| '.$langs->trans("Label").' | ';
diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php
index 775e2cd2093..4a5a09a3461 100644
--- a/htdocs/admin/dict.php
+++ b/htdocs/admin/dict.php
@@ -220,7 +220,7 @@ $tabsql[21] = "SELECT c.rowid as rowid, c.code, c.label, c.active, c.position FR
$tabsql[22] = "SELECT rowid as rowid, code, label, active FROM ".MAIN_DB_PREFIX."c_input_reason";
$tabsql[23] = "SELECT t.rowid as rowid, t.taux, t.revenuestamp_type, c.label as country, c.code as country_code, t.fk_pays as country_id, t.note, t.active, t.accountancy_code_sell, t.accountancy_code_buy FROM ".MAIN_DB_PREFIX."c_revenuestamp as t, ".MAIN_DB_PREFIX."c_country as c WHERE t.fk_pays=c.rowid";
$tabsql[24] = "SELECT rowid as rowid, code, label, active FROM ".MAIN_DB_PREFIX."c_type_resource";
-$tabsql[25] = "SELECT rowid as rowid, code, label, active, module FROM ".MAIN_DB_PREFIX."c_type_container as t WHERE t.entity IN (".getEntity('c_type_container').")";
+$tabsql[25] = "SELECT rowid as rowid, code, label, active, module FROM ".MAIN_DB_PREFIX."c_type_container as t WHERE t.entity = ".getEntity($tabname[25]);
//$tabsql[26]= "SELECT rowid as rowid, code, label, short_label, active FROM ".MAIN_DB_PREFIX."c_units";
$tabsql[27] = "SELECT id as rowid, code, libelle, picto, active FROM ".MAIN_DB_PREFIX."c_stcomm";
$tabsql[28] = "SELECT h.rowid as rowid, h.code, h.label, h.affect, h.delay, h.newbymonth, h.fk_country as country_id, c.code as country_code, c.label as country, h.active FROM ".MAIN_DB_PREFIX."c_holiday_types as h LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON h.fk_country=c.rowid";
@@ -233,7 +233,7 @@ $tabsql[34] = "SELECT rowid, pos, code, label, c_level, active FROM ".MAIN_DB_PR
$tabsql[35] = "SELECT c.rowid, c.label, c.active, c.entity FROM ".MAIN_DB_PREFIX."c_exp_tax_cat c";
$tabsql[36] = "SELECT r.rowid, r.fk_c_exp_tax_cat, r.range_ik, r.active, r.entity FROM ".MAIN_DB_PREFIX."c_exp_tax_range r";
$tabsql[37] = "SELECT r.rowid, r.code, r.sortorder, r.label, r.short_label, r.unit_type, r.scale, r.active FROM ".MAIN_DB_PREFIX."c_units r";
-$tabsql[38] = "SELECT rowid, entity, code, label, url, icon, active FROM ".MAIN_DB_PREFIX."c_socialnetworks";
+$tabsql[38] = "SELECT s.rowid, s.entity, s.code, s.label, s.url, s.icon, s.active FROM ".MAIN_DB_PREFIX."c_socialnetworks as s WHERE s.entity = ".getEntity($tabname[38]);
$tabsql[39] = "SELECT code, label as libelle, sortorder, active FROM ".MAIN_DB_PREFIX."c_prospectcontactlevel";
$tabsql[40] = "SELECT id as rowid, code, libelle, picto, active FROM ".MAIN_DB_PREFIX."c_stcommcontact";
$tabsql[41] = "SELECT rowid as rowid, code, label, active FROM ".MAIN_DB_PREFIX."c_transport_mode";
diff --git a/htdocs/compta/localtax/card.php b/htdocs/compta/localtax/card.php
index e2a96f4fb5b..35c6aa399fe 100644
--- a/htdocs/compta/localtax/card.php
+++ b/htdocs/compta/localtax/card.php
@@ -64,7 +64,7 @@ if ($cancel && !$id) {
exit;
}
-if ($action == 'add' && $cancel) {
+if ($action == 'add' && !$cancel) {
$db->begin();
$datev = dol_mktime(12, 0, 0, GETPOST("datevmonth"), GETPOST("datevday"), GETPOST("datevyear"));
diff --git a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php
index 580ccdb373c..69d65673934 100644
--- a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php
+++ b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php
@@ -97,6 +97,7 @@ class box_supplier_orders_awaiting_reception extends ModeleBoxes
}
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('supplier_order').")";
+ $sql .= " AND c.date_livraison IS NOT NULL";
$sql .= " AND c.fk_statut IN (".CommandeFournisseur::STATUS_ORDERSENT.", ".CommandeFournisseur::STATUS_RECEIVED_PARTIALLY.")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php
index cb2cb892adf..057b1d9ace9 100644
--- a/htdocs/core/class/extrafields.class.php
+++ b/htdocs/core/class/extrafields.class.php
@@ -2235,11 +2235,18 @@ class ExtraFields
continue; // Value was not provided, we should not set it.
}
$value_arr = GETPOST($keysuffix."options_".$key.$keyprefix);
- if ($keysuffix != 'search_') { // If value is for a search, we must keep complex string like '>100 <=150'
+ if ($keysuffix != 'search_') { // If value is for a search, we must keep complex string like '>100 <=150'
$value_key = price2num($value_arr);
} else {
$value_key = $value_arr;
}
+ } elseif (in_array($key_type, array('boolean'))) {
+ if (!GETPOSTISSET($keysuffix."options_".$key.$keyprefix)) {
+ $value_key = '';
+ } else {
+ $value_arr = GETPOST($keysuffix."options_".$key.$keyprefix);
+ $value_key = $value_arr;
+ }
} else {
if (!GETPOSTISSET($keysuffix."options_".$key.$keyprefix)) {
continue; // Value was not provided, we should not set it.
diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php
index 0505f451fc5..842d7333bbd 100644
--- a/htdocs/core/lib/admin.lib.php
+++ b/htdocs/core/lib/admin.lib.php
@@ -1127,7 +1127,7 @@ function activateModule($value, $withdeps = 1)
if (!count($ret['errors'])) {
$ret['nbmodules']++;
- $ret['nbperms'] += count($objMod->rights);
+ $ret['nbperms'] += (is_array($objMod->rights)?count($objMod->rights):0);
}
return $ret;
diff --git a/htdocs/document.php b/htdocs/document.php
index 3c06801c9a0..d6f6584bb6f 100644
--- a/htdocs/document.php
+++ b/htdocs/document.php
@@ -195,9 +195,11 @@ if (!in_array($type, array('text/x-javascript')) && !dolIsAllowedForPreview($ori
}
// Security: Delete string ../ or ..\ into $original_file
+$original_file = preg_replace('/\.\.+/', '..', $original_file); // Replace '... or more' with '..'
$original_file = str_replace('../', '/', $original_file);
$original_file = str_replace('..\\', '/', $original_file);
+
// Find the subdirectory name as the reference
$refname = basename(dirname($original_file)."/");
diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php
index dbf33b6cd69..bffe960b11e 100644
--- a/htdocs/fourn/class/fournisseur.facture.class.php
+++ b/htdocs/fourn/class/fournisseur.facture.class.php
@@ -415,6 +415,7 @@ class FactureFournisseur extends CommonInvoice
$sql = "INSERT INTO ".MAIN_DB_PREFIX."facture_fourn (";
$sql .= "ref";
$sql .= ", ref_supplier";
+ $sql .= ", ref_ext";
$sql .= ", entity";
$sql .= ", type";
$sql .= ", libelle";
@@ -438,6 +439,7 @@ class FactureFournisseur extends CommonInvoice
$sql .= " VALUES (";
$sql .= "'(PROV)'";
$sql .= ", '".$this->db->escape($this->ref_supplier)."'";
+ $sql .= ", '".$this->db->escape($this->ref_ext)."'";
$sql .= ", ".((int) $conf->entity);
$sql .= ", '".$this->db->escape($this->type)."'";
$sql .= ", '".$this->db->escape(isset($this->label) ? $this->label : (isset($this->libelle) ? $this->libelle : ''))."'";
@@ -647,6 +649,7 @@ class FactureFournisseur extends CommonInvoice
$sql .= " t.rowid,";
$sql .= " t.ref,";
$sql .= " t.ref_supplier,";
+ $sql .= " t.ref_ext,";
$sql .= " t.entity,";
$sql .= " t.type,";
$sql .= " t.fk_soc,";
@@ -708,6 +711,7 @@ class FactureFournisseur extends CommonInvoice
$this->ref = $obj->ref ? $obj->ref : $obj->rowid; // We take rowid if ref is empty for backward compatibility
$this->ref_supplier = $obj->ref_supplier;
+ $this->ref_ext = $obj->ref_ext;
$this->entity = $obj->entity;
$this->type = empty($obj->type) ? self::TYPE_STANDARD : $obj->type;
$this->fk_soc = $obj->fk_soc;
@@ -924,6 +928,9 @@ class FactureFournisseur extends CommonInvoice
if (isset($this->ref_supplier)) {
$this->ref_supplier = trim($this->ref_supplier);
}
+ if (isset($this->ref_ext)) {
+ $this->ref_ext = trim($this->ref_ext);
+ }
if (isset($this->entity)) {
$this->entity = trim($this->entity);
}
@@ -1013,6 +1020,7 @@ class FactureFournisseur extends CommonInvoice
$sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn SET";
$sql .= " ref=".(isset($this->ref) ? "'".$this->db->escape($this->ref)."'" : "null").",";
$sql .= " ref_supplier=".(isset($this->ref_supplier) ? "'".$this->db->escape($this->ref_supplier)."'" : "null").",";
+ $sql .= " ref_ext=".(isset($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : "null").",";
$sql .= " entity=".(isset($this->entity) ? $this->entity : "null").",";
$sql .= " type=".(isset($this->type) ? $this->type : "null").",";
$sql .= " fk_soc=".(isset($this->fk_soc) ? $this->fk_soc : "null").",";
diff --git a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql
index d6e21f17aeb..03110b4425e 100644
--- a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql
+++ b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql
@@ -627,3 +627,5 @@ CREATE TABLE llx_onlinesignature
ALTER TABLE llx_facture_fourn CHANGE COLUMN fk_mode_transport fk_transport_mode integer;
+ALTER TABLE llx_c_socialnetworks DROP INDEX idx_c_socialnetworks_code;
+ALTER TABLE llx_c_socialnetworks ADD UNIQUE INDEX idx_c_socialnetworks_code_entity (code, entity);
diff --git a/htdocs/install/mysql/tables/llx_c_socialnetworks.key.sql b/htdocs/install/mysql/tables/llx_c_socialnetworks.key.sql
index 2b7dcdc9d4e..ee48185e187 100644
--- a/htdocs/install/mysql/tables/llx_c_socialnetworks.key.sql
+++ b/htdocs/install/mysql/tables/llx_c_socialnetworks.key.sql
@@ -16,4 +16,4 @@
-- ========================================================================
-ALTER TABLE llx_c_socialnetworks ADD UNIQUE INDEX idx_c_socialnetworks_code (code);
+ALTER TABLE llx_c_socialnetworks ADD UNIQUE INDEX idx_c_socialnetworks_code_entity (code, entity);
diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php
index ea0af722885..177ebb5739a 100644
--- a/htdocs/modulebuilder/index.php
+++ b/htdocs/modulebuilder/index.php
@@ -1295,21 +1295,33 @@ if ($dirins && $action == 'addproperty' && empty($cancel) && !empty($module) &&
$error++;
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Type")), null, 'errors');
}
+ }
- if (!$error) {
- $addfieldentry = array(
- 'name'=>GETPOST('propname', 'aZ09'), 'label'=>GETPOST('proplabel', 'alpha'), 'type'=>GETPOST('proptype', 'alpha'),
- 'arrayofkeyval'=>GETPOST('proparrayofkeyval', 'restricthtml'), // Example json string '{"0":"Draft","1":"Active","-1":"Cancel"}'
- 'visible'=>GETPOST('propvisible', 'int'), 'enabled'=>GETPOST('propenabled', 'int'),
- 'position'=>GETPOST('propposition', 'int'), 'notnull'=>GETPOST('propnotnull', 'int'), 'index'=>GETPOST('propindex', 'int'), 'searchall'=>GETPOST('propsearchall', 'int'),
- 'isameasure'=>GETPOST('propisameasure', 'int'), 'comment'=>GETPOST('propcomment', 'alpha'), 'help'=>GETPOST('prophelp', 'alpha'),
- 'css'=>GETPOST('propcss', 'aZ09'), 'cssview'=>GETPOST('propcssview', 'aZ09'), 'csslist'=>GETPOST('propcsslist', 'aZ09'),
- 'validate' => GETPOST('propvalidate', 'int')
- );
+ if (!$error) {
+ $addfieldentry = array(
+ 'name'=>GETPOST('propname', 'aZ09'),
+ 'label'=>GETPOST('proplabel', 'alpha'),
+ 'type'=>GETPOST('proptype', 'alpha'),
+ 'arrayofkeyval'=>GETPOST('proparrayofkeyval', 'restricthtml'), // Example json string '{"0":"Draft","1":"Active","-1":"Cancel"}'
+ 'visible'=>GETPOST('propvisible', 'int'),
+ 'enabled'=>GETPOST('propenabled', 'int'),
+ 'position'=>GETPOST('propposition', 'int'),
+ 'notnull'=>GETPOST('propnotnull', 'int'),
+ 'index'=>GETPOST('propindex', 'int'),
+ 'searchall'=>GETPOST('propsearchall', 'int'),
+ 'isameasure'=>GETPOST('propisameasure', 'int'),
+ 'comment'=>GETPOST('propcomment', 'alpha'),
+ 'help'=>GETPOST('prophelp', 'alpha'),
+ 'css'=>GETPOST('propcss', 'aZ09'),
+ 'cssview'=>GETPOST('propcssview', 'aZ09'),
+ 'csslist'=>GETPOST('propcsslist', 'aZ09'),
+ 'default'=>GETPOST('propdefault', 'restricthtml'),
+ 'noteditable'=>intval(GETPOST('propnoteditable', 'int')),
+ 'validate' => GETPOST('propvalidate', 'int')
+ );
- if (!empty($addfieldentry['arrayofkeyval']) && !is_array($addfieldentry['arrayofkeyval'])) {
- $addfieldentry['arrayofkeyval'] = json_decode($addfieldentry['arrayofkeyval'], true);
- }
+ if (!empty($addfieldentry['arrayofkeyval']) && !is_array($addfieldentry['arrayofkeyval'])) {
+ $addfieldentry['arrayofkeyval'] = json_decode($addfieldentry['arrayofkeyval'], true);
}
}
@@ -2804,7 +2816,7 @@ if ($module == 'initmodule') {
print '';
print '';
print '';
- print '';
+ print '';
print ' | ';
print '';
print '';
diff --git a/htdocs/product/class/api_products.class.php b/htdocs/product/class/api_products.class.php
index 3e93fee5d04..6283b692a28 100644
--- a/htdocs/product/class/api_products.class.php
+++ b/htdocs/product/class/api_products.class.php
@@ -1945,7 +1945,7 @@ class Products extends DolibarrApi
unset($object->supplierprices); // Mut use another API to get them
- if (!DolibarrApiAccess::$user->rights->stock->lire) {
+ if (empty(DolibarrApiAccess::$user->rights->stock->lire)) {
unset($object->stock_reel);
unset($object->stock_theorique);
}
diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index d2c9cc124b6..1114aa826d5 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -384,6 +384,9 @@ class User extends CommonObject
$this->rights->user = new stdClass();
$this->rights->user->user = new stdClass();
$this->rights->user->self = new stdClass();
+ $this->rights->user->user_advance = new stdClass();
+ $this->rights->user->self_advance = new stdClass();
+ $this->rights->user->group_advance = new stdClass();
}
/**
diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php
index f514c7c0302..0e91bd5bc9f 100644
--- a/htdocs/viewimage.php
+++ b/htdocs/viewimage.php
@@ -222,6 +222,7 @@ if (preg_match('/\.noexe$/i', $original_file)) {
}
// Security: Delete string ../ or ..\ into $original_file
+$original_file = preg_replace('/\.\.+/', '..', $original_file); // Replace '... or more' with '..'
$original_file = str_replace('../', '/', $original_file);
$original_file = str_replace('..\\', '/', $original_file);
|