Merge branch '14.0' of git@github.com:Dolibarr/dolibarr.git into develop
Conflicts: htdocs/admin/dict.php htdocs/compta/cashcontrol/cashcontrol_list.php htdocs/fourn/class/fournisseur.facture.class.php htdocs/modulebuilder/index.php htdocs/modulebuilder/template/myobject_list.php htdocs/product/class/api_products.class.php
This commit is contained in:
Laurent Destailleur
commit
c81bf68578
@ -963,7 +963,7 @@ if ($rowid > 0) {
|
||||
|
||||
if ($adht->subscription) {
|
||||
// Amount
|
||||
print '<tr><td class="fieldrequired">'.$langs->trans("Amount").'</td><td><input type="text" name="subscription" size="6" value="'.GETPOST('subscription').'"> '.$langs->trans("Currency".$conf->currency).'</td></tr>';
|
||||
print '<tr><td class="fieldrequired">'.$langs->trans("Amount").'</td><td><input type="text" name="subscription" size="6" value="'. price(GETPOSTISSET('subscription') ? GETPOST('subscription') : $adht->amount).'"> '.$langs->trans("Currency".$conf->currency) .'</td></tr>';
|
||||
|
||||
// Label
|
||||
print '<tr><td>'.$langs->trans("Label").'</td>';
|
||||
|
||||
@ -220,7 +220,7 @@ $tabsql[21] = "SELECT c.rowid as rowid, c.code, c.label, c.active, c.position FR
|
||||
$tabsql[22] = "SELECT rowid as rowid, code, label, active FROM ".MAIN_DB_PREFIX."c_input_reason";
|
||||
$tabsql[23] = "SELECT t.rowid as rowid, t.taux, t.revenuestamp_type, c.label as country, c.code as country_code, t.fk_pays as country_id, t.note, t.active, t.accountancy_code_sell, t.accountancy_code_buy FROM ".MAIN_DB_PREFIX."c_revenuestamp as t, ".MAIN_DB_PREFIX."c_country as c WHERE t.fk_pays=c.rowid";
|
||||
$tabsql[24] = "SELECT rowid as rowid, code, label, active FROM ".MAIN_DB_PREFIX."c_type_resource";
|
||||
$tabsql[25] = "SELECT rowid as rowid, code, label, active, module FROM ".MAIN_DB_PREFIX."c_type_container as t WHERE t.entity IN (".getEntity('c_type_container').")";
|
||||
$tabsql[25] = "SELECT rowid as rowid, code, label, active, module FROM ".MAIN_DB_PREFIX."c_type_container as t WHERE t.entity = ".getEntity($tabname[25]);
|
||||
//$tabsql[26]= "SELECT rowid as rowid, code, label, short_label, active FROM ".MAIN_DB_PREFIX."c_units";
|
||||
$tabsql[27] = "SELECT id as rowid, code, libelle, picto, active FROM ".MAIN_DB_PREFIX."c_stcomm";
|
||||
$tabsql[28] = "SELECT h.rowid as rowid, h.code, h.label, h.affect, h.delay, h.newbymonth, h.fk_country as country_id, c.code as country_code, c.label as country, h.active FROM ".MAIN_DB_PREFIX."c_holiday_types as h LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON h.fk_country=c.rowid";
|
||||
@ -233,7 +233,7 @@ $tabsql[34] = "SELECT rowid, pos, code, label, c_level, active FROM ".MAIN_DB_PR
|
||||
$tabsql[35] = "SELECT c.rowid, c.label, c.active, c.entity FROM ".MAIN_DB_PREFIX."c_exp_tax_cat c";
|
||||
$tabsql[36] = "SELECT r.rowid, r.fk_c_exp_tax_cat, r.range_ik, r.active, r.entity FROM ".MAIN_DB_PREFIX."c_exp_tax_range r";
|
||||
$tabsql[37] = "SELECT r.rowid, r.code, r.sortorder, r.label, r.short_label, r.unit_type, r.scale, r.active FROM ".MAIN_DB_PREFIX."c_units r";
|
||||
$tabsql[38] = "SELECT rowid, entity, code, label, url, icon, active FROM ".MAIN_DB_PREFIX."c_socialnetworks";
|
||||
$tabsql[38] = "SELECT s.rowid, s.entity, s.code, s.label, s.url, s.icon, s.active FROM ".MAIN_DB_PREFIX."c_socialnetworks as s WHERE s.entity = ".getEntity($tabname[38]);
|
||||
$tabsql[39] = "SELECT code, label as libelle, sortorder, active FROM ".MAIN_DB_PREFIX."c_prospectcontactlevel";
|
||||
$tabsql[40] = "SELECT id as rowid, code, libelle, picto, active FROM ".MAIN_DB_PREFIX."c_stcommcontact";
|
||||
$tabsql[41] = "SELECT rowid as rowid, code, label, active FROM ".MAIN_DB_PREFIX."c_transport_mode";
|
||||
|
||||
@ -64,7 +64,7 @@ if ($cancel && !$id) {
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($action == 'add' && $cancel) {
|
||||
if ($action == 'add' && !$cancel) {
|
||||
$db->begin();
|
||||
|
||||
$datev = dol_mktime(12, 0, 0, GETPOST("datevmonth"), GETPOST("datevday"), GETPOST("datevyear"));
|
||||
|
||||
@ -97,6 +97,7 @@ class box_supplier_orders_awaiting_reception extends ModeleBoxes
|
||||
}
|
||||
$sql .= " WHERE c.fk_soc = s.rowid";
|
||||
$sql .= " AND c.entity IN (".getEntity('supplier_order').")";
|
||||
$sql .= " AND c.date_livraison IS NOT NULL";
|
||||
$sql .= " AND c.fk_statut IN (".CommandeFournisseur::STATUS_ORDERSENT.", ".CommandeFournisseur::STATUS_RECEIVED_PARTIALLY.")";
|
||||
if (!$user->rights->societe->client->voir && !$user->socid) {
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
|
||||
|
||||
@ -2235,11 +2235,18 @@ class ExtraFields
|
||||
continue; // Value was not provided, we should not set it.
|
||||
}
|
||||
$value_arr = GETPOST($keysuffix."options_".$key.$keyprefix);
|
||||
if ($keysuffix != 'search_') { // If value is for a search, we must keep complex string like '>100 <=150'
|
||||
if ($keysuffix != 'search_') { // If value is for a search, we must keep complex string like '>100 <=150'
|
||||
$value_key = price2num($value_arr);
|
||||
} else {
|
||||
$value_key = $value_arr;
|
||||
}
|
||||
} elseif (in_array($key_type, array('boolean'))) {
|
||||
if (!GETPOSTISSET($keysuffix."options_".$key.$keyprefix)) {
|
||||
$value_key = '';
|
||||
} else {
|
||||
$value_arr = GETPOST($keysuffix."options_".$key.$keyprefix);
|
||||
$value_key = $value_arr;
|
||||
}
|
||||
} else {
|
||||
if (!GETPOSTISSET($keysuffix."options_".$key.$keyprefix)) {
|
||||
continue; // Value was not provided, we should not set it.
|
||||
|
||||
@ -1127,7 +1127,7 @@ function activateModule($value, $withdeps = 1)
|
||||
|
||||
if (!count($ret['errors'])) {
|
||||
$ret['nbmodules']++;
|
||||
$ret['nbperms'] += count($objMod->rights);
|
||||
$ret['nbperms'] += (is_array($objMod->rights)?count($objMod->rights):0);
|
||||
}
|
||||
|
||||
return $ret;
|
||||
|
||||
@ -195,9 +195,11 @@ if (!in_array($type, array('text/x-javascript')) && !dolIsAllowedForPreview($ori
|
||||
}
|
||||
|
||||
// Security: Delete string ../ or ..\ into $original_file
|
||||
$original_file = preg_replace('/\.\.+/', '..', $original_file); // Replace '... or more' with '..'
|
||||
$original_file = str_replace('../', '/', $original_file);
|
||||
$original_file = str_replace('..\\', '/', $original_file);
|
||||
|
||||
|
||||
// Find the subdirectory name as the reference
|
||||
$refname = basename(dirname($original_file)."/");
|
||||
|
||||
|
||||
@ -415,6 +415,7 @@ class FactureFournisseur extends CommonInvoice
|
||||
$sql = "INSERT INTO ".MAIN_DB_PREFIX."facture_fourn (";
|
||||
$sql .= "ref";
|
||||
$sql .= ", ref_supplier";
|
||||
$sql .= ", ref_ext";
|
||||
$sql .= ", entity";
|
||||
$sql .= ", type";
|
||||
$sql .= ", libelle";
|
||||
@ -438,6 +439,7 @@ class FactureFournisseur extends CommonInvoice
|
||||
$sql .= " VALUES (";
|
||||
$sql .= "'(PROV)'";
|
||||
$sql .= ", '".$this->db->escape($this->ref_supplier)."'";
|
||||
$sql .= ", '".$this->db->escape($this->ref_ext)."'";
|
||||
$sql .= ", ".((int) $conf->entity);
|
||||
$sql .= ", '".$this->db->escape($this->type)."'";
|
||||
$sql .= ", '".$this->db->escape(isset($this->label) ? $this->label : (isset($this->libelle) ? $this->libelle : ''))."'";
|
||||
@ -647,6 +649,7 @@ class FactureFournisseur extends CommonInvoice
|
||||
$sql .= " t.rowid,";
|
||||
$sql .= " t.ref,";
|
||||
$sql .= " t.ref_supplier,";
|
||||
$sql .= " t.ref_ext,";
|
||||
$sql .= " t.entity,";
|
||||
$sql .= " t.type,";
|
||||
$sql .= " t.fk_soc,";
|
||||
@ -708,6 +711,7 @@ class FactureFournisseur extends CommonInvoice
|
||||
$this->ref = $obj->ref ? $obj->ref : $obj->rowid; // We take rowid if ref is empty for backward compatibility
|
||||
|
||||
$this->ref_supplier = $obj->ref_supplier;
|
||||
$this->ref_ext = $obj->ref_ext;
|
||||
$this->entity = $obj->entity;
|
||||
$this->type = empty($obj->type) ? self::TYPE_STANDARD : $obj->type;
|
||||
$this->fk_soc = $obj->fk_soc;
|
||||
@ -924,6 +928,9 @@ class FactureFournisseur extends CommonInvoice
|
||||
if (isset($this->ref_supplier)) {
|
||||
$this->ref_supplier = trim($this->ref_supplier);
|
||||
}
|
||||
if (isset($this->ref_ext)) {
|
||||
$this->ref_ext = trim($this->ref_ext);
|
||||
}
|
||||
if (isset($this->entity)) {
|
||||
$this->entity = trim($this->entity);
|
||||
}
|
||||
@ -1013,6 +1020,7 @@ class FactureFournisseur extends CommonInvoice
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn SET";
|
||||
$sql .= " ref=".(isset($this->ref) ? "'".$this->db->escape($this->ref)."'" : "null").",";
|
||||
$sql .= " ref_supplier=".(isset($this->ref_supplier) ? "'".$this->db->escape($this->ref_supplier)."'" : "null").",";
|
||||
$sql .= " ref_ext=".(isset($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : "null").",";
|
||||
$sql .= " entity=".(isset($this->entity) ? $this->entity : "null").",";
|
||||
$sql .= " type=".(isset($this->type) ? $this->type : "null").",";
|
||||
$sql .= " fk_soc=".(isset($this->fk_soc) ? $this->fk_soc : "null").",";
|
||||
|
||||
@ -627,3 +627,5 @@ CREATE TABLE llx_onlinesignature
|
||||
|
||||
ALTER TABLE llx_facture_fourn CHANGE COLUMN fk_mode_transport fk_transport_mode integer;
|
||||
|
||||
ALTER TABLE llx_c_socialnetworks DROP INDEX idx_c_socialnetworks_code;
|
||||
ALTER TABLE llx_c_socialnetworks ADD UNIQUE INDEX idx_c_socialnetworks_code_entity (code, entity);
|
||||
|
||||
@ -16,4 +16,4 @@
|
||||
-- ========================================================================
|
||||
|
||||
|
||||
ALTER TABLE llx_c_socialnetworks ADD UNIQUE INDEX idx_c_socialnetworks_code (code);
|
||||
ALTER TABLE llx_c_socialnetworks ADD UNIQUE INDEX idx_c_socialnetworks_code_entity (code, entity);
|
||||
|
||||
@ -1295,21 +1295,33 @@ if ($dirins && $action == 'addproperty' && empty($cancel) && !empty($module) &&
|
||||
$error++;
|
||||
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Type")), null, 'errors');
|
||||
}
|
||||
}
|
||||
|
||||
if (!$error) {
|
||||
$addfieldentry = array(
|
||||
'name'=>GETPOST('propname', 'aZ09'), 'label'=>GETPOST('proplabel', 'alpha'), 'type'=>GETPOST('proptype', 'alpha'),
|
||||
'arrayofkeyval'=>GETPOST('proparrayofkeyval', 'restricthtml'), // Example json string '{"0":"Draft","1":"Active","-1":"Cancel"}'
|
||||
'visible'=>GETPOST('propvisible', 'int'), 'enabled'=>GETPOST('propenabled', 'int'),
|
||||
'position'=>GETPOST('propposition', 'int'), 'notnull'=>GETPOST('propnotnull', 'int'), 'index'=>GETPOST('propindex', 'int'), 'searchall'=>GETPOST('propsearchall', 'int'),
|
||||
'isameasure'=>GETPOST('propisameasure', 'int'), 'comment'=>GETPOST('propcomment', 'alpha'), 'help'=>GETPOST('prophelp', 'alpha'),
|
||||
'css'=>GETPOST('propcss', 'aZ09'), 'cssview'=>GETPOST('propcssview', 'aZ09'), 'csslist'=>GETPOST('propcsslist', 'aZ09'),
|
||||
'validate' => GETPOST('propvalidate', 'int')
|
||||
);
|
||||
if (!$error) {
|
||||
$addfieldentry = array(
|
||||
'name'=>GETPOST('propname', 'aZ09'),
|
||||
'label'=>GETPOST('proplabel', 'alpha'),
|
||||
'type'=>GETPOST('proptype', 'alpha'),
|
||||
'arrayofkeyval'=>GETPOST('proparrayofkeyval', 'restricthtml'), // Example json string '{"0":"Draft","1":"Active","-1":"Cancel"}'
|
||||
'visible'=>GETPOST('propvisible', 'int'),
|
||||
'enabled'=>GETPOST('propenabled', 'int'),
|
||||
'position'=>GETPOST('propposition', 'int'),
|
||||
'notnull'=>GETPOST('propnotnull', 'int'),
|
||||
'index'=>GETPOST('propindex', 'int'),
|
||||
'searchall'=>GETPOST('propsearchall', 'int'),
|
||||
'isameasure'=>GETPOST('propisameasure', 'int'),
|
||||
'comment'=>GETPOST('propcomment', 'alpha'),
|
||||
'help'=>GETPOST('prophelp', 'alpha'),
|
||||
'css'=>GETPOST('propcss', 'aZ09'),
|
||||
'cssview'=>GETPOST('propcssview', 'aZ09'),
|
||||
'csslist'=>GETPOST('propcsslist', 'aZ09'),
|
||||
'default'=>GETPOST('propdefault', 'restricthtml'),
|
||||
'noteditable'=>intval(GETPOST('propnoteditable', 'int')),
|
||||
'validate' => GETPOST('propvalidate', 'int')
|
||||
);
|
||||
|
||||
if (!empty($addfieldentry['arrayofkeyval']) && !is_array($addfieldentry['arrayofkeyval'])) {
|
||||
$addfieldentry['arrayofkeyval'] = json_decode($addfieldentry['arrayofkeyval'], true);
|
||||
}
|
||||
if (!empty($addfieldentry['arrayofkeyval']) && !is_array($addfieldentry['arrayofkeyval'])) {
|
||||
$addfieldentry['arrayofkeyval'] = json_decode($addfieldentry['arrayofkeyval'], true);
|
||||
}
|
||||
}
|
||||
|
||||
@ -2804,7 +2816,7 @@ if ($module == 'initmodule') {
|
||||
print '<input class="center" name="propvisible" size="2" value="'.dol_escape_htmltag($propvisible).'">';
|
||||
print '</td>';
|
||||
print '<td>';
|
||||
print '<input class="center" name="propnoeditable" size="2" value="'.dol_escape_htmltag($propnoteditable).'">';
|
||||
print '<input class="center" name="propnoteditable" size="2" value="'.dol_escape_htmltag($propnoteditable).'">';
|
||||
print '</td>';
|
||||
print '<td>';
|
||||
print '<input class="center" name="propsearchall" size="2" value="'.dol_escape_htmltag($propsearchall).'">';
|
||||
|
||||
@ -1945,7 +1945,7 @@ class Products extends DolibarrApi
|
||||
|
||||
unset($object->supplierprices); // Mut use another API to get them
|
||||
|
||||
if (!DolibarrApiAccess::$user->rights->stock->lire) {
|
||||
if (empty(DolibarrApiAccess::$user->rights->stock->lire)) {
|
||||
unset($object->stock_reel);
|
||||
unset($object->stock_theorique);
|
||||
}
|
||||
|
||||
@ -384,6 +384,9 @@ class User extends CommonObject
|
||||
$this->rights->user = new stdClass();
|
||||
$this->rights->user->user = new stdClass();
|
||||
$this->rights->user->self = new stdClass();
|
||||
$this->rights->user->user_advance = new stdClass();
|
||||
$this->rights->user->self_advance = new stdClass();
|
||||
$this->rights->user->group_advance = new stdClass();
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -222,6 +222,7 @@ if (preg_match('/\.noexe$/i', $original_file)) {
|
||||
}
|
||||
|
||||
// Security: Delete string ../ or ..\ into $original_file
|
||||
$original_file = preg_replace('/\.\.+/', '..', $original_file); // Replace '... or more' with '..'
|
||||
$original_file = str_replace('../', '/', $original_file);
|
||||
$original_file = str_replace('..\\', '/', $original_file);
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user