';
print '' . $langs->trans("Total") . ' ';
@@ -302,7 +326,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) // This part of code looks strange.
print '' . $langs->trans('MonthShort' . str_pad($i, 2, '0', STR_PAD_LEFT)) . ' ';
}
print '' . $langs->trans("Total") . ' ' . $row[0] . ' ';
for($i = 1; $i <= 12; $i ++) {
@@ -328,7 +352,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) // This part of code looks strange.
print '' . price($row[13]) . ' '.$langs->transnoentitiesnoconv("MenuBankCash").' ');
+ }
+ }
+ else dol_print_error($db);
+
+
// Button to write into Ledger
if (empty($conf->global->ACCOUNTING_ACCOUNT_CUSTOMER) || $conf->global->ACCOUNTING_ACCOUNT_CUSTOMER == '-1'
|| empty($conf->global->ACCOUNTING_ACCOUNT_SUPPLIER) || $conf->global->ACCOUNTING_ACCOUNT_SUPPLIER == '-1'
@@ -797,8 +839,10 @@ if (empty($action) || $action == 'view') {
// Bank
foreach ( $tabbq[$key] as $k => $mt )
{
+ //var_dump($tabpay[$key]);
+ print '';
print '';
- print "" . $date . " ";
print "" . $ref . " ";
// Ledger account
@@ -819,11 +863,14 @@ if (empty($action) || $action == 'view') {
}
else print $accounttoshow;*/
print "";
- if ($val['soclib'] == '') {
- print "" . $langs->trans("Bank") . " - " . $reflabel . " ";
- } else {
- print "" . $langs->trans("Bank") . " - " . $val['soclib'] . " ";
+ print "";
+ //var_dump($tabpay[$key]);
+ print $langs->trans("Bank");
+ print ' '.$val['bank_account_ref'];
+ if (! empty($val['soclib'])) {
+ print " - " . $val['soclib'];
}
+ print " ";
print "" . $val["type_payment"] . " ";
print "" . ($mt >= 0 ? price($mt) : '') . " ";
print "" . ($mt < 0 ? price(- $mt) : '') . " ";
@@ -834,14 +881,15 @@ if (empty($action) || $action == 'view') {
if (is_array($tabtp[$key])) {
foreach ( $tabtp[$key] as $k => $mt ) {
if ($k != 'type') {
+ print '';
print ' ';
- print "" . $date . " ";
print "" . $ref . " ";
// Ledger account
print "";
$account_ledger = $k;
-
+ // Try to force general ledger account depending on type
if ($tabtype[$key] == 'payment') $account_ledger = $conf->global->ACCOUNTING_ACCOUNT_CUSTOMER;
if ($tabtype[$key] == 'payment_supplier') $account_ledger = $conf->global->ACCOUNTING_ACCOUNT_SUPPLIER;
if ($tabtype[$key] == 'payment_expensereport') $account_ledger = $conf->global->SALARIES_ACCOUNTING_ACCOUNT_PAYMENT;
@@ -878,7 +926,11 @@ if (empty($action) || $action == 'view') {
{
if (empty($accounttoshowsubledger) || $accounttoshowsubledger == 'NotDefined')
{
- print ''.$langs->trans("ThirdpartyAccountNotDefined").' ';
+ /*var_dump($tabpay[$key]);
+ var_dump($tabtype[$key]);
+ var_dump($tabbq[$key]);*/
+ //print ''.$langs->trans("ThirdpartyAccountNotDefined").' ';
+ print ''.$langs->trans("ThirdpartyAccountNotDefinedOrThirdPartyUnknown").' ';
}
else print $accounttoshowsubledger;
}
@@ -893,8 +945,9 @@ if (empty($action) || $action == 'view') {
}
} else {
foreach ( $tabbq[$key] as $k => $mt ) {
+ print '';
print ' ';
- print "" . $date . " ";
print "" . $ref . " ";
// Ledger account
@@ -936,7 +989,7 @@ $db->close();
* Return source for doc_ref of a bank transaction
*
* @param string $val Array of val
- * @param string $typerecord Type of record
+ * @param string $typerecord Type of record ('payment', 'payment_supplier', 'payment_expensereport', 'payment_vat', ...)
* @return string|unknown
*/
function getSourceDocRef($val, $typerecord)
diff --git a/htdocs/accountancy/supplier/index.php b/htdocs/accountancy/supplier/index.php
index f862feb5ba3..3dac6a23567 100644
--- a/htdocs/accountancy/supplier/index.php
+++ b/htdocs/accountancy/supplier/index.php
@@ -190,8 +190,8 @@ for($i = 1; $i <= 12; $i ++) {
}
print '' . $langs->trans("Total") . ' ';
-$sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'".$langs->trans('NotMatch')."'", 'aa.account_number') ." AS codecomptable,";
-$sql .= " " . $db->ifsql('aa.label IS NULL', "'".$langs->trans('NotMatch')."'", 'aa.label') . " AS intitule,";
+$sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number') ." AS codecomptable,";
+$sql .= " " . $db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label') . " AS intitule,";
for($i = 1; $i <= 12; $i ++) {
$sql .= " SUM(" . $db->ifsql('MONTH(ff.datef)=' . $i, 'ffd.total_ht', '0') . ") AS month" . str_pad($i, 2, '0', STR_PAD_LEFT) . ",";
}
@@ -213,8 +213,20 @@ if ($resql) {
while ( $row = $db->fetch_row($resql)) {
- print '' . length_accountg($row[0]) . ' ';
- print '' . $row[1] . ' ';
+ print '';
+ if ($row[0] == 'tobind')
+ {
+ print $langs->trans("Unknown");
+ }
+ else print length_accountg($row[0]);
+ print ' ';
+ print '';
+ if ($row[0] == 'tobind')
+ {
+ print $langs->trans("UseMenuToSetBindindManualy", DOL_URL_ROOT.'/accountancy/supplier/list.php?search_year='.$y, $langs->transnoentitiesnoconv("ToBind"));
+ }
+ else print $row[1];
+ print ' ';
for($i = 2; $i <= 12; $i ++) {
print '' . price($row[$i]) . ' ';
}
@@ -244,8 +256,8 @@ for($i = 1; $i <= 12; $i ++) {
}
print '' . $langs->trans("Total") . ' ' . length_accountg($row[0]) . ' ';
- print '' . $row[1] . ' ';
- for($i = 2; $i <= 12; $i ++) {
+ print '';
+ if ($row[0] == 'tobind')
+ {
+ print $langs->trans("Unknown");
+ }
+ else print length_accountg($row[0]);
+ print ' ';
+ print '';
+ if ($row[0] == 'tobind')
+ {
+ print $langs->trans("UseMenuToSetBindindManualy", DOL_URL_ROOT.'/accountancy/supplier/list.php?search_year='.$y, $langs->transnoentitiesnoconv("ToBind"));
+ }
+ else print $row[1];
+ print ' ';
+ for($i = 2; $i <= 12; $i ++) {
print '' . price($row[$i]) . ' ';
}
print '' . price($row[13]) . ' ';
diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php
index 016fc5e0499..a0f36c409de 100644
--- a/htdocs/adherents/type.php
+++ b/htdocs/adherents/type.php
@@ -390,13 +390,13 @@ if ($rowid > 0)
}
if ($status != '')
{
- $sql.= " AND d.statut IN (".$status.")"; // Peut valoir un nombre ou liste de nombre separes par virgules
+ $sql.= " AND d.statut IN (".$db->escape($status).")"; // Peut valoir un nombre ou liste de nombre separes par virgules
}
if ($action == 'search')
{
if (GETPOST('search'))
{
- $sql.= natural_search(array("d.firstname","d.lastname"), GETPOST('search'));
+ $sql.= natural_search(array("d.firstname","d.lastname"), GETPOST('search','alpha'));
}
}
if (! empty($search_lastname))
diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php
index ecf95c5096d..05d9049ff03 100644
--- a/htdocs/categories/class/categorie.class.php
+++ b/htdocs/categories/class/categorie.class.php
@@ -1540,17 +1540,30 @@ class Categorie extends CommonObject
dol_mkdir($dir);
}
- if (file_exists($dir))
- {
- $originImage = $dir . $file['name'];
+ if (file_exists($dir)) {
+ if (is_array($file['name']) && count($file['name']) > 0) {
+ for($i = 0; $i <= count($file['name']); $i ++) {
- // Cree fichier en taille origine
- dol_move_uploaded_file($file['tmp_name'], $originImage, 1, 0, 0);
+ $originImage = $dir . $file['name'][$i];
- if (file_exists($originImage))
- {
- // Create thumbs
- $this->addThumbs($originImage);
+ // Cree fichier en taille origine
+ dol_move_uploaded_file($file['tmp_name'][$i], $originImage, 1, 0, 0);
+
+ if (file_exists($originImage)) {
+ // Create thumbs
+ $this->addThumbs($originImage);
+ }
+ }
+ } else {
+ $originImage = $dir . $file['name'];
+
+ // Cree fichier en taille origine
+ dol_move_uploaded_file($file['tmp_name'], $originImage, 1, 0, 0);
+
+ if (file_exists($originImage)) {
+ // Create thumbs
+ $this->addThumbs($originImage);
+ }
}
}
}
diff --git a/htdocs/comm/mailing/class/advtargetemailing.class.php b/htdocs/comm/mailing/class/advtargetemailing.class.php
index a0744fcfa04..ce6a9cf9896 100644
--- a/htdocs/comm/mailing/class/advtargetemailing.class.php
+++ b/htdocs/comm/mailing/class/advtargetemailing.class.php
@@ -640,16 +640,16 @@ class AdvanceTargetingMailing extends CommonObject
$sqlwhere[]=$this->transformToSQL('t.firstname',$arrayquery['contact_firstname']);
}
if (!empty($arrayquery['contact_country']) && count($arrayquery['contact_country'])) {
- $sqlwhere[]= " (t.fk_pays IN (".implode(',',$arrayquery['contact_country'])."))";
+ $sqlwhere[]= " (t.fk_pays IN (".$db->escape(implode(',',$arrayquery['contact_country']))."))";
}
if (!empty($arrayquery['contact_status']) && count($arrayquery['contact_status'])>0) {
- $sqlwhere[]= " (t.statut IN (".implode(',',$arrayquery['contact_status'])."))";
+ $sqlwhere[]= " (t.statut IN (".$db->escape(implode(',',$arrayquery['contact_status']))."))";
}
if (!empty($arrayquery['contact_civility']) && count($arrayquery['contact_civility'])>0) {
- $sqlwhere[]= " (t.civility IN ('".implode("','",$arrayquery['contact_civility'])."'))";
+ $sqlwhere[]= " (t.civility IN ('".$db->escape(implode("','",$arrayquery['contact_civility']))."'))";
}
if ($arrayquery['contact_no_email']!='') {
- $sqlwhere[]= " (t.no_email='".$arrayquery['contact_no_email']."')";
+ $sqlwhere[]= " (t.no_email='".$db->escape($arrayquery['contact_no_email'])."')";
}
if ($arrayquery['contact_update_st_dt']!='') {
$sqlwhere[]= " (t.tms >= '".$this->db->idate($arrayquery['contact_update_st_dt'])."' AND t.tms <= '".$this->db->idate($arrayquery['contact_update_end_dt'])."')";
@@ -658,7 +658,7 @@ class AdvanceTargetingMailing extends CommonObject
$sqlwhere[]= " (t.datec >= '".$this->db->idate($arrayquery['contact_create_st_dt'])."' AND t.datec <= '".$this->db->idate($arrayquery['contact_create_end_dt'])."')";
}
if (!empty($arrayquery['contact_categ']) && count($arrayquery['contact_categ'])>0) {
- $sqlwhere[]= " (contactcateg.fk_categorie IN (".implode(",",$arrayquery['contact_categ'])."))";
+ $sqlwhere[]= " (contactcateg.fk_categorie IN (".$db->escape(implode(",",$arrayquery['contact_categ']))."))";
}
//Standard Extrafield feature
diff --git a/htdocs/comm/propal/stats/index.php b/htdocs/comm/propal/stats/index.php
index 5c74c8374a0..273862f68bf 100644
--- a/htdocs/comm/propal/stats/index.php
+++ b/htdocs/comm/propal/stats/index.php
@@ -92,7 +92,7 @@ dol_mkdir($dir);
$stats = new PropaleStats($db, $socid, ($userid>0?$userid:0), $mode);
-if ($object_status != '' && $object_status >= 0) $stats->where .= ' AND p.fk_statut IN ('.$object_status.')';
+if ($object_status != '' && $object_status >= 0) $stats->where .= ' AND p.fk_statut IN ('.$db->escape($object_status).')';
// Build graphic number of object
$data = $stats->getNbByMonthWithPrevYear($endyear,$startyear);
@@ -299,7 +299,7 @@ foreach ($data as $val)
while (! empty($year) && $oldyear > $year+1)
{ // If we have empty year
$oldyear--;
-
+
print '';
print '0?'&userid='.$userid:'').'">'.$oldyear.' 0 ';
diff --git a/htdocs/commande/stats/index.php b/htdocs/commande/stats/index.php
index ed9f8906804..6a8b57e3707 100644
--- a/htdocs/commande/stats/index.php
+++ b/htdocs/commande/stats/index.php
@@ -88,11 +88,11 @@ dol_mkdir($dir);
$stats = new CommandeStats($db, $socid, $mode, ($userid>0?$userid:0));
if ($mode == 'customer')
{
- if ($object_status != '' && $object_status >= -1) $stats->where .= ' AND c.fk_statut IN ('.$object_status.')';
+ if ($object_status != '' && $object_status >= -1) $stats->where .= ' AND c.fk_statut IN ('.$db->escape($object_status).')';
}
if ($mode == 'supplier')
{
- if ($object_status != '' && $object_status >= 0) $stats->where .= ' AND c.fk_statut IN ('.$object_status.')';
+ if ($object_status != '' && $object_status >= 0) $stats->where .= ' AND c.fk_statut IN ('.$db->escape($object_status).')';
}
diff --git a/htdocs/compta/facture/stats/index.php b/htdocs/compta/facture/stats/index.php
index 55ff4dad6e3..bf54e4f58ab 100644
--- a/htdocs/compta/facture/stats/index.php
+++ b/htdocs/compta/facture/stats/index.php
@@ -84,11 +84,11 @@ dol_mkdir($dir);
$stats = new FactureStats($db, $socid, $mode, ($userid>0?$userid:0));
if ($mode == 'customer')
{
- if ($object_status != '' && $object_status >= -1) $stats->where .= ' AND f.fk_statut IN ('.$object_status.')';
+ if ($object_status != '' && $object_status >= -1) $stats->where .= ' AND f.fk_statut IN ('.$db->escape($object_status).')';
}
if ($mode == 'supplier')
{
- if ($object_status != '' && $object_status >= 0) $stats->where .= ' AND f.fk_statut IN ('.$object_status.')';
+ if ($object_status != '' && $object_status >= 0) $stats->where .= ' AND f.fk_statut IN ('.$db->escape($object_status).')';
}
// Build graphic number of object
@@ -299,7 +299,7 @@ foreach ($data as $val)
while ($year && $oldyear > $year+1)
{ // If we have empty year
$oldyear--;
-
+
print ' ';
print '0?'&userid='.$userid:'').'">'.$oldyear.' 0 ';
@@ -310,7 +310,7 @@ foreach ($data as $val)
print ' ';
}
-
+
print '';
print '0?'&userid='.$userid:'').'">'.$year.' '.$val['nb'].' ';
diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index b7a2b46dfc0..c8ea494ad3a 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -1918,7 +1918,7 @@ class Form
$sql.= ' WHERE p.entity IN ('.getEntity('product').')';
if (count($warehouseStatusArray))
{
- $sql.= ' AND (p.fk_product_type = 1 OR e.statut IN ('.implode(',',$warehouseStatusArray).'))';
+ $sql.= ' AND (p.fk_product_type = 1 OR e.statut IN ('.$db->escape(implode(',',$warehouseStatusArray)).'))';
}
if (!empty($conf->global->PRODUIT_ATTRIBUTES_HIDECHILD)) {
diff --git a/htdocs/core/modules/syslog/mod_syslog_syslog.php b/htdocs/core/modules/syslog/mod_syslog_syslog.php
index e0283ac9a9f..1f2f499fbac 100644
--- a/htdocs/core/modules/syslog/mod_syslog_syslog.php
+++ b/htdocs/core/modules/syslog/mod_syslog_syslog.php
@@ -49,7 +49,7 @@ class mod_syslog_syslog extends LogHandler implements LogHandlerInterface
public function isActive()
{
global $conf;
-
+
// This function does not exists on some ISP (Ex: Free in France)
if (!function_exists('openlog')) return 0;
@@ -81,15 +81,15 @@ class mod_syslog_syslog extends LogHandler implements LogHandlerInterface
*/
public function checkConfiguration()
{
- global $langs;
+ global $conf, $langs;
$errors = array();
- $facility = SYSLOG_FACILITY;
+ $facility = constant($conf->global->SYSLOG_FACILITY);
if ($facility)
{
// Only LOG_USER supported on Windows
- if (! empty($_SERVER["WINDIR"])) $facility='LOG_USER';
+ if (! empty($_SERVER["WINDIR"])) $facility=constant('LOG_USER');
dol_syslog("admin/syslog: facility ".$facility);
}
diff --git a/htdocs/don/list.php b/htdocs/don/list.php
index 5521b233a28..9602b69a615 100644
--- a/htdocs/don/list.php
+++ b/htdocs/don/list.php
@@ -92,11 +92,11 @@ $sql.= " FROM ".MAIN_DB_PREFIX."don as d LEFT JOIN ".MAIN_DB_PREFIX."projet AS p
$sql.= " ON p.rowid = d.fk_projet WHERE 1 = 1";
if ($statut != '' && $statut != '-1')
{
- $sql .= " AND d.fk_statut IN (".$statut.")";
+ $sql .= " AND d.fk_statut IN (".$db->escape($statut).")";
}
if (trim($search_ref) != '')
{
- $sql.= natural_search('d.ref',$search_ref);
+ $sql.= natural_search('d.ref', $search_ref);
}
if (trim($search_all) != '')
{
diff --git a/htdocs/expensereport/stats/index.php b/htdocs/expensereport/stats/index.php
index e158e4728a8..d0e3a1164bc 100644
--- a/htdocs/expensereport/stats/index.php
+++ b/htdocs/expensereport/stats/index.php
@@ -74,7 +74,7 @@ print load_fiche_titre($title, $mesg);
dol_mkdir($dir);
$stats = new ExpenseReportStats($db, $socid, $userid);
-if ($object_status != '' && $object_status >= -1) $stats->where .= ' AND e.fk_statut IN ('.$object_status.')';
+if ($object_status != '' && $object_status >= -1) $stats->where .= ' AND e.fk_statut IN ('.$db->escape($object_status).')';
// Build graphic number of object
// $data = array(array('Lib',val1,val2,val3),...)
@@ -262,7 +262,7 @@ foreach ($data as $val)
while ($year && $oldyear > $year+1)
{ // If we have empty year
$oldyear--;
-
+
print ' ';
print ''.$oldyear.' 0 ';
@@ -271,7 +271,7 @@ foreach ($data as $val)
print ' ';
}
-
+
print '';
print ''.$year.' '.$val['nb'].' ';
diff --git a/htdocs/fichinter/stats/index.php b/htdocs/fichinter/stats/index.php
index 4daa0b7e00d..1c0ba5764ed 100644
--- a/htdocs/fichinter/stats/index.php
+++ b/htdocs/fichinter/stats/index.php
@@ -75,7 +75,7 @@ print load_fiche_titre($title,'','title_commercial.png');
dol_mkdir($dir);
$stats = new FichinterStats($db, $socid, $mode, ($userid>0?$userid:0));
-if ($object_status != '' && $object_status > -1) $stats->where .= ' AND c.fk_statut IN ('.$object_status.')';
+if ($object_status != '' && $object_status > -1) $stats->where .= ' AND c.fk_statut IN ('.$db->escape($object_status).')';
// Build graphic number of object
$data = $stats->getNbByMonthWithPrevYear($endyear,$startyear);
@@ -291,7 +291,7 @@ foreach ($data as $val)
while (! empty($year) && $oldyear > $year+1)
{ // If we have empty year
$oldyear--;
-
+
print ' ';
print '0?'&userid='.$userid:'').'">'.$oldyear.' ';
}
-
+
print '';
print '0?'&userid='.$userid:'').'">'.$year.' '.$val['nb'].' ';
diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php
index ee9a6b3e490..ac67d256824 100644
--- a/htdocs/fourn/commande/list.php
+++ b/htdocs/fourn/commande/list.php
@@ -535,9 +535,9 @@ if ($search_request_author) $sql.=natural_search(array('u.lastname','u.firstname
if ($billed != '' && $billed >= 0) $sql .= " AND cf.billed = ".$billed;
//Required triple check because statut=0 means draft filter
-if (GETPOST('statut', 'alpha') !== '')
+if (GETPOST('statut', 'intcomma') !== '')
{
- $sql .= " AND cf.fk_statut IN (".$db->escape(GETPOST('statut', 'alpha')).")";
+ $sql .= " AND cf.fk_statut IN (".$db->escape($db->escape(GETPOST('statut', 'intcomma'))).")";
}
if ($search_status != '' && $search_status >= 0)
{
diff --git a/htdocs/langs/en_US/accountancy.lang b/htdocs/langs/en_US/accountancy.lang
index e200f0ca7c0..0ef6afd193a 100644
--- a/htdocs/langs/en_US/accountancy.lang
+++ b/htdocs/langs/en_US/accountancy.lang
@@ -54,7 +54,7 @@ AccountancyAreaDescContrib=STEP %s: Define default accounting accounts for speci
AccountancyAreaDescDonation=STEP %s: Define default accounting accounts for donation. For this, use the menu entry %s.
AccountancyAreaDescMisc=STEP %s: Define mandatory default account and default accounting accounts for miscellaneous transactions. For this, use the menu entry %s.
AccountancyAreaDescLoan=STEP %s: Define default accounting accounts for loans. For this, use the menu entry %s.
-AccountancyAreaDescBank=STEP %s: Define accounting accounts for each bank and financial accounts. For this, go on the card of each financial account. You can start from page %s.
+AccountancyAreaDescBank=STEP %s: Define accounting accounts and journal code for each bank and financial accounts. For this, go on the card of each financial account. You can start from page %s.
AccountancyAreaDescProd=STEP %s: Define accounting accounts on your products/services. For this, use the menu entry %s.
AccountancyAreaDescBind=STEP %s: Check the binding between existing %s lines and accounting account is done, so application will be able to journalize transactions in Ledger in one click. Complete missing bindings. For this, use the menu entry %s.
@@ -63,6 +63,7 @@ AccountancyAreaDescAnalyze=STEP %s: Add or edit existing transactions and genera
AccountancyAreaDescClosePeriod=STEP %s: Close period so we can't make modification in a future.
+TheJournalCodeIsNotDefinedOnSomeBankAccount=A mandatory step in setup was not complete (accountancy code journal not defined for all bank accounts)
MenuAccountancy=Accountancy
Selectchartofaccounts=Select active chart of accounts
ChangeAndLoad=Change and load
@@ -273,5 +274,6 @@ BookeppingLineAlreayExists=Lines already existing into bookeeping
NoJournalDefined=No journal defined
Binded=Lines bound
ToBind=Lines to bind
+UseMenuToSetBindindManualy=Autodection not possible, use menu %s to make the binding manually
WarningReportNotReliable=Warning, this report is not based on the Ledger, so does not contains transaction modified manualy in the Ledger. It will be replaced by a more complete report in a next version.
diff --git a/htdocs/product/class/html.formproduct.class.php b/htdocs/product/class/html.formproduct.class.php
index 1dbfbc7662f..c526e7ae52b 100644
--- a/htdocs/product/class/html.formproduct.class.php
+++ b/htdocs/product/class/html.formproduct.class.php
@@ -57,7 +57,7 @@ class FormProduct
* @param string $batch Add quantity of batch stock in label for product with batch name batch, batch name precedes batch_id. Nothing if ''.
* @param string $status warehouse status filter, following comma separated filter options can be used
* 'warehouseopen' = select products from open warehouses,
- * 'warehouseclosed' = select products from closed warehouses,
+ * 'warehouseclosed' = select products from closed warehouses,
* 'warehouseinternal' = select products from warehouses for internal correct/transfer only
* @param boolean $sumStock sum total stock of a warehouse, default true
* @param array $exclude warehouses ids to exclude
@@ -68,28 +68,28 @@ class FormProduct
global $conf, $langs;
if (empty($fk_product) && count($this->cache_warehouses)) return 0; // Cache already loaded and we do not want a list with information specific to a product
-
+
if (is_array($exclude)) $excludeGroups = implode("','",$exclude);
$warehouseStatus = array();
- if (preg_match('/warehouseclosed/', $status))
+ if (preg_match('/warehouseclosed/', $status))
{
$warehouseStatus[] = Entrepot::STATUS_CLOSED;
}
- if (preg_match('/warehouseopen/', $status))
+ if (preg_match('/warehouseopen/', $status))
{
$warehouseStatus[] = Entrepot::STATUS_OPEN_ALL;
}
- if (preg_match('/warehouseinternal/', $status))
+ if (preg_match('/warehouseinternal/', $status))
{
$warehouseStatus[] = Entrepot::STATUS_OPEN_INTERNAL;
}
-
+
$sql = "SELECT e.rowid, e.label, e.description, e.fk_parent";
- if (!empty($fk_product))
+ if (!empty($fk_product))
{
- if (!empty($batch))
+ if (!empty($batch))
{
$sql.= ", pb.qty as stock";
}
@@ -107,7 +107,7 @@ class FormProduct
if (!empty($fk_product))
{
$sql.= " AND ps.fk_product = '".$fk_product."'";
- if (!empty($batch))
+ if (!empty($batch))
{
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_batch as pb on pb.fk_product_stock = ps.rowid AND pb.batch = '".$batch."'";
}
@@ -115,15 +115,15 @@ class FormProduct
$sql.= " WHERE e.entity IN (".getEntity('stock').")";
if (count($warehouseStatus))
{
- $sql.= " AND e.statut IN (".implode(',',$warehouseStatus).")";
+ $sql.= " AND e.statut IN (".$db->escape(implode(',',$warehouseStatus)).")";
}
else
{
$sql.= " AND e.statut = 1";
}
-
- if(!empty($exclude)) $sql.= ' AND e.rowid NOT IN('.implode(',', $exclude).')';
-
+
+ if(!empty($exclude)) $sql.= ' AND e.rowid NOT IN('.$db->escape(implode(',', $exclude)).')';
+
if ($sumStock && empty($fk_product)) $sql.= " GROUP BY e.rowid, e.label, e.description, e.fk_parent";
$sql.= " ORDER BY e.label";
@@ -144,7 +144,7 @@ class FormProduct
$this->cache_warehouses[$obj->rowid]['stock'] = $obj->stock;
$i++;
}
-
+
// Full label init
foreach($this->cache_warehouses as $obj_rowid=>$tab) {
$this->cache_warehouses[$obj_rowid]['full_label'] = $this->get_parent_path($tab);
@@ -158,18 +158,18 @@ class FormProduct
return -1;
}
}
-
+
/**
* Return full path to current warehouse in $tab (recursive function)
- *
+ *
* @param array $tab warehouse data in $this->cache_warehouses line
* @param String $final_label full label with all parents, separated by ' >> ' (completed on each call)
* @return String full label with all parents, separated by ' >> '
*/
private function get_parent_path($tab, $final_label='') {
-
+
if(empty($final_label)) $final_label = $tab['label'];
-
+
if(empty($tab['parent_id'])) return $final_label;
else {
if(!empty($this->cache_warehouses[$tab['parent_id']])) {
@@ -177,9 +177,9 @@ class FormProduct
return $this->get_parent_path($this->cache_warehouses[$tab['parent_id']], $final_label);
}
}
-
+
return $final_label;
-
+
}
/**
@@ -189,7 +189,7 @@ class FormProduct
* @param string $htmlname Name of html select html
* @param string $filterstatus warehouse status filter, following comma separated filter options can be used
* 'warehouseopen' = select products from open warehouses,
- * 'warehouseclosed' = select products from closed warehouses,
+ * 'warehouseclosed' = select products from closed warehouses,
* 'warehouseinternal' = select products from warehouses for internal correct/transfer only
* @param int $empty 1=Can be empty, 0 if not
* @param int $disabled 1=Select is disabled
@@ -208,7 +208,7 @@ class FormProduct
global $conf,$langs,$user;
dol_syslog(get_class($this)."::selectWarehouses $selected, $htmlname, $filterstatus, $empty, $disabled, $fk_product, $empty_label, $showstock, $forcecombo, $morecss",LOG_DEBUG);
-
+
$out='';
if (empty($conf->global->ENTREPOT_EXTRA_STATUS)) $filterstatus = '';
$this->loadWarehouses($fk_product, '', $filterstatus, true, $exclude);
@@ -221,7 +221,7 @@ class FormProduct
$out.= $comboenhancement;
$nodatarole=($comboenhancement?' data-role="none"':'');
}
-
+
$out.='';
if ($empty) $out.=''.($empty_label?$empty_label:' ').' ';
foreach($this->cache_warehouses as $id => $arraytypes)
diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php
index 14b60473687..06afce94c89 100644
--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@@ -3750,7 +3750,7 @@ class Product extends CommonObject
$sql.= " WHERE w.entity IN (".getEntity('stock').")";
$sql.= " AND w.rowid = ps.fk_entrepot";
$sql.= " AND ps.fk_product = ".$this->id;
- if ($conf->global->ENTREPOT_EXTRA_STATUS && count($warehouseStatus)) $sql.= " AND w.statut IN (".implode(',',$warehouseStatus).")";
+ if ($conf->global->ENTREPOT_EXTRA_STATUS && count($warehouseStatus)) $sql.= " AND w.statut IN (".$db->escape(implode(',',$warehouseStatus)).")";
dol_syslog(get_class($this)."::load_stock", LOG_DEBUG);
$result = $this->db->query($sql);
diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php
index 7d7fa8baabb..c7506f31e08 100644
--- a/htdocs/societe/list.php
+++ b/htdocs/societe/list.php
@@ -208,63 +208,63 @@ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'e
if (empty($reshook))
{
- // Selection of new fields
- include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php';
+ // Selection of new fields
+ include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php';
- // Did we click on purge search criteria ?
- if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') || GETPOST('button_removefilter','alpha')) // All tests are required to be compatible with all browsers
- {
- $search_nom='';
- $search_alias='';
- $search_categ_cus=0;
- $search_categ_sup=0;
- $search_sale='';
- $search_barcode="";
- $search_customer_code='';
- $search_supplier_code='';
- $search_account_customer_code='';
- $search_account_supplier_code='';
- $search_town="";
- $search_zip="";
- $search_state="";
- $search_country='';
- $search_email='';
- $search_phone='';
- $search_url='';
- $search_idprof1='';
- $search_idprof2='';
- $search_idprof3='';
- $search_idprof4='';
- $search_idprof5='';
- $search_idprof6='';
- $search_type='';
- $search_type_thirdparty='';
- $search_status=-1;
- $search_stcomm='';
- $search_level_from='';
- $search_level_to='';
- $toselect='';
- $search_array_options=array();
- }
+ // Did we click on purge search criteria ?
+ if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') || GETPOST('button_removefilter','alpha')) // All tests are required to be compatible with all browsers
+ {
+ $search_nom='';
+ $search_alias='';
+ $search_categ_cus=0;
+ $search_categ_sup=0;
+ $search_sale='';
+ $search_barcode="";
+ $search_customer_code='';
+ $search_supplier_code='';
+ $search_account_customer_code='';
+ $search_account_supplier_code='';
+ $search_town="";
+ $search_zip="";
+ $search_state="";
+ $search_country='';
+ $search_email='';
+ $search_phone='';
+ $search_url='';
+ $search_idprof1='';
+ $search_idprof2='';
+ $search_idprof3='';
+ $search_idprof4='';
+ $search_idprof5='';
+ $search_idprof6='';
+ $search_type='';
+ $search_type_thirdparty='';
+ $search_status=-1;
+ $search_stcomm='';
+ $search_level_from='';
+ $search_level_to='';
+ $toselect='';
+ $search_array_options=array();
+ }
- // Mass actions
- $objectclass='Societe';
- $objectlabel='ThirdParty';
- $permtoread = $user->rights->societe->lire;
- $permtodelete = $user->rights->societe->supprimer;
- $uploaddir = $conf->societe->dir_output;
- include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
+ // Mass actions
+ $objectclass='Societe';
+ $objectlabel='ThirdParty';
+ $permtoread = $user->rights->societe->lire;
+ $permtodelete = $user->rights->societe->supprimer;
+ $uploaddir = $conf->societe->dir_output;
+ include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
- if ($action == 'setstcomm')
- {
- $object = new Client($db);
- $result=$object->fetch(GETPOST('stcommsocid'));
- $object->stcomm_id=dol_getIdFromCode($db, GETPOST('stcomm','alpha'), 'c_stcomm');
- $result=$object->update($object->id, $user);
- if ($result < 0) setEventMessages($object->error,$object->errors,'errors');
+ if ($action == 'setstcomm')
+ {
+ $object = new Client($db);
+ $result=$object->fetch(GETPOST('stcommsocid'));
+ $object->stcomm_id=dol_getIdFromCode($db, GETPOST('stcomm','alpha'), 'c_stcomm');
+ $result=$object->update($object->id, $user);
+ if ($result < 0) setEventMessages($object->error,$object->errors,'errors');
- $action='';
- }
+ $action='';
+ }
}
if ($search_status=='') $search_status=1; // always display active thirdparty first
@@ -906,30 +906,30 @@ print '';
print " \n";
print '';
-if (! empty($arrayfields['s.nom']['checked'])) print_liste_field_titre($arrayfields['s.nom']['label'], $_SERVER["PHP_SELF"],"s.nom","",$param,"",$sortfield,$sortorder);
-if (! empty($arrayfields['s.name_alias']['checked'])) print_liste_field_titre($arrayfields['s.name_alias']['label'], $_SERVER["PHP_SELF"],"s.name_alias","",$param,"",$sortfield,$sortorder);
-if (! empty($arrayfields['s.barcode']['checked'])) print_liste_field_titre($arrayfields['s.barcode']['label'], $_SERVER["PHP_SELF"], "s.barcode",$param,'','',$sortfield,$sortorder);
-if (! empty($arrayfields['s.code_client']['checked'])) print_liste_field_titre($arrayfields['s.code_client']['label'],$_SERVER["PHP_SELF"],"s.code_client","",$param,'',$sortfield,$sortorder);
-if (! empty($arrayfields['s.code_fournisseur']['checked'])) print_liste_field_titre($arrayfields['s.code_fournisseur']['label'],$_SERVER["PHP_SELF"],"s.code_fournisseur","",$param,'',$sortfield,$sortorder);
-if (! empty($arrayfields['s.code_compta']['checked'])) print_liste_field_titre($arrayfields['s.code_compta']['label'],$_SERVER["PHP_SELF"],"s.code_compta","",$param,'',$sortfield,$sortorder);
-if (! empty($arrayfields['s.code_compta_fournisseur']['checked'])) print_liste_field_titre($arrayfields['s.code_compta_fournisseur']['label'],$_SERVER["PHP_SELF"],"s.code_compta_fournisseur","",$param,'',$sortfield,$sortorder);
-if (! empty($arrayfields['s.town']['checked'])) print_liste_field_titre($arrayfields['s.town']['label'],$_SERVER["PHP_SELF"],"s.town","",$param,'',$sortfield,$sortorder);
-if (! empty($arrayfields['s.zip']['checked'])) print_liste_field_titre($arrayfields['s.zip']['label'],$_SERVER["PHP_SELF"],"s.zip","",$param,'',$sortfield,$sortorder);
-if (! empty($arrayfields['state.nom']['checked'])) print_liste_field_titre($arrayfields['state.nom']['label'],$_SERVER["PHP_SELF"],"state.nom","",$param,'',$sortfield,$sortorder);
-if (! empty($arrayfields['country.code_iso']['checked'])) print_liste_field_titre($arrayfields['country.code_iso']['label'],$_SERVER["PHP_SELF"],"country.code_iso","",$param,'align="center"',$sortfield,$sortorder);
-if (! empty($arrayfields['typent.code']['checked'])) print_liste_field_titre($arrayfields['typent.code']['label'],$_SERVER["PHP_SELF"],"typent.code","",$param,'align="center"',$sortfield,$sortorder);
-if (! empty($arrayfields['s.email']['checked'])) print_liste_field_titre($arrayfields['s.email']['label'],$_SERVER["PHP_SELF"],"s.email","",$param,'',$sortfield,$sortorder);
-if (! empty($arrayfields['s.phone']['checked'])) print_liste_field_titre($arrayfields['s.phone']['label'],$_SERVER["PHP_SELF"],"s.phone","",$param,'',$sortfield,$sortorder);
-if (! empty($arrayfields['s.url']['checked'])) print_liste_field_titre($arrayfields['s.url']['label'],$_SERVER["PHP_SELF"],"s.url","",$param,'',$sortfield,$sortorder);
-if (! empty($arrayfields['s.siren']['checked'])) print_liste_field_titre($form->textwithpicto($langs->trans("ProfId1Short"),$textprofid[1],1,0),$_SERVER["PHP_SELF"],"s.siren","",$param,'class="nowrap"',$sortfield,$sortorder);
-if (! empty($arrayfields['s.siret']['checked'])) print_liste_field_titre($form->textwithpicto($langs->trans("ProfId2Short"),$textprofid[2],1,0),$_SERVER["PHP_SELF"],"s.siret","",$param,'class="nowrap"',$sortfield,$sortorder);
-if (! empty($arrayfields['s.ape']['checked'])) print_liste_field_titre($form->textwithpicto($langs->trans("ProfId3Short"),$textprofid[3],1,0),$_SERVER["PHP_SELF"],"s.ape","",$param,'class="nowrap"',$sortfield,$sortorder);
-if (! empty($arrayfields['s.idprof4']['checked'])) print_liste_field_titre($form->textwithpicto($langs->trans("ProfId4Short"),$textprofid[4],1,0),$_SERVER["PHP_SELF"],"s.idprof4","",$param,'class="nowrap"',$sortfield,$sortorder);
-if (! empty($arrayfields['s.idprof5']['checked'])) print_liste_field_titre($form->textwithpicto($langs->trans("ProfId5Short"),$textprofid[4],1,0),$_SERVER["PHP_SELF"],"s.idprof5","",$param,'class="nowrap"',$sortfield,$sortorder);
-if (! empty($arrayfields['s.idprof6']['checked'])) print_liste_field_titre($form->textwithpicto($langs->trans("ProfId6Short"),$textprofid[4],1,0),$_SERVER["PHP_SELF"],"s.idprof6","",$param,'class="nowrap"',$sortfield,$sortorder);
-if (! empty($arrayfields['customerorsupplier']['checked'])) print_liste_field_titre(''); // type of customer
-if (! empty($arrayfields['s.fk_prospectlevel']['checked'])) print_liste_field_titre($arrayfields['s.fk_prospectlevel']['label'],$_SERVER["PHP_SELF"],"s.fk_prospectlevel","",$param,'align="center"',$sortfield,$sortorder);
-if (! empty($arrayfields['s.fk_stcomm']['checked'])) print_liste_field_titre($arrayfields['s.fk_stcomm']['label'],$_SERVER["PHP_SELF"],"s.fk_stcomm","",$param,'align="center"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.nom']['checked'])) print_liste_field_titre($arrayfields['s.nom']['label'], $_SERVER["PHP_SELF"],"s.nom","",$param,"",$sortfield,$sortorder);
+if (! empty($arrayfields['s.name_alias']['checked'])) print_liste_field_titre($arrayfields['s.name_alias']['label'], $_SERVER["PHP_SELF"],"s.name_alias","",$param,"",$sortfield,$sortorder);
+if (! empty($arrayfields['s.barcode']['checked'])) print_liste_field_titre($arrayfields['s.barcode']['label'], $_SERVER["PHP_SELF"], "s.barcode",$param,'','',$sortfield,$sortorder);
+if (! empty($arrayfields['s.code_client']['checked'])) print_liste_field_titre($arrayfields['s.code_client']['label'],$_SERVER["PHP_SELF"],"s.code_client","",$param,'',$sortfield,$sortorder);
+if (! empty($arrayfields['s.code_fournisseur']['checked'])) print_liste_field_titre($arrayfields['s.code_fournisseur']['label'],$_SERVER["PHP_SELF"],"s.code_fournisseur","",$param,'',$sortfield,$sortorder);
+if (! empty($arrayfields['s.code_compta']['checked'])) print_liste_field_titre($arrayfields['s.code_compta']['label'],$_SERVER["PHP_SELF"],"s.code_compta","",$param,'',$sortfield,$sortorder);
+if (! empty($arrayfields['s.code_compta_fournisseur']['checked'])) print_liste_field_titre($arrayfields['s.code_compta_fournisseur']['label'],$_SERVER["PHP_SELF"],"s.code_compta_fournisseur","",$param,'',$sortfield,$sortorder);
+if (! empty($arrayfields['s.town']['checked'])) print_liste_field_titre($arrayfields['s.town']['label'],$_SERVER["PHP_SELF"],"s.town","",$param,'',$sortfield,$sortorder);
+if (! empty($arrayfields['s.zip']['checked'])) print_liste_field_titre($arrayfields['s.zip']['label'],$_SERVER["PHP_SELF"],"s.zip","",$param,'',$sortfield,$sortorder);
+if (! empty($arrayfields['state.nom']['checked'])) print_liste_field_titre($arrayfields['state.nom']['label'],$_SERVER["PHP_SELF"],"state.nom","",$param,'',$sortfield,$sortorder);
+if (! empty($arrayfields['country.code_iso']['checked'])) print_liste_field_titre($arrayfields['country.code_iso']['label'],$_SERVER["PHP_SELF"],"country.code_iso","",$param,'align="center"',$sortfield,$sortorder);
+if (! empty($arrayfields['typent.code']['checked'])) print_liste_field_titre($arrayfields['typent.code']['label'],$_SERVER["PHP_SELF"],"typent.code","",$param,'align="center"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.email']['checked'])) print_liste_field_titre($arrayfields['s.email']['label'],$_SERVER["PHP_SELF"],"s.email","",$param,'',$sortfield,$sortorder);
+if (! empty($arrayfields['s.phone']['checked'])) print_liste_field_titre($arrayfields['s.phone']['label'],$_SERVER["PHP_SELF"],"s.phone","",$param,'',$sortfield,$sortorder);
+if (! empty($arrayfields['s.url']['checked'])) print_liste_field_titre($arrayfields['s.url']['label'],$_SERVER["PHP_SELF"],"s.url","",$param,'',$sortfield,$sortorder);
+if (! empty($arrayfields['s.siren']['checked'])) print_liste_field_titre($form->textwithpicto($langs->trans("ProfId1Short"),$textprofid[1],1,0),$_SERVER["PHP_SELF"],"s.siren","",$param,'class="nowrap"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.siret']['checked'])) print_liste_field_titre($form->textwithpicto($langs->trans("ProfId2Short"),$textprofid[2],1,0),$_SERVER["PHP_SELF"],"s.siret","",$param,'class="nowrap"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.ape']['checked'])) print_liste_field_titre($form->textwithpicto($langs->trans("ProfId3Short"),$textprofid[3],1,0),$_SERVER["PHP_SELF"],"s.ape","",$param,'class="nowrap"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.idprof4']['checked'])) print_liste_field_titre($form->textwithpicto($langs->trans("ProfId4Short"),$textprofid[4],1,0),$_SERVER["PHP_SELF"],"s.idprof4","",$param,'class="nowrap"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.idprof5']['checked'])) print_liste_field_titre($form->textwithpicto($langs->trans("ProfId5Short"),$textprofid[4],1,0),$_SERVER["PHP_SELF"],"s.idprof5","",$param,'class="nowrap"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.idprof6']['checked'])) print_liste_field_titre($form->textwithpicto($langs->trans("ProfId6Short"),$textprofid[4],1,0),$_SERVER["PHP_SELF"],"s.idprof6","",$param,'class="nowrap"',$sortfield,$sortorder);
+if (! empty($arrayfields['customerorsupplier']['checked'])) print_liste_field_titre(''); // type of customer
+if (! empty($arrayfields['s.fk_prospectlevel']['checked'])) print_liste_field_titre($arrayfields['s.fk_prospectlevel']['label'],$_SERVER["PHP_SELF"],"s.fk_prospectlevel","",$param,'align="center"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.fk_stcomm']['checked'])) print_liste_field_titre($arrayfields['s.fk_stcomm']['label'],$_SERVER["PHP_SELF"],"s.fk_stcomm","",$param,'align="center"',$sortfield,$sortorder);
// Extra fields
if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label))
{
@@ -945,12 +945,12 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab
}
}
// Hook fields
-$parameters=array('arrayfields'=>$arrayfields);
+$parameters=array('arrayfields'=>$arrayfields,'param'=>$param,'sortfield'=>$sortfield,'sortorder'=>$sortorder);
$reshook=$hookmanager->executeHooks('printFieldListTitle',$parameters); // Note that $action and $object may have been modified by hook
print $hookmanager->resPrint;
-if (! empty($arrayfields['s.datec']['checked'])) print_liste_field_titre($arrayfields['s.datec']['label'],$_SERVER["PHP_SELF"],"s.datec","",$param,'align="center" class="nowrap"',$sortfield,$sortorder);
-if (! empty($arrayfields['s.tms']['checked'])) print_liste_field_titre($arrayfields['s.tms']['label'],$_SERVER["PHP_SELF"],"s.tms","",$param,'align="center" class="nowrap"',$sortfield,$sortorder);
-if (! empty($arrayfields['s.status']['checked'])) print_liste_field_titre($arrayfields['s.status']['label'],$_SERVER["PHP_SELF"],"s.status","",$param,'align="center"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.datec']['checked'])) print_liste_field_titre($arrayfields['s.datec']['label'],$_SERVER["PHP_SELF"],"s.datec","",$param,'align="center" class="nowrap"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.tms']['checked'])) print_liste_field_titre($arrayfields['s.tms']['label'],$_SERVER["PHP_SELF"],"s.tms","",$param,'align="center" class="nowrap"',$sortfield,$sortorder);
+if (! empty($arrayfields['s.status']['checked'])) print_liste_field_titre($arrayfields['s.status']['label'],$_SERVER["PHP_SELF"],"s.status","",$param,'align="center"',$sortfield,$sortorder);
print_liste_field_titre($selectedfields, $_SERVER["PHP_SELF"],"",'','','align="center"',$sortfield,$sortorder,'maxwidthsearch ');
print " \n";
diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php
index 6a8a0884ce2..e6e205def8a 100644
--- a/htdocs/supplier_proposal/list.php
+++ b/htdocs/supplier_proposal/list.php
@@ -284,7 +284,7 @@ if ($search_montant_vat != '') $sql.= natural_search("sp.tva", $search_montant_v
if ($search_montant_ttc != '') $sql.= natural_search("sp.total", $search_montant_ttc, 1);
if ($sall) $sql .= natural_search(array_keys($fieldstosearchall), $sall);
if ($socid) $sql.= ' AND s.rowid = '.$socid;
-if ($search_status >= 0 && $search_status != '') $sql.= ' AND sp.fk_statut IN ('.$search_status.')';
+if ($search_status >= 0 && $search_status != '') $sql.= ' AND sp.fk_statut IN ('.$db->escape($search_status).')';
if ($month > 0)
{
if ($year > 0 && empty($day))