lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' of https://github.com/Dolibarr/dolibarr.git into

Browse Source 
develop_dict

Conflicts:
	htdocs/compta/facture/class/paymentterm.class.php
This commit is contained in:
Regis Houssin 2017-09-15 16:45:49 +02:00
commit db17eb80ec
188 changed files with 1331 additions and 1133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -5,6 +5,10 @@ English Dolibarr ChangeLog
***** ChangeLog for 7.0.0 compared to 6.0.* *****
For developers:
NEW: Add hook addAdminLdapOptions and doAction in ldap admin page
NEW: complete_head_from_modules() in ldap_prepare_head()
WARNING:
Following changes may create regression for some external modules, but were necessary to make Dolibarr better:

6
htdocs/accountancy/admin/account.php
View File

@ -37,7 +37,7 @@ $langs->load("salaries");
$mesg = '';
$action = GETPOST('action','aZ09');
$cancel = GETPOST('cancel');
$cancel = GETPOST('cancel','alpha');
$id = GETPOST('id', 'int');
$rowid = GETPOST('rowid', 'int');
@ -84,8 +84,8 @@ $contextpage=GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'accounting
* Actions
*/
if (GETPOST('cancel')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction')) { $massaction=''; }
if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction','alpha')) { $massaction=''; }
$parameters=array();
$reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks

6
htdocs/accountancy/admin/card.php
View File

@ -37,10 +37,10 @@ $langs->load("accountancy");
$mesg = '';
$action = GETPOST('action','aZ09');
$backtopage = GETPOST('backtopage');
$backtopage = GETPOST('backtopage','alpha');
$id = GETPOST('id', 'int');
$rowid = GETPOST('rowid', 'int');
$cancel = GETPOST('cancel');
$cancel = GETPOST('cancel','alpha');
// Security check
@ -52,7 +52,7 @@ $object = new AccountingAccount($db);
* Action
*/
if (GETPOST('cancel'))
if (GETPOST('cancel','alpha'))
{
$urltogo=$backtopage?$backtopage:dol_buildpath('/accountancy/admin/account.php',1);
header("Location: ".$urltogo);

2
htdocs/accountancy/admin/categories.php
View File

@ -35,7 +35,7 @@ $langs->load("accountancy");
$mesg = '';
$id = GETPOST('id', 'int');
$rowid = GETPOST('rowid', 'int');
$cancel = GETPOST('cancel');
$cancel = GETPOST('cancel','alpha');
$action = GETPOST('action','aZ09');
$cat_id = GETPOST('account_category');
$selectcpt = GETPOST('cpt_bk', 'array');

1
htdocs/accountancy/admin/fiscalyear_card.php
View File

@ -20,6 +20,7 @@
* \ingroup Advanced accountancy
* \brief Page to show a fiscal year
*/
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT . '/core/lib/fiscalyear.lib.php';

4
htdocs/accountancy/admin/productaccount.php
View File

@ -90,8 +90,8 @@ $arrayfields=array();
* Actions
*/
if (GETPOST('cancel')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
$parameters=array();
$reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks

4
htdocs/accountancy/bookkeeping/list.php
View File

@ -108,8 +108,8 @@ if ($action != 'export_file' && ! isset($_POST['begin']) && ! isset($_GET['begin
* Action
*/
if (GETPOST('cancel')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') || GETPOST('button_removefilter','alpha')) // All tests are required to be compatible with all browsers
{

2
htdocs/accountancy/class/accountancysystem.class.php
View File

@ -107,7 +107,7 @@ class AccountancySystem
$sql = "INSERT INTO " . MAIN_DB_PREFIX . "accounting_system";
$sql .= " (date_creation, fk_user_author, numero, label)";
$sql .= " VALUES ('" . $this->db->idate($now) . "'," . $user->id . ",'" . $this->numero . "','" . $this->label . "')";
$sql .= " VALUES ('" . $this->db->idate($now) . "'," . $user->id . ",'" . $this->db->escape($this->numero) . "','" . $this->db->escape($this->label) . "')";
dol_syslog(get_class($this) . "::create sql=" . $sql, LOG_DEBUG);
$resql = $this->db->query($sql);

106
htdocs/accountancy/class/accountingaccount.class.php
View File

@ -47,7 +47,7 @@ class AccountingAccount extends CommonObject
var $fk_user_modif;
var $active; // duplicate with status
var $status;
/**
* Constructor
*
@ -56,7 +56,7 @@ class AccountingAccount extends CommonObject
function __construct($db) {
$this->db = $db;
}
/**
* Load record in memory
*
@ -67,7 +67,7 @@ class AccountingAccount extends CommonObject
*/
function fetch($rowid = null, $account_number = null, $limittocurrentchart = 0) {
global $conf;
if ($rowid || $account_number) {
$sql = "SELECT a.rowid as rowid, a.datec, a.tms, a.fk_pcg_version, a.pcg_type, a.pcg_subtype, a.account_number, a.account_parent, a.label, a.fk_accounting_category, a.fk_user_author, a.fk_user_modif, a.active";
$sql .= ", ca.label as category_label";
@ -87,7 +87,7 @@ class AccountingAccount extends CommonObject
$result = $this->db->query($sql);
if ($result) {
$obj = $this->db->fetch_object($result);
if ($obj) {
$this->id = $obj->rowid;
$this->rowid = $obj->rowid;
@ -105,7 +105,7 @@ class AccountingAccount extends CommonObject
$this->fk_user_modif = $obj->fk_user_modif;
$this->active = $obj->active;
$this->status = $obj->active;
return $this->id;
} else {
return 0;
@ -117,7 +117,7 @@ class AccountingAccount extends CommonObject
}
return - 1;
}
/**
* Insert new accounting account in chart of accounts
*
@ -129,7 +129,7 @@ class AccountingAccount extends CommonObject
global $conf;
$error = 0;
$now = dol_now();
// Clean parameters
if (isset($this->fk_pcg_version))
$this->fk_pcg_version = trim($this->fk_pcg_version);
@ -149,7 +149,7 @@ class AccountingAccount extends CommonObject
$this->fk_user_author = trim($this->fk_user_author);
if (isset($this->active))
$this->active = trim($this->active);
if (empty($this->pcg_type) || $this->pcg_type == '-1')
{
$this->pcg_type = 'XXXXXX';
@ -160,7 +160,7 @@ class AccountingAccount extends CommonObject
}
// Check parameters
// Put here code to add control on parameters values
// Insert request
$sql = "INSERT INTO " . MAIN_DB_PREFIX . "accounting_account(";
$sql .= "datec";
@ -179,31 +179,31 @@ class AccountingAccount extends CommonObject
$sql .= ", " . $conf->entity;
$sql .= ", " . (empty($this->fk_pcg_version) ? 'NULL' : "'" . $this->db->escape($this->fk_pcg_version) . "'");
$sql .= ", " . (empty($this->pcg_type) ? 'NULL' : "'" . $this->db->escape($this->pcg_type) . "'");
$sql .= ", " . (empty($this->pcg_subtype) ? 'NULL' : "'" . $this->pcg_subtype . "'");
$sql .= ", " . (empty($this->account_number) ? 'NULL' : "'" . $this->account_number . "'");
$sql .= ", " . (empty($this->pcg_subtype) ? 'NULL' : "'" . $this->db->escape($this->pcg_subtype) . "'");
$sql .= ", " . (empty($this->account_number) ? 'NULL' : "'" . $this->db->escape($this->account_number) . "'");
$sql .= ", " . (empty($this->account_parent) ? 'NULL' : "'" . $this->db->escape($this->account_parent) . "'");
$sql .= ", " . (empty($this->label) ? 'NULL' : "'" . $this->db->escape($this->label) . "'");
$sql .= ", " . (empty($this->account_category) ? 'NULL' : "'" . $this->db->escape($this->account_category) . "'");
$sql .= ", " . $user->id;
$sql .= ", " . (! isset($this->active) ? 'NULL' : $this->db->escape($this->active));
$sql .= ")";
$this->db->begin();
dol_syslog(get_class($this) . "::create sql=" . $sql, LOG_DEBUG);
$resql = $this->db->query($sql);
if (! $resql) {
$error ++;
$this->errors[] = "Error " . $this->db->lasterror();
}
if (! $error) {
$this->id = $this->db->last_insert_id(MAIN_DB_PREFIX . "accounting_account");
// if (! $notrigger) {
// Uncomment this and change MYOBJECT to your own tag if you
// want this action calls a trigger.
// // Call triggers
// include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
// $interface=new Interfaces($this->db);
@ -212,7 +212,7 @@ class AccountingAccount extends CommonObject
// // End call triggers
// }
}
// Commit or rollback
if ($error) {
foreach ( $this->errors as $errmsg ) {
@ -226,14 +226,14 @@ class AccountingAccount extends CommonObject
return $this->id;
}
}
/**
* Update record
*
* @param User $user Use making update
* @return int <0 if KO, >0 if OK
*/
function update($user)
function update($user)
{
// Check parameters
if (empty($this->pcg_type) || $this->pcg_type == '-1')
@ -244,9 +244,9 @@ class AccountingAccount extends CommonObject
{
$this->pcg_subtype = 'XXXXXX';
}
$this->db->begin();
$sql = "UPDATE " . MAIN_DB_PREFIX . "accounting_account ";
$sql .= " SET fk_pcg_version = " . ($this->fk_pcg_version ? "'" . $this->db->escape($this->fk_pcg_version) . "'" : "null");
$sql .= " , pcg_type = " . ($this->pcg_type ? "'" . $this->db->escape($this->pcg_type) . "'" : "null");
@ -258,7 +258,7 @@ class AccountingAccount extends CommonObject
$sql .= " , fk_user_modif = " . $user->id;
$sql .= " , active = " . $this->active;
$sql .= " WHERE rowid = " . $this->id;
dol_syslog(get_class($this) . "::update sql=" . $sql, LOG_DEBUG);
$result = $this->db->query($sql);
if ($result) {
@ -270,7 +270,7 @@ class AccountingAccount extends CommonObject
return - 1;
}
}
/**
* Check usage of accounting code
*
@ -278,16 +278,16 @@ class AccountingAccount extends CommonObject
*/
function checkUsage() {
global $langs;
$sql = "(SELECT fk_code_ventilation FROM " . MAIN_DB_PREFIX . "facturedet";
$sql .= " WHERE fk_code_ventilation=" . $this->id . ")";
$sql .= "UNION";
$sql .= "(SELECT fk_code_ventilation FROM " . MAIN_DB_PREFIX . "facture_fourn_det";
$sql .= " WHERE fk_code_ventilation=" . $this->id . ")";
dol_syslog(get_class($this) . "::checkUsage sql=" . $sql, LOG_DEBUG);
$resql = $this->db->query($sql);
if ($resql) {
$num = $this->db->num_rows($resql);
if ($num > 0) {
@ -301,7 +301,7 @@ class AccountingAccount extends CommonObject
return - 1;
}
}
/**
* Delete object in database
*
@ -311,18 +311,18 @@ class AccountingAccount extends CommonObject
*/
function delete($user, $notrigger = 0) {
$error = 0;
$result = $this->checkUsage();
if ($result > 0) {
$this->db->begin();
// if (! $error) {
// if (! $notrigger) {
// Uncomment this and change MYOBJECT to your own tag if you
// want this action calls a trigger.
// // Call triggers
// include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
// $interface=new Interfaces($this->db);
@ -331,11 +331,11 @@ class AccountingAccount extends CommonObject
// // End call triggers
// }
// }
if (! $error) {
$sql = "DELETE FROM " . MAIN_DB_PREFIX . "accounting_account";
$sql .= " WHERE rowid=" . $this->id;
dol_syslog(get_class($this) . "::delete sql=" . $sql);
$resql = $this->db->query($sql);
if (! $resql) {
@ -343,7 +343,7 @@ class AccountingAccount extends CommonObject
$this->errors[] = "Error " . $this->db->lasterror();
}
}
// Commit or rollback
if ($error) {
foreach ( $this->errors as $errmsg ) {
@ -360,7 +360,7 @@ class AccountingAccount extends CommonObject
return - 1;
}
}
/**
* Return clicable name (with picto eventually)
*
@ -375,7 +375,7 @@ class AccountingAccount extends CommonObject
{
global $langs, $conf, $user;
require_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php';
if (! empty($conf->dol_no_mouse_hover)) $notooltip=1; // Force disable tooltips
$result = '';
@ -412,7 +412,7 @@ class AccountingAccount extends CommonObject
{
$linkstart = '';
$linkclose = '';
$linkend = '';
$linkend = '';
}
$label_link = length_accountg($this->account_number);
@ -423,7 +423,7 @@ class AccountingAccount extends CommonObject
if ($withpicto != 2) $result.=$linkstart . $label_link . $linkend;
return $result;
}
/**
* Information on record
*
@ -434,10 +434,10 @@ class AccountingAccount extends CommonObject
$sql = 'SELECT a.rowid, a.datec, a.fk_user_author, a.fk_user_modif, a.tms';
$sql .= ' FROM ' . MAIN_DB_PREFIX . 'accounting_account as a';
$sql .= ' WHERE a.rowid = ' . $id;
dol_syslog(get_class($this) . '::info sql=' . $sql);
$result = $this->db->query($sql);
if ($result) {
if ($this->db->num_rows($result)) {
$obj = $this->db->fetch_object($result);
@ -460,7 +460,7 @@ class AccountingAccount extends CommonObject
dol_print_error($this->db);
}
}
/**
* Account desactivate
*
@ -469,17 +469,17 @@ class AccountingAccount extends CommonObject
*/
function account_desactivate($id) {
$result = $this->checkUsage();
if ($result > 0) {
$this->db->begin();
$sql = "UPDATE " . MAIN_DB_PREFIX . "accounting_account ";
$sql .= "SET active = '0'";
$sql .= " WHERE rowid = " . $this->db->escape($id);
dol_syslog(get_class($this) . "::desactivate sql=" . $sql, LOG_DEBUG);
$result = $this->db->query($sql);
if ($result) {
$this->db->commit();
return 1;
@ -492,7 +492,7 @@ class AccountingAccount extends CommonObject
return - 1;
}
}
/**
* Account activate
*
@ -501,11 +501,11 @@ class AccountingAccount extends CommonObject
*/
function account_activate($id) {
$this->db->begin();
$sql = "UPDATE " . MAIN_DB_PREFIX . "accounting_account ";
$sql .= "SET active = '1'";
$sql .= " WHERE rowid = " . $this->db->escape($id);
dol_syslog(get_class($this) . "::activate sql=" . $sql, LOG_DEBUG);
$result = $this->db->query($sql);
if ($result) {
@ -517,8 +517,8 @@ class AccountingAccount extends CommonObject
return - 1;
}
}
/**
* Retourne le libelle du statut d'un user (actif, inactif)
*
@ -529,7 +529,7 @@ class AccountingAccount extends CommonObject
{
return $this->LibStatut($this->status,$mode);
}
/**
* Renvoi le libelle d'un statut donne
*
@ -541,7 +541,7 @@ class AccountingAccount extends CommonObject
{
global $langs;
$langs->load('users');
if ($mode == 0)
{
$prefix='';

4
htdocs/accountancy/customer/list.php
View File

@ -101,8 +101,8 @@ $aarowid_p = $accounting->fetch('', $conf->global->ACCOUNTING_PRODUCT_SOLD_ACCOU
* Action
*/
if (GETPOST('cancel')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
// Purge search criteria
if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') || GETPOST('button_removefilter','alpha')) // All test are required to be compatible with all browsers

4
htdocs/accountancy/expensereport/list.php
View File

@ -97,8 +97,8 @@ $accounting = new AccountingAccount($db);
* Action
*/
if (GETPOST('cancel')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
// Purge search criteria
if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') || GETPOST('button_removefilter','alpha')) // All test are required to be compatible with all browsers

12
htdocs/accountancy/index.php
View File

@ -87,8 +87,13 @@ print "<br>\n";
print "<br>\n";
$step++;
print img_picto('', 'puce').' '.$langs->trans("AccountancyAreaDescMisc", $step, '<strong>'.$langs->transnoentitiesnoconv("MenuAccountancy").'-'.$langs->transnoentitiesnoconv("Setup")."-".$langs->transnoentitiesnoconv("MenuDefaultAccounts").'</strong>')."\n";
print img_picto('', 'puce').' '.$langs->trans("AccountancyAreaDescProd", $step, '<strong>'.$langs->transnoentitiesnoconv("MenuAccountancy").'-'.$langs->transnoentitiesnoconv("Setup")."-".$langs->transnoentitiesnoconv("MenuDefaultAccounts").'</strong>');
print "<br>\n";
$step++;
print img_picto('', 'puce').' '.$langs->trans("AccountancyAreaDescBank", $step, '<strong>'.$langs->transnoentitiesnoconv("MenuAccountancy").'-'.$langs->transnoentitiesnoconv("Setup")."-".$langs->transnoentitiesnoconv("MenuBankAccounts").'</strong>')."\n";
print "<br>\n";
$step++;
$textlink = '<strong>'.$langs->transnoentitiesnoconv("MenuAccountancy").'-'.$langs->transnoentitiesnoconv("Setup").'-'.$langs->transnoentitiesnoconv("MenuVatAccounts").'</strong>';
print img_picto('', 'puce').' '.$langs->trans("AccountancyAreaDescVat", $step, $textlink);
@ -132,11 +137,6 @@ $step++;
print img_picto('', 'puce').' '.$langs->trans("AccountancyAreaDescProd", $step, '<strong>'.$langs->transnoentitiesnoconv("MenuAccountancy").'-'.$langs->transnoentitiesnoconv("Setup")."-".$langs->transnoentitiesnoconv("ProductsBinding").'</strong>');
print "<br>\n";
$step++;
$textlink='<strong>'.$langs->transnoentitiesnoconv("MenuBankCash").'</strong>';
print img_picto('', 'puce').' '.$langs->trans("AccountancyAreaDescBank", $step, $textlink);
print "<br>\n";
print '<br>';

4
htdocs/accountancy/supplier/list.php
View File

@ -102,8 +102,8 @@ $aarowid_p = $accounting->fetch('', $conf->global->ACCOUNTING_PRODUCT_BUY_ACCOUN
* Action
*/
if (GETPOST('cancel')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
// Purge search criteria
if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') || GETPOST('button_removefilter','alpha')) // All test are required to be compatible with all browsers

16
htdocs/adherents/class/adherent.class.php
View File

@ -325,10 +325,10 @@ class Adherent extends CommonObject
$sql.= " '".$this->db->idate($this->datec)."'";
$sql.= ", ".($this->login?"'".$this->db->escape($this->login)."'":"null");
$sql.= ", ".($user->id>0?$user->id:"null"); // Can be null because member can be created by a guest or a script
$sql.= ", null, null, '".$this->morphy."'";
$sql.= ", '".$this->typeid."'";
$sql.= ", null, null, '".$this->db->escape($this->morphy)."'";
$sql.= ", ".$this->typeid;
$sql.= ", ".$conf->entity;
$sql.= ", ".(! empty($this->import_key) ? "'".$this->import_key."'":"null");
$sql.= ", ".(! empty($this->import_key) ? "'".$this->db->escape($this->import_key)."'":"null");
$sql.= ")";
dol_syslog(get_class($this)."::create", LOG_DEBUG);
@ -447,17 +447,17 @@ class Adherent extends CommonObject
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET";
$sql.= " civility = ".(!is_null($this->civility_id)?"'".$this->civility_id."'":"null");
$sql.= " civility = ".(!is_null($this->civility_id)?$this->db->escape($this->civility_id):"null");
$sql.= ", firstname = ".($this->firstname?"'".$this->db->escape($this->firstname)."'":"null");
$sql.= ", lastname=" .($this->lastname?"'".$this->db->escape($this->lastname)."'":"null");
$sql.= ", login=" .($this->login?"'".$this->db->escape($this->login)."'":"null");
$sql.= ", societe=" .($this->societe?"'".$this->db->escape($this->societe)."'":"null");
$sql.= ", fk_soc=" .($this->fk_soc > 0?"'".$this->fk_soc."'":"null");
$sql.= ", fk_soc=" .($this->fk_soc > 0?$this->db->escape($this->fk_soc):"null");
$sql.= ", address=" .($this->address?"'".$this->db->escape($this->address)."'":"null");
$sql.= ", zip=" .($this->zip?"'".$this->db->escape($this->zip)."'":"null");
$sql.= ", town=" .($this->town?"'".$this->db->escape($this->town)."'":"null");
$sql.= ", country=".($this->country_id>0?"'".$this->country_id."'":"null");
$sql.= ", state_id=".($this->state_id>0?"'".$this->state_id."'":"null");
$sql.= ", country=".($this->country_id>0?$this->db->escape($this->country_id):"null");
$sql.= ", state_id=".($this->state_id>0?$this->db->escape($this->state_id):"null");
$sql.= ", email='".$this->db->escape($this->email)."'";
$sql.= ", skype='".$this->db->escape($this->skype)."'";
$sql.= ", phone=" .($this->phone?"'".$this->db->escape($this->phone)."'":"null");
@ -465,7 +465,7 @@ class Adherent extends CommonObject
$sql.= ", phone_mobile=" .($this->phone_mobile?"'".$this->db->escape($this->phone_mobile)."'":"null");
$sql.= ", note_private=" .($this->note_private?"'".$this->db->escape($this->note_private)."'":"null");
$sql.= ", note_public=" .($this->note_public?"'".$this->db->escape($this->note_public)."'":"null");
$sql.= ", photo=" .($this->photo?"'".$this->photo."'":"null");
$sql.= ", photo=" .($this->photo?"'".$this->db->escape($this->photo)."'":"null");
$sql.= ", public='".$this->db->escape($this->public)."'";
$sql.= ", statut=" .$this->statut;
$sql.= ", fk_adherent_type=".$this->typeid;

4
htdocs/adherents/list.php
View File

@ -138,8 +138,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab
* Actions
*/
if (GETPOST('cancel')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; }
if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; }
$parameters=array('socid'=>$socid);
$reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks

2
htdocs/adherents/subscription/card.php
View File

@ -39,7 +39,7 @@ $errmsg='';
$action=GETPOST("action",'alpha');
$rowid=GETPOST("rowid","int")?GETPOST("rowid","int"):GETPOST("id","int");
$typeid=GETPOST("typeid","int");
$cancel=GETPOST('cancel');
$cancel=GETPOST('cancel','alpha');
$confirm=GETPOST('confirm');
if (! $user->rights->adherent->cotisation->lire)

4
htdocs/adherents/subscription/list.php
View File

@ -75,8 +75,8 @@ $result=restrictedArea($user,'adherent','','','cotisation');
* Actions
*/
if (GETPOST('cancel')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; }
if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; }
$parameters=array('socid'=>$socid);
$reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks

4
htdocs/admin/defaultvalues.php
View File

@ -69,8 +69,8 @@ $hookmanager->initHooks(array('admindefaultvalues','globaladmin'));
* Actions
*/
if (GETPOST('cancel')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
$parameters=array('socid'=>$socid);
$reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks

42
htdocs/admin/dolistore/class/PSWebServiceLibrary.class.php
View File

@ -387,48 +387,6 @@ class PrestaShopWebservice
self::checkStatusCode($request['status_code']);// check the response validity
return self::parseXML($request['response']);
}
/**
* Delete (DELETE) a resource.
* Unique parameter must take : <br><br>
* 'resource' => Resource name<br>
* 'id' => ID or array which contains IDs of a resource(s) you want to delete<br><br>
* <code>
* <?php
* require_once('./PrestaShopWebservice.php');
* try
* {
* $ws = new PrestaShopWebservice('http://mystore.com/', 'ZQ88PRJX5VWQHCWE4EE7SQ7HPNX00RAJ', false);
* $xml = $ws->delete(array('resource' => 'orders', 'id' => 1));
* // Following code will not be executed if an exception is thrown.
* echo 'Successfully deleted.';
* }
* catch (PrestaShopWebserviceException $ex)
* {
* echo 'Error : '.$ex->getMessage();
* }
* ?>
* </code>
* @param array $options Array representing resource to delete.
* @return boolean true
*/
public function delete($options)
{
if (isset($options['url']))
$url = $options['url'];
elseif (isset($options['resource']) && isset($options['id']))
if (is_array($options['id']))
$url = $this->url.'/api/'.$options['resource'].'/?id=['.implode(',', $options['id']).']';
else
$url = $this->url.'/api/'.$options['resource'].'/'.$options['id'];
if (isset($options['id_shop']))
$url .= '&id_shop='.$options['id_shop'];
if (isset($options['id_group_shop']))
$url .= '&id_group_shop='.$options['id_group_shop'];
$request = self::executeRequest($url, array(CURLOPT_CUSTOMREQUEST => 'DELETE'));
self::checkStatusCode($request['status_code']);// check the response validity
return true;
}
}
/**

2
htdocs/admin/ihm.php
View File

@ -55,7 +55,7 @@ if (! defined("MAIN_MOTD")) define("MAIN_MOTD","");
* Action
*/
if (GETPOST('cancel'))
if (GETPOST('cancel','alpha'))
{
$action='';
}

87
htdocs/admin/ldap.php
View File

@ -1,10 +1,10 @@
<?php
/* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org>
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
* Copyright (C) 2005 Regis Houssin <regis.houssin@capnetworks.com>
* Copyright (C) 2006-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2011-2013 Juanjo Menent <jmenent@2byte.es>
/* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org>
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
* Copyright (C) 2005-2017 Regis Houssin <regis.houssin@capnetworks.com>
* Copyright (C) 2006-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2011-2013 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -34,46 +34,54 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/ldap.lib.php';
$langs->load("admin");
if (!$user->admin)
accessforbidden();
accessforbidden();
$action = GETPOST('action','aZ09');
$action = GETPOST('action','aZ09');
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('adminldap','globaladmin'));
/*
* Actions
*/
if ($action == 'setvalue' && $user->admin)
$parameters=array();
$reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks
if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
if (empty($reshook))
{
$error=0;
if ($action == 'setvalue' && $user->admin)
{
$error=0;
$db->begin();
if (! dolibarr_set_const($db, 'LDAP_SERVER_TYPE',GETPOST("type"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_PROTOCOLVERSION',GETPOST("LDAP_SERVER_PROTOCOLVERSION"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_HOST',GETPOST("host"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_HOST_SLAVE',GETPOST("slave"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_PORT',GETPOST("port"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_DN',GETPOST("dn"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_ADMIN_DN',GETPOST("admin"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_ADMIN_PASS',GETPOST("pass"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_USE_TLS',GETPOST("usetls"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SYNCHRO_ACTIVE',GETPOST("activesynchro"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_CONTACT_ACTIVE',GETPOST("activecontact"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_MEMBER_ACTIVE',GETPOST("activemembers"),'chaine',0,'',$conf->entity)) $error++;
$db->begin();
if (! dolibarr_set_const($db, 'LDAP_SERVER_TYPE',GETPOST("type"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_PROTOCOLVERSION',GETPOST("LDAP_SERVER_PROTOCOLVERSION"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_HOST',GETPOST("host"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_HOST_SLAVE',GETPOST("slave"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_PORT',GETPOST("port"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_DN',GETPOST("dn"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_ADMIN_DN',GETPOST("admin"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_ADMIN_PASS',GETPOST("pass"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_USE_TLS',GETPOST("usetls"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SYNCHRO_ACTIVE',GETPOST("activesynchro"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_CONTACT_ACTIVE',GETPOST("activecontact"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_MEMBER_ACTIVE',GETPOST("activemembers"),'chaine',0,'',$conf->entity)) $error++;
if (! $error)
{
$db->commit();
setEventMessages($langs->trans("SetupSaved"), null, 'mesgs');
}
else
{
$db->rollback();
dol_print_error($db);
}
if (! $error)
{
$db->commit();
setEventMessages($langs->trans("SetupSaved"), null, 'mesgs');
}
else
{
$db->rollback();
dol_print_error($db);
}
}
}
/*
* View
*/
@ -149,6 +157,11 @@ if (! empty($conf->adherent->enabled))
print '</td><td>'.$langs->trans("LDAPDnMemberActiveExample").'</td></tr>';
}
// Fields from hook
$parameters=array();
$reshook=$hookmanager->executeHooks('addAdminLdapOptions',$parameters); // Note that $action and $object may have been modified by hook
print $hookmanager->resPrint;
print '<tr class="liste_titre">';
print '<td>'.$langs->trans("Parameter").'</td>';
print '<td>'.$langs->trans("Value").'</td>';
@ -193,11 +206,11 @@ print '</td><td>'.$langs->trans("LDAPServerExample").'</td></tr>';
print '<tr class="oddeven"><td>'.$langs->trans("LDAPServerPort").'</td><td>';
if (! empty($conf->global->LDAP_SERVER_PORT))
{
print '<input size="25" type="text" name="port" value="'.$conf->global->LDAP_SERVER_PORT.'">';
print '<input size="25" type="text" name="port" value="'.$conf->global->LDAP_SERVER_PORT.'">';
}
else
{
print '<input size="25" type="text" name="port" value="389">';
print '<input size="25" type="text" name="port" value="389">';
}
print '</td><td>'.$langs->trans("LDAPServerPortExample").'</td></tr>';

4
htdocs/admin/mails_templates.php
View File

@ -179,8 +179,8 @@ $id = 25;
* Actions
*/
if (GETPOST('cancel')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
$parameters=array();
$reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks

6
htdocs/admin/modules.php
View File

@ -51,9 +51,9 @@ $search_version=GETPOST('search_version','alpha');
// For dolistore search
$options = array();
$options['per_page'] = 20;
$options['categorie'] = GETPOST('categorie', 'int') + 0;
$options['start'] = GETPOST('start', 'int') + 0;
$options['end'] = GETPOST('end', 'int') + 0;
$options['categorie'] = ((GETPOST('categorie', 'int')?GETPOST('categorie', 'int'):0) + 0);
$options['start'] = ((GETPOST('start', 'int')?GETPOST('start', 'int'):0) + 0);
$options['end'] = ((GETPOST('end', 'int')?GETPOST('end', 'int'):0) + 0);
$options['search'] = GETPOST('search_keyword', 'alpha');
$dolistore = new Dolistore($options);

4
htdocs/admin/translation.php
View File

@ -64,8 +64,8 @@ $hookmanager->initHooks(array('admintranslation','globaladmin'));
* Actions
*/
if (GETPOST('cancel')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
$parameters=array('socid'=>$socid);
$reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks

2
htdocs/bookmarks/card.php
View File

@ -63,7 +63,7 @@ if ($action == 'add' || $action == 'addproduct' || $action == 'update')
$error = 0;
if (GETPOST("cancel"))
if (GETPOST('cancel','alpha'))
{
if (empty($backtopage)) $backtopage=($urlsource?$urlsource:((! empty($url))?$url:DOL_URL_ROOT.'/bookmarks/list.php'));
header("Location: ".$backtopage);

10
htdocs/bookmarks/class/bookmark.class.php
View File

@ -120,11 +120,11 @@ class Bookmark extends CommonObject
$sql.= ",title,favicon,position";
$sql.= ",entity";
$sql.= ") VALUES (";
$sql.= ($this->fk_user > 0?"'".$this->fk_user."'":"0").",";
$sql.= ($this->fk_user > 0 ? $this->fk_user:"0").",";
$sql.= " '".$this->db->idate($now)."',";
$sql.= " '".$this->url."', '".$this->target."',";
$sql.= " '".$this->db->escape($this->title)."', '".$this->favicon."', '".$this->position."'";
$sql.= ", '".$conf->entity."'";
$sql.= " '".$this->db->escape($this->url)."', '".$this->db->escape($this->target)."',";
$sql.= " '".$this->db->escape($this->title)."', '".$this->db->escape($this->favicon)."', '".$this->db->escape($this->position)."'";
$sql.= ", ".$this->db->escape($conf->entity);
$sql.= ")";
dol_syslog("Bookmark::update", LOG_DEBUG);
@ -168,7 +168,7 @@ class Bookmark extends CommonObject
if (empty($this->position)) $this->position=0;
$sql = "UPDATE ".MAIN_DB_PREFIX."bookmark";
$sql.= " SET fk_user = ".($this->fk_user > 0?"'".$this->fk_user."'":"0");
$sql.= " SET fk_user = ".($this->fk_user > 0 ? $this->fk_user :"0");
$sql.= " ,dateb = '".$this->db->idate($this->datec)."'";
$sql.= " ,url = '".$this->db->escape($this->url)."'";
$sql.= " ,target = '".$this->db->escape($this->target)."'";

8
htdocs/categories/class/categorie.class.php
View File

@ -311,7 +311,7 @@ class Categorie extends CommonObject
$sql.= " import_key,";
$sql.= " entity";
$sql.= ") VALUES (";
$sql.= $this->fk_parent.",";
$sql.= $this->db->escape($this->fk_parent).",";
$sql.= "'".$this->db->escape($this->label)."',";
$sql.= "'".$this->db->escape($this->description)."',";
$sql.= "'".$this->db->escape($this->color)."',";
@ -319,10 +319,10 @@ class Categorie extends CommonObject
{
$sql.= ($this->socid != -1 ? $this->socid : 'null').",";
}
$sql.= "'".$this->visible."',";
$sql.= $type.",";
$sql.= "'".$this->db->escape($this->visible)."',";
$sql.= $this->db->escape($type).",";
$sql.= (! empty($this->import_key)?"'".$this->db->escape($this->import_key)."'":'null').",";
$sql.= $conf->entity;
$sql.= $this->db->escape($conf->entity);
$sql.= ")";
$res = $this->db->query($sql);

2
htdocs/categories/edit.php
View File

@ -36,7 +36,7 @@ $ref=GETPOST('ref');
$type=GETPOST('type');
$action=GETPOST('action','aZ09');
$confirm=GETPOST('confirm');
$cancel=GETPOST('cancel');
$cancel=GETPOST('cancel','alpha');
$socid=GETPOST('socid','int');
$label=GETPOST('label');

44
htdocs/comm/action/class/actioncomm.class.php
View File

@ -296,23 +296,23 @@ class ActionComm extends CommonObject
$sql.= "elementtype,";
$sql.= "entity";
$sql.= ") VALUES (";
$sql.= "'".$this->db->idate($now)."',";
$sql.= (strval($this->datep)!=''?"'".$this->db->idate($this->datep)."'":"null").",";
$sql.= (strval($this->datef)!=''?"'".$this->db->idate($this->datef)."'":"null").",";
$sql.= ((isset($this->durationp) && $this->durationp >= 0 && $this->durationp != '')?"'".$this->durationp."'":"null").","; // deprecated
$sql.= "'".$this->db->idate($now)."', ";
$sql.= (strval($this->datep)!=''?"'".$this->db->idate($this->datep)."'":"null").", ";
$sql.= (strval($this->datef)!=''?"'".$this->db->idate($this->datef)."'":"null").", ";
$sql.= ((isset($this->durationp) && $this->durationp >= 0 && $this->durationp != '')?"'".$this->db->escape($this->durationp)."'":"null").", "; // deprecated
$sql.= (isset($this->type_id)?$this->type_id:"null").",";
$sql.= (isset($this->type_code)?" '".$this->type_code."'":"null").",";
$sql.= ((isset($this->socid) && $this->socid > 0)?" '".$this->socid."'":"null").",";
$sql.= ((isset($this->fk_project) && $this->fk_project > 0)?" '".$this->fk_project."'":"null").",";
$sql.= " '".$this->db->escape($this->note)."',";
$sql.= ((isset($this->contactid) && $this->contactid > 0)?"'".$this->contactid."'":"null").",";
$sql.= (isset($user->id) && $user->id > 0 ? "'".$user->id."'":"null").",";
$sql.= ($userownerid>0?"'".$userownerid."'":"null").",";
$sql.= ($userdoneid>0?"'".$userdoneid."'":"null").",";
$sql.= "'".$this->db->escape($this->label)."','".$this->percentage."','".$this->priority."','".$this->fulldayevent."','".$this->db->escape($this->location)."','".$this->punctual."',";
$sql.= "'".$this->transparency."',";
$sql.= (! empty($this->fk_element)?$this->fk_element:"null").",";
$sql.= (! empty($this->elementtype)?"'".$this->elementtype."'":"null").",";
$sql.= (isset($this->type_code)?" '".$this->db->escape($this->type_code)."'":"null").", ";
$sql.= ((isset($this->socid) && $this->socid > 0) ? $this->socid:"null").", ";
$sql.= ((isset($this->fk_project) && $this->fk_project > 0) ? $this->fk_project:"null").", ";
$sql.= " '".$this->db->escape($this->note)."', ";
$sql.= ((isset($this->contactid) && $this->contactid > 0) ? $this->contactid:"null").", ";
$sql.= (isset($user->id) && $user->id > 0 ? $user->id:"null").", ";
$sql.= ($userownerid>0 ? $userownerid:"null").", ";
$sql.= ($userdoneid>0 ? $userdoneid:"null").", ";
$sql.= "'".$this->db->escape($this->label)."','".$this->db->escape($this->percentage)."','".$this->db->escape($this->priority)."','".$this->db->escape($this->fulldayevent)."','".$this->db->escape($this->location)."','".$this->db->escape($this->punctual)."', ";
$sql.= "'".$this->db->escape($this->transparency)."', ";
$sql.= (! empty($this->fk_element)?$this->fk_element:"null").", ";
$sql.= (! empty($this->elementtype)?"'".$this->db->escape($this->elementtype)."'":"null").", ";
$sql.= $conf->entity;
$sql.= ")";
@ -758,11 +758,11 @@ class ActionComm extends CommonObject
$sql.= ", label = ".($this->label ? "'".$this->db->escape($this->label)."'":"null");
$sql.= ", datep = ".(strval($this->datep)!='' ? "'".$this->db->idate($this->datep)."'" : 'null');
$sql.= ", datep2 = ".(strval($this->datef)!='' ? "'".$this->db->idate($this->datef)."'" : 'null');
$sql.= ", durationp = ".(isset($this->durationp) && $this->durationp >= 0 && $this->durationp != ''?"'".$this->durationp."'":"null"); // deprecated
$sql.= ", durationp = ".(isset($this->durationp) && $this->durationp >= 0 && $this->durationp != ''?"'".$this->db->escape($this->durationp)."'":"null"); // deprecated
$sql.= ", note = ".($this->note ? "'".$this->db->escape($this->note)."'":"null");
$sql.= ", fk_project =". ($this->fk_project > 0 ? "'".$this->fk_project."'":"null");
$sql.= ", fk_soc =". ($socid > 0 ? "'".$socid."'":"null");
$sql.= ", fk_contact =". ($contactid > 0 ? "'".$contactid."'":"null");
$sql.= ", fk_project =". ($this->fk_project > 0 ? $this->fk_project:"null");
$sql.= ", fk_soc =". ($socid > 0 ? $socid:"null");
$sql.= ", fk_contact =". ($contactid > 0 ? $contactid:"null");
$sql.= ", priority = '".$this->db->escape($this->priority)."'";
$sql.= ", fulldayevent = '".$this->db->escape($this->fulldayevent)."'";
$sql.= ", location = ".($this->location ? "'".$this->db->escape($this->location)."'":"null");
@ -770,8 +770,8 @@ class ActionComm extends CommonObject
$sql.= ", fk_user_mod = ".$user->id;
$sql.= ", fk_user_action=".($userownerid > 0 ? "'".$userownerid."'":"null");
$sql.= ", fk_user_done=".($userdoneid > 0 ? "'".$userdoneid."'":"null");
if (! empty($this->fk_element)) $sql.= ", fk_element=".($this->fk_element?$this->fk_element:"null");
if (! empty($this->elementtype)) $sql.= ", elementtype=".($this->elementtype?"'".$this->elementtype."'":"null");
if (! empty($this->fk_element)) $sql.= ", fk_element=".($this->fk_element?$this->db->escape($this->fk_element):"null");
if (! empty($this->elementtype)) $sql.= ", elementtype=".($this->elementtype?"'".$this->db->escape($this->elementtype)."'":"null");
$sql.= " WHERE id=".$this->id;
dol_syslog(get_class($this)."::update", LOG_DEBUG);

2
htdocs/comm/address.php
View File

@ -52,7 +52,7 @@ $object = new Address($db);
*/
// Cancel
if (GETPOST("cancel") && ! empty($backtopage))
if (GETPOST('cancel','alpha') && ! empty($backtopage))
{
header("Location: ".$backtopage);
exit;

38
htdocs/comm/card.php
View File

@ -73,7 +73,7 @@ $pageprev = $page - 1;
$pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="nom";
$cancelbutton = GETPOST('cancel');
$cancelbutton = GETPOST('cancel','alpha');
$object = new Client($db);
$extrafields = new ExtraFields($db);
@ -331,25 +331,27 @@ if ($id > 0)
print "</td>";
print '</tr>';
// Compte bancaire par défaut
print '<tr><td class="nowrap">';
print '<table width="100%" class="nobordernopadding"><tr><td class="nowrap">';
print $langs->trans('PaymentBankAccount');
print '<td>';
if (($action != 'editbankaccount') && $user->rights->societe->creer) print '<td align="right"><a href="'.$_SERVER["PHP_SELF"].'?action=editbankaccount&amp;socid='.$object->id.'">'.img_edit($langs->trans('SetBankAccount'),1).'</a></td>';
print '</tr></table>';
print '</td><td>';
if ($action == 'editbankaccount')
if (! empty($conf->banque->enabled))
{
$form->formSelectAccount($_SERVER['PHP_SELF'].'?socid='.$object->id,$object->fk_account,'fk_account',1);
// Compte bancaire par défaut
print '<tr><td class="nowrap">';
print '<table width="100%" class="nobordernopadding"><tr><td class="nowrap">';
print $langs->trans('PaymentBankAccount');
print '<td>';
if (($action != 'editbankaccount') && $user->rights->societe->creer) print '<td align="right"><a href="'.$_SERVER["PHP_SELF"].'?action=editbankaccount&amp;socid='.$object->id.'">'.img_edit($langs->trans('SetBankAccount'),1).'</a></td>';
print '</tr></table>';
print '</td><td>';
if ($action == 'editbankaccount')
{
$form->formSelectAccount($_SERVER['PHP_SELF'].'?socid='.$object->id,$object->fk_account,'fk_account',1);
}
else
{
$form->formSelectAccount($_SERVER['PHP_SELF'].'?socid='.$object->id,$object->fk_account,'none');
}
print "</td>";
print '</tr>';
}
else
{
$form->formSelectAccount($_SERVER['PHP_SELF'].'?socid='.$object->id,$object->fk_account,'none');
}
print "</td>";
print '</tr>';
// Relative discounts (Discounts-Drawbacks-Rebates)
print '<tr><td class="nowrap">';

47
htdocs/comm/mailing/card.php
View File

@ -189,8 +189,9 @@ if (empty($reshook))
while ($i < $num && $i < $conf->global->MAILING_LIMIT_SENDBYWEB)
{
// Here code is common with same loop ino mailing-send.php
$res=1;
$now=dol_now();
$obj = $db->fetch_object($resql);
@ -222,6 +223,27 @@ if (empty($reshook))
'__CHECK_READ__' => '<img src="'.DOL_MAIN_URL_ROOT.'/public/emailing/mailing-read.php?tag='.$obj->tag.'&securitykey='.urlencode($conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY).'" width="1" height="1" style="width:1px;height:1px" border="0"/>',
'__UNSUBSCRIBE__' => '<a href="'.DOL_MAIN_URL_ROOT.'/public/emailing/mailing-unsubscribe.php?tag='.$obj->tag.'&unsuscrib=1&securitykey='.urlencode($conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY).'" target="_blank">'.$langs->trans("MailUnsubcribe").'</a>'
);
$onlinepaymentenabled = 0;
if (! empty($conf->paypal->enabled)) $onlinepaymentenabled++;
if (! empty($conf->paybox->enabled)) $onlinepaymentenabled++;
if (! empty($conf->stripe->enabled)) $onlinepaymentenabled++;
if ($onlinepaymentenabled && ! empty($conf->global->PAYMENT_SECURITY_TOKEN))
{
$substitutionarray['__SECUREKEYPAYMENT__']=dol_hash($conf->global->PAYMENT_SECURITY_TOKEN, 2);
if (empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) $substitutionarray['__SECUREKEYPAYMENT_MEMBER__']=dol_hash($conf->global->PAYMENT_SECURITY_TOKEN, 2);
else $substitutionarray['__SECUREKEYPAYMENT_MEMBER__']=dol_hash($conf->global->PAYMENT_SECURITY_TOKEN . 'membersubscription' . $obj->source_id, 2);
if (empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) $substitutionarray['__SECUREKEYPAYMENT_ORDER__']=dol_hash($conf->global->PAYMENT_SECURITY_TOKEN, 2);
else $substitutionarray['__SECUREKEYPAYMENT_ORDER__']=dol_hash($conf->global->PAYMENT_SECURITY_TOKEN . 'order' . $obj->source_id, 2);
if (empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) $substitutionarray['__SECUREKEYPAYMENT_INVOICE__']=dol_hash($conf->global->PAYMENT_SECURITY_TOKEN, 2);
else $substitutionarray['__SECUREKEYPAYMENT_INVOICE__']=dol_hash($conf->global->PAYMENT_SECURITY_TOKEN . 'invoice' . $obj->source_id, 2);
if (empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) $substitutionarray['__SECUREKEYPAYMENT_CONTRACTLINE__']=dol_hash($conf->global->PAYMENT_SECURITY_TOKEN, 2);
else $substitutionarray['__SECUREKEYPAYMENT_CONTRACTLINE__']=dol_hash($conf->global->PAYMENT_SECURITY_TOKEN . 'contractline' . $obj->source_id, 2);
}
/* For backward compatibility */
if (! empty($conf->paypal->enabled) && ! empty($conf->global->PAYPAL_SECURITY_TOKEN))
{
$substitutionarray['__SECUREKEYPAYPAL__']=dol_hash($conf->global->PAYPAL_SECURITY_TOKEN, 2);
@ -738,7 +760,7 @@ if ($action == 'create')
print '<table class="border" width="100%">';
print '<tr><td class="fieldrequired titlefieldcreate">'.$langs->trans("MailTopic").'</td><td><input class="flat minwidth200 quatrevingtpercent" name="sujet" value="'.dol_escape_htmltag(GETPOST('sujet')).'"></td></tr>';
print '<tr><td>'.$langs->trans("BackgroundColorByDefault").'</td><td colspan="3">';
print $htmlother->selectColor($_POST['bgcolor'],'bgcolor','new_mailing',0);
print $htmlother->selectColor($_POST['bgcolor'],'bgcolor','',0);
print '</td></tr>';
print '</table>';
@ -930,7 +952,7 @@ else
* Boutons d'action
*/
if (GETPOST("cancel") || $confirm=='no' || $action == '' || in_array($action,array('settodraft', 'valid','delete','sendall','clone')))
if (GETPOST('cancel','alpha') || $confirm=='no' || $action == '' || in_array($action,array('settodraft', 'valid','delete','sendall','clone')))
{
print "\n\n<div class=\"tabsAction\">\n";
@ -941,7 +963,14 @@ else
if (($object->statut == 0 || $object->statut == 1) && $user->rights->mailing->creer)
{
print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?action=edit&amp;id='.$object->id.'">'.$langs->trans("EditWithEditor").'</a>';
if (! empty($conf->fckeditor->enabled) && ! empty($conf->global->FCKEDITOR_ENABLE_MAILING))
{
print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?action=edit&amp;id='.$object->id.'">'.$langs->trans("EditWithEditor").'</a>';
}
else
{
print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?action=edit&amp;id='.$object->id.'">'.$langs->trans("EditWithTextEditor").'</a>';
}
if (! empty($conf->use_javascript_ajax)) print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?action=edithtml&amp;id='.$object->id.'">'.$langs->trans("EditHTMLSource").'</a>';
}
@ -1091,19 +1120,19 @@ else
// Background color
/*print '<tr><td width="15%">'.$langs->trans("BackgroundColorByDefault").'</td><td colspan="3">';
print $htmlother->selectColor($object->bgcolor,'bgcolor','edit_mailing',0);
print $htmlother->selectColor($object->bgcolor,'bgcolor','',0);
print '</td></tr>';*/
print '</table>';
// Message
print '<div style="padding-top: 10px" bgcolor="'.($object->bgcolor?(preg_match('/^#/',$object->bgcolor)?'':'#').$object->bgcolor:'white').'">';
if (empty($object->bgcolor) || strtolower($object->bgcolor) == 'ffffff')
print '<div style="padding-top: 10px; background: '.($object->bgcolor?(preg_match('/^#/',$object->bgcolor)?'':'#').$object->bgcolor:'white').'">';
if (empty($object->bgcolor) || strtolower($object->bgcolor) == 'ffffff') // CKEditor does not apply the color of the div into its content area
{
$readonly=1;
// Editeur wysiwyg
require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php';
$doleditor=new DolEditor('bodyemail',$object->body,'',600,'dolibarr_mailings','',false,true,empty($conf->global->FCKEDITOR_ENABLE_MAILING)?0:1,20,120,$readonly);
$doleditor=new DolEditor('bodyemail',$object->body,'',600,'dolibarr_mailings','',false,true,empty($conf->global->FCKEDITOR_ENABLE_MAILING)?0:1,20,'90%',$readonly);
$doleditor->Create();
}
else print dol_htmlentitiesbr($object->body);
@ -1245,7 +1274,7 @@ else
// Background color
print '<tr><td>'.$langs->trans("BackgroundColorByDefault").'</td><td colspan="3">';
print $htmlother->selectColor($object->bgcolor,'bgcolor','edit_mailing',0);
print $htmlother->selectColor($object->bgcolor,'bgcolor','',0);
print '</td></tr>';
print '</table>';

4
htdocs/comm/mailing/class/advtargetemailing.class.php
View File

@ -121,7 +121,7 @@ class AdvanceTargetingMailing extends CommonObject
$sql.= " ".(! isset($this->name)?'NULL':"'".$this->db->escape($this->name)."'").",";
$sql.= " ".$conf->entity.",";
$sql.= " ".(! isset($this->fk_mailing)?'NULL':"'".$this->fk_mailing."'").",";
$sql.= " ".(! isset($this->fk_mailing)?'NULL':"'".$this->db->escape($this->fk_mailing)."'").",";
$sql.= " ".(! isset($this->filtervalue)?'NULL':"'".$this->db->escape($this->filtervalue)."'").",";
$sql.= " ".$user->id.",";
$sql.= " '".$this->db->idate(dol_now())."',";
@ -658,7 +658,7 @@ class AdvanceTargetingMailing extends CommonObject
$sqlwhere[]= " (t.datec >= '".$this->db->idate($arrayquery['contact_create_st_dt'])."' AND t.datec <= '".$this->db->idate($arrayquery['contact_create_end_dt'])."')";
}
if (!empty($arrayquery['contact_categ']) && count($arrayquery['contact_categ'])>0) {
$sqlwhere[]= " (contactcateg.fk_categorie IN (".$db->escape(implode(",",$arrayquery['contact_categ']))."))";
$sqlwhere[]= " (contactcateg.fk_categorie IN (".$this->db->escape(implode(",",$arrayquery['contact_categ']))."))";
}
//Standard Extrafield feature

6
htdocs/comm/propal/card.php
View File

@ -602,7 +602,7 @@ if (empty($reshook))
}
// Close proposal
else if ($action == 'setstatut' && $user->rights->propal->cloturer && ! GETPOST('cancel'))
else if ($action == 'setstatut' && $user->rights->propal->cloturer && ! GETPOST('cancel','alpha'))
{
if (! GETPOST('statut')) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("CloseAs")), null, 'errors');
@ -622,7 +622,7 @@ if (empty($reshook))
}
// Reopen proposal
else if ($action == 'confirm_reopen' && $user->rights->propal->cloturer && ! GETPOST('cancel'))
else if ($action == 'confirm_reopen' && $user->rights->propal->cloturer && ! GETPOST('cancel','alpha'))
{
// prevent browser refresh from reopening proposal several times
if ($object->statut == Propal::STATUS_SIGNED || $object->statut == Propal::STATUS_NOTSIGNED || $object->statut == Propal::STATUS_BILLED)
@ -1106,7 +1106,7 @@ if (empty($reshook))
}
}
else if ($action == 'updateligne' && $user->rights->propal->creer && GETPOST('cancel'))
else if ($action == 'updateligne' && $user->rights->propal->creer && GETPOST('cancel','alpha'))
{
header('Location: ' . $_SERVER['PHP_SELF'] . '?id=' . $object->id); // Pour reaffichage de la fiche en cours d'edition
exit();

22
htdocs/comm/propal/class/propal.class.php
View File

@ -938,7 +938,7 @@ class Propal extends CommonObject
$sql.= ", '".$this->db->escape($this->multicurrency_code)."'";
$sql.= ", ".(double) $this->multicurrency_tx;
$sql.= ")";
dol_syslog(get_class($this)."::create", LOG_DEBUG);
$resql=$this->db->query($sql);
if ($resql)
@ -3772,28 +3772,28 @@ class PropaleLigne extends CommonObjectLine
$sql.= ' date_start, date_end';
$sql.= ', fk_multicurrency, multicurrency_code, multicurrency_subprice, multicurrency_total_ht, multicurrency_total_tva, multicurrency_total_ttc)';
$sql.= " VALUES (".$this->fk_propal.",";
$sql.= " ".($this->fk_parent_line>0?"'".$this->fk_parent_line."'":"null").",";
$sql.= " ".($this->fk_parent_line>0?"'".$this->db->escape($this->fk_parent_line)."'":"null").",";
$sql.= " ".(! empty($this->label)?"'".$this->db->escape($this->label)."'":"null").",";
$sql.= " '".$this->db->escape($this->desc)."',";
$sql.= " ".($this->fk_product?"'".$this->fk_product."'":"null").",";
$sql.= " '".$this->product_type."',";
$sql.= " ".($this->fk_remise_except?"'".$this->fk_remise_except."'":"null").",";
$sql.= " ".($this->fk_product?"'".$this->db->escape($this->fk_product)."'":"null").",";
$sql.= " '".$this->db->escape($this->product_type)."',";
$sql.= " ".($this->fk_remise_except?"'".$this->db->escape($this->fk_remise_except)."'":"null").",";
$sql.= " ".price2num($this->qty).",";
$sql.= " ".(empty($this->vat_src_code)?"''":"'".$this->vat_src_code."'").",";
$sql.= " ".(empty($this->vat_src_code)?"''":"'".$this->db->escape($this->vat_src_code)."'").",";
$sql.= " ".price2num($this->tva_tx).",";
$sql.= " ".price2num($this->localtax1_tx).",";
$sql.= " ".price2num($this->localtax2_tx).",";
$sql.= " '".$this->localtax1_type."',";
$sql.= " '".$this->localtax2_type."',";
$sql.= " '".$this->db->escape($this->localtax1_type)."',";
$sql.= " '".$this->db->escape($this->localtax2_type)."',";
$sql.= " ".($this->subprice?price2num($this->subprice):"null").",";
$sql.= " ".price2num($this->remise_percent).",";
$sql.= " ".(isset($this->info_bits)?"'".$this->info_bits."'":"null").",";
$sql.= " ".(isset($this->info_bits)?"'".$this->db->escape($this->info_bits)."'":"null").",";
$sql.= " ".price2num($this->total_ht).",";
$sql.= " ".price2num($this->total_tva).",";
$sql.= " ".price2num($this->total_localtax1).",";
$sql.= " ".price2num($this->total_localtax2).",";
$sql.= " ".price2num($this->total_ttc).",";
$sql.= " ".(!empty($this->fk_fournprice)?"'".$this->fk_fournprice."'":"null").",";
$sql.= " ".(!empty($this->fk_fournprice)?"'".$this->db->escape($this->fk_fournprice)."'":"null").",";
$sql.= " ".(isset($this->pa_ht)?"'".price2num($this->pa_ht)."'":"null").",";
$sql.= ' '.$this->special_code.',';
$sql.= ' '.$this->rang.',';
@ -3975,7 +3975,7 @@ class PropaleLigne extends CommonObjectLine
$sql.= ", total_localtax1=".price2num($this->total_localtax1)."";
$sql.= ", total_localtax2=".price2num($this->total_localtax2)."";
}
$sql.= ", fk_product_fournisseur_price=".(! empty($this->fk_fournprice)?"'".$this->fk_fournprice."'":"null");
$sql.= ", fk_product_fournisseur_price=".(! empty($this->fk_fournprice)?"'".$this->db->escape($this->fk_fournprice)."'":"null");
$sql.= ", buy_price_ht=".price2num($this->pa_ht);
if (strlen($this->special_code)) $sql.= ", special_code=".$this->special_code;
$sql.= ", fk_parent_line=".($this->fk_parent_line>0?$this->fk_parent_line:"null");

6
htdocs/comm/propal/list.php
View File

@ -169,8 +169,8 @@ $object = new Propal($db); // To be passed as parameter of executeHooks that nee
* Actions
*/
if (GETPOST('cancel')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
$parameters=array('socid'=>$socid);
$reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks
@ -420,7 +420,7 @@ if ($resql)
{
$langs->load("mails");
if (! GETPOST('cancel'))
if (! GETPOST('cancel','alpha'))
{
$objecttmp=new Propal($db);
$listofselectedid=array();

2
htdocs/comm/remise.php
View File

@ -46,7 +46,7 @@ $backtopage = GETPOST('backtopage','alpha');
* Actions
*/
if (GETPOST('cancel') && ! empty($backtopage))
if (GETPOST('cancel','alpha') && ! empty($backtopage))
{
header("Location: ".$backtopage);
exit;

2
htdocs/comm/remx.php
View File

@ -49,7 +49,7 @@ if ($user->societe_id > 0)
* Actions
*/
if (GETPOST('cancel') && ! empty($backtopage))
if (GETPOST('cancel','alpha') && ! empty($backtopage))
{
header("Location: ".$backtopage);
exit;

5
htdocs/commande/card.php
View File

@ -1061,7 +1061,7 @@ if (empty($reshook))
}
}
else if ($action == 'updateline' && $user->rights->commande->creer && GETPOST('cancel') == $langs->trans('Cancel')) {
else if ($action == 'updateline' && $user->rights->commande->creer && GETPOST('cancel','alpha') == $langs->trans('Cancel')) {
header('Location: ' . $_SERVER['PHP_SELF'] . '?id=' . $object->id); // Pour reaffichage de la fiche en cours d'edition
exit();
}
@ -1441,7 +1441,6 @@ if ($action == 'create' && $user->rights->commande->creer)
$note_private = $object->getDefaultCreateValueFor('note_private');
$note_public = $object->getDefaultCreateValueFor('note_public');
}
$absolute_discount=$soc->getAvailableDiscounts();
print '<form name="crea_commande" action="' . $_SERVER["PHP_SELF"] . '" method="POST">';
@ -1478,7 +1477,7 @@ if ($action == 'create' && $user->rights->commande->creer)
print '</td>';
} else {
print '<td>';
print $form->select_company('', 'socid', 's.client = 1 OR s.client = 3', 'SelectThirdParty', 0, 0, null, 0, 'minwidth300');
print $form->select_company('', 'socid', '(s.client = 1 OR s.client = 3)', 'SelectThirdParty', 0, 0, null, 0, 'minwidth300');
// reload page to retrieve customer informations
if (!empty($conf->global->RELOAD_PAGE_ON_CUSTOMER_CHANGE))
{

22
htdocs/commande/class/commande.class.php
View File

@ -775,11 +775,11 @@ class Commande extends CommonOrder
$sql.= ", ".($this->ref_client?"'".$this->db->escape($this->ref_client)."'":"null");
$sql.= ", ".($this->ref_int?"'".$this->db->escape($this->ref_int)."'":"null");
$sql.= ", '".$this->db->escape($this->modelpdf)."'";
$sql.= ", ".($this->cond_reglement_id>0?"'".$this->cond_reglement_id."'":"null");
$sql.= ", ".($this->mode_reglement_id>0?"'".$this->mode_reglement_id."'":"null");
$sql.= ", ".($this->cond_reglement_id>0?$this->cond_reglement_id:"null");
$sql.= ", ".($this->mode_reglement_id>0?$this->mode_reglement_id:"null");
$sql.= ", ".($this->fk_account>0?$this->fk_account:'NULL');
$sql.= ", ".($this->availability_id>0?"'".$this->availability_id."'":"null");
$sql.= ", ".($this->demand_reason_id>0?"'".$this->demand_reason_id."'":"null");
$sql.= ", ".($this->availability_id>0?$this->availability_id:"null");
$sql.= ", ".($this->demand_reason_id>0?$this->demand_reason_id:"null");
$sql.= ", ".($this->date_livraison?"'".$this->db->idate($this->date_livraison)."'":"null");
$sql.= ", ".($this->fk_delivery_address>0?$this->fk_delivery_address:'NULL');
$sql.= ", ".($this->shipping_method_id>0?$this->shipping_method_id:'NULL');
@ -2234,7 +2234,7 @@ class Commande extends CommonOrder
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."commande";
$sql.= " SET date_commande = ".($date ? $this->db->idate($date) : 'null');
$sql.= " SET date_commande = ".($date ? "'".$this->db->idate($date)."'" : 'null');
$sql.= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
@ -3995,18 +3995,18 @@ class OrderLine extends CommonOrderLine
$sql.= ', fk_multicurrency, multicurrency_code, multicurrency_subprice, multicurrency_total_ht, multicurrency_total_tva, multicurrency_total_ttc';
$sql.= ')';
$sql.= " VALUES (".$this->fk_commande.",";
$sql.= " ".($this->fk_parent_line>0?"'".$this->fk_parent_line."'":"null").",";
$sql.= " ".($this->fk_parent_line>0?"'".$this->db->escape($this->fk_parent_line)."'":"null").",";
$sql.= " ".(! empty($this->label)?"'".$this->db->escape($this->label)."'":"null").",";
$sql.= " '".$this->db->escape($this->desc)."',";
$sql.= " '".price2num($this->qty)."',";
$sql.= " ".(empty($this->vat_src_code)?"''":"'".$this->vat_src_code."'").",";
$sql.= " ".(empty($this->vat_src_code)?"''":"'".$this->db->escape($this->vat_src_code)."'").",";
$sql.= " '".price2num($this->tva_tx)."',";
$sql.= " '".price2num($this->localtax1_tx)."',";
$sql.= " '".price2num($this->localtax2_tx)."',";
$sql.= " '".$this->localtax1_type."',";
$sql.= " '".$this->localtax2_type."',";
$sql.= " '".$this->db->escape($this->localtax1_type)."',";
$sql.= " '".$this->db->escape($this->localtax2_type)."',";
$sql.= ' '.(! empty($this->fk_product)?$this->fk_product:"null").',';
$sql.= " '".$this->product_type."',";
$sql.= " '".$this->db->escape($this->product_type)."',";
$sql.= " '".price2num($this->remise_percent)."',";
$sql.= " ".($this->subprice!=''?"'".price2num($this->subprice)."'":"null").",";
$sql.= " ".($this->price!=''?"'".price2num($this->price)."'":"null").",";
@ -4016,7 +4016,7 @@ class OrderLine extends CommonOrderLine
$sql.= ' '.$this->rang.',';
$sql.= ' '.(! empty($this->fk_fournprice)?$this->fk_fournprice:"null").',';
$sql.= ' '.price2num($this->pa_ht).',';
$sql.= " '".$this->info_bits."',";
$sql.= " '".$this->db->escape($this->info_bits)."',";
$sql.= " '".price2num($this->total_ht)."',";
$sql.= " '".price2num($this->total_tva)."',";
$sql.= " '".price2num($this->total_localtax1)."',";

6
htdocs/commande/list.php
View File

@ -149,8 +149,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab
* Actions
*/
if (GETPOST('cancel')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; }
if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; }
$parameters=array('socid'=>$socid);
$reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks
@ -666,7 +666,7 @@ if ($resql)
{
$langs->load("mails");
if (! GETPOST('cancel'))
if (! GETPOST('cancel','alpha'))
{
$objecttmp=new Commande($db);
$listofselectedid=array();

4
htdocs/compta/bank/bankentries.php
View File

@ -161,8 +161,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab
* Actions
*/
if (GETPOST('cancel')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
$parameters=array();
$reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks

28
htdocs/compta/bank/class/account.class.php
View File

@ -574,21 +574,21 @@ class Account extends CommonObject
$sql.= ", '".$this->db->escape($this->account_number)."'";
$sql.= ", ".($this->fk_accountancy_journal > 0 ? $this->db->escape($this->fk_accountancy_journal) : "null");
$sql.= ", '".$this->db->escape($this->bank)."'";
$sql.= ", '".$this->code_banque."'";
$sql.= ", '".$this->code_guichet."'";
$sql.= ", '".$this->number."'";
$sql.= ", '".$this->cle_rib."'";
$sql.= ", '".$this->bic."'";
$sql.= ", '".$this->iban."'";
$sql.= ", '".$this->db->escape($this->code_banque)."'";
$sql.= ", '".$this->db->escape($this->code_guichet)."'";
$sql.= ", '".$this->db->escape($this->number)."'";
$sql.= ", '".$this->db->escape($this->cle_rib)."'";
$sql.= ", '".$this->db->escape($this->bic)."'";
$sql.= ", '".$this->db->escape($this->iban)."'";
$sql.= ", '".$this->db->escape($this->domiciliation)."'";
$sql.= ", '".$this->db->escape($this->proprio)."'";
$sql.= ", '".$this->db->escape($this->owner_address)."'";
$sql.= ", '".$this->currency_code."'";
$sql.= ", '".$this->db->escape($this->currency_code)."'";
$sql.= ", ".$this->rappro;
$sql.= ", ".price2num($this->min_allowed);
$sql.= ", ".price2num($this->min_desired);
$sql.= ", '".$this->db->escape($this->comment)."'";
$sql.= ", ".($this->state_id>0?"'".$this->state_id."'":"null");
$sql.= ", ".($this->state_id>0?$this->state_id:"null");
$sql.= ", ".$this->country_id;
$sql.= ")";
@ -703,7 +703,7 @@ class Account extends CommonObject
$sql.= ",courant = ".$this->courant;
$sql.= ",clos = ".$this->clos;
$sql.= ",rappro = ".$this->rappro;
$sql.= ",url = ".($this->url?"'".$this->url."'":"null");
$sql.= ",url = ".($this->url?"'".$this->db->escape($this->url)."'":"null");
$sql.= ",account_number = '".$this->db->escape($this->account_number)."'";
$sql.= ",fk_accountancy_journal = ".($this->fk_accountancy_journal > 0 ? $this->db->escape($this->fk_accountancy_journal) : "null");
$sql.= ",bank = '".$this->db->escape($this->bank)."'";
@ -723,7 +723,7 @@ class Account extends CommonObject
$sql.= ",min_desired = ".($this->min_desired != '' ? price2num($this->min_desired) : "null");
$sql.= ",comment = '".$this->db->escape($this->comment)."'";
$sql.= ",state_id = ".($this->state_id>0?"'".$this->state_id."'":"null");
$sql.= ",state_id = ".($this->state_id>0?$this->state_id:"null");
$sql.= ",fk_pays = ".$this->country_id;
$sql.= " WHERE rowid = ".$this->id;
@ -808,7 +808,7 @@ class Account extends CommonObject
$sql.= ",domiciliation='".$this->db->escape($this->domiciliation)."'";
$sql.= ",proprio = '".$this->db->escape($this->proprio)."'";
$sql.= ",owner_address = '".$this->db->escape($this->owner_address)."'";
$sql.= ",state_id = ".($this->state_id>0?"'".$this->state_id."'":"null");
$sql.= ",state_id = ".($this->state_id>0?$this->state_id:"null");
$sql.= ",fk_pays = ".$this->country_id;
$sql.= " WHERE rowid = ".$this->id;
$sql.= " AND entity = ".$conf->entity;
@ -1695,9 +1695,9 @@ class AccountLine extends CommonObject
$sql .= ", '".$this->db->idate($this->datev)."'";
$sql .= ", '".$this->db->escape($this->label)."'";
$sql .= ", ".price2num($this->amount);
$sql .= ", ".($this->fk_user_author > 0 ? "'".$this->fk_user_author."'":"null");
$sql .= ", ".($this->num_chq ? "'".$this->num_chq."'" : "null");
$sql .= ", '".$this->fk_account."'";
$sql .= ", ".($this->fk_user_author > 0 ? $this->fk_user_author :"null");
$sql .= ", ".($this->num_chq ? "'".$this->db->escape($this->num_chq)."'" : "null");
$sql .= ", '".$this->db->escape($this->fk_account)."'";
$sql .= ", '".$this->db->escape($this->fk_type)."'";
$sql .= ", ".($this->emetteur ? "'".$this->db->escape($this->emetteur)."'" : "null");
$sql .= ", ".($this->bank_chq ? "'".$this->db->escape($this->bank_chq)."'" : "null");

4
htdocs/compta/bank/index.php
View File

@ -111,8 +111,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab
* Actions
*/
if (GETPOST('cancel')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
$parameters=array('socid'=>$socid);
$reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks

4
htdocs/compta/bank/ligne.php
View File

@ -48,8 +48,8 @@ $action=GETPOST('action','alpha');
$confirm=GETPOST('confirm','alpha');
$rowid=GETPOST("rowid",'int');
$orig_account=GETPOST("orig_account");
$backtopage=GETPOST('backtopage');
$cancel=GETPOST('cancel');
$backtopage=GETPOST('backtopage','alpha');
$cancel=GETPOST('cancel','alpha');
// Security check
$fieldvalue = (! empty($id) ? $id : (! empty($ref) ? $ref :''));

2
htdocs/compta/deplacement/class/deplacement.class.php
View File

@ -107,7 +107,7 @@ class Deplacement extends CommonObject
$sql.= ", ".$conf->entity;
$sql.= ", ".$user->id;
$sql.= ", ".$this->fk_user;
$sql.= ", '".$this->type."'";
$sql.= ", '".$this->db->escape($this->type)."'";
$sql.= ", ".($this->note_private?"'".$this->db->escape($this->note_private)."'":"null");
$sql.= ", ".($this->note_public?"'".$this->db->escape($this->note_public)."'":"null");
$sql.= ", ".($this->fk_project > 0? $this->fk_project : 0);

2
htdocs/compta/facture/card.php
View File

@ -1766,7 +1766,7 @@ if (empty($reshook))
}
}
elseif ($action == 'updateligne' && $user->rights->facture->creer && ! GETPOST('cancel'))
elseif ($action == 'updateligne' && $user->rights->facture->creer && ! GETPOST('cancel','alpha'))
{
if (! $object->fetch($id) > 0) dol_print_error($db);
$object->fetch_thirdparty();

10
htdocs/compta/facture/class/facture-rec.class.php
View File

@ -141,7 +141,7 @@ class FactureRec extends CommonInvoice
$sql.= ", nb_gen_max";
$sql.= ", auto_validate";
$sql.= ") VALUES (";
$sql.= "'".$this->titre."'";
$sql.= "'".$this->db->escape($this->titre)."'";
$sql.= ", ".$facsrc->socid;
$sql.= ", ".$conf->entity;
$sql.= ", '".$this->db->idate($now)."'";
@ -149,11 +149,11 @@ class FactureRec extends CommonInvoice
$sql.= ", ".(!empty($facsrc->remise)?$this->remise:'0');
$sql.= ", ".(!empty($this->note_private)?("'".$this->db->escape($this->note_private)."'"):"NULL");
$sql.= ", ".(!empty($this->note_public)?("'".$this->db->escape($this->note_public)."'"):"NULL");
$sql.= ", '".$user->id."'";
$sql.= ", '".$this->db->escape($user->id)."'";
$sql.= ", ".(! empty($facsrc->fk_project)?"'".$facsrc->fk_project."'":"null");
$sql.= ", ".(! empty($facsrc->fk_account)?"'".$facsrc->fk_account."'":"null");
$sql.= ", '".$facsrc->cond_reglement_id."'";
$sql.= ", '".$facsrc->mode_reglement_id."'";
$sql.= ", '".$this->db->escape($facsrc->cond_reglement_id)."'";
$sql.= ", '".$this->db->escape($facsrc->mode_reglement_id)."'";
$sql.= ", ".$this->usenewprice;
$sql.= ", ".$this->frequency;
$sql.= ", '".$this->db->escape($this->unit_frequency)."'";
@ -1504,7 +1504,7 @@ class FactureLigneRec extends CommonInvoiceLine
$sql.= ", localtax1_type='".$this->db->escape($this->localtax1_type)."'";
$sql.= ", localtax2_tx=".price2num($this->localtax2_tx);
$sql.= ", localtax2_type='".$this->db->escape($this->localtax2_type)."'";
$sql.= ", fk_product=".(! empty($this->fk_product)?"'".$this->fk_product."'":"null");
$sql.= ", fk_product=".($this->fk_product > 0 ? $this->fk_product :"null");
$sql.= ", product_type=".$this->product_type;
$sql.= ", remise_percent='".price2num($this->remise_percent)."'";
$sql.= ", subprice='".price2num($this->subprice)."'";

10
htdocs/compta/facture/class/facture.class.php
View File

@ -4447,16 +4447,16 @@ class FactureLigne extends CommonInvoiceLine
$sql.= ' fk_multicurrency, multicurrency_code, multicurrency_subprice, multicurrency_total_ht, multicurrency_total_tva, multicurrency_total_ttc';
$sql.= ')';
$sql.= " VALUES (".$this->fk_facture.",";
$sql.= " ".($this->fk_parent_line>0?"'".$this->fk_parent_line."'":"null").",";
$sql.= " ".($this->fk_parent_line>0 ? $this->fk_parent_line:"null").",";
$sql.= " ".(! empty($this->label)?"'".$this->db->escape($this->label)."'":"null").",";
$sql.= " '".$this->db->escape($this->desc)."',";
$sql.= " ".price2num($this->qty).",";
$sql.= " ".(empty($this->vat_src_code)?"''":"'".$this->vat_src_code."'").",";
$sql.= " ".(empty($this->vat_src_code)?"''":"'".$this->db->escape($this->vat_src_code)."'").",";
$sql.= " ".price2num($this->tva_tx).",";
$sql.= " ".price2num($this->localtax1_tx).",";
$sql.= " ".price2num($this->localtax2_tx).",";
$sql.= " '".$this->localtax1_type."',";
$sql.= " '".$this->localtax2_type."',";
$sql.= " '".$this->db->escape($this->localtax1_type)."',";
$sql.= " '".$this->db->escape($this->localtax2_type)."',";
$sql.= ' '.(! empty($this->fk_product)?$this->fk_product:"null").',';
$sql.= " ".$this->product_type.",";
$sql.= " ".price2num($this->remise_percent).",";
@ -4469,7 +4469,7 @@ class FactureLigne extends CommonInvoiceLine
$sql.= ' '.$this->special_code.',';
$sql.= ' '.(! empty($this->fk_fournprice)?$this->fk_fournprice:"null").',';
$sql.= ' '.price2num($this->pa_ht).',';
$sql.= " '".$this->info_bits."',";
$sql.= " '".$this->db->escape($this->info_bits)."',";
$sql.= " ".price2num($this->total_ht).",";
$sql.= " ".price2num($this->total_tva).",";
$sql.= " ".price2num($this->total_ttc).",";

26
htdocs/compta/facture/class/paymentterm.class.php
View File

@ -85,13 +85,11 @@ class PaymentTerm // extends CommonObject
if (isset($this->decalage)) $this->decalage=trim($this->decalage);
// Check parameters
// Put here code to add control on parameters values
// Insert request
$sql = "INSERT INTO ".MAIN_DB_PREFIX."c_payment_term(";
$sql.= "rowid,";
$sql.= "entity,";
$sql.= "code,";
@ -102,22 +100,17 @@ class PaymentTerm // extends CommonObject
$sql.= "type_cdr,";
$sql.= "nbjour,";
$sql.= "decalage";
$sql.= ") VALUES (";
$sql.= " ".(! isset($this->rowid)?'NULL':"'".$this->rowid."'").",";
$sql.= " ".(! isset($this->entity)?getEntity('c_payment_term', 2):"'".$this->entity."'").",";
$sql.= " ".(! isset($this->rowid)?'NULL':"'".$this->db->escape($this->rowid)."'").",";
$sql.= " ".(! isset($this->entity)?getEntity('c_payment_term', 2):"'".$this->db->escape($this->entity)."'").",";
$sql.= " ".(! isset($this->code)?'NULL':"'".$this->db->escape($this->code)."'").",";
$sql.= " ".(! isset($this->sortorder)?'NULL':"'".$this->sortorder."'").",";
$sql.= " ".(! isset($this->active)?'NULL':"'".$this->active."'").",";
$sql.= " ".(! isset($this->sortorder)?'NULL':"'".$this->db->escape($this->sortorder)."'").",";
$sql.= " ".(! isset($this->active)?'NULL':"'".$this->db->escape($this->active)."'").",";
$sql.= " ".(! isset($this->libelle)?'NULL':"'".$this->db->escape($this->libelle)."'").",";
$sql.= " ".(! isset($this->libelle_facture)?'NULL':"'".$this->db->escape($this->libelle_facture)."'").",";
$sql.= " ".(! isset($this->type_cdr)?'NULL':"'".$this->type_cdr."'").",";
$sql.= " ".(! isset($this->nbjour)?'NULL':"'".$this->nbjour."'").",";
$sql.= " ".(! isset($this->decalage)?'NULL':"'".$this->decalage."'")."";
$sql.= " ".(! isset($this->type_cdr)?'NULL':"'".$this->db->escape($this->type_cdr)."'").",";
$sql.= " ".(! isset($this->nbjour)?'NULL':"'".$this->db->escape($this->nbjour)."'").",";
$sql.= " ".(! isset($this->decalage)?'NULL':"'".$this->db->escape($this->decalage)."'")."";
$sql.= ")";
$this->db->begin();
@ -290,7 +283,6 @@ class PaymentTerm // extends CommonObject
// Update request
$sql = "UPDATE ".MAIN_DB_PREFIX."c_payment_term SET";
$sql.= " code=".(isset($this->code)?"'".$this->db->escape($this->code)."'":"null").",";
$sql.= " sortorder=".(isset($this->sortorder)?$this->sortorder:"null").",";
$sql.= " active=".(isset($this->active)?$this->active:"null").",";
@ -299,10 +291,14 @@ class PaymentTerm // extends CommonObject
$sql.= " type_cdr=".(isset($this->type_cdr)?$this->type_cdr:"null").",";
$sql.= " nbjour=".(isset($this->nbjour)?$this->nbjour:"null").",";
$sql.= " decalage=".(isset($this->decalage)?$this->decalage:"null")."";
<<<<<<< HEAD
$sql.= " WHERE rowid = " . $this->id;
$sql.= " AND entity = " . getEntity('c_payment_term', 2);
=======
$sql.= " WHERE rowid=".$this->id;
>>>>>>> branch 'develop' of https://github.com/Dolibarr/dolibarr.git
$this->db->begin();

8
htdocs/compta/facture/fiche-rec.php
View File

@ -139,8 +139,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab
* Actions
*/
if (GETPOST('cancel')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
$parameters = array('socid' => $socid);
$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
@ -148,7 +148,7 @@ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'e
if (empty($reshook))
{
if (GETPOST('cancel')) $action='';
if (GETPOST('cancel','alpha')) $action='';
// Selection of new fields
include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php';
@ -728,7 +728,7 @@ if (empty($reshook))
}
}
elseif ($action == 'updateligne' && $user->rights->facture->creer && ! GETPOST('cancel'))
elseif ($action == 'updateligne' && $user->rights->facture->creer && ! GETPOST('cancel','alpha'))
{
if (! $object->fetch($id) > 0) dol_print_error($db);
$object->fetch_thirdparty();

6
htdocs/compta/facture/list.php
View File

@ -181,8 +181,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab
* Actions
*/
if (GETPOST('cancel')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
$parameters=array('socid'=>$socid);
$reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks
@ -612,7 +612,7 @@ if ($resql)
{
$langs->load("mails");
if (! GETPOST('cancel'))
if (! GETPOST('cancel','alpha'))
{
$objecttmp=new Facture($db);
$listofselectedid=array();

12
htdocs/compta/localtax/class/localtax.class.php
View File

@ -87,12 +87,12 @@ class Localtax extends CommonObject
$sql.= " '".$this->db->idate($this->tms)."',";
$sql.= " '".$this->db->idate($this->datep)."',";
$sql.= " '".$this->db->idate($this->datev)."',";
$sql.= " '".$this->amount."',";
$sql.= " '".$this->label."',";
$sql.= " '".$this->note."',";
$sql.= " ".($this->fk_bank <= 0 ? "NULL" : "'".$this->fk_bank."'").",";
$sql.= " '".$this->fk_user_creat."',";
$sql.= " '".$this->fk_user_modif."'";
$sql.= " '".$this->db->escape($this->amount)."',";
$sql.= " '".$this->db->escape($this->label)."',";
$sql.= " '".$this->db->escape($this->note)."',";
$sql.= " ".($this->fk_bank <= 0 ? "NULL" : "'".$this->db->escape($this->fk_bank)."'").",";
$sql.= " '".$this->db->escape($this->fk_user_creat)."',";
$sql.= " '".$this->db->escape($this->fk_user_modif)."'";
$sql.= ")";
dol_syslog(get_class($this)."::create", LOG_DEBUG);

2
htdocs/compta/paiement/cheque/class/remisecheque.class.php
View File

@ -861,7 +861,7 @@ class RemiseCheque extends CommonObject
if ($user->rights->banque->cheque)
{
$sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque";
$sql.= " SET date_bordereau = ".($date ? $this->db->idate($date) : 'null');
$sql.= " SET date_bordereau = ".($date ? "'".$this->db->idate($date)."'" : 'null');
$sql.= " WHERE rowid = ".$this->id;
dol_syslog("RemiseCheque::set_date", LOG_DEBUG);

10
htdocs/compta/salaries/class/paymentsalary.class.php
View File

@ -108,7 +108,7 @@ class PaymentSalary extends CommonObject
$sql.= " datesp='".$this->db->idate($this->datesp)."',";
$sql.= " dateep='".$this->db->idate($this->dateep)."',";
$sql.= " note='".$this->db->escape($this->note)."',";
$sql.= " fk_bank=".($this->fk_bank > 0 ? "'".$this->fk_bank."'":"null").",";
$sql.= " fk_bank=".($this->fk_bank > 0 ? "'".$this->db->escape($this->fk_bank)."'":"null").",";
$sql.= " fk_user_author=".$this->fk_user_author.",";
$sql.= " fk_user_modif=".$this->fk_user_modif;
@ -344,18 +344,18 @@ class PaymentSalary extends CommonObject
$sql.= ", entity";
$sql.= ") ";
$sql.= " VALUES (";
$sql.= "'".$this->fk_user."'";
$sql.= "'".$this->db->escape($this->fk_user)."'";
$sql.= ", '".$this->db->idate($this->datep)."'";
$sql.= ", '".$this->db->idate($this->datev)."'";
$sql.= ", ".$this->amount;
$sql.= ", ".($this->salary > 0 ? $this->salary : "null");
$sql.= ", '".$this->type_payment."'";
$sql.= ", '".$this->num_payment."'";
$sql.= ", '".$this->db->escape($this->type_payment)."'";
$sql.= ", '".$this->db->escape($this->num_payment)."'";
if ($this->note) $sql.= ", '".$this->db->escape($this->note)."'";
$sql.= ", '".$this->db->escape($this->label)."'";
$sql.= ", '".$this->db->idate($this->datesp)."'";
$sql.= ", '".$this->db->idate($this->dateep)."'";
$sql.= ", '".$user->id."'";
$sql.= ", '".$this->db->escape($user->id)."'";
$sql.= ", '".$this->db->idate($now)."'";
$sql.= ", NULL";
$sql.= ", ".$conf->entity;

4
htdocs/compta/sociales/class/chargesociales.class.php
View File

@ -171,8 +171,8 @@ class ChargeSociales extends CommonObject
$sql = "INSERT INTO ".MAIN_DB_PREFIX."chargesociales (fk_type, fk_account, fk_mode_reglement, libelle, date_ech, periode, amount, fk_projet, entity, fk_user_author, date_creation)";
$sql.= " VALUES (".$this->type;
$sql.= ", ".($this->fk_account>0?$this->fk_account:'NULL');
$sql.= ", ".($this->mode_reglement_id>0?"'".$this->mode_reglement_id."'":"NULL");
$sql.= ", ".($this->fk_account>0 ? $this->fk_account:'NULL');
$sql.= ", ".($this->mode_reglement_id>0 ? $this->mode_reglement_id:"NULL");
$sql.= ", '".$this->db->escape($this->lib)."'";
$sql.= ", '".$this->db->idate($this->date_ech)."'";
$sql.= ", '".$this->db->idate($this->periode)."'";

18
htdocs/compta/tva/class/tva.class.php
View File

@ -106,12 +106,12 @@ class Tva extends CommonObject
$sql.= " '".$this->db->idate($now)."',";
$sql.= " '".$this->db->idate($this->datep)."',";
$sql.= " '".$this->db->idate($this->datev)."',";
$sql.= " '".$this->amount."',";
$sql.= " '".$this->label."',";
$sql.= " '".$this->note."',";
$sql.= " ".($this->fk_bank <= 0 ? "NULL" : "'".$this->fk_bank."'").",";
$sql.= " '".$this->fk_user_creat."',";
$sql.= " '".$this->fk_user_modif."'";
$sql.= " '".$this->db->escape($this->amount)."',";
$sql.= " '".$this->db->escape($this->label)."',";
$sql.= " '".$this->db->escape($this->note)."',";
$sql.= " ".($this->fk_bank <= 0 ? "NULL" : "'".$this->db->escape($this->fk_bank)."'").",";
$sql.= " '".$this->db->escape($this->fk_user_creat)."',";
$sql.= " '".$this->db->escape($this->fk_user_modif)."'";
$sql.= ")";
@ -535,11 +535,11 @@ class Tva extends CommonObject
$sql.= "'".$this->db->idate($this->datep)."'";
$sql.= ", '".$this->db->idate($this->datev)."'";
$sql.= ", ".$this->amount;
$sql.= ", '".$this->type_payment."'";
$sql.= ", '".$this->num_payment."'";
$sql.= ", '".$this->db->escape($this->type_payment)."'";
$sql.= ", '".$this->db->escape($this->num_payment)."'";
if ($this->note) $sql.=", '".$this->db->escape($this->note)."'";
if ($this->label) $sql.=", '".$this->db->escape($this->label)."'";
$sql.= ", '".$user->id."'";
$sql.= ", '".$this->db->escape($user->id)."'";
$sql.= ", NULL";
$sql.= ", ".$conf->entity;
$sql.= ")";

2
htdocs/contact/agenda.php
View File

@ -115,7 +115,7 @@ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'e
if (empty($reshook))
{
// Cancel
if (GETPOST("cancel") && ! empty($backtopage))
if (GETPOST('cancel','alpha') && ! empty($backtopage))
{
header("Location: ".$backtopage);
exit;

2
htdocs/contact/card.php
View File

@ -91,7 +91,7 @@ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'e
if (empty($reshook))
{
// Cancel
if (GETPOST("cancel") && ! empty($backtopage))
if (GETPOST('cancel','alpha') && ! empty($backtopage))
{
header("Location: ".$backtopage);
exit;

10
htdocs/contact/class/contact.class.php
View File

@ -200,7 +200,7 @@ class Contact extends CommonObject
$sql.= " ".(! empty($this->canvas)?"'".$this->db->escape($this->canvas)."'":"null").",";
$sql.= " ".$conf->entity.",";
$sql.= "'".$this->db->escape($this->ref_ext)."',";
$sql.= " ".(! empty($this->import_key)?"'".$this->import_key."'":"null");
$sql.= " ".(! empty($this->import_key)?"'".$this->db->escape($this->import_key)."'":"null");
$sql.= ")";
dol_syslog(get_class($this)."::create", LOG_DEBUG);
@ -319,9 +319,9 @@ class Contact extends CommonObject
$sql .= ", jabberid = ".(isset($this->jabberid)?"'".$this->db->escape($this->jabberid)."'":"null");
$sql .= ", priv = '".$this->db->escape($this->priv)."'";
$sql .= ", statut = ".$this->statut;
$sql .= ", fk_user_modif=".($user->id > 0 ? "'".$user->id."'":"NULL");
$sql .= ", default_lang=".($this->default_lang?"'".$this->default_lang."'":"NULL");
$sql .= ", no_email=".($this->no_email?"'".$this->no_email."'":"0");
$sql .= ", fk_user_modif=".($user->id > 0 ? "'".$this->db->escape($user->id)."'":"NULL");
$sql .= ", default_lang=".($this->default_lang?"'".$this->db->escape($this->default_lang)."'":"NULL");
$sql .= ", no_email=".($this->no_email?"'".$this->db->escape($this->no_email)."'":"0");
$sql .= " WHERE rowid=".$this->db->escape($id);
dol_syslog(get_class($this)."::update", LOG_DEBUG);
@ -492,7 +492,7 @@ class Contact extends CommonObject
// Mis a jour contact
$sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET";
$sql.= " birthday=".($this->birthday ? "'".$this->db->idate($this->birthday)."'" : "null");
$sql.= ", photo = ".($this->photo? "'".$this->photo."'" : "null");
$sql.= ", photo = ".($this->photo? "'".$this->db->escape($this->photo)."'" : "null");
if ($user) $sql .= ", fk_user_modif=".$user->id;
$sql.= " WHERE rowid=".$this->db->escape($id);

4
htdocs/contact/list.php
View File

@ -176,8 +176,8 @@ if (($id > 0 || ! empty($ref)) && $action != 'add')
* Actions
*/
if (GETPOST('cancel')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
$parameters=array();
$reshook=$hookmanager->executeHooks('doActions',$parameters, $object, $action); // Note that $action and $object may have been modified by some hooks

10
htdocs/contrat/card.php
View File

@ -636,7 +636,7 @@ if (empty($reshook))
}
}
else if ($action == 'updateline' && $user->rights->contrat->creer && ! GETPOST('cancel'))
else if ($action == 'updateline' && $user->rights->contrat->creer && ! GETPOST('cancel','alpha'))
{
$objectline = new ContratLigne($db);
if ($objectline->fetch(GETPOST('elrowid')))
@ -822,7 +822,7 @@ if (empty($reshook))
}
elseif ($action=='setref_supplier')
{
$cancelbutton = GETPOST('cancel');
$cancelbutton = GETPOST('cancel','alpha');
if (!$cancelbutton) {
$result = $object->fetch($id);
@ -846,7 +846,7 @@ if (empty($reshook))
}
elseif ($action=='setref_customer')
{
$cancelbutton = GETPOST('cancel');
$cancelbutton = GETPOST('cancel','alpha');
if (!$cancelbutton)
{
@ -871,7 +871,7 @@ if (empty($reshook))
}
elseif ($action=='setref')
{
$cancelbutton = GETPOST('cancel');
$cancelbutton = GETPOST('cancel','alpha');
if (!$cancelbutton) {
$result = $object->fetch($id);
@ -895,7 +895,7 @@ if (empty($reshook))
}
elseif ($action=='setdate_contrat')
{
$cancelbutton = GETPOST('cancel');
$cancelbutton = GETPOST('cancel','alpha');
if (!$cancelbutton) {
$result = $object->fetch($id);

20
htdocs/contrat/class/contrat.class.php
View File

@ -928,7 +928,7 @@ class Contrat extends CommonObject
$sql.= ",".($this->commercial_signature_id>0?$this->commercial_signature_id:"NULL");
$sql.= ",".($this->commercial_suivi_id>0?$this->commercial_suivi_id:"NULL");
$sql.= ",".($this->fk_project>0?$this->fk_project:"NULL");
$sql.= ", ".(dol_strlen($this->ref)<=0 ? "null" : "'".$this->ref."'");
$sql.= ", ".(dol_strlen($this->ref)<=0 ? "null" : "'".$this->db->escape($this->ref)."'");
$sql.= ", ".$conf->entity;
$sql.= ", ".(!empty($this->note_private)?("'".$this->db->escape($this->note_private)."'"):"NULL");
$sql.= ", ".(!empty($this->note_public)?("'".$this->db->escape($this->note_public)."'"):"NULL");
@ -2872,7 +2872,7 @@ class ContratLigne extends CommonObjectLine
// Update request
$sql = "UPDATE ".MAIN_DB_PREFIX."contratdet SET";
$sql.= " fk_contrat=".$this->fk_contrat.",";
$sql.= " fk_product=".($this->fk_product?"'".$this->fk_product."'":'null').",";
$sql.= " fk_product=".($this->fk_product?"'".$this->db->escape($this->fk_product)."'":'null').",";
$sql.= " statut=".$this->statut.",";
$sql.= " label='".$this->db->escape($this->label)."',";
$sql.= " description='".$this->db->escape($this->description)."',";
@ -3009,16 +3009,16 @@ class ContratLigne extends CommonObjectLine
if ($this->date_fin_validite > 0) { $sql.= ",date_fin_validite"; }
$sql.= ") VALUES ($this->fk_contrat, '', '" . $this->db->escape($this->description) . "',";
$sql.= ($this->fk_product>0 ? $this->fk_product : "null").",";
$sql.= " '".$this->qty."',";
$sql.= " '".$this->vat_src_code."',";
$sql.= " '".$this->tva_tx."',";
$sql.= " '".$this->localtax1_tx."',";
$sql.= " '".$this->localtax2_tx."',";
$sql.= " '".$this->localtax1_type."',";
$sql.= " '".$this->localtax2_type."',";
$sql.= " '".$this->db->escape($this->qty)."',";
$sql.= " '".$this->db->escape($this->vat_src_code)."',";
$sql.= " '".$this->db->escape($this->tva_tx)."',";
$sql.= " '".$this->db->escape($this->localtax1_tx)."',";
$sql.= " '".$this->db->escape($this->localtax2_tx)."',";
$sql.= " '".$this->db->escape($this->localtax1_type)."',";
$sql.= " '".$this->db->escape($this->localtax2_type)."',";
$sql.= " ".price2num($this->remise_percent).",".price2num($this->subprice).",";
$sql.= " ".price2num($this->total_ht).",".price2num($this->total_tva).",".price2num($this->total_localtax1).",".price2num($this->total_localtax2).",".price2num($this->total_ttc).",";
$sql.= " '".$this->info_bits."',";
$sql.= " '".$this->db->escape($this->info_bits)."',";
$sql.= " ".price2num($this->price_ht).",".price2num($this->remise).",";
if ($this->fk_fournprice > 0) $sql.= ' '.$this->fk_fournprice.',';
else $sql.= ' null,';

4
htdocs/contrat/list.php
View File

@ -136,8 +136,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab
* Action
*/
if (GETPOST('cancel')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; }
$parameters=array('socid'=>$socid);
$reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks

25
htdocs/contrat/services.php
View File

@ -140,8 +140,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab
* Actions
*/
if (GETPOST('cancel')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; }
if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; }
if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; }
$parameters=array('socid'=>$socid);
$reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks
@ -237,6 +237,20 @@ if (! empty($filter_opouvertureprevue) && $filter_opouvertureprevue != -1 && $fi
if (! empty($filter_op1) && $filter_op1 != -1 && $filter_date1 != '') $sql.= " AND cd.date_ouverture ".$filter_op1." '".$db->idate($filter_date1)."'";
if (! empty($filter_op2) && $filter_op2 != -1 && $filter_date2 != '') $sql.= " AND cd.date_fin_validite ".$filter_op2." '".$db->idate($filter_date2)."'";
if (! empty($filter_opcloture) && $filter_opcloture != -1 && $filter_datecloture != '') $sql.= " AND cd.date_cloture ".$filter_opcloture." '".$db->idate($filter_datecloture)."'";
// Add where from extra fields
foreach ($search_array_options as $key => $val)
{
$crit=$val;
$tmpkey=preg_replace('/search_options_/','',$key);
$typ=$extrafields->attribute_type[$tmpkey];
$mode_search=0;
if (in_array($typ, array('int','double','real'))) $mode_search=1; // Search on a numeric
if (in_array($typ, array('sellist')) && $crit != '0' && $crit != '-1') $mode_search=2; // Search on a foreign key int
if ($crit != '' && (! in_array($typ, array('select','sellist')) || $crit != '0'))
{
$sql .= natural_search('ef.'.$tmpkey, $crit, $mode_search);
}
}
$sql .= $db->order($sortfield,$sortorder);
$nbtotalofrecords = '';
@ -464,7 +478,7 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab
$align=$extrafields->getAlignFlag($key);
$typeofextrafield=$extrafields->attribute_type[$key];
print '<td class="liste_titre'.($align?' '.$align:'').'">';
if (in_array($typeofextrafield, array('varchar', 'int', 'double', 'select')))
if (in_array($typeofextrafield, array('varchar', 'int', 'double', 'select')) && empty($extrafields->attribute_computed[$key]))
{
$crit=$val;
$tmpkey=preg_replace('/search_options_/','',$key);
@ -473,6 +487,11 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab
if (in_array($typeofextrafield, array('int', 'double'))) $searchclass='searchnum';
print '<input class="flat'.($searchclass?' '.$searchclass:'').'" size="4" type="text" name="search_options_'.$tmpkey.'" value="'.dol_escape_htmltag($search_array_options['search_options_'.$tmpkey]).'">';
}
else
{
// for the type as 'checkbox', 'chkbxlst', 'sellist' we should use code instead of id (example: I declare a 'chkbxlst' to have a link with dictionnairy, I have to extend it with the 'code' instead 'rowid')
echo $extrafields->showInputField($key, $search_array_options['search_options_'.$key], '', '', 'search_');
}
print '</td>';
}
}

4
htdocs/core/actions_setnotes.inc.php
View File

@ -28,7 +28,7 @@
// $id must be defined (object is loaded in this file with fetch)
// Set public note
if ($action == 'setnote_public' && ! empty($permissionnote) && ! GETPOST('cancel'))
if ($action == 'setnote_public' && ! empty($permissionnote) && ! GETPOST('cancel','alpha'))
{
if (empty($action) || ! is_object($object) || empty($id)) dol_print_error('','Include of actions_setnotes.inc.php was done but required variable was not set before');
if (empty($object->id)) $object->fetch($id); // Fetch may not be already done
@ -36,7 +36,7 @@ if ($action == 'setnote_public' && ! empty($permissionnote) && ! GETPOST('cancel
if ($result < 0) setEventMessages($object->error, $object->errors, 'errors');
}
// Set public note
else if ($action == 'setnote_private' && ! empty($permissionnote) && ! GETPOST('cancel'))
else if ($action == 'setnote_private' && ! empty($permissionnote) && ! GETPOST('cancel','alpha'))
{
if (empty($action) || ! is_object($object) || empty($id)) dol_print_error('','Include of actions_setnotes.inc.php was done but required variable was not set before');
if (empty($object->id)) $object->fetch($id); // Fetch may not be already done

4
htdocs/core/class/ccountry.class.php
View File

@ -88,11 +88,11 @@ class Ccountry // extends CommonObject
$sql.= "label,";
$sql.= "active";
$sql.= ") VALUES (";
$sql.= " ".(! isset($this->rowid)?'NULL':"'".$this->rowid."'").",";
$sql.= " ".(! isset($this->rowid)?'NULL':"'".$this->db->escape($this->rowid)."'").",";
$sql.= " ".(! isset($this->code)?'NULL':"'".$this->db->escape($this->code)."'").",";
$sql.= " ".(! isset($this->code_iso)?'NULL':"'".$this->db->escape($this->code_iso)."'").",";
$sql.= " ".(! isset($this->label)?'NULL':"'".$this->db->escape($this->label)."'").",";
$sql.= " ".(! isset($this->active)?'NULL':"'".$this->active."'")."";
$sql.= " ".(! isset($this->active)?'NULL':"'".$this->db->escape($this->active)."'")."";
$sql.= ")";
$this->db->begin();

18
htdocs/core/class/commonobject.class.php
View File

@ -580,8 +580,8 @@ abstract class CommonObject
$sql = "SELECT tc.rowid";
$sql.= " FROM ".MAIN_DB_PREFIX."c_type_contact as tc";
$sql.= " WHERE tc.element='".$this->db->escape($this->element)."'";
$sql.= " AND tc.source='".$source."'";
$sql.= " AND tc.code='".$type_contact."' AND tc.active=1";
$sql.= " AND tc.source='".$this->db->escape($source)."'";
$sql.= " AND tc.code='".$this->db->escape($type_contact)."' AND tc.active=1";
//print $sql;
$resql=$this->db->query($sql);
if ($resql)
@ -2475,9 +2475,9 @@ abstract class CommonObject
$sql.= ", targettype";
$sql.= ") VALUES (";
$sql.= $origin_id;
$sql.= ", '".$origin."'";
$sql.= ", '".$this->db->escape($origin)."'";
$sql.= ", ".$this->id;
$sql.= ", '".$this->element."'";
$sql.= ", '".$this->db->escape($this->element)."'";
$sql.= ")";
dol_syslog(get_class($this)."::add_object_linked", LOG_DEBUG);
@ -3812,11 +3812,11 @@ abstract class CommonObject
$sql.= ", mandatory";
$sql.= ") VALUES (";
$sql.= $resource_id;
$sql.= ", '".$resource_type."'";
$sql.= ", '".$this->id."'";
$sql.= ", '".$this->element."'";
$sql.= ", '".$busy."'";
$sql.= ", '".$mandatory."'";
$sql.= ", '".$this->db->escape($resource_type)."'";
$sql.= ", '".$this->db->escape($this->id)."'";
$sql.= ", '".$this->db->escape($this->element)."'";
$sql.= ", '".$this->db->escape($busy)."'";
$sql.= ", '".$this->db->escape($mandatory)."'";
$sql.= ")";
dol_syslog(get_class($this)."::add_element_resource", LOG_DEBUG);

4
htdocs/core/class/cstate.class.php
View File

@ -85,10 +85,10 @@ class Cstate // extends CommonObject
$sql.= "nom,";
$sql.= "active";
$sql.= ") VALUES (";
$sql.= " ".(! isset($this->rowid)?'NULL':"'".$this->rowid."'").",";
$sql.= " ".(! isset($this->rowid)?'NULL':"'".$this->db->escape($this->rowid)."'").",";
$sql.= " ".(! isset($this->code_departement)?'NULL':"'".$this->db->escape($this->code_departement)."'").",";
$sql.= " ".(! isset($this->nom)?'NULL':"'".$this->db->escape($this->nom)."'").",";
$sql.= " ".(! isset($this->active)?'NULL':"'".$this->active."'")."";
$sql.= " ".(! isset($this->active)?'NULL':"'".$this->db->escape($this->active)."'")."";
$sql.= ")";
$this->db->begin();

4
htdocs/core/class/ctypent.class.php
View File

@ -91,10 +91,10 @@ class Ctypent // extends CommonObject
$sql.= ") VALUES (";
$sql.= " ".(! isset($this->id)?'NULL':"'".$this->id."'").",";
$sql.= " ".(! isset($this->id)?'NULL':"'".$this->db->escape($this->id)."'").",";
$sql.= " ".(! isset($this->code)?'NULL':"'".$this->db->escape($this->code)."'").",";
$sql.= " ".(! isset($this->libelle)?'NULL':"'".$this->db->escape($this->libelle)."'").",";
$sql.= " ".(! isset($this->active)?'NULL':"'".$this->active."'").",";
$sql.= " ".(! isset($this->active)?'NULL':"'".$this->db->active($this->active)."'").",";
$sql.= " ".(! isset($this->module)?'NULL':"'".$this->db->escape($this->module)."'")."";

2
htdocs/core/class/discount.class.php
View File

@ -158,7 +158,7 @@ class DiscountAbsolute
$sql.= ")";
$sql.= " VALUES (".$conf->entity.", '".$this->db->idate($this->datec!=''?$this->datec:dol_now())."', ".$this->fk_soc.", ".$user->id.", '".$this->db->escape($this->description)."',";
$sql.= " ".$this->amount_ht.", ".$this->amount_tva.", ".$this->amount_ttc.", ".$this->tva_tx.",";
$sql.= " ".($this->fk_facture_source?"'".$this->fk_facture_source."'":"null");
$sql.= " ".($this->fk_facture_source ? "'".$this->db->escape($this->fk_facture_source)."'":"null");
$sql.= ")";
dol_syslog(get_class($this)."::create", LOG_DEBUG);

3
htdocs/core/class/doleditor.class.php
View File

@ -170,7 +170,8 @@ class DolEditor
if (in_array($this->tool,array('textarea','ckeditor')))
{
$found=1;
//$out.= '<textarea id="'.$this->htmlname.'" name="'.$this->htmlname.'" rows="'.$this->rows.'" cols="'.$this->cols.'"'.($this->readonly?' disabled':'').' class="flat">';
//$out.= '<textarea id="'.$this->htmlname.'" name="'.$this->htmlname.'" '.($this->readonly?' disabled':'').' rows="'.$this->rows.'"'.(preg_match('/%/',$this->cols)?' style="margin-top: 5px; width: '.$this->cols.'"':' cols="'.$this->cols.'"').' class="flat">';
// TODO We do not put the disabled tag because on a read form, it change style with grey.
$out.= '<textarea id="'.$this->htmlname.'" name="'.$this->htmlname.'" rows="'.$this->rows.'"'.(preg_match('/%/',$this->cols)?' style="margin-top: 5px; width: '.$this->cols.'"':' cols="'.$this->cols.'"').' class="flat">';
$out.= $this->content;
$out.= '</textarea>';

8
htdocs/core/class/events.class.php
View File

@ -126,12 +126,12 @@ class Events // extends CommonObject
$sql.= "fk_user,";
$sql.= "description";
$sql.= ") VALUES (";
$sql.= " '".$this->type."',";
$sql.= " '".$this->db->escape($this->type)."',";
$sql.= " ".$conf->entity.",";
$sql.= " '".$_SERVER['REMOTE_ADDR']."',";
$sql.= " ".($_SERVER['HTTP_USER_AGENT']?"'".dol_trunc($_SERVER['HTTP_USER_AGENT'],250)."'":'NULL').",";
$sql.= " '".$this->db->escape($_SERVER['REMOTE_ADDR'])."',";
$sql.= " ".($_SERVER['HTTP_USER_AGENT']?"'".$this->db->escape(dol_trunc($_SERVER['HTTP_USER_AGENT'],250))."'":'NULL').",";
$sql.= " '".$this->db->idate($this->dateevent)."',";
$sql.= " ".($user->id?"'".$user->id."'":'NULL').",";
$sql.= " ".($user->id?"'".$this->db->escape($user->id)."'":'NULL').",";
$sql.= " '".$this->db->escape(dol_trunc($this->description,250))."'";
$sql.= ")";

2
htdocs/core/class/fiscalyear.class.php
View File

@ -86,7 +86,7 @@ class Fiscalyear extends CommonObject
$sql.= ", datec";
$sql.= ", fk_user_author";
$sql.= ") VALUES (";
$sql.= " '".$this->label."'";
$sql.= " '".$this->db->escape($this->label)."'";
$sql.= ", '".$this->db->idate($this->date_start)."'";
$sql.= ", ".($this->date_end ? "'".$this->db->idate($this->date_end)."'":"null");
$sql.= ", 0";

59
htdocs/core/class/html.form.class.php
View File

@ -1919,7 +1919,7 @@ class Form
$sql.= ' WHERE p.entity IN ('.getEntity('product').')';
if (count($warehouseStatusArray))
{
$sql.= ' AND (p.fk_product_type = 1 OR e.statut IN ('.$db->escape(implode(',',$warehouseStatusArray)).'))';
$sql.= ' AND (p.fk_product_type = 1 OR e.statut IN ('.$this->db->escape(implode(',',$warehouseStatusArray)).'))';
}
if (!empty($conf->global->PRODUIT_ATTRIBUTES_HIDECHILD)) {
@ -4299,7 +4299,7 @@ class Form
*/
function select_currency($selected='',$htmlname='currency_id')
{
print $this->selectcurrency($selected,$htmlname);
print $this->selectCurrency($selected,$htmlname);
}
/**
@ -4309,35 +4309,40 @@ class Form
* @param string $htmlname name of HTML select list
* @return string
*/
function selectCurrency($selected='',$htmlname='currency_id')
{
global $conf,$langs,$user;
function selectCurrency($selected='',$htmlname='currency_id')
{
global $conf,$langs,$user;
$langs->loadCacheCurrencies('');
$langs->loadCacheCurrencies('');
$out='';
$out='';
if ($selected=='euro' || $selected=='euros') $selected='EUR'; // Pour compatibilite
if ($selected=='euro' || $selected=='euros') $selected='EUR'; // Pour compatibilite
$out.= '<select class="flat" name="'.$htmlname.'" id="'.$htmlname.'">';
foreach ($langs->cache_currencies as $code_iso => $currency)
{
if ($selected && $selected == $code_iso)
{
$out.= '<option value="'.$code_iso.'" selected>';
}
else
{
$out.= '<option value="'.$code_iso.'">';
}
$out.= $currency['label'];
$out.= ' ('.$langs->getCurrencySymbol($code_iso).')';
$out.= '</option>';
}
$out.= '</select>';
if ($user->admin) $out.= info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"),1);
return $out;
}
$out.= '<select class="flat maxwidth200onsmartphone minwidth300" name="'.$htmlname.'" id="'.$htmlname.'">';
foreach ($langs->cache_currencies as $code_iso => $currency)
{
if ($selected && $selected == $code_iso)
{
$out.= '<option value="'.$code_iso.'" selected>';
}
else
{
$out.= '<option value="'.$code_iso.'">';
}
$out.= $currency['label'];
$out.= ' ('.$langs->getCurrencySymbol($code_iso).')';
$out.= '</option>';
}
$out.= '</select>';
if ($user->admin) $out.= info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"),1);
// Make select dynamic
include_once DOL_DOCUMENT_ROOT . '/core/lib/ajax.lib.php';
$out .= ajax_combobox($htmlname);
return $out;
}
/**
* Return array of currencies in user language

31
htdocs/core/class/html.formmail.class.php
View File

@ -1131,6 +1131,35 @@ class FormMail extends Form
'__UNSUBSCRIBE__' => 'TagUnsubscribe'
//,'__PERSONALIZED__' => 'Personalized' // Hidden because not used yet in mass emailing
);
$onlinepaymentenabled = 0;
if (! empty($conf->paypal->enabled)) $onlinepaymentenabled++;
if (! empty($conf->paybox->enabled)) $onlinepaymentenabled++;
if (! empty($conf->stripe->enabled)) $onlinepaymentenabled++;
if ($onlinepaymentenabled && ! empty($conf->global->PAYMENT_SECURITY_TOKEN))
{
$vars['__SECUREKEYPAYMENT__']=$conf->global->PAYMENT_SECURITY_TOKEN;
if (! empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE))
{
if ($conf->adherent->enabled) $vars['__SECUREKEYPAYMENT_MEMBER__']='SecureKeyPAYMENTUniquePerMember';
if ($conf->facture->enabled) $vars['__SECUREKEYPAYMENT_INVOICE__']='SecureKeyPAYMENTUniquePerInvoice';
if ($conf->commande->enabled) $vars['__SECUREKEYPAYMENT_ORDER__']='SecureKeyPAYMENTUniquePerOrder';
if ($conf->contrat->enabled) $vars['__SECUREKEYPAYMENT_CONTRACTLINE__']='SecureKeyPAYMENTUniquePerContractLine';
}
}
else
{
/* No need to show into tooltip help, option is not enabled
$vars['__SECUREKEYPAYMENT__']='';
$vars['__SECUREKEYPAYMENT_MEMBER__']='';
$vars['__SECUREKEYPAYMENT_INVOICE__']='';
$vars['__SECUREKEYPAYMENT_ORDER__']='';
$vars['__SECUREKEYPAYMENT_CONTRACTLINE__']='';
*/
}
// Old vars removed from doc
/*
if (! empty($conf->paypal->enabled) && ! empty($conf->global->PAYPAL_SECURITY_TOKEN))
{
$vars['__SECUREKEYPAYPAL__']='SecureKeyPaypal';
@ -1146,7 +1175,7 @@ class FormMail extends Form
{
$vars['__SECUREKEYPAYPAL__']='';
$vars['__SECUREKEYPAYPAL_MEMBER__']='';
}
}*/
}
$parameters=array('mode'=>$mode);

24
htdocs/core/class/html.formother.class.php
View File

@ -601,29 +601,9 @@ class FormOther
static function showColor($color, $textifnotdefined='')
{
$textcolor='FFF';
if ($color)
{
$tmp=explode(',', $color);
if (count($tmp) > 1) // This is a comma RGB ('255','255','255')
{
$r = $tmp[0];
$g = $tmp[1];
$b = $tmp[2];
}
else
{
$hexr=$color[0].$color[1];
$hexg=$color[2].$color[3];
$hexb=$color[4].$color[5];
$r = hexdec($hexr);
$g = hexdec($hexg);
$b = hexdec($hexb);
}
$bright = (max($r, $g, $b) + min($r, $g, $b)) / 510.0; // HSL algorithm
if ($bright > 0.6) $textcolor='000';
}
include_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
if(colorIsLight($color)) $textcolor='000';
$color = colorArrayToHex(colorStringToArray($color,array()),'');
if ($color) print '<input type="text" class="colorthumb" disabled style="padding: 1px; margin-top: 0; margin-bottom: 0; color: #'.$textcolor.'; background-color: #'.$color.'" value="'.$color.'">';

16
htdocs/core/class/link.class.php
View File

@ -89,7 +89,7 @@ class Link extends CommonObject
$sql .= " VALUES ('".$conf->entity."', '".$this->db->idate($this->datea)."'";
$sql .= ", '" . $this->db->escape($this->url) . "'";
$sql .= ", '" . $this->db->escape($this->label) . "'";
$sql .= ", '" . $this->objecttype . "'";
$sql .= ", '" . $this->db->escape($this->objecttype) . "'";
$sql .= ", " . $this->objectid . ")";
dol_syslog(get_class($this)."::create", LOG_DEBUG);
@ -100,7 +100,7 @@ class Link extends CommonObject
if ($this->id > 0) {
// Call trigger
$result=$this->call_trigger('LINK_CREATE',$user);
if ($result < 0) $error++;
if ($result < 0) $error++;
// End call triggers
} else {
$error++;
@ -283,20 +283,20 @@ class Link extends CommonObject
public static function count($db, $objecttype, $objectid)
{
global $conf;
$sql = "SELECT COUNT(rowid) as nb FROM " . MAIN_DB_PREFIX . "links";
$sql .= " WHERE objecttype = '" . $objecttype . "' AND objectid = " . $objectid;
if ($conf->entity != 0) $sql .= " AND entity = " . $conf->entity;
$resql = $db->query($sql);
if ($resql)
{
$obj = $db->fetch_object($resql);
if ($obj) return $obj->nb;
}
}
return -1;
}
/**
* Loads a link from database
*
@ -354,8 +354,8 @@ class Link extends CommonObject
// Call trigger
$result=$this->call_trigger('LINK_DELETE',$user);
if ($result < 0) return -1;
// End call triggers
if ($result < 0) return -1;
// End call triggers
$this->db->begin();

24
htdocs/core/class/menubase.class.php
View File

@ -144,15 +144,15 @@ class Menubase
$sql.= "enabled,";
$sql.= "usertype";
$sql.= ") VALUES (";
$sql.= " '".$this->menu_handler."',";
$sql.= " '".$conf->entity."',";
$sql.= " '".$this->module."',";
$sql.= " '".$this->type."',";
$sql.= " ".($this->mainmenu?"'".$this->mainmenu."'":"''").","; // Can't be null
$sql.= " ".($this->leftmenu?"'".$this->leftmenu."'":"null").",";
$sql.= " '".$this->fk_menu."',";
$sql.= " ".($this->fk_mainmenu?"'".$this->fk_mainmenu."'":"null").",";
$sql.= " ".($this->fk_leftmenu?"'".$this->fk_leftmenu."'":"null").",";
$sql.= " '".$this->db->escape($this->menu_handler)."',";
$sql.= " '".$this->db->escape($conf->entity)."',";
$sql.= " '".$this->db->escape($this->module)."',";
$sql.= " '".$this->db->escape($this->type)."',";
$sql.= " ".($this->mainmenu?"'".$this->db->escape($this->mainmenu)."'":"''").","; // Can't be null
$sql.= " ".($this->leftmenu?"'".$this->db->escape($this->leftmenu)."'":"null").",";
$sql.= " '".$this->db->escape($this->fk_menu)."',";
$sql.= " ".($this->fk_mainmenu?"'".$this->db->escape($this->fk_mainmenu)."'":"null").",";
$sql.= " ".($this->fk_leftmenu?"'".$this->db->escape($this->fk_leftmenu)."'":"null").",";
$sql.= " '".(int) $this->position."',";
$sql.= " '".$this->db->escape($this->url)."',";
$sql.= " '".$this->db->escape($this->target)."',";
@ -160,7 +160,7 @@ class Menubase
$sql.= " '".$this->db->escape($this->langs)."',";
$sql.= " '".$this->db->escape($this->perms)."',";
$sql.= " '".$this->db->escape($this->enabled)."',";
$sql.= " '".$this->user."'";
$sql.= " '".$this->db->escape($this->user)."'";
$sql.= ")";
dol_syslog(get_class($this)."::create", LOG_DEBUG);
@ -220,8 +220,8 @@ class Menubase
$sql.= " mainmenu='".$this->db->escape($this->mainmenu)."',";
$sql.= " leftmenu='".$this->db->escape($this->leftmenu)."',";
$sql.= " fk_menu='".$this->db->escape($this->fk_menu)."',";
$sql.= " fk_mainmenu=".($this->fk_mainmenu?"'".$this->fk_mainmenu."'":"null").",";
$sql.= " fk_leftmenu=".($this->fk_leftmenu?"'".$this->fk_leftmenu."'":"null").",";
$sql.= " fk_mainmenu=".($this->fk_mainmenu?"'".$this->db->escape($this->fk_mainmenu)."'":"null").",";
$sql.= " fk_leftmenu=".($this->fk_leftmenu?"'".$this->db->escape($this->fk_leftmenu)."'":"null").",";
$sql.= " position=".($this->position > 0 ? $this->position : 0).",";
$sql.= " url='".$this->db->escape($this->url)."',";
$sql.= " target='".$this->db->escape($this->target)."',";

8
htdocs/core/lib/agenda.lib.php
View File

@ -221,8 +221,8 @@ function show_array_actions_to_do($max=5)
$sql = "SELECT a.id, a.label, a.datep as dp, a.datep2 as dp2, a.fk_user_author, a.percent,";
$sql.= " c.code, c.libelle as type_label,";
$sql.= " s.nom as sname, s.rowid, s.client";
$sql.= " FROM ".MAIN_DB_PREFIX."c_actioncomm as c LEFT JOIN ";
$sql.= " ".MAIN_DB_PREFIX."actioncomm as a ON c.id = a.fk_action";
$sql.= " FROM ".MAIN_DB_PREFIX."actioncomm as a LEFT JOIN ";
$sql.= " ".MAIN_DB_PREFIX."c_actioncomm as c ON c.id = a.fk_action";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE a.entity = ".$conf->entity;
@ -318,8 +318,8 @@ function show_array_last_actions_done($max=5)
$sql = "SELECT a.id, a.percent, a.datep as da, a.datep2 as da2, a.fk_user_author, a.label,";
$sql.= " c.code, c.libelle,";
$sql.= " s.rowid, s.nom as sname, s.client";
$sql.= " FROM ".MAIN_DB_PREFIX."c_actioncomm as c LEFT JOIN ";
$sql.= " ".MAIN_DB_PREFIX."actioncomm as a ON c.id = a.fk_action ";
$sql.= " FROM ".MAIN_DB_PREFIX."actioncomm as a LEFT JOIN ";
$sql.= " ".MAIN_DB_PREFIX."c_actioncomm as c ON c.id = a.fk_action ";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE a.entity = ".$conf->entity;

74
htdocs/core/lib/functions.lib.php
View File

@ -262,14 +262,18 @@ function dol_shutdown()
* @param int $filter Filter to apply when $check is set to 'custom'. (See http://php.net/manual/en/filter.filters.php for détails)
* @param mixed $options Options to pass to filter_var when $check is set to 'custom'.
* @return string|string[] Value found (string or array), or '' if check fails
*
* @TODO Set default value for check to alpha. Check all WYSIWYG edition (email and description...) is still ok with rich text.
*/
function GETPOST($paramname, $check='', $method=0, $filter=NULL, $options=NULL)
function GETPOST($paramname, $check='alpha', $method=0, $filter=NULL, $options=NULL)
{
global $mysoc,$user,$conf;
if (empty($paramname)) return 'BadFirstParameterForGETPOST';
if (empty($check))
{
dol_syslog("Deprecated use of GETPOST, called with 1st param = ".$paramname." and 2nd param is '', when calling page ".$_SERVER["PHP_SELF"], LOG_WARNING);
// Enable this line to know who call the GETPOST with '' $check parameter.
//var_dump(debug_backtrace()[0]);
}
if (empty($method)) $out = isset($_GET[$paramname])?$_GET[$paramname]:(isset($_POST[$paramname])?$_POST[$paramname]:'');
elseif ($method==1) $out = isset($_GET[$paramname])?$_GET[$paramname]:'';
@ -423,15 +427,6 @@ function GETPOST($paramname, $check='', $method=0, $filter=NULL, $options=NULL)
}
if (empty($check) && ! empty($conf->global->MAIN_FEATURES_LEVEL) && $conf->global->MAIN_FEATURES_LEVEL >= 2)
{
dol_syslog("Deprecated use of GETPOST, called with 1st param = ".$paramname." and 2nd param not defined, when calling page ".$_SERVER["PHP_SELF"], LOG_WARNING);
// Enable this line to know who call the GETPOST with empty $check parameter.
//var_dump(debug_backtrace()[0]);
}
if (! empty($check))
{
// Substitution variables for GETPOST (used to get final url with variable parameters or final default value with variable paramaters)
// Example of variables: __DAY__, __MONTH__, __YEAR__, __MYCOUNTRYID__, __USERID__, __ENTITYID__, ...
// We do this only if var is a GET. If it is a POST, may be we want to post the text with vars as the setup text.
@ -521,7 +516,6 @@ function GETPOST($paramname, $check='', $method=0, $filter=NULL, $options=NULL)
$out=filter_var($out, $filter, $options);
break;
}
}
// Code for search criteria persistence.
// Save data into session if key start with 'search_' or is 'smonth', 'syear', 'month', 'year'
@ -6343,29 +6337,39 @@ function natural_search($fields, $value, $mode=0, $nofirstand=0)
$i3 = 0;
foreach($tmpcrits as $tmpcrit)
{
$newres .= (($i2 > 0 || $i3 > 0) ? ' OR ' : '') . $field . " LIKE '";
$newres .= (($i2 > 0 || $i3 > 0) ? ' OR ' : '');
if (preg_match('/\.(id|rowid)$/', $field)) // Special cas for rowid that is sometimes a ref so used as a search field
{
$newres .= $field . " = " . (is_numeric(trim($tmpcrit))?trim($tmpcrit):'0');
}
else
{
$newres .= $field . " LIKE '";
$tmpcrit=trim($tmpcrit);
$tmpcrit2=$tmpcrit;
$tmpbefore='%'; $tmpafter='%';
if (preg_match('/^[\^\$]/', $tmpcrit))
{
$tmpbefore='';
$tmpcrit2 = preg_replace('/^[\^\$]/', '', $tmpcrit2);
}
if (preg_match('/[\^\$]$/', $tmpcrit))
{
$tmpafter='';
$tmpcrit2 = preg_replace('/[\^\$]$/', '', $tmpcrit2);
}
$newres .= $tmpbefore;
$newres .= $db->escape($tmpcrit2);
$newres .= $tmpafter;
$newres .= "'";
if ($tmpcrit2 == '')
{
$newres .= ' OR ' . $field . " IS NULL";
}
}
$tmpcrit=trim($tmpcrit);
$tmpcrit2=$tmpcrit;
$tmpbefore='%'; $tmpafter='%';
if (preg_match('/^[\^\$]/', $tmpcrit))
{
$tmpbefore='';
$tmpcrit2 = preg_replace('/^[\^\$]/', '', $tmpcrit2);
}
if (preg_match('/[\^\$]$/', $tmpcrit))
{
$tmpafter='';
$tmpcrit2 = preg_replace('/[\^\$]$/', '', $tmpcrit2);
}
$newres .= $tmpbefore;
$newres .= $db->escape($tmpcrit2);
$newres .= $tmpafter;
$newres .= "'";
if ($tmpcrit2 == '')
{
$newres .= ' OR ' . $field . " IS NULL";
}
$i3++;
}
$i2++; // a criteria was added to string

34
htdocs/core/lib/functions2.lib.php
View File

@ -2150,6 +2150,40 @@ function colorStringToArray($stringcolor,$colorifnotfound=array(88,88,88))
return array(hexdec($reg[1]),hexdec($reg[2]),hexdec($reg[3]));
}
/**
* Return true if the color is light
*
* @param string $stringcolor String with hex (FFFFFF) or comma RGB ('255,255,255')
* @return int -1 : Error with argument passed |0 : color is dark | 1 : color is light
*/
function colorIsLight($stringcolor)
{
$res = -1;
if (!empty($stringcolor))
{
$res = 0;
$tmp=explode(',', $stringcolor);
if (count($tmp) > 1) // This is a comma RGB ('255','255','255')
{
$r = $tmp[0];
$g = $tmp[1];
$b = $tmp[2];
}
else
{
$hexr=$stringcolor[0].$stringcolor[1];
$hexg=$stringcolor[2].$stringcolor[3];
$hexb=$stringcolor[4].$stringcolor[5];
$r = hexdec($hexr);
$g = hexdec($hexg);
$b = hexdec($hexb);
}
$bright = (max($r, $g, $b) + min($r, $g, $b)) / 510.0; // HSL algorithm
if ($bright > 0.6) $res = 1;
}
return $res;
}
/**
* Applies the Cartesian product algorithm to an array
* Source: http://stackoverflow.com/a/15973172

12
htdocs/core/lib/ldap.lib.php
View File

@ -1,5 +1,6 @@
<?php
/* Copyright (C) 2006 Laurent Destailleur <eldy@users.sourceforge.net>
/* Copyright (C) 2006 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2006-2017 Regis Houssin <regis.houssin@capnetworks.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -30,6 +31,7 @@
function ldap_prepare_head()
{
global $langs, $conf, $user;
$langs->load("ldap");
// Onglets
@ -73,6 +75,12 @@ function ldap_prepare_head()
$h++;
}
// Show more tabs from modules
// Entries must be declared in modules descriptor with line
// $this->tabs = array('entity:+tabname:Title:@mymodule:/mymodule/mypage.php?id=__ID__'); to add new tab
// $this->tabs = array('entity:-tabname); to remove a tab
complete_head_from_modules($conf,$langs,'',$head,$h,'ldap');
return $head;
}
@ -147,7 +155,7 @@ function show_ldap_content($result,$level,$count,$var,$hide=0,$subcount=0)
$hide=0;
if (! is_numeric($key))
{
print '<tr '.$bc[$var].' valign="top">';
print '<td>';
print $key;

2
htdocs/core/lib/security2.lib.php
View File

@ -189,7 +189,7 @@ function dol_loginfunction($langs,$conf,$mysoc)
if (GETPOST('urlfrom','alpha')) $_SESSION["urlfrom"]=GETPOST('urlfrom','alpha');
else unset($_SESSION["urlfrom"]);
if (! GETPOST("username")) $focus_element='username';
if (! GETPOST("username",'alpha')) $focus_element='username';
else $focus_element='password';
$demologin='';

11
htdocs/core/menus/init_menu_auguria.sql
View File

@ -222,10 +222,13 @@ insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, left
insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->accounting->enabled && $leftmenu=="accountancy_admin"', __HANDLER__, 'left', 2456__+MAX_llx_menu__, 'accountancy', 'accountancy_admin_chart', 2451__+MAX_llx_menu__, '/accountancy/admin/account.php?mainmenu=accountancy&leftmenu=accountancy_admin', 'Chartofaccounts', 2, 'accountancy', '$user->rights->accounting->chartofaccount', '', 0, 30, __ENTITY__);
insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->accounting->enabled && $leftmenu=="accountancy_admin"', __HANDLER__, 'left', 2457__+MAX_llx_menu__, 'accountancy', 'accountancy_admin_chart_group', 2451__+MAX_llx_menu__, '/accountancy/admin/categories_list.php?id=32&mainmenu=accountancy&leftmenu=accountancy_admin', 'AccountingCategory', 2, 'accountancy', '$user->rights->accounting->chartofaccount', '', 0, 40, __ENTITY__);
insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->accounting->enabled && $leftmenu=="accountancy_admin"', __HANDLER__, 'left', 2458__+MAX_llx_menu__, 'accountancy', 'accountancy_admin_default', 2451__+MAX_llx_menu__, '/accountancy/admin/defaultaccounts.php?mainmenu=accountancy&leftmenu=accountancy_admin', 'MenuDefaultAccounts', 2, 'accountancy', '$user->rights->accounting->chartofaccount', '', 0, 50, __ENTITY__);
insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->accounting->enabled && $leftmenu=="accountancy_admin"', __HANDLER__, 'left', 2459__+MAX_llx_menu__, 'accountancy', 'accountancy_admin_vat', 2451__+MAX_llx_menu__, '/admin/dict.php?id=10&from=accountancy&search_country_id=__MYCOUNTRYID__&mainmenu=accountancy&leftmenu=accountancy_admin', 'MenuVatAccounts', 2, 'accountancy', '$user->rights->accounting->chartofaccount', '', 0, 60, __ENTITY__);
insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->accounting->enabled && $leftmenu=="accountancy_admin"', __HANDLER__, 'left', 2460__+MAX_llx_menu__, 'accountancy', 'accountancy_admin_tax', 2451__+MAX_llx_menu__, '/admin/dict.php?id=7&from=accountancy&search_country_id=__MYCOUNTRYID__&mainmenu=accountancy&leftmenu=accountancy_admin', 'MenuTaxAccounts', 2, 'accountancy', '$user->rights->accounting->chartofaccount', '', 0, 70, __ENTITY__);
insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->accounting->enabled && $conf->expensereport->enabled && $leftmenu=="accountancy_admin"', __HANDLER__, 'left', 2461__+MAX_llx_menu__, 'accountancy', 'accountancy_admin_expensereport', 2451__+MAX_llx_menu__, '/admin/dict.php?id=17&from=accountancy&mainmenu=accountancy&leftmenu=accountancy_admin', 'MenuExpenseReportAccounts', 2, 'accountancy', '$user->rights->accounting->chartofaccount', '', 0, 80, __ENTITY__);
insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->accounting->enabled && $leftmenu=="accountancy_admin"', __HANDLER__, 'left', 2462__+MAX_llx_menu__, 'accountancy', 'accountancy_admin_product', 2451__+MAX_llx_menu__, '/accountancy/admin/productaccount.php?mainmenu=accountancy&leftmenu=accountancy_admin', 'MenuProductsAccounts', 2, 'accountancy', '$user->rights->accounting->chartofaccount', '', 0, 90, __ENTITY__);
insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->accounting->enabled && $leftmenu=="accountancy_admin"', __HANDLER__, 'left', 2459__+MAX_llx_menu__, 'accountancy', 'accountancy_admin_vat', 2451__+MAX_llx_menu__, '/compta/bank/index.php?mainmenu=accountancy&leftmenu=accountancy_admin', 'MenuBankAccounts', 2, 'accountancy', '$user->rights->accounting->chartofaccount', '', 0, 52, __ENTITY__);
insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->accounting->enabled && $leftmenu=="accountancy_admin"', __HANDLER__, 'left', 2460__+MAX_llx_menu__, 'accountancy', 'accountancy_admin_vat', 2451__+MAX_llx_menu__, '/admin/dict.php?id=10&from=accountancy&search_country_id=__MYCOUNTRYID__&mainmenu=accountancy&leftmenu=accountancy_admin', 'MenuVatAccounts', 2, 'accountancy', '$user->rights->accounting->chartofaccount', '', 0, 60, __ENTITY__);
insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->accounting->enabled && $leftmenu=="accountancy_admin"', __HANDLER__, 'left', 2461__+MAX_llx_menu__, 'accountancy', 'accountancy_admin_tax', 2451__+MAX_llx_menu__, '/admin/dict.php?id=7&from=accountancy&search_country_id=__MYCOUNTRYID__&mainmenu=accountancy&leftmenu=accountancy_admin', 'MenuTaxAccounts', 2, 'accountancy', '$user->rights->accounting->chartofaccount', '', 0, 70, __ENTITY__);
insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->accounting->enabled && $conf->expensereport->enabled && $leftmenu=="accountancy_admin"', __HANDLER__, 'left', 2462__+MAX_llx_menu__, 'accountancy', 'accountancy_admin_expensereport', 2451__+MAX_llx_menu__, '/admin/dict.php?id=17&from=accountancy&mainmenu=accountancy&leftmenu=accountancy_admin', 'MenuExpenseReportAccounts', 2, 'accountancy', '$user->rights->accounting->chartofaccount', '', 0, 80, __ENTITY__);
insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->accounting->enabled && $leftmenu=="accountancy_admin"', __HANDLER__, 'left', 2463__+MAX_llx_menu__, 'accountancy', 'accountancy_admin_product', 2451__+MAX_llx_menu__, '/accountancy/admin/productaccount.php?mainmenu=accountancy&leftmenu=accountancy_admin', 'MenuProductsAccounts', 2, 'accountancy', '$user->rights->accounting->chartofaccount', '', 0, 90, __ENTITY__);
-- Accounting period
insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->accounting->enabled && $leftmenu=="accountancy_admin" && $conf->global->MAIN_FEATURES_LEVEL > 0', __HANDLER__, 'left', 2450__+MAX_llx_menu__, 'accountancy', 'accountancy_admin_period', 2451__+MAX_llx_menu__, '/accountancy/admin/fiscalyear.php?mainmenu=accountancy&leftmenu=accountancy_admin', 'FiscalPeriod', 1, 'admin', '', '', 2, 80, __ENTITY__);
-- Binding

4
htdocs/core/menus/standard/eldy.lib.php
View File

@ -974,6 +974,10 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu
if ($usemenuhider || empty($leftmenu) || preg_match('/accountancy_admin/',$leftmenu)) $newmenu->add("/accountancy/admin/account.php?mainmenu=accountancy&leftmenu=accountancy_admin", $langs->trans("Chartofaccounts"),2, $user->rights->accounting->chartofaccount, '', $mainmenu, 'accountancy_admin_chart', 30);
if ($usemenuhider || empty($leftmenu) || preg_match('/accountancy_admin/',$leftmenu)) $newmenu->add("/accountancy/admin/categories_list.php?id=32&search_country_id=".$mysoc->country_id."&mainmenu=accountancy&leftmenu=accountancy_admin", $langs->trans("AccountingCategory"),2, $user->rights->accounting->chartofaccount, '', $mainmenu, 'accountancy_admin_chart', 31);
if ($usemenuhider || empty($leftmenu) || preg_match('/accountancy_admin/',$leftmenu)) $newmenu->add("/accountancy/admin/defaultaccounts.php?mainmenu=accountancy&leftmenu=accountancy_admin", $langs->trans("MenuDefaultAccounts"),2, $user->rights->accounting->chartofaccount, '', $mainmenu, 'accountancy_admin_default', 40);
if (! empty($conf->banque->enabled))
{
if ($usemenuhider || empty($leftmenu) || preg_match('/accountancy_admin/',$leftmenu)) $newmenu->add("/compta/bank/index.php?mainmenu=accountancy&leftmenu=accountancy_admin", $langs->trans("MenuBankAccounts"),2, $user->rights->accounting->chartofaccount, '', $mainmenu, 'accountancy_admin_bank', 42);
}
if (! empty($conf->facture->enabled) || ! empty($conf->fournisseur->enabled))
{
if ($usemenuhider || empty($leftmenu) || preg_match('/accountancy_admin/',$leftmenu)) $newmenu->add("/admin/dict.php?id=10&from=accountancy&search_country_id=".$mysoc->country_id."&mainmenu=accountancy&leftmenu=accountancy_admin", $langs->trans("MenuVatAccounts"),2, $user->rights->accounting->chartofaccount, '', $mainmenu, 'accountancy_admin_default', 50);

6
htdocs/core/modules/DolibarrModules.class.php
View File

@ -1426,7 +1426,7 @@ class DolibarrModules // Can not be abstract, because we need to insta
$err=0;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."const";
$sql.= " WHERE ".$this->db->decrypt('name')." like '".$this->const_name."_TABS_%'";
$sql.= " WHERE ".$this->db->decrypt('name')." like '".$this->db->escape($this->const_name)."_TABS_%'";
$sql.= " AND entity = ".$conf->entity;
dol_syslog(get_class($this)."::delete_tabs", LOG_DEBUG);
@ -2019,7 +2019,7 @@ class DolibarrModules // Can not be abstract, because we need to insta
$err=0;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."const";
$sql.= " WHERE ".$this->db->decrypt('name')." LIKE '".$this->const_name."_DIR_%'";
$sql.= " WHERE ".$this->db->decrypt('name')." LIKE '".$this->db->escape($this->const_name)."_DIR_%'";
$sql.= " AND entity = ".$conf->entity;
dol_syslog(get_class($this)."::delete_dirs", LOG_DEBUG);
@ -2128,7 +2128,7 @@ class DolibarrModules // Can not be abstract, because we need to insta
if (is_array($value) && isset($value['entity'])) $entity = $value['entity'];
$sql = "DELETE FROM ".MAIN_DB_PREFIX."const";
$sql.= " WHERE ".$this->db->decrypt('name')." LIKE '".$this->const_name."_".strtoupper($key)."'";
$sql.= " WHERE ".$this->db->decrypt('name')." LIKE '".$this->db->escape($this->const_name)."_".strtoupper($key)."'";
$sql.= " AND entity = ".$entity;
dol_syslog(get_class($this)."::delete_const_".$key."", LOG_DEBUG);

4
htdocs/core/modules/cheque/mod_chequereceipt_mint.php
View File

@ -73,7 +73,7 @@ class mod_chequereceipt_mint extends ModeleNumRefChequeReceipts
$posindice=9;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql.= " FROM ".MAIN_DB_PREFIX."bordereau_cheque";
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);
@ -107,7 +107,7 @@ class mod_chequereceipt_mint extends ModeleNumRefChequeReceipts
$posindice=9;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql.= " FROM ".MAIN_DB_PREFIX."bordereau_cheque";
$sql.= " WHERE ref like '".$this->prefix."____-%'";
$sql.= " WHERE ref like '".$this->db->escape($this->prefix)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);

4
htdocs/core/modules/commande/mod_commande_marbre.php
View File

@ -73,7 +73,7 @@ class mod_commande_marbre extends ModeleNumRefCommandes
$posindice=8;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql.= " FROM ".MAIN_DB_PREFIX."commande";
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);
@ -107,7 +107,7 @@ class mod_commande_marbre extends ModeleNumRefCommandes
$posindice=8;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql.= " FROM ".MAIN_DB_PREFIX."commande";
$sql.= " WHERE ref like '".$this->prefix."____-%'";
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);

4
htdocs/core/modules/contract/mod_contract_serpis.php
View File

@ -72,7 +72,7 @@ class mod_contract_serpis extends ModelNumRefContracts
$posindice=8;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql.= " FROM ".MAIN_DB_PREFIX."contrat";
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);
@ -105,7 +105,7 @@ class mod_contract_serpis extends ModelNumRefContracts
$posindice=8;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql.= " FROM ".MAIN_DB_PREFIX."contrat";
$sql.= " WHERE ref like '".$this->prefix."____-%'";
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);

4
htdocs/core/modules/expedition/mod_expedition_safor.php
View File

@ -71,7 +71,7 @@ class mod_expedition_safor extends ModelNumRefExpedition
$posindice=8;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql.= " FROM ".MAIN_DB_PREFIX."expedition";
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);
@ -104,7 +104,7 @@ class mod_expedition_safor extends ModelNumRefExpedition
$posindice=8;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql.= " FROM ".MAIN_DB_PREFIX."expedition";
$sql.= " WHERE ref like '".$this->prefix."____-%'";
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);

4
htdocs/core/modules/expensereport/mod_expensereport_jade.php
View File

@ -72,7 +72,7 @@ class mod_expensereport_jade extends ModeleNumRefExpenseReport
$posindice=8;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql.= " FROM ".MAIN_DB_PREFIX."expensereport";
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);
@ -105,7 +105,7 @@ class mod_expensereport_jade extends ModeleNumRefExpenseReport
$posindice=8;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql.= " FROM ".MAIN_DB_PREFIX."expensereport";
$sql.= " WHERE ref like '".$this->prefix."____-%'";
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);

8
htdocs/core/modules/facture/mod_facture_mars.php
View File

@ -37,7 +37,7 @@ class mod_facture_mars extends ModeleNumRefFactures
var $prefixcreditnote='AV';
var $error='';
/**
* Constructor
*/
@ -48,7 +48,7 @@ class mod_facture_mars extends ModeleNumRefFactures
$this->prefixinvoice = $conf->global->INVOICE_NUMBERING_MARS_FORCE_PREFIX;
}
}
/**
* Renvoi la description du modele de numerotation
*
@ -89,7 +89,7 @@ class mod_facture_mars extends ModeleNumRefFactures
$posindice=8;
$sql = "SELECT MAX(CAST(SUBSTRING(facnumber FROM ".$posindice.") AS SIGNED) as max"; // This is standard SQL
$sql.= " FROM ".MAIN_DB_PREFIX."facture";
$sql.= " WHERE facnumber LIKE '".$this->prefixinvoice."____-%'";
$sql.= " WHERE facnumber LIKE '".$this->db->escape($this->prefixinvoice)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);
@ -111,7 +111,7 @@ class mod_facture_mars extends ModeleNumRefFactures
$posindice=8;
$sql = "SELECT MAX(SUBSTRING(facnumber FROM ".$posindice.")) as max"; // This is standard SQL
$sql.= " FROM ".MAIN_DB_PREFIX."facture";
$sql.= " WHERE facnumber LIKE '".$this->prefixcreditnote."____-%'";
$sql.= " WHERE facnumber LIKE '".$this->db->escape($this->prefixcreditnote)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);

10
htdocs/core/modules/facture/mod_facture_terre.php
View File

@ -35,7 +35,7 @@ class mod_facture_terre extends ModeleNumRefFactures
var $prefixdeposit='AC';
var $error='';
/**
* Constructor
*/
@ -46,7 +46,7 @@ class mod_facture_terre extends ModeleNumRefFactures
$this->prefixinvoice = $conf->global->INVOICE_NUMBERING_TERRE_FORCE_PREFIX;
}
}
/**
* Renvoi la description du modele de numerotation
*
@ -87,7 +87,7 @@ class mod_facture_terre extends ModeleNumRefFactures
$posindice=8;
$sql = "SELECT MAX(CAST(SUBSTRING(facnumber FROM ".$posindice.") AS SIGNED)) as max"; // This is standard SQL
$sql.= " FROM ".MAIN_DB_PREFIX."facture";
$sql.= " WHERE facnumber LIKE '".$this->prefixinvoice."____-%'";
$sql.= " WHERE facnumber LIKE '".$this->db->escape($this->prefixinvoice)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);
@ -109,7 +109,7 @@ class mod_facture_terre extends ModeleNumRefFactures
$posindice=8;
$sql = "SELECT MAX(CAST(SUBSTRING(facnumber FROM ".$posindice.") AS SIGNED)) as max"; // This is standard SQL
$sql.= " FROM ".MAIN_DB_PREFIX."facture";
$sql.= " WHERE facnumber LIKE '".$this->prefixcreditnote."____-%'";
$sql.= " WHERE facnumber LIKE '".$this->db->escape($this->prefixcreditnote)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);
@ -130,7 +130,7 @@ class mod_facture_terre extends ModeleNumRefFactures
$posindice=8;
$sql = "SELECT MAX(CAST(SUBSTRING(facnumber FROM ".$posindice.") AS SIGNED)) as max"; // This is standard SQL
$sql.= " FROM ".MAIN_DB_PREFIX."facture";
$sql.= " WHERE facnumber LIKE '".$this->prefixdeposit."____-%'";
$sql.= " WHERE facnumber LIKE '".$this->db->escape($this->prefixdeposit)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);

2
htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php
View File

@ -302,7 +302,7 @@ class pdf_soleil extends ModelePDFFicheinter
$pageposafter=$pageposbefore;
//print $pageposafter.'-'.$pageposbefore;exit;
$pdf->setPageOrientation('', 1, $heightforfooter); // The only function to edit the bottom margin of current page to set it.
$pdf->writeHTMLCell(0, 0, $curX, $curY, $txt.'<br>'.$desc, LR, 1, 0);
$pdf->writeHTMLCell(0, 0, $curX, $curY, dol_concatdesc($txt,$desc), 0, 1, 0);
$pageposafter=$pdf->getPage();
$posyafter=$pdf->GetY();
//var_dump($posyafter); var_dump(($this->page_hauteur - ($heightforfooter+$heightforfreetext+$heightforinfotot))); exit;

4
htdocs/core/modules/fichinter/mod_pacific.php
View File

@ -74,7 +74,7 @@ class mod_pacific extends ModeleNumRefFicheinter
$posindice=8;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql.= " FROM ".MAIN_DB_PREFIX."fichinter";
$sql.= " WHERE ref like '".$this->prefix."____-%'";
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
$sql.= " WHERE entity = ".$conf->entity;
$resql=$db->query($sql);
@ -110,7 +110,7 @@ class mod_pacific extends ModeleNumRefFicheinter
$posindice=8;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql.= " FROM ".MAIN_DB_PREFIX."fichinter";
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);

4
htdocs/core/modules/livraison/mod_livraison_jade.php
View File

@ -80,7 +80,7 @@ class mod_livraison_jade extends ModeleNumRefDeliveryOrder
$posindice=8;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max"; // This is standard SQL
$sql.= " FROM ".MAIN_DB_PREFIX."livraison";
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);
@ -114,7 +114,7 @@ class mod_livraison_jade extends ModeleNumRefDeliveryOrder
$posindice=8;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max"; // This is standard SQL
$sql.= " FROM ".MAIN_DB_PREFIX."livraison";
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);

4
htdocs/core/modules/payment/mod_payment_cicada.php
View File

@ -73,7 +73,7 @@ class mod_payment_cicada extends ModeleNumRefPayments
$posindice=9;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql.= " FROM ".MAIN_DB_PREFIX."paiement";
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);
@ -107,7 +107,7 @@ class mod_payment_cicada extends ModeleNumRefPayments
$posindice=9;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql.= " FROM ".MAIN_DB_PREFIX."paiement";
$sql.= " WHERE ref like '".$this->prefix."____-%'";
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);

4
htdocs/core/modules/project/mod_project_simple.php
View File

@ -75,7 +75,7 @@ class mod_project_simple extends ModeleNumRefProjects
$posindice=8;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql.= " FROM ".MAIN_DB_PREFIX."projet";
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);
if ($resql)
@ -111,7 +111,7 @@ class mod_project_simple extends ModeleNumRefProjects
$posindice=8;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql.= " FROM ".MAIN_DB_PREFIX."projet";
$sql.= " WHERE ref like '".$this->prefix."____-%'";
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
$sql.= " AND entity = ".$conf->entity;
$resql=$db->query($sql);

4
htdocs/core/modules/project/task/mod_task_simple.php
View File

@ -76,7 +76,7 @@ class mod_task_simple extends ModeleNumRefTask
$sql = "SELECT MAX(CAST(SUBSTRING(task.ref FROM " . $posindice . ") AS SIGNED)) as max";
$sql .= " FROM " . MAIN_DB_PREFIX . "projet_task AS task, ";
$sql .= MAIN_DB_PREFIX . "projet AS project WHERE task.fk_projet=project.rowid";
$sql .= " AND task.ref LIKE '" . $this->prefix . "____-%'";
$sql .= " AND task.ref LIKE '" . $this->db->escape($this->prefix) . "____-%'";
$sql .= " AND project.entity = " . $conf->entity;
$resql=$db->query($sql);
if ($resql)
@ -112,7 +112,7 @@ class mod_task_simple extends ModeleNumRefTask
$posindice=8;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
$sql.= " FROM ".MAIN_DB_PREFIX."projet_task";
$sql.= " WHERE ref like '".$this->prefix."____-%'";
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
$resql=$db->query($sql);
if ($resql)

Some files were not shown because too many files have changed in this diff Show More