/box_accountancy_last_manual_entries.php b/htdocs/core/boxes/box_accountancy_last_manual_entries.php index 123f9894e1e..b1e4a637046 100644 --- a/htdocs/core/boxes/box_accountancy_last_manual_entries.php +++ b/htdocs/core/boxes/box_accountancy_last_manual_entries.php @@ -116,7 +116,7 @@ class box_accountancy_last_manual_entries extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', + 'td' => 'class="center nowraponall"', 'text' => dol_print_date($date, 'day'), 'asis' => 1, ); diff --git a/htdocs/core/boxes/box_actions.php b/htdocs/core/boxes/box_actions.php index e14fdfcb457..45c9d580ad2 100644 --- a/htdocs/core/boxes/box_actions.php +++ b/htdocs/core/boxes/box_actions.php @@ -161,8 +161,8 @@ class box_actions extends ModeleBoxes ); $this->info_box_contents[$line][2] = array( - 'td' => 'class="nowrap left"', - 'text' => dol_print_date($datelimite, "dayhour"), + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($datelimite, "dayhour", 'tzuserrel'), 'asis' => 1 ); diff --git a/htdocs/core/boxes/box_birthdays.php b/htdocs/core/boxes/box_birthdays.php index d6e6296a3cc..62cfaa590ab 100644 --- a/htdocs/core/boxes/box_birthdays.php +++ b/htdocs/core/boxes/box_birthdays.php @@ -118,8 +118,8 @@ class box_birthdays extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($dateb, "day").' - '.$age.' '.$langs->trans('DurationYears') + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($dateb, "day", 'gmt').' - '.$age.' '.$langs->trans('DurationYears') ); /*$this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_birthdays_members.php b/htdocs/core/boxes/box_birthdays_members.php index 4d367a223e2..5e772ff3593 100644 --- a/htdocs/core/boxes/box_birthdays_members.php +++ b/htdocs/core/boxes/box_birthdays_members.php @@ -115,8 +115,8 @@ class box_birthdays_members extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($dateb, "day").' - '.$age.' '.$langs->trans('DurationYears') + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($dateb, "day", 'gmt').' - '.$age.' '.$langs->trans('DurationYears') ); /*$this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_boms.php b/htdocs/core/boxes/box_boms.php index d0a169321d0..ae0877c0369 100644 --- a/htdocs/core/boxes/box_boms.php +++ b/htdocs/core/boxes/box_boms.php @@ -143,7 +143,7 @@ class box_boms extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'text' => dol_print_date($datem, 'day'), + 'text' => dol_print_date($datem, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_clients.php b/htdocs/core/boxes/box_clients.php index 56b8fa089a3..df56b510823 100644 --- a/htdocs/core/boxes/box_clients.php +++ b/htdocs/core/boxes/box_clients.php @@ -134,8 +134,8 @@ class box_clients extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($datem, "day") + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($datem, "day", 'tzuserrel') ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_commandes.php b/htdocs/core/boxes/box_commandes.php index eac431918b2..6583673f8ca 100644 --- a/htdocs/core/boxes/box_commandes.php +++ b/htdocs/core/boxes/box_commandes.php @@ -180,7 +180,7 @@ class box_commandes extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'text' => dol_print_date($date, 'day'), + 'text' => dol_print_date($date, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_contacts.php b/htdocs/core/boxes/box_contacts.php index bd69ddc0108..fada6a93bfd 100644 --- a/htdocs/core/boxes/box_contacts.php +++ b/htdocs/core/boxes/box_contacts.php @@ -161,7 +161,7 @@ class box_contacts extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'text' => dol_print_date($datem, "day"), + 'text' => dol_print_date($datem, "day", 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_contracts.php b/htdocs/core/boxes/box_contracts.php index ad19184691c..9d7b625db91 100644 --- a/htdocs/core/boxes/box_contracts.php +++ b/htdocs/core/boxes/box_contracts.php @@ -156,7 +156,7 @@ class box_contracts extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'text' => dol_print_date($datec, 'day'), + 'text' => dol_print_date($datec, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_external_rss.php b/htdocs/core/boxes/box_external_rss.php index 7bf8a69ed03..aff48328edb 100644 --- a/htdocs/core/boxes/box_external_rss.php +++ b/htdocs/core/boxes/box_external_rss.php @@ -150,7 +150,7 @@ class box_external_rss extends ModeleBoxes //$item['atom_content'] } if (is_numeric($date)) { - $date = dol_print_date($date, "dayhour"); + $date = dol_print_date($date, "dayhour", 'tzuserrel'); } $isutf8 = utf8_check($title); diff --git a/htdocs/core/boxes/box_factures.php b/htdocs/core/boxes/box_factures.php index 9ef12a9b8f6..2a97d738cd8 100644 --- a/htdocs/core/boxes/box_factures.php +++ b/htdocs/core/boxes/box_factures.php @@ -163,7 +163,7 @@ class box_factures extends ModeleBoxes $late = ''; if ($facturestatic->hasDelay()) { - $late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day'))); + $late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day', 'tzuserrel'))); } $this->info_box_contents[$line][] = array( @@ -186,7 +186,7 @@ class box_factures extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'text' => dol_print_date($date, 'day'), + 'text' => dol_print_date($date, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_factures_fourn.php b/htdocs/core/boxes/box_factures_fourn.php index a2ce199faee..a5d63c7b9c3 100644 --- a/htdocs/core/boxes/box_factures_fourn.php +++ b/htdocs/core/boxes/box_factures_fourn.php @@ -159,7 +159,7 @@ class box_factures_fourn extends ModeleBoxes $late = ''; if ($facturestatic->hasDelay()) { - $late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day'))); + $late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day', 'tzuserrel'))); } $this->info_box_contents[$line][] = array( @@ -189,7 +189,7 @@ class box_factures_fourn extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'text' => dol_print_date($date, 'day'), + 'text' => dol_print_date($date, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_factures_fourn_imp.php b/htdocs/core/boxes/box_factures_fourn_imp.php index aea07802fdf..9c35055011d 100644 --- a/htdocs/core/boxes/box_factures_fourn_imp.php +++ b/htdocs/core/boxes/box_factures_fourn_imp.php @@ -150,7 +150,7 @@ class box_factures_fourn_imp extends ModeleBoxes $late = ''; if ($facturestatic->hasDelay()) { - $late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day'))); + $late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day', 'tzuserrel'))); } $tooltip = $langs->trans('SupplierInvoice').': '.($objp->ref ? $objp->ref : $objp->facid).'
    '.$langs->trans('RefSupplier').': '.$objp->ref_supplier; @@ -175,7 +175,7 @@ class box_factures_fourn_imp extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'text' => dol_print_date($datelimite, 'day'), + 'text' => dol_print_date($datelimite, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_factures_imp.php b/htdocs/core/boxes/box_factures_imp.php index 1830dcd5c7a..391fc2e7cd0 100644 --- a/htdocs/core/boxes/box_factures_imp.php +++ b/htdocs/core/boxes/box_factures_imp.php @@ -165,7 +165,7 @@ class box_factures_imp extends ModeleBoxes $late = ''; if ($facturestatic->hasDelay()) { - $late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day'))); + $late = img_warning(sprintf($l_due_date, dol_print_date($datelimite, 'day', 'tzuserrel'))); } $this->info_box_contents[$line][] = array( @@ -188,7 +188,7 @@ class box_factures_imp extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'text' => dol_print_date($datelimite, 'day'), + 'text' => dol_print_date($datelimite, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_ficheinter.php b/htdocs/core/boxes/box_ficheinter.php index 94d081483e2..edf4daa5191 100644 --- a/htdocs/core/boxes/box_ficheinter.php +++ b/htdocs/core/boxes/box_ficheinter.php @@ -145,7 +145,7 @@ class box_ficheinter extends ModeleBoxes $this->info_box_contents[$i][] = array( 'td' => 'class="right"', - 'text' => dol_print_date($datec, 'day'), + 'text' => dol_print_date($datec, 'day', 'tzuserrel'), ); $this->info_box_contents[$i][] = array( diff --git a/htdocs/core/boxes/box_fournisseurs.php b/htdocs/core/boxes/box_fournisseurs.php index d8b7f30c103..b0d5a0774fc 100644 --- a/htdocs/core/boxes/box_fournisseurs.php +++ b/htdocs/core/boxes/box_fournisseurs.php @@ -128,8 +128,8 @@ class box_fournisseurs extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($datem, "day"), + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($datem, "day", 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_goodcustomers.php b/htdocs/core/boxes/box_goodcustomers.php index 3a4f7e63103..aef7cdc9f3d 100644 --- a/htdocs/core/boxes/box_goodcustomers.php +++ b/htdocs/core/boxes/box_goodcustomers.php @@ -126,8 +126,8 @@ class box_goodcustomers extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($datem, "day") + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($datem, "day", 'tzuserrel') ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_last_modified_ticket.php b/htdocs/core/boxes/box_last_modified_ticket.php index 320a23f745b..4d5097e23ba 100644 --- a/htdocs/core/boxes/box_last_modified_ticket.php +++ b/htdocs/core/boxes/box_last_modified_ticket.php @@ -162,7 +162,7 @@ class box_last_modified_ticket extends ModeleBoxes // Date creation $this->info_box_contents[$i][$r] = array( 'td' => 'class="right"', - 'text' => dol_print_date($datec, 'dayhour') + 'text' => dol_print_date($datec, 'dayhour', 'tzuserrel') ); $r++; diff --git a/htdocs/core/boxes/box_last_ticket.php b/htdocs/core/boxes/box_last_ticket.php index 8a0e3822448..e08a54f1c87 100644 --- a/htdocs/core/boxes/box_last_ticket.php +++ b/htdocs/core/boxes/box_last_ticket.php @@ -166,7 +166,7 @@ class box_last_ticket extends ModeleBoxes // Date creation $this->info_box_contents[$i][$r] = array( 'td' => 'class="right"', - 'text' => dol_print_date($datec, 'dayhour'), + 'text' => dol_print_date($datec, 'dayhour', 'tzuserrel'), ); $r++; diff --git a/htdocs/core/boxes/box_lastlogin.php b/htdocs/core/boxes/box_lastlogin.php index a487ec5bc72..e5e11d9ba8f 100644 --- a/htdocs/core/boxes/box_lastlogin.php +++ b/htdocs/core/boxes/box_lastlogin.php @@ -93,7 +93,7 @@ class box_lastlogin extends ModeleBoxes 'text' => $langs->trans("PreviousConnexion"), ); if ($user->datepreviouslogin) { - $tmp = dol_print_date($user->datepreviouslogin, "dayhour", 'tzuser'); + $tmp = dol_print_date($user->datepreviouslogin, "dayhour", 'tzuserrel'); } else { $tmp = $langs->trans("Unknown"); } diff --git a/htdocs/core/boxes/box_members.php b/htdocs/core/boxes/box_members.php index acd3773d2f0..5865cba2530 100644 --- a/htdocs/core/boxes/box_members.php +++ b/htdocs/core/boxes/box_members.php @@ -145,8 +145,8 @@ class box_members extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($datem, "day"), + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($datem, "day", 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_members_last_modified.php b/htdocs/core/boxes/box_members_last_modified.php index 1315ac9895b..9de6a3af12f 100644 --- a/htdocs/core/boxes/box_members_last_modified.php +++ b/htdocs/core/boxes/box_members_last_modified.php @@ -147,8 +147,8 @@ class box_members_last_modified extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($datem, "day"), + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($datem, "day", 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_members_last_subscriptions.php b/htdocs/core/boxes/box_members_last_subscriptions.php index e08bc1073b6..3cea44c2dc3 100644 --- a/htdocs/core/boxes/box_members_last_subscriptions.php +++ b/htdocs/core/boxes/box_members_last_subscriptions.php @@ -158,7 +158,7 @@ class box_members_last_subscriptions extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right tdoverflowmax150 maxwidth150onsmartphone"', - 'text' => dol_print_date($this->db->jdate($obj->datem ? $obj->datem : $obj->datec), 'dayhour'), + 'text' => dol_print_date($this->db->jdate($obj->datem ? $obj->datem : $obj->datec), 'dayhour', 'tzuserrel'), ); $line++; diff --git a/htdocs/core/boxes/box_members_subscriptions_by_year.php b/htdocs/core/boxes/box_members_subscriptions_by_year.php index b6c146312bc..be835511c6b 100644 --- a/htdocs/core/boxes/box_members_subscriptions_by_year.php +++ b/htdocs/core/boxes/box_members_subscriptions_by_year.php @@ -111,7 +111,7 @@ class box_members_subscriptions_by_year extends ModeleBoxes $i = 0; while ($i < $num) { $objp = $this->db->fetch_object($result); - $year = dol_print_date($this->db->jdate($objp->dateh), "%Y"); + $year = dol_print_date($this->db->jdate($objp->dateh), "%Y", 'gmt'); $Total[$year] = (isset($Total[$year]) ? $Total[$year] : 0) + $objp->subscription; $Number[$year] = (isset($Number[$year]) ? $Number[$year] : 0) + 1; $tot += $objp->subscription; diff --git a/htdocs/core/boxes/box_mos.php b/htdocs/core/boxes/box_mos.php index b12506147bf..43d1cd411e4 100644 --- a/htdocs/core/boxes/box_mos.php +++ b/htdocs/core/boxes/box_mos.php @@ -138,8 +138,8 @@ class box_mos extends ModeleBoxes } $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($datem, 'day'), + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($datem, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_produits.php b/htdocs/core/boxes/box_produits.php index 44333683000..dde3b685d25 100644 --- a/htdocs/core/boxes/box_produits.php +++ b/htdocs/core/boxes/box_produits.php @@ -190,8 +190,8 @@ class box_produits extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($datem, 'day'), + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($datem, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_propales.php b/htdocs/core/boxes/box_propales.php index d876dad67d0..9c6376351e7 100644 --- a/htdocs/core/boxes/box_propales.php +++ b/htdocs/core/boxes/box_propales.php @@ -165,8 +165,8 @@ class box_propales extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($date, 'day'), + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($date, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_prospect.php b/htdocs/core/boxes/box_prospect.php index ea550b9d856..a8959202082 100644 --- a/htdocs/core/boxes/box_prospect.php +++ b/htdocs/core/boxes/box_prospect.php @@ -135,8 +135,8 @@ class box_prospect extends ModeleBoxes ); $this->info_box_contents[$line][] = array( - 'td' => 'class="right"', - 'text' => dol_print_date($datem, "day"), + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($datem, "day", 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_scheduled_jobs.php b/htdocs/core/boxes/box_scheduled_jobs.php index 04ba2944c75..793b0cc8c79 100644 --- a/htdocs/core/boxes/box_scheduled_jobs.php +++ b/htdocs/core/boxes/box_scheduled_jobs.php @@ -156,7 +156,7 @@ class box_scheduled_jobs extends ModeleBoxes ); $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'textnoformat' => (empty($resultarray[$line][2]) ? '' : $form->textwithpicto(dol_print_date($resultarray[$line][2], "dayhoursec"), $langs->trans("CurrentTimeZone"))) + 'textnoformat' => (empty($resultarray[$line][2]) ? '' : $form->textwithpicto(dol_print_date($resultarray[$line][2], "dayhoursec", 'tzserver'), $langs->trans("CurrentTimeZone"))) ); $this->info_box_contents[$line][] = array( 'td' => 'class="center" ', diff --git a/htdocs/core/boxes/box_services_contracts.php b/htdocs/core/boxes/box_services_contracts.php index b6eb51826cc..98e2b82bb37 100644 --- a/htdocs/core/boxes/box_services_contracts.php +++ b/htdocs/core/boxes/box_services_contracts.php @@ -200,8 +200,8 @@ class box_services_contracts extends ModeleBoxes ); $this->info_box_contents[$i][] = array( - 'td' => '', - 'text' => dol_print_date($datem, 'day'), + 'td' => 'class="center nowraponall"', + 'text' => dol_print_date($datem, 'day', 'tzuserrel'), 'text2'=> $late, ); diff --git a/htdocs/core/boxes/box_services_expired.php b/htdocs/core/boxes/box_services_expired.php index 724eb9baebf..75cc1cde413 100644 --- a/htdocs/core/boxes/box_services_expired.php +++ b/htdocs/core/boxes/box_services_expired.php @@ -152,7 +152,7 @@ class box_services_expired extends ModeleBoxes $this->info_box_contents[$i][] = array( 'td' => 'class="center nowraponall"', - 'text' => dol_print_date($dateline, 'day'), + 'text' => dol_print_date($dateline, 'day', 'tzuserrel'), 'text2'=> $late, ); diff --git a/htdocs/core/boxes/box_supplier_orders.php b/htdocs/core/boxes/box_supplier_orders.php index 235e7a8e72a..0c2b97ce6b5 100644 --- a/htdocs/core/boxes/box_supplier_orders.php +++ b/htdocs/core/boxes/box_supplier_orders.php @@ -153,7 +153,7 @@ class box_supplier_orders extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'text' => dol_print_date($date, 'day'), + 'text' => dol_print_date($date, 'day', 'tzuserrel'), ); $this->info_box_contents[$line][] = array( diff --git a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php index 1a8cec07155..04dabbd0ff3 100644 --- a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php +++ b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php @@ -161,7 +161,7 @@ class box_supplier_orders_awaiting_reception extends ModeleBoxes $this->info_box_contents[$line][] = array( 'td' => 'class="right"', - 'text' => $delayIcon.' '.dol_print_date($delivery_date, 'day').'', + 'text' => $delayIcon.' '.dol_print_date($delivery_date, 'day', 'tzuserrel').'', 'asis' => 1 ); From fedf7645b1184d4748218e1e805f62052b201c49 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 25 May 2021 12:02:33 +0200 Subject: [PATCH 097/149] Fix regression, can't reset parent company. --- htdocs/societe/card.php | 2 +- htdocs/societe/class/societe.class.php | 43 ++++++++++++++------------ 2 files changed, 24 insertions(+), 21 deletions(-) diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index 3d03a97a59f..1165d6a9fd7 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -852,7 +852,7 @@ if (empty($reshook)) { // Set parent company if ($action == 'set_thirdparty' && $user->rights->societe->creer) { $object->fetch($socid); - $result = $object->set_parent(GETPOST('parent_id', 'int')); + $result = $object->setParent(GETPOST('parent_id', 'int')); } // Set sales representatives diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 8a8dea9f7e3..e2eba54b489 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -3321,34 +3321,37 @@ class Societe extends CommonObject } } - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** * Define parent commany of current company * * @param int $id Id of thirdparty to set or '' to remove * @return int <0 if KO, >0 if OK */ - public function set_parent($id) + public function setParent($id) { - // phpcs:enable if ($this->id) { // Check if the id we want to add as parent has not already one parent that is the current id we try to update - $sameparent = $this->validateFamilyTree($id, $this->id, 0); - if ($sameparent < 0) { - return -1; - } elseif ($sameparent == 1) { - setEventMessages('ParentCompanyToAddIsAlreadyAChildOfModifiedCompany', null, 'warnings'); - return -1; - } else { - $sql = 'UPDATE '.MAIN_DB_PREFIX.'societe SET parent = '.($id > 0 ? $id : 'null').' WHERE rowid = '.((int) $this->id); - dol_syslog(get_class($this).'::set_parent', LOG_DEBUG); - $resql = $this->db->query($sql); - if ($resql) { - $this->parent = $id; - return 1; - } else { + if ($id > 0) { + $sameparent = $this->validateFamilyTree($id, $this->id, 0); + if ($sameparent < 0) { return -1; } + if ($sameparent == 1) { + setEventMessages('ParentCompanyToAddIsAlreadyAChildOfModifiedCompany', null, 'warnings'); + return -1; + } + } + + dol_syslog(get_class($this).'::setParent', LOG_DEBUG); + + $sql = 'UPDATE '.MAIN_DB_PREFIX.'societe SET parent = '.($id > 0 ? $id : 'null').' WHERE rowid = '.((int) $this->id); + + $resql = $this->db->query($sql); + if ($resql) { + $this->parent = $id; + return 1; + } else { + return -1; } } else { return -1; @@ -3369,9 +3372,9 @@ class Societe extends CommonObject dol_syslog("Too high level of parent - child for company. May be an infinite loop ?", LOG_WARNING); } - $sql = 'SELECT s.parent'; - $sql .= ' FROM '.MAIN_DB_PREFIX.'societe as s'; - $sql .= ' WHERE rowid = '.$idparent; + $sql = 'SELECT s.parent'; + $sql .= ' FROM '.MAIN_DB_PREFIX.'societe as s'; + $sql .= ' WHERE rowid = '.$idparent; $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); From 857be16e1294c3ed2e7f5e624bcc838969dff565 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 25 May 2021 12:03:38 +0200 Subject: [PATCH 098/149] Log --- htdocs/societe/class/societe.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index e2eba54b489..7554ad2fbe2 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -3329,6 +3329,8 @@ class Societe extends CommonObject */ public function setParent($id) { + dol_syslog(get_class($this).'::setParent', LOG_DEBUG); + if ($this->id) { // Check if the id we want to add as parent has not already one parent that is the current id we try to update if ($id > 0) { @@ -3342,8 +3344,6 @@ class Societe extends CommonObject } } - dol_syslog(get_class($this).'::setParent', LOG_DEBUG); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'societe SET parent = '.($id > 0 ? $id : 'null').' WHERE rowid = '.((int) $this->id); $resql = $this->db->query($sql); From fb6aea72b837ec464c059b9fbdafc4d799496e8d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 25 May 2021 12:06:29 +0200 Subject: [PATCH 099/149] Fix syntax error --- htdocs/fourn/class/fournisseur.facture.class.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index 8586e0fc623..637f29e87b8 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -1361,7 +1361,7 @@ class FactureFournisseur extends CommonInvoice } $sql .= ', fk_user_closing = '.$user->id; $sql .= ", date_closing = '".$this->db->idate($now)."'"; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= ' WHERE rowid = '.((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -1417,18 +1417,17 @@ class FactureFournisseur extends CommonInvoice */ public function setUnpaid($user) { - global $conf, $langs; $error = 0; $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture_fourn'; - $sql .= ' SET paye=0, fk_statut='.self::STATUS_VALIDATED.', close_code=null, close_note=null'; + $sql .= ' SET paye=0, fk_statut='.self::STATUS_VALIDATED.', close_code=null, close_note=null,'; $sql .= ' date_closing=null,'; $sql .= ' fk_user_closing=null'; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= ' WHERE rowid = '.((int) $this->id); - dol_syslog("FactureFournisseur::set_unpaid", LOG_DEBUG); + dol_syslog(get_class($this)."::set_unpaid", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { // Call trigger From 71b35ef0e5be758b3faddfa7650916adc73d1536 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 25 May 2021 12:11:06 +0200 Subject: [PATCH 100/149] Fix regression - can't reset parent company --- htdocs/societe/class/societe.class.php | 33 +++++++++++++++----------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 591809389d4..47105bf9068 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -3111,24 +3111,29 @@ class Societe extends CommonObject public function set_parent($id) { // phpcs:enable + dol_syslog(get_class($this).'::set_parent', LOG_DEBUG); + if ($this->id) { // Check if the id we want to add as parent has not already one parent that is the current id we try to update - $sameparent = $this->validateFamilyTree($id, $this->id, 0); - if ($sameparent < 0) { - return -1; - } elseif ($sameparent == 1) { - setEventMessages('ParentCompanyToAddIsAlreadyAChildOfModifiedCompany', null, 'warnings'); - return -1; - } else { - $sql = 'UPDATE '.MAIN_DB_PREFIX.'societe SET parent = '.($id > 0 ? $id : 'null').' WHERE rowid = '.((int) $this->id); - dol_syslog(get_class($this).'::set_parent', LOG_DEBUG); - $resql = $this->db->query($sql); - if ($resql) { - $this->parent = $id; - return 1; - } else { + if ($id > 0) { + $sameparent = $this->validateFamilyTree($id, $this->id, 0); + if ($sameparent < 0) { return -1; } + if ($sameparent == 1) { + setEventMessages('ParentCompanyToAddIsAlreadyAChildOfModifiedCompany', null, 'warnings'); + return -1; + } + } + + $sql = 'UPDATE '.MAIN_DB_PREFIX.'societe SET parent = '.($id > 0 ? $id : 'null').' WHERE rowid = '.((int) $this->id); + + $resql = $this->db->query($sql); + if ($resql) { + $this->parent = $id; + return 1; + } else { + return -1; } } else { return -1; From a840afa72a33e80cb1b83802905c17fdfe6668e0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 25 May 2021 15:24:28 +0200 Subject: [PATCH 101/149] Fix missing entry into table --- htdocs/install/mysql/data/llx_accounting_abc.sql | 6 +++--- htdocs/install/mysql/migration/13.0.0-14.0.0.sql | 5 +++++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/htdocs/install/mysql/data/llx_accounting_abc.sql b/htdocs/install/mysql/data/llx_accounting_abc.sql index 3c178f7c70d..806d084ce85 100644 --- a/htdocs/install/mysql/data/llx_accounting_abc.sql +++ b/htdocs/install/mysql/data/llx_accounting_abc.sql @@ -174,10 +174,10 @@ INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUE INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 15,'SYSCOHADA-TG', 'Plan comptable Ouest-Africain', 1); -- Description of chart of account USA US-BASE -INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 11, 'US-BASE', 'USA basic chart of accounts', 1); +INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 11, 'US-BASE', 'USA basic chart of accounts', 1); -- Description of chart of account Canada CA-ENG-BASE -INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 14, 'CA-ENG-BASE', 'Canadian basic chart of accounts - English', 1); +INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 14, 'CA-ENG-BASE', 'Canadian basic chart of accounts - English', 1); -- Description of chart of account Mexico SAT/24-2019 -INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 154, 'SAT/24-2019', 'Catalogo y codigo agrupador fiscal del 2019', 1); +INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 154, 'SAT/24-2019', 'Catalogo y codigo agrupador fiscal del 2019', 1); diff --git a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql index b95ea30f8fb..c9736e429c4 100644 --- a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql +++ b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql @@ -62,6 +62,11 @@ UPDATE llx_c_country SET eec = 1 WHERE code IN ('AT','BE','BG','CY','CZ','DE','D ALTER TABLE llx_export_model MODIFY COLUMN type varchar(64); +INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 11, 'US-BASE', 'USA basic chart of accounts', 1); +INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 14, 'CA-ENG-BASE', 'Canadian basic chart of accounts - English', 1); +INSERT INTO llx_accounting_system (fk_country, pcg_version, label, active) VALUES ( 154, 'SAT/24-2019', 'Catalogo y codigo agrupador fiscal del 2019', 1); + + -- For v14 ALTER TABLE llx_product_lot ADD COLUMN eol_date datetime NULL; From d18fc6ca3c9e859be79f7d99bb6522fc37e35d46 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 25 May 2021 15:38:12 +0200 Subject: [PATCH 102/149] Fix init --- htdocs/accountancy/admin/accountmodel.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/accountancy/admin/accountmodel.php b/htdocs/accountancy/admin/accountmodel.php index f0fd9702009..0f4d538cfac 100644 --- a/htdocs/accountancy/admin/accountmodel.php +++ b/htdocs/accountancy/admin/accountmodel.php @@ -609,10 +609,12 @@ if ($id) { print '
    '.$langs->trans("ActionDoneBy").''; if ($object->userdoneid > 0) { $tmpuser = new User($db); @@ -2080,10 +2080,10 @@ if ($id > 0) { include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_view.tpl.php'; // Reminders - if ($conf->global->AGENDA_REMINDER_EMAIL || $conf->global->AGENDA_REMINDER_BROWSER) { - $filtreuserid = $user->id; + if (!empty($conf->global->AGENDA_REMINDER_EMAIL) || !empty($conf->global->AGENDA_REMINDER_BROWSER)) { + $filteruserid = $user->id; if ($user->rights->agenda->allactions->read) { - $filtreuserid = 0; + $filteruserid = 0; } $object->loadReminders('', $filteruserid, false); From 8576cf1b725c1597008048c4510185de22fe0d4a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 25 May 2021 22:51:37 +0200 Subject: [PATCH 115/149] Fix combo when we must no hide value with key -1 --- htdocs/adherents/list.php | 6 +++--- htdocs/core/class/html.form.class.php | 2 +- htdocs/core/lib/ajax.lib.php | 7 ++++--- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index 1ec9d498b9d..b6fe79b8d68 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -708,7 +708,7 @@ if (!empty($arrayfields['d.morphy']['checked'])) { if (!empty($arrayfields['t.libelle']['checked'])) { print ''; $listetype = $membertypestatic->liste_array(); - print $form->selectarray("search_type", $listetype, $type, 1, 0, 0, '', 0, 32); + print $form->selectarray("search_type", $listetype, $search_type, 1, 0, 0, '', 0, 32); print ''.$actionstatic->LibStatut($obj->percent, 5, 0, $datep).'
    ' . $langs->trans("ShowAllBatchByDefault") . '
    '; diff --git a/htdocs/core/class/conf.class.php b/htdocs/core/class/conf.class.php index 632cfc0311f..8766d68c25b 100644 --- a/htdocs/core/class/conf.class.php +++ b/htdocs/core/class/conf.class.php @@ -533,6 +533,10 @@ class Conf } } + if (!isset($this->global->STOCK_SHOW_ALL_BATCH_BY_DEFAULT)) { + $this->global->STOCK_SHOW_ALL_BATCH_BY_DEFAULT = 1; + } + // conf->currency if (empty($this->global->MAIN_MONNAIE)) { $this->global->MAIN_MONNAIE = 'EUR'; diff --git a/htdocs/langs/en_US/mrp.lang b/htdocs/langs/en_US/mrp.lang index f47354958eb..2414a92cefb 100644 --- a/htdocs/langs/en_US/mrp.lang +++ b/htdocs/langs/en_US/mrp.lang @@ -70,7 +70,7 @@ ProductionForRef=Production of %s AutoCloseMO=Close automatically the Manufacturing Order if quantities to consume and to produce are reached NoStockChangeOnServices=No stock change on services ProductQtyToConsumeByMO=Product quantity still to consume by open MO -ProductQtyToProduceByMO=Product quentity still to produce by open MO +ProductQtyToProduceByMO=Product quantity still to produce by open MO AddNewConsumeLines=Add new line to consume ProductsToConsume=Products to consume ProductsToProduce=Products to produce diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php index 9b8af58e347..07ee7a66584 100644 --- a/htdocs/product/stock/product.php +++ b/htdocs/product/stock/product.php @@ -531,43 +531,44 @@ if ($id > 0 || $ref) { llxHeader('', $title, $helpurl); + if (! empty($conf->use_javascript_ajax)) { ?> - - 0) { $head = product_prepare_head($object); @@ -908,18 +909,18 @@ if (!$variants) { if ((!empty($conf->productbatch->enabled)) && $object->hasbatch()) { $colspan = 3; print ''; - print ''.img_picto('', 'folder-open', 'class="paddingright"').$langs->trans("ExpandAll").'
    '; - print ''.img_picto('', 'folder', 'class="paddingright"').$langs->trans("UndoExpandAll").' '; - print $form->textwithpicto('', $langs->trans('CollapseBatchDetailHelp'), 1, 'help', ''); + print ''.img_picto('', 'folder-open', 'class="paddingright"').$langs->trans("ExpandAll").'   '; + print ''.img_picto('', 'folder', 'class="paddingright"').$langs->trans("UndoExpandAll").''; + //print ' '.$form->textwithpicto('', $langs->trans('CollapseBatchDetailHelp'), 1, 'help', ''); print ''; print ''.$langs->trans("batch_number").''; if (empty($conf->global->PRODUCT_DISABLE_EATBY)) { $colspan--; - print ''.$langs->trans("EatByDate").''; + print ''.$langs->trans("EatByDate").''; } if (empty($conf->global->PRODUCT_DISABLE_SELLBY)) { $colspan--; - print ''.$langs->trans("SellByDate").''; + print ''.$langs->trans("SellByDate").''; } print ''; print ''; @@ -967,10 +968,13 @@ if (!$variants) { $stock_real = price2num($obj->reel, 'MS'); print ''; print ''; + print $entrepotstatic->getNomUrl(1); if (!empty($conf->productbatch->enabled)) { - print '' . (empty($conf->global->STOCK_SHOW_ALL_BATCH_BY_DEFAULT) ? '(+)' : '(-)') . ' '; + print ''; + print (empty($conf->global->STOCK_SHOW_ALL_BATCH_BY_DEFAULT) ? '(+)' : '(-)'); + print ''; } - print $entrepotstatic->getNomUrl(1).''; + print ''; print ''.$stock_real.($stock_real < 0 ? ' '.img_warning() : '').''; // PMP print ''.(price2num($object->pmp) ? price2num($object->pmp, 'MU') : '').''; From 94c8246f6844181b5f827eec2329be2a592a842a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 25 May 2021 23:30:06 +0200 Subject: [PATCH 122/149] Debug v14 --- htdocs/product/stock/product.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php index 07ee7a66584..9ef7b011d12 100644 --- a/htdocs/product/stock/product.php +++ b/htdocs/product/stock/product.php @@ -969,7 +969,7 @@ if (!$variants) { print ''; print ''; print $entrepotstatic->getNomUrl(1); - if (!empty($conf->productbatch->enabled)) { + if (!empty($conf->productbatch->enabled) && $object->hasbatch()) { print ''; print (empty($conf->global->STOCK_SHOW_ALL_BATCH_BY_DEFAULT) ? '(+)' : '(-)'); print ''; From 429ebe6662b3e5256c54ffef6e080ee7a02d8214 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Tue, 25 May 2021 23:49:49 +0200 Subject: [PATCH 123/149] Update api_stockmovements.class.php --- htdocs/product/stock/class/api_stockmovements.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/product/stock/class/api_stockmovements.class.php b/htdocs/product/stock/class/api_stockmovements.class.php index 9b022a840fc..42a03a1836a 100644 --- a/htdocs/product/stock/class/api_stockmovements.class.php +++ b/htdocs/product/stock/class/api_stockmovements.class.php @@ -95,7 +95,7 @@ class StockMovements extends DolibarrApi */ public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $sqlfilters = '') { - global $db, $conf; + global $conf; $obj_ret = array(); @@ -176,7 +176,7 @@ class StockMovements extends DolibarrApi } if ($qty == 0) { - throw new RestException(503, "Making a stock movement with a quentity of 0 is not possible"); + throw new RestException(503, "Making a stock movement with a quantity of 0 is not possible"); } // Type increase or decrease From 156279d6a196aedba8592ea6b05a76e3e6b2227b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 26 May 2021 00:34:52 +0200 Subject: [PATCH 124/149] Fix nojs --- htdocs/product/stock/product.php | 78 ++++++++++++++++---------------- 1 file changed, 40 insertions(+), 38 deletions(-) diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php index 9ef7b011d12..5908785e1cb 100644 --- a/htdocs/product/stock/product.php +++ b/htdocs/product/stock/product.php @@ -531,43 +531,43 @@ if ($id > 0 || $ref) { llxHeader('', $title, $helpurl); - if (! empty($conf->use_javascript_ajax)) { - ?> - - + 0) { @@ -909,9 +909,11 @@ if (!$variants) { if ((!empty($conf->productbatch->enabled)) && $object->hasbatch()) { $colspan = 3; print ''; - print ''.img_picto('', 'folder-open', 'class="paddingright"').$langs->trans("ExpandAll").'   '; - print ''.img_picto('', 'folder', 'class="paddingright"').$langs->trans("UndoExpandAll").''; - //print ' '.$form->textwithpicto('', $langs->trans('CollapseBatchDetailHelp'), 1, 'help', ''); + if (!empty($conf->use_javascript_ajax)) { + print ''.img_picto('', 'folder-open', 'class="paddingright"').$langs->trans("ExpandAll").'   '; + print ''.img_picto('', 'folder', 'class="paddingright"').$langs->trans("UndoExpandAll").''; + //print ' '.$form->textwithpicto('', $langs->trans('CollapseBatchDetailHelp'), 1, 'help', ''); + } print ''; print ''.$langs->trans("batch_number").''; if (empty($conf->global->PRODUCT_DISABLE_EATBY)) { @@ -969,7 +971,7 @@ if (!$variants) { print ''; print ''; print $entrepotstatic->getNomUrl(1); - if (!empty($conf->productbatch->enabled) && $object->hasbatch()) { + if (!empty($conf->use_javascript_ajax) && !empty($conf->productbatch->enabled) && $object->hasbatch()) { print ''; print (empty($conf->global->STOCK_SHOW_ALL_BATCH_BY_DEFAULT) ? '(+)' : '(-)'); print ''; From eec254f066a7f985588b49559b88ed2d86178d1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 26 May 2021 08:42:35 +0200 Subject: [PATCH 125/149] fix warning --- htdocs/adherents/card.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 49a3cc74182..5182a6ff778 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -6,7 +6,7 @@ * Copyright (C) 2012 Marcos García * Copyright (C) 2012-2020 Philippe Grand * Copyright (C) 2015-2018 Alexandre Spangaro - * Copyright (C) 2018-2020 Frédéric France + * Copyright (C) 2018-2021 Frédéric France * Copyright (C) 2021 Waël Almoman * * This program is free software; you can redistribute it and/or modify @@ -1088,7 +1088,8 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if (!$value['active']) { break; } - print ''.$langs->trans($value['label']).''; + $val = (GETPOSTISSET('member_'.$key) ? GETPOST('member_'.$key, 'alpha') : (empty($object->socialnetworks[$key]) ? '' : $object->socialnetworks[$key])); + print ''.$langs->trans($value['label']).''; } } From 9a51333662701bb8c35a873f2e4ca28f34acf75a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 26 May 2021 08:49:54 +0200 Subject: [PATCH 126/149] fix warning --- htdocs/societe/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index 1165d6a9fd7..844dd7810f7 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -1399,7 +1399,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print ''; } print ''.$form->editfieldkey($langs->trans('No_Email') .' ('.$langs->trans('Contact').')', 'contact_no_email', '', $object, 0).''; - print 'browser->layout == 'phone') || empty($conf->mailing->enabled) ? ' colspan="3"' : '').'>'.$form->selectyesno('contact_no_email', (GETPOSTISSET("contact_no_email") ?GETPOST("contact_no_email", 'alpha') : $object->no_email), 1, false, 1).''; + print 'browser->layout == 'phone') || empty($conf->mailing->enabled) ? ' colspan="3"' : '').'>'.$form->selectyesno('contact_no_email', (GETPOSTISSET("contact_no_email") ? GETPOST("contact_no_email", 'alpha') : (empty($object->no_email) ? 0 : 1)), 1, false, 1).''; } print ''; print ''.$form->editfieldkey('Web', 'url', '', $object, 0).''; From 60196c04172aa2c647d6803d5657188cd48a69d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 26 May 2021 08:53:17 +0200 Subject: [PATCH 127/149] Update card.php --- htdocs/societe/card.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index 844dd7810f7..aa8205bfa99 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -398,12 +398,12 @@ if (empty($reshook)) { $error++; } - if (!empty($conf->mailing->enabled) && $conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS==-1 && GETPOST('contact_no_email', 'int')==-1 && !empty(GETPOST('email', 'custom', 0, FILTER_SANITIZE_EMAIL))) { + if (!empty($conf->mailing->enabled) && !empty($conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS) && $conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS==-1 && GETPOST('contact_no_email', 'int')==-1 && !empty(GETPOST('email', 'custom', 0, FILTER_SANITIZE_EMAIL))) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("No_Email")), null, 'errors'); } - if (!empty($conf->mailing->enabled) && GETPOST("private", 'int') == 1 && $conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS==-1 && GETPOST('contact_no_email', 'int')==-1 && !empty(GETPOST('email', 'custom', 0, FILTER_SANITIZE_EMAIL))) { + if (!empty($conf->mailing->enabled) && GETPOST("private", 'int') == 1 && !empty($conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS) && $conf->global->MAILING_CONTACT_DEFAULT_BULK_STATUS==-1 && GETPOST('contact_no_email', 'int')==-1 && !empty(GETPOST('email', 'custom', 0, FILTER_SANITIZE_EMAIL))) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("No_Email")), null, 'errors'); } From 2130be975e1e9546961b95b72d230a36f0d4d2fe Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 26 May 2021 11:01:54 +0200 Subject: [PATCH 128/149] Fix perm --- test/phpunit/CMailFileTest.php | 0 test/phpunit/ContactTest.php | 0 test/phpunit/ModulesTest.php | 0 test/phpunit/PricesTest.php | 0 test/phpunit/SocieteTest.php | 0 5 files changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 test/phpunit/CMailFileTest.php mode change 100755 => 100644 test/phpunit/ContactTest.php mode change 100755 => 100644 test/phpunit/ModulesTest.php mode change 100755 => 100644 test/phpunit/PricesTest.php mode change 100755 => 100644 test/phpunit/SocieteTest.php diff --git a/test/phpunit/CMailFileTest.php b/test/phpunit/CMailFileTest.php old mode 100755 new mode 100644 diff --git a/test/phpunit/ContactTest.php b/test/phpunit/ContactTest.php old mode 100755 new mode 100644 diff --git a/test/phpunit/ModulesTest.php b/test/phpunit/ModulesTest.php old mode 100755 new mode 100644 diff --git a/test/phpunit/PricesTest.php b/test/phpunit/PricesTest.php old mode 100755 new mode 100644 diff --git a/test/phpunit/SocieteTest.php b/test/phpunit/SocieteTest.php old mode 100755 new mode 100644 From ded385f12ead547d46d988bfee6b57f04e534e60 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 26 May 2021 11:24:29 +0200 Subject: [PATCH 129/149] FIX #17650 #17710 --- dev/initdemo/mysqldump_dolibarr_3.5.0.sql | 2 +- test/phpunit/CommandeFournisseurTest.php | 4 ++-- test/phpunit/PdfDocTest.php | 10 +++++----- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/dev/initdemo/mysqldump_dolibarr_3.5.0.sql b/dev/initdemo/mysqldump_dolibarr_3.5.0.sql index 46053d1a187..252643afb59 100644 --- a/dev/initdemo/mysqldump_dolibarr_3.5.0.sql +++ b/dev/initdemo/mysqldump_dolibarr_3.5.0.sql @@ -5503,7 +5503,7 @@ CREATE TABLE `llx_product` ( LOCK TABLES `llx_product` WRITE; /*!40000 ALTER TABLE `llx_product` DISABLE KEYS */; -INSERT INTO `llx_product` VALUES (1,'2010-07-08 14:33:17','2013-03-12 09:30:24',0,0,'PIDRESS',1,NULL,'Pink dress','A beatifull pink dress','',NULL,NULL,100.00000000,112.50000000,90.00000000,101.25000000,'HT',12.500,0,0.000,0.000,1,1,1,0,'',20,NULL,0,'','',NULL,100,0,NULL,0,NULL,0,NULL,0,2,0.00000000,NULL,1,0,NULL,0),(2,'2010-07-09 00:30:01','2013-01-19 17:31:58',0,0,'Product_P1',1,NULL,'Product P1','','','',32,0.00000000,0.00000000,0.00000000,0.00000000,'HT',12.500,0,0.000,0.000,1,1,1,0,'',NULL,NULL,0,'','',NULL,NULL,0,NULL,0,NULL,0,NULL,0,998,0.00000000,NULL,0,0,NULL,0),(3,'2010-07-09 00:30:25','2012-12-08 13:11:14',0,0,'Service_S1',1,NULL,'Service S1','','',NULL,NULL,0.00000000,0.00000000,0.00000000,0.00000000,'HT',12.500,0,0.000,0.000,1,1,1,1,'1m',NULL,NULL,0,'','',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,0.00000000,NULL,0,0,NULL,0),(4,'2010-07-10 14:44:06','2013-01-19 17:22:48',0,0,'DECAP',1,NULL,'Decapsuleur','','',NULL,NULL,5.00000000,5.62500000,0.00000000,0.00000000,'HT',12.500,0,0.000,0.000,1,1,1,0,'',NULL,NULL,0,'','',NULL,2,-3,NULL,0,NULL,0,NULL,0,1001,10.00000000,NULL,1,0,NULL,0),(5,'2011-07-20 23:11:38','2011-07-27 17:02:59',0,0,'aaaa',1,NULL,'aaaa','cccc','bbbb','',NULL,10.00000000,11.96000000,0.00000000,0.00000000,'HT',19.600,0,0.000,0.000,1,1,1,0,'',NULL,NULL,0,'','',NULL,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0.00000000,'',1,0,NULL,0),(6,'2011-07-29 22:16:44','2011-07-29 20:16:44',0,0,'Copy_of_aaaa',1,NULL,'aaaa','cccc','bbbb','',NULL,10.00000000,11.96000000,0.00000000,0.00000000,'HT',19.600,0,0.000,0.000,1,0,1,0,'',NULL,NULL,0,'','',NULL,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0.00000000,'',1,0,NULL,0),(7,'2011-07-29 22:31:21','2011-07-29 20:31:21',0,0,'Copy_of_Copy_of_aaaa',1,NULL,'aaaa','cccc','bbbb','',NULL,10.00000000,11.96000000,0.00000000,0.00000000,'HT',19.600,0,0.000,0.000,1,0,0,0,'',NULL,NULL,0,'','',NULL,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0.00000000,'',1,0,NULL,0),(8,'2011-07-29 22:46:54','2011-07-29 20:46:54',0,0,'Copy_of_Copy_of_Copy_of_aaaa',1,NULL,'aaaa','cccc','bbbb','',NULL,10.00000000,11.96000000,0.00000000,0.00000000,'HT',19.600,0,0.000,0.000,1,0,0,0,'',NULL,NULL,0,'','',NULL,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0.00000000,'',1,0,NULL,0),(10,'2008-12-31 00:00:00','2012-12-08 13:11:14',0,0,'PR123456',1,NULL,'My product','This is a description example for record','Some note',NULL,NULL,100.00000000,110.00000000,0.00000000,0.00000000,'HT',10.000,0,0.000,0.000,NULL,0,0,0,'1y',0,NULL,0,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,0.00000000,NULL,NULL,0,'20110729232310',0),(11,'2013-01-13 20:24:42','2013-01-19 17:22:48',0,0,'gh',1,NULL,'hfghf','','','',NULL,0.00000000,0.00000000,0.00000000,0.00000000,'HT',0.000,0,0.000,0.000,1,1,1,0,'',NULL,NULL,0,'','',NULL,NULL,0,NULL,0,NULL,0,NULL,0,-1,0.00000000,'',1,0,NULL,0); +INSERT INTO `llx_product` VALUES (1,'2010-07-08 14:33:17','2013-03-12 09:30:24',0,0,'PINKDRESS',1,NULL,'Pink dress','A beatifull pink dress','',NULL,NULL,100.00000000,112.50000000,90.00000000,101.25000000,'HT',12.500,0,0.000,0.000,1,1,1,0,'',20,NULL,0,'','',NULL,100,0,NULL,0,NULL,0,NULL,0,2,0.00000000,NULL,1,0,NULL,0),(2,'2010-07-09 00:30:01','2013-01-19 17:31:58',0,0,'Product_P1',1,NULL,'Product P1','','','',32,0.00000000,0.00000000,0.00000000,0.00000000,'HT',12.500,0,0.000,0.000,1,1,1,0,'',NULL,NULL,0,'','',NULL,NULL,0,NULL,0,NULL,0,NULL,0,998,0.00000000,NULL,0,0,NULL,0),(3,'2010-07-09 00:30:25','2012-12-08 13:11:14',0,0,'Service_S1',1,NULL,'Service S1','','',NULL,NULL,0.00000000,0.00000000,0.00000000,0.00000000,'HT',12.500,0,0.000,0.000,1,1,1,1,'1m',NULL,NULL,0,'','',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,0.00000000,NULL,0,0,NULL,0),(4,'2010-07-10 14:44:06','2013-01-19 17:22:48',0,0,'DECAP',1,NULL,'Decapsuleur','','',NULL,NULL,5.00000000,5.62500000,0.00000000,0.00000000,'HT',12.500,0,0.000,0.000,1,1,1,0,'',NULL,NULL,0,'','',NULL,2,-3,NULL,0,NULL,0,NULL,0,1001,10.00000000,NULL,1,0,NULL,0),(5,'2011-07-20 23:11:38','2011-07-27 17:02:59',0,0,'aaaa',1,NULL,'aaaa','cccc','bbbb','',NULL,10.00000000,11.96000000,0.00000000,0.00000000,'HT',19.600,0,0.000,0.000,1,1,1,0,'',NULL,NULL,0,'','',NULL,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0.00000000,'',1,0,NULL,0),(6,'2011-07-29 22:16:44','2011-07-29 20:16:44',0,0,'Copy_of_aaaa',1,NULL,'aaaa','cccc','bbbb','',NULL,10.00000000,11.96000000,0.00000000,0.00000000,'HT',19.600,0,0.000,0.000,1,0,1,0,'',NULL,NULL,0,'','',NULL,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0.00000000,'',1,0,NULL,0),(7,'2011-07-29 22:31:21','2011-07-29 20:31:21',0,0,'Copy_of_Copy_of_aaaa',1,NULL,'aaaa','cccc','bbbb','',NULL,10.00000000,11.96000000,0.00000000,0.00000000,'HT',19.600,0,0.000,0.000,1,0,0,0,'',NULL,NULL,0,'','',NULL,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0.00000000,'',1,0,NULL,0),(8,'2011-07-29 22:46:54','2011-07-29 20:46:54',0,0,'Copy_of_Copy_of_Copy_of_aaaa',1,NULL,'aaaa','cccc','bbbb','',NULL,10.00000000,11.96000000,0.00000000,0.00000000,'HT',19.600,0,0.000,0.000,1,0,0,0,'',NULL,NULL,0,'','',NULL,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0.00000000,'',1,0,NULL,0),(10,'2008-12-31 00:00:00','2012-12-08 13:11:14',0,0,'PR123456',1,NULL,'My product','This is a description example for record','Some note',NULL,NULL,100.00000000,110.00000000,0.00000000,0.00000000,'HT',10.000,0,0.000,0.000,NULL,0,0,0,'1y',0,NULL,0,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,0.00000000,NULL,NULL,0,'20110729232310',0),(11,'2013-01-13 20:24:42','2013-01-19 17:22:48',0,0,'gh',1,NULL,'hfghf','','','',NULL,0.00000000,0.00000000,0.00000000,0.00000000,'HT',0.000,0,0.000,0.000,1,1,1,0,'',NULL,NULL,0,'','',NULL,NULL,0,NULL,0,NULL,0,NULL,0,-1,0.00000000,'',1,0,NULL,0); /*!40000 ALTER TABLE `llx_product` ENABLE KEYS */; UNLOCK TABLES; diff --git a/test/phpunit/CommandeFournisseurTest.php b/test/phpunit/CommandeFournisseurTest.php index bf5922460a2..5240083512b 100644 --- a/test/phpunit/CommandeFournisseurTest.php +++ b/test/phpunit/CommandeFournisseurTest.php @@ -145,9 +145,9 @@ class CommandeFournisseurTest extends PHPUnit\Framework\TestCase $societe=new Societe($db); $societe->fetch($socid); $product=new ProductFournisseur($db); - $product->fetch(0, 'PIDRESS'); + $product->fetch(0, 'PINKDRESS'); if ($product->id <= 0) { - print "\n".__METHOD__." A product with ref PIDRESS must exists into database"; die(1); + print "\n".__METHOD__." A product with ref PINKDRESS must exists into database"; die(1); } $quantity=10; diff --git a/test/phpunit/PdfDocTest.php b/test/phpunit/PdfDocTest.php index e744aef3c2f..f7181f8a4f9 100644 --- a/test/phpunit/PdfDocTest.php +++ b/test/phpunit/PdfDocTest.php @@ -141,13 +141,13 @@ class PdfDocTest extends PHPUnit\Framework\TestCase $db=$this->savdb; $localproduct=new Product($this->savdb); - $result = $localproduct->fetch(0, 'PIDRESS'); + $result = $localproduct->fetch(0, 'PINKDRESS'); if ($result < 0) { - print "\n".__METHOD__." Failed to make the fetch of product PIDRESS. ".$localproduct->error; die(1); + print "\n".__METHOD__." Failed to make the fetch of product PINKDRESS. ".$localproduct->error; die(1); } $product_id = $localproduct->id; if ($product_id <= 0) { - print "\n".__METHOD__." A product with ref PIDRESS must exists into database"; die(1); + print "\n".__METHOD__." A product with ref PINKDRESS must exists into database. Create it manually before running the test"; die(1); } $localobject=new Facture($this->savdb); @@ -160,11 +160,11 @@ class PdfDocTest extends PHPUnit\Framework\TestCase $result=pdf_getlinedesc($localobject, 0, $langs); print __METHOD__." result=".$result."\n"; - $this->assertEquals($result, "PIDRESS - Label 1
    This is a description with a é accent
    (Country of origin: France)"); + $this->assertEquals($result, "PINKDRESS - Label 1
    This is a description with a é accent
    (Country of origin: France)"); $result=doc_getlinedesc($localobject->lines[0], $langs); print __METHOD__." result=".$result."\n"; - $this->assertEquals($result, "PIDRESS - Label 1\nThis is a description with a é accent\n(Country of origin: France)"); + $this->assertEquals($result, "PINKDRESS - Label 1\nThis is a description with a é accent\n(Country of origin: France)"); } /** From 38ef0283105ef2ea4619aefc2aeffca0219785ee Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 26 May 2021 12:44:15 +0200 Subject: [PATCH 130/149] Clean code. Fix check for lot that must be unique. --- .../stock/class/mouvementstock.class.php | 116 +++++++++--------- 1 file changed, 60 insertions(+), 56 deletions(-) diff --git a/htdocs/product/stock/class/mouvementstock.class.php b/htdocs/product/stock/class/mouvementstock.class.php index 4877bb861ab..959336c1671 100644 --- a/htdocs/product/stock/class/mouvementstock.class.php +++ b/htdocs/product/stock/class/mouvementstock.class.php @@ -126,27 +126,28 @@ class MouvementStock extends CommonObject // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore /** * Add a movement of stock (in one direction only). + * This is the lowest level method to record a stock change. * $this->origin can be also be set to save the source object of movement. * - * @param User $user User object - * @param int $fk_product Id of product - * @param int $entrepot_id Id of warehouse - * @param int $qty Qty of movement (can be <0 or >0 depending on parameter type) - * @param int $type Direction of movement: - * 0=input (stock increase by a stock transfer), 1=output (stock decrease by a stock transfer), - * 2=output (stock decrease), 3=input (stock increase) - * Note that qty should be > 0 with 0 or 3, < 0 with 1 or 2. - * @param int $price Unit price HT of product, used to calculate average weighted price (AWP or PMP in french). If 0, average weighted price is not changed. - * @param string $label Label of stock movement - * @param string $inventorycode Inventory code - * @param string $datem Force date of movement + * @param User $user User object + * @param int $fk_product Id of product + * @param int $entrepot_id Id of warehouse + * @param int $qty Qty of movement (can be <0 or >0 depending on parameter type) + * @param int $type Direction of movement: + * 0=input (stock increase by a stock transfer), 1=output (stock decrease by a stock transfer), + * 2=output (stock decrease), 3=input (stock increase) + * Note that qty should be > 0 with 0 or 3, < 0 with 1 or 2. + * @param int $price Unit price HT of product, used to calculate average weighted price (AWP or PMP in french). If 0, average weighted price is not changed. + * @param string $label Label of stock movement + * @param string $inventorycode Inventory code + * @param string $datem Force date of movement * @param integer|string $eatby eat-by date. Will be used if lot does not exists yet and will be created. * @param integer|string $sellby sell-by date. Will be used if lot does not exists yet and will be created. - * @param string $batch batch number - * @param boolean $skip_batch If set to true, stock movement is done without impacting batch record - * @param int $id_product_batch Id product_batch (when skip_batch is false and we already know which record of product_batch to use) - * @param int $disablestockchangeforsubproduct Disable stock change for sub-products of kit (usefull only if product is a subproduct) - * @return int <0 if KO, 0 if fk_product is null or product id does not exists, >0 if OK + * @param string $batch batch number + * @param boolean $skip_batch If set to true, stock movement is done without impacting batch record + * @param int $id_product_batch Id product_batch (when skip_batch is false and we already know which record of product_batch to use) + * @param int $disablestockchangeforsubproduct Disable stock change for sub-products of kit (usefull only if product is a subproduct) + * @return int <0 if KO, 0 if fk_product is null or product id does not exists, >0 if OK */ public function _create($user, $fk_product, $entrepot_id, $qty, $type, $price = 0, $label = '', $inventorycode = '', $datem = '', $eatby = '', $sellby = '', $batch = '', $skip_batch = false, $id_product_batch = 0, $disablestockchangeforsubproduct = 0) { @@ -159,10 +160,10 @@ class MouvementStock extends CommonObject $error = 0; dol_syslog(get_class($this)."::_create start userid=$user->id, fk_product=$fk_product, warehouse_id=$entrepot_id, qty=$qty, type=$type, price=$price, label=$label, inventorycode=$inventorycode, datem=".$datem.", eatby=".$eatby.", sellby=".$sellby.", batch=".$batch.", skip_batch=".$skip_batch); - // start hook at beginning + // Call hook at beginning global $action, $hookmanager; $hookmanager->initHooks(array('mouvementstock')); - // Hook of thirdparty module + if (is_object($hookmanager)) { $parameters = array( 'currentcontext' => 'mouvementstock', @@ -181,11 +182,12 @@ class MouvementStock extends CommonObject 'skip_batch' => &$skip_batch, 'id_product_batch' => &$id_product_batch ); - $reshook = $hookmanager->executeHooks('stockMovementCreate', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks + $reshook = $hookmanager->executeHooks('stockMovementCreate', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { - if (!empty($hookmanager->resPrint)) + if (!empty($hookmanager->resPrint)) { dol_print_error('', $hookmanager->resPrint); + } return $reshook; } elseif ($reshook > 0) { return $hookmanager->resPrint; @@ -199,7 +201,8 @@ class MouvementStock extends CommonObject $now = (!empty($datem) ? $datem : dol_now()); // Check parameters - if (empty($fk_product)) return 0; + if (!($fk_product > 0)) return 0; + if (!($entrepot_id > 0)) return 0; if (is_numeric($eatby) && $eatby < 0) { dol_syslog(get_class($this)."::_create start ErrorBadValueForParameterEatBy eatby = ".$eatby); @@ -235,15 +238,23 @@ class MouvementStock extends CommonObject dol_print_error('', "Failed to fetch product"); return -1; } - if ($product->id <= 0) { // Can happen if database is corrupted + if ($product->id <= 0) { // Can happen if database is corrupted (a product id exist in stock with product that has been removed) return 0; } + // Define if we must make the stock change (If product type is a service or if stock is used also for services) + // Only record into stock tables wil be disabled by this (the rest like writing into lot table or movement of subproucts are done) + $movestock = 0; + if ($product->type != Product::TYPE_SERVICE || !empty($conf->global->STOCK_SUPPORTS_SERVICES)) $movestock = 1; + $this->db->begin(); - $product->load_stock('novirtual'); + // Set value $product->stock_reel and detail per warehouse into $product->stock_warehouse array + if ($movestock) { + $product->load_stock('novirtual'); + } - // Test if product require batch data. If yes, and there is not, we throw an error. + // Test if product require batch data. If yes, and there is not or values are not correct, we throw an error. if (!empty($conf->productbatch->enabled) && $product->hasbatch() && !$skip_batch) { if (empty($batch)) { $langs->load("errors"); @@ -261,7 +272,7 @@ class MouvementStock extends CommonObject // If found and eatby/sellby not defined into table and not provided, we do nothing // If not found, we add record $sql = "SELECT pb.rowid, pb.batch, pb.eatby, pb.sellby FROM ".MAIN_DB_PREFIX."product_lot as pb"; - $sql .= " WHERE pb.fk_product = ".$fk_product." AND pb.batch = '".$this->db->escape($batch)."'"; + $sql .= " WHERE pb.fk_product = ".((int) $fk_product)." AND pb.batch = '".$this->db->escape($batch)."'"; dol_syslog(get_class($this)."::_create scan serial for this product to check if eatby and sellby match", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -353,10 +364,6 @@ class MouvementStock extends CommonObject } } - // Define if we must make the stock change (If product type is a service or if stock is used also for services) - $movestock = 0; - if ($product->type != Product::TYPE_SERVICE || !empty($conf->global->STOCK_SUPPORTS_SERVICES)) $movestock = 1; - // Check if stock is enough when qty is < 0 // Note that qty should be > 0 with type 0 or 3, < 0 with type 1 or 2. if ($movestock && $qty < 0 && empty($conf->global->STOCK_ALLOW_NEGATIVE_TRANSFER)) { @@ -391,7 +398,7 @@ class MouvementStock extends CommonObject } } - if ($movestock && $entrepot_id > 0) { // Change stock for current product, change for subproduct is done after + if ($movestock) { // Change stock for current product, change for subproduct is done after // Set $origintype, fk_origin, fk_project $fk_project = 0; if (!empty($this->origin)) { // This is set by caller for tracking reason @@ -520,27 +527,16 @@ class MouvementStock extends CommonObject } } - // Update detail stock for batch product + // Update detail of stock for the lot. if (!$error && !empty($conf->productbatch->enabled) && $product->hasbatch() && !$skip_batch) { - // check unicity for serial numbered equipments ( different for lots managed products) - if ( $product->status_batch == 2 && $qty > 0 ) { - if ( $this->getBatchCount($fk_product, $batch) > 0 ) { - $error++; - $this->errors[] = $langs->trans("SerialNumberAlreadyInUse", $batch, $product->ref); - } elseif ( $qty > 1 ) { - $error++; - $this->errors[] = $langs->trans("TooManyQtyForSerialNumber", $product->ref, $batch); - } + if ($id_product_batch > 0) { + $result = $this->createBatch($id_product_batch, $qty); + } else { + $param_batch = array('fk_product_stock' =>$fk_product_stock, 'batchnumber'=>$batch); + $result = $this->createBatch($param_batch, $qty); } - - if ( ! $error ) { - if ($id_product_batch > 0) { - $result = $this->createBatch($id_product_batch, $qty); - } else { - $param_batch = array('fk_product_stock' =>$fk_product_stock, 'batchnumber'=>$batch); - $result = $this->createBatch($param_batch, $qty); - } - if ($result < 0) $error++; + if ($result < 0) { + $error++; } } @@ -580,6 +576,16 @@ class MouvementStock extends CommonObject $result = $this->call_trigger('STOCK_MOVEMENT', $user); if ($result < 0) $error++; // End call triggers + + // Check unicity for serial numbered equipments once all movement were done. + if (!$error && !empty($conf->productbatch->enabled) && $product->hasbatch() && !$skip_batch) { + if ($product->status_batch == 2 && $qty > 0) { // We check only if we increased qty + if ($this->getBatchCount($fk_product, $batch) > 1) { + $error++; + $this->errors[] = $langs->trans("TooManyQtyForSerialNumber", $batch, $product->ref); + } + } + } } if (!$error) { @@ -1199,16 +1205,14 @@ class MouvementStock extends CommonObject } /** - * Retrieve number of equipments for a product batch + * Retrieve number of equipments for a product lot/serial * - * @param int $fk_product Product id - * @param varchar $batch batch number - * @return int <0 if KO, number of equipments if OK + * @param int $fk_product Product id + * @param string $batch batch number + * @return int <0 if KO, number of equipments found if OK */ private function getBatchCount($fk_product, $batch) { - global $conf; - $cpt = 0; $sql = "SELECT sum(pb.qty) as cpt"; From 7c41be7f0a5069aeca89e40b3e8c4bbd8b4b8967 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 26 May 2021 15:22:49 +0200 Subject: [PATCH 131/149] FIX Navigation in list of holiday --- htdocs/holiday/view_log.php | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/htdocs/holiday/view_log.php b/htdocs/holiday/view_log.php index a2ecbe1e8b3..cd43e03f957 100644 --- a/htdocs/holiday/view_log.php +++ b/htdocs/holiday/view_log.php @@ -373,7 +373,7 @@ if (!empty($arrayfields['cpl.fk_type']['checked'])) { // Filter: Previous balance if (!empty($arrayfields['cpl.prev_solde']['checked'])) { - print ''; + print ''; print ''; print ''; } @@ -385,7 +385,7 @@ if (!empty($arrayfields['variation']['checked'])) { // Filter: New Balance if (!empty($arrayfields['cpl.new_solde']['checked'])) { - print ''; + print ''; print ''; print ''; } @@ -428,12 +428,20 @@ if (!empty($arrayfields['cpl.new_solde']['checked'])) { print getTitleFieldOfList($selectedfields, 0, $_SERVER["PHP_SELF"], '', '', '', '', $sortfield, $sortorder, 'center maxwidthsearch '); print ''; -// TODO: $i = 0; -$i = 1; +$j = 0; +while ($j < ($page * $limit)) { + $obj = next($object->logs); + $j++; +} + +$i = 0; while ($i < min($num, $limit)) { //TODO: $obj = $db->fetch_object($resql); - $obj = next($object->logs); + $obj = current($object->logs); + if (empty($obj)) { + break; + } $holidaylogstatic->id = $obj['rowid']; $holidaylogstatic->date = $obj['date_action']; @@ -511,6 +519,7 @@ while ($i < min($num, $limit)) { print ''; $i++; + next($object->logs); } if ($log_holiday == '2') { From 48945533e43e62dffc981fe06362cbd67ade836b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 26 May 2021 15:22:56 +0200 Subject: [PATCH 132/149] Clean code --- htdocs/holiday/class/holiday.class.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index ffd394a35b3..55dd1c4bafb 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -1992,8 +1992,6 @@ class Holiday extends CommonObject */ public function fetchLog($order, $filter) { - global $langs; - $sql = "SELECT"; $sql .= " cpl.rowid,"; $sql .= " cpl.date_action,"; From 8dd2af42df87ff1fc8d0968c4303682695177a43 Mon Sep 17 00:00:00 2001 From: Antonin MARCHAL Date: Wed, 26 May 2021 16:44:35 +0200 Subject: [PATCH 133/149] fix(param) select_produits_fournisseur_list --- htdocs/core/class/html.form.class.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index a088f276463..04cfe53ef5d 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -3025,6 +3025,10 @@ class Form global $langs, $conf; global $price_level, $status, $finished; + if(empty($status)){ + $status = 1; + } + $selected_input_value = ''; if (!empty($conf->use_javascript_ajax) && !empty($conf->global->PRODUIT_USE_SEARCH_TO_SELECT)) { if ($selected > 0) { @@ -3040,7 +3044,7 @@ class Form print ajax_autocompleter($selected, $htmlname, DOL_URL_ROOT.'/product/ajax/products.php', $urloption, $conf->global->PRODUIT_USE_SEARCH_TO_SELECT, 0, $ajaxoptions); print ($hidelabel ? '' : $langs->trans("RefOrLabel").' : ').''; } else { - print $this->select_produits_fournisseurs_list($socid, $selected, $htmlname, $filtertype, $filtre, '', -1, 0, 0, $alsoproductwithnosupplierprice, $morecss, 0, $placeholder); + print $this->select_produits_fournisseurs_list($socid, $selected, $htmlname, $filtertype, $filtre, '', $status, 0, 0, $alsoproductwithnosupplierprice, $morecss, 0, $placeholder); } } @@ -3054,7 +3058,7 @@ class Form * @param string $filtertype Filter on product type (''=nofilter, 0=product, 1=service) * @param string $filtre Pour filtre sql * @param string $filterkey Filtre des produits - * @param int $statut -1=Return all products, 0=Products not on sell, 1=Products on sell (not used here, a filter on tobuy is already hard coded in request) + * @param int $statut -1=Return all products, 0=Products not on buy, 1=Products on buy * @param int $outputmode 0=HTML select string, 1=Array * @param int $limit Limit of line number * @param int $alsoproductwithnosupplierprice 1=Add also product without supplier prices @@ -3107,7 +3111,9 @@ class Form $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_units u ON u.rowid = p.fk_unit"; } $sql .= " WHERE p.entity IN (".getEntity('product').")"; - $sql .= " AND p.tobuy = 1"; + if($statut != -1){ + $sql .= " AND p.tobuy = ".$statut; + } if (strval($filtertype) != '') { $sql .= " AND p.fk_product_type=".$this->db->escape($filtertype); } From d11d1a2018fd17b5538550f2e7c2fe40905ffa86 Mon Sep 17 00:00:00 2001 From: Antonin MARCHAL Date: Wed, 26 May 2021 17:10:12 +0200 Subject: [PATCH 134/149] lint(stickler) --- htdocs/core/class/html.form.class.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 04cfe53ef5d..b362b177ac0 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -3025,7 +3025,7 @@ class Form global $langs, $conf; global $price_level, $status, $finished; - if(empty($status)){ + if (empty($status)) { $status = 1; } @@ -3058,7 +3058,7 @@ class Form * @param string $filtertype Filter on product type (''=nofilter, 0=product, 1=service) * @param string $filtre Pour filtre sql * @param string $filterkey Filtre des produits - * @param int $statut -1=Return all products, 0=Products not on buy, 1=Products on buy + * @param int $statut -1=Return all products, 0=Products not on buy, 1=Products on buy * @param int $outputmode 0=HTML select string, 1=Array * @param int $limit Limit of line number * @param int $alsoproductwithnosupplierprice 1=Add also product without supplier prices @@ -3111,7 +3111,7 @@ class Form $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_units u ON u.rowid = p.fk_unit"; } $sql .= " WHERE p.entity IN (".getEntity('product').")"; - if($statut != -1){ + if ($statut != -1) { $sql .= " AND p.tobuy = ".$statut; } if (strval($filtertype) != '') { From c3c0ad1c8d8d980fc36bb25350971e92a3d9dcb7 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 26 May 2021 17:20:09 +0200 Subject: [PATCH 135/149] Update html.form.class.php --- htdocs/core/class/html.form.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index b362b177ac0..bb551300e67 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -3112,7 +3112,7 @@ class Form } $sql .= " WHERE p.entity IN (".getEntity('product').")"; if ($statut != -1) { - $sql .= " AND p.tobuy = ".$statut; + $sql .= " AND p.tobuy = ".((int) $statut); } if (strval($filtertype) != '') { $sql .= " AND p.fk_product_type=".$this->db->escape($filtertype); From 8b1b2019f870a2e06ad8430ac8d724028680ad8d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 26 May 2021 17:24:27 +0200 Subject: [PATCH 136/149] Update html.form.class.php --- htdocs/core/class/html.form.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index bb551300e67..1f90b5f4fdc 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -3025,7 +3025,7 @@ class Form global $langs, $conf; global $price_level, $status, $finished; - if (empty($status)) { + if (!isset($status)) { $status = 1; } From 9952fdb6d32e2bc41f3df69d5575c9fec7fd4b58 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 26 May 2021 17:45:45 +0200 Subject: [PATCH 137/149] FIX #17648 #17712 --- htdocs/contact/card.php | 65 +++++++++++++++++++++++++++-------------- 1 file changed, 43 insertions(+), 22 deletions(-) diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php index b337f0980e6..b877909cc58 100644 --- a/htdocs/contact/card.php +++ b/htdocs/contact/card.php @@ -77,12 +77,6 @@ if (!empty($canvas)) { $objcanvas->getCanvas('contact', 'contactcard', $canvas); } -// Security check -if ($user->socid) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', 0); // If we create a contact with no company (shared contacts), no check on write permission - // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('contactcard', 'globalcard')); @@ -96,6 +90,16 @@ if (!($object->id > 0) && $action == 'view') { exit; } +$triggermodname = 'CONTACT_MODIFY'; +$permissiontoadd = $user->rights->societe->contact->creer; + +// Security check +if ($user->socid) { + $socid = $user->socid; +} +$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', 0); // If we create a contact with no company (shared contacts), no check on write permission + + /* * Actions */ @@ -144,7 +148,7 @@ if (empty($reshook)) { // Confirmation desactivation - if ($action == 'disable') { + if ($action == 'disable' && !empty($permissiontoadd)) { $object->fetch($id); if ($object->setstatus(0) < 0) { setEventMessages($object->error, $object->errors, 'errors'); @@ -155,7 +159,7 @@ if (empty($reshook)) { } // Confirmation activation - if ($action == 'enable') { + if ($action == 'enable' && !empty($permissiontoadd)) { $object->fetch($id); if ($object->setstatus(1) < 0) { setEventMessages($object->error, $object->errors, 'errors'); @@ -166,7 +170,7 @@ if (empty($reshook)) { } // Add contact - if ($action == 'add' && $user->rights->societe->contact->creer) { + if ($action == 'add' && !empty($permissiontoadd)) { $db->begin(); if ($canvas) { @@ -307,7 +311,7 @@ if (empty($reshook)) { } } - if ($action == 'update' && empty($cancel) && $user->rights->societe->contact->creer) { + if ($action == 'update' && empty($cancel) && !empty($permissiontoadd)) { if (!GETPOST("lastname", 'alpha')) { $error++; $errors = array($langs->trans("ErrorFieldRequired", $langs->transnoentities("Name").' / '.$langs->transnoentities("Label"))); $action = 'edit'; @@ -457,7 +461,7 @@ if (empty($reshook)) { } } - if ($action == 'setprospectcontactlevel' && $user->rights->societe->contact->creer) { + if ($action == 'setprospectcontactlevel' && !empty($permissiontoadd)) { $object->fetch($id); $object->fk_prospectlevel = GETPOST('prospect_contact_level_id', 'alpha'); $result = $object->update($object->id, $user); @@ -467,7 +471,7 @@ if (empty($reshook)) { } // set communication status - if ($action == 'setstcomm') { + if ($action == 'setstcomm' && !empty($permissiontoadd)) { $object->fetch($id); $object->stcomm_id = dol_getIdFromCode($db, GETPOST('stcomm', 'alpha'), 'c_stcommcontact'); $result = $object->update($object->id, $user); @@ -476,6 +480,31 @@ if (empty($reshook)) { } } + // Update extrafields + if ($action == "update_extras" && !empty($permissiontoadd)) { + $object->fetch(GETPOST('id', 'int')); + + $attributekey = GETPOST('attribute', 'alpha'); + $attributekeylong = 'options_'.$attributekey; + + if (GETPOSTISSET($attributekeylong.'day') && GETPOSTISSET($attributekeylong.'month') && GETPOSTISSET($attributekeylong.'year')) { + // This is properties of a date + $object->array_options['options_'.$attributekey] = dol_mktime(GETPOST($attributekeylong.'hour', 'int'), GETPOST($attributekeylong.'min', 'int'), GETPOST($attributekeylong.'sec', 'int'), GETPOST($attributekeylong.'month', 'int'), GETPOST($attributekeylong.'day', 'int'), GETPOST($attributekeylong.'year', 'int')); + //var_dump(dol_print_date($object->array_options['options_'.$attributekey]));exit; + } else { + $object->array_options['options_'.$attributekey] = GETPOST($attributekeylong, 'alpha'); + } + + $result = $object->insertExtraFields(empty($triggermodname) ? '' : $triggermodname, $user); + if ($result > 0) { + setEventMessages($langs->trans('RecordSaved'), null, 'mesgs'); + $action = 'view'; + } else { + setEventMessages($object->error, $object->errors, 'errors'); + $action = 'edit_extras'; + } + } + // Actions to send emails $triggersendname = 'CONTACT_SENTBYMAIL'; $paramname = 'id'; @@ -821,11 +850,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Other attributes $parameters = array('socid' => $socid, 'objsoc' => $objsoc, 'colspan' => ' colspan="3"', 'cols' => 3); - $reshook = $hookmanager->executeHooks('formObjectOptions', $parameters, $object, $action); // Note that $action and $object may have been modified by hook - print $hookmanager->resPrint; - if (empty($reshook)) { - print $object->showOptionals($extrafields, 'edit', $parameters); - } + include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_add.tpl.php'; print "
    "; @@ -1133,11 +1158,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Other attributes $parameters = array('colspan' => ' colspan="3"', 'cols'=> '3'); - $reshook = $hookmanager->executeHooks('formObjectOptions', $parameters, $object, $action); // Note that $action and $object may have been modified by hook - print $hookmanager->resPrint; - if (empty($reshook)) { - print $object->showOptionals($extrafields, 'edit', $parameters); - } + include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_edit.tpl.php'; $object->load_ref_elements(); From 371f2e4f378d102395037580bef9b197486e8e9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 26 May 2021 18:24:06 +0200 Subject: [PATCH 138/149] fix warnings --- htdocs/adherents/list.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index dde013e60c4..986abc83b7b 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -5,6 +5,7 @@ * Copyright (C) 2013-2015 Raphaël Doursenaud * Copyright (C) 2014-2016 Juanjo Menent * Copyright (C) 2018 Alexandre Spangaro + * Copyright (C) 2021 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -325,7 +326,7 @@ $reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters); // N $sql .= preg_replace('/^,/', '', $hookmanager->resPrint); $sql = preg_replace('/,\s*$/', '', $sql); $sql .= " FROM ".MAIN_DB_PREFIX."adherent as d"; -if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) { +if (!empty($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$object->table_element."_extrafields as ef on (d.rowid = ef.fk_object)"; } if (!empty($search_categ) || !empty($catid)) { @@ -1097,7 +1098,7 @@ while ($i < min($num, $limit)) { print ''; print dol_print_date($datefin, 'day'); if ($memberstatic->hasDelay()) { - $textlate .= ' ('.$langs->trans("DateReference").' > '.$langs->trans("DateToday").' '.(ceil($conf->adherent->subscription->warning_delay / 60 / 60 / 24) >= 0 ? '+' : '').ceil($conf->adherent->subscription->warning_delay / 60 / 60 / 24).' '.$langs->trans("days").')'; + $textlate = ' ('.$langs->trans("DateReference").' > '.$langs->trans("DateToday").' '.(ceil($conf->adherent->subscription->warning_delay / 60 / 60 / 24) >= 0 ? '+' : '').ceil($conf->adherent->subscription->warning_delay / 60 / 60 / 24).' '.$langs->trans("days").')'; print " ".img_warning($langs->trans("SubscriptionLate").$textlate); } print ''; From 7983ce941eabf1679eab2b5fb4a37d9a1e7cdcff Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 27 May 2021 01:52:52 +0200 Subject: [PATCH 139/149] Fix performance page --- htdocs/admin/system/perf.php | 101 ++++++++++++++++++++++++++++++++-- htdocs/langs/en_US/admin.lang | 7 ++- 2 files changed, 100 insertions(+), 8 deletions(-) diff --git a/htdocs/admin/system/perf.php b/htdocs/admin/system/perf.php index b1014cc98c7..32fbe8ab41c 100644 --- a/htdocs/admin/system/perf.php +++ b/htdocs/admin/system/perf.php @@ -464,11 +464,99 @@ if ($conf->db->type == 'mysql' || $conf->db->type == 'mysqli') { print '
    '; } -// Product search +print '
    '; +print ''.$langs->trans("ComboListOptim").': '; +print '
    '; +// Product combo list +$sql = "SELECT COUNT(*) as nb"; +$sql .= " FROM ".MAIN_DB_PREFIX."product as p"; +$resql = $db->query($sql); +if ($resql) { + $limitforoptim = 5000; + $num = $db->num_rows($resql); + $obj = $db->fetch_object($resql); + $nb = $obj->nb; + if ($nb > $limitforoptim) { + if (empty($conf->global->PRODUIT_USE_SEARCH_TO_SELECT)) { + print img_picto('', 'warning.png').' '.$langs->trans("YouHaveXObjectUseComboOptim", $nb, $langs->transnoentitiesnoconv("ProductsOrServices"), 'PRODUIT_USE_SEARCH_TO_SELECT'); + } else { + print img_picto('', 'tick.png').' '.$langs->trans("YouHaveXObjectAndSearchOptimOn", $nb, $langs->transnoentitiesnoconv("ProductsOrServices"), 'PRODUIT_USE_SEARCH_TO_SELECT', $conf->global->PRODUIT_USE_SEARCH_TO_SELECT); + } + } else { + print img_picto('', 'tick.png').' '.$langs->trans("NbOfObjectIsLowerThanNoPb", $nb, $langs->transnoentitiesnoconv("ProductsOrServices")); + } + print '
    '; + $db->free($resql); +} +// Thirdparty combo list +$sql = "SELECT COUNT(*) as nb"; +$sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; +$resql = $db->query($sql); +if ($resql) { + $limitforoptim = 5000; + $num = $db->num_rows($resql); + $obj = $db->fetch_object($resql); + $nb = $obj->nb; + if ($nb > $limitforoptim) { + if (empty($conf->global->COMPANY_USE_SEARCH_TO_SELECT)) { + print img_picto('', 'warning.png').' '.$langs->trans("YouHaveXObjectUseComboOptim", $nb, $langs->transnoentitiesnoconv("ThirdParties"), 'COMPANY_USE_SEARCH_TO_SELECT'); + } else { + print img_picto('', 'tick.png').' '.$langs->trans("YouHaveXObjectAndSearchOptimOn", $nb, $langs->transnoentitiesnoconv("ThirdParties"), 'COMPANY_USE_SEARCH_TO_SELECT', $conf->global->COMPANY_USE_SEARCH_TO_SELECT); + } + } else { + print img_picto('', 'tick.png').' '.$langs->trans("NbOfObjectIsLowerThanNoPb", $nb, $langs->transnoentitiesnoconv("ThirdParties")); + } + print '
    '; + $db->free($resql); +} +// Contact combo list +$sql = "SELECT COUNT(*) as nb"; +$sql .= " FROM ".MAIN_DB_PREFIX."socpeople as s"; +$resql = $db->query($sql); +if ($resql) { + $limitforoptim = 5000; + $num = $db->num_rows($resql); + $obj = $db->fetch_object($resql); + $nb = $obj->nb; + if ($nb > $limitforoptim) { + if (empty($conf->global->CONTACT_USE_SEARCH_TO_SELECT)) { + print img_picto('', 'warning.png').' '.$langs->trans("YouHaveXObjectUseComboOptim", $nb, $langs->transnoentitiesnoconv("Contacts"), 'CONTACT_USE_SEARCH_TO_SELECT'); + } else { + print img_picto('', 'tick.png').' '.$langs->trans("YouHaveXObjectAndSearchOptimOn", $nb, $langs->transnoentitiesnoconv("Contacts"), 'CONTACT_USE_SEARCH_TO_SELECT', $conf->global->CONTACT_USE_SEARCH_TO_SELECT); + } + } else { + print img_picto('', 'tick.png').' '.$langs->trans("NbOfObjectIsLowerThanNoPb", $nb, $langs->transnoentitiesnoconv("Contacts")); + } + print '
    '; + $db->free($resql); +} +// Contact combo list +$sql = "SELECT COUNT(*) as nb"; +$sql .= " FROM ".MAIN_DB_PREFIX."projet as s"; +$resql = $db->query($sql); +if ($resql) { + $limitforoptim = 5000; + $num = $db->num_rows($resql); + $obj = $db->fetch_object($resql); + $nb = $obj->nb; + if ($nb > $limitforoptim) { + if (empty($conf->global->PROJECT_USE_SEARCH_TO_SELECT)) { + print img_picto('', 'warning.png').' '.$langs->trans("YouHaveXObjectUseComboOptim", $nb, $langs->transnoentitiesnoconv("Projects"), 'PROJECT_USE_SEARCH_TO_SELECT'); + } else { + print img_picto('', 'tick.png').' '.$langs->trans("YouHaveXObjectAndSearchOptimOn", $nb, $langs->transnoentitiesnoconv("Projects"), 'PROJECT_USE_SEARCH_TO_SELECT', $conf->global->PROJECT_USE_SEARCH_TO_SELECT); + } + } else { + print img_picto('', 'tick.png').' '.$langs->trans("NbOfObjectIsLowerThanNoPb", $nb, $langs->transnoentitiesnoconv("Projects")); + } + print '
    '; + $db->free($resql); +} + + print '
    '; print ''.$langs->trans("SearchOptim").': '; print '
    '; -$tab = array(); +// Product search $sql = "SELECT COUNT(*) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."product as p"; $resql = $db->query($sql); @@ -480,8 +568,9 @@ if ($resql) { if ($nb > $limitforoptim) { if (empty($conf->global->PRODUCT_DONOTSEARCH_ANYWHERE)) { print img_picto('', 'warning.png').' '.$langs->trans("YouHaveXObjectUseSearchOptim", $nb, $langs->transnoentitiesnoconv("ProductsOrServices"), 'PRODUCT_DONOTSEARCH_ANYWHERE'); + print $langs->trans("YouHaveXObjectUseSearchOptimDesc"); } else { - print img_picto('', 'tick.png').' '.$langs->trans("YouHaveXObjectAndSearchOptimOn", $nb, $langs->transnoentitiesnoconv("ProductsOrServices")); + print img_picto('', 'tick.png').' '.$langs->trans("YouHaveXObjectAndSearchOptimOn", $nb, $langs->transnoentitiesnoconv("ProductsOrServices"), 'PRODUCT_DONOTSEARCH_ANYWHERE', $conf->global->PRODUCT_DONOTSEARCH_ANYWHERE); } } else { print img_picto('', 'tick.png').' '.$langs->trans("NbOfObjectIsLowerThanNoPb", $nb, $langs->transnoentitiesnoconv("ProductsOrServices")); @@ -491,20 +580,20 @@ if ($resql) { } // Thirdparty search -$tab = array(); $sql = "SELECT COUNT(*) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $resql = $db->query($sql); if ($resql) { - $limitforoptim = 10000; + $limitforoptim = 100000; $num = $db->num_rows($resql); $obj = $db->fetch_object($resql); $nb = $obj->nb; if ($nb > $limitforoptim) { if (empty($conf->global->COMPANY_DONOTSEARCH_ANYWHERE)) { print img_picto('', 'warning.png').' '.$langs->trans("YouHaveXObjectUseSearchOptim", $nb, $langs->transnoentitiesnoconv("ThirdParties"), 'COMPANY_DONOTSEARCH_ANYWHERE'); + print $langs->trans("YouHaveXObjectUseSearchOptimDesc"); } else { - print img_picto('', 'tick.png').' '.$langs->trans("YouHaveXObjectAndSearchOptimOn", $nb, $langs->transnoentitiesnoconv("ThirdParties")); + print img_picto('', 'tick.png').' '.$langs->trans("YouHaveXObjectAndSearchOptimOn", $nb, $langs->transnoentitiesnoconv("ThirdParties"), 'COMPANY_DONOTSEARCH_ANYWHERE', $conf->global->COMPANY_DONOTSEARCH_ANYWHERE); } } else { print img_picto('', 'tick.png').' '.$langs->trans("NbOfObjectIsLowerThanNoPb", $nb, $langs->transnoentitiesnoconv("ThirdParties")); diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 78077474c96..2eaba13de3c 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -1323,9 +1323,12 @@ ConditionIsCurrently=Condition is currently %s YouUseBestDriver=You use driver %s which is the best driver currently available. YouDoNotUseBestDriver=You use driver %s but driver %s is recommended. NbOfObjectIsLowerThanNoPb=You have only %s %s in the database. This does not require any particular optimization. +ComboListOptim=Combo list loading optimization SearchOptim=Search optimization -YouHaveXObjectUseSearchOptim=You have %s %s in the database. You can add the constant %s to 1 in Home-Setup-Other. Limit the search to the beginning of strings which makes it possible for the database to use indexes and you should get an immediate response. -YouHaveXObjectAndSearchOptimOn=You have %s %s in the database and constant %s is set to 1 in Home-Setup-Other. +YouHaveXObjectUseComboOptim=You have %s %s in the database. You can go into setup of module to enable loading of combo list on key pressed event. +YouHaveXObjectUseSearchOptim=You have %s %s in the database. You can add the constant %s to 1 in Home-Setup-Other. +YouHaveXObjectUseSearchOptimDesc=This limits the search to the beginning of strings which makes it possible for the database to use indexes and you should get an immediate response. +YouHaveXObjectAndSearchOptimOn=You have %s %s in the database and constant %s is set to %s in Home-Setup-Other. BrowserIsOK=You are using the %s web browser. This browser is ok for security and performance. BrowserIsKO=You are using the %s web browser. This browser is known to be a bad choice for security, performance and reliability. We recommend using Firefox, Chrome, Opera or Safari. PHPModuleLoaded=PHP component %s is loaded From 4f61286ae29a69a8c6358d1271ce1e7c734665f1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 27 May 2021 02:36:16 +0200 Subject: [PATCH 140/149] Small perf fix --- htdocs/comm/action/list.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php index e5dba5d88db..0ecf33e5ebf 100644 --- a/htdocs/comm/action/list.php +++ b/htdocs/comm/action/list.php @@ -320,7 +320,7 @@ if ($search_title != '') { $param .= '&search_title='.urlencode($search_title); } if ($search_note != '') { - $param .= '&search_note='.$search_note; + $param .= '&search_note='.urlencode($search_note); } if (GETPOST('datestartday', 'int')) { $param .= '&datestartday='.GETPOST('datestartday', 'int'); @@ -829,7 +829,11 @@ if ($resql) { $actionstatic->location = $obj->location; $actionstatic->note_private = dol_htmlentitiesbr($obj->note); - $actionstatic->fetchResources(); + // Initialize $this->userassigned && this->socpeopleassigned array && this->userownerid + // but only if we need it + if (!empty($arrayfields['a.fk_contact']['checked'])) { + $actionstatic->fetchResources(); + } print ''; From 2caaa52e855e36576d5fbb0059f5e1e82a546ce7 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 27 May 2021 02:52:51 +0200 Subject: [PATCH 141/149] Doc --- htdocs/comm/action/list.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php index 0ecf33e5ebf..8c6fc94e31f 100644 --- a/htdocs/comm/action/list.php +++ b/htdocs/comm/action/list.php @@ -520,6 +520,7 @@ $sql .= $db->order($sortfield, $sortorder); $nbtotalofrecords = ''; if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { + // TODO Set and use an optimized request in $sqlforcount with no fields and no useless join to caluclate nb of records $result = $db->query($sql); $nbtotalofrecords = $db->num_rows($result); if (($page * $limit) > $nbtotalofrecords) { // if total resultset is smaller then paging size (filtering), goto and load page 0 From 531dee31fd4b29653b2da452eeec7d3b83642ad4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 27 May 2021 11:14:29 +0200 Subject: [PATCH 142/149] Fix securekey --- htdocs/public/payment/newpayment.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index 287f9a576db..38732d3825f 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -254,11 +254,15 @@ $parameters = [ $reshook = $hookmanager->executeHooks('doValidatePayment', $parameters, $object, $action); // Check security token +$tmpsource = $source; +if ($tmpsource == 'membersubscription') { + $tmpsource = 'member'; +} $valid = true; if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) { if (!empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) { - if ($source && $REF) { - $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$source.$REF, 2); // Use the source in the hash to avoid duplicates if the references are identical + if ($tmpsource && $REF) { + $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$tmpsource.$REF, 2); // Use the source in the hash to avoid duplicates if the references are identical } else { $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN, 2); } @@ -770,7 +774,7 @@ $replacemainarea = (empty($conf->dol_hide_leftmenu) ? '
    ' : '').'
    '; llxHeader($head, $langs->trans("PaymentForm"), '', '', 0, 0, '', '', '', 'onlinepaymentbody', $replacemainarea); // Check link validity -if ($source && in_array($ref, array('member_ref', 'contractline_ref', 'invoice_ref', 'order_ref', ''))) { +if ($source && in_array($ref, array('member_ref', 'contractline_ref', 'invoice_ref', 'order_ref', 'donation_ref', ''))) { $langs->load("errors"); dol_print_error_email('BADREFINPAYMENTFORM', $langs->trans("ErrorBadLinkSourceSetButBadValueForRef", $source, $ref)); // End of page From 5a5fa1edbb8c214b54f6bcfd43dcf9a537a08a93 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 27 May 2021 11:57:17 +0200 Subject: [PATCH 143/149] Fix regression amount was always empty. --- htdocs/public/payment/newpayment.php | 60 +++++++++++++++++----------- htdocs/stripe/class/stripe.class.php | 2 +- 2 files changed, 37 insertions(+), 25 deletions(-) diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index 38732d3825f..b58a57fc706 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -762,6 +762,8 @@ if ($action == 'charge' && !empty($conf->stripe->enabled)) { * View */ +$form = new Form($db); + $head = ''; if (!empty($conf->global->ONLINE_PAYMENT_CSS_URL)) { $head = ''."\n"; @@ -1483,32 +1485,42 @@ if ($source == 'member' || $source == 'membersubscription') { } if ($member->type) { - // Last member type - print ''.$langs->trans("LastMemberType"); - print ''.dol_escape_htmltag($member->type); - print "\n"; + $oldtypeid = $member->typeid; + $newtypeid = (int) (GETPOSTISSET("typeid") ? GETPOST("typeid", 'int') : $member->typeid); - require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php'; - $adht = new AdherentType($db); - // Amount by member type - $amountbytype = $adht->amountByType(1); - // Set the member type - $member->typeid = (int) (GETPOSTISSET("typeid") ? GETPOST("typeid", 'int') : $member->typeid); - // If we change the type of membership, we set also label of new type - $member->type = dol_getIdFromCode($db, $member->typeid, 'adherent_type', 'rowid', 'libelle'); - // Set amount for the subscription - $amount = (!empty($amountbytype[$member->typeid])) ? $amountbytype[$member->typeid] : $member->last_subscription_amount; - // list member type - if ( !$action) { - $form = new Form($db); // so we can call method selectarray - print ''.$langs->trans("NewSubscription"); - print ''; - print $form->selectarray("typeid", $adht->liste_array(1), $member->typeid, 0, 0, 0, 'onchange="window.location.replace(\''.$urlwithroot.'/public/payment/newpayment.php?source='.urlencode($source).'&ref='.urlencode($ref).'&amount='.urlencode($amount).'&typeid=\' + this.value + \'&securekey='.urlencode($SECUREKEY).'\');"', 0, 0, 0, '', '', 1); - print "\n"; - } elseif ($action == dopayment) { - print ''.$langs->trans("NewMemberType"); + if ($oldtypeid != $newtypeid && !empty($conf->global->MEMBER_ALLOW_CHANGE_OF_TYPE)) { + require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php'; + $adht = new AdherentType($db); + // Amount by member type + $amountbytype = $adht->amountByType(1); + + // Last member type + print ''.$langs->trans("LastMemberType"); + print ''.dol_escape_htmltag($member->type); + print "\n"; + + // Set the new member type + $member->typeid = $newtypeid; + $member->type = dol_getIdFromCode($db, $newtypeid, 'adherent_type', 'rowid', 'libelle'); + + // list member type + if (!$action) { + // Set amount for the subscription + $amount = (!empty($amountbytype[$member->typeid])) ? $amountbytype[$member->typeid] : $member->last_subscription_amount; + + print ''.$langs->trans("NewSubscription"); + print ''; + print $form->selectarray("typeid", $adht->liste_array(1), $member->typeid, 0, 0, 0, 'onchange="window.location.replace(\''.$urlwithroot.'/public/payment/newpayment.php?source='.urlencode($source).'&ref='.urlencode($ref).'&amount='.urlencode($amount).'&typeid=\' + this.value + \'&securekey='.urlencode($SECUREKEY).'\');"', 0, 0, 0, '', '', 1); + print "\n"; + } elseif ($action == dopayment) { + print ''.$langs->trans("NewMemberType"); + print ''.dol_escape_htmltag($member->type); + print ''; + print "\n"; + } + } else { + print ''.$langs->trans("MemberType"); print ''.dol_escape_htmltag($member->type); - print ''; print "\n"; } } diff --git a/htdocs/stripe/class/stripe.class.php b/htdocs/stripe/class/stripe.class.php index 7f325090b5e..5614b3c6138 100644 --- a/htdocs/stripe/class/stripe.class.php +++ b/htdocs/stripe/class/stripe.class.php @@ -514,7 +514,7 @@ class Stripe extends CommonObject if (!$resql) { $error++; $this->error = $this->db->lasterror(); - dol_syslog(get_class($this)."::PaymentIntent failed to insert paymentintent with id=".$paymentintent->id." into database."); + dol_syslog(get_class($this)."::PaymentIntent failed to insert paymentintent with id=".$paymentintent->id." into database.", LOG_ERR); } } } else { From 61138b821078a66283fbdeccc88521f8d72cb613 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 27 May 2021 14:25:00 +0200 Subject: [PATCH 144/149] Fix look and feel v14 --- htdocs/user/card.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 073438bda1f..d189ced83aa 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -1134,7 +1134,8 @@ if ($action == 'create' || $action == 'adduserldap') { } if (!empty($conf->global->MAIN_MULTILANGS)) { - print ''.$form->editfieldkey('DefaultLang', 'default_lang', '', $object, 0).''."\n"; + print ''.$form->editfieldkey('DefaultLang', 'default_lang', '', $object, 0, 'string', '', 0, 0, 'id', $langs->trans("WarningNotLangOfInterface", $langs->transnoentitiesnoconv("UserGUISetup"))).''; + print ''."\n"; print img_picto('', 'language').$formadmin->select_language(GETPOST('default_lang', 'alpha') ?GETPOST('default_lang', 'alpha') : ($object->lang ? $object->lang : ''), 'default_lang', 0, 0, 1, 0, 0, 'maxwidth200onsmartphone'); print ''; print ''; @@ -1590,13 +1591,15 @@ if ($action == 'create' || $action == 'adduserldap') { // Default language if (!empty($conf->global->MAIN_MULTILANGS)) { + $langs->load("languages"); require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; - print ''.$langs->trans("DefaultLang").''; + print ''; + print $form->textwithpicto($langs->trans("DefaultLang"), $langs->trans("WarningNotLangOfInterface", $langs->transnoentitiesnoconv("UserGUISetup"))); + print ''; //$s=picto_from_langcode($object->default_lang); //print ($s?$s.' ':''); - $langs->load("languages"); $labellang = ($object->lang ? $langs->trans('Language_'.$object->lang) : ''); - print $form->textwithpicto($labellang, $langs->trans("WarningNotLangOfInterface", $langs->transnoentitiesnoconv("UserGUISetup"))); + print $labellang; print ''; } @@ -2500,7 +2503,7 @@ if ($action == 'create' || $action == 'adduserldap') { // Default language if (!empty($conf->global->MAIN_MULTILANGS)) { - print ''.$form->editfieldkey('DefaultLang', 'default_lang', '', $object, 0).''."\n"; + print ''.$form->editfieldkey('DefaultLang', 'default_lang', '', $object, 0, 'string', '', 0, 0, 'id', $langs->trans("WarningNotLangOfInterface", $langs->transnoentitiesnoconv("UserGUISetup"))).''."\n"; print img_picto('', 'language').$formadmin->select_language($object->lang, 'default_lang', 0, 0, 1); print ''; print ''; From e9cf33dac56fdce36bd8e7600faa47be970279cc Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 27 May 2021 14:35:20 +0200 Subject: [PATCH 145/149] css --- htdocs/adherents/subscription/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/adherents/subscription/list.php b/htdocs/adherents/subscription/list.php index 06cd77f61c4..15dbfd2ec30 100644 --- a/htdocs/adherents/subscription/list.php +++ b/htdocs/adherents/subscription/list.php @@ -528,7 +528,7 @@ while ($i < min($num, $limit)) { // Lastname if (!empty($arrayfields['d.lastname']['checked'])) { - print ''.$adherent->getNomUrl(-1, 0, 'card', 'lastname').''; + print ''.$adherent->getNomUrl(-1, 0, 'card', 'lastname').''; if (!$i) { $totalarray['nbfield']++; } From e7f9d317c30164097790213a293d3cee472b9692 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 27 May 2021 14:45:16 +0200 Subject: [PATCH 146/149] css --- htdocs/adherents/subscription/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/adherents/subscription/list.php b/htdocs/adherents/subscription/list.php index 15dbfd2ec30..2a40524413d 100644 --- a/htdocs/adherents/subscription/list.php +++ b/htdocs/adherents/subscription/list.php @@ -551,7 +551,7 @@ while ($i < min($num, $limit)) { // Label if (!empty($arrayfields['t.libelle']['checked'])) { - print ''; + print ''; print $obj->note; print ''; if (!$i) { From cc0560c73dc50ca484970726f3009573fc6c0d63 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 27 May 2021 14:47:06 +0200 Subject: [PATCH 147/149] css --- htdocs/adherents/subscription/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/adherents/subscription/list.php b/htdocs/adherents/subscription/list.php index 2a40524413d..d3d84cb3624 100644 --- a/htdocs/adherents/subscription/list.php +++ b/htdocs/adherents/subscription/list.php @@ -528,7 +528,7 @@ while ($i < min($num, $limit)) { // Lastname if (!empty($arrayfields['d.lastname']['checked'])) { - print ''.$adherent->getNomUrl(-1, 0, 'card', 'lastname').''; + print ''.$adherent->getNomUrl(-1, 0, 'card', 'lastname').''; if (!$i) { $totalarray['nbfield']++; } From a33f6a897748480026921694b62889db79d7717c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 27 May 2021 14:57:16 +0200 Subject: [PATCH 148/149] css --- htdocs/adherents/list.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index 986abc83b7b..838b7a6a620 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -949,7 +949,7 @@ while ($i < min($num, $limit)) { } // Firstname if (!empty($arrayfields['d.firstname']['checked'])) { - print ""; + print ''; print $obj->firstname; print "\n"; if (!$i) { @@ -958,7 +958,7 @@ while ($i < min($num, $limit)) { } // Lastname if (!empty($arrayfields['d.lastname']['checked'])) { - print ""; + print ''; print $obj->lastname; print "\n"; if (!$i) { @@ -978,13 +978,13 @@ while ($i < min($num, $limit)) { } // Company if (!empty($arrayfields['d.company']['checked'])) { - print ""; + print ''; print $companyname; print "\n"; } // Login if (!empty($arrayfields['d.login']['checked'])) { - print "".$obj->login."\n"; + print ''.$obj->login."\n"; if (!$i) { $totalarray['nbfield']++; } @@ -1009,7 +1009,7 @@ while ($i < min($num, $limit)) { if (!empty($arrayfields['t.libelle']['checked'])) { $membertypestatic->id = $obj->type_id; $membertypestatic->label = $obj->type; - print ''; + print ''; print $membertypestatic->getNomUrl(1, 32); print ''; if (!$i) { @@ -1018,7 +1018,7 @@ while ($i < min($num, $limit)) { } // Address if (!empty($arrayfields['d.address']['checked'])) { - print ''; + print ''; print $obj->address; print ''; if (!$i) { From 819e6e1122610cc5b15c94c1a89cdc741ac25fe3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 27 May 2021 14:59:44 +0200 Subject: [PATCH 149/149] Fix duplicate --- htdocs/adherents/list.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index 838b7a6a620..749eacbbe10 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -306,7 +306,12 @@ $memberstatic = new Adherent($db); $now = dol_now(); -$sql = "SELECT d.rowid, d.ref, d.login, d.lastname, d.firstname, d.gender, d.societe as company, d.fk_soc,"; +if (!empty($search_categ) || !empty($catid)) { + $sql = "SELECT DISTINCT"; +} else { + $sql = "SELECT"; +} +$sql .= " d.rowid, d.ref, d.login, d.lastname, d.firstname, d.gender, d.societe as company, d.fk_soc,"; $sql .= " d.civility, d.datefin, d.address, d.zip, d.town, d.state_id, d.country,"; $sql .= " d.email, d.phone, d.phone_perso, d.phone_mobile, d.skype, d.birth, d.public, d.photo,"; $sql .= " d.fk_adherent_type as type_id, d.morphy, d.statut, d.datec as date_creation, d.tms as date_update,"; @@ -337,7 +342,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as country on (country.rowid = d $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_departements as state on (state.rowid = d.state_id)"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on (s.rowid = d.fk_soc)"; $sql .= ", ".MAIN_DB_PREFIX."adherent_type as t"; -$sql .= " WHERE d.fk_adherent_type = t.rowid "; +$sql .= " WHERE d.fk_adherent_type = t.rowid"; if ($catid > 0) { $sql .= " AND cm.fk_categorie = ".((int) $catid); }