';
if ($action == '') {
if ($user->rights->salaries->delete) {
if (!$disable_delete) {
- print '
'.$langs->trans('Delete').' ';
+ print '
'.$langs->trans('Delete').' ';
} else {
print '
'.$langs->trans('Delete').' ';
}
diff --git a/htdocs/salaries/payments.php b/htdocs/salaries/payments.php
index 3e6630dbaf1..09c90854f22 100644
--- a/htdocs/salaries/payments.php
+++ b/htdocs/salaries/payments.php
@@ -75,8 +75,12 @@ $search_user = GETPOST('search_user', 'alpha');
$search_label = GETPOST('search_label', 'alpha');
$search_date_start = dol_mktime(0, 0, 0, GETPOST('search_date_startmonth', 'int'), GETPOST('search_date_startday', 'int'), GETPOST('search_date_startyear', 'int'));
$search_date_end = dol_mktime(23, 59, 59, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int'));
+$search_dateep_start = dol_mktime(0, 0, 0, GETPOST('search_dateep_startmonth', 'int'), GETPOST('search_dateep_startday', 'int'), GETPOST('search_dateep_startyear', 'int'));
+$search_dateep_end = dol_mktime(23, 59, 59, GETPOST('search_dateep_endmonth', 'int'), GETPOST('search_dateep_endday', 'int'), GETPOST('search_dateep_endyear', 'int'));
$search_amount = GETPOST('search_amount', 'alpha');
$search_account = GETPOST('search_account', 'int');
+$search_fk_bank = GETPOST('search_fk_bank', 'int');
+$search_chq_number = GETPOST('search_chq_number', 'int');
$filtre = GETPOST("filtre", 'restricthtml');
@@ -139,8 +143,12 @@ if (empty($reshook)) {
$search_label = "";
$search_date_start = '';
$search_date_end = '';
+ $search_dateep_start = '';
+ $search_dateep_end = '';
$search_amount = "";
$search_account = '';
+ $search_fk_bank = '';
+ $search_chq_number = '';
$search_type_id = "";
}
if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')
@@ -171,6 +179,7 @@ $salstatic = new Salary($db);
$paymentsalstatic = new PaymentSalary($db);
$userstatic = new User($db);
$accountstatic = new Account($db);
+$accountlinestatic = new AccountLine($db);
$now = dol_now();
@@ -179,8 +188,8 @@ $help_url = '';
$title = $langs->trans('SalariesPayments');
$sql = "SELECT u.rowid as uid, u.lastname, u.firstname, u.login, u.email, u.admin, u.salary as current_salary, u.fk_soc as fk_soc, u.statut as status,";
-$sql .= " s.rowid, s.fk_user, s.amount, s.salary, sal.rowid as id_salary, sal.label, s.datep as datep, b.datev as datev, s.fk_typepayment as type, s.num_payment, s.fk_bank,";
-$sql .= " ba.rowid as bid, ba.ref as bref, ba.number as bnumber, ba.account_number, ba.fk_accountancy_journal, ba.label as blabel,";
+$sql .= " s.rowid, s.fk_user, s.amount, s.salary, sal.rowid as id_salary, sal.label, s.datep as datep, sal.dateep, b.datev as datev, s.fk_typepayment as type, s.num_payment, s.fk_bank,";
+$sql .= " ba.rowid as bid, ba.ref as bref, ba.number as bnumber, ba.account_number, ba.fk_accountancy_journal, ba.label as blabel, ba.iban_prefix as iban, ba.bic, ba.currency_code, ba.clos,";
$sql .= " pst.code as payment_code";
$sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as s";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."salary as sal ON (sal.rowid = s.fk_salary)";
@@ -199,8 +208,13 @@ if ($search_user) $sql .= natural_search(array('u.login', 'u.lastname', 'u.fir
if ($search_label) $sql .= natural_search(array('sal.label'), $search_label);
if ($search_date_start) $sql .= " AND s.datep >= '".$db->idate($search_date_start)."'";
if ($search_date_end) $sql .= " AND s.datep <= '".$db->idate($search_date_end)."'";
+if ($search_dateep_start) $sql .= " AND sal.dateep >= '".$db->idate($search_dateep_start)."'";
+if ($search_dateep_end) $sql .= " AND sal.dateep <= '".$db->idate($search_dateep_end)."'";
if ($search_amount) $sql .= natural_search("s.amount", $search_amount, 1);
if ($search_account > 0) $sql .= " AND b.fk_account=".((int) $search_account);
+if ($search_fk_bank) $sql .= " AND s.fk_bank=".((int) $search_fk_bank);
+if ($search_chq_number) $sql .= natural_search(array('s.num_payment'), $search_chq_number);
+
if ($search_type_id > 0) {
$sql .= " AND s.fk_typepayment=".$search_type_id;
}
@@ -245,11 +259,15 @@ if ($search_type_id) $param .= '&search_type_id='.urlencode($search_type_id);
if ($optioncss != '') $param .= '&optioncss='.urlencode($optioncss);
if ($search_ref) $param .= '&search_ref='.urlencode($search_ref);
if ($search_ref_salary) $param .= '&search_ref_salary='.urlencode($search_ref_salary);
-if ($search_user > 0) $param .= '&search_user='.urlencode($search_user);
+if ($search_user) $param .= '&search_user='.urlencode($search_user);
if ($search_label) $param .= '&search_label='.urlencode($search_label);
+if ($search_fk_bank) $param .= '&search_fk_bank='.urlencode($search_fk_bank);
+if ($search_chq_number) $param .= '&search_chq_number='.urlencode($search_chq_number);
if ($search_account) $param .= '&search_account='.urlencode($search_account);
if ($search_date_start) $param .= '&search_date_startday='.urlencode(GETPOST('search_date_startday', 'int')).'&search_date_startmonth='.urlencode(GETPOST('search_date_startmonth', 'int')).'&search_date_startyear='.urlencode(GETPOST('search_date_startyear', 'int'));
+if ($search_dateep_start) $param .= '&search_dateep_startday='.urlencode(GETPOST('search_dateep_startday', 'int')).'&search_dateep_startmonth='.urlencode(GETPOST('search_dateep_startmonth', 'int')).'&search_dateep_startyear='.urlencode(GETPOST('search_dateep_startyear', 'int'));
if ($search_date_end) $param .= '&search_date_endday='.urlencode(GETPOST('search_date_endday', 'int')).'&search_date_endmonth='.urlencode(GETPOST('search_date_endmonth', 'int')).'&search_date_endyear='.urlencode(GETPOST('search_date_endyear', 'int'));
+if ($search_dateep_end) $param .= '&search_dateep_endday='.urlencode(GETPOST('search_dateep_endday', 'int')).'&search_dateep_endmonth='.urlencode(GETPOST('search_dateep_endmonth', 'int')).'&search_dateep_endyear='.urlencode(GETPOST('search_dateep_endyear', 'int'));
// Add $param from extra fields
include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php';
@@ -292,16 +310,21 @@ print '
';
print '';
print ' ';
-// Employee
-print '';
-print ' ';
// Salary
print '';
print ' ';
// Label
print '';
+print '';
+print $form->selectDate($search_dateep_start ? $search_dateep_start : -1, 'search_dateep_start', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('From'));
+print '
';
+print '';
+print $form->selectDate($search_dateep_end ? $search_dateep_end : -1, 'search_dateep_end', 0, 0, 1, '', 1, 0, 0, '', '', '', '', 1, '', $langs->trans('to'));
+print '
';
+print ' ';
// Date payment
print '';
print '';
@@ -312,14 +335,26 @@ print $form->selectDate($search_date_end ? $search_date_end : -1, 'search_date_e
print '
';
print ' ';
// Date value
-print '';
+/*print ' ';
+print ' ';*/
+// Employee
+print '';
+print ' ';
// Type
print '';
$form->select_types_paiements($search_type_id, 'search_type_id', '', 0, 1, 1, 16);
print ' ';
-// Account
+// Chq number
+print '';
+ print ' ';
+
+ // Account
print '';
$form->select_comptes($search_account, 'search_account', 0, '', 1);
print ' ';
@@ -345,14 +380,19 @@ print ' '."\n";
// Fields title label
// --------------------------------------------------------------------
print '
';
-print_liste_field_titre("Ref", $_SERVER["PHP_SELF"], "s.rowid", "", $param, "", $sortfield, $sortorder);
-print_liste_field_titre("Employee", $_SERVER["PHP_SELF"], "u.rowid", "", $param, "", $sortfield, $sortorder);
+print_liste_field_titre("RefPayment", $_SERVER["PHP_SELF"], "s.rowid", "", $param, "", $sortfield, $sortorder);
print_liste_field_titre("Salary", $_SERVER["PHP_SELF"], "sal.rowid", "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("Label", $_SERVER["PHP_SELF"], "s.label", "", $param, 'class="left"', $sortfield, $sortorder);
+print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "sal.dateep", "", $param, '', $sortfield, $sortorder, 'center ');
print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "s.datep,s.rowid", "", $param, '', $sortfield, $sortorder, 'center ');
-print_liste_field_titre("DateValue", $_SERVER["PHP_SELF"], "b.datev,s.rowid", "", $param, '', $sortfield, $sortorder, 'center ');
+//print_liste_field_titre("DateValue", $_SERVER["PHP_SELF"], "b.datev,s.rowid", "", $param, '', $sortfield, $sortorder, 'center ');
+print_liste_field_titre("Employee", $_SERVER["PHP_SELF"], "u.rowid", "", $param, "", $sortfield, $sortorder);
print_liste_field_titre("PaymentMode", $_SERVER["PHP_SELF"], "pst.code", "", $param, 'class="left"', $sortfield, $sortorder);
-if (!empty($conf->banque->enabled)) print_liste_field_titre("BankAccount", $_SERVER["PHP_SELF"], "ba.label", "", $param, "", $sortfield, $sortorder);
+print_liste_field_titre("Numero", $_SERVER["PHP_SELF"], "s.num_payment", "", $param, '', $sortfield, $sortorder, '', 'ChequeOrTransferNumber');
+if (!empty($conf->banque->enabled)) {
+ print_liste_field_titre("BankTransactionLine", $_SERVER["PHP_SELF"], "s.fk_bank", "", $param, '', $sortfield, $sortorder);
+ print_liste_field_titre("BankAccount", $_SERVER["PHP_SELF"], "ba.label", "", $param, "", $sortfield, $sortorder);
+}
print_liste_field_titre("PayedByThisPayment", $_SERVER["PHP_SELF"], "s.amount", "", $param, 'class="right"', $sortfield, $sortorder);
// Extra fields
include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_title.tpl.php';
@@ -407,10 +447,6 @@ while ($i < ($limit ? min($num, $limit) : $num)) {
print "".$paymentsalstatic->getNomUrl(1)." \n";
if (!$i) $totalarray['nbfield']++;
- // Employee
- print "".$userstatic->getNomUrl(1)." \n";
- if (!$i) $totalarray['nbfield']++;
-
print "".$salstatic->getNomUrl(1)." \n";
if (!$i) $totalarray['nbfield']++;
@@ -418,26 +454,49 @@ while ($i < ($limit ? min($num, $limit) : $num)) {
print "".dol_trunc($obj->label, 40)." \n";
if (!$i) $totalarray['nbfield']++;
+ // Date end period
+ print ''.dol_print_date($db->jdate($obj->dateep), 'day')." \n";
+ if (!$i) $totalarray['nbfield']++;
+
// Date payment
print ''.dol_print_date($db->jdate($obj->datep), 'day')." \n";
if (!$i) $totalarray['nbfield']++;
// Date value
- print ''.dol_print_date($db->jdate($obj->datev), 'day')." \n";
+ /*print ''.dol_print_date($db->jdate($obj->datev), 'day')." \n";
+ if (!$i) $totalarray['nbfield']++;*/
+
+ // Employee
+ print "".$userstatic->getNomUrl(1)." \n";
if (!$i) $totalarray['nbfield']++;
// Type
- print ''.$langs->trans("PaymentTypeShort".$obj->payment_code).' '.$obj->num_payment.' ';
+ print ''.$langs->trans("PaymentTypeShort".$obj->payment_code).' ';
+ if (!$i) $totalarray['nbfield']++;
+
+ // Chq number
+ print ''.$obj->num_payment.' ';
if (!$i) $totalarray['nbfield']++;
// Account
if (!empty($conf->banque->enabled)) {
+ // Bank transaction
+ print '';
+ $accountlinestatic->id = $obj->fk_bank;
+ print $accountlinestatic->getNomUrl(1);
+ print ' ';
+ if (!$i) $totalarray['nbfield']++;
+
print '';
if ($obj->fk_bank > 0) {
//$accountstatic->fetch($obj->fk_bank);
$accountstatic->id = $obj->bid;
$accountstatic->ref = $obj->bref;
$accountstatic->number = $obj->bnumber;
+ $accountstatic->iban = $obj->iban;
+ $accountstatic->bic = $obj->bic;
+ $accountstatic->currency_code = $langs->trans("Currency".$obj->currency_code);
+ $accountstatic->clos = $obj->clos;
if (!empty($conf->accounting->enabled)) {
$accountstatic->account_number = $obj->account_number;
@@ -448,7 +507,9 @@ while ($i < ($limit ? min($num, $limit) : $num)) {
$accountstatic->accountancy_journal = $accountingjournal->getNomUrl(0, 1, 1, '', 1);
}
$accountstatic->label = $obj->blabel;
- print $accountstatic->getNomUrl(1);
+ if ($accountstatic->id > 0) {
+ print $accountstatic->getNomUrl(1);
+ }
} else print ' ';
print ' ';
if (!$i) $totalarray['nbfield']++;
diff --git a/htdocs/societe/ajaxcompanies.php b/htdocs/societe/ajax/ajaxcompanies.php
similarity index 84%
rename from htdocs/societe/ajaxcompanies.php
rename to htdocs/societe/ajax/ajaxcompanies.php
index 3221aafff55..9295c363206 100644
--- a/htdocs/societe/ajaxcompanies.php
+++ b/htdocs/societe/ajax/ajaxcompanies.php
@@ -19,7 +19,7 @@
*/
/**
- * \file htdocs/societe/ajaxcompanies.php
+ * \file htdocs/societe/ajax/ajaxcompanies.php
* \brief File to return Ajax response on third parties request
*/
@@ -42,7 +42,22 @@ if (!defined('NOCSRFCHECK')) {
define('NOCSRFCHECK', '1');
}
-require '../main.inc.php';
+require '../../main.inc.php';
+require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
+
+$id = GETPOST('socid', 'int') || GETPOST('id_fourn', 'int');
+
+$object = new Societe($db);
+if ($id > 0) {
+ $object->fetch($id);
+}
+
+// Security check
+if ($user->socid > 0) {
+ $socid = $user->socid;
+ $object->id = $socid;
+}
+restrictedArea($user, 'societe', $object->id, '&societe');
/*
@@ -58,20 +73,18 @@ top_httphead();
//print ''."\n";
-dol_syslog(join(',', $_GET));
-
-// Generation liste des societes
-if (GETPOST('newcompany') || GETPOST('socid', 'int') || GETPOST('id_fourn')) {
+// Generate list of companies
+if (GETPOST('newcompany') || GETPOST('socid', 'int') || GETPOST('id_fourn', 'int')) {
$return_arr = array();
// Define filter on text typed
- $socid = $_GET['newcompany'] ? $_GET['newcompany'] : '';
+ $socid = GETPOST('newcompany');
if (!$socid) {
- $socid = $_GET['socid'] ? $_GET['socid'] : '';
+ $socid = GETPOST('socid', 'int');
}
if (!$socid) {
- $socid = $_GET['id_fourn'] ? $_GET['id_fourn'] : '';
+ $socid = GETPOST('id_fourn', 'int');
}
$sql = "SELECT rowid, nom";
@@ -90,7 +103,7 @@ if (GETPOST('newcompany') || GETPOST('socid', 'int') || GETPOST('id_fourn')) {
$sql .= " OR code_fournisseur LIKE '%".$db->escape($socid)."%'";
}
if (!empty($conf->global->SOCIETE_ALLOW_SEARCH_ON_ROWID)) {
- $sql .= " OR rowid = '".$db->escape($socid)."'";
+ $sql .= " OR rowid = ".((int) $socid);
}
$sql .= ")";
}
diff --git a/htdocs/societe/ajax/company.php b/htdocs/societe/ajax/company.php
index 57edbcebc1d..76151bccb97 100644
--- a/htdocs/societe/ajax/company.php
+++ b/htdocs/societe/ajax/company.php
@@ -42,6 +42,7 @@ if (!defined('NOCSRFCHECK')) {
}
require '../../main.inc.php';
+require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
$htmlname = GETPOST('htmlname', 'alpha');
$filter = GETPOST('filter', 'alpha');
@@ -51,14 +52,25 @@ $id = GETPOST('id', 'int');
$excludeids = GETPOST('excludeids', 'intcomma');
$showtype = GETPOST('showtype', 'int');
+$object = new Societe($db);
+if ($id > 0) {
+ $object->fetch($id);
+}
+
+// Security check
+if ($user->socid > 0) {
+ unset($action);
+ $socid = $user->socid;
+ $object->id = $socid;
+}
+restrictedArea($user, 'societe', $object->id, '&societe');
+
/*
* View
*/
//print ''."\n";
-
-dol_syslog(join(',', $_GET));
//print_r($_GET);
if (!empty($action) && $action == 'fetch' && !empty($id)) {
@@ -66,9 +78,7 @@ if (!empty($action) && $action == 'fetch' && !empty($id)) {
$outjson = array();
- $object = new Societe($db);
- $ret = $object->fetch($id);
- if ($ret > 0) {
+ if ($object->id > 0) {
$outref = $object->ref;
$outname = $object->name;
$outdesc = '';
@@ -89,12 +99,16 @@ if (!empty($action) && $action == 'fetch' && !empty($id)) {
return;
}
+ // Filter on the company to search can be:
+ // Into an array with key $htmlname123 (we take first one found). Which page use this ?
+ // Into a var with name $htmlname can be 'prodid', 'productid', ...
$match = preg_grep('/('.$htmlname.'[0-9]+)/', array_keys($_GET));
sort($match);
- $id = (!empty($match[0]) ? $match[0] : '');
+
+ $id = (!empty($match[0]) ? $match[0] : ''); // Take first key found into GET array with matching $htmlname123
// When used from jQuery, the search term is added as GET param "term".
- $searchkey = (($id && GETPOST($id, 'alpha')) ?GETPOST($id, 'alpha') : (($htmlname && GETPOST($htmlname, 'alpha')) ?GETPOST($htmlname, 'alpha') : ''));
+ $searchkey = (($id && GETPOST($id, 'alpha')) ? GETPOST($id, 'alpha') : (($htmlname && GETPOST($htmlname, 'alpha')) ?GETPOST($htmlname, 'alpha') : ''));
if (!$searchkey) {
return;
diff --git a/htdocs/societe/ajaxcountries.php b/htdocs/societe/ajaxcountries.php
deleted file mode 100644
index a4efc4ecc94..00000000000
--- a/htdocs/societe/ajaxcountries.php
+++ /dev/null
@@ -1,86 +0,0 @@
-
- * Copyright (C) 2005-2009 Regis Houssin
- * Copyright (C) 2013 Laurent Destailleur
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see ';
- while ($country = $db->fetch_object($resql)) {
- print '';
- // Si traduction existe, on l'utilise, sinon on prend le libellé par défaut
- print ($country->code && $langs->trans("Country".$country->code) != "Country".$country->code ? $langs->trans("Country".$country->code) : ($country->label != '-' ? $country->label : ' '));
- print ''.$country->rowid.'-idcache ';
- print ' ';
- }
- print ' ';
- }
-}
diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php
index fd4fde95243..68efa8e694c 100644
--- a/htdocs/societe/card.php
+++ b/htdocs/societe/card.php
@@ -117,6 +117,13 @@ if (!empty($canvas)) {
$objcanvas->getCanvas('thirdparty', 'card', $canvas);
}
+$permissiontoread = $user->rights->societe->lire;
+$permissiontoadd = $user->rights->societe->creer; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
+$permissiontodelete = $user->rights->societe->supprimer || ($permissiontoadd && isset($object->status) && $object->status == 0);
+$permissionnote = $user->rights->societe->creer; // Used by the include of actions_setnotes.inc.php
+$permissiondellink = $user->rights->societe->creer; // Used by the include of actions_dellink.inc.php
+$upload_dir = $conf->societe->multidir_output[isset($object->entity) ? $object->entity : 1];
+
// Security check
$result = restrictedArea($user, 'societe', $socid, '&societe', '', 'fk_soc', 'rowid', 0);
@@ -130,12 +137,6 @@ if ($object->id > 0) {
}
*/
-$permissiontoread = $user->rights->societe->lire;
-$permissiontoadd = $user->rights->societe->creer; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
-$permissiontodelete = $user->rights->societe->supprimer || ($permissiontoadd && isset($object->status) && $object->status == 0);
-$permissionnote = $user->rights->societe->creer; // Used by the include of actions_setnotes.inc.php
-$permissiondellink = $user->rights->societe->creer; // Used by the include of actions_dellink.inc.php
-$upload_dir = $conf->societe->multidir_output[isset($object->entity) ? $object->entity : 1];
/*
@@ -792,7 +793,7 @@ if (empty($reshook)) {
// Update linked member
if (!$error && $object->fk_soc > 0) {
$sql = "UPDATE ".MAIN_DB_PREFIX."adherent";
- $sql .= " SET fk_soc = NULL WHERE fk_soc = ".$id;
+ $sql .= " SET fk_soc = NULL WHERE fk_soc = ".((int) $socid);
if (!$object->db->query($sql)) {
$error++;
$object->error .= $object->db->lasterror();
diff --git a/htdocs/societe/class/api_thirdparties.class.php b/htdocs/societe/class/api_thirdparties.class.php
index ddc9fa41fdb..f5eae0be948 100644
--- a/htdocs/societe/class/api_thirdparties.class.php
+++ b/htdocs/societe/class/api_thirdparties.class.php
@@ -575,7 +575,7 @@ class Thirdparties extends DolibarrApi
throw new RestException(401, 'Access to thirdparty '.$id.' not allowed for login '.DolibarrApiAccess::$user->login);
}
- $result = $this->company->set_price_level($priceLevel, DolibarrApiAccess::$user);
+ $result = $this->company->setPriceLevel($priceLevel, DolibarrApiAccess::$user);
if ($result <= 0) {
throw new RestException(500, 'Error setting new price level for thirdparty '.$id, array($this->company->db->lasterror()));
}
@@ -1017,7 +1017,7 @@ class Thirdparties extends DolibarrApi
$sql = "SELECT f.ref, f.type as factype, re.fk_facture_source, re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc, re.description, re.fk_facture, re.fk_facture_line";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re, ".MAIN_DB_PREFIX."facture as f";
- $sql .= " WHERE f.rowid = re.fk_facture_source AND re.fk_soc = ".$id;
+ $sql .= " WHERE f.rowid = re.fk_facture_source AND re.fk_soc = ".((int) $id);
if ($filter == "available") {
$sql .= " AND re.fk_facture IS NULL AND re.fk_facture_line IS NULL";
}
@@ -1155,7 +1155,7 @@ class Thirdparties extends DolibarrApi
$sql .= " owner_address, default_rib, label, datec, tms as datem, rum, frstrecur";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_rib";
if ($id) {
- $sql .= " WHERE fk_soc = ".$id." ";
+ $sql .= " WHERE fk_soc = ".((int) $id);
}
@@ -1505,7 +1505,7 @@ class Thirdparties extends DolibarrApi
throw new RestException(422, 'Unprocessable Entity: You must pass the site attribute in your request data !');
}
- $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$this->db->escape($request_data['site'])."'";
+ $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id)." AND site = '".$this->db->escape($request_data['site'])."'";
$result = $this->db->query($sql);
if ($result && $this->db->num_rows($result) == 0) {
@@ -1585,7 +1585,7 @@ class Thirdparties extends DolibarrApi
// We found an existing SocieteAccount entity, we are replacing it
} else {
if (isset($request_data['site']) && $request_data['site'] !== $site) {
- $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$this->db->escape($request_data['site'])."' ";
+ $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id)." AND site = '".$this->db->escape($request_data['site'])."' ";
$result = $this->db->query($sql);
if ($result && $this->db->num_rows($result) !== 0) {
@@ -1649,7 +1649,7 @@ class Thirdparties extends DolibarrApi
} else {
// If the user tries to edit the site member, we check first if
if (isset($request_data['site']) && $request_data['site'] !== $site) {
- $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$this->db->escape($request_data['site'])."' ";
+ $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id)." AND site = '".$this->db->escape($request_data['site'])."' ";
$result = $this->db->query($sql);
if ($result && $this->db->num_rows($result) !== 0) {
@@ -1733,7 +1733,7 @@ class Thirdparties extends DolibarrApi
*/
$sql = "SELECT rowid, fk_soc, key_account, site, date_creation, tms";
- $sql .= " FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id;
+ $sql .= " FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id);
$result = $this->db->query($sql);
diff --git a/htdocs/societe/class/client.class.php b/htdocs/societe/class/client.class.php
index 6b09d88ac71..eefb71b6772 100644
--- a/htdocs/societe/class/client.class.php
+++ b/htdocs/societe/class/client.class.php
@@ -104,7 +104,7 @@ class Client extends Societe
$sql = "SELECT id, code, libelle as label, picto FROM ".MAIN_DB_PREFIX."c_stcomm";
if ($active >= 0) {
- $sql .= " WHERE active = ".$active;
+ $sql .= " WHERE active = ".((int) $active);
}
$resql = $this->db->query($sql);
$num = $this->db->num_rows($resql);
diff --git a/htdocs/societe/class/companybankaccount.class.php b/htdocs/societe/class/companybankaccount.class.php
index c611ccab462..3e410019b22 100644
--- a/htdocs/societe/class/companybankaccount.class.php
+++ b/htdocs/societe/class/companybankaccount.class.php
@@ -217,12 +217,12 @@ class CompanyBankAccount extends Account
$sql .= " WHERE rowid = ".((int) $id);
}
if ($socid) {
- $sql .= " WHERE fk_soc = ".$socid;
+ $sql .= " WHERE fk_soc = ".((int) $socid);
if ($default > -1) {
- $sql .= " AND default_rib = ".$this->db->escape($default);
+ $sql .= " AND default_rib = ".((int) $default);
}
if ($type) {
- $sql .= " AND type ='".$this->db->escape($type)."'";
+ $sql .= " AND type = '".$this->db->escape($type)."'";
}
}
@@ -351,12 +351,12 @@ class CompanyBankAccount extends Account
$this->db->begin();
$sql2 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 0";
- $sql2 .= " WHERE type = 'ban' AND fk_soc = ".$obj->fk_soc;
+ $sql2 .= " WHERE type = 'ban' AND fk_soc = ".((int) $obj->fk_soc);
dol_syslog(get_class($this).'::setAsDefault', LOG_DEBUG);
$result2 = $this->db->query($sql2);
$sql3 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 1";
- $sql3 .= " WHERE rowid = ".$obj->id;
+ $sql3 .= " WHERE rowid = ".((int) $obj->id);
dol_syslog(get_class($this).'::setAsDefault', LOG_DEBUG);
$result3 = $this->db->query($sql3);
diff --git a/htdocs/societe/class/companypaymentmode.class.php b/htdocs/societe/class/companypaymentmode.class.php
index db19840fd8e..1f11e6a29c3 100644
--- a/htdocs/societe/class/companypaymentmode.class.php
+++ b/htdocs/societe/class/companypaymentmode.class.php
@@ -318,7 +318,7 @@ class CompanyPaymentMode extends CommonObject
public function fetch($id, $ref = null, $socid = 0, $type = '', $morewhere = '')
{
if ($socid) {
- $morewhere .= " AND fk_soc = ".$this->db->escape($socid)." AND default_rib = 1";
+ $morewhere .= " AND fk_soc = ".((int) $socid)." AND default_rib = 1";
}
if ($type) {
$morewhere .= " AND type = '".$this->db->escape($type)."'";
@@ -464,7 +464,7 @@ class CompanyPaymentMode extends CommonObject
$this->db->begin();
$sql2 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 0, tms = tms";
- $sql2 .= " WHERE default_rib <> 0 AND fk_soc = ".$obj->fk_soc;
+ $sql2 .= " WHERE default_rib <> 0 AND fk_soc = ".((int) $obj->fk_soc);
if ($type) {
$sql2 .= " AND type = '".$this->db->escape($type)."'";
}
@@ -472,7 +472,7 @@ class CompanyPaymentMode extends CommonObject
$result2 = $this->db->query($sql2);
$sql3 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 1";
- $sql3 .= " WHERE rowid = ".$obj->id;
+ $sql3 .= " WHERE rowid = ".((int) $obj->id);
if ($type) {
$sql3 .= " AND type = '".$this->db->escape($type)."'";
}
diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php
index c141290d9e9..9d449922dd2 100644
--- a/htdocs/societe/class/societe.class.php
+++ b/htdocs/societe/class/societe.class.php
@@ -868,6 +868,7 @@ class Societe extends CommonObject
$sql .= ", name_alias";
$sql .= ", entity";
$sql .= ", datec";
+ $sql .= ", fk_typent";
$sql .= ", fk_user_creat";
$sql .= ", canvas";
$sql .= ", status";
@@ -882,6 +883,7 @@ class Societe extends CommonObject
$sql .= ", accountancy_code_sell";
$sql .= ") VALUES ('".$this->db->escape($this->name)."', '".$this->db->escape($this->name_alias)."', ".$this->db->escape($this->entity).", '".$this->db->idate($now)."'";
$sql .= ", ".(!empty($user->id) ? ((int) $user->id) : "null");
+ $sql .= ", ".(!empty($this->typent_id) ? ((int) $this->typent_id) : "null");
$sql .= ", ".(!empty($this->canvas) ? "'".$this->db->escape($this->canvas)."'" : "null");
$sql .= ", ".$this->status;
$sql .= ", ".(!empty($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : "null");
@@ -958,7 +960,7 @@ class Societe extends CommonObject
* @param array $tags Array of tag to affect to contact
* @return int <0 if KO, >0 if OK
*/
- public function create_individual(User $user, $no_email, $tags = array())
+ public function create_individual(User $user, $no_email = 0, $tags = array())
{
global $conf;
@@ -1619,7 +1621,7 @@ class Societe extends CommonObject
$sql .= ' WHERE s.entity IN ('.getEntity($this->element).')';
if ($rowid) {
- $sql .= ' AND s.rowid = '.$rowid;
+ $sql .= ' AND s.rowid = '.((int) $rowid);
}
if ($ref) {
$sql .= " AND s.nom = '".$this->db->escape($ref)."'";
@@ -1905,7 +1907,7 @@ class Societe extends CommonObject
}
} else {
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete;
- $sql .= " WHERE fk_soc = ".$id;
+ $sql .= " WHERE fk_soc = ".((int) $id);
if (!$this->db->query($sql)) {
$error++;
$this->errors[] = $this->db->lasterror();
@@ -1928,7 +1930,7 @@ class Societe extends CommonObject
if (!$error) {
$sql = "UPDATE ".MAIN_DB_PREFIX."societe";
$sql .= " SET parent = NULL";
- $sql .= " WHERE parent = ".$id;
+ $sql .= " WHERE parent = ".((int) $id);
if (!$this->db->query($sql)) {
$error++;
$this->errors[] = $this->db->lasterror();
@@ -1983,7 +1985,7 @@ class Societe extends CommonObject
$newclient = 3; //If prospect, we keep prospect tag
}
$sql = "UPDATE ".MAIN_DB_PREFIX."societe";
- $sql .= " SET client = ".$newclient;
+ $sql .= " SET client = ".((int) $newclient);
$sql .= " WHERE rowid = ".$this->id;
$resql = $this->db->query($sql);
@@ -2270,7 +2272,6 @@ class Societe extends CommonObject
}
}
- // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
/**
* Set the price level
*
@@ -2278,15 +2279,14 @@ class Societe extends CommonObject
* @param User $user Use making change
* @return int <0 if KO, >0 if OK
*/
- public function set_price_level($price_level, User $user)
+ public function setPriceLevel($price_level, User $user)
{
- // phpcs:enable
if ($this->id) {
$now = dol_now();
$sql = "UPDATE ".MAIN_DB_PREFIX."societe";
- $sql .= " SET price_level = '".$this->db->escape($price_level)."'";
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " SET price_level = ".((int) $price_level);
+ $sql .= " WHERE rowid = ".((int) $this->id);
if (!$this->db->query($sql)) {
dol_print_error($this->db);
@@ -2295,7 +2295,7 @@ class Societe extends CommonObject
$sql = "INSERT INTO ".MAIN_DB_PREFIX."societe_prices";
$sql .= " (datec, fk_soc, price_level, fk_user_author)";
- $sql .= " VALUES ('".$this->db->idate($now)."', ".$this->id.", '".$this->db->escape($price_level)."', ".$user->id.")";
+ $sql .= " VALUES ('".$this->db->idate($now)."', ".$this->id.", ".((int) $price_level).", ".$user->id.")";
if (!$this->db->query($sql)) {
dol_print_error($this->db);
@@ -2324,7 +2324,7 @@ class Societe extends CommonObject
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_commerciaux";
- $sql .= " WHERE fk_soc = ".$this->id." AND fk_user =".$commid;
+ $sql .= " WHERE fk_soc = ".$this->id." AND fk_user = ".((int) $commid);
$resql = $this->db->query($sql);
if (!$resql) {
@@ -2387,7 +2387,7 @@ class Societe extends CommonObject
if ($this->id > 0 && $commid > 0) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_commerciaux ";
- $sql .= " WHERE fk_soc = ".$this->id." AND fk_user =".$commid;
+ $sql .= " WHERE fk_soc = ".$this->id." AND fk_user = ".((int) $commid);
if (!$this->db->query($sql)) {
dol_syslog(get_class($this)."::del_commercial Erreur");
@@ -3793,11 +3793,14 @@ class Societe extends CommonObject
$this->client = 1; // A member is a customer by default
$this->code_client = ($customercode ? $customercode : -1);
$this->code_fournisseur = -1;
+ $this->typent_code = ($member->morphy == 'phy' ? 'TE_PRIVATE' : 0);
+ $this->typent_id = $this->typent_code ? dol_getIdFromCode($this->db, $this->typent_code, 'c_typent', 'id', 'code') : 0;
$this->db->begin();
// Cree et positionne $this->id
$result = $this->create($user);
+
if ($result >= 0) {
// Auto-create contact on thirdparty creation
if (!empty($conf->global->THIRDPARTY_DEFAULT_CREATE_CONTACT)) {
@@ -3808,6 +3811,7 @@ class Societe extends CommonObject
dol_syslog("We ask to create a contact/address too", LOG_DEBUG);
$result = $this->create_individual($user);
+
if ($result < 0) {
setEventMessages($this->error, $this->errors, 'errors');
$this->db->rollback();
@@ -4614,7 +4618,7 @@ class Societe extends CommonObject
$resql = $db->query($sql);
while ($obj = $db->fetch_object($resql)) {
- $db->query('DELETE FROM '.MAIN_DB_PREFIX.'societe_commerciaux WHERE rowid = '.$obj->rowid);
+ $db->query('DELETE FROM '.MAIN_DB_PREFIX.'societe_commerciaux WHERE rowid = '.((int) $obj->rowid));
}
/**
diff --git a/htdocs/societe/class/societeaccount.class.php b/htdocs/societe/class/societeaccount.class.php
index 5be05d99a56..8fbbbbcee6e 100644
--- a/htdocs/societe/class/societeaccount.class.php
+++ b/htdocs/societe/class/societeaccount.class.php
@@ -284,7 +284,7 @@ class SocieteAccount extends CommonObject
{
$sql = "SELECT sa.key_account as key_account, sa.entity";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_account as sa";
- $sql .= " WHERE sa.fk_soc = ".$id;
+ $sql .= " WHERE sa.fk_soc = ".((int) $id);
$sql .= " AND sa.entity IN (".getEntity('societe').")";
$sql .= " AND sa.site = '".$this->db->escape($site)."' AND sa.status = ".((int) $status);
$sql .= " AND sa.key_account IS NOT NULL AND sa.key_account <> ''";
diff --git a/htdocs/societe/consumption.php b/htdocs/societe/consumption.php
index a7ef895041e..3190ad5e64e 100644
--- a/htdocs/societe/consumption.php
+++ b/htdocs/societe/consumption.php
@@ -146,7 +146,7 @@ if ($object->client) {
print ' ('.$langs->trans("WrongCustomerCode").') ';
}
print ' ';
- $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".$socid;
+ $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".((int) $socid);
$resql = $db->query($sql);
if (!$resql) {
dol_print_error($db);
@@ -183,7 +183,7 @@ if ($object->fournisseur) {
print '
('.$langs->trans("WrongSupplierCode").') ';
}
print '';
- $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."commande_fournisseur where fk_soc = ".$socid;
+ $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."commande_fournisseur where fk_soc = ".((int) $socid);
$resql = $db->query($sql);
if (!$resql) {
dol_print_error($db);
@@ -229,7 +229,7 @@ if ($type_element == 'fichinter') { // Customer : show products from invoices
$documentstatic = new Fichinter($db);
$sql_select = 'SELECT f.rowid as doc_id, f.ref as doc_number, \'1\' as doc_type, f.datec as dateprint, f.fk_statut as status, ';
$tables_from = MAIN_DB_PREFIX."fichinter as f LEFT JOIN ".MAIN_DB_PREFIX."fichinterdet as d ON d.fk_fichinter = f.rowid"; // Must use left join to work also with option that disable usage of lines.
- $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".$socid;
+ $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $socid);
$where .= " AND f.entity = ".$conf->entity;
$dateprint = 'f.datec';
$doc_number = 'f.ref';
@@ -239,7 +239,7 @@ if ($type_element == 'invoice') { // Customer : show products from invoices
$documentstatic = new Facture($db);
$sql_select = 'SELECT f.rowid as doc_id, f.ref as doc_number, f.type as doc_type, f.datef as dateprint, f.fk_statut as status, f.paye as paid, ';
$tables_from = MAIN_DB_PREFIX."facture as f,".MAIN_DB_PREFIX."facturedet as d";
- $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".$socid;
+ $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $socid);
$where .= " AND d.fk_facture = f.rowid";
$where .= " AND f.entity IN (".getEntity('invoice').")";
$dateprint = 'f.datef';
@@ -251,7 +251,7 @@ if ($type_element == 'propal') {
$documentstatic = new Propal($db);
$sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.datep as dateprint, c.fk_statut as status, ';
$tables_from = MAIN_DB_PREFIX."propal as c,".MAIN_DB_PREFIX."propaldet as d";
- $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid;
+ $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid);
$where .= " AND d.fk_propal = c.rowid";
$where .= " AND c.entity = ".$conf->entity;
$datePrint = 'c.datep';
@@ -263,7 +263,7 @@ if ($type_element == 'order') {
$documentstatic = new Commande($db);
$sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_commande as dateprint, c.fk_statut as status, ';
$tables_from = MAIN_DB_PREFIX."commande as c,".MAIN_DB_PREFIX."commandedet as d";
- $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid;
+ $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid);
$where .= " AND d.fk_commande = c.rowid";
$where .= " AND c.entity = ".$conf->entity;
$dateprint = 'c.date_commande';
@@ -275,7 +275,7 @@ if ($type_element == 'supplier_invoice') { // Supplier : Show products from inv
$documentstatic = new FactureFournisseur($db);
$sql_select = 'SELECT f.rowid as doc_id, f.ref as doc_number, \'1\' as doc_type, f.datef as dateprint, f.fk_statut as status, f.paye as paid, ';
$tables_from = MAIN_DB_PREFIX."facture_fourn as f,".MAIN_DB_PREFIX."facture_fourn_det as d";
- $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".$socid;
+ $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $socid);
$where .= " AND d.fk_facture_fourn = f.rowid";
$where .= " AND f.entity = ".$conf->entity;
$dateprint = 'f.datef';
@@ -287,7 +287,7 @@ if ($type_element == 'supplier_proposal') {
$documentstatic = new SupplierProposal($db);
$sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_valid as dateprint, c.fk_statut as status, ';
$tables_from = MAIN_DB_PREFIX."supplier_proposal as c,".MAIN_DB_PREFIX."supplier_proposaldet as d";
- $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid;
+ $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid);
$where .= " AND d.fk_supplier_proposal = c.rowid";
$where .= " AND c.entity = ".$conf->entity;
$dateprint = 'c.date_valid';
@@ -299,7 +299,7 @@ if ($type_element == 'supplier_order') { // Supplier : Show products from order
$documentstatic = new CommandeFournisseur($db);
$sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_valid as dateprint, c.fk_statut as status, ';
$tables_from = MAIN_DB_PREFIX."commande_fournisseur as c,".MAIN_DB_PREFIX."commande_fournisseurdet as d";
- $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid;
+ $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid);
$where .= " AND d.fk_commande = c.rowid";
$where .= " AND c.entity = ".$conf->entity;
$dateprint = 'c.date_valid';
@@ -312,7 +312,7 @@ if ($type_element == 'contract') { // Order
$documentstaticline = new ContratLigne($db);
$sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_contrat as dateprint, d.statut as status, ';
$tables_from = MAIN_DB_PREFIX."contrat as c,".MAIN_DB_PREFIX."contratdet as d";
- $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid;
+ $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid);
$where .= " AND d.fk_contrat = c.rowid";
$where .= " AND c.entity = ".$conf->entity;
$dateprint = 'c.date_valid';
diff --git a/htdocs/societe/document.php b/htdocs/societe/document.php
index 600cb03af1a..746d1c403c7 100644
--- a/htdocs/societe/document.php
+++ b/htdocs/societe/document.php
@@ -39,13 +39,6 @@ $confirm = GETPOST('confirm');
$id = (GETPOST('socid', 'int') ? GETPOST('socid', 'int') : GETPOST('id', 'int'));
$ref = GETPOST('ref', 'alpha');
-// Security check
-if ($user->socid > 0) {
- unset($action);
- $socid = $user->socid;
-}
-$result = restrictedArea($user, 'societe', $id, '&societe');
-
// Get parameters
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
@@ -84,6 +77,13 @@ if ($id > 0 || !empty($ref)) {
$hookmanager->initHooks(array('thirdpartydocument', 'globalcard'));
+// Security check
+if ($user->socid > 0) {
+ unset($action);
+ $socid = $user->socid;
+}
+$result = restrictedArea($user, 'societe', $object->id, '&societe');
+
/*
* Actions
diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php
index 74a04f34858..ef2fbccf490 100644
--- a/htdocs/societe/list.php
+++ b/htdocs/societe/list.php
@@ -463,7 +463,7 @@ $sql .= " country.code as country_code, country.label as country_label,";
$sql .= " state.code_departement as state_code, state.nom as state_name,";
$sql .= " region.code_region as region_code, region.nom as region_name";
// We'll need these fields in order to filter by sale (including the case where the user can only see his prospects)
-if ($search_sale) {
+if ($search_sale && $search_sale != '-1') {
$sql .= ", sc.fk_soc, sc.fk_user";
}
// We'll need these fields in order to filter by categ
@@ -505,7 +505,7 @@ $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX."c_stcomm as st ON s.fk_stcomm = st.id";
if ($search_sale == -2) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
//elseif ($search_sale || (empty($user->rights->societe->client->voir) && (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || empty($user->rights->societe->client->readallthirdparties_advance)) && !$socid)) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
-} elseif ($search_sale || (empty($user->rights->societe->client->voir) && !$socid)) {
+} elseif (!empty($search_sale) && $search_sale != '-1' || (empty($user->rights->societe->client->voir) && !$socid)) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE s.entity IN (".getEntity('societe').")";
@@ -513,7 +513,7 @@ $sql .= " WHERE s.entity IN (".getEntity('societe').")";
if (empty($user->rights->societe->client->voir) && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
-if ($search_sale && $search_sale != -2) {
+if ($search_sale && $search_sale != '-1' && $search_sale != '-2') {
$sql .= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
}
if (!$user->rights->fournisseur->lire) {
diff --git a/htdocs/societe/note.php b/htdocs/societe/note.php
index 22f235df7de..2ebe97848f2 100644
--- a/htdocs/societe/note.php
+++ b/htdocs/societe/note.php
@@ -33,12 +33,7 @@ $action = GETPOST('action', 'aZ09');
$langs->load("companies");
-// Security check
$id = GETPOST('id') ?GETPOST('id', 'int') : GETPOST('socid', 'int');
-if ($user->socid) {
- $id = $user->socid;
-}
-$result = restrictedArea($user, 'societe', $id, '&societe');
$object = new Societe($db);
if ($id > 0) {
@@ -50,6 +45,13 @@ $permissionnote = $user->rights->societe->creer; // Used by the include of actio
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('thirdpartynote', 'globalcard'));
+// Security check
+if ($user->socid > 0) {
+ unset($action);
+ $socid = $user->socid;
+}
+$result = restrictedArea($user, 'societe', $object->id, '&societe');
+
/*
* Actions
diff --git a/htdocs/societe/paymentmodes.php b/htdocs/societe/paymentmodes.php
index 8c321b1386d..dc8d95ef42f 100644
--- a/htdocs/societe/paymentmodes.php
+++ b/htdocs/societe/paymentmodes.php
@@ -517,10 +517,10 @@ if (empty($reshook)) {
$db->begin();
if (empty($newcu)) {
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_account WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".$servicestatus." AND entity = ".$conf->entity;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_account WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity;
} else {
$sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX."societe_account";
- $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".$servicestatus." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified !
+ $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified !
}
$resql = $db->query($sql);
@@ -542,7 +542,7 @@ if (empty($reshook)) {
} else {
$sql = 'UPDATE '.MAIN_DB_PREFIX."societe_account";
$sql .= " SET key_account = '".$db->escape(GETPOST('key_account', 'alpha'))."', site_account = '".$db->escape($site_account)."'";
- $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".$servicestatus." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified !
+ $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified !
$resql = $db->query($sql);
}
}
@@ -761,7 +761,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
print '
('.$langs->trans("WrongCustomerCode").') ';
}
print '';
- $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".$socid;
+ $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".((int) $socid);
$resql = $db->query($sql);
if (!$resql) {
dol_print_error($db);
@@ -823,7 +823,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
print '
('.$langs->trans("WrongSupplierCode").') ';
}
print '';
- $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".$socid;
+ $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".((int) $socid);
$resql = $db->query($sql);
if (!$resql) {
dol_print_error($db);
diff --git a/htdocs/societe/societecontact.php b/htdocs/societe/societecontact.php
index 449fd9d7811..2a6dd2176df 100644
--- a/htdocs/societe/societecontact.php
+++ b/htdocs/societe/societecontact.php
@@ -95,14 +95,14 @@ if ($action == 'addcontact' && $user->rights->societe->creer) {
} elseif ($action == 'swapstatut' && $user->rights->societe->creer) {
// bascule du statut d'un contact
if ($object->fetch($id)) {
- $result = $object->swapContactStatus(GETPOST('ligne'));
+ $result = $object->swapContactStatus(GETPOST('ligne', 'int'));
} else {
dol_print_error($db);
}
} elseif ($action == 'deletecontact' && $user->rights->societe->creer) {
// Efface un contact
$object->fetch($id);
- $result = $object->delete_contact($_GET["lineid"]);
+ $result = $object->delete_contact(GETPOST("lineid", 'int'));
if ($result >= 0) {
header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id);
@@ -227,7 +227,7 @@ if ($id > 0 || !empty($ref)) {
$sql .= " t.libelle as type, t.subscription";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent as d";
$sql .= ", ".MAIN_DB_PREFIX."adherent_type as t";
- $sql .= " WHERE d.fk_soc = ".$id;
+ $sql .= " WHERE d.fk_soc = ".((int) $id);
$sql .= " AND d.fk_adherent_type = t.rowid";
dol_syslog("get list sql=".$sql);
diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php
index 158829ea425..0320a663ea8 100644
--- a/htdocs/supplier_proposal/class/supplier_proposal.class.php
+++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php
@@ -1541,13 +1541,13 @@ class SupplierProposal extends CommonObject
$remise = trim($remise) ?trim($remise) : 0;
if (!empty($user->rights->supplier_proposal->creer)) {
- $remise = price2num($remise);
+ $remise = price2num($remise, 2);
- $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal SET remise_percent = ".$remise;
+ $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal SET remise_percent = ".((float) $remise);
$sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0";
if ($this->db->query($sql)) {
- $this->remise_percent = $remise;
+ $this->remise_percent = ((float) $remise);
$this->update_price(1);
return 1;
} else {
@@ -1569,13 +1569,15 @@ class SupplierProposal extends CommonObject
public function set_remise_absolue($user, $remise)
{
// phpcs:enable
- $remise = trim($remise) ?trim($remise) : 0;
+ if (empty($remise)) {
+ $remise = 0;
+ }
+
+ $remise = price2num($remise);
if (!empty($user->rights->supplier_proposal->creer)) {
- $remise = price2num($remise);
-
$sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal ";
- $sql .= " SET remise_absolue = ".$remise;
+ $sql .= " SET remise_absolue = ".((float) $remise);
$sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0";
if ($this->db->query($sql)) {
@@ -1608,7 +1610,7 @@ class SupplierProposal extends CommonObject
$error = 0;
$sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal";
- $sql .= " SET fk_statut = ".$this->statut.",";
+ $sql .= " SET fk_statut = ".((int) $this->statut).",";
if (!empty($note)) {
$sql .= " note_private = '".$this->db->escape($note)."',";
}
@@ -1669,7 +1671,7 @@ class SupplierProposal extends CommonObject
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal";
- $sql .= " SET fk_statut = ".$status.", note_private = '".$this->db->escape($note)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id;
+ $sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($note)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id;
$sql .= " WHERE rowid = ".$this->id;
$resql = $this->db->query($sql);
@@ -1775,7 +1777,7 @@ class SupplierProposal extends CommonObject
$price = price2num($product->subprice * $product->qty, 'MU');
$unitPrice = price2num($product->subprice, 'MU');
- $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_fournisseur_price SET '.(!empty($product->ref_fourn) ? 'ref_fourn = "'.$product->ref_fourn.'", ' : '').' price ='.$price.', unitprice ='.$unitPrice.' WHERE rowid = '.$idProductFournPrice;
+ $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_fournisseur_price SET '.(!empty($product->ref_fourn) ? 'ref_fourn = "'.$this->db->escape($product->ref_fourn).'", ' : '').' price ='.((float) $price).', unitprice ='.((float) $unitPrice).' WHERE rowid = '.((int) $idProductFournPrice);
$resql = $this->db->query($sql);
if (!$resql) {
@@ -2852,7 +2854,7 @@ class SupplierProposalLine extends CommonObjectLine
$sql .= ' pd.fk_multicurrency, pd.multicurrency_code, pd.multicurrency_subprice, pd.multicurrency_total_ht, pd.multicurrency_total_tva, pd.multicurrency_total_ttc, pd.fk_unit';
$sql .= ' FROM '.MAIN_DB_PREFIX.'supplier_proposaldet as pd';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON pd.fk_product = p.rowid';
- $sql .= ' WHERE pd.rowid = '.$rowid;
+ $sql .= ' WHERE pd.rowid = '.((int) $rowid);
$result = $this->db->query($sql);
if ($result) {
diff --git a/htdocs/supplier_proposal/contact.php b/htdocs/supplier_proposal/contact.php
index d106ce0506f..3125f81bc01 100644
--- a/htdocs/supplier_proposal/contact.php
+++ b/htdocs/supplier_proposal/contact.php
@@ -58,7 +58,8 @@ if ($action == 'addcontact' && $permissiontoedit) {
if ($result > 0 && $id > 0) {
$contactid = (GETPOST('userid') ? GETPOST('userid') : GETPOST('contactid'));
- $result = $object->add_contact($contactid, GETPOST("type"), GETPOST("source"));
+ $typeid = (GETPOST('typecontact') ? GETPOST('typecontact') : GETPOST('type'));
+ $result = $object->add_contact($contactid, $typeid, GETPOST("source"));
}
if ($result >= 0) {
@@ -75,7 +76,7 @@ if ($action == 'addcontact' && $permissiontoedit) {
} elseif ($action == 'swapstatut' && $permissiontoedit) {
// Toggle the status of a contact
if ($object->fetch($id)) {
- $result = $object->swapContactStatus(GETPOST('ligne'));
+ $result = $object->swapContactStatus(GETPOST('ligne', 'int'));
} else {
dol_print_error($db);
}
diff --git a/htdocs/takepos/receipt.php b/htdocs/takepos/receipt.php
index dd895eb4265..e9d721a44e3 100644
--- a/htdocs/takepos/receipt.php
+++ b/htdocs/takepos/receipt.php
@@ -260,7 +260,7 @@ if ($conf->global->TAKEPOS_PRINT_PAYMENT_METHOD) {
$sql .= " cp.code";
$sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."paiement as p";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id";
- $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".$facid;
+ $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".((int) $facid);
$sql .= " ORDER BY p.datep";
$resql = $db->query($sql);
if ($resql) {
diff --git a/htdocs/theme/eldy/btn.inc.php b/htdocs/theme/eldy/btn.inc.php
index d5d21a0d439..3e3ab1d3b01 100644
--- a/htdocs/theme/eldy/btn.inc.php
+++ b/htdocs/theme/eldy/btn.inc.php
@@ -72,7 +72,7 @@ span.butAction, span.butActionDelete {
border-radius: 3px;
}
.butActionRefused:last-child, .butAction:last-child, .butActionDelete:last-child {
- margin-right: 0px !important;
+ margin-: 0px !important;
}
.butActionRefused, .butAction, .butAction:link, .butAction:visited, .butAction:hover, .butAction:active, .butActionDelete, .butActionDelete:link, .butActionDelete:visited, .butActionDelete:hover, .butActionDelete:active {
text-decoration: none;
diff --git a/htdocs/theme/eldy/dropdown.inc.php b/htdocs/theme/eldy/dropdown.inc.php
index 871ee5aa68c..e0976e0e1db 100644
--- a/htdocs/theme/eldy/dropdown.inc.php
+++ b/htdocs/theme/eldy/dropdown.inc.php
@@ -277,14 +277,14 @@ a.top-menu-dropdown-link {
text-decoration: none;
}
-#topmenuloginmoreinfo-btn{
+#topmenuloginmoreinfo-btn, #topmenulogincompanyinfo-btn {
display: block;
text-aling: right;
color:#666;
cursor: pointer;
}
-#topmenuloginmoreinfo{
+#topmenuloginmoreinfo, #topmenulogincompanyinfo {
display: none;
clear: both;
font-size: 0.95em;
diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php
index fc3addd6742..5500de16650 100644
--- a/htdocs/theme/eldy/global.inc.php
+++ b/htdocs/theme/eldy/global.inc.php
@@ -21,6 +21,7 @@
--colorbacklinepairchecked: rgb();
--colorbacklinebreak: rgb();
--colorbackbody: rgb();
+ --colorbackmobilemenu: #f8f8f8;
--colortexttitlenotab: rgb();
--colortexttitlenotab2: rgb();
--colortexttitle: rgba(, 0.9);
@@ -45,6 +46,8 @@
--amountremaintopaycolor:#880000;
--amountpaymentcomplete:#008800;
--amountremaintopaybackcolor:none;
+ --productlinestockod: #002200;
+ --productlinestocktoolow: #884400;
}
global->THEME_DARKMODEENABLED)) {
--colorbackhmenu1: #1d1e20;
--colorbackvmenu1: #2b2c2e;
--colorbacktitle1: #2b2d2f;
- --colorbacktabcard1: #38393d;
+ --colorbacktabcard1: #1d1e20; /* Must be same than colorbackbody */
--colorbacktabactive: rgb(220,220,220);
--colorbacklineimpair1: #38393d;
--colorbacklineimpair2: #2b2d2f;
@@ -66,6 +69,7 @@ if (!empty($conf->global->THEME_DARKMODEENABLED)) {
--colorbacklinepairhover: #2b2d2f;
--colorbacklinepairchecked: #0e5ccd;
--colorbackbody: #1d1e20;
+ --colorbackmobilemenu: #080808;
--tooltipbgcolor: #2b2d2f;
--colortexttitlenotab: rgb(220,220,220);
--colortexttitlenotab2: rgb(220,220,220);
@@ -89,7 +93,11 @@ if (!empty($conf->global->THEME_DARKMODEENABLED)) {
--amountremaintopaycolor:rgb(252,84,91);
--amountpaymentcomplete:rgb(101,184,77);
--amountremaintopaybackcolor:rbg(245,130,46);
- }\n";
+ }
+
+ body, button {
+ color: #bbb;
+ }\n";
if ($conf->global->THEME_DARKMODEENABLED != 2) {
print "}\n";
}
@@ -719,6 +727,9 @@ textarea.centpercent {
.paddingright2 {
padding-: 2px;
}
+.paddingright2imp {
+ padding-: 2px !important;
+}
.paddingtop {
padding-top: 4px;
}
@@ -1827,7 +1838,7 @@ div.vmenu, td.vmenu {
div.fiche {
- margin-: dol_optimize_smallscreen) ? '32' : '6')); ?>px;
+ margin-: dol_optimize_smallscreen) ? '34' : '6')); ?>px;
margin-: dol_optimize_smallscreen) ? '30' : '6')); ?>px;
global->THEME_DARKMODEENABLED)) { ?>
+ color: #000;
+
}
div.pagination li.pagination span.inactive {
cursor: default;
@@ -4271,8 +4284,8 @@ div.boximport {
min-height: unset;
}
-.product_line_stock_ok { color: #002200; }
-.product_line_stock_too_low { color: #884400; }
+.product_line_stock_ok { color: var(--productlinestockok); }
+.product_line_stock_too_low { color: var(--productlinestocktoolow); }
.fieldrequired { font-weight: bold; color: var(--fieldrequiredcolor) !important; }
@@ -6073,7 +6086,7 @@ li.ui-li-divider .ui-link {
color: #FFF !important;
}
.ui-btn {
- margin: 0.1em 2px
+ margin: 0 2px;
}
a.ui-link, a.ui-link:hover, .ui-btn:hover, span.ui-btn-text:hover, span.ui-btn-inner:hover {
text-decoration: none !important;
@@ -6227,7 +6240,7 @@ ul.ulmenu {
}
.alilevel0 {
color: var(--colortexttitle) !important;
- background: #f8f8f8
+ background: var(--colorbackmobilemenu);
}
.ulmenu {
box-shadow: none !important;
diff --git a/htdocs/theme/md/dropdown.inc.php b/htdocs/theme/md/dropdown.inc.php
index 9b96c9b061b..2627a727a23 100644
--- a/htdocs/theme/md/dropdown.inc.php
+++ b/htdocs/theme/md/dropdown.inc.php
@@ -283,14 +283,14 @@ a.top-menu-dropdown-link {
text-decoration: none;
}
-#topmenuloginmoreinfo-btn{
+#topmenuloginmoreinfo-btn, #topmenulogincompanyinfo-btn {
display: block;
text-aling: right;
color:#666;
cursor: pointer;
}
-#topmenuloginmoreinfo{
+#topmenuloginmoreinfo, #topmenulogincompanyinfo {
display: none;
clear: both;
font-size: 0.95em;
diff --git a/htdocs/ticket/card.php b/htdocs/ticket/card.php
index 98bcccd4ca1..e6f3f21050c 100644
--- a/htdocs/ticket/card.php
+++ b/htdocs/ticket/card.php
@@ -186,7 +186,7 @@ if (empty($reshook)) {
$notifyTiers = GETPOST("notify_tiers_at_create", 'alpha');
$object->notify_tiers_at_create = empty($notifyTiers) ? 0 : 1;
- $object->fk_project = GETPOST('projectid', 'int');
+ $object->fk_project = $projectid;
$id = $object->create($user);
if ($id <= 0) {
@@ -205,9 +205,9 @@ if (empty($reshook)) {
$result = $object->add_contact($contactid, $typeid, 'external');
}
- // altairis: link ticket to project
- if (GETPOST('projectid') > 0) {
- $object->setProject(GETPOST('projectid'));
+ // Link ticket to project
+ if ($projectid > 0) {
+ $object->setProject($projectid);
}
// Auto assign user
@@ -236,7 +236,7 @@ if (empty($reshook)) {
if ($conf->global->TICKET_AUTO_CREATE_FICHINTER_CREATE) {
$fichinter = new Fichinter($db);
$fichinter->socid = $object->fk_soc;
- $fichinter->fk_project = GETPOST('projectid', 'int');
+ $fichinter->fk_project = $projectid;
$fichinter->fk_contrat = $contractid;
$fichinter->author = $user->id;
$fichinter->model_pdf = 'soleil';
@@ -534,7 +534,7 @@ if (empty($reshook)) {
} elseif ($action == 'classin' && $user->rights->ticket->write) {
// Categorisation dans projet
if ($object->fetch(GETPOST('id', 'int'), '', GETPOST('track_id', 'alpha')) >= 0) {
- $object->setProject(GETPOST('projectid', 'int'));
+ $object->setProject($projectid);
$url = 'card.php?action=view&track_id='.$object->track_id;
header("Location: ".$url);
exit();
@@ -778,7 +778,7 @@ if ($action == 'create' || $action == 'presend') {
}
// project info
- if ($projectid) {
+ if ($projectid > 0) {
$projectstat = new Project($db);
if ($projectstat->fetch($projectid) > 0) {
$projectstat->fetch_thirdparty();
diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php
index 93806bb86aa..1d77e323c10 100644
--- a/htdocs/ticket/class/ticket.class.php
+++ b/htdocs/ticket/class/ticket.class.php
@@ -568,7 +568,7 @@ class Ticket extends CommonObject
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code";
if ($id) {
- $sql .= " WHERE t.rowid = ".$this->db->escape($id);
+ $sql .= " WHERE t.rowid = ".((int) $id);
} else {
$sql .= " WHERE t.entity IN (".getEntity($this->element, 1).")";
if (!empty($ref)) {
@@ -1982,8 +1982,8 @@ class Ticket extends CommonObject
* Link element with a project
* Override core function because of key name 'fk_project' used for this module
*
- * @param int $projectid Project id to link element to
- * @return int <0 if KO, >0 if OK
+ * @param int $projectid Project id to link element to
+ * @return int <0 if KO, >0 if OK
*/
public function setProject($projectid)
{
@@ -1994,16 +1994,15 @@ class Ticket extends CommonObject
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
if ($projectid) {
- $sql .= ' SET fk_project = '.$projectid;
+ $sql .= ' SET fk_project = '.((int) $projectid);
} else {
$sql .= ' SET fk_project = NULL';
}
-
- $sql .= ' WHERE rowid = '.$this->id;
+ $sql .= ' WHERE rowid = '.((int) $this->id);
dol_syslog(get_class($this)."::setProject sql=".$sql);
if ($this->db->query($sql)) {
- $this->fk_project = $projectid;
+ $this->fk_project = ((int) $projectid);
return 1;
} else {
dol_print_error($this->db);
diff --git a/htdocs/ticket/class/ticketstats.class.php b/htdocs/ticket/class/ticketstats.class.php
index 51449c6b233..2bcd0fe89fc 100644
--- a/htdocs/ticket/class/ticketstats.class.php
+++ b/htdocs/ticket/class/ticketstats.class.php
@@ -98,7 +98,7 @@ class TicketStats extends Stats
{
$sql = "SELECT MONTH(datec) as dm, count(*)";
$sql .= " FROM ".$this->from;
- $sql .= " WHERE YEAR(datec) = ".$year;
+ $sql .= " WHERE YEAR(datec) = ".((int) $year);
$sql .= " AND ".$this->where;
$sql .= " GROUP BY dm";
$sql .= $this->db->order('dm', 'DESC');
diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index c1224285c7c..b3303492417 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -871,7 +871,7 @@ class User extends CommonObject
$nid = $obj->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights";
- $sql .= " WHERE fk_user = ".$this->id." AND fk_id=".$nid;
+ $sql .= " WHERE fk_user = ".$this->id." AND fk_id = ".((int) $nid);
$sql .= " AND entity = ".$entity;
if (!$this->db->query($sql)) {
$error++;
@@ -1110,16 +1110,14 @@ class User extends CommonObject
// Check parameters
if ($this->statut == $status) {
return 0;
- } else {
- $this->statut = $status;
}
$this->db->begin();
// Save in database
$sql = "UPDATE ".MAIN_DB_PREFIX."user";
- $sql .= " SET statut = ".$this->statut;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " SET statut = ".((int) $status);
+ $sql .= " WHERE rowid = ".((int) $this->id);
$result = $this->db->query($sql);
dol_syslog(get_class($this)."::setstatus", LOG_DEBUG);
@@ -1136,6 +1134,8 @@ class User extends CommonObject
$this->db->rollback();
return -$error;
} else {
+ $this->status = $status;
+ $this->statut = $status;
$this->db->commit();
return 1;
}
@@ -1199,7 +1199,7 @@ class User extends CommonObject
// If contact, remove link
if ($this->contact_id > 0) {
- $sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET fk_user_creat = null WHERE rowid = ".$this->contact_id;
+ $sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET fk_user_creat = null WHERE rowid = ".((int) $this->contact_id);
if (!$error && !$this->db->query($sql)) {
$error++;
$this->error = $this->db->lasterror();
@@ -1737,7 +1737,7 @@ class User extends CommonObject
// If user is linked to a member, remove old link to this member
if ($this->fk_member > 0) {
dol_syslog(get_class($this)."::update remove link with member. We will recreate it later", LOG_DEBUG);
- $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL where fk_member = ".$this->fk_member;
+ $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL where fk_member = ".((int) $this->fk_member);
$resql = $this->db->query($sql);
if (!$resql) {
$this->error = $this->db->error(); $this->db->rollback(); return -5;
@@ -1745,7 +1745,7 @@ class User extends CommonObject
}
// Set link to user
dol_syslog(get_class($this)."::update set link with member", LOG_DEBUG);
- $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member =".($this->fk_member > 0 ? $this->fk_member : 'null')." where rowid = ".$this->id;
+ $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member =".($this->fk_member > 0 ? ((int) $this->fk_member) : 'null')." where rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
$this->error = $this->db->error(); $this->db->rollback(); return -5;
diff --git a/htdocs/user/note.php b/htdocs/user/note.php
index 1a375343e05..1ce397626e6 100644
--- a/htdocs/user/note.php
+++ b/htdocs/user/note.php
@@ -105,7 +105,7 @@ if ($id) {
print '
';
- print "