lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: missing entity

Browse Source 
Fix: missing security
Fix: remove obsolete files
This commit is contained in:
Regis Houssin 2011-08-20 09:02:56 +00:00
parent a49bea1b03
commit d01d8021b7
7 changed files with 51 additions and 237 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
htdocs/categories/class/categorie.class.php
View File

@ -2,7 +2,7 @@
/* Copyright (C) 2005 Matthieu Valleton <mv@seeschloss.org>
* Copyright (C) 2005 Davoleau Brice <brice.davoleau@gmail.com>
* Copyright (C) 2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2006-2008 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2006-2011 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2006-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2007 Patrick Raguin <patrick.raguin@gmail.com>
*
@ -24,7 +24,7 @@
* \file htdocs/categories/class/categorie.class.php
* \ingroup categorie
* \brief File of class to manage categories
* \version $Id: categorie.class.php,v 1.18 2011/08/03 00:46:39 eldy Exp $
* \version $Id: categorie.class.php,v 1.19 2011/08/20 09:02:56 hregis Exp $
*/
require_once(DOL_DOCUMENT_ROOT."/product/class/product.class.php");
@ -147,7 +147,8 @@ class Categorie
$sql.= "fk_soc,";
}
$sql.= " visible,";
$sql.= " type";
$sql.= " type,";
$sql.= " entity";
//$sql.= ", fk_parent_id";
$sql.= ")";
$sql.= " VALUES ('".$this->db->escape($this->label)."', '".$this->db->escape($this->description)."',";
@ -155,7 +156,7 @@ class Categorie
{
$sql.= ($this->socid != -1 ? $this->socid : 'null').",";
}
$sql.= "'".$this->visible."',".$this->type;
$sql.= "'".$this->visible."',".$this->type.",".$conf->entity;
//$sql.= ",".$this->parentId;
$sql.= ")";
@ -609,11 +610,16 @@ class Categorie
*/
function get_full_arbo($type,$markafterid=0)
{
global $conf;
$this->cats = array();
// Charge tableau des meres
$sql = "SELECT fk_categorie_mere as id_mere, fk_categorie_fille as id_fille";
$sql.= " FROM ".MAIN_DB_PREFIX."categorie_association";
$sql = "SELECT ca.fk_categorie_mere as id_mere, ca.fk_categorie_fille as id_fille";
$sql.= " FROM ".MAIN_DB_PREFIX."categorie_association ca";
$sql.= ", ".MAIN_DB_PREFIX."categorie as c";
$sql.= " WHERE ca.fk_categorie_mere = c.rowid";
$sql.= " AND c.entity = ".$conf->entity;
// Load array this->motherof
dol_syslog("Categorie::get_full_arbo build motherof array sql=".$sql, LOG_DEBUG);
@ -635,8 +641,9 @@ class Categorie
$sql = "SELECT DISTINCT c.rowid, c.label as label, ca.fk_categorie_fille as rowid_fille"; // Distinct reduce pb with old tables with duplicates
$sql.= " FROM ".MAIN_DB_PREFIX."categorie as c";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_association as ca";
$sql.= " ON c.rowid=ca.fk_categorie_mere";
$sql.= " ON c.rowid = ca.fk_categorie_mere";
$sql.= " WHERE c.type = ".$type;
$sql.= " AND c.entity = ".$conf->entity;
$sql.= " ORDER BY c.label, c.rowid";
dol_syslog("Categorie::get_full_arbo get category list sql=".$sql, LOG_DEBUG);

83
htdocs/categories/docreate.php
View File

@ -1,83 +0,0 @@
<?php
/* Copyright (C) 2005 Matthieu Valleton <mv@seeschloss.org>
* Copyright (C) 2006 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* $Id: docreate.php,v 1.9 2011/08/03 00:46:32 eldy Exp $
*/
/**
* \file htdocs/categories/docreate.php
* \ingroup category
* \brief Page de creation categorie
* \version $Revision: 1.9 $
*/
require("../main.inc.php");
require_once(DOL_DOCUMENT_ROOT."/categories/class/categorie.class.php");
$langs->load("categories");
if (!isset($_REQUEST["nom"]) || !isset($_REQUEST["description"]))
accessforbidden();
/**
* Affichage page accueil
*/
llxHeader("","",$langs->trans("Categories"));
print_titre($langs->trans("CatCreated"));
print '<table border="0" width="100%">';
print '<tr><td valign="top" width="30%">';
$categorie = new Categorie($db);
$categorie->label = $_REQUEST["nom"];
$categorie->description = $_REQUEST["description"];
$cats_meres = isset($_REQUEST['cats_meres']) ? $_REQUEST['cats_meres'] : array();
$res = $categorie->create();
if ($res < 0)
{
print "<p>Impossible d'ajouter la cat<61>gorie ".$categorie->label.".</p>";
}
else
{
print "<p>La cat<61>gorie ".$categorie->label." a <20>t<EFBFBD> ajout<75>e avec succ<63>s.</p>";
foreach ($cats_meres as $id)
{
$mere = new Categorie($db, $id);
$res = $mere->add_fille($categorie);
if ($res < 0)
{
print "<p>Impossible d'associer la cat<61>gorie <20> \"".$mere->label."\" ($res).</p>";
}
}
}
print '</td></tr></table>';
$db->close();
?>

119
htdocs/categories/domodif.php
View File

@ -1,119 +0,0 @@
<?php
/* Copyright (C) 2005 Matthieu Valleton <mv@seeschloss.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
\file htdocs/categories/domodif.php
\ingroup category
\brief Page de modification categorie
\version $Revision: 1.6 $
*/
require("../main.inc.php");
require_once(DOL_DOCUMENT_ROOT."/categories/class/categorie.class.php");
if (!isset ($_REQUEST["id"]) || !isset ($_REQUEST["nom"]) || !isset ($_REQUEST["description"]))
accessforbidden();
/**
* Affichage page accueil
*/
llxHeader("","",$langs->trans("Categories"));
print_titre($langs->trans("CatCreated"));
print '<table border="0" width="100%">';
print '<tr><td valign="top" width="30%">';
$cat = new Categorie ($db, $_REQUEST['id']);
$cat->label = $_REQUEST["nom"];
$cat->description = $_REQUEST["description"];
$new_cats_meres = isset ($_REQUEST['cats_meres']) ? $_REQUEST['cats_meres'] : array ();
// tableau d'id de categories
$old_objs_meres = $cat->get_meres ();
// tableau d'objets categorie
$old_cats_meres = array ();
foreach ($old_objs_meres as $old_obj_mere)
{ // transformation en tableau d'id
$old_cats_meres[] = $old_obj_mere->id;
}
$asupprimer = array (); // tableaux des categories meres
$aajouter = array (); // a ajouter ou a supprimer
foreach ($old_cats_meres as $old_cat)
{
if (!in_array ($old_cat, $new_cats_meres))
{
$asupprimer[] = new Categorie ($db, $old_cat);
}
}
foreach ($new_cats_meres as $new_cat)
{
if (!in_array ($new_cat, $old_cats_meres))
{
$aajouter[] = new Categorie ($db, $new_cat);
}
}
$res = $cat->update ();
if ($res < 0)
{
print "<p>Impossible de modifier la categorie ".$cat->label.".</p>";
}
else
{
print "<p>La categorie ".$cat->label." a ete modifiee avec succes.</p>";
foreach ($asupprimer as $old_mere)
{
$res = $old_mere->del_fille ($cat);
if ($res < 0)
{
print "<p>Impossible d'enlever la categorie de \"".$old_mere->label."\" ($res).</p>\n";
}
else
{
print "<p>La categorie ne fait plus partie de ".$old_mere->label.".</p>\n";
}
}
foreach ($aajouter as $new_mere)
{
$res = $new_mere->add_fille ($cat);
if ($res < 0)
{
print "<p>Impossible d'ajouter la categorie a \"".$new_mere->label."\" ($res).</p>";
}
else
{
print "<p>La categorie fait maintenant partie de ".$new_mere->label.".</p>\n";
}
}
}
print '</td></tr></table>';
$db->close();
?>

30
htdocs/categories/edit.php
View File

@ -1,7 +1,7 @@
<?php
/* Copyright (C) 2005 Matthieu Valleton <mv@seeschloss.org>
* Copyright (C) 2006-2010 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2008 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2007 Patrick Raguin <patrick.raguin@gmail.com>
*
* This program is free software; you can redistribute it and/or modify
@ -22,18 +22,28 @@
* \file htdocs/categories/edit.php
* \ingroup category
* \brief Page d'edition de categorie produit
* \version $Id: edit.php,v 1.39 2011/08/03 00:46:31 eldy Exp $
* \version $Id: edit.php,v 1.40 2011/08/20 09:02:57 hregis Exp $
*/
require("../main.inc.php");
require_once(DOL_DOCUMENT_ROOT."/categories/class/categorie.class.php");
// Security check
if (!$user->rights->categorie->lire)
accessforbidden();
$id=GETPOST('id');
$ref=GETPOST('ref');
$type=GETPOST('type');
$action=GETPOST('action');
$confirm=GETPOST('confirm');
if ($id == "")
{
dol_print_error('','Missing parameter id');
exit();
}
// Security check
$result = restrictedArea($user, 'categorie', $id);
$type=$_REQUEST['type'];
/*
@ -41,10 +51,10 @@ $type=$_REQUEST['type'];
*/
// Action mise a jour d'une categorie
if ($_POST["action"] == 'update' && $user->rights->categorie->creer)
if ($action == 'update' && $user->rights->categorie->creer)
{
$categorie = new Categorie ($db);
$result=$categorie->fetch($_REQUEST['id']);
$result=$categorie->fetch($id);
$categorie->label = $_POST["nom"];
$categorie->description = $_POST["description"];
@ -103,7 +113,7 @@ if ($mesg)
print '</div>';
}
$categorie = new Categorie ($db, $_REQUEST['id']);
$categorie = new Categorie ($db, $id);
$html = new Form($db);
print '<table class="notopnoleft" border="0" width="100%">';
@ -151,5 +161,5 @@ print '</td></tr></table>';
$db->close();
llxFooter('$Date: 2011/08/03 00:46:31 $ - $Revision: 1.39 $');
llxFooter('$Date: 2011/08/20 09:02:57 $ - $Revision: 1.40 $');
?>

6
htdocs/categories/index.php
View File

@ -3,7 +3,7 @@
* Copyright (C) 2005 Eric Seigne <eric.seigne@ryxeo.com>
* Copyright (C) 2006-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2007 Patrick Raguin <patrick.raguin@gmail.com>
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -23,7 +23,7 @@
* \file htdocs/categories/index.php
* \ingroup category
* \brief Home page of category area
* \version $Id: index.php,v 1.55 2011/08/03 00:46:32 eldy Exp $
* \version $Id: index.php,v 1.56 2011/08/20 09:02:57 hregis Exp $
*/
require("../main.inc.php");
@ -312,5 +312,5 @@ print "</table>";
$db->close();
llxFooter('$Date: 2011/08/03 00:46:32 $ - $Revision: 1.55 $');
llxFooter('$Date: 2011/08/20 09:02:57 $ - $Revision: 1.56 $');
?>

11
htdocs/categories/photos.php
View File

@ -2,7 +2,7 @@
/* Copyright (C) 2001-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2010 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005 Eric Seigne <eric.seigne@ryxeo.com>
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -22,7 +22,7 @@
* \file htdocs/categories/photos.php
* \ingroup category
* \brief Gestion des photos d'une categorie
* \version $Id: photos.php,v 1.14 2011/08/17 15:56:26 eldy Exp $
* \version $Id: photos.php,v 1.15 2011/08/20 09:02:57 hregis Exp $
*/
require("../main.inc.php");
@ -33,8 +33,6 @@ require_once(DOL_DOCUMENT_ROOT."/lib/categories.lib.php");
$langs->load("categories");
$langs->load("bills");
// Security check
if (!$user->rights->categorie->lire) accessforbidden();
$mesg = '';
@ -50,6 +48,9 @@ if ($id == "")
exit();
}
// Security check
$result = restrictedArea($user, 'categorie', $id);
$object = new Categorie($db);
/*
@ -304,5 +305,5 @@ else
$db->close();
llxFooter('$Date: 2011/08/17 15:56:26 $ - $Revision: 1.14 $');
llxFooter('$Date: 2011/08/20 09:02:57 $ - $Revision: 1.15 $');
?>

18
htdocs/categories/viewcat.php
View File

@ -1,8 +1,8 @@
<?php
/* Copyright (C) 2005 Matthieu Valleton <mv@seeschloss.org>
/* Copyright (C) 2005 Matthieu Valleton <mv@seeschloss.org>
* Copyright (C) 2006-2010 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2007 Patrick Raguin <patrick.raguin@gmail.com>
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2007 Patrick Raguin <patrick.raguin@gmail.com>
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -22,7 +22,7 @@
* \file htdocs/categories/viewcat.php
* \ingroup category
* \brief Page to show a category card
* \version $Revision: 1.53 $
* \version $Id: viewcat.php,v 1.54 2011/08/20 09:02:58 hregis Exp $
*/
require("../main.inc.php");
@ -31,11 +31,6 @@ require_once(DOL_DOCUMENT_ROOT."/lib/categories.lib.php");
$langs->load("categories");
// Security check
if (! $user->rights->categorie->lire) accessforbidden();
$mesg = '';
$mesg = '';
$id=GETPOST('id');
$ref=GETPOST('ref');
@ -49,6 +44,9 @@ if ($id == "")
exit();
}
// Security check
$result = restrictedArea($user, 'categorie', $id);
$object = new Categorie($db);
$result=$object->fetch($id);
if ($result <= 0)
@ -363,5 +361,5 @@ if ($object->type == 3)
$db->close();
llxFooter('$Date: 2011/08/03 00:46:31 $ - $Revision: 1.53 $');
llxFooter('$Date: 2011/08/20 09:02:58 $ - $Revision: 1.54 $');
?>