From e49f94d02e7a292bf7466750685bee46770e1d3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Sun, 5 Jan 2014 04:52:45 +0100 Subject: [PATCH 1/9] Fixed XSS problem in title tag --- htdocs/main.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index e8342224c4b..1ec90826662 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -968,7 +968,7 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs $appli='Dolibarr'; if (!empty($conf->global->MAIN_APPLICATION_TITLE)) $appli=$conf->global->MAIN_APPLICATION_TITLE; - if ($title) print ''.$appli.' - '.$title.''; + if ($title) print ''.$appli.' - '.htmlentities($title).''; else print "".$appli.""; print "\n"; From e7d2765fc6294ebf8eb7ebe1bbfac06d8edd89d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Sun, 5 Jan 2014 21:08:37 +0100 Subject: [PATCH 2/9] Replaced use of htmlentities with dol_htmlentities --- htdocs/main.inc.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 1ec90826662..6ffb94a1bc9 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -968,8 +968,8 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs $appli='Dolibarr'; if (!empty($conf->global->MAIN_APPLICATION_TITLE)) $appli=$conf->global->MAIN_APPLICATION_TITLE; - if ($title) print ''.$appli.' - '.htmlentities($title).''; - else print "".$appli.""; + if ($title) print ''.dol_htmlentities($appli.' - '.$title).''; + else print "".dol_htmlentities($appli).""; print "\n"; if (! defined('DISABLE_JQUERY') && ! $disablejs && $conf->use_javascript_ajax) From 0622fc4ffdc5603ebd1a5a98337c7ead5155471e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Mon, 6 Jan 2014 06:03:26 +0100 Subject: [PATCH 3/9] Added missing translation key --- htdocs/langs/en_US/companies.lang | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/langs/en_US/companies.lang b/htdocs/langs/en_US/companies.lang index d999442f84d..b5c2a7339f8 100644 --- a/htdocs/langs/en_US/companies.lang +++ b/htdocs/langs/en_US/companies.lang @@ -82,6 +82,7 @@ DefaultLang=Language by default VATIsUsed=VAT is used VATIsNotUsed=VAT is not used CopyAddressFromSoc=Fill address with thirdparty address +NoEmailDefined=There is no email defined ##### Local Taxes ##### LocalTax1IsUsedES= RE is used LocalTax1IsNotUsedES= RE is not used From 2a41a29306ce3d377b76d9c2f0f6afc2de2e2ce7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Mon, 6 Jan 2014 06:05:14 +0100 Subject: [PATCH 4/9] Fixed bad translation --- htdocs/langs/en_US/compta.lang | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/langs/en_US/compta.lang b/htdocs/langs/en_US/compta.lang index 139807eaa20..b505efef8bc 100644 --- a/htdocs/langs/en_US/compta.lang +++ b/htdocs/langs/en_US/compta.lang @@ -160,9 +160,9 @@ AccountancyDashboard=Accountancy summary ByProductsAndServices=By products and services RefExt=External ref ToCreateAPredefinedInvoice=To create a predefined invoice, create a standard invoice then, without validating it, click onto button "Convert to predefined invoice". -LinkedOrder=linked to command +LinkedOrder=linked to order ReCalculate=Recalculate -Mode1=Methode 1 +Mode1=Method 1 Mode2=Method 2 CalculationRuleDesc=To calculate total VAT, there is two methods:
Method 1 is rounding vat on each line, then summing them.
Method 2 is summing all vat on each line, then rounding result.
Final result may differs from few cents. Default mode is mode %s. CalculationRuleDescSupplier=according to supplier, choose appropriate method to apply same calculation rule and get same result expected by your supplier. From eb5b6efd4000c822fe29589990b65ff9612f85c2 Mon Sep 17 00:00:00 2001 From: "cam.lafit" Date: Mon, 6 Jan 2014 19:25:25 +0100 Subject: [PATCH 5/9] Execute in background process libreoffice listener * If listener is not started, script try to run it but can't continue processus --- scripts/odt2pdf/odt2pdf.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/odt2pdf/odt2pdf.sh b/scripts/odt2pdf/odt2pdf.sh index 9268b4a680f..0599e4291c5 100755 --- a/scripts/odt2pdf/odt2pdf.sh +++ b/scripts/odt2pdf/odt2pdf.sh @@ -22,7 +22,7 @@ if [ -f "$1.odt" ] nbprocess=$(pgrep -c soffice) if [ $nbprocess -ne 1 ] then - soffice --invisible --accept="socket,host=127.0.0.1,port=8100;urp;" --nofirststartwizard --headless + soffice --invisible --accept="socket,host=127.0.0.1,port=8100;urp;" --nofirststartwizard --headless& retcode=$? if [ $retcode -ne 0 ] then From 1229842dc67a9a046e7e12d526685d737afacb0f Mon Sep 17 00:00:00 2001 From: "cam.lafit" Date: Mon, 6 Jan 2014 19:27:12 +0100 Subject: [PATCH 6/9] Provide a new constant about odt2pdf mangement : Don't remove odt source * MAIN_ODT_AS_PDF_DEL_SOURCE by default disable * If set then initial behaviour is conserved, odt file is removed --- htdocs/includes/odtphp/odf.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/includes/odtphp/odf.php b/htdocs/includes/odtphp/odf.php index d2cb8e0b6e1..2848ddc8ddb 100644 --- a/htdocs/includes/odtphp/odf.php +++ b/htdocs/includes/odtphp/odf.php @@ -478,7 +478,8 @@ IMG; header('Content-Disposition: attachment; filename="'.$name.'.pdf"'); readfile("$name.pdf"); } - unlink("$name.odt"); + if (!empty($conf->global->MAIN_ODT_AS_PDF_DEL_SOURCE)) + unlink("$name.odt"); } else { dol_syslog(get_class($this).'::exportAsAttachedPDF $ret_val='.$retval, LOG_DEBUG); dol_syslog(get_class($this).'::exportAsAttachedPDF $output_arr='.var_export($output_arr,true), LOG_DEBUG); @@ -555,4 +556,4 @@ IMG; } } -?> \ No newline at end of file +?> From f1d1522478e7971a5fcf5f9cc2d725014948f32e Mon Sep 17 00:00:00 2001 From: jfefe Date: Thu, 9 Jan 2014 01:49:59 +0100 Subject: [PATCH 7/9] Fix : when using several field for label into sellist extrafields traduction is not needed. Without this, the list display "not defined". The key can't exists because label displayed is build from several field so we show raw data --- htdocs/core/class/extrafields.class.php | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index 39916775507..b68e395580a 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -753,6 +753,7 @@ class ExtraFields $fields_label = explode('|',$InfoFieldList[1]); if(is_array($fields_label)) { + $notrans = true; foreach ($fields_label as $field_toshow) { $labeltoshow.= $obj->$field_toshow.' '; @@ -778,12 +779,15 @@ class ExtraFields } else { - $translabel=$langs->trans($obj->$InfoFieldList[1]); - if ($translabel!=$obj->$InfoFieldList[1]) { - $labeltoshow=dol_trunc($translabel,18); - } - else { - $labeltoshow=dol_trunc($obj->$InfoFieldList[1],18); + if(!$notrans) + { + $translabel=$langs->trans($obj->$InfoFieldList[1]); + if ($translabel!=$obj->$InfoFieldList[1]) { + $labeltoshow=dol_trunc($translabel,18); + } + else { + $labeltoshow=dol_trunc($obj->$InfoFieldList[1],18); + } } if (empty($labeltoshow)) $labeltoshow='(not defined)'; if ($value==$obj->rowid) From f5544646904bf7ae18dabe0ab938188ac4691034 Mon Sep 17 00:00:00 2001 From: jfefe Date: Thu, 9 Jan 2014 02:10:03 +0100 Subject: [PATCH 8/9] New : ajax list for extrafields list and sellist --- htdocs/core/class/extrafields.class.php | 34 +++++++++++++++++++------ 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index 39916775507..46d03246fe3 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -670,7 +670,14 @@ class ExtraFields } elseif ($type == 'select') { - $out=''; foreach ($param['options'] as $key=>$val ) { list($val, $parent) = explode('|', $val); @@ -683,7 +690,14 @@ class ExtraFields } elseif ($type == 'sellist') { - $out=''; if (is_array($param['options'])) { $param_list=array_keys($param['options']); @@ -753,6 +767,7 @@ class ExtraFields $fields_label = explode('|',$InfoFieldList[1]); if(is_array($fields_label)) { + $notrans = true; foreach ($fields_label as $field_toshow) { $labeltoshow.= $obj->$field_toshow.' '; @@ -778,12 +793,15 @@ class ExtraFields } else { - $translabel=$langs->trans($obj->$InfoFieldList[1]); - if ($translabel!=$obj->$InfoFieldList[1]) { - $labeltoshow=dol_trunc($translabel,18); - } - else { - $labeltoshow=dol_trunc($obj->$InfoFieldList[1],18); + if(!$notrans) + { + $translabel=$langs->trans($obj->$InfoFieldList[1]); + if ($translabel!=$obj->$InfoFieldList[1]) { + $labeltoshow=dol_trunc($translabel,18); + } + else { + $labeltoshow=dol_trunc($obj->$InfoFieldList[1],18); + } } if (empty($labeltoshow)) $labeltoshow='(not defined)'; if ($value==$obj->rowid) From 77a1d6a43a4f8b38271e23da00a8dfbb42d8c284 Mon Sep 17 00:00:00 2001 From: jfefe Date: Thu, 9 Jan 2014 02:40:34 +0100 Subject: [PATCH 9/9] Bad value display when using several label into sellist extrafield --- htdocs/core/class/extrafields.class.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index b68e395580a..22b159cbe3d 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -958,11 +958,11 @@ class ExtraFields { foreach ($fields_label as $field_toshow) { - $translabel=$langs->trans($obj->$InfoFieldList[1]); - if ($translabel!=$obj->$InfoFieldList[1]) { - $value=dol_trunc($translabel,18).' '; + $translabel=$langs->trans($field_toshow); + if ($translabel!=$field_toshow) { + $value.=dol_trunc($translabel,18).' '; }else { - $value=$obj->$InfoFieldList[1].' '; + $value.=$obj->$field_toshow.' '; } } }