From 26dc3ef1b0aacae520e86824e096a03073db205f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 16 Mar 2021 18:56:10 +0100 Subject: [PATCH 1/4] FIX Filter on debit/credit Conflicts: htdocs/compta/bank/bankentries_list.php --- htdocs/compta/bank/bankentries_list.php | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index 63021eb3b07..7abd2c6a2b7 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -515,13 +515,17 @@ if ($search_description) } $sql .= natural_search("b.label", $search_description_to_use); // Warning some text are just translation keys, not translated strings } -if ($search_bid > 0) $sql .= " AND b.rowid=l.lineid AND l.fk_categ=".$search_bid; -if (!empty($search_type)) $sql .= " AND b.fk_type = '".$db->escape($search_type)."' "; +if ($search_bid > 0) $sql .= " AND b.rowid=l.lineid AND l.fk_categ=".((int) $search_bid); +if (!empty($search_type)) $sql .= " AND b.fk_type = '".$db->escape($search_type)."'"; // Search criteria amount -$search_debit = price2num(str_replace('-', '', $search_debit)); -$search_credit = price2num(str_replace('-', '', $search_credit)); -if ($search_debit) $sql .= natural_search('- b.amount', $search_debit, 1); -if ($search_credit) $sql .= natural_search('b.amount', $search_credit, 1); +if ($search_debit) { + $sql .= natural_search('ABS(b.amount)', $search_debit, 1); + $sql .= ' AND b.amount <= 0'; +} +if ($search_credit) { + $sql .= natural_search('b.amount', $search_credit, 1); + $sql .= ' AND b.amount >= 0'; +} // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; From e37e0399e5054d797d6d0fd02d444b10b12b4f25 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 18 Mar 2021 12:10:23 +0100 Subject: [PATCH 2/4] Fix bad message --- htdocs/opensurvey/results.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/htdocs/opensurvey/results.php b/htdocs/opensurvey/results.php index ea07900ba67..a6b192a4dba 100644 --- a/htdocs/opensurvey/results.php +++ b/htdocs/opensurvey/results.php @@ -596,7 +596,10 @@ if (GETPOST('ajoutsujet')) } if ($user->rights->opensurvey->write) { - print ''.$langs->trans("PollAdminDesc", img_picto('', 'delete'), $langs->trans("Add")).'
'; + print ''; + $s = $langs->trans("PollAdminDesc", '{s1}', $langs->trans("Add")); + print str_replace('{s1}', img_picto('', 'delete'), $s); + print '
'; } $nbcolonnes = substr_count($object->sujet, ',') + 1; From af340ec1335d5f419e989a482f8aa1488a4292c8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 18 Mar 2021 12:18:38 +0100 Subject: [PATCH 3/4] Fix #yogosha5657 --- htdocs/opensurvey/exportcsv.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/opensurvey/exportcsv.php b/htdocs/opensurvey/exportcsv.php index 6f9a699273b..fe814a44037 100644 --- a/htdocs/opensurvey/exportcsv.php +++ b/htdocs/opensurvey/exportcsv.php @@ -39,6 +39,9 @@ $object = new Opensurveysondage($db); $result = $object->fetch(0, $numsondage); if ($result <= 0) dol_print_error('', 'Failed to get survey id '.$numsondage); +// Security check +if (!$user->rights->opensurvey->read) accessforbidden(); + /* * Actions From 03941a59af74944ef99ca0cf041be8055a9719a8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 18 Mar 2021 12:21:35 +0100 Subject: [PATCH 4/4] Clean code --- htdocs/opensurvey/card.php | 4 +++- htdocs/opensurvey/exportcsv.php | 4 +++- htdocs/opensurvey/fonctions.php | 1 - htdocs/opensurvey/index.php | 4 +++- htdocs/opensurvey/results.php | 6 +++--- 5 files changed, 12 insertions(+), 7 deletions(-) diff --git a/htdocs/opensurvey/card.php b/htdocs/opensurvey/card.php index ef583d08ff5..1a61773993f 100644 --- a/htdocs/opensurvey/card.php +++ b/htdocs/opensurvey/card.php @@ -32,7 +32,9 @@ require_once DOL_DOCUMENT_ROOT."/opensurvey/fonctions.php"; // Security check -if (!$user->rights->opensurvey->read) accessforbidden(); +if (empty($user->rights->opensurvey->read)) { + accessforbidden(); +} // Initialisation des variables $action = GETPOST('action', 'aZ09'); diff --git a/htdocs/opensurvey/exportcsv.php b/htdocs/opensurvey/exportcsv.php index fe814a44037..5abfd76f88e 100644 --- a/htdocs/opensurvey/exportcsv.php +++ b/htdocs/opensurvey/exportcsv.php @@ -40,7 +40,9 @@ $result = $object->fetch(0, $numsondage); if ($result <= 0) dol_print_error('', 'Failed to get survey id '.$numsondage); // Security check -if (!$user->rights->opensurvey->read) accessforbidden(); +if (empty($user->rights->opensurvey->read)) { + accessforbidden(); +} /* diff --git a/htdocs/opensurvey/fonctions.php b/htdocs/opensurvey/fonctions.php index 0ea701ebf0b..5832e57c46d 100644 --- a/htdocs/opensurvey/fonctions.php +++ b/htdocs/opensurvey/fonctions.php @@ -31,7 +31,6 @@ */ function opensurvey_prepare_head(Opensurveysondage $object) { - global $langs, $conf; $h = 0; diff --git a/htdocs/opensurvey/index.php b/htdocs/opensurvey/index.php index 50198e5202f..c8cc35a0c61 100644 --- a/htdocs/opensurvey/index.php +++ b/htdocs/opensurvey/index.php @@ -31,7 +31,9 @@ require_once DOL_DOCUMENT_ROOT."/core/lib/files.lib.php"; $langs->load("opensurvey"); // Security check -if (!$user->rights->opensurvey->read) accessforbidden(); +if (empty($user->rights->opensurvey->read)) { + accessforbidden(); +} $hookmanager = new HookManager($db); diff --git a/htdocs/opensurvey/results.php b/htdocs/opensurvey/results.php index a6b192a4dba..fe03c433738 100644 --- a/htdocs/opensurvey/results.php +++ b/htdocs/opensurvey/results.php @@ -29,10 +29,10 @@ require_once DOL_DOCUMENT_ROOT."/core/lib/files.lib.php"; require_once DOL_DOCUMENT_ROOT."/opensurvey/class/opensurveysondage.class.php"; require_once DOL_DOCUMENT_ROOT."/opensurvey/fonctions.php"; - // Security check -if (!$user->rights->opensurvey->read) accessforbidden(); - +if (empty($user->rights->opensurvey->read)) { + accessforbidden(); +} // Init vars $action = GETPOST('action', 'aZ09');