From cc37a7d84823b6db24ae6a09d53451ec0c841a35 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 9 Jun 2017 13:11:34 +0200 Subject: [PATCH 01/28] Fix parenthesis --- .../prelevement/class/bonprelevement.class.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index 9b86bd66897..0785efe6b1a 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -252,7 +252,7 @@ class BonPrelevement extends CommonObject function getErrorString($error) { global $langs; - + $errors = array(); $errors[1027] = $langs->trans("DateInvalid"); @@ -920,7 +920,7 @@ class BonPrelevement extends CommonObject $dir=$conf->prelevement->dir_output.'/receipts'; if (! is_dir($dir)) dol_mkdir($dir); - + $this->filename = $dir.'/'.$ref.'.xml'; // Create withdraw receipt in database @@ -1028,7 +1028,7 @@ class BonPrelevement extends CommonObject $this->emetteur_bic = $account->bic; $this->emetteur_ics = $conf->global->PRELEVEMENT_ICS; // Ex: PRELEVEMENT_ICS = "FR78ZZZ123456"; - + $this->raison_sociale = $account->proprio; } @@ -1572,7 +1572,7 @@ class BonPrelevement extends CommonObject $XML_DEBITOR .=' '.strtoupper(dolEscapeXML(dol_string_unaccent($row_nom))).''.$CrLf; $XML_DEBITOR .=' '.$CrLf; $XML_DEBITOR .=' '.$row_country_code.''.$CrLf; - $XML_DEBITOR .=' '.dolEscapeXML(dol_trunc(dol_string_unaccent(strtr($row_address, array(CHR(13) => ", ", CHR(10) => "")))),70,'right','UTF-8',true).''.$CrLf; + $XML_DEBITOR .=' '.dolEscapeXML(dol_trunc(dol_string_unaccent(strtr($row_address, array(CHR(13) => ", ", CHR(10) => ""))),70,'right','UTF-8',true)).''.$CrLf; $XML_DEBITOR .=' '.dolEscapeXML(dol_string_unaccent($row_zip.' '.$row_town)).''.$CrLf; $XML_DEBITOR .=' '.$CrLf; $XML_DEBITOR .=' '.$CrLf; @@ -1668,7 +1668,7 @@ class BonPrelevement extends CommonObject * @return string String with SEPA Sender */ function EnregEmetteurSEPA($configuration, $ladate, $nombre, $total, $CrLf='\n') - { + { // SEPA INITIALISATION global $conf; @@ -1687,12 +1687,12 @@ class BonPrelevement extends CommonObject $this->emetteur_number_key = $account->cle_rib; $this->emetteur_iban = $account->iban; $this->emetteur_bic = $account->bic; - + $this->emetteur_ics = $conf->global->PRELEVEMENT_ICS; // Ex: PRELEVEMENT_ICS = "FR78ZZZ123456"; - + $this->raison_sociale = $account->proprio; } - + // Récupération info demandeur $sql = "SELECT rowid, ref"; $sql.= " FROM"; From d037515e37938161982583d866c598fc03061c9d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 29 May 2017 09:57:05 +0200 Subject: [PATCH 02/28] FIX SQL injection on user/index.php parameter search_statut. Conflicts: htdocs/user/index.php --- htdocs/core/lib/functions.lib.php | 3 ++ htdocs/user/index.php | 58 +++++++++++++++---------------- 2 files changed, 32 insertions(+), 29 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 3ced09db552..a212b82c18f 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -250,6 +250,9 @@ function GETPOST($paramname,$check='',$method=0,$filter=NULL,$options=NULL) case 'int': if (! is_numeric($out)) { $out=''; } break; + case 'intcomma': + if (preg_match('/[^0-9,]+/i',$out)) $out=''; + break; case 'alpha': $out=trim($out); // '"' is dangerous because param in url can close the href= or src= and add javascript functions. diff --git a/htdocs/user/index.php b/htdocs/user/index.php index 5d8f02e1c32..669152cb145 100644 --- a/htdocs/user/index.php +++ b/htdocs/user/index.php @@ -100,7 +100,7 @@ $arrayfields=array( // Extra fields if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label)) { - foreach($extrafields->attribute_label as $key => $val) + foreach($extrafields->attribute_label as $key => $val) { $arrayfields["ef.".$key]=array('label'=>$extrafields->attribute_label[$key], 'checked'=>$extrafields->attribute_list[$key], 'position'=>$extrafields->attribute_pos[$key], 'enabled'=>$extrafields->attribute_perms[$key]); } @@ -116,9 +116,9 @@ $search_gender=GETPOST('search_gender','alpha'); $search_employee=GETPOST('search_employee','alpha'); $search_accountancy_code=GETPOST('search_accountancy_code','alpha'); $search_email=GETPOST('search_email','alpha'); -$search_statut=GETPOST('search_statut','alpha'); +$search_statut=GETPOST('search_statut','intcomma'); $search_thirdparty=GETPOST('search_thirdparty','alpha'); -$search_supervisor=GETPOST('search_supervisor','alpha'); +$search_supervisor=GETPOST('search_supervisor','intcomma'); $search_previousconn=GETPOST('search_previousconn','alpha'); $optioncss = GETPOST('optioncss','alpha'); @@ -131,7 +131,7 @@ if ($mode == 'employee') $search_employee=1; /* * Actions */ - + $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); @@ -196,8 +196,8 @@ else } if ($socid > 0) $sql.= " AND u.fk_soc = ".$socid; //if ($search_user != '') $sql.=natural_search(array('u.login', 'u.lastname', 'u.firstname'), $search_user); -if ($search_supervisor > 0) $sql.= " AND u.fk_user = ".$search_supervisor; -if ($search_thirdparty != '') $sql.=natural_search(array('s.nom'), $search_thirdparty); +if ($search_supervisor > 0) $sql.= " AND u.fk_user = ".$db->escape($search_supervisor); +if ($search_thirdparty != '') $sql.= natural_search(array('s.nom'), $search_thirdparty); if ($search_login != '') $sql.= natural_search("u.login", $search_login); if ($search_lastname != '') $sql.= natural_search("u.lastname", $search_lastname); if ($search_firstname != '') $sql.= natural_search("u.firstname", $search_firstname); @@ -206,9 +206,9 @@ if (is_numeric($search_employee) && $search_employee >= 0) { $sql .= ' AND u.employee = '.(int) $search_employee; } if ($search_accountancy_code != '') $sql.= natural_search("u.accountancy_code", $search_accountancy_code); -if ($search_email != '') $sql.= natural_search("u.email", $search_email); -if ($search_statut != '' && $search_statut >= 0) $sql.= " AND (u.statut=".$search_statut.")"; -if ($sall) $sql.= natural_search(array_keys($fieldstosearchall), $sall); +if ($search_email != '') $sql.= natural_search("u.email", $search_email); +if ($search_statut != '' && $search_statut >= 0) $sql.= " AND u.statut IN (".$db->escape($search_statut).")"; +if ($sall) $sql.= natural_search(array_keys($fieldstosearchall), $sall); // Add where from extra fields foreach ($search_array_options as $key => $val) { @@ -217,7 +217,7 @@ foreach ($search_array_options as $key => $val) $typ=$extrafields->attribute_type[$tmpkey]; $mode=0; if (in_array($typ, array('int','double'))) $mode=1; // Search on a numeric - if ($val && ( ($crit != '' && ! in_array($typ, array('select'))) || ! empty($crit))) + if ($val && ( ($crit != '' && ! in_array($typ, array('select'))) || ! empty($crit))) { $sql .= natural_search('ef.'.$tmpkey, $crit, $mode); } @@ -265,27 +265,27 @@ if ($result) $crit=$val; $tmpkey=preg_replace('/search_options_/','',$key); if ($val != '') $param.='&search_options_'.$tmpkey.'='.urlencode($val); - } - - + } + + print '
'."\n"; if ($optioncss != '') print ''; print ''; print ''; print ''; print ''; - + if ($sall) { foreach($fieldstosearchall as $key => $val) $fieldstosearchall[$key]=$langs->trans($val); print $langs->trans("FilterOnInto", $sall) . join(', ',$fieldstosearchall); } - + $moreforfilter=''; - + $varpage=empty($contextpage)?$_SERVER["PHP_SELF"]:$contextpage; $selectedfields=$form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage); // This also change content of $arrayfields - + print ''; print ''; if (! empty($arrayfields['u.login']['checked'])) print_liste_field_titre($langs->trans("Login"),$_SERVER['PHP_SELF'],"u.login",$param,"","",$sortfield,$sortorder); @@ -303,9 +303,9 @@ if ($result) // Extra fields if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label)) { - foreach($extrafields->attribute_label as $key => $val) + foreach($extrafields->attribute_label as $key => $val) { - if (! empty($arrayfields["ef.".$key]['checked'])) + if (! empty($arrayfields["ef.".$key]['checked'])) { $align=$extrafields->getAlignFlag($key); print_liste_field_titre($extralabels[$key],$_SERVER["PHP_SELF"],"ef.".$key,"",$param,($align?'align="'.$align.'"':''),$sortfield,$sortorder); @@ -340,7 +340,7 @@ if ($result) { print ''; } if (! empty($arrayfields['u.employee']['checked'])) @@ -380,9 +380,9 @@ if ($result) // Extra fields if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label)) { - foreach($extrafields->attribute_label as $key => $val) + foreach($extrafields->attribute_label as $key => $val) { - if (! empty($arrayfields["ef.".$key]['checked'])) + if (! empty($arrayfields["ef.".$key]['checked'])) { $align=$extrafields->getAlignFlag($key); $typeofextrafield=$extrafields->attribute_type[$key]; @@ -428,7 +428,7 @@ if ($result) $searchpitco=$form->showFilterAndCheckAddButtons(0); print $searchpitco; print ''; - + print "\n"; $user2=new User($db); @@ -451,7 +451,7 @@ if ($result) $userstatic->lastname=$obj->lastname; $userstatic->employee=$obj->employee; $userstatic->photo=$obj->photo; - + $li=$userstatic->getNomUrl(-1,'',0,0,24,1,'login'); print ""; @@ -564,8 +564,8 @@ if ($result) } } print ''; - } - + } + // Date last login if (! empty($arrayfields['u.datelastlogin']['checked'])) { @@ -576,13 +576,13 @@ if ($result) { print ''; } - + // Extra fields if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label)) { - foreach($extrafields->attribute_label as $key => $val) + foreach($extrafields->attribute_label as $key => $val) { - if (! empty($arrayfields["ef.".$key]['checked'])) + if (! empty($arrayfields["ef.".$key]['checked'])) { print 'getAlignFlag($key); From 9c482b9f2a021604e29b7321e2e18eed60d08932 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 10 Jun 2017 21:37:27 +0200 Subject: [PATCH 03/28] FIX CVE-2017-7886 --- htdocs/core/datepicker.php | 2 +- htdocs/core/get_menudiv.php | 2 +- htdocs/core/lib/functions.lib.php | 106 +++++++++++++++--------------- htdocs/core/search_page.php | 8 +-- htdocs/externalsite/frames.php | 2 +- htdocs/install/inc.php | 6 +- htdocs/main.inc.php | 4 +- htdocs/master.inc.php | 2 +- htdocs/support/inc.php | 2 +- htdocs/theme/eldy/style.css.php | 12 ++-- htdocs/theme/md/style.css.php | 52 +++++++-------- 11 files changed, 99 insertions(+), 99 deletions(-) diff --git a/htdocs/core/datepicker.php b/htdocs/core/datepicker.php index 63b765fbadb..99bf9b15a80 100644 --- a/htdocs/core/datepicker.php +++ b/htdocs/core/datepicker.php @@ -39,7 +39,7 @@ if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML',1); require_once '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; -if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL by the main.inc.php +if (GETPOST('lang', 'aZ09')) $langs->setDefaultLang(GETPOST('lang', 'aZ09')); // If language was forced on URL by the main.inc.php $langs->load("main"); $langs->load("agenda"); $right=($langs->trans("DIRECTION")=='rtl'?'left':'right'); diff --git a/htdocs/core/get_menudiv.php b/htdocs/core/get_menudiv.php index 655e10afd67..f8b3a652e08 100644 --- a/htdocs/core/get_menudiv.php +++ b/htdocs/core/get_menudiv.php @@ -35,7 +35,7 @@ if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML',1); require_once '../main.inc.php'; -if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL by the main.inc.php +if (GETPOST('lang', 'aZ09')) $langs->setDefaultLang(GETPOST('lang', 'aZ09')); // If language was forced on URL by the main.inc.php $langs->load("main"); $right=($langs->trans("DIRECTION")=='rtl'?'left':'right'); $left=($langs->trans("DIRECTION")=='rtl'?'right':'left'); diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index a212b82c18f..c4674fbe5a0 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -191,7 +191,7 @@ function getBrowserInfo($user_agent) elseif (preg_match('/opera(\/|\s)([\d\.]*)/i', $user_agent, $reg)) { $name='opera'; $version=$reg[2]; } elseif (preg_match('/(MSIE\s([0-9]+\.[0-9]))|.*(Trident\/[0-9]+.[0-9];\srv:([0-9]+\.[0-9]+))/i', $user_agent, $reg)) { $name='ie'; $version=end($reg); } // MS products at end elseif (preg_match('/l(i|y)n(x|ks)(\(|\/|\s)*([\d\.]+)/i', $user_agent, $reg)) { $name='lynxlinks'; $version=$reg[4]; } - + if ($tablet) { $layout = 'tablet'; } elseif ($phone) { @@ -269,7 +269,7 @@ function GETPOST($paramname,$check='',$method=0,$filter=NULL,$options=NULL) break; case 'aZ09': $out=trim($out); - if (preg_match('/[^a-z0-9]+/i',$out)) $out=''; + if (preg_match('/[^a-z0-9_\-]+/i',$out)) $out=''; break; case 'array': if (! is_array($out) || empty($out)) $out=array(); @@ -290,13 +290,13 @@ function GETPOST($paramname,$check='',$method=0,$filter=NULL,$options=NULL) * This prefix is unique for instance and avoid conflict between multi-instances, * even when having two instances with one root dir or two instances in virtual servers * - * @param string $mode '' or 'email' + * @param string $mode '' or 'email' * @return string A calculated prefix */ function dol_getprefix($mode='') { global $conf; - + // If MAIL_PREFIX_FOR_EMAIL_ID is set and prefix is for email if ($mode == 'email' && ! empty($conf->global->MAIL_PREFIX_FOR_EMAIL_ID)) { @@ -378,15 +378,15 @@ function dol_buildpath($path, $type=0) if ($type == 1) $res = DOL_URL_ROOT.'/'.$path; // Standard value if ($type == 2) $res = DOL_MAIN_URL_ROOT.'/'.$path; // Standard value if ($type == 3) $res = DOL_URL_ROOT.'/'.$path; - + foreach ($conf->file->dol_document_root as $key => $dirroot) // ex: array(["main"]=>"/home/main/htdocs", ["alt0"]=>"/home/dirmod/htdocs", ...) { - if ($key == 'main') + if ($key == 'main') { if ($type == 3) { global $dolibarr_main_url_root; - + // Define $urlwithroot $urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root)); $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file @@ -413,12 +413,12 @@ function dol_buildpath($path, $type=0) if ($type == 3) { global $dolibarr_main_url_root; - + // Define $urlwithroot $urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root)); $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file //$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current - + $res=(preg_match('/^http/i',$conf->file->dol_url_root[$key])?'':$urlwithroot).$conf->file->dol_url_root[$key].'/'.$path; // Test on start with http is for old conf syntax } break; @@ -957,7 +957,7 @@ function dol_banner_tab($object, $paramid, $morehtml='', $shownav=1, $fieldid='r $maxvisiblephotos=(isset($conf->global->PRODUCT_MAX_VISIBLE_PHOTO)?$conf->global->PRODUCT_MAX_VISIBLE_PHOTO:5); if ($conf->browser->phone) $maxvisiblephotos=1; if ($showimage) $morehtmlleft.='
'.$object->show_photos($conf->product->multidir_output[$object->entity],'small',$maxvisiblephotos,0,0,0,$width,0).'
'; - else + else { if (!empty($conf->global->PRODUCT_NODISPLAYIFNOPHOTO)) { $nophoto=''; @@ -967,17 +967,17 @@ function dol_banner_tab($object, $paramid, $morehtml='', $shownav=1, $fieldid='r $nophoto='/public/theme/common/nophoto.png'; $morehtmlleft.='
No photo
'; } - + } } - else + else { if ($showimage) $morehtmlleft.='
'.$form->showphoto($modulepart,$object,0,0,0,'photoref','small',1,0,$maxvisiblephotos).'
'; } if ($showbarcode) $morehtmlleft.='
'.$form->showbarcode($object).'
'; if ($object->element == 'societe' && ! empty($conf->use_javascript_ajax) && $user->rights->societe->creer && ! empty($conf->global->MAIN_DIRECT_STATUS_UPDATE)) { $morehtmlright.=ajax_object_onoff($object, 'status', 'status', 'InActivity', 'ActivityCeased'); - } + } elseif ($object->element == 'product') { //$morehtmlright.=$langs->trans("Status").' ('.$langs->trans("Sell").') '; @@ -999,7 +999,7 @@ function dol_banner_tab($object, $paramid, $morehtml='', $shownav=1, $fieldid='r } if (! empty($object->name_alias)) $morehtmlref.='
'.$object->name_alias.'
'; // For thirdparty if (! empty($object->label)) $morehtmlref.='
'.$object->label.'
'; // For product - if ($object->element != 'product') + if ($object->element != 'product') { $morehtmlref.='
'; $morehtmlref.=$object->getBannerAddress('refaddress',$object); @@ -1184,9 +1184,9 @@ function dol_print_date($time,$format='',$tzoutput='tzserver',$outputlangs='',$e $reduceformat=(! empty($conf->dol_optimize_smallscreen) && in_array($format,array('day','dayhour')))?1:0; $formatwithoutreduce = preg_replace('/reduceformat/','',$format); if ($formatwithoutreduce != $format) { $format = $formatwithoutreduce; $reduceformat=1; } // so format 'dayreduceformat' is processed like day - + // Change predefined format into computer format. If found translation in lang file we use it, otherwise we use default. - // TODO Add format daysmallyear and dayhoursmallyear + // TODO Add format daysmallyear and dayhoursmallyear if ($format == 'day') $format=($outputlangs->trans("FormatDateShort")!="FormatDateShort"?$outputlangs->trans("FormatDateShort"):$conf->format_date_short); else if ($format == 'hour') $format=($outputlangs->trans("FormatHourShort")!="FormatHourShort"?$outputlangs->trans("FormatHourShort"):$conf->format_hour_short); else if ($format == 'hourduration') $format=($outputlangs->trans("FormatHourShortDuration")!="FormatHourShortDuration"?$outputlangs->trans("FormatHourShortDuration"):$conf->format_hour_short_duration); @@ -1957,7 +1957,7 @@ function dol_print_graph($htmlid,$width,$height,$data,$showlegend=0,$type='pie', print '
'.$langs->trans("NotEnoughDataYet").'
'; return; } - + if (empty($conf->use_javascript_ajax)) return; $jsgraphlib='flot'; $datacolor=array(); @@ -2126,7 +2126,7 @@ function dol_trunc($string,$size=40,$trunc='right',$stringencoding='UTF-8',$nodo global $conf; if ($size==0 || ! empty($conf->global->MAIN_DISABLE_TRUNC)) return $string; - + if (empty($stringencoding)) $stringencoding='UTF-8'; // reduce for small screen if ($conf->dol_optimize_smallscreen==1 && $display==1) $size = round($size/3); @@ -3076,7 +3076,7 @@ function load_fiche_titre($titre, $mesg='', $picto='title_generic.png', $pictois * @param string $options parametres complementaires lien ('' par defaut) * @param string $sortfield champ de tri ('' par defaut) * @param string $sortorder ordre de tri ('' par defaut) - * @param string $center chaine du centre ('' par defaut). We often find here string $massaction comming from $form->selectMassAction() + * @param string $center chaine du centre ('' par defaut). We often find here string $massaction comming from $form->selectMassAction() * @param int $num number of records found by select with limit+1 * @param int $totalnboflines Total number of records/lines for all pages (if known). Use a negative value to no show number. * @param string $picto Icon to use before title (should be a 32x32 transparent png file) @@ -3090,11 +3090,11 @@ function load_fiche_titre($titre, $mesg='', $picto='title_generic.png', $pictois function print_barre_liste($titre, $page, $file, $options='', $sortfield='', $sortorder='', $center='', $num=-1, $totalnboflines=0, $picto='title_generic.png', $pictoisfullpath=0, $morehtml='', $morecss='', $limit=-1, $hideselectlimit=0) { global $conf,$langs; - + $savlimit = $limit; $savtotalnboflines = $totalnboflines; $totalnboflines=abs($totalnboflines); - + if ($picto == 'setup') $picto='title_setup.png'; if (($conf->browser->name == 'ie') && $picto=='title_generic.png') $picto='title.gif'; if ($limit < 0) $limit = $conf->liste_limit; @@ -3107,7 +3107,7 @@ function print_barre_liste($titre, $page, $file, $options='', $sortfield='', $so $nextpage = 0; } //print 'totalnboflines='.$totalnboflines.'-savlimit='.$savlimit.'-limit='.$limit.'-num='.$num.'-nextpage='.$nextpage; - + print "\n"; print "\n"; print '
'; $arraygender=array('man'=>$langs->trans("Genderman"),'woman'=>$langs->trans("Genderwoman")); - print $form->selectarray('search_gender', $arraygender, $search_gender, 1); + print $form->selectarray('search_gender', $arraygender, $search_gender, 1); print '
'.dol_print_date($db->jdate($obj->datepreviouslogin),"dayhour").'
'; @@ -3206,7 +3206,7 @@ function print_fleche_navigation($page, $file, $options='', $nextpage=0, $betwee //$pagesizechoices.=',0:'.$langs->trans("All"); // Not yet supported //$pagesizechoices.=',2:2'; if (! empty($conf->global->MAIN_PAGESIZE_CHOICES)) $pagesizechoices=$conf->global->MAIN_PAGESIZE_CHOICES; - + print '
'; print ''; @@ -92,24 +143,30 @@ print ''; print ''; foreach($blocks as &$block) { + + $checksignature = $block->checkSignature(); + $object_link = $block->getObjectLink(); - print ''; - print ''; - print ''; - print ''; - print ''; - print ''; - print ''; - print ''; - print ''; - print ''; - + if(!$showonlyerrors || $block->error>0) { + + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + + } } print '
'.dol_print_date($block->tms,'dayhour').''.$block->ref_object.''.$langs->trans('log'.$block->action).''.$block->getObject().''.img_info($langs->trans('ShowDetails')).''.price($block->amounts).''.$block->getUser().''.$block->signature.''; - - print $block->checkSignature() ? img_picto($langs->trans('OkCheckFingerprintValidity'), 'on') : img_picto($langs->trans('KoCheckFingerprintValidity'), 'off'); - if(!empty($conf->global->BLOCKEDLOG_USE_REMOTE_AUTHORITY) && !empty($conf->global->BLOCKEDLOG_AUTHORITY_URL)) { - print ' '.($block->certified ? img_picto($langs->trans('AddedByAuthority'), 'info') : img_picto($langs->trans('NotAddedByAuthorityYet'), 'info_black') ); - } - print '
'.dol_print_date($block->tms,'dayhour').''.$block->ref_object.''.$langs->trans('log'.$block->action).''.$object_link.''.img_info($langs->trans('ShowDetails')).''.price($block->amounts).''.$block->getUser().''.$block->signature.''; + + print $block->error == 0 ? img_picto($langs->trans('OkCheckFingerprintValidity'), 'on') : img_picto($langs->trans('KoCheckFingerprintValidity'), 'off'); + if(!empty($conf->global->BLOCKEDLOG_USE_REMOTE_AUTHORITY) && !empty($conf->global->BLOCKEDLOG_AUTHORITY_URL)) { + print ' '.($block->certified ? img_picto($langs->trans('AddedByAuthority'), 'info') : img_picto($langs->trans('NotAddedByAuthorityYet'), 'info_black') ); + } + print '
'; @@ -121,7 +178,7 @@ $('a[rel=show-info]').click(function() { $pop = $('
trans('Field') ?>trans('Value') ?>
'); $pop.dialog({ - title:"trans('BlockedlogInfoDialog'); ?>" + title:"transnoentities('BlockedlogInfoDialog'); ?>" ,modal:true ,width:'80%' }); diff --git a/htdocs/blockedlog/class/blockedlog.class.php b/htdocs/blockedlog/class/blockedlog.class.php index 1f93eb3cc26..4f2a37e0116 100644 --- a/htdocs/blockedlog/class/blockedlog.class.php +++ b/htdocs/blockedlog/class/blockedlog.class.php @@ -78,6 +78,7 @@ class BlockedLog public $object_data = null; + public $error = 0; /** * Constructor @@ -91,9 +92,9 @@ class BlockedLog } /** - * try to retrieve logged object + * try to retrieve logged object link */ - public function getObject() { + public function getObjectLink() { global $langs; if($this->element === 'facture') { @@ -103,6 +104,9 @@ class BlockedLog if($object->fetch($this->fk_object)>0) { return $object->getNomUrl(1); } + else{ + $this->error++; + } } else if($this->element === 'payment') { require_once DOL_DOCUMENT_ROOT.'/compta/paiement/class/paiement.class.php'; @@ -111,6 +115,9 @@ class BlockedLog if($object->fetch($this->fk_object)>0) { return $object->getNomUrl(1); } + else{ + $this->error++; + } } return $langs->trans('ImpossibleToReloadObject', $this->element, $this->fk_object); @@ -388,8 +395,13 @@ class BlockedLog $this->getSignatureRecursive(); - return ($signature_to_test=== $this->signature); + $res = ($signature_to_test === $this->signature); + if(!$res) { + $this->error++; + } + + return $res; } /** diff --git a/htdocs/core/triggers/interface_50_modBlockedlog_ActionsBlockedLog.class.php b/htdocs/core/triggers/interface_50_modBlockedlog_ActionsBlockedLog.class.php index 5a52777cbb9..461a277dfd4 100644 --- a/htdocs/core/triggers/interface_50_modBlockedlog_ActionsBlockedLog.class.php +++ b/htdocs/core/triggers/interface_50_modBlockedlog_ActionsBlockedLog.class.php @@ -51,7 +51,7 @@ class InterfaceActionsBlockedLog extends DolibarrTriggers return 0; } - if($action==='BILL_VALIDATE' || $action === 'BILL_PAYED' || $action==='BILL_UNPAYED') { + if($action==='BILL_VALIDATE' || $action === 'BILL_PAYED' || $action==='BILL_UNPAYED' || $action === 'BILL_SENTBYMAIL') { $amounts= (double) $object->total_ttc; } else if($action === 'PAYMENT_CUSTOMER_CREATE' || $action === 'PAYMENT_ADD_TO_BANK') { diff --git a/htdocs/langs/en_US/blockedlog.lang b/htdocs/langs/en_US/blockedlog.lang index 995801292a3..7e64bfad17f 100644 --- a/htdocs/langs/en_US/blockedlog.lang +++ b/htdocs/langs/en_US/blockedlog.lang @@ -3,6 +3,7 @@ BlockedLogDesc=This module store event for invoice and payments as block chain FingerprintsDesc=All fingerprints stored EntityKey=Entity Key ShowAllFingerPrintsMightBeTooLong=Show all fingerprints (might be long) +ShowAllFingerPrintsErrorsMightBeTooLong=Show all fingerprints with error (might be long) DownloadBlockChain=Download fingerprints KoCheckFingerprintValidity=Fingerprint is not valid OkCheckFingerprintValidity=Fingerprint is valid @@ -14,3 +15,7 @@ logPAYMENT_CUSTOMER_CREATE=Payment of customer created logBILL_PAYED=Customer bill payed logBILL_UNPAYED=Customer bill set unpayed logBILL_VALIDATE=Customer bill set valid from draft +logBILL_SENTBYMAIL=Customer bill send by mail +BlockedlogInfoDialog=Log Details +Fingerprint=Fingerprint +DownloadLogCSV=Download fingerprints CSV \ No newline at end of file From 4c424bb760c43e1d938fac74e0bddcc49b10a1fa Mon Sep 17 00:00:00 2001 From: alexis Algoud Date: Tue, 13 Jun 2017 10:09:53 +0200 Subject: [PATCH 05/28] fix current element compare amount --- htdocs/blockedlog/class/blockedlog.class.php | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/htdocs/blockedlog/class/blockedlog.class.php b/htdocs/blockedlog/class/blockedlog.class.php index 4f2a37e0116..b0cddd66f75 100644 --- a/htdocs/blockedlog/class/blockedlog.class.php +++ b/htdocs/blockedlog/class/blockedlog.class.php @@ -502,8 +502,7 @@ class BlockedLog */ private function getCurrentValue() { - if($this->action === 'PAYMENT_CUSTOMER_CREATE' - || $this->action === 'PAYMENT_ADD_TO_BANK') { + if($this->element === 'payment') { $sql="SELECT amount FROM ".MAIN_DB_PREFIX."paiement WHERE rowid=".$this->fk_object; $res = $this->db->query($sql); @@ -512,7 +511,15 @@ class BlockedLog $this->amounts = (double) $obj->amount; } } - + elseif($this->element === 'facture') { + $sql="SELECT total_ttc FROM ".MAIN_DB_PREFIX."facture WHERE rowid=".$this->fk_object; + + $res = $this->db->query($sql); + if($res && $obj = $this->db->fetch_object($res)) { + $this->amounts = (double) $obj->total_ttc; + } + } + } /** From b67a14c7d66ea68cc1b9f261e3fc9a47348516de Mon Sep 17 00:00:00 2001 From: phf Date: Tue, 13 Jun 2017 10:20:26 +0200 Subject: [PATCH 06/28] Fix ajax search product is broken --- htdocs/product/ajax/products.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/product/ajax/products.php b/htdocs/product/ajax/products.php index 159ee6c272e..c8b81caa9fc 100644 --- a/htdocs/product/ajax/products.php +++ b/htdocs/product/ajax/products.php @@ -182,8 +182,10 @@ else $idprod = (! empty($match[0]) ? $match[0] : ''); if (GETPOST($htmlname,'alpha') == '' && (! $idprod || ! GETPOST($idprod,'alpha'))) + { print json_encode(array()); return; + } // When used from jQuery, the search term is added as GET param "term". $searchkey = (($idprod && GETPOST($idprod,'alpha')) ? GETPOST($idprod,'alpha') : (GETPOST($htmlname, 'alpha') ? GETPOST($htmlname, 'alpha') : '')); From ffdee40eb9722da1a0d43a629850b7d7d67b9833 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 13 Jun 2017 10:58:41 +0200 Subject: [PATCH 07/28] Fix permission on recurring invoice list --- htdocs/core/menus/standard/eldy.lib.php | 26 ++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index b981686d7c7..ca6791475a6 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -52,7 +52,7 @@ function print_eldy_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$mode if (empty($noout)) print_start_menu_array(); $usemenuhider = (GETPOST('testmenuhider') || ! empty($conf->global->MAIN_TESTMENUHIDER)); - + // Show/Hide vertical menu if ($mode != 'jmobile' && $mode != 'topnb' && $usemenuhider && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) { @@ -437,7 +437,7 @@ function print_end_menu_array() /** * Core function to output left menu eldy * Fill &$menu (example with $forcemainmenu='home' $forceleftmenu='all', return left menu tree of Home) - * + * * @param DoliDB $db Database handler * @param array $menu_array_before Table of menu entries to show before entries of menu handler (menu->liste filled with menu->add) * @param array $menu_array_after Table of menu entries to show after entries of menu handler (menu->liste filled with menu->add) @@ -445,7 +445,7 @@ function print_end_menu_array() * @param Menu $menu Object Menu to return back list of menu entries * @param int $noout Disable output (Initialise &$menu only). * @param string $forcemainmenu 'x'=Force mainmenu to mainmenu='x' - * @param string $forceleftmenu 'all'=Force leftmenu to '' (= all). If value come being '', we change it to value in session and 'none' if not efined in session. + * @param string $forceleftmenu 'all'=Force leftmenu to '' (= all). If value come being '', we change it to value in session and 'none' if not efined in session. * @param array $moredata An array with more data to output * @return int nb of menu entries */ @@ -459,7 +459,7 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu $leftmenu=($forceleftmenu?'':(empty($_SESSION["leftmenu"])?'none':$_SESSION["leftmenu"])); $usemenuhider = (GETPOST('testmenuhider') || ! empty($conf->global->MAIN_TESTMENUHIDER)); - + // Show logo company if (empty($conf->global->MAIN_MENU_INVERT) && empty($noout) && ! empty($conf->global->MAIN_SHOW_LOGO) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) { @@ -596,7 +596,7 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu $newmenu->add("/user/group/index.php?leftmenu=users", $langs->trans("ListOfGroups"), 2, ($conf->global->MAIN_USE_ADVANCED_PERMS?$user->rights->user->group_advance->read:$user->rights->user->user->lire) || $user->admin); } } - + } @@ -802,7 +802,7 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu $newmenu->add("/compta/facture/list.php?leftmenu=customers_bills_paid&search_status=2",$langs->trans("BillShortStatusPaid"),2,$user->rights->facture->lire); $newmenu->add("/compta/facture/list.php?leftmenu=customers_bills_canceled&search_status=3",$langs->trans("BillShortStatusCanceled"),2,$user->rights->facture->lire); } - $newmenu->add("/compta/facture/fiche-rec.php",$langs->trans("ListOfTemplates"),1,$user->rights->facture->lire); + $newmenu->add("/compta/facture/fiche-rec.php",$langs->trans("ListOfTemplates"),1,$user->rights->facture->creer); // No need to see recurring invoices, if user has no permission to create invoice. $newmenu->add("/compta/paiement/list.php",$langs->trans("Payments"),1,$user->rights->facture->lire); @@ -945,29 +945,29 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu if ($usemenuhider || empty($leftmenu) || preg_match('/accountancy_admin/',$leftmenu)) $newmenu->add("/accountancy/admin/account.php?mainmenu=accountancy&leftmenu=accountancy_admin", $langs->trans("Chartofaccounts"),2, $user->rights->accounting->chartofaccount, '', $mainmenu, 'accountancy_admin_chart', 20); if ($usemenuhider || empty($leftmenu) || preg_match('/accountancy_admin/',$leftmenu)) $newmenu->add("/accountancy/admin/categories_list.php?id=32&search_country_id=".$mysoc->country_id."&mainmenu=accountancy&leftmenu=accountancy_admin", $langs->trans("AccountingCategory"),2, $user->rights->accounting->chartofaccount, '', $mainmenu, 'accountancy_admin_chart', 22); if ($usemenuhider || empty($leftmenu) || preg_match('/accountancy_admin/',$leftmenu)) $newmenu->add("/accountancy/admin/defaultaccounts.php?mainmenu=accountancy&leftmenu=accountancy_admin", $langs->trans("MenuDefaultAccounts"),2, $user->rights->accounting->chartofaccount, '', $mainmenu, 'accountancy_admin_default', 40); - if (! empty($conf->facture->enabled) || ! empty($conf->fournisseur->enabled)) + if (! empty($conf->facture->enabled) || ! empty($conf->fournisseur->enabled)) { if ($usemenuhider || empty($leftmenu) || preg_match('/accountancy_admin/',$leftmenu)) $newmenu->add("/admin/dict.php?id=10&from=accountancy&search_country_id=".$mysoc->country_id."&mainmenu=accountancy&leftmenu=accountancy_admin", $langs->trans("MenuVatAccounts"),2, $user->rights->accounting->chartofaccount, '', $mainmenu, 'accountancy_admin_default', 30); } - if (! empty($conf->tax->enabled)) + if (! empty($conf->tax->enabled)) { if ($usemenuhider || empty($leftmenu) || preg_match('/accountancy_admin/',$leftmenu)) $newmenu->add("/admin/dict.php?id=7&from=accountancy&search_country_id=".$mysoc->country_id."&mainmenu=accountancy&leftmenu=accountancy_admin", $langs->trans("MenuTaxAccounts"),2, $user->rights->accounting->chartofaccount, '', $mainmenu, 'accountancy_admin_default', 30); } - if (! empty($conf->expensereport->enabled)) + if (! empty($conf->expensereport->enabled)) { if (preg_match('/accountancy_admin/',$leftmenu)) $newmenu->add("/admin/dict.php?id=17&from=accountancy&mainmenu=accountancy&leftmenu=accountancy_admin", $langs->trans("MenuExpenseReportAccounts"),2, $user->rights->accounting->chartofaccount, '', $mainmenu, 'accountancy_admin_default', 30); } /* not required yet, already supported by default account - if (! empty($conf->loan->enabled)) + if (! empty($conf->loan->enabled)) { if ($usemenuhider || empty($leftmenu) || preg_match('/accountancy_admin/',$leftmenu)) $newmenu->add("/admin/loan.php?mainmenu=accountancy&leftmenu=accountancy_admin", $langs->trans("MenuLoanAccounts"), 2, $user->rights->accounting->chartofaccount, '', $mainmenu, 'accountancy_admin_loan', 45); } - if (! empty($conf->don->enabled)) + if (! empty($conf->don->enabled)) { if (preg_match('/accountancy_admin/',$leftmenu)) $newmenu->add("/don/admin/donation.php?from=accountancy&mainmenu=accountancy&leftmenu=accountancy_admin", $langs->trans("MenuDonationAccounts"), 2, $user->rights->accounting->chartofaccount, '', $mainmenu, 'accountancy_admin_donation', 47); }*/ if ($usemenuhider || empty($leftmenu) || preg_match('/accountancy_admin/',$leftmenu)) $newmenu->add("/accountancy/admin/productaccount.php?mainmenu=accountancy&leftmenu=accountancy_admin", $langs->trans("MenuProductsAccounts"), 2, $user->rights->accounting->chartofaccount, '', $mainmenu, 'accountancy_admin_product', 50); - + // Binding if ($usemenuhider || empty($leftmenu) || preg_match('/accountancy/',$leftmenu)) $newmenu->add("/accountancy/customer/index.php?leftmenu=accountancy_dispatch_customer&mainmenu=accountancy",$langs->trans("CustomersVentilation"),1,$user->rights->accounting->bind->write, '', $mainmenu, 'dispatch_customer'); if ($usemenuhider || empty($leftmenu) || preg_match('/accountancy_dispatch_customer/',$leftmenu)) $newmenu->add("/accountancy/customer/list.php?mainmenu=accountancy&leftmenu=accountancy_dispatch_customer",$langs->trans("ToBind"),2,$user->rights->accounting->bind->write); @@ -1366,7 +1366,7 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu $newmenu->add("/adherents/stats/index.php?leftmenu=members",$langs->trans("MenuMembersStats"),1,$user->rights->adherent->lire); if (! empty($conf->global->MEMBER_LINK_TO_HTPASSWDFILE) && ($usemenuhider || empty($leftmenu) || $leftmenu=="export")) $newmenu->add("/adherents/htpasswd.php?leftmenu=export",$langs->trans("Filehtpasswd"),1,$user->rights->adherent->export); if ($usemenuhider || empty($leftmenu) || $leftmenu=="export") $newmenu->add("/adherents/cartes/carte.php?leftmenu=export",$langs->trans("MembersCards"),1,$user->rights->adherent->export); - + $newmenu->add("/adherents/index.php?leftmenu=members&mainmenu=members",$langs->trans("Subscriptions"),0,$user->rights->adherent->cotisation->lire); $newmenu->add("/adherents/list.php?leftmenu=members&statut=-1,1&mainmenu=members",$langs->trans("NewSubscription"),1,$user->rights->adherent->cotisation->creer); $newmenu->add("/adherents/subscription/list.php?leftmenu=members",$langs->trans("List"),1,$user->rights->adherent->cotisation->lire); From 225c17d04792fb5f9487546d7f576e455bc5207c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 13 Jun 2017 11:02:30 +0200 Subject: [PATCH 08/28] Fix permission on menu entry --- htdocs/core/menus/init_menu_auguria.sql | 5 +++-- htdocs/core/menus/standard/eldy.lib.php | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/htdocs/core/menus/init_menu_auguria.sql b/htdocs/core/menus/init_menu_auguria.sql index a32d3ef6886..6115b6cff0d 100644 --- a/htdocs/core/menus/init_menu_auguria.sql +++ b/htdocs/core/menus/init_menu_auguria.sql @@ -287,8 +287,9 @@ insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, left insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->projet->enabled', __HANDLER__, 'left', 3700__+MAX_llx_menu__, 'project', '', 7__+MAX_llx_menu__, '/projet/activity/index.php?leftmenu=projects', 'Activities', 0, 'projects', '$user->rights->projet->lire', '', 2, 0, __ENTITY__); insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->projet->enabled', __HANDLER__, 'left', 3701__+MAX_llx_menu__, 'project', '', 3700__+MAX_llx_menu__, '/projet/tasks.php?leftmenu=projects&action=create', 'NewTask', 1, 'projects', '$user->rights->projet->creer', '', 2, 1, __ENTITY__); insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->projet->enabled', __HANDLER__, 'left', 3702__+MAX_llx_menu__, 'project', '', 3700__+MAX_llx_menu__, '/projet/tasks/list.php?leftmenu=projects', 'List', 1, 'projects', '$user->rights->projet->lire', '', 2, 2, __ENTITY__); -insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->projet->enabled', __HANDLER__, 'left', 3703__+MAX_llx_menu__, 'project', '', 3700__+MAX_llx_menu__, '/projet/activity/perweek.php?leftmenu=projects', 'NewTimeSpent', 1, 'projects', '$user->rights->projet->lire', '', 2, 3, __ENTITY__); -insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->projet->enabled', __HANDLER__, 'left', 3704__+MAX_llx_menu__, 'project', '', 3600__+MAX_llx_menu__, '/projet/tasks/stats/index.php?leftmenu=projects', 'Statistics', 1, 'projects', '$user->rights->projet->lire', '', 2, 4, __ENTITY__); +insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->projet->enabled', __HANDLER__, 'left', 3704__+MAX_llx_menu__, 'project', '', 3700__+MAX_llx_menu__, '/projet/tasks/stats/index.php?leftmenu=projects', 'Statistics', 1, 'projects', '$user->rights->projet->lire', '', 2, 4, __ENTITY__); + +insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->projet->enabled', __HANDLER__, 'left', 3400__+MAX_llx_menu__, 'project', '', 7__+MAX_llx_menu__, '/projet/activity/perweek.php?leftmenu=projects', 'NewTimeSpent', 0, 'projects', '$user->rights->projet->lire', '', 2, 3, __ENTITY__); -- Project - Categories insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->categorie->enabled', __HANDLER__, 'left', 3804__+MAX_llx_menu__, 'project', 'cat', 3__+MAX_llx_menu__, '/categories/index.php?leftmenu=cat&type=6', 'Categories', 0, 'categories', '$user->rights->categorie->lire', '', 2, 4, __ENTITY__); diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 8c83435914b..7b25dbe35fb 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -1322,9 +1322,10 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu $newmenu->add("/projet/activity/index.php?leftmenu=tasks".($search_project_user?'&search_project_user='.$search_project_user:''), $langs->trans("Activities"), 0, $user->rights->projet->lire); $newmenu->add("/projet/tasks.php?leftmenu=tasks&action=create", $langs->trans("NewTask"), 1, $user->rights->projet->creer); $newmenu->add("/projet/tasks/list.php?leftmenu=tasks".($search_project_user?'&search_project_user='.$search_project_user:''), $langs->trans("List"), 1, $user->rights->projet->lire); - $newmenu->add("/projet/activity/perweek.php?leftmenu=tasks".($search_project_user?'&search_project_user='.$search_project_user:''), $langs->trans("NewTimeSpent"), 1, $user->rights->projet->lire); $newmenu->add("/projet/tasks/stats/index.php?leftmenu=projects", $langs->trans("Statistics"), 1, $user->rights->projet->lire); + $newmenu->add("/projet/activity/perweek.php?leftmenu=tasks".($search_project_user?'&search_project_user='.$search_project_user:''), $langs->trans("NewTimeSpent"), 0, $user->rights->projet->lire); + // All project i have permission on /*$newmenu->add("/projet/activity/index.php", $langs->trans("Activities"), 0, $user->rights->projet->lire && $user->rights->projet->lire); $newmenu->add("/projet/tasks.php?action=create", $langs->trans("NewTask"), 1, $user->rights->projet->creer && $user->rights->projet->creer); From 5def2d2600276918d80aab9ece3c2f36af8f7bfd Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 13 Jun 2017 11:14:52 +0200 Subject: [PATCH 09/28] Add div to help debug of html content --- htdocs/product/price.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/htdocs/product/price.php b/htdocs/product/price.php index b18c3b8828a..cbfe90a5a52 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -1328,7 +1328,9 @@ if ((empty($conf->global->PRODUIT_CUSTOMER_PRICES) || $action=='showlog_default_ $result = $db->query($sql); if ($result) { - $num = $db->num_rows($result); + print '
'; + + $num = $db->num_rows($result); if (! $num) { @@ -1471,6 +1473,8 @@ if ((empty($conf->global->PRODUIT_CUSTOMER_PRICES) || $action=='showlog_default_ print '
'; print "
"; } + + print ''; } else { dol_print_error($db); } From 4c0b0ef4c2b37f106d0017d3fbd21258fcaea2c5 Mon Sep 17 00:00:00 2001 From: phf Date: Tue, 13 Jun 2017 11:29:12 +0200 Subject: [PATCH 10/28] Fix display on situation invoice --- htdocs/compta/facture.php | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php index c19c521ca65..59e52ac7b5d 100644 --- a/htdocs/compta/facture.php +++ b/htdocs/compta/facture.php @@ -3327,7 +3327,7 @@ else if ($id > 0 || ! empty($ref)) print $object->situation_counter; print ''; - print ''; + print ''; $prevsits_total_amount = 0; foreach ($prevsits as $situation) { @@ -3335,9 +3335,10 @@ else if ($id > 0 || ! empty($ref)) } $prevsits_total_amount += $object->total_ht; - print price($prevsits_total_amount); - print ''; - print '' . $langs->trans('Currency' . $conf->currency) . ''; + print price($prevsits_total_amount, 0, $langs, 1, -1, -1, (!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency) ); + + print ''; + // Previous situation(s) deduction(s) for ($i = 0; $i < $cprevsits; $i++) { @@ -3348,10 +3349,10 @@ else if ($id > 0 || ! empty($ref)) print $prevsits[$i]->situation_counter; print ''; - print ''; - print '- ' . price($prevsits[$i]->total_ht); - print ''; - print '' . $langs->trans('Currency' . $conf->currency) . ''; + print ''; + print '- ' . price($prevsits[$i]->total_ht, 0, $langs, 1, -1, -1, (!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency) ); + print ''; + } } } From e4c7f584e3cf21108cad67b389eecf5b3d6b93bf Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 13 Jun 2017 11:45:21 +0200 Subject: [PATCH 11/28] Fix option STOCK_SUPPORTS_SERVICES (stock not visible when it should) --- htdocs/product/list.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/product/list.php b/htdocs/product/list.php index 40dcd116ab4..7fd4135bd4a 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -628,9 +628,9 @@ else $product_static->status = $objp->tosell; $product_static->entity = $objp->entity; - if (! empty($conf->stock->enabled) && $user->rights->stock->lire && $type != 1) // To optimize call of load_stock + if ((! empty($conf->stock->enabled) && $user->rights->stock->lire && $type != 1) || ! empty($conf->global->STOCK_DISABLE_OPTIM_LOAD)) // To optimize call of load_stock { - if ($objp->fk_product_type != 1) // Not a service + if ($objp->fk_product_type != 1 || ! empty($conf->global->STOCK_SUPPORTS_SERVICES)) // Not a service { $product_static->load_stock('nobatch'); // Load stock_reel + stock_warehouse. This also call load_virtual_stock() } From f2961b8652dce6ff9cf86a3d1fb4c1ab042a7c3e Mon Sep 17 00:00:00 2001 From: phf Date: Tue, 13 Jun 2017 12:30:30 +0200 Subject: [PATCH 12/28] Fix 6993 - supplier propal check min price on update line --- htdocs/supplier_proposal/card.php | 5 ----- 1 file changed, 5 deletions(-) diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index ea0ecc12f89..55da718cebc 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -808,11 +808,6 @@ if (empty($reshook)) $price_min = $product->multiprices_min [$object->thirdparty->price_level]; $label = ((GETPOST('update_label') && GETPOST('product_label')) ? GETPOST('product_label') : ''); - - if ($price_min && (price2num($pu_ht) * (1 - price2num(GETPOST('remise_percent')) / 100) < price2num($price_min))) { - setEventMessages($langs->trans("CantBeLessThanMinPrice", price(price2num($price_min, 'MU'), 0, $langs, 0, 0, - 1, $conf->currency)), null, 'errors'); - $error ++; - } } else { $type = GETPOST('type'); $label = (GETPOST('product_label') ? GETPOST('product_label') : ''); From c0f46834cb50a39620ec6d0dcb1cdedab7486717 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 13 Jun 2017 13:22:05 +0200 Subject: [PATCH 13/28] Fix demo links --- htdocs/langs/en_US/projects.lang | 1 + htdocs/main.inc.php | 4 +- htdocs/public/demo/index.php | 67 +++++++++++++++++++------------- 3 files changed, 43 insertions(+), 29 deletions(-) diff --git a/htdocs/langs/en_US/projects.lang b/htdocs/langs/en_US/projects.lang index b3317df9c8e..d940555f206 100644 --- a/htdocs/langs/en_US/projects.lang +++ b/htdocs/langs/en_US/projects.lang @@ -64,6 +64,7 @@ TaskDescription=Task description NewTask=New task AddTask=Create task AddTimeSpent=Create time spent +AddHereTimeSpentForDay=Add here time spent for this day/task Activity=Activity Activities=Tasks/activities MyActivities=My tasks/activities diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 74f3698e728..6b75b957590 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -396,8 +396,8 @@ if (! defined('NOLOGIN')) { if (empty($_SERVER['HTTP_REFERER']) || ! preg_match('/public/',$_SERVER['HTTP_REFERER'])) { - dol_syslog("Call index page from another url than demo page"); - $url=''; + dol_syslog("Call index page from another url than demo page (call is done from page ".$_SERVER['HTTP_REFERER'].")"); + $url=''; $url.=($url?'&':'').($dol_hide_topmenu?'dol_hide_topmenu='.$dol_hide_topmenu:''); $url.=($url?'&':'').($dol_hide_leftmenu?'dol_hide_leftmenu='.$dol_hide_leftmenu:''); $url.=($url?'&':'').($dol_optimize_smallscreen?'dol_optimize_smallscreen='.$dol_optimize_smallscreen:''); diff --git a/htdocs/public/demo/index.php b/htdocs/public/demo/index.php index be844c8a2da..f9bb4db7ecf 100644 --- a/htdocs/public/demo/index.php +++ b/htdocs/public/demo/index.php @@ -54,12 +54,13 @@ $alwaysuncheckedmodules=array(); $alwayshiddencheckedmodules=array(); $alwayshiddenuncheckedmodules=array(); -$url=DOL_URL_ROOT.'/index.php?'; +$url=''; $url.=($url?'&':'').($conf->dol_hide_topmenu?'dol_hide_topmenu='.$conf->dol_hide_topmenu:''); $url.=($url?'&':'').($conf->dol_hide_leftmenu?'dol_hide_leftmenu='.$conf->dol_hide_leftmenu:''); $url.=($url?'&':'').($conf->dol_optimize_smallscreen?'dol_optimize_smallscreen='.$conf->dol_optimize_smallscreen:''); $url.=($url?'&':'').($conf->dol_no_mouse_hover?'dol_no_mouse_hover='.$conf->dol_no_mouse_hover:''); $url.=($url?'&':'').($conf->dol_use_jmobile?'dol_use_jmobile='.$conf->dol_use_jmobile:''); +$url=DOL_URL_ROOT.'/index.php'.($url?'?'.$url:''); $tmpaction = 'view'; $parameters=array(); @@ -105,6 +106,7 @@ if (empty($reshook)) ) ); + // Visible $alwayscheckedmodules=array('barcode','bookmark','categorie','externalrss','fckeditor','geoipmaxmind','gravatar','memcached','syslog','user','webservices'); // Technical module we always want $alwaysuncheckedmodules=array('dynamicprices','loan','multicurrency','paybox','paypal','stripe','google','printing','scanner','workflow'); // Module we never want @@ -202,7 +204,7 @@ asort($orders); * Actions */ -if (GETPOST('action','aZ09') == 'gotodemo') +if (GETPOST('action','aZ09') == 'gotodemo') // Action run when we click on "Start" after selection modules { //print 'ee'.GETPOST("demochoice"); $disablestring=''; @@ -232,8 +234,9 @@ if (GETPOST('action','aZ09') == 'gotodemo') // Do redirect to login page if ($disablestring) { - if (GETPOST('urlfrom')) $url.=($url?'&':'').'urlfrom='.urlencode(GETPOST('urlfrom','alpha')); - $url.=($url?'&':'').'disablemodules='.$disablestring; + if (GETPOST('urlfrom')) $url.=(preg_match('/\?/',$url)?'&':'?').'urlfrom='.urlencode(GETPOST('urlfrom','alpha')); + $url.=(preg_match('/\?/',$url)?'&':'?').'disablemodules='.$disablestring; + //var_dump($url);exit; header("Location: ".$url); exit; } @@ -252,25 +255,25 @@ $head.=' '; @@ -304,13 +307,23 @@ foreach ($demoprofiles as $profilearray) //print $profilearray['lang']; if (! empty($profilearray['lang'])) $langs->load($profilearray['lang']); - $url=$_SERVER["PHP_SELF"].'?action=gotodemo&urlfrom='.urlencode($_SERVER["PHP_SELF"]); + $url=$_SERVER["PHP_SELF"].'?action=gotodemo'; $urlwithmod=$url.'&demochoice='.$profilearray['key']; // Should work with DOL_URL_ROOT='' or DOL_URL_ROOT='/dolibarr' //print "xx".$_SERVER["PHP_SELF"].' '.DOL_URL_ROOT.'
'; - $urlfrom=preg_replace('/^'.preg_quote(DOL_URL_ROOT,'/').'/i','',$_SERVER["PHP_SELF"]); + + $urlfrom=preg_replace('/^'.preg_quote(DOL_URL_ROOT,'/').'/i','',$_SERVER["PHP_SELF"]); //print $urlfrom; - if (! empty($profilearray['url'])) $urlwithmod=$profilearray['url']; + + if (! empty($profilearray['url'])) + { + $urlwithmod=$profilearray['url']; + $urlwithmod=$urlwithmod.(preg_match('/\?/',$urlwithmod)?'&':'?').'urlfrom='.urlencode($urlfrom); + if (! empty($profilearray['disablemodules'])) + { + $urlwithmod=$urlwithmod.(preg_match('/\?/',$urlwithmod)?'&':'?').'disablemodules='.$profilearray['disablemodules']; + } + } if (empty($profilearray['url'])) { @@ -348,7 +361,7 @@ foreach ($demoprofiles as $profilearray) print ''; - // Modules + // Modules (a profile you must choose modules) if (empty($profilearray['url'])) { print '